From 593489004c4b1843354257632ae18cd473f6fba8 Mon Sep 17 00:00:00 2001
From: suresh-thelkar <suresh.thelkar@yahoo.com>
Date: Fri, 20 Sep 2024 08:30:03 +0530
Subject: [PATCH 01/59] Patch CVE-2024-29018 in moby-engine to fix (#10201)

---
 SPECS/moby-engine/CVE-2024-29018.patch | 264 +++++++++++++++++++++++++
 SPECS/moby-engine/moby-engine.spec     |   6 +-
 2 files changed, 269 insertions(+), 1 deletion(-)
 create mode 100644 SPECS/moby-engine/CVE-2024-29018.patch

diff --git a/SPECS/moby-engine/CVE-2024-29018.patch b/SPECS/moby-engine/CVE-2024-29018.patch
new file mode 100644
index 00000000000..2419a36f3ff
--- /dev/null
+++ b/SPECS/moby-engine/CVE-2024-29018.patch
@@ -0,0 +1,264 @@
+From b9fa79f9fa3fa604b3a1d3f510d47e2ecd7c9eb3 Mon Sep 17 00:00:00 2001
+From: Albin Kerouanton <albinker@gmail.com>
+Date: Tue, 10 Oct 2023 01:13:25 +0200
+Subject: [PATCH 1/3] libnet: Don't forward to upstream resolvers on internal
+ nw
+
+Commit cbc2a71c2 makes `connect` syscall fail fast when a container is
+only attached to an internal network. Thanks to that, if such a
+container tries to resolve an "external" doamin, the embedded resolver
+returns an error immediately instead of waiting for a timeout.
+
+This commit makes sure the embedded resolver doesn't even try to forward
+to upstream servers.
+
+Signed-off-by: Albin Kerouanton <albinker@gmail.com>
+---
+ libnetwork/endpoint.go         |  8 +++++++-
+ libnetwork/resolver.go         | 19 +++++++++++++++----
+ libnetwork/sandbox_dns_unix.go |  5 +----
+ 3 files changed, 23 insertions(+), 9 deletions(-)
+
+diff --git a/libnetwork/endpoint.go b/libnetwork/endpoint.go
+index 6638c15ff050c..f0aa234716ad7 100644
+--- a/libnetwork/endpoint.go
++++ b/libnetwork/endpoint.go
+@@ -569,8 +569,11 @@ func (ep *Endpoint) sbJoin(sb *Sandbox, options ...EndpointOption) (err error) {
+ 		return sb.setupDefaultGW()
+ 	}
+ 
+-	moveExtConn := sb.getGatewayEndpoint() != extEp
++	currentExtEp := sb.getGatewayEndpoint()
++	// Enable upstream forwarding if the sandbox gained external connectivity.
++	sb.resolver.SetForwardingPolicy(currentExtEp != nil)
+ 
++	moveExtConn := currentExtEp != extEp
+ 	if moveExtConn {
+ 		if extEp != nil {
+ 			log.G(context.TODO()).Debugf("Revoking external connectivity on endpoint %s (%s)", extEp.Name(), extEp.ID())
+@@ -764,6 +767,9 @@ func (ep *Endpoint) sbLeave(sb *Sandbox, force bool) error {
+ 
+ 	// New endpoint providing external connectivity for the sandbox
+ 	extEp = sb.getGatewayEndpoint()
++	// Disable upstream forwarding if the sandbox lost external connectivity.
++	sb.resolver.SetForwardingPolicy(extEp != nil)
++
+ 	if moveExtConn && extEp != nil {
+ 		log.G(context.TODO()).Debugf("Programming external connectivity on endpoint %s (%s)", extEp.Name(), extEp.ID())
+ 		extN, err := extEp.getNetworkFromStore()
+diff --git a/libnetwork/resolver.go b/libnetwork/resolver.go
+index 816f00ad68a44..1ce23f5d8fb8e 100644
+--- a/libnetwork/resolver.go
++++ b/libnetwork/resolver.go
+@@ -9,6 +9,7 @@ import (
+ 	"strconv"
+ 	"strings"
+ 	"sync"
++	"sync/atomic"
+ 	"time"
+ 
+ 	"github.com/containerd/log"
+@@ -75,7 +76,7 @@ type Resolver struct {
+ 	tcpListen     *net.TCPListener
+ 	err           error
+ 	listenAddress string
+-	proxyDNS      bool
++	proxyDNS      atomic.Bool
+ 	startCh       chan struct{}
+ 	logger        *log.Entry
+ 
+@@ -85,15 +86,17 @@ type Resolver struct {
+ 
+ // NewResolver creates a new instance of the Resolver
+ func NewResolver(address string, proxyDNS bool, backend DNSBackend) *Resolver {
+-	return &Resolver{
++	r := &Resolver{
+ 		backend:       backend,
+-		proxyDNS:      proxyDNS,
+ 		listenAddress: address,
+ 		err:           fmt.Errorf("setup not done yet"),
+ 		startCh:       make(chan struct{}, 1),
+ 		fwdSem:        semaphore.NewWeighted(maxConcurrent),
+ 		logInverval:   rate.Sometimes{Interval: logInterval},
+ 	}
++	r.proxyDNS.Store(proxyDNS)
++
++	return r
+ }
+ 
+ func (r *Resolver) log(ctx context.Context) *log.Entry {
+@@ -194,6 +197,14 @@ func (r *Resolver) SetExtServers(extDNS []extDNSEntry) {
+ 	}
+ }
+ 
++// SetForwardingPolicy re-configures the embedded DNS resolver to either enable or disable forwarding DNS queries to
++// external servers.
++func (r *Resolver) SetForwardingPolicy(policy bool) {
++	if r != nil {
++		r.proxyDNS.Store(policy)
++	}
++}
++
+ // NameServer returns the IP of the DNS resolver for the containers.
+ func (r *Resolver) NameServer() string {
+ 	return r.listenAddress
+@@ -421,7 +432,7 @@ func (r *Resolver) serveDNS(w dns.ResponseWriter, query *dns.Msg) {
+ 		return
+ 	}
+ 
+-	if r.proxyDNS {
++	if r.proxyDNS.Load() {
+ 		// If the user sets ndots > 0 explicitly and the query is
+ 		// in the root domain don't forward it out. We will return
+ 		// failure and let the client retry with the search domain
+diff --git a/libnetwork/sandbox_dns_unix.go b/libnetwork/sandbox_dns_unix.go
+index fb1827e4e3377..02edd0caa5439 100644
+--- a/libnetwork/sandbox_dns_unix.go
++++ b/libnetwork/sandbox_dns_unix.go
+@@ -44,10 +44,7 @@ func (sb *Sandbox) finishInitDNS() error {
+ func (sb *Sandbox) startResolver(restore bool) {
+ 	sb.resolverOnce.Do(func() {
+ 		var err error
+-		// The embedded resolver is always started with proxyDNS set as true, even when the sandbox is only attached to
+-		// an internal network. This way, it's the driver responsibility to make sure `connect` syscall fails fast when
+-		// no external connectivity is available (eg. by not setting a default gateway).
+-		sb.resolver = NewResolver(resolverIPSandbox, true, sb)
++		sb.resolver = NewResolver(resolverIPSandbox, sb.getGatewayEndpoint() != nil, sb)
+ 		defer func() {
+ 			if err != nil {
+ 				sb.resolver = nil
+
+From cf4b3950a1b137863e6534eeacc35de3c3862153 Mon Sep 17 00:00:00 2001
+From: Albin Kerouanton <albinker@gmail.com>
+Date: Wed, 20 Dec 2023 23:19:13 +0100
+Subject: [PATCH 2/3] inte/networking: rename linkLocal flag into isLinkLocal
+
+Signed-off-by: Albin Kerouanton <albinker@gmail.com>
+---
+ integration/networking/bridge_test.go | 8 ++++----
+ 1 file changed, 4 insertions(+), 4 deletions(-)
+
+diff --git a/integration/networking/bridge_test.go b/integration/networking/bridge_test.go
+index 6007449cd6c24..a0ce08d035187 100644
+--- a/integration/networking/bridge_test.go
++++ b/integration/networking/bridge_test.go
+@@ -36,7 +36,7 @@ func TestBridgeICC(t *testing.T) {
+ 		name           string
+ 		bridgeOpts     []func(*types.NetworkCreate)
+ 		ctr1MacAddress string
+-		linkLocal      bool
++		isLinkLocal    bool
+ 		pingHost       string
+ 	}{
+ 		{
+@@ -74,7 +74,7 @@ func TestBridgeICC(t *testing.T) {
+ 				// 2. the one dynamically assigned by the IPAM driver.
+ 				network.WithIPAM("fe80::/64", "fe80::1"),
+ 			},
+-			linkLocal: true,
++			isLinkLocal: true,
+ 		},
+ 		{
+ 			name: "IPv6 link-local address on internal network",
+@@ -84,7 +84,7 @@ func TestBridgeICC(t *testing.T) {
+ 				// See the note above about link-local addresses.
+ 				network.WithIPAM("fe80::/64", "fe80::1"),
+ 			},
+-			linkLocal: true,
++			isLinkLocal: true,
+ 		},
+ 		{
+ 			// As for 'LL non-internal', but ping the container by name instead of by address
+@@ -162,7 +162,7 @@ func TestBridgeICC(t *testing.T) {
+ 
+ 			pingHost := tc.pingHost
+ 			if pingHost == "" {
+-				if tc.linkLocal {
++				if tc.isLinkLocal {
+ 					inspect := container.Inspect(ctx, t, c, id1)
+ 					pingHost = inspect.NetworkSettings.Networks[bridgeName].GlobalIPv6Address + "%eth0"
+ 				} else {
+
+From 19b74dc69124227c4255ac589ab841f5ba111f80 Mon Sep 17 00:00:00 2001
+From: Albin Kerouanton <albinker@gmail.com>
+Date: Wed, 20 Dec 2023 23:19:58 +0100
+Subject: [PATCH 3/3] inte/networking: add isIPv6 flag
+
+Signed-off-by: Albin Kerouanton <albinker@gmail.com>
+---
+ integration/networking/bridge_test.go | 13 ++++++++++++-
+ 1 file changed, 12 insertions(+), 1 deletion(-)
+
+diff --git a/integration/networking/bridge_test.go b/integration/networking/bridge_test.go
+index a0ce08d035187..0d8c5d491ce2e 100644
+--- a/integration/networking/bridge_test.go
++++ b/integration/networking/bridge_test.go
+@@ -36,6 +36,7 @@ func TestBridgeICC(t *testing.T) {
+ 		name           string
+ 		bridgeOpts     []func(*types.NetworkCreate)
+ 		ctr1MacAddress string
++		isIPv6         bool
+ 		isLinkLocal    bool
+ 		pingHost       string
+ 	}{
+@@ -55,6 +56,7 @@ func TestBridgeICC(t *testing.T) {
+ 				network.WithIPv6(),
+ 				network.WithIPAM("fdf1:a844:380c:b200::/64", "fdf1:a844:380c:b200::1"),
+ 			},
++			isIPv6: true,
+ 		},
+ 		{
+ 			name: "IPv6 ULA on internal network",
+@@ -63,6 +65,7 @@ func TestBridgeICC(t *testing.T) {
+ 				network.WithInternal(),
+ 				network.WithIPAM("fdf1:a844:380c:b247::/64", "fdf1:a844:380c:b247::1"),
+ 			},
++			isIPv6: true,
+ 		},
+ 		{
+ 			name: "IPv6 link-local address on non-internal network",
+@@ -75,6 +78,7 @@ func TestBridgeICC(t *testing.T) {
+ 				network.WithIPAM("fe80::/64", "fe80::1"),
+ 			},
+ 			isLinkLocal: true,
++			isIPv6:      true,
+ 		},
+ 		{
+ 			name: "IPv6 link-local address on internal network",
+@@ -85,6 +89,7 @@ func TestBridgeICC(t *testing.T) {
+ 				network.WithIPAM("fe80::/64", "fe80::1"),
+ 			},
+ 			isLinkLocal: true,
++			isIPv6:      true,
+ 		},
+ 		{
+ 			// As for 'LL non-internal', but ping the container by name instead of by address
+@@ -122,6 +127,7 @@ func TestBridgeICC(t *testing.T) {
+ 			// specify one here to hardcode the SLAAC LL address below.
+ 			ctr1MacAddress: "02:42:ac:11:00:02",
+ 			pingHost:       "fe80::42:acff:fe11:2%eth0",
++			isIPv6:         true,
+ 		},
+ 		{
+ 			name: "IPv6 internal network with SLAAC LL address",
+@@ -133,6 +139,7 @@ func TestBridgeICC(t *testing.T) {
+ 			// specify one here to hardcode the SLAAC LL address below.
+ 			ctr1MacAddress: "02:42:ac:11:00:02",
+ 			pingHost:       "fe80::42:acff:fe11:2%eth0",
++			isIPv6:         true,
+ 		},
+ 	}
+ 
+@@ -170,7 +177,11 @@ func TestBridgeICC(t *testing.T) {
+ 				}
+ 			}
+ 
+-			pingCmd := []string{"ping", "-c1", "-W3", pingHost}
++			pingCmd := []string{"ping", "-c1", "-W3"}
++			if tc.isIPv6 {
++				pingCmd = append(pingCmd, "-6")
++			}
++			pingCmd = append(pingCmd, pingHost)
+ 
+ 			ctr2Name := fmt.Sprintf("ctr-icc-%d-2", tcID)
+ 			attachCtx, cancel := context.WithTimeout(ctx, 5*time.Second)
diff --git a/SPECS/moby-engine/moby-engine.spec b/SPECS/moby-engine/moby-engine.spec
index e350178d777..31b03d8ce53 100644
--- a/SPECS/moby-engine/moby-engine.spec
+++ b/SPECS/moby-engine/moby-engine.spec
@@ -3,7 +3,7 @@
 Summary: The open-source application container engine
 Name:    moby-engine
 Version: 25.0.3
-Release: 5%{?dist}
+Release: 6%{?dist}
 License: ASL 2.0
 Group:   Tools/Container
 URL: https://mobyproject.org
@@ -17,6 +17,7 @@ Source2: docker.socket
 Patch0:  CVE-2022-2879.patch
 Patch1:  enable-docker-proxy-libexec-search.patch
 Patch2:  CVE-2024-41110.patch
+Patch3:  CVE-2024-29018.patch
 
 %{?systemd_requires}
 
@@ -112,6 +113,9 @@ fi
 %{_unitdir}/*
 
 %changelog
+* Mon Aug 19 2024 Suresh Thelkar <sthelkar@microsoft.com> - 25.0.3-6
+- Patch CVE-2024-29018
+
 * Tue Aug 13 2024 Rohit Rawat <rohitrawat@microsoft.com> - 25.0.3-5
 - Address CVE-2024-41110
 

From 68411e8a6c7008fab8c988bbf57044e1486f6c79 Mon Sep 17 00:00:00 2001
From: Archana Choudhary <36061892+arc9693@users.noreply.github.com>
Date: Fri, 20 Sep 2024 22:48:18 +0530
Subject: [PATCH 02/59] rabbitmq-server: upgrade to 3.13.7 to fix
 CVE-2023-50966 (#10470)

---
 SPECS/rabbitmq-server/rabbitmq-server.signatures.json | 2 +-
 SPECS/rabbitmq-server/rabbitmq-server.spec            | 7 ++++++-
 cgmanifest.json                                       | 4 ++--
 3 files changed, 9 insertions(+), 4 deletions(-)

diff --git a/SPECS/rabbitmq-server/rabbitmq-server.signatures.json b/SPECS/rabbitmq-server/rabbitmq-server.signatures.json
index a5d8beccb9e..879e4ca743a 100644
--- a/SPECS/rabbitmq-server/rabbitmq-server.signatures.json
+++ b/SPECS/rabbitmq-server/rabbitmq-server.signatures.json
@@ -1,5 +1,5 @@
 {
  "Signatures": {
-  "rabbitmq-server-3.13.0.tar.xz": "3715e559a69b138a5d0a4bf242ee69f3264d4f5cf3c1e3726c66d9d33476d4ef"
+  "rabbitmq-server-3.13.7.tar.xz": "18353262e77085048bac55cedb55b77f0987dad97649317d812b99b1bdc6661d"
  }
 }
diff --git a/SPECS/rabbitmq-server/rabbitmq-server.spec b/SPECS/rabbitmq-server/rabbitmq-server.spec
index ae347bf6d67..c3753a44bc0 100644
--- a/SPECS/rabbitmq-server/rabbitmq-server.spec
+++ b/SPECS/rabbitmq-server/rabbitmq-server.spec
@@ -1,7 +1,7 @@
 %define  debug_package %{nil}
 Summary:        rabbitmq-server
 Name:           rabbitmq-server
-Version:        3.13.0
+Version:        3.13.7
 Release:        1%{?dist}
 License:        Apache-2.0 and MPL 2.0
 Vendor:         Microsoft Corporation
@@ -65,6 +65,11 @@ done
 %{_libdir}/rabbitmq/lib/rabbitmq_server-%{version}/*
 
 %changelog
+* Tue Sep 17 2024 Archana Choudhary <archana1@microsoft.com> - 3.13.7-1
+- Upgrade rabbitmq-server to version 3.13.7
+- deps/jose is updated to 1.11.10
+- Fixes CVE-2023-50966
+
 * Thu Mar 28 2024 Sam Meluch <sammeluch@microsoft.com> - 3.13.0-1
 - Upgrade rabbitmq-server to version 3.13.0 for Azure Linux 3.0
 - Remove now unused vendor tarballs
diff --git a/cgmanifest.json b/cgmanifest.json
index 7937de4e809..91edc218d53 100644
--- a/cgmanifest.json
+++ b/cgmanifest.json
@@ -25343,8 +25343,8 @@
         "type": "other",
         "other": {
           "name": "rabbitmq-server",
-          "version": "3.13.0",
-          "downloadUrl": "https://github.com/rabbitmq/rabbitmq-server/releases/download/v3.13.0/rabbitmq-server-3.13.0.tar.xz"
+          "version": "3.13.7",
+          "downloadUrl": "https://github.com/rabbitmq/rabbitmq-server/releases/download/v3.13.7/rabbitmq-server-3.13.7.tar.xz"
         }
       }
     },

From 6d33e8aa5faeb7351660478dbe1e5c46c8919c5c Mon Sep 17 00:00:00 2001
From: Archana Choudhary <36061892+arc9693@users.noreply.github.com>
Date: Fri, 20 Sep 2024 22:48:32 +0530
Subject: [PATCH 03/59] pytorch: add patch for CVE-2024-27318, CVE-2022-1941
 (#10469)

---
 SPECS/pytorch/CVE-2022-1941.patch  | 352 +++++++++++++++++++++++++++
 SPECS/pytorch/CVE-2024-27318.patch | 375 +++++++++++++++++++++++++++++
 SPECS/pytorch/pytorch.spec         |  10 +-
 3 files changed, 735 insertions(+), 2 deletions(-)
 create mode 100644 SPECS/pytorch/CVE-2022-1941.patch
 create mode 100644 SPECS/pytorch/CVE-2024-27318.patch

diff --git a/SPECS/pytorch/CVE-2022-1941.patch b/SPECS/pytorch/CVE-2022-1941.patch
new file mode 100644
index 00000000000..cd961581a22
--- /dev/null
+++ b/SPECS/pytorch/CVE-2022-1941.patch
@@ -0,0 +1,352 @@
+# Patch generated by Archana Choudhary <archana1@microsoft.com>
+# Source: https://github.com/protocolbuffers/protobuf/commit/55815e423bb82cc828836bbd60c79c1f9a195763
+
+diff --color -ruN a/third_party/protobuf/src/google/protobuf/extension_set_inl.h b/third_party/protobuf/src/google/protobuf/extension_set_inl.h
+--- a/third_party/protobuf/src/google/protobuf/extension_set_inl.h	2024-03-27 22:28:55.000000000 +0000
++++ b/third_party/protobuf/src/google/protobuf/extension_set_inl.h	2024-09-18 11:49:16.390834276 +0000
+@@ -206,16 +206,21 @@
+     const char* ptr, const Msg* containing_type,
+     internal::InternalMetadata* metadata, internal::ParseContext* ctx) {
+   std::string payload;
+-  uint32 type_id = 0;
+-  bool payload_read = false;
++  uint32 type_id;
++  enum class State { kNoTag, kHasType, kHasPayload, kDone };
++  State state = State::kNoTag;
++
+   while (!ctx->Done(&ptr)) {
+     uint32 tag = static_cast<uint8>(*ptr++);
+     if (tag == WireFormatLite::kMessageSetTypeIdTag) {
+       uint64 tmp;
+       ptr = ParseBigVarint(ptr, &tmp);
+       GOOGLE_PROTOBUF_PARSER_ASSERT(ptr);
+-      type_id = tmp;
+-      if (payload_read) {
++      if (state == State::kNoTag) {
++        type_id = tmp;
++        state = State::kHasType;
++      } else if (state == State::kHasPayload) {
++        type_id = tmp;
+         ExtensionInfo extension;
+         bool was_packed_on_wire;
+         if (!FindExtension(2, type_id, containing_type, ctx, &extension,
+@@ -241,20 +246,24 @@
+           GOOGLE_PROTOBUF_PARSER_ASSERT(value->_InternalParse(p, &tmp_ctx) &&
+                                          tmp_ctx.EndedAtLimit());
+         }
+-        type_id = 0;
++        state = State::kDone;
+       }
+     } else if (tag == WireFormatLite::kMessageSetMessageTag) {
+-      if (type_id != 0) {
++      if (state == State::kHasType) {
+         ptr = ParseFieldMaybeLazily(static_cast<uint64>(type_id) * 8 + 2, ptr,
+                                     containing_type, metadata, ctx);
+         GOOGLE_PROTOBUF_PARSER_ASSERT(ptr != nullptr);
+-        type_id = 0;
++        state = State::kDone;
+       } else {
++        std::string tmp;
+         int32 size = ReadSize(&ptr);
+         GOOGLE_PROTOBUF_PARSER_ASSERT(ptr);
+-        ptr = ctx->ReadString(ptr, size, &payload);
++        ptr = ctx->ReadString(ptr, size, &tmp);
+         GOOGLE_PROTOBUF_PARSER_ASSERT(ptr);
+-        payload_read = true;
++        if (state == State::kNoTag) {
++          payload = std::move(tmp);
++          state = State::kHasPayload;
++        }
+       }
+     } else {
+       ptr = ReadTag(ptr - 1, &tag);
+diff --color -ruN a/third_party/protobuf/src/google/protobuf/wire_format.cc b/third_party/protobuf/src/google/protobuf/wire_format.cc
+--- a/third_party/protobuf/src/google/protobuf/wire_format.cc	2024-03-27 22:28:55.000000000 +0000
++++ b/third_party/protobuf/src/google/protobuf/wire_format.cc	2024-09-18 11:49:16.390834276 +0000
+@@ -659,9 +659,11 @@
+   const char* _InternalParse(const char* ptr, internal::ParseContext* ctx) {
+     // Parse a MessageSetItem
+     auto metadata = reflection->MutableInternalMetadata(msg);
++    enum class State { kNoTag, kHasType, kHasPayload, kDone };
++    State state = State::kNoTag;
++
+     std::string payload;
+     uint32 type_id = 0;
+-    bool payload_read = false;
+     while (!ctx->Done(&ptr)) {
+       // We use 64 bit tags in order to allow typeid's that span the whole
+       // range of 32 bit numbers.
+@@ -670,8 +672,11 @@
+         uint64 tmp;
+         ptr = ParseBigVarint(ptr, &tmp);
+         GOOGLE_PROTOBUF_PARSER_ASSERT(ptr);
+-        type_id = tmp;
+-        if (payload_read) {
++        if (state == State::kNoTag) {
++          type_id = tmp;
++          state = State::kHasType;
++        } else if (state == State::kHasPayload) {
++          type_id = tmp;
+           const FieldDescriptor* field;
+           if (ctx->data().pool == nullptr) {
+             field = reflection->FindKnownExtensionByNumber(type_id);
+@@ -698,17 +703,17 @@
+             GOOGLE_PROTOBUF_PARSER_ASSERT(value->_InternalParse(p, &tmp_ctx) &&
+                                            tmp_ctx.EndedAtLimit());
+           }
+-          type_id = 0;
++          state = State::kDone;
+         }
+         continue;
+       } else if (tag == WireFormatLite::kMessageSetMessageTag) {
+-        if (type_id == 0) {
++        if (state == State::kNoTag) {
+           int32 size = ReadSize(&ptr);
+           GOOGLE_PROTOBUF_PARSER_ASSERT(ptr);
+           ptr = ctx->ReadString(ptr, size, &payload);
+           GOOGLE_PROTOBUF_PARSER_ASSERT(ptr);
+-          payload_read = true;
+-        } else {
++          state = State::kHasPayload;
++        } else if (state == State::kHasType) {
+           // We're now parsing the payload
+           const FieldDescriptor* field = nullptr;
+           if (descriptor->IsExtensionNumber(type_id)) {
+@@ -722,7 +727,12 @@
+           ptr = WireFormat::_InternalParseAndMergeField(
+               msg, ptr, ctx, static_cast<uint64>(type_id) * 8 + 2, reflection,
+               field);
+-          type_id = 0;
++          state = State::kDone;
++        } else {
++          int32 size = ReadSize(&ptr);
++          GOOGLE_PROTOBUF_PARSER_ASSERT(ptr);
++          ptr = ctx->Skip(ptr, size);
++          GOOGLE_PROTOBUF_PARSER_ASSERT(ptr);
+         }
+       } else {
+         // An unknown field in MessageSetItem.
+diff --color -ruN a/third_party/protobuf/src/google/protobuf/wire_format_lite.h b/third_party/protobuf/src/google/protobuf/wire_format_lite.h
+--- a/third_party/protobuf/src/google/protobuf/wire_format_lite.h	2024-03-27 22:28:55.000000000 +0000
++++ b/third_party/protobuf/src/google/protobuf/wire_format_lite.h	2024-09-18 11:49:16.390834276 +0000
+@@ -1798,6 +1798,9 @@
+   // we can parse it later.
+   std::string message_data;
+ 
++  enum class State { kNoTag, kHasType, kHasPayload, kDone };
++  State state = State::kNoTag;
++
+   while (true) {
+     const uint32 tag = input->ReadTagNoLastTag();
+     if (tag == 0) return false;
+@@ -1806,26 +1809,34 @@
+       case WireFormatLite::kMessageSetTypeIdTag: {
+         uint32 type_id;
+         if (!input->ReadVarint32(&type_id)) return false;
+-        last_type_id = type_id;
+-
+-        if (!message_data.empty()) {
++        if (state == State::kNoTag) {
++          last_type_id = type_id;
++          state = State::kHasType;
++        } else if (state == State::kHasPayload) {
+           // We saw some message data before the type_id.  Have to parse it
+           // now.
+           io::CodedInputStream sub_input(
+               reinterpret_cast<const uint8*>(message_data.data()),
+               static_cast<int>(message_data.size()));
+           sub_input.SetRecursionLimit(input->RecursionBudget());
+-          if (!ms.ParseField(last_type_id, &sub_input)) {
++          if (!ms.ParseField(type_id, &sub_input)) {
+             return false;
+           }
+           message_data.clear();
++          state = State::kDone;
+         }
+ 
+         break;
+       }
+ 
+       case WireFormatLite::kMessageSetMessageTag: {
+-        if (last_type_id == 0) {
++        if (state == State::kHasType) {
++          // Already saw type_id, so we can parse this directly.
++          if (!ms.ParseField(last_type_id, input)) {
++            return false;
++          }
++          state = State::kDone;
++        } else if (state == State::kNoTag) {
+           // We haven't seen a type_id yet.  Append this data to message_data.
+           uint32 length;
+           if (!input->ReadVarint32(&length)) return false;
+@@ -1836,11 +1847,9 @@
+           auto ptr = reinterpret_cast<uint8*>(&message_data[0]);
+           ptr = io::CodedOutputStream::WriteVarint32ToArray(length, ptr);
+           if (!input->ReadRaw(ptr, length)) return false;
++          state = State::kHasPayload;
+         } else {
+-          // Already saw type_id, so we can parse this directly.
+-          if (!ms.ParseField(last_type_id, input)) {
+-            return false;
+-          }
++          if (!ms.SkipField(tag, input)) return false;
+         }
+ 
+         break;
+diff --color -ruN a/third_party/protobuf/src/google/protobuf/wire_format_unittest.cc b/third_party/protobuf/src/google/protobuf/wire_format_unittest.cc
+--- a/third_party/protobuf/src/google/protobuf/wire_format_unittest.cc	2024-03-27 22:28:55.000000000 +0000
++++ b/third_party/protobuf/src/google/protobuf/wire_format_unittest.cc	2024-09-18 11:49:16.394834273 +0000
+@@ -47,6 +47,7 @@
+ #include <google/protobuf/io/zero_copy_stream_impl.h>
+ #include <google/protobuf/io/zero_copy_stream_impl_lite.h>
+ #include <google/protobuf/descriptor.h>
++#include <google/protobuf/dynamic_message.h>
+ #include <google/protobuf/wire_format_lite.h>
+ #include <google/protobuf/testing/googletest.h>
+ #include <gmock/gmock.h>
+@@ -585,30 +586,56 @@
+   EXPECT_EQ(message_set.DebugString(), dynamic_message_set.DebugString());
+ }
+ 
+-TEST(WireFormatTest, ParseMessageSetWithReverseTagOrder) {
++namespace {
++std::string BuildMessageSetItemStart() {
+   std::string data;
+   {
+-    unittest::TestMessageSetExtension1 message;
+-    message.set_i(123);
+-    // Build a MessageSet manually with its message content put before its
+-    // type_id.
+     io::StringOutputStream output_stream(&data);
+     io::CodedOutputStream coded_output(&output_stream);
+     coded_output.WriteTag(WireFormatLite::kMessageSetItemStartTag);
++  }
++  return data;
++}
++std::string BuildMessageSetItemEnd() {
++  std::string data;
++  {
++    io::StringOutputStream output_stream(&data);
++    io::CodedOutputStream coded_output(&output_stream);
++    coded_output.WriteTag(WireFormatLite::kMessageSetItemEndTag);
++  }
++  return data;
++}
++std::string BuildMessageSetTestExtension1(int value = 123) {
++  std::string data;
++  {
++    unittest::TestMessageSetExtension1 message;
++    message.set_i(value);
++    io::StringOutputStream output_stream(&data);
++    io::CodedOutputStream coded_output(&output_stream);
+     // Write the message content first.
+     WireFormatLite::WriteTag(WireFormatLite::kMessageSetMessageNumber,
+                              WireFormatLite::WIRETYPE_LENGTH_DELIMITED,
+                              &coded_output);
+     coded_output.WriteVarint32(message.ByteSizeLong());
+     message.SerializeWithCachedSizes(&coded_output);
+-    // Write the type id.
+-    uint32 type_id = message.GetDescriptor()->extension(0)->number();
++  }
++  return data;
++}
++std::string BuildMessageSetItemTypeId(int extension_number) {
++  std::string data;
++  {
++    io::StringOutputStream output_stream(&data);
++    io::CodedOutputStream coded_output(&output_stream);
+     WireFormatLite::WriteUInt32(WireFormatLite::kMessageSetTypeIdNumber,
+-                                type_id, &coded_output);
+-    coded_output.WriteTag(WireFormatLite::kMessageSetItemEndTag);
++                                extension_number, &coded_output);
+   }
++  return data;
++}
++void ValidateTestMessageSet(const std::string& test_case,
++                            const std::string& data) {
++  SCOPED_TRACE(test_case);
+   {
+-    proto2_wireformat_unittest::TestMessageSet message_set;
++    ::proto2_wireformat_unittest::TestMessageSet message_set;
+     ASSERT_TRUE(message_set.ParseFromString(data));
+ 
+     EXPECT_EQ(123,
+@@ -616,10 +643,15 @@
+                   .GetExtension(
+                       unittest::TestMessageSetExtension1::message_set_extension)
+                   .i());
++
++    // Make sure it does not contain anything else.
++    message_set.ClearExtension(
++        unittest::TestMessageSetExtension1::message_set_extension);
++    EXPECT_EQ(message_set.SerializeAsString(), "");
+   }
+   {
+     // Test parse the message via Reflection.
+-    proto2_wireformat_unittest::TestMessageSet message_set;
++    ::proto2_wireformat_unittest::TestMessageSet message_set;
+     io::CodedInputStream input(reinterpret_cast<const uint8*>(data.data()),
+                                data.size());
+     EXPECT_TRUE(WireFormat::ParseAndMergePartial(&input, &message_set));
+@@ -631,6 +663,61 @@
+                       unittest::TestMessageSetExtension1::message_set_extension)
+                   .i());
+   }
++  {
++    // Test parse the message via DynamicMessage.
++    DynamicMessageFactory factory;
++    std::unique_ptr<Message> msg(
++        factory
++            .GetPrototype(
++                ::proto2_wireformat_unittest::TestMessageSet::descriptor())
++            ->New());
++    msg->ParseFromString(data);
++    auto* reflection = msg->GetReflection();
++    std::vector<const FieldDescriptor*> fields;
++    reflection->ListFields(*msg, &fields);
++    ASSERT_EQ(fields.size(), 1);
++    const auto& sub = reflection->GetMessage(*msg, fields[0]);
++    reflection = sub.GetReflection();
++    EXPECT_EQ(123, reflection->GetInt32(
++                       sub, sub.GetDescriptor()->FindFieldByName("i")));
++  }
++}
++}  // namespace
++
++TEST(WireFormatTest, ParseMessageSetWithAnyTagOrder) {
++  std::string start = BuildMessageSetItemStart();
++  std::string end = BuildMessageSetItemEnd();
++  std::string id = BuildMessageSetItemTypeId(
++      unittest::TestMessageSetExtension1::descriptor()->extension(0)->number());
++  std::string message = BuildMessageSetTestExtension1();
++
++  ValidateTestMessageSet("id + message", start + id + message + end);
++  ValidateTestMessageSet("message + id", start + message + id + end);
++}
++
++TEST(WireFormatTest, ParseMessageSetWithDuplicateTags) {
++  std::string start = BuildMessageSetItemStart();
++  std::string end = BuildMessageSetItemEnd();
++  std::string id = BuildMessageSetItemTypeId(
++      unittest::TestMessageSetExtension1::descriptor()->extension(0)->number());
++  std::string other_id = BuildMessageSetItemTypeId(123456);
++  std::string message = BuildMessageSetTestExtension1();
++  std::string other_message = BuildMessageSetTestExtension1(321);
++
++  // Double id
++  ValidateTestMessageSet("id + other_id + message",
++                         start + id + other_id + message + end);
++  ValidateTestMessageSet("id + message + other_id",
++                         start + id + message + other_id + end);
++  ValidateTestMessageSet("message + id + other_id",
++                         start + message + id + other_id + end);
++  // Double message
++  ValidateTestMessageSet("id + message + other_message",
++                         start + id + message + other_message + end);
++  ValidateTestMessageSet("message + id + other_message",
++                         start + message + id + other_message + end);
++  ValidateTestMessageSet("message + other_message + id",
++                         start + message + other_message + id + end);
+ }
+ 
+ void SerializeReverseOrder(
diff --git a/SPECS/pytorch/CVE-2024-27318.patch b/SPECS/pytorch/CVE-2024-27318.patch
new file mode 100644
index 00000000000..40c1c7a7bff
--- /dev/null
+++ b/SPECS/pytorch/CVE-2024-27318.patch
@@ -0,0 +1,375 @@
+From 4458baf0be43d07acc2adab99d48689f78ff1fe1 Mon Sep 17 00:00:00 2001
+From: liqun Fu <liqfu@microsoft.com>
+Date: Mon, 19 Feb 2024 11:12:40 -0800
+Subject: [PATCH] Fix path sanitization bypass leading to arbitrary read
+ (#5917)
+
+Signed-off-by: liqunfu <liqun.fu@microsoft.com>
+Signed-off-by: liqun Fu <liqun.fu@microsoft.com>
+Co-authored-by: Justin Chu <justinchuby@users.noreply.github.com>
+(cherry picked from commit 66b7fb630903fdcf3e83b6b6d56d82e904264a20)
+---
+ onnx/checker.cc                 | 168 +++++++++++++++++---------------
+ onnx/checker.h                  |   5 +-
+ onnx/common/path.h              |  15 ++-
+ onnx/cpp2py_export.cc           |   2 +
+ onnx/external_data_helper.py    |  15 +--
+ onnx/test/test_external_data.py |  47 +++++++++
+ 6 files changed, 158 insertions(+), 94 deletions(-)
+
+diff --git a/third_party/onnx/onnx/checker.cc b/third_party/onnx/onnx/checker.cc
+index fac56f5655f..66716e97f92 100644
+--- a/third_party/onnx/onnx/checker.cc
++++ b/third_party/onnx/onnx/checker.cc
+@@ -13,7 +13,6 @@
+ #include <vector>
+ 
+ #include "onnx/common/file_utils.h"
+-#include "onnx/common/path.h"
+ #include "onnx/defs/schema.h"
+ #include "onnx/defs/tensor_proto_util.h"
+ #include "onnx/proto_utils.h"
+@@ -135,85 +134,7 @@ void check_tensor(const TensorProto& tensor, const CheckerContext& ctx) {
+     for (const StringStringEntryProto& entry : tensor.external_data()) {
+       if (entry.has_key() && entry.has_value() && entry.key() == "location") {
+         has_location = true;
+-#ifdef _WIN32
+-        auto file_path = std::filesystem::path(utf8str_to_wstring(entry.value()));
+-        if (file_path.is_absolute()) {
+-          fail_check(
+-              "Location of external TensorProto ( tensor name: ",
+-              tensor.name(),
+-              ") should be a relative path, but it is an absolute path: ",
+-              entry.value());
+-        }
+-        auto relative_path = file_path.lexically_normal().make_preferred().wstring();
+-        // Check that normalized relative path contains ".." on Windows.
+-        if (relative_path.find(L"..", 0) != std::string::npos) {
+-          fail_check(
+-              "Data of TensorProto ( tensor name: ",
+-              tensor.name(),
+-              ") should be file inside the ",
+-              ctx.get_model_dir(),
+-              ", but the '",
+-              entry.value(),
+-              "' points outside the directory");
+-        }
+-        std::wstring data_path = path_join(utf8str_to_wstring(ctx.get_model_dir()), relative_path);
+-        struct _stat64 buff;
+-        if (_wstat64(data_path.c_str(), &buff) != 0) {
+-          fail_check(
+-              "Data of TensorProto ( tensor name: ",
+-              tensor.name(),
+-              ") should be stored in ",
+-              entry.value(),
+-              ", but it doesn't exist or is not accessible.");
+-        }
+-#else // POSIX
+-        if (entry.value().empty()) {
+-          fail_check("Location of external TensorProto ( tensor name: ", tensor.name(), ") should not be empty.");
+-        } else if (entry.value()[0] == '/') {
+-          fail_check(
+-              "Location of external TensorProto ( tensor name: ",
+-              tensor.name(),
+-              ") should be a relative path, but it is an absolute path: ",
+-              entry.value());
+-        }
+-        std::string relative_path = clean_relative_path(entry.value());
+-        // Check that normalized relative path contains ".." on POSIX
+-        if (relative_path.find("..", 0) != std::string::npos) {
+-          fail_check(
+-              "Data of TensorProto ( tensor name: ",
+-              tensor.name(),
+-              ") should be file inside the ",
+-              ctx.get_model_dir(),
+-              ", but the '",
+-              entry.value(),
+-              "' points outside the directory");
+-        }
+-        std::string data_path = path_join(ctx.get_model_dir(), relative_path);
+-        // use stat64 to check whether the file exists
+-#if defined(__APPLE__) || defined(__wasm__) || !defined(__GLIBC__)
+-        struct stat buffer; // APPLE, wasm and non-glic stdlibs do not have stat64
+-        if (stat((data_path).c_str(), &buffer) != 0) {
+-#else
+-        struct stat64 buffer; // All POSIX under glibc except APPLE and wasm have stat64
+-        if (stat64((data_path).c_str(), &buffer) != 0) {
+-#endif
+-          fail_check(
+-              "Data of TensorProto ( tensor name: ",
+-              tensor.name(),
+-              ") should be stored in ",
+-              data_path,
+-              ", but it doesn't exist or is not accessible.");
+-        }
+-        // Do not allow symlinks or directories.
+-        if (!S_ISREG(buffer.st_mode)) {
+-          fail_check(
+-              "Data of TensorProto ( tensor name: ",
+-              tensor.name(),
+-              ") should be stored in ",
+-              data_path,
+-              ", but it is not regular file.");
+-        }
+-#endif
++        resolve_external_data_location(ctx.get_model_dir(), entry.value(), tensor.name());
+       }
+     }
+     if (!has_location) {
+@@ -1054,6 +975,93 @@ void check_model(const ModelProto& model, bool full_check, bool skip_opset_compa
+   }
+ }
+ 
++std::string resolve_external_data_location(
++    const std::string& base_dir,
++    const std::string& location,
++    const std::string& tensor_name) {
++#ifdef _WIN32
++  auto file_path = std::filesystem::path(utf8str_to_wstring(location));
++  if (file_path.is_absolute()) {
++    fail_check(
++        "Location of external TensorProto ( tensor name: ",
++        tensor_name,
++        ") should be a relative path, but it is an absolute path: ",
++        location);
++  }
++  auto relative_path = file_path.lexically_normal().make_preferred().wstring();
++  // Check that normalized relative path contains ".." on Windows.
++  if (relative_path.find(L"..", 0) != std::string::npos) {
++    fail_check(
++        "Data of TensorProto ( tensor name: ",
++        tensor_name,
++        ") should be file inside the ",
++        base_dir,
++        ", but the '",
++        location,
++        "' points outside the directory");
++  }
++  std::wstring data_path = path_join(utf8str_to_wstring(base_dir), relative_path);
++  struct _stat64 buff;
++  if (data_path.empty() || (data_path[0] != '#' && _wstat64(data_path.c_str(), &buff) != 0)) {
++    fail_check(
++        "Data of TensorProto ( tensor name: ",
++        tensor_name,
++        ") should be stored in ",
++        location,
++        ", but it doesn't exist or is not accessible.");
++  }
++  return wstring_to_utf8str(data_path);
++#else // POSIX
++  if (location.empty()) {
++    fail_check("Location of external TensorProto ( tensor name: ", tensor_name, ") should not be empty.");
++  } else if (location[0] == '/') {
++    fail_check(
++        "Location of external TensorProto ( tensor name: ",
++        tensor_name,
++        ") should be a relative path, but it is an absolute path: ",
++        location);
++  }
++  std::string relative_path = clean_relative_path(location);
++  // Check that normalized relative path contains ".." on POSIX
++  if (relative_path.find("..", 0) != std::string::npos) {
++    fail_check(
++        "Data of TensorProto ( tensor name: ",
++        tensor_name,
++        ") should be file inside the ",
++        base_dir,
++        ", but the '",
++        location,
++        "' points outside the directory");
++  }
++  std::string data_path = path_join(base_dir, relative_path);
++  // use stat64 to check whether the file exists
++#if defined(__APPLE__) || defined(__wasm__) || !defined(__GLIBC__)
++  struct stat buffer; // APPLE, wasm and non-glic stdlibs do not have stat64
++  if (data_path.empty() || (data_path[0] != '#' && stat((data_path).c_str(), &buffer) != 0)) {
++#else
++  struct stat64 buffer; // All POSIX under glibc except APPLE and wasm have stat64
++  if (data_path.empty() || (data_path[0] != '#' && stat64((data_path).c_str(), &buffer) != 0)) {
++#endif
++    fail_check(
++        "Data of TensorProto ( tensor name: ",
++        tensor_name,
++        ") should be stored in ",
++        data_path,
++        ", but it doesn't exist or is not accessible.");
++  }
++  // Do not allow symlinks or directories.
++  if (data_path.empty() || (data_path[0] != '#' && !S_ISREG(buffer.st_mode))) {
++    fail_check(
++        "Data of TensorProto ( tensor name: ",
++        tensor_name,
++        ") should be stored in ",
++        data_path,
++        ", but it is not regular file.");
++  }
++  return data_path;
++#endif
++}
++
+ std::set<std::string> experimental_ops = {
+     "ATen",
+     "Affine",
+diff --git a/third_party/onnx/onnx/checker.h b/third_party/onnx/onnx/checker.h
+index 6796acab222..83012213469 100644
+--- a/third_party/onnx/onnx/checker.h
++++ b/third_party/onnx/onnx/checker.h
+@@ -160,7 +160,10 @@ void check_model_local_functions(
+ 
+ void check_model(const ModelProto& model, bool full_check = false, bool skip_opset_compatibility_check = false);
+ void check_model(const std::string& model_path, bool full_check = false, bool skip_opset_compatibility_check = false);
+-
++std::string resolve_external_data_location(
++    const std::string& base_dir,
++    const std::string& location,
++    const std::string& tensor_name);
+ bool check_is_experimental_op(const NodeProto& node);
+ 
+ } // namespace checker
+diff --git a/third_party/onnx/onnx/common/path.h b/third_party/onnx/onnx/common/path.h
+index 6eaf5e67baf..09212747f7f 100644
+--- a/third_party/onnx/onnx/common/path.h
++++ b/third_party/onnx/onnx/common/path.h
+@@ -31,11 +31,22 @@ inline std::wstring utf8str_to_wstring(const std::string& utf8str) {
+   if (utf8str.size() > INT_MAX) {
+     fail_check("utf8str_to_wstring: string is too long for converting to wstring.");
+   }
+-  int size_required = MultiByteToWideChar(CP_UTF8, 0, utf8str.c_str(), (int)utf8str.size(), NULL, 0);
++  int size_required = MultiByteToWideChar(CP_UTF8, 0, utf8str.c_str(), static_cast<int>(utf8str.size()), NULL, 0);
+   std::wstring ws_str(size_required, 0);
+-  MultiByteToWideChar(CP_UTF8, 0, utf8str.c_str(), (int)utf8str.size(), &ws_str[0], size_required);
++  MultiByteToWideChar(CP_UTF8, 0, utf8str.c_str(), static_cast<int>(utf8str.size()), &ws_str[0], size_required);
+   return ws_str;
+ }
++inline std::string wstring_to_utf8str(const std::wstring& ws_str) {
++  if (ws_str.size() > INT_MAX) {
++    fail_check("wstring_to_utf8str: string is too long for converting to UTF-8.");
++  }
++  int size_required =
++      WideCharToMultiByte(CP_UTF8, 0, ws_str.c_str(), static_cast<int>(ws_str.size()), NULL, 0, NULL, NULL);
++  std::string utf8str(size_required, 0);
++  WideCharToMultiByte(
++      CP_UTF8, 0, ws_str.c_str(), static_cast<int>(ws_str.size()), &utf8str[0], size_required, NULL, NULL);
++  return utf8str;
++}
+ 
+ #else
+ std::string path_join(const std::string& origin, const std::string& append);
+diff --git a/third_party/onnx/onnx/cpp2py_export.cc b/third_party/onnx/onnx/cpp2py_export.cc
+index bc2594db0db..83cea68f3eb 100644
+--- a/third_party/onnx/onnx/cpp2py_export.cc
++++ b/third_party/onnx/onnx/cpp2py_export.cc
+@@ -545,6 +545,8 @@ PYBIND11_MODULE(onnx_cpp2py_export, onnx_cpp2py_export) {
+       "full_check"_a = false,
+       "skip_opset_compatibility_check"_a = false);
+ 
++  checker.def("_resolve_external_data_location", &checker::resolve_external_data_location);
++
+   // Submodule `version_converter`
+   auto version_converter = onnx_cpp2py_export.def_submodule("version_converter");
+   version_converter.doc() = "VersionConverter submodule";
+diff --git a/third_party/onnx/onnx/external_data_helper.py b/third_party/onnx/onnx/external_data_helper.py
+index bbc2717fb4c..05c486c621a 100644
+--- a/third_party/onnx/onnx/external_data_helper.py
++++ b/third_party/onnx/onnx/external_data_helper.py
+@@ -8,6 +8,7 @@
+ from itertools import chain
+ from typing import Callable, Iterable, Optional
+ 
++import onnx.onnx_cpp2py_export.checker as c_checker
+ from onnx.onnx_pb import AttributeProto, GraphProto, ModelProto, TensorProto
+ 
+ 
+@@ -39,9 +40,9 @@ def load_external_data_for_tensor(tensor: TensorProto, base_dir: str) -> None:
+         base_dir: directory that contains the external data.
+     """
+     info = ExternalDataInfo(tensor)
+-    file_location = _sanitize_path(info.location)
+-    external_data_file_path = os.path.join(base_dir, file_location)
+-
++    external_data_file_path = c_checker._resolve_external_data_location(  # type: ignore[attr-defined]
++        base_dir, info.location, tensor.name
++    )
+     with open(external_data_file_path, "rb") as data_file:
+         if info.offset:
+             data_file.seek(info.offset)
+@@ -259,14 +260,6 @@ def _get_attribute_tensors(onnx_model_proto: ModelProto) -> Iterable[TensorProto
+     yield from _get_attribute_tensors_from_graph(onnx_model_proto.graph)
+ 
+ 
+-def _sanitize_path(path: str) -> str:
+-    """Remove path components which would allow traversing up a directory tree from a base path.
+-
+-    Note: This method is currently very basic and should be expanded.
+-    """
+-    return path.lstrip("/.")
+-
+-
+ def _is_valid_filename(filename: str) -> bool:
+     """Utility to check whether the provided filename is valid."""
+     exp = re.compile('^[^<>:;,?"*|/]+$')
+diff --git a/third_party/onnx/onnx/test/test_external_data.py b/third_party/onnx/onnx/test/test_external_data.py
+index 63f6b4efedd..bb14d279aff 100644
+--- a/third_party/onnx/onnx/test/test_external_data.py
++++ b/third_party/onnx/onnx/test/test_external_data.py
+@@ -3,6 +3,7 @@
+ # SPDX-License-Identifier: Apache-2.0
+ from __future__ import annotations
+ 
++import itertools
+ import os
+ import pathlib
+ import tempfile
+@@ -204,6 +205,52 @@ def test_save_external_single_file_data(self) -> None:
+         attribute_tensor = new_model.graph.node[0].attribute[0].t
+         np.testing.assert_allclose(to_array(attribute_tensor), self.attribute_value)
+ 
++    @parameterized.parameterized.expand(itertools.product((True, False), (True, False)))
++    def test_save_external_invalid_single_file_data_and_check(
++        self, use_absolute_path: bool, use_model_path: bool
++    ) -> None:
++        model = onnx.load_model(self.model_filename, self.serialization_format)
++
++        model_dir = os.path.join(self.temp_dir, "save_copy")
++        os.mkdir(model_dir)
++
++        traversal_external_data_dir = os.path.join(
++            self.temp_dir, "invlid_external_data"
++        )
++        os.mkdir(traversal_external_data_dir)
++
++        if use_absolute_path:
++            traversal_external_data_location = os.path.join(
++                traversal_external_data_dir, "tensors.bin"
++            )
++        else:
++            traversal_external_data_location = "../invlid_external_data/tensors.bin"
++
++        external_data_dir = os.path.join(self.temp_dir, "external_data")
++        os.mkdir(external_data_dir)
++        new_model_filepath = os.path.join(model_dir, "model.onnx")
++
++        def convert_model_to_external_data_no_check(model: ModelProto, location: str):
++            for tensor in model.graph.initializer:
++                if tensor.HasField("raw_data"):
++                    set_external_data(tensor, location)
++
++        convert_model_to_external_data_no_check(
++            model,
++            location=traversal_external_data_location,
++        )
++
++        onnx.save_model(model, new_model_filepath, self.serialization_format)
++        if use_model_path:
++            with self.assertRaises(onnx.checker.ValidationError):
++                _ = onnx.load_model(new_model_filepath, self.serialization_format)
++        else:
++            onnx_model = onnx.load_model(
++                new_model_filepath, self.serialization_format, load_external_data=False
++            )
++            with self.assertRaises(onnx.checker.ValidationError):
++                load_external_data_for_model(onnx_model, external_data_dir)
++
+ 
+ @parameterized.parameterized_class(
+     [
diff --git a/SPECS/pytorch/pytorch.spec b/SPECS/pytorch/pytorch.spec
index cf4db56fd85..4256781ebbf 100644
--- a/SPECS/pytorch/pytorch.spec
+++ b/SPECS/pytorch/pytorch.spec
@@ -2,7 +2,7 @@
 Summary:        Tensors and Dynamic neural networks in Python with strong GPU acceleration.
 Name:           pytorch
 Version:        2.2.2
-Release:        1%{?dist}
+Release:        2%{?dist}
 License:        BSD-3-Clause
 Vendor:         Microsoft Corporation
 Distribution:   Azure Linux
@@ -24,6 +24,9 @@ BuildRequires:  python3-setuptools
 BuildRequires:  python3-typing-extensions
 BuildRequires:  python3-six
 
+Patch1:         CVE-2024-27318.patch
+Patch2:         CVE-2022-1941.patch
+
 %description
 PyTorch is a Python package that provides two high-level features:
 - Tensor computation (like NumPy) with strong GPU acceleration
@@ -56,7 +59,7 @@ PyTorch is a Python package that provides two high-level features:
 You can reuse your favorite Python packages such as NumPy, SciPy and Cython to extend PyTorch when needed.
 
 %prep
-%autosetup -a 1 -n %{name}-v%{version}
+%autosetup -a 1 -p 1 -n %{name}-v%{version}
 
 %build
 export USE_CUDA=0
@@ -84,6 +87,9 @@ cp -arf docs %{buildroot}/%{_pkgdocdir}
 %{_docdir}/*
 
 %changelog
+* Tue Sep 17 2024 Archana Choudhary <archana1@microsoft.com> - 2.2.2-2
+- patch for CVE-2024-27318, CVE-2022-1941
+
 * Tue Apr 02 2024 Riken Maharjan <rmaharjan@microsoft.com> - 2.2.2-1
 - Upgrade to pytorch 2.2.2
 

From 529f1b03188496eace072a5cc1fbc4600647692b Mon Sep 17 00:00:00 2001
From: Vince Perri <5596945+vinceaperri@users.noreply.github.com>
Date: Fri, 20 Sep 2024 14:41:52 -0400
Subject: [PATCH 04/59] util-linux: Upgrade from 2.39.2 to 2.40.2 (#10497)

---
 SPECS/util-linux/CVE-2024-28085.patch         | 30 -------------------
 SPECS/util-linux/util-linux.signatures.json   |  2 +-
 SPECS/util-linux/util-linux.spec              | 11 +++++--
 cgmanifest.json                               |  8 ++---
 .../manifests/package/pkggen_core_aarch64.txt |  6 ++--
 .../manifests/package/pkggen_core_x86_64.txt  |  6 ++--
 .../manifests/package/toolchain_aarch64.txt   | 10 +++----
 .../manifests/package/toolchain_x86_64.txt    | 10 +++----
 .../container/toolchain-remote-wget-list      |  2 +-
 .../toolchain/container/toolchain-sha256sums  |  2 +-
 .../container/toolchain_build_in_chroot.sh    | 20 ++++++-------
 11 files changed, 41 insertions(+), 66 deletions(-)
 delete mode 100644 SPECS/util-linux/CVE-2024-28085.patch

diff --git a/SPECS/util-linux/CVE-2024-28085.patch b/SPECS/util-linux/CVE-2024-28085.patch
deleted file mode 100644
index e3706d1b539..00000000000
--- a/SPECS/util-linux/CVE-2024-28085.patch
+++ /dev/null
@@ -1,30 +0,0 @@
-From f4f0782f66692112311659086fd552d40d7a6f59 Mon Sep 17 00:00:00 2001
-From: Karel Zak <kzak@redhat.com>
-Date: Thu, 21 Mar 2024 11:16:20 +0100
-Subject: wall: fix escape sequence Injection [CVE-2024-28085]
-
-Let's use for all cases the same output function.
-
-Reported-by: Skyler Ferrante <sjf5462@rit.edu>
-Signed-off-by: Karel Zak <kzak@redhat.com>
-(cherry picked from commit 404b0781f52f7c045ca811b2dceec526408ac253)
----
- term-utils/wall.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/term-utils/wall.c b/term-utils/wall.c
-index 377db45..1e7e9ab 100644
---- a/term-utils/wall.c
-+++ b/term-utils/wall.c
-@@ -328,7 +328,7 @@ static char *makemsg(char *fname, char **mvec, int mvecsz,
- 		int i;
- 
- 		for (i = 0; i < mvecsz; i++) {
--			fputs(mvec[i], fs);
-+			fputs_careful(mvec[i], fs, '^', true, TERM_WIDTH);
- 			if (i < mvecsz - 1)
- 				fputc(' ', fs);
- 		}
--- 
-2.34.1
-
diff --git a/SPECS/util-linux/util-linux.signatures.json b/SPECS/util-linux/util-linux.signatures.json
index 1c12f9b79ef..7126b9fd8bc 100644
--- a/SPECS/util-linux/util-linux.signatures.json
+++ b/SPECS/util-linux/util-linux.signatures.json
@@ -4,6 +4,6 @@
   "runuser-l": "406d5056ad272301d0523c35c0b4608dfd388db895656fa1a04e20d13fff9340",
   "su": "95d3c92017809b11a24f456cc5bc16bf2174380f97942d435314ef24fab75885",
   "su-l": "4d10241676e97e5e8d8935e5c8e8f6cb2f871afb881059715f155909be9ebd77",
-  "util-linux-2.39.2.tar.xz": "87abdfaa8e490f8be6dde976f7c80b9b5ff9f301e1b67e3899e1f05a59a1531f"
+  "util-linux-2.40.2.tar.xz": "d78b37a66f5922d70edf3bdfb01a6b33d34ed3c3cafd6628203b2a2b67c8e8b3"
  }
 }
diff --git a/SPECS/util-linux/util-linux.spec b/SPECS/util-linux/util-linux.spec
index 5ff68a50fe4..349c9d6263a 100644
--- a/SPECS/util-linux/util-linux.spec
+++ b/SPECS/util-linux/util-linux.spec
@@ -1,8 +1,8 @@
 %define majminorver %(echo %{version} | cut -d. -f1-2)
 Summary:        Utilities for file systems, consoles, partitions, and messages
 Name:           util-linux
-Version:        2.39.2
-Release:        2%{?dist}
+Version:        2.40.2
+Release:        1%{?dist}
 License:        GPLv2+
 Vendor:         Microsoft Corporation
 Distribution:   Azure Linux
@@ -13,7 +13,6 @@ Source1:        runuser
 Source2:        runuser-l
 Source3:        su
 Source4:        su-l
-Patch0:         CVE-2024-28085.patch
 BuildRequires:  audit-devel
 BuildRequires:  libcap-ng-devel
 BuildRequires:  libselinux-devel
@@ -78,6 +77,7 @@ autoreconf -fi
     --disable-silent-rules \
     --disable-static \
     --disable-use-tty-group \
+    --disable-liblastlog2 \
     --without-python \
     --with-selinux \
     --with-audit
@@ -152,6 +152,11 @@ rm -rf %{buildroot}/lib/systemd/system
 %{_mandir}/man3/*
 
 %changelog
+* Wed Sep 18 2024 Vince Perri <viperri@microsoft.com> - 2.40.2-1
+- Upgrade to 2.40.2:
+-   Added --disable-liblastlog2 to avoid building new liblastlog2 libraries
+-   Removed CVE-2024-28085 patch as it is fixed in 2.40.2
+
 * Mon Sep 09 2024 Harshit Gupta <guptaharshit@microsoft.com> - 2.39.2-2
 - Fix CVE-2024-28085 by adding patch
 
diff --git a/cgmanifest.json b/cgmanifest.json
index 91edc218d53..693c700a363 100644
--- a/cgmanifest.json
+++ b/cgmanifest.json
@@ -16723,8 +16723,8 @@
         "type": "other",
         "other": {
           "name": "perl-DateTime-TimeZone",
-          "version": "2.39",
-          "downloadUrl": "https://cpan.metacpan.org/authors/id/D/DR/DROLSKY/DateTime-TimeZone-2.39.tar.gz"
+          "version": "2.40",
+          "downloadUrl": "https://cpan.metacpan.org/authors/id/D/DR/DROLSKY/DateTime-TimeZone-2.40.tar.gz"
         }
       }
     },
@@ -29166,8 +29166,8 @@
         "type": "other",
         "other": {
           "name": "util-linux",
-          "version": "2.39.2",
-          "downloadUrl": "https://mirrors.edge.kernel.org/pub/linux/utils/util-linux/v2.39/util-linux-2.39.2.tar.xz"
+          "version": "2.40.2",
+          "downloadUrl": "https://mirrors.edge.kernel.org/pub/linux/utils/util-linux/v2.40/util-linux-2.40.2.tar.xz"
         }
       }
     },
diff --git a/toolkit/resources/manifests/package/pkggen_core_aarch64.txt b/toolkit/resources/manifests/package/pkggen_core_aarch64.txt
index 398a4d79cd5..e097b6e869d 100644
--- a/toolkit/resources/manifests/package/pkggen_core_aarch64.txt
+++ b/toolkit/resources/manifests/package/pkggen_core_aarch64.txt
@@ -70,9 +70,9 @@ make-4.4.1-2.azl3.aarch64.rpm
 patch-2.7.6-9.azl3.aarch64.rpm
 libcap-ng-0.8.4-1.azl3.aarch64.rpm
 libcap-ng-devel-0.8.4-1.azl3.aarch64.rpm
-util-linux-2.39.2-2.azl3.aarch64.rpm
-util-linux-devel-2.39.2-2.azl3.aarch64.rpm
-util-linux-libs-2.39.2-2.azl3.aarch64.rpm
+util-linux-2.40.2-1.azl3.aarch64.rpm
+util-linux-devel-2.40.2-1.azl3.aarch64.rpm
+util-linux-libs-2.40.2-1.azl3.aarch64.rpm
 tar-1.35-1.azl3.aarch64.rpm
 xz-5.4.4-1.azl3.aarch64.rpm
 xz-devel-5.4.4-1.azl3.aarch64.rpm
diff --git a/toolkit/resources/manifests/package/pkggen_core_x86_64.txt b/toolkit/resources/manifests/package/pkggen_core_x86_64.txt
index cf19de5ce84..61f7304343e 100644
--- a/toolkit/resources/manifests/package/pkggen_core_x86_64.txt
+++ b/toolkit/resources/manifests/package/pkggen_core_x86_64.txt
@@ -70,9 +70,9 @@ make-4.4.1-2.azl3.x86_64.rpm
 patch-2.7.6-9.azl3.x86_64.rpm
 libcap-ng-0.8.4-1.azl3.x86_64.rpm
 libcap-ng-devel-0.8.4-1.azl3.x86_64.rpm
-util-linux-2.39.2-2.azl3.x86_64.rpm
-util-linux-devel-2.39.2-2.azl3.x86_64.rpm
-util-linux-libs-2.39.2-2.azl3.x86_64.rpm
+util-linux-2.40.2-1.azl3.x86_64.rpm
+util-linux-devel-2.40.2-1.azl3.x86_64.rpm
+util-linux-libs-2.40.2-1.azl3.x86_64.rpm
 tar-1.35-1.azl3.x86_64.rpm
 xz-5.4.4-1.azl3.x86_64.rpm
 xz-devel-5.4.4-1.azl3.x86_64.rpm
diff --git a/toolkit/resources/manifests/package/toolchain_aarch64.txt b/toolkit/resources/manifests/package/toolchain_aarch64.txt
index 682cd8612f0..714c1e64771 100644
--- a/toolkit/resources/manifests/package/toolchain_aarch64.txt
+++ b/toolkit/resources/manifests/package/toolchain_aarch64.txt
@@ -596,11 +596,11 @@ texinfo-7.0.3-1.azl3.aarch64.rpm
 texinfo-debuginfo-7.0.3-1.azl3.aarch64.rpm
 unzip-6.0-20.azl3.aarch64.rpm
 unzip-debuginfo-6.0-20.azl3.aarch64.rpm
-util-linux-2.39.2-2.azl3.aarch64.rpm
-util-linux-debuginfo-2.39.2-2.azl3.aarch64.rpm
-util-linux-devel-2.39.2-2.azl3.aarch64.rpm
-util-linux-lang-2.39.2-2.azl3.aarch64.rpm
-util-linux-libs-2.39.2-2.azl3.aarch64.rpm
+util-linux-2.40.2-1.azl3.aarch64.rpm
+util-linux-debuginfo-2.40.2-1.azl3.aarch64.rpm
+util-linux-devel-2.40.2-1.azl3.aarch64.rpm
+util-linux-lang-2.40.2-1.azl3.aarch64.rpm
+util-linux-libs-2.40.2-1.azl3.aarch64.rpm
 which-2.21-8.azl3.aarch64.rpm
 which-debuginfo-2.21-8.azl3.aarch64.rpm
 xz-5.4.4-1.azl3.aarch64.rpm
diff --git a/toolkit/resources/manifests/package/toolchain_x86_64.txt b/toolkit/resources/manifests/package/toolchain_x86_64.txt
index d86beafc4e5..b5827a34ade 100644
--- a/toolkit/resources/manifests/package/toolchain_x86_64.txt
+++ b/toolkit/resources/manifests/package/toolchain_x86_64.txt
@@ -602,11 +602,11 @@ texinfo-7.0.3-1.azl3.x86_64.rpm
 texinfo-debuginfo-7.0.3-1.azl3.x86_64.rpm
 unzip-6.0-20.azl3.x86_64.rpm
 unzip-debuginfo-6.0-20.azl3.x86_64.rpm
-util-linux-2.39.2-2.azl3.x86_64.rpm
-util-linux-debuginfo-2.39.2-2.azl3.x86_64.rpm
-util-linux-devel-2.39.2-2.azl3.x86_64.rpm
-util-linux-lang-2.39.2-2.azl3.x86_64.rpm
-util-linux-libs-2.39.2-2.azl3.x86_64.rpm
+util-linux-2.40.2-1.azl3.x86_64.rpm
+util-linux-debuginfo-2.40.2-1.azl3.x86_64.rpm
+util-linux-devel-2.40.2-1.azl3.x86_64.rpm
+util-linux-lang-2.40.2-1.azl3.x86_64.rpm
+util-linux-libs-2.40.2-1.azl3.x86_64.rpm
 which-2.21-8.azl3.x86_64.rpm
 which-debuginfo-2.21-8.azl3.x86_64.rpm
 xz-5.4.4-1.azl3.x86_64.rpm
diff --git a/toolkit/scripts/toolchain/container/toolchain-remote-wget-list b/toolkit/scripts/toolchain/container/toolchain-remote-wget-list
index 1a379c52ad9..37d81629b7d 100644
--- a/toolkit/scripts/toolchain/container/toolchain-remote-wget-list
+++ b/toolkit/scripts/toolchain/container/toolchain-remote-wget-list
@@ -58,5 +58,5 @@ https://pypi.org/packages/source/w/wheel/wheel-0.42.0.tar.gz
 https://pypi.org/packages/source/f/flit-core/flit_core-3.9.0.tar.gz
 https://ftp.gnu.org/gnu/sed/sed-4.9.tar.xz
 https://www.sqlite.org/2023/sqlite-autoconf-3440000.tar.gz
-https://mirrors.edge.kernel.org/pub/linux/utils/util-linux/v2.39/util-linux-2.39.2.tar.xz
+https://mirrors.edge.kernel.org/pub/linux/utils/util-linux/v2.40/util-linux-2.40.2.tar.xz
 https://github.com/facebook/zstd/releases/download/v1.5.5/zstd-1.5.5.tar.gz
diff --git a/toolkit/scripts/toolchain/container/toolchain-sha256sums b/toolkit/scripts/toolchain/container/toolchain-sha256sums
index 1a8329d7651..4bd53d2db2f 100644
--- a/toolkit/scripts/toolchain/container/toolchain-sha256sums
+++ b/toolkit/scripts/toolchain/container/toolchain-sha256sums
@@ -56,7 +56,7 @@ be1af57fc409f93647f2e8e4573a142ed38724b8cdd389706a867bb4efcf1e78  setuptools-69.
 b9cd386e7cd22af6e0d2a0f06d0404951e1bef109e42ea06cc0450e10cd15550  sqlite-autoconf-3440000.tar.gz
 4d62ff37342ec7aed748535323930c7cf94acf71c3591882b26a7ea50f3edc16  tar-1.35.tar.xz
 74b420d09d7f528e84f97aa330f0dd69a98a6053e7a4e01767eed115038807bf  texinfo-7.0.3.tar.xz
-87abdfaa8e490f8be6dde976f7c80b9b5ff9f301e1b67e3899e1f05a59a1531f  util-linux-2.39.2.tar.xz
+d78b37a66f5922d70edf3bdfb01a6b33d34ed3c3cafd6628203b2a2b67c8e8b3  util-linux-2.40.2.tar.xz
 c45be39f7882c9d34243236f2d63cbd58039e360f85d0913425fbd7ceea617a8  wheel-0.42.0.tar.gz
 705d0d96e94e1840e64dec75fc8d5832d34f6649833bec1ced9c3e08cf88132e  xz-5.4.4.tar.xz
 38ef96b8dfe510d42707d9c781877914792541133e1870841463bfa73f883e32  zlib-1.3.1.tar.xz
diff --git a/toolkit/scripts/toolchain/container/toolchain_build_in_chroot.sh b/toolkit/scripts/toolchain/container/toolchain_build_in_chroot.sh
index 23d2fb86305..85fb1ab1e24 100755
--- a/toolkit/scripts/toolchain/container/toolchain_build_in_chroot.sh
+++ b/toolkit/scripts/toolchain/container/toolchain_build_in_chroot.sh
@@ -98,14 +98,14 @@ popd
 rm -rf texinfo-7.0.3
 touch /logs/status_texinfo_complete
 
-echo util-linux-2.39.2
-tar xf util-linux-2.39.2.tar.xz
-pushd util-linux-2.39.2
+echo util-linux-2.40.2
+tar xf util-linux-2.40.2.tar.xz
+pushd util-linux-2.40.2
 mkdir -pv /var/lib/hwclock
 ./configure ADJTIME_PATH=/var/lib/hwclock/adjtime \
             --libdir=/usr/lib    \
             --runstatedir=/run   \
-            --docdir=/usr/share/doc/util-linux-2.39.2 \
+            --docdir=/usr/share/doc/util-linux-2.40.2 \
             --disable-chfn-chsh  \
             --disable-login      \
             --disable-nologin    \
@@ -118,7 +118,7 @@ mkdir -pv /var/lib/hwclock
 make -j$(nproc)
 make install
 popd
-rm -rf util-linux-2.39.2
+rm -rf util-linux-2.40.2
 touch /logs/status_util-linux_complete
 
 # 7.13. Cleaning up and Saving the Temporary System
@@ -822,9 +822,9 @@ popd
 rm -rf procps-ng-4.0.4
 touch /logs/status_procpsng_complete
 
-echo util-linux-2.39.2
-tar xf util-linux-2.39.2.tar.xz
-pushd util-linux-2.39.2
+echo util-linux-2.40.2
+tar xf util-linux-2.40.2.tar.xz
+pushd util-linux-2.40.2
 ./configure ADJTIME_PATH=/var/lib/hwclock/adjtime \
             --bindir=/usr/bin    \
             --libdir=/usr/lib    \
@@ -841,11 +841,11 @@ pushd util-linux-2.39.2
             --without-python     \
             --without-systemd    \
             --without-systemdsystemunitdir \
-            --docdir=/usr/share/doc/util-linux-2.39.2
+            --docdir=/usr/share/doc/util-linux-2.40.2
 make -j$(nproc)
 make install
 popd
-rm -rf util-linux-2.39.2
+rm -rf util-linux-2.40.2
 touch /logs/status_util-linux_complete
 
 #

From 6264bcb1046103b85fb0986a5423ec4936da756d Mon Sep 17 00:00:00 2001
From: CBL-Mariner-Bot <75509084+CBL-Mariner-Bot@users.noreply.github.com>
Date: Fri, 20 Sep 2024 14:42:17 -0400
Subject: [PATCH 05/59] [AUTO-CHERRYPICK] Upgrade cert-manager to 1.12.13 to
 get upstream patches for CVE-2024-25620 and CVE-2024-26147 - branch 3.0-dev
 (#10478)

Co-authored-by: Jiri Appl <jiria@microsoft.com>
Co-authored-by: Pawel Winogrodzki <pawelwi@microsoft.com>
---
 SPECS/cert-manager/CVE-2024-25620.patch       | 110 ------------------
 SPECS/cert-manager/CVE-2024-6104.patch        |  80 -------------
 .../cert-manager/cert-manager.signatures.json |   6 +-
 SPECS/cert-manager/cert-manager.spec          |  12 +-
 cgmanifest.json                               |   4 +-
 5 files changed, 9 insertions(+), 203 deletions(-)
 delete mode 100644 SPECS/cert-manager/CVE-2024-25620.patch
 delete mode 100644 SPECS/cert-manager/CVE-2024-6104.patch

diff --git a/SPECS/cert-manager/CVE-2024-25620.patch b/SPECS/cert-manager/CVE-2024-25620.patch
deleted file mode 100644
index cf31fc0371c..00000000000
--- a/SPECS/cert-manager/CVE-2024-25620.patch
+++ /dev/null
@@ -1,110 +0,0 @@
-From e90f3034faa9a6a23131df5665570d221e3092f3 Mon Sep 17 00:00:00 2001
-From: Bhagyashri Pathak <bhapathak@microsoft.com>
-Date: Thu, 8 Aug 2024 10:27:21 +0530
-Subject: [PATCH] CVE-2024-25620 patch 
-
----
- cmd/ctl/vendor/helm.sh/helm/v3/pkg/chart/metadata.go  |  4 ++++
- .../helm.sh/helm/v3/pkg/chartutil/errors.go   |  8 ++++++++
- cmd/ctl/vendor/helm.sh/helm/v3/pkg/chartutil/save.go  | 20 +++++++++++++++++++
- .../helm/v3/pkg/lint/rules/chartfile.go       |  4 ++++
- 4 files changed, 36 insertions(+)
-
-diff --git a/cmd/ctl/vendor/helm.sh/helm/v3/pkg/chart/metadata.go b/cmd/ctl/vendor/helm.sh/helm/v3/pkg/chart/metadata.go
-index ae572ab..3834b4c 100644
---- a/cmd/ctl/vendor/helm.sh/helm/v3/pkg/chart/metadata.go
-+++ b/cmd/ctl/vendor/helm.sh/helm/v3/pkg/chart/metadata.go
-@@ -16,6 +16,7 @@ limitations under the License.
- package chart
-
- import (
-+	"path/filepath"
- 	"strings"
- 	"unicode"
-
-@@ -110,6 +111,9 @@ func (md *Metadata) Validate() error {
- 	if md.Name == "" {
- 		return ValidationError("chart.metadata.name is required")
- 	}
-+	if md.Name != filepath.Base(md.Name) {
-+		return ValidationErrorf("chart.metadata.name %q is invalid", md.Name)
-+	}
- 	if md.Version == "" {
- 		return ValidationError("chart.metadata.version is required")
- 	}
-diff --git a/cmd/ctl/vendor/helm.sh/helm/v3/pkg/chartutil/errors.go b/cmd/ctl/vendor/helm.sh/helm/v3/pkg/chartutil/errors.go
-index fcdcc27..0a4046d 100644
---- a/cmd/ctl/vendor/helm.sh/helm/v3/pkg/chartutil/errors.go
-+++ b/cmd/ctl/vendor/helm.sh/helm/v3/pkg/chartutil/errors.go
-@@ -33,3 +33,11 @@ type ErrNoValue struct {
- }
-
- func (e ErrNoValue) Error() string { return fmt.Sprintf("%q is not a value", e.Key) }
-+
-+type ErrInvalidChartName struct {
-+	Name string
-+}
-+
-+func (e ErrInvalidChartName) Error() string {
-+	return fmt.Sprintf("%q is not a valid chart name", e.Name)
-+}
-diff --git a/cmd/ctl/vendor/helm.sh/helm/v3/pkg/chartutil/save.go b/cmd/ctl/vendor/helm.sh/helm/v3/pkg/chartutil/save.go
-index 2ce4edd..4ee9070 100644
---- a/cmd/ctl/vendor/helm.sh/helm/v3/pkg/chartutil/save.go
-+++ b/cmd/ctl/vendor/helm.sh/helm/v3/pkg/chartutil/save.go
-@@ -39,6 +39,10 @@ var headerBytes = []byte("+aHR0cHM6Ly95b3V0dS5iZS96OVV6MWljandyTQo=")
- // directory, writing the chart's contents to that subdirectory.
- func SaveDir(c *chart.Chart, dest string) error {
- 	// Create the chart directory
-+	err := validateName(c.Name())
-+	if err != nil {
-+		return err
-+	}
- 	outdir := filepath.Join(dest, c.Name())
- 	if fi, err := os.Stat(outdir); err == nil && !fi.IsDir() {
- 		return errors.Errorf("file %s already exists and is not a directory", outdir)
-@@ -149,6 +153,10 @@ func Save(c *chart.Chart, outDir string) (string, error) {
- }
-
- func writeTarContents(out *tar.Writer, c *chart.Chart, prefix string) error {
-+	err := validateName(c.Name())
-+	if err != nil {
-+		return err
-+	}
- 	base := filepath.Join(prefix, c.Name())
-
- 	// Pull out the dependencies of a v1 Chart, since there's no way
-@@ -242,3 +250,15 @@ func writeToTar(out *tar.Writer, name string, body []byte) error {
- 	_, err := out.Write(body)
- 	return err
- }
-+
-+// If the name has directory name has characters which would change the location
-+// they need to be removed.
-+func validateName(name string) error {
-+	nname := filepath.Base(name)
-+
-+	if nname != name {
-+		return ErrInvalidChartName{name}
-+	}
-+
-+	return nil
-+}
-diff --git a/cmd/ctl/vendor/helm.sh/helm/v3/pkg/lint/rules/chartfile.go b/cmd/ctl/vendor/helm.sh/helm/v3/pkg/lint/rules/chartfile.go
-index b49f2ce..f8f033c 100644
---- a/cmd/ctl/vendor/helm.sh/helm/v3/pkg/lint/rules/chartfile.go
-+++ b/cmd/ctl/vendor/helm.sh/helm/v3/pkg/lint/rules/chartfile.go
-@@ -107,6 +107,10 @@ func validateChartName(cf *chart.Metadata) error {
- 	if cf.Name == "" {
- 		return errors.New("name is required")
- 	}
-+	name := filepath.Base(cf.Name)
-+	if name != cf.Name {
-+		return fmt.Errorf("chart name %q is invalid", cf.Name)
-+	}
- 	return nil
- }
-
--- 
-2.34.1
-
diff --git a/SPECS/cert-manager/CVE-2024-6104.patch b/SPECS/cert-manager/CVE-2024-6104.patch
deleted file mode 100644
index ff411d8e729..00000000000
--- a/SPECS/cert-manager/CVE-2024-6104.patch
+++ /dev/null
@@ -1,80 +0,0 @@
-From 002323062ceaa0e3a46f72bc7598c8f144b18bd5 Mon Sep 17 00:00:00 2001
-From: Balakumaran Kannan <kumaran.4353@gmail.com>
-Date: Tue, 27 Aug 2024 08:31:02 +0000
-Subject: [PATCH] Fix CVE-2024-6104 by patching vendor go module
-
----
- .../hashicorp/go-retryablehttp/client.go      | 27 ++++++++++++++-----
- 1 file changed, 20 insertions(+), 7 deletions(-)
-
-diff --git a/cmd/controller/vendor/github.com/hashicorp/go-retryablehttp/client.go b/cmd/controller/vendor/github.com/hashicorp/go-retryablehttp/client.go
-index f40d241..7a7d5f1 100644
---- a/cmd/controller/vendor/github.com/hashicorp/go-retryablehttp/client.go
-+++ b/cmd/controller/vendor/github.com/hashicorp/go-retryablehttp/client.go
-@@ -584,9 +584,9 @@ func (c *Client) Do(req *Request) (*http.Response, error) {
- 	if logger != nil {
- 		switch v := logger.(type) {
- 		case LeveledLogger:
--			v.Debug("performing request", "method", req.Method, "url", req.URL)
-+			v.Debug("performing request", "method", req.Method, "url", redactURL(req.URL))
- 		case Logger:
--			v.Printf("[DEBUG] %s %s", req.Method, req.URL)
-+			v.Printf("[DEBUG] %s %s", req.Method, redactURL(req.URL))
- 		}
- 	}
- 
-@@ -641,9 +641,9 @@ func (c *Client) Do(req *Request) (*http.Response, error) {
- 		if err != nil {
- 			switch v := logger.(type) {
- 			case LeveledLogger:
--				v.Error("request failed", "error", err, "method", req.Method, "url", req.URL)
-+				v.Error("request failed", "error", err, "method", req.Method, "url", redactURL(req.URL))
- 			case Logger:
--				v.Printf("[ERR] %s %s request failed: %v", req.Method, req.URL, err)
-+				v.Printf("[ERR] %s %s request failed: %v", req.Method, redactURL(req.URL), err)
- 			}
- 		} else {
- 			// Call this here to maintain the behavior of logging all requests,
-@@ -679,7 +679,7 @@ func (c *Client) Do(req *Request) (*http.Response, error) {
- 
- 		wait := c.Backoff(c.RetryWaitMin, c.RetryWaitMax, i, resp)
- 		if logger != nil {
--			desc := fmt.Sprintf("%s %s", req.Method, req.URL)
-+			desc := fmt.Sprintf("%s %s", req.Method, redactURL(req.URL))
- 			if resp != nil {
- 				desc = fmt.Sprintf("%s (status: %d)", desc, resp.StatusCode)
- 			}
-@@ -735,11 +735,11 @@ func (c *Client) Do(req *Request) (*http.Response, error) {
- 	// communicate why
- 	if err == nil {
- 		return nil, fmt.Errorf("%s %s giving up after %d attempt(s)",
--			req.Method, req.URL, attempt)
-+			req.Method, redactURL(req.URL), attempt)
- 	}
- 
- 	return nil, fmt.Errorf("%s %s giving up after %d attempt(s): %w",
--		req.Method, req.URL, attempt, err)
-+		req.Method, redactURL(req.URL), attempt, err)
- }
- 
- // Try to read the response body so we can reuse this connection.
-@@ -820,3 +820,16 @@ func (c *Client) StandardClient() *http.Client {
- 		Transport: &RoundTripper{Client: c},
- 	}
- }
-+
-+// Taken from url.URL#Redacted() which was introduced in go 1.15.
-+func redactURL(u *url.URL) string {
-+	if u == nil {
-+		return ""
-+	}
-+
-+	ru := *u
-+	if _, has := ru.User.Password(); has {
-+		ru.User = url.UserPassword(ru.User.Username(), "xxxxx")
-+	}
-+	return ru.String()
-+}
--- 
-2.33.8
-
diff --git a/SPECS/cert-manager/cert-manager.signatures.json b/SPECS/cert-manager/cert-manager.signatures.json
index 5623d96b025..c5eac87f0e1 100644
--- a/SPECS/cert-manager/cert-manager.signatures.json
+++ b/SPECS/cert-manager/cert-manager.signatures.json
@@ -1,6 +1,6 @@
 {
  "Signatures": {
-  "cert-manager-1.12.12-vendor.tar.gz": "eb2c70859fb2b73880f682e0c69eaeeec523481f94386b7d0150440799d7eecc",
-  "cert-manager-1.12.12.tar.gz": "2bdcc466ed77457616ea8732d002c4985524998da2c3dcc579d6e8f2af708484"
+  "cert-manager-1.12.13-vendor.tar.gz": "18894907e56205351f148a1aae828db6752d1189557d618720d782295abe4f84",
+  "cert-manager-1.12.13.tar.gz": "1bd650f7d066f98e2566397787caf938737c64ef4ab41284246acaffcdac7eb1"
  }
-}
+}
\ No newline at end of file
diff --git a/SPECS/cert-manager/cert-manager.spec b/SPECS/cert-manager/cert-manager.spec
index c9eaf233b73..777e932403a 100644
--- a/SPECS/cert-manager/cert-manager.spec
+++ b/SPECS/cert-manager/cert-manager.spec
@@ -1,7 +1,7 @@
 Summary:        Automatically provision and manage TLS certificates in Kubernetes
 Name:           cert-manager
-Version:        1.12.12
-Release:        3%{?dist}
+Version:        1.12.13
+Release:        1%{?dist}
 License:        ASL 2.0
 Vendor:         Microsoft Corporation
 Distribution:   Azure Linux
@@ -13,8 +13,6 @@ Source0:        https://github.com/jetstack/%{name}/archive/refs/tags/v%{version
 # 1. wget https://github.com/jetstack/%%{name}/archive/refs/tags/v%%{version}.tar.gz -O %%{name}-%%{version}.tar.gz
 # 2. <repo-root>/SPECS/cert-manager/generate_source_tarball.sh --srcTarball %%{name}-%%{version}.tar.gz --pkgVersion %%{version}
 Source1:        %{name}-%{version}-vendor.tar.gz
-Patch0:         CVE-2024-25620.patch
-Patch1:         CVE-2024-6104.patch
 BuildRequires:  golang
 Requires:       %{name}-acmesolver
 Requires:       %{name}-cainjector
@@ -60,8 +58,6 @@ Webhook component providing API validation, mutation and conversion functionalit
 
 %prep
 %setup -q -a 1
-%autopatch -p1
-
 
 %build
 
@@ -107,8 +103,8 @@ install -D -m0755 bin/webhook %{buildroot}%{_bindir}/
 %{_bindir}/webhook
 
 %changelog
-* Thu Aug 01 2024 Bala <balakumaran.kannan@microsoft.com> - 1.12.12-3
-- Patch for CVE-2024-6104
+* Mon Sep 16 2024 Jiri Appl <jiria@microsoft.com> - 1.12.13-1
+- Upgrade to 1.12.13 which carries helm 3.14.2 to fix CVE-2024-26147 and CVE-2024-25620
 
 * Wed Aug 07 2024 Bhagyashri Pathak <bhapathak@microsoft.com> - 1.12.12-2
 - Patch for CVE-2024-25620
diff --git a/cgmanifest.json b/cgmanifest.json
index 693c700a363..eeafae51245 100644
--- a/cgmanifest.json
+++ b/cgmanifest.json
@@ -1547,8 +1547,8 @@
         "type": "other",
         "other": {
           "name": "cert-manager",
-          "version": "1.12.12",
-          "downloadUrl": "https://github.com/jetstack/cert-manager/archive/refs/tags/v1.12.12.tar.gz"
+          "version": "1.12.13",
+          "downloadUrl": "https://github.com/jetstack/cert-manager/archive/refs/tags/v1.12.13.tar.gz"
         }
       }
     },

From aac994a04f33017c022a0ea5416a8f4db0895e99 Mon Sep 17 00:00:00 2001
From: Sumedh Alok Sharma <sumsharma@microsoft.com>
Date: Mon, 23 Sep 2024 11:06:24 +0530
Subject: [PATCH 06/59] Patch gdk-pixbuf2 for CVE-2022-48622 (#10504)

---
 SPECS/gdk-pixbuf2/CVE-2022-48622.patch | 112 +++++++++++++++++++++++++
 SPECS/gdk-pixbuf2/gdk-pixbuf2.spec     |   7 +-
 2 files changed, 117 insertions(+), 2 deletions(-)
 create mode 100755 SPECS/gdk-pixbuf2/CVE-2022-48622.patch

diff --git a/SPECS/gdk-pixbuf2/CVE-2022-48622.patch b/SPECS/gdk-pixbuf2/CVE-2022-48622.patch
new file mode 100755
index 00000000000..8037edfda8e
--- /dev/null
+++ b/SPECS/gdk-pixbuf2/CVE-2022-48622.patch
@@ -0,0 +1,112 @@
+From 00c071dd11f723ca608608eef45cb1aa98da89cc Mon Sep 17 00:00:00 2001
+From: Benjamin Gilbert <bgilbert@backtick.net>
+Date: Tue, 30 Apr 2024 07:26:54 -0500
+Subject: [PATCH 1/3] ANI: Reject files with multiple anih chunks
+
+An anih chunk causes us to initialize a bunch of state, which we only
+expect to do once per file.
+
+Fixes: #202
+Fixes: CVE-2022-48622
+---
+ gdk-pixbuf/io-ani.c                       |   9 +++++++++
+ 1 file changed, 9 insertions(+)
+
+diff --git a/gdk-pixbuf/io-ani.c b/gdk-pixbuf/io-ani.c
+index c6c4642cf4..a78ea7ace4 100644
+--- a/gdk-pixbuf/io-ani.c
++++ b/gdk-pixbuf/io-ani.c
+@@ -295,6 +295,15 @@ ani_load_chunk (AniLoaderContext *context, GError **error)
+         
+         if (context->chunk_id == TAG_anih) 
+ 	{
++		if (context->animation)
++		{
++			g_set_error_literal (error,
++                                             GDK_PIXBUF_ERROR,
++                                             GDK_PIXBUF_ERROR_CORRUPT_IMAGE,
++                                             _("Invalid header in animation"));
++			return FALSE;
++		}
++
+ 		context->HeaderSize = read_int32 (context);
+ 		context->NumFrames = read_int32 (context);
+ 		context->NumSteps = read_int32 (context);
+-- 
+GitLab
+
+
+From d52134373594ff76614fb415125b0d1c723ddd56 Mon Sep 17 00:00:00 2001
+From: Benjamin Gilbert <bgilbert@backtick.net>
+Date: Tue, 30 Apr 2024 07:13:37 -0500
+Subject: [PATCH 2/3] ANI: Reject files with multiple INAM or IART chunks
+
+There should be at most one chunk each.  These would cause memory leaks
+otherwise.
+---
+ gdk-pixbuf/io-ani.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/gdk-pixbuf/io-ani.c b/gdk-pixbuf/io-ani.c
+index a78ea7ace4..8e8414117c 100644
+--- a/gdk-pixbuf/io-ani.c
++++ b/gdk-pixbuf/io-ani.c
+@@ -445,7 +445,7 @@ ani_load_chunk (AniLoaderContext *context, GError **error)
+ 	}
+         else if (context->chunk_id == TAG_INAM) 
+ 	{
+-		if (!context->animation) 
++		if (!context->animation || context->title)
+ 		{
+ 			g_set_error_literal (error,
+                                              GDK_PIXBUF_ERROR,
+@@ -472,7 +472,7 @@ ani_load_chunk (AniLoaderContext *context, GError **error)
+ 	}
+         else if (context->chunk_id == TAG_IART) 
+ 	{
+-		if (!context->animation) 
++		if (!context->animation || context->author)
+ 		{
+ 			g_set_error_literal (error,
+                                              GDK_PIXBUF_ERROR,
+-- 
+GitLab
+
+
+From 91b8aa5cd8a0eea28acb51f0e121827ca2e7eb78 Mon Sep 17 00:00:00 2001
+From: Benjamin Gilbert <bgilbert@backtick.net>
+Date: Tue, 30 Apr 2024 08:17:25 -0500
+Subject: [PATCH 3/3] ANI: Validate anih chunk size
+
+Before reading a chunk, we verify that enough bytes are available to match
+the chunk size declared by the file.  However, uniquely, the anih chunk
+loader doesn't verify that this size matches the number of bytes it
+actually intends to read.  Thus, if the chunk size is too small and the
+file ends in the middle of the chunk, we populate some context fields with
+stack garbage.  (But we'd still fail later on because the file doesn't
+contain any images.)  Fix this.
+---
+ gdk-pixbuf/io-ani.c | 8 ++++++++
+ 1 file changed, 8 insertions(+)
+
+diff --git a/gdk-pixbuf/io-ani.c b/gdk-pixbuf/io-ani.c
+index 8e8414117c..cfafd7b196 100644
+--- a/gdk-pixbuf/io-ani.c
++++ b/gdk-pixbuf/io-ani.c
+@@ -295,6 +295,14 @@ ani_load_chunk (AniLoaderContext *context, GError **error)
+         
+         if (context->chunk_id == TAG_anih) 
+ 	{
++		if (context->chunk_size < 36)
++		{
++			g_set_error_literal (error,
++                                             GDK_PIXBUF_ERROR,
++                                             GDK_PIXBUF_ERROR_CORRUPT_IMAGE,
++                                             _("Malformed chunk in animation"));
++			return FALSE;
++		}
+ 		if (context->animation)
+ 		{
+ 			g_set_error_literal (error,
+-- 
+GitLab
diff --git a/SPECS/gdk-pixbuf2/gdk-pixbuf2.spec b/SPECS/gdk-pixbuf2/gdk-pixbuf2.spec
index 688d92af1dc..0da9c1a3587 100644
--- a/SPECS/gdk-pixbuf2/gdk-pixbuf2.spec
+++ b/SPECS/gdk-pixbuf2/gdk-pixbuf2.spec
@@ -2,13 +2,13 @@
 Summary:        An image loading library
 Name:           gdk-pixbuf2
 Version:        2.42.10
-Release:        1%{?dist}
+Release:        2%{?dist}
 License:        LGPLv2+
 Vendor:         Microsoft Corporation
 Distribution:   Azure Linux
 URL:            https://gitlab.gnome.org/GNOME/gdk-pixbuf
 Source0:        https://download.gnome.org/sources/gdk-pixbuf/2.42/gdk-pixbuf-%{version}.tar.xz
-
+Patch0:         CVE-2022-48622.patch
 BuildRequires:  %{_bindir}/rst2man
 BuildRequires:  gettext
 BuildRequires:  libjpeg-devel
@@ -115,6 +115,9 @@ gdk-pixbuf-query-loaders-%{__isa_bits} --update-cache
 %{_datadir}/installed-tests
 
 %changelog
+* Thu Sep 19 2024 Sumedh Sharma <sumsharma@microsoft.com> - 2.42.10-2
+- Add patch for CVE-2022-48622
+
 * Thu Feb 15 2024 Yash Panchal <yashpanchal@microsoft.com> - 2.42.10-1
 - Update to 2.42.10
 

From 51efe8886726877acbb8fd98b0c59e0c7bf14cc2 Mon Sep 17 00:00:00 2001
From: sallhms <v-nsallh@microsoft.com>
Date: Mon, 23 Sep 2024 16:48:08 +0530
Subject: [PATCH 07/59] Add package php-pecl-apcu v5.1.23 (#10445)

---
 LICENSES-AND-NOTICES/SPECS/LICENSES-MAP.md    |   2 +-
 LICENSES-AND-NOTICES/SPECS/data/licenses.json |   1 +
 SPECS/php-pecl-apcu/apcu-panel.conf           |   9 +
 SPECS/php-pecl-apcu/apcu.conf.php             |  23 +
 SPECS/php-pecl-apcu/apcu.ini                  |  63 +++
 .../php-pecl-apcu.signatures.json             |   8 +
 SPECS/php-pecl-apcu/php-pecl-apcu.spec        | 456 ++++++++++++++++++
 cgmanifest.json                               |  10 +
 8 files changed, 571 insertions(+), 1 deletion(-)
 create mode 100644 SPECS/php-pecl-apcu/apcu-panel.conf
 create mode 100644 SPECS/php-pecl-apcu/apcu.conf.php
 create mode 100644 SPECS/php-pecl-apcu/apcu.ini
 create mode 100644 SPECS/php-pecl-apcu/php-pecl-apcu.signatures.json
 create mode 100644 SPECS/php-pecl-apcu/php-pecl-apcu.spec

diff --git a/LICENSES-AND-NOTICES/SPECS/LICENSES-MAP.md b/LICENSES-AND-NOTICES/SPECS/LICENSES-MAP.md
index 5116d220753..9c4a5582ca9 100644
--- a/LICENSES-AND-NOTICES/SPECS/LICENSES-MAP.md
+++ b/LICENSES-AND-NOTICES/SPECS/LICENSES-MAP.md
@@ -5,7 +5,7 @@ The Azure Linux SPEC files originated from a variety of sources with varying lic
 | CentOS | [MIT](https://www.centos.org/legal/#licensing-policy) | crash-ptdump-command <br> delve <br> fstrm <br> nodejs-nodemon <br> rhnlib <br> rt-setup <br> rt-tests <br> rtctl <br> tuned |
 | Ceph source | [LGPL2.1](https://github.com/ceph/ceph/blob/master/COPYING-LGPL2.1) | ceph |
 | Debian | [MIT](https://opensource.org/licenses/MIT) | prometheus-process-exporter |
-| Fedora | [Fedora MIT License Declaration](https://fedoraproject.org/wiki/Licensing:Main?rd=Licensing#License_of_Fedora_SPEC_Files) | a52dec <br> abseil-cpp <br> accountsservice <br> acpica-tools <br> acpid <br> adcli <br> adobe-mappings-cmap <br> adobe-mappings-pdf <br> advancecomp <br> adwaita-icon-theme <br> afflib <br> aide <br> alsa-firmware <br> alsa-plugins <br> amtk <br> amtterm <br> annobin <br> ansible-freeipa <br> archivemount <br> arptables <br> arpwatch <br> asio <br> aspell <br> aspell-en <br> at <br> at-spi2-atk <br> at-spi2-core <br> atf <br> atk <br> atop <br> attr <br> audiofile <br> augeas <br> authbind <br> authd <br> authselect <br> autoconf213 <br> avahi <br> babeltrace <br> babeltrace2 <br> babl <br> baekmuk-ttf-fonts <br> bats <br> bcache-tools <br> biosdevname <br> blosc <br> bluez <br> bmake <br> bolt <br> boom-boot <br> booth <br> botan2 <br> breezy <br> brotli <br> buildah <br> busybox <br> bwidget <br> byacc <br> ca-certificates <br> cachefilesd <br> cairomm <br> calamares <br> capnproto <br> capstone <br> catatonit <br> catch <br> catch1 <br> cdrdao <br> celt051 <br> cereal <br> certmonger <br> cfitsio <br> cgdcbxd <br> chan <br> CharLS <br> checkpolicy <br> checksec <br> chrony <br> cim-schema <br> cjkuni-uming-fonts <br> cjose <br> ck <br> cldr-emoji-annotation <br> clucene <br> clutter <br> clutter-gst3 <br> clutter-gtk <br> cmocka <br> cogl <br> collectd <br> colm <br> color-filesystem <br> colord <br> colorize <br> compat-lua <br> compiler-rt <br> conda <br> conmon <br> conntrack-tools <br> console-setup <br> container-exception-logger <br> containernetworking-plugins <br> convmv <br> corosync <br> corosync-qdevice <br> cpp-hocon <br> cppcheck <br> cpprest <br> cpptest <br> cpufrequtils <br> cpuid <br> criu <br> crypto-policies <br> cryptsetup <br> cscope <br> ctags <br> CUnit <br> cups <br> custodia <br> Cython <br> dbus-c++ <br> dbus-python <br> dbxtool <br> dconf <br> dcraw <br> debootstrap <br> deltarpm <br> desktop-file-utils <br> device-mapper-persistent-data <br> dhcpcd <br> dietlibc <br> diffstat <br> ding-libs <br> discount <br> distribution-gpg-keys <br> dleyna-connector-dbus <br> dleyna-core <br> dmraid <br> dnf <br> dnf-plugins-core <br> docbook-dtds <br> docbook-simple <br> docbook-slides <br> docbook-style-dsssl <br> docbook-utils <br> docbook2X <br> docbook5-schemas <br> docbook5-style-xsl <br> dogtail <br> dos2unix <br> dotconf <br> dovecot <br> dpdk <br> dpkg <br> driverctl <br> dropwatch <br> drpm <br> duktape <br> dumpet <br> dvd+rw-tools <br> dwarves <br> dwz <br> dyninst <br> ebtables <br> edac-utils <br> edk2 <br> efax <br> efi-rpm-macros <br> egl-wayland <br> eglexternalplatform <br> elinks <br> enca <br> enchant <br> enchant2 <br> enscript <br> environment-modules <br> evemu <br> execstack <br> exempi <br> exiv2 <br> extra-cmake-modules <br> fabtests <br> facter <br> fakechroot <br> fakeroot <br> fdk-aac-free <br> fdupes <br> fence-virt <br> fetchmail <br> fftw <br> filebench <br> fio <br> fipscheck <br> firewalld <br> flac <br> flatbuffers <br> flite <br> fltk <br> fmt <br> fontawesome-fonts <br> fontawesome4-fonts <br> fontpackages <br> fonts-rpm-macros <br> foomatic-db <br> freeglut <br> freeipmi <br> freeradius <br> freetds <br> freexl <br> fribidi <br> fros <br> frr <br> fsverity-utils <br> fuse-overlayfs <br> fuse-sshfs <br> fuse-zip <br> fuse3 <br> future <br> fxload <br> gavl <br> gbenchmark <br> gconf-editor <br> GConf2 <br> gcovr <br> gcr <br> gdal <br> gdisk <br> gdk-pixbuf2 <br> generic-logos <br> genwqe-tools <br> geoclue2 <br> GeoIP <br> GeoIP-GeoLite-data <br> geolite2 <br> geos <br> gfs2-utils <br> ghc-srpm-macros <br> giflib <br> gl-manpages <br> glew <br> glm <br> glog <br> glslang <br> glusterfs <br> gnome-desktop-testing <br> gnome-doc-utils <br> gnome-icon-theme <br> gnome-keyring <br> gnu-efi <br> go-rpm-macros <br> gom <br> google-api-python-client <br> google-crosextra-caladea-fonts <br> google-crosextra-carlito-fonts <br> google-guice <br> google-noto-cjk-fonts <br> google-noto-emoji-fonts <br> google-roboto-slab-fonts <br> gphoto2 <br> gpm <br> gpsbabel <br> graphene <br> graphite2 <br> graphviz <br> grubby <br> gsettings-desktop-schemas <br> gsl <br> gsm <br> gspell <br> gssdp <br> gssntlmssp <br> gstreamer1 <br> gstreamer1-plugins-base <br> gtk-vnc <br> gtk2 <br> gtk3 <br> gtkspell <br> gupnp <br> gupnp-av <br> gupnp-dlna <br> gupnp-igd <br> hardening-check <br> hdf <br> hdf5 <br> heimdal <br> help2man <br> hexedit <br> hicolor-icon-theme <br> hiera <br> highlight <br> hivex <br> hostname <br> hping3 <br> hsakmt <br> htop <br> hunspell <br> hunspell-af <br> hunspell-ar <br> hunspell-as <br> hunspell-ast <br> hunspell-az <br> hunspell-be <br> hunspell-bg <br> hunspell-bn <br> hunspell-br <br> hunspell-ca <br> hunspell-cop <br> hunspell-csb <br> hunspell-cv <br> hunspell-cy <br> hunspell-da <br> hunspell-de <br> hunspell-dsb <br> hunspell-el <br> hunspell-en <br> hunspell-eo <br> hunspell-es <br> hunspell-et <br> hunspell-eu <br> hunspell-fa <br> hunspell-fj <br> hunspell-fo <br> hunspell-fr <br> hunspell-fur <br> hunspell-fy <br> hunspell-ga <br> hunspell-gd <br> hunspell-gl <br> hunspell-grc <br> hunspell-gu <br> hunspell-gv <br> hunspell-haw <br> hunspell-hi <br> hunspell-hil <br> hunspell-hr <br> hunspell-hsb <br> hunspell-ht <br> hunspell-hu <br> hunspell-hy <br> hunspell-ia <br> hunspell-id <br> hunspell-is <br> hunspell-it <br> hunspell-kk <br> hunspell-km <br> hunspell-kn <br> hunspell-ko <br> hunspell-ku <br> hunspell-ky <br> hunspell-la <br> hunspell-lb <br> hunspell-ln <br> hunspell-mai <br> hunspell-mg <br> hunspell-mi <br> hunspell-mk <br> hunspell-ml <br> hunspell-mn <br> hunspell-mos <br> hunspell-mr <br> hunspell-ms <br> hunspell-mt <br> hunspell-nds <br> hunspell-ne <br> hunspell-nl <br> hunspell-no <br> hunspell-nr <br> hunspell-nso <br> hunspell-ny <br> hunspell-om <br> hunspell-or <br> hunspell-pa <br> hunspell-pl <br> hunspell-pt <br> hunspell-quh <br> hunspell-ro <br> hunspell-ru <br> hunspell-rw <br> hunspell-se <br> hunspell-shs <br> hunspell-si <br> hunspell-sk <br> hunspell-sl <br> hunspell-smj <br> hunspell-so <br> hunspell-sq <br> hunspell-sr <br> hunspell-sv <br> hunspell-sw <br> hunspell-ta <br> hunspell-te <br> hunspell-tet <br> hunspell-th <br> hunspell-tk <br> hunspell-tl <br> hunspell-tn <br> hunspell-tpi <br> hunspell-ts <br> hunspell-uk <br> hunspell-uz <br> hunspell-ve <br> hunspell-vi <br> hunspell-wa <br> hunspell-xh <br> hunspell-yi <br> hwdata <br> hwloc <br> hyperscan <br> hyperv-daemons <br> hyphen <br> hyphen-as <br> hyphen-bg <br> hyphen-bn <br> hyphen-ca <br> hyphen-da <br> hyphen-de <br> hyphen-el <br> hyphen-es <br> hyphen-fa <br> hyphen-fo <br> hyphen-fr <br> hyphen-ga <br> hyphen-gl <br> hyphen-grc <br> hyphen-gu <br> hyphen-hi <br> hyphen-hsb <br> hyphen-hu <br> hyphen-ia <br> hyphen-id <br> hyphen-is <br> hyphen-it <br> hyphen-kn <br> hyphen-ku <br> hyphen-lt <br> hyphen-mi <br> hyphen-ml <br> hyphen-mn <br> hyphen-mr <br> hyphen-nl <br> hyphen-or <br> hyphen-pa <br> hyphen-pl <br> hyphen-pt <br> hyphen-ro <br> hyphen-ru <br> hyphen-sa <br> hyphen-sk <br> hyphen-sl <br> hyphen-sv <br> hyphen-ta <br> hyphen-te <br> hyphen-tk <br> hyphen-uk <br> ibus <br> ibus-chewing <br> ibus-hangul <br> ibus-kkc <br> ibus-libzhuyin <br> ibus-m17n <br> ibus-rawcode <br> ibus-sayura <br> ibus-table <br> ibus-table-chinese <br> icc-profiles-openicc <br> icon-naming-utils <br> icoutils <br> iftop <br> iio-sensor-proxy <br> ilmbase <br> im-chooser <br> imaptest <br> imsettings <br> indent <br> infinipath-psm <br> inih <br> iniparser <br> intel-cmt-cat <br> intel-ipsec-mb <br> ioping <br> IP2Location <br> ipa-pgothic-fonts <br> ipcalc <br> ipmitool <br> iprutils <br> iptraf-ng <br> iptstate <br> irssi <br> iscsi-initiator-utils <br> isns-utils <br> iso-codes <br> isomd5sum <br> iw <br> iwd <br> jabberpy <br> jakarta-servlet <br> jasper <br> javapackages-bootstrap <br> javapackages-tools <br> jbigkit <br> jdom2 <br> jemalloc <br> jfsutils <br> jimtcl <br> jose <br> js-jquery <br> jsoncpp <br> Judy <br> jurand <br> kata-containers <br> kde-filesystem <br> kde-settings <br> kexec-tools <br> keybinder3 <br> keycloak-httpd-client-install <br> kf <br> kf-kconfig <br> kf-kcoreaddons <br> kf-ki18n <br> kf-kwidgetsaddons <br> kpmcore <br> kronosnet <br> ksh <br> kyotocabinet <br> kyua <br> ladspa <br> lame <br> langtable <br> lapack <br> lasso <br> latencytop <br> lato-fonts <br> lcms2 <br> lcov <br> ldns <br> leatherman <br> ledmon <br> lensfun <br> leveldb <br> lftp <br> libabw <br> libaec <br> libao <br> libappstream-glib <br> libarrow <br> libart_lgpl <br> libasyncns <br> libatasmart <br> libavc1394 <br> libblockdev <br> libbpf <br> libbsd <br> libburn <br> libbytesize <br> libcacard <br> libcanberra <br> libcdio <br> libcdio-paranoia <br> libcdr <br> libcgroup <br> libchewing <br> libcli <br> libcmis <br> libcmpiutil <br> libcomps <br> libcroco <br> libdaemon <br> libdap <br> libdatrie <br> libdazzle <br> libdbi <br> libdbusmenu <br> libdc1394 <br> libdecor <br> libdeflate <br> libdmx <br> libdnf <br> libdrm <br> libdvdnav <br> libdvdread <br> libdwarf <br> libeasyfc <br> libecap <br> libecb <br> libei <br> libell <br> libEMF <br> libeot <br> libepoxy <br> libepubgen <br> libesmtp <br> libetonyek <br> libev <br> libevdev <br> libexif <br> libexttextcat <br> libfabric <br> libfontenc <br> libfreehand <br> libftdi <br> libgadu <br> libgdither <br> libgee <br> libgee06 <br> libgeotiff <br> libgexiv2 <br> libgit2 <br> libgit2-glib <br> libglade2 <br> libglvnd <br> libgovirt <br> libgphoto2 <br> libgsf <br> libgta <br> libguestfs <br> libgusb <br> libgxim <br> libgxps <br> libhangul <br> libhugetlbfs <br> libibcommon <br> libical <br> libICE <br> libicns <br> libid3tag <br> libIDL <br> libidn2 <br> libiec61883 <br> libieee1284 <br> libimobiledevice <br> libindicator <br> libinput <br> libiodbc <br> libipt <br> libiptcdata <br> libiscsi <br> libisoburn <br> libisofs <br> libjcat <br> libkcapi <br> libkeepalive <br> libkkc <br> libkkc-data <br> libkml <br> liblangtag <br> libldb <br> libldm <br> liblerc <br> liblockfile <br> liblognorm <br> liblouis <br> liblqr-1 <br> liblzf <br> libmad <br> libmd <br> libmediaart <br> libmicrohttpd <br> libmikmod <br> libmodman <br> libmodplug <br> libmodulemd1 <br> libmpcdec <br> libmspub <br> libmtp <br> libmusicbrainz5 <br> libmwaw <br> libnbd <br> libnet <br> libnetfilter_log <br> libnfs <br> libnotify <br> libntlm <br> libnumbertext <br> libnvme <br> liboauth <br> libodfgen <br> libofa <br> libogg <br> liboggz <br> liboil <br> libomxil-bellagio <br> libopenraw <br> liboping <br> libosinfo <br> libotf <br> libotr <br> libpagemaker <br> libpaper <br> libpciaccess <br> libpeas <br> libpfm <br> libpinyin <br> libplist <br> libpmemobj-cpp <br> libpng12 <br> libpng15 <br> libproxy <br> libpsm2 <br> libpwquality <br> libqb <br> libqxp <br> libraqm <br> LibRaw <br> libraw1394 <br> libreport <br> libreswan <br> librevenge <br> librsvg2 <br> librx <br> libsamplerate <br> libsass <br> libsecret <br> libsemanage <br> libsigc++20 <br> libsigsegv <br> libslirp <br> libSM <br> libsmbios <br> libsmi <br> libsndfile <br> libsodium <br> libspiro <br> libsrtp <br> libssh <br> libstaroffice <br> libstemmer <br> libstoragemgmt <br> libtdb <br> libteam <br> libtevent <br> libthai <br> libtnc <br> libtomcrypt <br> libtommath <br> libtpms <br> libtracecmd <br> libtraceevent <br> libtracefs <br> libtranslit <br> libucil <br> libunicap <br> libuninameslist <br> liburing <br> libusbmuxd <br> libuser <br> libutempter <br> libvarlink <br> libverto <br> libvirt-dbus <br> libvirt-glib <br> libvirt-java <br> libvirt-python <br> libvisio <br> libvisual <br> libvoikko <br> libvorbis <br> libvpx <br> libwacom <br> libwnck3 <br> libwpd <br> libwpe <br> libwpg <br> libwps <br> libwvstreams <br> libX11 <br> libXau <br> libXaw <br> libxcb <br> libXcomposite <br> libxcrypt <br> libXcursor <br> libxcvt <br> libXdamage <br> libXdmcp <br> libXext <br> libxfce4util <br> libXfixes <br> libXfont2 <br> libXft <br> libXi <br> libXinerama <br> libxkbcommon <br> libxkbfile <br> libxklavier <br> libxmlb <br> libXmu <br> libXpm <br> libXrandr <br> libXrender <br> libXres <br> libXScrnSaver <br> libxshmfence <br> libXt <br> libXtst <br> libXv <br> libXxf86vm <br> libyami <br> libyang <br> libyubikey <br> libzip <br> libzmf <br> lilv <br> linuxconsoletools <br> linuxptp <br> lksctp-tools <br> lldpd <br> lockdev <br> logwatch <br> lpsolve <br> lrzsz <br> lua <br> lua-expat <br> lua-filesystem <br> lua-json <br> lua-lpeg <br> lua-lunit <br> lua-rpm-macros <br> lua-term <br> luajit <br> lujavrite <br> luksmeta <br> lutok <br> lv2 <br> lzip <br> lzop <br> m17n-db <br> m17n-lib <br> mac-robber <br> mailcap <br> mailx <br> malaga <br> malaga-suomi-voikko <br> mallard-rng <br> man-pages-cs <br> man-pages-es <br> man-pages-it <br> man-pages-ja <br> man-pages-ko <br> man-pages-pl <br> man-pages-ru <br> man-pages-zh-CN <br> mandoc <br> mariadb-connector-c <br> mariadb-connector-odbc <br> marisa <br> maven-compiler-plugin <br> maven-jar-plugin <br> maven-resolver <br> maven-resources-plugin <br> maven-surefire <br> maven-wagon <br> mcelog <br> mcpp <br> mcstrans <br> mdadm <br> mdds <br> mdevctl <br> meanwhile <br> mecab <br> mecab-ipadic <br> media-player-info <br> memcached <br> memkind <br> mesa <br> mesa-libGLU <br> metis <br> microcode_ctl <br> microdnf <br> minicom <br> minizip <br> mksh <br> mobile-broadband-provider-info <br> mock <br> mock-core-configs <br> mod_auth_gssapi <br> mod_auth_mellon <br> mod_auth_openidc <br> mod_authnz_pam <br> mod_fcgid <br> mod_http2 <br> mod_intercept_form_submit <br> mod_lookup_identity <br> mod_md <br> mod_security <br> mod_security_crs <br> mod_wsgi <br> mokutil <br> mpage <br> mrtg <br> mstflint <br> mt-st <br> mtdev <br> mtools <br> mtr <br> mtx <br> munge <br> mutt <br> mythes <br> mythes-bg <br> mythes-ca <br> mythes-cs <br> mythes-da <br> mythes-de <br> mythes-el <br> mythes-en <br> mythes-eo <br> mythes-es <br> mythes-fr <br> mythes-ga <br> mythes-hu <br> mythes-mi <br> mythes-ne <br> mythes-nl <br> mythes-pl <br> mythes-pt <br> mythes-ro <br> mythes-ru <br> mythes-sk <br> mythes-sl <br> mythes-sv <br> mythes-uk <br> nbd <br> nbdkit <br> neon <br> netavark <br> netcdf <br> netcf <br> netlabel_tools <br> netpbm <br> netsniff-ng <br> nfs4-acl-tools <br> nftables <br> nilfs-utils <br> nkf <br> nload <br> nlopt <br> nodejs-packaging <br> nss-mdns <br> nss-pam-ldapd <br> nss_nis <br> nss_wrapper <br> ntfs-3g <br> ntfs-3g-system-compression <br> numad <br> numatop <br> numpy <br> nvmetcli <br> nvml <br> oath-toolkit <br> ocaml <br> ocaml-alcotest <br> ocaml-astring <br> ocaml-augeas <br> ocaml-base <br> ocaml-bigarray-compat <br> ocaml-bisect-ppx <br> ocaml-calendar <br> ocaml-camlp-streams <br> ocaml-camlp5 <br> ocaml-camomile <br> ocaml-cinaps <br> ocaml-cmdliner <br> ocaml-compiler-libs-janestreet <br> ocaml-cppo <br> ocaml-csexp <br> ocaml-csv <br> ocaml-ctypes <br> ocaml-curses <br> ocaml-dune <br> ocaml-extlib <br> ocaml-fileutils <br> ocaml-findlib <br> ocaml-fmt <br> ocaml-fpath <br> ocaml-gettext <br> ocaml-integers <br> ocaml-libvirt <br> ocaml-luv <br> ocaml-lwt <br> ocaml-markup <br> ocaml-mmap <br> ocaml-num <br> ocaml-ocamlbuild <br> ocaml-ocplib-endian <br> ocaml-ounit <br> ocaml-parsexp <br> ocaml-pp <br> ocaml-ppx-derivers <br> ocaml-ppx-here <br> ocaml-ppx-let <br> ocaml-ppxlib <br> ocaml-re <br> ocaml-react <br> ocaml-result <br> ocaml-seq <br> ocaml-sexplib <br> ocaml-sexplib0 <br> ocaml-srpm-macros <br> ocaml-stdio <br> ocaml-stdlib-random <br> ocaml-topkg <br> ocaml-tyxml <br> ocaml-uutf <br> ocaml-xml-light <br> ocaml-zarith <br> ocl-icd <br> oddjob <br> ogdi <br> omping <br> opa <br> opal <br> open-vm-tools <br> openblas <br> opencc <br> opencl-filesystem <br> opencl-headers <br> opencryptoki <br> opencsd <br> opendnssec <br> OpenEXR <br> openjade <br> openjpeg2 <br> openmpi <br> openobex <br> openoffice-lv <br> openrdate <br> opensc <br> openslp <br> opensm <br> opensp <br> openssl <br> openssl-ibmpkcs11 <br> openssl-pkcs11 <br> openwsman <br> optipng <br> opus <br> opusfile <br> orangefs <br> ORBit2 <br> orc <br> os-prober <br> osinfo-db <br> osinfo-db-tools <br> overpass-fonts <br> p11-kit <br> p7zip <br> pacemaker <br> pacrunner <br> pakchois <br> pam_krb5 <br> pam_wrapper <br> papi <br> paps <br> parallel <br> patchelf <br> patchutils <br> pbzip2 <br> pcp <br> pcsc-lite <br> pcsc-lite-ccid <br> PEGTL <br> perl <br> perl-Algorithm-C3 <br> perl-Algorithm-Diff <br> perl-Alien-Build <br> perl-Alien-pkgconf <br> perl-AnyEvent <br> perl-AnyEvent-AIO <br> perl-AnyEvent-BDB <br> perl-App-cpanminus <br> perl-App-FatPacker <br> perl-AppConfig <br> perl-Archive-Extract <br> perl-Archive-Zip <br> perl-Authen-SASL <br> perl-B-COW <br> perl-B-Debug <br> perl-B-Hooks-EndOfScope <br> perl-B-Hooks-OP-Check <br> perl-B-Keywords <br> perl-B-Lint <br> perl-bareword-filehandles <br> perl-Bit-Vector <br> perl-boolean <br> perl-Browser-Open <br> perl-BSD-Resource <br> perl-Business-ISBN <br> perl-Business-ISBN-Data <br> perl-Bytes-Random-Secure <br> perl-Capture-Tiny <br> perl-Carp-Clan <br> perl-CBOR-XS <br> perl-Class-Accessor <br> perl-Class-C3 <br> perl-Class-C3-XS <br> perl-Class-Data-Inheritable <br> perl-Class-Factory-Util <br> perl-Class-Inspector <br> perl-Class-ISA <br> perl-Class-Load <br> perl-Class-Load-XS <br> perl-Class-Method-Modifiers <br> perl-Class-Singleton <br> perl-Class-Tiny <br> perl-Class-XSAccessor <br> perl-Clone <br> perl-Color-ANSI-Util <br> perl-Color-RGB-Util <br> perl-ColorThemeBase-Static <br> perl-ColorThemeRole-ANSI <br> perl-ColorThemes-Standard <br> perl-ColorThemeUtil-ANSI <br> perl-Compress-Bzip2 <br> perl-Compress-LZF <br> perl-Compress-Raw-Lzma <br> perl-Config-AutoConf <br> perl-Config-INI <br> perl-Config-INI-Reader-Multiline <br> perl-Config-IniFiles <br> perl-Config-Simple <br> perl-Config-Tiny <br> perl-Const-Fast <br> perl-Convert-ASN1 <br> perl-Convert-Bencode <br> perl-Coro <br> perl-Coro-Multicore <br> perl-CPAN-Changes <br> perl-CPAN-DistnameInfo <br> perl-CPAN-Meta-Check <br> perl-Cpanel-JSON-XS <br> perl-Crypt-CBC <br> perl-Crypt-DES <br> perl-Crypt-IDEA <br> perl-Crypt-OpenSSL-Bignum <br> perl-Crypt-OpenSSL-Guess <br> perl-Crypt-OpenSSL-Random <br> perl-Crypt-OpenSSL-RSA <br> perl-Crypt-PasswdMD5 <br> perl-Crypt-Random-Seed <br> perl-CSS-Tiny <br> perl-Data-Dump <br> perl-Data-Munge <br> perl-Data-OptList <br> perl-Data-Peek <br> perl-Data-Section <br> perl-Data-UUID <br> perl-Date-Calc <br> perl-Date-ISO8601 <br> perl-Date-Manip <br> perl-DateTime <br> perl-DateTime-Format-Builder <br> perl-DateTime-Format-DateParse <br> perl-DateTime-Format-HTTP <br> perl-DateTime-Format-IBeat <br> perl-DateTime-Format-ISO8601 <br> perl-DateTime-Format-Mail <br> perl-DateTime-Format-Strptime <br> perl-DateTime-Locale <br> perl-DateTime-TimeZone <br> perl-DateTime-TimeZone-SystemV <br> perl-DateTime-TimeZone-Tzfile <br> perl-DBD-MySQL <br> perl-Devel-CallChecker <br> perl-Devel-Caller <br> perl-Devel-CheckBin <br> perl-Devel-CheckLib <br> perl-Devel-Cycle <br> perl-Devel-EnforceEncapsulation <br> perl-Devel-GlobalDestruction <br> perl-Devel-GlobalDestruction-XS <br> perl-Devel-Hide <br> perl-Devel-Leak <br> perl-Devel-LexAlias <br> perl-Devel-Refcount <br> perl-Devel-Size <br> perl-Devel-StackTrace <br> perl-Devel-Symdump <br> perl-Digest-BubbleBabble <br> perl-Digest-CRC <br> perl-Digest-HMAC <br> perl-Digest-SHA1 <br> perl-Dist-CheckConflicts <br> perl-DynaLoader-Functions <br> perl-Email-Address <br> perl-Email-Date-Format <br> perl-Encode-Detect <br> perl-Encode-EUCJPASCII <br> perl-Encode-IMAPUTF7 <br> perl-Encode-Locale <br> perl-Env-ShellWords <br> perl-Error <br> perl-EV <br> perl-Eval-Closure <br> perl-Event <br> perl-Exception-Class <br> perl-Expect <br> perl-ExtUtils-Config <br> perl-ExtUtils-Depends <br> perl-ExtUtils-Helpers <br> perl-ExtUtils-InstallPaths <br> perl-ExtUtils-PkgConfig <br> perl-FCGI <br> perl-Fedora-VSP <br> perl-FFI-CheckLib <br> perl-File-BaseDir <br> perl-File-BOM <br> perl-File-chdir <br> perl-File-CheckTree <br> perl-File-Copy-Recursive <br> perl-File-DesktopEntry <br> perl-File-Find-Object <br> perl-File-Find-Object-Rule <br> perl-File-Find-Rule <br> perl-File-Find-Rule-Perl <br> perl-File-Inplace <br> perl-File-Listing <br> perl-File-MimeInfo <br> perl-File-pushd <br> perl-File-ReadBackwards <br> perl-File-Remove <br> perl-File-ShareDir <br> perl-File-ShareDir-Install <br> perl-File-Slurp <br> perl-File-Slurp-Tiny <br> perl-File-Slurper <br> perl-File-Type <br> perl-Font-TTF <br> perl-FreezeThaw <br> perl-GD <br> perl-GD-Barcode <br> perl-generators <br> perl-Getopt-ArgvFile <br> perl-gettext <br> perl-Graphics-ColorNamesLite-WWW <br> perl-GSSAPI <br> perl-Guard <br> perl-Hook-LexWrap <br> perl-HTML-Parser <br> perl-HTML-Tagset <br> perl-HTML-Tree <br> perl-HTTP-Cookies <br> perl-HTTP-Daemon <br> perl-HTTP-Date <br> perl-HTTP-Message <br> perl-HTTP-Negotiate <br> perl-Image-Base <br> perl-Image-Info <br> perl-Image-Xbm <br> perl-Image-Xpm <br> perl-Import-Into <br> perl-Importer <br> perl-inc-latest <br> perl-indirect <br> perl-Inline-Files <br> perl-IO-AIO <br> perl-IO-All <br> perl-IO-CaptureOutput <br> perl-IO-Compress-Lzma <br> perl-IO-HTML <br> perl-IO-Multiplex <br> perl-IO-SessionData <br> perl-IO-Socket-INET6 <br> perl-IO-String <br> perl-IO-stringy <br> perl-IO-Tty <br> perl-IPC-Run <br> perl-IPC-Run3 <br> perl-IPC-System-Simple <br> perl-JSON <br> perl-JSON-Color <br> perl-JSON-MaybeXS <br> perl-LDAP <br> perl-libnet <br> perl-libwww-perl <br> perl-libxml-perl <br> perl-Lingua-EN-Inflect <br> perl-List-MoreUtils-XS <br> perl-local-lib <br> perl-Locale-Codes <br> perl-Locale-Maketext-Gettext <br> perl-Locale-Msgfmt <br> perl-Locale-PO <br> perl-Log-Message <br> perl-Log-Message-Simple <br> perl-LWP-MediaTypes <br> perl-LWP-Protocol-https <br> perl-Mail-AuthenticationResults <br> perl-Mail-DKIM <br> perl-Mail-IMAPTalk <br> perl-Mail-SPF <br> perl-MailTools <br> perl-Match-Simple <br> perl-Math-Int64 <br> perl-Math-Random-ISAAC <br> perl-MIME-Charset <br> perl-MIME-Lite <br> perl-MIME-Types <br> perl-Mixin-Linewise <br> perl-MLDBM <br> perl-Mock-Config <br> perl-Module-Build-Tiny <br> perl-Module-CPANfile <br> perl-Module-Implementation <br> perl-Module-Install-AuthorRequires <br> perl-Module-Install-AuthorTests <br> perl-Module-Install-AutoLicense <br> perl-Module-Install-GithubMeta <br> perl-Module-Install-ManifestSkip <br> perl-Module-Install-ReadmeFromPod <br> perl-Module-Install-ReadmeMarkdownFromPod <br> perl-Module-Install-Repository <br> perl-Module-Install-TestBase <br> perl-Module-Load-Util <br> perl-Module-Manifest <br> perl-Module-Manifest-Skip <br> perl-Module-Package <br> perl-Module-Package-Au <br> perl-Module-Pluggable <br> perl-Module-Runtime <br> perl-Module-Signature <br> perl-Mojolicious <br> perl-Moo <br> perl-Mozilla-CA <br> perl-Mozilla-LDAP <br> perl-MRO-Compat <br> perl-multidimensional <br> perl-namespace-autoclean <br> perl-namespace-clean <br> perl-Net-CIDR-Lite <br> perl-Net-Daemon <br> perl-Net-DNS <br> perl-Net-DNS-Resolver-Mock <br> perl-Net-DNS-Resolver-Programmable <br> perl-Net-HTTP <br> perl-Net-IMAP-Simple <br> perl-Net-IMAP-Simple-SSL <br> perl-Net-IP <br> perl-Net-LibIDN2 <br> perl-Net-Patricia <br> perl-Net-SMTP-SSL <br> perl-Net-SNMP <br> perl-Net-Telnet <br> perl-Newt <br> perl-NNTPClient <br> perl-NTLM <br> perl-Number-Compare <br> perl-Object-Deadly <br> perl-Object-HashBase <br> perl-Package-Anon <br> perl-Package-Constants <br> perl-Package-DeprecationManager <br> perl-Package-Generator <br> perl-Package-Stash <br> perl-Package-Stash-XS <br> perl-PadWalker <br> perl-Paper-Specs <br> perl-PAR-Dist <br> perl-Parallel-Iterator <br> perl-Params-Classify <br> perl-Params-Util <br> perl-Params-Validate <br> perl-Params-ValidationCompiler <br> perl-Parse-PMFile <br> perl-Parse-RecDescent <br> perl-Parse-Yapp <br> perl-Path-Tiny <br> perl-Perl-Critic <br> perl-Perl-Critic-More <br> perl-Perl-Destruct-Level <br> perl-Perl-MinimumVersion <br> perl-Perl4-CoreLibs <br> perl-PerlIO-gzip <br> perl-PerlIO-utf8_strict <br> perl-PkgConfig-LibPkgConf <br> perl-Pod-Coverage <br> perl-Pod-Coverage-TrustPod <br> perl-Pod-Escapes <br> perl-Pod-Eventual <br> perl-Pod-LaTeX <br> perl-Pod-Markdown <br> perl-Pod-Parser <br> perl-Pod-Plainer <br> perl-Pod-POM <br> perl-Pod-Spell <br> perl-PPI <br> perl-PPI-HTML <br> perl-PPIx-QuoteLike <br> perl-PPIx-Regexp <br> perl-PPIx-Utilities <br> perl-prefork <br> perl-Probe-Perl <br> perl-Razor-Agent <br> perl-Readonly <br> perl-Readonly-XS <br> perl-Ref-Util <br> perl-Ref-Util-XS <br> perl-Regexp-Pattern-Perl <br> perl-Return-MultiLevel <br> perl-Role-Tiny <br> perl-Scope-Guard <br> perl-Scope-Upper <br> perl-SGMLSpm <br> perl-SNMP_Session <br> perl-Socket6 <br> perl-Software-License <br> perl-Sort-Versions <br> perl-Specio <br> perl-Spiffy <br> perl-strictures <br> perl-String-CRC32 <br> perl-String-Format <br> perl-String-ShellQuote <br> perl-String-Similarity <br> perl-Sub-Exporter <br> perl-Sub-Exporter-Progressive <br> perl-Sub-Identify <br> perl-Sub-Infix <br> perl-Sub-Info <br> perl-Sub-Install <br> perl-Sub-Name <br> perl-Sub-Quote <br> perl-Sub-Uplevel <br> perl-SUPER <br> perl-Switch <br> perl-Syntax-Highlight-Engine-Kate <br> perl-Sys-CPU <br> perl-Sys-MemInfo <br> perl-Sys-Virt <br> perl-Taint-Runtime <br> perl-Task-Weaken <br> perl-Term-Size-Any <br> perl-Term-Size-Perl <br> perl-Term-Table <br> perl-Term-UI <br> perl-TermReadKey <br> perl-Test-Base <br> perl-Test-ClassAPI <br> perl-Test-CPAN-Meta <br> perl-Test-CPAN-Meta-JSON <br> perl-Test-Deep <br> perl-Test-Differences <br> perl-Test-DistManifest <br> perl-Test-Distribution <br> perl-Test-EOL <br> perl-Test-Exception <br> perl-Test-Exit <br> perl-Test-FailWarnings <br> perl-Test-Fatal <br> perl-Test-File <br> perl-Test-File-ShareDir <br> perl-Test-Harness <br> perl-Test-HasVersion <br> perl-Test-InDistDir <br> perl-Test-Inter <br> perl-Test-LeakTrace <br> perl-Test-LongString <br> perl-Test-Manifest <br> perl-Test-Memory-Cycle <br> perl-Test-MinimumVersion <br> perl-Test-MockObject <br> perl-Test-MockRandom <br> perl-Test-Needs <br> perl-Test-NoTabs <br> perl-Test-NoWarnings <br> perl-Test-Object <br> perl-Test-Output <br> perl-Test-Pod <br> perl-Test-Pod-Coverage <br> perl-Test-Portability-Files <br> perl-Test-Requires <br> perl-Test-RequiresInternet <br> perl-Test-Script <br> perl-Test-Simple <br> perl-Test-SubCalls <br> perl-Test-Synopsis <br> perl-Test-Taint <br> perl-Test-TrailingSpace <br> perl-Test-utf8 <br> perl-Test-Vars <br> perl-Test-Warn <br> perl-Test-Without-Module <br> perl-Test2-Plugin-NoWarnings <br> perl-Test2-Suite <br> perl-Test2-Tools-Explain <br> perl-Text-CharWidth <br> perl-Text-CSV_XS <br> perl-Text-Diff <br> perl-Text-Glob <br> perl-Text-Iconv <br> perl-Text-Soundex <br> perl-Text-Unidecode <br> perl-Text-WrapI18N <br> perl-Tie-IxHash <br> perl-TimeDate <br> perl-Tree-DAG_Node <br> perl-Unicode-EastAsianWidth <br> perl-Unicode-LineBreak <br> perl-Unicode-Map8 <br> perl-Unicode-String <br> perl-Unicode-UTF8 <br> perl-UNIVERSAL-can <br> perl-UNIVERSAL-isa <br> perl-Unix-Syslog <br> perl-URI <br> perl-Variable-Magic <br> perl-Version-Requirements <br> perl-WWW-RobotRules <br> perl-XML-Catalog <br> perl-XML-DOM <br> perl-XML-Dumper <br> perl-XML-Filter-BufferText <br> perl-XML-Generator <br> perl-XML-Grove <br> perl-XML-Handler-YAWriter <br> perl-XML-LibXML <br> perl-XML-LibXSLT <br> perl-XML-NamespaceSupport <br> perl-XML-Parser-Lite <br> perl-XML-RegExp <br> perl-XML-SAX <br> perl-XML-SAX-Base <br> perl-XML-SAX-Writer <br> perl-XML-Simple <br> perl-XML-TokeParser <br> perl-XML-TreeBuilder <br> perl-XML-Twig <br> perl-XML-Writer <br> perl-XML-XPath <br> perl-XML-XPathEngine <br> perl-XString <br> perl-YAML-LibYAML <br> perl-YAML-PP <br> perl-YAML-Syck <br> perltidy <br> pesign <br> phodav <br> php <br> php-pear <br> php-pecl-zip <br> physfs <br> picosat <br> pinfo <br> pipewire <br> pixman <br> pkcs11-helper <br> pkgconf <br> plexus-cipher <br> plexus-containers <br> plexus-sec-dispatcher <br> plotutils <br> pmdk-convert <br> pmix <br> pngcrush <br> pngnq <br> po4a <br> podman <br> poetry <br> policycoreutils <br> polkit-pkla-compat <br> polkit-qt-1 <br> portreserve <br> postfix <br> potrace <br> powertop <br> ppp <br> pps-tools <br> pptp <br> priv_wrapper <br> procmail <br> prometheus <br> prometheus-node-exporter <br> ps_mem <br> psacct <br> pssh <br> psutils <br> ptlib <br> publicsuffix-list <br> pugixml <br> pulseaudio <br> puppet <br> pwgen <br> pyatspi <br> pybind11 <br> pycairo <br> pyelftools <br> pyflakes <br> pygobject3 <br> PyGreSQL <br> pykickstart <br> pylint <br> pyparted <br> pyproject-rpm-macros <br> pyserial <br> python-absl-py <br> python-aiodns <br> python-aiohttp <br> python-alsa <br> python-argcomplete <br> python-argparse-manpage <br> python-astroid <br> python-astunparse <br> python-async-generator <br> python-augeas <br> python-azure-sdk <br> python-beautifulsoup4 <br> python-betamax <br> python-blinker <br> python-blivet <br> python-cached_property <br> python-charset-normalizer <br> python-cheetah <br> python-click <br> python-cmd2 <br> python-colorama <br> python-CommonMark <br> python-conda-package-handling <br> python-configshell <br> python-cpuinfo <br> python-cups <br> python-curio <br> python-cytoolz <br> python-d2to1 <br> python-dbus-client-gen <br> python-dbus-python-client-gen <br> python-dbus-signature-pyparsing <br> python-dbusmock <br> python-ddt <br> python-debtcollector <br> python-decorator <br> python-distlib <br> python-dmidecode <br> python-dns <br> python-dtopt <br> python-dulwich <br> python-editables <br> python-enchant <br> python-entrypoints <br> python-ethtool <br> python-evdev <br> python-extras <br> python-faker <br> python-fasteners <br> python-fastjsonschema <br> python-fields <br> python-filelock <br> python-fixtures <br> python-flake8 <br> python-flask <br> python-flit <br> python-flit-core <br> python-fluidity-sm <br> python-frozendict <br> python-funcsigs <br> python-gast <br> python-genshi <br> python-google-auth <br> python-google-auth-oauthlib <br> python-greenlet <br> python-gssapi <br> python-h5py <br> python-hatch-fancy-pypi-readme <br> python-hatch-vcs <br> python-hatchling <br> python-hs-dbus-signature <br> python-html5lib <br> python-httplib2 <br> python-humanize <br> python-hwdata <br> python-importlib-metadata <br> python-inotify <br> python-into-dbus-python <br> python-IPy <br> python-iso8601 <br> python-isodate <br> python-isort <br> python-itsdangerous <br> python-junitxml <br> python-justbases <br> python-justbytes <br> python-jwcrypto <br> python-jwt <br> python-kdcproxy <br> python-kerberos <br> python-kmod <br> python-kubernetes <br> python-lark <br> python-lazy-object-proxy <br> python-ldap <br> python-linux-procfs <br> python-lit <br> python-looseversion <br> python-markdown <br> python-markdown-it-py <br> python-mccabe <br> python-mdurl <br> python-memcached <br> python-mimeparse <br> python-mock <br> python-monotonic <br> python-more-itertools <br> python-mpmath <br> python-msal <br> python-msrestazure <br> python-mutagen <br> python-networkx <br> python-nose2 <br> python-ntlm-auth <br> python-oauth2client <br> python-openpyxl <br> python-openstackdocstheme <br> python-oslo-i18n <br> python-oslo-sphinx <br> python-paramiko <br> python-pathspec <br> python-pefile <br> python-pexpect <br> python-pkgconfig <br> python-platformdirs <br> python-pluggy <br> python-podman-api <br> python-poetry-core <br> python-process-tests <br> python-productmd <br> python-ptyprocess <br> python-pycares <br> python-pycosat <br> python-pydbus <br> python-pymongo <br> python-PyMySQL <br> python-pyperclip <br> python-pyproject-metadata <br> python-pyroute2 <br> python-pyrsistent <br> python-pysocks <br> python-pytest-benchmark <br> python-pytest-cov <br> python-pytest-expect <br> python-pytest-flake8 <br> python-pytest-flakes <br> python-pytest-forked <br> python-pytest-mock <br> python-pytest-relaxed <br> python-pytest-runner <br> python-pytest-subtests <br> python-pytest-timeout <br> python-pytest-xdist <br> python-pytoml <br> python-pyudev <br> python-pywbem <br> python-qrcode <br> python-rdflib <br> python-recommonmark <br> python-requests-file <br> python-requests-ftp <br> python-requests-kerberos <br> python-requests-mock <br> python-requests-oauthlib <br> python-requests-toolbelt <br> python-requests_ntlm <br> python-responses <br> python-retrying <br> python-rfc3986 <br> python-rich <br> python-rpm-generators <br> python-rpmfluff <br> python-rtslib <br> python-ruamel-yaml <br> python-ruamel-yaml-clib <br> python-s3transfer <br> python-schedutils <br> python-semantic_version <br> python-should_dsl <br> python-simpleline <br> python-slip <br> python-sniffio <br> python-sortedcontainers <br> python-soupsieve <br> python-sphinx <br> python-sphinx-epytext <br> python-sphinx-theme-py3doc-enhanced <br> python-sphinx_rtd_theme <br> python-sphinxcontrib-apidoc <br> python-sphinxcontrib-applehelp <br> python-sphinxcontrib-devhelp <br> python-sphinxcontrib-htmlhelp <br> python-sphinxcontrib-httpdomain <br> python-sphinxcontrib-jsmath <br> python-sphinxcontrib-qthelp <br> python-sphinxcontrib-serializinghtml <br> python-sqlalchemy <br> python-suds <br> python-systemd <br> python-tempita <br> python-templated-dictionary <br> python-termcolor <br> python-testpath <br> python-testresources <br> python-testscenarios <br> python-testtools <br> python-tidy <br> python-toml <br> python-tomli <br> python-toolz <br> python-tornado <br> python-tox <br> python-tox-current-env <br> python-tqdm <br> python-trio <br> python-trove-classifiers <br> python-typing-extensions <br> python-uamqp <br> python-unittest2 <br> python-uritemplate <br> python-urwid <br> python-varlink <br> python-versioneer <br> python-virt-firmware <br> python-voluptuous <br> python-waitress <br> python-webencodings <br> python-webtest <br> python-wheel <br> python-whoosh <br> python-winrm <br> python-wrapt <br> python-xlrd <br> python-xlsxwriter <br> python-xmltodict <br> python-yubico <br> python-zipp <br> python-zmq <br> python-zstd <br> python3-mallard-ducktype <br> python3-pytest-asyncio <br> python3-typed_ast <br> pyusb <br> pywbem <br> pyxattr <br> qemu <br> qhull <br> qpdf <br> qperf <br> qr-code-generator <br> qt-rpm-macros <br> qt5-qtconnectivity <br> qt5-qtsensors <br> qt5-qtserialport <br> qtbase <br> qtdeclarative <br> qtsvg <br> qttools <br> quagga <br> quota <br> radvd <br> ragel <br> raptor2 <br> rarian <br> rasdaemon <br> rasqal <br> rcs <br> rdist <br> rdma-core <br> re2 <br> re2c <br> realmd <br> rear <br> recode <br> resource-agents <br> rest <br> rhash <br> rlwrap <br> rp-pppoe <br> rpm-mpi-hooks <br> rpmdevtools <br> rpmlint <br> rr <br> rtkit <br> rtl-sdr <br> ruby-augeas <br> rubygem-bson <br> rubygem-coderay <br> rubygem-diff-lcs <br> rubygem-flexmock <br> rubygem-hpricot <br> rubygem-introspection <br> rubygem-liquid <br> rubygem-maruku <br> rubygem-metaclass <br> rubygem-mongo <br> rubygem-mustache <br> rubygem-mysql2 <br> rubygem-pkg-config <br> rubygem-rake <br> rubygem-rake-compiler <br> rubygem-ronn <br> rubygem-rouge <br> rubygem-rspec <br> rubygem-rspec-expectations <br> rubygem-rspec-mocks <br> rubygem-rspec-support <br> rubygem-thread_order <br> rusers <br> rust-cbindgen <br> samba <br> sanlock <br> sassist <br> satyr <br> sbc <br> sblim-cim-client2 <br> sblim-cmpi-base <br> sblim-cmpi-devel <br> sblim-cmpi-fsvol <br> sblim-cmpi-network <br> sblim-cmpi-nfsv3 <br> sblim-cmpi-nfsv4 <br> sblim-cmpi-params <br> sblim-cmpi-sysfs <br> sblim-cmpi-syslog <br> sblim-indication_helper <br> sblim-sfcb <br> sblim-sfcc <br> sblim-sfcCommon <br> sblim-testsuite <br> sblim-wbemcli <br> scl-utils <br> scotch <br> screen <br> scrub <br> SDL <br> SDL2 <br> SDL_sound <br> sdparm <br> seabios <br> secilc <br> selinux-policy <br> serd <br> setools <br> setserial <br> setuptool <br> sgabios <br> sgml-common <br> sgpio <br> shared-mime-info <br> sharutils <br> sip <br> sisu <br> skkdic <br> sleuthkit <br> slirp4netns <br> smartmontools <br> smc-tools <br> socket_wrapper <br> softhsm <br> sombok <br> sord <br> sos <br> sound-theme-freedesktop <br> soundtouch <br> sox <br> soxr <br> sparsehash <br> spausedd <br> speex <br> speexdsp <br> spice-protocol <br> spice-vdagent <br> spirv-headers <br> spirv-tools <br> splix <br> squashfs-tools <br> squid <br> sratom <br> sscg <br> star <br> startup-notification <br> stress-ng <br> stunnel <br> subscription-manager <br> subunit <br> suitesparse <br> SuperLU <br> supermin <br> switcheroo-control <br> swtpm <br> symlinks <br> sympy <br> sysfsutils <br> systemd <br> systemd-bootchart <br> t1lib <br> t1utils <br> taglib <br> tang <br> targetcli <br> tbb <br> tcl-pgtcl <br> tclx <br> teckit <br> telnet <br> thrift <br> tidy <br> time <br> tini <br> tinycdb <br> tix <br> tk <br> tlog <br> tmpwatch <br> tn5250 <br> tofrodos <br> tokyocabinet <br> trace-cmd <br> tss2 <br> ttembed <br> ttmkfdir <br> tuna <br> twolame <br> uchardet <br> uclibc-ng <br> ucpp <br> ucs-miscfixed-fonts <br> ucx <br> udftools <br> udica <br> udisks2 <br> uglify-js <br> uid_wrapper <br> unicode-emoji <br> unicode-ucd <br> unique3 <br> units <br> upower <br> uriparser <br> urlview <br> usb_modeswitch <br> usb_modeswitch-data <br> usbguard <br> usbip <br> usbmuxd <br> usbredir <br> usermode <br> ustr <br> uthash <br> uuid <br> uw-imap <br> v4l-utils <br> vhostmd <br> vino <br> virglrenderer <br> virt-p2v <br> virt-top <br> virt-what <br> virt-who <br> vitess <br> vmem <br> volume_key <br> vorbis-tools <br> vte291 <br> vulkan-headers <br> vulkan-loader <br> watchdog <br> wavpack <br> wayland <br> wayland-protocols <br> web-assets <br> webrtc-audio-processing <br> websocketpp <br> wget <br> whois <br> wireguard-tools <br> wireless-regdb <br> wireshark <br> woff2 <br> wordnet <br> words <br> wpebackend-fdo <br> wsmancli <br> wvdial <br> x3270 <br> xapian-core <br> Xaw3d <br> xcb-proto <br> xcb-util <br> xcb-util-image <br> xcb-util-keysyms <br> xcb-util-renderutil <br> xcb-util-wm <br> xdelta <br> xdg-dbus-proxy <br> xdg-utils <br> xdp-tools <br> xerces-c <br> xfconf <br> xfsdump <br> xhtml1-dtds <br> xkeyboard-config <br> xmlstarlet <br> xmltoman <br> xmvn <br> xorg-x11-apps <br> xorg-x11-drv-libinput <br> xorg-x11-font-utils <br> xorg-x11-fonts <br> xorg-x11-proto-devel <br> xorg-x11-server <br> xorg-x11-server-utils <br> xorg-x11-server-Xwayland <br> xorg-x11-util-macros <br> xorg-x11-utils <br> xorg-x11-xauth <br> xorg-x11-xbitmaps <br> xorg-x11-xinit <br> xorg-x11-xkb-utils <br> xorg-x11-xtrans-devel <br> xrestop <br> xterm <br> xxhash <br> yajl <br> yaml-cpp <br> yasm <br> yelp-tools <br> yelp-xsl <br> ykclient <br> yp-tools <br> ypbind <br> ypserv <br> z3 <br> zenity <br> zerofree <br> zfs-fuse <br> zipper <br> zopfli <br> zziplib |
+| Fedora | [Fedora MIT License Declaration](https://fedoraproject.org/wiki/Licensing:Main?rd=Licensing#License_of_Fedora_SPEC_Files) | a52dec <br> abseil-cpp <br> accountsservice <br> acpica-tools <br> acpid <br> adcli <br> adobe-mappings-cmap <br> adobe-mappings-pdf <br> advancecomp <br> adwaita-icon-theme <br> afflib <br> aide <br> alsa-firmware <br> alsa-plugins <br> amtk <br> amtterm <br> annobin <br> ansible-freeipa <br> archivemount <br> arptables <br> arpwatch <br> asio <br> aspell <br> aspell-en <br> at <br> at-spi2-atk <br> at-spi2-core <br> atf <br> atk <br> atop <br> attr <br> audiofile <br> augeas <br> authbind <br> authd <br> authselect <br> autoconf213 <br> avahi <br> babeltrace <br> babeltrace2 <br> babl <br> baekmuk-ttf-fonts <br> bats <br> bcache-tools <br> biosdevname <br> blosc <br> bluez <br> bmake <br> bolt <br> boom-boot <br> booth <br> botan2 <br> breezy <br> brotli <br> buildah <br> busybox <br> bwidget <br> byacc <br> ca-certificates <br> cachefilesd <br> cairomm <br> calamares <br> capnproto <br> capstone <br> catatonit <br> catch <br> catch1 <br> cdrdao <br> celt051 <br> cereal <br> certmonger <br> cfitsio <br> cgdcbxd <br> chan <br> CharLS <br> checkpolicy <br> checksec <br> chrony <br> cim-schema <br> cjkuni-uming-fonts <br> cjose <br> ck <br> cldr-emoji-annotation <br> clucene <br> clutter <br> clutter-gst3 <br> clutter-gtk <br> cmocka <br> cogl <br> collectd <br> colm <br> color-filesystem <br> colord <br> colorize <br> compat-lua <br> compiler-rt <br> conda <br> conmon <br> conntrack-tools <br> console-setup <br> container-exception-logger <br> containernetworking-plugins <br> convmv <br> corosync <br> corosync-qdevice <br> cpp-hocon <br> cppcheck <br> cpprest <br> cpptest <br> cpufrequtils <br> cpuid <br> criu <br> crypto-policies <br> cryptsetup <br> cscope <br> ctags <br> CUnit <br> cups <br> custodia <br> Cython <br> dbus-c++ <br> dbus-python <br> dbxtool <br> dconf <br> dcraw <br> debootstrap <br> deltarpm <br> desktop-file-utils <br> device-mapper-persistent-data <br> dhcpcd <br> dietlibc <br> diffstat <br> ding-libs <br> discount <br> distribution-gpg-keys <br> dleyna-connector-dbus <br> dleyna-core <br> dmraid <br> dnf <br> dnf-plugins-core <br> docbook-dtds <br> docbook-simple <br> docbook-slides <br> docbook-style-dsssl <br> docbook-utils <br> docbook2X <br> docbook5-schemas <br> docbook5-style-xsl <br> dogtail <br> dos2unix <br> dotconf <br> dovecot <br> dpdk <br> dpkg <br> driverctl <br> dropwatch <br> drpm <br> duktape <br> dumpet <br> dvd+rw-tools <br> dwarves <br> dwz <br> dyninst <br> ebtables <br> edac-utils <br> edk2 <br> efax <br> efi-rpm-macros <br> egl-wayland <br> eglexternalplatform <br> elinks <br> enca <br> enchant <br> enchant2 <br> enscript <br> environment-modules <br> evemu <br> execstack <br> exempi <br> exiv2 <br> extra-cmake-modules <br> fabtests <br> facter <br> fakechroot <br> fakeroot <br> fdk-aac-free <br> fdupes <br> fence-virt <br> fetchmail <br> fftw <br> filebench <br> fio <br> fipscheck <br> firewalld <br> flac <br> flatbuffers <br> flite <br> fltk <br> fmt <br> fontawesome-fonts <br> fontawesome4-fonts <br> fontpackages <br> fonts-rpm-macros <br> foomatic-db <br> freeglut <br> freeipmi <br> freeradius <br> freetds <br> freexl <br> fribidi <br> fros <br> frr <br> fsverity-utils <br> fuse-overlayfs <br> fuse-sshfs <br> fuse-zip <br> fuse3 <br> future <br> fxload <br> gavl <br> gbenchmark <br> gconf-editor <br> GConf2 <br> gcovr <br> gcr <br> gdal <br> gdisk <br> gdk-pixbuf2 <br> generic-logos <br> genwqe-tools <br> geoclue2 <br> GeoIP <br> GeoIP-GeoLite-data <br> geolite2 <br> geos <br> gfs2-utils <br> ghc-srpm-macros <br> giflib <br> gl-manpages <br> glew <br> glm <br> glog <br> glslang <br> glusterfs <br> gnome-desktop-testing <br> gnome-doc-utils <br> gnome-icon-theme <br> gnome-keyring <br> gnu-efi <br> go-rpm-macros <br> gom <br> google-api-python-client <br> google-crosextra-caladea-fonts <br> google-crosextra-carlito-fonts <br> google-guice <br> google-noto-cjk-fonts <br> google-noto-emoji-fonts <br> google-roboto-slab-fonts <br> gphoto2 <br> gpm <br> gpsbabel <br> graphene <br> graphite2 <br> graphviz <br> grubby <br> gsettings-desktop-schemas <br> gsl <br> gsm <br> gspell <br> gssdp <br> gssntlmssp <br> gstreamer1 <br> gstreamer1-plugins-base <br> gtk-vnc <br> gtk2 <br> gtk3 <br> gtkspell <br> gupnp <br> gupnp-av <br> gupnp-dlna <br> gupnp-igd <br> hardening-check <br> hdf <br> hdf5 <br> heimdal <br> help2man <br> hexedit <br> hicolor-icon-theme <br> hiera <br> highlight <br> hivex <br> hostname <br> hping3 <br> hsakmt <br> htop <br> hunspell <br> hunspell-af <br> hunspell-ar <br> hunspell-as <br> hunspell-ast <br> hunspell-az <br> hunspell-be <br> hunspell-bg <br> hunspell-bn <br> hunspell-br <br> hunspell-ca <br> hunspell-cop <br> hunspell-csb <br> hunspell-cv <br> hunspell-cy <br> hunspell-da <br> hunspell-de <br> hunspell-dsb <br> hunspell-el <br> hunspell-en <br> hunspell-eo <br> hunspell-es <br> hunspell-et <br> hunspell-eu <br> hunspell-fa <br> hunspell-fj <br> hunspell-fo <br> hunspell-fr <br> hunspell-fur <br> hunspell-fy <br> hunspell-ga <br> hunspell-gd <br> hunspell-gl <br> hunspell-grc <br> hunspell-gu <br> hunspell-gv <br> hunspell-haw <br> hunspell-hi <br> hunspell-hil <br> hunspell-hr <br> hunspell-hsb <br> hunspell-ht <br> hunspell-hu <br> hunspell-hy <br> hunspell-ia <br> hunspell-id <br> hunspell-is <br> hunspell-it <br> hunspell-kk <br> hunspell-km <br> hunspell-kn <br> hunspell-ko <br> hunspell-ku <br> hunspell-ky <br> hunspell-la <br> hunspell-lb <br> hunspell-ln <br> hunspell-mai <br> hunspell-mg <br> hunspell-mi <br> hunspell-mk <br> hunspell-ml <br> hunspell-mn <br> hunspell-mos <br> hunspell-mr <br> hunspell-ms <br> hunspell-mt <br> hunspell-nds <br> hunspell-ne <br> hunspell-nl <br> hunspell-no <br> hunspell-nr <br> hunspell-nso <br> hunspell-ny <br> hunspell-om <br> hunspell-or <br> hunspell-pa <br> hunspell-pl <br> hunspell-pt <br> hunspell-quh <br> hunspell-ro <br> hunspell-ru <br> hunspell-rw <br> hunspell-se <br> hunspell-shs <br> hunspell-si <br> hunspell-sk <br> hunspell-sl <br> hunspell-smj <br> hunspell-so <br> hunspell-sq <br> hunspell-sr <br> hunspell-sv <br> hunspell-sw <br> hunspell-ta <br> hunspell-te <br> hunspell-tet <br> hunspell-th <br> hunspell-tk <br> hunspell-tl <br> hunspell-tn <br> hunspell-tpi <br> hunspell-ts <br> hunspell-uk <br> hunspell-uz <br> hunspell-ve <br> hunspell-vi <br> hunspell-wa <br> hunspell-xh <br> hunspell-yi <br> hwdata <br> hwloc <br> hyperscan <br> hyperv-daemons <br> hyphen <br> hyphen-as <br> hyphen-bg <br> hyphen-bn <br> hyphen-ca <br> hyphen-da <br> hyphen-de <br> hyphen-el <br> hyphen-es <br> hyphen-fa <br> hyphen-fo <br> hyphen-fr <br> hyphen-ga <br> hyphen-gl <br> hyphen-grc <br> hyphen-gu <br> hyphen-hi <br> hyphen-hsb <br> hyphen-hu <br> hyphen-ia <br> hyphen-id <br> hyphen-is <br> hyphen-it <br> hyphen-kn <br> hyphen-ku <br> hyphen-lt <br> hyphen-mi <br> hyphen-ml <br> hyphen-mn <br> hyphen-mr <br> hyphen-nl <br> hyphen-or <br> hyphen-pa <br> hyphen-pl <br> hyphen-pt <br> hyphen-ro <br> hyphen-ru <br> hyphen-sa <br> hyphen-sk <br> hyphen-sl <br> hyphen-sv <br> hyphen-ta <br> hyphen-te <br> hyphen-tk <br> hyphen-uk <br> ibus <br> ibus-chewing <br> ibus-hangul <br> ibus-kkc <br> ibus-libzhuyin <br> ibus-m17n <br> ibus-rawcode <br> ibus-sayura <br> ibus-table <br> ibus-table-chinese <br> icc-profiles-openicc <br> icon-naming-utils <br> icoutils <br> iftop <br> iio-sensor-proxy <br> ilmbase <br> im-chooser <br> imaptest <br> imsettings <br> indent <br> infinipath-psm <br> inih <br> iniparser <br> intel-cmt-cat <br> intel-ipsec-mb <br> ioping <br> IP2Location <br> ipa-pgothic-fonts <br> ipcalc <br> ipmitool <br> iprutils <br> iptraf-ng <br> iptstate <br> irssi <br> iscsi-initiator-utils <br> isns-utils <br> iso-codes <br> isomd5sum <br> iw <br> iwd <br> jabberpy <br> jakarta-servlet <br> jasper <br> javapackages-bootstrap <br> javapackages-tools <br> jbigkit <br> jdom2 <br> jemalloc <br> jfsutils <br> jimtcl <br> jose <br> js-jquery <br> jsoncpp <br> Judy <br> jurand <br> kata-containers <br> kde-filesystem <br> kde-settings <br> kexec-tools <br> keybinder3 <br> keycloak-httpd-client-install <br> kf <br> kf-kconfig <br> kf-kcoreaddons <br> kf-ki18n <br> kf-kwidgetsaddons <br> kpmcore <br> kronosnet <br> ksh <br> kyotocabinet <br> kyua <br> ladspa <br> lame <br> langtable <br> lapack <br> lasso <br> latencytop <br> lato-fonts <br> lcms2 <br> lcov <br> ldns <br> leatherman <br> ledmon <br> lensfun <br> leveldb <br> lftp <br> libabw <br> libaec <br> libao <br> libappstream-glib <br> libarrow <br> libart_lgpl <br> libasyncns <br> libatasmart <br> libavc1394 <br> libblockdev <br> libbpf <br> libbsd <br> libburn <br> libbytesize <br> libcacard <br> libcanberra <br> libcdio <br> libcdio-paranoia <br> libcdr <br> libcgroup <br> libchewing <br> libcli <br> libcmis <br> libcmpiutil <br> libcomps <br> libcroco <br> libdaemon <br> libdap <br> libdatrie <br> libdazzle <br> libdbi <br> libdbusmenu <br> libdc1394 <br> libdecor <br> libdeflate <br> libdmx <br> libdnf <br> libdrm <br> libdvdnav <br> libdvdread <br> libdwarf <br> libeasyfc <br> libecap <br> libecb <br> libei <br> libell <br> libEMF <br> libeot <br> libepoxy <br> libepubgen <br> libesmtp <br> libetonyek <br> libev <br> libevdev <br> libexif <br> libexttextcat <br> libfabric <br> libfontenc <br> libfreehand <br> libftdi <br> libgadu <br> libgdither <br> libgee <br> libgee06 <br> libgeotiff <br> libgexiv2 <br> libgit2 <br> libgit2-glib <br> libglade2 <br> libglvnd <br> libgovirt <br> libgphoto2 <br> libgsf <br> libgta <br> libguestfs <br> libgusb <br> libgxim <br> libgxps <br> libhangul <br> libhugetlbfs <br> libibcommon <br> libical <br> libICE <br> libicns <br> libid3tag <br> libIDL <br> libidn2 <br> libiec61883 <br> libieee1284 <br> libimobiledevice <br> libindicator <br> libinput <br> libiodbc <br> libipt <br> libiptcdata <br> libiscsi <br> libisoburn <br> libisofs <br> libjcat <br> libkcapi <br> libkeepalive <br> libkkc <br> libkkc-data <br> libkml <br> liblangtag <br> libldb <br> libldm <br> liblerc <br> liblockfile <br> liblognorm <br> liblouis <br> liblqr-1 <br> liblzf <br> libmad <br> libmd <br> libmediaart <br> libmicrohttpd <br> libmikmod <br> libmodman <br> libmodplug <br> libmodulemd1 <br> libmpcdec <br> libmspub <br> libmtp <br> libmusicbrainz5 <br> libmwaw <br> libnbd <br> libnet <br> libnetfilter_log <br> libnfs <br> libnotify <br> libntlm <br> libnumbertext <br> libnvme <br> liboauth <br> libodfgen <br> libofa <br> libogg <br> liboggz <br> liboil <br> libomxil-bellagio <br> libopenraw <br> liboping <br> libosinfo <br> libotf <br> libotr <br> libpagemaker <br> libpaper <br> libpciaccess <br> libpeas <br> libpfm <br> libpinyin <br> libplist <br> libpmemobj-cpp <br> libpng12 <br> libpng15 <br> libproxy <br> libpsm2 <br> libpwquality <br> libqb <br> libqxp <br> libraqm <br> LibRaw <br> libraw1394 <br> libreport <br> libreswan <br> librevenge <br> librsvg2 <br> librx <br> libsamplerate <br> libsass <br> libsecret <br> libsemanage <br> libsigc++20 <br> libsigsegv <br> libslirp <br> libSM <br> libsmbios <br> libsmi <br> libsndfile <br> libsodium <br> libspiro <br> libsrtp <br> libssh <br> libstaroffice <br> libstemmer <br> libstoragemgmt <br> libtdb <br> libteam <br> libtevent <br> libthai <br> libtnc <br> libtomcrypt <br> libtommath <br> libtpms <br> libtracecmd <br> libtraceevent <br> libtracefs <br> libtranslit <br> libucil <br> libunicap <br> libuninameslist <br> liburing <br> libusbmuxd <br> libuser <br> libutempter <br> libvarlink <br> libverto <br> libvirt-dbus <br> libvirt-glib <br> libvirt-java <br> libvirt-python <br> libvisio <br> libvisual <br> libvoikko <br> libvorbis <br> libvpx <br> libwacom <br> libwnck3 <br> libwpd <br> libwpe <br> libwpg <br> libwps <br> libwvstreams <br> libX11 <br> libXau <br> libXaw <br> libxcb <br> libXcomposite <br> libxcrypt <br> libXcursor <br> libxcvt <br> libXdamage <br> libXdmcp <br> libXext <br> libxfce4util <br> libXfixes <br> libXfont2 <br> libXft <br> libXi <br> libXinerama <br> libxkbcommon <br> libxkbfile <br> libxklavier <br> libxmlb <br> libXmu <br> libXpm <br> libXrandr <br> libXrender <br> libXres <br> libXScrnSaver <br> libxshmfence <br> libXt <br> libXtst <br> libXv <br> libXxf86vm <br> libyami <br> libyang <br> libyubikey <br> libzip <br> libzmf <br> lilv <br> linuxconsoletools <br> linuxptp <br> lksctp-tools <br> lldpd <br> lockdev <br> logwatch <br> lpsolve <br> lrzsz <br> lua <br> lua-expat <br> lua-filesystem <br> lua-json <br> lua-lpeg <br> lua-lunit <br> lua-rpm-macros <br> lua-term <br> luajit <br> lujavrite <br> luksmeta <br> lutok <br> lv2 <br> lzip <br> lzop <br> m17n-db <br> m17n-lib <br> mac-robber <br> mailcap <br> mailx <br> malaga <br> malaga-suomi-voikko <br> mallard-rng <br> man-pages-cs <br> man-pages-es <br> man-pages-it <br> man-pages-ja <br> man-pages-ko <br> man-pages-pl <br> man-pages-ru <br> man-pages-zh-CN <br> mandoc <br> mariadb-connector-c <br> mariadb-connector-odbc <br> marisa <br> maven-compiler-plugin <br> maven-jar-plugin <br> maven-resolver <br> maven-resources-plugin <br> maven-surefire <br> maven-wagon <br> mcelog <br> mcpp <br> mcstrans <br> mdadm <br> mdds <br> mdevctl <br> meanwhile <br> mecab <br> mecab-ipadic <br> media-player-info <br> memcached <br> memkind <br> mesa <br> mesa-libGLU <br> metis <br> microcode_ctl <br> microdnf <br> minicom <br> minizip <br> mksh <br> mobile-broadband-provider-info <br> mock <br> mock-core-configs <br> mod_auth_gssapi <br> mod_auth_mellon <br> mod_auth_openidc <br> mod_authnz_pam <br> mod_fcgid <br> mod_http2 <br> mod_intercept_form_submit <br> mod_lookup_identity <br> mod_md <br> mod_security <br> mod_security_crs <br> mod_wsgi <br> mokutil <br> mpage <br> mrtg <br> mstflint <br> mt-st <br> mtdev <br> mtools <br> mtr <br> mtx <br> munge <br> mutt <br> mythes <br> mythes-bg <br> mythes-ca <br> mythes-cs <br> mythes-da <br> mythes-de <br> mythes-el <br> mythes-en <br> mythes-eo <br> mythes-es <br> mythes-fr <br> mythes-ga <br> mythes-hu <br> mythes-mi <br> mythes-ne <br> mythes-nl <br> mythes-pl <br> mythes-pt <br> mythes-ro <br> mythes-ru <br> mythes-sk <br> mythes-sl <br> mythes-sv <br> mythes-uk <br> nbd <br> nbdkit <br> neon <br> netavark <br> netcdf <br> netcf <br> netlabel_tools <br> netpbm <br> netsniff-ng <br> nfs4-acl-tools <br> nftables <br> nilfs-utils <br> nkf <br> nload <br> nlopt <br> nodejs-packaging <br> nss-mdns <br> nss-pam-ldapd <br> nss_nis <br> nss_wrapper <br> ntfs-3g <br> ntfs-3g-system-compression <br> numad <br> numatop <br> numpy <br> nvmetcli <br> nvml <br> oath-toolkit <br> ocaml <br> ocaml-alcotest <br> ocaml-astring <br> ocaml-augeas <br> ocaml-base <br> ocaml-bigarray-compat <br> ocaml-bisect-ppx <br> ocaml-calendar <br> ocaml-camlp-streams <br> ocaml-camlp5 <br> ocaml-camomile <br> ocaml-cinaps <br> ocaml-cmdliner <br> ocaml-compiler-libs-janestreet <br> ocaml-cppo <br> ocaml-csexp <br> ocaml-csv <br> ocaml-ctypes <br> ocaml-curses <br> ocaml-dune <br> ocaml-extlib <br> ocaml-fileutils <br> ocaml-findlib <br> ocaml-fmt <br> ocaml-fpath <br> ocaml-gettext <br> ocaml-integers <br> ocaml-libvirt <br> ocaml-luv <br> ocaml-lwt <br> ocaml-markup <br> ocaml-mmap <br> ocaml-num <br> ocaml-ocamlbuild <br> ocaml-ocplib-endian <br> ocaml-ounit <br> ocaml-parsexp <br> ocaml-pp <br> ocaml-ppx-derivers <br> ocaml-ppx-here <br> ocaml-ppx-let <br> ocaml-ppxlib <br> ocaml-re <br> ocaml-react <br> ocaml-result <br> ocaml-seq <br> ocaml-sexplib <br> ocaml-sexplib0 <br> ocaml-srpm-macros <br> ocaml-stdio <br> ocaml-stdlib-random <br> ocaml-topkg <br> ocaml-tyxml <br> ocaml-uutf <br> ocaml-xml-light <br> ocaml-zarith <br> ocl-icd <br> oddjob <br> ogdi <br> omping <br> opa <br> opal <br> open-vm-tools <br> openblas <br> opencc <br> opencl-filesystem <br> opencl-headers <br> opencryptoki <br> opencsd <br> opendnssec <br> OpenEXR <br> openjade <br> openjpeg2 <br> openmpi <br> openobex <br> openoffice-lv <br> openrdate <br> opensc <br> openslp <br> opensm <br> opensp <br> openssl <br> openssl-ibmpkcs11 <br> openssl-pkcs11 <br> openwsman <br> optipng <br> opus <br> opusfile <br> orangefs <br> ORBit2 <br> orc <br> os-prober <br> osinfo-db <br> osinfo-db-tools <br> overpass-fonts <br> p11-kit <br> p7zip <br> pacemaker <br> pacrunner <br> pakchois <br> pam_krb5 <br> pam_wrapper <br> papi <br> paps <br> parallel <br> patchelf <br> patchutils <br> pbzip2 <br> pcp <br> pcsc-lite <br> pcsc-lite-ccid <br> PEGTL <br> perl <br> perl-Algorithm-C3 <br> perl-Algorithm-Diff <br> perl-Alien-Build <br> perl-Alien-pkgconf <br> perl-AnyEvent <br> perl-AnyEvent-AIO <br> perl-AnyEvent-BDB <br> perl-App-cpanminus <br> perl-App-FatPacker <br> perl-AppConfig <br> perl-Archive-Extract <br> perl-Archive-Zip <br> perl-Authen-SASL <br> perl-B-COW <br> perl-B-Debug <br> perl-B-Hooks-EndOfScope <br> perl-B-Hooks-OP-Check <br> perl-B-Keywords <br> perl-B-Lint <br> perl-bareword-filehandles <br> perl-Bit-Vector <br> perl-boolean <br> perl-Browser-Open <br> perl-BSD-Resource <br> perl-Business-ISBN <br> perl-Business-ISBN-Data <br> perl-Bytes-Random-Secure <br> perl-Capture-Tiny <br> perl-Carp-Clan <br> perl-CBOR-XS <br> perl-Class-Accessor <br> perl-Class-C3 <br> perl-Class-C3-XS <br> perl-Class-Data-Inheritable <br> perl-Class-Factory-Util <br> perl-Class-Inspector <br> perl-Class-ISA <br> perl-Class-Load <br> perl-Class-Load-XS <br> perl-Class-Method-Modifiers <br> perl-Class-Singleton <br> perl-Class-Tiny <br> perl-Class-XSAccessor <br> perl-Clone <br> perl-Color-ANSI-Util <br> perl-Color-RGB-Util <br> perl-ColorThemeBase-Static <br> perl-ColorThemeRole-ANSI <br> perl-ColorThemes-Standard <br> perl-ColorThemeUtil-ANSI <br> perl-Compress-Bzip2 <br> perl-Compress-LZF <br> perl-Compress-Raw-Lzma <br> perl-Config-AutoConf <br> perl-Config-INI <br> perl-Config-INI-Reader-Multiline <br> perl-Config-IniFiles <br> perl-Config-Simple <br> perl-Config-Tiny <br> perl-Const-Fast <br> perl-Convert-ASN1 <br> perl-Convert-Bencode <br> perl-Coro <br> perl-Coro-Multicore <br> perl-CPAN-Changes <br> perl-CPAN-DistnameInfo <br> perl-CPAN-Meta-Check <br> perl-Cpanel-JSON-XS <br> perl-Crypt-CBC <br> perl-Crypt-DES <br> perl-Crypt-IDEA <br> perl-Crypt-OpenSSL-Bignum <br> perl-Crypt-OpenSSL-Guess <br> perl-Crypt-OpenSSL-Random <br> perl-Crypt-OpenSSL-RSA <br> perl-Crypt-PasswdMD5 <br> perl-Crypt-Random-Seed <br> perl-CSS-Tiny <br> perl-Data-Dump <br> perl-Data-Munge <br> perl-Data-OptList <br> perl-Data-Peek <br> perl-Data-Section <br> perl-Data-UUID <br> perl-Date-Calc <br> perl-Date-ISO8601 <br> perl-Date-Manip <br> perl-DateTime <br> perl-DateTime-Format-Builder <br> perl-DateTime-Format-DateParse <br> perl-DateTime-Format-HTTP <br> perl-DateTime-Format-IBeat <br> perl-DateTime-Format-ISO8601 <br> perl-DateTime-Format-Mail <br> perl-DateTime-Format-Strptime <br> perl-DateTime-Locale <br> perl-DateTime-TimeZone <br> perl-DateTime-TimeZone-SystemV <br> perl-DateTime-TimeZone-Tzfile <br> perl-DBD-MySQL <br> perl-Devel-CallChecker <br> perl-Devel-Caller <br> perl-Devel-CheckBin <br> perl-Devel-CheckLib <br> perl-Devel-Cycle <br> perl-Devel-EnforceEncapsulation <br> perl-Devel-GlobalDestruction <br> perl-Devel-GlobalDestruction-XS <br> perl-Devel-Hide <br> perl-Devel-Leak <br> perl-Devel-LexAlias <br> perl-Devel-Refcount <br> perl-Devel-Size <br> perl-Devel-StackTrace <br> perl-Devel-Symdump <br> perl-Digest-BubbleBabble <br> perl-Digest-CRC <br> perl-Digest-HMAC <br> perl-Digest-SHA1 <br> perl-Dist-CheckConflicts <br> perl-DynaLoader-Functions <br> perl-Email-Address <br> perl-Email-Date-Format <br> perl-Encode-Detect <br> perl-Encode-EUCJPASCII <br> perl-Encode-IMAPUTF7 <br> perl-Encode-Locale <br> perl-Env-ShellWords <br> perl-Error <br> perl-EV <br> perl-Eval-Closure <br> perl-Event <br> perl-Exception-Class <br> perl-Expect <br> perl-ExtUtils-Config <br> perl-ExtUtils-Depends <br> perl-ExtUtils-Helpers <br> perl-ExtUtils-InstallPaths <br> perl-ExtUtils-PkgConfig <br> perl-FCGI <br> perl-Fedora-VSP <br> perl-FFI-CheckLib <br> perl-File-BaseDir <br> perl-File-BOM <br> perl-File-chdir <br> perl-File-CheckTree <br> perl-File-Copy-Recursive <br> perl-File-DesktopEntry <br> perl-File-Find-Object <br> perl-File-Find-Object-Rule <br> perl-File-Find-Rule <br> perl-File-Find-Rule-Perl <br> perl-File-Inplace <br> perl-File-Listing <br> perl-File-MimeInfo <br> perl-File-pushd <br> perl-File-ReadBackwards <br> perl-File-Remove <br> perl-File-ShareDir <br> perl-File-ShareDir-Install <br> perl-File-Slurp <br> perl-File-Slurp-Tiny <br> perl-File-Slurper <br> perl-File-Type <br> perl-Font-TTF <br> perl-FreezeThaw <br> perl-GD <br> perl-GD-Barcode <br> perl-generators <br> perl-Getopt-ArgvFile <br> perl-gettext <br> perl-Graphics-ColorNamesLite-WWW <br> perl-GSSAPI <br> perl-Guard <br> perl-Hook-LexWrap <br> perl-HTML-Parser <br> perl-HTML-Tagset <br> perl-HTML-Tree <br> perl-HTTP-Cookies <br> perl-HTTP-Daemon <br> perl-HTTP-Date <br> perl-HTTP-Message <br> perl-HTTP-Negotiate <br> perl-Image-Base <br> perl-Image-Info <br> perl-Image-Xbm <br> perl-Image-Xpm <br> perl-Import-Into <br> perl-Importer <br> perl-inc-latest <br> perl-indirect <br> perl-Inline-Files <br> perl-IO-AIO <br> perl-IO-All <br> perl-IO-CaptureOutput <br> perl-IO-Compress-Lzma <br> perl-IO-HTML <br> perl-IO-Multiplex <br> perl-IO-SessionData <br> perl-IO-Socket-INET6 <br> perl-IO-String <br> perl-IO-stringy <br> perl-IO-Tty <br> perl-IPC-Run <br> perl-IPC-Run3 <br> perl-IPC-System-Simple <br> perl-JSON <br> perl-JSON-Color <br> perl-JSON-MaybeXS <br> perl-LDAP <br> perl-libnet <br> perl-libwww-perl <br> perl-libxml-perl <br> perl-Lingua-EN-Inflect <br> perl-List-MoreUtils-XS <br> perl-local-lib <br> perl-Locale-Codes <br> perl-Locale-Maketext-Gettext <br> perl-Locale-Msgfmt <br> perl-Locale-PO <br> perl-Log-Message <br> perl-Log-Message-Simple <br> perl-LWP-MediaTypes <br> perl-LWP-Protocol-https <br> perl-Mail-AuthenticationResults <br> perl-Mail-DKIM <br> perl-Mail-IMAPTalk <br> perl-Mail-SPF <br> perl-MailTools <br> perl-Match-Simple <br> perl-Math-Int64 <br> perl-Math-Random-ISAAC <br> perl-MIME-Charset <br> perl-MIME-Lite <br> perl-MIME-Types <br> perl-Mixin-Linewise <br> perl-MLDBM <br> perl-Mock-Config <br> perl-Module-Build-Tiny <br> perl-Module-CPANfile <br> perl-Module-Implementation <br> perl-Module-Install-AuthorRequires <br> perl-Module-Install-AuthorTests <br> perl-Module-Install-AutoLicense <br> perl-Module-Install-GithubMeta <br> perl-Module-Install-ManifestSkip <br> perl-Module-Install-ReadmeFromPod <br> perl-Module-Install-ReadmeMarkdownFromPod <br> perl-Module-Install-Repository <br> perl-Module-Install-TestBase <br> perl-Module-Load-Util <br> perl-Module-Manifest <br> perl-Module-Manifest-Skip <br> perl-Module-Package <br> perl-Module-Package-Au <br> perl-Module-Pluggable <br> perl-Module-Runtime <br> perl-Module-Signature <br> perl-Mojolicious <br> perl-Moo <br> perl-Mozilla-CA <br> perl-Mozilla-LDAP <br> perl-MRO-Compat <br> perl-multidimensional <br> perl-namespace-autoclean <br> perl-namespace-clean <br> perl-Net-CIDR-Lite <br> perl-Net-Daemon <br> perl-Net-DNS <br> perl-Net-DNS-Resolver-Mock <br> perl-Net-DNS-Resolver-Programmable <br> perl-Net-HTTP <br> perl-Net-IMAP-Simple <br> perl-Net-IMAP-Simple-SSL <br> perl-Net-IP <br> perl-Net-LibIDN2 <br> perl-Net-Patricia <br> perl-Net-SMTP-SSL <br> perl-Net-SNMP <br> perl-Net-Telnet <br> perl-Newt <br> perl-NNTPClient <br> perl-NTLM <br> perl-Number-Compare <br> perl-Object-Deadly <br> perl-Object-HashBase <br> perl-Package-Anon <br> perl-Package-Constants <br> perl-Package-DeprecationManager <br> perl-Package-Generator <br> perl-Package-Stash <br> perl-Package-Stash-XS <br> perl-PadWalker <br> perl-Paper-Specs <br> perl-PAR-Dist <br> perl-Parallel-Iterator <br> perl-Params-Classify <br> perl-Params-Util <br> perl-Params-Validate <br> perl-Params-ValidationCompiler <br> perl-Parse-PMFile <br> perl-Parse-RecDescent <br> perl-Parse-Yapp <br> perl-Path-Tiny <br> perl-Perl-Critic <br> perl-Perl-Critic-More <br> perl-Perl-Destruct-Level <br> perl-Perl-MinimumVersion <br> perl-Perl4-CoreLibs <br> perl-PerlIO-gzip <br> perl-PerlIO-utf8_strict <br> perl-PkgConfig-LibPkgConf <br> perl-Pod-Coverage <br> perl-Pod-Coverage-TrustPod <br> perl-Pod-Escapes <br> perl-Pod-Eventual <br> perl-Pod-LaTeX <br> perl-Pod-Markdown <br> perl-Pod-Parser <br> perl-Pod-Plainer <br> perl-Pod-POM <br> perl-Pod-Spell <br> perl-PPI <br> perl-PPI-HTML <br> perl-PPIx-QuoteLike <br> perl-PPIx-Regexp <br> perl-PPIx-Utilities <br> perl-prefork <br> perl-Probe-Perl <br> perl-Razor-Agent <br> perl-Readonly <br> perl-Readonly-XS <br> perl-Ref-Util <br> perl-Ref-Util-XS <br> perl-Regexp-Pattern-Perl <br> perl-Return-MultiLevel <br> perl-Role-Tiny <br> perl-Scope-Guard <br> perl-Scope-Upper <br> perl-SGMLSpm <br> perl-SNMP_Session <br> perl-Socket6 <br> perl-Software-License <br> perl-Sort-Versions <br> perl-Specio <br> perl-Spiffy <br> perl-strictures <br> perl-String-CRC32 <br> perl-String-Format <br> perl-String-ShellQuote <br> perl-String-Similarity <br> perl-Sub-Exporter <br> perl-Sub-Exporter-Progressive <br> perl-Sub-Identify <br> perl-Sub-Infix <br> perl-Sub-Info <br> perl-Sub-Install <br> perl-Sub-Name <br> perl-Sub-Quote <br> perl-Sub-Uplevel <br> perl-SUPER <br> perl-Switch <br> perl-Syntax-Highlight-Engine-Kate <br> perl-Sys-CPU <br> perl-Sys-MemInfo <br> perl-Sys-Virt <br> perl-Taint-Runtime <br> perl-Task-Weaken <br> perl-Term-Size-Any <br> perl-Term-Size-Perl <br> perl-Term-Table <br> perl-Term-UI <br> perl-TermReadKey <br> perl-Test-Base <br> perl-Test-ClassAPI <br> perl-Test-CPAN-Meta <br> perl-Test-CPAN-Meta-JSON <br> perl-Test-Deep <br> perl-Test-Differences <br> perl-Test-DistManifest <br> perl-Test-Distribution <br> perl-Test-EOL <br> perl-Test-Exception <br> perl-Test-Exit <br> perl-Test-FailWarnings <br> perl-Test-Fatal <br> perl-Test-File <br> perl-Test-File-ShareDir <br> perl-Test-Harness <br> perl-Test-HasVersion <br> perl-Test-InDistDir <br> perl-Test-Inter <br> perl-Test-LeakTrace <br> perl-Test-LongString <br> perl-Test-Manifest <br> perl-Test-Memory-Cycle <br> perl-Test-MinimumVersion <br> perl-Test-MockObject <br> perl-Test-MockRandom <br> perl-Test-Needs <br> perl-Test-NoTabs <br> perl-Test-NoWarnings <br> perl-Test-Object <br> perl-Test-Output <br> perl-Test-Pod <br> perl-Test-Pod-Coverage <br> perl-Test-Portability-Files <br> perl-Test-Requires <br> perl-Test-RequiresInternet <br> perl-Test-Script <br> perl-Test-Simple <br> perl-Test-SubCalls <br> perl-Test-Synopsis <br> perl-Test-Taint <br> perl-Test-TrailingSpace <br> perl-Test-utf8 <br> perl-Test-Vars <br> perl-Test-Warn <br> perl-Test-Without-Module <br> perl-Test2-Plugin-NoWarnings <br> perl-Test2-Suite <br> perl-Test2-Tools-Explain <br> perl-Text-CharWidth <br> perl-Text-CSV_XS <br> perl-Text-Diff <br> perl-Text-Glob <br> perl-Text-Iconv <br> perl-Text-Soundex <br> perl-Text-Unidecode <br> perl-Text-WrapI18N <br> perl-Tie-IxHash <br> perl-TimeDate <br> perl-Tree-DAG_Node <br> perl-Unicode-EastAsianWidth <br> perl-Unicode-LineBreak <br> perl-Unicode-Map8 <br> perl-Unicode-String <br> perl-Unicode-UTF8 <br> perl-UNIVERSAL-can <br> perl-UNIVERSAL-isa <br> perl-Unix-Syslog <br> perl-URI <br> perl-Variable-Magic <br> perl-Version-Requirements <br> perl-WWW-RobotRules <br> perl-XML-Catalog <br> perl-XML-DOM <br> perl-XML-Dumper <br> perl-XML-Filter-BufferText <br> perl-XML-Generator <br> perl-XML-Grove <br> perl-XML-Handler-YAWriter <br> perl-XML-LibXML <br> perl-XML-LibXSLT <br> perl-XML-NamespaceSupport <br> perl-XML-Parser-Lite <br> perl-XML-RegExp <br> perl-XML-SAX <br> perl-XML-SAX-Base <br> perl-XML-SAX-Writer <br> perl-XML-Simple <br> perl-XML-TokeParser <br> perl-XML-TreeBuilder <br> perl-XML-Twig <br> perl-XML-Writer <br> perl-XML-XPath <br> perl-XML-XPathEngine <br> perl-XString <br> perl-YAML-LibYAML <br> perl-YAML-PP <br> perl-YAML-Syck <br> perltidy <br> pesign <br> phodav <br> php <br> php-pear <br> php-pecl-apcu <br> php-pecl-zip <br> physfs <br> picosat <br> pinfo <br> pipewire <br> pixman <br> pkcs11-helper <br> pkgconf <br> plexus-cipher <br> plexus-containers <br> plexus-sec-dispatcher <br> plotutils <br> pmdk-convert <br> pmix <br> pngcrush <br> pngnq <br> po4a <br> podman <br> poetry <br> policycoreutils <br> polkit-pkla-compat <br> polkit-qt-1 <br> portreserve <br> postfix <br> potrace <br> powertop <br> ppp <br> pps-tools <br> pptp <br> priv_wrapper <br> procmail <br> prometheus <br> prometheus-node-exporter <br> ps_mem <br> psacct <br> pssh <br> psutils <br> ptlib <br> publicsuffix-list <br> pugixml <br> pulseaudio <br> puppet <br> pwgen <br> pyatspi <br> pybind11 <br> pycairo <br> pyelftools <br> pyflakes <br> pygobject3 <br> PyGreSQL <br> pykickstart <br> pylint <br> pyparted <br> pyproject-rpm-macros <br> pyserial <br> python-absl-py <br> python-aiodns <br> python-aiohttp <br> python-alsa <br> python-argcomplete <br> python-argparse-manpage <br> python-astroid <br> python-astunparse <br> python-async-generator <br> python-augeas <br> python-azure-sdk <br> python-beautifulsoup4 <br> python-betamax <br> python-blinker <br> python-blivet <br> python-cached_property <br> python-charset-normalizer <br> python-cheetah <br> python-click <br> python-cmd2 <br> python-colorama <br> python-CommonMark <br> python-conda-package-handling <br> python-configshell <br> python-cpuinfo <br> python-cups <br> python-curio <br> python-cytoolz <br> python-d2to1 <br> python-dbus-client-gen <br> python-dbus-python-client-gen <br> python-dbus-signature-pyparsing <br> python-dbusmock <br> python-ddt <br> python-debtcollector <br> python-decorator <br> python-distlib <br> python-dmidecode <br> python-dns <br> python-dtopt <br> python-dulwich <br> python-editables <br> python-enchant <br> python-entrypoints <br> python-ethtool <br> python-evdev <br> python-extras <br> python-faker <br> python-fasteners <br> python-fastjsonschema <br> python-fields <br> python-filelock <br> python-fixtures <br> python-flake8 <br> python-flask <br> python-flit <br> python-flit-core <br> python-fluidity-sm <br> python-frozendict <br> python-funcsigs <br> python-gast <br> python-genshi <br> python-google-auth <br> python-google-auth-oauthlib <br> python-greenlet <br> python-gssapi <br> python-h5py <br> python-hatch-fancy-pypi-readme <br> python-hatch-vcs <br> python-hatchling <br> python-hs-dbus-signature <br> python-html5lib <br> python-httplib2 <br> python-humanize <br> python-hwdata <br> python-importlib-metadata <br> python-inotify <br> python-into-dbus-python <br> python-IPy <br> python-iso8601 <br> python-isodate <br> python-isort <br> python-itsdangerous <br> python-junitxml <br> python-justbases <br> python-justbytes <br> python-jwcrypto <br> python-jwt <br> python-kdcproxy <br> python-kerberos <br> python-kmod <br> python-kubernetes <br> python-lark <br> python-lazy-object-proxy <br> python-ldap <br> python-linux-procfs <br> python-lit <br> python-looseversion <br> python-markdown <br> python-markdown-it-py <br> python-mccabe <br> python-mdurl <br> python-memcached <br> python-mimeparse <br> python-mock <br> python-monotonic <br> python-more-itertools <br> python-mpmath <br> python-msal <br> python-msrestazure <br> python-mutagen <br> python-networkx <br> python-nose2 <br> python-ntlm-auth <br> python-oauth2client <br> python-openpyxl <br> python-openstackdocstheme <br> python-oslo-i18n <br> python-oslo-sphinx <br> python-paramiko <br> python-pathspec <br> python-pefile <br> python-pexpect <br> python-pkgconfig <br> python-platformdirs <br> python-pluggy <br> python-podman-api <br> python-poetry-core <br> python-process-tests <br> python-productmd <br> python-ptyprocess <br> python-pycares <br> python-pycosat <br> python-pydbus <br> python-pymongo <br> python-PyMySQL <br> python-pyperclip <br> python-pyproject-metadata <br> python-pyroute2 <br> python-pyrsistent <br> python-pysocks <br> python-pytest-benchmark <br> python-pytest-cov <br> python-pytest-expect <br> python-pytest-flake8 <br> python-pytest-flakes <br> python-pytest-forked <br> python-pytest-mock <br> python-pytest-relaxed <br> python-pytest-runner <br> python-pytest-subtests <br> python-pytest-timeout <br> python-pytest-xdist <br> python-pytoml <br> python-pyudev <br> python-pywbem <br> python-qrcode <br> python-rdflib <br> python-recommonmark <br> python-requests-file <br> python-requests-ftp <br> python-requests-kerberos <br> python-requests-mock <br> python-requests-oauthlib <br> python-requests-toolbelt <br> python-requests_ntlm <br> python-responses <br> python-retrying <br> python-rfc3986 <br> python-rich <br> python-rpm-generators <br> python-rpmfluff <br> python-rtslib <br> python-ruamel-yaml <br> python-ruamel-yaml-clib <br> python-s3transfer <br> python-schedutils <br> python-semantic_version <br> python-should_dsl <br> python-simpleline <br> python-slip <br> python-sniffio <br> python-sortedcontainers <br> python-soupsieve <br> python-sphinx <br> python-sphinx-epytext <br> python-sphinx-theme-py3doc-enhanced <br> python-sphinx_rtd_theme <br> python-sphinxcontrib-apidoc <br> python-sphinxcontrib-applehelp <br> python-sphinxcontrib-devhelp <br> python-sphinxcontrib-htmlhelp <br> python-sphinxcontrib-httpdomain <br> python-sphinxcontrib-jsmath <br> python-sphinxcontrib-qthelp <br> python-sphinxcontrib-serializinghtml <br> python-sqlalchemy <br> python-suds <br> python-systemd <br> python-tempita <br> python-templated-dictionary <br> python-termcolor <br> python-testpath <br> python-testresources <br> python-testscenarios <br> python-testtools <br> python-tidy <br> python-toml <br> python-tomli <br> python-toolz <br> python-tornado <br> python-tox <br> python-tox-current-env <br> python-tqdm <br> python-trio <br> python-trove-classifiers <br> python-typing-extensions <br> python-uamqp <br> python-unittest2 <br> python-uritemplate <br> python-urwid <br> python-varlink <br> python-versioneer <br> python-virt-firmware <br> python-voluptuous <br> python-waitress <br> python-webencodings <br> python-webtest <br> python-wheel <br> python-whoosh <br> python-winrm <br> python-wrapt <br> python-xlrd <br> python-xlsxwriter <br> python-xmltodict <br> python-yubico <br> python-zipp <br> python-zmq <br> python-zstd <br> python3-mallard-ducktype <br> python3-pytest-asyncio <br> python3-typed_ast <br> pyusb <br> pywbem <br> pyxattr <br> qemu <br> qhull <br> qpdf <br> qperf <br> qr-code-generator <br> qt-rpm-macros <br> qt5-qtconnectivity <br> qt5-qtsensors <br> qt5-qtserialport <br> qtbase <br> qtdeclarative <br> qtsvg <br> qttools <br> quagga <br> quota <br> radvd <br> ragel <br> raptor2 <br> rarian <br> rasdaemon <br> rasqal <br> rcs <br> rdist <br> rdma-core <br> re2 <br> re2c <br> realmd <br> rear <br> recode <br> resource-agents <br> rest <br> rhash <br> rlwrap <br> rp-pppoe <br> rpm-mpi-hooks <br> rpmdevtools <br> rpmlint <br> rr <br> rtkit <br> rtl-sdr <br> ruby-augeas <br> rubygem-bson <br> rubygem-coderay <br> rubygem-diff-lcs <br> rubygem-flexmock <br> rubygem-hpricot <br> rubygem-introspection <br> rubygem-liquid <br> rubygem-maruku <br> rubygem-metaclass <br> rubygem-mongo <br> rubygem-mustache <br> rubygem-mysql2 <br> rubygem-pkg-config <br> rubygem-rake <br> rubygem-rake-compiler <br> rubygem-ronn <br> rubygem-rouge <br> rubygem-rspec <br> rubygem-rspec-expectations <br> rubygem-rspec-mocks <br> rubygem-rspec-support <br> rubygem-thread_order <br> rusers <br> rust-cbindgen <br> samba <br> sanlock <br> sassist <br> satyr <br> sbc <br> sblim-cim-client2 <br> sblim-cmpi-base <br> sblim-cmpi-devel <br> sblim-cmpi-fsvol <br> sblim-cmpi-network <br> sblim-cmpi-nfsv3 <br> sblim-cmpi-nfsv4 <br> sblim-cmpi-params <br> sblim-cmpi-sysfs <br> sblim-cmpi-syslog <br> sblim-indication_helper <br> sblim-sfcb <br> sblim-sfcc <br> sblim-sfcCommon <br> sblim-testsuite <br> sblim-wbemcli <br> scl-utils <br> scotch <br> screen <br> scrub <br> SDL <br> SDL2 <br> SDL_sound <br> sdparm <br> seabios <br> secilc <br> selinux-policy <br> serd <br> setools <br> setserial <br> setuptool <br> sgabios <br> sgml-common <br> sgpio <br> shared-mime-info <br> sharutils <br> sip <br> sisu <br> skkdic <br> sleuthkit <br> slirp4netns <br> smartmontools <br> smc-tools <br> socket_wrapper <br> softhsm <br> sombok <br> sord <br> sos <br> sound-theme-freedesktop <br> soundtouch <br> sox <br> soxr <br> sparsehash <br> spausedd <br> speex <br> speexdsp <br> spice-protocol <br> spice-vdagent <br> spirv-headers <br> spirv-tools <br> splix <br> squashfs-tools <br> squid <br> sratom <br> sscg <br> star <br> startup-notification <br> stress-ng <br> stunnel <br> subscription-manager <br> subunit <br> suitesparse <br> SuperLU <br> supermin <br> switcheroo-control <br> swtpm <br> symlinks <br> sympy <br> sysfsutils <br> systemd <br> systemd-bootchart <br> t1lib <br> t1utils <br> taglib <br> tang <br> targetcli <br> tbb <br> tcl-pgtcl <br> tclx <br> teckit <br> telnet <br> thrift <br> tidy <br> time <br> tini <br> tinycdb <br> tix <br> tk <br> tlog <br> tmpwatch <br> tn5250 <br> tofrodos <br> tokyocabinet <br> trace-cmd <br> tss2 <br> ttembed <br> ttmkfdir <br> tuna <br> twolame <br> uchardet <br> uclibc-ng <br> ucpp <br> ucs-miscfixed-fonts <br> ucx <br> udftools <br> udica <br> udisks2 <br> uglify-js <br> uid_wrapper <br> unicode-emoji <br> unicode-ucd <br> unique3 <br> units <br> upower <br> uriparser <br> urlview <br> usb_modeswitch <br> usb_modeswitch-data <br> usbguard <br> usbip <br> usbmuxd <br> usbredir <br> usermode <br> ustr <br> uthash <br> uuid <br> uw-imap <br> v4l-utils <br> vhostmd <br> vino <br> virglrenderer <br> virt-p2v <br> virt-top <br> virt-what <br> virt-who <br> vitess <br> vmem <br> volume_key <br> vorbis-tools <br> vte291 <br> vulkan-headers <br> vulkan-loader <br> watchdog <br> wavpack <br> wayland <br> wayland-protocols <br> web-assets <br> webrtc-audio-processing <br> websocketpp <br> wget <br> whois <br> wireguard-tools <br> wireless-regdb <br> wireshark <br> woff2 <br> wordnet <br> words <br> wpebackend-fdo <br> wsmancli <br> wvdial <br> x3270 <br> xapian-core <br> Xaw3d <br> xcb-proto <br> xcb-util <br> xcb-util-image <br> xcb-util-keysyms <br> xcb-util-renderutil <br> xcb-util-wm <br> xdelta <br> xdg-dbus-proxy <br> xdg-utils <br> xdp-tools <br> xerces-c <br> xfconf <br> xfsdump <br> xhtml1-dtds <br> xkeyboard-config <br> xmlstarlet <br> xmltoman <br> xmvn <br> xorg-x11-apps <br> xorg-x11-drv-libinput <br> xorg-x11-font-utils <br> xorg-x11-fonts <br> xorg-x11-proto-devel <br> xorg-x11-server <br> xorg-x11-server-utils <br> xorg-x11-server-Xwayland <br> xorg-x11-util-macros <br> xorg-x11-utils <br> xorg-x11-xauth <br> xorg-x11-xbitmaps <br> xorg-x11-xinit <br> xorg-x11-xkb-utils <br> xorg-x11-xtrans-devel <br> xrestop <br> xterm <br> xxhash <br> yajl <br> yaml-cpp <br> yasm <br> yelp-tools <br> yelp-xsl <br> ykclient <br> yp-tools <br> ypbind <br> ypserv <br> z3 <br> zenity <br> zerofree <br> zfs-fuse <br> zipper <br> zopfli <br> zziplib |
 | Fedora (Copyright Remi Collet) | [CC-BY-SA 4.0](https://creativecommons.org/licenses/by-sa/4.0/legalcode) | libmemcached-awesome <br> librabbitmq |
 | Fedora (ISC) | [ISC License](https://github.com/sarugaku/resolvelib/blob/main/LICENSE) | python-resolvelib |
 | Magnus Edenhill Open Source | [Magnus Edenhill Open Source BSD License](https://github.com/jemalloc/jemalloc/blob/dev/COPYING) | librdkafka |
diff --git a/LICENSES-AND-NOTICES/SPECS/data/licenses.json b/LICENSES-AND-NOTICES/SPECS/data/licenses.json
index 564c18db866..ebfae67c862 100644
--- a/LICENSES-AND-NOTICES/SPECS/data/licenses.json
+++ b/LICENSES-AND-NOTICES/SPECS/data/licenses.json
@@ -1573,6 +1573,7 @@
                 "phodav",
                 "php",
                 "php-pear",
+                "php-pecl-apcu",
                 "php-pecl-zip",
                 "physfs",
                 "picosat",
diff --git a/SPECS/php-pecl-apcu/apcu-panel.conf b/SPECS/php-pecl-apcu/apcu-panel.conf
new file mode 100644
index 00000000000..de7d69010c3
--- /dev/null
+++ b/SPECS/php-pecl-apcu/apcu-panel.conf
@@ -0,0 +1,9 @@
+# APC Control Panel
+Alias /apcu-panel /usr/share/apcu-panel
+
+<Directory /usr/share/apcu-panel>
+   <IfModule mod_authz_core.c>
+     Require local
+   </IfModule>
+</Directory>
+
diff --git a/SPECS/php-pecl-apcu/apcu.conf.php b/SPECS/php-pecl-apcu/apcu.conf.php
new file mode 100644
index 00000000000..8ed53202d33
--- /dev/null
+++ b/SPECS/php-pecl-apcu/apcu.conf.php
@@ -0,0 +1,23 @@
+<?php
+define('USE_AUTHENTICATION',1);		// Use (internal) authentication - best choice if
+					// no other authentication is available
+					// If set to 0:
+					//  There will be no further authentication. You
+					//  will have to handle this by yourself!
+					// If set to 1:
+					//  You need to change ADMIN_PASSWORD to make
+					//  this work!
+define('ADMIN_USERNAME','apc');		// Admin Username
+define('ADMIN_PASSWORD','password');  	// Admin Password - CHANGE THIS TO ENABLE!!!
+
+// (beckerr) I'm using a clear text password here, because I've no good idea how to let 
+//           users generate a md5 or crypt password in a easy way to fill it in above
+
+//define('DATE_FORMAT', "d.m.Y H:i:s");	// German
+//define('DATE_FORMAT', "d/m/Y H:i:s");	// French
+define('DATE_FORMAT', 'Y/m/d H:i:s'); 	// US
+
+define('GRAPH_SIZE',200);		// Image size
+
+//define('PROXY', 'tcp://127.0.0.1:8080');
+
diff --git a/SPECS/php-pecl-apcu/apcu.ini b/SPECS/php-pecl-apcu/apcu.ini
new file mode 100644
index 00000000000..dacb93858d8
--- /dev/null
+++ b/SPECS/php-pecl-apcu/apcu.ini
@@ -0,0 +1,63 @@
+; Enable APCu extension module
+extension = apcu.so
+
+;	This can be set to 0 to disable APCu
+apc.enabled=1
+
+;	Setting this enables APCu for the CLI version of PHP
+;	(Mostly for testing and debugging).
+;apc.enable_cli=0
+
+;	Sets the path to text files containing caches to load from disk upon
+;	initialization of APCu. preload_path should be a directory where each
+;	file follows $key.data where $key should be used as the entry name
+;	and the contents of the file contains serialized data to use as the value
+;	of the entry.
+;apc.preload_path=
+
+;	The size of each shared memory segment, with M/G suffixe
+;apc.shm_size=32M
+
+;	The number of seconds a cache entry is allowed to idle in a slot in case
+;	this cache entry slot is needed by another entry.
+;apc.ttl=0
+
+;	The number of seconds that a cache entry may remain on the
+;	garbage-collection list.
+;apc.gc_ttl=3600
+
+;	If you begin to get low on resources, an expunge of the cache
+;	is performed if it is less than half full. This is not always
+;	a suitable way of determining if an expunge of the cache
+;	should be per apc.smart allows you to set a runtime configuration
+;	value which	is used to determine if an expunge should be run
+;	if (available_size < apc.smart * requested_size)
+;apc.smart=0
+
+;	A "hint" about the number variables expected in the cache.
+;	Set to zero or omit if you are not sure;
+;apc.entries_hint=4096
+
+;	The mktemp-style file_mask to pass to the mmap module 
+apc.mmap_file_mask=/tmp/apc.XXXXXX
+
+;	On very busy servers whenever you start the server or
+;	modify files you can create a race of many processes
+;	all trying to cache the same data at the same time.
+;	By default, APCu attempts to prevent "slamming" of a key.
+;	A key is considered "slammed" if it was the last key set,
+;	and a context other than the current one set it ( ie. it
+;	was set by another process or thread )
+;apc.slam_defense=0
+
+;	Defines which serializer should be used
+;	Default is the standard PHP serializer.
+;apc.serializer='php'
+
+;	use the SAPI request start time for TTL
+;apc.use_request_time=0
+
+;	Enables APCu handling of signals, such as SIGSEGV, that write core files
+;	when signaled. APCu will attempt to unmap the shared memory segment in
+;	order to exclude it from the core file
+;apc.coredump_unmap=0
diff --git a/SPECS/php-pecl-apcu/php-pecl-apcu.signatures.json b/SPECS/php-pecl-apcu/php-pecl-apcu.signatures.json
new file mode 100644
index 00000000000..34888750922
--- /dev/null
+++ b/SPECS/php-pecl-apcu/php-pecl-apcu.signatures.json
@@ -0,0 +1,8 @@
+{
+ "Signatures": {
+  "php-pecl-apcu-5.1.23.tgz": "67ee7464ccad2335c3fa4aeb0b8edbcf6d8344feea7922620c6a13015d604482",
+  "apcu-panel.conf": "243df3ba157ee9c219410bb58536ae38cc06f49e97c0c97b4215930ac455a229",
+  "apcu.conf.php": "6e951a5ec91cf4d8e7ef4edee81abde1ce2c8d5f55f7c266e4b76b56d97cf176",
+  "apcu.ini": "17a905e6d91f998a280aefd8ca4a6558ddb86aa34f7dbf5941dc0b963615fa30"
+ }
+}
diff --git a/SPECS/php-pecl-apcu/php-pecl-apcu.spec b/SPECS/php-pecl-apcu/php-pecl-apcu.spec
new file mode 100644
index 00000000000..7a3c8d08870
--- /dev/null
+++ b/SPECS/php-pecl-apcu/php-pecl-apcu.spec
@@ -0,0 +1,456 @@
+# Fedora spec file for php-pecl-apcu
+#
+# Copyright (c) 2013-2024 Remi Collet
+# License: CC-BY-SA-4.0
+# http://creativecommons.org/licenses/by-sa/4.0/
+#
+# Please, preserve the changelog entries
+#
+
+%global pecl_name  apcu
+%global with_zts   0%{?__ztsphp:1}
+%global ini_name   40-%{pecl_name}.ini
+%global sources    %{pecl_name}-%{version}
+
+Name:           php-pecl-apcu
+Summary:        APC User Cache
+Version:        5.1.23
+Release:        6%{?dist}
+Source0:        https://pecl.php.net/get/%{sources}.tgz#/%{name}-%{version}.tgz
+Source1:        %{pecl_name}.ini
+Source2:        %{pecl_name}-panel.conf
+Source3:        %{pecl_name}.conf.php
+
+License:        PHP-3.01
+URL:            https://pecl.php.net/package/APCu
+Vendor:         Microsoft Corporation
+Distribution:   Azure Linux
+
+BuildRequires:  make
+BuildRequires:  gcc
+BuildRequires:  php-devel
+BuildRequires:  php-pear
+
+Requires:       php(zend-abi) = %{php_zend_api}
+Requires:       php(api) = %{php_core_api}
+
+Obsoletes:      php-apcu < 4.0.0-1
+Provides:       php-apcu = %{version}
+Provides:       php-apcu%{?_isa} = %{version}
+Provides:       php-pecl(apcu) = %{version}
+Provides:       php-pecl(apcu)%{?_isa} = %{version}
+
+
+%description
+APCu is userland caching: APC stripped of opcode caching.
+
+APCu only supports userland caching of variables.
+
+The %{?sub_prefix}php-pecl-apcu-bc package provides a drop
+in replacement for APC.
+
+
+%package devel
+Summary:       APCu developer files (header)
+Requires:      %{name}%{?_isa} = %{version}-%{release}
+Requires:      php-devel%{?_isa}
+Obsoletes:     php-pecl-apc-devel < 4
+Provides:      php-pecl-apc-devel = %{version}-%{release}
+Provides:      php-pecl-apc-devel%{?_isa} = %{version}-%{release}
+
+%description devel
+These are the files needed to compile programs using APCu.
+
+
+%package -n apcu-panel
+Summary:       APCu control panel
+BuildArch:     noarch
+Requires:      %{name} = %{version}-%{release}
+Requires:      php(httpd)
+Requires:      php-gd
+Requires:      httpd
+Obsoletes:     apc-panel < 4
+Provides:      apc-panel = %{version}-%{release}
+
+%description -n apcu-panel
+This package provides the APCu control panel, with Apache
+configuration, available on http://localhost/apcu-panel/
+
+
+%prep
+%setup -qc
+mv %{pecl_name}-%{version} NTS
+
+sed -e '/LICENSE/s/role="doc"/role="src"/' -i package.xml
+
+cd NTS
+# Sanity check, really often broken
+extver=$(sed -n '/#define PHP_APCU_VERSION/{s/.* "//;s/".*$//;p}' php_apc.h)
+if test "x${extver}" != "x%{version}"; then
+   : Error: Upstream extension version is ${extver}, expecting %{version}.
+   exit 1
+fi
+cd ..
+
+%if %{with_zts}
+# duplicate for ZTS build
+cp -pr NTS ZTS
+%endif
+
+# Fix path to configuration file
+sed -e s:apc.conf.php:%{_sysconfdir}/apcu-panel/conf.php:g \
+    -i  NTS/apc.php
+
+
+%build
+cd NTS
+%{_bindir}/phpize
+%configure \
+   --enable-apcu \
+   --with-php-config=%{_bindir}/php-config
+make %{?_smp_mflags}
+
+%if %{with_zts}
+cd ../ZTS
+%{_bindir}/zts-phpize
+%configure \
+   --enable-apcu \
+   --with-php-config=%{_bindir}/zts-php-config
+make %{?_smp_mflags}
+%endif
+
+
+%install
+# Install the NTS stuff
+make -C NTS install INSTALL_ROOT=%{buildroot}
+install -D -m 644 %{SOURCE1} %{buildroot}%{php_inidir}/%{ini_name}
+
+%if %{with_zts}
+# Install the ZTS stuff
+make -C ZTS install INSTALL_ROOT=%{buildroot}
+install -D -m 644 %{SOURCE1} %{buildroot}%{php_ztsinidir}/%{ini_name}
+%endif
+
+# Install the package XML file
+install -D -m 644 package.xml %{buildroot}%{pecl_xmldir}/%{name}.xml
+
+# Install the Control Panel
+# Pages
+install -D -m 644 -p NTS/apc.php  \
+        %{buildroot}%{_datadir}/apcu-panel/index.php
+# Apache config
+install -D -m 644 -p %{SOURCE2} \
+        %{buildroot}%{_sysconfdir}/httpd/conf.d/apcu-panel.conf
+# Panel config
+install -D -m 644 -p %{SOURCE3} \
+        %{buildroot}%{_sysconfdir}/apcu-panel/conf.php
+
+# Test & Documentation
+cd NTS
+for i in $(grep 'role="test"' ../package.xml | sed -e 's/^.*name="//;s/".*$//')
+do install -Dpm 644 $i %{buildroot}%{pecl_testdir}/%{pecl_name}/$i
+done
+for i in $(grep 'role="doc"' ../package.xml | sed -e 's/^.*name="//;s/".*$//')
+do install -Dpm 644 $i %{buildroot}%{pecl_docdir}/%{pecl_name}/$i
+done
+
+
+%check
+cd NTS
+%{_bindir}/php -n \
+   -d extension=%{buildroot}%{php_extdir}/%{pecl_name}.so \
+   -m | grep '^apcu$'
+
+# Upstream test suite for NTS extension
+TEST_PHP_EXECUTABLE=%{_bindir}/php \
+TEST_PHP_ARGS="-n -d extension=%{buildroot}%{php_extdir}/%{pecl_name}.so" \
+NO_INTERACTION=1 \
+REPORT_EXIT_STATUS=1 \
+%{_bindir}/php -n run-tests.php
+
+%if %{with_zts}
+cd ../ZTS
+%{__ztsphp} -n \
+   -d extension=%{buildroot}%{php_ztsextdir}/%{pecl_name}.so \
+   -m | grep '^apcu$'
+
+# Upstream test suite for ZTS extension
+TEST_PHP_EXECUTABLE=%{__ztsphp} \
+TEST_PHP_ARGS="-n -d extension=%{buildroot}%{php_ztsextdir}/%{pecl_name}.so" \
+NO_INTERACTION=1 \
+REPORT_EXIT_STATUS=1 \
+%{__ztsphp} -n run-tests.php
+%endif
+
+
+%files
+%license NTS/LICENSE
+%doc %{pecl_docdir}/%{pecl_name}
+%{pecl_xmldir}/%{name}.xml
+
+%config(noreplace) %{php_inidir}/%{ini_name}
+%{php_extdir}/%{pecl_name}.so
+
+%if %{with_zts}
+%{php_ztsextdir}/%{pecl_name}.so
+%config(noreplace) %{php_ztsinidir}/%{ini_name}
+%endif
+
+
+%files devel
+%doc %{pecl_testdir}/%{pecl_name}
+%{php_incldir}/ext/%{pecl_name}
+
+%if %{with_zts}
+%{php_ztsincldir}/ext/%{pecl_name}
+%endif
+
+
+%files -n apcu-panel
+# Need to restrict access, as it contains a clear password
+%attr(550,apache,root) %dir %{_sysconfdir}/apcu-panel
+%config(noreplace) %{_sysconfdir}/apcu-panel/conf.php
+%config(noreplace) %{_sysconfdir}/httpd/conf.d/apcu-panel.conf
+%{_datadir}/apcu-panel
+
+
+%changelog
+* Tue Aug 27 2024 Neeraj Sallh <v-nsallh@microsoft.com> - 5.1.23-6
+- Initial Azure Linux import from Fedora 42 (license: MIT)
+- License Verified
+
+* Fri Jul 19 2024 Fedora Release Engineering <releng@fedoraproject.org> - 5.1.23-5
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_41_Mass_Rebuild
+
+* Tue Apr 16 2024 Remi Collet <remi@remirepo.net> - 5.1.23-4
+- drop 32-bit support
+  https://fedoraproject.org/wiki/Changes/php_no_32_bit
+
+* Thu Jan 25 2024 Fedora Release Engineering <releng@fedoraproject.org> - 5.1.23-3
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
+
+* Sun Jan 21 2024 Fedora Release Engineering <releng@fedoraproject.org> - 5.1.23-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
+
+* Mon Nov 13 2023 Remi Collet <remi@remirepo.net> - 5.1.23-1
+- update to 5.1.23
+
+* Tue Oct 03 2023 Remi Collet <remi@remirepo.net> - 5.1.22-6
+- rebuild for https://fedoraproject.org/wiki/Changes/php83
+- build out of sources tree
+
+* Fri Jul 21 2023 Fedora Release Engineering <releng@fedoraproject.org> - 5.1.22-6
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild
+
+* Thu Apr 20 2023 Remi Collet <remi@remirepo.net> - 5.1.22-5
+- use SPDX license ID
+
+* Fri Jan 20 2023 Fedora Release Engineering <releng@fedoraproject.org> - 5.1.22-4
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild
+
+* Wed Oct 05 2022 Remi Collet <remi@remirepo.net> - 5.1.22-3
+- rebuild for https://fedoraproject.org/wiki/Changes/php82
+
+* Tue Sep 20 2022 Remi Collet <remi@remirepo.net> - 5.1.22-2
+- drop unneeded build dependency on pcre #2128350
+
+* Mon Sep 19 2022 Remi Collet <remi@remirepo.net> - 5.1.22-1
+- update to 5.1.22
+
+* Fri Jul 22 2022 Fedora Release Engineering <releng@fedoraproject.org> - 5.1.21-4
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild
+
+* Fri Jan 21 2022 Fedora Release Engineering <releng@fedoraproject.org> - 5.1.21-3
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild
+
+* Thu Oct 28 2021 Remi Collet <remi@remirepo.net> - 5.1.21-2
+- rebuild for https://fedoraproject.org/wiki/Changes/php81
+
+* Thu Oct  7 2021 Remi Collet <remi@remirepo.net> - 5.1.21-1
+- update to 5.1.21
+
+* Fri Jul 23 2021 Fedora Release Engineering <releng@fedoraproject.org> - 5.1.20-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild
+
+* Thu Mar  4 2021 Remi Collet <remi@remirepo.net> - 5.1.20-1
+- update to 5.1.20
+
+* Wed Jan 27 2021 Fedora Release Engineering <releng@fedoraproject.org> - 5.1.19-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
+
+* Mon Oct  5 2020 Remi Collet <remi@remirepo.net> - 5.1.19-1
+- update to 5.1.19
+
+* Tue Jul 28 2020 Fedora Release Engineering <releng@fedoraproject.org> - 5.1.18-3
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
+
+* Thu Jan 30 2020 Fedora Release Engineering <releng@fedoraproject.org> - 5.1.18-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
+
+* Mon Oct 28 2019 Remi Collet <remi@remirepo.net> - 5.1.18-1
+- update to 5.1.18
+
+* Thu Oct 03 2019 Remi Collet <remi@remirepo.net> - 5.1.17-3
+- rebuild for https://fedoraproject.org/wiki/Changes/php74
+- add upstream patches for test suite
+
+* Fri Jul 26 2019 Fedora Release Engineering <releng@fedoraproject.org> - 5.1.17-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
+
+* Fri Feb  8 2019 Remi Collet <remi@remirepo.net> - 5.1.17-1
+- update to 5.1.17
+
+* Sat Feb 02 2019 Fedora Release Engineering <releng@fedoraproject.org> - 5.1.15-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
+
+* Fri Dec  7 2018 Remi Collet <remi@remirepo.net> - 5.1.15-1
+- update to 5.1.15
+
+* Wed Nov 21 2018 Remi Collet <remi@remirepo.net> - 5.1.14-1
+- update to 5.1.14 (stable)
+
+* Mon Nov 19 2018 Remi Collet <remi@remirepo.net> - 5.1.13-1
+- update to 5.1.13 (stable)
+
+* Thu Oct 11 2018 Remi Collet <remi@remirepo.net> - 5.1.12-3
+- Rebuild for https://fedoraproject.org/wiki/Changes/php73
+
+* Fri Jul 13 2018 Fedora Release Engineering <releng@fedoraproject.org> - 5.1.12-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
+
+* Mon Jul  9 2018 Remi Collet <remi@remirepo.net> - 5.1.12-1
+- update to 5.1.12 (stable)
+
+* Thu Mar  8 2018 Remi Collet <remi@remirepo.net> - 5.1.11-1
+- update to 5.1.11 (stable)
+
+* Fri Feb 16 2018 Remi Collet <remi@remirepo.net> - 5.1.10-1
+- update to 5.1.10 (stable)
+
+* Fri Feb 09 2018 Fedora Release Engineering <releng@fedoraproject.org> - 5.1.9-3
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild
+
+* Fri Jan 26 2018 Remi Collet <remi@remirepo.net> - 5.1.9-2
+- undefine _strict_symbol_defs_build
+
+* Tue Jan  2 2018 Remi Collet <remi@fedoraproject.org> - 5.1.9-1
+- Update to 5.1.9 (php 7, stable)
+
+* Tue Oct 03 2017 Remi Collet <remi@fedoraproject.org> - 5.1.8-5
+- rebuild for https://fedoraproject.org/wiki/Changes/php72
+
+* Thu Aug 03 2017 Fedora Release Engineering <releng@fedoraproject.org> - 5.1.8-4
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild
+
+* Thu Jul 27 2017 Fedora Release Engineering <releng@fedoraproject.org> - 5.1.8-3
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild
+
+* Sat Feb 11 2017 Fedora Release Engineering <releng@fedoraproject.org> - 5.1.8-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild
+
+* Mon Jan 16 2017 Remi Collet <remi@fedoraproject.org> - 5.1.8-1
+- Update to 5.1.8 (php 7, stable)
+
+* Mon Nov 14 2016 Remi Collet <remi@fedoraproject.org> - 5.1.7-2
+- rebuild for https://fedoraproject.org/wiki/Changes/php71
+
+* Fri Oct 21 2016 Remi Collet <remi@fedoraproject.org> - 5.1.7-1
+- Update to 5.1.7 (php 7, stable)
+
+* Thu Oct  6 2016 Remi Collet <remi@fedoraproject.org> - 5.1.6-1
+- Update to 5.1.6 (php 7, stable)
+
+* Mon Jun 27 2016 Remi Collet <remi@fedoraproject.org> - 5.1.5-1
+- Update to 5.1.5 (php 7, stable)
+
+* Wed Apr 20 2016 Remi Collet <remi@fedoraproject.org> - 4.0.11-1
+- Update to 4.0.11 (stable)
+- fix license usage and spec cleanup
+
+* Wed Apr 20 2016 Remi Collet <remi@fedoraproject.org> - 4.0.10-4
+- add upstream patch, fix FTBFS with 5.6.21RC1, thanks Koschei
+
+* Wed Feb 10 2016 Remi Collet <remi@fedoraproject.org> - 4.0.10-3
+- drop scriptlets (replaced file triggers in php-pear)
+
+* Thu Feb 04 2016 Fedora Release Engineering <releng@fedoraproject.org> - 4.0.10-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild
+
+* Mon Dec  7 2015 Remi Collet <remi@fedoraproject.org> - 4.0.10-1
+- Update to 4.0.10 (stable)
+
+* Fri Nov 20 2015 Remi Collet <remi@fedoraproject.org> - 4.0.8-1
+- Update to 4.0.8
+
+* Thu Jun 18 2015 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 4.0.7-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild
+
+* Mon Oct 27 2014 Remi Collet <remi@fedoraproject.org> - 4.0.7-1
+- Update to 4.0.7
+
+* Sun Aug 17 2014 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 4.0.6-3
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild
+
+* Thu Jun 19 2014 Remi Collet <rcollet@redhat.com> - 4.0.6-2
+- rebuild for https://fedoraproject.org/wiki/Changes/Php56
+
+* Thu Jun 12 2014 Remi Collet <remi@fedoraproject.org> - 4.0.6-1
+- Update to 4.0.6 (beta)
+
+* Sat Jun 07 2014 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 4.0.4-3
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild
+
+* Wed Apr 23 2014 Remi Collet <remi@fedoraproject.org> - 4.0.4-2
+- add numerical prefix to extension configuration file
+
+* Sat Mar 01 2014 Remi Collet <remi@fedoraproject.org> - 4.0.4-1
+- Update to 4.0.4 (beta)
+
+* Mon Jan 27 2014 Remi Collet <remi@fedoraproject.org> - 4.0.3-1
+- Update to 4.0.3 (beta)
+- install doc in pecl doc_dir
+- install tests in pecl test_dir (in devel)
+- cleanup SCL stuff
+
+* Mon Jan 13 2014 Remi Collet <rcollet@redhat.com> - 4.0.2-3
+- EPEL-7 build
+
+* Mon Sep 16 2013 Remi Collet <rcollet@redhat.com> - 4.0.2-2
+- fix perm on config dir
+- improve SCL compatibility
+- always provides php-pecl-apc-devel and apc-panel
+
+* Mon Sep 16 2013 Remi Collet <remi@fedoraproject.org> - 4.0.2-1
+- Update to 4.0.2
+
+* Sat Jul 27 2013 Remi Collet <remi@fedoraproject.org> - 4.0.1-3
+- restore APC serializers ABI (patch merged upstream)
+
+* Mon Jul 15 2013 Remi Collet <rcollet@redhat.com> - 4.0.1-2
+- adapt for SCL
+
+* Tue Apr 30 2013 Remi Collet <remi@fedoraproject.org> - 4.0.1-1
+- Update to 4.0.1
+- add missing scriptlet
+- fix Conflicts
+
+* Thu Apr 25 2013 Remi Collet <remi@fedoraproject.org> - 4.0.0-2
+- fix segfault when used from command line
+
+* Wed Mar 27 2013 Remi Collet <remi@fedoraproject.org> - 4.0.0-1
+- first pecl release
+- rename from php-apcu to php-pecl-apcu
+
+* Tue Mar 26 2013 Remi Collet <remi@fedoraproject.org> - 4.0.0-0.4.git4322fad
+- new snapshot (test before release)
+
+* Mon Mar 25 2013 Remi Collet <remi@fedoraproject.org> - 4.0.0-0.3.git647cb2b
+- new snapshot with our pull request
+- allow to run test suite simultaneously on 32/64 arch
+- build warning free
+
+* Mon Mar 25 2013 Remi Collet <remi@fedoraproject.org> - 4.0.0-0.2.git6d20302
+- new snapshot with full APC compatibility
+
+* Sat Mar 23 2013 Remi Collet <remi@fedoraproject.org> - 4.0.0-0.1.git44e8dd4
+- initial package, version 4.0.0
diff --git a/cgmanifest.json b/cgmanifest.json
index eeafae51245..609d0642775 100644
--- a/cgmanifest.json
+++ b/cgmanifest.json
@@ -20798,6 +20798,16 @@
         }
       }
     },
+    {
+      "component": {
+        "type": "other",
+        "other": {
+          "name": "php-pecl-apcu",
+          "version": "5.1.23",
+          "downloadUrl": "https://pecl.php.net/get/apcu-5.1.23.tgz"
+        }
+      }
+    },
     {
       "component": {
         "type": "other",

