Merge pull request #4438 from microsoft/sammeluch/merge-crit-high-cve-fixes

Merge High or Critical CVE Fixes to 2.0 for sqlite, python3, kernel, and nodejs and an update to k3s Vendor Tarball for Dependencies.

Author: sameluch

SPECS-SIGNED/kernel-hci-signed/kernel-hci-signed.spec

@@ -4,7 +4,7 @@
 %define uname_r %{version}-%{release}
 Summary:        Signed Linux Kernel for HCI
 Name:           kernel-hci-signed-%{buildarch}
-Version:        5.15.80.1
+Version:        5.15.82.1
 Release:        1%{?dist}
 License:        GPLv2
 Vendor:         Microsoft Corporation
@@ -149,6 +149,12 @@ ln -sf linux-%{uname_r}.cfg /boot/mariner.cfg
 %exclude /module_info.ld
 
 %changelog
+* Tue Dec 13 2022 CBL-Mariner Servicing Account <[email protected]> - 5.15.82.1-1
+- Auto-upgrade to 5.15.82.1
+
+* Wed Dec 07 2022 CBL-Mariner Servicing Account <[email protected]> - 5.15.81.1-1
+- Auto-upgrade to 5.15.81.1
+
 * Tue Nov 29 2022 Vince Perri <[email protected]> - 5.15.80.1-1
 - Original version for CBL-Mariner.
 - License verified

SPECS-SIGNED/kernel-signed/kernel-signed.spec

@@ -9,7 +9,7 @@
 %define uname_r %{version}-%{release}
 Summary:        Signed Linux Kernel for %{buildarch} systems
 Name:           kernel-signed-%{buildarch}
-Version:        5.15.80.1
+Version:        5.15.82.1
 Release:        1%{?dist}
 License:        GPLv2
 Vendor:         Microsoft Corporation
@@ -153,6 +153,15 @@ ln -sf linux-%{uname_r}.cfg /boot/mariner.cfg
 %exclude /module_info.ld
 
 %changelog
+* Tue Dec 13 2022 CBL-Mariner Servicing Account <[email protected]> - 5.15.82.1-1
+- Auto-upgrade to 5.15.82.1
+
+* Wed Dec 07 2022 CBL-Mariner Servicing Account <[email protected]> - 5.15.81.1-1
+- Auto-upgrade to 5.15.81.1
+
+* Mon Dec 05 2022 Betty Lakes <[email protected]> - 5.15.80.1-2
+- Bump release to match kernel
+
 * Tue Nov 29 2022 CBL-Mariner Servicing Account <[email protected]> - 5.15.80.1-1
 - Auto-upgrade to 5.15.80.1
 

SPECS/LICENSES-AND-NOTICES/LICENSES-MAP.md

@@ -2047,6 +2047,8 @@
                 "livepatch-5.15.77.1-1.cm2-signed",
                 "livepatch-5.15.79.1-1.cm2",
                 "livepatch-5.15.80.1-1.cm2",
+                "livepatch-5.15.81.1-1.cm2",
+                "livepatch-5.15.82.1-1.cm2",
                 "livepatching",
                 "lld",
                 "local-path-provisioner",

SPECS/LICENSES-AND-NOTICES/data/licenses.json

@@ -7,6 +7,6 @@
     "hypervkvpd.service": "c1bb207cf9f388f8f3cf5b649abbf8cfe4c4fcf74538612946e68f350d1f265f",
     "hypervvss.rules": "94cead44245ef6553ab79c0bbac8419e3ff4b241f01bcec66e6f508098cbedd1",
     "hypervvssd.service": "22270d9f0f23af4ea7905f19c1d5d5495e40c1f782cbb87a99f8aec5a011078d",
-    "kernel-5.15.80.1.tar.gz": "690c866bf52eb1afa660820d24893d799372b887963b3a6653551dea7a5466b5"
+    "kernel-5.15.82.1.tar.gz": "30a0059b18ea04469340c6e9e21d27786692faf05b3947e3eb13d62e25632b15"
   }
 }

SPECS/hyperv-daemons/hyperv-daemons.signatures.json

@@ -8,7 +8,7 @@
 %global udev_prefix 70
 Summary:        Hyper-V daemons suite
 Name:           hyperv-daemons
-Version:        5.15.80.1
+Version:        5.15.82.1
 Release:        1%{?dist}
 License:        GPLv2+
 Vendor:         Microsoft Corporation
@@ -219,6 +219,12 @@ fi
 %{_sbindir}/lsvmbus
 
