From 762d2a33dc374d976582fd9af82db7e4f9374f53 Mon Sep 17 00:00:00 2001
From: sindhu-karri <33163197+sindhu-karri@users.noreply.github.com>
Date: Wed, 17 Apr 2024 15:41:38 +0530
Subject: [PATCH 01/62] upgrade libaec to 1.1.3 (#8811)

---
 SPECS/libaec/libaec.signatures.json |  2 +-
 SPECS/libaec/libaec.spec            | 14 +++++++++-----
 cgmanifest.json                     |  4 ++--
 3 files changed, 12 insertions(+), 8 deletions(-)

diff --git a/SPECS/libaec/libaec.signatures.json b/SPECS/libaec/libaec.signatures.json
index 2a288f4bacc..a5ad62d2e4b 100644
--- a/SPECS/libaec/libaec.signatures.json
+++ b/SPECS/libaec/libaec.signatures.json
@@ -1,5 +1,5 @@
 {
  "Signatures": {
-  "libaec-v1.0.4.tar.gz": "7d85784afc0c4d82adae2d3a1ad2c0a9db700a49ad8f32674618b0089206cb5e"
+  "libaec-v1.1.3.tar.gz": "1bafbfaef773bf8f5e5451e6c1f23da36c7199186cc0974fb9874bf723fe4270"
  }
 }
diff --git a/SPECS/libaec/libaec.spec b/SPECS/libaec/libaec.spec
index 1d867f3889b..1be7fddf2f8 100644
--- a/SPECS/libaec/libaec.spec
+++ b/SPECS/libaec/libaec.spec
@@ -1,7 +1,7 @@
 Summary:        Adaptive Entropy Coding library
 Name:           libaec
-Version:        1.0.4
-Release:        5%{?dist}
+Version:        1.1.3
+Release:        1%{?dist}
 License:        BSD-2-Clause
 Vendor:         Microsoft Corporation
 Distribution:   Azure Linux
@@ -44,6 +44,8 @@ popd
 
 %install
 %make_install -C build
+rm %{buildroot}/%{_libdir}/lib*.a
+mv %{buildroot}/%{_prefix}/cmake %{buildroot}/%{_libdir}
 
 %check
 make -C build test CTEST_OUTPUT_ON_FAILURE=1
@@ -52,16 +54,18 @@ make -C build test CTEST_OUTPUT_ON_FAILURE=1
 
 %files
 %doc README.md README.SZIP CHANGELOG.md
-%license Copyright.txt doc/patent.txt
-%{_bindir}/aec
+%license LICENSE.txt doc/patent.txt
 %{_libdir}/lib*.so.*
-%{_mandir}/man1/aec.*
 
 %files devel
 %{_includedir}/*.h
 %{_libdir}/lib*.so
+%{_libdir}/cmake/%{name}-*.cmake
 
 %changelog
+* Mon Apr 15 2024 Sindhu Karri <lakarri@microsoft.com> - 1.1.3-1
+- Version bump to 1.1.3
+
 * Tue Nov 01 2022 Riken Maharjan <rmaharjan@microsoft.com> - 1.0.4-5
 - Move to core
 - License verified
diff --git a/cgmanifest.json b/cgmanifest.json
index 2bfc2d59b18..92fac7e04b3 100644
--- a/cgmanifest.json
+++ b/cgmanifest.json
@@ -8591,8 +8591,8 @@
         "type": "other",
         "other": {
           "name": "libaec",
-          "version": "1.0.4",
-          "downloadUrl": "https://gitlab.dkrz.de/k202009/libaec/-/archive/v1.0.4/libaec-v1.0.4.tar.gz"
+          "version": "1.1.3",
+          "downloadUrl": "https://gitlab.dkrz.de/k202009/libaec/-/archive/v1.1.3/libaec-v1.1.3.tar.gz"
         }
       }
     },

From 166bb16014c86ff49471944e0d6f20ac2ffd5f57 Mon Sep 17 00:00:00 2001
From: SeanDougherty <sdougherty@microsoft.com>
Date: Wed, 17 Apr 2024 13:10:07 -0700
Subject: [PATCH 02/62] =?UTF-8?q?fix:=20add=20repoutils.FindCreateRepoComm?=
 =?UTF-8?q?and=20to=20flexibly=20use=20either=20creat=E2=80=A6=20(#8813)?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Co-authored-by: Muhammad Falak R Wani <falakreyaz@gmail.com>
---
 .../rpmrepomanager/rpmrepomanager.go          | 16 ++++++++++++--
 .../packagerepo/repoutils/repoutils.go        | 22 +++++++++++++++++++
 2 files changed, 36 insertions(+), 2 deletions(-)

diff --git a/toolkit/tools/internal/packagerepo/repomanager/rpmrepomanager/rpmrepomanager.go b/toolkit/tools/internal/packagerepo/repomanager/rpmrepomanager/rpmrepomanager.go
index bdfc0825ab8..6552f895002 100644
--- a/toolkit/tools/internal/packagerepo/repomanager/rpmrepomanager/rpmrepomanager.go
+++ b/toolkit/tools/internal/packagerepo/repomanager/rpmrepomanager/rpmrepomanager.go
@@ -10,6 +10,7 @@ import (
 	"strings"
 
 	"github.com/microsoft/azurelinux/toolkit/tools/internal/logger"
+	"github.com/microsoft/azurelinux/toolkit/tools/internal/packagerepo/repoutils"
 	"github.com/microsoft/azurelinux/toolkit/tools/internal/shell"
 )
 
@@ -36,8 +37,13 @@ func CreateRepo(repoDir string) (err error) {
 		return
 	}
 
+	createRepoCmd, err := repoutils.FindCreateRepoCommand()
+	if err != nil {
+		return fmt.Errorf("unable to create repo:\n%w", err)
+	}
+
 	// Create a new repodata
-	_, stderr, err := shell.Execute("createrepo", "--compatibility", repoDir)
+	_, stderr, err := shell.Execute(createRepoCmd, "--compatibility", repoDir)
 	if err != nil {
 		logger.Log.Warn(stderr)
 	}
@@ -48,8 +54,14 @@ func CreateRepo(repoDir string) (err error) {
 // CreateOrUpdateRepo will create an RPM repository at repoDir or update
 // it if the metadata files already exist.
 func CreateOrUpdateRepo(repoDir string) (err error) {
+	// Check if createrepo command is available
+	createRepoCmd, err := repoutils.FindCreateRepoCommand()
+	if err != nil {
+		return fmt.Errorf("unable to create repo:\n%w", err)
+	}
+
 	// Create or update repodata
-	_, stderr, err := shell.Execute("createrepo", "--compatibility", "--update", repoDir)
+	_, stderr, err := shell.Execute(createRepoCmd, "--compatibility", "--update", repoDir)
 	if err != nil {
 		logger.Log.Warn(stderr)
 	}
diff --git a/toolkit/tools/internal/packagerepo/repoutils/repoutils.go b/toolkit/tools/internal/packagerepo/repoutils/repoutils.go
index 8f3dbdcdb83..707ece45ce8 100644
--- a/toolkit/tools/internal/packagerepo/repoutils/repoutils.go
+++ b/toolkit/tools/internal/packagerepo/repoutils/repoutils.go
@@ -5,6 +5,7 @@ package repoutils
 
 import (
 	"fmt"
+	"os/exec"
 	"path/filepath"
 
 	"github.com/microsoft/azurelinux/toolkit/tools/internal/file"
@@ -157,3 +158,24 @@ func verifyClonedRepoContents(clonedRepoContents, expectedPackages []*repocloner
 
 	return
 }
+
+// FindCreateRepoCommand searches for createrepo or createrepo_c in $PATH and returns the first one found
+func FindCreateRepoCommand() (cmd string, err error) {
+	creatrepo_cmds := []string{"createrepo_c", "createrepo"}
+
+	selectedCmd := ""
+	// Check if a command exists in the $PATH
+	for _, cmd := range creatrepo_cmds {
+		_, err = exec.LookPath(cmd)
+		if err == nil {
+			selectedCmd = cmd
+			break
+		}
+	}
+
+	if selectedCmd == "" {
+		return "", fmt.Errorf("failed to find a working createrepo command.\nattempted commands: %v", creatrepo_cmds)
+	}
+
+	return selectedCmd, nil
+}

From e9cd3b7f70c9f61bffc7ce1e103c901aebdce4e0 Mon Sep 17 00:00:00 2001
From: Sam Meluch <109628994+sameluch@users.noreply.github.com>
Date: Wed, 17 Apr 2024 16:23:47 -0700
Subject: [PATCH 03/62] Bump Azure Linux release version (#8829)

---
 SPECS/azurelinux-release/azurelinux-release.spec | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/SPECS/azurelinux-release/azurelinux-release.spec b/SPECS/azurelinux-release/azurelinux-release.spec
index f347e39aa78..6ee0a9d25a3 100644
--- a/SPECS/azurelinux-release/azurelinux-release.spec
+++ b/SPECS/azurelinux-release/azurelinux-release.spec
@@ -5,7 +5,7 @@
 Summary:        Azure Linux release files
 Name:           azurelinux-release
 Version:        %{dist_version}.0
-Release:        8%{?dist}
+Release:        9%{?dist}
 License:        MIT
 Vendor:         Microsoft Corporation
 Distribution:   Azure Linux
@@ -118,6 +118,9 @@ install -Dm0644 %{SOURCE4} -t %{buildroot}%{_sysctldir}/
 %{_sysctldir}/*.conf
 
 %changelog
+* Wed Apr 17 2024 Sam Meluch <sammeluch@microsoft.com> - 3.0-9
+- Azure Linux 3.0 April Preview Release 3
+
 * Mon Apr 08 2024 Sam Meluch <sammeluch@microsoft.com> - 3.0-8
 - Azure Linux 3.0 April Preview Release 2
 

From 34509aa77f3b7a94bfccfd5463eceb382d1c9a32 Mon Sep 17 00:00:00 2001
From: Andrew Phelps <anphel31@users.noreply.github.com>
Date: Wed, 17 Apr 2024 16:48:48 -0700
Subject: [PATCH 04/62] clamav: fix build break (#8824)

---
 SPECS/clamav/clamav.spec | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/SPECS/clamav/clamav.spec b/SPECS/clamav/clamav.spec
index f1957ec0d4f..e059549f1f3 100644
--- a/SPECS/clamav/clamav.spec
+++ b/SPECS/clamav/clamav.spec
@@ -1,7 +1,7 @@
 Summary:        Open source antivirus engine
 Name:           clamav
 Version:        0.105.2
-Release:        4%{?dist}
+Release:        5%{?dist}
 License:        ASL 2.0 AND BSD AND bzip2-1.0.4 AND GPLv2 AND LGPLv2+ AND MIT AND Public Domain AND UnRar
 Vendor:         Microsoft Corporation
 Distribution:   Azure Linux
@@ -33,6 +33,7 @@ BuildRequires:  python3
 BuildRequires:  python3-pip
 BuildRequires:  python3-pytest
 BuildRequires:  rust
+BuildRequires:  systemd
 BuildRequires:  systemd-devel
 BuildRequires:  valgrind
 BuildRequires:  zlib-devel
@@ -136,6 +137,9 @@ fi
 %dir %attr(-,clamav,clamav) %{_sharedstatedir}/clamav
 
 %changelog
+* Wed Apr 17 2024 Andrew Phelps <anphel@microsoft.com> - 0.105.2-5
+- Fix build break by adding BR for systemd
+
 * Fri Dec 08 2023 Neha Agarwal <nehaagarwal@microsoft.com> - 0.105.2-4
 - Fix resetting of user and group settings on package update
 

From f41a2de3176659c90bda64a62a97d262fcee0dc0 Mon Sep 17 00:00:00 2001
From: Andrew Phelps <anphel31@users.noreply.github.com>
Date: Wed, 17 Apr 2024 16:49:13 -0700
Subject: [PATCH 05/62] pcsc-lite: fix build break (#8823)

---
 SPECS/pcsc-lite/pcsc-lite.spec | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/SPECS/pcsc-lite/pcsc-lite.spec b/SPECS/pcsc-lite/pcsc-lite.spec
index 3d38af21708..c184a3e5911 100644
--- a/SPECS/pcsc-lite/pcsc-lite.spec
+++ b/SPECS/pcsc-lite/pcsc-lite.spec
@@ -1,7 +1,7 @@
 Summary:        PC/SC Lite smart card framework and applications
 Name:           pcsc-lite
 Version:        1.9.5
-Release:        2%{?dist}
+Release:        3%{?dist}
 License:        BSD
 Vendor:         Microsoft Corporation
 Distribution:   Azure Linux
@@ -79,6 +79,7 @@ done
 %configure \
   --disable-static \
   --enable-polkit \
+  --with-systemdsystemunitdir=%{_unitdir} \
   --enable-usbdropdir=%{_libdir}/pcsc/drivers
 make %{?_smp_mflags}
 doxygen doc/doxygen.conf ; rm -f doc/api/*.{map,md5}
@@ -149,6 +150,9 @@ fi
 %doc doc/api/ doc/example/pcsc_demo.c
 
 %changelog
+* Wed Apr 17 2024 Andrew Phelps <anphel@microsoft.com> - 1.9.5-3
+- Fix build issue by configuring with --with-systemdsystemunitdir defined
+
 * Wed Sep 20 2023 Jon Slobodzian <joslobo@microsoft.com> - 1.9.5-2
 - Recompile with stack-protection fixed gcc version (CVE-2023-4039)
 

From ea1ef32a02236c084cb41313d000e7040b2abd93 Mon Sep 17 00:00:00 2001
From: Andrew Phelps <anphel31@users.noreply.github.com>
Date: Wed, 17 Apr 2024 16:58:44 -0700
Subject: [PATCH 06/62] libreswan: fix build break (#8825)

---
 SPECS/libreswan/capng_apply.patch | 79 +++++++++++++++++++++++++++++++
 SPECS/libreswan/libreswan.spec    |  8 +++-
 2 files changed, 85 insertions(+), 2 deletions(-)
 create mode 100644 SPECS/libreswan/capng_apply.patch

diff --git a/SPECS/libreswan/capng_apply.patch b/SPECS/libreswan/capng_apply.patch
new file mode 100644
index 00000000000..2b1a8cc3d6e
--- /dev/null
+++ b/SPECS/libreswan/capng_apply.patch
@@ -0,0 +1,79 @@
+From ba5bad09f55959872022fa506d5ac06eafe3a314 Mon Sep 17 00:00:00 2001
+From: Paul Wouters <paul.wouters@aiven.io>
+Date: Tue, 5 Sep 2023 22:49:28 -0400
+Subject: [PATCH] pluto: check return code of libcap-ng functions
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Avoids "error: ignoring return value of ‘capng_apply’ ..."
+---
+ include/pluto_constants.h           |  3 ++-
+ lib/libswan/pluto_exit_code_names.c |  1 +
+ programs/pluto/plutomain.c          | 15 ++++++++++++---
+ 3 files changed, 15 insertions(+), 4 deletions(-)
+
+diff --git a/include/pluto_constants.h b/include/pluto_constants.h
+index c642ad84bfd..e2c6ebab9bf 100644
+--- a/include/pluto_constants.h
++++ b/include/pluto_constants.h
+@@ -1022,7 +1022,8 @@ enum pluto_exit_code {
+ 	PLUTO_EXIT_UNBOUND_FAIL = 9,
+ 	PLUTO_EXIT_LOCK_FAIL = 10, /* historic value */
+ 	PLUTO_EXIT_SELINUX_FAIL = 11,
+-	PLUTO_EXIT_LEAVE_STATE = 12, /* leave kernel state and routes */
++	PLUTO_EXIT_CAPNG_FAIL = 12,
++	PLUTO_EXIT_LEAVE_STATE = 13, /* leave kernel state and routes */
+ 	/**/
+ 	PLUTO_EXIT_GIT_BISECT_CAN_NOT_TEST = 125,
+ 	PLUTO_EXIT_SHELL_COMMAND_NOT_FOUND = 126,
+diff --git a/lib/libswan/pluto_exit_code_names.c b/lib/libswan/pluto_exit_code_names.c
+index bb4b3284a5c..6d245d46425 100644
+--- a/lib/libswan/pluto_exit_code_names.c
++++ b/lib/libswan/pluto_exit_code_names.c
+@@ -46,6 +46,7 @@ static const char *pluto_exit_code_name[] = {
+ 	S(PLUTO_EXIT_UNBOUND_FAIL),
+ 	S(PLUTO_EXIT_LOCK_FAIL),
+ 	S(PLUTO_EXIT_SELINUX_FAIL),
++	S(PLUTO_EXIT_CAPNG_FAIL),
+ 	S(PLUTO_EXIT_LEAVE_STATE),
+ #undef S
+ };
+diff --git a/programs/pluto/plutomain.c b/programs/pluto/plutomain.c
+index 953937ec026..ad5e56c6743 100644
+--- a/programs/pluto/plutomain.c
++++ b/programs/pluto/plutomain.c
+@@ -1684,13 +1684,16 @@ int main(int argc, char **argv)
+ 	 */
+ 	capng_clear(CAPNG_SELECT_BOTH);
+ 
+-	capng_updatev(CAPNG_ADD, CAPNG_EFFECTIVE | CAPNG_PERMITTED,
++	if (capng_updatev(CAPNG_ADD, CAPNG_EFFECTIVE | CAPNG_PERMITTED,
+ 		CAP_NET_BIND_SERVICE, CAP_NET_ADMIN, CAP_NET_RAW,
+ 		CAP_IPC_LOCK, CAP_AUDIT_WRITE,
+ 		/* for google authenticator pam */
+ 		CAP_SETGID, CAP_SETUID,
+ 		CAP_DAC_READ_SEARCH,
+-		-1);
++		-1) != 0) {
++			fatal(PLUTO_EXIT_CAPNG_FAIL, logger,
++				"libcap-ng capng_updatev() failed");
++	}
+ 	/*
+ 	 * We need to retain some capabilities for our children (updown):
+ 	 * CAP_NET_ADMIN to change routes
+@@ -1701,7 +1704,13 @@ int main(int argc, char **argv)
+ 	 */
+ 	capng_updatev(CAPNG_ADD, CAPNG_BOUNDING_SET, CAP_NET_ADMIN, CAP_NET_RAW,
+ 			CAP_DAC_READ_SEARCH, -1);
+-	capng_apply(CAPNG_SELECT_BOTH);
++	int ret = capng_apply(CAPNG_SELECT_BOTH);
++	if (ret != CAPNG_NONE) {
++		fatal(PLUTO_EXIT_CAPNG_FAIL, logger,
++			"libcap-ng capng_apply failed to apply changes, err=%d. see: man capng_apply",
++			ret);
++	}
++
+ 	llog(RC_LOG, logger, "libcap-ng support [enabled]");
+ #else
+ 	llog(RC_LOG, logger, "libcap-ng support [disabled]");
diff --git a/SPECS/libreswan/libreswan.spec b/SPECS/libreswan/libreswan.spec
index 3022b49c0df..4edf209dfaa 100644
--- a/SPECS/libreswan/libreswan.spec
+++ b/SPECS/libreswan/libreswan.spec
@@ -26,7 +26,7 @@
 Summary:        Internet Key Exchange (IKEv1 and IKEv2) implementation for IPsec
 Name:           libreswan
 Version:        4.7
-Release:        6%{?dist}
+Release:        7%{?dist}
 License:        GPLv2+
 Vendor:         Microsoft Corporation
 Distribution:   Azure Linux
@@ -39,6 +39,7 @@ Source5:        https://download.libreswan.org/cavs/ikev2.fax.bz2
 Patch0:         CVE-2023-38710.patch
 Patch1:         CVE-2023-38711.patch
 Patch2:         CVE-2023-38712.patch
+Patch3:         capng_apply.patch
 
 BuildRequires: audit-libs-devel
 BuildRequires: bison
@@ -196,6 +197,9 @@ certutil -N -d sql:$tmpdir --empty-password
 %doc %{_mandir}/*/*
 
 %changelog
+* Wed Apr 17 2024 Andrew Phelps <anphel@microsoft.com> - 4.7-7
+- Add capng_apply.patch to fix build break
+
 * Wed Feb 07 2024 Mykhailo Bykhovtsev <mbykhovtsev@microsoft.com> - 4.7-6
 - Update the build dependency from mariner-release to azurelinux-release
 
@@ -502,4 +506,4 @@ certutil -N -d sql:$tmpdir --empty-password
 - Updated to 3.3, which resolves CVE-2013-2052
 
 * Sat Apr 13 2013 Paul Wouters <pwouters@redhat.com> - 3.2-1
-- Initial package for Fedora
\ No newline at end of file
+- Initial package for Fedora

From 1ffef790212951ef5d08cf1be05fe4c308208fc2 Mon Sep 17 00:00:00 2001
From: Andrew Phelps <anphel31@users.noreply.github.com>
Date: Wed, 17 Apr 2024 16:59:35 -0700
Subject: [PATCH 07/62] collectd: fix build break (#8827)

---
 SPECS/collectd/collectd.spec                  |  6 +++-
 .../fix_missing_longintrepr_header.patch      | 33 +++++++++++++++++++
 2 files changed, 38 insertions(+), 1 deletion(-)
 create mode 100644 SPECS/collectd/fix_missing_longintrepr_header.patch

diff --git a/SPECS/collectd/collectd.spec b/SPECS/collectd/collectd.spec
index c831c109660..27e2f963c78 100644
--- a/SPECS/collectd/collectd.spec
+++ b/SPECS/collectd/collectd.spec
@@ -3,7 +3,7 @@
 Summary:        Statistics collection daemon for filling RRD files
 Name:           collectd
 Version:        5.12.0
-Release:        9%{?dist}
+Release:        10%{?dist}
 License:        GPLv2 AND MIT
 Vendor:         Microsoft Corporation
 Distribution:   Azure Linux
@@ -21,6 +21,7 @@ Source97:       rrdtool.conf
 Source98:       onewire.conf
 Patch0:         %{name}-include-collectd.d.patch
 Patch1:         %{name}-gcc11.patch
+Patch2:         fix_missing_longintrepr_header.patch
 BuildRequires:  libgcrypt-devel
 BuildRequires:  perl
 BuildRequires:  perl(ExtUtils::Embed)
@@ -866,6 +867,9 @@ make check
 %{_libdir}/collectd/write_tsdb.so
 
 %changelog
+* Wed Apr 17 2024 Andrew Phelps <anphel@microsoft.com> - 5.12.0-10
+- Add patch to fix build break.
+
 * Wed Sep 20 2023 Jon Slobodzian <joslobo@microsoft.com> - 5.12.0-9
 - Recompile with stack-protection fixed gcc version (CVE-2023-4039)
 
diff --git a/SPECS/collectd/fix_missing_longintrepr_header.patch b/SPECS/collectd/fix_missing_longintrepr_header.patch
new file mode 100644
index 00000000000..3c057288955
--- /dev/null
+++ b/SPECS/collectd/fix_missing_longintrepr_header.patch
@@ -0,0 +1,33 @@
+From 623e95394e0e62e7f9ced2104b786d21e9c0bf53 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?=C4=90o=C3=A0n=20Tr=E1=BA=A7n=20C=C3=B4ng=20Danh?=
+ <congdanhqx@gmail.com>
+Date: Wed, 21 Sep 2022 22:21:58 +0700
+Subject: [PATCH] cpython: fix build with Python 3.11
+
+Python 3.11 moves longintrepr.h into cpython sub-directory.
+However, in this version, longintrepr.h is always included.
+---
+ src/cpython.h | 8 +++++++-
+ 1 file changed, 7 insertions(+), 1 deletion(-)
+
+diff --git a/src/cpython.h b/src/cpython.h
+index 11e64fa62f..bcfa406feb 100644
+--- a/src/cpython.h
++++ b/src/cpython.h
+@@ -24,9 +24,15 @@
+  *   Sven Trenkel <collectd at semidefinite.de>
+  **/
+ 
++#include <Python.h>
+ /* Some python versions don't include this by default. */
+-
++#if PY_VERSION_HEX < 0x030B0000
++/*
++ * Python 3.11 move longintrepr.h to cpython/longintrepr.h
++ * And it's always included
++ */
+ #include <longintrepr.h>
++#endif /* PY_VERSION_HEX < 0x030B0000 */
+ 
+ /* These two macros are basically Py_BEGIN_ALLOW_THREADS and
+  * Py_BEGIN_ALLOW_THREADS

From bc34cd1eefc5d64b5c7701920a225ee278701ce5 Mon Sep 17 00:00:00 2001
From: Maxwell McKee <66395252+mamckee@users.noreply.github.com>
Date: Wed, 17 Apr 2024 17:31:39 -0700
Subject: [PATCH 08/62] Update SymCrypt-OpenSSL to 1.4.1 (#8826)

Updating SymCrypt-OpenSSL to the latest version. Latest sources can be found here: https://github.com/microsoft/SymCrypt-OpenSSL/releases/tag/v1.4.1
---
 .../SymCrypt-OpenSSL.signatures.json                |  2 +-
 SPECS/SymCrypt-OpenSSL/SymCrypt-OpenSSL.spec        | 13 ++++++++-----
 cgmanifest.json                                     |  4 ++--
 3 files changed, 11 insertions(+), 8 deletions(-)

diff --git a/SPECS/SymCrypt-OpenSSL/SymCrypt-OpenSSL.signatures.json b/SPECS/SymCrypt-OpenSSL/SymCrypt-OpenSSL.signatures.json
index 0838e4964a4..93ba00038ae 100644
--- a/SPECS/SymCrypt-OpenSSL/SymCrypt-OpenSSL.signatures.json
+++ b/SPECS/SymCrypt-OpenSSL/SymCrypt-OpenSSL.signatures.json
@@ -1,5 +1,5 @@
 {
  "Signatures": {
-  "SymCrypt-OpenSSL-1.4.0.tar.gz": "c2494e967dacbbca0aa374d510959c0fda3d43c24c00a5bbb3f284a8fd7c1c9b"
+  "SymCrypt-OpenSSL-1.4.1.tar.gz": "df5b6795b30300219cffa14b1925efa07e302b0955752ee26124bdf677cef4b2"
  }
 }
diff --git a/SPECS/SymCrypt-OpenSSL/SymCrypt-OpenSSL.spec b/SPECS/SymCrypt-OpenSSL/SymCrypt-OpenSSL.spec
index 6fdef1c3ce9..8e024b875cd 100644
--- a/SPECS/SymCrypt-OpenSSL/SymCrypt-OpenSSL.spec
+++ b/SPECS/SymCrypt-OpenSSL/SymCrypt-OpenSSL.spec
@@ -1,14 +1,13 @@
 Summary:        The SymCrypt engine for OpenSSL (SCOSSL) allows the use of OpenSSL with SymCrypt as the provider for core cryptographic operations
 Name:           SymCrypt-OpenSSL
-Version:        1.4.0
+Version:        1.4.1
 Release:        1%{?dist}
 License:        MIT
 Vendor:         Microsoft Corporation
 Distribution:   Azure Linux
 Group:          System/Libraries
 URL:            https://github.com/microsoft/SymCrypt-OpenSSL
-#Source0:       https://github.com/microsoft/SymCrypt-OpenSSL/archive/v%{version}.tar.gz
-Source0:        %{name}-%{version}.tar.gz
+Source0:        https://github.com/microsoft/SymCrypt-OpenSSL/archive/v%{version}.tar.gz#/%{name}-%{version}.tar.gz
 BuildRequires:  SymCrypt
 BuildRequires:  cmake
 BuildRequires:  gcc
@@ -54,8 +53,7 @@ install SymCryptEngine/inc/e_scossl.h %{buildroot}%{_includedir}/e_scossl.h
 install SymCryptProvider/symcrypt_prov.cnf %{buildroot}%{_sysconfdir}/pki/tls/symcrypt_prov.cnf
 
 %check
-# SslPlay has some dependencies on the 1.1.1 engine behavior that must be updated for 3.0
-# ./bin/SslPlay/SslPlay
+./bin/SslPlay/SslPlay
 
 %files
 %license LICENSE
@@ -65,6 +63,11 @@ install SymCryptProvider/symcrypt_prov.cnf %{buildroot}%{_sysconfdir}/pki/tls/sy
 %{_sysconfdir}/pki/tls/symcrypt_prov.cnf
 
 %changelog
+* Wed Apr 17 2023 Maxwell Moyer-McKee <mamckee@microsoft.com> - 1.4.1-1
+- Update SymCrypt-OpenSSL to v1.4.1
+- Adds support for RSASSA-PSS keys, SP800-108 KDF
+- Fixes smoke test for check in OpenSSL 3.1
+
 * Thu Dec 28 2023 Maxwell Moyer-McKee <mamckee@microsoft.com> - 1.4.0-1
 - Update SymCrypt-OpenSSL to v1.4.0.
 - Adds SymCrypt-OpenSSL provider for OpenSSL 3.
diff --git a/cgmanifest.json b/cgmanifest.json
index 92fac7e04b3..4a332d51e13 100644
--- a/cgmanifest.json
+++ b/cgmanifest.json
@@ -28076,8 +28076,8 @@
         "type": "other",
         "other": {
           "name": "SymCrypt-OpenSSL",
-          "version": "1.4.0",
-          "downloadUrl": "https://github.com/microsoft/SymCrypt-OpenSSL/archive/v1.4.0.tar.gz"
+          "version": "1.4.1",
+          "downloadUrl": "https://github.com/microsoft/SymCrypt-OpenSSL/archive/v1.4.1.tar.gz"
         }
       }
     },

From 991e3dfa92481f91b3299d32c0549e3d7f4dfc79 Mon Sep 17 00:00:00 2001
From: Mandeep Plaha <99760213+mandeepsplaha@users.noreply.github.com>
Date: Wed, 17 Apr 2024 18:09:24 -0700
Subject: [PATCH 09/62] functionality to add image-id file in etc dir (#8821)

---
 toolkit/scripts/imggen.mk                     |  3 +-
 toolkit/tools/go.mod                          |  2 +-
 .../imagegen/installutils/installutils.go     | 51 ++++++++++++
 .../installutils/installutils_test.go         | 77 +++++++++++++++++++
 toolkit/tools/imager/imager.go                |  3 +
 5 files changed, 134 insertions(+), 2 deletions(-)

diff --git a/toolkit/scripts/imggen.mk b/toolkit/scripts/imggen.mk
index 147bcb69bf2..eee853477e0 100644
--- a/toolkit/scripts/imggen.mk
+++ b/toolkit/scripts/imggen.mk
@@ -168,7 +168,8 @@ $(STATUS_FLAGS_DIR)/imager_disk_output.flag: $(go-imager) $(image_package_cache_
 		$(if $(filter y,$(ENABLE_CPU_PROFILE)),--enable-cpu-prof) \
 		$(if $(filter y,$(ENABLE_MEM_PROFILE)),--enable-mem-prof) \
 		$(if $(filter y,$(ENABLE_TRACE)),--enable-trace) \
-		--timestamp-file=$(TIMESTAMP_DIR)/imager.jsonl && \
+		--timestamp-file=$(TIMESTAMP_DIR)/imager.jsonl \
+		--build-number=$(BUILD_ID) && \
 	touch $@
 
 # Sometimes files will have been deleted, that is fine so long as we were able to detect the change
diff --git a/toolkit/tools/go.mod b/toolkit/tools/go.mod
index ff58b3cba82..f799de8f587 100644
--- a/toolkit/tools/go.mod
+++ b/toolkit/tools/go.mod
@@ -10,6 +10,7 @@ require (
 	github.com/cavaliercoder/go-cpio v0.0.0-20180626203310-925f9528c45e
 	github.com/fatih/color v1.16.0
 	github.com/gdamore/tcell v1.4.0
+	github.com/google/uuid v1.3.0
 	github.com/jinzhu/copier v0.3.2
 	github.com/juliangruber/go-intersect v1.1.0
 	github.com/klauspost/pgzip v1.2.5
@@ -35,7 +36,6 @@ require (
 	github.com/davecgh/go-spew v1.1.1 // indirect
 	github.com/gdamore/encoding v1.0.0 // indirect
 	github.com/golang-jwt/jwt/v5 v5.0.0 // indirect
-	github.com/google/uuid v1.3.0 // indirect
 	github.com/klauspost/compress v1.10.5 // indirect
 	github.com/kylelemons/godebug v1.1.0 // indirect
 	github.com/lucasb-eyer/go-colorful v1.0.3 // indirect
diff --git a/toolkit/tools/imagegen/installutils/installutils.go b/toolkit/tools/imagegen/installutils/installutils.go
index 72fa05f3442..ee97e6fcaec 100644
--- a/toolkit/tools/imagegen/installutils/installutils.go
+++ b/toolkit/tools/imagegen/installutils/installutils.go
@@ -16,6 +16,7 @@ import (
 	"syscall"
 	"time"
 
+	"github.com/google/uuid"
 	"github.com/microsoft/azurelinux/toolkit/tools/imagegen/configuration"
 	"github.com/microsoft/azurelinux/toolkit/tools/imagegen/diskutils"
 	"github.com/microsoft/azurelinux/toolkit/tools/internal/file"
@@ -807,6 +808,56 @@ func addMachineID(installChroot *safechroot.Chroot) (err error) {
 	return
 }
 
+// AddImageIDFile adds image-id file in the /etc directory of the install root.
+// The file contains the following fields:
+// BUILD_NUMBER: The build number of the image
+// IMAGE_BUILD_DATE: The date when the image is built in format YYYYMMDDHHMMSS
+// IMAGE_UUID: The UUID of the image
+func AddImageIDFile(installChrootRootDir string, buildNumber string) (err error) {
+	// Check if /etc directory exists and it does not, throw an error
+	_, err = os.Stat(filepath.Join(installChrootRootDir, "/etc"))
+	if err != nil {
+		if os.IsNotExist(err) {
+			err = fmt.Errorf("directory /etc does not exist in the install root")
+		}
+		return
+	}
+
+	// If buildNumber is empty, then default to "local"
+	if buildNumber == "" {
+		buildNumber = "local"
+	}
+
+	const (
+		imageIDFile      = "/etc/image-id"
+		imageIDFilePerms = 0444
+	)
+
+	ReportAction("Creating image-id file")
+
+	// Get the current time in UTC and in format "YYYYMMDDHHMMSS"
+	imageBuildDate := time.Now().UTC().Format("20060102150405")
+
+	imageIDContent := fmt.Sprintf("BUILD_NUMBER=%s\nIMAGE_BUILD_DATE=%s\nIMAGE_UUID=%s\n", buildNumber, imageBuildDate, uuid.New().String())
+	imageIDFilePath := filepath.Join(installChrootRootDir, imageIDFile)
+
+	fileCreateErr := file.Create(imageIDFilePath, imageIDFilePerms)
+	if fileCreateErr != nil {
+		err = fmt.Errorf("failed to create image-id file: %v", fileCreateErr)
+		return
+	}
+
+	ReportAction(fmt.Sprintf("Writing following content to image-id file: %s", imageIDContent))
+
+	fileWriteErr := file.Write(imageIDContent, imageIDFilePath)
+	if fileWriteErr != nil {
+		err = fmt.Errorf("failed to write to image-id file: %v", fileWriteErr)
+		return
+	}
+
+	return
+}
+
 func updateInitramfsForEncrypt(installChroot *safechroot.Chroot) (err error) {
 	err = installChroot.UnsafeRun(func() (err error) {
 		const (
diff --git a/toolkit/tools/imagegen/installutils/installutils_test.go b/toolkit/tools/imagegen/installutils/installutils_test.go
index 7f8cf9daf99..3edf08436db 100644
--- a/toolkit/tools/imagegen/installutils/installutils_test.go
+++ b/toolkit/tools/imagegen/installutils/installutils_test.go
@@ -120,3 +120,80 @@ func TestCopyAdditionalFiles(t *testing.T) {
 	assert.Equal(t, orig_contents, copy_1_contents)
 	assert.Equal(t, orig_contents, copy_2_contents)
 }
+
+// Test AddImageIDFile function in installutils.go
+func TestAddImageIDFile(t *testing.T) {
+	if os.Geteuid() != 0 {
+		t.Skip("Test must be run as root because it uses a chroot")
+	}
+
+	proposedDir := filepath.Join(tmpDir, "TestAddImageIDFile")
+	chroot := safechroot.NewChroot(proposedDir, false)
+
+	err := chroot.Initialize("", []string{}, []*safechroot.MountPoint{}, true)
+	assert.NoError(t, err)
+
+	defer chroot.Close(false)
+
+	buildNumber := "build-1234"
+	imageIDFilePath := "/etc/image-id"
+
+	etcPath := filepath.Join(chroot.RootDir(), "etc")
+	os.Mkdir(etcPath, os.ModePerm)
+	err = AddImageIDFile(chroot.RootDir(), buildNumber)
+	assert.NoError(t, err)
+
+	imageIDFileContents, err := os.ReadFile(filepath.Join(chroot.RootDir(), imageIDFilePath))
+	assert.NoError(t, err)
+
+	// assert that file has BUILD_NUMBER and the build number
+	assert.Contains(t, string(imageIDFileContents), "BUILD_NUMBER="+buildNumber)
+	// assert that file has IMAGE_BUILD_DATE and a timestamp in the format of YYYYMMDDHHMMSS
+	assert.Regexp(t, "IMAGE_BUILD_DATE=[0-9]{14}", string(imageIDFileContents))
+	// assert that file has IMAGE_UUID and a UUID
+	assert.Regexp(t, "IMAGE_UUID=[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}", string(imageIDFileContents))
+}
+
+func TestAddImageIDFileEmptyBuildNumber(t *testing.T) {
+	if os.Geteuid() != 0 {
+		t.Skip("Test must be run as root because it uses a chroot")
+	}
+
+	proposedDir := filepath.Join(tmpDir, "TestAddImageIDFile")
+	chroot := safechroot.NewChroot(proposedDir, false)
+
+	err := chroot.Initialize("", []string{}, []*safechroot.MountPoint{}, true)
+	assert.NoError(t, err)
+
+	defer chroot.Close(false)
+
+	buildNumber := ""
+	expectedBuildNumber := "local"
+	imageIDFilePath := "/etc/image-id"
+
+	etcPath := filepath.Join(chroot.RootDir(), "etc")
+	os.Mkdir(etcPath, os.ModePerm)
+	err = AddImageIDFile(chroot.RootDir(), buildNumber)
+	assert.NoError(t, err)
+
+	imageIDFileContents, err := os.ReadFile(filepath.Join(chroot.RootDir(), imageIDFilePath))
+	assert.NoError(t, err)
+	assert.Contains(t, string(imageIDFileContents), expectedBuildNumber)
+}
+
+func TestAddImageIDFileGuardClause(t *testing.T) {
+	if os.Geteuid() != 0 {
+		t.Skip("Test must be run as root because it uses a chroot")
+	}
+
+	proposedDir := filepath.Join(tmpDir, "TestAddImageIDFileGuardClause")
+	chroot := safechroot.NewChroot(proposedDir, false)
+
+	err := chroot.Initialize("", []string{}, []*safechroot.MountPoint{}, true)
+	assert.NoError(t, err)
+
+	defer chroot.Close(false)
+
+	err = AddImageIDFile(chroot.RootDir(), "")
+	assert.Error(t, err)
+}
diff --git a/toolkit/tools/imager/imager.go b/toolkit/tools/imager/imager.go
index 726616f72fd..38113cdd3c6 100644
--- a/toolkit/tools/imager/imager.go
+++ b/toolkit/tools/imager/imager.go
@@ -37,6 +37,7 @@ var (
 	liveInstallFlag = app.Flag("live-install", "Enable to perform a live install to the disk specified in config file.").Bool()
 	emitProgress    = app.Flag("emit-progress", "Write progress updates to stdout, such as percent complete and current action.").Bool()
 	timestampFile   = app.Flag("timestamp-file", "File that stores timestamps for this program.").String()
+	buildNumber     = app.Flag("build-number", "Build number to be used in the image.").String()
 	logFlags        = exe.SetupLogFlags(app)
 	profFlags       = exe.SetupProfileFlags(app)
 )
@@ -599,6 +600,8 @@ func buildImage(mountPointMap, mountPointToFsTypeMap, mountPointToMountArgsMap,
 		return
 	}
 
+	err = installutils.AddImageIDFile(installChroot.RootDir(), *buildNumber)
+
 	// Only configure the bootloader or read only partitions for actual disks, a rootfs does not need these
 	if !systemConfig.IsRootFS() {
 		err = installutils.ConfigureDiskBootloader(systemConfig.BootType, systemConfig.Encryption.Enable,

From 74a5145e974e123ab9b7affb1f9667002a3e3c28 Mon Sep 17 00:00:00 2001
From: Andrew Phelps <anphel31@users.noreply.github.com>
Date: Thu, 18 Apr 2024 11:36:23 -0700
Subject: [PATCH 10/62] fix rubygem-fluentd and rubygem-addressable
 requirements  (#8833)

---
 SPECS/rubygem-addressable/rubygem-addressable.spec |  7 +++++--
 SPECS/rubygem-fluentd/rubygem-fluentd.spec         | 14 +++++++++-----
 2 files changed, 14 insertions(+), 7 deletions(-)

diff --git a/SPECS/rubygem-addressable/rubygem-addressable.spec b/SPECS/rubygem-addressable/rubygem-addressable.spec
index 619d0ba2397..dbec29e714c 100644
--- a/SPECS/rubygem-addressable/rubygem-addressable.spec
+++ b/SPECS/rubygem-addressable/rubygem-addressable.spec
@@ -3,7 +3,7 @@
 Summary:        an alternative implementation to the URI implementation that is part of Ruby's standard library
 Name:           rubygem-%{gem_name}
 Version:        2.8.5
-Release:        1%{?dist}
+Release:        2%{?dist}
 License:        Apache 2.0
 Vendor:         Microsoft Corporation
 Distribution:   Azure Linux
@@ -11,7 +11,7 @@ Group:          Development/Languages
 URL:            https://github.com/sporkmonger/addressable
 Source0:        https://github.com/sporkmonger/addressable/archive/refs/tags/addressable-%{version}.tar.gz#/%{gem_name}-%{gem_name}-%{version}.tar.gz
 BuildRequires:  ruby
-Requires:       rubygem-public_suffix < 5.0
+Requires:       rubygem-public_suffix < 6.0
 Provides:       rubygem(%{gem_name}) = %{version}-%{release}
 
 %description
@@ -34,6 +34,9 @@ gem install -V --local --force --install-dir %{buildroot}/%{gemdir} %{gem_name}-
 %{gemdir}
 
 %changelog
+* Wed Apr 17 2024 Andrew Phelps <anphel@microsoft.com> - 2.8.5-2
+- Update runtime rubygem required version
+
 * Thu Nov 02 2023 CBL-Mariner Servicing Account <cblmargh@microsoft.com> - 2.8.5-1
 - Auto-upgrade to 2.8.5 - Azure Linux 3.0 - package upgrades
 
diff --git a/SPECS/rubygem-fluentd/rubygem-fluentd.spec b/SPECS/rubygem-fluentd/rubygem-fluentd.spec
index 86d28d48da4..5534446e6d6 100644
--- a/SPECS/rubygem-fluentd/rubygem-fluentd.spec
+++ b/SPECS/rubygem-fluentd/rubygem-fluentd.spec
@@ -3,7 +3,7 @@
 Summary:        Fluentd event collector
 Name:           rubygem-%{gem_name}
 Version:        1.16.2
-Release:        1%{?dist}
+Release:        2%{?dist}
 License:        ASL 2.0
 Vendor:         Microsoft Corporation
 Distribution:   Azure Linux
@@ -15,15 +15,16 @@ BuildRequires:  git
 BuildRequires:  ruby
 Requires:       rubygem-async-http
 Requires:       rubygem-cool.io < 2.0.0
-Requires:       rubygem-http_parser.rb < 0.7.0
+Requires:       rubygem-http_parser.rb < 0.9.0
 Requires:       rubygem-msgpack < 2.0.0
 Requires:       rubygem-rake < 14
 Requires:       rubygem-serverengine < 3.0.0
-Requires:       rubygem-sigdump < 0.3
+Requires:       rubygem-sigdump > 0.2.5
 Requires:       rubygem-strptime < 1.0.0
 Requires:       rubygem-tzinfo < 3.0
-Requires:       rubygem-tzinfo-data < 2
-Requires:       rubygem-yajl-ruby < 2
+Requires:       rubygem-tzinfo-data > 1.0
+Requires:       rubygem-yajl-ruby > 1.0
+Requires:       rubygem-webrick > 1.4
 Provides:       rubygem(%{gem_name}) = %{version}-%{release}
 
 %description
@@ -58,6 +59,9 @@ gem install -V --local --force --install-dir %{buildroot}%{gemdir} --bindir %{bu
 %{gemdir}/specifications/fluentd-%{version}.gemspec
 
 %changelog
+* Wed Apr 17 2024 Andrew Phelps <anphel@microsoft.com> - 1.16.2-2
+- Update runtime rubygem required versions
+
 * Thu Nov 02 2023 CBL-Mariner Servicing Account <cblmargh@microsoft.com> - 1.16.2-1
 - Auto-upgrade to 1.16.2 - Azure Linux 3.0 - package upgrades
 

From fae55f61872829cd170d0898c3591f006d7c89af Mon Sep 17 00:00:00 2001
From: Andrew Phelps <anphel31@users.noreply.github.com>
Date: Thu, 18 Apr 2024 11:36:46 -0700
Subject: [PATCH 11/62] heimdal: fix build break (#8832)

---
 SPECS/heimdal/fixautoconf.patch | 13 +++++++++++++
 SPECS/heimdal/heimdal.spec      |  6 +++++-
 2 files changed, 18 insertions(+), 1 deletion(-)
 create mode 100644 SPECS/heimdal/fixautoconf.patch

diff --git a/SPECS/heimdal/fixautoconf.patch b/SPECS/heimdal/fixautoconf.patch
new file mode 100644
index 00000000000..c11cd875c30
--- /dev/null
+++ b/SPECS/heimdal/fixautoconf.patch
@@ -0,0 +1,13 @@
+diff --git a/cf/largefile.m4 b/cf/largefile.m4
+index 5c54897be4..cdbbc55431 100644
+--- a/cf/largefile.m4
++++ b/cf/largefile.m4
+@@ -10,7 +10,7 @@ dnl with generated code, such as lex
+ if test "$enable_largefile" != no -a "$ac_cv_sys_large_files" != no; then
+ 	CPPFLAGS="$CPPFLAGS -D_LARGE_FILES=$ac_cv_sys_large_files"
+ fi
+-if test "$enable_largefile" != no -a "$ac_cv_sys_file_offset_bits" != no; then
++if test "$enable_largefile" != no -a "$ac_cv_sys_file_offset_bits" != no && test -n "$ac_cv_sys_file_offset_bits"; then
+ 	CPPFLAGS="$CPPFLAGS -D_FILE_OFFSET_BITS=$ac_cv_sys_file_offset_bits"
+ fi
+ ])
diff --git a/SPECS/heimdal/heimdal.spec b/SPECS/heimdal/heimdal.spec
index d3430a032c5..bb16d781f28 100644
--- a/SPECS/heimdal/heimdal.spec
+++ b/SPECS/heimdal/heimdal.spec
@@ -12,7 +12,7 @@
 Summary:        A Kerberos 5 implementation without export restrictions
 Name:           heimdal
 Version:        7.8.0
-Release:        1%{?dist}
+Release:        2%{?dist}
 License:        BSD AND MIT
 Vendor:         Microsoft Corporation
 Distribution:   Azure Linux
@@ -43,6 +43,7 @@ Patch2:         heimdal-configure.patch
 Patch5:         0001-lib-krb5-krb5_pac_parse-mem-leak-if-pac_header_size-.patch
 Patch6:         0002-kdc-Check-generate_pac-return-code.patch
 Patch7:         0003-kdc-avoid-re-encoding-KDC-REQ-BODY.patch
+Patch8:         fixautoconf.patch
 BuildRequires:  bison
 #libcom_err-devel is in
 #BuildRequires:  libcom_err-devel
@@ -485,6 +486,9 @@ fi
 %{_sysconfdir}/profile.d/%{name}.csh
 
 %changelog
+* Wed Apr 17 2024 Andrew Phelps <anphel@microsoft.com> - 7.8.0-2
+- Add patch to fix build with autoconf 2.72
+
 * Fri Oct 27 2023 CBL-Mariner Servicing Account <cblmargh@microsoft.com> - 7.8.0-1
 - Auto-upgrade to 7.8.0 - Azure Linux 3.0 - package upgrades
 

From 7198569a3d71a954c0759ff9e7c83f22126c143b Mon Sep 17 00:00:00 2001
From: SeanDougherty <sdougherty@microsoft.com>
Date: Thu, 18 Apr 2024 17:36:41 -0700
Subject: [PATCH 12/62] =?UTF-8?q?fix:=20move=20stopGPGAgent=20into=20safec?=
 =?UTF-8?q?hroot=20to=20stop=20/dev=20from=20being=20left=20b=E2=80=A6=20(?=
 =?UTF-8?q?#8807)?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Co-authored-by: Pawel Winogrodzki <pawelwi@microsoft.com>
---
 .../imagegen/installutils/installutils.go     | 25 -------
 .../tools/internal/safechroot/safechroot.go   | 72 +++++++++++++++++++
 2 files changed, 72 insertions(+), 25 deletions(-)

diff --git a/toolkit/tools/imagegen/installutils/installutils.go b/toolkit/tools/imagegen/installutils/installutils.go
index ee97e6fcaec..88d3f8be46a 100644
--- a/toolkit/tools/imagegen/installutils/installutils.go
+++ b/toolkit/tools/imagegen/installutils/installutils.go
@@ -435,8 +435,6 @@ func PopulateInstallRoot(installChroot *safechroot.Chroot, packagesToInstall []s
 		filesystemPkg = "filesystem"
 	)
 
-	defer stopGPGAgent(installChroot)
-
 	ReportAction("Initializing RPM Database")
 
 	installRoot := filepath.Join(rootMountPoint, installChroot.RootDir())
@@ -2765,26 +2763,3 @@ func KernelPackages(config configuration.Config) []*pkgjson.PackageVer {
 	}
 	return packageList
 }
-
-// stopGPGAgent stops gpg-agent and keyboxd if they are running inside the installChroot.
-//
-// It is possible that one of the packages or post-install scripts started a GPG agent.
-// e.g. when installing the azurelinux-repos SPEC, a GPG import occurs. This starts the gpg-agent process inside the chroot.
-// To be able to cleanly exit the setup chroot, we must stop it.
-func stopGPGAgent(installChroot *safechroot.Chroot) {
-	installChroot.UnsafeRun(func() error {
-		err := shell.ExecuteLiveWithCallback(logger.Log.Debug, logger.Log.Warn, false, "gpgconf", "--kill", "gpg-agent")
-		if err != nil {
-			// This is non-fatal, as there is no guarantee the image has gpg agent started.
-			logger.Log.Warnf("Failed to stop gpg-agent. This is expected if it is not installed: %s", err)
-		}
-
-		err = shell.ExecuteLiveWithCallback(logger.Log.Debug, logger.Log.Warn, false, "gpgconf", "--kill", "keyboxd")
-		if err != nil {
-			// This is non-fatal, as there is no guarantee the image has gpg agent started.
-			logger.Log.Warnf("Failed to stop keyboxd. This is expected if it is not installed: %s", err)
-		}
-
-		return nil
-	})
-}
diff --git a/toolkit/tools/internal/safechroot/safechroot.go b/toolkit/tools/internal/safechroot/safechroot.go
index 30dec8d4474..e2dbfcb10ce 100644
--- a/toolkit/tools/internal/safechroot/safechroot.go
+++ b/toolkit/tools/internal/safechroot/safechroot.go
@@ -6,8 +6,10 @@ package safechroot
 import (
 	"fmt"
 	"os"
+	"os/exec"
 	"os/signal"
 	"path/filepath"
+	"strings"
 	"sync"
 	"time"
 
@@ -430,6 +432,14 @@ func (c *Chroot) Close(leaveOnDisk bool) (err error) {
 			return
 		}
 
+		// Stops gpg-agent and keyboxd if they are running inside the chroot.
+		// This is to avoid leaving folders like /dev mounted when the chroot folder is forcefully deleted in cleanup.
+		err = c.stopGPGComponents()
+		if err != nil {
+			// Don't want to leave a stale root if GPG components fail to exit. Logging a Warn and letting close continue...
+			logger.Log.Warnf("Failed to stop GPG components while tearing down the (%s) chroot: %s", c.rootDir, err)
+		}
+
 		// mount is only supported in regular pipeline
 		err = c.unmountAndRemove(leaveOnDisk, unmountTypeNormal)
 		if err != nil {
@@ -689,3 +699,65 @@ func (c *Chroot) GetMountPoints() []*MountPoint {
 	mountPoints := append([]*MountPoint(nil), c.mountPoints...)
 	return mountPoints
 }
+
+// stopGPGComponents stops gpg-agent and keyboxd if they are running inside the chroot.
+//
+// A GPG agent may have been started while the chroot was in use. Newer versions of "gnupg2" will also start keyboxd.
+// E.g. when installing the azurelinux-repos-shared package, a GPG import occurs. This starts the gpg-agent process inside the chroot.
+// To be able to cleanly exit the setup chroot, we must stop it.
+func (c *Chroot) stopGPGComponents() (err error) {
+	_, err = exec.LookPath("gpgconf")
+	if err != nil {
+		logger.Log.Debugf("gpgconf is not installed, so gpg-agent is not running: %s", err)
+		return nil
+	}
+
+	err = c.UnsafeRun(func() (err error) {
+		components, err := listGPGComponents()
+		if err != nil {
+			return err
+		}
+		// List of components to kill. The names must be verbatim identical to the name tag that is used by `gpgconf`
+		componentsToKill := []string{"gpg-agent", "keyboxd"}
+		return killGPGComponents(componentsToKill, components)
+	})
+
+	return
+}
+
+// killGPGComponents will kill the GPG components from the 'componentsToKill' list
+// if they are inside the 'availableComponents' set.
+func killGPGComponents(componentsToKill []string, availableComponents map[string]bool) (err error) {
+	for _, component := range componentsToKill {
+		if availableComponents[component] {
+			logger.Log.Debugf("Found %s running inside chroot. Stopping it.", component)
+			_, stderr, err := shell.Execute("gpgconf", "--kill", component)
+			if err != nil {
+				return fmt.Errorf("failed to stop GPG component (%s):\nerr: %w\nstderr: %s", component, err, stderr)
+			}
+		}
+	}
+	return
+}
+
+// listGPGComponents will return a set of all GPG component.
+func listGPGComponents() (components map[string]bool, err error) {
+	stdout, stderr, err := shell.Execute("gpgconf", "--list-components")
+
+	if err != nil {
+		err = fmt.Errorf("failed to list GPG components.\nerr:%w\nstderr: %s", err, stderr)
+		return
+	}
+
+	logger.Log.Debugf("gpgconf --list-components output:\n%s", stdout)
+
+	components = make(map[string]bool)
+
+	// Split --list-components stdout into a list of name tags, one for each component
+	// Stdout has the following format: <component>:<description>:<pgmname>:
+	for _, line := range strings.Split(stdout, "\n") {
+		components[strings.Split(line, ":")[0]] = true
+	}
+
+	return
+}

From 5202c60acd4107c17460379165e72d1a60e21139 Mon Sep 17 00:00:00 2001
From: Muhammad Falak R Wani <falakreyaz@gmail.com>
Date: Fri, 19 Apr 2024 14:35:07 +0530
Subject: [PATCH 13/62] ck: add package v7.2 (#8831)

Signed-off-by: Muhammad Falak R Wani <falakreyaz@gmail.com>
---
 LICENSES-AND-NOTICES/SPECS/LICENSES-MAP.md    |   2 +-
 LICENSES-AND-NOTICES/SPECS/data/licenses.json |   1 +
 SPECS/ck/ck-nogettid.patch                    |  21 ++
 SPECS/ck/ck-register-constraint.patch         |  33 +++
 SPECS/ck/ck-unit-sequence.patch               |  38 ++++
 SPECS/ck/ck-unit-time.patch                   |  33 +++
 SPECS/ck/ck.signatures.json                   |   5 +
 SPECS/ck/ck.spec                              | 197 ++++++++++++++++++
 SPECS/ck/ck_disable_ck_hclh_test.patch        |  38 ++++
 cgmanifest.json                               |  62 +++---
 10 files changed, 403 insertions(+), 27 deletions(-)
 create mode 100644 SPECS/ck/ck-nogettid.patch
 create mode 100644 SPECS/ck/ck-register-constraint.patch
 create mode 100644 SPECS/ck/ck-unit-sequence.patch
 create mode 100644 SPECS/ck/ck-unit-time.patch
 create mode 100644 SPECS/ck/ck.signatures.json
 create mode 100644 SPECS/ck/ck.spec
 create mode 100644 SPECS/ck/ck_disable_ck_hclh_test.patch