From 2422148af128dd7e6f649f988eb75004c0b1166c Mon Sep 17 00:00:00 2001
From: suresh-thelkar <suresh.thelkar@yahoo.com>
Date: Mon, 23 Sep 2024 20:45:33 +0530
Subject: [PATCH 08/59] Upgraded keepalived to 2.3.1 and patched CVE-2024-41184
 (#10502)

Co-authored-by: Harshit Gupta <harshitgupta1337@gmail.com>
---
 SPECS/keepalived/CVE-2024-41184.patch       | 379 ++++++++++++++++++++
 SPECS/keepalived/keepalived.signatures.json |   8 +-
 SPECS/keepalived/keepalived.spec            |   9 +-
 cgmanifest.json                             |   4 +-
 4 files changed, 392 insertions(+), 8 deletions(-)
 create mode 100644 SPECS/keepalived/CVE-2024-41184.patch

diff --git a/SPECS/keepalived/CVE-2024-41184.patch b/SPECS/keepalived/CVE-2024-41184.patch
new file mode 100644
index 00000000000..d6b5c5b5646
--- /dev/null
+++ b/SPECS/keepalived/CVE-2024-41184.patch
@@ -0,0 +1,379 @@
+From f3a32e3557520dccb298b36b4952eff3e236fb86 Mon Sep 17 00:00:00 2001
+From: Quentin Armitage <quentin@armitage.org.uk>
+Date: Fri, 12 Jul 2024 15:11:13 +0100
+Subject: [PATCH 1/5] lib: don't return subtracted addresses for rb_find()
+ compare function
+
+If sizeof(int) < sizeof(void *) returning the difference between two
+addresses in an int can cause an overflow.
+
+Use less_equal_greater_than() for comparing addresses.
+
+Signed-off-by: Quentin Armitage <quentin@armitage.org.uk>
+---
+ lib/memory.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/lib/memory.c b/lib/memory.c
+index c7217fdd..4b250ac9 100644
+--- a/lib/memory.c
++++ b/lib/memory.c
+@@ -200,7 +200,7 @@ static unsigned free_list_size;
+ static inline int
+ memcheck_ptr_cmp(const void *key, const struct rb_node *a)
+ {
+-	return (const char *)key - (char *)rb_entry_const(a, MEMCHECK, t)->ptr;
++	return less_equal_greater_than((const char *)key, (char *)rb_entry_const(a, MEMCHECK, t)->ptr);
+ }
+ 
+ static inline bool
+-- 
+2.34.1
+
+
+From e78513fe0ce5d83c226ea2c0bd222f375c2438e7 Mon Sep 17 00:00:00 2001
+From: Quentin Armitage <quentin@armitage.org.uk>
+Date: Fri, 12 Jul 2024 15:16:47 +0100
+Subject: [PATCH 2/5] vrrp: Handle empty ipset names with vrrp_ipsets keyword
+
+We now handle empty ipset names and return a config error.
+
+Signed-off-by: Quentin Armitage <quentin@armitage.org.uk>
+---
+ keepalived/core/global_parser.c | 40 ++++++++++++++++++---------------
+ 1 file changed, 22 insertions(+), 18 deletions(-)
+
+diff --git a/keepalived/core/global_parser.c b/keepalived/core/global_parser.c
+index ed76b5cb..8935e502 100644
+--- a/keepalived/core/global_parser.c
++++ b/keepalived/core/global_parser.c
+@@ -1099,6 +1099,22 @@ vrrp_iptables_handler(const vector_t *strvec)
+ 	}
+ }
+ #ifdef _HAVE_LIBIPSET_
++static bool
++check_valid_ipset_name(const vector_t *strvec, unsigned entry, const char *log_name)
++{
++	if (strlen(strvec_slot(strvec, entry)) >= IPSET_MAXNAMELEN - 1) {
++		report_config_error(CONFIG_GENERAL_ERROR, "VRRP Error : ipset %s name too long - ignored", log_name);
++		return false;
++	}
++
++	if (strlen(strvec_slot(strvec, entry)) == 0) {
++		report_config_error(CONFIG_GENERAL_ERROR, "VRRP Error : ipset %s name empty - ignored", log_name);
++		return false;
++	}
++
++	return true;
++}
++
+ static void
+ vrrp_ipsets_handler(const vector_t *strvec)
+ {
+@@ -1119,17 +1135,13 @@ vrrp_ipsets_handler(const vector_t *strvec)
+ 		return;
+ 	}
+ 
+-	if (strlen(strvec_slot(strvec,1)) >= IPSET_MAXNAMELEN - 1) {
+-		report_config_error(CONFIG_GENERAL_ERROR, "VRRP Error : ipset address name too long - ignored");
++	if (!check_valid_ipset_name(strvec, 1, "address"))
+ 		return;
+-	}
+ 	global_data->vrrp_ipset_address = STRDUP(strvec_slot(strvec,1));
+ 
+ 	if (vector_size(strvec) >= 3) {
+-		if (strlen(strvec_slot(strvec,2)) >= IPSET_MAXNAMELEN - 1) {
+-			report_config_error(CONFIG_GENERAL_ERROR, "VRRP Error : ipset IPv6 address name too long - ignored");
++		if (!check_valid_ipset_name(strvec, 2, "IPv6 address"))
+ 			return;
+-		}
+ 		global_data->vrrp_ipset_address6 = STRDUP(strvec_slot(strvec,2));
+ 	} else {
+ 		/* No second set specified, copy first name and add "6" */
+@@ -1140,10 +1152,8 @@ vrrp_ipsets_handler(const vector_t *strvec)
+ 	}
+ 
+ 	if (vector_size(strvec) >= 4) {
+-		if (strlen(strvec_slot(strvec,3)) >= IPSET_MAXNAMELEN - 1) {
+-			report_config_error(CONFIG_GENERAL_ERROR, "VRRP Error : ipset IPv6 address_iface name too long - ignored");
++		if (!check_valid_ipset_name(strvec, 3, "IPv6 address_iface"))
+ 			return;
+-		}
+ 		global_data->vrrp_ipset_address_iface6 = STRDUP(strvec_slot(strvec,3));
+ 	} else {
+ 		/* No third set specified, copy second name and add "_if6" */
+@@ -1157,10 +1167,8 @@ vrrp_ipsets_handler(const vector_t *strvec)
+ 	}
+ 
+ 	if (vector_size(strvec) >= 5) {
+-		if (strlen(strvec_slot(strvec,4)) >= IPSET_MAXNAMELEN - 1) {
+-			report_config_error(CONFIG_GENERAL_ERROR, "VRRP Error : ipset IGMP name too long - ignored");
++		if (!check_valid_ipset_name(strvec, 4, "IGMP"))
+ 			return;
+-		}
+ 		global_data->vrrp_ipset_igmp = STRDUP(strvec_slot(strvec,4));
+ 	} else {
+ 		/* No second set specified, copy first name and add "_igmp" */
+@@ -1171,10 +1179,8 @@ vrrp_ipsets_handler(const vector_t *strvec)
+ 	}
+ 
+ 	if (vector_size(strvec) >= 6) {
+-		if (strlen(strvec_slot(strvec,5)) >= IPSET_MAXNAMELEN - 1) {
+-			report_config_error(CONFIG_GENERAL_ERROR, "VRRP Error : ipset MLD name too long - ignored");
++		if (!check_valid_ipset_name(strvec, 5, "MLD"))
+ 			return;
+-		}
+ 		global_data->vrrp_ipset_mld = STRDUP(strvec_slot(strvec,5));
+ 	} else {
+ 		/* No second set specified, copy first name and add "_mld" */
+@@ -1186,10 +1192,8 @@ vrrp_ipsets_handler(const vector_t *strvec)
+ 
+ #ifdef _HAVE_VRRP_VMAC_
+ 	if (vector_size(strvec) >= 7) {
+-		if (strlen(strvec_slot(strvec,6)) >= IPSET_MAXNAMELEN - 1) {
+-			report_config_error(CONFIG_GENERAL_ERROR, "VRRP Error : ipset ND name too long - ignored");
++		if (!check_valid_ipset_name(strvec, 6, "ND"))
+ 			return;
+-		}
+ 		global_data->vrrp_ipset_vmac_nd = STRDUP(strvec_slot(strvec,6));
+ 	} else {
+ 		/* No second set specified, copy first name and add "_nd" */
+-- 
+2.34.1
+
+
+From 281de3aa8a0990fa3cd694a9addc0bf28953da0b Mon Sep 17 00:00:00 2001
+From: Quentin Armitage <quentin@armitage.org.uk>
+Date: Fri, 12 Jul 2024 15:18:20 +0100
+Subject: [PATCH 3/5] vrrp: handle empty iptables chain names - vrrp_iptables
+ keyword
+
+We now return an error if a chain name is empty.
+
+Signed-off-by: Quentin Armitage <quentin@armitage.org.uk>
+---
+ keepalived/core/global_parser.c | 42 ++++++++++++++++++++-------------
+ 1 file changed, 25 insertions(+), 17 deletions(-)
+
+diff --git a/keepalived/core/global_parser.c b/keepalived/core/global_parser.c
+index 8935e502..3d436e49 100644
+--- a/keepalived/core/global_parser.c
++++ b/keepalived/core/global_parser.c
+@@ -1072,6 +1072,28 @@ vrrp_higher_prio_send_advert_handler(const vector_t *strvec)
+ 		global_data->vrrp_higher_prio_send_advert = true;
+ }
+ #ifdef _WITH_IPTABLES_
++static bool
++check_valid_iptables_ipset_name(const vector_t *strvec, unsigned entry, unsigned max_len, const char *type_name, const char *log_name)
++{
++	if (strlen(strvec_slot(strvec, entry)) >= max_len - 1) {
++		report_config_error(CONFIG_GENERAL_ERROR, "VRRP Error : %s %s name too long - ignored", type_name, log_name);
++		return false;
++	}
++
++	if (strlen(strvec_slot(strvec, entry)) == 0) {
++		report_config_error(CONFIG_GENERAL_ERROR, "VRRP Error : %s %s name empty - ignored", type_name, log_name);
++		return false;
++	}
++
++	return true;
++}
++
++static bool
++check_valid_iptables_chain_name(const vector_t *strvec, unsigned entry, const char *log_name)
++{
++	return check_valid_iptables_ipset_name(strvec, entry, XT_EXTENSION_MAXNAMELEN, "iptables", log_name);
++}
++
+ static void
+ vrrp_iptables_handler(const vector_t *strvec)
+ {
+@@ -1081,16 +1103,12 @@ vrrp_iptables_handler(const vector_t *strvec)
+ 	}
+ 
+ 	if (vector_size(strvec) >= 2) {
+-		if (strlen(strvec_slot(strvec,1)) >= XT_EXTENSION_MAXNAMELEN - 1) {
+-			report_config_error(CONFIG_GENERAL_ERROR, "VRRP Error : iptables in chain name too long - ignored");
++		if (!check_valid_iptables_chain_name(strvec, 1, "in chain"))
+ 			return;
+-		}
+ 		global_data->vrrp_iptables_inchain = STRDUP(strvec_slot(strvec,1));
+ 		if (vector_size(strvec) >= 3) {
+-			if (strlen(strvec_slot(strvec,2)) >= XT_EXTENSION_MAXNAMELEN - 1) {
+-				report_config_error(CONFIG_GENERAL_ERROR, "VRRP Error : iptables out chain name too long - ignored");
++			if (!check_valid_iptables_chain_name(strvec, 2, "out chain"))
+ 				return;
+-			}
+ 			global_data->vrrp_iptables_outchain = STRDUP(strvec_slot(strvec,2));
+ 		}
+ 	} else {
+@@ -1102,17 +1120,7 @@ vrrp_iptables_handler(const vector_t *strvec)
+ static bool
+ check_valid_ipset_name(const vector_t *strvec, unsigned entry, const char *log_name)
+ {
+-	if (strlen(strvec_slot(strvec, entry)) >= IPSET_MAXNAMELEN - 1) {
+-		report_config_error(CONFIG_GENERAL_ERROR, "VRRP Error : ipset %s name too long - ignored", log_name);
+-		return false;
+-	}
+-
+-	if (strlen(strvec_slot(strvec, entry)) == 0) {
+-		report_config_error(CONFIG_GENERAL_ERROR, "VRRP Error : ipset %s name empty - ignored", log_name);
+-		return false;
+-	}
+-
+-	return true;
++	return check_valid_iptables_ipset_name(strvec, entry, IPSET_MAXNAMELEN, "ipset", log_name);
+ }
+ 
+ static void
+-- 
+2.34.1
+
+
+From 1e5902c4793ac01b810f0faa3b5cf47b41ae95c1 Mon Sep 17 00:00:00 2001
+From: Quentin Armitage <quentin@armitage.org.uk>
+Date: Fri, 12 Jul 2024 15:32:35 +0100
+Subject: [PATCH 4/5] vrrp and ipvs: handle empty nftables chain names
+
+We now return an error if a chain name is empty.
+
+Signed-off-by: Quentin Armitage <quentin@armitage.org.uk>
+---
+ keepalived/core/global_parser.c | 25 +++++++++++++++----------
+ 1 file changed, 15 insertions(+), 10 deletions(-)
+
+diff --git a/keepalived/core/global_parser.c b/keepalived/core/global_parser.c
+index 3d436e49..0a8f53ac 100644
+--- a/keepalived/core/global_parser.c
++++ b/keepalived/core/global_parser.c
+@@ -1071,9 +1071,10 @@ vrrp_higher_prio_send_advert_handler(const vector_t *strvec)
+ 	else
+ 		global_data->vrrp_higher_prio_send_advert = true;
+ }
+-#ifdef _WITH_IPTABLES_
++
++#if defined _WITH_IPTABLES_ || defined _WITH_NFTABLES_
+ static bool
+-check_valid_iptables_ipset_name(const vector_t *strvec, unsigned entry, unsigned max_len, const char *type_name, const char *log_name)
++check_valid_iptables_ipset_nftables_name(const vector_t *strvec, unsigned entry, unsigned max_len, const char *type_name, const char *log_name)
+ {
+ 	if (strlen(strvec_slot(strvec, entry)) >= max_len - 1) {
+ 		report_config_error(CONFIG_GENERAL_ERROR, "VRRP Error : %s %s name too long - ignored", type_name, log_name);
+@@ -1087,11 +1088,13 @@ check_valid_iptables_ipset_name(const vector_t *strvec, unsigned entry, unsigned
+ 
+ 	return true;
+ }
++#endif
+ 
++#ifdef _WITH_IPTABLES_
+ static bool
+ check_valid_iptables_chain_name(const vector_t *strvec, unsigned entry, const char *log_name)
+ {
+-	return check_valid_iptables_ipset_name(strvec, entry, XT_EXTENSION_MAXNAMELEN, "iptables", log_name);
++	return check_valid_iptables_ipset_nftables_name(strvec, entry, XT_EXTENSION_MAXNAMELEN, "iptables", log_name);
+ }
+ 
+ static void
+@@ -1120,7 +1123,7 @@ vrrp_iptables_handler(const vector_t *strvec)
+ static bool
+ check_valid_ipset_name(const vector_t *strvec, unsigned entry, const char *log_name)
+ {
+-	return check_valid_iptables_ipset_name(strvec, entry, IPSET_MAXNAMELEN, "ipset", log_name);
++	return check_valid_iptables_ipset_nftables_name(strvec, entry, IPSET_MAXNAMELEN, "ipset", log_name);
+ }
+ 
+ static void
+@@ -1229,6 +1232,12 @@ vrrp_iptables_handler(__attribute__((unused)) const vector_t *strvec)
+ 
+ #ifdef _WITH_NFTABLES_
+ #ifdef _WITH_VRRP_
++static bool
++check_valid_nftables_chain_name(const vector_t *strvec, unsigned entry, const char *log_name)
++{
++	return check_valid_iptables_ipset_nftables_name(strvec, entry, NFT_TABLE_MAXNAMELEN, "nftables", log_name);
++}
++
+ static void
+ vrrp_nftables_handler(__attribute__((unused)) const vector_t *strvec)
+ {
+@@ -1240,10 +1249,8 @@ vrrp_nftables_handler(__attribute__((unused)) const vector_t *strvec)
+ 	}
+ 
+ 	if (vector_size(strvec) >= 2) {
+-		if (strlen(strvec_slot(strvec, 1)) >= NFT_TABLE_MAXNAMELEN) {
+-			report_config_error(CONFIG_GENERAL_ERROR, "nftables table name too long - ignoring");
++		if (!check_valid_nftables_chain_name(strvec, 1, "chain"))
+ 			return;
+-		}
+ 		name = strvec_slot(strvec, 1);
+ 	}
+ 	else {
+@@ -1283,10 +1290,8 @@ ipvs_nftables_handler(__attribute__((unused)) const vector_t *strvec)
+ 	}
+ 
+ 	if (vector_size(strvec) >= 2) {
+-		if (strlen(strvec_slot(strvec, 1)) >= NFT_TABLE_MAXNAMELEN) {
+-			report_config_error(CONFIG_GENERAL_ERROR, "ipvs nftables table name too long - ignoring");
++		if (!check_valid_nftables_chain_name(strvec, 1, "ipvs chain"))
+ 			return;
+-		}
+ 		name = strvec_slot(strvec, 1);
+ 	}
+ 	else {
+-- 
+2.34.1
+
+
+From 7e2cabdb1391f9378fbb76513c2ee9c88b15dba8 Mon Sep 17 00:00:00 2001
+From: Quentin Armitage <quentin@armitage.org.uk>
+Date: Fri, 12 Jul 2024 15:34:54 +0100
+Subject: [PATCH 5/5] configure: add --enable-sanitize-address option
+
+Signed-off-by: Quentin Armitage <quentin@armitage.org.uk>
+---
+ configure.ac | 15 +++++++++++++++
+ 1 file changed, 15 insertions(+)
+
+diff --git a/configure.ac b/configure.ac
+index 180beb6f..1ba691b6 100644
+--- a/configure.ac
++++ b/configure.ac
+@@ -263,6 +263,8 @@ AC_ARG_ENABLE(stacktrace,
+   [AS_HELP_STRING([--enable-stacktrace], [compile with stacktrace support])])
+ AC_ARG_ENABLE(perf,
+   [AS_HELP_STRING([--enable-perf], [compile with perf performance data recording support for vrrp process])])
++AC_ARG_ENABLE(sanitize-address,
++  [AS_HELP_STRING([--enable-sanitize-address], [compile with sanitize=address (ASAN) support])])
+ AC_ARG_ENABLE(log-file,
+   [AS_HELP_STRING([--enable-log-file], [enable logging to file (-g)])])
+ AC_ARG_ENABLE(dump-threads,
+@@ -2848,6 +2850,16 @@ else
+   ENABLE_PERF=No
+ fi
+ 
++dnl ----[ sanitize=address testing or not? ]----
++if test "${enable_sanitize_address}" = yes; then
++#  AC_DEFINE([_WITH_SANITIZE_ADDRESS_], [ 1 ], [Define to 1 to build with sanitize=address support])
++  ENABLE_SANITIZE_ADDRESS=Yes
++  add_config_opt([SANITIZE_ADDRESS])
++  add_to_var([KA_CFLAGS], [-fsanitize=address -g])
++else
++  ENABLE_SANITIZE_ADDRESS=No
++fi
++
+ if test "${enable_log_file}" = yes; then
+   AC_DEFINE([ENABLE_LOG_TO_FILE], [ 1 ], [Define if enabling logging to files])
+   ENABLE_LOG_FILE_APPEND=Yes
+@@ -3271,6 +3283,9 @@ fi
+ if test ${ENABLE_PERF} = Yes; then
+   echo "Perf support             : Yes"
+ fi
++if test ${ENABLE_SANITIZE_ADDRESS} = Yes; then
++  echo "sanitize=address testing : Yes"
++fi
+ if test ${MEM_CHECK} = Yes; then
+   echo "Memory alloc check       : Yes"
+   echo "Memory alloc check log   : ${MEM_CHECK_LOG}"
+-- 
+2.34.1
+
diff --git a/SPECS/keepalived/keepalived.signatures.json b/SPECS/keepalived/keepalived.signatures.json
index 462a500d230..ce75fa5589a 100644
--- a/SPECS/keepalived/keepalived.signatures.json
+++ b/SPECS/keepalived/keepalived.signatures.json
@@ -1,6 +1,6 @@
 {
-  "Signatures": {
-    "keepalived.service": "533fac0ed629192f87b42f5fa2ba4443bccc3ac383e9495be97369616b95d6bd",
-    "keepalived-2.2.8.tar.gz": "85882eb62974f395d4c631be990a41a839594a7e62fbfebcb5649a937a7a1bb6"
-  }
+ "Signatures": {
+  "keepalived-2.3.1.tar.gz": "92f4b69bfd998e2306d1995ad16fdad1b59e70be694c883385c5f55e02c62aa3",
+  "keepalived.service": "533fac0ed629192f87b42f5fa2ba4443bccc3ac383e9495be97369616b95d6bd"
+ }
 }
diff --git a/SPECS/keepalived/keepalived.spec b/SPECS/keepalived/keepalived.spec
index 0857c89d324..752004a7b5d 100644
--- a/SPECS/keepalived/keepalived.spec
+++ b/SPECS/keepalived/keepalived.spec
@@ -1,6 +1,6 @@
 Summary:        HA monitor built upon LVS, VRRP and services poller
 Name:           keepalived
-Version:        2.2.8
+Version:        2.3.1
 Release:        1%{?dist}
 License:        GPLv2
 Vendor:         Microsoft Corporation
@@ -9,6 +9,7 @@ Group:          Applications/System
 URL:            https://www.keepalived.org/
 Source0:        https://www.keepalived.org/software/%{name}-%{version}.tar.gz
 Source1:        %{name}.service
+Patch0:         CVE-2024-41184.patch
 
 BuildRequires:  autoconf
 BuildRequires:  automake
@@ -45,7 +46,7 @@ failover. So in short keepalived is a userspace daemon for LVS cluster nodes
 healthchecks and LVS directors failover.
 
 %prep
-%setup -q
+%autosetup -p1
 
 %build
 autoreconf -f -i
@@ -109,6 +110,10 @@ fi
 %{_mandir}/man8/keepalived.8*
 
 %changelog
+* Thu Sep 19 2024 Suresh Thelkar <sthelkar@microsoft.com> - 2.3.1-1
+- Add patch for CVE-2024-41184.patch.
+- Use autosetup.
+
 * Mon Nov 06 2023 CBL-Mariner Servicing Account <cblmargh@microsoft.com> - 2.2.8-1
 - Auto-upgrade to 2.2.8 - Azure Linux 3.0 - package upgrades
 
diff --git a/cgmanifest.json b/cgmanifest.json
index 609d0642775..7bce61d7ac0 100644
--- a/cgmanifest.json
+++ b/cgmanifest.json
@@ -8081,8 +8081,8 @@
         "type": "other",
         "other": {
           "name": "keepalived",
-          "version": "2.2.8",
-          "downloadUrl": "https://www.keepalived.org/software/keepalived-2.2.8.tar.gz"
+          "version": "2.3.1",
+          "downloadUrl": "https://www.keepalived.org/software/keepalived-2.3.1.tar.gz"
         }
       }
     },

From 1aaa060d32edc86e8c2311e5400db2abd9376a98 Mon Sep 17 00:00:00 2001
From: suresh-thelkar <suresh.thelkar@yahoo.com>
Date: Mon, 23 Sep 2024 20:46:08 +0530
Subject: [PATCH 09/59] Patch CVE-2019-10906 in nodejs (#10513)

---
 SPECS/nodejs/CVE-2019-10906.patch | 197 ++++++++++++++++++++++++++++++
 SPECS/nodejs/nodejs.spec          |   6 +-
 2 files changed, 202 insertions(+), 1 deletion(-)
 create mode 100644 SPECS/nodejs/CVE-2019-10906.patch

diff --git a/SPECS/nodejs/CVE-2019-10906.patch b/SPECS/nodejs/CVE-2019-10906.patch
new file mode 100644
index 00000000000..e4aca456fc5
--- /dev/null
+++ b/SPECS/nodejs/CVE-2019-10906.patch
@@ -0,0 +1,197 @@
+From ce71e5f5911b12ebc36711a7d86dab0a11bd1c4d Mon Sep 17 00:00:00 2001
+From: Suresh Thelkar <sthelkar@microsoft.com>
+Date: Fri, 20 Sep 2024 09:55:21 +0530
+Subject: [PATCH] Changed needed to upgrade jinja2 to 2.10.1
+
+---
+ .../jinja2/Jinja2-2.10.1.tar.gz.md5           |  1 +
+ .../jinja2/Jinja2-2.10.1.tar.gz.sha512        |  1 +
+ .../jinja2/Jinja2-2.10.tar.gz.md5             |  1 -
+ .../jinja2/Jinja2-2.10.tar.gz.sha512          |  1 -
+ tools/inspector_protocol/jinja2/LICENSE       | 62 +++++++++----------
+ tools/inspector_protocol/jinja2/__init__.py   |  2 +-
+ tools/inspector_protocol/jinja2/get_jinja2.sh |  4 +-
+ tools/inspector_protocol/jinja2/sandbox.py    | 17 ++++-
+ 8 files changed, 50 insertions(+), 39 deletions(-)
+ create mode 100644 tools/inspector_protocol/jinja2/Jinja2-2.10.1.tar.gz.md5
+ create mode 100644 tools/inspector_protocol/jinja2/Jinja2-2.10.1.tar.gz.sha512
+ delete mode 100644 tools/inspector_protocol/jinja2/Jinja2-2.10.tar.gz.md5
+ delete mode 100644 tools/inspector_protocol/jinja2/Jinja2-2.10.tar.gz.sha512
+
+diff --git a/tools/inspector_protocol/jinja2/Jinja2-2.10.1.tar.gz.md5 b/tools/inspector_protocol/jinja2/Jinja2-2.10.1.tar.gz.md5
+new file mode 100644
+index 00000000..254f4371
+--- /dev/null
++++ b/tools/inspector_protocol/jinja2/Jinja2-2.10.1.tar.gz.md5
+@@ -0,0 +1 @@
++0ae535be40fd215a8114a090c8b68e5a  Jinja2-2.10.1.tar.gz
+\ No newline at end of file
+diff --git a/tools/inspector_protocol/jinja2/Jinja2-2.10.1.tar.gz.sha512 b/tools/inspector_protocol/jinja2/Jinja2-2.10.1.tar.gz.sha512
+new file mode 100644
+index 00000000..7c379ff1
+--- /dev/null
++++ b/tools/inspector_protocol/jinja2/Jinja2-2.10.1.tar.gz.sha512
+@@ -0,0 +1 @@
++a00153a0e07bb7d67f301b4eaf7af657726a1985e9ffc7ae2d76bdbb4c062d672efc8065e398767e1039b18a483a0092e206deac91e4047aad64920b56869623  Jinja2-2.10.1.tar.gz
+\ No newline at end of file
+diff --git a/tools/inspector_protocol/jinja2/Jinja2-2.10.tar.gz.md5 b/tools/inspector_protocol/jinja2/Jinja2-2.10.tar.gz.md5
+deleted file mode 100644
+index 9137ee12..00000000
+--- a/tools/inspector_protocol/jinja2/Jinja2-2.10.tar.gz.md5
++++ /dev/null
+@@ -1 +0,0 @@
+-61ef1117f945486472850819b8d1eb3d  Jinja2-2.10.tar.gz
+diff --git a/tools/inspector_protocol/jinja2/Jinja2-2.10.tar.gz.sha512 b/tools/inspector_protocol/jinja2/Jinja2-2.10.tar.gz.sha512
+deleted file mode 100644
+index 087d24c1..00000000
+--- a/tools/inspector_protocol/jinja2/Jinja2-2.10.tar.gz.sha512
++++ /dev/null
+@@ -1 +0,0 @@
+-0ea7371be67ffcf19e46dfd06523a45a0806e678a407d54f5f2f3e573982f0959cf82ec5d07b203670309928a62ef71109701ab16547a9bba2ebcdc178cb67f2  Jinja2-2.10.tar.gz
+diff --git a/tools/inspector_protocol/jinja2/LICENSE b/tools/inspector_protocol/jinja2/LICENSE
+index 31bf900e..10145a26 100644
+--- a/tools/inspector_protocol/jinja2/LICENSE
++++ b/tools/inspector_protocol/jinja2/LICENSE
+@@ -1,31 +1,31 @@
+-Copyright (c) 2009 by the Jinja Team, see AUTHORS for more details.
+-
+-Some rights reserved.
+-
+-Redistribution and use in source and binary forms, with or without
+-modification, are permitted provided that the following conditions are
+-met:
+-
+-    * Redistributions of source code must retain the above copyright
+-      notice, this list of conditions and the following disclaimer.
+-
+-    * Redistributions in binary form must reproduce the above
+-      copyright notice, this list of conditions and the following
+-      disclaimer in the documentation and/or other materials provided
+-      with the distribution.
+-
+-    * The names of the contributors may not be used to endorse or
+-      promote products derived from this software without specific
+-      prior written permission.
+-
+-THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+-"AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+-LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+-A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+-OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+-SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+-LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+-DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+-THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+-(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+-OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
++Copyright (c) 2009 by the Jinja Team, see AUTHORS for more details.
++
++Some rights reserved.
++
++Redistribution and use in source and binary forms, with or without
++modification, are permitted provided that the following conditions are
++met:
++
++    * Redistributions of source code must retain the above copyright
++      notice, this list of conditions and the following disclaimer.
++
++    * Redistributions in binary form must reproduce the above
++      copyright notice, this list of conditions and the following
++      disclaimer in the documentation and/or other materials provided
++      with the distribution.
++
++    * The names of the contributors may not be used to endorse or
++      promote products derived from this software without specific
++      prior written permission.
++
++THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
++"AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
++LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
++A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
++OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
++SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
++LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
++DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
++THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
++(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
++OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+diff --git a/tools/inspector_protocol/jinja2/__init__.py b/tools/inspector_protocol/jinja2/__init__.py
+index 42aa763d..15e13b6f 100644
+--- a/tools/inspector_protocol/jinja2/__init__.py
++++ b/tools/inspector_protocol/jinja2/__init__.py
+@@ -27,7 +27,7 @@
+     :license: BSD, see LICENSE for more details.
+ """
+ __docformat__ = 'restructuredtext en'
+-__version__ = '2.10'
++__version__ = '2.10.1'
+ 
+ # high level interface
+ from jinja2.environment import Environment, Template
+diff --git a/tools/inspector_protocol/jinja2/get_jinja2.sh b/tools/inspector_protocol/jinja2/get_jinja2.sh
+index bc6c4c30..b0fa6e8e 100755
+--- a/tools/inspector_protocol/jinja2/get_jinja2.sh
++++ b/tools/inspector_protocol/jinja2/get_jinja2.sh
+@@ -7,8 +7,8 @@
+ # Download page:
+ # https://pypi.python.org/pypi/Jinja2
+ PACKAGE='Jinja2'
+-VERSION='2.10'
+-SRC_URL='https://pypi.python.org/packages/56/e6/332789f295cf22308386cf5bbd1f4e00ed11484299c5d7383378cf48ba47/Jinja2-2.10.tar.gz'
++VERSION='2.10.1'
++SRC_URL='https://files.pythonhosted.org/packages/93/ea/d884a06f8c7f9b7afbc8138b762e80479fb17aedbbe2b06515a12de9378d/Jinja2-2.10.1.tar.gz'
+ PACKAGE_DIR='jinja2'
+ 
+ CHROMIUM_FILES="README.chromium OWNERS get_jinja2.sh"
+diff --git a/tools/inspector_protocol/jinja2/sandbox.py b/tools/inspector_protocol/jinja2/sandbox.py
+index 93fb9d45..752e8128 100644
+--- a/tools/inspector_protocol/jinja2/sandbox.py
++++ b/tools/inspector_protocol/jinja2/sandbox.py
+@@ -137,7 +137,7 @@ class _MagicFormatMapping(Mapping):
+ def inspect_format_method(callable):
+     if not isinstance(callable, (types.MethodType,
+                                  types.BuiltinMethodType)) or \
+-       callable.__name__ != 'format':
++       callable.__name__ not in ('format', 'format_map'):
+         return None
+     obj = callable.__self__
+     if isinstance(obj, string_types):
+@@ -402,7 +402,7 @@ class SandboxedEnvironment(Environment):
+             obj.__class__.__name__
+         ), name=attribute, obj=obj, exc=SecurityError)
+ 
+-    def format_string(self, s, args, kwargs):
++    def format_string(self, s, args, kwargs, format_func=None):
+         """If a format call is detected, then this is routed through this
+         method so that our safety sandbox can be used for it.
+         """
+@@ -410,6 +410,17 @@ class SandboxedEnvironment(Environment):
+             formatter = SandboxedEscapeFormatter(self, s.escape)
+         else:
+             formatter = SandboxedFormatter(self)
++
++        if format_func is not None and format_func.__name__ == 'format_map':
++            if len(args) != 1 or kwargs:
++                raise TypeError(
++                    'format_map() takes exactly one argument %d given'
++                    % (len(args) + (kwargs is not None))
++                )
++
++            kwargs = args[0]
++            args = None
++
+         kwargs = _MagicFormatMapping(args, kwargs)
+         rv = formatter.vformat(s, args, kwargs)
+         return type(s)(rv)
+@@ -418,7 +429,7 @@ class SandboxedEnvironment(Environment):
+         """Call an object from sandboxed code."""
+         fmt = inspect_format_method(__obj)
+         if fmt is not None:
+-            return __self.format_string(fmt, args, kwargs)
++            return __self.format_string(fmt, args, kwargs, __obj)
+ 
+         # the double prefixes are to avoid double keyword argument
+         # errors when proxying the call.
+-- 
+2.34.1
+
diff --git a/SPECS/nodejs/nodejs.spec b/SPECS/nodejs/nodejs.spec
index de76f2f240f..88a9525b319 100644
--- a/SPECS/nodejs/nodejs.spec
+++ b/SPECS/nodejs/nodejs.spec
@@ -5,7 +5,7 @@ Name:           nodejs
 # WARNINGS: MUST check and update the 'npm_version' macro for every version update of this package.
 #           The version of NPM can be found inside the sources under 'deps/npm/package.json'.
 Version:        20.14.0
-Release:        1%{?dist}
+Release:        2%{?dist}
 License:        BSD AND MIT AND Public Domain AND NAIST-2003 AND Artistic-2.0
 Vendor:         Microsoft Corporation
 Distribution:   Azure Linux
@@ -16,6 +16,7 @@ URL:            https://github.com/nodejs/node
 # !!!  => use generate_source_tarball.sh script to create a clean and reproducible source tarball.
 Source0:        https://nodejs.org/download/release/v%{version}/node-v%{version}.tar.xz
 Patch0:         disable-tlsv1-tlsv1-1.patch
+Patch1:         CVE-2019-10906.patch
 BuildRequires:  brotli-devel
 BuildRequires:  c-ares-devel
 BuildRequires:  coreutils >= 8.22
@@ -127,6 +128,9 @@ make cctest
 %{_prefix}/lib/node_modules/*
 
 %changelog
+* Thu Sep 19 2024 Suresh Thelkar <sthelkar@microsoft.com> - 20.14.0-2
+- Patch CVE-2019-10906
+
 * Fri Jun 07 2024 Nicolas Guibourge <nicolasg@microsoft.com> - 20.14.0-1
 - Upgrade to 20.14.0 to address CVEs
 

From 6ae3d64272e4cdb30e2d1831b2109045779894c8 Mon Sep 17 00:00:00 2001
From: CBL-Mariner-Bot <75509084+CBL-Mariner-Bot@users.noreply.github.com>
Date: Mon, 23 Sep 2024 13:21:31 -0400
Subject: [PATCH 10/59] [AUTOPATCHER-kernel] Kernel CVE - branch 3.0-dev -
 CVE-2024-43884 CVE-2024-44946 CVE-2024-44985 CVE-2024-44974 CVE-2024-44987
 CVE-2024-44986 CVE-2024-43891 CVE-2024-45006 CVE-2024-45000 CVE-2024-44990
 CVE-2024-44999 CVE-2024-44989 CVE-2024-44998 CVE-2024-44995 CVE-2024-44997
 CVE-2024-45002 CVE-2024-44983 CVE-2024-45029 CVE-2024-45028 CVE-2024-45022
 CVE-2024-45020 CVE-2024-45009 CVE-2024-46677 CVE-2024-46674 CVE-2024-45025
 CVE-2024-45030 CVE-2024-45016 CVE-2024-45021 CVE-2024-45018 CVE-2024-45015
 CVE-2024-46673 CVE-2024-45011 CVE-2024-46672 CVE-2024-46693 CVE-2024-45010
 CVE-2024-45026 CVE-2024-45012 CVE-2024-45019 CVE-2024-46692 CVE-2024-46686
 CVE-2024-46687 CVE-2024-46685 CVE-2024-44947 CVE-2024-44996  (#10500)

---
 SPECS/kernel/CVE-2024-43884.nopatch | 3 +++
 SPECS/kernel/CVE-2024-43891.nopatch | 3 +++
 SPECS/kernel/CVE-2024-44946.nopatch | 3 +++
 SPECS/kernel/CVE-2024-44947.nopatch | 3 +++
 SPECS/kernel/CVE-2024-44974.nopatch | 3 +++
 SPECS/kernel/CVE-2024-44983.nopatch | 3 +++
 SPECS/kernel/CVE-2024-44985.nopatch | 3 +++
 SPECS/kernel/CVE-2024-44986.nopatch | 3 +++
 SPECS/kernel/CVE-2024-44987.nopatch | 3 +++
 SPECS/kernel/CVE-2024-44989.nopatch | 3 +++
 SPECS/kernel/CVE-2024-44990.nopatch | 3 +++
 SPECS/kernel/CVE-2024-44995.nopatch | 3 +++
 SPECS/kernel/CVE-2024-44996.nopatch | 3 +++
 SPECS/kernel/CVE-2024-44997.nopatch | 3 +++
 SPECS/kernel/CVE-2024-44998.nopatch | 3 +++
 SPECS/kernel/CVE-2024-44999.nopatch | 3 +++
 SPECS/kernel/CVE-2024-45000.nopatch | 3 +++
 SPECS/kernel/CVE-2024-45002.nopatch | 3 +++
 SPECS/kernel/CVE-2024-45006.nopatch | 3 +++
 SPECS/kernel/CVE-2024-45009.nopatch | 3 +++
 SPECS/kernel/CVE-2024-45010.nopatch | 3 +++
 SPECS/kernel/CVE-2024-45011.nopatch | 3 +++
 SPECS/kernel/CVE-2024-45012.nopatch | 3 +++
 SPECS/kernel/CVE-2024-45015.nopatch | 3 +++
 SPECS/kernel/CVE-2024-45016.nopatch | 3 +++
 SPECS/kernel/CVE-2024-45018.nopatch | 3 +++
 SPECS/kernel/CVE-2024-45019.nopatch | 3 +++
 SPECS/kernel/CVE-2024-45020.nopatch | 3 +++
 SPECS/kernel/CVE-2024-45021.nopatch | 3 +++
 SPECS/kernel/CVE-2024-45022.nopatch | 3 +++
 SPECS/kernel/CVE-2024-45025.nopatch | 3 +++
 SPECS/kernel/CVE-2024-45026.nopatch | 3 +++
 SPECS/kernel/CVE-2024-45028.nopatch | 3 +++
 SPECS/kernel/CVE-2024-45029.nopatch | 3 +++
 SPECS/kernel/CVE-2024-45030.nopatch | 3 +++
 SPECS/kernel/CVE-2024-46672.nopatch | 3 +++
 SPECS/kernel/CVE-2024-46673.nopatch | 3 +++
 SPECS/kernel/CVE-2024-46674.nopatch | 3 +++
 SPECS/kernel/CVE-2024-46677.nopatch | 3 +++
 SPECS/kernel/CVE-2024-46685.nopatch | 3 +++
 SPECS/kernel/CVE-2024-46686.nopatch | 3 +++
 SPECS/kernel/CVE-2024-46687.nopatch | 3 +++
 SPECS/kernel/CVE-2024-46692.nopatch | 3 +++
 SPECS/kernel/CVE-2024-46693.nopatch | 3 +++
 44 files changed, 132 insertions(+)
 create mode 100644 SPECS/kernel/CVE-2024-43884.nopatch
 create mode 100644 SPECS/kernel/CVE-2024-43891.nopatch
 create mode 100644 SPECS/kernel/CVE-2024-44946.nopatch
 create mode 100644 SPECS/kernel/CVE-2024-44947.nopatch
 create mode 100644 SPECS/kernel/CVE-2024-44974.nopatch
 create mode 100644 SPECS/kernel/CVE-2024-44983.nopatch
 create mode 100644 SPECS/kernel/CVE-2024-44985.nopatch
 create mode 100644 SPECS/kernel/CVE-2024-44986.nopatch
 create mode 100644 SPECS/kernel/CVE-2024-44987.nopatch
 create mode 100644 SPECS/kernel/CVE-2024-44989.nopatch
 create mode 100644 SPECS/kernel/CVE-2024-44990.nopatch
 create mode 100644 SPECS/kernel/CVE-2024-44995.nopatch
 create mode 100644 SPECS/kernel/CVE-2024-44996.nopatch
 create mode 100644 SPECS/kernel/CVE-2024-44997.nopatch
 create mode 100644 SPECS/kernel/CVE-2024-44998.nopatch
 create mode 100644 SPECS/kernel/CVE-2024-44999.nopatch
 create mode 100644 SPECS/kernel/CVE-2024-45000.nopatch
 create mode 100644 SPECS/kernel/CVE-2024-45002.nopatch
 create mode 100644 SPECS/kernel/CVE-2024-45006.nopatch
 create mode 100644 SPECS/kernel/CVE-2024-45009.nopatch
 create mode 100644 SPECS/kernel/CVE-2024-45010.nopatch
 create mode 100644 SPECS/kernel/CVE-2024-45011.nopatch
 create mode 100644 SPECS/kernel/CVE-2024-45012.nopatch
 create mode 100644 SPECS/kernel/CVE-2024-45015.nopatch
 create mode 100644 SPECS/kernel/CVE-2024-45016.nopatch
 create mode 100644 SPECS/kernel/CVE-2024-45018.nopatch
 create mode 100644 SPECS/kernel/CVE-2024-45019.nopatch
 create mode 100644 SPECS/kernel/CVE-2024-45020.nopatch
 create mode 100644 SPECS/kernel/CVE-2024-45021.nopatch
 create mode 100644 SPECS/kernel/CVE-2024-45022.nopatch
 create mode 100644 SPECS/kernel/CVE-2024-45025.nopatch
 create mode 100644 SPECS/kernel/CVE-2024-45026.nopatch
 create mode 100644 SPECS/kernel/CVE-2024-45028.nopatch
 create mode 100644 SPECS/kernel/CVE-2024-45029.nopatch
 create mode 100644 SPECS/kernel/CVE-2024-45030.nopatch
 create mode 100644 SPECS/kernel/CVE-2024-46672.nopatch
 create mode 100644 SPECS/kernel/CVE-2024-46673.nopatch
 create mode 100644 SPECS/kernel/CVE-2024-46674.nopatch
 create mode 100644 SPECS/kernel/CVE-2024-46677.nopatch
 create mode 100644 SPECS/kernel/CVE-2024-46685.nopatch
 create mode 100644 SPECS/kernel/CVE-2024-46686.nopatch
 create mode 100644 SPECS/kernel/CVE-2024-46687.nopatch
 create mode 100644 SPECS/kernel/CVE-2024-46692.nopatch
 create mode 100644 SPECS/kernel/CVE-2024-46693.nopatch

diff --git a/SPECS/kernel/CVE-2024-43884.nopatch b/SPECS/kernel/CVE-2024-43884.nopatch
new file mode 100644
index 00000000000..69448400628
--- /dev/null
+++ b/SPECS/kernel/CVE-2024-43884.nopatch
@@ -0,0 +1,3 @@
+CVE-2024-43884 - patched in 6.6.48.1 - (generated by autopatch tool)
+upstream 538fd3921afac97158d4177139a0ad39f056dbb2 - stable 064dd929c76532359d2905d90a7c12348043cfd4
+
diff --git a/SPECS/kernel/CVE-2024-43891.nopatch b/SPECS/kernel/CVE-2024-43891.nopatch
new file mode 100644
index 00000000000..d84376ad029
--- /dev/null
+++ b/SPECS/kernel/CVE-2024-43891.nopatch
@@ -0,0 +1,3 @@
+CVE-2024-43891 - patched in 6.6.49.1 - (generated by autopatch tool)
+upstream b1560408692cd0ab0370cfbe9deb03ce97ab3f6d - stable 4ed03758ddf0b19d69eed69386d65a92d0091e0c
+
diff --git a/SPECS/kernel/CVE-2024-44946.nopatch b/SPECS/kernel/CVE-2024-44946.nopatch
new file mode 100644
index 00000000000..fa8e53b4ca0
--- /dev/null
+++ b/SPECS/kernel/CVE-2024-44946.nopatch
@@ -0,0 +1,3 @@
+CVE-2024-44946 - patched in 6.6.48.1 - (generated by autopatch tool)
+upstream 807067bf014d4a3ae2cc55bd3de16f22a01eb580 - stable 00425508f30baa5ab6449a1f478480ca7cffa6da
+
diff --git a/SPECS/kernel/CVE-2024-44947.nopatch b/SPECS/kernel/CVE-2024-44947.nopatch
new file mode 100644
index 00000000000..42779db2234
--- /dev/null
+++ b/SPECS/kernel/CVE-2024-44947.nopatch
@@ -0,0 +1,3 @@
+CVE-2024-44947 - patched in 6.6.48.1 - (generated by autopatch tool)
+upstream 3c0da3d163eb32f1f91891efaade027fa9b245b9 - stable ac42e0f0eb66af966015ee33fd355bc6f5d80cd6
+
diff --git a/SPECS/kernel/CVE-2024-44974.nopatch b/SPECS/kernel/CVE-2024-44974.nopatch
new file mode 100644
index 00000000000..1340109f0f5
--- /dev/null
+++ b/SPECS/kernel/CVE-2024-44974.nopatch
@@ -0,0 +1,3 @@
+CVE-2024-44974 - patched in 6.6.48.1 - (generated by autopatch tool)
+upstream 48e50dcbcbaaf713d82bf2da5c16aeced94ad07d - stable 9a9afbbc3fbfca4975eea4aa5b18556db5a0c0b8
+
diff --git a/SPECS/kernel/CVE-2024-44983.nopatch b/SPECS/kernel/CVE-2024-44983.nopatch
new file mode 100644
index 00000000000..8e4dbb172ff
--- /dev/null
+++ b/SPECS/kernel/CVE-2024-44983.nopatch
@@ -0,0 +1,3 @@
+CVE-2024-44983 - patched in 6.6.48.1 - (generated by autopatch tool)
+upstream 6ea14ccb60c8ab829349979b22b58a941ec4a3ee - stable 0279c35d242d037abeb73d60d06a6d1bb7f672d9
+
diff --git a/SPECS/kernel/CVE-2024-44985.nopatch b/SPECS/kernel/CVE-2024-44985.nopatch
new file mode 100644
index 00000000000..8e2e0d00d5c
--- /dev/null
+++ b/SPECS/kernel/CVE-2024-44985.nopatch
@@ -0,0 +1,3 @@
+CVE-2024-44985 - patched in 6.6.48.1 - (generated by autopatch tool)
+upstream 2d5ff7e339d04622d8282661df36151906d0e1c7 - stable 124b428fe28064c809e4237b0b38e97200a8a4a8
+
diff --git a/SPECS/kernel/CVE-2024-44986.nopatch b/SPECS/kernel/CVE-2024-44986.nopatch
new file mode 100644
index 00000000000..ea2c1fa8df5
--- /dev/null
+++ b/SPECS/kernel/CVE-2024-44986.nopatch
@@ -0,0 +1,3 @@
+CVE-2024-44986 - patched in 6.6.48.1 - (generated by autopatch tool)
+upstream da273b377ae0d9bd255281ed3c2adb228321687b - stable 6ab6bf731354a6fdbaa617d1ec194960db61cf3b
+
diff --git a/SPECS/kernel/CVE-2024-44987.nopatch b/SPECS/kernel/CVE-2024-44987.nopatch
new file mode 100644
index 00000000000..a2558bed638
--- /dev/null
+++ b/SPECS/kernel/CVE-2024-44987.nopatch
@@ -0,0 +1,3 @@
+CVE-2024-44987 - patched in 6.6.48.1 - (generated by autopatch tool)
+upstream faa389b2fbaaec7fd27a390b4896139f9da662e3 - stable af1dde074ee2ed7dd5bdca4e7e8ba17f44e7b011
+
diff --git a/SPECS/kernel/CVE-2024-44989.nopatch b/SPECS/kernel/CVE-2024-44989.nopatch
new file mode 100644
index 00000000000..313a4a38276
--- /dev/null
+++ b/SPECS/kernel/CVE-2024-44989.nopatch
@@ -0,0 +1,3 @@
+CVE-2024-44989 - patched in 6.6.48.1 - (generated by autopatch tool)
+upstream f8cde9805981c50d0c029063dc7d82821806fc44 - stable 4582d4ff413a07d4ed8a4823c652dc5207760548
+
diff --git a/SPECS/kernel/CVE-2024-44990.nopatch b/SPECS/kernel/CVE-2024-44990.nopatch
new file mode 100644
index 00000000000..affc13590b6
--- /dev/null
+++ b/SPECS/kernel/CVE-2024-44990.nopatch
@@ -0,0 +1,3 @@
+CVE-2024-44990 - patched in 6.6.48.1 - (generated by autopatch tool)
+upstream 95c90e4ad89d493a7a14fa200082e466e2548f9d - stable 0707260a18312bbcd2a5668584e3692d0a29e3f6
+
diff --git a/SPECS/kernel/CVE-2024-44995.nopatch b/SPECS/kernel/CVE-2024-44995.nopatch
new file mode 100644
index 00000000000..7a8cbbf6a07
--- /dev/null
+++ b/SPECS/kernel/CVE-2024-44995.nopatch
@@ -0,0 +1,3 @@
+CVE-2024-44995 - patched in 6.6.48.1 - (generated by autopatch tool)
+upstream be5e816d00a506719e9dbb1a9c861c5ced30a109 - stable fa1d4de7265c370e673583ac8d1bd17d21826cd9
+
diff --git a/SPECS/kernel/CVE-2024-44996.nopatch b/SPECS/kernel/CVE-2024-44996.nopatch
new file mode 100644
index 00000000000..e73eb1af403
--- /dev/null
+++ b/SPECS/kernel/CVE-2024-44996.nopatch
@@ -0,0 +1,3 @@
+CVE-2024-44996 - patched in 6.6.48.1 - (generated by autopatch tool)
+upstream 69139d2919dd4aa9a553c8245e7c63e82613e3fc - stable 921f1acf0c3cf6b1260ab57a8a6e8b3d5f3023d5
+
diff --git a/SPECS/kernel/CVE-2024-44997.nopatch b/SPECS/kernel/CVE-2024-44997.nopatch
new file mode 100644
index 00000000000..01c936942b4
--- /dev/null
+++ b/SPECS/kernel/CVE-2024-44997.nopatch
@@ -0,0 +1,3 @@
+CVE-2024-44997 - patched in 6.6.48.1 - (generated by autopatch tool)
+upstream db1b4bedb9b97c6d34b03d03815147c04fffe8b4 - stable 326a89321f9d5fe399fe6f9ff7c0fc766582a6a0
+
diff --git a/SPECS/kernel/CVE-2024-44998.nopatch b/SPECS/kernel/CVE-2024-44998.nopatch
new file mode 100644
index 00000000000..2ff75fd69b9
--- /dev/null
+++ b/SPECS/kernel/CVE-2024-44998.nopatch
@@ -0,0 +1,3 @@
+CVE-2024-44998 - patched in 6.6.48.1 - (generated by autopatch tool)
+upstream a9a18e8f770c9b0703dab93580d0b02e199a4c79 - stable ef23c18ab88e33ce000d06a5c6aad0620f219bfd
+
diff --git a/SPECS/kernel/CVE-2024-44999.nopatch b/SPECS/kernel/CVE-2024-44999.nopatch
new file mode 100644
index 00000000000..67c7742bf5a
--- /dev/null
+++ b/SPECS/kernel/CVE-2024-44999.nopatch
@@ -0,0 +1,3 @@
+CVE-2024-44999 - patched in 6.6.48.1 - (generated by autopatch tool)
+upstream 3a3be7ff9224f424e485287b54be00d2c6bd9c40 - stable 34ba4f29f3d9eb52dee37512059efb2afd7e966f
+
diff --git a/SPECS/kernel/CVE-2024-45000.nopatch b/SPECS/kernel/CVE-2024-45000.nopatch
new file mode 100644
index 00000000000..c054396e0a2
--- /dev/null
+++ b/SPECS/kernel/CVE-2024-45000.nopatch
@@ -0,0 +1,3 @@
+CVE-2024-45000 - patched in 6.6.48.1 - (generated by autopatch tool)
+upstream f71aa06398aabc2e3eaac25acdf3d62e0094ba70 - stable dfaa39b05a6cf34a16c525a2759ee6ab26b5fef6
+
diff --git a/SPECS/kernel/CVE-2024-45002.nopatch b/SPECS/kernel/CVE-2024-45002.nopatch
new file mode 100644
index 00000000000..a6abe7e9230
--- /dev/null
+++ b/SPECS/kernel/CVE-2024-45002.nopatch
@@ -0,0 +1,3 @@
+CVE-2024-45002 - patched in 6.6.48.1 - (generated by autopatch tool)
+upstream 90574d2a675947858b47008df8d07f75ea50d0d0 - stable 753f1745146e03abd17eec8eee95faffc96d743d
+
diff --git a/SPECS/kernel/CVE-2024-45006.nopatch b/SPECS/kernel/CVE-2024-45006.nopatch
new file mode 100644
index 00000000000..81d44aa3a35
--- /dev/null
+++ b/SPECS/kernel/CVE-2024-45006.nopatch
@@ -0,0 +1,3 @@
+CVE-2024-45006 - patched in 6.6.48.1 - (generated by autopatch tool)
+upstream af8e119f52e9c13e556be9e03f27957554a84656 - stable 6b99de301d78e1f5249e57ef2c32e1dec3df2bb1
+
diff --git a/SPECS/kernel/CVE-2024-45009.nopatch b/SPECS/kernel/CVE-2024-45009.nopatch
new file mode 100644
index 00000000000..e487faac804
--- /dev/null
+++ b/SPECS/kernel/CVE-2024-45009.nopatch
@@ -0,0 +1,3 @@
+CVE-2024-45009 - patched in 6.6.48.1 - (generated by autopatch tool)
+upstream 1c1f721375989579e46741f59523e39ec9b2a9bd - stable d20bf2c96d7ffd171299b32f562f70e5bf5dc608
+
diff --git a/SPECS/kernel/CVE-2024-45010.nopatch b/SPECS/kernel/CVE-2024-45010.nopatch
new file mode 100644
index 00000000000..0196f585dc3
--- /dev/null
+++ b/SPECS/kernel/CVE-2024-45010.nopatch
@@ -0,0 +1,3 @@
+CVE-2024-45010 - patched in 6.6.48.1 - (generated by autopatch tool)
+upstream 322ea3778965da72862cca2a0c50253aacf65fe6 - stable 43cf912b0b0fc7b4fd12cbc735d1f5afb8e1322d
+
diff --git a/SPECS/kernel/CVE-2024-45011.nopatch b/SPECS/kernel/CVE-2024-45011.nopatch
new file mode 100644
index 00000000000..05b7548af97
--- /dev/null
+++ b/SPECS/kernel/CVE-2024-45011.nopatch
@@ -0,0 +1,3 @@
+CVE-2024-45011 - patched in 6.6.48.1 - (generated by autopatch tool)
+upstream 2374bf7558de915edc6ec8cb10ec3291dfab9594 - stable 5cff754692ad45d5086b75fef8cc3a99c30a1005
+
diff --git a/SPECS/kernel/CVE-2024-45012.nopatch b/SPECS/kernel/CVE-2024-45012.nopatch
new file mode 100644
index 00000000000..1a45d76ee54
--- /dev/null
+++ b/SPECS/kernel/CVE-2024-45012.nopatch
@@ -0,0 +1,3 @@
+CVE-2024-45012 - patched in 6.6.48.1 - (generated by autopatch tool)
+upstream 9b340aeb26d50e9a9ec99599e2a39b035fac978e - stable cc29c5546c6a373648363ac49781f1d74b530707
+
diff --git a/SPECS/kernel/CVE-2024-45015.nopatch b/SPECS/kernel/CVE-2024-45015.nopatch
new file mode 100644
index 00000000000..c3ebf5294e5
--- /dev/null
+++ b/SPECS/kernel/CVE-2024-45015.nopatch
@@ -0,0 +1,3 @@
+CVE-2024-45015 - patched in 6.6.48.1 - (generated by autopatch tool)
+upstream aedf02e46eb549dac8db4821a6b9f0c6bf6e3990 - stable 3fb61718bcbe309279205d1cc275a6435611dc77
+
diff --git a/SPECS/kernel/CVE-2024-45016.nopatch b/SPECS/kernel/CVE-2024-45016.nopatch
new file mode 100644
index 00000000000..94030376934
--- /dev/null
+++ b/SPECS/kernel/CVE-2024-45016.nopatch
@@ -0,0 +1,3 @@
+CVE-2024-45016 - patched in 6.6.48.1 - (generated by autopatch tool)
+upstream c07ff8592d57ed258afee5a5e04991a48dbaf382 - stable 577d6c0619467fe90f7e8e57e45cb5bd9d936014
+
diff --git a/SPECS/kernel/CVE-2024-45018.nopatch b/SPECS/kernel/CVE-2024-45018.nopatch
new file mode 100644
index 00000000000..e41e31a463b
--- /dev/null
+++ b/SPECS/kernel/CVE-2024-45018.nopatch
@@ -0,0 +1,3 @@
+CVE-2024-45018 - patched in 6.6.48.1 - (generated by autopatch tool)
+upstream e9767137308daf906496613fd879808a07f006a2 - stable c7b760499f7791352b49b11667ed04b23d7f5b0f
+
diff --git a/SPECS/kernel/CVE-2024-45019.nopatch b/SPECS/kernel/CVE-2024-45019.nopatch
new file mode 100644
index 00000000000..75c5e2f1b56
--- /dev/null
+++ b/SPECS/kernel/CVE-2024-45019.nopatch
@@ -0,0 +1,3 @@
+CVE-2024-45019 - patched in 6.6.48.1 - (generated by autopatch tool)
+upstream e6b5afd30b99b43682a7764e1a74a42fe4d5f4b3 - stable b3b9a87adee97854bcd71057901d46943076267e
+
diff --git a/SPECS/kernel/CVE-2024-45020.nopatch b/SPECS/kernel/CVE-2024-45020.nopatch
new file mode 100644
index 00000000000..33615405475
--- /dev/null
+++ b/SPECS/kernel/CVE-2024-45020.nopatch
@@ -0,0 +1,3 @@
+CVE-2024-45020 - patched in 6.6.48.1 - (generated by autopatch tool)
+upstream bed2eb964c70b780fb55925892a74f26cb590b25 - stable 7cad3174cc79519bf5f6c4441780264416822c08
+
diff --git a/SPECS/kernel/CVE-2024-45021.nopatch b/SPECS/kernel/CVE-2024-45021.nopatch
new file mode 100644
index 00000000000..094405beec4
--- /dev/null
+++ b/SPECS/kernel/CVE-2024-45021.nopatch
@@ -0,0 +1,3 @@
+CVE-2024-45021 - patched in 6.6.48.1 - (generated by autopatch tool)
+upstream 046667c4d3196938e992fba0dfcde570aa85cd0e - stable f1aa7c509aa766080db7ab3aec2e31b1df09e57c
+
diff --git a/SPECS/kernel/CVE-2024-45022.nopatch b/SPECS/kernel/CVE-2024-45022.nopatch
new file mode 100644
index 00000000000..a75347a5aaa
--- /dev/null
+++ b/SPECS/kernel/CVE-2024-45022.nopatch
@@ -0,0 +1,3 @@
+CVE-2024-45022 - patched in 6.6.48.1 - (generated by autopatch tool)
+upstream 61ebe5a747da649057c37be1c37eb934b4af79ca - stable de7bad86345c43cd040ed43e20d9fad78a3ee59f
+
diff --git a/SPECS/kernel/CVE-2024-45025.nopatch b/SPECS/kernel/CVE-2024-45025.nopatch
new file mode 100644
index 00000000000..0c945dde5c4
--- /dev/null
+++ b/SPECS/kernel/CVE-2024-45025.nopatch
@@ -0,0 +1,3 @@
+CVE-2024-45025 - patched in 6.6.48.1 - (generated by autopatch tool)
+upstream 9a2fa1472083580b6c66bdaf291f591e1170123a - stable dd72ae8b0fce9c0bbe9582b9b50820f0407f8d8a
+
diff --git a/SPECS/kernel/CVE-2024-45026.nopatch b/SPECS/kernel/CVE-2024-45026.nopatch
new file mode 100644
index 00000000000..0439bb94b9b
--- /dev/null
+++ b/SPECS/kernel/CVE-2024-45026.nopatch
@@ -0,0 +1,3 @@
+CVE-2024-45026 - patched in 6.6.48.1 - (generated by autopatch tool)
+upstream 7db4042336580dfd75cb5faa82c12cd51098c90b - stable 93a7e2856951680cd7fe6ebd705ac10c8a8a5efd
+
diff --git a/SPECS/kernel/CVE-2024-45028.nopatch b/SPECS/kernel/CVE-2024-45028.nopatch
new file mode 100644
index 00000000000..7770133d84f
--- /dev/null
+++ b/SPECS/kernel/CVE-2024-45028.nopatch
@@ -0,0 +1,3 @@
+CVE-2024-45028 - patched in 6.6.48.1 - (generated by autopatch tool)
+upstream a1e627af32ed60713941cbfc8075d44cad07f6dd - stable cac2815f49d343b2f0acc4973d2c14918ac3ab0c
+
diff --git a/SPECS/kernel/CVE-2024-45029.nopatch b/SPECS/kernel/CVE-2024-45029.nopatch
new file mode 100644
index 00000000000..edc507e7e07
--- /dev/null
+++ b/SPECS/kernel/CVE-2024-45029.nopatch
@@ -0,0 +1,3 @@
+CVE-2024-45029 - patched in 6.6.48.1 - (generated by autopatch tool)
+upstream 14d069d92951a3e150c0a81f2ca3b93e54da913b - stable 6861faf4232e4b78878f2de1ed3ee324ddae2287
+
diff --git a/SPECS/kernel/CVE-2024-45030.nopatch b/SPECS/kernel/CVE-2024-45030.nopatch
new file mode 100644
index 00000000000..c57ec2624e5
--- /dev/null
+++ b/SPECS/kernel/CVE-2024-45030.nopatch
@@ -0,0 +1,3 @@
+CVE-2024-45030 - patched in 6.6.48.1 - (generated by autopatch tool)
+upstream 8aba27c4a5020abdf60149239198297f88338a8d - stable 8ea80ff5d8298356d28077bc30913ed37df65109
+
diff --git a/SPECS/kernel/CVE-2024-46672.nopatch b/SPECS/kernel/CVE-2024-46672.nopatch
new file mode 100644
index 00000000000..1a0d4e432b2
--- /dev/null
+++ b/SPECS/kernel/CVE-2024-46672.nopatch
@@ -0,0 +1,3 @@
+CVE-2024-46672 - patched in 6.6.48.1 - (generated by autopatch tool)
+upstream 2ad4e1ada8eebafa2d75a4b75eeeca882de6ada1 - stable 4291f94f8c6b01505132c22ee27b59ed27c3584f
+
diff --git a/SPECS/kernel/CVE-2024-46673.nopatch b/SPECS/kernel/CVE-2024-46673.nopatch
new file mode 100644
index 00000000000..93d988366df
--- /dev/null
+++ b/SPECS/kernel/CVE-2024-46673.nopatch
@@ -0,0 +1,3 @@
+CVE-2024-46673 - patched in 6.6.49.1 - (generated by autopatch tool)
+upstream 919ddf8336f0b84c0453bac583808c9f165a85c2 - stable 8a3995a3ffeca280a961b59f5c99843d81b15929
+
diff --git a/SPECS/kernel/CVE-2024-46674.nopatch b/SPECS/kernel/CVE-2024-46674.nopatch
new file mode 100644
index 00000000000..71abedad6ca
--- /dev/null
+++ b/SPECS/kernel/CVE-2024-46674.nopatch
@@ -0,0 +1,3 @@
+CVE-2024-46674 - patched in 6.6.49.1 - (generated by autopatch tool)
+upstream ddfcfeba891064b88bb844208b43bef2ef970f0c - stable e1e5e8ea2731150d5ba7c707f9e02fafebcfeb49
+
diff --git a/SPECS/kernel/CVE-2024-46677.nopatch b/SPECS/kernel/CVE-2024-46677.nopatch
new file mode 100644
index 00000000000..5cc597e65ec
--- /dev/null
+++ b/SPECS/kernel/CVE-2024-46677.nopatch
@@ -0,0 +1,3 @@
+CVE-2024-46677 - patched in 6.6.49.1 - (generated by autopatch tool)
+upstream defd8b3c37b0f9cb3e0f60f47d3d78d459d57fda - stable 28c67f0f84f889fe9f4cbda8354132b20dc9212d
+
diff --git a/SPECS/kernel/CVE-2024-46685.nopatch b/SPECS/kernel/CVE-2024-46685.nopatch
new file mode 100644
index 00000000000..6198da566f0
--- /dev/null
+++ b/SPECS/kernel/CVE-2024-46685.nopatch
@@ -0,0 +1,3 @@
+CVE-2024-46685 - patched in 6.6.49.1 - (generated by autopatch tool)
+upstream 1c38a62f15e595346a1106025722869e87ffe044 - stable 4ed45fe99ec9e3c9478bd634624cd05a57d002f7
+
diff --git a/SPECS/kernel/CVE-2024-46686.nopatch b/SPECS/kernel/CVE-2024-46686.nopatch
new file mode 100644
index 00000000000..580840403a0
--- /dev/null
+++ b/SPECS/kernel/CVE-2024-46686.nopatch
@@ -0,0 +1,3 @@
+CVE-2024-46686 - patched in 6.6.49.1 - (generated by autopatch tool)
+upstream c724b2ab6a46435b4e7d58ad2fbbdb7a318823cf - stable a01859dd6aebf826576513850a3b05992809e9d2
+
diff --git a/SPECS/kernel/CVE-2024-46687.nopatch b/SPECS/kernel/CVE-2024-46687.nopatch
new file mode 100644
index 00000000000..84aa8f9e4ff
--- /dev/null
+++ b/SPECS/kernel/CVE-2024-46687.nopatch
@@ -0,0 +1,3 @@
+CVE-2024-46687 - patched in 6.6.49.1 - (generated by autopatch tool)
+upstream 10d9d8c3512f16cad47b2ff81ec6fc4b27d8ee10 - stable 51722b99f41f5e722ffa10b8f61e802a0e70b331
+
diff --git a/SPECS/kernel/CVE-2024-46692.nopatch b/SPECS/kernel/CVE-2024-46692.nopatch
new file mode 100644
index 00000000000..8d88d2d1919
--- /dev/null
+++ b/SPECS/kernel/CVE-2024-46692.nopatch
@@ -0,0 +1,3 @@
+CVE-2024-46692 - patched in 6.6.49.1 - (generated by autopatch tool)
+upstream 9960085a3a82c58d3323c1c20b991db6045063b0 - stable cdf7efe4b02aa93813db0bf1ca596ad298ab6b06
+
diff --git a/SPECS/kernel/CVE-2024-46693.nopatch b/SPECS/kernel/CVE-2024-46693.nopatch
new file mode 100644
index 00000000000..8d6451c491e
--- /dev/null
+++ b/SPECS/kernel/CVE-2024-46693.nopatch
@@ -0,0 +1,3 @@
+CVE-2024-46693 - patched in 6.6.49.1 - (generated by autopatch tool)
+upstream 3568affcddd68743e25aa3ec1647d9b82797757b - stable 1efdbf5323c9360e05066049b97414405e94e087
+

From 8fe754b92ae5713dfe82a70e1a07cbe8e4c12f49 Mon Sep 17 00:00:00 2001
From: Tobias Brick <39196763+tobiasb-ms@users.noreply.github.com>
Date: Mon, 23 Sep 2024 11:49:24 -0700
Subject: [PATCH 11/59] swap fix-ssl-read-and-write-error-check.patch for a
 slightly different version from upstream (#10525)

Change #10461 fixed wget2 an upstream issue with openssl error handling using the proposed fix. However, in the end the upstream owner went with a different fix that included a minor refactor.

This change swaps out the original fix for the upstream, to keep us closer to the upstream for future patching.
---
 .../fix-ssl-read-and-write-error-check.patch  | 80 +++++++++++++++----
 SPECS/wget/wget.spec                          |  5 +-
 2 files changed, 68 insertions(+), 17 deletions(-)

diff --git a/SPECS/wget/fix-ssl-read-and-write-error-check.patch b/SPECS/wget/fix-ssl-read-and-write-error-check.patch
index 4877b4989c9..c4104f3337c 100644
--- a/SPECS/wget/fix-ssl-read-and-write-error-check.patch
+++ b/SPECS/wget/fix-ssl-read-and-write-error-check.patch
@@ -1,32 +1,80 @@
-From 3d4e70f8591d84c48d449d0b8d600d6e138ca6c2 Mon Sep 17 00:00:00 2001
-From: "Tobias Brick (he/him)" <tobiasb@microsoft.com>
-Date: Wed, 11 Sep 2024 22:46:37 +0000
-Subject: [PATCH] count 0 as an error for SSL_read and SS_write, per
+From 8877050c3f00a19d43e539029d2346d1040d8c02 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Tim=20R=C3=BChsen?= <tim.ruehsen@gmx.de>
+Date: Sun, 22 Sep 2024 12:12:42 +0200
+Subject: [PATCH] Count 0 as an error for SSL_read and SSL_write, per
  documentation
 
+* libwget/ssl_openssl.c (ssl_transfer): Take 0 as error,
+  slightly refactor code.
+
+Fixes https://github.com/rockdaboot/wget2/issues/342
+
+Reported-by: Tobias Brick (he/him) <tobiasb@microsoft.com>
+Co-authored-by: Tobias Brick (he/him) <tobiasb@microsoft.com>
 ---
- libwget/ssl_openssl.c | 4 ++--
- 1 file changed, 2 insertions(+), 2 deletions(-)
+ libwget/ssl_openssl.c | 34 +++++++++++++++++++---------------
+ 1 file changed, 19 insertions(+), 15 deletions(-)
 
 diff --git a/libwget/ssl_openssl.c b/libwget/ssl_openssl.c
-index 6cac6ecb..2a892ff5 100644
+index 7a52792d..885b0c2c 100644
 --- a/libwget/ssl_openssl.c
 +++ b/libwget/ssl_openssl.c
-@@ -1816,7 +1816,7 @@ static int ssl_transfer(int want,
+@@ -1789,7 +1789,7 @@ static int ssl_transfer(int want,
+ 		void *buf, int count)
+ {
+ 	SSL *ssl;
+-	int fd, retval, error, ops = want;
++	int fd;
+ 
+ 	if (count == 0)
+ 		return 0;
+@@ -1801,7 +1801,9 @@ static int ssl_transfer(int want,
+ 	if (timeout < -1)
+ 		timeout = -1;
+ 
+-	do {
++	for (int ops = want;;) {
++		int retval;
++
+ 		if (timeout) {
+ 			/* Wait until file descriptor becomes ready */
+ 			retval = wget_ready_2_transfer(fd, timeout, ops);
+@@ -1817,23 +1819,25 @@ static int ssl_transfer(int want,
  		else
  			retval = SSL_write(ssl, buf, count);
  
 -		if (retval < 0) {
-+		if (retval <= 0) {
- 			error = SSL_get_error(ssl, retval);
+-			error = SSL_get_error(ssl, retval);
++		if (retval > 0)
++			return retval;
+ 
+-			if (error == SSL_ERROR_WANT_READ || error == SSL_ERROR_WANT_WRITE) {
+-				/* Socket not ready - let's try again (unless timeout was zero) */
+-				ops = WGET_IO_WRITABLE | WGET_IO_READABLE;
++		// The OpenSSL docs consider <= 0 an error.
++		int error = SSL_get_error(ssl, retval);
++		if (error == SSL_ERROR_WANT_READ || error == SSL_ERROR_WANT_WRITE) {
++			/* Socket not ready - let's try again (unless timeout was zero) */
++			ops = WGET_IO_WRITABLE | WGET_IO_READABLE;
  
- 			if (error == SSL_ERROR_WANT_READ || error == SSL_ERROR_WANT_WRITE) {
-@@ -1830,7 +1830,7 @@ static int ssl_transfer(int want,
- 				return WGET_E_HANDSHAKE;
- 			}
+-				if (timeout == 0)
+-					return 0;
+-			} else {
+-				/* Not exactly a handshake error, but this is the closest one to signal TLS layer errors */
+-				return WGET_E_HANDSHAKE;
+-			}
++			if (timeout == 0)
++				return 0;
++		} else {
++			/* Not exactly a handshake error, but this is the closest one to signal TLS layer errors */
++			return WGET_E_HANDSHAKE;
  		}
 -	} while (retval < 0);
-+	} while (retval <= 0);
++	}
  
- 	return retval;
+-	return retval;
++	// The execution can never get here.
++	return WGET_E_UNKNOWN;
  }
+ 
+ /**
diff --git a/SPECS/wget/wget.spec b/SPECS/wget/wget.spec
index a82be5722f9..5c50317c4c4 100644
--- a/SPECS/wget/wget.spec
+++ b/SPECS/wget/wget.spec
@@ -3,7 +3,7 @@
 Summary:        An advanced file and recursive website downloader
 Name:           wget
 Version:        2.1.0
-Release:        4%{?dist}
+Release:        5%{?dist}
 License:        GPL-3.0-or-later AND LGPL-3.0-or-later AND GFDL-1.3-or-later
 URL:            https://gitlab.com/gnuwget/wget2
 Group:          System Environment/NetworkingPrograms
@@ -157,6 +157,9 @@ echo ".so man1/%{name}.1" > %{buildroot}%{_mandir}/man1/wget.1
 %{_mandir}/man3/libwget*.3*
 
 %changelog
+* Mon Sep 23 2024 Tobias Brick <tobiasb@microsoft.com> - 2.1.0-5
+- Align fix for SSL read and write error check with upstream.
+
 * Wed Sep 18 2024 Tobias Brick <tobiasb@microsoft.com> - 2.1.0-4
 - Add patch to prevent debug output from printing binary request bodies.
 

From 06c0584c48fe3b8990f644238675e6ae54190ca8 Mon Sep 17 00:00:00 2001
From: Minghe Ren <mingheren@microsoft.com>
Date: Mon, 23 Sep 2024 11:52:32 -0700
Subject: [PATCH 12/59] add patch for edk2 CVE-2024-6119 (#10512)

Co-authored-by: minghe <rmhsawyer>
---
 SPECS/edk2/CVE-2024-6119.patch | 266 +++++++++++++++++++++++++++++++++
 SPECS/edk2/edk2.spec           |   7 +-
 2 files changed, 272 insertions(+), 1 deletion(-)
 create mode 100644 SPECS/edk2/CVE-2024-6119.patch

diff --git a/SPECS/edk2/CVE-2024-6119.patch b/SPECS/edk2/CVE-2024-6119.patch
new file mode 100644
index 00000000000..144f3874ea4
--- /dev/null
+++ b/SPECS/edk2/CVE-2024-6119.patch
@@ -0,0 +1,266 @@
+From 05f360d9e849a1b277db628f1f13083a7f8dd04f Mon Sep 17 00:00:00 2001
+From: Viktor Dukhovni <viktor@openssl.org>
+Date: Wed, 19 Jun 2024 21:04:11 +1000
+Subject: [PATCH] Avoid type errors in EAI-related name check logic.
+
+The incorrectly typed data is read only, used in a compare operation, so
+neither remote code execution, nor memory content disclosure were possible.
+However, applications performing certificate name checks were vulnerable to
+denial of service.
+
+The GENERAL_TYPE data type is a union, and we must take care to access the
+correct member, based on `gen->type`, not all the member fields have the same
+structure, and a segfault is possible if the wrong member field is read.
+
+The code in question was lightly refactored with the intent to make it more
+obviously correct.
+
+Fixes CVE-2024-6119
+
+Reviewed-by: Richard Levitte <levitte@openssl.org>
+Reviewed-by: Tomas Mraz <tomas@openssl.org>
+(cherry picked from commit 0890cd13d40fbc98f655f3974f466769caa83680)
+---
+ crypto/x509/v3_utl.c                          | 78 +++++++++++++------
+ test/recipes/25-test_eai_data.t               | 12 ++-
+ test/recipes/25-test_eai_data/kdc-cert.pem    | 21 +++++
+ .../25-test_eai_data/kdc-root-cert.pem        | 16 ++++
+ test/recipes/25-test_eai_data/kdc.sh          | 41 ++++++++++
+ 5 files changed, 142 insertions(+), 26 deletions(-)
+ create mode 100644 test/recipes/25-test_eai_data/kdc-cert.pem
+ create mode 100644 test/recipes/25-test_eai_data/kdc-root-cert.pem
+ create mode 100755 test/recipes/25-test_eai_data/kdc.sh
+
+diff --git a/crypto/x509/v3_utl.c b/crypto/x509/v3_utl.c
+index 1a18174995196..a09414c972fa8 100644
+--- a/crypto/x509/v3_utl.c
++++ b/crypto/x509/v3_utl.c
+@@ -916,36 +916,64 @@ static int do_x509_check(X509 *x, const char *chk, size_t chklen,
+             ASN1_STRING *cstr;
+ 
+             gen = sk_GENERAL_NAME_value(gens, i);
+-            if ((gen->type == GEN_OTHERNAME) && (check_type == GEN_EMAIL)) {
+-                if (OBJ_obj2nid(gen->d.otherName->type_id) ==
+-                    NID_id_on_SmtpUTF8Mailbox) {
+-                    san_present = 1;
+-
+-                    /*
+-                     * If it is not a UTF8String then that is unexpected and we
+-                     * treat it as no match
+-                     */
+-                    if (gen->d.otherName->value->type == V_ASN1_UTF8STRING) {
+-                        cstr = gen->d.otherName->value->value.utf8string;
+-
+-                        /* Positive on success, negative on error! */
+-                        if ((rv = do_check_string(cstr, 0, equal, flags,
+-                                                chk, chklen, peername)) != 0)
+-                            break;
+-                    }
+-                } else
++            switch (gen->type) {
++            default:
++                continue;
++            case GEN_OTHERNAME:
++		switch (OBJ_obj2nid(gen->d.otherName->type_id)) {
++                default:
+                     continue;
+-            } else {
+-                if ((gen->type != check_type) && (gen->type != GEN_OTHERNAME))
++                case NID_id_on_SmtpUTF8Mailbox:
++                    /*-
++                     * https://datatracker.ietf.org/doc/html/rfc8398#section-3
++                     *
++                     *   Due to name constraint compatibility reasons described
++                     *   in Section 6, SmtpUTF8Mailbox subjectAltName MUST NOT
++                     *   be used unless the local-part of the email address
++                     *   contains non-ASCII characters. When the local-part is
++                     *   ASCII, rfc822Name subjectAltName MUST be used instead
++                     *   of SmtpUTF8Mailbox. This is compatible with legacy
++                     *   software that supports only rfc822Name (and not
++                     *   SmtpUTF8Mailbox). [...]
++                     *
++                     *   SmtpUTF8Mailbox is encoded as UTF8String.
++                     *
++                     * If it is not a UTF8String then that is unexpected, and
++                     * we ignore the invalid SAN (neither set san_present nor
++                     * consider it a candidate for equality).  This does mean
++                     * that the subject CN may be considered, as would be the
++                     * case when the malformed SmtpUtf8Mailbox SAN is instead
++                     * simply absent.
++                     *
++                     * When CN-ID matching is not desirable, applications can
++                     * choose to turn it off, doing so is at this time a best
++                     * practice.
++                     */
++                    if (check_type != GEN_EMAIL
++                        || gen->d.otherName->value->type != V_ASN1_UTF8STRING)
++                        continue;
++                    alt_type = 0;
++                    cstr = gen->d.otherName->value->value.utf8string;
++                    break;
++                }
++                break;
++            case GEN_EMAIL:
++                if (check_type != GEN_EMAIL)
+                     continue;
+-            }
+-            san_present = 1;
+-            if (check_type == GEN_EMAIL)
+                 cstr = gen->d.rfc822Name;
+-            else if (check_type == GEN_DNS)
++                break;
++            case GEN_DNS:
++                if (check_type != GEN_DNS)
++                    continue;
+                 cstr = gen->d.dNSName;
+-            else
++                break;
++            case GEN_IPADD:
++                if (check_type != GEN_IPADD)
++                    continue;
+                 cstr = gen->d.iPAddress;
++                break;
++            }
++            san_present = 1;
+             /* Positive on success, negative on error! */
+             if ((rv = do_check_string(cstr, alt_type, equal, flags,
+                                       chk, chklen, peername)) != 0)
+diff --git a/test/recipes/25-test_eai_data.t b/test/recipes/25-test_eai_data.t
+index 522982ddfb802..e18735d89aadf 100644
+--- a/test/recipes/25-test_eai_data.t
++++ b/test/recipes/25-test_eai_data.t
+@@ -21,16 +21,18 @@ setup("test_eai_data");
+ #./util/wrap.pl apps/openssl verify -nameopt utf8 -no_check_time -CAfile test/recipes/25-test_eai_data/utf8_chain.pem test/recipes/25-test_eai_data/ascii_leaf.pem
+ #./util/wrap.pl apps/openssl verify -nameopt utf8 -no_check_time -CAfile test/recipes/25-test_eai_data/ascii_chain.pem test/recipes/25-test_eai_data/utf8_leaf.pem
+ 
+-plan tests => 12;
++plan tests => 16;
+ 
+ require_ok(srctop_file('test','recipes','tconversion.pl'));
+ my $folder = "test/recipes/25-test_eai_data";
+ 
+ my $ascii_pem = srctop_file($folder, "ascii_leaf.pem");
+ my $utf8_pem  = srctop_file($folder, "utf8_leaf.pem");
++my $kdc_pem   = srctop_file($folder, "kdc-cert.pem");
+ 
+ my $ascii_chain_pem = srctop_file($folder, "ascii_chain.pem");
+ my $utf8_chain_pem  = srctop_file($folder, "utf8_chain.pem");
++my $kdc_chain_pem  = srctop_file($folder, "kdc-root-cert.pem");
+ 
+ my $out;
+ my $outcnt = 0;
+@@ -56,10 +58,18 @@ SKIP: {
+ 
+ ok(run(app(["openssl", "verify", "-nameopt", "utf8", "-no_check_time", "-CAfile", $ascii_chain_pem, $ascii_pem])));
+ ok(run(app(["openssl", "verify", "-nameopt", "utf8", "-no_check_time", "-CAfile", $utf8_chain_pem, $utf8_pem])));
++ok(run(app(["openssl", "verify", "-nameopt", "utf8", "-no_check_time", "-CAfile", $kdc_chain_pem, $kdc_pem])));
+ 
+ ok(!run(app(["openssl", "verify", "-nameopt", "utf8", "-no_check_time", "-CAfile", $ascii_chain_pem, $utf8_pem])));
+ ok(!run(app(["openssl", "verify", "-nameopt", "utf8", "-no_check_time", "-CAfile", $utf8_chain_pem,  $ascii_pem])));
+ 
++# Check an otherName does not get misparsed as an DNS name, (should trigger ASAN errors if violated).
++ok(run(app(["openssl", "verify", "-nameopt", "utf8", "-no_check_time", "-verify_hostname", 'mx1.example.com', "-CAfile", $kdc_chain_pem,  $kdc_pem])));
++# Check an otherName does not get misparsed as an email address, (should trigger ASAN errors if violated).
++ok(run(app(["openssl", "verify", "-nameopt", "utf8", "-no_check_time", "-verify_email", 'joe@example.com', "-CAfile", $kdc_chain_pem,  $kdc_pem])));
++# We expect SmtpUTF8Mailbox to be a UTF8 String, not an IA5String.
++ok(!run(app(["openssl", "verify", "-nameopt", "utf8", "-no_check_time", "-verify_email", 'moe@example.com', "-CAfile", $kdc_chain_pem,  $kdc_pem])));
++
+ #Check that we get the expected failure return code
+ with({ exit_checker => sub { return shift == 2; } },
+      sub {
+diff --git a/test/recipes/25-test_eai_data/kdc-cert.pem b/test/recipes/25-test_eai_data/kdc-cert.pem
+new file mode 100644
+index 0000000000000..e8a2c6f55d459
+--- /dev/null
++++ b/test/recipes/25-test_eai_data/kdc-cert.pem
+@@ -0,0 +1,21 @@
++-----BEGIN CERTIFICATE-----
++MIIDbDCCAlSgAwIBAgIBAjANBgkqhkiG9w0BAQsFADAPMQ0wCwYDVQQDDARSb290
++MCAXDTI0MDYyMDA2MTQxNVoYDzIxMjQwNjIwMDYxNDE1WjAXMRUwEwYDVQQDDAxU
++RVNULkVYQU1QTEUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC6wfP+
++6go79dkpo/dGLMlPZ7Gw/Q6gUYrCWZWUEgEeRVHCrqOlgUEyA+PcWas/XDPUxXry
++BQlJHLvlqamAQn8gs4QPBARFYWKNiTVGyaRkgNA1N5gqyZdrP9UE+ZJmdqxRAAe8
++vvpGZWSgevPhLUiSCFYDiD0Rtji2Hm3rGUrReQFBQDEw2pNGwz9zIaxUs08kQZcx
++Yzyiplz5Oau+R/6sAgUwDlrD9xOlUxx/tA/MSDIfkK8qioU11uUZtO5VjkNQy/bT
++7zQMmXxWgm2MIgOs1u4YN7YGOtgqHE9v9iPHHfgrkbQDtVDGQsa8AQEhkUDSCtW9
++3VFAKx6dGNXYzFwfAgMBAAGjgcgwgcUwHQYDVR0OBBYEFFR5tZycW19DmtbL4Zqj
++te1c2vZLMAkGA1UdIwQCMAAwCQYDVR0TBAIwADCBjQYDVR0RBIGFMIGCoD8GBisG
++AQUCAqA1MDOgDhsMVEVTVC5FWEFNUExFoSEwH6ADAgEBoRgwFhsGa3JidGd0GwxU
++RVNULkVYQU1QTEWgHQYIKwYBBQUHCAmgERYPbW9lQGV4YW1wbGUuY29tgQ9qb2VA
++ZXhhbXBsZS5jb22CD214MS5leGFtcGxlLmNvbTANBgkqhkiG9w0BAQsFAAOCAQEA
++T0xzVtVpRtaOzIhgzw7XQUdzWD5UEGSJJ1cBCOmKUWwDLTAouCYLFB4TbEE7MMUb
++iuMy60bjmVtvfJIXorGUgSadRe5RWJ5DamJWvPA0Q9x7blnEcXqEF+9Td+ypevgU
++UYHFmg83OYwxOsFXZ5cRuXMk3WCsDHQIBi6D1L6oDDZ2pfArs5mqm3thQKVlqyl1
++El3XRYEdqAz/5eCOFNfwxF0ALxjxVr/Z50StUZU8I7Zfev6+kHhyrR7dqzYJImv9
++0fTCOBEMjIETDsrA70OxAMu4V16nrWZdJdvzblS2qrt97Omkj+2kiPAJFB76RpwI
++oDQ9fKfUOAmUFth2/R/eGA==
++-----END CERTIFICATE-----
+diff --git a/test/recipes/25-test_eai_data/kdc-root-cert.pem b/test/recipes/25-test_eai_data/kdc-root-cert.pem
+new file mode 100644
+index 0000000000000..a74c96bf31469
+--- /dev/null
++++ b/test/recipes/25-test_eai_data/kdc-root-cert.pem
+@@ -0,0 +1,16 @@
++-----BEGIN CERTIFICATE-----
++MIICnDCCAYQCCQCBswYcrlZSHjANBgkqhkiG9w0BAQsFADAPMQ0wCwYDVQQDDARS
++b290MCAXDTI0MDYyMDA2MTQxNVoYDzIxMjQwNjIwMDYxNDE1WjAPMQ0wCwYDVQQD
++DARSb290MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqRj8S4kBbIUj
++61kZfi6nE35Q38U140+qt4uAiwAhKumfVHlBM0zQ98WFt5zMHIBQwIb3yjc2zj+0
++qzUnQfwm1r/RfcMmBPEti9Ge+aEMSsds2gMXziOFM8wd2aAFPy7UVE0XpEWofsRK
++MGi61MKVdPSbGIxBwY9VW38/7D/wf1HtJe7y0xpuecR7GB2XAs+qST59NjuF+7wS
++dLM8Hb3TATgeYbXXWsRJgwz+SPzExg5WmLnU+7y4brZ32dHtdSmkRVSgSlaIf7Xj
++3Tc6Zi7I+W/JYk7hy1zUexVdWCak4PHcoWrXe0gNNN/t8VfLfMExt5z/HIylXnU7
++pGUyqZlTGQIDAQABMA0GCSqGSIb3DQEBCwUAA4IBAQAHpLF1UCRy7b6Hk0rLokxI
++lgwiH9BU9mktigAGASvkbllpt+YbUbWnuYAvpHBGiP1qZtfX2r96UrSJaGO9BEzT
++Gp9ThnSjoj4Srul0+s/NArU22irFLmDzbalgevAmm9gMGkdqkiIm/mXbwrPj0ncl
++KGicevXryVpvaP62eZ8cc3C4p97frMmXxRX8sTdQpD/gRI7prdEILRSKveqT+AEW
++7rFGM5AOevb4U8ddop8A3D/kX0wcCAIBF6jCNk3uEJ57jVcagL04kPnVfdRiedTS
++vfq1DRNcD29d1H/9u0fHdSn1/+8Ep3X+afQ3C6//5NvOEaXcIGO4QSwkprQydfv8
++-----END CERTIFICATE-----
+diff --git a/test/recipes/25-test_eai_data/kdc.sh b/test/recipes/25-test_eai_data/kdc.sh
+new file mode 100755
+index 0000000000000..7a8dbc719fb71
+--- /dev/null
++++ b/test/recipes/25-test_eai_data/kdc.sh
+@@ -0,0 +1,41 @@
++#! /usr/bin/env bash
++
++# Create a root CA, signing a leaf cert with a KDC principal otherName SAN, and
++# also a non-UTF8 smtpUtf8Mailbox SAN followed by an rfc822Name SAN and a DNS
++# name SAN.  In the vulnerable EAI code, the KDC principal `otherName` should
++# trigger ASAN errors in DNS name checks, while the non-UTF8 `smtpUtf8Mailbox`
++# should likewise lead to ASAN issues with email name checks.
++
++rm -f root-key.pem root-cert.pem
++openssl req -nodes -new -newkey rsa:2048 -keyout kdc-root-key.pem \
++        -x509 -subj /CN=Root -days 36524 -out kdc-root-cert.pem
++
++exts=$(
++    printf "%s\n%s\n%s\n%s = " \
++        "subjectKeyIdentifier = hash" \
++        "authorityKeyIdentifier = keyid" \
++        "basicConstraints = CA:false" \
++        "subjectAltName"
++    printf "%s, " "otherName:1.3.6.1.5.2.2;SEQUENCE:kdc_princ_name"
++    printf "%s, " "otherName:1.3.6.1.5.5.7.8.9;IA5:moe@example.com"
++    printf "%s, " "email:joe@example.com"
++    printf "%s\n" "DNS:mx1.example.com"
++    printf "[kdc_princ_name]\n"
++    printf "realm = EXP:0, GeneralString:TEST.EXAMPLE\n"
++    printf "principal_name = EXP:1, SEQUENCE:kdc_principal_seq\n"
++    printf "[kdc_principal_seq]\n"
++    printf "name_type = EXP:0, INTEGER:1\n"
++    printf "name_string = EXP:1, SEQUENCE:kdc_principal_components\n"
++    printf "[kdc_principal_components]\n"
++    printf "princ1 = GeneralString:krbtgt\n"
++    printf "princ2 = GeneralString:TEST.EXAMPLE\n"
++    )
++
++printf "%s\n" "$exts"
++
++openssl req -nodes -new -newkey rsa:2048 -keyout kdc-key.pem \
++    -subj "/CN=TEST.EXAMPLE" |
++    openssl x509 -req -out kdc-cert.pem \
++        -CA "kdc-root-cert.pem" -CAkey "kdc-root-key.pem" \
++        -set_serial 2 -days 36524 \
++        -extfile <(printf "%s\n" "$exts")
diff --git a/SPECS/edk2/edk2.spec b/SPECS/edk2/edk2.spec
index c0f0dfe6c2f..694ca3d8128 100644
--- a/SPECS/edk2/edk2.spec
+++ b/SPECS/edk2/edk2.spec
@@ -55,7 +55,7 @@ ExclusiveArch: x86_64
 
 Name:       edk2
 Version:    %{GITDATE}git%{GITCOMMIT}
-Release:    2%{?dist}
+Release:    3%{?dist}
 Summary:    UEFI firmware for 64-bit virtual machines
 License:    Apache-2.0 AND (BSD-2-Clause OR GPL-2.0-or-later) AND BSD-2-Clause-Patent AND BSD-3-Clause AND BSD-4-Clause AND ISC AND MIT AND LicenseRef-Fedora-Public-Domain
 URL:        http://www.tianocore.org
@@ -130,6 +130,7 @@ Patch0017: 0017-silence-.-has-a-LOAD-segment-with-RWX-permissions-wa.patch
 Patch0018: 0018-NetworkPkg-TcpDxe-Fixed-system-stuck-on-PXE-boot-flo.patch
 Patch0019: 0019-NetworkPkg-DxeNetLib-adjust-PseudoRandom-error-loggi.patch
 Patch1000: CVE-2022-3996.patch
+Patch1001: CVE-2024-6119.patch
 
 # python3-devel and libuuid-devel are required for building tools.
 # python3-devel is also needed for varstore template generation and
@@ -341,6 +342,7 @@ cp -a -- %{SOURCE1} .
 tar -C CryptoPkg/Library/OpensslLib -a -f %{SOURCE2} -x
 # Need to patch CVE-2022-3996 in the bundled openssl
 (cd CryptoPkg/Library/OpensslLib/openssl && patch -p1 ) < %{PATCH1000}
+(cd CryptoPkg/Library/OpensslLib/openssl && patch -p1 ) < %{PATCH1001}
 
 # extract softfloat into place
 tar -xf %{SOURCE3} --strip-components=1 --directory ArmPkg/Library/ArmSoftFloatLib/berkeley-softfloat-3/
@@ -783,6 +785,9 @@ done
 /boot/efi/HvLoader.efi
 
 %changelog
+* Thu Sep 19 2024 Minghe Ren <mingheren@microsoft.com> - 20240524git3e722403cd16-3
+- Add patch for CVE-2024-6119
+
 * Wed Aug 21 2024 Cameron Baird <cameronbaird@microsoft.com> - 20240524git3e722403cd16-2
 - Introduce edk2-hvloader subpackage
 

From 7ab11ade1cb1b4fe9edac866a73274c7aa31037e Mon Sep 17 00:00:00 2001
From: Lanze Liu <86434077+liulanze@users.noreply.github.com>
Date: Mon, 23 Sep 2024 12:26:36 -0700
Subject: [PATCH 13/59] Update MIC doc to reference overlay driver and fstab
 for overlay feature. (#10523)

Co-authored-by: lanzeliu <lanzeliu@microsoft.com>
---
 toolkit/tools/imagecustomizer/docs/configuration.md | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/toolkit/tools/imagecustomizer/docs/configuration.md b/toolkit/tools/imagecustomizer/docs/configuration.md
index 680adb91b77..ce55bed5322 100644
--- a/toolkit/tools/imagecustomizer/docs/configuration.md
+++ b/toolkit/tools/imagecustomizer/docs/configuration.md
@@ -47,8 +47,8 @@ The Azure Linux Image Customizer is configured using a YAML (or JSON) file.
 
 12. Update the SELinux mode. [mode](#mode-string)
 
-13. If ([overlays](#overlay-type)) are specified, then add the overlays dracut module
-    and update the grub config.
+13. If ([overlays](#overlay-type)) are specified, then add the overlay driver
+    and update the fstab file with the overlay mount information.
 
 14. If ([verity](#verity-type)) is specified, then add the dm-verity dracut driver
     and update the grub config.

From 68bc6536e2ebb741fa0bf5d375a595b178f24ef3 Mon Sep 17 00:00:00 2001
From: elainezhao96 <102555676+elainezhao96@users.noreply.github.com>
Date: Mon, 23 Sep 2024 13:08:39 -0700
Subject: [PATCH 14/59] OSModifier: Read root device from grub.cfg (#10518)

---
 .../pkg/imagecustomizerlib/bootcustomizer.go  | 11 +++++++
 .../pkg/osmodifierlib/modifydefaultgrub.go    | 32 +++++++++++--------
 2 files changed, 30 insertions(+), 13 deletions(-)

diff --git a/toolkit/tools/pkg/imagecustomizerlib/bootcustomizer.go b/toolkit/tools/pkg/imagecustomizerlib/bootcustomizer.go
index 9e360ff81a2..0dd50767177 100644
--- a/toolkit/tools/pkg/imagecustomizerlib/bootcustomizer.go
+++ b/toolkit/tools/pkg/imagecustomizerlib/bootcustomizer.go
@@ -211,3 +211,14 @@ func (b *BootCustomizer) WriteToFile(imageChroot safechroot.ChrootInterface) err
 
 	return nil
 }
+
+func (b *BootCustomizer) SetRootDevice(rootDevice string) error {
+	updatedGrubFileContent, err := UpdateDefaultGrubFileVariable(b.defaultGrubFileContent, "GRUB_DEVICE", rootDevice)
+	if err != nil {
+		return err
+	}
+
+	b.defaultGrubFileContent = updatedGrubFileContent
+
+	return nil
+}
diff --git a/toolkit/tools/pkg/osmodifierlib/modifydefaultgrub.go b/toolkit/tools/pkg/osmodifierlib/modifydefaultgrub.go
index b9740f69d4b..9d835ec12ab 100644
--- a/toolkit/tools/pkg/osmodifierlib/modifydefaultgrub.go
+++ b/toolkit/tools/pkg/osmodifierlib/modifydefaultgrub.go
@@ -15,6 +15,7 @@ import (
 var grubArgs = []string{
 	"rd.overlayfs",
 	"roothash",
+	"root",
 	"rd.systemd.verity",
 	"systemd.verity_root_data",
 	"systemd.verity_root_hash",
@@ -26,7 +27,7 @@ var grubArgs = []string{
 func modifyDefaultGrub() error {
 	var dummyChroot safechroot.ChrootInterface = &safechroot.DummyChroot{}
 	// Get verity, selinux, overlayfs, and root device values from /boot/grub2/grub.cfg
-	values, err := extractValuesFromGrubConfig(dummyChroot)
+	values, rootDevice, err := extractValuesFromGrubConfig(dummyChroot)
 	if err != nil {
 		return fmt.Errorf("error getting verity, selinux and overlayfs values from grub.cfg:\n%w", err)
 	}
@@ -36,14 +37,14 @@ func modifyDefaultGrub() error {
 		return err
 	}
 
-	// Stamp root device value to /etc/default/grub
-	err = bootCustomizer.PrepareForVerity()
+	// Stamp verity, selinux and overlayfs values to /etc/default/grub
+	err = bootCustomizer.UpdateKernelCommandLineArgs("GRUB_CMDLINE_LINUX", grubArgs, values)
 	if err != nil {
-		return fmt.Errorf("failed to prepare grub config files for verity:\n%w", err)
+		return err
 	}
 
-	// Stamp verity, selinux and overlayfs values to /etc/default/grub
-	err = bootCustomizer.UpdateKernelCommandLineArgs("GRUB_CMDLINE_LINUX", grubArgs, values)
+	// Stamp root device to /etc/default/grub
+	err = bootCustomizer.SetRootDevice(rootDevice)
 	if err != nil {
 		return err
 	}
@@ -58,34 +59,39 @@ func modifyDefaultGrub() error {
 	return nil
 }
 
-func extractValuesFromGrubConfig(imageChroot safechroot.ChrootInterface) ([]string, error) {
+func extractValuesFromGrubConfig(imageChroot safechroot.ChrootInterface) ([]string, string, error) {
 	grubCfgContent, err := imagecustomizerlib.ReadGrub2ConfigFile(imageChroot)
 	if err != nil {
-		return nil, err
+		return nil, "", err
 	}
 
 	lines, err := imagecustomizerlib.FindNonRecoveryLinuxLine(grubCfgContent)
 	if err != nil {
-		return nil, err
+		return nil, "", err
 	}
 
 	if len(lines) != 1 {
-		return nil, fmt.Errorf("expected 1 non-recovery linux line, found %d", len(lines))
+		return nil, "", fmt.Errorf("expected 1 non-recovery linux line, found %d", len(lines))
 	}
 
 	argTokens, err := imagecustomizerlib.ParseCommandLineArgs(lines[0].Tokens)
 	if err != nil {
-		return nil, err
+		return nil, "", err
 	}
 
 	var values []string
+	var rootDevice string
 	for _, arg := range argTokens {
 		if sliceutils.ContainsValue(grubArgs, arg.Name) {
 			if arg.Value != "" {
-				values = append(values, arg.Name+"="+arg.Value)
+				if arg.Name == "root" {
+					rootDevice = arg.Value
+				} else {
+					values = append(values, arg.Name+"="+arg.Value)
+				}
 			}
 		}
 	}
 
-	return values, nil
+	return values, rootDevice, nil
 }

From 57c97dba6ad1cfe1b72ff950e812800473c333f1 Mon Sep 17 00:00:00 2001
From: Minghe Ren <mingheren@microsoft.com>
Date: Mon, 23 Sep 2024 15:52:55 -0700
Subject: [PATCH 15/59] upgrade cloud-init to 24.3 (#10407)

Co-authored-by: minghe <rmhsawyer>
---
 ...rface-Renaming-Support-for-CAPM3-Met.patch | 155 +++++++++++++++---
 SPECS/cloud-init/Binaries-location.patch      |  12 --
 SPECS/cloud-init/cloud-init.signatures.json   |   2 +-
 SPECS/cloud-init/cloud-init.spec              |  12 +-
 cgmanifest.json                               |   4 +-
 5 files changed, 139 insertions(+), 46 deletions(-)
 delete mode 100644 SPECS/cloud-init/Binaries-location.patch

diff --git a/SPECS/cloud-init/Add-Network-Interface-Renaming-Support-for-CAPM3-Met.patch b/SPECS/cloud-init/Add-Network-Interface-Renaming-Support-for-CAPM3-Met.patch
index bf20db4c1b9..4204917d664 100644
--- a/SPECS/cloud-init/Add-Network-Interface-Renaming-Support-for-CAPM3-Met.patch
+++ b/SPECS/cloud-init/Add-Network-Interface-Renaming-Support-for-CAPM3-Met.patch
@@ -15,17 +15,31 @@ interfaces by using the "id" attribute found in the CAPM3 Metal3DataTemplate
 specification. This is a temporary fix until the "name" attribute is added to
 the specification.
 ---
- cloudinit/sources/helpers/openstack.py        | 11 +--
- .../sources/helpers/test_openstack.py         |  8 +-
- tests/unittests/sources/test_configdrive.py   | 84 ++++++++++---------
- tests/unittests/test_net.py                   | 80 ++++++------------
- 4 files changed, 79 insertions(+), 104 deletions(-)
+ Makefile                                      |   2 +-
+ cloudinit/sources/helpers/openstack.py        |  11 +-
+ .../sources/helpers/test_openstack.py         |   8 +-
+ tests/unittests/sources/test_configdrive.py   |  84 ++++++-------
+ tests/unittests/test_net.py                   | 110 ++++++------------
+ 5 files changed, 90 insertions(+), 125 deletions(-)
 
+diff --git a/Makefile b/Makefile
+index 1eebb048e..af3b735bb 100644
+--- a/Makefile
++++ b/Makefile
+@@ -27,7 +27,7 @@ lint:
+ 	@$(CWD)/tools/run-lint
+ 
+ unittest: clean_pyc
+-	$(PYTHON) -m pytest -v tests/unittests cloudinit
++	$(PYTHON) -m pytest -vv -s tests/unittests cloudinit
+ 
+ render-template:
+ 	$(PYTHON) ./tools/render-template --variant=$(VARIANT) $(FILE) $(subst .tmpl,,$(FILE))
 diff --git a/cloudinit/sources/helpers/openstack.py b/cloudinit/sources/helpers/openstack.py
-index d2260baa0..f995ce4b1 100644
+index 97ec18faf..84ef61b24 100644
 --- a/cloudinit/sources/helpers/openstack.py
 +++ b/cloudinit/sources/helpers/openstack.py
-@@ -596,13 +596,14 @@ def convert_net_json(network_json=None, known_macs=None):
+@@ -600,13 +600,14 @@ def convert_net_json(network_json=None, known_macs=None):
          # present.  The 'id' in the spec is currently implemented as the host
          # nic's name, meaning something like 'tap-adfasdffd'.  We do not want
          # to name guest devices with such ugly names.
@@ -46,10 +60,10 @@ index d2260baa0..f995ce4b1 100644
          curinfo = {
              "name": cfg.get("name"),
 diff --git a/tests/unittests/sources/helpers/test_openstack.py b/tests/unittests/sources/helpers/test_openstack.py
-index ac8e2a354..143c12796 100644
+index 6ec0bd75b..02d7fb9c8 100644
 --- a/tests/unittests/sources/helpers/test_openstack.py
 +++ b/tests/unittests/sources/helpers/test_openstack.py
-@@ -42,9 +42,9 @@ class TestConvertNetJson(test_helpers.CiTestCase):
+@@ -41,9 +41,9 @@ class TestConvertNetJson:
              "version": 1,
              "config": [
                  {
@@ -61,7 +75,7 @@ index ac8e2a354..143c12796 100644
                      "subnets": [{"type": "dhcp4"}],
                      "type": "physical",
                  },
-@@ -94,9 +94,9 @@ class TestConvertNetJson(test_helpers.CiTestCase):
+@@ -90,9 +90,9 @@ class TestConvertNetJson:
              "version": 1,
              "config": [
                  {
@@ -251,10 +265,11 @@ index 70da4812a..e0afa2936 100644
          }
          self.assertEqual(expected, config_name2mac)
  
-diff -ruN a/tests/unittests/test_net.py b/tests/unittests/test_net.py
---- a/tests/unittests/test_net.py	2024-07-02 18:44:08.000000000 -0700
-+++ b/tests/unittests/test_net.py	2024-07-03 20:33:37.305007410 -0700
-@@ -566,13 +566,12 @@
+diff --git a/tests/unittests/test_net.py b/tests/unittests/test_net.py
+index 68e44fa80..eee57d9e2 100644
+--- a/tests/unittests/test_net.py
++++ b/tests/unittests/test_net.py
+@@ -566,13 +566,12 @@ OS_SAMPLES = [
          },
          "out_sysconfig_opensuse": [
              (
@@ -269,7 +284,7 @@ diff -ruN a/tests/unittests/test_net.py b/tests/unittests/test_net.py
  NETMASK=255.255.252.0
  STARTMODE=auto
  """.lstrip(),
-@@ -598,27 +597,22 @@
+@@ -598,27 +597,22 @@ dns = none
              ),
              (
                  "etc/udev/rules.d/85-persistent-net-cloud-init.rules",
@@ -301,7 +316,7 @@ diff -ruN a/tests/unittests/test_net.py b/tests/unittests/test_net.py
  IPADDR=172.19.1.34
  NETMASK=255.255.252.0
  ONBOOT=yes
-@@ -647,12 +641,8 @@
+@@ -647,12 +641,8 @@ dns = none
              ),
              (
                  "etc/udev/rules.d/70-persistent-net.rules",
@@ -311,12 +326,12 @@ diff -ruN a/tests/unittests/test_net.py b/tests/unittests/test_net.py
 -                        'ATTR{address}=="fa:16:3e:ed:9a:59", NAME="eth0"\n',
 -                    ]
 -                ),
-+	         # Since we do not set mac address, we are expecting the content to be nil
-+                 "",
++                # Since we do not set mac address, we are expecting the content to be nil
++                "",
              ),
          ],
          "expected_network_manager": [
-@@ -824,23 +814,23 @@
+@@ -660,23 +650,23 @@ dns = none
                  "".join(
                      [
                          "etc/NetworkManager/system-connections",
@@ -344,7 +359,91 @@ diff -ruN a/tests/unittests/test_net.py b/tests/unittests/test_net.py
  
  [ipv4]
  method=manual
-@@ -904,14 +894,13 @@
+@@ -738,7 +728,6 @@ dns-search=testweb.com;
+ #
+ BOOTPROTO=static
+ IPADDR=172.19.1.34
+-LLADDR=fa:16:3e:ed:9a:59
+ NETMASK=255.255.252.0
+ STARTMODE=auto
+ """.lstrip(),
+@@ -763,12 +752,8 @@ dns = none
+             ),
+             (
+                 "etc/udev/rules.d/85-persistent-net-cloud-init.rules",
+-                "".join(
+-                    [
+-                        'SUBSYSTEM=="net", ACTION=="add", DRIVERS=="?*", ',
+-                        'ATTR{address}=="fa:16:3e:ed:9a:59", NAME="eth0"\n',
+-                    ]
+-                ),
++                # Since we do not set mac address, we are expecting the content to be nil
++                "",
+             ),
+         ],
+         "out_sysconfig_rhel": [
+@@ -783,7 +768,6 @@ DEVICE=eth0
+ DNS1=172.19.0.12
+ DOMAIN=example3.com
+ GATEWAY=172.19.3.254
+-HWADDR=fa:16:3e:ed:9a:59
+ IPADDR=172.19.1.34
+ NETMASK=255.255.252.0
+ ONBOOT=yes
+@@ -811,12 +795,8 @@ dns = none
+             ),
+             (
+                 "etc/udev/rules.d/70-persistent-net.rules",
+-                "".join(
+-                    [
+-                        'SUBSYSTEM=="net", ACTION=="add", DRIVERS=="?*", ',
+-                        'ATTR{address}=="fa:16:3e:ed:9a:59", NAME="eth0"\n',
+-                    ]
+-                ),
++                # Since we do not set mac address, we are expecting the content to be nil
++                "",
+             ),
+         ],
+         "expected_network_manager": [
+@@ -824,31 +804,31 @@ dns = none
+                 "".join(
+                     [
+                         "etc/NetworkManager/system-connections",
+-                        "/cloud-init-eth0.nmconnection",
++                        "/cloud-init-tap1a81968a-79.nmconnection",
+                     ]
+                 ),
+                 """
+ # Generated by cloud-init. Changes will be lost.
+ 
+ [connection]
+-id=cloud-init eth0
+-uuid=1dd9a779-d327-56e1-8454-c65e2556c12c
++id=cloud-init tap1a81968a-79
++uuid=2e85b264-dffb-5635-9b6c-616838eb1130
+ autoconnect-priority=120
+ type=ethernet
++interface-name=tap1a81968a-79
+ 
+ [user]
+ org.freedesktop.NetworkManager.origin=cloud-init
+ 
+ [ethernet]
+-mac-address=FA:16:3E:ED:9A:59
+ 
+ [ipv4]
+ method=manual
+ may-fail=false
+ address1=172.19.1.34/22
+ route1=0.0.0.0/0,172.19.3.254
+-dns=172.19.0.12;
+-dns-search=example3.com;
++dns=172.19.0.13;
++dns-search=testweb.com;
+ 
+ """.lstrip(),
+             ),
+@@ -904,14 +884,13 @@ dns-search=example3.com;
          },
          "out_sysconfig_opensuse": [
              (
@@ -360,7 +459,7 @@ diff -ruN a/tests/unittests/test_net.py b/tests/unittests/test_net.py
  NETMASK=255.255.252.0
  NETMASK1=255.255.255.0
  STARTMODE=auto
-@@ -937,25 +926,20 @@
+@@ -937,25 +916,20 @@ dns = none
              ),
              (
                  "etc/udev/rules.d/85-persistent-net-cloud-init.rules",
@@ -390,7 +489,7 @@ diff -ruN a/tests/unittests/test_net.py b/tests/unittests/test_net.py
  IPADDR=172.19.1.34
  IPADDR1=10.0.0.10
  NETMASK=255.255.252.0
-@@ -985,12 +969,8 @@
+@@ -985,12 +959,8 @@ dns = none
              ),
              (
                  "etc/udev/rules.d/70-persistent-net.rules",
@@ -405,7 +504,7 @@ diff -ruN a/tests/unittests/test_net.py b/tests/unittests/test_net.py
              ),
          ],
      },
-@@ -1062,7 +1042,7 @@
+@@ -1062,7 +1032,7 @@ dns = none
          },
          "out_sysconfig_opensuse": [
              (
@@ -414,7 +513,7 @@ diff -ruN a/tests/unittests/test_net.py b/tests/unittests/test_net.py
                  """
  # Created by cloud-init automatically, do not edit.
  #
-@@ -1071,7 +1051,6 @@
+@@ -1071,7 +1041,6 @@ IPADDR=172.19.1.34
  IPADDR6=2001:DB8::10/64
  IPADDR6_1=2001:DB9::10/64
  IPADDR6_2=2001:DB10::10/64
@@ -422,7 +521,7 @@ diff -ruN a/tests/unittests/test_net.py b/tests/unittests/test_net.py
  NETMASK=255.255.252.0
  STARTMODE=auto
  """.lstrip(),
-@@ -1095,25 +1074,20 @@
+@@ -1095,25 +1064,20 @@ dns = none
              ),
              (
                  "etc/udev/rules.d/85-persistent-net-cloud-init.rules",
@@ -452,7 +551,7 @@ diff -ruN a/tests/unittests/test_net.py b/tests/unittests/test_net.py
  IPADDR=172.19.1.34
  IPV6ADDR=2001:DB8::10/64
  IPV6ADDR_SECONDARIES="2001:DB9::10/64 2001:DB10::10/64"
-@@ -1146,12 +1120,8 @@
+@@ -1146,12 +1110,8 @@ dns = none
              ),
              (
                  "etc/udev/rules.d/70-persistent-net.rules",
@@ -467,4 +566,6 @@ diff -ruN a/tests/unittests/test_net.py b/tests/unittests/test_net.py
              ),
          ],
      },
-2.34.1
+-- 
+2.45.2
+
diff --git a/SPECS/cloud-init/Binaries-location.patch b/SPECS/cloud-init/Binaries-location.patch
deleted file mode 100644
index 9044ccd3b87..00000000000
--- a/SPECS/cloud-init/Binaries-location.patch
+++ /dev/null
@@ -1,12 +0,0 @@
-diff -ruN a/cloudinit/distros/azurelinux.py b/cloudinit/distros/azurelinux.py
---- a/cloudinit/distros/azurelinux.py	2024-07-02 18:44:08.000000000 -0700
-+++ b/cloudinit/distros/azurelinux.py	2024-07-17 14:08:22.209966025 -0700
-@@ -22,6 +22,8 @@
- 
- 
- class Distro(rhel.Distro):
-+    usr_lib_exec = "/usr/lib"
-+	
-     def __init__(self, name, cfg, paths):
-         super().__init__(name, cfg, paths)
-         self.osfamily = "azurelinux"
diff --git a/SPECS/cloud-init/cloud-init.signatures.json b/SPECS/cloud-init/cloud-init.signatures.json
index d65a6e071ac..0ae52e52bc0 100644
--- a/SPECS/cloud-init/cloud-init.signatures.json
+++ b/SPECS/cloud-init/cloud-init.signatures.json
@@ -1,6 +1,6 @@
 {
  "Signatures": {
   "10-azure-kvp.cfg": "79e0370c010be5cd4717960e4b414570c9ec6e6d29aede77ccecc43d2b03bb9a",
-  "cloud-init-24.2.tar.gz": "b70d49e9e5bd891b0bb021b09b80aed501c81e2bef5f1cba00561adfd8d2e974"
+  "cloud-init-24.3.tar.gz": "c362eeb6f6fd1975fcd260a7aae62c8f02d8565d71e857ba40b27ac92cddfb76"
  }
 }
diff --git a/SPECS/cloud-init/cloud-init.spec b/SPECS/cloud-init/cloud-init.spec
index b5463a4f0e5..8856302ac02 100644
--- a/SPECS/cloud-init/cloud-init.spec
+++ b/SPECS/cloud-init/cloud-init.spec
@@ -1,7 +1,7 @@
 Summary:        Cloud instance init scripts
 Name:           cloud-init
-Version:        24.2
-Release:        2%{?dist}
+Version:        24.3
+Release:        1%{?dist}
 License:        GPLv3
 Vendor:         Microsoft Corporation
 Distribution:   Azure Linux
@@ -10,7 +10,6 @@ URL:            https://launchpad.net/cloud-init
 Source0:        https://github.com/canonical/%{name}/archive/refs/tags/%{version}.tar.gz#/%{name}-%{version}.tar.gz
 Source1:        10-azure-kvp.cfg
 Patch0:         Add-Network-Interface-Renaming-Support-for-CAPM3-Met.patch
-Patch1:         Binaries-location.patch
 %define cl_services cloud-config.service cloud-config.target cloud-final.service cloud-init.service cloud-init.target cloud-init-local.service
 BuildRequires:  automake
 BuildRequires:  dbus
@@ -133,7 +132,7 @@ make check %{?_smp_mflags}
 %config(noreplace) %{_sysconfdir}/cloud/templates/*
 %config(noreplace) %{_sysconfdir}/cloud/cloud.cfg
 %config(noreplace) %{_sysconfdir}/cloud/cloud.cfg.d/05_logging.cfg
-%config(noreplace) %{_sysconfdir}/systemd/system/sshd-keygen@.service.d/disable-sshd-keygen-if-cloud-init-active.conf
+%config(noreplace) %{_libdir}/systemd/system/sshd-keygen@.service.d/disable-sshd-keygen-if-cloud-init-active.conf
 %{_unitdir}/*
 %{_systemdgeneratordir}/cloud-init-generator
 /usr/lib/udev/rules.d/66-azure-ephemeral.rules
@@ -143,6 +142,11 @@ make check %{?_smp_mflags}
 %config(noreplace) %{_sysconfdir}/cloud/cloud.cfg.d/10-azure-kvp.cfg
 
 %changelog
+* Tue Sep 10 2024 Minghe Ren <mingheren@microsoft.com> - 24.3-1
+- Upgrade cloud-init to 24.3 to add azure proxy agent support
+- Remove unnecessary Binaries-location.patch
+- Update Add-Network-Interface-Renaming-Support-for-CAPM3-Met.patch for newer version
+
 * Tue Jul 16 2024 Minghe Ren <mingheren@microsoft.com> - 24.2-2
 - Add patch to point default cloud-init binaries location
 
diff --git a/cgmanifest.json b/cgmanifest.json
index 7bce61d7ac0..8ebd4f58608 100644
--- a/cgmanifest.json
+++ b/cgmanifest.json
@@ -1777,8 +1777,8 @@
         "type": "other",
         "other": {
           "name": "cloud-init",
-          "version": "24.2",
-          "downloadUrl": "https://github.com/canonical/cloud-init/archive/refs/tags/24.2.tar.gz"
+          "version": "24.3",
+          "downloadUrl": "https://github.com/canonical/cloud-init/archive/refs/tags/24.3.tar.gz"
         }
       }
     },

From 6eccd8651d570f71fc737ef1dbfae681710d7c33 Mon Sep 17 00:00:00 2001
From: CBL-Mariner-Bot <75509084+CBL-Mariner-Bot@users.noreply.github.com>
Date: Mon, 23 Sep 2024 18:58:49 -0400
Subject: [PATCH 16/59] [AUTO-CHERRYPICK] [Cherry-pick] Update
 virt_launcher.cil installation path in virt-handler container - branch
 3.0-dev (#10501)

Co-authored-by: Riken Maharjan <106988478+rikenm1@users.noreply.github.com>
Co-authored-by: Mykhailo Bykhovtsev <mbykhovtsev@microsoft.com>
---
 SPECS/kubevirt/kubevirt.spec | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/SPECS/kubevirt/kubevirt.spec b/SPECS/kubevirt/kubevirt.spec
index 9143c280274..bdff43c0b07 100644
--- a/SPECS/kubevirt/kubevirt.spec
+++ b/SPECS/kubevirt/kubevirt.spec
@@ -271,7 +271,7 @@ install -p -m 0644 cmd/virt-launcher/qemu.conf %{buildroot}%{_datadir}/kube-virt
 %{_bindir}/virt-tests
 
 %changelog
-* Mon Aug 26 2024 Sharath Srikanth Chellappa <sharathsr@microsoft.com> - 1.2.0-8
+* Fri Sep 06 2024 Sharath Srikanth Chellappa <sharathsr@microsoft.com> - 1.2.0-8
 - Adding swtpm tools for building kubevirt RPM.
 
 * Fri Aug 30 2024 Harshit Gupta <guptaharshit@microsoft.com> - 1.2.0-7

From 455d3012dd86777e30e72e7c2169d44e0a310e8a Mon Sep 17 00:00:00 2001
From: CBL-Mariner-Bot <75509084+CBL-Mariner-Bot@users.noreply.github.com>
Date: Mon, 23 Sep 2024 19:16:50 -0400
Subject: [PATCH 17/59] [AUTO-CHERRYPICK] Update openssl to 3.3.2 under
 cloud-hypervisor-cvm in order to address CVE-2024-6119 - branch 3.0-dev
 (#10529)

Co-authored-by: Jiri Appl <jiria@microsoft.com>
---
 .../cloud-hypervisor-cvm.signatures.json      |  2 +-
 .../cloud-hypervisor-cvm.spec                 | 26 ++++++++++++++-----
 ...sl-to-3.3.2-to-address-CVE-2024-6119.patch | 14 ++++++++++
 3 files changed, 35 insertions(+), 7 deletions(-)
 create mode 100644 SPECS/cloud-hypervisor-cvm/upgrade-openssl-to-3.3.2-to-address-CVE-2024-6119.patch

diff --git a/SPECS/cloud-hypervisor-cvm/cloud-hypervisor-cvm.signatures.json b/SPECS/cloud-hypervisor-cvm/cloud-hypervisor-cvm.signatures.json
index 1e149de90d7..9efe9c19108 100644
--- a/SPECS/cloud-hypervisor-cvm/cloud-hypervisor-cvm.signatures.json
+++ b/SPECS/cloud-hypervisor-cvm/cloud-hypervisor-cvm.signatures.json
@@ -1,6 +1,6 @@
 {
  "Signatures": {
-  "cloud-hypervisor-cvm-38.0.72.2-cargo.tar.gz": "12190a4f2fbd29b2c6c197388a958eab5dff91e8d75927841669d81d794eadf4",
+  "cloud-hypervisor-cvm-38.0.72.2-2-cargo.tar.gz": "68d1dc8f2a70fddad934e9131ccad7ce2c96323869433419e2f488062396bcc8",
   "cloud-hypervisor-cvm-38.0.72.2.tar.gz": "1a357a0805f7b6d90993d5ae246c2dedff88cf98c9c0eab0903dc8071be0dae2",
   "config.toml": "74c28b7520c157109b8990b325fe8f13504e56561a9bac51499d4c6bf4a66e52"
  }
diff --git a/SPECS/cloud-hypervisor-cvm/cloud-hypervisor-cvm.spec b/SPECS/cloud-hypervisor-cvm/cloud-hypervisor-cvm.spec
index 24463457974..a3a1e61868d 100644
--- a/SPECS/cloud-hypervisor-cvm/cloud-hypervisor-cvm.spec
+++ b/SPECS/cloud-hypervisor-cvm/cloud-hypervisor-cvm.spec
@@ -5,7 +5,7 @@
 Name:           cloud-hypervisor-cvm
 Summary:        Cloud Hypervisor CVM is an open source Virtual Machine Monitor (VMM) that enables running SEV SNP enabled VMs on top of MSHV using the IGVM file format as payload.
 Version:        38.0.72.2
-Release:        1%{?dist}
+Release:        2%{?dist}
 License:        ASL 2.0 OR BSD-3-clause
 Vendor:         Microsoft Corporation
 Distribution:   Azure Linux
@@ -15,14 +15,22 @@ Source0:        https://github.com/microsoft/cloud-hypervisor/archive/refs/tags/
 %if 0%{?using_vendored_crates}
 # Note: the %%{name}-%%{version}-cargo.tar.gz file contains a cache created by capturing the contents downloaded into $CARGO_HOME.
 # To update the cache and config.toml run:
-#   tar -xf %{name}-%{version}.tar.gz
-#   cd %{name}-%{version}
+#   tar -xf %%{name}-%%{version}.tar.gz
+#   cd %%{name}-%%{version}
+#   patch -u -p0 < ../upgrade-openssl-to-3.3.2-to-address-CVE-2024-6119.patch
 #   cargo vendor > config.toml
-#   tar -czf %{name}-%{version}-cargo.tar.gz vendor/
-# rename the tarball to %{name}-%{version}-cargo.tar.gz when updating version
-Source1:        %{name}-%{version}-cargo.tar.gz
+#   tar -czf %%{name}-%%{version}-cargo.tar.gz vendor/
+# rename the tarball to %%{name}-%%{version}-2-cargo.tar.gz when updating version
+# (feel free to drop -2 and this comment on version change)
+Source1:        %{name}-%{version}-2-cargo.tar.gz
 Source2:        config.toml
 %endif
+# Generated using:
+#   tar -xf %%{name}-%%{version}.tar.gz
+#   cd %%{name}-%%{version}
+#   cargo update -p openssl-src --precise 300.3.2+3.3.2
+#   diff -u ../cloud-hypervisor-msft-v38.0.72.2.backup/Cargo.lock Cargo.lock > ../upgrade-openssl-to-3.3.2-to-address-CVE-2024-6119.patch
+Patch0:         upgrade-openssl-to-3.3.2-to-address-CVE-2024-6119.patch
 
 BuildRequires:  binutils
 BuildRequires:  gcc
@@ -75,6 +83,9 @@ tar xf %{SOURCE1}
 mkdir -p .cargo
 cp %{SOURCE2} .cargo/
 %endif
+# The vendored archive has been populated based on the patch, so we need to
+# repatch here as well in order to use the same versions
+%autopatch -p0
 
 %install
 install -d %{buildroot}%{_bindir}
@@ -136,6 +147,9 @@ cargo build --release --target=%{rust_musl_target} %{cargo_pkg_feature_opts} %{c
 %license LICENSE-BSD-3-Clause
 
 %changelog
+* Tue Sep 17 2024 Jiri Appl <jiria@microsoft.com> - 38.0.72.2-2
+- Patch openssl in the vendored archive to 3.3.2 to address CVE-2024-6119
+
 * Fri Jul 12 2024 Archana Choudhary <archana1@microsoft.com> - 38.0.72.2-1
 - Upgrade to v38.0.72.2
 - Fixes CVE-2023-45853, CVE-2018-25032, CVE-2023-5363, CVE-2023-5678, CVE-2023-6129, CVE-2023-6237, CVE-2024-0727, CVE-2024-4603
diff --git a/SPECS/cloud-hypervisor-cvm/upgrade-openssl-to-3.3.2-to-address-CVE-2024-6119.patch b/SPECS/cloud-hypervisor-cvm/upgrade-openssl-to-3.3.2-to-address-CVE-2024-6119.patch
new file mode 100644
index 00000000000..c2ae8b47349
--- /dev/null
+++ b/SPECS/cloud-hypervisor-cvm/upgrade-openssl-to-3.3.2-to-address-CVE-2024-6119.patch
@@ -0,0 +1,14 @@
+--- ../cloud-hypervisor-msft-v38.0.72.2.backup/Cargo.lock	2024-09-17 12:55:41.269905595 -0700
++++ Cargo.lock	2024-09-17 13:49:15.579003678 -0700
+@@ -1421,9 +1421,9 @@
+ 
+ [[package]]
+ name = "openssl-src"
+-version = "300.3.1+3.3.1"
++version = "300.3.2+3.3.2"
+ source = "registry+https://github.com/rust-lang/crates.io-index"
+-checksum = "7259953d42a81bf137fbbd73bd30a8e1914d6dce43c2b90ed575783a22608b91"
++checksum = "a211a18d945ef7e648cc6e0058f4c548ee46aab922ea203e0d30e966ea23647b"
+ dependencies = [
+  "cc",
+ ]

From 0765ab3cb36312b0f22f8dce9874eaee0c8689a4 Mon Sep 17 00:00:00 2001
From: Rohit Rawat <rohitrawat@microsoft.com>
Date: Tue, 24 Sep 2024 21:56:57 +0530
Subject: [PATCH 18/59] Add Mosh to Extended packages (#10531)

Co-authored-by: AZaugg <AZaugg@users.noreply.github.com>
Co-authored-by: Muhammad Falak R Wani <falakreyaz@gmail.com>
---
 LICENSES-AND-NOTICES/SPECS/LICENSES-MAP.md    |   2 +-
 LICENSES-AND-NOTICES/SPECS/data/licenses.json |   1 +
 SPECS-EXTENDED/mosh/mosh.signatures.json      |   5 +
 SPECS-EXTENDED/mosh/mosh.spec                 | 231 ++++++++++++++++++
 cgmanifest.json                               |  10 +
 5 files changed, 248 insertions(+), 1 deletion(-)
 create mode 100644 SPECS-EXTENDED/mosh/mosh.signatures.json
 create mode 100644 SPECS-EXTENDED/mosh/mosh.spec

diff --git a/LICENSES-AND-NOTICES/SPECS/LICENSES-MAP.md b/LICENSES-AND-NOTICES/SPECS/LICENSES-MAP.md
index 9c4a5582ca9..f746045079a 100644
--- a/LICENSES-AND-NOTICES/SPECS/LICENSES-MAP.md
+++ b/LICENSES-AND-NOTICES/SPECS/LICENSES-MAP.md
@@ -5,7 +5,7 @@ The Azure Linux SPEC files originated from a variety of sources with varying lic
 | CentOS | [MIT](https://www.centos.org/legal/#licensing-policy) | crash-ptdump-command <br> delve <br> fstrm <br> nodejs-nodemon <br> rhnlib <br> rt-setup <br> rt-tests <br> rtctl <br> tuned |
 | Ceph source | [LGPL2.1](https://github.com/ceph/ceph/blob/master/COPYING-LGPL2.1) | ceph |
 | Debian | [MIT](https://opensource.org/licenses/MIT) | prometheus-process-exporter |
-| Fedora | [Fedora MIT License Declaration](https://fedoraproject.org/wiki/Licensing:Main?rd=Licensing#License_of_Fedora_SPEC_Files) | a52dec <br> abseil-cpp <br> accountsservice <br> acpica-tools <br> acpid <br> adcli <br> adobe-mappings-cmap <br> adobe-mappings-pdf <br> advancecomp <br> adwaita-icon-theme <br> afflib <br> aide <br> alsa-firmware <br> alsa-plugins <br> amtk <br> amtterm <br> annobin <br> ansible-freeipa <br> archivemount <br> arptables <br> arpwatch <br> asio <br> aspell <br> aspell-en <br> at <br> at-spi2-atk <br> at-spi2-core <br> atf <br> atk <br> atop <br> attr <br> audiofile <br> augeas <br> authbind <br> authd <br> authselect <br> autoconf213 <br> avahi <br> babeltrace <br> babeltrace2 <br> babl <br> baekmuk-ttf-fonts <br> bats <br> bcache-tools <br> biosdevname <br> blosc <br> bluez <br> bmake <br> bolt <br> boom-boot <br> booth <br> botan2 <br> breezy <br> brotli <br> buildah <br> busybox <br> bwidget <br> byacc <br> ca-certificates <br> cachefilesd <br> cairomm <br> calamares <br> capnproto <br> capstone <br> catatonit <br> catch <br> catch1 <br> cdrdao <br> celt051 <br> cereal <br> certmonger <br> cfitsio <br> cgdcbxd <br> chan <br> CharLS <br> checkpolicy <br> checksec <br> chrony <br> cim-schema <br> cjkuni-uming-fonts <br> cjose <br> ck <br> cldr-emoji-annotation <br> clucene <br> clutter <br> clutter-gst3 <br> clutter-gtk <br> cmocka <br> cogl <br> collectd <br> colm <br> color-filesystem <br> colord <br> colorize <br> compat-lua <br> compiler-rt <br> conda <br> conmon <br> conntrack-tools <br> console-setup <br> container-exception-logger <br> containernetworking-plugins <br> convmv <br> corosync <br> corosync-qdevice <br> cpp-hocon <br> cppcheck <br> cpprest <br> cpptest <br> cpufrequtils <br> cpuid <br> criu <br> crypto-policies <br> cryptsetup <br> cscope <br> ctags <br> CUnit <br> cups <br> custodia <br> Cython <br> dbus-c++ <br> dbus-python <br> dbxtool <br> dconf <br> dcraw <br> debootstrap <br> deltarpm <br> desktop-file-utils <br> device-mapper-persistent-data <br> dhcpcd <br> dietlibc <br> diffstat <br> ding-libs <br> discount <br> distribution-gpg-keys <br> dleyna-connector-dbus <br> dleyna-core <br> dmraid <br> dnf <br> dnf-plugins-core <br> docbook-dtds <br> docbook-simple <br> docbook-slides <br> docbook-style-dsssl <br> docbook-utils <br> docbook2X <br> docbook5-schemas <br> docbook5-style-xsl <br> dogtail <br> dos2unix <br> dotconf <br> dovecot <br> dpdk <br> dpkg <br> driverctl <br> dropwatch <br> drpm <br> duktape <br> dumpet <br> dvd+rw-tools <br> dwarves <br> dwz <br> dyninst <br> ebtables <br> edac-utils <br> edk2 <br> efax <br> efi-rpm-macros <br> egl-wayland <br> eglexternalplatform <br> elinks <br> enca <br> enchant <br> enchant2 <br> enscript <br> environment-modules <br> evemu <br> execstack <br> exempi <br> exiv2 <br> extra-cmake-modules <br> fabtests <br> facter <br> fakechroot <br> fakeroot <br> fdk-aac-free <br> fdupes <br> fence-virt <br> fetchmail <br> fftw <br> filebench <br> fio <br> fipscheck <br> firewalld <br> flac <br> flatbuffers <br> flite <br> fltk <br> fmt <br> fontawesome-fonts <br> fontawesome4-fonts <br> fontpackages <br> fonts-rpm-macros <br> foomatic-db <br> freeglut <br> freeipmi <br> freeradius <br> freetds <br> freexl <br> fribidi <br> fros <br> frr <br> fsverity-utils <br> fuse-overlayfs <br> fuse-sshfs <br> fuse-zip <br> fuse3 <br> future <br> fxload <br> gavl <br> gbenchmark <br> gconf-editor <br> GConf2 <br> gcovr <br> gcr <br> gdal <br> gdisk <br> gdk-pixbuf2 <br> generic-logos <br> genwqe-tools <br> geoclue2 <br> GeoIP <br> GeoIP-GeoLite-data <br> geolite2 <br> geos <br> gfs2-utils <br> ghc-srpm-macros <br> giflib <br> gl-manpages <br> glew <br> glm <br> glog <br> glslang <br> glusterfs <br> gnome-desktop-testing <br> gnome-doc-utils <br> gnome-icon-theme <br> gnome-keyring <br> gnu-efi <br> go-rpm-macros <br> gom <br> google-api-python-client <br> google-crosextra-caladea-fonts <br> google-crosextra-carlito-fonts <br> google-guice <br> google-noto-cjk-fonts <br> google-noto-emoji-fonts <br> google-roboto-slab-fonts <br> gphoto2 <br> gpm <br> gpsbabel <br> graphene <br> graphite2 <br> graphviz <br> grubby <br> gsettings-desktop-schemas <br> gsl <br> gsm <br> gspell <br> gssdp <br> gssntlmssp <br> gstreamer1 <br> gstreamer1-plugins-base <br> gtk-vnc <br> gtk2 <br> gtk3 <br> gtkspell <br> gupnp <br> gupnp-av <br> gupnp-dlna <br> gupnp-igd <br> hardening-check <br> hdf <br> hdf5 <br> heimdal <br> help2man <br> hexedit <br> hicolor-icon-theme <br> hiera <br> highlight <br> hivex <br> hostname <br> hping3 <br> hsakmt <br> htop <br> hunspell <br> hunspell-af <br> hunspell-ar <br> hunspell-as <br> hunspell-ast <br> hunspell-az <br> hunspell-be <br> hunspell-bg <br> hunspell-bn <br> hunspell-br <br> hunspell-ca <br> hunspell-cop <br> hunspell-csb <br> hunspell-cv <br> hunspell-cy <br> hunspell-da <br> hunspell-de <br> hunspell-dsb <br> hunspell-el <br> hunspell-en <br> hunspell-eo <br> hunspell-es <br> hunspell-et <br> hunspell-eu <br> hunspell-fa <br> hunspell-fj <br> hunspell-fo <br> hunspell-fr <br> hunspell-fur <br> hunspell-fy <br> hunspell-ga <br> hunspell-gd <br> hunspell-gl <br> hunspell-grc <br> hunspell-gu <br> hunspell-gv <br> hunspell-haw <br> hunspell-hi <br> hunspell-hil <br> hunspell-hr <br> hunspell-hsb <br> hunspell-ht <br> hunspell-hu <br> hunspell-hy <br> hunspell-ia <br> hunspell-id <br> hunspell-is <br> hunspell-it <br> hunspell-kk <br> hunspell-km <br> hunspell-kn <br> hunspell-ko <br> hunspell-ku <br> hunspell-ky <br> hunspell-la <br> hunspell-lb <br> hunspell-ln <br> hunspell-mai <br> hunspell-mg <br> hunspell-mi <br> hunspell-mk <br> hunspell-ml <br> hunspell-mn <br> hunspell-mos <br> hunspell-mr <br> hunspell-ms <br> hunspell-mt <br> hunspell-nds <br> hunspell-ne <br> hunspell-nl <br> hunspell-no <br> hunspell-nr <br> hunspell-nso <br> hunspell-ny <br> hunspell-om <br> hunspell-or <br> hunspell-pa <br> hunspell-pl <br> hunspell-pt <br> hunspell-quh <br> hunspell-ro <br> hunspell-ru <br> hunspell-rw <br> hunspell-se <br> hunspell-shs <br> hunspell-si <br> hunspell-sk <br> hunspell-sl <br> hunspell-smj <br> hunspell-so <br> hunspell-sq <br> hunspell-sr <br> hunspell-sv <br> hunspell-sw <br> hunspell-ta <br> hunspell-te <br> hunspell-tet <br> hunspell-th <br> hunspell-tk <br> hunspell-tl <br> hunspell-tn <br> hunspell-tpi <br> hunspell-ts <br> hunspell-uk <br> hunspell-uz <br> hunspell-ve <br> hunspell-vi <br> hunspell-wa <br> hunspell-xh <br> hunspell-yi <br> hwdata <br> hwloc <br> hyperscan <br> hyperv-daemons <br> hyphen <br> hyphen-as <br> hyphen-bg <br> hyphen-bn <br> hyphen-ca <br> hyphen-da <br> hyphen-de <br> hyphen-el <br> hyphen-es <br> hyphen-fa <br> hyphen-fo <br> hyphen-fr <br> hyphen-ga <br> hyphen-gl <br> hyphen-grc <br> hyphen-gu <br> hyphen-hi <br> hyphen-hsb <br> hyphen-hu <br> hyphen-ia <br> hyphen-id <br> hyphen-is <br> hyphen-it <br> hyphen-kn <br> hyphen-ku <br> hyphen-lt <br> hyphen-mi <br> hyphen-ml <br> hyphen-mn <br> hyphen-mr <br> hyphen-nl <br> hyphen-or <br> hyphen-pa <br> hyphen-pl <br> hyphen-pt <br> hyphen-ro <br> hyphen-ru <br> hyphen-sa <br> hyphen-sk <br> hyphen-sl <br> hyphen-sv <br> hyphen-ta <br> hyphen-te <br> hyphen-tk <br> hyphen-uk <br> ibus <br> ibus-chewing <br> ibus-hangul <br> ibus-kkc <br> ibus-libzhuyin <br> ibus-m17n <br> ibus-rawcode <br> ibus-sayura <br> ibus-table <br> ibus-table-chinese <br> icc-profiles-openicc <br> icon-naming-utils <br> icoutils <br> iftop <br> iio-sensor-proxy <br> ilmbase <br> im-chooser <br> imaptest <br> imsettings <br> indent <br> infinipath-psm <br> inih <br> iniparser <br> intel-cmt-cat <br> intel-ipsec-mb <br> ioping <br> IP2Location <br> ipa-pgothic-fonts <br> ipcalc <br> ipmitool <br> iprutils <br> iptraf-ng <br> iptstate <br> irssi <br> iscsi-initiator-utils <br> isns-utils <br> iso-codes <br> isomd5sum <br> iw <br> iwd <br> jabberpy <br> jakarta-servlet <br> jasper <br> javapackages-bootstrap <br> javapackages-tools <br> jbigkit <br> jdom2 <br> jemalloc <br> jfsutils <br> jimtcl <br> jose <br> js-jquery <br> jsoncpp <br> Judy <br> jurand <br> kata-containers <br> kde-filesystem <br> kde-settings <br> kexec-tools <br> keybinder3 <br> keycloak-httpd-client-install <br> kf <br> kf-kconfig <br> kf-kcoreaddons <br> kf-ki18n <br> kf-kwidgetsaddons <br> kpmcore <br> kronosnet <br> ksh <br> kyotocabinet <br> kyua <br> ladspa <br> lame <br> langtable <br> lapack <br> lasso <br> latencytop <br> lato-fonts <br> lcms2 <br> lcov <br> ldns <br> leatherman <br> ledmon <br> lensfun <br> leveldb <br> lftp <br> libabw <br> libaec <br> libao <br> libappstream-glib <br> libarrow <br> libart_lgpl <br> libasyncns <br> libatasmart <br> libavc1394 <br> libblockdev <br> libbpf <br> libbsd <br> libburn <br> libbytesize <br> libcacard <br> libcanberra <br> libcdio <br> libcdio-paranoia <br> libcdr <br> libcgroup <br> libchewing <br> libcli <br> libcmis <br> libcmpiutil <br> libcomps <br> libcroco <br> libdaemon <br> libdap <br> libdatrie <br> libdazzle <br> libdbi <br> libdbusmenu <br> libdc1394 <br> libdecor <br> libdeflate <br> libdmx <br> libdnf <br> libdrm <br> libdvdnav <br> libdvdread <br> libdwarf <br> libeasyfc <br> libecap <br> libecb <br> libei <br> libell <br> libEMF <br> libeot <br> libepoxy <br> libepubgen <br> libesmtp <br> libetonyek <br> libev <br> libevdev <br> libexif <br> libexttextcat <br> libfabric <br> libfontenc <br> libfreehand <br> libftdi <br> libgadu <br> libgdither <br> libgee <br> libgee06 <br> libgeotiff <br> libgexiv2 <br> libgit2 <br> libgit2-glib <br> libglade2 <br> libglvnd <br> libgovirt <br> libgphoto2 <br> libgsf <br> libgta <br> libguestfs <br> libgusb <br> libgxim <br> libgxps <br> libhangul <br> libhugetlbfs <br> libibcommon <br> libical <br> libICE <br> libicns <br> libid3tag <br> libIDL <br> libidn2 <br> libiec61883 <br> libieee1284 <br> libimobiledevice <br> libindicator <br> libinput <br> libiodbc <br> libipt <br> libiptcdata <br> libiscsi <br> libisoburn <br> libisofs <br> libjcat <br> libkcapi <br> libkeepalive <br> libkkc <br> libkkc-data <br> libkml <br> liblangtag <br> libldb <br> libldm <br> liblerc <br> liblockfile <br> liblognorm <br> liblouis <br> liblqr-1 <br> liblzf <br> libmad <br> libmd <br> libmediaart <br> libmicrohttpd <br> libmikmod <br> libmodman <br> libmodplug <br> libmodulemd1 <br> libmpcdec <br> libmspub <br> libmtp <br> libmusicbrainz5 <br> libmwaw <br> libnbd <br> libnet <br> libnetfilter_log <br> libnfs <br> libnotify <br> libntlm <br> libnumbertext <br> libnvme <br> liboauth <br> libodfgen <br> libofa <br> libogg <br> liboggz <br> liboil <br> libomxil-bellagio <br> libopenraw <br> liboping <br> libosinfo <br> libotf <br> libotr <br> libpagemaker <br> libpaper <br> libpciaccess <br> libpeas <br> libpfm <br> libpinyin <br> libplist <br> libpmemobj-cpp <br> libpng12 <br> libpng15 <br> libproxy <br> libpsm2 <br> libpwquality <br> libqb <br> libqxp <br> libraqm <br> LibRaw <br> libraw1394 <br> libreport <br> libreswan <br> librevenge <br> librsvg2 <br> librx <br> libsamplerate <br> libsass <br> libsecret <br> libsemanage <br> libsigc++20 <br> libsigsegv <br> libslirp <br> libSM <br> libsmbios <br> libsmi <br> libsndfile <br> libsodium <br> libspiro <br> libsrtp <br> libssh <br> libstaroffice <br> libstemmer <br> libstoragemgmt <br> libtdb <br> libteam <br> libtevent <br> libthai <br> libtnc <br> libtomcrypt <br> libtommath <br> libtpms <br> libtracecmd <br> libtraceevent <br> libtracefs <br> libtranslit <br> libucil <br> libunicap <br> libuninameslist <br> liburing <br> libusbmuxd <br> libuser <br> libutempter <br> libvarlink <br> libverto <br> libvirt-dbus <br> libvirt-glib <br> libvirt-java <br> libvirt-python <br> libvisio <br> libvisual <br> libvoikko <br> libvorbis <br> libvpx <br> libwacom <br> libwnck3 <br> libwpd <br> libwpe <br> libwpg <br> libwps <br> libwvstreams <br> libX11 <br> libXau <br> libXaw <br> libxcb <br> libXcomposite <br> libxcrypt <br> libXcursor <br> libxcvt <br> libXdamage <br> libXdmcp <br> libXext <br> libxfce4util <br> libXfixes <br> libXfont2 <br> libXft <br> libXi <br> libXinerama <br> libxkbcommon <br> libxkbfile <br> libxklavier <br> libxmlb <br> libXmu <br> libXpm <br> libXrandr <br> libXrender <br> libXres <br> libXScrnSaver <br> libxshmfence <br> libXt <br> libXtst <br> libXv <br> libXxf86vm <br> libyami <br> libyang <br> libyubikey <br> libzip <br> libzmf <br> lilv <br> linuxconsoletools <br> linuxptp <br> lksctp-tools <br> lldpd <br> lockdev <br> logwatch <br> lpsolve <br> lrzsz <br> lua <br> lua-expat <br> lua-filesystem <br> lua-json <br> lua-lpeg <br> lua-lunit <br> lua-rpm-macros <br> lua-term <br> luajit <br> lujavrite <br> luksmeta <br> lutok <br> lv2 <br> lzip <br> lzop <br> m17n-db <br> m17n-lib <br> mac-robber <br> mailcap <br> mailx <br> malaga <br> malaga-suomi-voikko <br> mallard-rng <br> man-pages-cs <br> man-pages-es <br> man-pages-it <br> man-pages-ja <br> man-pages-ko <br> man-pages-pl <br> man-pages-ru <br> man-pages-zh-CN <br> mandoc <br> mariadb-connector-c <br> mariadb-connector-odbc <br> marisa <br> maven-compiler-plugin <br> maven-jar-plugin <br> maven-resolver <br> maven-resources-plugin <br> maven-surefire <br> maven-wagon <br> mcelog <br> mcpp <br> mcstrans <br> mdadm <br> mdds <br> mdevctl <br> meanwhile <br> mecab <br> mecab-ipadic <br> media-player-info <br> memcached <br> memkind <br> mesa <br> mesa-libGLU <br> metis <br> microcode_ctl <br> microdnf <br> minicom <br> minizip <br> mksh <br> mobile-broadband-provider-info <br> mock <br> mock-core-configs <br> mod_auth_gssapi <br> mod_auth_mellon <br> mod_auth_openidc <br> mod_authnz_pam <br> mod_fcgid <br> mod_http2 <br> mod_intercept_form_submit <br> mod_lookup_identity <br> mod_md <br> mod_security <br> mod_security_crs <br> mod_wsgi <br> mokutil <br> mpage <br> mrtg <br> mstflint <br> mt-st <br> mtdev <br> mtools <br> mtr <br> mtx <br> munge <br> mutt <br> mythes <br> mythes-bg <br> mythes-ca <br> mythes-cs <br> mythes-da <br> mythes-de <br> mythes-el <br> mythes-en <br> mythes-eo <br> mythes-es <br> mythes-fr <br> mythes-ga <br> mythes-hu <br> mythes-mi <br> mythes-ne <br> mythes-nl <br> mythes-pl <br> mythes-pt <br> mythes-ro <br> mythes-ru <br> mythes-sk <br> mythes-sl <br> mythes-sv <br> mythes-uk <br> nbd <br> nbdkit <br> neon <br> netavark <br> netcdf <br> netcf <br> netlabel_tools <br> netpbm <br> netsniff-ng <br> nfs4-acl-tools <br> nftables <br> nilfs-utils <br> nkf <br> nload <br> nlopt <br> nodejs-packaging <br> nss-mdns <br> nss-pam-ldapd <br> nss_nis <br> nss_wrapper <br> ntfs-3g <br> ntfs-3g-system-compression <br> numad <br> numatop <br> numpy <br> nvmetcli <br> nvml <br> oath-toolkit <br> ocaml <br> ocaml-alcotest <br> ocaml-astring <br> ocaml-augeas <br> ocaml-base <br> ocaml-bigarray-compat <br> ocaml-bisect-ppx <br> ocaml-calendar <br> ocaml-camlp-streams <br> ocaml-camlp5 <br> ocaml-camomile <br> ocaml-cinaps <br> ocaml-cmdliner <br> ocaml-compiler-libs-janestreet <br> ocaml-cppo <br> ocaml-csexp <br> ocaml-csv <br> ocaml-ctypes <br> ocaml-curses <br> ocaml-dune <br> ocaml-extlib <br> ocaml-fileutils <br> ocaml-findlib <br> ocaml-fmt <br> ocaml-fpath <br> ocaml-gettext <br> ocaml-integers <br> ocaml-libvirt <br> ocaml-luv <br> ocaml-lwt <br> ocaml-markup <br> ocaml-mmap <br> ocaml-num <br> ocaml-ocamlbuild <br> ocaml-ocplib-endian <br> ocaml-ounit <br> ocaml-parsexp <br> ocaml-pp <br> ocaml-ppx-derivers <br> ocaml-ppx-here <br> ocaml-ppx-let <br> ocaml-ppxlib <br> ocaml-re <br> ocaml-react <br> ocaml-result <br> ocaml-seq <br> ocaml-sexplib <br> ocaml-sexplib0 <br> ocaml-srpm-macros <br> ocaml-stdio <br> ocaml-stdlib-random <br> ocaml-topkg <br> ocaml-tyxml <br> ocaml-uutf <br> ocaml-xml-light <br> ocaml-zarith <br> ocl-icd <br> oddjob <br> ogdi <br> omping <br> opa <br> opal <br> open-vm-tools <br> openblas <br> opencc <br> opencl-filesystem <br> opencl-headers <br> opencryptoki <br> opencsd <br> opendnssec <br> OpenEXR <br> openjade <br> openjpeg2 <br> openmpi <br> openobex <br> openoffice-lv <br> openrdate <br> opensc <br> openslp <br> opensm <br> opensp <br> openssl <br> openssl-ibmpkcs11 <br> openssl-pkcs11 <br> openwsman <br> optipng <br> opus <br> opusfile <br> orangefs <br> ORBit2 <br> orc <br> os-prober <br> osinfo-db <br> osinfo-db-tools <br> overpass-fonts <br> p11-kit <br> p7zip <br> pacemaker <br> pacrunner <br> pakchois <br> pam_krb5 <br> pam_wrapper <br> papi <br> paps <br> parallel <br> patchelf <br> patchutils <br> pbzip2 <br> pcp <br> pcsc-lite <br> pcsc-lite-ccid <br> PEGTL <br> perl <br> perl-Algorithm-C3 <br> perl-Algorithm-Diff <br> perl-Alien-Build <br> perl-Alien-pkgconf <br> perl-AnyEvent <br> perl-AnyEvent-AIO <br> perl-AnyEvent-BDB <br> perl-App-cpanminus <br> perl-App-FatPacker <br> perl-AppConfig <br> perl-Archive-Extract <br> perl-Archive-Zip <br> perl-Authen-SASL <br> perl-B-COW <br> perl-B-Debug <br> perl-B-Hooks-EndOfScope <br> perl-B-Hooks-OP-Check <br> perl-B-Keywords <br> perl-B-Lint <br> perl-bareword-filehandles <br> perl-Bit-Vector <br> perl-boolean <br> perl-Browser-Open <br> perl-BSD-Resource <br> perl-Business-ISBN <br> perl-Business-ISBN-Data <br> perl-Bytes-Random-Secure <br> perl-Capture-Tiny <br> perl-Carp-Clan <br> perl-CBOR-XS <br> perl-Class-Accessor <br> perl-Class-C3 <br> perl-Class-C3-XS <br> perl-Class-Data-Inheritable <br> perl-Class-Factory-Util <br> perl-Class-Inspector <br> perl-Class-ISA <br> perl-Class-Load <br> perl-Class-Load-XS <br> perl-Class-Method-Modifiers <br> perl-Class-Singleton <br> perl-Class-Tiny <br> perl-Class-XSAccessor <br> perl-Clone <br> perl-Color-ANSI-Util <br> perl-Color-RGB-Util <br> perl-ColorThemeBase-Static <br> perl-ColorThemeRole-ANSI <br> perl-ColorThemes-Standard <br> perl-ColorThemeUtil-ANSI <br> perl-Compress-Bzip2 <br> perl-Compress-LZF <br> perl-Compress-Raw-Lzma <br> perl-Config-AutoConf <br> perl-Config-INI <br> perl-Config-INI-Reader-Multiline <br> perl-Config-IniFiles <br> perl-Config-Simple <br> perl-Config-Tiny <br> perl-Const-Fast <br> perl-Convert-ASN1 <br> perl-Convert-Bencode <br> perl-Coro <br> perl-Coro-Multicore <br> perl-CPAN-Changes <br> perl-CPAN-DistnameInfo <br> perl-CPAN-Meta-Check <br> perl-Cpanel-JSON-XS <br> perl-Crypt-CBC <br> perl-Crypt-DES <br> perl-Crypt-IDEA <br> perl-Crypt-OpenSSL-Bignum <br> perl-Crypt-OpenSSL-Guess <br> perl-Crypt-OpenSSL-Random <br> perl-Crypt-OpenSSL-RSA <br> perl-Crypt-PasswdMD5 <br> perl-Crypt-Random-Seed <br> perl-CSS-Tiny <br> perl-Data-Dump <br> perl-Data-Munge <br> perl-Data-OptList <br> perl-Data-Peek <br> perl-Data-Section <br> perl-Data-UUID <br> perl-Date-Calc <br> perl-Date-ISO8601 <br> perl-Date-Manip <br> perl-DateTime <br> perl-DateTime-Format-Builder <br> perl-DateTime-Format-DateParse <br> perl-DateTime-Format-HTTP <br> perl-DateTime-Format-IBeat <br> perl-DateTime-Format-ISO8601 <br> perl-DateTime-Format-Mail <br> perl-DateTime-Format-Strptime <br> perl-DateTime-Locale <br> perl-DateTime-TimeZone <br> perl-DateTime-TimeZone-SystemV <br> perl-DateTime-TimeZone-Tzfile <br> perl-DBD-MySQL <br> perl-Devel-CallChecker <br> perl-Devel-Caller <br> perl-Devel-CheckBin <br> perl-Devel-CheckLib <br> perl-Devel-Cycle <br> perl-Devel-EnforceEncapsulation <br> perl-Devel-GlobalDestruction <br> perl-Devel-GlobalDestruction-XS <br> perl-Devel-Hide <br> perl-Devel-Leak <br> perl-Devel-LexAlias <br> perl-Devel-Refcount <br> perl-Devel-Size <br> perl-Devel-StackTrace <br> perl-Devel-Symdump <br> perl-Digest-BubbleBabble <br> perl-Digest-CRC <br> perl-Digest-HMAC <br> perl-Digest-SHA1 <br> perl-Dist-CheckConflicts <br> perl-DynaLoader-Functions <br> perl-Email-Address <br> perl-Email-Date-Format <br> perl-Encode-Detect <br> perl-Encode-EUCJPASCII <br> perl-Encode-IMAPUTF7 <br> perl-Encode-Locale <br> perl-Env-ShellWords <br> perl-Error <br> perl-EV <br> perl-Eval-Closure <br> perl-Event <br> perl-Exception-Class <br> perl-Expect <br> perl-ExtUtils-Config <br> perl-ExtUtils-Depends <br> perl-ExtUtils-Helpers <br> perl-ExtUtils-InstallPaths <br> perl-ExtUtils-PkgConfig <br> perl-FCGI <br> perl-Fedora-VSP <br> perl-FFI-CheckLib <br> perl-File-BaseDir <br> perl-File-BOM <br> perl-File-chdir <br> perl-File-CheckTree <br> perl-File-Copy-Recursive <br> perl-File-DesktopEntry <br> perl-File-Find-Object <br> perl-File-Find-Object-Rule <br> perl-File-Find-Rule <br> perl-File-Find-Rule-Perl <br> perl-File-Inplace <br> perl-File-Listing <br> perl-File-MimeInfo <br> perl-File-pushd <br> perl-File-ReadBackwards <br> perl-File-Remove <br> perl-File-ShareDir <br> perl-File-ShareDir-Install <br> perl-File-Slurp <br> perl-File-Slurp-Tiny <br> perl-File-Slurper <br> perl-File-Type <br> perl-Font-TTF <br> perl-FreezeThaw <br> perl-GD <br> perl-GD-Barcode <br> perl-generators <br> perl-Getopt-ArgvFile <br> perl-gettext <br> perl-Graphics-ColorNamesLite-WWW <br> perl-GSSAPI <br> perl-Guard <br> perl-Hook-LexWrap <br> perl-HTML-Parser <br> perl-HTML-Tagset <br> perl-HTML-Tree <br> perl-HTTP-Cookies <br> perl-HTTP-Daemon <br> perl-HTTP-Date <br> perl-HTTP-Message <br> perl-HTTP-Negotiate <br> perl-Image-Base <br> perl-Image-Info <br> perl-Image-Xbm <br> perl-Image-Xpm <br> perl-Import-Into <br> perl-Importer <br> perl-inc-latest <br> perl-indirect <br> perl-Inline-Files <br> perl-IO-AIO <br> perl-IO-All <br> perl-IO-CaptureOutput <br> perl-IO-Compress-Lzma <br> perl-IO-HTML <br> perl-IO-Multiplex <br> perl-IO-SessionData <br> perl-IO-Socket-INET6 <br> perl-IO-String <br> perl-IO-stringy <br> perl-IO-Tty <br> perl-IPC-Run <br> perl-IPC-Run3 <br> perl-IPC-System-Simple <br> perl-JSON <br> perl-JSON-Color <br> perl-JSON-MaybeXS <br> perl-LDAP <br> perl-libnet <br> perl-libwww-perl <br> perl-libxml-perl <br> perl-Lingua-EN-Inflect <br> perl-List-MoreUtils-XS <br> perl-local-lib <br> perl-Locale-Codes <br> perl-Locale-Maketext-Gettext <br> perl-Locale-Msgfmt <br> perl-Locale-PO <br> perl-Log-Message <br> perl-Log-Message-Simple <br> perl-LWP-MediaTypes <br> perl-LWP-Protocol-https <br> perl-Mail-AuthenticationResults <br> perl-Mail-DKIM <br> perl-Mail-IMAPTalk <br> perl-Mail-SPF <br> perl-MailTools <br> perl-Match-Simple <br> perl-Math-Int64 <br> perl-Math-Random-ISAAC <br> perl-MIME-Charset <br> perl-MIME-Lite <br> perl-MIME-Types <br> perl-Mixin-Linewise <br> perl-MLDBM <br> perl-Mock-Config <br> perl-Module-Build-Tiny <br> perl-Module-CPANfile <br> perl-Module-Implementation <br> perl-Module-Install-AuthorRequires <br> perl-Module-Install-AuthorTests <br> perl-Module-Install-AutoLicense <br> perl-Module-Install-GithubMeta <br> perl-Module-Install-ManifestSkip <br> perl-Module-Install-ReadmeFromPod <br> perl-Module-Install-ReadmeMarkdownFromPod <br> perl-Module-Install-Repository <br> perl-Module-Install-TestBase <br> perl-Module-Load-Util <br> perl-Module-Manifest <br> perl-Module-Manifest-Skip <br> perl-Module-Package <br> perl-Module-Package-Au <br> perl-Module-Pluggable <br> perl-Module-Runtime <br> perl-Module-Signature <br> perl-Mojolicious <br> perl-Moo <br> perl-Mozilla-CA <br> perl-Mozilla-LDAP <br> perl-MRO-Compat <br> perl-multidimensional <br> perl-namespace-autoclean <br> perl-namespace-clean <br> perl-Net-CIDR-Lite <br> perl-Net-Daemon <br> perl-Net-DNS <br> perl-Net-DNS-Resolver-Mock <br> perl-Net-DNS-Resolver-Programmable <br> perl-Net-HTTP <br> perl-Net-IMAP-Simple <br> perl-Net-IMAP-Simple-SSL <br> perl-Net-IP <br> perl-Net-LibIDN2 <br> perl-Net-Patricia <br> perl-Net-SMTP-SSL <br> perl-Net-SNMP <br> perl-Net-Telnet <br> perl-Newt <br> perl-NNTPClient <br> perl-NTLM <br> perl-Number-Compare <br> perl-Object-Deadly <br> perl-Object-HashBase <br> perl-Package-Anon <br> perl-Package-Constants <br> perl-Package-DeprecationManager <br> perl-Package-Generator <br> perl-Package-Stash <br> perl-Package-Stash-XS <br> perl-PadWalker <br> perl-Paper-Specs <br> perl-PAR-Dist <br> perl-Parallel-Iterator <br> perl-Params-Classify <br> perl-Params-Util <br> perl-Params-Validate <br> perl-Params-ValidationCompiler <br> perl-Parse-PMFile <br> perl-Parse-RecDescent <br> perl-Parse-Yapp <br> perl-Path-Tiny <br> perl-Perl-Critic <br> perl-Perl-Critic-More <br> perl-Perl-Destruct-Level <br> perl-Perl-MinimumVersion <br> perl-Perl4-CoreLibs <br> perl-PerlIO-gzip <br> perl-PerlIO-utf8_strict <br> perl-PkgConfig-LibPkgConf <br> perl-Pod-Coverage <br> perl-Pod-Coverage-TrustPod <br> perl-Pod-Escapes <br> perl-Pod-Eventual <br> perl-Pod-LaTeX <br> perl-Pod-Markdown <br> perl-Pod-Parser <br> perl-Pod-Plainer <br> perl-Pod-POM <br> perl-Pod-Spell <br> perl-PPI <br> perl-PPI-HTML <br> perl-PPIx-QuoteLike <br> perl-PPIx-Regexp <br> perl-PPIx-Utilities <br> perl-prefork <br> perl-Probe-Perl <br> perl-Razor-Agent <br> perl-Readonly <br> perl-Readonly-XS <br> perl-Ref-Util <br> perl-Ref-Util-XS <br> perl-Regexp-Pattern-Perl <br> perl-Return-MultiLevel <br> perl-Role-Tiny <br> perl-Scope-Guard <br> perl-Scope-Upper <br> perl-SGMLSpm <br> perl-SNMP_Session <br> perl-Socket6 <br> perl-Software-License <br> perl-Sort-Versions <br> perl-Specio <br> perl-Spiffy <br> perl-strictures <br> perl-String-CRC32 <br> perl-String-Format <br> perl-String-ShellQuote <br> perl-String-Similarity <br> perl-Sub-Exporter <br> perl-Sub-Exporter-Progressive <br> perl-Sub-Identify <br> perl-Sub-Infix <br> perl-Sub-Info <br> perl-Sub-Install <br> perl-Sub-Name <br> perl-Sub-Quote <br> perl-Sub-Uplevel <br> perl-SUPER <br> perl-Switch <br> perl-Syntax-Highlight-Engine-Kate <br> perl-Sys-CPU <br> perl-Sys-MemInfo <br> perl-Sys-Virt <br> perl-Taint-Runtime <br> perl-Task-Weaken <br> perl-Term-Size-Any <br> perl-Term-Size-Perl <br> perl-Term-Table <br> perl-Term-UI <br> perl-TermReadKey <br> perl-Test-Base <br> perl-Test-ClassAPI <br> perl-Test-CPAN-Meta <br> perl-Test-CPAN-Meta-JSON <br> perl-Test-Deep <br> perl-Test-Differences <br> perl-Test-DistManifest <br> perl-Test-Distribution <br> perl-Test-EOL <br> perl-Test-Exception <br> perl-Test-Exit <br> perl-Test-FailWarnings <br> perl-Test-Fatal <br> perl-Test-File <br> perl-Test-File-ShareDir <br> perl-Test-Harness <br> perl-Test-HasVersion <br> perl-Test-InDistDir <br> perl-Test-Inter <br> perl-Test-LeakTrace <br> perl-Test-LongString <br> perl-Test-Manifest <br> perl-Test-Memory-Cycle <br> perl-Test-MinimumVersion <br> perl-Test-MockObject <br> perl-Test-MockRandom <br> perl-Test-Needs <br> perl-Test-NoTabs <br> perl-Test-NoWarnings <br> perl-Test-Object <br> perl-Test-Output <br> perl-Test-Pod <br> perl-Test-Pod-Coverage <br> perl-Test-Portability-Files <br> perl-Test-Requires <br> perl-Test-RequiresInternet <br> perl-Test-Script <br> perl-Test-Simple <br> perl-Test-SubCalls <br> perl-Test-Synopsis <br> perl-Test-Taint <br> perl-Test-TrailingSpace <br> perl-Test-utf8 <br> perl-Test-Vars <br> perl-Test-Warn <br> perl-Test-Without-Module <br> perl-Test2-Plugin-NoWarnings <br> perl-Test2-Suite <br> perl-Test2-Tools-Explain <br> perl-Text-CharWidth <br> perl-Text-CSV_XS <br> perl-Text-Diff <br> perl-Text-Glob <br> perl-Text-Iconv <br> perl-Text-Soundex <br> perl-Text-Unidecode <br> perl-Text-WrapI18N <br> perl-Tie-IxHash <br> perl-TimeDate <br> perl-Tree-DAG_Node <br> perl-Unicode-EastAsianWidth <br> perl-Unicode-LineBreak <br> perl-Unicode-Map8 <br> perl-Unicode-String <br> perl-Unicode-UTF8 <br> perl-UNIVERSAL-can <br> perl-UNIVERSAL-isa <br> perl-Unix-Syslog <br> perl-URI <br> perl-Variable-Magic <br> perl-Version-Requirements <br> perl-WWW-RobotRules <br> perl-XML-Catalog <br> perl-XML-DOM <br> perl-XML-Dumper <br> perl-XML-Filter-BufferText <br> perl-XML-Generator <br> perl-XML-Grove <br> perl-XML-Handler-YAWriter <br> perl-XML-LibXML <br> perl-XML-LibXSLT <br> perl-XML-NamespaceSupport <br> perl-XML-Parser-Lite <br> perl-XML-RegExp <br> perl-XML-SAX <br> perl-XML-SAX-Base <br> perl-XML-SAX-Writer <br> perl-XML-Simple <br> perl-XML-TokeParser <br> perl-XML-TreeBuilder <br> perl-XML-Twig <br> perl-XML-Writer <br> perl-XML-XPath <br> perl-XML-XPathEngine <br> perl-XString <br> perl-YAML-LibYAML <br> perl-YAML-PP <br> perl-YAML-Syck <br> perltidy <br> pesign <br> phodav <br> php <br> php-pear <br> php-pecl-apcu <br> php-pecl-zip <br> physfs <br> picosat <br> pinfo <br> pipewire <br> pixman <br> pkcs11-helper <br> pkgconf <br> plexus-cipher <br> plexus-containers <br> plexus-sec-dispatcher <br> plotutils <br> pmdk-convert <br> pmix <br> pngcrush <br> pngnq <br> po4a <br> podman <br> poetry <br> policycoreutils <br> polkit-pkla-compat <br> polkit-qt-1 <br> portreserve <br> postfix <br> potrace <br> powertop <br> ppp <br> pps-tools <br> pptp <br> priv_wrapper <br> procmail <br> prometheus <br> prometheus-node-exporter <br> ps_mem <br> psacct <br> pssh <br> psutils <br> ptlib <br> publicsuffix-list <br> pugixml <br> pulseaudio <br> puppet <br> pwgen <br> pyatspi <br> pybind11 <br> pycairo <br> pyelftools <br> pyflakes <br> pygobject3 <br> PyGreSQL <br> pykickstart <br> pylint <br> pyparted <br> pyproject-rpm-macros <br> pyserial <br> python-absl-py <br> python-aiodns <br> python-aiohttp <br> python-alsa <br> python-argcomplete <br> python-argparse-manpage <br> python-astroid <br> python-astunparse <br> python-async-generator <br> python-augeas <br> python-azure-sdk <br> python-beautifulsoup4 <br> python-betamax <br> python-blinker <br> python-blivet <br> python-cached_property <br> python-charset-normalizer <br> python-cheetah <br> python-click <br> python-cmd2 <br> python-colorama <br> python-CommonMark <br> python-conda-package-handling <br> python-configshell <br> python-cpuinfo <br> python-cups <br> python-curio <br> python-cytoolz <br> python-d2to1 <br> python-dbus-client-gen <br> python-dbus-python-client-gen <br> python-dbus-signature-pyparsing <br> python-dbusmock <br> python-ddt <br> python-debtcollector <br> python-decorator <br> python-distlib <br> python-dmidecode <br> python-dns <br> python-dtopt <br> python-dulwich <br> python-editables <br> python-enchant <br> python-entrypoints <br> python-ethtool <br> python-evdev <br> python-extras <br> python-faker <br> python-fasteners <br> python-fastjsonschema <br> python-fields <br> python-filelock <br> python-fixtures <br> python-flake8 <br> python-flask <br> python-flit <br> python-flit-core <br> python-fluidity-sm <br> python-frozendict <br> python-funcsigs <br> python-gast <br> python-genshi <br> python-google-auth <br> python-google-auth-oauthlib <br> python-greenlet <br> python-gssapi <br> python-h5py <br> python-hatch-fancy-pypi-readme <br> python-hatch-vcs <br> python-hatchling <br> python-hs-dbus-signature <br> python-html5lib <br> python-httplib2 <br> python-humanize <br> python-hwdata <br> python-importlib-metadata <br> python-inotify <br> python-into-dbus-python <br> python-IPy <br> python-iso8601 <br> python-isodate <br> python-isort <br> python-itsdangerous <br> python-junitxml <br> python-justbases <br> python-justbytes <br> python-jwcrypto <br> python-jwt <br> python-kdcproxy <br> python-kerberos <br> python-kmod <br> python-kubernetes <br> python-lark <br> python-lazy-object-proxy <br> python-ldap <br> python-linux-procfs <br> python-lit <br> python-looseversion <br> python-markdown <br> python-markdown-it-py <br> python-mccabe <br> python-mdurl <br> python-memcached <br> python-mimeparse <br> python-mock <br> python-monotonic <br> python-more-itertools <br> python-mpmath <br> python-msal <br> python-msrestazure <br> python-mutagen <br> python-networkx <br> python-nose2 <br> python-ntlm-auth <br> python-oauth2client <br> python-openpyxl <br> python-openstackdocstheme <br> python-oslo-i18n <br> python-oslo-sphinx <br> python-paramiko <br> python-pathspec <br> python-pefile <br> python-pexpect <br> python-pkgconfig <br> python-platformdirs <br> python-pluggy <br> python-podman-api <br> python-poetry-core <br> python-process-tests <br> python-productmd <br> python-ptyprocess <br> python-pycares <br> python-pycosat <br> python-pydbus <br> python-pymongo <br> python-PyMySQL <br> python-pyperclip <br> python-pyproject-metadata <br> python-pyroute2 <br> python-pyrsistent <br> python-pysocks <br> python-pytest-benchmark <br> python-pytest-cov <br> python-pytest-expect <br> python-pytest-flake8 <br> python-pytest-flakes <br> python-pytest-forked <br> python-pytest-mock <br> python-pytest-relaxed <br> python-pytest-runner <br> python-pytest-subtests <br> python-pytest-timeout <br> python-pytest-xdist <br> python-pytoml <br> python-pyudev <br> python-pywbem <br> python-qrcode <br> python-rdflib <br> python-recommonmark <br> python-requests-file <br> python-requests-ftp <br> python-requests-kerberos <br> python-requests-mock <br> python-requests-oauthlib <br> python-requests-toolbelt <br> python-requests_ntlm <br> python-responses <br> python-retrying <br> python-rfc3986 <br> python-rich <br> python-rpm-generators <br> python-rpmfluff <br> python-rtslib <br> python-ruamel-yaml <br> python-ruamel-yaml-clib <br> python-s3transfer <br> python-schedutils <br> python-semantic_version <br> python-should_dsl <br> python-simpleline <br> python-slip <br> python-sniffio <br> python-sortedcontainers <br> python-soupsieve <br> python-sphinx <br> python-sphinx-epytext <br> python-sphinx-theme-py3doc-enhanced <br> python-sphinx_rtd_theme <br> python-sphinxcontrib-apidoc <br> python-sphinxcontrib-applehelp <br> python-sphinxcontrib-devhelp <br> python-sphinxcontrib-htmlhelp <br> python-sphinxcontrib-httpdomain <br> python-sphinxcontrib-jsmath <br> python-sphinxcontrib-qthelp <br> python-sphinxcontrib-serializinghtml <br> python-sqlalchemy <br> python-suds <br> python-systemd <br> python-tempita <br> python-templated-dictionary <br> python-termcolor <br> python-testpath <br> python-testresources <br> python-testscenarios <br> python-testtools <br> python-tidy <br> python-toml <br> python-tomli <br> python-toolz <br> python-tornado <br> python-tox <br> python-tox-current-env <br> python-tqdm <br> python-trio <br> python-trove-classifiers <br> python-typing-extensions <br> python-uamqp <br> python-unittest2 <br> python-uritemplate <br> python-urwid <br> python-varlink <br> python-versioneer <br> python-virt-firmware <br> python-voluptuous <br> python-waitress <br> python-webencodings <br> python-webtest <br> python-wheel <br> python-whoosh <br> python-winrm <br> python-wrapt <br> python-xlrd <br> python-xlsxwriter <br> python-xmltodict <br> python-yubico <br> python-zipp <br> python-zmq <br> python-zstd <br> python3-mallard-ducktype <br> python3-pytest-asyncio <br> python3-typed_ast <br> pyusb <br> pywbem <br> pyxattr <br> qemu <br> qhull <br> qpdf <br> qperf <br> qr-code-generator <br> qt-rpm-macros <br> qt5-qtconnectivity <br> qt5-qtsensors <br> qt5-qtserialport <br> qtbase <br> qtdeclarative <br> qtsvg <br> qttools <br> quagga <br> quota <br> radvd <br> ragel <br> raptor2 <br> rarian <br> rasdaemon <br> rasqal <br> rcs <br> rdist <br> rdma-core <br> re2 <br> re2c <br> realmd <br> rear <br> recode <br> resource-agents <br> rest <br> rhash <br> rlwrap <br> rp-pppoe <br> rpm-mpi-hooks <br> rpmdevtools <br> rpmlint <br> rr <br> rtkit <br> rtl-sdr <br> ruby-augeas <br> rubygem-bson <br> rubygem-coderay <br> rubygem-diff-lcs <br> rubygem-flexmock <br> rubygem-hpricot <br> rubygem-introspection <br> rubygem-liquid <br> rubygem-maruku <br> rubygem-metaclass <br> rubygem-mongo <br> rubygem-mustache <br> rubygem-mysql2 <br> rubygem-pkg-config <br> rubygem-rake <br> rubygem-rake-compiler <br> rubygem-ronn <br> rubygem-rouge <br> rubygem-rspec <br> rubygem-rspec-expectations <br> rubygem-rspec-mocks <br> rubygem-rspec-support <br> rubygem-thread_order <br> rusers <br> rust-cbindgen <br> samba <br> sanlock <br> sassist <br> satyr <br> sbc <br> sblim-cim-client2 <br> sblim-cmpi-base <br> sblim-cmpi-devel <br> sblim-cmpi-fsvol <br> sblim-cmpi-network <br> sblim-cmpi-nfsv3 <br> sblim-cmpi-nfsv4 <br> sblim-cmpi-params <br> sblim-cmpi-sysfs <br> sblim-cmpi-syslog <br> sblim-indication_helper <br> sblim-sfcb <br> sblim-sfcc <br> sblim-sfcCommon <br> sblim-testsuite <br> sblim-wbemcli <br> scl-utils <br> scotch <br> screen <br> scrub <br> SDL <br> SDL2 <br> SDL_sound <br> sdparm <br> seabios <br> secilc <br> selinux-policy <br> serd <br> setools <br> setserial <br> setuptool <br> sgabios <br> sgml-common <br> sgpio <br> shared-mime-info <br> sharutils <br> sip <br> sisu <br> skkdic <br> sleuthkit <br> slirp4netns <br> smartmontools <br> smc-tools <br> socket_wrapper <br> softhsm <br> sombok <br> sord <br> sos <br> sound-theme-freedesktop <br> soundtouch <br> sox <br> soxr <br> sparsehash <br> spausedd <br> speex <br> speexdsp <br> spice-protocol <br> spice-vdagent <br> spirv-headers <br> spirv-tools <br> splix <br> squashfs-tools <br> squid <br> sratom <br> sscg <br> star <br> startup-notification <br> stress-ng <br> stunnel <br> subscription-manager <br> subunit <br> suitesparse <br> SuperLU <br> supermin <br> switcheroo-control <br> swtpm <br> symlinks <br> sympy <br> sysfsutils <br> systemd <br> systemd-bootchart <br> t1lib <br> t1utils <br> taglib <br> tang <br> targetcli <br> tbb <br> tcl-pgtcl <br> tclx <br> teckit <br> telnet <br> thrift <br> tidy <br> time <br> tini <br> tinycdb <br> tix <br> tk <br> tlog <br> tmpwatch <br> tn5250 <br> tofrodos <br> tokyocabinet <br> trace-cmd <br> tss2 <br> ttembed <br> ttmkfdir <br> tuna <br> twolame <br> uchardet <br> uclibc-ng <br> ucpp <br> ucs-miscfixed-fonts <br> ucx <br> udftools <br> udica <br> udisks2 <br> uglify-js <br> uid_wrapper <br> unicode-emoji <br> unicode-ucd <br> unique3 <br> units <br> upower <br> uriparser <br> urlview <br> usb_modeswitch <br> usb_modeswitch-data <br> usbguard <br> usbip <br> usbmuxd <br> usbredir <br> usermode <br> ustr <br> uthash <br> uuid <br> uw-imap <br> v4l-utils <br> vhostmd <br> vino <br> virglrenderer <br> virt-p2v <br> virt-top <br> virt-what <br> virt-who <br> vitess <br> vmem <br> volume_key <br> vorbis-tools <br> vte291 <br> vulkan-headers <br> vulkan-loader <br> watchdog <br> wavpack <br> wayland <br> wayland-protocols <br> web-assets <br> webrtc-audio-processing <br> websocketpp <br> wget <br> whois <br> wireguard-tools <br> wireless-regdb <br> wireshark <br> woff2 <br> wordnet <br> words <br> wpebackend-fdo <br> wsmancli <br> wvdial <br> x3270 <br> xapian-core <br> Xaw3d <br> xcb-proto <br> xcb-util <br> xcb-util-image <br> xcb-util-keysyms <br> xcb-util-renderutil <br> xcb-util-wm <br> xdelta <br> xdg-dbus-proxy <br> xdg-utils <br> xdp-tools <br> xerces-c <br> xfconf <br> xfsdump <br> xhtml1-dtds <br> xkeyboard-config <br> xmlstarlet <br> xmltoman <br> xmvn <br> xorg-x11-apps <br> xorg-x11-drv-libinput <br> xorg-x11-font-utils <br> xorg-x11-fonts <br> xorg-x11-proto-devel <br> xorg-x11-server <br> xorg-x11-server-utils <br> xorg-x11-server-Xwayland <br> xorg-x11-util-macros <br> xorg-x11-utils <br> xorg-x11-xauth <br> xorg-x11-xbitmaps <br> xorg-x11-xinit <br> xorg-x11-xkb-utils <br> xorg-x11-xtrans-devel <br> xrestop <br> xterm <br> xxhash <br> yajl <br> yaml-cpp <br> yasm <br> yelp-tools <br> yelp-xsl <br> ykclient <br> yp-tools <br> ypbind <br> ypserv <br> z3 <br> zenity <br> zerofree <br> zfs-fuse <br> zipper <br> zopfli <br> zziplib |
+| Fedora | [Fedora MIT License Declaration](https://fedoraproject.org/wiki/Licensing:Main?rd=Licensing#License_of_Fedora_SPEC_Files) | a52dec <br> abseil-cpp <br> accountsservice <br> acpica-tools <br> acpid <br> adcli <br> adobe-mappings-cmap <br> adobe-mappings-pdf <br> advancecomp <br> adwaita-icon-theme <br> afflib <br> aide <br> alsa-firmware <br> alsa-plugins <br> amtk <br> amtterm <br> annobin <br> ansible-freeipa <br> archivemount <br> arptables <br> arpwatch <br> asio <br> aspell <br> aspell-en <br> at <br> at-spi2-atk <br> at-spi2-core <br> atf <br> atk <br> atop <br> attr <br> audiofile <br> augeas <br> authbind <br> authd <br> authselect <br> autoconf213 <br> avahi <br> babeltrace <br> babeltrace2 <br> babl <br> baekmuk-ttf-fonts <br> bats <br> bcache-tools <br> biosdevname <br> blosc <br> bluez <br> bmake <br> bolt <br> boom-boot <br> booth <br> botan2 <br> breezy <br> brotli <br> buildah <br> busybox <br> bwidget <br> byacc <br> ca-certificates <br> cachefilesd <br> cairomm <br> calamares <br> capnproto <br> capstone <br> catatonit <br> catch <br> catch1 <br> cdrdao <br> celt051 <br> cereal <br> certmonger <br> cfitsio <br> cgdcbxd <br> chan <br> CharLS <br> checkpolicy <br> checksec <br> chrony <br> cim-schema <br> cjkuni-uming-fonts <br> cjose <br> ck <br> cldr-emoji-annotation <br> clucene <br> clutter <br> clutter-gst3 <br> clutter-gtk <br> cmocka <br> cogl <br> collectd <br> colm <br> color-filesystem <br> colord <br> colorize <br> compat-lua <br> compiler-rt <br> conda <br> conmon <br> conntrack-tools <br> console-setup <br> container-exception-logger <br> containernetworking-plugins <br> convmv <br> corosync <br> corosync-qdevice <br> cpp-hocon <br> cppcheck <br> cpprest <br> cpptest <br> cpufrequtils <br> cpuid <br> criu <br> crypto-policies <br> cryptsetup <br> cscope <br> ctags <br> CUnit <br> cups <br> custodia <br> Cython <br> dbus-c++ <br> dbus-python <br> dbxtool <br> dconf <br> dcraw <br> debootstrap <br> deltarpm <br> desktop-file-utils <br> device-mapper-persistent-data <br> dhcpcd <br> dietlibc <br> diffstat <br> ding-libs <br> discount <br> distribution-gpg-keys <br> dleyna-connector-dbus <br> dleyna-core <br> dmraid <br> dnf <br> dnf-plugins-core <br> docbook-dtds <br> docbook-simple <br> docbook-slides <br> docbook-style-dsssl <br> docbook-utils <br> docbook2X <br> docbook5-schemas <br> docbook5-style-xsl <br> dogtail <br> dos2unix <br> dotconf <br> dovecot <br> dpdk <br> dpkg <br> driverctl <br> dropwatch <br> drpm <br> duktape <br> dumpet <br> dvd+rw-tools <br> dwarves <br> dwz <br> dyninst <br> ebtables <br> edac-utils <br> edk2 <br> efax <br> efi-rpm-macros <br> egl-wayland <br> eglexternalplatform <br> elinks <br> enca <br> enchant <br> enchant2 <br> enscript <br> environment-modules <br> evemu <br> execstack <br> exempi <br> exiv2 <br> extra-cmake-modules <br> fabtests <br> facter <br> fakechroot <br> fakeroot <br> fdk-aac-free <br> fdupes <br> fence-virt <br> fetchmail <br> fftw <br> filebench <br> fio <br> fipscheck <br> firewalld <br> flac <br> flatbuffers <br> flite <br> fltk <br> fmt <br> fontawesome-fonts <br> fontawesome4-fonts <br> fontpackages <br> fonts-rpm-macros <br> foomatic-db <br> freeglut <br> freeipmi <br> freeradius <br> freetds <br> freexl <br> fribidi <br> fros <br> frr <br> fsverity-utils <br> fuse-overlayfs <br> fuse-sshfs <br> fuse-zip <br> fuse3 <br> future <br> fxload <br> gavl <br> gbenchmark <br> gconf-editor <br> GConf2 <br> gcovr <br> gcr <br> gdal <br> gdisk <br> gdk-pixbuf2 <br> generic-logos <br> genwqe-tools <br> geoclue2 <br> GeoIP <br> GeoIP-GeoLite-data <br> geolite2 <br> geos <br> gfs2-utils <br> ghc-srpm-macros <br> giflib <br> gl-manpages <br> glew <br> glm <br> glog <br> glslang <br> glusterfs <br> gnome-desktop-testing <br> gnome-doc-utils <br> gnome-icon-theme <br> gnome-keyring <br> gnu-efi <br> go-rpm-macros <br> gom <br> google-api-python-client <br> google-crosextra-caladea-fonts <br> google-crosextra-carlito-fonts <br> google-guice <br> google-noto-cjk-fonts <br> google-noto-emoji-fonts <br> google-roboto-slab-fonts <br> gphoto2 <br> gpm <br> gpsbabel <br> graphene <br> graphite2 <br> graphviz <br> grubby <br> gsettings-desktop-schemas <br> gsl <br> gsm <br> gspell <br> gssdp <br> gssntlmssp <br> gstreamer1 <br> gstreamer1-plugins-base <br> gtk-vnc <br> gtk2 <br> gtk3 <br> gtkspell <br> gupnp <br> gupnp-av <br> gupnp-dlna <br> gupnp-igd <br> hardening-check <br> hdf <br> hdf5 <br> heimdal <br> help2man <br> hexedit <br> hicolor-icon-theme <br> hiera <br> highlight <br> hivex <br> hostname <br> hping3 <br> hsakmt <br> htop <br> hunspell <br> hunspell-af <br> hunspell-ar <br> hunspell-as <br> hunspell-ast <br> hunspell-az <br> hunspell-be <br> hunspell-bg <br> hunspell-bn <br> hunspell-br <br> hunspell-ca <br> hunspell-cop <br> hunspell-csb <br> hunspell-cv <br> hunspell-cy <br> hunspell-da <br> hunspell-de <br> hunspell-dsb <br> hunspell-el <br> hunspell-en <br> hunspell-eo <br> hunspell-es <br> hunspell-et <br> hunspell-eu <br> hunspell-fa <br> hunspell-fj <br> hunspell-fo <br> hunspell-fr <br> hunspell-fur <br> hunspell-fy <br> hunspell-ga <br> hunspell-gd <br> hunspell-gl <br> hunspell-grc <br> hunspell-gu <br> hunspell-gv <br> hunspell-haw <br> hunspell-hi <br> hunspell-hil <br> hunspell-hr <br> hunspell-hsb <br> hunspell-ht <br> hunspell-hu <br> hunspell-hy <br> hunspell-ia <br> hunspell-id <br> hunspell-is <br> hunspell-it <br> hunspell-kk <br> hunspell-km <br> hunspell-kn <br> hunspell-ko <br> hunspell-ku <br> hunspell-ky <br> hunspell-la <br> hunspell-lb <br> hunspell-ln <br> hunspell-mai <br> hunspell-mg <br> hunspell-mi <br> hunspell-mk <br> hunspell-ml <br> hunspell-mn <br> hunspell-mos <br> hunspell-mr <br> hunspell-ms <br> hunspell-mt <br> hunspell-nds <br> hunspell-ne <br> hunspell-nl <br> hunspell-no <br> hunspell-nr <br> hunspell-nso <br> hunspell-ny <br> hunspell-om <br> hunspell-or <br> hunspell-pa <br> hunspell-pl <br> hunspell-pt <br> hunspell-quh <br> hunspell-ro <br> hunspell-ru <br> hunspell-rw <br> hunspell-se <br> hunspell-shs <br> hunspell-si <br> hunspell-sk <br> hunspell-sl <br> hunspell-smj <br> hunspell-so <br> hunspell-sq <br> hunspell-sr <br> hunspell-sv <br> hunspell-sw <br> hunspell-ta <br> hunspell-te <br> hunspell-tet <br> hunspell-th <br> hunspell-tk <br> hunspell-tl <br> hunspell-tn <br> hunspell-tpi <br> hunspell-ts <br> hunspell-uk <br> hunspell-uz <br> hunspell-ve <br> hunspell-vi <br> hunspell-wa <br> hunspell-xh <br> hunspell-yi <br> hwdata <br> hwloc <br> hyperscan <br> hyperv-daemons <br> hyphen <br> hyphen-as <br> hyphen-bg <br> hyphen-bn <br> hyphen-ca <br> hyphen-da <br> hyphen-de <br> hyphen-el <br> hyphen-es <br> hyphen-fa <br> hyphen-fo <br> hyphen-fr <br> hyphen-ga <br> hyphen-gl <br> hyphen-grc <br> hyphen-gu <br> hyphen-hi <br> hyphen-hsb <br> hyphen-hu <br> hyphen-ia <br> hyphen-id <br> hyphen-is <br> hyphen-it <br> hyphen-kn <br> hyphen-ku <br> hyphen-lt <br> hyphen-mi <br> hyphen-ml <br> hyphen-mn <br> hyphen-mr <br> hyphen-nl <br> hyphen-or <br> hyphen-pa <br> hyphen-pl <br> hyphen-pt <br> hyphen-ro <br> hyphen-ru <br> hyphen-sa <br> hyphen-sk <br> hyphen-sl <br> hyphen-sv <br> hyphen-ta <br> hyphen-te <br> hyphen-tk <br> hyphen-uk <br> ibus <br> ibus-chewing <br> ibus-hangul <br> ibus-kkc <br> ibus-libzhuyin <br> ibus-m17n <br> ibus-rawcode <br> ibus-sayura <br> ibus-table <br> ibus-table-chinese <br> icc-profiles-openicc <br> icon-naming-utils <br> icoutils <br> iftop <br> iio-sensor-proxy <br> ilmbase <br> im-chooser <br> imaptest <br> imsettings <br> indent <br> infinipath-psm <br> inih <br> iniparser <br> intel-cmt-cat <br> intel-ipsec-mb <br> ioping <br> IP2Location <br> ipa-pgothic-fonts <br> ipcalc <br> ipmitool <br> iprutils <br> iptraf-ng <br> iptstate <br> irssi <br> iscsi-initiator-utils <br> isns-utils <br> iso-codes <br> isomd5sum <br> iw <br> iwd <br> jabberpy <br> jakarta-servlet <br> jasper <br> javapackages-bootstrap <br> javapackages-tools <br> jbigkit <br> jdom2 <br> jemalloc <br> jfsutils <br> jimtcl <br> jose <br> js-jquery <br> jsoncpp <br> Judy <br> jurand <br> kata-containers <br> kde-filesystem <br> kde-settings <br> kexec-tools <br> keybinder3 <br> keycloak-httpd-client-install <br> kf <br> kf-kconfig <br> kf-kcoreaddons <br> kf-ki18n <br> kf-kwidgetsaddons <br> kpmcore <br> kronosnet <br> ksh <br> kyotocabinet <br> kyua <br> ladspa <br> lame <br> langtable <br> lapack <br> lasso <br> latencytop <br> lato-fonts <br> lcms2 <br> lcov <br> ldns <br> leatherman <br> ledmon <br> lensfun <br> leveldb <br> lftp <br> libabw <br> libaec <br> libao <br> libappstream-glib <br> libarrow <br> libart_lgpl <br> libasyncns <br> libatasmart <br> libavc1394 <br> libblockdev <br> libbpf <br> libbsd <br> libburn <br> libbytesize <br> libcacard <br> libcanberra <br> libcdio <br> libcdio-paranoia <br> libcdr <br> libcgroup <br> libchewing <br> libcli <br> libcmis <br> libcmpiutil <br> libcomps <br> libcroco <br> libdaemon <br> libdap <br> libdatrie <br> libdazzle <br> libdbi <br> libdbusmenu <br> libdc1394 <br> libdecor <br> libdeflate <br> libdmx <br> libdnf <br> libdrm <br> libdvdnav <br> libdvdread <br> libdwarf <br> libeasyfc <br> libecap <br> libecb <br> libei <br> libell <br> libEMF <br> libeot <br> libepoxy <br> libepubgen <br> libesmtp <br> libetonyek <br> libev <br> libevdev <br> libexif <br> libexttextcat <br> libfabric <br> libfontenc <br> libfreehand <br> libftdi <br> libgadu <br> libgdither <br> libgee <br> libgee06 <br> libgeotiff <br> libgexiv2 <br> libgit2 <br> libgit2-glib <br> libglade2 <br> libglvnd <br> libgovirt <br> libgphoto2 <br> libgsf <br> libgta <br> libguestfs <br> libgusb <br> libgxim <br> libgxps <br> libhangul <br> libhugetlbfs <br> libibcommon <br> libical <br> libICE <br> libicns <br> libid3tag <br> libIDL <br> libidn2 <br> libiec61883 <br> libieee1284 <br> libimobiledevice <br> libindicator <br> libinput <br> libiodbc <br> libipt <br> libiptcdata <br> libiscsi <br> libisoburn <br> libisofs <br> libjcat <br> libkcapi <br> libkeepalive <br> libkkc <br> libkkc-data <br> libkml <br> liblangtag <br> libldb <br> libldm <br> liblerc <br> liblockfile <br> liblognorm <br> liblouis <br> liblqr-1 <br> liblzf <br> libmad <br> libmd <br> libmediaart <br> libmicrohttpd <br> libmikmod <br> libmodman <br> libmodplug <br> libmodulemd1 <br> libmpcdec <br> libmspub <br> libmtp <br> libmusicbrainz5 <br> libmwaw <br> libnbd <br> libnet <br> libnetfilter_log <br> libnfs <br> libnotify <br> libntlm <br> libnumbertext <br> libnvme <br> liboauth <br> libodfgen <br> libofa <br> libogg <br> liboggz <br> liboil <br> libomxil-bellagio <br> libopenraw <br> liboping <br> libosinfo <br> libotf <br> libotr <br> libpagemaker <br> libpaper <br> libpciaccess <br> libpeas <br> libpfm <br> libpinyin <br> libplist <br> libpmemobj-cpp <br> libpng12 <br> libpng15 <br> libproxy <br> libpsm2 <br> libpwquality <br> libqb <br> libqxp <br> libraqm <br> LibRaw <br> libraw1394 <br> libreport <br> libreswan <br> librevenge <br> librsvg2 <br> librx <br> libsamplerate <br> libsass <br> libsecret <br> libsemanage <br> libsigc++20 <br> libsigsegv <br> libslirp <br> libSM <br> libsmbios <br> libsmi <br> libsndfile <br> libsodium <br> libspiro <br> libsrtp <br> libssh <br> libstaroffice <br> libstemmer <br> libstoragemgmt <br> libtdb <br> libteam <br> libtevent <br> libthai <br> libtnc <br> libtomcrypt <br> libtommath <br> libtpms <br> libtracecmd <br> libtraceevent <br> libtracefs <br> libtranslit <br> libucil <br> libunicap <br> libuninameslist <br> liburing <br> libusbmuxd <br> libuser <br> libutempter <br> libvarlink <br> libverto <br> libvirt-dbus <br> libvirt-glib <br> libvirt-java <br> libvirt-python <br> libvisio <br> libvisual <br> libvoikko <br> libvorbis <br> libvpx <br> libwacom <br> libwnck3 <br> libwpd <br> libwpe <br> libwpg <br> libwps <br> libwvstreams <br> libX11 <br> libXau <br> libXaw <br> libxcb <br> libXcomposite <br> libxcrypt <br> libXcursor <br> libxcvt <br> libXdamage <br> libXdmcp <br> libXext <br> libxfce4util <br> libXfixes <br> libXfont2 <br> libXft <br> libXi <br> libXinerama <br> libxkbcommon <br> libxkbfile <br> libxklavier <br> libxmlb <br> libXmu <br> libXpm <br> libXrandr <br> libXrender <br> libXres <br> libXScrnSaver <br> libxshmfence <br> libXt <br> libXtst <br> libXv <br> libXxf86vm <br> libyami <br> libyang <br> libyubikey <br> libzip <br> libzmf <br> lilv <br> linuxconsoletools <br> linuxptp <br> lksctp-tools <br> lldpd <br> lockdev <br> logwatch <br> lpsolve <br> lrzsz <br> lua <br> lua-expat <br> lua-filesystem <br> lua-json <br> lua-lpeg <br> lua-lunit <br> lua-rpm-macros <br> lua-term <br> luajit <br> lujavrite <br> luksmeta <br> lutok <br> lv2 <br> lzip <br> lzop <br> m17n-db <br> m17n-lib <br> mac-robber <br> mailcap <br> mailx <br> malaga <br> malaga-suomi-voikko <br> mallard-rng <br> man-pages-cs <br> man-pages-es <br> man-pages-it <br> man-pages-ja <br> man-pages-ko <br> man-pages-pl <br> man-pages-ru <br> man-pages-zh-CN <br> mandoc <br> mariadb-connector-c <br> mariadb-connector-odbc <br> marisa <br> maven-compiler-plugin <br> maven-jar-plugin <br> maven-resolver <br> maven-resources-plugin <br> maven-surefire <br> maven-wagon <br> mcelog <br> mcpp <br> mcstrans <br> mdadm <br> mdds <br> mdevctl <br> meanwhile <br> mecab <br> mecab-ipadic <br> media-player-info <br> memcached <br> memkind <br> mesa <br> mesa-libGLU <br> metis <br> microcode_ctl <br> microdnf <br> minicom <br> minizip <br> mksh <br> mobile-broadband-provider-info <br> mock <br> mock-core-configs <br> mod_auth_gssapi <br> mod_auth_mellon <br> mod_auth_openidc <br> mod_authnz_pam <br> mod_fcgid <br> mod_http2 <br> mod_intercept_form_submit <br> mod_lookup_identity <br> mod_md <br> mod_security <br> mod_security_crs <br> mod_wsgi <br> mokutil <br> mosh <br> mpage <br> mrtg <br> mstflint <br> mt-st <br> mtdev <br> mtools <br> mtr <br> mtx <br> munge <br> mutt <br> mythes <br> mythes-bg <br> mythes-ca <br> mythes-cs <br> mythes-da <br> mythes-de <br> mythes-el <br> mythes-en <br> mythes-eo <br> mythes-es <br> mythes-fr <br> mythes-ga <br> mythes-hu <br> mythes-mi <br> mythes-ne <br> mythes-nl <br> mythes-pl <br> mythes-pt <br> mythes-ro <br> mythes-ru <br> mythes-sk <br> mythes-sl <br> mythes-sv <br> mythes-uk <br> nbd <br> nbdkit <br> neon <br> netavark <br> netcdf <br> netcf <br> netlabel_tools <br> netpbm <br> netsniff-ng <br> nfs4-acl-tools <br> nftables <br> nilfs-utils <br> nkf <br> nload <br> nlopt <br> nodejs-packaging <br> nss-mdns <br> nss-pam-ldapd <br> nss_nis <br> nss_wrapper <br> ntfs-3g <br> ntfs-3g-system-compression <br> numad <br> numatop <br> numpy <br> nvmetcli <br> nvml <br> oath-toolkit <br> ocaml <br> ocaml-alcotest <br> ocaml-astring <br> ocaml-augeas <br> ocaml-base <br> ocaml-bigarray-compat <br> ocaml-bisect-ppx <br> ocaml-calendar <br> ocaml-camlp-streams <br> ocaml-camlp5 <br> ocaml-camomile <br> ocaml-cinaps <br> ocaml-cmdliner <br> ocaml-compiler-libs-janestreet <br> ocaml-cppo <br> ocaml-csexp <br> ocaml-csv <br> ocaml-ctypes <br> ocaml-curses <br> ocaml-dune <br> ocaml-extlib <br> ocaml-fileutils <br> ocaml-findlib <br> ocaml-fmt <br> ocaml-fpath <br> ocaml-gettext <br> ocaml-integers <br> ocaml-libvirt <br> ocaml-luv <br> ocaml-lwt <br> ocaml-markup <br> ocaml-mmap <br> ocaml-num <br> ocaml-ocamlbuild <br> ocaml-ocplib-endian <br> ocaml-ounit <br> ocaml-parsexp <br> ocaml-pp <br> ocaml-ppx-derivers <br> ocaml-ppx-here <br> ocaml-ppx-let <br> ocaml-ppxlib <br> ocaml-re <br> ocaml-react <br> ocaml-result <br> ocaml-seq <br> ocaml-sexplib <br> ocaml-sexplib0 <br> ocaml-srpm-macros <br> ocaml-stdio <br> ocaml-stdlib-random <br> ocaml-topkg <br> ocaml-tyxml <br> ocaml-uutf <br> ocaml-xml-light <br> ocaml-zarith <br> ocl-icd <br> oddjob <br> ogdi <br> omping <br> opa <br> opal <br> open-vm-tools <br> openblas <br> opencc <br> opencl-filesystem <br> opencl-headers <br> opencryptoki <br> opencsd <br> opendnssec <br> OpenEXR <br> openjade <br> openjpeg2 <br> openmpi <br> openobex <br> openoffice-lv <br> openrdate <br> opensc <br> openslp <br> opensm <br> opensp <br> openssl <br> openssl-ibmpkcs11 <br> openssl-pkcs11 <br> openwsman <br> optipng <br> opus <br> opusfile <br> orangefs <br> ORBit2 <br> orc <br> os-prober <br> osinfo-db <br> osinfo-db-tools <br> overpass-fonts <br> p11-kit <br> p7zip <br> pacemaker <br> pacrunner <br> pakchois <br> pam_krb5 <br> pam_wrapper <br> papi <br> paps <br> parallel <br> patchelf <br> patchutils <br> pbzip2 <br> pcp <br> pcsc-lite <br> pcsc-lite-ccid <br> PEGTL <br> perl <br> perl-Algorithm-C3 <br> perl-Algorithm-Diff <br> perl-Alien-Build <br> perl-Alien-pkgconf <br> perl-AnyEvent <br> perl-AnyEvent-AIO <br> perl-AnyEvent-BDB <br> perl-App-cpanminus <br> perl-App-FatPacker <br> perl-AppConfig <br> perl-Archive-Extract <br> perl-Archive-Zip <br> perl-Authen-SASL <br> perl-B-COW <br> perl-B-Debug <br> perl-B-Hooks-EndOfScope <br> perl-B-Hooks-OP-Check <br> perl-B-Keywords <br> perl-B-Lint <br> perl-bareword-filehandles <br> perl-Bit-Vector <br> perl-boolean <br> perl-Browser-Open <br> perl-BSD-Resource <br> perl-Business-ISBN <br> perl-Business-ISBN-Data <br> perl-Bytes-Random-Secure <br> perl-Capture-Tiny <br> perl-Carp-Clan <br> perl-CBOR-XS <br> perl-Class-Accessor <br> perl-Class-C3 <br> perl-Class-C3-XS <br> perl-Class-Data-Inheritable <br> perl-Class-Factory-Util <br> perl-Class-Inspector <br> perl-Class-ISA <br> perl-Class-Load <br> perl-Class-Load-XS <br> perl-Class-Method-Modifiers <br> perl-Class-Singleton <br> perl-Class-Tiny <br> perl-Class-XSAccessor <br> perl-Clone <br> perl-Color-ANSI-Util <br> perl-Color-RGB-Util <br> perl-ColorThemeBase-Static <br> perl-ColorThemeRole-ANSI <br> perl-ColorThemes-Standard <br> perl-ColorThemeUtil-ANSI <br> perl-Compress-Bzip2 <br> perl-Compress-LZF <br> perl-Compress-Raw-Lzma <br> perl-Config-AutoConf <br> perl-Config-INI <br> perl-Config-INI-Reader-Multiline <br> perl-Config-IniFiles <br> perl-Config-Simple <br> perl-Config-Tiny <br> perl-Const-Fast <br> perl-Convert-ASN1 <br> perl-Convert-Bencode <br> perl-Coro <br> perl-Coro-Multicore <br> perl-CPAN-Changes <br> perl-CPAN-DistnameInfo <br> perl-CPAN-Meta-Check <br> perl-Cpanel-JSON-XS <br> perl-Crypt-CBC <br> perl-Crypt-DES <br> perl-Crypt-IDEA <br> perl-Crypt-OpenSSL-Bignum <br> perl-Crypt-OpenSSL-Guess <br> perl-Crypt-OpenSSL-Random <br> perl-Crypt-OpenSSL-RSA <br> perl-Crypt-PasswdMD5 <br> perl-Crypt-Random-Seed <br> perl-CSS-Tiny <br> perl-Data-Dump <br> perl-Data-Munge <br> perl-Data-OptList <br> perl-Data-Peek <br> perl-Data-Section <br> perl-Data-UUID <br> perl-Date-Calc <br> perl-Date-ISO8601 <br> perl-Date-Manip <br> perl-DateTime <br> perl-DateTime-Format-Builder <br> perl-DateTime-Format-DateParse <br> perl-DateTime-Format-HTTP <br> perl-DateTime-Format-IBeat <br> perl-DateTime-Format-ISO8601 <br> perl-DateTime-Format-Mail <br> perl-DateTime-Format-Strptime <br> perl-DateTime-Locale <br> perl-DateTime-TimeZone <br> perl-DateTime-TimeZone-SystemV <br> perl-DateTime-TimeZone-Tzfile <br> perl-DBD-MySQL <br> perl-Devel-CallChecker <br> perl-Devel-Caller <br> perl-Devel-CheckBin <br> perl-Devel-CheckLib <br> perl-Devel-Cycle <br> perl-Devel-EnforceEncapsulation <br> perl-Devel-GlobalDestruction <br> perl-Devel-GlobalDestruction-XS <br> perl-Devel-Hide <br> perl-Devel-Leak <br> perl-Devel-LexAlias <br> perl-Devel-Refcount <br> perl-Devel-Size <br> perl-Devel-StackTrace <br> perl-Devel-Symdump <br> perl-Digest-BubbleBabble <br> perl-Digest-CRC <br> perl-Digest-HMAC <br> perl-Digest-SHA1 <br> perl-Dist-CheckConflicts <br> perl-DynaLoader-Functions <br> perl-Email-Address <br> perl-Email-Date-Format <br> perl-Encode-Detect <br> perl-Encode-EUCJPASCII <br> perl-Encode-IMAPUTF7 <br> perl-Encode-Locale <br> perl-Env-ShellWords <br> perl-Error <br> perl-EV <br> perl-Eval-Closure <br> perl-Event <br> perl-Exception-Class <br> perl-Expect <br> perl-ExtUtils-Config <br> perl-ExtUtils-Depends <br> perl-ExtUtils-Helpers <br> perl-ExtUtils-InstallPaths <br> perl-ExtUtils-PkgConfig <br> perl-FCGI <br> perl-Fedora-VSP <br> perl-FFI-CheckLib <br> perl-File-BaseDir <br> perl-File-BOM <br> perl-File-chdir <br> perl-File-CheckTree <br> perl-File-Copy-Recursive <br> perl-File-DesktopEntry <br> perl-File-Find-Object <br> perl-File-Find-Object-Rule <br> perl-File-Find-Rule <br> perl-File-Find-Rule-Perl <br> perl-File-Inplace <br> perl-File-Listing <br> perl-File-MimeInfo <br> perl-File-pushd <br> perl-File-ReadBackwards <br> perl-File-Remove <br> perl-File-ShareDir <br> perl-File-ShareDir-Install <br> perl-File-Slurp <br> perl-File-Slurp-Tiny <br> perl-File-Slurper <br> perl-File-Type <br> perl-Font-TTF <br> perl-FreezeThaw <br> perl-GD <br> perl-GD-Barcode <br> perl-generators <br> perl-Getopt-ArgvFile <br> perl-gettext <br> perl-Graphics-ColorNamesLite-WWW <br> perl-GSSAPI <br> perl-Guard <br> perl-Hook-LexWrap <br> perl-HTML-Parser <br> perl-HTML-Tagset <br> perl-HTML-Tree <br> perl-HTTP-Cookies <br> perl-HTTP-Daemon <br> perl-HTTP-Date <br> perl-HTTP-Message <br> perl-HTTP-Negotiate <br> perl-Image-Base <br> perl-Image-Info <br> perl-Image-Xbm <br> perl-Image-Xpm <br> perl-Import-Into <br> perl-Importer <br> perl-inc-latest <br> perl-indirect <br> perl-Inline-Files <br> perl-IO-AIO <br> perl-IO-All <br> perl-IO-CaptureOutput <br> perl-IO-Compress-Lzma <br> perl-IO-HTML <br> perl-IO-Multiplex <br> perl-IO-SessionData <br> perl-IO-Socket-INET6 <br> perl-IO-String <br> perl-IO-stringy <br> perl-IO-Tty <br> perl-IPC-Run <br> perl-IPC-Run3 <br> perl-IPC-System-Simple <br> perl-JSON <br> perl-JSON-Color <br> perl-JSON-MaybeXS <br> perl-LDAP <br> perl-libnet <br> perl-libwww-perl <br> perl-libxml-perl <br> perl-Lingua-EN-Inflect <br> perl-List-MoreUtils-XS <br> perl-local-lib <br> perl-Locale-Codes <br> perl-Locale-Maketext-Gettext <br> perl-Locale-Msgfmt <br> perl-Locale-PO <br> perl-Log-Message <br> perl-Log-Message-Simple <br> perl-LWP-MediaTypes <br> perl-LWP-Protocol-https <br> perl-Mail-AuthenticationResults <br> perl-Mail-DKIM <br> perl-Mail-IMAPTalk <br> perl-Mail-SPF <br> perl-MailTools <br> perl-Match-Simple <br> perl-Math-Int64 <br> perl-Math-Random-ISAAC <br> perl-MIME-Charset <br> perl-MIME-Lite <br> perl-MIME-Types <br> perl-Mixin-Linewise <br> perl-MLDBM <br> perl-Mock-Config <br> perl-Module-Build-Tiny <br> perl-Module-CPANfile <br> perl-Module-Implementation <br> perl-Module-Install-AuthorRequires <br> perl-Module-Install-AuthorTests <br> perl-Module-Install-AutoLicense <br> perl-Module-Install-GithubMeta <br> perl-Module-Install-ManifestSkip <br> perl-Module-Install-ReadmeFromPod <br> perl-Module-Install-ReadmeMarkdownFromPod <br> perl-Module-Install-Repository <br> perl-Module-Install-TestBase <br> perl-Module-Load-Util <br> perl-Module-Manifest <br> perl-Module-Manifest-Skip <br> perl-Module-Package <br> perl-Module-Package-Au <br> perl-Module-Pluggable <br> perl-Module-Runtime <br> perl-Module-Signature <br> perl-Mojolicious <br> perl-Moo <br> perl-Mozilla-CA <br> perl-Mozilla-LDAP <br> perl-MRO-Compat <br> perl-multidimensional <br> perl-namespace-autoclean <br> perl-namespace-clean <br> perl-Net-CIDR-Lite <br> perl-Net-Daemon <br> perl-Net-DNS <br> perl-Net-DNS-Resolver-Mock <br> perl-Net-DNS-Resolver-Programmable <br> perl-Net-HTTP <br> perl-Net-IMAP-Simple <br> perl-Net-IMAP-Simple-SSL <br> perl-Net-IP <br> perl-Net-LibIDN2 <br> perl-Net-Patricia <br> perl-Net-SMTP-SSL <br> perl-Net-SNMP <br> perl-Net-Telnet <br> perl-Newt <br> perl-NNTPClient <br> perl-NTLM <br> perl-Number-Compare <br> perl-Object-Deadly <br> perl-Object-HashBase <br> perl-Package-Anon <br> perl-Package-Constants <br> perl-Package-DeprecationManager <br> perl-Package-Generator <br> perl-Package-Stash <br> perl-Package-Stash-XS <br> perl-PadWalker <br> perl-Paper-Specs <br> perl-PAR-Dist <br> perl-Parallel-Iterator <br> perl-Params-Classify <br> perl-Params-Util <br> perl-Params-Validate <br> perl-Params-ValidationCompiler <br> perl-Parse-PMFile <br> perl-Parse-RecDescent <br> perl-Parse-Yapp <br> perl-Path-Tiny <br> perl-Perl-Critic <br> perl-Perl-Critic-More <br> perl-Perl-Destruct-Level <br> perl-Perl-MinimumVersion <br> perl-Perl4-CoreLibs <br> perl-PerlIO-gzip <br> perl-PerlIO-utf8_strict <br> perl-PkgConfig-LibPkgConf <br> perl-Pod-Coverage <br> perl-Pod-Coverage-TrustPod <br> perl-Pod-Escapes <br> perl-Pod-Eventual <br> perl-Pod-LaTeX <br> perl-Pod-Markdown <br> perl-Pod-Parser <br> perl-Pod-Plainer <br> perl-Pod-POM <br> perl-Pod-Spell <br> perl-PPI <br> perl-PPI-HTML <br> perl-PPIx-QuoteLike <br> perl-PPIx-Regexp <br> perl-PPIx-Utilities <br> perl-prefork <br> perl-Probe-Perl <br> perl-Razor-Agent <br> perl-Readonly <br> perl-Readonly-XS <br> perl-Ref-Util <br> perl-Ref-Util-XS <br> perl-Regexp-Pattern-Perl <br> perl-Return-MultiLevel <br> perl-Role-Tiny <br> perl-Scope-Guard <br> perl-Scope-Upper <br> perl-SGMLSpm <br> perl-SNMP_Session <br> perl-Socket6 <br> perl-Software-License <br> perl-Sort-Versions <br> perl-Specio <br> perl-Spiffy <br> perl-strictures <br> perl-String-CRC32 <br> perl-String-Format <br> perl-String-ShellQuote <br> perl-String-Similarity <br> perl-Sub-Exporter <br> perl-Sub-Exporter-Progressive <br> perl-Sub-Identify <br> perl-Sub-Infix <br> perl-Sub-Info <br> perl-Sub-Install <br> perl-Sub-Name <br> perl-Sub-Quote <br> perl-Sub-Uplevel <br> perl-SUPER <br> perl-Switch <br> perl-Syntax-Highlight-Engine-Kate <br> perl-Sys-CPU <br> perl-Sys-MemInfo <br> perl-Sys-Virt <br> perl-Taint-Runtime <br> perl-Task-Weaken <br> perl-Term-Size-Any <br> perl-Term-Size-Perl <br> perl-Term-Table <br> perl-Term-UI <br> perl-TermReadKey <br> perl-Test-Base <br> perl-Test-ClassAPI <br> perl-Test-CPAN-Meta <br> perl-Test-CPAN-Meta-JSON <br> perl-Test-Deep <br> perl-Test-Differences <br> perl-Test-DistManifest <br> perl-Test-Distribution <br> perl-Test-EOL <br> perl-Test-Exception <br> perl-Test-Exit <br> perl-Test-FailWarnings <br> perl-Test-Fatal <br> perl-Test-File <br> perl-Test-File-ShareDir <br> perl-Test-Harness <br> perl-Test-HasVersion <br> perl-Test-InDistDir <br> perl-Test-Inter <br> perl-Test-LeakTrace <br> perl-Test-LongString <br> perl-Test-Manifest <br> perl-Test-Memory-Cycle <br> perl-Test-MinimumVersion <br> perl-Test-MockObject <br> perl-Test-MockRandom <br> perl-Test-Needs <br> perl-Test-NoTabs <br> perl-Test-NoWarnings <br> perl-Test-Object <br> perl-Test-Output <br> perl-Test-Pod <br> perl-Test-Pod-Coverage <br> perl-Test-Portability-Files <br> perl-Test-Requires <br> perl-Test-RequiresInternet <br> perl-Test-Script <br> perl-Test-Simple <br> perl-Test-SubCalls <br> perl-Test-Synopsis <br> perl-Test-Taint <br> perl-Test-TrailingSpace <br> perl-Test-utf8 <br> perl-Test-Vars <br> perl-Test-Warn <br> perl-Test-Without-Module <br> perl-Test2-Plugin-NoWarnings <br> perl-Test2-Suite <br> perl-Test2-Tools-Explain <br> perl-Text-CharWidth <br> perl-Text-CSV_XS <br> perl-Text-Diff <br> perl-Text-Glob <br> perl-Text-Iconv <br> perl-Text-Soundex <br> perl-Text-Unidecode <br> perl-Text-WrapI18N <br> perl-Tie-IxHash <br> perl-TimeDate <br> perl-Tree-DAG_Node <br> perl-Unicode-EastAsianWidth <br> perl-Unicode-LineBreak <br> perl-Unicode-Map8 <br> perl-Unicode-String <br> perl-Unicode-UTF8 <br> perl-UNIVERSAL-can <br> perl-UNIVERSAL-isa <br> perl-Unix-Syslog <br> perl-URI <br> perl-Variable-Magic <br> perl-Version-Requirements <br> perl-WWW-RobotRules <br> perl-XML-Catalog <br> perl-XML-DOM <br> perl-XML-Dumper <br> perl-XML-Filter-BufferText <br> perl-XML-Generator <br> perl-XML-Grove <br> perl-XML-Handler-YAWriter <br> perl-XML-LibXML <br> perl-XML-LibXSLT <br> perl-XML-NamespaceSupport <br> perl-XML-Parser-Lite <br> perl-XML-RegExp <br> perl-XML-SAX <br> perl-XML-SAX-Base <br> perl-XML-SAX-Writer <br> perl-XML-Simple <br> perl-XML-TokeParser <br> perl-XML-TreeBuilder <br> perl-XML-Twig <br> perl-XML-Writer <br> perl-XML-XPath <br> perl-XML-XPathEngine <br> perl-XString <br> perl-YAML-LibYAML <br> perl-YAML-PP <br> perl-YAML-Syck <br> perltidy <br> pesign <br> phodav <br> php <br> php-pear <br> php-pecl-apcu <br> php-pecl-zip <br> physfs <br> picosat <br> pinfo <br> pipewire <br> pixman <br> pkcs11-helper <br> pkgconf <br> plexus-cipher <br> plexus-containers <br> plexus-sec-dispatcher <br> plotutils <br> pmdk-convert <br> pmix <br> pngcrush <br> pngnq <br> po4a <br> podman <br> poetry <br> policycoreutils <br> polkit-pkla-compat <br> polkit-qt-1 <br> portreserve <br> postfix <br> potrace <br> powertop <br> ppp <br> pps-tools <br> pptp <br> priv_wrapper <br> procmail <br> prometheus <br> prometheus-node-exporter <br> ps_mem <br> psacct <br> pssh <br> psutils <br> ptlib <br> publicsuffix-list <br> pugixml <br> pulseaudio <br> puppet <br> pwgen <br> pyatspi <br> pybind11 <br> pycairo <br> pyelftools <br> pyflakes <br> pygobject3 <br> PyGreSQL <br> pykickstart <br> pylint <br> pyparted <br> pyproject-rpm-macros <br> pyserial <br> python-absl-py <br> python-aiodns <br> python-aiohttp <br> python-alsa <br> python-argcomplete <br> python-argparse-manpage <br> python-astroid <br> python-astunparse <br> python-async-generator <br> python-augeas <br> python-azure-sdk <br> python-beautifulsoup4 <br> python-betamax <br> python-blinker <br> python-blivet <br> python-cached_property <br> python-charset-normalizer <br> python-cheetah <br> python-click <br> python-cmd2 <br> python-colorama <br> python-CommonMark <br> python-conda-package-handling <br> python-configshell <br> python-cpuinfo <br> python-cups <br> python-curio <br> python-cytoolz <br> python-d2to1 <br> python-dbus-client-gen <br> python-dbus-python-client-gen <br> python-dbus-signature-pyparsing <br> python-dbusmock <br> python-ddt <br> python-debtcollector <br> python-decorator <br> python-distlib <br> python-dmidecode <br> python-dns <br> python-dtopt <br> python-dulwich <br> python-editables <br> python-enchant <br> python-entrypoints <br> python-ethtool <br> python-evdev <br> python-extras <br> python-faker <br> python-fasteners <br> python-fastjsonschema <br> python-fields <br> python-filelock <br> python-fixtures <br> python-flake8 <br> python-flask <br> python-flit <br> python-flit-core <br> python-fluidity-sm <br> python-frozendict <br> python-funcsigs <br> python-gast <br> python-genshi <br> python-google-auth <br> python-google-auth-oauthlib <br> python-greenlet <br> python-gssapi <br> python-h5py <br> python-hatch-fancy-pypi-readme <br> python-hatch-vcs <br> python-hatchling <br> python-hs-dbus-signature <br> python-html5lib <br> python-httplib2 <br> python-humanize <br> python-hwdata <br> python-importlib-metadata <br> python-inotify <br> python-into-dbus-python <br> python-IPy <br> python-iso8601 <br> python-isodate <br> python-isort <br> python-itsdangerous <br> python-junitxml <br> python-justbases <br> python-justbytes <br> python-jwcrypto <br> python-jwt <br> python-kdcproxy <br> python-kerberos <br> python-kmod <br> python-kubernetes <br> python-lark <br> python-lazy-object-proxy <br> python-ldap <br> python-linux-procfs <br> python-lit <br> python-looseversion <br> python-markdown <br> python-markdown-it-py <br> python-mccabe <br> python-mdurl <br> python-memcached <br> python-mimeparse <br> python-mock <br> python-monotonic <br> python-more-itertools <br> python-mpmath <br> python-msal <br> python-msrestazure <br> python-mutagen <br> python-networkx <br> python-nose2 <br> python-ntlm-auth <br> python-oauth2client <br> python-openpyxl <br> python-openstackdocstheme <br> python-oslo-i18n <br> python-oslo-sphinx <br> python-paramiko <br> python-pathspec <br> python-pefile <br> python-pexpect <br> python-pkgconfig <br> python-platformdirs <br> python-pluggy <br> python-podman-api <br> python-poetry-core <br> python-process-tests <br> python-productmd <br> python-ptyprocess <br> python-pycares <br> python-pycosat <br> python-pydbus <br> python-pymongo <br> python-PyMySQL <br> python-pyperclip <br> python-pyproject-metadata <br> python-pyroute2 <br> python-pyrsistent <br> python-pysocks <br> python-pytest-benchmark <br> python-pytest-cov <br> python-pytest-expect <br> python-pytest-flake8 <br> python-pytest-flakes <br> python-pytest-forked <br> python-pytest-mock <br> python-pytest-relaxed <br> python-pytest-runner <br> python-pytest-subtests <br> python-pytest-timeout <br> python-pytest-xdist <br> python-pytoml <br> python-pyudev <br> python-pywbem <br> python-qrcode <br> python-rdflib <br> python-recommonmark <br> python-requests-file <br> python-requests-ftp <br> python-requests-kerberos <br> python-requests-mock <br> python-requests-oauthlib <br> python-requests-toolbelt <br> python-requests_ntlm <br> python-responses <br> python-retrying <br> python-rfc3986 <br> python-rich <br> python-rpm-generators <br> python-rpmfluff <br> python-rtslib <br> python-ruamel-yaml <br> python-ruamel-yaml-clib <br> python-s3transfer <br> python-schedutils <br> python-semantic_version <br> python-should_dsl <br> python-simpleline <br> python-slip <br> python-sniffio <br> python-sortedcontainers <br> python-soupsieve <br> python-sphinx <br> python-sphinx-epytext <br> python-sphinx-theme-py3doc-enhanced <br> python-sphinx_rtd_theme <br> python-sphinxcontrib-apidoc <br> python-sphinxcontrib-applehelp <br> python-sphinxcontrib-devhelp <br> python-sphinxcontrib-htmlhelp <br> python-sphinxcontrib-httpdomain <br> python-sphinxcontrib-jsmath <br> python-sphinxcontrib-qthelp <br> python-sphinxcontrib-serializinghtml <br> python-sqlalchemy <br> python-suds <br> python-systemd <br> python-tempita <br> python-templated-dictionary <br> python-termcolor <br> python-testpath <br> python-testresources <br> python-testscenarios <br> python-testtools <br> python-tidy <br> python-toml <br> python-tomli <br> python-toolz <br> python-tornado <br> python-tox <br> python-tox-current-env <br> python-tqdm <br> python-trio <br> python-trove-classifiers <br> python-typing-extensions <br> python-uamqp <br> python-unittest2 <br> python-uritemplate <br> python-urwid <br> python-varlink <br> python-versioneer <br> python-virt-firmware <br> python-voluptuous <br> python-waitress <br> python-webencodings <br> python-webtest <br> python-wheel <br> python-whoosh <br> python-winrm <br> python-wrapt <br> python-xlrd <br> python-xlsxwriter <br> python-xmltodict <br> python-yubico <br> python-zipp <br> python-zmq <br> python-zstd <br> python3-mallard-ducktype <br> python3-pytest-asyncio <br> python3-typed_ast <br> pyusb <br> pywbem <br> pyxattr <br> qemu <br> qhull <br> qpdf <br> qperf <br> qr-code-generator <br> qt-rpm-macros <br> qt5-qtconnectivity <br> qt5-qtsensors <br> qt5-qtserialport <br> qtbase <br> qtdeclarative <br> qtsvg <br> qttools <br> quagga <br> quota <br> radvd <br> ragel <br> raptor2 <br> rarian <br> rasdaemon <br> rasqal <br> rcs <br> rdist <br> rdma-core <br> re2 <br> re2c <br> realmd <br> rear <br> recode <br> resource-agents <br> rest <br> rhash <br> rlwrap <br> rp-pppoe <br> rpm-mpi-hooks <br> rpmdevtools <br> rpmlint <br> rr <br> rtkit <br> rtl-sdr <br> ruby-augeas <br> rubygem-bson <br> rubygem-coderay <br> rubygem-diff-lcs <br> rubygem-flexmock <br> rubygem-hpricot <br> rubygem-introspection <br> rubygem-liquid <br> rubygem-maruku <br> rubygem-metaclass <br> rubygem-mongo <br> rubygem-mustache <br> rubygem-mysql2 <br> rubygem-pkg-config <br> rubygem-rake <br> rubygem-rake-compiler <br> rubygem-ronn <br> rubygem-rouge <br> rubygem-rspec <br> rubygem-rspec-expectations <br> rubygem-rspec-mocks <br> rubygem-rspec-support <br> rubygem-thread_order <br> rusers <br> rust-cbindgen <br> samba <br> sanlock <br> sassist <br> satyr <br> sbc <br> sblim-cim-client2 <br> sblim-cmpi-base <br> sblim-cmpi-devel <br> sblim-cmpi-fsvol <br> sblim-cmpi-network <br> sblim-cmpi-nfsv3 <br> sblim-cmpi-nfsv4 <br> sblim-cmpi-params <br> sblim-cmpi-sysfs <br> sblim-cmpi-syslog <br> sblim-indication_helper <br> sblim-sfcb <br> sblim-sfcc <br> sblim-sfcCommon <br> sblim-testsuite <br> sblim-wbemcli <br> scl-utils <br> scotch <br> screen <br> scrub <br> SDL <br> SDL2 <br> SDL_sound <br> sdparm <br> seabios <br> secilc <br> selinux-policy <br> serd <br> setools <br> setserial <br> setuptool <br> sgabios <br> sgml-common <br> sgpio <br> shared-mime-info <br> sharutils <br> sip <br> sisu <br> skkdic <br> sleuthkit <br> slirp4netns <br> smartmontools <br> smc-tools <br> socket_wrapper <br> softhsm <br> sombok <br> sord <br> sos <br> sound-theme-freedesktop <br> soundtouch <br> sox <br> soxr <br> sparsehash <br> spausedd <br> speex <br> speexdsp <br> spice-protocol <br> spice-vdagent <br> spirv-headers <br> spirv-tools <br> splix <br> squashfs-tools <br> squid <br> sratom <br> sscg <br> star <br> startup-notification <br> stress-ng <br> stunnel <br> subscription-manager <br> subunit <br> suitesparse <br> SuperLU <br> supermin <br> switcheroo-control <br> swtpm <br> symlinks <br> sympy <br> sysfsutils <br> systemd <br> systemd-bootchart <br> t1lib <br> t1utils <br> taglib <br> tang <br> targetcli <br> tbb <br> tcl-pgtcl <br> tclx <br> teckit <br> telnet <br> thrift <br> tidy <br> time <br> tini <br> tinycdb <br> tix <br> tk <br> tlog <br> tmpwatch <br> tn5250 <br> tofrodos <br> tokyocabinet <br> trace-cmd <br> tss2 <br> ttembed <br> ttmkfdir <br> tuna <br> twolame <br> uchardet <br> uclibc-ng <br> ucpp <br> ucs-miscfixed-fonts <br> ucx <br> udftools <br> udica <br> udisks2 <br> uglify-js <br> uid_wrapper <br> unicode-emoji <br> unicode-ucd <br> unique3 <br> units <br> upower <br> uriparser <br> urlview <br> usb_modeswitch <br> usb_modeswitch-data <br> usbguard <br> usbip <br> usbmuxd <br> usbredir <br> usermode <br> ustr <br> uthash <br> uuid <br> uw-imap <br> v4l-utils <br> vhostmd <br> vino <br> virglrenderer <br> virt-p2v <br> virt-top <br> virt-what <br> virt-who <br> vitess <br> vmem <br> volume_key <br> vorbis-tools <br> vte291 <br> vulkan-headers <br> vulkan-loader <br> watchdog <br> wavpack <br> wayland <br> wayland-protocols <br> web-assets <br> webrtc-audio-processing <br> websocketpp <br> wget <br> whois <br> wireguard-tools <br> wireless-regdb <br> wireshark <br> woff2 <br> wordnet <br> words <br> wpebackend-fdo <br> wsmancli <br> wvdial <br> x3270 <br> xapian-core <br> Xaw3d <br> xcb-proto <br> xcb-util <br> xcb-util-image <br> xcb-util-keysyms <br> xcb-util-renderutil <br> xcb-util-wm <br> xdelta <br> xdg-dbus-proxy <br> xdg-utils <br> xdp-tools <br> xerces-c <br> xfconf <br> xfsdump <br> xhtml1-dtds <br> xkeyboard-config <br> xmlstarlet <br> xmltoman <br> xmvn <br> xorg-x11-apps <br> xorg-x11-drv-libinput <br> xorg-x11-font-utils <br> xorg-x11-fonts <br> xorg-x11-proto-devel <br> xorg-x11-server <br> xorg-x11-server-utils <br> xorg-x11-server-Xwayland <br> xorg-x11-util-macros <br> xorg-x11-utils <br> xorg-x11-xauth <br> xorg-x11-xbitmaps <br> xorg-x11-xinit <br> xorg-x11-xkb-utils <br> xorg-x11-xtrans-devel <br> xrestop <br> xterm <br> xxhash <br> yajl <br> yaml-cpp <br> yasm <br> yelp-tools <br> yelp-xsl <br> ykclient <br> yp-tools <br> ypbind <br> ypserv <br> z3 <br> zenity <br> zerofree <br> zfs-fuse <br> zipper <br> zopfli <br> zziplib |
 | Fedora (Copyright Remi Collet) | [CC-BY-SA 4.0](https://creativecommons.org/licenses/by-sa/4.0/legalcode) | libmemcached-awesome <br> librabbitmq |
 | Fedora (ISC) | [ISC License](https://github.com/sarugaku/resolvelib/blob/main/LICENSE) | python-resolvelib |
 | Magnus Edenhill Open Source | [Magnus Edenhill Open Source BSD License](https://github.com/jemalloc/jemalloc/blob/dev/COPYING) | librdkafka |
diff --git a/LICENSES-AND-NOTICES/SPECS/data/licenses.json b/LICENSES-AND-NOTICES/SPECS/data/licenses.json
index ebfae67c862..e5561df2ad7 100644
--- a/LICENSES-AND-NOTICES/SPECS/data/licenses.json
+++ b/LICENSES-AND-NOTICES/SPECS/data/licenses.json
@@ -922,6 +922,7 @@
                 "mod_security_crs",
                 "mod_wsgi",
                 "mokutil",
+                "mosh",
                 "mpage",
                 "mrtg",
                 "mstflint",
diff --git a/SPECS-EXTENDED/mosh/mosh.signatures.json b/SPECS-EXTENDED/mosh/mosh.signatures.json
new file mode 100644
index 00000000000..362fd010ebc
--- /dev/null
+++ b/SPECS-EXTENDED/mosh/mosh.signatures.json
@@ -0,0 +1,5 @@
+{
+ "Signatures": {
+  "mosh-1.4.0.tar.gz": "872e4b134e5df29c8933dff12350785054d2fd2839b5ae6b5587b14db1465ddd"
+ }
+}
diff --git a/SPECS-EXTENDED/mosh/mosh.spec b/SPECS-EXTENDED/mosh/mosh.spec
new file mode 100644
index 00000000000..b0ffe7dada1
--- /dev/null
+++ b/SPECS-EXTENDED/mosh/mosh.spec
@@ -0,0 +1,231 @@
+Name:           mosh
+Version:        1.4.0
+Release:        7%{?dist}
+Summary:        Mobile shell that supports roaming and intelligent local echo
+Vendor:         Microsoft Corporation
+Distribution:   Azure Linux
+
+License:        GPLv3+
+URL:            https://mosh.mit.edu/
+Source0:        https://github.com/mobile-shell/mosh/releases/download/%{name}-%{version}/%{name}-%{version}.tar.gz
+
+BuildRequires:  libutempter-devel
+BuildRequires:  ncurses-devel
+BuildRequires:  openssl-devel
+BuildRequires:  perl-diagnostics
+BuildRequires:  perl-generators
+BuildRequires:  protobuf-compiler
+BuildRequires:  protobuf-devel
+BuildRequires:  protobuf-static
+BuildRequires:  zlib-devel
+BuildRequires:  gcc
+BuildRequires:  gcc-c++
+BuildRequires:  make
+Requires:       openssh-clients
+Requires:       openssl
+Requires:       perl-IO-Socket-IP
+
+%description
+Mosh is a remote terminal application that supports:
+  - intermittent network connectivity,
+  - roaming to different IP address without dropping the connection, and
+  - intelligent local echo and line editing to reduce the effects
+    of "network lag" on high-latency connections.
+
+
+%prep
+%autosetup -p1
+
+
+%build
+export CXXFLAGS="${CXXFLAGS} -std=c++17"
+%configure --disable-silent-rules CC=gcc CXX=g++
+%make_build
+
+
+%install
+%make_install
+
+
+%files
+%doc README.md ChangeLog
+%license COPYING
+%{_bindir}/mosh
+%{_bindir}/mosh-client
+%{_bindir}/mosh-server
+%{_mandir}/man1/mosh.1.gz
+%{_mandir}/man1/mosh-client.1.gz
+%{_mandir}/man1/mosh-server.1.gz
+
+
+%changelog
+- Tue Sep 24 2024 Rohit Rawat <rohitrawat@microsoft.com> - 1.4.0-7
+- AzureLinux move from 2.0 branch to 3.0
+
+* Sun Aug 11 2024 Chris Co <chrco@microsoft.com> - 1.4.0-6
+- Initial Azure Linux import from Fedora 40 (license: MIT)
+- License verified
+
+* Thu Jan 25 2024 Fedora Release Engineering <releng@fedoraproject.org> - 1.4.0-5
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
+
+* Sun Jan 21 2024 Fedora Release Engineering <releng@fedoraproject.org> - 1.4.0-4
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
+
+* Thu Jul 20 2023 Fedora Release Engineering <releng@fedoraproject.org> - 1.4.0-3
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild
+
+* Thu Jan 19 2023 Fedora Release Engineering <releng@fedoraproject.org> - 1.4.0-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild
+
+* Wed Oct 26 2022 Alex Chernyakhovsky <achernya@mit.edu> - 1.4.0-1
+- Update to mosh 1.4.0
+
+* Thu Jul 21 2022 Fedora Release Engineering <releng@fedoraproject.org> - 1.3.2-15
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild
+
+* Tue Apr 05 2022 Michal Josef Špaček <mspacek@redhat.com> - 1.3.2-14
+- Remove dependency to obsolete IO::Socket::INET6
+
+* Thu Jan 20 2022 Fedora Release Engineering <releng@fedoraproject.org> - 1.3.2-13
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild
+
+* Sat Nov 06 2021 Adrian Reber <adrian@lisas.de> - 1.3.2-12
+- Rebuilt for protobuf 3.19.0
+
+* Tue Oct 26 2021 Adrian Reber <adrian@lisas.de> - 1.3.2-11
+- Rebuilt for protobuf 3.18.1
+
+* Tue Sep 14 2021 Sahana Prasad <sahana@redhat.com> - 1.3.2-10
+- Rebuilt with OpenSSL 3.0.0
+
+* Thu Jul 22 2021 Fedora Release Engineering <releng@fedoraproject.org> - 1.3.2-9
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild
+
+* Tue Jan 26 2021 Fedora Release Engineering <releng@fedoraproject.org> - 1.3.2-8
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
+
+* Thu Jan 14 08:32:44 CET 2021 Adrian Reber <adrian@lisas.de> - 1.3.2-7
+- Rebuilt for protobuf 3.14
+
+* Thu Sep 24 2020 Adrian Reber <adrian@lisas.de> - 1.3.2-6
+- Rebuilt for protobuf 3.13
+
+* Tue Jul 28 2020 Fedora Release Engineering <releng@fedoraproject.org> - 1.3.2-5
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
+
+* Sun Jun 14 2020 Adrian Reber <adrian@lisas.de> - 1.3.2-4
+- Rebuilt for protobuf 3.12
+
+* Wed Jan 29 2020 Fedora Release Engineering <releng@fedoraproject.org> - 1.3.2-3
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
+
+* Thu Dec 19 2019 Orion Poplawski <orion@nwra.com> - 1.3.2-2
+- Rebuild for protobuf 3.11
+
+* Sun Sep 22 2019 Alex Chernyakhovsky <achernya@mit.edu> - 1.3.2-1
+- Update to mosh 1.3.2
+
+* Thu Jul 25 2019 Fedora Release Engineering <releng@fedoraproject.org> - 1.3.0-11
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
+
+* Fri Feb 01 2019 Fedora Release Engineering <releng@fedoraproject.org> - 1.3.0-10
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
+
+* Wed Nov 21 2018 Igor Gnatenko <ignatenkobrain@fedoraproject.org> - 1.3.0-9
+- Rebuild for protobuf 3.6
+
+* Fri Jul 13 2018 Fedora Release Engineering <releng@fedoraproject.org> - 1.3.0-8
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
+
+* Thu Feb 08 2018 Fedora Release Engineering <releng@fedoraproject.org> - 1.3.0-7
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild
+
+* Wed Nov 29 2017 Igor Gnatenko <ignatenko@redhat.com> - 1.3.0-6
+- Rebuild for protobuf 3.5
+
+* Mon Nov 13 2017 Igor Gnatenko <ignatenkobrain@fedoraproject.org> - 1.3.0-5
+- Rebuild for protobuf 3.4
+
+* Thu Aug 03 2017 Fedora Release Engineering <releng@fedoraproject.org> - 1.3.0-4
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild
+
+* Wed Jul 26 2017 Fedora Release Engineering <releng@fedoraproject.org> - 1.3.0-3
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild
+
+* Tue Jun 13 2017 Orion Poplawski <orion@cora.nwra.com> - 1.3.0-2
+- Rebuild for protobuf 3.3.1
+
+* Sun Mar 26 2017 Alex Chernyakhovsky <achernya@mit.edu> - 1.3.0-1
+- Update to mosh 1.3.0
+
+* Fri Feb 10 2017 Fedora Release Engineering <releng@fedoraproject.org> - 1.2.6-4
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild
+
+* Thu Jan 26 2017 Orion Poplawski <orion@cora.nwra.com> - 1.2.6-3
+- Rebuild for protobuf 3.2.0
+
+* Sat Nov 19 2016 Orion Poplawski <orion@cora.nwra.com> - 1.2.6-2
+- Rebuild for protobuf 3.1.0
+
+* Wed Aug 10 2016 Alex Chernyakhovsky <achernya@mit.edu> - 1.2.6-1
+- Update to mosh 1.2.6
+
+* Mon Feb 08 2016 Ralf Corsépius <corsepiu@fedoraproject.org> - 1.2.5-3
+- Let package honor RPM_OPT_FLAGS (Fix F24FTBFS).
+- Add %%license.
+- Make building verbose.
+
+* Thu Feb 04 2016 Fedora Release Engineering <releng@fedoraproject.org> - 1.2.5-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild
+
+* Thu Aug  6 2015 Alex Chernyakhovsky <achernya@mit.edu> - 1.2.5-1
+- Update to mosh 1.2.5
+
+* Wed Jun 17 2015 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.2.4-7
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild
+
+* Sun Apr 26 2015 Alex Chernyakhovsky <achernya@mit.edu> - 1.2.4-6
+- Rebuild for protobuf version bump.
+
+* Sun Aug 17 2014 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.2.4-5
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild
+
+* Sat Jun 07 2014 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.2.4-4
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild
+
+* Sat Aug 03 2013 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.2.4-3
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild
+
+* Wed Jul 17 2013 Petr Pisar <ppisar@redhat.com> - 1.2.4-2
+- Perl 5.18 rebuild
+
+* Wed Mar 27 2013 Alexander Chernyakhovsky <achernya@mit.edu> - 1.2.4-1
+- Update to mosh 1.2.4
+
+* Sun Mar 10 2013 Alexander Chernyakhovsky <achernya@mit.edu> - 1.2.3-3
+- Rebuilt for Protobuf API change from 2.4.1 to 2.5.0
+
+* Thu Feb 14 2013 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.2.3-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild
+
+* Fri Oct 19 2012 Alexander Chernyakhovsky <achernya@mit.edu> - 1.2.3-1
+- Update to mosh 1.2.3
+
+* Fri Jul 20 2012 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.2.2-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild
+
+* Wed Jun 13 2012 Alexander Chernyakhovsky <achernya@mit.edu> - 1.2.2-1
+- Update to mosh 1.2.2
+
+* Sat Apr 28 2012 Alexander Chernyakhovsky <achernya@mit.edu> - 1.2-2
+- Add -g and -O2 CFLAGS
+
+* Fri Apr 27 2012 Alexander Chernyakhovsky <achernya@mit.edu> - 1.2-1
+- Update to mosh 1.2.
+
+* Mon Mar 26 2012 Alexander Chernyakhovsky <achernya@mit.edu> - 1.1.1-1
+- Update to mosh 1.1.1.
+
+* Wed Mar 21 2012 Alexander Chernyakhovsky <achernya@mit.edu> - 1.1-1
+- Initial packaging for mosh.
diff --git a/cgmanifest.json b/cgmanifest.json
index 8ebd4f58608..674764918ea 100644
--- a/cgmanifest.json
+++ b/cgmanifest.json
@@ -13287,6 +13287,16 @@
         }
       }
     },
+    {
+      "component": {
+        "type": "other",
+        "other": {
+          "name": "mosh",
+          "version": "1.4.0",
+          "downloadUrl": "https://github.com/mobile-shell/mosh/releases/download/mosh-1.4.0/mosh-1.4.0.tar.gz"
+        }
+      }
+    },
     {
       "component": {
         "type": "other",