 %changelog
+* Tue Dec 13 2022 CBL-Mariner Servicing Account <[email protected]> - 5.15.82.1-1
+- Auto-upgrade to 5.15.82.1
+
+* Wed Dec 07 2022 CBL-Mariner Servicing Account <[email protected]> - 5.15.81.1-1
+- Auto-upgrade to 5.15.81.1
+
 * Tue Nov 29 2022 CBL-Mariner Servicing Account <[email protected]> - 5.15.80.1-1
 - Auto-upgrade to 5.15.80.1
 

SPECS/hyperv-daemons/hyperv-daemons.spec

@@ -1,6 +1,6 @@
 {
     "Signatures": {
-     "k3s-1.23.8-vendor.tar.gz": "3c96e864d0e89e318ecdd62e1750f787d1b622feeb240f7b86d9f3280447aeda",
+     "k3s-1.23.8-vendor.tar.gz": "f6a8ca7fac181a606cf2ef0f09947160ab6037885c08fc8855249c7976762d11",
      "k3s-1.23.8.tar.gz": "35ff7b3819cf9ff3b33497e335ccfd892a642acd4c5e4223585d225f11fe4b64"
     }
 }

SPECS/k3s/k3s-1.23.8.signatures.json

@@ -1,23 +1,23 @@
 Summary:        Lightweight Kubernetes
 Name:           k3s
 Version:        1.23.8
-Release:        2%{?dist}
+Release:        3%{?dist}
 License:        ASL 2.0
 Group:          System Environment/Base
 URL:            http://k3s.io
-Source0:        https://github.com/k3s-io/%{name}/archive/refs/tags/v%{version}+k3s1.tar.gz#/%{name}-%{version}.tar.gz
+Source0:        https://github.com/k3s-io/%{name}/archive/refs/tags/v%{version}+k3s2.tar.gz#/%{name}-%{version}.tar.gz
 # Below is a manually created tarball, no download link.
 # We're using pre-populated Go modules from this tarball, since network is disabled during build time.
 # We are also pre-cloning 3 git repositories
 # How to re-build this file:
-# 1. wget https://github.com/k3s-io/%%{name}/archive/refs/tags/v%%{version}+k3s1.tar.gz -O %%{name}-%%{version}.tar.gz
+# 1. wget https://github.com/k3s-io/%%{name}/archive/refs/tags/v%%{version}+k3s2.tar.gz -O %%{name}-%%{version}.tar.gz
 # 2. tar -xf %%{name}-%%{version}.tar.gz
-# 3. cd %%{name}-%%{version}-k3s1
+# 3. cd %%{name}-%%{version}-k3s2
 # 4. go mod vendor
 # 5. pushd vendor
-# 6. git clone https://github.com/k3s-io/containerd -b v1.5.13-k3s1
-# 7. git clone https://github.com/rancher/plugins.git -b k3s-v1.1.1
-# 8. git clone https://github.com/opencontainers/runc.git -b v1.1.2
+# 6. git clone --single-branch --branch="v1.5.13-k3s1" --depth=1 https://github.com/k3s-io/containerd
+# 7. git clone -b "v1.1.1-k3s1" https://github.com/rancher/plugins.git
+# 8. git clone --single-branch --branch="v1.1.2" --depth=1 https://github.com/opencontainers/runc
 # 9. popd
 # 10. tar -cf %%{name}-%%{version}-vendor.tar.gz vendor
 Source1:        %{name}-%{version}-vendor.tar.gz
@@ -79,6 +79,9 @@ exit 0
 %{install_sh}
 
 %changelog
+* Thu Dec 08 2022 Vinayak Gupta <[email protected]> - 1.23.8-3
+- Update the vendor tarball with the corrected versions of the dependencies
+
 * Tue Nov 01 2022 Olivia Crain <[email protected]> - 1.23.8-2
 - Bump release to rebuild with go 1.18.8
 
@@ -104,4 +107,4 @@ exit 0
 - Initial CBL-Mariner import from Rancher (license: ASL 2.0).
 
