Skip to content

Resync fasttrack/2.0 #16677

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
jslobodzian wants to merge 51 commits into
base: fasttrack/2.0
Choose a base branch
from
Open

Resync fasttrack/2.0 #16677

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
51 commits
Select commit Hold shift + click to select a range
f40964e
[AUTOPATCHER-CORE] Upgrade `mariadb` to 10.6.25 for CVE-2026-3494 [ME…
CBL-Mariner-Bot Mar 9, 2026
6c9feef
[AutoPR- Security] Patch cmake for CVE-2025-14524, CVE-2025-10966 [ME…
azurelinux-security Mar 9, 2026
076ec70
[AutoPR- Security] Patch rook for CVE-2025-30204 [MEDIUM] (#15952)
azurelinux-security Mar 9, 2026
fe592b4
[AutoPR- Security] Patch freetype for CVE-2026-23865 [MEDIUM] (#16116)
azurelinux-security Mar 10, 2026
62ccc0c
[AutoPR- Security] Patch skopeo for CVE-2026-24117 [MEDIUM] (#15895)
azurelinux-security Mar 10, 2026
9b3e20f
Merge PR "[AUTO-CHERRYPICK] [AutoPR- Security] Patch ocaml for CVE-20…
CBL-Mariner-Bot Mar 11, 2026
0544132
Merge PR "[AUTO-CHERRYPICK] Bug 61292688 : Fix patch for CVE-2026-247…
CBL-Mariner-Bot Mar 11, 2026
c516535
Merge PR "[AUTO-CHERRYPICK] [AutoPR- Security] Patch vitess for CVE-2…
CBL-Mariner-Bot Mar 11, 2026
7041ea4
Merge PR "[AUTO-CHERRYPICK] [AutoPR- Security] Patch libsoup for CVE-…
CBL-Mariner-Bot Mar 11, 2026
273a9fb
Merge PR "[AUTO-CHERRYPICK] Patch openssl for PKCS12_item_decrypt_d2i…
CBL-Mariner-Bot Mar 11, 2026
9a69efe
Merge PR "[AUTO-CHERRYPICK] Revert "Patch openssl for PKCS12_item_dec…
CBL-Mariner-Bot Mar 11, 2026
983d4f0
Merge PR "[AUTO-CHERRYPICK] Patch openssl for PKCS12_item_decrypt_d2i…
CBL-Mariner-Bot Mar 11, 2026
d9db000
Merge PR "[AUTO-CHERRYPICK] openssl : Remove Upstream Reference - bra…
CBL-Mariner-Bot Mar 11, 2026
e288952
[Medium] Patch rust for CVE-2026-25541, CVE-2026-25727, CVE-2025-5816…
BinduSri-6522866 Mar 13, 2026
0608025
Merge PR "[AUTO-CHERRYPICK] [AutoPR- Security] Patch giflib for CVE-2…
CBL-Mariner-Bot Mar 13, 2026
78c507b
Merge PR "[AUTO-CHERRYPICK] [AutoPR- Security] Patch coredns for CVE-…
CBL-Mariner-Bot Mar 13, 2026
2a1d00c
systemd: add patches to correct ipc dbus communication issue (#16121)
ddstreet Mar 13, 2026
5d24fd9
[Medium] Patch hdf5 for CVE-2025-2915 (#15537)
v-aaditya Mar 16, 2026
93207ea
[AUTOPATCHER-CORE] Upgrade `vim` to 9.2.0173 for CVE-2026-32249 [MEDI…
CBL-Mariner-Bot Mar 16, 2026
d91c52f
[Medium] Patch rook for CVE-2025-11065 (#15693)
akhila-guruju Mar 16, 2026
e3fabdc
Merge PR "[AUTO-CHERRYPICK] [High] Patch python-urllib3 for CVE-2025-…
CBL-Mariner-Bot Mar 16, 2026
0b812e3
Merge PR "[AUTO-CHERRYPICK] [AutoPR- Security] Patch libarchive for C…
CBL-Mariner-Bot Mar 17, 2026
cf6509b
Merge PR "[AUTO-CHERRYPICK] [AutoPR- Security] Patch erlang for CVE-2…
CBL-Mariner-Bot Mar 17, 2026
84695f2
Merge PR "[AUTO-CHERRYPICK] [AutoPR- Security] Patch qt5-qtdeclarativ…
CBL-Mariner-Bot Mar 17, 2026
fd311cc
[Medium] Patch mysql for CVE-2025-0838 and updated patch for CVE-2024…
v-aaditya Mar 19, 2026
6218737