From 05608ba202263a5085f352dc7479b5b2f4236447 Mon Sep 17 00:00:00 2001
From: Christopher Co <35273088+christopherco@users.noreply.github.com>
Date: Tue, 24 Sep 2024 09:48:49 -0700
Subject: [PATCH 19/59] kernel: enable MLX5 TC Offload (#10519)

Add kernel support for MLX5 Traffic Classification offload

Signed-off-by: Chris Co <chrco@microsoft.com>
---
 SPECS-SIGNED/kernel-signed/kernel-signed.spec         |  5 ++++-
 SPECS-SIGNED/kernel-uki-signed/kernel-uki-signed.spec |  5 ++++-
 SPECS/kernel-headers/kernel-headers.spec              |  5 ++++-
 SPECS/kernel/config                                   | 11 +++++++++--
 SPECS/kernel/kernel-uki.spec                          |  5 ++++-
 SPECS/kernel/kernel.signatures.json                   |  2 +-
 SPECS/kernel/kernel.spec                              |  5 ++++-
 .../manifests/package/pkggen_core_aarch64.txt         |  2 +-
 .../manifests/package/pkggen_core_x86_64.txt          |  2 +-
 .../resources/manifests/package/toolchain_aarch64.txt |  2 +-
 .../resources/manifests/package/toolchain_x86_64.txt  |  4 ++--
 11 files changed, 35 insertions(+), 13 deletions(-)

diff --git a/SPECS-SIGNED/kernel-signed/kernel-signed.spec b/SPECS-SIGNED/kernel-signed/kernel-signed.spec
index fbb1627a5f1..7c17746bfd0 100644
--- a/SPECS-SIGNED/kernel-signed/kernel-signed.spec
+++ b/SPECS-SIGNED/kernel-signed/kernel-signed.spec
@@ -10,7 +10,7 @@
 Summary:        Signed Linux Kernel for %{buildarch} systems
 Name:           kernel-signed-%{buildarch}
 Version:        6.6.51.1
-Release:        1%{?dist}
+Release:        2%{?dist}
 License:        GPLv2
 Vendor:         Microsoft Corporation
 Distribution:   Azure Linux
@@ -145,6 +145,9 @@ echo "initrd of kernel %{uname_r} removed" >&2
 %exclude /module_info.ld
 
 %changelog
+* Fri Sep 20 2024 Chris Co <chrco@microsoft.com> - 6.6.51.1-2
+- Bump release to match kernel
+
 * Wed Sep 18 2024 CBL-Mariner Servicing Account <cblmargh@microsoft.com> - 6.6.51.1-1
 - Auto-upgrade to 6.6.51.1
 
diff --git a/SPECS-SIGNED/kernel-uki-signed/kernel-uki-signed.spec b/SPECS-SIGNED/kernel-uki-signed/kernel-uki-signed.spec
index 831de65476d..67a53fbb6c6 100644
--- a/SPECS-SIGNED/kernel-uki-signed/kernel-uki-signed.spec
+++ b/SPECS-SIGNED/kernel-uki-signed/kernel-uki-signed.spec
@@ -6,7 +6,7 @@
 Summary:        Signed Unified Kernel Image for %{buildarch} systems
 Name:           kernel-uki-signed-%{buildarch}
 Version:        6.6.51.1
-Release:        1%{?dist}
+Release:        2%{?dist}
 License:        GPLv2
 Vendor:         Microsoft Corporation
 Distribution:   Azure Linux
@@ -68,6 +68,9 @@ popd
 /boot/efi/EFI/Linux/vmlinuz-uki-%{kernelver}.efi
 
 %changelog
+* Fri Sep 20 2024 Chris Co <chrco@microsoft.com> - 6.6.51.1-2
+- Bump release to match kernel
+
 * Wed Sep 18 2024 CBL-Mariner Servicing Account <cblmargh@microsoft.com> - 6.6.51.1-1
 - Auto-upgrade to 6.6.51.1
 
diff --git a/SPECS/kernel-headers/kernel-headers.spec b/SPECS/kernel-headers/kernel-headers.spec
index 0967beffe55..f5a846e2ddf 100644
--- a/SPECS/kernel-headers/kernel-headers.spec
+++ b/SPECS/kernel-headers/kernel-headers.spec
@@ -14,7 +14,7 @@
 Summary:        Linux API header files
 Name:           kernel-headers
 Version:        6.6.51.1
-Release:        1%{?dist}
+Release:        2%{?dist}
 License:        GPLv2
 Vendor:         Microsoft Corporation
 Distribution:   Azure Linux
@@ -75,6 +75,9 @@ done
 %endif
 
 %changelog
+* Fri Sep 20 2024 Chris Co <chrco@microsoft.com> - 6.6.51.1-2
+- Bump release to match kernel
+
 * Wed Sep 18 2024 CBL-Mariner Servicing Account <cblmargh@microsoft.com> - 6.6.51.1-1
 - Auto-upgrade to 6.6.51.1
 
diff --git a/SPECS/kernel/config b/SPECS/kernel/config
index 089c20f6310..ffa57cbd089 100644
--- a/SPECS/kernel/config
+++ b/SPECS/kernel/config
@@ -1334,6 +1334,7 @@ CONFIG_NF_TABLES_INET=y
 CONFIG_NF_TABLES_NETDEV=y
 CONFIG_NFT_NUMGEN=m
 CONFIG_NFT_CT=m
+CONFIG_NFT_FLOW_OFFLOAD=m
 CONFIG_NFT_CONNLIMIT=m
 CONFIG_NFT_LOG=m
 CONFIG_NFT_LIMIT=m
@@ -1357,7 +1358,9 @@ CONFIG_NFT_TPROXY=m
 # CONFIG_NFT_DUP_NETDEV is not set
 # CONFIG_NFT_FWD_NETDEV is not set
 # CONFIG_NFT_REJECT_NETDEV is not set
-# CONFIG_NF_FLOW_TABLE is not set
+# CONFIG_NF_FLOW_TABLE_INET is not set
+CONFIG_NF_FLOW_TABLE=m
+# CONFIG_NF_FLOW_TABLE_PROCFS is not set
 CONFIG_NETFILTER_XTABLES=y
 CONFIG_NETFILTER_XTABLES_COMPAT=y
 
@@ -1732,8 +1735,9 @@ CONFIG_NET_ACT_BPF=m
 # CONFIG_NET_ACT_SKBMOD is not set
 # CONFIG_NET_ACT_IFE is not set
 CONFIG_NET_ACT_TUNNEL_KEY=m
+CONFIG_NET_ACT_CT=m
 # CONFIG_NET_ACT_GATE is not set
-# CONFIG_NET_TC_SKB_EXT is not set
+CONFIG_NET_TC_SKB_EXT=y
 CONFIG_NET_SCH_FIFO=y
 CONFIG_DCB=y
 CONFIG_DNS_RESOLVER=m
@@ -2715,6 +2719,9 @@ CONFIG_MLX5_EN_RXNFC=y
 CONFIG_MLX5_MPFS=y
 CONFIG_MLX5_ESWITCH=y
 CONFIG_MLX5_BRIDGE=y
+CONFIG_MLX5_CLS_ACT=y
+CONFIG_MLX5_TC_CT=y
+CONFIG_MLX5_TC_SAMPLE=y
 CONFIG_MLX5_CORE_EN_DCB=y
 CONFIG_MLX5_CORE_IPOIB=y
 CONFIG_MLX5_EN_IPSEC=y
diff --git a/SPECS/kernel/kernel-uki.spec b/SPECS/kernel/kernel-uki.spec
index ef4f96f321b..4537fa849ff 100644
--- a/SPECS/kernel/kernel-uki.spec
+++ b/SPECS/kernel/kernel-uki.spec
@@ -18,7 +18,7 @@
 Summary:        Unified Kernel Image
 Name:           kernel-uki
 Version:        6.6.51.1
-Release:        1%{?dist}
+Release:        2%{?dist}
 License:        GPLv2
 Vendor:         Microsoft Corporation
 Distribution:   Azure Linux
@@ -75,6 +75,9 @@ cp %{buildroot}/boot/vmlinuz-uki-%{kernelver}.efi %{buildroot}/boot/efi/EFI/Linu
 /boot/efi/EFI/Linux/vmlinuz-uki-%{kernelver}.efi
 
 %changelog
+* Fri Sep 20 2024 Chris Co <chrco@microsoft.com> - 6.6.51.1-2
+- Bump release to match kernel
+
 * Wed Sep 18 2024 CBL-Mariner Servicing Account <cblmargh@microsoft.com> - 6.6.51.1-1
 - Auto-upgrade to 6.6.51.1
 
diff --git a/SPECS/kernel/kernel.signatures.json b/SPECS/kernel/kernel.signatures.json
index 10836b374d8..62ddd47bec0 100644
--- a/SPECS/kernel/kernel.signatures.json
+++ b/SPECS/kernel/kernel.signatures.json
@@ -1,7 +1,7 @@
 {
   "Signatures": {
     "cbl-mariner-ca-20211013.pem": "5ef124b0924cb1047c111a0ecff1ae11e6ad7cac8d1d9b40f98f99334121f0b0",
-    "config": "045855402fe4a82bcc2eebbdfaf6eee395b1b4d215e336e0ee75e7a11d79146a",
+    "config": "e4fca2e2d948f3e0d88f41ec66d463b95ffdc1f4f096693bc5734a0ef7262c56",
     "config_aarch64": "cc95198e3a70fa025f4ad78723d0e220a2a023edad31e89854d0e8ad84986209",
     "cpupower": "d7518767bf2b1110d146a49c7d42e76b803f45eb8bd14d931aa6d0d346fae985",
     "cpupower.service": "b057fe9e5d0e8c36f485818286b80e3eba8ff66ff44797940e99b1fd5361bb98",
diff --git a/SPECS/kernel/kernel.spec b/SPECS/kernel/kernel.spec
index c9016553b8c..4208096d9ef 100644
--- a/SPECS/kernel/kernel.spec
+++ b/SPECS/kernel/kernel.spec
@@ -30,7 +30,7 @@
 Summary:        Linux Kernel
 Name:           kernel
 Version:        6.6.51.1
-Release:        1%{?dist}
+Release:        2%{?dist}
 License:        GPLv2
 Vendor:         Microsoft Corporation
 Distribution:   Azure Linux
@@ -407,6 +407,9 @@ echo "initrd of kernel %{uname_r} removed" >&2
 %{_sysconfdir}/bash_completion.d/bpftool
 
 %changelog
+* Fri Sep 20 2024 Chris Co <chrco@microsoft.com> - 6.6.51.1-2
+- Enable MLX5 TC offload
+
 * Wed Sep 18 2024 CBL-Mariner Servicing Account <cblmargh@microsoft.com> - 6.6.51.1-1
 - Auto-upgrade to 6.6.51.1
 
diff --git a/toolkit/resources/manifests/package/pkggen_core_aarch64.txt b/toolkit/resources/manifests/package/pkggen_core_aarch64.txt
index e097b6e869d..2ca73cf875c 100644
--- a/toolkit/resources/manifests/package/pkggen_core_aarch64.txt
+++ b/toolkit/resources/manifests/package/pkggen_core_aarch64.txt
@@ -1,5 +1,5 @@
 filesystem-1.1-21.azl3.aarch64.rpm
-kernel-headers-6.6.51.1-1.azl3.noarch.rpm
+kernel-headers-6.6.51.1-2.azl3.noarch.rpm
 glibc-2.38-8.azl3.aarch64.rpm
 glibc-devel-2.38-8.azl3.aarch64.rpm
 glibc-i18n-2.38-8.azl3.aarch64.rpm
diff --git a/toolkit/resources/manifests/package/pkggen_core_x86_64.txt b/toolkit/resources/manifests/package/pkggen_core_x86_64.txt
index 61f7304343e..937d74602cd 100644
--- a/toolkit/resources/manifests/package/pkggen_core_x86_64.txt
+++ b/toolkit/resources/manifests/package/pkggen_core_x86_64.txt
@@ -1,5 +1,5 @@
 filesystem-1.1-21.azl3.x86_64.rpm
-kernel-headers-6.6.51.1-1.azl3.noarch.rpm
+kernel-headers-6.6.51.1-2.azl3.noarch.rpm
 glibc-2.38-8.azl3.x86_64.rpm
 glibc-devel-2.38-8.azl3.x86_64.rpm
 glibc-i18n-2.38-8.azl3.x86_64.rpm
diff --git a/toolkit/resources/manifests/package/toolchain_aarch64.txt b/toolkit/resources/manifests/package/toolchain_aarch64.txt
index 714c1e64771..4c51a93003f 100644
--- a/toolkit/resources/manifests/package/toolchain_aarch64.txt
+++ b/toolkit/resources/manifests/package/toolchain_aarch64.txt
@@ -156,7 +156,7 @@ intltool-0.51.0-7.azl3.noarch.rpm
 itstool-2.0.7-1.azl3.noarch.rpm
 kbd-2.2.0-2.azl3.aarch64.rpm
 kbd-debuginfo-2.2.0-2.azl3.aarch64.rpm
-kernel-headers-6.6.51.1-1.azl3.noarch.rpm
+kernel-headers-6.6.51.1-2.azl3.noarch.rpm
 kmod-30-1.azl3.aarch64.rpm
 kmod-debuginfo-30-1.azl3.aarch64.rpm
 kmod-devel-30-1.azl3.aarch64.rpm
diff --git a/toolkit/resources/manifests/package/toolchain_x86_64.txt b/toolkit/resources/manifests/package/toolchain_x86_64.txt
index b5827a34ade..41428d096ce 100644
--- a/toolkit/resources/manifests/package/toolchain_x86_64.txt
+++ b/toolkit/resources/manifests/package/toolchain_x86_64.txt
@@ -161,8 +161,8 @@ intltool-0.51.0-7.azl3.noarch.rpm
 itstool-2.0.7-1.azl3.noarch.rpm
 kbd-2.2.0-2.azl3.x86_64.rpm
 kbd-debuginfo-2.2.0-2.azl3.x86_64.rpm
-kernel-cross-headers-6.6.51.1-1.azl3.noarch.rpm
-kernel-headers-6.6.51.1-1.azl3.noarch.rpm
+kernel-cross-headers-6.6.51.1-2.azl3.noarch.rpm
+kernel-headers-6.6.51.1-2.azl3.noarch.rpm
 kmod-30-1.azl3.x86_64.rpm
 kmod-debuginfo-30-1.azl3.x86_64.rpm
 kmod-devel-30-1.azl3.x86_64.rpm

From 22c764e6036b252b46975b8b640f32f75cf055cc Mon Sep 17 00:00:00 2001
From: himaja-kesari <123194058+himaja-kesari@users.noreply.github.com>
Date: Tue, 24 Sep 2024 13:16:57 -0700
Subject: [PATCH 20/59] patch CVE-2024-6232  and CVE-2024-8088 for python3 3.0
 (#10521)

Co-authored-by: Himaja Kesari <himajakesari@microsoft.com>
---
 SPECS/python3/CVE-2024-6232.patch             | 224 ++++++++++++++++++
 SPECS/python3/CVE-2024-8088.patch             | 129 ++++++++++
 SPECS/python3/python3.spec                    |   7 +-
 .../manifests/package/pkggen_core_aarch64.txt |   6 +-
 .../manifests/package/pkggen_core_x86_64.txt  |   6 +-
 .../manifests/package/toolchain_aarch64.txt   |  14 +-
 .../manifests/package/toolchain_x86_64.txt    |  14 +-
 7 files changed, 379 insertions(+), 21 deletions(-)
 create mode 100644 SPECS/python3/CVE-2024-6232.patch
 create mode 100644 SPECS/python3/CVE-2024-8088.patch

diff --git a/SPECS/python3/CVE-2024-6232.patch b/SPECS/python3/CVE-2024-6232.patch
new file mode 100644
index 00000000000..578d11a616f
--- /dev/null
+++ b/SPECS/python3/CVE-2024-6232.patch
@@ -0,0 +1,224 @@
+diff --git a/Lib/tarfile.py b/Lib/tarfile.py
+index 3bbbcaa6211..f7202859de7 100755
+--- a/Lib/tarfile.py
++++ b/Lib/tarfile.py
+@@ -843,6 +843,9 @@ def data_filter(member, dest_path):
+ # Sentinel for replace() defaults, meaning "don't change the attribute"
+ _KEEP = object()
+ 
++# Header length is digits followed by a space.
++_header_length_prefix_re = re.compile(br"([0-9]{1,20}) ")
++
+ class TarInfo(object):
+     """Informational class which holds the details about an
+        archive member given by a tar header block.
+@@ -1412,37 +1415,59 @@ def _proc_pax(self, tarfile):
+         else:
+             pax_headers = tarfile.pax_headers.copy()
+ 
+-        # Check if the pax header contains a hdrcharset field. This tells us
+-        # the encoding of the path, linkpath, uname and gname fields. Normally,
+-        # these fields are UTF-8 encoded but since POSIX.1-2008 tar
+-        # implementations are allowed to store them as raw binary strings if
+-        # the translation to UTF-8 fails.
+-        match = re.search(br"\d+ hdrcharset=([^\n]+)\n", buf)
+-        if match is not None:
+-            pax_headers["hdrcharset"] = match.group(1).decode("utf-8")
+-
+-        # For the time being, we don't care about anything other than "BINARY".
+-        # The only other value that is currently allowed by the standard is
+-        # "ISO-IR 10646 2000 UTF-8" in other words UTF-8.
+-        hdrcharset = pax_headers.get("hdrcharset")
+-        if hdrcharset == "BINARY":
+-            encoding = tarfile.encoding
+-        else:
+-            encoding = "utf-8"
+-
+         # Parse pax header information. A record looks like that:
+         # "%d %s=%s\n" % (length, keyword, value). length is the size
+         # of the complete record including the length field itself and
+-        # the newline. keyword and value are both UTF-8 encoded strings.
+-        regex = re.compile(br"(\d+) ([^=]+)=")
++        # the newline.
+         pos = 0
+-        while match := regex.match(buf, pos):
+-            length, keyword = match.groups()
+-            length = int(length)
+-            if length == 0:
++        encoding = None
++        raw_headers = []
++        while len(buf) > pos and buf[pos] != 0x00:
++            if not (match := _header_length_prefix_re.match(buf, pos)):
++                raise InvalidHeaderError("invalid header")
++            try:
++                length = int(match.group(1))
++            except ValueError:
++                raise InvalidHeaderError("invalid header")
++            # Headers must be at least 5 bytes, shortest being '5 x=\n'.
++            # Value is allowed to be empty.
++            if length < 5:
++                raise InvalidHeaderError("invalid header")
++            if pos + length > len(buf):
++                raise InvalidHeaderError("invalid header")
++
++            header_value_end_offset = match.start(1) + length - 1  # Last byte of the header
++            keyword_and_value = buf[match.end(1) + 1:header_value_end_offset]
++            raw_keyword, equals, raw_value = keyword_and_value.partition(b"=")
++
++            # Check the framing of the header. The last character must be '\n' (0x0A)
++            if not raw_keyword or equals != b"=" or buf[header_value_end_offset] != 0x0A:
+                 raise InvalidHeaderError("invalid header")
+-            value = buf[match.end(2) + 1:match.start(1) + length - 1]
++            raw_headers.append((length, raw_keyword, raw_value))
++
++            # Check if the pax header contains a hdrcharset field. This tells us
++            # the encoding of the path, linkpath, uname and gname fields. Normally,
++            # these fields are UTF-8 encoded but since POSIX.1-2008 tar
++            # implementations are allowed to store them as raw binary strings if
++            # the translation to UTF-8 fails. For the time being, we don't care about
++            # anything other than "BINARY". The only other value that is currently
++            # allowed by the standard is "ISO-IR 10646 2000 UTF-8" in other words UTF-8.
++            # Note that we only follow the initial 'hdrcharset' setting to preserve
++            # the initial behavior of the 'tarfile' module.
++            if raw_keyword == b"hdrcharset" and encoding is None:
++                if raw_value == b"BINARY":
++                    encoding = tarfile.encoding
++                else:  # This branch ensures only the first 'hdrcharset' header is used.
++                    encoding = "utf-8"
+ 
++            pos += length
++
++        # If no explicit hdrcharset is set, we use UTF-8 as a default.
++        if encoding is None:
++            encoding = "utf-8"
++
++        # After parsing the raw headers we can decode them to text.
++        for length, raw_keyword, raw_value in raw_headers:
+             # Normally, we could just use "utf-8" as the encoding and "strict"
+             # as the error handler, but we better not take the risk. For
+             # example, GNU tar <= 1.23 is known to store filenames it cannot
+@@ -1450,17 +1475,16 @@ def _proc_pax(self, tarfile):
+             # hdrcharset=BINARY header).
+             # We first try the strict standard encoding, and if that fails we
+             # fall back on the user's encoding and error handler.
+-            keyword = self._decode_pax_field(keyword, "utf-8", "utf-8",
++            keyword = self._decode_pax_field(raw_keyword, "utf-8", "utf-8",
+                     tarfile.errors)
+             if keyword in PAX_NAME_FIELDS:
+-                value = self._decode_pax_field(value, encoding, tarfile.encoding,
++                value = self._decode_pax_field(raw_value, encoding, tarfile.encoding,
+                         tarfile.errors)
+             else:
+-                value = self._decode_pax_field(value, "utf-8", "utf-8",
++                value = self._decode_pax_field(raw_value, "utf-8", "utf-8",
+                         tarfile.errors)
+ 
+             pax_headers[keyword] = value
+-            pos += length
+ 
+         # Fetch the next header.
+         try:
+@@ -1475,7 +1499,7 @@ def _proc_pax(self, tarfile):
+ 
+         elif "GNU.sparse.size" in pax_headers:
+             # GNU extended sparse format version 0.0.
+-            self._proc_gnusparse_00(next, pax_headers, buf)
++            self._proc_gnusparse_00(next, raw_headers)
+ 
+         elif pax_headers.get("GNU.sparse.major") == "1" and pax_headers.get("GNU.sparse.minor") == "0":
+             # GNU extended sparse format version 1.0.
+@@ -1497,15 +1521,24 @@ def _proc_pax(self, tarfile):
+ 
+         return next
+ 
+-    def _proc_gnusparse_00(self, next, pax_headers, buf):
++    def _proc_gnusparse_00(self, next, raw_headers):
+         """Process a GNU tar extended sparse header, version 0.0.
+         """
+         offsets = []
+-        for match in re.finditer(br"\d+ GNU.sparse.offset=(\d+)\n", buf):
+-            offsets.append(int(match.group(1)))
+         numbytes = []
+-        for match in re.finditer(br"\d+ GNU.sparse.numbytes=(\d+)\n", buf):
+-            numbytes.append(int(match.group(1)))
++        for _, keyword, value in raw_headers:
++            if keyword == b"GNU.sparse.offset":
++                try:
++                    offsets.append(int(value.decode()))
++                except ValueError:
++                    raise InvalidHeaderError("invalid header")
++
++            elif keyword == b"GNU.sparse.numbytes":
++                try:
++                    numbytes.append(int(value.decode()))
++                except ValueError:
++                    raise InvalidHeaderError("invalid header")
++
+         next.sparse = list(zip(offsets, numbytes))
+ 
+     def _proc_gnusparse_01(self, next, pax_headers):
+@@ -2222,7 +2255,7 @@ def _get_filter_function(self, filter):
+                     'Python 3.14 will, by default, filter extracted tar '
+                     + 'archives and reject files or modify their metadata. '
+                     + 'Use the filter argument to control this behavior.',
+-                    DeprecationWarning)
++                    DeprecationWarning, stacklevel=3)
+                 return fully_trusted_filter
+             if isinstance(filter, str):
+                 raise TypeError(
+@@ -2897,4 +2930,4 @@ def main():
+             print('{!r} file created.'.format(tar_name))
+ 
+ if __name__ == '__main__':
+-    main()
++    main()
+\ No newline at end of file
+diff --git a/Lib/test/test_tarfile.py b/Lib/test/test_tarfile.py
+index 9aa17267490..1f9a3033d96 100644
+--- a/Lib/test/test_tarfile.py
++++ b/Lib/test/test_tarfile.py
+@@ -1210,6 +1210,44 @@ def test_pax_number_fields(self):
+         finally:
+             tar.close()
+ 
++    def test_pax_header_bad_formats(self):
++        # The fields from the pax header have priority over the
++        # TarInfo.
++        pax_header_replacements = (
++            b" foo=bar\n",
++            b"0 \n",
++            b"1 \n",
++            b"2 \n",
++            b"3 =\n",
++            b"4 =a\n",
++            b"1000000 foo=bar\n",
++            b"0 foo=bar\n",
++            b"-12 foo=bar\n",
++            b"000000000000000000000000036 foo=bar\n",
++        )
++        pax_headers = {"foo": "bar"}
++        for replacement in pax_header_replacements:
++            with self.subTest(header=replacement):
++                tar = tarfile.open(tmpname, "w", format=tarfile.PAX_FORMAT,
++                                   encoding="iso8859-1")
++                try:
++                    t = tarfile.TarInfo()
++                    t.name = "pax"  # non-ASCII
++                    t.uid = 1
++                    t.pax_headers = pax_headers
++                    tar.addfile(t)
++                finally:
++                    tar.close()
++                with open(tmpname, "rb") as f:
++                    data = f.read()
++                    self.assertIn(b"11 foo=bar\n", data)
++                    data = data.replace(b"11 foo=bar\n", replacement)
++                with open(tmpname, "wb") as f:
++                    f.truncate()
++                    f.write(data)
++                with self.assertRaisesRegex(tarfile.ReadError, r"method tar: ReadError\('invalid header'\)"):
++                    tarfile.open(tmpname, encoding="iso8859-1")
++        
+ 
+ class WriteTestBase(TarTest):
+     # Put all write tests in here that are supposed to be tested
diff --git a/SPECS/python3/CVE-2024-8088.patch b/SPECS/python3/CVE-2024-8088.patch
new file mode 100644
index 00000000000..89c75cc74c8
--- /dev/null
+++ b/SPECS/python3/CVE-2024-8088.patch
@@ -0,0 +1,129 @@
+diff --git a/Lib/test/test_zipfile/_path/test_path.py b/Lib/test/test_zipfile/_path/test_path.py
+index c66cb3cba69..49ac356fea8 100644
+--- a/Lib/test/test_zipfile/_path/test_path.py
++++ b/Lib/test/test_zipfile/_path/test_path.py
+@@ -4,6 +4,7 @@
+ import pathlib
+ import pickle
+ import sys
++import time
+ import unittest
+ import zipfile
+ 
+@@ -577,3 +578,74 @@ def test_getinfo_missing(self, alpharep):
+         zipfile.Path(alpharep)
+         with self.assertRaises(KeyError):
+             alpharep.getinfo('does-not-exist')
++
++    def test_malformed_paths(self):
++        """
++        Path should handle malformed paths gracefully.
++
++        Paths with leading slashes are not visible.
++
++        Paths with dots are treated like regular files.
++        """
++        data = io.BytesIO()
++        zf = zipfile.ZipFile(data, "w")
++        zf.writestr("/one-slash.txt", b"content")
++        zf.writestr("//two-slash.txt", b"content")
++        zf.writestr("../parent.txt", b"content")
++        zf.filename = ''
++        root = zipfile.Path(zf)
++        assert list(map(str, root.iterdir())) == ['../']
++        assert root.joinpath('..').joinpath('parent.txt').read_bytes() == b'content'
++
++    def test_unsupported_names(self):
++        """
++        Path segments with special characters are readable.
++        On some platforms or file systems, characters like
++        ``:`` and ``?`` are not allowed, but they are valid
++        in the zip file.
++        """
++        data = io.BytesIO()
++        zf = zipfile.ZipFile(data, "w")
++        zf.writestr("path?", b"content")
++        zf.writestr("V: NMS.flac", b"fLaC...")
++        zf.filename = ''
++        root = zipfile.Path(zf)
++        contents = root.iterdir()
++        assert next(contents).name == 'path?'
++        assert next(contents).name == 'V: NMS.flac'
++        assert root.joinpath('V: NMS.flac').read_bytes() == b"fLaC..."
++    def test_backslash_not_separator(self):
++        """
++        In a zip file, backslashes are not separators.
++        """
++        data = io.BytesIO()
++        zf = zipfile.ZipFile(data, "w")
++        zf.writestr(DirtyZipInfo.for_name("foo\\bar", zf), b"content")
++        zf.filename = ''
++        root = zipfile.Path(zf)
++        (first,) = root.iterdir()
++        assert not first.is_dir()
++        assert first.name == 'foo\\bar'   
++
++class DirtyZipInfo(zipfile.ZipInfo):
++    """
++    Bypass name sanitization.
++    """
++    def __init__(self, filename, *args, **kwargs):
++        super().__init__(filename, *args, **kwargs)
++        self.filename = filename
++    @classmethod
++    def for_name(cls, name, archive):
++        """
++        Construct the same way that ZipFile.writestr does.
++        TODO: extract this functionality and re-use
++        """
++        self = cls(filename=name, date_time=time.localtime(time.time())[:6])
++        self.compress_type = archive.compression
++        self.compress_level = archive.compresslevel
++        if self.filename.endswith('/'):  # pragma: no cover
++            self.external_attr = 0o40775 << 16  # drwxrwxr-x
++            self.external_attr |= 0x10  # MS-DOS directory flag
++        else:
++            self.external_attr = 0o600 << 16  # ?rw-------
++        return self
+\ No newline at end of file
+diff --git a/Lib/zipfile/_path/__init__.py b/Lib/zipfile/_path/__init__.py
+index 78c413563bb..08f6ebb28e0 100644
+--- a/Lib/zipfile/_path/__init__.py
++++ b/Lib/zipfile/_path/__init__.py
+@@ -1,3 +1,11 @@
++"""
++A Path-like interface for zipfiles.
++This codebase is shared between zipfile.Path in the stdlib
++and zipp in PyPI. See
++https://github.com/python/importlib_metadata/wiki/Development-Methodology
++for more detail.
++"""
++
+ import io
+ import posixpath
+ import zipfile
+@@ -34,7 +42,7 @@ def _parents(path):
+ def _ancestry(path):
+     """
+     Given a path with elements separated by
+-    posixpath.sep, generate all elements of that path
++    posixpath.sep, generate all elements of that path.
+ 
+     >>> list(_ancestry('b/d'))
+     ['b/d', 'b']
+@@ -46,9 +54,14 @@ def _ancestry(path):
+     ['b']
+     >>> list(_ancestry(''))
+     []
++
++    Multiple separators are treated like a single.
++
++    >>> list(_ancestry('//b//d///f//'))
++    ['//b//d///f', '//b//d', '//b']
+     """
+     path = path.rstrip(posixpath.sep)
+-    while path and path != posixpath.sep:
++    while path.rstrip(posixpath.sep):
+         yield path
+         path, tail = posixpath.split(path)
+ 
diff --git a/SPECS/python3/python3.spec b/SPECS/python3/python3.spec
index baf06b50c52..50058cdc7d0 100644
--- a/SPECS/python3/python3.spec
+++ b/SPECS/python3/python3.spec
@@ -6,7 +6,7 @@
 Summary:        A high-level scripting language
 Name:           python3
 Version:        3.12.3
-Release:        3%{?dist}
+Release:        4%{?dist}
 License:        PSF
 Vendor:         Microsoft Corporation
 Distribution:   Azure Linux
@@ -19,6 +19,8 @@ Source1:        https://github.com/python/cpython/blob/3.9/Tools/scripts/pathfix
 Patch0:         cgi3.patch
 Patch1:         CVE-2024-7592.patch
 Patch2:         CVE-2024-6923.patch
+Patch3:         CVE-2024-6232.patch
+Patch4:         CVE-2024-8088.patch
 
 BuildRequires:  bzip2-devel
 BuildRequires:  expat-devel >= 2.1.0
@@ -240,6 +242,9 @@ rm -rf %{buildroot}%{_bindir}/__pycache__
 %{_libdir}/python%{majmin}/test/*
 
 %changelog
+* Fri Sep 20 2024 Himaja Kesari <himajakesari@microsoft.com> - 3.12.3-4
+- Patch CVE-2024-6232 and CVE-2024-8088
+
 * Wed Aug 28 2024 Rohit Rawat <rohitrawat@microsoft.com> - 3.12.3-3
 - Patch CVE-2024-6923
 
diff --git a/toolkit/resources/manifests/package/pkggen_core_aarch64.txt b/toolkit/resources/manifests/package/pkggen_core_aarch64.txt
index 2ca73cf875c..a222d121e1f 100644
--- a/toolkit/resources/manifests/package/pkggen_core_aarch64.txt
+++ b/toolkit/resources/manifests/package/pkggen_core_aarch64.txt
@@ -240,9 +240,9 @@ ca-certificates-base-3.0.0-7.azl3.noarch.rpm
 ca-certificates-3.0.0-7.azl3.noarch.rpm
 dwz-0.14-2.azl3.aarch64.rpm
 unzip-6.0-20.azl3.aarch64.rpm
-python3-3.12.3-3.azl3.aarch64.rpm
-python3-devel-3.12.3-3.azl3.aarch64.rpm
-python3-libs-3.12.3-3.azl3.aarch64.rpm
+python3-3.12.3-4.azl3.aarch64.rpm
+python3-devel-3.12.3-4.azl3.aarch64.rpm
+python3-libs-3.12.3-4.azl3.aarch64.rpm
 python3-setuptools-69.0.3-4.azl3.noarch.rpm
 python3-pygments-2.7.4-2.azl3.noarch.rpm
 which-2.21-8.azl3.aarch64.rpm
diff --git a/toolkit/resources/manifests/package/pkggen_core_x86_64.txt b/toolkit/resources/manifests/package/pkggen_core_x86_64.txt
index 937d74602cd..c532f15dee2 100644
--- a/toolkit/resources/manifests/package/pkggen_core_x86_64.txt
+++ b/toolkit/resources/manifests/package/pkggen_core_x86_64.txt
@@ -240,9 +240,9 @@ ca-certificates-base-3.0.0-7.azl3.noarch.rpm
 ca-certificates-3.0.0-7.azl3.noarch.rpm
 dwz-0.14-2.azl3.x86_64.rpm
 unzip-6.0-20.azl3.x86_64.rpm
-python3-3.12.3-3.azl3.x86_64.rpm
-python3-devel-3.12.3-3.azl3.x86_64.rpm
-python3-libs-3.12.3-3.azl3.x86_64.rpm
+python3-3.12.3-4.azl3.x86_64.rpm
+python3-devel-3.12.3-4.azl3.x86_64.rpm
+python3-libs-3.12.3-4.azl3.x86_64.rpm
 python3-setuptools-69.0.3-4.azl3.noarch.rpm
 python3-pygments-2.7.4-2.azl3.noarch.rpm
 which-2.21-8.azl3.x86_64.rpm
diff --git a/toolkit/resources/manifests/package/toolchain_aarch64.txt b/toolkit/resources/manifests/package/toolchain_aarch64.txt
index 4c51a93003f..060ca51af8e 100644
--- a/toolkit/resources/manifests/package/toolchain_aarch64.txt
+++ b/toolkit/resources/manifests/package/toolchain_aarch64.txt
@@ -529,18 +529,18 @@ pyproject-rpm-macros-1.12.0-2.azl3.noarch.rpm
 pyproject-srpm-macros-1.12.0-2.azl3.noarch.rpm
 python-markupsafe-debuginfo-2.1.3-1.azl3.aarch64.rpm
 python-wheel-wheel-0.43.0-1.azl3.noarch.rpm
-python3-3.12.3-3.azl3.aarch64.rpm
+python3-3.12.3-4.azl3.aarch64.rpm
 python3-audit-3.1.2-1.azl3.aarch64.rpm
 python3-cracklib-2.9.11-1.azl3.aarch64.rpm
-python3-curses-3.12.3-3.azl3.aarch64.rpm
+python3-curses-3.12.3-4.azl3.aarch64.rpm
 python3-Cython-3.0.5-2.azl3.aarch64.rpm
-python3-debuginfo-3.12.3-3.azl3.aarch64.rpm
-python3-devel-3.12.3-3.azl3.aarch64.rpm
+python3-debuginfo-3.12.3-4.azl3.aarch64.rpm
+python3-devel-3.12.3-4.azl3.aarch64.rpm
 python3-flit-core-3.9.0-1.azl3.noarch.rpm
 python3-gpg-1.23.2-2.azl3.aarch64.rpm
 python3-jinja2-3.1.2-1.azl3.noarch.rpm
 python3-libcap-ng-0.8.4-1.azl3.aarch64.rpm
-python3-libs-3.12.3-3.azl3.aarch64.rpm
+python3-libs-3.12.3-4.azl3.aarch64.rpm
 python3-libxml2-2.11.5-1.azl3.aarch64.rpm
 python3-lxml-4.9.3-1.azl3.aarch64.rpm
 python3-magic-5.45-1.azl3.noarch.rpm
@@ -552,8 +552,8 @@ python3-pygments-2.7.4-2.azl3.noarch.rpm
 python3-rpm-4.18.2-1.azl3.aarch64.rpm
 python3-rpm-generators-14-11.azl3.noarch.rpm
 python3-setuptools-69.0.3-4.azl3.noarch.rpm
-python3-test-3.12.3-3.azl3.aarch64.rpm
-python3-tools-3.12.3-3.azl3.aarch64.rpm
+python3-test-3.12.3-4.azl3.aarch64.rpm
+python3-tools-3.12.3-4.azl3.aarch64.rpm
 python3-wheel-0.43.0-1.azl3.noarch.rpm
 readline-8.2-1.azl3.aarch64.rpm
 readline-debuginfo-8.2-1.azl3.aarch64.rpm
diff --git a/toolkit/resources/manifests/package/toolchain_x86_64.txt b/toolkit/resources/manifests/package/toolchain_x86_64.txt
index 41428d096ce..c36004ccb56 100644
--- a/toolkit/resources/manifests/package/toolchain_x86_64.txt
+++ b/toolkit/resources/manifests/package/toolchain_x86_64.txt
@@ -535,18 +535,18 @@ pyproject-rpm-macros-1.12.0-2.azl3.noarch.rpm
 pyproject-srpm-macros-1.12.0-2.azl3.noarch.rpm
 python-markupsafe-debuginfo-2.1.3-1.azl3.x86_64.rpm
 python-wheel-wheel-0.43.0-1.azl3.noarch.rpm
-python3-3.12.3-3.azl3.x86_64.rpm
+python3-3.12.3-4.azl3.x86_64.rpm
 python3-audit-3.1.2-1.azl3.x86_64.rpm
 python3-cracklib-2.9.11-1.azl3.x86_64.rpm
-python3-curses-3.12.3-3.azl3.x86_64.rpm
+python3-curses-3.12.3-4.azl3.x86_64.rpm
 python3-Cython-3.0.5-2.azl3.x86_64.rpm
-python3-debuginfo-3.12.3-3.azl3.x86_64.rpm
-python3-devel-3.12.3-3.azl3.x86_64.rpm
+python3-debuginfo-3.12.3-4.azl3.x86_64.rpm
+python3-devel-3.12.3-4.azl3.x86_64.rpm
 python3-flit-core-3.9.0-1.azl3.noarch.rpm
 python3-gpg-1.23.2-2.azl3.x86_64.rpm
 python3-jinja2-3.1.2-1.azl3.noarch.rpm
 python3-libcap-ng-0.8.4-1.azl3.x86_64.rpm
-python3-libs-3.12.3-3.azl3.x86_64.rpm
+python3-libs-3.12.3-4.azl3.x86_64.rpm
 python3-libxml2-2.11.5-1.azl3.x86_64.rpm
 python3-lxml-4.9.3-1.azl3.x86_64.rpm
 python3-magic-5.45-1.azl3.noarch.rpm
@@ -558,8 +558,8 @@ python3-pygments-2.7.4-2.azl3.noarch.rpm
 python3-rpm-4.18.2-1.azl3.x86_64.rpm
 python3-rpm-generators-14-11.azl3.noarch.rpm
 python3-setuptools-69.0.3-4.azl3.noarch.rpm
-python3-test-3.12.3-3.azl3.x86_64.rpm
-python3-tools-3.12.3-3.azl3.x86_64.rpm
+python3-test-3.12.3-4.azl3.x86_64.rpm
+python3-tools-3.12.3-4.azl3.x86_64.rpm
 python3-wheel-0.43.0-1.azl3.noarch.rpm
 readline-8.2-1.azl3.x86_64.rpm
 readline-debuginfo-8.2-1.azl3.x86_64.rpm

From 445c401515f1c0815088542ef0d34ff21dae8d0e Mon Sep 17 00:00:00 2001
From: Chris Gunn <chrisgun@microsoft.com>
Date: Tue, 24 Sep 2024 13:40:08 -0700
Subject: [PATCH 21/59] Image Customizer: Change additionalFiles to a list.
 (#10517)

Change `additionalFiles` from a map to a list. This will ensure that the copy operation has a fixed and consistent ordering, instead of being randomized by the map's hash algorithm.

In addition, add a feature that allows the content of additional files to be specified inline with in the YAML config.
---
 .../imagecustomizer/docs/configuration.md     | 116 ++++++++++--------
 .../imagecustomizerapi/additionalfile.go      |  61 +++++++++
 .../imagecustomizerapi/additionalfile_test.go |  65 ++++++++++
 .../imagecustomizerapi/additionalfilesmap.go  |  25 ----
 .../tools/imagecustomizerapi/config_test.go   |   4 +-
 .../tools/imagecustomizerapi/fileconfig.go    | 116 ------------------
 .../imagecustomizerapi/fileconfig_test.go     |  65 ----------
 toolkit/tools/imagecustomizerapi/iso.go       |  10 +-
 toolkit/tools/imagecustomizerapi/os.go        |   2 +-
 toolkit/tools/imagecustomizerapi/os_test.go   |  39 ++++--
 .../tools/internal/file/filecopybuilder.go    |   7 +-
 .../tools/internal/safechroot/safechroot.go   |  75 +++++++++--
 .../pkg/imagecustomizerlib/customizefiles.go  |  33 ++---
 .../imagecustomizerlib/customizefiles_test.go |  40 ++++--
 .../pkg/imagecustomizerlib/imagecustomizer.go |  27 ++--
 .../imagecustomizer_test.go                   |  52 +++-----
 .../imagecustomizerlib/liveosisobuilder.go    |  20 +--
 .../liveosisobuilder_test.go                  |  18 +--
 .../testdata/addfiles-config.yaml             |  23 +++-
 .../testdata/cloud-init-config.yaml           |  11 +-
 .../testdata/cloud-init-iso-config.yaml       |  11 +-
 .../testdata/infinite-file-config.yaml        |   3 +-
 .../testdata/iso-files-and-args-config.yaml   |   3 +-
 .../testdata/verity-config.yaml               |   7 +-
 24 files changed, 443 insertions(+), 390 deletions(-)
 create mode 100644 toolkit/tools/imagecustomizerapi/additionalfile.go
 create mode 100644 toolkit/tools/imagecustomizerapi/additionalfile_test.go
 delete mode 100644 toolkit/tools/imagecustomizerapi/additionalfilesmap.go
 delete mode 100644 toolkit/tools/imagecustomizerapi/fileconfig.go
 delete mode 100644 toolkit/tools/imagecustomizerapi/fileconfig_test.go

diff --git a/toolkit/tools/imagecustomizer/docs/configuration.md b/toolkit/tools/imagecustomizer/docs/configuration.md
index ce55bed5322..fbdc9209839 100644
--- a/toolkit/tools/imagecustomizer/docs/configuration.md
+++ b/toolkit/tools/imagecustomizer/docs/configuration.md
@@ -26,7 +26,7 @@ The Azure Linux Image Customizer is configured using a YAML (or JSON) file.
 
 4. Update hostname. ([hostname](#hostname-string))
 
-5. Copy additional files. ([additionalFiles](#additionalfiles-mapstring-fileconfig))
+5. Copy additional files. ([additionalFiles](#os-additionalfiles))
   
 6. Copy additional directories. ([additionalDirs](#additionaldirs-dirconfig))
 
@@ -136,16 +136,18 @@ os:
             - [path](#mountpoint-path)
   - [resetPartitionsUuidsType](#resetpartitionsuuidstype-string)
   - [iso](#iso-type)
-    - [additionalFiles](#additionalfiles-mapstring-fileconfig)
-      - [fileConfig type](#fileconfig-type)
-        - [path](#fileconfig-path)
+    - [additionalFiles](#iso-additionalfiles)
+      - [additionalFile type](#additionalfile-type)
+        - [source](#source-string)
+        - [content](#content-string)
+        - [destination](#destination-string)
         - [permissions](#permissions-string)
-    - [kernelCommandLine](#kernelcommandline-type)
+    - [kernelCommandLine](#iso-kernelcommandline)
       - [extraCommandLine](#extracommandline-string)
   - [os type](#os-type)
     - [resetBootLoaderType](#resetbootloadertype-string)
     - [hostname](#hostname-string)
-    - [kernelCommandLine](#kernelcommandline-type)
+    - [kernelCommandLine](#os-kernelcommandline)
       - [extraCommandLine](#extracommandline-string)
     - [packages](#packages-packages)
       - [packages type](#packages-type)
@@ -160,9 +162,11 @@ os:
         - [remove](#remove-string)
         - [updateLists](#updatelists-string)
         - [update](#update-string)
-    - [additionalFiles](#additionalfiles-mapstring-fileconfig)
-      - [fileConfig type](#fileconfig-type)
-        - [path](#fileconfig-path)
+    - [additionalFiles](#os-additionalfiles)
+      - [additionalFile type](#additionalfile-type)
+        - [source](#source-string)
+        - [content](#content-string)
+        - [destination](#destination-string)
         - [permissions](#permissions-string)
     - [additionalDirs](#additionaldirs-dirconfig)
       - [dirConfig](#dirconfig-type)
@@ -334,13 +338,17 @@ The partitions to provision on the disk.
 
 Specifies the configuration for the generated ISO media.
 
-### kernelExtraCommandLine [string]
+<div id="iso-kernelcommandline"></div>
+
+### kernelCommandLine [[kernelCommandLine](#kernelcommandline-type)]
+
+Specifies extra kernel command line options.
 
-- See [extraCommandLine](#extracommandline-string).
+<div id="iso-additionalfiles"></div>
 
-### additionalFiles
+### additionalFiles [[additionalFile](#additionalfile-type)[]>]
 
-- See [additionalFiles](#additionalfiles-mapstring-fileconfig).
+Adds files to the ISO.
 
 ## overlay type
 
@@ -542,17 +550,15 @@ os:
     corruptionOption: panic
 ```
 
-## fileConfig type
+## additionalFile type
 
 Specifies options for placing a file in the OS.
 
-Type is used by: [additionalFiles](#additionalfiles-mapstring-fileconfig)
+Type is used by: [additionalFiles](#additionalfiles-additionalfile)
 
-<div id="fileconfig-path"></div>
+### source [string]
 
-### path [string]
-
-The absolute path of the destination file.
+The path of the source file to copy to the destination path.
 
 Example:
 
@@ -563,6 +569,33 @@ os:
     - path: /a.txt
 ```
 
+### content [string]
+
+The contents of the file to write to the destination path.
+
+Example:
+
+```yaml
+os:
+  additionalFiles:
+  - content: |
+      abc
+    destination: /a.txt
+```
+
+### destination [string]
+
+The absolute path of the destination file.
+
+Example:
+
+```yaml
+os:
+  additionalFiles:
+  - source: files/a.txt
+    destination: /a.txt
+```
+
 ### permissions [string]
 
 The permissions to set on the destination file.
@@ -576,9 +609,9 @@ Example:
 ```yaml
 os:
   additionalFiles:
-    files/a.txt:
-    - path: /a.txt
-      permissions: "664"
+  - source: files/a.txt
+    destination: /a.txt
+    permissions: "664"
 ```
 
 ## dirConfig type
@@ -1251,45 +1284,32 @@ os:
   hostname: example-image
 ```
 
+<div id="os-kernelcommandline"></div>
+
 ### kernelCommandLine [[kernelCommandLine](#kernelcommandline-type)]
 
-Specifies extra kernel command line options, as well as other configuration values
-relating to the kernel.
+Specifies extra kernel command line options.
 
 ### packages [packages](#packages-type)
 
 Remove, update, and install packages on the system.
 
-### additionalFiles [map\<string, [fileConfig](#fileconfig-type)[]>]
-
-Copy files into the OS image.
-
-This property is a dictionary of source file paths to destination files.
+<div id="os-additionalfiles"></div>
 
-The destination files value can be one of:
+### additionalFiles [[additionalFile](#additionalfile-type)[]>]
 
-- The absolute path of a destination file.
-- A [fileConfig](#fileconfig-type) object.
-- A list containing a mixture of paths and [fileConfig](#fileconfig-type) objects.
-
-Example:
+Copy files into the OS image.
 
 ```yaml
 os:
   additionalFiles:
-    # Single destination.
-    files/a.txt: /a.txt
-
-    # Single destinations with options.
-    files/b.txt:
-      path: /b.txt
-      permissions: "664"
-
-    # Multiple destinations.
-    files/c.txt:
-    - /c1.txt
-    - path: /c2.txt
-      permissions: "664"
+  - source: files/a.txt
+    destination: /a.txt
+
+  - content: |
+      abc
+    destination: /b.txt
+    permissions: "664"
 ```
 
 ### additionalDirs [[dirConfig](#dirconfig-type)[]]
diff --git a/toolkit/tools/imagecustomizerapi/additionalfile.go b/toolkit/tools/imagecustomizerapi/additionalfile.go
new file mode 100644
index 00000000000..72c6145de58
--- /dev/null
+++ b/toolkit/tools/imagecustomizerapi/additionalfile.go
@@ -0,0 +1,61 @@
+// Copyright (c) Microsoft Corporation.
+// Licensed under the MIT License.
+
+package imagecustomizerapi
+
+import (
+	"fmt"
+)
+
+type AdditionalFileList []AdditionalFile
+
+type AdditionalFile struct {
+	// The destination file path in the target OS that the file will be copied to.
+	Destination string `yaml:"destination"`
+
+	// The source file path of the file that will copied.
+	// Mutally exclusive with 'contents'.
+	Source string `yaml:"source"`
+
+	// A string that will be used as the contents of the file.
+	// Mutally exclusive with 'source'.
+	Content *string `yaml:"content"`
+
+	// The file permissions to set on the file.
+	Permissions *FilePermissions `yaml:"permissions"`
+}
+
+func (l AdditionalFileList) IsValid() (err error) {
+	for i, additionalFile := range l {
+		err = additionalFile.IsValid()
+		if err != nil {
+			return fmt.Errorf("invalid value at index %d:\n%w", i, err)
+		}
+	}
+
+	return nil
+}
+
+func (f *AdditionalFile) IsValid() (err error) {
+	if f.Destination == "" {
+		return fmt.Errorf("destination path must not be empty")
+	}
+
+	if f.Source == "" && f.Content == nil {
+		return fmt.Errorf("must specify either 'source' or 'content'")
+	}
+
+	if f.Source != "" && f.Content != nil {
+		return fmt.Errorf("cannot specify both 'source' and 'content'")
+	}
+
+	// Permissions
+	if f.Permissions != nil {
+		err = f.Permissions.IsValid()
+		if err != nil {
+			return fmt.Errorf("invalid permissions value:\n%w", err)
+		}
+	}
+
+	return nil
+}
diff --git a/toolkit/tools/imagecustomizerapi/additionalfile_test.go b/toolkit/tools/imagecustomizerapi/additionalfile_test.go
new file mode 100644
index 00000000000..8b23b8a903a
--- /dev/null
+++ b/toolkit/tools/imagecustomizerapi/additionalfile_test.go
@@ -0,0 +1,65 @@
+// Copyright (c) Microsoft Corporation.
+// Licensed under the MIT License.
+
+package imagecustomizerapi
+
+import (
+	"testing"
+
+	"github.com/microsoft/azurelinux/toolkit/tools/internal/ptrutils"
+	"github.com/stretchr/testify/assert"
+)
+
+func TestAdditionalFilesIsValidNoDestination(t *testing.T) {
+	additionalFiles := AdditionalFileList{
+		{
+			Destination: "",
+			Source:      "a.txt",
+		},
+	}
+	err := additionalFiles.IsValid()
+	assert.Error(t, err)
+	assert.ErrorContains(t, err, "invalid value at index 0")
+	assert.ErrorContains(t, err, "destination path must not be empty")
+}
+
+func TestAdditionalFilesIsValidNoSourceOrContent(t *testing.T) {
+	additionalFiles := AdditionalFileList{
+		{
+			Destination: "/a.txt",
+		},
+	}
+	err := additionalFiles.IsValid()
+	assert.Error(t, err)
+	assert.ErrorContains(t, err, "invalid value at index 0")
+	assert.ErrorContains(t, err, "must specify either 'source' or 'content'")
+}
+
+func TestAdditionalFilesIsValidBothSourceAndContent(t *testing.T) {
+	additionalFiles := AdditionalFileList{
+		{
+			Destination: "/a.txt",
+			Source:      "a.txt",
+			Content:     ptrutils.PtrTo("abc"),
+		},
+	}
+	err := additionalFiles.IsValid()
+	assert.Error(t, err)
+	assert.ErrorContains(t, err, "invalid value at index 0")
+	assert.ErrorContains(t, err, "cannot specify both 'source' and 'content'")
+}
+
+func TestAdditionalFilesIsValidBadPermissions(t *testing.T) {
+	additionalFiles := AdditionalFileList{
+		{
+			Destination: "/a.txt",
+			Source:      "a.txt",
+			Permissions: ptrutils.PtrTo(FilePermissions(0o7000)),
+		},
+	}
+	err := additionalFiles.IsValid()
+	assert.Error(t, err)
+	assert.ErrorContains(t, err, "invalid value at index 0")
+	assert.ErrorContains(t, err, "invalid permissions value")
+	assert.ErrorContains(t, err, "0o7000 contains non-permission bits")
+}
diff --git a/toolkit/tools/imagecustomizerapi/additionalfilesmap.go b/toolkit/tools/imagecustomizerapi/additionalfilesmap.go
deleted file mode 100644
index b0809d38a9c..00000000000
--- a/toolkit/tools/imagecustomizerapi/additionalfilesmap.go
+++ /dev/null
@@ -1,25 +0,0 @@
-// Copyright (c) Microsoft Corporation.
-// Licensed under the MIT License.
-
-package imagecustomizerapi
-
-import (
-	"errors"
-	"fmt"
-)
-
-type AdditionalFilesMap map[string]FileConfigList
-
-func (afmap AdditionalFilesMap) IsValid() error {
-	var aggregateErr error
-	for sourcePath, fileConfigList := range afmap {
-		if len(sourcePath) == 0 {
-			aggregateErr = errors.Join(aggregateErr, fmt.Errorf("invalid source path: cannot be empty"))
-		}
-		err := fileConfigList.IsValid()
-		if err != nil {
-			aggregateErr = errors.Join(aggregateErr, fmt.Errorf("invalid file configs for (%s):\n%w", sourcePath, err))
-		}
-	}
-	return aggregateErr
-}
diff --git a/toolkit/tools/imagecustomizerapi/config_test.go b/toolkit/tools/imagecustomizerapi/config_test.go
index 1f559a1cace..92c46a0ffa7 100644
--- a/toolkit/tools/imagecustomizerapi/config_test.go
+++ b/toolkit/tools/imagecustomizerapi/config_test.go
@@ -334,8 +334,8 @@ func TestConfigIsValidKernelCLI(t *testing.T) {
 func TestConfigIsValidInvalidIso(t *testing.T) {
 	config := &Config{
 		Iso: &Iso{
-			AdditionalFiles: AdditionalFilesMap{
-				"": FileConfigList{},
+			AdditionalFiles: AdditionalFileList{
+				{},
 			},
 		},
 	}
diff --git a/toolkit/tools/imagecustomizerapi/fileconfig.go b/toolkit/tools/imagecustomizerapi/fileconfig.go
deleted file mode 100644
index cb291daa0ea..00000000000
--- a/toolkit/tools/imagecustomizerapi/fileconfig.go
+++ /dev/null
@@ -1,116 +0,0 @@
-// Copyright (c) Microsoft Corporation.
-// Licensed under the MIT License.
-
-//
-
-package imagecustomizerapi
-
-import (
-	"fmt"
-
-	"github.com/microsoft/azurelinux/toolkit/tools/internal/sliceutils"
-	"gopkg.in/yaml.v3"
-)
-
-// DestinationFileConfigList is a list of destination files where the source file will be copied to in the final image.
-// This type exists to allow a custom marshaller to be attached to it.
-type FileConfigList []FileConfig
-
-// FileConfig specifies options for how a file is copied in the target OS.
-type FileConfig struct {
-	// The file path in the target OS that the file will be copied to.
-	Path string `yaml:"path"`
-
-	// The file permissions to set on the file.
-	Permissions *FilePermissions `yaml:"permissions"`
-}
-
-var (
-	fileConfigValidFields = []string{"path", "permissions"}
-)
-
-func (l *FileConfigList) IsValid() (err error) {
-	if len(*l) <= 0 {
-		return fmt.Errorf("list is empty")
-	}
-
-	for i, fileConfig := range *l {
-		err = fileConfig.IsValid()
-		if err != nil {
-			return fmt.Errorf("invalid fileConfig at index %d:\n%w", i, err)
-		}
-	}
-
-	return nil
-}
-
-func (l *FileConfigList) UnmarshalYAML(value *yaml.Node) error {
-	var err error
-
-	// Try to parse as a single value.
-	var fileConfig FileConfig
-	err = value.Decode(&fileConfig)
-	if err == nil {
-		*l = FileConfigList{fileConfig}
-		return nil
-	}
-
-	// Try to parse as a list.
-	type IntermediateTypeFileConfigList FileConfigList
-	err = value.Decode((*IntermediateTypeFileConfigList)(l))
-	if err != nil {
-		return fmt.Errorf("failed to parse fileConfigList:\n%w", err)
-	}
-
-	return nil
-}
-
-func (f *FileConfig) IsValid() (err error) {
-	// Path
-	if f.Path == "" {
-		return fmt.Errorf("invalid path value: empty string")
-	}
-
-	// Permissions
-	if f.Permissions != nil {
-		err = f.Permissions.IsValid()
-		if err != nil {
-			return fmt.Errorf("invalid permissions value:\n%w", err)
-		}
-	}
-
-	return nil
-}
-
-func (f *FileConfig) UnmarshalYAML(value *yaml.Node) error {
-	var err error
-
-	if value.Kind == yaml.ScalarNode {
-		// Parse as a string.
-		*f = FileConfig{
-			Path:        value.Value,
-			Permissions: nil,
-		}
-		return nil
-	}
-
-	// Parse as a struct.
-	*f = FileConfig{}
-
-	type IntermediateTypeFileConfig FileConfig
-	err = value.Decode((*IntermediateTypeFileConfig)(f))
-	if err != nil {
-		return fmt.Errorf("failed to parse fileConfig:\n%w", err)
-	}
-
-	// yaml.Node.Decode() doesn't respect the KnownFields() option.
-	// So, manually enforce this.
-	for i := 0; i < len(value.Content); i += 2 {
-		key := value.Content[i].Value
-		if !sliceutils.ContainsValue(fileConfigValidFields, key) {
-			return fmt.Errorf("line %d: field %s not found in type %s", value.Line, key, "FileConfig")
-		}
-	}
-
-	return nil
-}
diff --git a/toolkit/tools/imagecustomizerapi/fileconfig_test.go b/toolkit/tools/imagecustomizerapi/fileconfig_test.go
deleted file mode 100644
index a0978271971..00000000000
--- a/toolkit/tools/imagecustomizerapi/fileconfig_test.go
+++ /dev/null
@@ -1,65 +0,0 @@
-// Copyright (c) Microsoft Corporation.
-// Licensed under the MIT License.
-
-package imagecustomizerapi
-
-import (
-	"testing"
-
-	"github.com/microsoft/azurelinux/toolkit/tools/internal/ptrutils"
-)
-
-func TestParseFileConfigValidString(t *testing.T) {
-	testValidYamlValue(t, "\"/a.txt\"", &FileConfigList{{Path: "/a.txt"}})
-}
-
-func TestParseFileConfigValidStringInArray(t *testing.T) {
-	testValidYamlValue(t, "[ \"/a.txt\" ]", &FileConfigList{{Path: "/a.txt"}})
-}
-
-func TestParseFileConfigValidBasicStruct(t *testing.T) {
-	testValidYamlValue(t, "{ \"path\": \"/b.txt\" }", &FileConfigList{{Path: "/b.txt"}})
-}
-
-func TestParseFileConfigValidFullStruct(t *testing.T) {
-	testValidYamlValue(t, "{ \"path\": \"/b.txt\", \"permissions\": \"770\" }",
-		&FileConfigList{{Path: "/b.txt", Permissions: ptrutils.PtrTo(FilePermissions(0o770))}},
-	)
-}
-
-func TestParseFileConfigValidMixedArray(t *testing.T) {
-	testValidYamlValue(t, "[ { \"path\": \"/b.txt\" }, \"/c.txt\" ]",
-		&FileConfigList{
-			{Path: "/b.txt"},
-			{Path: "/c.txt"},
-		},
-	)
-}
-
-func TestParseFileConfigInvalidEmptyArray(t *testing.T) {
-	// Empty array.
-	testInvalidYamlValue[*FileConfigList](t, "[ ]")
-}
-
-func TestParseFileConfigInvalidArrayArray(t *testing.T) {
-	// Empty array.
-	testInvalidYamlValue[*FileConfigList](t, "[ [ ] ]")
-}
-
-func TestParseFileConfigInvalidEmptyString(t *testing.T) {
-	// Empty string.
-	testInvalidYamlValue[*FileConfigList](t, "\"\"")
-}
-
-func TestParseFileConfigInvalidFilePermissions(t *testing.T) {
-	// Empty string.
-	testInvalidYamlValue[*FileConfigList](t, "{ \"path\": \"/b.txt\", \"permissions\": \"7777\" }")
-}
-
-func TestParseFileConfigValidStructBadField(t *testing.T) {
-	testInvalidYamlValue[*FileConfigList](t, "{ \"pat\": \"/b.txt\" }")
-}
-
-func TestParseFileConfigValidArrayStructBadField(t *testing.T) {
-	testInvalidYamlValue[*FileConfigList](t, "[ { \"pat\": \"/b.txt\" } ]")
-}
diff --git a/toolkit/tools/imagecustomizerapi/iso.go b/toolkit/tools/imagecustomizerapi/iso.go
index ec70aa40d06..295f2af7869 100644
--- a/toolkit/tools/imagecustomizerapi/iso.go
+++ b/toolkit/tools/imagecustomizerapi/iso.go
@@ -10,7 +10,7 @@ import (
 // Iso defines how the generated iso media should be configured.
 type Iso struct {
 	KernelCommandLine KernelCommandLine  `yaml:"kernelCommandLine"`
-	AdditionalFiles   AdditionalFilesMap `yaml:"additionalFiles"`
+	AdditionalFiles   AdditionalFileList `yaml:"additionalFiles"`
 }
 
 func (i *Iso) IsValid() error {
@@ -19,11 +19,9 @@ func (i *Iso) IsValid() error {
 		return fmt.Errorf("invalid kernelCommandLine: %w", err)
 	}
 
-	if i.AdditionalFiles != nil {
-		err := i.AdditionalFiles.IsValid()
-		if err != nil {
-			return fmt.Errorf("invalid additionalFiles: %w", err)
-		}
+	err = i.AdditionalFiles.IsValid()
+	if err != nil {
+		return fmt.Errorf("invalid additionalFiles:\n%w", err)
 	}
 
 	return nil
diff --git a/toolkit/tools/imagecustomizerapi/os.go b/toolkit/tools/imagecustomizerapi/os.go
index e0f89ec5f31..ee1bfc9a5a0 100644
--- a/toolkit/tools/imagecustomizerapi/os.go
+++ b/toolkit/tools/imagecustomizerapi/os.go
@@ -17,7 +17,7 @@ type OS struct {
 	Packages            Packages            `yaml:"packages"`
 	SELinux             SELinux             `yaml:"selinux"`
 	KernelCommandLine   KernelCommandLine   `yaml:"kernelCommandLine"`
-	AdditionalFiles     AdditionalFilesMap  `yaml:"additionalFiles"`
+	AdditionalFiles     AdditionalFileList  `yaml:"additionalFiles"`
 	AdditionalDirs      DirConfigList       `yaml:"additionalDirs"`
 	Users               []User              `yaml:"users"`
 	Services            Services            `yaml:"services"`
diff --git a/toolkit/tools/imagecustomizerapi/os_test.go b/toolkit/tools/imagecustomizerapi/os_test.go
index a1089bb849f..f04ca66a37e 100644
--- a/toolkit/tools/imagecustomizerapi/os_test.go
+++ b/toolkit/tools/imagecustomizerapi/os_test.go
@@ -6,6 +6,7 @@ package imagecustomizerapi
 import (
 	"testing"
 
+	"github.com/microsoft/azurelinux/toolkit/tools/internal/ptrutils"
 	"github.com/stretchr/testify/assert"
 )
 
@@ -26,30 +27,30 @@ func TestOSInvalidHostname(t *testing.T) {
 	assert.ErrorContains(t, err, "invalid hostname")
 }
 
-func TestOSInvalidAdditionalFiles(t *testing.T) {
+func TestOSIsValidInvalidAdditionalFilesSource(t *testing.T) {
 	os := OS{
-		AdditionalFiles: AdditionalFilesMap{
-			"a.txt": FileConfigList{},
+		AdditionalFiles: []AdditionalFile{
+			{
+				Destination: "/a.txt",
+				Source:      "a.txt",
+			},
 		},
 	}
 	err := os.IsValid()
-	assert.Error(t, err)
-	assert.ErrorContains(t, err, "invalid additionalFiles:\ninvalid file configs for (a.txt):\nlist is empty")
+	assert.NoError(t, err)
 }
 
-func TestOSIsValidInvalidAdditionalFilesEmptySourcePath(t *testing.T) {
+func TestOSIsValidInvalidAdditionalFilesContent(t *testing.T) {
 	os := OS{
-		AdditionalFiles: AdditionalFilesMap{
-			"": FileConfigList{
-				{
-					Path: "/a.txt",
-				},
+		AdditionalFiles: []AdditionalFile{
+			{
+				Destination: "/a.txt",
+				Content:     ptrutils.PtrTo("abc"),
 			},
 		},
 	}
 	err := os.IsValid()
-	assert.Error(t, err)
-	assert.ErrorContains(t, err, "invalid additionalFiles:\ninvalid source path: cannot be empty")
+	assert.NoError(t, err)
 }
 
 func TestOSIsValidVerityInValidPartUuid(t *testing.T) {
@@ -93,6 +94,18 @@ func TestOSIsValidInvalidSELinux(t *testing.T) {
 	assert.ErrorContains(t, err, "invalid selinux value (bad)")
 }
 
+func TestOSIsValidInvalidAdditionalFiles(t *testing.T) {
+	os := OS{
+		AdditionalFiles: AdditionalFileList{
+			{},
+		},
+	}
+
+	err := os.IsValid()
+	assert.ErrorContains(t, err, "invalid additionalFiles")
+	assert.ErrorContains(t, err, "invalid value at index 0")
+}
+
 func TestOSIsValidInvalidAdditionalDirs(t *testing.T) {
 	os := OS{
 		AdditionalDirs: DirConfigList{
diff --git a/toolkit/tools/internal/file/filecopybuilder.go b/toolkit/tools/internal/file/filecopybuilder.go
index 04bd14666f5..0b7891f1c4e 100644
--- a/toolkit/tools/internal/file/filecopybuilder.go
+++ b/toolkit/tools/internal/file/filecopybuilder.go
@@ -75,7 +75,7 @@ func (b FileCopyBuilder) Run() (err error) {
 
 	err = createDestinationDir(b.Dst, b.DirFileMode)
 	if err != nil {
-		return
+		return fmt.Errorf("failed to create destination directory (%s):\n%w", b.Dst, err)
 	}
 
 	args := []string(nil)
@@ -96,7 +96,10 @@ func (b FileCopyBuilder) Run() (err error) {
 	if b.ChangeFileMode {
 		logger.Log.Debugf("Calling chmod on (%s) with the mode (%v)", b.Dst, b.FileMode)
 		err = os.Chmod(b.Dst, b.FileMode)
+		if err != nil {
+			return fmt.Errorf("failed to set file mode (%s):\n%w", b.Dst, err)
+		}
 	}
 
-	return
+	return nil
 }
diff --git a/toolkit/tools/internal/safechroot/safechroot.go b/toolkit/tools/internal/safechroot/safechroot.go
index 96f627fd902..72c409df33e 100644
--- a/toolkit/tools/internal/safechroot/safechroot.go
+++ b/toolkit/tools/internal/safechroot/safechroot.go
@@ -30,7 +30,13 @@ const BindMountPointFlags = unix.MS_BIND | unix.MS_MGC_VAL
 
 // FileToCopy represents a file to copy into a chroot using AddFiles. Dest is relative to the chroot directory.
 type FileToCopy struct {
-	Src         string
+	// The source file path.
+	// Mutually exclusive with 'Content'.
+	Src string
+	// The contents of the file to write.
+	// Mutually exclusive with 'Src'.
+	Content *string
+	// The destination path to write/copy the file to.
 	Dest        string
 	Permissions *os.FileMode
 	// Set to true to copy symlinks as symlinks.
@@ -318,7 +324,8 @@ func (c *Chroot) Initialize(tarPath string, extraDirectories []string, extraMoun
 
 // AddDirs copies each directory 'Src' to the relative path chrootRootDir/'Dest' in the chroot.
 func (c *Chroot) AddDirs(dirToCopy DirToCopy) (err error) {
-	return file.CopyDir(dirToCopy.Src, filepath.Join(c.rootDir, dirToCopy.Dest), dirToCopy.NewDirPermissions, dirToCopy.ChildFilePermissions, dirToCopy.MergedDirPermissions)
+	return file.CopyDir(dirToCopy.Src, filepath.Join(c.rootDir, dirToCopy.Dest), dirToCopy.NewDirPermissions,
+		dirToCopy.ChildFilePermissions, dirToCopy.MergedDirPermissions)
 }
 
 // AddFiles copies each file 'Src' to the relative path chrootRootDir/'Dest' in the chroot.
@@ -328,20 +335,66 @@ func (c *Chroot) AddFiles(filesToCopy ...FileToCopy) (err error) {
 
 func AddFilesToDestination(destDir string, filesToCopy ...FileToCopy) error {
 	for _, f := range filesToCopy {
-		dest := filepath.Join(destDir, f.Dest)
-		fileCopyOp := file.NewFileCopyBuilder(f.Src, dest)
-		if f.NoDereference {
-			fileCopyOp = fileCopyOp.SetNoDereference()
-		}
-		if f.Permissions != nil {
-			fileCopyOp = fileCopyOp.SetFileMode(*f.Permissions)
+		switch {
+		case f.Src != "" && f.Content != nil:
+			return fmt.Errorf("cannot specify both 'Src' and 'Content' for 'FileToCopy'")
+
+		case f.Src != "":
+			err := copyFile(destDir, f)
+			if err != nil {
+				return err
+			}
+
+		case f.Content != nil:
+			err := writeFile(destDir, f)
+			if err != nil {
+				return err
+			}
+
+		default:
+			return fmt.Errorf("must specify either 'Src' and 'Content' for 'FileToCopy'")
 		}
+	}
+
+	return nil
+}
+
+func copyFile(destDir string, f FileToCopy) error {
+	dest := filepath.Join(destDir, f.Dest)
+	fileCopyOp := file.NewFileCopyBuilder(f.Src, dest)
+	if f.NoDereference {
+		fileCopyOp = fileCopyOp.SetNoDereference()
+	}
+	if f.Permissions != nil {
+		fileCopyOp = fileCopyOp.SetFileMode(*f.Permissions)
+	}
+
+	err := fileCopyOp.Run()
+	if err != nil {
+		return fmt.Errorf("failed to copy (%s) to (%s):\n%w", f.Src, f.Dest, err)
+	}
+
+	return nil
+}
 
-		err := fileCopyOp.Run()
+func writeFile(destDir string, f FileToCopy) error {
+	dest := filepath.Join(destDir, f.Dest)
+	err := file.Write(*f.Content, dest)
+	if err != nil {
+		return fmt.Errorf("failed to write file (%s):\n%w", f.Dest, err)
+	}
+
+	if f.Permissions != nil {
+		err = os.Chmod(dest, *f.Permissions)
 		if err != nil {
-			return fmt.Errorf("failed to copy (%s):\n%w", f.Src, err)
+			return fmt.Errorf("failed to set file permissions (%s):\n%w", f.Dest, err)
 		}
 	}
+
+	return nil
+}
+
+func (c *Chroot) WriteFiles() error {
 	return nil
 }
 
diff --git a/toolkit/tools/pkg/imagecustomizerlib/customizefiles.go b/toolkit/tools/pkg/imagecustomizerlib/customizefiles.go
index 15ed8bd8459..a198ea70988 100644
--- a/toolkit/tools/pkg/imagecustomizerlib/customizefiles.go
+++ b/toolkit/tools/pkg/imagecustomizerlib/customizefiles.go
@@ -17,22 +17,27 @@ const (
 	defaultFilePermissions = 0o755
 )
 
-func copyAdditionalFiles(baseConfigPath string, additionalFiles imagecustomizerapi.AdditionalFilesMap, imageChroot *safechroot.Chroot) error {
-	for sourceFile, fileConfigs := range additionalFiles {
-		absSourceFile := file.GetAbsPathWithBase(baseConfigPath, sourceFile)
-		for _, fileConfig := range fileConfigs {
-			logger.Log.Infof("Copying: %s", fileConfig.Path)
+func copyAdditionalFiles(baseConfigPath string, additionalFiles imagecustomizerapi.AdditionalFileList,
+	imageChroot *safechroot.Chroot,
+) error {
+	for _, additionalFile := range additionalFiles {
+		logger.Log.Infof("Copying: %s", additionalFile.Destination)
 
-			fileToCopy := safechroot.FileToCopy{
-				Src:         absSourceFile,
-				Dest:        fileConfig.Path,
-				Permissions: (*fs.FileMode)(fileConfig.Permissions),
-			}
+		absSourceFile := ""
+		if additionalFile.Source != "" {
+			absSourceFile = file.GetAbsPathWithBase(baseConfigPath, additionalFile.Source)
+		}
+
+		fileToCopy := safechroot.FileToCopy{
+			Src:         absSourceFile,
+			Content:     additionalFile.Content,
+			Dest:        additionalFile.Destination,
+			Permissions: (*fs.FileMode)(additionalFile.Permissions),
+		}
 
-			err := imageChroot.AddFiles(fileToCopy)
-			if err != nil {
-				return err
-			}
+		err := imageChroot.AddFiles(fileToCopy)
+		if err != nil {
+			return err
 		}
 	}
 
diff --git a/toolkit/tools/pkg/imagecustomizerlib/customizefiles_test.go b/toolkit/tools/pkg/imagecustomizerlib/customizefiles_test.go
index 92fcac6502e..600d5f848cf 100644
--- a/toolkit/tools/pkg/imagecustomizerlib/customizefiles_test.go
+++ b/toolkit/tools/pkg/imagecustomizerlib/customizefiles_test.go
@@ -30,10 +30,15 @@ func TestCopyAdditionalFiles(t *testing.T) {
 	copy_2_filemode := os.FileMode(0o777)
 
 	// Copy a file.
-	err = copyAdditionalFiles(baseConfigPath, map[string]imagecustomizerapi.FileConfigList{
-		"files/a.txt": {
-			{Path: "/copy_1.txt"},
-			{Path: "/copy_2.txt", Permissions: ptrutils.PtrTo(imagecustomizerapi.FilePermissions(copy_2_filemode))},
+	err = copyAdditionalFiles(baseConfigPath, imagecustomizerapi.AdditionalFileList{
+		{
+			Source:      "files/a.txt",
+			Destination: "/copy_1.txt",
+		},
+		{
+			Source:      "files/a.txt",
+			Destination: "/copy_2.txt",
+			Permissions: ptrutils.PtrTo(imagecustomizerapi.FilePermissions(copy_2_filemode)),
 		},
 	}, chroot)
 	assert.NoError(t, err)
@@ -51,9 +56,10 @@ func TestCopyAdditionalFiles(t *testing.T) {
 	verifyFileContentsSame(t, a_orig_path, copy_2_path)
 
 	// Copy a different file to the same location.
-	err = copyAdditionalFiles(baseConfigPath, map[string]imagecustomizerapi.FileConfigList{
-		"files/b.txt": {
-			{Path: "/copy_1.txt"},
+	err = copyAdditionalFiles(baseConfigPath, imagecustomizerapi.AdditionalFileList{
+		{
+			Source:      "files/b.txt",
+			Destination: "/copy_1.txt",
 		},
 	}, chroot)
 	assert.NoError(t, err)
@@ -79,6 +85,9 @@ func TestCustomizeImageAdditionalFiles(t *testing.T) {
 		return
 	}
 
+	// Check output file type.
+	checkFileType(t, outImageFilePath, "raw")
+
 	// Connect to customized image.
 	imageConnection, err := connectToCoreEfiImage(buildDir, outImageFilePath)
 	if !assert.NoError(t, err) {
@@ -93,10 +102,18 @@ func TestCustomizeImageAdditionalFiles(t *testing.T) {
 	helloworld_path := filepath.Join(testDir, "files/helloworld.sh")
 	helloworld_copy_path := filepath.Join(imageConnection.Chroot().RootDir(), "/usr/local/bin/helloworld.sh")
 
+	animals_copy_path := filepath.Join(imageConnection.Chroot().RootDir(), "/animals.txt")
+	alphabet_copy_path := filepath.Join(imageConnection.Chroot().RootDir(), "/alphabet.txt")
+	empty_copy_path := filepath.Join(imageConnection.Chroot().RootDir(), "/empty.txt")
+
 	verifyFileContentsSame(t, a_path, a_copy_path)
 	verifyFileContentsSame(t, helloworld_path, helloworld_copy_path)
+	verifyFileContentsEqual(t, animals_copy_path, "cat\ndog\n")
+	verifyFileContentsEqual(t, alphabet_copy_path, "abcdefghijklmnopqrstuvwxyz")
+	verifyFileContentsEqual(t, empty_copy_path, "")
 
 	verifyFilePermissions(t, os.FileMode(0o755), helloworld_copy_path)
+	verifyFilePermissions(t, os.FileMode(0o644), alphabet_copy_path)
 }
 
 func TestCustomizeImageAdditionalFilesInfiniteFile(t *testing.T) {
@@ -261,6 +278,15 @@ func verifyFileContentsSame(t *testing.T, origPath string, newPath string) {
 	assert.Equalf(t, orignContents, newContents, "file contents differ (%s) from (%s)", newPath, origPath)
 }
 
+func verifyFileContentsEqual(t *testing.T, path string, expected string) {
+	contents, err := os.ReadFile(path)
+	if !assert.NoErrorf(t, err, "read new file (%s)", path) {
+		return
+	}
+
+	assert.Equalf(t, expected, string(contents), "unexpected file contents (%s)", path)
+}
+
 func verifyFilePermissions(t *testing.T, expectedPermissions os.FileMode, path string) {
 	stat, err := os.Stat(path)
 	if assert.NoError(t, err) {
diff --git a/toolkit/tools/pkg/imagecustomizerlib/imagecustomizer.go b/toolkit/tools/pkg/imagecustomizerlib/imagecustomizer.go
index 37f0db1168f..4fc0b1c5905 100644
--- a/toolkit/tools/pkg/imagecustomizerlib/imagecustomizer.go
+++ b/toolkit/tools/pkg/imagecustomizerlib/imagecustomizer.go
@@ -509,20 +509,25 @@ func validateConfig(baseConfigPath string, config *imagecustomizerapi.Config, rp
 	return nil
 }
 
-func validateAdditionalFiles(baseConfigPath string, additionalFiles imagecustomizerapi.AdditionalFilesMap) error {
-	var aggregateErr error
-	for sourceFile := range additionalFiles {
-		sourceFileFullPath := file.GetAbsPathWithBase(baseConfigPath, sourceFile)
-		isFile, err := file.IsFile(sourceFileFullPath)
-		if err != nil {
-			aggregateErr = errors.Join(aggregateErr, fmt.Errorf("invalid additionalFiles source file (%s):\n%w", sourceFile, err))
-		}
+func validateAdditionalFiles(baseConfigPath string, additionalFiles imagecustomizerapi.AdditionalFileList) error {
+	errs := []error(nil)
+	for _, additionalFile := range additionalFiles {
+		switch {
+		case additionalFile.Source != "":
+			sourceFileFullPath := file.GetAbsPathWithBase(baseConfigPath, additionalFile.Source)
+			isFile, err := file.IsFile(sourceFileFullPath)
+			if err != nil {
+				errs = append(errs, fmt.Errorf("invalid additionalFiles source file (%s):\n%w", additionalFile.Source, err))
+			}
 
-		if !isFile {
-			aggregateErr = errors.Join(aggregateErr, fmt.Errorf("invalid additionalFiles source file (%s): not a file", sourceFile))
+			if !isFile {
+				errs = append(errs, fmt.Errorf("invalid additionalFiles source file (%s):\nnot a file",
+					additionalFile.Source))
+			}
 		}
 	}
-	return aggregateErr
+
+	return errors.Join(errs...)
 }
 
 func validateIsoConfig(baseConfigPath string, config *imagecustomizerapi.Iso) error {
diff --git a/toolkit/tools/pkg/imagecustomizerlib/imagecustomizer_test.go b/toolkit/tools/pkg/imagecustomizerlib/imagecustomizer_test.go
index 105c0d477c9..335fd2c0b39 100644
--- a/toolkit/tools/pkg/imagecustomizerlib/imagecustomizer_test.go
+++ b/toolkit/tools/pkg/imagecustomizerlib/imagecustomizer_test.go
@@ -64,37 +64,6 @@ func TestCustomizeImageEmptyConfig(t *testing.T) {
 	checkFileType(t, outImageFilePath, "vhd")
 }
 
-func TestCustomizeImageCopyFiles(t *testing.T) {
-	var err error
-
-	baseImage := checkSkipForCustomizeImage(t, baseImageTypeCoreEfi, baseImageVersionDefault)
-
-	buildDir := filepath.Join(tmpDir, "TestCustomizeImageCopyFiles")
-	configFile := filepath.Join(testDir, "addfiles-config.yaml")
-	outImageFilePath := filepath.Join(buildDir, "image.qcow2")
-
-	// Customize image.
-	err = CustomizeImageWithConfigFile(buildDir, configFile, baseImage, nil, outImageFilePath, "raw", "", false, false)
-	if !assert.NoError(t, err) {
-		return
-	}
-
-	// Check output file type.
-	checkFileType(t, outImageFilePath, "raw")
-
-	// Mount the output disk image so that its contents can be checked.
-	imageConnection, err := connectToCoreEfiImage(buildDir, outImageFilePath)
-	if !assert.NoError(t, err) {
-		return
-	}
-	defer imageConnection.Close()
-
-	// Check the contents of the copied file.
-	file_contents, err := os.ReadFile(filepath.Join(imageConnection.Chroot().RootDir(), "a.txt"))
-	assert.NoError(t, err)
-	assert.Equal(t, "abcdefg\n", string(file_contents))
-}
-
 func connectToCoreEfiImage(buildDir string, imageFilePath string) (*ImageConnection, error) {
 	return connectToImage(buildDir, imageFilePath, false /*includeDefaultMounts*/, coreEfiMountPoints)
 }
@@ -149,8 +118,11 @@ func partitionDevPath(imageConnection *ImageConnection, partitionNum int) string
 func TestValidateConfigValidAdditionalFiles(t *testing.T) {
 	err := validateConfig(testDir, &imagecustomizerapi.Config{
 		OS: &imagecustomizerapi.OS{
-			AdditionalFiles: imagecustomizerapi.AdditionalFilesMap{
-				"files/a.txt": {{Path: "/a.txt"}},
+			AdditionalFiles: imagecustomizerapi.AdditionalFileList{
+				{
+					Source:      "files/a.txt",
+					Destination: "/a.txt",
+				},
 			},
 		}}, nil, true)
 	assert.NoError(t, err)
@@ -159,8 +131,11 @@ func TestValidateConfigValidAdditionalFiles(t *testing.T) {
 func TestValidateConfigMissingAdditionalFiles(t *testing.T) {
 	err := validateConfig(testDir, &imagecustomizerapi.Config{
 		OS: &imagecustomizerapi.OS{
-			AdditionalFiles: imagecustomizerapi.AdditionalFilesMap{
-				"files/missing_a.txt": {{Path: "/a.txt"}},
+			AdditionalFiles: imagecustomizerapi.AdditionalFileList{
+				{
+					Source:      "files/missing_a.txt",
+					Destination: "/a.txt",
+				},
 			},
 		}}, nil, true)
 	assert.Error(t, err)
@@ -169,8 +144,11 @@ func TestValidateConfigMissingAdditionalFiles(t *testing.T) {
 func TestValidateConfigdditionalFilesIsDir(t *testing.T) {
 	err := validateConfig(testDir, &imagecustomizerapi.Config{
 		OS: &imagecustomizerapi.OS{
-			AdditionalFiles: imagecustomizerapi.AdditionalFilesMap{
-				"files": {{Path: "/a.txt"}},
+			AdditionalFiles: imagecustomizerapi.AdditionalFileList{
+				{
+					Source:      "files",
+					Destination: "/a.txt",
+				},
 			},
 		}}, nil, true)
 	assert.Error(t, err)
diff --git a/toolkit/tools/pkg/imagecustomizerlib/liveosisobuilder.go b/toolkit/tools/pkg/imagecustomizerlib/liveosisobuilder.go
index e93652e824e..c9dd2324003 100644
--- a/toolkit/tools/pkg/imagecustomizerlib/liveosisobuilder.go
+++ b/toolkit/tools/pkg/imagecustomizerlib/liveosisobuilder.go
@@ -928,16 +928,18 @@ func micIsoConfigToIsoMakerConfig(baseConfigPath string, isoConfig *imagecustomi
 
 	additionalIsoFiles = []safechroot.FileToCopy{}
 
-	for sourcePath, fileConfigs := range isoConfig.AdditionalFiles {
-		absSourcePath := file.GetAbsPathWithBase(baseConfigPath, sourcePath)
-		for _, fileConfig := range fileConfigs {
-			fileToCopy := safechroot.FileToCopy{
-				Src:         absSourcePath,
-				Dest:        fileConfig.Path,
-				Permissions: (*fs.FileMode)(fileConfig.Permissions),
-			}
-			additionalIsoFiles = append(additionalIsoFiles, fileToCopy)
+	for _, additionalFile := range isoConfig.AdditionalFiles {
+		absSourceFile := ""
+		if additionalFile.Source != "" {
+			absSourceFile = file.GetAbsPathWithBase(baseConfigPath, additionalFile.Source)
+		}
+		fileToCopy := safechroot.FileToCopy{
+			Src:         absSourceFile,
+			Content:     additionalFile.Content,
+			Dest:        additionalFile.Destination,
+			Permissions: (*fs.FileMode)(additionalFile.Permissions),
 		}
+		additionalIsoFiles = append(additionalIsoFiles, fileToCopy)
 	}
 
 	return additionalIsoFiles, extraCommandLine, nil
diff --git a/toolkit/tools/pkg/imagecustomizerlib/liveosisobuilder_test.go b/toolkit/tools/pkg/imagecustomizerlib/liveosisobuilder_test.go
index 4ebaf651e98..cf5d915afd0 100644
--- a/toolkit/tools/pkg/imagecustomizerlib/liveosisobuilder_test.go
+++ b/toolkit/tools/pkg/imagecustomizerlib/liveosisobuilder_test.go
@@ -82,15 +82,15 @@ func TestCustomizeImageLiveCd1(t *testing.T) {
 			KernelCommandLine: imagecustomizerapi.KernelCommandLine{
 				ExtraCommandLine: "rd.debug",
 			},
-			AdditionalFiles: imagecustomizerapi.AdditionalFilesMap{
-				"files/b.txt": []imagecustomizerapi.FileConfig{
-					{
-						Path: "/b1.txt",
-					},
-					{
-						Path:        "/b2.txt",
-						Permissions: &b2FilePerms,
-					},
+			AdditionalFiles: imagecustomizerapi.AdditionalFileList{
+				{
+					Source:      "files/b.txt",
+					Destination: "/b1.txt",
+				},
+				{
+					Source:      "files/b.txt",
+					Destination: "/b2.txt",
+					Permissions: &b2FilePerms,
 				},
 			},
 		},
diff --git a/toolkit/tools/pkg/imagecustomizerlib/testdata/addfiles-config.yaml b/toolkit/tools/pkg/imagecustomizerlib/testdata/addfiles-config.yaml
index e761d388e14..b102dc957a2 100644
--- a/toolkit/tools/pkg/imagecustomizerlib/testdata/addfiles-config.yaml
+++ b/toolkit/tools/pkg/imagecustomizerlib/testdata/addfiles-config.yaml
@@ -1,6 +1,21 @@
 os:
   additionalFiles:
-    files/a.txt: /a.txt
-    files/helloworld.sh:
-    - path: /usr/local/bin/helloworld.sh
-      permissions: 755
+  - source: files/a.txt
+    destination: /a.txt
+
+  - source: files/helloworld.sh
+    destination: /usr/local/bin/helloworld.sh
+    permissions: 755
+
+  - content: |
+      cat
+      dog
+    destination: /animals.txt
+
+  - content: |-
+      abcdefghijklmnopqrstuvwxyz
+    destination: /alphabet.txt
+    permissions: 644
+
+  - content: ""
+    destination: /empty.txt
diff --git a/toolkit/tools/pkg/imagecustomizerlib/testdata/cloud-init-config.yaml b/toolkit/tools/pkg/imagecustomizerlib/testdata/cloud-init-config.yaml
index 2490f976ae3..13c8f4833ee 100644
--- a/toolkit/tools/pkg/imagecustomizerlib/testdata/cloud-init-config.yaml
+++ b/toolkit/tools/pkg/imagecustomizerlib/testdata/cloud-init-config.yaml
@@ -1,8 +1,13 @@
 os:
   additionalFiles:
-    files/cloud-init/user-data: /var/lib/cloud/seed/nocloud/user-data
-    files/cloud-init/network-config: /var/lib/cloud/seed/nocloud/network-config
-    files/cloud-init/meta-data: /var/lib/cloud/seed/nocloud/meta-data
+  - source: files/cloud-init/user-data
+    destination: /var/lib/cloud/seed/nocloud/user-data
+
+  - source: files/cloud-init/network-config
+    destination: /var/lib/cloud/seed/nocloud/network-config
+
+  - source: files/cloud-init/meta-data
+    destination: /var/lib/cloud/seed/nocloud/meta-data
 
   kernelCommandLine:
     extraCommandLine: "ds=nocloud"
diff --git a/toolkit/tools/pkg/imagecustomizerlib/testdata/cloud-init-iso-config.yaml b/toolkit/tools/pkg/imagecustomizerlib/testdata/cloud-init-iso-config.yaml
index de27ebb5f52..9f02bf43c76 100644
--- a/toolkit/tools/pkg/imagecustomizerlib/testdata/cloud-init-iso-config.yaml
+++ b/toolkit/tools/pkg/imagecustomizerlib/testdata/cloud-init-iso-config.yaml
@@ -7,9 +7,14 @@ scripts:
 
 iso:
   additionalFiles:
-    files/cloud-init/user-data: /cloud-init-data/user-data
-    files/cloud-init/network-config: /cloud-init-data/network-config
-    files/cloud-init/meta-data: /cloud-init-data/meta-data
+  - source: files/cloud-init/user-data
+    destination: /cloud-init-data/user-data
+
+  - source: files/cloud-init/network-config
+    destination: /cloud-init-data/network-config
+
+  - source: files/cloud-init/meta-data
+    destination: /cloud-init-data/meta-data
 
   kernelCommandLine:
     extraCommandLine: "ds=nocloud"
diff --git a/toolkit/tools/pkg/imagecustomizerlib/testdata/infinite-file-config.yaml b/toolkit/tools/pkg/imagecustomizerlib/testdata/infinite-file-config.yaml
index 2ea59a3665d..ee22fe76c30 100644
--- a/toolkit/tools/pkg/imagecustomizerlib/testdata/infinite-file-config.yaml
+++ b/toolkit/tools/pkg/imagecustomizerlib/testdata/infinite-file-config.yaml
@@ -1,3 +1,4 @@
 os:
   additionalFiles:
-    /dev/zero: /zero.txt
+  - source: /dev/zero
+    destination: /zero.txt
diff --git a/toolkit/tools/pkg/imagecustomizerlib/testdata/iso-files-and-args-config.yaml b/toolkit/tools/pkg/imagecustomizerlib/testdata/iso-files-and-args-config.yaml
index 7183f1d45c2..df1b469be11 100644
--- a/toolkit/tools/pkg/imagecustomizerlib/testdata/iso-files-and-args-config.yaml
+++ b/toolkit/tools/pkg/imagecustomizerlib/testdata/iso-files-and-args-config.yaml
@@ -1,6 +1,7 @@
 iso:
   additionalFiles:
-    files/a.txt: /a.txt
+  - source: files/a.txt
+    destination: /a.txt
 
   kernelCommandLine:
     extraCommandLine: rd.info
diff --git a/toolkit/tools/pkg/imagecustomizerlib/testdata/verity-config.yaml b/toolkit/tools/pkg/imagecustomizerlib/testdata/verity-config.yaml
index a52510cd228..73cfd190b7d 100644
--- a/toolkit/tools/pkg/imagecustomizerlib/testdata/verity-config.yaml
+++ b/toolkit/tools/pkg/imagecustomizerlib/testdata/verity-config.yaml
@@ -76,9 +76,12 @@ os:
 
   additionalFiles:
     # Change the directory that the sshd-keygen service writes the SSH host keys to.
-    files/sshd-keygen.service: /usr/lib/systemd/system/sshd-keygen.service
+  - source: files/sshd-keygen.service
+    destination: /usr/lib/systemd/system/sshd-keygen.service
+
     # Enable DHCP client on all of the physical NICs.
-    files/89-ethernet.network: /etc/systemd/network/89-ethernet.network
+  - source: files/89-ethernet.network
+    destination: /etc/systemd/network/89-ethernet.network
 
   services:
     enable:

From ccf7dd5e8bdfc4e5e1b0b9a35bd71b352c0fc50e Mon Sep 17 00:00:00 2001
From: Archana Choudhary <36061892+arc9693@users.noreply.github.com>
Date: Wed, 25 Sep 2024 11:11:35 +0530
Subject: [PATCH 22/59] haproxy: upgrade to 2.9.11 to fix CVE-2024-45506
 (#10540)

---
 SPECS/haproxy/haproxy.signatures.json | 3 +--
 SPECS/haproxy/haproxy.spec            | 8 ++++++--
 cgmanifest.json                       | 4 ++--
 3 files changed, 9 insertions(+), 6 deletions(-)

diff --git a/SPECS/haproxy/haproxy.signatures.json b/SPECS/haproxy/haproxy.signatures.json
index 505820aabe5..343c425c392 100644
--- a/SPECS/haproxy/haproxy.signatures.json
+++ b/SPECS/haproxy/haproxy.signatures.json
@@ -1,6 +1,5 @@
 {
  "Signatures": {
-  "haproxy-2.9.1.tar.gz": "d5801c772aab9c43f40964b7b33b4388d14b5b45750be4d2671785863cdb9f1c"
+  "haproxy-2.9.11.tar.gz": "2375281ddf81e201b531d4119c686356d1d37d0afc4bc0e3b6dcec9f2e5568ba"
  }
 }
-
diff --git a/SPECS/haproxy/haproxy.spec b/SPECS/haproxy/haproxy.spec
index 87de4ecc480..a6b0ce0d968 100644
--- a/SPECS/haproxy/haproxy.spec
+++ b/SPECS/haproxy/haproxy.spec
@@ -1,7 +1,7 @@
 Summary:        A fast, reliable HA, load balancing, and proxy solution.
 Name:           haproxy
-Version:        2.9.1
-Release:        2%{?dist}
+Version:        2.9.11
+Release:        1%{?dist}
 License:        GPLv2+
 Vendor:         Microsoft Corporation
 Distribution:   Azure Linux
@@ -59,6 +59,10 @@ install -vDm644 examples/transparent_proxy.cfg  %{buildroot}/%{_sysconfdir}/hapr
 %{_mandir}/*
 
 %changelog
+* Wed Sep 25 2024 Archana Choudhary <archana1@microsoft.com> - 2.9.11-1
+- Upgrade to 2.9.11
+- Fix CVE-2024-45506
+
 * Fri Apr 05 2024 Betty Lakes <bettylakes@microsoft.com> - 2.9.1-2
 - Move from pcre to pcre2
 
diff --git a/cgmanifest.json b/cgmanifest.json
index 674764918ea..9d00049bde0 100644
--- a/cgmanifest.json
+++ b/cgmanifest.json
@@ -5110,8 +5110,8 @@
         "type": "other",
         "other": {
           "name": "haproxy",
-          "version": "2.9.1",
-          "downloadUrl": "https://www.haproxy.org/download/2.9/src/haproxy-2.9.1.tar.gz"
+          "version": "2.9.11",
+          "downloadUrl": "https://www.haproxy.org/download/2.9/src/haproxy-2.9.11.tar.gz"
         }
       }
     },

From c6803dffebcd68a30b0a5cfab005b98d5e0de4c8 Mon Sep 17 00:00:00 2001
From: jykanase <v-jykanase@microsoft.com>
Date: Wed, 25 Sep 2024 01:47:29 -0700
Subject: [PATCH 23/59] Upgrade CharLS version 2.0.0 -> 2.4.2 (#10532)

---
 SPECS-EXTENDED/CharLS/CharLS.signatures.json |  2 +-
 SPECS-EXTENDED/CharLS/CharLS.spec            | 26 +++++++++++---------
 cgmanifest.json                              |  4 +--
 3 files changed, 18 insertions(+), 14 deletions(-)

diff --git a/SPECS-EXTENDED/CharLS/CharLS.signatures.json b/SPECS-EXTENDED/CharLS/CharLS.signatures.json
index 9b1060ddc8d..a89dbcc7937 100644
--- a/SPECS-EXTENDED/CharLS/CharLS.signatures.json
+++ b/SPECS-EXTENDED/CharLS/CharLS.signatures.json
@@ -1,5 +1,5 @@
 {
  "Signatures": {
-  "CharLS-2.0.0.tar.gz": "528c6a3cc168a44e73f2890d8f4a35104a54d752eba3d6a643f050b72dd67cfa"
+  "CharLS-2.4.2.tar.gz": "d1c2c35664976f1e43fec7764d72755e6a50a80f38eca70fcc7553cad4fe19d9"
  }
 }
diff --git a/SPECS-EXTENDED/CharLS/CharLS.spec b/SPECS-EXTENDED/CharLS/CharLS.spec
index 1e7e287f88d..df540fdb322 100644
--- a/SPECS-EXTENDED/CharLS/CharLS.spec
+++ b/SPECS-EXTENDED/CharLS/CharLS.spec
@@ -1,13 +1,14 @@
 Summary:        An optimized implementation of the JPEG-LS standard
 Name:           CharLS
-Version:        2.0.0
-Release:        10%{?dist}
+Version:        2.4.2
+Release:        1%{?dist}
 License:        BSD
 Vendor:         Microsoft Corporation
 Distribution:   Azure Linux
 URL:            https://github.com/team-charls/charls
-Source0:        https://github.com/team-charls/charls/archive/%{version}/%{name}-%{version}.tar.gz
-BuildRequires:  cmake >= 2.6.0
+Source0:        https://github.com/team-charls/charls/archive/refs/tags/%{version}.tar.gz#/%{name}-%{version}.tar.gz
+
+BuildRequires:  cmake
 BuildRequires:  gcc
 BuildRequires:  gcc-c++
 
@@ -42,7 +43,6 @@ rm CharLS*.sln* -v
 
 %cmake_build
 
-
 %install
 %cmake_install
 
@@ -55,16 +55,20 @@ popd
 
 
 %files
-%license License.txt
-%{_libdir}/lib%{name}.so.2
-%{_libdir}/lib%{name}.so.2.0
+%license LICENSE.md
+%{_libdir}/libcharls.so.2*
 
 %files devel
-%dir %{_includedir}/%{name}/
-%{_includedir}/%{name}/*
-%{_libdir}/lib%{name}.so
+%dir %{_includedir}/charls/
+%{_includedir}/charls/*
+%{_libdir}/cmake/charls/
+%{_libdir}/libcharls.so
+%{_libdir}/pkgconfig/charls.pc
 
 %changelog
+* Tue Sept 24 2024 Jyoti Kanase <v-jykanase@microsoft.com> - 2.4.2-1
+- Update to version 2.4.2
+
 * Wed Aug 09 2023 Archana Choudhary <archana1@microsoft.com> - 2.0.0-10
 - Initial CBL-Mariner import from Fedora 37 (license: MIT).
 - License verified
diff --git a/cgmanifest.json b/cgmanifest.json
index 9d00049bde0..a71fd1cb3bc 100644
--- a/cgmanifest.json
+++ b/cgmanifest.json
@@ -1617,8 +1617,8 @@
         "type": "other",
         "other": {
           "name": "CharLS",
-          "version": "2.0.0",
-          "downloadUrl": "https://github.com/team-charls/charls/archive/2.0.0/CharLS-2.0.0.tar.gz"
+          "version": "2.4.2",
+          "downloadUrl": "https://github.com/team-charls/charls/archive/refs/tags/2.4.2.tar.gz"
         }
       }
     },

From eb6380552eac38faebc2564dac556a14122acc91 Mon Sep 17 00:00:00 2001
From: Rohit Rawat <rohitrawat@microsoft.com>
Date: Wed, 25 Sep 2024 15:30:49 +0530
Subject: [PATCH 24/59] Patch CVE-2024-43796 in python-tensorboard (#10542)

---
 SPECS/python-tensorboard/CVE-2024-43796.patch | 25 +++++++++++++++++++
 .../python-tensorboard.spec                   |  6 ++++-
 2 files changed, 30 insertions(+), 1 deletion(-)
 create mode 100644 SPECS/python-tensorboard/CVE-2024-43796.patch

diff --git a/SPECS/python-tensorboard/CVE-2024-43796.patch b/SPECS/python-tensorboard/CVE-2024-43796.patch
new file mode 100644
index 00000000000..dd6b7182e93
--- /dev/null
+++ b/SPECS/python-tensorboard/CVE-2024-43796.patch
@@ -0,0 +1,25 @@
+From 8d5a41d93faad930515399d2189760fa2bb71edc Mon Sep 17 00:00:00 2001
+From: Rohit Rawat <xordux@gmail.com>
+Date: Wed, 25 Sep 2024 07:14:25 +0000
+Subject: [PATCH] CVE-2024-43796: don't render redirect values in anchor href
+
+---
+ .../external/npm/_/node_modules/express/lib/response.js         | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/tb_tmp/b069b9e9814ff76ffa6219506d1f1e79/external/npm/_/node_modules/express/lib/response.js b/tb_tmp/b069b9e9814ff76ffa6219506d1f1e79/external/npm/_/node_modules/express/lib/response.js
+index fede486c0..23debf476 100644
+--- a/tb_tmp/b069b9e9814ff76ffa6219506d1f1e79/external/npm/_/node_modules/express/lib/response.js
++++ b/tb_tmp/b069b9e9814ff76ffa6219506d1f1e79/external/npm/_/node_modules/express/lib/response.js
+@@ -960,7 +960,7 @@ res.redirect = function redirect(url) {
+ 
+     html: function(){
+       var u = escapeHtml(address);
+-      body = '<p>' + statuses.message[status] + '. Redirecting to <a href="' + u + '">' + u + '</a></p>'
++      body = '<p>' + statuses.message[status] + '. Redirecting to ' + u + '</p>'
+     },
+ 
+     default: function(){
+-- 
+2.39.4
+
diff --git a/SPECS/python-tensorboard/python-tensorboard.spec b/SPECS/python-tensorboard/python-tensorboard.spec
index 6959f765b69..135936c85c4 100644
--- a/SPECS/python-tensorboard/python-tensorboard.spec
+++ b/SPECS/python-tensorboard/python-tensorboard.spec
@@ -7,7 +7,7 @@ TensorBoard is a suite of web applications for inspecting and understanding your
 Summary:        TensorBoard is a suite of web applications for inspecting and understanding your TensorFlow runs and graphs
 Name:           python-%{pypi_name}
 Version:        2.16.2
-Release:        3%{?dist}
+Release:        4%{?dist}
 License:        ASL 2.0
 Vendor:         Microsoft Corporation
 Distribution:   Azure Linux
@@ -16,6 +16,7 @@ URL:            https://github.com/tensorflow/tensorboard
 Source0:        %{_distro_sources_url}/%{name}-%{version}.tar.gz#/%{name}-%{version}.tar.gz
 Patch0:         0000-Use-system-package.patch
 Patch1:         CVE-2024-43788.patch
+Patch2:         CVE-2024-43796.patch
 
 BuildRequires:  bazel
 BuildRequires:  build-essential
@@ -95,6 +96,9 @@ mv %{pypi_name}-*.whl pyproject-wheeldir/
 %{python3_sitelib}/tensorboard_data_server*
 
 %changelog
+* Wed Sep 25 09 2024 Rohit Rawat <rohitrawat@microsoft.com> - 2.16.2-4
+- Patch to fix CVE-2024-43796
+
 * Mon Sep 02 2024 Rohit Rawat <rohitrawat@microsoft.com> - 2.16.2-3
 - Patch to fix CVE-2024-43788
 

From 82571fa904652969ac8a7663e7d703cd40520d4c Mon Sep 17 00:00:00 2001
From: Muhammad Falak R Wani <falakreyaz@gmail.com>
Date: Wed, 25 Sep 2024 22:00:47 +0530
Subject: [PATCH 25/59] openldap: enable slapd (#10545)

Signed-off-by: Muhammad Falak R Wani <falakreyaz@gmail.com>
---
 SPECS/openldap/openldap.spec | 9 +++++++--
 1 file changed, 7 insertions(+), 2 deletions(-)

diff --git a/SPECS/openldap/openldap.spec b/SPECS/openldap/openldap.spec
index 15d962cb6d4..a0cfb01b559 100644
--- a/SPECS/openldap/openldap.spec
+++ b/SPECS/openldap/openldap.spec
@@ -3,7 +3,7 @@
 Summary:        OpenLDAP (Lightweight Directory Access Protocol)
 Name:           openldap
 Version:        2.6.7
-Release:        1%{?dist}
+Release:        2%{?dist}
 License:        OpenLDAP
 Vendor:         Microsoft Corporation
 Distribution:   Azure Linux
@@ -40,7 +40,7 @@ export CPPFLAGS="${CPPFLAGS} -D_REENTRANT -DLDAP_CONNECTIONLESS -D_GNU_SOURCE -D
         --disable-static    \
         --enable-dynamic    \
         --disable-debug     \
-        --disable-slapd     \
+        --enable-slapd      \
         --with-tls=openssl
 %make_build depend
 %make_build
@@ -59,6 +59,8 @@ find %{buildroot} -type f -name "*.la" -delete -print
 %defattr(-,root,root)
 %license LICENSE
 %{_bindir}/*
+%{_sbindir}/*
+%{_libexecdir}/*
 %{_libdir}/*.so*
 %{_includedir}/*
 %{_libdir}/pkgconfig/lber.pc
@@ -70,6 +72,9 @@ find %{buildroot} -type f -name "*.la" -delete -print
 %{_sysconfdir}/openldap/*
 
 %changelog
+* Wed Sep 25 2024 Muhammad Falak <mwani@microsoft.com> - 2.6.7-2
+- Configure with `--enable-slapd` to enable slapd
+
 * Thu Feb 01 2024 Thien Trung Vuong <tvuong@microsoft.com> - 2.6.7-1
 - Upgrade to version 2.6.7 - Package upgrade for Azure Linux 3.0
 - Add patch to resolve reference to ber_sockbuf_io_udp

From 69a1f2924a2e2526e1a47f2709fe29f04a01cc94 Mon Sep 17 00:00:00 2001
From: CBL-Mariner-Bot <75509084+CBL-Mariner-Bot@users.noreply.github.com>
Date: Wed, 25 Sep 2024 13:11:14 -0400
Subject: [PATCH 26/59] Prepare October 2024 Update (#10547)

---
 SPECS/azurelinux-release/azurelinux-release.spec | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/SPECS/azurelinux-release/azurelinux-release.spec b/SPECS/azurelinux-release/azurelinux-release.spec
index e8cd1f53cb5..86b2247f1a9 100644
--- a/SPECS/azurelinux-release/azurelinux-release.spec
+++ b/SPECS/azurelinux-release/azurelinux-release.spec
@@ -5,7 +5,7 @@
 Summary:        Azure Linux release files
 Name:           azurelinux-release
 Version:        %{dist_version}.0
-Release:        18%{?dist}
+Release:        19%{?dist}
 License:        MIT
 Vendor:         Microsoft Corporation
 Distribution:   Azure Linux
@@ -118,6 +118,9 @@ install -Dm0644 %{SOURCE4} -t %{buildroot}%{_sysctldir}/
 %{_sysctldir}/*.conf
 
 %changelog
+* Wed Sep 25 2024 CBL-Mariner Servicing Account <cblmargh@microsoft.com> - 3.0-19
+- Bump release for October 2024 Update
+
 * Thu Aug 08 2024 CBL-Mariner Servicing Account <cblmargh@microsoft.com> - 3.0-18
 - Bump release for August 2024 Update 1
 

From 6d79914f146b81277dc19d9bcf648eab893bd211 Mon Sep 17 00:00:00 2001
From: Minghe Ren <mingheren@microsoft.com>
Date: Wed, 25 Sep 2024 10:31:25 -0700
Subject: [PATCH 27/59] revert cloud-init upgrade 24.3 (#10541)

Co-authored-by: minghe <rmhsawyer>
---
 SPECS/cloud-init/Binaries-location.patch    | 13 +++++++++++++
 SPECS/cloud-init/cloud-init.signatures.json |  2 +-
 SPECS/cloud-init/cloud-init.spec            | 12 ++++--------
 cgmanifest.json                             |  4 ++--
 4 files changed, 20 insertions(+), 11 deletions(-)
 create mode 100644 SPECS/cloud-init/Binaries-location.patch

diff --git a/SPECS/cloud-init/Binaries-location.patch b/SPECS/cloud-init/Binaries-location.patch
new file mode 100644
index 00000000000..7620a50f6aa
--- /dev/null
+++ b/SPECS/cloud-init/Binaries-location.patch
@@ -0,0 +1,13 @@
+diff -ruN a/cloudinit/distros/azurelinux.py b/cloudinit/distros/azurelinux.py
+--- a/cloudinit/distros/azurelinux.py	2024-07-02 18:44:08.000000000 -0700
++++ b/cloudinit/distros/azurelinux.py	2024-07-17 14:08:22.209966025 -0700
+@@ -22,6 +22,8 @@
+ 
+ 
+ class Distro(rhel.Distro):
++    usr_lib_exec = "/usr/lib"
++	
+     def __init__(self, name, cfg, paths):
+         super().__init__(name, cfg, paths)
+         self.osfamily = "azurelinux"
+
diff --git a/SPECS/cloud-init/cloud-init.signatures.json b/SPECS/cloud-init/cloud-init.signatures.json
index 0ae52e52bc0..d65a6e071ac 100644
--- a/SPECS/cloud-init/cloud-init.signatures.json
+++ b/SPECS/cloud-init/cloud-init.signatures.json
@@ -1,6 +1,6 @@
 {
  "Signatures": {
   "10-azure-kvp.cfg": "79e0370c010be5cd4717960e4b414570c9ec6e6d29aede77ccecc43d2b03bb9a",
-  "cloud-init-24.3.tar.gz": "c362eeb6f6fd1975fcd260a7aae62c8f02d8565d71e857ba40b27ac92cddfb76"
+  "cloud-init-24.2.tar.gz": "b70d49e9e5bd891b0bb021b09b80aed501c81e2bef5f1cba00561adfd8d2e974"
  }
 }
diff --git a/SPECS/cloud-init/cloud-init.spec b/SPECS/cloud-init/cloud-init.spec
index 8856302ac02..b5463a4f0e5 100644
--- a/SPECS/cloud-init/cloud-init.spec
+++ b/SPECS/cloud-init/cloud-init.spec
@@ -1,7 +1,7 @@
 Summary:        Cloud instance init scripts
 Name:           cloud-init
-Version:        24.3
-Release:        1%{?dist}
+Version:        24.2
+Release:        2%{?dist}
 License:        GPLv3
 Vendor:         Microsoft Corporation
 Distribution:   Azure Linux
@@ -10,6 +10,7 @@ URL:            https://launchpad.net/cloud-init
 Source0:        https://github.com/canonical/%{name}/archive/refs/tags/%{version}.tar.gz#/%{name}-%{version}.tar.gz
 Source1:        10-azure-kvp.cfg
 Patch0:         Add-Network-Interface-Renaming-Support-for-CAPM3-Met.patch
+Patch1:         Binaries-location.patch
 %define cl_services cloud-config.service cloud-config.target cloud-final.service cloud-init.service cloud-init.target cloud-init-local.service
 BuildRequires:  automake
 BuildRequires:  dbus
@@ -132,7 +133,7 @@ make check %{?_smp_mflags}
 %config(noreplace) %{_sysconfdir}/cloud/templates/*
 %config(noreplace) %{_sysconfdir}/cloud/cloud.cfg
 %config(noreplace) %{_sysconfdir}/cloud/cloud.cfg.d/05_logging.cfg
-%config(noreplace) %{_libdir}/systemd/system/sshd-keygen@.service.d/disable-sshd-keygen-if-cloud-init-active.conf
+%config(noreplace) %{_sysconfdir}/systemd/system/sshd-keygen@.service.d/disable-sshd-keygen-if-cloud-init-active.conf
 %{_unitdir}/*
 %{_systemdgeneratordir}/cloud-init-generator
 /usr/lib/udev/rules.d/66-azure-ephemeral.rules
@@ -142,11 +143,6 @@ make check %{?_smp_mflags}
 %config(noreplace) %{_sysconfdir}/cloud/cloud.cfg.d/10-azure-kvp.cfg
 
 %changelog
-* Tue Sep 10 2024 Minghe Ren <mingheren@microsoft.com> - 24.3-1
-- Upgrade cloud-init to 24.3 to add azure proxy agent support
-- Remove unnecessary Binaries-location.patch
-- Update Add-Network-Interface-Renaming-Support-for-CAPM3-Met.patch for newer version
-
 * Tue Jul 16 2024 Minghe Ren <mingheren@microsoft.com> - 24.2-2
 - Add patch to point default cloud-init binaries location
 
diff --git a/cgmanifest.json b/cgmanifest.json
index a71fd1cb3bc..90469cbeec3 100644
--- a/cgmanifest.json
+++ b/cgmanifest.json
@@ -1777,8 +1777,8 @@
         "type": "other",
         "other": {
           "name": "cloud-init",
-          "version": "24.3",
-          "downloadUrl": "https://github.com/canonical/cloud-init/archive/refs/tags/24.3.tar.gz"
+          "version": "24.2",
+          "downloadUrl": "https://github.com/canonical/cloud-init/archive/refs/tags/24.2.tar.gz"
         }
       }
     },

From 93464f221c655b02e519939b3ef08a3af7e6a84f Mon Sep 17 00:00:00 2001
From: Chris Gunn <chrisgun@microsoft.com>
Date: Wed, 25 Sep 2024 11:10:43 -0700
Subject: [PATCH 28/59] Image Customizer: Fix
 'TestCustomizeImagePartitionsSizeOnly' test. (#10538)

Handle a missed rename from `fileSystems` to `filesystems`.
---
 .../testdata/partitions-size-only-config.yaml                   | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/toolkit/tools/pkg/imagecustomizerlib/testdata/partitions-size-only-config.yaml b/toolkit/tools/pkg/imagecustomizerlib/testdata/partitions-size-only-config.yaml
index 8a69ceddce9..5b9db946083 100644
--- a/toolkit/tools/pkg/imagecustomizerlib/testdata/partitions-size-only-config.yaml
+++ b/toolkit/tools/pkg/imagecustomizerlib/testdata/partitions-size-only-config.yaml
@@ -14,7 +14,7 @@ storage:
 
   bootType: efi
 
-  fileSystems:
+  filesystems:
   - deviceId: esp
     type: fat32
     mountPoint:

From 04d0fbc6187a8892384c9048d0de058ff8264abf Mon Sep 17 00:00:00 2001
From: CBL-Mariner-Bot <75509084+CBL-Mariner-Bot@users.noreply.github.com>
Date: Wed, 25 Sep 2024 18:52:18 -0400
Subject: [PATCH 29/59] [AUTO-CHERRYPICK] cmake: Update to 3.30.3 to fix
 CVE-2024-24806 - branch 3.0-dev (#10551)

Co-authored-by: Jonathan Behrens <jbehrens@microsoft.com>
---
 SPECS/cmake/cmake.signatures.json                         | 2 +-
 SPECS/cmake/cmake.spec                                    | 5 ++++-
 cgmanifest.json                                           | 4 ++--
 toolkit/resources/manifests/package/toolchain_aarch64.txt | 4 ++--
 toolkit/resources/manifests/package/toolchain_x86_64.txt  | 4 ++--
 5 files changed, 11 insertions(+), 8 deletions(-)

diff --git a/SPECS/cmake/cmake.signatures.json b/SPECS/cmake/cmake.signatures.json
index 4d44bacf014..6da0d01611f 100644
--- a/SPECS/cmake/cmake.signatures.json
+++ b/SPECS/cmake/cmake.signatures.json
@@ -1,6 +1,6 @@
 {
   "Signatures": {
     "macros.cmake": "1b5f1916a2118b932b217c4c5c4d52e723b1cf4c9587fe7f8fa45b41abfa7c60",
-    "cmake-3.29.6.tar.gz": "1391313003b83d48e2ab115a8b525a557f78d8c1544618b48d1d90184a10f0af"
+    "cmake-3.30.3.tar.gz": "6d5de15b6715091df7f5441007425264bdd477809f80333fdf95f846aaff88e4"
   }
 }
diff --git a/SPECS/cmake/cmake.spec b/SPECS/cmake/cmake.spec
index d8063f4666d..5ae4b25ce34 100644
--- a/SPECS/cmake/cmake.spec
+++ b/SPECS/cmake/cmake.spec
@@ -1,7 +1,7 @@
 %global major_version 3
 Summary:        Cmake
 Name:           cmake
-Version:        3.29.6
+Version:        3.30.3
 Release:        1%{?dist}
 License:        BSD AND LGPLv2+
 Vendor:         Microsoft Corporation
@@ -90,6 +90,9 @@ bin/ctest --force-new-ctest-process --rerun-failed --output-on-failure
 %{_libdir}/rpm/macros.d/macros.cmake
 
 %changelog
+* Mon Sep 23 2024 Jonathan Behrens <jbehrens@microsoft.com> - 3.30.3-1
+- Upgrade to 3.30.3 to address CVE-2024-24806
+
 * Wed Jun 19 2024 Osama Esmail <osamaesmail@microsoft.com> - 3.29.6-1
 - Auto-upgrade to 3.29.6 to address CVE-2023-28320 and CVE-2024-46218
 - Adding 0001-manually-recreating-patches.patch to patch CVE-2024-28182
diff --git a/cgmanifest.json b/cgmanifest.json
index 90469cbeec3..395a4b36ccf 100644
--- a/cgmanifest.json
+++ b/cgmanifest.json
@@ -1837,8 +1837,8 @@
         "type": "other",
         "other": {
           "name": "cmake",
-          "version": "3.29.6",
-          "downloadUrl": "https://github.com/Kitware/CMake/releases/download/v3.29.6/cmake-3.29.6.tar.gz"
+          "version": "3.30.3",
+          "downloadUrl": "https://github.com/Kitware/CMake/releases/download/v3.30.3/cmake-3.30.3.tar.gz"
         }
       }
     },
diff --git a/toolkit/resources/manifests/package/toolchain_aarch64.txt b/toolkit/resources/manifests/package/toolchain_aarch64.txt
index 060ca51af8e..94133dbe214 100644
--- a/toolkit/resources/manifests/package/toolchain_aarch64.txt
+++ b/toolkit/resources/manifests/package/toolchain_aarch64.txt
@@ -49,8 +49,8 @@ check-debuginfo-0.15.2-1.azl3.aarch64.rpm
 chkconfig-1.25-1.azl3.aarch64.rpm
 chkconfig-debuginfo-1.25-1.azl3.aarch64.rpm
 chkconfig-lang-1.25-1.azl3.aarch64.rpm
-cmake-3.29.6-1.azl3.aarch64.rpm
-cmake-debuginfo-3.29.6-1.azl3.aarch64.rpm
+cmake-3.30.3-1.azl3.aarch64.rpm
+cmake-debuginfo-3.30.3-1.azl3.aarch64.rpm
 coreutils-9.4-6.azl3.aarch64.rpm
 coreutils-debuginfo-9.4-6.azl3.aarch64.rpm
 coreutils-lang-9.4-6.azl3.aarch64.rpm
diff --git a/toolkit/resources/manifests/package/toolchain_x86_64.txt b/toolkit/resources/manifests/package/toolchain_x86_64.txt
index c36004ccb56..2b6826d50af 100644
--- a/toolkit/resources/manifests/package/toolchain_x86_64.txt
+++ b/toolkit/resources/manifests/package/toolchain_x86_64.txt
@@ -50,8 +50,8 @@ check-debuginfo-0.15.2-1.azl3.x86_64.rpm
 chkconfig-1.25-1.azl3.x86_64.rpm
 chkconfig-debuginfo-1.25-1.azl3.x86_64.rpm
 chkconfig-lang-1.25-1.azl3.x86_64.rpm
-cmake-3.29.6-1.azl3.x86_64.rpm
-cmake-debuginfo-3.29.6-1.azl3.x86_64.rpm
+cmake-3.30.3-1.azl3.x86_64.rpm
+cmake-debuginfo-3.30.3-1.azl3.x86_64.rpm
 coreutils-9.4-6.azl3.x86_64.rpm
 coreutils-debuginfo-9.4-6.azl3.x86_64.rpm
 coreutils-lang-9.4-6.azl3.x86_64.rpm

From f0513d9312ac7cc99f37404552ec9704505034ff Mon Sep 17 00:00:00 2001
From: Rohit Rawat <rohitrawat@microsoft.com>
Date: Thu, 26 Sep 2024 19:06:13 +0530
Subject: [PATCH 30/59] Patch CVE-2024-45590 in python-tensorboard (#10559)

---
 SPECS/python-tensorboard/CVE-2024-45590.patch | 87 +++++++++++++++++++
 .../python-tensorboard.spec                   |  6 +-
 2 files changed, 92 insertions(+), 1 deletion(-)
 create mode 100644 SPECS/python-tensorboard/CVE-2024-45590.patch

diff --git a/SPECS/python-tensorboard/CVE-2024-45590.patch b/SPECS/python-tensorboard/CVE-2024-45590.patch
new file mode 100644
index 00000000000..cce3e7b842b
--- /dev/null
+++ b/SPECS/python-tensorboard/CVE-2024-45590.patch
@@ -0,0 +1,87 @@
+From 8007c86f9772612b795ddd2733ec8d8f7c9957b8 Mon Sep 17 00:00:00 2001
+From: Rohit Rawat <xordux@gmail.com>
+Date: Wed, 25 Sep 2024 17:14:58 +0000
+Subject: [PATCH] CVE-2024-45590: Set default depth limit to 32
+
+---
+ .../body-parser/lib/types/urlencoded.js       | 37 +++++++++++++++----
+ 1 file changed, 30 insertions(+), 7 deletions(-)
+
+diff --git a/tb_tmp/b069b9e9814ff76ffa6219506d1f1e79/external/npm/_/node_modules/body-parser/lib/types/urlencoded.js b/tb_tmp/b069b9e9814ff76ffa6219506d1f1e79/external/npm/_/node_modules/body-parser/lib/types/urlencoded.js
+index b2ca8f16d..886a3ce23 100644
+--- a/tb_tmp/b069b9e9814ff76ffa6219506d1f1e79/external/npm/_/node_modules/body-parser/lib/types/urlencoded.js
++++ b/tb_tmp/b069b9e9814ff76ffa6219506d1f1e79/external/npm/_/node_modules/body-parser/lib/types/urlencoded.js
+@@ -55,6 +55,9 @@ function urlencoded (options) {
+     : opts.limit
+   var type = opts.type || 'application/x-www-form-urlencoded'
+   var verify = opts.verify || false
++  var depth = typeof opts.depth !== 'number'
++    ? Number(opts.depth || 32)
++    : opts.depth
+ 
+   if (verify !== false && typeof verify !== 'function') {
+     throw new TypeError('option verify must be function')
+@@ -118,7 +121,8 @@ function urlencoded (options) {
+       encoding: charset,
+       inflate: inflate,
+       limit: limit,
+-      verify: verify
++      verify: verify,
++      depth: depth
+     })
+   }
+ }
+@@ -133,12 +137,20 @@ function extendedparser (options) {
+   var parameterLimit = options.parameterLimit !== undefined
+     ? options.parameterLimit
+     : 1000
++
++  var depth = typeof options.depth !== 'number'
++    ? Number(options.depth || 32)
++    : options.depth
+   var parse = parser('qs')
+ 
+   if (isNaN(parameterLimit) || parameterLimit < 1) {
+     throw new TypeError('option parameterLimit must be a positive number')
+   }
+ 
++  if(isNaN(depth) || depth < 0) {
++    throw new TypeError('option depth must be a zero or a positive number')
++  }
++
+   if (isFinite(parameterLimit)) {
+     parameterLimit = parameterLimit | 0
+   }
+@@ -156,12 +168,23 @@ function extendedparser (options) {
+     var arrayLimit = Math.max(100, paramCount)
+ 
+     debug('parse extended urlencoding')
+-    return parse(body, {
+-      allowPrototypes: true,
+-      arrayLimit: arrayLimit,
+-      depth: Infinity,
+-      parameterLimit: parameterLimit
+-    })
++    try {
++      return parse(body, {
++        allowPrototypes: true,
++        arrayLimit: arrayLimit,
++        depth: depth,
++        strictDepth: true,
++        parameterLimit: parameterLimit
++      })
++    } catch (err) {
++      if (err instanceof RangeError) {
++        throw createError(400, 'The input exceeded the depth', {
++          type: 'querystring.parse.rangeError'
++        })
++      } else {
++        throw err
++      }
++    }
+   }
+ }
+ 
+-- 
+2.39.4
+
diff --git a/SPECS/python-tensorboard/python-tensorboard.spec b/SPECS/python-tensorboard/python-tensorboard.spec
index 135936c85c4..3933a1bfd06 100644
--- a/SPECS/python-tensorboard/python-tensorboard.spec
+++ b/SPECS/python-tensorboard/python-tensorboard.spec
@@ -7,7 +7,7 @@ TensorBoard is a suite of web applications for inspecting and understanding your
 Summary:        TensorBoard is a suite of web applications for inspecting and understanding your TensorFlow runs and graphs
 Name:           python-%{pypi_name}
 Version:        2.16.2
-Release:        4%{?dist}
+Release:        5%{?dist}
 License:        ASL 2.0
 Vendor:         Microsoft Corporation
 Distribution:   Azure Linux
@@ -17,6 +17,7 @@ Source0:        %{_distro_sources_url}/%{name}-%{version}.tar.gz#/%{name}-%{vers
 Patch0:         0000-Use-system-package.patch
 Patch1:         CVE-2024-43788.patch
 Patch2:         CVE-2024-43796.patch
+Patch3:         CVE-2024-45590.patch
 
 BuildRequires:  bazel
 BuildRequires:  build-essential
@@ -96,6 +97,9 @@ mv %{pypi_name}-*.whl pyproject-wheeldir/
 %{python3_sitelib}/tensorboard_data_server*
 
 %changelog
+* Thu Sep 26 09 2024 Rohit Rawat <rohitrawat@microsoft.com> - 2.16.2-5
+- Patch to fix CVE-2024-45590
+
 * Wed Sep 25 09 2024 Rohit Rawat <rohitrawat@microsoft.com> - 2.16.2-4
 - Patch to fix CVE-2024-43796
 

From 26714d2ebb8b28efd5f90bb357ff75bc2e6e9513 Mon Sep 17 00:00:00 2001
From: Chris Gunn <chrisgun@microsoft.com>
Date: Thu, 26 Sep 2024 10:58:35 -0700
Subject: [PATCH 31/59] Image Customizer: Rename additionDirs fields. (#10549)

Rename `sourcePath` and `destinationPath` to `source` and `destination`.
---
 .../imagecustomizer/docs/configuration.md     | 28 ++++++++--------
 toolkit/tools/imagecustomizerapi/dirconfig.go | 12 +++----
 .../imagecustomizerapi/dirconfig_test.go      | 32 +++++++++----------
 toolkit/tools/imagecustomizerapi/os_test.go   |  6 ++--
 .../pkg/imagecustomizerlib/customizefiles.go  |  8 ++---
 .../imagecustomizerlib/customizefiles_test.go | 12 +++----
 .../testdata/adddirs-config.yaml              |  4 +--
 7 files changed, 51 insertions(+), 51 deletions(-)

diff --git a/toolkit/tools/imagecustomizer/docs/configuration.md b/toolkit/tools/imagecustomizer/docs/configuration.md
index fbdc9209839..32e244bf3c1 100644
--- a/toolkit/tools/imagecustomizer/docs/configuration.md
+++ b/toolkit/tools/imagecustomizer/docs/configuration.md
@@ -170,8 +170,8 @@ os:
         - [permissions](#permissions-string)
     - [additionalDirs](#additionaldirs-dirconfig)
       - [dirConfig](#dirconfig-type)
-        - [sourcePath](#dirconfig-sourcePath)
-        - [destinationPath](#dirconfig-destinationPath)
+        - [source](#dirconfig-source)
+        - [destination](#dirconfig-destination)
         - [newDirPermissions](#newdirpermissions-string)
         - [mergedDirPermissions](#mergeddirpermissions-string)
         - [childFilePermissions](#childfilepermissions-string)
@@ -620,15 +620,15 @@ Specifies options for placing a directory in the OS.
 
 Type is used by: [additionalDirs](#additionaldirs-dirconfig)
 
-<div id="dirconfig-sourcePath"></div>
+<div id="dirconfig-source"></div>
 
-### sourcePath [string]
+### source [string]
 
 The absolute path to the source directory that will be copied.
 
-<div id="dirconfig-destinationPath"></div>
+<div id="dirconfig-destination"></div>
 
-### destinationPath [string]
+### destination [string]
 
 The absolute path in the target OS that the source directory will be copied to.
 
@@ -637,8 +637,8 @@ Example:
 ```yaml
 os:
   additionalDirs:
-    - sourcePath: "home/files/targetDir"
-      destinationPath: "usr/project/targetDir"
+    - source: "home/files/targetDir"
+      destination: "usr/project/targetDir"
 ```
 
 ### newDirPermissions [string]
@@ -666,8 +666,8 @@ Example:
 ```yaml
 os:
   additionalDirs:
-    - sourcePath: "home/files/targetDir"
-      destinationPath: "usr/project/targetDir"
+    - source: "home/files/targetDir"
+      destination: "usr/project/targetDir"
       newDirPermissions: "644"
       mergedDirPermissions: "777"
       childFilePermissions: "644"
@@ -1324,11 +1324,11 @@ Example:
 os:
   additionalDirs:
     # Copying directory with default permission options.
-    - sourcePath: "path/to/local/directory/"
-      destinationPath: "/path/to/destination/directory/"
+    - source: "path/to/local/directory/"
+      destination: "/path/to/destination/directory/"
     # Copying directory with specific permission options.
-    - sourcePath: "path/to/local/directory/"
-      destinationPath: "/path/to/destination/directory/"
+    - source: "path/to/local/directory/"
+      destination: "/path/to/destination/directory/"
       newDirPermissions: 0644
       mergedDirPermissions: 0777
       childFilePermissions: 0644
diff --git a/toolkit/tools/imagecustomizerapi/dirconfig.go b/toolkit/tools/imagecustomizerapi/dirconfig.go
index f7e7580b392..e11be86e0c8 100644
--- a/toolkit/tools/imagecustomizerapi/dirconfig.go
+++ b/toolkit/tools/imagecustomizerapi/dirconfig.go
@@ -13,10 +13,10 @@ type DirConfigList []DirConfig
 
 type DirConfig struct {
 	// The path to the source directory that will be copied (can be relative or absolute path).
-	SourcePath string `yaml:"sourcePath"`
+	Source string `yaml:"source"`
 
 	// The absolute path in the target OS that the directory will be copied to.
-	DestinationPath string `yaml:"destinationPath"`
+	Destination string `yaml:"destination"`
 
 	// The permissions to set on all of the new directories being created on the target OS (including the top-level directory).
 	// Note: If this value is not specified in the config, the permissions for these directories will be set to 0755.
@@ -44,11 +44,11 @@ func (l *DirConfigList) IsValid() (err error) {
 
 func (d *DirConfig) IsValid() (err error) {
 	// Paths
-	if d.SourcePath == "" {
-		return fmt.Errorf("invalid sourcePath value: empty string")
+	if d.Source == "" {
+		return fmt.Errorf("invalid 'source' value: empty string")
 	}
-	if d.DestinationPath == "" {
-		return fmt.Errorf("invalid destinationPath value: empty string")
+	if d.Destination == "" {
+		return fmt.Errorf("invalid 'destination' value: empty string")
 	}
 
 	// Permissions
diff --git a/toolkit/tools/imagecustomizerapi/dirconfig_test.go b/toolkit/tools/imagecustomizerapi/dirconfig_test.go
index aaec8ef7a2f..73482cbd223 100644
--- a/toolkit/tools/imagecustomizerapi/dirconfig_test.go
+++ b/toolkit/tools/imagecustomizerapi/dirconfig_test.go
@@ -19,8 +19,8 @@ func TestDirConfigListIsValidEmpty(t *testing.T) {
 func TestDirConfigListIsValidValidItem(t *testing.T) {
 	list := DirConfigList{
 		DirConfig{
-			SourcePath:      "a.txt",
-			DestinationPath: "/a.txt",
+			Source:      "a.txt",
+			Destination: "/a.txt",
 		},
 	}
 	err := list.IsValid()
@@ -30,8 +30,8 @@ func TestDirConfigListIsValidValidItem(t *testing.T) {
 func TestDirConfigListIsValidValidItemWithPermissions(t *testing.T) {
 	list := DirConfigList{
 		DirConfig{
-			SourcePath:           "a.txt",
-			DestinationPath:      "/a.txt",
+			Source:               "a.txt",
+			Destination:          "/a.txt",
 			NewDirPermissions:    ptrutils.PtrTo(FilePermissions(0o777)),
 			MergedDirPermissions: ptrutils.PtrTo(FilePermissions(0o777)),
 			ChildFilePermissions: ptrutils.PtrTo(FilePermissions(0o777)),
@@ -44,32 +44,32 @@ func TestDirConfigListIsValidValidItemWithPermissions(t *testing.T) {
 func TestDirConfigListIsValidEmptySource(t *testing.T) {
 	list := DirConfigList{
 		DirConfig{
-			SourcePath:      "",
-			DestinationPath: "/a.txt",
+			Source:      "",
+			Destination: "/a.txt",
 		},
 	}
 	err := list.IsValid()
 	assert.ErrorContains(t, err, "invalid value at index 0")
-	assert.ErrorContains(t, err, "invalid sourcePath value: empty string")
+	assert.ErrorContains(t, err, "invalid 'source' value: empty string")
 }
 
 func TestDirConfigListIsValidEmptyDestination(t *testing.T) {
 	list := DirConfigList{
 		DirConfig{
-			SourcePath:      "a.txt",
-			DestinationPath: "",
+			Source:      "a.txt",
+			Destination: "",
 		},
 	}
 	err := list.IsValid()
 	assert.ErrorContains(t, err, "invalid value at index 0")
-	assert.ErrorContains(t, err, "invalid destinationPath value: empty string")
+	assert.ErrorContains(t, err, "invalid 'destination' value: empty string")
 }
 
 func TestDirConfigListIsValidInvalidNewDirPermissions(t *testing.T) {
 	list := DirConfigList{
 		DirConfig{
-			SourcePath:        "a.txt",
-			DestinationPath:   "/a.txt",
+			Source:            "a.txt",
+			Destination:       "/a.txt",
 			NewDirPermissions: ptrutils.PtrTo(FilePermissions(0o1000)),
 		},
 	}
@@ -82,8 +82,8 @@ func TestDirConfigListIsValidInvalidNewDirPermissions(t *testing.T) {
 func TestDirConfigListIsValidInvalidMergedDirPermissions(t *testing.T) {
 	list := DirConfigList{
 		DirConfig{
-			SourcePath:           "a.txt",
-			DestinationPath:      "/a.txt",
+			Source:               "a.txt",
+			Destination:          "/a.txt",
 			MergedDirPermissions: ptrutils.PtrTo(FilePermissions(0o1000)),
 		},
 	}
@@ -96,8 +96,8 @@ func TestDirConfigListIsValidInvalidMergedDirPermissions(t *testing.T) {
 func TestDirConfigListIsValidInvalidChildFilePermissions(t *testing.T) {
 	list := DirConfigList{
 		DirConfig{
-			SourcePath:           "a.txt",
-			DestinationPath:      "/a.txt",
+			Source:               "a.txt",
+			Destination:          "/a.txt",
 			ChildFilePermissions: ptrutils.PtrTo(FilePermissions(0o1000)),
 		},
 	}
diff --git a/toolkit/tools/imagecustomizerapi/os_test.go b/toolkit/tools/imagecustomizerapi/os_test.go
index f04ca66a37e..529d892141d 100644
--- a/toolkit/tools/imagecustomizerapi/os_test.go
+++ b/toolkit/tools/imagecustomizerapi/os_test.go
@@ -110,8 +110,8 @@ func TestOSIsValidInvalidAdditionalDirs(t *testing.T) {
 	os := OS{
 		AdditionalDirs: DirConfigList{
 			{
-				SourcePath:      "",
-				DestinationPath: "/a",
+				Source:      "",
+				Destination: "/a",
 			},
 		},
 	}
@@ -119,7 +119,7 @@ func TestOSIsValidInvalidAdditionalDirs(t *testing.T) {
 	err := os.IsValid()
 	assert.ErrorContains(t, err, "invalid additionalDirs")
 	assert.ErrorContains(t, err, "invalid value at index 0")
-	assert.ErrorContains(t, err, "invalid sourcePath value: empty string")
+	assert.ErrorContains(t, err, "invalid 'source' value: empty string")
 }
 
 func TestOSIsValidInvalidUser(t *testing.T) {
diff --git a/toolkit/tools/pkg/imagecustomizerlib/customizefiles.go b/toolkit/tools/pkg/imagecustomizerlib/customizefiles.go
index a198ea70988..570660191d1 100644
--- a/toolkit/tools/pkg/imagecustomizerlib/customizefiles.go
+++ b/toolkit/tools/pkg/imagecustomizerlib/customizefiles.go
@@ -46,8 +46,8 @@ func copyAdditionalFiles(baseConfigPath string, additionalFiles imagecustomizera
 
 func copyAdditionalDirs(baseConfigPath string, additionalDirs imagecustomizerapi.DirConfigList, imageChroot *safechroot.Chroot) error {
 	for _, dirConfigElement := range additionalDirs {
-		absSourceDir := file.GetAbsPathWithBase(baseConfigPath, dirConfigElement.SourcePath)
-		logger.Log.Infof("Copying %s to %s", absSourceDir, dirConfigElement.DestinationPath)
+		absSourceDir := file.GetAbsPathWithBase(baseConfigPath, dirConfigElement.Source)
+		logger.Log.Infof("Copying %s to %s", absSourceDir, dirConfigElement.Destination)
 
 		// Setting permissions values. They are set to a default value if they have not been specified.
 		newDirPermissionsValue := fs.FileMode(defaultFilePermissions)
@@ -61,14 +61,14 @@ func copyAdditionalDirs(baseConfigPath string, additionalDirs imagecustomizerapi
 
 		dirToCopy := safechroot.DirToCopy{
 			Src:                  absSourceDir,
-			Dest:                 dirConfigElement.DestinationPath,
+			Dest:                 dirConfigElement.Destination,
 			NewDirPermissions:    newDirPermissionsValue,
 			ChildFilePermissions: childFilePermissionsValue,
 			MergedDirPermissions: (*fs.FileMode)(dirConfigElement.MergedDirPermissions),
 		}
 		err := imageChroot.AddDirs(dirToCopy)
 		if err != nil {
-			return fmt.Errorf("failed to copy directory (%s) to (%s):\n%w", absSourceDir, dirConfigElement.DestinationPath, err)
+			return fmt.Errorf("failed to copy directory (%s) to (%s):\n%w", absSourceDir, dirConfigElement.Destination, err)
 		}
 	}
 	return nil
diff --git a/toolkit/tools/pkg/imagecustomizerlib/customizefiles_test.go b/toolkit/tools/pkg/imagecustomizerlib/customizefiles_test.go
index 600d5f848cf..d417162bc08 100644
--- a/toolkit/tools/pkg/imagecustomizerlib/customizefiles_test.go
+++ b/toolkit/tools/pkg/imagecustomizerlib/customizefiles_test.go
@@ -148,8 +148,8 @@ func TestCopyAdditionalDirs(t *testing.T) {
 	err = copyAdditionalDirs(baseConfigPath,
 		imagecustomizerapi.DirConfigList{
 			{
-				SourcePath:           "dirs/a",
-				DestinationPath:      "/",
+				Source:               "dirs/a",
+				Destination:          "/",
 				ChildFilePermissions: ptrutils.PtrTo(imagecustomizerapi.FilePermissions(0o755)),
 				NewDirPermissions:    ptrutils.PtrTo(imagecustomizerapi.FilePermissions(0o750)),
 			},
@@ -172,8 +172,8 @@ func TestCopyAdditionalDirs(t *testing.T) {
 	err = copyAdditionalDirs(baseConfigPath,
 		imagecustomizerapi.DirConfigList{
 			{
-				SourcePath:           "dirs/b",
-				DestinationPath:      "/usr/local",
+				Source:               "dirs/b",
+				Destination:          "/usr/local",
 				ChildFilePermissions: ptrutils.PtrTo(imagecustomizerapi.FilePermissions(0o750)),
 				MergedDirPermissions: ptrutils.PtrTo(imagecustomizerapi.FilePermissions(0o755)),
 			},
@@ -249,8 +249,8 @@ func TestCustomizeImageAdditionalDirsInfiniteFile(t *testing.T) {
 		OS: &imagecustomizerapi.OS{
 			AdditionalDirs: []imagecustomizerapi.DirConfig{
 				{
-					SourcePath:      srcDirPath,
-					DestinationPath: "/a",
+					Source:      srcDirPath,
+					Destination: "/a",
 				},
 			},
 		},
diff --git a/toolkit/tools/pkg/imagecustomizerlib/testdata/adddirs-config.yaml b/toolkit/tools/pkg/imagecustomizerlib/testdata/adddirs-config.yaml
index 18d438b3d86..fd1dcc11c1b 100644
--- a/toolkit/tools/pkg/imagecustomizerlib/testdata/adddirs-config.yaml
+++ b/toolkit/tools/pkg/imagecustomizerlib/testdata/adddirs-config.yaml
@@ -1,4 +1,4 @@
 os:
   additionalDirs:
-  - sourcePath: dirs/a
-    destinationPath: /
+  - source: dirs/a
+    destination: /

From 1c1a639ac5f9bf5f5369861d16ef3457e91f203f Mon Sep 17 00:00:00 2001
From: Chris Gunn <chrisgun@microsoft.com>
Date: Thu, 26 Sep 2024 11:04:03 -0700
Subject: [PATCH 32/59] Image Customizer: Support filesystem-less partitions.
 (#10534)

Allow partitions to be specified without specifying a filesystem type. This is particularly useful for the BIOS boot partition and the verity hash partition.
---
 .../tools/imagecustomizerapi/config_test.go   |  1 -
 toolkit/tools/imagecustomizerapi/disk.go      |  2 +-
 .../imagecustomizerapi/filesystemtype.go      |  3 +-
 toolkit/tools/imagecustomizerapi/partition.go |  8 ---
 toolkit/tools/imagecustomizerapi/storage.go   | 30 +++++----
 .../tools/imagecustomizerapi/storage_test.go  | 66 +++++++++++++++++--
 toolkit/tools/imagegen/diskutils/diskutils.go |  6 +-
 .../testdata/legacyboot-config.yaml           |  3 -
 .../testdata/verity-config.yaml               |  3 -
 .../pkg/imagecustomizerlib/typeConversion.go  |  5 +-
 10 files changed, 90 insertions(+), 37 deletions(-)

diff --git a/toolkit/tools/imagecustomizerapi/config_test.go b/toolkit/tools/imagecustomizerapi/config_test.go
index 92c46a0ffa7..f87ac1a9aea 100644
--- a/toolkit/tools/imagecustomizerapi/config_test.go
+++ b/toolkit/tools/imagecustomizerapi/config_test.go
@@ -66,7 +66,6 @@ func TestConfigIsValidLegacy(t *testing.T) {
 			FileSystems: []FileSystem{
 				{
 					DeviceId: "boot",
-					Type:     "fat32",
 				},
 			},
 		},
diff --git a/toolkit/tools/imagecustomizerapi/disk.go b/toolkit/tools/imagecustomizerapi/disk.go
index 1ccb51bf06f..97bd7e3699c 100644
--- a/toolkit/tools/imagecustomizerapi/disk.go
+++ b/toolkit/tools/imagecustomizerapi/disk.go
@@ -76,7 +76,7 @@ func (d *Disk) IsValid() error {
 			}
 		}
 
-		if partition.IsBiosBoot() {
+		if partition.Type == PartitionTypeBiosGrub {
 			if *partition.Start != diskutils.MiB {
 				return fmt.Errorf("BIOS boot partition must start at 1 MiB")
 			}
diff --git a/toolkit/tools/imagecustomizerapi/filesystemtype.go b/toolkit/tools/imagecustomizerapi/filesystemtype.go
index 2525a0a64b2..d033176804e 100644
--- a/toolkit/tools/imagecustomizerapi/filesystemtype.go
+++ b/toolkit/tools/imagecustomizerapi/filesystemtype.go
@@ -11,6 +11,7 @@ import (
 type FileSystemType string
 
 const (
+	FileSystemTypeNone  FileSystemType = ""
 	FileSystemTypeExt4  FileSystemType = "ext4"
 	FileSystemTypeXfs   FileSystemType = "xfs"
 	FileSystemTypeFat32 FileSystemType = "fat32"
@@ -19,7 +20,7 @@ const (
 
 func (t FileSystemType) IsValid() error {
 	switch t {
-	case FileSystemTypeExt4, FileSystemTypeXfs, FileSystemTypeFat32, FileSystemTypeVfat:
+	case FileSystemTypeNone, FileSystemTypeExt4, FileSystemTypeXfs, FileSystemTypeFat32, FileSystemTypeVfat:
 		// All good.
 		return nil
 
diff --git a/toolkit/tools/imagecustomizerapi/partition.go b/toolkit/tools/imagecustomizerapi/partition.go
index a86481d9386..8e779ca8571 100644
--- a/toolkit/tools/imagecustomizerapi/partition.go
+++ b/toolkit/tools/imagecustomizerapi/partition.go
@@ -58,14 +58,6 @@ func (p *Partition) GetEnd() (DiskSize, bool) {
 	return 0, false
 }
 
-func (p *Partition) IsESP() bool {
-	return p.Type == PartitionTypeESP
-}
-
-func (p *Partition) IsBiosBoot() bool {
-	return p.Type == PartitionTypeBiosGrub
-}
-
 // isGPTNameValid checks if a GPT partition name is valid.
 func isGPTNameValid(name string) error {
 	// The max partition name length is 36 UTF-16 code units, including a null terminator.
diff --git a/toolkit/tools/imagecustomizerapi/storage.go b/toolkit/tools/imagecustomizerapi/storage.go
index 9d896474cb4..c5f49dbd1b0 100644
--- a/toolkit/tools/imagecustomizerapi/storage.go
+++ b/toolkit/tools/imagecustomizerapi/storage.go
@@ -66,28 +66,36 @@ func (s *Storage) IsValid() error {
 			partitionSet[partition.Id] = partition
 
 			fileSystem, hasFileSystem := fileSystemSet[partition.Id]
-			if !hasFileSystem {
-				return fmt.Errorf("invalid disk at index %d:\npartition (%s) at index %d must have a corresponding filesystem entry",
-					i, partition.Id, j)
-			}
 
 			// Ensure special partitions have the correct filesystem type.
-			if partition.IsESP() {
+			switch partition.Type {
+			case PartitionTypeESP:
 				espPartitionExists = true
 
-				if fileSystem.Type != FileSystemTypeFat32 && fileSystem.Type != FileSystemTypeVfat {
-					return fmt.Errorf("ESP partition must have 'fat32' or 'vfat' filesystem type")
+				if !hasFileSystem || (fileSystem.Type != FileSystemTypeFat32 && fileSystem.Type != FileSystemTypeVfat) {
+					return fmt.Errorf("ESP partition (%s) must have 'fat32' or 'vfat' filesystem type", partition.Id)
 				}
-			}
 
-			if partition.IsBiosBoot() {
+			case PartitionTypeBiosGrub:
 				biosBootPartitionExists = true
 
-				if fileSystem.Type != FileSystemTypeFat32 && fileSystem.Type != FileSystemTypeVfat {
-					return fmt.Errorf("BIOS boot partition must have 'fat32' or 'vfat' filesystem type")
+				if hasFileSystem {
+					if fileSystem.Type != "" {
+						return fmt.Errorf("BIOS boot partition (%s) must not have a filesystem 'type'",
+							partition.Id)
+					}
+
+					if fileSystem.MountPoint != nil {
+						return fmt.Errorf("BIOS boot partition (%s) must not have a 'mountPoint'", partition.Id)
+					}
 				}
 			}
 
+			// Ensure filesystem entires with a mountPoint also have a filesystem type value.
+			if hasFileSystem && fileSystem.MountPoint != nil && fileSystem.Type == FileSystemTypeNone {
+				return fmt.Errorf("filesystem with 'mountPoint' must have a 'type'")
+			}
+
 			// Count the number of partitions that use each label.
 			partitionLabelCounts[partition.Label] += 1
 		}
diff --git a/toolkit/tools/imagecustomizerapi/storage_test.go b/toolkit/tools/imagecustomizerapi/storage_test.go
index 3641151187e..1dc366c5d39 100644
--- a/toolkit/tools/imagecustomizerapi/storage_test.go
+++ b/toolkit/tools/imagecustomizerapi/storage_test.go
@@ -116,6 +116,35 @@ func TestStorageIsValidUnsupportedFileSystem(t *testing.T) {
 	assert.ErrorContains(t, err, "invalid fileSystemType value (ntfs)")
 }
 
+func TestStorageIsValidMountPointWithoutFileSystem(t *testing.T) {
+	storage := Storage{
+		Disks: []Disk{{
+			PartitionTableType: PartitionTableTypeGpt,
+			MaxSize:            ptrutils.PtrTo(DiskSize(2 * diskutils.GiB)),
+			Partitions: []Partition{
+				{
+					Id:    "a",
+					Start: ptrutils.PtrTo(DiskSize(1 * diskutils.MiB)),
+					End:   nil,
+				},
+			},
+		}},
+		BootType: BootTypeEfi,
+		FileSystems: []FileSystem{
+			{
+				DeviceId: "a",
+				MountPoint: &MountPoint{
+					Path: "/",
+				},
+			},
+		},
+	}
+
+	err := storage.IsValid()
+	assert.Error(t, err)
+	assert.ErrorContains(t, err, "filesystem with 'mountPoint' must have a 'type'")
+}
+
 func TestStorageIsValidMissingFileSystemEntry(t *testing.T) {
 	storage := Storage{
 		Disks: []Disk{{
@@ -135,8 +164,7 @@ func TestStorageIsValidMissingFileSystemEntry(t *testing.T) {
 
 	err := storage.IsValid()
 	assert.Error(t, err)
-	assert.ErrorContains(t, err, "invalid disk at index 0")
-	assert.ErrorContains(t, err, "partition (esp) at index 0 must have a corresponding filesystem entry")
+	assert.ErrorContains(t, err, "ESP partition (esp) must have 'fat32' or 'vfat' filesystem type")
 }
 
 func TestStorageIsValidBadEspFsType(t *testing.T) {
@@ -164,7 +192,7 @@ func TestStorageIsValidBadEspFsType(t *testing.T) {
 
 	err := storage.IsValid()
 	assert.Error(t, err)
-	assert.ErrorContains(t, err, "ESP partition must have 'fat32' or 'vfat' filesystem type")
+	assert.ErrorContains(t, err, "ESP partition (esp) must have 'fat32' or 'vfat' filesystem type")
 }
 
 func TestStorageIsValidBadBiosBootFsType(t *testing.T) {
@@ -192,7 +220,37 @@ func TestStorageIsValidBadBiosBootFsType(t *testing.T) {
 
 	err := storage.IsValid()
 	assert.Error(t, err)
-	assert.ErrorContains(t, err, "BIOS boot partition must have 'fat32' or 'vfat' filesystem type")
+	assert.ErrorContains(t, err, "BIOS boot partition (bios) must not have a filesystem 'type'")
+}
+
+func TestStorageIsValidBiosWithMountPoint(t *testing.T) {
+	storage := Storage{
+		Disks: []Disk{{
+			PartitionTableType: PartitionTableTypeGpt,
+			MaxSize:            ptrutils.PtrTo(DiskSize(2 * diskutils.GiB)),
+			Partitions: []Partition{
+				{
+					Id:    "bios",
+					Start: ptrutils.PtrTo(DiskSize(1 * diskutils.MiB)),
+					End:   nil,
+					Type:  PartitionTypeBiosGrub,
+				},
+			},
+		}},
+		BootType: BootTypeEfi,
+		FileSystems: []FileSystem{
+			{
+				DeviceId: "bios",
+				MountPoint: &MountPoint{
+					Path: "/boot/bios",
+				},
+			},
+		},
+	}
+
+	err := storage.IsValid()
+	assert.Error(t, err)
+	assert.ErrorContains(t, err, "BIOS boot partition (bios) must not have a 'mountPoint'")
 }
 
 func TestStorageIsValidBadBiosBootStart(t *testing.T) {
diff --git a/toolkit/tools/imagegen/diskutils/diskutils.go b/toolkit/tools/imagegen/diskutils/diskutils.go
index 77fc3dc3889..5e441206b4c 100644
--- a/toolkit/tools/imagegen/diskutils/diskutils.go
+++ b/toolkit/tools/imagegen/diskutils/diskutils.go
@@ -586,7 +586,11 @@ func createSinglePartition(diskDevPath string, partitionNumber int, partitionTab
 		fsType = "fat32"
 	}
 
-	mkpartArgs = append(mkpartArgs, fsType, fmt.Sprintf(sFmt, start))
+	if fsType != "" {
+		mkpartArgs = append(mkpartArgs, fsType)
+	}
+
+	mkpartArgs = append(mkpartArgs, fmt.Sprintf(sFmt, start))
 
 	if end == 0 {
 		mkpartArgs = append(mkpartArgs, fillToEndOption)
diff --git a/toolkit/tools/pkg/imagecustomizerlib/testdata/legacyboot-config.yaml b/toolkit/tools/pkg/imagecustomizerlib/testdata/legacyboot-config.yaml
index 379244b21bf..1c131fe3067 100644
--- a/toolkit/tools/pkg/imagecustomizerlib/testdata/legacyboot-config.yaml
+++ b/toolkit/tools/pkg/imagecustomizerlib/testdata/legacyboot-config.yaml
@@ -15,9 +15,6 @@ storage:
   bootType: legacy
 
   filesystems:
-  - deviceId: boot
-    type: fat32
-
   - deviceId: rootfs
     type: ext4
     mountPoint:
diff --git a/toolkit/tools/pkg/imagecustomizerlib/testdata/verity-config.yaml b/toolkit/tools/pkg/imagecustomizerlib/testdata/verity-config.yaml
index 73cfd190b7d..6bf255caafe 100644
--- a/toolkit/tools/pkg/imagecustomizerlib/testdata/verity-config.yaml
+++ b/toolkit/tools/pkg/imagecustomizerlib/testdata/verity-config.yaml
@@ -42,9 +42,6 @@ storage:
     type: ext4
     mountPoint:
       path: /
-      
-  - deviceId: verityhash
-    type: fat32
 
   - deviceId: var
     type: ext4
diff --git a/toolkit/tools/pkg/imagecustomizerlib/typeConversion.go b/toolkit/tools/pkg/imagecustomizerlib/typeConversion.go
index 5d56773fd13..545acc77506 100644
--- a/toolkit/tools/pkg/imagecustomizerlib/typeConversion.go
+++ b/toolkit/tools/pkg/imagecustomizerlib/typeConversion.go
@@ -78,14 +78,11 @@ func partitionsToImager(partitions []imagecustomizerapi.Partition, fileSystems [
 
 func partitionToImager(partition imagecustomizerapi.Partition, fileSystems []imagecustomizerapi.FileSystem,
 ) (configuration.Partition, error) {
-	fileSystem, foundMountPoint := sliceutils.FindValueFunc(fileSystems,
+	fileSystem, _ := sliceutils.FindValueFunc(fileSystems,
 		func(fileSystem imagecustomizerapi.FileSystem) bool {
 			return fileSystem.DeviceId == partition.Id
 		},
 	)
-	if !foundMountPoint {
-		return configuration.Partition{}, fmt.Errorf("failed to find filesystem entry with ID (%s)", partition.Id)
-	}
 
 	imagerStart := *partition.Start / diskutils.MiB
 	if *partition.Start%diskutils.MiB != 0 {

From de6e0f85fe50c1c9e899d4fd0b5a843e8ca8ab79 Mon Sep 17 00:00:00 2001
From: Chris Gunn <chrisgun@microsoft.com>
Date: Thu, 26 Sep 2024 16:30:34 -0700
Subject: [PATCH 33/59] Image Customizer: Rename 'isRootfsOverlay' to
 'isInitrdOverlay'. (#10567)

---
 .../imagecustomizer/docs/configuration.md      |  4 ++--
 toolkit/tools/imagecustomizerapi/overlay.go    |  2 +-
 .../tools/imagecustomizerapi/overlay_test.go   | 18 +++++++++---------
 .../imagecustomizerlib/customizeoverlays.go    |  4 ++--
 .../testdata/overlays-config.yaml              |  2 +-
 5 files changed, 15 insertions(+), 15 deletions(-)

diff --git a/toolkit/tools/imagecustomizer/docs/configuration.md b/toolkit/tools/imagecustomizer/docs/configuration.md
index 32e244bf3c1..ff34a96ab81 100644
--- a/toolkit/tools/imagecustomizer/docs/configuration.md
+++ b/toolkit/tools/imagecustomizer/docs/configuration.md
@@ -405,7 +405,7 @@ os:
       - /etc
       upperDir: /var/overlays/etc/upper
       workDir: /var/overlays/etc/work
-      isRootfsOverlay: true
+      isInitrdOverlay: true
       mountDependencies:
       - /var
     - mountPoint: /media
@@ -457,7 +457,7 @@ operations. The workDir is not directly accessible to users.
   