 * Mon Mar 2 2020 Erik Wilson <[email protected]> 0.1-1
-- Initial version
+- Initial version

SPECS/k3s/k3s-1.23.8.spec

@@ -1,6 +1,6 @@
 {
     "Signatures": {
-     "k3s-1.24.3-vendor.tar.gz": "af12595259cf8a732b687f8341526b680fbc9266c05e4d095f80c75d891a230f",
+     "k3s-1.24.3-vendor.tar.gz": "5a4b75cb7bcedc96900126e16df985c0c2c7e4e45ea759dd11d487ddcaf71c32",
      "k3s-1.24.3.tar.gz": "002fd919452e8fbc61182e1cbf90997a1f8b16a7b835e05e7c40bb52bf830f56"
     }
 }

SPECS/k3s/k3s-1.24.3.signatures.json

@@ -1,7 +1,7 @@
 Summary:        Lightweight Kubernetes
 Name:           k3s
 Version:        1.24.3
-Release:        2%{?dist}
+Release:        3%{?dist}
 License:        ASL 2.0
 Group:          System Environment/Base
 URL:            http://k3s.io
@@ -15,9 +15,9 @@ Source0:        https://github.com/k3s-io/%{name}/archive/refs/tags/v%{version}+
 # 3. cd %%{name}-%%{version}-k3s1
 # 4. go mod vendor
 # 5. pushd vendor
-# 6. git clone https://github.com/k3s.io/containerd.git -b 1.5.13-k3s1
-# 7. git clone https://github.com/rancher/plugins.git -b k3s-v1.1.1
-# 8. git clone https://github.com/opencontainers/runc.git -b v1.1.3
+# 6. git clone --single-branch --branch="v1.6.6-k3s1" --depth=1 https://github.com/k3s-io/containerd
+# 7. git clone -b "v1.1.1-k3s1" https://github.com/rancher/plugins.git
+# 8. git clone --single-branch --branch="v1.1.3" --depth=1 https://github.com/opencontainers/runc
 # 9. popd
 # 10. tar -cf %%{name}-%%{version}-vendor.tar.gz vendor
 Source1:        %{name}-%{version}-vendor.tar.gz
@@ -79,6 +79,9 @@ exit 0
 %{install_sh}
 
 %changelog
+* Thu Dec 08 2022 Vinayak Gupta <[email protected]> - 1.24.3-3
+- Update the vendor tarball with the corrected versions of the dependencies
+
 * Tue Nov 01 2022 Olivia Crain <[email protected]> - 1.24.3-2
 - Bump release to rebuild with go 1.18.8
 
@@ -107,4 +110,4 @@ exit 0
 - Initial CBL-Mariner import from Rancher (license: ASL 2.0).
 
 * Mon Mar 2 2020 Erik Wilson <[email protected]> 0.1-1
-- Initial version
+- Initial version

SPECS/k3s/k3s-1.24.3.spec

@@ -1,6 +1,6 @@
 {
- "Signatures": {
-  "k3s-1.25.0-vendor.tar.gz": "b1acea5ca9c04919fae595162bac4e2761ad9ec500f03d6bec0822a60edb5aef",
-  "k3s-1.25.0.tar.gz": "3078bfad9fa4402be143e8ba706dd7773e435cf64b67e58c936c26a1ad284e2f"
- }
+    "Signatures": {
+     "k3s-1.25.0-vendor.tar.gz": "6d6c58fb43e92dcb7d2f074767d415b81f870eecad3f0e2d4eac2fd55f58dc1f",
+     "k3s-1.25.0.tar.gz": "3078bfad9fa4402be143e8ba706dd7773e435cf64b67e58c936c26a1ad284e2f"
+    }
 }