[AutoPR- Security] Patch qemu for CVE-2024-8354 [MEDIUM] (#16205)
azurelinux-security Mar 19, 2026
bfd88b5
[AutoPR- Security] Patch libexif for CVE-2026-32775 [MEDIUM] (#16236)
azurelinux-security Mar 20, 2026
98efe6d
[AutoPR- Security] Patch nasm for CVE-2022-46456 [MEDIUM] (#16211)
azurelinux-security Mar 23, 2026
37a0ffd
Merge PR "[AUTO-CHERRYPICK] [AutoPR- Security] Patch cmake for CVE-20…
CBL-Mariner-Bot Mar 24, 2026
18f1576
Merge PR "[AUTO-CHERRYPICK] [AutoPR- Security] Patch nghttp2 for CVE-…
CBL-Mariner-Bot Mar 24, 2026
d4ffcb0
Merge PR "[AUTO-CHERRYPICK] [AutoPR- Security] Patch nodejs18 for CVE…
CBL-Mariner-Bot Mar 24, 2026
dcaa8d0
[AUTOPATCHER-CORE] Upgrade `vim` to 9.2.0240 for CVE-2026-33412 [MEDI…
CBL-Mariner-Bot Mar 25, 2026
e468054
Merge PR "[AUTO-CHERRYPICK] Rebuild `lldpd & rsyslog` for net-snmp-li…
CBL-Mariner-Bot Mar 25, 2026
a799222
[Medium] Patch python-virtualenv for CVE-2026-1703 & CVE-2026-24049 (…
BinduSri-6522866 Mar 26, 2026
aae2c1d
Prepare Apr 2026 Update (#16311)
CBL-Mariner-Bot Mar 26, 2026
d4312b3
[2.0] prcheck yml - disable use1esentry (#16316)
anphel31 Mar 27, 2026
6dac89f
Merge PR "[AUTO-CHERRYPICK] bump collectd and keepalived releases - b…
CBL-Mariner-Bot Mar 27, 2026
1f8560c
Merge PR "[AUTO-CHERRYPICK] [AutoPR- Security] Patch terraform for CV…
CBL-Mariner-Bot Mar 27, 2026
742fd10
Merge PR "[AUTO-CHERRYPICK] [AutoPR- Security] Patch telegraf for CVE…
CBL-Mariner-Bot Mar 27, 2026
52f0f8d
Merge PR "[AUTO-CHERRYPICK] [AutoPR- Security] Patch nginx for CVE-20…
CBL-Mariner-Bot Mar 27, 2026
89ede4a
Merge PR "[AUTO-CHERRYPICK] [CRITICAL] Patch ncurses for CVE-2025-697…
CBL-Mariner-Bot Mar 27, 2026
94161a5
Merge PR "[AUTO-CHERRYPICK] [AutoPR- Security] Patch python-pyasn1 fo…
CBL-Mariner-Bot Mar 27, 2026
775383f
[AutoPR- Security] Patch glib for CVE-2026-1489, CVE-2026-0988 [MEDIU…
azurelinux-security Mar 30, 2026
7c6bed5
Merge PR "[AUTO-CHERRYPICK] Kernel upgrade to 5.15.202.1 version - br…
CBL-Mariner-Bot Mar 30, 2026
41a9b40
Merge PR "[AUTO-CHERRYPICK] [AUTOPATCHER-CORE] Upgrade `libpng` to 1.…
CBL-Mariner-Bot Mar 30, 2026
f7cf32a
Merge PR "[AUTO-CHERRYPICK] [High] patch plexus-utils for CVE-2025-67…
CBL-Mariner-Bot Mar 30, 2026
44c15f6
Merge PR "[AUTO-CHERRYPICK] Upgrade `msft-golang` to 1.25.8 - branch …
CBL-Mariner-Bot Mar 30, 2026
1d8c94d
Merge PR "[AUTO-CHERRYPICK] [High] Upgrade etcd to 3.5.28 for CVE-202…
CBL-Mariner-Bot Mar 30, 2026
9f6da3e
Patch systemd-bootstrap for CVE-2026-29111 [MEDIUM] (#16368)
Kanishk-Bansal Mar 31, 2026
a313d25
Merge branch 'main' into 2.0
jslobodzian Mar 31, 2026
311993f
Merge branch '2.0' into jon/merge-from-2.0
jslobodzian Apr 14, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
53 changes: 53 additions & 0 deletions SPECS/freetype/CVE-2026-23865.patch
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,53 @@
From 8275230bc42d69471c051475375af3bb9549ad9b Mon Sep 17 00:00:00 2001
From: Werner Lemberg <wl@gnu.org>
Date: Sat, 3 Jan 2026 08:07:57 +0100
Subject: [PATCH] Check for overflow in array size computation.