 Example: `/var/overlays/etc/work`
 
-### `isRootfsOverlay` [bool]
+### `isInitrdOverlay` [bool]
 
 A boolean flag indicating whether this overlay is part of the root filesystem.
 If set to `true`, specific adjustments will be made, such as prefixing certain
diff --git a/toolkit/tools/imagecustomizerapi/overlay.go b/toolkit/tools/imagecustomizerapi/overlay.go
index f7c2e5192a7..4fb27c8efeb 100644
--- a/toolkit/tools/imagecustomizerapi/overlay.go
+++ b/toolkit/tools/imagecustomizerapi/overlay.go
@@ -14,7 +14,7 @@ type Overlay struct {
 	UpperDir          string   `yaml:"upperDir"`
 	WorkDir           string   `yaml:"workDir"`
 	MountPoint        string   `yaml:"mountPoint"`
-	IsRootfsOverlay   bool     `yaml:"isRootfsOverlay"`
+	IsInitrdOverlay   bool     `yaml:"isInitrdOverlay"`
 	MountDependencies []string `yaml:"mountDependencies"`
 	MountOptions      string   `yaml:"mountOptions"`
 }
diff --git a/toolkit/tools/imagecustomizerapi/overlay_test.go b/toolkit/tools/imagecustomizerapi/overlay_test.go
index 24c12f18837..258bd9c673e 100644
--- a/toolkit/tools/imagecustomizerapi/overlay_test.go
+++ b/toolkit/tools/imagecustomizerapi/overlay_test.go
@@ -15,7 +15,7 @@ func TestOverlayValidConfiguration(t *testing.T) {
 		UpperDir:          "/upper",
 		WorkDir:           "/work",
 		MountPoint:        "/mnt",
-		IsRootfsOverlay:   false,
+		IsInitrdOverlay:   false,
 		MountDependencies: []string{"/var"},
 		MountOptions:      "noatime",
 	}
@@ -30,7 +30,7 @@ func TestOverlayInvalidEmptyLowerDir(t *testing.T) {
 		UpperDir:          "/upper",
 		WorkDir:           "/work",
 		MountPoint:        "/mnt",
-		IsRootfsOverlay:   false,
+		IsInitrdOverlay:   false,
 		MountDependencies: []string{"/var"},
 		MountOptions:      "noatime",
 	}
@@ -46,7 +46,7 @@ func TestOverlayInvalidInvalidWorkDir(t *testing.T) {
 		UpperDir:          "/upper",
 		WorkDir:           " ",
 		MountPoint:        "/mnt",
-		IsRootfsOverlay:   false,
+		IsInitrdOverlay:   false,
 		MountDependencies: []string{"/var"},
 		MountOptions:      "noatime",
 	}
@@ -61,7 +61,7 @@ func TestOverlayInvalidSameUpperAndWorkDir(t *testing.T) {
 		UpperDir:          "/invalid/same",
 		WorkDir:           "/invalid/same",
 		MountPoint:        "/mnt",
-		IsRootfsOverlay:   false,
+		IsInitrdOverlay:   false,
 		MountDependencies: []string{"/var"},
 		MountOptions:      "noatime",
 	}
@@ -77,7 +77,7 @@ func TestOverlayInvalidWorkDirSubsUpperDir(t *testing.T) {
 		UpperDir:          "/invalid",
 		WorkDir:           "/invalid/same",
 		MountPoint:        "/mnt",
-		IsRootfsOverlay:   false,
+		IsInitrdOverlay:   false,
 		MountDependencies: []string{"/var"},
 		MountOptions:      "noatime",
 	}
@@ -93,7 +93,7 @@ func TestOverlayInvalidUpperDirSubsWorkDir(t *testing.T) {
 		UpperDir:          "/invalid/same",
 		WorkDir:           "/invalid",
 		MountPoint:        "/mnt",
-		IsRootfsOverlay:   false,
+		IsInitrdOverlay:   false,
 		MountDependencies: []string{"/var"},
 		MountOptions:      "noatime",
 	}
@@ -109,7 +109,7 @@ func TestOverlayInvalidMountDependencyPath(t *testing.T) {
 		UpperDir:          "/upper",
 		WorkDir:           "/work",
 		MountPoint:        "/mnt",
-		IsRootfsOverlay:   false,
+		IsInitrdOverlay:   false,
 		MountDependencies: []string{"invalid/path"},
 		MountOptions:      "noatime",
 	}
@@ -125,7 +125,7 @@ func TestOverlayValidEmptyMountDependencies(t *testing.T) {
 		UpperDir:          "/upper",
 		WorkDir:           "/work",
 		MountPoint:        "/mnt",
-		IsRootfsOverlay:   false,
+		IsInitrdOverlay:   false,
 		MountDependencies: []string{},
 		MountOptions:      "noatime",
 	}
@@ -140,7 +140,7 @@ func TestOverlayInvalidMountOptions(t *testing.T) {
 		UpperDir:          "/upper",
 		WorkDir:           "/work",
 		MountPoint:        "/mnt",
-		IsRootfsOverlay:   false,
+		IsInitrdOverlay:   false,
 		MountDependencies: []string{"/var"},
 		MountOptions:      "invalid option with spaces",
 	}
diff --git a/toolkit/tools/pkg/imagecustomizerlib/customizeoverlays.go b/toolkit/tools/pkg/imagecustomizerlib/customizeoverlays.go
index 6cf5093ec06..02544f08651 100644
--- a/toolkit/tools/pkg/imagecustomizerlib/customizeoverlays.go
+++ b/toolkit/tools/pkg/imagecustomizerlib/customizeoverlays.go
@@ -79,7 +79,7 @@ func updateFstabForOverlays(overlays []imagecustomizerapi.Overlay, imageChroot *
 		workDir := overlay.WorkDir
 		mountDependencies := overlay.MountDependencies
 
-		if overlay.IsRootfsOverlay {
+		if overlay.IsInitrdOverlay {
 			// Validate that each mountDependency has the x-initrd.mount option in
 			// the corresponding fstab entry.
 			for i, dep := range mountDependencies {
@@ -117,7 +117,7 @@ func updateFstabForOverlays(overlays []imagecustomizerapi.Overlay, imageChroot *
 		for _, dep := range mountDependencies {
 			options = fmt.Sprintf("%s,x-systemd.requires=%s", options, dep)
 		}
-		if overlay.IsRootfsOverlay {
+		if overlay.IsInitrdOverlay {
 			options = fmt.Sprintf("%s,x-initrd.mount,x-systemd.wanted-by=initrd-fs.target", options)
 		}
 		if overlay.MountOptions != "" {
diff --git a/toolkit/tools/pkg/imagecustomizerlib/testdata/overlays-config.yaml b/toolkit/tools/pkg/imagecustomizerlib/testdata/overlays-config.yaml
index 9255aebfe38..2a72184a0d6 100644
--- a/toolkit/tools/pkg/imagecustomizerlib/testdata/overlays-config.yaml
+++ b/toolkit/tools/pkg/imagecustomizerlib/testdata/overlays-config.yaml
@@ -61,7 +61,7 @@ os:
       - /etc
       upperDir: /var/overlays/etc/upper
       workDir: /var/overlays/etc/work
-      isRootfsOverlay: true
+      isInitrdOverlay: true
       mountDependencies: 
       - /var
     - mountPoint: /media

From 69c5c4ca16fad84a1143bbbeaa25c0f5d31f0ebb Mon Sep 17 00:00:00 2001
From: Muhammad Falak R Wani <falakreyaz@gmail.com>
Date: Fri, 27 Sep 2024 12:00:57 +0530
Subject: [PATCH 34/59] python-argcomplete: drop check dep BR fish to enable
 build (#10546)

Signed-off-by: Muhammad Falak R Wani <falakreyaz@gmail.com>
---
 SPECS-EXTENDED/python-argcomplete/python-argcomplete.spec | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/SPECS-EXTENDED/python-argcomplete/python-argcomplete.spec b/SPECS-EXTENDED/python-argcomplete/python-argcomplete.spec
index 8b96444418c..5ed26bc9b0e 100644
--- a/SPECS-EXTENDED/python-argcomplete/python-argcomplete.spec
+++ b/SPECS-EXTENDED/python-argcomplete/python-argcomplete.spec
@@ -7,14 +7,14 @@ Distribution:   Azure Linux
 Name:          python-%{modname}
 Summary:       Bash tab completion for argparse
 Version:       1.10.0
-Release:       6%{?dist}
+Release:       7%{?dist}
 License:       ASL 2.0
 URL:           https://github.com/kislyuk/argcomplete
 Source0:       %pypi_source argcomplete
 
 %if %{with check}
 BuildRequires: tcsh
-BuildRequires: fish
+#BuildRequires: fish
 %endif
 
 BuildArch:     noarch
@@ -84,6 +84,9 @@ install -p -m0644 %{buildroot}%{python3_sitelib}/%{modname}/bash_completion.d/py
 %{_sysconfdir}/bash_completion.d/python-argcomplete.sh
 
 %changelog
+* Wed Sep 25 2024 Muhammad Falak <mwani@microsoft.com> - 1.10.0-7
+- Drop BR on fish to enable build
+
 * Mon Jul 05 2022 Daniel McIlvaney <damcilva@microsoft.com> - 1.10.0-6
 - Bump release due to bump in fish to 3.5.0.
 - License verified.

From 5198a36b7aefbf2a2cd79fc18cc40634dc66aded Mon Sep 17 00:00:00 2001
From: Muhammad Falak R Wani <falakreyaz@gmail.com>
Date: Fri, 27 Sep 2024 12:27:12 +0530
Subject: [PATCH 35/59] python-ldap: upgrade 3.4.0 -> 3.4.4 (#10570)

Changelog: https://github.com/python-ldap/python-ldap/releases/tag/python-ldap-3.4.4
Signed-off-by: Muhammad Falak R Wani <falakreyaz@gmail.com>
---
 .../python-ldap/python-ldap.signatures.json   |  8 ++---
 SPECS-EXTENDED/python-ldap/python-ldap.spec   | 32 +++++++++++++------
 cgmanifest.json                               |  4 +--
 3 files changed, 29 insertions(+), 15 deletions(-)

diff --git a/SPECS-EXTENDED/python-ldap/python-ldap.signatures.json b/SPECS-EXTENDED/python-ldap/python-ldap.signatures.json
index dc1112c50fc..10f56011ed0 100644
--- a/SPECS-EXTENDED/python-ldap/python-ldap.signatures.json
+++ b/SPECS-EXTENDED/python-ldap/python-ldap.signatures.json
@@ -1,5 +1,5 @@
 {
-  "Signatures": {
-    "python-ldap-3.4.0.tar.gz": "60464c8fc25e71e0fd40449a24eae482dcd0fb7fcf823e7de627a6525b3e0d12"
-  }
-}
+ "Signatures": {
+  "python-ldap-3.4.4.tar.gz": "98c03c14724636351964606a307bf946fa6248630c2d6b89938a6911b6b84c99"
+ }
+}
\ No newline at end of file
diff --git a/SPECS-EXTENDED/python-ldap/python-ldap.spec b/SPECS-EXTENDED/python-ldap/python-ldap.spec
index 4aab88a6c71..ec938b53a02 100644
--- a/SPECS-EXTENDED/python-ldap/python-ldap.spec
+++ b/SPECS-EXTENDED/python-ldap/python-ldap.spec
@@ -1,5 +1,4 @@
 ### Abstract ###
-# global prerelease b4
 %global openldap_version 2.4.45-4
 %global _description\
 python-ldap provides an object-oriented API for working with LDAP within\
@@ -9,13 +8,13 @@ OpenLDAP 2.x libraries, and contains modules for other LDAP-related tasks\
 
 Summary:        An object-oriented API to access LDAP directory servers
 Name:           python-ldap
-Version:        3.4.0
+Version:        3.4.4
 Release:        1%{?dist}
 License:        Python
 Vendor:         Microsoft Corporation
 Distribution:   Azure Linux
 URL:            http://python-ldap.org/
-Source0:        https://files.pythonhosted.org/packages/source/p/%{name}/%{name}-%{version}%{?prerelease}.tar.gz
+Source0:        https://github.com/%{name}/%{name}/archive/refs/tags/%{name}-%{version}.tar.gz
 
 # Test dependencies
 BuildRequires:  %{_bindir}/tox
@@ -30,6 +29,9 @@ BuildRequires:  python3-devel
 BuildRequires:  python3-pyasn1 >= 0.3.7
 BuildRequires:  python3-pyasn1-modules >= 0.1.5
 BuildRequires:  python3-setuptools
+%if %{with check}
+BuildRequires:  python3-pip
+%endif
 
 %description %{_description}
 
@@ -47,14 +49,14 @@ Provides:       python3-pyldap%{?_isa} = %{version}-%{release}
 %description -n python3-ldap %{_description}
 
 %prep
-%setup -q -n %{name}-%{version}%{?prerelease}
+%autosetup -p1 -n %{name}-%{name}-%{version}%{?prerelease}
 
 # Fix interpreter
 find . -name '*.py' | xargs sed -i '1s|^#!/usr/bin/env python|#!%{__python3}|'
 
 # Disable warnings in test to work around "'U' mode is deprecated"
 # https://github.com/python-ldap/python-ldap/issues/96
-sed -i 's,-Werror,-Wignore,g' tox.ini
+# sed -i 's,-Werror,-Wignore,g' tox.ini
 
 
 %build
@@ -62,10 +64,18 @@ sed -i 's,-Werror,-Wignore,g' tox.ini
 
 
 %check
-# don't download packages
-export PIP_INDEX_URL=http://host.invalid./
-export PIP_NO_DEPS=yes
-TOXENV=py%{python3_version_nodots} LOGLEVEL=10 tox --sitepackages
+pip3 install tox pluggy py filelock toml six virtualenv
+# env SBIN=/usr/libexec/ python3 -m tox -e py312
+PYTHONPATH=%{buildroot}%{python3_sitearch} %{__python3} -m unittest -v \
+	   Tests/t_cidict.py \
+	   Tests/t_ldap_dn.py \
+	   Tests/t_ldap_filter.py \
+	   Tests/t_ldap_functions.py \
+	   Tests/t_ldap_modlist.py \
+	   Tests/t_ldap_schema_tokenizer.py \
+	   Tests/t_ldapurl.py \
+	   Tests/t_ldif.py \
+	   Tests/t_untested_mods.py
 
 
 %install
@@ -83,6 +93,10 @@ TOXENV=py%{python3_version_nodots} LOGLEVEL=10 tox --sitepackages
 %{python3_sitearch}/python_ldap-%{version}%{?prerelease}-py%{python3_version}.egg-info/
 
 %changelog
+* Thu Sep 26 2024 Muhammad Falak <mwani@microsoft.com> - 3.4.4-1
+- Enable ptest
+- Bump version to 3.4.4
+
 * Tue Sep 19 2023 Archana Choudhary <archana1@microsoft.com> - 3.4.0-1
 - Upgrade to 3.4.0 - CVE-2021-46823
 - License verified
diff --git a/cgmanifest.json b/cgmanifest.json
index 395a4b36ccf..b4914d62a3a 100644
--- a/cgmanifest.json
+++ b/cgmanifest.json
@@ -22983,8 +22983,8 @@
         "type": "other",
         "other": {
           "name": "python-ldap",
-          "version": "3.4.0",
-          "downloadUrl": "https://files.pythonhosted.org/packages/source/p/python-ldap/python-ldap-3.4.0.tar.gz"
+          "version": "3.4.4",
+          "downloadUrl": "https://github.com/python-ldap/python-ldap/archive/refs/tags/python-ldap-3.4.4.tar.gz"
         }
       }
     },

From 6e6c86065a87a9e012334f2d69ea918452ae5231 Mon Sep 17 00:00:00 2001
From: Muhammad Falak R Wani <falakreyaz@gmail.com>
Date: Fri, 27 Sep 2024 15:45:32 +0530
Subject: [PATCH 36/59] 389-ds-base: init at v3.1.0 (#10572)

Signed-off-by: Muhammad Falak R Wani <falakreyaz@gmail.com>
---
 LICENSES-AND-NOTICES/SPECS/LICENSES-MAP.md    |    2 +-
 LICENSES-AND-NOTICES/SPECS/data/licenses.json |    1 +
 .../389-ds-base/389-ds-base-devel.README      |    4 +
 .../389-ds-base/389-ds-base.signatures.json   |    8 +
 SPECS-EXTENDED/389-ds-base/389-ds-base.spec   | 1251 +++++++++++++++++
 .../389-ds-base/389-ds-base.sysusers          |    3 +
 cgmanifest.json                               |   28 +-
 7 files changed, 1287 insertions(+), 10 deletions(-)
 create mode 100644 SPECS-EXTENDED/389-ds-base/389-ds-base-devel.README
 create mode 100644 SPECS-EXTENDED/389-ds-base/389-ds-base.signatures.json
 create mode 100644 SPECS-EXTENDED/389-ds-base/389-ds-base.spec
 create mode 100644 SPECS-EXTENDED/389-ds-base/389-ds-base.sysusers

diff --git a/LICENSES-AND-NOTICES/SPECS/LICENSES-MAP.md b/LICENSES-AND-NOTICES/SPECS/LICENSES-MAP.md
index f746045079a..658ae726931 100644
--- a/LICENSES-AND-NOTICES/SPECS/LICENSES-MAP.md
+++ b/LICENSES-AND-NOTICES/SPECS/LICENSES-MAP.md
@@ -5,7 +5,7 @@ The Azure Linux SPEC files originated from a variety of sources with varying lic
 | CentOS | [MIT](https://www.centos.org/legal/#licensing-policy) | crash-ptdump-command <br> delve <br> fstrm <br> nodejs-nodemon <br> rhnlib <br> rt-setup <br> rt-tests <br> rtctl <br> tuned |
 | Ceph source | [LGPL2.1](https://github.com/ceph/ceph/blob/master/COPYING-LGPL2.1) | ceph |
 | Debian | [MIT](https://opensource.org/licenses/MIT) | prometheus-process-exporter |
-| Fedora | [Fedora MIT License Declaration](https://fedoraproject.org/wiki/Licensing:Main?rd=Licensing#License_of_Fedora_SPEC_Files) | a52dec <br> abseil-cpp <br> accountsservice <br> acpica-tools <br> acpid <br> adcli <br> adobe-mappings-cmap <br> adobe-mappings-pdf <br> advancecomp <br> adwaita-icon-theme <br> afflib <br> aide <br> alsa-firmware <br> alsa-plugins <br> amtk <br> amtterm <br> annobin <br> ansible-freeipa <br> archivemount <br> arptables <br> arpwatch <br> asio <br> aspell <br> aspell-en <br> at <br> at-spi2-atk <br> at-spi2-core <br> atf <br> atk <br> atop <br> attr <br> audiofile <br> augeas <br> authbind <br> authd <br> authselect <br> autoconf213 <br> avahi <br> babeltrace <br> babeltrace2 <br> babl <br> baekmuk-ttf-fonts <br> bats <br> bcache-tools <br> biosdevname <br> blosc <br> bluez <br> bmake <br> bolt <br> boom-boot <br> booth <br> botan2 <br> breezy <br> brotli <br> buildah <br> busybox <br> bwidget <br> byacc <br> ca-certificates <br> cachefilesd <br> cairomm <br> calamares <br> capnproto <br> capstone <br> catatonit <br> catch <br> catch1 <br> cdrdao <br> celt051 <br> cereal <br> certmonger <br> cfitsio <br> cgdcbxd <br> chan <br> CharLS <br> checkpolicy <br> checksec <br> chrony <br> cim-schema <br> cjkuni-uming-fonts <br> cjose <br> ck <br> cldr-emoji-annotation <br> clucene <br> clutter <br> clutter-gst3 <br> clutter-gtk <br> cmocka <br> cogl <br> collectd <br> colm <br> color-filesystem <br> colord <br> colorize <br> compat-lua <br> compiler-rt <br> conda <br> conmon <br> conntrack-tools <br> console-setup <br> container-exception-logger <br> containernetworking-plugins <br> convmv <br> corosync <br> corosync-qdevice <br> cpp-hocon <br> cppcheck <br> cpprest <br> cpptest <br> cpufrequtils <br> cpuid <br> criu <br> crypto-policies <br> cryptsetup <br> cscope <br> ctags <br> CUnit <br> cups <br> custodia <br> Cython <br> dbus-c++ <br> dbus-python <br> dbxtool <br> dconf <br> dcraw <br> debootstrap <br> deltarpm <br> desktop-file-utils <br> device-mapper-persistent-data <br> dhcpcd <br> dietlibc <br> diffstat <br> ding-libs <br> discount <br> distribution-gpg-keys <br> dleyna-connector-dbus <br> dleyna-core <br> dmraid <br> dnf <br> dnf-plugins-core <br> docbook-dtds <br> docbook-simple <br> docbook-slides <br> docbook-style-dsssl <br> docbook-utils <br> docbook2X <br> docbook5-schemas <br> docbook5-style-xsl <br> dogtail <br> dos2unix <br> dotconf <br> dovecot <br> dpdk <br> dpkg <br> driverctl <br> dropwatch <br> drpm <br> duktape <br> dumpet <br> dvd+rw-tools <br> dwarves <br> dwz <br> dyninst <br> ebtables <br> edac-utils <br> edk2 <br> efax <br> efi-rpm-macros <br> egl-wayland <br> eglexternalplatform <br> elinks <br> enca <br> enchant <br> enchant2 <br> enscript <br> environment-modules <br> evemu <br> execstack <br> exempi <br> exiv2 <br> extra-cmake-modules <br> fabtests <br> facter <br> fakechroot <br> fakeroot <br> fdk-aac-free <br> fdupes <br> fence-virt <br> fetchmail <br> fftw <br> filebench <br> fio <br> fipscheck <br> firewalld <br> flac <br> flatbuffers <br> flite <br> fltk <br> fmt <br> fontawesome-fonts <br> fontawesome4-fonts <br> fontpackages <br> fonts-rpm-macros <br> foomatic-db <br> freeglut <br> freeipmi <br> freeradius <br> freetds <br> freexl <br> fribidi <br> fros <br> frr <br> fsverity-utils <br> fuse-overlayfs <br> fuse-sshfs <br> fuse-zip <br> fuse3 <br> future <br> fxload <br> gavl <br> gbenchmark <br> gconf-editor <br> GConf2 <br> gcovr <br> gcr <br> gdal <br> gdisk <br> gdk-pixbuf2 <br> generic-logos <br> genwqe-tools <br> geoclue2 <br> GeoIP <br> GeoIP-GeoLite-data <br> geolite2 <br> geos <br> gfs2-utils <br> ghc-srpm-macros <br> giflib <br> gl-manpages <br> glew <br> glm <br> glog <br> glslang <br> glusterfs <br> gnome-desktop-testing <br> gnome-doc-utils <br> gnome-icon-theme <br> gnome-keyring <br> gnu-efi <br> go-rpm-macros <br> gom <br> google-api-python-client <br> google-crosextra-caladea-fonts <br> google-crosextra-carlito-fonts <br> google-guice <br> google-noto-cjk-fonts <br> google-noto-emoji-fonts <br> google-roboto-slab-fonts <br> gphoto2 <br> gpm <br> gpsbabel <br> graphene <br> graphite2 <br> graphviz <br> grubby <br> gsettings-desktop-schemas <br> gsl <br> gsm <br> gspell <br> gssdp <br> gssntlmssp <br> gstreamer1 <br> gstreamer1-plugins-base <br> gtk-vnc <br> gtk2 <br> gtk3 <br> gtkspell <br> gupnp <br> gupnp-av <br> gupnp-dlna <br> gupnp-igd <br> hardening-check <br> hdf <br> hdf5 <br> heimdal <br> help2man <br> hexedit <br> hicolor-icon-theme <br> hiera <br> highlight <br> hivex <br> hostname <br> hping3 <br> hsakmt <br> htop <br> hunspell <br> hunspell-af <br> hunspell-ar <br> hunspell-as <br> hunspell-ast <br> hunspell-az <br> hunspell-be <br> hunspell-bg <br> hunspell-bn <br> hunspell-br <br> hunspell-ca <br> hunspell-cop <br> hunspell-csb <br> hunspell-cv <br> hunspell-cy <br> hunspell-da <br> hunspell-de <br> hunspell-dsb <br> hunspell-el <br> hunspell-en <br> hunspell-eo <br> hunspell-es <br> hunspell-et <br> hunspell-eu <br> hunspell-fa <br> hunspell-fj <br> hunspell-fo <br> hunspell-fr <br> hunspell-fur <br> hunspell-fy <br> hunspell-ga <br> hunspell-gd <br> hunspell-gl <br> hunspell-grc <br> hunspell-gu <br> hunspell-gv <br> hunspell-haw <br> hunspell-hi <br> hunspell-hil <br> hunspell-hr <br> hunspell-hsb <br> hunspell-ht <br> hunspell-hu <br> hunspell-hy <br> hunspell-ia <br> hunspell-id <br> hunspell-is <br> hunspell-it <br> hunspell-kk <br> hunspell-km <br> hunspell-kn <br> hunspell-ko <br> hunspell-ku <br> hunspell-ky <br> hunspell-la <br> hunspell-lb <br> hunspell-ln <br> hunspell-mai <br> hunspell-mg <br> hunspell-mi <br> hunspell-mk <br> hunspell-ml <br> hunspell-mn <br> hunspell-mos <br> hunspell-mr <br> hunspell-ms <br> hunspell-mt <br> hunspell-nds <br> hunspell-ne <br> hunspell-nl <br> hunspell-no <br> hunspell-nr <br> hunspell-nso <br> hunspell-ny <br> hunspell-om <br> hunspell-or <br> hunspell-pa <br> hunspell-pl <br> hunspell-pt <br> hunspell-quh <br> hunspell-ro <br> hunspell-ru <br> hunspell-rw <br> hunspell-se <br> hunspell-shs <br> hunspell-si <br> hunspell-sk <br> hunspell-sl <br> hunspell-smj <br> hunspell-so <br> hunspell-sq <br> hunspell-sr <br> hunspell-sv <br> hunspell-sw <br> hunspell-ta <br> hunspell-te <br> hunspell-tet <br> hunspell-th <br> hunspell-tk <br> hunspell-tl <br> hunspell-tn <br> hunspell-tpi <br> hunspell-ts <br> hunspell-uk <br> hunspell-uz <br> hunspell-ve <br> hunspell-vi <br> hunspell-wa <br> hunspell-xh <br> hunspell-yi <br> hwdata <br> hwloc <br> hyperscan <br> hyperv-daemons <br> hyphen <br> hyphen-as <br> hyphen-bg <br> hyphen-bn <br> hyphen-ca <br> hyphen-da <br> hyphen-de <br> hyphen-el <br> hyphen-es <br> hyphen-fa <br> hyphen-fo <br> hyphen-fr <br> hyphen-ga <br> hyphen-gl <br> hyphen-grc <br> hyphen-gu <br> hyphen-hi <br> hyphen-hsb <br> hyphen-hu <br> hyphen-ia <br> hyphen-id <br> hyphen-is <br> hyphen-it <br> hyphen-kn <br> hyphen-ku <br> hyphen-lt <br> hyphen-mi <br> hyphen-ml <br> hyphen-mn <br> hyphen-mr <br> hyphen-nl <br> hyphen-or <br> hyphen-pa <br> hyphen-pl <br> hyphen-pt <br> hyphen-ro <br> hyphen-ru <br> hyphen-sa <br> hyphen-sk <br> hyphen-sl <br> hyphen-sv <br> hyphen-ta <br> hyphen-te <br> hyphen-tk <br> hyphen-uk <br> ibus <br> ibus-chewing <br> ibus-hangul <br> ibus-kkc <br> ibus-libzhuyin <br> ibus-m17n <br> ibus-rawcode <br> ibus-sayura <br> ibus-table <br> ibus-table-chinese <br> icc-profiles-openicc <br> icon-naming-utils <br> icoutils <br> iftop <br> iio-sensor-proxy <br> ilmbase <br> im-chooser <br> imaptest <br> imsettings <br> indent <br> infinipath-psm <br> inih <br> iniparser <br> intel-cmt-cat <br> intel-ipsec-mb <br> ioping <br> IP2Location <br> ipa-pgothic-fonts <br> ipcalc <br> ipmitool <br> iprutils <br> iptraf-ng <br> iptstate <br> irssi <br> iscsi-initiator-utils <br> isns-utils <br> iso-codes <br> isomd5sum <br> iw <br> iwd <br> jabberpy <br> jakarta-servlet <br> jasper <br> javapackages-bootstrap <br> javapackages-tools <br> jbigkit <br> jdom2 <br> jemalloc <br> jfsutils <br> jimtcl <br> jose <br> js-jquery <br> jsoncpp <br> Judy <br> jurand <br> kata-containers <br> kde-filesystem <br> kde-settings <br> kexec-tools <br> keybinder3 <br> keycloak-httpd-client-install <br> kf <br> kf-kconfig <br> kf-kcoreaddons <br> kf-ki18n <br> kf-kwidgetsaddons <br> kpmcore <br> kronosnet <br> ksh <br> kyotocabinet <br> kyua <br> ladspa <br> lame <br> langtable <br> lapack <br> lasso <br> latencytop <br> lato-fonts <br> lcms2 <br> lcov <br> ldns <br> leatherman <br> ledmon <br> lensfun <br> leveldb <br> lftp <br> libabw <br> libaec <br> libao <br> libappstream-glib <br> libarrow <br> libart_lgpl <br> libasyncns <br> libatasmart <br> libavc1394 <br> libblockdev <br> libbpf <br> libbsd <br> libburn <br> libbytesize <br> libcacard <br> libcanberra <br> libcdio <br> libcdio-paranoia <br> libcdr <br> libcgroup <br> libchewing <br> libcli <br> libcmis <br> libcmpiutil <br> libcomps <br> libcroco <br> libdaemon <br> libdap <br> libdatrie <br> libdazzle <br> libdbi <br> libdbusmenu <br> libdc1394 <br> libdecor <br> libdeflate <br> libdmx <br> libdnf <br> libdrm <br> libdvdnav <br> libdvdread <br> libdwarf <br> libeasyfc <br> libecap <br> libecb <br> libei <br> libell <br> libEMF <br> libeot <br> libepoxy <br> libepubgen <br> libesmtp <br> libetonyek <br> libev <br> libevdev <br> libexif <br> libexttextcat <br> libfabric <br> libfontenc <br> libfreehand <br> libftdi <br> libgadu <br> libgdither <br> libgee <br> libgee06 <br> libgeotiff <br> libgexiv2 <br> libgit2 <br> libgit2-glib <br> libglade2 <br> libglvnd <br> libgovirt <br> libgphoto2 <br> libgsf <br> libgta <br> libguestfs <br> libgusb <br> libgxim <br> libgxps <br> libhangul <br> libhugetlbfs <br> libibcommon <br> libical <br> libICE <br> libicns <br> libid3tag <br> libIDL <br> libidn2 <br> libiec61883 <br> libieee1284 <br> libimobiledevice <br> libindicator <br> libinput <br> libiodbc <br> libipt <br> libiptcdata <br> libiscsi <br> libisoburn <br> libisofs <br> libjcat <br> libkcapi <br> libkeepalive <br> libkkc <br> libkkc-data <br> libkml <br> liblangtag <br> libldb <br> libldm <br> liblerc <br> liblockfile <br> liblognorm <br> liblouis <br> liblqr-1 <br> liblzf <br> libmad <br> libmd <br> libmediaart <br> libmicrohttpd <br> libmikmod <br> libmodman <br> libmodplug <br> libmodulemd1 <br> libmpcdec <br> libmspub <br> libmtp <br> libmusicbrainz5 <br> libmwaw <br> libnbd <br> libnet <br> libnetfilter_log <br> libnfs <br> libnotify <br> libntlm <br> libnumbertext <br> libnvme <br> liboauth <br> libodfgen <br> libofa <br> libogg <br> liboggz <br> liboil <br> libomxil-bellagio <br> libopenraw <br> liboping <br> libosinfo <br> libotf <br> libotr <br> libpagemaker <br> libpaper <br> libpciaccess <br> libpeas <br> libpfm <br> libpinyin <br> libplist <br> libpmemobj-cpp <br> libpng12 <br> libpng15 <br> libproxy <br> libpsm2 <br> libpwquality <br> libqb <br> libqxp <br> libraqm <br> LibRaw <br> libraw1394 <br> libreport <br> libreswan <br> librevenge <br> librsvg2 <br> librx <br> libsamplerate <br> libsass <br> libsecret <br> libsemanage <br> libsigc++20 <br> libsigsegv <br> libslirp <br> libSM <br> libsmbios <br> libsmi <br> libsndfile <br> libsodium <br> libspiro <br> libsrtp <br> libssh <br> libstaroffice <br> libstemmer <br> libstoragemgmt <br> libtdb <br> libteam <br> libtevent <br> libthai <br> libtnc <br> libtomcrypt <br> libtommath <br> libtpms <br> libtracecmd <br> libtraceevent <br> libtracefs <br> libtranslit <br> libucil <br> libunicap <br> libuninameslist <br> liburing <br> libusbmuxd <br> libuser <br> libutempter <br> libvarlink <br> libverto <br> libvirt-dbus <br> libvirt-glib <br> libvirt-java <br> libvirt-python <br> libvisio <br> libvisual <br> libvoikko <br> libvorbis <br> libvpx <br> libwacom <br> libwnck3 <br> libwpd <br> libwpe <br> libwpg <br> libwps <br> libwvstreams <br> libX11 <br> libXau <br> libXaw <br> libxcb <br> libXcomposite <br> libxcrypt <br> libXcursor <br> libxcvt <br> libXdamage <br> libXdmcp <br> libXext <br> libxfce4util <br> libXfixes <br> libXfont2 <br> libXft <br> libXi <br> libXinerama <br> libxkbcommon <br> libxkbfile <br> libxklavier <br> libxmlb <br> libXmu <br> libXpm <br> libXrandr <br> libXrender <br> libXres <br> libXScrnSaver <br> libxshmfence <br> libXt <br> libXtst <br> libXv <br> libXxf86vm <br> libyami <br> libyang <br> libyubikey <br> libzip <br> libzmf <br> lilv <br> linuxconsoletools <br> linuxptp <br> lksctp-tools <br> lldpd <br> lockdev <br> logwatch <br> lpsolve <br> lrzsz <br> lua <br> lua-expat <br> lua-filesystem <br> lua-json <br> lua-lpeg <br> lua-lunit <br> lua-rpm-macros <br> lua-term <br> luajit <br> lujavrite <br> luksmeta <br> lutok <br> lv2 <br> lzip <br> lzop <br> m17n-db <br> m17n-lib <br> mac-robber <br> mailcap <br> mailx <br> malaga <br> malaga-suomi-voikko <br> mallard-rng <br> man-pages-cs <br> man-pages-es <br> man-pages-it <br> man-pages-ja <br> man-pages-ko <br> man-pages-pl <br> man-pages-ru <br> man-pages-zh-CN <br> mandoc <br> mariadb-connector-c <br> mariadb-connector-odbc <br> marisa <br> maven-compiler-plugin <br> maven-jar-plugin <br> maven-resolver <br> maven-resources-plugin <br> maven-surefire <br> maven-wagon <br> mcelog <br> mcpp <br> mcstrans <br> mdadm <br> mdds <br> mdevctl <br> meanwhile <br> mecab <br> mecab-ipadic <br> media-player-info <br> memcached <br> memkind <br> mesa <br> mesa-libGLU <br> metis <br> microcode_ctl <br> microdnf <br> minicom <br> minizip <br> mksh <br> mobile-broadband-provider-info <br> mock <br> mock-core-configs <br> mod_auth_gssapi <br> mod_auth_mellon <br> mod_auth_openidc <br> mod_authnz_pam <br> mod_fcgid <br> mod_http2 <br> mod_intercept_form_submit <br> mod_lookup_identity <br> mod_md <br> mod_security <br> mod_security_crs <br> mod_wsgi <br> mokutil <br> mosh <br> mpage <br> mrtg <br> mstflint <br> mt-st <br> mtdev <br> mtools <br> mtr <br> mtx <br> munge <br> mutt <br> mythes <br> mythes-bg <br> mythes-ca <br> mythes-cs <br> mythes-da <br> mythes-de <br> mythes-el <br> mythes-en <br> mythes-eo <br> mythes-es <br> mythes-fr <br> mythes-ga <br> mythes-hu <br> mythes-mi <br> mythes-ne <br> mythes-nl <br> mythes-pl <br> mythes-pt <br> mythes-ro <br> mythes-ru <br> mythes-sk <br> mythes-sl <br> mythes-sv <br> mythes-uk <br> nbd <br> nbdkit <br> neon <br> netavark <br> netcdf <br> netcf <br> netlabel_tools <br> netpbm <br> netsniff-ng <br> nfs4-acl-tools <br> nftables <br> nilfs-utils <br> nkf <br> nload <br> nlopt <br> nodejs-packaging <br> nss-mdns <br> nss-pam-ldapd <br> nss_nis <br> nss_wrapper <br> ntfs-3g <br> ntfs-3g-system-compression <br> numad <br> numatop <br> numpy <br> nvmetcli <br> nvml <br> oath-toolkit <br> ocaml <br> ocaml-alcotest <br> ocaml-astring <br> ocaml-augeas <br> ocaml-base <br> ocaml-bigarray-compat <br> ocaml-bisect-ppx <br> ocaml-calendar <br> ocaml-camlp-streams <br> ocaml-camlp5 <br> ocaml-camomile <br> ocaml-cinaps <br> ocaml-cmdliner <br> ocaml-compiler-libs-janestreet <br> ocaml-cppo <br> ocaml-csexp <br> ocaml-csv <br> ocaml-ctypes <br> ocaml-curses <br> ocaml-dune <br> ocaml-extlib <br> ocaml-fileutils <br> ocaml-findlib <br> ocaml-fmt <br> ocaml-fpath <br> ocaml-gettext <br> ocaml-integers <br> ocaml-libvirt <br> ocaml-luv <br> ocaml-lwt <br> ocaml-markup <br> ocaml-mmap <br> ocaml-num <br> ocaml-ocamlbuild <br> ocaml-ocplib-endian <br> ocaml-ounit <br> ocaml-parsexp <br> ocaml-pp <br> ocaml-ppx-derivers <br> ocaml-ppx-here <br> ocaml-ppx-let <br> ocaml-ppxlib <br> ocaml-re <br> ocaml-react <br> ocaml-result <br> ocaml-seq <br> ocaml-sexplib <br> ocaml-sexplib0 <br> ocaml-srpm-macros <br> ocaml-stdio <br> ocaml-stdlib-random <br> ocaml-topkg <br> ocaml-tyxml <br> ocaml-uutf <br> ocaml-xml-light <br> ocaml-zarith <br> ocl-icd <br> oddjob <br> ogdi <br> omping <br> opa <br> opal <br> open-vm-tools <br> openblas <br> opencc <br> opencl-filesystem <br> opencl-headers <br> opencryptoki <br> opencsd <br> opendnssec <br> OpenEXR <br> openjade <br> openjpeg2 <br> openmpi <br> openobex <br> openoffice-lv <br> openrdate <br> opensc <br> openslp <br> opensm <br> opensp <br> openssl <br> openssl-ibmpkcs11 <br> openssl-pkcs11 <br> openwsman <br> optipng <br> opus <br> opusfile <br> orangefs <br> ORBit2 <br> orc <br> os-prober <br> osinfo-db <br> osinfo-db-tools <br> overpass-fonts <br> p11-kit <br> p7zip <br> pacemaker <br> pacrunner <br> pakchois <br> pam_krb5 <br> pam_wrapper <br> papi <br> paps <br> parallel <br> patchelf <br> patchutils <br> pbzip2 <br> pcp <br> pcsc-lite <br> pcsc-lite-ccid <br> PEGTL <br> perl <br> perl-Algorithm-C3 <br> perl-Algorithm-Diff <br> perl-Alien-Build <br> perl-Alien-pkgconf <br> perl-AnyEvent <br> perl-AnyEvent-AIO <br> perl-AnyEvent-BDB <br> perl-App-cpanminus <br> perl-App-FatPacker <br> perl-AppConfig <br> perl-Archive-Extract <br> perl-Archive-Zip <br> perl-Authen-SASL <br> perl-B-COW <br> perl-B-Debug <br> perl-B-Hooks-EndOfScope <br> perl-B-Hooks-OP-Check <br> perl-B-Keywords <br> perl-B-Lint <br> perl-bareword-filehandles <br> perl-Bit-Vector <br> perl-boolean <br> perl-Browser-Open <br> perl-BSD-Resource <br> perl-Business-ISBN <br> perl-Business-ISBN-Data <br> perl-Bytes-Random-Secure <br> perl-Capture-Tiny <br> perl-Carp-Clan <br> perl-CBOR-XS <br> perl-Class-Accessor <br> perl-Class-C3 <br> perl-Class-C3-XS <br> perl-Class-Data-Inheritable <br> perl-Class-Factory-Util <br> perl-Class-Inspector <br> perl-Class-ISA <br> perl-Class-Load <br> perl-Class-Load-XS <br> perl-Class-Method-Modifiers <br> perl-Class-Singleton <br> perl-Class-Tiny <br> perl-Class-XSAccessor <br> perl-Clone <br> perl-Color-ANSI-Util <br> perl-Color-RGB-Util <br> perl-ColorThemeBase-Static <br> perl-ColorThemeRole-ANSI <br> perl-ColorThemes-Standard <br> perl-ColorThemeUtil-ANSI <br> perl-Compress-Bzip2 <br> perl-Compress-LZF <br> perl-Compress-Raw-Lzma <br> perl-Config-AutoConf <br> perl-Config-INI <br> perl-Config-INI-Reader-Multiline <br> perl-Config-IniFiles <br> perl-Config-Simple <br> perl-Config-Tiny <br> perl-Const-Fast <br> perl-Convert-ASN1 <br> perl-Convert-Bencode <br> perl-Coro <br> perl-Coro-Multicore <br> perl-CPAN-Changes <br> perl-CPAN-DistnameInfo <br> perl-CPAN-Meta-Check <br> perl-Cpanel-JSON-XS <br> perl-Crypt-CBC <br> perl-Crypt-DES <br> perl-Crypt-IDEA <br> perl-Crypt-OpenSSL-Bignum <br> perl-Crypt-OpenSSL-Guess <br> perl-Crypt-OpenSSL-Random <br> perl-Crypt-OpenSSL-RSA <br> perl-Crypt-PasswdMD5 <br> perl-Crypt-Random-Seed <br> perl-CSS-Tiny <br> perl-Data-Dump <br> perl-Data-Munge <br> perl-Data-OptList <br> perl-Data-Peek <br> perl-Data-Section <br> perl-Data-UUID <br> perl-Date-Calc <br> perl-Date-ISO8601 <br> perl-Date-Manip <br> perl-DateTime <br> perl-DateTime-Format-Builder <br> perl-DateTime-Format-DateParse <br> perl-DateTime-Format-HTTP <br> perl-DateTime-Format-IBeat <br> perl-DateTime-Format-ISO8601 <br> perl-DateTime-Format-Mail <br> perl-DateTime-Format-Strptime <br> perl-DateTime-Locale <br> perl-DateTime-TimeZone <br> perl-DateTime-TimeZone-SystemV <br> perl-DateTime-TimeZone-Tzfile <br> perl-DBD-MySQL <br> perl-Devel-CallChecker <br> perl-Devel-Caller <br> perl-Devel-CheckBin <br> perl-Devel-CheckLib <br> perl-Devel-Cycle <br> perl-Devel-EnforceEncapsulation <br> perl-Devel-GlobalDestruction <br> perl-Devel-GlobalDestruction-XS <br> perl-Devel-Hide <br> perl-Devel-Leak <br> perl-Devel-LexAlias <br> perl-Devel-Refcount <br> perl-Devel-Size <br> perl-Devel-StackTrace <br> perl-Devel-Symdump <br> perl-Digest-BubbleBabble <br> perl-Digest-CRC <br> perl-Digest-HMAC <br> perl-Digest-SHA1 <br> perl-Dist-CheckConflicts <br> perl-DynaLoader-Functions <br> perl-Email-Address <br> perl-Email-Date-Format <br> perl-Encode-Detect <br> perl-Encode-EUCJPASCII <br> perl-Encode-IMAPUTF7 <br> perl-Encode-Locale <br> perl-Env-ShellWords <br> perl-Error <br> perl-EV <br> perl-Eval-Closure <br> perl-Event <br> perl-Exception-Class <br> perl-Expect <br> perl-ExtUtils-Config <br> perl-ExtUtils-Depends <br> perl-ExtUtils-Helpers <br> perl-ExtUtils-InstallPaths <br> perl-ExtUtils-PkgConfig <br> perl-FCGI <br> perl-Fedora-VSP <br> perl-FFI-CheckLib <br> perl-File-BaseDir <br> perl-File-BOM <br> perl-File-chdir <br> perl-File-CheckTree <br> perl-File-Copy-Recursive <br> perl-File-DesktopEntry <br> perl-File-Find-Object <br> perl-File-Find-Object-Rule <br> perl-File-Find-Rule <br> perl-File-Find-Rule-Perl <br> perl-File-Inplace <br> perl-File-Listing <br> perl-File-MimeInfo <br> perl-File-pushd <br> perl-File-ReadBackwards <br> perl-File-Remove <br> perl-File-ShareDir <br> perl-File-ShareDir-Install <br> perl-File-Slurp <br> perl-File-Slurp-Tiny <br> perl-File-Slurper <br> perl-File-Type <br> perl-Font-TTF <br> perl-FreezeThaw <br> perl-GD <br> perl-GD-Barcode <br> perl-generators <br> perl-Getopt-ArgvFile <br> perl-gettext <br> perl-Graphics-ColorNamesLite-WWW <br> perl-GSSAPI <br> perl-Guard <br> perl-Hook-LexWrap <br> perl-HTML-Parser <br> perl-HTML-Tagset <br> perl-HTML-Tree <br> perl-HTTP-Cookies <br> perl-HTTP-Daemon <br> perl-HTTP-Date <br> perl-HTTP-Message <br> perl-HTTP-Negotiate <br> perl-Image-Base <br> perl-Image-Info <br> perl-Image-Xbm <br> perl-Image-Xpm <br> perl-Import-Into <br> perl-Importer <br> perl-inc-latest <br> perl-indirect <br> perl-Inline-Files <br> perl-IO-AIO <br> perl-IO-All <br> perl-IO-CaptureOutput <br> perl-IO-Compress-Lzma <br> perl-IO-HTML <br> perl-IO-Multiplex <br> perl-IO-SessionData <br> perl-IO-Socket-INET6 <br> perl-IO-String <br> perl-IO-stringy <br> perl-IO-Tty <br> perl-IPC-Run <br> perl-IPC-Run3 <br> perl-IPC-System-Simple <br> perl-JSON <br> perl-JSON-Color <br> perl-JSON-MaybeXS <br> perl-LDAP <br> perl-libnet <br> perl-libwww-perl <br> perl-libxml-perl <br> perl-Lingua-EN-Inflect <br> perl-List-MoreUtils-XS <br> perl-local-lib <br> perl-Locale-Codes <br> perl-Locale-Maketext-Gettext <br> perl-Locale-Msgfmt <br> perl-Locale-PO <br> perl-Log-Message <br> perl-Log-Message-Simple <br> perl-LWP-MediaTypes <br> perl-LWP-Protocol-https <br> perl-Mail-AuthenticationResults <br> perl-Mail-DKIM <br> perl-Mail-IMAPTalk <br> perl-Mail-SPF <br> perl-MailTools <br> perl-Match-Simple <br> perl-Math-Int64 <br> perl-Math-Random-ISAAC <br> perl-MIME-Charset <br> perl-MIME-Lite <br> perl-MIME-Types <br> perl-Mixin-Linewise <br> perl-MLDBM <br> perl-Mock-Config <br> perl-Module-Build-Tiny <br> perl-Module-CPANfile <br> perl-Module-Implementation <br> perl-Module-Install-AuthorRequires <br> perl-Module-Install-AuthorTests <br> perl-Module-Install-AutoLicense <br> perl-Module-Install-GithubMeta <br> perl-Module-Install-ManifestSkip <br> perl-Module-Install-ReadmeFromPod <br> perl-Module-Install-ReadmeMarkdownFromPod <br> perl-Module-Install-Repository <br> perl-Module-Install-TestBase <br> perl-Module-Load-Util <br> perl-Module-Manifest <br> perl-Module-Manifest-Skip <br> perl-Module-Package <br> perl-Module-Package-Au <br> perl-Module-Pluggable <br> perl-Module-Runtime <br> perl-Module-Signature <br> perl-Mojolicious <br> perl-Moo <br> perl-Mozilla-CA <br> perl-Mozilla-LDAP <br> perl-MRO-Compat <br> perl-multidimensional <br> perl-namespace-autoclean <br> perl-namespace-clean <br> perl-Net-CIDR-Lite <br> perl-Net-Daemon <br> perl-Net-DNS <br> perl-Net-DNS-Resolver-Mock <br> perl-Net-DNS-Resolver-Programmable <br> perl-Net-HTTP <br> perl-Net-IMAP-Simple <br> perl-Net-IMAP-Simple-SSL <br> perl-Net-IP <br> perl-Net-LibIDN2 <br> perl-Net-Patricia <br> perl-Net-SMTP-SSL <br> perl-Net-SNMP <br> perl-Net-Telnet <br> perl-Newt <br> perl-NNTPClient <br> perl-NTLM <br> perl-Number-Compare <br> perl-Object-Deadly <br> perl-Object-HashBase <br> perl-Package-Anon <br> perl-Package-Constants <br> perl-Package-DeprecationManager <br> perl-Package-Generator <br> perl-Package-Stash <br> perl-Package-Stash-XS <br> perl-PadWalker <br> perl-Paper-Specs <br> perl-PAR-Dist <br> perl-Parallel-Iterator <br> perl-Params-Classify <br> perl-Params-Util <br> perl-Params-Validate <br> perl-Params-ValidationCompiler <br> perl-Parse-PMFile <br> perl-Parse-RecDescent <br> perl-Parse-Yapp <br> perl-Path-Tiny <br> perl-Perl-Critic <br> perl-Perl-Critic-More <br> perl-Perl-Destruct-Level <br> perl-Perl-MinimumVersion <br> perl-Perl4-CoreLibs <br> perl-PerlIO-gzip <br> perl-PerlIO-utf8_strict <br> perl-PkgConfig-LibPkgConf <br> perl-Pod-Coverage <br> perl-Pod-Coverage-TrustPod <br> perl-Pod-Escapes <br> perl-Pod-Eventual <br> perl-Pod-LaTeX <br> perl-Pod-Markdown <br> perl-Pod-Parser <br> perl-Pod-Plainer <br> perl-Pod-POM <br> perl-Pod-Spell <br> perl-PPI <br> perl-PPI-HTML <br> perl-PPIx-QuoteLike <br> perl-PPIx-Regexp <br> perl-PPIx-Utilities <br> perl-prefork <br> perl-Probe-Perl <br> perl-Razor-Agent <br> perl-Readonly <br> perl-Readonly-XS <br> perl-Ref-Util <br> perl-Ref-Util-XS <br> perl-Regexp-Pattern-Perl <br> perl-Return-MultiLevel <br> perl-Role-Tiny <br> perl-Scope-Guard <br> perl-Scope-Upper <br> perl-SGMLSpm <br> perl-SNMP_Session <br> perl-Socket6 <br> perl-Software-License <br> perl-Sort-Versions <br> perl-Specio <br> perl-Spiffy <br> perl-strictures <br> perl-String-CRC32 <br> perl-String-Format <br> perl-String-ShellQuote <br> perl-String-Similarity <br> perl-Sub-Exporter <br> perl-Sub-Exporter-Progressive <br> perl-Sub-Identify <br> perl-Sub-Infix <br> perl-Sub-Info <br> perl-Sub-Install <br> perl-Sub-Name <br> perl-Sub-Quote <br> perl-Sub-Uplevel <br> perl-SUPER <br> perl-Switch <br> perl-Syntax-Highlight-Engine-Kate <br> perl-Sys-CPU <br> perl-Sys-MemInfo <br> perl-Sys-Virt <br> perl-Taint-Runtime <br> perl-Task-Weaken <br> perl-Term-Size-Any <br> perl-Term-Size-Perl <br> perl-Term-Table <br> perl-Term-UI <br> perl-TermReadKey <br> perl-Test-Base <br> perl-Test-ClassAPI <br> perl-Test-CPAN-Meta <br> perl-Test-CPAN-Meta-JSON <br> perl-Test-Deep <br> perl-Test-Differences <br> perl-Test-DistManifest <br> perl-Test-Distribution <br> perl-Test-EOL <br> perl-Test-Exception <br> perl-Test-Exit <br> perl-Test-FailWarnings <br> perl-Test-Fatal <br> perl-Test-File <br> perl-Test-File-ShareDir <br> perl-Test-Harness <br> perl-Test-HasVersion <br> perl-Test-InDistDir <br> perl-Test-Inter <br> perl-Test-LeakTrace <br> perl-Test-LongString <br> perl-Test-Manifest <br> perl-Test-Memory-Cycle <br> perl-Test-MinimumVersion <br> perl-Test-MockObject <br> perl-Test-MockRandom <br> perl-Test-Needs <br> perl-Test-NoTabs <br> perl-Test-NoWarnings <br> perl-Test-Object <br> perl-Test-Output <br> perl-Test-Pod <br> perl-Test-Pod-Coverage <br> perl-Test-Portability-Files <br> perl-Test-Requires <br> perl-Test-RequiresInternet <br> perl-Test-Script <br> perl-Test-Simple <br> perl-Test-SubCalls <br> perl-Test-Synopsis <br> perl-Test-Taint <br> perl-Test-TrailingSpace <br> perl-Test-utf8 <br> perl-Test-Vars <br> perl-Test-Warn <br> perl-Test-Without-Module <br> perl-Test2-Plugin-NoWarnings <br> perl-Test2-Suite <br> perl-Test2-Tools-Explain <br> perl-Text-CharWidth <br> perl-Text-CSV_XS <br> perl-Text-Diff <br> perl-Text-Glob <br> perl-Text-Iconv <br> perl-Text-Soundex <br> perl-Text-Unidecode <br> perl-Text-WrapI18N <br> perl-Tie-IxHash <br> perl-TimeDate <br> perl-Tree-DAG_Node <br> perl-Unicode-EastAsianWidth <br> perl-Unicode-LineBreak <br> perl-Unicode-Map8 <br> perl-Unicode-String <br> perl-Unicode-UTF8 <br> perl-UNIVERSAL-can <br> perl-UNIVERSAL-isa <br> perl-Unix-Syslog <br> perl-URI <br> perl-Variable-Magic <br> perl-Version-Requirements <br> perl-WWW-RobotRules <br> perl-XML-Catalog <br> perl-XML-DOM <br> perl-XML-Dumper <br> perl-XML-Filter-BufferText <br> perl-XML-Generator <br> perl-XML-Grove <br> perl-XML-Handler-YAWriter <br> perl-XML-LibXML <br> perl-XML-LibXSLT <br> perl-XML-NamespaceSupport <br> perl-XML-Parser-Lite <br> perl-XML-RegExp <br> perl-XML-SAX <br> perl-XML-SAX-Base <br> perl-XML-SAX-Writer <br> perl-XML-Simple <br> perl-XML-TokeParser <br> perl-XML-TreeBuilder <br> perl-XML-Twig <br> perl-XML-Writer <br> perl-XML-XPath <br> perl-XML-XPathEngine <br> perl-XString <br> perl-YAML-LibYAML <br> perl-YAML-PP <br> perl-YAML-Syck <br> perltidy <br> pesign <br> phodav <br> php <br> php-pear <br> php-pecl-apcu <br> php-pecl-zip <br> physfs <br> picosat <br> pinfo <br> pipewire <br> pixman <br> pkcs11-helper <br> pkgconf <br> plexus-cipher <br> plexus-containers <br> plexus-sec-dispatcher <br> plotutils <br> pmdk-convert <br> pmix <br> pngcrush <br> pngnq <br> po4a <br> podman <br> poetry <br> policycoreutils <br> polkit-pkla-compat <br> polkit-qt-1 <br> portreserve <br> postfix <br> potrace <br> powertop <br> ppp <br> pps-tools <br> pptp <br> priv_wrapper <br> procmail <br> prometheus <br> prometheus-node-exporter <br> ps_mem <br> psacct <br> pssh <br> psutils <br> ptlib <br> publicsuffix-list <br> pugixml <br> pulseaudio <br> puppet <br> pwgen <br> pyatspi <br> pybind11 <br> pycairo <br> pyelftools <br> pyflakes <br> pygobject3 <br> PyGreSQL <br> pykickstart <br> pylint <br> pyparted <br> pyproject-rpm-macros <br> pyserial <br> python-absl-py <br> python-aiodns <br> python-aiohttp <br> python-alsa <br> python-argcomplete <br> python-argparse-manpage <br> python-astroid <br> python-astunparse <br> python-async-generator <br> python-augeas <br> python-azure-sdk <br> python-beautifulsoup4 <br> python-betamax <br> python-blinker <br> python-blivet <br> python-cached_property <br> python-charset-normalizer <br> python-cheetah <br> python-click <br> python-cmd2 <br> python-colorama <br> python-CommonMark <br> python-conda-package-handling <br> python-configshell <br> python-cpuinfo <br> python-cups <br> python-curio <br> python-cytoolz <br> python-d2to1 <br> python-dbus-client-gen <br> python-dbus-python-client-gen <br> python-dbus-signature-pyparsing <br> python-dbusmock <br> python-ddt <br> python-debtcollector <br> python-decorator <br> python-distlib <br> python-dmidecode <br> python-dns <br> python-dtopt <br> python-dulwich <br> python-editables <br> python-enchant <br> python-entrypoints <br> python-ethtool <br> python-evdev <br> python-extras <br> python-faker <br> python-fasteners <br> python-fastjsonschema <br> python-fields <br> python-filelock <br> python-fixtures <br> python-flake8 <br> python-flask <br> python-flit <br> python-flit-core <br> python-fluidity-sm <br> python-frozendict <br> python-funcsigs <br> python-gast <br> python-genshi <br> python-google-auth <br> python-google-auth-oauthlib <br> python-greenlet <br> python-gssapi <br> python-h5py <br> python-hatch-fancy-pypi-readme <br> python-hatch-vcs <br> python-hatchling <br> python-hs-dbus-signature <br> python-html5lib <br> python-httplib2 <br> python-humanize <br> python-hwdata <br> python-importlib-metadata <br> python-inotify <br> python-into-dbus-python <br> python-IPy <br> python-iso8601 <br> python-isodate <br> python-isort <br> python-itsdangerous <br> python-junitxml <br> python-justbases <br> python-justbytes <br> python-jwcrypto <br> python-jwt <br> python-kdcproxy <br> python-kerberos <br> python-kmod <br> python-kubernetes <br> python-lark <br> python-lazy-object-proxy <br> python-ldap <br> python-linux-procfs <br> python-lit <br> python-looseversion <br> python-markdown <br> python-markdown-it-py <br> python-mccabe <br> python-mdurl <br> python-memcached <br> python-mimeparse <br> python-mock <br> python-monotonic <br> python-more-itertools <br> python-mpmath <br> python-msal <br> python-msrestazure <br> python-mutagen <br> python-networkx <br> python-nose2 <br> python-ntlm-auth <br> python-oauth2client <br> python-openpyxl <br> python-openstackdocstheme <br> python-oslo-i18n <br> python-oslo-sphinx <br> python-paramiko <br> python-pathspec <br> python-pefile <br> python-pexpect <br> python-pkgconfig <br> python-platformdirs <br> python-pluggy <br> python-podman-api <br> python-poetry-core <br> python-process-tests <br> python-productmd <br> python-ptyprocess <br> python-pycares <br> python-pycosat <br> python-pydbus <br> python-pymongo <br> python-PyMySQL <br> python-pyperclip <br> python-pyproject-metadata <br> python-pyroute2 <br> python-pyrsistent <br> python-pysocks <br> python-pytest-benchmark <br> python-pytest-cov <br> python-pytest-expect <br> python-pytest-flake8 <br> python-pytest-flakes <br> python-pytest-forked <br> python-pytest-mock <br> python-pytest-relaxed <br> python-pytest-runner <br> python-pytest-subtests <br> python-pytest-timeout <br> python-pytest-xdist <br> python-pytoml <br> python-pyudev <br> python-pywbem <br> python-qrcode <br> python-rdflib <br> python-recommonmark <br> python-requests-file <br> python-requests-ftp <br> python-requests-kerberos <br> python-requests-mock <br> python-requests-oauthlib <br> python-requests-toolbelt <br> python-requests_ntlm <br> python-responses <br> python-retrying <br> python-rfc3986 <br> python-rich <br> python-rpm-generators <br> python-rpmfluff <br> python-rtslib <br> python-ruamel-yaml <br> python-ruamel-yaml-clib <br> python-s3transfer <br> python-schedutils <br> python-semantic_version <br> python-should_dsl <br> python-simpleline <br> python-slip <br> python-sniffio <br> python-sortedcontainers <br> python-soupsieve <br> python-sphinx <br> python-sphinx-epytext <br> python-sphinx-theme-py3doc-enhanced <br> python-sphinx_rtd_theme <br> python-sphinxcontrib-apidoc <br> python-sphinxcontrib-applehelp <br> python-sphinxcontrib-devhelp <br> python-sphinxcontrib-htmlhelp <br> python-sphinxcontrib-httpdomain <br> python-sphinxcontrib-jsmath <br> python-sphinxcontrib-qthelp <br> python-sphinxcontrib-serializinghtml <br> python-sqlalchemy <br> python-suds <br> python-systemd <br> python-tempita <br> python-templated-dictionary <br> python-termcolor <br> python-testpath <br> python-testresources <br> python-testscenarios <br> python-testtools <br> python-tidy <br> python-toml <br> python-tomli <br> python-toolz <br> python-tornado <br> python-tox <br> python-tox-current-env <br> python-tqdm <br> python-trio <br> python-trove-classifiers <br> python-typing-extensions <br> python-uamqp <br> python-unittest2 <br> python-uritemplate <br> python-urwid <br> python-varlink <br> python-versioneer <br> python-virt-firmware <br> python-voluptuous <br> python-waitress <br> python-webencodings <br> python-webtest <br> python-wheel <br> python-whoosh <br> python-winrm <br> python-wrapt <br> python-xlrd <br> python-xlsxwriter <br> python-xmltodict <br> python-yubico <br> python-zipp <br> python-zmq <br> python-zstd <br> python3-mallard-ducktype <br> python3-pytest-asyncio <br> python3-typed_ast <br> pyusb <br> pywbem <br> pyxattr <br> qemu <br> qhull <br> qpdf <br> qperf <br> qr-code-generator <br> qt-rpm-macros <br> qt5-qtconnectivity <br> qt5-qtsensors <br> qt5-qtserialport <br> qtbase <br> qtdeclarative <br> qtsvg <br> qttools <br> quagga <br> quota <br> radvd <br> ragel <br> raptor2 <br> rarian <br> rasdaemon <br> rasqal <br> rcs <br> rdist <br> rdma-core <br> re2 <br> re2c <br> realmd <br> rear <br> recode <br> resource-agents <br> rest <br> rhash <br> rlwrap <br> rp-pppoe <br> rpm-mpi-hooks <br> rpmdevtools <br> rpmlint <br> rr <br> rtkit <br> rtl-sdr <br> ruby-augeas <br> rubygem-bson <br> rubygem-coderay <br> rubygem-diff-lcs <br> rubygem-flexmock <br> rubygem-hpricot <br> rubygem-introspection <br> rubygem-liquid <br> rubygem-maruku <br> rubygem-metaclass <br> rubygem-mongo <br> rubygem-mustache <br> rubygem-mysql2 <br> rubygem-pkg-config <br> rubygem-rake <br> rubygem-rake-compiler <br> rubygem-ronn <br> rubygem-rouge <br> rubygem-rspec <br> rubygem-rspec-expectations <br> rubygem-rspec-mocks <br> rubygem-rspec-support <br> rubygem-thread_order <br> rusers <br> rust-cbindgen <br> samba <br> sanlock <br> sassist <br> satyr <br> sbc <br> sblim-cim-client2 <br> sblim-cmpi-base <br> sblim-cmpi-devel <br> sblim-cmpi-fsvol <br> sblim-cmpi-network <br> sblim-cmpi-nfsv3 <br> sblim-cmpi-nfsv4 <br> sblim-cmpi-params <br> sblim-cmpi-sysfs <br> sblim-cmpi-syslog <br> sblim-indication_helper <br> sblim-sfcb <br> sblim-sfcc <br> sblim-sfcCommon <br> sblim-testsuite <br> sblim-wbemcli <br> scl-utils <br> scotch <br> screen <br> scrub <br> SDL <br> SDL2 <br> SDL_sound <br> sdparm <br> seabios <br> secilc <br> selinux-policy <br> serd <br> setools <br> setserial <br> setuptool <br> sgabios <br> sgml-common <br> sgpio <br> shared-mime-info <br> sharutils <br> sip <br> sisu <br> skkdic <br> sleuthkit <br> slirp4netns <br> smartmontools <br> smc-tools <br> socket_wrapper <br> softhsm <br> sombok <br> sord <br> sos <br> sound-theme-freedesktop <br> soundtouch <br> sox <br> soxr <br> sparsehash <br> spausedd <br> speex <br> speexdsp <br> spice-protocol <br> spice-vdagent <br> spirv-headers <br> spirv-tools <br> splix <br> squashfs-tools <br> squid <br> sratom <br> sscg <br> star <br> startup-notification <br> stress-ng <br> stunnel <br> subscription-manager <br> subunit <br> suitesparse <br> SuperLU <br> supermin <br> switcheroo-control <br> swtpm <br> symlinks <br> sympy <br> sysfsutils <br> systemd <br> systemd-bootchart <br> t1lib <br> t1utils <br> taglib <br> tang <br> targetcli <br> tbb <br> tcl-pgtcl <br> tclx <br> teckit <br> telnet <br> thrift <br> tidy <br> time <br> tini <br> tinycdb <br> tix <br> tk <br> tlog <br> tmpwatch <br> tn5250 <br> tofrodos <br> tokyocabinet <br> trace-cmd <br> tss2 <br> ttembed <br> ttmkfdir <br> tuna <br> twolame <br> uchardet <br> uclibc-ng <br> ucpp <br> ucs-miscfixed-fonts <br> ucx <br> udftools <br> udica <br> udisks2 <br> uglify-js <br> uid_wrapper <br> unicode-emoji <br> unicode-ucd <br> unique3 <br> units <br> upower <br> uriparser <br> urlview <br> usb_modeswitch <br> usb_modeswitch-data <br> usbguard <br> usbip <br> usbmuxd <br> usbredir <br> usermode <br> ustr <br> uthash <br> uuid <br> uw-imap <br> v4l-utils <br> vhostmd <br> vino <br> virglrenderer <br> virt-p2v <br> virt-top <br> virt-what <br> virt-who <br> vitess <br> vmem <br> volume_key <br> vorbis-tools <br> vte291 <br> vulkan-headers <br> vulkan-loader <br> watchdog <br> wavpack <br> wayland <br> wayland-protocols <br> web-assets <br> webrtc-audio-processing <br> websocketpp <br> wget <br> whois <br> wireguard-tools <br> wireless-regdb <br> wireshark <br> woff2 <br> wordnet <br> words <br> wpebackend-fdo <br> wsmancli <br> wvdial <br> x3270 <br> xapian-core <br> Xaw3d <br> xcb-proto <br> xcb-util <br> xcb-util-image <br> xcb-util-keysyms <br> xcb-util-renderutil <br> xcb-util-wm <br> xdelta <br> xdg-dbus-proxy <br> xdg-utils <br> xdp-tools <br> xerces-c <br> xfconf <br> xfsdump <br> xhtml1-dtds <br> xkeyboard-config <br> xmlstarlet <br> xmltoman <br> xmvn <br> xorg-x11-apps <br> xorg-x11-drv-libinput <br> xorg-x11-font-utils <br> xorg-x11-fonts <br> xorg-x11-proto-devel <br> xorg-x11-server <br> xorg-x11-server-utils <br> xorg-x11-server-Xwayland <br> xorg-x11-util-macros <br> xorg-x11-utils <br> xorg-x11-xauth <br> xorg-x11-xbitmaps <br> xorg-x11-xinit <br> xorg-x11-xkb-utils <br> xorg-x11-xtrans-devel <br> xrestop <br> xterm <br> xxhash <br> yajl <br> yaml-cpp <br> yasm <br> yelp-tools <br> yelp-xsl <br> ykclient <br> yp-tools <br> ypbind <br> ypserv <br> z3 <br> zenity <br> zerofree <br> zfs-fuse <br> zipper <br> zopfli <br> zziplib |
+| Fedora | [Fedora MIT License Declaration](https://fedoraproject.org/wiki/Licensing:Main?rd=Licensing#License_of_Fedora_SPEC_Files) | 389-ds-base <br> a52dec <br> abseil-cpp <br> accountsservice <br> acpica-tools <br> acpid <br> adcli <br> adobe-mappings-cmap <br> adobe-mappings-pdf <br> advancecomp <br> adwaita-icon-theme <br> afflib <br> aide <br> alsa-firmware <br> alsa-plugins <br> amtk <br> amtterm <br> annobin <br> ansible-freeipa <br> archivemount <br> arptables <br> arpwatch <br> asio <br> aspell <br> aspell-en <br> at <br> at-spi2-atk <br> at-spi2-core <br> atf <br> atk <br> atop <br> attr <br> audiofile <br> augeas <br> authbind <br> authd <br> authselect <br> autoconf213 <br> avahi <br> babeltrace <br> babeltrace2 <br> babl <br> baekmuk-ttf-fonts <br> bats <br> bcache-tools <br> biosdevname <br> blosc <br> bluez <br> bmake <br> bolt <br> boom-boot <br> booth <br> botan2 <br> breezy <br> brotli <br> buildah <br> busybox <br> bwidget <br> byacc <br> ca-certificates <br> cachefilesd <br> cairomm <br> calamares <br> capnproto <br> capstone <br> catatonit <br> catch <br> catch1 <br> cdrdao <br> celt051 <br> cereal <br> certmonger <br> cfitsio <br> cgdcbxd <br> chan <br> CharLS <br> checkpolicy <br> checksec <br> chrony <br> cim-schema <br> cjkuni-uming-fonts <br> cjose <br> ck <br> cldr-emoji-annotation <br> clucene <br> clutter <br> clutter-gst3 <br> clutter-gtk <br> cmocka <br> cogl <br> collectd <br> colm <br> color-filesystem <br> colord <br> colorize <br> compat-lua <br> compiler-rt <br> conda <br> conmon <br> conntrack-tools <br> console-setup <br> container-exception-logger <br> containernetworking-plugins <br> convmv <br> corosync <br> corosync-qdevice <br> cpp-hocon <br> cppcheck <br> cpprest <br> cpptest <br> cpufrequtils <br> cpuid <br> criu <br> crypto-policies <br> cryptsetup <br> cscope <br> ctags <br> CUnit <br> cups <br> custodia <br> Cython <br> dbus-c++ <br> dbus-python <br> dbxtool <br> dconf <br> dcraw <br> debootstrap <br> deltarpm <br> desktop-file-utils <br> device-mapper-persistent-data <br> dhcpcd <br> dietlibc <br> diffstat <br> ding-libs <br> discount <br> distribution-gpg-keys <br> dleyna-connector-dbus <br> dleyna-core <br> dmraid <br> dnf <br> dnf-plugins-core <br> docbook-dtds <br> docbook-simple <br> docbook-slides <br> docbook-style-dsssl <br> docbook-utils <br> docbook2X <br> docbook5-schemas <br> docbook5-style-xsl <br> dogtail <br> dos2unix <br> dotconf <br> dovecot <br> dpdk <br> dpkg <br> driverctl <br> dropwatch <br> drpm <br> duktape <br> dumpet <br> dvd+rw-tools <br> dwarves <br> dwz <br> dyninst <br> ebtables <br> edac-utils <br> edk2 <br> efax <br> efi-rpm-macros <br> egl-wayland <br> eglexternalplatform <br> elinks <br> enca <br> enchant <br> enchant2 <br> enscript <br> environment-modules <br> evemu <br> execstack <br> exempi <br> exiv2 <br> extra-cmake-modules <br> fabtests <br> facter <br> fakechroot <br> fakeroot <br> fdk-aac-free <br> fdupes <br> fence-virt <br> fetchmail <br> fftw <br> filebench <br> fio <br> fipscheck <br> firewalld <br> flac <br> flatbuffers <br> flite <br> fltk <br> fmt <br> fontawesome-fonts <br> fontawesome4-fonts <br> fontpackages <br> fonts-rpm-macros <br> foomatic-db <br> freeglut <br> freeipmi <br> freeradius <br> freetds <br> freexl <br> fribidi <br> fros <br> frr <br> fsverity-utils <br> fuse-overlayfs <br> fuse-sshfs <br> fuse-zip <br> fuse3 <br> future <br> fxload <br> gavl <br> gbenchmark <br> gconf-editor <br> GConf2 <br> gcovr <br> gcr <br> gdal <br> gdisk <br> gdk-pixbuf2 <br> generic-logos <br> genwqe-tools <br> geoclue2 <br> GeoIP <br> GeoIP-GeoLite-data <br> geolite2 <br> geos <br> gfs2-utils <br> ghc-srpm-macros <br> giflib <br> gl-manpages <br> glew <br> glm <br> glog <br> glslang <br> glusterfs <br> gnome-desktop-testing <br> gnome-doc-utils <br> gnome-icon-theme <br> gnome-keyring <br> gnu-efi <br> go-rpm-macros <br> gom <br> google-api-python-client <br> google-crosextra-caladea-fonts <br> google-crosextra-carlito-fonts <br> google-guice <br> google-noto-cjk-fonts <br> google-noto-emoji-fonts <br> google-roboto-slab-fonts <br> gphoto2 <br> gpm <br> gpsbabel <br> graphene <br> graphite2 <br> graphviz <br> grubby <br> gsettings-desktop-schemas <br> gsl <br> gsm <br> gspell <br> gssdp <br> gssntlmssp <br> gstreamer1 <br> gstreamer1-plugins-base <br> gtk-vnc <br> gtk2 <br> gtk3 <br> gtkspell <br> gupnp <br> gupnp-av <br> gupnp-dlna <br> gupnp-igd <br> hardening-check <br> hdf <br> hdf5 <br> heimdal <br> help2man <br> hexedit <br> hicolor-icon-theme <br> hiera <br> highlight <br> hivex <br> hostname <br> hping3 <br> hsakmt <br> htop <br> hunspell <br> hunspell-af <br> hunspell-ar <br> hunspell-as <br> hunspell-ast <br> hunspell-az <br> hunspell-be <br> hunspell-bg <br> hunspell-bn <br> hunspell-br <br> hunspell-ca <br> hunspell-cop <br> hunspell-csb <br> hunspell-cv <br> hunspell-cy <br> hunspell-da <br> hunspell-de <br> hunspell-dsb <br> hunspell-el <br> hunspell-en <br> hunspell-eo <br> hunspell-es <br> hunspell-et <br> hunspell-eu <br> hunspell-fa <br> hunspell-fj <br> hunspell-fo <br> hunspell-fr <br> hunspell-fur <br> hunspell-fy <br> hunspell-ga <br> hunspell-gd <br> hunspell-gl <br> hunspell-grc <br> hunspell-gu <br> hunspell-gv <br> hunspell-haw <br> hunspell-hi <br> hunspell-hil <br> hunspell-hr <br> hunspell-hsb <br> hunspell-ht <br> hunspell-hu <br> hunspell-hy <br> hunspell-ia <br> hunspell-id <br> hunspell-is <br> hunspell-it <br> hunspell-kk <br> hunspell-km <br> hunspell-kn <br> hunspell-ko <br> hunspell-ku <br> hunspell-ky <br> hunspell-la <br> hunspell-lb <br> hunspell-ln <br> hunspell-mai <br> hunspell-mg <br> hunspell-mi <br> hunspell-mk <br> hunspell-ml <br> hunspell-mn <br> hunspell-mos <br> hunspell-mr <br> hunspell-ms <br> hunspell-mt <br> hunspell-nds <br> hunspell-ne <br> hunspell-nl <br> hunspell-no <br> hunspell-nr <br> hunspell-nso <br> hunspell-ny <br> hunspell-om <br> hunspell-or <br> hunspell-pa <br> hunspell-pl <br> hunspell-pt <br> hunspell-quh <br> hunspell-ro <br> hunspell-ru <br> hunspell-rw <br> hunspell-se <br> hunspell-shs <br> hunspell-si <br> hunspell-sk <br> hunspell-sl <br> hunspell-smj <br> hunspell-so <br> hunspell-sq <br> hunspell-sr <br> hunspell-sv <br> hunspell-sw <br> hunspell-ta <br> hunspell-te <br> hunspell-tet <br> hunspell-th <br> hunspell-tk <br> hunspell-tl <br> hunspell-tn <br> hunspell-tpi <br> hunspell-ts <br> hunspell-uk <br> hunspell-uz <br> hunspell-ve <br> hunspell-vi <br> hunspell-wa <br> hunspell-xh <br> hunspell-yi <br> hwdata <br> hwloc <br> hyperscan <br> hyperv-daemons <br> hyphen <br> hyphen-as <br> hyphen-bg <br> hyphen-bn <br> hyphen-ca <br> hyphen-da <br> hyphen-de <br> hyphen-el <br> hyphen-es <br> hyphen-fa <br> hyphen-fo <br> hyphen-fr <br> hyphen-ga <br> hyphen-gl <br> hyphen-grc <br> hyphen-gu <br> hyphen-hi <br> hyphen-hsb <br> hyphen-hu <br> hyphen-ia <br> hyphen-id <br> hyphen-is <br> hyphen-it <br> hyphen-kn <br> hyphen-ku <br> hyphen-lt <br> hyphen-mi <br> hyphen-ml <br> hyphen-mn <br> hyphen-mr <br> hyphen-nl <br> hyphen-or <br> hyphen-pa <br> hyphen-pl <br> hyphen-pt <br> hyphen-ro <br> hyphen-ru <br> hyphen-sa <br> hyphen-sk <br> hyphen-sl <br> hyphen-sv <br> hyphen-ta <br> hyphen-te <br> hyphen-tk <br> hyphen-uk <br> ibus <br> ibus-chewing <br> ibus-hangul <br> ibus-kkc <br> ibus-libzhuyin <br> ibus-m17n <br> ibus-rawcode <br> ibus-sayura <br> ibus-table <br> ibus-table-chinese <br> icc-profiles-openicc <br> icon-naming-utils <br> icoutils <br> iftop <br> iio-sensor-proxy <br> ilmbase <br> im-chooser <br> imaptest <br> imsettings <br> indent <br> infinipath-psm <br> inih <br> iniparser <br> intel-cmt-cat <br> intel-ipsec-mb <br> ioping <br> IP2Location <br> ipa-pgothic-fonts <br> ipcalc <br> ipmitool <br> iprutils <br> iptraf-ng <br> iptstate <br> irssi <br> iscsi-initiator-utils <br> isns-utils <br> iso-codes <br> isomd5sum <br> iw <br> iwd <br> jabberpy <br> jakarta-servlet <br> jasper <br> javapackages-bootstrap <br> javapackages-tools <br> jbigkit <br> jdom2 <br> jemalloc <br> jfsutils <br> jimtcl <br> jose <br> js-jquery <br> jsoncpp <br> Judy <br> jurand <br> kata-containers <br> kde-filesystem <br> kde-settings <br> kexec-tools <br> keybinder3 <br> keycloak-httpd-client-install <br> kf <br> kf-kconfig <br> kf-kcoreaddons <br> kf-ki18n <br> kf-kwidgetsaddons <br> kpmcore <br> kronosnet <br> ksh <br> kyotocabinet <br> kyua <br> ladspa <br> lame <br> langtable <br> lapack <br> lasso <br> latencytop <br> lato-fonts <br> lcms2 <br> lcov <br> ldns <br> leatherman <br> ledmon <br> lensfun <br> leveldb <br> lftp <br> libabw <br> libaec <br> libao <br> libappstream-glib <br> libarrow <br> libart_lgpl <br> libasyncns <br> libatasmart <br> libavc1394 <br> libblockdev <br> libbpf <br> libbsd <br> libburn <br> libbytesize <br> libcacard <br> libcanberra <br> libcdio <br> libcdio-paranoia <br> libcdr <br> libcgroup <br> libchewing <br> libcli <br> libcmis <br> libcmpiutil <br> libcomps <br> libcroco <br> libdaemon <br> libdap <br> libdatrie <br> libdazzle <br> libdbi <br> libdbusmenu <br> libdc1394 <br> libdecor <br> libdeflate <br> libdmx <br> libdnf <br> libdrm <br> libdvdnav <br> libdvdread <br> libdwarf <br> libeasyfc <br> libecap <br> libecb <br> libei <br> libell <br> libEMF <br> libeot <br> libepoxy <br> libepubgen <br> libesmtp <br> libetonyek <br> libev <br> libevdev <br> libexif <br> libexttextcat <br> libfabric <br> libfontenc <br> libfreehand <br> libftdi <br> libgadu <br> libgdither <br> libgee <br> libgee06 <br> libgeotiff <br> libgexiv2 <br> libgit2 <br> libgit2-glib <br> libglade2 <br> libglvnd <br> libgovirt <br> libgphoto2 <br> libgsf <br> libgta <br> libguestfs <br> libgusb <br> libgxim <br> libgxps <br> libhangul <br> libhugetlbfs <br> libibcommon <br> libical <br> libICE <br> libicns <br> libid3tag <br> libIDL <br> libidn2 <br> libiec61883 <br> libieee1284 <br> libimobiledevice <br> libindicator <br> libinput <br> libiodbc <br> libipt <br> libiptcdata <br> libiscsi <br> libisoburn <br> libisofs <br> libjcat <br> libkcapi <br> libkeepalive <br> libkkc <br> libkkc-data <br> libkml <br> liblangtag <br> libldb <br> libldm <br> liblerc <br> liblockfile <br> liblognorm <br> liblouis <br> liblqr-1 <br> liblzf <br> libmad <br> libmd <br> libmediaart <br> libmicrohttpd <br> libmikmod <br> libmodman <br> libmodplug <br> libmodulemd1 <br> libmpcdec <br> libmspub <br> libmtp <br> libmusicbrainz5 <br> libmwaw <br> libnbd <br> libnet <br> libnetfilter_log <br> libnfs <br> libnotify <br> libntlm <br> libnumbertext <br> libnvme <br> liboauth <br> libodfgen <br> libofa <br> libogg <br> liboggz <br> liboil <br> libomxil-bellagio <br> libopenraw <br> liboping <br> libosinfo <br> libotf <br> libotr <br> libpagemaker <br> libpaper <br> libpciaccess <br> libpeas <br> libpfm <br> libpinyin <br> libplist <br> libpmemobj-cpp <br> libpng12 <br> libpng15 <br> libproxy <br> libpsm2 <br> libpwquality <br> libqb <br> libqxp <br> libraqm <br> LibRaw <br> libraw1394 <br> libreport <br> libreswan <br> librevenge <br> librsvg2 <br> librx <br> libsamplerate <br> libsass <br> libsecret <br> libsemanage <br> libsigc++20 <br> libsigsegv <br> libslirp <br> libSM <br> libsmbios <br> libsmi <br> libsndfile <br> libsodium <br> libspiro <br> libsrtp <br> libssh <br> libstaroffice <br> libstemmer <br> libstoragemgmt <br> libtdb <br> libteam <br> libtevent <br> libthai <br> libtnc <br> libtomcrypt <br> libtommath <br> libtpms <br> libtracecmd <br> libtraceevent <br> libtracefs <br> libtranslit <br> libucil <br> libunicap <br> libuninameslist <br> liburing <br> libusbmuxd <br> libuser <br> libutempter <br> libvarlink <br> libverto <br> libvirt-dbus <br> libvirt-glib <br> libvirt-java <br> libvirt-python <br> libvisio <br> libvisual <br> libvoikko <br> libvorbis <br> libvpx <br> libwacom <br> libwnck3 <br> libwpd <br> libwpe <br> libwpg <br> libwps <br> libwvstreams <br> libX11 <br> libXau <br> libXaw <br> libxcb <br> libXcomposite <br> libxcrypt <br> libXcursor <br> libxcvt <br> libXdamage <br> libXdmcp <br> libXext <br> libxfce4util <br> libXfixes <br> libXfont2 <br> libXft <br> libXi <br> libXinerama <br> libxkbcommon <br> libxkbfile <br> libxklavier <br> libxmlb <br> libXmu <br> libXpm <br> libXrandr <br> libXrender <br> libXres <br> libXScrnSaver <br> libxshmfence <br> libXt <br> libXtst <br> libXv <br> libXxf86vm <br> libyami <br> libyang <br> libyubikey <br> libzip <br> libzmf <br> lilv <br> linuxconsoletools <br> linuxptp <br> lksctp-tools <br> lldpd <br> lockdev <br> logwatch <br> lpsolve <br> lrzsz <br> lua <br> lua-expat <br> lua-filesystem <br> lua-json <br> lua-lpeg <br> lua-lunit <br> lua-rpm-macros <br> lua-term <br> luajit <br> lujavrite <br> luksmeta <br> lutok <br> lv2 <br> lzip <br> lzop <br> m17n-db <br> m17n-lib <br> mac-robber <br> mailcap <br> mailx <br> malaga <br> malaga-suomi-voikko <br> mallard-rng <br> man-pages-cs <br> man-pages-es <br> man-pages-it <br> man-pages-ja <br> man-pages-ko <br> man-pages-pl <br> man-pages-ru <br> man-pages-zh-CN <br> mandoc <br> mariadb-connector-c <br> mariadb-connector-odbc <br> marisa <br> maven-compiler-plugin <br> maven-jar-plugin <br> maven-resolver <br> maven-resources-plugin <br> maven-surefire <br> maven-wagon <br> mcelog <br> mcpp <br> mcstrans <br> mdadm <br> mdds <br> mdevctl <br> meanwhile <br> mecab <br> mecab-ipadic <br> media-player-info <br> memcached <br> memkind <br> mesa <br> mesa-libGLU <br> metis <br> microcode_ctl <br> microdnf <br> minicom <br> minizip <br> mksh <br> mobile-broadband-provider-info <br> mock <br> mock-core-configs <br> mod_auth_gssapi <br> mod_auth_mellon <br> mod_auth_openidc <br> mod_authnz_pam <br> mod_fcgid <br> mod_http2 <br> mod_intercept_form_submit <br> mod_lookup_identity <br> mod_md <br> mod_security <br> mod_security_crs <br> mod_wsgi <br> mokutil <br> mosh <br> mpage <br> mrtg <br> mstflint <br> mt-st <br> mtdev <br> mtools <br> mtr <br> mtx <br> munge <br> mutt <br> mythes <br> mythes-bg <br> mythes-ca <br> mythes-cs <br> mythes-da <br> mythes-de <br> mythes-el <br> mythes-en <br> mythes-eo <br> mythes-es <br> mythes-fr <br> mythes-ga <br> mythes-hu <br> mythes-mi <br> mythes-ne <br> mythes-nl <br> mythes-pl <br> mythes-pt <br> mythes-ro <br> mythes-ru <br> mythes-sk <br> mythes-sl <br> mythes-sv <br> mythes-uk <br> nbd <br> nbdkit <br> neon <br> netavark <br> netcdf <br> netcf <br> netlabel_tools <br> netpbm <br> netsniff-ng <br> nfs4-acl-tools <br> nftables <br> nilfs-utils <br> nkf <br> nload <br> nlopt <br> nodejs-packaging <br> nss-mdns <br> nss-pam-ldapd <br> nss_nis <br> nss_wrapper <br> ntfs-3g <br> ntfs-3g-system-compression <br> numad <br> numatop <br> numpy <br> nvmetcli <br> nvml <br> oath-toolkit <br> ocaml <br> ocaml-alcotest <br> ocaml-astring <br> ocaml-augeas <br> ocaml-base <br> ocaml-bigarray-compat <br> ocaml-bisect-ppx <br> ocaml-calendar <br> ocaml-camlp-streams <br> ocaml-camlp5 <br> ocaml-camomile <br> ocaml-cinaps <br> ocaml-cmdliner <br> ocaml-compiler-libs-janestreet <br> ocaml-cppo <br> ocaml-csexp <br> ocaml-csv <br> ocaml-ctypes <br> ocaml-curses <br> ocaml-dune <br> ocaml-extlib <br> ocaml-fileutils <br> ocaml-findlib <br> ocaml-fmt <br> ocaml-fpath <br> ocaml-gettext <br> ocaml-integers <br> ocaml-libvirt <br> ocaml-luv <br> ocaml-lwt <br> ocaml-markup <br> ocaml-mmap <br> ocaml-num <br> ocaml-ocamlbuild <br> ocaml-ocplib-endian <br> ocaml-ounit <br> ocaml-parsexp <br> ocaml-pp <br> ocaml-ppx-derivers <br> ocaml-ppx-here <br> ocaml-ppx-let <br> ocaml-ppxlib <br> ocaml-re <br> ocaml-react <br> ocaml-result <br> ocaml-seq <br> ocaml-sexplib <br> ocaml-sexplib0 <br> ocaml-srpm-macros <br> ocaml-stdio <br> ocaml-stdlib-random <br> ocaml-topkg <br> ocaml-tyxml <br> ocaml-uutf <br> ocaml-xml-light <br> ocaml-zarith <br> ocl-icd <br> oddjob <br> ogdi <br> omping <br> opa <br> opal <br> open-vm-tools <br> openblas <br> opencc <br> opencl-filesystem <br> opencl-headers <br> opencryptoki <br> opencsd <br> opendnssec <br> OpenEXR <br> openjade <br> openjpeg2 <br> openmpi <br> openobex <br> openoffice-lv <br> openrdate <br> opensc <br> openslp <br> opensm <br> opensp <br> openssl <br> openssl-ibmpkcs11 <br> openssl-pkcs11 <br> openwsman <br> optipng <br> opus <br> opusfile <br> orangefs <br> ORBit2 <br> orc <br> os-prober <br> osinfo-db <br> osinfo-db-tools <br> overpass-fonts <br> p11-kit <br> p7zip <br> pacemaker <br> pacrunner <br> pakchois <br> pam_krb5 <br> pam_wrapper <br> papi <br> paps <br> parallel <br> patchelf <br> patchutils <br> pbzip2 <br> pcp <br> pcsc-lite <br> pcsc-lite-ccid <br> PEGTL <br> perl <br> perl-Algorithm-C3 <br> perl-Algorithm-Diff <br> perl-Alien-Build <br> perl-Alien-pkgconf <br> perl-AnyEvent <br> perl-AnyEvent-AIO <br> perl-AnyEvent-BDB <br> perl-App-cpanminus <br> perl-App-FatPacker <br> perl-AppConfig <br> perl-Archive-Extract <br> perl-Archive-Zip <br> perl-Authen-SASL <br> perl-B-COW <br> perl-B-Debug <br> perl-B-Hooks-EndOfScope <br> perl-B-Hooks-OP-Check <br> perl-B-Keywords <br> perl-B-Lint <br> perl-bareword-filehandles <br> perl-Bit-Vector <br> perl-boolean <br> perl-Browser-Open <br> perl-BSD-Resource <br> perl-Business-ISBN <br> perl-Business-ISBN-Data <br> perl-Bytes-Random-Secure <br> perl-Capture-Tiny <br> perl-Carp-Clan <br> perl-CBOR-XS <br> perl-Class-Accessor <br> perl-Class-C3 <br> perl-Class-C3-XS <br> perl-Class-Data-Inheritable <br> perl-Class-Factory-Util <br> perl-Class-Inspector <br> perl-Class-ISA <br> perl-Class-Load <br> perl-Class-Load-XS <br> perl-Class-Method-Modifiers <br> perl-Class-Singleton <br> perl-Class-Tiny <br> perl-Class-XSAccessor <br> perl-Clone <br> perl-Color-ANSI-Util <br> perl-Color-RGB-Util <br> perl-ColorThemeBase-Static <br> perl-ColorThemeRole-ANSI <br> perl-ColorThemes-Standard <br> perl-ColorThemeUtil-ANSI <br> perl-Compress-Bzip2 <br> perl-Compress-LZF <br> perl-Compress-Raw-Lzma <br> perl-Config-AutoConf <br> perl-Config-INI <br> perl-Config-INI-Reader-Multiline <br> perl-Config-IniFiles <br> perl-Config-Simple <br> perl-Config-Tiny <br> perl-Const-Fast <br> perl-Convert-ASN1 <br> perl-Convert-Bencode <br> perl-Coro <br> perl-Coro-Multicore <br> perl-CPAN-Changes <br> perl-CPAN-DistnameInfo <br> perl-CPAN-Meta-Check <br> perl-Cpanel-JSON-XS <br> perl-Crypt-CBC <br> perl-Crypt-DES <br> perl-Crypt-IDEA <br> perl-Crypt-OpenSSL-Bignum <br> perl-Crypt-OpenSSL-Guess <br> perl-Crypt-OpenSSL-Random <br> perl-Crypt-OpenSSL-RSA <br> perl-Crypt-PasswdMD5 <br> perl-Crypt-Random-Seed <br> perl-CSS-Tiny <br> perl-Data-Dump <br> perl-Data-Munge <br> perl-Data-OptList <br> perl-Data-Peek <br> perl-Data-Section <br> perl-Data-UUID <br> perl-Date-Calc <br> perl-Date-ISO8601 <br> perl-Date-Manip <br> perl-DateTime <br> perl-DateTime-Format-Builder <br> perl-DateTime-Format-DateParse <br> perl-DateTime-Format-HTTP <br> perl-DateTime-Format-IBeat <br> perl-DateTime-Format-ISO8601 <br> perl-DateTime-Format-Mail <br> perl-DateTime-Format-Strptime <br> perl-DateTime-Locale <br> perl-DateTime-TimeZone <br> perl-DateTime-TimeZone-SystemV <br> perl-DateTime-TimeZone-Tzfile <br> perl-DBD-MySQL <br> perl-Devel-CallChecker <br> perl-Devel-Caller <br> perl-Devel-CheckBin <br> perl-Devel-CheckLib <br> perl-Devel-Cycle <br> perl-Devel-EnforceEncapsulation <br> perl-Devel-GlobalDestruction <br> perl-Devel-GlobalDestruction-XS <br> perl-Devel-Hide <br> perl-Devel-Leak <br> perl-Devel-LexAlias <br> perl-Devel-Refcount <br> perl-Devel-Size <br> perl-Devel-StackTrace <br> perl-Devel-Symdump <br> perl-Digest-BubbleBabble <br> perl-Digest-CRC <br> perl-Digest-HMAC <br> perl-Digest-SHA1 <br> perl-Dist-CheckConflicts <br> perl-DynaLoader-Functions <br> perl-Email-Address <br> perl-Email-Date-Format <br> perl-Encode-Detect <br> perl-Encode-EUCJPASCII <br> perl-Encode-IMAPUTF7 <br> perl-Encode-Locale <br> perl-Env-ShellWords <br> perl-Error <br> perl-EV <br> perl-Eval-Closure <br> perl-Event <br> perl-Exception-Class <br> perl-Expect <br> perl-ExtUtils-Config <br> perl-ExtUtils-Depends <br> perl-ExtUtils-Helpers <br> perl-ExtUtils-InstallPaths <br> perl-ExtUtils-PkgConfig <br> perl-FCGI <br> perl-Fedora-VSP <br> perl-FFI-CheckLib <br> perl-File-BaseDir <br> perl-File-BOM <br> perl-File-chdir <br> perl-File-CheckTree <br> perl-File-Copy-Recursive <br> perl-File-DesktopEntry <br> perl-File-Find-Object <br> perl-File-Find-Object-Rule <br> perl-File-Find-Rule <br> perl-File-Find-Rule-Perl <br> perl-File-Inplace <br> perl-File-Listing <br> perl-File-MimeInfo <br> perl-File-pushd <br> perl-File-ReadBackwards <br> perl-File-Remove <br> perl-File-ShareDir <br> perl-File-ShareDir-Install <br> perl-File-Slurp <br> perl-File-Slurp-Tiny <br> perl-File-Slurper <br> perl-File-Type <br> perl-Font-TTF <br> perl-FreezeThaw <br> perl-GD <br> perl-GD-Barcode <br> perl-generators <br> perl-Getopt-ArgvFile <br> perl-gettext <br> perl-Graphics-ColorNamesLite-WWW <br> perl-GSSAPI <br> perl-Guard <br> perl-Hook-LexWrap <br> perl-HTML-Parser <br> perl-HTML-Tagset <br> perl-HTML-Tree <br> perl-HTTP-Cookies <br> perl-HTTP-Daemon <br> perl-HTTP-Date <br> perl-HTTP-Message <br> perl-HTTP-Negotiate <br> perl-Image-Base <br> perl-Image-Info <br> perl-Image-Xbm <br> perl-Image-Xpm <br> perl-Import-Into <br> perl-Importer <br> perl-inc-latest <br> perl-indirect <br> perl-Inline-Files <br> perl-IO-AIO <br> perl-IO-All <br> perl-IO-CaptureOutput <br> perl-IO-Compress-Lzma <br> perl-IO-HTML <br> perl-IO-Multiplex <br> perl-IO-SessionData <br> perl-IO-Socket-INET6 <br> perl-IO-String <br> perl-IO-stringy <br> perl-IO-Tty <br> perl-IPC-Run <br> perl-IPC-Run3 <br> perl-IPC-System-Simple <br> perl-JSON <br> perl-JSON-Color <br> perl-JSON-MaybeXS <br> perl-LDAP <br> perl-libnet <br> perl-libwww-perl <br> perl-libxml-perl <br> perl-Lingua-EN-Inflect <br> perl-List-MoreUtils-XS <br> perl-local-lib <br> perl-Locale-Codes <br> perl-Locale-Maketext-Gettext <br> perl-Locale-Msgfmt <br> perl-Locale-PO <br> perl-Log-Message <br> perl-Log-Message-Simple <br> perl-LWP-MediaTypes <br> perl-LWP-Protocol-https <br> perl-Mail-AuthenticationResults <br> perl-Mail-DKIM <br> perl-Mail-IMAPTalk <br> perl-Mail-SPF <br> perl-MailTools <br> perl-Match-Simple <br> perl-Math-Int64 <br> perl-Math-Random-ISAAC <br> perl-MIME-Charset <br> perl-MIME-Lite <br> perl-MIME-Types <br> perl-Mixin-Linewise <br> perl-MLDBM <br> perl-Mock-Config <br> perl-Module-Build-Tiny <br> perl-Module-CPANfile <br> perl-Module-Implementation <br> perl-Module-Install-AuthorRequires <br> perl-Module-Install-AuthorTests <br> perl-Module-Install-AutoLicense <br> perl-Module-Install-GithubMeta <br> perl-Module-Install-ManifestSkip <br> perl-Module-Install-ReadmeFromPod <br> perl-Module-Install-ReadmeMarkdownFromPod <br> perl-Module-Install-Repository <br> perl-Module-Install-TestBase <br> perl-Module-Load-Util <br> perl-Module-Manifest <br> perl-Module-Manifest-Skip <br> perl-Module-Package <br> perl-Module-Package-Au <br> perl-Module-Pluggable <br> perl-Module-Runtime <br> perl-Module-Signature <br> perl-Mojolicious <br> perl-Moo <br> perl-Mozilla-CA <br> perl-Mozilla-LDAP <br> perl-MRO-Compat <br> perl-multidimensional <br> perl-namespace-autoclean <br> perl-namespace-clean <br> perl-Net-CIDR-Lite <br> perl-Net-Daemon <br> perl-Net-DNS <br> perl-Net-DNS-Resolver-Mock <br> perl-Net-DNS-Resolver-Programmable <br> perl-Net-HTTP <br> perl-Net-IMAP-Simple <br> perl-Net-IMAP-Simple-SSL <br> perl-Net-IP <br> perl-Net-LibIDN2 <br> perl-Net-Patricia <br> perl-Net-SMTP-SSL <br> perl-Net-SNMP <br> perl-Net-Telnet <br> perl-Newt <br> perl-NNTPClient <br> perl-NTLM <br> perl-Number-Compare <br> perl-Object-Deadly <br> perl-Object-HashBase <br> perl-Package-Anon <br> perl-Package-Constants <br> perl-Package-DeprecationManager <br> perl-Package-Generator <br> perl-Package-Stash <br> perl-Package-Stash-XS <br> perl-PadWalker <br> perl-Paper-Specs <br> perl-PAR-Dist <br> perl-Parallel-Iterator <br> perl-Params-Classify <br> perl-Params-Util <br> perl-Params-Validate <br> perl-Params-ValidationCompiler <br> perl-Parse-PMFile <br> perl-Parse-RecDescent <br> perl-Parse-Yapp <br> perl-Path-Tiny <br> perl-Perl-Critic <br> perl-Perl-Critic-More <br> perl-Perl-Destruct-Level <br> perl-Perl-MinimumVersion <br> perl-Perl4-CoreLibs <br> perl-PerlIO-gzip <br> perl-PerlIO-utf8_strict <br> perl-PkgConfig-LibPkgConf <br> perl-Pod-Coverage <br> perl-Pod-Coverage-TrustPod <br> perl-Pod-Escapes <br> perl-Pod-Eventual <br> perl-Pod-LaTeX <br> perl-Pod-Markdown <br> perl-Pod-Parser <br> perl-Pod-Plainer <br> perl-Pod-POM <br> perl-Pod-Spell <br> perl-PPI <br> perl-PPI-HTML <br> perl-PPIx-QuoteLike <br> perl-PPIx-Regexp <br> perl-PPIx-Utilities <br> perl-prefork <br> perl-Probe-Perl <br> perl-Razor-Agent <br> perl-Readonly <br> perl-Readonly-XS <br> perl-Ref-Util <br> perl-Ref-Util-XS <br> perl-Regexp-Pattern-Perl <br> perl-Return-MultiLevel <br> perl-Role-Tiny <br> perl-Scope-Guard <br> perl-Scope-Upper <br> perl-SGMLSpm <br> perl-SNMP_Session <br> perl-Socket6 <br> perl-Software-License <br> perl-Sort-Versions <br> perl-Specio <br> perl-Spiffy <br> perl-strictures <br> perl-String-CRC32 <br> perl-String-Format <br> perl-String-ShellQuote <br> perl-String-Similarity <br> perl-Sub-Exporter <br> perl-Sub-Exporter-Progressive <br> perl-Sub-Identify <br> perl-Sub-Infix <br> perl-Sub-Info <br> perl-Sub-Install <br> perl-Sub-Name <br> perl-Sub-Quote <br> perl-Sub-Uplevel <br> perl-SUPER <br> perl-Switch <br> perl-Syntax-Highlight-Engine-Kate <br> perl-Sys-CPU <br> perl-Sys-MemInfo <br> perl-Sys-Virt <br> perl-Taint-Runtime <br> perl-Task-Weaken <br> perl-Term-Size-Any <br> perl-Term-Size-Perl <br> perl-Term-Table <br> perl-Term-UI <br> perl-TermReadKey <br> perl-Test-Base <br> perl-Test-ClassAPI <br> perl-Test-CPAN-Meta <br> perl-Test-CPAN-Meta-JSON <br> perl-Test-Deep <br> perl-Test-Differences <br> perl-Test-DistManifest <br> perl-Test-Distribution <br> perl-Test-EOL <br> perl-Test-Exception <br> perl-Test-Exit <br> perl-Test-FailWarnings <br> perl-Test-Fatal <br> perl-Test-File <br> perl-Test-File-ShareDir <br> perl-Test-Harness <br> perl-Test-HasVersion <br> perl-Test-InDistDir <br> perl-Test-Inter <br> perl-Test-LeakTrace <br> perl-Test-LongString <br> perl-Test-Manifest <br> perl-Test-Memory-Cycle <br> perl-Test-MinimumVersion <br> perl-Test-MockObject <br> perl-Test-MockRandom <br> perl-Test-Needs <br> perl-Test-NoTabs <br> perl-Test-NoWarnings <br> perl-Test-Object <br> perl-Test-Output <br> perl-Test-Pod <br> perl-Test-Pod-Coverage <br> perl-Test-Portability-Files <br> perl-Test-Requires <br> perl-Test-RequiresInternet <br> perl-Test-Script <br> perl-Test-Simple <br> perl-Test-SubCalls <br> perl-Test-Synopsis <br> perl-Test-Taint <br> perl-Test-TrailingSpace <br> perl-Test-utf8 <br> perl-Test-Vars <br> perl-Test-Warn <br> perl-Test-Without-Module <br> perl-Test2-Plugin-NoWarnings <br> perl-Test2-Suite <br> perl-Test2-Tools-Explain <br> perl-Text-CharWidth <br> perl-Text-CSV_XS <br> perl-Text-Diff <br> perl-Text-Glob <br> perl-Text-Iconv <br> perl-Text-Soundex <br> perl-Text-Unidecode <br> perl-Text-WrapI18N <br> perl-Tie-IxHash <br> perl-TimeDate <br> perl-Tree-DAG_Node <br> perl-Unicode-EastAsianWidth <br> perl-Unicode-LineBreak <br> perl-Unicode-Map8 <br> perl-Unicode-String <br> perl-Unicode-UTF8 <br> perl-UNIVERSAL-can <br> perl-UNIVERSAL-isa <br> perl-Unix-Syslog <br> perl-URI <br> perl-Variable-Magic <br> perl-Version-Requirements <br> perl-WWW-RobotRules <br> perl-XML-Catalog <br> perl-XML-DOM <br> perl-XML-Dumper <br> perl-XML-Filter-BufferText <br> perl-XML-Generator <br> perl-XML-Grove <br> perl-XML-Handler-YAWriter <br> perl-XML-LibXML <br> perl-XML-LibXSLT <br> perl-XML-NamespaceSupport <br> perl-XML-Parser-Lite <br> perl-XML-RegExp <br> perl-XML-SAX <br> perl-XML-SAX-Base <br> perl-XML-SAX-Writer <br> perl-XML-Simple <br> perl-XML-TokeParser <br> perl-XML-TreeBuilder <br> perl-XML-Twig <br> perl-XML-Writer <br> perl-XML-XPath <br> perl-XML-XPathEngine <br> perl-XString <br> perl-YAML-LibYAML <br> perl-YAML-PP <br> perl-YAML-Syck <br> perltidy <br> pesign <br> phodav <br> php <br> php-pear <br> php-pecl-apcu <br> php-pecl-zip <br> physfs <br> picosat <br> pinfo <br> pipewire <br> pixman <br> pkcs11-helper <br> pkgconf <br> plexus-cipher <br> plexus-containers <br> plexus-sec-dispatcher <br> plotutils <br> pmdk-convert <br> pmix <br> pngcrush <br> pngnq <br> po4a <br> podman <br> poetry <br> policycoreutils <br> polkit-pkla-compat <br> polkit-qt-1 <br> portreserve <br> postfix <br> potrace <br> powertop <br> ppp <br> pps-tools <br> pptp <br> priv_wrapper <br> procmail <br> prometheus <br> prometheus-node-exporter <br> ps_mem <br> psacct <br> pssh <br> psutils <br> ptlib <br> publicsuffix-list <br> pugixml <br> pulseaudio <br> puppet <br> pwgen <br> pyatspi <br> pybind11 <br> pycairo <br> pyelftools <br> pyflakes <br> pygobject3 <br> PyGreSQL <br> pykickstart <br> pylint <br> pyparted <br> pyproject-rpm-macros <br> pyserial <br> python-absl-py <br> python-aiodns <br> python-aiohttp <br> python-alsa <br> python-argcomplete <br> python-argparse-manpage <br> python-astroid <br> python-astunparse <br> python-async-generator <br> python-augeas <br> python-azure-sdk <br> python-beautifulsoup4 <br> python-betamax <br> python-blinker <br> python-blivet <br> python-cached_property <br> python-charset-normalizer <br> python-cheetah <br> python-click <br> python-cmd2 <br> python-colorama <br> python-CommonMark <br> python-conda-package-handling <br> python-configshell <br> python-cpuinfo <br> python-cups <br> python-curio <br> python-cytoolz <br> python-d2to1 <br> python-dbus-client-gen <br> python-dbus-python-client-gen <br> python-dbus-signature-pyparsing <br> python-dbusmock <br> python-ddt <br> python-debtcollector <br> python-decorator <br> python-distlib <br> python-dmidecode <br> python-dns <br> python-dtopt <br> python-dulwich <br> python-editables <br> python-enchant <br> python-entrypoints <br> python-ethtool <br> python-evdev <br> python-extras <br> python-faker <br> python-fasteners <br> python-fastjsonschema <br> python-fields <br> python-filelock <br> python-fixtures <br> python-flake8 <br> python-flask <br> python-flit <br> python-flit-core <br> python-fluidity-sm <br> python-frozendict <br> python-funcsigs <br> python-gast <br> python-genshi <br> python-google-auth <br> python-google-auth-oauthlib <br> python-greenlet <br> python-gssapi <br> python-h5py <br> python-hatch-fancy-pypi-readme <br> python-hatch-vcs <br> python-hatchling <br> python-hs-dbus-signature <br> python-html5lib <br> python-httplib2 <br> python-humanize <br> python-hwdata <br> python-importlib-metadata <br> python-inotify <br> python-into-dbus-python <br> python-IPy <br> python-iso8601 <br> python-isodate <br> python-isort <br> python-itsdangerous <br> python-junitxml <br> python-justbases <br> python-justbytes <br> python-jwcrypto <br> python-jwt <br> python-kdcproxy <br> python-kerberos <br> python-kmod <br> python-kubernetes <br> python-lark <br> python-lazy-object-proxy <br> python-ldap <br> python-linux-procfs <br> python-lit <br> python-looseversion <br> python-markdown <br> python-markdown-it-py <br> python-mccabe <br> python-mdurl <br> python-memcached <br> python-mimeparse <br> python-mock <br> python-monotonic <br> python-more-itertools <br> python-mpmath <br> python-msal <br> python-msrestazure <br> python-mutagen <br> python-networkx <br> python-nose2 <br> python-ntlm-auth <br> python-oauth2client <br> python-openpyxl <br> python-openstackdocstheme <br> python-oslo-i18n <br> python-oslo-sphinx <br> python-paramiko <br> python-pathspec <br> python-pefile <br> python-pexpect <br> python-pkgconfig <br> python-platformdirs <br> python-pluggy <br> python-podman-api <br> python-poetry-core <br> python-process-tests <br> python-productmd <br> python-ptyprocess <br> python-pycares <br> python-pycosat <br> python-pydbus <br> python-pymongo <br> python-PyMySQL <br> python-pyperclip <br> python-pyproject-metadata <br> python-pyroute2 <br> python-pyrsistent <br> python-pysocks <br> python-pytest-benchmark <br> python-pytest-cov <br> python-pytest-expect <br> python-pytest-flake8 <br> python-pytest-flakes <br> python-pytest-forked <br> python-pytest-mock <br> python-pytest-relaxed <br> python-pytest-runner <br> python-pytest-subtests <br> python-pytest-timeout <br> python-pytest-xdist <br> python-pytoml <br> python-pyudev <br> python-pywbem <br> python-qrcode <br> python-rdflib <br> python-recommonmark <br> python-requests-file <br> python-requests-ftp <br> python-requests-kerberos <br> python-requests-mock <br> python-requests-oauthlib <br> python-requests-toolbelt <br> python-requests_ntlm <br> python-responses <br> python-retrying <br> python-rfc3986 <br> python-rich <br> python-rpm-generators <br> python-rpmfluff <br> python-rtslib <br> python-ruamel-yaml <br> python-ruamel-yaml-clib <br> python-s3transfer <br> python-schedutils <br> python-semantic_version <br> python-should_dsl <br> python-simpleline <br> python-slip <br> python-sniffio <br> python-sortedcontainers <br> python-soupsieve <br> python-sphinx <br> python-sphinx-epytext <br> python-sphinx-theme-py3doc-enhanced <br> python-sphinx_rtd_theme <br> python-sphinxcontrib-apidoc <br> python-sphinxcontrib-applehelp <br> python-sphinxcontrib-devhelp <br> python-sphinxcontrib-htmlhelp <br> python-sphinxcontrib-httpdomain <br> python-sphinxcontrib-jsmath <br> python-sphinxcontrib-qthelp <br> python-sphinxcontrib-serializinghtml <br> python-sqlalchemy <br> python-suds <br> python-systemd <br> python-tempita <br> python-templated-dictionary <br> python-termcolor <br> python-testpath <br> python-testresources <br> python-testscenarios <br> python-testtools <br> python-tidy <br> python-toml <br> python-tomli <br> python-toolz <br> python-tornado <br> python-tox <br> python-tox-current-env <br> python-tqdm <br> python-trio <br> python-trove-classifiers <br> python-typing-extensions <br> python-uamqp <br> python-unittest2 <br> python-uritemplate <br> python-urwid <br> python-varlink <br> python-versioneer <br> python-virt-firmware <br> python-voluptuous <br> python-waitress <br> python-webencodings <br> python-webtest <br> python-wheel <br> python-whoosh <br> python-winrm <br> python-wrapt <br> python-xlrd <br> python-xlsxwriter <br> python-xmltodict <br> python-yubico <br> python-zipp <br> python-zmq <br> python-zstd <br> python3-mallard-ducktype <br> python3-pytest-asyncio <br> python3-typed_ast <br> pyusb <br> pywbem <br> pyxattr <br> qemu <br> qhull <br> qpdf <br> qperf <br> qr-code-generator <br> qt-rpm-macros <br> qt5-qtconnectivity <br> qt5-qtsensors <br> qt5-qtserialport <br> qtbase <br> qtdeclarative <br> qtsvg <br> qttools <br> quagga <br> quota <br> radvd <br> ragel <br> raptor2 <br> rarian <br> rasdaemon <br> rasqal <br> rcs <br> rdist <br> rdma-core <br> re2 <br> re2c <br> realmd <br> rear <br> recode <br> resource-agents <br> rest <br> rhash <br> rlwrap <br> rp-pppoe <br> rpm-mpi-hooks <br> rpmdevtools <br> rpmlint <br> rr <br> rtkit <br> rtl-sdr <br> ruby-augeas <br> rubygem-bson <br> rubygem-coderay <br> rubygem-diff-lcs <br> rubygem-flexmock <br> rubygem-hpricot <br> rubygem-introspection <br> rubygem-liquid <br> rubygem-maruku <br> rubygem-metaclass <br> rubygem-mongo <br> rubygem-mustache <br> rubygem-mysql2 <br> rubygem-pkg-config <br> rubygem-rake <br> rubygem-rake-compiler <br> rubygem-ronn <br> rubygem-rouge <br> rubygem-rspec <br> rubygem-rspec-expectations <br> rubygem-rspec-mocks <br> rubygem-rspec-support <br> rubygem-thread_order <br> rusers <br> rust-cbindgen <br> samba <br> sanlock <br> sassist <br> satyr <br> sbc <br> sblim-cim-client2 <br> sblim-cmpi-base <br> sblim-cmpi-devel <br> sblim-cmpi-fsvol <br> sblim-cmpi-network <br> sblim-cmpi-nfsv3 <br> sblim-cmpi-nfsv4 <br> sblim-cmpi-params <br> sblim-cmpi-sysfs <br> sblim-cmpi-syslog <br> sblim-indication_helper <br> sblim-sfcb <br> sblim-sfcc <br> sblim-sfcCommon <br> sblim-testsuite <br> sblim-wbemcli <br> scl-utils <br> scotch <br> screen <br> scrub <br> SDL <br> SDL2 <br> SDL_sound <br> sdparm <br> seabios <br> secilc <br> selinux-policy <br> serd <br> setools <br> setserial <br> setuptool <br> sgabios <br> sgml-common <br> sgpio <br> shared-mime-info <br> sharutils <br> sip <br> sisu <br> skkdic <br> sleuthkit <br> slirp4netns <br> smartmontools <br> smc-tools <br> socket_wrapper <br> softhsm <br> sombok <br> sord <br> sos <br> sound-theme-freedesktop <br> soundtouch <br> sox <br> soxr <br> sparsehash <br> spausedd <br> speex <br> speexdsp <br> spice-protocol <br> spice-vdagent <br> spirv-headers <br> spirv-tools <br> splix <br> squashfs-tools <br> squid <br> sratom <br> sscg <br> star <br> startup-notification <br> stress-ng <br> stunnel <br> subscription-manager <br> subunit <br> suitesparse <br> SuperLU <br> supermin <br> switcheroo-control <br> swtpm <br> symlinks <br> sympy <br> sysfsutils <br> systemd <br> systemd-bootchart <br> t1lib <br> t1utils <br> taglib <br> tang <br> targetcli <br> tbb <br> tcl-pgtcl <br> tclx <br> teckit <br> telnet <br> thrift <br> tidy <br> time <br> tini <br> tinycdb <br> tix <br> tk <br> tlog <br> tmpwatch <br> tn5250 <br> tofrodos <br> tokyocabinet <br> trace-cmd <br> tss2 <br> ttembed <br> ttmkfdir <br> tuna <br> twolame <br> uchardet <br> uclibc-ng <br> ucpp <br> ucs-miscfixed-fonts <br> ucx <br> udftools <br> udica <br> udisks2 <br> uglify-js <br> uid_wrapper <br> unicode-emoji <br> unicode-ucd <br> unique3 <br> units <br> upower <br> uriparser <br> urlview <br> usb_modeswitch <br> usb_modeswitch-data <br> usbguard <br> usbip <br> usbmuxd <br> usbredir <br> usermode <br> ustr <br> uthash <br> uuid <br> uw-imap <br> v4l-utils <br> vhostmd <br> vino <br> virglrenderer <br> virt-p2v <br> virt-top <br> virt-what <br> virt-who <br> vitess <br> vmem <br> volume_key <br> vorbis-tools <br> vte291 <br> vulkan-headers <br> vulkan-loader <br> watchdog <br> wavpack <br> wayland <br> wayland-protocols <br> web-assets <br> webrtc-audio-processing <br> websocketpp <br> wget <br> whois <br> wireguard-tools <br> wireless-regdb <br> wireshark <br> woff2 <br> wordnet <br> words <br> wpebackend-fdo <br> wsmancli <br> wvdial <br> x3270 <br> xapian-core <br> Xaw3d <br> xcb-proto <br> xcb-util <br> xcb-util-image <br> xcb-util-keysyms <br> xcb-util-renderutil <br> xcb-util-wm <br> xdelta <br> xdg-dbus-proxy <br> xdg-utils <br> xdp-tools <br> xerces-c <br> xfconf <br> xfsdump <br> xhtml1-dtds <br> xkeyboard-config <br> xmlstarlet <br> xmltoman <br> xmvn <br> xorg-x11-apps <br> xorg-x11-drv-libinput <br> xorg-x11-font-utils <br> xorg-x11-fonts <br> xorg-x11-proto-devel <br> xorg-x11-server <br> xorg-x11-server-utils <br> xorg-x11-server-Xwayland <br> xorg-x11-util-macros <br> xorg-x11-utils <br> xorg-x11-xauth <br> xorg-x11-xbitmaps <br> xorg-x11-xinit <br> xorg-x11-xkb-utils <br> xorg-x11-xtrans-devel <br> xrestop <br> xterm <br> xxhash <br> yajl <br> yaml-cpp <br> yasm <br> yelp-tools <br> yelp-xsl <br> ykclient <br> yp-tools <br> ypbind <br> ypserv <br> z3 <br> zenity <br> zerofree <br> zfs-fuse <br> zipper <br> zopfli <br> zziplib |
 | Fedora (Copyright Remi Collet) | [CC-BY-SA 4.0](https://creativecommons.org/licenses/by-sa/4.0/legalcode) | libmemcached-awesome <br> librabbitmq |
 | Fedora (ISC) | [ISC License](https://github.com/sarugaku/resolvelib/blob/main/LICENSE) | python-resolvelib |
 | Magnus Edenhill Open Source | [Magnus Edenhill Open Source BSD License](https://github.com/jemalloc/jemalloc/blob/dev/COPYING) | librdkafka |
diff --git a/LICENSES-AND-NOTICES/SPECS/data/licenses.json b/LICENSES-AND-NOTICES/SPECS/data/licenses.json
index e5561df2ad7..9748403e8a5 100644
--- a/LICENSES-AND-NOTICES/SPECS/data/licenses.json
+++ b/LICENSES-AND-NOTICES/SPECS/data/licenses.json
@@ -35,6 +35,7 @@
         "Fedora": {
             "license": "[Fedora MIT License Declaration](https://fedoraproject.org/wiki/Licensing:Main?rd=Licensing#License_of_Fedora_SPEC_Files)",
             "specs": [
+                "389-ds-base",
                 "a52dec",
                 "abseil-cpp",
                 "accountsservice",
diff --git a/SPECS-EXTENDED/389-ds-base/389-ds-base-devel.README b/SPECS-EXTENDED/389-ds-base/389-ds-base-devel.README
new file mode 100644
index 00000000000..c411a613f81
--- /dev/null
+++ b/SPECS-EXTENDED/389-ds-base/389-ds-base-devel.README
@@ -0,0 +1,4 @@
+For detailed information on developing plugins for 389 Directory Server visit
+
+https://www.port389.org/docs/389ds/design/plugins.html
+https://github.com/389ds/389-ds-base/blob/main/src/slapi_r_plugin/README.md
diff --git a/SPECS-EXTENDED/389-ds-base/389-ds-base.signatures.json b/SPECS-EXTENDED/389-ds-base/389-ds-base.signatures.json
new file mode 100644
index 00000000000..442d2e42450
--- /dev/null
+++ b/SPECS-EXTENDED/389-ds-base/389-ds-base.signatures.json
@@ -0,0 +1,8 @@
+{
+ "Signatures": {
+  "389-ds-base-3.1.1.tar.bz2": "e111c4bc3ad2efa5d73a7d7a18d03ff84ee53afa25b631a8a31cd19cb0fe854b",
+  "389-ds-base-devel.README": "f69e816db24e12423e921ea6a1b3d6cd326715eae9079646358143018fff75fe",
+  "389-ds-base.sysusers": "c710a2b07565c29e5293d42cab8519cc0351a0d772e0e13693be0ed4ea6a19bf",
+  "jemalloc-5.3.0.tar.bz2": "2db82d1e7119df3e71b7640219b6dfe84789bc0537983c3b7ac4f7189aecfeaa"
+ }
+}
\ No newline at end of file
diff --git a/SPECS-EXTENDED/389-ds-base/389-ds-base.spec b/SPECS-EXTENDED/389-ds-base/389-ds-base.spec
new file mode 100644
index 00000000000..0b608b1caa9
--- /dev/null
+++ b/SPECS-EXTENDED/389-ds-base/389-ds-base.spec
@@ -0,0 +1,1251 @@
+%global pkgname dirsrv
+%global bash_completions_dir %{_datadir}/bash-completion/%{name}/
+
+# Exclude i686 bit arches
+ExcludeArch: i686
+
+%bcond bundle_jemalloc 1
+%if %{with bundle_jemalloc}
+%global jemalloc_name jemalloc
+%global jemalloc_ver 5.3.0
+%global __provides_exclude ^libjemalloc\\.so.*$
+%endif
+
+%bcond bundle_libdb 0
+%if %{with bundle_libdb}
+%global libdb_version 5.3
+%global libdb_base_version db-%{libdb_version}.28
+%global libdb_full_version lib%{libdb_base_version}-59
+%global libdb_bundle_name libdb-%{libdb_version}-389ds.so
+%if 0%{?fedora} >= 41 || 0%{?rhel} >= 11
+# RPM 4.20
+%global libdb_base_dir lib%{libdb_base_version}-build/%{libdb_base_version}
+%else
+%global libdb_base_dir %{libdb_base_version}
+%endif
+%endif
+
+# This is used in certain builds to help us know if it has extra features.
+%global variant base
+# This enables a sanitized build.
+%bcond asan 0
+%bcond msan 0
+%bcond tsan 0
+%bcond ubsan 0
+
+%if %{with asan} || %{with msan} || %{with tsan} || %{with ubsan}
+%global variant base-xsan
+%endif
+
+# Use Clang instead of GCC
+%bcond clang 0
+%if %{with msan}
+%bcond clang 1
+%endif
+
+%if %{with clang}
+%global toolchain clang
+%global _missing_build_ids_terminate_build 0
+%endif
+
+# Build cockpit plugin
+%bcond cockpit 0
+
+# fedora 15 and later uses tmpfiles.d
+# otherwise, comment this out
+%{!?with_tmpfiles_d: %global with_tmpfiles_d %{_sysconfdir}/tmpfiles.d}
+
+# systemd support
+%global groupname %{pkgname}.target
+
+# Filter argparse-manpage from autogenerated package Requires
+%global __requires_exclude ^python.*argparse-manpage
+
+# Force to require nss version greater or equal as the version available at the build time
+# See bz1986327
+%define dirsrv_requires_ge()  %(LC_ALL="C" echo '%*' | xargs -r rpm -q --qf 'Requires: %%{name} >= %%{epoch}:%%{version}\\n' | sed -e 's/ (none):/ /' -e 's/ 0:/ /' | grep -v "is not")
+
+Summary:          389 Directory Server (%{variant})
+Name:             389-ds-base
+Version:          3.1.1
+Release:          2%{?dist}
+License:          GPL-3.0-or-later AND (0BSD OR Apache-2.0 OR MIT) AND (Apache-2.0 OR Apache-2.0 WITH LLVM-exception OR MIT) AND (Apache-2.0 OR BSL-1.0) AND (Apache-2.0 OR MIT OR Zlib) AND (Apache-2.0 OR MIT) AND (CC-BY-4.0 AND MIT) AND (MIT OR Apache-2.0) AND Unicode-DFS-2016 AND (MIT OR CC0-1.0) AND (MIT OR Unlicense) AND 0BSD AND Apache-2.0 AND BSD-2-Clause AND BSD-3-Clause AND ISC AND MIT AND MIT AND ISC AND MPL-2.0 AND PSF-2.0
+URL:              https://www.port389.org
+Vendor:           Microsoft Corporation
+Distribution:     Azure Linux
+Source0:          https://github.com/389ds/389-ds-base/releases/download/%{name}-%{version}/%{name}-%{version}.tar.bz2
+Source2:          %{name}-devel.README
+%if %{with bundle_jemalloc}
+Source3:          https://github.com/jemalloc/%{jemalloc_name}/releases/download/%{jemalloc_ver}/%{jemalloc_name}-%{jemalloc_ver}.tar.bz2
+%endif
+Source4:          389-ds-base.sysusers
+%if %{with bundle_libdb}
+Source5:          https://fedorapeople.org/groups/389ds/libdb-5.3.28-59.tar.bz2
+%endif
+
+Provides:         ldif2ldbm >= 0
+
+# Attach the buildrequires to the top level package:
+BuildRequires:    nspr-devel
+BuildRequires:    nss-devel
+BuildRequires:    openldap-clients
+BuildRequires:    openldap-devel
+BuildRequires:    lmdb-devel
+BuildRequires:    cyrus-sasl-devel
+BuildRequires:    icu
+BuildRequires:    libicu-devel
+BuildRequires:    pcre2-devel
+BuildRequires:    cracklib-devel
+BuildRequires:    json-c-devel
+%if %{with clang}
+BuildRequires:    libatomic
+BuildRequires:    clang
+BuildRequires:    compiler-rt
+BuildRequires:    lld
+%else
+BuildRequires:    gcc
+BuildRequires:    gcc-c++
+%if %{with asan}
+BuildRequires:    libasan
+%endif
+%if %{with tsan}
+BuildRequires:    libtsan
+%endif
+%if %{with ubsan}
+BuildRequires:    libubsan
+%endif
+%endif
+%if %{without bundle_libdb}
+BuildRequires:    libdb-devel
+%endif
+
+# The following are needed to build the snmp ldap-agent
+BuildRequires:    net-snmp-devel
+BuildRequires:    bzip2-devel
+BuildRequires:    openssl-devel
+# the following is for the pam passthru auth plug-in
+BuildRequires:    pam-devel
+BuildRequires:    systemd-units
+BuildRequires:    systemd-devel
+BuildRequires:    systemd-rpm-macros
+%{?sysusers_requires_compat}
+BuildRequires:    cargo
+BuildRequires:    rust
+BuildRequires:    pkgconfig
+BuildRequires:    pkgconfig(krb5)
+BuildRequires:    pkgconfig(libpcre2-8)
+# Needed to support regeneration of the autotool artifacts.
+BuildRequires:    autoconf
+BuildRequires:    automake
+BuildRequires:    libtool
+# For our documentation
+BuildRequires:    doxygen
+# For tests!
+BuildRequires:    libcmocka-devel
+# For lib389 and related components.
+BuildRequires:    python%{python3_pkgversion}
+BuildRequires:    python%{python3_pkgversion}-devel
+BuildRequires:    python%{python3_pkgversion}-setuptools
+BuildRequires:    python%{python3_pkgversion}-ldap
+BuildRequires:    python%{python3_pkgversion}-pyasn1
+BuildRequires:    python%{python3_pkgversion}-pyasn1-modules
+BuildRequires:    python%{python3_pkgversion}-dateutil
+BuildRequires:    python%{python3_pkgversion}-argcomplete
+BuildRequires:    python%{python3_pkgversion}-argparse-manpage
+BuildRequires:    python%{python3_pkgversion}-policycoreutils
+BuildRequires:    python%{python3_pkgversion}-libselinux
+BuildRequires:    python%{python3_pkgversion}-cryptography
+
+# For cockpit
+%if %{with cockpit}
+BuildRequires:    rsync
+BuildRequires:    npm
+BuildRequires:    nodejs
+%endif
+
+Requires:         %{name}-libs = %{version}-%{release}
+Requires:         python%{python3_pkgversion}-lib389 = %{version}-%{release}
+
+# this is needed for using semanage from our setup scripts
+Requires:         policycoreutils-python-utils
+Requires:         libsemanage-python%{python3_pkgversion}
+# the following are needed for some of our scripts
+Requires:         openldap-clients
+Requires:         acl
+# this is needed to setup SSL if you are not using the
+# administration server package
+Requires:         nss-tools
+%dirsrv_requires_ge nss
+# these are not found by the auto-dependency method
+# they are required to support the mandatory LDAP SASL mechs
+Requires:         cyrus-sasl-gssapi
+Requires:         cyrus-sasl-md5
+# This is optionally supported by us, as we use it in our tests
+Requires:         cyrus-sasl-plain
+# this is needed for backldbm
+%if %{without bundle_libdb}
+Requires:         libdb
+%endif
+Requires:         lmdb-libs
+# Needed by logconv.pl
+%if %{without bundle_libdb}
+#Requires:         perl-DB_File
+%endif
+Requires:         perl-Archive-Tar
+%if 0%{?fedora} >= 33 || 0%{?rhel} >= 9
+Requires:         perl-debugger
+Requires:         perl-sigtrap
+%endif
+# Needed for password dictionary checks
+Requires:         cracklib-dicts
+Requires:         json-c
+# Log compression
+Requires:         zlib-devel
+# Picks up our systemd deps.
+%{?systemd_requires}
+
+
+%description
+389 Directory Server is an LDAPv3 compliant server.  The base package includes
+the LDAP server and command line utilities for server administration.
+%if %{with asan}
+WARNING! This build is linked to Address Sanitisation libraries. This probably
+isn't what you want. Please contact support immediately.
+Please see http://seclists.org/oss-sec/2016/q1/363 for more information.
+%endif
+
+
+%package          libs
+Summary:          Core libraries for 389 Directory Server (%{variant})
+Provides:         svrcore = 4.1.4
+Obsoletes:        svrcore <= 4.1.3
+Conflicts:        svrcore
+%dirsrv_requires_ge nss
+Requires:         nspr
+Requires:         openldap
+Requires:         systemd-libs
+# Pull in sasl
+Requires:         cyrus-sasl-lib
+# KRB
+Requires:         krb5-libs
+%if %{with clang}
+Requires:         llvm
+Requires:         compiler-rt
+%else
+%if %{with asan}
+Requires:         libasan
+%endif
+%if %{with tsan}
+Requires:         libtsan
+%endif
+%if %{with ubsan}
+Requires:         libubsan
+%endif
+%endif
+
+%description      libs
+Core libraries for the 389 Directory Server base package.  These libraries
+are used by the main package and the -devel package.  This allows the -devel
+package to be installed with just the -libs package and without the main package.
+
+%package          devel
+Summary:          Development libraries for 389 Directory Server (%{variant})
+Provides:         svrcore-devel = 4.1.4
+Obsoletes:        svrcore-devel <= 4.1.3
+Conflicts:        svrcore-devel
+Requires:         %{name}-libs = %{version}-%{release}
+Requires:         pkgconfig
+Requires:         nspr-devel
+Requires:         nss-devel >= 3.34
+Requires:         openldap-devel
+# systemd-libs contains the headers iirc.
+Requires:         systemd-libs
+
+%description      devel
+Development Libraries and headers for the 389 Directory Server base package.
+
+%package          snmp
+Summary:          SNMP Agent for 389 Directory Server
+Requires:         %{name} = %{version}-%{release}
+
+Obsoletes:        %{name} <= 1.4.0.0
+
+%description      snmp
+SNMP Agent for the 389 Directory Server base package.
+
+%if %{with bundle_libdb}
+%package          bdb
+Summary:          Berkeley Database backend for 389 Directory Server
+%description      bdb
+Berkeley Database backend for 389 Directory Server
+Warning! This backend is deprecated in favor of lmdb and its support
+may be removed in future versions.
+
+Requires:         %{name} = %{version}-%{release}
+# Berkeley DB database libdb was marked as deprecated since F40:
+# https://fedoraproject.org/wiki/Changes/389_Directory_Server_3.0.0
+# because libdb was marked as deprecated since F33
+# https://fedoraproject.org/wiki/Changes/Libdb_deprecated
+Provides:         deprecated()
+%endif
+
+
+%package -n python%{python3_pkgversion}-lib389
+Summary:  A library for accessing, testing, and configuring the 389 Directory Server
+BuildArch:        noarch
+Requires: %{name} = %{version}-%{release}
+Requires: openssl
+# This is for /usr/bin/c_rehash tool, only needed for openssl < 1.1.0
+Requires: openssl-perl
+Requires: iproute
+Requires: python%{python3_pkgversion}
+Requires: python%{python3_pkgversion}-distro
+Requires: python%{python3_pkgversion}-ldap
+Requires: python%{python3_pkgversion}-pyasn1
+Requires: python%{python3_pkgversion}-pyasn1-modules
+Requires: python%{python3_pkgversion}-dateutil
+Requires: python%{python3_pkgversion}-argcomplete
+Requires: python%{python3_pkgversion}-libselinux
+Requires: python%{python3_pkgversion}-setuptools
+Requires: python%{python3_pkgversion}-cryptography
+Recommends: bash-completion
+%{?python_provide:%python_provide python%{python3_pkgversion}-lib389}
+
+%description -n python%{python3_pkgversion}-lib389
+This module contains tools and libraries for accessing, testing,
+ and configuring the 389 Directory Server.
+
+%if %{with cockpit}
+%package -n cockpit-389-ds
+Summary:          Cockpit UI Plugin for configuring and administering the 389 Directory Server
+BuildArch:        noarch
+Requires:         cockpit
+Requires:         %{name} = %{version}-%{release}
+Requires:         python%{python3_pkgversion}
+Requires:         python%{python3_pkgversion}-lib389 = %{version}-%{release}
+
+%description -n cockpit-389-ds
+A cockpit UI Plugin for configuring and administering the 389 Directory Server
+%endif
+
+%prep
+%autosetup -p1 -v -n %{name}-%{version}
+
+%if %{with bundle_jemalloc}
+%setup -q -n %{name}-%{version} -T -D -b 3
+%endif
+
+%if %{with bundle_libdb}
+%setup -q -n %{name}-%{version} -T -D -b 5
+%endif
+
+cp %{SOURCE2} README.devel
+
+%build
+
+%if %{with clang}
+CLANG_FLAGS="--enable-clang"
+%endif
+
+%{?with_tmpfiles_d: TMPFILES_FLAG="--with-tmpfiles-d=%{with_tmpfiles_d}"}
+
+%if %{with asan}
+ASAN_FLAGS="--enable-asan --enable-debug"
+%endif
+
+%if %{with msan}
+MSAN_FLAGS="--enable-msan --enable-debug"
+%endif
+
+%if %{with tsan}
+TSAN_FLAGS="--enable-tsan --enable-debug"
+%endif
+
+%if %{with ubsan}
+UBSAN_FLAGS="--enable-ubsan --enable-debug"
+%endif
+
+RUST_FLAGS="--enable-rust --enable-rust-offline"
+
+%if %{without cockpit}
+COCKPIT_FLAGS="--disable-cockpit"
+%endif
+
+%if %{with bundle_jemalloc}
+# Override page size, bz #1545539
+# 4K
+%ifarch %ix86 %arm x86_64 s390x
+%define lg_page --with-lg-page=12
+%endif
+
+# 64K
+%ifarch ppc64 ppc64le aarch64
+%define lg_page --with-lg-page=16
+%endif
+
+# Override huge page size on aarch64
+# 2M instead of 512M
+%ifarch aarch64
+%define lg_hugepage --with-lg-hugepage=21
+%endif
+
+# Build jemalloc
+pushd ../%{jemalloc_name}-%{jemalloc_ver}
+%configure \
+        --libdir=%{_libdir}/%{pkgname}/lib \
+        --bindir=%{_libdir}/%{pkgname}/bin \
+        --enable-prof %{lg_page} %{lg_hugepage}
+make %{?_smp_mflags}
+popd
+%endif
+
+# Build custom libdb package
+%if %{with bundle_libdb}
+mkdir -p ../%{libdb_base_version}
+pushd ../%{libdb_base_version}
+tar -xjf  %{_topdir}/SOURCES/%{libdb_full_version}.tar.bz2
+mv %{libdb_full_version} SOURCES
+rpmbuild  --define "_topdir $PWD" -bc %{_builddir}/%{name}-%{version}/rpm/bundle-libdb.spec
+popd
+%endif
+
+# Rebuild the autotool artifacts now.
+autoreconf -fiv
+
+%configure \
+%if %{with bundle_libdb}
+           --with-bundle-libdb=%{_builddir}/%{libdb_base_version}/BUILD/%{libdb_base_dir}/dist/dist-tls \
+%endif
+           --with-selinux $TMPFILES_FLAG \
+           --with-systemd \
+           --with-systemdsystemunitdir=%{_unitdir} \
+           --with-systemdsystemconfdir=%{_sysconfdir}/systemd/system \
+           --with-systemdgroupname=%{groupname} \
+           --libexecdir=%{_libexecdir}/%{pkgname} \
+           $ASAN_FLAGS $MSAN_FLAGS $TSAN_FLAGS $UBSAN_FLAGS $RUST_FLAGS $CLANG_FLAGS $COCKPIT_FLAGS \
+%if 0%{?fedora} >= 34 || 0%{?rhel} >= 9
+           --with-libldap-r=no \
+%endif
+           --enable-cmocka
+
+# Avoid "Unknown key name 'XXX' in section 'Service', ignoring." warnings from systemd on older releases
+%if 0%{?rhel} && 0%{?rhel} < 9
+  sed -r -i '/^(Protect(Home|Hostname|KernelLogs)|PrivateMounts)=/d' %{_builddir}/%{name}-%{version}/wrappers/*.service.in
+%endif
+
+# lib389
+make src/lib389/setup.py
+pushd ./src/lib389
+%py3_build
+popd
+# argparse-manpage dynamic man pages have hardcoded man v1 in header,
+# need to change it to v8
+sed -i  "1s/\"1\"/\"8\"/" %{_builddir}/%{name}-%{version}/src/lib389/man/dsconf.8
+sed -i  "1s/\"1\"/\"8\"/" %{_builddir}/%{name}-%{version}/src/lib389/man/dsctl.8
+sed -i  "1s/\"1\"/\"8\"/" %{_builddir}/%{name}-%{version}/src/lib389/man/dsidm.8
+sed -i  "1s/\"1\"/\"8\"/" %{_builddir}/%{name}-%{version}/src/lib389/man/dscreate.8
+
+# Generate symbolic info for debuggers
+export XCFLAGS=$RPM_OPT_FLAGS
+
+make %{?_smp_mflags}
+
+%install
+
+mkdir -p %{buildroot}%{_datadir}/gdb/auto-load%{_sbindir}
+%if %{with cockpit}
+mkdir -p %{buildroot}%{_datadir}/cockpit
+%endif
+make DESTDIR="$RPM_BUILD_ROOT" install
+
+%if %{with cockpit}
+find %{buildroot}%{_datadir}/cockpit/389-console -type d | sed -e "s@%{buildroot}@@" | sed -e 's/^/\%dir /' > cockpit.list
+find %{buildroot}%{_datadir}/cockpit/389-console -type f | sed -e "s@%{buildroot}@@" >> cockpit.list
+%endif
+
+find %{buildroot}%{_libdir}/%{pkgname}/plugins/ -type f -iname 'lib*.so' | sed -e "s@%{buildroot}@@" > plugins.list
+%if %{with bundle_libdb}
+sed -i -e "/libback-bdb/d" plugins.list
+%endif
+
+# Copy in our docs from doxygen.
+cp -r %{_builddir}/%{name}-%{version}/man/man3 $RPM_BUILD_ROOT/%{_mandir}/man3
+
+# lib389
+pushd src/lib389
+%py3_install
+popd
+
+# Register CLI tools for bash completion
+for clitool in dsconf dsctl dsidm dscreate ds-replcheck
+do
+    register-python-argcomplete "${clitool}" > "${clitool}"
+    install -p -m 0644 -D -t '%{buildroot}%{bash_completions_dir}' "${clitool}"
+done
+
+mkdir -p $RPM_BUILD_ROOT/var/log/%{pkgname}
+mkdir -p $RPM_BUILD_ROOT/var/lib/%{pkgname}
+mkdir -p $RPM_BUILD_ROOT/var/lock/%{pkgname} \
+    && chmod 770 $RPM_BUILD_ROOT/var/lock/%{pkgname}
+
+# for systemd
+mkdir -p $RPM_BUILD_ROOT%{_sysconfdir}/systemd/system/%{groupname}.wants
+install -p -D -m 0644 %{SOURCE4} %{buildroot}%{_sysusersdir}/389-ds-base.conf
+
+#remove libtool and static libs
+rm -f $RPM_BUILD_ROOT%{_libdir}/%{pkgname}/*.a
+rm -f $RPM_BUILD_ROOT%{_libdir}/%{pkgname}/*.la
+rm -f $RPM_BUILD_ROOT%{_libdir}/%{pkgname}/plugins/*.a
+rm -f $RPM_BUILD_ROOT%{_libdir}/%{pkgname}/plugins/*.la
+rm -f $RPM_BUILD_ROOT%{_libdir}/libsvrcore.a
+rm -f $RPM_BUILD_ROOT%{_libdir}/libsvrcore.la
+
+%if %{with bundle_jemalloc}
+pushd ../%{jemalloc_name}-%{jemalloc_ver}
+make DESTDIR="$RPM_BUILD_ROOT" install_lib install_bin
+cp -pa COPYING ../%{name}-%{version}/COPYING.jemalloc
+cp -pa README ../%{name}-%{version}/README.jemalloc
+popd
+%endif
+
+%if %{with bundle_libdb}
+pushd ../%{libdb_base_version}
+libdbbuilddir=$PWD/BUILD/%{libdb_base_dir}
+libdbdestdir=$PWD/../%{name}-%{version}
+cp -pa $libdbbuilddir/LICENSE $libdbdestdir/LICENSE.libdb
+cp -pa $libdbbuilddir/README $libdbdestdir/README.libdb
+cp -pa $libdbbuilddir/lgpl-2.1.txt $libdbdestdir/lgpl-2.1.txt.libdb
+cp -pa $libdbbuilddir/dist/dist-tls/.libs/%{libdb_bundle_name} $RPM_BUILD_ROOT%{_libdir}/%{pkgname}/%{libdb_bundle_name}
+popd
+%endif
+
+
+%check
+# This checks the code, if it fails it prints why, then re-raises the fail to shortcircuit the rpm build.
+%if %{with tsan}
+export TSAN_OPTIONS=print_stacktrace=1:second_deadlock_stack=1:history_size=7
+%endif
+%if %{without asan} && %{without msan}
+if ! make DESTDIR="$RPM_BUILD_ROOT" check; then cat ./test-suite.log && false; fi
+%endif
+
+%post
+if [ -n "$DEBUGPOSTTRANS" ] ; then
+    output=$DEBUGPOSTTRANS
+    output2=${DEBUGPOSTTRANS}.upgrade
+else
+    output=/dev/null
+    output2=/dev/null
+fi
+
+# reload to pick up any changes to systemd files
+/bin/systemctl daemon-reload >$output 2>&1 || :
+
+# https://fedoraproject.org/wiki/Packaging:UsersAndGroups#Soft_static_allocation
+# Soft static allocation for UID and GID
+# sysusers.d format https://fedoraproject.org/wiki/Changes/Adopting_sysusers.d_format
+%sysusers_create_compat %{SOURCE4}
+
+# Reload our sysctl before we restart (if we can)
+sysctl --system &> $output; true
+
+# Gather the running instances so we can restart them
+instbase="%{_sysconfdir}/%{pkgname}"
+ninst=0
+for dir in $instbase/slapd-* ; do
+    echo dir = $dir >> $output 2>&1 || :
+    if [ ! -d "$dir" ] ; then continue ; fi
+    case "$dir" in *.removed) continue ;; esac
+    basename=`basename $dir`
+    inst="%{pkgname}@`echo $basename | sed -e 's/slapd-//g'`"
+    echo found instance $inst - getting status  >> $output 2>&1 || :
+    if /bin/systemctl -q is-active $inst ; then
+       echo instance $inst is running >> $output 2>&1 || :
+       instances="$instances $inst"
+    else
+       echo instance $inst is not running >> $output 2>&1 || :
+    fi
+    ninst=`expr $ninst + 1`
+done
+if [ $ninst -eq 0 ] ; then
+    echo no instances to upgrade >> $output 2>&1 || :
+    exit 0 # have no instances to upgrade - just skip the rest
+else
+    # restart running instances
+    echo shutting down all instances . . . >> $output 2>&1 || :
+    for inst in $instances ; do
+        echo stopping instance $inst >> $output 2>&1 || :
+        /bin/systemctl stop $inst >> $output 2>&1 || :
+    done
+    for inst in $instances ; do
+        echo starting instance $inst >> $output 2>&1 || :
+        /bin/systemctl start $inst >> $output 2>&1 || :
+    done
+fi
+
+
+%preun
+if [ $1 -eq 0 ]; then # Final removal
+    # remove instance specific service files/links
+    rm -rf %{_sysconfdir}/systemd/system/%{groupname}.wants/* > /dev/null 2>&1 || :
+fi
+
+%postun
+if [ $1 = 0 ]; then # Final removal
+    rm -rf /var/run/%{pkgname}
+fi
+
+%post snmp
+%systemd_post %{pkgname}-snmp.service
+
+%preun snmp
+%systemd_preun %{pkgname}-snmp.service %{groupname}
+
+%postun snmp
+%systemd_postun_with_restart %{pkgname}-snmp.service
+
+exit 0
+
+%files -f plugins.list
+%if %{with bundle_jemalloc}
+%doc LICENSE LICENSE.GPLv3+ LICENSE.openssl README.jemalloc
+%license COPYING.jemalloc
+%else
+%doc LICENSE LICENSE.GPLv3+ LICENSE.openssl
+%endif
+%dir %{_sysconfdir}/%{pkgname}
+%dir %{_sysconfdir}/%{pkgname}/schema
+%config(noreplace)%{_sysconfdir}/%{pkgname}/schema/*.ldif
+%dir %{_sysconfdir}/%{pkgname}/config
+%dir %{_sysconfdir}/systemd/system/%{groupname}.wants
+%{_sysusersdir}/389-ds-base.conf
+%config(noreplace)%{_sysconfdir}/%{pkgname}/config/slapd-collations.conf
+%config(noreplace)%{_sysconfdir}/%{pkgname}/config/certmap.conf
+%{_datadir}/%{pkgname}
+%{_datadir}/gdb/auto-load/*
+%{_unitdir}
+%{_bindir}/dbscan
+%{_mandir}/man1/dbscan.1.gz
+%{_bindir}/ds-replcheck
+%{_mandir}/man1/ds-replcheck.1.gz
+%{bash_completions_dir}/ds-replcheck
+%{_bindir}/ds-logpipe.py
+%{_mandir}/man1/ds-logpipe.py.1.gz
+%{_bindir}/ldclt
+%{_mandir}/man1/ldclt.1.gz
+%{_bindir}/logconv.pl
+%{_mandir}/man1/logconv.pl.1.gz
+%{_bindir}/pwdhash
+%{_mandir}/man1/pwdhash.1.gz
+%{_sbindir}/ns-slapd
+%{_mandir}/man8/ns-slapd.8.gz
+%{_sbindir}/openldap_to_ds
+%{_mandir}/man8/openldap_to_ds.8.gz
+%{_libexecdir}/%{pkgname}/ds_systemd_ask_password_acl
+%{_libexecdir}/%{pkgname}/ds_selinux_restorecon.sh
+%{_mandir}/man5/99user.ldif.5.gz
+%{_mandir}/man5/certmap.conf.5.gz
+%{_mandir}/man5/slapd-collations.conf.5.gz
+%{_mandir}/man5/dirsrv.5.gz
+%{_mandir}/man5/dirsrv.systemd.5.gz
+%{_libdir}/%{pkgname}/python
+%dir %{_libdir}/%{pkgname}/plugins
+# This has to be hardcoded to /lib - $libdir changes between lib/lib64, but
+# sysctl.d is always in /lib.
+%{_prefix}/lib/sysctl.d/*
+%dir %{_localstatedir}/lib/%{pkgname}
+%dir %{_localstatedir}/log/%{pkgname}
+%ghost %dir %{_localstatedir}/lock/%{pkgname}
+%exclude %{_sbindir}/ldap-agent*
+%exclude %{_mandir}/man1/ldap-agent.1.gz
+%exclude %{_unitdir}/%{pkgname}-snmp.service
+%if %{with bundle_jemalloc}
+%{_libdir}/%{pkgname}/lib/
+%{_libdir}/%{pkgname}/bin/
+%exclude %{_libdir}/%{pkgname}/bin/jemalloc-config
+%exclude %{_libdir}/%{pkgname}/bin/jemalloc.sh
+%exclude %{_libdir}/%{pkgname}/lib/libjemalloc.a
+%exclude %{_libdir}/%{pkgname}/lib/libjemalloc.so
+%exclude %{_libdir}/%{pkgname}/lib/libjemalloc_pic.a
+%exclude %{_libdir}/%{pkgname}/lib/pkgconfig
+%endif
+
+%files devel
+%doc LICENSE LICENSE.GPLv3+ LICENSE.openssl README.devel
+%{_mandir}/man3/*
+%{_includedir}/svrcore.h
+%{_includedir}/%{pkgname}
+%{_libdir}/libsvrcore.so
+%{_libdir}/%{pkgname}/libslapd.so
+%{_libdir}/%{pkgname}/libns-dshttpd.so
+%{_libdir}/%{pkgname}/libldaputil.so
+%{_libdir}/pkgconfig/svrcore.pc
+%{_libdir}/pkgconfig/dirsrv.pc
+
+%files libs
+%doc LICENSE LICENSE.GPLv3+ LICENSE.openssl README.devel
+%dir %{_libdir}/%{pkgname}
+%{_libdir}/libsvrcore.so.*
+%{_libdir}/%{pkgname}/libslapd.so.*
+%{_libdir}/%{pkgname}/libns-dshttpd.so.*
+%{_libdir}/%{pkgname}/libldaputil.so.*
+%{_libdir}/%{pkgname}/librewriters.so*
+%if %{with bundle_jemalloc}
+%{_libdir}/%{pkgname}/lib/libjemalloc.so.2
+%endif
+
+%files snmp
+%doc LICENSE LICENSE.GPLv3+ LICENSE.openssl README.devel
+%config(noreplace)%{_sysconfdir}/%{pkgname}/config/ldap-agent.conf
+%{_sbindir}/ldap-agent*
+%{_mandir}/man1/ldap-agent.1.gz
+%{_unitdir}/%{pkgname}-snmp.service
+
+%if %{with bundle_libdb}
+%files bdb
+%doc LICENSE LICENSE.GPLv3+ README.devel LICENSE.libdb README.libdb lgpl-2.1.txt.libdb
+%{_libdir}/%{pkgname}/%{libdb_bundle_name}
+%{_libdir}/%{pkgname}/plugins/libback-bdb.so
+%endif
+
+%files -n python%{python3_pkgversion}-lib389
+%doc LICENSE LICENSE.GPLv3+
+%{python3_sitelib}/lib389*
+%{_sbindir}/dsconf
+%{_mandir}/man8/dsconf.8.gz
+%{_sbindir}/dscreate
+%{_mandir}/man8/dscreate.8.gz
+%{_sbindir}/dsctl
+%{_mandir}/man8/dsctl.8.gz
+%{_sbindir}/dsidm
+%{_mandir}/man8/dsidm.8.gz
+%{_libexecdir}/%{pkgname}/dscontainer
+%{bash_completions_dir}/dsctl
+%{bash_completions_dir}/dsconf
+%{bash_completions_dir}/dscreate
+%{bash_completions_dir}/dsidm
+
+%if %{with cockpit}
+%files -n cockpit-389-ds -f cockpit.list
+%{_datarootdir}/metainfo/389-console/org.port389.cockpit_console.metainfo.xml
+%doc README.md
+%endif
+
+%changelog
+* Fri Sep 20 2024 Muhammad Falak <mwani@microsoft.com> 3.1.0-2
+- Initial Azure Linux import from Fedora 42 (license: MIT)
+- License verified
+
+* Tue May 14 2024 James Chapman <jachapma@redhat.com> - 3.1.0-1
+- Bump version to 3.1.0
+- Issue 6142 - Fix CI tests (#6161)
+- Issue 6157 - Cockipt crashes when getting replication status if topology contains an old 389ds version (#6158)
+- Issue 5105 - lmdb - Cannot create entries with long rdn - fix covscan (#6131)
+- Issue 6086 - Ambiguous warning about SELinux in dscreate for non-root user
+- Issue 6094 - Add coverity scan workflow
+- Issue 5962 - Rearrange includes for 32-bit support logic
+- Issue 6046 - Make dscreate to work during kickstart installations
+- Issue 6073 - Improve error log when running out of memory (#6084)
+- Issue 6071 - Instance creation/removal is slow
+- Issue 6010 - 389 ds ignores nsslapd-maxdescriptors (#6027)
+- Issue 6075 - Ignore build artifacts (#6076)
+- Issue 6068 - Add dscontainer stop function
+
+* Mon Apr 15 2024 James Chapman <jachapma@redhat.com> - 3.0.2-1
+- Bump version to 3.0.2
+- Issue 6082 - Remove explicit dependencies toward libdb - revert default (#6145)
+- Issue 6142 - [RFE] Add LMDB configuration related checks into Healthcheck tool (#6143)
+- Issue 6141 - freeipa test_topology_TestCASpecificRUVs is failing (#6144)
+- Issue 6136 - failure in freeipa tests (#6137)
+- Issue 6119 - Synchronise accept_thread with slapd_daemon (#6120)
+- Issue 6105 - lmdb - Cannot create entries with long rdn (#6130)
+- Issue 6082 - Remove explicit dependencies toward libdb (#6083)
+- Issue i6057 - Fix3 - Fix covscan issues (#6127)
+- Issue 6057 - vlv search may result wrong result with lmdb - Fix 2 (#6121)
+- Issue 6057 - vlv search may result wrong result with lmdb (#6091)
+- Issue 6092 - passwordHistory is not updated with a pre-hashed password (#6093)
+- Issue 6133 - Move slapi_pblock_set_flag_operation_notes() to slapi-plugin.h
+- Issue 6125 - dscreate interactive fails when chosing mdb backend (#6126)
+- Issue 6110 - Typo in Account Policy plugin message
+- Issue 6080 - ns-slapd crash in referint_get_config (#6081)
+- Issue 6117 - Fix the UTC offset print (#6118)
+- Issue 5305 - OpenLDAP version autodetection doesn't work
+- Issue 6112 - RFE - add new operation note for MFA authentications
+- Issue 5842 - Add log buffering to audit log
+- Issue 3527 - Support HAProxy and Instance on the same machine configuration (#6107)
+- Issue 6103 - New connection timeout error breaks errormap (#6104)
+- Issue 6096 - Improve connection timeout error logging (#6097)
+- Issue 6067 - Improve dsidm CLI No Such Entry handling (#6079)
+- Issue 6067 - Add hidden -v and -j options to each CLI subcommand (#6088)
+- Issue 6061 - Certificate lifetime displayed as NaN
+
+* Wed Jan 31 2024 Pete Walter <pwalter@fedoraproject.org> - 3.0.1-2
+- Rebuild for ICU 74
+
+* Tue Jan 30 2024 Simon Pichugin <spichugi@redhat.com> - 3.0.1-1
+- Bump version to 3.0.1
+- Issue 6043, 6044 - Enhance Rust and JS bundling and add SPDX licenses for both (#6045)
+- Issue 3555 - Remove audit-ci from dependencies (#6056)
+- Issue 6052 - Paged results test sets hostname to `localhost` on test collection
+- Issue 6051 - Drop unused pytest markers
+- Issue 6049 - lmdb - changelog is wrongly recreated by reindex task (#6050)
+- Issue 6047 - Add a check for tagged commits
+- Issue 6041 - dscreate ds-root - accepts relative path (#6042)
+- Switch default backend to lmdb and bump version to 3.0 (#6013)
+- Issue 6032 - Replication broken after backup restore (#6035)
+- Issue 6037 - Server crash at startup in vlvIndex_delete (#6038)
+- Issue 6034 - Change replica_id from str to int
+- Issue 6028 - vlv index keys inconsistencies (#6031)
+- Issue 5989 - RFE support of inChain Matching Rule (#5990)
+- Issue 6022 - lmdb inconsistency between vlv index and vlv cache names (#6026)
+- Issue 6015 - Fix typo remeber (#6014)
+- Issue 6016 - Pin upload/download artifacts action to v3
+- Issue 5939 - During an update, if the target entry is reverted in the entry cache, the server should not retry to lock it (#6007)
+- Issue 4673 - Update Rust crates
+- Issue 6004 - idletimeout may be ignored (#6005)
+- Issue 5954 - Disable Transparent Huge Pages
+- Issue 5997 - test_inactivty_and_expiration CI testcase is wrong (#5999)
+- Issue 5993 - Fix several race condition around CI tests (#5996)
+- Issue 5944 - Reversion of the entry cache should be limited to BETXN plugin failures (#5994)
+- Bump openssl from 0.10.55 to 0.10.60 in /src (#5995)
+- Issue 5980 - Improve instance startup failure handling (#5991)
+- Issue 5976 - Fix freeipa install regression with lmdb (#5977)
+- Issue 5984 - Crash when paged result search are abandoned - fix2 (#5987)
+- Issue 5984 - Crash when paged result search are abandoned (#5985)
+- Issue 5947 - CI test_vlv_recreation_reindex fails on LMDB (#5979)
+
+* Mon Jan 29 2024 Fedora Release Engineering <releng@fedoraproject.org> - 2.4.5-5
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
+
+* Mon Jan 22 2024 Fedora Release Engineering <releng@fedoraproject.org> - 2.4.5-4
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
+
+* Fri Jan 19 2024 Fedora Release Engineering <releng@fedoraproject.org> - 2.4.5-3
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
+
+* Thu Jan 18 2024 Fedora Release Engineering <releng@fedoraproject.org> - 2.4.5-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
+
+* Thu Jan 18 2024 Viktor Ashirov <vashirov@redhat.com> - 2.4.5-1
+- Bump version to 2.4.5
+- Issue 5989 - RFE support of inChain Matching Rule (#5990)
+- Issue 5939 - During an update, if the target entry is reverted in the entry cache, the server should not retry to lock it (#6007)
+- Issue 5944 - Reversion of the entry cache should be limited to BETXN plugin failures (#5994)
+- Issue 5954 - Disable Transparent Huge Pages
+- Issue 5984 - Crash when paged result search are abandoned - fix2 (#5987)
+- Issue 5984 - Crash when paged result search are abandoned (#5985)
+
+* Wed Nov 15 2023 James Chapman <jachapma@redhat.com> - 2.4.4
+- Bump version to 2.4.4
+- Issue 5971 - CLI - Fix password prompt for repl status (#5972)
+- Issue 5973 - Fix fedora cop RawHide builds (#5974)
+- Revert "Issue 5761 - Worker thread dynamic management (#5796)" (#5970)
+- Issue 5966 - CLI - Custom schema object is removed on a failed edit (#5967)
+- Issue 5786 - Update permissions for Release workflow
+- Issue 5960 - Subpackages should have more strict interdependencies
+- Issue 3555 - UI - Fix audit issue with npm - babel/traverse (#5959)
+- Issue 4843 - Fix dscreate create-template issue (#5950)
+- bugfix for --passwd-file not working on latest version (#5934)
+- Issue 5843 - dsconf / dscreate should be able to handle lmdb parameters (#5943)
+- Bump postcss from 8.4.24 to 8.4.31 in /src/cockpit/389-console (#5945)
+- Issue 5938 - Attribute Names changed to lowercase after adding the Attributes (#5940)
+- issue 5924 - ASAN server build crash when looping opening/closing connections (#5926)
+- Issue 1925 - Add a CI test (#5936)
+- Issue 5732 - Localizing Cockpit's 389ds Plugin using CockpitPoPlugin (#5764)
+- Issue 1870 - Add a CI test (#5929)
+- Issue 843 - Add a warning to slapi_valueset_add_value_ext (#5925)
+- Issue 5761 - Worker thread dynamic management (#5796)
+- Issue 1802 - Improve ldclt man page (#5928)
+- Issue 1456 - Add a CI test that verifies there is no issue (#5927)
+- Issue 1317 - Add a CI test (#5923)
+- Issue 1081 - CI - Add more tests for overwriting x-origin issue (#5815)
+- Issue 1115 - Add a CI test (#5913)
+- Issue 5848 - Fix condition and add a CI test (#5916)
+- Issue 5848 - Fix condition and add a CI test (#5916)
+- Issue 5914 - UI - server settings page validation improvements and db index fixes
+- Issue 5909 - Multi listener hang with 20k connections (#5917)
+- Issue 5902 - Fix previous commit regression (#5919)
+- pass instance correctly to ds_is_older (#5903)
+- Issue 5909 - Multi listener hang with 20k connections (#5910)
+- Issue 5722 - improve testcase (#5904)
+- Issue 5203 - outdated version in provided metadata for lib389
+- Bug Description:
+- issue 5890 part 2 - Need a tester for testing multiple listening thread feature (#5897)
+- Issue i5846 - Crash when lmdb import is aborted (#5881)
+- Issue 5894 - lmdb import error fails with Could not store the entry (#5895)
+- Issue 5890 - Need a tester for testing multiple listening thread feature (#5891)
+- Issue 5082 - slugify: ModuleNotFoundError when running test cases
+- Issue 4551 - Part 2 - Fix build warning of previous PR (#5888)
+- Issue 5834 - AccountPolicyPlugin erroring for some users (#5866)
+- Issue 5872 - part 2 - fix is_dbi regression (#5887)
+- Issue 4758 - Add tests for WebUI
+- Issue 5848 - dsconf should prevent setting the replicaID for hub and consumer roles (#5849)
+- Issue 5883 - Remove connection mutex contention risk on autobind (#5886)
+- Issue 5872 - `dbscan()` in lib389 can return bytes
+
+* Thu Aug 3 2023 Mark Reynolds<mreynolds@redhat.com> - 2.4.3-1
+- Bump version to 2.4.3-1
+- Issue 5729 - Memory leak in factory_create_extension (#5814)
+- Issue 5870 - ns-slapd crashes at startup if a backend has no suffix (#5871)
+- Issue 5876 - CI Test random failure - Import (#5879)
+- Issue 5877 - test_basic_ldapagent breaks test_setup_ds_as_non_root* tests
+- Issue 5867 - lib389 should use filter for tarfile as recommended by PEP 706 (#5868)
+- Issue 5853 - Update Cargo.lock and fix minor warning (#5854)
+- Issue 5785 - CLI - arg completion is broken
+- Issue 5864 - Server fails to start after reboot because it's unable to access nsslapd-rundir
+- Issue 5856 - SyntaxWarning: invalid escape sequence '\,'
+- Issue 5859 - dbscan fails with AttributeError: 'list' object has no attribute 'extends'
+- Issue 3527 - UI - Add nsslapd-haproxy-trusted-ip to server setting (#5839)
+- Issue 4551 - Paged search impacts performance (#5838)
+- Issue 4758 - Add tests for WebUI
+- Issue 4169 - UI - Fix retrochangelog and schema Typeaheads (#5837)
+- issue 5833 - dsconf monitor backend fails on lmdb (#5835)
+- Issue 3555 - UI - Fix audit issue with npm - stylelint (#5836)
+
+* Mon Jul 24 2023 Mark Reynolds <mreynolds@redhat.com> - 2.4.2-5
+- Bump version to 2.4.2-5
+- Add the bash completion scripts to the appropriate files section
+
+* Wed Jul 19 2023 Fedora Release Engineering <releng@fedoraproject.org> - 2.4.2-4
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild
+
+* Tue Jul 11 2023 František Zatloukal <fzatlouk@redhat.com> - 2.4.2-3
+- Rebuilt for ICU 73.2
+
+* Mon Jul 10 2023 Mark Reynolds <mreynolds@redhat.com> - 2.4.2-2
+- Bump version to 2.4.2-2
+- Issue 5752 - RFE - Provide a history for LastLoginTime (#5807)
+= Issue 4719 - CI - Add dsconf add a PTA URL test
+
+* Fri Jul 7 2023 Mark Reynolds <mreynolds@redhat.com> - 2.4.2-1
+- Bump version to 2.4.2
+- Issue 5793 - UI - fix suffix selection in export modal
+- Issue 5793 - UI - Fix minor crashes (#5827)
+- Issue 5825 - healthcheck - password storage scheme warning needs more info
+- Issue 5822 - Allow empty export path for db2ldif
+- Issue 5755 - Massive memory leaking on update operations (#5824)
+- Issue 5701 - CI - Add more tests for referral mode fix (#5810)
+- Issue 5551 - Almost empty and not loaded ns-slapd high cpu load
+- Issue 5755 - The Massive memory leaking on update operations (#5803)
+- Issue 2375 - CLI - Healthcheck - revise and add new checks
+- Bump openssl from 0.10.52 to 0.10.55 in /src
+- Issue 5793 - UI - movce from webpack to esbuild bundler
+- Issue 5752 - CI - Add more tests for lastLoginHistorySize RFE (#5802)
+- Issue 3527 - Fix HAProxy x390x compatibility and compiler warnings (#5801)
+- Issue 5798 - CLI - Add multi-valued support to dsconf config (#5799)
+- Issue 5781 - Bug handling return code of pre-extended operation plugin.
+- Issue 5785 - move bash completion to post section of specfile
+- Issue 5156 - (cont) RFE slapi_memberof reusing memberof values (#5744)
+- Issue 4758 - Add tests for WebUI
+- Issue 3527 - Add PROXY protocol support (#5762)
+- Issue 5789 - Improve ds-replcheck error handling
+- Issue 5786 - CLI - registers tools for bash completion
+- Issue 5786 - Set minimal permissions on GitHub Workflows (#5787)
+- Issue 5646 - Various memory leaks (#5725)
+- Issue 5778 - UI - Remove error message if .dsrc is missing
+- Issue 5751 - Cleanallruv task crashes on consumer (#5775)
+
+* Wed Jun 28 2023 Python Maint <python-maint@redhat.com> - 2.4.1-2
+- Rebuilt for Python 3.12
+
+* Thu May 18 2023 Mark Reynolds <mreynolds@redhat.com> - 2.4.1-1
+- Bump version to 2.4.1
+- Issue 5770 - RFE - Extend Password Adminstrators to allow skipping password info updates
+- Issue 5768 - CLI/UI - cert checks are too strict, and other issues
+- Issue 5722 - fix compilation warnings (#5771)
+- Issue 5765 - Improve installer selinux handling
+- Issue 152  - RFE - Add support for LDAP alias entries
+- Issue 5052 - BUG - Custom filters prevented entry deletion (#5060)
+- Issue 5752 - RFE - Provide a history for LastLoginTime (#5753)
+- Issue 5722 - RFE When a filter contains 'nsrole', improve response time by rewriting the filter (#5723)
+- Issue 5704 - crash in sync_refresh_initial_content (#5720)
+- Issue 5738 - RFE - UI - Read/write replication monitor info to .dsrc file
+- Issue 5156 - build warnings (#5758)
+- Issue 5749 - RFE - Allow Account Policy Plugin to handle inactivity and expiration at the same time
+- Issue 5743 - Disabling replica crashes the server (#5746)
+- Issue 2562 - Copy config files into backup directory
+- Issue 5156 - fix build breakage from slapi-memberof commit
+- Issue 4758 - Add tests for WebUI
+
+* Tue Apr 25 2023 Mark Reynolds <mreynolds@redhat.com> - 2.4.0-1
+- Bump version to 2.4.0
+- Issue 5156 - RFE that implement slapi_memberof (#5694)
+- Issue 5734 - RFE - Exclude pwdFailureTime and ContextCSN (#5735)
+- Issue 5726 - ns-slapd crashing in ldbm_back_upgradednformat (#5727)
+- Issue 4758 - Add tests for WebUI
+- Issue 5718 - Memory leak in connection table (#5719)
+- Issue 5705 - Add config parameter to close client conns on failed bind (#5712)
+- Issue 4758 - Add tests for WebUI
+- Issue 5643 - Memory leak in entryrdn during delete (#5717)
+- Issue 5714 - UI - fix typo, db settings, log settings, and LDAP editor paginations
+- Issue 5701 - CLI - Fix referral mode setting (#5708)
+- Bump openssl from 0.10.45 to 0.10.48 in /src (#5709)
+- Issue 5710 - subtree search statistics for index lookup does not report ancestorid/entryrdn lookups (#5711)
+- Issue 5697 - Obsolete nsslapd-ldapimaprootdn attribute (#5698)
+- Issue 1081 - Stop schema replication from overwriting x-origin
+- Issue 4812 - Listener thread does not scale with a high num of established connections (#5706)
+- Issue 4812 - Listener thread does not scale with a high num of established connections (#5681)
+- Bump webpack from 5.75.0 to 5.76.0 in /src/cockpit/389-console (#5699)
+- Issue 5598 - (3rd) In 2.x, SRCH throughput drops by 10% because of handling of referral (#5692)
+- Issue 5598 - (2nd) In 2.x, SRCH throughput drops by 10% because of handling of referral (#5691)
+- Issue 5687 - UI - sensitive information disclosure
+- Issue 5661 - LMDB hangs while Rebuilding the replication changelog RUV (#5676)
+- Issue 5554 - Add more tests to security_basic_test suite
+- Issue 4583 - Update specfile to skip checks of ASAN builds
+- Issue 4758 - Add tests for WebUI
+- Issue 3604 - UI - Add support for Subject Alternative Names in CSR
+- Issue 5600 - buffer overflow when enabling sync repl plugin when dynamic plugins is enabled
+- Issue 5640 - Update logconv for new logging format
+- Issue 5162 - CI - fix error message for invalid pem file
+- Issue 5598 - In 2.x, SRCH throughput drops by 10% because of handling of referral (#5604)
+- Issue 5671 - covscan - clang warning (#5672)
+- Issue 5267 - CI - Fix issues with nsslapd-return-original-entrydn
+- Issue 5666 - CLI - Add timeout parameter for tasks
+- Issue 5567 - CLI - make ldifgen use the same default ldif name for all options
+- Issue 5647 - Fix unused variable warning from previous commit (#5670)
+- Issue 5162 - Lib389 - verify certificate type before adding
+- Issue 5642 - Build fails against setuptools 67.0.0
+- Issue 5630 - CLI - need to add logging filter for stdout
+- Issue 5646 - CLI/UI - do not hardcode password storage schemes
+- Issue 5640 - Update logconv for new logging format
+- issue 5647 - covscan: memory leak in audit log when adding entries (#5650)
+- Issue 5658 - CLI - unable to add attribute with matching rule
+- Issue 5653 - covscan - fix invalid dereference
+- Issue 5652 - Libasan crash in replication/cascading_test (#5659)
+- Issue 5628 - Handle graceful timeout in CI tests (#5657)
+- Issue 5648 - Covscan - Compiler warnings (#5651)
+- Issue 5630 - CLI - error messages should goto stderr
+- Issue 2435 - RFE - Raise IDL Scan Limit to INT_MAX (#5639)
+- Issue 5632 - CLI - improve error handling with db2ldif
+- Issue 5517 - Replication conflict CI test sometime fails (#5518)
+- Issue 5634 - Deprecated warning related to github action workflow code (#5635)
+- Issue 5637 - Covscan - fix Buffer Overflows (#5638)
+- Issue 5624 - RFE - UI - export certificates, and import text base64 encoded certificates
+- Bump tokio from 1.24.1 to 1.25.0 in /src (#5629)
+- Issue 4577 - Add LMDB pytest github action (#5627)
+- Issue 4293 - RFE - CLI - add dsrc options for setting user and group subtrees
+- Remove stale libevent(-devel) dependency
+- Issue 5578 - dscreate ds-root does not normaile paths (#5613)
+- Issue 5497 - boolean attributes should be case insensitive
+
+* Fri Mar 31 2023 Viktor Ashirov <vashirov@redhat.com> - 2.3.2-3
+- Fix build issue against setuptools 67.0.0 (#2183375)
+
+* Tue Feb 28 2023 Simon Pichugin <spichugi@redhat.com> - 2.3.2-2
+- Use systemd-sysusers for dirsrv user and group (#2173834)
+
+* Mon Jan 23 2023 Mark Reynolds <mreynolds@redhat.com> - 2.3.2-1
+- Bump version to 2.3.2
+- Issue 5547 - automember plugin improvements
+- Issue 5607, 5351, 5611 - UI/CLI - fix various issues
+- Issue 5610 - Build failure on Debian
+- Issue 5608 - UI - need to replace some "const" with "let"
+- Issue 5560 - dscreate run by non superuser set defaults requiring superuser privilege (#5579)
+- Issue 3604 - Create a private key/CSR with dsconf/Cockpit (#5584)
+- Issue 5605 - Adding a slapi_log_backtrace function in libslapd (#5606)
+- Issue 5602 - UI - browser crash when trying to modify read-only variable
+- Issue 5581 - UI - Support cockpit dark theme
+- Issue 5593 - CLI - dsidm account subtree-status fails with TypeError
+- Issue 5591 - BUG - Segfault in cl5configtrim with invalid confi (#5592)
+- Fix latest npm audit failures
+- Issue 5599 - CI - webui tests randomly fail
+- Issue 5348 - RFE - CLI - add functionality to do bulk updates to entries
+- Issue 5588 - Fix CI tests
+- Issue 5585 - lib389 password policy DN handling is incorrect (#5587)
+- Issue 5521 - UI - Update plugins for new split PAM and LDAP pass thru auth
+- Bump json5 from 2.2.1 to 2.2.3 in /src/cockpit/389-console
+- Issue 5236 - UI add specialized group edit modal
+- Issue 5550 - dsconf monitor crashes with Error math domain error (#5553)
+- Issue 5278 - CLI - dsidm asks for the old password on password reset
+- Issue 5531 - CI - use universal_lines in capture_output
+- Issue 5425 - CLI - add confirmation arg when deleting backend
+- Issue 5558 - non-root instance fails to start on creation (#5559)
+- Issue 5545 - A random crash in import over lmdb (#5546)
+- Issue 3615 - CLI - prevent virtual attribute indexing
+- Update specfile and rust crates
+- Issue 5413 - Allow mutliple MemberOf fixup tasks with different bases/filters
+- Issue 5554 - Add more tests to security_basic_test suite (#5555)
+- Issue 5561 - Nightly tests are failing
+- Issue 5521 - RFE - split pass through auth cli
+- Issue 5521 - BUG - Pam PTA multiple issues
+- Issue 5544 - Increase default task TTL
+- Issue 5526 - RFE - Improve saslauthd migration options (#5528)
+- Issue 5539 - Make logger's parameter name unified (#5540)
+- Issue 5541 - Fix typo in `lib389.cli_conf.backend._get_backend` (#5542)
+- Issue 3729 - (cont) RFE Extend log of operations statistics in access log (#5538)
+- Issue 5534 - Fix a rebase typo (#5537)
+- Issue 5534 - Add copyright text to the repository files
+
+* Wed Jan 18 2023 Fedora Release Engineering <releng@fedoraproject.org> - 2.3.1-3
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild
+
+* Sat Dec 31 2022 Pete Walter <pwalter@fedoraproject.org> - 2.3.1-2
+- Rebuild for ICU 72
+
+* Fri Nov 18 2022 Mark Reynolds <mreynolds@redhat.com> - 2.3.1-1
+- Bump version to 2.3.1
+- Issue 5532 - Make db compaction TOD day more robust.
+- Issue 3729 - RFE Extend log of operations statistics in access log (#5508)
+- Issue 5529 - UI - Fix npm vulnerability in loader-utils
+- Issue 5490 - tombstone in entryrdn index with lmdb but not with bdb (#5498)
+- Issue 5162 - Fix dsctl tls ca-certfiicate add-cert arg requirement
+- Issue 5510 - remove twalk_r dependency to build on RHEL8 (#5516)
+- Issue 5162 - RFE - CLI allow adding CA certificate bundles
+- Issue 5440 - memberof is slow on update/fixup if there are several 'groupattr' (#5455)
+- Issue 5512 - BUG - skip pwdPolicyChecker OC in migration (#5513)
+- Issue 3555 - UI - fix audit issue with npm loader-utils (#5514)
+- Issue 5505 - Fix compiler warning (#5506)
+- Issue 5469 - Increase the default value of nsslapd-conntablesize (#5472)
+- Issue 5408 - lmdb import is slow (#5481)
+- Issue 5429 - healthcheck - add checks for MemberOf group attrs being indexed
+- Issue 5502 - RFE - Add option to display entry attributes in audit log
+- Issue 5495 - BUG - Minor fix to dds skip, inconsistent attrs caused errors (#5501)
+- Issue 5367 - RFE - store full DN in database record
+- Issue 5495 - RFE - skip dds during migration. (#5496)
+- Issue 5491 - UI - Add rework and finish jpegPhoto functionality (#5492)
+- Issue 5368 - Retro Changelog trimming does not work (#5486)
+- Issue 5487 - Fix various issues with logconv.pl
+- Issue 5476 - RFE - add memberUid read aci by default (#5477)
+- Issue 5482 - lib389 - Can not enable replication with a mixed case suffix
+- Issue 5478 - Random crash in connection code during server shutdown (#5479)
+- Issue 3061 - RFE - Add password policy debug log level
+- Issue 5302 - Release tarballs don't contain cockpit webapp
+- Issue 5262 - high contention in find_entry_internal_dn on mixed load (#5264)
+- Issue 4324 - Revert recursive pthread mutex change (#5463)
+- Issue 5462 - RFE - add missing default indexes (#5464)
+- Issue 5465 - Fix dbscan linking (#5466)
+- Issue 5271 - Serialization of pam_passthrough causing high etimes (#5272)
+- Issue 5453 - UI/CLI - Changing Root DN breaks UI
+- Issue 5446 - Fix some covscan issues (#5451)
+- Issue 4308 - checking if an entry is a referral is expensive
+- Issue 5447 - UI - add NDN max cache size to UI
+- Issue 5443 - UI - disable save button while saving
+- Issue 5413 - Allow only one MemberOf fixup task at a time
+- Issue 4592 - dscreate error with custom dir_path (#5434)
+- Issue 5158 - entryuuid fixup tasks fails in replicated topology (#5439)
+
+* Tue Sep 20 2022 Mark Reynolds <mreynolds@redhat.com> - 2.3.0-2
+- Bump version to 2.3.0-2
+- Update old pcre-devel requirement to pcre2-devel
+
+* Thu Sep 1 2022 Mark Reynolds <mreynolds@redhat.com> - 2.3.0-1
+- Bump version to 2.3.0
+- Issue 5012 - Migrate pcre to pcre2 - remove match limit
+- Issue 5356 - Make Rust non-optional and update default password storage scheme
+- Issue 5012 - Migrate pcre to pcre2
+- Issue 5428 - Fix regression with nscpEntryWsi computation
+- Fix missing 'not' in description (closes #5423) (#5424)
+- Issue 5421 - CI - makes replication/acceptance_test.py::test_modify_entry more robust (#5422)
+- Issue 3903 - fix repl keep alive event interval
+- Issue 5418 - Sync_repl may crash while managing invalid cookie (#5420)
+- Issue 5415 - Hostname when set to localhost causing failures in other tests
+- Issue 5412 - lib389 - do not set backend name to lowercase
+- Issue 5407 - sync_repl crashes if enabled while dynamic plugin is enabled (#5411)
+- Issue 5385 - LMDB - import crash in rdncache_add_elem (#5406)
+- Issue 5403 - Memory leak in conntection table mulit list (#5404)
+- Issue 3903 - keep alive update event starts too soon
+- Issue 5397 - Fix various memory leaks
+- Issue 5399 - UI - LDAP Editor is not updated when we switch instances (#5400)
+- Issue 3903 - Supplier should do periodic updates
+- Issue 5377 - Code cleanup: Fix Covscan invalid reference (#5393)
+- Issue 5394 - configure doesn't check for lmdb and json-c
+- Issue 5392 - dscreate fails when using alternative ports in the SELinux hi_reserved_port_t label range
+- Issue 5386 - BUG - Update sudoers schema to correctly support UTF-8 (#5387)
+- Issue 5388 - fix use-after-free and deadcode
+- Issue 5383 - UI - Various fixes and RFE's for UI
+- Issue 4656 - Remove problematic language from source code
+- Issue 5380 - Separate cleanAllRUV code into new file
+- Issue 5322 - optime & wtime on rejected connections is not properly set
+- Issue 5335 - RFE - Add Security Audit Log
+- Issue 5375 - CI - disable TLS hostname checking
+- Issue 981  - Managed Entries betxnpreoperation - transaction not aborted on managed entry failure (#5369)
+- Issue 5373 - dsidm user get_dn fails with search_ext() argument 1 must be str, not function
+- Issue 5371 - Update npm and cargo packages
+- Issue 3069 - Support ECDSA private keys for TLS (#5365)
+- Issue 5290 - Importing certificate chain files via "import-server-key-cert" no longer works (#5293)
+
+* Mon Aug 01 2022 Frantisek Zatloukal <fzatlouk@redhat.com> - 2.2.2-3
+- Rebuilt for ICU 71.1
+
+* Wed Jul 20 2022 Fedora Release Engineering <releng@fedoraproject.org> - 2.2.2-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild
+
+* Tue Jul 5 2022 Mark Reynolds <mreynolds@redhat.com> - 2.2.2-1
+- Bump version to 2.2.2
+- Issue 5221 - fix covscan (#5359)
+- Issue 5294 - Report Portal 5 is not processing an XML file with (#5358)
+- Issue 5353 - CLI - dsconf backend export breaks with multiple backends
+- Issue 5346 - New connection table fails with ASAN failures (#5350)
+- Issue 5345 - BUG - openldap migration fails when ppolicy is active (#5347)
+- Issue 5323 - BUG - improve skipping of monitor db (#5340)
+- Issue 5329 - Improve replication extended op logging
+- Issue 5343 - Various improvements to winsync
+- Issue 4932 - CLI - add parser aliases to long arg names
+- Issue 5332 - BUG - normalise filter as intended
+- Issue 5327 - Validate test metadata
+- Issue 4812 - Scalability with high number of connections (#5090)
+- Issue 4348 - Add tests for dsidm
+- Issue 5333 - 389-ds-base fails to build with Python 3.11
+
+* Thu Jun 16 2022 Python Maint <python-maint@redhat.com> - 2.2.1-4
+- Rebuilt for Python 3.11
+
+* Wed Jun 15 2022 Mark Reynolds <mreynolds@redhat.com> - 2.2.1-3
+- Bump version to 2.2.1-3
+- Issue 5332 - BUG - normalise filter as intended
+- Issue 5327 - Validate test metadata
+- Issue 4348 - Add tests for dsidm
+- Bump crossbeam-utils from 0.8.6 to 0.8.8 in /src
+- Issue 5333 - 389-ds-base fails to build with Python 3.11
+
+* Mon Jun 13 2022 Python Maint <python-maint@redhat.com> - 2.2.1-2
+- Rebuilt for Python 3.11
+
+* Fri Jun 3 2022 Mark Reynolds <mreynolds@redhat.com> - 2.2.1-1
+- Bump version to 2.2.1
+- Issue 5323 - BUG - Fix issue in mdb tests with monitor (#5326)
+- Issue 5170 - BUG - incorrect behaviour of filter test (#5315)
+- Issue 5324 - plugin acceptance test needs hardening
+- Issue 5319 - dsctl_tls_test.py fails with openssl-3.x
+- Issue 5323 - BUG - migrating database for monitoring interface lead to crash (#5321)
+- Issue 5304 - Need a compatibility option about sub suffix handling (#5310)
+- Issue 5313 - dbgen test uses deprecated -h HOST and -p PORT options for ldapmodify
+- Issue 5311 - Missing Requires for acl in the spec file
+- Issue 5305 - OpenLDAP version autodetection doesn't work
+- Issue 5307 - VERSION_PREREL is not set correctly in CI builds
+- Issue 5302 - Release tarballs don't contain cockpit webapp
+- Issue 5170 - RFE - improve filter logging to assist debugging (#5301)
+- Issue 5299 - jemalloc 5.3 released
+- Issue 5175 - Remove stale zlib-devel dependency declaration (#5173)
+- Issue 5294 - Report Portal 5 is not processing test results XML file
+- Issue 5170 - BUG - ldapsubentries were incorrectly returned (#5285)
+- Issue 5291 - Harden ReplicationManager.wait_for_replication (#5292)
+- Issue  379 - RFE - Compress rotated logs (fix linker)
+- Issue  379 - RFE - Compress rotated logs
+- Issue 5281 - HIGH - basic test does not run
+- Issue 5284 - Replication broken after password change (#5286)
+- Issue 5279 - dscontainer: TypeError: unsupported operand type(s) for /: 'str' and 'int'
+- Issue 5170 - RFE - Filter optimiser (#5171)
+- Issue 5276 - CLI - improve task handling
+- Issue 5126 - Memory leak in slapi_ldap_get_lderrno (#5153)
+- Issue 3 - ansible-ds - Prefix handling fix (#5275)
+- Issue 5273 - CLI - add arg completer for instance name
+- Issue 2893 - CLI - dscreate - add options for setting up replication
+- Issue 4866 - CLI - when enabling replication set changelog trimming by default
+- Issue 5241 - UI - Add account locking missing functionality (#5251)
+- Issue 5180 - snmp_collator tries to unlock NULL mutex (#5266)
+- Issue 4904 - Fix various small issues
+- lib389 prerequisite for ansible-ds (#5253)
+- Issue 5260 - BUG - OpenLDAP allows multiple names of memberof overlay (#5261)
+- Issue 5252 - During DEL, vlv search can erroneously return NULL candidate (#5256)
+- Issue 5254 - dscreate create-template regression due to 5a3bdc336 (#5255)
+- Issue 5210 - Python undefined names in lib389
+- Issue 5065 - Crash in suite plugins - test_dna_max_value (#5108)
+- Issue 5247 - BUG - Missing attributes in samba schema (#5248)
+- Issue 5242- Craft message may crash the server (#5243)
+- Issue 4775 -plugin entryuuid failing (#5229)
+- Issue 5239 - Nightly copr builds are broken
+- Issue 5237 - audit-ci: Cannot convert undefined or null to object
+- Issue 5234 - UI - rename Users and Groups tab
+- Issue 5227 - UI - No way to move back to Get Started step (#5233)
+- Issue 5217 - Simplify instance creation and administration by non root user (#5224)
diff --git a/SPECS-EXTENDED/389-ds-base/389-ds-base.sysusers b/SPECS-EXTENDED/389-ds-base/389-ds-base.sysusers
new file mode 100644
index 00000000000..32a3452dae4
--- /dev/null
+++ b/SPECS-EXTENDED/389-ds-base/389-ds-base.sysusers
@@ -0,0 +1,3 @@
+#Type Name     ID             GECOS                   Home directory       Shell
+g     dirsrv   389
+u     dirsrv   389:389        "user for 389-ds-base"  /usr/share/dirsrv/   /sbin/nologin
diff --git a/cgmanifest.json b/cgmanifest.json
index b4914d62a3a..682bd612cd0 100644
--- a/cgmanifest.json
+++ b/cgmanifest.json
@@ -1,5 +1,15 @@
 {
   "Registrations": [
+    {
+      "component": {
+        "type": "other",
+        "other": {
+          "name": "389-ds-base",
+          "version": "3.1.1",
+          "downloadUrl": "https://github.com/389ds/389-ds-base/releases/download/389-ds-base-3.1.1/389-ds-base-3.1.1.tar.bz2"
+        }
+      }
+    },
     {
       "component": {
         "type": "other",
@@ -13291,9 +13301,9 @@
       "component": {
         "type": "other",
         "other": {
-          "name": "mosh",
-          "version": "1.4.0",
-          "downloadUrl": "https://github.com/mobile-shell/mosh/releases/download/mosh-1.4.0/mosh-1.4.0.tar.gz"
+          "name": "ModemManager",
+          "version": "1.18.12",
+          "downloadUrl": "https://www.freedesktop.org/software/ModemManager/ModemManager-1.18.12.tar.xz"
         }
       }
     },
@@ -13301,9 +13311,9 @@
       "component": {
         "type": "other",
         "other": {
-          "name": "ModemManager",
-          "version": "1.18.12",
-          "downloadUrl": "https://www.freedesktop.org/software/ModemManager/ModemManager-1.18.12.tar.xz"
+          "name": "mokutil",
+          "version": "0.6.0",
+          "downloadUrl": "https://github.com/lcp/mokutil/archive/0.6.0.tar.gz"
         }
       }
     },
@@ -13311,9 +13321,9 @@
       "component": {
         "type": "other",
         "other": {
-          "name": "mokutil",
-          "version": "0.6.0",
-          "downloadUrl": "https://github.com/lcp/mokutil/archive/0.6.0.tar.gz"
+          "name": "mosh",
+          "version": "1.4.0",
+          "downloadUrl": "https://github.com/mobile-shell/mosh/releases/download/mosh-1.4.0/mosh-1.4.0.tar.gz"
         }
       }
     },

From ebc96cc71a72280edd07523c44eb8184b1bcfe31 Mon Sep 17 00:00:00 2001
From: Archana Choudhary <36061892+arc9693@users.noreply.github.com>
Date: Fri, 27 Sep 2024 15:45:49 +0530
Subject: [PATCH 37/59] tensorflow: patch for CVE-2024-6232, CVE-2024-8088,
 CVE-2024-3651 (#10563)