SPECS/k3s/k3s.signatures.json

@@ -1,7 +1,7 @@
 Summary:        Lightweight Kubernetes
 Name:           k3s
 Version:        1.25.0
-Release:        2%{?dist}
+Release:        3%{?dist}
 License:        ASL 2.0
 Group:          System Environment/Base
 URL:            http://k3s.io
@@ -15,9 +15,9 @@ Source0:        https://github.com/k3s-io/%{name}/archive/refs/tags/v%{version}+
 # 3. cd %%{name}-%%{version}-k3s1
 # 4. go mod vendor
 # 5. pushd vendor
-# 6. git clone https://github.com/k3s.io/containerd.git -b 1.5.13-k3s2
-# 7. git clone https://github.com/rancher/plugins.git -b k3s-v1.1.1
-# 8. git clone https://github.com/opencontainers/runc.git -b v1.1.4
+# 6. git clone --single-branch --branch="v1.6.8-k3s1" --depth=1 https://github.com/k3s-io/containerd
+# 7. git clone -b "v1.1.1-k3s1" https://github.com/rancher/plugins.git
+# 8. git clone --single-branch --branch="v1.1.4" --depth=1 https://github.com/opencontainers/runc
 # 9. popd
 # 10. tar -cf %%{name}-%%{version}-vendor.tar.gz vendor
 Source1:        %{name}-%{version}-vendor.tar.gz
@@ -79,6 +79,9 @@ exit 0
 %{install_sh}
 
 %changelog
+* Thu Dec 08 2022 Vinayak Gupta <[email protected]> - 1.25.0-3
+- Update the vendor tarball with the corrected versions of the dependencies
+
 * Tue Nov 01 2022 Olivia Crain <[email protected]> - 1.25.0-2
 - Bump release to rebuild with go 1.18.8
 
@@ -110,4 +113,4 @@ exit 0
 - Initial CBL-Mariner import from Rancher (license: ASL 2.0).
 
 * Mon Mar 2 2020 Erik Wilson <[email protected]> 0.1-1
-- Initial version
+- Initial version

SPECS/k3s/k3s.spec

@@ -0,0 +1,6 @@
+CVE-2022-1204 - Fix already backported to 5.15.35
+upstream commit ID 5352a761308397a0e6250fdc629bb3f615b94747 -> stable commit ID 1bf8946d5826788c82971977245bcd3313678eac
+upstream commit ID feef318c855a361a1eccd880f33e88c460eb63b4 -> stable commit ID b982492ec3a115e0a136856a1b2dbe32f2d21a0e
+upstream commit ID d01ffb9eee4af165d83b08dd73ebdf9fe94a519b -> stable commit ID 9af0fd5c4453a44c692be0cbb3724859b75d739b
+upstream commit ID 9fd75b66b8f68498454d685dc4ba13192ae069b0 -> stable commit ID 452ae92b99062d2f6a34324eaf705a3b7eac9f8b
+upstream commit ID 87563a043cef044fed5db7967a75741cc16ad2b1 -> stable commit ID bc706d89199b0d8ee5e2229e18fdb9c0720f6ba8

SPECS/kernel-hci/CVE-2022-1204.nopatch

@@ -0,0 +1,3 @@
+CVE-2022-2785 - Introducing commit is not in stable tree. No fix necessary at this time.
+Upstream introducing commit - b1d18a7574d0df5eb4117c14742baf8bc2b9bb74
+Upstream fix commit - 86f44fcec22ce2979507742bc53db8400e454f46

SPECS/kernel-hci/CVE-2022-2785.nopatch

@@ -0,0 +1,6 @@
+CVE-2022-3344 - Fix already backported 5.15.81.1
+Upstream: 16ae56d7e0528559bf8dc9070e3bfd8ba3de80df
+Stable: 3e87cb0caa25d667a9ca2fe15fef889e43ab8f95
+
+Upstream: ed129ec9057f89d615ba0c81a4984a90345a1684
+Stable: 6425c590d0cc6914658a630a40b7f8226aa028c3

SPECS/kernel-hci/CVE-2022-3344.nopatch

@@ -0,0 +1,3 @@
+CVE-2022-3586 - Fix already backported
+Upstream: 9efd23297cca530bb35e1848665805d3fcdd7889
+Stable: 1a889da60afc017050e1f517b3b976b462846668

SPECS/kernel-hci/CVE-2022-3586.nopatch

@@ -0,0 +1,3 @@
+CVE-2022-3595 - Introducing commit is not in stable tree. No fix necessary at this time.
+Upstream introducing commit - a4e430c8c8ba96be8c6ec4f2eb108bb8bcbee069
+Upstream fix commit - b854b4ee66437e6e1622fda90529c814978cb4ca

SPECS/kernel-hci/CVE-2022-3595.nopatch

@@ -0,0 +1,3 @@
+CVE-2022-3910 - Introducing commit is not in stable tree. No fix necessary at this time.
+Upstream introducing commit - aa184e8671f0f911fc2fb3f68cd506e4d7838faa
+Upstream fix commit - fc7222c3a9f56271fba02aabbfbae999042f1679