diff --git a/LICENSES-AND-NOTICES/SPECS/LICENSES-MAP.md b/LICENSES-AND-NOTICES/SPECS/LICENSES-MAP.md
index 81491154a0f..28185b351b9 100644
--- a/LICENSES-AND-NOTICES/SPECS/LICENSES-MAP.md
+++ b/LICENSES-AND-NOTICES/SPECS/LICENSES-MAP.md
@@ -5,7 +5,7 @@ The Azure Linux SPEC files originated from a variety of sources with varying lic
 | CentOS | [MIT](https://www.centos.org/legal/#licensing-policy) | crash-ptdump-command <br> delve <br> fstrm <br> nodejs-nodemon <br> rhnlib <br> rt-setup <br> rt-tests <br> rtctl <br> tuned |
 | Ceph source | [LGPL2.1](https://github.com/ceph/ceph/blob/master/COPYING-LGPL2.1) | ceph |
 | Debian | [MIT](https://opensource.org/licenses/MIT) | prometheus-process-exporter |
-| Fedora | [Fedora MIT License Declaration](https://fedoraproject.org/wiki/Licensing:Main?rd=Licensing#License_of_Fedora_SPEC_Files) | a52dec <br> abseil-cpp <br> accountsservice <br> acpica-tools <br> acpid <br> adcli <br> adobe-mappings-cmap <br> adobe-mappings-pdf <br> advancecomp <br> adwaita-icon-theme <br> afflib <br> aide <br> alsa-firmware <br> alsa-plugins <br> amtk <br> amtterm <br> annobin <br> ansible-freeipa <br> archivemount <br> argparse-manpage <br> arptables <br> arpwatch <br> asio <br> aspell <br> aspell-en <br> at <br> at-spi2-atk <br> at-spi2-core <br> atf <br> atk <br> atop <br> attr <br> audiofile <br> augeas <br> authbind <br> authd <br> authselect <br> autoconf213 <br> avahi <br> babeltrace <br> babeltrace2 <br> babl <br> baekmuk-ttf-fonts <br> bats <br> bcache-tools <br> biosdevname <br> blosc <br> bluez <br> bmake <br> bogofilter <br> bolt <br> boom-boot <br> booth <br> botan2 <br> breezy <br> brotli <br> buildah <br> busybox <br> bwidget <br> byacc <br> ca-certificates <br> cachefilesd <br> cairomm <br> calamares <br> capstone <br> catatonit <br> catch <br> catch1 <br> cdrdao <br> celt051 <br> cereal <br> certmonger <br> cfitsio <br> cgdcbxd <br> chan <br> CharLS <br> checkpolicy <br> checksec <br> chrony <br> cim-schema <br> cjkuni-uming-fonts <br> cjose <br> cldr-emoji-annotation <br> clucene <br> clutter <br> clutter-gst3 <br> clutter-gtk <br> cmocka <br> cogl <br> collectd <br> colm <br> color-filesystem <br> colord <br> colorize <br> compat-lua <br> compiler-rt <br> conda <br> conmon <br> conntrack-tools <br> console-setup <br> container-exception-logger <br> containernetworking-plugins <br> convmv <br> corosync <br> corosync-qdevice <br> cpp-hocon <br> cppcheck <br> cpprest <br> cpptest <br> cpuid <br> criu <br> crypto-policies <br> cryptsetup <br> cscope <br> ctags <br> CUnit <br> cups <br> custodia <br> Cython <br> dbus-c++ <br> dbus-python <br> dbxtool <br> dconf <br> dcraw <br> debootstrap <br> deltarpm <br> desktop-file-utils <br> device-mapper-persistent-data <br> dietlibc <br> diffstat <br> ding-libs <br> discount <br> distribution-gpg-keys <br> dleyna-connector-dbus <br> dleyna-core <br> dmraid <br> dnf <br> dnf-plugins-core <br> docbook-dtds <br> docbook-simple <br> docbook-slides <br> docbook-style-dsssl <br> docbook-utils <br> docbook2X <br> docbook5-schemas <br> docbook5-style-xsl <br> dogtail <br> dos2unix <br> dotconf <br> dovecot <br> dpdk <br> dpkg <br> driverctl <br> dropwatch <br> drpm <br> duktape <br> dumpet <br> dvd+rw-tools <br> dwarves <br> dwz <br> dyninst <br> ebtables <br> edac-utils <br> edk2 <br> efax <br> efi-rpm-macros <br> egl-wayland <br> eglexternalplatform <br> elinks <br> enca <br> enchant <br> enchant2 <br> enscript <br> environment-modules <br> evemu <br> execstack <br> exempi <br> exiv2 <br> extra-cmake-modules <br> fabtests <br> facter <br> fakechroot <br> fakeroot <br> fapolicyd <br> fdk-aac-free <br> fdupes <br> fence-virt <br> fetchmail <br> fftw <br> filebench <br> fio <br> fipscheck <br> firewalld <br> flac <br> flatbuffers <br> flite <br> fltk <br> fmt <br> fontawesome-fonts <br> fontawesome4-fonts <br> fontpackages <br> fonts-rpm-macros <br> foomatic-db <br> freeglut <br> freeipmi <br> freeradius <br> freetds <br> freexl <br> fribidi <br> fros <br> frr <br> fsverity-utils <br> fuse-overlayfs <br> fuse-sshfs <br> fuse-zip <br> fuse3 <br> future <br> fxload <br> gavl <br> gbenchmark <br> gconf-editor <br> GConf2 <br> gcovr <br> gcr <br> gdal <br> gdisk <br> gdk-pixbuf2 <br> generic-logos <br> genwqe-tools <br> geoclue2 <br> GeoIP <br> GeoIP-GeoLite-data <br> geolite2 <br> geos <br> gfs2-utils <br> ghc-srpm-macros <br> giflib <br> gl-manpages <br> glew <br> glm <br> glog <br> glslang <br> glusterfs <br> gnome-desktop-testing <br> gnome-doc-utils <br> gnome-icon-theme <br> gnome-keyring <br> gnu-efi <br> go-rpm-macros <br> gom <br> google-api-python-client <br> google-crosextra-caladea-fonts <br> google-crosextra-carlito-fonts <br> google-guice <br> google-noto-cjk-fonts <br> google-noto-emoji-fonts <br> google-roboto-slab-fonts <br> gphoto2 <br> gpm <br> gpsbabel <br> graphene <br> graphite2 <br> graphviz <br> grubby <br> gsettings-desktop-schemas <br> gsl <br> gsm <br> gspell <br> gssdp <br> gssntlmssp <br> gstreamer1 <br> gstreamer1-plugins-base <br> gtk-vnc <br> gtk2 <br> gtk3 <br> gtkspell <br> gupnp <br> gupnp-av <br> gupnp-dlna <br> gupnp-igd <br> hardening-check <br> hdf <br> hdf5 <br> heimdal <br> help2man <br> hexedit <br> hicolor-icon-theme <br> hiera <br> highlight <br> hivex <br> hostname <br> hping3 <br> hsakmt <br> htop <br> hunspell <br> hunspell-af <br> hunspell-ar <br> hunspell-as <br> hunspell-ast <br> hunspell-az <br> hunspell-be <br> hunspell-bg <br> hunspell-bn <br> hunspell-br <br> hunspell-ca <br> hunspell-cop <br> hunspell-csb <br> hunspell-cv <br> hunspell-cy <br> hunspell-da <br> hunspell-de <br> hunspell-dsb <br> hunspell-el <br> hunspell-en <br> hunspell-eo <br> hunspell-es <br> hunspell-et <br> hunspell-eu <br> hunspell-fa <br> hunspell-fj <br> hunspell-fo <br> hunspell-fr <br> hunspell-fur <br> hunspell-fy <br> hunspell-ga <br> hunspell-gd <br> hunspell-gl <br> hunspell-grc <br> hunspell-gu <br> hunspell-gv <br> hunspell-haw <br> hunspell-hi <br> hunspell-hil <br> hunspell-hr <br> hunspell-hsb <br> hunspell-ht <br> hunspell-hu <br> hunspell-hy <br> hunspell-ia <br> hunspell-id <br> hunspell-is <br> hunspell-it <br> hunspell-kk <br> hunspell-km <br> hunspell-kn <br> hunspell-ko <br> hunspell-ku <br> hunspell-ky <br> hunspell-la <br> hunspell-lb <br> hunspell-ln <br> hunspell-mai <br> hunspell-mg <br> hunspell-mi <br> hunspell-mk <br> hunspell-ml <br> hunspell-mn <br> hunspell-mos <br> hunspell-mr <br> hunspell-ms <br> hunspell-mt <br> hunspell-nds <br> hunspell-ne <br> hunspell-nl <br> hunspell-no <br> hunspell-nr <br> hunspell-nso <br> hunspell-ny <br> hunspell-om <br> hunspell-or <br> hunspell-pa <br> hunspell-pl <br> hunspell-pt <br> hunspell-quh <br> hunspell-ro <br> hunspell-ru <br> hunspell-rw <br> hunspell-se <br> hunspell-shs <br> hunspell-si <br> hunspell-sk <br> hunspell-sl <br> hunspell-smj <br> hunspell-so <br> hunspell-sq <br> hunspell-sr <br> hunspell-sv <br> hunspell-sw <br> hunspell-ta <br> hunspell-te <br> hunspell-tet <br> hunspell-th <br> hunspell-tk <br> hunspell-tl <br> hunspell-tn <br> hunspell-tpi <br> hunspell-ts <br> hunspell-uk <br> hunspell-uz <br> hunspell-ve <br> hunspell-vi <br> hunspell-wa <br> hunspell-xh <br> hunspell-yi <br> hwdata <br> hwloc <br> hyperscan <br> hyperv-daemons <br> hyphen <br> hyphen-as <br> hyphen-bg <br> hyphen-bn <br> hyphen-ca <br> hyphen-da <br> hyphen-de <br> hyphen-el <br> hyphen-es <br> hyphen-fa <br> hyphen-fo <br> hyphen-fr <br> hyphen-ga <br> hyphen-gl <br> hyphen-grc <br> hyphen-gu <br> hyphen-hi <br> hyphen-hsb <br> hyphen-hu <br> hyphen-ia <br> hyphen-id <br> hyphen-is <br> hyphen-it <br> hyphen-kn <br> hyphen-ku <br> hyphen-lt <br> hyphen-mi <br> hyphen-ml <br> hyphen-mn <br> hyphen-mr <br> hyphen-nl <br> hyphen-or <br> hyphen-pa <br> hyphen-pl <br> hyphen-pt <br> hyphen-ro <br> hyphen-ru <br> hyphen-sa <br> hyphen-sk <br> hyphen-sl <br> hyphen-sv <br> hyphen-ta <br> hyphen-te <br> hyphen-tk <br> hyphen-uk <br> ibus <br> ibus-chewing <br> ibus-hangul <br> ibus-kkc <br> ibus-libzhuyin <br> ibus-m17n <br> ibus-rawcode <br> ibus-sayura <br> ibus-table <br> ibus-table-chinese <br> icc-profiles-openicc <br> icon-naming-utils <br> icoutils <br> iftop <br> iio-sensor-proxy <br> ilmbase <br> im-chooser <br> imaptest <br> imsettings <br> indent <br> infinipath-psm <br> inih <br> iniparser <br> intel-cmt-cat <br> intel-ipsec-mb <br> ioping <br> IP2Location <br> ipa-pgothic-fonts <br> ipcalc <br> ipmitool <br> iprutils <br> iptraf-ng <br> iptstate <br> irssi <br> iscsi-initiator-utils <br> isns-utils <br> iso-codes <br> isomd5sum <br> iw <br> iwd <br> jabberpy <br> jakarta-servlet <br> jasper <br> javapackages-bootstrap <br> javapackages-tools <br> jbigkit <br> jdom2 <br> jemalloc <br> jfsutils <br> jimtcl <br> jose <br> js-jquery <br> jsoncpp <br> Judy <br> jurand <br> kata-containers <br> kde-filesystem <br> kde-settings <br> kexec-tools <br> keybinder3 <br> keycloak-httpd-client-install <br> kf <br> kf-kconfig <br> kf-kcoreaddons <br> kf-ki18n <br> kf-kwidgetsaddons <br> kpmcore <br> kronosnet <br> ksh <br> kyotocabinet <br> kyua <br> ladspa <br> lame <br> langtable <br> lapack <br> lasso <br> latencytop <br> lato-fonts <br> lcms2 <br> lcov <br> ldns <br> leatherman <br> ledmon <br> lensfun <br> leveldb <br> lftp <br> libabw <br> libaec <br> libao <br> libappstream-glib <br> libarrow <br> libart_lgpl <br> libasyncns <br> libatasmart <br> libavc1394 <br> libblockdev <br> libbpf <br> libbsd <br> libburn <br> libbytesize <br> libcacard <br> libcanberra <br> libcdio <br> libcdio-paranoia <br> libcdr <br> libcgroup <br> libchewing <br> libcli <br> libcmis <br> libcmpiutil <br> libcomps <br> libcroco <br> libdaemon <br> libdap <br> libdatrie <br> libdazzle <br> libdbi <br> libdbi-drivers <br> libdbusmenu <br> libdc1394 <br> libdeflate <br> libdmx <br> libdnf <br> libdrm <br> libdvdnav <br> libdvdread <br> libdwarf <br> libeasyfc <br> libecap <br> libecb <br> libell <br> libEMF <br> libeot <br> libepoxy <br> libepubgen <br> libesmtp <br> libetonyek <br> libev <br> libevdev <br> libexif <br> libexttextcat <br> libfabric <br> libfontenc <br> libfreehand <br> libftdi <br> libgadu <br> libgdither <br> libgee <br> libgee06 <br> libgeotiff <br> libgexiv2 <br> libgit2 <br> libgit2-glib <br> libglade2 <br> libglvnd <br> libgovirt <br> libgphoto2 <br> libgsf <br> libgta <br> libguestfs <br> libgusb <br> libgxim <br> libgxps <br> libhangul <br> libhugetlbfs <br> libibcommon <br> libical <br> libICE <br> libicns <br> libid3tag <br> libIDL <br> libidn2 <br> libiec61883 <br> libieee1284 <br> libimobiledevice <br> libindicator <br> libinput <br> libiodbc <br> libipt <br> libiptcdata <br> libiscsi <br> libisoburn <br> libisofs <br> libjcat <br> libkcapi <br> libkeepalive <br> libkkc <br> libkkc-data <br> libkml <br> liblangtag <br> libldb <br> libldm <br> liblerc <br> liblockfile <br> liblognorm <br> liblouis <br> liblqr-1 <br> liblzf <br> libmad <br> libmediaart <br> libmicrohttpd <br> libmikmod <br> libmodman <br> libmodplug <br> libmodulemd1 <br> libmpcdec <br> libmspub <br> libmtp <br> libmusicbrainz5 <br> libmwaw <br> libnbd <br> libnet <br> libnetfilter_log <br> libnfs <br> libnotify <br> libntlm <br> libnumbertext <br> libnvme <br> liboauth <br> libodfgen <br> libofa <br> libogg <br> liboggz <br> liboil <br> libomxil-bellagio <br> libopenraw <br> liboping <br> libosinfo <br> libotf <br> libotr <br> libpagemaker <br> libpaper <br> libpciaccess <br> libpeas <br> libpfm <br> libpinyin <br> libplist <br> libpmemobj-cpp <br> libpng12 <br> libpng15 <br> libproxy <br> libpsm2 <br> libpwquality <br> libqb <br> libqxp <br> libraqm <br> LibRaw <br> libraw1394 <br> libreport <br> libreswan <br> librevenge <br> librsvg2 <br> librx <br> libsamplerate <br> libsass <br> libsecret <br> libsemanage <br> libsigc++20 <br> libsigsegv <br> libslirp <br> libSM <br> libsmbios <br> libsmi <br> libsndfile <br> libsodium <br> libspiro <br> libsrtp <br> libssh <br> libstaroffice <br> libstemmer <br> libstoragemgmt <br> libtdb <br> libteam <br> libtevent <br> libthai <br> libtnc <br> libtomcrypt <br> libtommath <br> libtpms <br> libtracecmd <br> libtraceevent <br> libtracefs <br> libtranslit <br> libucil <br> libunicap <br> libuninameslist <br> liburing <br> libusbmuxd <br> libuser <br> libutempter <br> libvarlink <br> libverto <br> libvirt-dbus <br> libvirt-glib <br> libvirt-java <br> libvirt-python <br> libvisio <br> libvisual <br> libvoikko <br> libvorbis <br> libvpx <br> libwacom <br> libwnck3 <br> libwpd <br> libwpe <br> libwpg <br> libwps <br> libwvstreams <br> libX11 <br> libXau <br> libXaw <br> libxcb <br> libXcomposite <br> libxcrypt <br> libXcursor <br> libXdamage <br> libXdmcp <br> libXext <br> libxfce4util <br> libXfixes <br> libXfont2 <br> libXft <br> libXi <br> libXinerama <br> libxkbcommon <br> libxkbfile <br> libxklavier <br> libxmlb <br> libXmu <br> libXpm <br> libXrandr <br> libXrender <br> libXres <br> libXScrnSaver <br> libxshmfence <br> libXt <br> libXtst <br> libXv <br> libXxf86vm <br> libyami <br> libyang <br> libyubikey <br> libzip <br> libzmf <br> lilv <br> linuxconsoletools <br> linuxptp <br> lksctp-tools <br> lldpd <br> lockdev <br> logwatch <br> lpsolve <br> lrzsz <br> lua <br> lua-expat <br> lua-filesystem <br> lua-json <br> lua-lpeg <br> lua-lunit <br> lua-rpm-macros <br> lua-term <br> luajit <br> lujavrite <br> luksmeta <br> lutok <br> lv2 <br> lzip <br> lzop <br> m17n-db <br> m17n-lib <br> mac-robber <br> mailcap <br> mailx <br> malaga <br> malaga-suomi-voikko <br> mallard-rng <br> man-pages-cs <br> man-pages-es <br> man-pages-it <br> man-pages-ja <br> man-pages-ko <br> man-pages-pl <br> man-pages-ru <br> man-pages-zh-CN <br> mandoc <br> mariadb-connector-c <br> mariadb-connector-odbc <br> marisa <br> maven-compiler-plugin <br> maven-jar-plugin <br> maven-resolver <br> maven-resources-plugin <br> maven-surefire <br> maven-wagon <br> mcelog <br> mcpp <br> mcstrans <br> mdadm <br> mdds <br> mdevctl <br> meanwhile <br> mecab <br> mecab-ipadic <br> media-player-info <br> memcached <br> memkind <br> mesa <br> mesa-libGLU <br> metis <br> microcode_ctl <br> microdnf <br> minicom <br> minizip <br> mksh <br> mobile-broadband-provider-info <br> mock <br> mock-core-configs <br> mod_auth_gssapi <br> mod_auth_mellon <br> mod_auth_openidc <br> mod_authnz_pam <br> mod_fcgid <br> mod_http2 <br> mod_intercept_form_submit <br> mod_lookup_identity <br> mod_md <br> mod_security <br> mod_security_crs <br> mod_wsgi <br> mokutil <br> mozjs <br> mpage <br> mrtg <br> mstflint <br> mt-st <br> mtdev <br> mtools <br> mtr <br> mtx <br> munge <br> mutt <br> mythes <br> mythes-bg <br> mythes-ca <br> mythes-cs <br> mythes-da <br> mythes-de <br> mythes-el <br> mythes-en <br> mythes-eo <br> mythes-es <br> mythes-fr <br> mythes-ga <br> mythes-hu <br> mythes-mi <br> mythes-ne <br> mythes-nl <br> mythes-pl <br> mythes-pt <br> mythes-ro <br> mythes-ru <br> mythes-sk <br> mythes-sl <br> mythes-sv <br> mythes-uk <br> nbd <br> nbdkit <br> neon <br> netavark <br> netcdf <br> netcf <br> netlabel_tools <br> netpbm <br> netsniff-ng <br> nfs4-acl-tools <br> nftables <br> nilfs-utils <br> nkf <br> nload <br> nlopt <br> nodejs-packaging <br> nss-mdns <br> nss-pam-ldapd <br> nss_nis <br> nss_wrapper <br> ntfs-3g <br> ntfs-3g-system-compression <br> numad <br> numatop <br> numpy <br> nvmetcli <br> nvml <br> oath-toolkit <br> ocaml <br> ocaml-alcotest <br> ocaml-astring <br> ocaml-augeas <br> ocaml-base <br> ocaml-bigarray-compat <br> ocaml-bisect-ppx <br> ocaml-calendar <br> ocaml-camlp5 <br> ocaml-camomile <br> ocaml-cinaps <br> ocaml-cmdliner <br> ocaml-compiler-libs-janestreet <br> ocaml-cppo <br> ocaml-csexp <br> ocaml-csv <br> ocaml-ctypes <br> ocaml-curses <br> ocaml-dune <br> ocaml-extlib <br> ocaml-fileutils <br> ocaml-findlib <br> ocaml-fmt <br> ocaml-fpath <br> ocaml-gettext <br> ocaml-integers <br> ocaml-libvirt <br> ocaml-luv <br> ocaml-lwt <br> ocaml-markup <br> ocaml-migrate-parsetree <br> ocaml-mmap <br> ocaml-num <br> ocaml-ocamlbuild <br> ocaml-ocplib-endian <br> ocaml-ounit <br> ocaml-parsexp <br> ocaml-ppx-derivers <br> ocaml-ppxlib <br> ocaml-re <br> ocaml-react <br> ocaml-result <br> ocaml-seq <br> ocaml-sexplib <br> ocaml-sexplib0 <br> ocaml-stdio <br> ocaml-topkg <br> ocaml-tyxml <br> ocaml-uuidm <br> ocaml-uutf <br> ocaml-xml-light <br> ocaml-zarith <br> ocl-icd <br> oddjob <br> ogdi <br> omping <br> opa <br> opal <br> open-vm-tools <br> openblas <br> opencc <br> opencl-filesystem <br> opencl-headers <br> opencryptoki <br> opencsd <br> opendnssec <br> OpenEXR <br> openjade <br> openjpeg2 <br> openmpi <br> openobex <br> openoffice-lv <br> openrdate <br> opensc <br> openslp <br> opensm <br> opensp <br> openssl <br> openssl-ibmpkcs11 <br> openssl-pkcs11 <br> openwsman <br> optipng <br> opus <br> opusfile <br> orangefs <br> ORBit2 <br> orc <br> os-prober <br> osinfo-db <br> osinfo-db-tools <br> overpass-fonts <br> p11-kit <br> p7zip <br> pacemaker <br> pacrunner <br> pakchois <br> pam_krb5 <br> pam_wrapper <br> papi <br> paps <br> parallel <br> patchelf <br> patchutils <br> pbzip2 <br> pcp <br> pcsc-lite <br> pcsc-lite-ccid <br> PEGTL <br> perl <br> perl-Algorithm-C3 <br> perl-Algorithm-Diff <br> perl-Alien-Build <br> perl-Alien-pkgconf <br> perl-AnyEvent <br> perl-AnyEvent-AIO <br> perl-AnyEvent-BDB <br> perl-App-cpanminus <br> perl-App-FatPacker <br> perl-AppConfig <br> perl-Archive-Extract <br> perl-Archive-Zip <br> perl-Authen-SASL <br> perl-B-COW <br> perl-B-Debug <br> perl-B-Hooks-EndOfScope <br> perl-B-Hooks-OP-Check <br> perl-B-Keywords <br> perl-B-Lint <br> perl-bareword-filehandles <br> perl-BDB <br> perl-Bit-Vector <br> perl-boolean <br> perl-Browser-Open <br> perl-BSD-Resource <br> perl-Business-ISBN <br> perl-Business-ISBN-Data <br> perl-Bytes-Random-Secure <br> perl-Capture-Tiny <br> perl-Carp-Clan <br> perl-CBOR-XS <br> perl-Class-Accessor <br> perl-Class-C3 <br> perl-Class-C3-XS <br> perl-Class-Data-Inheritable <br> perl-Class-Factory-Util <br> perl-Class-Inspector <br> perl-Class-ISA <br> perl-Class-Load <br> perl-Class-Load-XS <br> perl-Class-Method-Modifiers <br> perl-Class-Singleton <br> perl-Class-Tiny <br> perl-Class-XSAccessor <br> perl-Clone <br> perl-Color-ANSI-Util <br> perl-Color-RGB-Util <br> perl-ColorThemeBase-Static <br> perl-ColorThemeRole-ANSI <br> perl-ColorThemes-Standard <br> perl-ColorThemeUtil-ANSI <br> perl-Compress-Bzip2 <br> perl-Compress-LZF <br> perl-Compress-Raw-Lzma <br> perl-Config-AutoConf <br> perl-Config-INI <br> perl-Config-INI-Reader-Multiline <br> perl-Config-IniFiles <br> perl-Config-Simple <br> perl-Config-Tiny <br> perl-Const-Fast <br> perl-Convert-ASN1 <br> perl-Convert-Bencode <br> perl-Coro <br> perl-Coro-Multicore <br> perl-CPAN-Changes <br> perl-CPAN-DistnameInfo <br> perl-CPAN-Meta-Check <br> perl-Cpanel-JSON-XS <br> perl-Crypt-CBC <br> perl-Crypt-DES <br> perl-Crypt-IDEA <br> perl-Crypt-OpenSSL-Bignum <br> perl-Crypt-OpenSSL-Guess <br> perl-Crypt-OpenSSL-Random <br> perl-Crypt-OpenSSL-RSA <br> perl-Crypt-PasswdMD5 <br> perl-Crypt-Random-Seed <br> perl-CSS-Tiny <br> perl-Data-Dump <br> perl-Data-Munge <br> perl-Data-OptList <br> perl-Data-Peek <br> perl-Data-Section <br> perl-Data-UUID <br> perl-Date-Calc <br> perl-Date-ISO8601 <br> perl-Date-Manip <br> perl-DateTime <br> perl-DateTime-Format-Builder <br> perl-DateTime-Format-DateParse <br> perl-DateTime-Format-HTTP <br> perl-DateTime-Format-IBeat <br> perl-DateTime-Format-ISO8601 <br> perl-DateTime-Format-Mail <br> perl-DateTime-Format-Strptime <br> perl-DateTime-Locale <br> perl-DateTime-TimeZone <br> perl-DateTime-TimeZone-SystemV <br> perl-DateTime-TimeZone-Tzfile <br> perl-DBD-MySQL <br> perl-Devel-CallChecker <br> perl-Devel-Caller <br> perl-Devel-CheckBin <br> perl-Devel-CheckLib <br> perl-Devel-Cycle <br> perl-Devel-EnforceEncapsulation <br> perl-Devel-GlobalDestruction <br> perl-Devel-GlobalDestruction-XS <br> perl-Devel-Hide <br> perl-Devel-Leak <br> perl-Devel-LexAlias <br> perl-Devel-Size <br> perl-Devel-StackTrace <br> perl-Devel-Symdump <br> perl-Digest-BubbleBabble <br> perl-Digest-CRC <br> perl-Digest-HMAC <br> perl-Digest-SHA1 <br> perl-Dist-CheckConflicts <br> perl-DynaLoader-Functions <br> perl-Email-Address <br> perl-Email-Date-Format <br> perl-Encode-Detect <br> perl-Encode-EUCJPASCII <br> perl-Encode-IMAPUTF7 <br> perl-Encode-Locale <br> perl-Env-ShellWords <br> perl-Error <br> perl-EV <br> perl-Eval-Closure <br> perl-Event <br> perl-Exception-Class <br> perl-Expect <br> perl-ExtUtils-Config <br> perl-ExtUtils-Depends <br> perl-ExtUtils-Helpers <br> perl-ExtUtils-InstallPaths <br> perl-ExtUtils-PkgConfig <br> perl-FCGI <br> perl-Fedora-VSP <br> perl-FFI-CheckLib <br> perl-File-BaseDir <br> perl-File-BOM <br> perl-File-chdir <br> perl-File-CheckTree <br> perl-File-Copy-Recursive <br> perl-File-DesktopEntry <br> perl-File-Find-Object <br> perl-File-Find-Object-Rule <br> perl-File-Find-Rule <br> perl-File-Find-Rule-Perl <br> perl-File-Inplace <br> perl-File-Listing <br> perl-File-MimeInfo <br> perl-File-pushd <br> perl-File-ReadBackwards <br> perl-File-Remove <br> perl-File-ShareDir <br> perl-File-ShareDir-Install <br> perl-File-Slurp <br> perl-File-Slurp-Tiny <br> perl-File-Slurper <br> perl-File-Type <br> perl-Font-TTF <br> perl-FreezeThaw <br> perl-GD <br> perl-GD-Barcode <br> perl-generators <br> perl-Getopt-ArgvFile <br> perl-gettext <br> perl-Graphics-ColorNamesLite-WWW <br> perl-GSSAPI <br> perl-Guard <br> perl-Hook-LexWrap <br> perl-HTML-Parser <br> perl-HTML-Tagset <br> perl-HTML-Tree <br> perl-HTTP-Cookies <br> perl-HTTP-Daemon <br> perl-HTTP-Date <br> perl-HTTP-Message <br> perl-HTTP-Negotiate <br> perl-Image-Base <br> perl-Image-Info <br> perl-Image-Xbm <br> perl-Image-Xpm <br> perl-Import-Into <br> perl-Importer <br> perl-inc-latest <br> perl-indirect <br> perl-Inline-Files <br> perl-IO-AIO <br> perl-IO-All <br> perl-IO-CaptureOutput <br> perl-IO-Compress-Lzma <br> perl-IO-HTML <br> perl-IO-Multiplex <br> perl-IO-SessionData <br> perl-IO-Socket-INET6 <br> perl-IO-String <br> perl-IO-stringy <br> perl-IO-Tty <br> perl-IPC-Run <br> perl-IPC-Run3 <br> perl-IPC-System-Simple <br> perl-JSON <br> perl-JSON-Color <br> perl-JSON-MaybeXS <br> perl-LDAP <br> perl-libnet <br> perl-libwww-perl <br> perl-libxml-perl <br> perl-Lingua-EN-Inflect <br> perl-List-MoreUtils-XS <br> perl-local-lib <br> perl-Locale-Codes <br> perl-Locale-Maketext-Gettext <br> perl-Locale-Msgfmt <br> perl-Locale-PO <br> perl-Log-Message <br> perl-Log-Message-Simple <br> perl-LWP-MediaTypes <br> perl-LWP-Protocol-https <br> perl-Mail-AuthenticationResults <br> perl-Mail-DKIM <br> perl-Mail-IMAPTalk <br> perl-Mail-SPF <br> perl-MailTools <br> perl-Math-Int64 <br> perl-Math-Random-ISAAC <br> perl-MIME-Charset <br> perl-MIME-Lite <br> perl-MIME-Types <br> perl-Mixin-Linewise <br> perl-MLDBM <br> perl-Mock-Config <br> perl-Module-Build-Tiny <br> perl-Module-CPANfile <br> perl-Module-Implementation <br> perl-Module-Install-AuthorRequires <br> perl-Module-Install-AuthorTests <br> perl-Module-Install-AutoLicense <br> perl-Module-Install-GithubMeta <br> perl-Module-Install-ManifestSkip <br> perl-Module-Install-ReadmeFromPod <br> perl-Module-Install-ReadmeMarkdownFromPod <br> perl-Module-Install-Repository <br> perl-Module-Install-TestBase <br> perl-Module-Load-Util <br> perl-Module-Manifest <br> perl-Module-Manifest-Skip <br> perl-Module-Package <br> perl-Module-Package-Au <br> perl-Module-Pluggable <br> perl-Module-Runtime <br> perl-Module-Signature <br> perl-Mojolicious <br> perl-Moo <br> perl-Mozilla-CA <br> perl-Mozilla-LDAP <br> perl-MRO-Compat <br> perl-multidimensional <br> perl-namespace-autoclean <br> perl-namespace-clean <br> perl-Net-CIDR-Lite <br> perl-Net-Daemon <br> perl-Net-DNS <br> perl-Net-DNS-Resolver-Mock <br> perl-Net-DNS-Resolver-Programmable <br> perl-Net-HTTP <br> perl-Net-IMAP-Simple <br> perl-Net-IMAP-Simple-SSL <br> perl-Net-IP <br> perl-Net-LibIDN2 <br> perl-Net-Patricia <br> perl-Net-SMTP-SSL <br> perl-Net-SNMP <br> perl-Net-Telnet <br> perl-Newt <br> perl-NNTPClient <br> perl-NTLM <br> perl-Number-Compare <br> perl-Object-Deadly <br> perl-Object-HashBase <br> perl-Package-Anon <br> perl-Package-Constants <br> perl-Package-DeprecationManager <br> perl-Package-Generator <br> perl-Package-Stash <br> perl-Package-Stash-XS <br> perl-PadWalker <br> perl-Paper-Specs <br> perl-PAR-Dist <br> perl-Parallel-Iterator <br> perl-Params-Classify <br> perl-Params-Util <br> perl-Params-Validate <br> perl-Params-ValidationCompiler <br> perl-Parse-PMFile <br> perl-Parse-RecDescent <br> perl-Parse-Yapp <br> perl-Path-Tiny <br> perl-Perl-Critic <br> perl-Perl-Critic-More <br> perl-Perl-Destruct-Level <br> perl-Perl-MinimumVersion <br> perl-Perl4-CoreLibs <br> perl-PerlIO-gzip <br> perl-PerlIO-utf8_strict <br> perl-PkgConfig-LibPkgConf <br> perl-Pod-Coverage <br> perl-Pod-Coverage-TrustPod <br> perl-Pod-Escapes <br> perl-Pod-Eventual <br> perl-Pod-LaTeX <br> perl-Pod-Markdown <br> perl-Pod-Parser <br> perl-Pod-Plainer <br> perl-Pod-POM <br> perl-Pod-Spell <br> perl-PPI <br> perl-PPI-HTML <br> perl-PPIx-QuoteLike <br> perl-PPIx-Regexp <br> perl-PPIx-Utilities <br> perl-prefork <br> perl-Probe-Perl <br> perl-Razor-Agent <br> perl-Readonly <br> perl-Readonly-XS <br> perl-Ref-Util <br> perl-Ref-Util-XS <br> perl-Regexp-Pattern-Perl <br> perl-Return-MultiLevel <br> perl-Role-Tiny <br> perl-Scope-Guard <br> perl-Scope-Upper <br> perl-SGMLSpm <br> perl-SNMP_Session <br> perl-Socket6 <br> perl-Software-License <br> perl-Sort-Versions <br> perl-Specio <br> perl-Spiffy <br> perl-strictures <br> perl-String-CRC32 <br> perl-String-Format <br> perl-String-ShellQuote <br> perl-String-Similarity <br> perl-Sub-Exporter <br> perl-Sub-Exporter-Progressive <br> perl-Sub-Identify <br> perl-Sub-Info <br> perl-Sub-Install <br> perl-Sub-Name <br> perl-Sub-Quote <br> perl-Sub-Uplevel <br> perl-SUPER <br> perl-Switch <br> perl-Syntax-Highlight-Engine-Kate <br> perl-Sys-CPU <br> perl-Sys-MemInfo <br> perl-Sys-Virt <br> perl-Taint-Runtime <br> perl-Task-Weaken <br> perl-Term-Size-Any <br> perl-Term-Size-Perl <br> perl-Term-Table <br> perl-Term-UI <br> perl-TermReadKey <br> perl-Test-Base <br> perl-Test-ClassAPI <br> perl-Test-CPAN-Meta <br> perl-Test-CPAN-Meta-JSON <br> perl-Test-Deep <br> perl-Test-Differences <br> perl-Test-DistManifest <br> perl-Test-Distribution <br> perl-Test-EOL <br> perl-Test-Exception <br> perl-Test-Exit <br> perl-Test-FailWarnings <br> perl-Test-Fatal <br> perl-Test-File <br> perl-Test-File-ShareDir <br> perl-Test-Harness <br> perl-Test-HasVersion <br> perl-Test-InDistDir <br> perl-Test-Inter <br> perl-Test-LeakTrace <br> perl-Test-LongString <br> perl-Test-Manifest <br> perl-Test-Memory-Cycle <br> perl-Test-MinimumVersion <br> perl-Test-MockObject <br> perl-Test-MockRandom <br> perl-Test-Needs <br> perl-Test-NoTabs <br> perl-Test-NoWarnings <br> perl-Test-Object <br> perl-Test-Output <br> perl-Test-Pod <br> perl-Test-Pod-Coverage <br> perl-Test-Portability-Files <br> perl-Test-Requires <br> perl-Test-RequiresInternet <br> perl-Test-Script <br> perl-Test-Simple <br> perl-Test-SubCalls <br> perl-Test-Synopsis <br> perl-Test-Taint <br> perl-Test-TrailingSpace <br> perl-Test-utf8 <br> perl-Test-Vars <br> perl-Test-Warn <br> perl-Test-Without-Module <br> perl-Test2-Plugin-NoWarnings <br> perl-Test2-Suite <br> perl-Test2-Tools-Explain <br> perl-Text-CharWidth <br> perl-Text-CSV_XS <br> perl-Text-Diff <br> perl-Text-Glob <br> perl-Text-Iconv <br> perl-Text-Soundex <br> perl-Text-Unidecode <br> perl-Text-WrapI18N <br> perl-Tie-IxHash <br> perl-TimeDate <br> perl-Tree-DAG_Node <br> perl-Unicode-EastAsianWidth <br> perl-Unicode-LineBreak <br> perl-Unicode-Map8 <br> perl-Unicode-String <br> perl-Unicode-UTF8 <br> perl-UNIVERSAL-can <br> perl-UNIVERSAL-isa <br> perl-Unix-Syslog <br> perl-URI <br> perl-Variable-Magic <br> perl-Version-Requirements <br> perl-WWW-RobotRules <br> perl-XML-Catalog <br> perl-XML-DOM <br> perl-XML-Dumper <br> perl-XML-Filter-BufferText <br> perl-XML-Generator <br> perl-XML-Grove <br> perl-XML-Handler-YAWriter <br> perl-XML-LibXML <br> perl-XML-LibXSLT <br> perl-XML-NamespaceSupport <br> perl-XML-Parser-Lite <br> perl-XML-RegExp <br> perl-XML-SAX <br> perl-XML-SAX-Base <br> perl-XML-SAX-Writer <br> perl-XML-Simple <br> perl-XML-TokeParser <br> perl-XML-TreeBuilder <br> perl-XML-Twig <br> perl-XML-Writer <br> perl-XML-XPath <br> perl-XML-XPathEngine <br> perl-XString <br> perl-YAML-LibYAML <br> perl-YAML-PP <br> perl-YAML-Syck <br> perltidy <br> pesign <br> phodav <br> php <br> php-pear <br> php-pecl-zip <br> physfs <br> picosat <br> pinfo <br> pipewire <br> pixman <br> pkcs11-helper <br> pkgconf <br> plexus-cipher <br> plexus-containers <br> plexus-sec-dispatcher <br> plotutils <br> pmdk-convert <br> pmix <br> pngcrush <br> pngnq <br> po4a <br> podman <br> poetry <br> policycoreutils <br> polkit-pkla-compat <br> polkit-qt-1 <br> portreserve <br> postfix <br> potrace <br> powertop <br> ppp <br> pps-tools <br> pptp <br> priv_wrapper <br> procmail <br> prometheus <br> prometheus-node-exporter <br> ps_mem <br> psacct <br> psutils <br> ptlib <br> publicsuffix-list <br> pugixml <br> pulseaudio <br> puppet <br> pwgen <br> pyatspi <br> pybind11 <br> pycairo <br> pyelftools <br> pyflakes <br> pygobject3 <br> PyGreSQL <br> pykickstart <br> pylint <br> pyparted <br> pyproject-rpm-macros <br> pyserial <br> python-absl-py <br> python-aiodns <br> python-aiohttp <br> python-alsa <br> python-argcomplete <br> python-astroid <br> python-astunparse <br> python-async-generator <br> python-augeas <br> python-azure-sdk <br> python-beautifulsoup4 <br> python-betamax <br> python-blinker <br> python-blivet <br> python-cached_property <br> python-charset-normalizer <br> python-cheetah <br> python-click <br> python-cmd2 <br> python-colorama <br> python-CommonMark <br> python-conda-package-handling <br> python-configshell <br> python-cpuinfo <br> python-cups <br> python-curio <br> python-cytoolz <br> python-d2to1 <br> python-dbus-client-gen <br> python-dbus-python-client-gen <br> python-dbus-signature-pyparsing <br> python-dbusmock <br> python-ddt <br> python-debtcollector <br> python-decorator <br> python-distlib <br> python-dmidecode <br> python-dns <br> python-dtopt <br> python-dulwich <br> python-editables <br> python-enchant <br> python-entrypoints <br> python-ethtool <br> python-evdev <br> python-extras <br> python-faker <br> python-fasteners <br> python-fastjsonschema <br> python-fields <br> python-filelock <br> python-fixtures <br> python-flake8 <br> python-flask <br> python-flit <br> python-flit-core <br> python-fluidity-sm <br> python-frozendict <br> python-funcsigs <br> python-gast <br> python-genshi <br> python-google-auth <br> python-google-auth-oauthlib <br> python-greenlet <br> python-gssapi <br> python-h5py <br> python-hatch-fancy-pypi-readme <br> python-hatch-vcs <br> python-hatchling <br> python-hs-dbus-signature <br> python-html5lib <br> python-httplib2 <br> python-humanize <br> python-hwdata <br> python-importlib-metadata <br> python-inotify <br> python-into-dbus-python <br> python-IPy <br> python-iso8601 <br> python-isodate <br> python-isort <br> python-itsdangerous <br> python-justbases <br> python-justbytes <br> python-jwcrypto <br> python-jwt <br> python-kdcproxy <br> python-kerberos <br> python-kmod <br> python-kubernetes <br> python-lark <br> python-lazy-object-proxy <br> python-ldap <br> python-linux-procfs <br> python-lit <br> python-looseversion <br> python-markdown <br> python-markdown-it-py <br> python-mccabe <br> python-mdurl <br> python-memcached <br> python-mimeparse <br> python-mock <br> python-monotonic <br> python-more-itertools <br> python-mpmath <br> python-msal <br> python-msrestazure <br> python-mutagen <br> python-networkx <br> python-nose2 <br> python-ntlm-auth <br> python-oauth2client <br> python-openpyxl <br> python-openstackdocstheme <br> python-oslo-i18n <br> python-oslo-sphinx <br> python-paramiko <br> python-pathspec <br> python-pefile <br> python-pexpect <br> python-pkgconfig <br> python-platformdirs <br> python-pluggy <br> python-podman-api <br> python-poetry-core <br> python-process-tests <br> python-productmd <br> python-ptyprocess <br> python-pycares <br> python-pycosat <br> python-pydbus <br> python-pymongo <br> python-PyMySQL <br> python-pyperclip <br> python-pyroute2 <br> python-pyrsistent <br> python-pysocks <br> python-pytest-benchmark <br> python-pytest-cov <br> python-pytest-expect <br> python-pytest-flake8 <br> python-pytest-flakes <br> python-pytest-forked <br> python-pytest-mock <br> python-pytest-relaxed <br> python-pytest-runner <br> python-pytest-subtests <br> python-pytest-timeout <br> python-pytest-xdist <br> python-pytoml <br> python-pyudev <br> python-pywbem <br> python-qrcode <br> python-rdflib <br> python-recommonmark <br> python-requests-file <br> python-requests-ftp <br> python-requests-kerberos <br> python-requests-mock <br> python-requests-oauthlib <br> python-requests-toolbelt <br> python-requests_ntlm <br> python-responses <br> python-retrying <br> python-rfc3986 <br> python-rich <br> python-rpm-generators <br> python-rpmfluff <br> python-rtslib <br> python-ruamel-yaml <br> python-ruamel-yaml-clib <br> python-s3transfer <br> python-schedutils <br> python-semantic_version <br> python-should_dsl <br> python-simpleline <br> python-slip <br> python-sniffio <br> python-sortedcontainers <br> python-soupsieve <br> python-sphinx <br> python-sphinx-epytext <br> python-sphinx-theme-py3doc-enhanced <br> python-sphinx_rtd_theme <br> python-sphinxcontrib-apidoc <br> python-sphinxcontrib-applehelp <br> python-sphinxcontrib-devhelp <br> python-sphinxcontrib-htmlhelp <br> python-sphinxcontrib-httpdomain <br> python-sphinxcontrib-jsmath <br> python-sphinxcontrib-qthelp <br> python-sphinxcontrib-serializinghtml <br> python-sqlalchemy <br> python-suds <br> python-systemd <br> python-tempita <br> python-templated-dictionary <br> python-termcolor <br> python-testpath <br> python-testresources <br> python-testscenarios <br> python-testtools <br> python-tidy <br> python-toml <br> python-tomli <br> python-toolz <br> python-tornado <br> python-tox <br> python-tox-current-env <br> python-tqdm <br> python-trio <br> python-trove-classifiers <br> python-typing-extensions <br> python-uamqp <br> python-unittest2 <br> python-uritemplate <br> python-urwid <br> python-varlink <br> python-virt-firmware <br> python-voluptuous <br> python-waitress <br> python-webencodings <br> python-webtest <br> python-wheel <br> python-whoosh <br> python-winrm <br> python-wrapt <br> python-xmltodict <br> python-yubico <br> python-zipp <br> python-zmq <br> python-zstd <br> python3-mallard-ducktype <br> python3-pytest-asyncio <br> python3-typed_ast <br> pyusb <br> pywbem <br> pyxattr <br> qemu <br> qhull <br> qpdf <br> qperf <br> qr-code-generator <br> qt-rpm-macros <br> qt5-qtconnectivity <br> qt5-qtsensors <br> qt5-qtserialport <br> qtbase <br> qtdeclarative <br> qtsvg <br> qttools <br> quagga <br> quota <br> radvd <br> ragel <br> raptor2 <br> rarian <br> rasdaemon <br> rasqal <br> rcs <br> rdist <br> rdma-core <br> re2 <br> re2c <br> realmd <br> rear <br> recode <br> redland <br> resource-agents <br> rest <br> rhash <br> rlwrap <br> rp-pppoe <br> rpm-mpi-hooks <br> rpmdevtools <br> rpmlint <br> rtkit <br> rtl-sdr <br> ruby-augeas <br> rubygem-bson <br> rubygem-coderay <br> rubygem-diff-lcs <br> rubygem-flexmock <br> rubygem-hpricot <br> rubygem-introspection <br> rubygem-liquid <br> rubygem-maruku <br> rubygem-metaclass <br> rubygem-mongo <br> rubygem-mustache <br> rubygem-mysql2 <br> rubygem-pkg-config <br> rubygem-rake <br> rubygem-rake-compiler <br> rubygem-ronn <br> rubygem-rouge <br> rubygem-rspec <br> rubygem-rspec-expectations <br> rubygem-rspec-mocks <br> rubygem-rspec-support <br> rubygem-thread_order <br> rusers <br> rust-cbindgen <br> samba <br> sanlock <br> sassist <br> satyr <br> sbc <br> sblim-cim-client2 <br> sblim-cmpi-base <br> sblim-cmpi-devel <br> sblim-cmpi-fsvol <br> sblim-cmpi-network <br> sblim-cmpi-nfsv3 <br> sblim-cmpi-nfsv4 <br> sblim-cmpi-params <br> sblim-cmpi-sysfs <br> sblim-cmpi-syslog <br> sblim-indication_helper <br> sblim-sfcb <br> sblim-sfcc <br> sblim-sfcCommon <br> sblim-testsuite <br> sblim-wbemcli <br> scl-utils <br> scotch <br> screen <br> scrub <br> SDL <br> SDL2 <br> SDL_sound <br> sdparm <br> seabios <br> secilc <br> selinux-policy <br> sendmail <br> serd <br> setools <br> setserial <br> setuptool <br> sgabios <br> sgml-common <br> sgpio <br> shared-mime-info <br> sharutils <br> sip <br> sisu <br> skkdic <br> sleuthkit <br> slirp4netns <br> smartmontools <br> smc-tools <br> socket_wrapper <br> softhsm <br> sombok <br> sord <br> sos <br> sound-theme-freedesktop <br> soundtouch <br> sox <br> soxr <br> sparsehash <br> spausedd <br> speex <br> speexdsp <br> spice-protocol <br> spice-vdagent <br> spirv-headers <br> spirv-tools <br> splix <br> squashfs-tools <br> squid <br> sratom <br> sscg <br> star <br> startup-notification <br> stunnel <br> subscription-manager <br> suitesparse <br> SuperLU <br> supermin <br> switcheroo-control <br> swtpm <br> symlinks <br> sympy <br> sysfsutils <br> systemd <br> systemd-bootchart <br> t1lib <br> t1utils <br> taglib <br> tang <br> targetcli <br> tbb <br> tcl-pgtcl <br> tclx <br> teckit <br> telnet <br> thrift <br> tidy <br> time <br> tini <br> tinycdb <br> tix <br> tk <br> tlog <br> tmpwatch <br> tn5250 <br> tofrodos <br> tokyocabinet <br> trace-cmd <br> tss2 <br> ttembed <br> ttmkfdir <br> tuna <br> twolame <br> uchardet <br> uclibc-ng <br> ucpp <br> ucs-miscfixed-fonts <br> ucx <br> udftools <br> udica <br> udisks2 <br> uglify-js <br> uid_wrapper <br> unicode-emoji <br> unicode-ucd <br> unique3 <br> units <br> upower <br> uriparser <br> urlview <br> usb_modeswitch <br> usb_modeswitch-data <br> usbguard <br> usbip <br> usbmuxd <br> usbredir <br> usermode <br> ustr <br> uthash <br> uuid <br> uw-imap <br> v4l-utils <br> vhostmd <br> vino <br> virglrenderer <br> virt-p2v <br> virt-top <br> virt-what <br> virt-who <br> vitess <br> vmem <br> volume_key <br> vorbis-tools <br> vte291 <br> vulkan-headers <br> vulkan-loader <br> watchdog <br> wavpack <br> wayland <br> wayland-protocols <br> web-assets <br> webrtc-audio-processing <br> websocketpp <br> wget <br> whois <br> wireguard-tools <br> wireless-regdb <br> wireshark <br> woff2 <br> wordnet <br> words <br> wpebackend-fdo <br> wsmancli <br> wvdial <br> x3270 <br> xapian-core <br> Xaw3d <br> xcb-proto <br> xcb-util <br> xcb-util-image <br> xcb-util-keysyms <br> xcb-util-renderutil <br> xcb-util-wm <br> xdelta <br> xdg-dbus-proxy <br> xdg-utils <br> xdp-tools <br> xerces-c <br> xfconf <br> xfsdump <br> xhtml1-dtds <br> xkeyboard-config <br> xmlstarlet <br> xmltoman <br> xmvn <br> xorg-x11-apps <br> xorg-x11-drv-libinput <br> xorg-x11-font-utils <br> xorg-x11-fonts <br> xorg-x11-proto-devel <br> xorg-x11-server <br> xorg-x11-server-utils <br> xorg-x11-util-macros <br> xorg-x11-utils <br> xorg-x11-xauth <br> xorg-x11-xbitmaps <br> xorg-x11-xinit <br> xorg-x11-xkb-utils <br> xorg-x11-xtrans-devel <br> xrestop <br> xterm <br> xxhash <br> yajl <br> yaml-cpp <br> yasm <br> yelp-tools <br> yelp-xsl <br> ykclient <br> yp-tools <br> ypbind <br> ypserv <br> z3 <br> zenity <br> zerofree <br> zfs-fuse <br> zipper <br> zopfli <br> zziplib |
+| Fedora | [Fedora MIT License Declaration](https://fedoraproject.org/wiki/Licensing:Main?rd=Licensing#License_of_Fedora_SPEC_Files) | a52dec <br> abseil-cpp <br> accountsservice <br> acpica-tools <br> acpid <br> adcli <br> adobe-mappings-cmap <br> adobe-mappings-pdf <br> advancecomp <br> adwaita-icon-theme <br> afflib <br> aide <br> alsa-firmware <br> alsa-plugins <br> amtk <br> amtterm <br> annobin <br> ansible-freeipa <br> archivemount <br> argparse-manpage <br> arptables <br> arpwatch <br> asio <br> aspell <br> aspell-en <br> at <br> at-spi2-atk <br> at-spi2-core <br> atf <br> atk <br> atop <br> attr <br> audiofile <br> augeas <br> authbind <br> authd <br> authselect <br> autoconf213 <br> avahi <br> babeltrace <br> babeltrace2 <br> babl <br> baekmuk-ttf-fonts <br> bats <br> bcache-tools <br> biosdevname <br> blosc <br> bluez <br> bmake <br> bogofilter <br> bolt <br> boom-boot <br> booth <br> botan2 <br> breezy <br> brotli <br> buildah <br> busybox <br> bwidget <br> byacc <br> ca-certificates <br> cachefilesd <br> cairomm <br> calamares <br> capstone <br> catatonit <br> catch <br> catch1 <br> cdrdao <br> celt051 <br> cereal <br> certmonger <br> cfitsio <br> cgdcbxd <br> chan <br> CharLS <br> checkpolicy <br> checksec <br> chrony <br> cim-schema <br> cjkuni-uming-fonts <br> cjose <br> ck <br> cldr-emoji-annotation <br> clucene <br> clutter <br> clutter-gst3 <br> clutter-gtk <br> cmocka <br> cogl <br> collectd <br> colm <br> color-filesystem <br> colord <br> colorize <br> compat-lua <br> compiler-rt <br> conda <br> conmon <br> conntrack-tools <br> console-setup <br> container-exception-logger <br> containernetworking-plugins <br> convmv <br> corosync <br> corosync-qdevice <br> cpp-hocon <br> cppcheck <br> cpprest <br> cpptest <br> cpuid <br> criu <br> crypto-policies <br> cryptsetup <br> cscope <br> ctags <br> CUnit <br> cups <br> custodia <br> Cython <br> dbus-c++ <br> dbus-python <br> dbxtool <br> dconf <br> dcraw <br> debootstrap <br> deltarpm <br> desktop-file-utils <br> device-mapper-persistent-data <br> dietlibc <br> diffstat <br> ding-libs <br> discount <br> distribution-gpg-keys <br> dleyna-connector-dbus <br> dleyna-core <br> dmraid <br> dnf <br> dnf-plugins-core <br> docbook-dtds <br> docbook-simple <br> docbook-slides <br> docbook-style-dsssl <br> docbook-utils <br> docbook2X <br> docbook5-schemas <br> docbook5-style-xsl <br> dogtail <br> dos2unix <br> dotconf <br> dovecot <br> dpdk <br> dpkg <br> driverctl <br> dropwatch <br> drpm <br> duktape <br> dumpet <br> dvd+rw-tools <br> dwarves <br> dwz <br> dyninst <br> ebtables <br> edac-utils <br> edk2 <br> efax <br> efi-rpm-macros <br> egl-wayland <br> eglexternalplatform <br> elinks <br> enca <br> enchant <br> enchant2 <br> enscript <br> environment-modules <br> evemu <br> execstack <br> exempi <br> exiv2 <br> extra-cmake-modules <br> fabtests <br> facter <br> fakechroot <br> fakeroot <br> fapolicyd <br> fdk-aac-free <br> fdupes <br> fence-virt <br> fetchmail <br> fftw <br> filebench <br> fio <br> fipscheck <br> firewalld <br> flac <br> flatbuffers <br> flite <br> fltk <br> fmt <br> fontawesome-fonts <br> fontawesome4-fonts <br> fontpackages <br> fonts-rpm-macros <br> foomatic-db <br> freeglut <br> freeipmi <br> freeradius <br> freetds <br> freexl <br> fribidi <br> fros <br> frr <br> fsverity-utils <br> fuse-overlayfs <br> fuse-sshfs <br> fuse-zip <br> fuse3 <br> future <br> fxload <br> gavl <br> gbenchmark <br> gconf-editor <br> GConf2 <br> gcovr <br> gcr <br> gdal <br> gdisk <br> gdk-pixbuf2 <br> generic-logos <br> genwqe-tools <br> geoclue2 <br> GeoIP <br> GeoIP-GeoLite-data <br> geolite2 <br> geos <br> gfs2-utils <br> ghc-srpm-macros <br> giflib <br> gl-manpages <br> glew <br> glm <br> glog <br> glslang <br> glusterfs <br> gnome-desktop-testing <br> gnome-doc-utils <br> gnome-icon-theme <br> gnome-keyring <br> gnu-efi <br> go-rpm-macros <br> gom <br> google-api-python-client <br> google-crosextra-caladea-fonts <br> google-crosextra-carlito-fonts <br> google-guice <br> google-noto-cjk-fonts <br> google-noto-emoji-fonts <br> google-roboto-slab-fonts <br> gphoto2 <br> gpm <br> gpsbabel <br> graphene <br> graphite2 <br> graphviz <br> grubby <br> gsettings-desktop-schemas <br> gsl <br> gsm <br> gspell <br> gssdp <br> gssntlmssp <br> gstreamer1 <br> gstreamer1-plugins-base <br> gtk-vnc <br> gtk2 <br> gtk3 <br> gtkspell <br> gupnp <br> gupnp-av <br> gupnp-dlna <br> gupnp-igd <br> hardening-check <br> hdf <br> hdf5 <br> heimdal <br> help2man <br> hexedit <br> hicolor-icon-theme <br> hiera <br> highlight <br> hivex <br> hostname <br> hping3 <br> hsakmt <br> htop <br> hunspell <br> hunspell-af <br> hunspell-ar <br> hunspell-as <br> hunspell-ast <br> hunspell-az <br> hunspell-be <br> hunspell-bg <br> hunspell-bn <br> hunspell-br <br> hunspell-ca <br> hunspell-cop <br> hunspell-csb <br> hunspell-cv <br> hunspell-cy <br> hunspell-da <br> hunspell-de <br> hunspell-dsb <br> hunspell-el <br> hunspell-en <br> hunspell-eo <br> hunspell-es <br> hunspell-et <br> hunspell-eu <br> hunspell-fa <br> hunspell-fj <br> hunspell-fo <br> hunspell-fr <br> hunspell-fur <br> hunspell-fy <br> hunspell-ga <br> hunspell-gd <br> hunspell-gl <br> hunspell-grc <br> hunspell-gu <br> hunspell-gv <br> hunspell-haw <br> hunspell-hi <br> hunspell-hil <br> hunspell-hr <br> hunspell-hsb <br> hunspell-ht <br> hunspell-hu <br> hunspell-hy <br> hunspell-ia <br> hunspell-id <br> hunspell-is <br> hunspell-it <br> hunspell-kk <br> hunspell-km <br> hunspell-kn <br> hunspell-ko <br> hunspell-ku <br> hunspell-ky <br> hunspell-la <br> hunspell-lb <br> hunspell-ln <br> hunspell-mai <br> hunspell-mg <br> hunspell-mi <br> hunspell-mk <br> hunspell-ml <br> hunspell-mn <br> hunspell-mos <br> hunspell-mr <br> hunspell-ms <br> hunspell-mt <br> hunspell-nds <br> hunspell-ne <br> hunspell-nl <br> hunspell-no <br> hunspell-nr <br> hunspell-nso <br> hunspell-ny <br> hunspell-om <br> hunspell-or <br> hunspell-pa <br> hunspell-pl <br> hunspell-pt <br> hunspell-quh <br> hunspell-ro <br> hunspell-ru <br> hunspell-rw <br> hunspell-se <br> hunspell-shs <br> hunspell-si <br> hunspell-sk <br> hunspell-sl <br> hunspell-smj <br> hunspell-so <br> hunspell-sq <br> hunspell-sr <br> hunspell-sv <br> hunspell-sw <br> hunspell-ta <br> hunspell-te <br> hunspell-tet <br> hunspell-th <br> hunspell-tk <br> hunspell-tl <br> hunspell-tn <br> hunspell-tpi <br> hunspell-ts <br> hunspell-uk <br> hunspell-uz <br> hunspell-ve <br> hunspell-vi <br> hunspell-wa <br> hunspell-xh <br> hunspell-yi <br> hwdata <br> hwloc <br> hyperscan <br> hyperv-daemons <br> hyphen <br> hyphen-as <br> hyphen-bg <br> hyphen-bn <br> hyphen-ca <br> hyphen-da <br> hyphen-de <br> hyphen-el <br> hyphen-es <br> hyphen-fa <br> hyphen-fo <br> hyphen-fr <br> hyphen-ga <br> hyphen-gl <br> hyphen-grc <br> hyphen-gu <br> hyphen-hi <br> hyphen-hsb <br> hyphen-hu <br> hyphen-ia <br> hyphen-id <br> hyphen-is <br> hyphen-it <br> hyphen-kn <br> hyphen-ku <br> hyphen-lt <br> hyphen-mi <br> hyphen-ml <br> hyphen-mn <br> hyphen-mr <br> hyphen-nl <br> hyphen-or <br> hyphen-pa <br> hyphen-pl <br> hyphen-pt <br> hyphen-ro <br> hyphen-ru <br> hyphen-sa <br> hyphen-sk <br> hyphen-sl <br> hyphen-sv <br> hyphen-ta <br> hyphen-te <br> hyphen-tk <br> hyphen-uk <br> ibus <br> ibus-chewing <br> ibus-hangul <br> ibus-kkc <br> ibus-libzhuyin <br> ibus-m17n <br> ibus-rawcode <br> ibus-sayura <br> ibus-table <br> ibus-table-chinese <br> icc-profiles-openicc <br> icon-naming-utils <br> icoutils <br> iftop <br> iio-sensor-proxy <br> ilmbase <br> im-chooser <br> imaptest <br> imsettings <br> indent <br> infinipath-psm <br> inih <br> iniparser <br> intel-cmt-cat <br> intel-ipsec-mb <br> ioping <br> IP2Location <br> ipa-pgothic-fonts <br> ipcalc <br> ipmitool <br> iprutils <br> iptraf-ng <br> iptstate <br> irssi <br> iscsi-initiator-utils <br> isns-utils <br> iso-codes <br> isomd5sum <br> iw <br> iwd <br> jabberpy <br> jakarta-servlet <br> jasper <br> javapackages-bootstrap <br> javapackages-tools <br> jbigkit <br> jdom2 <br> jemalloc <br> jfsutils <br> jimtcl <br> jose <br> js-jquery <br> jsoncpp <br> Judy <br> jurand <br> kata-containers <br> kde-filesystem <br> kde-settings <br> kexec-tools <br> keybinder3 <br> keycloak-httpd-client-install <br> kf <br> kf-kconfig <br> kf-kcoreaddons <br> kf-ki18n <br> kf-kwidgetsaddons <br> kpmcore <br> kronosnet <br> ksh <br> kyotocabinet <br> kyua <br> ladspa <br> lame <br> langtable <br> lapack <br> lasso <br> latencytop <br> lato-fonts <br> lcms2 <br> lcov <br> ldns <br> leatherman <br> ledmon <br> lensfun <br> leveldb <br> lftp <br> libabw <br> libaec <br> libao <br> libappstream-glib <br> libarrow <br> libart_lgpl <br> libasyncns <br> libatasmart <br> libavc1394 <br> libblockdev <br> libbpf <br> libbsd <br> libburn <br> libbytesize <br> libcacard <br> libcanberra <br> libcdio <br> libcdio-paranoia <br> libcdr <br> libcgroup <br> libchewing <br> libcli <br> libcmis <br> libcmpiutil <br> libcomps <br> libcroco <br> libdaemon <br> libdap <br> libdatrie <br> libdazzle <br> libdbi <br> libdbi-drivers <br> libdbusmenu <br> libdc1394 <br> libdeflate <br> libdmx <br> libdnf <br> libdrm <br> libdvdnav <br> libdvdread <br> libdwarf <br> libeasyfc <br> libecap <br> libecb <br> libell <br> libEMF <br> libeot <br> libepoxy <br> libepubgen <br> libesmtp <br> libetonyek <br> libev <br> libevdev <br> libexif <br> libexttextcat <br> libfabric <br> libfontenc <br> libfreehand <br> libftdi <br> libgadu <br> libgdither <br> libgee <br> libgee06 <br> libgeotiff <br> libgexiv2 <br> libgit2 <br> libgit2-glib <br> libglade2 <br> libglvnd <br> libgovirt <br> libgphoto2 <br> libgsf <br> libgta <br> libguestfs <br> libgusb <br> libgxim <br> libgxps <br> libhangul <br> libhugetlbfs <br> libibcommon <br> libical <br> libICE <br> libicns <br> libid3tag <br> libIDL <br> libidn2 <br> libiec61883 <br> libieee1284 <br> libimobiledevice <br> libindicator <br> libinput <br> libiodbc <br> libipt <br> libiptcdata <br> libiscsi <br> libisoburn <br> libisofs <br> libjcat <br> libkcapi <br> libkeepalive <br> libkkc <br> libkkc-data <br> libkml <br> liblangtag <br> libldb <br> libldm <br> liblerc <br> liblockfile <br> liblognorm <br> liblouis <br> liblqr-1 <br> liblzf <br> libmad <br> libmediaart <br> libmicrohttpd <br> libmikmod <br> libmodman <br> libmodplug <br> libmodulemd1 <br> libmpcdec <br> libmspub <br> libmtp <br> libmusicbrainz5 <br> libmwaw <br> libnbd <br> libnet <br> libnetfilter_log <br> libnfs <br> libnotify <br> libntlm <br> libnumbertext <br> libnvme <br> liboauth <br> libodfgen <br> libofa <br> libogg <br> liboggz <br> liboil <br> libomxil-bellagio <br> libopenraw <br> liboping <br> libosinfo <br> libotf <br> libotr <br> libpagemaker <br> libpaper <br> libpciaccess <br> libpeas <br> libpfm <br> libpinyin <br> libplist <br> libpmemobj-cpp <br> libpng12 <br> libpng15 <br> libproxy <br> libpsm2 <br> libpwquality <br> libqb <br> libqxp <br> libraqm <br> LibRaw <br> libraw1394 <br> libreport <br> libreswan <br> librevenge <br> librsvg2 <br> librx <br> libsamplerate <br> libsass <br> libsecret <br> libsemanage <br> libsigc++20 <br> libsigsegv <br> libslirp <br> libSM <br> libsmbios <br> libsmi <br> libsndfile <br> libsodium <br> libspiro <br> libsrtp <br> libssh <br> libstaroffice <br> libstemmer <br> libstoragemgmt <br> libtdb <br> libteam <br> libtevent <br> libthai <br> libtnc <br> libtomcrypt <br> libtommath <br> libtpms <br> libtracecmd <br> libtraceevent <br> libtracefs <br> libtranslit <br> libucil <br> libunicap <br> libuninameslist <br> liburing <br> libusbmuxd <br> libuser <br> libutempter <br> libvarlink <br> libverto <br> libvirt-dbus <br> libvirt-glib <br> libvirt-java <br> libvirt-python <br> libvisio <br> libvisual <br> libvoikko <br> libvorbis <br> libvpx <br> libwacom <br> libwnck3 <br> libwpd <br> libwpe <br> libwpg <br> libwps <br> libwvstreams <br> libX11 <br> libXau <br> libXaw <br> libxcb <br> libXcomposite <br> libxcrypt <br> libXcursor <br> libXdamage <br> libXdmcp <br> libXext <br> libxfce4util <br> libXfixes <br> libXfont2 <br> libXft <br> libXi <br> libXinerama <br> libxkbcommon <br> libxkbfile <br> libxklavier <br> libxmlb <br> libXmu <br> libXpm <br> libXrandr <br> libXrender <br> libXres <br> libXScrnSaver <br> libxshmfence <br> libXt <br> libXtst <br> libXv <br> libXxf86vm <br> libyami <br> libyang <br> libyubikey <br> libzip <br> libzmf <br> lilv <br> linuxconsoletools <br> linuxptp <br> lksctp-tools <br> lldpd <br> lockdev <br> logwatch <br> lpsolve <br> lrzsz <br> lua <br> lua-expat <br> lua-filesystem <br> lua-json <br> lua-lpeg <br> lua-lunit <br> lua-rpm-macros <br> lua-term <br> luajit <br> lujavrite <br> luksmeta <br> lutok <br> lv2 <br> lzip <br> lzop <br> m17n-db <br> m17n-lib <br> mac-robber <br> mailcap <br> mailx <br> malaga <br> malaga-suomi-voikko <br> mallard-rng <br> man-pages-cs <br> man-pages-es <br> man-pages-it <br> man-pages-ja <br> man-pages-ko <br> man-pages-pl <br> man-pages-ru <br> man-pages-zh-CN <br> mandoc <br> mariadb-connector-c <br> mariadb-connector-odbc <br> marisa <br> maven-compiler-plugin <br> maven-jar-plugin <br> maven-resolver <br> maven-resources-plugin <br> maven-surefire <br> maven-wagon <br> mcelog <br> mcpp <br> mcstrans <br> mdadm <br> mdds <br> mdevctl <br> meanwhile <br> mecab <br> mecab-ipadic <br> media-player-info <br> memcached <br> memkind <br> mesa <br> mesa-libGLU <br> metis <br> microcode_ctl <br> microdnf <br> minicom <br> minizip <br> mksh <br> mobile-broadband-provider-info <br> mock <br> mock-core-configs <br> mod_auth_gssapi <br> mod_auth_mellon <br> mod_auth_openidc <br> mod_authnz_pam <br> mod_fcgid <br> mod_http2 <br> mod_intercept_form_submit <br> mod_lookup_identity <br> mod_md <br> mod_security <br> mod_security_crs <br> mod_wsgi <br> mokutil <br> mozjs <br> mpage <br> mrtg <br> mstflint <br> mt-st <br> mtdev <br> mtools <br> mtr <br> mtx <br> munge <br> mutt <br> mythes <br> mythes-bg <br> mythes-ca <br> mythes-cs <br> mythes-da <br> mythes-de <br> mythes-el <br> mythes-en <br> mythes-eo <br> mythes-es <br> mythes-fr <br> mythes-ga <br> mythes-hu <br> mythes-mi <br> mythes-ne <br> mythes-nl <br> mythes-pl <br> mythes-pt <br> mythes-ro <br> mythes-ru <br> mythes-sk <br> mythes-sl <br> mythes-sv <br> mythes-uk <br> nbd <br> nbdkit <br> neon <br> netavark <br> netcdf <br> netcf <br> netlabel_tools <br> netpbm <br> netsniff-ng <br> nfs4-acl-tools <br> nftables <br> nilfs-utils <br> nkf <br> nload <br> nlopt <br> nodejs-packaging <br> nss-mdns <br> nss-pam-ldapd <br> nss_nis <br> nss_wrapper <br> ntfs-3g <br> ntfs-3g-system-compression <br> numad <br> numatop <br> numpy <br> nvmetcli <br> nvml <br> oath-toolkit <br> ocaml <br> ocaml-alcotest <br> ocaml-astring <br> ocaml-augeas <br> ocaml-base <br> ocaml-bigarray-compat <br> ocaml-bisect-ppx <br> ocaml-calendar <br> ocaml-camlp5 <br> ocaml-camomile <br> ocaml-cinaps <br> ocaml-cmdliner <br> ocaml-compiler-libs-janestreet <br> ocaml-cppo <br> ocaml-csexp <br> ocaml-csv <br> ocaml-ctypes <br> ocaml-curses <br> ocaml-dune <br> ocaml-extlib <br> ocaml-fileutils <br> ocaml-findlib <br> ocaml-fmt <br> ocaml-fpath <br> ocaml-gettext <br> ocaml-integers <br> ocaml-libvirt <br> ocaml-luv <br> ocaml-lwt <br> ocaml-markup <br> ocaml-migrate-parsetree <br> ocaml-mmap <br> ocaml-num <br> ocaml-ocamlbuild <br> ocaml-ocplib-endian <br> ocaml-ounit <br> ocaml-parsexp <br> ocaml-ppx-derivers <br> ocaml-ppxlib <br> ocaml-re <br> ocaml-react <br> ocaml-result <br> ocaml-seq <br> ocaml-sexplib <br> ocaml-sexplib0 <br> ocaml-stdio <br> ocaml-topkg <br> ocaml-tyxml <br> ocaml-uuidm <br> ocaml-uutf <br> ocaml-xml-light <br> ocaml-zarith <br> ocl-icd <br> oddjob <br> ogdi <br> omping <br> opa <br> opal <br> open-vm-tools <br> openblas <br> opencc <br> opencl-filesystem <br> opencl-headers <br> opencryptoki <br> opencsd <br> opendnssec <br> OpenEXR <br> openjade <br> openjpeg2 <br> openmpi <br> openobex <br> openoffice-lv <br> openrdate <br> opensc <br> openslp <br> opensm <br> opensp <br> openssl <br> openssl-ibmpkcs11 <br> openssl-pkcs11 <br> openwsman <br> optipng <br> opus <br> opusfile <br> orangefs <br> ORBit2 <br> orc <br> os-prober <br> osinfo-db <br> osinfo-db-tools <br> overpass-fonts <br> p11-kit <br> p7zip <br> pacemaker <br> pacrunner <br> pakchois <br> pam_krb5 <br> pam_wrapper <br> papi <br> paps <br> parallel <br> patchelf <br> patchutils <br> pbzip2 <br> pcp <br> pcsc-lite <br> pcsc-lite-ccid <br> PEGTL <br> perl <br> perl-Algorithm-C3 <br> perl-Algorithm-Diff <br> perl-Alien-Build <br> perl-Alien-pkgconf <br> perl-AnyEvent <br> perl-AnyEvent-AIO <br> perl-AnyEvent-BDB <br> perl-App-cpanminus <br> perl-App-FatPacker <br> perl-AppConfig <br> perl-Archive-Extract <br> perl-Archive-Zip <br> perl-Authen-SASL <br> perl-B-COW <br> perl-B-Debug <br> perl-B-Hooks-EndOfScope <br> perl-B-Hooks-OP-Check <br> perl-B-Keywords <br> perl-B-Lint <br> perl-bareword-filehandles <br> perl-BDB <br> perl-Bit-Vector <br> perl-boolean <br> perl-Browser-Open <br> perl-BSD-Resource <br> perl-Business-ISBN <br> perl-Business-ISBN-Data <br> perl-Bytes-Random-Secure <br> perl-Capture-Tiny <br> perl-Carp-Clan <br> perl-CBOR-XS <br> perl-Class-Accessor <br> perl-Class-C3 <br> perl-Class-C3-XS <br> perl-Class-Data-Inheritable <br> perl-Class-Factory-Util <br> perl-Class-Inspector <br> perl-Class-ISA <br> perl-Class-Load <br> perl-Class-Load-XS <br> perl-Class-Method-Modifiers <br> perl-Class-Singleton <br> perl-Class-Tiny <br> perl-Class-XSAccessor <br> perl-Clone <br> perl-Color-ANSI-Util <br> perl-Color-RGB-Util <br> perl-ColorThemeBase-Static <br> perl-ColorThemeRole-ANSI <br> perl-ColorThemes-Standard <br> perl-ColorThemeUtil-ANSI <br> perl-Compress-Bzip2 <br> perl-Compress-LZF <br> perl-Compress-Raw-Lzma <br> perl-Config-AutoConf <br> perl-Config-INI <br> perl-Config-INI-Reader-Multiline <br> perl-Config-IniFiles <br> perl-Config-Simple <br> perl-Config-Tiny <br> perl-Const-Fast <br> perl-Convert-ASN1 <br> perl-Convert-Bencode <br> perl-Coro <br> perl-Coro-Multicore <br> perl-CPAN-Changes <br> perl-CPAN-DistnameInfo <br> perl-CPAN-Meta-Check <br> perl-Cpanel-JSON-XS <br> perl-Crypt-CBC <br> perl-Crypt-DES <br> perl-Crypt-IDEA <br> perl-Crypt-OpenSSL-Bignum <br> perl-Crypt-OpenSSL-Guess <br> perl-Crypt-OpenSSL-Random <br> perl-Crypt-OpenSSL-RSA <br> perl-Crypt-PasswdMD5 <br> perl-Crypt-Random-Seed <br> perl-CSS-Tiny <br> perl-Data-Dump <br> perl-Data-Munge <br> perl-Data-OptList <br> perl-Data-Peek <br> perl-Data-Section <br> perl-Data-UUID <br> perl-Date-Calc <br> perl-Date-ISO8601 <br> perl-Date-Manip <br> perl-DateTime <br> perl-DateTime-Format-Builder <br> perl-DateTime-Format-DateParse <br> perl-DateTime-Format-HTTP <br> perl-DateTime-Format-IBeat <br> perl-DateTime-Format-ISO8601 <br> perl-DateTime-Format-Mail <br> perl-DateTime-Format-Strptime <br> perl-DateTime-Locale <br> perl-DateTime-TimeZone <br> perl-DateTime-TimeZone-SystemV <br> perl-DateTime-TimeZone-Tzfile <br> perl-DBD-MySQL <br> perl-Devel-CallChecker <br> perl-Devel-Caller <br> perl-Devel-CheckBin <br> perl-Devel-CheckLib <br> perl-Devel-Cycle <br> perl-Devel-EnforceEncapsulation <br> perl-Devel-GlobalDestruction <br> perl-Devel-GlobalDestruction-XS <br> perl-Devel-Hide <br> perl-Devel-Leak <br> perl-Devel-LexAlias <br> perl-Devel-Size <br> perl-Devel-StackTrace <br> perl-Devel-Symdump <br> perl-Digest-BubbleBabble <br> perl-Digest-CRC <br> perl-Digest-HMAC <br> perl-Digest-SHA1 <br> perl-Dist-CheckConflicts <br> perl-DynaLoader-Functions <br> perl-Email-Address <br> perl-Email-Date-Format <br> perl-Encode-Detect <br> perl-Encode-EUCJPASCII <br> perl-Encode-IMAPUTF7 <br> perl-Encode-Locale <br> perl-Env-ShellWords <br> perl-Error <br> perl-EV <br> perl-Eval-Closure <br> perl-Event <br> perl-Exception-Class <br> perl-Expect <br> perl-ExtUtils-Config <br> perl-ExtUtils-Depends <br> perl-ExtUtils-Helpers <br> perl-ExtUtils-InstallPaths <br> perl-ExtUtils-PkgConfig <br> perl-FCGI <br> perl-Fedora-VSP <br> perl-FFI-CheckLib <br> perl-File-BaseDir <br> perl-File-BOM <br> perl-File-chdir <br> perl-File-CheckTree <br> perl-File-Copy-Recursive <br> perl-File-DesktopEntry <br> perl-File-Find-Object <br> perl-File-Find-Object-Rule <br> perl-File-Find-Rule <br> perl-File-Find-Rule-Perl <br> perl-File-Inplace <br> perl-File-Listing <br> perl-File-MimeInfo <br> perl-File-pushd <br> perl-File-ReadBackwards <br> perl-File-Remove <br> perl-File-ShareDir <br> perl-File-ShareDir-Install <br> perl-File-Slurp <br> perl-File-Slurp-Tiny <br> perl-File-Slurper <br> perl-File-Type <br> perl-Font-TTF <br> perl-FreezeThaw <br> perl-GD <br> perl-GD-Barcode <br> perl-generators <br> perl-Getopt-ArgvFile <br> perl-gettext <br> perl-Graphics-ColorNamesLite-WWW <br> perl-GSSAPI <br> perl-Guard <br> perl-Hook-LexWrap <br> perl-HTML-Parser <br> perl-HTML-Tagset <br> perl-HTML-Tree <br> perl-HTTP-Cookies <br> perl-HTTP-Daemon <br> perl-HTTP-Date <br> perl-HTTP-Message <br> perl-HTTP-Negotiate <br> perl-Image-Base <br> perl-Image-Info <br> perl-Image-Xbm <br> perl-Image-Xpm <br> perl-Import-Into <br> perl-Importer <br> perl-inc-latest <br> perl-indirect <br> perl-Inline-Files <br> perl-IO-AIO <br> perl-IO-All <br> perl-IO-CaptureOutput <br> perl-IO-Compress-Lzma <br> perl-IO-HTML <br> perl-IO-Multiplex <br> perl-IO-SessionData <br> perl-IO-Socket-INET6 <br> perl-IO-String <br> perl-IO-stringy <br> perl-IO-Tty <br> perl-IPC-Run <br> perl-IPC-Run3 <br> perl-IPC-System-Simple <br> perl-JSON <br> perl-JSON-Color <br> perl-JSON-MaybeXS <br> perl-LDAP <br> perl-libnet <br> perl-libwww-perl <br> perl-libxml-perl <br> perl-Lingua-EN-Inflect <br> perl-List-MoreUtils-XS <br> perl-local-lib <br> perl-Locale-Codes <br> perl-Locale-Maketext-Gettext <br> perl-Locale-Msgfmt <br> perl-Locale-PO <br> perl-Log-Message <br> perl-Log-Message-Simple <br> perl-LWP-MediaTypes <br> perl-LWP-Protocol-https <br> perl-Mail-AuthenticationResults <br> perl-Mail-DKIM <br> perl-Mail-IMAPTalk <br> perl-Mail-SPF <br> perl-MailTools <br> perl-Math-Int64 <br> perl-Math-Random-ISAAC <br> perl-MIME-Charset <br> perl-MIME-Lite <br> perl-MIME-Types <br> perl-Mixin-Linewise <br> perl-MLDBM <br> perl-Mock-Config <br> perl-Module-Build-Tiny <br> perl-Module-CPANfile <br> perl-Module-Implementation <br> perl-Module-Install-AuthorRequires <br> perl-Module-Install-AuthorTests <br> perl-Module-Install-AutoLicense <br> perl-Module-Install-GithubMeta <br> perl-Module-Install-ManifestSkip <br> perl-Module-Install-ReadmeFromPod <br> perl-Module-Install-ReadmeMarkdownFromPod <br> perl-Module-Install-Repository <br> perl-Module-Install-TestBase <br> perl-Module-Load-Util <br> perl-Module-Manifest <br> perl-Module-Manifest-Skip <br> perl-Module-Package <br> perl-Module-Package-Au <br> perl-Module-Pluggable <br> perl-Module-Runtime <br> perl-Module-Signature <br> perl-Mojolicious <br> perl-Moo <br> perl-Mozilla-CA <br> perl-Mozilla-LDAP <br> perl-MRO-Compat <br> perl-multidimensional <br> perl-namespace-autoclean <br> perl-namespace-clean <br> perl-Net-CIDR-Lite <br> perl-Net-Daemon <br> perl-Net-DNS <br> perl-Net-DNS-Resolver-Mock <br> perl-Net-DNS-Resolver-Programmable <br> perl-Net-HTTP <br> perl-Net-IMAP-Simple <br> perl-Net-IMAP-Simple-SSL <br> perl-Net-IP <br> perl-Net-LibIDN2 <br> perl-Net-Patricia <br> perl-Net-SMTP-SSL <br> perl-Net-SNMP <br> perl-Net-Telnet <br> perl-Newt <br> perl-NNTPClient <br> perl-NTLM <br> perl-Number-Compare <br> perl-Object-Deadly <br> perl-Object-HashBase <br> perl-Package-Anon <br> perl-Package-Constants <br> perl-Package-DeprecationManager <br> perl-Package-Generator <br> perl-Package-Stash <br> perl-Package-Stash-XS <br> perl-PadWalker <br> perl-Paper-Specs <br> perl-PAR-Dist <br> perl-Parallel-Iterator <br> perl-Params-Classify <br> perl-Params-Util <br> perl-Params-Validate <br> perl-Params-ValidationCompiler <br> perl-Parse-PMFile <br> perl-Parse-RecDescent <br> perl-Parse-Yapp <br> perl-Path-Tiny <br> perl-Perl-Critic <br> perl-Perl-Critic-More <br> perl-Perl-Destruct-Level <br> perl-Perl-MinimumVersion <br> perl-Perl4-CoreLibs <br> perl-PerlIO-gzip <br> perl-PerlIO-utf8_strict <br> perl-PkgConfig-LibPkgConf <br> perl-Pod-Coverage <br> perl-Pod-Coverage-TrustPod <br> perl-Pod-Escapes <br> perl-Pod-Eventual <br> perl-Pod-LaTeX <br> perl-Pod-Markdown <br> perl-Pod-Parser <br> perl-Pod-Plainer <br> perl-Pod-POM <br> perl-Pod-Spell <br> perl-PPI <br> perl-PPI-HTML <br> perl-PPIx-QuoteLike <br> perl-PPIx-Regexp <br> perl-PPIx-Utilities <br> perl-prefork <br> perl-Probe-Perl <br> perl-Razor-Agent <br> perl-Readonly <br> perl-Readonly-XS <br> perl-Ref-Util <br> perl-Ref-Util-XS <br> perl-Regexp-Pattern-Perl <br> perl-Return-MultiLevel <br> perl-Role-Tiny <br> perl-Scope-Guard <br> perl-Scope-Upper <br> perl-SGMLSpm <br> perl-SNMP_Session <br> perl-Socket6 <br> perl-Software-License <br> perl-Sort-Versions <br> perl-Specio <br> perl-Spiffy <br> perl-strictures <br> perl-String-CRC32 <br> perl-String-Format <br> perl-String-ShellQuote <br> perl-String-Similarity <br> perl-Sub-Exporter <br> perl-Sub-Exporter-Progressive <br> perl-Sub-Identify <br> perl-Sub-Info <br> perl-Sub-Install <br> perl-Sub-Name <br> perl-Sub-Quote <br> perl-Sub-Uplevel <br> perl-SUPER <br> perl-Switch <br> perl-Syntax-Highlight-Engine-Kate <br> perl-Sys-CPU <br> perl-Sys-MemInfo <br> perl-Sys-Virt <br> perl-Taint-Runtime <br> perl-Task-Weaken <br> perl-Term-Size-Any <br> perl-Term-Size-Perl <br> perl-Term-Table <br> perl-Term-UI <br> perl-TermReadKey <br> perl-Test-Base <br> perl-Test-ClassAPI <br> perl-Test-CPAN-Meta <br> perl-Test-CPAN-Meta-JSON <br> perl-Test-Deep <br> perl-Test-Differences <br> perl-Test-DistManifest <br> perl-Test-Distribution <br> perl-Test-EOL <br> perl-Test-Exception <br> perl-Test-Exit <br> perl-Test-FailWarnings <br> perl-Test-Fatal <br> perl-Test-File <br> perl-Test-File-ShareDir <br> perl-Test-Harness <br> perl-Test-HasVersion <br> perl-Test-InDistDir <br> perl-Test-Inter <br> perl-Test-LeakTrace <br> perl-Test-LongString <br> perl-Test-Manifest <br> perl-Test-Memory-Cycle <br> perl-Test-MinimumVersion <br> perl-Test-MockObject <br> perl-Test-MockRandom <br> perl-Test-Needs <br> perl-Test-NoTabs <br> perl-Test-NoWarnings <br> perl-Test-Object <br> perl-Test-Output <br> perl-Test-Pod <br> perl-Test-Pod-Coverage <br> perl-Test-Portability-Files <br> perl-Test-Requires <br> perl-Test-RequiresInternet <br> perl-Test-Script <br> perl-Test-Simple <br> perl-Test-SubCalls <br> perl-Test-Synopsis <br> perl-Test-Taint <br> perl-Test-TrailingSpace <br> perl-Test-utf8 <br> perl-Test-Vars <br> perl-Test-Warn <br> perl-Test-Without-Module <br> perl-Test2-Plugin-NoWarnings <br> perl-Test2-Suite <br> perl-Test2-Tools-Explain <br> perl-Text-CharWidth <br> perl-Text-CSV_XS <br> perl-Text-Diff <br> perl-Text-Glob <br> perl-Text-Iconv <br> perl-Text-Soundex <br> perl-Text-Unidecode <br> perl-Text-WrapI18N <br> perl-Tie-IxHash <br> perl-TimeDate <br> perl-Tree-DAG_Node <br> perl-Unicode-EastAsianWidth <br> perl-Unicode-LineBreak <br> perl-Unicode-Map8 <br> perl-Unicode-String <br> perl-Unicode-UTF8 <br> perl-UNIVERSAL-can <br> perl-UNIVERSAL-isa <br> perl-Unix-Syslog <br> perl-URI <br> perl-Variable-Magic <br> perl-Version-Requirements <br> perl-WWW-RobotRules <br> perl-XML-Catalog <br> perl-XML-DOM <br> perl-XML-Dumper <br> perl-XML-Filter-BufferText <br> perl-XML-Generator <br> perl-XML-Grove <br> perl-XML-Handler-YAWriter <br> perl-XML-LibXML <br> perl-XML-LibXSLT <br> perl-XML-NamespaceSupport <br> perl-XML-Parser-Lite <br> perl-XML-RegExp <br> perl-XML-SAX <br> perl-XML-SAX-Base <br> perl-XML-SAX-Writer <br> perl-XML-Simple <br> perl-XML-TokeParser <br> perl-XML-TreeBuilder <br> perl-XML-Twig <br> perl-XML-Writer <br> perl-XML-XPath <br> perl-XML-XPathEngine <br> perl-XString <br> perl-YAML-LibYAML <br> perl-YAML-PP <br> perl-YAML-Syck <br> perltidy <br> pesign <br> phodav <br> php <br> php-pear <br> php-pecl-zip <br> physfs <br> picosat <br> pinfo <br> pipewire <br> pixman <br> pkcs11-helper <br> pkgconf <br> plexus-cipher <br> plexus-containers <br> plexus-sec-dispatcher <br> plotutils <br> pmdk-convert <br> pmix <br> pngcrush <br> pngnq <br> po4a <br> podman <br> poetry <br> policycoreutils <br> polkit-pkla-compat <br> polkit-qt-1 <br> portreserve <br> postfix <br> potrace <br> powertop <br> ppp <br> pps-tools <br> pptp <br> priv_wrapper <br> procmail <br> prometheus <br> prometheus-node-exporter <br> ps_mem <br> psacct <br> psutils <br> ptlib <br> publicsuffix-list <br> pugixml <br> pulseaudio <br> puppet <br> pwgen <br> pyatspi <br> pybind11 <br> pycairo <br> pyelftools <br> pyflakes <br> pygobject3 <br> PyGreSQL <br> pykickstart <br> pylint <br> pyparted <br> pyproject-rpm-macros <br> pyserial <br> python-absl-py <br> python-aiodns <br> python-aiohttp <br> python-alsa <br> python-argcomplete <br> python-astroid <br> python-astunparse <br> python-async-generator <br> python-augeas <br> python-azure-sdk <br> python-beautifulsoup4 <br> python-betamax <br> python-blinker <br> python-blivet <br> python-cached_property <br> python-charset-normalizer <br> python-cheetah <br> python-click <br> python-cmd2 <br> python-colorama <br> python-CommonMark <br> python-conda-package-handling <br> python-configshell <br> python-cpuinfo <br> python-cups <br> python-curio <br> python-cytoolz <br> python-d2to1 <br> python-dbus-client-gen <br> python-dbus-python-client-gen <br> python-dbus-signature-pyparsing <br> python-dbusmock <br> python-ddt <br> python-debtcollector <br> python-decorator <br> python-distlib <br> python-dmidecode <br> python-dns <br> python-dtopt <br> python-dulwich <br> python-editables <br> python-enchant <br> python-entrypoints <br> python-ethtool <br> python-evdev <br> python-extras <br> python-faker <br> python-fasteners <br> python-fastjsonschema <br> python-fields <br> python-filelock <br> python-fixtures <br> python-flake8 <br> python-flask <br> python-flit <br> python-flit-core <br> python-fluidity-sm <br> python-frozendict <br> python-funcsigs <br> python-gast <br> python-genshi <br> python-google-auth <br> python-google-auth-oauthlib <br> python-greenlet <br> python-gssapi <br> python-h5py <br> python-hatch-fancy-pypi-readme <br> python-hatch-vcs <br> python-hatchling <br> python-hs-dbus-signature <br> python-html5lib <br> python-httplib2 <br> python-humanize <br> python-hwdata <br> python-importlib-metadata <br> python-inotify <br> python-into-dbus-python <br> python-IPy <br> python-iso8601 <br> python-isodate <br> python-isort <br> python-itsdangerous <br> python-justbases <br> python-justbytes <br> python-jwcrypto <br> python-jwt <br> python-kdcproxy <br> python-kerberos <br> python-kmod <br> python-kubernetes <br> python-lark <br> python-lazy-object-proxy <br> python-ldap <br> python-linux-procfs <br> python-lit <br> python-looseversion <br> python-markdown <br> python-markdown-it-py <br> python-mccabe <br> python-mdurl <br> python-memcached <br> python-mimeparse <br> python-mock <br> python-monotonic <br> python-more-itertools <br> python-mpmath <br> python-msal <br> python-msrestazure <br> python-mutagen <br> python-networkx <br> python-nose2 <br> python-ntlm-auth <br> python-oauth2client <br> python-openpyxl <br> python-openstackdocstheme <br> python-oslo-i18n <br> python-oslo-sphinx <br> python-paramiko <br> python-pathspec <br> python-pefile <br> python-pexpect <br> python-pkgconfig <br> python-platformdirs <br> python-pluggy <br> python-podman-api <br> python-poetry-core <br> python-process-tests <br> python-productmd <br> python-ptyprocess <br> python-pycares <br> python-pycosat <br> python-pydbus <br> python-pymongo <br> python-PyMySQL <br> python-pyperclip <br> python-pyroute2 <br> python-pyrsistent <br> python-pysocks <br> python-pytest-benchmark <br> python-pytest-cov <br> python-pytest-expect <br> python-pytest-flake8 <br> python-pytest-flakes <br> python-pytest-forked <br> python-pytest-mock <br> python-pytest-relaxed <br> python-pytest-runner <br> python-pytest-subtests <br> python-pytest-timeout <br> python-pytest-xdist <br> python-pytoml <br> python-pyudev <br> python-pywbem <br> python-qrcode <br> python-rdflib <br> python-recommonmark <br> python-requests-file <br> python-requests-ftp <br> python-requests-kerberos <br> python-requests-mock <br> python-requests-oauthlib <br> python-requests-toolbelt <br> python-requests_ntlm <br> python-responses <br> python-retrying <br> python-rfc3986 <br> python-rich <br> python-rpm-generators <br> python-rpmfluff <br> python-rtslib <br> python-ruamel-yaml <br> python-ruamel-yaml-clib <br> python-s3transfer <br> python-schedutils <br> python-semantic_version <br> python-should_dsl <br> python-simpleline <br> python-slip <br> python-sniffio <br> python-sortedcontainers <br> python-soupsieve <br> python-sphinx <br> python-sphinx-epytext <br> python-sphinx-theme-py3doc-enhanced <br> python-sphinx_rtd_theme <br> python-sphinxcontrib-apidoc <br> python-sphinxcontrib-applehelp <br> python-sphinxcontrib-devhelp <br> python-sphinxcontrib-htmlhelp <br> python-sphinxcontrib-httpdomain <br> python-sphinxcontrib-jsmath <br> python-sphinxcontrib-qthelp <br> python-sphinxcontrib-serializinghtml <br> python-sqlalchemy <br> python-suds <br> python-systemd <br> python-tempita <br> python-templated-dictionary <br> python-termcolor <br> python-testpath <br> python-testresources <br> python-testscenarios <br> python-testtools <br> python-tidy <br> python-toml <br> python-tomli <br> python-toolz <br> python-tornado <br> python-tox <br> python-tox-current-env <br> python-tqdm <br> python-trio <br> python-trove-classifiers <br> python-typing-extensions <br> python-uamqp <br> python-unittest2 <br> python-uritemplate <br> python-urwid <br> python-varlink <br> python-virt-firmware <br> python-voluptuous <br> python-waitress <br> python-webencodings <br> python-webtest <br> python-wheel <br> python-whoosh <br> python-winrm <br> python-wrapt <br> python-xmltodict <br> python-yubico <br> python-zipp <br> python-zmq <br> python-zstd <br> python3-mallard-ducktype <br> python3-pytest-asyncio <br> python3-typed_ast <br> pyusb <br> pywbem <br> pyxattr <br> qemu <br> qhull <br> qpdf <br> qperf <br> qr-code-generator <br> qt-rpm-macros <br> qt5-qtconnectivity <br> qt5-qtsensors <br> qt5-qtserialport <br> qtbase <br> qtdeclarative <br> qtsvg <br> qttools <br> quagga <br> quota <br> radvd <br> ragel <br> raptor2 <br> rarian <br> rasdaemon <br> rasqal <br> rcs <br> rdist <br> rdma-core <br> re2 <br> re2c <br> realmd <br> rear <br> recode <br> redland <br> resource-agents <br> rest <br> rhash <br> rlwrap <br> rp-pppoe <br> rpm-mpi-hooks <br> rpmdevtools <br> rpmlint <br> rtkit <br> rtl-sdr <br> ruby-augeas <br> rubygem-bson <br> rubygem-coderay <br> rubygem-diff-lcs <br> rubygem-flexmock <br> rubygem-hpricot <br> rubygem-introspection <br> rubygem-liquid <br> rubygem-maruku <br> rubygem-metaclass <br> rubygem-mongo <br> rubygem-mustache <br> rubygem-mysql2 <br> rubygem-pkg-config <br> rubygem-rake <br> rubygem-rake-compiler <br> rubygem-ronn <br> rubygem-rouge <br> rubygem-rspec <br> rubygem-rspec-expectations <br> rubygem-rspec-mocks <br> rubygem-rspec-support <br> rubygem-thread_order <br> rusers <br> rust-cbindgen <br> samba <br> sanlock <br> sassist <br> satyr <br> sbc <br> sblim-cim-client2 <br> sblim-cmpi-base <br> sblim-cmpi-devel <br> sblim-cmpi-fsvol <br> sblim-cmpi-network <br> sblim-cmpi-nfsv3 <br> sblim-cmpi-nfsv4 <br> sblim-cmpi-params <br> sblim-cmpi-sysfs <br> sblim-cmpi-syslog <br> sblim-indication_helper <br> sblim-sfcb <br> sblim-sfcc <br> sblim-sfcCommon <br> sblim-testsuite <br> sblim-wbemcli <br> scl-utils <br> scotch <br> screen <br> scrub <br> SDL <br> SDL2 <br> SDL_sound <br> sdparm <br> seabios <br> secilc <br> selinux-policy <br> sendmail <br> serd <br> setools <br> setserial <br> setuptool <br> sgabios <br> sgml-common <br> sgpio <br> shared-mime-info <br> sharutils <br> sip <br> sisu <br> skkdic <br> sleuthkit <br> slirp4netns <br> smartmontools <br> smc-tools <br> socket_wrapper <br> softhsm <br> sombok <br> sord <br> sos <br> sound-theme-freedesktop <br> soundtouch <br> sox <br> soxr <br> sparsehash <br> spausedd <br> speex <br> speexdsp <br> spice-protocol <br> spice-vdagent <br> spirv-headers <br> spirv-tools <br> splix <br> squashfs-tools <br> squid <br> sratom <br> sscg <br> star <br> startup-notification <br> stunnel <br> subscription-manager <br> suitesparse <br> SuperLU <br> supermin <br> switcheroo-control <br> swtpm <br> symlinks <br> sympy <br> sysfsutils <br> systemd <br> systemd-bootchart <br> t1lib <br> t1utils <br> taglib <br> tang <br> targetcli <br> tbb <br> tcl-pgtcl <br> tclx <br> teckit <br> telnet <br> thrift <br> tidy <br> time <br> tini <br> tinycdb <br> tix <br> tk <br> tlog <br> tmpwatch <br> tn5250 <br> tofrodos <br> tokyocabinet <br> trace-cmd <br> tss2 <br> ttembed <br> ttmkfdir <br> tuna <br> twolame <br> uchardet <br> uclibc-ng <br> ucpp <br> ucs-miscfixed-fonts <br> ucx <br> udftools <br> udica <br> udisks2 <br> uglify-js <br> uid_wrapper <br> unicode-emoji <br> unicode-ucd <br> unique3 <br> units <br> upower <br> uriparser <br> urlview <br> usb_modeswitch <br> usb_modeswitch-data <br> usbguard <br> usbip <br> usbmuxd <br> usbredir <br> usermode <br> ustr <br> uthash <br> uuid <br> uw-imap <br> v4l-utils <br> vhostmd <br> vino <br> virglrenderer <br> virt-p2v <br> virt-top <br> virt-what <br> virt-who <br> vitess <br> vmem <br> volume_key <br> vorbis-tools <br> vte291 <br> vulkan-headers <br> vulkan-loader <br> watchdog <br> wavpack <br> wayland <br> wayland-protocols <br> web-assets <br> webrtc-audio-processing <br> websocketpp <br> wget <br> whois <br> wireguard-tools <br> wireless-regdb <br> wireshark <br> woff2 <br> wordnet <br> words <br> wpebackend-fdo <br> wsmancli <br> wvdial <br> x3270 <br> xapian-core <br> Xaw3d <br> xcb-proto <br> xcb-util <br> xcb-util-image <br> xcb-util-keysyms <br> xcb-util-renderutil <br> xcb-util-wm <br> xdelta <br> xdg-dbus-proxy <br> xdg-utils <br> xdp-tools <br> xerces-c <br> xfconf <br> xfsdump <br> xhtml1-dtds <br> xkeyboard-config <br> xmlstarlet <br> xmltoman <br> xmvn <br> xorg-x11-apps <br> xorg-x11-drv-libinput <br> xorg-x11-font-utils <br> xorg-x11-fonts <br> xorg-x11-proto-devel <br> xorg-x11-server <br> xorg-x11-server-utils <br> xorg-x11-util-macros <br> xorg-x11-utils <br> xorg-x11-xauth <br> xorg-x11-xbitmaps <br> xorg-x11-xinit <br> xorg-x11-xkb-utils <br> xorg-x11-xtrans-devel <br> xrestop <br> xterm <br> xxhash <br> yajl <br> yaml-cpp <br> yasm <br> yelp-tools <br> yelp-xsl <br> ykclient <br> yp-tools <br> ypbind <br> ypserv <br> z3 <br> zenity <br> zerofree <br> zfs-fuse <br> zipper <br> zopfli <br> zziplib |
 | Fedora (Copyright Remi Collet) | [CC-BY-SA 4.0](https://creativecommons.org/licenses/by-sa/4.0/legalcode) | libmemcached-awesome <br> librabbitmq |
 | Fedora (ISC) | [ISC License](https://github.com/sarugaku/resolvelib/blob/main/LICENSE) | python-resolvelib |
 | Magnus Edenhill Open Source | [Magnus Edenhill Open Source BSD License](https://github.com/jemalloc/jemalloc/blob/dev/COPYING) | librdkafka |
diff --git a/LICENSES-AND-NOTICES/SPECS/data/licenses.json b/LICENSES-AND-NOTICES/SPECS/data/licenses.json
index 7ca6e35580e..a39fa5ba268 100644
--- a/LICENSES-AND-NOTICES/SPECS/data/licenses.json
+++ b/LICENSES-AND-NOTICES/SPECS/data/licenses.json
@@ -117,6 +117,7 @@
                 "cim-schema",
                 "cjkuni-uming-fonts",
                 "cjose",
+                "ck",
                 "cldr-emoji-annotation",
                 "clucene",
                 "clutter",
diff --git a/SPECS/ck/ck-nogettid.patch b/SPECS/ck/ck-nogettid.patch
new file mode 100644
index 00000000000..0935a1f85a7
--- /dev/null
+++ b/SPECS/ck/ck-nogettid.patch
@@ -0,0 +1,21 @@
+Static function gettid makes troubles when compiling tests,
+because the extern declaration exists.
+This might not be the best way to fix this, but it makes the tests succeed.
+
+diff -up ck-0.6.0/regressions/common.h.nogettid ck-0.6.0/regressions/common.h
+--- ck-0.6.0/regressions/common.h.nogettid	2019-08-21 08:10:51.593209466 +0200
++++ ck-0.6.0/regressions/common.h	2019-08-21 08:11:05.320341728 +0200
+@@ -267,13 +267,6 @@ struct affinity {
+ #define AFFINITY_INITIALIZER {0, 0}
+ 
+ #ifdef __linux__
+-#ifndef gettid
+-static pid_t
+-gettid(void)
+-{
+-	return syscall(__NR_gettid);
+-}
+-#endif /* gettid */
+ 
+ CK_CC_UNUSED static int
+ aff_iterate(struct affinity *acb)
diff --git a/SPECS/ck/ck-register-constraint.patch b/SPECS/ck/ck-register-constraint.patch
new file mode 100644
index 00000000000..fe5ea996a5c
--- /dev/null
+++ b/SPECS/ck/ck-register-constraint.patch
@@ -0,0 +1,33 @@
+commit b02bb2b805c970e6ef90e8e15daafa5d78cb195f
+Author: Paul Khuong <pvk@google.com>
+Date:   Wed Aug 21 10:08:10 2019 -0400
+
+    x86/ck_pr: fix register constraint for ck_pr_foo_is_zero
+    
+    setcc works with byte registers, so we want `q` to ensure
+    the low byte register is encodable, not the general `r`.
+    
+    Fixes https://github.com/concurrencykit/ck/issues/142.
+
+diff --git a/include/gcc/x86/ck_pr.h b/include/gcc/x86/ck_pr.h
+index e678e83..8ef8864 100644
+--- a/include/gcc/x86/ck_pr.h
++++ b/include/gcc/x86/ck_pr.h
+@@ -239,7 +239,7 @@ CK_PR_FAA_S(8,  uint8_t,  "xaddb")
+ 		bool ret;						\
+ 		__asm__ __volatile__(CK_PR_LOCK_PREFIX I " %0; setz %1"	\
+ 					: "+m" (*(C *)target),		\
+-					  "=rm" (ret)			\
++					  "=qm" (ret)			\
+ 					:				\
+ 					: "memory", "cc");		\
+ 		return ret;						\
+@@ -354,7 +354,7 @@ CK_PR_CAS_S(8,  uint8_t,  "cmpxchgb")
+ 					: "q"   (set),				\
+ 					  "a"   (compare)			\
+ 					: "memory", "cc");			\
+-		return (bool)z;							\
++		return z;							\
+ 	}
+ 
+ CK_PR_CAS_O(ptr, void, void *, char, "l", "eax")
diff --git a/SPECS/ck/ck-unit-sequence.patch b/SPECS/ck/ck-unit-sequence.patch
new file mode 100644
index 00000000000..a7ae5ff0a2d
--- /dev/null
+++ b/SPECS/ck/ck-unit-sequence.patch
@@ -0,0 +1,38 @@
+From baf41283f37caa9086f55455bd0b1b5b47df384f Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Petr=20Men=C5=A1=C3=ADk?= <pemensik@redhat.com>
+Date: Fri, 17 Feb 2023 00:32:42 +0100
+Subject: [PATCH] Allow different limit for ck_sequence validation
+
+This test takes significantly longer when it does not receive all CPUs
+on the platform. It takes significantly longer on ppc64le and aarch64
+platform when CORES is less than actually detected.
+
+Allow overriding just this test by CORES_SEQUENCE variable.
+---
+ regressions/ck_sequence/validate/Makefile | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/regressions/ck_sequence/validate/Makefile b/regressions/ck_sequence/validate/Makefile
+index bc2e5be..2aeb32b 100644
+--- a/regressions/ck_sequence/validate/Makefile
++++ b/regressions/ck_sequence/validate/Makefile
+@@ -1,6 +1,7 @@
+ .PHONY: check clean distribution
+ 
+ OBJECTS=ck_sequence
++SEQUENCE_CORES=$(CORES)
+ 
+ all: $(OBJECTS)
+ 
+@@ -8,7 +9,7 @@ ck_sequence: ck_sequence.c ../../../include/ck_sequence.h
+ 	$(CC) $(CFLAGS) -o ck_sequence ck_sequence.c
+ 
+ check: all
+-	./ck_sequence $(CORES) 1
++	./ck_sequence $(SEQUENCE_CORES) 1
+ 
+ clean:
+ 	rm -rf *~ *.o $(OBJECTS) *.dSYM *.exe
+-- 
+2.39.1
+
diff --git a/SPECS/ck/ck-unit-time.patch b/SPECS/ck/ck-unit-time.patch
new file mode 100644
index 00000000000..5e7be338f11
--- /dev/null
+++ b/SPECS/ck/ck-unit-time.patch
@@ -0,0 +1,33 @@
+From 6a8303c5a8d6c887df50ca8668bd4163c18bb720 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Petr=20Men=C5=A1=C3=ADk?= <pemensik@redhat.com>
+Date: Fri, 17 Feb 2023 00:00:17 +0100
+Subject: [PATCH] Report times for each unit test
+
+---
+ regressions/Makefile | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/regressions/Makefile b/regressions/Makefile
+index c74b4fa..8e21d46 100644
+--- a/regressions/Makefile
++++ b/regressions/Makefile
+@@ -24,6 +24,7 @@ DIR=array	\
+     stack	\
+     swlock	\
+     tflock
++TIME=time
+ 
+ .PHONY: all clean check
+ 
+@@ -129,7 +130,7 @@ check: all
+ 	rc=0; 							\
+ 	for d in $(DIR) ; do					\
+ 		echo "----[ Testing $$d....";			\
+-		$(MAKE) -C ./ck_$$d/validate check || rc=1; 	\
++		$(TIME) $(MAKE) -C ./ck_$$d/validate check || rc=1; \
+ 		echo;						\
+ 	done; 							\
+ 	exit $$rc
+-- 
+2.39.1
+
diff --git a/SPECS/ck/ck.signatures.json b/SPECS/ck/ck.signatures.json
new file mode 100644
index 00000000000..451f8887784
--- /dev/null
+++ b/SPECS/ck/ck.signatures.json
@@ -0,0 +1,5 @@
+{
+ "Signatures": {
+  "ck-0.7.2.tar.gz": "568ebe0bc1988a23843fce6426602e555b7840bf6714edcdf0ed530214977f1b"
+ }
+}
\ No newline at end of file
diff --git a/SPECS/ck/ck.spec b/SPECS/ck/ck.spec
new file mode 100644
index 00000000000..f846695deda
--- /dev/null
+++ b/SPECS/ck/ck.spec
@@ -0,0 +1,197 @@
+Summary:        Library for high performance concurrent programming
+Name:           ck
+Version:        0.7.2
+Release:        1%{?dist}
+License:        BSD-2-clause AND Apache-2.0 AND BSD-3-clause
+Vendor:         Microsoft Corporation
+Distribution:   Azure Linux
+URL:            https://github.com/concurrencykit/ck
+Source:         %{url}/archive/%{version}/%{name}-%{version}.tar.gz
+# disable ck_hclh_test from ck_spinlock temporary solution
+# github issue: https://github.com/concurrencykit/ck/issues/153
+Patch3:         ck_disable_ck_hclh_test.patch
+# measure unit test times
+Patch4:         ck-unit-time.patch
+# specify SEQUENCE_CORES different for one test
+Patch5:         ck-unit-sequence.patch
+BuildRequires:  gcc
+BuildRequires:  make
+BuildRequires:  sed
+
+%description
+Concurrency Kit provides a plethora of concurrency primitives, safe memory
+reclamation mechanisms and lock-less and lock-free data structures designed to
+aid in the design and implementation of high performance concurrent systems. It
+is designed to minimize dependencies on operating system-specific interfaces
+and most of the interface relies only on a strict subset of the standard
+library and more popular compiler extensions.
+
+%package devel
+Summary:        Header files and libraries for CK development
+Requires:       %{name} = %{version}-%{release}
+
+%description devel
+Concurrency Kit provides a plethora of concurrency primitives, safe memory
+reclamation mechanisms and lock-less and lock-free data structures designed to
+aid in the design and implementation of high performance concurrent systems. It
+is designed to minimize dependencies on operating system-specific interfaces
+and most of the interface relies only on a strict subset of the standard
+library and more popular compiler extensions.
+
+This package provides the libraries, include files, and other
+resources needed for developing Concurrency Kit applications.
+
+%prep
+%autosetup -p1
+
+%build
+export CFLAGS="%{optflags}"
+./configure 		\
+	--libdir=%{_libdir} 			\
+	--includedir=%{_includedir}/%{name}	\
+	--mandir=%{_mandir}			\
+	--prefix=%{_prefix}
+
+%make_build
+
+%install
+%make_install
+
+# fix weird mode of the shared library
+chmod 0755 %{buildroot}%{_libdir}/libck.so.*
+
+# remove static library
+rm %{buildroot}%{_libdir}/libck.a
+
+%check
+MAX_CORES=4
+# 8+ CORES take quite long, limit them to 4
+CORES=$(grep '^CORES=' build/regressions.build | cut -d= -f2)
+# ck_sequence tests wants all cores on the system to be quick
+SEQUENCE_CORES="$CORES"
+TIMEOUT=$((30*60))
+TIMEOUT_KILL=$((TIMEOUT+100))
+[ "${CORES}" -gt "${MAX_CORES}" ] && CORES="${MAX_CORES}"
+%ifarch %{power64}
+    # It hangs often on this test for some reason
+    sed -e '/^OBJECTS=/ s, barrier_mcs,,' -i regressions/ck_barrier/validate/Makefile
+%endif
+%ifarch %{arm32} %{arm64}
+    # Some tests take quite long on ARMs. Skip them
+    sed -e '/^\s*brlock\s/ d' -e '/^\s*cohort\s/ d' -e '/^\s*rwlock\s/ d' \
+        -i regressions/Makefile
+%endif
+# Protect builders against hard lock
+time timeout -k $TIMEOUT_KILL $TIMEOUT \
+    make check CORES=${CORES} SEQUENCE_CORES=${SEQUENCE_CORES}
+
+%files
+%license LICENSE
+%{_libdir}/libck.so.*
+
+%files devel
+%{_libdir}/libck.so
+%{_includedir}/%{name}
+%{_libdir}/pkgconfig/%{name}.pc
+%{_mandir}/man3/*.3.gz
+
+%changelog
+* Wed Apr 17 2024 Muhammad Falak <mwani@microsoft.com> - 0.7.2-1
+- Initial Azure Linux import from Fedora 40 (license: MIT)
+- License Verified
+
+* Tue Jan 23 2024 Fedora Release Engineering <releng@fedoraproject.org> - 0.7.1-5
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
+
+* Fri Jan 19 2024 Fedora Release Engineering <releng@fedoraproject.org> - 0.7.1-4
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
+
+* Wed Jul 19 2023 Fedora Release Engineering <releng@fedoraproject.org> - 0.7.1-3
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild
+
+* Thu Jul 13 2023 Petr Menšík <pemensik@redhat.com> - 0.7.1-2
+- Use SPDX licenses
+
+* Wed Jul 12 2023 Paul Wouters <paul.wouters@aiven.io - 0.7.1-1
+- Updated to 0.7.1 (partially for testing resolving of rhbz#2113147)
+- Remove upstreamed patches
+- Updated URL: and Source: to github, as concurrencykit.org has been dead for a while
+
+* Fri Feb 17 2023 Petr Menšík <pemensik@redhat.com> - 0.7.0-10
+- Set time limit to unit test run
+- Limit unit test to less cores to make them faster
+- Skip some tests on ppc64le and aarch64 platforms to avoid failures
+
+* Wed Jan 18 2023 Fedora Release Engineering <releng@fedoraproject.org> - 0.7.0-9
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild
+
+* Wed Jul 20 2022 Fedora Release Engineering <releng@fedoraproject.org> - 0.7.0-8
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild
+
+* Wed Jan 19 2022 Fedora Release Engineering <releng@fedoraproject.org> - 0.7.0-7
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild
+
+* Wed Jul 21 2021 Fedora Release Engineering <releng@fedoraproject.org> - 0.7.0-6
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild
+
+* Tue Jan 26 2021 Fedora Release Engineering <releng@fedoraproject.org> - 0.7.0-5
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
+
+* Mon Jul 27 2020 Fedora Release Engineering <releng@fedoraproject.org> - 0.7.0-4
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
+
+* Mon Feb 17 2020 Filip Januš <fjanus@redhat.com> - 0.7.0-3
+- Build fails due to ck_hclh test
+- github issue: https://github.com/concurrencykit/ck/issues/153
+- resolves:https://bugzilla.redhat.com/show_bug.cgi?id=1799226
+- add patch - disables ck_hclh test
+
+* Tue Jan 28 2020 Fedora Release Engineering <releng@fedoraproject.org> - 0.7.0-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
+
+* Thu Aug 22 2019 Honza Horak <hhorak@redhat.com> - 0.7.0-1
+- Update to 0.7.0
+
+* Wed Aug 21 2019 Honza Horak <hhorak@redhat.com> - 0.6.0-11
+- Add upstream patch ck_barrier_combining: switch to seq_cst semantics to make
+  ppc64le
+
+* Wed Aug 21 2019 Honza Horak <hhorak@redhat.com> - 0.6.0-10
+- Remove static gettid definition
+
+* Wed Jul 24 2019 Fedora Release Engineering <releng@fedoraproject.org> - 0.6.0-9
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
+
+* Thu Jan 31 2019 Fedora Release Engineering <releng@fedoraproject.org> - 0.6.0-8
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
+
+* Tue Jul 17 2018 Honza Horak <hhorak@redhat.com> - 0.6.0-7
+- Explicitly include gcc
+
+* Tue Jul 17 2018 Honza Horak <hhorak@redhat.com> - 0.6.0-6
+- Fix building on s390x and ignore tests also for ppc64le and ix86 and x86_64
+
+* Thu Jul 12 2018 Fedora Release Engineering <releng@fedoraproject.org> - 0.6.0-5
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
+
+* Wed Feb 07 2018 Fedora Release Engineering <releng@fedoraproject.org> - 0.6.0-4
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild
+
+* Wed Aug 02 2017 Fedora Release Engineering <releng@fedoraproject.org> - 0.6.0-3
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild
+
+* Wed Jul 26 2017 Fedora Release Engineering <releng@fedoraproject.org> - 0.6.0-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild
+
+* Tue Feb 28 2017 Xavier Bachelot <xavier@bachelot.org> - 0.6.0-1
+- Update to 0.6.0.
+- Run test suite.
+
+* Sat Feb 11 2017 Honza Horak <hhorak@redhat.com> - 0.5.2-2
+- Fix issues found during Package Review
+  Summary provides better idea what this library is for
+  Using macros for make build and install
+  Fix permissions of the shared library
+
+* Sat Feb 04 2017 Honza Horak <hhorak@redhat.com> - 0.5.2-1
+- Initial packaging
diff --git a/SPECS/ck/ck_disable_ck_hclh_test.patch b/SPECS/ck/ck_disable_ck_hclh_test.patch
new file mode 100644
index 00000000000..d3bd1742485
--- /dev/null
+++ b/SPECS/ck/ck_disable_ck_hclh_test.patch
@@ -0,0 +1,38 @@
+Author: Filip Januš
+Date: 17.2.2020
+Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1799226
+Github issue: https://github.com/concurrencykit/ck/issues/153
+
+Build fails on arm due to test ck_hclh.Test fails only with 5 cores
+This is temporary fix until upstream find solution
+
+diff -ur ck-0.7.0/regressions/ck_spinlock/validate/Makefile ck-0.7.0_patch/regressions/ck_spinlock/validate/Makefile
+--- ck-0.7.0/regressions/ck_spinlock/validate/Makefile	2019-02-20 21:13:02.000000000 +0100
++++ ck-0.7.0_patch/regressions/ck_spinlock/validate/Makefile	2020-02-17 14:37:03.250804089 +0100
+@@ -1,7 +1,7 @@
+ .PHONY: check clean
+ 
+ all: ck_ticket ck_mcs ck_dec ck_cas ck_fas ck_clh linux_spinlock \
+-     ck_ticket_pb ck_anderson ck_spinlock ck_hclh
++     ck_ticket_pb ck_anderson ck_spinlock
+ 
+ check: all
+ 	./ck_ticket $(CORES) 1
+@@ -10,7 +10,6 @@
+ 	./ck_cas $(CORES) 1
+ 	./ck_fas $(CORES) 1
+ 	./ck_clh $(CORES) 1
+-	./ck_hclh $(CORES) 1
+ 	./linux_spinlock $(CORES) 1
+ 	./ck_ticket_pb $(CORES) 1
+ 	./ck_anderson $(CORES) 1
+@@ -28,9 +27,6 @@
+ ck_clh: ck_clh.c
+ 	$(CC) $(CFLAGS) -o ck_clh ck_clh.c
+ 
+-ck_hclh: ck_hclh.c
+-	$(CC) $(CFLAGS) -o ck_hclh ck_hclh.c
+-
+ ck_anderson: ck_anderson.c
+ 	$(CC) $(CFLAGS) -o ck_anderson ck_anderson.c
+ 
diff --git a/cgmanifest.json b/cgmanifest.json
index 4a332d51e13..5398e4ecb43 100644
--- a/cgmanifest.json
+++ b/cgmanifest.json
@@ -1732,6 +1732,16 @@
         }
       }
     },
+    {
+      "component": {
+        "type": "other",
+        "other": {
+          "name": "ck",
+          "version": "0.7.2",
+          "downloadUrl": "https://github.com/concurrencykit/ck/archive/0.7.2/ck-0.7.2.tar.gz"
+        }
+      }
+    },
     {
       "component": {
         "type": "other",
@@ -11156,16 +11166,6 @@
         }
       }
     },
-    {
-      "component": {
-        "type": "other",
-        "other": {
-          "name": "libtracecmd",
-          "version": "1.5.1",
-          "downloadUrl": "https://git.kernel.org/pub/scm/utils/trace-cmd/trace-cmd.git/snapshot/trace-cmd-libtracecmd-1.5.1.tar.gz"
-        }
-      }
-    },
     {
       "component": {
         "type": "other",
@@ -11176,16 +11176,6 @@
         }
       }
     },
-    {
-      "component": {
-        "type": "other",
-        "other": {
-          "name": "libtracefs",
-          "version": "1.8.0",
-          "downloadUrl": "https://git.kernel.org/pub/scm/libs/libtrace/libtracefs.git/snapshot/libtracefs-1.8.0.tar.gz"
-        }
-      }
-    },
     {
       "component": {
         "type": "other",
@@ -11236,6 +11226,16 @@
         }
       }
     },
+    {
+      "component": {
+        "type": "other",
+        "other": {
+          "name": "libtracecmd",
+          "version": "1.5.1",
+          "downloadUrl": "https://git.kernel.org/pub/scm/utils/trace-cmd/trace-cmd.git/snapshot/trace-cmd-libtracecmd-1.5.1.tar.gz"
+        }
+      }
+    },
     {
       "component": {
         "type": "other",
@@ -11246,6 +11246,16 @@
         }
       }
     },
+    {
+      "component": {
+        "type": "other",
+        "other": {
+          "name": "libtracefs",
+          "version": "1.8.0",
+          "downloadUrl": "https://git.kernel.org/pub/scm/libs/libtrace/libtracefs.git/snapshot/libtracefs-1.8.0.tar.gz"
+        }
+      }
+    },
     {
       "component": {
         "type": "other",
@@ -23062,9 +23072,9 @@
       "component": {
         "type": "other",
         "other": {
-          "name": "python-mdurl",
-          "version": "0.1.2",
-          "downloadUrl": "https://github.com/executablebooks/mdurl/archive/0.1.2/mdurl-0.1.2.tar.gz"
+          "name": "python-mccabe",
+          "version": "0.6.1",
+          "downloadUrl": "https://files.pythonhosted.org/packages/source/m/mccabe/mccabe-0.6.1.tar.gz"
         }
       }
     },
@@ -23072,9 +23082,9 @@
       "component": {
         "type": "other",
         "other": {
-          "name": "python-mccabe",
-          "version": "0.6.1",
-          "downloadUrl": "https://files.pythonhosted.org/packages/source/m/mccabe/mccabe-0.6.1.tar.gz"
+          "name": "python-mdurl",
+          "version": "0.1.2",
+          "downloadUrl": "https://github.com/executablebooks/mdurl/archive/0.1.2/mdurl-0.1.2.tar.gz"
         }
       }
     },

From 8f248721394760546b3a043725750ee33e820cd2 Mon Sep 17 00:00:00 2001
From: Andrew Phelps <anphel31@users.noreply.github.com>
Date: Fri, 19 Apr 2024 17:36:45 -0700
Subject: [PATCH 14/62] upgrade bpftrace to 0.20.3 and add patch for llvm18
 support (#8837)

---
 SPECS/bpftrace/bpftrace-0.20-llvm18.patch | 515 ++++++++++++++++++++++
 SPECS/bpftrace/bpftrace.signatures.json   |   2 +-
 SPECS/bpftrace/bpftrace.spec              |  21 +-
 cgmanifest.json                           |   4 +-
 4 files changed, 532 insertions(+), 10 deletions(-)
 create mode 100644 SPECS/bpftrace/bpftrace-0.20-llvm18.patch

diff --git a/SPECS/bpftrace/bpftrace-0.20-llvm18.patch b/SPECS/bpftrace/bpftrace-0.20-llvm18.patch
new file mode 100644
index 00000000000..59b4bf16036
--- /dev/null
+++ b/SPECS/bpftrace/bpftrace-0.20-llvm18.patch
@@ -0,0 +1,515 @@
+From 686b73cbb7ae5ab24d1f8ad69c608225d14c94e2 Mon Sep 17 00:00:00 2001
+From: Daniel Xu <dxu@dxuuu.xyz>
+Date: Tue, 12 Mar 2024 13:13:01 -0600
+Subject: [PATCH 1/5] Update CHANGELOG
+
+---
+ CHANGELOG.md | 2 ++
+ 1 file changed, 2 insertions(+)
+
+diff --git a/CHANGELOG.md b/CHANGELOG.md
+index e699c473..c574ad3e 100644
+--- a/CHANGELOG.md
++++ b/CHANGELOG.md
+@@ -9,6 +9,8 @@ and this project adheres to
+ ## Unreleased
+ 
+ #### Added
++- Add LLVM 18 support
++  - [#3051](https://github.com/bpftrace/bpftrace/pull/3051)
+ #### Changed
+ #### Deprecated
+ #### Removed
+-- 
+2.33.8
+
+
+From 79e9282b4d2a87a3269d7fd2c595efa784fda7c4 Mon Sep 17 00:00:00 2001
+From: Wentao Zhang <wentao.zhang@windriver.com>
+Date: Tue, 15 Aug 2023 11:18:36 +0800
+Subject: [PATCH 2/5] replace python with python3 in the test
+
+"runtime:call" in ptest gets the following FAILED:
+python: No such file or directory
+replace python with python3 in the test scripts.
+
+$export BPFTRACE_RUNTIME_TEST_EXECUTABLE=/usr/bin
+$cd /usr/lib/bpftrace/ptest/tests
+$python3 runtime/engine/main.py --filter="call.*"
+***
+[ RUN      ] call.strftime_microsecond_extension_rollover
+[  FAILED  ] call.strftime_microsecond_extension_rollover
+	Command: /usr/bin/bpftrace -e 'BEGIN { printf("%s - %s\n", strftime
+    ("1%f", 1000000123000), strftime("1%f", 0)); exit(); }' | tail -n
+    +2 | xargs -I{} python -c "print({})"
+	Unclean exit code: 127
+	Output: __BPFTRACE_NOTIFY_PROBES_ATTACHED\nxargs: python: No such
+    file or directory\n
+***
+
+Signed-off-by: Wentao Zhang <wentao.zhang@windriver.com>
+Signed-off-by: Khem Raj <raj.khem@gmail.com>
+---
+ tests/runtime/call | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/tests/runtime/call b/tests/runtime/call
+index 2d7d9fcd..c6dcdf12 100644
+--- a/tests/runtime/call
++++ b/tests/runtime/call
+@@ -378,13 +378,13 @@ TIMEOUT 5
+ #
+ # Note we add a `1` before the timestamp b/c leading zeros (eg `0123`) is invalid integer in python.
+ NAME strftime_microsecond_extension
+-RUN {{BPFTRACE}} -e 'BEGIN { printf("%s - %s\n", strftime("1%f", 1000123000), strftime("1%f", 0)); exit(); }' | tail -n +2 | xargs -I{} python -c "print({})"
++RUN {{BPFTRACE}} -e 'BEGIN { printf("%s - %s\n", strftime("1%f", 1000123000), strftime("1%f", 0)); exit(); }' | tail -n +2 | xargs -I{} python3 -c "print({})"
+ EXPECT 123
+ TIMEOUT 1
+ 
+ # Similar to above test but test that rolling over past 1s works as expected
+ NAME strftime_microsecond_extension_rollover
+-RUN {{BPFTRACE}} -e 'BEGIN { printf("%s - %s\n", strftime("1%f", 1000000123000), strftime("1%f", 0)); exit(); }' | tail -n +2 | xargs -I{} python -c "print({})"
++RUN {{BPFTRACE}} -e 'BEGIN { printf("%s - %s\n", strftime("1%f", 1000000123000), strftime("1%f", 0)); exit(); }' | tail -n +2 | xargs -I{} python3 -c "print({})"
+ EXPECT 123
+ TIMEOUT 1
+ 
+-- 
+2.33.8
+
+
+From 0cd1b0a341c3562a478c4f9a86fe3f765b5ec2bb Mon Sep 17 00:00:00 2001
+From: Khem Raj <raj.khem@gmail.com>
+Date: Fri, 16 Feb 2024 10:32:27 -0800
+Subject: [PATCH 3/5] ast: Repace getInt8PtrTy with getPtrTy
+
+getPtrTy is added in LLVM-15 and is to be used instead of getInt8PtrTy
+which is gone in LLVM-18 onwards
+
+https://github.com/llvm/llvm-project/commit/7e0802aeb5b90
+
+Signed-off-by: Khem Raj <raj.khem@gmail.com>
+Signed-off-by: Daniel Xu <dxu@dxuuu.xyz>
+---
+ src/ast/irbuilderbpf.cpp        | 67 +++++++++++++++------------------
+ src/ast/irbuilderbpf.h          |  6 +++
+ src/ast/passes/codegen_llvm.cpp | 22 +++++------
+ 3 files changed, 48 insertions(+), 47 deletions(-)
+
+diff --git a/src/ast/irbuilderbpf.cpp b/src/ast/irbuilderbpf.cpp
+index 241ee74e..704f0a2b 100644
+--- a/src/ast/irbuilderbpf.cpp
++++ b/src/ast/irbuilderbpf.cpp
+@@ -350,7 +350,7 @@ CallInst *IRBuilderBPF::createMapLookup(int mapid,
+                                         Value *key,
+                                         const std::string &name)
+ {
+-  return createMapLookup(mapid, key, getInt8PtrTy(), name);
++  return createMapLookup(mapid, key, GET_PTR_TY(), name);
+ }
+ 
+ CallInst *IRBuilderBPF::createMapLookup(int mapid,
+@@ -378,7 +378,7 @@ CallInst *IRBuilderBPF::CreateGetJoinMap(BasicBlock *failure_callback,
+ {
+   return createGetScratchMap(bpftrace_.maps[MapManager::Type::Join].value()->id,
+                              "join",
+-                             getInt8PtrTy(),
++                             GET_PTR_TY(),
+                              loc,
+                              failure_callback);
+ }
+@@ -407,8 +407,8 @@ CallInst *IRBuilderBPF::createGetScratchMap(int mapid,
+   BasicBlock *lookup_merge_block = BasicBlock::Create(
+       module_.getContext(), "lookup_" + name + "_merge", parent);
+   Value *condition = CreateICmpNE(
+-      CreateIntCast(call, getInt8PtrTy(), true),
+-      ConstantExpr::getCast(Instruction::IntToPtr, getInt64(0), getInt8PtrTy()),
++      CreateIntCast(call, GET_PTR_TY(), true),
++      ConstantExpr::getCast(Instruction::IntToPtr, getInt64(0), GET_PTR_TY()),
+       "lookup_" + name + "_cond");
+   CreateCondBr(condition, lookup_merge_block, lookup_failure_block);
+ 
+@@ -428,7 +428,7 @@ Value *IRBuilderBPF::CreateMapLookupElem(Value *ctx,
+                                          Value *key,
+                                          const location &loc)
+ {
+-  assert(ctx && ctx->getType() == getInt8PtrTy());
++  assert(ctx && ctx->getType() == GET_PTR_TY());
+   int mapid = bpftrace_.maps[map.ident].value()->id;
+   return CreateMapLookupElem(ctx, mapid, key, map.type, loc);
+ }
+@@ -439,7 +439,7 @@ Value *IRBuilderBPF::CreateMapLookupElem(Value *ctx,
+                                          SizedType &type,
+                                          const location &loc)
+ {
+-  assert(ctx && ctx->getType() == getInt8PtrTy());
++  assert(ctx && ctx->getType() == GET_PTR_TY());
+   CallInst *call = createMapLookup(mapid, key);
+ 
+   // Check if result == 0
+@@ -450,8 +450,8 @@ Value *IRBuilderBPF::CreateMapLookupElem(Value *ctx,
+ 
+   AllocaInst *value = CreateAllocaBPF(type, "lookup_elem_val");
+   Value *condition = CreateICmpNE(
+-      CreateIntCast(call, getInt8PtrTy(), true),
+-      ConstantExpr::getCast(Instruction::IntToPtr, getInt64(0), getInt8PtrTy()),
++      CreateIntCast(call, GET_PTR_TY(), true),
++      ConstantExpr::getCast(Instruction::IntToPtr, getInt64(0), GET_PTR_TY()),
+       "map_lookup_cond");
+   CreateCondBr(condition, lookup_success_block, lookup_failure_block);
+ 
+@@ -494,7 +494,7 @@ void IRBuilderBPF::CreateMapUpdateElem(Value *ctx,
+ {
+   Value *map_ptr = CreateBpfPseudoCallId(map);
+ 
+-  assert(ctx && ctx->getType() == getInt8PtrTy());
++  assert(ctx && ctx->getType() == GET_PTR_TY());
+   assert(key->getType()->isPointerTy());
+   assert(val->getType()->isPointerTy());
+ 
+@@ -523,7 +523,7 @@ void IRBuilderBPF::CreateMapDeleteElem(Value *ctx,
+                                        Value *key,
+                                        const location &loc)
+ {
+-  assert(ctx && ctx->getType() == getInt8PtrTy());
++  assert(ctx && ctx->getType() == GET_PTR_TY());
+   assert(key->getType()->isPointerTy());
+   Value *map_ptr = CreateBpfPseudoCallId(map);
+ 
+@@ -586,7 +586,7 @@ void IRBuilderBPF::CreateProbeRead(Value *ctx,
+                                    AddrSpace as,
+                                    const location &loc)
+ {
+-  assert(ctx && ctx->getType() == getInt8PtrTy());
++  assert(ctx && ctx->getType() == GET_PTR_TY());
+   assert(size && size->getType()->getIntegerBitWidth() <= 32);
+   size = CreateIntCast(size, getInt32Ty(), false);
+ 
+@@ -625,7 +625,7 @@ CallInst *IRBuilderBPF::CreateProbeReadStr(Value *ctx,
+                                            AddrSpace as,
+                                            const location &loc)
+ {
+-  assert(ctx && ctx->getType() == getInt8PtrTy());
++  assert(ctx && ctx->getType() == GET_PTR_TY());
+   assert(size && size->getType()->isIntegerTy());
+   if ([[maybe_unused]] auto *dst_alloca = dyn_cast<AllocaInst>(dst))
+   {
+@@ -660,7 +660,7 @@ Value *IRBuilderBPF::CreateUSDTReadArgument(Value *ctx,
+                                             AddrSpace as,
+                                             const location &loc)
+ {
+-  assert(ctx && ctx->getType() == getInt8PtrTy());
++  assert(ctx && ctx->getType() == GET_PTR_TY());
+   // Argument size must be 1, 2, 4, or 8. See
+   // https://sourceware.org/systemtap/wiki/UserSpaceProbeImplementation
+   int abs_size = std::abs(argument->size);
+@@ -766,7 +766,7 @@ Value *IRBuilderBPF::CreateUSDTReadArgument(Value *ctx,
+                                             AddrSpace as,
+                                             const location &loc)
+ {
+-  assert(ctx && ctx->getType() == getInt8PtrTy());
++  assert(ctx && ctx->getType() == GET_PTR_TY());
+   struct bcc_usdt_argument argument;
+ 
+   void *usdt;
+@@ -1419,7 +1419,7 @@ CallInst *IRBuilderBPF::CreateGetStackId(Value *ctx,
+                                          StackType stack_type,
+                                          const location &loc)
+ {
+-  assert(ctx && ctx->getType() == getInt8PtrTy());
++  assert(ctx && ctx->getType() == GET_PTR_TY());
+ 
+   Value *map_ptr = CreateBpfPseudoCallId(
+       bpftrace_.maps[stack_type].value()->id);
+@@ -1432,9 +1432,7 @@ CallInst *IRBuilderBPF::CreateGetStackId(Value *ctx,
+   // long bpf_get_stackid(struct pt_regs *ctx, struct bpf_map *map, u64 flags)
+   // Return: >= 0 stackid on success or negative error
+   FunctionType *getstackid_func_type = FunctionType::get(
+-      getInt64Ty(),
+-      { getInt8PtrTy(), map_ptr->getType(), getInt64Ty() },
+-      false);
++      getInt64Ty(), { GET_PTR_TY(), map_ptr->getType(), getInt64Ty() }, false);
+   CallInst *call = CreateHelperCall(libbpf::BPF_FUNC_get_stackid,
+                                     getstackid_func_type,
+                                     { ctx, map_ptr, flags_val },
+@@ -1482,7 +1480,7 @@ void IRBuilderBPF::CreateOutput(Value *ctx,
+                                 size_t size,
+                                 const location *loc)
+ {
+-  assert(ctx && ctx->getType() == getInt8PtrTy());
++  assert(ctx && ctx->getType() == GET_PTR_TY());
+   assert(data && data->getType()->isPointerTy());
+ 
+   if (bpftrace_.feature_->has_map_ringbuf())
+@@ -1551,8 +1549,8 @@ void IRBuilderBPF::CreateAtomicIncCounter(int mapid, uint32_t idx)
+                                                       parent);
+ 
+   Value *condition = CreateICmpNE(
+-      CreateIntCast(call, getInt8PtrTy(), true),
+-      ConstantExpr::getCast(Instruction::IntToPtr, getInt64(0), getInt8PtrTy()),
++      CreateIntCast(call, GET_PTR_TY(), true),
++      ConstantExpr::getCast(Instruction::IntToPtr, getInt64(0), GET_PTR_TY()),
+       "map_lookup_cond");
+   CreateCondBr(condition, lookup_success_block, lookup_failure_block);
+ 
+@@ -1609,8 +1607,8 @@ void IRBuilderBPF::CreateMapElemAdd(Value *ctx,
+ 
+   AllocaInst *value = CreateAllocaBPF(type, "lookup_elem_val");
+   Value *condition = CreateICmpNE(
+-      CreateIntCast(call, getInt8PtrTy(), true),
+-      ConstantExpr::getCast(Instruction::IntToPtr, getInt64(0), getInt8PtrTy()),
++      CreateIntCast(call, GET_PTR_TY(), true),
++      ConstantExpr::getCast(Instruction::IntToPtr, getInt64(0), GET_PTR_TY()),
+       "map_lookup_cond");
+   CreateCondBr(condition, lookup_success_block, lookup_failure_block);
+ 
+@@ -1646,7 +1644,7 @@ void IRBuilderBPF::CreatePerfEventOutput(Value *ctx,
+   // long bpf_perf_event_output(struct pt_regs *ctx, struct bpf_map *map,
+   //                            u64 flags, void *data, u64 size)
+   FunctionType *perfoutput_func_type = FunctionType::get(getInt64Ty(),
+-                                                         { getInt8PtrTy(),
++                                                         { GET_PTR_TY(),
+                                                            map_ptr->getType(),
+                                                            getInt64Ty(),
+                                                            data->getType(),
+@@ -1690,7 +1688,7 @@ void IRBuilderBPF::CreateTracePrintk(Value *fmt_ptr,
+ 
+   // long bpf_trace_printk(const char *fmt, u32 fmt_size, ...)
+   FunctionType *traceprintk_func_type = FunctionType::get(
+-      getInt64Ty(), { getInt8PtrTy(), getInt32Ty() }, true);
++      getInt64Ty(), { GET_PTR_TY(), getInt32Ty() }, true);
+ 
+   CreateHelperCall(libbpf::BPF_FUNC_trace_printk,
+                    traceprintk_func_type,
+@@ -1721,7 +1719,7 @@ void IRBuilderBPF::CreateOverrideReturn(Value *ctx, Value *rc)
+   // long bpf_override_return(struct pt_regs *regs, u64 rc)
+   // Return: 0
+   FunctionType *override_func_type = FunctionType::get(
+-      getInt64Ty(), { getInt8PtrTy(), getInt64Ty() }, false);
++      getInt64Ty(), { GET_PTR_TY(), getInt64Ty() }, false);
+   PointerType *override_func_ptr_type = PointerType::get(override_func_type, 0);
+   Constant *override_func = ConstantExpr::getCast(Instruction::IntToPtr,
+       getInt64(libbpf::BPF_FUNC_override_return),
+@@ -1901,7 +1899,7 @@ void IRBuilderBPF::CreateHelperError(Value *ctx,
+                                      libbpf::bpf_func_id func_id,
+                                      const location &loc)
+ {
+-  assert(ctx && ctx->getType() == getInt8PtrTy());
++  assert(ctx && ctx->getType() == GET_PTR_TY());
+   assert(return_value && return_value->getType() == getInt32Ty());
+ 
+   if (bpftrace_.helper_check_level_ == 0 ||
+@@ -1941,7 +1939,7 @@ void IRBuilderBPF::CreateHelperErrorCond(Value *ctx,
+                                          const location &loc,
+                                          bool compare_zero)
+ {
+-  assert(ctx && ctx->getType() == getInt8PtrTy());
++  assert(ctx && ctx->getType() == GET_PTR_TY());
+   if (bpftrace_.helper_check_level_ == 0 ||
+       (bpftrace_.helper_check_level_ == 1 && return_zero_if_err(func_id)))
+     return;
+@@ -1977,7 +1975,7 @@ void IRBuilderBPF::CreatePath(Value *ctx,
+   // int bpf_d_path(struct path *path, char *buf, u32 sz)
+   // Return: 0 or error
+   FunctionType *d_path_func_type = FunctionType::get(
+-      getInt64Ty(), { getInt8PtrTy(), buf->getType(), getInt32Ty() }, false);
++      getInt64Ty(), { GET_PTR_TY(), buf->getType(), getInt32Ty() }, false);
+   CallInst *call = CreateHelperCall(
+       libbpf::bpf_func_id::BPF_FUNC_d_path,
+       d_path_func_type,
+@@ -1997,13 +1995,10 @@ void IRBuilderBPF::CreateSeqPrintf(Value *ctx,
+   // long bpf_seq_printf(struct seq_file *m, const char *fmt, __u32 fmt_size,
+   //                     const void *data, __u32 data_len)
+   // Return: 0 or error
+-  FunctionType *seq_printf_func_type = FunctionType::get(getInt64Ty(),
+-                                                         { getInt64Ty(),
+-                                                           getInt8PtrTy(),
+-                                                           getInt32Ty(),
+-                                                           getInt8PtrTy(),
+-                                                           getInt32Ty() },
+-                                                         false);
++  FunctionType *seq_printf_func_type = FunctionType::get(
++      getInt64Ty(),
++      { getInt64Ty(), GET_PTR_TY(), getInt32Ty(), GET_PTR_TY(), getInt32Ty() },
++      false);
+   PointerType *seq_printf_func_ptr_type = PointerType::get(seq_printf_func_type,
+                                                            0);
+   Constant *seq_printf_func = ConstantExpr::getCast(
+diff --git a/src/ast/irbuilderbpf.h b/src/ast/irbuilderbpf.h
+index 739aa75d..a5148b60 100644
+--- a/src/ast/irbuilderbpf.h
++++ b/src/ast/irbuilderbpf.h
+@@ -46,6 +46,12 @@
+   CreateAtomicRMW((op), (ptr), (val), (order))
+ #endif
+ 
++#if LLVM_VERSION_MAJOR >= 15
++#define GET_PTR_TY() getPtrTy()
++#else
++#define GET_PTR_TY() getInt8PtrTy()
++#endif
++
+ namespace bpftrace {
+ namespace ast {
+ 
+diff --git a/src/ast/passes/codegen_llvm.cpp b/src/ast/passes/codegen_llvm.cpp
+index c7adc426..0e00a14d 100644
+--- a/src/ast/passes/codegen_llvm.cpp
++++ b/src/ast/passes/codegen_llvm.cpp
+@@ -439,10 +439,10 @@ void CodegenLLVM::visit(Call &call)
+ 
+     AllocaInst *value = b_.CreateAllocaBPF(type, "lookup_elem_val");
+     Value *condition = b_.CreateICmpNE(
+-        b_.CreateIntCast(lookup, b_.getInt8PtrTy(), true),
++        b_.CreateIntCast(lookup, b_.GET_PTR_TY(), true),
+         ConstantExpr::getCast(Instruction::IntToPtr,
+                               b_.getInt64(0),
+-                              b_.getInt8PtrTy()),
++                              b_.GET_PTR_TY()),
+         "map_lookup_cond");
+     b_.CreateCondBr(condition, lookup_success_block, lookup_failure_block);
+ 
+@@ -496,10 +496,10 @@ void CodegenLLVM::visit(Call &call)
+ 
+     AllocaInst *value = b_.CreateAllocaBPF(type, "lookup_elem_val");
+     Value *condition = b_.CreateICmpNE(
+-        b_.CreateIntCast(lookup, b_.getInt8PtrTy(), true),
++        b_.CreateIntCast(lookup, b_.GET_PTR_TY(), true),
+         ConstantExpr::getCast(Instruction::IntToPtr,
+                               b_.getInt64(0),
+-                              b_.getInt8PtrTy()),
++                              b_.GET_PTR_TY()),
+         "map_lookup_cond");
+     b_.CreateCondBr(condition, lookup_success_block, lookup_failure_block);
+ 
+@@ -760,7 +760,7 @@ void CodegenLLVM::visit(Call &call)
+                                     ? Instruction::BitCast
+                                     : Instruction::IntToPtr,
+                                 expr_,
+-                                b_.getInt8PtrTy()),
++                                b_.GET_PTR_TY()),
+                   call.loc);
+     expr_ = buf;
+     expr_deleter_ = [this, buf]() { b_.CreateLifetimeEnd(buf); };
+@@ -1030,9 +1030,9 @@ void CodegenLLVM::visit(Call &call)
+ 
+       // and finally the seq_printf call
+       b_.CreateSeqPrintf(ctx_,
+-                         b_.CreateIntToPtr(fmt, b_.getInt8PtrTy()),
++                         b_.CreateIntToPtr(fmt, b_.GET_PTR_TY()),
+                          b_.getInt32(size),
+-                         b_.CreatePointerCast(data, b_.getInt8PtrTy()),
++                         b_.CreatePointerCast(data, b_.GET_PTR_TY()),
+                          b_.getInt32(data_size),
+                          call.loc);
+ 
+@@ -1066,7 +1066,7 @@ void CodegenLLVM::visit(Call &call)
+       values.push_back(expr_);
+     }
+ 
+-    b_.CreateTracePrintk(b_.CreateIntToPtr(fmt, b_.getInt8PtrTy()),
++    b_.CreateTracePrintk(b_.CreateIntToPtr(fmt, b_.GET_PTR_TY()),
+                          b_.getInt32(size),
+                          values,
+                          call.loc);
+@@ -2093,7 +2093,7 @@ void CodegenLLVM::visit(FieldAccess &acc)
+         // `is_data_loc` should only be set if field access is on `args` which
+         // has to be a ctx access
+         assert(type.IsCtxAccess());
+-        assert(ctx_->getType() == b_.getInt8PtrTy());
++        assert(ctx_->getType() == b_.GET_PTR_TY());
+         // Parser needs to have rewritten field to be a u64
+         assert(field.type.IsIntTy());
+         assert(field.type.GetIntBitWidth() == 64);
+@@ -2685,7 +2685,7 @@ void CodegenLLVM::visit(Probe &probe)
+ {
+   FunctionType *func_type = FunctionType::get(
+       b_.getInt64Ty(),
+-      {b_.getInt8PtrTy()}, // struct pt_regs *ctx
++      {b_.GET_PTR_TY()}, // struct pt_regs *ctx
+       false);
+ 
+   // Probe has at least one attach point (required by the parser)
+@@ -3880,7 +3880,7 @@ Function *CodegenLLVM::createMapLenCallback()
+   auto saved_ip = b_.saveIP();
+ 
+   std::array<llvm::Type *, 4> args = {
+-    b_.getInt8PtrTy(), b_.getInt8PtrTy(), b_.getInt8PtrTy(), b_.getInt8PtrTy()
++    b_.GET_PTR_TY(), b_.GET_PTR_TY(), b_.GET_PTR_TY(), b_.GET_PTR_TY()
+   };
+ 
+   FunctionType *callback_type = FunctionType::get(b_.getInt64Ty(), args, false);
+-- 
+2.33.8
+
+
+From be31e10702e1cb747da8729ec3162ed1dae65dc4 Mon Sep 17 00:00:00 2001
+From: Khem Raj <raj.khem@gmail.com>
+Date: Fri, 16 Feb 2024 10:40:21 -0800
+Subject: [PATCH 4/5] ast: Adjust to enum changes in llvm 18
+
+llvm 18 has change CodeGenOpt::Level/CodeGenFileType into enum classes via
+https://github.com/llvm/llvm-project/commit/0a1aa6cda2758b0926a95f87d39ffefb1cb90200
+
+Signed-off-by: Khem Raj <raj.khem@gmail.com>
+Signed-off-by: Daniel Xu <dxu@dxuuu.xyz>
+---
+ src/ast/passes/codegen_llvm.cpp | 8 +++++++-
+ 1 file changed, 7 insertions(+), 1 deletion(-)
+
+diff --git a/src/ast/passes/codegen_llvm.cpp b/src/ast/passes/codegen_llvm.cpp
+index 0e00a14d..f3aa091e 100644
+--- a/src/ast/passes/codegen_llvm.cpp
++++ b/src/ast/passes/codegen_llvm.cpp
+@@ -72,7 +72,11 @@ CodegenLLVM::CodegenLLVM(Node *root, BPFtrace &bpftrace)
+                                   Optional<Reloc::Model>()
+ #endif
+                                       ));
++#if LLVM_VERSION_MAJOR >= 18
++  target_machine_->setOptLevel(llvm::CodeGenOptLevel::Aggressive);
++#else
+   target_machine_->setOptLevel(llvm::CodeGenOpt::Aggressive);
++#endif
+ 
+   module_->setTargetTriple(LLVMTargetTriple);
+   module_->setDataLayout(target_machine_->createDataLayout());
+@@ -3617,7 +3621,9 @@ void CodegenLLVM::emit(raw_pwrite_stream &stream)
+ {
+   legacy::PassManager PM;
+ 
+-#if LLVM_VERSION_MAJOR >= 10
++#if LLVM_VERSION_MAJOR >= 18
++  auto type = CodeGenFileType::ObjectFile;
++#elif LLVM_VERSION_MAJOR >= 10
+   auto type = llvm::CGFT_ObjectFile;
+ #else
+   auto type = llvm::TargetMachine::CGFT_ObjectFile;
+-- 
+2.33.8
+
+
+From 802cb8a62aa4ff5a97e629b96ba9e069859511db Mon Sep 17 00:00:00 2001
+From: Khem Raj <raj.khem@gmail.com>
+Date: Fri, 16 Feb 2024 10:14:41 -0800
+Subject: [PATCH 5/5] cmake: Bump max LLVM version to 18+
+
+Signed-off-by: Khem Raj <raj.khem@gmail.com>
+---
+ CMakeLists.txt | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/CMakeLists.txt b/CMakeLists.txt
+index 472068fc..fc6844de 100644
+--- a/CMakeLists.txt
++++ b/CMakeLists.txt
+@@ -139,7 +139,7 @@ else()
+ endif()
+ 
+ set(MIN_LLVM_MAJOR 6)
+-set(MAX_LLVM_MAJOR 17)
++set(MAX_LLVM_MAJOR 18)
+ 
+ if((${LLVM_VERSION_MAJOR} VERSION_LESS ${MIN_LLVM_MAJOR}) OR (${LLVM_VERSION_MAJOR} VERSION_GREATER ${MAX_LLVM_MAJOR}))
+   message(SEND_ERROR "Unsupported LLVM version found via ${LLVM_INCLUDE_DIRS}: ${LLVM_VERSION_MAJOR}")
+-- 
+2.33.8
+
diff --git a/SPECS/bpftrace/bpftrace.signatures.json b/SPECS/bpftrace/bpftrace.signatures.json
index fb90a34a04a..b81d801dce5 100644
--- a/SPECS/bpftrace/bpftrace.signatures.json
+++ b/SPECS/bpftrace/bpftrace.signatures.json
@@ -1,5 +1,5 @@
 {
  "Signatures": {
-  "bpftrace-0.19.1.tar.gz": "b520340f28ce4d6f2fb2355f1675b6801ff8498ed9e8bff14abbbf6baff5a08e"
+  "bpftrace-0.20.3.tar.gz": "29057213d253f893590b3e0a358c9382ec8ddaa6efd1af500aaaf297d23beafc"
  }
 }
diff --git a/SPECS/bpftrace/bpftrace.spec b/SPECS/bpftrace/bpftrace.spec
index b517d4a0779..dae6bc189f1 100644
--- a/SPECS/bpftrace/bpftrace.spec
+++ b/SPECS/bpftrace/bpftrace.spec
@@ -1,6 +1,6 @@
 Summary:        Berkeley Packet Filter Tracing Language
 Name:           bpftrace
-Version:        0.19.1
+Version:        0.20.3
 Release:        1%{?dist}
 License:        ASL 2.0
 Vendor:         Microsoft Corporation
@@ -8,6 +8,7 @@ Distribution:   Azure Linux
 Group:          Applications/System
 URL:            https://github.com/iovisor/bpftrace
 Source0:        %{url}/archive/refs/tags/v%{version}.tar.gz#/%{name}-%{version}.tar.gz
+Patch0:         bpftrace-0.20-llvm18.patch
 BuildRequires:  bcc-devel
 BuildRequires:  binutils-devel
 BuildRequires:  bison
@@ -21,7 +22,7 @@ BuildRequires:  gcc
 BuildRequires:  git
 BuildRequires:  libbpf-devel
 BuildRequires:  libpcap-devel
-BuildRequires:  llvm-devel >= 12.0.1-1
+BuildRequires:  llvm-devel >= 18
 BuildRequires:  make
 BuildRequires:  systemtap-sdt-devel
 BuildRequires:  vim-extra
@@ -32,7 +33,7 @@ Requires:       clang
 Requires:       glibc
 Requires:       libgcc
 Requires:       libstdc++
-Requires:       llvm >= 12.0.1-1
+Requires:       llvm >= 18
 %if 0%{?with_check}
 BuildRequires:  gmock
 BuildRequires:  gmock-devel
@@ -55,16 +56,18 @@ cd build
     -DCMAKE_BUILD_TYPE=RelWithDebInfo \
     -DBUILD_SHARED_LIBS:BOOL=OFF \
     -DUSE_SYSTEM_BPF_BCC:BOOL=ON \
-%if !%{with_check}
-    -DBUILD_TESTING=0 \
+%if 0%{?with_check}
+    -DBUILD_TESTING:BOOL=ON \
+%else
+    -DBUILD_TESTING:BOOL=OFF \
 %endif
     ..
 