---
 SPECS/tensorflow/CVE-2024-3651.patch  | 3754 +++++++++++++++++++++++++
 SPECS/tensorflow/CVE-2024-6232.patch  |  175 ++
 SPECS/tensorflow/CVE-2024-8088.patch  |   41 +
 SPECS/tensorflow/generate_tf_cache.sh |    2 +-
 SPECS/tensorflow/tensorflow.spec      |   23 +-
 5 files changed, 3993 insertions(+), 2 deletions(-)
 create mode 100644 SPECS/tensorflow/CVE-2024-3651.patch
 create mode 100644 SPECS/tensorflow/CVE-2024-6232.patch
 create mode 100644 SPECS/tensorflow/CVE-2024-8088.patch
 mode change 100644 => 100755 SPECS/tensorflow/generate_tf_cache.sh

diff --git a/SPECS/tensorflow/CVE-2024-3651.patch b/SPECS/tensorflow/CVE-2024-3651.patch
new file mode 100644
index 00000000000..482721155e2
--- /dev/null
+++ b/SPECS/tensorflow/CVE-2024-3651.patch
@@ -0,0 +1,3754 @@
+diff --color -ruN a/codec.py b/codec.py
+--- a/codec.py	2021-01-01 08:00:00.000000000 +0000
++++ b/codec.py	2024-09-26 14:49:49.043936672 +0000
+@@ -1,7 +1,7 @@
+ from .core import encode, decode, alabel, ulabel, IDNAError
+ import codecs
+ import re
+-from typing import Tuple, Optional
++from typing import Any, Tuple, Optional
+ 
+ _unicode_dots_re = re.compile('[\u002e\u3002\uff0e\uff61]')
+ 
+@@ -26,24 +26,24 @@
+         return decode(data), len(data)
+ 
+ class IncrementalEncoder(codecs.BufferedIncrementalEncoder):
+-    def _buffer_encode(self, data: str, errors: str, final: bool) -> Tuple[str, int]:  # type: ignore
++    def _buffer_encode(self, data: str, errors: str, final: bool) -> Tuple[bytes, int]:
+         if errors != 'strict':
+             raise IDNAError('Unsupported error handling \"{}\"'.format(errors))
+ 
+         if not data:
+-            return "", 0
++            return b'', 0
+ 
+         labels = _unicode_dots_re.split(data)
+-        trailing_dot = ''
++        trailing_dot = b''
+         if labels:
+             if not labels[-1]:
+-                trailing_dot = '.'
++                trailing_dot = b'.'
+                 del labels[-1]
+             elif not final:
+                 # Keep potentially unfinished label until the next call
+                 del labels[-1]
+                 if labels:
+-                    trailing_dot = '.'
++                    trailing_dot = b'.'
+ 
+         result = []
+         size = 0
+@@ -54,18 +54,21 @@
+             size += len(label)
+ 
+         # Join with U+002E
+-        result_str = '.'.join(result) + trailing_dot  # type: ignore
++        result_bytes = b'.'.join(result) + trailing_dot
+         size += len(trailing_dot)
+-        return result_str, size
++        return result_bytes, size
+ 
+ class IncrementalDecoder(codecs.BufferedIncrementalDecoder):
+-    def _buffer_decode(self, data: str, errors: str, final: bool) -> Tuple[str, int]:  # type: ignore
++    def _buffer_decode(self, data: Any, errors: str, final: bool) -> Tuple[str, int]:
+         if errors != 'strict':
+             raise IDNAError('Unsupported error handling \"{}\"'.format(errors))
+ 
+         if not data:
+             return ('', 0)
+ 
++        if not isinstance(data, str):
++            data = str(data, 'ascii')
++
+         labels = _unicode_dots_re.split(data)
+         trailing_dot = ''
+         if labels:
+@@ -99,14 +102,17 @@
+     pass
+ 
+ 
+-def getregentry() -> codecs.CodecInfo:
+-    # Compatibility as a search_function for codecs.register()
++def search_function(name: str) -> Optional[codecs.CodecInfo]:
++    if name != 'idna2008':
++        return None
+     return codecs.CodecInfo(
+-        name='idna',
+-        encode=Codec().encode,  # type: ignore
+-        decode=Codec().decode,  # type: ignore
++        name=name,
++        encode=Codec().encode,
++        decode=Codec().decode,
+         incrementalencoder=IncrementalEncoder,
+         incrementaldecoder=IncrementalDecoder,
+         streamwriter=StreamWriter,
+         streamreader=StreamReader,
+     )
++
++codecs.register(search_function)
+diff --color -ruN a/core.py b/core.py
+--- a/core.py	2021-01-01 08:00:00.000000000 +0000
++++ b/core.py	2024-09-26 14:49:49.043936672 +0000
+@@ -150,9 +150,11 @@
+             joining_type = idnadata.joining_types.get(ord(label[i]))
+             if joining_type == ord('T'):
+                 continue
+-            if joining_type in [ord('L'), ord('D')]:
++            elif joining_type in [ord('L'), ord('D')]:
+                 ok = True
+                 break
++            else:
++                break
+ 
+         if not ok:
+             return False
+@@ -162,9 +164,11 @@
+             joining_type = idnadata.joining_types.get(ord(label[i]))
+             if joining_type == ord('T'):
+                 continue
+-            if joining_type in [ord('R'), ord('D')]:
++            elif joining_type in [ord('R'), ord('D')]:
+                 ok = True
+                 break
++            else:
++                break
+         return ok
+ 
+     if cp_value == 0x200d:
+@@ -236,12 +240,8 @@
+         if intranges_contain(cp_value, idnadata.codepoint_classes['PVALID']):
+             continue
+         elif intranges_contain(cp_value, idnadata.codepoint_classes['CONTEXTJ']):
+-            try:
+-                if not valid_contextj(label, pos):
+-                    raise InvalidCodepointContext('Joiner {} not allowed at position {} in {}'.format(
+-                        _unot(cp_value), pos+1, repr(label)))
+-            except ValueError:
+-                raise IDNAError('Unknown codepoint adjacent to joiner {} at position {} in {}'.format(
++            if not valid_contextj(label, pos):
++                raise InvalidCodepointContext('Joiner {} not allowed at position {} in {}'.format(
+                     _unot(cp_value), pos+1, repr(label)))
+         elif intranges_contain(cp_value, idnadata.codepoint_classes['CONTEXTO']):
+             if not valid_contexto(label, pos):
+@@ -262,13 +262,8 @@
+     except UnicodeEncodeError:
+         pass
+ 
+-    if not label:
+-        raise IDNAError('No Input')
+-
+-    label = str(label)
+     check_label(label)
+-    label_bytes = _punycode(label)
+-    label_bytes = _alabel_prefix + label_bytes
++    label_bytes = _alabel_prefix + _punycode(label)
+ 
+     if not valid_label_length(label_bytes):
+         raise IDNAError('Label too long')
+@@ -318,7 +313,7 @@
+             status = uts46row[1]
+             replacement = None  # type: Optional[str]
+             if len(uts46row) == 3:
+-                replacement = uts46row[2]  # type: ignore
++                replacement = uts46row[2]
+             if (status == 'V' or
+                     (status == 'D' and not transitional) or
+                     (status == '3' and not std3_rules and replacement is None)):
+@@ -338,9 +333,9 @@
+ 
+ 
+ def encode(s: Union[str, bytes, bytearray], strict: bool = False, uts46: bool = False, std3_rules: bool = False, transitional: bool = False) -> bytes:
+-    if isinstance(s, (bytes, bytearray)):
++    if not isinstance(s, str):
+         try:
+-            s = s.decode('ascii')
++            s = str(s, 'ascii')
+         except UnicodeDecodeError:
+             raise IDNAError('should pass a unicode string to the function rather than a byte string.')
+     if uts46:
+@@ -372,8 +367,8 @@
+ 
+ def decode(s: Union[str, bytes, bytearray], strict: bool = False, uts46: bool = False, std3_rules: bool = False) -> str:
+     try:
+-        if isinstance(s, (bytes, bytearray)):
+-            s = s.decode('ascii')
++        if not isinstance(s, str):
++            s = str(s, 'ascii')
+     except UnicodeDecodeError:
+         raise IDNAError('Invalid ASCII in A-label')
+     if uts46:
+diff --color -ruN a/idnadata.py b/idnadata.py
+--- a/idnadata.py	2021-01-01 08:00:00.000000000 +0000
++++ b/idnadata.py	2024-09-26 14:49:49.043936672 +0000
+@@ -1,6 +1,6 @@
+ # This file is automatically generated by tools/idna-data
+ 
+-__version__ = '15.0.0'
++__version__ = '15.1.0'
+ scripts = {
+     'Greek': (
+         0x37000000374,
+@@ -59,6 +59,7 @@
+         0x2b7400002b81e,
+         0x2b8200002cea2,
+         0x2ceb00002ebe1,
++        0x2ebf00002ee5e,
+         0x2f8000002fa1e,
+         0x300000003134b,
+         0x31350000323b0,
+@@ -100,16 +101,190 @@
+     ),
+ }
+ joining_types = {
+-    0x600: 85,
+-    0x601: 85,
+-    0x602: 85,
+-    0x603: 85,
+-    0x604: 85,
+-    0x605: 85,
+-    0x608: 85,
+-    0x60b: 85,
++    0xad: 84,
++    0x300: 84,
++    0x301: 84,
++    0x302: 84,
++    0x303: 84,
++    0x304: 84,
++    0x305: 84,
++    0x306: 84,
++    0x307: 84,
++    0x308: 84,
++    0x309: 84,
++    0x30a: 84,
++    0x30b: 84,
++    0x30c: 84,
++    0x30d: 84,
++    0x30e: 84,
++    0x30f: 84,
++    0x310: 84,
++    0x311: 84,
++    0x312: 84,
++    0x313: 84,
++    0x314: 84,
++    0x315: 84,
++    0x316: 84,
++    0x317: 84,
++    0x318: 84,
++    0x319: 84,
++    0x31a: 84,
++    0x31b: 84,
++    0x31c: 84,
++    0x31d: 84,
++    0x31e: 84,
++    0x31f: 84,
++    0x320: 84,
++    0x321: 84,
++    0x322: 84,
++    0x323: 84,
++    0x324: 84,
++    0x325: 84,
++    0x326: 84,
++    0x327: 84,
++    0x328: 84,
++    0x329: 84,
++    0x32a: 84,
++    0x32b: 84,
++    0x32c: 84,
++    0x32d: 84,
++    0x32e: 84,
++    0x32f: 84,
++    0x330: 84,
++    0x331: 84,
++    0x332: 84,
++    0x333: 84,
++    0x334: 84,
++    0x335: 84,
++    0x336: 84,
++    0x337: 84,
++    0x338: 84,
++    0x339: 84,
++    0x33a: 84,
++    0x33b: 84,
++    0x33c: 84,
++    0x33d: 84,
++    0x33e: 84,
++    0x33f: 84,
++    0x340: 84,
++    0x341: 84,
++    0x342: 84,
++    0x343: 84,
++    0x344: 84,
++    0x345: 84,
++    0x346: 84,
++    0x347: 84,
++    0x348: 84,
++    0x349: 84,
++    0x34a: 84,
++    0x34b: 84,
++    0x34c: 84,
++    0x34d: 84,
++    0x34e: 84,
++    0x34f: 84,
++    0x350: 84,
++    0x351: 84,
++    0x352: 84,
++    0x353: 84,
++    0x354: 84,
++    0x355: 84,
++    0x356: 84,
++    0x357: 84,
++    0x358: 84,
++    0x359: 84,
++    0x35a: 84,
++    0x35b: 84,
++    0x35c: 84,
++    0x35d: 84,
++    0x35e: 84,
++    0x35f: 84,
++    0x360: 84,
++    0x361: 84,
++    0x362: 84,
++    0x363: 84,
++    0x364: 84,
++    0x365: 84,
++    0x366: 84,
++    0x367: 84,
++    0x368: 84,
++    0x369: 84,
++    0x36a: 84,
++    0x36b: 84,
++    0x36c: 84,
++    0x36d: 84,
++    0x36e: 84,
++    0x36f: 84,
++    0x483: 84,
++    0x484: 84,
++    0x485: 84,
++    0x486: 84,
++    0x487: 84,
++    0x488: 84,
++    0x489: 84,
++    0x591: 84,
++    0x592: 84,
++    0x593: 84,
++    0x594: 84,
++    0x595: 84,
++    0x596: 84,
++    0x597: 84,
++    0x598: 84,
++    0x599: 84,
++    0x59a: 84,
++    0x59b: 84,
++    0x59c: 84,
++    0x59d: 84,
++    0x59e: 84,
++    0x59f: 84,
++    0x5a0: 84,
++    0x5a1: 84,
++    0x5a2: 84,
++    0x5a3: 84,
++    0x5a4: 84,
++    0x5a5: 84,
++    0x5a6: 84,
++    0x5a7: 84,
++    0x5a8: 84,
++    0x5a9: 84,
++    0x5aa: 84,
++    0x5ab: 84,
++    0x5ac: 84,
++    0x5ad: 84,
++    0x5ae: 84,
++    0x5af: 84,
++    0x5b0: 84,
++    0x5b1: 84,
++    0x5b2: 84,
++    0x5b3: 84,
++    0x5b4: 84,
++    0x5b5: 84,
++    0x5b6: 84,
++    0x5b7: 84,
++    0x5b8: 84,
++    0x5b9: 84,
++    0x5ba: 84,
++    0x5bb: 84,
++    0x5bc: 84,
++    0x5bd: 84,
++    0x5bf: 84,
++    0x5c1: 84,
++    0x5c2: 84,
++    0x5c4: 84,
++    0x5c5: 84,
++    0x5c7: 84,
++    0x610: 84,
++    0x611: 84,
++    0x612: 84,
++    0x613: 84,
++    0x614: 84,
++    0x615: 84,
++    0x616: 84,
++    0x617: 84,
++    0x618: 84,
++    0x619: 84,
++    0x61a: 84,
++    0x61c: 84,
+     0x620: 68,
+-    0x621: 85,
+     0x622: 82,
+     0x623: 82,
+     0x624: 82,
+@@ -151,12 +326,33 @@
+     0x648: 82,
+     0x649: 68,
+     0x64a: 68,
++    0x64b: 84,
++    0x64c: 84,
++    0x64d: 84,
++    0x64e: 84,
++    0x64f: 84,
++    0x650: 84,
++    0x651: 84,
++    0x652: 84,
++    0x653: 84,
++    0x654: 84,
++    0x655: 84,
++    0x656: 84,
++    0x657: 84,
++    0x658: 84,
++    0x659: 84,
++    0x65a: 84,
++    0x65b: 84,
++    0x65c: 84,
++    0x65d: 84,
++    0x65e: 84,
++    0x65f: 84,
+     0x66e: 68,
+     0x66f: 68,
++    0x670: 84,
+     0x671: 82,
+     0x672: 82,
+     0x673: 82,
+-    0x674: 85,
+     0x675: 82,
+     0x676: 82,
+     0x677: 82,
+@@ -253,7 +449,25 @@
+     0x6d2: 82,
+     0x6d3: 82,
+     0x6d5: 82,
+-    0x6dd: 85,
++    0x6d6: 84,
++    0x6d7: 84,
++    0x6d8: 84,
++    0x6d9: 84,
++    0x6da: 84,
++    0x6db: 84,
++    0x6dc: 84,
++    0x6df: 84,
++    0x6e0: 84,
++    0x6e1: 84,
++    0x6e2: 84,
++    0x6e3: 84,
++    0x6e4: 84,
++    0x6e7: 84,
++    0x6e8: 84,
++    0x6ea: 84,
++    0x6eb: 84,
++    0x6ec: 84,
++    0x6ed: 84,
+     0x6ee: 82,
+     0x6ef: 82,
+     0x6fa: 68,
+@@ -262,6 +476,7 @@
+     0x6ff: 68,
+     0x70f: 84,
+     0x710: 82,
++    0x711: 84,
+     0x712: 68,
+     0x713: 68,
+     0x714: 68,
+@@ -292,6 +507,33 @@
+     0x72d: 68,
+     0x72e: 68,
+     0x72f: 82,
++    0x730: 84,
++    0x731: 84,
++    0x732: 84,
++    0x733: 84,
++    0x734: 84,
++    0x735: 84,
++    0x736: 84,
++    0x737: 84,
++    0x738: 84,
++    0x739: 84,
++    0x73a: 84,
++    0x73b: 84,
++    0x73c: 84,
++    0x73d: 84,
++    0x73e: 84,
++    0x73f: 84,
++    0x740: 84,
++    0x741: 84,
++    0x742: 84,
++    0x743: 84,
++    0x744: 84,
++    0x745: 84,
++    0x746: 84,
++    0x747: 84,
++    0x748: 84,
++    0x749: 84,
++    0x74a: 84,
+     0x74d: 82,
+     0x74e: 68,
+     0x74f: 68,
+@@ -343,6 +585,17 @@
+     0x77d: 68,
+     0x77e: 68,
+     0x77f: 68,
++    0x7a6: 84,
++    0x7a7: 84,
++    0x7a8: 84,
++    0x7a9: 84,
++    0x7aa: 84,
++    0x7ab: 84,
++    0x7ac: 84,
++    0x7ad: 84,
++    0x7ae: 84,
++    0x7af: 84,
++    0x7b0: 84,
+     0x7ca: 68,
+     0x7cb: 68,
+     0x7cc: 68,
+@@ -376,7 +629,38 @@
+     0x7e8: 68,
+     0x7e9: 68,
+     0x7ea: 68,
++    0x7eb: 84,
++    0x7ec: 84,
++    0x7ed: 84,
++    0x7ee: 84,
++    0x7ef: 84,
++    0x7f0: 84,
++    0x7f1: 84,
++    0x7f2: 84,
++    0x7f3: 84,
+     0x7fa: 67,
++    0x7fd: 84,
++    0x816: 84,
++    0x817: 84,
++    0x818: 84,
++    0x819: 84,
++    0x81b: 84,
++    0x81c: 84,
++    0x81d: 84,
++    0x81e: 84,
++    0x81f: 84,
++    0x820: 84,
++    0x821: 84,
++    0x822: 84,
++    0x823: 84,
++    0x825: 84,
++    0x826: 84,
++    0x827: 84,
++    0x829: 84,
++    0x82a: 84,
++    0x82b: 84,
++    0x82c: 84,
++    0x82d: 84,
+     0x840: 82,
+     0x841: 68,
+     0x842: 68,
+@@ -402,13 +686,14 @@
+     0x856: 82,
+     0x857: 82,
+     0x858: 82,
++    0x859: 84,
++    0x85a: 84,
++    0x85b: 84,
+     0x860: 68,
+-    0x861: 85,
+     0x862: 68,
+     0x863: 68,
+     0x864: 68,
+     0x865: 68,
+-    0x866: 85,
+     0x867: 82,
+     0x868: 68,
+     0x869: 82,
+@@ -436,16 +721,20 @@
+     0x884: 67,
+     0x885: 67,
+     0x886: 68,
+-    0x887: 85,
+-    0x888: 85,
+     0x889: 68,
+     0x88a: 68,
+     0x88b: 68,
+     0x88c: 68,
+     0x88d: 68,
+     0x88e: 82,
+-    0x890: 85,
+-    0x891: 85,
++    0x898: 84,
++    0x899: 84,
++    0x89a: 84,
++    0x89b: 84,
++    0x89c: 84,
++    0x89d: 84,
++    0x89e: 84,
++    0x89f: 84,
+     0x8a0: 68,
+     0x8a1: 68,
+     0x8a2: 68,
+@@ -459,7 +748,6 @@
+     0x8aa: 82,
+     0x8ab: 82,
+     0x8ac: 82,
+-    0x8ad: 85,
+     0x8ae: 82,
+     0x8af: 68,
+     0x8b0: 68,
+@@ -487,11 +775,357 @@
+     0x8c6: 68,
+     0x8c7: 68,
+     0x8c8: 68,
+-    0x8e2: 85,
+-    0x1806: 85,
++    0x8ca: 84,
++    0x8cb: 84,
++    0x8cc: 84,
++    0x8cd: 84,
++    0x8ce: 84,
++    0x8cf: 84,
++    0x8d0: 84,
++    0x8d1: 84,
++    0x8d2: 84,
++    0x8d3: 84,
++    0x8d4: 84,
++    0x8d5: 84,
++    0x8d6: 84,
++    0x8d7: 84,
++    0x8d8: 84,
++    0x8d9: 84,
++    0x8da: 84,
++    0x8db: 84,
++    0x8dc: 84,
++    0x8dd: 84,
++    0x8de: 84,
++    0x8df: 84,
++    0x8e0: 84,
++    0x8e1: 84,
++    0x8e3: 84,
++    0x8e4: 84,
++    0x8e5: 84,
++    0x8e6: 84,
++    0x8e7: 84,
++    0x8e8: 84,
++    0x8e9: 84,
++    0x8ea: 84,
++    0x8eb: 84,
++    0x8ec: 84,
++    0x8ed: 84,
++    0x8ee: 84,
++    0x8ef: 84,
++    0x8f0: 84,
++    0x8f1: 84,
++    0x8f2: 84,
++    0x8f3: 84,
++    0x8f4: 84,
++    0x8f5: 84,
++    0x8f6: 84,
++    0x8f7: 84,
++    0x8f8: 84,
++    0x8f9: 84,
++    0x8fa: 84,
++    0x8fb: 84,
++    0x8fc: 84,
++    0x8fd: 84,
++    0x8fe: 84,
++    0x8ff: 84,
++    0x900: 84,
++    0x901: 84,
++    0x902: 84,
++    0x93a: 84,
++    0x93c: 84,
++    0x941: 84,
++    0x942: 84,
++    0x943: 84,
++    0x944: 84,
++    0x945: 84,
++    0x946: 84,
++    0x947: 84,
++    0x948: 84,
++    0x94d: 84,
++    0x951: 84,
++    0x952: 84,
++    0x953: 84,
++    0x954: 84,
++    0x955: 84,
++    0x956: 84,
++    0x957: 84,
++    0x962: 84,
++    0x963: 84,
++    0x981: 84,
++    0x9bc: 84,
++    0x9c1: 84,
++    0x9c2: 84,
++    0x9c3: 84,
++    0x9c4: 84,
++    0x9cd: 84,
++    0x9e2: 84,
++    0x9e3: 84,
++    0x9fe: 84,
++    0xa01: 84,
++    0xa02: 84,
++    0xa3c: 84,
++    0xa41: 84,
++    0xa42: 84,
++    0xa47: 84,
++    0xa48: 84,
++    0xa4b: 84,
++    0xa4c: 84,
++    0xa4d: 84,
++    0xa51: 84,
++    0xa70: 84,
++    0xa71: 84,
++    0xa75: 84,
++    0xa81: 84,
++    0xa82: 84,
++    0xabc: 84,
++    0xac1: 84,
++    0xac2: 84,
++    0xac3: 84,
++    0xac4: 84,
++    0xac5: 84,
++    0xac7: 84,
++    0xac8: 84,
++    0xacd: 84,
++    0xae2: 84,
++    0xae3: 84,
++    0xafa: 84,
++    0xafb: 84,
++    0xafc: 84,
++    0xafd: 84,
++    0xafe: 84,
++    0xaff: 84,
++    0xb01: 84,
++    0xb3c: 84,
++    0xb3f: 84,
++    0xb41: 84,
++    0xb42: 84,
++    0xb43: 84,
++    0xb44: 84,
++    0xb4d: 84,
++    0xb55: 84,
++    0xb56: 84,
++    0xb62: 84,
++    0xb63: 84,
++    0xb82: 84,
++    0xbc0: 84,
++    0xbcd: 84,
++    0xc00: 84,
++    0xc04: 84,
++    0xc3c: 84,
++    0xc3e: 84,
++    0xc3f: 84,
++    0xc40: 84,
++    0xc46: 84,
++    0xc47: 84,
++    0xc48: 84,
++    0xc4a: 84,
++    0xc4b: 84,
++    0xc4c: 84,
++    0xc4d: 84,
++    0xc55: 84,
++    0xc56: 84,
++    0xc62: 84,
++    0xc63: 84,
++    0xc81: 84,
++    0xcbc: 84,
++    0xcbf: 84,
++    0xcc6: 84,
++    0xccc: 84,
++    0xccd: 84,
++    0xce2: 84,
++    0xce3: 84,
++    0xd00: 84,
++    0xd01: 84,
++    0xd3b: 84,
++    0xd3c: 84,
++    0xd41: 84,
++    0xd42: 84,
++    0xd43: 84,
++    0xd44: 84,
++    0xd4d: 84,
++    0xd62: 84,
++    0xd63: 84,
++    0xd81: 84,
++    0xdca: 84,
++    0xdd2: 84,
++    0xdd3: 84,
++    0xdd4: 84,
++    0xdd6: 84,
++    0xe31: 84,
++    0xe34: 84,
++    0xe35: 84,
++    0xe36: 84,
++    0xe37: 84,
++    0xe38: 84,
++    0xe39: 84,
++    0xe3a: 84,
++    0xe47: 84,
++    0xe48: 84,
++    0xe49: 84,
++    0xe4a: 84,
++    0xe4b: 84,
++    0xe4c: 84,
++    0xe4d: 84,
++    0xe4e: 84,
++    0xeb1: 84,
++    0xeb4: 84,
++    0xeb5: 84,
++    0xeb6: 84,
++    0xeb7: 84,
++    0xeb8: 84,
++    0xeb9: 84,
++    0xeba: 84,
++    0xebb: 84,
++    0xebc: 84,
++    0xec8: 84,
++    0xec9: 84,
++    0xeca: 84,
++    0xecb: 84,
++    0xecc: 84,
++    0xecd: 84,
++    0xece: 84,
++    0xf18: 84,
++    0xf19: 84,
++    0xf35: 84,
++    0xf37: 84,
++    0xf39: 84,
++    0xf71: 84,
++    0xf72: 84,
++    0xf73: 84,
++    0xf74: 84,
++    0xf75: 84,
++    0xf76: 84,
++    0xf77: 84,
++    0xf78: 84,
++    0xf79: 84,
++    0xf7a: 84,
++    0xf7b: 84,
++    0xf7c: 84,
++    0xf7d: 84,
++    0xf7e: 84,
++    0xf80: 84,
++    0xf81: 84,
++    0xf82: 84,
++    0xf83: 84,
++    0xf84: 84,
++    0xf86: 84,
++    0xf87: 84,
++    0xf8d: 84,
++    0xf8e: 84,
++    0xf8f: 84,
++    0xf90: 84,
++    0xf91: 84,
++    0xf92: 84,
++    0xf93: 84,
++    0xf94: 84,
++    0xf95: 84,
++    0xf96: 84,
++    0xf97: 84,
++    0xf99: 84,
++    0xf9a: 84,
++    0xf9b: 84,
++    0xf9c: 84,
++    0xf9d: 84,
++    0xf9e: 84,
++    0xf9f: 84,
++    0xfa0: 84,
++    0xfa1: 84,
++    0xfa2: 84,
++    0xfa3: 84,
++    0xfa4: 84,
++    0xfa5: 84,
++    0xfa6: 84,
++    0xfa7: 84,
++    0xfa8: 84,
++    0xfa9: 84,
++    0xfaa: 84,
++    0xfab: 84,
++    0xfac: 84,
++    0xfad: 84,
++    0xfae: 84,
++    0xfaf: 84,
++    0xfb0: 84,
++    0xfb1: 84,
++    0xfb2: 84,
++    0xfb3: 84,
++    0xfb4: 84,
++    0xfb5: 84,
++    0xfb6: 84,
++    0xfb7: 84,
++    0xfb8: 84,
++    0xfb9: 84,
++    0xfba: 84,
++    0xfbb: 84,
++    0xfbc: 84,
++    0xfc6: 84,
++    0x102d: 84,
++    0x102e: 84,
++    0x102f: 84,
++    0x1030: 84,
++    0x1032: 84,
++    0x1033: 84,
++    0x1034: 84,
++    0x1035: 84,
++    0x1036: 84,
++    0x1037: 84,
++    0x1039: 84,
++    0x103a: 84,
++    0x103d: 84,
++    0x103e: 84,
++    0x1058: 84,
++    0x1059: 84,
++    0x105e: 84,
++    0x105f: 84,
++    0x1060: 84,
++    0x1071: 84,
++    0x1072: 84,
++    0x1073: 84,
++    0x1074: 84,
++    0x1082: 84,
++    0x1085: 84,
++    0x1086: 84,
++    0x108d: 84,
++    0x109d: 84,
++    0x135d: 84,
++    0x135e: 84,
++    0x135f: 84,
++    0x1712: 84,
++    0x1713: 84,
++    0x1714: 84,
++    0x1732: 84,
++    0x1733: 84,
++    0x1752: 84,
++    0x1753: 84,
++    0x1772: 84,
++    0x1773: 84,
++    0x17b4: 84,
++    0x17b5: 84,
++    0x17b7: 84,
++    0x17b8: 84,
++    0x17b9: 84,
++    0x17ba: 84,
++    0x17bb: 84,
++    0x17bc: 84,
++    0x17bd: 84,
++    0x17c6: 84,
++    0x17c9: 84,
++    0x17ca: 84,
++    0x17cb: 84,
++    0x17cc: 84,
++    0x17cd: 84,
++    0x17ce: 84,
++    0x17cf: 84,
++    0x17d0: 84,
++    0x17d1: 84,
++    0x17d2: 84,
++    0x17d3: 84,
++    0x17dd: 84,
+     0x1807: 68,
+     0x180a: 67,
+-    0x180e: 85,
++    0x180b: 84,
++    0x180c: 84,
++    0x180d: 84,
++    0x180f: 84,
+     0x1820: 68,
+     0x1821: 68,
+     0x1822: 68,
+@@ -581,11 +1215,6 @@
+     0x1876: 68,
+     0x1877: 68,
+     0x1878: 68,
+-    0x1880: 85,
+-    0x1881: 85,
+-    0x1882: 85,
+-    0x1883: 85,
+-    0x1884: 85,
+     0x1885: 84,
+     0x1886: 84,
+     0x1887: 68,
+@@ -622,14 +1251,339 @@
+     0x18a6: 68,
+     0x18a7: 68,
+     0x18a8: 68,
++    0x18a9: 84,
+     0x18aa: 68,
+-    0x200c: 85,
++    0x1920: 84,
++    0x1921: 84,
++    0x1922: 84,
++    0x1927: 84,
++    0x1928: 84,
++    0x1932: 84,
++    0x1939: 84,
++    0x193a: 84,
++    0x193b: 84,
++    0x1a17: 84,
++    0x1a18: 84,
++    0x1a1b: 84,
++    0x1a56: 84,
++    0x1a58: 84,
++    0x1a59: 84,
++    0x1a5a: 84,
++    0x1a5b: 84,
++    0x1a5c: 84,
++    0x1a5d: 84,
++    0x1a5e: 84,
++    0x1a60: 84,
++    0x1a62: 84,
++    0x1a65: 84,
++    0x1a66: 84,
++    0x1a67: 84,
++    0x1a68: 84,
++    0x1a69: 84,
++    0x1a6a: 84,
++    0x1a6b: 84,
++    0x1a6c: 84,
++    0x1a73: 84,
++    0x1a74: 84,
++    0x1a75: 84,
++    0x1a76: 84,
++    0x1a77: 84,
++    0x1a78: 84,
++    0x1a79: 84,
++    0x1a7a: 84,
++    0x1a7b: 84,
++    0x1a7c: 84,
++    0x1a7f: 84,
++    0x1ab0: 84,
++    0x1ab1: 84,
++    0x1ab2: 84,
++    0x1ab3: 84,
++    0x1ab4: 84,
++    0x1ab5: 84,
++    0x1ab6: 84,
++    0x1ab7: 84,
++    0x1ab8: 84,
++    0x1ab9: 84,
++    0x1aba: 84,
++    0x1abb: 84,
++    0x1abc: 84,
++    0x1abd: 84,
++    0x1abe: 84,
++    0x1abf: 84,
++    0x1ac0: 84,
++    0x1ac1: 84,
++    0x1ac2: 84,
++    0x1ac3: 84,
++    0x1ac4: 84,
++    0x1ac5: 84,
++    0x1ac6: 84,
++    0x1ac7: 84,
++    0x1ac8: 84,
++    0x1ac9: 84,
++    0x1aca: 84,
++    0x1acb: 84,
++    0x1acc: 84,
++    0x1acd: 84,
++    0x1ace: 84,
++    0x1b00: 84,
++    0x1b01: 84,
++    0x1b02: 84,
++    0x1b03: 84,
++    0x1b34: 84,
++    0x1b36: 84,
++    0x1b37: 84,
++    0x1b38: 84,
++    0x1b39: 84,
++    0x1b3a: 84,
++    0x1b3c: 84,
++    0x1b42: 84,
++    0x1b6b: 84,
++    0x1b6c: 84,
++    0x1b6d: 84,
++    0x1b6e: 84,
++    0x1b6f: 84,
++    0x1b70: 84,
++    0x1b71: 84,
++    0x1b72: 84,
++    0x1b73: 84,
++    0x1b80: 84,
++    0x1b81: 84,
++    0x1ba2: 84,
++    0x1ba3: 84,
++    0x1ba4: 84,
++    0x1ba5: 84,
++    0x1ba8: 84,
++    0x1ba9: 84,
++    0x1bab: 84,
++    0x1bac: 84,
++    0x1bad: 84,
++    0x1be6: 84,
++    0x1be8: 84,
++    0x1be9: 84,
++    0x1bed: 84,
++    0x1bef: 84,
++    0x1bf0: 84,
++    0x1bf1: 84,
++    0x1c2c: 84,
++    0x1c2d: 84,
++    0x1c2e: 84,
++    0x1c2f: 84,
++    0x1c30: 84,
++    0x1c31: 84,
++    0x1c32: 84,
++    0x1c33: 84,
++    0x1c36: 84,
++    0x1c37: 84,
++    0x1cd0: 84,
++    0x1cd1: 84,
++    0x1cd2: 84,
++    0x1cd4: 84,
++    0x1cd5: 84,
++    0x1cd6: 84,
++    0x1cd7: 84,
++    0x1cd8: 84,
++    0x1cd9: 84,
++    0x1cda: 84,
++    0x1cdb: 84,
++    0x1cdc: 84,
++    0x1cdd: 84,
++    0x1cde: 84,
++    0x1cdf: 84,
++    0x1ce0: 84,
++    0x1ce2: 84,
++    0x1ce3: 84,
++    0x1ce4: 84,
++    0x1ce5: 84,
++    0x1ce6: 84,
++    0x1ce7: 84,
++    0x1ce8: 84,
++    0x1ced: 84,
++    0x1cf4: 84,
++    0x1cf8: 84,
++    0x1cf9: 84,
++    0x1dc0: 84,
++    0x1dc1: 84,
++    0x1dc2: 84,
++    0x1dc3: 84,
++    0x1dc4: 84,
++    0x1dc5: 84,
++    0x1dc6: 84,
++    0x1dc7: 84,
++    0x1dc8: 84,
++    0x1dc9: 84,
++    0x1dca: 84,
++    0x1dcb: 84,
++    0x1dcc: 84,
++    0x1dcd: 84,
++    0x1dce: 84,
++    0x1dcf: 84,
++    0x1dd0: 84,
++    0x1dd1: 84,
++    0x1dd2: 84,
++    0x1dd3: 84,
++    0x1dd4: 84,
++    0x1dd5: 84,
++    0x1dd6: 84,
++    0x1dd7: 84,
++    0x1dd8: 84,
++    0x1dd9: 84,
++    0x1dda: 84,
++    0x1ddb: 84,
++    0x1ddc: 84,
++    0x1ddd: 84,
++    0x1dde: 84,
++    0x1ddf: 84,
++    0x1de0: 84,
++    0x1de1: 84,
++    0x1de2: 84,
++    0x1de3: 84,
++    0x1de4: 84,
++    0x1de5: 84,
++    0x1de6: 84,
++    0x1de7: 84,
++    0x1de8: 84,
++    0x1de9: 84,
++    0x1dea: 84,
++    0x1deb: 84,
++    0x1dec: 84,
++    0x1ded: 84,
++    0x1dee: 84,
++    0x1def: 84,
++    0x1df0: 84,
++    0x1df1: 84,
++    0x1df2: 84,
++    0x1df3: 84,
++    0x1df4: 84,
++    0x1df5: 84,
++    0x1df6: 84,
++    0x1df7: 84,
++    0x1df8: 84,
++    0x1df9: 84,
++    0x1dfa: 84,
++    0x1dfb: 84,
++    0x1dfc: 84,
++    0x1dfd: 84,
++    0x1dfe: 84,
++    0x1dff: 84,
++    0x200b: 84,
+     0x200d: 67,
+-    0x202f: 85,
+-    0x2066: 85,
+-    0x2067: 85,
+-    0x2068: 85,
+-    0x2069: 85,
++    0x200e: 84,
++    0x200f: 84,
++    0x202a: 84,
++    0x202b: 84,
++    0x202c: 84,
++    0x202d: 84,
++    0x202e: 84,
++    0x2060: 84,
++    0x2061: 84,
++    0x2062: 84,
++    0x2063: 84,
++    0x2064: 84,
++    0x206a: 84,
++    0x206b: 84,
++    0x206c: 84,
++    0x206d: 84,
++    0x206e: 84,
++    0x206f: 84,
++    0x20d0: 84,
++    0x20d1: 84,
++    0x20d2: 84,
++    0x20d3: 84,
++    0x20d4: 84,
++    0x20d5: 84,
++    0x20d6: 84,
++    0x20d7: 84,
++    0x20d8: 84,
++    0x20d9: 84,
++    0x20da: 84,
++    0x20db: 84,
++    0x20dc: 84,
++    0x20dd: 84,
++    0x20de: 84,
++    0x20df: 84,
++    0x20e0: 84,
++    0x20e1: 84,
++    0x20e2: 84,
++    0x20e3: 84,
++    0x20e4: 84,
++    0x20e5: 84,
++    0x20e6: 84,
++    0x20e7: 84,
++    0x20e8: 84,
++    0x20e9: 84,
++    0x20ea: 84,
++    0x20eb: 84,
++    0x20ec: 84,
++    0x20ed: 84,
++    0x20ee: 84,
++    0x20ef: 84,
++    0x20f0: 84,
++    0x2cef: 84,
++    0x2cf0: 84,
++    0x2cf1: 84,
++    0x2d7f: 84,
++    0x2de0: 84,
++    0x2de1: 84,
++    0x2de2: 84,
++    0x2de3: 84,
++    0x2de4: 84,
++    0x2de5: 84,
++    0x2de6: 84,
++    0x2de7: 84,
++    0x2de8: 84,
++    0x2de9: 84,
++    0x2dea: 84,
++    0x2deb: 84,
++    0x2dec: 84,
++    0x2ded: 84,
++    0x2dee: 84,
++    0x2def: 84,
++    0x2df0: 84,
++    0x2df1: 84,
++    0x2df2: 84,
++    0x2df3: 84,
++    0x2df4: 84,
++    0x2df5: 84,
++    0x2df6: 84,
++    0x2df7: 84,
++    0x2df8: 84,
++    0x2df9: 84,
++    0x2dfa: 84,
++    0x2dfb: 84,
++    0x2dfc: 84,
++    0x2dfd: 84,
++    0x2dfe: 84,
++    0x2dff: 84,
++    0x302a: 84,
++    0x302b: 84,
++    0x302c: 84,
++    0x302d: 84,
++    0x3099: 84,
++    0x309a: 84,
++    0xa66f: 84,
++    0xa670: 84,
++    0xa671: 84,
++    0xa672: 84,
++    0xa674: 84,
++    0xa675: 84,
++    0xa676: 84,
++    0xa677: 84,
++    0xa678: 84,
++    0xa679: 84,
++    0xa67a: 84,
++    0xa67b: 84,
++    0xa67c: 84,
++    0xa67d: 84,
++    0xa69e: 84,
++    0xa69f: 84,
++    0xa6f0: 84,
++    0xa6f1: 84,
++    0xa802: 84,
++    0xa806: 84,
++    0xa80b: 84,
++    0xa825: 84,
++    0xa826: 84,
++    0xa82c: 84,
+     0xa840: 68,
+     0xa841: 68,
+     0xa842: 68,
+@@ -681,20 +1635,151 @@
+     0xa870: 68,
+     0xa871: 68,
+     0xa872: 76,
+-    0xa873: 85,
++    0xa8c4: 84,
++    0xa8c5: 84,
++    0xa8e0: 84,
++    0xa8e1: 84,
++    0xa8e2: 84,
++    0xa8e3: 84,
++    0xa8e4: 84,
++    0xa8e5: 84,
++    0xa8e6: 84,
++    0xa8e7: 84,
++    0xa8e8: 84,
++    0xa8e9: 84,
++    0xa8ea: 84,
++    0xa8eb: 84,
++    0xa8ec: 84,
++    0xa8ed: 84,
++    0xa8ee: 84,
++    0xa8ef: 84,
++    0xa8f0: 84,
++    0xa8f1: 84,
++    0xa8ff: 84,
++    0xa926: 84,
++    0xa927: 84,
++    0xa928: 84,
++    0xa929: 84,
++    0xa92a: 84,
++    0xa92b: 84,
++    0xa92c: 84,
++    0xa92d: 84,
++    0xa947: 84,
++    0xa948: 84,
++    0xa949: 84,
++    0xa94a: 84,
++    0xa94b: 84,
++    0xa94c: 84,
++    0xa94d: 84,
++    0xa94e: 84,
++    0xa94f: 84,
++    0xa950: 84,
++    0xa951: 84,
++    0xa980: 84,
++    0xa981: 84,
++    0xa982: 84,
++    0xa9b3: 84,
++    0xa9b6: 84,
++    0xa9b7: 84,
++    0xa9b8: 84,
++    0xa9b9: 84,
++    0xa9bc: 84,
++    0xa9bd: 84,
++    0xa9e5: 84,
++    0xaa29: 84,
++    0xaa2a: 84,
++    0xaa2b: 84,
++    0xaa2c: 84,
++    0xaa2d: 84,
++    0xaa2e: 84,
++    0xaa31: 84,
++    0xaa32: 84,
++    0xaa35: 84,
++    0xaa36: 84,
++    0xaa43: 84,
++    0xaa4c: 84,
++    0xaa7c: 84,
++    0xaab0: 84,
++    0xaab2: 84,
++    0xaab3: 84,
++    0xaab4: 84,
++    0xaab7: 84,
++    0xaab8: 84,
++    0xaabe: 84,
++    0xaabf: 84,
++    0xaac1: 84,
++    0xaaec: 84,
++    0xaaed: 84,
++    0xaaf6: 84,
++    0xabe5: 84,
++    0xabe8: 84,
++    0xabed: 84,
++    0xfb1e: 84,
++    0xfe00: 84,
++    0xfe01: 84,
++    0xfe02: 84,
++    0xfe03: 84,
++    0xfe04: 84,
++    0xfe05: 84,
++    0xfe06: 84,
++    0xfe07: 84,
++    0xfe08: 84,
++    0xfe09: 84,
++    0xfe0a: 84,
++    0xfe0b: 84,
++    0xfe0c: 84,
++    0xfe0d: 84,
++    0xfe0e: 84,
++    0xfe0f: 84,
++    0xfe20: 84,
++    0xfe21: 84,
++    0xfe22: 84,
++    0xfe23: 84,
++    0xfe24: 84,
++    0xfe25: 84,
++    0xfe26: 84,
++    0xfe27: 84,
++    0xfe28: 84,
++    0xfe29: 84,
++    0xfe2a: 84,
++    0xfe2b: 84,
++    0xfe2c: 84,
++    0xfe2d: 84,
++    0xfe2e: 84,
++    0xfe2f: 84,
++    0xfeff: 84,
++    0xfff9: 84,
++    0xfffa: 84,
++    0xfffb: 84,
++    0x101fd: 84,
++    0x102e0: 84,
++    0x10376: 84,
++    0x10377: 84,
++    0x10378: 84,
++    0x10379: 84,
++    0x1037a: 84,
++    0x10a01: 84,
++    0x10a02: 84,
++    0x10a03: 84,
++    0x10a05: 84,
++    0x10a06: 84,
++    0x10a0c: 84,
++    0x10a0d: 84,
++    0x10a0e: 84,
++    0x10a0f: 84,
++    0x10a38: 84,
++    0x10a39: 84,
++    0x10a3a: 84,
++    0x10a3f: 84,
+     0x10ac0: 68,
+     0x10ac1: 68,
+     0x10ac2: 68,
+     0x10ac3: 68,
+     0x10ac4: 68,
+     0x10ac5: 82,
+-    0x10ac6: 85,
+     0x10ac7: 82,
+-    0x10ac8: 85,
+     0x10ac9: 82,
+     0x10aca: 82,
+-    0x10acb: 85,
+-    0x10acc: 85,
+     0x10acd: 76,
+     0x10ace: 82,
+     0x10acf: 82,
+@@ -716,9 +1801,9 @@
+     0x10adf: 68,
+     0x10ae0: 68,
+     0x10ae1: 82,
+-    0x10ae2: 85,
+-    0x10ae3: 85,
+     0x10ae4: 82,
++    0x10ae5: 84,
++    0x10ae6: 84,
+     0x10aeb: 68,
+     0x10aec: 68,
+     0x10aed: 68,
+@@ -748,7 +1833,6 @@
+     0x10bac: 82,
+     0x10bad: 68,
+     0x10bae: 68,
+-    0x10baf: 85,
+     0x10d00: 76,
+     0x10d01: 68,
+     0x10d02: 68,
+@@ -785,6 +1869,15 @@
+     0x10d21: 68,
+     0x10d22: 82,
+     0x10d23: 68,
++    0x10d24: 84,
++    0x10d25: 84,
++    0x10d26: 84,
++    0x10d27: 84,
++    0x10eab: 84,
++    0x10eac: 84,
++    0x10efd: 84,
++    0x10efe: 84,
++    0x10eff: 84,
+     0x10f30: 68,
+     0x10f31: 68,
+     0x10f32: 68,
+@@ -806,7 +1899,17 @@
+     0x10f42: 68,
+     0x10f43: 68,
+     0x10f44: 68,
+-    0x10f45: 85,
++    0x10f46: 84,
++    0x10f47: 84,
++    0x10f48: 84,
++    0x10f49: 84,
++    0x10f4a: 84,
++    0x10f4b: 84,
++    0x10f4c: 84,
++    0x10f4d: 84,
++    0x10f4e: 84,
++    0x10f4f: 84,
++    0x10f50: 84,
+     0x10f51: 68,
+     0x10f52: 68,
+     0x10f53: 68,
+@@ -829,14 +1932,16 @@
+     0x10f7f: 68,
+     0x10f80: 68,
+     0x10f81: 68,
++    0x10f82: 84,
++    0x10f83: 84,
++    0x10f84: 84,
++    0x10f85: 84,
+     0x10fb0: 68,
+-    0x10fb1: 85,
+     0x10fb2: 68,
+     0x10fb3: 68,
+     0x10fb4: 82,
+     0x10fb5: 82,
+     0x10fb6: 82,
+-    0x10fb7: 85,
+     0x10fb8: 68,
+     0x10fb9: 82,
+     0x10fba: 82,
+@@ -845,20 +1950,668 @@
+     0x10fbd: 82,
+     0x10fbe: 68,
+     0x10fbf: 68,
+-    0x10fc0: 85,
+     0x10fc1: 68,
+     0x10fc2: 82,
+     0x10fc3: 82,
+     0x10fc4: 68,
+-    0x10fc5: 85,
+-    0x10fc6: 85,
+-    0x10fc7: 85,
+-    0x10fc8: 85,
+     0x10fc9: 82,
+     0x10fca: 68,
+     0x10fcb: 76,
+-    0x110bd: 85,
+-    0x110cd: 85,
++    0x11001: 84,
++    0x11038: 84,
++    0x11039: 84,
++    0x1103a: 84,
++    0x1103b: 84,
++    0x1103c: 84,
++    0x1103d: 84,
++    0x1103e: 84,
++    0x1103f: 84,
++    0x11040: 84,
++    0x11041: 84,
++    0x11042: 84,
++    0x11043: 84,
++    0x11044: 84,
++    0x11045: 84,
++    0x11046: 84,
++    0x11070: 84,
++    0x11073: 84,
++    0x11074: 84,
++    0x1107f: 84,
++    0x11080: 84,
++    0x11081: 84,
++    0x110b3: 84,
++    0x110b4: 84,
++    0x110b5: 84,
++    0x110b6: 84,
++    0x110b9: 84,
++    0x110ba: 84,
++    0x110c2: 84,
++    0x11100: 84,
++    0x11101: 84,
++    0x11102: 84,
++    0x11127: 84,
++    0x11128: 84,
++    0x11129: 84,
++    0x1112a: 84,
++    0x1112b: 84,
++    0x1112d: 84,
++    0x1112e: 84,
++    0x1112f: 84,
++    0x11130: 84,
++    0x11131: 84,
++    0x11132: 84,
++    0x11133: 84,
++    0x11134: 84,
++    0x11173: 84,
++    0x11180: 84,
++    0x11181: 84,
++    0x111b6: 84,
++    0x111b7: 84,
++    0x111b8: 84,
++    0x111b9: 84,
++    0x111ba: 84,
++    0x111bb: 84,
++    0x111bc: 84,
++    0x111bd: 84,
++    0x111be: 84,
++    0x111c9: 84,
++    0x111ca: 84,
++    0x111cb: 84,
++    0x111cc: 84,
++    0x111cf: 84,
++    0x1122f: 84,
++    0x11230: 84,
++    0x11231: 84,
++    0x11234: 84,
++    0x11236: 84,
++    0x11237: 84,
++    0x1123e: 84,
++    0x11241: 84,
++    0x112df: 84,
++    0x112e3: 84,
++    0x112e4: 84,
++    0x112e5: 84,
++    0x112e6: 84,
++    0x112e7: 84,
++    0x112e8: 84,
++    0x112e9: 84,
++    0x112ea: 84,
++    0x11300: 84,
++    0x11301: 84,
++    0x1133b: 84,
++    0x1133c: 84,
++    0x11340: 84,
++    0x11366: 84,
++    0x11367: 84,
++    0x11368: 84,
++    0x11369: 84,
++    0x1136a: 84,
++    0x1136b: 84,
++    0x1136c: 84,
++    0x11370: 84,
++    0x11371: 84,
++    0x11372: 84,
++    0x11373: 84,
++    0x11374: 84,
++    0x11438: 84,
++    0x11439: 84,
++    0x1143a: 84,
++    0x1143b: 84,
++    0x1143c: 84,
++    0x1143d: 84,
++    0x1143e: 84,
++    0x1143f: 84,
++    0x11442: 84,
++    0x11443: 84,
++    0x11444: 84,
++    0x11446: 84,
++    0x1145e: 84,
++    0x114b3: 84,
++    0x114b4: 84,
++    0x114b5: 84,
++    0x114b6: 84,
++    0x114b7: 84,
++    0x114b8: 84,
++    0x114ba: 84,
++    0x114bf: 84,
++    0x114c0: 84,
++    0x114c2: 84,
++    0x114c3: 84,
++    0x115b2: 84,
++    0x115b3: 84,
++    0x115b4: 84,
++    0x115b5: 84,
++    0x115bc: 84,
++    0x115bd: 84,
++    0x115bf: 84,
++    0x115c0: 84,
++    0x115dc: 84,
++    0x115dd: 84,
++    0x11633: 84,
++    0x11634: 84,
++    0x11635: 84,
++    0x11636: 84,
++    0x11637: 84,
++    0x11638: 84,
++    0x11639: 84,
++    0x1163a: 84,
++    0x1163d: 84,
++    0x1163f: 84,
++    0x11640: 84,
++    0x116ab: 84,
++    0x116ad: 84,
++    0x116b0: 84,
++    0x116b1: 84,
++    0x116b2: 84,
++    0x116b3: 84,
++    0x116b4: 84,
++    0x116b5: 84,
++    0x116b7: 84,
++    0x1171d: 84,
++    0x1171e: 84,
++    0x1171f: 84,
++    0x11722: 84,
++    0x11723: 84,
++    0x11724: 84,
++    0x11725: 84,
++    0x11727: 84,
++    0x11728: 84,
++    0x11729: 84,
++    0x1172a: 84,
++    0x1172b: 84,
++    0x1182f: 84,
++    0x11830: 84,
++    0x11831: 84,
++    0x11832: 84,
++    0x11833: 84,
++    0x11834: 84,
++    0x11835: 84,
++    0x11836: 84,
++    0x11837: 84,
++    0x11839: 84,
++    0x1183a: 84,
++    0x1193b: 84,
++    0x1193c: 84,
++    0x1193e: 84,
++    0x11943: 84,
++    0x119d4: 84,
++    0x119d5: 84,
++    0x119d6: 84,
++    0x119d7: 84,
++    0x119da: 84,
++    0x119db: 84,
++    0x119e0: 84,
++    0x11a01: 84,
++    0x11a02: 84,
++    0x11a03: 84,
++    0x11a04: 84,
++    0x11a05: 84,
++    0x11a06: 84,
++    0x11a07: 84,
++    0x11a08: 84,
++    0x11a09: 84,
++    0x11a0a: 84,
++    0x11a33: 84,
++    0x11a34: 84,
++    0x11a35: 84,
++    0x11a36: 84,
++    0x11a37: 84,
++    0x11a38: 84,
++    0x11a3b: 84,
++    0x11a3c: 84,
++    0x11a3d: 84,
++    0x11a3e: 84,
++    0x11a47: 84,
++    0x11a51: 84,
++    0x11a52: 84,
++    0x11a53: 84,
++    0x11a54: 84,
++    0x11a55: 84,
++    0x11a56: 84,
++    0x11a59: 84,
++    0x11a5a: 84,
++    0x11a5b: 84,
++    0x11a8a: 84,
++    0x11a8b: 84,
++    0x11a8c: 84,
++    0x11a8d: 84,
++    0x11a8e: 84,
++    0x11a8f: 84,
++    0x11a90: 84,
++    0x11a91: 84,
++    0x11a92: 84,
++    0x11a93: 84,
++    0x11a94: 84,
++    0x11a95: 84,
++    0x11a96: 84,
++    0x11a98: 84,
++    0x11a99: 84,
++    0x11c30: 84,
++    0x11c31: 84,
++    0x11c32: 84,
++    0x11c33: 84,
++    0x11c34: 84,
++    0x11c35: 84,
++    0x11c36: 84,
++    0x11c38: 84,
++    0x11c39: 84,
++    0x11c3a: 84,
++    0x11c3b: 84,
++    0x11c3c: 84,
++    0x11c3d: 84,
++    0x11c3f: 84,
++    0x11c92: 84,
++    0x11c93: 84,
++    0x11c94: 84,
++    0x11c95: 84,
++    0x11c96: 84,
++    0x11c97: 84,
++    0x11c98: 84,
++    0x11c99: 84,
++    0x11c9a: 84,
++    0x11c9b: 84,
++    0x11c9c: 84,
++    0x11c9d: 84,
++    0x11c9e: 84,
++    0x11c9f: 84,
++    0x11ca0: 84,
++    0x11ca1: 84,
++    0x11ca2: 84,
++    0x11ca3: 84,
++    0x11ca4: 84,
++    0x11ca5: 84,
++    0x11ca6: 84,
++    0x11ca7: 84,
++    0x11caa: 84,
++    0x11cab: 84,
++    0x11cac: 84,
++    0x11cad: 84,
++    0x11cae: 84,
++    0x11caf: 84,
++    0x11cb0: 84,
++    0x11cb2: 84,
++    0x11cb3: 84,
++    0x11cb5: 84,
++    0x11cb6: 84,
++    0x11d31: 84,
++    0x11d32: 84,
++    0x11d33: 84,
++    0x11d34: 84,
++    0x11d35: 84,
++    0x11d36: 84,
++    0x11d3a: 84,
++    0x11d3c: 84,
++    0x11d3d: 84,
++    0x11d3f: 84,
++    0x11d40: 84,
++    0x11d41: 84,
++    0x11d42: 84,
++    0x11d43: 84,
++    0x11d44: 84,
++    0x11d45: 84,
++    0x11d47: 84,
++    0x11d90: 84,
++    0x11d91: 84,
++    0x11d95: 84,
++    0x11d97: 84,
++    0x11ef3: 84,
++    0x11ef4: 84,
++    0x11f00: 84,
++    0x11f01: 84,
++    0x11f36: 84,
++    0x11f37: 84,
++    0x11f38: 84,
++    0x11f39: 84,
++    0x11f3a: 84,
++    0x11f40: 84,
++    0x11f42: 84,
++    0x13430: 84,
++    0x13431: 84,
++    0x13432: 84,
++    0x13433: 84,
++    0x13434: 84,
++    0x13435: 84,
++    0x13436: 84,
++    0x13437: 84,
++    0x13438: 84,
++    0x13439: 84,
++    0x1343a: 84,
++    0x1343b: 84,
++    0x1343c: 84,
++    0x1343d: 84,
++    0x1343e: 84,
++    0x1343f: 84,
++    0x13440: 84,
++    0x13447: 84,
++    0x13448: 84,
++    0x13449: 84,
++    0x1344a: 84,
++    0x1344b: 84,
++    0x1344c: 84,
++    0x1344d: 84,
++    0x1344e: 84,
++    0x1344f: 84,
++    0x13450: 84,
++    0x13451: 84,
++    0x13452: 84,
++    0x13453: 84,
++    0x13454: 84,
++    0x13455: 84,
++    0x16af0: 84,
++    0x16af1: 84,
++    0x16af2: 84,
++    0x16af3: 84,
++    0x16af4: 84,
++    0x16b30: 84,
++    0x16b31: 84,
++    0x16b32: 84,
++    0x16b33: 84,
++    0x16b34: 84,
++    0x16b35: 84,
++    0x16b36: 84,
++    0x16f4f: 84,
++    0x16f8f: 84,
++    0x16f90: 84,
++    0x16f91: 84,
++    0x16f92: 84,
++    0x16fe4: 84,
++    0x1bc9d: 84,
++    0x1bc9e: 84,
++    0x1bca0: 84,
++    0x1bca1: 84,
++    0x1bca2: 84,
++    0x1bca3: 84,
++    0x1cf00: 84,
++    0x1cf01: 84,
++    0x1cf02: 84,
++    0x1cf03: 84,
++    0x1cf04: 84,
++    0x1cf05: 84,
++    0x1cf06: 84,
++    0x1cf07: 84,
++    0x1cf08: 84,
++    0x1cf09: 84,
++    0x1cf0a: 84,
++    0x1cf0b: 84,
++    0x1cf0c: 84,
++    0x1cf0d: 84,
++    0x1cf0e: 84,
++    0x1cf0f: 84,
++    0x1cf10: 84,
++    0x1cf11: 84,
++    0x1cf12: 84,
++    0x1cf13: 84,
++    0x1cf14: 84,
++    0x1cf15: 84,
++    0x1cf16: 84,
++    0x1cf17: 84,
++    0x1cf18: 84,
++    0x1cf19: 84,
++    0x1cf1a: 84,
++    0x1cf1b: 84,
++    0x1cf1c: 84,
++    0x1cf1d: 84,
++    0x1cf1e: 84,
++    0x1cf1f: 84,
++    0x1cf20: 84,
++    0x1cf21: 84,
++    0x1cf22: 84,
++    0x1cf23: 84,
++    0x1cf24: 84,
++    0x1cf25: 84,
++    0x1cf26: 84,
++    0x1cf27: 84,
++    0x1cf28: 84,
++    0x1cf29: 84,
++    0x1cf2a: 84,
++    0x1cf2b: 84,
++    0x1cf2c: 84,
++    0x1cf2d: 84,
++    0x1cf30: 84,
++    0x1cf31: 84,
++    0x1cf32: 84,
++    0x1cf33: 84,
++    0x1cf34: 84,
++    0x1cf35: 84,
++    0x1cf36: 84,
++    0x1cf37: 84,
++    0x1cf38: 84,
++    0x1cf39: 84,
++    0x1cf3a: 84,
++    0x1cf3b: 84,
++    0x1cf3c: 84,
++    0x1cf3d: 84,
++    0x1cf3e: 84,
++    0x1cf3f: 84,
++    0x1cf40: 84,
++    0x1cf41: 84,
++    0x1cf42: 84,
++    0x1cf43: 84,
++    0x1cf44: 84,
++    0x1cf45: 84,
++    0x1cf46: 84,
++    0x1d167: 84,
++    0x1d168: 84,
++    0x1d169: 84,
++    0x1d173: 84,
++    0x1d174: 84,
++    0x1d175: 84,
++    0x1d176: 84,
++    0x1d177: 84,
++    0x1d178: 84,
++    0x1d179: 84,
++    0x1d17a: 84,
++    0x1d17b: 84,
++    0x1d17c: 84,
++    0x1d17d: 84,
++    0x1d17e: 84,
++    0x1d17f: 84,
++    0x1d180: 84,
++    0x1d181: 84,
++    0x1d182: 84,
++    0x1d185: 84,
++    0x1d186: 84,
++    0x1d187: 84,
++    0x1d188: 84,
++    0x1d189: 84,
++    0x1d18a: 84,
++    0x1d18b: 84,
++    0x1d1aa: 84,
++    0x1d1ab: 84,
++    0x1d1ac: 84,
++    0x1d1ad: 84,
++    0x1d242: 84,
++    0x1d243: 84,
++    0x1d244: 84,
++    0x1da00: 84,
++    0x1da01: 84,
++    0x1da02: 84,
++    0x1da03: 84,
++    0x1da04: 84,
++    0x1da05: 84,
++    0x1da06: 84,
++    0x1da07: 84,
++    0x1da08: 84,
++    0x1da09: 84,
++    0x1da0a: 84,
++    0x1da0b: 84,
++    0x1da0c: 84,
++    0x1da0d: 84,
++    0x1da0e: 84,
++    0x1da0f: 84,
++    0x1da10: 84,
++    0x1da11: 84,
++    0x1da12: 84,
++    0x1da13: 84,
++    0x1da14: 84,
++    0x1da15: 84,
++    0x1da16: 84,
++    0x1da17: 84,
++    0x1da18: 84,
++    0x1da19: 84,
++    0x1da1a: 84,
++    0x1da1b: 84,
++    0x1da1c: 84,
++    0x1da1d: 84,
++    0x1da1e: 84,
++    0x1da1f: 84,
++    0x1da20: 84,
++    0x1da21: 84,
++    0x1da22: 84,
++    0x1da23: 84,
++    0x1da24: 84,
++    0x1da25: 84,
++    0x1da26: 84,
++    0x1da27: 84,
++    0x1da28: 84,
++    0x1da29: 84,
++    0x1da2a: 84,
++    0x1da2b: 84,
++    0x1da2c: 84,
++    0x1da2d: 84,
++    0x1da2e: 84,
++    0x1da2f: 84,
++    0x1da30: 84,
++    0x1da31: 84,
++    0x1da32: 84,
++    0x1da33: 84,
++    0x1da34: 84,
++    0x1da35: 84,
++    0x1da36: 84,
++    0x1da3b: 84,
++    0x1da3c: 84,
++    0x1da3d: 84,
++    0x1da3e: 84,
++    0x1da3f: 84,
++    0x1da40: 84,
++    0x1da41: 84,
++    0x1da42: 84,
++    0x1da43: 84,
++    0x1da44: 84,
++    0x1da45: 84,
++    0x1da46: 84,
++    0x1da47: 84,
++    0x1da48: 84,
++    0x1da49: 84,
++    0x1da4a: 84,
++    0x1da4b: 84,
++    0x1da4c: 84,
++    0x1da4d: 84,
++    0x1da4e: 84,
++    0x1da4f: 84,
++    0x1da50: 84,
++    0x1da51: 84,
++    0x1da52: 84,
++    0x1da53: 84,
++    0x1da54: 84,
++    0x1da55: 84,
++    0x1da56: 84,
++    0x1da57: 84,
++    0x1da58: 84,
++    0x1da59: 84,
++    0x1da5a: 84,
++    0x1da5b: 84,
++    0x1da5c: 84,
++    0x1da5d: 84,
++    0x1da5e: 84,
++    0x1da5f: 84,
++    0x1da60: 84,
++    0x1da61: 84,
++    0x1da62: 84,
++    0x1da63: 84,
++    0x1da64: 84,
++    0x1da65: 84,
++    0x1da66: 84,
++    0x1da67: 84,
++    0x1da68: 84,
++    0x1da69: 84,
++    0x1da6a: 84,
++    0x1da6b: 84,
++    0x1da6c: 84,
++    0x1da75: 84,
++    0x1da84: 84,
++    0x1da9b: 84,
++    0x1da9c: 84,
++    0x1da9d: 84,
++    0x1da9e: 84,
++    0x1da9f: 84,
++    0x1daa1: 84,
++    0x1daa2: 84,
++    0x1daa3: 84,
++    0x1daa4: 84,
++    0x1daa5: 84,
++    0x1daa6: 84,
++    0x1daa7: 84,
++    0x1daa8: 84,
++    0x1daa9: 84,
++    0x1daaa: 84,
++    0x1daab: 84,
++    0x1daac: 84,
++    0x1daad: 84,
++    0x1daae: 84,
++    0x1daaf: 84,
++    0x1e000: 84,
++    0x1e001: 84,
++    0x1e002: 84,
++    0x1e003: 84,
++    0x1e004: 84,
++    0x1e005: 84,
++    0x1e006: 84,
++    0x1e008: 84,
++    0x1e009: 84,
++    0x1e00a: 84,
++    0x1e00b: 84,
++    0x1e00c: 84,
++    0x1e00d: 84,
++    0x1e00e: 84,
++    0x1e00f: 84,
++    0x1e010: 84,
++    0x1e011: 84,
++    0x1e012: 84,
++    0x1e013: 84,
++    0x1e014: 84,
++    0x1e015: 84,
++    0x1e016: 84,
++    0x1e017: 84,
++    0x1e018: 84,
++    0x1e01b: 84,
++    0x1e01c: 84,
++    0x1e01d: 84,
++    0x1e01e: 84,
++    0x1e01f: 84,
++    0x1e020: 84,
++    0x1e021: 84,
++    0x1e023: 84,
++    0x1e024: 84,
++    0x1e026: 84,
++    0x1e027: 84,
++    0x1e028: 84,
++    0x1e029: 84,
++    0x1e02a: 84,
++    0x1e08f: 84,
++    0x1e130: 84,
++    0x1e131: 84,
++    0x1e132: 84,
++    0x1e133: 84,
++    0x1e134: 84,
++    0x1e135: 84,
++    0x1e136: 84,
++    0x1e2ae: 84,
++    0x1e2ec: 84,
++    0x1e2ed: 84,
++    0x1e2ee: 84,
++    0x1e2ef: 84,
++    0x1e4ec: 84,
++    0x1e4ed: 84,
++    0x1e4ee: 84,
++    0x1e4ef: 84,
++    0x1e8d0: 84,
++    0x1e8d1: 84,
++    0x1e8d2: 84,
++    0x1e8d3: 84,
++    0x1e8d4: 84,
++    0x1e8d5: 84,
++    0x1e8d6: 84,
+     0x1e900: 68,
+     0x1e901: 68,
+     0x1e902: 68,
+@@ -927,7 +2680,351 @@
+     0x1e941: 68,
+     0x1e942: 68,
+     0x1e943: 68,
++    0x1e944: 84,
++    0x1e945: 84,
++    0x1e946: 84,
++    0x1e947: 84,
++    0x1e948: 84,
++    0x1e949: 84,
++    0x1e94a: 84,
+     0x1e94b: 84,
++    0xe0001: 84,
++    0xe0020: 84,
++    0xe0021: 84,
++    0xe0022: 84,
++    0xe0023: 84,
++    0xe0024: 84,
++    0xe0025: 84,
++    0xe0026: 84,
++    0xe0027: 84,
++    0xe0028: 84,
++    0xe0029: 84,
++    0xe002a: 84,
++    0xe002b: 84,
++    0xe002c: 84,
++    0xe002d: 84,
++    0xe002e: 84,
++    0xe002f: 84,
++    0xe0030: 84,
++    0xe0031: 84,
++    0xe0032: 84,
++    0xe0033: 84,
++    0xe0034: 84,
++    0xe0035: 84,
++    0xe0036: 84,
++    0xe0037: 84,
++    0xe0038: 84,
++    0xe0039: 84,
++    0xe003a: 84,
++    0xe003b: 84,
++    0xe003c: 84,
++    0xe003d: 84,
++    0xe003e: 84,
++    0xe003f: 84,
++    0xe0040: 84,
++    0xe0041: 84,
++    0xe0042: 84,
++    0xe0043: 84,
++    0xe0044: 84,
++    0xe0045: 84,
++    0xe0046: 84,
++    0xe0047: 84,
++    0xe0048: 84,
++    0xe0049: 84,
++    0xe004a: 84,
++    0xe004b: 84,
++    0xe004c: 84,
++    0xe004d: 84,
++    0xe004e: 84,
++    0xe004f: 84,
++    0xe0050: 84,
++    0xe0051: 84,
++    0xe0052: 84,
++    0xe0053: 84,
++    0xe0054: 84,
++    0xe0055: 84,
++    0xe0056: 84,
++    0xe0057: 84,
++    0xe0058: 84,
++    0xe0059: 84,
++    0xe005a: 84,
++    0xe005b: 84,
++    0xe005c: 84,
++    0xe005d: 84,
++    0xe005e: 84,
++    0xe005f: 84,
++    0xe0060: 84,
++    0xe0061: 84,
++    0xe0062: 84,
++    0xe0063: 84,
++    0xe0064: 84,
++    0xe0065: 84,
++    0xe0066: 84,
++    0xe0067: 84,
++    0xe0068: 84,
++    0xe0069: 84,
++    0xe006a: 84,
++    0xe006b: 84,
++    0xe006c: 84,
++    0xe006d: 84,
++    0xe006e: 84,
++    0xe006f: 84,
++    0xe0070: 84,
++    0xe0071: 84,
++    0xe0072: 84,
++    0xe0073: 84,
++    0xe0074: 84,
++    0xe0075: 84,
++    0xe0076: 84,
++    0xe0077: 84,
++    0xe0078: 84,
++    0xe0079: 84,
++    0xe007a: 84,
++    0xe007b: 84,
++    0xe007c: 84,
++    0xe007d: 84,
++    0xe007e: 84,
++    0xe007f: 84,
++    0xe0100: 84,
++    0xe0101: 84,
++    0xe0102: 84,
++    0xe0103: 84,
++    0xe0104: 84,
++    0xe0105: 84,
++    0xe0106: 84,
++    0xe0107: 84,
++    0xe0108: 84,
++    0xe0109: 84,
++    0xe010a: 84,
++    0xe010b: 84,
++    0xe010c: 84,
++    0xe010d: 84,
++    0xe010e: 84,
++    0xe010f: 84,
++    0xe0110: 84,
++    0xe0111: 84,
++    0xe0112: 84,
++    0xe0113: 84,
++    0xe0114: 84,
++    0xe0115: 84,
++    0xe0116: 84,
++    0xe0117: 84,
++    0xe0118: 84,
++    0xe0119: 84,
++    0xe011a: 84,
++    0xe011b: 84,
++    0xe011c: 84,
++    0xe011d: 84,
++    0xe011e: 84,
++    0xe011f: 84,
++    0xe0120: 84,
++    0xe0121: 84,
++    0xe0122: 84,
++    0xe0123: 84,
++    0xe0124: 84,
++    0xe0125: 84,
++    0xe0126: 84,
++    0xe0127: 84,
++    0xe0128: 84,
++    0xe0129: 84,
++    0xe012a: 84,
++    0xe012b: 84,
++    0xe012c: 84,
++    0xe012d: 84,
++    0xe012e: 84,
++    0xe012f: 84,
++    0xe0130: 84,
++    0xe0131: 84,
++    0xe0132: 84,
++    0xe0133: 84,
++    0xe0134: 84,
++    0xe0135: 84,
++    0xe0136: 84,
++    0xe0137: 84,
++    0xe0138: 84,
++    0xe0139: 84,
++    0xe013a: 84,
++    0xe013b: 84,
++    0xe013c: 84,
++    0xe013d: 84,
++    0xe013e: 84,
++    0xe013f: 84,
++    0xe0140: 84,
++    0xe0141: 84,
++    0xe0142: 84,
++    0xe0143: 84,
++    0xe0144: 84,
++    0xe0145: 84,
++    0xe0146: 84,
++    0xe0147: 84,
++    0xe0148: 84,
++    0xe0149: 84,
++    0xe014a: 84,
++    0xe014b: 84,
++    0xe014c: 84,
++    0xe014d: 84,
++    0xe014e: 84,
++    0xe014f: 84,
++    0xe0150: 84,
++    0xe0151: 84,
++    0xe0152: 84,
++    0xe0153: 84,
++    0xe0154: 84,
++    0xe0155: 84,
++    0xe0156: 84,
++    0xe0157: 84,
++    0xe0158: 84,
++    0xe0159: 84,
++    0xe015a: 84,
++    0xe015b: 84,
++    0xe015c: 84,
++    0xe015d: 84,
++    0xe015e: 84,
++    0xe015f: 84,
++    0xe0160: 84,
++    0xe0161: 84,
++    0xe0162: 84,
++    0xe0163: 84,
++    0xe0164: 84,
++    0xe0165: 84,
++    0xe0166: 84,
++    0xe0167: 84,
++    0xe0168: 84,
++    0xe0169: 84,
++    0xe016a: 84,
++    0xe016b: 84,
++    0xe016c: 84,
++    0xe016d: 84,
++    0xe016e: 84,
++    0xe016f: 84,
++    0xe0170: 84,
++    0xe0171: 84,
++    0xe0172: 84,
++    0xe0173: 84,
++    0xe0174: 84,
++    0xe0175: 84,
++    0xe0176: 84,
++    0xe0177: 84,
++    0xe0178: 84,
++    0xe0179: 84,
++    0xe017a: 84,
++    0xe017b: 84,
++    0xe017c: 84,
++    0xe017d: 84,
++    0xe017e: 84,
++    0xe017f: 84,
++    0xe0180: 84,
++    0xe0181: 84,
++    0xe0182: 84,
++    0xe0183: 84,
++    0xe0184: 84,
++    0xe0185: 84,
++    0xe0186: 84,
++    0xe0187: 84,
++    0xe0188: 84,
++    0xe0189: 84,
++    0xe018a: 84,
++    0xe018b: 84,
++    0xe018c: 84,
++    0xe018d: 84,
++    0xe018e: 84,
++    0xe018f: 84,
++    0xe0190: 84,
++    0xe0191: 84,
++    0xe0192: 84,
++    0xe0193: 84,
++    0xe0194: 84,
++    0xe0195: 84,
++    0xe0196: 84,
++    0xe0197: 84,
++    0xe0198: 84,
++    0xe0199: 84,
++    0xe019a: 84,
++    0xe019b: 84,
++    0xe019c: 84,
++    0xe019d: 84,
++    0xe019e: 84,
++    0xe019f: 84,
++    0xe01a0: 84,
++    0xe01a1: 84,
++    0xe01a2: 84,
++    0xe01a3: 84,
++    0xe01a4: 84,
++    0xe01a5: 84,
++    0xe01a6: 84,
++    0xe01a7: 84,
++    0xe01a8: 84,
++    0xe01a9: 84,
++    0xe01aa: 84,
++    0xe01ab: 84,
++    0xe01ac: 84,
++    0xe01ad: 84,
++    0xe01ae: 84,
++    0xe01af: 84,
++    0xe01b0: 84,
++    0xe01b1: 84,
++    0xe01b2: 84,
++    0xe01b3: 84,
++    0xe01b4: 84,
++    0xe01b5: 84,
++    0xe01b6: 84,
++    0xe01b7: 84,
++    0xe01b8: 84,
++    0xe01b9: 84,
++    0xe01ba: 84,
++    0xe01bb: 84,
++    0xe01bc: 84,
++    0xe01bd: 84,
++    0xe01be: 84,
++    0xe01bf: 84,
++    0xe01c0: 84,
++    0xe01c1: 84,
++    0xe01c2: 84,
++    0xe01c3: 84,
++    0xe01c4: 84,
++    0xe01c5: 84,
++    0xe01c6: 84,
++    0xe01c7: 84,
++    0xe01c8: 84,
++    0xe01c9: 84,
++    0xe01ca: 84,
++    0xe01cb: 84,
++    0xe01cc: 84,
++    0xe01cd: 84,
++    0xe01ce: 84,
++    0xe01cf: 84,
++    0xe01d0: 84,
++    0xe01d1: 84,
++    0xe01d2: 84,
++    0xe01d3: 84,
++    0xe01d4: 84,
++    0xe01d5: 84,
++    0xe01d6: 84,
++    0xe01d7: 84,
++    0xe01d8: 84,
++    0xe01d9: 84,
++    0xe01da: 84,
++    0xe01db: 84,
++    0xe01dc: 84,
++    0xe01dd: 84,
++    0xe01de: 84,
++    0xe01df: 84,
++    0xe01e0: 84,
++    0xe01e1: 84,
++    0xe01e2: 84,
++    0xe01e3: 84,
++    0xe01e4: 84,
++    0xe01e5: 84,
++    0xe01e6: 84,
++    0xe01e7: 84,
++    0xe01e8: 84,
++    0xe01e9: 84,
++    0xe01ea: 84,
++    0xe01eb: 84,
++    0xe01ec: 84,
++    0xe01ed: 84,
++    0xe01ee: 84,
++    0xe01ef: 84,
+ }
+ codepoint_classes = {
+     'PVALID': (
+@@ -1834,7 +3931,6 @@
+         0xa7d50000a7d6,
+         0xa7d70000a7d8,
+         0xa7d90000a7da,
+-        0xa7f20000a7f5,
+         0xa7f60000a7f8,
+         0xa7fa0000a828,
+         0xa82c0000a82d,
+@@ -1907,9 +4003,7 @@
+         0x1060000010737,
+         0x1074000010756,
+         0x1076000010768,
+-        0x1078000010786,
+-        0x10787000107b1,
+-        0x107b2000107bb,
++        0x1078000010781,
+         0x1080000010806,
+         0x1080800010809,
+         0x1080a00010836,
+@@ -2112,7 +4206,6 @@
+         0x1e01b0001e022,
+         0x1e0230001e025,
+         0x1e0260001e02b,
+-        0x1e0300001e06e,
+         0x1e08f0001e090,
+         0x1e1000001e12d,
+         0x1e1300001e13e,
+@@ -2134,6 +4227,7 @@
+         0x2b7400002b81e,
+         0x2b8200002cea2,
+         0x2ceb00002ebe1,
++        0x2ebf00002ee5e,
+         0x300000003134b,
+         0x31350000323b0,
+     ),
+diff --color -ruN a/package_data.py b/package_data.py
+--- a/package_data.py	2021-01-01 08:00:00.000000000 +0000
++++ b/package_data.py	2024-09-26 14:49:49.043936672 +0000
+@@ -1,2 +1,2 @@
+-__version__ = '3.4'
++__version__ = '3.7'
+ 
+diff --color -ruN a/uts46data.py b/uts46data.py
+--- a/uts46data.py	2021-01-01 08:00:00.000000000 +0000
++++ b/uts46data.py	2024-09-26 14:49:49.043936672 +0000
+@@ -7,7 +7,7 @@
+ """IDNA Mapping Table from UTS46."""
+ 
+ 
+-__version__ = '15.0.0'
++__version__ = '15.1.0'
+ def _seg_0() -> List[Union[Tuple[int, str], Tuple[int, str, str]]]:
+     return [
+     (0x0, '3'),
+@@ -1899,7 +1899,7 @@
+     (0x1E9A, 'M', 'aʾ'),
+     (0x1E9B, 'M', 'ṡ'),
+     (0x1E9C, 'V'),
+-    (0x1E9E, 'M', 'ss'),
++    (0x1E9E, 'M', 'ß'),
+     (0x1E9F, 'V'),
+     (0x1EA0, 'M', 'ạ'),
+     (0x1EA1, 'V'),
+@@ -2418,10 +2418,6 @@
+     (0x222F, 'M', '∮∮'),
+     (0x2230, 'M', '∮∮∮'),
+     (0x2231, 'V'),
+-    (0x2260, '3'),
+-    (0x2261, 'V'),
+-    (0x226E, '3'),
+-    (0x2270, 'V'),
+     (0x2329, 'M', '〈'),
+     (0x232A, 'M', '〉'),
+     (0x232B, 'V'),
+@@ -2502,14 +2498,14 @@
+     (0x24BA, 'M', 'e'),
+     (0x24BB, 'M', 'f'),
+     (0x24BC, 'M', 'g'),
+-    ]
+-
+-def _seg_24() -> List[Union[Tuple[int, str], Tuple[int, str, str]]]:
+-    return [
+     (0x24BD, 'M', 'h'),
+     (0x24BE, 'M', 'i'),
+     (0x24BF, 'M', 'j'),
+     (0x24C0, 'M', 'k'),
++    ]
++
++def _seg_24() -> List[Union[Tuple[int, str], Tuple[int, str, str]]]:
++    return [
+     (0x24C1, 'M', 'l'),
+     (0x24C2, 'M', 'm'),
+     (0x24C3, 'M', 'n'),
+@@ -2606,14 +2602,14 @@
+     (0x2C26, 'M', 'ⱖ'),
+     (0x2C27, 'M', 'ⱗ'),
+     (0x2C28, 'M', 'ⱘ'),
+-    ]
+-
+-def _seg_25() -> List[Union[Tuple[int, str], Tuple[int, str, str]]]:
+-    return [
+     (0x2C29, 'M', 'ⱙ'),
+     (0x2C2A, 'M', 'ⱚ'),
+     (0x2C2B, 'M', 'ⱛ'),
+     (0x2C2C, 'M', 'ⱜ'),
++    ]
++
++def _seg_25() -> List[Union[Tuple[int, str], Tuple[int, str, str]]]:
++    return [
+     (0x2C2D, 'M', 'ⱝ'),
+     (0x2C2E, 'M', 'ⱞ'),
+     (0x2C2F, 'M', 'ⱟ'),
+@@ -2710,14 +2706,14 @@
+     (0x2CC0, 'M', 'ⳁ'),
+     (0x2CC1, 'V'),
+     (0x2CC2, 'M', 'ⳃ'),
+-    ]
+-
+-def _seg_26() -> List[Union[Tuple[int, str], Tuple[int, str, str]]]:
+-    return [
+     (0x2CC3, 'V'),
+     (0x2CC4, 'M', 'ⳅ'),
+     (0x2CC5, 'V'),
+     (0x2CC6, 'M', 'ⳇ'),
++    ]
++
++def _seg_26() -> List[Union[Tuple[int, str], Tuple[int, str, str]]]:
++    return [
+     (0x2CC7, 'V'),
+     (0x2CC8, 'M', 'ⳉ'),
+     (0x2CC9, 'V'),
+@@ -2814,14 +2810,14 @@
+     (0x2F13, 'M', '勹'),
+     (0x2F14, 'M', '匕'),
+     (0x2F15, 'M', '匚'),
+-    ]
+-
+-def _seg_27() -> List[Union[Tuple[int, str], Tuple[int, str, str]]]:
+-    return [
+     (0x2F16, 'M', '匸'),
+     (0x2F17, 'M', '十'),
+     (0x2F18, 'M', '卜'),
+     (0x2F19, 'M', '卩'),
++    ]
++
++def _seg_27() -> List[Union[Tuple[int, str], Tuple[int, str, str]]]:
++    return [
+     (0x2F1A, 'M', '厂'),
+     (0x2F1B, 'M', '厶'),
+     (0x2F1C, 'M', '又'),
+@@ -2918,14 +2914,14 @@
+     (0x2F77, 'M', '糸'),
+     (0x2F78, 'M', '缶'),
+     (0x2F79, 'M', '网'),
+-    ]
+-
+-def _seg_28() -> List[Union[Tuple[int, str], Tuple[int, str, str]]]:
+-    return [
+     (0x2F7A, 'M', '羊'),
+     (0x2F7B, 'M', '羽'),
+     (0x2F7C, 'M', '老'),
+     (0x2F7D, 'M', '而'),
++    ]
++
++def _seg_28() -> List[Union[Tuple[int, str], Tuple[int, str, str]]]:
++    return [
+     (0x2F7E, 'M', '耒'),
+     (0x2F7F, 'M', '耳'),
+     (0x2F80, 'M', '聿'),
+@@ -3022,14 +3018,14 @@
+     (0x3036, 'M', '〒'),
+     (0x3037, 'V'),
+     (0x3038, 'M', '十'),
+-    ]
+-
+-def _seg_29() -> List[Union[Tuple[int, str], Tuple[int, str, str]]]:
+-    return [
+     (0x3039, 'M', '卄'),
+     (0x303A, 'M', '卅'),
+     (0x303B, 'V'),
+     (0x3040, 'X'),
++    ]
++
++def _seg_29() -> List[Union[Tuple[int, str], Tuple[int, str, str]]]:
++    return [
+     (0x3041, 'V'),
+     (0x3097, 'X'),
+     (0x3099, 'V'),
+@@ -3126,14 +3122,14 @@
+     (0x3182, 'M', 'ᇱ'),
+     (0x3183, 'M', 'ᇲ'),
+     (0x3184, 'M', 'ᅗ'),
+-    ]
+-
+-def _seg_30() -> List[Union[Tuple[int, str], Tuple[int, str, str]]]:
+-    return [
+     (0x3185, 'M', 'ᅘ'),
+     (0x3186, 'M', 'ᅙ'),
+     (0x3187, 'M', 'ᆄ'),
+     (0x3188, 'M', 'ᆅ'),
++    ]
++
++def _seg_30() -> List[Union[Tuple[int, str], Tuple[int, str, str]]]:
++    return [
+     (0x3189, 'M', 'ᆈ'),
+     (0x318A, 'M', 'ᆑ'),
+     (0x318B, 'M', 'ᆒ'),
+@@ -3230,14 +3226,14 @@
+     (0x3244, 'M', '問'),
+     (0x3245, 'M', '幼'),
+     (0x3246, 'M', '文'),
+-    ]
+-
+-def _seg_31() -> List[Union[Tuple[int, str], Tuple[int, str, str]]]:
+-    return [
+     (0x3247, 'M', '箏'),
+     (0x3248, 'V'),
+     (0x3250, 'M', 'pte'),
+     (0x3251, 'M', '21'),
++    ]
++
++def _seg_31() -> List[Union[Tuple[int, str], Tuple[int, str, str]]]:
++    return [
+     (0x3252, 'M', '22'),
+     (0x3253, 'M', '23'),
+     (0x3254, 'M', '24'),
+@@ -3334,14 +3330,14 @@
+     (0x32AF, 'M', '協'),
+     (0x32B0, 'M', '夜'),
+     (0x32B1, 'M', '36'),
+-    ]
+-
+-def _seg_32() -> List[Union[Tuple[int, str], Tuple[int, str, str]]]:
+-    return [
+     (0x32B2, 'M', '37'),
+     (0x32B3, 'M', '38'),
+     (0x32B4, 'M', '39'),
+     (0x32B5, 'M', '40'),
++    ]
++
++def _seg_32() -> List[Union[Tuple[int, str], Tuple[int, str, str]]]:
++    return [
+     (0x32B6, 'M', '41'),
+     (0x32B7, 'M', '42'),
+     (0x32B8, 'M', '43'),
+@@ -3438,14 +3434,14 @@
+     (0x3313, 'M', 'ギルダー'),
+     (0x3314, 'M', 'キロ'),
+     (0x3315, 'M', 'キログラム'),
+-    ]
+-
+-def _seg_33() -> List[Union[Tuple[int, str], Tuple[int, str, str]]]:
+-    return [
+     (0x3316, 'M', 'キロメートル'),
+     (0x3317, 'M', 'キロワット'),
+     (0x3318, 'M', 'グラム'),
+     (0x3319, 'M', 'グラムトン'),
++    ]
++
++def _seg_33() -> List[Union[Tuple[int, str], Tuple[int, str, str]]]:
++    return [
+     (0x331A, 'M', 'クルゼイロ'),
+     (0x331B, 'M', 'クローネ'),
+     (0x331C, 'M', 'ケース'),
+@@ -3542,14 +3538,14 @@
+     (0x3377, 'M', 'dm'),
+     (0x3378, 'M', 'dm2'),
+     (0x3379, 'M', 'dm3'),
+-    ]
+-
+-def _seg_34() -> List[Union[Tuple[int, str], Tuple[int, str, str]]]:
+-    return [
+     (0x337A, 'M', 'iu'),
+     (0x337B, 'M', '平成'),
+     (0x337C, 'M', '昭和'),
+     (0x337D, 'M', '大正'),
++    ]
++
++def _seg_34() -> List[Union[Tuple[int, str], Tuple[int, str, str]]]:
++    return [
+     (0x337E, 'M', '明治'),
+     (0x337F, 'M', '株式会社'),
+     (0x3380, 'M', 'pa'),
+@@ -3646,14 +3642,14 @@
+     (0x33DB, 'M', 'sr'),
+     (0x33DC, 'M', 'sv'),
+     (0x33DD, 'M', 'wb'),
+-    ]
+-
+-def _seg_35() -> List[Union[Tuple[int, str], Tuple[int, str, str]]]:
+-    return [
+     (0x33DE, 'M', 'v∕m'),
+     (0x33DF, 'M', 'a∕m'),
+     (0x33E0, 'M', '1日'),
+     (0x33E1, 'M', '2日'),
++    ]
++
++def _seg_35() -> List[Union[Tuple[int, str], Tuple[int, str, str]]]:
++    return [
+     (0x33E2, 'M', '3日'),
+     (0x33E3, 'M', '4日'),
+     (0x33E4, 'M', '5日'),
+@@ -3750,14 +3746,14 @@
+     (0xA68B, 'V'),
+     (0xA68C, 'M', 'ꚍ'),
+     (0xA68D, 'V'),
+-    ]
+-
+-def _seg_36() -> List[Union[Tuple[int, str], Tuple[int, str, str]]]:
+-    return [
+     (0xA68E, 'M', 'ꚏ'),
+     (0xA68F, 'V'),
+     (0xA690, 'M', 'ꚑ'),
+     (0xA691, 'V'),
++    ]
++
++def _seg_36() -> List[Union[Tuple[int, str], Tuple[int, str, str]]]:
++    return [
+     (0xA692, 'M', 'ꚓ'),
+     (0xA693, 'V'),
+     (0xA694, 'M', 'ꚕ'),
+@@ -3854,14 +3850,14 @@
+     (0xA779, 'M', 'ꝺ'),
+     (0xA77A, 'V'),
+     (0xA77B, 'M', 'ꝼ'),
+-    ]
+-
+-def _seg_37() -> List[Union[Tuple[int, str], Tuple[int, str, str]]]:
+-    return [
+     (0xA77C, 'V'),
+     (0xA77D, 'M', 'ᵹ'),
+     (0xA77E, 'M', 'ꝿ'),
+     (0xA77F, 'V'),
++    ]
++
++def _seg_37() -> List[Union[Tuple[int, str], Tuple[int, str, str]]]:
++    return [
+     (0xA780, 'M', 'ꞁ'),
+     (0xA781, 'V'),
+     (0xA782, 'M', 'ꞃ'),
+@@ -3958,14 +3954,14 @@
+     (0xA878, 'X'),
+     (0xA880, 'V'),
+     (0xA8C6, 'X'),
+-    ]
+-
+-def _seg_38() -> List[Union[Tuple[int, str], Tuple[int, str, str]]]:
+-    return [
+     (0xA8CE, 'V'),
+     (0xA8DA, 'X'),
+     (0xA8E0, 'V'),
+     (0xA954, 'X'),
++    ]
++
++def _seg_38() -> List[Union[Tuple[int, str], Tuple[int, str, str]]]:
++    return [
+     (0xA95F, 'V'),
+     (0xA97D, 'X'),
+     (0xA980, 'V'),
+@@ -4062,14 +4058,14 @@
+     (0xABA8, 'M', 'Ꮨ'),
+     (0xABA9, 'M', 'Ꮩ'),
+     (0xABAA, 'M', 'Ꮪ'),
+-    ]
+-
+-def _seg_39() -> List[Union[Tuple[int, str], Tuple[int, str, str]]]:
+-    return [
+     (0xABAB, 'M', 'Ꮫ'),
+     (0xABAC, 'M', 'Ꮬ'),
+     (0xABAD, 'M', 'Ꮭ'),
+     (0xABAE, 'M', 'Ꮮ'),
++    ]
++
++def _seg_39() -> List[Union[Tuple[int, str], Tuple[int, str, str]]]:
++    return [
+     (0xABAF, 'M', 'Ꮯ'),
+     (0xABB0, 'M', 'Ꮰ'),
+     (0xABB1, 'M', 'Ꮱ'),
+@@ -4166,14 +4162,14 @@
+     (0xF943, 'M', '弄'),
+     (0xF944, 'M', '籠'),
+     (0xF945, 'M', '聾'),
+-    ]
+-
+-def _seg_40() -> List[Union[Tuple[int, str], Tuple[int, str, str]]]:
+-    return [
+     (0xF946, 'M', '牢'),
+     (0xF947, 'M', '磊'),
+     (0xF948, 'M', '賂'),
+     (0xF949, 'M', '雷'),
++    ]
++
++def _seg_40() -> List[Union[Tuple[int, str], Tuple[int, str, str]]]:
++    return [
+     (0xF94A, 'M', '壘'),
+     (0xF94B, 'M', '屢'),
+     (0xF94C, 'M', '樓'),
+@@ -4270,14 +4266,14 @@
+     (0xF9A7, 'M', '獵'),
+     (0xF9A8, 'M', '令'),
+     (0xF9A9, 'M', '囹'),
+-    ]
+-
+-def _seg_41() -> List[Union[Tuple[int, str], Tuple[int, str, str]]]:
+-    return [
+     (0xF9AA, 'M', '寧'),
+     (0xF9AB, 'M', '嶺'),
+     (0xF9AC, 'M', '怜'),
+     (0xF9AD, 'M', '玲'),
++    ]
++
++def _seg_41() -> List[Union[Tuple[int, str], Tuple[int, str, str]]]:
++    return [
+     (0xF9AE, 'M', '瑩'),
+     (0xF9AF, 'M', '羚'),
+     (0xF9B0, 'M', '聆'),
+@@ -4374,14 +4370,14 @@
+     (0xFA0B, 'M', '廓'),
+     (0xFA0C, 'M', '兀'),
+     (0xFA0D, 'M', '嗀'),
+-    ]
+-
+-def _seg_42() -> List[Union[Tuple[int, str], Tuple[int, str, str]]]:
+-    return [
+     (0xFA0E, 'V'),
+     (0xFA10, 'M', '塚'),
+     (0xFA11, 'V'),
+     (0xFA12, 'M', '晴'),
++    ]
++
++def _seg_42() -> List[Union[Tuple[int, str], Tuple[int, str, str]]]:
++    return [
+     (0xFA13, 'V'),
+     (0xFA15, 'M', '凞'),
+     (0xFA16, 'M', '猪'),
+@@ -4478,14 +4474,14 @@
+     (0xFA76, 'M', '勇'),
+     (0xFA77, 'M', '勺'),
+     (0xFA78, 'M', '喝'),
+-    ]
+-
+-def _seg_43() -> List[Union[Tuple[int, str], Tuple[int, str, str]]]:
+-    return [
+     (0xFA79, 'M', '啕'),
+     (0xFA7A, 'M', '喙'),
+     (0xFA7B, 'M', '嗢'),
+     (0xFA7C, 'M', '塚'),
++    ]
++
++def _seg_43() -> List[Union[Tuple[int, str], Tuple[int, str, str]]]:
++    return [
+     (0xFA7D, 'M', '墳'),
+     (0xFA7E, 'M', '奄'),
+     (0xFA7F, 'M', '奔'),
+@@ -4582,14 +4578,14 @@
+     (0xFADA, 'X'),
+     (0xFB00, 'M', 'ff'),
+     (0xFB01, 'M', 'fi'),
+-    ]
+-
+-def _seg_44() -> List[Union[Tuple[int, str], Tuple[int, str, str]]]:
+-    return [
+     (0xFB02, 'M', 'fl'),
+     (0xFB03, 'M', 'ffi'),
+     (0xFB04, 'M', 'ffl'),
+     (0xFB05, 'M', 'st'),
++    ]
++
++def _seg_44() -> List[Union[Tuple[int, str], Tuple[int, str, str]]]:
++    return [
+     (0xFB07, 'X'),
+     (0xFB13, 'M', 'մն'),
+     (0xFB14, 'M', 'մե'),
+@@ -4686,14 +4682,14 @@
+     (0xFBDB, 'M', 'ۈ'),
+     (0xFBDD, 'M', 'ۇٴ'),
+     (0xFBDE, 'M', 'ۋ'),
+-    ]
+-
+-def _seg_45() -> List[Union[Tuple[int, str], Tuple[int, str, str]]]:
+-    return [
+     (0xFBE0, 'M', 'ۅ'),
+     (0xFBE2, 'M', 'ۉ'),
+     (0xFBE4, 'M', 'ې'),
+     (0xFBE8, 'M', 'ى'),
++    ]
++
++def _seg_45() -> List[Union[Tuple[int, str], Tuple[int, str, str]]]:
++    return [
+     (0xFBEA, 'M', 'ئا'),
+     (0xFBEC, 'M', 'ئە'),
+     (0xFBEE, 'M', 'ئو'),
+@@ -4790,14 +4786,14 @@
+     (0xFC54, 'M', 'هي'),
+     (0xFC55, 'M', 'يج'),
+     (0xFC56, 'M', 'يح'),
+-    ]
+-
+-def _seg_46() -> List[Union[Tuple[int, str], Tuple[int, str, str]]]:
+-    return [
+     (0xFC57, 'M', 'يخ'),
+     (0xFC58, 'M', 'يم'),
+     (0xFC59, 'M', 'يى'),
+     (0xFC5A, 'M', 'يي'),
++    ]
++
++def _seg_46() -> List[Union[Tuple[int, str], Tuple[int, str, str]]]:
++    return [
+     (0xFC5B, 'M', 'ذٰ'),
+     (0xFC5C, 'M', 'رٰ'),
+     (0xFC5D, 'M', 'ىٰ'),
+@@ -4894,14 +4890,14 @@
+     (0xFCB8, 'M', 'طح'),
+     (0xFCB9, 'M', 'ظم'),
+     (0xFCBA, 'M', 'عج'),
+-    ]
+-
+-def _seg_47() -> List[Union[Tuple[int, str], Tuple[int, str, str]]]:
+-    return [
+     (0xFCBB, 'M', 'عم'),
+     (0xFCBC, 'M', 'غج'),
+     (0xFCBD, 'M', 'غم'),
+     (0xFCBE, 'M', 'فج'),
++    ]
++
++def _seg_47() -> List[Union[Tuple[int, str], Tuple[int, str, str]]]:
++    return [
+     (0xFCBF, 'M', 'فح'),
+     (0xFCC0, 'M', 'فخ'),
+     (0xFCC1, 'M', 'فم'),
+@@ -4998,14 +4994,14 @@
+     (0xFD1C, 'M', 'حي'),
+     (0xFD1D, 'M', 'جى'),
+     (0xFD1E, 'M', 'جي'),
+-    ]
+-
+-def _seg_48() -> List[Union[Tuple[int, str], Tuple[int, str, str]]]:
+-    return [
+     (0xFD1F, 'M', 'خى'),
+     (0xFD20, 'M', 'خي'),
+     (0xFD21, 'M', 'صى'),
+     (0xFD22, 'M', 'صي'),
++    ]
++
++def _seg_48() -> List[Union[Tuple[int, str], Tuple[int, str, str]]]:
++    return [
+     (0xFD23, 'M', 'ضى'),
+     (0xFD24, 'M', 'ضي'),
+     (0xFD25, 'M', 'شج'),
+@@ -5102,14 +5098,14 @@
+     (0xFDA4, 'M', 'تمى'),
+     (0xFDA5, 'M', 'جمي'),
+     (0xFDA6, 'M', 'جحى'),
+-    ]
+-
+-def _seg_49() -> List[Union[Tuple[int, str], Tuple[int, str, str]]]:
+-    return [
+     (0xFDA7, 'M', 'جمى'),
+     (0xFDA8, 'M', 'سخى'),
+     (0xFDA9, 'M', 'صحي'),
+     (0xFDAA, 'M', 'شحي'),
++    ]
++
++def _seg_49() -> List[Union[Tuple[int, str], Tuple[int, str, str]]]:
++    return [
+     (0xFDAB, 'M', 'ضحي'),
+     (0xFDAC, 'M', 'لجي'),
+     (0xFDAD, 'M', 'لمي'),
+@@ -5206,14 +5202,14 @@
+     (0xFE5B, '3', '{'),
+     (0xFE5C, '3', '}'),
+     (0xFE5D, 'M', '〔'),
+-    ]
+-
+-def _seg_50() -> List[Union[Tuple[int, str], Tuple[int, str, str]]]:
+-    return [
+     (0xFE5E, 'M', '〕'),
+     (0xFE5F, '3', '#'),
+     (0xFE60, '3', '&'),
+     (0xFE61, '3', '*'),
++    ]
++
++def _seg_50() -> List[Union[Tuple[int, str], Tuple[int, str, str]]]:
++    return [
+     (0xFE62, '3', '+'),
+     (0xFE63, 'M', '-'),
+     (0xFE64, '3', '<'),
+@@ -5310,14 +5306,14 @@
+     (0xFF18, 'M', '8'),
+     (0xFF19, 'M', '9'),
+     (0xFF1A, '3', ':'),
+-    ]
+-
+-def _seg_51() -> List[Union[Tuple[int, str], Tuple[int, str, str]]]:
+-    return [
+     (0xFF1B, '3', ';'),
+     (0xFF1C, '3', '<'),
+     (0xFF1D, '3', '='),
+     (0xFF1E, '3', '>'),
++    ]
++
++def _seg_51() -> List[Union[Tuple[int, str], Tuple[int, str, str]]]:
++    return [
+     (0xFF1F, '3', '?'),
+     (0xFF20, '3', '@'),
+     (0xFF21, 'M', 'a'),
+@@ -5414,14 +5410,14 @@
+     (0xFF7C, 'M', 'シ'),
+     (0xFF7D, 'M', 'ス'),
+     (0xFF7E, 'M', 'セ'),
+-    ]
+-
+-def _seg_52() -> List[Union[Tuple[int, str], Tuple[int, str, str]]]:
+-    return [
+     (0xFF7F, 'M', 'ソ'),
+     (0xFF80, 'M', 'タ'),
+     (0xFF81, 'M', 'チ'),
+     (0xFF82, 'M', 'ツ'),
++    ]
++
++def _seg_52() -> List[Union[Tuple[int, str], Tuple[int, str, str]]]:
++    return [
+     (0xFF83, 'M', 'テ'),
+     (0xFF84, 'M', 'ト'),
+     (0xFF85, 'M', 'ナ'),
+@@ -5518,14 +5514,14 @@
+     (0xFFE7, 'X'),
+     (0xFFE8, 'M', '│'),
+     (0xFFE9, 'M', '←'),
+-    ]
+-
+-def _seg_53() -> List[Union[Tuple[int, str], Tuple[int, str, str]]]:
+-    return [
+     (0xFFEA, 'M', '↑'),
+     (0xFFEB, 'M', '→'),
+     (0xFFEC, 'M', '↓'),
+     (0xFFED, 'M', '■'),
++    ]
++
++def _seg_53() -> List[Union[Tuple[int, str], Tuple[int, str, str]]]:
++    return [
+     (0xFFEE, 'M', '○'),
+     (0xFFEF, 'X'),
+     (0x10000, 'V'),
+@@ -5622,14 +5618,14 @@
+     (0x104B3, 'M', '𐓛'),
+     (0x104B4, 'M', '𐓜'),
+     (0x104B5, 'M', '𐓝'),
+-    ]
+-
+-def _seg_54() -> List[Union[Tuple[int, str], Tuple[int, str, str]]]:
+-    return [
+     (0x104B6, 'M', '𐓞'),
+     (0x104B7, 'M', '𐓟'),
+     (0x104B8, 'M', '𐓠'),
+     (0x104B9, 'M', '𐓡'),
++    ]
++
++def _seg_54() -> List[Union[Tuple[int, str], Tuple[int, str, str]]]:
++    return [
+     (0x104BA, 'M', '𐓢'),
+     (0x104BB, 'M', '𐓣'),
+     (0x104BC, 'M', '𐓤'),
+@@ -5726,14 +5722,14 @@
+     (0x10786, 'X'),
+     (0x10787, 'M', 'ʣ'),
+     (0x10788, 'M', 'ꭦ'),
+-    ]
+-
+-def _seg_55() -> List[Union[Tuple[int, str], Tuple[int, str, str]]]:
+-    return [
+     (0x10789, 'M', 'ʥ'),
+     (0x1078A, 'M', 'ʤ'),
+     (0x1078B, 'M', 'ɖ'),
+     (0x1078C, 'M', 'ɗ'),
++    ]
++
++def _seg_55() -> List[Union[Tuple[int, str], Tuple[int, str, str]]]:
++    return [
+     (0x1078D, 'M', 'ᶑ'),
+     (0x1078E, 'M', 'ɘ'),
+     (0x1078F, 'M', 'ɞ'),
+@@ -5830,14 +5826,14 @@
+     (0x10A60, 'V'),
+     (0x10AA0, 'X'),
+     (0x10AC0, 'V'),
+-    ]
+-
+-def _seg_56() -> List[Union[Tuple[int, str], Tuple[int, str, str]]]:
+-    return [
+     (0x10AE7, 'X'),
+     (0x10AEB, 'V'),
+     (0x10AF7, 'X'),
+     (0x10B00, 'V'),
++    ]
++
++def _seg_56() -> List[Union[Tuple[int, str], Tuple[int, str, str]]]:
++    return [
+     (0x10B36, 'X'),
+     (0x10B39, 'V'),
+     (0x10B56, 'X'),
+@@ -5934,14 +5930,14 @@
+     (0x1107F, 'V'),
+     (0x110BD, 'X'),
+     (0x110BE, 'V'),
+-    ]
+-
+-def _seg_57() -> List[Union[Tuple[int, str], Tuple[int, str, str]]]:
+-    return [
+     (0x110C3, 'X'),
+     (0x110D0, 'V'),
+     (0x110E9, 'X'),
+     (0x110F0, 'V'),
++    ]
++
++def _seg_57() -> List[Union[Tuple[int, str], Tuple[int, str, str]]]:
++    return [
+     (0x110FA, 'X'),
+     (0x11100, 'V'),
+     (0x11135, 'X'),
+@@ -6038,14 +6034,14 @@
+     (0x118A4, 'M', '𑣄'),
+     (0x118A5, 'M', '𑣅'),
+     (0x118A6, 'M', '𑣆'),
+-    ]
+-
+-def _seg_58() -> List[Union[Tuple[int, str], Tuple[int, str, str]]]:
+-    return [
+     (0x118A7, 'M', '𑣇'),
+     (0x118A8, 'M', '𑣈'),
+     (0x118A9, 'M', '𑣉'),
+     (0x118AA, 'M', '𑣊'),
++    ]
++
++def _seg_58() -> List[Union[Tuple[int, str], Tuple[int, str, str]]]:
++    return [
+     (0x118AB, 'M', '𑣋'),
+     (0x118AC, 'M', '𑣌'),
+     (0x118AD, 'M', '𑣍'),
+@@ -6142,14 +6138,14 @@
+     (0x11EE0, 'V'),
+     (0x11EF9, 'X'),
+     (0x11F00, 'V'),
+-    ]
+-
+-def _seg_59() -> List[Union[Tuple[int, str], Tuple[int, str, str]]]:
+-    return [
+     (0x11F11, 'X'),
+     (0x11F12, 'V'),
+     (0x11F3B, 'X'),
+     (0x11F3E, 'V'),
++    ]
++
++def _seg_59() -> List[Union[Tuple[int, str], Tuple[int, str, str]]]:
++    return [
+     (0x11F5A, 'X'),
+     (0x11FB0, 'V'),
+     (0x11FB1, 'X'),
+@@ -6246,14 +6242,14 @@
+     (0x18D00, 'V'),
+     (0x18D09, 'X'),
+     (0x1AFF0, 'V'),
+-    ]
+-
+-def _seg_60() -> List[Union[Tuple[int, str], Tuple[int, str, str]]]:
+-    return [
+     (0x1AFF4, 'X'),
+     (0x1AFF5, 'V'),
+     (0x1AFFC, 'X'),
+     (0x1AFFD, 'V'),
++    ]
++
++def _seg_60() -> List[Union[Tuple[int, str], Tuple[int, str, str]]]:
++    return [
+     (0x1AFFF, 'X'),
+     (0x1B000, 'V'),
+     (0x1B123, 'X'),
+@@ -6350,14 +6346,14 @@
+     (0x1D41E, 'M', 'e'),
+     (0x1D41F, 'M', 'f'),
+     (0x1D420, 'M', 'g'),
+-    ]
+-
+-def _seg_61() -> List[Union[Tuple[int, str], Tuple[int, str, str]]]:
+-    return [
+     (0x1D421, 'M', 'h'),
+     (0x1D422, 'M', 'i'),
+     (0x1D423, 'M', 'j'),
+     (0x1D424, 'M', 'k'),
++    ]
++
++def _seg_61() -> List[Union[Tuple[int, str], Tuple[int, str, str]]]:
++    return [
+     (0x1D425, 'M', 'l'),
+     (0x1D426, 'M', 'm'),
+     (0x1D427, 'M', 'n'),
+@@ -6454,14 +6450,14 @@
+     (0x1D482, 'M', 'a'),
+     (0x1D483, 'M', 'b'),
+     (0x1D484, 'M', 'c'),
+-    ]
+-
+-def _seg_62() -> List[Union[Tuple[int, str], Tuple[int, str, str]]]:
+-    return [
+     (0x1D485, 'M', 'd'),
+     (0x1D486, 'M', 'e'),
+     (0x1D487, 'M', 'f'),
+     (0x1D488, 'M', 'g'),
++    ]
++
++def _seg_62() -> List[Union[Tuple[int, str], Tuple[int, str, str]]]:
++    return [
+     (0x1D489, 'M', 'h'),
+     (0x1D48A, 'M', 'i'),
+     (0x1D48B, 'M', 'j'),
+@@ -6558,14 +6554,14 @@
+     (0x1D4E9, 'M', 'z'),
+     (0x1D4EA, 'M', 'a'),
+     (0x1D4EB, 'M', 'b'),
+-    ]
+-
+-def _seg_63() -> List[Union[Tuple[int, str], Tuple[int, str, str]]]:
+-    return [
+     (0x1D4EC, 'M', 'c'),
+     (0x1D4ED, 'M', 'd'),
+     (0x1D4EE, 'M', 'e'),
+     (0x1D4EF, 'M', 'f'),
++    ]
++
++def _seg_63() -> List[Union[Tuple[int, str], Tuple[int, str, str]]]:
++    return [
+     (0x1D4F0, 'M', 'g'),
+     (0x1D4F1, 'M', 'h'),
+     (0x1D4F2, 'M', 'i'),
+@@ -6662,14 +6658,14 @@
+     (0x1D550, 'M', 'y'),
+     (0x1D551, 'X'),
+     (0x1D552, 'M', 'a'),
+-    ]
+-
+-def _seg_64() -> List[Union[Tuple[int, str], Tuple[int, str, str]]]:
+-    return [
+     (0x1D553, 'M', 'b'),
+     (0x1D554, 'M', 'c'),
+     (0x1D555, 'M', 'd'),
+     (0x1D556, 'M', 'e'),
++    ]
++
++def _seg_64() -> List[Union[Tuple[int, str], Tuple[int, str, str]]]:
++    return [
+     (0x1D557, 'M', 'f'),
+     (0x1D558, 'M', 'g'),
+     (0x1D559, 'M', 'h'),
+@@ -6766,14 +6762,14 @@
+     (0x1D5B4, 'M', 'u'),
+     (0x1D5B5, 'M', 'v'),
+     (0x1D5B6, 'M', 'w'),
+-    ]
+-
+-def _seg_65() -> List[Union[Tuple[int, str], Tuple[int, str, str]]]:
+-    return [
+     (0x1D5B7, 'M', 'x'),
+     (0x1D5B8, 'M', 'y'),
+     (0x1D5B9, 'M', 'z'),
+     (0x1D5BA, 'M', 'a'),
++    ]
++
++def _seg_65() -> List[Union[Tuple[int, str], Tuple[int, str, str]]]:
++    return [
+     (0x1D5BB, 'M', 'b'),
+     (0x1D5BC, 'M', 'c'),
+     (0x1D5BD, 'M', 'd'),
+@@ -6870,14 +6866,14 @@
+     (0x1D618, 'M', 'q'),
+     (0x1D619, 'M', 'r'),
+     (0x1D61A, 'M', 's'),
+-    ]
+-
+-def _seg_66() -> List[Union[Tuple[int, str], Tuple[int, str, str]]]:
+-    return [
+     (0x1D61B, 'M', 't'),
+     (0x1D61C, 'M', 'u'),
+     (0x1D61D, 'M', 'v'),
+     (0x1D61E, 'M', 'w'),
++    ]
++
++def _seg_66() -> List[Union[Tuple[int, str], Tuple[int, str, str]]]:
++    return [
+     (0x1D61F, 'M', 'x'),
+     (0x1D620, 'M', 'y'),
+     (0x1D621, 'M', 'z'),
+@@ -6974,14 +6970,14 @@
+     (0x1D67C, 'M', 'm'),
+     (0x1D67D, 'M', 'n'),
+     (0x1D67E, 'M', 'o'),
+-    ]
+-
+-def _seg_67() -> List[Union[Tuple[int, str], Tuple[int, str, str]]]:
+-    return [
+     (0x1D67F, 'M', 'p'),
+     (0x1D680, 'M', 'q'),
+     (0x1D681, 'M', 'r'),
+     (0x1D682, 'M', 's'),
++    ]
++
++def _seg_67() -> List[Union[Tuple[int, str], Tuple[int, str, str]]]:
++    return [
+     (0x1D683, 'M', 't'),
+     (0x1D684, 'M', 'u'),
+     (0x1D685, 'M', 'v'),
+@@ -7078,14 +7074,14 @@
+     (0x1D6E2, 'M', 'α'),
+     (0x1D6E3, 'M', 'β'),
+     (0x1D6E4, 'M', 'γ'),
+-    ]
+-
+-def _seg_68() -> List[Union[Tuple[int, str], Tuple[int, str, str]]]:
+-    return [
+     (0x1D6E5, 'M', 'δ'),
+     (0x1D6E6, 'M', 'ε'),
+     (0x1D6E7, 'M', 'ζ'),
+     (0x1D6E8, 'M', 'η'),
++    ]
++
++def _seg_68() -> List[Union[Tuple[int, str], Tuple[int, str, str]]]:
++    return [
+     (0x1D6E9, 'M', 'θ'),
+     (0x1D6EA, 'M', 'ι'),
+     (0x1D6EB, 'M', 'κ'),
+@@ -7182,14 +7178,14 @@
+     (0x1D747, 'M', 'σ'),
+     (0x1D749, 'M', 'τ'),
+     (0x1D74A, 'M', 'υ'),
+-    ]
+-
+-def _seg_69() -> List[Union[Tuple[int, str], Tuple[int, str, str]]]:
+-    return [
+     (0x1D74B, 'M', 'φ'),
+     (0x1D74C, 'M', 'χ'),
+     (0x1D74D, 'M', 'ψ'),
+     (0x1D74E, 'M', 'ω'),
++    ]
++
++def _seg_69() -> List[Union[Tuple[int, str], Tuple[int, str, str]]]:
++    return [
+     (0x1D74F, 'M', '∂'),
+     (0x1D750, 'M', 'ε'),
+     (0x1D751, 'M', 'θ'),
+@@ -7286,14 +7282,14 @@
+     (0x1D7AD, 'M', 'δ'),
+     (0x1D7AE, 'M', 'ε'),
+     (0x1D7AF, 'M', 'ζ'),
+-    ]
+-
+-def _seg_70() -> List[Union[Tuple[int, str], Tuple[int, str, str]]]:
+-    return [
+     (0x1D7B0, 'M', 'η'),
+     (0x1D7B1, 'M', 'θ'),
+     (0x1D7B2, 'M', 'ι'),
+     (0x1D7B3, 'M', 'κ'),
++    ]
++
++def _seg_70() -> List[Union[Tuple[int, str], Tuple[int, str, str]]]:
++    return [
+     (0x1D7B4, 'M', 'λ'),
+     (0x1D7B5, 'M', 'μ'),
+     (0x1D7B6, 'M', 'ν'),
+@@ -7390,14 +7386,14 @@
+     (0x1E030, 'M', 'а'),
+     (0x1E031, 'M', 'б'),
+     (0x1E032, 'M', 'в'),
+-    ]
+-
+-def _seg_71() -> List[Union[Tuple[int, str], Tuple[int, str, str]]]:
+-    return [
+     (0x1E033, 'M', 'г'),
+     (0x1E034, 'M', 'д'),
+     (0x1E035, 'M', 'е'),
+     (0x1E036, 'M', 'ж'),
++    ]
++
++def _seg_71() -> List[Union[Tuple[int, str], Tuple[int, str, str]]]:
++    return [
+     (0x1E037, 'M', 'з'),
+     (0x1E038, 'M', 'и'),
+     (0x1E039, 'M', 'к'),
+@@ -7494,14 +7490,14 @@
+     (0x1E907, 'M', '𞤩'),
+     (0x1E908, 'M', '𞤪'),
+     (0x1E909, 'M', '𞤫'),
+-    ]
+-
+-def _seg_72() -> List[Union[Tuple[int, str], Tuple[int, str, str]]]:
+-    return [
+     (0x1E90A, 'M', '𞤬'),
+     (0x1E90B, 'M', '𞤭'),
+     (0x1E90C, 'M', '𞤮'),
+     (0x1E90D, 'M', '𞤯'),
++    ]
++
++def _seg_72() -> List[Union[Tuple[int, str], Tuple[int, str, str]]]:
++    return [
+     (0x1E90E, 'M', '𞤰'),
+     (0x1E90F, 'M', '𞤱'),
+     (0x1E910, 'M', '𞤲'),
+@@ -7598,14 +7594,14 @@
+     (0x1EE48, 'X'),
+     (0x1EE49, 'M', 'ي'),
+     (0x1EE4A, 'X'),
+-    ]
+-
+-def _seg_73() -> List[Union[Tuple[int, str], Tuple[int, str, str]]]:
+-    return [
+     (0x1EE4B, 'M', 'ل'),
+     (0x1EE4C, 'X'),
+     (0x1EE4D, 'M', 'ن'),
+     (0x1EE4E, 'M', 'س'),
++    ]
++
++def _seg_73() -> List[Union[Tuple[int, str], Tuple[int, str, str]]]:
++    return [
+     (0x1EE4F, 'M', 'ع'),
+     (0x1EE50, 'X'),
+     (0x1EE51, 'M', 'ص'),
+@@ -7702,14 +7698,14 @@
+     (0x1EEB2, 'M', 'ق'),
+     (0x1EEB3, 'M', 'ر'),
+     (0x1EEB4, 'M', 'ش'),
+-    ]
+-
+-def _seg_74() -> List[Union[Tuple[int, str], Tuple[int, str, str]]]:
+-    return [
+     (0x1EEB5, 'M', 'ت'),
+     (0x1EEB6, 'M', 'ث'),
+     (0x1EEB7, 'M', 'خ'),
+     (0x1EEB8, 'M', 'ذ'),
++    ]
++
++def _seg_74() -> List[Union[Tuple[int, str], Tuple[int, str, str]]]:
++    return [
+     (0x1EEB9, 'M', 'ض'),
+     (0x1EEBA, 'M', 'ظ'),
+     (0x1EEBB, 'M', 'غ'),
+@@ -7806,14 +7802,14 @@
+     (0x1F150, 'V'),
+     (0x1F16A, 'M', 'mc'),
+     (0x1F16B, 'M', 'md'),
+-    ]
+-
+-def _seg_75() -> List[Union[Tuple[int, str], Tuple[int, str, str]]]:
+-    return [
+     (0x1F16C, 'M', 'mr'),
+     (0x1F16D, 'V'),
+     (0x1F190, 'M', 'dj'),
+     (0x1F191, 'V'),
++    ]
++
++def _seg_75() -> List[Union[Tuple[int, str], Tuple[int, str, str]]]:
++    return [
+     (0x1F1AE, 'X'),
+     (0x1F1E6, 'V'),
+     (0x1F200, 'M', 'ほか'),
+@@ -7910,14 +7906,14 @@
+     (0x1FA54, 'X'),
+     (0x1FA60, 'V'),
+     (0x1FA6E, 'X'),
+-    ]
+-
+-def _seg_76() -> List[Union[Tuple[int, str], Tuple[int, str, str]]]:
+-    return [
+     (0x1FA70, 'V'),
+     (0x1FA7D, 'X'),
+     (0x1FA80, 'V'),
+     (0x1FA89, 'X'),
++    ]
++
++def _seg_76() -> List[Union[Tuple[int, str], Tuple[int, str, str]]]:
++    return [
+     (0x1FA90, 'V'),
+     (0x1FABE, 'X'),
+     (0x1FABF, 'V'),
+@@ -7953,6 +7949,8 @@
+     (0x2CEA2, 'X'),
+     (0x2CEB0, 'V'),
+     (0x2EBE1, 'X'),
++    (0x2EBF0, 'V'),
++    (0x2EE5E, 'X'),
+     (0x2F800, 'M', '丽'),
+     (0x2F801, 'M', '丸'),
+     (0x2F802, 'M', '乁'),
+@@ -8014,12 +8012,12 @@
+     (0x2F83C, 'M', '咞'),
+     (0x2F83D, 'M', '吸'),
+     (0x2F83E, 'M', '呈'),
++    (0x2F83F, 'M', '周'),
++    (0x2F840, 'M', '咢'),
+     ]
+ 
+ def _seg_77() -> List[Union[Tuple[int, str], Tuple[int, str, str]]]:
+     return [
+-    (0x2F83F, 'M', '周'),
+-    (0x2F840, 'M', '咢'),
+     (0x2F841, 'M', '哶'),
+     (0x2F842, 'M', '唐'),
+     (0x2F843, 'M', '啓'),
+@@ -8118,12 +8116,12 @@
+     (0x2F8A4, 'M', '𢛔'),
+     (0x2F8A5, 'M', '惇'),
+     (0x2F8A6, 'M', '慈'),
++    (0x2F8A7, 'M', '慌'),
++    (0x2F8A8, 'M', '慎'),
+     ]
+ 
+ def _seg_78() -> List[Union[Tuple[int, str], Tuple[int, str, str]]]:
+     return [
+-    (0x2F8A7, 'M', '慌'),
+-    (0x2F8A8, 'M', '慎'),
+     (0x2F8A9, 'M', '慌'),
+     (0x2F8AA, 'M', '慺'),
+     (0x2F8AB, 'M', '憎'),
+@@ -8222,12 +8220,12 @@
+     (0x2F908, 'M', '港'),
+     (0x2F909, 'M', '湮'),
+     (0x2F90A, 'M', '㴳'),
++    (0x2F90B, 'M', '滋'),
++    (0x2F90C, 'M', '滇'),
+     ]
+ 
+ def _seg_79() -> List[Union[Tuple[int, str], Tuple[int, str, str]]]:
+     return [
+-    (0x2F90B, 'M', '滋'),
+-    (0x2F90C, 'M', '滇'),
+     (0x2F90D, 'M', '𣻑'),
+     (0x2F90E, 'M', '淹'),
+     (0x2F90F, 'M', '潮'),
+@@ -8326,12 +8324,12 @@
+     (0x2F96F, 'M', '縂'),
+     (0x2F970, 'M', '繅'),
+     (0x2F971, 'M', '䌴'),
++    (0x2F972, 'M', '𦈨'),
++    (0x2F973, 'M', '𦉇'),
+     ]
+ 
+ def _seg_80() -> List[Union[Tuple[int, str], Tuple[int, str, str]]]:
+     return [
+-    (0x2F972, 'M', '𦈨'),
+-    (0x2F973, 'M', '𦉇'),
+     (0x2F974, 'M', '䍙'),
+     (0x2F975, 'M', '𦋙'),
+     (0x2F976, 'M', '罺'),
+@@ -8430,12 +8428,12 @@
+     (0x2F9D3, 'M', '𧲨'),
+     (0x2F9D4, 'M', '貫'),
+     (0x2F9D5, 'M', '賁'),
++    (0x2F9D6, 'M', '贛'),
++    (0x2F9D7, 'M', '起'),
+     ]
+ 
+ def _seg_81() -> List[Union[Tuple[int, str], Tuple[int, str, str]]]:
+     return [
+-    (0x2F9D6, 'M', '贛'),
+-    (0x2F9D7, 'M', '起'),
+     (0x2F9D8, 'M', '𧼯'),
+     (0x2F9D9, 'M', '𠠄'),
+     (0x2F9DA, 'M', '跋'),
diff --git a/SPECS/tensorflow/CVE-2024-6232.patch b/SPECS/tensorflow/CVE-2024-6232.patch
new file mode 100644
index 00000000000..1bb822bb873
--- /dev/null
+++ b/SPECS/tensorflow/CVE-2024-6232.patch
@@ -0,0 +1,175 @@
+diff --git a/tarfile.py b/tarfile.py
+index 3bbbcaa6211..f7202859de7 100755
+--- a/tarfile.py
++++ b/tarfile.py
+@@ -843,6 +843,9 @@ def data_filter(member, dest_path):
+ # Sentinel for replace() defaults, meaning "don't change the attribute"
+ _KEEP = object()
+ 
++# Header length is digits followed by a space.
++_header_length_prefix_re = re.compile(br"([0-9]{1,20}) ")
++
+ class TarInfo(object):
+     """Informational class which holds the details about an
+        archive member given by a tar header block.
+@@ -1412,37 +1415,59 @@ def _proc_pax(self, tarfile):
+         else:
+             pax_headers = tarfile.pax_headers.copy()
+ 
+-        # Check if the pax header contains a hdrcharset field. This tells us
+-        # the encoding of the path, linkpath, uname and gname fields. Normally,
+-        # these fields are UTF-8 encoded but since POSIX.1-2008 tar
+-        # implementations are allowed to store them as raw binary strings if
+-        # the translation to UTF-8 fails.
+-        match = re.search(br"\d+ hdrcharset=([^\n]+)\n", buf)
+-        if match is not None:
+-            pax_headers["hdrcharset"] = match.group(1).decode("utf-8")
+-
+-        # For the time being, we don't care about anything other than "BINARY".
+-        # The only other value that is currently allowed by the standard is
+-        # "ISO-IR 10646 2000 UTF-8" in other words UTF-8.
+-        hdrcharset = pax_headers.get("hdrcharset")
+-        if hdrcharset == "BINARY":
+-            encoding = tarfile.encoding
+-        else:
+-            encoding = "utf-8"
+-
+         # Parse pax header information. A record looks like that:
+         # "%d %s=%s\n" % (length, keyword, value). length is the size
+         # of the complete record including the length field itself and
+-        # the newline. keyword and value are both UTF-8 encoded strings.
+-        regex = re.compile(br"(\d+) ([^=]+)=")
++        # the newline.
+         pos = 0
+-        while match := regex.match(buf, pos):
+-            length, keyword = match.groups()
+-            length = int(length)
+-            if length == 0:
++        encoding = None
++        raw_headers = []
++        while len(buf) > pos and buf[pos] != 0x00:
++            if not (match := _header_length_prefix_re.match(buf, pos)):
++                raise InvalidHeaderError("invalid header")
++            try:
++                length = int(match.group(1))
++            except ValueError:
++                raise InvalidHeaderError("invalid header")
++            # Headers must be at least 5 bytes, shortest being '5 x=\n'.
++            # Value is allowed to be empty.
++            if length < 5:
++                raise InvalidHeaderError("invalid header")
++            if pos + length > len(buf):
++                raise InvalidHeaderError("invalid header")
++
++            header_value_end_offset = match.start(1) + length - 1  # Last byte of the header
++            keyword_and_value = buf[match.end(1) + 1:header_value_end_offset]
++            raw_keyword, equals, raw_value = keyword_and_value.partition(b"=")
++
++            # Check the framing of the header. The last character must be '\n' (0x0A)
++            if not raw_keyword or equals != b"=" or buf[header_value_end_offset] != 0x0A:
+                 raise InvalidHeaderError("invalid header")
+-            value = buf[match.end(2) + 1:match.start(1) + length - 1]
++            raw_headers.append((length, raw_keyword, raw_value))
++
++            # Check if the pax header contains a hdrcharset field. This tells us
++            # the encoding of the path, linkpath, uname and gname fields. Normally,
++            # these fields are UTF-8 encoded but since POSIX.1-2008 tar
++            # implementations are allowed to store them as raw binary strings if
++            # the translation to UTF-8 fails. For the time being, we don't care about
++            # anything other than "BINARY". The only other value that is currently
++            # allowed by the standard is "ISO-IR 10646 2000 UTF-8" in other words UTF-8.
++            # Note that we only follow the initial 'hdrcharset' setting to preserve
++            # the initial behavior of the 'tarfile' module.
++            if raw_keyword == b"hdrcharset" and encoding is None:
++                if raw_value == b"BINARY":
++                    encoding = tarfile.encoding
++                else:  # This branch ensures only the first 'hdrcharset' header is used.
++                    encoding = "utf-8"
+ 
++            pos += length
++
++        # If no explicit hdrcharset is set, we use UTF-8 as a default.
++        if encoding is None:
++            encoding = "utf-8"
++
++        # After parsing the raw headers we can decode them to text.
++        for length, raw_keyword, raw_value in raw_headers:
+             # Normally, we could just use "utf-8" as the encoding and "strict"
+             # as the error handler, but we better not take the risk. For
+             # example, GNU tar <= 1.23 is known to store filenames it cannot
+@@ -1450,17 +1475,16 @@ def _proc_pax(self, tarfile):
+             # hdrcharset=BINARY header).
+             # We first try the strict standard encoding, and if that fails we
+             # fall back on the user's encoding and error handler.
+-            keyword = self._decode_pax_field(keyword, "utf-8", "utf-8",
++            keyword = self._decode_pax_field(raw_keyword, "utf-8", "utf-8",
+                     tarfile.errors)
+             if keyword in PAX_NAME_FIELDS:
+-                value = self._decode_pax_field(value, encoding, tarfile.encoding,
++                value = self._decode_pax_field(raw_value, encoding, tarfile.encoding,
+                         tarfile.errors)
+             else:
+-                value = self._decode_pax_field(value, "utf-8", "utf-8",
++                value = self._decode_pax_field(raw_value, "utf-8", "utf-8",
+                         tarfile.errors)
+ 
+             pax_headers[keyword] = value
+-            pos += length
+ 
+         # Fetch the next header.
+         try:
+@@ -1475,7 +1499,7 @@ def _proc_pax(self, tarfile):
+ 
+         elif "GNU.sparse.size" in pax_headers:
+             # GNU extended sparse format version 0.0.
+-            self._proc_gnusparse_00(next, pax_headers, buf)
++            self._proc_gnusparse_00(next, raw_headers)
+ 
+         elif pax_headers.get("GNU.sparse.major") == "1" and pax_headers.get("GNU.sparse.minor") == "0":
+             # GNU extended sparse format version 1.0.
+@@ -1497,15 +1521,24 @@ def _proc_pax(self, tarfile):
+ 
+         return next
+ 
+-    def _proc_gnusparse_00(self, next, pax_headers, buf):
++    def _proc_gnusparse_00(self, next, raw_headers):
+         """Process a GNU tar extended sparse header, version 0.0.
+         """
+         offsets = []
+-        for match in re.finditer(br"\d+ GNU.sparse.offset=(\d+)\n", buf):
+-            offsets.append(int(match.group(1)))
+         numbytes = []
+-        for match in re.finditer(br"\d+ GNU.sparse.numbytes=(\d+)\n", buf):
+-            numbytes.append(int(match.group(1)))
++        for _, keyword, value in raw_headers:
++            if keyword == b"GNU.sparse.offset":
++                try:
++                    offsets.append(int(value.decode()))
++                except ValueError:
++                    raise InvalidHeaderError("invalid header")
++
++            elif keyword == b"GNU.sparse.numbytes":
++                try:
++                    numbytes.append(int(value.decode()))
++                except ValueError:
++                    raise InvalidHeaderError("invalid header")
++
+         next.sparse = list(zip(offsets, numbytes))
+ 
+     def _proc_gnusparse_01(self, next, pax_headers):
+@@ -2222,7 +2255,7 @@ def _get_filter_function(self, filter):
+                     'Python 3.14 will, by default, filter extracted tar '
+                     + 'archives and reject files or modify their metadata. '
+                     + 'Use the filter argument to control this behavior.',
+-                    DeprecationWarning)
++                    DeprecationWarning, stacklevel=3)
+                 return fully_trusted_filter
+             if isinstance(filter, str):
+                 raise TypeError(
+@@ -2897,4 +2930,4 @@ def main():
+             print('{!r} file created.'.format(tar_name))
+ 
+ if __name__ == '__main__':
+-    main()
++    main()
+\ No newline at end of file
diff --git a/SPECS/tensorflow/CVE-2024-8088.patch b/SPECS/tensorflow/CVE-2024-8088.patch
new file mode 100644
index 00000000000..af19acfeba1
--- /dev/null
+++ b/SPECS/tensorflow/CVE-2024-8088.patch
@@ -0,0 +1,41 @@
+diff --color -ruN a/zipfile/_path/__init__.py b/zipfile/_path/__init__.py
+--- a/zipfile/_path/__init__.py	2021-01-01 08:00:00.000000000 +0000
++++ b/zipfile/_path/__init__.py	2024-09-26 18:35:13.560930101 +0000
+@@ -1,3 +1,12 @@
++"""
++A Path-like interface for zipfiles.
++
++This codebase is shared between zipfile.Path in the stdlib
++and zipp in PyPI. See
++https://github.com/python/importlib_metadata/wiki/Development-Methodology
++for more detail.
++"""
++
+ import io
+ import posixpath
+ import zipfile
+@@ -34,7 +43,7 @@
+ def _ancestry(path):
+     """
+     Given a path with elements separated by
+-    posixpath.sep, generate all elements of that path
++    posixpath.sep, generate all elements of that path.
+ 
+     >>> list(_ancestry('b/d'))
+     ['b/d', 'b']
+@@ -46,9 +55,14 @@
+     ['b']
+     >>> list(_ancestry(''))
+     []
++
++    Multiple separators are treated like a single.
++
++    >>> list(_ancestry('//b//d///f//'))
++    ['//b//d///f', '//b//d', '//b']
+     """
+     path = path.rstrip(posixpath.sep)
+-    while path and path != posixpath.sep:
++    while path.rstrip(posixpath.sep):
+         yield path
+         path, tail = posixpath.split(path)
+ 
diff --git a/SPECS/tensorflow/generate_tf_cache.sh b/SPECS/tensorflow/generate_tf_cache.sh
old mode 100644
new mode 100755
index dad781565df..586ebc5db78
--- a/SPECS/tensorflow/generate_tf_cache.sh
+++ b/SPECS/tensorflow/generate_tf_cache.sh
@@ -11,4 +11,4 @@ CONTAINER_ID=$(docker run -d tensorflow_image)
 docker cp $CONTAINER_ID:/root/tensorflow-$TF_VERSION-cache.tar.gz $PWD
 
 docker stop $CONTAINER_ID
-docker rm $CONTAINER_ID
\ No newline at end of file
+docker rm $CONTAINER_ID
diff --git a/SPECS/tensorflow/tensorflow.spec b/SPECS/tensorflow/tensorflow.spec
index eab82d56cb3..d4022958ff2 100644
--- a/SPECS/tensorflow/tensorflow.spec
+++ b/SPECS/tensorflow/tensorflow.spec
@@ -1,7 +1,7 @@
 Summary:        TensorFlow is an open source machine learning framework for everyone.
 Name:           tensorflow
 Version:        2.16.1
-Release:        6%{?dist}
+Release:        7%{?dist}
 License:        ASL 2.0
 Vendor:         Microsoft Corporation
 Distribution:   Azure Linux
@@ -10,6 +10,9 @@ URL:            https://www.tensorflow.org/
 Source0:        https://github.com/tensorflow/tensorflow/archive/refs/tags/v%{version}.tar.gz#/%{name}-%{version}.tar.gz
 Source1:        %{name}-%{version}-cache2.tar.gz
 Patch0:         CVE-2024-7592.patch
+Patch1:         CVE-2024-6232.patch
+Patch2:         CVE-2024-8088.patch
+Patch3:         CVE-2024-3651.patch
 BuildRequires:  bazel
 BuildRequires:  binutils
 BuildRequires:  build-essential
@@ -71,6 +74,21 @@ pushd /root/.cache/bazel/_bazel_$USER/$MD5_HASH/external/python_x86_64-unknown-l
 patch -p1 < %{PATCH0}
 popd
 
+# Need to patch CVE-2024-6232 in the bundled python for applicable archs: `ExclusiveArch:  x86_64`
+pushd /root/.cache/bazel/_bazel_$USER/$MD5_HASH/external/python_x86_64-unknown-linux-gnu/lib/python3.12/
+patch -p1 < %{PATCH1}
+popd
+
+# Need to patch CVE-2024-8088 in the bundled python for applicable archs: `ExclusiveArch:  x86_64`
+pushd /root/.cache/bazel/_bazel_$USER/$MD5_HASH/external/python_x86_64-unknown-linux-gnu/lib/python3.12/
+patch -p1 < %{PATCH2}
+popd  
+
+# Need to patch CVE-2024-3651 in the bundled python for applicable archs: `ExclusiveArch:  x86_64`
+pushd /root/.cache/bazel/_bazel_$USER/$MD5_HASH/external/python_x86_64-unknown-linux-gnu/lib/python3.12/site-packages/pip/_vendor/idna
+patch -p1 < %{PATCH3}
+popd
+
 export TF_PYTHON_VERSION=3.12
 ln -s %{_bindir}/python3 %{_bindir}/python
 
@@ -100,6 +118,9 @@ bazel --batch build  //tensorflow/tools/pip_package:build_pip_package
 %{_bindir}/toco_from_protos
 
 %changelog
+* Wed Sep 25 2024 Archana Choudhary <archana1@microsoft.com> - 2.16.1-7
+- Bump release to build with new python3 to fix CVE-2024-6232, CVE-2024-8088, CVE-2024-3651
+
 * Fri Aug 23 2024 Brian Fjeldstad <bfjelds@microsoft.com> - 2.16.1-6
 - Bump release to build with new python3 to fix CVE-2024-7592
 

From a208704c5a6d89697c88e16cc25570b893427c47 Mon Sep 17 00:00:00 2001
From: jykanase <v-jykanase@microsoft.com>
Date: Fri, 27 Sep 2024 03:16:40 -0700
Subject: [PATCH 38/59] upgrade realmd version 0.16.3 -> 0.17.1 (#10560)

Co-authored-by: Muhammad Falak R Wani <falakreyaz@gmail.com>
---
 ...NetBIOS-name-in-keytab-while-leaving.patch | 168 --------
 .../0001-Fix-issues-found-by-Coverity.patch   |  42 --
 ...ge-reference-in-systemd-service-file.patch |  24 --
 ...1-IPA-do-not-call-sssd-enable-logins.patch |  62 ---
 ...Kerberos-fall-back-to-tcp-SRV-lookup.patch | 112 ------
 ...1-LDAP-don-t-close-LDAP-socket-twice.patch |  41 --
 ...upport-for-deprecated-gtester-format.patch | 252 ------------
 ...when-resolving-packages-with-Package.patch |  47 ---
 ...e-current-idmap-options-for-smb.conf.patch | 185 ---------
 .../0001-ipa-Propagate-hostname-error.patch   |  67 ++++
 ...and-pam-sssd.conf-services-after-joi.patch |  96 -----
 ...and-nss-services-in-realm_sssd_confi.patch |  98 -----
 ...ltiple-names-and-_srv_-ad_server-opt.patch |  74 ++++
 .../realmd/0001-sssd-package-fix.patch        |  72 ++++
 .../realmd/0001-switch-to-authselect.patch    |  36 --
 ...s-ignore-order-in-test_update_domain.patch |  82 ----
 .../0001-tests-run-tests-with-python3.patch   | 374 ------------------
 ...-ccache-handling-for-leave-operation.patch |  69 ++++
 ...ange-qualified-names-default-for-IPA.patch | 113 ------
 ...r-message-when-removing-host-from-AD.patch |  88 +++++
 ...try-to-get-domain-name-from-hostname.patch |  76 ----
 ...ix-reference-in-realmd.conf-man-page.patch |  26 ++
 SPECS-EXTENDED/realmd/realmd.signatures.json  |   2 +-
 SPECS-EXTENDED/realmd/realmd.spec             |  52 ++-
 cgmanifest.json                               |   4 +-
 25 files changed, 423 insertions(+), 1839 deletions(-)
 delete mode 100644 SPECS-EXTENDED/realmd/0001-Find-NetBIOS-name-in-keytab-while-leaving.patch
 delete mode 100644 SPECS-EXTENDED/realmd/0001-Fix-issues-found-by-Coverity.patch
 delete mode 100644 SPECS-EXTENDED/realmd/0001-Fix-man-page-reference-in-systemd-service-file.patch
 delete mode 100644 SPECS-EXTENDED/realmd/0001-IPA-do-not-call-sssd-enable-logins.patch
 delete mode 100644 SPECS-EXTENDED/realmd/0001-Kerberos-fall-back-to-tcp-SRV-lookup.patch
 delete mode 100644 SPECS-EXTENDED/realmd/0001-LDAP-don-t-close-LDAP-socket-twice.patch
 delete mode 100644 SPECS-EXTENDED/realmd/0001-Remove-support-for-deprecated-gtester-format.patch
 delete mode 100644 SPECS-EXTENDED/realmd/0001-Set-NEWEST-flag-when-resolving-packages-with-Package.patch
 delete mode 100644 SPECS-EXTENDED/realmd/0001-Use-current-idmap-options-for-smb.conf.patch
 create mode 100644 SPECS-EXTENDED/realmd/0001-ipa-Propagate-hostname-error.patch
 delete mode 100644 SPECS-EXTENDED/realmd/0001-service-Add-nss-and-pam-sssd.conf-services-after-joi.patch
 delete mode 100644 SPECS-EXTENDED/realmd/0001-service-Add-pam-and-nss-services-in-realm_sssd_confi.patch
 create mode 100644 SPECS-EXTENDED/realmd/0001-service-allow-multiple-names-and-_srv_-ad_server-opt.patch
 create mode 100644 SPECS-EXTENDED/realmd/0001-sssd-package-fix.patch
 delete mode 100644 SPECS-EXTENDED/realmd/0001-switch-to-authselect.patch
 delete mode 100644 SPECS-EXTENDED/realmd/0001-tests-ignore-order-in-test_update_domain.patch
 delete mode 100644 SPECS-EXTENDED/realmd/0001-tests-run-tests-with-python3.patch
 create mode 100644 SPECS-EXTENDED/realmd/0001-tools-fix-ccache-handling-for-leave-operation.patch
 delete mode 100644 SPECS-EXTENDED/realmd/0002-Change-qualified-names-default-for-IPA.patch
 create mode 100644 SPECS-EXTENDED/realmd/0002-service-fix-error-message-when-removing-host-from-AD.patch
 delete mode 100644 SPECS-EXTENDED/realmd/0003-discover-try-to-get-domain-name-from-hostname.patch
 create mode 100644 SPECS-EXTENDED/realmd/0003-doc-fix-reference-in-realmd.conf-man-page.patch

diff --git a/SPECS-EXTENDED/realmd/0001-Find-NetBIOS-name-in-keytab-while-leaving.patch b/SPECS-EXTENDED/realmd/0001-Find-NetBIOS-name-in-keytab-while-leaving.patch
deleted file mode 100644
index 894fe937194..00000000000
--- a/SPECS-EXTENDED/realmd/0001-Find-NetBIOS-name-in-keytab-while-leaving.patch
+++ /dev/null
@@ -1,168 +0,0 @@
-From b11d891a50c2f70e3c02b880e0199583b8df186c Mon Sep 17 00:00:00 2001
-From: Sumit Bose <sbose@redhat.com>
-Date: Thu, 31 May 2018 16:16:08 +0200
-Subject: [PATCH] Find NetBIOS name in keytab while leaving
-
-If realmd is used with Samba as membership software, i.e. Samba's net
-utility, the NetBIOS name must be known when leaving a domain. The most
-reliable way to find it is by searching the keytab for NAME$@REALM type
-entries and use the NAME as the NetBIOS name.
-
-Related to https://bugzilla.redhat.com/show_bug.cgi?id=1370457
----
- service/realm-kerberos.c     | 64 ++++++++++++++++++++++++++++++++++++
- service/realm-kerberos.h     |  2 ++
- service/realm-samba-enroll.c | 17 ++++++++--
- 3 files changed, 80 insertions(+), 3 deletions(-)
-
-diff --git a/service/realm-kerberos.c b/service/realm-kerberos.c
-index 54d1ed7..d6d109f 100644
---- a/service/realm-kerberos.c
-+++ b/service/realm-kerberos.c
-@@ -1130,3 +1130,67 @@ realm_kerberos_flush_keytab (const gchar *realm_name,
- 	return ret;
- 
- }
-+
-+gchar *
-+realm_kerberos_get_netbios_name_from_keytab (const gchar *realm_name)
-+{
-+	krb5_error_code code;
-+	krb5_keytab keytab = NULL;
-+	krb5_context ctx;
-+	krb5_kt_cursor cursor = NULL;
-+	krb5_keytab_entry entry;
-+	krb5_principal realm_princ = NULL;
-+	gchar *princ_name = NULL;
-+	gchar *netbios_name = NULL;
-+	krb5_data *name_data;
-+
-+	code = krb5_init_context (&ctx);
-+	if (code != 0) {
-+		return NULL;
-+	}
-+
-+	princ_name = g_strdup_printf ("user@%s", realm_name);
-+	code = krb5_parse_name (ctx, princ_name, &realm_princ);
-+	g_free (princ_name);
-+
-+	if (code == 0) {
-+		code = krb5_kt_default (ctx, &keytab);
-+	}
-+
-+	if (code == 0) {
-+		code = krb5_kt_start_seq_get (ctx, keytab, &cursor);
-+	}
-+
-+	if (code == 0) {
-+		while (!krb5_kt_next_entry (ctx, keytab, &entry, &cursor) && netbios_name == NULL) {
-+			if (krb5_realm_compare (ctx, realm_princ, entry.principal)) {
-+				name_data = krb5_princ_component (ctx, entry.principal, 0);
-+				if (name_data != NULL
-+				                && name_data->length > 0
-+				                && name_data->data[name_data->length - 1] == '$') {
-+					netbios_name = g_strndup (name_data->data, name_data->length - 1);
-+					if (netbios_name == NULL) {
-+						code = krb5_kt_free_entry (ctx, &entry);
-+						warn_if_krb5_failed (ctx, code);
-+						break;
-+					}
-+				}
-+			}
-+			code = krb5_kt_free_entry (ctx, &entry);
-+			warn_if_krb5_failed (ctx, code);
-+		}
-+	}
-+
-+	code = krb5_kt_end_seq_get (ctx, keytab, &cursor);
-+	warn_if_krb5_failed (ctx, code);
-+
-+	code = krb5_kt_close (ctx, keytab);
-+	warn_if_krb5_failed (ctx, code);
-+
-+	krb5_free_principal (ctx, realm_princ);
-+
-+	krb5_free_context (ctx);
-+
-+	return netbios_name;
-+
-+}
-diff --git a/service/realm-kerberos.h b/service/realm-kerberos.h
-index 0447e4d..58cfe07 100644
---- a/service/realm-kerberos.h
-+++ b/service/realm-kerberos.h
-@@ -88,6 +88,8 @@ gchar *             realm_kerberos_format_login          (RealmKerberos *self,
- gboolean            realm_kerberos_flush_keytab                (const gchar *realm_name,
-                                                                 GError **error);
- 
-+gchar *             realm_kerberos_get_netbios_name_from_keytab (const gchar *realm_name);
-+
- const gchar *       realm_kerberos_get_name                    (RealmKerberos *self);
- 
- const gchar *       realm_kerberos_get_realm_name              (RealmKerberos *self);
-diff --git a/service/realm-samba-enroll.c b/service/realm-samba-enroll.c
-index 76e7b79..f5edca3 100644
---- a/service/realm-samba-enroll.c
-+++ b/service/realm-samba-enroll.c
-@@ -85,7 +85,8 @@ static JoinClosure *
- join_closure_init (GTask *task,
-                    RealmDisco *disco,
-                    GVariant *options,
--                   GDBusMethodInvocation *invocation)
-+                   GDBusMethodInvocation *invocation,
-+                   gboolean do_join)
- {
- 	JoinClosure *join;
- 	gchar *workgroup;
-@@ -93,6 +94,7 @@ join_closure_init (GTask *task,
- 	int temp_fd;
- 	const gchar *explicit_computer_name = NULL;
- 	const gchar *authid = NULL;
-+	gchar *name_from_keytab = NULL;
- 
- 	join = g_new0 (JoinClosure, 1);
- 	join->disco = realm_disco_ref (disco);
-@@ -106,6 +108,14 @@ join_closure_init (GTask *task,
- 	else if (disco->explicit_netbios)
- 		authid = disco->explicit_netbios;
- 
-+	/* try to get the NetBIOS name from the keytab while leaving the domain */
-+	if (explicit_computer_name == NULL && !do_join) {
-+		name_from_keytab = realm_kerberos_get_netbios_name_from_keytab(disco->kerberos_realm);
-+		if (name_from_keytab != NULL) {
-+			authid = name_from_keytab;
-+		}
-+	}
-+
- 	join->config = realm_ini_config_new (REALM_INI_NO_WATCH | REALM_INI_PRIVATE);
- 	realm_ini_config_set (join->config, REALM_SAMBA_CONFIG_GLOBAL,
- 	                      "security", "ads",
-@@ -151,6 +161,7 @@ join_closure_init (GTask *task,
- 		g_warning ("Couldn't create temp file in: %s", g_get_tmp_dir ());
- 	}
- 
-+	g_free (name_from_keytab);
- 	return join;
- }
- 
-@@ -393,7 +404,7 @@ realm_samba_enroll_join_async (RealmDisco *disco,
- 	g_return_if_fail (cred != NULL);
- 
- 	task = g_task_new (NULL, NULL, callback, user_data);
--	join = join_closure_init (task, disco, options, invocation);
-+	join = join_closure_init (task, disco, options, invocation, TRUE);
- 	explicit_computer_name = realm_options_computer_name (options, disco->domain_name);
- 	if (explicit_computer_name != NULL) {
- 		realm_diagnostics_info (invocation, "Joining using a manual netbios name: %s",
-@@ -462,7 +473,7 @@ realm_samba_enroll_leave_async (RealmDisco *disco,
- 	JoinClosure *join;
- 
- 	task = g_task_new (NULL, NULL, callback, user_data);
--	join = join_closure_init (task, disco, options, invocation);
-+	join = join_closure_init (task, disco, options, invocation, FALSE);
- 
- 	switch (cred->type) {
- 	case REALM_CREDENTIAL_PASSWORD:
--- 
-2.17.1
-
diff --git a/SPECS-EXTENDED/realmd/0001-Fix-issues-found-by-Coverity.patch b/SPECS-EXTENDED/realmd/0001-Fix-issues-found-by-Coverity.patch
deleted file mode 100644
index abb678220f4..00000000000
--- a/SPECS-EXTENDED/realmd/0001-Fix-issues-found-by-Coverity.patch
+++ /dev/null
@@ -1,42 +0,0 @@
-From 1831748847715a13f0cc911a9a491eb8614d6682 Mon Sep 17 00:00:00 2001
-From: Sumit Bose <sbose@redhat.com>
-Date: Tue, 14 Aug 2018 14:09:48 +0200
-Subject: [PATCH 1/3] Fix issues found by Coverity
-
----
- service/realm-kerberos.c | 5 ++++-
- service/realm-packages.c | 2 +-
- 2 files changed, 5 insertions(+), 2 deletions(-)
-
-diff --git a/service/realm-kerberos.c b/service/realm-kerberos.c
-index d6d109f..252e256 100644
---- a/service/realm-kerberos.c
-+++ b/service/realm-kerberos.c
-@@ -980,7 +980,10 @@ realm_kerberos_set_details (RealmKerberos *self,
- 		if (name == NULL)
- 			break;
- 		value = va_arg (va, const gchar *);
--		g_return_if_fail (value != NULL);
-+		if (value == NULL) {
-+			va_end (va);
-+			g_return_if_reached ();
-+		}
- 
- 		values[0] = g_variant_new_string (name);
- 		values[1] = g_variant_new_string (value);
-diff --git a/service/realm-packages.c b/service/realm-packages.c
-index 9a6984c..5976439 100644
---- a/service/realm-packages.c
-+++ b/service/realm-packages.c
-@@ -567,7 +567,7 @@ lookup_required_files_and_packages (const gchar **package_sets,
- 		g_ptr_array_add (packages, NULL);
- 		*result_packages = (gchar **)g_ptr_array_free (packages, FALSE);
- 	} else {
--		g_ptr_array_free (files, TRUE);
-+		g_ptr_array_free (packages, TRUE);
- 	}
- 
- 	if (result_files) {
--- 
-2.17.1
-
diff --git a/SPECS-EXTENDED/realmd/0001-Fix-man-page-reference-in-systemd-service-file.patch b/SPECS-EXTENDED/realmd/0001-Fix-man-page-reference-in-systemd-service-file.patch
deleted file mode 100644
index fe466209f1b..00000000000
--- a/SPECS-EXTENDED/realmd/0001-Fix-man-page-reference-in-systemd-service-file.patch
+++ /dev/null
@@ -1,24 +0,0 @@
-From e8d9d5e9817627dcf208ac742debcc9dc320752d Mon Sep 17 00:00:00 2001
-From: Sumit Bose <sbose@redhat.com>
-Date: Wed, 27 Jul 2016 19:06:29 +0200
-Subject: [PATCH] Fix man page reference in systemd service file
-
----
- dbus/realmd.service.in | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/dbus/realmd.service.in b/dbus/realmd.service.in
-index b3bcf7a..64c1090 100644
---- a/dbus/realmd.service.in
-+++ b/dbus/realmd.service.in
-@@ -1,6 +1,6 @@
- [Unit]
- Description=Realm and Domain Configuration
--Documentation=man:realmd(8)
-+Documentation=man:realm(8)
- 
- [Service]
- Type=dbus
--- 
-2.7.4
-
diff --git a/SPECS-EXTENDED/realmd/0001-IPA-do-not-call-sssd-enable-logins.patch b/SPECS-EXTENDED/realmd/0001-IPA-do-not-call-sssd-enable-logins.patch
deleted file mode 100644
index 01fdef86b30..00000000000
--- a/SPECS-EXTENDED/realmd/0001-IPA-do-not-call-sssd-enable-logins.patch
+++ /dev/null
@@ -1,62 +0,0 @@
-From 373f2e03736dfd87d50f02208b99d462cf34d891 Mon Sep 17 00:00:00 2001
-From: Sumit Bose <sbose@redhat.com>
-Date: Thu, 27 Sep 2018 13:04:47 +0200
-Subject: [PATCH] IPA: do not call sssd-enable-logins
-
-It is expected that ipa-client-install will do all PAM and NSS
-configuration. To avoid changing IPA default realmd will not try to
-update the related configuration.
----
- service/realm-sssd-ipa.c | 24 +-----------------------
- 1 file changed, 1 insertion(+), 23 deletions(-)
-
-diff --git a/service/realm-sssd-ipa.c b/service/realm-sssd-ipa.c
-index 5029f6b..70f8b0e 100644
---- a/service/realm-sssd-ipa.c
-+++ b/service/realm-sssd-ipa.c
-@@ -109,41 +109,19 @@ enroll_closure_free (gpointer data)
- 	g_free (enroll);
- }
- 
--static void
--on_enable_nss_done (GObject *source,
--                    GAsyncResult *result,
--                    gpointer user_data)
--{
--	GTask *task = G_TASK (user_data);
--	GError *error = NULL;
--	gint status;
--
--	status = realm_command_run_finish (result, NULL, &error);
--	if (error == NULL && status != 0)
--		g_set_error (&error, REALM_ERROR, REALM_ERROR_INTERNAL,
--		             _("Enabling SSSD in nsswitch.conf and PAM failed."));
--	if (error != NULL)
--		g_task_return_error (task, error);
--	else
--		g_task_return_boolean (task, TRUE);
--	g_object_unref (task);
--}
--
- static void
- on_restart_done (GObject *source,
-                  GAsyncResult *result,
-                  gpointer user_data)
- {
- 	GTask *task = G_TASK (user_data);
--	EnrollClosure *enroll = g_task_get_task_data (task);
- 	RealmSssd *sssd = g_task_get_source_object (task);
- 	GError *error = NULL;
- 
- 	realm_service_enable_and_restart_finish (result, &error);
- 	if (error == NULL) {
- 		realm_sssd_update_properties (sssd);
--		realm_command_run_known_async ("sssd-enable-logins", NULL, enroll->invocation,
--		                               on_enable_nss_done, g_object_ref (task));
-+		g_task_return_boolean (task, TRUE);
- 	} else {
- 		g_task_return_error (task, error);
- 	}
--- 
-2.17.1
-
diff --git a/SPECS-EXTENDED/realmd/0001-Kerberos-fall-back-to-tcp-SRV-lookup.patch b/SPECS-EXTENDED/realmd/0001-Kerberos-fall-back-to-tcp-SRV-lookup.patch
deleted file mode 100644
index a61b602a272..00000000000
--- a/SPECS-EXTENDED/realmd/0001-Kerberos-fall-back-to-tcp-SRV-lookup.patch
+++ /dev/null
@@ -1,112 +0,0 @@
-From 6f0aa79c3e8dd93e723f29bf46e1b8b14403254f Mon Sep 17 00:00:00 2001
-From: Sumit Bose <sbose@redhat.com>
-Date: Mon, 5 Dec 2016 18:25:44 +0100
-Subject: [PATCH] Kerberos: fall back to tcp SRV lookup
-
----
- service/realm-kerberos-provider.c | 48 +++++++++++++++++++++++++++++++--------
- 1 file changed, 39 insertions(+), 9 deletions(-)
-
-diff --git a/service/realm-kerberos-provider.c b/service/realm-kerberos-provider.c
-index 2b3a0f8..1477ae8 100644
---- a/service/realm-kerberos-provider.c
-+++ b/service/realm-kerberos-provider.c
-@@ -19,6 +19,7 @@
- #include "realm-kerberos-provider.h"
- 
- #include <errno.h>
-+#include <string.h>
- 
- struct _RealmKerberosProvider {
- 	RealmProvider parent;
-@@ -38,28 +39,54 @@ realm_kerberos_provider_init (RealmKerberosProvider *self)
- 
- }
- 
-+typedef struct {
-+	gchar *name;
-+	const char *prot;
-+} NameProtPair;
-+
-+static void
-+name_prot_pair_free (gpointer data)
-+{
-+	NameProtPair *name_prot_pair = data;
-+	g_free (name_prot_pair->name);
-+	g_free (name_prot_pair);
-+}
-+
- static void
- on_kerberos_discover (GObject *source,
-                       GAsyncResult *result,
-                       gpointer user_data)
- {
- 	GTask *task = G_TASK (user_data);
--	const gchar *domain = g_task_get_task_data (task);
-+	NameProtPair *name_prot_pair = g_task_get_task_data (task);
- 	GError *error = NULL;
- 	RealmDisco *disco;
- 	GList *targets;
-+	GResolver *resolver;
- 
- 	targets = g_resolver_lookup_service_finish (G_RESOLVER (source), result, &error);
- 	if (targets) {
- 		g_list_free_full (targets, (GDestroyNotify)g_srv_target_free);
--		disco = realm_disco_new (domain);
--		disco->kerberos_realm = g_ascii_strup (domain, -1);
-+		disco = realm_disco_new (name_prot_pair->name);
-+		disco->kerberos_realm = g_ascii_strup (name_prot_pair->name, -1);
- 		g_task_return_pointer (task, disco, realm_disco_unref);
- 
- 	} else if (error) {
--		g_debug ("Resolving %s failed: %s", domain, error->message);
-+		g_debug ("Resolving %s failed: %s", name_prot_pair->name, error->message);
- 		g_error_free (error);
--		g_task_return_pointer (task, NULL, NULL);
-+
-+		if (strcmp (name_prot_pair->prot, "tcp") == 0) {
-+			g_task_return_pointer (task, NULL, NULL);
-+		} else {
-+			/* Try tcp */
-+			name_prot_pair->prot = "tcp";
-+			resolver = g_resolver_get_default ();
-+			g_resolver_lookup_service_async (resolver, "kerberos", name_prot_pair->prot,
-+			                                 name_prot_pair->name,
-+			                                 g_task_get_cancellable (task),
-+			                                 on_kerberos_discover, g_object_ref (task));
-+			g_object_unref (resolver);
-+		}
- 	}
- 
- 	g_object_unref (task);
-@@ -76,7 +103,7 @@ realm_kerberos_provider_discover_async (RealmProvider *provider,
- 	GTask *task;
- 	const gchar *software;
- 	GResolver *resolver;
--	gchar *name;
-+	NameProtPair *name_prot_pair;
- 
- 	task = g_task_new (provider, NULL, callback, user_data);
- 
-@@ -86,12 +113,15 @@ realm_kerberos_provider_discover_async (RealmProvider *provider,
- 		g_task_return_pointer (task, NULL, NULL);
- 
- 	} else {
--		name = g_hostname_to_ascii (string);
-+		name_prot_pair = g_new0 (NameProtPair, 1);
-+		name_prot_pair->name = g_hostname_to_ascii (string);
-+		name_prot_pair->prot = "udp";
- 		resolver = g_resolver_get_default ();
--		g_resolver_lookup_service_async (resolver, "kerberos", "udp", name,
-+		g_resolver_lookup_service_async (resolver, "kerberos", name_prot_pair->prot,
-+		                                 name_prot_pair->name,
- 		                                 realm_invocation_get_cancellable (invocation),
- 		                                 on_kerberos_discover, g_object_ref (task));
--		g_task_set_task_data (task, name, g_free);
-+		g_task_set_task_data (task, name_prot_pair, name_prot_pair_free);
- 		g_object_unref (resolver);
- 	}
- 
--- 
-2.9.3
-
diff --git a/SPECS-EXTENDED/realmd/0001-LDAP-don-t-close-LDAP-socket-twice.patch b/SPECS-EXTENDED/realmd/0001-LDAP-don-t-close-LDAP-socket-twice.patch
deleted file mode 100644
index 09e9ccf4760..00000000000
--- a/SPECS-EXTENDED/realmd/0001-LDAP-don-t-close-LDAP-socket-twice.patch
+++ /dev/null
@@ -1,41 +0,0 @@
-From 895e5b37d14090541480cebcb297846cbd3662ce Mon Sep 17 00:00:00 2001
-From: Sumit Bose <sbose@redhat.com>
-Date: Fri, 25 Nov 2016 17:35:11 +0100
-Subject: [PATCH] LDAP: don't close LDAP socket twice
-
-ldap_destroy() will call close() on the LDAP socket so with an explicit
-close() before the file descriptor will be closed twice. Even worse,
-since the file descriptor can be reused after the explicit call of
-close() by any other thread the close() called from ldap_destroy() might
-close a file descriptor used by a different thread as seen e.g. in
-https://bugzilla.redhat.com/show_bug.cgi?id=1398522.
-
-Additionally the patch makes sure that the closed connection cannot be
-used again.
-
-https://bugzilla.redhat.com/show_bug.cgi?id=1398522
----
- service/realm-ldap.c | 5 +++--
- 1 file changed, 3 insertions(+), 2 deletions(-)
-
-diff --git a/service/realm-ldap.c b/service/realm-ldap.c
-index 061ed61..59817fb 100644
---- a/service/realm-ldap.c
-+++ b/service/realm-ldap.c
-@@ -159,10 +159,11 @@ ldap_source_finalize (GSource *source)
- {
- 	LdapSource *ls = (LdapSource *)source;
- 
--	/* Yeah, this is pretty rough, but we don't want blocking here */
--	close (ls->sock);
- 	ldap_destroy (ls->ldap);
- 
-+	ls->sock = -1;
-+	ls->ldap = NULL;
-+
- 	if (ls->cancellable) {
- 		g_cancellable_release_fd (ls->cancellable);
- 		g_object_unref (ls->cancellable);
--- 
-2.9.3
-
diff --git a/SPECS-EXTENDED/realmd/0001-Remove-support-for-deprecated-gtester-format.patch b/SPECS-EXTENDED/realmd/0001-Remove-support-for-deprecated-gtester-format.patch
deleted file mode 100644
index bdd59dda47c..00000000000
--- a/SPECS-EXTENDED/realmd/0001-Remove-support-for-deprecated-gtester-format.patch
+++ /dev/null
@@ -1,252 +0,0 @@
-From 5ae42c176e7bb550fc6cf10f29e75f58c733ae4f Mon Sep 17 00:00:00 2001
-From: Sumit Bose <sbose@redhat.com>
-Date: Fri, 2 Aug 2019 12:10:43 +0200
-Subject: [PATCH] Remove support for deprecated gtester format
-
-Support for the already deprecated gtester format was remove from recent
-versions of glib2 but the test still call the tab-gtester conversion
-tool.
-
-This patch removes tab-gtester and the tab format is used directly.
-
-Related to https://gitlab.freedesktop.org/realmd/realmd/issues/21
----
- Makefile.am       |   3 +-
- build/tap-gtester | 204 ----------------------------------------------
- 2 files changed, 1 insertion(+), 206 deletions(-)
- delete mode 100755 build/tap-gtester
-
-diff --git a/Makefile.am b/Makefile.am
-index 27e3494..4ffd5b4 100644
---- a/Makefile.am
-+++ b/Makefile.am
-@@ -161,7 +161,7 @@ endif
- #
- 
- LOG_DRIVER = $(top_srcdir)/build/tap-driver
--LOG_COMPILER = $(top_srcdir)/build/tap-gtester
-+LOG_COMPILER = sh -c '"$$0" "$$@" --tap'
- 
- VALGRIND_ARGS = --trace-children=no --quiet --error-exitcode=33 \
- 	--suppressions=valgrind-suppressions --gen-suppressions=all \
-@@ -183,7 +183,6 @@ recheck-memory: valgrind-suppressions
- 
- EXTRA_DIST += \
- 	$(LOG_DRIVER) \
--	$(LOG_COMPILER) \
- 	$(VALGRIND_SUPPRESSIONS) \
- 	$(NULL)
- 
-diff --git a/build/tap-gtester b/build/tap-gtester
-deleted file mode 100755
-index bbda266..0000000
---- a/build/tap-gtester
-+++ /dev/null
-@@ -1,204 +0,0 @@
--#!/usr/bin/python3
--# This can also be run with Python 2.
--
--# Copyright (C) 2014 Red Hat, Inc.
--#
--# Cockpit is free software; you can redistribute it and/or modify it
--# under the terms of the GNU Lesser General Public License as published by
--# the Free Software Foundation; either version 2.1 of the License, or
--# (at your option) any later version.
--#
--# Cockpit is distributed in the hope that it will be useful, but
--# WITHOUT ANY WARRANTY; without even the implied warranty of
--# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
--# Lesser General Public License for more details.
--#
--# You should have received a copy of the GNU Lesser General Public License
--# along with Cockpit; If not, see <http://www.gnu.org/licenses/>.
--
--#
--# This is a test output compiler which produces TAP from GTest output
--# if GTest output is detected.
--#
--# Versions of glib later than 2.38.x output TAP natively when tests are
--# run with the --tap option. However we can't depend on such a recent
--# version of glib for our purposes.
--#
--# This implements the Test Anything Protocol (ie: TAP)
--# https://metacpan.org/pod/release/PETDANCE/Test-Harness-2.64/lib/Test/Harness/TAP.pod
--#
--
--import argparse
--import os
--import select
--import signal
--import subprocess
--import sys
--
--# Yes, it's dumb, but strsignal is not exposed in python
--# In addition signal numbers varify heavily from arch to arch
--def strsignal(sig):
--    for name in dir(signal):
--        if name.startswith("SIG") and sig == getattr(signal, name):
--            return name
--    return str(sig)
--
--
--class NullCompiler:
--    def __init__(self, command):
--        self.command = command
--
--    def input(self, line):
--        sys.stdout.write(line)
--
--    def process(self, proc):
--        while True:
--            line = proc.stdout.readline()
--            if not line:
--                break
--            self.input(line)
--        proc.wait()
--        return proc.returncode
--
--    def run(self, proc, line=None):
--        if line:
--            self.input(line)
--        return self.process(proc)
--
--
--class GTestCompiler(NullCompiler):
--    def __init__(self, filename):
--        NullCompiler.__init__(self, filename)
--        self.test_num = 0
--        self.test_name = None
--        self.test_remaining = []
--
--    def input(self, line):
--        line = line.strip()
--        if line.startswith("GTest: "):
--           (cmd, unused, data) = line[7:].partition(": ")
--           cmd = cmd.strip()
--           data = data.strip()
--           if cmd == "run":
--               self.test_name = data
--               assert self.test_name in self.test_remaining, "%s %s" % (self.test_name, repr(self.test_remaining))
--               self.test_remaining.remove(self.test_name)
--               self.test_num += 1
--           elif cmd == "result":
--               if self.test_name:
--                   if data == "OK":
--                       print("ok %d %s" % (self.test_num, self.test_name))
--                   if data == "FAIL":
--                       print("not ok %d %s" % (self.test_num, self.test_name))
--               self.test_name = None
--           elif cmd == "skipping":
--               if "/subprocess" not in data:
--                   print("ok %d # skip -- %s" % (self.test_num, data))
--               self.test_name = None
--           elif data:
--               print("# %s: %s" % (cmd, data))
--           else:
--               print("# %s" % cmd)
--        elif line.startswith("(MSG: "):
--            print("# %s" % line[6:-1])
--        elif line:
--            print("# %s" % line)
--        sys.stdout.flush()
--
--    def run(self, proc, output=""):
--        # Complete retrieval of the list of tests
--        output += proc.stdout.read()
--        proc.wait()
--        if proc.returncode:
--            sys.stderr.write("tap-gtester: listing GTest tests failed: %d\n" % proc.returncode)
--            return proc.returncode
--        self.test_remaining = []
--        for line in output.split("\n"):
--            if line.startswith("/"):
--                self.test_remaining.append(line.strip())
--        if not self.test_remaining:
--            print("Bail out! No tests found in GTest: %s" % self.command[0])
--            return 0
--
--        print("1..%d" % len(self.test_remaining))
--
--        # First try to run all the tests in a batch
--        proc = subprocess.Popen(self.command + ["--verbose" ], close_fds=True,
--                                stdout=subprocess.PIPE, universal_newlines=True)
--        result = self.process(proc)
--        if result == 0:
--            return 0
--
--        if result < 0:
--            sys.stderr.write("%s terminated with %s\n" % (self.command[0], strsignal(-result)))
--
--        # Now pick up any stragglers due to failures
--        while True:
--            # Assume that the last test failed
--            if self.test_name:
--                print("not ok %d %s" % (self.test_num, self.test_name))
--                self.test_name = None
--
--            # Run any tests which didn't get run
--            if not self.test_remaining:
--                break
--
--            proc = subprocess.Popen(self.command + ["--verbose", "-p", self.test_remaining[0]],
--                                    close_fds=True, stdout=subprocess.PIPE,
--                                    universal_newlines=True)
--            result = self.process(proc)
--
--            # The various exit codes and signals we continue for
--            if result not in [ 0, 1, -4, -5, -6, -7, -8, -11, 33 ]:
--                break
--
--        return result
--
--def main(argv):
--    parser = argparse.ArgumentParser(description='Automake TAP compiler',
--                                     usage="tap-gtester [--format FORMAT] command ...")
--    parser.add_argument('--format', metavar='FORMAT', choices=[ "auto", "gtest", "tap" ],
--                        default="auto", help='The input format to compile')
--    parser.add_argument('--verbose', action='store_true',
--                        default=True, help='Verbose mode (ignored)')
--    parser.add_argument('command', nargs=argparse.REMAINDER, help="A test command to run")
--    args = parser.parse_args(argv[1:])
--
--    output = None
--    format = args.format
--    cmd = args.command
--    if not cmd:
--        sys.stderr.write("tap-gtester: specify a command to run\n")
--        return 2
--    if cmd[0] == '--':
--        cmd.pop(0)
--
--    proc = None
--
--    os.environ['HARNESS_ACTIVE'] = '1'
--
--    if format in ["auto", "gtest"]:
--        list_cmd = cmd + ["-l", "--verbose"]
--        proc = subprocess.Popen(list_cmd, close_fds=True, stdout=subprocess.PIPE,
--                                universal_newlines=True)
--        output = proc.stdout.readline()
--        # Smell whether we're dealing with GTest list output from first line
--        if "random seed" in output or "GTest" in output or output.startswith("/"):
--            format = "gtest"
--        else:
--            format = "tap"
--    else:
--        proc = subprocess.Popen(cmd, close_fds=True, stdout=subprocess.PIPE,
--                                universal_newlines=True)
--
--    if format == "gtest":
--        compiler = GTestCompiler(cmd)
--    elif format == "tap":
--        compiler = NullCompiler(cmd)
--    else:
--        assert False, "not reached"
--
--    return compiler.run(proc, output)
--
--if __name__ == "__main__":
--    sys.exit(main(sys.argv))
--- 
-2.21.0
-
diff --git a/SPECS-EXTENDED/realmd/0001-Set-NEWEST-flag-when-resolving-packages-with-Package.patch b/SPECS-EXTENDED/realmd/0001-Set-NEWEST-flag-when-resolving-packages-with-Package.patch
deleted file mode 100644
index e8ba689fd83..00000000000
--- a/SPECS-EXTENDED/realmd/0001-Set-NEWEST-flag-when-resolving-packages-with-Package.patch
+++ /dev/null
@@ -1,47 +0,0 @@
-From fa6dd59c5eaabc8c7e540f2aa2ded6f785de0a13 Mon Sep 17 00:00:00 2001
-From: Adam Williamson <awilliam@redhat.com>
-Date: Wed, 20 Feb 2019 11:12:04 -0800
-Subject: [PATCH] Set 'NEWEST' flag when resolving packages with PackageKit
-
-When resolving package names via PackageKit, realmd does not set
-the PK_FILTER_ENUM_NEWEST flag that asks PK to only give the
-*newest available* package for each package name. So if there
-are three different versions of the package available in three
-repositories, realmd winds up producing an array containing the
-package IDs for all three of those packages and calling
-InstallPackages on all of them. I don't know if PK's behaviour
-in this case is defined or predictable, but in practice in at
-least one case it reliably results in one of the older package
-versions being installed.
-
-This does not seem desirable, we should always want to install
-the newest available version. So let's set the NEWEST flag to
-ensure this.
-
-A possible consequence here is that, if a newer version of the
-package is not installable but an older version is, we will now
-fail where previously we did not. But even in that case I don't
-know if we would *reliably* succeed before, and silently
-installing an older version still doesn't necessarily seem like
-the right thing to do.
-
-Signed-off-by: Adam Williamson <awilliam@redhat.com>
----
- service/realm-packages.c | 1 +
- 1 file changed, 1 insertion(+)
-
-diff --git a/service/realm-packages.c b/service/realm-packages.c
-index 5976439..0309c57 100644
---- a/service/realm-packages.c
-+++ b/service/realm-packages.c
-@@ -343,6 +343,7 @@ packages_resolve_async (GDBusConnection *connection,
-                         gpointer user_data)
- {
- 	guint64 flags = 1 << 18 /* PK_FILTER_ENUM_ARCH */;
-+	flags |= 1 << 16 /* PK_FILTER_ENUM_NEWEST */;
- 	package_transaction_create ("Resolve", g_variant_new ("(t^as)", flags, package_names),
- 	                            connection, cancellable, callback, user_data);
- }
--- 
-2.20.1
-
diff --git a/SPECS-EXTENDED/realmd/0001-Use-current-idmap-options-for-smb.conf.patch b/SPECS-EXTENDED/realmd/0001-Use-current-idmap-options-for-smb.conf.patch
deleted file mode 100644
index ea34960f8c3..00000000000
--- a/SPECS-EXTENDED/realmd/0001-Use-current-idmap-options-for-smb.conf.patch
+++ /dev/null
@@ -1,185 +0,0 @@
-From e683fb573bc09893ec541be29751560cea30ce3f Mon Sep 17 00:00:00 2001
-From: Sumit Bose <sbose@redhat.com>
-Date: Wed, 30 May 2018 13:10:57 +0200
-Subject: [PATCH] Use current idmap options for smb.conf
-
-Samba change some time ago the way how to configure id-mapping. With
-this patch realmd will use the current supported options when creating
-smb.conf.
-
-A new option --legacy-samba-config is added to use the old options if
-realmd is used with Samba 3.5 or earlier.
-
-Related to https://bugzilla.redhat.com/show_bug.cgi?id=1484072
----
- dbus/realm-dbus-constants.h   |  1 +
- doc/manual/realmd.conf.xml    | 17 ++++++++++++
- service/realm-samba-enroll.c  |  2 +-
- service/realm-samba-enroll.h  |  3 +++
- service/realm-samba-winbind.c | 63 ++++++++++++++++++++++++++++++++++---------
- 5 files changed, 72 insertions(+), 14 deletions(-)
-
-diff --git a/dbus/realm-dbus-constants.h b/dbus/realm-dbus-constants.h
-index 9cd30ef..40ffa2d 100644
---- a/dbus/realm-dbus-constants.h
-+++ b/dbus/realm-dbus-constants.h
-@@ -69,6 +69,7 @@ G_BEGIN_DECLS
- #define   REALM_DBUS_OPTION_COMPUTER_NAME          "computer-name"
- #define   REALM_DBUS_OPTION_OS_NAME                "os-name"
- #define   REALM_DBUS_OPTION_OS_VERSION             "os-version"
-+#define   REALM_DBUS_OPTION_LEGACY_SMB_CONF        "legacy-samba-config"
- 
- #define   REALM_DBUS_IDENTIFIER_ACTIVE_DIRECTORY   "active-directory"
- #define   REALM_DBUS_IDENTIFIER_WINBIND            "winbind"
-diff --git a/doc/manual/realmd.conf.xml b/doc/manual/realmd.conf.xml
-index 7853230..a2b577c 100644
---- a/doc/manual/realmd.conf.xml
-+++ b/doc/manual/realmd.conf.xml
-@@ -192,6 +192,23 @@ automatic-install = no
- 	</listitem>
- 	</varlistentry>
- 
-+	<varlistentry>
-+	<term><option>legacy-samba-config</option></term>
-+	<listitem>
-+		<para>Set this to <parameter>yes</parameter> to create a Samba
-+		configuration file with id-mapping options used by Samba-3.5
-+		and earlier version.</para>
-+
-+		<informalexample>
-+<programlisting language="js">
-+[service]
-+legacy-samba-config = no
-+# legacy-samba-config = yes
-+</programlisting>
-+		</informalexample>
-+	</listitem>
-+	</varlistentry>
-+
- 	</variablelist>
- </refsect1>
- 
-diff --git a/service/realm-samba-enroll.c b/service/realm-samba-enroll.c
-index c81aed2..76e7b79 100644
---- a/service/realm-samba-enroll.c
-+++ b/service/realm-samba-enroll.c
-@@ -69,7 +69,7 @@ join_closure_free (gpointer data)
- 	g_free (join);
- }
- 
--static gchar *
-+gchar *
- fallback_workgroup (const gchar *realm)
- {
- 	const gchar *pos;
-diff --git a/service/realm-samba-enroll.h b/service/realm-samba-enroll.h
-index 84e8b2f..310ec65 100644
---- a/service/realm-samba-enroll.h
-+++ b/service/realm-samba-enroll.h
-@@ -46,6 +46,9 @@ void               realm_samba_enroll_leave_async          (RealmDisco *disco,
- gboolean           realm_samba_enroll_leave_finish         (GAsyncResult *result,
-                                                             GError **error);
- 
-+gchar *
-+fallback_workgroup (const gchar *realm);
-+
- G_END_DECLS
- 
- #endif /* __REALM_SAMBA_ENROLL_H__ */
-diff --git a/service/realm-samba-winbind.c b/service/realm-samba-winbind.c
-index a7ddec3..9335e26 100644
---- a/service/realm-samba-winbind.c
-+++ b/service/realm-samba-winbind.c
-@@ -21,8 +21,10 @@
- #include "realm-options.h"
- #include "realm-samba-config.h"
- #include "realm-samba-winbind.h"
-+#include "realm-samba-enroll.h"
- #include "realm-settings.h"
- #include "realm-service.h"
-+#include "dbus/realm-dbus-constants.h"
- 
- #include <glib/gstdio.h>
- 
-@@ -80,6 +82,10 @@ realm_samba_winbind_configure_async (RealmIniConfig *config,
- 	RealmIniConfig *pwc;
- 	GTask *task;
- 	GError *error = NULL;
-+	gchar *workgroup = NULL;
-+	gchar *idmap_config_backend = NULL;
-+	gchar *idmap_config_range = NULL;
-+	gchar *idmap_config_schema_mode = NULL;
- 
- 	g_return_if_fail (config != NULL);
- 	g_return_if_fail (invocation != NULL || G_IS_DBUS_METHOD_INVOCATION (invocation));
-@@ -100,23 +106,54 @@ realm_samba_winbind_configure_async (RealmIniConfig *config,
- 		                      "template shell", realm_settings_string ("users", "default-shell"),
- 		                      NULL);
- 
--		if (realm_options_automatic_mapping (options, domain_name)) {
--			realm_ini_config_set (config, REALM_SAMBA_CONFIG_GLOBAL,
--			                      "idmap uid", "10000-2000000",
--			                      "idmap gid", "10000-2000000",
--			                      "idmap backend", "tdb",
--			                      "idmap schema", NULL,
--			                      NULL);
-+		if (realm_settings_boolean ("service", REALM_DBUS_OPTION_LEGACY_SMB_CONF, FALSE)) {
-+			if (realm_options_automatic_mapping (options, domain_name)) {
-+				realm_ini_config_set (config, REALM_SAMBA_CONFIG_GLOBAL,
-+						      "idmap uid", "10000-2000000",
-+						      "idmap gid", "10000-2000000",
-+						      "idmap backend", "tdb",
-+						      "idmap schema", NULL,
-+						      NULL);
-+			} else {
-+				realm_ini_config_set (config, REALM_SAMBA_CONFIG_GLOBAL,
-+						      "idmap uid", "500-4294967296",
-+						      "idmap gid", "500-4294967296",
-+						      "idmap backend", "ad",
-+						      "idmap schema", "rfc2307",
-+						      NULL);
-+			}
- 		} else {
--			realm_ini_config_set (config, REALM_SAMBA_CONFIG_GLOBAL,
--			                      "idmap uid", "500-4294967296",
--			                      "idmap gid", "500-4294967296",
--			                      "idmap backend", "ad",
--			                      "idmap schema", "rfc2307",
--			                      NULL);
-+			workgroup = realm_ini_config_get (config, REALM_SAMBA_CONFIG_GLOBAL, "workgroup");
-+			if (workgroup == NULL) {
-+				workgroup = fallback_workgroup (domain_name);
-+			}
-+			idmap_config_backend = g_strdup_printf ("idmap config %s : backend", workgroup != NULL ? workgroup : "PLEASE_REPLACE");
-+			idmap_config_range = g_strdup_printf ("idmap config %s : range", workgroup != NULL ? workgroup : "PLEASE_REPLACE");
-+			idmap_config_schema_mode = g_strdup_printf ("idmap config %s : schema_mode", workgroup != NULL ? workgroup : "PLEASE_REPLACE");
-+			g_free (workgroup);
-+
-+			if (realm_options_automatic_mapping (options, domain_name)) {
-+				realm_ini_config_set (config, REALM_SAMBA_CONFIG_GLOBAL,
-+						      "idmap config * : backend", "tdb",
-+						      "idmap config * : range", "10000-999999",
-+						      idmap_config_backend != NULL ? idmap_config_backend : "idmap config PLEASE_REPLACE : backend", "rid",
-+						      idmap_config_range != NULL ? idmap_config_range: "idmap config PLEASE_REPLACE : range", "2000000-2999999",
-+						      idmap_config_schema_mode != NULL ? idmap_config_schema_mode: "idmap config PLEASE_REPLACE : schema_mode", NULL,
-+						      NULL);
-+			} else {
-+				realm_ini_config_set (config, REALM_SAMBA_CONFIG_GLOBAL,
-+						      "idmap config * : backend", "tdb",
-+						      "idmap config * : range", "10000000-10999999",
-+						      idmap_config_backend != NULL ? idmap_config_backend : "idmap config PLEASE_REPLACE : backend", "ad",
-+						      idmap_config_range != NULL ? idmap_config_range: "idmap config PLEASE_REPLACE : range", "500-999999",
-+						      idmap_config_schema_mode != NULL ? idmap_config_schema_mode: "idmap config PLEASE_REPLACE : schema_mode", "rfc2307",
-+						      NULL);
-+			}
- 		}
- 
- 		realm_ini_config_finish_change (config, &error);
-+		g_free (idmap_config_backend);
-+		g_free (idmap_config_range);
- 	}
- 
- 	/* Setup pam_winbind.conf with decent defaults matching our expectations */
--- 
-2.14.4
-
diff --git a/SPECS-EXTENDED/realmd/0001-ipa-Propagate-hostname-error.patch b/SPECS-EXTENDED/realmd/0001-ipa-Propagate-hostname-error.patch
new file mode 100644
index 00000000000..433031eaf64
--- /dev/null
+++ b/SPECS-EXTENDED/realmd/0001-ipa-Propagate-hostname-error.patch
@@ -0,0 +1,67 @@
+From 8f417fb7fee088dba728e083bc5553a5f237f660 Mon Sep 17 00:00:00 2001
+From: Ondrej Holy <oholy@redhat.com>
+Date: Thu, 2 Nov 2023 10:35:48 +0100
+Subject: [PATCH] ipa: Propagate hostname error
+
+When a computer hostname is wrong, the `ipa-client-install` cmd fails
+with the "invalid hostname" error. However, the join method fails with
+the generic `REALM_ERROR_INTERNAL` error. Let's fail with the dedicated
+`REALM_ERROR_BAD_HOSTNAME` instead.
+
+Related: https://gitlab.gnome.org/GNOME/gnome-initial-setup/-/issues/123
+Related: https://gitlab.gnome.org/GNOME/gnome-initial-setup/-/issues/124
+---
+ service/realm-sssd-ipa.c | 23 +++++++++++++++++++++++
+ 1 file changed, 23 insertions(+)
+
+diff --git a/service/realm-sssd-ipa.c b/service/realm-sssd-ipa.c
+index 0cb1a5b..fca8e25 100644
+--- a/service/realm-sssd-ipa.c
++++ b/service/realm-sssd-ipa.c
+@@ -129,6 +129,23 @@ on_restart_done (GObject *source,
+ 	g_object_unref (task);
+ }
+ 
++static gchar *
++parse_hostname_error (const gchar *output)
++{
++	GRegex* regex;
++	GMatchInfo *match_info = NULL;
++	gchar *reason = NULL;
++
++	regex = g_regex_new ("invalid hostname: (.+)", 0, 0, NULL);
++	if (g_regex_match (regex, output, 0, &match_info))
++		reason = g_match_info_fetch (match_info, 1);
++
++	g_match_info_unref (match_info);
++	g_regex_unref (regex);
++
++	return reason;
++}
++
+ static void
+ on_ipa_client_do_restart (GObject *source,
+                           GAsyncResult *result,
+@@ -149,6 +166,7 @@ on_ipa_client_do_restart (GObject *source,
+ 	gchar *section;
+ 	gchar *home;
+ 	gint status;
++	gchar *reason;
+ 
+ 	status = realm_command_run_finish (result, &output, &error);
+ 
+@@ -163,6 +181,11 @@ on_ipa_client_do_restart (GObject *source,
+ 		if (g_pattern_match_simple ("*kinit: Password incorrect*", output->str)) {
+ 			g_set_error (&error, REALM_ERROR, REALM_ERROR_AUTH_FAILED,
+ 			             "Password is incorrect");
++		} else if ((reason = parse_hostname_error (output->str)) != NULL) {
++			g_set_error (&error, REALM_ERROR, REALM_ERROR_BAD_HOSTNAME,
++			             "This computer's host name is not set correctly: %s",
++			             reason);
++			g_free (reason);
+ 		} else {
+ 			g_set_error (&error, REALM_ERROR, REALM_ERROR_INTERNAL,
+ 			             "Running ipa-client-install failed");
+-- 
+2.43.2
+
diff --git a/SPECS-EXTENDED/realmd/0001-service-Add-nss-and-pam-sssd.conf-services-after-joi.patch b/SPECS-EXTENDED/realmd/0001-service-Add-nss-and-pam-sssd.conf-services-after-joi.patch
deleted file mode 100644
index 8b8f633a897..00000000000
--- a/SPECS-EXTENDED/realmd/0001-service-Add-nss-and-pam-sssd.conf-services-after-joi.patch
+++ /dev/null
@@ -1,96 +0,0 @@
-From 402cbab6e8267fcd959bcfa84a47f4871b59944d Mon Sep 17 00:00:00 2001
-From: Stef Walter <stefw@redhat.com>
-Date: Fri, 28 Oct 2016 20:27:48 +0200
-Subject: [PATCH] service: Add nss and pam sssd.conf services after joining
-
-After adding a domain to sssd.conf add the nss and pam services
-to the [sssd] block.
-
-https://bugs.freedesktop.org/show_bug.cgi?id=98479
----
- service/realm-sssd-ad.c     | 3 +++
- service/realm-sssd-config.c | 2 --
- service/realm-sssd-ipa.c    | 3 +++
- tests/test-sssd-config.c    | 4 ++--
- 4 files changed, 8 insertions(+), 4 deletions(-)
-
-diff --git a/service/realm-sssd-ad.c b/service/realm-sssd-ad.c
-index 5ed384d..5fa81ce 100644
---- a/service/realm-sssd-ad.c
-+++ b/service/realm-sssd-ad.c
-@@ -160,6 +160,7 @@ configure_sssd_for_domain (RealmIniConfig *config,
-                            gboolean use_adcli,
-                            GError **error)
- {
-+	const gchar *services[] = { "nss", "pam", NULL };
- 	GString *realmd_tags;
- 	const gchar *access_provider;
- 	const gchar *shell;
-@@ -206,6 +207,8 @@ configure_sssd_for_domain (RealmIniConfig *config,
- 	                                    "ldap_sasl_authid", authid,
- 	                                    NULL);
- 
-+	realm_ini_config_set_list_diff (config, "sssd", "services", ", ", services, NULL);
-+
- 	g_free (authid);
- 	g_string_free (realmd_tags, TRUE);
- 
-diff --git a/service/realm-sssd-config.c b/service/realm-sssd-config.c
-index 2096afd..d4398b9 100644
---- a/service/realm-sssd-config.c
-+++ b/service/realm-sssd-config.c
-@@ -154,8 +154,6 @@ realm_sssd_config_add_domain (RealmIniConfig *config,
- 	g_strfreev (already);
- 
- 	/* Setup a default sssd section */
--	if (!realm_ini_config_have (config, "section", "services"))
--		realm_ini_config_set (config, "sssd", "services", "nss, pam", NULL);
- 	if (!realm_ini_config_have (config, "sssd", "config_file_version"))
- 		realm_ini_config_set (config, "sssd", "config_file_version", "2", NULL);
- 
-diff --git a/service/realm-sssd-ipa.c b/service/realm-sssd-ipa.c
-index b12136e..001870d 100644
---- a/service/realm-sssd-ipa.c
-+++ b/service/realm-sssd-ipa.c
-@@ -156,6 +156,7 @@ on_ipa_client_do_restart (GObject *source,
-                           GAsyncResult *result,
-                           gpointer user_data)
- {
-+	const gchar *services[] = { "nss", "pam", NULL };
- 	GTask *task = G_TASK (user_data);
- 	EnrollClosure *enroll = g_task_get_task_data (task);
- 	RealmSssd *sssd = g_task_get_source_object (task);
-@@ -207,6 +208,8 @@ on_ipa_client_do_restart (GObject *source,
- 		                                 "realmd_tags", realmd_tags,
- 		                                 NULL);
- 
-+		realm_ini_config_set_list_diff (config, "sssd", "services", ", ", services, NULL);
-+
- 		g_free (home);
- 	}
- 
-diff --git a/tests/test-sssd-config.c b/tests/test-sssd-config.c
-index 59eab75..892b9d5 100644
---- a/tests/test-sssd-config.c
-+++ b/tests/test-sssd-config.c
-@@ -90,7 +90,7 @@ test_add_domain (Test *test,
-                  gconstpointer unused)
- {
- 	const gchar *data = "[domain/one]\nval=1\n[sssd]\ndomains=one";
--	const gchar *check = "[domain/one]\nval=1\n[sssd]\ndomains = one, two\nconfig_file_version = 2\nservices = nss, pam\n\n[domain/two]\ndos = 2\n";
-+	const gchar *check = "[domain/one]\nval=1\n[sssd]\ndomains = one, two\nconfig_file_version = 2\n\n[domain/two]\ndos = 2\n";
- 	GError *error = NULL;
- 	gchar *output;
- 	gboolean ret;
-@@ -140,7 +140,7 @@ static void
- test_add_domain_only (Test *test,
-                       gconstpointer unused)
- {
--	const gchar *check = "\n[sssd]\ndomains = two\nconfig_file_version = 2\nservices = nss, pam\n\n[domain/two]\ndos = 2\n";
-+	const gchar *check = "\n[sssd]\ndomains = two\nconfig_file_version = 2\n\n[domain/two]\ndos = 2\n";
- 	GError *error = NULL;
- 	gchar *output;
- 	gboolean ret;
--- 
-2.9.3
-
diff --git a/SPECS-EXTENDED/realmd/0001-service-Add-pam-and-nss-services-in-realm_sssd_confi.patch b/SPECS-EXTENDED/realmd/0001-service-Add-pam-and-nss-services-in-realm_sssd_confi.patch
deleted file mode 100644
index 6c44727a2f7..00000000000
--- a/SPECS-EXTENDED/realmd/0001-service-Add-pam-and-nss-services-in-realm_sssd_confi.patch
+++ /dev/null
@@ -1,98 +0,0 @@
-From 9d5b6f5c88df582fb94edcf5cc05a8cfaa63cf6a Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Fabiano=20Fid=C3=AAncio?= <fidencio@redhat.com>
-Date: Tue, 25 Apr 2017 07:20:17 +0200
-Subject: [PATCH] service: Add "pam" and "nss" services in
- realm_sssd_config_add_domain()
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-realm_sssd_config_add_domain() must setup the services line in sssd.conf
-otherwise SSSD won't be able to start any of its services.
-
-It's a regression caused by 402cbab which leaves SSSD with no services
-line when joining to an ad client doing "realm join ad.example".
-
-https://bugs.freedesktop.org/show_bug.cgi?id=98479
-
-Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
----
- service/realm-sssd-ad.c     | 3 ++-
- service/realm-sssd-config.c | 2 ++
- service/realm-sssd-ipa.c    | 3 ++-
- tests/test-sssd-config.c    | 4 ++--
- 4 files changed, 8 insertions(+), 4 deletions(-)
-
-diff --git a/service/realm-sssd-ad.c b/service/realm-sssd-ad.c
-index 5fa81ce..8543ca8 100644
---- a/service/realm-sssd-ad.c
-+++ b/service/realm-sssd-ad.c
-@@ -207,7 +207,8 @@ configure_sssd_for_domain (RealmIniConfig *config,
- 	                                    "ldap_sasl_authid", authid,
- 	                                    NULL);
- 
--	realm_ini_config_set_list_diff (config, "sssd", "services", ", ", services, NULL);
-+	if (ret)
-+		ret = realm_ini_config_change_list (config, "sssd", "services", ", ", services, NULL, error);
- 
- 	g_free (authid);
- 	g_string_free (realmd_tags, TRUE);
-diff --git a/service/realm-sssd-config.c b/service/realm-sssd-config.c
-index d4398b9..140d7dc 100644
---- a/service/realm-sssd-config.c
-+++ b/service/realm-sssd-config.c
-@@ -130,6 +130,7 @@ realm_sssd_config_add_domain (RealmIniConfig *config,
- 	gchar **already;
- 	gboolean ret;
- 	gchar *section;
-+	const gchar *services[] = { "nss", "pam", NULL };
- 	va_list va;
- 	gint i;
- 
-@@ -154,6 +155,7 @@ realm_sssd_config_add_domain (RealmIniConfig *config,
- 	g_strfreev (already);
- 
- 	/* Setup a default sssd section */
-+	realm_ini_config_set_list_diff (config, "sssd", "services", ", ", services, NULL);
- 	if (!realm_ini_config_have (config, "sssd", "config_file_version"))
- 		realm_ini_config_set (config, "sssd", "config_file_version", "2", NULL);
- 
-diff --git a/service/realm-sssd-ipa.c b/service/realm-sssd-ipa.c
-index 001870d..ff1dc8a 100644
---- a/service/realm-sssd-ipa.c
-+++ b/service/realm-sssd-ipa.c
-@@ -208,7 +208,8 @@ on_ipa_client_do_restart (GObject *source,
- 		                                 "realmd_tags", realmd_tags,
- 		                                 NULL);
- 
--		realm_ini_config_set_list_diff (config, "sssd", "services", ", ", services, NULL);
-+		if (error == NULL)
-+			realm_ini_config_change_list (config, "sssd", "services", ", ", services, NULL, &error);
- 
- 		g_free (home);
- 	}
-diff --git a/tests/test-sssd-config.c b/tests/test-sssd-config.c
-index 892b9d5..59eab75 100644
---- a/tests/test-sssd-config.c
-+++ b/tests/test-sssd-config.c
-@@ -90,7 +90,7 @@ test_add_domain (Test *test,
-                  gconstpointer unused)
- {
- 	const gchar *data = "[domain/one]\nval=1\n[sssd]\ndomains=one";
--	const gchar *check = "[domain/one]\nval=1\n[sssd]\ndomains = one, two\nconfig_file_version = 2\n\n[domain/two]\ndos = 2\n";
-+	const gchar *check = "[domain/one]\nval=1\n[sssd]\ndomains = one, two\nconfig_file_version = 2\nservices = nss, pam\n\n[domain/two]\ndos = 2\n";
- 	GError *error = NULL;
- 	gchar *output;
- 	gboolean ret;
-@@ -140,7 +140,7 @@ static void
- test_add_domain_only (Test *test,
-                       gconstpointer unused)
- {
--	const gchar *check = "\n[sssd]\ndomains = two\nconfig_file_version = 2\n\n[domain/two]\ndos = 2\n";
-+	const gchar *check = "\n[sssd]\ndomains = two\nconfig_file_version = 2\nservices = nss, pam\n\n[domain/two]\ndos = 2\n";
- 	GError *error = NULL;
- 	gchar *output;
- 	gboolean ret;
--- 
-2.9.3
-
diff --git a/SPECS-EXTENDED/realmd/0001-service-allow-multiple-names-and-_srv_-ad_server-opt.patch b/SPECS-EXTENDED/realmd/0001-service-allow-multiple-names-and-_srv_-ad_server-opt.patch
new file mode 100644
index 00000000000..c2c8e3e0e99
--- /dev/null
+++ b/SPECS-EXTENDED/realmd/0001-service-allow-multiple-names-and-_srv_-ad_server-opt.patch
@@ -0,0 +1,74 @@
+From 19923985b69ccd5f2a33a067bfc3ed020889377e Mon Sep 17 00:00:00 2001
+From: Sumit Bose <sbose@redhat.com>
+Date: Tue, 13 Jun 2023 18:02:52 +0200
+Subject: [PATCH 1/3] service: allow multiple names and _srv_ ad_server option
+
+realmd checks if the 'ad_server' option is set in sssd.conf before
+calling adcli to remove the host from the AD server. If set the value is
+used as value for dcli's '--domain-controller' option. But if multiple
+names are set in sssd.conf this currently fails because the whole string
+is used.
+
+With this patch the 'ad_server' option is properly evaluated and only
+the first domain controller name is used.
+---
+ service/realm-sssd-ad.c | 36 +++++++++++++++++++++++++++++++++++-
+ 1 file changed, 35 insertions(+), 1 deletion(-)
+
+diff --git a/service/realm-sssd-ad.c b/service/realm-sssd-ad.c
+index 2817e73..096b6c5 100644
+--- a/service/realm-sssd-ad.c
++++ b/service/realm-sssd-ad.c
+@@ -649,6 +649,40 @@ realm_sssd_ad_generic_finish (RealmKerberosMembership *realm,
+ 	return g_task_propagate_boolean (G_TASK (result), error);
+ }
+ 
++static gchar *get_ad_server_from_config (RealmKerberos *realm)
++{
++	RealmSssd *sssd = REALM_SSSD (realm);
++	RealmIniConfig *config;
++	const gchar *section;
++	gchar **servers;
++	gchar *tmp;
++	size_t c;
++	gchar *value = NULL;
++
++	config = realm_sssd_get_config (sssd);
++	section = realm_sssd_get_config_section (sssd);
++
++	if (section == NULL) {
++		return NULL;
++	}
++
++	servers = realm_ini_config_get_list (config, section, "ad_server", ",");
++	/* Only use the first server defined given in 'ad_server' and ignore
++	 * '_srv_'. */
++	if (servers != NULL) {
++		for (c = 0; servers[c] != NULL; c++) {
++			tmp = g_strstrip (servers[c]);
++			if (strcasecmp ("_srv_", tmp) != 0) {
++				value = g_strdup (tmp);
++				break;
++			}
++		}
++		g_strfreev (servers);
++	}
++
++	return value;
++}
++
+ static void
+ realm_sssd_ad_discover_myself (RealmKerberos *realm,
+                                RealmDisco *disco)
+@@ -665,7 +699,7 @@ realm_sssd_ad_discover_myself (RealmKerberos *realm,
+ 	if (section == NULL)
+ 		return;
+ 
+-	value = realm_ini_config_get (config, section, "ad_server");
++	value = get_ad_server_from_config (realm);
+ 	g_free (disco->explicit_server);
+ 	disco->explicit_server = value;
+ 
+-- 
+2.43.0
+
diff --git a/SPECS-EXTENDED/realmd/0001-sssd-package-fix.patch b/SPECS-EXTENDED/realmd/0001-sssd-package-fix.patch
new file mode 100644
index 00000000000..acf5dcfcd53
--- /dev/null
+++ b/SPECS-EXTENDED/realmd/0001-sssd-package-fix.patch
@@ -0,0 +1,72 @@
+From 4299bd81279830e48b93f163049179aff14d1402 Mon Sep 17 00:00:00 2001
+From: Sumit Bose <sbose@redhat.com>
+Date: Mon, 5 Feb 2024 08:58:56 +0100
+Subject: [PATCH] sssd package fix
+
+---
+ dbus/realm-dbus-constants.h           | 1 +
+ service/realm-sssd-ad.c               | 3 +++
+ service/realmd-redhat-authconfig.conf | 5 ++++-
+ service/realmd-redhat.conf            | 5 ++++-
+ 4 files changed, 12 insertions(+), 2 deletions(-)
+
+diff --git a/dbus/realm-dbus-constants.h b/dbus/realm-dbus-constants.h
+index d2c2a8b..e49034b 100644
+--- a/dbus/realm-dbus-constants.h
++++ b/dbus/realm-dbus-constants.h
+@@ -78,6 +78,7 @@ G_BEGIN_DECLS
+ #define   REALM_DBUS_IDENTIFIER_IPA                "ipa"
+ #define   REALM_DBUS_IDENTIFIER_FREEIPA            "freeipa"
+ #define   REALM_DBUS_IDENTIFIER_SSSD               "sssd"
++#define   REALM_DBUS_IDENTIFIER_SSSD_AD            "sssd-ad"
+ #define   REALM_DBUS_IDENTIFIER_SAMBA              "samba"
+ #define   REALM_DBUS_IDENTIFIER_ADCLI              "adcli"
+ #define   REALM_DBUS_IDENTIFIER_EXAMPLE            "example"
+diff --git a/service/realm-sssd-ad.c b/service/realm-sssd-ad.c
+index 096b6c5..64bb488 100644
+--- a/service/realm-sssd-ad.c
++++ b/service/realm-sssd-ad.c
+@@ -46,18 +46,21 @@ typedef struct {
+ 
+ static const gchar *ADCLI_PACKAGES[] = {
+ 	REALM_DBUS_IDENTIFIER_SSSD,
++	REALM_DBUS_IDENTIFIER_SSSD_AD,
+ 	REALM_DBUS_IDENTIFIER_ADCLI,
+ 	NULL
+ };
+ 
+ static const gchar *SAMBA_PACKAGES[] = {
+ 	REALM_DBUS_IDENTIFIER_SSSD,
++	REALM_DBUS_IDENTIFIER_SSSD_AD,
+ 	REALM_DBUS_IDENTIFIER_SAMBA,
+ 	NULL
+ };
+ 
+ static const gchar *ALL_PACKAGES[] = {
+ 	REALM_DBUS_IDENTIFIER_SSSD,
++	REALM_DBUS_IDENTIFIER_SSSD_AD,
+ 	REALM_DBUS_IDENTIFIER_ADCLI,
+ 	REALM_DBUS_IDENTIFIER_SAMBA,
+ 	NULL
+diff --git a/service/realmd-redhat.conf b/service/realmd-redhat.conf
+index 2b11c30..12ec3c3 100644
+--- a/service/realmd-redhat.conf
++++ b/service/realmd-redhat.conf
+@@ -13,10 +13,13 @@ oddjob = /usr/sbin/oddjobd
+ oddjob-mkhomedir = /usr/libexec/oddjob/mkhomedir
+ 
+ [sssd-packages]
+-sssd = /usr/sbin/sssd
++sssd-common = /usr/sbin/sssd
+ oddjob = /usr/sbin/oddjobd
+ oddjob-mkhomedir = /usr/libexec/oddjob/mkhomedir
+ 
++[sssd-ad-packages]
++sssd-ad = /usr/libexec/sssd/gpo_child
++
+ [adcli-packages]
+ adcli = /usr/sbin/adcli
+ 
+-- 
+2.43.0
+
diff --git a/SPECS-EXTENDED/realmd/0001-switch-to-authselect.patch b/SPECS-EXTENDED/realmd/0001-switch-to-authselect.patch
deleted file mode 100644
index d750d6dbf3b..00000000000
--- a/SPECS-EXTENDED/realmd/0001-switch-to-authselect.patch
+++ /dev/null
@@ -1,36 +0,0 @@
-From 32645f2fc1ddfb2eed7069fd749602619f26ed37 Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Pavel=20B=C5=99ezina?= <pbrezina@redhat.com>
-Date: Mon, 19 Feb 2018 11:51:06 +0100
-Subject: [PATCH] switch to authselect
-
----
- service/realmd-redhat.conf | 8 ++++----
- 1 file changed, 4 insertions(+), 4 deletions(-)
-
-diff --git a/service/realmd-redhat.conf b/service/realmd-redhat.conf
-index e39fad525c716d1ed99715280cd5d497b9039427..26cf6147f352e1b48c3261fa42707d816428f879 100644
---- a/service/realmd-redhat.conf
-+++ b/service/realmd-redhat.conf
-@@ -23,15 +23,15 @@ adcli = /usr/sbin/adcli
- freeipa-client = /usr/sbin/ipa-client-install
- 
- [commands]
--winbind-enable-logins = /usr/bin/sh -c "/usr/sbin/authconfig --update --enablewinbind --enablewinbindauth --enablemkhomedir --nostart && /usr/bin/systemctl enable oddjobd.service && /usr/bin/systemctl start oddjobd.service"
--winbind-disable-logins = /usr/sbin/authconfig --update --disablewinbind --disablewinbindauth --nostart
-+winbind-enable-logins = /usr/bin/sh -c "/usr/bin/authselect select winbind with-mkhomedir --force && /usr/bin/systemctl enable oddjobd.service && /usr/bin/systemctl start oddjobd.service"
-+winbind-disable-logins = /usr/bin/authselect select sssd with-mkhomedir
- winbind-enable-service = /usr/bin/systemctl enable winbind.service
- winbind-disable-service = /usr/bin/systemctl disable winbind.service
- winbind-restart-service = /usr/bin/systemctl restart winbind.service
- winbind-stop-service = /usr/bin/systemctl stop winbind.service
- 
--sssd-enable-logins = /usr/bin/sh -c "/usr/sbin/authconfig --update --enablesssd --enablesssdauth --enablemkhomedir --nostart && /usr/bin/systemctl enable oddjobd.service && /usr/bin/systemctl start oddjobd.service"
--sssd-disable-logins = /usr/sbin/authconfig --update --disablesssdauth --nostart
-+sssd-enable-logins = /usr/bin/sh -c "/usr/bin/authselect select sssd with-mkhomedir --force && /usr/bin/systemctl enable oddjobd.service && /usr/bin/systemctl start oddjobd.service"
-+sssd-disable-logins = /usr/bin/authselect select sssd with-mkhomedir
- sssd-enable-service = /usr/bin/systemctl enable sssd.service
- sssd-disable-service = /usr/bin/systemctl disable sssd.service
- sssd-restart-service = /usr/bin/systemctl restart sssd.service
--- 
-2.9.3
-
diff --git a/SPECS-EXTENDED/realmd/0001-tests-ignore-order-in-test_update_domain.patch b/SPECS-EXTENDED/realmd/0001-tests-ignore-order-in-test_update_domain.patch
deleted file mode 100644
index 2a84abac57b..00000000000
--- a/SPECS-EXTENDED/realmd/0001-tests-ignore-order-in-test_update_domain.patch
+++ /dev/null
@@ -1,82 +0,0 @@
-From b6753bd048b4012b11d60c094d1ab6ca181ee50d Mon Sep 17 00:00:00 2001
-From: Sumit Bose <sbose@redhat.com>
-Date: Thu, 21 Feb 2019 21:16:26 +0100
-Subject: [PATCH] tests: ignore order in test_update_domain
-
-Individual options of a domain or in general for a section in an ini
-file are stored by realmd in a hash table. When writing out the ini file
-the options can show up in any order and the unit tests should be aware
-of it.
-
-Resolves: https://gitlab.freedesktop.org/realmd/realmd/issues/19
----
- tests/test-sssd-config.c | 41 ++++++++++++++++++++++++++++++++++++++--
- 1 file changed, 39 insertions(+), 2 deletions(-)
-
-diff --git a/tests/test-sssd-config.c b/tests/test-sssd-config.c
-index 59eab75..8f3fec5 100644
---- a/tests/test-sssd-config.c
-+++ b/tests/test-sssd-config.c
-@@ -163,12 +163,49 @@ test_add_domain_only (Test *test,
- 	g_free (output);
- }
- 
-+static void check_for_test_update_domain (char *new)
-+{
-+	char *token;
-+	char *saveptr;
-+	size_t c;
-+	int result = 0;
-+
-+	token = strtok_r (new, "\n", &saveptr);
-+	g_assert_nonnull (token);
-+	g_assert_cmpstr (token, ==, "[domain/one]");
-+
-+	for (c = 0; c < 3; c++) {
-+		token = strtok_r (NULL, "\n", &saveptr);
-+		g_assert_nonnull (token);
-+		if (strcmp (token, "val=1") == 0) {
-+			result += 1;
-+		} else if (strcmp (token, "uno = 1") == 0) {
-+			result += 2;
-+		} else if (strcmp (token, "eins = one") == 0) {
-+			result += 4;
-+		} else {
-+			g_assert_not_reached ();
-+		}
-+	}
-+	g_assert_cmpint (result, ==, 7);
-+
-+	token = strtok_r (NULL, "\n", &saveptr);
-+	g_assert_nonnull (token);
-+	g_assert_cmpstr (token, ==, "[sssd]");
-+
-+	token = strtok_r (NULL, "\n", &saveptr);
-+	g_assert_nonnull (token);
-+	g_assert_cmpstr (token, ==, "domains=one");
-+
-+	token = strtok_r (NULL, "\n", &saveptr);
-+	g_assert_null (token);
-+}
-+
- static void
- test_update_domain (Test *test,
-                     gconstpointer unused)
- {
- 	const gchar *data = "[domain/one]\nval=1\n[sssd]\ndomains=one";
--	const gchar *check = "[domain/one]\nval=1\nuno = 1\neins = one\n[sssd]\ndomains=one";
- 	GError *error = NULL;
- 	gchar *output;
- 	gboolean ret;
-@@ -190,7 +227,7 @@ test_update_domain (Test *test,
- 	g_assert_no_error (error);
- 	g_assert (ret == TRUE);
- 
--	g_assert_cmpstr (check, ==, output);
-+	check_for_test_update_domain (output);
- 	g_free (output);
- }
- 
--- 
-2.20.1
-
diff --git a/SPECS-EXTENDED/realmd/0001-tests-run-tests-with-python3.patch b/SPECS-EXTENDED/realmd/0001-tests-run-tests-with-python3.patch
deleted file mode 100644
index 607afa44655..00000000000
--- a/SPECS-EXTENDED/realmd/0001-tests-run-tests-with-python3.patch
+++ /dev/null
@@ -1,374 +0,0 @@
-From c257850912897a07e20f205faecf3c1b692fa9e9 Mon Sep 17 00:00:00 2001
-From: Sumit Bose <sbose@redhat.com>
-Date: Wed, 4 Jul 2018 16:41:16 +0200
-Subject: [PATCH] tests: run tests with python3
-
-To allow the test to run with python3 build/tap-driver and
-build/tap-gtester are updated to the latest version provided by the
-cockpit project https://github.com/cockpit-project/cockpit.
-
-Related to https://bugzilla.redhat.com/show_bug.cgi?id=1595813
----
- build/tap-driver  | 104 +++++++++++++++++++++++++++++++++++++++++++-----------
- build/tap-gtester |  59 ++++++++++++++++++++++---------
- 2 files changed, 125 insertions(+), 38 deletions(-)
-
-diff --git a/build/tap-driver b/build/tap-driver
-index 42f57c8..241fd50 100755
---- a/build/tap-driver
-+++ b/build/tap-driver
-@@ -1,4 +1,5 @@
--#!/usr/bin/python
-+#!/usr/bin/python3
-+# This can also be run with Python 2.
- 
- # Copyright (C) 2013 Red Hat, Inc.
- #
-@@ -29,20 +30,58 @@
- #
- 
- import argparse
-+import fcntl
- import os
- import select
-+import struct
- import subprocess
- import sys
-+import termios
-+import errno
-+
-+_PY3 = sys.version[0] >= '3'
-+_str = _PY3 and str or unicode
-+
-+def out(data, stream=None, flush=False):
-+    if not isinstance(data, bytes):
-+        data = data.encode("UTF-8")
-+    if not stream:
-+        stream = _PY3 and sys.stdout.buffer or sys.stdout
-+    while True:
-+        try:
-+            if data:
-+                stream.write(data)
-+            data = None
-+            if flush:
-+                stream.flush()
-+            flush = False
-+            break
-+        except IOError as e:
-+            if e.errno == errno.EAGAIN:
-+                continue
-+            raise
-+
-+def terminal_width():
-+    try:
-+        h, w, hp, wp = struct.unpack('HHHH',
-+            fcntl.ioctl(1, termios.TIOCGWINSZ,
-+            struct.pack('HHHH', 0, 0, 0, 0)))
-+        return w
-+    except IOError as e:
-+        if e.errno != errno.ENOTTY:
-+            sys.stderr.write("%i %s %s\n" % (e.errno, e.strerror, sys.exc_info()))
-+        return sys.maxsize
- 
- class Driver:
-     def __init__(self, args):
-         self.argv = args.command
-         self.test_name = args.test_name
--        self.log = open(args.log_file, "w")
--        self.log.write("# %s\n" % " ".join(sys.argv))
-+        self.log = open(args.log_file, "wb")
-+        self.log.write(("# %s\n" % " ".join(sys.argv)).encode("UTF-8"))
-         self.trs = open(args.trs_file, "w")
-         self.color_tests = args.color_tests
-         self.expect_failure = args.expect_failure
-+        self.width = terminal_width() - 9
- 
-     def report(self, code, *args):
-         CODES = {
-@@ -57,17 +96,18 @@ class Driver:
-         # Print out to console
-         if self.color_tests:
-             if code in CODES:
--                sys.stdout.write(CODES[code])
--        sys.stdout.write(code)
-+                out(CODES[code])
-+        out(code)
-         if self.color_tests:
--            sys.stdout.write('\x1b[m')
--        sys.stdout.write(": ")
--        sys.stdout.write(self.test_name)
--        sys.stdout.write(" ")
--        for arg in args:
--            sys.stdout.write(str(arg))
--        sys.stdout.write("\n")
--        sys.stdout.flush()
-+            out('\x1b[m')
-+        out(": ")
-+        msg = "".join([ self.test_name + " " ] + list(map(_str, args)))
-+        if code == "PASS" and len(msg) > self.width:
-+            out(msg[:self.width])
-+            out("...")
-+        else:
-+            out(msg)
-+        out("\n", flush=True)
- 
-         # Book keeping
-         if code in CODES:
-@@ -100,12 +140,14 @@ class Driver:
-     def execute(self):
-         try:
-             proc = subprocess.Popen(self.argv, close_fds=True,
-+                                    stdin=subprocess.PIPE,
-                                     stdout=subprocess.PIPE,
-                                     stderr=subprocess.PIPE)
--        except OSError, ex:
-+        except OSError as ex:
-             self.report_error("Couldn't run %s: %s" % (self.argv[0], str(ex)))
-             return
- 
-+        proc.stdin.close()
-         outf = proc.stdout.fileno()
-         errf = proc.stderr.fileno()
-         rset = [outf, errf]
-@@ -113,18 +155,25 @@ class Driver:
-             ret = select.select(rset, [], [], 10)
-             if outf in ret[0]:
-                 data = os.read(outf, 1024)
--                if data == "":
-+                if data == b"":
-                     rset.remove(outf)
-                 self.log.write(data)
-                 self.process(data)
-             if errf in ret[0]:
-                 data = os.read(errf, 1024)
--                if data == "":
-+                if data == b"":
-                     rset.remove(errf)
-                 self.log.write(data)
--                sys.stderr.write(data)
-+                stream = _PY3 and sys.stderr.buffer or sys.stderr
-+                out(data, stream=stream, flush=True)
- 
-         proc.wait()
-+
-+        # Make sure the test didn't change blocking output
-+        assert fcntl.fcntl(0, fcntl.F_GETFL) & os.O_NONBLOCK == 0
-+        assert fcntl.fcntl(1, fcntl.F_GETFL) & os.O_NONBLOCK == 0
-+        assert fcntl.fcntl(2, fcntl.F_GETFL) & os.O_NONBLOCK == 0
-+
-         return proc.returncode
- 
- 
-@@ -137,6 +186,7 @@ class TapDriver(Driver):
-         self.late_plan = False
-         self.errored = False
-         self.bail_out = False
-+        self.skip_all_reason = None
- 
-     def report(self, code, num, *args):
-         if num:
-@@ -170,13 +220,19 @@ class TapDriver(Driver):
-         else:
-             self.result_fail(num, description)
- 
--    def consume_test_plan(self, first, last):
-+    def consume_test_plan(self, line):
-         # Only one test plan is supported
-         if self.test_plan:
-             self.report_error("Get a second TAP test plan")
-             return
- 
-+        if line.lower().startswith('1..0 # skip'):
-+            self.skip_all_reason = line[5:].strip()
-+            self.bail_out = True
-+            return
-+
-         try:
-+            (first, unused, last) = line.partition("..")
-             first = int(first)
-             last = int(last)
-         except ValueError:
-@@ -192,7 +248,7 @@ class TapDriver(Driver):
- 
-     def process(self, output):
-         if output:
--            self.output += output
-+            self.output += output.decode("UTF-8")
-         elif self.output:
-             self.output += "\n"
-         (ready, unused, self.output) = self.output.rpartition("\n")
-@@ -202,8 +258,7 @@ class TapDriver(Driver):
-             elif line.startswith("not ok "):
-                 self.consume_test_line(False, line[7:])
-             elif line and line[0].isdigit() and ".." in line:
--                (first, unused, last) = line.partition("..")
--                self.consume_test_plan(first, last)
-+                self.consume_test_plan(line)
-             elif line.lower().startswith("bail out!"):
-                 self.consume_bail_out(line)
- 
-@@ -213,6 +268,13 @@ class TapDriver(Driver):
-         failed = False
-         skipped = True
- 
-+        if self.skip_all_reason is not None:
-+            self.result_skip("skipping:", self.skip_all_reason)
-+            self.trs.write(":global-test-result: SKIP\n")
-+            self.trs.write(":test-global-result: SKIP\n")
-+            self.trs.write(":recheck: no\n")
-+            return 0
-+
-         # Basic collation of results
-         for (num, code) in self.reported.items():
-             if code == "ERROR":
-diff --git a/build/tap-gtester b/build/tap-gtester
-index 7e667d4..bbda266 100755
---- a/build/tap-gtester
-+++ b/build/tap-gtester
-@@ -1,4 +1,5 @@
--#!/usr/bin/python
-+#!/usr/bin/python3
-+# This can also be run with Python 2.
- 
- # Copyright (C) 2014 Red Hat, Inc.
- #
-@@ -30,9 +31,19 @@
- import argparse
- import os
- import select
-+import signal
- import subprocess
- import sys
- 
-+# Yes, it's dumb, but strsignal is not exposed in python
-+# In addition signal numbers varify heavily from arch to arch
-+def strsignal(sig):
-+    for name in dir(signal):
-+        if name.startswith("SIG") and sig == getattr(signal, name):
-+            return name
-+    return str(sig)
-+
-+
- class NullCompiler:
-     def __init__(self, command):
-         self.command = command
-@@ -76,22 +87,22 @@ class GTestCompiler(NullCompiler):
-            elif cmd == "result":
-                if self.test_name:
-                    if data == "OK":
--                       print "ok %d %s" % (self.test_num, self.test_name)
-+                       print("ok %d %s" % (self.test_num, self.test_name))
-                    if data == "FAIL":
--                       print "not ok %d %s", (self.test_num, self.test_name)
-+                       print("not ok %d %s" % (self.test_num, self.test_name))
-                self.test_name = None
-            elif cmd == "skipping":
-                if "/subprocess" not in data:
--                   print "ok %d # skip -- %s" % (self.test_num, data)
-+                   print("ok %d # skip -- %s" % (self.test_num, data))
-                self.test_name = None
-            elif data:
--               print "# %s: %s" % (cmd, data)
-+               print("# %s: %s" % (cmd, data))
-            else:
--               print "# %s" % cmd
-+               print("# %s" % cmd)
-         elif line.startswith("(MSG: "):
--            print "# %s" % line[6:-1]
-+            print("# %s" % line[6:-1])
-         elif line:
--            print "# %s" % line
-+            print("# %s" % line)
-         sys.stdout.flush()
- 
-     def run(self, proc, output=""):
-@@ -106,22 +117,26 @@ class GTestCompiler(NullCompiler):
-             if line.startswith("/"):
-                 self.test_remaining.append(line.strip())
-         if not self.test_remaining:
--            print "Bail out! No tests found in GTest: %s" % self.command[0]
-+            print("Bail out! No tests found in GTest: %s" % self.command[0])
-             return 0
- 
--        print "1..%d" % len(self.test_remaining)
-+        print("1..%d" % len(self.test_remaining))
- 
-         # First try to run all the tests in a batch
--        proc = subprocess.Popen(self.command + ["--verbose" ], close_fds=True, stdout=subprocess.PIPE)
-+        proc = subprocess.Popen(self.command + ["--verbose" ], close_fds=True,
-+                                stdout=subprocess.PIPE, universal_newlines=True)
-         result = self.process(proc)
-         if result == 0:
-             return 0
- 
-+        if result < 0:
-+            sys.stderr.write("%s terminated with %s\n" % (self.command[0], strsignal(-result)))
-+
-         # Now pick up any stragglers due to failures
-         while True:
-             # Assume that the last test failed
-             if self.test_name:
--                print "not ok %d %s" % (self.test_num, self.test_name)
-+                print("not ok %d %s" % (self.test_num, self.test_name))
-                 self.test_name = None
- 
-             # Run any tests which didn't get run
-@@ -129,7 +144,8 @@ class GTestCompiler(NullCompiler):
-                 break
- 
-             proc = subprocess.Popen(self.command + ["--verbose", "-p", self.test_remaining[0]],
--                                    close_fds=True, stdout=subprocess.PIPE)
-+                                    close_fds=True, stdout=subprocess.PIPE,
-+                                    universal_newlines=True)
-             result = self.process(proc)
- 
-             # The various exit codes and signals we continue for
-@@ -139,24 +155,32 @@ class GTestCompiler(NullCompiler):
-         return result
- 
- def main(argv):
--    parser = argparse.ArgumentParser(description='Automake TAP compiler')
-+    parser = argparse.ArgumentParser(description='Automake TAP compiler',
-+                                     usage="tap-gtester [--format FORMAT] command ...")
-     parser.add_argument('--format', metavar='FORMAT', choices=[ "auto", "gtest", "tap" ],
-                         default="auto", help='The input format to compile')
-     parser.add_argument('--verbose', action='store_true',
-                         default=True, help='Verbose mode (ignored)')
--    parser.add_argument('command', nargs='+', help="A test command to run")
-+    parser.add_argument('command', nargs=argparse.REMAINDER, help="A test command to run")
-     args = parser.parse_args(argv[1:])
- 
-     output = None
-     format = args.format
-     cmd = args.command
-+    if not cmd:
-+        sys.stderr.write("tap-gtester: specify a command to run\n")
-+        return 2
-+    if cmd[0] == '--':
-+        cmd.pop(0)
-+
-     proc = None
- 
-     os.environ['HARNESS_ACTIVE'] = '1'
- 
-     if format in ["auto", "gtest"]:
-         list_cmd = cmd + ["-l", "--verbose"]
--        proc = subprocess.Popen(list_cmd, close_fds=True, stdout=subprocess.PIPE)
-+        proc = subprocess.Popen(list_cmd, close_fds=True, stdout=subprocess.PIPE,
-+                                universal_newlines=True)
-         output = proc.stdout.readline()
-         # Smell whether we're dealing with GTest list output from first line
-         if "random seed" in output or "GTest" in output or output.startswith("/"):
-@@ -164,7 +188,8 @@ def main(argv):
-         else:
-             format = "tap"
-     else:
--        proc = subprocess.Popen(cmd, close_fds=True, stdout=subprocess.PIPE)
-+        proc = subprocess.Popen(cmd, close_fds=True, stdout=subprocess.PIPE,
-+                                universal_newlines=True)
- 
-     if format == "gtest":
-         compiler = GTestCompiler(cmd)
--- 
-2.14.4
-
diff --git a/SPECS-EXTENDED/realmd/0001-tools-fix-ccache-handling-for-leave-operation.patch b/SPECS-EXTENDED/realmd/0001-tools-fix-ccache-handling-for-leave-operation.patch
new file mode 100644
index 00000000000..01a3a2adcc4
--- /dev/null
+++ b/SPECS-EXTENDED/realmd/0001-tools-fix-ccache-handling-for-leave-operation.patch
@@ -0,0 +1,69 @@
+From f648ae06012d1de137f12095d1bd7aaacb382042 Mon Sep 17 00:00:00 2001
+From: Sumit Bose <sbose@redhat.com>
+Date: Wed, 10 Jan 2024 09:18:20 +0100
+Subject: [PATCH] tools: fix ccache handling for leave operation
+
+krb5_cc_initialize() must be called before anything can be written into
+a ccache.
+
+While checking the available credential types the order/preference was
+not respected.
+
+Resolves: https://issues.redhat.com/browse/SSSD-6420
+---
+ tools/realm-client.c | 25 ++++++++++++++++---------
+ 1 file changed, 16 insertions(+), 9 deletions(-)
+
+diff --git a/tools/realm-client.c b/tools/realm-client.c
+index c386e64..06420ea 100644
+--- a/tools/realm-client.c
++++ b/tools/realm-client.c
+@@ -498,13 +498,16 @@ are_credentials_supported (GVariant *supported,
+ 	GVariantIter iter;
+ 	const gchar *type;
+ 	const gchar *owner;
+-
+-	g_variant_iter_init (&iter, supported);
+-	while (g_variant_iter_loop (&iter, "(&s&s)", &type, &owner)) {
+-		if (g_strcmp0 (credential_type_1, type) == 0 ||
+-		    g_strcmp0 (credential_type_2, type) == 0) {
+-			*ret_owner = owner;
+-			return type;
++	const gchar *list[] = {credential_type_1, credential_type_2, NULL};
++	size_t c;
++
++	for (c = 0; list[c] != NULL; c++) {
++		g_variant_iter_init (&iter, supported);
++		while (g_variant_iter_loop (&iter, "(&s&s)", &type, &owner)) {
++			if (g_strcmp0 (list[c], type) == 0) {
++				*ret_owner = owner;
++				return type;
++			}
+ 		}
+ 	}
+ 
+@@ -622,8 +625,6 @@ copy_to_ccache (krb5_context krb5,
+ 	memset (&mcred, 0, sizeof (mcred));
+ 	mcred.client = principal;
+ 	mcred.server = server;
+-	mcred.times.starttime = g_get_real_time () / G_TIME_SPAN_MILLISECOND;
+-	mcred.times.endtime = mcred.times.starttime;
+ 
+ 	code = krb5_cc_retrieve_cred (krb5, def_ccache, KRB5_TC_MATCH_TIMES,
+ 	                              &mcred, &creds);
+@@ -639,6 +640,12 @@ copy_to_ccache (krb5_context krb5,
+ 		return FALSE;
+ 	}
+ 
++	code = krb5_cc_initialize (krb5, ccache, creds.client);
++	if (code != 0) {
++		g_debug ("krb5_cc_initialize failed: %s", krb5_get_error_message (krb5, code));
++		return FALSE;
++	}
++
+ 	code = krb5_cc_store_cred (krb5, ccache, &creds);
+ 	krb5_free_cred_contents (krb5, &creds);
+ 
+-- 
+2.43.0
+
diff --git a/SPECS-EXTENDED/realmd/0002-Change-qualified-names-default-for-IPA.patch b/SPECS-EXTENDED/realmd/0002-Change-qualified-names-default-for-IPA.patch
deleted file mode 100644
index 4ac6c6d413d..00000000000
--- a/SPECS-EXTENDED/realmd/0002-Change-qualified-names-default-for-IPA.patch
+++ /dev/null
@@ -1,113 +0,0 @@
-From 21ab1fdd127d242a9b4e95c3c90dd2bf3159d149 Mon Sep 17 00:00:00 2001
-From: Sumit Bose <sbose@redhat.com>
-Date: Tue, 14 Aug 2018 16:44:39 +0200
-Subject: [PATCH 2/3] Change qualified names default for IPA
-
-In a FreeIPA domain it is typically expected that the IPA accounts use
-sort names while accounts from trusted domains have fully qualified
-names. This is automatically done by SSSD's IPA provider so there is no
-need to force fully qualified names in the SSSD configuration.
-
-Related to https://bugzilla.redhat.com/show_bug.cgi?id=1575538
----
- service/realm-options.c       | 9 +++++----
- service/realm-options.h       | 3 ++-
- service/realm-samba-winbind.c | 2 +-
- service/realm-sssd-ad.c       | 2 +-
- service/realm-sssd-ipa.c      | 2 +-
- 5 files changed, 10 insertions(+), 8 deletions(-)
-
-diff --git a/service/realm-options.c b/service/realm-options.c
-index bd804ea..34a209f 100644
---- a/service/realm-options.c
-+++ b/service/realm-options.c
-@@ -98,7 +98,7 @@ realm_options_automatic_mapping (GVariant *options,
- 
- 	if (realm_name && !option) {
- 		section = g_utf8_casefold (realm_name, -1);
--		mapping = realm_settings_boolean (realm_name, REALM_DBUS_OPTION_AUTOMATIC_ID_MAPPING, TRUE);
-+		mapping = realm_settings_boolean (section, REALM_DBUS_OPTION_AUTOMATIC_ID_MAPPING, TRUE);
- 		g_free (section);
- 	}
- 
-@@ -112,20 +112,21 @@ realm_options_automatic_join (const gchar *realm_name)
- 	gboolean mapping;
- 
- 	section = g_utf8_casefold (realm_name, -1);
--	mapping = realm_settings_boolean (realm_name, "automatic-join", FALSE);
-+	mapping = realm_settings_boolean (section, "automatic-join", FALSE);
- 	g_free (section);
- 
- 	return mapping;
- }
- 
- gboolean
--realm_options_qualify_names (const gchar *realm_name)
-+realm_options_qualify_names (const gchar *realm_name,
-+                             gboolean def)
- {
- 	gchar *section;
- 	gboolean qualify;
- 
- 	section = g_utf8_casefold (realm_name, -1);
--	qualify = realm_settings_boolean (realm_name, "fully-qualified-names", TRUE);
-+	qualify = realm_settings_boolean (section, "fully-qualified-names", def);
- 	g_free (section);
- 
- 	return qualify;
-diff --git a/service/realm-options.h b/service/realm-options.h
-index 7a1355e..b71d219 100644
---- a/service/realm-options.h
-+++ b/service/realm-options.h
-@@ -37,7 +37,8 @@ const gchar *  realm_options_user_principal           (GVariant *options,
- gboolean       realm_options_automatic_mapping        (GVariant *options,
- 						       const gchar *realm_name);
- 
--gboolean       realm_options_qualify_names            (const gchar *realm_name);
-+gboolean       realm_options_qualify_names            (const gchar *realm_name,
-+                                                       gboolean def);
- 
- gboolean       realm_options_check_domain_name        (const gchar *domain_name);
- 
-diff --git a/service/realm-samba-winbind.c b/service/realm-samba-winbind.c
-index 9335e26..61988eb 100644
---- a/service/realm-samba-winbind.c
-+++ b/service/realm-samba-winbind.c
-@@ -102,7 +102,7 @@ realm_samba_winbind_configure_async (RealmIniConfig *config,
- 		                      "winbind enum groups", "no",
- 		                      "winbind offline logon", "yes",
- 		                      "winbind refresh tickets", "yes",
--		                      "winbind use default domain", realm_options_qualify_names (domain_name )? "no" : "yes",
-+		                      "winbind use default domain", realm_options_qualify_names (domain_name, TRUE )? "no" : "yes",
- 		                      "template shell", realm_settings_string ("users", "default-shell"),
- 		                      NULL);
- 
-diff --git a/service/realm-sssd-ad.c b/service/realm-sssd-ad.c
-index 8543ca8..de7ce30 100644
---- a/service/realm-sssd-ad.c
-+++ b/service/realm-sssd-ad.c
-@@ -172,7 +172,7 @@ configure_sssd_for_domain (RealmIniConfig *config,
- 	gchar *home;
- 
- 	home = realm_sssd_build_default_home (realm_settings_string ("users", "default-home"));
--	qualify = realm_options_qualify_names (disco->domain_name);
-+	qualify = realm_options_qualify_names (disco->domain_name, TRUE);
- 	shell = realm_settings_string ("users", "default-shell");
- 	explicit_computer_name = realm_options_computer_name (options, disco->domain_name);
- 	realmd_tags = g_string_new ("");
-diff --git a/service/realm-sssd-ipa.c b/service/realm-sssd-ipa.c
-index ff1dc8a..5029f6b 100644
---- a/service/realm-sssd-ipa.c
-+++ b/service/realm-sssd-ipa.c
-@@ -201,7 +201,7 @@ on_ipa_client_do_restart (GObject *source,
- 
- 		realm_sssd_config_update_domain (config, domain, &error,
- 		                                 "cache_credentials", "True",
--		                                 "use_fully_qualified_names", realm_options_qualify_names (domain) ? "True" : "False",
-+		                                 "use_fully_qualified_names", realm_options_qualify_names (domain, FALSE) ? "True" : "False",
- 		                                 "krb5_store_password_if_offline", "True",
- 		                                 "default_shell", shell,
- 		                                 "fallback_homedir", home,
--- 
-2.17.1
-
diff --git a/SPECS-EXTENDED/realmd/0002-service-fix-error-message-when-removing-host-from-AD.patch b/SPECS-EXTENDED/realmd/0002-service-fix-error-message-when-removing-host-from-AD.patch
new file mode 100644
index 00000000000..c5968d3967b
--- /dev/null
+++ b/SPECS-EXTENDED/realmd/0002-service-fix-error-message-when-removing-host-from-AD.patch
@@ -0,0 +1,88 @@
+From d691c679c1531b3eb457c494141bafdc4e0bc692 Mon Sep 17 00:00:00 2001
+From: Sumit Bose <sbose@redhat.com>
+Date: Fri, 1 Dec 2023 12:14:06 +0100
+Subject: [PATCH 2/3] service: fix error message when removing host from AD
+
+If there is an error while trying to remove the host from AD with the
+help of adcli the error message talks about "joining" which might be
+irritating when figuring out the reason for the failure. This patch
+adds a better message when leaving the domain.
+---
+ service/realm-adcli-enroll.c | 34 +++++++++++++++++++++++++++-------
+ 1 file changed, 27 insertions(+), 7 deletions(-)
+
+diff --git a/service/realm-adcli-enroll.c b/service/realm-adcli-enroll.c
+index e0d752b..c913987 100644
+--- a/service/realm-adcli-enroll.c
++++ b/service/realm-adcli-enroll.c
+@@ -25,9 +25,10 @@
+ #include "realm-settings.h"
+ 
+ static void
+-on_join_process (GObject *source,
+-                 GAsyncResult *result,
+-                 gpointer user_data)
++on_join_leave_process (GObject *source,
++                       GAsyncResult *result,
++                       gpointer user_data,
++                       gboolean is_join)
+ {
+ 	GTask *task = G_TASK (user_data);
+ 	GError *error = NULL;
+@@ -39,15 +40,18 @@ on_join_process (GObject *source,
+ 		switch (status) {
+ 		case 2: /* ADCLI_ERR_UNEXPECTED */
+ 			g_set_error (&error, REALM_ERROR, REALM_ERROR_INTERNAL,
+-			             "Internal unexpected error joining the domain");
++			             is_join ? "Internal unexpected error joining the domain"
++			                     : "Internal unexpected error removing host from the domain");
+ 			break;
+ 		case 6: /* ADCLI_ERR_CREDENTIALS */
+ 			g_set_error (&error, REALM_ERROR, REALM_ERROR_AUTH_FAILED,
+-			             "Insufficient permissions to join the domain");
++			             is_join ? "Insufficient permissions to join the domain"
++			                     : "Insufficient permissions to remove the host from the domain");
+ 			break;
+ 		default:
+ 			g_set_error (&error, REALM_ERROR, REALM_ERROR_FAILED,
+-			             "Failed to join the domain");
++			             is_join ? "Failed to join the domain"
++			                     : "Failed to remove the host from the domain");
+ 			break;
+ 		}
+ 	}
+@@ -64,6 +68,22 @@ on_join_process (GObject *source,
+ 	g_object_unref (task);
+ }
+ 
++static void
++on_join_process (GObject *source,
++                 GAsyncResult *result,
++                 gpointer user_data)
++{
++	on_join_leave_process (source, result, user_data, TRUE);
++}
++
++static void
++on_leave_process (GObject *source,
++                  GAsyncResult *result,
++                  gpointer user_data)
++{
++	on_join_leave_process (source, result, user_data, FALSE);
++}
++
+ void
+ realm_adcli_enroll_join_async (RealmDisco *disco,
+                                RealmCredential *cred,
+@@ -290,7 +310,7 @@ realm_adcli_enroll_delete_async (RealmDisco *disco,
+ 	g_ptr_array_add (args, NULL);
+ 
+ 	realm_command_runv_async ((gchar **)args->pdata, environ, input,
+-	                          invocation, on_join_process,
++	                          invocation, on_leave_process,
+ 	                          g_object_ref (task));
+ 
+ 	g_ptr_array_free (args, TRUE);
+-- 
+2.43.0
+
diff --git a/SPECS-EXTENDED/realmd/0003-discover-try-to-get-domain-name-from-hostname.patch b/SPECS-EXTENDED/realmd/0003-discover-try-to-get-domain-name-from-hostname.patch
deleted file mode 100644
index b611d6c8ada..00000000000
--- a/SPECS-EXTENDED/realmd/0003-discover-try-to-get-domain-name-from-hostname.patch
+++ /dev/null
@@ -1,76 +0,0 @@
-From 5e28cf702ad338e399f8fff0b3fa18736a297318 Mon Sep 17 00:00:00 2001
-From: Sumit Bose <sbose@redhat.com>
-Date: Tue, 21 Aug 2018 13:09:20 +0200
-Subject: [PATCH 3/3] discover: try to get domain name from hostname
-
-If there is no domain name returned by DHCP check if the hostname
-contains a domain part and use this to discover a realm.
-
-Related to https://bugzilla.redhat.com/show_bug.cgi?id=1619162
----
- service/realm-provider.c | 28 +++++++++++++++++++++++++++-
- 1 file changed, 27 insertions(+), 1 deletion(-)
-
-diff --git a/service/realm-provider.c b/service/realm-provider.c
-index d647c7a..258e8e1 100644
---- a/service/realm-provider.c
-+++ b/service/realm-provider.c
-@@ -28,6 +28,8 @@
- #include <glib/gi18n.h>
- #include <gio/gio.h>
- 
-+#include <errno.h>
-+
- #define TIMEOUT_SECONDS 15
- 
- G_DEFINE_TYPE (RealmProvider, realm_provider, G_TYPE_DBUS_OBJECT_SKELETON);
-@@ -181,6 +183,25 @@ on_discover_complete (GObject *source,
- 	return_discover_result (method, realms, relevance, error);
- }
- 
-+static gchar *
-+get_domain_from_hostname (void)
-+{
-+	gchar hostname[HOST_NAME_MAX + 1];
-+	gchar *dot;
-+
-+	if (gethostname (hostname, sizeof (hostname)) < 0) {
-+		g_warning ("Couldn't get the computer host name: %s", g_strerror (errno));
-+		return NULL;
-+	}
-+
-+	dot = strchr (hostname, '.');
-+	if (dot != NULL) {
-+		return g_strdup (dot + 1);
-+	}
-+
-+	return NULL;
-+}
-+
- static void
- on_discover_default (GObject *source,
-                      GAsyncResult *result,
-@@ -195,6 +216,10 @@ on_discover_default (GObject *source,
- 		g_clear_error (&error);
- 	}
- 
-+	if (method->string == NULL) {
-+		method->string = get_domain_from_hostname ();
-+	}
-+
- 	if (method->string) {
- 		g_strstrip (method->string);
- 		if (g_str_equal (method->string, "")) {
-@@ -210,7 +235,8 @@ on_discover_default (GObject *source,
- 		                         on_discover_complete, method);
- 
- 	} else {
--		realm_diagnostics_info (method->invocation, "No default domain received via DHCP");
-+		realm_diagnostics_info (method->invocation,
-+		                        "No default domain received via DHCP or given by hostname");
- 		return_discover_result (method, NULL, 0, NULL);
- 	}
- }
--- 
-2.17.1
-
diff --git a/SPECS-EXTENDED/realmd/0003-doc-fix-reference-in-realmd.conf-man-page.patch b/SPECS-EXTENDED/realmd/0003-doc-fix-reference-in-realmd.conf-man-page.patch
new file mode 100644
index 00000000000..a03a09a018a
--- /dev/null
+++ b/SPECS-EXTENDED/realmd/0003-doc-fix-reference-in-realmd.conf-man-page.patch
@@ -0,0 +1,26 @@
+From 56aedbceec3e6ff0d6142a16ca0c343c523b6d7a Mon Sep 17 00:00:00 2001
+From: Sumit Bose <sbose@redhat.com>
+Date: Fri, 1 Dec 2023 13:07:10 +0100
+Subject: [PATCH 3/3] doc: fix reference in realmd.conf man page
+
+---
+ doc/manual/realmd.conf.xml | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/doc/manual/realmd.conf.xml b/doc/manual/realmd.conf.xml
+index 72b706c..ad17639 100644
+--- a/doc/manual/realmd.conf.xml
++++ b/doc/manual/realmd.conf.xml
+@@ -110,7 +110,8 @@ default-client = sssd
+ 		</para>
+ 
+ 		<para>Some callers of <command>realmd</command> such as the
+-		<link linkend="realm"><command>realm</command></link>
++		<citerefentry><refentrytitle>realm</refentrytitle>
++		<manvolnum>8</manvolnum></citerefentry>
+ 		command line tool allow specifying which client software should
+ 		be used. Others, such as GNOME Control Center, simplify choose
+ 		the default.</para>
+-- 
+2.43.0
+
diff --git a/SPECS-EXTENDED/realmd/realmd.signatures.json b/SPECS-EXTENDED/realmd/realmd.signatures.json
index c9c5ecf0e0e..48cec3d11e8 100644
--- a/SPECS-EXTENDED/realmd/realmd.signatures.json
+++ b/SPECS-EXTENDED/realmd/realmd.signatures.json
@@ -1,5 +1,5 @@
 {
  "Signatures": {
-  "realmd-0.16.3.tar.gz": "d8943f66a2a666fee8be026d82a66904c0a5125aab7ef74504456ce269687dda"
+  "realmd-0.17.1.tar.gz": "2eb12cc6e023c3dd1e2691b893f9841f0a679ba3feb3c8d0bc71891424ebec5f"
  }
 }
diff --git a/SPECS-EXTENDED/realmd/realmd.spec b/SPECS-EXTENDED/realmd/realmd.spec
index ba1452e645d..72ef2bb5c35 100644
--- a/SPECS-EXTENDED/realmd/realmd.spec
+++ b/SPECS-EXTENDED/realmd/realmd.spec
@@ -1,36 +1,19 @@
 Name:		realmd
-Version:	0.16.3
-Release:	25%{?dist}
+Version:	0.17.1
+Release:	1%{?dist}
 Summary:	Kerberos realm enrollment service
 License:	LGPLv2+
 Vendor:         Microsoft Corporation
 Distribution:   Azure Linux
-URL:		http://cgit.freedesktop.org/realmd/realmd/
-Source0:	http://www.freedesktop.org/software/realmd/releases/realmd-%{version}.tar.gz
+URL:		https://gitlab.freedesktop.org/realmd/realmd
+Source0:	https://gitlab.freedesktop.org/realmd/realmd/-/archive/0.17.1/realmd-%{version}.tar.gz
 