SPECS/kernel-hci/CVE-2022-3910.nopatch

@@ -0,0 +1,3 @@
+CVE-2022-40768 - Fix already backported
+Upstream: 6022f210461fef67e6e676fd8544ca02d1bcfa7a 
+Stable:	76efb4897bc38b2f16176bae27ae801037ebf49a

SPECS/kernel-hci/CVE-2022-40768.nopatch

@@ -0,0 +1,3 @@
+CVE-2022-4127 - Introducing commit is not in stable tree. No fix necessary at this time.
+Upstream introducing commit - a7c41b4687f5902af70cd559806990930c8a307b
+Upstream fix commit - d785a773bed966a75ca1f11d108ae1897189975b

SPECS/kernel-hci/CVE-2022-4127.nopatch

@@ -0,0 +1,2 @@
+CVE-2022-41849 - Fix already backported 5.15.75
+upstream commit ID 5610bcfe8693c02e2e4c8b31427f1bdbdecc839c -> stable commit ID 2b0897e33682a332167b7d355eec28693b62119e

SPECS/kernel-hci/CVE-2022-41849.nopatch

@@ -0,0 +1,2 @@
+CVE-2022-41850 - Fix already backported 5.15.75
+upstream commit ID cacdb14b1c8d3804a3a7d31773bc7569837b71a4 -> stable commit ID c61786dc727d1850336d12c85a032c9a36ae396d

SPECS/kernel-hci/CVE-2022-41850.nopatch

@@ -0,0 +1,7 @@
+CVE-2022-43945 - Fix already backported
+upstream commit ID 90bfc37b5ab91c1a6165e3e5cfc49bf04571b762 -> stable commit ID 6b55707ff8b296243a9cf6636d6d8459b6a4a7f8
+upstream commit ID 1242a87da0d8cd2a428e96ca68e7ea899b0f4624 -> stable commit ID cedaf73c8bdaa666cd125257861155f273464a6f
+upstream commit ID 00b4492686e0497fdb924a9d4c8f6f99377e176c -> stable commit ID dc7f225090c29a5f3b9419b1af32846a201555e7
+upstream commit ID 640f87c190e0d1b2a0fcb2ecf6d2cd53b1c41991 -> stable commit ID 071a076fd1b763aa6fe478efa047e0a549ba9c22
+upstream commit ID 401bc1f90874280a80b93f23be33a0e7e2d1f912 -> stable commit ID 2be9331ca6061bc6ea32247266f45b8b21030244
+upstream commit ID fa6be9cc6e80ec79892ddf08a8c10cabab9baf38 -> stable commit ID 75d9de25a6f833dd0701ca546ac926cabff2b5af

SPECS/kernel-hci/CVE-2022-43945.nopatch

@@ -1,6 +1,6 @@
 #
 # Automatically generated file; DO NOT EDIT.
-# Linux/x86_64 5.15.80.1 Kernel Configuration
+# Linux/x86_64 5.15.82.1 Kernel Configuration
 #
 CONFIG_CC_VERSION_TEXT="gcc (GCC) 11.2.0"
 CONFIG_CC_IS_GCC=y
@@ -1080,6 +1080,7 @@ CONFIG_INET_ESP=m
 CONFIG_INET_ESP_OFFLOAD=m
 # CONFIG_INET_ESPINTCP is not set
 CONFIG_INET_IPCOMP=m
+CONFIG_INET_TABLE_PERTURB_ORDER=16
 CONFIG_INET_XFRM_TUNNEL=m
 CONFIG_INET_TUNNEL=m
 CONFIG_INET_DIAG=m

SPECS/kernel-hci/config

@@ -1,7 +1,7 @@
 {
   "Signatures": {
     "cbl-mariner-ca-20211013.pem": "5ef124b0924cb1047c111a0ecff1ae11e6ad7cac8d1d9b40f98f99334121f0b0",
-    "config": "fe32017659bbf9d2bdcc39269d165842f5df91c53d87e7ad6bc9d4570fbf3201",
-    "kernel-5.15.80.1.tar.gz": "690c866bf52eb1afa660820d24893d799372b887963b3a6653551dea7a5466b5"
+    "config": "3cf926491158fb0926e81ebea4f364d7052f6d21538c84e40773e87a3c5771d1",
+    "kernel-5.15.82.1.tar.gz": "30a0059b18ea04469340c6e9e21d27786692faf05b3947e3eb13d62e25632b15"
   }
 }