-make bpftrace
+make
 
 %check
 cd build
-make test
+./tests/bpftrace_test --rerun-failed --output-on-failure
 
 %install
 mkdir -p %{buildroot}%{_bindir}/
@@ -80,6 +83,10 @@ install -p -m 644 tools/*.txt %{buildroot}%{_datadir}/bpftrace/tools/doc
 %{_datadir}/bpftrace/tools
 
 %changelog
+* Thu Apr 18 2024 Andrew Phelps <anphel@microsoft.com> - 0.20.3-1
+- Upgrade version to 0.20.3
+- Add patch to support building with LLVM 18
+
 * Thu Jan 04 2024 Muhammad Falak <mwani@microsoft.com> - 0.19.1-1
 - Upgrade version to 0.19.1
 - Use system libbpf
diff --git a/cgmanifest.json b/cgmanifest.json
index 5398e4ecb43..fdb031a3caa 100644
--- a/cgmanifest.json
+++ b/cgmanifest.json
@@ -1247,8 +1247,8 @@
         "type": "other",
         "other": {
           "name": "bpftrace",
-          "version": "0.19.1",
-          "downloadUrl": "https://github.com/iovisor/bpftrace/archive/refs/tags/v0.19.1.tar.gz"
+          "version": "0.20.3",
+          "downloadUrl": "https://github.com/iovisor/bpftrace/archive/refs/tags/v0.20.3.tar.gz"
         }
       }
     },

From e60d6dd8a9a60b242ea0a30ea18992c2a9f59220 Mon Sep 17 00:00:00 2001
From: Henry Li <69694695+henryli001@users.noreply.github.com>
Date: Mon, 22 Apr 2024 10:46:11 -0700
Subject: [PATCH 15/62] [3.0] Upgrade slf4j to v2.0.7 (#8739)

Co-authored-by: Henry Li <lihl@microsoft.com>
---
 .../slf4j/build-remove-slf4j_api-binder.patch |  13 --
 SPECS/slf4j/slf4j-commons-lang3.patch         |  42 ----
 SPECS/slf4j/slf4j.signatures.json             |   5 +-
 SPECS/slf4j/slf4j.spec                        | 207 +++++++-----------
 cgmanifest.json                               |   4 +-
 5 files changed, 88 insertions(+), 183 deletions(-)
 delete mode 100644 SPECS/slf4j/build-remove-slf4j_api-binder.patch
 delete mode 100644 SPECS/slf4j/slf4j-commons-lang3.patch

diff --git a/SPECS/slf4j/build-remove-slf4j_api-binder.patch b/SPECS/slf4j/build-remove-slf4j_api-binder.patch
deleted file mode 100644
index 3a8d804dbd2..00000000000
--- a/SPECS/slf4j/build-remove-slf4j_api-binder.patch
+++ /dev/null
@@ -1,13 +0,0 @@
-Les fichiers binaires actual//build.xml.tar.bz2 et patched//build.xml.tar.bz2 sont différents.
-diff -uNr actual//slf4j-api/maven-build.xml patched//slf4j-api/maven-build.xml
---- actual//slf4j-api/maven-build.xml	2011-04-11 14:32:50.000000000 +0200
-+++ patched//slf4j-api/maven-build.xml	2011-04-12 17:30:10.248498005 +0200
-@@ -79,6 +79,8 @@
-     <copy todir="${maven.build.outputDir}">
-       <fileset dir="${maven.build.resourceDir.0}"/>
-     </copy>
-+    <echo>Removing slf4j-api's dummy StaticLoggerBinder and StaticMarkerBinder</echo>
-+    <delete dir="${maven.build.outputDir}/org/slf4j/impl"/>
-   </target>
- 
-   <!-- ====================================================================== -->
diff --git a/SPECS/slf4j/slf4j-commons-lang3.patch b/SPECS/slf4j/slf4j-commons-lang3.patch
deleted file mode 100644
index 10312f41ff7..00000000000
--- a/SPECS/slf4j/slf4j-commons-lang3.patch
+++ /dev/null
@@ -1,42 +0,0 @@
---- slf4j-1.7.25/slf4j-ext/src/main/java/org/slf4j/ext/MDCStrLookup.java	2016-12-22 19:54:22.000000000 +0100
-+++ slf4j-1.7.25/slf4j-ext/src/main/java/org/slf4j/ext/MDCStrLookup.java	2018-10-22 12:34:02.781643219 +0200
-@@ -24,7 +24,7 @@
-  */
- package org.slf4j.ext;
- 
--import org.apache.commons.lang.text.StrLookup;
-+import org.apache.commons.lang3.text.StrLookup;
- import org.slf4j.MDC;
- 
- /**
---- slf4j-1.7.25/slf4j-site/src/site/pages/extensions.html	2016-12-22 19:54:23.000000000 +0100
-+++ slf4j-1.7.25/slf4j-site/src/site/pages/extensions.html	2018-10-22 12:34:02.781643219 +0200
-@@ -602,7 +602,7 @@
-   where data is a reference to the EventData object.</p>
- 
-   <pre class="prettyprint source">import org.slf4j.MDC;
--import org.apache.commons.lang.time.DateUtils;
-+import org.apache.commons.lang3.time.DateUtils;
- 
- import javax.servlet.Filter;
- import javax.servlet.FilterConfig;
-@@ -832,7 +832,7 @@
-     <p>Some classes may misbehave when being rendered with "object.toString()" so they may be explicitly disabled 
-     in the logback configuration file permanently.  For instance the ToStringBuilder in the Apache Jakarta commons lang 
-     package is a prime candidate for this.  For logback add this snippet to logback.xml:
--    <pre>&lt;logger name="org.apache.commons.lang.builder" level="OFF" /&gt;</pre>
-+    <pre>&lt;logger name="org.apache.commons.lang3.builder" level="OFF" /&gt;</pre>
-     </p>
-     
- 
---- slf4j-1.7.25/slf4j-site/src/site/pages/news.html	2017-03-16 17:16:09.000000000 +0100
-+++ slf4j-1.7.25/slf4j-site/src/site/pages/news.html	2018-10-22 12:34:02.785643241 +0200
-@@ -966,7 +966,7 @@
-   used with Apache Commons Lang's <code>StrSubstitutor</code> class to
-   inject values in the SLF4J MDC into strings. Information on
-   StrSubstitutor can be found at <a
--  href="http://commons.apache.org/lang/api-release/org/apache/commons/lang/text/StrSubstitutor.html">StrSubstitutor
-+  href="http://commons.apache.org/lang/api-release/org/apache/commons/lang3/text/StrSubstitutor.html">StrSubstitutor
-   javadoc</a>.
-   </p>
- 
diff --git a/SPECS/slf4j/slf4j.signatures.json b/SPECS/slf4j/slf4j.signatures.json
index 6a74aa7d6f6..068e9bad060 100644
--- a/SPECS/slf4j/slf4j.signatures.json
+++ b/SPECS/slf4j/slf4j.signatures.json
@@ -1,7 +1,6 @@
 {
  "Signatures": {
   "LICENSE-2.0.txt": "cfc7749b96f63bd31c3c42b5c471bf756814053e847c10f3eb003417bc523d30",
-  "build.xml.tar.bz2": "ddae17d67e1bbaf7f22546acc6e1005694ab067a36f5d8f26a67953d10c85e95",
-  "slf4j-1.7.30.tar.gz": "217519588d0dd1f85cee2357ca31afdd7c0a1a8a6963953b3bf455cf5174633e"
+  "slf4j-2.0.7.tar.gz": "bbceec6fb3d9da85ab4e65f3776fcb648a07019c11c6c6ac93d13f532a73d998"
  }
-}
+}
\ No newline at end of file
diff --git a/SPECS/slf4j/slf4j.spec b/SPECS/slf4j/slf4j.spec
index d9e856d7ea4..78258dae959 100644
--- a/SPECS/slf4j/slf4j.spec
+++ b/SPECS/slf4j/slf4j.spec
@@ -17,8 +17,8 @@
 
 Summary:        Simple Logging Facade for Java
 Name:           slf4j
-Version:        1.7.30
-Release:        6%{?dist}
+Version:        2.0.7
+Release:        1%{?dist}
 License:        MIT
 Vendor:         Microsoft Corporation
 Distribution:   Azure Linux
@@ -26,19 +26,8 @@ Group:          Development/Libraries/Java
 URL:            https://www.slf4j.org/
 Source0:        https://github.com/qos-ch/%{name}/archive/v_%{version}.tar.gz#/%{name}-%{version}.tar.gz
 Source1:        http://www.apache.org/licenses/LICENSE-2.0.txt
-Source2:        build.xml.tar.bz2
-Patch1:         build-remove-slf4j_api-binder.patch
-Patch2:         slf4j-commons-lang3.patch
-BuildRequires:  ant >= 1.6.5
-BuildRequires:  ant-junit >= 1.6.5
-BuildRequires:  apache-commons-lang3
-BuildRequires:  apache-commons-logging
-BuildRequires:  cal10n
-BuildRequires:  java-devel >= 1.5.0
+BuildRequires:  javapackages-bootstrap
 BuildRequires:  javapackages-local-bootstrap
-BuildRequires:  javapackages-tools
-BuildRequires:  javassist >= 3.4
-BuildRequires:  junit >= 3.8.2
 Requires:       cal10n
 Requires:       java
 # this is ugly hack, which creates package which requires the same,
@@ -84,16 +73,6 @@ Requires:       mvn(org.slf4j:slf4j-api) = %{version}
 %description jdk14
 SLF4J JDK14 Binding.
 
-%package jcl
-Summary:        SLF4J JCL Binding
-License:        MIT
-Group:          Development/Libraries/Java
-Requires:       mvn(commons-logging:commons-logging)
-Requires:       mvn(org.slf4j:slf4j-api) = %{version}
-
-%description jcl
-SLF4J JCL Binding.
-
 %package -n jcl-over-slf4j
 Summary:        JCL 1.1.1 implemented over SLF4J
 License:        ASL 2.0
@@ -112,134 +91,116 @@ Requires:       mvn(org.slf4j:slf4j-api) = %{version}
 %description -n log4j-over-slf4j
 Log4j implemented over SLF4J.
 
+%package migrator
+Summary:        SLF4J Migrator
+License:        MIT
+Group:          Development/Libraries/Java
+Requires:       mvn(org.slf4j:slf4j-api) = %{version}
+ 
+%description migrator
+SLF4J Migrator.
+
+%package jdk-platform-logging
+Summary:        SLF4J jdk Platform Logging
+License:        MIT
+Group:          Development/Libraries/Java
+Requires:       mvn(org.slf4j:slf4j-api) = %{version}
+ 
+%description jdk-platform-logging
+SLF4J jdk Platform Logging.
+
+%package sources
+Summary:        SLF4J Source JARs
+License:        MIT
+Group:          Documentation/Other
+ 
+%description sources
+SLF4J Source JARs.
+
 %prep
-%setup -q -n %{name}-v_%{version} -a2
-%patch 1 -p1
-%patch 2 -p1
+%setup -q -n %{name}-v_%{version}
 find . -name "*.jar" | xargs rm
 cp -p %{SOURCE1} APACHE-LICENSE
 
-sed -i -e "s|ant<|org.apache.ant<|g" integration/pom.xml
-
-%{_bindir}/find -name "*.css" -o -name "*.js" -o -name "*.txt" | \
-    %{_bindir}/xargs -t perl -pi -e 's/
-$//g'
-
-# Unexpanded variable in the manifests
-for i in */src/main/resources/META-INF/MANIFEST.MF; do
-  echo "" >> ${i}
-  echo "Bundle-Version: %{version}" >> ${i}
-  sed -i '/^$/d' ${i}
-  perl -pi -e 's#\$\{parsedVersion\.osgiVersion\}#%{version}#g' ${i}
-  perl -pi -e 's#\$\{slf4j\.api\.minimum\.compatible\.version\}#1\.6\.0#g' ${i}
-done
-
-for i in */maven-build.xml; do
-  sed -i 's/target="1.6"/target="1.8"/' ${i}
-  sed -i 's/source="1.6"/source="1.8"/' ${i}
-done
-
-# The general pattern is that the API package exports API classes and does
-# # not require impl classes. slf4j was breaking that causing "A cycle was
-# # detected when generating the classpath slf4j.api, slf4j.nop, slf4j.api."
-# # The API bundle requires impl package, so to avoid cyclic dependencies
-# # during build time, it is necessary to mark the imported package as an
-# # optional one.
-# # Reported upstream: http://bugzilla.slf4j.org/show_bug.cgi?id=283
-sed -i "/Import-Package/s/$/;resolution:=optional/" slf4j-api/src/main/resources/META-INF/MANIFEST.MF
-
-%pom_change_dep -r -f ::::: :::::
-
-# Disabling log4j12 and modules depending on it.
-sed -i "/log4j12/d" maven-build.xml
+%pom_disable_module integration
 %pom_disable_module slf4j-log4j12
 %pom_disable_module jul-to-slf4j
 %pom_disable_module slf4j-ext
+%pom_disable_module slf4j-reload4j
+%pom_disable_module osgi-over-slf4j
+
+# Port to maven-antrun-plugin 3.0.0
+sed -i s/tasks/target/ slf4j-api/pom.xml
+
+# dos2unix
+find -name "*.css" -o -name "*.js" -o -name "*.txt" | \
+    xargs -t sed -i 's/\r$//'
+
+%pom_xpath_remove "pom:extensions"
+
+%mvn_package :::sources: sources
+
+%mvn_package :%{name}-api
+%mvn_package :%{name}-simple
+%mvn_package :%{name}-nop
 
 %build
-export CLASSPATH=$(build-classpath \
-                   commons-logging \
-                   commons-lang3 \
-                   javassist-3.14.0 \
-                   cal10n)
-export CLASSPATH=$CLASSPATH:$(pwd)/slf4j-api/target/slf4j-api-%{version}.jar
-export MAVEN_REPO_LOCAL=$(pwd)/.m2
-ant -Dmaven2.jpp.mode=true \
-    -Dmaven.test.skip=true \
-    -Dmaven.repo.local=$MAVEN_REPO_LOCAL \
-    -Dmaven.compiler.source=1.8 -Dmaven.compiler.target=1.8 \
-    package javadoc \
+%mvn_build -f -s -- -Drequired.jdk.version=1.8
 
 %install
-# jars
-install -d -m 0755 %{buildroot}%{_javadir}/%{name}
-for i in api jcl jdk14 nop simple; do
-  install -m 644 slf4j-${i}/target/slf4j-${i}-%{version}.jar \
-    %{buildroot}%{_javadir}/%{name}/${i}.jar
-  ln -sf ${i}.jar %{buildroot}%{_javadir}/%{name}/%{name}-${i}.jar
-done
-for i in jcl-over-slf4j log4j-over-slf4j; do
-  install -m 644 ${i}/target/${i}-%{version}.jar %{buildroot}%{_javadir}/%{name}/${i}.jar
-done
-
-# poms
-install -d -m 755 %{buildroot}%{_mavenpomdir}/%{name}
-for i in api jcl jdk14 nop simple; do
-  %pom_remove_parent slf4j-${i}
-  %pom_xpath_inject "pom:project" "
-    <groupId>org.slf4j</groupId>
-    <version>%{version}</version>" slf4j-${i}
-  install -pm 644 slf4j-${i}/pom.xml %{buildroot}%{_mavenpomdir}/%{name}/${i}.pom
-done
-for i in jcl-over-slf4j log4j-over-slf4j; do
-  %pom_remove_parent ${i}
-  %pom_xpath_inject "pom:project" "
-    <groupId>org.slf4j</groupId>
-    <version>%{version}</version>" ${i}
-  install -pm 644 ${i}/pom.xml %{buildroot}%{_mavenpomdir}/%{name}/${i}.pom
-done
-for i in api nop simple; do
-  %add_maven_depmap %{name}/${i}.pom %{name}/${i}.jar
-done
-for i in jcl jdk14 jcl-over-slf4j log4j-over-slf4j; do
-  %add_maven_depmap %{name}/${i}.pom %{name}/${i}.jar -f ${i}
-done
+# Compat symlinks
+%mvn_file ':%{name}-{*}' %{name}/%{name}-@1 %{name}/@1
+%mvn_install
 
 # manual
 install -d -m 0755 %{buildroot}%{_docdir}/%{name}-%{version}
-rm -f target/site/.htaccess
-cp -pr target/site %{buildroot}%{_docdir}/%{name}-%{version}/
-install -m 644 LICENSE.txt %{buildroot}%{_docdir}/%{name}-%{version}/
-
-# javadoc
-install -d -m 0755 %{buildroot}%{_javadocdir}/%{name}
-cp -pr target/site/* %{buildroot}%{_javadocdir}/%{name}/
-rm -rf target/site
+rm -f .xmvn/apidoc
+cp -pr .xmvn/* %{buildroot}%{_docdir}/%{name}-%{version}/
 
 %files -f .mfiles
-%dir %{_docdir}/%{name}-%{version}
-%license %{_docdir}/%{name}-%{version}/LICENSE.txt
-%{_javadir}/%{name}/%{name}-api.jar
+%license LICENSE.txt APACHE-LICENSE
+%{_javadir}/%{name}/api.jar
+%{_javadir}/%{name}/nop.jar
+%{_javadir}/%{name}/simple.jar
 %{_javadir}/%{name}/%{name}-nop.jar
 %{_javadir}/%{name}/%{name}-simple.jar
-
-%files jdk14 -f .mfiles-jdk14
-%{_javadir}/%{name}/%{name}-jdk14.jar
-
-%files jcl -f .mfiles-jcl
-%{_javadir}/%{name}/%{name}-jcl.jar
+%{_datadir}/maven-metadata/%{name}-%{name}-parent.xml
+%{_datadir}/maven-metadata/%{name}.xml
+%{_datadir}/maven-poms/%{name}/api.pom
+%{_datadir}/maven-poms/%{name}/nop.pom
+%{_datadir}/maven-poms/%{name}/parent.pom
+%{_datadir}/maven-poms/%{name}/simple.pom
+%{_datadir}/maven-poms/%{name}/%{name}-api.pom
+%{_datadir}/maven-poms/%{name}/%{name}-nop.pom
+%{_datadir}/maven-poms/%{name}/%{name}-parent.pom
+%{_datadir}/maven-poms/%{name}/%{name}-simple.pom
+
+%files jdk14 -f .mfiles-slf4j-jdk14
 
 %files -n jcl-over-slf4j -f .mfiles-jcl-over-slf4j
 
 %files -n log4j-over-slf4j -f .mfiles-log4j-over-slf4j
 
+%files migrator -f .mfiles-slf4j-migrator
+
+%files jdk-platform-logging -f .mfiles-slf4j-jdk-platform-logging
+
+%files sources -f .mfiles-sources
+
 %files javadoc
 %{_javadocdir}/%{name}
 
 %files manual
-%{_docdir}/%{name}-%{version}/site
+%{_docdir}/%{name}-%{version}/
 
 %changelog
+* Thu Apr 04 2024 Henry Li <lihl@microsoft.com> - 2.0.7-1
+- Upgrade to v2.0.7
+- Change to maven build and install
+- Remove jcl subpackage as it does not exist in updated version
+- Add and modify files provided by main package
+- Add subpackages for migrator, jdk-platform-logging and sources
+
 * Wed Feb 28 2024 Riken Maharjan <rmaharjan@microsoft.com> - 1.7.30-6
 - rebuild with msopenjdk-17
 
diff --git a/cgmanifest.json b/cgmanifest.json
index fdb031a3caa..1b9421f90b6 100644
--- a/cgmanifest.json
+++ b/cgmanifest.json
@@ -27586,8 +27586,8 @@
         "type": "other",
         "other": {
           "name": "slf4j",
-          "version": "1.7.30",
-          "downloadUrl": "https://github.com/qos-ch/slf4j/archive/v_1.7.30.tar.gz"
+          "version": "2.0.7",
+          "downloadUrl": "https://github.com/qos-ch/slf4j/archive/v_2.0.7.tar.gz"
         }
       }
     },

From 276103dccd4ddab53fccd17f6b149e27e54b55dc Mon Sep 17 00:00:00 2001
From: Pawel Winogrodzki <pawelwi@microsoft.com>
Date: Mon, 22 Apr 2024 13:22:01 -0700
Subject: [PATCH 16/62] Updating `ca-certificates` with certificates from 2.0.
 (#8861)

---
 .../ca-certificates.signatures.json           |    4 +-
 SPECS/ca-certificates/ca-certificates.spec    |    5 +-
 SPECS/ca-certificates/certdata.microsoft.txt  | 2420 ++++-------------
 .../prebuilt-ca-certificates-base.spec        |    5 +-
 .../prebuilt-ca-certificates.spec             |    5 +-
 .../manifests/package/pkggen_core_aarch64.txt |    8 +-
 .../manifests/package/pkggen_core_x86_64.txt  |    8 +-
 .../manifests/package/toolchain_aarch64.txt   |   10 +-
 .../manifests/package/toolchain_x86_64.txt    |   10 +-
 9 files changed, 610 insertions(+), 1865 deletions(-)

diff --git a/SPECS/ca-certificates/ca-certificates.signatures.json b/SPECS/ca-certificates/ca-certificates.signatures.json
index 81328d34c3b..c16ab1fba7a 100644
--- a/SPECS/ca-certificates/ca-certificates.signatures.json
+++ b/SPECS/ca-certificates/ca-certificates.signatures.json
@@ -11,11 +11,11 @@
     "README.usr": "0d2e90b6cf575678cd9d4f409d92258ef0d676995d4d733acdb2425309a38ff8",
     "bundle2pem.sh": "a61e0d9f34e21456cfe175e9a682f56959240e66dfeb75bd2457226226aa413a",
     "certdata.base.txt": "771a6c9995ea00bb4ce50fd842a252454fe9b26acad8b0568a1055207442db57",
-    "certdata.microsoft.txt": "8eea04b31e73f9e64040a2d905b02f05dc4c6f2e9964919f5921a31c1ace0d02",
+    "certdata.microsoft.txt": "89655788a99b61c94aa18ad060b7e032d3e63b9db1417b1496e767662126c75a",
     "certdata2pem.py": "4f5848c14210758f19ab9fdc9ffd83733303a48642a3d47c4d682f904fdc0f33",
     "pem2bundle.sh": "f96a2f0071fb80e30332c0bd95853183f2f49a3c98d5e9fc4716aeeb001e3426",
     "trust-fixes": "01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b",
     "update-ca-trust": "0c0c0600587db7f59ba5e399666152ea6de6059f37408f3946c43438d607efdd",
     "update-ca-trust.8.txt": "2470551bd11cc393ddf4cf43cf101c29d9f308c15469ee5e78908cfcf2437579"
   }
-}
\ No newline at end of file
+}
diff --git a/SPECS/ca-certificates/ca-certificates.spec b/SPECS/ca-certificates/ca-certificates.spec
index 99e4b36bf6a..473ec541c49 100644
--- a/SPECS/ca-certificates/ca-certificates.spec
+++ b/SPECS/ca-certificates/ca-certificates.spec
@@ -45,7 +45,7 @@ Name:           ca-certificates
 # When updating, "Epoch, "Version", AND "Release" tags must be updated in the "prebuilt-ca-certificates*" packages as well.
 Epoch:          1
 Version:        %{azl}.0.0
-Release:        5%{?dist}
+Release:        6%{?dist}
 License:        MPLv2.0
 Vendor:         Microsoft Corporation
 Distribution:   Azure Linux
@@ -324,6 +324,9 @@ rm -f %{pkidir}/tls/certs/*.{0,pem}
 %{_bindir}/bundle2pem.sh
 
 %changelog
+* Mon Apr 22 2024 CBL-Mariner Servicing Account <cblmargh@microsoft.com> - 3.0.0-6
+- Updating Microsoft trusted root CAs.
+
 * Mon Mar 18 2024 Pawel Winogrodzki <pawelwi@microsoft.com> - 3.0.0-5
 - Extending base set of certificates.
 
diff --git a/SPECS/ca-certificates/certdata.microsoft.txt b/SPECS/ca-certificates/certdata.microsoft.txt
index cb1fd2a3b7f..764941deb8c 100644
--- a/SPECS/ca-certificates/certdata.microsoft.txt
+++ b/SPECS/ca-certificates/certdata.microsoft.txt
@@ -1,4 +1,4 @@
-# Release: November 2023
+# Release: March 2024
 #
 # This Source Code Form is subject to the terms of the Mozilla Public
 # License, v. 2.0. If a copy of the MPL was not distributed with this
@@ -5377,143 +5377,6 @@ CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
 CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
 
 
-#
-# Certificate "SZAFIR ROOT CA"
-#
-# Issuer: CN=SZAFIR ROOT CA,O=Krajowa Izba Rozliczeniowa S.A.,C=PL
-# Serial Number:00:e6:09:fe:7a:ea:00:68:8c:e0:24:b4:ed:20:1b:1f:ef:52:b4:44:d1
-# Subject: CN=SZAFIR ROOT CA,O=Krajowa Izba Rozliczeniowa S.A.,C=PL
-# Not Valid Before: Tue Dec 06 11:10:57 2011
-# Not Valid After : Sat Dec 06 11:10:57 2031
-# Fingerprint (SHA-256): FA:BC:F5:19:7C:DD:7F:45:8A:C3:38:32:D3:28:40:21:DB:24:25:FD:6B:EA:7A:2E:69:B7:48:6E:8F:51:F9:CC
-# Fingerprint (SHA1): D3:EE:FB:CB:BC:F4:98:67:83:86:26:E2:3B:B5:9C:A0:1E:30:5D:B7
-CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
-CKA_TOKEN CK_BBOOL CK_TRUE
-CKA_PRIVATE CK_BBOOL CK_FALSE
-CKA_MODIFIABLE CK_BBOOL CK_FALSE
-CKA_LABEL UTF8 "SZAFIR ROOT CA"
-CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
-CKA_SUBJECT MULTILINE_OCTAL
-\060\120\061\013\060\011\006\003\125\004\006\023\002\120\114\061
-\050\060\046\006\003\125\004\012\014\037\113\162\141\152\157\167
-\141\040\111\172\142\141\040\122\157\172\154\151\143\172\145\156
-\151\157\167\141\040\123\056\101\056\061\027\060\025\006\003\125
-\004\003\014\016\123\132\101\106\111\122\040\122\117\117\124\040
-\103\101
-END
-CKA_ID UTF8 "0"
-CKA_ISSUER MULTILINE_OCTAL
-\060\120\061\013\060\011\006\003\125\004\006\023\002\120\114\061
-\050\060\046\006\003\125\004\012\014\037\113\162\141\152\157\167
-\141\040\111\172\142\141\040\122\157\172\154\151\143\172\145\156
-\151\157\167\141\040\123\056\101\056\061\027\060\025\006\003\125
-\004\003\014\016\123\132\101\106\111\122\040\122\117\117\124\040
-\103\101
-END
-CKA_SERIAL_NUMBER MULTILINE_OCTAL
-\002\025\000\346\011\376\172\352\000\150\214\340\044\264\355\040
-\033\037\357\122\264\104\321
-END
-CKA_VALUE MULTILINE_OCTAL
-\060\202\003\161\060\202\002\131\240\003\002\001\002\002\025\000
-\346\011\376\172\352\000\150\214\340\044\264\355\040\033\037\357
-\122\264\104\321\060\015\006\011\052\206\110\206\367\015\001\001
-\005\005\000\060\120\061\013\060\011\006\003\125\004\006\023\002
-\120\114\061\050\060\046\006\003\125\004\012\014\037\113\162\141
-\152\157\167\141\040\111\172\142\141\040\122\157\172\154\151\143
-\172\145\156\151\157\167\141\040\123\056\101\056\061\027\060\025
-\006\003\125\004\003\014\016\123\132\101\106\111\122\040\122\117
-\117\124\040\103\101\060\036\027\015\061\061\061\062\060\066\061
-\061\061\060\065\067\132\027\015\063\061\061\062\060\066\061\061
-\061\060\065\067\132\060\120\061\013\060\011\006\003\125\004\006
-\023\002\120\114\061\050\060\046\006\003\125\004\012\014\037\113
-\162\141\152\157\167\141\040\111\172\142\141\040\122\157\172\154
-\151\143\172\145\156\151\157\167\141\040\123\056\101\056\061\027
-\060\025\006\003\125\004\003\014\016\123\132\101\106\111\122\040
-\122\117\117\124\040\103\101\060\202\001\042\060\015\006\011\052
-\206\110\206\367\015\001\001\001\005\000\003\202\001\017\000\060
-\202\001\012\002\202\001\001\000\254\107\057\217\131\061\071\245
-\352\015\360\245\214\053\275\002\244\275\315\012\163\252\011\346
-\314\137\202\152\165\251\227\345\273\006\357\363\300\135\241\301
-\322\211\171\130\360\334\353\125\214\356\130\032\173\047\377\112
-\120\263\000\241\152\023\043\063\220\350\057\123\066\156\030\154
-\017\100\326\067\127\327\006\015\057\220\044\312\127\374\133\222
-\377\043\200\127\205\077\112\236\122\072\307\346\273\005\120\046
-\236\277\323\266\137\256\265\077\300\262\153\066\175\027\304\260
-\135\257\144\363\061\037\205\005\250\340\041\026\074\123\222\142
-\126\177\140\256\342\173\321\100\221\334\266\320\176\160\100\050
-\152\017\341\021\033\177\372\334\350\341\104\163\353\036\253\327
-\333\150\142\154\161\340\130\343\006\105\041\131\014\065\137\155
-\153\173\377\307\241\375\276\321\210\042\301\204\374\343\062\333
-\172\240\352\010\343\016\137\033\307\343\315\062\030\071\041\375
-\012\032\315\145\367\123\276\107\100\114\123\376\042\145\302\173
-\273\043\125\172\035\174\355\050\214\002\006\073\061\175\366\307
-\336\063\254\204\042\155\313\007\002\003\001\000\001\243\102\060
-\100\060\017\006\003\125\035\023\001\001\377\004\005\060\003\001
-\001\377\060\016\006\003\125\035\017\001\001\377\004\004\003\002
-\001\006\060\035\006\003\125\035\016\004\026\004\024\123\222\243
-\175\377\202\166\360\063\324\353\222\147\107\141\063\033\150\073
-\052\060\015\006\011\052\206\110\206\367\015\001\001\005\005\000
-\003\202\001\001\000\071\120\125\235\344\102\377\244\033\342\040
-\311\265\314\075\211\055\100\251\247\111\211\033\262\144\303\071
-\310\073\066\260\204\151\205\025\254\106\243\020\041\100\021\040
-\205\243\376\023\102\221\353\252\000\301\120\272\305\355\366\101
-\105\122\035\365\252\132\167\163\154\340\363\054\037\062\217\265
-\200\107\107\003\063\216\131\236\004\201\074\033\205\023\165\256
-\030\262\127\366\015\164\320\104\337\041\177\270\140\024\177\340
-\324\177\272\364\347\246\167\175\172\327\273\132\031\164\145\366
-\075\343\053\256\343\024\052\007\224\005\277\343\373\041\165\325
-\225\063\243\222\073\206\134\107\062\100\010\320\315\261\132\117
-\333\310\000\024\233\170\045\326\005\270\357\071\173\244\047\056
-\226\200\010\234\227\061\215\111\212\153\255\357\021\313\047\135
-\176\150\326\364\162\006\302\302\016\323\161\045\166\053\357\250
-\106\013\324\173\365\303\363\356\257\356\205\120\103\232\057\257
-\017\020\205\050\275\370\060\040\035\201\003\017\257\144\073\260
-\160\175\046\137\236\074\076\210\306\312\016\067\341\300\343\221
-\045\332\336\141\305
-END
-CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
-CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE
-CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
-
-# Trust for "SZAFIR ROOT CA"
-# Issuer: CN=SZAFIR ROOT CA,O=Krajowa Izba Rozliczeniowa S.A.,C=PL
-# Serial Number:00:e6:09:fe:7a:ea:00:68:8c:e0:24:b4:ed:20:1b:1f:ef:52:b4:44:d1
-# Subject: CN=SZAFIR ROOT CA,O=Krajowa Izba Rozliczeniowa S.A.,C=PL
-# Not Valid Before: Tue Dec 06 11:10:57 2011
-# Not Valid After : Sat Dec 06 11:10:57 2031
-# Fingerprint (SHA-256): FA:BC:F5:19:7C:DD:7F:45:8A:C3:38:32:D3:28:40:21:DB:24:25:FD:6B:EA:7A:2E:69:B7:48:6E:8F:51:F9:CC
-# Fingerprint (SHA1): D3:EE:FB:CB:BC:F4:98:67:83:86:26:E2:3B:B5:9C:A0:1E:30:5D:B7
-CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
-CKA_TOKEN CK_BBOOL CK_TRUE
-CKA_PRIVATE CK_BBOOL CK_FALSE
-CKA_MODIFIABLE CK_BBOOL CK_FALSE
-CKA_LABEL UTF8 "SZAFIR ROOT CA"
-CKA_CERT_SHA1_HASH MULTILINE_OCTAL
-\323\356\373\313\274\364\230\147\203\206\046\342\073\265\234\240
-\036\060\135\267
-END
-CKA_CERT_MD5_HASH MULTILINE_OCTAL
-\021\354\176\065\313\333\367\353\031\350\261\165\300\043\303\044
-END
-CKA_ISSUER MULTILINE_OCTAL
-\060\120\061\013\060\011\006\003\125\004\006\023\002\120\114\061
-\050\060\046\006\003\125\004\012\014\037\113\162\141\152\157\167
-\141\040\111\172\142\141\040\122\157\172\154\151\143\172\145\156
-\151\157\167\141\040\123\056\101\056\061\027\060\025\006\003\125
-\004\003\014\016\123\132\101\106\111\122\040\122\117\117\124\040
-\103\101
-END
-CKA_SERIAL_NUMBER MULTILINE_OCTAL
-\002\025\000\346\011\376\172\352\000\150\214\340\044\264\355\040
-\033\037\357\122\264\104\321
-END
-CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
-CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
-CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
-CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
-
-
 #
 # Certificate "TM Applied Business Root Certificate"
 #
@@ -5830,204 +5693,6 @@ CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
 CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
 
 
-#
-# Certificate "E-Tugra Certification Authority"
-#
-# Issuer: CN=E-Tugra Certification Authority,OU=E-Tugra Sertifikasyon Merkezi,O=E-Tu..ra EBG Bili..im Teknolojileri ve Hizmetleri A....,L=Ankara,C=TR
-# Serial Number:6a:68:3e:9c:51:9b:cb:53
-# Subject: CN=E-Tugra Certification Authority,OU=E-Tugra Sertifikasyon Merkezi,O=E-Tu..ra EBG Bili..im Teknolojileri ve Hizmetleri A....,L=Ankara,C=TR
-# Not Valid Before: Tue Mar 05 12:09:48 2013
-# Not Valid After : Fri Mar 03 12:09:48 2023
-# Fingerprint (SHA-256): B0:BF:D5:2B:B0:D7:D9:BD:92:BF:5D:4D:C1:3D:A2:55:C0:2C:54:2F:37:83:65:EA:89:39:11:F5:5E:55:F2:3C
-# Fingerprint (SHA1): 51:C6:E7:08:49:06:6E:F3:92:D4:5C:A0:0D:6D:A3:62:8F:C3:52:39
-CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
-CKA_TOKEN CK_BBOOL CK_TRUE
-CKA_PRIVATE CK_BBOOL CK_FALSE
-CKA_MODIFIABLE CK_BBOOL CK_FALSE
-CKA_LABEL UTF8 "E-Tugra Certification Authority"
-CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
-CKA_SUBJECT MULTILINE_OCTAL
-\060\201\262\061\013\060\011\006\003\125\004\006\023\002\124\122
-\061\017\060\015\006\003\125\004\007\014\006\101\156\153\141\162
-\141\061\100\060\076\006\003\125\004\012\014\067\105\055\124\165
-\304\237\162\141\040\105\102\107\040\102\151\154\151\305\237\151
-\155\040\124\145\153\156\157\154\157\152\151\154\145\162\151\040
-\166\145\040\110\151\172\155\145\164\154\145\162\151\040\101\056
-\305\236\056\061\046\060\044\006\003\125\004\013\014\035\105\055
-\124\165\147\162\141\040\123\145\162\164\151\146\151\153\141\163
-\171\157\156\040\115\145\162\153\145\172\151\061\050\060\046\006
-\003\125\004\003\014\037\105\055\124\165\147\162\141\040\103\145
-\162\164\151\146\151\143\141\164\151\157\156\040\101\165\164\150
-\157\162\151\164\171
-END
-CKA_ID UTF8 "0"
-CKA_ISSUER MULTILINE_OCTAL
-\060\201\262\061\013\060\011\006\003\125\004\006\023\002\124\122
-\061\017\060\015\006\003\125\004\007\014\006\101\156\153\141\162
-\141\061\100\060\076\006\003\125\004\012\014\067\105\055\124\165
-\304\237\162\141\040\105\102\107\040\102\151\154\151\305\237\151
-\155\040\124\145\153\156\157\154\157\152\151\154\145\162\151\040
-\166\145\040\110\151\172\155\145\164\154\145\162\151\040\101\056
-\305\236\056\061\046\060\044\006\003\125\004\013\014\035\105\055
-\124\165\147\162\141\040\123\145\162\164\151\146\151\153\141\163
-\171\157\156\040\115\145\162\153\145\172\151\061\050\060\046\006
-\003\125\004\003\014\037\105\055\124\165\147\162\141\040\103\145
-\162\164\151\146\151\143\141\164\151\157\156\040\101\165\164\150
-\157\162\151\164\171
-END
-CKA_SERIAL_NUMBER MULTILINE_OCTAL
-\002\010\152\150\076\234\121\233\313\123
-END
-CKA_VALUE MULTILINE_OCTAL
-\060\202\006\113\060\202\004\063\240\003\002\001\002\002\010\152
-\150\076\234\121\233\313\123\060\015\006\011\052\206\110\206\367
-\015\001\001\013\005\000\060\201\262\061\013\060\011\006\003\125
-\004\006\023\002\124\122\061\017\060\015\006\003\125\004\007\014
-\006\101\156\153\141\162\141\061\100\060\076\006\003\125\004\012
-\014\067\105\055\124\165\304\237\162\141\040\105\102\107\040\102
-\151\154\151\305\237\151\155\040\124\145\153\156\157\154\157\152
-\151\154\145\162\151\040\166\145\040\110\151\172\155\145\164\154
-\145\162\151\040\101\056\305\236\056\061\046\060\044\006\003\125
-\004\013\014\035\105\055\124\165\147\162\141\040\123\145\162\164
-\151\146\151\153\141\163\171\157\156\040\115\145\162\153\145\172
-\151\061\050\060\046\006\003\125\004\003\014\037\105\055\124\165
-\147\162\141\040\103\145\162\164\151\146\151\143\141\164\151\157
-\156\040\101\165\164\150\157\162\151\164\171\060\036\027\015\061
-\063\060\063\060\065\061\062\060\071\064\070\132\027\015\062\063
-\060\063\060\063\061\062\060\071\064\070\132\060\201\262\061\013
-\060\011\006\003\125\004\006\023\002\124\122\061\017\060\015\006
-\003\125\004\007\014\006\101\156\153\141\162\141\061\100\060\076
-\006\003\125\004\012\014\067\105\055\124\165\304\237\162\141\040
-\105\102\107\040\102\151\154\151\305\237\151\155\040\124\145\153
-\156\157\154\157\152\151\154\145\162\151\040\166\145\040\110\151
-\172\155\145\164\154\145\162\151\040\101\056\305\236\056\061\046
-\060\044\006\003\125\004\013\014\035\105\055\124\165\147\162\141
-\040\123\145\162\164\151\146\151\153\141\163\171\157\156\040\115
-\145\162\153\145\172\151\061\050\060\046\006\003\125\004\003\014
-\037\105\055\124\165\147\162\141\040\103\145\162\164\151\146\151
-\143\141\164\151\157\156\040\101\165\164\150\157\162\151\164\171
-\060\202\002\042\060\015\006\011\052\206\110\206\367\015\001\001
-\001\005\000\003\202\002\017\000\060\202\002\012\002\202\002\001
-\000\342\365\077\223\005\121\036\205\142\124\136\172\013\365\030
-\007\203\256\176\257\174\367\324\212\153\245\143\103\071\271\113
-\367\303\306\144\211\075\224\056\124\200\122\071\071\007\113\113
-\335\205\007\166\207\314\277\057\225\114\314\175\247\075\274\107
-\017\230\160\370\214\205\036\164\216\222\155\033\100\321\231\015
-\273\165\156\310\251\153\232\300\204\061\257\312\103\313\353\053
-\064\350\217\227\153\001\233\325\016\112\010\252\133\222\164\205
-\103\323\200\256\241\210\133\256\263\352\136\313\026\232\167\104
-\310\241\366\124\150\316\336\217\227\053\272\133\100\002\014\144
-\027\300\265\223\315\341\361\023\146\316\014\171\357\321\221\050
-\253\137\240\022\122\060\163\031\216\217\341\214\007\242\303\273
-\112\360\352\037\025\250\356\045\314\244\106\370\033\042\357\263
-\016\103\272\054\044\270\305\054\134\324\034\370\135\144\275\303
-\223\136\050\247\077\047\361\216\036\323\052\120\005\243\125\331
-\313\347\071\123\300\230\236\214\124\142\213\046\260\367\175\215
-\174\344\306\236\146\102\125\202\107\347\262\130\215\146\367\007
-\174\056\066\346\120\034\077\333\103\044\305\277\206\107\171\263
-\171\034\367\132\364\023\354\154\370\077\342\131\037\225\356\102
-\076\271\255\250\062\205\111\227\106\376\113\061\217\132\313\255
-\164\107\037\351\221\267\337\050\004\042\240\324\017\135\342\171
-\117\352\154\205\206\275\250\246\316\344\372\303\341\263\256\336
-\074\121\356\313\023\174\001\177\204\016\135\121\224\236\023\014
-\266\056\245\114\371\071\160\066\157\226\312\056\014\104\125\305
-\312\372\135\002\243\337\326\144\214\132\263\001\012\251\265\012
-\107\027\377\357\221\100\052\216\241\106\072\061\230\345\021\374
-\314\273\111\126\212\374\271\320\141\232\157\145\154\346\303\313
-\076\165\111\376\217\247\342\211\305\147\327\235\106\023\116\061
-\166\073\044\263\236\021\145\206\253\177\357\035\324\370\274\347
-\254\132\134\267\132\107\134\125\316\125\264\042\161\133\133\013
-\360\317\334\240\141\144\352\251\327\150\012\143\247\340\015\077
-\240\257\323\252\322\176\357\121\240\346\121\053\125\222\025\027
-\123\313\267\146\016\146\114\370\371\165\114\220\347\022\160\307
-\105\002\003\001\000\001\243\143\060\141\060\035\006\003\125\035
-\016\004\026\004\024\056\343\333\262\111\320\234\124\171\134\372
-\047\052\376\314\116\322\350\116\124\060\017\006\003\125\035\023
-\001\001\377\004\005\060\003\001\001\377\060\037\006\003\125\035
-\043\004\030\060\026\200\024\056\343\333\262\111\320\234\124\171
-\134\372\047\052\376\314\116\322\350\116\124\060\016\006\003\125
-\035\017\001\001\377\004\004\003\002\001\006\060\015\006\011\052
-\206\110\206\367\015\001\001\013\005\000\003\202\002\001\000\005
-\067\072\364\115\267\105\342\105\165\044\217\266\167\122\350\034
-\330\020\223\145\363\362\131\006\244\076\036\051\354\135\321\320
-\253\174\340\012\220\110\170\355\116\230\003\231\376\050\140\221
-\035\060\035\270\143\174\250\346\065\265\372\323\141\166\346\326
-\007\113\312\151\232\262\204\172\167\223\105\027\025\237\044\320
-\230\023\022\377\273\240\056\375\116\114\207\370\316\134\252\230
-\033\005\340\000\106\112\202\200\245\063\213\050\334\355\070\323
-\337\345\076\351\376\373\131\335\141\204\117\322\124\226\023\141
-\023\076\217\200\151\276\223\107\265\065\103\322\132\273\075\134
-\357\263\102\107\315\073\125\023\006\260\011\333\375\143\366\072
-\210\012\231\157\176\341\316\033\123\152\104\146\043\121\010\173
-\274\133\122\242\375\006\067\070\100\141\217\112\226\270\220\067
-\370\146\307\170\220\000\025\056\213\255\121\065\123\007\250\153
-\150\256\371\116\074\007\046\315\010\005\160\314\071\077\166\275
-\245\323\147\046\001\206\246\123\322\140\073\174\103\177\125\212
-\274\225\032\301\050\071\114\037\103\322\221\364\162\131\212\271
-\126\374\077\264\235\332\160\234\166\132\214\103\120\356\216\060
-\162\115\337\377\111\367\306\251\147\331\155\254\002\021\342\072
-\026\045\247\130\010\313\157\123\101\234\110\070\107\150\063\321
-\327\307\217\324\164\041\324\303\005\220\172\377\316\226\210\261
-\025\051\135\043\253\320\140\241\022\117\336\364\027\315\062\345
-\311\277\310\103\255\375\056\216\361\257\342\364\230\372\022\037
-\040\330\300\247\014\205\305\220\364\073\055\226\046\261\054\276
-\114\253\353\261\322\212\311\333\170\023\017\036\011\235\155\217
-\000\237\002\332\301\372\037\172\172\011\304\112\346\210\052\227
-\237\211\213\375\067\137\137\072\316\070\131\206\113\257\161\013
-\264\330\362\160\117\237\062\023\343\260\247\127\345\332\332\103
-\313\204\064\362\050\304\352\155\364\052\357\301\153\166\332\373
-\176\273\205\074\322\123\302\115\276\161\341\105\321\375\043\147
-\015\023\165\373\317\145\147\042\235\256\260\011\321\011\377\035
-\064\277\376\043\227\067\322\071\372\075\015\006\013\264\333\073
-\243\253\157\134\035\266\176\350\263\202\064\355\006\134\044
-END
-CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
-CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE
-CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
-
-# Trust for "E-Tugra Certification Authority"
-# Issuer: CN=E-Tugra Certification Authority,OU=E-Tugra Sertifikasyon Merkezi,O=E-Tu..ra EBG Bili..im Teknolojileri ve Hizmetleri A....,L=Ankara,C=TR
-# Serial Number:6a:68:3e:9c:51:9b:cb:53
-# Subject: CN=E-Tugra Certification Authority,OU=E-Tugra Sertifikasyon Merkezi,O=E-Tu..ra EBG Bili..im Teknolojileri ve Hizmetleri A....,L=Ankara,C=TR
-# Not Valid Before: Tue Mar 05 12:09:48 2013
-# Not Valid After : Fri Mar 03 12:09:48 2023
-# Fingerprint (SHA-256): B0:BF:D5:2B:B0:D7:D9:BD:92:BF:5D:4D:C1:3D:A2:55:C0:2C:54:2F:37:83:65:EA:89:39:11:F5:5E:55:F2:3C
-# Fingerprint (SHA1): 51:C6:E7:08:49:06:6E:F3:92:D4:5C:A0:0D:6D:A3:62:8F:C3:52:39
-CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
-CKA_TOKEN CK_BBOOL CK_TRUE
-CKA_PRIVATE CK_BBOOL CK_FALSE
-CKA_MODIFIABLE CK_BBOOL CK_FALSE
-CKA_LABEL UTF8 "E-Tugra Certification Authority"
-CKA_CERT_SHA1_HASH MULTILINE_OCTAL
-\121\306\347\010\111\006\156\363\222\324\134\240\015\155\243\142
-\217\303\122\071
-END
-CKA_CERT_MD5_HASH MULTILINE_OCTAL
-\270\241\003\143\260\275\041\161\160\212\157\023\072\273\171\111
-END
-CKA_ISSUER MULTILINE_OCTAL
-\060\201\262\061\013\060\011\006\003\125\004\006\023\002\124\122
-\061\017\060\015\006\003\125\004\007\014\006\101\156\153\141\162
-\141\061\100\060\076\006\003\125\004\012\014\067\105\055\124\165
-\304\237\162\141\040\105\102\107\040\102\151\154\151\305\237\151
-\155\040\124\145\153\156\157\154\157\152\151\154\145\162\151\040
-\166\145\040\110\151\172\155\145\164\154\145\162\151\040\101\056
-\305\236\056\061\046\060\044\006\003\125\004\013\014\035\105\055
-\124\165\147\162\141\040\123\145\162\164\151\146\151\153\141\163
-\171\157\156\040\115\145\162\153\145\172\151\061\050\060\046\006
-\003\125\004\003\014\037\105\055\124\165\147\162\141\040\103\145
-\162\164\151\146\151\143\141\164\151\157\156\040\101\165\164\150
-\157\162\151\164\171
-END
-CKA_SERIAL_NUMBER MULTILINE_OCTAL
-\002\010\152\150\076\234\121\233\313\123
-END
-CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
-CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
-CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
-CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
-
-
 #
 # Certificate "OATI WebCARES Root CA"
 #
@@ -7157,195 +6822,6 @@ CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
 CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
 
 
-#
-# Certificate "Symantec Class 3 Public Primary Certification Authority - G6"
-#
-# Issuer: CN=Symantec Class 3 Public Primary Certification Authority - G6,OU=Symantec Trust Network,O=Symantec Corporation,C=US
-# Serial Number:65:63:71:85:d3:6f:45:c6:8f:7f:31:f9:09:87:92:82
-# Subject: CN=Symantec Class 3 Public Primary Certification Authority - G6,OU=Symantec Trust Network,O=Symantec Corporation,C=US
-# Not Valid Before: Thu Oct 18 00:00:00 2012
-# Not Valid After : Tue Dec 01 23:59:59 2037
-# Fingerprint (SHA-256): B3:23:96:74:64:53:44:2F:35:3E:61:62:92:BB:20:BB:AA:5D:23:B5:46:45:0F:DB:9C:54:B8:38:61:67:D5:29
-# Fingerprint (SHA1): 26:A1:6C:23:5A:24:72:22:9B:23:62:80:25:BC:80:97:C8:85:24:A1
-CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
-CKA_TOKEN CK_BBOOL CK_TRUE
-CKA_PRIVATE CK_BBOOL CK_FALSE
-CKA_MODIFIABLE CK_BBOOL CK_FALSE
-CKA_LABEL UTF8 "Symantec Class 3 Public Primary Certification Authority - G6"
-CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
-CKA_SUBJECT MULTILINE_OCTAL
-\060\201\224\061\013\060\011\006\003\125\004\006\023\002\125\123
-\061\035\060\033\006\003\125\004\012\023\024\123\171\155\141\156
-\164\145\143\040\103\157\162\160\157\162\141\164\151\157\156\061
-\037\060\035\006\003\125\004\013\023\026\123\171\155\141\156\164
-\145\143\040\124\162\165\163\164\040\116\145\164\167\157\162\153
-\061\105\060\103\006\003\125\004\003\023\074\123\171\155\141\156
-\164\145\143\040\103\154\141\163\163\040\063\040\120\165\142\154
-\151\143\040\120\162\151\155\141\162\171\040\103\145\162\164\151
-\146\151\143\141\164\151\157\156\040\101\165\164\150\157\162\151
-\164\171\040\055\040\107\066
-END
-CKA_ID UTF8 "0"
-CKA_ISSUER MULTILINE_OCTAL
-\060\201\224\061\013\060\011\006\003\125\004\006\023\002\125\123
-\061\035\060\033\006\003\125\004\012\023\024\123\171\155\141\156
-\164\145\143\040\103\157\162\160\157\162\141\164\151\157\156\061
-\037\060\035\006\003\125\004\013\023\026\123\171\155\141\156\164
-\145\143\040\124\162\165\163\164\040\116\145\164\167\157\162\153
-\061\105\060\103\006\003\125\004\003\023\074\123\171\155\141\156
-\164\145\143\040\103\154\141\163\163\040\063\040\120\165\142\154
-\151\143\040\120\162\151\155\141\162\171\040\103\145\162\164\151
-\146\151\143\141\164\151\157\156\040\101\165\164\150\157\162\151
-\164\171\040\055\040\107\066
-END
-CKA_SERIAL_NUMBER MULTILINE_OCTAL
-\002\020\145\143\161\205\323\157\105\306\217\177\061\371\011\207
-\222\202
-END
-CKA_VALUE MULTILINE_OCTAL
-\060\202\005\366\060\202\003\336\240\003\002\001\002\002\020\145
-\143\161\205\323\157\105\306\217\177\061\371\011\207\222\202\060
-\015\006\011\052\206\110\206\367\015\001\001\014\005\000\060\201
-\224\061\013\060\011\006\003\125\004\006\023\002\125\123\061\035
-\060\033\006\003\125\004\012\023\024\123\171\155\141\156\164\145
-\143\040\103\157\162\160\157\162\141\164\151\157\156\061\037\060
-\035\006\003\125\004\013\023\026\123\171\155\141\156\164\145\143
-\040\124\162\165\163\164\040\116\145\164\167\157\162\153\061\105
-\060\103\006\003\125\004\003\023\074\123\171\155\141\156\164\145
-\143\040\103\154\141\163\163\040\063\040\120\165\142\154\151\143
-\040\120\162\151\155\141\162\171\040\103\145\162\164\151\146\151
-\143\141\164\151\157\156\040\101\165\164\150\157\162\151\164\171
-\040\055\040\107\066\060\036\027\015\061\062\061\060\061\070\060
-\060\060\060\060\060\132\027\015\063\067\061\062\060\061\062\063
-\065\071\065\071\132\060\201\224\061\013\060\011\006\003\125\004
-\006\023\002\125\123\061\035\060\033\006\003\125\004\012\023\024
-\123\171\155\141\156\164\145\143\040\103\157\162\160\157\162\141
-\164\151\157\156\061\037\060\035\006\003\125\004\013\023\026\123
-\171\155\141\156\164\145\143\040\124\162\165\163\164\040\116\145
-\164\167\157\162\153\061\105\060\103\006\003\125\004\003\023\074
-\123\171\155\141\156\164\145\143\040\103\154\141\163\163\040\063
-\040\120\165\142\154\151\143\040\120\162\151\155\141\162\171\040
-\103\145\162\164\151\146\151\143\141\164\151\157\156\040\101\165
-\164\150\157\162\151\164\171\040\055\040\107\066\060\202\002\042
-\060\015\006\011\052\206\110\206\367\015\001\001\001\005\000\003
-\202\002\017\000\060\202\002\012\002\202\002\001\000\267\016\262
-\372\115\274\232\162\025\373\167\133\333\375\103\017\313\013\367
-\140\056\263\053\176\014\273\123\362\314\116\145\363\031\273\377
-\065\035\367\323\251\273\100\055\265\335\170\324\246\371\067\352
-\205\005\173\155\267\346\023\113\006\174\373\166\143\217\040\035
-\055\070\053\004\205\362\350\260\321\137\115\112\041\311\152\330
-\224\352\036\002\120\246\252\220\007\240\107\041\352\146\371\004
-\240\346\203\360\304\365\136\226\342\047\115\141\303\263\301\214
-\042\266\146\241\000\321\126\051\373\355\301\177\044\312\075\372
-\132\224\260\204\303\307\272\103\034\375\144\016\361\050\373\107
-\131\362\046\341\061\271\104\371\253\335\373\276\276\054\067\343
-\254\013\030\323\374\001\242\361\244\012\065\202\107\114\253\275
-\212\136\337\023\205\374\040\314\110\131\257\257\101\157\313\043
-\315\312\223\247\335\325\137\310\144\073\377\001\003\240\012\117
-\055\156\075\204\276\257\310\062\262\123\051\220\025\367\260\005
-\232\012\074\366\271\006\220\311\245\341\135\240\073\260\376\250
-\266\277\365\211\050\127\044\072\041\206\161\344\334\212\213\101
-\125\354\036\060\044\131\321\300\131\270\170\257\252\132\164\336
-\045\200\060\230\355\060\104\157\041\160\034\333\022\123\016\326
-\246\050\146\223\054\037\314\117\074\033\201\305\271\366\170\157
-\320\062\072\010\162\333\153\016\106\027\205\224\363\274\357\274
-\367\244\136\216\351\351\265\144\345\267\113\105\022\054\114\067
-\267\140\103\012\115\161\006\000\224\046\065\164\037\273\172\071
-\134\116\073\346\270\003\342\307\223\213\204\054\045\111\105\335
-\177\043\224\140\037\313\351\315\366\253\227\367\141\347\373\177
-\142\201\310\334\012\060\134\030\174\346\316\357\307\156\036\207
-\174\263\351\312\310\173\152\364\150\374\203\245\014\126\264\272
-\262\215\112\012\307\227\227\305\210\060\025\075\020\010\124\025
-\162\162\147\063\063\364\174\267\316\000\047\123\145\316\044\361
-\132\144\347\066\057\362\056\002\302\227\337\162\350\002\036\240
-\367\075\265\373\150\140\003\372\063\251\346\022\155\006\341\251
-\250\135\116\074\376\331\347\000\145\254\266\031\115\173\203\177
-\064\107\352\341\030\155\261\213\034\171\253\347\235\002\003\001
-\000\001\243\102\060\100\060\016\006\003\125\035\017\001\001\377
-\004\004\003\002\001\006\060\017\006\003\125\035\023\001\001\377
-\004\005\060\003\001\001\377\060\035\006\003\125\035\016\004\026
-\004\024\071\161\010\000\076\336\310\206\347\220\377\344\375\041
-\017\316\044\031\026\366\060\015\006\011\052\206\110\206\367\015
-\001\001\014\005\000\003\202\002\001\000\120\153\210\115\140\110
-\316\132\343\042\316\147\174\204\247\315\034\375\351\014\003\214
-\066\257\012\207\016\152\256\127\256\001\320\066\273\362\375\271
-\163\301\137\265\250\256\114\242\372\111\313\007\106\026\066\275
-\343\310\127\070\176\070\344\277\045\063\140\306\334\067\234\143
-\273\136\230\036\032\262\202\360\256\246\167\021\200\104\107\241
-\051\305\360\263\072\316\230\360\270\354\323\016\200\006\167\043
-\060\114\377\171\144\143\042\133\167\223\103\113\165\263\333\073
-\156\073\112\335\361\310\256\265\067\212\225\210\072\020\150\160
-\070\271\133\160\176\325\103\311\374\137\117\345\346\173\066\356
-\360\040\355\107\127\023\046\020\136\024\006\015\173\166\007\302
-\306\055\026\364\256\247\154\017\274\210\017\117\054\002\266\243
-\327\042\346\231\107\065\330\215\245\117\201\022\072\021\175\263
-\314\013\165\363\036\160\243\033\003\352\372\232\350\346\056\066
-\071\314\231\316\072\077\014\267\256\370\103\231\260\223\156\157
-\252\331\017\152\061\221\273\234\323\264\050\373\203\114\172\163
-\202\120\147\322\016\254\355\140\305\262\135\065\230\317\207\176
-\036\131\035\044\274\126\272\332\244\132\330\314\346\274\036\020
-\217\033\214\216\363\301\333\267\276\324\260\133\145\217\026\150
-\363\126\305\052\031\026\115\017\270\145\207\155\044\203\270\142
-\334\340\107\141\032\210\173\316\116\177\375\334\306\015\132\232
-\244\363\265\114\366\335\061\246\350\035\021\041\063\060\004\141
-\175\034\340\076\117\215\077\265\213\022\000\132\175\251\241\000
-\324\203\353\160\273\030\370\244\322\034\201\055\267\010\021\310
-\046\173\266\324\345\017\003\106\162\324\045\100\036\276\111\135
-\155\223\361\134\262\073\165\124\151\072\240\356\114\042\272\254
-\232\342\010\255\105\143\005\112\122\065\166\304\064\365\136\007
-\062\255\334\174\046\321\133\217\255\344\346\252\033\165\237\353
-\135\264\350\300\251\025\174\116\112\007\162\337\106\311\324\221
-\222\165\126\260\341\356\067\066\145\050\305\025\310\053\166\314
-\155\157\031\203\364\375\332\025\342\101\347\063\171\106\203\127
-\371\361\245\266\155\323\274\327\123\347\356\161\155\170\251\227
-\247\356\040\234\031\025\162\025\075\004
-END
-CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
-CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE
-CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
-
-# Trust for "Symantec Class 3 Public Primary Certification Authority - G6"
-# Issuer: CN=Symantec Class 3 Public Primary Certification Authority - G6,OU=Symantec Trust Network,O=Symantec Corporation,C=US
-# Serial Number:65:63:71:85:d3:6f:45:c6:8f:7f:31:f9:09:87:92:82
-# Subject: CN=Symantec Class 3 Public Primary Certification Authority - G6,OU=Symantec Trust Network,O=Symantec Corporation,C=US
-# Not Valid Before: Thu Oct 18 00:00:00 2012
-# Not Valid After : Tue Dec 01 23:59:59 2037
-# Fingerprint (SHA-256): B3:23:96:74:64:53:44:2F:35:3E:61:62:92:BB:20:BB:AA:5D:23:B5:46:45:0F:DB:9C:54:B8:38:61:67:D5:29
-# Fingerprint (SHA1): 26:A1:6C:23:5A:24:72:22:9B:23:62:80:25:BC:80:97:C8:85:24:A1
-CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
-CKA_TOKEN CK_BBOOL CK_TRUE
-CKA_PRIVATE CK_BBOOL CK_FALSE
-CKA_MODIFIABLE CK_BBOOL CK_FALSE
-CKA_LABEL UTF8 "Symantec Class 3 Public Primary Certification Authority - G6"
-CKA_CERT_SHA1_HASH MULTILINE_OCTAL
-\046\241\154\043\132\044\162\042\233\043\142\200\045\274\200\227
-\310\205\044\241
-END
-CKA_CERT_MD5_HASH MULTILINE_OCTAL
-\215\321\226\044\304\114\217\135\046\364\154\215\122\101\032\306
-END
-CKA_ISSUER MULTILINE_OCTAL
-\060\201\224\061\013\060\011\006\003\125\004\006\023\002\125\123
-\061\035\060\033\006\003\125\004\012\023\024\123\171\155\141\156
-\164\145\143\040\103\157\162\160\157\162\141\164\151\157\156\061
-\037\060\035\006\003\125\004\013\023\026\123\171\155\141\156\164
-\145\143\040\124\162\165\163\164\040\116\145\164\167\157\162\153
-\061\105\060\103\006\003\125\004\003\023\074\123\171\155\141\156
-\164\145\143\040\103\154\141\163\163\040\063\040\120\165\142\154
-\151\143\040\120\162\151\155\141\162\171\040\103\145\162\164\151
-\146\151\143\141\164\151\157\156\040\101\165\164\150\157\162\151
-\164\171\040\055\040\107\066
-END
-CKA_SERIAL_NUMBER MULTILINE_OCTAL
-\002\020\145\143\161\205\323\157\105\306\217\177\061\371\011\207
-\222\202
-END
-CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
-CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
-CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
-CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
-
-
 #
 # Certificate "CFCA EV ROOT"
 #
@@ -7876,127 +7352,6 @@ CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
 CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
 
 
-#
-# Certificate "China Financial CA"
-#
-# Issuer: O=CFCA GT CA,C=CN
-# Serial Number: 429472831 (0x19993c3f)
-# Subject: O=CFCA GT CA,C=CN
-# Not Valid Before: Mon Jun 13 08:15:09 2011
-# Not Valid After : Tue Jun 09 08:15:09 2026
-# Fingerprint (SHA-256): 07:71:92:0C:8C:B8:74:D5:C5:A4:DC:0D:6A:51:A2:D4:95:D3:8C:4D:E2:CD:5B:83:D2:A0:6F:AA:05:19:35:F6
-# Fingerprint (SHA1): EA:BD:A2:40:44:0A:BB:D6:94:93:0A:01:D0:97:64:C6:C2:D7:79:66
-CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
-CKA_TOKEN CK_BBOOL CK_TRUE
-CKA_PRIVATE CK_BBOOL CK_FALSE
-CKA_MODIFIABLE CK_BBOOL CK_FALSE
-CKA_LABEL UTF8 "China Financial CA"
-CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
-CKA_SUBJECT MULTILINE_OCTAL
-\060\042\061\013\060\011\006\003\125\004\006\023\002\103\116\061
-\023\060\021\006\003\125\004\012\023\012\103\106\103\101\040\107
-\124\040\103\101
-END
-CKA_ID UTF8 "0"
-CKA_ISSUER MULTILINE_OCTAL
-\060\042\061\013\060\011\006\003\125\004\006\023\002\103\116\061
-\023\060\021\006\003\125\004\012\023\012\103\106\103\101\040\107
-\124\040\103\101
-END
-CKA_SERIAL_NUMBER MULTILINE_OCTAL
-\002\004\031\231\074\077
-END
-CKA_VALUE MULTILINE_OCTAL
-\060\202\003\037\060\202\002\007\240\003\002\001\002\002\004\031
-\231\074\077\060\015\006\011\052\206\110\206\367\015\001\001\005
-\005\000\060\042\061\013\060\011\006\003\125\004\006\023\002\103
-\116\061\023\060\021\006\003\125\004\012\023\012\103\106\103\101
-\040\107\124\040\103\101\060\036\027\015\061\061\060\066\061\063
-\060\070\061\065\060\071\132\027\015\062\066\060\066\060\071\060
-\070\061\065\060\071\132\060\042\061\013\060\011\006\003\125\004
-\006\023\002\103\116\061\023\060\021\006\003\125\004\012\023\012
-\103\106\103\101\040\107\124\040\103\101\060\202\001\042\060\015
-\006\011\052\206\110\206\367\015\001\001\001\005\000\003\202\001
-\017\000\060\202\001\012\002\202\001\001\000\277\163\306\132\053
-\214\170\366\130\267\374\322\027\220\245\053\164\354\201\054\223
-\315\122\314\156\344\052\313\044\241\061\344\255\060\156\343\230
-\042\061\327\041\233\237\325\017\067\057\132\273\070\242\267\171
-\046\147\326\015\305\027\052\234\271\124\004\341\015\165\206\156
-\330\314\305\200\147\033\310\214\055\000\046\206\074\172\171\076
-\266\251\302\116\040\260\067\227\306\205\166\022\202\012\347\124
-\273\213\376\075\256\343\354\153\130\103\366\245\067\353\130\242
-\275\220\304\345\373\312\153\312\060\154\267\173\211\366\061\322
-\214\377\117\302\226\045\103\251\161\065\045\013\030\341\254\310
-\243\044\266\161\223\214\361\135\374\234\020\005\173\377\300\133
-\340\261\227\255\037\330\376\105\365\300\037\235\133\107\071\034
-\006\372\333\146\205\333\044\043\352\173\322\071\040\370\353\052
-\262\032\121\363\224\132\050\002\116\247\134\107\156\317\374\331
-\350\346\141\132\026\047\307\025\015\230\331\350\323\003\065\220
-\051\337\262\057\215\020\167\043\310\270\172\323\021\141\152\363
-\377\201\222\245\354\102\113\150\116\200\327\002\003\001\000\001
-\243\135\060\133\060\037\006\003\125\035\043\004\030\060\026\200
-\024\214\166\120\316\045\323\171\053\074\364\155\235\232\341\236
-\005\117\350\075\045\060\014\006\003\125\035\023\004\005\060\003
-\001\001\377\060\013\006\003\125\035\017\004\004\003\002\001\306
-\060\035\006\003\125\035\016\004\026\004\024\214\166\120\316\045
-\323\171\053\074\364\155\235\232\341\236\005\117\350\075\045\060
-\015\006\011\052\206\110\206\367\015\001\001\005\005\000\003\202
-\001\001\000\276\273\226\130\324\335\211\211\017\054\315\372\143
-\105\166\015\071\200\232\215\372\250\105\141\075\041\125\350\316
-\150\307\031\351\302\261\007\302\213\073\057\317\141\205\220\247
-\122\027\062\072\257\012\005\025\310\306\316\335\216\224\046\006
-\370\320\140\356\263\156\324\015\272\132\335\253\240\174\120\162
-\246\325\220\223\126\327\131\071\333\350\177\263\225\170\123\201
-\122\122\137\364\222\201\002\301\373\042\271\321\003\127\247\176
-\313\373\300\106\274\023\164\114\050\053\166\222\151\037\301\120
-\221\021\305\114\336\013\224\214\027\203\214\257\067\207\264\352
-\153\157\242\132\065\101\141\205\057\234\027\300\373\271\016\242
-\141\006\107\166\274\220\011\230\164\015\322\010\057\275\344\015
-\162\361\246\137\303\174\300\175\352\274\323\253\040\221\313\134
-\005\214\235\250\065\372\066\126\273\011\363\204\135\326\361\342
-\054\236\331\176\361\202\240\341\267\057\176\355\371\173\240\000
-\270\262\336\035\171\341\201\363\122\131\232\024\135\347\302\021
-\363\232\303\072\170\043\276\116\146\336\244\071\151\362\230\072
-\054\012\000
-END
-CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
-CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE
-CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
-
-# Trust for "China Financial CA"
-# Issuer: O=CFCA GT CA,C=CN
-# Serial Number: 429472831 (0x19993c3f)
-# Subject: O=CFCA GT CA,C=CN
-# Not Valid Before: Mon Jun 13 08:15:09 2011
-# Not Valid After : Tue Jun 09 08:15:09 2026
-# Fingerprint (SHA-256): 07:71:92:0C:8C:B8:74:D5:C5:A4:DC:0D:6A:51:A2:D4:95:D3:8C:4D:E2:CD:5B:83:D2:A0:6F:AA:05:19:35:F6
-# Fingerprint (SHA1): EA:BD:A2:40:44:0A:BB:D6:94:93:0A:01:D0:97:64:C6:C2:D7:79:66
-CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
-CKA_TOKEN CK_BBOOL CK_TRUE
-CKA_PRIVATE CK_BBOOL CK_FALSE
-CKA_MODIFIABLE CK_BBOOL CK_FALSE
-CKA_LABEL UTF8 "China Financial CA"
-CKA_CERT_SHA1_HASH MULTILINE_OCTAL
-\352\275\242\100\104\012\273\326\224\223\012\001\320\227\144\306
-\302\327\171\146
-END
-CKA_CERT_MD5_HASH MULTILINE_OCTAL
-\054\315\363\305\131\246\204\144\240\147\120\377\113\114\326\024
-END
-CKA_ISSUER MULTILINE_OCTAL
-\060\042\061\013\060\011\006\003\125\004\006\023\002\103\116\061
-\023\060\021\006\003\125\004\012\023\012\103\106\103\101\040\107
-\124\040\103\101
-END
-CKA_SERIAL_NUMBER MULTILINE_OCTAL
-\002\004\031\231\074\077
-END
-CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
-CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
-CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
-CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
-
-
 #
 # Certificate "Inera AB"
 #
@@ -14819,274 +14174,6 @@ CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
 CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
 
 
-#
-# Certificate "thawte Primary Root CA - G2"
-#
-# Issuer: CN=thawte Primary Root CA - G2,OU="(c) 2007 thawte, Inc. - For authorized use only",O="thawte, Inc.",C=US
-# Serial Number:35:fc:26:5c:d9:84:4f:c9:3d:26:3d:57:9b:ae:d7:56
-# Subject: CN=thawte Primary Root CA - G2,OU="(c) 2007 thawte, Inc. - For authorized use only",O="thawte, Inc.",C=US
-# Not Valid Before: Mon Nov 05 00:00:00 2007
-# Not Valid After : Mon Jan 18 23:59:59 2038
-# Fingerprint (SHA-256): A4:31:0D:50:AF:18:A6:44:71:90:37:2A:86:AF:AF:8B:95:1F:FB:43:1D:83:7F:1E:56:88:B4:59:71:ED:15:57
-# Fingerprint (SHA1): AA:DB:BC:22:23:8F:C4:01:A1:27:BB:38:DD:F4:1D:DB:08:9E:F0:12
-CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
-CKA_TOKEN CK_BBOOL CK_TRUE
-CKA_PRIVATE CK_BBOOL CK_FALSE
-CKA_MODIFIABLE CK_BBOOL CK_FALSE
-CKA_LABEL UTF8 "thawte Primary Root CA - G2"
-CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
-CKA_SUBJECT MULTILINE_OCTAL
-\060\201\204\061\013\060\011\006\003\125\004\006\023\002\125\123
-\061\025\060\023\006\003\125\004\012\023\014\164\150\141\167\164
-\145\054\040\111\156\143\056\061\070\060\066\006\003\125\004\013
-\023\057\050\143\051\040\062\060\060\067\040\164\150\141\167\164
-\145\054\040\111\156\143\056\040\055\040\106\157\162\040\141\165
-\164\150\157\162\151\172\145\144\040\165\163\145\040\157\156\154
-\171\061\044\060\042\006\003\125\004\003\023\033\164\150\141\167
-\164\145\040\120\162\151\155\141\162\171\040\122\157\157\164\040
-\103\101\040\055\040\107\062
-END
-CKA_ID UTF8 "0"
-CKA_ISSUER MULTILINE_OCTAL
-\060\201\204\061\013\060\011\006\003\125\004\006\023\002\125\123
-\061\025\060\023\006\003\125\004\012\023\014\164\150\141\167\164
-\145\054\040\111\156\143\056\061\070\060\066\006\003\125\004\013
-\023\057\050\143\051\040\062\060\060\067\040\164\150\141\167\164
-\145\054\040\111\156\143\056\040\055\040\106\157\162\040\141\165
-\164\150\157\162\151\172\145\144\040\165\163\145\040\157\156\154
-\171\061\044\060\042\006\003\125\004\003\023\033\164\150\141\167
-\164\145\040\120\162\151\155\141\162\171\040\122\157\157\164\040
-\103\101\040\055\040\107\062
-END
-CKA_SERIAL_NUMBER MULTILINE_OCTAL
-\002\020\065\374\046\134\331\204\117\311\075\046\075\127\233\256
-\327\126
-END
-CKA_VALUE MULTILINE_OCTAL
-\060\202\002\210\060\202\002\015\240\003\002\001\002\002\020\065
-\374\046\134\331\204\117\311\075\046\075\127\233\256\327\126\060
-\012\006\010\052\206\110\316\075\004\003\003\060\201\204\061\013
-\060\011\006\003\125\004\006\023\002\125\123\061\025\060\023\006
-\003\125\004\012\023\014\164\150\141\167\164\145\054\040\111\156
-\143\056\061\070\060\066\006\003\125\004\013\023\057\050\143\051
-\040\062\060\060\067\040\164\150\141\167\164\145\054\040\111\156
-\143\056\040\055\040\106\157\162\040\141\165\164\150\157\162\151
-\172\145\144\040\165\163\145\040\157\156\154\171\061\044\060\042
-\006\003\125\004\003\023\033\164\150\141\167\164\145\040\120\162
-\151\155\141\162\171\040\122\157\157\164\040\103\101\040\055\040
-\107\062\060\036\027\015\060\067\061\061\060\065\060\060\060\060
-\060\060\132\027\015\063\070\060\061\061\070\062\063\065\071\065
-\071\132\060\201\204\061\013\060\011\006\003\125\004\006\023\002
-\125\123\061\025\060\023\006\003\125\004\012\023\014\164\150\141
-\167\164\145\054\040\111\156\143\056\061\070\060\066\006\003\125
-\004\013\023\057\050\143\051\040\062\060\060\067\040\164\150\141
-\167\164\145\054\040\111\156\143\056\040\055\040\106\157\162\040
-\141\165\164\150\157\162\151\172\145\144\040\165\163\145\040\157
-\156\154\171\061\044\060\042\006\003\125\004\003\023\033\164\150
-\141\167\164\145\040\120\162\151\155\141\162\171\040\122\157\157
-\164\040\103\101\040\055\040\107\062\060\166\060\020\006\007\052
-\206\110\316\075\002\001\006\005\053\201\004\000\042\003\142\000
-\004\242\325\234\202\173\225\235\361\122\170\207\376\212\026\277
-\005\346\337\243\002\117\015\007\306\000\121\272\014\002\122\055
-\042\244\102\071\304\376\217\352\311\301\276\324\115\377\237\172
-\236\342\261\174\232\255\247\206\011\163\207\321\347\232\343\172
-\245\252\156\373\272\263\160\300\147\210\242\065\324\243\232\261
-\375\255\302\357\061\372\250\271\363\373\010\306\221\321\373\051
-\225\243\102\060\100\060\017\006\003\125\035\023\001\001\377\004
-\005\060\003\001\001\377\060\016\006\003\125\035\017\001\001\377
-\004\004\003\002\001\006\060\035\006\003\125\035\016\004\026\004
-\024\232\330\000\060\000\347\153\177\205\030\356\213\266\316\212
-\014\370\021\341\273\060\012\006\010\052\206\110\316\075\004\003
-\003\003\151\000\060\146\002\061\000\335\370\340\127\107\133\247
-\346\012\303\275\365\200\212\227\065\015\033\211\074\124\206\167
-\050\312\241\364\171\336\265\346\070\260\360\145\160\214\177\002
-\124\302\277\377\330\241\076\331\317\002\061\000\304\215\224\374
-\334\123\322\334\235\170\026\037\025\063\043\123\122\343\132\061
-\135\235\312\256\275\023\051\104\015\047\133\250\347\150\234\022
-\367\130\077\056\162\002\127\243\217\241\024\056
-END
-CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
-CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE
-CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
-
-# Trust for "thawte Primary Root CA - G2"
-# Issuer: CN=thawte Primary Root CA - G2,OU="(c) 2007 thawte, Inc. - For authorized use only",O="thawte, Inc.",C=US
-# Serial Number:35:fc:26:5c:d9:84:4f:c9:3d:26:3d:57:9b:ae:d7:56
-# Subject: CN=thawte Primary Root CA - G2,OU="(c) 2007 thawte, Inc. - For authorized use only",O="thawte, Inc.",C=US
-# Not Valid Before: Mon Nov 05 00:00:00 2007
-# Not Valid After : Mon Jan 18 23:59:59 2038
-# Fingerprint (SHA-256): A4:31:0D:50:AF:18:A6:44:71:90:37:2A:86:AF:AF:8B:95:1F:FB:43:1D:83:7F:1E:56:88:B4:59:71:ED:15:57
-# Fingerprint (SHA1): AA:DB:BC:22:23:8F:C4:01:A1:27:BB:38:DD:F4:1D:DB:08:9E:F0:12
-CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
-CKA_TOKEN CK_BBOOL CK_TRUE
-CKA_PRIVATE CK_BBOOL CK_FALSE
-CKA_MODIFIABLE CK_BBOOL CK_FALSE
-CKA_LABEL UTF8 "thawte Primary Root CA - G2"
-CKA_CERT_SHA1_HASH MULTILINE_OCTAL
-\252\333\274\042\043\217\304\001\241\047\273\070\335\364\035\333
-\010\236\360\022
-END
-CKA_CERT_MD5_HASH MULTILINE_OCTAL
-\164\235\352\140\044\304\375\042\123\076\314\072\162\331\051\117
-END
-CKA_ISSUER MULTILINE_OCTAL
-\060\201\204\061\013\060\011\006\003\125\004\006\023\002\125\123
-\061\025\060\023\006\003\125\004\012\023\014\164\150\141\167\164
-\145\054\040\111\156\143\056\061\070\060\066\006\003\125\004\013
-\023\057\050\143\051\040\062\060\060\067\040\164\150\141\167\164
-\145\054\040\111\156\143\056\040\055\040\106\157\162\040\141\165
-\164\150\157\162\151\172\145\144\040\165\163\145\040\157\156\154
-\171\061\044\060\042\006\003\125\004\003\023\033\164\150\141\167
-\164\145\040\120\162\151\155\141\162\171\040\122\157\157\164\040
-\103\101\040\055\040\107\062
-END
-CKA_SERIAL_NUMBER MULTILINE_OCTAL
-\002\020\065\374\046\134\331\204\117\311\075\046\075\127\233\256
-\327\126
-END
-CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
-CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
-CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
-CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
-
-
-#
-# Certificate "GeoTrust Primary Certification Authority - G2"
-#
-# Issuer: CN=GeoTrust Primary Certification Authority - G2,OU=(c) 2007 GeoTrust Inc. - For authorized use only,O=GeoTrust Inc.,C=US
-# Serial Number:3c:b2:f4:48:0a:00:e2:fe:eb:24:3b:5e:60:3e:c3:6b
-# Subject: CN=GeoTrust Primary Certification Authority - G2,OU=(c) 2007 GeoTrust Inc. - For authorized use only,O=GeoTrust Inc.,C=US
-# Not Valid Before: Mon Nov 05 00:00:00 2007
-# Not Valid After : Mon Jan 18 23:59:59 2038
-# Fingerprint (SHA-256): 5E:DB:7A:C4:3B:82:A0:6A:87:61:E8:D7:BE:49:79:EB:F2:61:1F:7D:D7:9B:F9:1C:1C:6B:56:6A:21:9E:D7:66
-# Fingerprint (SHA1): 8D:17:84:D5:37:F3:03:7D:EC:70:FE:57:8B:51:9A:99:E6:10:D7:B0
-CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
-CKA_TOKEN CK_BBOOL CK_TRUE
-CKA_PRIVATE CK_BBOOL CK_FALSE
-CKA_MODIFIABLE CK_BBOOL CK_FALSE
-CKA_LABEL UTF8 "GeoTrust Primary Certification Authority - G2"
-CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
-CKA_SUBJECT MULTILINE_OCTAL
-\060\201\230\061\013\060\011\006\003\125\004\006\023\002\125\123
-\061\026\060\024\006\003\125\004\012\023\015\107\145\157\124\162
-\165\163\164\040\111\156\143\056\061\071\060\067\006\003\125\004
-\013\023\060\050\143\051\040\062\060\060\067\040\107\145\157\124
-\162\165\163\164\040\111\156\143\056\040\055\040\106\157\162\040
-\141\165\164\150\157\162\151\172\145\144\040\165\163\145\040\157
-\156\154\171\061\066\060\064\006\003\125\004\003\023\055\107\145
-\157\124\162\165\163\164\040\120\162\151\155\141\162\171\040\103
-\145\162\164\151\146\151\143\141\164\151\157\156\040\101\165\164
-\150\157\162\151\164\171\040\055\040\107\062
-END
-CKA_ID UTF8 "0"
-CKA_ISSUER MULTILINE_OCTAL
-\060\201\230\061\013\060\011\006\003\125\004\006\023\002\125\123
-\061\026\060\024\006\003\125\004\012\023\015\107\145\157\124\162
-\165\163\164\040\111\156\143\056\061\071\060\067\006\003\125\004
-\013\023\060\050\143\051\040\062\060\060\067\040\107\145\157\124
-\162\165\163\164\040\111\156\143\056\040\055\040\106\157\162\040
-\141\165\164\150\157\162\151\172\145\144\040\165\163\145\040\157
-\156\154\171\061\066\060\064\006\003\125\004\003\023\055\107\145
-\157\124\162\165\163\164\040\120\162\151\155\141\162\171\040\103
-\145\162\164\151\146\151\143\141\164\151\157\156\040\101\165\164
-\150\157\162\151\164\171\040\055\040\107\062
-END
-CKA_SERIAL_NUMBER MULTILINE_OCTAL
-\002\020\074\262\364\110\012\000\342\376\353\044\073\136\140\076
-\303\153
-END
-CKA_VALUE MULTILINE_OCTAL
-\060\202\002\256\060\202\002\065\240\003\002\001\002\002\020\074
-\262\364\110\012\000\342\376\353\044\073\136\140\076\303\153\060
-\012\006\010\052\206\110\316\075\004\003\003\060\201\230\061\013
-\060\011\006\003\125\004\006\023\002\125\123\061\026\060\024\006
-\003\125\004\012\023\015\107\145\157\124\162\165\163\164\040\111
-\156\143\056\061\071\060\067\006\003\125\004\013\023\060\050\143
-\051\040\062\060\060\067\040\107\145\157\124\162\165\163\164\040
-\111\156\143\056\040\055\040\106\157\162\040\141\165\164\150\157
-\162\151\172\145\144\040\165\163\145\040\157\156\154\171\061\066
-\060\064\006\003\125\004\003\023\055\107\145\157\124\162\165\163
-\164\040\120\162\151\155\141\162\171\040\103\145\162\164\151\146
-\151\143\141\164\151\157\156\040\101\165\164\150\157\162\151\164
-\171\040\055\040\107\062\060\036\027\015\060\067\061\061\060\065
-\060\060\060\060\060\060\132\027\015\063\070\060\061\061\070\062
-\063\065\071\065\071\132\060\201\230\061\013\060\011\006\003\125
-\004\006\023\002\125\123\061\026\060\024\006\003\125\004\012\023
-\015\107\145\157\124\162\165\163\164\040\111\156\143\056\061\071
-\060\067\006\003\125\004\013\023\060\050\143\051\040\062\060\060
-\067\040\107\145\157\124\162\165\163\164\040\111\156\143\056\040
-\055\040\106\157\162\040\141\165\164\150\157\162\151\172\145\144
-\040\165\163\145\040\157\156\154\171\061\066\060\064\006\003\125
-\004\003\023\055\107\145\157\124\162\165\163\164\040\120\162\151
-\155\141\162\171\040\103\145\162\164\151\146\151\143\141\164\151
-\157\156\040\101\165\164\150\157\162\151\164\171\040\055\040\107
-\062\060\166\060\020\006\007\052\206\110\316\075\002\001\006\005
-\053\201\004\000\042\003\142\000\004\025\261\350\375\003\025\103
-\345\254\353\207\067\021\142\357\322\203\066\122\175\105\127\013
-\112\215\173\124\073\072\156\137\025\002\300\120\246\317\045\057
-\175\312\110\270\307\120\143\034\052\041\010\174\232\066\330\013
-\376\321\046\305\130\061\060\050\045\363\135\135\243\270\266\245
-\264\222\355\154\054\237\353\335\103\211\242\074\113\110\221\035
-\120\354\046\337\326\140\056\275\041\243\102\060\100\060\017\006
-\003\125\035\023\001\001\377\004\005\060\003\001\001\377\060\016
-\006\003\125\035\017\001\001\377\004\004\003\002\001\006\060\035
-\006\003\125\035\016\004\026\004\024\025\137\065\127\121\125\373
-\045\262\255\003\151\374\001\243\372\276\021\125\325\060\012\006
-\010\052\206\110\316\075\004\003\003\003\147\000\060\144\002\060
-\144\226\131\246\350\011\336\213\272\372\132\210\210\360\037\221
-\323\106\250\362\112\114\002\143\373\154\137\070\333\056\101\223
-\251\016\346\235\334\061\034\262\240\247\030\034\171\341\307\066
-\002\060\072\126\257\232\164\154\366\373\203\340\063\323\010\137
-\241\234\302\133\237\106\326\266\313\221\006\143\242\006\347\063
-\254\076\250\201\022\320\313\272\320\222\013\266\236\226\252\004
-\017\212
-END
-CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
-CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE
-CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
-
-# Trust for "GeoTrust Primary Certification Authority - G2"
-# Issuer: CN=GeoTrust Primary Certification Authority - G2,OU=(c) 2007 GeoTrust Inc. - For authorized use only,O=GeoTrust Inc.,C=US
-# Serial Number:3c:b2:f4:48:0a:00:e2:fe:eb:24:3b:5e:60:3e:c3:6b
-# Subject: CN=GeoTrust Primary Certification Authority - G2,OU=(c) 2007 GeoTrust Inc. - For authorized use only,O=GeoTrust Inc.,C=US
-# Not Valid Before: Mon Nov 05 00:00:00 2007
-# Not Valid After : Mon Jan 18 23:59:59 2038
-# Fingerprint (SHA-256): 5E:DB:7A:C4:3B:82:A0:6A:87:61:E8:D7:BE:49:79:EB:F2:61:1F:7D:D7:9B:F9:1C:1C:6B:56:6A:21:9E:D7:66
-# Fingerprint (SHA1): 8D:17:84:D5:37:F3:03:7D:EC:70:FE:57:8B:51:9A:99:E6:10:D7:B0
-CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
-CKA_TOKEN CK_BBOOL CK_TRUE
-CKA_PRIVATE CK_BBOOL CK_FALSE
-CKA_MODIFIABLE CK_BBOOL CK_FALSE
-CKA_LABEL UTF8 "GeoTrust Primary Certification Authority - G2"
-CKA_CERT_SHA1_HASH MULTILINE_OCTAL
-\215\027\204\325\067\363\003\175\354\160\376\127\213\121\232\231
-\346\020\327\260
-END
-CKA_CERT_MD5_HASH MULTILINE_OCTAL
-\001\136\330\153\275\157\075\216\241\061\370\022\340\230\163\152
-END
-CKA_ISSUER MULTILINE_OCTAL
-\060\201\230\061\013\060\011\006\003\125\004\006\023\002\125\123
-\061\026\060\024\006\003\125\004\012\023\015\107\145\157\124\162
-\165\163\164\040\111\156\143\056\061\071\060\067\006\003\125\004
-\013\023\060\050\143\051\040\062\060\060\067\040\107\145\157\124
-\162\165\163\164\040\111\156\143\056\040\055\040\106\157\162\040
-\141\165\164\150\157\162\151\172\145\144\040\165\163\145\040\157
-\156\154\171\061\066\060\064\006\003\125\004\003\023\055\107\145
-\157\124\162\165\163\164\040\120\162\151\155\141\162\171\040\103
-\145\162\164\151\146\151\143\141\164\151\157\156\040\101\165\164
-\150\157\162\151\164\171\040\055\040\107\062
-END
-CKA_SERIAL_NUMBER MULTILINE_OCTAL
-\002\020\074\262\364\110\012\000\342\376\353\044\073\136\140\076
-\303\153
-END
-CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
-CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
-CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
-CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
-
-
 #
 # Certificate "VeriSign Universal Root Certification Authority"
 #
@@ -15262,330 +14349,6 @@ CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
 CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
 
 
-#
-# Certificate "thawte Primary Root CA - G3"
-#
-# Issuer: CN=thawte Primary Root CA - G3,OU="(c) 2008 thawte, Inc. - For authorized use only",OU=Certification Services Division,O="thawte, Inc.",C=US
-# Serial Number:60:01:97:b7:46:a7:ea:b4:b4:9a:d6:4b:2f:f7:90:fb
-# Subject: CN=thawte Primary Root CA - G3,OU="(c) 2008 thawte, Inc. - For authorized use only",OU=Certification Services Division,O="thawte, Inc.",C=US
-# Not Valid Before: Wed Apr 02 00:00:00 2008
-# Not Valid After : Tue Dec 01 23:59:59 2037
-# Fingerprint (SHA-256): 4B:03:F4:58:07:AD:70:F2:1B:FC:2C:AE:71:C9:FD:E4:60:4C:06:4C:F5:FF:B6:86:BA:E5:DB:AA:D7:FD:D3:4C
-# Fingerprint (SHA1): F1:8B:53:8D:1B:E9:03:B6:A6:F0:56:43:5B:17:15:89:CA:F3:6B:F2
-CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
-CKA_TOKEN CK_BBOOL CK_TRUE
-CKA_PRIVATE CK_BBOOL CK_FALSE
-CKA_MODIFIABLE CK_BBOOL CK_FALSE
-CKA_LABEL UTF8 "thawte Primary Root CA - G3"
-CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
-CKA_SUBJECT MULTILINE_OCTAL
-\060\201\256\061\013\060\011\006\003\125\004\006\023\002\125\123
-\061\025\060\023\006\003\125\004\012\023\014\164\150\141\167\164
-\145\054\040\111\156\143\056\061\050\060\046\006\003\125\004\013
-\023\037\103\145\162\164\151\146\151\143\141\164\151\157\156\040
-\123\145\162\166\151\143\145\163\040\104\151\166\151\163\151\157
-\156\061\070\060\066\006\003\125\004\013\023\057\050\143\051\040
-\062\060\060\070\040\164\150\141\167\164\145\054\040\111\156\143
-\056\040\055\040\106\157\162\040\141\165\164\150\157\162\151\172
-\145\144\040\165\163\145\040\157\156\154\171\061\044\060\042\006
-\003\125\004\003\023\033\164\150\141\167\164\145\040\120\162\151
-\155\141\162\171\040\122\157\157\164\040\103\101\040\055\040\107
-\063
-END
-CKA_ID UTF8 "0"
-CKA_ISSUER MULTILINE_OCTAL
-\060\201\256\061\013\060\011\006\003\125\004\006\023\002\125\123
-\061\025\060\023\006\003\125\004\012\023\014\164\150\141\167\164
-\145\054\040\111\156\143\056\061\050\060\046\006\003\125\004\013
-\023\037\103\145\162\164\151\146\151\143\141\164\151\157\156\040
-\123\145\162\166\151\143\145\163\040\104\151\166\151\163\151\157
-\156\061\070\060\066\006\003\125\004\013\023\057\050\143\051\040
-\062\060\060\070\040\164\150\141\167\164\145\054\040\111\156\143
-\056\040\055\040\106\157\162\040\141\165\164\150\157\162\151\172
-\145\144\040\165\163\145\040\157\156\154\171\061\044\060\042\006
-\003\125\004\003\023\033\164\150\141\167\164\145\040\120\162\151
-\155\141\162\171\040\122\157\157\164\040\103\101\040\055\040\107
-\063
-END
-CKA_SERIAL_NUMBER MULTILINE_OCTAL
-\002\020\140\001\227\267\106\247\352\264\264\232\326\113\057\367
-\220\373
-END
-CKA_VALUE MULTILINE_OCTAL
-\060\202\004\052\060\202\003\022\240\003\002\001\002\002\020\140
-\001\227\267\106\247\352\264\264\232\326\113\057\367\220\373\060
-\015\006\011\052\206\110\206\367\015\001\001\013\005\000\060\201
-\256\061\013\060\011\006\003\125\004\006\023\002\125\123\061\025
-\060\023\006\003\125\004\012\023\014\164\150\141\167\164\145\054
-\040\111\156\143\056\061\050\060\046\006\003\125\004\013\023\037
-\103\145\162\164\151\146\151\143\141\164\151\157\156\040\123\145
-\162\166\151\143\145\163\040\104\151\166\151\163\151\157\156\061
-\070\060\066\006\003\125\004\013\023\057\050\143\051\040\062\060
-\060\070\040\164\150\141\167\164\145\054\040\111\156\143\056\040
-\055\040\106\157\162\040\141\165\164\150\157\162\151\172\145\144
-\040\165\163\145\040\157\156\154\171\061\044\060\042\006\003\125
-\004\003\023\033\164\150\141\167\164\145\040\120\162\151\155\141
-\162\171\040\122\157\157\164\040\103\101\040\055\040\107\063\060
-\036\027\015\060\070\060\064\060\062\060\060\060\060\060\060\132
-\027\015\063\067\061\062\060\061\062\063\065\071\065\071\132\060
-\201\256\061\013\060\011\006\003\125\004\006\023\002\125\123\061
-\025\060\023\006\003\125\004\012\023\014\164\150\141\167\164\145
-\054\040\111\156\143\056\061\050\060\046\006\003\125\004\013\023
-\037\103\145\162\164\151\146\151\143\141\164\151\157\156\040\123
-\145\162\166\151\143\145\163\040\104\151\166\151\163\151\157\156
-\061\070\060\066\006\003\125\004\013\023\057\050\143\051\040\062
-\060\060\070\040\164\150\141\167\164\145\054\040\111\156\143\056
-\040\055\040\106\157\162\040\141\165\164\150\157\162\151\172\145
-\144\040\165\163\145\040\157\156\154\171\061\044\060\042\006\003
-\125\004\003\023\033\164\150\141\167\164\145\040\120\162\151\155
-\141\162\171\040\122\157\157\164\040\103\101\040\055\040\107\063
-\060\202\001\042\060\015\006\011\052\206\110\206\367\015\001\001
-\001\005\000\003\202\001\017\000\060\202\001\012\002\202\001\001
-\000\262\277\047\054\373\333\330\133\335\170\173\033\236\167\146
-\201\313\076\274\174\256\363\246\047\232\064\243\150\061\161\070
-\063\142\344\363\161\146\171\261\251\145\243\245\213\325\217\140
-\055\077\102\314\252\153\062\300\043\313\054\101\335\344\337\374
-\141\234\342\163\262\042\225\021\103\030\137\304\266\037\127\154
-\012\005\130\042\310\066\114\072\174\245\321\317\206\257\210\247
-\104\002\023\164\161\163\012\102\131\002\370\033\024\153\102\337
-\157\137\272\153\202\242\235\133\347\112\275\036\001\162\333\113
-\164\350\073\177\177\175\037\004\264\046\233\340\264\132\254\107
-\075\125\270\327\260\046\122\050\001\061\100\146\330\331\044\275
-\366\052\330\354\041\111\134\233\366\172\351\177\125\065\176\226
-\153\215\223\223\047\313\222\273\352\254\100\300\237\302\370\200
-\317\135\364\132\334\316\164\206\246\076\154\013\123\312\275\222
-\316\031\006\162\346\014\134\070\151\307\004\326\274\154\316\133
-\366\367\150\234\334\045\025\110\210\241\351\251\370\230\234\340
-\363\325\061\050\141\021\154\147\226\215\071\231\313\302\105\044
-\071\002\003\001\000\001\243\102\060\100\060\017\006\003\125\035
-\023\001\001\377\004\005\060\003\001\001\377\060\016\006\003\125
-\035\017\001\001\377\004\004\003\002\001\006\060\035\006\003\125
-\035\016\004\026\004\024\255\154\252\224\140\234\355\344\377\372
-\076\012\164\053\143\003\367\266\131\277\060\015\006\011\052\206
-\110\206\367\015\001\001\013\005\000\003\202\001\001\000\032\100
-\330\225\145\254\011\222\211\306\071\364\020\345\251\016\146\123
-\135\170\336\372\044\221\273\347\104\121\337\306\026\064\012\357
-\152\104\121\352\053\007\212\003\172\303\353\077\012\054\122\026
-\240\053\103\271\045\220\077\160\251\063\045\155\105\032\050\073
-\047\317\252\303\051\102\033\337\073\114\300\063\064\133\101\210
-\277\153\053\145\257\050\357\262\365\303\252\146\316\173\126\356
-\267\310\313\147\301\311\234\032\030\270\304\303\111\003\361\140
-\016\120\315\106\305\363\167\171\367\266\025\340\070\333\307\057
-\050\240\014\077\167\046\164\331\045\022\332\061\332\032\036\334
-\051\101\221\042\074\151\247\273\002\362\266\134\047\003\211\364
-\006\352\233\344\162\202\343\241\011\301\351\000\031\323\076\324
-\160\153\272\161\246\252\130\256\364\273\351\154\266\357\207\314
-\233\273\377\071\346\126\141\323\012\247\304\134\114\140\173\005
-\167\046\172\277\330\007\122\054\142\367\160\143\331\071\274\157
-\034\302\171\334\166\051\257\316\305\054\144\004\136\210\066\156
-\061\324\100\032\142\064\066\077\065\001\256\254\143\240
-END
-CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
-CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE
-CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
-
-# Trust for "thawte Primary Root CA - G3"
-# Issuer: CN=thawte Primary Root CA - G3,OU="(c) 2008 thawte, Inc. - For authorized use only",OU=Certification Services Division,O="thawte, Inc.",C=US
-# Serial Number:60:01:97:b7:46:a7:ea:b4:b4:9a:d6:4b:2f:f7:90:fb
-# Subject: CN=thawte Primary Root CA - G3,OU="(c) 2008 thawte, Inc. - For authorized use only",OU=Certification Services Division,O="thawte, Inc.",C=US
-# Not Valid Before: Wed Apr 02 00:00:00 2008
-# Not Valid After : Tue Dec 01 23:59:59 2037
-# Fingerprint (SHA-256): 4B:03:F4:58:07:AD:70:F2:1B:FC:2C:AE:71:C9:FD:E4:60:4C:06:4C:F5:FF:B6:86:BA:E5:DB:AA:D7:FD:D3:4C
-# Fingerprint (SHA1): F1:8B:53:8D:1B:E9:03:B6:A6:F0:56:43:5B:17:15:89:CA:F3:6B:F2
-CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
-CKA_TOKEN CK_BBOOL CK_TRUE
-CKA_PRIVATE CK_BBOOL CK_FALSE
-CKA_MODIFIABLE CK_BBOOL CK_FALSE
-CKA_LABEL UTF8 "thawte Primary Root CA - G3"
-CKA_CERT_SHA1_HASH MULTILINE_OCTAL
-\361\213\123\215\033\351\003\266\246\360\126\103\133\027\025\211
-\312\363\153\362
-END
-CKA_CERT_MD5_HASH MULTILINE_OCTAL
-\373\033\135\103\212\224\315\104\306\166\362\103\113\107\347\061
-END
-CKA_ISSUER MULTILINE_OCTAL
-\060\201\256\061\013\060\011\006\003\125\004\006\023\002\125\123
-\061\025\060\023\006\003\125\004\012\023\014\164\150\141\167\164
-\145\054\040\111\156\143\056\061\050\060\046\006\003\125\004\013
-\023\037\103\145\162\164\151\146\151\143\141\164\151\157\156\040
-\123\145\162\166\151\143\145\163\040\104\151\166\151\163\151\157
-\156\061\070\060\066\006\003\125\004\013\023\057\050\143\051\040
-\062\060\060\070\040\164\150\141\167\164\145\054\040\111\156\143
-\056\040\055\040\106\157\162\040\141\165\164\150\157\162\151\172
-\145\144\040\165\163\145\040\157\156\154\171\061\044\060\042\006
-\003\125\004\003\023\033\164\150\141\167\164\145\040\120\162\151
-\155\141\162\171\040\122\157\157\164\040\103\101\040\055\040\107
-\063
-END
-CKA_SERIAL_NUMBER MULTILINE_OCTAL
-\002\020\140\001\227\267\106\247\352\264\264\232\326\113\057\367
-\220\373
-END
-CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
-CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
-CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
-CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
-
-
-#
-# Certificate "GeoTrust Primary Certification Authority - G3"
-#
-# Issuer: CN=GeoTrust Primary Certification Authority - G3,OU=(c) 2008 GeoTrust Inc. - For authorized use only,O=GeoTrust Inc.,C=US
-# Serial Number:15:ac:6e:94:19:b2:79:4b:41:f6:27:a9:c3:18:0f:1f
-# Subject: CN=GeoTrust Primary Certification Authority - G3,OU=(c) 2008 GeoTrust Inc. - For authorized use only,O=GeoTrust Inc.,C=US
-# Not Valid Before: Wed Apr 02 00:00:00 2008
-# Not Valid After : Tue Dec 01 23:59:59 2037
-# Fingerprint (SHA-256): B4:78:B8:12:25:0D:F8:78:63:5C:2A:A7:EC:7D:15:5E:AA:62:5E:E8:29:16:E2:CD:29:43:61:88:6C:D1:FB:D4
-# Fingerprint (SHA1): 03:9E:ED:B8:0B:E7:A0:3C:69:53:89:3B:20:D2:D9:32:3A:4C:2A:FD
-CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
-CKA_TOKEN CK_BBOOL CK_TRUE
-CKA_PRIVATE CK_BBOOL CK_FALSE
-CKA_MODIFIABLE CK_BBOOL CK_FALSE
-CKA_LABEL UTF8 "GeoTrust Primary Certification Authority - G3"
-CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
-CKA_SUBJECT MULTILINE_OCTAL
-\060\201\230\061\013\060\011\006\003\125\004\006\023\002\125\123
-\061\026\060\024\006\003\125\004\012\023\015\107\145\157\124\162
-\165\163\164\040\111\156\143\056\061\071\060\067\006\003\125\004
-\013\023\060\050\143\051\040\062\060\060\070\040\107\145\157\124
-\162\165\163\164\040\111\156\143\056\040\055\040\106\157\162\040
-\141\165\164\150\157\162\151\172\145\144\040\165\163\145\040\157
-\156\154\171\061\066\060\064\006\003\125\004\003\023\055\107\145
-\157\124\162\165\163\164\040\120\162\151\155\141\162\171\040\103
-\145\162\164\151\146\151\143\141\164\151\157\156\040\101\165\164
-\150\157\162\151\164\171\040\055\040\107\063
-END
-CKA_ID UTF8 "0"
-CKA_ISSUER MULTILINE_OCTAL
-\060\201\230\061\013\060\011\006\003\125\004\006\023\002\125\123
-\061\026\060\024\006\003\125\004\012\023\015\107\145\157\124\162
-\165\163\164\040\111\156\143\056\061\071\060\067\006\003\125\004
-\013\023\060\050\143\051\040\062\060\060\070\040\107\145\157\124
-\162\165\163\164\040\111\156\143\056\040\055\040\106\157\162\040
-\141\165\164\150\157\162\151\172\145\144\040\165\163\145\040\157
-\156\154\171\061\066\060\064\006\003\125\004\003\023\055\107\145
-\157\124\162\165\163\164\040\120\162\151\155\141\162\171\040\103
-\145\162\164\151\146\151\143\141\164\151\157\156\040\101\165\164
-\150\157\162\151\164\171\040\055\040\107\063
-END
-CKA_SERIAL_NUMBER MULTILINE_OCTAL
-\002\020\025\254\156\224\031\262\171\113\101\366\047\251\303\030
-\017\037
-END
-CKA_VALUE MULTILINE_OCTAL
-\060\202\003\376\060\202\002\346\240\003\002\001\002\002\020\025
-\254\156\224\031\262\171\113\101\366\047\251\303\030\017\037\060
-\015\006\011\052\206\110\206\367\015\001\001\013\005\000\060\201
-\230\061\013\060\011\006\003\125\004\006\023\002\125\123\061\026
-\060\024\006\003\125\004\012\023\015\107\145\157\124\162\165\163
-\164\040\111\156\143\056\061\071\060\067\006\003\125\004\013\023
-\060\050\143\051\040\062\060\060\070\040\107\145\157\124\162\165
-\163\164\040\111\156\143\056\040\055\040\106\157\162\040\141\165
-\164\150\157\162\151\172\145\144\040\165\163\145\040\157\156\154
-\171\061\066\060\064\006\003\125\004\003\023\055\107\145\157\124
-\162\165\163\164\040\120\162\151\155\141\162\171\040\103\145\162
-\164\151\146\151\143\141\164\151\157\156\040\101\165\164\150\157
-\162\151\164\171\040\055\040\107\063\060\036\027\015\060\070\060
-\064\060\062\060\060\060\060\060\060\132\027\015\063\067\061\062
-\060\061\062\063\065\071\065\071\132\060\201\230\061\013\060\011
-\006\003\125\004\006\023\002\125\123\061\026\060\024\006\003\125
-\004\012\023\015\107\145\157\124\162\165\163\164\040\111\156\143
-\056\061\071\060\067\006\003\125\004\013\023\060\050\143\051\040
-\062\060\060\070\040\107\145\157\124\162\165\163\164\040\111\156
-\143\056\040\055\040\106\157\162\040\141\165\164\150\157\162\151
-\172\145\144\040\165\163\145\040\157\156\154\171\061\066\060\064
-\006\003\125\004\003\023\055\107\145\157\124\162\165\163\164\040
-\120\162\151\155\141\162\171\040\103\145\162\164\151\146\151\143
-\141\164\151\157\156\040\101\165\164\150\157\162\151\164\171\040
-\055\040\107\063\060\202\001\042\060\015\006\011\052\206\110\206
-\367\015\001\001\001\005\000\003\202\001\017\000\060\202\001\012
-\002\202\001\001\000\334\342\136\142\130\035\063\127\071\062\063
-\372\353\313\207\214\247\324\112\335\006\210\352\144\216\061\230
-\245\070\220\036\230\317\056\143\053\360\106\274\104\262\211\241
-\300\050\014\111\160\041\225\237\144\300\246\223\022\002\145\046
-\206\306\245\211\360\372\327\204\240\160\257\117\032\227\077\006
-\104\325\311\353\162\020\175\344\061\050\373\034\141\346\050\007
-\104\163\222\042\151\247\003\210\154\235\143\310\122\332\230\047
-\347\010\114\160\076\264\311\022\301\305\147\203\135\063\363\003
-\021\354\152\320\123\342\321\272\066\140\224\200\273\141\143\154
-\133\027\176\337\100\224\036\253\015\302\041\050\160\210\377\326
-\046\154\154\140\004\045\116\125\176\175\357\277\224\110\336\267
-\035\335\160\215\005\137\210\245\233\362\302\356\352\321\100\101
-\155\142\070\035\126\006\305\003\107\121\040\031\374\173\020\013
-\016\142\256\166\125\277\137\167\276\076\111\001\123\075\230\045
-\003\166\044\132\035\264\333\211\352\171\345\266\263\073\077\272
-\114\050\101\177\006\254\152\216\301\320\366\005\035\175\346\102
-\206\343\245\325\107\002\003\001\000\001\243\102\060\100\060\017
-\006\003\125\035\023\001\001\377\004\005\060\003\001\001\377\060
-\016\006\003\125\035\017\001\001\377\004\004\003\002\001\006\060
-\035\006\003\125\035\016\004\026\004\024\304\171\312\216\241\116
-\003\035\034\334\153\333\061\133\224\076\077\060\177\055\060\015
-\006\011\052\206\110\206\367\015\001\001\013\005\000\003\202\001
-\001\000\055\305\023\317\126\200\173\172\170\275\237\256\054\231
-\347\357\332\337\224\136\011\151\247\347\156\150\214\275\162\276
-\107\251\016\227\022\270\112\361\144\323\071\337\045\064\324\301
-\315\116\201\360\017\004\304\044\263\064\226\306\246\252\060\337
-\150\141\163\327\371\216\205\211\357\016\136\225\050\112\052\047
-\217\020\216\056\174\206\304\002\236\332\014\167\145\016\104\015
-\222\375\375\263\026\066\372\021\015\035\214\016\007\211\152\051
-\126\367\162\364\335\025\234\167\065\146\127\253\023\123\330\216
-\301\100\305\327\023\026\132\162\307\267\151\001\304\172\261\203
-\001\150\175\215\101\241\224\030\301\045\134\374\360\376\203\002
-\207\174\015\015\317\056\010\134\112\100\015\076\354\201\141\346
-\044\333\312\340\016\055\007\262\076\126\334\215\365\101\205\007
-\110\233\014\013\313\111\077\175\354\267\375\313\215\147\211\032
-\253\355\273\036\243\000\010\010\027\052\202\134\061\135\106\212
-\055\017\206\233\164\331\105\373\324\100\261\172\252\150\055\206
-\262\231\042\341\301\053\307\234\370\363\137\250\202\022\353\031
-\021\055
-END
-CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
-CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE
-CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
-
-# Trust for "GeoTrust Primary Certification Authority - G3"
-# Issuer: CN=GeoTrust Primary Certification Authority - G3,OU=(c) 2008 GeoTrust Inc. - For authorized use only,O=GeoTrust Inc.,C=US
-# Serial Number:15:ac:6e:94:19:b2:79:4b:41:f6:27:a9:c3:18:0f:1f
-# Subject: CN=GeoTrust Primary Certification Authority - G3,OU=(c) 2008 GeoTrust Inc. - For authorized use only,O=GeoTrust Inc.,C=US
-# Not Valid Before: Wed Apr 02 00:00:00 2008
-# Not Valid After : Tue Dec 01 23:59:59 2037
-# Fingerprint (SHA-256): B4:78:B8:12:25:0D:F8:78:63:5C:2A:A7:EC:7D:15:5E:AA:62:5E:E8:29:16:E2:CD:29:43:61:88:6C:D1:FB:D4
-# Fingerprint (SHA1): 03:9E:ED:B8:0B:E7:A0:3C:69:53:89:3B:20:D2:D9:32:3A:4C:2A:FD
-CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
-CKA_TOKEN CK_BBOOL CK_TRUE
-CKA_PRIVATE CK_BBOOL CK_FALSE
-CKA_MODIFIABLE CK_BBOOL CK_FALSE
-CKA_LABEL UTF8 "GeoTrust Primary Certification Authority - G3"
-CKA_CERT_SHA1_HASH MULTILINE_OCTAL
-\003\236\355\270\013\347\240\074\151\123\211\073\040\322\331\062
-\072\114\052\375
-END
-CKA_CERT_MD5_HASH MULTILINE_OCTAL
-\265\350\064\066\311\020\104\130\110\160\155\056\203\324\270\005
-END
-CKA_ISSUER MULTILINE_OCTAL
-\060\201\230\061\013\060\011\006\003\125\004\006\023\002\125\123
-\061\026\060\024\006\003\125\004\012\023\015\107\145\157\124\162
-\165\163\164\040\111\156\143\056\061\071\060\067\006\003\125\004
-\013\023\060\050\143\051\040\062\060\060\070\040\107\145\157\124
-\162\165\163\164\040\111\156\143\056\040\055\040\106\157\162\040
-\141\165\164\150\157\162\151\172\145\144\040\165\163\145\040\157
-\156\154\171\061\066\060\064\006\003\125\004\003\023\055\107\145
-\157\124\162\165\163\164\040\120\162\151\155\141\162\171\040\103
-\145\162\164\151\146\151\143\141\164\151\157\156\040\101\165\164
-\150\157\162\151\164\171\040\055\040\107\063
-END
-CKA_SERIAL_NUMBER MULTILINE_OCTAL
-\002\020\025\254\156\224\031\262\171\113\101\366\047\251\303\030
-\017\037
-END
-CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
-CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
-CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
-CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
-
-
 #
 # Certificate "Chambers of Commerce Root - 2008"
 #
@@ -17071,177 +15834,6 @@ CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
 CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
 