-Patch1:		0001-LDAP-don-t-close-LDAP-socket-twice.patch
-Patch2:		0001-service-Add-nss-and-pam-sssd.conf-services-after-joi.patch
-Patch3:		0001-Kerberos-fall-back-to-tcp-SRV-lookup.patch
-Patch4:		0001-service-Add-pam-and-nss-services-in-realm_sssd_confi.patch
-Patch5:		0001-switch-to-authselect.patch
-Patch6:		0001-Fix-man-page-reference-in-systemd-service-file.patch
-Patch7:		0001-Use-current-idmap-options-for-smb.conf.patch
-Patch8:		0001-Find-NetBIOS-name-in-keytab-while-leaving.patch
-Patch9:		0001-tests-run-tests-with-python3.patch
-
-Patch10:	0001-Fix-issues-found-by-Coverity.patch
-Patch11:	0002-Change-qualified-names-default-for-IPA.patch
-Patch12:	0003-discover-try-to-get-domain-name-from-hostname.patch
-
-Patch13:	0001-IPA-do-not-call-sssd-enable-logins.patch
-
-Patch14:	0001-Set-NEWEST-flag-when-resolving-packages-with-Package.patch
-
-# Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1675879
-Patch15:	0001-tests-ignore-order-in-test_update_domain.patch
-
-# Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1736578
-Patch16:	0001-Remove-support-for-deprecated-gtester-format.patch
+Patch1:	        0001-service-allow-multiple-names-and-_srv_-ad_server-opt.patch			
+Patch2:		0002-service-fix-error-message-when-removing-host-from-AD.patch
+Patch3:		0003-doc-fix-reference-in-realmd.conf-man-page.patch
+Patch4:		0001-sssd-package-fix.patch
+Patch5:		0001-tools-fix-ccache-handling-for-leave-operation.patch
+Patch6:		0001-ipa-Propagate-hostname-error.patch
 
 BuildRequires:	gcc
 BuildRequires:	perl(File::Find)
@@ -43,6 +26,7 @@ BuildRequires:	openldap-devel
 BuildRequires:	polkit-devel
 BuildRequires:	krb5-devel
 BuildRequires:	systemd-devel
+BuildRequires:  systemd-units
 BuildRequires:	libxslt
 BuildRequires:	xmlto
 BuildRequires:	python3
@@ -51,6 +35,7 @@ BuildRequires:  e2fsprogs-devel
 Requires:	authselect
 Requires:	polkit
 
+
 %description
 realmd is a DBus system service which manages discovery and enrollment in realms
 and domains like Active Directory or IPA. The control center uses realmd as the
@@ -82,6 +67,14 @@ make check
 make install DESTDIR=%{buildroot}
 
 %find_lang realmd
+%post
+%systemd_post realmd.service
+
+%preun
+%systemd_preun realmd.service
+
+%postun
+%systemd_postun_with_restart realmd.service
 
 %files -f realmd.lang
 %license COPYING
@@ -89,7 +82,7 @@ make install DESTDIR=%{buildroot}
 %{_sysconfdir}/dbus-1/system.d/org.freedesktop.realmd.conf
 %{_sbindir}/realm
 %dir %{_prefix}/lib/realmd
-%{_prefix}/lib/realmd/realmd
+%{_libexecdir}/realmd
 %{_prefix}/lib/realmd/realmd-defaults.conf
 %{_prefix}/lib/realmd/realmd-distro.conf
 %{_unitdir}/realmd.service
@@ -102,6 +95,9 @@ make install DESTDIR=%{buildroot}
 %doc ChangeLog
 
 %changelog
+* Thu Sept 26 2024 Jyoti kanase <v-jykanase@microsoft.com> - 0.17.1-1
+- Update to version 0.17.1
+
 * Wed Feb 16 2022 Pawel Winogrodzki <pawelwi@microsoft.com> - 0.16.3-25
 - License verified.
 
diff --git a/cgmanifest.json b/cgmanifest.json
index 682bd612cd0..ff59d7498f4 100644
--- a/cgmanifest.json
+++ b/cgmanifest.json
@@ -25513,8 +25513,8 @@
         "type": "other",
         "other": {
           "name": "realmd",
-          "version": "0.16.3",
-          "downloadUrl": "http://www.freedesktop.org/software/realmd/releases/realmd-0.16.3.tar.gz"
+          "version": "0.17.1",
+          "downloadUrl": "https://gitlab.freedesktop.org/realmd/realmd/-/archive/0.17.1/realmd-0.17.1.tar.gz"
         }
       }
     },

From 04f7a725d1b0dfbfd98da6a82fc4758d1f899879 Mon Sep 17 00:00:00 2001
From: Archana Choudhary <36061892+arc9693@users.noreply.github.com>
Date: Fri, 27 Sep 2024 19:08:40 +0530
Subject: [PATCH 39/59] blobfuse2: upgrade to 2.3.2 to fix CVE-2024-35255
 (#10574)

---
 SPECS/blobfuse2/blobfuse2.signatures.json | 8 ++++----
 SPECS/blobfuse2/blobfuse2.spec            | 6 +++++-
 cgmanifest.json                           | 4 ++--
 3 files changed, 11 insertions(+), 7 deletions(-)

diff --git a/SPECS/blobfuse2/blobfuse2.signatures.json b/SPECS/blobfuse2/blobfuse2.signatures.json
index 4e5e94ad9d1..e8a5d7ecb19 100644
--- a/SPECS/blobfuse2/blobfuse2.signatures.json
+++ b/SPECS/blobfuse2/blobfuse2.signatures.json
@@ -1,6 +1,6 @@
 {
-    "Signatures": {
-     "blobfuse2-2.3.0.tar.gz": "9e7c3b98c4967d45405a4b9450fb3e90e329ffefaef1ffa0e6cedfd66991881b",
-     "blobfuse2-2.3.0-vendor.tar.gz": "fea87a77eb3ee28883c1e24de6213c5db1288387b9f9162f4fc57cfdffe97ddb"
-    }
+ "Signatures": {
+  "blobfuse2-2.3.2-vendor.tar.gz": "109d4e98f532736ace27bebd29b76a87764e60b9cc066a1289e5ae97eead4c16",
+  "blobfuse2-2.3.2.tar.gz": "018c23c7d2e3216392a3afc3b30e7d3836e6e6f552735bc64d3d77771aa6fb9f"
+ }
 }
\ No newline at end of file
diff --git a/SPECS/blobfuse2/blobfuse2.spec b/SPECS/blobfuse2/blobfuse2.spec
index 612d68c2d4f..5dd53533438 100644
--- a/SPECS/blobfuse2/blobfuse2.spec
+++ b/SPECS/blobfuse2/blobfuse2.spec
@@ -5,7 +5,7 @@
 
 Summary:        FUSE adapter - Azure Storage
 Name:           blobfuse2
-Version:        2.3.0
+Version:        2.3.2
 Release:        1%{?dist}
 License:        MIT
 Vendor:         Microsoft Corporation
@@ -59,6 +59,10 @@ install -D -m 0644 ./setup/blobfuse2-logrotate %{buildroot}%{_sysconfdir}/logrot
 %{_sysconfdir}/logrotate.d/blobfuse2
 
 %changelog
+* Fri Sep 27 2024 Archana Choudhary <archana1@microsoft.com> - 2.3.2-1
+- Upgrade to version 2.3.2.
+- Fixes CVE-2024-35255
+
 * Tue Jul 09 2024 Pawel Winogrodzki <pawelwi@microsoft.com> - 2.3.0-1
 - Update to version 2.3.0.
 
diff --git a/cgmanifest.json b/cgmanifest.json
index ff59d7498f4..06491873fbe 100644
--- a/cgmanifest.json
+++ b/cgmanifest.json
@@ -1137,8 +1137,8 @@
         "type": "other",
         "other": {
           "name": "blobfuse2",
-          "version": "2.3.0",
-          "downloadUrl": "https://github.com/Azure/azure-storage-fuse/archive/blobfuse2-2.3.0.tar.gz"
+          "version": "2.3.2",
+          "downloadUrl": "https://github.com/Azure/azure-storage-fuse/archive/blobfuse2-2.3.2.tar.gz"
         }
       }
     },

From 6efc686138cd1971a64d4830416652d0ab5bd865 Mon Sep 17 00:00:00 2001
From: reuben olinsky <reubeno@users.noreply.github.com>
Date: Fri, 27 Sep 2024 11:53:03 -0700
Subject: [PATCH 40/59] mock: upgrade and port from extended to core (including
 dependencies) (#10347)

Upgrades and moves to core: mock, mock-core-configs, distribution-gpg-keys, libuser, python-pyroute2, python-templated-dictionary, usermode

Adds as required dependencies: python-backoff, python-rpmautospec-core
---
 LICENSES-AND-NOTICES/SPECS/LICENSES-MAP.md    |   2 +-
 LICENSES-AND-NOTICES/SPECS/data/licenses.json |   2 +
 .../distribution-gpg-keys.signatures.json     |   5 -
 .../libuser-0.63-PR49_add_yescrypt.patch      | 260 ------------
 .../libuser-0.63-downstream_test_xcrypt.patch |  27 --
 .../libuser/libuser.signatures.json           |   5 -
 .../mock-core-configs.signatures.json         |   5 -
 SPECS-EXTENDED/mock/mock.signatures.json      |   5 -
 .../python-pyroute2.signatures.json           |  12 -
 ...ython-templated-dictionary.signatures.json |   5 -
 SPECS-EXTENDED/usermode/fsfaddr.patch         | 396 ------------------
 .../usermode/selinux_deprecated.patch         |  49 ---
 SPECS-EXTENDED/usermode/sysmacros.patch       |  12 -
 .../distribution-gpg-keys.signatures.json     |   5 +
 .../distribution-gpg-keys.spec                |  31 +-
 SPECS/libuser/libuser.signatures.json         |   5 +
 .../libuser/libuser.spec                      |  66 +--
 .../mock-core-configs.signatures.json         |   5 +
 .../mock-core-configs/mock-core-configs.spec  | 127 ++++--
 SPECS/mock/mock.signatures.json               |   5 +
 {SPECS-EXTENDED => SPECS}/mock/mock.spec      | 218 +++++++---
 .../python-backoff.signatures.json            |   5 +
 SPECS/python-backoff/python-backoff.spec      | 136 ++++++
 .../python-pyroute2.signatures.json           |   5 +
 .../python-pyroute2/python-pyroute2.spec      | 111 ++---
 .../python-rpmautospec-core.signatures.json   |   5 +
 .../python-rpmautospec-core.spec              | 101 +++++
 ...ython-templated-dictionary.signatures.json |   5 +
 .../python-templated-dictionary.spec          |  53 ++-
 .../usermode/config-util                      |   0
 .../usermode/usermode.signatures.json         |   2 +-
 .../usermode/usermode.spec                    |  66 +--
 cgmanifest.json                               |  48 ++-
 33 files changed, 741 insertions(+), 1043 deletions(-)
 delete mode 100644 SPECS-EXTENDED/distribution-gpg-keys/distribution-gpg-keys.signatures.json
 delete mode 100644 SPECS-EXTENDED/libuser/libuser-0.63-PR49_add_yescrypt.patch
 delete mode 100644 SPECS-EXTENDED/libuser/libuser-0.63-downstream_test_xcrypt.patch
 delete mode 100644 SPECS-EXTENDED/libuser/libuser.signatures.json
 delete mode 100644 SPECS-EXTENDED/mock-core-configs/mock-core-configs.signatures.json
 delete mode 100644 SPECS-EXTENDED/mock/mock.signatures.json
 delete mode 100644 SPECS-EXTENDED/python-pyroute2/python-pyroute2.signatures.json
 delete mode 100644 SPECS-EXTENDED/python-templated-dictionary/python-templated-dictionary.signatures.json
 delete mode 100644 SPECS-EXTENDED/usermode/fsfaddr.patch
 delete mode 100644 SPECS-EXTENDED/usermode/selinux_deprecated.patch
 delete mode 100644 SPECS-EXTENDED/usermode/sysmacros.patch
 create mode 100644 SPECS/distribution-gpg-keys/distribution-gpg-keys.signatures.json
 rename {SPECS-EXTENDED => SPECS}/distribution-gpg-keys/distribution-gpg-keys.spec (93%)
 create mode 100644 SPECS/libuser/libuser.signatures.json
 rename {SPECS-EXTENDED => SPECS}/libuser/libuser.spec (97%)
 create mode 100644 SPECS/mock-core-configs/mock-core-configs.signatures.json
 rename {SPECS-EXTENDED => SPECS}/mock-core-configs/mock-core-configs.spec (87%)
 create mode 100644 SPECS/mock/mock.signatures.json
 rename {SPECS-EXTENDED => SPECS}/mock/mock.spec (84%)
 create mode 100644 SPECS/python-backoff/python-backoff.signatures.json
 create mode 100644 SPECS/python-backoff/python-backoff.spec
 create mode 100644 SPECS/python-pyroute2/python-pyroute2.signatures.json
 rename {SPECS-EXTENDED => SPECS}/python-pyroute2/python-pyroute2.spec (77%)
 create mode 100644 SPECS/python-rpmautospec-core/python-rpmautospec-core.signatures.json
 create mode 100644 SPECS/python-rpmautospec-core/python-rpmautospec-core.spec
 create mode 100644 SPECS/python-templated-dictionary/python-templated-dictionary.signatures.json
 rename {SPECS-EXTENDED => SPECS}/python-templated-dictionary/python-templated-dictionary.spec (54%)
 rename {SPECS-EXTENDED => SPECS}/usermode/config-util (100%)
 rename {SPECS-EXTENDED => SPECS}/usermode/usermode.signatures.json (50%)
 rename {SPECS-EXTENDED => SPECS}/usermode/usermode.spec (97%)

diff --git a/LICENSES-AND-NOTICES/SPECS/LICENSES-MAP.md b/LICENSES-AND-NOTICES/SPECS/LICENSES-MAP.md
index 658ae726931..df48f7d1791 100644
--- a/LICENSES-AND-NOTICES/SPECS/LICENSES-MAP.md
+++ b/LICENSES-AND-NOTICES/SPECS/LICENSES-MAP.md
@@ -5,7 +5,7 @@ The Azure Linux SPEC files originated from a variety of sources with varying lic
 | CentOS | [MIT](https://www.centos.org/legal/#licensing-policy) | crash-ptdump-command <br> delve <br> fstrm <br> nodejs-nodemon <br> rhnlib <br> rt-setup <br> rt-tests <br> rtctl <br> tuned |
 | Ceph source | [LGPL2.1](https://github.com/ceph/ceph/blob/master/COPYING-LGPL2.1) | ceph |
 | Debian | [MIT](https://opensource.org/licenses/MIT) | prometheus-process-exporter |
-| Fedora | [Fedora MIT License Declaration](https://fedoraproject.org/wiki/Licensing:Main?rd=Licensing#License_of_Fedora_SPEC_Files) | 389-ds-base <br> a52dec <br> abseil-cpp <br> accountsservice <br> acpica-tools <br> acpid <br> adcli <br> adobe-mappings-cmap <br> adobe-mappings-pdf <br> advancecomp <br> adwaita-icon-theme <br> afflib <br> aide <br> alsa-firmware <br> alsa-plugins <br> amtk <br> amtterm <br> annobin <br> ansible-freeipa <br> archivemount <br> arptables <br> arpwatch <br> asio <br> aspell <br> aspell-en <br> at <br> at-spi2-atk <br> at-spi2-core <br> atf <br> atk <br> atop <br> attr <br> audiofile <br> augeas <br> authbind <br> authd <br> authselect <br> autoconf213 <br> avahi <br> babeltrace <br> babeltrace2 <br> babl <br> baekmuk-ttf-fonts <br> bats <br> bcache-tools <br> biosdevname <br> blosc <br> bluez <br> bmake <br> bolt <br> boom-boot <br> booth <br> botan2 <br> breezy <br> brotli <br> buildah <br> busybox <br> bwidget <br> byacc <br> ca-certificates <br> cachefilesd <br> cairomm <br> calamares <br> capnproto <br> capstone <br> catatonit <br> catch <br> catch1 <br> cdrdao <br> celt051 <br> cereal <br> certmonger <br> cfitsio <br> cgdcbxd <br> chan <br> CharLS <br> checkpolicy <br> checksec <br> chrony <br> cim-schema <br> cjkuni-uming-fonts <br> cjose <br> ck <br> cldr-emoji-annotation <br> clucene <br> clutter <br> clutter-gst3 <br> clutter-gtk <br> cmocka <br> cogl <br> collectd <br> colm <br> color-filesystem <br> colord <br> colorize <br> compat-lua <br> compiler-rt <br> conda <br> conmon <br> conntrack-tools <br> console-setup <br> container-exception-logger <br> containernetworking-plugins <br> convmv <br> corosync <br> corosync-qdevice <br> cpp-hocon <br> cppcheck <br> cpprest <br> cpptest <br> cpufrequtils <br> cpuid <br> criu <br> crypto-policies <br> cryptsetup <br> cscope <br> ctags <br> CUnit <br> cups <br> custodia <br> Cython <br> dbus-c++ <br> dbus-python <br> dbxtool <br> dconf <br> dcraw <br> debootstrap <br> deltarpm <br> desktop-file-utils <br> device-mapper-persistent-data <br> dhcpcd <br> dietlibc <br> diffstat <br> ding-libs <br> discount <br> distribution-gpg-keys <br> dleyna-connector-dbus <br> dleyna-core <br> dmraid <br> dnf <br> dnf-plugins-core <br> docbook-dtds <br> docbook-simple <br> docbook-slides <br> docbook-style-dsssl <br> docbook-utils <br> docbook2X <br> docbook5-schemas <br> docbook5-style-xsl <br> dogtail <br> dos2unix <br> dotconf <br> dovecot <br> dpdk <br> dpkg <br> driverctl <br> dropwatch <br> drpm <br> duktape <br> dumpet <br> dvd+rw-tools <br> dwarves <br> dwz <br> dyninst <br> ebtables <br> edac-utils <br> edk2 <br> efax <br> efi-rpm-macros <br> egl-wayland <br> eglexternalplatform <br> elinks <br> enca <br> enchant <br> enchant2 <br> enscript <br> environment-modules <br> evemu <br> execstack <br> exempi <br> exiv2 <br> extra-cmake-modules <br> fabtests <br> facter <br> fakechroot <br> fakeroot <br> fdk-aac-free <br> fdupes <br> fence-virt <br> fetchmail <br> fftw <br> filebench <br> fio <br> fipscheck <br> firewalld <br> flac <br> flatbuffers <br> flite <br> fltk <br> fmt <br> fontawesome-fonts <br> fontawesome4-fonts <br> fontpackages <br> fonts-rpm-macros <br> foomatic-db <br> freeglut <br> freeipmi <br> freeradius <br> freetds <br> freexl <br> fribidi <br> fros <br> frr <br> fsverity-utils <br> fuse-overlayfs <br> fuse-sshfs <br> fuse-zip <br> fuse3 <br> future <br> fxload <br> gavl <br> gbenchmark <br> gconf-editor <br> GConf2 <br> gcovr <br> gcr <br> gdal <br> gdisk <br> gdk-pixbuf2 <br> generic-logos <br> genwqe-tools <br> geoclue2 <br> GeoIP <br> GeoIP-GeoLite-data <br> geolite2 <br> geos <br> gfs2-utils <br> ghc-srpm-macros <br> giflib <br> gl-manpages <br> glew <br> glm <br> glog <br> glslang <br> glusterfs <br> gnome-desktop-testing <br> gnome-doc-utils <br> gnome-icon-theme <br> gnome-keyring <br> gnu-efi <br> go-rpm-macros <br> gom <br> google-api-python-client <br> google-crosextra-caladea-fonts <br> google-crosextra-carlito-fonts <br> google-guice <br> google-noto-cjk-fonts <br> google-noto-emoji-fonts <br> google-roboto-slab-fonts <br> gphoto2 <br> gpm <br> gpsbabel <br> graphene <br> graphite2 <br> graphviz <br> grubby <br> gsettings-desktop-schemas <br> gsl <br> gsm <br> gspell <br> gssdp <br> gssntlmssp <br> gstreamer1 <br> gstreamer1-plugins-base <br> gtk-vnc <br> gtk2 <br> gtk3 <br> gtkspell <br> gupnp <br> gupnp-av <br> gupnp-dlna <br> gupnp-igd <br> hardening-check <br> hdf <br> hdf5 <br> heimdal <br> help2man <br> hexedit <br> hicolor-icon-theme <br> hiera <br> highlight <br> hivex <br> hostname <br> hping3 <br> hsakmt <br> htop <br> hunspell <br> hunspell-af <br> hunspell-ar <br> hunspell-as <br> hunspell-ast <br> hunspell-az <br> hunspell-be <br> hunspell-bg <br> hunspell-bn <br> hunspell-br <br> hunspell-ca <br> hunspell-cop <br> hunspell-csb <br> hunspell-cv <br> hunspell-cy <br> hunspell-da <br> hunspell-de <br> hunspell-dsb <br> hunspell-el <br> hunspell-en <br> hunspell-eo <br> hunspell-es <br> hunspell-et <br> hunspell-eu <br> hunspell-fa <br> hunspell-fj <br> hunspell-fo <br> hunspell-fr <br> hunspell-fur <br> hunspell-fy <br> hunspell-ga <br> hunspell-gd <br> hunspell-gl <br> hunspell-grc <br> hunspell-gu <br> hunspell-gv <br> hunspell-haw <br> hunspell-hi <br> hunspell-hil <br> hunspell-hr <br> hunspell-hsb <br> hunspell-ht <br> hunspell-hu <br> hunspell-hy <br> hunspell-ia <br> hunspell-id <br> hunspell-is <br> hunspell-it <br> hunspell-kk <br> hunspell-km <br> hunspell-kn <br> hunspell-ko <br> hunspell-ku <br> hunspell-ky <br> hunspell-la <br> hunspell-lb <br> hunspell-ln <br> hunspell-mai <br> hunspell-mg <br> hunspell-mi <br> hunspell-mk <br> hunspell-ml <br> hunspell-mn <br> hunspell-mos <br> hunspell-mr <br> hunspell-ms <br> hunspell-mt <br> hunspell-nds <br> hunspell-ne <br> hunspell-nl <br> hunspell-no <br> hunspell-nr <br> hunspell-nso <br> hunspell-ny <br> hunspell-om <br> hunspell-or <br> hunspell-pa <br> hunspell-pl <br> hunspell-pt <br> hunspell-quh <br> hunspell-ro <br> hunspell-ru <br> hunspell-rw <br> hunspell-se <br> hunspell-shs <br> hunspell-si <br> hunspell-sk <br> hunspell-sl <br> hunspell-smj <br> hunspell-so <br> hunspell-sq <br> hunspell-sr <br> hunspell-sv <br> hunspell-sw <br> hunspell-ta <br> hunspell-te <br> hunspell-tet <br> hunspell-th <br> hunspell-tk <br> hunspell-tl <br> hunspell-tn <br> hunspell-tpi <br> hunspell-ts <br> hunspell-uk <br> hunspell-uz <br> hunspell-ve <br> hunspell-vi <br> hunspell-wa <br> hunspell-xh <br> hunspell-yi <br> hwdata <br> hwloc <br> hyperscan <br> hyperv-daemons <br> hyphen <br> hyphen-as <br> hyphen-bg <br> hyphen-bn <br> hyphen-ca <br> hyphen-da <br> hyphen-de <br> hyphen-el <br> hyphen-es <br> hyphen-fa <br> hyphen-fo <br> hyphen-fr <br> hyphen-ga <br> hyphen-gl <br> hyphen-grc <br> hyphen-gu <br> hyphen-hi <br> hyphen-hsb <br> hyphen-hu <br> hyphen-ia <br> hyphen-id <br> hyphen-is <br> hyphen-it <br> hyphen-kn <br> hyphen-ku <br> hyphen-lt <br> hyphen-mi <br> hyphen-ml <br> hyphen-mn <br> hyphen-mr <br> hyphen-nl <br> hyphen-or <br> hyphen-pa <br> hyphen-pl <br> hyphen-pt <br> hyphen-ro <br> hyphen-ru <br> hyphen-sa <br> hyphen-sk <br> hyphen-sl <br> hyphen-sv <br> hyphen-ta <br> hyphen-te <br> hyphen-tk <br> hyphen-uk <br> ibus <br> ibus-chewing <br> ibus-hangul <br> ibus-kkc <br> ibus-libzhuyin <br> ibus-m17n <br> ibus-rawcode <br> ibus-sayura <br> ibus-table <br> ibus-table-chinese <br> icc-profiles-openicc <br> icon-naming-utils <br> icoutils <br> iftop <br> iio-sensor-proxy <br> ilmbase <br> im-chooser <br> imaptest <br> imsettings <br> indent <br> infinipath-psm <br> inih <br> iniparser <br> intel-cmt-cat <br> intel-ipsec-mb <br> ioping <br> IP2Location <br> ipa-pgothic-fonts <br> ipcalc <br> ipmitool <br> iprutils <br> iptraf-ng <br> iptstate <br> irssi <br> iscsi-initiator-utils <br> isns-utils <br> iso-codes <br> isomd5sum <br> iw <br> iwd <br> jabberpy <br> jakarta-servlet <br> jasper <br> javapackages-bootstrap <br> javapackages-tools <br> jbigkit <br> jdom2 <br> jemalloc <br> jfsutils <br> jimtcl <br> jose <br> js-jquery <br> jsoncpp <br> Judy <br> jurand <br> kata-containers <br> kde-filesystem <br> kde-settings <br> kexec-tools <br> keybinder3 <br> keycloak-httpd-client-install <br> kf <br> kf-kconfig <br> kf-kcoreaddons <br> kf-ki18n <br> kf-kwidgetsaddons <br> kpmcore <br> kronosnet <br> ksh <br> kyotocabinet <br> kyua <br> ladspa <br> lame <br> langtable <br> lapack <br> lasso <br> latencytop <br> lato-fonts <br> lcms2 <br> lcov <br> ldns <br> leatherman <br> ledmon <br> lensfun <br> leveldb <br> lftp <br> libabw <br> libaec <br> libao <br> libappstream-glib <br> libarrow <br> libart_lgpl <br> libasyncns <br> libatasmart <br> libavc1394 <br> libblockdev <br> libbpf <br> libbsd <br> libburn <br> libbytesize <br> libcacard <br> libcanberra <br> libcdio <br> libcdio-paranoia <br> libcdr <br> libcgroup <br> libchewing <br> libcli <br> libcmis <br> libcmpiutil <br> libcomps <br> libcroco <br> libdaemon <br> libdap <br> libdatrie <br> libdazzle <br> libdbi <br> libdbusmenu <br> libdc1394 <br> libdecor <br> libdeflate <br> libdmx <br> libdnf <br> libdrm <br> libdvdnav <br> libdvdread <br> libdwarf <br> libeasyfc <br> libecap <br> libecb <br> libei <br> libell <br> libEMF <br> libeot <br> libepoxy <br> libepubgen <br> libesmtp <br> libetonyek <br> libev <br> libevdev <br> libexif <br> libexttextcat <br> libfabric <br> libfontenc <br> libfreehand <br> libftdi <br> libgadu <br> libgdither <br> libgee <br> libgee06 <br> libgeotiff <br> libgexiv2 <br> libgit2 <br> libgit2-glib <br> libglade2 <br> libglvnd <br> libgovirt <br> libgphoto2 <br> libgsf <br> libgta <br> libguestfs <br> libgusb <br> libgxim <br> libgxps <br> libhangul <br> libhugetlbfs <br> libibcommon <br> libical <br> libICE <br> libicns <br> libid3tag <br> libIDL <br> libidn2 <br> libiec61883 <br> libieee1284 <br> libimobiledevice <br> libindicator <br> libinput <br> libiodbc <br> libipt <br> libiptcdata <br> libiscsi <br> libisoburn <br> libisofs <br> libjcat <br> libkcapi <br> libkeepalive <br> libkkc <br> libkkc-data <br> libkml <br> liblangtag <br> libldb <br> libldm <br> liblerc <br> liblockfile <br> liblognorm <br> liblouis <br> liblqr-1 <br> liblzf <br> libmad <br> libmd <br> libmediaart <br> libmicrohttpd <br> libmikmod <br> libmodman <br> libmodplug <br> libmodulemd1 <br> libmpcdec <br> libmspub <br> libmtp <br> libmusicbrainz5 <br> libmwaw <br> libnbd <br> libnet <br> libnetfilter_log <br> libnfs <br> libnotify <br> libntlm <br> libnumbertext <br> libnvme <br> liboauth <br> libodfgen <br> libofa <br> libogg <br> liboggz <br> liboil <br> libomxil-bellagio <br> libopenraw <br> liboping <br> libosinfo <br> libotf <br> libotr <br> libpagemaker <br> libpaper <br> libpciaccess <br> libpeas <br> libpfm <br> libpinyin <br> libplist <br> libpmemobj-cpp <br> libpng12 <br> libpng15 <br> libproxy <br> libpsm2 <br> libpwquality <br> libqb <br> libqxp <br> libraqm <br> LibRaw <br> libraw1394 <br> libreport <br> libreswan <br> librevenge <br> librsvg2 <br> librx <br> libsamplerate <br> libsass <br> libsecret <br> libsemanage <br> libsigc++20 <br> libsigsegv <br> libslirp <br> libSM <br> libsmbios <br> libsmi <br> libsndfile <br> libsodium <br> libspiro <br> libsrtp <br> libssh <br> libstaroffice <br> libstemmer <br> libstoragemgmt <br> libtdb <br> libteam <br> libtevent <br> libthai <br> libtnc <br> libtomcrypt <br> libtommath <br> libtpms <br> libtracecmd <br> libtraceevent <br> libtracefs <br> libtranslit <br> libucil <br> libunicap <br> libuninameslist <br> liburing <br> libusbmuxd <br> libuser <br> libutempter <br> libvarlink <br> libverto <br> libvirt-dbus <br> libvirt-glib <br> libvirt-java <br> libvirt-python <br> libvisio <br> libvisual <br> libvoikko <br> libvorbis <br> libvpx <br> libwacom <br> libwnck3 <br> libwpd <br> libwpe <br> libwpg <br> libwps <br> libwvstreams <br> libX11 <br> libXau <br> libXaw <br> libxcb <br> libXcomposite <br> libxcrypt <br> libXcursor <br> libxcvt <br> libXdamage <br> libXdmcp <br> libXext <br> libxfce4util <br> libXfixes <br> libXfont2 <br> libXft <br> libXi <br> libXinerama <br> libxkbcommon <br> libxkbfile <br> libxklavier <br> libxmlb <br> libXmu <br> libXpm <br> libXrandr <br> libXrender <br> libXres <br> libXScrnSaver <br> libxshmfence <br> libXt <br> libXtst <br> libXv <br> libXxf86vm <br> libyami <br> libyang <br> libyubikey <br> libzip <br> libzmf <br> lilv <br> linuxconsoletools <br> linuxptp <br> lksctp-tools <br> lldpd <br> lockdev <br> logwatch <br> lpsolve <br> lrzsz <br> lua <br> lua-expat <br> lua-filesystem <br> lua-json <br> lua-lpeg <br> lua-lunit <br> lua-rpm-macros <br> lua-term <br> luajit <br> lujavrite <br> luksmeta <br> lutok <br> lv2 <br> lzip <br> lzop <br> m17n-db <br> m17n-lib <br> mac-robber <br> mailcap <br> mailx <br> malaga <br> malaga-suomi-voikko <br> mallard-rng <br> man-pages-cs <br> man-pages-es <br> man-pages-it <br> man-pages-ja <br> man-pages-ko <br> man-pages-pl <br> man-pages-ru <br> man-pages-zh-CN <br> mandoc <br> mariadb-connector-c <br> mariadb-connector-odbc <br> marisa <br> maven-compiler-plugin <br> maven-jar-plugin <br> maven-resolver <br> maven-resources-plugin <br> maven-surefire <br> maven-wagon <br> mcelog <br> mcpp <br> mcstrans <br> mdadm <br> mdds <br> mdevctl <br> meanwhile <br> mecab <br> mecab-ipadic <br> media-player-info <br> memcached <br> memkind <br> mesa <br> mesa-libGLU <br> metis <br> microcode_ctl <br> microdnf <br> minicom <br> minizip <br> mksh <br> mobile-broadband-provider-info <br> mock <br> mock-core-configs <br> mod_auth_gssapi <br> mod_auth_mellon <br> mod_auth_openidc <br> mod_authnz_pam <br> mod_fcgid <br> mod_http2 <br> mod_intercept_form_submit <br> mod_lookup_identity <br> mod_md <br> mod_security <br> mod_security_crs <br> mod_wsgi <br> mokutil <br> mosh <br> mpage <br> mrtg <br> mstflint <br> mt-st <br> mtdev <br> mtools <br> mtr <br> mtx <br> munge <br> mutt <br> mythes <br> mythes-bg <br> mythes-ca <br> mythes-cs <br> mythes-da <br> mythes-de <br> mythes-el <br> mythes-en <br> mythes-eo <br> mythes-es <br> mythes-fr <br> mythes-ga <br> mythes-hu <br> mythes-mi <br> mythes-ne <br> mythes-nl <br> mythes-pl <br> mythes-pt <br> mythes-ro <br> mythes-ru <br> mythes-sk <br> mythes-sl <br> mythes-sv <br> mythes-uk <br> nbd <br> nbdkit <br> neon <br> netavark <br> netcdf <br> netcf <br> netlabel_tools <br> netpbm <br> netsniff-ng <br> nfs4-acl-tools <br> nftables <br> nilfs-utils <br> nkf <br> nload <br> nlopt <br> nodejs-packaging <br> nss-mdns <br> nss-pam-ldapd <br> nss_nis <br> nss_wrapper <br> ntfs-3g <br> ntfs-3g-system-compression <br> numad <br> numatop <br> numpy <br> nvmetcli <br> nvml <br> oath-toolkit <br> ocaml <br> ocaml-alcotest <br> ocaml-astring <br> ocaml-augeas <br> ocaml-base <br> ocaml-bigarray-compat <br> ocaml-bisect-ppx <br> ocaml-calendar <br> ocaml-camlp-streams <br> ocaml-camlp5 <br> ocaml-camomile <br> ocaml-cinaps <br> ocaml-cmdliner <br> ocaml-compiler-libs-janestreet <br> ocaml-cppo <br> ocaml-csexp <br> ocaml-csv <br> ocaml-ctypes <br> ocaml-curses <br> ocaml-dune <br> ocaml-extlib <br> ocaml-fileutils <br> ocaml-findlib <br> ocaml-fmt <br> ocaml-fpath <br> ocaml-gettext <br> ocaml-integers <br> ocaml-libvirt <br> ocaml-luv <br> ocaml-lwt <br> ocaml-markup <br> ocaml-mmap <br> ocaml-num <br> ocaml-ocamlbuild <br> ocaml-ocplib-endian <br> ocaml-ounit <br> ocaml-parsexp <br> ocaml-pp <br> ocaml-ppx-derivers <br> ocaml-ppx-here <br> ocaml-ppx-let <br> ocaml-ppxlib <br> ocaml-re <br> ocaml-react <br> ocaml-result <br> ocaml-seq <br> ocaml-sexplib <br> ocaml-sexplib0 <br> ocaml-srpm-macros <br> ocaml-stdio <br> ocaml-stdlib-random <br> ocaml-topkg <br> ocaml-tyxml <br> ocaml-uutf <br> ocaml-xml-light <br> ocaml-zarith <br> ocl-icd <br> oddjob <br> ogdi <br> omping <br> opa <br> opal <br> open-vm-tools <br> openblas <br> opencc <br> opencl-filesystem <br> opencl-headers <br> opencryptoki <br> opencsd <br> opendnssec <br> OpenEXR <br> openjade <br> openjpeg2 <br> openmpi <br> openobex <br> openoffice-lv <br> openrdate <br> opensc <br> openslp <br> opensm <br> opensp <br> openssl <br> openssl-ibmpkcs11 <br> openssl-pkcs11 <br> openwsman <br> optipng <br> opus <br> opusfile <br> orangefs <br> ORBit2 <br> orc <br> os-prober <br> osinfo-db <br> osinfo-db-tools <br> overpass-fonts <br> p11-kit <br> p7zip <br> pacemaker <br> pacrunner <br> pakchois <br> pam_krb5 <br> pam_wrapper <br> papi <br> paps <br> parallel <br> patchelf <br> patchutils <br> pbzip2 <br> pcp <br> pcsc-lite <br> pcsc-lite-ccid <br> PEGTL <br> perl <br> perl-Algorithm-C3 <br> perl-Algorithm-Diff <br> perl-Alien-Build <br> perl-Alien-pkgconf <br> perl-AnyEvent <br> perl-AnyEvent-AIO <br> perl-AnyEvent-BDB <br> perl-App-cpanminus <br> perl-App-FatPacker <br> perl-AppConfig <br> perl-Archive-Extract <br> perl-Archive-Zip <br> perl-Authen-SASL <br> perl-B-COW <br> perl-B-Debug <br> perl-B-Hooks-EndOfScope <br> perl-B-Hooks-OP-Check <br> perl-B-Keywords <br> perl-B-Lint <br> perl-bareword-filehandles <br> perl-Bit-Vector <br> perl-boolean <br> perl-Browser-Open <br> perl-BSD-Resource <br> perl-Business-ISBN <br> perl-Business-ISBN-Data <br> perl-Bytes-Random-Secure <br> perl-Capture-Tiny <br> perl-Carp-Clan <br> perl-CBOR-XS <br> perl-Class-Accessor <br> perl-Class-C3 <br> perl-Class-C3-XS <br> perl-Class-Data-Inheritable <br> perl-Class-Factory-Util <br> perl-Class-Inspector <br> perl-Class-ISA <br> perl-Class-Load <br> perl-Class-Load-XS <br> perl-Class-Method-Modifiers <br> perl-Class-Singleton <br> perl-Class-Tiny <br> perl-Class-XSAccessor <br> perl-Clone <br> perl-Color-ANSI-Util <br> perl-Color-RGB-Util <br> perl-ColorThemeBase-Static <br> perl-ColorThemeRole-ANSI <br> perl-ColorThemes-Standard <br> perl-ColorThemeUtil-ANSI <br> perl-Compress-Bzip2 <br> perl-Compress-LZF <br> perl-Compress-Raw-Lzma <br> perl-Config-AutoConf <br> perl-Config-INI <br> perl-Config-INI-Reader-Multiline <br> perl-Config-IniFiles <br> perl-Config-Simple <br> perl-Config-Tiny <br> perl-Const-Fast <br> perl-Convert-ASN1 <br> perl-Convert-Bencode <br> perl-Coro <br> perl-Coro-Multicore <br> perl-CPAN-Changes <br> perl-CPAN-DistnameInfo <br> perl-CPAN-Meta-Check <br> perl-Cpanel-JSON-XS <br> perl-Crypt-CBC <br> perl-Crypt-DES <br> perl-Crypt-IDEA <br> perl-Crypt-OpenSSL-Bignum <br> perl-Crypt-OpenSSL-Guess <br> perl-Crypt-OpenSSL-Random <br> perl-Crypt-OpenSSL-RSA <br> perl-Crypt-PasswdMD5 <br> perl-Crypt-Random-Seed <br> perl-CSS-Tiny <br> perl-Data-Dump <br> perl-Data-Munge <br> perl-Data-OptList <br> perl-Data-Peek <br> perl-Data-Section <br> perl-Data-UUID <br> perl-Date-Calc <br> perl-Date-ISO8601 <br> perl-Date-Manip <br> perl-DateTime <br> perl-DateTime-Format-Builder <br> perl-DateTime-Format-DateParse <br> perl-DateTime-Format-HTTP <br> perl-DateTime-Format-IBeat <br> perl-DateTime-Format-ISO8601 <br> perl-DateTime-Format-Mail <br> perl-DateTime-Format-Strptime <br> perl-DateTime-Locale <br> perl-DateTime-TimeZone <br> perl-DateTime-TimeZone-SystemV <br> perl-DateTime-TimeZone-Tzfile <br> perl-DBD-MySQL <br> perl-Devel-CallChecker <br> perl-Devel-Caller <br> perl-Devel-CheckBin <br> perl-Devel-CheckLib <br> perl-Devel-Cycle <br> perl-Devel-EnforceEncapsulation <br> perl-Devel-GlobalDestruction <br> perl-Devel-GlobalDestruction-XS <br> perl-Devel-Hide <br> perl-Devel-Leak <br> perl-Devel-LexAlias <br> perl-Devel-Refcount <br> perl-Devel-Size <br> perl-Devel-StackTrace <br> perl-Devel-Symdump <br> perl-Digest-BubbleBabble <br> perl-Digest-CRC <br> perl-Digest-HMAC <br> perl-Digest-SHA1 <br> perl-Dist-CheckConflicts <br> perl-DynaLoader-Functions <br> perl-Email-Address <br> perl-Email-Date-Format <br> perl-Encode-Detect <br> perl-Encode-EUCJPASCII <br> perl-Encode-IMAPUTF7 <br> perl-Encode-Locale <br> perl-Env-ShellWords <br> perl-Error <br> perl-EV <br> perl-Eval-Closure <br> perl-Event <br> perl-Exception-Class <br> perl-Expect <br> perl-ExtUtils-Config <br> perl-ExtUtils-Depends <br> perl-ExtUtils-Helpers <br> perl-ExtUtils-InstallPaths <br> perl-ExtUtils-PkgConfig <br> perl-FCGI <br> perl-Fedora-VSP <br> perl-FFI-CheckLib <br> perl-File-BaseDir <br> perl-File-BOM <br> perl-File-chdir <br> perl-File-CheckTree <br> perl-File-Copy-Recursive <br> perl-File-DesktopEntry <br> perl-File-Find-Object <br> perl-File-Find-Object-Rule <br> perl-File-Find-Rule <br> perl-File-Find-Rule-Perl <br> perl-File-Inplace <br> perl-File-Listing <br> perl-File-MimeInfo <br> perl-File-pushd <br> perl-File-ReadBackwards <br> perl-File-Remove <br> perl-File-ShareDir <br> perl-File-ShareDir-Install <br> perl-File-Slurp <br> perl-File-Slurp-Tiny <br> perl-File-Slurper <br> perl-File-Type <br> perl-Font-TTF <br> perl-FreezeThaw <br> perl-GD <br> perl-GD-Barcode <br> perl-generators <br> perl-Getopt-ArgvFile <br> perl-gettext <br> perl-Graphics-ColorNamesLite-WWW <br> perl-GSSAPI <br> perl-Guard <br> perl-Hook-LexWrap <br> perl-HTML-Parser <br> perl-HTML-Tagset <br> perl-HTML-Tree <br> perl-HTTP-Cookies <br> perl-HTTP-Daemon <br> perl-HTTP-Date <br> perl-HTTP-Message <br> perl-HTTP-Negotiate <br> perl-Image-Base <br> perl-Image-Info <br> perl-Image-Xbm <br> perl-Image-Xpm <br> perl-Import-Into <br> perl-Importer <br> perl-inc-latest <br> perl-indirect <br> perl-Inline-Files <br> perl-IO-AIO <br> perl-IO-All <br> perl-IO-CaptureOutput <br> perl-IO-Compress-Lzma <br> perl-IO-HTML <br> perl-IO-Multiplex <br> perl-IO-SessionData <br> perl-IO-Socket-INET6 <br> perl-IO-String <br> perl-IO-stringy <br> perl-IO-Tty <br> perl-IPC-Run <br> perl-IPC-Run3 <br> perl-IPC-System-Simple <br> perl-JSON <br> perl-JSON-Color <br> perl-JSON-MaybeXS <br> perl-LDAP <br> perl-libnet <br> perl-libwww-perl <br> perl-libxml-perl <br> perl-Lingua-EN-Inflect <br> perl-List-MoreUtils-XS <br> perl-local-lib <br> perl-Locale-Codes <br> perl-Locale-Maketext-Gettext <br> perl-Locale-Msgfmt <br> perl-Locale-PO <br> perl-Log-Message <br> perl-Log-Message-Simple <br> perl-LWP-MediaTypes <br> perl-LWP-Protocol-https <br> perl-Mail-AuthenticationResults <br> perl-Mail-DKIM <br> perl-Mail-IMAPTalk <br> perl-Mail-SPF <br> perl-MailTools <br> perl-Match-Simple <br> perl-Math-Int64 <br> perl-Math-Random-ISAAC <br> perl-MIME-Charset <br> perl-MIME-Lite <br> perl-MIME-Types <br> perl-Mixin-Linewise <br> perl-MLDBM <br> perl-Mock-Config <br> perl-Module-Build-Tiny <br> perl-Module-CPANfile <br> perl-Module-Implementation <br> perl-Module-Install-AuthorRequires <br> perl-Module-Install-AuthorTests <br> perl-Module-Install-AutoLicense <br> perl-Module-Install-GithubMeta <br> perl-Module-Install-ManifestSkip <br> perl-Module-Install-ReadmeFromPod <br> perl-Module-Install-ReadmeMarkdownFromPod <br> perl-Module-Install-Repository <br> perl-Module-Install-TestBase <br> perl-Module-Load-Util <br> perl-Module-Manifest <br> perl-Module-Manifest-Skip <br> perl-Module-Package <br> perl-Module-Package-Au <br> perl-Module-Pluggable <br> perl-Module-Runtime <br> perl-Module-Signature <br> perl-Mojolicious <br> perl-Moo <br> perl-Mozilla-CA <br> perl-Mozilla-LDAP <br> perl-MRO-Compat <br> perl-multidimensional <br> perl-namespace-autoclean <br> perl-namespace-clean <br> perl-Net-CIDR-Lite <br> perl-Net-Daemon <br> perl-Net-DNS <br> perl-Net-DNS-Resolver-Mock <br> perl-Net-DNS-Resolver-Programmable <br> perl-Net-HTTP <br> perl-Net-IMAP-Simple <br> perl-Net-IMAP-Simple-SSL <br> perl-Net-IP <br> perl-Net-LibIDN2 <br> perl-Net-Patricia <br> perl-Net-SMTP-SSL <br> perl-Net-SNMP <br> perl-Net-Telnet <br> perl-Newt <br> perl-NNTPClient <br> perl-NTLM <br> perl-Number-Compare <br> perl-Object-Deadly <br> perl-Object-HashBase <br> perl-Package-Anon <br> perl-Package-Constants <br> perl-Package-DeprecationManager <br> perl-Package-Generator <br> perl-Package-Stash <br> perl-Package-Stash-XS <br> perl-PadWalker <br> perl-Paper-Specs <br> perl-PAR-Dist <br> perl-Parallel-Iterator <br> perl-Params-Classify <br> perl-Params-Util <br> perl-Params-Validate <br> perl-Params-ValidationCompiler <br> perl-Parse-PMFile <br> perl-Parse-RecDescent <br> perl-Parse-Yapp <br> perl-Path-Tiny <br> perl-Perl-Critic <br> perl-Perl-Critic-More <br> perl-Perl-Destruct-Level <br> perl-Perl-MinimumVersion <br> perl-Perl4-CoreLibs <br> perl-PerlIO-gzip <br> perl-PerlIO-utf8_strict <br> perl-PkgConfig-LibPkgConf <br> perl-Pod-Coverage <br> perl-Pod-Coverage-TrustPod <br> perl-Pod-Escapes <br> perl-Pod-Eventual <br> perl-Pod-LaTeX <br> perl-Pod-Markdown <br> perl-Pod-Parser <br> perl-Pod-Plainer <br> perl-Pod-POM <br> perl-Pod-Spell <br> perl-PPI <br> perl-PPI-HTML <br> perl-PPIx-QuoteLike <br> perl-PPIx-Regexp <br> perl-PPIx-Utilities <br> perl-prefork <br> perl-Probe-Perl <br> perl-Razor-Agent <br> perl-Readonly <br> perl-Readonly-XS <br> perl-Ref-Util <br> perl-Ref-Util-XS <br> perl-Regexp-Pattern-Perl <br> perl-Return-MultiLevel <br> perl-Role-Tiny <br> perl-Scope-Guard <br> perl-Scope-Upper <br> perl-SGMLSpm <br> perl-SNMP_Session <br> perl-Socket6 <br> perl-Software-License <br> perl-Sort-Versions <br> perl-Specio <br> perl-Spiffy <br> perl-strictures <br> perl-String-CRC32 <br> perl-String-Format <br> perl-String-ShellQuote <br> perl-String-Similarity <br> perl-Sub-Exporter <br> perl-Sub-Exporter-Progressive <br> perl-Sub-Identify <br> perl-Sub-Infix <br> perl-Sub-Info <br> perl-Sub-Install <br> perl-Sub-Name <br> perl-Sub-Quote <br> perl-Sub-Uplevel <br> perl-SUPER <br> perl-Switch <br> perl-Syntax-Highlight-Engine-Kate <br> perl-Sys-CPU <br> perl-Sys-MemInfo <br> perl-Sys-Virt <br> perl-Taint-Runtime <br> perl-Task-Weaken <br> perl-Term-Size-Any <br> perl-Term-Size-Perl <br> perl-Term-Table <br> perl-Term-UI <br> perl-TermReadKey <br> perl-Test-Base <br> perl-Test-ClassAPI <br> perl-Test-CPAN-Meta <br> perl-Test-CPAN-Meta-JSON <br> perl-Test-Deep <br> perl-Test-Differences <br> perl-Test-DistManifest <br> perl-Test-Distribution <br> perl-Test-EOL <br> perl-Test-Exception <br> perl-Test-Exit <br> perl-Test-FailWarnings <br> perl-Test-Fatal <br> perl-Test-File <br> perl-Test-File-ShareDir <br> perl-Test-Harness <br> perl-Test-HasVersion <br> perl-Test-InDistDir <br> perl-Test-Inter <br> perl-Test-LeakTrace <br> perl-Test-LongString <br> perl-Test-Manifest <br> perl-Test-Memory-Cycle <br> perl-Test-MinimumVersion <br> perl-Test-MockObject <br> perl-Test-MockRandom <br> perl-Test-Needs <br> perl-Test-NoTabs <br> perl-Test-NoWarnings <br> perl-Test-Object <br> perl-Test-Output <br> perl-Test-Pod <br> perl-Test-Pod-Coverage <br> perl-Test-Portability-Files <br> perl-Test-Requires <br> perl-Test-RequiresInternet <br> perl-Test-Script <br> perl-Test-Simple <br> perl-Test-SubCalls <br> perl-Test-Synopsis <br> perl-Test-Taint <br> perl-Test-TrailingSpace <br> perl-Test-utf8 <br> perl-Test-Vars <br> perl-Test-Warn <br> perl-Test-Without-Module <br> perl-Test2-Plugin-NoWarnings <br> perl-Test2-Suite <br> perl-Test2-Tools-Explain <br> perl-Text-CharWidth <br> perl-Text-CSV_XS <br> perl-Text-Diff <br> perl-Text-Glob <br> perl-Text-Iconv <br> perl-Text-Soundex <br> perl-Text-Unidecode <br> perl-Text-WrapI18N <br> perl-Tie-IxHash <br> perl-TimeDate <br> perl-Tree-DAG_Node <br> perl-Unicode-EastAsianWidth <br> perl-Unicode-LineBreak <br> perl-Unicode-Map8 <br> perl-Unicode-String <br> perl-Unicode-UTF8 <br> perl-UNIVERSAL-can <br> perl-UNIVERSAL-isa <br> perl-Unix-Syslog <br> perl-URI <br> perl-Variable-Magic <br> perl-Version-Requirements <br> perl-WWW-RobotRules <br> perl-XML-Catalog <br> perl-XML-DOM <br> perl-XML-Dumper <br> perl-XML-Filter-BufferText <br> perl-XML-Generator <br> perl-XML-Grove <br> perl-XML-Handler-YAWriter <br> perl-XML-LibXML <br> perl-XML-LibXSLT <br> perl-XML-NamespaceSupport <br> perl-XML-Parser-Lite <br> perl-XML-RegExp <br> perl-XML-SAX <br> perl-XML-SAX-Base <br> perl-XML-SAX-Writer <br> perl-XML-Simple <br> perl-XML-TokeParser <br> perl-XML-TreeBuilder <br> perl-XML-Twig <br> perl-XML-Writer <br> perl-XML-XPath <br> perl-XML-XPathEngine <br> perl-XString <br> perl-YAML-LibYAML <br> perl-YAML-PP <br> perl-YAML-Syck <br> perltidy <br> pesign <br> phodav <br> php <br> php-pear <br> php-pecl-apcu <br> php-pecl-zip <br> physfs <br> picosat <br> pinfo <br> pipewire <br> pixman <br> pkcs11-helper <br> pkgconf <br> plexus-cipher <br> plexus-containers <br> plexus-sec-dispatcher <br> plotutils <br> pmdk-convert <br> pmix <br> pngcrush <br> pngnq <br> po4a <br> podman <br> poetry <br> policycoreutils <br> polkit-pkla-compat <br> polkit-qt-1 <br> portreserve <br> postfix <br> potrace <br> powertop <br> ppp <br> pps-tools <br> pptp <br> priv_wrapper <br> procmail <br> prometheus <br> prometheus-node-exporter <br> ps_mem <br> psacct <br> pssh <br> psutils <br> ptlib <br> publicsuffix-list <br> pugixml <br> pulseaudio <br> puppet <br> pwgen <br> pyatspi <br> pybind11 <br> pycairo <br> pyelftools <br> pyflakes <br> pygobject3 <br> PyGreSQL <br> pykickstart <br> pylint <br> pyparted <br> pyproject-rpm-macros <br> pyserial <br> python-absl-py <br> python-aiodns <br> python-aiohttp <br> python-alsa <br> python-argcomplete <br> python-argparse-manpage <br> python-astroid <br> python-astunparse <br> python-async-generator <br> python-augeas <br> python-azure-sdk <br> python-beautifulsoup4 <br> python-betamax <br> python-blinker <br> python-blivet <br> python-cached_property <br> python-charset-normalizer <br> python-cheetah <br> python-click <br> python-cmd2 <br> python-colorama <br> python-CommonMark <br> python-conda-package-handling <br> python-configshell <br> python-cpuinfo <br> python-cups <br> python-curio <br> python-cytoolz <br> python-d2to1 <br> python-dbus-client-gen <br> python-dbus-python-client-gen <br> python-dbus-signature-pyparsing <br> python-dbusmock <br> python-ddt <br> python-debtcollector <br> python-decorator <br> python-distlib <br> python-dmidecode <br> python-dns <br> python-dtopt <br> python-dulwich <br> python-editables <br> python-enchant <br> python-entrypoints <br> python-ethtool <br> python-evdev <br> python-extras <br> python-faker <br> python-fasteners <br> python-fastjsonschema <br> python-fields <br> python-filelock <br> python-fixtures <br> python-flake8 <br> python-flask <br> python-flit <br> python-flit-core <br> python-fluidity-sm <br> python-frozendict <br> python-funcsigs <br> python-gast <br> python-genshi <br> python-google-auth <br> python-google-auth-oauthlib <br> python-greenlet <br> python-gssapi <br> python-h5py <br> python-hatch-fancy-pypi-readme <br> python-hatch-vcs <br> python-hatchling <br> python-hs-dbus-signature <br> python-html5lib <br> python-httplib2 <br> python-humanize <br> python-hwdata <br> python-importlib-metadata <br> python-inotify <br> python-into-dbus-python <br> python-IPy <br> python-iso8601 <br> python-isodate <br> python-isort <br> python-itsdangerous <br> python-junitxml <br> python-justbases <br> python-justbytes <br> python-jwcrypto <br> python-jwt <br> python-kdcproxy <br> python-kerberos <br> python-kmod <br> python-kubernetes <br> python-lark <br> python-lazy-object-proxy <br> python-ldap <br> python-linux-procfs <br> python-lit <br> python-looseversion <br> python-markdown <br> python-markdown-it-py <br> python-mccabe <br> python-mdurl <br> python-memcached <br> python-mimeparse <br> python-mock <br> python-monotonic <br> python-more-itertools <br> python-mpmath <br> python-msal <br> python-msrestazure <br> python-mutagen <br> python-networkx <br> python-nose2 <br> python-ntlm-auth <br> python-oauth2client <br> python-openpyxl <br> python-openstackdocstheme <br> python-oslo-i18n <br> python-oslo-sphinx <br> python-paramiko <br> python-pathspec <br> python-pefile <br> python-pexpect <br> python-pkgconfig <br> python-platformdirs <br> python-pluggy <br> python-podman-api <br> python-poetry-core <br> python-process-tests <br> python-productmd <br> python-ptyprocess <br> python-pycares <br> python-pycosat <br> python-pydbus <br> python-pymongo <br> python-PyMySQL <br> python-pyperclip <br> python-pyproject-metadata <br> python-pyroute2 <br> python-pyrsistent <br> python-pysocks <br> python-pytest-benchmark <br> python-pytest-cov <br> python-pytest-expect <br> python-pytest-flake8 <br> python-pytest-flakes <br> python-pytest-forked <br> python-pytest-mock <br> python-pytest-relaxed <br> python-pytest-runner <br> python-pytest-subtests <br> python-pytest-timeout <br> python-pytest-xdist <br> python-pytoml <br> python-pyudev <br> python-pywbem <br> python-qrcode <br> python-rdflib <br> python-recommonmark <br> python-requests-file <br> python-requests-ftp <br> python-requests-kerberos <br> python-requests-mock <br> python-requests-oauthlib <br> python-requests-toolbelt <br> python-requests_ntlm <br> python-responses <br> python-retrying <br> python-rfc3986 <br> python-rich <br> python-rpm-generators <br> python-rpmfluff <br> python-rtslib <br> python-ruamel-yaml <br> python-ruamel-yaml-clib <br> python-s3transfer <br> python-schedutils <br> python-semantic_version <br> python-should_dsl <br> python-simpleline <br> python-slip <br> python-sniffio <br> python-sortedcontainers <br> python-soupsieve <br> python-sphinx <br> python-sphinx-epytext <br> python-sphinx-theme-py3doc-enhanced <br> python-sphinx_rtd_theme <br> python-sphinxcontrib-apidoc <br> python-sphinxcontrib-applehelp <br> python-sphinxcontrib-devhelp <br> python-sphinxcontrib-htmlhelp <br> python-sphinxcontrib-httpdomain <br> python-sphinxcontrib-jsmath <br> python-sphinxcontrib-qthelp <br> python-sphinxcontrib-serializinghtml <br> python-sqlalchemy <br> python-suds <br> python-systemd <br> python-tempita <br> python-templated-dictionary <br> python-termcolor <br> python-testpath <br> python-testresources <br> python-testscenarios <br> python-testtools <br> python-tidy <br> python-toml <br> python-tomli <br> python-toolz <br> python-tornado <br> python-tox <br> python-tox-current-env <br> python-tqdm <br> python-trio <br> python-trove-classifiers <br> python-typing-extensions <br> python-uamqp <br> python-unittest2 <br> python-uritemplate <br> python-urwid <br> python-varlink <br> python-versioneer <br> python-virt-firmware <br> python-voluptuous <br> python-waitress <br> python-webencodings <br> python-webtest <br> python-wheel <br> python-whoosh <br> python-winrm <br> python-wrapt <br> python-xlrd <br> python-xlsxwriter <br> python-xmltodict <br> python-yubico <br> python-zipp <br> python-zmq <br> python-zstd <br> python3-mallard-ducktype <br> python3-pytest-asyncio <br> python3-typed_ast <br> pyusb <br> pywbem <br> pyxattr <br> qemu <br> qhull <br> qpdf <br> qperf <br> qr-code-generator <br> qt-rpm-macros <br> qt5-qtconnectivity <br> qt5-qtsensors <br> qt5-qtserialport <br> qtbase <br> qtdeclarative <br> qtsvg <br> qttools <br> quagga <br> quota <br> radvd <br> ragel <br> raptor2 <br> rarian <br> rasdaemon <br> rasqal <br> rcs <br> rdist <br> rdma-core <br> re2 <br> re2c <br> realmd <br> rear <br> recode <br> resource-agents <br> rest <br> rhash <br> rlwrap <br> rp-pppoe <br> rpm-mpi-hooks <br> rpmdevtools <br> rpmlint <br> rr <br> rtkit <br> rtl-sdr <br> ruby-augeas <br> rubygem-bson <br> rubygem-coderay <br> rubygem-diff-lcs <br> rubygem-flexmock <br> rubygem-hpricot <br> rubygem-introspection <br> rubygem-liquid <br> rubygem-maruku <br> rubygem-metaclass <br> rubygem-mongo <br> rubygem-mustache <br> rubygem-mysql2 <br> rubygem-pkg-config <br> rubygem-rake <br> rubygem-rake-compiler <br> rubygem-ronn <br> rubygem-rouge <br> rubygem-rspec <br> rubygem-rspec-expectations <br> rubygem-rspec-mocks <br> rubygem-rspec-support <br> rubygem-thread_order <br> rusers <br> rust-cbindgen <br> samba <br> sanlock <br> sassist <br> satyr <br> sbc <br> sblim-cim-client2 <br> sblim-cmpi-base <br> sblim-cmpi-devel <br> sblim-cmpi-fsvol <br> sblim-cmpi-network <br> sblim-cmpi-nfsv3 <br> sblim-cmpi-nfsv4 <br> sblim-cmpi-params <br> sblim-cmpi-sysfs <br> sblim-cmpi-syslog <br> sblim-indication_helper <br> sblim-sfcb <br> sblim-sfcc <br> sblim-sfcCommon <br> sblim-testsuite <br> sblim-wbemcli <br> scl-utils <br> scotch <br> screen <br> scrub <br> SDL <br> SDL2 <br> SDL_sound <br> sdparm <br> seabios <br> secilc <br> selinux-policy <br> serd <br> setools <br> setserial <br> setuptool <br> sgabios <br> sgml-common <br> sgpio <br> shared-mime-info <br> sharutils <br> sip <br> sisu <br> skkdic <br> sleuthkit <br> slirp4netns <br> smartmontools <br> smc-tools <br> socket_wrapper <br> softhsm <br> sombok <br> sord <br> sos <br> sound-theme-freedesktop <br> soundtouch <br> sox <br> soxr <br> sparsehash <br> spausedd <br> speex <br> speexdsp <br> spice-protocol <br> spice-vdagent <br> spirv-headers <br> spirv-tools <br> splix <br> squashfs-tools <br> squid <br> sratom <br> sscg <br> star <br> startup-notification <br> stress-ng <br> stunnel <br> subscription-manager <br> subunit <br> suitesparse <br> SuperLU <br> supermin <br> switcheroo-control <br> swtpm <br> symlinks <br> sympy <br> sysfsutils <br> systemd <br> systemd-bootchart <br> t1lib <br> t1utils <br> taglib <br> tang <br> targetcli <br> tbb <br> tcl-pgtcl <br> tclx <br> teckit <br> telnet <br> thrift <br> tidy <br> time <br> tini <br> tinycdb <br> tix <br> tk <br> tlog <br> tmpwatch <br> tn5250 <br> tofrodos <br> tokyocabinet <br> trace-cmd <br> tss2 <br> ttembed <br> ttmkfdir <br> tuna <br> twolame <br> uchardet <br> uclibc-ng <br> ucpp <br> ucs-miscfixed-fonts <br> ucx <br> udftools <br> udica <br> udisks2 <br> uglify-js <br> uid_wrapper <br> unicode-emoji <br> unicode-ucd <br> unique3 <br> units <br> upower <br> uriparser <br> urlview <br> usb_modeswitch <br> usb_modeswitch-data <br> usbguard <br> usbip <br> usbmuxd <br> usbredir <br> usermode <br> ustr <br> uthash <br> uuid <br> uw-imap <br> v4l-utils <br> vhostmd <br> vino <br> virglrenderer <br> virt-p2v <br> virt-top <br> virt-what <br> virt-who <br> vitess <br> vmem <br> volume_key <br> vorbis-tools <br> vte291 <br> vulkan-headers <br> vulkan-loader <br> watchdog <br> wavpack <br> wayland <br> wayland-protocols <br> web-assets <br> webrtc-audio-processing <br> websocketpp <br> wget <br> whois <br> wireguard-tools <br> wireless-regdb <br> wireshark <br> woff2 <br> wordnet <br> words <br> wpebackend-fdo <br> wsmancli <br> wvdial <br> x3270 <br> xapian-core <br> Xaw3d <br> xcb-proto <br> xcb-util <br> xcb-util-image <br> xcb-util-keysyms <br> xcb-util-renderutil <br> xcb-util-wm <br> xdelta <br> xdg-dbus-proxy <br> xdg-utils <br> xdp-tools <br> xerces-c <br> xfconf <br> xfsdump <br> xhtml1-dtds <br> xkeyboard-config <br> xmlstarlet <br> xmltoman <br> xmvn <br> xorg-x11-apps <br> xorg-x11-drv-libinput <br> xorg-x11-font-utils <br> xorg-x11-fonts <br> xorg-x11-proto-devel <br> xorg-x11-server <br> xorg-x11-server-utils <br> xorg-x11-server-Xwayland <br> xorg-x11-util-macros <br> xorg-x11-utils <br> xorg-x11-xauth <br> xorg-x11-xbitmaps <br> xorg-x11-xinit <br> xorg-x11-xkb-utils <br> xorg-x11-xtrans-devel <br> xrestop <br> xterm <br> xxhash <br> yajl <br> yaml-cpp <br> yasm <br> yelp-tools <br> yelp-xsl <br> ykclient <br> yp-tools <br> ypbind <br> ypserv <br> z3 <br> zenity <br> zerofree <br> zfs-fuse <br> zipper <br> zopfli <br> zziplib |
+| Fedora | [Fedora MIT License Declaration](https://fedoraproject.org/wiki/Licensing:Main?rd=Licensing#License_of_Fedora_SPEC_Files) | 389-ds-base <br> a52dec <br> abseil-cpp <br> accountsservice <br> acpica-tools <br> acpid <br> adcli <br> adobe-mappings-cmap <br> adobe-mappings-pdf <br> advancecomp <br> adwaita-icon-theme <br> afflib <br> aide <br> alsa-firmware <br> alsa-plugins <br> amtk <br> amtterm <br> annobin <br> ansible-freeipa <br> archivemount <br> arptables <br> arpwatch <br> asio <br> aspell <br> aspell-en <br> at <br> at-spi2-atk <br> at-spi2-core <br> atf <br> atk <br> atop <br> attr <br> audiofile <br> augeas <br> authbind <br> authd <br> authselect <br> autoconf213 <br> avahi <br> babeltrace <br> babeltrace2 <br> babl <br> baekmuk-ttf-fonts <br> bats <br> bcache-tools <br> biosdevname <br> blosc <br> bluez <br> bmake <br> bolt <br> boom-boot <br> booth <br> botan2 <br> breezy <br> brotli <br> buildah <br> busybox <br> bwidget <br> byacc <br> ca-certificates <br> cachefilesd <br> cairomm <br> calamares <br> capnproto <br> capstone <br> catatonit <br> catch <br> catch1 <br> cdrdao <br> celt051 <br> cereal <br> certmonger <br> cfitsio <br> cgdcbxd <br> chan <br> CharLS <br> checkpolicy <br> checksec <br> chrony <br> cim-schema <br> cjkuni-uming-fonts <br> cjose <br> ck <br> cldr-emoji-annotation <br> clucene <br> clutter <br> clutter-gst3 <br> clutter-gtk <br> cmocka <br> cogl <br> collectd <br> colm <br> color-filesystem <br> colord <br> colorize <br> compat-lua <br> compiler-rt <br> conda <br> conmon <br> conntrack-tools <br> console-setup <br> container-exception-logger <br> containernetworking-plugins <br> convmv <br> corosync <br> corosync-qdevice <br> cpp-hocon <br> cppcheck <br> cpprest <br> cpptest <br> cpufrequtils <br> cpuid <br> criu <br> crypto-policies <br> cryptsetup <br> cscope <br> ctags <br> CUnit <br> cups <br> custodia <br> Cython <br> dbus-c++ <br> dbus-python <br> dbxtool <br> dconf <br> dcraw <br> debootstrap <br> deltarpm <br> desktop-file-utils <br> device-mapper-persistent-data <br> dhcpcd <br> dietlibc <br> diffstat <br> ding-libs <br> discount <br> distribution-gpg-keys <br> dleyna-connector-dbus <br> dleyna-core <br> dmraid <br> dnf <br> dnf-plugins-core <br> docbook-dtds <br> docbook-simple <br> docbook-slides <br> docbook-style-dsssl <br> docbook-utils <br> docbook2X <br> docbook5-schemas <br> docbook5-style-xsl <br> dogtail <br> dos2unix <br> dotconf <br> dovecot <br> dpdk <br> dpkg <br> driverctl <br> dropwatch <br> drpm <br> duktape <br> dumpet <br> dvd+rw-tools <br> dwarves <br> dwz <br> dyninst <br> ebtables <br> edac-utils <br> edk2 <br> efax <br> efi-rpm-macros <br> egl-wayland <br> eglexternalplatform <br> elinks <br> enca <br> enchant <br> enchant2 <br> enscript <br> environment-modules <br> evemu <br> execstack <br> exempi <br> exiv2 <br> extra-cmake-modules <br> fabtests <br> facter <br> fakechroot <br> fakeroot <br> fdk-aac-free <br> fdupes <br> fence-virt <br> fetchmail <br> fftw <br> filebench <br> fio <br> fipscheck <br> firewalld <br> flac <br> flatbuffers <br> flite <br> fltk <br> fmt <br> fontawesome-fonts <br> fontawesome4-fonts <br> fontpackages <br> fonts-rpm-macros <br> foomatic-db <br> freeglut <br> freeipmi <br> freeradius <br> freetds <br> freexl <br> fribidi <br> fros <br> frr <br> fsverity-utils <br> fuse-overlayfs <br> fuse-sshfs <br> fuse-zip <br> fuse3 <br> future <br> fxload <br> gavl <br> gbenchmark <br> gconf-editor <br> GConf2 <br> gcovr <br> gcr <br> gdal <br> gdisk <br> gdk-pixbuf2 <br> generic-logos <br> genwqe-tools <br> geoclue2 <br> GeoIP <br> GeoIP-GeoLite-data <br> geolite2 <br> geos <br> gfs2-utils <br> ghc-srpm-macros <br> giflib <br> gl-manpages <br> glew <br> glm <br> glog <br> glslang <br> glusterfs <br> gnome-desktop-testing <br> gnome-doc-utils <br> gnome-icon-theme <br> gnome-keyring <br> gnu-efi <br> go-rpm-macros <br> gom <br> google-api-python-client <br> google-crosextra-caladea-fonts <br> google-crosextra-carlito-fonts <br> google-guice <br> google-noto-cjk-fonts <br> google-noto-emoji-fonts <br> google-roboto-slab-fonts <br> gphoto2 <br> gpm <br> gpsbabel <br> graphene <br> graphite2 <br> graphviz <br> grubby <br> gsettings-desktop-schemas <br> gsl <br> gsm <br> gspell <br> gssdp <br> gssntlmssp <br> gstreamer1 <br> gstreamer1-plugins-base <br> gtk-vnc <br> gtk2 <br> gtk3 <br> gtkspell <br> gupnp <br> gupnp-av <br> gupnp-dlna <br> gupnp-igd <br> hardening-check <br> hdf <br> hdf5 <br> heimdal <br> help2man <br> hexedit <br> hicolor-icon-theme <br> hiera <br> highlight <br> hivex <br> hostname <br> hping3 <br> hsakmt <br> htop <br> hunspell <br> hunspell-af <br> hunspell-ar <br> hunspell-as <br> hunspell-ast <br> hunspell-az <br> hunspell-be <br> hunspell-bg <br> hunspell-bn <br> hunspell-br <br> hunspell-ca <br> hunspell-cop <br> hunspell-csb <br> hunspell-cv <br> hunspell-cy <br> hunspell-da <br> hunspell-de <br> hunspell-dsb <br> hunspell-el <br> hunspell-en <br> hunspell-eo <br> hunspell-es <br> hunspell-et <br> hunspell-eu <br> hunspell-fa <br> hunspell-fj <br> hunspell-fo <br> hunspell-fr <br> hunspell-fur <br> hunspell-fy <br> hunspell-ga <br> hunspell-gd <br> hunspell-gl <br> hunspell-grc <br> hunspell-gu <br> hunspell-gv <br> hunspell-haw <br> hunspell-hi <br> hunspell-hil <br> hunspell-hr <br> hunspell-hsb <br> hunspell-ht <br> hunspell-hu <br> hunspell-hy <br> hunspell-ia <br> hunspell-id <br> hunspell-is <br> hunspell-it <br> hunspell-kk <br> hunspell-km <br> hunspell-kn <br> hunspell-ko <br> hunspell-ku <br> hunspell-ky <br> hunspell-la <br> hunspell-lb <br> hunspell-ln <br> hunspell-mai <br> hunspell-mg <br> hunspell-mi <br> hunspell-mk <br> hunspell-ml <br> hunspell-mn <br> hunspell-mos <br> hunspell-mr <br> hunspell-ms <br> hunspell-mt <br> hunspell-nds <br> hunspell-ne <br> hunspell-nl <br> hunspell-no <br> hunspell-nr <br> hunspell-nso <br> hunspell-ny <br> hunspell-om <br> hunspell-or <br> hunspell-pa <br> hunspell-pl <br> hunspell-pt <br> hunspell-quh <br> hunspell-ro <br> hunspell-ru <br> hunspell-rw <br> hunspell-se <br> hunspell-shs <br> hunspell-si <br> hunspell-sk <br> hunspell-sl <br> hunspell-smj <br> hunspell-so <br> hunspell-sq <br> hunspell-sr <br> hunspell-sv <br> hunspell-sw <br> hunspell-ta <br> hunspell-te <br> hunspell-tet <br> hunspell-th <br> hunspell-tk <br> hunspell-tl <br> hunspell-tn <br> hunspell-tpi <br> hunspell-ts <br> hunspell-uk <br> hunspell-uz <br> hunspell-ve <br> hunspell-vi <br> hunspell-wa <br> hunspell-xh <br> hunspell-yi <br> hwdata <br> hwloc <br> hyperscan <br> hyperv-daemons <br> hyphen <br> hyphen-as <br> hyphen-bg <br> hyphen-bn <br> hyphen-ca <br> hyphen-da <br> hyphen-de <br> hyphen-el <br> hyphen-es <br> hyphen-fa <br> hyphen-fo <br> hyphen-fr <br> hyphen-ga <br> hyphen-gl <br> hyphen-grc <br> hyphen-gu <br> hyphen-hi <br> hyphen-hsb <br> hyphen-hu <br> hyphen-ia <br> hyphen-id <br> hyphen-is <br> hyphen-it <br> hyphen-kn <br> hyphen-ku <br> hyphen-lt <br> hyphen-mi <br> hyphen-ml <br> hyphen-mn <br> hyphen-mr <br> hyphen-nl <br> hyphen-or <br> hyphen-pa <br> hyphen-pl <br> hyphen-pt <br> hyphen-ro <br> hyphen-ru <br> hyphen-sa <br> hyphen-sk <br> hyphen-sl <br> hyphen-sv <br> hyphen-ta <br> hyphen-te <br> hyphen-tk <br> hyphen-uk <br> ibus <br> ibus-chewing <br> ibus-hangul <br> ibus-kkc <br> ibus-libzhuyin <br> ibus-m17n <br> ibus-rawcode <br> ibus-sayura <br> ibus-table <br> ibus-table-chinese <br> icc-profiles-openicc <br> icon-naming-utils <br> icoutils <br> iftop <br> iio-sensor-proxy <br> ilmbase <br> im-chooser <br> imaptest <br> imsettings <br> indent <br> infinipath-psm <br> inih <br> iniparser <br> intel-cmt-cat <br> intel-ipsec-mb <br> ioping <br> IP2Location <br> ipa-pgothic-fonts <br> ipcalc <br> ipmitool <br> iprutils <br> iptraf-ng <br> iptstate <br> irssi <br> iscsi-initiator-utils <br> isns-utils <br> iso-codes <br> isomd5sum <br> iw <br> iwd <br> jabberpy <br> jakarta-servlet <br> jasper <br> javapackages-bootstrap <br> javapackages-tools <br> jbigkit <br> jdom2 <br> jemalloc <br> jfsutils <br> jimtcl <br> jose <br> js-jquery <br> jsoncpp <br> Judy <br> jurand <br> kata-containers <br> kde-filesystem <br> kde-settings <br> kexec-tools <br> keybinder3 <br> keycloak-httpd-client-install <br> kf <br> kf-kconfig <br> kf-kcoreaddons <br> kf-ki18n <br> kf-kwidgetsaddons <br> kpmcore <br> kronosnet <br> ksh <br> kyotocabinet <br> kyua <br> ladspa <br> lame <br> langtable <br> lapack <br> lasso <br> latencytop <br> lato-fonts <br> lcms2 <br> lcov <br> ldns <br> leatherman <br> ledmon <br> lensfun <br> leveldb <br> lftp <br> libabw <br> libaec <br> libao <br> libappstream-glib <br> libarrow <br> libart_lgpl <br> libasyncns <br> libatasmart <br> libavc1394 <br> libblockdev <br> libbpf <br> libbsd <br> libburn <br> libbytesize <br> libcacard <br> libcanberra <br> libcdio <br> libcdio-paranoia <br> libcdr <br> libcgroup <br> libchewing <br> libcli <br> libcmis <br> libcmpiutil <br> libcomps <br> libcroco <br> libdaemon <br> libdap <br> libdatrie <br> libdazzle <br> libdbi <br> libdbusmenu <br> libdc1394 <br> libdecor <br> libdeflate <br> libdmx <br> libdnf <br> libdrm <br> libdvdnav <br> libdvdread <br> libdwarf <br> libeasyfc <br> libecap <br> libecb <br> libei <br> libell <br> libEMF <br> libeot <br> libepoxy <br> libepubgen <br> libesmtp <br> libetonyek <br> libev <br> libevdev <br> libexif <br> libexttextcat <br> libfabric <br> libfontenc <br> libfreehand <br> libftdi <br> libgadu <br> libgdither <br> libgee <br> libgee06 <br> libgeotiff <br> libgexiv2 <br> libgit2 <br> libgit2-glib <br> libglade2 <br> libglvnd <br> libgovirt <br> libgphoto2 <br> libgsf <br> libgta <br> libguestfs <br> libgusb <br> libgxim <br> libgxps <br> libhangul <br> libhugetlbfs <br> libibcommon <br> libical <br> libICE <br> libicns <br> libid3tag <br> libIDL <br> libidn2 <br> libiec61883 <br> libieee1284 <br> libimobiledevice <br> libindicator <br> libinput <br> libiodbc <br> libipt <br> libiptcdata <br> libiscsi <br> libisoburn <br> libisofs <br> libjcat <br> libkcapi <br> libkeepalive <br> libkkc <br> libkkc-data <br> libkml <br> liblangtag <br> libldb <br> libldm <br> liblerc <br> liblockfile <br> liblognorm <br> liblouis <br> liblqr-1 <br> liblzf <br> libmad <br> libmd <br> libmediaart <br> libmicrohttpd <br> libmikmod <br> libmodman <br> libmodplug <br> libmodulemd1 <br> libmpcdec <br> libmspub <br> libmtp <br> libmusicbrainz5 <br> libmwaw <br> libnbd <br> libnet <br> libnetfilter_log <br> libnfs <br> libnotify <br> libntlm <br> libnumbertext <br> libnvme <br> liboauth <br> libodfgen <br> libofa <br> libogg <br> liboggz <br> liboil <br> libomxil-bellagio <br> libopenraw <br> liboping <br> libosinfo <br> libotf <br> libotr <br> libpagemaker <br> libpaper <br> libpciaccess <br> libpeas <br> libpfm <br> libpinyin <br> libplist <br> libpmemobj-cpp <br> libpng12 <br> libpng15 <br> libproxy <br> libpsm2 <br> libpwquality <br> libqb <br> libqxp <br> libraqm <br> LibRaw <br> libraw1394 <br> libreport <br> libreswan <br> librevenge <br> librsvg2 <br> librx <br> libsamplerate <br> libsass <br> libsecret <br> libsemanage <br> libsigc++20 <br> libsigsegv <br> libslirp <br> libSM <br> libsmbios <br> libsmi <br> libsndfile <br> libsodium <br> libspiro <br> libsrtp <br> libssh <br> libstaroffice <br> libstemmer <br> libstoragemgmt <br> libtdb <br> libteam <br> libtevent <br> libthai <br> libtnc <br> libtomcrypt <br> libtommath <br> libtpms <br> libtracecmd <br> libtraceevent <br> libtracefs <br> libtranslit <br> libucil <br> libunicap <br> libuninameslist <br> liburing <br> libusbmuxd <br> libuser <br> libutempter <br> libvarlink <br> libverto <br> libvirt-dbus <br> libvirt-glib <br> libvirt-java <br> libvirt-python <br> libvisio <br> libvisual <br> libvoikko <br> libvorbis <br> libvpx <br> libwacom <br> libwnck3 <br> libwpd <br> libwpe <br> libwpg <br> libwps <br> libwvstreams <br> libX11 <br> libXau <br> libXaw <br> libxcb <br> libXcomposite <br> libxcrypt <br> libXcursor <br> libxcvt <br> libXdamage <br> libXdmcp <br> libXext <br> libxfce4util <br> libXfixes <br> libXfont2 <br> libXft <br> libXi <br> libXinerama <br> libxkbcommon <br> libxkbfile <br> libxklavier <br> libxmlb <br> libXmu <br> libXpm <br> libXrandr <br> libXrender <br> libXres <br> libXScrnSaver <br> libxshmfence <br> libXt <br> libXtst <br> libXv <br> libXxf86vm <br> libyami <br> libyang <br> libyubikey <br> libzip <br> libzmf <br> lilv <br> linuxconsoletools <br> linuxptp <br> lksctp-tools <br> lldpd <br> lockdev <br> logwatch <br> lpsolve <br> lrzsz <br> lua <br> lua-expat <br> lua-filesystem <br> lua-json <br> lua-lpeg <br> lua-lunit <br> lua-rpm-macros <br> lua-term <br> luajit <br> lujavrite <br> luksmeta <br> lutok <br> lv2 <br> lzip <br> lzop <br> m17n-db <br> m17n-lib <br> mac-robber <br> mailcap <br> mailx <br> malaga <br> malaga-suomi-voikko <br> mallard-rng <br> man-pages-cs <br> man-pages-es <br> man-pages-it <br> man-pages-ja <br> man-pages-ko <br> man-pages-pl <br> man-pages-ru <br> man-pages-zh-CN <br> mandoc <br> mariadb-connector-c <br> mariadb-connector-odbc <br> marisa <br> maven-compiler-plugin <br> maven-jar-plugin <br> maven-resolver <br> maven-resources-plugin <br> maven-surefire <br> maven-wagon <br> mcelog <br> mcpp <br> mcstrans <br> mdadm <br> mdds <br> mdevctl <br> meanwhile <br> mecab <br> mecab-ipadic <br> media-player-info <br> memcached <br> memkind <br> mesa <br> mesa-libGLU <br> metis <br> microcode_ctl <br> microdnf <br> minicom <br> minizip <br> mksh <br> mobile-broadband-provider-info <br> mock <br> mock-core-configs <br> mod_auth_gssapi <br> mod_auth_mellon <br> mod_auth_openidc <br> mod_authnz_pam <br> mod_fcgid <br> mod_http2 <br> mod_intercept_form_submit <br> mod_lookup_identity <br> mod_md <br> mod_security <br> mod_security_crs <br> mod_wsgi <br> mokutil <br> mosh <br> mpage <br> mrtg <br> mstflint <br> mt-st <br> mtdev <br> mtools <br> mtr <br> mtx <br> munge <br> mutt <br> mythes <br> mythes-bg <br> mythes-ca <br> mythes-cs <br> mythes-da <br> mythes-de <br> mythes-el <br> mythes-en <br> mythes-eo <br> mythes-es <br> mythes-fr <br> mythes-ga <br> mythes-hu <br> mythes-mi <br> mythes-ne <br> mythes-nl <br> mythes-pl <br> mythes-pt <br> mythes-ro <br> mythes-ru <br> mythes-sk <br> mythes-sl <br> mythes-sv <br> mythes-uk <br> nbd <br> nbdkit <br> neon <br> netavark <br> netcdf <br> netcf <br> netlabel_tools <br> netpbm <br> netsniff-ng <br> nfs4-acl-tools <br> nftables <br> nilfs-utils <br> nkf <br> nload <br> nlopt <br> nodejs-packaging <br> nss-mdns <br> nss-pam-ldapd <br> nss_nis <br> nss_wrapper <br> ntfs-3g <br> ntfs-3g-system-compression <br> numad <br> numatop <br> numpy <br> nvmetcli <br> nvml <br> oath-toolkit <br> ocaml <br> ocaml-alcotest <br> ocaml-astring <br> ocaml-augeas <br> ocaml-base <br> ocaml-bigarray-compat <br> ocaml-bisect-ppx <br> ocaml-calendar <br> ocaml-camlp-streams <br> ocaml-camlp5 <br> ocaml-camomile <br> ocaml-cinaps <br> ocaml-cmdliner <br> ocaml-compiler-libs-janestreet <br> ocaml-cppo <br> ocaml-csexp <br> ocaml-csv <br> ocaml-ctypes <br> ocaml-curses <br> ocaml-dune <br> ocaml-extlib <br> ocaml-fileutils <br> ocaml-findlib <br> ocaml-fmt <br> ocaml-fpath <br> ocaml-gettext <br> ocaml-integers <br> ocaml-libvirt <br> ocaml-luv <br> ocaml-lwt <br> ocaml-markup <br> ocaml-mmap <br> ocaml-num <br> ocaml-ocamlbuild <br> ocaml-ocplib-endian <br> ocaml-ounit <br> ocaml-parsexp <br> ocaml-pp <br> ocaml-ppx-derivers <br> ocaml-ppx-here <br> ocaml-ppx-let <br> ocaml-ppxlib <br> ocaml-re <br> ocaml-react <br> ocaml-result <br> ocaml-seq <br> ocaml-sexplib <br> ocaml-sexplib0 <br> ocaml-srpm-macros <br> ocaml-stdio <br> ocaml-stdlib-random <br> ocaml-topkg <br> ocaml-tyxml <br> ocaml-uutf <br> ocaml-xml-light <br> ocaml-zarith <br> ocl-icd <br> oddjob <br> ogdi <br> omping <br> opa <br> opal <br> open-vm-tools <br> openblas <br> opencc <br> opencl-filesystem <br> opencl-headers <br> opencryptoki <br> opencsd <br> opendnssec <br> OpenEXR <br> openjade <br> openjpeg2 <br> openmpi <br> openobex <br> openoffice-lv <br> openrdate <br> opensc <br> openslp <br> opensm <br> opensp <br> openssl <br> openssl-ibmpkcs11 <br> openssl-pkcs11 <br> openwsman <br> optipng <br> opus <br> opusfile <br> orangefs <br> ORBit2 <br> orc <br> os-prober <br> osinfo-db <br> osinfo-db-tools <br> overpass-fonts <br> p11-kit <br> p7zip <br> pacemaker <br> pacrunner <br> pakchois <br> pam_krb5 <br> pam_wrapper <br> papi <br> paps <br> parallel <br> patchelf <br> patchutils <br> pbzip2 <br> pcp <br> pcsc-lite <br> pcsc-lite-ccid <br> PEGTL <br> perl <br> perl-Algorithm-C3 <br> perl-Algorithm-Diff <br> perl-Alien-Build <br> perl-Alien-pkgconf <br> perl-AnyEvent <br> perl-AnyEvent-AIO <br> perl-AnyEvent-BDB <br> perl-App-cpanminus <br> perl-App-FatPacker <br> perl-AppConfig <br> perl-Archive-Extract <br> perl-Archive-Zip <br> perl-Authen-SASL <br> perl-B-COW <br> perl-B-Debug <br> perl-B-Hooks-EndOfScope <br> perl-B-Hooks-OP-Check <br> perl-B-Keywords <br> perl-B-Lint <br> perl-bareword-filehandles <br> perl-Bit-Vector <br> perl-boolean <br> perl-Browser-Open <br> perl-BSD-Resource <br> perl-Business-ISBN <br> perl-Business-ISBN-Data <br> perl-Bytes-Random-Secure <br> perl-Capture-Tiny <br> perl-Carp-Clan <br> perl-CBOR-XS <br> perl-Class-Accessor <br> perl-Class-C3 <br> perl-Class-C3-XS <br> perl-Class-Data-Inheritable <br> perl-Class-Factory-Util <br> perl-Class-Inspector <br> perl-Class-ISA <br> perl-Class-Load <br> perl-Class-Load-XS <br> perl-Class-Method-Modifiers <br> perl-Class-Singleton <br> perl-Class-Tiny <br> perl-Class-XSAccessor <br> perl-Clone <br> perl-Color-ANSI-Util <br> perl-Color-RGB-Util <br> perl-ColorThemeBase-Static <br> perl-ColorThemeRole-ANSI <br> perl-ColorThemes-Standard <br> perl-ColorThemeUtil-ANSI <br> perl-Compress-Bzip2 <br> perl-Compress-LZF <br> perl-Compress-Raw-Lzma <br> perl-Config-AutoConf <br> perl-Config-INI <br> perl-Config-INI-Reader-Multiline <br> perl-Config-IniFiles <br> perl-Config-Simple <br> perl-Config-Tiny <br> perl-Const-Fast <br> perl-Convert-ASN1 <br> perl-Convert-Bencode <br> perl-Coro <br> perl-Coro-Multicore <br> perl-CPAN-Changes <br> perl-CPAN-DistnameInfo <br> perl-CPAN-Meta-Check <br> perl-Cpanel-JSON-XS <br> perl-Crypt-CBC <br> perl-Crypt-DES <br> perl-Crypt-IDEA <br> perl-Crypt-OpenSSL-Bignum <br> perl-Crypt-OpenSSL-Guess <br> perl-Crypt-OpenSSL-Random <br> perl-Crypt-OpenSSL-RSA <br> perl-Crypt-PasswdMD5 <br> perl-Crypt-Random-Seed <br> perl-CSS-Tiny <br> perl-Data-Dump <br> perl-Data-Munge <br> perl-Data-OptList <br> perl-Data-Peek <br> perl-Data-Section <br> perl-Data-UUID <br> perl-Date-Calc <br> perl-Date-ISO8601 <br> perl-Date-Manip <br> perl-DateTime <br> perl-DateTime-Format-Builder <br> perl-DateTime-Format-DateParse <br> perl-DateTime-Format-HTTP <br> perl-DateTime-Format-IBeat <br> perl-DateTime-Format-ISO8601 <br> perl-DateTime-Format-Mail <br> perl-DateTime-Format-Strptime <br> perl-DateTime-Locale <br> perl-DateTime-TimeZone <br> perl-DateTime-TimeZone-SystemV <br> perl-DateTime-TimeZone-Tzfile <br> perl-DBD-MySQL <br> perl-Devel-CallChecker <br> perl-Devel-Caller <br> perl-Devel-CheckBin <br> perl-Devel-CheckLib <br> perl-Devel-Cycle <br> perl-Devel-EnforceEncapsulation <br> perl-Devel-GlobalDestruction <br> perl-Devel-GlobalDestruction-XS <br> perl-Devel-Hide <br> perl-Devel-Leak <br> perl-Devel-LexAlias <br> perl-Devel-Refcount <br> perl-Devel-Size <br> perl-Devel-StackTrace <br> perl-Devel-Symdump <br> perl-Digest-BubbleBabble <br> perl-Digest-CRC <br> perl-Digest-HMAC <br> perl-Digest-SHA1 <br> perl-Dist-CheckConflicts <br> perl-DynaLoader-Functions <br> perl-Email-Address <br> perl-Email-Date-Format <br> perl-Encode-Detect <br> perl-Encode-EUCJPASCII <br> perl-Encode-IMAPUTF7 <br> perl-Encode-Locale <br> perl-Env-ShellWords <br> perl-Error <br> perl-EV <br> perl-Eval-Closure <br> perl-Event <br> perl-Exception-Class <br> perl-Expect <br> perl-ExtUtils-Config <br> perl-ExtUtils-Depends <br> perl-ExtUtils-Helpers <br> perl-ExtUtils-InstallPaths <br> perl-ExtUtils-PkgConfig <br> perl-FCGI <br> perl-Fedora-VSP <br> perl-FFI-CheckLib <br> perl-File-BaseDir <br> perl-File-BOM <br> perl-File-chdir <br> perl-File-CheckTree <br> perl-File-Copy-Recursive <br> perl-File-DesktopEntry <br> perl-File-Find-Object <br> perl-File-Find-Object-Rule <br> perl-File-Find-Rule <br> perl-File-Find-Rule-Perl <br> perl-File-Inplace <br> perl-File-Listing <br> perl-File-MimeInfo <br> perl-File-pushd <br> perl-File-ReadBackwards <br> perl-File-Remove <br> perl-File-ShareDir <br> perl-File-ShareDir-Install <br> perl-File-Slurp <br> perl-File-Slurp-Tiny <br> perl-File-Slurper <br> perl-File-Type <br> perl-Font-TTF <br> perl-FreezeThaw <br> perl-GD <br> perl-GD-Barcode <br> perl-generators <br> perl-Getopt-ArgvFile <br> perl-gettext <br> perl-Graphics-ColorNamesLite-WWW <br> perl-GSSAPI <br> perl-Guard <br> perl-Hook-LexWrap <br> perl-HTML-Parser <br> perl-HTML-Tagset <br> perl-HTML-Tree <br> perl-HTTP-Cookies <br> perl-HTTP-Daemon <br> perl-HTTP-Date <br> perl-HTTP-Message <br> perl-HTTP-Negotiate <br> perl-Image-Base <br> perl-Image-Info <br> perl-Image-Xbm <br> perl-Image-Xpm <br> perl-Import-Into <br> perl-Importer <br> perl-inc-latest <br> perl-indirect <br> perl-Inline-Files <br> perl-IO-AIO <br> perl-IO-All <br> perl-IO-CaptureOutput <br> perl-IO-Compress-Lzma <br> perl-IO-HTML <br> perl-IO-Multiplex <br> perl-IO-SessionData <br> perl-IO-Socket-INET6 <br> perl-IO-String <br> perl-IO-stringy <br> perl-IO-Tty <br> perl-IPC-Run <br> perl-IPC-Run3 <br> perl-IPC-System-Simple <br> perl-JSON <br> perl-JSON-Color <br> perl-JSON-MaybeXS <br> perl-LDAP <br> perl-libnet <br> perl-libwww-perl <br> perl-libxml-perl <br> perl-Lingua-EN-Inflect <br> perl-List-MoreUtils-XS <br> perl-local-lib <br> perl-Locale-Codes <br> perl-Locale-Maketext-Gettext <br> perl-Locale-Msgfmt <br> perl-Locale-PO <br> perl-Log-Message <br> perl-Log-Message-Simple <br> perl-LWP-MediaTypes <br> perl-LWP-Protocol-https <br> perl-Mail-AuthenticationResults <br> perl-Mail-DKIM <br> perl-Mail-IMAPTalk <br> perl-Mail-SPF <br> perl-MailTools <br> perl-Match-Simple <br> perl-Math-Int64 <br> perl-Math-Random-ISAAC <br> perl-MIME-Charset <br> perl-MIME-Lite <br> perl-MIME-Types <br> perl-Mixin-Linewise <br> perl-MLDBM <br> perl-Mock-Config <br> perl-Module-Build-Tiny <br> perl-Module-CPANfile <br> perl-Module-Implementation <br> perl-Module-Install-AuthorRequires <br> perl-Module-Install-AuthorTests <br> perl-Module-Install-AutoLicense <br> perl-Module-Install-GithubMeta <br> perl-Module-Install-ManifestSkip <br> perl-Module-Install-ReadmeFromPod <br> perl-Module-Install-ReadmeMarkdownFromPod <br> perl-Module-Install-Repository <br> perl-Module-Install-TestBase <br> perl-Module-Load-Util <br> perl-Module-Manifest <br> perl-Module-Manifest-Skip <br> perl-Module-Package <br> perl-Module-Package-Au <br> perl-Module-Pluggable <br> perl-Module-Runtime <br> perl-Module-Signature <br> perl-Mojolicious <br> perl-Moo <br> perl-Mozilla-CA <br> perl-Mozilla-LDAP <br> perl-MRO-Compat <br> perl-multidimensional <br> perl-namespace-autoclean <br> perl-namespace-clean <br> perl-Net-CIDR-Lite <br> perl-Net-Daemon <br> perl-Net-DNS <br> perl-Net-DNS-Resolver-Mock <br> perl-Net-DNS-Resolver-Programmable <br> perl-Net-HTTP <br> perl-Net-IMAP-Simple <br> perl-Net-IMAP-Simple-SSL <br> perl-Net-IP <br> perl-Net-LibIDN2 <br> perl-Net-Patricia <br> perl-Net-SMTP-SSL <br> perl-Net-SNMP <br> perl-Net-Telnet <br> perl-Newt <br> perl-NNTPClient <br> perl-NTLM <br> perl-Number-Compare <br> perl-Object-Deadly <br> perl-Object-HashBase <br> perl-Package-Anon <br> perl-Package-Constants <br> perl-Package-DeprecationManager <br> perl-Package-Generator <br> perl-Package-Stash <br> perl-Package-Stash-XS <br> perl-PadWalker <br> perl-Paper-Specs <br> perl-PAR-Dist <br> perl-Parallel-Iterator <br> perl-Params-Classify <br> perl-Params-Util <br> perl-Params-Validate <br> perl-Params-ValidationCompiler <br> perl-Parse-PMFile <br> perl-Parse-RecDescent <br> perl-Parse-Yapp <br> perl-Path-Tiny <br> perl-Perl-Critic <br> perl-Perl-Critic-More <br> perl-Perl-Destruct-Level <br> perl-Perl-MinimumVersion <br> perl-Perl4-CoreLibs <br> perl-PerlIO-gzip <br> perl-PerlIO-utf8_strict <br> perl-PkgConfig-LibPkgConf <br> perl-Pod-Coverage <br> perl-Pod-Coverage-TrustPod <br> perl-Pod-Escapes <br> perl-Pod-Eventual <br> perl-Pod-LaTeX <br> perl-Pod-Markdown <br> perl-Pod-Parser <br> perl-Pod-Plainer <br> perl-Pod-POM <br> perl-Pod-Spell <br> perl-PPI <br> perl-PPI-HTML <br> perl-PPIx-QuoteLike <br> perl-PPIx-Regexp <br> perl-PPIx-Utilities <br> perl-prefork <br> perl-Probe-Perl <br> perl-Razor-Agent <br> perl-Readonly <br> perl-Readonly-XS <br> perl-Ref-Util <br> perl-Ref-Util-XS <br> perl-Regexp-Pattern-Perl <br> perl-Return-MultiLevel <br> perl-Role-Tiny <br> perl-Scope-Guard <br> perl-Scope-Upper <br> perl-SGMLSpm <br> perl-SNMP_Session <br> perl-Socket6 <br> perl-Software-License <br> perl-Sort-Versions <br> perl-Specio <br> perl-Spiffy <br> perl-strictures <br> perl-String-CRC32 <br> perl-String-Format <br> perl-String-ShellQuote <br> perl-String-Similarity <br> perl-Sub-Exporter <br> perl-Sub-Exporter-Progressive <br> perl-Sub-Identify <br> perl-Sub-Infix <br> perl-Sub-Info <br> perl-Sub-Install <br> perl-Sub-Name <br> perl-Sub-Quote <br> perl-Sub-Uplevel <br> perl-SUPER <br> perl-Switch <br> perl-Syntax-Highlight-Engine-Kate <br> perl-Sys-CPU <br> perl-Sys-MemInfo <br> perl-Sys-Virt <br> perl-Taint-Runtime <br> perl-Task-Weaken <br> perl-Term-Size-Any <br> perl-Term-Size-Perl <br> perl-Term-Table <br> perl-Term-UI <br> perl-TermReadKey <br> perl-Test-Base <br> perl-Test-ClassAPI <br> perl-Test-CPAN-Meta <br> perl-Test-CPAN-Meta-JSON <br> perl-Test-Deep <br> perl-Test-Differences <br> perl-Test-DistManifest <br> perl-Test-Distribution <br> perl-Test-EOL <br> perl-Test-Exception <br> perl-Test-Exit <br> perl-Test-FailWarnings <br> perl-Test-Fatal <br> perl-Test-File <br> perl-Test-File-ShareDir <br> perl-Test-Harness <br> perl-Test-HasVersion <br> perl-Test-InDistDir <br> perl-Test-Inter <br> perl-Test-LeakTrace <br> perl-Test-LongString <br> perl-Test-Manifest <br> perl-Test-Memory-Cycle <br> perl-Test-MinimumVersion <br> perl-Test-MockObject <br> perl-Test-MockRandom <br> perl-Test-Needs <br> perl-Test-NoTabs <br> perl-Test-NoWarnings <br> perl-Test-Object <br> perl-Test-Output <br> perl-Test-Pod <br> perl-Test-Pod-Coverage <br> perl-Test-Portability-Files <br> perl-Test-Requires <br> perl-Test-RequiresInternet <br> perl-Test-Script <br> perl-Test-Simple <br> perl-Test-SubCalls <br> perl-Test-Synopsis <br> perl-Test-Taint <br> perl-Test-TrailingSpace <br> perl-Test-utf8 <br> perl-Test-Vars <br> perl-Test-Warn <br> perl-Test-Without-Module <br> perl-Test2-Plugin-NoWarnings <br> perl-Test2-Suite <br> perl-Test2-Tools-Explain <br> perl-Text-CharWidth <br> perl-Text-CSV_XS <br> perl-Text-Diff <br> perl-Text-Glob <br> perl-Text-Iconv <br> perl-Text-Soundex <br> perl-Text-Unidecode <br> perl-Text-WrapI18N <br> perl-Tie-IxHash <br> perl-TimeDate <br> perl-Tree-DAG_Node <br> perl-Unicode-EastAsianWidth <br> perl-Unicode-LineBreak <br> perl-Unicode-Map8 <br> perl-Unicode-String <br> perl-Unicode-UTF8 <br> perl-UNIVERSAL-can <br> perl-UNIVERSAL-isa <br> perl-Unix-Syslog <br> perl-URI <br> perl-Variable-Magic <br> perl-Version-Requirements <br> perl-WWW-RobotRules <br> perl-XML-Catalog <br> perl-XML-DOM <br> perl-XML-Dumper <br> perl-XML-Filter-BufferText <br> perl-XML-Generator <br> perl-XML-Grove <br> perl-XML-Handler-YAWriter <br> perl-XML-LibXML <br> perl-XML-LibXSLT <br> perl-XML-NamespaceSupport <br> perl-XML-Parser-Lite <br> perl-XML-RegExp <br> perl-XML-SAX <br> perl-XML-SAX-Base <br> perl-XML-SAX-Writer <br> perl-XML-Simple <br> perl-XML-TokeParser <br> perl-XML-TreeBuilder <br> perl-XML-Twig <br> perl-XML-Writer <br> perl-XML-XPath <br> perl-XML-XPathEngine <br> perl-XString <br> perl-YAML-LibYAML <br> perl-YAML-PP <br> perl-YAML-Syck <br> perltidy <br> pesign <br> phodav <br> php <br> php-pear <br> php-pecl-apcu <br> php-pecl-zip <br> physfs <br> picosat <br> pinfo <br> pipewire <br> pixman <br> pkcs11-helper <br> pkgconf <br> plexus-cipher <br> plexus-containers <br> plexus-sec-dispatcher <br> plotutils <br> pmdk-convert <br> pmix <br> pngcrush <br> pngnq <br> po4a <br> podman <br> poetry <br> policycoreutils <br> polkit-pkla-compat <br> polkit-qt-1 <br> portreserve <br> postfix <br> potrace <br> powertop <br> ppp <br> pps-tools <br> pptp <br> priv_wrapper <br> procmail <br> prometheus <br> prometheus-node-exporter <br> ps_mem <br> psacct <br> pssh <br> psutils <br> ptlib <br> publicsuffix-list <br> pugixml <br> pulseaudio <br> puppet <br> pwgen <br> pyatspi <br> pybind11 <br> pycairo <br> pyelftools <br> pyflakes <br> pygobject3 <br> PyGreSQL <br> pykickstart <br> pylint <br> pyparted <br> pyproject-rpm-macros <br> pyserial <br> python-absl-py <br> python-aiodns <br> python-aiohttp <br> python-alsa <br> python-argcomplete <br> python-argparse-manpage <br> python-astroid <br> python-astunparse <br> python-async-generator <br> python-augeas <br> python-azure-sdk <br> python-backoff <br> python-beautifulsoup4 <br> python-betamax <br> python-blinker <br> python-blivet <br> python-cached_property <br> python-charset-normalizer <br> python-cheetah <br> python-click <br> python-cmd2 <br> python-colorama <br> python-CommonMark <br> python-conda-package-handling <br> python-configshell <br> python-cpuinfo <br> python-cups <br> python-curio <br> python-cytoolz <br> python-d2to1 <br> python-dbus-client-gen <br> python-dbus-python-client-gen <br> python-dbus-signature-pyparsing <br> python-dbusmock <br> python-ddt <br> python-debtcollector <br> python-decorator <br> python-distlib <br> python-dmidecode <br> python-dns <br> python-dtopt <br> python-dulwich <br> python-editables <br> python-enchant <br> python-entrypoints <br> python-ethtool <br> python-evdev <br> python-extras <br> python-faker <br> python-fasteners <br> python-fastjsonschema <br> python-fields <br> python-filelock <br> python-fixtures <br> python-flake8 <br> python-flask <br> python-flit <br> python-flit-core <br> python-fluidity-sm <br> python-frozendict <br> python-funcsigs <br> python-gast <br> python-genshi <br> python-google-auth <br> python-google-auth-oauthlib <br> python-greenlet <br> python-gssapi <br> python-h5py <br> python-hatch-fancy-pypi-readme <br> python-hatch-vcs <br> python-hatchling <br> python-hs-dbus-signature <br> python-html5lib <br> python-httplib2 <br> python-humanize <br> python-hwdata <br> python-importlib-metadata <br> python-inotify <br> python-into-dbus-python <br> python-IPy <br> python-iso8601 <br> python-isodate <br> python-isort <br> python-itsdangerous <br> python-junitxml <br> python-justbases <br> python-justbytes <br> python-jwcrypto <br> python-jwt <br> python-kdcproxy <br> python-kerberos <br> python-kmod <br> python-kubernetes <br> python-lark <br> python-lazy-object-proxy <br> python-ldap <br> python-linux-procfs <br> python-lit <br> python-looseversion <br> python-markdown <br> python-markdown-it-py <br> python-mccabe <br> python-mdurl <br> python-memcached <br> python-mimeparse <br> python-mock <br> python-monotonic <br> python-more-itertools <br> python-mpmath <br> python-msal <br> python-msrestazure <br> python-mutagen <br> python-networkx <br> python-nose2 <br> python-ntlm-auth <br> python-oauth2client <br> python-openpyxl <br> python-openstackdocstheme <br> python-oslo-i18n <br> python-oslo-sphinx <br> python-paramiko <br> python-pathspec <br> python-pefile <br> python-pexpect <br> python-pkgconfig <br> python-platformdirs <br> python-pluggy <br> python-podman-api <br> python-poetry-core <br> python-process-tests <br> python-productmd <br> python-ptyprocess <br> python-pycares <br> python-pycosat <br> python-pydbus <br> python-pymongo <br> python-PyMySQL <br> python-pyperclip <br> python-pyproject-metadata <br> python-pyroute2 <br> python-pyrsistent <br> python-pysocks <br> python-pytest-benchmark <br> python-pytest-cov <br> python-pytest-expect <br> python-pytest-flake8 <br> python-pytest-flakes <br> python-pytest-forked <br> python-pytest-mock <br> python-pytest-relaxed <br> python-pytest-runner <br> python-pytest-subtests <br> python-pytest-timeout <br> python-pytest-xdist <br> python-pytoml <br> python-pyudev <br> python-pywbem <br> python-qrcode <br> python-rdflib <br> python-recommonmark <br> python-requests-file <br> python-requests-ftp <br> python-requests-kerberos <br> python-requests-mock <br> python-requests-oauthlib <br> python-requests-toolbelt <br> python-requests_ntlm <br> python-responses <br> python-retrying <br> python-rfc3986 <br> python-rich <br> python-rpm-generators <br> python-rpmautospec-core <br> python-rpmfluff <br> python-rtslib <br> python-ruamel-yaml <br> python-ruamel-yaml-clib <br> python-s3transfer <br> python-schedutils <br> python-semantic_version <br> python-should_dsl <br> python-simpleline <br> python-slip <br> python-sniffio <br> python-sortedcontainers <br> python-soupsieve <br> python-sphinx <br> python-sphinx-epytext <br> python-sphinx-theme-py3doc-enhanced <br> python-sphinx_rtd_theme <br> python-sphinxcontrib-apidoc <br> python-sphinxcontrib-applehelp <br> python-sphinxcontrib-devhelp <br> python-sphinxcontrib-htmlhelp <br> python-sphinxcontrib-httpdomain <br> python-sphinxcontrib-jsmath <br> python-sphinxcontrib-qthelp <br> python-sphinxcontrib-serializinghtml <br> python-sqlalchemy <br> python-suds <br> python-systemd <br> python-tempita <br> python-templated-dictionary <br> python-termcolor <br> python-testpath <br> python-testresources <br> python-testscenarios <br> python-testtools <br> python-tidy <br> python-toml <br> python-tomli <br> python-toolz <br> python-tornado <br> python-tox <br> python-tox-current-env <br> python-tqdm <br> python-trio <br> python-trove-classifiers <br> python-typing-extensions <br> python-uamqp <br> python-unittest2 <br> python-uritemplate <br> python-urwid <br> python-varlink <br> python-versioneer <br> python-virt-firmware <br> python-voluptuous <br> python-waitress <br> python-webencodings <br> python-webtest <br> python-wheel <br> python-whoosh <br> python-winrm <br> python-wrapt <br> python-xlrd <br> python-xlsxwriter <br> python-xmltodict <br> python-yubico <br> python-zipp <br> python-zmq <br> python-zstd <br> python3-mallard-ducktype <br> python3-pytest-asyncio <br> python3-typed_ast <br> pyusb <br> pywbem <br> pyxattr <br> qemu <br> qhull <br> qpdf <br> qperf <br> qr-code-generator <br> qt-rpm-macros <br> qt5-qtconnectivity <br> qt5-qtsensors <br> qt5-qtserialport <br> qtbase <br> qtdeclarative <br> qtsvg <br> qttools <br> quagga <br> quota <br> radvd <br> ragel <br> raptor2 <br> rarian <br> rasdaemon <br> rasqal <br> rcs <br> rdist <br> rdma-core <br> re2 <br> re2c <br> realmd <br> rear <br> recode <br> resource-agents <br> rest <br> rhash <br> rlwrap <br> rp-pppoe <br> rpm-mpi-hooks <br> rpmdevtools <br> rpmlint <br> rr <br> rtkit <br> rtl-sdr <br> ruby-augeas <br> rubygem-bson <br> rubygem-coderay <br> rubygem-diff-lcs <br> rubygem-flexmock <br> rubygem-hpricot <br> rubygem-introspection <br> rubygem-liquid <br> rubygem-maruku <br> rubygem-metaclass <br> rubygem-mongo <br> rubygem-mustache <br> rubygem-mysql2 <br> rubygem-pkg-config <br> rubygem-rake <br> rubygem-rake-compiler <br> rubygem-ronn <br> rubygem-rouge <br> rubygem-rspec <br> rubygem-rspec-expectations <br> rubygem-rspec-mocks <br> rubygem-rspec-support <br> rubygem-thread_order <br> rusers <br> rust-cbindgen <br> samba <br> sanlock <br> sassist <br> satyr <br> sbc <br> sblim-cim-client2 <br> sblim-cmpi-base <br> sblim-cmpi-devel <br> sblim-cmpi-fsvol <br> sblim-cmpi-network <br> sblim-cmpi-nfsv3 <br> sblim-cmpi-nfsv4 <br> sblim-cmpi-params <br> sblim-cmpi-sysfs <br> sblim-cmpi-syslog <br> sblim-indication_helper <br> sblim-sfcb <br> sblim-sfcc <br> sblim-sfcCommon <br> sblim-testsuite <br> sblim-wbemcli <br> scl-utils <br> scotch <br> screen <br> scrub <br> SDL <br> SDL2 <br> SDL_sound <br> sdparm <br> seabios <br> secilc <br> selinux-policy <br> serd <br> setools <br> setserial <br> setuptool <br> sgabios <br> sgml-common <br> sgpio <br> shared-mime-info <br> sharutils <br> sip <br> sisu <br> skkdic <br> sleuthkit <br> slirp4netns <br> smartmontools <br> smc-tools <br> socket_wrapper <br> softhsm <br> sombok <br> sord <br> sos <br> sound-theme-freedesktop <br> soundtouch <br> sox <br> soxr <br> sparsehash <br> spausedd <br> speex <br> speexdsp <br> spice-protocol <br> spice-vdagent <br> spirv-headers <br> spirv-tools <br> splix <br> squashfs-tools <br> squid <br> sratom <br> sscg <br> star <br> startup-notification <br> stress-ng <br> stunnel <br> subscription-manager <br> subunit <br> suitesparse <br> SuperLU <br> supermin <br> switcheroo-control <br> swtpm <br> symlinks <br> sympy <br> sysfsutils <br> systemd <br> systemd-bootchart <br> t1lib <br> t1utils <br> taglib <br> tang <br> targetcli <br> tbb <br> tcl-pgtcl <br> tclx <br> teckit <br> telnet <br> thrift <br> tidy <br> time <br> tini <br> tinycdb <br> tix <br> tk <br> tlog <br> tmpwatch <br> tn5250 <br> tofrodos <br> tokyocabinet <br> trace-cmd <br> tss2 <br> ttembed <br> ttmkfdir <br> tuna <br> twolame <br> uchardet <br> uclibc-ng <br> ucpp <br> ucs-miscfixed-fonts <br> ucx <br> udftools <br> udica <br> udisks2 <br> uglify-js <br> uid_wrapper <br> unicode-emoji <br> unicode-ucd <br> unique3 <br> units <br> upower <br> uriparser <br> urlview <br> usb_modeswitch <br> usb_modeswitch-data <br> usbguard <br> usbip <br> usbmuxd <br> usbredir <br> usermode <br> ustr <br> uthash <br> uuid <br> uw-imap <br> v4l-utils <br> vhostmd <br> vino <br> virglrenderer <br> virt-p2v <br> virt-top <br> virt-what <br> virt-who <br> vitess <br> vmem <br> volume_key <br> vorbis-tools <br> vte291 <br> vulkan-headers <br> vulkan-loader <br> watchdog <br> wavpack <br> wayland <br> wayland-protocols <br> web-assets <br> webrtc-audio-processing <br> websocketpp <br> wget <br> whois <br> wireguard-tools <br> wireless-regdb <br> wireshark <br> woff2 <br> wordnet <br> words <br> wpebackend-fdo <br> wsmancli <br> wvdial <br> x3270 <br> xapian-core <br> Xaw3d <br> xcb-proto <br> xcb-util <br> xcb-util-image <br> xcb-util-keysyms <br> xcb-util-renderutil <br> xcb-util-wm <br> xdelta <br> xdg-dbus-proxy <br> xdg-utils <br> xdp-tools <br> xerces-c <br> xfconf <br> xfsdump <br> xhtml1-dtds <br> xkeyboard-config <br> xmlstarlet <br> xmltoman <br> xmvn <br> xorg-x11-apps <br> xorg-x11-drv-libinput <br> xorg-x11-font-utils <br> xorg-x11-fonts <br> xorg-x11-proto-devel <br> xorg-x11-server <br> xorg-x11-server-utils <br> xorg-x11-server-Xwayland <br> xorg-x11-util-macros <br> xorg-x11-utils <br> xorg-x11-xauth <br> xorg-x11-xbitmaps <br> xorg-x11-xinit <br> xorg-x11-xkb-utils <br> xorg-x11-xtrans-devel <br> xrestop <br> xterm <br> xxhash <br> yajl <br> yaml-cpp <br> yasm <br> yelp-tools <br> yelp-xsl <br> ykclient <br> yp-tools <br> ypbind <br> ypserv <br> z3 <br> zenity <br> zerofree <br> zfs-fuse <br> zipper <br> zopfli <br> zziplib |
 | Fedora (Copyright Remi Collet) | [CC-BY-SA 4.0](https://creativecommons.org/licenses/by-sa/4.0/legalcode) | libmemcached-awesome <br> librabbitmq |
 | Fedora (ISC) | [ISC License](https://github.com/sarugaku/resolvelib/blob/main/LICENSE) | python-resolvelib |
 | Magnus Edenhill Open Source | [Magnus Edenhill Open Source BSD License](https://github.com/jemalloc/jemalloc/blob/dev/COPYING) | librdkafka |
diff --git a/LICENSES-AND-NOTICES/SPECS/data/licenses.json b/LICENSES-AND-NOTICES/SPECS/data/licenses.json
index 9748403e8a5..f9b550cd4d1 100644
--- a/LICENSES-AND-NOTICES/SPECS/data/licenses.json
+++ b/LICENSES-AND-NOTICES/SPECS/data/licenses.json
@@ -1642,6 +1642,7 @@
                 "python-async-generator",
                 "python-augeas",
                 "python-azure-sdk",
+                "python-backoff",
                 "python-beautifulsoup4",
                 "python-betamax",
                 "python-blinker",
@@ -1802,6 +1803,7 @@
                 "python-rfc3986",
                 "python-rich",
                 "python-rpm-generators",
+                "python-rpmautospec-core",
                 "python-rpmfluff",
                 "python-rtslib",
                 "python-ruamel-yaml",
diff --git a/SPECS-EXTENDED/distribution-gpg-keys/distribution-gpg-keys.signatures.json b/SPECS-EXTENDED/distribution-gpg-keys/distribution-gpg-keys.signatures.json
deleted file mode 100644
index d10a6ba75d0..00000000000
--- a/SPECS-EXTENDED/distribution-gpg-keys/distribution-gpg-keys.signatures.json
+++ /dev/null
@@ -1,5 +0,0 @@
-{
- "Signatures": {
-  "distribution-gpg-keys-1.104.tar.gz": "60ec27522ba960719f6b7d578106a65dc2dca235e9ebf2399a6a98571afffd5a"
- }
-}
\ No newline at end of file
diff --git a/SPECS-EXTENDED/libuser/libuser-0.63-PR49_add_yescrypt.patch b/SPECS-EXTENDED/libuser/libuser-0.63-PR49_add_yescrypt.patch
deleted file mode 100644
index 18a767d98ac..00000000000
--- a/SPECS-EXTENDED/libuser/libuser-0.63-PR49_add_yescrypt.patch
+++ /dev/null
@@ -1,260 +0,0 @@
-From 3b8a2aa52bcee6e03f047840251ae42ab971a8a0 Mon Sep 17 00:00:00 2001
-From: Björn Esser <besser82@fedoraproject.org>
-Date: Jun 07 2021 20:25:41 +0000
-Subject: [PATCH 1/5] lib/util.c: bcrypt should use $2b$ as prefix for setting.
-
-
-This prefix is the recommended one for new bcrypt hashes
-for a long time.
-
-Signed-off-by: Björn Esser <besser82@fedoraproject.org>
-
----
-
-diff --git a/lib/util.c b/lib/util.c
-index 1b03f7d..e549a35 100644
---- a/lib/util.c
-+++ b/lib/util.c
-@@ -124,7 +124,7 @@ static const struct {
- } salt_type_info[] = {
- 	{"$1$", "$", 8, FALSE },
- 	/* FIXME: number of rounds, base64 of 128 bits */
--	{"$2a$", "$", 8, FALSE },
-+	{"$2b$", "$", 8, FALSE },
- 	{"$5$", "$", 16, TRUE },
- 	{"$6$", "$", 16, TRUE },
- 	{ "", "", 2 },
-@@ -231,7 +231,7 @@ lu_util_default_salt_specifier(struct lu_context *context)
- 	} salt_types[] = {
- 		{ "des", "", FALSE },
- 		{ "md5", "$1$", FALSE },
--		{ "blowfish", "$2a$", FALSE },
-+		{ "blowfish", "$2b$", FALSE },
- 		{ "sha256", "$5$", TRUE },
- 		{ "sha512", "$6$", TRUE },
- 	};
-
-From 9dcc69425677cf510ec6da5ababfdd295f875c1a Mon Sep 17 00:00:00 2001
-From: Björn Esser <besser82@fedoraproject.org>
-Date: Jun 17 2021 15:34:02 +0000
-Subject: [PATCH 2/5] lib/util.c: Use crypt_gensalt(), if available in libcrypt.
-
-
-Most Linux distributions, including Fedora and RHEL 8, are shipping
-with libxcrypt >= 4.0.
-
-Since that version of libxcrypt the provided family of crypt_gensalt()
-functions are able to use automatic entropy drawn from secure system
-ressources, like arc4random(), getentropy() or getrandom().
-
-Anyways, the settings generated by crypt_gensalt() are always
-guaranteed to works with the crypt() function.
-
-Using crypt_gesalt() is also needed to make proper use of newer
-hashing methods, like yescrypt, provided by libxcrypt.
-
-Signed-off-by: Björn Esser <besser82@fedoraproject.org>
-
----
-
-diff --git a/lib/util.c b/lib/util.c
-index e549a35..b6db2af 100644
---- a/lib/util.c
-+++ b/lib/util.c
-@@ -43,6 +43,13 @@
- #define HASH_ROUNDS_MIN 1000
- #define HASH_ROUNDS_MAX 999999999
- 
-+#if (defined CRYPT_GENSALT_IMPLEMENTS_AUTO_ENTROPY && \
-+     CRYPT_GENSALT_IMPLEMENTS_AUTO_ENTROPY)
-+#define USE_XCRYPT_GENSALT 1
-+#else
-+#define USE_XCRYPT_GENSALT 0
-+#endif
-+
- struct lu_lock {
- 	int fd;
- 	struct flock lock;
-@@ -66,6 +73,7 @@ lu_strcmp(gconstpointer v1, gconstpointer v2)
- 	return strcmp((char *) v1, (char *) v2);
- }
- 
-+#if !USE_XCRYPT_GENSALT
- /* A list of allowed salt characters, according to SUSv2. */
- #define ACCEPTABLE "ABCDEFGHIJKLMNOPQRSTUVWXYZ" \
- 		   "abcdefghijklmnopqrstuvwxyz" \
-@@ -115,6 +123,7 @@ fill_urandom(char *output, size_t length)
- 	close(fd);
- 	return TRUE;
- }
-+#endif
- 
- static const struct {
- 	const char initial[5];
-@@ -135,6 +144,9 @@ lu_make_crypted(const char *plain, const char *previous)
- {
- 	char salt[2048];
- 	size_t i, len = 0;
-+#if USE_XCRYPT_GENSALT
-+	unsigned long rounds = 0;
-+#endif
- 
- 	if (previous == NULL) {
- 		previous = LU_DEFAULT_SALT_TYPE;
-@@ -151,6 +163,23 @@ lu_make_crypted(const char *plain, const char *previous)
- 
- 	if (salt_type_info[i].sha_rounds != FALSE
- 	    && strncmp(previous + len, "rounds=", strlen("rounds=")) == 0) {
-+#if USE_XCRYPT_GENSALT
-+		const char *start;
-+		char *end;
-+
-+		start = previous + len + strlen("rounds=");
-+		rounds = strtoul (start, &end, 10);
-+
-+		if (rounds < HASH_ROUNDS_MIN)
-+			rounds = HASH_ROUNDS_MIN;
-+		else if (rounds > HASH_ROUNDS_MAX)
-+			rounds = HASH_ROUNDS_MAX;
-+	}
-+
-+	g_assert(CRYPT_GENSALT_OUTPUT_SIZE <= sizeof(salt));
-+
-+	crypt_gensalt_rn(previous, rounds, NULL, 0, salt, sizeof(salt));
-+#else
- 		const char *start, *end;
- 
- 		start = previous + len + strlen("rounds=");
-@@ -168,6 +197,7 @@ lu_make_crypted(const char *plain, const char *previous)
- 		return NULL;
- 	strcpy(salt + len + salt_type_info[i].salt_length,
- 	       salt_type_info[i].separator);
-+#endif
- 
- 	return crypt(plain, salt);
- }
-@@ -251,13 +281,18 @@ lu_util_default_salt_specifier(struct lu_context *context)
- 
- found:
- 	if (salt_types[i].sha_rounds != FALSE) {
--		unsigned long rounds;
-+		unsigned long rounds = 0;
- 
- 		rounds = select_hash_rounds(context);
-+#if USE_XCRYPT_GENSALT
-+		return g_strdup(crypt_gensalt(salt_types[i].initializer,
-+					      rounds, NULL, 0));
-+#else
- 		if (rounds != 0)
- 			return g_strdup_printf("%srounds=%lu$",
- 					       salt_types[i].initializer,
- 					       rounds);
-+#endif
- 	}
- 	return g_strdup(salt_types[i].initializer);
- }
-
-From 2d40503977df3855f1415db995833ae4231e7944 Mon Sep 17 00:00:00 2001
-From: Björn Esser <besser82@fedoraproject.org>
-Date: Jun 17 2021 15:34:02 +0000
-Subject: [PATCH 3/5] lib/util.c: Add yescrypt hashing method for user passwords.
-
-
-The yescrypt hashing method is considered to be much stronger than
-sha512crypt and fully supported by libxcrypt >= 4.3.  It is based
-on NIST-approved primitives and on par with argon2 in strength.
-
-Signed-off-by: Björn Esser <besser82@fedoraproject.org>
-
----
-
-diff --git a/lib/util.c b/lib/util.c
-index b6db2af..bba9420 100644
---- a/lib/util.c
-+++ b/lib/util.c
-@@ -50,6 +50,14 @@
- #define USE_XCRYPT_GENSALT 0
- #endif
- 
-+#if ((defined XCRYPT_VERSION_NUM && \
-+      XCRYPT_VERSION_NUM >= ((4 << 16) | 3)) && \
-+      USE_XCRYPT_GENSALT)
-+#define HAVE_YESCRYPT 1
-+#else
-+#define HAVE_YESCRYPT 0
-+#endif
-+
- struct lu_lock {
- 	int fd;
- 	struct flock lock;
-@@ -136,6 +144,9 @@ static const struct {
- 	{"$2b$", "$", 8, FALSE },
- 	{"$5$", "$", 16, TRUE },
- 	{"$6$", "$", 16, TRUE },
-+#if HAVE_YESCRYPT
-+	{"$y$", "$", 24, FALSE },
-+#endif
- 	{ "", "", 2 },
- };
- 
-@@ -264,6 +275,9 @@ lu_util_default_salt_specifier(struct lu_context *context)
- 		{ "blowfish", "$2b$", FALSE },
- 		{ "sha256", "$5$", TRUE },
- 		{ "sha512", "$6$", TRUE },
-+#if HAVE_YESCRYPT
-+		{ "yescrypt", "$y$", FALSE },
-+#endif
- 	};
- 
- 	const char *salt_type;
-
-From 71ef71fe1878a321612e1995cb5c59dcb501ff01 Mon Sep 17 00:00:00 2001
-From: Björn Esser <besser82@fedoraproject.org>
-Date: Jun 17 2021 15:34:02 +0000
-Subject: [PATCH 4/5] docs/libuser.conf.5.in: Add yescrypt parameter for crypt_style.
-
-
-Signed-off-by: Björn Esser <besser82@fedoraproject.org>
-
----
-
-diff --git a/docs/libuser.conf.5.in b/docs/libuser.conf.5.in
-index 2af0828..bd1daa7 100644
---- a/docs/libuser.conf.5.in
-+++ b/docs/libuser.conf.5.in
-@@ -69,8 +69,8 @@ The current algorithm may be retained
- when changing a password of an existing user, depending on the application.
- 
- Possible values are \fBdes\fR, \fBmd5\fR, \fBblowfish\fR,
--.B sha256
--and \fBsha512\fR, all case-insensitive.
-+.B sha256,
-+\fBsha512\fR, and \fByescrypt\fR, all case-insensitive.
- Unrecognized values are treated as \fBdes\fR.
- Default value is \fBdes\fR.
- 
-
-From 284b3195393688105b112b905069e0225c3046d2 Mon Sep 17 00:00:00 2001
-From: Björn Esser <besser82@fedoraproject.org>
-Date: Jun 17 2021 15:34:02 +0000
-Subject: [PATCH 5/5] libuser.conf: Use yescrypt as default value for crypt_style.
-
-
-Signed-off-by: Björn Esser <besser82@fedoraproject.org>
-
----
-
-diff --git a/libuser.conf b/libuser.conf
-index 8ff5b2e..cd25eb2 100644
---- a/libuser.conf
-+++ b/libuser.conf
-@@ -17,7 +17,7 @@ default_useradd = /etc/default/useradd
- # skeleton = /etc/skel
- # mailspooldir = /var/mail
- 
--crypt_style = sha512
-+crypt_style = yescrypt
- modules = files shadow
- create_modules = files shadow
- # modules = files shadow ldap
-
diff --git a/SPECS-EXTENDED/libuser/libuser-0.63-downstream_test_xcrypt.patch b/SPECS-EXTENDED/libuser/libuser-0.63-downstream_test_xcrypt.patch
deleted file mode 100644
index 8375740b784..00000000000
--- a/SPECS-EXTENDED/libuser/libuser-0.63-downstream_test_xcrypt.patch
+++ /dev/null
@@ -1,27 +0,0 @@
-diff --git a/tests/pwhash_test b/tests/pwhash_test
-index ff89d60..525885e 100755
---- a/tests/pwhash_test
-+++ b/tests/pwhash_test
-@@ -77,6 +77,22 @@ if [ "x${pw#\$6\$}" = "x$pw" ]; then
-     exit 1
- fi
- 
-+cp "${LIBUSER_CONF}_" "$LIBUSER_CONF"
-+echo 'crypt_style = blowfish' >> "$LIBUSER_CONF"
-+pw=$(workdir="$workdir" $VALGRIND $PYTHON "$srcdir"/pwhash.py)
-+if [ "x${pw#\$2b\$}" = "x$pw" ]; then
-+    echo "Invalid BLOWFISH hash" >&2
-+    exit 1
-+fi
-+
-+cp "${LIBUSER_CONF}_" "$LIBUSER_CONF"
-+echo 'crypt_style = yescrypt' >> "$LIBUSER_CONF"
-+pw=$(workdir="$workdir" $VALGRIND $PYTHON "$srcdir"/pwhash.py)
-+if [ "x${pw#\$y\$}" = "x$pw" ]; then
-+    echo "Invalid YESCRYPT hash" >&2
-+    exit 1
-+fi
-+
- cp "${LIBUSER_CONF}_" "$LIBUSER_CONF"
- cat >> "$LIBUSER_CONF" <<\EOF
- crypt_style = sha256
diff --git a/SPECS-EXTENDED/libuser/libuser.signatures.json b/SPECS-EXTENDED/libuser/libuser.signatures.json
deleted file mode 100644
index 83ddbb4bdab..00000000000
--- a/SPECS-EXTENDED/libuser/libuser.signatures.json
+++ /dev/null
@@ -1,5 +0,0 @@
-{
- "Signatures": {
-  "libuser-0.63.tar.xz": "8dc377255452a68e82c4837ba22c3ee4ae3658971bf0f2ef67ed0b77fc497f91"
- }
-}
diff --git a/SPECS-EXTENDED/mock-core-configs/mock-core-configs.signatures.json b/SPECS-EXTENDED/mock-core-configs/mock-core-configs.signatures.json
deleted file mode 100644
index 149cc6dcc71..00000000000
--- a/SPECS-EXTENDED/mock-core-configs/mock-core-configs.signatures.json
+++ /dev/null
@@ -1,5 +0,0 @@
-{
- "Signatures": {
-  "mock-core-configs-36.4.tar.gz": "25213ef6e6a988f372556396180d33393fbd252033b6a5289455c732d3ea2df1"
- }
-}
diff --git a/SPECS-EXTENDED/mock/mock.signatures.json b/SPECS-EXTENDED/mock/mock.signatures.json
deleted file mode 100644
index 0da88ce12d2..00000000000
--- a/SPECS-EXTENDED/mock/mock.signatures.json
+++ /dev/null
@@ -1,5 +0,0 @@
-{
- "Signatures": {
-  "mock-2.16.tar.gz": "2e62bfedb159ca6331f490e7b0180ff9216959f43cfadcae8dc183167b3ef0c3"
- }
-}
diff --git a/SPECS-EXTENDED/python-pyroute2/python-pyroute2.signatures.json b/SPECS-EXTENDED/python-pyroute2/python-pyroute2.signatures.json
deleted file mode 100644
index 5e4c2fd93fc..00000000000
--- a/SPECS-EXTENDED/python-pyroute2/python-pyroute2.signatures.json
+++ /dev/null
@@ -1,12 +0,0 @@
-{
- "Signatures": {
-  "pyroute2-0.6.5.tar.gz": "d0995c8aeb96c0e4eed4d62e97c9d795000a1a33b747d6dc54326665857cf11c",
-  "pyroute2.core-0.6.5.tar.gz": "266d740eae40fa64dd04541f007d34db696cecf3154cba5be30fa75a67d43852",
-  "pyroute2.nslink-0.6.5.tar.gz": "292e6c2832a73544c1c6d5ba727f7117aa847e55f88d78e94b7d4607b299999e",
-  "pyroute2.nftables-0.6.5.tar.gz": "b1455a63a3efc050d108d550d1cafd011edded6e894d99e7bdfa02d592bf6f16",
-  "pyroute2.ndb-0.6.5.tar.gz": "a4d309584e9ef6c7842af4f832b48fc5344ab225e70e384baed1b7fe2b94d9f8",
-  "pyroute2.ethtool-0.6.5.tar.gz": "caf8014b676521135c4760d72cf5aeef6abbc7fa275210f7e95333073cc7715a",
-  "pyroute2.ipset-0.6.5.tar.gz": "ae527c0f999748230a1f688d9a2b7c257b2df6d74369f44eca530d007793b79d",
-  "pyroute2.ipdb-0.6.5.tar.gz": "f2028fd1013d8af888150d033eecf7537657a4be37e0cccea9800809961eb577"
- }
-}
diff --git a/SPECS-EXTENDED/python-templated-dictionary/python-templated-dictionary.signatures.json b/SPECS-EXTENDED/python-templated-dictionary/python-templated-dictionary.signatures.json
deleted file mode 100644
index 9bb585255d3..00000000000
--- a/SPECS-EXTENDED/python-templated-dictionary/python-templated-dictionary.signatures.json
+++ /dev/null
@@ -1,5 +0,0 @@
-{
- "Signatures": {
-  "python-templated-dictionary-1.1.tar.gz": "17f5fa6d5f1a4b9259ac0e358edf31d70a67104d3c89d6d9086652a655d44308"
- }
-}
diff --git a/SPECS-EXTENDED/usermode/fsfaddr.patch b/SPECS-EXTENDED/usermode/fsfaddr.patch
deleted file mode 100644
index 769e4b009f7..00000000000
--- a/SPECS-EXTENDED/usermode/fsfaddr.patch
+++ /dev/null
@@ -1,396 +0,0 @@
-diff --git a/consolehelper-gtk.8 b/consolehelper-gtk.8
-index d964ffa..a0937cf 100644
---- a/consolehelper-gtk.8
-+++ b/consolehelper-gtk.8
-@@ -12,7 +12,8 @@
- .\"
- .\" You should have received a copy of the GNU General Public License
- .\" along with this program; if not, write to the Free Software
--.\" Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
-+.\" Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
-+.\" MA  02110-1301, USA.
- .\"
- .TH CONSOLEHELPER-GTK 8 "2009-10-05" "Red Hat"
- .SH NAME
-diff --git a/consolehelper.8.in b/consolehelper.8.in
-index d771da7..e6ad431 100644
---- a/consolehelper.8.in
-+++ b/consolehelper.8.in
-@@ -12,7 +12,8 @@
- .\"
- .\" You should have received a copy of the GNU General Public License
- .\" along with this program; if not, write to the Free Software
--.\" Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
-+.\" Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
-+.\" MA  02110-1301, USA.
- .\"
- .TH CONSOLEHELPER 8 "18 March 1999" "Red Hat Software"
- .SH NAME
-diff --git a/consolehelper.c b/consolehelper.c
-index d4ee6f9..064ccb3 100644
---- a/consolehelper.c
-+++ b/consolehelper.c
-@@ -13,7 +13,8 @@
-  *
-  * You should have received a copy of the GNU General Public License
-  * along with this program; if not, write to the Free Software
-- * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
-+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
-+ * MA  02110-1301, USA.
-  */
- 
- #include "config.h"
-diff --git a/dummy.h b/dummy.h
-index 24f8277..b6d38d3 100644
---- a/dummy.h
-+++ b/dummy.h
-@@ -13,7 +13,8 @@
-  *
-  * You should have received a copy of the GNU General Public License
-  * along with this program; if not, write to the Free Software
-- * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
-+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
-+ * MA  02110-1301, USA.
-  */
- 
- /* Just a dummy file for gettext, containing messages emmitted by various
-diff --git a/gsmclient.c b/gsmclient.c
-index 85a3dea..6d67e91 100644
---- a/gsmclient.c
-+++ b/gsmclient.c
-@@ -17,8 +17,8 @@
-  *
-  * You should have received a copy of the GNU Library General Public
-  * License along with this library; if not, write to the
-- * Free Software Foundation, Inc., 59 Temple Place - Suite 330,
-- * Boston, MA 02111-1307, USA.
-+ * Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
-+ * Boston, MA  02110-1301, USA.
-  */
- 
- #include <config.h>
-diff --git a/gsmclient.h b/gsmclient.h
-index a4e94b0..66d97c7 100644
---- a/gsmclient.h
-+++ b/gsmclient.h
-@@ -17,8 +17,8 @@
-  *
-  * You should have received a copy of the GNU Library General Public
-  * License along with this library; if not, write to the
-- * Free Software Foundation, Inc., 59 Temple Place - Suite 330,
-- * Boston, MA 02111-1307, USA.
-+ * Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
-+ * Boston, MA  02110-1301, USA.
-  */
- 
- #ifndef GSM_CLIENT_H
-diff --git a/pam-panel-icon.1 b/pam-panel-icon.1
-index f92f57a..5f891dc 100644
---- a/pam-panel-icon.1
-+++ b/pam-panel-icon.1
-@@ -12,7 +12,8 @@
- .\"
- .\" You should have received a copy of the GNU General Public License
- .\" along with this program; if not, write to the Free Software
--.\" Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
-+.\" Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
-+.\" MA  02110-1301, USA.
- .\"
- .\" Red Hat author: Miloslav Trmač <mitr@redhat.com>
- .TH PAM-PANEL-ICON 1 "2009-10-05" "Red Hat"
-diff --git a/pam-panel-icon.c b/pam-panel-icon.c
-index d2e93fa..c4e038c 100644
---- a/pam-panel-icon.c
-+++ b/pam-panel-icon.c
-@@ -13,7 +13,8 @@
-  *
-  * You should have received a copy of the GNU General Public License
-  * along with this program; if not, write to the Free Software
-- * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
-+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
-+ * MA  02110-1301, USA.
-  */
- 
- #include "config.h"
-diff --git a/props.c b/props.c
-index 04eaeb6..3f37fd5 100644
---- a/props.c
-+++ b/props.c
-@@ -15,8 +15,8 @@
-  * 
-  * You should have received a copy of the GNU General Public License
-  * along with this program; if not, write to the Free Software
-- * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA
-- * 02111-1307, USA.
-+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
-+ * MA  02110-1301, USA.
-  */
- 
- #include "props.h"
-diff --git a/props.h b/props.h
-index c309450..aaa491c 100644
---- a/props.h
-+++ b/props.h
-@@ -15,8 +15,8 @@
-  * 
-  * You should have received a copy of the GNU General Public License
-  * along with this program; if not, write to the Free Software
-- * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA
-- * 02111-1307, USA.
-+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
-+ * MA  02110-1301, USA.
-  */
- 
- #ifndef MSM_PROPS_H
-diff --git a/shvar.c b/shvar.c
-index 114b7fc..7dd3651 100644
---- a/shvar.c
-+++ b/shvar.c
-@@ -24,7 +24,8 @@
-  *
-  * You should have received a copy of the GNU General Public License
-  * along with this program; if not, write to the Free Software
-- * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
-+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
-+ * MA  02110-1301, USA.
-  *
-  */
- 
-diff --git a/shvar.h b/shvar.h
-index debc1ee..81cff6f 100644
---- a/shvar.h
-+++ b/shvar.h
-@@ -24,7 +24,8 @@
-  *
-  * You should have received a copy of the GNU General Public License
-  * along with this program; if not, write to the Free Software
-- * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
-+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
-+ * MA  02110-1301, USA.
-  *
-  */
- #ifndef _SHVAR_H
-diff --git a/test-userdialog.c b/test-userdialog.c
-index 4ace42e..d3dd34f 100644
---- a/test-userdialog.c
-+++ b/test-userdialog.c
-@@ -14,7 +14,8 @@
-  *
-  * You should have received a copy of the GNU General Public License
-  * along with this program; if not, write to the Free Software
-- * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
-+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
-+ * MA  02110-1301, USA.
-  */
- 
- #include "config.h"
-diff --git a/userdialogs.c b/userdialogs.c
-index af44607..04f450a 100644
---- a/userdialogs.c
-+++ b/userdialogs.c
-@@ -13,7 +13,8 @@
-  *
-  * You should have received a copy of the GNU General Public License
-  * along with this program; if not, write to the Free Software
-- * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
-+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
-+ * MA  02110-1301, USA.
-  *
-  */
- 
-diff --git a/userdialogs.h b/userdialogs.h
-index 44b464a..3ea2f01 100644
---- a/userdialogs.h
-+++ b/userdialogs.h
-@@ -13,7 +13,8 @@
-  *
-  * You should have received a copy of the GNU General Public License
-  * along with this program; if not, write to the Free Software
-- * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
-+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
-+ * MA  02110-1301, USA.
-  */
- 
- #ifndef __USERDIALOGS_H__
-diff --git a/userhelper-messages.c b/userhelper-messages.c
-index 5c73cc0..7b8e37c 100644
---- a/userhelper-messages.c
-+++ b/userhelper-messages.c
-@@ -13,7 +13,8 @@
-  *
-  * You should have received a copy of the GNU General Public License
-  * along with this program; if not, write to the Free Software
-- * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
-+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
-+ * MA  02110-1301, USA.
-  */
- 
- #include "config.h"
-diff --git a/userhelper-messages.h b/userhelper-messages.h
-index 69825f5..ec507d3 100644
---- a/userhelper-messages.h
-+++ b/userhelper-messages.h
-@@ -13,7 +13,8 @@
-  *
-  * You should have received a copy of the GNU General Public License
-  * along with this program; if not, write to the Free Software
-- * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
-+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
-+ * MA  02110-1301, USA.
-  */
- 
- #ifndef USERHELPER_MESSAGES_H__
-diff --git a/userhelper-wrap.c b/userhelper-wrap.c
-index cd35cd6..1e631f7 100644
---- a/userhelper-wrap.c
-+++ b/userhelper-wrap.c
-@@ -13,7 +13,8 @@
-  *
-  * You should have received a copy of the GNU General Public License
-  * along with this program; if not, write to the Free Software
-- * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
-+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
-+ * MA  02110-1301, USA.
-  */
- 
- #include "config.h"
-diff --git a/userhelper-wrap.h b/userhelper-wrap.h
-index 2fb77c0..e4fea41 100644
---- a/userhelper-wrap.h
-+++ b/userhelper-wrap.h
-@@ -13,7 +13,8 @@
-  *
-  * You should have received a copy of the GNU General Public License
-  * along with this program; if not, write to the Free Software
-- * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
-+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
-+ * MA  02110-1301, USA.
-  */
- 
- #ifndef __USERHELPER_WRAP_H__
-diff --git a/userhelper.8.in b/userhelper.8.in
-index 4e7aff1..ce90528 100644
---- a/userhelper.8.in
-+++ b/userhelper.8.in
-@@ -12,7 +12,8 @@
- .\"
- .\" You should have received a copy of the GNU General Public License
- .\" along with this program; if not, write to the Free Software
--.\" Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
-+.\" Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
-+.\" MA  02110-1301, USA.
- .\"
- .TH USERHELPER 8 "January 8 2008" "Red Hat, Inc."
- .SH NAME
-diff --git a/userhelper.c b/userhelper.c
-index 287aa4d..fa5395d 100644
---- a/userhelper.c
-+++ b/userhelper.c
-@@ -13,7 +13,8 @@
-  *
-  * You should have received a copy of the GNU General Public License
-  * along with this program; if not, write to the Free Software
-- * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
-+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
-+ * MA  02110-1301, USA.
-  */
- 
- #include "config.h"
-diff --git a/userhelper.h b/userhelper.h
-index 50e6ed9..32c29d6 100644
---- a/userhelper.h
-+++ b/userhelper.h
-@@ -13,7 +13,8 @@
-  *
-  * You should have received a copy of the GNU General Public License
-  * along with this program; if not, write to the Free Software
-- * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
-+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
-+ * MA  02110-1301, USA.
-  */
- 
- #ifndef __USERHELPER_H__
-diff --git a/userinfo.1 b/userinfo.1
-index 8701bda..292aa4b 100644
---- a/userinfo.1
-+++ b/userinfo.1
-@@ -12,7 +12,8 @@
- .\"
- .\" You should have received a copy of the GNU General Public License
- .\" along with this program; if not, write to the Free Software
--.\" Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
-+.\" Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
-+.\" MA  02110-1301, USA.
- .\"
- .TH USERINFO 1 "6 October 1997" "Red Hat Software"
- .SH NAME
-diff --git a/userinfo.c b/userinfo.c
-index 5139b13..4c0ea9b 100644
---- a/userinfo.c
-+++ b/userinfo.c
-@@ -14,7 +14,8 @@
-  *
-  * You should have received a copy of the GNU General Public License
-  * along with this program; if not, write to the Free Software
-- * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
-+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
-+ * MA  02110-1301, USA.
-  */
- 
- /* Things to remember...
-diff --git a/usermount.1 b/usermount.1
-index eb864c8..1af6122 100644
---- a/usermount.1
-+++ b/usermount.1
-@@ -12,7 +12,8 @@
- .\"
- .\" You should have received a copy of the GNU General Public License
- .\" along with this program; if not, write to the Free Software
--.\" Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
-+.\" Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
-+.\" MA  02110-1301, USA.
- .\"
- .TH USERMOUNT 1 "March 13 2007" "Red Hat"
- .SH NAME
-diff --git a/usermount.c b/usermount.c
-index 5875c09..1fc627b 100644
---- a/usermount.c
-+++ b/usermount.c
-@@ -14,7 +14,8 @@
-  *
-  * You should have received a copy of the GNU General Public License
-  * along with this program; if not, write to the Free Software
-- * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
-+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
-+ * MA  02110-1301, USA.
-  */
- 
- /* TODO notes.
-diff --git a/userpasswd.1 b/userpasswd.1
-index 3f11f7a..6e2ab14 100644
---- a/userpasswd.1
-+++ b/userpasswd.1
-@@ -12,7 +12,8 @@
- .\"
- .\" You should have received a copy of the GNU General Public License
- .\" along with this program; if not, write to the Free Software
--.\" Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
-+.\" Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
-+.\" MA  02110-1301, USA.
- .\"
- .TH USERPASSWD 1 "17 October 1997" "Red Hat Software"
- .SH NAME
-diff --git a/userpasswd.c b/userpasswd.c
-index 42c6705..fad128f 100644
---- a/userpasswd.c
-+++ b/userpasswd.c
-@@ -14,7 +14,8 @@
-  *
-  * You should have received a copy of the GNU General Public License
-  * along with this program; if not, write to the Free Software
-- * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
-+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
-+ * MA  02110-1301, USA.
-  */
- 
- #include "config.h"
diff --git a/SPECS-EXTENDED/usermode/selinux_deprecated.patch b/SPECS-EXTENDED/usermode/selinux_deprecated.patch
deleted file mode 100644
index fbce5023785..00000000000
--- a/SPECS-EXTENDED/usermode/selinux_deprecated.patch
+++ /dev/null
@@ -1,49 +0,0 @@
-diff --git a/userhelper.c b/userhelper.c
-index 4177c89..f2afde7 100644
---- a/userhelper.c
-+++ b/userhelper.c
-@@ -48,8 +48,6 @@
- 
- #ifdef WITH_SELINUX
- #include <selinux/selinux.h>
--#include <selinux/flask.h>
--#include <selinux/av_permissions.h>
- #endif
- 
- #include "shvar.h"
-@@ -111,7 +109,7 @@ static int checkAccess(unsigned int selaccess) {
-     struct av_decision avd;
-     int retval = security_compute_av(user_context,
- 				     user_context,
--				     SECCLASS_PASSWD,
-+				     string_to_security_class("passwd"),
- 				     selaccess,
- 				     &avd);
- 	  
-@@ -2267,7 +2265,8 @@ main(int argc, char **argv)
- 	const char *new_home_phone;
- 	const char *new_shell;
- #ifdef WITH_SELINUX
--	unsigned perm;
-+	security_class_t class;
-+	access_vector_t perm;
- #endif
- 
- 	/* State variable we pass around. */
-@@ -2426,12 +2425,13 @@ main(int argc, char **argv)
- 			user_name = g_strdup(argv[optind]);
- 
- #ifdef WITH_SELINUX
-+			class = string_to_security_class("passwd");
- 			if (c_flag) 
--			  perm = PASSWD__PASSWD;
-+			  perm = string_to_av_perm(class, "passwd");
- 			else if (s_flag)
--			  perm = PASSWD__CHSH;
-+			  perm = string_to_av_perm(class, "chsh");
- 			else
--			  perm = PASSWD__CHFN;
-+			  perm = string_to_av_perm(class, "chfn");
- 
- 			if (is_selinux_enabled() > 0 &&
- 			    checkAccess(perm)!= 0) {
diff --git a/SPECS-EXTENDED/usermode/sysmacros.patch b/SPECS-EXTENDED/usermode/sysmacros.patch
deleted file mode 100644
index 4ba8859e962..00000000000
--- a/SPECS-EXTENDED/usermode/sysmacros.patch
+++ /dev/null
@@ -1,12 +0,0 @@
-diff --git a/usermount.c b/usermount.c
-index 3aafadd..5875c09 100644
---- a/usermount.c
-+++ b/usermount.c
-@@ -40,6 +40,7 @@
- #include <sys/stat.h>
- #include <sys/time.h>
- #include <sys/types.h>
-+#include <sys/sysmacros.h>
- #include <errno.h>
- #include <glob.h>
- #include <libintl.h>
diff --git a/SPECS/distribution-gpg-keys/distribution-gpg-keys.signatures.json b/SPECS/distribution-gpg-keys/distribution-gpg-keys.signatures.json
new file mode 100644
index 00000000000..e8ed8499316
--- /dev/null
+++ b/SPECS/distribution-gpg-keys/distribution-gpg-keys.signatures.json
@@ -0,0 +1,5 @@
+{
+ "Signatures": {
+  "distribution-gpg-keys-1.105.tar.gz": "22d6ab30d50a5fb947d755a932d922556ceb06befd0bc1a1af6eb6c196c3c754"
+ }
+}
\ No newline at end of file
diff --git a/SPECS-EXTENDED/distribution-gpg-keys/distribution-gpg-keys.spec b/SPECS/distribution-gpg-keys/distribution-gpg-keys.spec
similarity index 93%
rename from SPECS-EXTENDED/distribution-gpg-keys/distribution-gpg-keys.spec
rename to SPECS/distribution-gpg-keys/distribution-gpg-keys.spec
index 00587568041..7cc7c05e253 100644
--- a/SPECS-EXTENDED/distribution-gpg-keys/distribution-gpg-keys.spec
+++ b/SPECS/distribution-gpg-keys/distribution-gpg-keys.spec
@@ -1,24 +1,22 @@
-Summary:	GPG keys of various Linux distributions
-Name:		distribution-gpg-keys
-Version:	1.104
-Release:	1%{?dist}
-License:	CC0
-URL:		https://github.com/rpm-software-management/distribution-gpg-keys
-# Sources can be obtained by
-# git clone git://github.com/rpm-software-management/distribution-gpg-keys.git
-# cd distribution-gpg-keys
-# tito build --tgz
-Source0:	https://github.com/rpm-software-management/distribution-gpg-keys/archive/refs/tags/%{name}-%{version}-1.tar.gz#/%{name}-%{version}.tar.gz
-BuildArch:	noarch
+Summary:	  GPG keys of various Linux distributions
+Name:		  distribution-gpg-keys
+Version:	  1.105
+Release:	  1%{?dist}
+Vendor:       Microsoft Corporation
+Distribution: Azure Linux
+License:	  CC0
+URL:		  https://github.com/rpm-software-management/distribution-gpg-keys
+Source0:	  https://github.com/rpm-software-management/distribution-gpg-keys/archive/refs/tags/%{name}-%{version}-1.tar.gz#/%{name}-%{version}.tar.gz
+BuildArch:	  noarch
 
 %description
 GPG keys used by various Linux distributions to sign packages.
 
 %package copr
-Summary:    GPG keys for Copr projects
-BuildArch:  noarch
+Summary:      GPG keys for Copr projects
+BuildArch:    noarch
 
-%description copr
+%description  copr
 GPG keys used by Copr projects.
 
 %prep
@@ -45,6 +43,9 @@ cp -a keys/* %{buildroot}%{_datadir}/%{name}/
 %{_datadir}/%{name}/copr
 
 %changelog
+* Wed Aug 28 2024 Reuben Olinsky <reubeno@microsoft.com> - 1.105-1
+- Upgrade to 1.105.
+
 * Fri Aug 02 2024 Devin Anderson <danderson@microsoft.com> - 1.104-1
 - Update to 1.104, a more recent version that includes the Azure Linux keys.
 - Use the official repository URI to download sources.
diff --git a/SPECS/libuser/libuser.signatures.json b/SPECS/libuser/libuser.signatures.json
new file mode 100644
index 00000000000..2f05dfbc70b
--- /dev/null
+++ b/SPECS/libuser/libuser.signatures.json
@@ -0,0 +1,5 @@
+{
+ "Signatures": {
+  "libuser-0.64.tar.gz": "ea6094c72cb9e60a42fb53509dc98d124a340f1c9222783b503208adc16a0a8f"
+ }
+}
diff --git a/SPECS-EXTENDED/libuser/libuser.spec b/SPECS/libuser/libuser.spec
similarity index 97%
rename from SPECS-EXTENDED/libuser/libuser.spec
rename to SPECS/libuser/libuser.spec
index a6b129c54d3..5d5bdb44790 100644
--- a/SPECS-EXTENDED/libuser/libuser.spec
+++ b/SPECS/libuser/libuser.spec
@@ -1,45 +1,42 @@
 %bcond_with tex_docs
 
-Name: libuser
-Version: 0.63
-Release: 10%{?dist}
-License: GPLv2
+Name:           libuser
+Version:        0.64
+Release:        1%{?dist}
+License:        GPLv2
 Vendor:         Microsoft Corporation
 Distribution:   Azure Linux
-URL: https://pagure.io/libuser
-Source: https://releases.pagure.org/libuser/libuser-%{version}.tar.xz
-BuildRequires: glib2-devel
+URL:            https://pagure.io/libuser
+Source:         https://releases.pagure.org/libuser/libuser-%{version}.tar.gz
+BuildRequires:  glib2-devel
 %if %{with tex_docs}
-BuildRequires: linuxdoc-tools
+BuildRequires:  linuxdoc-tools
 %endif
-BuildRequires: pam-devel
-BuildRequires: popt-devel
-BuildRequires: cyrus-sasl-devel
-BuildRequires: libselinux-devel
-BuildRequires: openldap-devel
-BuildRequires: python3-devel
-BuildRequires: gcc
+BuildRequires:  pam-devel
+BuildRequires:  popt-devel
+BuildRequires:  cyrus-sasl-devel
+BuildRequires:  libselinux-devel
+BuildRequires:  openldap-devel
+BuildRequires:  python3-devel
+BuildRequires:  gcc
 # For %%check
 %if 0%{?with_check}
 #BuildRequires: fakeroot
-BuildRequires: openldap-clients
-BuildRequires: openssl
+BuildRequires:  openldap-clients
+BuildRequires:  openssl
 
 # Missing test dependencies:
 # BuildRequires: openldap-servers
 %endif
-BuildRequires: make
-BuildRequires: bison
-BuildRequires: libtool
-BuildRequires: gettext-devel
-BuildRequires: gtk-doc
-BuildRequires: audit-libs-devel
+BuildRequires:  make
+BuildRequires:  bison
+BuildRequires:  libtool
+BuildRequires:  gettext-devel
+BuildRequires:  gtk-doc
+BuildRequires:  audit-libs-devel
 
 Summary: A user and group account administration library
 
-Patch0: %{url}/pull-request/49.patch#/libuser-0.63-PR49_add_yescrypt.patch
-Patch1: libuser-0.63-downstream_test_xcrypt.patch
-
 %global __provides_exclude_from ^(%{_libdir}/%{name}|%{python3_sitearch})/.*$
 
 %description
@@ -60,10 +57,10 @@ The libuser-devel package contains header files, static libraries, and other
 files useful for developing applications with libuser.
 
 %package -n python3-libuser
-Summary: Python 3 bindings for the libuser library
-Requires: libuser%{?_isa} = %{version}-%{release}
-Provides: libuser-python3 = %{version}-%{release}
-Provides: libuser-python3%{?_isa} = %{version}-%{release}
+Summary:   Python 3 bindings for the libuser library
+Requires:  libuser%{?_isa} = %{version}-%{release}
+Provides:  libuser-python3 = %{version}-%{release}
+Provides:  libuser-python3%{?_isa} = %{version}-%{release}
 Obsoletes: libuser-python3 < 0.63-4
 %{?python_provide:%python_provide python3-libuser}
 
@@ -103,15 +100,17 @@ make
 %find_lang %{name}
 
 %check
-%make_build check || { cat test-suite.log; false; }
+tests_ok=true
+%make_build check || { cat test-suite.log; tests_ok=false; }
 
 # Verify that all python modules load, just in case.
 LD_LIBRARY_PATH=$RPM_BUILD_ROOT/%{_libdir}:${LD_LIBRARY_PATH}
 export LD_LIBRARY_PATH
 PYTHONPATH=$RPM_BUILD_ROOT%{python3_sitearch}
 export PYTHONPATH
-%{python3} -c "import libuser"
+%{python3} -c "import libuser" || tests_ok=false
 
+$tests_ok
 
 %ldconfig_scriptlets
 
@@ -149,6 +148,9 @@ export PYTHONPATH
 %endif
 
 %changelog
+* Wed Aug 28 2024 Reuben Olinsky <reubeno@microsoft.com> - 0.64-1
+- Upgraded to 0.64.
+
 * Thu Aug 31 2023 Pawel Winogrodzki <pawelwi@microsoft.com> - 0.63-10
 - Disabling missing test dependency.
 - License verified.
diff --git a/SPECS/mock-core-configs/mock-core-configs.signatures.json b/SPECS/mock-core-configs/mock-core-configs.signatures.json
new file mode 100644
index 00000000000..150b16ead08
--- /dev/null
+++ b/SPECS/mock-core-configs/mock-core-configs.signatures.json
@@ -0,0 +1,5 @@
+{
+ "Signatures": {
+  "mock-core-configs-41.2.tar.gz": "01c7511d427e23c01d2763ebdf76d177c89c3a8f84afe546c22e24dbe388b4b8"
+ }
+}
diff --git a/SPECS-EXTENDED/mock-core-configs/mock-core-configs.spec b/SPECS/mock-core-configs/mock-core-configs.spec
similarity index 87%
rename from SPECS-EXTENDED/mock-core-configs/mock-core-configs.spec
rename to SPECS/mock-core-configs/mock-core-configs.spec
index 6d130c7887d..59e2279fefc 100644
--- a/SPECS-EXTENDED/mock-core-configs/mock-core-configs.spec
+++ b/SPECS/mock-core-configs/mock-core-configs.spec
@@ -1,54 +1,71 @@
-Summary:    Mock core config files basic chroots
+%if 0%{?el8}
+%global python3 /usr/libexec/platform-python
+%endif
+
 Name:       mock-core-configs
-Version:    36.4
+Version:    41.2
 Release:    1%{?dist}
-License:    GPLv2+
+Vendor:     Microsoft Corporation
+Distribution: Azure Linux
+Summary:    Mock core config files basic chroots
+
+License:    GPL-2.0-or-later
 URL:        https://github.com/rpm-software-management/mock/
-# Source is created by
-# git clone https://github.com/rpm-software-management/mock.git
-# cd mock/mock-core-configs
-# git reset --hard %%{name}-%%{version}
-# tito build --tgz
 Source:     https://github.com/rpm-software-management/mock/archive/refs/tags/%{name}-%{version}-1/%{name}-%{version}-1.tar.gz#/%{name}-%{version}.tar.gz
+BuildArch:  noarch
+
+# The mock.rpm requires this.  Other packages may provide this if they tend to
+# replace the mock-core-configs.rpm functionality.
+Provides:   mock-configs = %{version}-%{release}
+
 # distribution-gpg-keys contains GPG keys used by mock configs
-Requires:   distribution-gpg-keys >= 1.59
+Requires:   distribution-gpg-keys >= 1.105
+
+%if ! 0%{?azl}
 # specify minimal compatible version of mock
-Requires:   mock >= 2.5
+Requires:   mock >= 5.4.post1
 Requires:   mock-filesystem
+%endif
+
 Requires(post): coreutils
-# The mock.rpm requires this.  Other packages may provide this if they tend to
-# replace the mock-core-configs.rpm functionality.
-Provides: mock-configs
-BuildArch:  noarch
+# to detect correct default.cfg
+Requires(post): python3-dnf
+Requires(post): python3-hawkey
+Requires(post): system-release
+Requires(post): python3
+Requires(post): sed
 
 %description
-Config files which allow you to create chroots for:
- * Fedora
- * Epel
- * Mageia
- * Custom chroot
- * OpenSuse Tumbleweed and Leap
+Mock configuration files which allow you to create chroots for Alma Linux,
+Amazon Linux, Azure Linux, CentOS, CentOS Stream, Circle Linux, EuroLinux, Fedora,
+Fedora EPEL, Mageia, Navy Linux, OpenMandriva Lx, openSUSE, Oracle Linux,
+Red Hat Enterprise Linux, Rocky Linux and various other specific or combined
+chroots.
+
 
 %prep
-%setup -q -n mock-%{name}-%{version}-1/mock-core-configs
+%setup -q -n mock-%{name}-%{version}-1/%{name}
 
 
 %build
 
-%install
-mkdir -p %{buildroot}%{_sysusersdir}
 
+%install
 mkdir -p %{buildroot}%{_sysconfdir}/mock/eol/templates
 mkdir -p %{buildroot}%{_sysconfdir}/mock/templates
 cp -a etc/mock/*.cfg %{buildroot}%{_sysconfdir}/mock
 cp -a etc/mock/templates/*.tpl %{buildroot}%{_sysconfdir}/mock/templates
+
 cp -a etc/mock/eol/*cfg %{buildroot}%{_sysconfdir}/mock/eol
 cp -a etc/mock/eol/templates/*.tpl %{buildroot}%{_sysconfdir}/mock/eol/templates
 
 # generate files section with config - there is many of them
 echo "%defattr(0644, root, mock)" > %{name}.cfgs
 find %{buildroot}%{_sysconfdir}/mock -name "*.cfg" -o -name '*.tpl' \
+    | grep -v chroot-aliases \
     | sed -e "s|^%{buildroot}|%%config(noreplace) |" >> %{name}.cfgs
+echo "%%config %{_sysconfdir}/mock/chroot-aliases.cfg" >> %{name}.cfgs
+
 # just for %%ghosting purposes
 ln -s fedora-rawhide-x86_64.cfg %{buildroot}%{_sysconfdir}/mock/default.cfg
 # bash-completion
@@ -62,15 +79,64 @@ fi
 # reference valid mock.rpm's docdir with example site-defaults.cfg
 mock_docs=%{_pkgdocdir}
 mock_docs=${mock_docs//mock-core-configs/mock}
-mock_docs=${mock_docs//-%{version}/-*}
+mock_docs=${mock_docs//-%version/-*}
 sed -i "s~@MOCK_DOCS@~$mock_docs~" %{buildroot}%{_sysconfdir}/mock/site-defaults.cfg
 
 %post
-if [ -s %{_sysconfdir}/os-release ]; then
-    ver=$(source %{_sysconfdir}/os-release && echo $VERSION_ID | cut -d. -f1 | grep -o '[0-9]\+')
+if [ -s /etc/os-release ]; then
+    # fedora and rhel7+
+    if grep -Fiq Rawhide /etc/os-release; then
+        ver=rawhide
+    # mageia
+    elif [ -s /etc/mageia-release ]; then
+        if grep -Fiq Cauldron /etc/mageia-release; then
+           ver=cauldron
+        fi
+    else
+        ver=$(source /etc/os-release && echo $VERSION_ID | cut -d. -f1 | grep -o '[0-9]\+')
+    fi
+else
+    # something obsure, use buildtime version
+    ver=%{?rhel}%{?fedora}%{?mageia}
 fi
-mock_arch=$(python -c "import rpmUtils.arch; baseArch = rpmUtils.arch.getBaseArch(); print baseArch")
-cfg=%{?fedora:fedora}%{?rhel:epel}%{?mageia:mageia}-$ver-${mock_arch}.cfg
+if [ -s /etc/mageia-release ]; then
+    mock_arch=$(sed -n '/^$/!{$ s/.* \(\w*\)$/\1/p}' /etc/mageia-release)
+else
+    mock_arch=$(%{python3} -c "import dnf.rpm; import hawkey; print(dnf.rpm.basearch(hawkey.detect_arch()))")
+fi
+
+cfg=unknown-distro
+%if 0%{?fedora}
+cfg=fedora-$ver-$mock_arch.cfg
+%endif
+%if 0%{?azl}
+cfg=azurelinux-$ver.0-$mock_arch.cfg
+%endif
+%if 0%{?rhel}
+# Being installed on RHEL, or a RHEL fork.  Detect it.
+distro_id=$(. /etc/os-release; echo $ID)
+case $distro_id in
+centos)
+  # This package is EL8+, and there's only CentOS Stream now.
+  distro_id=centos-stream
+  ;;
+almalinux)
+  # AlmaLinux configs look like 'alma+epel'
+  distro_id=alma
+  ;;
+esac
+cfg=$distro_id+epel-$ver-$mock_arch.cfg
+%endif
+
+%if 0%{?eln}
+# overrides rhel value which resolves in fedora+epel-rawhide-$mock_arch.cfg
+cfg=fedora-eln-$mock_arch.cfg
+%endif
+
+%if 0%{?mageia}
+cfg=mageia-$ver-$mock_arch.cfg
+%endif
+
 if [ -e %{_sysconfdir}/mock/$cfg ]; then
     if [ "$(readlink %{_sysconfdir}/mock/default.cfg)" != "$cfg" ]; then
         ln -s $cfg %{_sysconfdir}/mock/default.cfg 2>/dev/null || ln -s -f $cfg %{_sysconfdir}/mock/default.cfg.rpmnew
@@ -81,11 +147,16 @@ else
 fi
 :
 
+
 %files -f %{name}.cfgs
 %license COPYING
+%doc README
 %ghost %config(noreplace,missingok) %{_sysconfdir}/mock/default.cfg
 
 %changelog
+* Wed Aug 28 2024 Reuben Olinsky <reubeno@microsoft.com> - 41.2-1
+- Sync with Fedora 41 version of spec.
+
 * Tue Feb 08 2022 Cameron Baird <cameronbaird@microsoft.com> - 36.4-1
 - Initial CBL-Mariner import from Fedora 33 (license: MIT).
 - Update to 36.4 source
diff --git a/SPECS/mock/mock.signatures.json b/SPECS/mock/mock.signatures.json
new file mode 100644
index 00000000000..8d039da886c
--- /dev/null
+++ b/SPECS/mock/mock.signatures.json
@@ -0,0 +1,5 @@
+{
+ "Signatures": {
+  "mock-5.6.tar.gz": "0a902c1b89667e9653664487bfa7f9acfcb8f55ba9d64a021058cec40144697d"
+ }
+}
diff --git a/SPECS-EXTENDED/mock/mock.spec b/SPECS/mock/mock.spec
similarity index 84%
rename from SPECS-EXTENDED/mock/mock.spec
rename to SPECS/mock/mock.spec
index c84660833de..704abbb580e 100644
--- a/SPECS-EXTENDED/mock/mock.spec
+++ b/SPECS/mock/mock.spec
@@ -1,77 +1,165 @@
-# mock group id allocate (Must not overlap with any other gid in Mariner)
+%bcond_with lint
+%bcond_without tests
+
+# mock group id allocate for Fedora
 %global mockgid 135
+
 %global __python %{__python3}
 %global python_sitelib %{python3_sitelib}
 
-Summary:        Builds packages inside chroots
-Name:           mock
-Version:        2.16
-Release:        2%{?dist}
-License:        GPLv2+
-# Source is created by
-# git clone https://github.com/rpm-software-management/mock.git
-# cd mock
-# git reset --hard %%{name}-%%{version}
-# tito build --tgz
-URL:            https://github.com/rpm-software-management/mock/
-Source:         https://github.com/rpm-software-management/mock/archive/refs/tags/%{name}-%{version}-1.tar.gz#/%{name}-%{version}.tar.gz
-BuildRequires:  bash-completion
-BuildRequires:  perl
-BuildRequires:  python3-devel
-Requires:       %{name}-filesystem
-Requires:       coreutils
-Requires:       createrepo_c
-Requires:       dnf
-Requires:       dnf-plugins-core
-Requires:       mock-configs
-Requires:       pigz
-Requires:       procps-ng
-Requires:       python3-distro
-Requires:       python3-jinja2
-Requires:       python3-pyroute2
-Requires:       python3-requests
-Requires:       python3-rpm
-Requires:       python3-templated-dictionary
-Requires:       systemd
-Requires:       tar
-Requires:       usermode
-# hwinfo plugin
-Requires:       util-linux
-BuildArch:      noarch
-%if 0%{?with_check}
-BuildRequires:  python3-distro
-BuildRequires:  python3-jinja2
-BuildRequires:  python3-pip
-BuildRequires:  python3-pyroute2
-BuildRequires:  python3-requests
-BuildRequires:  python3-templated-dictionary
+Summary:       Builds packages inside chroots
+Name:          mock
+Version:       5.6
+Release:       1%{?dist}
+Vendor:        Microsoft Corporation
+Distribution:  Azure Linux
+License:       GPL-2.0-or-later
+Source:        https://github.com/rpm-software-management/mock/archive/refs/tags/%{name}-%{version}-1.tar.gz#/%{name}-%{version}.tar.gz
+URL:           https://github.com/rpm-software-management/mock/
+BuildArch:     noarch
+Requires:      tar
+Requires:      pigz
+%if 0%{?mageia}
+Requires:      usermode-consoleonly
+%else
+Requires:      usermode
+%endif
+Requires:      createrepo_c
+
+# We know that the current version of mock isn't compatible with older variants,
+# and we want to enforce automatic upgrades.
+Conflicts:     mock-core-configs < 33
+
+# Requires 'mock-core-configs', or replacement
+Requires:      mock-configs
+Requires:      %{name}-filesystem = %{version}-%{release}
+%if 0%{?azl} || 0%{?fedora} || 0%{?rhel} >= 8
+# This is still preferred package providing 'mock-configs'
+Suggests:      mock-core-configs
+%endif
+
+Requires:      systemd
+%if 0%{?azl} || 0%{?fedora} || 0%{?rhel} >= 8
+Requires:      systemd-container
+%endif
+Requires:      coreutils
+%if 0%{?fedora}
+Suggests:      iproute
+%endif
+%if 0%{?mageia}
+Suggests:      iproute2
+%endif
+BuildRequires: bash-completion
+Requires:      python%{python3_pkgversion}-distro
+Requires:      python%{python3_pkgversion}-jinja2
+Requires:      python%{python3_pkgversion}-requests
+Requires:      python%{python3_pkgversion}-rpm
+Requires:      python%{python3_pkgversion}-pyroute2
+Requires:      python%{python3_pkgversion}-templated-dictionary
+Requires:      python%{python3_pkgversion}-backoff
+BuildRequires: python%{python3_pkgversion}-backoff
+BuildRequires: python%{python3_pkgversion}-devel
+%if %{with lint}
+BuildRequires: python%{python3_pkgversion}-pylint
 %endif
+BuildRequires: python%{python3_pkgversion}-rpm
+BuildRequires: python%{python3_pkgversion}-rpmautospec-core
+
+%if 0%{?fedora} >= 38
+# DNF5 stack
+Recommends:    dnf5
+Recommends:    dnf5-plugins
+%endif
+
+# DNF4 stack
+Recommends:    python3-dnf
+Recommends:    python3-dnf-plugins-core
+
+# YUM stack, dnf-utils replace yum-utils
+Recommends:    yum
+Recommends:    dnf-utils
+
+Recommends:    btrfs-progs
+Suggests:      qemu-user-static
+Suggests:      procenv
+Recommends:    podman
+
+%if %{with tests}
+BuildRequires: python%{python3_pkgversion}-distro
+BuildRequires: python%{python3_pkgversion}-jinja2
+BuildRequires: python%{python3_pkgversion}-pyroute2
+BuildRequires: python%{python3_pkgversion}-pytest
+BuildRequires: python%{python3_pkgversion}-requests
+BuildRequires: python%{python3_pkgversion}-templated-dictionary
+%endif
+
+%if 0%{?azl} || 0%{?fedora} || 0%{?rhel} >= 8
+BuildRequires: perl-interpreter
+%else
+BuildRequires: perl
+%endif
+# hwinfo plugin
+Requires:      util-linux
+Requires:      coreutils
+Requires:      procps-ng
+Requires:      shadow-utils
+
 
 %description
 Mock takes an SRPM and builds it in a chroot.
 
+%package scm
+Summary: Mock SCM integration module
+Requires:      %{name} = %{version}-%{release}
+%if ! 0%{?azl}
+Recommends:    cvs
+%endif
+Recommends:    git
+Recommends:    subversion
+Recommends:    tar
+
+%if ! 0%{?azl}
+# We could migrate to 'copr-distgit-client'
+Recommends:    rpkg
+%endif
+
+%description scm
+Mock SCM integration module.
+
 %package lvm
 Summary: LVM plugin for mock
-Requires: %{name} = %{version}-%{release}
-Requires: lvm2
+Requires:      %{name} = %{version}-%{release}
+Requires:      lvm2
 
 %description lvm
 Mock plugin that enables using LVM as a backend and support creating snapshots
 of the buildroot.
 
+%package rpmautospec
+Summary:       Rpmautospec plugin for mock
+Requires:      %{name} = %{version}-%{release}
+# This lets mock determine if a spec file needs to be processed with rpmautospec.
+Requires:      python%{python3_pkgversion}-rpmautospec-core
+
+%description rpmautospec
+Mock plugin that preprocesses spec files using rpmautospec.
+
 %package filesystem
-Summary:  Mock filesystem layout
-Requires(pre):  shadow-utils
+Summary:       Mock filesystem layout
+Requires(pre): shadow-utils
 
 %description filesystem
 Filesystem layout and group for Mock.
 
 %prep
-%setup -q -n mock-%{name}-%{version}-1/mock
+%setup -q -n mock-%{name}-%{version}-1/%{name}
+for file in py/mock.py py/mock-parse-buildlog.py; do
+  sed -i 1"s|#!/usr/bin/python3 |#!%{__python} |" $file
+done
 
 %build
-for i in py/mock.py py/mock-parse-buildlog.py; do
-    perl -p -i -e 's|^__VERSION__\s*=.*|__VERSION__="%{version}"|' $i
+for i in py/mockbuild/constants.py py/mock-parse-buildlog.py; do
+    perl -p -i -e 's|^VERSION\s*=.*|VERSION="%{version}"|' $i
     perl -p -i -e 's|^SYSCONFDIR\s*=.*|SYSCONFDIR="%{_sysconfdir}"|' $i
     perl -p -i -e 's|^PYTHONDIR\s*=.*|PYTHONDIR="%{python_sitelib}"|' $i
     perl -p -i -e 's|^PKGPYTHONDIR\s*=.*|PKGPYTHONDIR="%{python_sitelib}/mockbuild"|' $i
@@ -80,6 +168,10 @@ for i in docs/mock.1 docs/mock-parse-buildlog.1; do
     perl -p -i -e 's|\@VERSION\@|%{version}"|' $i
 done
 
+%if ! 0%{?azl}
+./precompile-bash-completion "mock.complete"
+%endif
+
 %install
 #base filesystem
 mkdir -p %{buildroot}%{_sysconfdir}/mock/eol/templates
@@ -104,6 +196,9 @@ cp -a etc/consolehelper/mock %{buildroot}%{_sysconfdir}/security/console.apps/%{
 
 install -d %{buildroot}%{_datadir}/bash-completion/completions/
 cp -a etc/bash_completion.d/* %{buildroot}%{_datadir}/bash-completion/completions/
+%if ! 0%{?azl}
+cp -a mock.complete %{buildroot}%{_datadir}/bash-completion/completions/mock
+%endif
 ln -s mock %{buildroot}%{_datadir}/bash-completion/completions/mock-parse-buildlog
 
 install -d %{buildroot}%{_sysconfdir}/pki/mock
@@ -132,8 +227,14 @@ getent group mock > /dev/null || groupadd -f -g %mockgid -r mock
 exit 0
 
 %check
-%{__python3} -m pip install pytest==7.1.2 pytest-cov==3.0.0
-./run-tests.sh
+%if %{with lint}
+# ignore the errors for now, just print them and hopefully somebody will fix it one day
+pylint-3 py/mockbuild/ py/*.py py/mockbuild/plugins/* || :
+%endif
+
+%if %{with tests}
+./run-tests.sh --no-cov
+%endif
 
 
 %files
@@ -172,14 +273,22 @@ exit 0
 %{_datadir}/cheat/mock
 
 # cache & build dirs
-%defattr(0775, root, mock, 02775)
+%defattr(0775, root, mock, 0775)
 %dir %{_localstatedir}/cache/mock
 %dir %{_localstatedir}/lib/mock
 
+%files scm
+%{python_sitelib}/mockbuild/scm.py*
+%{python3_sitelib}/mockbuild/__pycache__/scm.*.py*
+
 %files lvm
 %{python_sitelib}/mockbuild/plugins/lvm_root.*
 %{python3_sitelib}/mockbuild/plugins/__pycache__/lvm_root.*.py*
 
+%files rpmautospec
+%{python_sitelib}/mockbuild/plugins/rpmautospec.*
+%{python3_sitelib}/mockbuild/plugins/__pycache__/rpmautospec.*.py*
+
 %files filesystem
 %license COPYING
 %dir  %{_sysconfdir}/mock
@@ -189,6 +298,9 @@ exit 0
 %dir  %{_datadir}/cheat
 
 %changelog
+* Wed Aug 28 2024 Reuben Olinsky <reubeno@microsoft.com> - 5.6-1
+- Sync with Fedora 41 version of spec.
+
 * Fri Aug 26 2022 Muhammad Falak <mwani@microsoft.com> - 2.16-2
 - Add BR on `python3-pip` & drop un-needed deps to enable ptest
 
diff --git a/SPECS/python-backoff/python-backoff.signatures.json b/SPECS/python-backoff/python-backoff.signatures.json
new file mode 100644
index 00000000000..e46f26a2099
--- /dev/null
+++ b/SPECS/python-backoff/python-backoff.signatures.json
@@ -0,0 +1,5 @@
+{
+ "Signatures": {
+  "backoff-2.2.1.tar.gz": "7b92e74aac38ec49e97ac899c96c882496c7b09cf4235e8da205e62b2c6c001d"
+ }
+}
\ No newline at end of file
diff --git a/SPECS/python-backoff/python-backoff.spec b/SPECS/python-backoff/python-backoff.spec
new file mode 100644
index 00000000000..a899f611ce8
--- /dev/null
+++ b/SPECS/python-backoff/python-backoff.spec
@@ -0,0 +1,136 @@
+%global desc This module provides function decorators which can be used to wrap \
+a function such that it will be retried until some condition is met. \
+It is meant to be of use when accessing unreliable resources with the \
+potential for intermittent failures i.e. network resources and external \
+APIs. Somewhat more generally, it may also be of use for dynamically \
+polling resources for externally generated content.
+%global srcname backoff
+
+Name:          python-%{srcname}
+Version:       2.2.1
+Release:       9%{?dist}
+Vendor:        Microsoft Corporation
+Distribution:  Azure Linux
+BuildArch:     noarch
+
+License:       MIT
+Summary:       Python library providing function decorators for configurable backoff and retry
+URL:           https://github.com/litl/backoff
+Source0:       %{url}/archive/refs/tags/v%{version}.tar.gz#/%{srcname}-%{version}.tar.gz
+
+BuildRequires: pyproject-rpm-macros
+BuildRequires: python3-pip
+BuildRequires: python3-poetry
+
+%description
+%{desc}
+
+%package -n python3-%{srcname}
+Summary:       %{summary}
+%{?python_provide:%python_provide python3-%{srcname}}
+
+%description -n python3-%{srcname}
+%{desc}
+
+%prep
+%autosetup -p1 -n %{srcname}-%{version}
+
+%generate_buildrequires
+%pyproject_buildrequires
+
+%build
+%pyproject_wheel
+
+%install
+%pyproject_install
+
+%files -n python3-%{srcname}
+%license LICENSE
+%doc CHANGELOG.md README.rst
+%{python3_sitelib}/%{srcname}/
+%{python3_sitelib}/%{srcname}-*.dist-info/
+
+%changelog
+* Wed Aug 28 2028 Reuben Olinsky <reubeno@microsoft.com> - 2.2.1-9
+- Initial Azure Linux import from Fedora 41 (license: MIT)
+- License verified
+
+* Fri Jul 19 2024 Fedora Release Engineering <releng@fedoraproject.org> - 2.2.1-8
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_41_Mass_Rebuild
+
+* Fri Jun 07 2024 Python Maint <python-maint@redhat.com> - 2.2.1-7
+- Rebuilt for Python 3.13
+
+* Fri Jan 26 2024 Fedora Release Engineering <releng@fedoraproject.org> - 2.2.1-6
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
+
+* Sun Jan 21 2024 Fedora Release Engineering <releng@fedoraproject.org> - 2.2.1-5
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
+
+* Fri Jul 21 2023 Fedora Release Engineering <releng@fedoraproject.org> - 2.2.1-4
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild
+
+* Thu Jun 15 2023 Python Maint <python-maint@redhat.com> - 2.2.1-3
+- Rebuilt for Python 3.12
+
+* Fri Jan 20 2023 Fedora Release Engineering <releng@fedoraproject.org> - 2.2.1-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild
+
+* Wed Jan 11 2023 Jiri Kyjovsky <jkyjovsk@redhat.com> - 2.2.1-1
+- Update to 2.2.1
+
+* Fri Jul 22 2022 Fedora Release Engineering <releng@fedoraproject.org> - 1.10.0-8
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild
+
+* Thu Jun 16 2022 Python Maint <python-maint@redhat.com> - 1.10.0-7
+- Rebuilt for Python 3.11
+
+* Fri Jan 21 2022 Fedora Release Engineering <releng@fedoraproject.org> - 1.10.0-6
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild
+
+* Fri Jul 23 2021 Fedora Release Engineering <releng@fedoraproject.org> - 1.10.0-5
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild
+
+* Fri Jun 04 2021 Python Maint <python-maint@redhat.com> - 1.10.0-4
+- Rebuilt for Python 3.10
+
+* Wed Jan 27 2021 Fedora Release Engineering <releng@fedoraproject.org> - 1.10.0-3
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
+
+* Tue Jul 28 2020 Fedora Release Engineering <releng@fedoraproject.org> - 1.10.0-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
+
+* Sat Jul 11 2020 Igor Raits <ignatenkobrain@fedoraproject.org> - 1.10.0-1
+- Update to 1.10.0
+
+* Mon May 25 2020 Miro Hrončok <mhroncok@redhat.com> - 1.6.0-7
+- Rebuilt for Python 3.9
+
+* Thu Jan 30 2020 Fedora Release Engineering <releng@fedoraproject.org> - 1.6.0-6
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
+
+* Thu Oct 03 2019 Miro Hrončok <mhroncok@redhat.com> - 1.6.0-5
+- Rebuilt for Python 3.8.0rc1 (#1748018)
+
+* Mon Aug 19 2019 Miro Hrončok <mhroncok@redhat.com> - 1.6.0-4
+- Rebuilt for Python 3.8
+
+* Fri Jul 26 2019 Fedora Release Engineering <releng@fedoraproject.org> - 1.6.0-3
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
+
+* Sat Feb 02 2019 Fedora Release Engineering <releng@fedoraproject.org> - 1.6.0-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
+
+* Mon Jul 30 2018 Randy Barlow <bowlofeggs@fedoraproject.org> - 1.6.0-1
+- Update to 1.6.0 (#1566766).
+- https://github.com/litl/backoff/blob/v1.6.0/CHANGELOG.md
+- Import a patch from an upstream pull request to solve a Python 3.7 compatibility issue (#1605610).
+
+* Fri Jul 13 2018 Fedora Release Engineering <releng@fedoraproject.org> - 1.4.3-3
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
+
+* Tue Jun 19 2018 Miro Hrončok <mhroncok@redhat.com> - 1.4.3-2
+- Rebuilt for Python 3.7
+
+* Thu Mar 08 2018 Randy Barlow <bowlofeggs@fedoraproject.org> - 1.4.3-1
+- Initial release (#1553447).
diff --git a/SPECS/python-pyroute2/python-pyroute2.signatures.json b/SPECS/python-pyroute2/python-pyroute2.signatures.json
new file mode 100644
index 00000000000..7b2ea4b414e
--- /dev/null
+++ b/SPECS/python-pyroute2/python-pyroute2.signatures.json
@@ -0,0 +1,5 @@
+{
+ "Signatures": {
+  "python-pyroute2-0.7.12.tar.gz": "54d226fc3ff2732f49bac9b26853c50c9d05be05a4d9daf09c7cf6d77301eff3"
+ }
+}
diff --git a/SPECS-EXTENDED/python-pyroute2/python-pyroute2.spec b/SPECS/python-pyroute2/python-pyroute2.spec
similarity index 77%
rename from SPECS-EXTENDED/python-pyroute2/python-pyroute2.spec
rename to SPECS/python-pyroute2/python-pyroute2.spec
index c12d8b378b9..ea6a2741f84 100644
--- a/SPECS-EXTENDED/python-pyroute2/python-pyroute2.spec
+++ b/SPECS/python-pyroute2/python-pyroute2.spec
@@ -1,90 +1,57 @@
 %global srcname pyroute2
 
-Summary:        Pure Python netlink library
-Name:           python-%{srcname}
-Version:        0.6.5
-Release:        3%{?dist}
-License:        GPLv2+
-URL:            https://github.com/svinota/%{srcname}
-Source0:        https://pypi.io/packages/source/p/pyroute2/%{srcname}-%{version}.tar.gz
-Source1:        %{srcname}.core-%{version}.tar.gz
-Source2:        %{srcname}.nslink-%{version}.tar.gz
-Source3:        %{srcname}.nftables-%{version}.tar.gz
-Source4:        %{srcname}.ethtool-%{version}.tar.gz
-Source5:        %{srcname}.ipset-%{version}.tar.gz
-Source6:        %{srcname}.ipdb-%{version}.tar.gz
-Source7:        %{srcname}.ndb-%{version}.tar.gz
-BuildArch:      noarch
-
-%description
-PyRoute2 provides several levels of API to work with Netlink
-protocols, such as Generic Netlink, RTNL, TaskStats, NFNetlink,
+%global _description \
+PyRoute2 provides several levels of API to work with Netlink\
+protocols, such as Generic Netlink, RTNL, TaskStats, NFNetlink,\
 IPQ.
 