Problem reported and analyzed by povcfe <povcfe2sec@gmail.com>.

Fixes issue #1382.

* src/truetype/ttgxvar.c (tt_var_load_item_variation_store): Do it.

Signed-off-by: Azure Linux Security Servicing Account <azurelinux-security@microsoft.com>
Upstream-reference: https://gitlab.com/freetype/freetype/-/commit/fc85a255849229c024c8e65f536fe1875d84841c.patch
---
src/truetype/ttgxvar.c | 15 ++++++++++++++-
1 file changed, 14 insertions(+), 1 deletion(-)

diff --git a/src/truetype/ttgxvar.c b/src/truetype/ttgxvar.c
index 8c713f1..d409793 100644
--- a/src/truetype/ttgxvar.c
+++ b/src/truetype/ttgxvar.c
@@ -625,6 +625,7 @@
FT_UInt word_delta_count;
FT_UInt region_idx_count;
FT_UInt per_region_size;
+ FT_UInt delta_set_size;


if ( FT_STREAM_SEEK( offset + dataOffsetArray[i] ) )
@@ -682,7 +683,19 @@
if ( long_words )
per_region_size *= 2;

- if ( FT_NEW_ARRAY( varData->deltaSet, per_region_size * item_count ) )
+ /* Check for overflow (we actually test whether the */
+ /* multiplication of two unsigned values wraps around). */
+ delta_set_size = per_region_size * item_count;
+ if ( per_region_size &&
+ delta_set_size / per_region_size != item_count )
+ {
+ FT_TRACE2(( "tt_var_load_item_variation_store:"
+ " bad delta set array size\n" ));
+ error = FT_THROW( Array_Too_Large );
+ goto Exit;
+ }
+
+ if ( FT_NEW_ARRAY( varData->deltaSet, delta_set_size ) )
goto Exit;
if ( FT_Stream_Read( stream,
varData->deltaSet,
--
2.45.4

14 changes: 10 additions & 4 deletions SPECS/freetype/freetype.spec
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,14 +1,15 @@
Summary: software font engine.
Name: freetype
Version: 2.13.1
Release: 1%{?dist}
Release: 2%{?dist}
License: BSD/GPLv2
Vendor: Microsoft Corporation
Distribution: Mariner
Group: System Environment/Libraries
URL: https://www.freetype.org/
Source0: https://download.savannah.gnu.org/releases/freetype/freetype-%{version}.tar.gz
Source1: https://download.savannah.gnu.org/releases/freetype/freetype-doc-%{version}.tar.gz
Patch0: CVE-2026-23865.patch
BuildRequires: brotli-devel
BuildRequires: bzip2-devel
BuildRequires: gcc
Expand Down Expand Up @@ -58,7 +59,7 @@ find %{buildroot} -name '*.a' -delete

mkdir -p %{buildroot}%{_datadir}/licenses/freetype
cp LICENSE.TXT %{buildroot}%{_datadir}/licenses/freetype
cp -r docs/* %{buildroot}%{_datadir}/licenses/freetype
cp docs/FTL.TXT docs/GPLv2.TXT %{buildroot}%{_datadir}/licenses/freetype