 
-#
-# Certificate "Izenpe.com"
-#
-# Issuer: CN=Izenpe.com,O=IZENPE S.A.,C=ES
-# Serial Number:06:e8:46:27:2f:1f:0a:8f:d1:84:5c:e3:69:f6:d5
-# Subject: CN=Izenpe.com,O=IZENPE S.A.,C=ES
-# Not Valid Before: Thu Dec 13 13:08:27 2007
-# Not Valid After : Sun Dec 13 08:27:25 2037
-# Fingerprint (SHA-256): 23:80:42:03:CA:45:D8:CD:E7:16:B8:C1:3B:F3:B4:48:45:7F:A0:6C:C1:02:50:99:7F:A0:14:58:31:7C:41:E5
-# Fingerprint (SHA1): 30:77:9E:93:15:02:2E:94:85:6A:3F:F8:BC:F8:15:B0:82:F9:AE:FD
-CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
-CKA_TOKEN CK_BBOOL CK_TRUE
-CKA_PRIVATE CK_BBOOL CK_FALSE
-CKA_MODIFIABLE CK_BBOOL CK_FALSE
-CKA_LABEL UTF8 "Izenpe.com"
-CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
-CKA_SUBJECT MULTILINE_OCTAL
-\060\070\061\013\060\011\006\003\125\004\006\023\002\105\123\061
-\024\060\022\006\003\125\004\012\014\013\111\132\105\116\120\105
-\040\123\056\101\056\061\023\060\021\006\003\125\004\003\014\012
-\111\172\145\156\160\145\056\143\157\155
-END
-CKA_ID UTF8 "0"
-CKA_ISSUER MULTILINE_OCTAL
-\060\070\061\013\060\011\006\003\125\004\006\023\002\105\123\061
-\024\060\022\006\003\125\004\012\014\013\111\132\105\116\120\105
-\040\123\056\101\056\061\023\060\021\006\003\125\004\003\014\012
-\111\172\145\156\160\145\056\143\157\155
-END
-CKA_SERIAL_NUMBER MULTILINE_OCTAL
-\002\017\006\350\106\047\057\037\012\217\321\204\134\343\151\366
-\325
-END
-CKA_VALUE MULTILINE_OCTAL
-\060\202\005\360\060\202\003\330\240\003\002\001\002\002\017\006
-\350\106\047\057\037\012\217\321\204\134\343\151\366\325\060\015
-\006\011\052\206\110\206\367\015\001\001\005\005\000\060\070\061
-\013\060\011\006\003\125\004\006\023\002\105\123\061\024\060\022
-\006\003\125\004\012\014\013\111\132\105\116\120\105\040\123\056
-\101\056\061\023\060\021\006\003\125\004\003\014\012\111\172\145
-\156\160\145\056\143\157\155\060\036\027\015\060\067\061\062\061
-\063\061\063\060\070\062\067\132\027\015\063\067\061\062\061\063
-\060\070\062\067\062\065\132\060\070\061\013\060\011\006\003\125
-\004\006\023\002\105\123\061\024\060\022\006\003\125\004\012\014
-\013\111\132\105\116\120\105\040\123\056\101\056\061\023\060\021
-\006\003\125\004\003\014\012\111\172\145\156\160\145\056\143\157
-\155\060\202\002\042\060\015\006\011\052\206\110\206\367\015\001
-\001\001\005\000\003\202\002\017\000\060\202\002\012\002\202\002
-\001\000\311\323\172\312\017\036\254\247\206\350\026\145\152\261
-\302\033\105\062\161\225\331\376\020\133\314\257\347\245\171\001
-\217\211\303\312\362\125\161\367\167\276\167\224\363\162\244\054
-\104\330\236\222\233\024\072\241\347\044\220\012\012\126\216\305
-\330\046\224\341\331\110\341\055\076\332\012\162\335\243\231\025
-\332\201\242\207\364\173\156\046\167\211\130\255\326\353\014\262
-\101\172\163\156\155\333\172\170\101\351\010\210\022\176\207\056
-\146\021\143\154\124\373\074\235\162\300\274\056\377\302\267\335
-\015\166\343\072\327\367\264\150\276\242\365\343\201\156\301\106
-\157\135\215\340\115\306\124\125\211\032\063\061\012\261\127\271
-\243\212\230\303\354\073\064\305\225\101\151\176\165\302\074\040
-\305\141\272\121\107\240\040\220\223\241\220\113\363\116\174\205
-\105\124\232\321\005\046\101\260\265\115\035\063\276\304\003\310
-\045\174\301\160\333\073\364\011\055\124\047\110\254\057\341\304
-\254\076\310\313\222\114\123\071\067\043\354\323\001\371\340\011
-\104\115\115\144\300\341\015\132\207\042\274\255\033\243\376\046
-\265\025\363\247\374\204\031\351\354\241\210\264\104\151\204\203
-\363\211\321\164\006\251\314\013\326\302\336\047\205\120\046\312
-\027\270\311\172\207\126\054\032\001\036\154\276\023\255\020\254
-\265\044\365\070\221\241\326\113\332\361\273\322\336\107\265\361
-\274\201\366\131\153\317\031\123\351\215\025\313\112\313\251\157
-\104\345\033\101\317\341\206\247\312\320\152\237\274\114\215\006
-\063\132\242\205\345\220\065\240\142\134\026\116\360\343\242\372
-\003\032\264\054\161\263\130\054\336\173\013\333\032\017\353\336
-\041\037\006\167\006\003\260\311\357\231\374\300\271\117\013\206
-\050\376\322\271\352\343\332\245\303\107\151\022\340\333\360\366
-\031\213\355\173\160\327\002\326\355\207\030\050\054\004\044\114
-\167\344\110\212\032\306\073\232\324\017\312\372\165\322\001\100
-\132\215\171\277\213\317\113\317\252\026\301\225\344\255\114\212
-\076\027\221\324\261\142\345\202\345\200\004\244\003\176\215\277
-\332\177\242\017\227\117\014\323\015\373\327\321\345\162\176\034
-\310\167\377\133\232\017\267\256\005\106\345\361\250\026\354\107
-\244\027\002\003\001\000\001\243\201\366\060\201\363\060\201\260
-\006\003\125\035\021\004\201\250\060\201\245\201\017\151\156\146
-\157\100\151\172\145\156\160\145\056\143\157\155\244\201\221\060
-\201\216\061\107\060\105\006\003\125\004\012\014\076\111\132\105
-\116\120\105\040\123\056\101\056\040\055\040\103\111\106\040\101
-\060\061\063\063\067\062\066\060\055\122\115\145\162\143\056\126
-\151\164\157\162\151\141\055\107\141\163\164\145\151\172\040\124
-\061\060\065\065\040\106\066\062\040\123\070\061\103\060\101\006
-\003\125\004\011\014\072\101\166\144\141\040\144\145\154\040\115
-\145\144\151\164\145\162\162\141\156\145\157\040\105\164\157\162
-\142\151\144\145\141\040\061\064\040\055\040\060\061\060\061\060
-\040\126\151\164\157\162\151\141\055\107\141\163\164\145\151\172
-\060\017\006\003\125\035\023\001\001\377\004\005\060\003\001\001
-\377\060\016\006\003\125\035\017\001\001\377\004\004\003\002\001
-\006\060\035\006\003\125\035\016\004\026\004\024\035\034\145\016
-\250\362\045\173\264\221\317\344\261\261\346\275\125\164\154\005
-\060\015\006\011\052\206\110\206\367\015\001\001\005\005\000\003
-\202\002\001\000\307\201\106\157\041\030\117\240\005\357\347\325
-\272\227\120\242\140\355\245\222\024\032\122\233\371\361\210\112
-\240\334\170\165\321\325\037\225\116\305\347\267\151\346\042\364
-\370\051\250\052\211\276\317\317\166\217\343\061\163\235\046\323
-\034\033\107\026\051\007\150\204\212\322\373\261\033\044\076\322
-\230\030\054\044\216\257\366\173\352\104\026\033\052\304\372\240
-\227\351\352\154\130\244\357\165\253\000\142\321\235\355\023\066
-\333\042\013\266\360\321\364\156\173\106\207\302\235\274\275\276
-\102\073\267\163\320\232\052\074\264\133\022\026\000\257\031\071
-\215\255\203\120\034\310\201\117\275\002\017\075\236\065\226\356
-\357\344\302\003\174\051\034\002\176\275\064\047\136\257\123\326
-\235\027\277\127\154\351\320\203\020\257\277\135\115\357\220\173
-\135\053\254\354\352\175\000\046\027\314\002\134\143\327\031\030
-\247\354\053\307\212\076\130\016\212\207\346\203\237\116\262\064
-\036\254\124\011\117\035\002\013\071\176\201\010\025\271\240\151
-\023\310\062\053\343\255\154\023\326\203\235\043\055\262\155\242
-\210\206\176\250\015\001\046\011\100\331\355\050\116\214\223\044
-\017\333\361\036\115\172\172\132\342\245\130\361\334\217\137\231
-\202\014\056\317\262\335\230\314\222\224\077\371\011\263\245\226
-\045\133\067\365\022\205\101\342\031\114\306\212\010\301\334\030
-\172\017\036\077\202\131\242\232\076\077\371\340\011\237\375\301
-\221\113\135\311\173\326\266\211\374\337\035\174\206\252\315\003
-\362\013\122\222\361\142\157\177\207\352\253\166\311\154\120\302
-\031\202\257\252\035\365\040\050\150\056\325\374\144\067\117\317
-\245\104\304\276\162\264\214\164\264\154\247\372\362\275\164\070
-\103\053\336\257\371\334\330\340\235\237\334\075\312\245\143\104
-\277\222\242\117\114\200\034\273\032\303\232\112\004\125\115\312
-\356\046\013\034\277\002\305\144\323\236\176\322\323\221\034\113
-\242\365\034\345\027\034\015\014\122\243\221\037\234\360\041\355
-\002\224\157\251\240\111\312\350\103\214\304\364\064\332\174\042
-\243\306\146\076\270\033\005\210\135\272\274\367\274\345\334\024
-\075\247\206\250\266\131\122\041\003\136\213\343\004\355\113\052
-\036\243\117\120
-END
-CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
-CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE
-CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
-
-# Trust for "Izenpe.com"
-# Issuer: CN=Izenpe.com,O=IZENPE S.A.,C=ES
-# Serial Number:06:e8:46:27:2f:1f:0a:8f:d1:84:5c:e3:69:f6:d5
-# Subject: CN=Izenpe.com,O=IZENPE S.A.,C=ES
-# Not Valid Before: Thu Dec 13 13:08:27 2007
-# Not Valid After : Sun Dec 13 08:27:25 2037
-# Fingerprint (SHA-256): 23:80:42:03:CA:45:D8:CD:E7:16:B8:C1:3B:F3:B4:48:45:7F:A0:6C:C1:02:50:99:7F:A0:14:58:31:7C:41:E5
-# Fingerprint (SHA1): 30:77:9E:93:15:02:2E:94:85:6A:3F:F8:BC:F8:15:B0:82:F9:AE:FD
-CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
-CKA_TOKEN CK_BBOOL CK_TRUE
-CKA_PRIVATE CK_BBOOL CK_FALSE
-CKA_MODIFIABLE CK_BBOOL CK_FALSE
-CKA_LABEL UTF8 "Izenpe.com"
-CKA_CERT_SHA1_HASH MULTILINE_OCTAL
-\060\167\236\223\025\002\056\224\205\152\077\370\274\370\025\260
-\202\371\256\375
-END
-CKA_CERT_MD5_HASH MULTILINE_OCTAL
-\207\024\253\203\304\004\033\361\223\307\120\342\327\041\353\357
-END
-CKA_ISSUER MULTILINE_OCTAL
-\060\070\061\013\060\011\006\003\125\004\006\023\002\105\123\061
-\024\060\022\006\003\125\004\012\014\013\111\132\105\116\120\105
-\040\123\056\101\056\061\023\060\021\006\003\125\004\003\014\012
-\111\172\145\156\160\145\056\143\157\155
-END
-CKA_SERIAL_NUMBER MULTILINE_OCTAL
-\002\017\006\350\106\047\057\037\012\217\321\204\134\343\151\366
-\325
-END
-CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
-CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
-CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
-CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
-
-
 #
 # Certificate "GlobalSign Root CA - R1"
 #
@@ -18724,143 +17316,6 @@ CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
 CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
 
 
-#
-# Certificate "GeoTrust"
-#
-# Issuer: CN=GeoTrust Primary Certification Authority,O=GeoTrust Inc.,C=US
-# Serial Number:18:ac:b5:6a:fd:69:b6:15:3a:63:6c:af:da:fa:c4:a1
-# Subject: CN=GeoTrust Primary Certification Authority,O=GeoTrust Inc.,C=US
-# Not Valid Before: Mon Nov 27 00:00:00 2006
-# Not Valid After : Wed Jul 16 23:59:59 2036
-# Fingerprint (SHA-256): 37:D5:10:06:C5:12:EA:AB:62:64:21:F1:EC:8C:92:01:3F:C5:F8:2A:E9:8E:E5:33:EB:46:19:B8:DE:B4:D0:6C
-# Fingerprint (SHA1): 32:3C:11:8E:1B:F7:B8:B6:52:54:E2:E2:10:0D:D6:02:90:37:F0:96
-CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
-CKA_TOKEN CK_BBOOL CK_TRUE
-CKA_PRIVATE CK_BBOOL CK_FALSE
-CKA_MODIFIABLE CK_BBOOL CK_FALSE
-CKA_LABEL UTF8 "GeoTrust"
-CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
-CKA_SUBJECT MULTILINE_OCTAL
-\060\130\061\013\060\011\006\003\125\004\006\023\002\125\123\061
-\026\060\024\006\003\125\004\012\023\015\107\145\157\124\162\165
-\163\164\040\111\156\143\056\061\061\060\057\006\003\125\004\003
-\023\050\107\145\157\124\162\165\163\164\040\120\162\151\155\141
-\162\171\040\103\145\162\164\151\146\151\143\141\164\151\157\156
-\040\101\165\164\150\157\162\151\164\171
-END
-CKA_ID UTF8 "0"
-CKA_ISSUER MULTILINE_OCTAL
-\060\130\061\013\060\011\006\003\125\004\006\023\002\125\123\061
-\026\060\024\006\003\125\004\012\023\015\107\145\157\124\162\165
-\163\164\040\111\156\143\056\061\061\060\057\006\003\125\004\003
-\023\050\107\145\157\124\162\165\163\164\040\120\162\151\155\141
-\162\171\040\103\145\162\164\151\146\151\143\141\164\151\157\156
-\040\101\165\164\150\157\162\151\164\171
-END
-CKA_SERIAL_NUMBER MULTILINE_OCTAL
-\002\020\030\254\265\152\375\151\266\025\072\143\154\257\332\372
-\304\241
-END
-CKA_VALUE MULTILINE_OCTAL
-\060\202\003\174\060\202\002\144\240\003\002\001\002\002\020\030
-\254\265\152\375\151\266\025\072\143\154\257\332\372\304\241\060
-\015\006\011\052\206\110\206\367\015\001\001\005\005\000\060\130
-\061\013\060\011\006\003\125\004\006\023\002\125\123\061\026\060
-\024\006\003\125\004\012\023\015\107\145\157\124\162\165\163\164
-\040\111\156\143\056\061\061\060\057\006\003\125\004\003\023\050
-\107\145\157\124\162\165\163\164\040\120\162\151\155\141\162\171
-\040\103\145\162\164\151\146\151\143\141\164\151\157\156\040\101
-\165\164\150\157\162\151\164\171\060\036\027\015\060\066\061\061
-\062\067\060\060\060\060\060\060\132\027\015\063\066\060\067\061
-\066\062\063\065\071\065\071\132\060\130\061\013\060\011\006\003
-\125\004\006\023\002\125\123\061\026\060\024\006\003\125\004\012
-\023\015\107\145\157\124\162\165\163\164\040\111\156\143\056\061
-\061\060\057\006\003\125\004\003\023\050\107\145\157\124\162\165
-\163\164\040\120\162\151\155\141\162\171\040\103\145\162\164\151
-\146\151\143\141\164\151\157\156\040\101\165\164\150\157\162\151
-\164\171\060\202\001\042\060\015\006\011\052\206\110\206\367\015
-\001\001\001\005\000\003\202\001\017\000\060\202\001\012\002\202
-\001\001\000\276\270\025\173\377\324\174\175\147\255\203\144\173
-\310\102\123\055\337\366\204\010\040\141\326\001\131\152\234\104
-\021\257\357\166\375\225\176\316\141\060\273\172\203\137\002\275
-\001\146\312\356\025\215\157\241\060\234\275\241\205\236\224\072
-\363\126\210\000\061\317\330\356\152\226\002\331\355\003\214\373
-\165\155\347\352\270\125\026\005\026\232\364\340\136\261\210\300
-\144\205\134\025\115\210\307\267\272\340\165\351\255\005\075\235
-\307\211\110\340\273\050\310\003\341\060\223\144\136\122\300\131
-\160\042\065\127\210\212\361\225\012\203\327\274\061\163\001\064
-\355\357\106\161\340\153\002\250\065\162\153\227\233\146\340\313
-\034\171\137\330\032\004\150\036\107\002\346\235\140\342\066\227
-\001\337\316\065\222\337\276\147\307\155\167\131\073\217\235\326
-\220\025\224\274\102\064\020\301\071\371\261\047\076\176\326\212
-\165\305\262\257\226\323\242\336\233\344\230\276\175\341\351\201
-\255\266\157\374\327\016\332\340\064\260\015\032\167\347\343\010
-\230\357\130\372\234\204\267\066\257\302\337\254\322\364\020\006
-\160\161\065\002\003\001\000\001\243\102\060\100\060\017\006\003
-\125\035\023\001\001\377\004\005\060\003\001\001\377\060\016\006
-\003\125\035\017\001\001\377\004\004\003\002\001\006\060\035\006
-\003\125\035\016\004\026\004\024\054\325\120\101\227\025\213\360
-\217\066\141\133\112\373\153\331\231\311\063\222\060\015\006\011
-\052\206\110\206\367\015\001\001\005\005\000\003\202\001\001\000
-\132\160\177\054\335\267\064\117\365\206\121\251\046\276\113\270
-\252\361\161\015\334\141\307\240\352\064\036\172\167\017\004\065
-\350\047\217\154\220\277\221\026\044\106\076\112\116\316\053\026
-\325\013\122\035\374\037\147\242\002\105\061\117\316\363\372\003
-\247\171\235\123\152\331\332\143\072\370\200\327\323\231\341\245
-\341\276\324\125\161\230\065\072\276\223\352\256\255\102\262\220
-\157\340\374\041\115\065\143\063\211\111\326\233\116\312\307\347
-\116\011\000\367\332\307\357\231\142\231\167\266\225\042\136\212
-\240\253\364\270\170\230\312\070\031\231\311\162\236\170\315\113
-\254\257\031\240\163\022\055\374\302\101\272\201\221\332\026\132
-\061\267\371\264\161\200\022\110\231\162\163\132\131\123\301\143
-\122\063\355\247\311\322\071\002\160\372\340\261\102\146\051\252
-\233\121\355\060\124\042\024\137\331\253\035\301\344\224\360\370
-\365\053\367\352\312\170\106\326\270\221\375\246\015\053\032\024
-\001\076\200\360\102\240\225\007\136\155\315\314\113\244\105\215
-\253\022\350\263\336\132\345\240\174\350\017\042\035\132\351\131
-END
-CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
-CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE
-CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
-
-# Trust for "GeoTrust"
-# Issuer: CN=GeoTrust Primary Certification Authority,O=GeoTrust Inc.,C=US
-# Serial Number:18:ac:b5:6a:fd:69:b6:15:3a:63:6c:af:da:fa:c4:a1
-# Subject: CN=GeoTrust Primary Certification Authority,O=GeoTrust Inc.,C=US
-# Not Valid Before: Mon Nov 27 00:00:00 2006
-# Not Valid After : Wed Jul 16 23:59:59 2036
-# Fingerprint (SHA-256): 37:D5:10:06:C5:12:EA:AB:62:64:21:F1:EC:8C:92:01:3F:C5:F8:2A:E9:8E:E5:33:EB:46:19:B8:DE:B4:D0:6C
-# Fingerprint (SHA1): 32:3C:11:8E:1B:F7:B8:B6:52:54:E2:E2:10:0D:D6:02:90:37:F0:96
-CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
-CKA_TOKEN CK_BBOOL CK_TRUE
-CKA_PRIVATE CK_BBOOL CK_FALSE
-CKA_MODIFIABLE CK_BBOOL CK_FALSE
-CKA_LABEL UTF8 "GeoTrust"
-CKA_CERT_SHA1_HASH MULTILINE_OCTAL
-\062\074\021\216\033\367\270\266\122\124\342\342\020\015\326\002
-\220\067\360\226
-END
-CKA_CERT_MD5_HASH MULTILINE_OCTAL
-\002\046\303\001\136\010\060\067\103\251\320\175\317\067\346\277
-END
-CKA_ISSUER MULTILINE_OCTAL
-\060\130\061\013\060\011\006\003\125\004\006\023\002\125\123\061
-\026\060\024\006\003\125\004\012\023\015\107\145\157\124\162\165
-\163\164\040\111\156\143\056\061\061\060\057\006\003\125\004\003
-\023\050\107\145\157\124\162\165\163\164\040\120\162\151\155\141
-\162\171\040\103\145\162\164\151\146\151\143\141\164\151\157\156
-\040\101\165\164\150\157\162\151\164\171
-END
-CKA_SERIAL_NUMBER MULTILINE_OCTAL
-\002\020\030\254\265\152\375\151\266\025\072\143\154\257\332\372
-\304\241
-END
-CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
-CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
-CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
-CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
-
-
 #
 # Certificate "thawte"
 #
@@ -21696,134 +20151,6 @@ CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
 CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
 
 
-#
-# Certificate "Hongkong Post Root CA 1"
-#
-# Issuer: CN=Hongkong Post Root CA 1,O=Hongkong Post,C=HK
-# Serial Number: 1000 (0x3e8)
-# Subject: CN=Hongkong Post Root CA 1,O=Hongkong Post,C=HK
-# Not Valid Before: Thu May 15 05:13:14 2003
-# Not Valid After : Mon May 15 04:52:29 2023
-# Fingerprint (SHA-256): F9:E6:7D:33:6C:51:00:2A:C0:54:C6:32:02:2D:66:DD:A2:E7:E3:FF:F1:0A:D0:61:ED:31:D8:BB:B4:10:CF:B2
-# Fingerprint (SHA1): D6:DA:A8:20:8D:09:D2:15:4D:24:B5:2F:CB:34:6E:B2:58:B2:8A:58
-CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
-CKA_TOKEN CK_BBOOL CK_TRUE
-CKA_PRIVATE CK_BBOOL CK_FALSE
-CKA_MODIFIABLE CK_BBOOL CK_FALSE
-CKA_LABEL UTF8 "Hongkong Post Root CA 1"
-CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
-CKA_SUBJECT MULTILINE_OCTAL
-\060\107\061\013\060\011\006\003\125\004\006\023\002\110\113\061
-\026\060\024\006\003\125\004\012\023\015\110\157\156\147\153\157
-\156\147\040\120\157\163\164\061\040\060\036\006\003\125\004\003
-\023\027\110\157\156\147\153\157\156\147\040\120\157\163\164\040
-\122\157\157\164\040\103\101\040\061
-END
-CKA_ID UTF8 "0"
-CKA_ISSUER MULTILINE_OCTAL
-\060\107\061\013\060\011\006\003\125\004\006\023\002\110\113\061
-\026\060\024\006\003\125\004\012\023\015\110\157\156\147\153\157
-\156\147\040\120\157\163\164\061\040\060\036\006\003\125\004\003
-\023\027\110\157\156\147\153\157\156\147\040\120\157\163\164\040
-\122\157\157\164\040\103\101\040\061
-END
-CKA_SERIAL_NUMBER MULTILINE_OCTAL
-\002\002\003\350
-END
-CKA_VALUE MULTILINE_OCTAL
-\060\202\003\060\060\202\002\030\240\003\002\001\002\002\002\003
-\350\060\015\006\011\052\206\110\206\367\015\001\001\005\005\000
-\060\107\061\013\060\011\006\003\125\004\006\023\002\110\113\061
-\026\060\024\006\003\125\004\012\023\015\110\157\156\147\153\157
-\156\147\040\120\157\163\164\061\040\060\036\006\003\125\004\003
-\023\027\110\157\156\147\153\157\156\147\040\120\157\163\164\040
-\122\157\157\164\040\103\101\040\061\060\036\027\015\060\063\060
-\065\061\065\060\065\061\063\061\064\132\027\015\062\063\060\065
-\061\065\060\064\065\062\062\071\132\060\107\061\013\060\011\006
-\003\125\004\006\023\002\110\113\061\026\060\024\006\003\125\004
-\012\023\015\110\157\156\147\153\157\156\147\040\120\157\163\164
-\061\040\060\036\006\003\125\004\003\023\027\110\157\156\147\153
-\157\156\147\040\120\157\163\164\040\122\157\157\164\040\103\101
-\040\061\060\202\001\042\060\015\006\011\052\206\110\206\367\015
-\001\001\001\005\000\003\202\001\017\000\060\202\001\012\002\202
-\001\001\000\254\377\070\266\351\146\002\111\343\242\264\341\220
-\371\100\217\171\371\342\275\171\376\002\275\356\044\222\035\042
-\366\332\205\162\151\376\327\077\011\324\335\221\265\002\234\320
-\215\132\341\125\303\120\206\271\051\046\302\343\331\240\361\151
-\003\050\040\200\105\042\055\126\247\073\124\225\126\042\131\037
-\050\337\037\040\075\155\242\066\276\043\240\261\156\265\261\047
-\077\071\123\011\352\253\152\350\164\262\302\145\134\216\277\174
-\303\170\204\315\236\026\374\365\056\117\040\052\010\237\167\363
-\305\036\304\232\122\146\036\110\136\343\020\006\217\042\230\341
-\145\216\033\135\043\146\073\270\245\062\121\310\206\252\241\251
-\236\177\166\224\302\246\154\267\101\360\325\310\006\070\346\324
-\014\342\363\073\114\155\120\214\304\203\047\301\023\204\131\075
-\236\165\164\266\330\002\136\072\220\172\300\102\066\162\354\152
-\115\334\357\304\000\337\023\030\127\137\046\170\310\326\012\171
-\167\277\367\257\267\166\271\245\013\204\027\135\020\352\157\341
-\253\225\021\137\155\074\243\134\115\203\133\362\263\031\212\200
-\213\013\207\002\003\001\000\001\243\046\060\044\060\022\006\003
-\125\035\023\001\001\377\004\010\060\006\001\001\377\002\001\003
-\060\016\006\003\125\035\017\001\001\377\004\004\003\002\001\306
-\060\015\006\011\052\206\110\206\367\015\001\001\005\005\000\003
-\202\001\001\000\016\106\325\074\256\342\207\331\136\201\213\002
-\230\101\010\214\114\274\332\333\356\047\033\202\347\152\105\354
-\026\213\117\205\240\363\262\160\275\132\226\272\312\156\155\356
-\106\213\156\347\052\056\226\263\031\063\353\264\237\250\262\067
-\356\230\250\227\266\056\266\147\047\324\246\111\375\034\223\145
-\166\236\102\057\334\042\154\232\117\362\132\025\071\261\161\327
-\053\121\350\155\034\230\300\331\052\364\241\202\173\325\311\101
-\242\043\001\164\070\125\213\017\271\056\147\242\040\004\067\332
-\234\013\323\027\041\340\217\227\171\064\157\204\110\002\040\063
-\033\346\064\104\237\221\160\364\200\136\204\103\302\051\322\154
-\022\024\344\141\215\254\020\220\236\204\120\273\360\226\157\105
-\237\212\363\312\154\117\372\021\072\025\025\106\303\315\037\203
-\133\055\101\022\355\120\147\101\023\075\041\253\224\212\252\116
-\174\301\261\373\247\326\265\047\057\227\253\156\340\035\342\321
-\034\054\037\104\342\374\276\221\241\234\373\326\051\123\163\206
-\237\123\330\103\016\135\326\143\202\161\035\200\164\312\366\342
-\002\153\331\132
-END
-CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
-CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE
-CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
-
-# Trust for "Hongkong Post Root CA 1"
-# Issuer: CN=Hongkong Post Root CA 1,O=Hongkong Post,C=HK
-# Serial Number: 1000 (0x3e8)
-# Subject: CN=Hongkong Post Root CA 1,O=Hongkong Post,C=HK
-# Not Valid Before: Thu May 15 05:13:14 2003
-# Not Valid After : Mon May 15 04:52:29 2023
-# Fingerprint (SHA-256): F9:E6:7D:33:6C:51:00:2A:C0:54:C6:32:02:2D:66:DD:A2:E7:E3:FF:F1:0A:D0:61:ED:31:D8:BB:B4:10:CF:B2
-# Fingerprint (SHA1): D6:DA:A8:20:8D:09:D2:15:4D:24:B5:2F:CB:34:6E:B2:58:B2:8A:58
-CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
-CKA_TOKEN CK_BBOOL CK_TRUE
-CKA_PRIVATE CK_BBOOL CK_FALSE
-CKA_MODIFIABLE CK_BBOOL CK_FALSE
-CKA_LABEL UTF8 "Hongkong Post Root CA 1"
-CKA_CERT_SHA1_HASH MULTILINE_OCTAL
-\326\332\250\040\215\011\322\025\115\044\265\057\313\064\156\262
-\130\262\212\130
-END
-CKA_CERT_MD5_HASH MULTILINE_OCTAL
-\250\015\157\071\170\271\103\155\167\102\155\230\132\314\043\312
-END
-CKA_ISSUER MULTILINE_OCTAL
-\060\107\061\013\060\011\006\003\125\004\006\023\002\110\113\061
-\026\060\024\006\003\125\004\012\023\015\110\157\156\147\153\157
-\156\147\040\120\157\163\164\061\040\060\036\006\003\125\004\003
-\023\027\110\157\156\147\153\157\156\147\040\120\157\163\164\040
-\122\157\157\164\040\103\101\040\061
-END
-CKA_SERIAL_NUMBER MULTILINE_OCTAL
-\002\002\003\350
-END
-CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
-CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
-CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
-CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
-
-
 #
 # Certificate "Trustis FPS Root CA"
 #
@@ -22857,174 +21184,6 @@ CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
 CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
 
 
-#
-# Certificate "VeriSign"
-#
-# Issuer: CN=VeriSign Class 3 Public Primary Certification Authority - G3,OU="(c) 1999 VeriSign, Inc. - For authorized use only",OU=VeriSign Trust Network,O="VeriSign, Inc.",C=US
-# Serial Number:00:9b:7e:06:49:a3:3e:62:b9:d5:ee:90:48:71:29:ef:57
-# Subject: CN=VeriSign Class 3 Public Primary Certification Authority - G3,OU="(c) 1999 VeriSign, Inc. - For authorized use only",OU=VeriSign Trust Network,O="VeriSign, Inc.",C=US
-# Not Valid Before: Fri Oct 01 00:00:00 1999
-# Not Valid After : Wed Jul 16 23:59:59 2036
-# Fingerprint (SHA-256): EB:04:CF:5E:B1:F3:9A:FA:76:2F:2B:B1:20:F2:96:CB:A5:20:C1:B9:7D:B1:58:95:65:B8:1C:B9:A1:7B:72:44
-# Fingerprint (SHA1): 13:2D:0D:45:53:4B:69:97:CD:B2:D5:C3:39:E2:55:76:60:9B:5C:C6
-CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
-CKA_TOKEN CK_BBOOL CK_TRUE
-CKA_PRIVATE CK_BBOOL CK_FALSE
-CKA_MODIFIABLE CK_BBOOL CK_FALSE
-CKA_LABEL UTF8 "VeriSign"
-CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
-CKA_SUBJECT MULTILINE_OCTAL
-\060\201\312\061\013\060\011\006\003\125\004\006\023\002\125\123
-\061\027\060\025\006\003\125\004\012\023\016\126\145\162\151\123
-\151\147\156\054\040\111\156\143\056\061\037\060\035\006\003\125
-\004\013\023\026\126\145\162\151\123\151\147\156\040\124\162\165
-\163\164\040\116\145\164\167\157\162\153\061\072\060\070\006\003
-\125\004\013\023\061\050\143\051\040\061\071\071\071\040\126\145
-\162\151\123\151\147\156\054\040\111\156\143\056\040\055\040\106
-\157\162\040\141\165\164\150\157\162\151\172\145\144\040\165\163
-\145\040\157\156\154\171\061\105\060\103\006\003\125\004\003\023
-\074\126\145\162\151\123\151\147\156\040\103\154\141\163\163\040
-\063\040\120\165\142\154\151\143\040\120\162\151\155\141\162\171
-\040\103\145\162\164\151\146\151\143\141\164\151\157\156\040\101
-\165\164\150\157\162\151\164\171\040\055\040\107\063
-END
-CKA_ID UTF8 "0"
-CKA_ISSUER MULTILINE_OCTAL
-\060\201\312\061\013\060\011\006\003\125\004\006\023\002\125\123
-\061\027\060\025\006\003\125\004\012\023\016\126\145\162\151\123
-\151\147\156\054\040\111\156\143\056\061\037\060\035\006\003\125
-\004\013\023\026\126\145\162\151\123\151\147\156\040\124\162\165
-\163\164\040\116\145\164\167\157\162\153\061\072\060\070\006\003
-\125\004\013\023\061\050\143\051\040\061\071\071\071\040\126\145
-\162\151\123\151\147\156\054\040\111\156\143\056\040\055\040\106
-\157\162\040\141\165\164\150\157\162\151\172\145\144\040\165\163
-\145\040\157\156\154\171\061\105\060\103\006\003\125\004\003\023
-\074\126\145\162\151\123\151\147\156\040\103\154\141\163\163\040
-\063\040\120\165\142\154\151\143\040\120\162\151\155\141\162\171
-\040\103\145\162\164\151\146\151\143\141\164\151\157\156\040\101
-\165\164\150\157\162\151\164\171\040\055\040\107\063
-END
-CKA_SERIAL_NUMBER MULTILINE_OCTAL
-\002\021\000\233\176\006\111\243\076\142\271\325\356\220\110\161
-\051\357\127
-END
-CKA_VALUE MULTILINE_OCTAL
-\060\202\004\032\060\202\003\002\002\021\000\233\176\006\111\243
-\076\142\271\325\356\220\110\161\051\357\127\060\015\006\011\052
-\206\110\206\367\015\001\001\005\005\000\060\201\312\061\013\060
-\011\006\003\125\004\006\023\002\125\123\061\027\060\025\006\003
-\125\004\012\023\016\126\145\162\151\123\151\147\156\054\040\111
-\156\143\056\061\037\060\035\006\003\125\004\013\023\026\126\145
-\162\151\123\151\147\156\040\124\162\165\163\164\040\116\145\164
-\167\157\162\153\061\072\060\070\006\003\125\004\013\023\061\050
-\143\051\040\061\071\071\071\040\126\145\162\151\123\151\147\156
-\054\040\111\156\143\056\040\055\040\106\157\162\040\141\165\164
-\150\157\162\151\172\145\144\040\165\163\145\040\157\156\154\171
-\061\105\060\103\006\003\125\004\003\023\074\126\145\162\151\123
-\151\147\156\040\103\154\141\163\163\040\063\040\120\165\142\154
-\151\143\040\120\162\151\155\141\162\171\040\103\145\162\164\151
-\146\151\143\141\164\151\157\156\040\101\165\164\150\157\162\151
-\164\171\040\055\040\107\063\060\036\027\015\071\071\061\060\060
-\061\060\060\060\060\060\060\132\027\015\063\066\060\067\061\066
-\062\063\065\071\065\071\132\060\201\312\061\013\060\011\006\003
-\125\004\006\023\002\125\123\061\027\060\025\006\003\125\004\012
-\023\016\126\145\162\151\123\151\147\156\054\040\111\156\143\056
-\061\037\060\035\006\003\125\004\013\023\026\126\145\162\151\123
-\151\147\156\040\124\162\165\163\164\040\116\145\164\167\157\162
-\153\061\072\060\070\006\003\125\004\013\023\061\050\143\051\040
-\061\071\071\071\040\126\145\162\151\123\151\147\156\054\040\111
-\156\143\056\040\055\040\106\157\162\040\141\165\164\150\157\162
-\151\172\145\144\040\165\163\145\040\157\156\154\171\061\105\060
-\103\006\003\125\004\003\023\074\126\145\162\151\123\151\147\156
-\040\103\154\141\163\163\040\063\040\120\165\142\154\151\143\040
-\120\162\151\155\141\162\171\040\103\145\162\164\151\146\151\143
-\141\164\151\157\156\040\101\165\164\150\157\162\151\164\171\040
-\055\040\107\063\060\202\001\042\060\015\006\011\052\206\110\206
-\367\015\001\001\001\005\000\003\202\001\017\000\060\202\001\012
-\002\202\001\001\000\313\272\234\122\374\170\037\032\036\157\033
-\067\163\275\370\311\153\224\022\060\117\360\066\107\365\320\221
-\012\365\027\310\245\141\301\026\100\115\373\212\141\220\345\166
-\040\301\021\006\175\253\054\156\246\365\021\101\216\372\055\255
-\052\141\131\244\147\046\114\320\350\274\122\133\160\040\004\130
-\321\172\311\244\151\274\203\027\144\255\005\213\274\320\130\316
-\215\214\365\353\360\102\111\013\235\227\047\147\062\156\341\256
-\223\025\034\160\274\040\115\057\030\336\222\210\350\154\205\127
-\021\032\351\176\343\046\021\124\242\105\226\125\203\312\060\211
-\350\334\330\243\355\052\200\077\177\171\145\127\076\025\040\146
-\010\057\225\223\277\252\107\057\250\106\227\360\022\342\376\302
-\012\053\121\346\166\346\267\106\267\342\015\246\314\250\303\114
-\131\125\211\346\350\123\134\034\352\235\360\142\026\013\247\311
-\137\014\360\336\302\166\316\257\367\152\362\372\101\246\242\063
-\024\311\345\172\143\323\236\142\067\325\205\145\236\016\346\123
-\044\164\033\136\035\022\123\133\307\054\347\203\111\073\025\256
-\212\150\271\127\227\002\003\001\000\001\060\015\006\011\052\206
-\110\206\367\015\001\001\005\005\000\003\202\001\001\000\021\024
-\226\301\253\222\010\367\077\057\311\262\376\344\132\237\144\336
-\333\041\117\206\231\064\166\066\127\335\320\025\057\305\255\177
-\025\037\067\142\163\076\324\347\137\316\027\003\333\065\372\053
-\333\256\140\011\137\036\137\217\156\273\013\075\352\132\023\036
-\014\140\157\265\300\265\043\042\056\007\013\313\251\164\313\107
-\273\035\301\327\245\153\314\057\322\102\375\111\335\247\211\317
-\123\272\332\000\132\050\277\202\337\370\272\023\035\120\206\202
-\375\216\060\217\051\106\260\036\075\065\332\070\142\026\030\112
-\255\346\266\121\154\336\257\142\353\001\320\036\044\376\172\217
-\022\032\022\150\270\373\146\231\024\024\105\134\256\347\256\151
-\027\201\053\132\067\311\136\052\364\306\342\241\134\124\233\246
-\124\000\317\360\361\301\307\230\060\032\073\066\026\333\243\156
-\352\375\255\262\302\332\357\002\107\023\212\300\361\263\061\255
-\117\034\341\117\234\257\017\014\235\367\170\015\330\364\065\126
-\200\332\267\155\027\217\235\036\201\144\341\376\305\105\272\255
-\153\271\012\172\116\117\113\204\356\113\361\175\335\021
-END
-CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
-CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE
-CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
-
-# Trust for "VeriSign"
-# Issuer: CN=VeriSign Class 3 Public Primary Certification Authority - G3,OU="(c) 1999 VeriSign, Inc. - For authorized use only",OU=VeriSign Trust Network,O="VeriSign, Inc.",C=US
-# Serial Number:00:9b:7e:06:49:a3:3e:62:b9:d5:ee:90:48:71:29:ef:57
-# Subject: CN=VeriSign Class 3 Public Primary Certification Authority - G3,OU="(c) 1999 VeriSign, Inc. - For authorized use only",OU=VeriSign Trust Network,O="VeriSign, Inc.",C=US
-# Not Valid Before: Fri Oct 01 00:00:00 1999
-# Not Valid After : Wed Jul 16 23:59:59 2036
-# Fingerprint (SHA-256): EB:04:CF:5E:B1:F3:9A:FA:76:2F:2B:B1:20:F2:96:CB:A5:20:C1:B9:7D:B1:58:95:65:B8:1C:B9:A1:7B:72:44
-# Fingerprint (SHA1): 13:2D:0D:45:53:4B:69:97:CD:B2:D5:C3:39:E2:55:76:60:9B:5C:C6
-CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
-CKA_TOKEN CK_BBOOL CK_TRUE
-CKA_PRIVATE CK_BBOOL CK_FALSE
-CKA_MODIFIABLE CK_BBOOL CK_FALSE
-CKA_LABEL UTF8 "VeriSign"
-CKA_CERT_SHA1_HASH MULTILINE_OCTAL
-\023\055\015\105\123\113\151\227\315\262\325\303\071\342\125\166
-\140\233\134\306
-END
-CKA_CERT_MD5_HASH MULTILINE_OCTAL
-\315\150\266\247\307\304\316\165\340\035\117\127\104\141\222\011
-END
-CKA_ISSUER MULTILINE_OCTAL
-\060\201\312\061\013\060\011\006\003\125\004\006\023\002\125\123
-\061\027\060\025\006\003\125\004\012\023\016\126\145\162\151\123
-\151\147\156\054\040\111\156\143\056\061\037\060\035\006\003\125
-\004\013\023\026\126\145\162\151\123\151\147\156\040\124\162\165
-\163\164\040\116\145\164\167\157\162\153\061\072\060\070\006\003
-\125\004\013\023\061\050\143\051\040\061\071\071\071\040\126\145
-\162\151\123\151\147\156\054\040\111\156\143\056\040\055\040\106
-\157\162\040\141\165\164\150\157\162\151\172\145\144\040\165\163
-\145\040\157\156\154\171\061\105\060\103\006\003\125\004\003\023
-\074\126\145\162\151\123\151\147\156\040\103\154\141\163\163\040
-\063\040\120\165\142\154\151\143\040\120\162\151\155\141\162\171
-\040\103\145\162\164\151\146\151\143\141\164\151\157\156\040\101
-\165\164\150\157\162\151\164\171\040\055\040\107\063
-END
-CKA_SERIAL_NUMBER MULTILINE_OCTAL
-\002\021\000\233\176\006\111\243\076\142\271\325\356\220\110\161
-\051\357\127
-END
-CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
-CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
-CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
-CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
-
-
 #
 # Certificate "Microsoft Root Certificate Authority 2010"
 #
@@ -38882,3 +37041,580 @@ CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
 CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
 CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
 
+
+#
+# Certificate "e-Szigno TLS Root CA 2023"
+#
+# Issuer: CN=e-Szigno TLS Root CA 2023,OID.2.5.4.97=VATHU-23584497,O=Microsec Ltd.,L=Budapest,C=HU
+# Serial Number:00:e8:6f:18:7b:d6:39:6b:98:4a:49:98:0a
+# Subject: CN=e-Szigno TLS Root CA 2023,OID.2.5.4.97=VATHU-23584497,O=Microsec Ltd.,L=Budapest,C=HU
+# Not Valid Before: Mon Jul 17 14:00:00 2023
+# Not Valid After : Sat Jul 17 14:00:00 2038
+# Fingerprint (SHA-256): B4:91:41:50:2D:00:66:3D:74:0F:2E:7E:C3:40:C5:28:00:96:26:66:12:1A:36:D0:9C:F7:DD:2B:90:38:4F:B4
+# Fingerprint (SHA1): 6F:9A:D5:D5:DF:E8:2C:EB:BE:37:07:EE:4F:4F:52:58:29:41:D1:FE
+CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "e-Szigno TLS Root CA 2023"
+CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
+CKA_SUBJECT MULTILINE_OCTAL
+\060\165\061\013\060\011\006\003\125\004\006\023\002\110\125\061
+\021\060\017\006\003\125\004\007\014\010\102\165\144\141\160\145
+\163\164\061\026\060\024\006\003\125\004\012\014\015\115\151\143
+\162\157\163\145\143\040\114\164\144\056\061\027\060\025\006\003
+\125\004\141\014\016\126\101\124\110\125\055\062\063\065\070\064
+\064\071\067\061\042\060\040\006\003\125\004\003\014\031\145\055
+\123\172\151\147\156\157\040\124\114\123\040\122\157\157\164\040
+\103\101\040\062\060\062\063
+END
+CKA_ID UTF8 "0"
+CKA_ISSUER MULTILINE_OCTAL
+\060\165\061\013\060\011\006\003\125\004\006\023\002\110\125\061
+\021\060\017\006\003\125\004\007\014\010\102\165\144\141\160\145
+\163\164\061\026\060\024\006\003\125\004\012\014\015\115\151\143
+\162\157\163\145\143\040\114\164\144\056\061\027\060\025\006\003
+\125\004\141\014\016\126\101\124\110\125\055\062\063\065\070\064
+\064\071\067\061\042\060\040\006\003\125\004\003\014\031\145\055
+\123\172\151\147\156\157\040\124\114\123\040\122\157\157\164\040
+\103\101\040\062\060\062\063
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\015\000\350\157\030\173\326\071\153\230\112\111\230\012
+END
+CKA_VALUE MULTILINE_OCTAL
+\060\202\002\317\060\202\002\061\240\003\002\001\002\002\015\000
+\350\157\030\173\326\071\153\230\112\111\230\012\060\012\006\010
+\052\206\110\316\075\004\003\004\060\165\061\013\060\011\006\003
+\125\004\006\023\002\110\125\061\021\060\017\006\003\125\004\007
+\014\010\102\165\144\141\160\145\163\164\061\026\060\024\006\003
+\125\004\012\014\015\115\151\143\162\157\163\145\143\040\114\164
+\144\056\061\027\060\025\006\003\125\004\141\014\016\126\101\124
+\110\125\055\062\063\065\070\064\064\071\067\061\042\060\040\006
+\003\125\004\003\014\031\145\055\123\172\151\147\156\157\040\124
+\114\123\040\122\157\157\164\040\103\101\040\062\060\062\063\060
+\036\027\015\062\063\060\067\061\067\061\064\060\060\060\060\132
+\027\015\063\070\060\067\061\067\061\064\060\060\060\060\132\060
+\165\061\013\060\011\006\003\125\004\006\023\002\110\125\061\021
+\060\017\006\003\125\004\007\014\010\102\165\144\141\160\145\163
+\164\061\026\060\024\006\003\125\004\012\014\015\115\151\143\162
+\157\163\145\143\040\114\164\144\056\061\027\060\025\006\003\125
+\004\141\014\016\126\101\124\110\125\055\062\063\065\070\064\064
+\071\067\061\042\060\040\006\003\125\004\003\014\031\145\055\123
+\172\151\147\156\157\040\124\114\123\040\122\157\157\164\040\103
+\101\040\062\060\062\063\060\201\233\060\020\006\007\052\206\110
+\316\075\002\001\006\005\053\201\004\000\043\003\201\206\000\004
+\000\150\017\337\242\174\074\252\164\210\141\012\215\302\114\245
+\001\042\024\324\367\140\167\102\234\012\070\140\241\214\147\076
+\263\143\351\372\221\260\213\113\346\071\337\002\302\060\001\122
+\000\277\337\214\355\131\255\062\145\253\011\131\120\265\031\302
+\150\034\000\340\005\137\332\120\046\034\303\254\004\042\305\072
+\115\357\351\127\130\066\243\301\031\123\020\012\321\315\077\357
+\113\065\032\103\217\102\023\114\271\054\032\234\276\060\266\304
+\336\334\113\235\344\244\074\313\056\331\255\337\337\175\011\337
+\056\222\377\241\243\143\060\141\060\017\006\003\125\035\023\001
+\001\377\004\005\060\003\001\001\377\060\016\006\003\125\035\017
+\001\001\377\004\004\003\002\001\006\060\035\006\003\125\035\016
+\004\026\004\024\131\204\002\142\132\106\170\365\135\334\217\012
+\020\050\043\334\325\326\373\105\060\037\006\003\125\035\043\004
+\030\060\026\200\024\131\204\002\142\132\106\170\365\135\334\217
+\012\020\050\043\334\325\326\373\105\060\012\006\010\052\206\110
+\316\075\004\003\004\003\201\213\000\060\201\207\002\102\001\055
+\332\256\365\056\170\266\146\270\237\266\160\177\146\164\317\354
+\216\174\376\300\001\171\232\316\122\002\347\303\321\014\172\155
+\313\265\136\356\027\244\233\333\004\166\356\051\051\350\257\373
+\255\254\122\364\327\053\326\167\204\020\275\305\322\050\150\064
+\002\101\065\166\132\165\363\222\206\010\365\262\036\012\366\145
+\013\332\166\307\122\377\013\036\200\160\042\060\303\063\333\030
+\355\204\327\213\354\355\323\250\143\201\265\126\174\107\307\126
+\060\224\150\163\153\322\056\251\271\331\054\034\051\275\014\272
+\271\145\213
+END
+CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
+CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE
+CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
+
+# Trust for "e-Szigno TLS Root CA 2023"
+# Issuer: CN=e-Szigno TLS Root CA 2023,OID.2.5.4.97=VATHU-23584497,O=Microsec Ltd.,L=Budapest,C=HU
+# Serial Number:00:e8:6f:18:7b:d6:39:6b:98:4a:49:98:0a
+# Subject: CN=e-Szigno TLS Root CA 2023,OID.2.5.4.97=VATHU-23584497,O=Microsec Ltd.,L=Budapest,C=HU
+# Not Valid Before: Mon Jul 17 14:00:00 2023
+# Not Valid After : Sat Jul 17 14:00:00 2038
+# Fingerprint (SHA-256): B4:91:41:50:2D:00:66:3D:74:0F:2E:7E:C3:40:C5:28:00:96:26:66:12:1A:36:D0:9C:F7:DD:2B:90:38:4F:B4
+# Fingerprint (SHA1): 6F:9A:D5:D5:DF:E8:2C:EB:BE:37:07:EE:4F:4F:52:58:29:41:D1:FE
+CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "e-Szigno TLS Root CA 2023"
+CKA_CERT_SHA1_HASH MULTILINE_OCTAL
+\157\232\325\325\337\350\054\353\276\067\007\356\117\117\122\130
+\051\101\321\376
+END
+CKA_CERT_MD5_HASH MULTILINE_OCTAL
+\152\351\231\164\245\332\136\361\331\056\362\310\321\206\213\161
+END
+CKA_ISSUER MULTILINE_OCTAL
+\060\165\061\013\060\011\006\003\125\004\006\023\002\110\125\061
+\021\060\017\006\003\125\004\007\014\010\102\165\144\141\160\145
+\163\164\061\026\060\024\006\003\125\004\012\014\015\115\151\143
+\162\157\163\145\143\040\114\164\144\056\061\027\060\025\006\003
+\125\004\141\014\016\126\101\124\110\125\055\062\063\065\070\064
+\064\071\067\061\042\060\040\006\003\125\004\003\014\031\145\055
+\123\172\151\147\156\157\040\124\114\123\040\122\157\157\164\040
+\103\101\040\062\060\062\063
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\015\000\350\157\030\173\326\071\153\230\112\111\230\012
+END
+CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
+CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
+CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
+CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
+
+
+#
+# Certificate "CCA India 2022 SPL"
+#
+# Issuer: CN=CCA India 2022 SPL,O=India PKI,C=IN
+# Serial Number:62:82:81:c6:ee:be:c7:3f:78:08:7e:5f:f5:8f:49:f4
+# Subject: CN=CCA India 2022 SPL,O=India PKI,C=IN
+# Not Valid Before: Tue Sep 20 09:18:19 2022
+# Not Valid After : Sat Sep 20 09:18:19 2042
+# Fingerprint (SHA-256): B7:24:68:9B:79:B2:EF:94:21:EF:8F:5C:C7:33:EB:09:38:51:B1:70:EE:71:51:77:00:5A:09:F2:26:D8:C9:1A
+# Fingerprint (SHA1): 91:52:D0:77:FE:F0:58:91:40:09:BB:4C:0E:42:A7:10:A3:82:38:AF
+CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "CCA India 2022 SPL"
+CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
+CKA_SUBJECT MULTILINE_OCTAL
+\060\076\061\013\060\011\006\003\125\004\006\023\002\111\116\061
+\022\060\020\006\003\125\004\012\023\011\111\156\144\151\141\040
+\120\113\111\061\033\060\031\006\003\125\004\003\023\022\103\103
+\101\040\111\156\144\151\141\040\062\060\062\062\040\123\120\114
+END
+CKA_ID UTF8 "0"
+CKA_ISSUER MULTILINE_OCTAL
+\060\076\061\013\060\011\006\003\125\004\006\023\002\111\116\061
+\022\060\020\006\003\125\004\012\023\011\111\156\144\151\141\040
+\120\113\111\061\033\060\031\006\003\125\004\003\023\022\103\103
+\101\040\111\156\144\151\141\040\062\060\062\062\040\123\120\114
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\020\142\202\201\306\356\276\307\077\170\010\176\137\365\217
+\111\364
+END
+CKA_VALUE MULTILINE_OCTAL
+\060\202\005\074\060\202\003\044\240\003\002\001\002\002\020\142
+\202\201\306\356\276\307\077\170\010\176\137\365\217\111\364\060
+\015\006\011\052\206\110\206\367\015\001\001\013\005\000\060\076
+\061\013\060\011\006\003\125\004\006\023\002\111\116\061\022\060
+\020\006\003\125\004\012\023\011\111\156\144\151\141\040\120\113
+\111\061\033\060\031\006\003\125\004\003\023\022\103\103\101\040
+\111\156\144\151\141\040\062\060\062\062\040\123\120\114\060\036
+\027\015\062\062\060\071\062\060\060\071\061\070\061\071\132\027
+\015\064\062\060\071\062\060\060\071\061\070\061\071\132\060\076
+\061\013\060\011\006\003\125\004\006\023\002\111\116\061\022\060
+\020\006\003\125\004\012\023\011\111\156\144\151\141\040\120\113
+\111\061\033\060\031\006\003\125\004\003\023\022\103\103\101\040
+\111\156\144\151\141\040\062\060\062\062\040\123\120\114\060\202
+\002\042\060\015\006\011\052\206\110\206\367\015\001\001\001\005
+\000\003\202\002\017\000\060\202\002\012\002\202\002\001\000\314
+\003\357\225\047\021\027\067\347\050\316\160\100\021\375\035\317
+\357\003\006\077\122\244\104\006\241\350\143\306\200\347\017\345
+\230\020\020\027\235\252\166\226\036\162\023\277\360\226\221\324
+\103\270\111\347\202\154\250\260\131\100\151\014\322\231\067\345
+\271\057\275\307\366\300\001\222\164\255\012\106\051\115\170\120
+\346\125\327\156\250\005\011\122\131\215\170\275\056\174\213\237
+\261\040\104\272\303\226\050\256\225\275\001\361\211\235\052\243
+\052\036\251\137\202\246\160\346\360\215\210\023\105\201\111\266
+\250\265\173\106\131\054\201\054\320\302\020\175\345\104\017\106
+\100\063\231\345\113\134\362\312\021\331\205\160\155\004\242\160
+\152\062\000\055\117\210\366\241\354\266\072\235\220\233\006\067
+\072\336\275\266\164\117\202\233\124\306\172\241\033\321\225\035
+\204\171\164\347\125\252\020\145\327\232\324\015\177\053\135\064
+\377\225\164\245\065\236\266\004\161\016\101\170\143\032\130\016
+\133\036\103\266\021\031\135\043\221\171\346\225\364\352\025\061
+\302\062\367\364\176\211\125\176\177\320\217\233\006\043\354\146
+\040\251\171\255\240\052\214\315\006\017\214\005\142\352\310\025
+\063\025\025\141\055\367\102\074\036\255\233\321\012\036\012\345
+\077\252\354\132\270\340\147\221\134\104\111\236\254\046\054\354
+\162\030\171\351\242\043\105\016\341\177\053\252\232\033\117\172
+\313\356\145\200\054\035\251\227\041\132\005\330\224\131\155\153
+\363\267\231\100\061\036\141\146\257\072\023\110\115\203\134\337
+\121\106\334\251\374\014\003\105\334\210\115\171\211\224\017\061
+\273\374\315\127\310\154\234\250\031\227\033\273\125\125\167\263
+\073\121\233\201\363\064\111\211\144\124\124\103\070\076\256\365
+\067\364\225\035\114\176\072\311\244\300\176\045\322\011\226\051
+\214\063\221\272\054\150\232\357\355\315\226\131\174\110\235\003
+\205\156\075\025\322\245\054\037\166\211\173\216\242\116\042\300
+\374\362\024\250\074\021\254\177\366\043\175\117\023\032\165\214
+\133\244\251\036\074\277\103\244\277\362\231\033\351\030\071\017
+\152\352\352\120\376\373\262\153\101\360\231\137\355\274\174\110
+\037\103\131\130\325\252\310\057\172\143\176\015\227\315\153\002
+\003\001\000\001\243\066\060\064\060\017\006\003\125\035\023\001
+\001\377\004\005\060\003\001\001\377\060\021\006\003\125\035\016
+\004\012\004\010\110\022\214\235\274\063\241\352\060\016\006\003
+\125\035\017\001\001\377\004\004\003\002\001\006\060\015\006\011
+\052\206\110\206\367\015\001\001\013\005\000\003\202\002\001\000
+\066\057\367\122\133\237\005\076\042\036\140\067\066\122\045\215
+\062\046\106\044\342\326\301\006\300\231\016\053\346\146\111\302
+\115\263\074\007\330\377\204\106\134\175\166\102\115\263\372\030
+\041\244\257\025\161\361\240\345\354\115\154\344\061\246\164\356
+\361\345\037\235\306\262\303\330\036\076\071\030\103\172\331\114
+\141\335\266\232\212\125\237\072\230\345\107\132\103\313\265\350
+\223\104\247\371\273\345\112\223\344\333\334\202\321\076\376\315
+\107\257\355\345\205\142\212\274\336\356\364\374\103\110\212\014
+\117\362\064\376\310\336\365\365\260\215\345\366\366\174\352\035
+\074\073\205\204\313\010\207\220\277\307\075\373\001\201\024\000
+\005\002\265\052\320\306\210\352\074\110\152\375\164\014\247\207
+\246\334\234\120\174\014\067\054\317\366\030\173\033\211\307\243
+\351\104\041\075\077\215\142\053\216\376\167\371\245\105\055\320
+\057\004\244\066\217\040\012\167\363\241\271\001\102\271\355\363
+\061\123\050\115\016\331\227\321\331\223\275\202\220\027\234\151
+\230\107\234\114\352\216\223\263\271\340\260\170\255\041\333\262
+\057\300\100\373\261\313\235\244\343\347\143\271\245\351\361\005
+\166\221\327\145\167\025\317\304\331\156\250\253\220\164\313\172
+\227\300\071\100\134\312\346\235\000\251\016\107\351\271\271\115
+\124\052\101\022\173\026\230\333\045\104\165\147\025\001\340\214
+\352\236\205\136\121\136\104\301\036\154\306\351\246\103\336\110
+\125\017\061\020\075\232\033\024\114\351\071\261\271\306\067\144
+\325\221\047\324\245\305\014\241\010\063\331\264\252\274\154\221
+\356\300\031\365\111\370\347\273\060\217\001\004\022\174\342\215
+\323\057\167\326\003\217\134\021\253\353\154\253\177\063\253\222
+\032\023\235\025\060\305\336\006\205\163\333\375\201\237\303\053
+\247\311\015\355\162\044\254\053\242\363\010\334\226\161\275\004
+\035\122\157\010\327\076\021\076\357\061\072\030\250\176\240\204
+\131\271\255\221\221\251\223\246\074\036\373\152\022\212\021\225
+\025\340\373\245\043\041\374\370\062\306\015\145\305\045\103\052
+\366\301\167\023\153\006\232\055\330\344\015\337\237\203\220\005
+\066\173\022\114\265\106\000\277\067\117\127\037\135\331\351\150
+END
+CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
+CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE
+CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
+
+# Trust for "CCA India 2022 SPL"
+# Issuer: CN=CCA India 2022 SPL,O=India PKI,C=IN
+# Serial Number:62:82:81:c6:ee:be:c7:3f:78:08:7e:5f:f5:8f:49:f4
+# Subject: CN=CCA India 2022 SPL,O=India PKI,C=IN
+# Not Valid Before: Tue Sep 20 09:18:19 2022
+# Not Valid After : Sat Sep 20 09:18:19 2042
+# Fingerprint (SHA-256): B7:24:68:9B:79:B2:EF:94:21:EF:8F:5C:C7:33:EB:09:38:51:B1:70:EE:71:51:77:00:5A:09:F2:26:D8:C9:1A
+# Fingerprint (SHA1): 91:52:D0:77:FE:F0:58:91:40:09:BB:4C:0E:42:A7:10:A3:82:38:AF
+CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "CCA India 2022 SPL"
+CKA_CERT_SHA1_HASH MULTILINE_OCTAL
+\221\122\320\167\376\360\130\221\100\011\273\114\016\102\247\020
+\243\202\070\257
+END
+CKA_CERT_MD5_HASH MULTILINE_OCTAL
+\157\020\271\054\246\067\102\322\347\125\223\211\223\155\213\164
+END
+CKA_ISSUER MULTILINE_OCTAL
+\060\076\061\013\060\011\006\003\125\004\006\023\002\111\116\061
+\022\060\020\006\003\125\004\012\023\011\111\156\144\151\141\040
+\120\113\111\061\033\060\031\006\003\125\004\003\023\022\103\103
+\101\040\111\156\144\151\141\040\062\060\062\062\040\123\120\114
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\020\142\202\201\306\356\276\307\077\170\010\176\137\365\217
+\111\364
+END
+CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
+CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
+CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
+CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
+
+
+#
+# Certificate "QuoVadis TLS RSA 4096 Root G4"
+#
+# Issuer: CN=QuoVadis TLS RSA 4096 Root G4,O=QuoVadis Trustlink B.V.,C=NL
+# Serial Number:02:5f:e5:83:9f:b3:aa:bd:c3:72:1e:ed:69:9e:76:49:ff:66:34:fe
+# Subject: CN=QuoVadis TLS RSA 4096 Root G4,O=QuoVadis Trustlink B.V.,C=NL
+# Not Valid Before: Thu Mar 16 15:20:26 2023
+# Not Valid After : Mon Mar 09 15:20:25 2048
+# Fingerprint (SHA-256): C8:A2:D3:8A:24:F5:AC:30:2D:8A:08:EB:D3:89:23:D9:A7:50:B4:92:20:F0:92:E8:2D:1C:53:24:9E:15:33:D0
+# Fingerprint (SHA1): 20:AF:EA:8D:CB:03:1F:06:84:DF:8F:FD:25:98:C8:B7:96:7F:CD:3C
+CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "QuoVadis TLS RSA 4096 Root G4"
+CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
+CKA_SUBJECT MULTILINE_OCTAL
+\060\127\061\013\060\011\006\003\125\004\006\023\002\116\114\061
+\040\060\036\006\003\125\004\012\014\027\121\165\157\126\141\144
+\151\163\040\124\162\165\163\164\154\151\156\153\040\102\056\126
+\056\061\046\060\044\006\003\125\004\003\014\035\121\165\157\126
+\141\144\151\163\040\124\114\123\040\122\123\101\040\064\060\071
+\066\040\122\157\157\164\040\107\064
+END
+CKA_ID UTF8 "0"
+CKA_ISSUER MULTILINE_OCTAL
+\060\127\061\013\060\011\006\003\125\004\006\023\002\116\114\061
+\040\060\036\006\003\125\004\012\014\027\121\165\157\126\141\144
+\151\163\040\124\162\165\163\164\154\151\156\153\040\102\056\126
+\056\061\046\060\044\006\003\125\004\003\014\035\121\165\157\126
+\141\144\151\163\040\124\114\123\040\122\123\101\040\064\060\071
+\066\040\122\157\157\164\040\107\064
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\024\002\137\345\203\237\263\252\275\303\162\036\355\151\236
+\166\111\377\146\064\376
+END
+CKA_VALUE MULTILINE_OCTAL
+\060\202\005\176\060\202\003\146\240\003\002\001\002\002\024\002
+\137\345\203\237\263\252\275\303\162\036\355\151\236\166\111\377
+\146\064\376\060\015\006\011\052\206\110\206\367\015\001\001\014
+\005\000\060\127\061\013\060\011\006\003\125\004\006\023\002\116
+\114\061\040\060\036\006\003\125\004\012\014\027\121\165\157\126
+\141\144\151\163\040\124\162\165\163\164\154\151\156\153\040\102
+\056\126\056\061\046\060\044\006\003\125\004\003\014\035\121\165
+\157\126\141\144\151\163\040\124\114\123\040\122\123\101\040\064
+\060\071\066\040\122\157\157\164\040\107\064\060\036\027\015\062
+\063\060\063\061\066\061\065\062\060\062\066\132\027\015\064\070
+\060\063\060\071\061\065\062\060\062\065\132\060\127\061\013\060
+\011\006\003\125\004\006\023\002\116\114\061\040\060\036\006\003
+\125\004\012\014\027\121\165\157\126\141\144\151\163\040\124\162
+\165\163\164\154\151\156\153\040\102\056\126\056\061\046\060\044
+\006\003\125\004\003\014\035\121\165\157\126\141\144\151\163\040
+\124\114\123\040\122\123\101\040\064\060\071\066\040\122\157\157
+\164\040\107\064\060\202\002\042\060\015\006\011\052\206\110\206
+\367\015\001\001\001\005\000\003\202\002\017\000\060\202\002\012
+\002\202\002\001\000\310\056\107\125\304\337\157\163\155\206\310
+\045\024\062\067\245\130\030\050\315\274\336\062\140\357\051\100
+\223\113\251\114\036\361\366\243\213\370\345\022\003\005\170\107
+\070\064\156\330\314\340\255\126\226\023\274\355\354\100\340\253
+\264\077\340\011\063\052\314\061\057\351\005\045\261\332\366\254
+\351\056\137\101\074\122\142\112\041\254\077\225\340\027\061\145
+\111\030\131\033\356\010\372\325\061\114\077\301\343\006\067\010
+\024\062\310\077\251\112\007\057\212\206\162\122\173\123\171\206
+\045\325\217\232\174\015\277\066\043\272\210\361\356\037\130\057
+\151\354\106\224\072\102\255\342\157\030\264\060\374\010\306\207
+\256\362\261\107\261\072\267\301\262\244\175\116\012\303\150\075
+\256\014\367\315\365\101\376\213\132\216\274\210\050\311\115\014
+\127\055\317\176\330\105\111\165\325\362\237\363\346\137\114\057
+\210\214\352\351\336\016\342\137\066\313\331\220\022\116\023\176
+\131\142\357\137\114\336\172\320\221\244\054\024\227\312\155\021
+\254\264\310\170\331\312\060\216\246\303\330\215\321\150\145\134
+\005\014\057\252\362\252\120\360\370\153\170\013\124\147\110\277
+\043\315\360\344\372\125\241\272\056\367\050\122\317\211\021\245
+\023\115\136\271\141\264\260\021\377\307\122\317\373\154\343\162
+\236\101\155\172\060\040\142\367\307\006\040\202\160\322\362\250
+\200\302\323\227\221\374\364\025\314\072\231\276\206\226\126\065
+\307\004\166\317\315\011\115\024\347\011\144\066\202\204\361\263
+\060\117\101\331\016\225\112\012\252\204\255\201\251\015\224\225
+\052\201\127\157\135\261\142\013\311\352\066\307\101\061\302\375
+\150\376\367\075\035\267\117\105\131\257\240\130\331\306\331\142
+\317\022\127\344\357\015\247\262\273\137\344\313\051\232\034\261
+\061\013\015\321\171\277\363\072\372\222\211\104\115\011\346\102
+\161\326\105\257\126\357\021\316\147\250\030\036\246\170\141\241
+\347\041\104\260\273\045\177\032\154\170\166\021\145\012\360\323
+\044\125\313\276\250\261\172\356\235\334\073\126\146\240\375\142
+\266\173\030\135\050\123\320\175\315\032\031\157\035\201\124\236
+\322\120\201\300\337\101\330\316\310\160\013\155\256\344\232\266
+\055\225\170\211\253\002\003\001\000\001\243\102\060\100\060\017
+\006\003\125\035\023\001\001\377\004\005\060\003\001\001\377\060
+\035\006\003\125\035\016\004\026\004\024\340\335\224\170\261\230
+\221\115\301\315\005\317\270\334\107\117\375\142\123\172\060\016
+\006\003\125\035\017\001\001\377\004\004\003\002\001\206\060\015
+\006\011\052\206\110\206\367\015\001\001\014\005\000\003\202\002
+\001\000\271\177\375\344\014\372\220\045\332\346\216\337\341\251
+\121\137\262\374\133\170\300\374\111\217\250\321\003\110\376\016
+\055\156\134\141\325\140\254\030\310\345\277\231\046\342\146\206
+\066\252\267\157\266\243\014\167\201\032\272\054\262\376\016\264
+\375\317\252\044\302\241\230\273\357\252\043\170\264\032\151\333
+\203\263\233\133\200\111\207\327\131\047\051\105\345\045\043\115
+\062\114\163\005\205\205\325\203\025\013\246\060\156\013\012\133
+\137\252\203\056\063\037\273\163\022\251\132\222\135\224\261\156
+\162\041\061\061\065\340\374\173\004\032\364\217\102\222\261\362
+\013\033\260\034\277\142\235\232\175\370\340\077\200\234\154\230
+\107\200\363\011\342\003\151\163\154\371\022\272\052\163\363\154
+\061\335\262\342\322\277\326\307\310\152\343\373\342\242\112\021
+\121\266\037\203\307\077\345\336\020\253\103\326\367\075\353\260
+\260\253\023\147\036\055\322\221\320\272\043\265\332\236\366\035
+\337\144\116\250\332\220\304\052\217\202\235\017\001\114\006\276
+\041\326\071\106\303\041\020\101\262\133\273\357\211\132\035\026
+\042\244\323\250\321\077\263\013\051\276\333\106\250\050\361\177
+\040\063\163\154\046\274\132\135\372\346\114\301\062\205\011\110
+\214\061\302\075\227\110\026\250\032\052\327\010\115\215\323\222
+\246\066\147\214\003\063\303\212\213\170\225\132\316\210\154\154
+\021\360\175\301\050\234\040\125\023\223\377\100\043\034\256\331
+\346\104\312\021\343\317\326\337\065\135\045\077\015\101\104\221
+\017\317\316\251\310\067\050\042\126\222\306\103\046\151\324\076
+\210\227\132\317\373\344\042\245\272\370\024\035\123\072\174\334
+\273\247\147\235\227\211\240\010\115\247\230\010\010\045\125\372
+\227\122\202\352\121\126\173\201\300\226\174\055\074\367\067\060
+\276\223\311\061\113\334\102\035\263\325\364\264\106\172\350\105
+\017\275\106\327\112\345\366\217\257\146\340\064\225\056\321\223
+\175\027\142\103\054\061\051\136\156\103\140\142\177\374\203\134
+\102\054\015\301\166\270\116\202\352\272\060\331\331\061\270\064
+\021\203\300\326\033\032\077\307\146\021\076\306\036\240\154\056
+\110\165\163\253\161\306\027\360\017\121\042\173\024\116\164\126
+\275\301
+END
+CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
+CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE
+CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
+
+# Trust for "QuoVadis TLS RSA 4096 Root G4"
+# Issuer: CN=QuoVadis TLS RSA 4096 Root G4,O=QuoVadis Trustlink B.V.,C=NL
+# Serial Number:02:5f:e5:83:9f:b3:aa:bd:c3:72:1e:ed:69:9e:76:49:ff:66:34:fe
+# Subject: CN=QuoVadis TLS RSA 4096 Root G4,O=QuoVadis Trustlink B.V.,C=NL
+# Not Valid Before: Thu Mar 16 15:20:26 2023
+# Not Valid After : Mon Mar 09 15:20:25 2048
+# Fingerprint (SHA-256): C8:A2:D3:8A:24:F5:AC:30:2D:8A:08:EB:D3:89:23:D9:A7:50:B4:92:20:F0:92:E8:2D:1C:53:24:9E:15:33:D0
+# Fingerprint (SHA1): 20:AF:EA:8D:CB:03:1F:06:84:DF:8F:FD:25:98:C8:B7:96:7F:CD:3C
+CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "QuoVadis TLS RSA 4096 Root G4"
+CKA_CERT_SHA1_HASH MULTILINE_OCTAL
+\040\257\352\215\313\003\037\006\204\337\217\375\045\230\310\267
+\226\177\315\074
+END
+CKA_CERT_MD5_HASH MULTILINE_OCTAL
+\007\142\356\042\273\351\003\253\071\373\111\243\326\040\253\215
+END
+CKA_ISSUER MULTILINE_OCTAL
+\060\127\061\013\060\011\006\003\125\004\006\023\002\116\114\061
+\040\060\036\006\003\125\004\012\014\027\121\165\157\126\141\144
+\151\163\040\124\162\165\163\164\154\151\156\153\040\102\056\126
+\056\061\046\060\044\006\003\125\004\003\014\035\121\165\157\126
+\141\144\151\163\040\124\114\123\040\122\123\101\040\064\060\071
+\066\040\122\157\157\164\040\107\064
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\024\002\137\345\203\237\263\252\275\303\162\036\355\151\236
+\166\111\377\146\064\376
+END
+CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
+CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
+CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
+CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
+
+
+#
+# Certificate "QuoVadis TLS ECC P384 Root G4"
+#
+# Issuer: CN=QuoVadis TLS ECC P384 Root G4,O=QuoVadis Trustlink B.V.,C=NL
+# Serial Number:69:1b:04:1f:15:9f:6e:1c:24:d2:41:c3:e6:e4:42:ff:c1:22:89:9d
+# Subject: CN=QuoVadis TLS ECC P384 Root G4,O=QuoVadis Trustlink B.V.,C=NL
+# Not Valid Before: Thu Mar 16 15:23:45 2023
+# Not Valid After : Mon Mar 09 15:23:44 2048
+# Fingerprint (SHA-256): 6E:1F:D3:AE:0D:2D:47:7C:8F:5E:E5:F3:35:CC:5B:63:56:87:26:54:E5:35:6A:73:D8:C0:A3:0A:17:C2:52:A2
+# Fingerprint (SHA1): B6:BF:37:2A:36:89:B3:56:99:F0:99:13:DA:01:1D:73:A6:E1:0F:CE
+CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "QuoVadis TLS ECC P384 Root G4"
+CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
+CKA_SUBJECT MULTILINE_OCTAL
+\060\127\061\013\060\011\006\003\125\004\006\023\002\116\114\061
+\040\060\036\006\003\125\004\012\014\027\121\165\157\126\141\144
+\151\163\040\124\162\165\163\164\154\151\156\153\040\102\056\126
+\056\061\046\060\044\006\003\125\004\003\014\035\121\165\157\126
+\141\144\151\163\040\124\114\123\040\105\103\103\040\120\063\070
+\064\040\122\157\157\164\040\107\064
+END
+CKA_ID UTF8 "0"
+CKA_ISSUER MULTILINE_OCTAL
+\060\127\061\013\060\011\006\003\125\004\006\023\002\116\114\061
+\040\060\036\006\003\125\004\012\014\027\121\165\157\126\141\144
+\151\163\040\124\162\165\163\164\154\151\156\153\040\102\056\126
+\056\061\046\060\044\006\003\125\004\003\014\035\121\165\157\126
+\141\144\151\163\040\124\114\123\040\105\103\103\040\120\063\070
+\064\040\122\157\157\164\040\107\064
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\024\151\033\004\037\025\237\156\034\044\322\101\303\346\344
+\102\377\301\042\211\235
+END
+CKA_VALUE MULTILINE_OCTAL
+\060\202\002\056\060\202\001\265\240\003\002\001\002\002\024\151
+\033\004\037\025\237\156\034\044\322\101\303\346\344\102\377\301
+\042\211\235\060\012\006\010\052\206\110\316\075\004\003\003\060
+\127\061\013\060\011\006\003\125\004\006\023\002\116\114\061\040
+\060\036\006\003\125\004\012\014\027\121\165\157\126\141\144\151
+\163\040\124\162\165\163\164\154\151\156\153\040\102\056\126\056
+\061\046\060\044\006\003\125\004\003\014\035\121\165\157\126\141
+\144\151\163\040\124\114\123\040\105\103\103\040\120\063\070\064
+\040\122\157\157\164\040\107\064\060\036\027\015\062\063\060\063
+\061\066\061\065\062\063\064\065\132\027\015\064\070\060\063\060
+\071\061\065\062\063\064\064\132\060\127\061\013\060\011\006\003
+\125\004\006\023\002\116\114\061\040\060\036\006\003\125\004\012
+\014\027\121\165\157\126\141\144\151\163\040\124\162\165\163\164
+\154\151\156\153\040\102\056\126\056\061\046\060\044\006\003\125
+\004\003\014\035\121\165\157\126\141\144\151\163\040\124\114\123
+\040\105\103\103\040\120\063\070\064\040\122\157\157\164\040\107
+\064\060\166\060\020\006\007\052\206\110\316\075\002\001\006\005
+\053\201\004\000\042\003\142\000\004\004\025\145\231\020\130\321
+\062\077\322\125\327\172\246\042\213\013\264\175\047\010\123\177
+\004\230\223\020\253\331\173\121\316\022\323\134\357\347\015\026
+\274\313\372\377\076\036\320\367\051\037\361\320\050\265\276\046
+\267\060\260\235\373\073\136\355\054\161\143\250\271\327\375\331
+\371\163\045\173\333\116\235\203\300\163\325\202\223\074\012\067
+\223\031\200\000\211\241\176\204\056\243\102\060\100\060\017\006
+\003\125\035\023\001\001\377\004\005\060\003\001\001\377\060\035
+\006\003\125\035\016\004\026\004\024\341\107\206\025\345\001\024
+\303\015\263\320\274\365\233\273\071\066\310\037\021\060\016\006
+\003\125\035\017\001\001\377\004\004\003\002\001\206\060\012\006
+\010\052\206\110\316\075\004\003\003\003\147\000\060\144\002\060
+\074\204\137\005\256\160\216\370\221\243\054\116\156\366\107\275
+\024\024\135\367\171\311\124\312\242\243\132\061\015\007\210\011
+\114\015\235\145\224\141\200\056\022\103\001\312\034\136\113\156
+\002\060\175\017\000\016\040\337\124\224\111\043\130\153\324\132
+\140\004\036\345\231\150\334\244\231\232\316\023\174\061\351\153
+\165\322\005\204\014\207\156\245\367\036\045\163\155\054\077\236
+\044\357
+END
+CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE
+CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE
+CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE
+
+# Trust for "QuoVadis TLS ECC P384 Root G4"
+# Issuer: CN=QuoVadis TLS ECC P384 Root G4,O=QuoVadis Trustlink B.V.,C=NL
+# Serial Number:69:1b:04:1f:15:9f:6e:1c:24:d2:41:c3:e6:e4:42:ff:c1:22:89:9d
+# Subject: CN=QuoVadis TLS ECC P384 Root G4,O=QuoVadis Trustlink B.V.,C=NL
+# Not Valid Before: Thu Mar 16 15:23:45 2023
+# Not Valid After : Mon Mar 09 15:23:44 2048
+# Fingerprint (SHA-256): 6E:1F:D3:AE:0D:2D:47:7C:8F:5E:E5:F3:35:CC:5B:63:56:87:26:54:E5:35:6A:73:D8:C0:A3:0A:17:C2:52:A2
+# Fingerprint (SHA1): B6:BF:37:2A:36:89:B3:56:99:F0:99:13:DA:01:1D:73:A6:E1:0F:CE
+CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "QuoVadis TLS ECC P384 Root G4"
+CKA_CERT_SHA1_HASH MULTILINE_OCTAL
+\266\277\067\052\066\211\263\126\231\360\231\023\332\001\035\163
+\246\341\017\316
+END
+CKA_CERT_MD5_HASH MULTILINE_OCTAL
+\130\171\267\146\250\166\267\363\062\354\254\165\313\206\261\042
+END
+CKA_ISSUER MULTILINE_OCTAL
+\060\127\061\013\060\011\006\003\125\004\006\023\002\116\114\061
+\040\060\036\006\003\125\004\012\014\027\121\165\157\126\141\144
+\151\163\040\124\162\165\163\164\154\151\156\153\040\102\056\126
+\056\061\046\060\044\006\003\125\004\003\014\035\121\165\157\126
+\141\144\151\163\040\124\114\123\040\105\103\103\040\120\063\070
+\064\040\122\157\157\164\040\107\064
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\024\151\033\004\037\025\237\156\034\044\322\101\303\346\344
+\102\377\301\042\211\235
+END
+CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
+CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
+CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
+CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
+
diff --git a/SPECS/prebuilt-ca-certificates-base/prebuilt-ca-certificates-base.spec b/SPECS/prebuilt-ca-certificates-base/prebuilt-ca-certificates-base.spec
index 47b26ce2b2d..bbe2069a604 100644
--- a/SPECS/prebuilt-ca-certificates-base/prebuilt-ca-certificates-base.spec
+++ b/SPECS/prebuilt-ca-certificates-base/prebuilt-ca-certificates-base.spec
@@ -3,7 +3,7 @@ Name:           prebuilt-ca-certificates-base
 # When updating, "Epoch, "Version", AND "Release" tags must be updated in the "ca-certificates" package as well.
 Epoch:          1
 Version:        %{azl}.0.0
-Release:        5%{?dist}
+Release:        6%{?dist}
 License:        MIT
 Vendor:         Microsoft Corporation
 Distribution:   Azure Linux
@@ -46,6 +46,9 @@ find %{buildroot} -name README -delete
 %{_sysconfdir}/pki/java/cacerts
 
 %changelog
+* Mon Apr 22 2024 CBL-Mariner Servicing Account <cblmargh@microsoft.com> - 3.0.0-6
+- Updating Microsoft trusted root CAs.
+
 * Mon Mar 18 2024 Pawel Winogrodzki <pawelwi@microsoft.com> - 3.0.0-5
 - Extending base set of certificates.
 
diff --git a/SPECS/prebuilt-ca-certificates/prebuilt-ca-certificates.spec b/SPECS/prebuilt-ca-certificates/prebuilt-ca-certificates.spec
index 6e1f74ac16c..1e059522c99 100644
--- a/SPECS/prebuilt-ca-certificates/prebuilt-ca-certificates.spec
+++ b/SPECS/prebuilt-ca-certificates/prebuilt-ca-certificates.spec
@@ -3,7 +3,7 @@ Name:           prebuilt-ca-certificates
 # When updating, "Epoch, "Version", AND "Release" tags must be updated in the "ca-certificates" package as well.
 Epoch:          1
 Version:        %{azl}.0.0
-Release:        5%{?dist}
+Release:        6%{?dist}
 License:        MIT
 Vendor:         Microsoft Corporation
 Distribution:   Azure Linux
@@ -49,6 +49,9 @@ find %{buildroot} -name README -delete
 %{_sysconfdir}/pki/java/cacerts
 
 %changelog
+* Mon Apr 22 2024 CBL-Mariner Servicing Account <cblmargh@microsoft.com> - 3.0.0-6
+- Updating Microsoft trusted root CAs.
+
 * Mon Mar 18 2024 Pawel Winogrodzki <pawelwi@microsoft.com> - 3.0.0-5
 - Extending base set of certificates.
 
diff --git a/toolkit/resources/manifests/package/pkggen_core_aarch64.txt b/toolkit/resources/manifests/package/pkggen_core_aarch64.txt
index c67d9d8eca8..e645b5cd6fa 100644
--- a/toolkit/resources/manifests/package/pkggen_core_aarch64.txt
+++ b/toolkit/resources/manifests/package/pkggen_core_aarch64.txt
@@ -229,10 +229,10 @@ libffi-devel-3.4.4-1.azl3.aarch64.rpm
 libtasn1-4.19.0-1.azl3.aarch64.rpm
 p11-kit-0.25.0-1.azl3.aarch64.rpm
 p11-kit-trust-0.25.0-1.azl3.aarch64.rpm
-ca-certificates-shared-3.0.0-5.azl3.noarch.rpm
-ca-certificates-tools-3.0.0-5.azl3.noarch.rpm
-ca-certificates-base-3.0.0-5.azl3.noarch.rpm
-ca-certificates-3.0.0-5.azl3.noarch.rpm
+ca-certificates-shared-3.0.0-6.azl3.noarch.rpm
+ca-certificates-tools-3.0.0-6.azl3.noarch.rpm
+ca-certificates-base-3.0.0-6.azl3.noarch.rpm
+ca-certificates-3.0.0-6.azl3.noarch.rpm
 dwz-0.14-2.azl3.aarch64.rpm
 unzip-6.0-20.azl3.aarch64.rpm
 python3-3.12.0-3.azl3.aarch64.rpm
diff --git a/toolkit/resources/manifests/package/pkggen_core_x86_64.txt b/toolkit/resources/manifests/package/pkggen_core_x86_64.txt
index 60c00febd45..e071b9ea539 100644
--- a/toolkit/resources/manifests/package/pkggen_core_x86_64.txt
+++ b/toolkit/resources/manifests/package/pkggen_core_x86_64.txt
@@ -229,10 +229,10 @@ libffi-devel-3.4.4-1.azl3.x86_64.rpm
 libtasn1-4.19.0-1.azl3.x86_64.rpm
 p11-kit-0.25.0-1.azl3.x86_64.rpm
 p11-kit-trust-0.25.0-1.azl3.x86_64.rpm
-ca-certificates-shared-3.0.0-5.azl3.noarch.rpm
-ca-certificates-tools-3.0.0-5.azl3.noarch.rpm
-ca-certificates-base-3.0.0-5.azl3.noarch.rpm
-ca-certificates-3.0.0-5.azl3.noarch.rpm
+ca-certificates-shared-3.0.0-6.azl3.noarch.rpm
+ca-certificates-tools-3.0.0-6.azl3.noarch.rpm
+ca-certificates-base-3.0.0-6.azl3.noarch.rpm
+ca-certificates-3.0.0-6.azl3.noarch.rpm
 dwz-0.14-2.azl3.x86_64.rpm
 unzip-6.0-20.azl3.x86_64.rpm
 python3-3.12.0-3.azl3.x86_64.rpm
diff --git a/toolkit/resources/manifests/package/toolchain_aarch64.txt b/toolkit/resources/manifests/package/toolchain_aarch64.txt
index b7e1fe8be15..b524ff6af14 100644
--- a/toolkit/resources/manifests/package/toolchain_aarch64.txt
+++ b/toolkit/resources/manifests/package/toolchain_aarch64.txt
@@ -33,11 +33,11 @@ bzip2-1.0.8-1.azl3.aarch64.rpm
 bzip2-debuginfo-1.0.8-1.azl3.aarch64.rpm
 bzip2-devel-1.0.8-1.azl3.aarch64.rpm
 bzip2-libs-1.0.8-1.azl3.aarch64.rpm
-ca-certificates-3.0.0-5.azl3.noarch.rpm
-ca-certificates-base-3.0.0-5.azl3.noarch.rpm
-ca-certificates-legacy-3.0.0-5.azl3.noarch.rpm
-ca-certificates-shared-3.0.0-5.azl3.noarch.rpm
-ca-certificates-tools-3.0.0-5.azl3.noarch.rpm
+ca-certificates-3.0.0-6.azl3.noarch.rpm
+ca-certificates-base-3.0.0-6.azl3.noarch.rpm
+ca-certificates-legacy-3.0.0-6.azl3.noarch.rpm
+ca-certificates-shared-3.0.0-6.azl3.noarch.rpm
+ca-certificates-tools-3.0.0-6.azl3.noarch.rpm
 ccache-4.8.3-1.azl3.aarch64.rpm
 ccache-debuginfo-4.8.3-1.azl3.aarch64.rpm
 check-0.15.2-1.azl3.aarch64.rpm
diff --git a/toolkit/resources/manifests/package/toolchain_x86_64.txt b/toolkit/resources/manifests/package/toolchain_x86_64.txt
index 4309ffdef6b..6fcbfa89598 100644
--- a/toolkit/resources/manifests/package/toolchain_x86_64.txt
+++ b/toolkit/resources/manifests/package/toolchain_x86_64.txt
@@ -34,11 +34,11 @@ bzip2-1.0.8-1.azl3.x86_64.rpm
 bzip2-debuginfo-1.0.8-1.azl3.x86_64.rpm
 bzip2-devel-1.0.8-1.azl3.x86_64.rpm
 bzip2-libs-1.0.8-1.azl3.x86_64.rpm
-ca-certificates-3.0.0-5.azl3.noarch.rpm
-ca-certificates-base-3.0.0-5.azl3.noarch.rpm
-ca-certificates-legacy-3.0.0-5.azl3.noarch.rpm
-ca-certificates-shared-3.0.0-5.azl3.noarch.rpm
-ca-certificates-tools-3.0.0-5.azl3.noarch.rpm
+ca-certificates-3.0.0-6.azl3.noarch.rpm
+ca-certificates-base-3.0.0-6.azl3.noarch.rpm
+ca-certificates-legacy-3.0.0-6.azl3.noarch.rpm
+ca-certificates-shared-3.0.0-6.azl3.noarch.rpm
+ca-certificates-tools-3.0.0-6.azl3.noarch.rpm
 ccache-4.8.3-1.azl3.x86_64.rpm
 ccache-debuginfo-4.8.3-1.azl3.x86_64.rpm
 check-0.15.2-1.azl3.x86_64.rpm

From 7802a1c367783248ced02e161e493c1d693cdaa2 Mon Sep 17 00:00:00 2001
From: Betty <38226164+BettyRain@users.noreply.github.com>
Date: Mon, 22 Apr 2024 13:22:29 -0700
Subject: [PATCH 17/62] Change pcre2 dependency in glib (#8852)

Co-authored-by: Betty Lakes <bettylakes@microsoft.com>
---
 SPECS/glib/glib.spec                                   |  9 +++++----
 .../manifests/package/pkggen_core_aarch64.txt          |  2 +-
 .../resources/manifests/package/pkggen_core_x86_64.txt |  2 +-
 .../resources/manifests/package/toolchain_aarch64.txt  | 10 +++++-----
 .../resources/manifests/package/toolchain_x86_64.txt   | 10 +++++-----
 5 files changed, 17 insertions(+), 16 deletions(-)

diff --git a/SPECS/glib/glib.spec b/SPECS/glib/glib.spec
index ca27869467c..4f1d9be7b04 100644
--- a/SPECS/glib/glib.spec
+++ b/SPECS/glib/glib.spec
@@ -2,7 +2,7 @@
 Summary:        Low-level libraries useful for providing data structure handling for C.
 Name:           glib
 Version:        2.78.1
-Release:        3%{?dist}
+Release:        4%{?dist}
 License:        LGPLv2+
 Vendor:         Microsoft Corporation
 Distribution:   Azure Linux
@@ -14,7 +14,6 @@ BuildRequires:  gtk-doc
 BuildRequires:  libffi-devel
 BuildRequires:  libselinux-devel
 BuildRequires:  meson
-BuildRequires:  pcre2-devel
 BuildRequires:  pkg-config
 BuildRequires:  python3-xml
 BuildRequires:  python3
@@ -23,7 +22,7 @@ BuildRequires:  which
 BuildRequires:  python3-pygments
 Requires:       libffi
 Requires:       libselinux
-Requires:       pcre2-devel
+Requires:       pcre2
 Provides:       glib2 = %{version}-%{release}
 Provides:       glib2%{?_isa} = %{version}-%{release}
 Provides:       glib2-static = %{version}-%{release}
@@ -37,7 +36,6 @@ Group:          Development/Libraries
 Requires:       glib = %{version}-%{release}
 Requires:       glib-schemas = %{version}-%{release}
 Requires:       libffi-devel
-Requires:       pcre2-devel
 Requires:       python3-xml
 Requires:       python3
 Provides:       glib2-devel = %{version}-%{release}
@@ -123,6 +121,9 @@ touch %{buildroot}%{_libdir}/gio/modules/giomodule.cache
 %doc %{_datadir}/gtk-doc/html/*
 
 %changelog
+* Fri Apr 19 2024 Betty Lakes <bettylakes@microsoft.com> - 2.78.1-4
+- Update dependency on pcre2
+
 * Wed Apr 03 2024 Betty Lakes <bettylakes@microsoft.com> - 2.78.1-3
 - Move to pcre2
 
diff --git a/toolkit/resources/manifests/package/pkggen_core_aarch64.txt b/toolkit/resources/manifests/package/pkggen_core_aarch64.txt
index e645b5cd6fa..8f0dd957a42 100644
--- a/toolkit/resources/manifests/package/pkggen_core_aarch64.txt
+++ b/toolkit/resources/manifests/package/pkggen_core_aarch64.txt
@@ -199,7 +199,7 @@ libxml2-devel-2.11.5-1.azl3.aarch64.rpm
 docbook-dtd-xml-4.5-11.azl3.noarch.rpm
 docbook-style-xsl-1.79.1-13.azl3.noarch.rpm
 libsepol-3.6-1.azl3.aarch64.rpm
-glib-2.78.1-3.azl3.aarch64.rpm
+glib-2.78.1-4.azl3.aarch64.rpm
 libltdl-2.4.7-1.azl3.aarch64.rpm
 libltdl-devel-2.4.7-1.azl3.aarch64.rpm
 lua-5.4.6-1.azl3.aarch64.rpm
diff --git a/toolkit/resources/manifests/package/pkggen_core_x86_64.txt b/toolkit/resources/manifests/package/pkggen_core_x86_64.txt
index e071b9ea539..47495c3abd7 100644
--- a/toolkit/resources/manifests/package/pkggen_core_x86_64.txt
+++ b/toolkit/resources/manifests/package/pkggen_core_x86_64.txt
@@ -199,7 +199,7 @@ libxml2-devel-2.11.5-1.azl3.x86_64.rpm
 docbook-dtd-xml-4.5-11.azl3.noarch.rpm
 docbook-style-xsl-1.79.1-13.azl3.noarch.rpm
 libsepol-3.6-1.azl3.x86_64.rpm
-glib-2.78.1-3.azl3.x86_64.rpm
+glib-2.78.1-4.azl3.x86_64.rpm
 libltdl-2.4.7-1.azl3.x86_64.rpm
 libltdl-devel-2.4.7-1.azl3.x86_64.rpm
 lua-5.4.6-1.azl3.x86_64.rpm
diff --git a/toolkit/resources/manifests/package/toolchain_aarch64.txt b/toolkit/resources/manifests/package/toolchain_aarch64.txt
index b524ff6af14..0ee2f4e2598 100644
--- a/toolkit/resources/manifests/package/toolchain_aarch64.txt
+++ b/toolkit/resources/manifests/package/toolchain_aarch64.txt
@@ -116,11 +116,11 @@ gdbm-lang-1.23-1.azl3.aarch64.rpm
 gettext-0.22-1.azl3.aarch64.rpm
 gettext-debuginfo-0.22-1.azl3.aarch64.rpm
 gfortran-13.2.0-3.azl3.aarch64.rpm
-glib-2.78.1-3.azl3.aarch64.rpm
-glib-debuginfo-2.78.1-3.azl3.aarch64.rpm
-glib-devel-2.78.1-3.azl3.aarch64.rpm
-glib-doc-2.78.1-3.azl3.noarch.rpm
-glib-schemas-2.78.1-3.azl3.aarch64.rpm
+glib-2.78.1-4.azl3.aarch64.rpm
+glib-debuginfo-2.78.1-4.azl3.aarch64.rpm
+glib-devel-2.78.1-4.azl3.aarch64.rpm
+glib-doc-2.78.1-4.azl3.noarch.rpm
+glib-schemas-2.78.1-4.azl3.aarch64.rpm
 glibc-2.38-3.azl3.aarch64.rpm
 glibc-debuginfo-2.38-3.azl3.aarch64.rpm
 glibc-devel-2.38-3.azl3.aarch64.rpm
diff --git a/toolkit/resources/manifests/package/toolchain_x86_64.txt b/toolkit/resources/manifests/package/toolchain_x86_64.txt
index 6fcbfa89598..339dabbc182 100644
--- a/toolkit/resources/manifests/package/toolchain_x86_64.txt
+++ b/toolkit/resources/manifests/package/toolchain_x86_64.txt
@@ -121,11 +121,11 @@ gdbm-lang-1.23-1.azl3.x86_64.rpm
 gettext-0.22-1.azl3.x86_64.rpm
 gettext-debuginfo-0.22-1.azl3.x86_64.rpm
 gfortran-13.2.0-3.azl3.x86_64.rpm
-glib-2.78.1-3.azl3.x86_64.rpm
-glib-debuginfo-2.78.1-3.azl3.x86_64.rpm
-glib-devel-2.78.1-3.azl3.x86_64.rpm
-glib-doc-2.78.1-3.azl3.noarch.rpm
-glib-schemas-2.78.1-3.azl3.x86_64.rpm
+glib-2.78.1-4.azl3.x86_64.rpm
+glib-debuginfo-2.78.1-4.azl3.x86_64.rpm
+glib-devel-2.78.1-4.azl3.x86_64.rpm
+glib-doc-2.78.1-4.azl3.noarch.rpm
+glib-schemas-2.78.1-4.azl3.x86_64.rpm
 glibc-2.38-3.azl3.x86_64.rpm
 glibc-debuginfo-2.38-3.azl3.x86_64.rpm
 glibc-devel-2.38-3.azl3.x86_64.rpm

From fe12eea2d83ca5125ddcf0f973157a5c382242d9 Mon Sep 17 00:00:00 2001
From: nicolas guibourge <nicogbg@gmail.com>
Date: Mon, 22 Apr 2024 15:04:57 -0700
Subject: [PATCH 18/62] fix trigger issue for Azl3 CodeQL (#8780)

Co-authored-by: CBL-Mariner Servicing Account <cblmargh@microsoft.com>
---
 .pipelines/CodeQL/CodeQL.yml | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/.pipelines/CodeQL/CodeQL.yml b/.pipelines/CodeQL/CodeQL.yml
index 51e3ce3054d..2d52badc567 100644
--- a/.pipelines/CodeQL/CodeQL.yml
+++ b/.pipelines/CodeQL/CodeQL.yml
@@ -3,6 +3,8 @@
 
 name: CodeQL CBL-Mariner repository
 
+trigger: none
+
 resources:
   repositories:
     - repository: CBL-Mariner-Pipelines

From 49a5c5d72cec64d736eb4a11c25dad6ea224c001 Mon Sep 17 00:00:00 2001
From: Mitch Zhu <mitchzhu@microsoft.com>
Date: Mon, 22 Apr 2024 15:25:34 -0700
Subject: [PATCH 19/62] cal10n: upgrade to 0.8.1 (#8044)

---
 SPECS/cal10n/cal10n-0.7.7-sourcetarget.patch | 37 ---------
 SPECS/cal10n/cal10n.signatures.json          |  4 +-
 SPECS/cal10n/cal10n.spec                     | 87 ++++++++++----------
 cgmanifest.json                              |  4 +-
 4 files changed, 46 insertions(+), 86 deletions(-)
 delete mode 100644 SPECS/cal10n/cal10n-0.7.7-sourcetarget.patch

diff --git a/SPECS/cal10n/cal10n-0.7.7-sourcetarget.patch b/SPECS/cal10n/cal10n-0.7.7-sourcetarget.patch
deleted file mode 100644
index a8c5ea9cd92..00000000000
--- a/SPECS/cal10n/cal10n-0.7.7-sourcetarget.patch
+++ /dev/null
@@ -1,37 +0,0 @@
---- cal10n-0.7.7/cal10n-api/maven-build.xml	2017-09-07 19:31:22.268263921 +0200
-+++ cal10n-0.7.7/cal10n-api/maven-build.xml	2017-09-07 19:43:32.588627010 +0200
-@@ -67,10 +67,10 @@
-            debug="true" 
-            optimize="false" 
-            deprecation="true" 
--           target="1.5" 
-+           target="8" 
-            verbose="false" 
-            fork="false" 
--           source="1.5">
-+           source="8">
-       <src>
-         <pathelement location="${maven.build.srcDir.0}"/>
-       </src>
-@@ -95,10 +95,10 @@
-            debug="true" 
-            optimize="false" 
-            deprecation="true" 
--           target="1.5" 
-+           target="8" 
-            verbose="false" 
-            fork="false" 
--           source="1.5">
-+           source="8">
-       <src>
-         <pathelement location="${maven.build.testDir.0}"/>
-       </src>
-@@ -202,7 +202,7 @@
-              charset="ISO-8859-1" 
-              linksource="false" 
-              breakiterator="false">
--      <link href="http://java.sun.com/j2se/1.5.0/docs/api"/>
-+      <link href="http://java.sun.com/j2se/1.8.0/docs/api"/>
-       <group title="CAL10N API packages"/>
-       <group title="CAL10N Maven plugin"/>
-     </javadoc>
diff --git a/SPECS/cal10n/cal10n.signatures.json b/SPECS/cal10n/cal10n.signatures.json
index 5c0937580b6..a2dabb43b2a 100644
--- a/SPECS/cal10n/cal10n.signatures.json
+++ b/SPECS/cal10n/cal10n.signatures.json
@@ -1,6 +1,6 @@
 {
  "Signatures": {
-  "build.xml-0.7.7.tar.xz": "ed3969c21254517f97dd6e62b4ea5fe7d2e38142b71ae6905e1a208243a16a6a",
-  "cal10n-0.7.7.tar.gz": "a778dd646277612f7bb5f65d6970938f80294ca775b8916fcc8e62abeeb2fa8f"
+  "cal10n-0.8.1.10.tar.xz": "6f7f946e2934648e4d13e7ace5a40582b87aed9e7b2bda558a1560c059246deb",
+  "cal10n-build.tar.xz": "4f28373731de625de39fdc9608f319a8e7e35dec8a2f92f1bb39a1b5ebcd3a77"
  }
 }
diff --git a/SPECS/cal10n/cal10n.spec b/SPECS/cal10n/cal10n.spec
index 32b4597e28b..63370ad0c61 100644
--- a/SPECS/cal10n/cal10n.spec
+++ b/SPECS/cal10n/cal10n.spec
@@ -1,4 +1,3 @@
-
 #
 # spec file for package cal10n
 #
@@ -16,16 +15,16 @@
 #
 Summary:        Compiler assisted localization library (CAL10N)
 Name:           cal10n
-Version:        0.7.7
-Release:        6%{?dist}
+Version:        0.8.1.10
+Release:        1%{?dist}
 License:        MIT
 Vendor:         Microsoft Corporation
 Distribution:   Azure Linux
 Group:          Development/Libraries/Java
 URL:            http://cal10n.qos.ch
-Source0:        https://github.com/qos-ch/cal10n/archive/refs/tags/v_%{version}.tar.gz#/%{name}-%{version}.tar.gz
-Source1:        build.xml-0.7.7.tar.xz
-Patch0:         cal10n-0.7.7-sourcetarget.patch
+Source0:        https://code.opensuse.org/adrianSuSE/%{name}/blob/factory/f/%{name}-%{version}.tar.xz
+# cal10n-build.tar.gz provides build process for cal10-api and cal10n-ant-task
+Source1:        https://code.opensuse.org/adrianSuSE/%{name}/blob/factory/f/%{name}-build.tar.xz
 BuildRequires:  ant
 BuildRequires:  fdupes
 BuildRequires:  java-devel >= 1.8
@@ -55,10 +54,12 @@ Group:          Development/Libraries/Java
 API documentation for %{name}.
 