-%package -n python3-%{srcname}
-Summary:        %{summary}
-BuildRequires:  python3-devel
-BuildRequires:  python3-setuptools
- 
-%description -n python3-%{srcname}
-PyRoute2 provides several levels of API to work with Netlink
-protocols, such as Generic Netlink, RTNL, TaskStats, NFNetlink,
-IPQ.
+Name:          python-%{srcname}
+Version:       0.7.12
+Release:       1%{?dist}
+Vendor:        Microsoft Corporation
+Distribution:  Azure Linux
+Summary:       Pure Python netlink library
+License:       GPL-2.0-or-later OR Apache-2.0
+URL:           https://github.com/svinota/%{srcname}
+
+BuildArch:     noarch
+BuildRequires: python3-pip
+BuildRequires: python3-wheel
+Source0:       %{url}/archive/refs/tags/%{version}.tar.gz#/%{name}-%{version}.tar.gz
+
+%description   %{_description}
+
+
+%package -n python%{python3_pkgversion}-%{srcname}
+Summary: %{summary}
+BuildRequires: python%{python3_pkgversion}-devel
+BuildRequires: python%{python3_pkgversion}-setuptools
+
+%description -n python%{python3_pkgversion}-%{srcname} %{_description}
 
 %prep
-%setup -q -n %{srcname}-%{version}
-cd ..
-tar xzvf %{SOURCE1}
-tar xzvf %{SOURCE2}
-tar xzvf %{SOURCE3}
-tar xzvf %{SOURCE4}
-tar xzvf %{SOURCE5}
-tar xzvf %{SOURCE6}
-tar xzvf %{SOURCE7}
+%autosetup -n %{srcname}-%{version}
 
 %build
-%py3_build
-cd ../pyroute2.core-%{version}
-%py3_build
-cd ../pyroute2.nslink-%{version}
-%py3_build
-cd ../pyroute2.nftables-%{version}
-%py3_build
-cd ../pyroute2.ethtool-%{version}
-%py3_build
-cd ../pyroute2.ipset-%{version}
-%py3_build
-cd ../pyroute2.ipdb-%{version}
-%py3_build
-cd ../pyroute2.ndb-%{version}
-%py3_build
+%pyproject_wheel
 
 %install
-%py3_install
-cd ../pyroute2.core-%{version}
-%py3_install
-cd ../pyroute2.nslink-%{version}
-%py3_install
-cd ../pyroute2.nftables-%{version}
-%py3_install
-cd ../pyroute2.ethtool-%{version}
-%py3_install
-cd ../pyroute2.ipset-%{version}
-%py3_install
-cd ../pyroute2.ipdb-%{version}
-%py3_install
-cd ../pyroute2.ndb-%{version}
-%py3_install
-
-%files -n python3-%{srcname}
+%pyproject_install
+%pyproject_save_files pyroute2
+
+%files -n python%{python3_pkgversion}-%{srcname} -f %{pyproject_files}
 %{_bindir}/ss2
 %{_bindir}/%{srcname}-cli
-%doc README* LICENSE.GPL.v2 LICENSE.Apache.v2
-%{python3_sitelib}/%{srcname}*
+%{_bindir}/%{srcname}-dhcp-client
+%{_bindir}/%{srcname}-test-platform
+%doc README*
+%license LICENSE.GPL-2.0-or-later LICENSE.Apache-2.0
 %{python3_sitelib}/pr2modules
 
-
 %changelog
+* Wed Aug 28 2024 Reuben Olinsky <reubeno@microsoft.com> - 0.7.12-1
+- Upgrading to 0.7.12.
+
 * Fri Apr 29 2022 Pawel Winogrodzki <pawelwi@microsoft.com> - 0.6.5-3
 - Fixing source URL.
 
diff --git a/SPECS/python-rpmautospec-core/python-rpmautospec-core.signatures.json b/SPECS/python-rpmautospec-core/python-rpmautospec-core.signatures.json
new file mode 100644
index 00000000000..39d7d769b25
--- /dev/null
+++ b/SPECS/python-rpmautospec-core/python-rpmautospec-core.signatures.json
@@ -0,0 +1,5 @@
+{
+ "Signatures": {
+  "rpmautospec-core-0.1.5.tar.gz": "c0acf19ed013355d02c1e28220ad9d6f9088f7f61b4a29d16d5364298bc6e6f3"
+ }
+}
\ No newline at end of file
diff --git a/SPECS/python-rpmautospec-core/python-rpmautospec-core.spec b/SPECS/python-rpmautospec-core/python-rpmautospec-core.spec
new file mode 100644
index 00000000000..e81fd012fab
--- /dev/null
+++ b/SPECS/python-rpmautospec-core/python-rpmautospec-core.spec
@@ -0,0 +1,101 @@
+%bcond_with testcoverage
+
+# Only generate buildrequires or use PEP 518 style building on Fedora and new EPEL releases because
+# Poetry is missing elsewhere. Fall back to using setuptools instead.
+%if ((! 0%{?azl}) && (! 0%{?rhel} || 0%{?epel} >= 10))
+%bcond_without genbrs
+%bcond_without pyproject_build
+%else
+%bcond_with genbrs
+%bcond_with pyproject_build
+%endif
+
+%if 0%{undefined pyproject_files}
+%global pyproject_files %{_builddir}/%{name}-%{version}-%{release}.%{_arch}-pyproject-files
+%endif
+
+%global srcname rpmautospec_core
+%global canonicalname rpmautospec-core
+
+Name:          python-%{canonicalname}
+Version:       0.1.5
+Release:       1%{?dist}
+Vendor:        Microsoft Corporation
+Distribution:  Azure Linux
+Summary:       Minimum functionality for rpmautospec
+
+License:       MIT
+URL: https://github.com/fedora-infra/%{canonicalname}
+Source0:       %{url}/releases/download/%{version}/rpmautospec_core-%{version}.tar.gz#/%{canonicalname}-%{version}.tar.gz
+BuildArch:     noarch
+BuildRequires: python3-devel >= 3.6.0
+# The dependencies needed for testing don’t get auto-generated.
+BuildRequires: python3dist(pytest)
+%if %{with testcoverage}
+BuildRequires: python3dist(pytest-cov)
+%endif
+BuildRequires: sed
+
+%if %{with genbrs}
+%generate_buildrequires
+%{pyproject_buildrequires}
+%else
+BuildRequires: python3dist(pip)
+BuildRequires: python3dist(setuptools)
+%endif
+
+%global _description %{expand:
+This package contains minimum functionality to determine if an RPM spec file
+uses rpmautospec features.}
+
+%description %_description
+
+%package -n python3-%{canonicalname}
+Summary: %{summary}
+%if %{without pyproject_build}
+%py_provides python3-%{canonicalname}
+%endif
+
+%description -n python3-%{canonicalname} %_description
+
+%prep
+%autosetup -n %{srcname}-%{version}
+
+%if %{without testcoverage}
+cat << PYTESTINI > pytest.ini
+[pytest]
+addopts =
+PYTESTINI
+%endif
+
+%build
+%if %{with pyproject_build}
+%pyproject_wheel
+%else
+%py3_build
+%endif
+
+%install
+%if %{with pyproject_build}
+%pyproject_install
+%pyproject_save_files %{srcname}
+# Work around poetry not listing license files as such in package metadata.
+sed -i -e 's|^\(.*/LICENSE\)|%%license \1|g' %{pyproject_files}
+%else
+%py3_install
+echo '%{python3_sitelib}/%{srcname}*' > %{pyproject_files}
+%endif
+
+%check
+%pytest
+
+%files -n python3-%{canonicalname} -f %{pyproject_files}
+%doc README.md
+%if %{without pyproject_build}
+%license LICENSE
+%endif
+
+%changelog
+* Wed Aug 28 2028 Reuben Olinsky <reubeno@microsoft.com> - 0.1.5-1
+- Initial Azure Linux import from Fedora 41 (license: MIT)
+- License verified
diff --git a/SPECS/python-templated-dictionary/python-templated-dictionary.signatures.json b/SPECS/python-templated-dictionary/python-templated-dictionary.signatures.json
new file mode 100644
index 00000000000..59aa11259dd
--- /dev/null
+++ b/SPECS/python-templated-dictionary/python-templated-dictionary.signatures.json
@@ -0,0 +1,5 @@
+{
+ "Signatures": {
+  "python-templated-dictionary-1.4.tar.gz": "2fdc220dd5f931ac9149a8d01d1a6d9334d093da514581cdd0175cc72e6542d9"
+ }
+}
diff --git a/SPECS-EXTENDED/python-templated-dictionary/python-templated-dictionary.spec b/SPECS/python-templated-dictionary/python-templated-dictionary.spec
similarity index 54%
rename from SPECS-EXTENDED/python-templated-dictionary/python-templated-dictionary.spec
rename to SPECS/python-templated-dictionary/python-templated-dictionary.spec
index 44a910c624c..d034fbe4f90 100644
--- a/SPECS-EXTENDED/python-templated-dictionary/python-templated-dictionary.spec
+++ b/SPECS/python-templated-dictionary/python-templated-dictionary.spec
@@ -1,44 +1,59 @@
 %global srcname templated-dictionary
 %global python3_pkgversion 3
 
-Summary:        Dictionary with Jinja2 expansion
-Name:           python-%{srcname}
-Version:        1.1
-Release:        6%{?dist}
-License:        GPLv2+
-URL:            https://github.com/xsuchy/templated-dictionary
-Source0:        https://files.pythonhosted.org/packages/22/4d/cd73de22b8b345e57677c80c26381e25abef19cab9495c91b1627af7621b/templated-dictionary-1.1.tar.gz#/%{name}-%{version}.tar.gz
-BuildRequires:  python%{python3_pkgversion}-devel
-BuildRequires:  python%{python3_pkgversion}-setuptools
-Requires:       python%{python3_pkgversion}-jinja2
-BuildArch: noarch
+%if 0%{?rhel} == 7
+%global python3_pkgversion 36
+%endif
+
+Name:          python-%{srcname}
+Version:       1.4
+Release:       5%{?dist}
+Vendor:        Microsoft Corporation
+Distribution:  Azure Linux
+Summary:       Dictionary with Jinja2 expansion
+
+License:       GPL-2.0-or-later
+URL:           https://github.com/xsuchy/templated-dictionary
+Source0:       %{url}/archive/refs/tags/%{name}-%{version}-1.tar.gz#/%{name}-%{version}.tar.gz
+
+BuildArch:     noarch
+
+BuildRequires: python%{python3_pkgversion}-devel
+BuildRequires: python%{python3_pkgversion}-setuptools
+Requires:      python%{python3_pkgversion}-jinja2
 
 %global _description\
 Dictionary where __getitem__() is run through Jinja2 template.
 
 %description %_description
 
+
 %package -n python3-%{srcname}
 Summary: %{summary}
 %{?py_provides:%py_provides python3-%{srcname}}
-%description -n python3-%{srcname} %{_description}
+%description -n python3-%{srcname} %_description
+
 
 %prep
-%setup -q -n %{srcname}-%{version}
+%setup -q -n %{srcname}-%{name}-%{version}-1
+
 
 %build
-version="%{version}" python3 setup.py build '--executable=%{_bindir}/python3 -s'
+version="%version" %py3_build
 
 %install
-version="%{version}" python3 setup.py install -O1 --skip-build --root %{buildroot}
+version=%version %py3_install
+
 
 %files -n python3-%{srcname}
-# %%license LICENSE
-# Annoyingly, the build produces templated_dictionary with an '_', 
-# not matching up with srcname which uses '-'
-%{python3_sitelib}/templated_dictionary*
+%license LICENSE
+%{python3_sitelib}/templated_dictionary-*.egg-info/
+%{python3_sitelib}/templated_dictionary/
 
 %changelog
+* Wed Aug 28 2024 Reuben Olinsky <reubeno@microsoft.com> - 1.4-1
+- Upgraded to 1.4 and sync'd with Fedora spec.
+
 * Fri Apr 29 2022 Pawel Winogrodzki <pawelwi@microsoft.com> - 1.1-6
 - Fixing source URL.
 
diff --git a/SPECS-EXTENDED/usermode/config-util b/SPECS/usermode/config-util
similarity index 100%
rename from SPECS-EXTENDED/usermode/config-util
rename to SPECS/usermode/config-util
diff --git a/SPECS-EXTENDED/usermode/usermode.signatures.json b/SPECS/usermode/usermode.signatures.json
similarity index 50%
rename from SPECS-EXTENDED/usermode/usermode.signatures.json
rename to SPECS/usermode/usermode.signatures.json
index a2c303fd6a1..06ab67972cb 100644
--- a/SPECS-EXTENDED/usermode/usermode.signatures.json
+++ b/SPECS/usermode/usermode.signatures.json
@@ -1,6 +1,6 @@
 {
  "Signatures": {
   "config-util": "bd3f4ee7828affcb3a6a61962ecf5e0ed22363609286ed10495f294beb0baaff",
-  "usermode-1.112.autotoolized.tar.xz": "4577ec7de31428282132254fef4edcf622a3739d3307914ce238bacc11a72d11"
+  "usermode-1.114.tar.xz": "e7f58712b12175965b3a21522052863a061f3f1a888df3ffbe713b434f80254f"
  }
 }
diff --git a/SPECS-EXTENDED/usermode/usermode.spec b/SPECS/usermode/usermode.spec
similarity index 97%
rename from SPECS-EXTENDED/usermode/usermode.spec
rename to SPECS/usermode/usermode.spec
index c6e193a2557..68be412a43c 100644
--- a/SPECS-EXTENDED/usermode/usermode.spec
+++ b/SPECS/usermode/usermode.spec
@@ -1,34 +1,38 @@
-Vendor:         Microsoft Corporation
-Distribution:   Azure Linux
+# Add `--without gtk' option (enable gtk by default):
+# No GTK 2 in RHEL 10
+%if 0%{?azl} || 0%{?rhel} > 9
+%bcond_with gtk
+%else
+%bcond_without gtk
+%endif
+
 Summary: Tools for certain user account management tasks
 Name: usermode
-Version: 1.112
-Release: 12%{?dist}
-License: GPLv2+
-URL: https://pagure.io/usermode/
-Source: https://releases.pagure.org/usermode/usermode-%{version}.autotoolized.tar.xz
-Source1: config-util
-# Backport of c5a0bfd174e4a88fcd49fe7a130b37b6779c1a18
-# - inclusion of <sys/sysmacros.h> from <sys/types.h> is now deprecated
-Patch0: sysmacros.patch
-# Backport of da01d6325a1a9eb8154abb6a4590c610e8db8ec4
-# - bad FSF address fix
-Patch1: fsfaddr.patch
-# Backport of 48c4085004caad1ec928fa103b7f3e3fe684c826
-# - <selinux/flask.h> and <selinux/av_permissions.h> are now deprecated
-Patch2: selinux_deprecated.patch
+Version:       1.114
+Release:       1%{?dist}
+Vendor:        Microsoft Corporation
+Distribution:  Azure Linux
+License:       GPL-2.0-or-later
+URL:           https://pagure.io/%{name}/
+Source:        https://releases.pagure.org/%{name}/%{name}-%{version}.tar.xz
+Source1:       config-util
 Requires: pam, passwd, util-linux
 # https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org/thread/IJFYI5Q2BYZKIGDFS2WLOBDUSEGWHIKV/
+BuildRequires: make
 BuildRequires: gcc
-BuildRequires: perl(File::Find)
-BuildRequires: desktop-file-utils, gettext, glib2-devel, gtk2-devel, intltool
-BuildRequires: libblkid-devel, libSM-devel, libselinux-devel, libuser-devel
-BuildRequires: pam-devel, perl-XML-Parser, startup-notification-devel
+BuildRequires: gettext, glib2-devel, intltool
+%if %{with gtk}
+BuildRequires: desktop-file-utils, gtk2-devel, startup-notification-devel, libSM-devel
+%endif
+BuildRequires: libblkid-devel, libselinux-devel, libuser-devel
+BuildRequires: pam-devel, perl-XML-Parser
 BuildRequires: util-linux
 
+%if %{with gtk}
 %package gtk
 Summary: Graphical tools for certain user account management tasks
 Requires: %{name} = %{version}-%{release}
+%endif
 
 %global _hardened_build 1
 
@@ -37,6 +41,7 @@ The usermode package contains the userhelper program, which can be
 used to allow configured programs to be run with superuser privileges
 by ordinary users.
 
+%if %{with gtk}
 %description gtk
 The usermode-gtk package contains several graphical tools for users:
 userinfo, usermount and userpasswd.  Userinfo allows users to change
@@ -46,29 +51,30 @@ passwords.
 
 Install the usermode-gtk package if you would like to provide users with
 graphical tools for certain account management tasks.
+%endif
 
 %prep
 %setup -q
-%patch 0 -p1
-%patch 1 -p1
-%patch 2 -p1
 
 %build
-%configure --with-selinux
+%configure --with-selinux --without-fexecve %{!?with_gtk:--without-gtk}
 
-make %{?_smp_mflags}
+%make_build
 
 %install
-make install DESTDIR=$RPM_BUILD_ROOT INSTALL='install -p'
+%make_install
 
+%if %{with gtk}
 # make userformat symlink to usermount
 ln -sf usermount $RPM_BUILD_ROOT%{_bindir}/userformat
 ln -s usermount.1 $RPM_BUILD_ROOT%{_mandir}/man1/userformat.1
+%endif
 
 mkdir -p $RPM_BUILD_ROOT/etc/security/console.apps
 install -p -m 644 %{SOURCE1} \
 	$RPM_BUILD_ROOT/etc/security/console.apps/config-util
 
+%if %{with gtk}
 for i in redhat-userinfo.desktop redhat-userpasswd.desktop \
 	redhat-usermount.desktop; do
 	echo 'NotShowIn=GNOME;KDE;' >>$RPM_BUILD_ROOT%{_datadir}/applications/$i
@@ -76,6 +82,7 @@ for i in redhat-userinfo.desktop redhat-userpasswd.desktop \
 		--dir $RPM_BUILD_ROOT%{_datadir}/applications \
 		$RPM_BUILD_ROOT%{_datadir}/applications/$i
 done
+%endif
 
 %find_lang %{name}
 
@@ -88,6 +95,7 @@ done
 %{_mandir}/man8/consolehelper.8*
 %config(noreplace) /etc/security/console.apps/config-util
 
+%if %{with gtk}
 %files gtk
 %{_bindir}/usermount
 %{_mandir}/man1/usermount.1*
@@ -104,8 +112,12 @@ done
 %{_datadir}/%{name}
 %{_datadir}/pixmaps/*
 %{_datadir}/applications/*
+%endif
 
 %changelog
+* Wed Aug 28 2024 Reuben Olinsky <reubeno@microsoft.com> - 1.114-1
+- Upgraded to 1.114 and sync'd with Fedora spec.
+
 * Wed Feb 16 2022 Pawel Winogrodzki <pawelwi@microsoft.com> - 1.112-12
 - License verified.
 
diff --git a/cgmanifest.json b/cgmanifest.json
index 06491873fbe..17e5a7607d7 100644
--- a/cgmanifest.json
+++ b/cgmanifest.json
@@ -2648,8 +2648,8 @@
         "type": "other",
         "other": {
           "name": "distribution-gpg-keys",
-          "version": "1.104",
-          "downloadUrl": "https://github.com/rpm-software-management/distribution-gpg-keys/archive/refs/tags/distribution-gpg-keys-1.104-1.tar.gz"
+          "version": "1.105",
+          "downloadUrl": "https://github.com/rpm-software-management/distribution-gpg-keys/archive/refs/tags/distribution-gpg-keys-1.105-1.tar.gz"
         }
       }
     },
@@ -11321,8 +11321,8 @@
         "type": "other",
         "other": {
           "name": "libuser",
-          "version": "0.63",
-          "downloadUrl": "https://releases.pagure.org/libuser/libuser-0.63.tar.xz"
+          "version": "0.64",
+          "downloadUrl": "https://releases.pagure.org/libuser/libuser-0.64.tar.gz"
         }
       }
     },
@@ -13162,8 +13162,8 @@
         "type": "other",
         "other": {
           "name": "mock",
-          "version": "2.16",
-          "downloadUrl": "https://github.com/rpm-software-management/mock/archive/refs/tags/mock-2.16-1.tar.gz"
+          "version": "5.6",
+          "downloadUrl": "https://github.com/rpm-software-management/mock/archive/refs/tags/mock-5.6-1.tar.gz"
         }
       }
     },
@@ -13172,8 +13172,8 @@
         "type": "other",
         "other": {
           "name": "mock-core-configs",
-          "version": "36.4",
-          "downloadUrl": "https://github.com/rpm-software-management/mock/archive/refs/tags/mock-core-configs-36.4-1/mock-core-configs-36.4-1.tar.gz"
+          "version": "41.2",
+          "downloadUrl": "https://github.com/rpm-software-management/mock/archive/refs/tags/mock-core-configs-41.2-1/mock-core-configs-41.2-1.tar.gz"
         }
       }
     },
@@ -21778,6 +21778,16 @@
         }
       }
     },
+    {
+      "component": {
+        "type": "other",
+        "other": {
+          "name": "python-backoff",
+          "version": "2.2.1",
+          "downloadUrl": "https://github.com/litl/backoff/archive/refs/tags/v2.2.1.tar.gz"
+        }
+      }
+    },
     {
       "component": {
         "type": "other",
@@ -23813,8 +23823,8 @@
         "type": "other",
         "other": {
           "name": "python-pyroute2",
-          "version": "0.6.5",
-          "downloadUrl": "https://pypi.io/packages/source/p/pyroute2/pyroute2-0.6.5.tar.gz"
+          "version": "0.7.12",
+          "downloadUrl": "https://github.com/svinota/pyroute2/archive/refs/tags/0.7.12.tar.gz"
         }
       }
     },
@@ -24198,6 +24208,16 @@
         }
       }
     },
+    {
+      "component": {
+        "type": "other",
+        "other": {
+          "name": "python-rpmautospec-core",
+          "version": "0.1.5",
+          "downloadUrl": "https://github.com/fedora-infra/rpmautospec-core/releases/download/0.1.5/rpmautospec_core-0.1.5.tar.gz"
+        }
+      }
+    },
     {
       "component": {
         "type": "other",
@@ -24593,8 +24613,8 @@
         "type": "other",
         "other": {
           "name": "python-templated-dictionary",
-          "version": "1.1",
-          "downloadUrl": "https://files.pythonhosted.org/packages/22/4d/cd73de22b8b345e57677c80c26381e25abef19cab9495c91b1627af7621b/templated-dictionary-1.1.tar.gz"
+          "version": "1.4",
+          "downloadUrl": "https://github.com/xsuchy/templated-dictionary/archive/refs/tags/python-templated-dictionary-1.4-1.tar.gz"
         }
       }
     },
@@ -29136,8 +29156,8 @@
         "type": "other",
         "other": {
           "name": "usermode",
-          "version": "1.112",
-          "downloadUrl": "https://releases.pagure.org/usermode/usermode-1.112.autotoolized.tar.xz"
+          "version": "1.114",
+          "downloadUrl": "https://releases.pagure.org/usermode/usermode-1.114.tar.xz"
         }
       }
     },

From 9a3aa760896bc13a881fef2c42ade9eb60830785 Mon Sep 17 00:00:00 2001
From: Aditya Dubey <110563293+Adub17030MS@users.noreply.github.com>
Date: Fri, 27 Sep 2024 12:08:37 -0700
Subject: [PATCH 41/59] Add host metadata to logs (Host distro & version and
 versions of dependencies) (#10568)

---
 .../pkg/imagecustomizerlib/imagecustomizer.go |  2 +
 .../versionsOfToolDependencies.go             | 98 +++++++++++++++++++
 2 files changed, 100 insertions(+)
 create mode 100644 toolkit/tools/pkg/imagecustomizerlib/versionsOfToolDependencies.go

diff --git a/toolkit/tools/pkg/imagecustomizerlib/imagecustomizer.go b/toolkit/tools/pkg/imagecustomizerlib/imagecustomizer.go
index 4fc0b1c5905..cda6b503fcd 100644
--- a/toolkit/tools/pkg/imagecustomizerlib/imagecustomizer.go
+++ b/toolkit/tools/pkg/imagecustomizerlib/imagecustomizer.go
@@ -172,6 +172,8 @@ func CustomizeImageWithConfigFile(buildDir string, configFile string, imageFile
 ) error {
 	var err error
 
+	logVersionsOfToolDeps()
+
 	var config imagecustomizerapi.Config
 	err = imagecustomizerapi.UnmarshalYamlFile(configFile, &config)
 	if err != nil {
diff --git a/toolkit/tools/pkg/imagecustomizerlib/versionsOfToolDependencies.go b/toolkit/tools/pkg/imagecustomizerlib/versionsOfToolDependencies.go
new file mode 100644
index 00000000000..8f5acd82884
--- /dev/null
+++ b/toolkit/tools/pkg/imagecustomizerlib/versionsOfToolDependencies.go
@@ -0,0 +1,98 @@
+package imagecustomizerlib
+
+import (
+	"os"
+	"os/exec"
+	"regexp"
+	"strings"
+
+	"github.com/microsoft/azurelinux/toolkit/tools/internal/logger"
+)
+
+func logVersionsOfToolDeps() {
+	// Map of version flags with corresponding packages
+	versionFlags := map[string][]string{
+		"--version": {
+			"qemu-img", "rpm", "dd", "lsblk", "losetup", "sfdisk", "udevadm",
+			"flock", "blkid", "sed", "createrepo", "genisoimage", "parted", "mkfs",
+			"fsck", "fatlabel", "zstd", "veritysetup", "grub-install",
+		},
+		"-version": {
+			"mksquashfs",
+		},
+		"version": {
+			"openssl",
+		},
+		"-V": {
+			"mkfs.ext4", "mkfs.xfs", "e2fsck", "xfs_repair", "xfs_admin",
+		},
+		"": {
+			"mkfs.vfat", "resize2fs", "tune2fs",
+		},
+	}
+
+	// Get distro and version
+	distro, version := getDistroAndVersion()
+	logger.Log.Debugf("Distro: %s, Version: %s", distro, version)
+
+	// Get versions of packages
+	logger.Log.Debugf("Tool Dependencies:")
+	for versionFlag, pkgList := range versionFlags {
+		for _, pkg := range pkgList {
+			version, err := getPackageVersion(pkg, versionFlag)
+			if err != nil {
+				logger.Log.Debugf("%s: not installed or error retrieving version", pkg)
+			} else {
+				logger.Log.Debugf("%s: %s", pkg, version)
+			}
+		}
+	}
+}
+
+// Function to get the distribution and version of the host machine
+func getDistroAndVersion() (string, string) {
+	output, err := os.ReadFile("/etc/os-release")
+	if err != nil {
+		return "Unknown Distro", "Unknown Version"
+	}
+
+	lines := strings.Split(string(output), "\n")
+	distro := "Unknown Distro"
+	version := "Unknown Version"
+
+	for _, line := range lines {
+		if strings.HasPrefix(line, "NAME=") {
+			distro = strings.Trim(strings.TrimPrefix(line, "NAME="), "\"")
+		} else if strings.HasPrefix(line, "VERSION=") {
+			version = strings.Trim(strings.TrimPrefix(line, "VERSION="), "\"")
+		}
+	}
+
+	return distro, version
+}
+
+// Function to get the version of a package
+func getPackageVersion(pkg string, versionFlagParameter string) (string, error) {
+	var cmd *exec.Cmd
+	var pkgVersion string
+
+	cmd = exec.Command(pkg, versionFlagParameter)
+	output, _ := cmd.CombinedOutput()
+	outputLines := strings.Split(string(output), "\n")
+
+	// If the package does not have a version parameter, we need extract the version from the full output
+	if versionFlagParameter == "" {
+		// Regular expression to match various version formats including num.num.num, num.num, and alphanumeric versions
+		re := regexp.MustCompile(`\b\d+(\.\d+){1,3}(-\w+)?\b`)
+		for _, line := range outputLines {
+			if re.MatchString(line) {
+				pkgVersion = line
+			}
+		}
+	} else {
+		// Packages with a version parameter will have the version outputted as the first line
+		pkgVersion = strings.Split(string(output), "\n")[0]
+	}
+
+	return pkgVersion, nil
+}

From f3cf91aa77d5b62d21b27078a0fc62dc0e63c08f Mon Sep 17 00:00:00 2001
From: microsoft-golang-bot
 <81265916+microsoft-golang-bot@users.noreply.github.com>
Date: Mon, 30 Sep 2024 09:20:16 -0700
Subject: [PATCH 42/59] golang: bump Go version to 1.22.7-3 (#10565)

---
 SPECS/golang/golang.signatures.json | 2 +-
 SPECS/golang/golang.spec            | 9 ++++++---
 cgmanifest.json                     | 2 +-
 3 files changed, 8 insertions(+), 5 deletions(-)

diff --git a/SPECS/golang/golang.signatures.json b/SPECS/golang/golang.signatures.json
index 47b256ee412..271da468ced 100644
--- a/SPECS/golang/golang.signatures.json
+++ b/SPECS/golang/golang.signatures.json
@@ -2,7 +2,7 @@
   "Signatures": {
     "go.20230802.5.src.tar.gz": "56b9e0e0c3c13ca95d5efa6de4e7d49a9d190eca77919beff99d33cd3fa74e95",
     "go.20240206.2.src.tar.gz": "7982e0011aa9ab95fd0530404060410af4ba57326d26818690f334fdcb6451cd",
-    "go1.22.7-20240905.3.src.tar.gz": "4c2601d9fe6b4692b6bb4487751dec149c30bd76ad9383331a84971a66bdd0bc",
+    "go1.22.7-20240925.5.src.tar.gz": "6577057080f0d61f9b7b1c5e3a029c8a24f8c4b38a91a497115ecd259bd987ab",
     "go1.4-bootstrap-20171003.tar.gz": "f4ff5b5eb3a3cae1c993723f3eab519c5bae18866b5e5f96fe1102f0cb5c3e52"
   }
 }
diff --git a/SPECS/golang/golang.spec b/SPECS/golang/golang.spec
index dd2b912ace4..2379baf4c46 100644
--- a/SPECS/golang/golang.spec
+++ b/SPECS/golang/golang.spec
@@ -1,7 +1,7 @@
 %global goroot          %{_libdir}/golang
 %global gopath          %{_datadir}/gocode
-%global ms_go_filename  go1.22.7-20240905.3.src.tar.gz
-%global ms_go_revision  1
+%global ms_go_filename  go1.22.7-20240925.5.src.tar.gz
+%global ms_go_revision  3
 %ifarch aarch64
 %global gohostarch      arm64
 %else
@@ -15,7 +15,7 @@
 Summary:        Go
 Name:           golang
 Version:        1.22.7
-Release:        1%{?dist}
+Release:        2%{?dist}
 License:        BSD-3-Clause
 Vendor:         Microsoft Corporation
 Distribution:   Azure Linux
@@ -153,6 +153,9 @@ fi
 %{_bindir}/*
 
 %changelog
+* Thu Sep 26 2024 Microsoft Golang Bot <microsoft-golang-bot@users.noreply.github.com> - 1.22.7-2
+- Bump version to 1.22.7-3
+
 * Fri Sep 06 2024 Microsoft Golang Bot <microsoft-golang-bot@users.noreply.github.com> - 1.22.7-1
 - Bump version to 1.22.7-1
 
diff --git a/cgmanifest.json b/cgmanifest.json
index 17e5a7607d7..75c699cd9a3 100644
--- a/cgmanifest.json
+++ b/cgmanifest.json
@@ -4591,7 +4591,7 @@
         "other": {
           "name": "golang",
           "version": "1.22.7",
-          "downloadUrl": "https://github.com/microsoft/go/releases/download/v1.22.7-1/go1.22.7-20240905.3.src.tar.gz"
+          "downloadUrl": "https://github.com/microsoft/go/releases/download/v1.22.7-3/go1.22.7-20240925.5.src.tar.gz"
         }
       }
     },

From 1bc0923d7fccdbe201c5b60e1e1c17aca175e7df Mon Sep 17 00:00:00 2001
From: Archana Choudhary <36061892+arc9693@users.noreply.github.com>
Date: Mon, 30 Sep 2024 21:55:24 +0530
Subject: [PATCH 43/59] keda: upgrade to 2.14.1 to fix CVE-2024-35255 (#10575)

---
 SPECS/keda/keda.signatures.json | 4 ++--
 SPECS/keda/keda.spec            | 8 ++++++--
 cgmanifest.json                 | 4 ++--
 3 files changed, 10 insertions(+), 6 deletions(-)

diff --git a/SPECS/keda/keda.signatures.json b/SPECS/keda/keda.signatures.json
index 01067dd2549..04ea160db2e 100644
--- a/SPECS/keda/keda.signatures.json
+++ b/SPECS/keda/keda.signatures.json
@@ -1,6 +1,6 @@
 {
  "Signatures": {
-  "keda-2.14.0-vendor.tar.gz": "36e62d59b865b119070868c5d237e935bd633eacad31b1dc91e9bdcb3d5fd3cf",
-  "keda-2.14.0.tar.gz": "f99bf7540a70cf44d5450146737e62c5860276a14fadfa020ad05b6c1f1c8f8a"
+  "keda-2.14.1-vendor.tar.gz": "8bd0e8a26be3011de6455166874e3613ce39e99f6e7c8af49eae7cbf05d02efe",
+  "keda-2.14.1.tar.gz": "5a843fccb39f23ea4de03a88a803129223baf9131ec802bbae438cb83bcf3272"
  }
 }
diff --git a/SPECS/keda/keda.spec b/SPECS/keda/keda.spec
index c243af50866..bd64f4b864f 100644
--- a/SPECS/keda/keda.spec
+++ b/SPECS/keda/keda.spec
@@ -1,7 +1,7 @@
 Summary:        Kubernetes-based Event Driven Autoscaling
 Name:           keda
-Version:        2.14.0
-Release:        2%{?dist}
+Version:        2.14.1
+Release:        1%{?dist}
 License:        ASL 2.0
 Vendor:         Microsoft Corporation
 Distribution:   Azure Linux
@@ -60,6 +60,10 @@ cp ./bin/keda-admission-webhooks %{buildroot}%{_bindir}
 %{_bindir}/%{name}-admission-webhooks
 
 %changelog
+* Fri Sep 27 2024 Archana Choudhary <archana1@microsoft.com> - 2.14.1-1
+- Upgrade to 2.14.1
+- Fix CVE-2024-35255 in github.com/Azure/azure-sdk-for-go/sdk/azidentity 
+
 * Thu Aug 01 2024 Bala <balakumaran.kannan@microsoft.com> - 2.14.0-2
 - Added CVE-2024-6104.patch
 
diff --git a/cgmanifest.json b/cgmanifest.json
index 75c699cd9a3..90078ee7671 100644
--- a/cgmanifest.json
+++ b/cgmanifest.json
@@ -8081,8 +8081,8 @@
         "type": "other",
         "other": {
           "name": "keda",
-          "version": "2.14.0",
-          "downloadUrl": "https://github.com/kedacore/keda/archive/refs/tags/v2.14.0.tar.gz"
+          "version": "2.14.1",
+          "downloadUrl": "https://github.com/kedacore/keda/archive/refs/tags/v2.14.1.tar.gz"
         }
       }
     },

From 90d4eb8e92cb6dd0c4ef1022e13d02f017d9d4e3 Mon Sep 17 00:00:00 2001
From: Chris Gunn <chrisgun@microsoft.com>
Date: Mon, 30 Sep 2024 11:44:27 -0700
Subject: [PATCH 44/59] Image Customizer: Allow verity partitions to be
 specified by 'id'. (#10564)

Permit the verity 'hashPartition' and 'dataPartition' to be specified by partition 'id' instead of needing to be specified by partition 'label'.
---
 .../imagecustomizer/docs/configuration.md     |   4 +-
 toolkit/tools/imagecustomizerapi/config.go    |  37 +++++
 .../tools/imagecustomizerapi/config_test.go   | 153 ++++++++++++++++++
 toolkit/tools/imagecustomizerapi/idtype.go    |   3 +-
 .../imagecustomizerlib/customizepartitions.go |  15 +-
 .../customizepartitionsfilecopy.go            |  12 +-
 .../pkg/imagecustomizerlib/customizeverity.go |  57 ++++---
 .../customizeverity_test.go                   |  17 +-
 .../pkg/imagecustomizerlib/imagecustomizer.go |  30 ++--
 .../pkg/imagecustomizerlib/imageutils.go      |  53 ++++--
 .../imagecustomizerlib/liveosisobuilder.go    |   2 +-
 .../imagecustomizerlib/shrinkfilesystems.go   |   6 +-
 .../testdata/verity-config.yaml               |  10 +-
 .../testdata/verity-partition-labels.yaml     | 100 ++++++++++++
 14 files changed, 414 insertions(+), 85 deletions(-)
 create mode 100644 toolkit/tools/pkg/imagecustomizerlib/testdata/verity-partition-labels.yaml

diff --git a/toolkit/tools/imagecustomizer/docs/configuration.md b/toolkit/tools/imagecustomizer/docs/configuration.md
index ff34a96ab81..e83246e08cb 100644
--- a/toolkit/tools/imagecustomizer/docs/configuration.md
+++ b/toolkit/tools/imagecustomizer/docs/configuration.md
@@ -519,8 +519,8 @@ please refer to the [overlay type](#overlay-type) section.
   at each system boot.
 
   - `idType`: Specifies the type of id for the partition. The options are
-    `part-label` (partition label), `uuid` (filesystem UUID), and `part-uuid`
-    (partition UUID).
+    `id` (partition [id](#id-string)), `part-label` (partition label),
+    `uuid` (filesystem UUID), and `part-uuid` (partition UUID).
 
   - `id`: The unique identifier value of the partition, corresponding to the
     specified IdType.
diff --git a/toolkit/tools/imagecustomizerapi/config.go b/toolkit/tools/imagecustomizerapi/config.go
index 65b4976f6a5..1a61ee6b9a5 100644
--- a/toolkit/tools/imagecustomizerapi/config.go
+++ b/toolkit/tools/imagecustomizerapi/config.go
@@ -64,5 +64,42 @@ func (c *Config) IsValid() (err error) {
 		return fmt.Errorf("os.resetBootLoaderType must be specified if resetPartitionsUuidsType is specified")
 	}
 
+	if c.OS != nil && c.OS.Verity != nil {
+		err := ensureVerityPartitionIdExists(c.OS.Verity.DataPartition, c.Storage)
+		if err != nil {
+			return fmt.Errorf("invalid verity 'dataPartition':\n%w", err)
+		}
+
+		err = ensureVerityPartitionIdExists(c.OS.Verity.HashPartition, c.Storage)
+		if err != nil {
+			return fmt.Errorf("invalid verity 'hashPartition':\n%w", err)
+		}
+	}
+
+	return nil
+}
+
+func ensureVerityPartitionIdExists(verityPartition IdentifiedPartition, storage *Storage) error {
+	switch verityPartition.IdType {
+	case IdTypeId:
+		if storage == nil {
+			return fmt.Errorf("'idType' cannot be 'id' if 'storage' is not specified")
+		}
+
+		foundPartition := false
+		for _, disk := range storage.Disks {
+			for _, partition := range disk.Partitions {
+				if partition.Id == verityPartition.Id {
+					foundPartition = true
+					break
+				}
+			}
+		}
+
+		if !foundPartition {
+			return fmt.Errorf("partition with 'id' (%s) not found", verityPartition.Id)
+		}
+	}
+
 	return nil
 }
diff --git a/toolkit/tools/imagecustomizerapi/config_test.go b/toolkit/tools/imagecustomizerapi/config_test.go
index f87ac1a9aea..093244b1227 100644
--- a/toolkit/tools/imagecustomizerapi/config_test.go
+++ b/toolkit/tools/imagecustomizerapi/config_test.go
@@ -357,3 +357,156 @@ func TestConfigIsValidInvalidScripts(t *testing.T) {
 	assert.ErrorContains(t, err, "invalid postCustomization script at index 0")
 	assert.ErrorContains(t, err, "either path or content must have a value")
 }
+
+func TestConfigIsValidVerityValid(t *testing.T) {
+	config := &Config{
+		Storage: &Storage{
+			Disks: []Disk{{
+				PartitionTableType: "gpt",
+				Partitions: []Partition{
+					{
+						Id: "esp",
+						Size: PartitionSize{
+							Type: PartitionSizeTypeExplicit,
+							Size: 8 * diskutils.MiB,
+						},
+						Type: PartitionTypeESP,
+					},
+					{
+						Id: "root",
+						Size: PartitionSize{
+							Type: PartitionSizeTypeExplicit,
+							Size: 1 * diskutils.GiB,
+						},
+					},
+					{
+						Id: "verityhash",
+						Size: PartitionSize{
+							Type: PartitionSizeTypeExplicit,
+							Size: 100 * diskutils.MiB,
+						},
+					},
+				},
+			}},
+			BootType: "efi",
+			FileSystems: []FileSystem{
+				{
+					DeviceId: "esp",
+					Type:     "fat32",
+					MountPoint: &MountPoint{
+						Path: "/boot/efi",
+					},
+				},
+				{
+					DeviceId: "root",
+					Type:     "ext4",
+					MountPoint: &MountPoint{
+						Path: "/",
+					},
+				},
+			},
+		},
+		OS: &OS{
+			ResetBootLoaderType: "hard-reset",
+			Verity: &Verity{
+				DataPartition: IdentifiedPartition{
+					IdType: IdTypeId,
+					Id:     "root",
+				},
+				HashPartition: IdentifiedPartition{
+					IdType: IdTypeId,
+					Id:     "verityhash",
+				},
+			},
+		},
+	}
+	err := config.IsValid()
+	assert.NoError(t, err)
+}
+
+func TestConfigIsValidVerityPartitionNotFound(t *testing.T) {
+	config := &Config{
+		Storage: &Storage{
+			Disks: []Disk{{
+				PartitionTableType: "gpt",
+				Partitions: []Partition{
+					{
+						Id: "esp",
+						Size: PartitionSize{
+							Type: PartitionSizeTypeExplicit,
+							Size: 8 * diskutils.MiB,
+						},
+						Type: PartitionTypeESP,
+					},
+					{
+						Id: "root",
+						Size: PartitionSize{
+							Type: PartitionSizeTypeExplicit,
+							Size: 1 * diskutils.GiB,
+						},
+					},
+					{
+						Id: "verityhash",
+						Size: PartitionSize{
+							Type: PartitionSizeTypeExplicit,
+							Size: 100 * diskutils.MiB,
+						},
+					},
+				},
+			}},
+			BootType: "efi",
+			FileSystems: []FileSystem{
+				{
+					DeviceId: "esp",
+					Type:     "fat32",
+					MountPoint: &MountPoint{
+						Path: "/boot/efi",
+					},
+				},
+				{
+					DeviceId: "root",
+					Type:     "ext4",
+					MountPoint: &MountPoint{
+						Path: "/",
+					},
+				},
+			},
+		},
+		OS: &OS{
+			ResetBootLoaderType: "hard-reset",
+			Verity: &Verity{
+				DataPartition: IdentifiedPartition{
+					IdType: IdTypeId,
+					Id:     "wrongname",
+				},
+				HashPartition: IdentifiedPartition{
+					IdType: IdTypeId,
+					Id:     "verityhash",
+				},
+			},
+		},
+	}
+	err := config.IsValid()
+	assert.ErrorContains(t, err, "invalid verity 'dataPartition'")
+	assert.ErrorContains(t, err, "partition with 'id' (wrongname) not found")
+}
+
+func TestConfigIsValidVerityNoStorage(t *testing.T) {
+	config := &Config{
+		OS: &OS{
+			Verity: &Verity{
+				DataPartition: IdentifiedPartition{
+					IdType: IdTypePartLabel,
+					Id:     "root",
+				},
+				HashPartition: IdentifiedPartition{
+					IdType: IdTypeId,
+					Id:     "verityhash",
+				},
+			},
+		},
+	}
+	err := config.IsValid()
+	assert.ErrorContains(t, err, "invalid verity 'hashPartition'")
+	assert.ErrorContains(t, err, "'idType' cannot be 'id' if 'storage' is not specified")
+}
diff --git a/toolkit/tools/imagecustomizerapi/idtype.go b/toolkit/tools/imagecustomizerapi/idtype.go
index 85139b2d129..2b7e634456c 100644
--- a/toolkit/tools/imagecustomizerapi/idtype.go
+++ b/toolkit/tools/imagecustomizerapi/idtype.go
@@ -10,6 +10,7 @@ import (
 type IdType string
 
 const (
+	IdTypeId        IdType = "id"
 	IdTypePartLabel IdType = "part-label"
 	IdTypeUuid      IdType = "uuid"
 	IdTypePartUuid  IdType = "part-uuid"
@@ -17,7 +18,7 @@ const (
 
 func (i IdType) IsValid() error {
 	switch i {
-	case IdTypePartLabel, IdTypeUuid, IdTypePartUuid:
+	case IdTypeId, IdTypePartLabel, IdTypeUuid, IdTypePartUuid:
 		// All good.
 		return nil
 
diff --git a/toolkit/tools/pkg/imagecustomizerlib/customizepartitions.go b/toolkit/tools/pkg/imagecustomizerlib/customizepartitions.go
index df4bcb8d1f1..d0d4ba09281 100644
--- a/toolkit/tools/pkg/imagecustomizerlib/customizepartitions.go
+++ b/toolkit/tools/pkg/imagecustomizerlib/customizepartitions.go
@@ -12,7 +12,7 @@ import (
 
 func customizePartitions(buildDir string, baseConfigPath string, config *imagecustomizerapi.Config,
 	buildImageFile string,
-) (bool, string, error) {
+) (bool, string, map[string]string, error) {
 	switch {
 	case config.Storage != nil:
 		logger.Log.Infof("Customizing partitions")
@@ -21,24 +21,25 @@ func customizePartitions(buildDir string, baseConfigPath string, config *imagecu
 
 		// If there is no known way to create the new partition layout from the old one,
 		// then fallback to creating the new partitions from scratch and doing a file copy.
-		err := customizePartitionsUsingFileCopy(buildDir, baseConfigPath, config, buildImageFile, newBuildImageFile)
+		partIdToPartUuid, err := customizePartitionsUsingFileCopy(buildDir, baseConfigPath, config,
+			buildImageFile, newBuildImageFile)
 		if err != nil {
-			return false, "", err
+			return false, "", nil, err
 		}
 
-		return true, newBuildImageFile, nil
+		return true, newBuildImageFile, partIdToPartUuid, nil
 
 	case config.ResetPartitionsUuidsType != imagecustomizerapi.ResetPartitionsUuidsTypeDefault:
 		err := resetPartitionsUuids(buildImageFile, buildDir)
 		if err != nil {
-			return false, "", err
+			return false, "", nil, err
 		}
 
-		return true, buildImageFile, nil
+		return true, buildImageFile, nil, nil
 
 	default:
 		// No changes to make to the partitions.
 		// So, just use the original disk.
-		return false, buildImageFile, nil
+		return false, buildImageFile, nil, nil
 	}
 }
diff --git a/toolkit/tools/pkg/imagecustomizerlib/customizepartitionsfilecopy.go b/toolkit/tools/pkg/imagecustomizerlib/customizepartitionsfilecopy.go
index ed5c4e18e66..f4121a53863 100644
--- a/toolkit/tools/pkg/imagecustomizerlib/customizepartitionsfilecopy.go
+++ b/toolkit/tools/pkg/imagecustomizerlib/customizepartitionsfilecopy.go
@@ -14,10 +14,10 @@ import (
 
 func customizePartitionsUsingFileCopy(buildDir string, baseConfigPath string, config *imagecustomizerapi.Config,
 	buildImageFile string, newBuildImageFile string,
-) error {
+) (map[string]string, error) {
 	existingImageConnection, err := connectToExistingImage(buildImageFile, buildDir, "imageroot", false)
 	if err != nil {
-		return err
+		return nil, err
 	}
 	defer existingImageConnection.Close()
 
@@ -27,18 +27,18 @@ func customizePartitionsUsingFileCopy(buildDir string, baseConfigPath string, co
 		return copyFilesIntoNewDisk(existingImageConnection.Chroot(), imageChroot)
 	}
 
-	err = createNewImage(newBuildImageFile, diskConfig, config.Storage.FileSystems,
+	partIdToPartUuid, err := createNewImage(newBuildImageFile, diskConfig, config.Storage.FileSystems,
 		buildDir, "newimageroot", installOSFunc)
 	if err != nil {
-		return err
+		return nil, err
 	}
 
 	err = existingImageConnection.CleanClose()
 	if err != nil {
-		return err
+		return nil, err
 	}
 
-	return nil
+	return partIdToPartUuid, nil
 }
 
 func copyFilesIntoNewDisk(existingImageChroot *safechroot.Chroot, newImageChroot *safechroot.Chroot) error {
diff --git a/toolkit/tools/pkg/imagecustomizerlib/customizeverity.go b/toolkit/tools/pkg/imagecustomizerlib/customizeverity.go
index aefcc1e1c69..1b12678dc3b 100644
--- a/toolkit/tools/pkg/imagecustomizerlib/customizeverity.go
+++ b/toolkit/tools/pkg/imagecustomizerlib/customizeverity.go
@@ -97,23 +97,22 @@ func prepareGrubConfigForVerity(imageChroot *safechroot.Chroot) error {
 	return nil
 }
 
-func updateGrubConfigForVerity(dataPartitionIdType imagecustomizerapi.IdType, dataPartitionId string,
-	hashPartitionIdType imagecustomizerapi.IdType, hashPartitionId string,
-	corruptionOption imagecustomizerapi.CorruptionOption, rootHash string, grubCfgFullPath string,
+func updateGrubConfigForVerity(verity *imagecustomizerapi.Verity, rootHash string, grubCfgFullPath string,
+	partIdToPartUuid map[string]string,
 ) error {
 	var err error
 
 	// Format the dataPartitionId and hashPartitionId using the helper function.
-	formattedDataPartition, err := systemdFormatPartitionId(dataPartitionIdType, dataPartitionId)
+	formattedDataPartition, err := systemdFormatPartitionId(verity.DataPartition, partIdToPartUuid)
 	if err != nil {
 		return err
 	}
-	formattedHashPartition, err := systemdFormatPartitionId(hashPartitionIdType, hashPartitionId)
+	formattedHashPartition, err := systemdFormatPartitionId(verity.HashPartition, partIdToPartUuid)
 	if err != nil {
 		return err
 	}
 
-	formattedCorruptionOption, err := systemdFormatCorruptionOption(corruptionOption)
+	formattedCorruptionOption, err := systemdFormatCorruptionOption(verity.CorruptionOption)
 	if err != nil {
 		return err
 	}
@@ -164,11 +163,11 @@ func updateGrubConfigForVerity(dataPartitionIdType imagecustomizerapi.IdType, da
 
 // idToPartitionBlockDevicePath returns the block device path for a given idType and id.
 func idToPartitionBlockDevicePath(partitionId imagecustomizerapi.IdentifiedPartition,
-	diskPartitions []diskutils.PartitionInfo,
+	diskPartitions []diskutils.PartitionInfo, partIdToPartUuid map[string]string,
 ) (string, error) {
 	// Iterate over each partition to find the matching id.
 	for _, partition := range diskPartitions {
-		matches, err := partitionMatchesId(partitionId, partition)
+		matches, err := partitionMatchesId(partitionId, partition, partIdToPartUuid)
 		if err != nil {
 			return "", err
 		}
@@ -183,38 +182,46 @@ func idToPartitionBlockDevicePath(partitionId imagecustomizerapi.IdentifiedParti
 }
 
 func partitionMatchesId(partitionId imagecustomizerapi.IdentifiedPartition, partition diskutils.PartitionInfo,
+	partIdToPartUuid map[string]string,
 ) (bool, error) {
 	switch partitionId.IdType {
+	case imagecustomizerapi.IdTypeId:
+		partUuid := partIdToPartUuid[partitionId.Id]
+		return partition.PartUuid == partUuid, nil
+
 	case imagecustomizerapi.IdTypePartLabel:
-		if partition.PartLabel == partitionId.Id {
-			return true, nil
-		}
+		return partition.PartLabel == partitionId.Id, nil
+
 	case imagecustomizerapi.IdTypeUuid:
-		if partition.Uuid == partitionId.Id {
-			return true, nil
-		}
+		return partition.Uuid == partitionId.Id, nil
+
 	case imagecustomizerapi.IdTypePartUuid:
-		if partition.PartUuid == partitionId.Id {
-			return true, nil
-		}
+		return partition.PartUuid == partitionId.Id, nil
+
 	default:
 		return true, fmt.Errorf("invalid idType provided (%s)", string(partitionId.IdType))
 	}
-
-	return false, nil
 }
 
 // systemdFormatPartitionId formats the partition ID based on the ID type following systemd dm-verity style.
-func systemdFormatPartitionId(idType imagecustomizerapi.IdType, id string) (string, error) {
-	switch idType {
+func systemdFormatPartitionId(partition imagecustomizerapi.IdentifiedPartition, partIdToPartUuid map[string]string,
+) (string, error) {
+	switch partition.IdType {
+	case imagecustomizerapi.IdTypeId:
+		partUuid := partIdToPartUuid[partition.Id]
+		return fmt.Sprintf("%s=%s", "PARTUUID", partUuid), nil
+
 	case imagecustomizerapi.IdTypePartLabel:
-		return fmt.Sprintf("%s=%s", "PARTLABEL", id), nil
+		return fmt.Sprintf("%s=%s", "PARTLABEL", partition.Id), nil
+
 	case imagecustomizerapi.IdTypeUuid:
-		return fmt.Sprintf("%s=%s", "UUID", id), nil
+		return fmt.Sprintf("%s=%s", "UUID", partition.Id), nil
+
 	case imagecustomizerapi.IdTypePartUuid:
-		return fmt.Sprintf("%s=%s", "PARTUUID", id), nil
+		return fmt.Sprintf("%s=%s", "PARTUUID", partition.Id), nil
+
 	default:
-		return "", fmt.Errorf("invalid idType provided (%s)", string(idType))
+		return "", fmt.Errorf("invalid idType provided (%s)", string(partition.IdType))
 	}
 }
 
diff --git a/toolkit/tools/pkg/imagecustomizerlib/customizeverity_test.go b/toolkit/tools/pkg/imagecustomizerlib/customizeverity_test.go
index 20d82fd6065..0f96fc2a8d0 100644
--- a/toolkit/tools/pkg/imagecustomizerlib/customizeverity_test.go
+++ b/toolkit/tools/pkg/imagecustomizerlib/customizeverity_test.go
@@ -74,11 +74,15 @@ func testCustomizeImageVerityHelper(t *testing.T, testName string, imageType bas
 	}
 	defer imageConnection.Close()
 
+	partitions, err := getDiskPartitionsMap(imageConnection.Loopback().DevicePath())
+	assert.NoError(t, err, "get disk partitions")
+
 	// Verify that verity is configured correctly.
 	bootPath := filepath.Join(imageConnection.chroot.RootDir(), "/boot")
 	rootDevice := partitionDevPath(imageConnection, 3)
 	hashDevice := partitionDevPath(imageConnection, 4)
-	verifyVerity(t, bootPath, rootDevice, hashDevice)
+	verifyVerity(t, bootPath, rootDevice, hashDevice, "PARTUUID="+partitions[3].PartUuid,
+		"PARTUUID="+partitions[4].PartUuid)
 }
 
 func TestCustomizeImageVerityShrinkExtract(t *testing.T) {
@@ -98,7 +102,7 @@ func testCustomizeImageVerityShrinkExtractHelper(t *testing.T, testName string,
 	testTempDir := filepath.Join(tmpDir, testName)
 	buildDir := filepath.Join(testTempDir, "build")
 	outImageFilePath := filepath.Join(testTempDir, "image.raw")
-	configFile := filepath.Join(testDir, "verity-config.yaml")
+	configFile := filepath.Join(testDir, "verity-partition-labels.yaml")
 
 	var config imagecustomizerapi.Config
 	err := imagecustomizerapi.UnmarshalYamlFile(configFile, &config)
@@ -152,10 +156,11 @@ func testCustomizeImageVerityShrinkExtractHelper(t *testing.T, testName string,
 	defer bootMount.Close()
 
 	// Verify that verity is configured correctly.
-	verifyVerity(t, bootMountPath, rootDevice.DevicePath(), hashDevice.DevicePath())
+	verifyVerity(t, bootMountPath, rootDevice.DevicePath(), hashDevice.DevicePath(), "PARTLABEL=root",
+		"PARTLABEL=root-hash")
 }
 
-func verifyVerity(t *testing.T, bootPath string, rootDevice string, hashDevice string) {
+func verifyVerity(t *testing.T, bootPath string, rootDevice string, hashDevice string, rootId string, hashId string) {
 	// Verify verity kernel args.
 	grubCfgPath := filepath.Join(bootPath, "/grub2/grub.cfg")
 	grubCfgContents, err := file.Read(grubCfgPath)
@@ -164,8 +169,8 @@ func verifyVerity(t *testing.T, bootPath string, rootDevice string, hashDevice s
 	}
 
 	assert.Regexp(t, `(?m)linux.* rd.systemd.verity=1 `, grubCfgContents)
-	assert.Regexp(t, `(?m)linux.* systemd.verity_root_data=PARTLABEL=root `, grubCfgContents)
-	assert.Regexp(t, `(?m)linux.* systemd.verity_root_hash=PARTLABEL=root-hash `, grubCfgContents)
+	assert.Regexp(t, fmt.Sprintf(`(?m)linux.* systemd.verity_root_data=%s `, rootId), grubCfgContents)
+	assert.Regexp(t, fmt.Sprintf(`(?m)linux.* systemd.verity_root_hash=%s `, hashId), grubCfgContents)
 	assert.Regexp(t, `(?m)linux.* systemd.verity_root_options=panic-on-corruption `, grubCfgContents)
 
 	// Read root hash from grub.cfg file.
diff --git a/toolkit/tools/pkg/imagecustomizerlib/imagecustomizer.go b/toolkit/tools/pkg/imagecustomizerlib/imagecustomizer.go
index cda6b503fcd..2d91123dd49 100644
--- a/toolkit/tools/pkg/imagecustomizerlib/imagecustomizer.go
+++ b/toolkit/tools/pkg/imagecustomizerlib/imagecustomizer.go
@@ -346,7 +346,8 @@ func customizeOSContents(ic *ImageCustomizerParameters) error {
 	}
 
 	// Customize the partitions.
-	partitionsCustomized, newRawImageFile, err := customizePartitions(ic.buildDirAbs, ic.configPath, ic.config, ic.rawImageFile)
+	partitionsCustomized, newRawImageFile, partIdToPartUuid, err := customizePartitions(ic.buildDirAbs,
+		ic.configPath, ic.config, ic.rawImageFile)
 	if err != nil {
 		return err
 	}
@@ -359,8 +360,8 @@ func customizeOSContents(ic *ImageCustomizerParameters) error {
 	}
 
 	// Customize the raw image file.
-	err = customizeImageHelper(ic.buildDirAbs, ic.configPath, ic.config, ic.rawImageFile, ic.rpmsSources, ic.useBaseImageRpmRepos,
-		partitionsCustomized, imageUuidStr)
+	err = customizeImageHelper(ic.buildDirAbs, ic.configPath, ic.config, ic.rawImageFile, ic.rpmsSources,
+		ic.useBaseImageRpmRepos, partitionsCustomized, imageUuidStr)
 	if err != nil {
 		return err
 	}
@@ -372,7 +373,7 @@ func customizeOSContents(ic *ImageCustomizerParameters) error {
 			verityHashPartitionId = ptrutils.PtrTo(ic.config.OS.Verity.HashPartition)
 		}
 
-		err = shrinkFilesystemsHelper(ic.rawImageFile, verityHashPartitionId)
+		err = shrinkFilesystemsHelper(ic.rawImageFile, verityHashPartitionId, partIdToPartUuid)
 		if err != nil {
 			return fmt.Errorf("failed to shrink filesystems:\n%w", err)
 		}
@@ -380,7 +381,7 @@ func customizeOSContents(ic *ImageCustomizerParameters) error {
 
 	if ic.config.OS.Verity != nil {
 		// Customize image for dm-verity, setting up verity metadata and security features.
-		err = customizeVerityImageHelper(ic.buildDirAbs, ic.configPath, ic.config, ic.rawImageFile)
+		err = customizeVerityImageHelper(ic.buildDirAbs, ic.configPath, ic.config, ic.rawImageFile, partIdToPartUuid)
 		if err != nil {
 			return err
 		}
@@ -657,7 +658,8 @@ func validatePackageLists(baseConfigPath string, config *imagecustomizerapi.OS,
 
 func customizeImageHelper(buildDir string, baseConfigPath string, config *imagecustomizerapi.Config,
 	rawImageFile string, rpmsSources []string, useBaseImageRpmRepos bool, partitionsCustomized bool,
-	imageUuidStr string) error {
+	imageUuidStr string,
+) error {
 	logger.Log.Debugf("Customizing OS")
 
 	imageConnection, err := connectToExistingImage(rawImageFile, buildDir, "imageroot", true)
@@ -707,7 +709,9 @@ func extractPartitionsHelper(rawImageFile string, outputDir string, outputBasena
 	return nil
 }
 
-func shrinkFilesystemsHelper(buildImageFile string, verityHashPartition *imagecustomizerapi.IdentifiedPartition) error {
+func shrinkFilesystemsHelper(buildImageFile string, verityHashPartition *imagecustomizerapi.IdentifiedPartition,
+	partIdToPartUuid map[string]string,
+) error {
 	imageLoopback, err := safeloopback.NewLoopback(buildImageFile)
 	if err != nil {
 		return err
@@ -715,7 +719,7 @@ func shrinkFilesystemsHelper(buildImageFile string, verityHashPartition *imagecu
 	defer imageLoopback.Close()
 
 	// Shrink the filesystems.
-	err = shrinkFilesystems(imageLoopback.DevicePath(), verityHashPartition)
+	err = shrinkFilesystems(imageLoopback.DevicePath(), verityHashPartition, partIdToPartUuid)
 	if err != nil {
 		return err
 	}
@@ -729,7 +733,7 @@ func shrinkFilesystemsHelper(buildImageFile string, verityHashPartition *imagecu
 }
 
 func customizeVerityImageHelper(buildDir string, baseConfigPath string, config *imagecustomizerapi.Config,
-	buildImageFile string,
+	buildImageFile string, partIdToPartUuid map[string]string,
 ) error {
 	var err error
 
@@ -745,11 +749,11 @@ func customizeVerityImageHelper(buildDir string, baseConfigPath string, config *
 	}
 
 	// Extract the partition block device path.
-	dataPartition, err := idToPartitionBlockDevicePath(config.OS.Verity.DataPartition, diskPartitions)
+	dataPartition, err := idToPartitionBlockDevicePath(config.OS.Verity.DataPartition, diskPartitions, partIdToPartUuid)
 	if err != nil {
 		return err
 	}
-	hashPartition, err := idToPartitionBlockDevicePath(config.OS.Verity.HashPartition, diskPartitions)
+	hashPartition, err := idToPartitionBlockDevicePath(config.OS.Verity.HashPartition, diskPartitions, partIdToPartUuid)
 	if err != nil {
 		return err
 	}
@@ -795,9 +799,7 @@ func customizeVerityImageHelper(buildDir string, baseConfigPath string, config *
 		return fmt.Errorf("failed to stat file (%s):\n%w", grubCfgFullPath, err)
 	}
 
-	err = updateGrubConfigForVerity(config.OS.Verity.DataPartition.IdType, config.OS.Verity.DataPartition.Id,
-		config.OS.Verity.HashPartition.IdType, config.OS.Verity.HashPartition.Id, config.OS.Verity.CorruptionOption,
-		rootHash, grubCfgFullPath)
+	err = updateGrubConfigForVerity(config.OS.Verity, rootHash, grubCfgFullPath, partIdToPartUuid)
 	if err != nil {
 		return err
 	}
diff --git a/toolkit/tools/pkg/imagecustomizerlib/imageutils.go b/toolkit/tools/pkg/imagecustomizerlib/imageutils.go
index 64ecaeb31b1..b8927491800 100644
--- a/toolkit/tools/pkg/imagecustomizerlib/imageutils.go
+++ b/toolkit/tools/pkg/imagecustomizerlib/imageutils.go
@@ -60,52 +60,52 @@ func connectToExistingImageHelper(imageConnection *ImageConnection, imageFilePat
 func createNewImage(filename string, diskConfig imagecustomizerapi.Disk,
 	fileSystems []imagecustomizerapi.FileSystem, buildDir string, chrootDirName string,
 	installOS installOSFunc,
-) error {
+) (map[string]string, error) {
 	imageConnection := NewImageConnection()
 	defer imageConnection.Close()
 
-	err := createNewImageHelper(imageConnection, filename, diskConfig, fileSystems, buildDir, chrootDirName,
+	partIdToPartUuid, err := createNewImageHelper(imageConnection, filename, diskConfig, fileSystems, buildDir, chrootDirName,
 		installOS)
 	if err != nil {
-		return fmt.Errorf("failed to create new image:\n%w", err)
+		return nil, fmt.Errorf("failed to create new image:\n%w", err)
 	}
 
 	// Close image.
 	err = imageConnection.CleanClose()
 	if err != nil {
-		return err
+		return nil, err
 	}
 
-	return nil
+	return partIdToPartUuid, nil
 }
 
 func createNewImageHelper(imageConnection *ImageConnection, filename string, diskConfig imagecustomizerapi.Disk,
 	fileSystems []imagecustomizerapi.FileSystem, buildDir string, chrootDirName string,
 	installOS installOSFunc,
-) error {
+) (map[string]string, error) {
 
 	// Convert config to image config types, so that the imager's utils can be used.
 	imagerDiskConfig, err := diskConfigToImager(diskConfig, fileSystems)
 	if err != nil {
-		return err
+		return nil, err
 	}
 
 	imagerPartitionSettings, err := partitionSettingsToImager(fileSystems)
 	if err != nil {
-		return err
+		return nil, err
 	}
 
 	// Create imager boilerplate.
-	_, tmpFstabFile, err := createImageBoilerplate(imageConnection, filename, buildDir, chrootDirName, imagerDiskConfig,
-		imagerPartitionSettings)
+	partIdToPartUuid, tmpFstabFile, err := createImageBoilerplate(imageConnection, filename, buildDir, chrootDirName,
+		imagerDiskConfig, imagerPartitionSettings)
 	if err != nil {
-		return err
+		return nil, err
 	}
 
 	// Install the OS.
 	err = installOS(imageConnection.Chroot())
 	if err != nil {
-		return err
+		return nil, err
 	}
 
 	// Move the fstab file into the image.
@@ -113,10 +113,10 @@ func createNewImageHelper(imageConnection *ImageConnection, filename string, dis
 
 	err = file.Move(tmpFstabFile, imageFstabFilePath)
 	if err != nil {
-		return fmt.Errorf("failed to move fstab into new image:\n%w", err)
+		return nil, fmt.Errorf("failed to move fstab into new image:\n%w", err)
 	}
 
-	return nil
+	return partIdToPartUuid, nil
 }
 
 func configureDiskBootLoader(imageConnection *ImageConnection, rootMountIdType imagecustomizerapi.MountIdentifierType,
@@ -189,6 +189,12 @@ func createImageBoilerplate(imageConnection *ImageConnection, filename string, b
 		return nil, "", err
 	}
 
+	// Create mapping from partition ID to partition UUID.
+	partIdToPartUuid, err := createPartIdToPartUuidMap(partIDToDevPathMap, diskPartitions)
+	if err != nil {
+		return nil, "", err
+	}
+
 	// Create the fstab file.
 	// This is done so that we can read back the file using findmnt, which conveniently splits the vfs and fs mount
 	// options for us. If we wanted to handle this more directly, we could create a golang wrapper around libmount
@@ -232,5 +238,22 @@ func createImageBoilerplate(imageConnection *ImageConnection, filename string, b
 		return nil, "", err
 	}
 
-	return mountPointMap, tmpFstabFile, nil
+	return partIdToPartUuid, tmpFstabFile, nil
+}
+
+func createPartIdToPartUuidMap(partIDToDevPathMap map[string]string, diskPartitions []diskutils.PartitionInfo,
+) (map[string]string, error) {
+	partIdToPartUuid := make(map[string]string)
+	for partId, devPath := range partIDToDevPathMap {
+		partition, found := sliceutils.FindValueFunc(diskPartitions, func(partition diskutils.PartitionInfo) bool {
+			return devPath == partition.Path
+		})
+		if !found {
+			return nil, fmt.Errorf("failed to find partition for device path (%s)", devPath)
+		}
+
+		partIdToPartUuid[partId] = partition.PartUuid
+	}
+
+	return partIdToPartUuid, nil
 }
diff --git a/toolkit/tools/pkg/imagecustomizerlib/liveosisobuilder.go b/toolkit/tools/pkg/imagecustomizerlib/liveosisobuilder.go
index c9dd2324003..01d8bffb878 100644
--- a/toolkit/tools/pkg/imagecustomizerlib/liveosisobuilder.go
+++ b/toolkit/tools/pkg/imagecustomizerlib/liveosisobuilder.go
@@ -1479,7 +1479,7 @@ func (b *LiveOSIsoBuilder) createWriteableImageFromSquashfs(buildDir, rawImageFi
 
 	// create the new raw disk image
 	writeableChrootDir := "writeable-raw-image"
-	err = createNewImage(rawImageFile, diskConfig, fileSystemConfigs, buildDir, writeableChrootDir, installOSFunc)
+	_, err = createNewImage(rawImageFile, diskConfig, fileSystemConfigs, buildDir, writeableChrootDir, installOSFunc)
 	if err != nil {
 		return fmt.Errorf("failed to copy squashfs into new writeable image (%s):\n%w", rawImageFile, err)
 	}
diff --git a/toolkit/tools/pkg/imagecustomizerlib/shrinkfilesystems.go b/toolkit/tools/pkg/imagecustomizerlib/shrinkfilesystems.go
index fb272a977ec..3e670221e06 100644
--- a/toolkit/tools/pkg/imagecustomizerlib/shrinkfilesystems.go
+++ b/toolkit/tools/pkg/imagecustomizerlib/shrinkfilesystems.go
@@ -23,7 +23,9 @@ var (
 	fdiskPartitionsTableEntryRegexp  = regexp.MustCompile(`^([0-9A-Za-z-_/]+)[\t ]+(\d+)[\t ]+`)
 )
 
-func shrinkFilesystems(imageLoopDevice string, verityHashPartition *imagecustomizerapi.IdentifiedPartition) error {
+func shrinkFilesystems(imageLoopDevice string, verityHashPartition *imagecustomizerapi.IdentifiedPartition,
+	partIdToPartUuid map[string]string,
+) error {
 	logger.Log.Infof("Shrinking filesystems")
 
 	// Get partition info
@@ -53,7 +55,7 @@ func shrinkFilesystems(imageLoopDevice string, verityHashPartition *imagecustomi
 		}
 
 		if verityHashPartition != nil {
-			matches, err := partitionMatchesId(*verityHashPartition, diskPartition)
+			matches, err := partitionMatchesId(*verityHashPartition, diskPartition, partIdToPartUuid)
 			if err != nil {
 				return err
 			}
diff --git a/toolkit/tools/pkg/imagecustomizerlib/testdata/verity-config.yaml b/toolkit/tools/pkg/imagecustomizerlib/testdata/verity-config.yaml
index 6bf255caafe..070fe15497b 100644
--- a/toolkit/tools/pkg/imagecustomizerlib/testdata/verity-config.yaml
+++ b/toolkit/tools/pkg/imagecustomizerlib/testdata/verity-config.yaml
@@ -14,12 +14,10 @@ storage:
       end: 1024M
 
     - id: root
-      label: root
       start: 1024M
       end: 3072M
 
-    - id: verityhash
-      label: root-hash
+    - id: roothash
       start: 3072M
       end: 3200M
 
@@ -65,11 +63,11 @@ os:
   verity:
     corruptionOption: panic
     dataPartition:
-      idType: part-label
+      idType: id
       id: root
     hashPartition:
-      idType: part-label
-      id: root-hash
+      idType: id
+      id: roothash
 
   additionalFiles:
     # Change the directory that the sshd-keygen service writes the SSH host keys to.
diff --git a/toolkit/tools/pkg/imagecustomizerlib/testdata/verity-partition-labels.yaml b/toolkit/tools/pkg/imagecustomizerlib/testdata/verity-partition-labels.yaml
new file mode 100644
index 00000000000..73cfd190b7d
--- /dev/null
+++ b/toolkit/tools/pkg/imagecustomizerlib/testdata/verity-partition-labels.yaml
@@ -0,0 +1,100 @@
+storage:
+  bootType: efi
+  disks:
+  - partitionTableType: gpt
+    maxSize: 5120M
+    partitions:
+    - id: esp
+      type: esp
+      start: 1M
+      end: 9M
+
+    - id: boot
+      start: 9M
+      end: 1024M
+
+    - id: root
+      label: root
+      start: 1024M
+      end: 3072M
+
+    - id: verityhash
+      label: root-hash
+      start: 3072M
+      end: 3200M
+
+    - id: var
+      start: 3200M
+
+  filesystems:
+  - deviceId: esp
+    type: fat32
+    mountPoint:
+      path: /boot/efi
+      options: umask=0077
+
+  - deviceId: boot
+    type: ext4
+    mountPoint:
+      path: /boot
+
+  - deviceId: root
+    type: ext4
+    mountPoint:
+      path: /
+      
+  - deviceId: verityhash
+    type: fat32
+
+  - deviceId: var
+    type: ext4
+    mountPoint:
+      path: /var
+
+os:
+  resetBootLoaderType: hard-reset
+  selinux:
+    mode: disabled
+
+  kernelCommandLine:
+    extraCommandLine: "rd.info"
+
+  packages:
+    install:
+    - openssh-server
+    - veritysetup
+    - vim
+
+  verity:
+    corruptionOption: panic
+    dataPartition:
+      idType: part-label
+      id: root
+    hashPartition:
+      idType: part-label
+      id: root-hash
+
+  additionalFiles:
+    # Change the directory that the sshd-keygen service writes the SSH host keys to.
+  - source: files/sshd-keygen.service
+    destination: /usr/lib/systemd/system/sshd-keygen.service
+
+    # Enable DHCP client on all of the physical NICs.
+  - source: files/89-ethernet.network
+    destination: /etc/systemd/network/89-ethernet.network
+
+  services:
+    enable:
+    - sshd
+    
+  users:
+  - name: test
+    sshPublicKeys:
+      # Your SSH public key here.
+    secondaryGroups:
+    - sudo
+
+scripts:
+  postCustomization:
+    # Move the SSH host keys off of the read-only /etc directory, so that sshd can run.
+  - path: scripts/ssh-move-host-keys.sh

From 287492cf41fe40de9200941a96b05bbe99965beb Mon Sep 17 00:00:00 2001
From: CBL-Mariner-Bot <75509084+CBL-Mariner-Bot@users.noreply.github.com>
Date: Mon, 30 Sep 2024 14:52:35 -0400
Subject: [PATCH 45/59] [AUTO-CHERRYPICK] cmake: Fix CVE-2024-6197,
 CVE-2024-6874, and CVE-2024-8096 - branch 3.0-dev (#10583)

Co-authored-by: Jonathan Behrens <jbehrens@microsoft.com>
---
 SPECS/cmake/CVE-2024-6197.patch               |  21 ++
 SPECS/cmake/CVE-2024-6874.patch               |  32 +++
 SPECS/cmake/CVE-2024-8096.patch               | 200 ++++++++++++++++++
 SPECS/cmake/cmake.spec                        |   8 +-
 .../manifests/package/toolchain_aarch64.txt   |   4 +-
 .../manifests/package/toolchain_x86_64.txt    |   4 +-
 6 files changed, 264 insertions(+), 5 deletions(-)
 create mode 100644 SPECS/cmake/CVE-2024-6197.patch
 create mode 100644 SPECS/cmake/CVE-2024-6874.patch
 create mode 100644 SPECS/cmake/CVE-2024-8096.patch

diff --git a/SPECS/cmake/CVE-2024-6197.patch b/SPECS/cmake/CVE-2024-6197.patch
new file mode 100644
index 00000000000..8afd5329a24
--- /dev/null
+++ b/SPECS/cmake/CVE-2024-6197.patch
@@ -0,0 +1,21 @@
+From 3a537a4db9e65e545ec45b1b5d5575ee09a2569d Mon Sep 17 00:00:00 2001
+From: z2_ <88509734+z2-2z@users.noreply.github.com>
+Date: Fri, 28 Jun 2024 14:45:47 +0200
+Subject: [PATCH] x509asn1: remove superfluous free()
+
+---
+ Utilities/cmcurl/lib/vtls/x509asn1.c | 1 -
+ 1 file changed, 1 deletion(-)
+
+diff --git a/Utilities/cmcurl/lib/vtls/x509asn1.c b/Utilities/cmcurl/lib/vtls/x509asn1.c
+index f71ab0b90a5931..1bc4243ddae343 100644
+--- a/Utilities/cmcurl/lib/vtls/x509asn1.c
++++ b/Utilities/cmcurl/lib/vtls/x509asn1.c
+@@ -393,7 +393,6 @@ utf8asn1str(struct dynbuf *to, int type, const char *from, const char *end)
+         if(wc >= 0x00000800) {
+           if(wc >= 0x00010000) {
+             if(wc >= 0x00200000) {
+-              free(buf);
+               /* Invalid char. size for target encoding. */
+               return CURLE_WEIRD_SERVER_REPLY;
+             }
diff --git a/SPECS/cmake/CVE-2024-6874.patch b/SPECS/cmake/CVE-2024-6874.patch
new file mode 100644
index 00000000000..965e30a5b5b
--- /dev/null
+++ b/SPECS/cmake/CVE-2024-6874.patch
@@ -0,0 +1,32 @@
+From 686d54baf1df6e0775898f484d1670742898b3b2 Mon Sep 17 00:00:00 2001
+From: z2_ <88509734+z2-2z@users.noreply.github.com>
+Date: Wed, 17 Jul 2024 23:48:33 +0200
+Subject: [PATCH] idn: tweak buffer use when converting with macidn
+
+Closes #14215
+---
+ Utilities/cmcurl/lib/idn.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/Utilities/cmcurl/lib/idn.c b/Utilities/cmcurl/lib/idn.c
+index 8d6bfe7ce62ff5..3d7c1d820cd824 100644
+--- a/Utilities/cmcurl/lib/idn.c
++++ b/Utilities/cmcurl/lib/idn.c
+@@ -66,7 +66,7 @@ static CURLcode mac_idn_to_ascii(const char *in, char **out)
+     UIDNAInfo info = UIDNA_INFO_INITIALIZER;
+     char buffer[256] = {0};
+     (void)uidna_nameToASCII_UTF8(idna, in, -1, buffer,
+-      sizeof(buffer), &info, &err);
++                                 sizeof(buffer) - 1, &info, &err);
+     uidna_close(idna);
+     if(U_FAILURE(err)) {
+       return CURLE_URL_MALFORMAT;
+@@ -93,7 +93,7 @@ static CURLcode mac_ascii_to_idn(const char *in, char **out)
+     UIDNAInfo info = UIDNA_INFO_INITIALIZER;
+     char buffer[256] = {0};
+     (void)uidna_nameToUnicodeUTF8(idna, in, -1, buffer,
+-      sizeof(buffer), &info, &err);
++                                  sizeof(buffer) - 1, &info, &err);
+     uidna_close(idna);
+     if(U_FAILURE(err)) {
+       return CURLE_URL_MALFORMAT;
diff --git a/SPECS/cmake/CVE-2024-8096.patch b/SPECS/cmake/CVE-2024-8096.patch
new file mode 100644
index 00000000000..693c8cfd38a
--- /dev/null
+++ b/SPECS/cmake/CVE-2024-8096.patch
@@ -0,0 +1,200 @@
+From aeb1a281cab13c7ba791cb104e556b20e713941f Mon Sep 17 00:00:00 2001
+From: Daniel Stenberg <daniel@haxx.se>
+Date: Tue, 20 Aug 2024 16:14:39 +0200
+Subject: [PATCH] gtls: fix OCSP stapling management
+
+Reported-by: Hiroki Kurosawa
+Closes #14642
+---
+ Utilities/cmcurl/lib/vtls/gtls.c | 146 ++++++++++++++++++++++++------------------------
+ 1 file changed, 73 insertions(+), 73 deletions(-)
+
+diff --git a/Utilities/cmcurl/lib/vtls/gtls.c b/Utilities/cmcurl/lib/vtls/gtls.c
+index 03d6fcc038aac3..c7589d9d39bc81 100644
+--- a/Utilities/cmcurl/lib/vtls/gtls.c
++++ b/Utilities/cmcurl/lib/vtls/gtls.c
+@@ -850,6 +850,13 @@ static CURLcode gtls_client_init(struct Curl_cfilter *cf,
+   init_flags |= GNUTLS_NO_TICKETS;
+ #endif
+ 
++#if defined(GNUTLS_NO_STATUS_REQUEST)
++  if(!config->verifystatus)
++    /* Disable the "status_request" TLS extension, enabled by default since
++       GnuTLS 3.8.0. */
++    init_flags |= GNUTLS_NO_STATUS_REQUEST;
++#endif
++
+   rc = gnutls_init(&gtls->session, init_flags);
+   if(rc != GNUTLS_E_SUCCESS) {
+     failf(data, "gnutls_init() failed: %d", rc);
+@@ -1321,104 +1328,97 @@ Curl_gtls_verifyserver(struct Curl_easy *data,
+     infof(data, "  server certificate verification SKIPPED");
+ 
+   if(config->verifystatus) {
+-    if(gnutls_ocsp_status_request_is_checked(session, 0) == 0) {
+-      gnutls_datum_t status_request;
+-      gnutls_ocsp_resp_t ocsp_resp;
++    gnutls_datum_t status_request;
++    gnutls_ocsp_resp_t ocsp_resp;
++    gnutls_ocsp_cert_status_t status;
++    gnutls_x509_crl_reason_t reason;
+ 
+-      gnutls_ocsp_cert_status_t status;
+-      gnutls_x509_crl_reason_t reason;
++    rc = gnutls_ocsp_status_request_get(session, &status_request);
+ 
+-      rc = gnutls_ocsp_status_request_get(session, &status_request);
++    if(rc == GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE) {
++      failf(data, "No OCSP response received");
++      return CURLE_SSL_INVALIDCERTSTATUS;
++    }
+ 
+-      infof(data, " server certificate status verification FAILED");
++    if(rc < 0) {
++      failf(data, "Invalid OCSP response received");
++      return CURLE_SSL_INVALIDCERTSTATUS;
++    }
+ 
+-      if(rc == GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE) {
+-        failf(data, "No OCSP response received");
+-        return CURLE_SSL_INVALIDCERTSTATUS;
+-      }
++    gnutls_ocsp_resp_init(&ocsp_resp);
+ 
+-      if(rc < 0) {
+-        failf(data, "Invalid OCSP response received");
+-        return CURLE_SSL_INVALIDCERTSTATUS;
+-      }
++    rc = gnutls_ocsp_resp_import(ocsp_resp, &status_request);
++    if(rc < 0) {
++      failf(data, "Invalid OCSP response received");
++      return CURLE_SSL_INVALIDCERTSTATUS;
++    }
+ 
+-      gnutls_ocsp_resp_init(&ocsp_resp);
++    (void)gnutls_ocsp_resp_get_single(ocsp_resp, 0, NULL, NULL, NULL, NULL,
++                                      &status, NULL, NULL, NULL, &reason);
+ 
+-      rc = gnutls_ocsp_resp_import(ocsp_resp, &status_request);
+-      if(rc < 0) {
+-        failf(data, "Invalid OCSP response received");
+-        return CURLE_SSL_INVALIDCERTSTATUS;
+-      }
++    switch(status) {
++    case GNUTLS_OCSP_CERT_GOOD:
++      break;
+ 
+-      (void)gnutls_ocsp_resp_get_single(ocsp_resp, 0, NULL, NULL, NULL, NULL,
+-                                        &status, NULL, NULL, NULL, &reason);
++    case GNUTLS_OCSP_CERT_REVOKED: {
++      const char *crl_reason;
+ 
+-      switch(status) {
+-      case GNUTLS_OCSP_CERT_GOOD:
++      switch(reason) {
++      default:
++      case GNUTLS_X509_CRLREASON_UNSPECIFIED:
++        crl_reason = "unspecified reason";
+         break;
+ 
+-      case GNUTLS_OCSP_CERT_REVOKED: {
+-        const char *crl_reason;
+-
+-        switch(reason) {
+-          default:
+-          case GNUTLS_X509_CRLREASON_UNSPECIFIED:
+-            crl_reason = "unspecified reason";
+-            break;
+-
+-          case GNUTLS_X509_CRLREASON_KEYCOMPROMISE:
+-            crl_reason = "private key compromised";
+-            break;
+-
+-          case GNUTLS_X509_CRLREASON_CACOMPROMISE:
+-            crl_reason = "CA compromised";
+-            break;
+-
+-          case GNUTLS_X509_CRLREASON_AFFILIATIONCHANGED:
+-            crl_reason = "affiliation has changed";
+-            break;
++      case GNUTLS_X509_CRLREASON_KEYCOMPROMISE:
++        crl_reason = "private key compromised";
++        break;
+ 
+-          case GNUTLS_X509_CRLREASON_SUPERSEDED:
+-            crl_reason = "certificate superseded";
+-            break;
++      case GNUTLS_X509_CRLREASON_CACOMPROMISE:
++        crl_reason = "CA compromised";
++        break;
+ 
+-          case GNUTLS_X509_CRLREASON_CESSATIONOFOPERATION:
+-            crl_reason = "operation has ceased";
+-            break;
++      case GNUTLS_X509_CRLREASON_AFFILIATIONCHANGED:
++        crl_reason = "affiliation has changed";
++        break;
+ 
+-          case GNUTLS_X509_CRLREASON_CERTIFICATEHOLD:
+-            crl_reason = "certificate is on hold";
+-            break;
++      case GNUTLS_X509_CRLREASON_SUPERSEDED:
++        crl_reason = "certificate superseded";
++        break;
+ 
+-          case GNUTLS_X509_CRLREASON_REMOVEFROMCRL:
+-            crl_reason = "will be removed from delta CRL";
+-            break;
++      case GNUTLS_X509_CRLREASON_CESSATIONOFOPERATION:
++        crl_reason = "operation has ceased";
++        break;
+ 
+-          case GNUTLS_X509_CRLREASON_PRIVILEGEWITHDRAWN:
+-            crl_reason = "privilege withdrawn";
+-            break;
++      case GNUTLS_X509_CRLREASON_CERTIFICATEHOLD:
++        crl_reason = "certificate is on hold";
++        break;
+ 
+-          case GNUTLS_X509_CRLREASON_AACOMPROMISE:
+-            crl_reason = "AA compromised";
+-            break;
+-        }
++      case GNUTLS_X509_CRLREASON_REMOVEFROMCRL:
++        crl_reason = "will be removed from delta CRL";
++        break;
+ 
+-        failf(data, "Server certificate was revoked: %s", crl_reason);
++      case GNUTLS_X509_CRLREASON_PRIVILEGEWITHDRAWN:
++        crl_reason = "privilege withdrawn";
+         break;
+-      }
+ 
+-      default:
+-      case GNUTLS_OCSP_CERT_UNKNOWN:
+-        failf(data, "Server certificate status is unknown");
++      case GNUTLS_X509_CRLREASON_AACOMPROMISE:
++        crl_reason = "AA compromised";
+         break;
+       }
+ 
+-      gnutls_ocsp_resp_deinit(ocsp_resp);
++      failf(data, "Server certificate was revoked: %s", crl_reason);
++      break;
++    }
+ 
+-      return CURLE_SSL_INVALIDCERTSTATUS;
++    default:
++    case GNUTLS_OCSP_CERT_UNKNOWN:
++      failf(data, "Server certificate status is unknown");
++      break;
+     }
+-    else
+-      infof(data, "  server certificate status verification OK");
++
++    gnutls_ocsp_resp_deinit(ocsp_resp);
++    if(status != GNUTLS_OCSP_CERT_GOOD)
++      return CURLE_SSL_INVALIDCERTSTATUS;
+   }
+   else
+     infof(data, "  server certificate status verification SKIPPED");
diff --git a/SPECS/cmake/cmake.spec b/SPECS/cmake/cmake.spec
index 5ae4b25ce34..84631e3818f 100644
--- a/SPECS/cmake/cmake.spec
+++ b/SPECS/cmake/cmake.spec
@@ -2,7 +2,7 @@
 Summary:        Cmake
 Name:           cmake
 Version:        3.30.3
-Release:        1%{?dist}
+Release:        2%{?dist}
 License:        BSD AND LGPLv2+
 Vendor:         Microsoft Corporation
 Distribution:   Azure Linux
@@ -11,6 +11,9 @@ URL:            https://www.cmake.org/
 Source0:        https://github.com/Kitware/CMake/releases/download/v%{version}/%{name}-%{version}.tar.gz
 Source1:        macros.cmake
 Patch0:         0001-manually-recreating-patches.patch
+Patch1:         CVE-2024-6197.patch
+Patch2:         CVE-2024-6874.patch
+Patch3:         CVE-2024-8096.patch
 BuildRequires:  bzip2
 BuildRequires:  bzip2-devel
 BuildRequires:  curl
@@ -90,6 +93,9 @@ bin/ctest --force-new-ctest-process --rerun-failed --output-on-failure
 %{_libdir}/rpm/macros.d/macros.cmake
 
 %changelog
+* Thu Sep 26 2024 Jonathan Behrens <jbehrens@microsoft.com> - 3.30.3-2
+- Fix CVE-2024-6197, CVE-2024-6874, and CVE-2024-8096
+
 * Mon Sep 23 2024 Jonathan Behrens <jbehrens@microsoft.com> - 3.30.3-1
 - Upgrade to 3.30.3 to address CVE-2024-24806
 
diff --git a/toolkit/resources/manifests/package/toolchain_aarch64.txt b/toolkit/resources/manifests/package/toolchain_aarch64.txt
index 94133dbe214..2105300f199 100644
--- a/toolkit/resources/manifests/package/toolchain_aarch64.txt
+++ b/toolkit/resources/manifests/package/toolchain_aarch64.txt
@@ -49,8 +49,8 @@ check-debuginfo-0.15.2-1.azl3.aarch64.rpm
 chkconfig-1.25-1.azl3.aarch64.rpm
 chkconfig-debuginfo-1.25-1.azl3.aarch64.rpm
 chkconfig-lang-1.25-1.azl3.aarch64.rpm
-cmake-3.30.3-1.azl3.aarch64.rpm
-cmake-debuginfo-3.30.3-1.azl3.aarch64.rpm
+cmake-3.30.3-2.azl3.aarch64.rpm
+cmake-debuginfo-3.30.3-2.azl3.aarch64.rpm
 coreutils-9.4-6.azl3.aarch64.rpm
 coreutils-debuginfo-9.4-6.azl3.aarch64.rpm
 coreutils-lang-9.4-6.azl3.aarch64.rpm
diff --git a/toolkit/resources/manifests/package/toolchain_x86_64.txt b/toolkit/resources/manifests/package/toolchain_x86_64.txt
index 2b6826d50af..1ad9590ed0f 100644
--- a/toolkit/resources/manifests/package/toolchain_x86_64.txt
+++ b/toolkit/resources/manifests/package/toolchain_x86_64.txt
@@ -50,8 +50,8 @@ check-debuginfo-0.15.2-1.azl3.x86_64.rpm
 chkconfig-1.25-1.azl3.x86_64.rpm
 chkconfig-debuginfo-1.25-1.azl3.x86_64.rpm
 chkconfig-lang-1.25-1.azl3.x86_64.rpm
-cmake-3.30.3-1.azl3.x86_64.rpm
-cmake-debuginfo-3.30.3-1.azl3.x86_64.rpm
+cmake-3.30.3-2.azl3.x86_64.rpm
+cmake-debuginfo-3.30.3-2.azl3.x86_64.rpm
 coreutils-9.4-6.azl3.x86_64.rpm
 coreutils-debuginfo-9.4-6.azl3.x86_64.rpm
 coreutils-lang-9.4-6.azl3.x86_64.rpm

From 36478d4eb96381cef920f77f5ac0a7bd2a31fb63 Mon Sep 17 00:00:00 2001
From: Pawel Winogrodzki <pawelwi@microsoft.com>
Date: Mon, 30 Sep 2024 16:19:12 -0700
Subject: [PATCH 46/59] Fixed spec entanglement PR check (#10585)

---
 toolkit/scripts/check_entangled_specs.py | 20 ++++++++++++++------
 1 file changed, 14 insertions(+), 6 deletions(-)

diff --git a/toolkit/scripts/check_entangled_specs.py b/toolkit/scripts/check_entangled_specs.py
index 65009c44567..35c53f4ad2e 100755
--- a/toolkit/scripts/check_entangled_specs.py
+++ b/toolkit/scripts/check_entangled_specs.py
@@ -2,15 +2,15 @@
 # Copyright (c) Microsoft Corporation.
 # Licensed under the MIT License.
 
+from collections import defaultdict
+from os import path
 from typing import FrozenSet, List, Set
-from pyrpm.spec import Spec
-
 import argparse
-from collections import defaultdict
-from pathlib import Path
 import pprint
 import sys
 
+from pyrpm.spec import replace_macros, Spec
+
 version_release_matching_groups = [
     frozenset([
         "SPECS-SIGNED/kernel-signed/kernel-signed.spec",
@@ -86,9 +86,10 @@ def check_spec_tags(base_path: str, tags: List[str], groups: List[FrozenSet]) ->
         variants = defaultdict(set)
 
         for spec_filename in group:
-            parsed_spec = Spec.from_file(Path(base_path, spec_filename))
+            parsed_spec = Spec.from_file(path.join(base_path, spec_filename))
             for tag in tags:
-                variants[tag].add(getattr(parsed_spec, tag))
+                tag_value = get_tag_value(parsed_spec, tag)
+                variants[tag].add(tag_value)
 
         for tag in tags:
             if len(variants[tag]) > 1: err_groups.add(group)
@@ -146,6 +147,13 @@ def check_matches(base_path: str):
         sys.exit(1)
 
 
+def get_tag_value(spec: "Spec", tag: str) -> str:
+    value = getattr(spec, tag)
+    if value:
+        value = replace_macros(value, spec)
+    return value
+
+
 if __name__ == '__main__':
     parser = argparse.ArgumentParser()
     parser.add_argument(

From 15168cc08b7c3d04d327ea4f8c765a36154d81e6 Mon Sep 17 00:00:00 2001
From: Andrew Phelps <anphel31@users.noreply.github.com>
Date: Mon, 30 Sep 2024 18:15:04 -0700
Subject: [PATCH 47/59] update clang llvm lld with fixes and add libcxx spec
 (#10329)

---
 LICENSES-AND-NOTICES/SPECS/LICENSES-MAP.md    |   2 +-
 LICENSES-AND-NOTICES/SPECS/data/licenses.json |   1 +
 SPECS/clang/clang.spec                        |   9 +-
 SPECS/libcxx/libcxx.signatures.json           |   5 +
 SPECS/libcxx/libcxx.spec                      | 568 ++++++++++++++++++
 SPECS/lld/lld.spec                            |  25 +-
 SPECS/llvm/llvm.spec                          |  37 +-
 cgmanifest.json                               |  10 +
 toolkit/scripts/check_entangled_specs.py      |   1 +
 9 files changed, 639 insertions(+), 19 deletions(-)
 create mode 100644 SPECS/libcxx/libcxx.signatures.json
 create mode 100644 SPECS/libcxx/libcxx.spec

diff --git a/LICENSES-AND-NOTICES/SPECS/LICENSES-MAP.md b/LICENSES-AND-NOTICES/SPECS/LICENSES-MAP.md
index df48f7d1791..e410aa826b6 100644
--- a/LICENSES-AND-NOTICES/SPECS/LICENSES-MAP.md
+++ b/LICENSES-AND-NOTICES/SPECS/LICENSES-MAP.md
@@ -5,7 +5,7 @@ The Azure Linux SPEC files originated from a variety of sources with varying lic
 | CentOS | [MIT](https://www.centos.org/legal/#licensing-policy) | crash-ptdump-command <br> delve <br> fstrm <br> nodejs-nodemon <br> rhnlib <br> rt-setup <br> rt-tests <br> rtctl <br> tuned |
 | Ceph source | [LGPL2.1](https://github.com/ceph/ceph/blob/master/COPYING-LGPL2.1) | ceph |
 | Debian | [MIT](https://opensource.org/licenses/MIT) | prometheus-process-exporter |
-| Fedora | [Fedora MIT License Declaration](https://fedoraproject.org/wiki/Licensing:Main?rd=Licensing#License_of_Fedora_SPEC_Files) | 389-ds-base <br> a52dec <br> abseil-cpp <br> accountsservice <br> acpica-tools <br> acpid <br> adcli <br> adobe-mappings-cmap <br> adobe-mappings-pdf <br> advancecomp <br> adwaita-icon-theme <br> afflib <br> aide <br> alsa-firmware <br> alsa-plugins <br> amtk <br> amtterm <br> annobin <br> ansible-freeipa <br> archivemount <br> arptables <br> arpwatch <br> asio <br> aspell <br> aspell-en <br> at <br> at-spi2-atk <br> at-spi2-core <br> atf <br> atk <br> atop <br> attr <br> audiofile <br> augeas <br> authbind <br> authd <br> authselect <br> autoconf213 <br> avahi <br> babeltrace <br> babeltrace2 <br> babl <br> baekmuk-ttf-fonts <br> bats <br> bcache-tools <br> biosdevname <br> blosc <br> bluez <br> bmake <br> bolt <br> boom-boot <br> booth <br> botan2 <br> breezy <br> brotli <br> buildah <br> busybox <br> bwidget <br> byacc <br> ca-certificates <br> cachefilesd <br> cairomm <br> calamares <br> capnproto <br> capstone <br> catatonit <br> catch <br> catch1 <br> cdrdao <br> celt051 <br> cereal <br> certmonger <br> cfitsio <br> cgdcbxd <br> chan <br> CharLS <br> checkpolicy <br> checksec <br> chrony <br> cim-schema <br> cjkuni-uming-fonts <br> cjose <br> ck <br> cldr-emoji-annotation <br> clucene <br> clutter <br> clutter-gst3 <br> clutter-gtk <br> cmocka <br> cogl <br> collectd <br> colm <br> color-filesystem <br> colord <br> colorize <br> compat-lua <br> compiler-rt <br> conda <br> conmon <br> conntrack-tools <br> console-setup <br> container-exception-logger <br> containernetworking-plugins <br> convmv <br> corosync <br> corosync-qdevice <br> cpp-hocon <br> cppcheck <br> cpprest <br> cpptest <br> cpufrequtils <br> cpuid <br> criu <br> crypto-policies <br> cryptsetup <br> cscope <br> ctags <br> CUnit <br> cups <br> custodia <br> Cython <br> dbus-c++ <br> dbus-python <br> dbxtool <br> dconf <br> dcraw <br> debootstrap <br> deltarpm <br> desktop-file-utils <br> device-mapper-persistent-data <br> dhcpcd <br> dietlibc <br> diffstat <br> ding-libs <br> discount <br> distribution-gpg-keys <br> dleyna-connector-dbus <br> dleyna-core <br> dmraid <br> dnf <br> dnf-plugins-core <br> docbook-dtds <br> docbook-simple <br> docbook-slides <br> docbook-style-dsssl <br> docbook-utils <br> docbook2X <br> docbook5-schemas <br> docbook5-style-xsl <br> dogtail <br> dos2unix <br> dotconf <br> dovecot <br> dpdk <br> dpkg <br> driverctl <br> dropwatch <br> drpm <br> duktape <br> dumpet <br> dvd+rw-tools <br> dwarves <br> dwz <br> dyninst <br> ebtables <br> edac-utils <br> edk2 <br> efax <br> efi-rpm-macros <br> egl-wayland <br> eglexternalplatform <br> elinks <br> enca <br> enchant <br> enchant2 <br> enscript <br> environment-modules <br> evemu <br> execstack <br> exempi <br> exiv2 <br> extra-cmake-modules <br> fabtests <br> facter <br> fakechroot <br> fakeroot <br> fdk-aac-free <br> fdupes <br> fence-virt <br> fetchmail <br> fftw <br> filebench <br> fio <br> fipscheck <br> firewalld <br> flac <br> flatbuffers <br> flite <br> fltk <br> fmt <br> fontawesome-fonts <br> fontawesome4-fonts <br> fontpackages <br> fonts-rpm-macros <br> foomatic-db <br> freeglut <br> freeipmi <br> freeradius <br> freetds <br> freexl <br> fribidi <br> fros <br> frr <br> fsverity-utils <br> fuse-overlayfs <br> fuse-sshfs <br> fuse-zip <br> fuse3 <br> future <br> fxload <br> gavl <br> gbenchmark <br> gconf-editor <br> GConf2 <br> gcovr <br> gcr <br> gdal <br> gdisk <br> gdk-pixbuf2 <br> generic-logos <br> genwqe-tools <br> geoclue2 <br> GeoIP <br> GeoIP-GeoLite-data <br> geolite2 <br> geos <br> gfs2-utils <br> ghc-srpm-macros <br> giflib <br> gl-manpages <br> glew <br> glm <br> glog <br> glslang <br> glusterfs <br> gnome-desktop-testing <br> gnome-doc-utils <br> gnome-icon-theme <br> gnome-keyring <br> gnu-efi <br> go-rpm-macros <br> gom <br> google-api-python-client <br> google-crosextra-caladea-fonts <br> google-crosextra-carlito-fonts <br> google-guice <br> google-noto-cjk-fonts <br> google-noto-emoji-fonts <br> google-roboto-slab-fonts <br> gphoto2 <br> gpm <br> gpsbabel <br> graphene <br> graphite2 <br> graphviz <br> grubby <br> gsettings-desktop-schemas <br> gsl <br> gsm <br> gspell <br> gssdp <br> gssntlmssp <br> gstreamer1 <br> gstreamer1-plugins-base <br> gtk-vnc <br> gtk2 <br> gtk3 <br> gtkspell <br> gupnp <br> gupnp-av <br> gupnp-dlna <br> gupnp-igd <br> hardening-check <br> hdf <br> hdf5 <br> heimdal <br> help2man <br> hexedit <br> hicolor-icon-theme <br> hiera <br> highlight <br> hivex <br> hostname <br> hping3 <br> hsakmt <br> htop <br> hunspell <br> hunspell-af <br> hunspell-ar <br> hunspell-as <br> hunspell-ast <br> hunspell-az <br> hunspell-be <br> hunspell-bg <br> hunspell-bn <br> hunspell-br <br> hunspell-ca <br> hunspell-cop <br> hunspell-csb <br> hunspell-cv <br> hunspell-cy <br> hunspell-da <br> hunspell-de <br> hunspell-dsb <br> hunspell-el <br> hunspell-en <br> hunspell-eo <br> hunspell-es <br> hunspell-et <br> hunspell-eu <br> hunspell-fa <br> hunspell-fj <br> hunspell-fo <br> hunspell-fr <br> hunspell-fur <br> hunspell-fy <br> hunspell-ga <br> hunspell-gd <br> hunspell-gl <br> hunspell-grc <br> hunspell-gu <br> hunspell-gv <br> hunspell-haw <br> hunspell-hi <br> hunspell-hil <br> hunspell-hr <br> hunspell-hsb <br> hunspell-ht <br> hunspell-hu <br> hunspell-hy <br> hunspell-ia <br> hunspell-id <br> hunspell-is <br> hunspell-it <br> hunspell-kk <br> hunspell-km <br> hunspell-kn <br> hunspell-ko <br> hunspell-ku <br> hunspell-ky <br> hunspell-la <br> hunspell-lb <br> hunspell-ln <br> hunspell-mai <br> hunspell-mg <br> hunspell-mi <br> hunspell-mk <br> hunspell-ml <br> hunspell-mn <br> hunspell-mos <br> hunspell-mr <br> hunspell-ms <br> hunspell-mt <br> hunspell-nds <br> hunspell-ne <br> hunspell-nl <br> hunspell-no <br> hunspell-nr <br> hunspell-nso <br> hunspell-ny <br> hunspell-om <br> hunspell-or <br> hunspell-pa <br> hunspell-pl <br> hunspell-pt <br> hunspell-quh <br> hunspell-ro <br> hunspell-ru <br> hunspell-rw <br> hunspell-se <br> hunspell-shs <br> hunspell-si <br> hunspell-sk <br> hunspell-sl <br> hunspell-smj <br> hunspell-so <br> hunspell-sq <br> hunspell-sr <br> hunspell-sv <br> hunspell-sw <br> hunspell-ta <br> hunspell-te <br> hunspell-tet <br> hunspell-th <br> hunspell-tk <br> hunspell-tl <br> hunspell-tn <br> hunspell-tpi <br> hunspell-ts <br> hunspell-uk <br> hunspell-uz <br> hunspell-ve <br> hunspell-vi <br> hunspell-wa <br> hunspell-xh <br> hunspell-yi <br> hwdata <br> hwloc <br> hyperscan <br> hyperv-daemons <br> hyphen <br> hyphen-as <br> hyphen-bg <br> hyphen-bn <br> hyphen-ca <br> hyphen-da <br> hyphen-de <br> hyphen-el <br> hyphen-es <br> hyphen-fa <br> hyphen-fo <br> hyphen-fr <br> hyphen-ga <br> hyphen-gl <br> hyphen-grc <br> hyphen-gu <br> hyphen-hi <br> hyphen-hsb <br> hyphen-hu <br> hyphen-ia <br> hyphen-id <br> hyphen-is <br> hyphen-it <br> hyphen-kn <br> hyphen-ku <br> hyphen-lt <br> hyphen-mi <br> hyphen-ml <br> hyphen-mn <br> hyphen-mr <br> hyphen-nl <br> hyphen-or <br> hyphen-pa <br> hyphen-pl <br> hyphen-pt <br> hyphen-ro <br> hyphen-ru <br> hyphen-sa <br> hyphen-sk <br> hyphen-sl <br> hyphen-sv <br> hyphen-ta <br> hyphen-te <br> hyphen-tk <br> hyphen-uk <br> ibus <br> ibus-chewing <br> ibus-hangul <br> ibus-kkc <br> ibus-libzhuyin <br> ibus-m17n <br> ibus-rawcode <br> ibus-sayura <br> ibus-table <br> ibus-table-chinese <br> icc-profiles-openicc <br> icon-naming-utils <br> icoutils <br> iftop <br> iio-sensor-proxy <br> ilmbase <br> im-chooser <br> imaptest <br> imsettings <br> indent <br> infinipath-psm <br> inih <br> iniparser <br> intel-cmt-cat <br> intel-ipsec-mb <br> ioping <br> IP2Location <br> ipa-pgothic-fonts <br> ipcalc <br> ipmitool <br> iprutils <br> iptraf-ng <br> iptstate <br> irssi <br> iscsi-initiator-utils <br> isns-utils <br> iso-codes <br> isomd5sum <br> iw <br> iwd <br> jabberpy <br> jakarta-servlet <br> jasper <br> javapackages-bootstrap <br> javapackages-tools <br> jbigkit <br> jdom2 <br> jemalloc <br> jfsutils <br> jimtcl <br> jose <br> js-jquery <br> jsoncpp <br> Judy <br> jurand <br> kata-containers <br> kde-filesystem <br> kde-settings <br> kexec-tools <br> keybinder3 <br> keycloak-httpd-client-install <br> kf <br> kf-kconfig <br> kf-kcoreaddons <br> kf-ki18n <br> kf-kwidgetsaddons <br> kpmcore <br> kronosnet <br> ksh <br> kyotocabinet <br> kyua <br> ladspa <br> lame <br> langtable <br> lapack <br> lasso <br> latencytop <br> lato-fonts <br> lcms2 <br> lcov <br> ldns <br> leatherman <br> ledmon <br> lensfun <br> leveldb <br> lftp <br> libabw <br> libaec <br> libao <br> libappstream-glib <br> libarrow <br> libart_lgpl <br> libasyncns <br> libatasmart <br> libavc1394 <br> libblockdev <br> libbpf <br> libbsd <br> libburn <br> libbytesize <br> libcacard <br> libcanberra <br> libcdio <br> libcdio-paranoia <br> libcdr <br> libcgroup <br> libchewing <br> libcli <br> libcmis <br> libcmpiutil <br> libcomps <br> libcroco <br> libdaemon <br> libdap <br> libdatrie <br> libdazzle <br> libdbi <br> libdbusmenu <br> libdc1394 <br> libdecor <br> libdeflate <br> libdmx <br> libdnf <br> libdrm <br> libdvdnav <br> libdvdread <br> libdwarf <br> libeasyfc <br> libecap <br> libecb <br> libei <br> libell <br> libEMF <br> libeot <br> libepoxy <br> libepubgen <br> libesmtp <br> libetonyek <br> libev <br> libevdev <br> libexif <br> libexttextcat <br> libfabric <br> libfontenc <br> libfreehand <br> libftdi <br> libgadu <br> libgdither <br> libgee <br> libgee06 <br> libgeotiff <br> libgexiv2 <br> libgit2 <br> libgit2-glib <br> libglade2 <br> libglvnd <br> libgovirt <br> libgphoto2 <br> libgsf <br> libgta <br> libguestfs <br> libgusb <br> libgxim <br> libgxps <br> libhangul <br> libhugetlbfs <br> libibcommon <br> libical <br> libICE <br> libicns <br> libid3tag <br> libIDL <br> libidn2 <br> libiec61883 <br> libieee1284 <br> libimobiledevice <br> libindicator <br> libinput <br> libiodbc <br> libipt <br> libiptcdata <br> libiscsi <br> libisoburn <br> libisofs <br> libjcat <br> libkcapi <br> libkeepalive <br> libkkc <br> libkkc-data <br> libkml <br> liblangtag <br> libldb <br> libldm <br> liblerc <br> liblockfile <br> liblognorm <br> liblouis <br> liblqr-1 <br> liblzf <br> libmad <br> libmd <br> libmediaart <br> libmicrohttpd <br> libmikmod <br> libmodman <br> libmodplug <br> libmodulemd1 <br> libmpcdec <br> libmspub <br> libmtp <br> libmusicbrainz5 <br> libmwaw <br> libnbd <br> libnet <br> libnetfilter_log <br> libnfs <br> libnotify <br> libntlm <br> libnumbertext <br> libnvme <br> liboauth <br> libodfgen <br> libofa <br> libogg <br> liboggz <br> liboil <br> libomxil-bellagio <br> libopenraw <br> liboping <br> libosinfo <br> libotf <br> libotr <br> libpagemaker <br> libpaper <br> libpciaccess <br> libpeas <br> libpfm <br> libpinyin <br> libplist <br> libpmemobj-cpp <br> libpng12 <br> libpng15 <br> libproxy <br> libpsm2 <br> libpwquality <br> libqb <br> libqxp <br> libraqm <br> LibRaw <br> libraw1394 <br> libreport <br> libreswan <br> librevenge <br> librsvg2 <br> librx <br> libsamplerate <br> libsass <br> libsecret <br> libsemanage <br> libsigc++20 <br> libsigsegv <br> libslirp <br> libSM <br> libsmbios <br> libsmi <br> libsndfile <br> libsodium <br> libspiro <br> libsrtp <br> libssh <br> libstaroffice <br> libstemmer <br> libstoragemgmt <br> libtdb <br> libteam <br> libtevent <br> libthai <br> libtnc <br> libtomcrypt <br> libtommath <br> libtpms <br> libtracecmd <br> libtraceevent <br> libtracefs <br> libtranslit <br> libucil <br> libunicap <br> libuninameslist <br> liburing <br> libusbmuxd <br> libuser <br> libutempter <br> libvarlink <br> libverto <br> libvirt-dbus <br> libvirt-glib <br> libvirt-java <br> libvirt-python <br> libvisio <br> libvisual <br> libvoikko <br> libvorbis <br> libvpx <br> libwacom <br> libwnck3 <br> libwpd <br> libwpe <br> libwpg <br> libwps <br> libwvstreams <br> libX11 <br> libXau <br> libXaw <br> libxcb <br> libXcomposite <br> libxcrypt <br> libXcursor <br> libxcvt <br> libXdamage <br> libXdmcp <br> libXext <br> libxfce4util <br> libXfixes <br> libXfont2 <br> libXft <br> libXi <br> libXinerama <br> libxkbcommon <br> libxkbfile <br> libxklavier <br> libxmlb <br> libXmu <br> libXpm <br> libXrandr <br> libXrender <br> libXres <br> libXScrnSaver <br> libxshmfence <br> libXt <br> libXtst <br> libXv <br> libXxf86vm <br> libyami <br> libyang <br> libyubikey <br> libzip <br> libzmf <br> lilv <br> linuxconsoletools <br> linuxptp <br> lksctp-tools <br> lldpd <br> lockdev <br> logwatch <br> lpsolve <br> lrzsz <br> lua <br> lua-expat <br> lua-filesystem <br> lua-json <br> lua-lpeg <br> lua-lunit <br> lua-rpm-macros <br> lua-term <br> luajit <br> lujavrite <br> luksmeta <br> lutok <br> lv2 <br> lzip <br> lzop <br> m17n-db <br> m17n-lib <br> mac-robber <br> mailcap <br> mailx <br> malaga <br> malaga-suomi-voikko <br> mallard-rng <br> man-pages-cs <br> man-pages-es <br> man-pages-it <br> man-pages-ja <br> man-pages-ko <br> man-pages-pl <br> man-pages-ru <br> man-pages-zh-CN <br> mandoc <br> mariadb-connector-c <br> mariadb-connector-odbc <br> marisa <br> maven-compiler-plugin <br> maven-jar-plugin <br> maven-resolver <br> maven-resources-plugin <br> maven-surefire <br> maven-wagon <br> mcelog <br> mcpp <br> mcstrans <br> mdadm <br> mdds <br> mdevctl <br> meanwhile <br> mecab <br> mecab-ipadic <br> media-player-info <br> memcached <br> memkind <br> mesa <br> mesa-libGLU <br> metis <br> microcode_ctl <br> microdnf <br> minicom <br> minizip <br> mksh <br> mobile-broadband-provider-info <br> mock <br> mock-core-configs <br> mod_auth_gssapi <br> mod_auth_mellon <br> mod_auth_openidc <br> mod_authnz_pam <br> mod_fcgid <br> mod_http2 <br> mod_intercept_form_submit <br> mod_lookup_identity <br> mod_md <br> mod_security <br> mod_security_crs <br> mod_wsgi <br> mokutil <br> mosh <br> mpage <br> mrtg <br> mstflint <br> mt-st <br> mtdev <br> mtools <br> mtr <br> mtx <br> munge <br> mutt <br> mythes <br> mythes-bg <br> mythes-ca <br> mythes-cs <br> mythes-da <br> mythes-de <br> mythes-el <br> mythes-en <br> mythes-eo <br> mythes-es <br> mythes-fr <br> mythes-ga <br> mythes-hu <br> mythes-mi <br> mythes-ne <br> mythes-nl <br> mythes-pl <br> mythes-pt <br> mythes-ro <br> mythes-ru <br> mythes-sk <br> mythes-sl <br> mythes-sv <br> mythes-uk <br> nbd <br> nbdkit <br> neon <br> netavark <br> netcdf <br> netcf <br> netlabel_tools <br> netpbm <br> netsniff-ng <br> nfs4-acl-tools <br> nftables <br> nilfs-utils <br> nkf <br> nload <br> nlopt <br> nodejs-packaging <br> nss-mdns <br> nss-pam-ldapd <br> nss_nis <br> nss_wrapper <br> ntfs-3g <br> ntfs-3g-system-compression <br> numad <br> numatop <br> numpy <br> nvmetcli <br> nvml <br> oath-toolkit <br> ocaml <br> ocaml-alcotest <br> ocaml-astring <br> ocaml-augeas <br> ocaml-base <br> ocaml-bigarray-compat <br> ocaml-bisect-ppx <br> ocaml-calendar <br> ocaml-camlp-streams <br> ocaml-camlp5 <br> ocaml-camomile <br> ocaml-cinaps <br> ocaml-cmdliner <br> ocaml-compiler-libs-janestreet <br> ocaml-cppo <br> ocaml-csexp <br> ocaml-csv <br> ocaml-ctypes <br> ocaml-curses <br> ocaml-dune <br> ocaml-extlib <br> ocaml-fileutils <br> ocaml-findlib <br> ocaml-fmt <br> ocaml-fpath <br> ocaml-gettext <br> ocaml-integers <br> ocaml-libvirt <br> ocaml-luv <br> ocaml-lwt <br> ocaml-markup <br> ocaml-mmap <br> ocaml-num <br> ocaml-ocamlbuild <br> ocaml-ocplib-endian <br> ocaml-ounit <br> ocaml-parsexp <br> ocaml-pp <br> ocaml-ppx-derivers <br> ocaml-ppx-here <br> ocaml-ppx-let <br> ocaml-ppxlib <br> ocaml-re <br> ocaml-react <br> ocaml-result <br> ocaml-seq <br> ocaml-sexplib <br> ocaml-sexplib0 <br> ocaml-srpm-macros <br> ocaml-stdio <br> ocaml-stdlib-random <br> ocaml-topkg <br> ocaml-tyxml <br> ocaml-uutf <br> ocaml-xml-light <br> ocaml-zarith <br> ocl-icd <br> oddjob <br> ogdi <br> omping <br> opa <br> opal <br> open-vm-tools <br> openblas <br> opencc <br> opencl-filesystem <br> opencl-headers <br> opencryptoki <br> opencsd <br> opendnssec <br> OpenEXR <br> openjade <br> openjpeg2 <br> openmpi <br> openobex <br> openoffice-lv <br> openrdate <br> opensc <br> openslp <br> opensm <br> opensp <br> openssl <br> openssl-ibmpkcs11 <br> openssl-pkcs11 <br> openwsman <br> optipng <br> opus <br> opusfile <br> orangefs <br> ORBit2 <br> orc <br> os-prober <br> osinfo-db <br> osinfo-db-tools <br> overpass-fonts <br> p11-kit <br> p7zip <br> pacemaker <br> pacrunner <br> pakchois <br> pam_krb5 <br> pam_wrapper <br> papi <br> paps <br> parallel <br> patchelf <br> patchutils <br> pbzip2 <br> pcp <br> pcsc-lite <br> pcsc-lite-ccid <br> PEGTL <br> perl <br> perl-Algorithm-C3 <br> perl-Algorithm-Diff <br> perl-Alien-Build <br> perl-Alien-pkgconf <br> perl-AnyEvent <br> perl-AnyEvent-AIO <br> perl-AnyEvent-BDB <br> perl-App-cpanminus <br> perl-App-FatPacker <br> perl-AppConfig <br> perl-Archive-Extract <br> perl-Archive-Zip <br> perl-Authen-SASL <br> perl-B-COW <br> perl-B-Debug <br> perl-B-Hooks-EndOfScope <br> perl-B-Hooks-OP-Check <br> perl-B-Keywords <br> perl-B-Lint <br> perl-bareword-filehandles <br> perl-Bit-Vector <br> perl-boolean <br> perl-Browser-Open <br> perl-BSD-Resource <br> perl-Business-ISBN <br> perl-Business-ISBN-Data <br> perl-Bytes-Random-Secure <br> perl-Capture-Tiny <br> perl-Carp-Clan <br> perl-CBOR-XS <br> perl-Class-Accessor <br> perl-Class-C3 <br> perl-Class-C3-XS <br> perl-Class-Data-Inheritable <br> perl-Class-Factory-Util <br> perl-Class-Inspector <br> perl-Class-ISA <br> perl-Class-Load <br> perl-Class-Load-XS <br> perl-Class-Method-Modifiers <br> perl-Class-Singleton <br> perl-Class-Tiny <br> perl-Class-XSAccessor <br> perl-Clone <br> perl-Color-ANSI-Util <br> perl-Color-RGB-Util <br> perl-ColorThemeBase-Static <br> perl-ColorThemeRole-ANSI <br> perl-ColorThemes-Standard <br> perl-ColorThemeUtil-ANSI <br> perl-Compress-Bzip2 <br> perl-Compress-LZF <br> perl-Compress-Raw-Lzma <br> perl-Config-AutoConf <br> perl-Config-INI <br> perl-Config-INI-Reader-Multiline <br> perl-Config-IniFiles <br> perl-Config-Simple <br> perl-Config-Tiny <br> perl-Const-Fast <br> perl-Convert-ASN1 <br> perl-Convert-Bencode <br> perl-Coro <br> perl-Coro-Multicore <br> perl-CPAN-Changes <br> perl-CPAN-DistnameInfo <br> perl-CPAN-Meta-Check <br> perl-Cpanel-JSON-XS <br> perl-Crypt-CBC <br> perl-Crypt-DES <br> perl-Crypt-IDEA <br> perl-Crypt-OpenSSL-Bignum <br> perl-Crypt-OpenSSL-Guess <br> perl-Crypt-OpenSSL-Random <br> perl-Crypt-OpenSSL-RSA <br> perl-Crypt-PasswdMD5 <br> perl-Crypt-Random-Seed <br> perl-CSS-Tiny <br> perl-Data-Dump <br> perl-Data-Munge <br> perl-Data-OptList <br> perl-Data-Peek <br> perl-Data-Section <br> perl-Data-UUID <br> perl-Date-Calc <br> perl-Date-ISO8601 <br> perl-Date-Manip <br> perl-DateTime <br> perl-DateTime-Format-Builder <br> perl-DateTime-Format-DateParse <br> perl-DateTime-Format-HTTP <br> perl-DateTime-Format-IBeat <br> perl-DateTime-Format-ISO8601 <br> perl-DateTime-Format-Mail <br> perl-DateTime-Format-Strptime <br> perl-DateTime-Locale <br> perl-DateTime-TimeZone <br> perl-DateTime-TimeZone-SystemV <br> perl-DateTime-TimeZone-Tzfile <br> perl-DBD-MySQL <br> perl-Devel-CallChecker <br> perl-Devel-Caller <br> perl-Devel-CheckBin <br> perl-Devel-CheckLib <br> perl-Devel-Cycle <br> perl-Devel-EnforceEncapsulation <br> perl-Devel-GlobalDestruction <br> perl-Devel-GlobalDestruction-XS <br> perl-Devel-Hide <br> perl-Devel-Leak <br> perl-Devel-LexAlias <br> perl-Devel-Refcount <br> perl-Devel-Size <br> perl-Devel-StackTrace <br> perl-Devel-Symdump <br> perl-Digest-BubbleBabble <br> perl-Digest-CRC <br> perl-Digest-HMAC <br> perl-Digest-SHA1 <br> perl-Dist-CheckConflicts <br> perl-DynaLoader-Functions <br> perl-Email-Address <br> perl-Email-Date-Format <br> perl-Encode-Detect <br> perl-Encode-EUCJPASCII <br> perl-Encode-IMAPUTF7 <br> perl-Encode-Locale <br> perl-Env-ShellWords <br> perl-Error <br> perl-EV <br> perl-Eval-Closure <br> perl-Event <br> perl-Exception-Class <br> perl-Expect <br> perl-ExtUtils-Config <br> perl-ExtUtils-Depends <br> perl-ExtUtils-Helpers <br> perl-ExtUtils-InstallPaths <br> perl-ExtUtils-PkgConfig <br> perl-FCGI <br> perl-Fedora-VSP <br> perl-FFI-CheckLib <br> perl-File-BaseDir <br> perl-File-BOM <br> perl-File-chdir <br> perl-File-CheckTree <br> perl-File-Copy-Recursive <br> perl-File-DesktopEntry <br> perl-File-Find-Object <br> perl-File-Find-Object-Rule <br> perl-File-Find-Rule <br> perl-File-Find-Rule-Perl <br> perl-File-Inplace <br> perl-File-Listing <br> perl-File-MimeInfo <br> perl-File-pushd <br> perl-File-ReadBackwards <br> perl-File-Remove <br> perl-File-ShareDir <br> perl-File-ShareDir-Install <br> perl-File-Slurp <br> perl-File-Slurp-Tiny <br> perl-File-Slurper <br> perl-File-Type <br> perl-Font-TTF <br> perl-FreezeThaw <br> perl-GD <br> perl-GD-Barcode <br> perl-generators <br> perl-Getopt-ArgvFile <br> perl-gettext <br> perl-Graphics-ColorNamesLite-WWW <br> perl-GSSAPI <br> perl-Guard <br> perl-Hook-LexWrap <br> perl-HTML-Parser <br> perl-HTML-Tagset <br> perl-HTML-Tree <br> perl-HTTP-Cookies <br> perl-HTTP-Daemon <br> perl-HTTP-Date <br> perl-HTTP-Message <br> perl-HTTP-Negotiate <br> perl-Image-Base <br> perl-Image-Info <br> perl-Image-Xbm <br> perl-Image-Xpm <br> perl-Import-Into <br> perl-Importer <br> perl-inc-latest <br> perl-indirect <br> perl-Inline-Files <br> perl-IO-AIO <br> perl-IO-All <br> perl-IO-CaptureOutput <br> perl-IO-Compress-Lzma <br> perl-IO-HTML <br> perl-IO-Multiplex <br> perl-IO-SessionData <br> perl-IO-Socket-INET6 <br> perl-IO-String <br> perl-IO-stringy <br> perl-IO-Tty <br> perl-IPC-Run <br> perl-IPC-Run3 <br> perl-IPC-System-Simple <br> perl-JSON <br> perl-JSON-Color <br> perl-JSON-MaybeXS <br> perl-LDAP <br> perl-libnet <br> perl-libwww-perl <br> perl-libxml-perl <br> perl-Lingua-EN-Inflect <br> perl-List-MoreUtils-XS <br> perl-local-lib <br> perl-Locale-Codes <br> perl-Locale-Maketext-Gettext <br> perl-Locale-Msgfmt <br> perl-Locale-PO <br> perl-Log-Message <br> perl-Log-Message-Simple <br> perl-LWP-MediaTypes <br> perl-LWP-Protocol-https <br> perl-Mail-AuthenticationResults <br> perl-Mail-DKIM <br> perl-Mail-IMAPTalk <br> perl-Mail-SPF <br> perl-MailTools <br> perl-Match-Simple <br> perl-Math-Int64 <br> perl-Math-Random-ISAAC <br> perl-MIME-Charset <br> perl-MIME-Lite <br> perl-MIME-Types <br> perl-Mixin-Linewise <br> perl-MLDBM <br> perl-Mock-Config <br> perl-Module-Build-Tiny <br> perl-Module-CPANfile <br> perl-Module-Implementation <br> perl-Module-Install-AuthorRequires <br> perl-Module-Install-AuthorTests <br> perl-Module-Install-AutoLicense <br> perl-Module-Install-GithubMeta <br> perl-Module-Install-ManifestSkip <br> perl-Module-Install-ReadmeFromPod <br> perl-Module-Install-ReadmeMarkdownFromPod <br> perl-Module-Install-Repository <br> perl-Module-Install-TestBase <br> perl-Module-Load-Util <br> perl-Module-Manifest <br> perl-Module-Manifest-Skip <br> perl-Module-Package <br> perl-Module-Package-Au <br> perl-Module-Pluggable <br> perl-Module-Runtime <br> perl-Module-Signature <br> perl-Mojolicious <br> perl-Moo <br> perl-Mozilla-CA <br> perl-Mozilla-LDAP <br> perl-MRO-Compat <br> perl-multidimensional <br> perl-namespace-autoclean <br> perl-namespace-clean <br> perl-Net-CIDR-Lite <br> perl-Net-Daemon <br> perl-Net-DNS <br> perl-Net-DNS-Resolver-Mock <br> perl-Net-DNS-Resolver-Programmable <br> perl-Net-HTTP <br> perl-Net-IMAP-Simple <br> perl-Net-IMAP-Simple-SSL <br> perl-Net-IP <br> perl-Net-LibIDN2 <br> perl-Net-Patricia <br> perl-Net-SMTP-SSL <br> perl-Net-SNMP <br> perl-Net-Telnet <br> perl-Newt <br> perl-NNTPClient <br> perl-NTLM <br> perl-Number-Compare <br> perl-Object-Deadly <br> perl-Object-HashBase <br> perl-Package-Anon <br> perl-Package-Constants <br> perl-Package-DeprecationManager <br> perl-Package-Generator <br> perl-Package-Stash <br> perl-Package-Stash-XS <br> perl-PadWalker <br> perl-Paper-Specs <br> perl-PAR-Dist <br> perl-Parallel-Iterator <br> perl-Params-Classify <br> perl-Params-Util <br> perl-Params-Validate <br> perl-Params-ValidationCompiler <br> perl-Parse-PMFile <br> perl-Parse-RecDescent <br> perl-Parse-Yapp <br> perl-Path-Tiny <br> perl-Perl-Critic <br> perl-Perl-Critic-More <br> perl-Perl-Destruct-Level <br> perl-Perl-MinimumVersion <br> perl-Perl4-CoreLibs <br> perl-PerlIO-gzip <br> perl-PerlIO-utf8_strict <br> perl-PkgConfig-LibPkgConf <br> perl-Pod-Coverage <br> perl-Pod-Coverage-TrustPod <br> perl-Pod-Escapes <br> perl-Pod-Eventual <br> perl-Pod-LaTeX <br> perl-Pod-Markdown <br> perl-Pod-Parser <br> perl-Pod-Plainer <br> perl-Pod-POM <br> perl-Pod-Spell <br> perl-PPI <br> perl-PPI-HTML <br> perl-PPIx-QuoteLike <br> perl-PPIx-Regexp <br> perl-PPIx-Utilities <br> perl-prefork <br> perl-Probe-Perl <br> perl-Razor-Agent <br> perl-Readonly <br> perl-Readonly-XS <br> perl-Ref-Util <br> perl-Ref-Util-XS <br> perl-Regexp-Pattern-Perl <br> perl-Return-MultiLevel <br> perl-Role-Tiny <br> perl-Scope-Guard <br> perl-Scope-Upper <br> perl-SGMLSpm <br> perl-SNMP_Session <br> perl-Socket6 <br> perl-Software-License <br> perl-Sort-Versions <br> perl-Specio <br> perl-Spiffy <br> perl-strictures <br> perl-String-CRC32 <br> perl-String-Format <br> perl-String-ShellQuote <br> perl-String-Similarity <br> perl-Sub-Exporter <br> perl-Sub-Exporter-Progressive <br> perl-Sub-Identify <br> perl-Sub-Infix <br> perl-Sub-Info <br> perl-Sub-Install <br> perl-Sub-Name <br> perl-Sub-Quote <br> perl-Sub-Uplevel <br> perl-SUPER <br> perl-Switch <br> perl-Syntax-Highlight-Engine-Kate <br> perl-Sys-CPU <br> perl-Sys-MemInfo <br> perl-Sys-Virt <br> perl-Taint-Runtime <br> perl-Task-Weaken <br> perl-Term-Size-Any <br> perl-Term-Size-Perl <br> perl-Term-Table <br> perl-Term-UI <br> perl-TermReadKey <br> perl-Test-Base <br> perl-Test-ClassAPI <br> perl-Test-CPAN-Meta <br> perl-Test-CPAN-Meta-JSON <br> perl-Test-Deep <br> perl-Test-Differences <br> perl-Test-DistManifest <br> perl-Test-Distribution <br> perl-Test-EOL <br> perl-Test-Exception <br> perl-Test-Exit <br> perl-Test-FailWarnings <br> perl-Test-Fatal <br> perl-Test-File <br> perl-Test-File-ShareDir <br> perl-Test-Harness <br> perl-Test-HasVersion <br> perl-Test-InDistDir <br> perl-Test-Inter <br> perl-Test-LeakTrace <br> perl-Test-LongString <br> perl-Test-Manifest <br> perl-Test-Memory-Cycle <br> perl-Test-MinimumVersion <br> perl-Test-MockObject <br> perl-Test-MockRandom <br> perl-Test-Needs <br> perl-Test-NoTabs <br> perl-Test-NoWarnings <br> perl-Test-Object <br> perl-Test-Output <br> perl-Test-Pod <br> perl-Test-Pod-Coverage <br> perl-Test-Portability-Files <br> perl-Test-Requires <br> perl-Test-RequiresInternet <br> perl-Test-Script <br> perl-Test-Simple <br> perl-Test-SubCalls <br> perl-Test-Synopsis <br> perl-Test-Taint <br> perl-Test-TrailingSpace <br> perl-Test-utf8 <br> perl-Test-Vars <br> perl-Test-Warn <br> perl-Test-Without-Module <br> perl-Test2-Plugin-NoWarnings <br> perl-Test2-Suite <br> perl-Test2-Tools-Explain <br> perl-Text-CharWidth <br> perl-Text-CSV_XS <br> perl-Text-Diff <br> perl-Text-Glob <br> perl-Text-Iconv <br> perl-Text-Soundex <br> perl-Text-Unidecode <br> perl-Text-WrapI18N <br> perl-Tie-IxHash <br> perl-TimeDate <br> perl-Tree-DAG_Node <br> perl-Unicode-EastAsianWidth <br> perl-Unicode-LineBreak <br> perl-Unicode-Map8 <br> perl-Unicode-String <br> perl-Unicode-UTF8 <br> perl-UNIVERSAL-can <br> perl-UNIVERSAL-isa <br> perl-Unix-Syslog <br> perl-URI <br> perl-Variable-Magic <br> perl-Version-Requirements <br> perl-WWW-RobotRules <br> perl-XML-Catalog <br> perl-XML-DOM <br> perl-XML-Dumper <br> perl-XML-Filter-BufferText <br> perl-XML-Generator <br> perl-XML-Grove <br> perl-XML-Handler-YAWriter <br> perl-XML-LibXML <br> perl-XML-LibXSLT <br> perl-XML-NamespaceSupport <br> perl-XML-Parser-Lite <br> perl-XML-RegExp <br> perl-XML-SAX <br> perl-XML-SAX-Base <br> perl-XML-SAX-Writer <br> perl-XML-Simple <br> perl-XML-TokeParser <br> perl-XML-TreeBuilder <br> perl-XML-Twig <br> perl-XML-Writer <br> perl-XML-XPath <br> perl-XML-XPathEngine <br> perl-XString <br> perl-YAML-LibYAML <br> perl-YAML-PP <br> perl-YAML-Syck <br> perltidy <br> pesign <br> phodav <br> php <br> php-pear <br> php-pecl-apcu <br> php-pecl-zip <br> physfs <br> picosat <br> pinfo <br> pipewire <br> pixman <br> pkcs11-helper <br> pkgconf <br> plexus-cipher <br> plexus-containers <br> plexus-sec-dispatcher <br> plotutils <br> pmdk-convert <br> pmix <br> pngcrush <br> pngnq <br> po4a <br> podman <br> poetry <br> policycoreutils <br> polkit-pkla-compat <br> polkit-qt-1 <br> portreserve <br> postfix <br> potrace <br> powertop <br> ppp <br> pps-tools <br> pptp <br> priv_wrapper <br> procmail <br> prometheus <br> prometheus-node-exporter <br> ps_mem <br> psacct <br> pssh <br> psutils <br> ptlib <br> publicsuffix-list <br> pugixml <br> pulseaudio <br> puppet <br> pwgen <br> pyatspi <br> pybind11 <br> pycairo <br> pyelftools <br> pyflakes <br> pygobject3 <br> PyGreSQL <br> pykickstart <br> pylint <br> pyparted <br> pyproject-rpm-macros <br> pyserial <br> python-absl-py <br> python-aiodns <br> python-aiohttp <br> python-alsa <br> python-argcomplete <br> python-argparse-manpage <br> python-astroid <br> python-astunparse <br> python-async-generator <br> python-augeas <br> python-azure-sdk <br> python-backoff <br> python-beautifulsoup4 <br> python-betamax <br> python-blinker <br> python-blivet <br> python-cached_property <br> python-charset-normalizer <br> python-cheetah <br> python-click <br> python-cmd2 <br> python-colorama <br> python-CommonMark <br> python-conda-package-handling <br> python-configshell <br> python-cpuinfo <br> python-cups <br> python-curio <br> python-cytoolz <br> python-d2to1 <br> python-dbus-client-gen <br> python-dbus-python-client-gen <br> python-dbus-signature-pyparsing <br> python-dbusmock <br> python-ddt <br> python-debtcollector <br> python-decorator <br> python-distlib <br> python-dmidecode <br> python-dns <br> python-dtopt <br> python-dulwich <br> python-editables <br> python-enchant <br> python-entrypoints <br> python-ethtool <br> python-evdev <br> python-extras <br> python-faker <br> python-fasteners <br> python-fastjsonschema <br> python-fields <br> python-filelock <br> python-fixtures <br> python-flake8 <br> python-flask <br> python-flit <br> python-flit-core <br> python-fluidity-sm <br> python-frozendict <br> python-funcsigs <br> python-gast <br> python-genshi <br> python-google-auth <br> python-google-auth-oauthlib <br> python-greenlet <br> python-gssapi <br> python-h5py <br> python-hatch-fancy-pypi-readme <br> python-hatch-vcs <br> python-hatchling <br> python-hs-dbus-signature <br> python-html5lib <br> python-httplib2 <br> python-humanize <br> python-hwdata <br> python-importlib-metadata <br> python-inotify <br> python-into-dbus-python <br> python-IPy <br> python-iso8601 <br> python-isodate <br> python-isort <br> python-itsdangerous <br> python-junitxml <br> python-justbases <br> python-justbytes <br> python-jwcrypto <br> python-jwt <br> python-kdcproxy <br> python-kerberos <br> python-kmod <br> python-kubernetes <br> python-lark <br> python-lazy-object-proxy <br> python-ldap <br> python-linux-procfs <br> python-lit <br> python-looseversion <br> python-markdown <br> python-markdown-it-py <br> python-mccabe <br> python-mdurl <br> python-memcached <br> python-mimeparse <br> python-mock <br> python-monotonic <br> python-more-itertools <br> python-mpmath <br> python-msal <br> python-msrestazure <br> python-mutagen <br> python-networkx <br> python-nose2 <br> python-ntlm-auth <br> python-oauth2client <br> python-openpyxl <br> python-openstackdocstheme <br> python-oslo-i18n <br> python-oslo-sphinx <br> python-paramiko <br> python-pathspec <br> python-pefile <br> python-pexpect <br> python-pkgconfig <br> python-platformdirs <br> python-pluggy <br> python-podman-api <br> python-poetry-core <br> python-process-tests <br> python-productmd <br> python-ptyprocess <br> python-pycares <br> python-pycosat <br> python-pydbus <br> python-pymongo <br> python-PyMySQL <br> python-pyperclip <br> python-pyproject-metadata <br> python-pyroute2 <br> python-pyrsistent <br> python-pysocks <br> python-pytest-benchmark <br> python-pytest-cov <br> python-pytest-expect <br> python-pytest-flake8 <br> python-pytest-flakes <br> python-pytest-forked <br> python-pytest-mock <br> python-pytest-relaxed <br> python-pytest-runner <br> python-pytest-subtests <br> python-pytest-timeout <br> python-pytest-xdist <br> python-pytoml <br> python-pyudev <br> python-pywbem <br> python-qrcode <br> python-rdflib <br> python-recommonmark <br> python-requests-file <br> python-requests-ftp <br> python-requests-kerberos <br> python-requests-mock <br> python-requests-oauthlib <br> python-requests-toolbelt <br> python-requests_ntlm <br> python-responses <br> python-retrying <br> python-rfc3986 <br> python-rich <br> python-rpm-generators <br> python-rpmautospec-core <br> python-rpmfluff <br> python-rtslib <br> python-ruamel-yaml <br> python-ruamel-yaml-clib <br> python-s3transfer <br> python-schedutils <br> python-semantic_version <br> python-should_dsl <br> python-simpleline <br> python-slip <br> python-sniffio <br> python-sortedcontainers <br> python-soupsieve <br> python-sphinx <br> python-sphinx-epytext <br> python-sphinx-theme-py3doc-enhanced <br> python-sphinx_rtd_theme <br> python-sphinxcontrib-apidoc <br> python-sphinxcontrib-applehelp <br> python-sphinxcontrib-devhelp <br> python-sphinxcontrib-htmlhelp <br> python-sphinxcontrib-httpdomain <br> python-sphinxcontrib-jsmath <br> python-sphinxcontrib-qthelp <br> python-sphinxcontrib-serializinghtml <br> python-sqlalchemy <br> python-suds <br> python-systemd <br> python-tempita <br> python-templated-dictionary <br> python-termcolor <br> python-testpath <br> python-testresources <br> python-testscenarios <br> python-testtools <br> python-tidy <br> python-toml <br> python-tomli <br> python-toolz <br> python-tornado <br> python-tox <br> python-tox-current-env <br> python-tqdm <br> python-trio <br> python-trove-classifiers <br> python-typing-extensions <br> python-uamqp <br> python-unittest2 <br> python-uritemplate <br> python-urwid <br> python-varlink <br> python-versioneer <br> python-virt-firmware <br> python-voluptuous <br> python-waitress <br> python-webencodings <br> python-webtest <br> python-wheel <br> python-whoosh <br> python-winrm <br> python-wrapt <br> python-xlrd <br> python-xlsxwriter <br> python-xmltodict <br> python-yubico <br> python-zipp <br> python-zmq <br> python-zstd <br> python3-mallard-ducktype <br> python3-pytest-asyncio <br> python3-typed_ast <br> pyusb <br> pywbem <br> pyxattr <br> qemu <br> qhull <br> qpdf <br> qperf <br> qr-code-generator <br> qt-rpm-macros <br> qt5-qtconnectivity <br> qt5-qtsensors <br> qt5-qtserialport <br> qtbase <br> qtdeclarative <br> qtsvg <br> qttools <br> quagga <br> quota <br> radvd <br> ragel <br> raptor2 <br> rarian <br> rasdaemon <br> rasqal <br> rcs <br> rdist <br> rdma-core <br> re2 <br> re2c <br> realmd <br> rear <br> recode <br> resource-agents <br> rest <br> rhash <br> rlwrap <br> rp-pppoe <br> rpm-mpi-hooks <br> rpmdevtools <br> rpmlint <br> rr <br> rtkit <br> rtl-sdr <br> ruby-augeas <br> rubygem-bson <br> rubygem-coderay <br> rubygem-diff-lcs <br> rubygem-flexmock <br> rubygem-hpricot <br> rubygem-introspection <br> rubygem-liquid <br> rubygem-maruku <br> rubygem-metaclass <br> rubygem-mongo <br> rubygem-mustache <br> rubygem-mysql2 <br> rubygem-pkg-config <br> rubygem-rake <br> rubygem-rake-compiler <br> rubygem-ronn <br> rubygem-rouge <br> rubygem-rspec <br> rubygem-rspec-expectations <br> rubygem-rspec-mocks <br> rubygem-rspec-support <br> rubygem-thread_order <br> rusers <br> rust-cbindgen <br> samba <br> sanlock <br> sassist <br> satyr <br> sbc <br> sblim-cim-client2 <br> sblim-cmpi-base <br> sblim-cmpi-devel <br> sblim-cmpi-fsvol <br> sblim-cmpi-network <br> sblim-cmpi-nfsv3 <br> sblim-cmpi-nfsv4 <br> sblim-cmpi-params <br> sblim-cmpi-sysfs <br> sblim-cmpi-syslog <br> sblim-indication_helper <br> sblim-sfcb <br> sblim-sfcc <br> sblim-sfcCommon <br> sblim-testsuite <br> sblim-wbemcli <br> scl-utils <br> scotch <br> screen <br> scrub <br> SDL <br> SDL2 <br> SDL_sound <br> sdparm <br> seabios <br> secilc <br> selinux-policy <br> serd <br> setools <br> setserial <br> setuptool <br> sgabios <br> sgml-common <br> sgpio <br> shared-mime-info <br> sharutils <br> sip <br> sisu <br> skkdic <br> sleuthkit <br> slirp4netns <br> smartmontools <br> smc-tools <br> socket_wrapper <br> softhsm <br> sombok <br> sord <br> sos <br> sound-theme-freedesktop <br> soundtouch <br> sox <br> soxr <br> sparsehash <br> spausedd <br> speex <br> speexdsp <br> spice-protocol <br> spice-vdagent <br> spirv-headers <br> spirv-tools <br> splix <br> squashfs-tools <br> squid <br> sratom <br> sscg <br> star <br> startup-notification <br> stress-ng <br> stunnel <br> subscription-manager <br> subunit <br> suitesparse <br> SuperLU <br> supermin <br> switcheroo-control <br> swtpm <br> symlinks <br> sympy <br> sysfsutils <br> systemd <br> systemd-bootchart <br> t1lib <br> t1utils <br> taglib <br> tang <br> targetcli <br> tbb <br> tcl-pgtcl <br> tclx <br> teckit <br> telnet <br> thrift <br> tidy <br> time <br> tini <br> tinycdb <br> tix <br> tk <br> tlog <br> tmpwatch <br> tn5250 <br> tofrodos <br> tokyocabinet <br> trace-cmd <br> tss2 <br> ttembed <br> ttmkfdir <br> tuna <br> twolame <br> uchardet <br> uclibc-ng <br> ucpp <br> ucs-miscfixed-fonts <br> ucx <br> udftools <br> udica <br> udisks2 <br> uglify-js <br> uid_wrapper <br> unicode-emoji <br> unicode-ucd <br> unique3 <br> units <br> upower <br> uriparser <br> urlview <br> usb_modeswitch <br> usb_modeswitch-data <br> usbguard <br> usbip <br> usbmuxd <br> usbredir <br> usermode <br> ustr <br> uthash <br> uuid <br> uw-imap <br> v4l-utils <br> vhostmd <br> vino <br> virglrenderer <br> virt-p2v <br> virt-top <br> virt-what <br> virt-who <br> vitess <br> vmem <br> volume_key <br> vorbis-tools <br> vte291 <br> vulkan-headers <br> vulkan-loader <br> watchdog <br> wavpack <br> wayland <br> wayland-protocols <br> web-assets <br> webrtc-audio-processing <br> websocketpp <br> wget <br> whois <br> wireguard-tools <br> wireless-regdb <br> wireshark <br> woff2 <br> wordnet <br> words <br> wpebackend-fdo <br> wsmancli <br> wvdial <br> x3270 <br> xapian-core <br> Xaw3d <br> xcb-proto <br> xcb-util <br> xcb-util-image <br> xcb-util-keysyms <br> xcb-util-renderutil <br> xcb-util-wm <br> xdelta <br> xdg-dbus-proxy <br> xdg-utils <br> xdp-tools <br> xerces-c <br> xfconf <br> xfsdump <br> xhtml1-dtds <br> xkeyboard-config <br> xmlstarlet <br> xmltoman <br> xmvn <br> xorg-x11-apps <br> xorg-x11-drv-libinput <br> xorg-x11-font-utils <br> xorg-x11-fonts <br> xorg-x11-proto-devel <br> xorg-x11-server <br> xorg-x11-server-utils <br> xorg-x11-server-Xwayland <br> xorg-x11-util-macros <br> xorg-x11-utils <br> xorg-x11-xauth <br> xorg-x11-xbitmaps <br> xorg-x11-xinit <br> xorg-x11-xkb-utils <br> xorg-x11-xtrans-devel <br> xrestop <br> xterm <br> xxhash <br> yajl <br> yaml-cpp <br> yasm <br> yelp-tools <br> yelp-xsl <br> ykclient <br> yp-tools <br> ypbind <br> ypserv <br> z3 <br> zenity <br> zerofree <br> zfs-fuse <br> zipper <br> zopfli <br> zziplib |
+| Fedora | [Fedora MIT License Declaration](https://fedoraproject.org/wiki/Licensing:Main?rd=Licensing#License_of_Fedora_SPEC_Files) | 389-ds-base <br> a52dec <br> abseil-cpp <br> accountsservice <br> acpica-tools <br> acpid <br> adcli <br> adobe-mappings-cmap <br> adobe-mappings-pdf <br> advancecomp <br> adwaita-icon-theme <br> afflib <br> aide <br> alsa-firmware <br> alsa-plugins <br> amtk <br> amtterm <br> annobin <br> ansible-freeipa <br> archivemount <br> arptables <br> arpwatch <br> asio <br> aspell <br> aspell-en <br> at <br> at-spi2-atk <br> at-spi2-core <br> atf <br> atk <br> atop <br> attr <br> audiofile <br> augeas <br> authbind <br> authd <br> authselect <br> autoconf213 <br> avahi <br> babeltrace <br> babeltrace2 <br> babl <br> baekmuk-ttf-fonts <br> bats <br> bcache-tools <br> biosdevname <br> blosc <br> bluez <br> bmake <br> bolt <br> boom-boot <br> booth <br> botan2 <br> breezy <br> brotli <br> buildah <br> busybox <br> bwidget <br> byacc <br> ca-certificates <br> cachefilesd <br> cairomm <br> calamares <br> capnproto <br> capstone <br> catatonit <br> catch <br> catch1 <br> cdrdao <br> celt051 <br> cereal <br> certmonger <br> cfitsio <br> cgdcbxd <br> chan <br> CharLS <br> checkpolicy <br> checksec <br> chrony <br> cim-schema <br> cjkuni-uming-fonts <br> cjose <br> ck <br> cldr-emoji-annotation <br> clucene <br> clutter <br> clutter-gst3 <br> clutter-gtk <br> cmocka <br> cogl <br> collectd <br> colm <br> color-filesystem <br> colord <br> colorize <br> compat-lua <br> compiler-rt <br> conda <br> conmon <br> conntrack-tools <br> console-setup <br> container-exception-logger <br> containernetworking-plugins <br> convmv <br> corosync <br> corosync-qdevice <br> cpp-hocon <br> cppcheck <br> cpprest <br> cpptest <br> cpufrequtils <br> cpuid <br> criu <br> crypto-policies <br> cryptsetup <br> cscope <br> ctags <br> CUnit <br> cups <br> custodia <br> Cython <br> dbus-c++ <br> dbus-python <br> dbxtool <br> dconf <br> dcraw <br> debootstrap <br> deltarpm <br> desktop-file-utils <br> device-mapper-persistent-data <br> dhcpcd <br> dietlibc <br> diffstat <br> ding-libs <br> discount <br> distribution-gpg-keys <br> dleyna-connector-dbus <br> dleyna-core <br> dmraid <br> dnf <br> dnf-plugins-core <br> docbook-dtds <br> docbook-simple <br> docbook-slides <br> docbook-style-dsssl <br> docbook-utils <br> docbook2X <br> docbook5-schemas <br> docbook5-style-xsl <br> dogtail <br> dos2unix <br> dotconf <br> dovecot <br> dpdk <br> dpkg <br> driverctl <br> dropwatch <br> drpm <br> duktape <br> dumpet <br> dvd+rw-tools <br> dwarves <br> dwz <br> dyninst <br> ebtables <br> edac-utils <br> edk2 <br> efax <br> efi-rpm-macros <br> egl-wayland <br> eglexternalplatform <br> elinks <br> enca <br> enchant <br> enchant2 <br> enscript <br> environment-modules <br> evemu <br> execstack <br> exempi <br> exiv2 <br> extra-cmake-modules <br> fabtests <br> facter <br> fakechroot <br> fakeroot <br> fdk-aac-free <br> fdupes <br> fence-virt <br> fetchmail <br> fftw <br> filebench <br> fio <br> fipscheck <br> firewalld <br> flac <br> flatbuffers <br> flite <br> fltk <br> fmt <br> fontawesome-fonts <br> fontawesome4-fonts <br> fontpackages <br> fonts-rpm-macros <br> foomatic-db <br> freeglut <br> freeipmi <br> freeradius <br> freetds <br> freexl <br> fribidi <br> fros <br> frr <br> fsverity-utils <br> fuse-overlayfs <br> fuse-sshfs <br> fuse-zip <br> fuse3 <br> future <br> fxload <br> gavl <br> gbenchmark <br> gconf-editor <br> GConf2 <br> gcovr <br> gcr <br> gdal <br> gdisk <br> gdk-pixbuf2 <br> generic-logos <br> genwqe-tools <br> geoclue2 <br> GeoIP <br> GeoIP-GeoLite-data <br> geolite2 <br> geos <br> gfs2-utils <br> ghc-srpm-macros <br> giflib <br> gl-manpages <br> glew <br> glm <br> glog <br> glslang <br> glusterfs <br> gnome-desktop-testing <br> gnome-doc-utils <br> gnome-icon-theme <br> gnome-keyring <br> gnu-efi <br> go-rpm-macros <br> gom <br> google-api-python-client <br> google-crosextra-caladea-fonts <br> google-crosextra-carlito-fonts <br> google-guice <br> google-noto-cjk-fonts <br> google-noto-emoji-fonts <br> google-roboto-slab-fonts <br> gphoto2 <br> gpm <br> gpsbabel <br> graphene <br> graphite2 <br> graphviz <br> grubby <br> gsettings-desktop-schemas <br> gsl <br> gsm <br> gspell <br> gssdp <br> gssntlmssp <br> gstreamer1 <br> gstreamer1-plugins-base <br> gtk-vnc <br> gtk2 <br> gtk3 <br> gtkspell <br> gupnp <br> gupnp-av <br> gupnp-dlna <br> gupnp-igd <br> hardening-check <br> hdf <br> hdf5 <br> heimdal <br> help2man <br> hexedit <br> hicolor-icon-theme <br> hiera <br> highlight <br> hivex <br> hostname <br> hping3 <br> hsakmt <br> htop <br> hunspell <br> hunspell-af <br> hunspell-ar <br> hunspell-as <br> hunspell-ast <br> hunspell-az <br> hunspell-be <br> hunspell-bg <br> hunspell-bn <br> hunspell-br <br> hunspell-ca <br> hunspell-cop <br> hunspell-csb <br> hunspell-cv <br> hunspell-cy <br> hunspell-da <br> hunspell-de <br> hunspell-dsb <br> hunspell-el <br> hunspell-en <br> hunspell-eo <br> hunspell-es <br> hunspell-et <br> hunspell-eu <br> hunspell-fa <br> hunspell-fj <br> hunspell-fo <br> hunspell-fr <br> hunspell-fur <br> hunspell-fy <br> hunspell-ga <br> hunspell-gd <br> hunspell-gl <br> hunspell-grc <br> hunspell-gu <br> hunspell-gv <br> hunspell-haw <br> hunspell-hi <br> hunspell-hil <br> hunspell-hr <br> hunspell-hsb <br> hunspell-ht <br> hunspell-hu <br> hunspell-hy <br> hunspell-ia <br> hunspell-id <br> hunspell-is <br> hunspell-it <br> hunspell-kk <br> hunspell-km <br> hunspell-kn <br> hunspell-ko <br> hunspell-ku <br> hunspell-ky <br> hunspell-la <br> hunspell-lb <br> hunspell-ln <br> hunspell-mai <br> hunspell-mg <br> hunspell-mi <br> hunspell-mk <br> hunspell-ml <br> hunspell-mn <br> hunspell-mos <br> hunspell-mr <br> hunspell-ms <br> hunspell-mt <br> hunspell-nds <br> hunspell-ne <br> hunspell-nl <br> hunspell-no <br> hunspell-nr <br> hunspell-nso <br> hunspell-ny <br> hunspell-om <br> hunspell-or <br> hunspell-pa <br> hunspell-pl <br> hunspell-pt <br> hunspell-quh <br> hunspell-ro <br> hunspell-ru <br> hunspell-rw <br> hunspell-se <br> hunspell-shs <br> hunspell-si <br> hunspell-sk <br> hunspell-sl <br> hunspell-smj <br> hunspell-so <br> hunspell-sq <br> hunspell-sr <br> hunspell-sv <br> hunspell-sw <br> hunspell-ta <br> hunspell-te <br> hunspell-tet <br> hunspell-th <br> hunspell-tk <br> hunspell-tl <br> hunspell-tn <br> hunspell-tpi <br> hunspell-ts <br> hunspell-uk <br> hunspell-uz <br> hunspell-ve <br> hunspell-vi <br> hunspell-wa <br> hunspell-xh <br> hunspell-yi <br> hwdata <br> hwloc <br> hyperscan <br> hyperv-daemons <br> hyphen <br> hyphen-as <br> hyphen-bg <br> hyphen-bn <br> hyphen-ca <br> hyphen-da <br> hyphen-de <br> hyphen-el <br> hyphen-es <br> hyphen-fa <br> hyphen-fo <br> hyphen-fr <br> hyphen-ga <br> hyphen-gl <br> hyphen-grc <br> hyphen-gu <br> hyphen-hi <br> hyphen-hsb <br> hyphen-hu <br> hyphen-ia <br> hyphen-id <br> hyphen-is <br> hyphen-it <br> hyphen-kn <br> hyphen-ku <br> hyphen-lt <br> hyphen-mi <br> hyphen-ml <br> hyphen-mn <br> hyphen-mr <br> hyphen-nl <br> hyphen-or <br> hyphen-pa <br> hyphen-pl <br> hyphen-pt <br> hyphen-ro <br> hyphen-ru <br> hyphen-sa <br> hyphen-sk <br> hyphen-sl <br> hyphen-sv <br> hyphen-ta <br> hyphen-te <br> hyphen-tk <br> hyphen-uk <br> ibus <br> ibus-chewing <br> ibus-hangul <br> ibus-kkc <br> ibus-libzhuyin <br> ibus-m17n <br> ibus-rawcode <br> ibus-sayura <br> ibus-table <br> ibus-table-chinese <br> icc-profiles-openicc <br> icon-naming-utils <br> icoutils <br> iftop <br> iio-sensor-proxy <br> ilmbase <br> im-chooser <br> imaptest <br> imsettings <br> indent <br> infinipath-psm <br> inih <br> iniparser <br> intel-cmt-cat <br> intel-ipsec-mb <br> ioping <br> IP2Location <br> ipa-pgothic-fonts <br> ipcalc <br> ipmitool <br> iprutils <br> iptraf-ng <br> iptstate <br> irssi <br> iscsi-initiator-utils <br> isns-utils <br> iso-codes <br> isomd5sum <br> iw <br> iwd <br> jabberpy <br> jakarta-servlet <br> jasper <br> javapackages-bootstrap <br> javapackages-tools <br> jbigkit <br> jdom2 <br> jemalloc <br> jfsutils <br> jimtcl <br> jose <br> js-jquery <br> jsoncpp <br> Judy <br> jurand <br> kata-containers <br> kde-filesystem <br> kde-settings <br> kexec-tools <br> keybinder3 <br> keycloak-httpd-client-install <br> kf <br> kf-kconfig <br> kf-kcoreaddons <br> kf-ki18n <br> kf-kwidgetsaddons <br> kpmcore <br> kronosnet <br> ksh <br> kyotocabinet <br> kyua <br> ladspa <br> lame <br> langtable <br> lapack <br> lasso <br> latencytop <br> lato-fonts <br> lcms2 <br> lcov <br> ldns <br> leatherman <br> ledmon <br> lensfun <br> leveldb <br> lftp <br> libabw <br> libaec <br> libao <br> libappstream-glib <br> libarrow <br> libart_lgpl <br> libasyncns <br> libatasmart <br> libavc1394 <br> libblockdev <br> libbpf <br> libbsd <br> libburn <br> libbytesize <br> libcacard <br> libcanberra <br> libcdio <br> libcdio-paranoia <br> libcdr <br> libcgroup <br> libchewing <br> libcli <br> libcmis <br> libcmpiutil <br> libcomps <br> libcroco <br> libcxx <br> libdaemon <br> libdap <br> libdatrie <br> libdazzle <br> libdbi <br> libdbusmenu <br> libdc1394 <br> libdecor <br> libdeflate <br> libdmx <br> libdnf <br> libdrm <br> libdvdnav <br> libdvdread <br> libdwarf <br> libeasyfc <br> libecap <br> libecb <br> libei <br> libell <br> libEMF <br> libeot <br> libepoxy <br> libepubgen <br> libesmtp <br> libetonyek <br> libev <br> libevdev <br> libexif <br> libexttextcat <br> libfabric <br> libfontenc <br> libfreehand <br> libftdi <br> libgadu <br> libgdither <br> libgee <br> libgee06 <br> libgeotiff <br> libgexiv2 <br> libgit2 <br> libgit2-glib <br> libglade2 <br> libglvnd <br> libgovirt <br> libgphoto2 <br> libgsf <br> libgta <br> libguestfs <br> libgusb <br> libgxim <br> libgxps <br> libhangul <br> libhugetlbfs <br> libibcommon <br> libical <br> libICE <br> libicns <br> libid3tag <br> libIDL <br> libidn2 <br> libiec61883 <br> libieee1284 <br> libimobiledevice <br> libindicator <br> libinput <br> libiodbc <br> libipt <br> libiptcdata <br> libiscsi <br> libisoburn <br> libisofs <br> libjcat <br> libkcapi <br> libkeepalive <br> libkkc <br> libkkc-data <br> libkml <br> liblangtag <br> libldb <br> libldm <br> liblerc <br> liblockfile <br> liblognorm <br> liblouis <br> liblqr-1 <br> liblzf <br> libmad <br> libmd <br> libmediaart <br> libmicrohttpd <br> libmikmod <br> libmodman <br> libmodplug <br> libmodulemd1 <br> libmpcdec <br> libmspub <br> libmtp <br> libmusicbrainz5 <br> libmwaw <br> libnbd <br> libnet <br> libnetfilter_log <br> libnfs <br> libnotify <br> libntlm <br> libnumbertext <br> libnvme <br> liboauth <br> libodfgen <br> libofa <br> libogg <br> liboggz <br> liboil <br> libomxil-bellagio <br> libopenraw <br> liboping <br> libosinfo <br> libotf <br> libotr <br> libpagemaker <br> libpaper <br> libpciaccess <br> libpeas <br> libpfm <br> libpinyin <br> libplist <br> libpmemobj-cpp <br> libpng12 <br> libpng15 <br> libproxy <br> libpsm2 <br> libpwquality <br> libqb <br> libqxp <br> libraqm <br> LibRaw <br> libraw1394 <br> libreport <br> libreswan <br> librevenge <br> librsvg2 <br> librx <br> libsamplerate <br> libsass <br> libsecret <br> libsemanage <br> libsigc++20 <br> libsigsegv <br> libslirp <br> libSM <br> libsmbios <br> libsmi <br> libsndfile <br> libsodium <br> libspiro <br> libsrtp <br> libssh <br> libstaroffice <br> libstemmer <br> libstoragemgmt <br> libtdb <br> libteam <br> libtevent <br> libthai <br> libtnc <br> libtomcrypt <br> libtommath <br> libtpms <br> libtracecmd <br> libtraceevent <br> libtracefs <br> libtranslit <br> libucil <br> libunicap <br> libuninameslist <br> liburing <br> libusbmuxd <br> libuser <br> libutempter <br> libvarlink <br> libverto <br> libvirt-dbus <br> libvirt-glib <br> libvirt-java <br> libvirt-python <br> libvisio <br> libvisual <br> libvoikko <br> libvorbis <br> libvpx <br> libwacom <br> libwnck3 <br> libwpd <br> libwpe <br> libwpg <br> libwps <br> libwvstreams <br> libX11 <br> libXau <br> libXaw <br> libxcb <br> libXcomposite <br> libxcrypt <br> libXcursor <br> libxcvt <br> libXdamage <br> libXdmcp <br> libXext <br> libxfce4util <br> libXfixes <br> libXfont2 <br> libXft <br> libXi <br> libXinerama <br> libxkbcommon <br> libxkbfile <br> libxklavier <br> libxmlb <br> libXmu <br> libXpm <br> libXrandr <br> libXrender <br> libXres <br> libXScrnSaver <br> libxshmfence <br> libXt <br> libXtst <br> libXv <br> libXxf86vm <br> libyami <br> libyang <br> libyubikey <br> libzip <br> libzmf <br> lilv <br> linuxconsoletools <br> linuxptp <br> lksctp-tools <br> lldpd <br> lockdev <br> logwatch <br> lpsolve <br> lrzsz <br> lua <br> lua-expat <br> lua-filesystem <br> lua-json <br> lua-lpeg <br> lua-lunit <br> lua-rpm-macros <br> lua-term <br> luajit <br> lujavrite <br> luksmeta <br> lutok <br> lv2 <br> lzip <br> lzop <br> m17n-db <br> m17n-lib <br> mac-robber <br> mailcap <br> mailx <br> malaga <br> malaga-suomi-voikko <br> mallard-rng <br> man-pages-cs <br> man-pages-es <br> man-pages-it <br> man-pages-ja <br> man-pages-ko <br> man-pages-pl <br> man-pages-ru <br> man-pages-zh-CN <br> mandoc <br> mariadb-connector-c <br> mariadb-connector-odbc <br> marisa <br> maven-compiler-plugin <br> maven-jar-plugin <br> maven-resolver <br> maven-resources-plugin <br> maven-surefire <br> maven-wagon <br> mcelog <br> mcpp <br> mcstrans <br> mdadm <br> mdds <br> mdevctl <br> meanwhile <br> mecab <br> mecab-ipadic <br> media-player-info <br> memcached <br> memkind <br> mesa <br> mesa-libGLU <br> metis <br> microcode_ctl <br> microdnf <br> minicom <br> minizip <br> mksh <br> mobile-broadband-provider-info <br> mock <br> mock-core-configs <br> mod_auth_gssapi <br> mod_auth_mellon <br> mod_auth_openidc <br> mod_authnz_pam <br> mod_fcgid <br> mod_http2 <br> mod_intercept_form_submit <br> mod_lookup_identity <br> mod_md <br> mod_security <br> mod_security_crs <br> mod_wsgi <br> mokutil <br> mosh <br> mpage <br> mrtg <br> mstflint <br> mt-st <br> mtdev <br> mtools <br> mtr <br> mtx <br> munge <br> mutt <br> mythes <br> mythes-bg <br> mythes-ca <br> mythes-cs <br> mythes-da <br> mythes-de <br> mythes-el <br> mythes-en <br> mythes-eo <br> mythes-es <br> mythes-fr <br> mythes-ga <br> mythes-hu <br> mythes-mi <br> mythes-ne <br> mythes-nl <br> mythes-pl <br> mythes-pt <br> mythes-ro <br> mythes-ru <br> mythes-sk <br> mythes-sl <br> mythes-sv <br> mythes-uk <br> nbd <br> nbdkit <br> neon <br> netavark <br> netcdf <br> netcf <br> netlabel_tools <br> netpbm <br> netsniff-ng <br> nfs4-acl-tools <br> nftables <br> nilfs-utils <br> nkf <br> nload <br> nlopt <br> nodejs-packaging <br> nss-mdns <br> nss-pam-ldapd <br> nss_nis <br> nss_wrapper <br> ntfs-3g <br> ntfs-3g-system-compression <br> numad <br> numatop <br> numpy <br> nvmetcli <br> nvml <br> oath-toolkit <br> ocaml <br> ocaml-alcotest <br> ocaml-astring <br> ocaml-augeas <br> ocaml-base <br> ocaml-bigarray-compat <br> ocaml-bisect-ppx <br> ocaml-calendar <br> ocaml-camlp-streams <br> ocaml-camlp5 <br> ocaml-camomile <br> ocaml-cinaps <br> ocaml-cmdliner <br> ocaml-compiler-libs-janestreet <br> ocaml-cppo <br> ocaml-csexp <br> ocaml-csv <br> ocaml-ctypes <br> ocaml-curses <br> ocaml-dune <br> ocaml-extlib <br> ocaml-fileutils <br> ocaml-findlib <br> ocaml-fmt <br> ocaml-fpath <br> ocaml-gettext <br> ocaml-integers <br> ocaml-libvirt <br> ocaml-luv <br> ocaml-lwt <br> ocaml-markup <br> ocaml-mmap <br> ocaml-num <br> ocaml-ocamlbuild <br> ocaml-ocplib-endian <br> ocaml-ounit <br> ocaml-parsexp <br> ocaml-pp <br> ocaml-ppx-derivers <br> ocaml-ppx-here <br> ocaml-ppx-let <br> ocaml-ppxlib <br> ocaml-re <br> ocaml-react <br> ocaml-result <br> ocaml-seq <br> ocaml-sexplib <br> ocaml-sexplib0 <br> ocaml-srpm-macros <br> ocaml-stdio <br> ocaml-stdlib-random <br> ocaml-topkg <br> ocaml-tyxml <br> ocaml-uutf <br> ocaml-xml-light <br> ocaml-zarith <br> ocl-icd <br> oddjob <br> ogdi <br> omping <br> opa <br> opal <br> open-vm-tools <br> openblas <br> opencc <br> opencl-filesystem <br> opencl-headers <br> opencryptoki <br> opencsd <br> opendnssec <br> OpenEXR <br> openjade <br> openjpeg2 <br> openmpi <br> openobex <br> openoffice-lv <br> openrdate <br> opensc <br> openslp <br> opensm <br> opensp <br> openssl <br> openssl-ibmpkcs11 <br> openssl-pkcs11 <br> openwsman <br> optipng <br> opus <br> opusfile <br> orangefs <br> ORBit2 <br> orc <br> os-prober <br> osinfo-db <br> osinfo-db-tools <br> overpass-fonts <br> p11-kit <br> p7zip <br> pacemaker <br> pacrunner <br> pakchois <br> pam_krb5 <br> pam_wrapper <br> papi <br> paps <br> parallel <br> patchelf <br> patchutils <br> pbzip2 <br> pcp <br> pcsc-lite <br> pcsc-lite-ccid <br> PEGTL <br> perl <br> perl-Algorithm-C3 <br> perl-Algorithm-Diff <br> perl-Alien-Build <br> perl-Alien-pkgconf <br> perl-AnyEvent <br> perl-AnyEvent-AIO <br> perl-AnyEvent-BDB <br> perl-App-cpanminus <br> perl-App-FatPacker <br> perl-AppConfig <br> perl-Archive-Extract <br> perl-Archive-Zip <br> perl-Authen-SASL <br> perl-B-COW <br> perl-B-Debug <br> perl-B-Hooks-EndOfScope <br> perl-B-Hooks-OP-Check <br> perl-B-Keywords <br> perl-B-Lint <br> perl-bareword-filehandles <br> perl-Bit-Vector <br> perl-boolean <br> perl-Browser-Open <br> perl-BSD-Resource <br> perl-Business-ISBN <br> perl-Business-ISBN-Data <br> perl-Bytes-Random-Secure <br> perl-Capture-Tiny <br> perl-Carp-Clan <br> perl-CBOR-XS <br> perl-Class-Accessor <br> perl-Class-C3 <br> perl-Class-C3-XS <br> perl-Class-Data-Inheritable <br> perl-Class-Factory-Util <br> perl-Class-Inspector <br> perl-Class-ISA <br> perl-Class-Load <br> perl-Class-Load-XS <br> perl-Class-Method-Modifiers <br> perl-Class-Singleton <br> perl-Class-Tiny <br> perl-Class-XSAccessor <br> perl-Clone <br> perl-Color-ANSI-Util <br> perl-Color-RGB-Util <br> perl-ColorThemeBase-Static <br> perl-ColorThemeRole-ANSI <br> perl-ColorThemes-Standard <br> perl-ColorThemeUtil-ANSI <br> perl-Compress-Bzip2 <br> perl-Compress-LZF <br> perl-Compress-Raw-Lzma <br> perl-Config-AutoConf <br> perl-Config-INI <br> perl-Config-INI-Reader-Multiline <br> perl-Config-IniFiles <br> perl-Config-Simple <br> perl-Config-Tiny <br> perl-Const-Fast <br> perl-Convert-ASN1 <br> perl-Convert-Bencode <br> perl-Coro <br> perl-Coro-Multicore <br> perl-CPAN-Changes <br> perl-CPAN-DistnameInfo <br> perl-CPAN-Meta-Check <br> perl-Cpanel-JSON-XS <br> perl-Crypt-CBC <br> perl-Crypt-DES <br> perl-Crypt-IDEA <br> perl-Crypt-OpenSSL-Bignum <br> perl-Crypt-OpenSSL-Guess <br> perl-Crypt-OpenSSL-Random <br> perl-Crypt-OpenSSL-RSA <br> perl-Crypt-PasswdMD5 <br> perl-Crypt-Random-Seed <br> perl-CSS-Tiny <br> perl-Data-Dump <br> perl-Data-Munge <br> perl-Data-OptList <br> perl-Data-Peek <br> perl-Data-Section <br> perl-Data-UUID <br> perl-Date-Calc <br> perl-Date-ISO8601 <br> perl-Date-Manip <br> perl-DateTime <br> perl-DateTime-Format-Builder <br> perl-DateTime-Format-DateParse <br> perl-DateTime-Format-HTTP <br> perl-DateTime-Format-IBeat <br> perl-DateTime-Format-ISO8601 <br> perl-DateTime-Format-Mail <br> perl-DateTime-Format-Strptime <br> perl-DateTime-Locale <br> perl-DateTime-TimeZone <br> perl-DateTime-TimeZone-SystemV <br> perl-DateTime-TimeZone-Tzfile <br> perl-DBD-MySQL <br> perl-Devel-CallChecker <br> perl-Devel-Caller <br> perl-Devel-CheckBin <br> perl-Devel-CheckLib <br> perl-Devel-Cycle <br> perl-Devel-EnforceEncapsulation <br> perl-Devel-GlobalDestruction <br> perl-Devel-GlobalDestruction-XS <br> perl-Devel-Hide <br> perl-Devel-Leak <br> perl-Devel-LexAlias <br> perl-Devel-Refcount <br> perl-Devel-Size <br> perl-Devel-StackTrace <br> perl-Devel-Symdump <br> perl-Digest-BubbleBabble <br> perl-Digest-CRC <br> perl-Digest-HMAC <br> perl-Digest-SHA1 <br> perl-Dist-CheckConflicts <br> perl-DynaLoader-Functions <br> perl-Email-Address <br> perl-Email-Date-Format <br> perl-Encode-Detect <br> perl-Encode-EUCJPASCII <br> perl-Encode-IMAPUTF7 <br> perl-Encode-Locale <br> perl-Env-ShellWords <br> perl-Error <br> perl-EV <br> perl-Eval-Closure <br> perl-Event <br> perl-Exception-Class <br> perl-Expect <br> perl-ExtUtils-Config <br> perl-ExtUtils-Depends <br> perl-ExtUtils-Helpers <br> perl-ExtUtils-InstallPaths <br> perl-ExtUtils-PkgConfig <br> perl-FCGI <br> perl-Fedora-VSP <br> perl-FFI-CheckLib <br> perl-File-BaseDir <br> perl-File-BOM <br> perl-File-chdir <br> perl-File-CheckTree <br> perl-File-Copy-Recursive <br> perl-File-DesktopEntry <br> perl-File-Find-Object <br> perl-File-Find-Object-Rule <br> perl-File-Find-Rule <br> perl-File-Find-Rule-Perl <br> perl-File-Inplace <br> perl-File-Listing <br> perl-File-MimeInfo <br> perl-File-pushd <br> perl-File-ReadBackwards <br> perl-File-Remove <br> perl-File-ShareDir <br> perl-File-ShareDir-Install <br> perl-File-Slurp <br> perl-File-Slurp-Tiny <br> perl-File-Slurper <br> perl-File-Type <br> perl-Font-TTF <br> perl-FreezeThaw <br> perl-GD <br> perl-GD-Barcode <br> perl-generators <br> perl-Getopt-ArgvFile <br> perl-gettext <br> perl-Graphics-ColorNamesLite-WWW <br> perl-GSSAPI <br> perl-Guard <br> perl-Hook-LexWrap <br> perl-HTML-Parser <br> perl-HTML-Tagset <br> perl-HTML-Tree <br> perl-HTTP-Cookies <br> perl-HTTP-Daemon <br> perl-HTTP-Date <br> perl-HTTP-Message <br> perl-HTTP-Negotiate <br> perl-Image-Base <br> perl-Image-Info <br> perl-Image-Xbm <br> perl-Image-Xpm <br> perl-Import-Into <br> perl-Importer <br> perl-inc-latest <br> perl-indirect <br> perl-Inline-Files <br> perl-IO-AIO <br> perl-IO-All <br> perl-IO-CaptureOutput <br> perl-IO-Compress-Lzma <br> perl-IO-HTML <br> perl-IO-Multiplex <br> perl-IO-SessionData <br> perl-IO-Socket-INET6 <br> perl-IO-String <br> perl-IO-stringy <br> perl-IO-Tty <br> perl-IPC-Run <br> perl-IPC-Run3 <br> perl-IPC-System-Simple <br> perl-JSON <br> perl-JSON-Color <br> perl-JSON-MaybeXS <br> perl-LDAP <br> perl-libnet <br> perl-libwww-perl <br> perl-libxml-perl <br> perl-Lingua-EN-Inflect <br> perl-List-MoreUtils-XS <br> perl-local-lib <br> perl-Locale-Codes <br> perl-Locale-Maketext-Gettext <br> perl-Locale-Msgfmt <br> perl-Locale-PO <br> perl-Log-Message <br> perl-Log-Message-Simple <br> perl-LWP-MediaTypes <br> perl-LWP-Protocol-https <br> perl-Mail-AuthenticationResults <br> perl-Mail-DKIM <br> perl-Mail-IMAPTalk <br> perl-Mail-SPF <br> perl-MailTools <br> perl-Match-Simple <br> perl-Math-Int64 <br> perl-Math-Random-ISAAC <br> perl-MIME-Charset <br> perl-MIME-Lite <br> perl-MIME-Types <br> perl-Mixin-Linewise <br> perl-MLDBM <br> perl-Mock-Config <br> perl-Module-Build-Tiny <br> perl-Module-CPANfile <br> perl-Module-Implementation <br> perl-Module-Install-AuthorRequires <br> perl-Module-Install-AuthorTests <br> perl-Module-Install-AutoLicense <br> perl-Module-Install-GithubMeta <br> perl-Module-Install-ManifestSkip <br> perl-Module-Install-ReadmeFromPod <br> perl-Module-Install-ReadmeMarkdownFromPod <br> perl-Module-Install-Repository <br> perl-Module-Install-TestBase <br> perl-Module-Load-Util <br> perl-Module-Manifest <br> perl-Module-Manifest-Skip <br> perl-Module-Package <br> perl-Module-Package-Au <br> perl-Module-Pluggable <br> perl-Module-Runtime <br> perl-Module-Signature <br> perl-Mojolicious <br> perl-Moo <br> perl-Mozilla-CA <br> perl-Mozilla-LDAP <br> perl-MRO-Compat <br> perl-multidimensional <br> perl-namespace-autoclean <br> perl-namespace-clean <br> perl-Net-CIDR-Lite <br> perl-Net-Daemon <br> perl-Net-DNS <br> perl-Net-DNS-Resolver-Mock <br> perl-Net-DNS-Resolver-Programmable <br> perl-Net-HTTP <br> perl-Net-IMAP-Simple <br> perl-Net-IMAP-Simple-SSL <br> perl-Net-IP <br> perl-Net-LibIDN2 <br> perl-Net-Patricia <br> perl-Net-SMTP-SSL <br> perl-Net-SNMP <br> perl-Net-Telnet <br> perl-Newt <br> perl-NNTPClient <br> perl-NTLM <br> perl-Number-Compare <br> perl-Object-Deadly <br> perl-Object-HashBase <br> perl-Package-Anon <br> perl-Package-Constants <br> perl-Package-DeprecationManager <br> perl-Package-Generator <br> perl-Package-Stash <br> perl-Package-Stash-XS <br> perl-PadWalker <br> perl-Paper-Specs <br> perl-PAR-Dist <br> perl-Parallel-Iterator <br> perl-Params-Classify <br> perl-Params-Util <br> perl-Params-Validate <br> perl-Params-ValidationCompiler <br> perl-Parse-PMFile <br> perl-Parse-RecDescent <br> perl-Parse-Yapp <br> perl-Path-Tiny <br> perl-Perl-Critic <br> perl-Perl-Critic-More <br> perl-Perl-Destruct-Level <br> perl-Perl-MinimumVersion <br> perl-Perl4-CoreLibs <br> perl-PerlIO-gzip <br> perl-PerlIO-utf8_strict <br> perl-PkgConfig-LibPkgConf <br> perl-Pod-Coverage <br> perl-Pod-Coverage-TrustPod <br> perl-Pod-Escapes <br> perl-Pod-Eventual <br> perl-Pod-LaTeX <br> perl-Pod-Markdown <br> perl-Pod-Parser <br> perl-Pod-Plainer <br> perl-Pod-POM <br> perl-Pod-Spell <br> perl-PPI <br> perl-PPI-HTML <br> perl-PPIx-QuoteLike <br> perl-PPIx-Regexp <br> perl-PPIx-Utilities <br> perl-prefork <br> perl-Probe-Perl <br> perl-Razor-Agent <br> perl-Readonly <br> perl-Readonly-XS <br> perl-Ref-Util <br> perl-Ref-Util-XS <br> perl-Regexp-Pattern-Perl <br> perl-Return-MultiLevel <br> perl-Role-Tiny <br> perl-Scope-Guard <br> perl-Scope-Upper <br> perl-SGMLSpm <br> perl-SNMP_Session <br> perl-Socket6 <br> perl-Software-License <br> perl-Sort-Versions <br> perl-Specio <br> perl-Spiffy <br> perl-strictures <br> perl-String-CRC32 <br> perl-String-Format <br> perl-String-ShellQuote <br> perl-String-Similarity <br> perl-Sub-Exporter <br> perl-Sub-Exporter-Progressive <br> perl-Sub-Identify <br> perl-Sub-Infix <br> perl-Sub-Info <br> perl-Sub-Install <br> perl-Sub-Name <br> perl-Sub-Quote <br> perl-Sub-Uplevel <br> perl-SUPER <br> perl-Switch <br> perl-Syntax-Highlight-Engine-Kate <br> perl-Sys-CPU <br> perl-Sys-MemInfo <br> perl-Sys-Virt <br> perl-Taint-Runtime <br> perl-Task-Weaken <br> perl-Term-Size-Any <br> perl-Term-Size-Perl <br> perl-Term-Table <br> perl-Term-UI <br> perl-TermReadKey <br> perl-Test-Base <br> perl-Test-ClassAPI <br> perl-Test-CPAN-Meta <br> perl-Test-CPAN-Meta-JSON <br> perl-Test-Deep <br> perl-Test-Differences <br> perl-Test-DistManifest <br> perl-Test-Distribution <br> perl-Test-EOL <br> perl-Test-Exception <br> perl-Test-Exit <br> perl-Test-FailWarnings <br> perl-Test-Fatal <br> perl-Test-File <br> perl-Test-File-ShareDir <br> perl-Test-Harness <br> perl-Test-HasVersion <br> perl-Test-InDistDir <br> perl-Test-Inter <br> perl-Test-LeakTrace <br> perl-Test-LongString <br> perl-Test-Manifest <br> perl-Test-Memory-Cycle <br> perl-Test-MinimumVersion <br> perl-Test-MockObject <br> perl-Test-MockRandom <br> perl-Test-Needs <br> perl-Test-NoTabs <br> perl-Test-NoWarnings <br> perl-Test-Object <br> perl-Test-Output <br> perl-Test-Pod <br> perl-Test-Pod-Coverage <br> perl-Test-Portability-Files <br> perl-Test-Requires <br> perl-Test-RequiresInternet <br> perl-Test-Script <br> perl-Test-Simple <br> perl-Test-SubCalls <br> perl-Test-Synopsis <br> perl-Test-Taint <br> perl-Test-TrailingSpace <br> perl-Test-utf8 <br> perl-Test-Vars <br> perl-Test-Warn <br> perl-Test-Without-Module <br> perl-Test2-Plugin-NoWarnings <br> perl-Test2-Suite <br> perl-Test2-Tools-Explain <br> perl-Text-CharWidth <br> perl-Text-CSV_XS <br> perl-Text-Diff <br> perl-Text-Glob <br> perl-Text-Iconv <br> perl-Text-Soundex <br> perl-Text-Unidecode <br> perl-Text-WrapI18N <br> perl-Tie-IxHash <br> perl-TimeDate <br> perl-Tree-DAG_Node <br> perl-Unicode-EastAsianWidth <br> perl-Unicode-LineBreak <br> perl-Unicode-Map8 <br> perl-Unicode-String <br> perl-Unicode-UTF8 <br> perl-UNIVERSAL-can <br> perl-UNIVERSAL-isa <br> perl-Unix-Syslog <br> perl-URI <br> perl-Variable-Magic <br> perl-Version-Requirements <br> perl-WWW-RobotRules <br> perl-XML-Catalog <br> perl-XML-DOM <br> perl-XML-Dumper <br> perl-XML-Filter-BufferText <br> perl-XML-Generator <br> perl-XML-Grove <br> perl-XML-Handler-YAWriter <br> perl-XML-LibXML <br> perl-XML-LibXSLT <br> perl-XML-NamespaceSupport <br> perl-XML-Parser-Lite <br> perl-XML-RegExp <br> perl-XML-SAX <br> perl-XML-SAX-Base <br> perl-XML-SAX-Writer <br> perl-XML-Simple <br> perl-XML-TokeParser <br> perl-XML-TreeBuilder <br> perl-XML-Twig <br> perl-XML-Writer <br> perl-XML-XPath <br> perl-XML-XPathEngine <br> perl-XString <br> perl-YAML-LibYAML <br> perl-YAML-PP <br> perl-YAML-Syck <br> perltidy <br> pesign <br> phodav <br> php <br> php-pear <br> php-pecl-apcu <br> php-pecl-zip <br> physfs <br> picosat <br> pinfo <br> pipewire <br> pixman <br> pkcs11-helper <br> pkgconf <br> plexus-cipher <br> plexus-containers <br> plexus-sec-dispatcher <br> plotutils <br> pmdk-convert <br> pmix <br> pngcrush <br> pngnq <br> po4a <br> podman <br> poetry <br> policycoreutils <br> polkit-pkla-compat <br> polkit-qt-1 <br> portreserve <br> postfix <br> potrace <br> powertop <br> ppp <br> pps-tools <br> pptp <br> priv_wrapper <br> procmail <br> prometheus <br> prometheus-node-exporter <br> ps_mem <br> psacct <br> pssh <br> psutils <br> ptlib <br> publicsuffix-list <br> pugixml <br> pulseaudio <br> puppet <br> pwgen <br> pyatspi <br> pybind11 <br> pycairo <br> pyelftools <br> pyflakes <br> pygobject3 <br> PyGreSQL <br> pykickstart <br> pylint <br> pyparted <br> pyproject-rpm-macros <br> pyserial <br> python-absl-py <br> python-aiodns <br> python-aiohttp <br> python-alsa <br> python-argcomplete <br> python-argparse-manpage <br> python-astroid <br> python-astunparse <br> python-async-generator <br> python-augeas <br> python-azure-sdk <br> python-backoff <br> python-beautifulsoup4 <br> python-betamax <br> python-blinker <br> python-blivet <br> python-cached_property <br> python-charset-normalizer <br> python-cheetah <br> python-click <br> python-cmd2 <br> python-colorama <br> python-CommonMark <br> python-conda-package-handling <br> python-configshell <br> python-cpuinfo <br> python-cups <br> python-curio <br> python-cytoolz <br> python-d2to1 <br> python-dbus-client-gen <br> python-dbus-python-client-gen <br> python-dbus-signature-pyparsing <br> python-dbusmock <br> python-ddt <br> python-debtcollector <br> python-decorator <br> python-distlib <br> python-dmidecode <br> python-dns <br> python-dtopt <br> python-dulwich <br> python-editables <br> python-enchant <br> python-entrypoints <br> python-ethtool <br> python-evdev <br> python-extras <br> python-faker <br> python-fasteners <br> python-fastjsonschema <br> python-fields <br> python-filelock <br> python-fixtures <br> python-flake8 <br> python-flask <br> python-flit <br> python-flit-core <br> python-fluidity-sm <br> python-frozendict <br> python-funcsigs <br> python-gast <br> python-genshi <br> python-google-auth <br> python-google-auth-oauthlib <br> python-greenlet <br> python-gssapi <br> python-h5py <br> python-hatch-fancy-pypi-readme <br> python-hatch-vcs <br> python-hatchling <br> python-hs-dbus-signature <br> python-html5lib <br> python-httplib2 <br> python-humanize <br> python-hwdata <br> python-importlib-metadata <br> python-inotify <br> python-into-dbus-python <br> python-IPy <br> python-iso8601 <br> python-isodate <br> python-isort <br> python-itsdangerous <br> python-junitxml <br> python-justbases <br> python-justbytes <br> python-jwcrypto <br> python-jwt <br> python-kdcproxy <br> python-kerberos <br> python-kmod <br> python-kubernetes <br> python-lark <br> python-lazy-object-proxy <br> python-ldap <br> python-linux-procfs <br> python-lit <br> python-looseversion <br> python-markdown <br> python-markdown-it-py <br> python-mccabe <br> python-mdurl <br> python-memcached <br> python-mimeparse <br> python-mock <br> python-monotonic <br> python-more-itertools <br> python-mpmath <br> python-msal <br> python-msrestazure <br> python-mutagen <br> python-networkx <br> python-nose2 <br> python-ntlm-auth <br> python-oauth2client <br> python-openpyxl <br> python-openstackdocstheme <br> python-oslo-i18n <br> python-oslo-sphinx <br> python-paramiko <br> python-pathspec <br> python-pefile <br> python-pexpect <br> python-pkgconfig <br> python-platformdirs <br> python-pluggy <br> python-podman-api <br> python-poetry-core <br> python-process-tests <br> python-productmd <br> python-ptyprocess <br> python-pycares <br> python-pycosat <br> python-pydbus <br> python-pymongo <br> python-PyMySQL <br> python-pyperclip <br> python-pyproject-metadata <br> python-pyroute2 <br> python-pyrsistent <br> python-pysocks <br> python-pytest-benchmark <br> python-pytest-cov <br> python-pytest-expect <br> python-pytest-flake8 <br> python-pytest-flakes <br> python-pytest-forked <br> python-pytest-mock <br> python-pytest-relaxed <br> python-pytest-runner <br> python-pytest-subtests <br> python-pytest-timeout <br> python-pytest-xdist <br> python-pytoml <br> python-pyudev <br> python-pywbem <br> python-qrcode <br> python-rdflib <br> python-recommonmark <br> python-requests-file <br> python-requests-ftp <br> python-requests-kerberos <br> python-requests-mock <br> python-requests-oauthlib <br> python-requests-toolbelt <br> python-requests_ntlm <br> python-responses <br> python-retrying <br> python-rfc3986 <br> python-rich <br> python-rpm-generators <br> python-rpmautospec-core <br> python-rpmfluff <br> python-rtslib <br> python-ruamel-yaml <br> python-ruamel-yaml-clib <br> python-s3transfer <br> python-schedutils <br> python-semantic_version <br> python-should_dsl <br> python-simpleline <br> python-slip <br> python-sniffio <br> python-sortedcontainers <br> python-soupsieve <br> python-sphinx <br> python-sphinx-epytext <br> python-sphinx-theme-py3doc-enhanced <br> python-sphinx_rtd_theme <br> python-sphinxcontrib-apidoc <br> python-sphinxcontrib-applehelp <br> python-sphinxcontrib-devhelp <br> python-sphinxcontrib-htmlhelp <br> python-sphinxcontrib-httpdomain <br> python-sphinxcontrib-jsmath <br> python-sphinxcontrib-qthelp <br> python-sphinxcontrib-serializinghtml <br> python-sqlalchemy <br> python-suds <br> python-systemd <br> python-tempita <br> python-templated-dictionary <br> python-termcolor <br> python-testpath <br> python-testresources <br> python-testscenarios <br> python-testtools <br> python-tidy <br> python-toml <br> python-tomli <br> python-toolz <br> python-tornado <br> python-tox <br> python-tox-current-env <br> python-tqdm <br> python-trio <br> python-trove-classifiers <br> python-typing-extensions <br> python-uamqp <br> python-unittest2 <br> python-uritemplate <br> python-urwid <br> python-varlink <br> python-versioneer <br> python-virt-firmware <br> python-voluptuous <br> python-waitress <br> python-webencodings <br> python-webtest <br> python-wheel <br> python-whoosh <br> python-winrm <br> python-wrapt <br> python-xlrd <br> python-xlsxwriter <br> python-xmltodict <br> python-yubico <br> python-zipp <br> python-zmq <br> python-zstd <br> python3-mallard-ducktype <br> python3-pytest-asyncio <br> python3-typed_ast <br> pyusb <br> pywbem <br> pyxattr <br> qemu <br> qhull <br> qpdf <br> qperf <br> qr-code-generator <br> qt-rpm-macros <br> qt5-qtconnectivity <br> qt5-qtsensors <br> qt5-qtserialport <br> qtbase <br> qtdeclarative <br> qtsvg <br> qttools <br> quagga <br> quota <br> radvd <br> ragel <br> raptor2 <br> rarian <br> rasdaemon <br> rasqal <br> rcs <br> rdist <br> rdma-core <br> re2 <br> re2c <br> realmd <br> rear <br> recode <br> resource-agents <br> rest <br> rhash <br> rlwrap <br> rp-pppoe <br> rpm-mpi-hooks <br> rpmdevtools <br> rpmlint <br> rr <br> rtkit <br> rtl-sdr <br> ruby-augeas <br> rubygem-bson <br> rubygem-coderay <br> rubygem-diff-lcs <br> rubygem-flexmock <br> rubygem-hpricot <br> rubygem-introspection <br> rubygem-liquid <br> rubygem-maruku <br> rubygem-metaclass <br> rubygem-mongo <br> rubygem-mustache <br> rubygem-mysql2 <br> rubygem-pkg-config <br> rubygem-rake <br> rubygem-rake-compiler <br> rubygem-ronn <br> rubygem-rouge <br> rubygem-rspec <br> rubygem-rspec-expectations <br> rubygem-rspec-mocks <br> rubygem-rspec-support <br> rubygem-thread_order <br> rusers <br> rust-cbindgen <br> samba <br> sanlock <br> sassist <br> satyr <br> sbc <br> sblim-cim-client2 <br> sblim-cmpi-base <br> sblim-cmpi-devel <br> sblim-cmpi-fsvol <br> sblim-cmpi-network <br> sblim-cmpi-nfsv3 <br> sblim-cmpi-nfsv4 <br> sblim-cmpi-params <br> sblim-cmpi-sysfs <br> sblim-cmpi-syslog <br> sblim-indication_helper <br> sblim-sfcb <br> sblim-sfcc <br> sblim-sfcCommon <br> sblim-testsuite <br> sblim-wbemcli <br> scl-utils <br> scotch <br> screen <br> scrub <br> SDL <br> SDL2 <br> SDL_sound <br> sdparm <br> seabios <br> secilc <br> selinux-policy <br> serd <br> setools <br> setserial <br> setuptool <br> sgabios <br> sgml-common <br> sgpio <br> shared-mime-info <br> sharutils <br> sip <br> sisu <br> skkdic <br> sleuthkit <br> slirp4netns <br> smartmontools <br> smc-tools <br> socket_wrapper <br> softhsm <br> sombok <br> sord <br> sos <br> sound-theme-freedesktop <br> soundtouch <br> sox <br> soxr <br> sparsehash <br> spausedd <br> speex <br> speexdsp <br> spice-protocol <br> spice-vdagent <br> spirv-headers <br> spirv-tools <br> splix <br> squashfs-tools <br> squid <br> sratom <br> sscg <br> star <br> startup-notification <br> stress-ng <br> stunnel <br> subscription-manager <br> subunit <br> suitesparse <br> SuperLU <br> supermin <br> switcheroo-control <br> swtpm <br> symlinks <br> sympy <br> sysfsutils <br> systemd <br> systemd-bootchart <br> t1lib <br> t1utils <br> taglib <br> tang <br> targetcli <br> tbb <br> tcl-pgtcl <br> tclx <br> teckit <br> telnet <br> thrift <br> tidy <br> time <br> tini <br> tinycdb <br> tix <br> tk <br> tlog <br> tmpwatch <br> tn5250 <br> tofrodos <br> tokyocabinet <br> trace-cmd <br> tss2 <br> ttembed <br> ttmkfdir <br> tuna <br> twolame <br> uchardet <br> uclibc-ng <br> ucpp <br> ucs-miscfixed-fonts <br> ucx <br> udftools <br> udica <br> udisks2 <br> uglify-js <br> uid_wrapper <br> unicode-emoji <br> unicode-ucd <br> unique3 <br> units <br> upower <br> uriparser <br> urlview <br> usb_modeswitch <br> usb_modeswitch-data <br> usbguard <br> usbip <br> usbmuxd <br> usbredir <br> usermode <br> ustr <br> uthash <br> uuid <br> uw-imap <br> v4l-utils <br> vhostmd <br> vino <br> virglrenderer <br> virt-p2v <br> virt-top <br> virt-what <br> virt-who <br> vitess <br> vmem <br> volume_key <br> vorbis-tools <br> vte291 <br> vulkan-headers <br> vulkan-loader <br> watchdog <br> wavpack <br> wayland <br> wayland-protocols <br> web-assets <br> webrtc-audio-processing <br> websocketpp <br> wget <br> whois <br> wireguard-tools <br> wireless-regdb <br> wireshark <br> woff2 <br> wordnet <br> words <br> wpebackend-fdo <br> wsmancli <br> wvdial <br> x3270 <br> xapian-core <br> Xaw3d <br> xcb-proto <br> xcb-util <br> xcb-util-image <br> xcb-util-keysyms <br> xcb-util-renderutil <br> xcb-util-wm <br> xdelta <br> xdg-dbus-proxy <br> xdg-utils <br> xdp-tools <br> xerces-c <br> xfconf <br> xfsdump <br> xhtml1-dtds <br> xkeyboard-config <br> xmlstarlet <br> xmltoman <br> xmvn <br> xorg-x11-apps <br> xorg-x11-drv-libinput <br> xorg-x11-font-utils <br> xorg-x11-fonts <br> xorg-x11-proto-devel <br> xorg-x11-server <br> xorg-x11-server-utils <br> xorg-x11-server-Xwayland <br> xorg-x11-util-macros <br> xorg-x11-utils <br> xorg-x11-xauth <br> xorg-x11-xbitmaps <br> xorg-x11-xinit <br> xorg-x11-xkb-utils <br> xorg-x11-xtrans-devel <br> xrestop <br> xterm <br> xxhash <br> yajl <br> yaml-cpp <br> yasm <br> yelp-tools <br> yelp-xsl <br> ykclient <br> yp-tools <br> ypbind <br> ypserv <br> z3 <br> zenity <br> zerofree <br> zfs-fuse <br> zipper <br> zopfli <br> zziplib |
 | Fedora (Copyright Remi Collet) | [CC-BY-SA 4.0](https://creativecommons.org/licenses/by-sa/4.0/legalcode) | libmemcached-awesome <br> librabbitmq |
 | Fedora (ISC) | [ISC License](https://github.com/sarugaku/resolvelib/blob/main/LICENSE) | python-resolvelib |
 | Magnus Edenhill Open Source | [Magnus Edenhill Open Source BSD License](https://github.com/jemalloc/jemalloc/blob/dev/COPYING) | librdkafka |
diff --git a/LICENSES-AND-NOTICES/SPECS/data/licenses.json b/LICENSES-AND-NOTICES/SPECS/data/licenses.json
index f9b550cd4d1..b6b1311a7f1 100644
--- a/LICENSES-AND-NOTICES/SPECS/data/licenses.json
+++ b/LICENSES-AND-NOTICES/SPECS/data/licenses.json
@@ -602,6 +602,7 @@
                 "libcmpiutil",
                 "libcomps",
                 "libcroco",
+                "libcxx",
                 "libdaemon",
                 "libdap",
                 "libdatrie",
diff --git a/SPECS/clang/clang.spec b/SPECS/clang/clang.spec
index 2882dd4f82c..6d0a977f66f 100644
--- a/SPECS/clang/clang.spec
+++ b/SPECS/clang/clang.spec
@@ -5,7 +5,7 @@
 Summary:        C, C++, Objective C and Objective C++ front-end for the LLVM compiler.
 Name:           clang
 Version:        18.1.2
-Release:        2%{?dist}
+Release:        3%{?dist}
 License:        NCSA
 Vendor:         Microsoft Corporation
 Distribution:   Azure Linux
@@ -112,7 +112,9 @@ export CXXFLAGS="`echo " %{build_cxxflags} " | sed 's/ -g//'`"
 
 mkdir -p build
 cd build
-cmake  -DCMAKE_INSTALL_PREFIX=%{_prefix}       \
+cmake  \
+       -DCMAKE_INSTALL_PREFIX=%{_prefix}       \
+       -DLLVM_DIR=%{_libdir}/cmake/llvm        \
        -DLLVM_PARALLEL_LINK_JOBS=1             \
        -DCLANG_ENABLE_STATIC_ANALYZER:BOOL=ON  \
        -DCMAKE_BUILD_TYPE=Release              \
@@ -242,6 +244,9 @@ make clang-check
 %{_includedir}/clang-tidy/
 
 %changelog
+* Tue Sep 03 2024 Andrew Phelps <anphel@microsoft.com> - 18.1.2-3
+- Define LLVM_DIR
+
 * Wed May 29 2024 Neha Agarwal <nehaagarwal@microsoft.com> - 18.1.2-2
 - Bump release to build with new llvm to fix CVE-2024-31852
 
diff --git a/SPECS/libcxx/libcxx.signatures.json b/SPECS/libcxx/libcxx.signatures.json
new file mode 100644
index 00000000000..f93006b26f9
--- /dev/null
+++ b/SPECS/libcxx/libcxx.signatures.json
@@ -0,0 +1,5 @@
+{
+ "Signatures": {
+  "llvmorg-18.1.2.tar.gz": "8d686d5ece6f12b09985cb382a3a530dc06bb6e7eb907f57c7f8bf2d868ebb0b"
+ }
+}
diff --git a/SPECS/libcxx/libcxx.spec b/SPECS/libcxx/libcxx.spec
new file mode 100644
index 00000000000..08d56bf5e6e
--- /dev/null
+++ b/SPECS/libcxx/libcxx.spec
@@ -0,0 +1,568 @@
+%global toolchain clang
+
+# Opt out of https://fedoraproject.org/wiki/Changes/fno-omit-frame-pointer
+# https://bugzilla.redhat.com/show_bug.cgi?id=2158587
+%undefine _include_frame_pointers
+
+%global maj_ver 18
+
+Summary:        C++ standard library targeting C++11
+Name:           libcxx
+Version:        %{maj_ver}.1.2
+Release:        2%{?dist}
+License:        Apache-2.0 WITH LLVM-exception OR MIT OR NCSA
+Vendor:         Microsoft Corporation
+Distribution:   Azure Linux
+Group:          Development/Tools
+URL:            http://libcxx.llvm.org/
+Source0:        https://github.com/llvm/llvm-project/archive/refs/tags/llvmorg-%{version}.tar.gz
+
+BuildRequires:  clang
+BuildRequires:  cmake
+BuildRequires:  llvm-devel
+BuildRequires:  ninja-build
+
+Requires: libcxxabi%{?_isa} = %{version}-%{release}
+
+%description
+libc++ is a new implementation of the C++ standard library, targeting C++11.
+
+%package devel
+Summary:    Headers and libraries for libcxx devel
+Requires:   %{name}%{?_isa} = %{version}-%{release}
+Requires:   libcxxabi-devel
+
+%description devel
+%{summary}.
+
+%package static
+Summary:    Static libraries for libcxx
+
+%description static
+%{summary}.
+
+%package -n libcxxabi
+Summary:    Low level support for a standard C++ library
+
+%description -n libcxxabi
+libcxxabi provides low level support for a standard C++ library.
+
+%package -n libcxxabi-devel
+Summary:    Headers and libraries for libcxxabi devel
+Requires:   libcxxabi%{?_isa} = %{version}-%{release}
+
+%description -n libcxxabi-devel
+%{summary}.
+
+%package -n libcxxabi-static
+Summary:    Static libraries for libcxxabi
+
+%description -n libcxxabi-static
+%{summary}.
+
+%package -n llvm-libunwind
+Summary:    LLVM libunwind
+
+%description -n llvm-libunwind
+
+LLVM libunwind is an implementation of the interface defined by the HP libunwind
+project. It was contributed Apple as a way to enable clang++ to port to
+platforms that do not have a system unwinder. It is intended to be a small and
+fast implementation of the ABI, leaving off some features of HP's libunwind
+that never materialized (e.g. remote unwinding).
+
+%package -n llvm-libunwind-devel
+Summary:    LLVM libunwind development files
+Provides:   libunwind(major) = %{maj_ver}
+Requires:   llvm-libunwind%{?_isa} = %{version}-%{release}
+
+%description -n llvm-libunwind-devel
+Unversioned shared library for LLVM libunwind
+
+%package -n llvm-libunwind-static
+Summary: Static library for LLVM libunwind
+
+%description -n llvm-libunwind-static
+%{summary}.
+
+%prep
+%autosetup -p1 -n llvm-project-llvmorg-%{version}
+
+%build
+mkdir -p build
+cd build
+cmake \
+    -G Ninja \
+    -S ../runtimes \
+    -DLLVM_ENABLE_RUNTIMES="libcxx;libcxxabi;libunwind" \
+    -DCMAKE_INSTALL_PREFIX=%{_prefix} \
+    -DCMAKE_BUILD_TYPE=Release \
+    -DCMAKE_MODULE_PATH="%{_libdir}/cmake/llvm;%{_datadir}/llvm/cmake/Modules" \
+    -DCMAKE_POSITION_INDEPENDENT_CODE=ON \
+    -DLIBCXX_STATICALLY_LINK_ABI_IN_STATIC_LIBRARY=ON \
+    -DLIBCXX_INCLUDE_BENCHMARKS=OFF \
+    -DLIBCXX_ENABLE_ABI_LINKER_SCRIPT=ON \
+    -DLIBUNWIND_INSTALL_INCLUDE_DIR=%{_includedir}/llvm-libunwind \
+    -DCXX_SUPPORTS_NOSTDLIBXX_FLAG=OFF
+
+%ninja_build cxx
+%ninja_build
+
+%install
+cd build
+%ninja_install
+
+# We can't install the unversionned path on default location because that would conflict with
+# https://src.fedoraproject.org/rpms/libunwind
+#
+# The versionned path has a different soname (libunwind.so.1 compared to
+# libunwind.so.8) so they can live together in %%{_libdir}
+#
+# ABI wise, even though llvm-libunwind's library is named libunwind, it doesn't
+# have the exact same ABI as gcc's libunwind (it actually provides a subset).
+rm %{buildroot}%{_libdir}/libunwind.so
+mkdir -p %{buildroot}/%{_libdir}/llvm-unwind/
+
+pushd %{buildroot}/%{_libdir}/llvm-unwind
+ln -s ../libunwind.so.1.0 libunwind.so
+popd
+
+%ldconfig_scriptlets
+
+%files
+%license libcxx/LICENSE.TXT
+%doc libcxx/CREDITS.TXT libcxx/TODO.TXT
+%{_libdir}/libc++.so.*
+
+%files devel
+%{_includedir}/c++/
+%exclude %{_includedir}/c++/v1/cxxabi.h
+%exclude %{_includedir}/c++/v1/__cxxabi_config.h
+%{_libdir}/libc++.so
+
+%files static
+%license libcxx/LICENSE.TXT
+%{_libdir}/libc++.a
+%{_libdir}/libc++experimental.a
+
+%files -n libcxxabi
+%license libcxxabi/LICENSE.TXT
+%doc libcxxabi/CREDITS.TXT
+%{_libdir}/libc++abi.so.*
+
+%files -n libcxxabi-devel
+%{_includedir}/c++/v1/cxxabi.h
+%{_includedir}/c++/v1/__cxxabi_config.h
+%{_libdir}/libc++abi.so
+
+%files -n libcxxabi-static
+%{_libdir}/libc++abi.a
+
+%files -n llvm-libunwind
+%license libunwind/LICENSE.TXT
+%{_libdir}/libunwind.so.1
+%{_libdir}/libunwind.so.1.0
+
+%files -n llvm-libunwind-devel
+%{_includedir}/llvm-libunwind/__libunwind_config.h
+%{_includedir}/llvm-libunwind/libunwind.h
+%{_includedir}/llvm-libunwind/libunwind.modulemap
+%{_includedir}/llvm-libunwind/mach-o/compact_unwind_encoding.h
+%{_includedir}/llvm-libunwind/mach-o/compact_unwind_encoding.modulemap
+%{_includedir}/llvm-libunwind/unwind.h
+%{_includedir}/llvm-libunwind/unwind_arm_ehabi.h
+%{_includedir}/llvm-libunwind/unwind_itanium.h
+%dir %{_libdir}/llvm-unwind
+%{_libdir}/llvm-unwind/libunwind.so
+
+%files -n llvm-libunwind-static
+%{_libdir}/libunwind.a
+
+%changelog
+* Wed Aug 07 2024 Andrew Phelps <anphel@microsoft.com> - 18.1.2-2
+- Initial Azure Linux import from Fedora 40 (license: MIT).
+- License verified
+
+* Fri Mar 22 2024 Tom Stellard <tstellar@redhat.com> - 18.1.2-1
+- 18.1.2 Release
+
+* Wed Mar 13 2024 Tom Stellard <tstellar@redhat.com> - 18.1.1-1
+- 18.1.1 Release
+
+* Mon Mar 04 2024 Nikita Popov <npopov@redhat.com> - 18.1.0~rc4-2
+- Disable LIBCXXABI_USE_LLVM_UNWINDER (rhbz#2267690)
+
+* Thu Feb 29 2024 Tom Stellard <tstellar@redhat.com> - 18.1.0~rc4-1
+- 18.1.0-rc4 Release
+
+* Thu Jan 25 2024 Fedora Release Engineering <releng@fedoraproject.org> - 17.0.6-3
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
+
+* Sun Jan 21 2024 Fedora Release Engineering <releng@fedoraproject.org> - 17.0.6-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
+
+* Wed Nov 29 2023 Tulio Magno Quites Machado Filho <tuliom@redhat.com> - 17.0.6-1
+- Update to LLVM 17.0.6
+
+* Wed Nov 01 2023 Tulio Magno Quites Machado Filho <tuliom@redhat.com> - 17.0.4-1
+- Update to LLVM 17.0.4
+
+* Wed Oct 18 2023 Tulio Magno Quites Machado Filho <tuliom@redhat.com> - 17.0.3-1
+- Update to LLVM 17.0.3
+
+* Wed Oct 04 2023 Tulio Magno Quites Machado Filho <tuliom@redhat.com> - 17.0.2-1
+- Update to LLVM 17.0.2
+
+* Mon Sep 25 2023 Tulio Magno Quites Machado Filho <tuliom@redhat.com> - 17.0.1-1
+- Update to LLVM 17.0.1
+
+* Mon Sep 11 2023 Tulio Magno Quites Machado Filho <tuliom@redhat.com> - 17.0.0~rc4-1
+- Update to LLVM 17.0.0 RC4
+
+* Fri Aug 25 2023 Tulio Magno Quites Machado Filho <tuliom@redhat.com> - 17.0.0~rc3-1
+- Update to LLVM 17.0.0 RC3
+
+* Wed Aug 23 2023 Tulio Magno Quites Machado Filho <tuliom@redhat.com> - 17.0.0~rc2-1
+- Update to LLVM 17.0.0 RC2
+
+* Wed Aug 02 2023 Tulio Magno Quites Machado Filho <tuliom@redhat.com> - 17.0.0~rc1-1
+- Update to LLVM 17.0.0 RC1
+
+* Thu Jul 20 2023 Fedora Release Engineering <releng@fedoraproject.org> - 16.0.6-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild
+
+* Mon Jul 10 2023 Tulio Magno Quites Machado Filho <tuliom@redhat.com> - 16.0.6-1
+- Update to LLVM 16.0.6
+
+* Thu Jun 15 2023 Nikita Popov <npopov@redhat.com> - 16.0.5-2
+- Use llvm-cmake-utils package
+
+* Tue Jun 06 2023 Tulio Magno Quites Machado Filho <tuliom@redhat.com> - 16.0.5-1
+- Update to LLVM 16.0.5
+
+* Tue May 30 2023 Nikita Popov <npopov@redhat.com> - 16.0.4-2
+- Merge llvm-libunwind srpm into libcxx
+
+* Fri May 19 2023 Tulio Magno Quites Machado Filho <tuliom@redhat.com> - 16.0.4-1
+- Update to LLVM 16.0.4
+
+* Wed May 10 2023 Tulio Magno Quites Machado Filho <tuliom@redhat.com> - 16.0.3-1
+- Update to LLVM 16.0.3
+
+* Wed Apr 26 2023 Tulio Magno Quites Machado Filho <tuliom@redhat.com> - 16.0.2-1
+- Update to LLVM 16.0.2
+
+* Thu Apr 20 2023 Tulio Magno Quites Machado Filho <tuliom@redhat.com> - 16.0.1-2
+- Enable PIC even for static libraries (rhbz#2186531)
+
+* Thu Apr 13 2023 Tulio Magno Quites Machado Filho <tuliom@redhat.com> - 16.0.1-1
+- Update to LLVM 16.0.1
+
+* Mon Mar 20 2023 Tulio Magno Quites Machado Filho <tuliom@redhat.com> - 16.0.0-1
+- Update to LLVM 16.0.0
+
+* Wed Mar 15 2023 Tulio Magno Quites Machado Filho <tuliom@redhat.com> - 16.0.0~rc4-1
+- Update to LLVM 16.0.0 RC4
+
+* Thu Feb 23 2023 Tulio Magno Quites Machado Filho <tuliom@redhat.com> - 16.0.0~rc3-1
+- Update to LLVM 16.0.0 RC3
+
+* Fri Feb 10 2023 Tulio Magno Quites Machado Filho <tuliom@redhat.com> - 16.0.0~rc1-1
+- Update to LLVM 16.0.0 RC1
+
+* Wed Feb 01 2023 Tom Stellard <tstellar@redhat.com> - 15.0.7-4
+- Omit frame pointers when building
+
+* Thu Jan 19 2023 Tulio Magno Quites Machado Filho <tuliom@redhat.com> - 15.0.7-3
+- Include the Apache license adopted in 2019.
+
+* Thu Jan 19 2023 Fedora Release Engineering <releng@fedoraproject.org> - 15.0.7-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild
+
+* Fri Jan 13 2023 Nikita Popov <npopov@redhat.com> - 15.0.7-1
+- Update to LLVM 15.0.7
+
+* Tue Dec 06 2022 Nikita Popov <npopov@redhat.com> - 15.0.6-1
+- Update to LLVM 15.0.6
+
+* Mon Nov 07 2022 Nikita Popov <npopov@redhat.com> - 15.0.4-1
+- Update to LLVM 15.0.4
+
+* Wed Oct 05 2022 Nikita Popov <npopov@redhat.com> - 15.0.0-5
+- Fix libcxxabi dependencies
+
+* Wed Oct 05 2022 Nikita Popov <npopov@redhat.com> - 15.0.0-4
+- Combine with libcxxabi build
+
+* Tue Sep 13 2022 Nikita Popov <npopov@redhat.com> - 15.0.0-3
+- Rebuild
+
+* Tue Sep 13 2022 Nikita Popov <npopov@redhat.com> - 15.0.0-2
+- Link libc++.a against libc++abi.a
+
+* Thu Sep 08 2022 Nikita Popov <npopov@redhat.com> - 15.0.0-1
+- Update to LLVM 15.0.0
+
+* Thu Jul 21 2022 Fedora Release Engineering <releng@fedoraproject.org> - 14.0.5-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild
+
+* Mon Jun 20 2022 Timm Bäder <tbaeder@redhat.com> - 14.0.5-1
+- Update to 14.0.5
+
+* Fri Apr 29 2022 Timm Bäder <tbaeder@redhat.com> - 14.0.0-2
+- Remove llvm-cmake-devel BR
+
+* Thu Mar 24 2022 Timm Bäder <tbaeder@redhat.com> - 14.0.0-1
+- Update to 14.0.0
+
+* Thu Feb 03 2022 Nikita Popov <npopov@redhat.com> - 13.0.1-1
+- Update to LLVM 13.0.1 final
+
+* Tue Feb 01 2022 Nikita Popov <npopov@redhat.com> - 13.0.1~rc3-1
+- Update to LLVM 13.0.1rc3
+
+* Thu Jan 20 2022 Fedora Release Engineering <releng@fedoraproject.org> - 13.0.1~rc2-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild
+
+* Fri Jan 14 2022 Nikita Popov <npopov@redhat.com> - 13.0.1~rc2-1
+- Update to LLVM 13.0.1rc2
+
+* Wed Jan 12 2022 Nikita Popov <npopov@redhat.com> - 13.0.1~rc1-1
+- Update to LLVM 13.0.1rc1
+
+* Fri Oct 01 2021 Tom Stellard <tstellar@redhat.com> - 13.0.0-1
+- 13.0.0 Release
+
+* Wed Sep 22 2021 Tom Stellard <tstellar@redhat.com> - 13.0.0~rc3-1
+- 13.0.0-rc3 Release
+
+* Mon Aug 09 2021 Tom Stellard <tstellar@redhat.com> - 13.0.0~rc1-1
+- 13.0.0-rc1 Release
+
+* Thu Jul 22 2021 Fedora Release Engineering <releng@fedoraproject.org> - 12.0.1-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild
+
+* Tue Jul 13 2021 Tom Stellard <tstellar@redhat.com> - 12.0.1-1
+- 12.0.1 Release
+
+* Thu Jul 01 2021 Tom Stellard <tstellar@redhat.com> - 12.0.1~rc3-1
+- 12.0.1-rc3 Release
+
+* Thu Jun 03 2021 Tom Stellard <tstellar@redhat.com> - 12.0.1~rc1-1
+- 12.0.1-rc1 Release
+
+* Fri Apr 16 2021 Tom Stellard <tstellar@redhat.com> - 12.0.0-1
+- 12.0.0 Release
+
+* Thu Apr 08 2021 sguelton@redhat.com - 12.0.0-0.7.rc5
+- New upstream release candidate
+
+* Fri Apr 02 2021 sguelton@redhat.com - 12.0.0-0.6.rc4
+- New upstream release candidate
+
+* Thu Mar 11 2021 sguelton@redhat.com - 12.0.0-0.5.rc3
+- LLVM 12.0.0 rc3
+
+* Tue Mar 09 2021 sguelton@redhat.com - 12.0.0-0.4.rc2
+- rebuilt
+
+* Thu Feb 25 2021 Timm Bäder <tbaeder@redhat.com> - 12.0.0-0.3.rc2
+- Build shared and static libc++ separately
+- Include libc++abi symbols in static libc++.a
+
+* Wed Feb 24 2021 sguelton@redhat.com - 12.0.0-0.2.rc2
+- 12.0.0-rc2 release
+
+* Wed Feb 17 2021 Tom Stellard <tstellar@redhat.com> - 12.0.0-0.1.rc1
+- 12.0.0-rc1 Release
+
+* Tue Jan 26 2021 Fedora Release Engineering <releng@fedoraproject.org> - 11.1.0-0.3.rc2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
+
+* Fri Jan 22 2021 Serge Guelton - 11.1.0-0.2.rc2
+- llvm 11.1.0-rc2 release
+
+* Thu Jan 14 2021 Serge Guelton - 11.1.0-0.1.rc1
+- 11.1.0-rc1 release
+
+* Wed Jan 06 2021 Serge Guelton - 11.0.1-3
+- LLVM 11.0.1 final
+
+* Tue Dec 22 2020 sguelton@redhat.com - 11.0.1-2.rc2
+- llvm 11.0.1-rc2
+
+* Tue Dec 01 2020 sguelton@redhat.com - 11.0.1-1.rc1
+- llvm 11.0.1-rc1
+
+* Thu Oct 15 2020 sguelton@redhat.com - 11.0.0-1
+- Fix NVR
+
+* Mon Oct 12 2020 sguelton@redhat.com - 11.0.0-0.5
+- llvm 11.0.0 - final release
+
+* Thu Oct 08 2020 sguelton@redhat.com - 11.0.0-0.4.rc6
+- 11.0.0-rc6
+
+* Fri Oct 02 2020 sguelton@redhat.com - 11.0.0-0.3.rc5
+- 11.0.0-rc5 Release
+
+* Sun Sep 27 2020 sguelton@redhat.com - 11.0.0-0.2.rc3
+- Fix NVR
+
+* Thu Sep 24 2020 sguelton@redhat.com - 11.0.0-0.1.rc3
+- 11.0.0-rc3 Release
+
+* Tue Sep 01 2020 sguelton@redhat.com - 11.0.0-0.1.rc2
+- 11.0.0-rc2 Release
+
+* Tue Aug 11 2020 Tom Stellard <tstellar@redhat.com> - 11.0.0-0.1.rc1
+- 11.0.0-rc1 Release
+
+* Tue Jul 28 2020 Fedora Release Engineering <releng@fedoraproject.org> - 10.0.0-3
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
+
+* Mon Jul 20 2020 sguelton@redhat.com - 10.0.0-2
+- Use modern cmake macros
+- Finalize source verification
+
+* Mon Mar 30 2020 sguelton@redhat.com - 10.0.0-1
+- 10.0.0 final
+
+* Wed Mar 25 2020 sguelton@redhat.com - 10.0.0-0.6.rc6
+- 10.0.0 rc6
+
+* Fri Mar 20 2020 sguelton@redhat.com - 10.0.0-0.5.rc5
+- 10.0.0 rc5
+
+* Sun Mar 15 2020 sguelton@redhat.com - 10.0.0-0.4.rc4
+- 10.0.0 rc4
+
+* Thu Mar 05 2020 sguelton@redhat.com - 10.0.0-0.3.rc3
+- 10.0.0 rc3
+
+* Fri Feb 14 2020 sguelton@redhat.com - 10.0.0-0.1.rc2
+- 10.0.0 rc2
+
+* Thu Feb 6 2020 sguelton@redhat.com - 10.0.0-0.2.rc1
+- bootstrap off
+
+* Fri Jan 31 2020 sguelton@redhat.com - 10.0.0-0.1.rc1
+- 10.0.0 rc1
+
+* Wed Jan 29 2020 Fedora Release Engineering <releng@fedoraproject.org> - 9.0.1-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
+
+* Thu Jan 16 2020 Tom Stellard <tstellar@redhat.com> - 9.0.1-1
+- 9.0.1 Release
+
+* Thu Jan 16 2020 Tom Stellard <tstellar@redhat.com> - 9.0.0-2
+- Build with gcc on all arches
+
+* Mon Sep 23 2019 Tom Stellard <tstellar@redhat.com> - 9.0.0-1
+- 9.0.0 Release
+
+* Thu Jul 25 2019 Fedora Release Engineering <releng@fedoraproject.org> - 8.0.0-1.1
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
+
+* Wed Mar 20 2019 sguelton@redhat.com - 8.0.0-1
+- 8.0.0 final
+
+* Tue Mar 12 2019 sguelton@redhat.com - 8.0.0-0.4.rc4
+- 8.0.0 Release candidate 4
+
+* Mon Mar 4 2019 sguelton@redhat.com - 8.0.0-0.3.rc3
+- 8.0.0 Release candidate 3
+
+* Sun Feb 24 2019 sguelton@redhat.com - 8.0.0-0.2.rc2
+- 8.0.0 Release candidate 2
+
+* Mon Feb 11 2019 sguelton@redhat.com - 8.0.0-0.1.rc1
+- 8.0.0 Release candidate 1
+
+* Wed Feb 06 2019 sguelton@redhat.com - 7.0.1-1
+- 7.0.1 Release
+
+* Fri Feb 01 2019 Fedora Release Engineering <releng@fedoraproject.org> - 7.0.1-0.2.rc3
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
+
+* Mon Dec 10 2018 sguelton@redhat.com - 7.0.1-0.1.rc3
+- 7.0.1-rc3 Release
+
+* Tue Sep 25 2018 Tom Stellard <tstellar@redhat.com> - 7.0.0-1
+- 7.0.0 Release
+
+* Wed Sep 12 2018 Tom Stellard <tstellar@redhat.com> - 7.0.0-0.1.rc3
+- 7.0.0-rc3 Release
+
+* Fri Jul 13 2018 Fedora Release Engineering <releng@fedoraproject.org> - 6.0.1-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
+
+* Tue Jun 26 2018 Tom Callaway <spot@fedoraproject.org> - 6.0.1-1
+- update to 6.0.1
+
+* Wed Mar 21 2018 Tom Stellard <tstellar@redhat.com> - 6.0.0-2
+- Use default LDFLAGS/CXXFLAGS/CFLAGS and filter out flags not supported by clang
+
+* Wed Mar 14 2018 Tom Callaway <spot@fedoraproject.org> - 6.0.0-1
+- 6.0.0 final
+
+* Wed Feb 07 2018 Fedora Release Engineering <releng@fedoraproject.org> - 6.0.0-0.2.rc1
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild
+
+* Sat Jan 20 2018 Tom Stellard <tstellar@redhat.com> - 6.0.0-0.1.rc1
+- 6.0.0-rc1
+
+* Thu Dec  21 2017 Tom Stellard <tstellar@redhat.com> - 5.0.1-1
+- 5.0.1 Release
+
+* Fri Sep  8 2017 Tom Callaway <spot@fedoraproject.org> - 5.0.0-1
+- update to 5.0.0
+
+* Thu Aug 03 2017 Fedora Release Engineering <releng@fedoraproject.org> - 4.0.1-3
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild
+
+* Wed Jul 26 2017 Fedora Release Engineering <releng@fedoraproject.org> - 4.0.1-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild
+
+* Fri Jun 23 2017 Tom Callaway <spot@fedoraproject.org> - 4.0.1-1
+- update to 4.0.1
+
+* Sat Apr 22 2017 Tom Callaway <spot@fedoraproject.org> - 4.0.0-1
+- update to 4.0.0
+
+* Wed Mar  8 2017 Tom Callaway <spot@fedoraproject.org> - 3.9.1-1
+- update to 3.9.1
+
+* Fri Mar  3 2017 Tom Callaway <spot@fedoraproject.org> - 3.9.0-4
+- LIBCXX_ENABLE_ABI_LINKER_SCRIPT=ON
+
+* Wed Mar  1 2017 Tom Callaway <spot@fedoraproject.org> - 3.9.0-3
+- disable bootstrap
+
+* Tue Feb 21 2017 Dan Horák <dan[at]danny.cz> - 3.9.0-2
+- apply s390(x) workaround only in Fedora < 26
+
+* Mon Feb 20 2017 Tom Callaway <spot@fedoraproject.org> - 3.9.0-1
+- update to 3.9.0 (match clang)
+
+* Fri Feb 10 2017 Fedora Release Engineering <releng@fedoraproject.org> - 3.8.1-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild
+
+* Fri Aug 26 2016 Tom Callaway <spot@fedoraproject.org> - 3.8.1-1
+- update to 3.8.1
+
+* Thu Jun 09 2016 Dan Horák <dan[at]danny.cz> - 3.8.0-4
+- exclude Power only in EPEL
+- default to z10 on s390(x)
+
+* Thu May 19 2016 Tom Callaway <spot@fedoraproject.org> - 3.8.0-3
+- use gcc on el7, fedora < 24. use clang on el6 and f24+
+  MAGIC.
+- bootstrap on
+
+* Tue May 3 2016 Tom Callaway <spot@fedoraproject.org> - 3.8.0-2
+- bootstrap off
+
+* Tue May 3 2016 Tom Callaway <spot@fedoraproject.org> - 3.8.0-1
+- initial package
+- bootstrap on
diff --git a/SPECS/lld/lld.spec b/SPECS/lld/lld.spec
index 4fdc377d34d..ab0e767b80e 100644
--- a/SPECS/lld/lld.spec
+++ b/SPECS/lld/lld.spec
@@ -3,14 +3,13 @@
 Summary:        LLD is a linker from the LLVM project that is a drop-in replacement for system linkers and runs much faster than them
 Name:           lld
 Version:        18.1.2
-Release:        2%{?dist}
+Release:        3%{?dist}
 License:        NCSA
 Vendor:         Microsoft Corporation
 Distribution:   Azure Linux
 Group:          Development/Tools
 URL:            https://lld.llvm.org/
 Source0:        https://github.com/llvm/llvm-project/archive/refs/tags/llvmorg-%{version}.tar.gz
-BuildRequires:  build-essential
 BuildRequires:  cmake
 BuildRequires:  file
 BuildRequires:  llvm-devel
@@ -36,7 +35,7 @@ programs that use the LLD infrastructure.
 Shared libraries for LLD.
 