%check
make -k check |& tee %{_specdir}/%{name}-check-log || %{nocheck}
Expand All @@ -68,18 +69,23 @@ make -k check |& tee %{_specdir}/%{name}-check-log || %{nocheck}

%files
%defattr(-,root,root)
%license docs/LICENSE.TXT
%license LICENSE.TXT docs/FTL.TXT docs/GPLv2.TXT
%{_libdir}/*.so*
%{_datadir}/*
%{_datadir}/licenses/freetype/

%files devel
%defattr(-,root,root)
%{_includedir}/*
%{_libdir}/*.so
%{_libdir}/pkgconfig/*.pc
%{_bindir}/freetype-config
%{_datadir}/aclocal/*
%{_mandir}/man1/*

%changelog
* Wed Mar 04 2026 Azure Linux Security Servicing Account <azurelinux-security@microsoft.com> - 2.13.1-2
- Patch for CVE-2026-23865

* Wed Mar 12 2025 Kanishk Bansal <kanbansal@microsoft.com> - 2.13.1-1
- Upgrade to 2.13.1 - for CVE-2025-27363

Expand Down
59 changes: 59 additions & 0 deletions SPECS/glib/CVE-2026-0988.patch
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,59 @@
From 56ec31fed99ea19c123e5266a27f4ea03d25ae15 Mon Sep 17 00:00:00 2001
From: Philip Withnall <pwithnall@gnome.org>
Date: Thu, 18 Dec 2025 23:12:18 +0000
Subject: [PATCH] gbufferedinputstream: Fix a potential integer overflow in
peek()

If the caller provides `offset` and `count` arguments which overflow,
their sum will overflow and could lead to `memcpy()` reading out more
memory than expected.

Spotted by Codean Labs.

Signed-off-by: Philip Withnall <pwithnall@gnome.org>

Fixes: #3851
Signed-off-by: Azure Linux Security Servicing Account <azurelinux-security@microsoft.com>
Upstream-reference: https://gitlab.gnome.org/GNOME/glib/-/commit/c5766cff61ffce0b8e787eae09908ac348338e5f.patch
---
gio/gbufferedinputstream.c | 2 +-
gio/tests/buffered-input-stream.c | 10 ++++++++++
2 files changed, 11 insertions(+), 1 deletion(-)

diff --git a/gio/gbufferedinputstream.c b/gio/gbufferedinputstream.c
index d9f150d..04c4d9f 100644
--- a/gio/gbufferedinputstream.c
+++ b/gio/gbufferedinputstream.c
@@ -588,7 +588,7 @@ g_buffered_input_stream_peek (GBufferedInputStream *stream,

available = g_buffered_input_stream_get_available (stream);

- if (offset > available)
+ if (offset > available || offset > G_MAXSIZE - count)
return 0;

end = MIN (offset + count, available);
diff --git a/gio/tests/buffered-input-stream.c b/gio/tests/buffered-input-stream.c
index ee084b3..39b4daf 100644
--- a/gio/tests/buffered-input-stream.c
+++ b/gio/tests/buffered-input-stream.c
@@ -58,6 +58,16 @@ test_peek (void)
g_assert_cmpint (npeek, ==, 0);
g_free (buffer);

+ buffer = g_new0 (char, 64);
+ npeek = g_buffered_input_stream_peek (G_BUFFERED_INPUT_STREAM (in), buffer, 8, 0);
+ g_assert_cmpint (npeek, ==, 0);
+ g_free (buffer);
+
+ buffer = g_new0 (char, 64);
+ npeek = g_buffered_input_stream_peek (G_BUFFERED_INPUT_STREAM (in), buffer, 5, G_MAXSIZE);
+ g_assert_cmpint (npeek, ==, 0);
+ g_free (buffer);
+
g_object_unref (in);
g_object_unref (base);
}
--
2.45.4

Loading
Loading