 %prep
-%setup -q
-tar -xf %{SOURCE1}
-%patch 0 -p1
-find . -name "*.jar" | xargs rm
+%setup -q -a1
+find . -name "*.jar" -exec rm -f {} \;
+
+# We don't want to depend on ant, since it will be
+# present when we try to use the task
+%pom_change_dep :ant :::provided %{name}-ant-task 
 
 # bnc#759912
 rm -rf docs cal10n-site
@@ -73,58 +74,54 @@ http://cal10n.qos.ch/manual.html
 EOF
 
 %build
-for dir in cal10n-api
-do
-  pushd $dir
-  export CLASSPATH=$(build-classpath \
-                     junit \
-                     ):target/classes:target/test-classes
-  ant -Dmaven.mode.offline=true package javadoc \
-      -Dmaven.test.skip=true \
-      -lib %{_datadir}/java
-  popd
-done
+mkdir -p lib
+build-jar-repository -s lib \
+%if 0%{?with_check}
+    ant-antunit \
+%endif
+    ant/ant
+%{ant} \
+%if ! 0%{?with_check}
+    -Dtest.skip=true \
+%endif
+    package javadoc
 
 %install
 # jars
 install -d -m 0755 %{buildroot}%{_javadir}/%{name}
-install -m 644 cal10n-api/target/cal10n-api-%{version}.jar \
-        %{buildroot}%{_javadir}/%{name}/cal10n-api-%{version}.jar
+install -m 644 %{name}-api/target/%{name}-api-*.jar \
+        %{buildroot}%{_javadir}/%{name}/%{name}-api.jar
+install -m 644 %{name}-ant-task/target/%{name}-ant-task-*.jar \
+        %{buildroot}%{_javadir}/%{name}/%{name}-ant-task.jar
 
 # pom
 install -d -m 755 %{buildroot}%{_mavenpomdir}
 install -pm 644 pom.xml %{buildroot}%{_mavenpomdir}/%{name}.pom
 %add_maven_depmap %{name}.pom
 install -pm 644 %{name}-api/pom.xml %{buildroot}%{_mavenpomdir}/%{name}-api.pom
-%add_maven_depmap %{name}-api.pom %{name}/cal10n-api-%{version}.jar
+%add_maven_depmap %{name}-api.pom %{name}/%{name}-api.jar
+install -pm 644 %{name}-ant-task/pom.xml %{buildroot}%{_mavenpomdir}/%{name}-ant-task.pom
+%add_maven_depmap %{name}-ant-task.pom %{name}/%{name}-ant-task.jar
 
 # javadoc
-pushd cal10n-api
-install -d -m 0755 %{buildroot}%{_javadocdir}/%{name}-%{version}
-cp -pr target/site/apidocs*/* %{buildroot}%{_javadocdir}/%{name}-%{version}/
-rm -rf target/site/api*
-popd
-%fdupes -s %{buildroot}%{_javadocdir}/%{name}-%{version}
-
-%files
-%license LICENSE.txt
-%defattr(0644,root,root,0755)
+install -dm 0755 %{buildroot}%{_javadocdir}/%{name}
+for i in api ant-task; do
+  install -dm 0755 %{buildroot}%{_javadocdir}/%{name}/${i}
+  cp -pr %{name}-${i}/target/site/apidocs/* %{buildroot}%{_javadocdir}/%{name}/${i}/
+done
+%fdupes -s %{buildroot}%{_javadocdir}/%{name}
+
+%files -f .mfiles
 %doc README.SUSE
-%dir %{_javadir}/%{name}
-%{_javadir}/%{name}/%{name}*.jar
-%{_mavenpomdir}/*
-%if %{defined _maven_repository}
-%{_mavendepmapfragdir}/%{name}
-%else
-%{_datadir}/maven-metadata/%{name}.xml*
-%endif
 
 %files javadoc
-%license LICENSE.txt
-%defattr(-,root,root,-)
-%{_javadocdir}/%{name}-%{version}
+%{_javadocdir}/%{name}
 
 %changelog
+* Fri Apr 05 2024 Mitch Zhu <mitchzhu@microsoft.com> - 0.8.1.10-1
+- Update to version 0.8.1.10
+- Import build, install section, and source file from openSUSE (license: MIT).
+
 * Fri Mar 17 2023 Mykhailo Bykhovtsev <mbykhovtsev@microsoft.com> - 0.7.7-6
 - Moved from extended to core
 - Updated source URL
diff --git a/cgmanifest.json b/cgmanifest.json
index 1b9421f90b6..c2219a72bf8 100644
--- a/cgmanifest.json
+++ b/cgmanifest.json
@@ -1417,8 +1417,8 @@
         "type": "other",
         "other": {
           "name": "cal10n",
-          "version": "0.7.7",
-          "downloadUrl": "https://github.com/qos-ch/cal10n/archive/refs/tags/v_0.7.7.tar.gz"
+          "version": "0.8.1.10",
+          "downloadUrl": "https://code.opensuse.org/adrianSuSE/cal10n/blob/factory/f/cal10n-0.8.1.10.tar.xz"
         }
       }
     },

From ef17592a586c287e99aa955a74df655c9bff2578 Mon Sep 17 00:00:00 2001
From: Chris Gunn <chrisgun@microsoft.com>
Date: Mon, 22 Apr 2024 16:07:50 -0700
Subject: [PATCH 20/62] Image Customizer: Improve error message for missing EFI
 files. (#8869)

---
 .../imagecustomizerlib/liveosisobuilder.go    | 12 ++++
 .../liveosisobuilder_test.go                  | 56 +++++++++++++++++++
 2 files changed, 68 insertions(+)
 create mode 100644 toolkit/tools/pkg/imagecustomizerlib/liveosisobuilder_test.go

diff --git a/toolkit/tools/pkg/imagecustomizerlib/liveosisobuilder.go b/toolkit/tools/pkg/imagecustomizerlib/liveosisobuilder.go
index 3ac334154c8..608a8fe2b05 100644
--- a/toolkit/tools/pkg/imagecustomizerlib/liveosisobuilder.go
+++ b/toolkit/tools/pkg/imagecustomizerlib/liveosisobuilder.go
@@ -402,6 +402,18 @@ func (b *LiveOSIsoBuilder) extractBootDirFiles(writeableRootfsDir string) error
 		}
 	}
 
+	if b.artifacts.bootx64EfiPath == "" {
+		return fmt.Errorf("failed to find the boot efi file (%s):\n"+
+			"this file is provided by the (shim) package",
+			bootx64Binary)
+	}
+
+	if b.artifacts.grubx64EfiPath == "" {
+		return fmt.Errorf("failed to find the grub efi file (%s or %s):\n"+
+			"this file is provided by either the (grub2-efi-binary) or the (grub2-efi-binary-noprefix) package",
+			grubx64Binary, grubx64NoPrefixBinary)
+	}
+
 	return nil
 }
 
diff --git a/toolkit/tools/pkg/imagecustomizerlib/liveosisobuilder_test.go b/toolkit/tools/pkg/imagecustomizerlib/liveosisobuilder_test.go
new file mode 100644
index 00000000000..ff06a1ef701
--- /dev/null
+++ b/toolkit/tools/pkg/imagecustomizerlib/liveosisobuilder_test.go
@@ -0,0 +1,56 @@
+// Copyright (c) Microsoft Corporation.
+// Licensed under the MIT License.
+
+package imagecustomizerlib
+
+import (
+	"path/filepath"
+	"testing"
+
+	"github.com/microsoft/azurelinux/toolkit/tools/imagecustomizerapi"
+	"github.com/stretchr/testify/assert"
+)
+
+func TestCustomizeImageLiveCdIsoNoShimEfi(t *testing.T) {
+	baseImage := checkSkipForCustomizeImage(t, baseImageTypeCoreEfi)
+
+	buildDir := filepath.Join(tmpDir, "TestCustomizeImageLiveCdIso")
+	outImageFilePath := filepath.Join(buildDir, "image.iso")
+
+	config := &imagecustomizerapi.Config{
+		OS: imagecustomizerapi.OS{
+			Packages: imagecustomizerapi.Packages{
+				Remove: []string{
+					"shim",
+				},
+			},
+		},
+	}
+
+	// Customize image.
+	err := CustomizeImage(buildDir, testDir, config, baseImage, nil, outImageFilePath, "iso", "", true, false)
+	assert.Error(t, err)
+	assert.ErrorContains(t, err, "failed to find the boot efi file")
+}
+
+func TestCustomizeImageLiveCdIsoNoGrubEfi(t *testing.T) {
+	baseImage := checkSkipForCustomizeImage(t, baseImageTypeCoreEfi)
+
+	buildDir := filepath.Join(tmpDir, "TestCustomizeImageLiveCdIso")
+	outImageFilePath := filepath.Join(buildDir, "image.iso")
+
+	config := &imagecustomizerapi.Config{
+		OS: imagecustomizerapi.OS{
+			Packages: imagecustomizerapi.Packages{
+				Remove: []string{
+					"grub2-efi-binary",
+				},
+			},
+		},
+	}
+
+	// Customize image.
+	err := CustomizeImage(buildDir, testDir, config, baseImage, nil, outImageFilePath, "iso", "", true, false)
+	assert.Error(t, err)
+	assert.ErrorContains(t, err, "failed to find the grub efi file")
+}

From a3e995987f757c051e1ead10b80e23acb1380a12 Mon Sep 17 00:00:00 2001
From: Chris Gunn <chrisgun@microsoft.com>
Date: Mon, 22 Apr 2024 16:14:28 -0700
Subject: [PATCH 21/62] New toolchain manifest update from tarball script.
 (#8863)

---
 .../manifests/package/update_manifests.py     | 118 ++++++++++++++++++
 1 file changed, 118 insertions(+)
 create mode 100755 toolkit/resources/manifests/package/update_manifests.py

diff --git a/toolkit/resources/manifests/package/update_manifests.py b/toolkit/resources/manifests/package/update_manifests.py
new file mode 100755
index 00000000000..8ad4a6a4bc1
--- /dev/null
+++ b/toolkit/resources/manifests/package/update_manifests.py
@@ -0,0 +1,118 @@
+#!/usr/bin/python3
+
+# Copyright (c) Microsoft Corporation.
+# Licensed under the MIT License.
+
+# Script that updates the pkggen_core_*.txt and toolchain_*.txt files from a toolchain archive tarball.
+
+import argparse
+import os
+import re
+import subprocess
+import sys
+from typing import List, Dict
+
+# Regex for parsing the package filename.
+# e.g. "ca-certificates-2.0.0-16.cm2.noarch.rpm"
+PACKAGE_NAME_REGEX = re.compile(r'^([\w\+-]+)-([\w\.~]+)-(\d+)(\.(\w+))?\.(\w+)\.rpm$')
+
+# Get the list of package filenames from the toolchain archive tarball.
+def getToolchainArchivePackageFileNames(toolchainArchive: str) -> List[str]:
+    tarProc = subprocess.run(['tar', '-tf', toolchainArchive], check=True, text=True, capture_output=True)
+    lines = tarProc.stdout.split('\n')
+
+    packageFileNames = []
+    for line in lines:
+        if not line.startswith('built_rpms_all/'):
+            continue
+
+        packageFileName = line.removeprefix('built_rpms_all/').strip()
+        if packageFileName == "":
+            continue
+
+        packageFileNames.append(packageFileName)
+
+    return packageFileNames
+
+# Create a map from package names to package file names.
+def createPackagesMap(packageFileNames: List[str]) -> Dict[str, str]:
+    packagesMap = dict()
+    
+    for packageFileName in packageFileNames:
+        match = PACKAGE_NAME_REGEX.match(packageFileName)
+        if not match:
+            print(f"Bad package filename: {packageFileName}", file=sys.stderr)
+            continue
+
+        name, version, release, _, osVersion, arch = match.groups()
+        packagesMap[name] = packageFileName
+
+    return packagesMap
+
+# Read a toolchain manifest file.
+def readManifestFile(filename: str) -> List[str]:
+    with open(filename, 'r') as fd:
+        lines = fd.readlines()
+
+    return lines
+
+# Write a toolchain manifest file.
+def writeManifestFile(lines: List[str], filename: str) -> List[str]:
+    with open(filename, 'w') as fd:
+        for line in lines:
+            print(line, file=fd)
+
+# Update a toolchain manifest file.
+def updateManifestFile(manifestFileName: str, packagesMap: Dict[str, str], checkMissingPackages: bool):
+    lines = readManifestFile(manifestFileName)
+
+    newLines = []
+    manifestPackages = []
+    for i in range(len(lines)):
+        packageFileName = lines[i]
+
+        match = PACKAGE_NAME_REGEX.match(packageFileName)
+        if not match:
+            print(f"Bad manifest filename: {packageFileName}", file=sys.stderr)
+            continue
+
+        name, version, release, _, osVersion, arch = match.groups()
+        manifestPackages.append(name)
+
+        if name not in packagesMap:
+            print(f"Package missing from toolchain tarball: {name}", file=sys.stderr)
+            continue
+
+        newLines.append(packagesMap[name])
+
+    if checkMissingPackages:
+        # Check if there are any packages in the toolchain archive tarball that aren't in the toolchain manifest.
+        newPackages = sorted(set(packagesMap.keys()) - set(manifestPackages))
+        if len(newPackages) > 0:
+            for newPackage in newPackages:
+                print(f"Package missing from manifest: {newPackage}", file=sys.stderr)
+
+    # Write the new manifest file.
+    writeManifestFile(newLines, manifestFileName)
+
+def updateManifests(arch: str, toolchainArchive: str):
+    packageFileNames = getToolchainArchivePackageFileNames(toolchainArchive)
+    packagesMap = createPackagesMap(packageFileNames)
+
+    scriptDirectory = os.path.dirname(os.path.realpath(__file__))
+    pkggenCoreManifestPath = os.path.join(scriptDirectory, f'pkggen_core_{arch}.txt')
+    toolchainManifestPath = os.path.join(scriptDirectory, f'toolchain_{arch}.txt')
+
+    updateManifestFile(pkggenCoreManifestPath, packagesMap, False)
+    updateManifestFile(toolchainManifestPath, packagesMap, True)
+
+def main():
+    parser = argparse.ArgumentParser()
+    parser.add_argument('arch', choices=['x86_64', 'aarch64'], help='CPU archiecture (x86_64, aarch64)')
+    parser.add_argument('toolchain_archive', help='Path to toolchain archive tarball')
+    args = parser.parse_args()
+
+    updateManifests(args.arch, args.toolchain_archive)
+
+if __name__ == '__main__':
+    main()

From e547080d11822641e56aa47625552d1121602c00 Mon Sep 17 00:00:00 2001
From: Henry Li <69694695+henryli001@users.noreply.github.com>
Date: Mon, 22 Apr 2024 16:16:48 -0700
Subject: [PATCH 22/62] [3.0] Add configurability in systemd to control default
 value of UseDomains parameter (#8799)

Co-authored-by: Dan Streetman <ddstreet@microsoft.com>
Co-authored-by: Henry Li <lihl@microsoft.com>
---
 .../networkd-default-use-domains.patch        | 194 ++++++++++++++++++
 SPECS/systemd/systemd.spec                    |   8 +-
 2 files changed, 200 insertions(+), 2 deletions(-)
 create mode 100644 SPECS/systemd/networkd-default-use-domains.patch

diff --git a/SPECS/systemd/networkd-default-use-domains.patch b/SPECS/systemd/networkd-default-use-domains.patch
new file mode 100644
index 00000000000..1c328144572
--- /dev/null
+++ b/SPECS/systemd/networkd-default-use-domains.patch
@@ -0,0 +1,194 @@
+diff --git a/man/networkd.conf.xml b/man/networkd.conf.xml
+index 018bde0..800044f 100644
+--- a/man/networkd.conf.xml
++++ b/man/networkd.conf.xml
+@@ -215,6 +215,17 @@ DUIDRawData=00:00:ab:11:f9:2a:c2:77:29:f9:5c:00</programlisting>
+           <xi:include href="version-info.xml" xpointer="v230"/>
+         </listitem>
+       </varlistentry>
++
++      <varlistentry>
++        <term><varname>UseDomains=</varname></term>
++          <listitem><para>Specifies the default value for per-network <varname>UseDomains=</varname>.
++          Takes a boolean. See for details in
++          <citerefentry><refentrytitle>systemd.network</refentrytitle><manvolnum>5</manvolnum></citerefentry>.
++          Defaults to <literal>no</literal>.</para>
++          
++          <xi:include href="version-info.xml" xpointer="v255"/>
++        </listitem>
++      </varlistentry>
+     </variablelist>
+   </refsect1>
+ 
+@@ -239,6 +250,13 @@ DUIDRawData=00:00:ab:11:f9:2a:c2:77:29:f9:5c:00</programlisting>
+ 
+         <xi:include href="version-info.xml" xpointer="v249"/></listitem>
+       </varlistentry>
++
++      <varlistentry>
++        <term><varname>UseDomains=</varname></term>
++        <listitem><para>As in the [DHCPv4] section.</para>
++
++        <xi:include href="version-info.xml" xpointer="v255"/></listitem>
++      </varlistentry>
+     </variablelist>
+   </refsect1>
+ 
+diff --git a/man/systemd.network.xml b/man/systemd.network.xml
+index e702465..6fc4a83 100644
+--- a/man/systemd.network.xml
++++ b/man/systemd.network.xml
+@@ -2473,7 +2473,9 @@ NFTSet=prefix:netdev:filter:eth_ipv4_prefix</programlisting>
+           effect of the <option>Domains=</option> setting. If set to <option>route</option>, the domain name
+           received from the DHCP server will be used for routing DNS queries only, but not for searching,
+           similarly to the effect of the <option>Domains=</option> setting when the argument is prefixed with
+-          <literal>~</literal>. Defaults to false.</para>
++          <literal>~</literal>. When unspecified, the value specified in the same setting in
++          <citerefentry><refentrytitle>networkd.conf</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
++          which defaults to <literal>no</literal>, will be used.</para>
+ 
+           <para>It is recommended to enable this option only on trusted networks, as setting this
+           affects resolution of all hostnames, in particular of single-label names. It is generally
+diff --git a/src/network/networkd-dhcp-common.c b/src/network/networkd-dhcp-common.c
+index 080b153..4f81ed5 100644
+--- a/src/network/networkd-dhcp-common.c
++++ b/src/network/networkd-dhcp-common.c
+@@ -633,6 +633,8 @@ int config_parse_dhcp_use_domains(
+         return 0;
+ }
+ 
++DEFINE_CONFIG_PARSE_ENUM(config_parse_default_dhcp_use_domains, dhcp_use_domains, DHCPUseDomains, "Failed to parse UseDomains=")
++
+ int config_parse_dhcp_use_ntp(
+                 const char* unit,
+                 const char *filename,
+diff --git a/src/network/networkd-dhcp-common.h b/src/network/networkd-dhcp-common.h
+index 6e3f3b2..294f542 100644
+--- a/src/network/networkd-dhcp-common.h
++++ b/src/network/networkd-dhcp-common.h
+@@ -99,6 +99,7 @@ CONFIG_PARSER_PROTOTYPE(config_parse_ipv6_accept_ra_route_metric);
+ CONFIG_PARSER_PROTOTYPE(config_parse_dhcp_send_hostname);
+ CONFIG_PARSER_PROTOTYPE(config_parse_dhcp_use_dns);
+ CONFIG_PARSER_PROTOTYPE(config_parse_dhcp_use_domains);
++CONFIG_PARSER_PROTOTYPE(config_parse_default_dhcp_use_domains);
+ CONFIG_PARSER_PROTOTYPE(config_parse_dhcp_use_ntp);
+ CONFIG_PARSER_PROTOTYPE(config_parse_iaid);
+ CONFIG_PARSER_PROTOTYPE(config_parse_dhcp_or_ra_route_table);
+diff --git a/src/network/networkd-gperf.gperf b/src/network/networkd-gperf.gperf
+index 8542ffa..db5410f 100644
+--- a/src/network/networkd-gperf.gperf
++++ b/src/network/networkd-gperf.gperf
+@@ -27,8 +27,10 @@ Network.ManageForeignRoutingPolicyRules, config_parse_bool,
+ Network.ManageForeignRoutes,             config_parse_bool,                      0,          offsetof(Manager, manage_foreign_routes)
+ Network.RouteTable,                      config_parse_route_table_names,         0,          0
+ Network.IPv6PrivacyExtensions,           config_parse_ipv6_privacy_extensions,   0,          offsetof(Manager, ipv6_privacy_extensions)
++DHCPv4.UseDomains,                       config_parse_default_dhcp_use_domains,  0,          offsetof(Manager, dhcp_use_domains)
+ DHCPv4.DUIDType,                         config_parse_duid_type,                 0,          offsetof(Manager, dhcp_duid)
+ DHCPv4.DUIDRawData,                      config_parse_duid_rawdata,              0,          offsetof(Manager, dhcp_duid)
++DHCPv6.UseDomains,                       config_parse_default_dhcp_use_domains,  0,          offsetof(Manager, dhcp6_use_domains)
+ DHCPv6.DUIDType,                         config_parse_duid_type,                 0,          offsetof(Manager, dhcp6_duid)
+ DHCPv6.DUIDRawData,                      config_parse_duid_rawdata,              0,          offsetof(Manager, dhcp6_duid)
+ /* Deprecated */
+diff --git a/src/network/networkd-manager.h b/src/network/networkd-manager.h
+index 65bd507..593abd6 100644
+--- a/src/network/networkd-manager.h
++++ b/src/network/networkd-manager.h
+@@ -59,6 +59,9 @@ struct Manager {
+         OrderedSet *address_pools;
+         Set *dhcp_pd_subnet_ids;
+ 
++        DHCPUseDomains dhcp_use_domains;
++        DHCPUseDomains dhcp6_use_domains;
++
+         DUID dhcp_duid;
+         DUID dhcp6_duid;
+         DUID duid_product_uuid;
+diff --git a/src/network/networkd-network.c b/src/network/networkd-network.c
+index 6cbaf82..ec0bf3d 100644
+--- a/src/network/networkd-network.c
++++ b/src/network/networkd-network.c
+@@ -390,6 +390,7 @@ int network_load_one(Manager *manager, OrderedHashmap **networks, const char *fi
+                 .dhcp_use_captive_portal = true,
+                 .dhcp_use_dns = true,
+                 .dhcp_routes_to_dns = true,
++                .dhcp_use_domains = manager->dhcp_use_domains,
+                 .dhcp_use_hostname = true,
+                 .dhcp_use_routes = true,
+                 .dhcp_use_gateway = -1,
+@@ -406,6 +407,7 @@ int network_load_one(Manager *manager, OrderedHashmap **networks, const char *fi
+                 .dhcp6_use_address = true,
+                 .dhcp6_use_pd_prefix = true,
+                 .dhcp6_use_dns = true,
++                .dhcp6_use_domains = manager->dhcp6_use_domains,
+                 .dhcp6_use_hostname = true,
+                 .dhcp6_use_ntp = true,
+                 .dhcp6_use_captive_portal = true,
+diff --git a/src/network/networkd.conf b/src/network/networkd.conf
+index e5a5e88..fe41740 100644
+--- a/src/network/networkd.conf
++++ b/src/network/networkd.conf
+@@ -27,7 +27,9 @@
+ [DHCPv4]
+ #DUIDType=vendor
+ #DUIDRawData=
++#UseDomains=no
+ 
+ [DHCPv6]
+ #DUIDType=vendor
+ #DUIDRawData=
++#UseDomains=no
+diff --git a/test/test-network/systemd-networkd-tests.py b/test/test-network/systemd-networkd-tests.py
+index f49438e..8bc2193 100755
+--- a/test/test-network/systemd-networkd-tests.py
++++ b/test/test-network/systemd-networkd-tests.py
+@@ -6030,6 +6030,50 @@ class NetworkdDHCPClientTests(unittest.TestCase, Utilities):
+         check(self, True, False)
+         check(self, False, True)
+         check(self, False, False)
++    
++    def test_dhcp_client_default_use_domains(self):        
++        def check(self, ipv4, ipv6):
++            mkdir_p(networkd_conf_dropin_dir)
++            with open(os.path.join(networkd_conf_dropin_dir, 'default_use_domains.conf'), mode='w', encoding='utf-8') as f:
++                f.write('[DHCPv4]\nUseDomains=')
++                f.write('yes\n' if ipv4 else 'no\n')
++                f.write('[DHCPv6]\nUseDomains=')
++                f.write('yes\n' if ipv6 else 'no\n')
++            
++            restart_networkd()
++            self.wait_online(['veth-peer:carrier'])
++            start_dnsmasq('--dhcp-option=option:dns-server,192.168.5.1',
++                          '--dhcp-option=option6:dns-server,[2600::1]',
++                          '--dhcp-option=option:domain-search,example.com',
++                          '--dhcp-option=option6:domain-search,example.com')
++
++            self.wait_online(['veth99:routable'])
++
++            # link becomes 'routable' when at least one protocol provide an valid address. Hence, we need to explicitly wait for both addresses.
++            self.wait_address('veth99', r'inet 192.168.5.[0-9]*/24 metric 1024 brd 192.168.5.255 scope global dynamic', ipv='-4')
++            self.wait_address('veth99', r'inet6 2600::[0-9a-f]*/128 scope global (dynamic noprefixroute|noprefixroute dynamic)', ipv='-6')
++
++            for _ in range(20):
++                output = check_output(*resolvectl_cmd, 'domain', 'veth99', env=env)
++                if ipv4 or ipv6:
++                    if 'example.com' in output:
++                        break
++                else:
++                    if 'example.com' not in output:
++                        break
++                time.sleep(0.5)
++            else:
++                print(output)
++                self.fail('unexpected domain setting in resolved...')
++            
++            stop_dnsmasq()
++            remove_networkd_conf_dropin('default_use_domains.conf')
++
++        copy_network_unit('25-veth.netdev', '25-dhcp-server-veth-peer.network', '25-dhcp-client.network', copy_dropins=False)
++        check(self, True, True)
++        check(self, True, False)
++        check(self, False, True)
++        check(self, False, False)
+ 
+     def test_dhcp_client_use_captive_portal(self):
+         def check(self, ipv4, ipv6):
diff --git a/SPECS/systemd/systemd.spec b/SPECS/systemd/systemd.spec
index f25a2ac6622..09af05fd526 100644
--- a/SPECS/systemd/systemd.spec
+++ b/SPECS/systemd/systemd.spec
@@ -50,7 +50,7 @@ Version:        255
 # determine the build information from local checkout
 Version:        %(tools/meson-vcs-tag.sh . error | sed -r 's/-([0-9])/.^\1/; s/-g/_g/')
 %endif
-Release:        9%{?dist}
+Release:        10%{?dist}
 
 # FIXME - hardcode to 'stable' for now as that's what we have in our blobstore
 %global stable 1
@@ -130,7 +130,8 @@ Patch0490:      use-bfq-scheduler.patch
 Patch0491:      fedora-use-system-auth-in-pam-systemd-user.patch
 
 # Patches for Azure Linux
-Patch0900: do-not-test-openssl-sm3.patch
+Patch0900:      do-not-test-openssl-sm3.patch
+Patch0901:      networkd-default-use-domains.patch
 
 %ifarch %{ix86} x86_64 aarch64
 %global want_bootloader 1
@@ -1189,6 +1190,9 @@ rm -f %{name}.lang
 # %autochangelog. So we need to continue manually maintaining the
 # changelog here.
 %changelog
+* Mon Apr 15 2024 Henry Li <lihl@microsoft.com> - 255-10
+- Add patch to allow configurability of "UseDomains=" for networkd
+
 * Wed Mar 20 2024 Dan Streetman <ddstreet@microsoft.com> - 255-9
 - build dep the "bootstrap" macros because our maint scripts are broken without
   our rpm macros available during the build

From ad03469143de6a9f400b82738f098b963e878c0e Mon Sep 17 00:00:00 2001
From: Lanze Liu <86434077+liulanze@users.noreply.github.com>
Date: Mon, 22 Apr 2024 19:56:15 -0700
Subject: [PATCH 23/62] Error out when customizing a verity enabled base image.
 (#8851)

---
 .../pkg/imagecustomizerlib/imagecustomizer.go | 38 +++++++++++++++++++
 1 file changed, 38 insertions(+)

diff --git a/toolkit/tools/pkg/imagecustomizerlib/imagecustomizer.go b/toolkit/tools/pkg/imagecustomizerlib/imagecustomizer.go
index f5691c786cf..91be4000a61 100644
--- a/toolkit/tools/pkg/imagecustomizerlib/imagecustomizer.go
+++ b/toolkit/tools/pkg/imagecustomizerlib/imagecustomizer.go
@@ -126,6 +126,15 @@ func CustomizeImage(buildDir string, baseConfigPath string, config *imagecustomi
 		return fmt.Errorf("failed to convert image file to raw format:\n%w", err)
 	}
 
+	// Check if the partition is using DM_verity_hash file system type.
+	// The presence of this type indicates that dm-verity has been enabled on the base image. If dm-verity is not enabled,
+	// the verity hash device should not be assigned this type. We do not support customization on verity enabled base
+	// images at this time because such modifications would compromise the integrity and security mechanisms enforced by dm-verity.
+	err = isDmVerityEnabled(buildDirAbs, rawImageFile)
+	if err != nil {
+		return err
+	}
+
 	// Customize the partitions.
 	partitionsCustomized, rawImageFile, err := customizePartitions(buildDirAbs, baseConfigPath, config, rawImageFile)
 	if err != nil {
@@ -524,3 +533,32 @@ func customizeVerityImageHelper(buildDir string, baseConfigPath string, config *
 
 	return nil
 }
+
+func isDmVerityEnabled(buildDir string, rawImageFile string) error {
+	imageConnection := NewImageConnection()
+	err := imageConnection.ConnectLoopback(rawImageFile)
+	if err != nil {
+		return err
+	}
+	defer imageConnection.Close()
+
+	diskPartitions, err := diskutils.GetDiskPartitions(imageConnection.Loopback().DevicePath())
+	if err != nil {
+		return err
+	}
+
+	for i := range diskPartitions {
+		diskPartition := diskPartitions[i]
+
+		if diskPartition.FileSystemType == "DM_verity_hash" {
+			return fmt.Errorf("cannot customize base image that has dm-verity enabled")
+		}
+	}
+
+	err = imageConnection.CleanClose()
+	if err != nil {
+		return err
+	}
+
+	return nil
+}

From 2b160c2331f41f94b64aaca9e95ab81a217922c0 Mon Sep 17 00:00:00 2001
From: Archana Choudhary <36061892+arc9693@users.noreply.github.com>
Date: Tue, 23 Apr 2024 22:10:32 +0530
Subject: [PATCH 24/62] kata-cc: kernel-uvm: enable CIFS modules (#8873)

---
 SPECS/kernel-uvm/config                     | 31 +++++++++++++++++----
 SPECS/kernel-uvm/kernel-uvm.signatures.json | 10 +++----
 SPECS/kernel-uvm/kernel-uvm.spec            |  5 +++-
 3 files changed, 34 insertions(+), 12 deletions(-)

diff --git a/SPECS/kernel-uvm/config b/SPECS/kernel-uvm/config
index 5ea5cad42bd..0def21eed01 100644
--- a/SPECS/kernel-uvm/config
+++ b/SPECS/kernel-uvm/config
@@ -1293,6 +1293,7 @@ CONFIG_NET_EMATCH_STACK=32
 # CONFIG_NET_CLS_ACT is not set
 CONFIG_NET_SCH_FIFO=y
 # CONFIG_DCB is not set
+CONFIG_DNS_RESOLVER=y
 # CONFIG_BATMAN_ADV is not set
 # CONFIG_OPENVSWITCH is not set
 CONFIG_VSOCKETS=y
@@ -2580,8 +2581,17 @@ CONFIG_NETWORK_FILESYSTEMS=y
 # CONFIG_NFS_FS is not set
 # CONFIG_NFSD is not set
 # CONFIG_CEPH_FS is not set
-# CONFIG_CIFS is not set
+CONFIG_CIFS=y
+CONFIG_CIFS_STATS2=y
+# CONFIG_CIFS_ALLOW_INSECURE_LEGACY is not set
+# CONFIG_CIFS_UPCALL is not set
+# CONFIG_CIFS_XATTR is not set
+# CONFIG_CIFS_DEBUG is not set
+# CONFIG_CIFS_DFS_UPCALL is not set
+# CONFIG_CIFS_SWN_UPCALL is not set
+# CONFIG_CIFS_ROOT is not set
 # CONFIG_SMB_SERVER is not set
+CONFIG_SMBFS_COMMON=y
 # CONFIG_CODA_FS is not set
 # CONFIG_AFS_FS is not set
 CONFIG_9P_FS=y
@@ -2645,7 +2655,12 @@ CONFIG_IO_WQ=y
 #
 # Security options
 #
-# CONFIG_KEYS is not set
+CONFIG_KEYS=y
+# CONFIG_KEYS_REQUEST_CACHE is not set
+# CONFIG_PERSISTENT_KEYRINGS is not set
+# CONFIG_TRUSTED_KEYS is not set
+# CONFIG_ENCRYPTED_KEYS is not set
+# CONFIG_KEY_DH_OPERATIONS is not set
 # CONFIG_SECURITY_DMESG_RESTRICT is not set
 CONFIG_SECURITY=y
 # CONFIG_SECURITYFS is not set
@@ -2781,7 +2796,7 @@ CONFIG_CRYPTO_XTS=y
 #
 # CONFIG_CRYPTO_AEGIS128 is not set
 # CONFIG_CRYPTO_CHACHA20POLY1305 is not set
-# CONFIG_CRYPTO_CCM is not set
+CONFIG_CRYPTO_CCM=y
 CONFIG_CRYPTO_GCM=y
 # CONFIG_CRYPTO_SEQIV is not set
 # CONFIG_CRYPTO_ECHAINIV is not set
@@ -2792,9 +2807,9 @@ CONFIG_CRYPTO_ESSIV=y
 # Hashes, digests, and MACs
 #
 # CONFIG_CRYPTO_BLAKE2B is not set
-# CONFIG_CRYPTO_CMAC is not set
+CONFIG_CRYPTO_CMAC=y
 CONFIG_CRYPTO_GHASH=y
-# CONFIG_CRYPTO_HMAC is not set
+CONFIG_CRYPTO_HMAC=y
 # CONFIG_CRYPTO_MD4 is not set
 CONFIG_CRYPTO_MD5=y
 # CONFIG_CRYPTO_MICHAEL_MIC is not set
@@ -2802,7 +2817,7 @@ CONFIG_CRYPTO_MD5=y
 # CONFIG_CRYPTO_RMD160 is not set
 # CONFIG_CRYPTO_SHA1 is not set
 CONFIG_CRYPTO_SHA256=y
-# CONFIG_CRYPTO_SHA512 is not set
+CONFIG_CRYPTO_SHA512=y
 # CONFIG_CRYPTO_SHA3 is not set
 # CONFIG_CRYPTO_SM3_GENERIC is not set
 # CONFIG_CRYPTO_STREEBOG is not set
@@ -2891,10 +2906,12 @@ CONFIG_CRYPTO_USER_API_SKCIPHER=y
 # end of Accelerated Cryptographic Algorithms for CPU (x86)
 
 # CONFIG_CRYPTO_HW is not set
+# CONFIG_ASYMMETRIC_KEY_TYPE is not set
 
 #
 # Certificates for signature checking
 #
+# CONFIG_SYSTEM_BLACKLIST_KEYRING is not set
 # end of Certificates for signature checking
 
 CONFIG_BINARY_PRINTF=y
@@ -2969,6 +2986,7 @@ CONFIG_TEXTSEARCH_BM=y
 CONFIG_TEXTSEARCH_FSM=y
 CONFIG_INTERVAL_TREE=y
 CONFIG_XARRAY_MULTI=y
+CONFIG_ASSOCIATIVE_ARRAY=y
 CONFIG_HAS_IOMEM=y
 CONFIG_HAS_IOPORT_MAP=y
 CONFIG_HAS_DMA=y
@@ -2988,6 +3006,7 @@ CONFIG_CPU_RMAP=y
 CONFIG_DQL=y
 CONFIG_NLATTR=y
 # CONFIG_IRQ_POLL is not set
+CONFIG_OID_REGISTRY=y
 CONFIG_HAVE_GENERIC_VDSO=y
 CONFIG_GENERIC_GETTIMEOFDAY=y
 CONFIG_GENERIC_VDSO_TIME_NS=y
diff --git a/SPECS/kernel-uvm/kernel-uvm.signatures.json b/SPECS/kernel-uvm/kernel-uvm.signatures.json
index 373091b87a7..ba08c5cdf06 100644
--- a/SPECS/kernel-uvm/kernel-uvm.signatures.json
+++ b/SPECS/kernel-uvm/kernel-uvm.signatures.json
@@ -1,6 +1,6 @@
 {
-  "Signatures": {
-    "config": "6ad5eb9ec01a90b7ba35a1be51b3cecd0ad8d574610555148f4fadcac95525d6",
-    "kernel-uvm-6.1.0.mshv16.tar.gz": "f0453c3665387a2a87743782347dbccb6c0a2da1f1e9f35c04acd6ba9a9fd92c"
-  }
-}
\ No newline at end of file
+ "Signatures": {
+  "config": "5ad85351b84926e353db3b0cced5eed68fab032e14c9230fb1e140e6552a4139",
+  "kernel-uvm-6.1.0.mshv16.tar.gz": "f0453c3665387a2a87743782347dbccb6c0a2da1f1e9f35c04acd6ba9a9fd92c"
+ }
+}
diff --git a/SPECS/kernel-uvm/kernel-uvm.spec b/SPECS/kernel-uvm/kernel-uvm.spec
index 1a920a7b8b3..4232b8d6003 100644
--- a/SPECS/kernel-uvm/kernel-uvm.spec
+++ b/SPECS/kernel-uvm/kernel-uvm.spec
@@ -11,7 +11,7 @@
 Summary:        Linux Kernel for Kata UVM
 Name:           kernel-uvm
 Version:        6.1.0.mshv16
-Release:        1%{?dist}
+Release:        2%{?dist}
 License:        GPLv2
 Vendor:         Microsoft Corporation
 Distribution:   Azure Linux
@@ -154,6 +154,9 @@ find %{buildroot}/lib/modules -name '*.ko' -exec chmod u+x {} +
 %{_prefix}/src/linux-headers-%{uname_r}
 
 %changelog
+* Wed Mar 27 2024 Archana Choudhary <archana1@microsoft.com> - 6.1.0.mshv16-2
+- Enable CIFS modules
+
 * Thu Feb 29 2024 CBL-Mariner Servicing Account <cblmargh@microsoft.com> - 6.1.0.mshv16-1
 - Auto-upgrade to 6.1.0.mshv16 for LSG v2402.26.1
 

From d452e80d2b6f1e9fd2883d54a449c96ad31bcbc4 Mon Sep 17 00:00:00 2001
From: Archana Choudhary <36061892+arc9693@users.noreply.github.com>
Date: Tue, 23 Apr 2024 22:11:13 +0530
Subject: [PATCH 25/62] kata-cc: kata-packages-uvm: add cifs-utils as
 dependency (#8874)

---
 SPECS/kata-packages-uvm/kata-packages-uvm.spec | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/SPECS/kata-packages-uvm/kata-packages-uvm.spec b/SPECS/kata-packages-uvm/kata-packages-uvm.spec
index 65f0ba105c8..313a71f3c3f 100644
--- a/SPECS/kata-packages-uvm/kata-packages-uvm.spec
+++ b/SPECS/kata-packages-uvm/kata-packages-uvm.spec
@@ -1,7 +1,7 @@
 Summary:        Metapackage for Kata UVM components
 Name:           kata-packages-uvm
 Version:        1.0.0
-Release:        2%{?dist}
+Release:        3%{?dist}
 License:        MIT
 Vendor:         Microsoft Corporation
 Distribution:   Azure Linux
@@ -41,6 +41,7 @@ Metapackage to install the set of packages inside a Kata containers UVM
 %package        coco
 Summary:        Metapackage to install the set of packages inside a Kata confidential containers UVM.
 Requires:       %{name} = %{version}-%{release}
+Requires:       cifs-utils
 Requires:       device-mapper
 Requires:       opa
 
@@ -95,6 +96,9 @@ Requires:       golang
 %files coco-sign
 
 %changelog
+* Thu Apr 11 2024 Archana Choudhary <archana1@microsoft.com> - 1.0.0-3
+- Add cifs-utils to the list of dependencies
+
 * Tue Feb 06 2024 Archana Choudhary <archana1@microsoft.com> - 1.0.0-2
 - Remove dependency on kernel-uvm-cvm
 

From dd030dc1ea2c878e9578be603f5dd48c83c53b98 Mon Sep 17 00:00:00 2001
From: Mandeep Plaha <99760213+mandeepsplaha@users.noreply.github.com>
Date: Tue, 23 Apr 2024 10:05:57 -0700
Subject: [PATCH 26/62] attach EOL manifest to container images using oras
 (#8790)

---
 .../scripts/BuildGoldenContainer.sh           | 21 +++++++++--
 .../scripts/PublishContainers.sh              | 36 ++++++++++++++++---
 2 files changed, 50 insertions(+), 7 deletions(-)

diff --git a/.pipelines/containerSourceData/scripts/BuildGoldenContainer.sh b/.pipelines/containerSourceData/scripts/BuildGoldenContainer.sh
index 0fbf6f2a4a7..68ace7d4017 100755
--- a/.pipelines/containerSourceData/scripts/BuildGoldenContainer.sh
+++ b/.pipelines/containerSourceData/scripts/BuildGoldenContainer.sh
@@ -200,12 +200,14 @@ function initialization {
     BASE_IMAGE_TAG=${BASE_IMAGE_NAME_FULL#*:}   # 3.0
     AZURE_LINUX_VERSION=${BASE_IMAGE_TAG%.*}    # 3.0
     DISTRO_IDENTIFIER="azl"
+    END_OF_LIFE_1_YEAR=$(date -d "+1 year" "+%Y-%m-%dT%H:%M:%SZ")
 
     echo "Golden Image Name             -> $GOLDEN_IMAGE_NAME"
     echo "Base ACR Container Name       -> $BASE_IMAGE_NAME"
     echo "Base ACR Container Tag        -> $BASE_IMAGE_TAG"
     echo "Azure Linux Version           -> $AZURE_LINUX_VERSION"
     echo "Distro Identifier             -> $DISTRO_IDENTIFIER"
+    echo "End of Life                   -> $END_OF_LIFE_1_YEAR"
 }
 
 function prepare_dockerfile {
@@ -318,16 +320,31 @@ function finalize {
     echo "$GOLDEN_IMAGE_NAME_FINAL" >> "$OUTPUT_DIR/PublishedContainers-$IMAGE.txt"
 }
 
+function oras_attach {
+    local image_name=$1
+    oras attach \
+        --artifact-type "application/vnd.microsoft.artifact.lifecycle" \
+        --annotation "vnd.microsoft.artifact.lifecycle.end-of-life.date=$END_OF_LIFE_1_YEAR" \
+        "$image_name"
+}
+
 function publish_to_acr {
     CONTAINER_IMAGE=$1
     if [[ ! "$PUBLISH_TO_ACR" =~ [Tt]rue ]]; then
         echo "+++ Skip publishing to ACR"
         return
     fi
+    local oras_access_token
+
+    echo "+++ az login into Azure ACR $ACR"
+    oras_access_token=$(az acr login --name "$ACR" --expose-token --output tsv --query accessToken)
+    oras login "$ACR.azurecr.io" \
+        --username "00000000-0000-0000-0000-000000000000" \
+        --password "$oras_access_token"
+
     echo "+++ Publish container $CONTAINER_IMAGE"
-    echo "login into ACR: $ACR"
-    az acr login --name "$ACR"
     docker image push "$CONTAINER_IMAGE"
+    oras_attach "$CONTAINER_IMAGE"
 }
 
 function generate_image_sbom {
diff --git a/.pipelines/containerSourceData/scripts/PublishContainers.sh b/.pipelines/containerSourceData/scripts/PublishContainers.sh
index 713c118e88e..076dadfb1e3 100755
--- a/.pipelines/containerSourceData/scripts/PublishContainers.sh
+++ b/.pipelines/containerSourceData/scripts/PublishContainers.sh
@@ -72,6 +72,32 @@ FILE_EXT='.txt'
 
 OS_VERSION_PREFIX="azurelinux-"
 DISTRO_IDENTIFIER="azl"
+END_OF_LIFE_1_YEAR=$(date -d "+1 year" "+%Y-%m-%dT%H:%M:%SZ")
+
+# Login to the container registry.
+# Also login ORAS to the container registry.
+# $1: container registry name
+function acr_login {
+    local container_registry=$1
+    local oras_access_token
+
+    echo "+++ az login into Azure ACR $container_registry"
+    oras_access_token=$(az acr login --name "$container_registry" --expose-token --output tsv --query accessToken)
+    oras login "$container_registry.azurecr.io" \
+        --username "00000000-0000-0000-0000-000000000000" \
+        --password "$oras_access_token"
+}
+
+# Attach the end-of-life annotation to the container image.
+# $1: image name
+function oras_attach {
+    local image_name=$1
+
+    oras attach \
+        --artifact-type "application/vnd.microsoft.artifact.lifecycle" \
+        --annotation "vnd.microsoft.artifact.lifecycle.end-of-life.date=$END_OF_LIFE_1_YEAR" \
+        "$image_name"
+}
 
 function create_multi_arch_tags {
     # $1: original container (without '-amd64' or '-arm64' extension in tag)
@@ -165,6 +191,7 @@ function create_multi_arch_tags {
     echo "+++ push $full_multiarch_tag tag"
     docker manifest push "$full_multiarch_tag"
     echo "+++ $full_multiarch_tag tag pushed successfully"
+    oras_attach "$full_multiarch_tag"
 
     # Save the multi-arch tag to a file.
     image_basename=${multiarch_name#*/}
@@ -230,8 +257,7 @@ do
         echo "Image name: $image_name"
         echo
         container_registry="${image_name%%.*}"
-        echo "+++ login into Azure ACR $container_registry"
-        az acr login --name "$container_registry"
+        acr_login "$container_registry"
 
         amd64_image=${image_name%-*}-amd64
         docker pull "$amd64_image"
@@ -243,9 +269,7 @@ do
         fi
 
         if [[ $container_registry != "$TARGET_ACR" ]]; then
-            echo "+++ login into Azure ACR $TARGET_ACR"
-            az acr login --name "$TARGET_ACR"
-
+            acr_login "$TARGET_ACR"
             echo "Retagging the images to $TARGET_ACR"
             # E.g., If container_registry is azurelinuxdevpreview and TARGET_ACR is azurelinuxpreview, then
             # azurelinuxdevpreview.azurecr.io/base/core:3.0 -> azurelinuxpreview.azurecr.io/base/core:3.0
@@ -255,6 +279,7 @@ do
             docker image tag "$amd64_image" "$amd64_retagged_image_name"
             docker rmi "$amd64_image"
             docker image push "$amd64_retagged_image_name"
+            oras_attach "$amd64_retagged_image_name"
 
             if [[ $ARCHITECTURE_TO_BUILD == *"ARM64"*  ]]; then
                 arm64_retagged_image_name=${arm64_image/"$container_registry"/"$TARGET_ACR"}
@@ -262,6 +287,7 @@ do
                 docker image tag "$arm64_image" "$arm64_retagged_image_name"
                 docker rmi "$arm64_image"
                 docker image push "$arm64_retagged_image_name"
+                oras_attach "$arm64_retagged_image_name"
             fi
 
             image_name=$amd64_retagged_image_name

From 40dc1f292e4cfc741aec4d2ff461fb4ff0324e51 Mon Sep 17 00:00:00 2001
From: Andrew Phelps <anphel31@users.noreply.github.com>
Date: Tue, 23 Apr 2024 10:33:25 -0700
Subject: [PATCH 27/62] autoconf-archive: upgrade to 2023.02.20 (#8872)

---
 .../autoconf-archive.signatures.json          |  2 +-
 SPECS/autoconf-archive/autoconf-archive.spec  | 42 +++++++++++--------
 cgmanifest.json                               |  4 +-
 3 files changed, 28 insertions(+), 20 deletions(-)

diff --git a/SPECS/autoconf-archive/autoconf-archive.signatures.json b/SPECS/autoconf-archive/autoconf-archive.signatures.json
index 3110401b9e9..0f11d7b1bc6 100644
--- a/SPECS/autoconf-archive/autoconf-archive.signatures.json
+++ b/SPECS/autoconf-archive/autoconf-archive.signatures.json
@@ -1,5 +1,5 @@
 {
  "Signatures": {
-  "autoconf-archive-2021.02.19.tar.xz": "e8a6eb9d28ddcba8ffef3fa211653239e9bf239aba6a01a6b7cfc7ceaec69cbd"
+  "autoconf-archive-2023.02.20.tar.xz": "71d4048479ae28f1f5794619c3d72df9c01df49b1c628ef85fde37596dc31a33"
  }
 }
diff --git a/SPECS/autoconf-archive/autoconf-archive.spec b/SPECS/autoconf-archive/autoconf-archive.spec
index 3be609b951e..530e50656c1 100644
--- a/SPECS/autoconf-archive/autoconf-archive.spec
+++ b/SPECS/autoconf-archive/autoconf-archive.spec
@@ -1,27 +1,30 @@
 %define debug_package %{nil}
 
-Summary:	Autoconf macro archive
-Name:		autoconf-archive
-Version:	2021.02.19
-Release:    1%{?dist}
-License:	GPLv3+
-URL:		https://www.gnu.org/software/autoconf-archive
-Group:		System Environment/Base
+Summary:        Autoconf macro archive
+Name:           autoconf-archive
+Version:        2023.02.20
+Release:        1%{?dist}
+License:        GPLv3+
+URL:            https://www.gnu.org/software/autoconf-archive
+Group:          System Environment/Base
 Vendor:         Microsoft Corporation
 Distribution:   Azure Linux
-Source0:	https://ftp.gnu.org/gnu/%{name}/%{name}-%{version}.tar.xz
+Source0:        https://ftp.gnu.org/gnu/%{name}/%{name}-%{version}.tar.xz
 
-BuildArch:  noarch
-Requires:	autoconf
+BuildArch:      noarch
+Requires:       autoconf
 
 %description
 The package contains programs for producing shell scripts that can
 automatically configure source code.
+
 %prep
 %setup -q
+
 %build
 %configure
 make
+
 %install
 make install DESTDIR=%{buildroot} INSTALL="install -p"
 rm -rf %{buildroot}%{_infodir}
@@ -33,10 +36,15 @@ rm -frv %{buildroot}%{_datadir}/%{name}
 %{_datadir}/aclocal/*.m4
 
 %changelog
-*   Thu Jan 06 2022 Nicolas Guibourge <nicolasg@microsoft.com> 2021.02.19-1
--   Upgrade to 2021.02.19
--   License verified
-*   Tue Sep 03 2019 Mateusz Malisz <mamalisz@microsoft.com> 2018.03.13-2
--   Initial CBL-Mariner import from Photon (license: Apache2).
-*   Mon Sep 10 2018 Anish Swaminathan <anishs@vmware.com> 2018.03.13-1
--   Initial build
+* Mon Apr 22 2024 Andrew Phelps <anphel@microsoft.com> - 2023.02.20-1
+- Upgrade to 2023.02.20
+
+* Thu Jan 06 2022 Nicolas Guibourge <nicolasg@microsoft.com> - 2021.02.19-1
+- Upgrade to 2021.02.19
+- License verified
+
+* Tue Sep 03 2019 Mateusz Malisz <mamalisz@microsoft.com> - 2018.03.13-2
+- Initial CBL-Mariner import from Photon (license: Apache2).
+
+* Mon Sep 10 2018 Anish Swaminathan <anishs@vmware.com> - 2018.03.13-1
+- Initial build
diff --git a/cgmanifest.json b/cgmanifest.json
index c2219a72bf8..f9bbc6bc1fa 100644
--- a/cgmanifest.json
+++ b/cgmanifest.json
@@ -785,8 +785,8 @@
         "type": "other",
         "other": {
           "name": "autoconf-archive",
-          "version": "2021.02.19",
-          "downloadUrl": "https://ftp.gnu.org/gnu/autoconf-archive/autoconf-archive-2021.02.19.tar.xz"
+          "version": "2023.02.20",
+          "downloadUrl": "https://ftp.gnu.org/gnu/autoconf-archive/autoconf-archive-2023.02.20.tar.xz"
         }
       }
     },

From 3b7d0563f624a84a18a1309786a237596edb6516 Mon Sep 17 00:00:00 2001
From: Lanze Liu <86434077+liulanze@users.noreply.github.com>
Date: Tue, 23 Apr 2024 14:45:38 -0700
Subject: [PATCH 28/62] Expose verity hash corruption options besides panic.
 (#8853)

---
 .../imagecustomizer/docs/configuration.md     |  9 +++++
 .../imagecustomizerapi/corruptionoption.go    | 33 +++++++++++++++++
 .../corruptionoption_test.go                  | 26 ++++++++++++++
 toolkit/tools/imagecustomizerapi/verity.go    |  9 +++--
 .../tools/imagecustomizerapi/verity_test.go   | 35 +++++++++++++++++++
 .../pkg/imagecustomizerlib/customizeverity.go | 27 ++++++++++++--
 .../pkg/imagecustomizerlib/imagecustomizer.go |  3 +-
 7 files changed, 136 insertions(+), 6 deletions(-)
 create mode 100644 toolkit/tools/imagecustomizerapi/corruptionoption.go
 create mode 100644 toolkit/tools/imagecustomizerapi/corruptionoption_test.go

diff --git a/toolkit/tools/imagecustomizer/docs/configuration.md b/toolkit/tools/imagecustomizer/docs/configuration.md
index 11f9eec6394..0e951f0b45b 100644
--- a/toolkit/tools/imagecustomizer/docs/configuration.md
+++ b/toolkit/tools/imagecustomizer/docs/configuration.md
@@ -348,6 +348,14 @@ please refer to the [overlay type](#overlay-type) section.
 - `hashPartition`: A partition used exclusively for storing a calculated hash
   tree.
 
+- `corruptionOption`: Optional. Specifies the behavior in case of detected
+  corruption. This is configurable with the following options:
+  - `io-error`: Default setting. Fails the I/O operation with an I/O error.
+  - `ignore`: ignores the corruption and continues operation.
+  - `panic`: causes the system to panic (print errors) and then try restarting
+    if corruption is detected.
+  - `restart`: attempts to restart the system upon detecting corruption.
+
 Example:
 
 ```yaml
@@ -359,6 +367,7 @@ os:
     hashPartition:
       idType: part-label
       Id: hash_partition
+    corruptionOption: panic
 ```
 
 ## fileConfig type
diff --git a/toolkit/tools/imagecustomizerapi/corruptionoption.go b/toolkit/tools/imagecustomizerapi/corruptionoption.go
new file mode 100644
index 00000000000..4ef18a5991e
--- /dev/null
+++ b/toolkit/tools/imagecustomizerapi/corruptionoption.go
@@ -0,0 +1,33 @@
+// Copyright (c) Microsoft Corporation.
+// Licensed under the MIT License.
+
+package imagecustomizerapi
+
+import (
+	"fmt"
+)
+
+type CorruptionOption string
+
+const (
+	CorruptionOptionDefault CorruptionOption = ""
+	CorruptionOptionIoError CorruptionOption = "io-error"
+	CorruptionOptionIgnore  CorruptionOption = "ignore"
+	CorruptionOptionPanic   CorruptionOption = "panic"
+	CorruptionOptionRestart CorruptionOption = "restart"
+)
+
+func (c CorruptionOption) IsValid() error {
+	switch c {
+	case CorruptionOptionDefault,
+		CorruptionOptionIoError,
+		CorruptionOptionIgnore,
+		CorruptionOptionPanic,
+		CorruptionOptionRestart:
+		// All good.
+		return nil
+
+	default:
+		return fmt.Errorf("invalid CorruptionOption value (%v)", c)
+	}
+}
diff --git a/toolkit/tools/imagecustomizerapi/corruptionoption_test.go b/toolkit/tools/imagecustomizerapi/corruptionoption_test.go
new file mode 100644
index 00000000000..ae7005b32bb
--- /dev/null
+++ b/toolkit/tools/imagecustomizerapi/corruptionoption_test.go
@@ -0,0 +1,26 @@
+// Copyright (c) Microsoft Corporation.
+// Licensed under the MIT License.
+
+package imagecustomizerapi
+
+import (
+	"testing"
+
+	"github.com/stretchr/testify/assert"
+)
+
+func TestCorruptionOptionIoErrorIsValid(t *testing.T) {
+	err := CorruptionOptionIoError.IsValid()
+	assert.NoError(t, err)
+}
+
+func TestCorruptionOptionPanicIsValid(t *testing.T) {
+	err := CorruptionOptionPanic.IsValid()
+	assert.NoError(t, err)
+}
+
+func TestCorruptionOptionIsValidBadValue(t *testing.T) {
+	err := CorruptionOption("bad").IsValid()
+	assert.Error(t, err)
+	assert.ErrorContains(t, err, "invalid CorruptionOption value")
+}
diff --git a/toolkit/tools/imagecustomizerapi/verity.go b/toolkit/tools/imagecustomizerapi/verity.go
index 76d8472f720..4dc142dc4a4 100644
--- a/toolkit/tools/imagecustomizerapi/verity.go
+++ b/toolkit/tools/imagecustomizerapi/verity.go
@@ -8,8 +8,9 @@ import (
 )
 
 type Verity struct {
-	DataPartition IdentifiedPartition `yaml:"dataPartition"`
-	HashPartition IdentifiedPartition `yaml:"hashPartition"`
+	DataPartition    IdentifiedPartition `yaml:"dataPartition"`
+	HashPartition    IdentifiedPartition `yaml:"hashPartition"`
+	CorruptionOption CorruptionOption    `yaml:"corruptionOption"`
 }
 
 func (v *Verity) IsValid() error {
@@ -21,5 +22,9 @@ func (v *Verity) IsValid() error {
 		return fmt.Errorf("invalid hashPartition: %v", err)
 	}
 
+	if err := v.CorruptionOption.IsValid(); err != nil {
+		return fmt.Errorf("invalid corruptionOption: %v", err)
+	}
+
 	return nil
 }
diff --git a/toolkit/tools/imagecustomizerapi/verity_test.go b/toolkit/tools/imagecustomizerapi/verity_test.go
index 7b5f7cdb546..99283a5901e 100644
--- a/toolkit/tools/imagecustomizerapi/verity_test.go
+++ b/toolkit/tools/imagecustomizerapi/verity_test.go
@@ -42,3 +42,38 @@ func TestVerityIsValidInvalidHashPartition(t *testing.T) {
 	assert.Error(t, err)
 	assert.ErrorContains(t, err, "invalid hashPartition")
 }
+
+func TestVerityIsValid(t *testing.T) {
+	validVerity := Verity{
+		DataPartition: IdentifiedPartition{
+			IdType: "part-uuid",
+			Id:     "123e4567-e89b-4d3a-a456-426614174000",
+		},
+		HashPartition: IdentifiedPartition{
+			IdType: "part-label",
+			Id:     "hash_partition",
+		},
+		CorruptionOption: CorruptionOption("panic"),
+	}
+
+	err := validVerity.IsValid()
+	assert.NoError(t, err)
+}
+
+func TestVerityIsValidInvalidCorruptionOption(t *testing.T) {
+	invalidVerity := Verity{
+		DataPartition: IdentifiedPartition{
+			IdType: "part-uuid",
+			Id:     "123e4567-e89b-4d3a-a456-426614174000",
+		},
+		HashPartition: IdentifiedPartition{
+			IdType: "part-label",
+			Id:     "hash_partition",
+		},
+		CorruptionOption: CorruptionOption("bad"),
+	}
+
+	err := invalidVerity.IsValid()
+	assert.Error(t, err)
+	assert.ErrorContains(t, err, "invalid CorruptionOption value")
+}
diff --git a/toolkit/tools/pkg/imagecustomizerlib/customizeverity.go b/toolkit/tools/pkg/imagecustomizerlib/customizeverity.go
index da0aa5e8543..2dcb3f56e3e 100644
--- a/toolkit/tools/pkg/imagecustomizerlib/customizeverity.go
+++ b/toolkit/tools/pkg/imagecustomizerlib/customizeverity.go
@@ -88,7 +88,8 @@ func updateFstabForVerity(buildDir string, imageChroot *safechroot.Chroot) error
 }
 
 func updateGrubConfig(dataPartitionIdType imagecustomizerapi.IdType, dataPartitionId string,
-	hashPartitionIdType imagecustomizerapi.IdType, hashPartitionId string, rootHash string, grubCfgFullPath string,
+	hashPartitionIdType imagecustomizerapi.IdType, hashPartitionId string,
+	corruptionOption imagecustomizerapi.CorruptionOption, rootHash string, grubCfgFullPath string,
 ) error {
 	var err error
 
@@ -102,9 +103,14 @@ func updateGrubConfig(dataPartitionIdType imagecustomizerapi.IdType, dataPartiti
 		return err
 	}
 
+	formattedCorruptionOption, err := systemdFormatCorruptionOption(corruptionOption)
+	if err != nil {
+		return err
+	}
+
 	newArgs := fmt.Sprintf(
-		"rd.systemd.verity=1 roothash=%s systemd.verity_root_data=%s systemd.verity_root_hash=%s systemd.verity_root_options=panic-on-corruption",
-		rootHash, formattedDataPartition, formattedHashPartition,
+		"rd.systemd.verity=1 roothash=%s systemd.verity_root_data=%s systemd.verity_root_hash=%s systemd.verity_root_options=%s",
+		rootHash, formattedDataPartition, formattedHashPartition, formattedCorruptionOption,
 	)
 
 	// Read grub.cfg using the internal method
@@ -187,6 +193,21 @@ func systemdFormatPartitionId(idType imagecustomizerapi.IdType, id string) (stri
 	}
 }
 
+func systemdFormatCorruptionOption(corruptionOption imagecustomizerapi.CorruptionOption) (string, error) {
+	switch corruptionOption {
+	case imagecustomizerapi.CorruptionOptionDefault, imagecustomizerapi.CorruptionOptionIoError:
+		return "", nil
+	case imagecustomizerapi.CorruptionOptionIgnore:
+		return "ignore-corruption", nil
+	case imagecustomizerapi.CorruptionOptionPanic:
+		return "panic-on-corruption", nil
+	case imagecustomizerapi.CorruptionOptionRestart:
+		return "restart-on-corruption", nil
+	default:
+		return "", fmt.Errorf("invalid corruptionOption provided (%s)", string(corruptionOption))
+	}
+}
+
 // findFreeNBDDevice finds the first available NBD device.
 func findFreeNBDDevice() (string, error) {
 	files, err := filepath.Glob("/sys/class/block/nbd*")
diff --git a/toolkit/tools/pkg/imagecustomizerlib/imagecustomizer.go b/toolkit/tools/pkg/imagecustomizerlib/imagecustomizer.go
index 91be4000a61..36bdcfc78ba 100644
--- a/toolkit/tools/pkg/imagecustomizerlib/imagecustomizer.go
+++ b/toolkit/tools/pkg/imagecustomizerlib/imagecustomizer.go
@@ -521,7 +521,8 @@ func customizeVerityImageHelper(buildDir string, baseConfigPath string, config *
 	}
 
 	err = updateGrubConfig(config.OS.Verity.DataPartition.IdType, config.OS.Verity.DataPartition.Id,
-		config.OS.Verity.HashPartition.IdType, config.OS.Verity.HashPartition.Id, rootHash, grubCfgFullPath)
+		config.OS.Verity.HashPartition.IdType, config.OS.Verity.HashPartition.Id, config.OS.Verity.CorruptionOption,
+		rootHash, grubCfgFullPath)
 	if err != nil {
 		return err
 	}

From aa33bd2f8e14ca79687d4d3bb2c072c3173be079 Mon Sep 17 00:00:00 2001
From: Daniel McIlvaney <damcilva@microsoft.com>
Date: Tue, 23 Apr 2024 14:55:15 -0700
Subject: [PATCH 29/62] Generalize simple chroot tool (#8849)

---
 .../tools/pkg/rpmssnapshot/rpmssnapshot.go    |  4 +--
 .../pkg/simpletoolchroot/simpletoolchroot.go  | 30 ++++++++++++++-----
 .../pkg/specarchchecker/specarchchecker.go    |  8 ++---
 3 files changed, 29 insertions(+), 13 deletions(-)

diff --git a/toolkit/tools/pkg/rpmssnapshot/rpmssnapshot.go b/toolkit/tools/pkg/rpmssnapshot/rpmssnapshot.go
index 7001fb32de8..e92373ecf92 100644
--- a/toolkit/tools/pkg/rpmssnapshot/rpmssnapshot.go
+++ b/toolkit/tools/pkg/rpmssnapshot/rpmssnapshot.go
@@ -121,9 +121,9 @@ func (s *SnapshotGenerator) generateSnapshotInChroot(distTag string) (err error)
 	)
 
 	defines := rpm.DefaultDistroDefines(runChecks, distTag)
-	specPaths, err = rpm.BuildCompatibleSpecsList(s.simpleToolChroot.ChrootRelativeSpecDir(), []string{}, defines)
+	specPaths, err = rpm.BuildCompatibleSpecsList(s.simpleToolChroot.ChrootRelativeMountDir(), []string{}, defines)
 	if err != nil {
-		err = fmt.Errorf("failed to retrieve a list of specs inside (%s):\n%w", s.simpleToolChroot.ChrootRelativeSpecDir(), err)
+		err = fmt.Errorf("failed to retrieve a list of specs inside (%s):\n%w", s.simpleToolChroot.ChrootRelativeMountDir(), err)
 		return
 	}
 
diff --git a/toolkit/tools/pkg/simpletoolchroot/simpletoolchroot.go b/toolkit/tools/pkg/simpletoolchroot/simpletoolchroot.go
index c79e798ebf2..27ae8c5451a 100644
--- a/toolkit/tools/pkg/simpletoolchroot/simpletoolchroot.go
+++ b/toolkit/tools/pkg/simpletoolchroot/simpletoolchroot.go
@@ -13,7 +13,7 @@ import (
 )
 
 const (
-	chrootSpecDirPath = "/SPECS"
+	chrootMountDirPath = "/chroot_mnt"
 )
 
 // SimpleToolChroot is a tool for creating an environment inside a chroot suitable for basic tasks like parsing RPMs.
@@ -34,9 +34,9 @@ func (s *SimpleToolChroot) ChrootRootDir() string {
 	return s.chroot.RootDir()
 }
 
-// ChrootRelativeSpecDir returns the directory inside the chroot where the specs dir is mounted. Call InitializeChroot() before calling this function.
-func (s *SimpleToolChroot) ChrootRelativeSpecDir() string {
-	return chrootSpecDirPath
+// ChrootRelativeMountDir returns the directory inside the chroot where the specs dir is mounted. Call InitializeChroot() before calling this function.
+func (s *SimpleToolChroot) ChrootRelativeMountDir() string {
+	return chrootMountDirPath
 }
 
 // InitializeChroot initializes the chroot environment so .RunInChroot() can be used to execute commands inside the chroot. This function
@@ -44,8 +44,8 @@ func (s *SimpleToolChroot) ChrootRelativeSpecDir() string {
 //   - buildDir: The path to the directory where the chroot will be created
 //   - chrootName: The name of the chroot to create
 //   - workerTarPath: The path to the tar file containing the worker files
-//   - specsDirPath: The path to the directory containing the spec files
-func (s *SimpleToolChroot) InitializeChroot(buildDir, chrootName, workerTarPath, specsDirPath string) (err error) {
+//   - mountDirPath: The path to the directory to mount, will be mounted to s.ChrootRelativeMountDir() inside the chroot
+func (s *SimpleToolChroot) InitializeChroot(buildDir, chrootName, workerTarPath, mountDirPath string) (err error) {
 	const (
 		existingDir = false
 	)
@@ -55,16 +55,32 @@ func (s *SimpleToolChroot) InitializeChroot(buildDir, chrootName, workerTarPath,
 
 	extraDirectories := []string{}
 	extraMountPoints := []*safechroot.MountPoint{
-		safechroot.NewMountPoint(specsDirPath, chrootSpecDirPath, "", safechroot.BindMountPointFlags, ""),
+		safechroot.NewMountPoint(mountDirPath, chrootMountDirPath, "", safechroot.BindMountPointFlags, ""),
 	}
 	err = s.chroot.Initialize(workerTarPath, extraDirectories, extraMountPoints, true)
 	if err != nil {
 		err = fmt.Errorf("failed to initialize chroot (%s) inside (%s):\n%w", workerTarPath, chrootDirPath, err)
+		return
 	}
 
 	return
 }
 
+// EnableNetwork enables network access inside the chroot environment. This function should be called after InitializeChroot() has been called.
+func (s *SimpleToolChroot) EnableNetwork() (err error) {
+	if s.chroot == nil {
+		return fmt.Errorf("chroot has not been initialized")
+	}
+	files := []safechroot.FileToCopy{
+		{Src: "/etc/resolv.conf", Dest: "/etc/resolv.conf"},
+	}
+	err = s.chroot.AddFiles(files...)
+	if err != nil {
+		err = fmt.Errorf("failed to add files to chroot:\n%w", err)
+	}
+	return
+}
+
 // CleanUp cleans up the chroot environment. This function should be called after all other functions in this package have been
 // called (likely in a defer statement)
 func (s *SimpleToolChroot) CleanUp() (err error) {
diff --git a/toolkit/tools/pkg/specarchchecker/specarchchecker.go b/toolkit/tools/pkg/specarchchecker/specarchchecker.go
index 2476bcd9da8..e51b94c325b 100644
--- a/toolkit/tools/pkg/specarchchecker/specarchchecker.go
+++ b/toolkit/tools/pkg/specarchchecker/specarchchecker.go
@@ -54,7 +54,7 @@ func (a *ArchChecker) FilterSpecsByArch(specFiles []string, distTag string, test
 func (a *ArchChecker) buildAllSpecsListFromNames(specNames []string) (specPaths []string, err error) {
 	for _, specName := range specNames {
 		var fullSpecPath []string
-		specFilesGlob := filepath.Join(a.simpleToolChroot.ChrootRelativeSpecDir(), "**", fmt.Sprintf("%s.spec", specName))
+		specFilesGlob := filepath.Join(a.simpleToolChroot.ChrootRelativeMountDir(), "**", fmt.Sprintf("%s.spec", specName))
 
 		fullSpecPath, err = filepath.Glob(specFilesGlob)
 		if err != nil {
@@ -76,13 +76,13 @@ func (a *ArchChecker) filterListInChroot(specFileNames []string, distTag string,
 	defines := rpm.DefaultDistroDefines(testOnly, distTag)
 	specPaths, err := a.buildAllSpecsListFromNames(specFileNames)
 	if err != nil {
-		err = fmt.Errorf("failed to translate names to specs inside (%s). Error:\n%w", a.simpleToolChroot.ChrootRelativeSpecDir(), err)
+		err = fmt.Errorf("failed to translate names to specs inside (%s). Error:\n%w", a.simpleToolChroot.ChrootRelativeMountDir(), err)
 		return
 	}
 	logger.Log.Debugf("Got specs: %v.", specPaths)
-	filteredSpecs, err := rpm.BuildCompatibleSpecsList(a.simpleToolChroot.ChrootRelativeSpecDir(), specPaths, defines)
+	filteredSpecs, err := rpm.BuildCompatibleSpecsList(a.simpleToolChroot.ChrootRelativeMountDir(), specPaths, defines)
 	if err != nil {
-		err = fmt.Errorf("failed to retrieve a list of compatible  specs inside (%s). Error:\n%w", a.simpleToolChroot.ChrootRelativeSpecDir(), err)
+		err = fmt.Errorf("failed to retrieve a list of compatible  specs inside (%s). Error:\n%w", a.simpleToolChroot.ChrootRelativeMountDir(), err)
 		return
 	}
 

From ecb2e2443d43cd5ea1cfe0ff747297d59e645182 Mon Sep 17 00:00:00 2001
From: Andrew Phelps <anphel31@users.noreply.github.com>
Date: Tue, 23 Apr 2024 16:13:42 -0700
Subject: [PATCH 30/62] fix unresolved build requirements (#8878)

---
 .../patterns-ceph-containers.spec                     | 11 +++++++----
 SPECS/python-tensorboard/python-tensorboard.spec      |  7 ++++---
 SPECS/rubygem-fluentd/rubygem-fluentd.spec            |  7 +++++--
 3 files changed, 16 insertions(+), 9 deletions(-)

diff --git a/SPECS/patterns-ceph-containers/patterns-ceph-containers.spec b/SPECS/patterns-ceph-containers/patterns-ceph-containers.spec
index 85b3ceedd11..38f98807531 100644
--- a/SPECS/patterns-ceph-containers/patterns-ceph-containers.spec
+++ b/SPECS/patterns-ceph-containers/patterns-ceph-containers.spec
@@ -1,13 +1,12 @@
 Summary:        Patterns for the Ceph containers
 Name:           patterns-ceph-containers
 Version:        1.0
-Release:        1%{?dist}
+Release:        2%{?dist}
 License:        MIT
 Vendor:         Microsoft Corporation
 Distribution:   Azure Linux
 Group:          Metapackages
 URL:            http://en.opensuse.org/Patterns
-ExclusiveArch:  x86_64 aarch64 ppc64le s390x
 
 %description
 This is an internal package that is used to create the patterns as part
@@ -31,8 +30,8 @@ Requires:       ceph-mds
 Requires:       ceph-mgr
 Requires:       ceph-mgr-cephadm
 Requires:       ceph-mgr-dashboard
-Requires:       ceph-mgr-rook
-#Package currently not supported in mariner, keeping dependency for future reference.
+# Following two package currently not supported in Azure Linux; keeping dependency for future reference.
+#Requires:      ceph-mgr-rook
 #Requires:      ceph-mgr-diskprediction-local
 Requires:       ceph-mon
 Requires:       ceph-osd
@@ -60,6 +59,10 @@ This provides the base for the Ceph, Rook, Ceph CSI driver packages and containe
 %files ceph_base
 
 %changelog
+* Tue Apr 23 2024 Andrew Phelps <anphel@microsoft.com> - 1.0-2
+- Remove requirement on `ceph-mgr-rook`
+- Remove non-applicable ExclusiveArch tags
+
 * Mon Oct 04 2021 Max Brodeur-Urbas <maxbr@microsoft.com> - 1.0-1
 - Initial CBL-Mariner import from openSUSE Tumbleweed (license: same as "License" tag).
 - License Verified
diff --git a/SPECS/python-tensorboard/python-tensorboard.spec b/SPECS/python-tensorboard/python-tensorboard.spec
index cc506a8f1f8..3fd9c6f0742 100644
--- a/SPECS/python-tensorboard/python-tensorboard.spec
+++ b/SPECS/python-tensorboard/python-tensorboard.spec
@@ -7,7 +7,7 @@ TensorBoard is a suite of web applications for inspecting and understanding your
 Summary:        TensorBoard is a suite of web applications for inspecting and understanding your TensorFlow runs and graphs
 Name:           python-%{pypi_name}
 Version:        2.11.0
-Release:        3%{?dist}
+Release:        4%{?dist}
 License:        ASL 2.0
 Vendor:         Microsoft Corporation
 Distribution:   Azure Linux
@@ -19,7 +19,6 @@ BuildRequires:  python3-pip
 BuildRequires:  python3-wheel
 BuildRequires:  python3-six
 BuildRequires:  bazel
-BuildRequires:  python3-tf-nightly
 BuildRequires:  gcc
 BuildRequires:  build-essential
 BuildRequires:  protobuf
@@ -41,7 +40,6 @@ Requires:   python3-numpy
 Requires:   python3-protobuf
 Requires:   python3-requests
 Requires:   python3-setuptools
-Requires:   python3-tensorflow-estimator
 Requires:   python3-werkzeug
 Requires:   python3-wheel
 
@@ -102,6 +100,9 @@ mv %{pypi_name}-%{version}-*.whl pyproject-wheeldir/
 %{python3_sitelib}/tensorboard_data_server*
 
 %changelog
+* Tue Apr 23 2024 Andrew Phelps <anphel@microsoft.com> - 2.11.0-4
+- Remove missing requirements `python3-tf-nightly` and `python3-tensorflow-estimator`
+
 * Fri Feb 16 2024 Andrew Phelps <anphel@microsoft.com> - 2.11.0-3
 - Relax version requirements
 
diff --git a/SPECS/rubygem-fluentd/rubygem-fluentd.spec b/SPECS/rubygem-fluentd/rubygem-fluentd.spec
index 5534446e6d6..e9ab175f11e 100644
--- a/SPECS/rubygem-fluentd/rubygem-fluentd.spec
+++ b/SPECS/rubygem-fluentd/rubygem-fluentd.spec
@@ -3,7 +3,7 @@
 Summary:        Fluentd event collector
 Name:           rubygem-%{gem_name}
 Version:        1.16.2
-Release:        2%{?dist}
+Release:        3%{?dist}
 License:        ASL 2.0
 Vendor:         Microsoft Corporation
 Distribution:   Azure Linux
@@ -19,7 +19,7 @@ Requires:       rubygem-http_parser.rb < 0.9.0
 Requires:       rubygem-msgpack < 2.0.0
 Requires:       rubygem-rake < 14
 Requires:       rubygem-serverengine < 3.0.0
-Requires:       rubygem-sigdump > 0.2.5
+Requires:       rubygem-sigdump >= 0.2.5
 Requires:       rubygem-strptime < 1.0.0
 Requires:       rubygem-tzinfo < 3.0
 Requires:       rubygem-tzinfo-data > 1.0
@@ -59,6 +59,9 @@ gem install -V --local --force --install-dir %{buildroot}%{gemdir} --bindir %{bu
 %{gemdir}/specifications/fluentd-%{version}.gemspec
 
 %changelog
+* Wed Apr 23 2024 Andrew Phelps <anphel@microsoft.com> - 1.16.2-3
+- Modify `rubygem-sigdump` runtime version requirement
+
 * Wed Apr 17 2024 Andrew Phelps <anphel@microsoft.com> - 1.16.2-2
 - Update runtime rubygem required versions
 

From 8ce9f023f29f79c924de2e4903f52442057a7c28 Mon Sep 17 00:00:00 2001
From: Andrew Phelps <anphel31@users.noreply.github.com>
Date: Tue, 23 Apr 2024 16:14:18 -0700
Subject: [PATCH 31/62] conda: upgrade to 24.1.2 (#8867)

---
 ...back-conda-and-conda_env-entry-point.patch |  28 --
 SPECS/conda/0001-Fix-toolz-imports.patch      |  88 ------
 ...oint-for-conda-and-re-add-conda-env-.patch |  26 ++
 SPECS/conda/0002-Go-back-to-ruamel_yaml.patch |  29 --
 ...-encoding-manipulation-under-python2.patch |  23 --
 ...004-Do-not-try-to-run-usr-bin-python.patch |  36 +--
 ...005-Fix-failing-tests-in-test_api.py.patch |  29 +-
 ...hell-assume-shell-plugins-are-in-etc.patch |  82 ++++--
 SPECS/conda/conda                             |  59 ++--
 SPECS/conda/conda-cpuinfo.patch               |  14 +-
 SPECS/conda/conda-memoize.patch               |  30 --
 SPECS/conda/conda.signatures.json             |   4 +-
 SPECS/conda/conda.spec                        | 277 +++++++++++-------
 SPECS/conda/conda_gateways_disk_create.patch  |  22 --
 SPECS/conda/conda_sys_prefix.patch            |  13 +-
 cgmanifest.json                               |   4 +-
 16 files changed, 339 insertions(+), 425 deletions(-)
 delete mode 100644 SPECS/conda/0001-Add-back-conda-and-conda_env-entry-point.patch
 delete mode 100644 SPECS/conda/0001-Fix-toolz-imports.patch
 create mode 100644 SPECS/conda/0001-Use-main-entry-point-for-conda-and-re-add-conda-env-.patch
 delete mode 100644 SPECS/conda/0002-Go-back-to-ruamel_yaml.patch
 delete mode 100644 SPECS/conda/0003-Drop-fs-path-encoding-manipulation-under-python2.patch
 delete mode 100644 SPECS/conda/conda-memoize.patch
 delete mode 100644 SPECS/conda/conda_gateways_disk_create.patch

diff --git a/SPECS/conda/0001-Add-back-conda-and-conda_env-entry-point.patch b/SPECS/conda/0001-Add-back-conda-and-conda_env-entry-point.patch
deleted file mode 100644
index 14bd1b94072..00000000000
--- a/SPECS/conda/0001-Add-back-conda-and-conda_env-entry-point.patch
+++ /dev/null
@@ -1,28 +0,0 @@
-From ce24f4787ea5647be849590f7eff6f6c1951b504 Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
-Date: Sun, 12 Sep 2021 21:04:40 +0200
-Subject: [PATCH 1/2] Add back conda and conda_env entry point
-
-Partially reverts 0ccc029997e0dc0a28420a89e0cb39c08ff0b738.
-'conda init' is designed to fail and emit a warning. Go back
-to the normal init.
----
- setup.py | 3 ++-
- 1 file changed, 2 insertions(+), 1 deletion(-)
-
-diff --git a/setup.py b/setup.py
-index 84ecb55cca..bb3db39c4d 100644
---- a/setup.py
-+++ b/setup.py
-@@ -86,7 +86,8 @@ setup(
-     },
-     entry_points={
-         'console_scripts': [
--            'conda=conda.cli.main_pip:main',
-+            'conda=conda.cli.main:main',
-+            'conda-env = conda_env.cli.main:main',
-         ],
-     },
-     install_requires=install_requires,
--- 
-2.32.0
diff --git a/SPECS/conda/0001-Fix-toolz-imports.patch b/SPECS/conda/0001-Fix-toolz-imports.patch
deleted file mode 100644
index c8b9eafe38c..00000000000
--- a/SPECS/conda/0001-Fix-toolz-imports.patch
+++ /dev/null
@@ -1,88 +0,0 @@
-commit eefe1e79d27d4fe904d769898c7870a4c736feb4
-Author: rpm-build <rpm-build>
-Date:   Mon Nov 29 18:29:26 2021 -0700
-
-    Fix toolz imports
-
-diff --git a/conda/plan.py b/conda/plan.py
-index e0c2ec6..b87c9dc 100644
---- a/conda/plan.py
-+++ b/conda/plan.py
-@@ -371,7 +371,7 @@ def _plan_from_actions(actions, index):  # pragma: no cover
- def _inject_UNLINKLINKTRANSACTION(plan, index, prefix, axn, specs):  # pragma: no cover
-     from os.path import isdir
-     from .models.dist import Dist
--    from ._vendor.toolz.itertoolz import groupby
-+    from ._vendor.toolz import groupby
-     from .instructions import LINK, PROGRESSIVEFETCHEXTRACT, UNLINK, UNLINKLINKTRANSACTION
-     from .core.package_cache_data import ProgressiveFetchExtract
-     from .core.link import PrefixSetup, UnlinkLinkTransaction
-diff --git a/conda_env/env.py b/conda_env/env.py
-index 1838335..e88da34 100644
---- a/conda_env/env.py
-+++ b/conda_env/env.py
-@@ -22,10 +22,7 @@ from conda.models.prefix_graph import PrefixGraph
- from . import compat, exceptions
- from conda.history import History
- 
--try:
--    from cytoolz.itertoolz import concatv, groupby
--except ImportError:  # pragma: no cover
--    from conda._vendor.toolz.itertoolz import concatv, groupby  # NOQA
-+from conda._vendor.toolz import concatv, groupby  # NOQA
- 
- 
- VALID_KEYS = ('name', 'dependencies', 'prefix', 'channels', 'variables')
-diff --git a/tests/base/test_context.py b/tests/base/test_context.py
-index ffb6551..9514533 100644
---- a/tests/base/test_context.py
-+++ b/tests/base/test_context.py
-@@ -11,7 +11,7 @@ import pytest
- 
- from conda.auxlib.collection import AttrDict
- from conda.auxlib.ish import dals
--from conda._vendor.toolz.itertoolz import concat
-+from conda._vendor.toolz import concat
- from conda.base.constants import PathConflict, ChannelPriority
- from conda.base.context import context, reset_context, conda_tests_ctxt_mgmt_def_pol
- from conda.common.compat import odict, iteritems
-diff --git a/tests/core/test_path_actions.py b/tests/core/test_path_actions.py
-index c6db1e7..bab5ce4 100644
---- a/tests/core/test_path_actions.py
-+++ b/tests/core/test_path_actions.py
-@@ -11,7 +11,7 @@ from uuid import uuid4
- import pytest
- 
- from conda.auxlib.collection import AttrDict
--from conda._vendor.toolz.itertoolz import groupby
-+from conda._vendor.toolz import groupby
- from conda.base.context import context
- from conda.common.compat import PY2, on_win
- from conda.common.path import get_bin_directory_short_path, get_python_noarch_target_path, \
-diff --git a/tests/test_activate.py b/tests/test_activate.py
-index 67c89f7..837558c 100644
---- a/tests/test_activate.py
-+++ b/tests/test_activate.py
-@@ -16,7 +16,7 @@ import json
- from conda import __version__ as conda_version
- from conda import CONDA_PACKAGE_ROOT
- from conda.auxlib.ish import dals
--from conda._vendor.toolz.itertoolz import concatv
-+from conda._vendor.toolz import concatv
- from conda.activate import CmdExeActivator, CshActivator, FishActivator, PosixActivator, \
-     PowerShellActivator, XonshActivator, activator_map, _build_activator_cls, \
-     main as activate_main, native_path_to_unix
-diff --git a/tests/test_create.py b/tests/test_create.py
-index ebc8a84..333aa06 100644
---- a/tests/test_create.py
-+++ b/tests/test_create.py
-@@ -6,7 +6,7 @@ from datetime import datetime
- from glob import glob
- 
- from conda.auxlib.compat import Utf8NamedTemporaryFile
--from conda._vendor.toolz.itertoolz import groupby
-+from conda._vendor.toolz import groupby
- from conda.gateways.disk.permissions import make_read_only
- from conda.models.channel import Channel
- from conda.resolve import Resolve
- 
\ No newline at end of file
diff --git a/SPECS/conda/0001-Use-main-entry-point-for-conda-and-re-add-conda-env-.patch b/SPECS/conda/0001-Use-main-entry-point-for-conda-and-re-add-conda-env-.patch
new file mode 100644
index 00000000000..5ccbb7749cf
--- /dev/null
+++ b/SPECS/conda/0001-Use-main-entry-point-for-conda-and-re-add-conda-env-.patch
@@ -0,0 +1,26 @@
+From b5f226ef5dd81dec3b01f58e22c252a27a84e515 Mon Sep 17 00:00:00 2001
+From: rpm-build <rpm-build>
+Date: Sun, 8 Oct 2023 19:51:26 -0600
+Subject: [PATCH] Use main entry point for conda and re-add conda-env entry
+ point, no need to run conda init
+
+---
+ pyproject.toml | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/pyproject.toml b/pyproject.toml
+index 2c897d3..1abe369 100644
+--- a/pyproject.toml
++++ b/pyproject.toml
+@@ -49,7 +49,8 @@ documentation = "https://docs.conda.io/projects/conda/en/stable/"
+ repository = "https://github.com/conda/conda"
+ 
+ [project.scripts]
+-conda = "conda.cli.main_pip:main"
++conda = "conda.cli.main:main"
++conda-env = "conda_env.cli.main:main"
+ 
+ [tool.hatch.version]
+ source = "vcs"
+-- 
+2.42.0
diff --git a/SPECS/conda/0002-Go-back-to-ruamel_yaml.patch b/SPECS/conda/0002-Go-back-to-ruamel_yaml.patch
deleted file mode 100644
index 8327afa5974..00000000000
--- a/SPECS/conda/0002-Go-back-to-ruamel_yaml.patch
+++ /dev/null
@@ -1,29 +0,0 @@
-From 4eefe365897af2fcd91b47433140f994777ebd31 Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
-Date: Sun, 12 Sep 2021 21:12:27 +0200
-Subject: [PATCH] Go back to ruamel_yaml
-
-What a mess conda is!
----
- conda.recipe/run_test.sh | 2 +-
- setup.py                 | 4 ++--
- 2 files changed, 3 insertions(+), 3 deletions(-)
-
-diff --git a/setup.py b/setup.py
-index cd9c5715b0..56bb5bbeaf 100644
---- a/setup.py
-+++ b/setup.py
-@@ -37,9 +37,9 @@ install_requires = [
- ]
- 
- if os.getenv('CONDA_BUILD', None) == '1':
--    install_requires.append("ruamel_yaml_conda >=0.11.14")
-+    install_requires.append("ruamel_yaml >=0.11.14")
- else:
--    install_requires.append("ruamel_yaml_conda >=0.11.14")
-+    install_requires.append("ruamel_yaml >=0.11.14")
- 
- 
- def package_files(*root_directories):
--- 
-2.32.0
diff --git a/SPECS/conda/0003-Drop-fs-path-encoding-manipulation-under-python2.patch b/SPECS/conda/0003-Drop-fs-path-encoding-manipulation-under-python2.patch
deleted file mode 100644
index b58874492dc..00000000000
--- a/SPECS/conda/0003-Drop-fs-path-encoding-manipulation-under-python2.patch
+++ /dev/null
@@ -1,23 +0,0 @@
-commit 1f21cf4dd33e4d62f3dca93294bfa5508a2591ab
-Author: rpm-build <rpm-build>
-Date:   Sat Mar 30 20:59:05 2019 -0600
-
-    [PATCH] Drop fs path encoding manipulation under python2
-
-diff --git a/conda/activate.py b/conda/activate.py
-index e515c0e..3632a61 100644
---- a/conda/activate.py
-+++ b/conda/activate.py
-@@ -63,11 +63,7 @@ class _Activator(object):
-     def __init__(self, arguments=None):
-         self._raw_arguments = arguments
- 
--        if PY2:
--            self.environ = {ensure_fs_path_encoding(k): ensure_fs_path_encoding(v)
--                            for k, v in iteritems(os.environ)}
--        else:
--            self.environ = os.environ.copy()
-+        self.environ = os.environ.copy()
- 
-     # Once Python2 dies odargs can become kwargs again since dicts are ordered since 3.6.
-     def get_export_unset_vars(self, odargs):
diff --git a/SPECS/conda/0004-Do-not-try-to-run-usr-bin-python.patch b/SPECS/conda/0004-Do-not-try-to-run-usr-bin-python.patch
index 6ce19639f2c..ced1897a8b3 100644
--- a/SPECS/conda/0004-Do-not-try-to-run-usr-bin-python.patch
+++ b/SPECS/conda/0004-Do-not-try-to-run-usr-bin-python.patch
@@ -1,41 +1,27 @@
-From cccc709c085890633be767a44465229d049d5941 Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
-Date: Wed, 13 Feb 2019 13:06:36 +0100
-Subject: [PATCH] Do not try to run /usr/bin/python
-
-On modern linux distros, /usr/bin/python will usually either
-refer to python2 or not exists at all. Use sys.executable to
-run subprocess calls with the same python executable as the
-parent process.
----
- conda/common/path.py | 7 +++++--
- 1 file changed, 5 insertions(+), 2 deletions(-)
-
 diff --git a/conda/common/path.py b/conda/common/path.py
-index b51f7f272d..06e0b4bc9a 100644
+index 32ed396..76bc20a 100644
 --- a/conda/common/path.py
 +++ b/conda/common/path.py
-@@ -6,6 +6,7 @@ from __future__ import absolute_import, division, print_function, unicode_litera
- from functools import reduce
- from logging import getLogger
+@@ -5,6 +5,7 @@ from __future__ import annotations
  import os
-+import sys
- from os.path import abspath, basename, expanduser, expandvars, join, normcase, split, splitext
  import re
  import subprocess
-@@ -155,9 +156,11 @@ def parse_entry_point_def(ep_definition):
++import sys
+ from functools import lru_cache, reduce
+ from itertools import accumulate, chain
+ from logging import getLogger
+@@ -175,9 +176,11 @@ def parse_entry_point_def(ep_definition):
  def get_python_short_path(python_version=None):
      if on_win:
          return "python.exe"
--    if python_version and '.' not in python_version:
+-    if python_version and "." not in python_version:
 +    if not python_version:
 +        return sys.executable
 +    if '.' not in python_version:
-         python_version = '.'.join(python_version)
--    return join("bin", "python%s" % (python_version or ''))
+         python_version = ".".join(python_version)
+-    return join("bin", "python%s" % (python_version or ""))
 +    return join("bin", "python" + python_version)
  
  
  def get_python_site_packages_short_path(python_version):
--- 
-2.19.2
+ 
\ No newline at end of file
diff --git a/SPECS/conda/0005-Fix-failing-tests-in-test_api.py.patch b/SPECS/conda/0005-Fix-failing-tests-in-test_api.py.patch
index 762b392c60a..b5e2f9563fc 100644
--- a/SPECS/conda/0005-Fix-failing-tests-in-test_api.py.patch
+++ b/SPECS/conda/0005-Fix-failing-tests-in-test_api.py.patch
@@ -1,21 +1,5 @@
-From 4bc8b4ec9579e7c015a6ad5b41031c850596e0fb Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
-Date: Fri, 21 Sep 2018 10:23:39 +0200
-Subject: [PATCH] Fix failing tests in test_api.py
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-Based on commit 0722e2edc93ae818bddd18f23be5b18c3a2a1d55 by
-Kale Franz <kfranz@continuum.io>.
-
-Signed-off-by: Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl>
----
- tests/test_api.py | 17 +++++++++--------
- 1 file changed, 9 insertions(+), 8 deletions(-)
-
 diff --git a/tests/test_api.py b/tests/test_api.py
-index 3ca97be734..e866e82fd3 100644
+index dd6a7b9..c60d1a1 100644
 --- a/tests/test_api.py
 +++ b/tests/test_api.py
 @@ -224,7 +224,7 @@ def test_PackageCacheData_return_value_contract():
@@ -27,7 +11,7 @@ index 3ca97be734..e866e82fd3 100644
  
      first_writable_result = PackageCacheData.first_writable()
      assert isinstance(first_writable_result, PackageCacheData)
-@@ -269,20 +269,21 @@ def test_PrefixData_contract():
+@@ -265,13 +265,14 @@ def test_PrefixData_contract():
  def test_PrefixData_return_value_contract():
      pd = PrefixData(context.conda_prefix)
  
@@ -39,16 +23,17 @@ index 3ca97be734..e866e82fd3 100644
 +        get_result = pd.get(PackageRecord.from_objects(single_prefix_rec))
 +        assert isinstance(get_result, PrefixRecord)
  
--    query_result = pd.query('openssl')
+-    query_result = pd.query("openssl")
 -    assert isinstance(query_result, tuple)
 -    assert all(isinstance(prefix_rec, PrefixRecord) for prefix_rec in query_result)
-+        query_result = pd.query('openssl')
++        query_result = pd.query("openssl")
 +        assert isinstance(query_result, tuple)
 +        assert all(isinstance(prefix_rec, PrefixRecord) for prefix_rec in query_result)
  
      iter_records_result = pd.iter_records()
      assert isiterable(iter_records_result)
-     assert all(isinstance(prefix_rec, PrefixRecord) for prefix_rec in iter_records_result)
+@@ -280,7 +281,7 @@ def test_PrefixData_return_value_contract():
+     )
  
      is_writable_result = pd.is_writable
 -    assert is_writable_result is True or is_writable_result is False
@@ -56,5 +41,3 @@ index 3ca97be734..e866e82fd3 100644
  
      reload_result = pd.reload()
      assert isinstance(reload_result, PrefixData)
--- 
-2.19.2
diff --git a/SPECS/conda/0006-shell-assume-shell-plugins-are-in-etc.patch b/SPECS/conda/0006-shell-assume-shell-plugins-are-in-etc.patch
index 24e84855f52..9be1883d452 100644
--- a/SPECS/conda/0006-shell-assume-shell-plugins-are-in-etc.patch
+++ b/SPECS/conda/0006-shell-assume-shell-plugins-are-in-etc.patch
@@ -1,32 +1,72 @@
 diff --git a/conda/activate.py b/conda/activate.py
-index e1b1812..567140f 100644
+index e7944a2..318cf88 100644
 --- a/conda/activate.py
 +++ b/conda/activate.py
-@@ -825,7 +825,7 @@ class PosixActivator(_Activator):
-         self.set_var_tmpl = "%s='%s'"
-         self.run_script_tmpl = '. "%s"'
+@@ -924,13 +924,7 @@ class PosixActivator(_Activator):
+     set_var_tmpl = "%s='%s'"
+     run_script_tmpl = '. "%s"'
  
--        self.hook_source_path = join(CONDA_PACKAGE_ROOT, 'shell', 'etc', 'profile.d', 'conda.sh')
-+        self.hook_source_path = '/etc/profile.d/conda.sh'
+-    hook_source_path = Path(
+-        CONDA_PACKAGE_ROOT,
+-        "shell",
+-        "etc",
+-        "profile.d",
+-        "conda.sh",
+-    )
++    hook_source_path = Path("/etc/profile.d/conda.sh")
  
-         super(PosixActivator, self).__init__(arguments)
+     def _update_prompt(self, set_vars, conda_prompt_modifier):
+         ps1 = self.environ.get("PS1", "")
+@@ -977,13 +971,7 @@ class CshActivator(_Activator):
+     set_var_tmpl = "set %s='%s'"
+     run_script_tmpl = 'source "%s"'
  
-@@ -882,7 +882,7 @@ class CshActivator(_Activator):
-         self.set_var_tmpl = "set %s='%s'"
-         self.run_script_tmpl = 'source "%s"'
+-    hook_source_path = Path(
+-        CONDA_PACKAGE_ROOT,
+-        "shell",
+-        "etc",
+-        "profile.d",
+-        "conda.csh",
+-    )
++    hook_source_path = Path("/etc/profile.d/conda.csh")
  
--        self.hook_source_path = join(CONDA_PACKAGE_ROOT, 'shell', 'etc', 'profile.d', 'conda.csh')
-+        self.hook_source_path = '/etc/profile.d/conda.csh'
+     def _update_prompt(self, set_vars, conda_prompt_modifier):
+         prompt = self.environ.get("prompt", "")
+@@ -1039,7 +1027,7 @@ class XonshActivator(_Activator):
+         else 'source-bash --suppress-skip-message -n "%s"'
+     )
  
-         super(CshActivator, self).__init__(arguments)
+-    hook_source_path = Path(CONDA_PACKAGE_ROOT, "shell", "conda.xsh")
++    hook_source_path = Path("/etc/profile.d/conda.xsh")
  
-@@ -993,8 +993,7 @@ class FishActivator(_Activator):
-         self.set_var_tmpl = 'set -g %s "%s"'
-         self.run_script_tmpl = 'source "%s"'
+     def _hook_preamble(self) -> str:
+         return '$CONDA_EXE = "%s"' % self.path_conversion(context.conda_exe)
+@@ -1080,14 +1068,7 @@ class FishActivator(_Activator):
+     set_var_tmpl = 'set -g %s "%s"'
+     run_script_tmpl = 'source "%s"'
  
--        self.hook_source_path = join(CONDA_PACKAGE_ROOT, 'shell', 'etc', 'fish', 'conf.d',
--                                     'conda.fish')
-+        self.hook_source_path = '/etc/fish/conf.d/conda.fish'
+-    hook_source_path = Path(
+-        CONDA_PACKAGE_ROOT,
+-        "shell",
+-        "etc",
+-        "fish",
+-        "conf.d",
+-        "conda.fish",
+-    )
++    hook_source_path = Path("/etc/fish/conf.d/conda.fish")
  
-         super(FishActivator, self).__init__(arguments)
- 
\ No newline at end of file
+     def _hook_preamble(self) -> str:
+         if on_win:
+diff --git a/conda/base/context.py b/conda/base/context.py
+index 52c789c..4bed062 100644
+--- a/conda/base/context.py
++++ b/conda/base/context.py
+@@ -756,7 +756,7 @@ class Context(Configuration):
+     def av_data_dir(self):
+         """Where critical artifact verification data (e.g., various public keys) can be found."""
+         # TODO (AV): Find ways to make this user configurable?
+-        return join(self.conda_prefix, "etc", "conda")
++        return '/etc/conda'
+ 
+     @property
+     def signing_metadata_url_base(self):
diff --git a/SPECS/conda/conda b/SPECS/conda/conda
index 0309bada562..37bab577b90 100644
--- a/SPECS/conda/conda
+++ b/SPECS/conda/conda
@@ -37,8 +37,9 @@ function __comp_conda_ensure_root() {
         :    import conda
         :    print(os.path.dirname(conda.__file__))
         "
+        script="${script//        :    /}"
         # don't assume an active base environment
-        CONDA_SOURCE=$(conda activate base; python -c "${script//        :    /}")
+        CONDA_SOURCE=$(conda activate base; python -c "$script")
     fi
 }
 
@@ -51,40 +52,49 @@ function __comp_conda_commands () {
     echo activate deactivate
 
     # check commands from full anaconda install
-    for f in $CONDA_SOURCE/cli/main_*.py
+    for f in "$CONDA_SOURCE"/cli/main_*.py
     do
         # skip pip -- not a sub-command
-        [[ $f == */main_pip.py ]] && continue
-        \expr match "$f" '.*_\([a-z]\+\)\.py$'
+        [[ "$f" == */main_pip.py ]] && continue
+        if [[ "$f" =~ .*_([a-z]+)\.py$ ]]; then
+            echo "${BASH_REMATCH[1]}"
+        fi
     done
 
     # check extra pluggins
-    for f in $CONDA_ROOT/bin/conda-*
+    for f in "$CONDA_ROOT"/bin/conda-*
     do
         if [[ -x "$f" && ! -d "$f" ]]
         then
-            \expr match "$f" '^.*/conda-\(.*\)'
+            if [[ "$f" =~ .*/conda-(.*) ]]; then
+                echo "${BASH_REMATCH[1]}"
+            fi
         fi
     done
 }
 
 function __comp_conda_env_commands() {
-    for f in $CONDA_SOURCE/../conda_env/cli/main_*.py
+    for f in "$CONDA_SOURCE"/../conda_env/cli/main_*.py
     do
-        \expr match "$f" '.*_\([a-z]\+\)\.py$'
+        [[ "$f" == */main_vars.py ]] && continue
+        if [[ "$f" =~ .*_([a-z]+)\.py$ ]]; then
+            echo "${BASH_REMATCH[1]}"
+        fi
     done
 }
 
 function __comp_conda_envs() {
     \local script="
-    :    from __future__ import print_function;
-    :    import json, os, sys;
-    :    from os.path import isdir, join;
+    :    from __future__ import print_function
+    :    import json, os, sys
+    :    from os.path import isdir, join
     :    print('\n'.join(
     :       d for ed in json.load(sys.stdin)['envs_dirs'] if isdir(ed)
-    :       for d in os.listdir(ed) if isdir(join(ed, d))));
+    :       for d in os.listdir(ed) if isdir(join(ed, d)))
+    :    )
     "
-    conda config --json --show envs_dirs | python -c "${script//    :    /}"
+    script="${script//    :    /}"
+    conda config --json --show envs_dirs | $CONDA_PYTHON_EXE -c "$script"
 }
 
 function __comp_conda_packages() {
@@ -95,13 +105,13 @@ function __comp_conda_cmds_str() {
     # get a list of commands, skipping options
     \local cmd
     \local -a cmds
-    for cmd in $*; do
+    for cmd in "$@"; do
         case "$cmd" in
             -*) continue ;;
-            *) cmds+=($cmd) ;;
+            *) cmds+=("$cmd") ;;
         esac
     done
-    echo "${cmds[*]}"
+    echo "${cmds[@]}"
 }
 
 # helper for debugging issues with the cache
@@ -135,7 +145,7 @@ function __comp_conda_option_lookup() {
     else
         word_list=${__comp_conda_cache[$cmd_key]}
     fi
-    echo $word_list
+    echo "$word_list"
 }
 
 # cache conda subcommand help lookups for the duration of the shell
@@ -149,6 +159,7 @@ __comp_conda_ensure_root 2>/dev/null || :
 
 _comp_conda()
 {
+    # shellcheck disable=SC2034
     \local cur prev words cword
     _init_completion || return
 
@@ -157,7 +168,7 @@ _comp_conda()
     \local word_list cmd_str
     if [[ $cur == -* ]]; then
         # get the current list of commands as a string sans options
-        cmd_str="$(__comp_conda_cmds_str ${words[@]})"
+        cmd_str=$(__comp_conda_cmds_str "${words[@]}")
         word_list=$(__comp_conda_option_lookup "$cmd_str")
     else
         case "$prev" in
@@ -168,8 +179,12 @@ _comp_conda()
                 word_list=$(__comp_conda_env_commands 2>/dev/null)
                 ;;
             activate)
-                _filedir -d                     # environment directories
-                word_list=$(__comp_conda_envs 2>/dev/null)
+                if [[ $cur == */* ]]
+                then
+                    _filedir -d  # environment directories
+                else
+                    word_list=$(__comp_conda_envs 2>/dev/null)
+                fi
                 ;;
             remove|uninstall|upgrade|update)
                 word_list=$(__comp_conda_packages 2>/dev/null)
@@ -193,7 +208,9 @@ _comp_conda()
         esac
     fi
     if [[ -n $word_list ]]; then
-        COMPREPLY+=( $(compgen -W "$word_list" -- "$cur") )
+        # append completion suggestions to COMPREPLY
+        mapfile -t -O "${#COMPREPLY[@]}" COMPREPLY < \
+            <(compgen -W "$word_list" -- "$cur")
     fi
 } &&
 complete -F _comp_conda conda
diff --git a/SPECS/conda/conda-cpuinfo.patch b/SPECS/conda/conda-cpuinfo.patch
index bd5a47e24ad..7e6a05601d1 100644
--- a/SPECS/conda/conda-cpuinfo.patch
+++ b/SPECS/conda/conda-cpuinfo.patch
@@ -1,11 +1,13 @@
-diff -up conda-4.7.11/conda/base/context.py.cpuinfo conda-4.7.11/conda/base/context.py
---- conda-4.7.11/conda/base/context.py.cpuinfo	2019-08-06 13:23:55.000000000 -0600
-+++ conda-4.7.11/conda/base/context.py	2019-08-16 21:31:01.947610667 -0600
-@@ -1328,7 +1328,7 @@ conda_tests_ctxt_mgmt_def_pol = replace_
- @memoize
+diff --git a/conda/base/context.py b/conda/base/context.py
+index dbeac32..8b78e69 100644
+--- a/conda/base/context.py
++++ b/conda/base/context.py
+@@ -1864,7 +1864,7 @@ conda_tests_ctxt_mgmt_def_pol = replace_context_default
+ @lru_cache(maxsize=None)
  def _get_cpu_info():
      # DANGER: This is rather slow
 -    from .._vendor.cpuinfo import get_cpu_info
 +    from cpuinfo import get_cpu_info
+ 
      return frozendict(get_cpu_info())
-
+ 
\ No newline at end of file
diff --git a/SPECS/conda/conda-memoize.patch b/SPECS/conda/conda-memoize.patch
deleted file mode 100644
index 886d6314371..00000000000
--- a/SPECS/conda/conda-memoize.patch
+++ /dev/null
@@ -1,30 +0,0 @@
-diff -up conda-4.11.0/conda/auxlib/decorators.py.memoize conda-4.11.0/conda/auxlib/decorators.py
---- conda-4.11.0/conda/auxlib/decorators.py.memoize	2021-11-29 20:27:32.622204583 -0700
-+++ conda-4.11.0/conda/auxlib/decorators.py	2021-11-29 20:28:42.661814653 -0700
-@@ -189,7 +189,7 @@ def memoizemethod(method):
- 
- def clear_memoized_methods(obj, *method_names):
-     """
--    Clear the memoized method or @memoizeproperty results for the given
-+    Clear the memoized method or @memoizedproperty results for the given
-     method names from the given object.
- 
-     >>> v = [0]
-@@ -201,7 +201,7 @@ def clear_memoized_methods(obj, *method_
-     ...    @memoizemethod
-     ...    def foo(self):
-     ...        return inc()
--    ...    @memoizeproperty
-+    ...    @memoizedproperty
-     ...    def g(self):
-     ...       return inc()
-     ...
-@@ -343,6 +343,6 @@ class classproperty(object):  # pylint:
- #     staticproperty?
- # memoizefunction
- # memoizemethod
--# memoizeproperty
-+# memoizedproperty
- #
- #
- 
\ No newline at end of file
diff --git a/SPECS/conda/conda.signatures.json b/SPECS/conda/conda.signatures.json
index 63d7d964c05..191933e0882 100644
--- a/SPECS/conda/conda.signatures.json
+++ b/SPECS/conda/conda.signatures.json
@@ -1,6 +1,6 @@
 {
  "Signatures": {
-  "conda-4.11.0.tar.gz": "1843355ccb93afb05f2a307e1fc37403fb9976da799236eebc3adee1c716c5fc",
-  "conda": "82512212b671e524a0f9fd26a2ba8e0b05fd55501c43160d63ed5c7d447f9fa4"
+  "conda-24.1.2.tar.gz": "6bc4f1f72a0edddefa10e0667d6ab2eb2f1956919a59508bf3bf6c001bf7a6e8",
+  "conda": "9e89219d7fc4c26931a4309be8f989a03bc708d4466fcdb812f755715b946848"
  }
 }
diff --git a/SPECS/conda/conda.spec b/SPECS/conda/conda.spec
index f216eb159c1..c22d7c2202c 100644
--- a/SPECS/conda/conda.spec
+++ b/SPECS/conda/conda.spec
@@ -1,37 +1,38 @@
 Summary:        Cross-platform, Python-agnostic binary package manager
 Name:           conda
-Version:        4.11.0
+Version:        24.1.2
 Release:        1%{?dist}
-License:        BSD and ASL 2.0 and LGPLv2+ and MIT
-# The conda code is BSD
-# progressbar is LGPLv2+
-# six is MIT/X11
-# adapters/ftp.py is ASL 2.0
+License:        BSD-3-Clause AND Apache-2.0
+# The conda code is BSD-3-Clause
+# adapters/ftp.py is Apache-2.0
 URL:            http://conda.pydata.org/docs/
 Vendor:         Microsoft Corporation
 Distribution:   Azure Linux
 Source0:        https://github.com/conda/conda/archive/%{version}/%{name}-%{version}.tar.gz
 # bash completion script moved to a separate project
-Source1:        https://raw.githubusercontent.com/tartansandal/conda-bash-completion/1.5/conda
+Source1:        https://raw.githubusercontent.com/tartansandal/conda-bash-completion/1.7/conda
 Patch0:         conda_sys_prefix.patch
-Patch1:         conda_gateways_disk_create.patch
-# Fix typo
-Patch2:         conda-memoize.patch
+# Use main entry point for conda and re-add conda-env entry point, no need to run conda init
+Patch1:         0001-Use-main-entry-point-for-conda-and-re-add-conda-env-.patch
 # Use system cpuinfo
 Patch3:         conda-cpuinfo.patch
 
-Patch10001:     0001-Fix-toolz-imports.patch
-Patch10003:     0003-Drop-fs-path-encoding-manipulation-under-python2.patch
 Patch10004:     0004-Do-not-try-to-run-usr-bin-python.patch
 Patch10005:     0005-Fix-failing-tests-in-test_api.py.patch
 Patch10006:     0006-shell-assume-shell-plugins-are-in-etc.patch
-Patch10007:     0001-Add-back-conda-and-conda_env-entry-point.patch
-Patch10008:     0002-Go-back-to-ruamel_yaml.patch
 
 BuildArch:      noarch
 
-BuildRequires:  bash-completion-devel
+BuildRequires:  pkgconfig(bash-completion)
 %global bash_completionsdir %(pkg-config --variable=completionsdir bash-completion 2>/dev/null || echo '/etc/bash_completion.d')
+BuildRequires:  python3-hatch-vcs
+BuildRequires:  python3-hatchling
+BuildRequires:  python3-pathspec
+BuildRequires:  python3-pip
+BuildRequires:  python3-pluggy
+BuildRequires:  python3-setuptools
+BuildRequires:  python3-setuptools_scm
+BuildRequires:  python3-trove-classifiers
 BuildRequires:  sed
 
 Requires:       python%{python3_pkgversion}-conda = %{version}-%{release}
@@ -68,29 +69,33 @@ can only use conda to create and manage new environments.}
         python%{python3_pkgversion}-urllib3 >= 1.19.1
 %global py3_reqs %(c="%_py3_reqs"; echo "$c" | xargs)
 
+%package tests
+Summary:        conda tests
+
+%description tests
+Data for conda tests.  Set CONDA_TEST_DATA_DIR to
+%{_datadir}/conda/tests/data.
 