 %prep
-%setup -q -n %{lld_srcdir}
+%autosetup -n %{lld_srcdir}
 
 %build
 mkdir -p build
@@ -48,8 +47,12 @@ cd build
        -DCMAKE_C_FLAGS=-I../../libunwind-%{version}.src/include   \
        -DCMAKE_CXX_FLAGS=-I../../libunwind-%{version}.src/include \
        -DLLVM_LINK_LLVM_DYLIB:BOOL=on                             \
+       -DCMAKE_INSTALL_PREFIX=%{_prefix}                          \
+       -DLLVM_DIR=%{_libdir}/cmake/llvm                           \
+       -DBUILD_SHARED_LIBS:BOOL=ON                                \
        -DLLVM_DYLIB_COMPONENTS="all"                              \
-       -Wno-dev ../lld
+       -Wno-dev                                                   \
+       ../lld
 
 %ninja_build
 
@@ -59,18 +62,24 @@ cd build
 
 %files
 %license LICENSE.TXT
-%{_bindir}/*
+%{_bindir}/lld*
+%{_bindir}/ld.lld
+%{_bindir}/ld64.lld
+%{_bindir}/wasm-ld
 
 %files devel
 %{_includedir}/lld/
 %{_libdir}/cmake/lld/*.cmake
-%{_libdir}/*.so
+%{_libdir}/liblld*.so
 
 %files libs
-%license LICENSE.TXT
-%{_libdir}/*.so.*
+%{_libdir}/liblld*.so.*
 
 %changelog
+* Tue Sep 03 2024 Andrew Phelps <anphel@microsoft.com> - 18.1.2-3
+- Update file listing with explicit filenames
+- Remove unnecessary BR on build-essential
+
 * Wed May 29 2024 Neha Agarwal <nehaagarwal@microsoft.com> - 18.1.2-2
 - Bump release to build with new llvm to fix CVE-2024-31852
 
diff --git a/SPECS/llvm/llvm.spec b/SPECS/llvm/llvm.spec
index 13c7a8c08e1..5960c675604 100644
--- a/SPECS/llvm/llvm.spec
+++ b/SPECS/llvm/llvm.spec
@@ -1,7 +1,11 @@
+%global maj_ver 18
+%global min_ver 1
+%global patch_ver 2
+
 Summary:        A collection of modular and reusable compiler and toolchain technologies.
 Name:           llvm
-Version:        18.1.2
-Release:        3%{?dist}
+Version:        %{maj_ver}.%{min_ver}.%{patch_ver}
+Release:        4%{?dist}
 License:        NCSA
 Vendor:         Microsoft Corporation
 Distribution:   Azure Linux
@@ -56,7 +60,8 @@ cmake -G Ninja                              \
       -DLLVM_INCLUDE_GO_TESTS=No            \
       -DLLVM_ENABLE_RTTI=ON                 \
       -DLLVM_BINUTILS_INCDIR=%{_includedir} \
-      -Wno-dev ../llvm
+      -Wno-dev                              \
+      ../llvm
 
 %ninja_build LLVM
 %ninja_build
@@ -87,10 +92,21 @@ ninja check-all
 %files
 %defattr(-,root,root)
 %license LICENSE.TXT
-%{_bindir}/*
-%{_libdir}/*.so
-%{_libdir}/*.so.*
+%{_bindir}/bugpoint
+%{_bindir}/dsymutil
+%{_bindir}/llc
+%{_bindir}/lli
+%{_bindir}/llvm-*
+%{_bindir}/opt
+%{_bindir}/sancov
+%{_bindir}/sanstats
+%{_bindir}/verify-uselistorder
 %{_libdir}/bfd-plugins/LLVMgold.so
+%{_libdir}/LLVMgold.so
+%{_libdir}/libLLVM-%{maj_ver}.so
+%{_libdir}/libLLVM.so.%{maj_ver}.%{min_ver}
+%{_libdir}/libLTO.so*
+%{_libdir}/libRemarks.so*
 %dir %{_datadir}/opt-viewer
 %{_datadir}/opt-viewer/opt-diff.py
 %{_datadir}/opt-viewer/opt-stats.py
@@ -101,10 +117,15 @@ ninja check-all
 
 %files devel
 %{_libdir}/*.a
-%{_libdir}/cmake/*
-%{_includedir}/*
+%{_libdir}/cmake/llvm/*
+%{_libdir}/libLLVM.so
+%{_includedir}/llvm
+%{_includedir}/llvm-c
 
 %changelog
+* Tue Sep 03 2024 Andrew Phelps <anphel@microsoft.com> - 18.1.2-4
+- Update file listing with explicit filenames
+
 * Wed May 29 2024 Neha Agarwal <nehaagarwal@microsoft.com> - 18.1.2-3
 - Patch CVE-2024-31852
 
diff --git a/cgmanifest.json b/cgmanifest.json
index 90078ee7671..294d5223142 100644
--- a/cgmanifest.json
+++ b/cgmanifest.json
@@ -8906,6 +8906,16 @@
         }
       }
     },
+    {
+      "component": {
+        "type": "other",
+        "other": {
+          "name": "libcxx",
+          "version": "18.1.2",
+          "downloadUrl": "https://github.com/llvm/llvm-project/archive/refs/tags/llvmorg-18.1.2.tar.gz"
+        }
+      }
+    },
     {
       "component": {
         "type": "other",
diff --git a/toolkit/scripts/check_entangled_specs.py b/toolkit/scripts/check_entangled_specs.py
index 35c53f4ad2e..c2c5334157e 100755
--- a/toolkit/scripts/check_entangled_specs.py
+++ b/toolkit/scripts/check_entangled_specs.py
@@ -58,6 +58,7 @@
     frozenset([
         "SPECS/clang/clang.spec",
         "SPECS/compiler-rt/compiler-rt.spec",
+        "SPECS/libcxx/libcxx.spec",
         "SPECS/lld/lld.spec",
         "SPECS/lldb/lldb.spec",
         "SPECS/llvm/llvm.spec"

From 1118da22ed5b42e0c73c1b00778c7af3ffdbb0e0 Mon Sep 17 00:00:00 2001
From: Rohit Rawat <rohitrawat@microsoft.com>
Date: Tue, 1 Oct 2024 22:14:51 +0530
Subject: [PATCH 48/59] Add Valkey to 3.0 (#10579)

---
 LICENSES-AND-NOTICES/SPECS/LICENSES-MAP.md    |  2 +-
 LICENSES-AND-NOTICES/SPECS/data/licenses.json |  1 +
 SPECS/valkey/valkey-conf.patch                | 22 +++++
 SPECS/valkey/valkey.signatures.json           |  5 ++
 SPECS/valkey/valkey.spec                      | 88 +++++++++++++++++++
 cgmanifest.json                               | 10 +++
 6 files changed, 127 insertions(+), 1 deletion(-)
 create mode 100644 SPECS/valkey/valkey-conf.patch
 create mode 100644 SPECS/valkey/valkey.signatures.json
 create mode 100644 SPECS/valkey/valkey.spec

diff --git a/LICENSES-AND-NOTICES/SPECS/LICENSES-MAP.md b/LICENSES-AND-NOTICES/SPECS/LICENSES-MAP.md
index e410aa826b6..668a1c6b005 100644
--- a/LICENSES-AND-NOTICES/SPECS/LICENSES-MAP.md
+++ b/LICENSES-AND-NOTICES/SPECS/LICENSES-MAP.md
@@ -9,7 +9,7 @@ The Azure Linux SPEC files originated from a variety of sources with varying lic
 | Fedora (Copyright Remi Collet) | [CC-BY-SA 4.0](https://creativecommons.org/licenses/by-sa/4.0/legalcode) | libmemcached-awesome <br> librabbitmq |
 | Fedora (ISC) | [ISC License](https://github.com/sarugaku/resolvelib/blob/main/LICENSE) | python-resolvelib |
 | Magnus Edenhill Open Source | [Magnus Edenhill Open Source BSD License](https://github.com/jemalloc/jemalloc/blob/dev/COPYING) | librdkafka |
-| Microsoft | [Microsoft MIT License](/LICENSES-AND-NOTICES/LICENSE.md) | application-gateway-kubernetes-ingress <br> asc <br> azcopy <br> azure-iot-sdk-c <br> azure-nvme-utils <br> azure-storage-cpp <br> azurelinux-release <br> azurelinux-repos <br> azurelinux-rpm-macros <br> azurelinux-sysinfo <br> bazel <br> blobfuse2 <br> bmon <br> bpftrace <br> ccache <br> cert-manager <br> cf-cli <br> check-restart <br> clamav <br> cloud-hypervisor-cvm <br> cmake-fedora <br> containerd <br> coredns <br> dcos-cli <br> debugedit <br> dejavu-fonts <br> distroless-packages <br> docker-buildx <br> docker-cli <br> docker-compose <br> doxygen <br> dtc <br> elixir <br> espeak-ng <br> espeakup <br> flannel <br> fluent-bit <br> freefont <br> gflags <br> gh <br> go-md2man <br> grpc <br> grub2-efi-binary-signed <br> GSL <br> gtk-update-icon-cache <br> helm <br> ig <br> intel-pf-bb-config <br> ivykis <br> jsonbuilder <br> jx <br> kata-containers-cc <br> kata-packages-uvm <br> keda <br> keras <br> kernel-signed <br> kernel-uki <br> kernel-uki-signed <br> kpatch <br> kube-vip-cloud-provider <br> kubernetes <br> libacvp <br> libconfini <br> libconfuse <br> libgdiplus <br> libmaxminddb <br> libmetalink <br> libsafec <br> libuv <br> libxml++ <br> lld <br> local-path-provisioner <br> lsb-release <br> ltp <br> lttng-consume <br> mm-common <br> moby-containerd-cc <br> moby-engine <br> msgpack <br> ncompress <br> networkd-dispatcher <br> nlohmann-json <br> nmap <br> node-problem-detector <br> ntopng <br> opentelemetry-cpp <br> packer <br> pcaudiolib <br> pcre2 <br> perl-Test-Warnings <br> perl-Text-Template <br> pigz <br> prebuilt-ca-certificates <br> prebuilt-ca-certificates-base <br> prometheus-adapter <br> python-cachetools <br> python-cherrypy <br> python-cstruct <br> python-execnet <br> python-google-pasta <br> python-libclang <br> python-libevdev <br> python-logutils <br> python-ml-dtypes <br> python-namex <br> python-nocasedict <br> python-omegaconf <br> python-opt-einsum <br> python-optree <br> python-pecan <br> python-pip <br> python-pyrpm <br> python-remoto <br> python-repoze-lru <br> python-routes <br> python-rsa <br> python-setuptools <br> python-sphinxcontrib-websupport <br> python-tensorboard <br> python-tensorboard-plugin-wit <br> python-yamlloader <br> R <br> rabbitmq-server <br> rocksdb <br> rubygem-addressable <br> rubygem-asciidoctor <br> rubygem-async <br> rubygem-async-http <br> rubygem-async-io <br> rubygem-async-pool <br> rubygem-bindata <br> rubygem-concurrent-ruby <br> rubygem-connection_pool <br> rubygem-console <br> rubygem-cool.io <br> rubygem-deep_merge <br> rubygem-digest-crc <br> rubygem-elastic-transport <br> rubygem-elasticsearch <br> rubygem-elasticsearch-api <br> rubygem-eventmachine <br> rubygem-excon <br> rubygem-faraday <br> rubygem-faraday-em_http <br> rubygem-faraday-em_synchrony <br> rubygem-faraday-excon <br> rubygem-faraday-httpclient <br> rubygem-faraday-multipart <br> rubygem-faraday-net_http <br> rubygem-faraday-net_http_persistent <br> rubygem-faraday-patron <br> rubygem-faraday-rack <br> rubygem-faraday-retry <br> rubygem-ffi <br> rubygem-fiber-local <br> rubygem-fluent-config-regexp-type <br> rubygem-fluent-logger <br> rubygem-fluent-plugin-elasticsearch <br> rubygem-fluent-plugin-kafka <br> rubygem-fluent-plugin-prometheus <br> rubygem-fluent-plugin-prometheus_pushgateway <br> rubygem-fluent-plugin-record-modifier <br> rubygem-fluent-plugin-rewrite-tag-filter <br> rubygem-fluent-plugin-systemd <br> rubygem-fluent-plugin-webhdfs <br> rubygem-fluent-plugin-windows-exporter <br> rubygem-fluentd <br> rubygem-hirb <br> rubygem-hocon <br> rubygem-hoe <br> rubygem-http_parser <br> rubygem-httpclient <br> rubygem-io-event <br> rubygem-jmespath <br> rubygem-ltsv <br> rubygem-mini_portile2 <br> rubygem-minitest <br> rubygem-mocha <br> rubygem-msgpack <br> rubygem-multi_json <br> rubygem-multipart-post <br> rubygem-net-http-persistent <br> rubygem-nio4r <br> rubygem-nokogiri <br> rubygem-oj <br> rubygem-parallel <br> rubygem-power_assert <br> rubygem-prometheus-client <br> rubygem-protocol-hpack <br> rubygem-protocol-http <br> rubygem-protocol-http1 <br> rubygem-protocol-http2 <br> rubygem-public_suffix <br> rubygem-puppet-resource_api <br> rubygem-rdiscount <br> rubygem-rdkafka <br> rubygem-rexml <br> rubygem-ruby-kafka <br> rubygem-ruby-progressbar <br> rubygem-rubyzip <br> rubygem-semantic_puppet <br> rubygem-serverengine <br> rubygem-sigdump <br> rubygem-strptime <br> rubygem-systemd-journal <br> rubygem-test-unit <br> rubygem-thor <br> rubygem-timers <br> rubygem-tzinfo <br> rubygem-tzinfo-data <br> rubygem-webhdfs <br> rubygem-webrick <br> rubygem-yajl-ruby <br> rubygem-zip-zip <br> runc <br> sdbus-cpp <br> sgx-backwards-compatibility <br> shim <br> shim-unsigned <br> shim-unsigned-aarch64 <br> shim-unsigned-x64 <br> skopeo <br> span-lite <br> sriov-network-device-plugin <br> SymCrypt <br> SymCrypt-OpenSSL <br> systemd-boot-signed <br> tensorflow <br> tinyxml2 <br> toml11 <br> tracelogging <br> umoci <br> usrsctp <br> vala <br> verity-read-only-root <br> vnstat <br> zstd |
+| Microsoft | [Microsoft MIT License](/LICENSES-AND-NOTICES/LICENSE.md) | application-gateway-kubernetes-ingress <br> asc <br> azcopy <br> azure-iot-sdk-c <br> azure-nvme-utils <br> azure-storage-cpp <br> azurelinux-release <br> azurelinux-repos <br> azurelinux-rpm-macros <br> azurelinux-sysinfo <br> bazel <br> blobfuse2 <br> bmon <br> bpftrace <br> ccache <br> cert-manager <br> cf-cli <br> check-restart <br> clamav <br> cloud-hypervisor-cvm <br> cmake-fedora <br> containerd <br> coredns <br> dcos-cli <br> debugedit <br> dejavu-fonts <br> distroless-packages <br> docker-buildx <br> docker-cli <br> docker-compose <br> doxygen <br> dtc <br> elixir <br> espeak-ng <br> espeakup <br> flannel <br> fluent-bit <br> freefont <br> gflags <br> gh <br> go-md2man <br> grpc <br> grub2-efi-binary-signed <br> GSL <br> gtk-update-icon-cache <br> helm <br> ig <br> intel-pf-bb-config <br> ivykis <br> jsonbuilder <br> jx <br> kata-containers-cc <br> kata-packages-uvm <br> keda <br> keras <br> kernel-signed <br> kernel-uki <br> kernel-uki-signed <br> kpatch <br> kube-vip-cloud-provider <br> kubernetes <br> libacvp <br> libconfini <br> libconfuse <br> libgdiplus <br> libmaxminddb <br> libmetalink <br> libsafec <br> libuv <br> libxml++ <br> lld <br> local-path-provisioner <br> lsb-release <br> ltp <br> lttng-consume <br> mm-common <br> moby-containerd-cc <br> moby-engine <br> msgpack <br> ncompress <br> networkd-dispatcher <br> nlohmann-json <br> nmap <br> node-problem-detector <br> ntopng <br> opentelemetry-cpp <br> packer <br> pcaudiolib <br> pcre2 <br> perl-Test-Warnings <br> perl-Text-Template <br> pigz <br> prebuilt-ca-certificates <br> prebuilt-ca-certificates-base <br> prometheus-adapter <br> python-cachetools <br> python-cherrypy <br> python-cstruct <br> python-execnet <br> python-google-pasta <br> python-libclang <br> python-libevdev <br> python-logutils <br> python-ml-dtypes <br> python-namex <br> python-nocasedict <br> python-omegaconf <br> python-opt-einsum <br> python-optree <br> python-pecan <br> python-pip <br> python-pyrpm <br> python-remoto <br> python-repoze-lru <br> python-routes <br> python-rsa <br> python-setuptools <br> python-sphinxcontrib-websupport <br> python-tensorboard <br> python-tensorboard-plugin-wit <br> python-yamlloader <br> R <br> rabbitmq-server <br> rocksdb <br> rubygem-addressable <br> rubygem-asciidoctor <br> rubygem-async <br> rubygem-async-http <br> rubygem-async-io <br> rubygem-async-pool <br> rubygem-bindata <br> rubygem-concurrent-ruby <br> rubygem-connection_pool <br> rubygem-console <br> rubygem-cool.io <br> rubygem-deep_merge <br> rubygem-digest-crc <br> rubygem-elastic-transport <br> rubygem-elasticsearch <br> rubygem-elasticsearch-api <br> rubygem-eventmachine <br> rubygem-excon <br> rubygem-faraday <br> rubygem-faraday-em_http <br> rubygem-faraday-em_synchrony <br> rubygem-faraday-excon <br> rubygem-faraday-httpclient <br> rubygem-faraday-multipart <br> rubygem-faraday-net_http <br> rubygem-faraday-net_http_persistent <br> rubygem-faraday-patron <br> rubygem-faraday-rack <br> rubygem-faraday-retry <br> rubygem-ffi <br> rubygem-fiber-local <br> rubygem-fluent-config-regexp-type <br> rubygem-fluent-logger <br> rubygem-fluent-plugin-elasticsearch <br> rubygem-fluent-plugin-kafka <br> rubygem-fluent-plugin-prometheus <br> rubygem-fluent-plugin-prometheus_pushgateway <br> rubygem-fluent-plugin-record-modifier <br> rubygem-fluent-plugin-rewrite-tag-filter <br> rubygem-fluent-plugin-systemd <br> rubygem-fluent-plugin-webhdfs <br> rubygem-fluent-plugin-windows-exporter <br> rubygem-fluentd <br> rubygem-hirb <br> rubygem-hocon <br> rubygem-hoe <br> rubygem-http_parser <br> rubygem-httpclient <br> rubygem-io-event <br> rubygem-jmespath <br> rubygem-ltsv <br> rubygem-mini_portile2 <br> rubygem-minitest <br> rubygem-mocha <br> rubygem-msgpack <br> rubygem-multi_json <br> rubygem-multipart-post <br> rubygem-net-http-persistent <br> rubygem-nio4r <br> rubygem-nokogiri <br> rubygem-oj <br> rubygem-parallel <br> rubygem-power_assert <br> rubygem-prometheus-client <br> rubygem-protocol-hpack <br> rubygem-protocol-http <br> rubygem-protocol-http1 <br> rubygem-protocol-http2 <br> rubygem-public_suffix <br> rubygem-puppet-resource_api <br> rubygem-rdiscount <br> rubygem-rdkafka <br> rubygem-rexml <br> rubygem-ruby-kafka <br> rubygem-ruby-progressbar <br> rubygem-rubyzip <br> rubygem-semantic_puppet <br> rubygem-serverengine <br> rubygem-sigdump <br> rubygem-strptime <br> rubygem-systemd-journal <br> rubygem-test-unit <br> rubygem-thor <br> rubygem-timers <br> rubygem-tzinfo <br> rubygem-tzinfo-data <br> rubygem-webhdfs <br> rubygem-webrick <br> rubygem-yajl-ruby <br> rubygem-zip-zip <br> runc <br> sdbus-cpp <br> sgx-backwards-compatibility <br> shim <br> shim-unsigned <br> shim-unsigned-aarch64 <br> shim-unsigned-x64 <br> skopeo <br> span-lite <br> sriov-network-device-plugin <br> SymCrypt <br> SymCrypt-OpenSSL <br> systemd-boot-signed <br> tensorflow <br> tinyxml2 <br> toml11 <br> tracelogging <br> umoci <br> usrsctp <br> vala <br> valkey <br> verity-read-only-root <br> vnstat <br> zstd |
 | Netplan source | [GPLv3](https://github.com/canonical/netplan/blob/main/COPYING) | netplan |
 | Numad source | [LGPLv2 License](https://www.gnu.org/licenses/old-licenses/lgpl-2.1.txt) | numad |
 | NVIDIA | [ASL 2.0 License and spec specific licenses](http://www.apache.org/licenses/LICENSE-2.0) | libnvidia-container <br> mlnx-tools <br> mlx-bootctl <br> nvidia-container-toolkit <br> ofed-scripts <br> perftest |
diff --git a/LICENSES-AND-NOTICES/SPECS/data/licenses.json b/LICENSES-AND-NOTICES/SPECS/data/licenses.json
index b6b1311a7f1..542f6b1a926 100644
--- a/LICENSES-AND-NOTICES/SPECS/data/licenses.json
+++ b/LICENSES-AND-NOTICES/SPECS/data/licenses.json
@@ -2432,6 +2432,7 @@
                 "umoci",
                 "usrsctp",
                 "vala",
+                "valkey",
                 "verity-read-only-root",
                 "vnstat",
                 "zstd"
diff --git a/SPECS/valkey/valkey-conf.patch b/SPECS/valkey/valkey-conf.patch
new file mode 100644
index 00000000000..f7f788485c9
--- /dev/null
+++ b/SPECS/valkey/valkey-conf.patch
@@ -0,0 +1,22 @@
+diff --git a/valkey.conf b/valkey.conf
+index 0f43f5c..f6738ad 100644
+--- a/valkey.conf
++++ b/valkey.conf
+@@ -351,7 +351,7 @@ loglevel notice
+ # Specify the log file name. Also the empty string can be used to force
+ # the server to log on the standard output. Note that if you use standard
+ # output for logging but daemonize, logs will be sent to /dev/null
+-logfile ""
++logfile "/var/log/valkey/valkey.log"
+ 
+ # To enable logging to the system logger, just set 'syslog-enabled' to yes,
+ # and optionally update the other syslog parameters to suit your needs.
+@@ -526,7 +526,7 @@ rdb-del-sync-files no
+ # 'cluster-config-file' configuration directive is a relative path.
+ #
+ # Note that you must specify a directory here, not a file name.
+-dir ./
++dir /var/lib/valkey
+ 
+ ################################# REPLICATION #################################
+ 
\ No newline at end of file
diff --git a/SPECS/valkey/valkey.signatures.json b/SPECS/valkey/valkey.signatures.json
new file mode 100644
index 00000000000..42ec1c12a47
--- /dev/null
+++ b/SPECS/valkey/valkey.signatures.json
@@ -0,0 +1,5 @@
+{
+ "Signatures": {
+  "valkey-8.0.0.tar.gz": "f87fef2ba81ae4bce891b874fba58cfde2d19370a3bcac20f0e17498b33c33c0"
+ }
+}
\ No newline at end of file
diff --git a/SPECS/valkey/valkey.spec b/SPECS/valkey/valkey.spec
new file mode 100644
index 00000000000..5ebe3431a1d
--- /dev/null
+++ b/SPECS/valkey/valkey.spec
@@ -0,0 +1,88 @@
+Summary:        advanced key-value store
+Name:           valkey
+Version:        8.0.0
+Release:        1%{?dist}
+License:        BSD
+Vendor:         Microsoft Corporation
+Distribution:   Azure Linux
+Group:          Applications/Databases
+URL:            https://valkey.io/
+Source0:        https://github.com/valkey-io/valkey/archive/refs/tags/%{version}.tar.gz#/%{name}-%{version}.tar.gz
+Patch0:         valkey-conf.patch
+BuildRequires:  gcc
+BuildRequires:  make
+BuildRequires:  openssl-devel
+BuildRequires:  systemd
+BuildRequires:  tcl
+BuildRequires:  tcl-devel
+BuildRequires:  which
+Requires:       systemd
+Requires(pre):  %{_sbindir}/groupadd
+Requires(pre):  %{_sbindir}/useradd
+
+%description
+A flexible distributed key-value datastore that supports both caching and beyond caching workloads.
+
+%prep
+%autosetup -p1
+
+%build
+make BUILD_TLS=yes %{?_smp_mflags}
+
+%install
+install -vdm 755 %{buildroot}
+make PREFIX=%{buildroot}%{_prefix} install
+install -D -m 0640 %{name}.conf %{buildroot}%{_sysconfdir}/%{name}.conf
+mkdir -p %{buildroot}%{_sharedstatedir}/valkey
+mkdir -p %{buildroot}%{_var}/log
+mkdir -p %{buildroot}%{_var}/opt/%{name}/log
+ln -sfv %{_var}/opt/%{name}/log %{buildroot}%{_var}/log/%{name}
+mkdir -p %{buildroot}/usr/lib/systemd/system
+cat << EOF >>  %{buildroot}/usr/lib/systemd/system/valkey.service
+[Unit]
+Description=Valkey in-memory key-value datastore
+After=network.target
+
+[Service]
+ExecStart=%{_bindir}/valkey-server %{_sysconfdir}/valkey.conf --daemonize no
+ExecStop=%{_bindir}/valkey-cli shutdown
+User=valkey
+Group=valkey
+
+[Install]
+WantedBy=multi-user.target
+EOF
+
+%check
+make check
+
+%pre
+getent group %{name} &> /dev/null || \
+groupadd -r %{name} &> /dev/null
+getent passwd %{name} &> /dev/null || \
+useradd -r -g %{name} -d %{_sharedstatedir}/valkey -s /sbin/nologin \
+-c 'Valkey Datastore Server' %{name} &> /dev/null
+exit 0
+
+%post
+/sbin/ldconfig
+%systemd_post  valkey.service
+
+%postun
+/sbin/ldconfig
+%systemd_postun_with_restart valkey.service
+
+%files
+%defattr(-,root,root)
+%license COPYING
+%dir %attr(0750, valkey, valkey) %{_sharedstatedir}/valkey
+%dir %attr(0750, valkey, valkey) %{_var}/opt/%{name}/log
+%attr(0750, valkey, valkey) %{_var}/log/%{name}
+%{_bindir}/*
+%{_libdir}/systemd/*
+%config(noreplace) %attr(0640, %{name}, %{name}) %{_sysconfdir}/valkey.conf
+
+%changelog
+* Mon Sep 30 2024 Rohit Rawat <rohitrawat@microsoft.com> - 8.0.0-1
+- Original version for CBL-Mariner.
+- License Verified.
diff --git a/cgmanifest.json b/cgmanifest.json
index 294d5223142..add8ffe73a1 100644
--- a/cgmanifest.json
+++ b/cgmanifest.json
@@ -29281,6 +29281,16 @@
         }
       }
     },
+    {
+      "component": {
+        "type": "other",
+        "other": {
+          "name": "valkey",
+          "version": "8.0.0",
+          "downloadUrl": "https://github.com/valkey-io/valkey/archive/refs/tags/8.0.0.tar.gz"
+        }
+      }
+    },
     {
       "component": {
         "type": "other",

From ca8dcfa20e05703b2aa75d5fb2e40bf0990651a0 Mon Sep 17 00:00:00 2001
From: Thien Trung Vuong <tvuong@microsoft.com>
Date: Tue, 1 Oct 2024 15:46:06 -0700
Subject: [PATCH 49/59] kernel-uki: drop dbus in initrd (#10533)

Signed-off-by: Thien Trung Vuong <tvuong@microsoft.com>
Co-authored-by: jozzsi <jozzsicsataban@gmail.com>
---
 SPECS-SIGNED/kernel-signed/kernel-signed.spec               | 5 ++++-
 SPECS-SIGNED/kernel-uki-signed/kernel-uki-signed.spec       | 5 ++++-
 SPECS/kernel-headers/kernel-headers.spec                    | 5 ++++-
 SPECS/kernel/kernel-uki-dracut.conf                         | 2 +-
 SPECS/kernel/kernel-uki.signatures.json                     | 2 +-
 SPECS/kernel/kernel-uki.spec                                | 5 ++++-
 SPECS/kernel/kernel.spec                                    | 5 ++++-
 toolkit/resources/manifests/package/pkggen_core_aarch64.txt | 2 +-
 toolkit/resources/manifests/package/pkggen_core_x86_64.txt  | 2 +-
 toolkit/resources/manifests/package/toolchain_aarch64.txt   | 2 +-
 toolkit/resources/manifests/package/toolchain_x86_64.txt    | 4 ++--
 11 files changed, 27 insertions(+), 12 deletions(-)

diff --git a/SPECS-SIGNED/kernel-signed/kernel-signed.spec b/SPECS-SIGNED/kernel-signed/kernel-signed.spec
index 7c17746bfd0..7202acac4a3 100644
--- a/SPECS-SIGNED/kernel-signed/kernel-signed.spec
+++ b/SPECS-SIGNED/kernel-signed/kernel-signed.spec
@@ -10,7 +10,7 @@
 Summary:        Signed Linux Kernel for %{buildarch} systems
 Name:           kernel-signed-%{buildarch}
 Version:        6.6.51.1
-Release:        2%{?dist}
+Release:        3%{?dist}
 License:        GPLv2
 Vendor:         Microsoft Corporation
 Distribution:   Azure Linux
@@ -145,6 +145,9 @@ echo "initrd of kernel %{uname_r} removed" >&2
 %exclude /module_info.ld
 
 %changelog
+* Tue Sep 24 2024 Jo Zzsi <jozzsicsataban@gmail.com> - 6.6.51.1-3
+- Bump release to match kernel
+
 * Fri Sep 20 2024 Chris Co <chrco@microsoft.com> - 6.6.51.1-2
 - Bump release to match kernel
 
diff --git a/SPECS-SIGNED/kernel-uki-signed/kernel-uki-signed.spec b/SPECS-SIGNED/kernel-uki-signed/kernel-uki-signed.spec
index 67a53fbb6c6..8d37cb196e4 100644
--- a/SPECS-SIGNED/kernel-uki-signed/kernel-uki-signed.spec
+++ b/SPECS-SIGNED/kernel-uki-signed/kernel-uki-signed.spec
@@ -6,7 +6,7 @@
 Summary:        Signed Unified Kernel Image for %{buildarch} systems
 Name:           kernel-uki-signed-%{buildarch}
 Version:        6.6.51.1
-Release:        2%{?dist}
+Release:        3%{?dist}
 License:        GPLv2
 Vendor:         Microsoft Corporation
 Distribution:   Azure Linux
@@ -68,6 +68,9 @@ popd
 /boot/efi/EFI/Linux/vmlinuz-uki-%{kernelver}.efi
 
 %changelog
+* Tue Sep 24 2024 Jo Zzsi <jozzsicsataban@gmail.com> - 6.6.51.1-3
+- Bump release to match kernel
+
 * Fri Sep 20 2024 Chris Co <chrco@microsoft.com> - 6.6.51.1-2
 - Bump release to match kernel
 
diff --git a/SPECS/kernel-headers/kernel-headers.spec b/SPECS/kernel-headers/kernel-headers.spec
index f5a846e2ddf..64674d1e752 100644
--- a/SPECS/kernel-headers/kernel-headers.spec
+++ b/SPECS/kernel-headers/kernel-headers.spec
@@ -14,7 +14,7 @@
 Summary:        Linux API header files
 Name:           kernel-headers
 Version:        6.6.51.1
-Release:        2%{?dist}
+Release:        3%{?dist}
 License:        GPLv2
 Vendor:         Microsoft Corporation
 Distribution:   Azure Linux
@@ -75,6 +75,9 @@ done
 %endif
 
 %changelog
+* Tue Sep 24 2024 Jo Zzsi <jozzsicsataban@gmail.com> - 6.6.51.1-3
+- Bump release to match kernel
+
 * Fri Sep 20 2024 Chris Co <chrco@microsoft.com> - 6.6.51.1-2
 - Bump release to match kernel
 
diff --git a/SPECS/kernel/kernel-uki-dracut.conf b/SPECS/kernel/kernel-uki-dracut.conf
index 5d5e9de7ff7..fdfec989386 100644
--- a/SPECS/kernel/kernel-uki-dracut.conf
+++ b/SPECS/kernel/kernel-uki-dracut.conf
@@ -6,7 +6,7 @@ compress="xz"
 early_microcode="no"
 
 # modules: basics
-dracutmodules+=" base systemd systemd-initrd dracut-systemd dbus shutdown i18n "
+dracutmodules+=" base systemd systemd-initrd dracut-systemd shutdown i18n "
 
 # modules: storage support
 dracutmodules+=" dm rootfs-block fs-lib "
diff --git a/SPECS/kernel/kernel-uki.signatures.json b/SPECS/kernel/kernel-uki.signatures.json
index 7c61205d6ff..93fa9871af9 100644
--- a/SPECS/kernel/kernel-uki.signatures.json
+++ b/SPECS/kernel/kernel-uki.signatures.json
@@ -1,5 +1,5 @@
 {
   "Signatures": {
-    "kernel-uki-dracut.conf": "57f80f04f138e1d0083aedc4a8b440de97a6ed693ba7014b3580f0d2cdd768b6"
+    "kernel-uki-dracut.conf": "83b8db11c5066b275f8d982bbae69305750f94f7e96ab215104ed050a682de4e"
   }
 }
diff --git a/SPECS/kernel/kernel-uki.spec b/SPECS/kernel/kernel-uki.spec
index 4537fa849ff..b2c1fda6bef 100644
--- a/SPECS/kernel/kernel-uki.spec
+++ b/SPECS/kernel/kernel-uki.spec
@@ -18,7 +18,7 @@
 Summary:        Unified Kernel Image
 Name:           kernel-uki
 Version:        6.6.51.1
-Release:        2%{?dist}
+Release:        3%{?dist}
 License:        GPLv2
 Vendor:         Microsoft Corporation
 Distribution:   Azure Linux
@@ -75,6 +75,9 @@ cp %{buildroot}/boot/vmlinuz-uki-%{kernelver}.efi %{buildroot}/boot/efi/EFI/Linu
 /boot/efi/EFI/Linux/vmlinuz-uki-%{kernelver}.efi
 
 %changelog
+* Tue Sep 24 2024 Jo Zzsi <jozzsicsataban@gmail.com> - 6.6.51.1-3
+- Remove dbus from initrd
+
 * Fri Sep 20 2024 Chris Co <chrco@microsoft.com> - 6.6.51.1-2
 - Bump release to match kernel
 
diff --git a/SPECS/kernel/kernel.spec b/SPECS/kernel/kernel.spec
index 4208096d9ef..90c95c33601 100644
--- a/SPECS/kernel/kernel.spec
+++ b/SPECS/kernel/kernel.spec
@@ -30,7 +30,7 @@
 Summary:        Linux Kernel
 Name:           kernel
 Version:        6.6.51.1
-Release:        2%{?dist}
+Release:        3%{?dist}
 License:        GPLv2
 Vendor:         Microsoft Corporation
 Distribution:   Azure Linux
@@ -407,6 +407,9 @@ echo "initrd of kernel %{uname_r} removed" >&2
 %{_sysconfdir}/bash_completion.d/bpftool
 
 %changelog
+* Tue Sep 24 2024 Jo Zzsi <jozzsicsataban@gmail.com> - 6.6.51.1-3
+- UKI: remove dbus from initrd
+
 * Fri Sep 20 2024 Chris Co <chrco@microsoft.com> - 6.6.51.1-2
 - Enable MLX5 TC offload
 
diff --git a/toolkit/resources/manifests/package/pkggen_core_aarch64.txt b/toolkit/resources/manifests/package/pkggen_core_aarch64.txt
index a222d121e1f..60eb8d805a3 100644
--- a/toolkit/resources/manifests/package/pkggen_core_aarch64.txt
+++ b/toolkit/resources/manifests/package/pkggen_core_aarch64.txt
@@ -1,5 +1,5 @@
 filesystem-1.1-21.azl3.aarch64.rpm
-kernel-headers-6.6.51.1-2.azl3.noarch.rpm
+kernel-headers-6.6.51.1-3.azl3.noarch.rpm
 glibc-2.38-8.azl3.aarch64.rpm
 glibc-devel-2.38-8.azl3.aarch64.rpm
 glibc-i18n-2.38-8.azl3.aarch64.rpm
diff --git a/toolkit/resources/manifests/package/pkggen_core_x86_64.txt b/toolkit/resources/manifests/package/pkggen_core_x86_64.txt
index c532f15dee2..99a48bad483 100644
--- a/toolkit/resources/manifests/package/pkggen_core_x86_64.txt
+++ b/toolkit/resources/manifests/package/pkggen_core_x86_64.txt
@@ -1,5 +1,5 @@
 filesystem-1.1-21.azl3.x86_64.rpm
-kernel-headers-6.6.51.1-2.azl3.noarch.rpm
+kernel-headers-6.6.51.1-3.azl3.noarch.rpm
 glibc-2.38-8.azl3.x86_64.rpm
 glibc-devel-2.38-8.azl3.x86_64.rpm
 glibc-i18n-2.38-8.azl3.x86_64.rpm
diff --git a/toolkit/resources/manifests/package/toolchain_aarch64.txt b/toolkit/resources/manifests/package/toolchain_aarch64.txt
index 2105300f199..efafcc9a32d 100644
--- a/toolkit/resources/manifests/package/toolchain_aarch64.txt
+++ b/toolkit/resources/manifests/package/toolchain_aarch64.txt
@@ -156,7 +156,7 @@ intltool-0.51.0-7.azl3.noarch.rpm
 itstool-2.0.7-1.azl3.noarch.rpm
 kbd-2.2.0-2.azl3.aarch64.rpm
 kbd-debuginfo-2.2.0-2.azl3.aarch64.rpm
-kernel-headers-6.6.51.1-2.azl3.noarch.rpm
+kernel-headers-6.6.51.1-3.azl3.noarch.rpm
 kmod-30-1.azl3.aarch64.rpm
 kmod-debuginfo-30-1.azl3.aarch64.rpm
 kmod-devel-30-1.azl3.aarch64.rpm
diff --git a/toolkit/resources/manifests/package/toolchain_x86_64.txt b/toolkit/resources/manifests/package/toolchain_x86_64.txt
index 1ad9590ed0f..445432e41a1 100644
--- a/toolkit/resources/manifests/package/toolchain_x86_64.txt
+++ b/toolkit/resources/manifests/package/toolchain_x86_64.txt
@@ -161,8 +161,8 @@ intltool-0.51.0-7.azl3.noarch.rpm
 itstool-2.0.7-1.azl3.noarch.rpm
 kbd-2.2.0-2.azl3.x86_64.rpm
 kbd-debuginfo-2.2.0-2.azl3.x86_64.rpm
-kernel-cross-headers-6.6.51.1-2.azl3.noarch.rpm
-kernel-headers-6.6.51.1-2.azl3.noarch.rpm
+kernel-cross-headers-6.6.51.1-3.azl3.noarch.rpm
+kernel-headers-6.6.51.1-3.azl3.noarch.rpm
 kmod-30-1.azl3.x86_64.rpm
 kmod-debuginfo-30-1.azl3.x86_64.rpm
 kmod-devel-30-1.azl3.x86_64.rpm

From 90673ffb8a2cd2cca92cd591d21e023f9c80fc9b Mon Sep 17 00:00:00 2001
From: Pawel Winogrodzki <pawelwi@microsoft.com>
Date: Tue, 1 Oct 2024 16:25:46 -0700
Subject: [PATCH 50/59] Fixed `tdnf provides` parsing to recognize epochs in
 package names. (#10587)

---
 .../imagegen/installutils/installutils.go     |  2 +-
 .../repocloner/rpmrepocloner/rpmrepocloner.go | 14 +--
 toolkit/tools/internal/tdnf/tdnf.go           | 33 ++++---
 toolkit/tools/internal/tdnf/tdnf_test.go      | 99 ++++++++++++++++++-
 4 files changed, 121 insertions(+), 27 deletions(-)

diff --git a/toolkit/tools/imagegen/installutils/installutils.go b/toolkit/tools/imagegen/installutils/installutils.go
index 77529f1c705..319d24cd931 100644
--- a/toolkit/tools/imagegen/installutils/installutils.go
+++ b/toolkit/tools/imagegen/installutils/installutils.go
@@ -820,7 +820,7 @@ func calculateTotalPackages(packages []string, installRoot string) (installedPac
 		// end with an empty line.
 		for _, line := range splitStdout {
 			matches := tdnf.InstallPackageRegex.FindStringSubmatch(line)
-			if len(matches) != tdnf.InstallMaxMatchLen {
+			if len(matches) != tdnf.InstallPackageMaxMatchLen {
 				// This line contains output other than a package information; skip it
 				continue
 			}
diff --git a/toolkit/tools/internal/packagerepo/repocloner/rpmrepocloner/rpmrepocloner.go b/toolkit/tools/internal/packagerepo/repocloner/rpmrepocloner/rpmrepocloner.go
index 75220717fc8..bb90a4731a7 100644
--- a/toolkit/tools/internal/packagerepo/repocloner/rpmrepocloner/rpmrepocloner.go
+++ b/toolkit/tools/internal/packagerepo/repocloner/rpmrepocloner/rpmrepocloner.go
@@ -474,8 +474,8 @@ func (r *RpmRepoCloner) WhatProvides(pkgVer *pkgjson.PackageVer) (packageNames [
 			// MUST keep order of packages printed by TDNF.
 			// TDNF will print the packages starting from the highest version, which allows us to work around an RPM bug:
 			// https://github.com/rpm-software-management/rpm/issues/2359
-			for _, matches := range tdnf.PackageLookupNameMatchRegex.FindAllStringSubmatch(stdout, -1) {
-				packageName := matches[tdnf.PackageNameIndex]
+			for _, matches := range tdnf.PackageProvidesRegex.FindAllStringSubmatch(stdout, -1) {
+				packageName := matches[tdnf.PackageProvidesNameIndex]
 				if lookupIgnoredCase {
 					logger.Log.Warnf("'%s' was found by case-insensitive lookup of '%s', but this is not valid and will be ignored", packageName, pkgVer.Name)
 					// This is not a valid mapping of requires -> provides, so we skip it. This is not a fatal error since
@@ -556,15 +556,15 @@ func (r *RpmRepoCloner) ClonedRepoContents() (repoContents *repocloner.RepoConte
 	repoContents = &repocloner.RepoContents{}
 	onStdout := func(line string) {
 		matches := tdnf.ListedPackageRegex.FindStringSubmatch(line)
-		if len(matches) != tdnf.ListMaxMatchLen {
+		if len(matches) != tdnf.ListedPackageMaxMatchLen {
 			return
 		}
 
 		pkg := &repocloner.RepoPackage{
-			Name:         matches[tdnf.ListPackageName],
-			Version:      matches[tdnf.ListPackageVersion],
-			Architecture: matches[tdnf.ListPackageArch],
-			Distribution: matches[tdnf.ListPackageDist],
+			Name:         matches[tdnf.ListedPackageName],
+			Version:      matches[tdnf.ListedPackageVersion],
+			Architecture: matches[tdnf.ListedPackageArch],
+			Distribution: matches[tdnf.ListedPackageDist],
 		}
 
 		pkgID := pkg.ID()
diff --git a/toolkit/tools/internal/tdnf/tdnf.go b/toolkit/tools/internal/tdnf/tdnf.go
index 4e652c05ba6..a39e2ae3bb5 100644
--- a/toolkit/tools/internal/tdnf/tdnf.go
+++ b/toolkit/tools/internal/tdnf/tdnf.go
@@ -28,8 +28,7 @@ var (
 	//		Repo	: [repo_name]
 	//
 	// NOTE: we ignore packages installed in the build environment denoted by "Repo	: @System".
-	PackageLookupNameMatchRegex = regexp.MustCompile(`([^:\s]+(x86_64|aarch64|noarch))\s*:[^\n]*\nRepo\s+:\s+[^@]`)
-	PackageNameIndex            = 1
+	PackageProvidesRegex = regexp.MustCompile(`(\S+)\s+:[^\n]*\nRepo\s+:\s+[^@]`)
 
 	// Tdnf may opt to ignore case when doing a provides lookup. While this is useful for a user, it will give
 	// bad results when we're trying to match a package name to a package in the repo. This regex will match the
@@ -63,21 +62,27 @@ var (
 )
 
 const (
-	InstallMatchSubString = iota
-	InstallPackageName    = iota
-	InstallPackageArch    = iota
-	InstallPackageVersion = iota
-	InstallPackageDist    = iota
-	InstallMaxMatchLen    = iota
+	InstallPackageMatchSubString = iota
+	InstallPackageName           = iota
+	InstallPackageArch           = iota
+	InstallPackageVersion        = iota
+	InstallPackageDist           = iota
+	InstallPackageMaxMatchLen    = iota
 )
 
 const (
-	ListMatchSubString = iota
-	ListPackageName    = iota
-	ListPackageArch    = iota
-	ListPackageVersion = iota
-	ListPackageDist    = iota
-	ListMaxMatchLen    = iota
+	PackageProvidesMatchSubString = iota
+	PackageProvidesNameIndex      = iota
+	PackageProvidesMaxMatchLen    = iota
+)
+
+const (
+	ListedPackageMatchSubString = iota
+	ListedPackageName           = iota
+	ListedPackageArch           = iota
+	ListedPackageVersion        = iota
+	ListedPackageDist           = iota
+	ListedPackageMaxMatchLen    = iota
 )
 
 const (
diff --git a/toolkit/tools/internal/tdnf/tdnf_test.go b/toolkit/tools/internal/tdnf/tdnf_test.go
index ad4d348cec6..2c4c714b427 100644
--- a/toolkit/tools/internal/tdnf/tdnf_test.go
+++ b/toolkit/tools/internal/tdnf/tdnf_test.go
@@ -78,7 +78,7 @@ func TestInstallPackageRegex_MatchesPackageName(t *testing.T) {
 
 	matches := InstallPackageRegex.FindStringSubmatch(line)
 
-	assert.Len(t, matches, InstallMaxMatchLen)
+	assert.Len(t, matches, InstallPackageMaxMatchLen)
 	assert.Equal(t, "X", matches[InstallPackageName])
 }
 
@@ -93,7 +93,7 @@ func TestInstallPackageRegex_MatchesPackageArch(t *testing.T) {
 
 	matches := InstallPackageRegex.FindStringSubmatch(line)
 
-	assert.Len(t, matches, InstallMaxMatchLen)
+	assert.Len(t, matches, InstallPackageMaxMatchLen)
 	assert.Equal(t, "aarch64", matches[InstallPackageArch])
 }
 
@@ -108,7 +108,7 @@ func TestInstallPackageRegex_MatchesPackageVersionNoEpoch(t *testing.T) {
 
 	matches := InstallPackageRegex.FindStringSubmatch(line)
 
-	assert.Len(t, matches, InstallMaxMatchLen)
+	assert.Len(t, matches, InstallPackageMaxMatchLen)
 	assert.Equal(t, "1.1b.8_X-22~rc1", matches[InstallPackageVersion])
 }
 
@@ -117,7 +117,7 @@ func TestInstallPackageRegex_MatchesPackageVersionWithEpoch(t *testing.T) {
 
 	matches := InstallPackageRegex.FindStringSubmatch(line)
 
-	assert.Len(t, matches, InstallMaxMatchLen)
+	assert.Len(t, matches, InstallPackageMaxMatchLen)
 	assert.Equal(t, "5:1.1b.8_X-22~rc1", matches[InstallPackageVersion])
 }
 
@@ -132,7 +132,7 @@ func TestInstallPackageRegex_MatchesPackageDist(t *testing.T) {
 
 	matches := InstallPackageRegex.FindStringSubmatch(line)
 
-	assert.Len(t, matches, InstallMaxMatchLen)
+	assert.Len(t, matches, InstallPackageMaxMatchLen)
 	assert.Equal(t, "azl3", matches[InstallPackageDist])
 }
 
@@ -153,3 +153,92 @@ func TestInstallPackageRegex_DoesNotMatchInvalidLine(t *testing.T) {
 
 	assert.False(t, InstallPackageRegex.MatchString(line))
 }
+func TestPackageLookupNameMatchRegex_MatchesExternalRepo(t *testing.T) {
+	const line = "xz-devel-5.4.4-1.azl3.x86_64 : Header and development files for xz\nRepo : toolchain-repo"
+
+	matches := PackageProvidesRegex.FindStringSubmatch(line)
+
+	assert.Len(t, matches, PackageProvidesMaxMatchLen)
+	assert.Equal(t, "xz-devel-5.4.4-1.azl3.x86_64", matches[PackageProvidesNameIndex])
+}
+
+func TestPackageLookupNameMatchRegex_MatchesPackageWithEpoch(t *testing.T) {
+	const line = "xz-devel-2:5.4.4-1.azl3.x86_64 : Header and development files for xz\nRepo : toolchain-repo"
+
+	matches := PackageProvidesRegex.FindStringSubmatch(line)
+
+	assert.Len(t, matches, PackageProvidesMaxMatchLen)
+	assert.Equal(t, "xz-devel-2:5.4.4-1.azl3.x86_64", matches[PackageProvidesNameIndex])
+}
+
+func TestPackageLookupNameMatchRegex_FailsForOutputWithoutRepo(t *testing.T) {
+	const line = "xz-devel-5.4.4-1.azl3.x86_64 : Header and development files for xz"
+
+	assert.False(t, PackageProvidesRegex.MatchString(line))
+}
+
+func TestPackageLookupNameMatchRegex_FailsForOutputWithSystemRepo(t *testing.T) {
+	const line = "xz-devel-5.4.4-1.azl3.x86_64 : Header and development files for xz\nRepo : @System"
+
+	assert.False(t, PackageProvidesRegex.MatchString(line))
+}
+
+func TestPackageLookupNameMatchRegex_FailsForEmptyOutput(t *testing.T) {
+	const line = ""
+
+	assert.False(t, PackageProvidesRegex.MatchString(line))
+}
+
+func TestPackageLookupNameMatchRegex_FailsForInvalidOutput(t *testing.T) {
+	const line = "Invalid output line"
+
+	assert.False(t, PackageProvidesRegex.MatchString(line))
+}
+
+func TestPackageLookupNameMatchRegex_MatchesOutputWithCapabilityMatch(t *testing.T) {
+	const line = "[using capability match for 'pkgconfig(liblzma)'] xz-devel-5.4.4-1.azl3.x86_64 : Header and development files for xz\nRepo : toolchain-repo"
+
+	matches := PackageProvidesRegex.FindStringSubmatch(line)
+
+	assert.Len(t, matches, PackageProvidesMaxMatchLen)
+	assert.Equal(t, "xz-devel-5.4.4-1.azl3.x86_64", matches[PackageProvidesNameIndex])
+}
+
+func TestPackageLookupNameMatchRegex_MatchesOutputWithMultiplePackages(t *testing.T) {
+	const line = "xz-devel-5.4.4-1.azl3.x86_64 : ABC\nRepo : toolchain-repo\nother-package-4.4.4-1.azl3.x86_64 : ABC2\nRepo : other-repo\n"
+
+	allMatches := PackageProvidesRegex.FindAllStringSubmatch(line, -1)
+
+	assert.Len(t, allMatches, 2)
+	assert.Len(t, allMatches[0], PackageProvidesMaxMatchLen)
+	assert.Equal(t, "xz-devel-5.4.4-1.azl3.x86_64", allMatches[0][PackageProvidesNameIndex])
+
+	assert.Len(t, allMatches[1], PackageProvidesMaxMatchLen)
+	assert.Equal(t, "other-package-4.4.4-1.azl3.x86_64", allMatches[1][PackageProvidesNameIndex])
+}
+
+func TestPackageLookupNameMatchRegex_MatchesOutputWithExternalAndSystemMix(t *testing.T) {
+	const line = "xz-devel-5.4.4-1.azl3.x86_64 : ABC\nRepo : toolchain-repo\nother-package-4.4.4-1.azl3.x86_64 : ABC2\nRepo : @System\n"
+
+	allMatches := PackageProvidesRegex.FindAllStringSubmatch(line, -1)
+
+	assert.Len(t, allMatches, 1)
+	assert.Len(t, allMatches[0], PackageProvidesMaxMatchLen)
+	assert.Equal(t, "xz-devel-5.4.4-1.azl3.x86_64", allMatches[0][PackageProvidesNameIndex])
+}
+
+func TestPackageLookupNameMatchRegex_MatchesOutputWithSystemFirstExternalSecond(t *testing.T) {
+	const line = "other-package-4.4.4-1.azl3.x86_64 : ABC2\nRepo : @System\nxz-devel-5.4.4-1.azl3.x86_64 : ABC\nRepo : toolchain-repo"
+
+	allMatches := PackageProvidesRegex.FindAllStringSubmatch(line, -1)
+
+	assert.Len(t, allMatches, 1)
+	assert.Len(t, allMatches[0], PackageProvidesMaxMatchLen)
+	assert.Equal(t, "xz-devel-5.4.4-1.azl3.x86_64", allMatches[0][PackageProvidesNameIndex])
+}
+
+func TestPackageLookupNameMatchRegex_FailsForOutputWithOnlyPluginLoaded(t *testing.T) {
+	const line = "Loaded plugin: tdnfrepogpgcheck"
+
+	assert.False(t, PackageProvidesRegex.MatchString(line))
+}

From d2f76c26a939896f9dee4a7700bf4a4e52b8b636 Mon Sep 17 00:00:00 2001
From: Rachel Menge <rachelmenge@microsoft.com>
Date: Wed, 2 Oct 2024 15:19:10 -0700
Subject: [PATCH 51/59] Enable nfsd v4 security label (#10605)

This is a security improvement. By turning on this config AZL3 provides security label support for NFSv4 server. This feature allows for fine grained security support for fine-grained security labels SELinux policies. Without this an NFSv4 mount will have the same label on each file.
---
 SPECS-SIGNED/kernel-signed/kernel-signed.spec               | 5 ++++-
 SPECS-SIGNED/kernel-uki-signed/kernel-uki-signed.spec       | 5 ++++-
 SPECS/kernel-headers/kernel-headers.spec                    | 5 ++++-
 SPECS/kernel/config                                         | 2 +-
 SPECS/kernel/config_aarch64                                 | 2 +-
 SPECS/kernel/kernel-uki.spec                                | 5 ++++-
 SPECS/kernel/kernel.signatures.json                         | 4 ++--
 SPECS/kernel/kernel.spec                                    | 5 ++++-
 toolkit/resources/manifests/package/pkggen_core_aarch64.txt | 2 +-
 toolkit/resources/manifests/package/pkggen_core_x86_64.txt  | 2 +-
 toolkit/resources/manifests/package/toolchain_aarch64.txt   | 2 +-
 toolkit/resources/manifests/package/toolchain_x86_64.txt    | 4 ++--
 12 files changed, 29 insertions(+), 14 deletions(-)

diff --git a/SPECS-SIGNED/kernel-signed/kernel-signed.spec b/SPECS-SIGNED/kernel-signed/kernel-signed.spec
index 7202acac4a3..a6e2bdf5601 100644
--- a/SPECS-SIGNED/kernel-signed/kernel-signed.spec
+++ b/SPECS-SIGNED/kernel-signed/kernel-signed.spec
@@ -10,7 +10,7 @@
 Summary:        Signed Linux Kernel for %{buildarch} systems
 Name:           kernel-signed-%{buildarch}
 Version:        6.6.51.1
-Release:        3%{?dist}
+Release:        4%{?dist}
 License:        GPLv2
 Vendor:         Microsoft Corporation
 Distribution:   Azure Linux
@@ -145,6 +145,9 @@ echo "initrd of kernel %{uname_r} removed" >&2
 %exclude /module_info.ld
 
 %changelog
+* Wed Oct 02 2024 Rachel Menge <rachelmenge@microsoft.com> - 6.6.51.1-4
+- Bump release to match kernel
+
 * Tue Sep 24 2024 Jo Zzsi <jozzsicsataban@gmail.com> - 6.6.51.1-3
 - Bump release to match kernel
 
diff --git a/SPECS-SIGNED/kernel-uki-signed/kernel-uki-signed.spec b/SPECS-SIGNED/kernel-uki-signed/kernel-uki-signed.spec
index 8d37cb196e4..5f8f35fa24d 100644
--- a/SPECS-SIGNED/kernel-uki-signed/kernel-uki-signed.spec
+++ b/SPECS-SIGNED/kernel-uki-signed/kernel-uki-signed.spec
@@ -6,7 +6,7 @@
 Summary:        Signed Unified Kernel Image for %{buildarch} systems
 Name:           kernel-uki-signed-%{buildarch}
 Version:        6.6.51.1
-Release:        3%{?dist}
+Release:        4%{?dist}
 License:        GPLv2
 Vendor:         Microsoft Corporation
 Distribution:   Azure Linux
@@ -68,6 +68,9 @@ popd
 /boot/efi/EFI/Linux/vmlinuz-uki-%{kernelver}.efi
 
 %changelog
+* Wed Oct 02 2024 Rachel Menge <rachelmenge@microsoft.com> - 6.6.51.1-4
+- Bump release to match kernel
+
 * Tue Sep 24 2024 Jo Zzsi <jozzsicsataban@gmail.com> - 6.6.51.1-3
 - Bump release to match kernel
 
diff --git a/SPECS/kernel-headers/kernel-headers.spec b/SPECS/kernel-headers/kernel-headers.spec
index 64674d1e752..fe2102925ba 100644
--- a/SPECS/kernel-headers/kernel-headers.spec
+++ b/SPECS/kernel-headers/kernel-headers.spec
@@ -14,7 +14,7 @@
 Summary:        Linux API header files
 Name:           kernel-headers
 Version:        6.6.51.1
-Release:        3%{?dist}
+Release:        4%{?dist}
 License:        GPLv2
 Vendor:         Microsoft Corporation
 Distribution:   Azure Linux
@@ -75,6 +75,9 @@ done
 %endif
 
 %changelog
+* Wed Oct 02 2024 Rachel Menge <rachelmenge@microsoft.com> - 6.6.51.1-4
+- Bump release to match kernel
+
 * Tue Sep 24 2024 Jo Zzsi <jozzsicsataban@gmail.com> - 6.6.51.1-3
 - Bump release to match kernel
 
diff --git a/SPECS/kernel/config b/SPECS/kernel/config
index ffa57cbd089..8f5afaf77bb 100644
--- a/SPECS/kernel/config
+++ b/SPECS/kernel/config
@@ -7209,7 +7209,7 @@ CONFIG_NFSD_BLOCKLAYOUT=y
 CONFIG_NFSD_SCSILAYOUT=y
 CONFIG_NFSD_FLEXFILELAYOUT=y
 # CONFIG_NFSD_V4_2_INTER_SSC is not set
-# CONFIG_NFSD_V4_SECURITY_LABEL is not set
+CONFIG_NFSD_V4_SECURITY_LABEL=y
 CONFIG_GRACE_PERIOD=m
 CONFIG_LOCKD=m
 CONFIG_LOCKD_V4=y
diff --git a/SPECS/kernel/config_aarch64 b/SPECS/kernel/config_aarch64
index f63a1200a14..58acb731145 100644
--- a/SPECS/kernel/config_aarch64
+++ b/SPECS/kernel/config_aarch64
@@ -10266,7 +10266,7 @@ CONFIG_NFSD_BLOCKLAYOUT=y
 CONFIG_NFSD_SCSILAYOUT=y
 CONFIG_NFSD_FLEXFILELAYOUT=y
 # CONFIG_NFSD_V4_2_INTER_SSC is not set
-# CONFIG_NFSD_V4_SECURITY_LABEL is not set
+CONFIG_NFSD_V4_SECURITY_LABEL=y
 CONFIG_GRACE_PERIOD=m
 CONFIG_LOCKD=m
 CONFIG_LOCKD_V4=y
diff --git a/SPECS/kernel/kernel-uki.spec b/SPECS/kernel/kernel-uki.spec
index b2c1fda6bef..6874041b6bf 100644
--- a/SPECS/kernel/kernel-uki.spec
+++ b/SPECS/kernel/kernel-uki.spec
@@ -18,7 +18,7 @@
 Summary:        Unified Kernel Image
 Name:           kernel-uki
 Version:        6.6.51.1
-Release:        3%{?dist}
+Release:        4%{?dist}
 License:        GPLv2
 Vendor:         Microsoft Corporation
 Distribution:   Azure Linux
@@ -75,6 +75,9 @@ cp %{buildroot}/boot/vmlinuz-uki-%{kernelver}.efi %{buildroot}/boot/efi/EFI/Linu
 /boot/efi/EFI/Linux/vmlinuz-uki-%{kernelver}.efi
 
 %changelog
+* Wed Oct 02 2024 Rachel Menge <rachelmenge@microsoft.com> - 6.6.51.1-4
+- Bump release to match kernel
+
 * Tue Sep 24 2024 Jo Zzsi <jozzsicsataban@gmail.com> - 6.6.51.1-3
 - Remove dbus from initrd
 
diff --git a/SPECS/kernel/kernel.signatures.json b/SPECS/kernel/kernel.signatures.json
index 62ddd47bec0..ef9f84ade49 100644
--- a/SPECS/kernel/kernel.signatures.json
+++ b/SPECS/kernel/kernel.signatures.json
@@ -1,8 +1,8 @@
 {
   "Signatures": {
     "cbl-mariner-ca-20211013.pem": "5ef124b0924cb1047c111a0ecff1ae11e6ad7cac8d1d9b40f98f99334121f0b0",
-    "config": "e4fca2e2d948f3e0d88f41ec66d463b95ffdc1f4f096693bc5734a0ef7262c56",
-    "config_aarch64": "cc95198e3a70fa025f4ad78723d0e220a2a023edad31e89854d0e8ad84986209",
+    "config": "bd071455eff0bdd8c93c6cdec7590b05dfe26bfead60fe2df71c2c722af11404",
+    "config_aarch64": "c496a8275a29735e25105a86db16228e1bdde3d8ce7e0caa72d423b971d6cbda",
     "cpupower": "d7518767bf2b1110d146a49c7d42e76b803f45eb8bd14d931aa6d0d346fae985",
     "cpupower.service": "b057fe9e5d0e8c36f485818286b80e3eba8ff66ff44797940e99b1fd5361bb98",
     "sha512hmac-openssl.sh": "02ab91329c4be09ee66d759e4d23ac875037c3b56e5a598e32fd1206da06a27f",
diff --git a/SPECS/kernel/kernel.spec b/SPECS/kernel/kernel.spec
index 90c95c33601..392c9f8f3ea 100644
--- a/SPECS/kernel/kernel.spec
+++ b/SPECS/kernel/kernel.spec
@@ -30,7 +30,7 @@
 Summary:        Linux Kernel
 Name:           kernel
 Version:        6.6.51.1
-Release:        3%{?dist}
+Release:        4%{?dist}
 License:        GPLv2
 Vendor:         Microsoft Corporation
 Distribution:   Azure Linux
@@ -407,6 +407,9 @@ echo "initrd of kernel %{uname_r} removed" >&2
 %{_sysconfdir}/bash_completion.d/bpftool
 
 %changelog
+* Wed Oct 02 2024 Rachel Menge <rachelmenge@microsoft.com> - 6.6.51.1-4
+- Enable nfsd v4 security label
+
 * Tue Sep 24 2024 Jo Zzsi <jozzsicsataban@gmail.com> - 6.6.51.1-3
 - UKI: remove dbus from initrd
 
diff --git a/toolkit/resources/manifests/package/pkggen_core_aarch64.txt b/toolkit/resources/manifests/package/pkggen_core_aarch64.txt
index 60eb8d805a3..2c7809f1e2b 100644
--- a/toolkit/resources/manifests/package/pkggen_core_aarch64.txt
+++ b/toolkit/resources/manifests/package/pkggen_core_aarch64.txt
@@ -1,5 +1,5 @@
 filesystem-1.1-21.azl3.aarch64.rpm
-kernel-headers-6.6.51.1-3.azl3.noarch.rpm
+kernel-headers-6.6.51.1-4.azl3.noarch.rpm
 glibc-2.38-8.azl3.aarch64.rpm
 glibc-devel-2.38-8.azl3.aarch64.rpm
 glibc-i18n-2.38-8.azl3.aarch64.rpm
diff --git a/toolkit/resources/manifests/package/pkggen_core_x86_64.txt b/toolkit/resources/manifests/package/pkggen_core_x86_64.txt
index 99a48bad483..0056f581ef8 100644
--- a/toolkit/resources/manifests/package/pkggen_core_x86_64.txt
+++ b/toolkit/resources/manifests/package/pkggen_core_x86_64.txt
@@ -1,5 +1,5 @@
 filesystem-1.1-21.azl3.x86_64.rpm
-kernel-headers-6.6.51.1-3.azl3.noarch.rpm
+kernel-headers-6.6.51.1-4.azl3.noarch.rpm
 glibc-2.38-8.azl3.x86_64.rpm
 glibc-devel-2.38-8.azl3.x86_64.rpm
 glibc-i18n-2.38-8.azl3.x86_64.rpm
diff --git a/toolkit/resources/manifests/package/toolchain_aarch64.txt b/toolkit/resources/manifests/package/toolchain_aarch64.txt
index efafcc9a32d..8f333f06b10 100644
--- a/toolkit/resources/manifests/package/toolchain_aarch64.txt
+++ b/toolkit/resources/manifests/package/toolchain_aarch64.txt
@@ -156,7 +156,7 @@ intltool-0.51.0-7.azl3.noarch.rpm
 itstool-2.0.7-1.azl3.noarch.rpm
 kbd-2.2.0-2.azl3.aarch64.rpm
 kbd-debuginfo-2.2.0-2.azl3.aarch64.rpm
-kernel-headers-6.6.51.1-3.azl3.noarch.rpm
+kernel-headers-6.6.51.1-4.azl3.noarch.rpm
 kmod-30-1.azl3.aarch64.rpm
 kmod-debuginfo-30-1.azl3.aarch64.rpm
 kmod-devel-30-1.azl3.aarch64.rpm
diff --git a/toolkit/resources/manifests/package/toolchain_x86_64.txt b/toolkit/resources/manifests/package/toolchain_x86_64.txt
index 445432e41a1..92886521b33 100644
--- a/toolkit/resources/manifests/package/toolchain_x86_64.txt
+++ b/toolkit/resources/manifests/package/toolchain_x86_64.txt
@@ -161,8 +161,8 @@ intltool-0.51.0-7.azl3.noarch.rpm
 itstool-2.0.7-1.azl3.noarch.rpm
 kbd-2.2.0-2.azl3.x86_64.rpm
 kbd-debuginfo-2.2.0-2.azl3.x86_64.rpm
-kernel-cross-headers-6.6.51.1-3.azl3.noarch.rpm
-kernel-headers-6.6.51.1-3.azl3.noarch.rpm
+kernel-cross-headers-6.6.51.1-4.azl3.noarch.rpm
+kernel-headers-6.6.51.1-4.azl3.noarch.rpm
 kmod-30-1.azl3.x86_64.rpm
 kmod-debuginfo-30-1.azl3.x86_64.rpm
 kmod-devel-30-1.azl3.x86_64.rpm

From fd3f001789ded0f8066479399a51183074f8d593 Mon Sep 17 00:00:00 2001
From: Rachel Menge <rachelmenge@microsoft.com>
Date: Wed, 2 Oct 2024 16:42:12 -0700
Subject: [PATCH 52/59] Enable iptables by default (#10597)

Default presets were introduced in PR #8028. The default firewall was firewalld which is not fully supported for Azl3. Therefore, set as iptables.

- For an image upgrade, this PR will cause the iptables.service to run by default and thus, will introduce firewall rules by default.
- For a package upgrade to azurelinux-release-3.0-20, the iptables service will be recognized as being allowed by the preset but will NOT be enabled by default. That being said, if an iptables.rpm upgrade comes in afterwards, the rules WILL be turned on
- For a package downgrade to an older package (< azurelinux-release-3.0-20), the preset will show that the iptables service is disabled by the preset but iptables WILL continue to run even after reboot
---
 SPECS/azurelinux-release/90-default.preset                  | 2 +-
 SPECS/azurelinux-release/azurelinux-release.signatures.json | 2 +-
 SPECS/azurelinux-release/azurelinux-release.spec            | 5 ++++-
 3 files changed, 6 insertions(+), 3 deletions(-)

diff --git a/SPECS/azurelinux-release/90-default.preset b/SPECS/azurelinux-release/90-default.preset
index 9396ddb33f4..0d2fc7c9da8 100644
--- a/SPECS/azurelinux-release/90-default.preset
+++ b/SPECS/azurelinux-release/90-default.preset
@@ -28,7 +28,7 @@ enable rsyslog.*
 enable syslog-ng.*
 enable sysklogd.*
 
-enable firewalld.service
+enable iptables.service
 
 enable virtqemud.socket
 enable virtqemud-ro.socket
diff --git a/SPECS/azurelinux-release/azurelinux-release.signatures.json b/SPECS/azurelinux-release/azurelinux-release.signatures.json
index abdff16e401..1457a3d405f 100644
--- a/SPECS/azurelinux-release/azurelinux-release.signatures.json
+++ b/SPECS/azurelinux-release/azurelinux-release.signatures.json
@@ -1,6 +1,6 @@
 {
  "Signatures": {
-  "90-default.preset": "50ed546e79e3c9f5c4f2d4a9796255537f4900d5d1d78c0564fbe7362634531b",
+  "90-default.preset": "073dd8a72f9ef915280bb608f5ea0b394c0d658fe0537d552135332168fadb03",
   "90-default-user.preset": "7cf8f4d2ca1760e04ff46bd2444609cfd27a7ab456be2f9e73b0f89c284e134d",
   "99-default-disable.preset": "3127b197b9eae62eb84eeed69b0413419612238332006183e36a3fba89578378",
   "15-azurelinux-default.conf": "63a46ecbed4b92f996718ea9202e914ff119c2c06fdaeed3d1e2710aabc663b4"
diff --git a/SPECS/azurelinux-release/azurelinux-release.spec b/SPECS/azurelinux-release/azurelinux-release.spec
index 86b2247f1a9..36cf8341b38 100644
--- a/SPECS/azurelinux-release/azurelinux-release.spec
+++ b/SPECS/azurelinux-release/azurelinux-release.spec
@@ -5,7 +5,7 @@
 Summary:        Azure Linux release files
 Name:           azurelinux-release
 Version:        %{dist_version}.0
-Release:        19%{?dist}
+Release:        20%{?dist}
 License:        MIT
 Vendor:         Microsoft Corporation
 Distribution:   Azure Linux
@@ -118,6 +118,9 @@ install -Dm0644 %{SOURCE4} -t %{buildroot}%{_sysctldir}/
 %{_sysctldir}/*.conf
 
 %changelog
+* Fri Sep 27 2024 Rachel Menge <rachelmenge@microsoft.com> - 3.0-20
+- Enable iptables as default firewall
+
 * Wed Sep 25 2024 CBL-Mariner Servicing Account <cblmargh@microsoft.com> - 3.0-19
 - Bump release for October 2024 Update
 

From 2564082aa495cab1c81ddcdfc1d0b7139177b41f Mon Sep 17 00:00:00 2001
From: Tobias Brick <39196763+tobiasb-ms@users.noreply.github.com>
Date: Thu, 3 Oct 2024 11:39:29 -0700
Subject: [PATCH 53/59] use build type RelWithDebInfo to generate debug info
 with sources (#10611)

Changes build of SymCrypt-OpenSSL so sources are included in the debuginfo rpm. We had been building with CMAKE_BUILD_TYPE set to Release rather than RelWithDebInfo. Here's a good discussion of the differences.
---
 SPECS/SymCrypt-OpenSSL/SymCrypt-OpenSSL.spec | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/SPECS/SymCrypt-OpenSSL/SymCrypt-OpenSSL.spec b/SPECS/SymCrypt-OpenSSL/SymCrypt-OpenSSL.spec
index c76637d4be4..8789f31fc54 100644
--- a/SPECS/SymCrypt-OpenSSL/SymCrypt-OpenSSL.spec
+++ b/SPECS/SymCrypt-OpenSSL/SymCrypt-OpenSSL.spec
@@ -1,7 +1,7 @@
 Summary:        The SymCrypt engine for OpenSSL (SCOSSL) allows the use of OpenSSL with SymCrypt as the provider for core cryptographic operations
 Name:           SymCrypt-OpenSSL
 Version:        1.5.1
-Release:        1%{?dist}
+Release:        2%{?dist}
 License:        MIT
 Vendor:         Microsoft Corporation
 Distribution:   Azure Linux
@@ -39,7 +39,7 @@ cmake   .. \
         -DOPENSSL_ROOT_DIR="%{_prefix}/local/ssl" \
         -DSYMCRYPT_ROOT_DIR=%{buildroot}%{_includedir}/.. \
         -DCMAKE_TOOLCHAIN_FILE="../cmake-toolchain/LinuxUserMode-%{symcrypt_arch}.cmake" \
-        -DCMAKE_BUILD_TYPE=Release
+        -DCMAKE_BUILD_TYPE=RelWithDebInfo
 
 cmake --build .
 
@@ -67,6 +67,9 @@ install SymCryptProvider/symcrypt_prov.cnf %{buildroot}%{_sysconfdir}/pki/tls/sy
 %{_sysconfdir}/pki/tls/symcrypt_prov.cnf
 
 %changelog
+* Wed Oct 02 2024 Tobias Brick <tobiasb@microsoft.com> - 1.5.1-2
+- Add sources to debuginfo package
+
 * Wed Aug 21 2024 Maxwell Moyer-McKee <mamckee@microsoft.com> - 1.5.1-1
 - Fix minor behavior differences with default provider
 

From f086246b6ba9391f63029b3b8bd4a43313ffd756 Mon Sep 17 00:00:00 2001
From: Rachel Menge <rachelmenge@microsoft.com>
Date: Thu, 3 Oct 2024 12:00:11 -0700
Subject: [PATCH 54/59] Enable virtio console by default and build e1000
 drivers as modules (#10604)

Enable virtio console by default
Because we typically service a hypervised environment, load virtio console by default.

Make the e1000 x86 configs modules instead of built-in
These drivers are specific for one type of ethernet adapter. Therefore make a module and not built-in by default. The module will be called e1000
---
 SPECS-SIGNED/kernel-signed/kernel-signed.spec               | 5 ++++-
 SPECS-SIGNED/kernel-uki-signed/kernel-uki-signed.spec       | 5 ++++-
 SPECS/kernel-headers/kernel-headers.spec                    | 5 ++++-
 SPECS/kernel/config                                         | 6 +++---
 SPECS/kernel/kernel-uki.spec                                | 5 ++++-
 SPECS/kernel/kernel.signatures.json                         | 2 +-
 SPECS/kernel/kernel.spec                                    | 6 +++++-
 toolkit/resources/manifests/package/pkggen_core_aarch64.txt | 2 +-
 toolkit/resources/manifests/package/pkggen_core_x86_64.txt  | 2 +-
 toolkit/resources/manifests/package/toolchain_aarch64.txt   | 2 +-
 toolkit/resources/manifests/package/toolchain_x86_64.txt    | 4 ++--
 11 files changed, 30 insertions(+), 14 deletions(-)

diff --git a/SPECS-SIGNED/kernel-signed/kernel-signed.spec b/SPECS-SIGNED/kernel-signed/kernel-signed.spec
index a6e2bdf5601..4ea7c12101d 100644
--- a/SPECS-SIGNED/kernel-signed/kernel-signed.spec
+++ b/SPECS-SIGNED/kernel-signed/kernel-signed.spec
@@ -10,7 +10,7 @@
 Summary:        Signed Linux Kernel for %{buildarch} systems
 Name:           kernel-signed-%{buildarch}
 Version:        6.6.51.1
-Release:        4%{?dist}
+Release:        5%{?dist}
 License:        GPLv2
 Vendor:         Microsoft Corporation
 Distribution:   Azure Linux
@@ -145,6 +145,9 @@ echo "initrd of kernel %{uname_r} removed" >&2
 %exclude /module_info.ld
 
 %changelog
+* Thu Oct 03 2024 Rachel Menge <rachelmenge@microsoft.com> - 6.6.51.1-5
+- Bump release to match kernel
+
 * Wed Oct 02 2024 Rachel Menge <rachelmenge@microsoft.com> - 6.6.51.1-4
 - Bump release to match kernel
 
diff --git a/SPECS-SIGNED/kernel-uki-signed/kernel-uki-signed.spec b/SPECS-SIGNED/kernel-uki-signed/kernel-uki-signed.spec
index 5f8f35fa24d..675978e2e10 100644
--- a/SPECS-SIGNED/kernel-uki-signed/kernel-uki-signed.spec
+++ b/SPECS-SIGNED/kernel-uki-signed/kernel-uki-signed.spec
@@ -6,7 +6,7 @@
 Summary:        Signed Unified Kernel Image for %{buildarch} systems
 Name:           kernel-uki-signed-%{buildarch}
 Version:        6.6.51.1
-Release:        4%{?dist}
+Release:        5%{?dist}
 License:        GPLv2
 Vendor:         Microsoft Corporation
 Distribution:   Azure Linux
@@ -68,6 +68,9 @@ popd
 /boot/efi/EFI/Linux/vmlinuz-uki-%{kernelver}.efi
 
 %changelog
+* Thu Oct 03 2024 Rachel Menge <rachelmenge@microsoft.com> - 6.6.51.1-5
+- Bump release to match kernel
+
 * Wed Oct 02 2024 Rachel Menge <rachelmenge@microsoft.com> - 6.6.51.1-4
 - Bump release to match kernel
 
diff --git a/SPECS/kernel-headers/kernel-headers.spec b/SPECS/kernel-headers/kernel-headers.spec
index fe2102925ba..c9fc7ab67ee 100644
--- a/SPECS/kernel-headers/kernel-headers.spec
+++ b/SPECS/kernel-headers/kernel-headers.spec
@@ -14,7 +14,7 @@
 Summary:        Linux API header files
 Name:           kernel-headers
 Version:        6.6.51.1
-Release:        4%{?dist}
+Release:        5%{?dist}
 License:        GPLv2
 Vendor:         Microsoft Corporation
 Distribution:   Azure Linux
@@ -75,6 +75,9 @@ done
 %endif
 
 %changelog
+* Thu Oct 03 2024 Rachel Menge <rachelmenge@microsoft.com> - 6.6.51.1-5
+- Bump release to match kernel
+
 * Wed Oct 02 2024 Rachel Menge <rachelmenge@microsoft.com> - 6.6.51.1-4
 - Bump release to match kernel
 
diff --git a/SPECS/kernel/config b/SPECS/kernel/config
index 8f5afaf77bb..61ec375a81e 100644
--- a/SPECS/kernel/config
+++ b/SPECS/kernel/config
@@ -2673,8 +2673,8 @@ CONFIG_NET_VENDOR_GOOGLE=y
 CONFIG_NET_VENDOR_I825XX=y
 CONFIG_NET_VENDOR_INTEL=y
 CONFIG_E100=m
-CONFIG_E1000=y
-CONFIG_E1000E=y
+CONFIG_E1000=m
+CONFIG_E1000E=m
 CONFIG_E1000E_HWTS=y
 CONFIG_IGB=m
 CONFIG_IGB_HWMON=y
@@ -3328,7 +3328,7 @@ CONFIG_HVC_XEN_FRONTEND=y
 CONFIG_SERIAL_DEV_BUS=y
 CONFIG_SERIAL_DEV_CTRL_TTYPORT=y
 # CONFIG_TTY_PRINTK is not set
-CONFIG_VIRTIO_CONSOLE=m
+CONFIG_VIRTIO_CONSOLE=y
 CONFIG_IPMI_HANDLER=m
 CONFIG_IPMI_DMI_DECODE=y
 CONFIG_IPMI_PLAT_DATA=y
diff --git a/SPECS/kernel/kernel-uki.spec b/SPECS/kernel/kernel-uki.spec
index 6874041b6bf..665feb2b6ab 100644
--- a/SPECS/kernel/kernel-uki.spec
+++ b/SPECS/kernel/kernel-uki.spec
@@ -18,7 +18,7 @@
 Summary:        Unified Kernel Image
 Name:           kernel-uki
 Version:        6.6.51.1
-Release:        4%{?dist}
+Release:        5%{?dist}
 License:        GPLv2
 Vendor:         Microsoft Corporation
 Distribution:   Azure Linux
@@ -75,6 +75,9 @@ cp %{buildroot}/boot/vmlinuz-uki-%{kernelver}.efi %{buildroot}/boot/efi/EFI/Linu
 /boot/efi/EFI/Linux/vmlinuz-uki-%{kernelver}.efi
 
 %changelog
+* Thu Oct 03 2024 Rachel Menge <rachelmenge@microsoft.com> - 6.6.51.1-5
+- Bump release to match kernel
+
 * Wed Oct 02 2024 Rachel Menge <rachelmenge@microsoft.com> - 6.6.51.1-4
 - Bump release to match kernel
 
diff --git a/SPECS/kernel/kernel.signatures.json b/SPECS/kernel/kernel.signatures.json
index ef9f84ade49..17be245e529 100644
--- a/SPECS/kernel/kernel.signatures.json
+++ b/SPECS/kernel/kernel.signatures.json
@@ -1,7 +1,7 @@
 {
   "Signatures": {
     "cbl-mariner-ca-20211013.pem": "5ef124b0924cb1047c111a0ecff1ae11e6ad7cac8d1d9b40f98f99334121f0b0",
-    "config": "bd071455eff0bdd8c93c6cdec7590b05dfe26bfead60fe2df71c2c722af11404",
+    "config": "2c39e562cc6c0f133df50a576e27e5a89a5d3c5fde8a6ed391cde372129e202f",
     "config_aarch64": "c496a8275a29735e25105a86db16228e1bdde3d8ce7e0caa72d423b971d6cbda",
     "cpupower": "d7518767bf2b1110d146a49c7d42e76b803f45eb8bd14d931aa6d0d346fae985",
     "cpupower.service": "b057fe9e5d0e8c36f485818286b80e3eba8ff66ff44797940e99b1fd5361bb98",
diff --git a/SPECS/kernel/kernel.spec b/SPECS/kernel/kernel.spec
index 392c9f8f3ea..7e167e33d1e 100644
--- a/SPECS/kernel/kernel.spec
+++ b/SPECS/kernel/kernel.spec
@@ -30,7 +30,7 @@
 Summary:        Linux Kernel
 Name:           kernel
 Version:        6.6.51.1
-Release:        4%{?dist}
+Release:        5%{?dist}
 License:        GPLv2
 Vendor:         Microsoft Corporation
 Distribution:   Azure Linux
@@ -407,6 +407,10 @@ echo "initrd of kernel %{uname_r} removed" >&2
 %{_sysconfdir}/bash_completion.d/bpftool
 
 %changelog
+* Thu Oct 03 2024 Rachel Menge <rachelmenge@microsoft.com> - 6.6.51.1-5
+- Make e1000 drivers modules instead of built-in
+- Enable virtio console by default
+
 * Wed Oct 02 2024 Rachel Menge <rachelmenge@microsoft.com> - 6.6.51.1-4
 - Enable nfsd v4 security label
 
diff --git a/toolkit/resources/manifests/package/pkggen_core_aarch64.txt b/toolkit/resources/manifests/package/pkggen_core_aarch64.txt
index 2c7809f1e2b..f3875f9cc73 100644
--- a/toolkit/resources/manifests/package/pkggen_core_aarch64.txt
+++ b/toolkit/resources/manifests/package/pkggen_core_aarch64.txt
@@ -1,5 +1,5 @@
 filesystem-1.1-21.azl3.aarch64.rpm
-kernel-headers-6.6.51.1-4.azl3.noarch.rpm
+kernel-headers-6.6.51.1-5.azl3.noarch.rpm
 glibc-2.38-8.azl3.aarch64.rpm
 glibc-devel-2.38-8.azl3.aarch64.rpm
 glibc-i18n-2.38-8.azl3.aarch64.rpm
diff --git a/toolkit/resources/manifests/package/pkggen_core_x86_64.txt b/toolkit/resources/manifests/package/pkggen_core_x86_64.txt
index 0056f581ef8..4a3646e436c 100644
--- a/toolkit/resources/manifests/package/pkggen_core_x86_64.txt
+++ b/toolkit/resources/manifests/package/pkggen_core_x86_64.txt
@@ -1,5 +1,5 @@
 filesystem-1.1-21.azl3.x86_64.rpm
-kernel-headers-6.6.51.1-4.azl3.noarch.rpm
+kernel-headers-6.6.51.1-5.azl3.noarch.rpm
 glibc-2.38-8.azl3.x86_64.rpm
 glibc-devel-2.38-8.azl3.x86_64.rpm
 glibc-i18n-2.38-8.azl3.x86_64.rpm
diff --git a/toolkit/resources/manifests/package/toolchain_aarch64.txt b/toolkit/resources/manifests/package/toolchain_aarch64.txt
index 8f333f06b10..f1c8e4a3e24 100644
--- a/toolkit/resources/manifests/package/toolchain_aarch64.txt
+++ b/toolkit/resources/manifests/package/toolchain_aarch64.txt
@@ -156,7 +156,7 @@ intltool-0.51.0-7.azl3.noarch.rpm
 itstool-2.0.7-1.azl3.noarch.rpm
 kbd-2.2.0-2.azl3.aarch64.rpm
 kbd-debuginfo-2.2.0-2.azl3.aarch64.rpm
-kernel-headers-6.6.51.1-4.azl3.noarch.rpm
+kernel-headers-6.6.51.1-5.azl3.noarch.rpm
 kmod-30-1.azl3.aarch64.rpm
 kmod-debuginfo-30-1.azl3.aarch64.rpm
 kmod-devel-30-1.azl3.aarch64.rpm
diff --git a/toolkit/resources/manifests/package/toolchain_x86_64.txt b/toolkit/resources/manifests/package/toolchain_x86_64.txt
index 92886521b33..bcd3e28460d 100644
--- a/toolkit/resources/manifests/package/toolchain_x86_64.txt
+++ b/toolkit/resources/manifests/package/toolchain_x86_64.txt
@@ -161,8 +161,8 @@ intltool-0.51.0-7.azl3.noarch.rpm
 itstool-2.0.7-1.azl3.noarch.rpm
 kbd-2.2.0-2.azl3.x86_64.rpm
 kbd-debuginfo-2.2.0-2.azl3.x86_64.rpm
-kernel-cross-headers-6.6.51.1-4.azl3.noarch.rpm
-kernel-headers-6.6.51.1-4.azl3.noarch.rpm
+kernel-cross-headers-6.6.51.1-5.azl3.noarch.rpm
+kernel-headers-6.6.51.1-5.azl3.noarch.rpm
 kmod-30-1.azl3.x86_64.rpm
 kmod-debuginfo-30-1.azl3.x86_64.rpm
 kmod-devel-30-1.azl3.x86_64.rpm

From 6b3ca35abce6c63feb6c52f0d615039910c3aee8 Mon Sep 17 00:00:00 2001
From: Bala <kumaran.4353@gmail.com>
Date: Fri, 4 Oct 2024 10:27:20 +0530
Subject: [PATCH 55/59] Enable check section in python-platformdirs (#10591)

---
 SPECS/python-platformdirs/python-platformdirs.spec | 14 ++++++++++----
 1 file changed, 10 insertions(+), 4 deletions(-)

diff --git a/SPECS/python-platformdirs/python-platformdirs.spec b/SPECS/python-platformdirs/python-platformdirs.spec
index ebe3a471a1e..2a8ae6d4bc3 100644
--- a/SPECS/python-platformdirs/python-platformdirs.spec
+++ b/SPECS/python-platformdirs/python-platformdirs.spec
@@ -1,5 +1,4 @@
 # Disable tests as it requires new package python-exceptiongroup
-%global with_check 0
 %global srcname platformdirs
 %bcond_without tests
 %global common_description %{expand:
@@ -8,7 +7,7 @@ a "user data dir".}
 Summary:        Python module for determining appropriate platform-specific dirs
 Name:           python-%{srcname}
 Version:        4.2.0
-Release:        1%{?dist}
+Release:        2%{?dist}
 License:        MIT
 Vendor:         Microsoft Corporation
 Distribution:   Azure Linux
@@ -26,6 +25,11 @@ BuildRequires:  python3-pathspec
 BuildRequires:  python3-pluggy
 BuildRequires:  python3-tomli
 BuildRequires:  python3-trove-classifiers
+%if 0%{?with_check}
+BuildRequires:  python3-pytest
+BuildRequires:  python3-pytest-mock
+BuildRequires:  python3-appdirs
+%endif
 BuildArch:      noarch
 
 %description %{common_description}
@@ -51,13 +55,12 @@ BuildRequires:  python3-devel
 
 
 %check
-%if 0%{?with_check}
 %if %{with tests}
+pip install iniconfig==2.0.0
 %pytest
 %else
 %pyproject_check_import
 %endif
-%endif
 
 
 %files -n python3-%{srcname} -f %{pyproject_files}
@@ -65,6 +68,9 @@ BuildRequires:  python3-devel
 %doc README.rst
 
 %changelog
+* Thu Oct 03 2024 Bala <balakumaran.kannan@microsoft.com> - 4.2.0-2
+- Fixing the missing dependency in the test section and enable it
+
 * Mon Feb 26 2024 Bala <balakumaran.kannan@microsoft.com> - 4.2.0-1
 - Upgraded to 4.2.0
 - Disable tests as pytest requires new package python-exceptiongroup

From 2625d7b7e38f550f70ab567907fc26a3590ea92b Mon Sep 17 00:00:00 2001
From: Sam Meluch <109628994+sameluch@users.noreply.github.com>
Date: Fri, 4 Oct 2024 10:56:44 -0700
Subject: [PATCH 56/59] Add REPO_SNAPSHOT_TIME to the toolkit for package and
 image build. (#10369)

---
 SPECS/tdnf/tdnf.spec                          |   7 +-
 SPECS/tdnf/virtual-repo-snapshot.patch        |   6 +-
 toolkit/Makefile                              |   2 +
 .../iso_initrd/root/runliveinstaller          |   7 +-
 .../manifests/package/pkggen_core_aarch64.txt |   8 +-
 .../manifests/package/pkggen_core_x86_64.txt  |   8 +-
 .../manifests/package/toolchain_aarch64.txt   |  16 +--
 .../manifests/package/toolchain_x86_64.txt    |  16 +--
 toolkit/scripts/imggen.mk                     |  21 +++-
 toolkit/scripts/pkggen.mk                     |  16 ++-
 toolkit/scripts/utils.mk                      |   4 +-
 toolkit/tools/grapher/grapher.go              |   3 +-
 .../tools/graphpkgfetcher/graphpkgfetcher.go  |   3 +-
 .../tools/imagepkgfetcher/imagepkgfetcher.go  |   3 +-
 toolkit/tools/imager/imager.go                |  43 +++++---
 .../repocloner/rpmrepocloner/rpmrepocloner.go |  60 ++++++++++-
 toolkit/tools/internal/tdnf/tdnf.go           |  76 +++++++++++++
 toolkit/tools/internal/tdnf/tdnf_test.go      | 101 ++++++++++++++++++
 .../tools/internal/tdnf/testdata/tdnf.conf    |   1 +
 toolkit/tools/isomaker/isomaker.go            |   4 +-
 toolkit/tools/liveinstaller/liveinstaller.go  |  31 +++---
 toolkit/tools/pkg/isomakerlib/isomaker.go     |  25 ++++-
 22 files changed, 384 insertions(+), 77 deletions(-)
 create mode 100644 toolkit/tools/internal/tdnf/testdata/tdnf.conf

diff --git a/SPECS/tdnf/tdnf.spec b/SPECS/tdnf/tdnf.spec
index 93fbcc0febe..57fa9bc54e7 100644
--- a/SPECS/tdnf/tdnf.spec
+++ b/SPECS/tdnf/tdnf.spec
@@ -4,7 +4,7 @@
 Summary:        dnf equivalent using C libs
 Name:           tdnf
 Version:        3.5.8
-Release:        2%{?dist}
+Release:        3%{?dist}
 License:        LGPLv2.1 AND GPLv2
 Vendor:         Microsoft Corporation
 Distribution:   Azure Linux
@@ -237,7 +237,10 @@ fi
 /%{_lib}/systemd/system/tdnf*
 
 %changelog
-* Thu Aug 29 2024 Sam Meluch <sammeluch@microsoft.com> - 3.5.8-2
+* Fri Sep 20 2024 Sam Meluch <sammeluch@microsoft.com> - 3.5.8-3
+- Fix an issue with snapshottime config option
+
+* Wed Sep 18 2024 Sam Meluch <sammeluch@microsoft.com> - 3.5.8-2
 - Add virtual repo snapshot exclude repos
 
 * Mon Sep 09 2024 Sam Meluch <sammeluch@microsoft.com> - 3.5.8-1
diff --git a/SPECS/tdnf/virtual-repo-snapshot.patch b/SPECS/tdnf/virtual-repo-snapshot.patch
index 50c9e96e553..063252fc188 100644
--- a/SPECS/tdnf/virtual-repo-snapshot.patch
+++ b/SPECS/tdnf/virtual-repo-snapshot.patch
@@ -1,4 +1,4 @@
-From ef2e53818f93005d1dc2d96eaa36519069fa979d Mon Sep 17 00:00:00 2001
+From 7af976b8d0977f32f9903220d8b44378e72d4336 Mon Sep 17 00:00:00 2001
 From: Sam Meluch <sammeluch@microsoft.com>
 Date: Tue, 30 Apr 2024 13:56:44 -0700
 Subject: [PATCH] Add virtual repo snapshot feature to tdnf
@@ -21,7 +21,7 @@ Subject: [PATCH] Add virtual repo snapshot feature to tdnf
  14 files changed, 958 insertions(+), 17 deletions(-)
 
 diff --git a/client/config.c b/client/config.c
-index 8ddcc7a..805fff1 100644
+index 8ddcc7a..ef16467 100644
 --- a/client/config.c
 +++ b/client/config.c
 @@ -85,6 +85,7 @@ TDNFReadConfig(
@@ -38,7 +38,7 @@ index 8ddcc7a..805fff1 100644
          }
 +        else if (strcmp(cn->name, TDNF_CONF_KEY_SNAPSHOT_TIME) == 0)
 +        {
-+            pConf->pszSnapshotTime = cn->value; //assumes your system's time_t is typedef long
++            pConf->pszSnapshotTime = strdup(cn->value); //assumes your system's time_t is typedef long
 +        }
          else if (strcmp(cn->name, TDNF_CONF_KEY_CLEAN_REQ_ON_REMOVE) == 0)
          {
diff --git a/toolkit/Makefile b/toolkit/Makefile
index d97ca77b9d9..5e59df6d949 100644
--- a/toolkit/Makefile
+++ b/toolkit/Makefile
@@ -45,6 +45,8 @@ RUN_CHECK                            ?= n
 USE_PREVIEW_REPO                     ?= n
 DISABLE_UPSTREAM_REPOS               ?= n
 DISABLE_DEFAULT_REPOS                ?= n
+##help:var:REPO_SNAPSHOT_TIME:<posix_time>=Posix time to be used as a snapshot for remote repositories when fetching packages. Example: REPO_SNAPSHOT_TIME="1724119509".
+REPO_SNAPSHOT_TIME                   ?=
 TOOLCHAIN_CONTAINER_ARCHIVE          ?=
 TOOLCHAIN_ARCHIVE                    ?=
 TOOLCHAIN_SOURCES_ARCHIVE            ?=
diff --git a/toolkit/resources/imageconfigs/additionalfiles/iso_initrd/root/runliveinstaller b/toolkit/resources/imageconfigs/additionalfiles/iso_initrd/root/runliveinstaller
index 1fe417f94a2..22cb4741cc9 100755
--- a/toolkit/resources/imageconfigs/additionalfiles/iso_initrd/root/runliveinstaller
+++ b/toolkit/resources/imageconfigs/additionalfiles/iso_initrd/root/runliveinstaller
@@ -143,8 +143,13 @@ cd /installer
 # Turn off echoing while the installer runs to stop sensitive data from rendering in the TTY session.
 stty -echo
 
+# add call to static time file to populate liveinstaller option here
+if [[ -f "$CONFIG_ROOT/repo-snapshot-time.txt" ]]; then
+REPO_TIME=$(cat /"$CONFIG_ROOT/repo-snapshot-time.txt")
+fi
+
 ./liveinstaller --base-dir $CONFIG_ROOT --imager /installer/imager --input $UNATTENDED_CONFIG_FILE --template-config $CONFIG_ROOT/attended_config.json \
-                --build-dir $PWD --log-file=/installer/log.txt
+                --build-dir $PWD --log-file=/installer/log.txt --repo-snapshot-time="$REPO_TIME"
 installerExitCode=$?
 
 # Consume any buffered stdin to prevent it from being passed to any future programs,
diff --git a/toolkit/resources/manifests/package/pkggen_core_aarch64.txt b/toolkit/resources/manifests/package/pkggen_core_aarch64.txt
index f3875f9cc73..c8e57e36694 100644
--- a/toolkit/resources/manifests/package/pkggen_core_aarch64.txt
+++ b/toolkit/resources/manifests/package/pkggen_core_aarch64.txt
@@ -211,10 +211,10 @@ lua-5.4.6-1.azl3.aarch64.rpm
 lua-libs-5.4.6-1.azl3.aarch64.rpm
 azurelinux-rpm-macros-3.0-7.azl3.noarch.rpm
 azurelinux-check-macros-3.0-7.azl3.noarch.rpm
-tdnf-3.5.8-2.azl3.aarch64.rpm
-tdnf-cli-libs-3.5.8-2.azl3.aarch64.rpm
-tdnf-devel-3.5.8-2.azl3.aarch64.rpm
-tdnf-plugin-repogpgcheck-3.5.8-2.azl3.aarch64.rpm
+tdnf-3.5.8-3.azl3.aarch64.rpm
+tdnf-cli-libs-3.5.8-3.azl3.aarch64.rpm
+tdnf-devel-3.5.8-3.azl3.aarch64.rpm
+tdnf-plugin-repogpgcheck-3.5.8-3.azl3.aarch64.rpm
 libassuan-2.5.6-1.azl3.aarch64.rpm
 libassuan-devel-2.5.6-1.azl3.aarch64.rpm
 libgpg-error-1.47-1.azl3.aarch64.rpm
diff --git a/toolkit/resources/manifests/package/pkggen_core_x86_64.txt b/toolkit/resources/manifests/package/pkggen_core_x86_64.txt
index 4a3646e436c..4326ff86195 100644
--- a/toolkit/resources/manifests/package/pkggen_core_x86_64.txt
+++ b/toolkit/resources/manifests/package/pkggen_core_x86_64.txt
@@ -211,10 +211,10 @@ lua-5.4.6-1.azl3.x86_64.rpm
 lua-libs-5.4.6-1.azl3.x86_64.rpm
 azurelinux-rpm-macros-3.0-7.azl3.noarch.rpm
 azurelinux-check-macros-3.0-7.azl3.noarch.rpm
-tdnf-3.5.8-2.azl3.x86_64.rpm
-tdnf-cli-libs-3.5.8-2.azl3.x86_64.rpm
-tdnf-devel-3.5.8-2.azl3.x86_64.rpm
-tdnf-plugin-repogpgcheck-3.5.8-2.azl3.x86_64.rpm
+tdnf-3.5.8-3.azl3.x86_64.rpm
+tdnf-cli-libs-3.5.8-3.azl3.x86_64.rpm
+tdnf-devel-3.5.8-3.azl3.x86_64.rpm
+tdnf-plugin-repogpgcheck-3.5.8-3.azl3.x86_64.rpm
 libassuan-2.5.6-1.azl3.x86_64.rpm
 libassuan-devel-2.5.6-1.azl3.x86_64.rpm
 libgpg-error-1.47-1.azl3.x86_64.rpm
diff --git a/toolkit/resources/manifests/package/toolchain_aarch64.txt b/toolkit/resources/manifests/package/toolchain_aarch64.txt
index f1c8e4a3e24..ba5ce5970bd 100644
--- a/toolkit/resources/manifests/package/toolchain_aarch64.txt
+++ b/toolkit/resources/manifests/package/toolchain_aarch64.txt
@@ -584,14 +584,14 @@ systemd-bootstrap-libs-250.3-17.azl3.aarch64.rpm
 systemd-bootstrap-rpm-macros-250.3-17.azl3.noarch.rpm
 tar-1.35-1.azl3.aarch64.rpm
 tar-debuginfo-1.35-1.azl3.aarch64.rpm
-tdnf-3.5.8-2.azl3.aarch64.rpm
-tdnf-autoupdate-3.5.8-2.azl3.aarch64.rpm
-tdnf-cli-libs-3.5.8-2.azl3.aarch64.rpm
-tdnf-debuginfo-3.5.8-2.azl3.aarch64.rpm
-tdnf-devel-3.5.8-2.azl3.aarch64.rpm
-tdnf-plugin-metalink-3.5.8-2.azl3.aarch64.rpm
-tdnf-plugin-repogpgcheck-3.5.8-2.azl3.aarch64.rpm
-tdnf-python-3.5.8-2.azl3.aarch64.rpm
+tdnf-3.5.8-3.azl3.aarch64.rpm
+tdnf-autoupdate-3.5.8-3.azl3.aarch64.rpm
+tdnf-cli-libs-3.5.8-3.azl3.aarch64.rpm
+tdnf-debuginfo-3.5.8-3.azl3.aarch64.rpm
+tdnf-devel-3.5.8-3.azl3.aarch64.rpm
+tdnf-plugin-metalink-3.5.8-3.azl3.aarch64.rpm
+tdnf-plugin-repogpgcheck-3.5.8-3.azl3.aarch64.rpm
+tdnf-python-3.5.8-3.azl3.aarch64.rpm
 texinfo-7.0.3-1.azl3.aarch64.rpm
 texinfo-debuginfo-7.0.3-1.azl3.aarch64.rpm
 unzip-6.0-20.azl3.aarch64.rpm
diff --git a/toolkit/resources/manifests/package/toolchain_x86_64.txt b/toolkit/resources/manifests/package/toolchain_x86_64.txt
index bcd3e28460d..d59d21d0d18 100644
--- a/toolkit/resources/manifests/package/toolchain_x86_64.txt
+++ b/toolkit/resources/manifests/package/toolchain_x86_64.txt
@@ -590,14 +590,14 @@ systemd-bootstrap-libs-250.3-17.azl3.x86_64.rpm
 systemd-bootstrap-rpm-macros-250.3-17.azl3.noarch.rpm
 tar-1.35-1.azl3.x86_64.rpm
 tar-debuginfo-1.35-1.azl3.x86_64.rpm
-tdnf-3.5.8-2.azl3.x86_64.rpm
-tdnf-autoupdate-3.5.8-2.azl3.x86_64.rpm
-tdnf-cli-libs-3.5.8-2.azl3.x86_64.rpm
-tdnf-debuginfo-3.5.8-2.azl3.x86_64.rpm
-tdnf-devel-3.5.8-2.azl3.x86_64.rpm
-tdnf-plugin-metalink-3.5.8-2.azl3.x86_64.rpm
-tdnf-plugin-repogpgcheck-3.5.8-2.azl3.x86_64.rpm
-tdnf-python-3.5.8-2.azl3.x86_64.rpm
+tdnf-3.5.8-3.azl3.x86_64.rpm
+tdnf-autoupdate-3.5.8-3.azl3.x86_64.rpm
+tdnf-cli-libs-3.5.8-3.azl3.x86_64.rpm
+tdnf-debuginfo-3.5.8-3.azl3.x86_64.rpm
+tdnf-devel-3.5.8-3.azl3.x86_64.rpm
+tdnf-plugin-metalink-3.5.8-3.azl3.x86_64.rpm
+tdnf-plugin-repogpgcheck-3.5.8-3.azl3.x86_64.rpm
+tdnf-python-3.5.8-3.azl3.x86_64.rpm
 texinfo-7.0.3-1.azl3.x86_64.rpm
 texinfo-debuginfo-7.0.3-1.azl3.x86_64.rpm
 unzip-6.0-20.azl3.x86_64.rpm
diff --git a/toolkit/scripts/imggen.mk b/toolkit/scripts/imggen.mk
index 39123708485..8765d66f148 100644
--- a/toolkit/scripts/imggen.mk
+++ b/toolkit/scripts/imggen.mk
@@ -75,6 +75,13 @@ clean-imagegen:
 	$(SCRIPTS_DIR)/safeunmount.sh "$(IMAGEGEN_DIR)" && \
 	rm -rf $(IMAGEGEN_DIR)
 
+# We need to clear the rpm package cache if we have a snapshot time. The filenames will all be
+# the same, but the actual .rpm files may be fundamentally different.
+$(STATUS_FLAGS_DIR)/imagegen_cleanup.flag: $(depend_REPO_SNAPSHOT_TIME)
+	@echo "REPO_SNAPSHOT_TIME has changed, sanitizing rpm cache"
+	rm -rf $(local_and_external_rpm_cache)
+	touch $@
+
 ##help:target:fetch-image-packages=Locate and download all packages required for an image build.
 fetch-image-packages: $(image_package_cache_summary)
 
@@ -113,7 +120,11 @@ ifeq ($(USE_PREVIEW_REPO),y)
 imagepkgfetcher_extra_flags += --use-preview-repo
 endif
 
-$(image_package_cache_summary): $(go-imagepkgfetcher) $(chroot_worker) $(toolchain_rpms) $(imggen_local_repo) $(depend_REPO_LIST) $(REPO_LIST) $(depend_CONFIG_FILE) $(CONFIG_FILE) $(validate-config) $(RPMS_DIR) $(imggen_rpms)
+ifneq ($(REPO_SNAPSHOT_TIME),)
+imagepkgfetcher_extra_flags += --repo-snapshot-time=$(REPO_SNAPSHOT_TIME)
+endif
+
+$(image_package_cache_summary): $(go-imagepkgfetcher) $(chroot_worker) $(toolchain_rpms) $(imggen_local_repo) $(depend_REPO_LIST) $(REPO_LIST) $(depend_CONFIG_FILE) $(CONFIG_FILE) $(validate-config) $(RPMS_DIR) $(imggen_rpms) $(depend_REPO_SNAPSHOT_TIME) $(STATUS_FLAGS_DIR)/imagegen_cleanup.flag
 	$(if $(CONFIG_FILE),,$(error Must set CONFIG_FILE=))
 	$(go-imagepkgfetcher) \
 		--input=$(CONFIG_FILE) \
@@ -146,7 +157,7 @@ $(imager_disk_output_dir): $(STATUS_FLAGS_DIR)/imager_disk_output.flag
 	@touch $@
 	@echo Finished updating $@
 
-$(STATUS_FLAGS_DIR)/imager_disk_output.flag: $(go-imager) $(image_package_cache_summary) $(license_results_file_img) $(imggen_local_repo) $(depend_CONFIG_FILE) $(CONFIG_FILE) $(validate-config) $(assets_files)
+$(STATUS_FLAGS_DIR)/imager_disk_output.flag: $(go-imager) $(image_package_cache_summary) $(license_results_file_img) $(imggen_local_repo) $(depend_CONFIG_FILE) $(CONFIG_FILE) $(validate-config) $(assets_files) $(depend_REPO_SNAPSHOT_TIME)
 	$(if $(CONFIG_FILE),,$(error Must set CONFIG_FILE=))
 	mkdir -p $(imager_disk_output_dir) && \
 	rm -rf $(imager_disk_output_dir)/* && \
@@ -159,6 +170,7 @@ $(STATUS_FLAGS_DIR)/imager_disk_output.flag: $(go-imager) $(image_package_cache_
 		--log-color=$(LOG_COLOR) \
 		--local-repo $(local_and_external_rpm_cache) \
 		--tdnf-worker $(chroot_worker) \
+		--repo-snapshot-time=$(REPO_SNAPSHOT_TIME) \
 		--repo-file=$(imggen_local_repo) \
 		--output-image-contents=$(image_package_manifest) \
 		--assets $(assets_dir) \
@@ -198,7 +210,7 @@ image: $(imager_disk_output_dir) $(imager_disk_output_files) $(go-roast) $(depen
 		$(if $(filter y,$(ENABLE_TRACE)),--enable-trace) \
 		--timestamp-file=$(TIMESTAMP_DIR)/roast.jsonl
 
-$(image_external_package_cache_summary): $(cached_file) $(go-imagepkgfetcher) $(chroot_worker) $(graph_file) $(depend_REPO_LIST) $(REPO_LIST) $(depend_CONFIG_FILE) $(CONFIG_FILE) $(validate-config)
+$(image_external_package_cache_summary): $(cached_file) $(go-imagepkgfetcher) $(chroot_worker) $(graph_file) $(depend_REPO_LIST) $(REPO_LIST) $(depend_CONFIG_FILE) $(CONFIG_FILE) $(validate-config) $(depend_REPO_SNAPSHOT_TIME) $(STATUS_FLAGS_DIR)/imagegen_cleanup.flag
 	$(if $(CONFIG_FILE),,$(error Must set CONFIG_FILE=))
 	$(go-imagepkgfetcher) \
 		--input=$(CONFIG_FILE) \
@@ -229,7 +241,7 @@ $(image_external_package_cache_summary): $(cached_file) $(go-imagepkgfetcher) $(
 
 # We need to ensure that initrd_img recursive build will never run concurrently with another build component, so add all ISO prereqs as
 # order-only-prerequisites to initrd_img
-iso_deps = $(go-isomaker) $(go-imager) $(depend_CONFIG_FILE) $(CONFIG_FILE) $(validate-config) $(image_package_cache_summary) $(license_results_file_img)
+iso_deps = $(go-isomaker) $(go-imager) $(depend_CONFIG_FILE) $(CONFIG_FILE) $(validate-config) $(image_package_cache_summary) $(license_results_file_img) $(depend_REPO_SNAPSHOT_TIME)
 # The initrd bundles these files into the image, we should rebuild it if they change
 initrd_bundled_files = $(go-liveinstaller) $(go-imager) $(assets_files) $(initrd_assets_files) $(imggen_local_repo)
 
@@ -250,6 +262,7 @@ iso: $(initrd_img) $(iso_deps)
 		--input $(CONFIG_FILE) \
 		--release-version $(RELEASE_VERSION) \
 		--resources $(RESOURCES_DIR) \
+		--repo-snapshot-time=$(REPO_SNAPSHOT_TIME) \
 		--iso-repo $(local_and_external_rpm_cache) \
 		--log-level=$(LOG_LEVEL) \
 		--log-file=$(LOGS_DIR)/imggen/isomaker.log \
diff --git a/toolkit/scripts/pkggen.mk b/toolkit/scripts/pkggen.mk
index 3e5c8c367ca..a6d3dc3a806 100644
--- a/toolkit/scripts/pkggen.mk
+++ b/toolkit/scripts/pkggen.mk
@@ -123,7 +123,7 @@ endif
 
 # Convert the dependency information in the json file into a graph structure
 # We require all the toolchain RPMs to be available here to help resolve unfixable cyclic dependencies
-$(graph_file): $(specs_file) $(go-grapher) $(toolchain_rpms) $(TOOLCHAIN_MANIFEST) $(pkggen_local_repo) $(graphpkgfetcher_cloned_repo) $(chroot_worker) $(depend_REPO_LIST) $(REPO_LIST)
+$(graph_file): $(specs_file) $(go-grapher) $(toolchain_rpms) $(TOOLCHAIN_MANIFEST) $(pkggen_local_repo) $(graphpkgfetcher_cloned_repo) $(chroot_worker) $(depend_REPO_LIST) $(REPO_LIST) $(depend_REPO_SNAPSHOT_TIME)
 	$(go-grapher) \
 		--input $(specs_file) \
 		$(logging_command) \
@@ -146,6 +146,7 @@ $(graph_file): $(specs_file) $(go-grapher) $(toolchain_rpms) $(TOOLCHAIN_MANIFES
 		--tls-key=$(TLS_KEY) \
 		--tmp-dir=$(grapher_working_dir) \
 		--tdnf-worker=$(chroot_worker) \
+		--repo-snapshot-time=$(REPO_SNAPSHOT_TIME) \
 		$(foreach repo, $(pkggen_local_repo) $(graphpkgfetcher_cloned_repo) $(REPO_LIST), --repo-file=$(repo))
 
 # We want to detect changes in the RPM cache, but we are not responsible for directly rebuilding any missing files.
@@ -192,12 +193,16 @@ graphpkgfetcher_extra_flags += $(if $(CONFIG_FILE),--base-dir="$(CONFIG_BASE_DIR
 $(cached_file): $(depend_CONFIG_FILE) $(depend_PACKAGE_BUILD_LIST) $(depend_PACKAGE_REBUILD_LIST) $(depend_PACKAGE_IGNORE_LIST) $(depend_TEST_RUN_LIST) $(depend_TEST_RERUN_LIST) $(depend_TEST_IGNORE_LIST)
 endif
 
+ifneq ($(REPO_SNAPSHOT_TIME),)
+graphpkgfetcher_extra_flags += --repo-snapshot-time=$(REPO_SNAPSHOT_TIME)
+endif
+
 ifeq ($(PRECACHE),y)
 # Use highly parallel downlader to fully hydrate the cache before trying to use the package manager to download packages
 $(cached_file): $(STATUS_FLAGS_DIR)/precache.flag
 endif
 
-$(cached_file): $(graph_file) $(go-graphpkgfetcher) $(chroot_worker) $(pkggen_local_repo) $(depend_REPO_LIST) $(REPO_LIST) $(cached_remote_rpms) $(TOOLCHAIN_MANIFEST) $(toolchain_rpms) $(depend_EXTRA_BUILD_LAYERS)
+$(cached_file): $(graph_file) $(go-graphpkgfetcher) $(chroot_worker) $(pkggen_local_repo) $(depend_REPO_LIST) $(REPO_LIST) $(cached_remote_rpms) $(TOOLCHAIN_MANIFEST) $(toolchain_rpms) $(depend_EXTRA_BUILD_LAYERS) $(depend_REPO_SNAPSHOT_TIME) $(STATUS_FLAGS_DIR)/build_packages_cache_cleanup.flag
 	mkdir -p $(remote_rpms_cache_dir) && \
 	$(go-graphpkgfetcher) \
 		--input=$(graph_file) \
@@ -260,6 +265,13 @@ clean-compress-rpms:
 clean-compress-srpms:
 	rm -rf $(srpms_archive)
 
+# We need to clear the rpm package cache if we have a snapshot time. The filenames will all be
+# the same, but the actual .rpm files may be fundamentally different.
+$(STATUS_FLAGS_DIR)/build_packages_cache_cleanup.flag: $(depend_REPO_SNAPSHOT_TIME)
+	@echo "REPO_SNAPSHOT_TIME has changed, sanitizing rpm cache"
+	rm -rf $(remote_rpms_cache_dir)
+	touch $@
+
 ifeq ($(REBUILD_PACKAGES),y)
 $(RPMS_DIR): $(STATUS_FLAGS_DIR)/build-rpms.flag
 	@touch $@
diff --git a/toolkit/scripts/utils.mk b/toolkit/scripts/utils.mk
index f30d581e122..4cc53c4f874 100644
--- a/toolkit/scripts/utils.mk
+++ b/toolkit/scripts/utils.mk
@@ -55,10 +55,10 @@ endef
 ######## VARIABLE DEPENDENCY TRACKING ########
 
 # List of variables to watch for changes.
-watch_vars=PACKAGE_BUILD_LIST PACKAGE_REBUILD_LIST PACKAGE_IGNORE_LIST REPO_LIST CONFIG_FILE STOP_ON_PKG_FAIL TOOLCHAIN_ARCHIVE REBUILD_TOOLCHAIN SRPM_PACK_LIST SPECS_DIR MAX_CASCADING_REBUILDS RUN_CHECK TEST_RUN_LIST TEST_RERUN_LIST TEST_IGNORE_LIST EXTRA_BUILD_LAYERS LICENSE_CHECK_MODE VALIDATE_TOOLCHAIN_GPG
+watch_vars=PACKAGE_BUILD_LIST PACKAGE_REBUILD_LIST PACKAGE_IGNORE_LIST REPO_LIST CONFIG_FILE STOP_ON_PKG_FAIL TOOLCHAIN_ARCHIVE REBUILD_TOOLCHAIN SRPM_PACK_LIST SPECS_DIR MAX_CASCADING_REBUILDS RUN_CHECK TEST_RUN_LIST TEST_RERUN_LIST TEST_IGNORE_LIST EXTRA_BUILD_LAYERS LICENSE_CHECK_MODE VALIDATE_TOOLCHAIN_GPG REPO_SNAPSHOT_TIME
 # Current list: $(depend_PACKAGE_BUILD_LIST) $(depend_PACKAGE_REBUILD_LIST) $(depend_PACKAGE_IGNORE_LIST) $(depend_REPO_LIST) $(depend_CONFIG_FILE) $(depend_STOP_ON_PKG_FAIL)
 #					$(depend_TOOLCHAIN_ARCHIVE) $(depend_REBUILD_TOOLCHAIN) $(depend_SRPM_PACK_LIST) $(depend_SPECS_DIR) $(depend_EXTRA_BUILD_LAYERS) $(depend_MAX_CASCADING_REBUILDS) $(depend_RUN_CHECK) $(depend_TEST_RUN_LIST)
-#					$(depend_TEST_RERUN_LIST) $(depend_TEST_IGNORE_LIST) $(depend_LICENSE_CHECK_MODE) $(depend_VALIDATE_TOOLCHAIN_GPG)
+#					$(depend_TEST_RERUN_LIST) $(depend_TEST_IGNORE_LIST) $(depend_LICENSE_CHECK_MODE) $(depend_VALIDATE_TOOLCHAIN_GPG) $(depend_REPO_SNAPSHOT_TIME)
 
 .PHONY: variable_depends_on_phony clean-variable_depends_on_phony setfacl_always_run_phony
 clean: clean-variable_depends_on_phony
diff --git a/toolkit/tools/grapher/grapher.go b/toolkit/tools/grapher/grapher.go
index 7c811043010..de5eede8dc8 100644
--- a/toolkit/tools/grapher/grapher.go
+++ b/toolkit/tools/grapher/grapher.go
@@ -42,6 +42,7 @@ var (
 	usePreviewRepo                = app.Flag("use-preview-repo", "Pull packages from the upstream preview repo").Bool()
 	disableDefaultRepos           = app.Flag("disable-default-repos", "Disable pulling packages from PMC repos").Bool()
 	ignoreVersionToResolveSelfDep = app.Flag("ignore-version-to-resolve-selfdep", "Ignore package version while downloading package from upstream when resolving cycle").Bool()
+	repoSnapshotTime              = app.Flag("repo-snapshot-time", "Optional: Repo time limit for tdnf virtual snapshot").String()
 
 	depGraph = pkggraph.NewPkgGraph()
 )
@@ -82,7 +83,7 @@ func main() {
 
 	var cloner *rpmrepocloner.RpmRepoCloner = nil
 	if *resolveCyclesFromUpstream {
-		cloner, err = rpmrepocloner.ConstructCloner(*outDir, *tmpDir, *workerTar, *existingRpmsDir, *existingToolchainRpmDir, *tlsClientCert, *tlsClientKey, *repoFiles)
+		cloner, err = rpmrepocloner.ConstructCloner(*outDir, *tmpDir, *workerTar, *existingRpmsDir, *existingToolchainRpmDir, *tlsClientCert, *tlsClientKey, *repoFiles, *repoSnapshotTime)
 		if err != nil {
 			logger.Log.Panic(err)
 		}
diff --git a/toolkit/tools/graphpkgfetcher/graphpkgfetcher.go b/toolkit/tools/graphpkgfetcher/graphpkgfetcher.go
index 8ffb0cf5385..73e88d032a6 100644
--- a/toolkit/tools/graphpkgfetcher/graphpkgfetcher.go
+++ b/toolkit/tools/graphpkgfetcher/graphpkgfetcher.go
@@ -46,6 +46,7 @@ var (
 	disableDefaultRepos  = app.Flag("disable-default-repos", "Disable pulling packages from PMC repos").Bool()
 	disableUpstreamRepos = app.Flag("disable-upstream-repos", "Disables pulling packages from upstream repos").Bool()
 	toolchainManifest    = app.Flag("toolchain-manifest", "Path to a list of RPMs which are created by the toolchain. Will mark RPMs from this list as prebuilt.").ExistingFile()
+	repoSnapshotTime     = app.Flag("repo-snapshot-time", "Optional: Repo time limit for tdnf virtual snapshot").String()
 
 	tlsClientCert = app.Flag("tls-cert", "TLS client certificate to use when downloading files.").String()
 	tlsClientKey  = app.Flag("tls-key", "TLS client key to use when downloading files.").String()
@@ -163,7 +164,7 @@ func fetchPackages(dependencyGraph *pkggraph.PkgGraph, hasUnresolvedNodes, tryDo
 
 func setupCloner() (cloner *rpmrepocloner.RpmRepoCloner, err error) {
 	// Create the worker environment
-	cloner, err = rpmrepocloner.ConstructCloner(*outDir, *tmpDir, *workertar, *existingRpmDir, *existingToolchainRpmDir, *tlsClientCert, *tlsClientKey, *repoFiles)
+	cloner, err = rpmrepocloner.ConstructCloner(*outDir, *tmpDir, *workertar, *existingRpmDir, *existingToolchainRpmDir, *tlsClientCert, *tlsClientKey, *repoFiles, *repoSnapshotTime)
 	if err != nil {
 		err = fmt.Errorf("failed to setup new cloner:\n%w", err)
 		return
diff --git a/toolkit/tools/imagepkgfetcher/imagepkgfetcher.go b/toolkit/tools/imagepkgfetcher/imagepkgfetcher.go
index d4f9721e311..3b70a6c9db6 100644
--- a/toolkit/tools/imagepkgfetcher/imagepkgfetcher.go
+++ b/toolkit/tools/imagepkgfetcher/imagepkgfetcher.go
@@ -38,6 +38,7 @@ var (
 	usePreviewRepo       = app.Flag("use-preview-repo", "Pull packages from the upstream preview repo").Bool()
 	disableDefaultRepos  = app.Flag("disable-default-repos", "Disable pulling packages from PMC repos").Bool()
 	disableUpstreamRepos = app.Flag("disable-upstream-repos", "Disables pulling packages from upstream repos").Bool()
+	repoSnapshotTime     = app.Flag("repo-snapshot-time", "Optional: Repo time limit for tdnf virtual snapshot").String()
 
 	tlsClientCert = app.Flag("tls-cert", "TLS client certificate to use when downloading files.").String()
 	tlsClientKey  = app.Flag("tls-key", "TLS client key to use when downloading files.").String()
@@ -74,7 +75,7 @@ func main() {
 
 	timestamp.StartEvent("initialize and configure cloner", nil)
 
-	cloner, err := rpmrepocloner.ConstructCloner(*outDir, *tmpDir, *workertar, *existingRpmDir, *existingToolchainRpmDir, *tlsClientCert, *tlsClientKey, *repoFiles)
+	cloner, err := rpmrepocloner.ConstructCloner(*outDir, *tmpDir, *workertar, *existingRpmDir, *existingToolchainRpmDir, *tlsClientCert, *tlsClientKey, *repoFiles, *repoSnapshotTime)
 	if err != nil {
 		logger.Log.Panicf("Failed to initialize RPM repo cloner. Error: %s", err)
 	}
diff --git a/toolkit/tools/imager/imager.go b/toolkit/tools/imager/imager.go
index b4a228962cb..b1bbe9a96fe 100644
--- a/toolkit/tools/imager/imager.go
+++ b/toolkit/tools/imager/imager.go
@@ -8,6 +8,7 @@ package main
 import (
 	"fmt"
 	"os"
+	"path"
 	"path/filepath"
 
 	"github.com/microsoft/azurelinux/toolkit/tools/imagegen/configuration"
@@ -18,6 +19,7 @@ import (
 	"github.com/microsoft/azurelinux/toolkit/tools/internal/file"
 	"github.com/microsoft/azurelinux/toolkit/tools/internal/logger"
 	"github.com/microsoft/azurelinux/toolkit/tools/internal/safechroot"
+	"github.com/microsoft/azurelinux/toolkit/tools/internal/tdnf"
 	"github.com/microsoft/azurelinux/toolkit/tools/internal/timestamp"
 	"github.com/microsoft/azurelinux/toolkit/tools/pkg/profile"
 
@@ -25,22 +27,23 @@ import (
 )
 
 var (
-	app             = kingpin.New("imager", "Tool to create and install images.")
-	buildDir        = app.Flag("build-dir", "Directory to store temporary files while building.").ExistingDir()
-	configFile      = exe.InputFlag(app, "Path to the image config file.")
-	localRepo       = app.Flag("local-repo", "Path to local RPM repo").ExistingDir()
-	tdnfTar         = app.Flag("tdnf-worker", "Path to tdnf worker tarball").ExistingFile()
-	repoFile        = app.Flag("repo-file", "Full path to local.repo.").ExistingFile()
-	assets          = app.Flag("assets", "Path to assets directory.").ExistingDir()
-	baseDirPath     = app.Flag("base-dir", "Base directory for relative file paths from the config. Defaults to config's directory.").ExistingDir()
-	outputDir       = app.Flag("output-dir", "Path to directory to place final image.").ExistingDir()
-	imgContentFile  = app.Flag("output-image-contents", "File that stores list of packages used to compose the image.").String()
-	liveInstallFlag = app.Flag("live-install", "Enable to perform a live install to the disk specified in config file.").Bool()
-	emitProgress    = app.Flag("emit-progress", "Write progress updates to stdout, such as percent complete and current action.").Bool()
-	timestampFile   = app.Flag("timestamp-file", "File that stores timestamps for this program.").String()
-	buildNumber     = app.Flag("build-number", "Build number to be used in the image.").String()
-	logFlags        = exe.SetupLogFlags(app)
-	profFlags       = exe.SetupProfileFlags(app)
+	app              = kingpin.New("imager", "Tool to create and install images.")
+	buildDir         = app.Flag("build-dir", "Directory to store temporary files while building.").ExistingDir()
+	configFile       = exe.InputFlag(app, "Path to the image config file.")
+	localRepo        = app.Flag("local-repo", "Path to local RPM repo").ExistingDir()
+	tdnfTar          = app.Flag("tdnf-worker", "Path to tdnf worker tarball").ExistingFile()
+	repoFile         = app.Flag("repo-file", "Full path to local.repo.").ExistingFile()
+	assets           = app.Flag("assets", "Path to assets directory.").ExistingDir()
+	baseDirPath      = app.Flag("base-dir", "Base directory for relative file paths from the config. Defaults to config's directory.").ExistingDir()
+	outputDir        = app.Flag("output-dir", "Path to directory to place final image.").ExistingDir()
+	imgContentFile   = app.Flag("output-image-contents", "File that stores list of packages used to compose the image.").String()
+	liveInstallFlag  = app.Flag("live-install", "Enable to perform a live install to the disk specified in config file.").Bool()
+	emitProgress     = app.Flag("emit-progress", "Write progress updates to stdout, such as percent complete and current action.").Bool()
+	timestampFile    = app.Flag("timestamp-file", "File that stores timestamps for this program.").String()
+	buildNumber      = app.Flag("build-number", "Build number to be used in the image.").String()
+	repoSnapshotTime = app.Flag("repo-snapshot-time", "Optional: Snapshot time to be added to the image tdnf.conf").String()
+	logFlags         = exe.SetupLogFlags(app)
+	profFlags        = exe.SetupProfileFlags(app)
 )
 
 const (
@@ -622,6 +625,14 @@ func buildImage(mountPointMap, mountPointToFsTypeMap, mountPointToMountArgsMap,
 		return
 	}
 
+	//add snapshot to installchroot tdnf.conf if both a present, warning if only snapshot time present
+	if *repoSnapshotTime != "" {
+		err = tdnf.AddSnapshotToConfig(path.Join(installChroot.RootDir(), "etc", "tdnf", "tdnf.conf"), *repoSnapshotTime)
+		if err != nil {
+			return
+		}
+	}
+
 	// Configure the final image with the customized macros so that rpm continues to behave the same way in the final image
 	logger.Log.Infof("Adding final image customization macros if needed")
 	err = customizationmacros.AddCustomizationMacros(installChroot.RootDir(), systemConfig.DisableRpmDocs,
diff --git a/toolkit/tools/internal/packagerepo/repocloner/rpmrepocloner/rpmrepocloner.go b/toolkit/tools/internal/packagerepo/repocloner/rpmrepocloner/rpmrepocloner.go
index bb90a4731a7..7e00c9b1ddc 100644
--- a/toolkit/tools/internal/packagerepo/repocloner/rpmrepocloner/rpmrepocloner.go
+++ b/toolkit/tools/internal/packagerepo/repocloner/rpmrepocloner/rpmrepocloner.go
@@ -65,6 +65,8 @@ type RpmRepoCloner struct {
 	chrootCloneDir           string
 	defaultAzureLinuxRepoIDs []string
 	mountedCloneDir          string
+	repoSnapshotTime         string
+	repoSnapshotArgs         []string
 	repoIDCache              string
 	reposArgsList            [][]string
 	reposFlags               uint64
@@ -79,12 +81,12 @@ type RpmRepoCloner struct {
 //   - tlsCert is the path to the TLS certificate, "" if not needed
 //   - tlsKey is the path to the TLS key, "" if not needed
 //   - repoDefinitions is a list of repo files to use
-func ConstructCloner(destinationDir, tmpDir, workerTar, existingRpmsDir, toolchainRpmsDir, tlsCert, tlsKey string, repoDefinitions []string) (r *RpmRepoCloner, err error) {
+func ConstructCloner(destinationDir, tmpDir, workerTar, existingRpmsDir, toolchainRpmsDir, tlsCert, tlsKey string, repoDefinitions []string, posixTime string) (r *RpmRepoCloner, err error) {
 	timestamp.StartEvent("initialize and configure cloner", nil)
 	defer timestamp.StopEvent(nil) // initialize and configure cloner
 
 	r = &RpmRepoCloner{}
-	err = r.initialize(destinationDir, tmpDir, workerTar, existingRpmsDir, toolchainRpmsDir, repoDefinitions)
+	err = r.initialize(destinationDir, tmpDir, workerTar, existingRpmsDir, toolchainRpmsDir, repoDefinitions, posixTime)
 	if err != nil {
 		err = fmt.Errorf("failed to prep new rpm cloner:\n%w", err)
 		return
@@ -107,7 +109,7 @@ func ConstructCloner(destinationDir, tmpDir, workerTar, existingRpmsDir, toolcha
 //   - existingRpmsDir is the directory with prebuilt RPMs
 //   - prebuiltRpmsDir is the directory with toolchain RPMs
 //   - repoDefinitions is a list of repo files to use when cloning RPMs
-func (r *RpmRepoCloner) initialize(destinationDir, tmpDir, workerTar, existingRpmsDir, toolchainRpmsDir string, repoDefinitions []string) (err error) {
+func (r *RpmRepoCloner) initialize(destinationDir, tmpDir, workerTar, existingRpmsDir, toolchainRpmsDir string, repoDefinitions []string, posixTime string) (err error) {
 	const (
 		isExistingDir          = false
 		leaveChrootFilesOnDisk = false
@@ -209,6 +211,10 @@ func (r *RpmRepoCloner) initialize(destinationDir, tmpDir, workerTar, existingRp
 
 	r.SetEnabledRepos(repoFlagClonerDefault)
 
+	if posixTime != "" {
+		r.SetRepoEpochTimeLimitArgs(posixTime)
+	}
+
 	return
 }
 
@@ -400,6 +406,10 @@ func (r *RpmRepoCloner) cloneRawPackageNames(cloneDeps, singleTransaction bool,
 		r.chrootCloneDir,
 	}
 
+	if r.GetRepoSnapshotTime() != "" {
+		constantArgs = append(constantArgs, r.GetRepoSnapshotArgs()...)
+	}
+
 	logger.Log.Debugf("Will clone in total %d items.", len(rawPackageNames))
 
 	// Create a list of lists for each transaction. Each transaction will be cloned separately. Generally either all
@@ -453,7 +463,11 @@ func (r *RpmRepoCloner) WhatProvides(pkgVer *pkgjson.PackageVer) (packageNames [
 		releaseverCliArg,
 	}
 
-	// Consider the built (tooolchain, local) RPMs first, then the already cached, and finally all remote packages.
+	if r.GetRepoSnapshotTime() != "" {
+		baseArgs = append(baseArgs, r.GetRepoSnapshotArgs()...)
+	}
+
+	// Consider the built (toolchain, local) RPMs first, then the already cached, and finally all remote packages.
 	for _, reposArgs := range r.reposArgsList {
 		logger.Log.Debugf("Using repos args: %v", reposArgs)
 
@@ -683,6 +697,44 @@ func convertPackageVersionToTdnfArg(pkgVer *pkgjson.PackageVer) (tdnfArg string)
 	return
 }
 
+func (r *RpmRepoCloner) GetRepoSnapshotTime() string {
+	return r.repoSnapshotTime
+}
+
+func (r *RpmRepoCloner) GetRepoSnapshotArgs() []string {
+	return r.repoSnapshotArgs
+}
+
+func (r *RpmRepoCloner) SetRepoEpochTimeLimitArgs(posixTime string) {
+	var (
+		snapshotTimeArg    string
+		snapshotExcludeArg string
+		excludeRepoIds     []string
+		err                error
+	)
+
+	r.repoSnapshotTime = posixTime
+	r.repoSnapshotArgs = []string{}
+
+	if r.repoSnapshotTime == "" { // no args to add
+		return
+	}
+
+	snapshotTimeArg, err = tdnf.GetRepoSnapshotCliArg(r.repoSnapshotTime)
+	if err != nil {
+		logger.Log.Errorf("Snapshot Time is invalid")
+		return
+	}
+	excludeRepoIds = []string{repoIDBuilt, repoIDToolchain, r.repoIDCache, repoIDCacheRegular}
+	snapshotExcludeArg, err = tdnf.GetRepoSnapshotExcludeCliArg(excludeRepoIds)
+	if err != nil {
+		logger.Log.Errorf("Snapshot Repo to exclude is invalid")
+		return
+	}
+
+	r.repoSnapshotArgs = append(r.repoSnapshotArgs, snapshotTimeArg, snapshotExcludeArg)
+}
+
 // GetEnabledRepos returns the repo flags that the cloner is allowed to use for its queries.
 func (r *RpmRepoCloner) GetEnabledRepos() uint64 {
 	return r.reposFlags
diff --git a/toolkit/tools/internal/tdnf/tdnf.go b/toolkit/tools/internal/tdnf/tdnf.go
index a39e2ae3bb5..2c369e50858 100644
--- a/toolkit/tools/internal/tdnf/tdnf.go
+++ b/toolkit/tools/internal/tdnf/tdnf.go
@@ -7,8 +7,11 @@ package tdnf
 import (
 	"fmt"
 	"regexp"
+	"strconv"
 
 	"github.com/microsoft/azurelinux/toolkit/tools/internal/exe"
+	"github.com/microsoft/azurelinux/toolkit/tools/internal/file"
+	"github.com/microsoft/azurelinux/toolkit/tools/internal/logger"
 )
 
 var (
@@ -157,3 +160,76 @@ func getMajorVersionFromString(version string) (majorVersion string, err error)
 	}
 	return
 }
+
+func GetRepoSnapshotCliArg(posixTime string) (repoSnapshot string, err error) {
+	const (
+		errorFormatString = "cannot generate snapshot cli arg for: %s"
+	)
+	if posixTime == "" {
+		err = fmt.Errorf(errorFormatString, posixTime)
+		return "", err
+	}
+
+	_, err = strconv.Atoi(posixTime)
+	if err != nil {
+		err = fmt.Errorf(errorFormatString, posixTime)
+		return "", err
+	}
+
+	repoSnapshot = fmt.Sprintf("--snapshottime=%s", posixTime)
+
+	return repoSnapshot, nil
+}
+
+func GetRepoSnapshotExcludeCliArg(excludeRepos []string) (excludeArg string, err error) {
+	if excludeRepos == nil {
+		err = fmt.Errorf("exclude repos cannot be empty")
+		return "", err
+	}
+
+	repos := ""
+	for _, repo := range excludeRepos {
+		if repo == "" {
+			err = fmt.Errorf("exclude repo member cannot be empty")
+			return "", err
+		}
+
+		if repos == "" {
+			repos = repo
+		} else {
+			repos = fmt.Sprintf("%s,%s", repos, repo)
+		}
+	}
+	excludeArg = fmt.Sprintf("--snapshotexcluderepos=%s", repos)
+
+	return excludeArg, nil
+}
+
+func AddSnapshotToConfig(configFilePath, posixTime string) (err error) {
+	if configFilePath == "" {
+		err = fmt.Errorf("config file path cannot be empty")
+		return err
+	}
+
+	if posixTime == "" {
+		err = fmt.Errorf("posix time cannot be empty")
+		return err
+	}
+	exists, err := file.PathExists(configFilePath)
+	if err != nil {
+		return err
+	}
+	if !exists {
+		// print warning
+		logger.Log.Warnf("config file path does not exist, nothing to append")
+		return nil
+	}
+
+	// create config entry, and add to config file
+	snapshotConfigEntry := fmt.Sprintf("snapshottime=%s\n", posixTime)
+	err = file.Append(snapshotConfigEntry, configFilePath)
+	if err != nil {
+		return err
+	}
+	return nil
+}
diff --git a/toolkit/tools/internal/tdnf/tdnf_test.go b/toolkit/tools/internal/tdnf/tdnf_test.go
index 2c4c714b427..e875bcc9643 100644
--- a/toolkit/tools/internal/tdnf/tdnf_test.go
+++ b/toolkit/tools/internal/tdnf/tdnf_test.go
@@ -4,9 +4,12 @@
 package tdnf
 
 import (
+	"fmt"
 	"os"
+	"path"
 	"testing"
 
+	"github.com/microsoft/azurelinux/toolkit/tools/internal/file"
 	"github.com/microsoft/azurelinux/toolkit/tools/internal/logger"
 	"github.com/stretchr/testify/assert"
 )
@@ -153,6 +156,7 @@ func TestInstallPackageRegex_DoesNotMatchInvalidLine(t *testing.T) {
 
 	assert.False(t, InstallPackageRegex.MatchString(line))
 }
+
 func TestPackageLookupNameMatchRegex_MatchesExternalRepo(t *testing.T) {
 	const line = "xz-devel-5.4.4-1.azl3.x86_64 : Header and development files for xz\nRepo : toolchain-repo"
 
@@ -242,3 +246,100 @@ func TestPackageLookupNameMatchRegex_FailsForOutputWithOnlyPluginLoaded(t *testi
 
 	assert.False(t, PackageProvidesRegex.MatchString(line))
 }
+
+func Test_GetRepoSnapshotCliArg(t *testing.T) {
+	type args struct {
+		posixTime string
+	}
+	tests := []struct {
+		name             string
+		args             args
+		wantRepoSnapshot string
+		wantErr          bool
+	}{
+		{name: "testEmpty", args: args{posixTime: ""}, wantRepoSnapshot: "", wantErr: true},
+		{name: "testIsNotNumeric", args: args{posixTime: "12345qwerty"}, wantRepoSnapshot: "", wantErr: true},
+		{name: "testNumeric", args: args{posixTime: "123456789"}, wantRepoSnapshot: "--snapshottime=123456789", wantErr: false},
+	}
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			gotRepoSnapshot, err := GetRepoSnapshotCliArg(tt.args.posixTime)
+			assert.Equal(t, tt.wantErr, err != nil)
+			assert.Equal(t, tt.wantRepoSnapshot, gotRepoSnapshot)
+		})
+	}
+}
+
+func Test_GetRepoSnapshotExcludeCliArg(t *testing.T) {
+	type args struct {
+		excludeRepos []string
+	}
+	tests := []struct {
+		name           string
+		args           args
+		wantExcludeArg string
+		wantErr        bool
+	}{
+		{name: "testEmptyArray", args: args{excludeRepos: nil}, wantExcludeArg: "", wantErr: true},
+		{name: "testEmptyMember", args: args{excludeRepos: []string{""}}, wantExcludeArg: "", wantErr: true},
+		{name: "testRepo", args: args{excludeRepos: []string{"local-repo"}}, wantExcludeArg: "--snapshotexcluderepos=local-repo", wantErr: false},
+		{name: "testMultiRepo", args: args{excludeRepos: []string{"local-repo", "test-repo"}}, wantExcludeArg: "--snapshotexcluderepos=local-repo,test-repo", wantErr: false},
+		{name: "testMultiRepoOneEmpty", args: args{excludeRepos: []string{"local-repo", ""}}, wantExcludeArg: "", wantErr: true},
+	}
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			gotExcludeArg, err := GetRepoSnapshotExcludeCliArg(tt.args.excludeRepos)
+			if (err != nil) != tt.wantErr {
+				t.Errorf("GetRepoSnapshotExcludeCliArg() error = %v, wantErr %v", err, tt.wantErr)
+				return
+			}
+			if gotExcludeArg != tt.wantExcludeArg {
+				t.Errorf("GetRepoSnapshotExcludeCliArg() = %v, want %v", gotExcludeArg, tt.wantExcludeArg)
+			}
+		})
+	}
+}
+
+func TestAddSnapshotToConfig(t *testing.T) {
+	type args struct {
+		configFilePath string
+		posixTime      string
+	}
+	tests := []struct {
+		name    string
+		args    args
+		wantErr bool
+	}{
+		{name: "testEmptyPath", args: args{configFilePath: "", posixTime: "12345"}, wantErr: true},
+		{name: "testEmptyTime", args: args{configFilePath: "tdnf.conf", posixTime: ""}, wantErr: true},
+		{name: "testBadPath", args: args{configFilePath: "test", posixTime: "12345"}, wantErr: false},
+		{name: "testConfigAdded", args: args{configFilePath: "tdnf.conf", posixTime: "12345"}, wantErr: false},
+	}
+	testConfigFilePath := path.Join("testdata", "tdnf.conf")
+	for _, tt := range tests {
+		testConfigFileLines, _ := file.ReadLines(testConfigFilePath)
+
+		//
+		destpath := tt.args.configFilePath
+		testConfigDir := t.TempDir()
+		if destpath != "" {
+			file.Copy(testConfigFilePath, path.Join(testConfigDir, "tdnf.conf"))
+			destpath = path.Join(testConfigDir, tt.args.configFilePath)
+		}
+		t.Run(tt.name, func(t *testing.T) {
+			if err := AddSnapshotToConfig(destpath, tt.args.posixTime); (err != nil) != tt.wantErr {
+				assert.True(t, (err != nil) != tt.wantErr, "AddSnapshotToConfig() error = %v, wantErr %v", err, tt.wantErr)
+			} else if !tt.wantErr && tt.args.configFilePath == "tdnf.conf" {
+				// check for change
+				resultConfigFileLines, _ := file.ReadLines(destpath)
+				testConfigFileLines = append(testConfigFileLines, fmt.Sprintf("snapshottime=%s", tt.args.posixTime))
+				assert.Equal(t, resultConfigFileLines, testConfigFileLines, "Expected: %v, Actual: %v", testConfigFileLines, resultConfigFileLines)
+			} else if !tt.wantErr && tt.args.configFilePath != "tdnf.conf" {
+				// check for no change
+				resultConfigFileLines, _ := file.ReadLines(path.Join(testConfigDir, "tdnf.conf"))
+				assert.Equal(t, resultConfigFileLines, testConfigFileLines, "Expected: %v, Actual: %v", testConfigFileLines, resultConfigFileLines)
+
+			}
+		})
+	}
+}
diff --git a/toolkit/tools/internal/tdnf/testdata/tdnf.conf b/toolkit/tools/internal/tdnf/testdata/tdnf.conf
new file mode 100644
index 00000000000..a7627887f4c
--- /dev/null
+++ b/toolkit/tools/internal/tdnf/testdata/tdnf.conf
@@ -0,0 +1 @@
+plugins=1
diff --git a/toolkit/tools/isomaker/isomaker.go b/toolkit/tools/isomaker/isomaker.go
index c4e06f56863..721fa740f8c 100644
--- a/toolkit/tools/isomaker/isomaker.go
+++ b/toolkit/tools/isomaker/isomaker.go
@@ -24,6 +24,7 @@ var (
 	releaseVersion    = app.Flag("release-version", "The repository OS release version").Required().String()
 	resourcesDirPath  = app.Flag("resources", "Path to 'resources' directory").Required().ExistingDir()
 	outputDir         = app.Flag("output-dir", "Path to directory to place final image").Required().String()
+	repoSnapshotTime  = app.Flag("repo-snapshot-time", "Optional: tdnf image repo snapshot time").String()
 
 	imageTag = app.Flag("image-tag", "Tag (text) appended to the image name. Empty by default.").String()
 
@@ -46,7 +47,8 @@ func main() {
 		*initrdPath,
 		*isoRepoDirPath,
 		*outputDir,
-		*imageTag)
+		*imageTag,
+		*repoSnapshotTime)
 	if err != nil {
 		logger.PanicOnError(err)
 	}
diff --git a/toolkit/tools/liveinstaller/liveinstaller.go b/toolkit/tools/liveinstaller/liveinstaller.go
index 0811c4984fb..a6a8083146e 100644
--- a/toolkit/tools/liveinstaller/liveinstaller.go
+++ b/toolkit/tools/liveinstaller/liveinstaller.go
@@ -36,8 +36,8 @@ var (
 	imagerTool         = app.Flag("imager", "Path to the imager tool.").Required().ExistingFile()
 	buildDir           = app.Flag("build-dir", "Directory to store temporary files while building.").Required().ExistingDir()
 	baseDirPath        = app.Flag("base-dir", "Base directory for relative file paths from the config. Defaults to config's directory.").ExistingDir()
-
-	logFlags = exe.SetupLogFlags(app)
+	repoSnapshotTime   = app.Flag("repo-snapshot-time", "Optional: tdnf repo snapshot time").String()
+	logFlags           = exe.SetupLogFlags(app)
 )
 
 // Every valid mouse event handler will follow the format:
@@ -45,13 +45,14 @@ var (
 var mouseEventHandlerRegex = regexp.MustCompile(`^H:\s+Handlers=(\w+)\s+mouse\d+`)
 
 type imagerArguments struct {
-	imagerTool   string
-	configFile   string
-	buildDir     string
-	baseDirPath  string
-	emitProgress bool
-	logFile      string
-	logLevel     string
+	imagerTool       string
+	configFile       string
+	buildDir         string
+	baseDirPath      string
+	emitProgress     bool
+	logFile          string
+	logLevel         string
+	repoSnapshotTime string
 }
 
 type installationDetails struct {
@@ -79,11 +80,12 @@ func main() {
 
 	// Imager's stdout/stderr will be combined with this tool's, so it will automatically be logged to the current log file
 	args := imagerArguments{
-		imagerTool:  *imagerTool,
-		buildDir:    *buildDir,
-		baseDirPath: *baseDirPath,
-		logLevel:    logger.Log.GetLevel().String(),
-		logFile:     imagerLogFile,
+		imagerTool:       *imagerTool,
+		buildDir:         *buildDir,
+		baseDirPath:      *baseDirPath,
+		logLevel:         logger.Log.GetLevel().String(),
+		logFile:          imagerLogFile,
+		repoSnapshotTime: *repoSnapshotTime,
 	}
 
 	installFunc := installerFactory(*forceAttended, *configFile, *templateConfigFile)
@@ -451,6 +453,7 @@ func formatImagerCommand(args imagerArguments) (program string, commandArgs []st
 		fmt.Sprintf("--base-dir=%s", args.baseDirPath),
 		fmt.Sprintf("--log-file=%s", args.logFile),
 		fmt.Sprintf("--log-level=%s", args.logLevel),
+		fmt.Sprintf("--repo-snapshot-time=%s", args.repoSnapshotTime),
 	}
 
 	if args.emitProgress {
diff --git a/toolkit/tools/pkg/isomakerlib/isomaker.go b/toolkit/tools/pkg/isomakerlib/isomaker.go
index e170ec3fff9..5cebe192d9a 100644
--- a/toolkit/tools/pkg/isomakerlib/isomaker.go
+++ b/toolkit/tools/pkg/isomakerlib/isomaker.go
@@ -7,6 +7,7 @@ import (
 	"fmt"
 	"io"
 	"os"
+	"path"
 	"path/filepath"
 	"runtime"
 	"strings"
@@ -33,6 +34,7 @@ const (
 	isoRootArchDependentDirPath     = "assets/isomaker/iso_root_arch-dependent_files"
 	defaultImageNameBase            = "azure-linux"
 	defaultOSFilesPath              = "isolinux"
+	repoSnapshotFilePath            = "repo-snapshot-time.txt"
 )
 
 // IsoMaker builds ISO images and populates them with packages and files required by the installer.
@@ -54,13 +56,14 @@ type IsoMaker struct {
 	additionalIsoFiles []safechroot.FileToCopy // Additional files to copy to the ISO media (absolute-source-path -> iso-root-relative-path).
 	imageNameBase      string                  // Base name of the ISO to generate (no path, and no file extension).
 	imageNameTag       string                  // Optional user-supplied tag appended to the generated ISO's name.
+	repoSnapshotTime   string                  // tdnf repo snapshot time
 	osFilesPath        string
 
 	isoMakerCleanUpTasks []func() error // List of clean-up tasks to perform at the end of the ISO generation process.
 }
 
 // NewIsoMaker returns a new ISO maker.
-func NewIsoMaker(unattendedInstall bool, baseDirPath, buildDirPath, releaseVersion, resourcesDirPath, configFilePath, initrdPath, isoRepoDirPath, outputDir, imageNameTag string) (isoMaker *IsoMaker, err error) {
+func NewIsoMaker(unattendedInstall bool, baseDirPath, buildDirPath, releaseVersion, resourcesDirPath, configFilePath, initrdPath, isoRepoDirPath, outputDir, imageNameTag, isoRepoSnapshotTime string) (isoMaker *IsoMaker, err error) {
 	if baseDirPath == "" {
 		baseDirPath = filepath.Dir(configFilePath)
 	}
@@ -91,6 +94,7 @@ func NewIsoMaker(unattendedInstall bool, baseDirPath, buildDirPath, releaseVersi
 		imageNameBase:      imageNameBase,
 		imageNameTag:       imageNameTag,
 		osFilesPath:        defaultOSFilesPath,
+		repoSnapshotTime:   isoRepoSnapshotTime,
 	}
 
 	return isoMaker, nil
@@ -128,6 +132,7 @@ func NewIsoMakerWithConfig(unattendedInstall, enableBiosBoot, enableRpmRepo bool
 		imageNameBase:      imageNameBase,
 		imageNameTag:       imageNameTag,
 		osFilesPath:        osFilesPath,
+		repoSnapshotTime:   "",
 	}
 
 	return isoMaker, nil
@@ -554,6 +559,13 @@ func (im *IsoMaker) copyAndRenameConfigFiles() (err error) {
 	if err != nil {
 		return err
 	}
+
+	// add snapshot file here
+	err = im.addSnapshotTimeFile(configFilesAbsDirPath)
+	if err != nil {
+		return err
+	}
+
 	return nil
 }
 
@@ -565,6 +577,17 @@ func (im *IsoMaker) copyIsoAdditionalFiles() (err error) {
 	return safechroot.AddFilesToDestination(im.buildDirPath, im.additionalIsoFiles...)
 }
 
+func (im *IsoMaker) addSnapshotTimeFile(configFilesAbsDirPath string) (err error) {
+	if im.repoSnapshotTime != "" {
+		logger.Log.Debugf("Adding snapshot time to file")
+		err = file.WriteLines([]string{im.repoSnapshotTime}, path.Join(configFilesAbsDirPath, repoSnapshotFilePath))
+		if err != nil {
+			return
+		}
+	}
+	return
+}
+
 // copyAndRenameAdditionalFiles will copy all additional files into an
 // ISO directory to make them available to the installer.
 // Each file gets placed in a separate directory to avoid potential name conflicts and

From ec916503017a5a08478c2b7d9259c310dafb11e2 Mon Sep 17 00:00:00 2001
From: reuben olinsky <reubeno@users.noreply.github.com>
Date: Fri, 4 Oct 2024 11:03:32 -0700
Subject: [PATCH 57/59] libsolv: enable zstd support to match createrepo_c
 (#10345)

This removes the need to use createrepo_c with --compatibility for Azure Linux 3.0.
---
 SPECS/libsolv/libsolv.spec                               | 9 +++++++--
 .../resources/manifests/package/pkggen_core_aarch64.txt  | 4 ++--
 .../resources/manifests/package/pkggen_core_x86_64.txt   | 4 ++--
 .../resources/manifests/package/toolchain_aarch64.txt    | 8 ++++----
 toolkit/resources/manifests/package/toolchain_x86_64.txt | 8 ++++----
 .../scripts/toolchain/build_official_toolchain_rpms.sh   | 3 ++-
 6 files changed, 21 insertions(+), 15 deletions(-)

diff --git a/SPECS/libsolv/libsolv.spec b/SPECS/libsolv/libsolv.spec
index ebcf84aaa2b..fa48d7e52e3 100644
--- a/SPECS/libsolv/libsolv.spec
+++ b/SPECS/libsolv/libsolv.spec
@@ -1,7 +1,7 @@
 Summary:        A free package dependency solver
 Name:           libsolv
 Version:        0.7.28
-Release:        1%{?dist}
+Release:        2%{?dist}
 License:        BSD
 URL:            https://github.com/openSUSE/libsolv
 Source0:        https://github.com/openSUSE/libsolv/archive/refs/tags/%{version}.tar.gz#/%{name}-%{version}.tar.gz
@@ -10,6 +10,7 @@ Vendor:         Microsoft Corporation
 Distribution:   Azure Linux
 BuildRequires:  cmake
 BuildRequires:  rpm-devel
+BuildRequires:  zstd-devel
 Requires:       expat-libs
 
 %description
@@ -47,7 +48,8 @@ Requires:       xz
     -DENABLE_RPMDB_BYRPMHEADER=ON       \
     -DENABLE_RPMDB_LIBRPM=ON            \
     -DENABLE_RPMMD=ON                   \
-    -DENABLE_COMPS=ON
+    -DENABLE_COMPS=ON                   \
+    -DENABLE_ZSTD_COMPRESSION=ON
 %make_build
 
 %install
@@ -77,6 +79,9 @@ find %{buildroot} -type f -name "*.la" -delete -print
 %{_mandir}/man1/*
 
 %changelog
+* Wed Sep 04 2024 Reuben Olinsky <reubeno@microsoft.com> - 0.7.28-2
+- Enable zstd support to match createrepo_c.
+
 * Wed Feb 07 2024 Alberto David Perez Guevara <aperezguevar@microsoft.com> - 0.7.28-1
 - Upgrade to version 0.7.28
 
diff --git a/toolkit/resources/manifests/package/pkggen_core_aarch64.txt b/toolkit/resources/manifests/package/pkggen_core_aarch64.txt
index c8e57e36694..87169d839ef 100644
--- a/toolkit/resources/manifests/package/pkggen_core_aarch64.txt
+++ b/toolkit/resources/manifests/package/pkggen_core_aarch64.txt
@@ -189,8 +189,8 @@ rpm-libs-4.18.2-1.azl3.aarch64.rpm
 cpio-2.14-1.azl3.aarch64.rpm
 cpio-lang-2.14-1.azl3.aarch64.rpm
 e2fsprogs-libs-1.47.0-2.azl3.aarch64.rpm
-libsolv-0.7.28-1.azl3.aarch64.rpm
-libsolv-devel-0.7.28-1.azl3.aarch64.rpm
+libsolv-0.7.28-2.azl3.aarch64.rpm
+libsolv-devel-0.7.28-2.azl3.aarch64.rpm
 libssh2-1.11.0-1.azl3.aarch64.rpm
 libssh2-devel-1.11.0-1.azl3.aarch64.rpm
 krb5-1.21.3-2.azl3.aarch64.rpm
diff --git a/toolkit/resources/manifests/package/pkggen_core_x86_64.txt b/toolkit/resources/manifests/package/pkggen_core_x86_64.txt
index 4326ff86195..1f71b3cd6dd 100644
--- a/toolkit/resources/manifests/package/pkggen_core_x86_64.txt
+++ b/toolkit/resources/manifests/package/pkggen_core_x86_64.txt
@@ -189,8 +189,8 @@ rpm-libs-4.18.2-1.azl3.x86_64.rpm
 cpio-2.14-1.azl3.x86_64.rpm
 cpio-lang-2.14-1.azl3.x86_64.rpm
 e2fsprogs-libs-1.47.0-2.azl3.x86_64.rpm
-libsolv-0.7.28-1.azl3.x86_64.rpm
-libsolv-devel-0.7.28-1.azl3.x86_64.rpm
+libsolv-0.7.28-2.azl3.x86_64.rpm
+libsolv-devel-0.7.28-2.azl3.x86_64.rpm
 libssh2-1.11.0-1.azl3.x86_64.rpm
 libssh2-devel-1.11.0-1.azl3.x86_64.rpm
 krb5-1.21.3-2.azl3.x86_64.rpm
diff --git a/toolkit/resources/manifests/package/toolchain_aarch64.txt b/toolkit/resources/manifests/package/toolchain_aarch64.txt
index ba5ce5970bd..1f1819d759e 100644
--- a/toolkit/resources/manifests/package/toolchain_aarch64.txt
+++ b/toolkit/resources/manifests/package/toolchain_aarch64.txt
@@ -223,10 +223,10 @@ libselinux-utils-3.6-3.azl3.aarch64.rpm
 libsepol-3.6-1.azl3.aarch64.rpm
 libsepol-debuginfo-3.6-1.azl3.aarch64.rpm
 libsepol-devel-3.6-1.azl3.aarch64.rpm
-libsolv-0.7.28-1.azl3.aarch64.rpm
-libsolv-debuginfo-0.7.28-1.azl3.aarch64.rpm
-libsolv-devel-0.7.28-1.azl3.aarch64.rpm
-libsolv-tools-0.7.28-1.azl3.aarch64.rpm
+libsolv-0.7.28-2.azl3.aarch64.rpm
+libsolv-debuginfo-0.7.28-2.azl3.aarch64.rpm
+libsolv-devel-0.7.28-2.azl3.aarch64.rpm
+libsolv-tools-0.7.28-2.azl3.aarch64.rpm
 libssh2-1.11.0-1.azl3.aarch64.rpm
 libssh2-debuginfo-1.11.0-1.azl3.aarch64.rpm
 libssh2-devel-1.11.0-1.azl3.aarch64.rpm
diff --git a/toolkit/resources/manifests/package/toolchain_x86_64.txt b/toolkit/resources/manifests/package/toolchain_x86_64.txt
index d59d21d0d18..1c3f8e3334d 100644
--- a/toolkit/resources/manifests/package/toolchain_x86_64.txt
+++ b/toolkit/resources/manifests/package/toolchain_x86_64.txt
@@ -229,10 +229,10 @@ libselinux-utils-3.6-3.azl3.x86_64.rpm
 libsepol-3.6-1.azl3.x86_64.rpm
 libsepol-debuginfo-3.6-1.azl3.x86_64.rpm
 libsepol-devel-3.6-1.azl3.x86_64.rpm
-libsolv-0.7.28-1.azl3.x86_64.rpm
-libsolv-debuginfo-0.7.28-1.azl3.x86_64.rpm
-libsolv-devel-0.7.28-1.azl3.x86_64.rpm
-libsolv-tools-0.7.28-1.azl3.x86_64.rpm
+libsolv-0.7.28-2.azl3.x86_64.rpm
+libsolv-debuginfo-0.7.28-2.azl3.x86_64.rpm
+libsolv-devel-0.7.28-2.azl3.x86_64.rpm
+libsolv-tools-0.7.28-2.azl3.x86_64.rpm
 libssh2-1.11.0-1.azl3.x86_64.rpm
 libssh2-debuginfo-1.11.0-1.azl3.x86_64.rpm
 libssh2-devel-1.11.0-1.azl3.x86_64.rpm
diff --git a/toolkit/scripts/toolchain/build_official_toolchain_rpms.sh b/toolkit/scripts/toolchain/build_official_toolchain_rpms.sh
index 35eb91499f4..24e75870e55 100755
--- a/toolkit/scripts/toolchain/build_official_toolchain_rpms.sh
+++ b/toolkit/scripts/toolchain/build_official_toolchain_rpms.sh
@@ -541,8 +541,9 @@ build_rpm_in_chroot_no_install libxslt
 chroot_and_install_rpms pam
 build_rpm_in_chroot_no_install docbook-style-xsl
 
-# libsolv needs cmake
+# libsolv needs cmake, zstd-devel
 chroot_and_install_rpms cmake
+chroot_and_install_rpms zstd
 build_rpm_in_chroot_no_install libsolv
 
 # ccache needs cmake

From 4df9dbc5464380d2e758f315420ad80d029de583 Mon Sep 17 00:00:00 2001
From: Lanze Liu <86434077+liulanze@users.noreply.github.com>
Date: Fri, 4 Oct 2024 14:33:25 -0700
Subject: [PATCH 58/59] minimal-os image definition. (#10520)

Co-authored-by: lanzeliu <lanzeliu@microsoft.com>
---
 toolkit/imageconfigs/minimal-os.json          | 55 +++++++++++++++++++
 .../packagelists/minimal-os-packages.json     | 36 ++++++++++++
 2 files changed, 91 insertions(+)
 create mode 100644 toolkit/imageconfigs/minimal-os.json
 create mode 100644 toolkit/imageconfigs/packagelists/minimal-os-packages.json

diff --git a/toolkit/imageconfigs/minimal-os.json b/toolkit/imageconfigs/minimal-os.json
new file mode 100644
index 00000000000..5ba7b582218
--- /dev/null
+++ b/toolkit/imageconfigs/minimal-os.json
@@ -0,0 +1,55 @@
+{
+    "Disks": [
+        {
+            "PartitionTableType": "gpt",
+            "MaxSize": 500,
+            "Artifacts": [
+                {
+                    "Name": "minimal-os",
+                    "Type": "vhdx"
+                }
+            ],
+            "Partitions": [
+                {
+                    "ID": "boot",
+                    "Flags": [
+                        "esp",
+                        "boot"
+                    ],
+                    "Start": 1,
+                    "End": 9,
+                    "FsType": "fat32"
+                },
+                {
+                    "ID": "rootfs",
+                    "Start": 9,
+                    "End": 0,
+                    "FsType": "ext4"
+                }
+            ]
+        }
+    ],
+    "SystemConfigs": [
+        {
+            "Name": "Standard",
+            "BootType": "efi",
+            "PartitionSettings": [
+                {
+                    "ID": "boot",
+                    "MountPoint": "/boot/efi",
+                    "MountOptions": "umask=0077"
+                },
+                {
+                    "ID": "rootfs",
+                    "MountPoint": "/"
+                }
+            ],
+            "PackageLists": [
+                "packagelists/minimal-os-packages.json"
+            ],
+            "KernelOptions": {
+                "default": "kernel"
+            }
+        }
+    ]
+}
diff --git a/toolkit/imageconfigs/packagelists/minimal-os-packages.json b/toolkit/imageconfigs/packagelists/minimal-os-packages.json
new file mode 100644
index 00000000000..50be8d0ce51
--- /dev/null
+++ b/toolkit/imageconfigs/packagelists/minimal-os-packages.json
@@ -0,0 +1,36 @@
+{
+    "packages": [
+        "azurelinux-release",
+        "azurelinux-repos",
+        "azurelinux-rpm-macros",
+        "bash",
+        "ca-certificates",
+        "ca-certificates-base",
+        "dbus",
+        "dracut-hostonly",
+        "e2fsprogs",
+        "filesystem",
+        "grub2",
+        "grub2-efi-binary",
+        "iana-etc",
+        "initramfs",
+        "iproute",
+        "iputils",
+        "irqbalance",
+        "ncurses-libs",
+        "openssl",
+        "rpm",
+        "rpm-libs",
+        "shadow-utils",
+        "shim",
+        "sudo",
+        "systemd",
+        "systemd-networkd",
+        "systemd-resolved",
+        "systemd-udev",
+        "tdnf",
+        "tdnf-plugin-repogpgcheck",
+        "util-linux",
+        "zlib"
+    ]
+}

From c8978ab7039605b24cc4288cfc4b9f50af0ff98f Mon Sep 17 00:00:00 2001
From: Pawel Winogrodzki <pawelwi@microsoft.com>
Date: Fri, 4 Oct 2024 18:28:26 -0700
Subject: [PATCH 59/59] Fixed toolkit's handling of RPMs with epoch values in
 their name (#10629)

---
 .../tools/graphpkgfetcher/graphpkgfetcher.go  |   3 +-
 toolkit/tools/internal/rpm/rpm.go             |  90 +++++--
 toolkit/tools/internal/rpm/rpm_test.go        | 233 +++++++++++++++++-
 .../schedulerutils/preparerequest.go          |   7 +
 4 files changed, 315 insertions(+), 18 deletions(-)

diff --git a/toolkit/tools/graphpkgfetcher/graphpkgfetcher.go b/toolkit/tools/graphpkgfetcher/graphpkgfetcher.go
index 73e88d032a6..03d0d493107 100644
--- a/toolkit/tools/graphpkgfetcher/graphpkgfetcher.go
+++ b/toolkit/tools/graphpkgfetcher/graphpkgfetcher.go
@@ -553,7 +553,8 @@ func assignRPMPath(node *pkggraph.PkgNode, outDir string, resolvedPackages []str
 }
 
 func rpmPackageToRPMPath(rpmPackage, outDir string) string {
-	// Construct the rpm path of the cloned package.
+	// Construct the RPM path of the cloned package.
+	rpmPackage = rpm.StripEpochFromPackageFullQualifiedName(rpmPackage)
 	rpmName := fmt.Sprintf("%s.rpm", rpmPackage)
 	return filepath.Join(outDir, rpmName)
 }
diff --git a/toolkit/tools/internal/rpm/rpm.go b/toolkit/tools/internal/rpm/rpm.go
index 7b9d30d4f9b..8ef77dffe56 100644
--- a/toolkit/tools/internal/rpm/rpm.go
+++ b/toolkit/tools/internal/rpm/rpm.go
@@ -63,11 +63,25 @@ const (
 )
 
 const (
-	installedRPMRegexRPMIndex        = 1
-	installedRPMRegexVersionIndex    = 2
-	installedRPMRegexArchIndex       = 3
-	installedRPMRegexExpectedMatches = 4
+	packageFQNRegexMatchSubString  = iota
+	packageFQNRegexNameIndex       = iota
+	packageFQNRegexEpochIndex      = iota
+	packageFQNRegexVersionIndex    = iota
+	packageFQNRegexReleaseIndex    = iota
+	packageFQNRegexArchIndex       = iota
+	packageFQNRegexExtensionIndex  = iota
+	packageFQNRegexExpectedMatches = iota
+)
+
+const (
+	installedRPMRegexMatchSubString  = iota
+	installedRPMRegexRPMIndex        = iota
+	installedRPMRegexVersionIndex    = iota
+	installedRPMRegexArchIndex       = iota
+	installedRPMRegexExpectedMatches = iota
+)
 
+const (
 	rpmProgram      = "rpm"
 	rpmSpecProgram  = "rpmspec"
 	rpmBuildProgram = "rpmbuild"
@@ -83,6 +97,25 @@ var (
 	// It works multi-line strings containing the whole file content, thus the need for the 'm' flag.
 	checkSectionRegex = regexp.MustCompile(`(?m)^\s*%check`)
 
+	// A full qualified RPM name contains the package name, epoch, version, release, architecture, and extension.
+	// Optional fields:
+	// 	- epoch,
+	// 	- architecture.
+	//	- "rpm" extension.
+	//
+	// Sample match:
+	//
+	//	pkg-name-0:1.2.3-4.azl3.x86_64.rpm
+	//
+	// Groups can be used to split it into:
+	//   - name:			pkg-name
+	//   - epoch:			0
+	//   - version:			1.2.3
+	//   - release:			4.azl3
+	//   - architecture:	x86_64
+	//   - extension:		rpm
+	packageFQNRegex = regexp.MustCompile(`^\s*(\S+[^-])-(?:(\d+):)?(\d[^-:_]*)-(\d+(?:[^-\s]*?))(?:\.(noarch|x86_64|aarch64|src))?(?:\.(rpm))?\s*$`)
+
 	// Output from 'rpm' prints installed RPMs in a line with the following format:
 	//
 	//	D: ========== +++ [name]-([epoch]:)[version]-[release].[distribution] [architecture]-linux [hex_value]
@@ -187,19 +220,15 @@ func getMacroDirWithFallback(allowDefault bool) (macroDir string, err error) {
 func ExtractNameFromRPMPath(rpmFilePath string) (packageName string, err error) {
 	baseName := filepath.Base(rpmFilePath)
 
+	matches := packageFQNRegex.FindStringSubmatch(baseName)
+
 	// If the path is invalid, return empty string. We consider any string that has at least 1 '-' characters valid.
-	if !strings.Contains(baseName, "-") {
+	if matches == nil {
 		err = fmt.Errorf("invalid RPM file path (%s), can't extract name", rpmFilePath)
 		return
 	}
 
-	rpmFileSplit := strings.Split(baseName, "-")
-	packageName = strings.Join(rpmFileSplit[:len(rpmFileSplit)-2], "-")
-	if packageName == "" {
-		err = fmt.Errorf("invalid RPM file path (%s), can't extract name", rpmFilePath)
-		return
-	}
-	return
+	return matches[packageFQNRegexNameIndex], nil
 }
 
 // getCommonBuildArgs will generate arguments to pass to 'rpmbuild'.
@@ -526,10 +555,6 @@ func extractCompetingPackageInfoFromLine(line string) (match bool, pkgName strin
 		pkgName := matches[installedRPMRegexRPMIndex]
 		version := matches[installedRPMRegexVersionIndex]
 		arch := matches[installedRPMRegexArchIndex]
-		// Names should not contain the epoch, strip everything before the ":"" in the string. "Version": "0:1.2-3", becomes "1.2-3"
-		if strings.Contains(version, ":") {
-			version = strings.Split(version, ":")[1]
-		}
 
 		return true, fmt.Sprintf("%s-%s.%s", pkgName, version, arch)
 	}
@@ -636,6 +661,39 @@ func BuildCompatibleSpecsList(baseDir string, inputSpecPaths []string, defines m
 	return filterCompatibleSpecs(specPaths, defines)
 }
 
+// StripEpochFromPackageFullQualifiedName removes the epoch from a package full qualified name if it is present.
+// Example:
+//
+//	"pkg-name-0:1.2.3-4.azl3.x86_64" -> "pkg-name-1.2.3-4.azl3.x86_64"
+func StripEpochFromPackageFullQualifiedName(packageFQN string) string {
+	var packageFQNBuilder strings.Builder
+
+	matches := packageFQNRegex.FindStringSubmatch(packageFQN)
+	if matches == nil {
+		return packageFQN
+	}
+
+	packageFQNBuilder.WriteString(matches[packageFQNRegexNameIndex])
+	packageFQNBuilder.WriteString("-")
+
+	packageFQNBuilder.WriteString(matches[packageFQNRegexVersionIndex])
+	packageFQNBuilder.WriteString("-")
+
+	packageFQNBuilder.WriteString(matches[packageFQNRegexReleaseIndex])
+
+	if matches[packageFQNRegexArchIndex] != "" {
+		packageFQNBuilder.WriteString(".")
+		packageFQNBuilder.WriteString(matches[packageFQNRegexArchIndex])
+	}
+
+	if matches[packageFQNRegexExtensionIndex] != "" {
+		packageFQNBuilder.WriteString(".")
+		packageFQNBuilder.WriteString(matches[packageFQNRegexExtensionIndex])
+	}
+
+	return packageFQNBuilder.String()
+}
+
 // TestRPMFromSRPM builds an RPM from the given SRPM and runs its '%check' section SRPM file
 // but it does not generate any RPM packages.
 func TestRPMFromSRPM(srpmFile, outArch string, defines map[string]string) (err error) {
diff --git a/toolkit/tools/internal/rpm/rpm_test.go b/toolkit/tools/internal/rpm/rpm_test.go
index 72e9a2311de..1731a5bcb69 100644
--- a/toolkit/tools/internal/rpm/rpm_test.go
+++ b/toolkit/tools/internal/rpm/rpm_test.go
@@ -470,7 +470,7 @@ func TestConflictingPackageRegex(t *testing.T) {
 			name:           "perl with epoch",
 			inputLine:      "D: ========== +++ perl-4:5.34.1-489.cm2 x86_64-linux 0x0",
 			expectedMatch:  true,
-			expectedOutput: "perl-5.34.1-489.cm2.x86_64",
+			expectedOutput: "perl-4:5.34.1-489.cm2.x86_64",
 		},
 		{
 			name:           "systemd no epoch",
@@ -494,3 +494,234 @@ func TestConflictingPackageRegex(t *testing.T) {
 		})
 	}
 }
+
+func TestPackageFQNRegexWithValidInput(t *testing.T) {
+	tests := []struct {
+		name           string
+		input          string
+		expectedGroups []string
+	}{
+		{
+			name:           "package with epoch and architecture",
+			input:          "pkg-name-0:1.2.3-4.azl3.x86_64.rpm",
+			expectedGroups: []string{"pkg-name", "0", "1.2.3", "4.azl3", "x86_64", "rpm"},
+		},
+		{
+			name:           "package with epoch and architecture but no '.rpm' suffix",
+			input:          "pkg-name-0:1.2.3-4.azl3.x86_64",
+			expectedGroups: []string{"pkg-name", "0", "1.2.3", "4.azl3", "x86_64", ""},
+		},
+		{
+			name:           "package without epoch, and architecture",
+			input:          "pkg-name-1.2.3-4.azl3.rpm",
+			expectedGroups: []string{"pkg-name", "", "1.2.3", "4.azl3", "", "rpm"},
+		},
+		{
+			name:           "package with architecture but no epoch",
+			input:          "pkg-name-1.2.3-4.azl3.aarch64",
+			expectedGroups: []string{"pkg-name", "", "1.2.3", "4.azl3", "aarch64", ""},
+		},
+		{
+			name:           "package with epoch but no architecture",
+			input:          "pkg-name-0:1.2.3-4.azl3",
+			expectedGroups: []string{"pkg-name", "0", "1.2.3", "4.azl3", "", ""},
+		},
+		{
+			name:           "package without '.rpm' suffix",
+			input:          "pkg-name-1.2.3-4.azl3.x86_64",
+			expectedGroups: []string{"pkg-name", "", "1.2.3", "4.azl3", "x86_64", ""},
+		},
+		{
+			name:           "package with version containing the '+' character",
+			input:          "pkg-name-1.2.3+4-4.azl3.x86_64.rpm",
+			expectedGroups: []string{"pkg-name", "", "1.2.3+4", "4.azl3", "x86_64", "rpm"},
+		},
+		{
+			name:           "package with version containing the '~' character",
+			input:          "pkg-name-1.2.3~4-4.azl3.x86_64.rpm",
+			expectedGroups: []string{"pkg-name", "", "1.2.3~4", "4.azl3", "x86_64", "rpm"},
+		},
+		{
+			name:           "package with release containing two '.' characters",
+			input:          "pkg-name-1.2.3-4.5.azl3.x86_64.rpm",
+			expectedGroups: []string{"pkg-name", "", "1.2.3", "4.5.azl3", "x86_64", "rpm"},
+		},
+		{
+			name:           "package with release containing the '_' character",
+			input:          "pkg-name-1.2.3-45.az_l3.x86_64.rpm",
+			expectedGroups: []string{"pkg-name", "", "1.2.3", "45.az_l3", "x86_64", "rpm"},
+		},
+		{
+			name:           "package with release containing the `~` character",
+			input:          "pkg-name-1.2.3-45.azl3~2.x86_64.rpm",
+			expectedGroups: []string{"pkg-name", "", "1.2.3", "45.azl3~2", "x86_64", "rpm"},
+		},
+		{
+			name:           "package with double dash in name",
+			input:          "nvidia-container-toolkit-1.15.0-1.azl3.x86_64.rpm",
+			expectedGroups: []string{"nvidia-container-toolkit", "", "1.15.0", "1.azl3", "x86_64", "rpm"},
+		},
+		{
+			name:           "package with underscore in release",
+			input:          "nvidia-container-toolkit-550.54.15-2_5.15.162.2.1.azl3.x86_64.rpm",
+			expectedGroups: []string{"nvidia-container-toolkit", "", "550.54.15", "2_5.15.162.2.1.azl3", "x86_64", "rpm"},
+		},
+	}
+
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			matches := packageFQNRegex.FindStringSubmatch(tt.input)
+			assert.NotNil(t, matches)
+			assert.Equal(t, tt.expectedGroups, matches[1:])
+		})
+	}
+}
+
+func TestPackageFQNRegexWithInvalidInput(t *testing.T) {
+	tests := []struct {
+		name  string
+		input string
+	}{
+		{
+			name:  "package with missing version",
+			input: "pkg-name--4.azl3.x86_64.rpm",
+		},
+		{
+			name:  "package with missing release",
+			input: "pkg-name-1.2.3-.azl3.x86_64.rpm",
+		},
+		{
+			name:  "package with missing name",
+			input: "-1.2.3-4.azl3.x86_64.rpm",
+		},
+		{
+			name:  "package with only hyphen",
+			input: "-",
+		},
+		{
+			name:  "package with version not beginning with a digit",
+			input: "pkg-name-0:a1.2.3-4.azl3.x86_64.rpm",
+		},
+		{
+			name:  "package with release not beginning with a digit",
+			input: "pkg-name-0:1.2.3-D4.azl3.x86_64.rpm",
+		},
+		{
+			name:  "package with epoch not beginning with a digit",
+			input: "pkg-name-0:1.2.3-D4.azl3.x86_64.rpm",
+		},
+		{
+			name:  "package with epoch unsupported architecture",
+			input: "pkg-name-0:1.2.3-D4.azl3.other_arch.rpm",
+		},
+	}
+
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			matches := packageFQNRegex.FindStringSubmatch(tt.input)
+			assert.Nil(t, matches)
+		})
+	}
+}
+
+func TestStripEpochFromPackageFullQualifiedNameWithValidInput(t *testing.T) {
+	tests := []struct {
+		name     string
+		input    string
+		expected string
+	}{
+		{
+			name:     "package with epoch and architecture",
+			input:    "pkg-name-0:1.2.3-4.azl3.x86_64.rpm",
+			expected: "pkg-name-1.2.3-4.azl3.x86_64.rpm",
+		},
+		{
+			name:     "package with epoch and architecture but no '.rpm' suffix",
+			input:    "pkg-name-0:1.2.3-4.azl3.x86_64",
+			expected: "pkg-name-1.2.3-4.azl3.x86_64",
+		},
+		{
+			name:     "package with epoch but no architecture",
+			input:    "pkg-name-0:1.2.3-4.azl3",
+			expected: "pkg-name-1.2.3-4.azl3",
+		},
+		{
+			name:     "package with architecture but no epoch",
+			input:    "pkg-name-1.2.3-4.azl3.aarch64",
+			expected: "pkg-name-1.2.3-4.azl3.aarch64",
+		},
+		{
+			name:     "package without epoch, and architecture",
+			input:    "pkg-name-1.2.3-4.azl3.rpm",
+			expected: "pkg-name-1.2.3-4.azl3.rpm",
+		},
+		{
+			name:     "package with version containing the '+' character",
+			input:    "pkg-name-1.2.3+4-4.azl3.x86_64.rpm",
+			expected: "pkg-name-1.2.3+4-4.azl3.x86_64.rpm",
+		},
+		{
+			name:     "package with version containing the '~' character",
+			input:    "pkg-name-1.2.3~4-4.azl3.x86_64.rpm",
+			expected: "pkg-name-1.2.3~4-4.azl3.x86_64.rpm",
+		},
+		{
+			name:     "package with release containing two '.' characters",
+			input:    "pkg-name-1.2.3-4.5.azl3.x86_64.rpm",
+			expected: "pkg-name-1.2.3-4.5.azl3.x86_64.rpm",
+		},
+		{
+			name:     "package with release containing the '_' character",
+			input:    "pkg-name-1.2.3-4_5.azl3.x86_64.rpm",
+			expected: "pkg-name-1.2.3-4_5.azl3.x86_64.rpm",
+		},
+		{
+			name:     "package with release containing the `~` character",
+			input:    "pkg-name-1.2.3-4~5.azl3.x86_64.rpm",
+			expected: "pkg-name-1.2.3-4~5.azl3.x86_64.rpm",
+		},
+	}
+
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			actual := StripEpochFromPackageFullQualifiedName(tt.input)
+			assert.Equal(t, tt.expected, actual)
+		})
+	}
+}
+
+func TestStripEpochFromPackageFullQualifiedNameWithInvalidInput(t *testing.T) {
+	tests := []struct {
+		name     string
+		input    string
+		expected string
+	}{
+		{
+			name:     "invalid package name",
+			input:    "invalid-package-name",
+			expected: "invalid-package-name",
+		},
+		{
+			name:     "empty package name",
+			input:    "",
+			expected: "",
+		},
+		{
+			name:     "package name with only hyphens",
+			input:    "----",
+			expected: "----",
+		},
+		{
+			name:     "package name with spaces",
+			input:    "pkg name-1.2.3-4.azl3.x86_64.rpm",
+			expected: "pkg name-1.2.3-4.azl3.x86_64.rpm",
+		},
+	}
+
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			actual := StripEpochFromPackageFullQualifiedName(tt.input)
+			assert.Equal(t, tt.expected, actual)
+		})
+	}
+}
diff --git a/toolkit/tools/scheduler/schedulerutils/preparerequest.go b/toolkit/tools/scheduler/schedulerutils/preparerequest.go
index 4838b0b4396..33fa3270ca5 100644
--- a/toolkit/tools/scheduler/schedulerutils/preparerequest.go
+++ b/toolkit/tools/scheduler/schedulerutils/preparerequest.go
@@ -207,6 +207,8 @@ func testNodesToRequests(pkgGraph *pkggraph.PkgGraph, buildState *GraphBuildStat
 // - missing RPMs or
 // - user explicitly requesting the node to be rebuilt.
 func isRequiredRebuild(pkgGraph *pkggraph.PkgGraph, node *pkggraph.PkgNode, packagesToRebuild []*pkgjson.PackageVer) bool {
+	logger.Log.Debugf("Checking if node %v is required to be rebuilt.", node.FriendlyName())
+
 	return nodeHasMissingRPMs(pkgGraph, node) || nodeRequestedForRebuildByUser(node, packagesToRebuild)
 }
 
@@ -266,6 +268,11 @@ func calculateExpectedFreshness(dependencyNode *pkggraph.PkgNode, buildState *Gr
 // nodeHasMissingRPMs checks if all RPMs expected from the node's SRPM are present.
 // If any of the RPMs produced by the SRPM are missing, we must build the SRPM and reset the freshness of the node.
 func nodeHasMissingRPMs(pkgGraph *pkggraph.PkgGraph, node *pkggraph.PkgNode) (rpmsMissing bool) {
+	if node.SrpmPath == pkggraph.NoSRPMPath {
+		logger.Log.Debugf("Node %v has no SRPM path, skipping check for missing RPMs.", node.FriendlyName())
+		return
+	}
+
 	expectedFiles, missingFiles := pkggraph.FindRPMFiles(node.SrpmPath, pkgGraph, nil)
 
 	rpmsMissing = len(missingFiles) != 0