SPECS/kernel-hci/kernel-hci.signatures.json

@@ -8,7 +8,7 @@
 
 Summary:        Linux Kernel for HCI
 Name:           kernel-hci
-Version:        5.15.80.1
+Version:        5.15.82.1
 Release:        1%{?dist}
 License:        GPLv2
 Vendor:         Microsoft Corporation
@@ -408,6 +408,12 @@ ln -sf linux-%{uname_r}.cfg /boot/mariner.cfg
 %{_sysconfdir}/bash_completion.d/bpftool
 
 %changelog
+* Tue Dec 13 2022 CBL-Mariner Servicing Account <[email protected]> - 5.15.82.1-1
+- Auto-upgrade to 5.15.82.1
+
+* Wed Dec 07 2022 CBL-Mariner Servicing Account <[email protected]> - 5.15.81.1-1
+- Auto-upgrade to 5.15.81.1
+
 * Tue Nov 29 2022 CBL-Mariner Servicing Account <[email protected]> - 5.15.80.1-1
 - Auto-upgrade to 5.15.80.1
 

SPECS/kernel-hci/kernel-hci.spec

@@ -1,5 +1,5 @@
 {
   "Signatures": {
-    "kernel-5.15.80.1.tar.gz": "690c866bf52eb1afa660820d24893d799372b887963b3a6653551dea7a5466b5"
+    "kernel-5.15.82.1.tar.gz": "30a0059b18ea04469340c6e9e21d27786692faf05b3947e3eb13d62e25632b15"
   }
 }

SPECS/kernel-headers/kernel-headers.signatures.json

@@ -1,6 +1,6 @@
 Summary:        Linux API header files
 Name:           kernel-headers
-Version:        5.15.80.1
+Version:        5.15.82.1
 Release:        1%{?dist}
 License:        GPLv2
 Vendor:         Microsoft Corporation
@@ -36,6 +36,15 @@ cp -rv usr/include/* /%{buildroot}%{_includedir}
 %{_includedir}/*
 
 %changelog
+* Tue Dec 13 2022 CBL-Mariner Servicing Account <[email protected]> - 5.15.82.1-1
+- Auto-upgrade to 5.15.82.1
+
+* Wed Dec 07 2022 CBL-Mariner Servicing Account <[email protected]> - 5.15.81.1-1
+- Auto-upgrade to 5.15.81.1
+
+* Mon Dec 05 2022 Betty Lakes <[email protected]> - 5.15.80.1-2
+- Bump release to match kernel
+
 * Tue Nov 29 2022 CBL-Mariner Servicing Account <[email protected]> - 5.15.80.1-1
 - Auto-upgrade to 5.15.80.1
 

SPECS/kernel-headers/kernel-headers.spec

@@ -0,0 +1,6 @@
+CVE-2022-1204 - Fix already backported to 5.15.35
+upstream commit ID 5352a761308397a0e6250fdc629bb3f615b94747 -> stable commit ID 1bf8946d5826788c82971977245bcd3313678eac
+upstream commit ID feef318c855a361a1eccd880f33e88c460eb63b4 -> stable commit ID b982492ec3a115e0a136856a1b2dbe32f2d21a0e
+upstream commit ID d01ffb9eee4af165d83b08dd73ebdf9fe94a519b -> stable commit ID 9af0fd5c4453a44c692be0cbb3724859b75d739b
+upstream commit ID 9fd75b66b8f68498454d685dc4ba13192ae069b0 -> stable commit ID 452ae92b99062d2f6a34324eaf705a3b7eac9f8b
+upstream commit ID 87563a043cef044fed5db7967a75741cc16ad2b1 -> stable commit ID bc706d89199b0d8ee5e2229e18fdb9c0720f6ba8

SPECS/kernel/CVE-2022-1204.nopatch

@@ -0,0 +1,3 @@
+CVE-2022-2785 - Introducing commit is not in stable tree. No fix necessary at this time.
+Upstream introducing commit - b1d18a7574d0df5eb4117c14742baf8bc2b9bb74
+Upstream fix commit - 86f44fcec22ce2979507742bc53db8400e454f46