 %package -n python%{python3_pkgversion}-conda
 Summary:        %{summary}
 
 BuildRequires:  python%{python3_pkgversion}-devel
-BuildRequires:  python%{python3_pkgversion}-setuptools
+BuildRequires:  python%{python3_pkgversion}-setuptools_scm
 BuildRequires:  %py3_reqs
 
 # For tests
 BuildRequires:  python3
 %if 0%{?with_check}
-BuildRequires:  python3-pip
-BuildRequires:  python%{python3_pkgversion}-mock
-BuildRequires:  python%{python3_pkgversion}-pytest-cov
+BuildRequires:  python%{python3_pkgversion}-jsonpatch
+BuildRequires:  python%{python3_pkgversion}-pytest-mock
 BuildRequires:  python%{python3_pkgversion}-responses
 %endif
 
 Requires:       %py3_reqs
+# Some versions in conda/_vendor/vendor.txt
 Provides:       bundled(python%{python3_pkgversion}-appdirs) = 1.2.0
-Provides:       bundled(python%{python3_pkgversion}-auxlib)
-Provides:       bundled(python%{python3_pkgversion}-boltons) = 18.0.0
-Provides:       bundled(python%{python3_pkgversion}-six) = 1.10.0
-Provides:       bundled(python%{python3_pkgversion}-toolz) = 0.8.2
+Provides:       bundled(python%{python3_pkgversion}-auxlib) = 0.0.43
+Provides:       bundled(python%{python3_pkgversion}-boltons) = 21.0.0
 
 %{?python_provide:%python_provide python%{python3_pkgversion}-conda}
 
@@ -99,24 +104,32 @@ Provides:       bundled(python%{python3_pkgversion}-toolz) = 0.8.2
 %prep
 %autosetup -p1
 
-sed -r -i 's/^(__version__ = ).*/\1"%{version}"/' conda/__init__.py
-# xdoctest not packaged
-sed -i -e '/xdoctest/d' setup.cfg
+# Do not restrict upper bound of ruamel-yaml
+sed -i -e '/ruamel.yaml/s/,<[0-9.]*//' pyproject.toml
+
+# pytest-split/xdoctest not packaged, store-duration not needed
+sed -i -e '/splitting-algorithm/d' -e '/store-durations/d' -e '/xdoctest/d' pyproject.toml
 
 # delete interpreter line, the user can always call the file
 # explicitly as python3 /usr/lib/python3.6/site-packages/conda/_vendor/appdirs.py
 # or so.
 sed -r -i '1 {/#![/]usr[/]bin[/]env/d}' conda/_vendor/appdirs.py
 
-rm conda/_vendor/cpuinfo.py
-rm conda/_vendor/toolz/[a-zA-Z]*
+# Use Fedora's cpuinfo since it supports more arches
+rm -r conda/_vendor/cpuinfo
+sed -i -e '/^dependencies = /a\ \ "py-cpuinfo",' pyproject.toml
 
 # Use system versions
-# TODO - urllib3 - results in test failures: https://github.com/conda/conda/issues/9512
-#rm -r conda/_vendor/{distro.py,frozendict.py,tqdm,urllib3}
-#find conda -name \*.py | xargs sed -i -e 's/^\( *\)from .*_vendor\.\(\(distro\|frozendict\|tqdm\|urllib3\).*\) import/\1from \2 import/'
-rm -r conda/_vendor/{distro.py,frozendict.py,tqdm}
-find conda -name \*.py | xargs sed -i -e 's/^\( *\)from .*_vendor\.\(\(distro\|frozendict\|tqdm\).*\) import/\1from \2 import/'
+rm -r conda/_vendor/{distro.py,frozendict}
+find conda -name \*.py | xargs sed -i -e 's/^\( *\)from .*_vendor\.\(\(distro\|frozendict\).*\) import/\1from \2 import/'
+sed -i -e '/^dependencies = /a\ \ "distro",' pyproject.toml
+sed -i -e '/^dependencies = /a\ \ "frozendict",' pyproject.toml
+
+# Unpackaged - use vendored version
+sed -i -e '/"boltons *>/d' pyproject.toml
+
+# Unpackaged - really only applicable for macOS/Windows?
+sed -i -e '/"truststore *>/d' pyproject.toml
 
 %ifnarch x86_64
 # Tests on non-x86_64
@@ -124,17 +137,24 @@ cp -a tests/data/conda_format_repo/{linux-64,%{python3_platform}}
 sed -i -e s/linux-64/%{python3_platform}/ tests/data/conda_format_repo/%{python3_platform}/*json
 %endif
 
+# Do not run coverage in pytest
+sed -i -e '/"--cov/d' pyproject.toml
+
+%generate_buildrequires
+# When not testing, we don't need runtime dependencies.
+# Normally, we would still BuildRequire them to not accidentally build an uninstallable package,
+# but there is a runtime dependency loop with python3-conda-libmamba-solver.
+%pyproject_buildrequires %{!?with_check:-R}
 
 %build
-# build conda executable
-%define py_setup setup.py
-%py3_build
+%pyproject_wheel
 
 %install
-# install conda executable
-%define py_setup setup.py
-%py3_install
+%pyproject_install
+%py3_shebang_fix %{buildroot}%{python3_sitelib}/conda/shell/bin/conda
+%pyproject_save_files conda*
 
+mkdir -p %{buildroot}%{_sysconfdir}/conda/condarc.d
 mkdir -p %{buildroot}%{_datadir}/conda/condarc.d
 cat >%{buildroot}%{_datadir}/conda/condarc.d/defaults.yaml <<EOF
 pkgs_dirs:
@@ -142,21 +162,28 @@ pkgs_dirs:
  - ~/.conda/pkgs
 EOF
 
+mv %{buildroot}%{python3_sitelib}/tests %{buildroot}%{_datadir}/conda/
+cp -rp tests/data %{buildroot}%{_datadir}/conda/tests/
+
 mkdir -p %{buildroot}%{_localstatedir}/cache/conda/pkgs/cache
 
+# install does not create the directory on EL7
 install -m 0644 -Dt %{buildroot}/etc/profile.d/ conda/shell/etc/profile.d/conda.{sh,csh}
-sed -r -i '1i CONDA_EXE=%{_bindir}/conda' %{buildroot}/etc/profile.d/conda.sh
+sed -r -i -e '1i [ -z "$CONDA_EXE" ] && CONDA_EXE=%{_bindir}/conda' \
+          -e '/PATH=.*condabin/s|PATH=|[ -d $(dirname "$CONDA_EXE")/condabin ] \&\& PATH=|' %{buildroot}/etc/profile.d/conda.sh
 sed -r -i -e '1i set _CONDA_EXE=%{_bindir}/conda\nset _CONDA_ROOT=' \
           -e 's/CONDA_PFX=.*/CONDA_PFX=/' %{buildroot}/etc/profile.d/conda.csh
-install -m 0644 -Dt %{buildroot}/etc/fish/conf.d/ conda/shell/etc/fish/conf.d/conda.fish
+install -m 0644 -Dt %{buildroot}%{_datadir}/fish/vendor_conf.d/ conda/shell/etc/fish/conf.d/conda.fish
 sed -r -i -e '1i set -gx CONDA_EXE "/usr/bin/conda"\nset _CONDA_ROOT "/usr"\nset _CONDA_EXE "/usr/bin/conda"\nset -gx CONDA_PYTHON_EXE "/usr/bin/python3"' \
-          %{buildroot}/etc/fish/conf.d/conda.fish
+          %{buildroot}%{_datadir}/fish/vendor_conf.d/conda.fish
 
 # Install bash completion script
 install -m 0644 -Dt %{buildroot}%{bash_completionsdir}/ %SOURCE1
 
-
 %check
+%if 0%{?with_check}
+export PATH=%{buildroot}%{_bindir}:$PATH
+PYTHONPATH=%{buildroot}%{python3_sitelib} conda info
 
 # Integration tests generally require network, so skip them.
 
@@ -167,81 +194,135 @@ install -m 0644 -Dt %{buildroot}%{bash_completionsdir}/ %SOURCE1
 # test_cli.py::TestRun.test_run_returns_zero_errorlevel
 
 # test_ProgressiveFetchExtract_prefers_conda_v2_format, test_subdir_data_prefers_conda_to_tar_bz2,
-# test_use_only_tar_bz2 fail, but not with mock --enablerepo=local. Let's disable
+# test_use_only_tar_bz2 fail in F31 koji, but not with mock --enablerepo=local. Let's disable
 # them for now.
+# tests/env/test_create.py::test_create_update_remote_env_file requires network access
+# tests/cli/test_conda_argparse.py::test_list_through_python_api does not recognize /usr as a conda environment
+# tests/cli/test_main_{clean,info,list,list_reverse,rename}.py tests require network access
+# tests/cli/test_main_notices.py::test_notices_appear_once_when_running_decorated_commands needs a conda_build fixture that we remove
+# tests/cli/test_main_notices.py::test_notices_cannot_read_cache_files - TypeError: '<' not supported between instances of 'MagicMock' and 'int'
+# tests/cli/test_main_run.py require /usr/bin/conda to be installed
+# tests/cli/test_subcommands.py tests require network access
+# tests/cli/test_subcommands.py::test_rename seems to need an active environment
+# tests/test_misc.py::test_explicit_missing_cache_entries requires network access
 # tests/core/test_initialize.py tries to unlink /usr/bin/python3 and fails when python is a release candidate
 # tests/core/test_solve.py::test_cuda_fail_1 fails on non-x86_64
-
-# tests/base/test_context.py::ContextCustomRcTests::test_target_prefix 
-
-# The following fail trying to raise a pytest exception.
-# The tests change a file to read-only and expect an exception when trying to open the file for appending
-# The exception does occur for normal users but not for root 
-# Since root is required for pytest and build tools, skip:
-# tests/core/test_package_cache_data.py::test_instantiating_package_cache_when_both_tar_bz2_and_conda_exist_read_only \
-# tests/gateways/disk/test_delete.py::test_remove_file \
-# tests/gateways/disk/test_delete.py::test_remove_file_to_trash \
-# tests/gateways/disk/test_permissions.py::test_make_writable \
-# tests/gateways/disk/test_permissions.py::test_recursive_make_writable \
-# tests/gateways/disk/test_permissions.py::test_make_executable 
-
-mkdir /tmp
-export PATH=%{buildroot}%{_bindir}:$PATH
-PYTHONPATH=%{buildroot}%{python3_sitelib} conda info
-
-pip3 install atomicwrites>=1.3.0 \
-    attrs>=19.1.0 \
-    ruamel.yaml>=0.11.14 \
-    more-itertools>=7.0.0 \
-    pluggy>=0.11.0 \
-    pytest>=5.4.0 \
-    pytest-cov>=2.7.1 \
-    pytest-timeout \
-    pytest-rerunfailures
-
-python%{python3_version} -m pytest -vv -m "not integration" \
+# tests/core/test_solve.py libmamba - some depsolving differences - TODO
+# tests/core/test_solve.py libmamba - some depsolving differences - TODO
+# tests/core/test_prefix_graph.py libmamba - some depsolving differences - TODO
+# tests/trust/test_signature_verification.py requires conda_content_trust - not yet packaged
+py.test-%{python3_version} -vv -m "not integration" \
     --deselect=tests/test_cli.py::TestJson::test_list \
-    --deselect=tests/test_cli.py::TestRun::test_run_returns_int \
-    --deselect=tests/test_cli.py::TestRun::test_run_returns_nonzero_errorlevel \
-    --deselect=tests/test_cli.py::TestRun::test_run_returns_zero_errorlevel \
+    --deselect=tests/test_cli.py::test_run_returns_int \
+    --deselect=tests/test_cli.py::test_run_returns_nonzero_errorlevel \
+    --deselect=tests/test_cli.py::test_run_returns_zero_errorlevel \
+    --deselect=tests/test_cli.py::test_run_readonly_env \
+    --deselect=tests/test_misc.py::test_explicit_missing_cache_entries \
+    --ignore=tests/env/specs/test_binstar.py \
+    --deselect=tests/env/test_create.py::test_create_update_remote_env_file \
+    --deselect='tests/cli/test_common.py::test_is_active_prefix[active_prefix-True]' \
+    --deselect=tests/cli/test_config.py::test_conda_config_describe \
+    --deselect=tests/cli/test_config.py::test_conda_config_validate \
+    --deselect=tests/cli/test_config.py::test_conda_config_validate_sslverify_truststore \
+    --deselect=tests/cli/test_conda_argparse.py::test_list_through_python_api \
+    --deselect=tests/cli/test_main_clean.py \
+    --deselect=tests/cli/test_main_info.py::test_info_python_output \
+    --deselect=tests/cli/test_main_info.py::test_info_conda_json \
+    --deselect=tests/cli/test_main_list.py::test_list \
+    --deselect=tests/cli/test_main_list.py::test_list_reverse \
+    --deselect=tests/cli/test_main_notices.py::test_notices_appear_once_when_running_decorated_commands \
+    --deselect=tests/cli/test_main_notices.py::test_notices_cannot_read_cache_files \
+    --deselect=tests/cli/test_main_remove.py::test_remove_all \
+    --deselect=tests/cli/test_main_remove.py::test_remove_all_keep_env \
+    --deselect=tests/cli/test_main_rename.py \
+    --deselect=tests/cli/test_main_run.py \
+    --deselect=tests/cli/test_subcommands.py::test_create[libmamba] \
+    --deselect=tests/cli/test_subcommands.py::test_env_create \
+    --deselect=tests/cli/test_subcommands.py::test_env_update \
+    --deselect=tests/cli/test_subcommands.py::test_init \
+    --deselect=tests/cli/test_subcommands.py::test_install \
+    --deselect=tests/cli/test_subcommands.py::test_list \
+    --deselect=tests/cli/test_subcommands.py::test_notices \
+    --deselect=tests/cli/test_subcommands.py::test_remove_all_json[remove] \
+    --deselect=tests/cli/test_subcommands.py::test_remove_all_json[uninstall] \
+    --deselect=tests/cli/test_subcommands.py::test_rename \
+    --deselect=tests/cli/test_subcommands.py::test_run \
+    --deselect=tests/cli/test_subcommands.py::test_search \
+    --deselect=tests/cli/test_subcommands.py::test_update[libmamba-update] \
+    --deselect=tests/cli/test_subcommands.py::test_update[libmamba-upgrade] \
+    --deselect=tests/cli/test_subcommands.py::test_update[update] \
+    --deselect=tests/cli/test_subcommands.py::test_update[upgrade] \
     --deselect=tests/core/test_package_cache_data.py::test_ProgressiveFetchExtract_prefers_conda_v2_format \
     --deselect=tests/core/test_subdir_data.py::test_subdir_data_prefers_conda_to_tar_bz2 \
     --deselect=tests/core/test_subdir_data.py::test_use_only_tar_bz2 \
     --deselect=tests/core/test_initialize.py \
     --deselect=tests/core/test_solve.py::test_cuda_fail_1 \
-    --deselect=tests/base/test_context.py::ContextCustomRcTests::test_target_prefix \
-    --deselect=tests/core/test_package_cache_data.py::test_instantiating_package_cache_when_both_tar_bz2_and_conda_exist_read_only \
-    --deselect=tests/gateways/disk/test_delete.py::test_remove_file \
-    --deselect=tests/gateways/disk/test_delete.py::test_remove_file_to_trash \
-    --deselect=tests/gateways/disk/test_permissions.py::test_make_writable \
-    --deselect=tests/gateways/disk/test_permissions.py::test_recursive_make_writable \
-    --deselect=tests/gateways/disk/test_permissions.py::test_make_executable \
-    --deselect=tests/gateways/test_subprocess.py::test_subprocess_call_with_live_stream 
-
+    --deselect=tests/core/test_solve.py::test_conda_downgrade[libmamba] \
+    --deselect=tests/core/test_solve.py::test_python2_update[libmamba] \
+    --deselect=tests/core/test_solve.py::test_update_deps_2[libmamba] \
+    --deselect=tests/core/test_solve.py::test_fast_update_with_update_modifier_not_set[libmamba] \
+    --deselect=tests/core/test_solve.py::test_timestamps_1[libmamba] \
+    --deselect=tests/core/test_solve.py::test_remove_with_constrained_dependencies[libmamba] \
+    --deselect=tests/gateways/test_jlap.py::test_download_and_hash \
+    --deselect=tests/gateways/test_jlap.py::test_jlap_fetch_ssl[True] \
+    --deselect=tests/gateways/test_jlap.py::test_jlap_fetch_ssl[False] \
+    --deselect=tests/test_plan.py::test_pinned_specs_conda_meta_pinned \
+    --deselect=tests/test_plan.py::test_pinned_specs_condarc \
+    --deselect=tests/test_plan.py::test_pinned_specs_all \
+    --deselect=tests/cli/test_subcommands.py::test_compare[libmamba] \
+    --deselect=tests/cli/test_subcommands.py::test_package[libmamba] \
+    --deselect=tests/cli/test_subcommands.py::test_remove[libmamba-remove] \
+    --deselect=tests/cli/test_subcommands.py::test_remove[libmamba-uninstall] \
+    --deselect=tests/cli/test_subcommands.py::test_remove_all_json[libmamba-remove] \
+    --deselect=tests/cli/test_subcommands.py::test_remove_all_json[libmamba-uninstall] \
+    --deselect=tests/cli/test_subcommands.py::test_remove_all_json[classic-remove] \
+    --deselect=tests/cli/test_subcommands.py::test_remove_all_json[classic-uninstall] \
+    --deselect=tests/cli/test_subcommands.py::test_update[classic-update] \
+    --deselect=tests/cli/test_subcommands.py::test_update[classic-upgrade] \
+    --deselect=tests/cli/test_subcommands.py::test_env_remove[libmamba] \
+    --deselect=tests/cli/test_subcommands.py::test_env_config_vars[libmamba] \
+    --deselect=tests/core/test_subdir_data.py::test_subdir_data_coverage \
+    --deselect=tests/models/test_prefix_graph.py::test_prefix_graph_1[libmamba] \
+    --deselect=tests/models/test_prefix_graph.py::test_prefix_graph_2[libmamba] \
+    --deselect=tests/models/test_prefix_graph.py::test_remove_youngest_descendant_nodes_with_specs[libmamba] \
+    --deselect=tests/models/test_prefix_graph.py::test_deep_cyclical_dependency[libmamba] \
+    --deselect=tests/plugins/test_pre_solves.py::test_pre_solve_invoked \
+    --deselect=tests/plugins/test_post_solves.py::test_post_solve_action_raises_exception \
+    --deselect=tests/plugins/test_post_solves.py::test_post_solve_invoked \
+    --deselect=tests/plugins/subcommands/doctor/test_cli.py::test_conda_doctor_with_test_environment \
+    --deselect=tests/core/test_prefix_data.py::test_get_environment_env_vars \
+    --deselect=tests/core/test_prefix_data.py::test_set_unset_environment_env_vars \
+    --deselect=tests/core/test_prefix_data.py::test_set_unset_environment_env_vars_no_exist \
+    --ignore=tests/trust \
+    conda tests
+%endif
 
 %files
+%{_sysconfdir}/conda/
 %{_bindir}/conda
 %{_bindir}/conda-env
 %{bash_completionsdir}/conda
-# TODO - better ownership/requires for fish
-%dir /etc/fish
-%dir /etc/fish/conf.d
-/etc/fish/conf.d/conda.fish
+# TODO - better ownership for fish/vendor_conf.d
+%dir %{_datadir}/fish/vendor_conf.d
+%{_datadir}/fish/vendor_conf.d/conda.fish
 /etc/profile.d/conda.sh
 /etc/profile.d/conda.csh
 
-%files -n python%{python3_pkgversion}-conda
-%license LICENSE.txt
-%doc CHANGELOG.md README.rst
-%{python3_sitelib}/conda/
-%{python3_sitelib}/conda_env/
-%{python3_sitelib}/*.egg-info
-%exclude %{python3_sitelib}/test_data/
-%{_localstatedir}/cache/conda/
-%{_datadir}/conda/
+%files tests
+%{_datadir}/conda/tests/
 
+%files -n python%{python3_pkgversion}-conda -f %pyproject_files
+%doc CHANGELOG.md README.md
+%doc %{python3_sitelib}/conda-%{version}.dist-info/licenses/AUTHORS.md
+%license %{python3_sitelib}/conda-%{version}.dist-info/licenses/LICENSE
+%{_localstatedir}/cache/conda/
+%dir %{_datadir}/conda/
+%{_datadir}/conda/condarc.d/
 
 %changelog
+* Mon Apr 22 2024 Andrew Phelps <anphel@microsoft.com> - 24.1.2-1
+- Upgrade to version 24.1.2 referencing Fedora 40 (license: MIT)
+
 * Fri Jan 28 2022 Rachel Menge <rachelmenge@microsoft.com> - 4.11.0-1
 - Update source to 4.11.0
 
diff --git a/SPECS/conda/conda_gateways_disk_create.patch b/SPECS/conda/conda_gateways_disk_create.patch
deleted file mode 100644
index 713698faac6..00000000000
--- a/SPECS/conda/conda_gateways_disk_create.patch
+++ /dev/null
@@ -1,22 +0,0 @@
-diff -up conda-4.7.0/conda/gateways/disk/create.py.orig conda-4.7.0/conda/gateways/disk/create.py
---- conda-4.7.0/conda/gateways/disk/create.py.orig	2019-05-17 11:08:48.000000000 -0600
-+++ conda-4.7.0/conda/gateways/disk/create.py	2019-05-18 19:46:11.428298209 -0600
-@@ -28,7 +28,7 @@ from ...base.context import context
- from ...common.compat import on_win
- from ...common.path import ensure_pad, expand, win_path_double_escape, win_path_ok
- from ...common.serialize import json_dump
--from ...exceptions import BasicClobberError, CondaOSError, maybe_raise
-+from ...exceptions import BasicClobberError, CondaOSError, maybe_raise, NotWritableError
- from ...models.enums import FileMode, LinkType
- 
- 
-@@ -438,6 +438,9 @@ def create_package_cache_directory(pkgs_
-         sudo_safe = expand(pkgs_dir).startswith(expand('~'))
-         touch(join(pkgs_dir, PACKAGE_CACHE_MAGIC_FILE), mkdir=True, sudo_safe=sudo_safe)
-         touch(join(pkgs_dir, 'urls'), sudo_safe=sudo_safe)
-+    except NotWritableError:
-+        log.trace("cannot create package cache directory '%s'", pkgs_dir)
-+        return False
-     except (IOError, OSError) as e:
-         if e.errno in (EACCES, EPERM, EROFS):
-             log.trace("cannot create package cache directory '%s'", pkgs_dir)
diff --git a/SPECS/conda/conda_sys_prefix.patch b/SPECS/conda/conda_sys_prefix.patch
index f98271c0a38..5bf76b73fdf 100644
--- a/SPECS/conda/conda_sys_prefix.patch
+++ b/SPECS/conda/conda_sys_prefix.patch
@@ -1,14 +1,13 @@
 diff --git a/conda/__init__.py b/conda/__init__.py
-index 342f3ce..debf943 100644
+index 923ccde..2b64a72 100644
 --- a/conda/__init__.py
 +++ b/conda/__init__.py
-@@ -35,8 +35,7 @@ __copyright__ = "Copyright (c) 2012, Anaconda, Inc."
- __summary__ = __doc__
+@@ -28,7 +28,7 @@ __summary__ = __doc__
  __url__ = "https://github.com/conda/conda"
  
--if os.getenv('CONDA_ROOT') is None:
--    os.environ[str('CONDA_ROOT')] = sys.prefix
-+os.environ['CONDA_ROOT'] = '/usr/share/conda'
+ if os.getenv("CONDA_ROOT") is None:
+-    os.environ["CONDA_ROOT"] = sys.prefix
++    os.environ["CONDA_ROOT"] = '/usr/share/conda'
  
+ #: The conda package directory.
  CONDA_PACKAGE_ROOT = abspath(dirname(__file__))
- 
\ No newline at end of file
diff --git a/cgmanifest.json b/cgmanifest.json
index f9bbc6bc1fa..5e300f63daf 100644
--- a/cgmanifest.json
+++ b/cgmanifest.json
@@ -1967,8 +1967,8 @@
         "type": "other",
         "other": {
           "name": "conda",
-          "version": "4.11.0",
-          "downloadUrl": "https://github.com/conda/conda/archive/4.11.0/conda-4.11.0.tar.gz"
+          "version": "24.1.2",
+          "downloadUrl": "https://github.com/conda/conda/archive/24.1.2/conda-24.1.2.tar.gz"
         }
       }
     },

From c117ccd6d26a127f78cb95e2fcc4267318b62ba5 Mon Sep 17 00:00:00 2001
From: Tobias Brick <39196763+tobiasb-ms@users.noreply.github.com>
Date: Tue, 23 Apr 2024 16:34:09 -0700
Subject: [PATCH 32/62] openssl: Add FIPS_mode patch back for backward
 compatability (#8881)

Adds back a patch that was removed by change #7274 removed several FIPS-specific patches. Most of those were about implementing FIPS, which we will do through SymCrypt. But it included a patch that creates a adds back an API that was removed in openssl 3, to maintain back-compat for other packages.
---
 ...08-Add-FIPS_mode-compatibility-macro.patch | 83 +++++++++++++++++++
 SPECS/openssl/openssl.spec                    |  7 +-
 .../manifests/package/pkggen_core_aarch64.txt | 10 +--
 .../manifests/package/pkggen_core_x86_64.txt  | 10 +--
 .../manifests/package/toolchain_aarch64.txt   | 12 +--
 .../manifests/package/toolchain_x86_64.txt    | 12 +--
 6 files changed, 111 insertions(+), 23 deletions(-)
 create mode 100644 SPECS/openssl/0008-Add-FIPS_mode-compatibility-macro.patch

diff --git a/SPECS/openssl/0008-Add-FIPS_mode-compatibility-macro.patch b/SPECS/openssl/0008-Add-FIPS_mode-compatibility-macro.patch
new file mode 100644
index 00000000000..c05aa798755
--- /dev/null
+++ b/SPECS/openssl/0008-Add-FIPS_mode-compatibility-macro.patch
@@ -0,0 +1,83 @@
+From 8e29a10b39a649d751870eb1fd1b8c388e66acc3 Mon Sep 17 00:00:00 2001
+From: rpm-build <rpm-build>
+Date: Mon, 31 Jul 2023 09:41:27 +0200
+Subject: [PATCH 08/35] 0008-Add-FIPS_mode-compatibility-macro.patch
+
+Patch-name: 0008-Add-FIPS_mode-compatibility-macro.patch
+Patch-id: 8
+Patch-status: |
+    # Add FIPS_mode() compatibility macro
+From-dist-git-commit: 9409bc7044cf4b5773639cce20f51399888c45fd
+---
+ include/openssl/fips.h | 26 ++++++++++++++++++++++++++
+ test/property_test.c   | 14 ++++++++++++++
+ 2 files changed, 40 insertions(+)
+ create mode 100644 include/openssl/fips.h
+
+diff --git a/include/openssl/fips.h b/include/openssl/fips.h
+new file mode 100644
+index 0000000000..4162cbf88e
+--- /dev/null
++++ b/include/openssl/fips.h
+@@ -0,0 +1,26 @@
++/*
++ * Copyright 2016-2020 The OpenSSL Project Authors. All Rights Reserved.
++ *
++ * Licensed under the Apache License 2.0 (the "License").  You may not use
++ * this file except in compliance with the License.  You can obtain a copy
++ * in the file LICENSE in the source distribution or at
++ * https://www.openssl.org/source/license.html
++ */
++
++#ifndef OPENSSL_FIPS_H
++# define OPENSSL_FIPS_H
++# pragma once
++
++# include <openssl/evp.h>
++# include <openssl/macros.h>
++
++# ifdef __cplusplus
++extern "C" {
++# endif
++
++# define FIPS_mode() EVP_default_properties_is_fips_enabled(NULL)
++
++# ifdef __cplusplus
++}
++# endif
++#endif
+diff --git a/test/property_test.c b/test/property_test.c
+index 45b1db3e85..8894c1c1cb 100644
+--- a/test/property_test.c
++++ b/test/property_test.c
+@@ -677,6 +677,19 @@ static int test_property_list_to_string(int i)
+     return ret;
+ }
+ 
++#include <openssl/fips.h>
++static int test_downstream_FIPS_mode(void)
++{
++    int ret = 0;
++
++    ret = TEST_true(EVP_set_default_properties(NULL, "fips=yes"))
++          && TEST_true(FIPS_mode())
++          && TEST_true(EVP_set_default_properties(NULL, "fips=no"))
++          && TEST_false(FIPS_mode());
++
++    return ret;
++}
++
+ int setup_tests(void)
+ {
+     ADD_TEST(test_property_string);
+@@ -690,6 +703,7 @@ int setup_tests(void)
+     ADD_TEST(test_property);
+     ADD_TEST(test_query_cache_stochastic);
+     ADD_TEST(test_fips_mode);
++    ADD_TEST(test_downstream_FIPS_mode);
+     ADD_ALL_TESTS(test_property_list_to_string, OSSL_NELEM(to_string_tests));
+     return 1;
+ }
+-- 
+2.41.0
+
diff --git a/SPECS/openssl/openssl.spec b/SPECS/openssl/openssl.spec
index 7fbcb0bc7a1..b1ac8dd4f4e 100644
--- a/SPECS/openssl/openssl.spec
+++ b/SPECS/openssl/openssl.spec
@@ -9,7 +9,7 @@
 Summary: Utilities from the general purpose cryptography library with TLS implementation
 Name: openssl
 Version: 3.1.4
-Release: 7%{?dist}
+Release: 8%{?dist}
 Vendor:         Microsoft Corporation
 Distribution:   Azure Linux
 Source: https://www.openssl.org/source/openssl-%{version}.tar.gz
@@ -29,6 +29,8 @@ Patch3:   0003-Do-not-install-html-docs.patch
 Patch5:   0005-apps-ca-fix-md-option-help-text.patch
 # # Disable signature verification with totally unsafe hash algorithms
 Patch6:   0006-Disable-signature-verification-with-totally-unsafe-h.patch
+# # Add FIPS_mode() compatibility macro
+Patch8:   0008-Add-FIPS_mode-compatibility-macro.patch
 # # Add check to see if fips flag is enabled in kernel
 Patch9: 0009-Add-Kernel-FIPS-mode-flag-support.patch
 # # Add support for PROFILE=SYSTEM system default cipherlist
@@ -354,6 +356,9 @@ install -m644 %{SOURCE9} \
 %ldconfig_scriptlets libs
 
 %changelog
+* Tue Apr 23 2024 Tobias Brick <tobiasb@microsoft.com> - 3.1.4-8
+- Add FIPS_mode patch back for compatibility
+
 * Tue Apr 16 2024 Tobias Brick <tobiasb@microsoft.com> - 3.1.4-7
 - Change config to load symcrypt provider if present
 
diff --git a/toolkit/resources/manifests/package/pkggen_core_aarch64.txt b/toolkit/resources/manifests/package/pkggen_core_aarch64.txt
index 8f0dd957a42..28e2cdab908 100644
--- a/toolkit/resources/manifests/package/pkggen_core_aarch64.txt
+++ b/toolkit/resources/manifests/package/pkggen_core_aarch64.txt
@@ -165,11 +165,11 @@ texinfo-7.0.3-1.azl3.aarch64.rpm
 gtk-doc-1.33.2-1.azl3.noarch.rpm
 autoconf-2.72-1.azl3.noarch.rpm
 automake-1.16.5-1.azl3.noarch.rpm
-openssl-3.1.4-7.azl3.aarch64.rpm
-openssl-devel-3.1.4-7.azl3.aarch64.rpm
-openssl-libs-3.1.4-7.azl3.aarch64.rpm
-openssl-perl-3.1.4-7.azl3.aarch64.rpm
-openssl-static-3.1.4-7.azl3.aarch64.rpm
+openssl-3.1.4-8.azl3.aarch64.rpm
+openssl-devel-3.1.4-8.azl3.aarch64.rpm
+openssl-libs-3.1.4-8.azl3.aarch64.rpm
+openssl-perl-3.1.4-8.azl3.aarch64.rpm
+openssl-static-3.1.4-8.azl3.aarch64.rpm
 libcap-2.69-1.azl3.aarch64.rpm
 libcap-devel-2.69-1.azl3.aarch64.rpm
 debugedit-5.0-2.azl3.aarch64.rpm
diff --git a/toolkit/resources/manifests/package/pkggen_core_x86_64.txt b/toolkit/resources/manifests/package/pkggen_core_x86_64.txt
index 47495c3abd7..ac0cbcc78b5 100644
--- a/toolkit/resources/manifests/package/pkggen_core_x86_64.txt
+++ b/toolkit/resources/manifests/package/pkggen_core_x86_64.txt
@@ -165,11 +165,11 @@ texinfo-7.0.3-1.azl3.x86_64.rpm
 gtk-doc-1.33.2-1.azl3.noarch.rpm
 autoconf-2.72-1.azl3.noarch.rpm
 automake-1.16.5-1.azl3.noarch.rpm
-openssl-3.1.4-7.azl3.x86_64.rpm
-openssl-devel-3.1.4-7.azl3.x86_64.rpm
-openssl-libs-3.1.4-7.azl3.x86_64.rpm
-openssl-perl-3.1.4-7.azl3.x86_64.rpm
-openssl-static-3.1.4-7.azl3.x86_64.rpm
+openssl-3.1.4-8.azl3.x86_64.rpm
+openssl-devel-3.1.4-8.azl3.x86_64.rpm
+openssl-libs-3.1.4-8.azl3.x86_64.rpm
+openssl-perl-3.1.4-8.azl3.x86_64.rpm
+openssl-static-3.1.4-8.azl3.x86_64.rpm
 libcap-2.69-1.azl3.x86_64.rpm
 libcap-devel-2.69-1.azl3.x86_64.rpm
 debugedit-5.0-2.azl3.x86_64.rpm
diff --git a/toolkit/resources/manifests/package/toolchain_aarch64.txt b/toolkit/resources/manifests/package/toolchain_aarch64.txt
index 0ee2f4e2598..86fb1d39207 100644
--- a/toolkit/resources/manifests/package/toolchain_aarch64.txt
+++ b/toolkit/resources/manifests/package/toolchain_aarch64.txt
@@ -275,12 +275,12 @@ npth-1.6-4.azl3.aarch64.rpm
 npth-debuginfo-1.6-4.azl3.aarch64.rpm
 npth-devel-1.6-4.azl3.aarch64.rpm
 ntsysv-1.25-1.azl3.aarch64.rpm
-openssl-3.1.4-7.azl3.aarch64.rpm
-openssl-debuginfo-3.1.4-7.azl3.aarch64.rpm
-openssl-devel-3.1.4-7.azl3.aarch64.rpm
-openssl-libs-3.1.4-7.azl3.aarch64.rpm
-openssl-perl-3.1.4-7.azl3.aarch64.rpm
-openssl-static-3.1.4-7.azl3.aarch64.rpm
+openssl-3.1.4-8.azl3.aarch64.rpm
+openssl-debuginfo-3.1.4-8.azl3.aarch64.rpm
+openssl-devel-3.1.4-8.azl3.aarch64.rpm
+openssl-libs-3.1.4-8.azl3.aarch64.rpm
+openssl-perl-3.1.4-8.azl3.aarch64.rpm
+openssl-static-3.1.4-8.azl3.aarch64.rpm
 p11-kit-0.25.0-1.azl3.aarch64.rpm
 p11-kit-debuginfo-0.25.0-1.azl3.aarch64.rpm
 p11-kit-devel-0.25.0-1.azl3.aarch64.rpm
diff --git a/toolkit/resources/manifests/package/toolchain_x86_64.txt b/toolkit/resources/manifests/package/toolchain_x86_64.txt
index 339dabbc182..1c8f24211f6 100644
--- a/toolkit/resources/manifests/package/toolchain_x86_64.txt
+++ b/toolkit/resources/manifests/package/toolchain_x86_64.txt
@@ -281,12 +281,12 @@ npth-1.6-4.azl3.x86_64.rpm
 npth-debuginfo-1.6-4.azl3.x86_64.rpm
 npth-devel-1.6-4.azl3.x86_64.rpm
 ntsysv-1.25-1.azl3.x86_64.rpm
-openssl-3.1.4-7.azl3.x86_64.rpm
-openssl-debuginfo-3.1.4-7.azl3.x86_64.rpm
-openssl-devel-3.1.4-7.azl3.x86_64.rpm
-openssl-libs-3.1.4-7.azl3.x86_64.rpm
-openssl-perl-3.1.4-7.azl3.x86_64.rpm
-openssl-static-3.1.4-7.azl3.x86_64.rpm
+openssl-3.1.4-8.azl3.x86_64.rpm
+openssl-debuginfo-3.1.4-8.azl3.x86_64.rpm
+openssl-devel-3.1.4-8.azl3.x86_64.rpm
+openssl-libs-3.1.4-8.azl3.x86_64.rpm
+openssl-perl-3.1.4-8.azl3.x86_64.rpm
+openssl-static-3.1.4-8.azl3.x86_64.rpm
 p11-kit-0.25.0-1.azl3.x86_64.rpm
 p11-kit-debuginfo-0.25.0-1.azl3.x86_64.rpm
 p11-kit-devel-0.25.0-1.azl3.x86_64.rpm

From fec8708f5c1c91d6b2b3c417621316ece06835a5 Mon Sep 17 00:00:00 2001
From: Andrew Phelps <anphel31@users.noreply.github.com>
Date: Wed, 24 Apr 2024 01:36:35 -0700
Subject: [PATCH 33/62] frr: upgrade to 9.1 (#8884)

---
 SPECS/frr/0000-remove-babeld-and-ldpd.patch   |  2 +-
 SPECS/frr/0001-enable-openssl.patch           |  8 ++--
 SPECS/frr/0003-fips-mode.patch                |  6 +--
 SPECS/frr/0004-remove-grpc-test.patch         |  4 +-
 ...08-Add-FIPS_mode-compatibility-macro.patch | 48 +++++++++++++++++++
 SPECS/frr/frr.signatures.json                 |  2 +-
 SPECS/frr/frr.spec                            | 20 +++++---
 SPECS/libyang/libyang.signatures.json         |  2 +-
 SPECS/libyang/libyang.spec                    |  5 +-
 cgmanifest.json                               |  8 ++--
 10 files changed, 81 insertions(+), 24 deletions(-)
 create mode 100644 SPECS/frr/0008-Add-FIPS_mode-compatibility-macro.patch

diff --git a/SPECS/frr/0000-remove-babeld-and-ldpd.patch b/SPECS/frr/0000-remove-babeld-and-ldpd.patch
index 4fac02b7389..b355ce64942 100644
--- a/SPECS/frr/0000-remove-babeld-and-ldpd.patch
+++ b/SPECS/frr/0000-remove-babeld-and-ldpd.patch
@@ -16,9 +16,9 @@ index 5be3264..33abc1d 100644
  	snapcraft/helpers \
  	snapcraft/snap \
 -	babeld/Makefile \
+ 	mgmtd/Makefile \
  	bgpd/Makefile \
  	bgpd/rfp-example/librfp/Makefile \
- 	bgpd/rfp-example/rfptest/Makefile \
 @@ -193,7 +190,6 @@ EXTRA_DIST += \
  	fpm/Makefile \
  	grpc/Makefile \
diff --git a/SPECS/frr/0001-enable-openssl.patch b/SPECS/frr/0001-enable-openssl.patch
index fa30a88dbf8..5101f067213 100644
--- a/SPECS/frr/0001-enable-openssl.patch
+++ b/SPECS/frr/0001-enable-openssl.patch
@@ -8,8 +8,8 @@ index 0b7af18..0533e24 100644
  	lib/log_vty.c \
 -	lib/md5.c \
  	lib/memory.c \
- 	lib/mlag.c \
- 	lib/module.c \
+ 	lib/mgmt_be_client.c \
+ 	lib/mgmt_fe_client.c \
 @@ -64,7 +64,6 @@ lib_libfrr_la_SOURCES = \
  	lib/routemap_northbound.c \
  	lib/sbuf.c \
@@ -24,8 +24,8 @@ index 0b7af18..0533e24 100644
  	lib/log_vty.h \
 -	lib/md5.h \
  	lib/memory.h \
- 	lib/module.h \
- 	lib/monotime.h \
+ 	lib/mgmt.pb-c.h \
+ 	lib/mgmt_be_client.h \
 @@ -191,7 +190,6 @@ pkginclude_HEADERS += \
  	lib/route_opaque.h \
  	lib/sbuf.h \
diff --git a/SPECS/frr/0003-fips-mode.patch b/SPECS/frr/0003-fips-mode.patch
index deedf14f3b2..ed324e8eed1 100644
--- a/SPECS/frr/0003-fips-mode.patch
+++ b/SPECS/frr/0003-fips-mode.patch
@@ -3,8 +3,8 @@ index 631465f..e084ff3 100644
 --- a/ospfd/ospf_vty.c
 +++ b/ospfd/ospf_vty.c
 @@ -1136,6 +1136,11 @@ DEFUN (ospf_area_vlink,
- 
- 	if (argv_find(argv, argc, "message-digest", &idx)) {
+ 		vl_config.keychain = argv[idx+1]->arg;
+ 	} else if (argv_find(argv, argc, "message-digest", &idx)) {
  		/* authentication message-digest */
 +		if(FIPS_mode())
 +		{
@@ -41,7 +41,7 @@ index 631465f..e084ff3 100644
 +		}
  		SET_IF_PARAM(params, auth_type);
  		params->auth_type = OSPF_AUTH_CRYPTOGRAPHIC;
- 		return CMD_SUCCESS;
+ 		UNSET_IF_PARAM(params, keychain_name);
 @@ -6971,6 +6990,11 @@ DEFUN (ip_ospf_message_digest_key,
         "The OSPF password (key)\n"
         "Address of interface\n")
diff --git a/SPECS/frr/0004-remove-grpc-test.patch b/SPECS/frr/0004-remove-grpc-test.patch
index c669b748ded..a22d9d698ac 100644
--- a/SPECS/frr/0004-remove-grpc-test.patch
+++ b/SPECS/frr/0004-remove-grpc-test.patch
@@ -3,8 +3,8 @@ index 7b5eaa4..5c82f69 100644
 --- a/tests/lib/subdir.am
 +++ b/tests/lib/subdir.am
 @@ -18,18 +18,6 @@ tests_lib_test_frrscript_SOURCES = tests/lib/test_frrscript.c
- EXTRA_DIST += tests/lib/test_frrscript.py
- 
+ 	test -e tests/lib/script1.lua || \
+ 	$(INSTALL_SCRIPT) $< tests/lib/script1.lua
  
 -##############################################################################
 -GRPC_TESTS_LDADD = staticd/libstatic.a grpc/libfrrgrpc_pb.la -lgrpc++ -lprotobuf $(ALL_TESTS_LDADD) $(LIBYANG_LIBS) -lm
diff --git a/SPECS/frr/0008-Add-FIPS_mode-compatibility-macro.patch b/SPECS/frr/0008-Add-FIPS_mode-compatibility-macro.patch
new file mode 100644
index 00000000000..a0c998ce125
--- /dev/null
+++ b/SPECS/frr/0008-Add-FIPS_mode-compatibility-macro.patch
@@ -0,0 +1,48 @@
+From 8e29a10b39a649d751870eb1fd1b8c388e66acc3 Mon Sep 17 00:00:00 2001
+From: rpm-build <rpm-build>
+Date: Mon, 31 Jul 2023 09:41:27 +0200
+Subject: [PATCH 08/35] 0008-Add-FIPS_mode-compatibility-macro.patch
+
+Patch-name: 0008-Add-FIPS_mode-compatibility-macro.patch
+Patch-id: 8
+Patch-status: |
+    # Add FIPS_mode() compatibility macro
+From-dist-git-commit: 9409bc7044cf4b5773639cce20f51399888c45fd
+---
+ include/openssl/fips.h | 26 ++++++++++++++++++++++++++
+ test/property_test.c   | 14 ++++++++++++++
+ 2 files changed, 40 insertions(+)
+ create mode 100644 include/openssl/fips.h
+
+diff --git a/include/openssl/fips.h b/include/openssl/fips.h
+new file mode 100644
+index 0000000000..4162cbf88e
+--- /dev/null
++++ b/include/openssl/fips.h
+@@ -0,0 +1,26 @@
++/*
++ * Copyright 2016-2020 The OpenSSL Project Authors. All Rights Reserved.
++ *
++ * Licensed under the Apache License 2.0 (the "License").  You may not use
++ * this file except in compliance with the License.  You can obtain a copy
++ * in the file LICENSE in the source distribution or at
++ * https://www.openssl.org/source/license.html
++ */
++
++#ifndef OPENSSL_FIPS_H
++# define OPENSSL_FIPS_H
++# pragma once
++
++# include <openssl/evp.h>
++# include <openssl/macros.h>
++
++# ifdef __cplusplus
++extern "C" {
++# endif
++
++# define FIPS_mode() EVP_default_properties_is_fips_enabled(NULL)
++
++# ifdef __cplusplus
++}
++# endif
++#endif
diff --git a/SPECS/frr/frr.signatures.json b/SPECS/frr/frr.signatures.json
index b13f71132b3..fc23ab5b688 100644
--- a/SPECS/frr/frr.signatures.json
+++ b/SPECS/frr/frr.signatures.json
@@ -1,6 +1,6 @@
 {
  "Signatures": {
-  "frr-8.5.3.tar.gz": "5f0d9e47e2621ad01307764df8a228ed0a4ae18f58e8912d638cb8db2c072d78",
+  "frr-9.1.tar.gz": "c4516fa3ef4286c665af809cfbe3a6e7e24a254a7bfb7247e1f7744dcd3bd5da",
   "frr-sysusers.conf": "c6f5a54402aa5f11e21dac3bd0e6cdeadfbf7937e9b34775b5fd368a9ca96fa4",
   "frr-tmpfiles.conf": "edd7b01b11f2be66bb6b4531496d1eaf6536add9f4b549c659b27f5a32cdc512"
  }
diff --git a/SPECS/frr/frr.spec b/SPECS/frr/frr.spec
index 1f08ed9ba29..48b8bf8e1f6 100644
--- a/SPECS/frr/frr.spec
+++ b/SPECS/frr/frr.spec
@@ -2,8 +2,8 @@
 
 Summary:        Routing daemon
 Name:           frr
-Version:        8.5.3
-Release:        2%{?dist}
+Version:        9.1
+Release:        1%{?dist}
 License:        GPL-2.0-or-later
 Vendor:         Microsoft Corporation
 Distribution:   Azure Linux
@@ -16,6 +16,8 @@ Patch1:         0001-enable-openssl.patch
 Patch2:         0002-disable-eigrp-crypto.patch
 Patch3:         0003-fips-mode.patch
 Patch4:         0004-remove-grpc-test.patch
+Patch5:         0008-Add-FIPS_mode-compatibility-macro.patch
+
 BuildRequires:  autoconf
 BuildRequires:  automake
 BuildRequires:  bison
@@ -24,8 +26,6 @@ BuildRequires:  flex
 BuildRequires:  gcc
 BuildRequires:  gcc-c++
 BuildRequires:  groff
-BuildRequires:  grpc-devel
-BuildRequires:  grpc-plugins
 BuildRequires:  json-c-devel
 BuildRequires:  libcap-devel
 BuildRequires:  libtool
@@ -38,6 +38,7 @@ BuildRequires:  pam-devel
 BuildRequires:  patch
 BuildRequires:  perl-XML-LibXML
 BuildRequires:  perl-generators
+BuildRequires:  protobuf-c-devel
 BuildRequires:  python3-devel
 BuildRequires:  python3-sphinx
 BuildRequires:  re2-devel
@@ -69,6 +70,8 @@ FRRouting is a fork of Quagga.
 
 %prep
 %autosetup -p1 -n %{name}-%{name}-%{version}
+# C++14 or later needed for abseil-cpp 20230125; string_view needs C++17:
+sed -r -i 's/(AX_CXX_COMPILE_STDCXX\(\[)11(\])/\117\2/' configure.ac
 
 %build
 autoreconf -ivf
@@ -95,8 +98,7 @@ autoreconf -ivf
     --disable-babeld \
     --with-moduledir=%{_libdir}/frr/modules \
     --with-crypto=openssl \
-    --enable-fpm \
-    --enable-grpc
+    --enable-fpm
 
 %make_build MAKEINFO="makeinfo --no-split" PYTHON=python3
 
@@ -163,7 +165,7 @@ fi
 %systemd_preun frr.service
 
 %check
-%{python3} -m pip install atomicwrites attrs docutils pluggy pygments six more-itertools
+%{python3} -m pip install atomicwrites attrs docutils pluggy pygments six more-itertools iniconfig
 #this should be temporary, the grpc test is just badly designed
 rm tests/lib/*grpc*
 %make_build check PYTHON=python3
@@ -197,6 +199,10 @@ rm tests/lib/*grpc*
 %{_sysusersdir}/%{name}.conf
 
 %changelog
+* Tue Apr 23 2024 Andrew Phelps <anphel@microsoft.com> - 9.1-1
+- Upgrade to version 9.1
+- Remove `--enable-grpc`
+
 * Wed Sep 20 2023 Jon Slobodzian <joslobo@microsoft.com> - 8.5.3-2
 - Recompile with stack-protection fixed gcc version (CVE-2023-4039)
 
diff --git a/SPECS/libyang/libyang.signatures.json b/SPECS/libyang/libyang.signatures.json
index 1de8a0dcf93..6da4d2c5b0f 100644
--- a/SPECS/libyang/libyang.signatures.json
+++ b/SPECS/libyang/libyang.signatures.json
@@ -1,5 +1,5 @@
 {
   "Signatures": {
-    "libyang-2.1.111.tar.gz": "3e52b922fcf371933ad7de1686ad83504e3358236e7817b5af795b0db52fa221"
+    "libyang-2.1.148.tar.gz": "77a0aaaeb3df720aeb70d6896e32e2c2be099d48df73e3cfb52567051af3e44b"
   }
 }
diff --git a/SPECS/libyang/libyang.spec b/SPECS/libyang/libyang.spec
index d3dbc3d3a61..a8478fb8abd 100644
--- a/SPECS/libyang/libyang.spec
+++ b/SPECS/libyang/libyang.spec
@@ -1,6 +1,6 @@
 Summary:        YANG data modeling language library
 Name:           libyang
-Version:        2.1.111
+Version:        2.1.148
 Release:        1%{?dist}
 License:        BSD
 Vendor:         Microsoft Corporation
@@ -91,6 +91,9 @@ cp -a doc/html %{buildroot}/%{_docdir}/libyang/html
 %{_docdir}/libyang
 
 %changelog
+* Tue Apr 23 2024 Andrew Phelps <anphel@microsoft.com> - 2.1.148-1
+- Upgrade to version 2.1.148
+
 * Fri Oct 27 2023 CBL-Mariner Servicing Account <cblmargh@microsoft.com> - 2.1.111-1
 - Auto-upgrade to 2.1.111 - Azure Linux 3.0 - package upgrades
 
diff --git a/cgmanifest.json b/cgmanifest.json
index 5e300f63daf..35f04bfde6f 100644
--- a/cgmanifest.json
+++ b/cgmanifest.json
@@ -3910,8 +3910,8 @@
         "type": "other",
         "other": {
           "name": "frr",
-          "version": "8.5.3",
-          "downloadUrl": "https://github.com/FRRouting/frr/archive/refs/tags/frr-8.5.3.tar.gz"
+          "version": "9.1",
+          "downloadUrl": "https://github.com/FRRouting/frr/archive/refs/tags/frr-9.1.tar.gz"
         }
       }
     },
@@ -11971,8 +11971,8 @@
         "type": "other",
         "other": {
           "name": "libyang",
-          "version": "2.1.111",
-          "downloadUrl": "https://github.com/CESNET/libyang/archive/refs/tags/v2.1.111.tar.gz"
+          "version": "2.1.148",
+          "downloadUrl": "https://github.com/CESNET/libyang/archive/refs/tags/v2.1.148.tar.gz"
         }
       }
     },

From cee2f6ca26449c4c745919a81cc11161eb313f03 Mon Sep 17 00:00:00 2001
From: Dan Streetman <ddstreet@microsoft.com>
Date: Wed, 24 Apr 2024 10:34:04 -0400
Subject: [PATCH 34/62] systemd: adjust /lib/pam.d/systemd-user to include
 correct pam files

While Fedora uses a single 'system-auth' file to contain common
configuration for all pam types, azurelinux uses separate files per
pam type, i.e. 'system-account', 'system-session', etc.
---
 ...linux-use-system-auth-in-pam-systemd-user.patch} | 13 +++++++++++--
 SPECS/systemd/systemd.spec                          |  9 +++++++--
 2 files changed, 18 insertions(+), 4 deletions(-)
 rename SPECS/systemd/{fedora-use-system-auth-in-pam-systemd-user.patch => azurelinux-use-system-auth-in-pam-systemd-user.patch} (67%)

diff --git a/SPECS/systemd/fedora-use-system-auth-in-pam-systemd-user.patch b/SPECS/systemd/azurelinux-use-system-auth-in-pam-systemd-user.patch
similarity index 67%
rename from SPECS/systemd/fedora-use-system-auth-in-pam-systemd-user.patch
rename to SPECS/systemd/azurelinux-use-system-auth-in-pam-systemd-user.patch
index df820e288c6..3fe54c83aa0 100644
--- a/SPECS/systemd/fedora-use-system-auth-in-pam-systemd-user.patch
+++ b/SPECS/systemd/azurelinux-use-system-auth-in-pam-systemd-user.patch
@@ -3,6 +3,15 @@ From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
 Date: Wed, 14 Dec 2022 22:24:53 +0100
 Subject: [PATCH] fedora: use system-auth in pam systemd-user
 
+
+NOTE change for azurelinux:
+
+This patch from Fedora has been renamed to 'azurelinux-...', and
+adjusted to use 'system-account' and 'system-session' instead of the
+single 'system-auth'; in Fedora all the pam types are included in the
+single 'system-auth' file, while in azurelinux each pam type is in its
+own-named file (i.e. 'system-account', 'system-session', etc).
+
 ---
  src/login/systemd-user.in | 4 ++--
  1 file changed, 2 insertions(+), 2 deletions(-)
@@ -16,7 +25,7 @@ index 8a3c9e0165..74ef5f2552 100644
  {% endif %}
  account  sufficient pam_unix.so no_pass_expiry
 -account  required   pam_permit.so
-+account  include    system-auth
++account  include    system-account
  
  {% if HAVE_SELINUX %}
  session  required   pam_selinux.so close
@@ -25,7 +34,7 @@ index 8a3c9e0165..74ef5f2552 100644
  {% endif %}
  session  optional   pam_umask.so silent
 -session  optional   pam_systemd.so
-+session  include    system-auth
++session  include    system-session
 -- 
 2.41.0
 
diff --git a/SPECS/systemd/systemd.spec b/SPECS/systemd/systemd.spec
index 09af05fd526..a6604f1c5d3 100644
--- a/SPECS/systemd/systemd.spec
+++ b/SPECS/systemd/systemd.spec
@@ -50,7 +50,7 @@ Version:        255
 # determine the build information from local checkout
 Version:        %(tools/meson-vcs-tag.sh . error | sed -r 's/-([0-9])/.^\1/; s/-g/_g/')
 %endif
-Release:        10%{?dist}
+Release:        11%{?dist}
 
 # FIXME - hardcode to 'stable' for now as that's what we have in our blobstore
 %global stable 1
@@ -127,7 +127,9 @@ Patch0001:      https://github.com/systemd/systemd/pull/26494.patch
 Patch0490:      use-bfq-scheduler.patch
 
 # Adjust upstream config to use our shared stack
-Patch0491:      fedora-use-system-auth-in-pam-systemd-user.patch
+# NOTE: the patch was based on the fedora patch, but renamed to
+# 'azurelinux-...' and modified for our 'system-*' pam files
+Patch0491:      azurelinux-use-system-auth-in-pam-systemd-user.patch
 
 # Patches for Azure Linux
 Patch0900:      do-not-test-openssl-sm3.patch
@@ -1190,6 +1192,9 @@ rm -f %{name}.lang
 # %autochangelog. So we need to continue manually maintaining the
 # changelog here.
 %changelog
+* Wed Apr 24 2024 Dan Streetman <ddstreet@microsoft.com> - 255-11
+- adjust pam.d/systemd-user file to include correct pam files
+
 * Mon Apr 15 2024 Henry Li <lihl@microsoft.com> - 255-10
 - Add patch to allow configurability of "UseDomains=" for networkd
 

From 76e811e134946b1ffc1366618b284de8438a0415 Mon Sep 17 00:00:00 2001
From: Tobias Brick <39196763+tobiasb-ms@users.noreply.github.com>
Date: Wed, 24 Apr 2024 10:33:21 -0700
Subject: [PATCH 35/62] frr: remove FIPS_mode patch (#8890)

As of #8881 we no longer need to manually add fips.h to an include path for an individual package, so this change removes that for frr
---
 ...08-Add-FIPS_mode-compatibility-macro.patch | 48 -------------------
 SPECS/frr/frr.spec                            |  6 ++-
 2 files changed, 4 insertions(+), 50 deletions(-)
 delete mode 100644 SPECS/frr/0008-Add-FIPS_mode-compatibility-macro.patch

diff --git a/SPECS/frr/0008-Add-FIPS_mode-compatibility-macro.patch b/SPECS/frr/0008-Add-FIPS_mode-compatibility-macro.patch
deleted file mode 100644
index a0c998ce125..00000000000
--- a/SPECS/frr/0008-Add-FIPS_mode-compatibility-macro.patch
+++ /dev/null
@@ -1,48 +0,0 @@
-From 8e29a10b39a649d751870eb1fd1b8c388e66acc3 Mon Sep 17 00:00:00 2001
-From: rpm-build <rpm-build>
-Date: Mon, 31 Jul 2023 09:41:27 +0200
-Subject: [PATCH 08/35] 0008-Add-FIPS_mode-compatibility-macro.patch
-
-Patch-name: 0008-Add-FIPS_mode-compatibility-macro.patch
-Patch-id: 8
-Patch-status: |
-    # Add FIPS_mode() compatibility macro
-From-dist-git-commit: 9409bc7044cf4b5773639cce20f51399888c45fd
----
- include/openssl/fips.h | 26 ++++++++++++++++++++++++++
- test/property_test.c   | 14 ++++++++++++++
- 2 files changed, 40 insertions(+)
- create mode 100644 include/openssl/fips.h
-
-diff --git a/include/openssl/fips.h b/include/openssl/fips.h
-new file mode 100644
-index 0000000000..4162cbf88e
---- /dev/null
-+++ b/include/openssl/fips.h
-@@ -0,0 +1,26 @@
-+/*
-+ * Copyright 2016-2020 The OpenSSL Project Authors. All Rights Reserved.
-+ *
-+ * Licensed under the Apache License 2.0 (the "License").  You may not use
-+ * this file except in compliance with the License.  You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
-+ */
-+
-+#ifndef OPENSSL_FIPS_H
-+# define OPENSSL_FIPS_H
-+# pragma once
-+
-+# include <openssl/evp.h>
-+# include <openssl/macros.h>
-+
-+# ifdef __cplusplus
-+extern "C" {
-+# endif
-+
-+# define FIPS_mode() EVP_default_properties_is_fips_enabled(NULL)
-+
-+# ifdef __cplusplus
-+}
-+# endif
-+#endif
diff --git a/SPECS/frr/frr.spec b/SPECS/frr/frr.spec
index 48b8bf8e1f6..1e845b4e6c3 100644
--- a/SPECS/frr/frr.spec
+++ b/SPECS/frr/frr.spec
@@ -3,7 +3,7 @@
 Summary:        Routing daemon
 Name:           frr
 Version:        9.1
-Release:        1%{?dist}
+Release:        2%{?dist}
 License:        GPL-2.0-or-later
 Vendor:         Microsoft Corporation
 Distribution:   Azure Linux
@@ -16,7 +16,6 @@ Patch1:         0001-enable-openssl.patch
 Patch2:         0002-disable-eigrp-crypto.patch
 Patch3:         0003-fips-mode.patch
 Patch4:         0004-remove-grpc-test.patch
-Patch5:         0008-Add-FIPS_mode-compatibility-macro.patch
 
 BuildRequires:  autoconf
 BuildRequires:  automake
@@ -199,6 +198,9 @@ rm tests/lib/*grpc*
 %{_sysusersdir}/%{name}.conf
 
 %changelog
+* Wed Apr 24 2024 Tobias Brick <tobiasb@microsoft.com> - 9.1-2
+- Remove FIPS_mode patch
+
 * Tue Apr 23 2024 Andrew Phelps <anphel@microsoft.com> - 9.1-1
 - Upgrade to version 9.1
 - Remove `--enable-grpc`

From a06247a24ceeb1a8da20e5770473807b8fb171cd Mon Sep 17 00:00:00 2001
From: Sam Meluch <sammeluch@microsoft.com>
Date: Wed, 24 Apr 2024 10:35:28 -0700
Subject: [PATCH 36/62] Bump azurelinux release

---
 SPECS/azurelinux-release/azurelinux-release.spec | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/SPECS/azurelinux-release/azurelinux-release.spec b/SPECS/azurelinux-release/azurelinux-release.spec
index 6ee0a9d25a3..3d1c6504a30 100644
--- a/SPECS/azurelinux-release/azurelinux-release.spec
+++ b/SPECS/azurelinux-release/azurelinux-release.spec
@@ -5,7 +5,7 @@
 Summary:        Azure Linux release files
 Name:           azurelinux-release
 Version:        %{dist_version}.0
-Release:        9%{?dist}
+Release:        10%{?dist}
 License:        MIT
 Vendor:         Microsoft Corporation
 Distribution:   Azure Linux
@@ -118,6 +118,9 @@ install -Dm0644 %{SOURCE4} -t %{buildroot}%{_sysctldir}/
 %{_sysctldir}/*.conf
 
 %changelog
+* Wed Apr 24 2024 Sam Meluch <sammeluch@microsoft.com> - 3.0-10
+- Azure Linux 3.0 April Preview Release 4
+
 * Wed Apr 17 2024 Sam Meluch <sammeluch@microsoft.com> - 3.0-9
 - Azure Linux 3.0 April Preview Release 3
 

From a42b3df20407f86cd83279101c58a395ff0de7c8 Mon Sep 17 00:00:00 2001
From: Andrew Phelps <anphel31@users.noreply.github.com>
Date: Wed, 24 Apr 2024 11:59:31 -0700
Subject: [PATCH 37/62] python-virtualenv: update runtime requirements (#8894)

---
 SPECS/python-virtualenv/python-virtualenv.spec | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/SPECS/python-virtualenv/python-virtualenv.spec b/SPECS/python-virtualenv/python-virtualenv.spec
index 7f3810a91e2..b8f8b1499b9 100644
--- a/SPECS/python-virtualenv/python-virtualenv.spec
+++ b/SPECS/python-virtualenv/python-virtualenv.spec
@@ -1,7 +1,7 @@
 Summary:        Virtual Python Environment builder
 Name:           python-virtualenv
 Version:        20.25.0
-Release:        1%{?dist}
+Release:        2%{?dist}
 License:        MIT
 Vendor:         Microsoft Corporation
 Distribution:   Azure Linux
@@ -30,6 +30,7 @@ BuildRequires:  python3-flit-core >= 3.8.0
 Requires:       python3
 Requires:       python3-platformdirs
 Requires:       python3-distlib < 1
+Requires:       python3-filelock
 Provides:       %{name}-doc = %{version}-%{release}
 
 %description -n python3-virtualenv
@@ -59,6 +60,9 @@ tox -e py
 %{_bindir}/virtualenv
 
 %changelog
+* Wed Apr 24 2024 Andrew Phelps <anphel@microsoft.com> - 20.25.0-2
+- Add runtime requirement on python3-filelock
+
 * Fri Mar 22 2024 CBL-Mariner Servicing Account <cblmargh@microsoft.com> - 20.25.0-1
 - Auto-upgrade to 20.25.0 - 3.0 package upgrade
 - Added patch to use python3-flit-core as build-backend rather than hatchling (which is not yet supported on Azure Linux)

From f0fd87cf3b2a04b4b95bb0cfdd8bb18d2cf0e640 Mon Sep 17 00:00:00 2001
From: aadhar-agarwal <108542189+aadhar-agarwal@users.noreply.github.com>
Date: Wed, 24 Apr 2024 13:52:35 -0700
Subject: [PATCH 38/62] Update sos to copy kernel config and vmcore (#8892)

Signed-off-by: Aadhar Agarwal <aadagarwal@microsoft.com>
---
 SPECS/sos/copy-kernel-config.patch       | 33 ++++++++++
 SPECS/sos/create-azure-kdump-class.patch | 81 ++++++++++++++++++++++++
 SPECS/sos/create-azure-plugin.patch      | 66 +++++++++++++++++++
 SPECS/sos/sos.spec                       | 10 ++-
 4 files changed, 189 insertions(+), 1 deletion(-)
 create mode 100644 SPECS/sos/copy-kernel-config.patch
 create mode 100644 SPECS/sos/create-azure-kdump-class.patch
 create mode 100644 SPECS/sos/create-azure-plugin.patch

diff --git a/SPECS/sos/copy-kernel-config.patch b/SPECS/sos/copy-kernel-config.patch
new file mode 100644
index 00000000000..9ae9d5e099b
--- /dev/null
+++ b/SPECS/sos/copy-kernel-config.patch
@@ -0,0 +1,33 @@
+From f4df6e9abad6601ad1d67821306be0117dbfab24 Mon Sep 17 00:00:00 2001
+From: Aadhar Agarwal <aadagarwal@microsoft.com>
+Date: Thu, 21 Mar 2024 14:25:09 -0700
+Subject: [PATCH] [kernel] Copy the kernel config
+
+Signed-off-by: Aadhar Agarwal <aadagarwal@microsoft.com>
+---
+ sos/report/plugins/kernel.py | 5 +++--
+ 1 file changed, 3 insertions(+), 2 deletions(-)
+
+diff --git a/sos/report/plugins/kernel.py b/sos/report/plugins/kernel.py
+index d09d1176e1..1503af2bc9 100644
+--- a/sos/report/plugins/kernel.py
++++ b/sos/report/plugins/kernel.py
+@@ -111,7 +111,7 @@ def setup(self):
+             "/proc/buddyinfo",
+             "/proc/slabinfo",
+             "/proc/zoneinfo",
+-            "/lib/modules/%s/modules.dep" % self.policy.kernel_version(),
++            f"/lib/modules/{self.policy.kernel_version()}/modules.dep",
+             "/etc/conf.modules",
+             "/etc/modules.conf",
+             "/etc/modprobe.conf",
+@@ -136,7 +136,8 @@ def setup(self):
+             "/sys/kernel/debug/extfrag/extfrag_index",
+             clocksource_path + "available_clocksource",
+             clocksource_path + "current_clocksource",
+-            "/proc/pressure/"
++            "/proc/pressure/",
++            f"/boot/config-{self.policy.kernel_version()}"
+         ])
+ 
+         if self.get_option("with-timer"):
diff --git a/SPECS/sos/create-azure-kdump-class.patch b/SPECS/sos/create-azure-kdump-class.patch
new file mode 100644
index 00000000000..ed5cc795fec
--- /dev/null
+++ b/SPECS/sos/create-azure-kdump-class.patch
@@ -0,0 +1,81 @@
+From ab520a3ad3eb891802366616b000288f647b2163 Mon Sep 17 00:00:00 2001
+From: Aadhar Agarwal <aadagarwal@microsoft.com>
+Date: Mon, 15 Apr 2024 16:32:43 -0700
+Subject: [PATCH] [kdump] Create AzureKDump class
+
+This change collects kdump information for Azure Linux.
+
+With this change, we will check the 'path' variable in /etc/kdump.conf
+to check where information is being dumped.
+
+If get_vm_core is set to true, collect the latest vm core created
+in the last 24 hours that is <= 2GB
+
+Signed-off-by: Aadhar Agarwal <aadagarwal@microsoft.com>
+---
+ sos/report/plugins/kdump.py | 47 ++++++++++++++++++++++++++++++++++++-
+ 1 file changed, 46 insertions(+), 1 deletion(-)
+
+diff --git a/sos/report/plugins/kdump.py b/sos/report/plugins/kdump.py
+index e31e9408f0..9440125642 100644
+--- a/sos/report/plugins/kdump.py
++++ b/sos/report/plugins/kdump.py
+@@ -8,7 +8,7 @@
+ 
+ import platform
+ from sos.report.plugins import Plugin, PluginOpt, RedHatPlugin, DebianPlugin, \
+-    UbuntuPlugin, CosPlugin
++    UbuntuPlugin, CosPlugin, AzurePlugin
+ 
+ 
+ class KDump(Plugin):
+@@ -124,4 +124,49 @@ def setup(self):
+         if self.get_option("collect-kdumps"):
+             self.add_copy_spec(["/var/kdump-*"])
+ 
++
++class AzureKDump(KDump, AzurePlugin):
++
++    files = ('/etc/kdump.conf',)
++    packages = ('kexec-tools',)
++
++    option_list = [
++        PluginOpt("get_vm_core", default=False, val_type=bool,
++                  desc="collect vm core")
++    ]
++
++    def read_kdump_conffile(self):
++        """ Parse /etc/kdump file """
++        path = "/var/crash"
++
++        kdump = '/etc/kdump.conf'
++        with open(kdump, 'r', encoding='UTF-8') as file:
++            for line in file:
++                if line.startswith("path"):
++                    path = line.split()[1]
++
++        return path
++
++    def setup(self):
++        super().setup()
++
++        self.add_copy_spec([
++            "/etc/kdump.conf",
++            "/usr/lib/udev/rules.d/*kexec.rules"
++        ])
++
++        try:
++            path = self.read_kdump_conffile()
++        except Exception:  # pylint: disable=broad-except
++            # set no filesystem and default path
++            path = "/var/crash"
++
++        self.add_cmd_output(f"ls -alhR {path}")
++        self.add_copy_spec(f"{path}/*/vmcore-dmesg.txt")
++        self.add_copy_spec(f"{path}/*/kexec-dmesg.log")
++
++        # collect the latest vmcore created in the last 24hrs <= 2GB
++        if self.get_option("get_vm_core"):
++            self.add_copy_spec(f"{path}/*/vmcore", sizelimit=2048, maxage=24)
++
+ # vim: set et ts=4 sw=4 :
diff --git a/SPECS/sos/create-azure-plugin.patch b/SPECS/sos/create-azure-plugin.patch
new file mode 100644
index 00000000000..5d5d5b74d31
--- /dev/null
+++ b/SPECS/sos/create-azure-plugin.patch
@@ -0,0 +1,66 @@
+From 8a7fdf7f3e1194fa4674eea1d5442ca1660c0a67 Mon Sep 17 00:00:00 2001
+From: Aadhar Agarwal <aadagarwal@microsoft.com>
+Date: Tue, 19 Mar 2024 11:19:38 -0700
+Subject: [PATCH] [Plugin,Policy] Make an AzurePlugin class, Update the vendor
+ url, Update the check function
+
+Signed-off-by: Aadhar Agarwal <aadagarwal@microsoft.com>
+---
+ sos/policies/distros/azure.py  | 6 +++++-
+ sos/report/plugins/__init__.py | 5 +++++
+ 2 files changed, 10 insertions(+), 1 deletion(-)
+
+diff --git a/sos/policies/distros/azure.py b/sos/policies/distros/azure.py
+index 950799fa83..b521d1e1be 100644
+--- a/sos/policies/distros/azure.py
++++ b/sos/policies/distros/azure.py
+@@ -8,6 +8,7 @@
+ #
+ # See the LICENSE file in the source distribution for further information.
+ 
++from sos.report.plugins import AzurePlugin
+ from sos.policies.distros.redhat import RedHatPolicy, OS_RELEASE
+ import os
+ 
+@@ -17,7 +18,7 @@ class AzurePolicy(RedHatPolicy):
+     distro = "Azure Linux"
+     vendor = "Microsoft"
+     vendor_urls = [
+-        ('Distribution Website', 'https://github.com/microsoft/CBL-Mariner')
++        ('Distribution Website', 'https://github.com/microsoft/azurelinux')
+     ]
+ 
+     def __init__(self, sysroot=None, init=None, probe_runtime=True,
+@@ -25,6 +26,7 @@ def __init__(self, sysroot=None, init=None, probe_runtime=True,
+         super(AzurePolicy, self).__init__(sysroot=sysroot, init=init,
+                                           probe_runtime=probe_runtime,
+                                           remote_exec=remote_exec)
++        self.valid_subclasses += [AzurePlugin]
+ 
+     @classmethod
+     def check(cls, remote=''):
+@@ -40,6 +42,8 @@ def check(cls, remote=''):
+                 if line.startswith('NAME'):
+                     if 'Common Base Linux Mariner' in line:
+                         return True
++                    if 'Microsoft Azure Linux' in line:
++                        return True
+         return False
+ 
+ # vim: set et ts=4 sw=4 :
+diff --git a/sos/report/plugins/__init__.py b/sos/report/plugins/__init__.py
+index 94ee50d7fd..fc674be086 100644
+--- a/sos/report/plugins/__init__.py
++++ b/sos/report/plugins/__init__.py
+@@ -3621,6 +3621,11 @@ class SCLPlugin(RedHatPlugin):
+         self.add_copy_spec(scl_copyspecs)
+ 
+ 
++class AzurePlugin(PluginDistroTag):
++    """Tagging class for Azure Linux"""
++    pass
++
++
+ def import_plugin(name, superclasses=None):
+     """Import name as a module and return a list of all classes defined in that
+     module. superclasses should be a tuple of valid superclasses to import,
diff --git a/SPECS/sos/sos.spec b/SPECS/sos/sos.spec
index b552851529a..798c975fefa 100644
--- a/SPECS/sos/sos.spec
+++ b/SPECS/sos/sos.spec
@@ -2,7 +2,7 @@
 Summary:        A set of tools to gather troubleshooting information from a system
 Name:           sos
 Version:        4.6.1
-Release:        1%{?dist}
+Release:        2%{?dist}
 License:        GPL-2.0-or-later
 Vendor:         Microsoft Corporation
 Distribution:   Azure Linux
@@ -11,6 +11,9 @@ Source0:        https://github.com/sosreport/sos/archive/%{version}.tar.gz#/%{na
 # The sos-4.6.1.tar.gz is missing a commit to bump the version to 4.6.1
 # https://github.com/orgs/sosreport/discussions/3492
 Patch0:         bump-version-4-6-1.patch
+Patch1:         create-azure-plugin.patch
+Patch2:         copy-kernel-config.patch
+Patch3:         create-azure-kdump-class.patch
 BuildRequires:  python3-devel
 BuildRequires:  python3-setuptools
 Requires:       bzip2
@@ -73,6 +76,11 @@ rm -rf %{buildroot}%{_prefix}/config/
 %config(noreplace) %{_sysconfdir}/sos/sos.conf
 
 %changelog
+* Wed Apr 24 2024 Aadhar Agarwal <aadagarwal@microsoft.com> - 4.6.1-2
+- Backport a patch that adds an AzurePlugin class
+- Backport a patch to copy the kernel config
+- Backport a patch that adds an AzureKDump class
+
 * Tue Jan 15 2024 Aadhar Agarwal <aadagarwal@microsoft.com> - 4.6.1-1
 - Upgrade to 4.6.1
 - Migrated to SPDX license

From 862c25d1ce38634a8a8b20453d8b8d6ec1ac6b42 Mon Sep 17 00:00:00 2001
From: Andrew Phelps <anphel31@users.noreply.github.com>
Date: Wed, 24 Apr 2024 16:35:15 -0700
Subject: [PATCH 39/62] php: upgrade to 8.3.4 (#8888)

---
 ...22.patch => php-8.3.0-systzdata-v24.patch} | 62 +++++++++++++------
 SPECS/php/php-8.3.3-parser.patch              | 16 +++++
 SPECS/php/php.signatures.json                 |  4 +-
 SPECS/php/php.spec                            | 19 +++---
 cgmanifest.json                               |  4 +-
 5 files changed, 74 insertions(+), 31 deletions(-)
 rename SPECS/php/{php-8.1.0-systzdata-v22.patch => php-8.3.0-systzdata-v24.patch} (91%)
 create mode 100644 SPECS/php/php-8.3.3-parser.patch

diff --git a/SPECS/php/php-8.1.0-systzdata-v22.patch b/SPECS/php/php-8.3.0-systzdata-v24.patch
similarity index 91%
rename from SPECS/php/php-8.1.0-systzdata-v22.patch
rename to SPECS/php/php-8.3.0-systzdata-v24.patch
index d1c8d9096db..07ace920575 100644
--- a/SPECS/php/php-8.1.0-systzdata-v22.patch
+++ b/SPECS/php/php-8.3.0-systzdata-v24.patch
@@ -5,6 +5,8 @@ Add support for use of the system timezone database, rather
 than embedding a copy.  Discussed upstream but was not desired.
 
 History:
+f24: add internal UTC if tzdata is missing
+r23: fix possible buffer overflow
 r22: retrieve tzdata version from /usr/share/zoneinfo/tzdata.zi
 r21: adapt for timelib 2021.03 (in 8.1.0)
 r20: adapt for timelib 2020.03 (in 8.0.10RC1)
@@ -33,8 +35,9 @@ r3: fix a crash if /usr/share/zoneinfo doesn't exist (Raphael Geissert)
 r2: add filesystem trawl to set up name alias index
 r1: initial revision
 
+
 diff --git a/ext/date/config0.m4 b/ext/date/config0.m4
-index 18b8106bd2..3d1f63c758 100644
+index 6b803bf33e..53c3cdb3f4 100644
 --- a/ext/date/config0.m4
 +++ b/ext/date/config0.m4
 @@ -4,6 +4,19 @@ AC_CHECK_HEADERS([io.h])
@@ -58,10 +61,10 @@ index 18b8106bd2..3d1f63c758 100644
  timelib_sources="lib/astro.c lib/dow.c lib/parse_date.c lib/parse_tz.c lib/parse_posix.c
                   lib/timelib.c lib/tm2unixtime.c lib/unixtime2tm.c lib/parse_iso_intervals.c lib/interval.c"
 diff --git a/ext/date/lib/parse_tz.c b/ext/date/lib/parse_tz.c
-index e41315efdb..4b6547c0a3 100644
+index c7f93580d7..ec196a98b6 100644
 --- a/ext/date/lib/parse_tz.c
 +++ b/ext/date/lib/parse_tz.c
-@@ -26,9 +26,22 @@
+@@ -26,9 +26,33 @@
  #include "timelib.h"
  #include "timelib_private.h"
  
@@ -74,6 +77,17 @@ index e41315efdb..4b6547c0a3 100644
 +
 +#include "php_scandir.h"
 +
++static const unsigned char internal_utc[] = {
++        0x54, 0x5a, 0x69, 0x66, 0x32, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
++        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
++        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x04, 0x00, 0x00, 0x00, 0x00,
++        0x00, 0x00, 0x55, 0x54, 0x43, 0x00, 0x54, 0x5a, 0x69, 0x66, 0x32, 0x00, 0x00, 0x00, 0x00, 0x00,
++        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
++        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00,
++        0x00, 0x04, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x55, 0x54, 0x43, 0x00, 0x0a, 0x55, 0x54, 0x43,
++        0x30, 0x0a
++};
++
 +#else
  #define TIMELIB_SUPPORTS_V2DATA
  #define TIMELIB_SUPPORT_SLIM_FILE
@@ -84,7 +98,7 @@ index e41315efdb..4b6547c0a3 100644
  
  #if (defined(__APPLE__) || defined(__APPLE_CC__)) && (defined(__BIG_ENDIAN__) || defined(__LITTLE_ENDIAN__))
  # if defined(__LITTLE_ENDIAN__)
-@@ -95,6 +108,11 @@ static int read_php_preamble(const unsigned char **tzf, timelib_tzinfo *tz)
+@@ -95,6 +119,11 @@ static int read_php_preamble(const unsigned char **tzf, timelib_tzinfo *tz)
  {
  	uint32_t version;
  
@@ -96,7 +110,7 @@ index e41315efdb..4b6547c0a3 100644
  	/* read ID */
  	version = (*tzf)[3] - '0';
  	*tzf += 4;
-@@ -577,7 +595,467 @@ void timelib_dump_tzinfo(timelib_tzinfo *tz)
+@@ -577,7 +606,475 @@ void timelib_dump_tzinfo(timelib_tzinfo *tz)
  	}
  }
  
@@ -440,6 +454,9 @@ index e41315efdb..4b6547c0a3 100644
 +
 +        qsort(db_index, index_next, sizeof *db_index, sysdbcmp);
 +
++	if (!index_next) {
++		db_index[index_next++].id = strdup("UTC");
++	}
 +	db->index = db_index;
 +	db->index_size = index_next;
 +
@@ -456,7 +473,7 @@ index e41315efdb..4b6547c0a3 100644
 +        size_t n;
 +        char *data, *p;
 +        
-+        data = malloc(3 * sysdb->index_size + 7);
++        data = malloc(3 * sysdb->index_size + sizeof(FAKE_HEADER) - 1);
 +
 +        p = mempcpy(data, FAKE_HEADER, sizeof(FAKE_HEADER) - 1);
 +
@@ -546,7 +563,12 @@ index e41315efdb..4b6547c0a3 100644
 +
 +	fd = open(fname, O_RDONLY);
 +	if (fd == -1) {
-+		return NULL;
++		if (strcmp(timezone, "UTC")) {
++			return NULL;
++		} else {
++			*length = sizeof(internal_utc);
++			return internal_utc;
++		}
 +	} else if (fstat(fd, &st) != 0 || !is_valid_tzfile(&st, fd)) {
 +		close(fd);
 +		return NULL;
@@ -565,7 +587,7 @@ index e41315efdb..4b6547c0a3 100644
  {
  	int left = 0, right = tzdb->index_size - 1;
  
-@@ -603,9 +1081,49 @@ static int seek_to_tz_position(const unsigned char **tzf, const char *timezone,
+@@ -603,9 +1100,49 @@ static int seek_to_tz_position(const unsigned char **tzf, const char *timezone,
  	return 0;
  }
  
@@ -599,7 +621,7 @@ index e41315efdb..4b6547c0a3 100644
 +	if (timezonedb_system == NULL) {
 +		timelib_tzdb *tmp = malloc(sizeof *tmp);
 +
-+		tmp->version = "0.system";
++		tmp->version = "0";
 +		tmp->data = NULL;
 +		create_zone_index(tmp);
 +		retrieve_zone_version(tmp);
@@ -615,7 +637,7 @@ index e41315efdb..4b6547c0a3 100644
  }
  
  const timelib_tzdb_index_entry *timelib_timezone_identifiers_list(const timelib_tzdb *tzdb, int *count)
-@@ -617,7 +1135,30 @@ const timelib_tzdb_index_entry *timelib_timezone_identifiers_list(const timelib_
+@@ -617,7 +1154,32 @@ const timelib_tzdb_index_entry *timelib_timezone_identifiers_list(const timelib_
  int timelib_timezone_id_is_valid(const char *timezone, const timelib_tzdb *tzdb)
  {
  	const unsigned char *tzf;
@@ -629,7 +651,9 @@ index e41315efdb..4b6547c0a3 100644
 +		if (timezone[0] == '\0' || strstr(timezone, "..") != NULL) {
 +			return 0;
 +		}
-+
++		if (!strcmp(timezone, "UTC")) {
++			return 1;
++		}
 +		if (system_location_table) {
 +			if (find_zone_info(system_location_table, timezone) != NULL) {
 +				/* found in cache */
@@ -647,7 +671,7 @@ index e41315efdb..4b6547c0a3 100644
  }
  
  static int skip_64bit_preamble(const unsigned char **tzf, timelib_tzinfo *tz)
-@@ -662,6 +1203,8 @@ static timelib_tzinfo* timelib_tzinfo_ctor(const char *name)
+@@ -662,6 +1224,8 @@ static timelib_tzinfo* timelib_tzinfo_ctor(const char *name)
  timelib_tzinfo *timelib_parse_tzfile(const char *timezone, const timelib_tzdb *tzdb, int *error_code)
  {
  	const unsigned char *tzf;
@@ -656,7 +680,7 @@ index e41315efdb..4b6547c0a3 100644
  	timelib_tzinfo *tmp;
  	int version;
  	int transitions_result, types_result;
-@@ -669,7 +1212,7 @@ timelib_tzinfo *timelib_parse_tzfile(const char *timezone, const timelib_tzdb *t
+@@ -669,7 +1233,7 @@ timelib_tzinfo *timelib_parse_tzfile(const char *timezone, const timelib_tzdb *t
  
  	*error_code = TIMELIB_ERROR_NO_ERROR;
  
@@ -665,7 +689,7 @@ index e41315efdb..4b6547c0a3 100644
  		tmp = timelib_tzinfo_ctor(timezone);
  
  		version = read_preamble(&tzf, tmp, &type);
-@@ -712,11 +1255,36 @@ timelib_tzinfo *timelib_parse_tzfile(const char *timezone, const timelib_tzdb *t
+@@ -712,11 +1276,38 @@ timelib_tzinfo *timelib_parse_tzfile(const char *timezone, const timelib_tzdb *t
  			return NULL;
  		}
  
@@ -688,7 +712,9 @@ index e41315efdb..4b6547c0a3 100644
 +			}
 +
 +			/* Now done with the mmap segment - discard it. */
-+			munmap(memmap, maplen);
++			if (memmap != internal_utc) {
++				munmap(memmap, maplen);
++			}
 +		} else {
 +#endif
  		if (type == TIMELIB_TZINFO_PHP) {
@@ -703,10 +729,10 @@ index e41315efdb..4b6547c0a3 100644
  		*error_code = TIMELIB_ERROR_NO_SUCH_TIMEZONE;
  		tmp = NULL;
 diff --git a/ext/date/php_date.c b/ext/date/php_date.c
-index cf4a11b8a2..cd49abc78d 100644
+index 48c82bf7ec..443299c089 100644
 --- a/ext/date/php_date.c
 +++ b/ext/date/php_date.c
-@@ -457,7 +457,11 @@ PHP_MINFO_FUNCTION(date)
+@@ -490,7 +490,11 @@ PHP_MINFO_FUNCTION(date)
  	php_info_print_table_row(2, "date/time support", "enabled");
  	php_info_print_table_row(2, "timelib version", TIMELIB_ASCII_VERSION);
  	php_info_print_table_row(2, "\"Olson\" Timezone Database Version", tzdb->version);
@@ -717,4 +743,4 @@ index cf4a11b8a2..cd49abc78d 100644
 +#endif
  	php_info_print_table_row(2, "Default timezone", guess_timezone(tzdb));
  	php_info_print_table_end();
- 
+ 
\ No newline at end of file
diff --git a/SPECS/php/php-8.3.3-parser.patch b/SPECS/php/php-8.3.3-parser.patch
new file mode 100644
index 00000000000..49f7d5e4c50
--- /dev/null
+++ b/SPECS/php/php-8.3.3-parser.patch
@@ -0,0 +1,16 @@
+diff -up ./build/gen_stub.php.syslib ./build/gen_stub.php
+--- ./build/gen_stub.php.syslib	2020-06-25 08:11:51.782046813 +0200
++++ ./build/gen_stub.php	2020-06-25 08:13:11.188860368 +0200
+@@ -3265,6 +3265,12 @@ function initPhpParser() {
+     }
+ 
+     $isInitialized = true;
++
++    if (file_exists('/usr/share/php/PhpParser5/autoload.php')) {
++        require_once '/usr/share/php/PhpParser5/autoload.php';
++        return;
++    }
++
+     $version = "5.0.0";
+     $phpParserDir = __DIR__ . "/PHP-Parser-$version";
+     if (!is_dir($phpParserDir)) {
diff --git a/SPECS/php/php.signatures.json b/SPECS/php/php.signatures.json
index 809d62aea25..3e654230849 100644
--- a/SPECS/php/php.signatures.json
+++ b/SPECS/php/php.signatures.json
@@ -14,6 +14,6 @@
     "php.conf": "e2388be032eccf7c0197d597ba72259a095bf8434438a184e6a640edb4b59de2",
     "php.ini": "8fd5a4d891c19320c07010fbbbac982c886b422bc8d062acaeae49d70c136fc8",
     "php.modconf": "dc7303ea584452d2f742d002a648abe74905025aabf240259c7e8bd01746d278",
-    "php-8.1.22.tar.xz": "9ea4f4cfe775cb5866c057323d6b320f3a6e0adb1be41a068ff7bfec6f83e71d"
+    "php-8.3.4.tar.xz": "39a337036a546e5c28aea76cf424ac172db5156bd8a8fd85252e389409a5ba63"
   }
-}
+}
\ No newline at end of file
diff --git a/SPECS/php/php.spec b/SPECS/php/php.spec
index 528e57905d9..c87dd7cdc9a 100644
--- a/SPECS/php/php.spec
+++ b/SPECS/php/php.spec
@@ -7,8 +7,8 @@
 # Please preserve changelog entries
 #
 # API/ABI check
-%global apiver      20210902
-%global zendver     20210902
+%global apiver      20230831
+%global zendver     20230831
 %global pdover      20170320
 %define majmin %(echo %{version} | cut -d. -f1-2)
 
@@ -32,8 +32,8 @@
 %global with_qdbm     0
 Summary:        PHP scripting language for creating dynamic web sites
 Name:           php
-Version:        8.1.22
-Release:        2%{?dist}
+Version:        8.3.4
+Release:        1%{?dist}
 # All files licensed under PHP version 3.01, except
 # Zend is licensed under Zend
 # TSRM is licensed under BSD
@@ -68,9 +68,9 @@ Patch6:         php-8.0.0-embed.patch
 Patch8:         php-8.1.0-libdb.patch
 # Functional changes
 # Use system nikic/php-parser
-Patch41:        php-8.1.0-parser.patch
+Patch41:        php-8.3.3-parser.patch
 # use system tzdata
-Patch42:        php-8.1.0-systzdata-v22.patch
+Patch42:        php-8.3.0-systzdata-v24.patch
 # See http://bugs.php.net/53436
 Patch43:        php-7.4.0-phpize.patch
 # Use -lldap_r for OpenLDAP
@@ -221,7 +221,7 @@ Provides:       php-exif
 Provides:       php-exif%{?_isa}
 Provides:       php-fileinfo
 Provides:       php-fileinfo%{?_isa}
-Provides:       bundled(libmagic) = 5.29
+Provides:       bundled(libmagic) = 5.43
 Provides:       php-filter
 Provides:       php-filter%{?_isa}
 Provides:       php-ftp
@@ -726,7 +726,6 @@ cp TSRM/LICENSE TSRM_LICENSE
 cp Zend/asm/LICENSE BOOST_LICENSE
 cp sapi/fpm/LICENSE fpm_LICENSE
 cp ext/mbstring/libmbfl/LICENSE libmbfl_LICENSE
-cp ext/fileinfo/libmagic/LICENSE libmagic_LICENSE
 cp ext/bcmath/libbcmath/LICENSE libbcmath_LICENSE
 cp ext/date/lib/LICENSE.rst timelib_LICENSE
 
@@ -1362,7 +1361,6 @@ systemctl try-restart php-fpm.service >/dev/null 2>&1 || :
 %files common -f files.common
 %doc EXTENSIONS NEWS UPGRADING* README.REDIST.BINS *md docs
 %license LICENSE TSRM_LICENSE ZEND_LICENSE BOOST_LICENSE
-%license libmagic_LICENSE
 %license timelib_LICENSE
 %doc php.ini-*
 %config(noreplace) %{_sysconfdir}/php.ini
@@ -1515,6 +1513,9 @@ systemctl try-restart php-fpm.service >/dev/null 2>&1 || :
 %dir %{_datadir}/php/preload
 
 %changelog
+* Tue Apr 23 2024 Andrew Phelps <anphel@microsoft.com> - 8.3.4-1
+- Upgrade to version 8.3.4
+
 * Wed Sep 20 2023 Jon Slobodzian <joslobo@microsoft.com> - 8.1.22-2
 - Recompile with stack-protection fixed gcc version (CVE-2023-4039)
 
diff --git a/cgmanifest.json b/cgmanifest.json
index 35f04bfde6f..3b204adeb82 100644
--- a/cgmanifest.json
+++ b/cgmanifest.json
@@ -20793,8 +20793,8 @@
         "type": "other",
         "other": {
           "name": "php",
-          "version": "8.1.22",
-          "downloadUrl": "https://www.php.net/distributions/php-8.1.22.tar.xz"
+          "version": "8.3.4",
+          "downloadUrl": "https://www.php.net/distributions/php-8.3.4.tar.xz"
         }
       }
     },

From 42fcf3d57dfd594799b7ff75dc6d1d623a6c91e1 Mon Sep 17 00:00:00 2001
From: Andrew Phelps <anphel31@users.noreply.github.com>
Date: Wed, 24 Apr 2024 18:19:45 -0700
Subject: [PATCH 40/62] gcc: set baseline architectures to x86-64-v3 and
 armv8.1-a (#8846)

---
 SPECS/gcc/gcc.spec                            | 10 ++++++-
 .../manifests/package/pkggen_core_aarch64.txt | 18 +++++------
 .../manifests/package/pkggen_core_x86_64.txt  | 18 +++++------
 .../manifests/package/toolchain_aarch64.txt   | 24 +++++++--------
 .../manifests/package/toolchain_x86_64.txt    | 30 +++++++++----------
 .../container/toolchain_build_in_chroot.sh    |  3 ++
 .../container/toolchain_build_temp_tools.sh   |  4 +++
 7 files changed, 61 insertions(+), 46 deletions(-)

diff --git a/SPECS/gcc/gcc.spec b/SPECS/gcc/gcc.spec
index 4cb1eef77c7..ac2c6b0a975 100644
--- a/SPECS/gcc/gcc.spec
+++ b/SPECS/gcc/gcc.spec
@@ -56,7 +56,7 @@
 Summary:        Contains the GNU compiler collection
 Name:           gcc
 Version:        13.2.0
-Release:        3%{?dist}
+Release:        4%{?dist}
 License:        GPLv2+
 Vendor:         Microsoft Corporation
 Distribution:   Azure Linux
@@ -329,6 +329,11 @@ LD=ld \
     --enable-plugin \
     --enable-shared \
     --enable-threads=posix \
+%ifarch x86_64
+    --with-arch=x86-64-v3 \
+%else
+    --with-arch=armv8.1-a \
+%endif
     --with-system-zlib
 
 popd
@@ -523,6 +528,9 @@ $tests_ok
 %do_files aarch64-linux-gnu %{build_cross}
 
 %changelog
+* Tue Apr 09 2024 Andrew Phelps <anphel@microsoft.com> - 13.2.0-4
+- Set baseline architecture levels to `x86-64-v3` and `armv8.1-a`
+
 * Mon Feb 26 2024 Andrew Phelps <anphel@microsoft.com> - 13.2.0-3
 - Re-enable libsanitizer
 
diff --git a/toolkit/resources/manifests/package/pkggen_core_aarch64.txt b/toolkit/resources/manifests/package/pkggen_core_aarch64.txt
index 28e2cdab908..406468104af 100644
--- a/toolkit/resources/manifests/package/pkggen_core_aarch64.txt
+++ b/toolkit/resources/manifests/package/pkggen_core_aarch64.txt
@@ -20,15 +20,15 @@ mpfr-4.2.1-1.azl3.aarch64.rpm
 mpfr-devel-4.2.1-1.azl3.aarch64.rpm
 libmetalink-0.1.3-1.azl3.aarch64.rpm
 libmpc-1.3.1-1.azl3.aarch64.rpm
-libgcc-13.2.0-3.azl3.aarch64.rpm
-libgcc-atomic-13.2.0-3.azl3.aarch64.rpm
-libgcc-devel-13.2.0-3.azl3.aarch64.rpm
-libstdc++-13.2.0-3.azl3.aarch64.rpm
-libstdc++-devel-13.2.0-3.azl3.aarch64.rpm
-libgomp-13.2.0-3.azl3.aarch64.rpm
-libgomp-devel-13.2.0-3.azl3.aarch64.rpm
-gcc-13.2.0-3.azl3.aarch64.rpm
-gcc-c++-13.2.0-3.azl3.aarch64.rpm
+libgcc-13.2.0-4.azl3.aarch64.rpm
+libgcc-atomic-13.2.0-4.azl3.aarch64.rpm
+libgcc-devel-13.2.0-4.azl3.aarch64.rpm
+libstdc++-13.2.0-4.azl3.aarch64.rpm
+libstdc++-devel-13.2.0-4.azl3.aarch64.rpm
+libgomp-13.2.0-4.azl3.aarch64.rpm
+libgomp-devel-13.2.0-4.azl3.aarch64.rpm
+gcc-13.2.0-4.azl3.aarch64.rpm
+gcc-c++-13.2.0-4.azl3.aarch64.rpm
 libpkgconf-2.0.2-1.azl3.aarch64.rpm
 pkgconf-2.0.2-1.azl3.aarch64.rpm
 pkgconf-m4-2.0.2-1.azl3.noarch.rpm
diff --git a/toolkit/resources/manifests/package/pkggen_core_x86_64.txt b/toolkit/resources/manifests/package/pkggen_core_x86_64.txt
index ac0cbcc78b5..bb0d5446b12 100644
--- a/toolkit/resources/manifests/package/pkggen_core_x86_64.txt
+++ b/toolkit/resources/manifests/package/pkggen_core_x86_64.txt
@@ -20,15 +20,15 @@ mpfr-4.2.1-1.azl3.x86_64.rpm
 mpfr-devel-4.2.1-1.azl3.x86_64.rpm
 libmetalink-0.1.3-1.azl3.x86_64.rpm
 libmpc-1.3.1-1.azl3.x86_64.rpm
-libgcc-13.2.0-3.azl3.x86_64.rpm
-libgcc-atomic-13.2.0-3.azl3.x86_64.rpm
-libgcc-devel-13.2.0-3.azl3.x86_64.rpm
-libstdc++-13.2.0-3.azl3.x86_64.rpm
-libstdc++-devel-13.2.0-3.azl3.x86_64.rpm
-libgomp-13.2.0-3.azl3.x86_64.rpm
-libgomp-devel-13.2.0-3.azl3.x86_64.rpm
-gcc-13.2.0-3.azl3.x86_64.rpm
-gcc-c++-13.2.0-3.azl3.x86_64.rpm
+libgcc-13.2.0-4.azl3.x86_64.rpm
+libgcc-atomic-13.2.0-4.azl3.x86_64.rpm
+libgcc-devel-13.2.0-4.azl3.x86_64.rpm
+libstdc++-13.2.0-4.azl3.x86_64.rpm
+libstdc++-devel-13.2.0-4.azl3.x86_64.rpm
+libgomp-13.2.0-4.azl3.x86_64.rpm
+libgomp-devel-13.2.0-4.azl3.x86_64.rpm
+gcc-13.2.0-4.azl3.x86_64.rpm
+gcc-c++-13.2.0-4.azl3.x86_64.rpm
 libpkgconf-2.0.2-1.azl3.x86_64.rpm
 pkgconf-2.0.2-1.azl3.x86_64.rpm
 pkgconf-m4-2.0.2-1.azl3.noarch.rpm
diff --git a/toolkit/resources/manifests/package/toolchain_aarch64.txt b/toolkit/resources/manifests/package/toolchain_aarch64.txt
index 86fb1d39207..d30abc3cbdd 100644
--- a/toolkit/resources/manifests/package/toolchain_aarch64.txt
+++ b/toolkit/resources/manifests/package/toolchain_aarch64.txt
@@ -106,16 +106,16 @@ flex-debuginfo-2.6.4-7.azl3.aarch64.rpm
 flex-devel-2.6.4-7.azl3.aarch64.rpm
 gawk-5.2.2-1.azl3.aarch64.rpm
 gawk-debuginfo-5.2.2-1.azl3.aarch64.rpm
-gcc-13.2.0-3.azl3.aarch64.rpm
-gcc-c++-13.2.0-3.azl3.aarch64.rpm
-gcc-debuginfo-13.2.0-3.azl3.aarch64.rpm
+gcc-13.2.0-4.azl3.aarch64.rpm
+gcc-c++-13.2.0-4.azl3.aarch64.rpm
+gcc-debuginfo-13.2.0-4.azl3.aarch64.rpm
 gdbm-1.23-1.azl3.aarch64.rpm
 gdbm-debuginfo-1.23-1.azl3.aarch64.rpm
 gdbm-devel-1.23-1.azl3.aarch64.rpm
 gdbm-lang-1.23-1.azl3.aarch64.rpm
 gettext-0.22-1.azl3.aarch64.rpm
 gettext-debuginfo-0.22-1.azl3.aarch64.rpm
-gfortran-13.2.0-3.azl3.aarch64.rpm
+gfortran-13.2.0-4.azl3.aarch64.rpm
 glib-2.78.1-4.azl3.aarch64.rpm
 glib-debuginfo-2.78.1-4.azl3.aarch64.rpm
 glib-devel-2.78.1-4.azl3.aarch64.rpm
@@ -165,7 +165,7 @@ libarchive-devel-3.7.1-1.azl3.aarch64.rpm
 libassuan-2.5.6-1.azl3.aarch64.rpm
 libassuan-debuginfo-2.5.6-1.azl3.aarch64.rpm
 libassuan-devel-2.5.6-1.azl3.aarch64.rpm
-libbacktrace-static-13.2.0-3.azl3.aarch64.rpm
+libbacktrace-static-13.2.0-4.azl3.aarch64.rpm
 libcap-2.69-1.azl3.aarch64.rpm
 libcap-debuginfo-2.69-1.azl3.aarch64.rpm
 libcap-devel-2.69-1.azl3.aarch64.rpm
@@ -175,14 +175,14 @@ libcap-ng-devel-0.8.4-1.azl3.aarch64.rpm
 libffi-3.4.4-1.azl3.aarch64.rpm
 libffi-debuginfo-3.4.4-1.azl3.aarch64.rpm
 libffi-devel-3.4.4-1.azl3.aarch64.rpm
-libgcc-13.2.0-3.azl3.aarch64.rpm
-libgcc-atomic-13.2.0-3.azl3.aarch64.rpm
-libgcc-devel-13.2.0-3.azl3.aarch64.rpm
+libgcc-13.2.0-4.azl3.aarch64.rpm
+libgcc-atomic-13.2.0-4.azl3.aarch64.rpm
+libgcc-devel-13.2.0-4.azl3.aarch64.rpm
 libgcrypt-1.10.2-1.azl3.aarch64.rpm
 libgcrypt-debuginfo-1.10.2-1.azl3.aarch64.rpm
 libgcrypt-devel-1.10.2-1.azl3.aarch64.rpm
-libgomp-13.2.0-3.azl3.aarch64.rpm
-libgomp-devel-13.2.0-3.azl3.aarch64.rpm
+libgomp-13.2.0-4.azl3.aarch64.rpm
+libgomp-devel-13.2.0-4.azl3.aarch64.rpm
 libgpg-error-1.47-1.azl3.aarch64.rpm
 libgpg-error-debuginfo-1.47-1.azl3.aarch64.rpm
 libgpg-error-devel-1.47-1.azl3.aarch64.rpm
@@ -221,8 +221,8 @@ libsolv-tools-0.7.28-1.azl3.aarch64.rpm
 libssh2-1.11.0-1.azl3.aarch64.rpm
 libssh2-debuginfo-1.11.0-1.azl3.aarch64.rpm
 libssh2-devel-1.11.0-1.azl3.aarch64.rpm
-libstdc++-13.2.0-3.azl3.aarch64.rpm
-libstdc++-devel-13.2.0-3.azl3.aarch64.rpm
+libstdc++-13.2.0-4.azl3.aarch64.rpm
+libstdc++-devel-13.2.0-4.azl3.aarch64.rpm
 libtasn1-4.19.0-1.azl3.aarch64.rpm
 libtasn1-debuginfo-4.19.0-1.azl3.aarch64.rpm
 libtasn1-devel-4.19.0-1.azl3.aarch64.rpm
diff --git a/toolkit/resources/manifests/package/toolchain_x86_64.txt b/toolkit/resources/manifests/package/toolchain_x86_64.txt
index 1c8f24211f6..ec0bd236664 100644
--- a/toolkit/resources/manifests/package/toolchain_x86_64.txt
+++ b/toolkit/resources/manifests/package/toolchain_x86_64.txt
@@ -63,7 +63,7 @@ createrepo_c-1.0.3-1.azl3.x86_64.rpm
 createrepo_c-debuginfo-1.0.3-1.azl3.x86_64.rpm
 createrepo_c-devel-1.0.3-1.azl3.x86_64.rpm
 cross-binutils-common-2.41-2.azl3.noarch.rpm
-cross-gcc-common-13.2.0-3.azl3.noarch.rpm
+cross-gcc-common-13.2.0-4.azl3.noarch.rpm
 curl-8.5.0-1.azl3.x86_64.rpm
 curl-debuginfo-8.5.0-1.azl3.x86_64.rpm
 curl-devel-8.5.0-1.azl3.x86_64.rpm
@@ -109,18 +109,18 @@ flex-debuginfo-2.6.4-7.azl3.x86_64.rpm
 flex-devel-2.6.4-7.azl3.x86_64.rpm
 gawk-5.2.2-1.azl3.x86_64.rpm
 gawk-debuginfo-5.2.2-1.azl3.x86_64.rpm
-gcc-13.2.0-3.azl3.x86_64.rpm
-gcc-aarch64-linux-gnu-13.2.0-3.azl3.x86_64.rpm
-gcc-c++-13.2.0-3.azl3.x86_64.rpm
-gcc-c++-aarch64-linux-gnu-13.2.0-3.azl3.x86_64.rpm
-gcc-debuginfo-13.2.0-3.azl3.x86_64.rpm
+gcc-13.2.0-4.azl3.x86_64.rpm
+gcc-aarch64-linux-gnu-13.2.0-4.azl3.x86_64.rpm
+gcc-c++-13.2.0-4.azl3.x86_64.rpm
+gcc-c++-aarch64-linux-gnu-13.2.0-4.azl3.x86_64.rpm
+gcc-debuginfo-13.2.0-4.azl3.x86_64.rpm
 gdbm-1.23-1.azl3.x86_64.rpm
 gdbm-debuginfo-1.23-1.azl3.x86_64.rpm
 gdbm-devel-1.23-1.azl3.x86_64.rpm
 gdbm-lang-1.23-1.azl3.x86_64.rpm
 gettext-0.22-1.azl3.x86_64.rpm
 gettext-debuginfo-0.22-1.azl3.x86_64.rpm
-gfortran-13.2.0-3.azl3.x86_64.rpm
+gfortran-13.2.0-4.azl3.x86_64.rpm
 glib-2.78.1-4.azl3.x86_64.rpm
 glib-debuginfo-2.78.1-4.azl3.x86_64.rpm
 glib-devel-2.78.1-4.azl3.x86_64.rpm
@@ -171,7 +171,7 @@ libarchive-devel-3.7.1-1.azl3.x86_64.rpm
 libassuan-2.5.6-1.azl3.x86_64.rpm
 libassuan-debuginfo-2.5.6-1.azl3.x86_64.rpm
 libassuan-devel-2.5.6-1.azl3.x86_64.rpm
-libbacktrace-static-13.2.0-3.azl3.x86_64.rpm
+libbacktrace-static-13.2.0-4.azl3.x86_64.rpm
 libcap-2.69-1.azl3.x86_64.rpm
 libcap-debuginfo-2.69-1.azl3.x86_64.rpm
 libcap-devel-2.69-1.azl3.x86_64.rpm
@@ -181,14 +181,14 @@ libcap-ng-devel-0.8.4-1.azl3.x86_64.rpm
 libffi-3.4.4-1.azl3.x86_64.rpm
 libffi-debuginfo-3.4.4-1.azl3.x86_64.rpm
 libffi-devel-3.4.4-1.azl3.x86_64.rpm
-libgcc-13.2.0-3.azl3.x86_64.rpm
-libgcc-atomic-13.2.0-3.azl3.x86_64.rpm
-libgcc-devel-13.2.0-3.azl3.x86_64.rpm
+libgcc-13.2.0-4.azl3.x86_64.rpm
+libgcc-atomic-13.2.0-4.azl3.x86_64.rpm
+libgcc-devel-13.2.0-4.azl3.x86_64.rpm
 libgcrypt-1.10.2-1.azl3.x86_64.rpm
 libgcrypt-debuginfo-1.10.2-1.azl3.x86_64.rpm
 libgcrypt-devel-1.10.2-1.azl3.x86_64.rpm
-libgomp-13.2.0-3.azl3.x86_64.rpm
-libgomp-devel-13.2.0-3.azl3.x86_64.rpm
+libgomp-13.2.0-4.azl3.x86_64.rpm
+libgomp-devel-13.2.0-4.azl3.x86_64.rpm
 libgpg-error-1.47-1.azl3.x86_64.rpm
 libgpg-error-debuginfo-1.47-1.azl3.x86_64.rpm
 libgpg-error-devel-1.47-1.azl3.x86_64.rpm
@@ -227,8 +227,8 @@ libsolv-tools-0.7.28-1.azl3.x86_64.rpm
 libssh2-1.11.0-1.azl3.x86_64.rpm
 libssh2-debuginfo-1.11.0-1.azl3.x86_64.rpm
 libssh2-devel-1.11.0-1.azl3.x86_64.rpm
-libstdc++-13.2.0-3.azl3.x86_64.rpm
-libstdc++-devel-13.2.0-3.azl3.x86_64.rpm
+libstdc++-13.2.0-4.azl3.x86_64.rpm
+libstdc++-devel-13.2.0-4.azl3.x86_64.rpm
 libtasn1-4.19.0-1.azl3.x86_64.rpm
 libtasn1-debuginfo-4.19.0-1.azl3.x86_64.rpm
 libtasn1-devel-4.19.0-1.azl3.x86_64.rpm
diff --git a/toolkit/scripts/toolchain/container/toolchain_build_in_chroot.sh b/toolkit/scripts/toolchain/container/toolchain_build_in_chroot.sh
index 1b3b76bf61d..2202b0cb4a3 100755
--- a/toolkit/scripts/toolchain/container/toolchain_build_in_chroot.sh
+++ b/toolkit/scripts/toolchain/container/toolchain_build_in_chroot.sh
@@ -342,9 +342,11 @@ tar xf gcc-13.2.0.tar.xz
 pushd gcc-13.2.0
 case $(uname -m) in
   x86_64)
+    GCC_CONFIG_WITH_ARCH="x86-64-v3"
     sed -e '/m64=/s/lib64/lib/' -i.orig gcc/config/i386/t-linux64
   ;;
   aarch64)
+    GCC_CONFIG_WITH_ARCH="armv8.1-a"
     sed -e '/mabi.lp64=/s/lib64/lib/' -i.orig gcc/config/aarch64/t-aarch64-linux
   ;;
 esac
@@ -359,6 +361,7 @@ LD=ld \
              --disable-bootstrap      \
              --disable-fixincludes    \
              --disable-libsanitizer   \
+             --with-arch=$GCC_CONFIG_WITH_ARCH \
              --with-system-zlib       \
              --enable-languages=c,c++,fortran
 make -j$(nproc)
diff --git a/toolkit/scripts/toolchain/container/toolchain_build_temp_tools.sh b/toolkit/scripts/toolchain/container/toolchain_build_temp_tools.sh
index 1ffaa9bb267..d0788f5c0a0 100755
--- a/toolkit/scripts/toolchain/container/toolchain_build_temp_tools.sh
+++ b/toolkit/scripts/toolchain/container/toolchain_build_temp_tools.sh
@@ -47,9 +47,11 @@ tar xf ../mpc-1.3.1.tar.gz
 mv -v mpc-1.3.1 mpc
 case $(uname -m) in
   x86_64)
+    GCC_CONFIG_WITH_ARCH="x86-64-v3"
     sed -e '/m64=/s/lib64/lib/' -i.orig gcc/config/i386/t-linux64
   ;;
   aarch64)
+    GCC_CONFIG_WITH_ARCH="armv8.1-a"
     sed -e '/mabi.lp64=/s/lib64/lib/' -i.orig gcc/config/aarch64/t-aarch64-linux
   ;;
 esac
@@ -75,6 +77,7 @@ cd       build
     --disable-libssp                               \
     --disable-libvtv                               \
     --disable-libstdcxx                            \
+    --with-arch=$GCC_CONFIG_WITH_ARCH              \
     --enable-languages=c,c++
 make -j$(nproc)
 make install
@@ -449,6 +452,7 @@ cd       build
     --disable-libsanitizer                         \
     --disable-libssp                               \
     --disable-libvtv                               \
+    --with-arch=$GCC_CONFIG_WITH_ARCH              \
     --enable-languages=c,c++
 make -j$(nproc)
 make DESTDIR=$LFS install

From b7df5e9cc1f5bc1ae8c07ad286f0ef1393acdb58 Mon Sep 17 00:00:00 2001
From: Betty <38226164+BettyRain@users.noreply.github.com>
Date: Wed, 24 Apr 2024 18:35:11 -0700
Subject: [PATCH 41/62] clamav: upgrade to 1.0.6 (#8850)

Co-authored-by: Betty Lakes <bettylakes@microsoft.com>
---
 SPECS/clamav/clamav.signatures.json |  4 ++--
 SPECS/clamav/clamav.spec            | 18 ++++++++++--------
 cgmanifest.json                     |  4 ++--
 3 files changed, 14 insertions(+), 12 deletions(-)

diff --git a/SPECS/clamav/clamav.signatures.json b/SPECS/clamav/clamav.signatures.json
index eacaf8d41b6..2dc865a6bdd 100644
--- a/SPECS/clamav/clamav.signatures.json
+++ b/SPECS/clamav/clamav.signatures.json
@@ -1,6 +1,6 @@
 {
  "Signatures": {
-  "clamav-0.105.2.tar.gz": "3827f6f22c08a83c52cd29f3562d780af6db65e825b0e0969608061209a90aa5",
-  "clamav-clamav-0.105.2-cargo-rev2.tar.gz": "08f7b90bb8662ae1acc4a78f6688d8e03d62d4a8db913d6c896ba5b30a74791b"
+  "clamav-1.0.6.tar.gz": "7a9691525bd150f9419c337d25d8c28402ed35beea7aa19563aabcddc248de52",
+  "clamav-1.0.6-cargo.tar.gz": "20b6179033c32ad81023ccc4a4262730d10fa80cd7ae678b386f139305b1e31f"
  }
 }
diff --git a/SPECS/clamav/clamav.spec b/SPECS/clamav/clamav.spec
index e059549f1f3..55e0e8e2736 100644
--- a/SPECS/clamav/clamav.spec
+++ b/SPECS/clamav/clamav.spec
@@ -1,7 +1,7 @@
 Summary:        Open source antivirus engine
 Name:           clamav
-Version:        0.105.2
-Release:        5%{?dist}
+Version:        1.0.6
+Release:        1%{?dist}
 License:        ASL 2.0 AND BSD AND bzip2-1.0.4 AND GPLv2 AND LGPLv2+ AND MIT AND Public Domain AND UnRar
 Vendor:         Microsoft Corporation
 Distribution:   Azure Linux
@@ -14,8 +14,7 @@ Source0:        https://github.com/Cisco-Talos/clamav/archive/refs/tags/%{name}-
 
 # Note: Required an updated cargo cache when rust was updated to 1.72.0, added "-rev2" to the filename to indicate the new cache for this
 # specific event. Revert back to the original filename when a new cache is created for a different version.
-Source1:        %{name}-%{name}-%{version}-cargo-rev2.tar.gz
-Patch0:         CVE-2022-48579.patch
+Source1:        %{name}-%{version}-cargo.tar.gz
 BuildRequires:  bzip2-devel
 BuildRequires:  check-devel
 BuildRequires:  cmake
@@ -35,6 +34,7 @@ BuildRequires:  python3-pytest
 BuildRequires:  rust
 BuildRequires:  systemd
 BuildRequires:  systemd-devel
+BuildRequires:  systemd-rpm-macros
 BuildRequires:  valgrind
 BuildRequires:  zlib-devel
 Requires:       openssl
@@ -56,7 +56,7 @@ mkdir -p $HOME
 pushd $HOME
 tar xf %{SOURCE1} --no-same-owner
 popd
-%autosetup -p1 -n clamav-clamav-%{version}
+%autosetup -n clamav-clamav-%{version}
 
 %build
 export CARGO_NET_OFFLINE=true
@@ -77,11 +77,10 @@ cmake \
     -D ENABLE_SYSTEMD=ON \
     -D ENABLE_MILTER=OFF \
     -D ENABLE_EXAMPLES=OFF
-%cmake_build
+%cmake3_build
 
 %check
-cd build
-ctest --verbose
+%ctest3 -- -E valgrind
 
 %install
 %cmake_install
@@ -137,6 +136,9 @@ fi
 %dir %attr(-,clamav,clamav) %{_sharedstatedir}/clamav
 
 %changelog
+* Thu Apr 18 2024 Betty Lakes <bettylakes@microsoft.com> - 1.0.6-1
+- Upgrade to version 1.0.6
+
 * Wed Apr 17 2024 Andrew Phelps <anphel@microsoft.com> - 0.105.2-5
 - Fix build break by adding BR for systemd
 
diff --git a/cgmanifest.json b/cgmanifest.json
index 3b204adeb82..48c85e622db 100644
--- a/cgmanifest.json
+++ b/cgmanifest.json
@@ -1747,8 +1747,8 @@
         "type": "other",
         "other": {
           "name": "clamav",
-          "version": "0.105.2",
-          "downloadUrl": "https://github.com/Cisco-Talos/clamav/archive/refs/tags/clamav-0.105.2.tar.gz"
+          "version": "1.0.6",
+          "downloadUrl": "https://github.com/Cisco-Talos/clamav/archive/refs/tags/clamav-1.0.6.tar.gz"
         }
       }
     },

From 9490174c71f5cb1b045f421d2a81710532784c34 Mon Sep 17 00:00:00 2001
From: Daniel McIlvaney <damcilva@microsoft.com>
Date: Thu, 25 Apr 2024 10:54:10 -0700
Subject: [PATCH 42/62] Update Makefile to use ms-oss PMC url instead of
 Microsoft (#8901)

---
 toolkit/Makefile | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/toolkit/Makefile b/toolkit/Makefile
index 7d6a50b1185..88c8c94ec48 100644
--- a/toolkit/Makefile
+++ b/toolkit/Makefile
@@ -129,7 +129,7 @@ SOURCE_URL         ?= https://cblmarinerstorage.blob.core.windows.net/sources/co
 ##help:var:PACKAGE_URL_LIST:<urls_list>=Space-separated list of URLs to download toolchain RPM packages from, used to populate the toolchain packages if `REBUILD_TOOLCHAIN=n'. The URLs will replace the default set of URLs. Print default list with 'make -s printvar-PACKAGE_URL_LIST'.
 PACKAGE_URL_LIST   ?= https://packages.microsoft.com/azurelinux/$(RELEASE_MAJOR_ID)/prod/base/$(build_arch)
 PACKAGE_URL_LIST   += https://packages.microsoft.com/azurelinux/$(RELEASE_MAJOR_ID)/prod/base/debuginfo/$(build_arch)
-PACKAGE_URL_LIST   += https://packages.microsoft.com/azurelinux/$(RELEASE_MAJOR_ID)/prod/Microsoft/$(build_arch)
+PACKAGE_URL_LIST   += https://packages.microsoft.com/azurelinux/$(RELEASE_MAJOR_ID)/prod/ms-oss/$(build_arch)
 REPO_LIST          ?=
 SRPM_URL_LIST      ?= https://packages.microsoft.com/azurelinux/$(RELEASE_MAJOR_ID)/prod/base/srpms
 
@@ -163,7 +163,7 @@ else
    ifeq ($(USE_PREVIEW_REPO),y)
       override PACKAGE_URL_LIST   += https://packages.microsoft.com/azurelinux/$(RELEASE_MAJOR_ID)/preview/base/$(build_arch)
       override PACKAGE_URL_LIST   += https://packages.microsoft.com/azurelinux/$(RELEASE_MAJOR_ID)/preview/base/debuginfo/$(build_arch)
-      override PACKAGE_URL_LIST   += https://packages.microsoft.com/azurelinux/$(RELEASE_MAJOR_ID)/preview/Microsoft/$(build_arch)
+      override PACKAGE_URL_LIST   += https://packages.microsoft.com/azurelinux/$(RELEASE_MAJOR_ID)/preview/ms-oss/$(build_arch)
       override SRPM_URL_LIST      += https://packages.microsoft.com/azurelinux/$(RELEASE_MAJOR_ID)/preview/base/srpms
       ifneq ($(wildcard $(PREVIEW_REPO)),)
          override REPO_LIST += $(PREVIEW_REPO)

From 7e82923763107c3fbbf84ad2ceb3e60e6f6401fb Mon Sep 17 00:00:00 2001
From: Mykhailo Bykhovtsev <108374904+mbykhovtsev-ms@users.noreply.github.com>
Date: Thu, 25 Apr 2024 11:09:39 -0700
Subject: [PATCH 43/62] Upgrading ocaml to 5.1.1, promoting annobin and
 updating llvm (#8326)

---
 .../annobin/annobin.signatures.json           |   5 -
 SPECS/annobin/annobin.signatures.json         |   5 +
 .../annobin/annobin.spec                      | 386 +++++++---
 SPECS/llvm/llvm.spec                          |  13 +-
 .../0001-Don-t-add-rpaths-to-libraries.patch  |  41 +-
 ...-Allow-user-defined-C-compiler-flags.patch |  39 +-
 ...ters-tests-to-avoid-false-positive-w.patch | 694 ++++++++++++++++++
 ...-stack-reallocation-code-in-PIC-mode.patch |  24 +
 SPECS/ocaml/macros.ocaml-rpm                  |  69 ++
 SPECS/ocaml/ocaml.signatures.json             |   4 +-
 SPECS/ocaml/ocaml.spec                        | 391 +++++++---
 SPECS/ocaml/ocaml_files.py                    | 451 ++++++++++++
 cgmanifest.json                               |   8 +-
 13 files changed, 1880 insertions(+), 250 deletions(-)
 delete mode 100644 SPECS-EXTENDED/annobin/annobin.signatures.json
 create mode 100644 SPECS/annobin/annobin.signatures.json
 rename {SPECS-EXTENDED => SPECS}/annobin/annobin.spec (74%)
 create mode 100644 SPECS/ocaml/0003-Update-framepointers-tests-to-avoid-false-positive-w.patch
 create mode 100644 SPECS/ocaml/0004-Fix-s390x-stack-reallocation-code-in-PIC-mode.patch
 create mode 100644 SPECS/ocaml/macros.ocaml-rpm
 create mode 100644 SPECS/ocaml/ocaml_files.py

diff --git a/SPECS-EXTENDED/annobin/annobin.signatures.json b/SPECS-EXTENDED/annobin/annobin.signatures.json
deleted file mode 100644
index 9cc241912eb..00000000000
--- a/SPECS-EXTENDED/annobin/annobin.signatures.json
+++ /dev/null
@@ -1,5 +0,0 @@
-{
- "Signatures": {
-  "annobin-9.27.tar.xz": "1d94816974d265f3f3ccfa03c211bfdab40119392f2e217f0f403f683f027351"
- }
-}
diff --git a/SPECS/annobin/annobin.signatures.json b/SPECS/annobin/annobin.signatures.json
new file mode 100644
index 00000000000..409020db434
--- /dev/null
+++ b/SPECS/annobin/annobin.signatures.json
@@ -0,0 +1,5 @@
+{
+ "Signatures": {
+  "annobin-12.49.tar.xz": "991660e75fa3314537cc3f5d4653265b60e46f2015dce026eacaa57878cbfbab"
+ }
+}
diff --git a/SPECS-EXTENDED/annobin/annobin.spec b/SPECS/annobin/annobin.spec
similarity index 74%
rename from SPECS-EXTENDED/annobin/annobin.spec
rename to SPECS/annobin/annobin.spec
index 1f9e27acef5..ee4fc6d396b 100644
--- a/SPECS-EXTENDED/annobin/annobin.spec
+++ b/SPECS/annobin/annobin.spec
@@ -1,62 +1,151 @@
-Vendor:         Microsoft Corporation
-Distribution:   Azure Linux
-
 Name:    annobin
 Summary: Binary annotation plugin for GCC
-Version: 9.27
-Release: 4%{?dist}
-License: GPLv3+
-URL:     https://fedoraproject.org/wiki/Toolchain/Watermark
+Version: 12.49
+Release: 1%{?dist}
+License: GPL-3.0-or-later AND LGPL-2.0-or-later AND (GPL-2.0-or-later WITH GCC-exception-2.0) AND (LGPL-2.0-or-later WITH GCC-exception-2.0) AND GFDL-1.3-or-later
+Vendor:         Microsoft Corporation
+Distribution:   Azure Linux
+URL: https://sourceware.org/annobin/
 # Maintainer: nickc@redhat.com
+# Web Page: https://sourceware.org/annobin/
+# Watermark Protocol: https://fedoraproject.org/wiki/Toolchain/Watermark
 
+#---------------------------------------------------------------------------------
 
-# # Do not build the annobin plugin with annotation enabled.
-# # This is because if we are bootstrapping a new build environment we can have
-# # a new version of gcc installed, but without a new of annobin installed.
-# # (i.e. we are building the new version of annobin to go with the new version
-# # of gcc).  If the *old* annobin plugin is used whilst building this new
-# # version, the old plugin will complain that version of gcc for which it
-# # was built is different from the version of gcc that is now being used, and
-# # then it will abort.
-#
-# Suppress this for BZ 1630550.
-# The problem should now only arise when rebasing to a new major version
-# of gcc, in which case the undefine below can be temporarily reinstated.
+# Set this to zero to disable the requirement for a specific version of gcc.
+# This should only be needed if there is some kind of problem with the version
+# checking logic or when building on RHEL-7 or earlier.
 #
-# %%undefine _annotated_build
-
-# Use "--without tests" to disable the testsuite.  The default is to run them.
-%bcond_without tests
+# Update: now that we have gcc version checking support in redhat-rpm-config
+# there is no longer a great need for a hard gcc version check here.  Not
+# enabling this check greatly simplifies the process of installing a new major
+# version of gcc into the buildroot.
+%global with_hard_gcc_version_requirement 0
 
-# Use "--without annocheck" to disable the installation of the annocheck program.
-%bcond_without annocheck
+#---------------------------------------------------------------------------------
 
-# Use "--with debuginfod" to force support for debuginfod to be compiled into
-# the annocheck program.  By default the configure script will check for
-# availablilty at build time, but this might not match the run time situation.
-%bcond_with debuginfod
+%global annobin_sources annobin-%{version}.tar.xz
+Source: https://nickc.fedorapeople.org/%{annobin_sources}
+# For the latest sources use:  git clone git://sourceware.org/git/annobin.git
 
-# Set this to zero to disable the requirement for a specific version of gcc.
-# This should only be needed if there is some kind of problem with the version
-# checking logic or when building on RHEL-7 or earlier.
-%global with_hard_gcc_version_requirement 1
+# This is where a copy of the sources will be installed.
+%global annobin_source_dir %{_usrsrc}/annobin
 
-# Enable this if it is necessary to build annobin without using annobin.
-# This is useful for example if the annobin plugin fails because of a change
-# in the size of gcc's global_options structure.  In order to rebuild annobin
-# against the changed gcc it is necessary to disable annobin as otherwise
-# the configuration step of annobin's build will fail.
-%undefine _annotated_build
+# Insert patches here, if needed.  Eg:
+# Patch01: annobin-plugin-default-string-notes.patch
 
 #---------------------------------------------------------------------------------
-Source:  https://nickc.fedorapeople.org/annobin-%{version}.tar.xz
-# For the latest sources use:  git clone git://sourceware.org/git/annobin.git
 
-# Insert patches here, if needed.
-# Patch01: annobin-xxx.patch
+# Make sure that the necessary sub-packages are built.
+
+Requires: %{name}-plugin-gcc
+Requires: %{name}-plugin-llvm
+Requires: %{name}-plugin-clang
 
 #---------------------------------------------------------------------------------
 
+%description
+This package contains the tools needed to annotate binary files created by
+compilers, and also the tools needed to examine those annotations.
+
+One of the tools is a plugin for GCC that records information about the
+security options that were in effect when the binary was compiled.
+
+Note - the plugin is automatically enabled in gcc builds via flags
+provided by the redhat-rpm-macros package.
+
+One of the tools is a plugin for Clang that records information about the
+security options that were in effect when the binary was compiled.
+
+One of the tools is a plugin for LLVM that records information about the
+security options that were in effect when the binary was compiled.
+
+One of the tools is a security checker which analyses the notes present in
+annotated files and reports on any missing security options.
+
+
+#---------------------------------------------------------------------------
+
+# Now that we have sub-packages for all of the plugins and for annocheck,
+# there are no executables left to go into the "annobin" rpm.  But top-level
+# packages cannot have "BuildArch: noarch" if sub-packages do have
+# architecture requirements, and rpmlint generates an error if an
+# architecture specific rpm does not contain any binaries.  So instead all of
+# the documentation has been moved into an architecture neutral sub-package,
+# and there no longer is a top level annobin rpm at all.
+
+%package       docs
+Summary:       Documentation and shell scripts for use with annobin
+BuildArch:     noarch
+# The documentation uses pod2man...
+BuildRequires: perl-interpreter
+BuildRequires: perl-podlators
+BuildRequires: gawk
+BuildRequires: make
+BuildRequires: sharutils
+
+%description docs
+Provides the documentation files and example shell scripts for use with annobin.
+
+#----------------------------------------------------------------------------
+%package       tests
+Summary:       Test scripts and binaries for checking the behaviour and output of the annobin plugin
+Requires: %{name}-docs = %{version}-%{release}
+BuildRequires: make
+BuildRequires: sharutils
+BuildRequires: elfutils-devel
+
+%description tests
+Provides a means to test the generation of annotated binaries and the parsing
+of the resulting files.
+
+#----------------------------------------------------------------------------
+
+%package       annocheck
+Summary:       A tool for checking the security hardening status of binaries
+
+BuildRequires: gcc
+BuildRequires: elfutils
+BuildRequires: elfutils-devel
+BuildRequires: elfutils-libelf-devel
+BuildRequires: rpm-devel
+BuildRequires: make
+
+Requires: %{name}-docs = %{version}-%{release}
+Requires: cpio
+Requires: rpm
+
+%description annocheck
+Installs the annocheck program which uses the notes generated by annobin to
+check that the specified files were compiled with the correct security
+hardening options.
+
+%package libannocheck
+Summary: A library for checking the security hardening status of binaries
+
+BuildRequires: gcc
+BuildRequires: elfutils
+BuildRequires: elfutils-devel
+BuildRequires: elfutils-libelf-devel
+BuildRequires: rpm-devel
+BuildRequires: make
+
+Requires: %{name}-docs = %{version}-%{release}
+
+%description libannocheck
+Installs the libannocheck library which uses the notes generated by the
+annobin plugins to check that the specified files were compiled with the
+correct security hardening options.
+
+#----------------------------------------------------------------------------
+%package plugin-gcc
+Summary: annobin gcc plugin
+
+Requires: %{name}-docs = %{version}-%{release}
+Conflicts: %{name} <= 9.60-1
+BuildRequires: gcc-c++
+BuildRequires: gcc-plugin-devel
+
 # [Stolen from gcc-python-plugin]
 # GCC will only load plugins that were built against exactly that build of GCC
 # We thus need to embed the exact GCC version as a requirement within the
@@ -72,37 +161,29 @@ Source:  https://nickc.fedorapeople.org/annobin-%{version}.tar.xz
 #
 # So we instead query the version from gcc's output.
 #
-# gcc.spec has:
-#   Version: %%{gcc_version}
-#   Release: %%{gcc_release}%%{?dist}
-#   ...snip...
-#   echo 'Red Hat %%{version}-%%{gcc_release}' > gcc/DEV-PHASE
-#
 # So, given this output:
 #
-#   $ gcc --version
-#   gcc (GCC) 9.1.0
-#   Copyright (C) 2011 Free Software Foundation, Inc.
-#   This is free software; see the source for copying conditions.  There is NO
-#   warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
+# gcc (GCC) 13.2.0"
+# Copyright (C) 2023 Free Software Foundation, Inc."
+# This is free software; see the source for copying conditions.  There is NO"
+# warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
 #
-# we can scrape out the "9.1.0" from the version line.
+# we can scrape out the "13.2.0" from the version line.
 #
 # The following implements the above:
 
-%global gcc_vr %(gcc --version | head -n 1 | cut -f3 -d" ")
+%global gcc_vr %(gcc --version | head -n 1 | sed -e 's|.*(GCC)||g')
 
 # We need the major version of gcc.
 %global gcc_major %(echo "%{gcc_vr}" | cut -f1 -d".")
 %global gcc_next  %(v="%{gcc_major}"; echo $((++v)))
 
 # Needed when building the srpm.
-%if 0%{?gcc_major}
-%else
+%if "0%{?gcc_major}" == "0"
 %global gcc_major 0
 %endif
 
-# This is a gcc plugin, hence gcc is required.
+# For a gcc plugin gcc is required.
 %if %{with_hard_gcc_version_requirement}
 # BZ 1607430 - There is an exact requirement on the major version of gcc.
 Requires: (gcc >= %{gcc_major} with gcc < %{gcc_next})
@@ -110,49 +191,54 @@ Requires: (gcc >= %{gcc_major} with gcc < %{gcc_next})
 Requires: gcc
 %endif
 
-BuildRequires: gcc gcc-plugin-devel gcc-c++
-
-%description
-Provides a plugin for GCC that records extra information in the files
-that it compiles.
+# Information about the gcc plugin is recorded in this file.
+%global aver annobin-plugin-version-info
 
-Note - the plugin is automatically enabled in gcc builds via flags
-provided by the redhat-rpm-macros package.
+%description plugin-gcc
+Installs an annobin plugin that can be used by gcc.
 
 #---------------------------------------------------------------------------------
-%if %{with tests}
-
-%package tests
-Summary: Test scripts and binaries for checking the behaviour and output of the annobin plugin
+%package plugin-llvm
+Summary: annobin llvm plugin
 
-%description tests
-Provides a means to test the generation of annotated binaries and the parsing
-of the resulting files.
+Requires: %{name}-docs = %{version}-%{release}
+Requires: llvm
+Conflicts: %{name} <= 9.60-1
+BuildRequires: clang
+BuildRequires: clang-devel
+BuildRequires: compiler-rt
+BuildRequires: llvm
+BuildRequires: llvm-devel
 
-%endif
+%description plugin-llvm
+Installs an annobin plugin that can be used by LLVM tools.
 
 #---------------------------------------------------------------------------------
-%if %{with annocheck}
-
-%package annocheck
-Summary: A tool for checking the security hardening status of binaries
 
-BuildRequires: gcc elfutils elfutils-devel elfutils-libelf-devel rpm-devel binutils-devel
-%if %{with debuginfod}
-BuildRequires: elfutils-debuginfod-client-devel
-%endif
+%package plugin-clang
+Summary: annobin clang plugin
 
-%description annocheck
-Installs the annocheck program which uses the notes generated by annobin to
-check that the specified files were compiled with the correct security
-hardening options.
+Requires: %{name}-docs = %{version}-%{release}
+Requires: llvm
+Conflicts: %{name} <= 9.60-1
+BuildRequires: clang
+BuildRequires: clang-devel
+BuildRequires: compiler-rt
+BuildRequires: llvm
+BuildRequires: llvm-devel
 
-%endif
+%description plugin-clang
+Installs an annobin plugin that can be used by Clang.
 
 #---------------------------------------------------------------------------------
 
+# Decide where the plugins will live.  Change if necessary.
+
 %global ANNOBIN_GCC_PLUGIN_DIR %(gcc --print-file-name=plugin)
 
+%{!?llvm_plugin_dir:%global  llvm_plugin_dir  %{_libdir}/llvm/plugins}
+%{!?clang_plugin_dir:%global clang_plugin_dir %{_libdir}/clang/plugins}
+
 #---------------------------------------------------------------------------------
 
 %prep
@@ -176,79 +262,143 @@ touch doc/annobin.info
 #---------------------------------------------------------------------------------
 
 %build
+CONFIG_ARGS="$CONFIG_ARGS --quiet --with-debuginfod --with-clang --with-gcc-plugin-dir=%{ANNOBIN_GCC_PLUGIN_DIR} --with-llvm"
 
-CONFIG_ARGS=
+export CFLAGS="$CFLAGS -DAARCH64_BRANCH_PROTECTION_SUPPORTED=1"
 
-%if %{with debuginfod}
-CONFIG_ARGS="$CONFIG_ARGS --with-debuginfod"
-%else
-CONFIG_ARGS="$CONFIG_ARGS --without-debuginfod"
+%set_build_flags
+
+export CFLAGS="$CFLAGS $RPM_OPT_FLAGS %build_cflags"
+export LDFLAGS="$LDFLAGS %build_ldflags"
+
+export PLUGIN_FORTIFY_OPTION="-D_FORTIFY_SOURCE=3"
+
+# Set target-specific security options to be used when building the
+# Clang and LLVM plugins.  FIXME: There should be a better way to do
+# this.
+%ifarch %{ix86} x86_64
+export CLANG_TARGET_OPTIONS="-fcf-protection"
 %endif
 
-%if %{without tests}
-CONFIG_ARGS="$CONFIG_ARGS --without-test"
+%ifarch aarch64
+export CLANG_TARGET_OPTIONS="-mbranch-protection=standard"
 %endif
 
-%configure --quiet --with-gcc-plugin-dir=%{ANNOBIN_GCC_PLUGIN_DIR} ${CONFIG_ARGS} || cat config.log
+CFLAGS="$CFLAGS" LDFLAGS="$LDFLAGS" CXXFLAGS="$CFLAGS" %configure ${CONFIG_ARGS} || cat config.log
 
 %make_build
 
-# Rebuild the plugin, this time using the plugin itself!  This
+# Rebuild the plugin(s), this time using the plugin itself!  This
 # ensures that the plugin works, and that it contains annotations
-# of its own.  This could mean that we end up with a plugin with
-# double annotations in it.  (If the build system enables annotations
-# for plugins by default).  I have not tested this yet, but I think
-# that it should be OK.
+# of its own.
+
 cp gcc-plugin/.libs/annobin.so.0.0.0 %{_tmppath}/tmp_annobin.so
 make -C gcc-plugin clean
-BUILD_FLAGS="-fplugin=%{_tmppath}/tmp_annobin.so -fplugin-arg-tmp_annobin-rename"
-# If building on RHEL7, enable the next option as the .attach_to_group assembler pseudo op is not available in the assembler.
+BUILD_FLAGS="-fplugin=%{_tmppath}/tmp_annobin.so"
+
+OPTS="$(rpm --undefine=_annotated_build --eval '%build_cflags %build_ldflags')"
+
+# If building on systems with an assembler that does not support the
+# .attach_to_group pseudo op (eg RHEL-7) then enable the next line.
 # BUILD_FLAGS="$BUILD_FLAGS -fplugin-arg-tmp_annobin-no-attach"
-make -C gcc-plugin CXXFLAGS="%{optflags} $BUILD_FLAGS"
+
+make -C gcc-plugin CXXFLAGS="$OPTS $BUILD_FLAGS"
 rm %{_tmppath}/tmp_annobin.so
 
+cp clang-plugin/annobin-for-clang.so %{_tmppath}/tmp_annobin.so
+# To enable verbose more in the plugin append the following: ANNOBIN="verbose"
+make -C clang-plugin clean all CLANG_TARGET_OPTIONS="$CLANG_TARGET_OPTIONS $BUILD_FLAGS" 
+
+cp llvm-plugin/annobin-for-llvm.so %{_tmppath}/tmp_annobin.so
+# To enable verbose more in the plugin append the following: ANNOBIN_VERBOSE="true"            
+make -C llvm-plugin clean all CLANG_TARGET_OPTIONS="$CLANG_TARGET_OPTIONS $BUILD_FLAGS"
+
 #---------------------------------------------------------------------------------
 
 %install
-%make_install
-%{__rm} -f %{buildroot}%{_infodir}/dir
+
+# PLUGIN_INSTALL_DIR is used by the Clang and LLVM makefiles...
+%make_install PLUGIN_INSTALL_DIR=%{buildroot}/%{llvm_plugin_dir}
+
+# Move the clang plugin to a seperate directory.
+mkdir -p %{buildroot}/%{clang_plugin_dir}
+mv %{buildroot}/%{llvm_plugin_dir}/annobin-for-clang.so %{buildroot}/%{clang_plugin_dir}
+
+# Record the version of gcc that built this plugin.
+# Note - we cannot just store %%{gcc_vr} as sometimes the gcc rpm version changes
+# without the NVR being altered.  See BZ #2030671 for more discussion on this.
+mkdir -p                             %{buildroot}/%{ANNOBIN_GCC_PLUGIN_DIR}
+echo "%{gcc_vr}" > %{buildroot}/%{ANNOBIN_GCC_PLUGIN_DIR}/%{aver}
+
+# Also install a copy of the sources into the build tree.
+mkdir -p                            %{buildroot}%{annobin_source_dir}
+cp %{_sourcedir}/%{annobin_sources} %{buildroot}%{annobin_source_dir}/latest-annobin.tar.xz
+
+rm -f %{buildroot}%{_infodir}/dir
 
 #---------------------------------------------------------------------------------
 
-%if %{with tests}
 %check
-# Change the following line to "make check || :" on RHEL7 or if you need to see the
-# test suite logs in order to diagnose a test failure.
-make check
+# The first "make check" is run with "|| :" so that we can capture any logs
+# from failed tests.  The second "make check" is there so that the build
+# will fail if any of the tests fail.
+make check || :
 if [ -f tests/test-suite.log ]; then
     cat tests/test-suite.log
 fi
-%endif
+# If necessary use uuencode to preserve test binaries here.  For example:
+#   uuencode tests/tmp_atexit/atexit.strip atexit.strip
+
+make check
 
 #---------------------------------------------------------------------------------
 
-%files
-%{ANNOBIN_GCC_PLUGIN_DIR}
+%files docs
 %license COPYING3 LICENSE
 %exclude %{_datadir}/doc/annobin-plugin/COPYING3
 %exclude %{_datadir}/doc/annobin-plugin/LICENSE
 %doc %{_datadir}/doc/annobin-plugin/annotation.proposal.txt
 %{_infodir}/annobin.info*
 %{_mandir}/man1/annobin.1*
-%{_mandir}/man1/built-by.1*
-%{_mandir}/man1/check-abi.1*
-%{_mandir}/man1/hardened.1*
-%{_mandir}/man1/run-on-binaries-in.1*
+%exclude %{_mandir}/man1/built-by.1*
+%exclude %{_mandir}/man1/check-abi.1*
+%exclude %{_mandir}/man1/hardened.1*
+%exclude %{_mandir}/man1/run-on-binaries-in.1*
+
+%files plugin-llvm
+%dir %{llvm_plugin_dir}
+%{llvm_plugin_dir}/annobin-for-llvm.so
+
+%files plugin-clang
+%dir %{clang_plugin_dir}
+%{clang_plugin_dir}/annobin-for-clang.so
+
+%files plugin-gcc
+%dir %{ANNOBIN_GCC_PLUGIN_DIR}
+%{ANNOBIN_GCC_PLUGIN_DIR}/annobin.so
+%{ANNOBIN_GCC_PLUGIN_DIR}/annobin.so.0
+%{ANNOBIN_GCC_PLUGIN_DIR}/annobin.so.0.0.0
+%{ANNOBIN_GCC_PLUGIN_DIR}/%{aver}
+%{annobin_source_dir}/latest-annobin.tar.xz
 
-%if %{with annocheck}
 %files annocheck
 %{_bindir}/annocheck
 %{_mandir}/man1/annocheck.1*
-%endif
+
+%files libannocheck
+%{_includedir}/libannocheck.h
+%{_libdir}/libannocheck.*
+%{_libdir}/pkgconfig/libannocheck.pc
 
 #---------------------------------------------------------------------------------
 
 %changelog
+* Fri Mar 08 2024 Mykhailo Bykhovtsev <mbykhovtsev@microsoft.com> - 12.40-1
+- Promoted package from extended to core
+- Upgraded to 12.49
+- Imported and adopted the spec from Fedora
+- License verified
+
 * Fri Oct 15 2021 Pawel Winogrodzki <pawelwi@microsoft.com> - 9.27-4
 - Initial CBL-Mariner import from Fedora 32 (license: MIT).
 
diff --git a/SPECS/llvm/llvm.spec b/SPECS/llvm/llvm.spec
index 236c06d569b..a0a649f6fe7 100644
--- a/SPECS/llvm/llvm.spec
+++ b/SPECS/llvm/llvm.spec
@@ -1,7 +1,7 @@
 Summary:        A collection of modular and reusable compiler and toolchain technologies.
 Name:           llvm
 Version:        18.1.2
-Release:        1%{?dist}
+Release:        2%{?dist}
 License:        NCSA
 Vendor:         Microsoft Corporation
 Distribution:   Azure Linux
@@ -14,6 +14,7 @@ BuildRequires:  libffi-devel
 BuildRequires:  libxml2-devel
 BuildRequires:  ninja-build
 BuildRequires:  python3-devel
+BuildRequires:  binutils-devel
 Requires:       libxml2
 Provides:       %{name} = %{version}
 Provides:       %{name} = %{version}-%{release}
@@ -62,6 +63,9 @@ cmake -G Ninja                              \
 %install
 %ninja_install -C build
 
+mkdir -p %{buildroot}%{_libdir}/bfd-plugins/
+ln -s -t %{buildroot}%{_libdir}/bfd-plugins/ ../LLVMgold.so
+
 %post   -p /sbin/ldconfig
 %postun -p /sbin/ldconfig
 
@@ -85,6 +89,8 @@ ninja check-all
 %{_bindir}/*
 %{_libdir}/*.so
 %{_libdir}/*.so.*
+%{_libdir}/LLVMgold.so
+%{_libdir}/bfd-plugins/LLVMgold.so
 %dir %{_datadir}/opt-viewer
 %{_datadir}/opt-viewer/opt-diff.py
 %{_datadir}/opt-viewer/opt-stats.py
@@ -96,9 +102,14 @@ ninja check-all
 %files devel
 %{_libdir}/*.a
 %{_libdir}/cmake/*
+%{_libdir}/LLVMgold.so
+%{_libdir}/bfd-plugins/LLVMgold.so
 %{_includedir}/*
 
 %changelog
+* Fri Apr 5 2024 Mykhailo Bykhovtsev <mbykhovtsev@microsoft.com> - 18.1.2-2
+- Added LLVMgold.so files to the main and devel packages
+
 * Wed Apr 03 2024 Andrew Phelps <anphel@microsoft.com> - 18.1.2-1
 - Upgrade to version 18.1.2
 
diff --git a/SPECS/ocaml/0001-Don-t-add-rpaths-to-libraries.patch b/SPECS/ocaml/0001-Don-t-add-rpaths-to-libraries.patch
index f079b47cc6b..d497a12ee6a 100644
--- a/SPECS/ocaml/0001-Don-t-add-rpaths-to-libraries.patch
+++ b/SPECS/ocaml/0001-Don-t-add-rpaths-to-libraries.patch
@@ -1,26 +1,23 @@
-From 23f2e84d360208759c7d82b7ff795770ce6cf0b2 Mon Sep 17 00:00:00 2001
+From 799bf9088c131fc71626a48e9987e4d44a2f0194 Mon Sep 17 00:00:00 2001
 From: "Richard W.M. Jones" <rjones@redhat.com>
 Date: Tue, 24 Jun 2014 10:00:15 +0100
-Subject: [PATCH 1/3] Don't add rpaths to libraries.
-
+Subject: [PATCH 1/4] Don't add rpaths to libraries.
+ 
 ---
- utils/config.mlp | 4 ++--
- 1 file changed, 2 insertions(+), 2 deletions(-)
-
-diff --git a/utils/config.mlp b/utils/config.mlp
-index bbb3c5694..57d509cd0 100644
---- a/utils/config.mlp
-+++ b/utils/config.mlp
-@@ -55,8 +55,8 @@ let native_c_compiler =
- let native_c_libraries = "%%NATIVECCLIBS%%"
- let native_pack_linker = "%%PACKLD%%"
- let ranlib = "%%RANLIBCMD%%"
--let default_rpath = "%%RPATH%%"
--let mksharedlibrpath = "%%MKSHAREDLIBRPATH%%"
-+let default_rpath = ""
-+let mksharedlibrpath = ""
- let ar = "%%ARCMD%%"
- let supports_shared_libraries = %%SUPPORTS_SHARED_LIBRARIES%%
- let mkdll, mkexe, mkmaindll =
+ configure.ac | 2 --
+ 1 file changed, 2 deletions(-)
+ 
+diff --git a/configure.ac b/configure.ac
+index b81da53c42..892a2a894f 100644
+--- a/configure.ac
++++ b/configure.ac
+@@ -1107,8 +1107,6 @@ AS_IF([test x"$enable_shared" != "xno"],
+            [[*-*-openbsd7.[3-9]|*-*-openbsd[89].*]],
+            [mkdll_flags="${mkdll_flags} -Wl,--no-execute-only"])
+       oc_ldflags="$oc_ldflags -Wl,-E"
+-      rpath="-Wl,-rpath,"
+-      mksharedlibrpath="-Wl,-rpath,"
+       natdynlinkopts="-Wl,-E"
+       supports_shared_libraries=true],
+       [mkdll='shared-libs-not-available'])
 -- 
-2.32.0
diff --git a/SPECS/ocaml/0002-configure-Allow-user-defined-C-compiler-flags.patch b/SPECS/ocaml/0002-configure-Allow-user-defined-C-compiler-flags.patch
index 675d3b2db81..80c0e87e53f 100644
--- a/SPECS/ocaml/0002-configure-Allow-user-defined-C-compiler-flags.patch
+++ b/SPECS/ocaml/0002-configure-Allow-user-defined-C-compiler-flags.patch
@@ -1,17 +1,17 @@
-From 9966786a7389dc6621f2bc2dce7c690c5a38b67d Mon Sep 17 00:00:00 2001
+From f2b875e8201efed22267136096b1e5df97f99f84 Mon Sep 17 00:00:00 2001
 From: "Richard W.M. Jones" <rjones@redhat.com>
 Date: Tue, 29 May 2012 20:44:18 +0100
-Subject: [PATCH 2/3] configure: Allow user defined C compiler flags.
-
+Subject: [PATCH 2/4] configure: Allow user defined C compiler flags.
+ 
 ---
- configure.ac | 4 ++++
- 1 file changed, 4 insertions(+)
-
+ configure.ac | 8 ++++++--
+ 1 file changed, 6 insertions(+), 2 deletions(-)
+ 
 diff --git a/configure.ac b/configure.ac
-index 3698c7cbf..e2a3cbea0 100644
+index 892a2a894f..e8f6cbc863 100644
 --- a/configure.ac
 +++ b/configure.ac
-@@ -669,6 +669,10 @@ AS_CASE([$host],
+@@ -760,6 +760,10 @@ AS_CASE([$host],
        internal_cflags="$cc_warnings"],
      [common_cflags="-O"])])
  
@@ -19,8 +19,25 @@ index 3698c7cbf..e2a3cbea0 100644
 +common_cflags="$common_cflags $CFLAGS"
 +cclibs="$cclibs $LDFLAGS"
 +
- internal_cppflags="-DCAML_NAME_SPACE $internal_cppflags"
- 
  # Enable SSE2 on x86 mingw to avoid using 80-bit registers.
+ AS_CASE([$host],
+   [i686-*-mingw32*],
+@@ -2327,7 +2331,7 @@ AC_CONFIG_COMMANDS_PRE([
+       [mkexedebugflag="${mkexe_ldflags_prefix}${mkexedebugflag}"])
+     mkdll_ldflags=""
+     AS_IF([test -n "${LDFLAGS}"],
+-      [for flag in ${LDFLAGS}; do
++      [for flag in "${LDFLAGS}"; do
+         mkdll_ldflags="${mkdll_ldflags} ${mkexe_ldflags_prefix}${flag}"
+       done
+       mkdll_ldflags_exp="$mkdll_ldflags"])
+@@ -2353,7 +2357,7 @@ ${mkdll_ldflags}"
+   ],[
+     mkdll_ldflags='$(OC_DLL_LDFLAGS) $(LDFLAGS)'
+     mkdll_ldflags_exp="${oc_dll_ldflags}"
+-    AS_IF([test -n ${LDFLAGS}],
++    AS_IF([test -n "${LDFLAGS}"],
+       [mkdll_ldflags_exp="$mkdll_ldflags_exp $LDFLAGS"])
+     mkexe_ldflags="\$(OC_LDFLAGS) \$(LDFLAGS)"
+     mkexe_ldflags_exp="${oc_ldflags} ${LDFLAGS}"
 -- 
-2.32.0
diff --git a/SPECS/ocaml/0003-Update-framepointers-tests-to-avoid-false-positive-w.patch b/SPECS/ocaml/0003-Update-framepointers-tests-to-avoid-false-positive-w.patch
new file mode 100644
index 00000000000..10c2325ece6
--- /dev/null
+++ b/SPECS/ocaml/0003-Update-framepointers-tests-to-avoid-false-positive-w.patch
@@ -0,0 +1,694 @@
+From ba44a9c29771aacf44222a2ff63e7bd6034dd92c Mon Sep 17 00:00:00 2001
+From: Fabrice Buoro <fabrice@tarides.com>
+Date: Fri, 10 Mar 2023 09:36:22 -0700
+Subject: [PATCH 3/4] Update framepointers tests to avoid false positive with
+ inlined C functions
+
+---
+ testsuite/tests/frame-pointers/c_call.ml      |  14 +-
+ .../tests/frame-pointers/c_call.reference     |   9 -
+ testsuite/tests/frame-pointers/c_call.run     |   4 -
+ testsuite/tests/frame-pointers/c_call_.c      |  14 +-
+ testsuite/tests/frame-pointers/effects.ml     |  12 +-
+ .../tests/frame-pointers/effects.reference    |  15 --
+ testsuite/tests/frame-pointers/effects.run    |   4 -
+ .../tests/frame-pointers/exception_handler.ml |   4 +-
+ .../exception_handler.reference               |  12 --
+ .../frame-pointers/exception_handler.run      |   4 -
+ .../tests/frame-pointers/filter-locations.sh  |  23 ---
+ testsuite/tests/frame-pointers/fp_backtrace.c | 186 +++++++++++-------
+ testsuite/tests/frame-pointers/reperform.ml   |   4 +-
+ .../tests/frame-pointers/reperform.reference  |   3 -
+ testsuite/tests/frame-pointers/reperform.run  |   4 -
+ .../tests/frame-pointers/stack_realloc.ml     |   4 +-
+ .../frame-pointers/stack_realloc.reference    |   3 -
+ .../tests/frame-pointers/stack_realloc.run    |   4 -
+ .../tests/frame-pointers/stack_realloc2.ml    |   4 +-
+ .../frame-pointers/stack_realloc2.reference   |   3 -
+ .../tests/frame-pointers/stack_realloc2.run   |   4 -
+ 21 files changed, 144 insertions(+), 190 deletions(-)
+ delete mode 100644 testsuite/tests/frame-pointers/c_call.run
+ delete mode 100644 testsuite/tests/frame-pointers/effects.run
+ delete mode 100644 testsuite/tests/frame-pointers/exception_handler.run
+ delete mode 100755 testsuite/tests/frame-pointers/filter-locations.sh
+ delete mode 100644 testsuite/tests/frame-pointers/reperform.run
+ delete mode 100644 testsuite/tests/frame-pointers/stack_realloc.run
+ delete mode 100644 testsuite/tests/frame-pointers/stack_realloc2.run
+
+diff --git a/testsuite/tests/frame-pointers/c_call.ml b/testsuite/tests/frame-pointers/c_call.ml
+index c2493b3a99..9b98e86520 100644
+--- a/testsuite/tests/frame-pointers/c_call.ml
++++ b/testsuite/tests/frame-pointers/c_call.ml
+@@ -7,20 +7,20 @@ all_modules = "${readonly_files} c_call.ml"
+ 
+ *)
+ 
+-external fp_backtrace : unit -> unit = "fp_backtrace"
+-external fp_backtrace_no_alloc : unit -> unit = "fp_backtrace" [@@noalloc]
+-external fp_backtrace_many_args : int -> int -> int -> int -> int -> int -> int
+-  -> int -> int -> int -> int -> unit =
++external fp_backtrace : string -> unit = "fp_backtrace"
++external fp_backtrace_no_alloc : string -> unit = "fp_backtrace" [@@noalloc]
++external fp_backtrace_many_args : string -> int -> int -> int -> int -> int
++  -> int -> int -> int -> int -> int -> int -> unit =
+   "fp_backtrace_many_args_argv" "fp_backtrace_many_args"
+ 
+ let[@inline never] f () =
+   (* Check backtrace through caml_c_call_stack_args *)
+-  fp_backtrace_many_args 1 2 3 4 5 6 7 8 9 10 11;
++  fp_backtrace_many_args Sys.argv.(0) 1 2 3 4 5 6 7 8 9 10 11;
+   (* Check backtrace through caml_c_call.
+    * Also check that caml_c_call_stack_args correctly restores rbp register *)
+-  fp_backtrace ();
++  fp_backtrace Sys.argv.(0);
+   (* Check caml_c_call correctly restores rbp register *)
+-  fp_backtrace_no_alloc ();
++  fp_backtrace_no_alloc Sys.argv.(0);
+   42
+ 
+ let () = ignore (f ())
+diff --git a/testsuite/tests/frame-pointers/c_call.reference b/testsuite/tests/frame-pointers/c_call.reference
+index 92fb40a238..23095e7431 100644
+--- a/testsuite/tests/frame-pointers/c_call.reference
++++ b/testsuite/tests/frame-pointers/c_call.reference
+@@ -3,19 +3,10 @@ caml_c_call_stack_args
+ camlC_call.f
+ camlC_call.entry
+ caml_program
+-caml_start_program
+-caml_main/caml_startup
+-main
+ caml_c_call
+ camlC_call.f
+ camlC_call.entry
+ caml_program
+-caml_start_program
+-caml_main/caml_startup
+-main
+ camlC_call.f
+ camlC_call.entry
+ caml_program
+-caml_start_program
+-caml_main/caml_startup
+-main
+diff --git a/testsuite/tests/frame-pointers/c_call.run b/testsuite/tests/frame-pointers/c_call.run
+deleted file mode 100644
+index e96b5ea13a..0000000000
+--- a/testsuite/tests/frame-pointers/c_call.run
++++ /dev/null
+@@ -1,4 +0,0 @@
+-#!/bin/sh
+-
+-${program} 2>&1 \
+-  | ${test_source_directory}/filter-locations.sh ${program} >${output}
+diff --git a/testsuite/tests/frame-pointers/c_call_.c b/testsuite/tests/frame-pointers/c_call_.c
+index 634c4dd937..a75100b213 100644
+--- a/testsuite/tests/frame-pointers/c_call_.c
++++ b/testsuite/tests/frame-pointers/c_call_.c
+@@ -16,10 +16,10 @@
+ #include <assert.h>
+ #include "caml/mlvalues.h"
+ 
+-void fp_backtrace(void);
++void fp_backtrace(value);
+ 
+-value fp_backtrace_many_args(value a, value b, value c, value d, value e,
+-    value f, value g, value h, value i, value j, value k)
++value fp_backtrace_many_args(value argv0, value a, value b, value c,
++    value d, value e, value f, value g, value h, value i, value j, value k)
+ {
+   assert(Int_val(a) == 1);
+   assert(Int_val(b) == 2);
+@@ -33,15 +33,15 @@ value fp_backtrace_many_args(value a, value b, value c, value d, value e,
+   assert(Int_val(j) == 10);
+   assert(Int_val(k) == 11);
+ 
+-  fp_backtrace();
++  fp_backtrace(argv0);
+ 
+   return Val_unit;
+ }
+ 
+-value fp_bactrace_many_args_argv(value *argv, int argc)
++value fp_bactrace_many_args_argv(value argv0, value *argv, int argc)
+ {
+   assert(argc == 11);
+ 
+-  return fp_backtrace_many_args(argv[0], argv[1], argv[2], argv[3], argv[4],
+-      argv[5], argv[6], argv[7], argv[8], argv[9], argv[10]);
++  return fp_backtrace_many_args(argv0, argv[0], argv[1], argv[2], argv[3],
++      argv[4], argv[5], argv[6], argv[7], argv[8], argv[9], argv[10]);
+ }
+diff --git a/testsuite/tests/frame-pointers/effects.ml b/testsuite/tests/frame-pointers/effects.ml
+index e14633a374..4d14190320 100644
+--- a/testsuite/tests/frame-pointers/effects.ml
++++ b/testsuite/tests/frame-pointers/effects.ml
+@@ -11,26 +11,26 @@ open Printf
+ open Effect
+ open Effect.Deep
+ 
+-external fp_backtrace : unit -> unit = "fp_backtrace" [@@noalloc]
++external fp_backtrace : string -> unit = "fp_backtrace" [@@noalloc]
+ 
+ type _ t += E : int -> int t
+ 
+ let[@inline never] f () =
+   printf "# computation f\n%!";
+-  fp_backtrace ();
++  fp_backtrace Sys.argv.(0);
+   printf "# perform effect (E 0)\n%!";
+   let v = perform (E 0) in
+   printf "# perform returns %d\n%!" v;
+-  fp_backtrace ();
++  fp_backtrace Sys.argv.(0);
+   v + 1
+ 
+ let h (type a) (eff : a t) : ((a, 'b) continuation -> 'b) option =
+   let[@inline never] h_effect_e v k =
+     printf "# caught effect (E %d). continuing...\n%!" v;
+-    fp_backtrace ();
++    fp_backtrace Sys.argv.(0);
+     let v = continue k (v + 1) in
+     printf "# continue returns %d\n%!" v;
+-    fp_backtrace ();
++    fp_backtrace Sys.argv.(0);
+     v + 1
+   in
+   match eff with
+@@ -41,7 +41,7 @@ let h (type a) (eff : a t) : ((a, 'b) continuation -> 'b) option =
+ let v =
+   let[@inline never] v_retc v =
+     printf "# done %d\n%!" v;
+-    fp_backtrace ();
++    fp_backtrace Sys.argv.(0);
+     v + 1
+   in
+   match_with f ()
+diff --git a/testsuite/tests/frame-pointers/effects.reference b/testsuite/tests/frame-pointers/effects.reference
+index c8bd0a391a..8ae3fc26df 100644
+--- a/testsuite/tests/frame-pointers/effects.reference
++++ b/testsuite/tests/frame-pointers/effects.reference
+@@ -3,39 +3,24 @@ camlEffects.f
+ caml_runstack
+ camlEffects.entry
+ caml_program
+-caml_start_program
+-caml_main/caml_startup
+-main
+ # perform effect (E 0)
+ # caught effect (E 0). continuing...
+ camlEffects.h_effect_e
+ camlEffects.entry
+ caml_program
+-caml_start_program
+-caml_main/caml_startup
+-main
+ # perform returns 1
+ camlEffects.f
+ caml_runstack
+ camlEffects.h_effect_e
+ camlEffects.entry
+ caml_program
+-caml_start_program
+-caml_main/caml_startup
+-main
+ # done 2
+ camlEffects.v_retc
+ camlEffects.h_effect_e
+ camlEffects.entry
+ caml_program
+-caml_start_program
+-caml_main/caml_startup
+-main
+ # continue returns 3
+ camlEffects.h_effect_e
+ camlEffects.entry
+ caml_program
+-caml_start_program
+-caml_main/caml_startup
+-main
+ # result=4
+diff --git a/testsuite/tests/frame-pointers/effects.run b/testsuite/tests/frame-pointers/effects.run
+deleted file mode 100644
+index e96b5ea13a..0000000000
+--- a/testsuite/tests/frame-pointers/effects.run
++++ /dev/null
+@@ -1,4 +0,0 @@
+-#!/bin/sh
+-
+-${program} 2>&1 \
+-  | ${test_source_directory}/filter-locations.sh ${program} >${output}
+diff --git a/testsuite/tests/frame-pointers/exception_handler.ml b/testsuite/tests/frame-pointers/exception_handler.ml
+index 575f7329bf..95a4f0d75c 100644
+--- a/testsuite/tests/frame-pointers/exception_handler.ml
++++ b/testsuite/tests/frame-pointers/exception_handler.ml
+@@ -8,7 +8,7 @@ all_modules = "${readonly_files} exception_handler.ml"
+ *)
+ 
+ (* https://github.com/ocaml/ocaml/pull/11031 *)
+-external fp_backtrace : unit -> unit = "fp_backtrace" [@@noalloc]
++external fp_backtrace : string -> unit = "fp_backtrace" [@@noalloc]
+ 
+ exception Exn1
+ exception Exn2
+@@ -38,7 +38,7 @@ let[@inline never] handler () =
+   let _ = Sys.opaque_identity x0 in
+   let _ = Sys.opaque_identity x1 in
+   let _ = Sys.opaque_identity x2 in
+-  fp_backtrace ()
++  fp_backtrace Sys.argv.(0)
+ 
+ let[@inline never] nested i =
+   begin
+diff --git a/testsuite/tests/frame-pointers/exception_handler.reference b/testsuite/tests/frame-pointers/exception_handler.reference
+index 513ca488b9..e012fb6d4f 100644
+--- a/testsuite/tests/frame-pointers/exception_handler.reference
++++ b/testsuite/tests/frame-pointers/exception_handler.reference
+@@ -2,27 +2,15 @@ camlException_handler.handler
+ camlException_handler.bare
+ camlException_handler.entry
+ caml_program
+-caml_start_program
+-caml_main/caml_startup
+-main
+ camlException_handler.handler
+ camlException_handler.bare
+ camlException_handler.entry
+ caml_program
+-caml_start_program
+-caml_main/caml_startup
+-main
+ camlException_handler.handler
+ camlException_handler.nested
+ camlException_handler.entry
+ caml_program
+-caml_start_program
+-caml_main/caml_startup
+-main
+ camlException_handler.handler
+ camlException_handler.nested
+ camlException_handler.entry
+ caml_program
+-caml_start_program
+-caml_main/caml_startup
+-main
+diff --git a/testsuite/tests/frame-pointers/exception_handler.run b/testsuite/tests/frame-pointers/exception_handler.run
+deleted file mode 100644
+index e96b5ea13a..0000000000
+--- a/testsuite/tests/frame-pointers/exception_handler.run
++++ /dev/null
+@@ -1,4 +0,0 @@
+-#!/bin/sh
+-
+-${program} 2>&1 \
+-  | ${test_source_directory}/filter-locations.sh ${program} >${output}
+diff --git a/testsuite/tests/frame-pointers/filter-locations.sh b/testsuite/tests/frame-pointers/filter-locations.sh
+deleted file mode 100755
+index 31c7fc3189..0000000000
+--- a/testsuite/tests/frame-pointers/filter-locations.sh
++++ /dev/null
+@@ -1,23 +0,0 @@
+-#!/bin/sh
+-
+-set -eu
+-
+-program="${1}"
+-# https://stackoverflow.com/questions/29613304/is-it-possible-to-escape-regex-metacharacters-reliably-with-sed/29626460#29626460
+-program_escaped=$(echo ${program} | sed 's/[^^\\]/[&]/g; s/\^/\\^/g; s/\\/\\\\/g')
+-regex_backtrace='^.*(\(.*\)+0x[[:xdigit:]]*)[0x[[:xdigit:]]*]$'
+-regex_trim_fun='^\(caml.*\)_[[:digit:]]*$'
+-
+-# - Ignore backtrace not coming from the program binary
+-# - Discard the number suffix from OCaml function name
+-# - Remove strange '[0x.....]' entries inserted by some implementation
+-#   of backtrace_symbols_fd
+-# - Keep the other lines
+-sed -e \
+-  "/${regex_backtrace}/ {
+-    /^${program_escaped}/ ! d
+-    s/${regex_backtrace}/\1/
+-    s/${regex_trim_fun}/\1/
+-    s;caml_\(main\|startup\);caml_main/caml_startup;
+-  }" \
+-  -e '/^\[0x/d'
+diff --git a/testsuite/tests/frame-pointers/fp_backtrace.c b/testsuite/tests/frame-pointers/fp_backtrace.c
+index a521218a38..cef7ccd9f2 100644
+--- a/testsuite/tests/frame-pointers/fp_backtrace.c
++++ b/testsuite/tests/frame-pointers/fp_backtrace.c
+@@ -1,10 +1,17 @@
+ #include <execinfo.h>
+-#include <unistd.h>
+-#include <setjmp.h>
+-#include <signal.h>
++#include <regex.h>
++#include <stdbool.h>
+ #include <stdio.h>
++#include <stdlib.h>
++#include <string.h>
+ 
+-#define ARRSIZE(a)  (sizeof(a) / sizeof(*(a)))
++#include "caml/mlvalues.h"
++
++#define ARR_SIZE(a)    (sizeof(a) / sizeof(*(a)))
++
++#define RE_FUNC_NAME  "^.*\\((.+)\\+0x[[:xdigit:]]+\\) \\[0x[[:xdigit:]]+\\]$"
++#define RE_TRIM_FUNC  "(caml.*)_[[:digit:]]+"
++#define CAML_ENTRY    "caml_program"
+ 
+ typedef struct frame_info
+ {
+@@ -12,99 +19,138 @@ typedef struct frame_info
+   void*               retaddr;  /* rip */
+ } frame_info;
+ 
+-jmp_buf resume_buf;
+ 
++/*
++ * A backtrace symbol looks like:
++ * ./path/to/binary(camlModule_fn_123+0xAABBCC) [0xAABBCCDDEE]
++ */
++static const char* backtrace_symbol(const struct frame_info* fi)
++{
++  char** symbols = backtrace_symbols(&fi->retaddr, 1);
++  if (!symbols) {
++    perror("backtrace_symbols");
++    return NULL;
++  }
+ 
+-static void signal_handler(int signum)
++  const char* symbol = strdup(symbols[0]);
++  free(symbols);
++  return symbol;
++}
++
++static bool is_from_executable(const char* symbol, const char* execname)
+ {
+-  /* Should be safe to be called from a signal handler.
+-   * See 21.2.1 "Performing a nonlocal goto from a signal handler" from
+-   * The Linux Programming Interface, Michael Kerrisk */
+-  siglongjmp(resume_buf, 1);
++  return strncmp(symbol, execname, strlen(execname)) == 0;
+ }
+ 
+-static int install_signal_handlers(const int signals[], struct sigaction
+-    handlers[], int count)
++static regmatch_t func_name_from_symbol(const char* symbol)
+ {
+-  for (int i = 0; i < count; i++) {
+-    struct sigaction action = { 0 };
+-    action.sa_handler = signal_handler;
+-    sigemptyset(&action.sa_mask);
+-    action.sa_flags = 0;
+-
+-    if (sigaction(signals[i], &action, &handlers[i]) != 0) {
+-      perror("sigaction");
+-      return -1;
+-    }
++  regex_t     regex;
++  regmatch_t  match[2] = { {-1, -1}, {-1, -1}};
++  char        errbuf[128];
++  int         err;
++
++  err = regcomp(&regex, RE_FUNC_NAME, REG_EXTENDED);
++  if (err) {
++    regerror(err, &regex, errbuf, ARR_SIZE(errbuf));
++    fprintf(stderr, "regcomp: %s\n", errbuf);
++    return match[0];
+   }
+-  return 0;
++
++  err = regexec(&regex, symbol, ARR_SIZE(match), match, 0);
++  if (err == REG_NOMATCH)
++    return match[0];
++
++  return match[1];
+ }
+ 
+-static int restore_signal_handlers(const int signals[], struct sigaction
+-    handlers[], int count)
++static bool is_caml_entry(const char* symbol, const regmatch_t* funcname)
+ {
+-  for (int i = 0; i < count; i++) {
+-    if (sigaction(signals[i], &handlers[i], NULL) != 0) {
+-      perror("sigaction");
+-      return -1;
+-    }
+-  }
+-  return 0;
++  //regoff_t len = funcname->rm_eo - funcname->rm_so;
++  //return strnstr(symbol + funcname->rm_so, CAML_ENTRY, len) == 0;
++  return strstr(symbol + funcname->rm_so, CAML_ENTRY) != NULL;
+ }
+ 
+-static int safe_read(const struct frame_info* fi, struct frame_info** prev,
+-    void** retaddr)
++static regmatch_t trim_func_name(const char* symbol, const regmatch_t* funcname)
+ {
+-  /* Signals to ignore while attempting to read frame_info members */
+-  const int signals[] = { SIGSEGV, SIGBUS };
+-  /* Store original signal handers */
+-  struct sigaction handlers[ARRSIZE(signals)] = { 0 };
+-  int ret = 0;
+-
+-  if (install_signal_handlers(signals, handlers, ARRSIZE(signals)) != 0)
+-    return -1;
+-
+-  if (!sigsetjmp(resume_buf, 1)) {
+-    *prev = fi->prev;
+-    *retaddr = fi->retaddr;
+-  } else {
+-    ret = -1;
++  regex_t     regex;
++  regmatch_t  match[2] = { {-1, -1}, {-1, -1}};
++  char        errbuf[128];
++  int         err;
++
++  err = regcomp(&regex, RE_TRIM_FUNC, REG_EXTENDED);
++  if (err) {
++    regerror(err, &regex, errbuf, ARR_SIZE(errbuf));
++    fprintf(stderr, "regcomp: %s\n", errbuf);
++    return match[0];
+   }
+ 
+-  if (restore_signal_handlers(signals, handlers, ARRSIZE(signals)) != 0)
+-    return -1;
++  match[0] = *funcname;
++  err = regexec(&regex, symbol, ARR_SIZE(match), match, REG_STARTEND);
++  if (err == REG_NOMATCH) {
++    /* match[0] has already been overwritten to hold the function full name for
++       regexec */
++    return match[1];
++  }
+ 
+-  return ret;
++  return match[1];
+ }
+ 
+-static void print_location(void* addr)
++static void print_symbol(const char* symbol, const regmatch_t* match)
+ {
+-  if (!addr)
+-    return;
++  regoff_t off = match->rm_so;
++  regoff_t len = match->rm_eo - match->rm_so;
+ 
+-  /* This requires the binary to be linked with '-rdynamic' */
+-  backtrace_symbols_fd(&addr, 1, STDOUT_FILENO);
++  fprintf(stdout, "%.*s\n", len, symbol + off);
++  fflush(stdout);
+ }
+ 
+-void fp_backtrace(void)
++void fp_backtrace(value argv0)
+ {
+-  struct frame_info *fi;
+-  struct frame_info* next;
+-  void* retaddr;
+-
+-  fi = __builtin_frame_address(0);
+-  retaddr = __builtin_extract_return_addr(__builtin_return_address(0));
+-
+-  for (; fi; fi = next) {
+-    if (safe_read(fi, &next, &retaddr) != 0)
+-      return;
++  const char* execname = String_val(argv0);
++  struct frame_info* next = NULL;
++  const char* symbol = NULL;
+ 
+-    print_location(retaddr);
++  for (struct frame_info* fi = __builtin_frame_address(0); fi; fi = next) {
++    next = fi->prev;
+ 
+     /* Detect the simplest kind of infinite loop */
+     if (fi == next) {
+-      printf("fp_backtrace: loop detected\n");
+-      return;
++      fprintf(stderr, "fp_backtrace: loop detected\n");
++      break;
+     }
++
++    symbol = backtrace_symbol(fi);
++    if (!symbol)
++      continue;
++
++    /* Skip entries not from the test */
++    if (!is_from_executable(symbol, execname))
++      goto skip;
++
++    /* Exctract the full function name */
++    regmatch_t funcname = func_name_from_symbol(symbol);
++    if (funcname.rm_so == -1)
++      goto skip;
++
++    /* Trim numeric suffix from caml functions */
++    regmatch_t functrimmed = trim_func_name(symbol, &funcname);
++
++    /* Use the trimmed caml name if available, otherwise use the full function
++       name */
++    const regmatch_t* match = (functrimmed.rm_so != -1) ?
++      &functrimmed : &funcname;
++
++    print_symbol(symbol, match);
++
++    /* Stop the backtrace at caml_program */
++    if (is_caml_entry(symbol, &funcname))
++      break;
++
++skip:
++    free((void*)symbol);
++    symbol = NULL;
+   }
++
++  if (symbol)
++    free((void*)symbol);
+ }
+diff --git a/testsuite/tests/frame-pointers/reperform.ml b/testsuite/tests/frame-pointers/reperform.ml
+index 1af8452e5f..da251c98a7 100644
+--- a/testsuite/tests/frame-pointers/reperform.ml
++++ b/testsuite/tests/frame-pointers/reperform.ml
+@@ -11,7 +11,7 @@ all_modules = "${readonly_files} reperform.ml"
+ open Effect
+ open Effect.Deep
+ 
+-external fp_backtrace : unit -> unit = "fp_backtrace" [@@noalloc]
++external fp_backtrace : string -> unit = "fp_backtrace" [@@noalloc]
+ 
+ type _ Effect.t += E : unit t
+                  | F : unit t
+@@ -22,7 +22,7 @@ let rec foo n =
+     if n = 5 then begin
+       perform E;
+       print_endline "# resumed...";
+-      fp_backtrace ()
++      fp_backtrace Sys.argv.(0)
+     end;
+     foo (n + 1) + n
+   end
+diff --git a/testsuite/tests/frame-pointers/reperform.reference b/testsuite/tests/frame-pointers/reperform.reference
+index 9ac6681d4b..e215f77169 100644
+--- a/testsuite/tests/frame-pointers/reperform.reference
++++ b/testsuite/tests/frame-pointers/reperform.reference
+@@ -15,6 +15,3 @@ camlReperform.bar
+ caml_runstack
+ camlReperform.entry
+ caml_program
+-caml_start_program
+-caml_main/caml_startup
+-main
+diff --git a/testsuite/tests/frame-pointers/reperform.run b/testsuite/tests/frame-pointers/reperform.run
+deleted file mode 100644
+index e96b5ea13a..0000000000
+--- a/testsuite/tests/frame-pointers/reperform.run
++++ /dev/null
+@@ -1,4 +0,0 @@
+-#!/bin/sh
+-
+-${program} 2>&1 \
+-  | ${test_source_directory}/filter-locations.sh ${program} >${output}
+diff --git a/testsuite/tests/frame-pointers/stack_realloc.ml b/testsuite/tests/frame-pointers/stack_realloc.ml
+index 79e70c2add..f24e4795d5 100644
+--- a/testsuite/tests/frame-pointers/stack_realloc.ml
++++ b/testsuite/tests/frame-pointers/stack_realloc.ml
+@@ -13,7 +13,7 @@ open Effect.Deep
+ 
+ type _ t += E : int -> int t
+ 
+-external fp_backtrace : unit -> unit = "fp_backtrace" [@@noalloc]
++external fp_backtrace : string -> unit = "fp_backtrace" [@@noalloc]
+ external c_fun : unit -> int = "c_fun"
+ 
+ let[@inline never][@local never] f x = x
+@@ -42,7 +42,7 @@ let[@inline never] consume_stack () =
+ 
+ let[@inline never] callback () =
+   consume_stack ();
+-  fp_backtrace ();
++  fp_backtrace Sys.argv.(0);
+   0
+ 
+ let _ = Callback.register "callback" callback
+diff --git a/testsuite/tests/frame-pointers/stack_realloc.reference b/testsuite/tests/frame-pointers/stack_realloc.reference
+index 016a03550a..e61d4104e0 100644
+--- a/testsuite/tests/frame-pointers/stack_realloc.reference
++++ b/testsuite/tests/frame-pointers/stack_realloc.reference
+@@ -7,6 +7,3 @@ camlStack_realloc.f_comp
+ caml_runstack
+ camlStack_realloc.entry
+ caml_program
+-caml_start_program
+-caml_main/caml_startup
+-main
+diff --git a/testsuite/tests/frame-pointers/stack_realloc.run b/testsuite/tests/frame-pointers/stack_realloc.run
+deleted file mode 100644
+index e96b5ea13a..0000000000
+--- a/testsuite/tests/frame-pointers/stack_realloc.run
++++ /dev/null
+@@ -1,4 +0,0 @@
+-#!/bin/sh
+-
+-${program} 2>&1 \
+-  | ${test_source_directory}/filter-locations.sh ${program} >${output}
+diff --git a/testsuite/tests/frame-pointers/stack_realloc2.ml b/testsuite/tests/frame-pointers/stack_realloc2.ml
+index a3d21bf2bf..218dd6a1c3 100644
+--- a/testsuite/tests/frame-pointers/stack_realloc2.ml
++++ b/testsuite/tests/frame-pointers/stack_realloc2.ml
+@@ -13,7 +13,7 @@ open Effect.Deep
+ 
+ type _ t += E : int -> int t
+ 
+-external fp_backtrace : unit -> unit = "fp_backtrace" [@@noalloc]
++external fp_backtrace : string -> unit = "fp_backtrace" [@@noalloc]
+ external c_fun : unit -> int = "c_fun"
+ 
+ let[@inline never][@local never] f x = x
+@@ -41,7 +41,7 @@ let[@inline never] consume_stack () =
+   ignore (gobbler count)
+ 
+ let[@inline never] callback () =
+-  fp_backtrace ();
++  fp_backtrace Sys.argv.(0);
+   0
+ 
+ let _ = Callback.register "callback" callback
+diff --git a/testsuite/tests/frame-pointers/stack_realloc2.reference b/testsuite/tests/frame-pointers/stack_realloc2.reference
+index ae492abd88..0051f3bad0 100644
+--- a/testsuite/tests/frame-pointers/stack_realloc2.reference
++++ b/testsuite/tests/frame-pointers/stack_realloc2.reference
+@@ -7,6 +7,3 @@ camlStack_realloc2.f_comp
+ caml_runstack
+ camlStack_realloc2.entry
+ caml_program
+-caml_start_program
+-caml_main/caml_startup
+-main
+diff --git a/testsuite/tests/frame-pointers/stack_realloc2.run b/testsuite/tests/frame-pointers/stack_realloc2.run
+deleted file mode 100644
+index e96b5ea13a..0000000000
+--- a/testsuite/tests/frame-pointers/stack_realloc2.run
++++ /dev/null
+@@ -1,4 +0,0 @@
+-#!/bin/sh
+-
+-${program} 2>&1 \
+-  | ${test_source_directory}/filter-locations.sh ${program} >${output}
+-- 
diff --git a/SPECS/ocaml/0004-Fix-s390x-stack-reallocation-code-in-PIC-mode.patch b/SPECS/ocaml/0004-Fix-s390x-stack-reallocation-code-in-PIC-mode.patch
new file mode 100644
index 00000000000..03eb7d0e8be
--- /dev/null
+++ b/SPECS/ocaml/0004-Fix-s390x-stack-reallocation-code-in-PIC-mode.patch
@@ -0,0 +1,24 @@
+From 81d3fb3e20afede32298e4d3e78bcebf6a22858a Mon Sep 17 00:00:00 2001
+From: Vincent Laviron <vincent.laviron@gmail.com>
+Date: Fri, 15 Dec 2023 10:00:52 +0100
+Subject: [PATCH 4/4] Fix s390x stack reallocation code in PIC mode
+ 
+(cherry picked from commit c40a955c029a203d0d7f05718e297e66987ec87f)
+---
+ asmcomp/s390x/emit.mlp | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+ 
+diff --git a/asmcomp/s390x/emit.mlp b/asmcomp/s390x/emit.mlp
+index 35ade079f6..0212cf3b00 100644
+--- a/asmcomp/s390x/emit.mlp
++++ b/asmcomp/s390x/emit.mlp
+@@ -751,7 +751,7 @@ let fundecl fundecl =
+       `  lay  %r15, -8(%r15)\n`;
+       `  stg  %r14, 0(%r15)\n`;
+       `  lgfi %r12, {emit_int s}\n`;
+-      `  brasl %r14, {emit_symbol "caml_call_realloc_stack"}\n`;
++      emit_call "caml_call_realloc_stack";
+       `  lg   %r14, 0(%r15)\n`;
+       `  la  %r15, 8(%r15)\n`;
+       `  brcl 15, {emit_label ret}\n`
+-- 
diff --git a/SPECS/ocaml/macros.ocaml-rpm b/SPECS/ocaml/macros.ocaml-rpm
new file mode 100644
index 00000000000..6942e917ace
--- /dev/null
+++ b/SPECS/ocaml/macros.ocaml-rpm
@@ -0,0 +1,69 @@
+# Make %files lists from an installed tree of files.
+# Options:
+# -s: separate packaging; every subdirectory of %%{ocamldir}, except stublibs,
+#     is placed in its own package.  This option requires the existence of opam
+#     *.install files in the build tree.
+# -n: suppress creation of a devel subpackage.
+%ocaml_files(sn) %{python3} /usr/lib/rpm/redhat/ocaml_files.py %{-s} %{-n} %{buildroot} %{ocamldir}
+
+# Internal macro holding the common parts of ocaml_install and dune_install
+%ocaml_install_common(sn) %{expand:
+rm -rf %{buildroot}%{_prefix}/doc
+mlis=$(find %{buildroot}%{_libdir}/ocaml -name '*.mli')
+rm -f ${mlis//.mli/.ml}
+%ocaml_files %{-s} %{-n}}
+
+# Install files listed in opam *.install files.
+# Options:
+# -s: separate packaging; every subdirectory of %%{ocamldir}, except stublibs,
+#     is placed in its own package.
+# -n: suppress creation of a devel subpackage.
+%ocaml_install(sn) %{expand:
+%{python3} /usr/lib/rpm/redhat/ocaml_files.py -i %{-s} %{-n} %{buildroot} %{ocamldir}
+%ocaml_install_common %{-s} %{-n}}
+
+# Add smp_mflags to arguments if no -j release option is given.
+# Add --release to arguments if no -p or --release option is given.
+# Add --verbose to arguments if it is not given.
+%dune_add_flags(-) %{lua:
+  has_j = false
+  has_p = false
+  has_v = false
+  for _, flag in pairs(arg) do
+    if flag:find("^-j") then
+      has_j = true
+    elseif flag:find("^-p") or flag:find("^--release)") then
+      has_p = true
+    elseif flag:find("^--verbose") then
+      has_v = true
+    end
+  end
+  if not has_j then
+     table.insert(arg, 1, rpm.expand("%{?_smp_mflags}"))
+  end
+  if not has_p then
+     table.insert(arg, 1, "--release")
+  end
+  if not has_v then
+     table.insert(arg, 1, "--verbose")
+  end
+  print(table.concat(arg, " "))
+}
+
+# Build with dune
+%dune_build(-) dune build %{dune_add_flags %*}
+
+# Run tests with dune
+%dune_check(-) dune runtest %{dune_add_flags %*}
+
+# Install with dune
+# Options:
+# -s: separate packaging; every subdirectory of %%{ocamldir}, except stublibs,
+#     is placed in its own package.
+# -n: suppress creation of a devel subpackage.
+%dune_install(sn) %{expand:
+dune install --destdir=%{buildroot} %{dune_add_flags %*}
+if [ -d _build/default/_doc/_html ]; then
+    find _build/default/_doc/_html -name .dune-keep -delete
+fi
+%ocaml_install_common %{-s} %{-n}}
\ No newline at end of file
diff --git a/SPECS/ocaml/ocaml.signatures.json b/SPECS/ocaml/ocaml.signatures.json
index fe9762d62f5..a3fe0ba1805 100644
--- a/SPECS/ocaml/ocaml.signatures.json
+++ b/SPECS/ocaml/ocaml.signatures.json
@@ -1,5 +1,7 @@
 {
  "Signatures": {
-  "ocaml-4.13.1.tar.xz": "931d78dfad5bf938800c7a00eb647a27bbfe465a96a8eaae858ecbdb22e6fde8"
+  "ocaml-5.1.1.tar.gz": "57f7b382b3d71198413ede405d95ef3506f1cdc480cda1dca1e26b37cb090e17",
+  "macros.ocaml-rpm": "c63f72f1386f8ad999daa2dcd3ea203ef07e34bc795e11b70e725a5db7ab026f",
+  "ocaml_files.py": "b1649462b720fb401d491bd5cbe879870a9f50bd99608d6488fc235a0e5f11e3"
  }
 }
diff --git a/SPECS/ocaml/ocaml.spec b/SPECS/ocaml/ocaml.spec
index 026a33de12a..5abbc7b13fa 100644
--- a/SPECS/ocaml/ocaml.spec
+++ b/SPECS/ocaml/ocaml.spec
@@ -1,45 +1,130 @@
-%global __ocaml_requires_opts -c -f '%{buildroot}%{_bindir}/ocamlrun %{buildroot}%{_bindir}/ocamlobjinfo.byte'
-%global __ocaml_provides_opts -f '%{buildroot}%{_bindir}/ocamlrun %{buildroot}%{_bindir}/ocamlobjinfo.byte'
-%global majmin %(echo %{version} | cut -d. -f1-2)
-Summary:        OCaml compiler and programming environment
+# Don't add -Wl,-dT,<build dir>
+%undefine _package_note_flags
+
+# OCaml 5.1 broke building with LTO.  A file prims.c is generated with primitive
+# function declarations, all with "void" for their parameter list.  This does
+# not match the real definitions, leading to lots of -Wlto-type-mismatch
+# warnings.  These change the output of the tests, leading to many failed tests.
+%global _lto_cflags %{nil}
+
+# OCaml has a bytecode backend that works on anything with a C
+# compiler, and a native code backend available on a subset of
+# architectures.  A further subset of architectures support native
+# dynamic linking.
+
+%ifarch %{ocaml_native_compiler}
+%global native_compiler 1
+%else
+%global native_compiler 0
+%endif
+
+%ifarch %{ocaml_natdynlink}
+%global natdynlink 1
+%else
+%global natdynlink 0
+%endif
+
+# i686 support was dropped in OCaml 5 / Fedora 39.
+ExcludeArch: %{ix86}
+
+# These are all the architectures that the tests run on.  The tests
+# take a long time to run, so don't run them on slow machines.
+%global test_arches aarch64 %{power64} riscv64 s390x x86_64
+# These are the architectures for which the tests must pass otherwise
+# the build will fail.
+#global test_arches_required aarch64 ppc64le x86_64
+%global test_arches_required NONE
+
+# Architectures where parallel builds fail.
+#global no_parallel_build_arches aarch64
+
+#global rcver +git
+%global rcver %{nil}
+
 Name:           ocaml
-Version:        4.13.1
-Release:        3%{?dist}
-License:        QPL and (LGPLv2+ with exceptions)
+Version:        5.1.1
+Release:        1%{?dist}
+Summary:        OCaml compiler and programming environment
+License:        LGPL-2.1-or-later WITH OCaml-LGPL-linking-exception
 Vendor:         Microsoft Corporation
 Distribution:   Azure Linux
 URL:            https://www.ocaml.org
-Source0:        https://caml.inria.fr/pub/distrib/%{name}-%{majmin}/%{name}-%{version}.tar.xz
-Patch0001:      0001-Don-t-add-rpaths-to-libraries.patch
-Patch0002:      0002-configure-Allow-user-defined-C-compiler-flags.patch
-Patch0003:      0003-configure-Remove-incorrect-assumption-about-cross-co.patch
-Patch0004:      0004-remove-unused-var-in-alloc_aync_stubs.patch
+Source0:        https://github.com/ocaml/ocaml/archive/%{version}/%{name}-%{version}.tar.gz
+Source1:        macros.ocaml-rpm
+Source2:        ocaml_files.py
+
+# IMPORTANT NOTE:
+#
+# These patches are generated from unpacked sources stored in a
+# pagure.io git repository.  If you change the patches here, they will
+# be OVERWRITTEN by the next update.  Instead, request commit access
+# to the pagure project:
+#
+# https://pagure.io/fedora-ocaml
+#
+# Current branch: fedora-40-5.1.1
+#
+# ALTERNATIVELY add a patch to the end of the list (leaving the
+# existing patches unchanged) adding a comment to note that it should
+# be incorporated into the git repo at a later time.
+
+# Fedora-specific patches
+Patch:          0001-Don-t-add-rpaths-to-libraries.patch
+Patch:          0002-configure-Allow-user-defined-C-compiler-flags.patch
+
+# https://github.com/ocaml/ocaml/pull/11594
+Patch:          0003-Update-framepointers-tests-to-avoid-false-positive-w.patch
+
+# https://github.com/ocaml/ocaml/issues/12829
+# https://github.com/ocaml/ocaml/pull/12831
+Patch:          0004-Fix-s390x-stack-reallocation-code-in-PIC-mode.patch
+
+BuildRequires:  make
+BuildRequires:  git
+BuildRequires:  gcc
 BuildRequires:  autoconf
-BuildRequires:  binutils-devel
-BuildRequires:  chrpath
 BuildRequires:  gawk
-BuildRequires:  gcc
-BuildRequires:  gdbm-devel
-BuildRequires:  git
-BuildRequires:  make
-BuildRequires:  ncurses-devel
+BuildRequires:  hardlink
 BuildRequires:  perl-interpreter
 BuildRequires:  util-linux
-%if 0%{?with_check}
-BuildRequires:  diffutils
-%endif
-# ocamlopt runs gcc to link binaries.  Because Azure Linux includes
-# hardening flags automatically, azurelinux-rpm-macros is also required.
-Requires:       azurelinux-rpm-macros
+BuildRequires:  /usr/bin/annocheck
+BuildRequires:  pkgconfig(libzstd)
+
+# Documentation requirements
+BuildRequires:  asciidoc
+BuildRequires:  python3-pygments
+
+# ocamlopt runs gcc to link binaries.  Because Fedora includes
+# hardening flags automatically, redhat-rpm-config is also required.
+# Compressed marshaling requires libzstd-devel.
 Requires:       gcc
+Requires:       redhat-rpm-config
+Requires:       libzstd-devel
+
 # Because we pass -c flag to ocaml-find-requires (to avoid circular
 # dependencies) we also have to explicitly depend on the right version
 # of ocaml-runtime.
 Requires:       ocaml-runtime = %{version}-%{release}
-# Bundles an MD5 implementation in byterun/md5.{c,h}
+
+# Force ocaml-srpm-macros to be at the latest version, both for builds
+# and installs, since OCaml 5.1 has a different set of native code
+# generators than previous versions.
+BuildRequires:  ocaml-srpm-macros >= 9
+Requires:       ocaml-srpm-macros >= 9
+
+# Bundles an MD5 implementation in runtime/caml/md5.h and runtime/md5.c
 Provides:       bundled(md5-plumb)
+
 Provides:       ocaml(compiler) = %{version}
 
+%if %{native_compiler}
+%global __ocaml_requires_opts -c -f '%{buildroot}%{_bindir}/ocamlrun %{buildroot}%{_bindir}/ocamlobjinfo.byte'
+%else
+%global __ocaml_requires_opts -c -f '%{buildroot}%{_bindir}/ocamlrun %{buildroot}%{_bindir}/ocamlobjinfo.byte' -i Backend_intf -i Inlining_decision_intf -i Simplify_boxed_integer_ops_intf
+%endif
+%global __ocaml_provides_opts -f '%{buildroot}%{_bindir}/ocamlrun %{buildroot}%{_bindir}/ocamlobjinfo.byte'
+
+
 %description
 OCaml is a high-level, strongly-typed, functional and object-oriented
 programming language from the ML family of languages.
@@ -49,7 +134,12 @@ and an optimizing native-code compiler), an interactive toplevel system,
 parsing tools (Lex,Yacc), a replay debugger, a documentation generator,
 and a comprehensive library.
 
-%package        runtime
+
+%package runtime
+# LGPL-2.1-or-later WITH OCaml-LGPL-linking-exception: the project as a whole
+# LicenseRef-Fedora-Public-Domain: the MD5 implementation in runtime/caml/md5.h
+#   and runtime/md5.c
+License:        LGPL-2.1-or-later WITH OCaml-LGPL-linking-exception AND LicenseRef-Fedora-Public-Domain
 Summary:        OCaml runtime environment
 Requires:       util-linux
 Provides:       ocaml(runtime) = %{version}
@@ -61,35 +151,45 @@ programming language from the ML family of languages.
 This package contains the runtime environment needed to run OCaml
 bytecode.
 
-%package        source
+
+%package source
 Summary:        Source code for OCaml libraries
 Requires:       ocaml = %{version}-%{release}
 
 %description source
 Source code for OCaml libraries.
 
-%package        ocamldoc
+
+%package ocamldoc
+# LGPL-2.1-or-later WITH OCaml-LGPL-linking-exception: the project as a whole
+# LicenseRef-Fedora-Public-Domain: ocamldoc/ocamldoc.sty
+License:        LGPL-2.1-or-later WITH OCaml-LGPL-linking-exception AND LicenseRef-Fedora-Public-Domain
 Summary:        Documentation generator for OCaml
 Requires:       ocaml = %{version}-%{release}
-Provides:       ocamldoc = %{version}-%{release}
+Provides:       ocamldoc = %{version}
 
 %description ocamldoc
 Documentation generator for OCaml.
 
+
 %package        docs
 Summary:        Documentation for OCaml
+BuildArch:      noarch
 Requires:       ocaml = %{version}-%{release}
 
+
 %description docs
 OCaml is a high-level, strongly-typed, functional and object-oriented
 programming language from the ML family of languages.
 
 This package contains man pages.
 
+
 %package        compiler-libs
 Summary:        Compiler libraries for OCaml
 Requires:       ocaml = %{version}-%{release}
 
+
 %description compiler-libs
 OCaml is a high-level, strongly-typed, functional and object-oriented
 programming language from the ML family of languages.
@@ -99,123 +199,208 @@ compilers, useful for the development of some OCaml applications.
 Note that this exposes internal details of the OCaml compiler which
 may not be portable between versions.
 
+
+%package        rpm-macros
+# LGPL-2.1-or-later WITH OCaml-LGPL-linking-exception: the project as a whole
+# BSD-3-Clause: ocaml_files.py
+License:        LGPL-2.1-or-later WITH OCaml-LGPL-linking-exception AND BSD-3-Clause
+Summary:        RPM macros for building OCaml packages
+BuildArch:      noarch
+Requires:       ocaml = %{version}-%{release}
+Requires:       python3
+
+
+%description rpm-macros
+This package contains macros that are useful for building OCaml RPMs.
+
+
 %prep
-%autosetup -p1
+%autosetup -S git -n %{name}-%{version}%{rcver}
 # Patches touch configure.ac, so rebuild it:
 autoconf --force
 
+
 %build
-# We set --libdir to the unusual directory because we want OCaml to
-# install its libraries and other files into a subdirectory.
+%ifnarch %{no_parallel_build_arches}
+make="%make_build"
+%else
+unset MAKEFLAGS
+make=make
+%endif
+
+# Set ocamlmklib default flags to include Fedora linker flags
+sed -i '/ld_opts/s|\[\]|["%{build_ldflags}"]|' tools/ocamlmklib.ml
+
+# Expose a dependency on the math library
+sed -i '/^EXTRACAMLFLAGS=/aLINKOPTS=-cclib -lm' otherlibs/unix/Makefile
+
+# Don't use %%configure macro because it sets --build, --host which
+# breaks some incorrect assumptions made by OCaml's configure.ac
 #
-# Force --host because of:
+# See also:
 # https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org/thread/2O4HBOK6PTQZAFAVIRDVMZGG2PYB2QHM/
-# (see also https://github.com/ocaml/ocaml/issues/8647)
+# https://github.com/ocaml/ocaml/issues/8647
+#
+# We set --libdir to the unusual directory because we want OCaml to
+# install its libraries and other files into a subdirectory.
 #
 # OC_CFLAGS/OC_LDFLAGS control what flags OCaml passes to the linker
 # when doing final linking of OCaml binaries.  Setting these is
-# necessary to ensure that generated binaries have Azure Linux hardening
+# necessary to ensure that generated binaries have Fedora hardening
 # features.
-%configure \
-    OC_CFLAGS="$CFLAGS" \
-    OC_LDFLAGS="$LDFLAGS" \
-%if 0%{?with_check}
+./configure \
+    --prefix=%{_prefix} \
+    --sysconfdir=%{_sysconfdir} \
+    --mandir=%{_mandir} \
+    --libdir=%{_libdir}/ocaml \
+    --enable-flambda \
+%if %{native_compiler}
+    --enable-native-compiler \
+    --enable-native-toplevel \
+%else
+    --disable-native-compiler \
+    --disable-native-toplevel \
+%endif
+%ifarch x86_64
+%if 0%{?_include_frame_pointers}
+    --enable-frame-pointers \
+%endif
+%endif
+%ifarch %{test_arches}
     --enable-ocamltest \
+%else
+    --disable-ocamltest \
+%endif
+    OC_CFLAGS='%{build_cflags}' \
+    OC_LDFLAGS='%{build_ldflags}' \
+    %{nil}
+$make world
+%if %{native_compiler}
+$make opt
+$make opt.opt
+%endif
+
+# Build the README and fix up references to other doc files
+asciidoc -d book README.adoc
+for fil in CONTRIBUTING.md HACKING.adoc INSTALL.adoc README.win32.adoc; do
+  sed -e "s,\"$fil\",\"https://github.com/ocaml/ocaml/blob/trunk/$fil\"," \
+      -i README.html
+done
+
+
+%check
+%ifarch %{ocaml_native_compiler}
+# For information only, compile a binary and dump the annocheck data
+# from it.  Useful so we know if hardening is being enabled, but don't
+# fail because not every hardening feature can be enabled here.
+echo 'print_endline "hello, world"' > hello.ml
+./ocamlopt.opt -verbose -I stdlib hello.ml -o hello ||:
+annocheck -v hello ||:
+%endif
+
+%ifarch %{test_arches}
+%ifarch %{test_arches_required}
+make -j1 tests
+%else
+make -j1 tests ||:
+%endif
 %endif
-    --libdir=%{_libdir}/ocaml \
-    --host=`./build-aux/config.guess`
 
-%make_build world
-%make_build opt
-%make_build opt.opt
 
 %install
 %make_install
-perl -pi -e "s|^%{buildroot}||" %{buildroot}%{_libdir}/ocaml/ld.conf
+perl -pi -e "s|^$RPM_BUILD_ROOT||" $RPM_BUILD_ROOT%{_libdir}/ocaml/ld.conf
 
-echo %{version} > %{buildroot}%{_libdir}/ocaml/fedora-ocaml-release
+echo %{version} > $RPM_BUILD_ROOT%{_libdir}/ocaml/fedora-ocaml-release
 
-# Remove rpaths from stublibs .so files.
-chrpath --delete %{buildroot}%{_libdir}/ocaml/stublibs/*.so
+# Remove the installed documentation.  We will install it using %%doc
+rm -rf $RPM_BUILD_ROOT%{_docdir}/ocaml
 
-find %{buildroot} -type f -name "*.la" -delete -print
+mkdir -p $RPM_BUILD_ROOT%{_rpmmacrodir}
+install -m 0644 %{SOURCE1} $RPM_BUILD_ROOT%{_rpmmacrodir}/macros.ocaml-rpm
 
-# Remove .cmt and .cmti files, for now.  We could package them later.
-# See also: http://www.ocamlpro.com/blog/2012/08/20/ocamlpro-and-4.00.0.html
-find %{buildroot} \( -name '*.cmt' -o -name '*.cmti' \) -a -delete -print
+mkdir -p $RPM_BUILD_ROOT%{_rpmconfigdir}/azl
+install -m 0644 %{SOURCE2} $RPM_BUILD_ROOT%{_rpmconfigdir}/azl
+
+# Link, rather than copy, identical binaries
+hardlink -t $RPM_BUILD_ROOT%{_libdir}/ocaml/stublibs
 
-%check
-cd testsuite
-make -j1 all
 
 %files
 %license LICENSE
 %{_bindir}/ocaml
 
 %{_bindir}/ocamlcmt
+%{_bindir}/ocamlcp
 %{_bindir}/ocamldebug
+%{_bindir}/ocamlmklib
+%{_bindir}/ocamlmktop
+%{_bindir}/ocamlprof
 %{_bindir}/ocamlyacc
 
 # symlink to either .byte or .opt version
 %{_bindir}/ocamlc
-%{_bindir}/ocamlcp
 %{_bindir}/ocamldep
 %{_bindir}/ocamllex
-%{_bindir}/ocamlmklib
-%{_bindir}/ocamlmktop
 %{_bindir}/ocamlobjinfo
-%{_bindir}/ocamloptp
-%{_bindir}/ocamlprof
 
 # bytecode versions
 %{_bindir}/ocamlc.byte
-%{_bindir}/ocamlcp.byte
 %{_bindir}/ocamldep.byte
 %{_bindir}/ocamllex.byte
-%{_bindir}/ocamlmklib.byte
-%{_bindir}/ocamlmktop.byte
 %{_bindir}/ocamlobjinfo.byte
-%{_bindir}/ocamloptp.byte
-%{_bindir}/ocamlprof.byte
 
+%if %{native_compiler}
 # native code versions
 %{_bindir}/ocamlc.opt
-%{_bindir}/ocamlcp.opt
 %{_bindir}/ocamldep.opt
 %{_bindir}/ocamllex.opt
-%{_bindir}/ocamlmklib.opt
-%{_bindir}/ocamlmktop.opt
 %{_bindir}/ocamlobjinfo.opt
-%{_bindir}/ocamloptp.opt
-%{_bindir}/ocamlprof.opt
+%endif
+
+%if %{native_compiler}
+%{_bindir}/ocamlnat
 %{_bindir}/ocamlopt
 %{_bindir}/ocamlopt.byte
 %{_bindir}/ocamlopt.opt
+%{_bindir}/ocamloptp
+%endif
 
 %{_libdir}/ocaml/camlheader
 %{_libdir}/ocaml/camlheader_ur
 %{_libdir}/ocaml/expunge
-%{_libdir}/ocaml/eventlog_metadata
-%{_libdir}/ocaml/extract_crc
 %{_libdir}/ocaml/ld.conf
 %{_libdir}/ocaml/Makefile.config
+
 %{_libdir}/ocaml/*.a
-%{_libdir}/ocaml/*.cmxs
+%if %{native_compiler}
 %{_libdir}/ocaml/*.cmxa
 %{_libdir}/ocaml/*.cmx
 %{_libdir}/ocaml/*.o
 %{_libdir}/ocaml/libasmrun_shared.so
+%endif
 %{_libdir}/ocaml/*.mli
+%{_libdir}/ocaml/sys.ml.in
 %{_libdir}/ocaml/libcamlrun_shared.so
-%{_libdir}/ocaml/threads/*.mli
-%{_libdir}/ocaml/threads/*.a
-%{_libdir}/ocaml/threads/*.cmxa
-%{_libdir}/ocaml/threads/*.cmx
+
+%{_libdir}/ocaml/{dynlink,runtime_events,str,threads,unix}/*.mli
+%if %{native_compiler}
+%{_libdir}/ocaml/{dynlink,runtime_events,str,threads,unix}/*.a
+%{_libdir}/ocaml/{dynlink,runtime_events,str,threads,unix}/*.cmxa
+%{_libdir}/ocaml/{dynlink,profiling,runtime_events,str,threads,unix}/*.cmx
+%{_libdir}/ocaml/profiling/*.o
+%endif
+%if %{natdynlink}
+%{_libdir}/ocaml/{runtime_events,str,unix}/*.cmxs
+%endif
+
+# headers
 %{_libdir}/ocaml/caml
 
+
 %files runtime
+%doc README.html Changes
 %license LICENSE
-%doc README.adoc Changes
 %{_bindir}/ocamlrun
 %{_bindir}/ocamlrund
 %{_bindir}/ocamlruni
@@ -226,14 +411,39 @@ make -j1 all
 %{_libdir}/ocaml/camlheaderd
 %{_libdir}/ocaml/camlheaderi
 %{_libdir}/ocaml/stublibs
+%dir %{_libdir}/ocaml/dynlink
+%{_libdir}/ocaml/dynlink/META
+%{_libdir}/ocaml/dynlink/*.cmi
+%{_libdir}/ocaml/dynlink/*.cma
+%dir %{_libdir}/ocaml/profiling
+%{_libdir}/ocaml/profiling/*.cmo
+%{_libdir}/ocaml/profiling/*.cmi
+%dir %{_libdir}/ocaml/runtime_events
+%{_libdir}/ocaml/runtime_events/META
+%{_libdir}/ocaml/runtime_events/*.cmi
+%{_libdir}/ocaml/runtime_events/*.cma
+%{_libdir}/ocaml/stdlib
+%dir %{_libdir}/ocaml/str
+%{_libdir}/ocaml/str/META
+%{_libdir}/ocaml/str/*.cmi
+%{_libdir}/ocaml/str/*.cma
 %dir %{_libdir}/ocaml/threads
+%{_libdir}/ocaml/threads/META
 %{_libdir}/ocaml/threads/*.cmi
 %{_libdir}/ocaml/threads/*.cma
+%dir %{_libdir}/ocaml/unix
+%{_libdir}/ocaml/unix/META
+%{_libdir}/ocaml/unix/*.cmi
+%{_libdir}/ocaml/unix/*.cma
 %{_libdir}/ocaml/fedora-ocaml-release
 
+
 %files source
 %license LICENSE
 %{_libdir}/ocaml/*.ml
+%{_libdir}/ocaml/*.cmt*
+%{_libdir}/ocaml/*/*.cmt*
+
 
 %files ocamldoc
 %license LICENSE
@@ -241,23 +451,28 @@ make -j1 all
 %{_bindir}/ocamldoc*
 %{_libdir}/ocaml/ocamldoc
 
+
 %files docs
 %{_mandir}/man1/*
 %{_mandir}/man3/*
 
+
 %files compiler-libs
 %license LICENSE
-%dir %{_libdir}/ocaml/compiler-libs
-%{_libdir}/ocaml/compiler-libs/*.mli
-%{_libdir}/ocaml/compiler-libs/*.cmi
-%{_libdir}/ocaml/compiler-libs/*.cmo
-%{_libdir}/ocaml/compiler-libs/*.cma
-%{_libdir}/ocaml/compiler-libs/*.a
-%{_libdir}/ocaml/compiler-libs/*.cmxa
-%{_libdir}/ocaml/compiler-libs/*.cmx
-%{_libdir}/ocaml/compiler-libs/*.o
+%{_libdir}/ocaml/compiler-libs
+
+
+%files rpm-macros
+%{_rpmmacrodir}/macros.ocaml-rpm
+%{_rpmconfigdir}/azl/ocaml_files.py
+
 
 %changelog
+* Fri Mar 08 2024 Mykhailo Bykhovtsev <mbykhovtsev@microsoft.com> - 5.1.1-1
+- Upgraded ocaml to 5.1.1
+- Importing and adopting spec changes from Fedora (License: MIT).
+- Removed unused patch files and added new.
+
 * Thu Feb 22 2024 Pawel Winogrodzki <pawelwi@microsoft.com> - 4.13.1-3
 - Updating naming for 3.0 version of Azure Linux.
 
diff --git a/SPECS/ocaml/ocaml_files.py b/SPECS/ocaml/ocaml_files.py
new file mode 100644
index 00000000000..cbcacd950e9
--- /dev/null
+++ b/SPECS/ocaml/ocaml_files.py
@@ -0,0 +1,451 @@
+# Copyright 2022-3, Jerry James
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions
+# are met:
+#
+# 1. Redistributions of source code must retain the above copyright
+#    notice, this list of conditions and the following disclaimer.
+# 2. Redistributions in binary form must reproduce the above copyright
+#    notice, this list of conditions and the following disclaimer in the
+#    documentation and/or other materials provided with the
+#    distribution.
+# 3. Neither the name of Red Hat nor the names of its
+#    contributors may be used to endorse or promote products derived
+#    from this software without specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+# A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+# OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+# LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+# THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+import argparse
+import os
+import shutil
+import string
+import sys
+from collections.abc import Iterable, Iterator
+from enum import Enum, auto
+from typing import Callable, final
+
+# Version of this script
+version=2
+
+#
+# BUILDROOT CATEGORIZATION
+#
+
+# Directories to ignore when generating %dir entries
+root_dirs: set[str] = {
+    '/',
+    '/etc',
+    '/usr',
+    '/usr/bin',
+    '/usr/lib',
+    '/usr/lib/ocaml',
+    '/usr/lib/ocaml/caml',
+    '/usr/lib/ocaml/stublibs',
+    '/usr/lib/ocaml/threads',
+    '/usr/lib64',
+    '/usr/lib64/ocaml',
+    '/usr/lib64/ocaml/caml',
+    '/usr/lib64/ocaml/stublibs',
+    '/usr/lib64/ocaml/threads',
+    '/usr/libexec',
+    '/usr/sbin',
+    '/usr/share',
+    '/usr/share/doc'
+}
+
+def find_buildroot_toplevel(buildroot: str) -> list[str]:
+    """Find toplevel files and directories in the buildroot.
+
+    :param str buildroot: path to the buildroot
+    :return: a list of toplevel files and directories in the buildroot
+    """
+    bfiles: list[str] = []
+    for path, dirs, files in os.walk(buildroot):
+        for i in range(len(dirs) - 1, -1, -1):
+            d = os.path.join(path, dirs[i])[len(buildroot):]
+            if d not in root_dirs and not d.startswith('/usr/share/man'):
+                bfiles.append(d)
+                del dirs[i]
+        for f in files:
+            realfile = os.path.join(path, f)[len(buildroot):]
+            if realfile.startswith('/usr/share/man'):
+                bfiles.append(realfile + '*')
+            else:
+                bfiles.append(realfile)
+    return bfiles
+
+# File suffixes that go into a devel subpackage
+dev_suffixes: set[str] = {
+    'a', 'cmo', 'cmt', 'cmti', 'cmx', 'cmxa', 'h', 'idl', 'ml', 'mli', 'o'
+}
+
+def is_devel_file(filname: str) -> bool:
+    """Determine whether a file belongs to a devel subpackage.
+
+    :param str filname: the filename to check
+    :return: True if the file belongs to a devel subpackage, else False
+    """
+    return (filname == 'dune-package' or filname == 'opam' or
+            (os.path.splitext(filname)[1][1:] in dev_suffixes
+             and not filname.endswith('_top_init.ml')))
+
+def find_buildroot_all(buildroot: str, devel: bool, add_star: bool) -> list[set[str]]:
+    """Find all files and directories in the buildroot and optionally
+    categorize them as 'main' or 'devel'.
+
+    :param Namespace args: parsed command line arguments
+    :param bool devel: True to split into 'main' and 'devel', False otherwise
+    :param bool add_star: True to add a star to man page filenames
+    :return: a list of files and directories, in this order: main files,
+        main directories, devel files, and devel directories
+    """
+    bfiles: list[set[str]] = [set(), set(), set()]
+    bdirs: set[str] = set()
+    for path, dirs, files in os.walk(buildroot):
+        for d in dirs:
+            realdir = os.path.join(path, d)[len(buildroot):]
+            if realdir not in root_dirs and not realdir.startswith('/usr/share/man'):
+                bdirs.add(realdir)
+        for f in files:
+            realfile = os.path.join(path, f)[len(buildroot):]
+            if devel and is_devel_file(os.path.basename(realfile)):
+                bfiles[2].add(realfile)
+            else:
+                if add_star and realfile.startswith('/usr/share/man'):
+                    bfiles[0].add(realfile + '*')
+                else:
+                    bfiles[0].add(realfile)
+                parentdir = os.path.dirname(realfile)
+                if parentdir in bdirs:
+                    bfiles[1].add(parentdir)
+                    bdirs.remove(parentdir)
+                    # Catch intermediate directories, as in ocaml-mtime
+                    parentdir = os.path.dirname(parentdir)
+                    if parentdir in bdirs:
+                        bfiles[1].add(parentdir)
+                        bdirs.remove(parentdir)
+    bfiles.append(bdirs)
+    return bfiles
+
+#
+# INSTALL FILE LEXER AND PARSER
+#
+
+class TokenType(Enum):
+    """The types of tokens that can appear in an opam *.install file."""
+    ERROR  = auto()
+    COLON  = auto()
+    LBRACE = auto()
+    RBRACE = auto()
+    LBRACK = auto()
+    RBRACK = auto()
+    STRING = auto()
+    FIELD  = auto()
+
+@final
+class InstallFileLexer(Iterator[tuple[TokenType, str]]):
+    """Convert an opam *.install file into a sequence of tokens."""
+    __slots__ = ['index', 'text']
+
+    def __init__(self, filname: str) -> None:
+        """Create an opam *.install file lexer.
+
+        :param str filname: the name of the file to read from
+        """
+        self.index = 0
+        with open(filname, 'r') as f:
+            # Limit reads to 4 MB in case this file is bogus.
+            # Most install files are under 4K.
+            self.text = f.read(4194304)
+
+    def skip_whitespace(self) -> None:
+        """Skip over whitespace in the input."""
+        while self.index < len(self.text) and \
+              (self.text[self.index] == '#' or
+               self.text[self.index] in string.whitespace):
+            if self.text[self.index] == '#':
+                while (self.index < len(self.text) and
+                       self.text[self.index] != '\n' and
+                       self.text[self.index] != '\r'):
+                    self.index += 1
+            else:
+                self.index += 1
+
+    def __next__(self) -> tuple[TokenType, str]:
+        """Get the next token from the opam *.install file.
+
+        :return: a pair containing the type and text of the next token
+        """
+        self.skip_whitespace()
+        if self.index < len(self.text):
+            ch = self.text[self.index]
+            if ch == ':':
+                self.index += 1
+                return (TokenType.COLON, ch)
+            if ch == '{':
+                self.index += 1
+                return (TokenType.LBRACE, ch)
+            if ch == '}':
+                self.index += 1
+                return (TokenType.RBRACE, ch)
+            if ch == '[':
+                self.index += 1
+                return (TokenType.LBRACK, ch)
+            if ch == ']':
+                self.index += 1
+                return (TokenType.RBRACK, ch)
+            if ch == '"':
+                start = self.index + 1
+                end = start
+                while end < len(self.text) and self.text[end] != '"':
+                    end += 2 if self.text[end] == '\\' else 1
+                self.index = end + 1
+                return (TokenType.STRING, self.text[start:end])
+            if ch in string.ascii_letters:
+                start = self.index
+                end = start + 1
+                while (end < len(self.text) and
+                       (self.text[end] == '_' or
+                        self.text[end] in string.ascii_letters)):
+                    end += 1
+                self.index = end
+                return (TokenType.FIELD, self.text[start:end])
+            return (TokenType.ERROR, ch)
+        else:
+            raise StopIteration
+
+@final
+class InstallFileParser(Iterable[tuple[str, bool, str, str]]):
+    """Parse opam *.install files."""
+
+    __slots__ = ['pkgname', 'lexer', 'libdir']
+
+    def __init__(self, filname: str, libdir: str) -> None:
+        """Initialize an OCaml .install file parser.
+
+        :param str filname: name of the .install file to parse
+        :param str libdir: the OCaml library directory
+        """
+        self.pkgname = os.path.splitext(os.path.basename(filname))[0]
+        self.lexer = InstallFileLexer(filname)
+        self.libdir = libdir
+
+    def __iter__(self) -> Iterator[tuple[str, bool, str, str]]:
+        """Parse a .install file.
+        If there are any parse errors, we assume this file is not really an
+        opam .install file and abandon the parse.
+        """
+        # Map opam installer names to directories
+        opammap: dict[str, str] = {
+            'lib': os.path.join(self.libdir, self.pkgname),
+            'lib_root': self.libdir,
+            'libexec': os.path.join(self.libdir, self.pkgname),
+            'libexec_root': self.libdir,
+            'bin': '/usr/bin',
+            'sbin': '/usr/sbin',
+            'toplevel': os.path.join(self.libdir, 'toplevel'),
+            'share': os.path.join('/usr/share', self.pkgname),
+            'share_root': '/usr/share',
+            'etc': os.path.join('/etc', self.pkgname),
+            'doc': os.path.join('/usr/doc', self.pkgname),
+            'stublibs': os.path.join(self.libdir, 'stublibs'),
+            'man': '/usr/share/man'
+        }
+
+        # Parse the file
+        try:
+            toktyp, token = next(self.lexer)
+            while toktyp == TokenType.FIELD:
+                libname = token
+                toktyp, token = next(self.lexer)
+                if toktyp != TokenType.COLON:
+                    return
+
+                toktyp, token = next(self.lexer)
+                if toktyp != TokenType.LBRACK:
+                    return
+
+                directory = opammap.get(libname)
+                if not directory:
+                    return
+
+                toktyp, token = next(self.lexer)
+                while toktyp == TokenType.STRING:
+                    source = token
+                    optional = source[0] == '?'
+                    if optional:
+                        source = source[1:]
+                    nexttp, nexttk = next(self.lexer)
+                    if nexttp == TokenType.LBRACE:
+                        nexttp, nexttk = next(self.lexer)
+                        if nexttp == TokenType.STRING:
+                            filname = os.path.join(directory, nexttk)
+                            bracetp, bractk = next(self.lexer)
+                            if bracetp != TokenType.RBRACE:
+                                return
+                            nexttp, nexttk = next(self.lexer)
+                        else:
+                            return
+                    elif libname == 'man':
+                        index = token.rfind('.')
+                        if index < 0:
+                            return
+                        mandir = os.path.join(directory, 'man' + token[index+1:])
+                        filname = os.path.join(mandir, os.path.basename(token))
+                    else:
+                        filname = os.path.join(directory, os.path.basename(token))
+                    toktyp, token = nexttp, nexttk
+                    yield (self.pkgname, optional, source, filname)
+
+                if toktyp != TokenType.RBRACK:
+                    return
+                toktyp, token = next(self.lexer)
+        except StopIteration:
+            return
+
+def install_files(buildroot: str, libdir: str) -> None:
+    """Install the files listed in opam .install files in the buildroot.
+
+    For some projects, there are install files in both the project root
+    directory and somewhere under "_build", so be careful not to parse the same
+    install file twice.
+
+    :param str buildroot: path to the buildroot
+    :param str libdir: the OCaml library directory
+    """
+    install_files = set()
+    for path, dirs, files in os.walk('.'):
+        for f in files:
+            if f.endswith('.install') and f not in install_files:
+                install_files.add(f)
+                parser = InstallFileParser(os.path.join(path, f), libdir)
+                for _, optional, source, filname in parser:
+                    if not optional or os.path.exists(source):
+                        installpath = os.path.join(buildroot, filname[1:])
+                        os.makedirs(os.path.dirname(installpath), exist_ok=True)
+                        shutil.copy2(source, installpath)
+
+def get_package_map(buildroot: str, libdir: str, devel: bool) -> dict[str, set[str]]:
+    """Create a map from package names to installed files from the opam .install
+    files in the buildroot.
+
+    For some projects, there are install files in both the project root
+    directory and somewhere under "_build", so be careful not to parse the same
+    install file twice."""
+
+    pmap: dict[str, set[str]] = dict()
+    install_files = set()
+
+    def add_pkg(pkgname: str, filname: str) -> None:
+        """Add a mapping from a package name to a filename.
+
+        :param str pkgname: the package that acts as the map key
+        :param str filname: the filename to add to the package set
+        """
+        if pkgname not in pmap:
+            pmap[pkgname] = set()
+        pmap[pkgname].add(filname)
+
+    installed = find_buildroot_all(buildroot, devel, False)
+    for path, dirs, files in os.walk('.'):
+        for f in files:
+            if f.endswith('.install') and f not in install_files:
+                install_files.add(f)
+                parser = InstallFileParser(os.path.join(path, f), libdir)
+                for pkgname, _, _, filname in parser:
+                    if filname in installed[0]:
+                        if filname.startswith('/usr/share/man'):
+                            add_pkg(pkgname, filname + '*')
+                        else:
+                            add_pkg(pkgname, filname)
+                            dirname = os.path.dirname(filname)
+                            if dirname in installed[1]:
+                                add_pkg(pkgname, '%dir ' + dirname)
+                                installed[1].remove(dirname)
+                    elif filname in installed[2]:
+                        if filname.startswith('/usr/share/man'):
+                            add_pkg(pkgname + '-devel', filname + '*')
+                        else:
+                            add_pkg(pkgname + '-devel', filname)
+                            dirname = os.path.dirname(filname)
+                            if dirname in installed[3]:
+                                add_pkg(pkgname + '-devel', '%dir ' + dirname)
+                                installed[3].remove(dirname)
+    return pmap
+
+#
+# MAIN INTERFACE
+#
+
+def ocaml_files(no_devel: bool, separate: bool, install: bool, buildroot: str,
+                libdir: str) -> None:
+    """Generate %files lists from an installed buildroot.
+
+    :param bool no_devel: False to split files into a main package and a devel
+        package
+    :param bool separate: True to place each OCaml module in an RPM package
+    :param bool install: True to install files, False to generate %files
+    :param str buildroot: the installed buildroot
+    :param str libdir: the OCaml library directory
+    """
+    if install:
+        install_files(buildroot, libdir)
+    elif separate:
+        pkgmap = get_package_map(buildroot, libdir, not no_devel)
+        for pkg in pkgmap:
+            with open('.ofiles-' + pkg, 'w') as f:
+                for entry in pkgmap[pkg]:
+                    f.write(entry + '\n')
+    elif no_devel:
+        with open('.ofiles', 'w') as f:
+            for entry in find_buildroot_toplevel(buildroot):
+                f.write(entry + '\n')
+    else:
+        files = find_buildroot_all(buildroot, True, True)
+        with open('.ofiles', 'w') as f:
+            for entry in files[0]:
+                f.write(entry + '\n')
+            for entry in files[1]:
+                f.write('%dir ' + entry + '\n')
+        with open('.ofiles-devel', 'w') as f:
+            for entry in files[2]:
+                f.write(entry + '\n')
+            for entry in files[3]:
+                f.write('%dir ' + entry + '\n')
+
+if __name__ == "__main__":
+    parser = argparse.ArgumentParser(description='Support for building OCaml RPM packages')
+    parser.add_argument('-i', '--install',
+                        action='store_true',
+                        default=False,
+                        help='install files instead of generating %files')
+    parser.add_argument('-n', '--no-devel',
+                        action='store_true',
+                        default=False,
+                        help='suppress creation of a devel subpackage')
+    parser.add_argument('-s', '--separate',
+                        action='store_true',
+                        default=False,
+                        help='separate packaging.  Each OCaml module is in a distinct RPM package.  All modules are in a single RPM package by default.')
+    parser.add_argument('-v', '--version',
+                        action='version',
+                        version=f'%(prog)s {str(version)}')
+    parser.add_argument('buildroot', help='RPM build root')
+    parser.add_argument('libdir', help='OCaml library directory')
+    args = parser.parse_args()
+    ocaml_files(args.no_devel,
+                args.separate,
+                args.install,
+                args.buildroot,
+                args.libdir)
\ No newline at end of file
diff --git a/cgmanifest.json b/cgmanifest.json
index 48c85e622db..7adb4699107 100644
--- a/cgmanifest.json
+++ b/cgmanifest.json
@@ -195,8 +195,8 @@
         "type": "other",
         "other": {
           "name": "annobin",
-          "version": "9.27",
-          "downloadUrl": "https://nickc.fedorapeople.org/annobin-9.27.tar.xz"
+          "version": "12.49",
+          "downloadUrl": "https://nickc.fedorapeople.org/annobin-12.49.tar.xz"
         }
       }
     },
@@ -14402,8 +14402,8 @@
         "type": "other",
         "other": {
           "name": "ocaml",
-          "version": "4.13.1",
-          "downloadUrl": "https://caml.inria.fr/pub/distrib/ocaml-4.13.1/ocaml-4.13.1.tar.xz"
+          "version": "5.1.1",
+          "downloadUrl": "https://github.com/ocaml/ocaml/archive/5.1.1/ocaml-5.1.1.tar.gz"
         }
       }
     },

From d0372701fb8b660a490089b99207f1d3de2b5982 Mon Sep 17 00:00:00 2001
From: Andrew Phelps <anphel31@users.noreply.github.com>
Date: Thu, 25 Apr 2024 12:53:44 -0700
Subject: [PATCH 44/62] Use msopenjdk 17 from AZL3 Preview repo in toolchain
 (#8902)

---
 cgmanifest.json                                           | 8 ++++----
 .../resources/manifests/package/pkggen_core_aarch64.txt   | 2 +-
 .../resources/manifests/package/pkggen_core_x86_64.txt    | 2 +-
 toolkit/resources/manifests/package/toolchain_aarch64.txt | 2 +-
 toolkit/resources/manifests/package/toolchain_x86_64.txt  | 2 +-
 .../scripts/toolchain/build_official_toolchain_rpms.sh    | 6 +++---
 6 files changed, 11 insertions(+), 11 deletions(-)

diff --git a/cgmanifest.json b/cgmanifest.json
index 7adb4699107..0a27df853b6 100644
--- a/cgmanifest.json
+++ b/cgmanifest.json
@@ -13392,8 +13392,8 @@
         "type": "other",
         "other": {
           "name": "msopenjdk-17",
-          "version": "17.0.9-1.aarch64",
-          "downloadUrl": "https://packages.microsoft.com/cbl-mariner/2.0/prod/Microsoft/aarch64/msopenjdk-17-17.0.9-1.aarch64.rpm"
+          "version": "17.0.11-1.aarch64",
+          "downloadUrl": "https://packages.microsoft.com/azurelinux/3.0/preview/ms-oss/aarch64/msopenjdk-17-17.0.11-1.aarch64.rpm"
         }
       }
     },
@@ -13402,8 +13402,8 @@
         "type": "other",
         "other": {
           "name": "msopenjdk-17",
-          "version": "17.0.9-1.x86_64",
-          "downloadUrl": "https://packages.microsoft.com/cbl-mariner/2.0/prod/Microsoft/x86_64/msopenjdk-17-17.0.9-1.x86_64.rpm"
+          "version": "17.0.11-1.x86_64",
+          "downloadUrl": "https://packages.microsoft.com/azurelinux/3.0/preview/ms-oss/x86_64/msopenjdk-17-17.0.11-1.x86_64.rpm"
         }
       }
     },
diff --git a/toolkit/resources/manifests/package/pkggen_core_aarch64.txt b/toolkit/resources/manifests/package/pkggen_core_aarch64.txt
index 406468104af..fe5de485624 100644
--- a/toolkit/resources/manifests/package/pkggen_core_aarch64.txt
+++ b/toolkit/resources/manifests/package/pkggen_core_aarch64.txt
@@ -247,7 +247,7 @@ newt-0.52.23-1.azl3.aarch64.rpm
 newt-lang-0.52.23-1.azl3.aarch64.rpm
 chkconfig-1.25-1.azl3.aarch64.rpm
 chkconfig-lang-1.25-1.azl3.aarch64.rpm
-msopenjdk-17-17.0.9-1.aarch64.rpm
+msopenjdk-17-17.0.11-1.aarch64.rpm
 pyproject-rpm-macros-1.12.0-2.azl3.noarch.rpm
 pyproject-srpm-macros-1.12.0-2.azl3.noarch.rpm
 python3-rpm-generators-14-11.azl3.noarch.rpm
diff --git a/toolkit/resources/manifests/package/pkggen_core_x86_64.txt b/toolkit/resources/manifests/package/pkggen_core_x86_64.txt
index bb0d5446b12..6033e4db50f 100644
--- a/toolkit/resources/manifests/package/pkggen_core_x86_64.txt
+++ b/toolkit/resources/manifests/package/pkggen_core_x86_64.txt
@@ -247,7 +247,7 @@ newt-0.52.23-1.azl3.x86_64.rpm
 newt-lang-0.52.23-1.azl3.x86_64.rpm
 chkconfig-1.25-1.azl3.x86_64.rpm
 chkconfig-lang-1.25-1.azl3.x86_64.rpm
-msopenjdk-17-17.0.9-1.x86_64.rpm
+msopenjdk-17-17.0.11-1.x86_64.rpm
 pyproject-rpm-macros-1.12.0-2.azl3.noarch.rpm
 pyproject-srpm-macros-1.12.0-2.azl3.noarch.rpm
 python3-rpm-generators-14-11.azl3.noarch.rpm
diff --git a/toolkit/resources/manifests/package/toolchain_aarch64.txt b/toolkit/resources/manifests/package/toolchain_aarch64.txt
index d30abc3cbdd..1947c855a50 100644
--- a/toolkit/resources/manifests/package/toolchain_aarch64.txt
+++ b/toolkit/resources/manifests/package/toolchain_aarch64.txt
@@ -255,7 +255,7 @@ meson-1.3.1-1.azl3.noarch.rpm
 mpfr-4.2.1-1.azl3.aarch64.rpm
 mpfr-debuginfo-4.2.1-1.azl3.aarch64.rpm
 mpfr-devel-4.2.1-1.azl3.aarch64.rpm
-msopenjdk-17-17.0.9-1.aarch64.rpm
+msopenjdk-17-17.0.11-1.aarch64.rpm
 ncurses-6.4-2.azl3.aarch64.rpm
 ncurses-compat-6.4-2.azl3.aarch64.rpm
 ncurses-debuginfo-6.4-2.azl3.aarch64.rpm
diff --git a/toolkit/resources/manifests/package/toolchain_x86_64.txt b/toolkit/resources/manifests/package/toolchain_x86_64.txt
index ec0bd236664..5ae37652d2b 100644
--- a/toolkit/resources/manifests/package/toolchain_x86_64.txt
+++ b/toolkit/resources/manifests/package/toolchain_x86_64.txt
@@ -261,7 +261,7 @@ meson-1.3.1-1.azl3.noarch.rpm
 mpfr-4.2.1-1.azl3.x86_64.rpm
 mpfr-debuginfo-4.2.1-1.azl3.x86_64.rpm
 mpfr-devel-4.2.1-1.azl3.x86_64.rpm
-msopenjdk-17-17.0.9-1.x86_64.rpm
+msopenjdk-17-17.0.11-1.x86_64.rpm
 ncurses-6.4-2.azl3.x86_64.rpm
 ncurses-compat-6.4-2.azl3.x86_64.rpm
 ncurses-debuginfo-6.4-2.azl3.x86_64.rpm
diff --git a/toolkit/scripts/toolchain/build_official_toolchain_rpms.sh b/toolkit/scripts/toolchain/build_official_toolchain_rpms.sh
index 7d574ba750f..18df2ada342 100755
--- a/toolkit/scripts/toolchain/build_official_toolchain_rpms.sh
+++ b/toolkit/scripts/toolchain/build_official_toolchain_rpms.sh
@@ -454,14 +454,14 @@ chroot_and_install_rpms python-setuptools python3-setuptools
 build_rpm_in_chroot_no_install libxml2
 chroot_and_install_rpms libxml2
 
-# Download JDK rpms (from Azure Linux 2.0 repo until it reaches AzuleLinux 3.0 repo on PMC)
+# Download JDK rpms
 echo Download JDK rpms
 case $(uname -m) in
     x86_64)
-        wget -nv --no-clobber --timeout=30 https://packages.microsoft.com/cbl-mariner/2.0/prod/Microsoft/x86_64/msopenjdk-17-17.0.9-1.x86_64.rpm --directory-prefix=$CHROOT_RPMS_DIR_ARCH
+        wget -nv --no-clobber --timeout=30 https://packages.microsoft.com/azurelinux/3.0/preview/ms-oss/x86_64/msopenjdk-17-17.0.11-1.x86_64.rpm --directory-prefix=$CHROOT_RPMS_DIR_ARCH
     ;;
     aarch64)
-        wget -nv --no-clobber --timeout=30 https://packages.microsoft.com/cbl-mariner/2.0/prod/Microsoft/aarch64/msopenjdk-17-17.0.9-1.aarch64.rpm --directory-prefix=$CHROOT_RPMS_DIR_ARCH
+        wget -nv --no-clobber --timeout=30 https://packages.microsoft.com/azurelinux/3.0/preview/ms-oss/aarch64/msopenjdk-17-17.0.11-1.aarch64.rpm --directory-prefix=$CHROOT_RPMS_DIR_ARCH
     ;;
 esac
 

From 7eef7ccd6968309bcb5e50e919487e34e82328bd Mon Sep 17 00:00:00 2001
From: Pawel Winogrodzki <pawelwi@microsoft.com>
Date: Thu, 25 Apr 2024 12:54:29 -0700
Subject: [PATCH 45/62] Moved distroless cert dependencies out of the meta
 package `distroless-packages`. (CP: #8651) (#8759)

---
 .../containerSourceData/nodejs/distroless/nodejs18.pkg      | 1 +
 .../prometheus/distroless/prometheus.pkg                    | 1 +
 .../prometheusadapter/distroless/prometheusadapter.pkg      | 1 +
 .pipelines/containerSourceData/python/distroless/python.pkg | 1 +
 SPECS/distroless-packages/distroless-packages.spec          | 6 ++++--
 .../packagelists/distroless-packages-container-minimal.json | 3 ++-
 .../packagelists/distroless-packages-container.json         | 3 ++-
 .../packagelists/distroless-packages-debug.json             | 3 ++-
 8 files changed, 14 insertions(+), 5 deletions(-)

diff --git a/.pipelines/containerSourceData/nodejs/distroless/nodejs18.pkg b/.pipelines/containerSourceData/nodejs/distroless/nodejs18.pkg
index 4ef3b28e241..ef8b0826702 100644
--- a/.pipelines/containerSourceData/nodejs/distroless/nodejs18.pkg
+++ b/.pipelines/containerSourceData/nodejs/distroless/nodejs18.pkg
@@ -1,2 +1,3 @@
 distroless-packages-base
 nodejs18
+prebuilt-ca-certificates
diff --git a/.pipelines/containerSourceData/prometheus/distroless/prometheus.pkg b/.pipelines/containerSourceData/prometheus/distroless/prometheus.pkg
index f293a3ce61b..34a20d43dca 100644
--- a/.pipelines/containerSourceData/prometheus/distroless/prometheus.pkg
+++ b/.pipelines/containerSourceData/prometheus/distroless/prometheus.pkg
@@ -1,2 +1,3 @@
 distroless-packages-base
+prebuilt-ca-certificates
 prometheus
diff --git a/.pipelines/containerSourceData/prometheusadapter/distroless/prometheusadapter.pkg b/.pipelines/containerSourceData/prometheusadapter/distroless/prometheusadapter.pkg
index e3becaca0cc..5193db4c2f8 100644
--- a/.pipelines/containerSourceData/prometheusadapter/distroless/prometheusadapter.pkg
+++ b/.pipelines/containerSourceData/prometheusadapter/distroless/prometheusadapter.pkg
@@ -1,2 +1,3 @@
 distroless-packages-base
+prebuilt-ca-certificates
 prometheus-adapter
diff --git a/.pipelines/containerSourceData/python/distroless/python.pkg b/.pipelines/containerSourceData/python/distroless/python.pkg
index c1c777bedcc..f52a69fdcab 100644
--- a/.pipelines/containerSourceData/python/distroless/python.pkg
+++ b/.pipelines/containerSourceData/python/distroless/python.pkg
@@ -1,2 +1,3 @@
 distroless-packages-base
+prebuilt-ca-certificates
 python3
diff --git a/SPECS/distroless-packages/distroless-packages.spec b/SPECS/distroless-packages/distroless-packages.spec
index 27254376e71..8eed70de743 100644
--- a/SPECS/distroless-packages/distroless-packages.spec
+++ b/SPECS/distroless-packages/distroless-packages.spec
@@ -1,7 +1,7 @@
 Summary:        Metapackage with core sets of packages for distroless containers.
 Name:           distroless-packages
 Version:        %{azl}.0
-Release:        3%{?dist}
+Release:        4%{?dist}
 License:        MIT
 Vendor:         Microsoft Corporation
 Distribution:   Azure Linux
@@ -15,7 +15,6 @@ Metapackage holding sets of core packages for different applications.
 Summary:        The smallest useful package list.
 Requires:       filesystem
 Requires:       azurelinux-release
-Requires:       prebuilt-ca-certificates
 Requires:       tzdata
 
 %description minimal
@@ -56,6 +55,9 @@ Requires:       busybox
 %files debug
 
 %changelog
+* Thu Apr 04 2024 Pawel Winogrodzki <pawelwi@microsoft.com> - 3.0-4
+- Remove dependency on "prebuilt-ca-certificates".
+
 * Fri Mar 22 2024 Mandeep Plaha <mandeepplaha@microsoft.com> - 3.0-3
 - Explicitly add libgcc as a runtime dependency for distroless-base
 
diff --git a/toolkit/imageconfigs/packagelists/distroless-packages-container-minimal.json b/toolkit/imageconfigs/packagelists/distroless-packages-container-minimal.json
index a0a0adac2d0..d923872685b 100644
--- a/toolkit/imageconfigs/packagelists/distroless-packages-container-minimal.json
+++ b/toolkit/imageconfigs/packagelists/distroless-packages-container-minimal.json
@@ -1,5 +1,6 @@
 {
     "packages": [
-        "distroless-packages-minimal"
+        "distroless-packages-minimal",
+        "prebuilt-ca-certificates"
     ]
 }
diff --git a/toolkit/imageconfigs/packagelists/distroless-packages-container.json b/toolkit/imageconfigs/packagelists/distroless-packages-container.json
index 8d734b6a2a7..9c7e1dcec80 100644
--- a/toolkit/imageconfigs/packagelists/distroless-packages-container.json
+++ b/toolkit/imageconfigs/packagelists/distroless-packages-container.json
@@ -1,5 +1,6 @@
 {
     "packages": [
-        "distroless-packages-base"
+        "distroless-packages-base",
+        "prebuilt-ca-certificates"
     ]
 }
diff --git a/toolkit/imageconfigs/packagelists/distroless-packages-debug.json b/toolkit/imageconfigs/packagelists/distroless-packages-debug.json
index e0059ce20e4..21d2fd50114 100644
--- a/toolkit/imageconfigs/packagelists/distroless-packages-debug.json
+++ b/toolkit/imageconfigs/packagelists/distroless-packages-debug.json
@@ -1,5 +1,6 @@
 {
     "packages": [
-        "distroless-packages-debug"
+        "distroless-packages-debug",
+        "prebuilt-ca-certificates"
     ]
 }

From 0c76e63b290198de60a46ea983c51d3272925267 Mon Sep 17 00:00:00 2001
From: Maxwell McKee <66395252+mamckee@users.noreply.github.com>
Date: Thu, 25 Apr 2024 14:26:12 -0700
Subject: [PATCH 46/62] Update SymCrypt-OpenSSL to 1.4.2 (#8900)

Updates SymCrypt-OpenSSL to version 1.4.2. This version includes fixes to the SymCrypt provider for TLS connections.
---
 .../SymCrypt-OpenSSL.signatures.json                 |  2 +-
 SPECS/SymCrypt-OpenSSL/SymCrypt-OpenSSL.spec         | 12 ++++++++++--
 SPECS/SymCrypt/SymCrypt.spec                         |  7 +++++--
 cgmanifest.json                                      |  4 ++--
 4 files changed, 18 insertions(+), 7 deletions(-)

diff --git a/SPECS/SymCrypt-OpenSSL/SymCrypt-OpenSSL.signatures.json b/SPECS/SymCrypt-OpenSSL/SymCrypt-OpenSSL.signatures.json
index 93ba00038ae..dc22f79377a 100644
--- a/SPECS/SymCrypt-OpenSSL/SymCrypt-OpenSSL.signatures.json
+++ b/SPECS/SymCrypt-OpenSSL/SymCrypt-OpenSSL.signatures.json
@@ -1,5 +1,5 @@
 {
  "Signatures": {
-  "SymCrypt-OpenSSL-1.4.1.tar.gz": "df5b6795b30300219cffa14b1925efa07e302b0955752ee26124bdf677cef4b2"
+  "SymCrypt-OpenSSL-1.4.2.tar.gz": "c48ecfac71507a5497bad6ac5df3cbf5d78339f7c4aa6fb382ed8a8e05053377"
  }
 }
diff --git a/SPECS/SymCrypt-OpenSSL/SymCrypt-OpenSSL.spec b/SPECS/SymCrypt-OpenSSL/SymCrypt-OpenSSL.spec
index 8e024b875cd..2e265b5553b 100644
--- a/SPECS/SymCrypt-OpenSSL/SymCrypt-OpenSSL.spec
+++ b/SPECS/SymCrypt-OpenSSL/SymCrypt-OpenSSL.spec
@@ -1,6 +1,6 @@
 Summary:        The SymCrypt engine for OpenSSL (SCOSSL) allows the use of OpenSSL with SymCrypt as the provider for core cryptographic operations
 Name:           SymCrypt-OpenSSL
-Version:        1.4.1
+Version:        1.4.2
 Release:        1%{?dist}
 License:        MIT
 Vendor:         Microsoft Corporation
@@ -8,11 +8,15 @@ Distribution:   Azure Linux
 Group:          System/Libraries
 URL:            https://github.com/microsoft/SymCrypt-OpenSSL
 Source0:        https://github.com/microsoft/SymCrypt-OpenSSL/archive/v%{version}.tar.gz#/%{name}-%{version}.tar.gz
+BuildRequires:  openssl-devel
 BuildRequires:  SymCrypt
 BuildRequires:  cmake
 BuildRequires:  gcc
 BuildRequires:  make
 
+Requires:       SymCrypt
+Requires:       openssl
+
 %description
 The SymCrypt engine for OpenSSL (SCOSSL) allows the use of OpenSSL with SymCrypt as the provider for core cryptographic operations
 
@@ -63,7 +67,11 @@ install SymCryptProvider/symcrypt_prov.cnf %{buildroot}%{_sysconfdir}/pki/tls/sy
 %{_sysconfdir}/pki/tls/symcrypt_prov.cnf
 
 %changelog
-* Wed Apr 17 2023 Maxwell Moyer-McKee <mamckee@microsoft.com> - 1.4.1-1
+* Thu Apr 25 2024 Maxwell Moyer-McKee <mamckee@microsoft.com> - 1.4.2-1
+- Support additional parameters in the SymCrypt provider required for TLS connections
+- Various bugfixes for TLS scenarios
+
+* Wed Apr 17 2024 Maxwell Moyer-McKee <mamckee@microsoft.com> - 1.4.1-1
 - Update SymCrypt-OpenSSL to v1.4.1
 - Adds support for RSASSA-PSS keys, SP800-108 KDF
 - Fixes smoke test for check in OpenSSL 3.1
diff --git a/SPECS/SymCrypt/SymCrypt.spec b/SPECS/SymCrypt/SymCrypt.spec
index ec9d02948e6..be895430620 100644
--- a/SPECS/SymCrypt/SymCrypt.spec
+++ b/SPECS/SymCrypt/SymCrypt.spec
@@ -2,7 +2,7 @@
 Summary:        A core cryptographic library written by Microsoft
 Name:           SymCrypt
 Version:        103.4.1
-Release:        1%{?dist}
+Release:        2%{?dist}
 License:        MIT
 Vendor:         Microsoft Corporation
 Distribution:   Azure Linux
@@ -35,7 +35,7 @@ A core cryptographic library written by Microsoft
 %define symcrypt_arch ARM64
 # Currently SymCrypt ARM64 build requires use of clang
 %define symcrypt_cc clang
-%define symcrypt_c_flags "-Wno-conditional-uninitialized"
+%define symcrypt_c_flags "-mno-outline-atomics -Wno-conditional-uninitialized"
 %define symcrypt_cxx clang++
 %endif
 
@@ -78,6 +78,9 @@ chmod 755 %{buildroot}%{_libdir}/libsymcrypt.so.%{version}
 %{_includedir}/*
 
 %changelog
+* Thu Apr 25 2024 Maxwell Moyer-McKee <mamckee@microsoft.com> - 103.4.1-2
+- Disable outline atomics in aarch64 builds
+
 * Thu Dec 28 2023 Maxwell Moyer-McKee <mamckee@microsoft.com> - 103.4.1-1
 - Update SymCrypt to v103.4.1 for SymCrypt-OpenSSL provider.
 
diff --git a/cgmanifest.json b/cgmanifest.json
index 0a27df853b6..c128921ef85 100644
--- a/cgmanifest.json
+++ b/cgmanifest.json
@@ -28086,8 +28086,8 @@
         "type": "other",
         "other": {
           "name": "SymCrypt-OpenSSL",
-          "version": "1.4.1",
-          "downloadUrl": "https://github.com/microsoft/SymCrypt-OpenSSL/archive/v1.4.1.tar.gz"
+          "version": "1.4.2",
+          "downloadUrl": "https://github.com/microsoft/SymCrypt-OpenSSL/archive/v1.4.2.tar.gz"
         }
       }
     },

From 0ddcb8db1d669671e9d988a836d4c19198d76f81 Mon Sep 17 00:00:00 2001
From: Andrew Phelps <anphel31@users.noreply.github.com>
Date: Thu, 25 Apr 2024 15:43:16 -0700
Subject: [PATCH 47/62] xxhash: fix build issue with x86-64-v3 (#8912)

---
 SPECS/xxhash/xxhash.spec | 11 ++++++++---
 1 file changed, 8 insertions(+), 3 deletions(-)

diff --git a/SPECS/xxhash/xxhash.spec b/SPECS/xxhash/xxhash.spec
index fa9cc68462e..633bd367a3e 100644
--- a/SPECS/xxhash/xxhash.spec
+++ b/SPECS/xxhash/xxhash.spec
@@ -1,7 +1,7 @@
 Summary:        Extremely fast hash algorithm
 Name:           xxhash
 Version:        0.8.2
-Release:        1%{?dist}
+Release:        2%{?dist}
 License:        BSD AND GPLv2+
 Vendor:         Microsoft Corporation
 Distribution:   Azure Linux
@@ -59,8 +59,10 @@ Documentation files for the xxhash library
 %global dispatch 0
 %endif
 
-%make_build MOREFLAGS="%{__global_cflags} %{?__global_ldflags}" \
-        DISPATCH=%{dispatch}
+%make_build
+    MOREFLAGS="%{__global_cflags} %{?__global_ldflags}" \
+    DISPATCH=%{dispatch} \
+    XXH_X86DISPATCH_ALLOW_AVX=1
 doxygen
 
 %install
@@ -94,6 +96,9 @@ rm %{buildroot}/%{_libdir}/libxxhash.a
 %doc doxygen/html
 
 %changelog
+* Thu Apr 25 2024 Andrew Phelps <anphel@microsoft.com> - 0.8.2-2
+- Set XXH_X86DISPATCH_ALLOW_AVX to support compiling with x86-64-v3
+
 * Fri Oct 27 2023 CBL-Mariner Servicing Account <cblmargh@microsoft.com> - 0.8.2-1
 - Auto-upgrade to 0.8.2 - Azure Linux 3.0 - package upgrades
 

From b6706d79c6876ec144a6f5e3e1e9fe88a0d17f62 Mon Sep 17 00:00:00 2001
From: Mykhailo Bykhovtsev <108374904+mbykhovtsev-ms@users.noreply.github.com>
Date: Thu, 25 Apr 2024 15:57:58 -0700
Subject: [PATCH 48/62] Revert "Upgrading ocaml to 5.1.1, promoting annobin and
 updating llvm" (#8910)

---
 .../annobin/annobin.signatures.json           |   5 +
 .../annobin/annobin.spec                      | 386 +++-------
 SPECS/annobin/annobin.signatures.json         |   5 -
 SPECS/llvm/llvm.spec                          |  13 +-
 .../0001-Don-t-add-rpaths-to-libraries.patch  |  41 +-
 ...-Allow-user-defined-C-compiler-flags.patch |  39 +-
 ...ters-tests-to-avoid-false-positive-w.patch | 694 ------------------
 ...-stack-reallocation-code-in-PIC-mode.patch |  24 -
 SPECS/ocaml/macros.ocaml-rpm                  |  69 --
 SPECS/ocaml/ocaml.signatures.json             |   4 +-
 SPECS/ocaml/ocaml.spec                        | 391 +++-------
 SPECS/ocaml/ocaml_files.py                    | 451 ------------
 cgmanifest.json                               |   8 +-
 13 files changed, 250 insertions(+), 1880 deletions(-)
 create mode 100644 SPECS-EXTENDED/annobin/annobin.signatures.json
 rename {SPECS => SPECS-EXTENDED}/annobin/annobin.spec (74%)
 delete mode 100644 SPECS/annobin/annobin.signatures.json
 delete mode 100644 SPECS/ocaml/0003-Update-framepointers-tests-to-avoid-false-positive-w.patch
 delete mode 100644 SPECS/ocaml/0004-Fix-s390x-stack-reallocation-code-in-PIC-mode.patch
 delete mode 100644 SPECS/ocaml/macros.ocaml-rpm
 delete mode 100644 SPECS/ocaml/ocaml_files.py

diff --git a/SPECS-EXTENDED/annobin/annobin.signatures.json b/SPECS-EXTENDED/annobin/annobin.signatures.json
new file mode 100644
index 00000000000..9cc241912eb
--- /dev/null
+++ b/SPECS-EXTENDED/annobin/annobin.signatures.json
@@ -0,0 +1,5 @@
+{
+ "Signatures": {
+  "annobin-9.27.tar.xz": "1d94816974d265f3f3ccfa03c211bfdab40119392f2e217f0f403f683f027351"
+ }
+}
diff --git a/SPECS/annobin/annobin.spec b/SPECS-EXTENDED/annobin/annobin.spec
similarity index 74%
rename from SPECS/annobin/annobin.spec
rename to SPECS-EXTENDED/annobin/annobin.spec
index ee4fc6d396b..1f9e27acef5 100644
--- a/SPECS/annobin/annobin.spec
+++ b/SPECS-EXTENDED/annobin/annobin.spec
@@ -1,150 +1,61 @@
-Name:    annobin
-Summary: Binary annotation plugin for GCC
-Version: 12.49
-Release: 1%{?dist}
-License: GPL-3.0-or-later AND LGPL-2.0-or-later AND (GPL-2.0-or-later WITH GCC-exception-2.0) AND (LGPL-2.0-or-later WITH GCC-exception-2.0) AND GFDL-1.3-or-later
 Vendor:         Microsoft Corporation
 Distribution:   Azure Linux
-URL: https://sourceware.org/annobin/
+
+Name:    annobin
+Summary: Binary annotation plugin for GCC
+Version: 9.27
+Release: 4%{?dist}
+License: GPLv3+
+URL:     https://fedoraproject.org/wiki/Toolchain/Watermark
 # Maintainer: nickc@redhat.com
-# Web Page: https://sourceware.org/annobin/
-# Watermark Protocol: https://fedoraproject.org/wiki/Toolchain/Watermark
 
-#---------------------------------------------------------------------------------
 
-# Set this to zero to disable the requirement for a specific version of gcc.
-# This should only be needed if there is some kind of problem with the version
-# checking logic or when building on RHEL-7 or earlier.
+# # Do not build the annobin plugin with annotation enabled.
+# # This is because if we are bootstrapping a new build environment we can have
+# # a new version of gcc installed, but without a new of annobin installed.
+# # (i.e. we are building the new version of annobin to go with the new version
+# # of gcc).  If the *old* annobin plugin is used whilst building this new
+# # version, the old plugin will complain that version of gcc for which it
+# # was built is different from the version of gcc that is now being used, and
+# # then it will abort.
 #
-# Update: now that we have gcc version checking support in redhat-rpm-config
-# there is no longer a great need for a hard gcc version check here.  Not
-# enabling this check greatly simplifies the process of installing a new major
-# version of gcc into the buildroot.
-%global with_hard_gcc_version_requirement 0
-
-#---------------------------------------------------------------------------------
-
-%global annobin_sources annobin-%{version}.tar.xz
-Source: https://nickc.fedorapeople.org/%{annobin_sources}
-# For the latest sources use:  git clone git://sourceware.org/git/annobin.git
+# Suppress this for BZ 1630550.
+# The problem should now only arise when rebasing to a new major version
+# of gcc, in which case the undefine below can be temporarily reinstated.
+#
+# %%undefine _annotated_build
 
-# This is where a copy of the sources will be installed.
-%global annobin_source_dir %{_usrsrc}/annobin
+# Use "--without tests" to disable the testsuite.  The default is to run them.
+%bcond_without tests
 
-# Insert patches here, if needed.  Eg:
-# Patch01: annobin-plugin-default-string-notes.patch
+# Use "--without annocheck" to disable the installation of the annocheck program.
+%bcond_without annocheck
 
-#---------------------------------------------------------------------------------
+# Use "--with debuginfod" to force support for debuginfod to be compiled into
+# the annocheck program.  By default the configure script will check for
+# availablilty at build time, but this might not match the run time situation.
+%bcond_with debuginfod
 
-# Make sure that the necessary sub-packages are built.
+# Set this to zero to disable the requirement for a specific version of gcc.
+# This should only be needed if there is some kind of problem with the version
+# checking logic or when building on RHEL-7 or earlier.
+%global with_hard_gcc_version_requirement 1
 
-Requires: %{name}-plugin-gcc
-Requires: %{name}-plugin-llvm
-Requires: %{name}-plugin-clang
+# Enable this if it is necessary to build annobin without using annobin.
+# This is useful for example if the annobin plugin fails because of a change
+# in the size of gcc's global_options structure.  In order to rebuild annobin
+# against the changed gcc it is necessary to disable annobin as otherwise
+# the configuration step of annobin's build will fail.
+%undefine _annotated_build
 
 #---------------------------------------------------------------------------------
+Source:  https://nickc.fedorapeople.org/annobin-%{version}.tar.xz
+# For the latest sources use:  git clone git://sourceware.org/git/annobin.git
 
-%description
-This package contains the tools needed to annotate binary files created by
-compilers, and also the tools needed to examine those annotations.
-
-One of the tools is a plugin for GCC that records information about the
-security options that were in effect when the binary was compiled.
-
-Note - the plugin is automatically enabled in gcc builds via flags
-provided by the redhat-rpm-macros package.
-
-One of the tools is a plugin for Clang that records information about the
-security options that were in effect when the binary was compiled.
-
-One of the tools is a plugin for LLVM that records information about the
-security options that were in effect when the binary was compiled.
-
-One of the tools is a security checker which analyses the notes present in
-annotated files and reports on any missing security options.
-
-
-#---------------------------------------------------------------------------
-
-# Now that we have sub-packages for all of the plugins and for annocheck,
-# there are no executables left to go into the "annobin" rpm.  But top-level
-# packages cannot have "BuildArch: noarch" if sub-packages do have
-# architecture requirements, and rpmlint generates an error if an
-# architecture specific rpm does not contain any binaries.  So instead all of
-# the documentation has been moved into an architecture neutral sub-package,
-# and there no longer is a top level annobin rpm at all.
-
-%package       docs
-Summary:       Documentation and shell scripts for use with annobin
-BuildArch:     noarch
-# The documentation uses pod2man...
-BuildRequires: perl-interpreter
-BuildRequires: perl-podlators
-BuildRequires: gawk
-BuildRequires: make
-BuildRequires: sharutils
-
-%description docs
-Provides the documentation files and example shell scripts for use with annobin.
-
-#----------------------------------------------------------------------------
-%package       tests
-Summary:       Test scripts and binaries for checking the behaviour and output of the annobin plugin
-Requires: %{name}-docs = %{version}-%{release}
-BuildRequires: make
-BuildRequires: sharutils
-BuildRequires: elfutils-devel
-
-%description tests
-Provides a means to test the generation of annotated binaries and the parsing
-of the resulting files.
-
-#----------------------------------------------------------------------------
-
-%package       annocheck
-Summary:       A tool for checking the security hardening status of binaries
-
-BuildRequires: gcc
-BuildRequires: elfutils
-BuildRequires: elfutils-devel
-BuildRequires: elfutils-libelf-devel
-BuildRequires: rpm-devel
-BuildRequires: make
-
-Requires: %{name}-docs = %{version}-%{release}
-Requires: cpio
-Requires: rpm
-
-%description annocheck
-Installs the annocheck program which uses the notes generated by annobin to
-check that the specified files were compiled with the correct security
-hardening options.
-
-%package libannocheck
-Summary: A library for checking the security hardening status of binaries
-
-BuildRequires: gcc
-BuildRequires: elfutils
-BuildRequires: elfutils-devel
-BuildRequires: elfutils-libelf-devel
-BuildRequires: rpm-devel
-BuildRequires: make
-
-Requires: %{name}-docs = %{version}-%{release}
-
-%description libannocheck
-Installs the libannocheck library which uses the notes generated by the
-annobin plugins to check that the specified files were compiled with the
-correct security hardening options.
-
-#----------------------------------------------------------------------------
-%package plugin-gcc
-Summary: annobin gcc plugin
+# Insert patches here, if needed.
+# Patch01: annobin-xxx.patch
 
-Requires: %{name}-docs = %{version}-%{release}
-Conflicts: %{name} <= 9.60-1
-BuildRequires: gcc-c++
-BuildRequires: gcc-plugin-devel
+#---------------------------------------------------------------------------------
 
 # [Stolen from gcc-python-plugin]
 # GCC will only load plugins that were built against exactly that build of GCC
@@ -161,29 +72,37 @@ BuildRequires: gcc-plugin-devel
 #
 # So we instead query the version from gcc's output.
 #
+# gcc.spec has:
+#   Version: %%{gcc_version}
+#   Release: %%{gcc_release}%%{?dist}
+#   ...snip...
+#   echo 'Red Hat %%{version}-%%{gcc_release}' > gcc/DEV-PHASE
+#
 # So, given this output:
 #
-# gcc (GCC) 13.2.0"
-# Copyright (C) 2023 Free Software Foundation, Inc."
-# This is free software; see the source for copying conditions.  There is NO"
-# warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
+#   $ gcc --version
+#   gcc (GCC) 9.1.0
+#   Copyright (C) 2011 Free Software Foundation, Inc.
+#   This is free software; see the source for copying conditions.  There is NO
+#   warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
 #
-# we can scrape out the "13.2.0" from the version line.
+# we can scrape out the "9.1.0" from the version line.
 #
 # The following implements the above:
 
-%global gcc_vr %(gcc --version | head -n 1 | sed -e 's|.*(GCC)||g')
+%global gcc_vr %(gcc --version | head -n 1 | cut -f3 -d" ")
 
 # We need the major version of gcc.
 %global gcc_major %(echo "%{gcc_vr}" | cut -f1 -d".")
 %global gcc_next  %(v="%{gcc_major}"; echo $((++v)))
 
 # Needed when building the srpm.
-%if "0%{?gcc_major}" == "0"
+%if 0%{?gcc_major}
+%else
 %global gcc_major 0
 %endif
 
-# For a gcc plugin gcc is required.
+# This is a gcc plugin, hence gcc is required.
 %if %{with_hard_gcc_version_requirement}
 # BZ 1607430 - There is an exact requirement on the major version of gcc.
 Requires: (gcc >= %{gcc_major} with gcc < %{gcc_next})
@@ -191,54 +110,49 @@ Requires: (gcc >= %{gcc_major} with gcc < %{gcc_next})
 Requires: gcc
 %endif
 
-# Information about the gcc plugin is recorded in this file.
-%global aver annobin-plugin-version-info
+BuildRequires: gcc gcc-plugin-devel gcc-c++
+
+%description
+Provides a plugin for GCC that records extra information in the files
+that it compiles.
 
-%description plugin-gcc
-Installs an annobin plugin that can be used by gcc.
+Note - the plugin is automatically enabled in gcc builds via flags
+provided by the redhat-rpm-macros package.
 
 #---------------------------------------------------------------------------------
-%package plugin-llvm
-Summary: annobin llvm plugin
+%if %{with tests}
+
+%package tests
+Summary: Test scripts and binaries for checking the behaviour and output of the annobin plugin
 
-Requires: %{name}-docs = %{version}-%{release}
-Requires: llvm
-Conflicts: %{name} <= 9.60-1
-BuildRequires: clang
-BuildRequires: clang-devel
-BuildRequires: compiler-rt
-BuildRequires: llvm
-BuildRequires: llvm-devel
+%description tests
+Provides a means to test the generation of annotated binaries and the parsing
+of the resulting files.
 
-%description plugin-llvm
-Installs an annobin plugin that can be used by LLVM tools.
+%endif
 
 #---------------------------------------------------------------------------------
+%if %{with annocheck}
+
+%package annocheck
+Summary: A tool for checking the security hardening status of binaries
 
-%package plugin-clang
-Summary: annobin clang plugin
+BuildRequires: gcc elfutils elfutils-devel elfutils-libelf-devel rpm-devel binutils-devel
+%if %{with debuginfod}
+BuildRequires: elfutils-debuginfod-client-devel
+%endif
 
-Requires: %{name}-docs = %{version}-%{release}
-Requires: llvm
-Conflicts: %{name} <= 9.60-1
-BuildRequires: clang
-BuildRequires: clang-devel
-BuildRequires: compiler-rt
-BuildRequires: llvm
-BuildRequires: llvm-devel
+%description annocheck
+Installs the annocheck program which uses the notes generated by annobin to
+check that the specified files were compiled with the correct security
+hardening options.
 
-%description plugin-clang
-Installs an annobin plugin that can be used by Clang.
+%endif
 
 #---------------------------------------------------------------------------------
 
-# Decide where the plugins will live.  Change if necessary.
-
 %global ANNOBIN_GCC_PLUGIN_DIR %(gcc --print-file-name=plugin)
 
-%{!?llvm_plugin_dir:%global  llvm_plugin_dir  %{_libdir}/llvm/plugins}
-%{!?clang_plugin_dir:%global clang_plugin_dir %{_libdir}/clang/plugins}
-
 #---------------------------------------------------------------------------------
 
 %prep
@@ -262,143 +176,79 @@ touch doc/annobin.info
 #---------------------------------------------------------------------------------
 
 %build
-CONFIG_ARGS="$CONFIG_ARGS --quiet --with-debuginfod --with-clang --with-gcc-plugin-dir=%{ANNOBIN_GCC_PLUGIN_DIR} --with-llvm"
-
-export CFLAGS="$CFLAGS -DAARCH64_BRANCH_PROTECTION_SUPPORTED=1"
-
-%set_build_flags
 
-export CFLAGS="$CFLAGS $RPM_OPT_FLAGS %build_cflags"
-export LDFLAGS="$LDFLAGS %build_ldflags"
+CONFIG_ARGS=
 
-export PLUGIN_FORTIFY_OPTION="-D_FORTIFY_SOURCE=3"
-
-# Set target-specific security options to be used when building the
-# Clang and LLVM plugins.  FIXME: There should be a better way to do
-# this.
-%ifarch %{ix86} x86_64
-export CLANG_TARGET_OPTIONS="-fcf-protection"
+%if %{with debuginfod}
+CONFIG_ARGS="$CONFIG_ARGS --with-debuginfod"
+%else
+CONFIG_ARGS="$CONFIG_ARGS --without-debuginfod"
 %endif
 
-%ifarch aarch64
-export CLANG_TARGET_OPTIONS="-mbranch-protection=standard"
+%if %{without tests}
+CONFIG_ARGS="$CONFIG_ARGS --without-test"
 %endif
 
-CFLAGS="$CFLAGS" LDFLAGS="$LDFLAGS" CXXFLAGS="$CFLAGS" %configure ${CONFIG_ARGS} || cat config.log
+%configure --quiet --with-gcc-plugin-dir=%{ANNOBIN_GCC_PLUGIN_DIR} ${CONFIG_ARGS} || cat config.log
 
 %make_build
 
-# Rebuild the plugin(s), this time using the plugin itself!  This
+# Rebuild the plugin, this time using the plugin itself!  This
 # ensures that the plugin works, and that it contains annotations
-# of its own.
-
+# of its own.  This could mean that we end up with a plugin with
+# double annotations in it.  (If the build system enables annotations
+# for plugins by default).  I have not tested this yet, but I think
+# that it should be OK.
 cp gcc-plugin/.libs/annobin.so.0.0.0 %{_tmppath}/tmp_annobin.so
 make -C gcc-plugin clean
-BUILD_FLAGS="-fplugin=%{_tmppath}/tmp_annobin.so"
-
-OPTS="$(rpm --undefine=_annotated_build --eval '%build_cflags %build_ldflags')"
-
-# If building on systems with an assembler that does not support the
-# .attach_to_group pseudo op (eg RHEL-7) then enable the next line.
+BUILD_FLAGS="-fplugin=%{_tmppath}/tmp_annobin.so -fplugin-arg-tmp_annobin-rename"
+# If building on RHEL7, enable the next option as the .attach_to_group assembler pseudo op is not available in the assembler.
 # BUILD_FLAGS="$BUILD_FLAGS -fplugin-arg-tmp_annobin-no-attach"
-
-make -C gcc-plugin CXXFLAGS="$OPTS $BUILD_FLAGS"
+make -C gcc-plugin CXXFLAGS="%{optflags} $BUILD_FLAGS"
 rm %{_tmppath}/tmp_annobin.so
 
-cp clang-plugin/annobin-for-clang.so %{_tmppath}/tmp_annobin.so
-# To enable verbose more in the plugin append the following: ANNOBIN="verbose"
-make -C clang-plugin clean all CLANG_TARGET_OPTIONS="$CLANG_TARGET_OPTIONS $BUILD_FLAGS" 
-
-cp llvm-plugin/annobin-for-llvm.so %{_tmppath}/tmp_annobin.so
-# To enable verbose more in the plugin append the following: ANNOBIN_VERBOSE="true"            
-make -C llvm-plugin clean all CLANG_TARGET_OPTIONS="$CLANG_TARGET_OPTIONS $BUILD_FLAGS"
-
 #---------------------------------------------------------------------------------
 
 %install
-
-# PLUGIN_INSTALL_DIR is used by the Clang and LLVM makefiles...
-%make_install PLUGIN_INSTALL_DIR=%{buildroot}/%{llvm_plugin_dir}
-
-# Move the clang plugin to a seperate directory.
-mkdir -p %{buildroot}/%{clang_plugin_dir}
-mv %{buildroot}/%{llvm_plugin_dir}/annobin-for-clang.so %{buildroot}/%{clang_plugin_dir}
-
-# Record the version of gcc that built this plugin.
-# Note - we cannot just store %%{gcc_vr} as sometimes the gcc rpm version changes
-# without the NVR being altered.  See BZ #2030671 for more discussion on this.
-mkdir -p                             %{buildroot}/%{ANNOBIN_GCC_PLUGIN_DIR}
-echo "%{gcc_vr}" > %{buildroot}/%{ANNOBIN_GCC_PLUGIN_DIR}/%{aver}
-
-# Also install a copy of the sources into the build tree.
-mkdir -p                            %{buildroot}%{annobin_source_dir}
-cp %{_sourcedir}/%{annobin_sources} %{buildroot}%{annobin_source_dir}/latest-annobin.tar.xz
-
-rm -f %{buildroot}%{_infodir}/dir
+%make_install
+%{__rm} -f %{buildroot}%{_infodir}/dir
 
 #---------------------------------------------------------------------------------
 
+%if %{with tests}
 %check
-# The first "make check" is run with "|| :" so that we can capture any logs
-# from failed tests.  The second "make check" is there so that the build
-# will fail if any of the tests fail.
-make check || :
+# Change the following line to "make check || :" on RHEL7 or if you need to see the
+# test suite logs in order to diagnose a test failure.
+make check
 if [ -f tests/test-suite.log ]; then
     cat tests/test-suite.log
 fi
-# If necessary use uuencode to preserve test binaries here.  For example:
-#   uuencode tests/tmp_atexit/atexit.strip atexit.strip
-
-make check
+%endif
 
 #---------------------------------------------------------------------------------
 
-%files docs
+%files
+%{ANNOBIN_GCC_PLUGIN_DIR}
 %license COPYING3 LICENSE
 %exclude %{_datadir}/doc/annobin-plugin/COPYING3
 %exclude %{_datadir}/doc/annobin-plugin/LICENSE
 %doc %{_datadir}/doc/annobin-plugin/annotation.proposal.txt
 %{_infodir}/annobin.info*
 %{_mandir}/man1/annobin.1*
-%exclude %{_mandir}/man1/built-by.1*
-%exclude %{_mandir}/man1/check-abi.1*
-%exclude %{_mandir}/man1/hardened.1*
-%exclude %{_mandir}/man1/run-on-binaries-in.1*
-
-%files plugin-llvm
-%dir %{llvm_plugin_dir}
-%{llvm_plugin_dir}/annobin-for-llvm.so
-
-%files plugin-clang
-%dir %{clang_plugin_dir}
-%{clang_plugin_dir}/annobin-for-clang.so
-
-%files plugin-gcc
-%dir %{ANNOBIN_GCC_PLUGIN_DIR}
-%{ANNOBIN_GCC_PLUGIN_DIR}/annobin.so
-%{ANNOBIN_GCC_PLUGIN_DIR}/annobin.so.0
-%{ANNOBIN_GCC_PLUGIN_DIR}/annobin.so.0.0.0
-%{ANNOBIN_GCC_PLUGIN_DIR}/%{aver}
-%{annobin_source_dir}/latest-annobin.tar.xz
+%{_mandir}/man1/built-by.1*
+%{_mandir}/man1/check-abi.1*
+%{_mandir}/man1/hardened.1*
+%{_mandir}/man1/run-on-binaries-in.1*
 
+%if %{with annocheck}
 %files annocheck
 %{_bindir}/annocheck
 %{_mandir}/man1/annocheck.1*
-
-%files libannocheck
-%{_includedir}/libannocheck.h
-%{_libdir}/libannocheck.*
-%{_libdir}/pkgconfig/libannocheck.pc
+%endif
 
 #---------------------------------------------------------------------------------
 
 %changelog
-* Fri Mar 08 2024 Mykhailo Bykhovtsev <mbykhovtsev@microsoft.com> - 12.40-1
-- Promoted package from extended to core
-- Upgraded to 12.49
-- Imported and adopted the spec from Fedora
-- License verified
-
 * Fri Oct 15 2021 Pawel Winogrodzki <pawelwi@microsoft.com> - 9.27-4
 - Initial CBL-Mariner import from Fedora 32 (license: MIT).
 
diff --git a/SPECS/annobin/annobin.signatures.json b/SPECS/annobin/annobin.signatures.json
deleted file mode 100644
index 409020db434..00000000000
--- a/SPECS/annobin/annobin.signatures.json
+++ /dev/null
@@ -1,5 +0,0 @@
-{
- "Signatures": {
-  "annobin-12.49.tar.xz": "991660e75fa3314537cc3f5d4653265b60e46f2015dce026eacaa57878cbfbab"
- }
-}
diff --git a/SPECS/llvm/llvm.spec b/SPECS/llvm/llvm.spec
index a0a649f6fe7..236c06d569b 100644
--- a/SPECS/llvm/llvm.spec
+++ b/SPECS/llvm/llvm.spec
@@ -1,7 +1,7 @@
 Summary:        A collection of modular and reusable compiler and toolchain technologies.
 Name:           llvm
 Version:        18.1.2
-Release:        2%{?dist}
+Release:        1%{?dist}
 License:        NCSA
 Vendor:         Microsoft Corporation
 Distribution:   Azure Linux
@@ -14,7 +14,6 @@ BuildRequires:  libffi-devel
 BuildRequires:  libxml2-devel
 BuildRequires:  ninja-build
 BuildRequires:  python3-devel
-BuildRequires:  binutils-devel
 Requires:       libxml2
 Provides:       %{name} = %{version}
 Provides:       %{name} = %{version}-%{release}
@@ -63,9 +62,6 @@ cmake -G Ninja                              \
 %install
 %ninja_install -C build
 
-mkdir -p %{buildroot}%{_libdir}/bfd-plugins/
-ln -s -t %{buildroot}%{_libdir}/bfd-plugins/ ../LLVMgold.so
-
 %post   -p /sbin/ldconfig
 %postun -p /sbin/ldconfig
 
@@ -89,8 +85,6 @@ ninja check-all
 %{_bindir}/*
 %{_libdir}/*.so
 %{_libdir}/*.so.*
-%{_libdir}/LLVMgold.so
-%{_libdir}/bfd-plugins/LLVMgold.so
 %dir %{_datadir}/opt-viewer
 %{_datadir}/opt-viewer/opt-diff.py
 %{_datadir}/opt-viewer/opt-stats.py
@@ -102,14 +96,9 @@ ninja check-all
 %files devel
 %{_libdir}/*.a
 %{_libdir}/cmake/*
-%{_libdir}/LLVMgold.so
-%{_libdir}/bfd-plugins/LLVMgold.so
 %{_includedir}/*
 
 %changelog
-* Fri Apr 5 2024 Mykhailo Bykhovtsev <mbykhovtsev@microsoft.com> - 18.1.2-2
-- Added LLVMgold.so files to the main and devel packages
-
 * Wed Apr 03 2024 Andrew Phelps <anphel@microsoft.com> - 18.1.2-1
 - Upgrade to version 18.1.2
 
diff --git a/SPECS/ocaml/0001-Don-t-add-rpaths-to-libraries.patch b/SPECS/ocaml/0001-Don-t-add-rpaths-to-libraries.patch
index d497a12ee6a..f079b47cc6b 100644
--- a/SPECS/ocaml/0001-Don-t-add-rpaths-to-libraries.patch
+++ b/SPECS/ocaml/0001-Don-t-add-rpaths-to-libraries.patch
@@ -1,23 +1,26 @@
-From 799bf9088c131fc71626a48e9987e4d44a2f0194 Mon Sep 17 00:00:00 2001
+From 23f2e84d360208759c7d82b7ff795770ce6cf0b2 Mon Sep 17 00:00:00 2001
 From: "Richard W.M. Jones" <rjones@redhat.com>
 Date: Tue, 24 Jun 2014 10:00:15 +0100
-Subject: [PATCH 1/4] Don't add rpaths to libraries.
- 
+Subject: [PATCH 1/3] Don't add rpaths to libraries.
+
 ---
- configure.ac | 2 --
- 1 file changed, 2 deletions(-)
- 
-diff --git a/configure.ac b/configure.ac
-index b81da53c42..892a2a894f 100644
---- a/configure.ac
-+++ b/configure.ac
-@@ -1107,8 +1107,6 @@ AS_IF([test x"$enable_shared" != "xno"],
-            [[*-*-openbsd7.[3-9]|*-*-openbsd[89].*]],
-            [mkdll_flags="${mkdll_flags} -Wl,--no-execute-only"])
-       oc_ldflags="$oc_ldflags -Wl,-E"
--      rpath="-Wl,-rpath,"
--      mksharedlibrpath="-Wl,-rpath,"
-       natdynlinkopts="-Wl,-E"
-       supports_shared_libraries=true],
-       [mkdll='shared-libs-not-available'])
+ utils/config.mlp | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/utils/config.mlp b/utils/config.mlp
+index bbb3c5694..57d509cd0 100644
+--- a/utils/config.mlp
++++ b/utils/config.mlp
+@@ -55,8 +55,8 @@ let native_c_compiler =
+ let native_c_libraries = "%%NATIVECCLIBS%%"
+ let native_pack_linker = "%%PACKLD%%"
+ let ranlib = "%%RANLIBCMD%%"
+-let default_rpath = "%%RPATH%%"
+-let mksharedlibrpath = "%%MKSHAREDLIBRPATH%%"
++let default_rpath = ""
++let mksharedlibrpath = ""
+ let ar = "%%ARCMD%%"
+ let supports_shared_libraries = %%SUPPORTS_SHARED_LIBRARIES%%
+ let mkdll, mkexe, mkmaindll =
 -- 
+2.32.0
diff --git a/SPECS/ocaml/0002-configure-Allow-user-defined-C-compiler-flags.patch b/SPECS/ocaml/0002-configure-Allow-user-defined-C-compiler-flags.patch
index 80c0e87e53f..675d3b2db81 100644
--- a/SPECS/ocaml/0002-configure-Allow-user-defined-C-compiler-flags.patch
+++ b/SPECS/ocaml/0002-configure-Allow-user-defined-C-compiler-flags.patch
@@ -1,17 +1,17 @@
-From f2b875e8201efed22267136096b1e5df97f99f84 Mon Sep 17 00:00:00 2001
+From 9966786a7389dc6621f2bc2dce7c690c5a38b67d Mon Sep 17 00:00:00 2001
 From: "Richard W.M. Jones" <rjones@redhat.com>
 Date: Tue, 29 May 2012 20:44:18 +0100
-Subject: [PATCH 2/4] configure: Allow user defined C compiler flags.
- 
+Subject: [PATCH 2/3] configure: Allow user defined C compiler flags.
+
 ---
- configure.ac | 8 ++++++--
- 1 file changed, 6 insertions(+), 2 deletions(-)
- 
+ configure.ac | 4 ++++
+ 1 file changed, 4 insertions(+)
+
 diff --git a/configure.ac b/configure.ac
-index 892a2a894f..e8f6cbc863 100644
+index 3698c7cbf..e2a3cbea0 100644
 --- a/configure.ac
 +++ b/configure.ac
-@@ -760,6 +760,10 @@ AS_CASE([$host],
+@@ -669,6 +669,10 @@ AS_CASE([$host],
        internal_cflags="$cc_warnings"],
      [common_cflags="-O"])])
  
@@ -19,25 +19,8 @@ index 892a2a894f..e8f6cbc863 100644
 +common_cflags="$common_cflags $CFLAGS"
 +cclibs="$cclibs $LDFLAGS"
 +
+ internal_cppflags="-DCAML_NAME_SPACE $internal_cppflags"
+ 
  # Enable SSE2 on x86 mingw to avoid using 80-bit registers.
- AS_CASE([$host],
-   [i686-*-mingw32*],
-@@ -2327,7 +2331,7 @@ AC_CONFIG_COMMANDS_PRE([
-       [mkexedebugflag="${mkexe_ldflags_prefix}${mkexedebugflag}"])
-     mkdll_ldflags=""
-     AS_IF([test -n "${LDFLAGS}"],
--      [for flag in ${LDFLAGS}; do
-+      [for flag in "${LDFLAGS}"; do
-         mkdll_ldflags="${mkdll_ldflags} ${mkexe_ldflags_prefix}${flag}"
-       done
-       mkdll_ldflags_exp="$mkdll_ldflags"])
-@@ -2353,7 +2357,7 @@ ${mkdll_ldflags}"
-   ],[
-     mkdll_ldflags='$(OC_DLL_LDFLAGS) $(LDFLAGS)'
-     mkdll_ldflags_exp="${oc_dll_ldflags}"
--    AS_IF([test -n ${LDFLAGS}],
-+    AS_IF([test -n "${LDFLAGS}"],
-       [mkdll_ldflags_exp="$mkdll_ldflags_exp $LDFLAGS"])
-     mkexe_ldflags="\$(OC_LDFLAGS) \$(LDFLAGS)"
-     mkexe_ldflags_exp="${oc_ldflags} ${LDFLAGS}"
 -- 
+2.32.0
diff --git a/SPECS/ocaml/0003-Update-framepointers-tests-to-avoid-false-positive-w.patch b/SPECS/ocaml/0003-Update-framepointers-tests-to-avoid-false-positive-w.patch
deleted file mode 100644
index 10c2325ece6..00000000000
--- a/SPECS/ocaml/0003-Update-framepointers-tests-to-avoid-false-positive-w.patch
+++ /dev/null
@@ -1,694 +0,0 @@
-From ba44a9c29771aacf44222a2ff63e7bd6034dd92c Mon Sep 17 00:00:00 2001
-From: Fabrice Buoro <fabrice@tarides.com>
-Date: Fri, 10 Mar 2023 09:36:22 -0700
-Subject: [PATCH 3/4] Update framepointers tests to avoid false positive with
- inlined C functions
-
----
- testsuite/tests/frame-pointers/c_call.ml      |  14 +-
- .../tests/frame-pointers/c_call.reference     |   9 -
- testsuite/tests/frame-pointers/c_call.run     |   4 -
- testsuite/tests/frame-pointers/c_call_.c      |  14 +-
- testsuite/tests/frame-pointers/effects.ml     |  12 +-
- .../tests/frame-pointers/effects.reference    |  15 --
- testsuite/tests/frame-pointers/effects.run    |   4 -
- .../tests/frame-pointers/exception_handler.ml |   4 +-
- .../exception_handler.reference               |  12 --
- .../frame-pointers/exception_handler.run      |   4 -
- .../tests/frame-pointers/filter-locations.sh  |  23 ---
- testsuite/tests/frame-pointers/fp_backtrace.c | 186 +++++++++++-------
- testsuite/tests/frame-pointers/reperform.ml   |   4 +-
- .../tests/frame-pointers/reperform.reference  |   3 -
- testsuite/tests/frame-pointers/reperform.run  |   4 -
- .../tests/frame-pointers/stack_realloc.ml     |   4 +-
- .../frame-pointers/stack_realloc.reference    |   3 -
- .../tests/frame-pointers/stack_realloc.run    |   4 -
- .../tests/frame-pointers/stack_realloc2.ml    |   4 +-
- .../frame-pointers/stack_realloc2.reference   |   3 -
- .../tests/frame-pointers/stack_realloc2.run   |   4 -
- 21 files changed, 144 insertions(+), 190 deletions(-)
- delete mode 100644 testsuite/tests/frame-pointers/c_call.run
- delete mode 100644 testsuite/tests/frame-pointers/effects.run
- delete mode 100644 testsuite/tests/frame-pointers/exception_handler.run
- delete mode 100755 testsuite/tests/frame-pointers/filter-locations.sh
- delete mode 100644 testsuite/tests/frame-pointers/reperform.run
- delete mode 100644 testsuite/tests/frame-pointers/stack_realloc.run
- delete mode 100644 testsuite/tests/frame-pointers/stack_realloc2.run
-
-diff --git a/testsuite/tests/frame-pointers/c_call.ml b/testsuite/tests/frame-pointers/c_call.ml
-index c2493b3a99..9b98e86520 100644
---- a/testsuite/tests/frame-pointers/c_call.ml
-+++ b/testsuite/tests/frame-pointers/c_call.ml
-@@ -7,20 +7,20 @@ all_modules = "${readonly_files} c_call.ml"
- 
- *)
- 
--external fp_backtrace : unit -> unit = "fp_backtrace"
--external fp_backtrace_no_alloc : unit -> unit = "fp_backtrace" [@@noalloc]
--external fp_backtrace_many_args : int -> int -> int -> int -> int -> int -> int
--  -> int -> int -> int -> int -> unit =
-+external fp_backtrace : string -> unit = "fp_backtrace"
-+external fp_backtrace_no_alloc : string -> unit = "fp_backtrace" [@@noalloc]
-+external fp_backtrace_many_args : string -> int -> int -> int -> int -> int
-+  -> int -> int -> int -> int -> int -> int -> unit =
-   "fp_backtrace_many_args_argv" "fp_backtrace_many_args"
- 
- let[@inline never] f () =
-   (* Check backtrace through caml_c_call_stack_args *)
--  fp_backtrace_many_args 1 2 3 4 5 6 7 8 9 10 11;
-+  fp_backtrace_many_args Sys.argv.(0) 1 2 3 4 5 6 7 8 9 10 11;
-   (* Check backtrace through caml_c_call.
-    * Also check that caml_c_call_stack_args correctly restores rbp register *)
--  fp_backtrace ();
-+  fp_backtrace Sys.argv.(0);
-   (* Check caml_c_call correctly restores rbp register *)
--  fp_backtrace_no_alloc ();
-+  fp_backtrace_no_alloc Sys.argv.(0);
-   42
- 
- let () = ignore (f ())
-diff --git a/testsuite/tests/frame-pointers/c_call.reference b/testsuite/tests/frame-pointers/c_call.reference
-index 92fb40a238..23095e7431 100644
---- a/testsuite/tests/frame-pointers/c_call.reference
-+++ b/testsuite/tests/frame-pointers/c_call.reference
-@@ -3,19 +3,10 @@ caml_c_call_stack_args
- camlC_call.f
- camlC_call.entry
- caml_program
--caml_start_program
--caml_main/caml_startup
--main
- caml_c_call
- camlC_call.f
- camlC_call.entry
- caml_program
--caml_start_program
--caml_main/caml_startup
--main
- camlC_call.f
- camlC_call.entry
- caml_program
--caml_start_program
--caml_main/caml_startup
--main
-diff --git a/testsuite/tests/frame-pointers/c_call.run b/testsuite/tests/frame-pointers/c_call.run
-deleted file mode 100644
-index e96b5ea13a..0000000000
---- a/testsuite/tests/frame-pointers/c_call.run
-+++ /dev/null
-@@ -1,4 +0,0 @@
--#!/bin/sh
--
--${program} 2>&1 \
--  | ${test_source_directory}/filter-locations.sh ${program} >${output}
-diff --git a/testsuite/tests/frame-pointers/c_call_.c b/testsuite/tests/frame-pointers/c_call_.c
-index 634c4dd937..a75100b213 100644
---- a/testsuite/tests/frame-pointers/c_call_.c
-+++ b/testsuite/tests/frame-pointers/c_call_.c
-@@ -16,10 +16,10 @@
- #include <assert.h>
- #include "caml/mlvalues.h"
- 
--void fp_backtrace(void);
-+void fp_backtrace(value);
- 
--value fp_backtrace_many_args(value a, value b, value c, value d, value e,
--    value f, value g, value h, value i, value j, value k)
-+value fp_backtrace_many_args(value argv0, value a, value b, value c,
-+    value d, value e, value f, value g, value h, value i, value j, value k)
- {
-   assert(Int_val(a) == 1);
-   assert(Int_val(b) == 2);
-@@ -33,15 +33,15 @@ value fp_backtrace_many_args(value a, value b, value c, value d, value e,
-   assert(Int_val(j) == 10);
-   assert(Int_val(k) == 11);
- 
--  fp_backtrace();
-+  fp_backtrace(argv0);
- 
-   return Val_unit;
- }
- 
--value fp_bactrace_many_args_argv(value *argv, int argc)
-+value fp_bactrace_many_args_argv(value argv0, value *argv, int argc)
- {
-   assert(argc == 11);
- 
--  return fp_backtrace_many_args(argv[0], argv[1], argv[2], argv[3], argv[4],
--      argv[5], argv[6], argv[7], argv[8], argv[9], argv[10]);
-+  return fp_backtrace_many_args(argv0, argv[0], argv[1], argv[2], argv[3],
-+      argv[4], argv[5], argv[6], argv[7], argv[8], argv[9], argv[10]);
- }
-diff --git a/testsuite/tests/frame-pointers/effects.ml b/testsuite/tests/frame-pointers/effects.ml
-index e14633a374..4d14190320 100644
---- a/testsuite/tests/frame-pointers/effects.ml
-+++ b/testsuite/tests/frame-pointers/effects.ml
-@@ -11,26 +11,26 @@ open Printf
- open Effect
- open Effect.Deep
- 
--external fp_backtrace : unit -> unit = "fp_backtrace" [@@noalloc]
-+external fp_backtrace : string -> unit = "fp_backtrace" [@@noalloc]
- 
- type _ t += E : int -> int t
- 
- let[@inline never] f () =
-   printf "# computation f\n%!";
--  fp_backtrace ();
-+  fp_backtrace Sys.argv.(0);
-   printf "# perform effect (E 0)\n%!";
-   let v = perform (E 0) in
-   printf "# perform returns %d\n%!" v;
--  fp_backtrace ();
-+  fp_backtrace Sys.argv.(0);
-   v + 1
- 
- let h (type a) (eff : a t) : ((a, 'b) continuation -> 'b) option =
-   let[@inline never] h_effect_e v k =
-     printf "# caught effect (E %d). continuing...\n%!" v;
--    fp_backtrace ();
-+    fp_backtrace Sys.argv.(0);
-     let v = continue k (v + 1) in
-     printf "# continue returns %d\n%!" v;
--    fp_backtrace ();
-+    fp_backtrace Sys.argv.(0);
-     v + 1
-   in
-   match eff with
-@@ -41,7 +41,7 @@ let h (type a) (eff : a t) : ((a, 'b) continuation -> 'b) option =
- let v =
-   let[@inline never] v_retc v =
-     printf "# done %d\n%!" v;
--    fp_backtrace ();
-+    fp_backtrace Sys.argv.(0);
-     v + 1
-   in
-   match_with f ()
-diff --git a/testsuite/tests/frame-pointers/effects.reference b/testsuite/tests/frame-pointers/effects.reference
-index c8bd0a391a..8ae3fc26df 100644
---- a/testsuite/tests/frame-pointers/effects.reference
-+++ b/testsuite/tests/frame-pointers/effects.reference
-@@ -3,39 +3,24 @@ camlEffects.f
- caml_runstack
- camlEffects.entry
- caml_program
--caml_start_program
--caml_main/caml_startup
--main
- # perform effect (E 0)
- # caught effect (E 0). continuing...
- camlEffects.h_effect_e
- camlEffects.entry
- caml_program
--caml_start_program
--caml_main/caml_startup
--main
- # perform returns 1
- camlEffects.f
- caml_runstack
- camlEffects.h_effect_e
- camlEffects.entry
- caml_program
--caml_start_program
--caml_main/caml_startup
--main
- # done 2
- camlEffects.v_retc
- camlEffects.h_effect_e
- camlEffects.entry
- caml_program
--caml_start_program
--caml_main/caml_startup
--main
- # continue returns 3
- camlEffects.h_effect_e
- camlEffects.entry
- caml_program
--caml_start_program
--caml_main/caml_startup
--main
- # result=4
-diff --git a/testsuite/tests/frame-pointers/effects.run b/testsuite/tests/frame-pointers/effects.run
-deleted file mode 100644
-index e96b5ea13a..0000000000
---- a/testsuite/tests/frame-pointers/effects.run
-+++ /dev/null
-@@ -1,4 +0,0 @@
--#!/bin/sh
--
--${program} 2>&1 \
--  | ${test_source_directory}/filter-locations.sh ${program} >${output}
-diff --git a/testsuite/tests/frame-pointers/exception_handler.ml b/testsuite/tests/frame-pointers/exception_handler.ml
-index 575f7329bf..95a4f0d75c 100644
---- a/testsuite/tests/frame-pointers/exception_handler.ml
-+++ b/testsuite/tests/frame-pointers/exception_handler.ml
-@@ -8,7 +8,7 @@ all_modules = "${readonly_files} exception_handler.ml"
- *)
- 
- (* https://github.com/ocaml/ocaml/pull/11031 *)
--external fp_backtrace : unit -> unit = "fp_backtrace" [@@noalloc]
-+external fp_backtrace : string -> unit = "fp_backtrace" [@@noalloc]
- 
- exception Exn1
- exception Exn2
-@@ -38,7 +38,7 @@ let[@inline never] handler () =
-   let _ = Sys.opaque_identity x0 in
-   let _ = Sys.opaque_identity x1 in
-   let _ = Sys.opaque_identity x2 in
--  fp_backtrace ()
-+  fp_backtrace Sys.argv.(0)
- 
- let[@inline never] nested i =
-   begin
-diff --git a/testsuite/tests/frame-pointers/exception_handler.reference b/testsuite/tests/frame-pointers/exception_handler.reference
-index 513ca488b9..e012fb6d4f 100644
---- a/testsuite/tests/frame-pointers/exception_handler.reference
-+++ b/testsuite/tests/frame-pointers/exception_handler.reference
-@@ -2,27 +2,15 @@ camlException_handler.handler
- camlException_handler.bare
- camlException_handler.entry
- caml_program
--caml_start_program
--caml_main/caml_startup
--main
- camlException_handler.handler
- camlException_handler.bare
- camlException_handler.entry
- caml_program
--caml_start_program
--caml_main/caml_startup
--main
- camlException_handler.handler
- camlException_handler.nested
- camlException_handler.entry
- caml_program
--caml_start_program
--caml_main/caml_startup
--main
- camlException_handler.handler
- camlException_handler.nested
- camlException_handler.entry
- caml_program
--caml_start_program
--caml_main/caml_startup
--main
-diff --git a/testsuite/tests/frame-pointers/exception_handler.run b/testsuite/tests/frame-pointers/exception_handler.run
-deleted file mode 100644
-index e96b5ea13a..0000000000
---- a/testsuite/tests/frame-pointers/exception_handler.run
-+++ /dev/null
-@@ -1,4 +0,0 @@
--#!/bin/sh
--
--${program} 2>&1 \
--  | ${test_source_directory}/filter-locations.sh ${program} >${output}
-diff --git a/testsuite/tests/frame-pointers/filter-locations.sh b/testsuite/tests/frame-pointers/filter-locations.sh
-deleted file mode 100755
-index 31c7fc3189..0000000000
---- a/testsuite/tests/frame-pointers/filter-locations.sh
-+++ /dev/null
-@@ -1,23 +0,0 @@
--#!/bin/sh
--
--set -eu
--
--program="${1}"
--# https://stackoverflow.com/questions/29613304/is-it-possible-to-escape-regex-metacharacters-reliably-with-sed/29626460#29626460
--program_escaped=$(echo ${program} | sed 's/[^^\\]/[&]/g; s/\^/\\^/g; s/\\/\\\\/g')
--regex_backtrace='^.*(\(.*\)+0x[[:xdigit:]]*)[0x[[:xdigit:]]*]$'
--regex_trim_fun='^\(caml.*\)_[[:digit:]]*$'
--
--# - Ignore backtrace not coming from the program binary
--# - Discard the number suffix from OCaml function name
--# - Remove strange '[0x.....]' entries inserted by some implementation
--#   of backtrace_symbols_fd
--# - Keep the other lines
--sed -e \
--  "/${regex_backtrace}/ {
--    /^${program_escaped}/ ! d
--    s/${regex_backtrace}/\1/
--    s/${regex_trim_fun}/\1/
--    s;caml_\(main\|startup\);caml_main/caml_startup;
--  }" \
--  -e '/^\[0x/d'
-diff --git a/testsuite/tests/frame-pointers/fp_backtrace.c b/testsuite/tests/frame-pointers/fp_backtrace.c
-index a521218a38..cef7ccd9f2 100644
---- a/testsuite/tests/frame-pointers/fp_backtrace.c
-+++ b/testsuite/tests/frame-pointers/fp_backtrace.c
-@@ -1,10 +1,17 @@
- #include <execinfo.h>
--#include <unistd.h>
--#include <setjmp.h>
--#include <signal.h>
-+#include <regex.h>
-+#include <stdbool.h>
- #include <stdio.h>
-+#include <stdlib.h>
-+#include <string.h>
- 
--#define ARRSIZE(a)  (sizeof(a) / sizeof(*(a)))
-+#include "caml/mlvalues.h"
-+
-+#define ARR_SIZE(a)    (sizeof(a) / sizeof(*(a)))
-+
-+#define RE_FUNC_NAME  "^.*\\((.+)\\+0x[[:xdigit:]]+\\) \\[0x[[:xdigit:]]+\\]$"
-+#define RE_TRIM_FUNC  "(caml.*)_[[:digit:]]+"
-+#define CAML_ENTRY    "caml_program"
- 
- typedef struct frame_info
- {
-@@ -12,99 +19,138 @@ typedef struct frame_info
-   void*               retaddr;  /* rip */
- } frame_info;
- 
--jmp_buf resume_buf;
- 
-+/*
-+ * A backtrace symbol looks like:
-+ * ./path/to/binary(camlModule_fn_123+0xAABBCC) [0xAABBCCDDEE]
-+ */
-+static const char* backtrace_symbol(const struct frame_info* fi)
-+{
-+  char** symbols = backtrace_symbols(&fi->retaddr, 1);
-+  if (!symbols) {
-+    perror("backtrace_symbols");
-+    return NULL;
-+  }
- 
--static void signal_handler(int signum)
-+  const char* symbol = strdup(symbols[0]);
-+  free(symbols);
-+  return symbol;
-+}
-+
-+static bool is_from_executable(const char* symbol, const char* execname)
- {
--  /* Should be safe to be called from a signal handler.
--   * See 21.2.1 "Performing a nonlocal goto from a signal handler" from
--   * The Linux Programming Interface, Michael Kerrisk */
--  siglongjmp(resume_buf, 1);
-+  return strncmp(symbol, execname, strlen(execname)) == 0;
- }
- 
--static int install_signal_handlers(const int signals[], struct sigaction
--    handlers[], int count)
-+static regmatch_t func_name_from_symbol(const char* symbol)
- {
--  for (int i = 0; i < count; i++) {
--    struct sigaction action = { 0 };
--    action.sa_handler = signal_handler;
--    sigemptyset(&action.sa_mask);
--    action.sa_flags = 0;
--
--    if (sigaction(signals[i], &action, &handlers[i]) != 0) {
--      perror("sigaction");
--      return -1;
--    }
-+  regex_t     regex;
-+  regmatch_t  match[2] = { {-1, -1}, {-1, -1}};
-+  char        errbuf[128];
-+  int         err;
-+
-+  err = regcomp(&regex, RE_FUNC_NAME, REG_EXTENDED);
-+  if (err) {
-+    regerror(err, &regex, errbuf, ARR_SIZE(errbuf));
-+    fprintf(stderr, "regcomp: %s\n", errbuf);
-+    return match[0];
-   }
--  return 0;
-+
-+  err = regexec(&regex, symbol, ARR_SIZE(match), match, 0);
-+  if (err == REG_NOMATCH)
-+    return match[0];
-+
-+  return match[1];
- }
- 
--static int restore_signal_handlers(const int signals[], struct sigaction
--    handlers[], int count)
-+static bool is_caml_entry(const char* symbol, const regmatch_t* funcname)
- {
--  for (int i = 0; i < count; i++) {
--    if (sigaction(signals[i], &handlers[i], NULL) != 0) {
--      perror("sigaction");
--      return -1;
--    }
--  }
--  return 0;
-+  //regoff_t len = funcname->rm_eo - funcname->rm_so;
-+  //return strnstr(symbol + funcname->rm_so, CAML_ENTRY, len) == 0;
-+  return strstr(symbol + funcname->rm_so, CAML_ENTRY) != NULL;
- }
- 
--static int safe_read(const struct frame_info* fi, struct frame_info** prev,
--    void** retaddr)
-+static regmatch_t trim_func_name(const char* symbol, const regmatch_t* funcname)
- {
--  /* Signals to ignore while attempting to read frame_info members */
--  const int signals[] = { SIGSEGV, SIGBUS };
--  /* Store original signal handers */
--  struct sigaction handlers[ARRSIZE(signals)] = { 0 };
--  int ret = 0;
--
--  if (install_signal_handlers(signals, handlers, ARRSIZE(signals)) != 0)
--    return -1;
--
--  if (!sigsetjmp(resume_buf, 1)) {
--    *prev = fi->prev;
--    *retaddr = fi->retaddr;
--  } else {
--    ret = -1;
-+  regex_t     regex;
-+  regmatch_t  match[2] = { {-1, -1}, {-1, -1}};
-+  char        errbuf[128];
-+  int         err;
-+
-+  err = regcomp(&regex, RE_TRIM_FUNC, REG_EXTENDED);
-+  if (err) {
-+    regerror(err, &regex, errbuf, ARR_SIZE(errbuf));
-+    fprintf(stderr, "regcomp: %s\n", errbuf);
-+    return match[0];
-   }
- 
--  if (restore_signal_handlers(signals, handlers, ARRSIZE(signals)) != 0)
--    return -1;
-+  match[0] = *funcname;
-+  err = regexec(&regex, symbol, ARR_SIZE(match), match, REG_STARTEND);
-+  if (err == REG_NOMATCH) {
-+    /* match[0] has already been overwritten to hold the function full name for
-+       regexec */
-+    return match[1];
-+  }
- 
--  return ret;
-+  return match[1];
- }
- 
--static void print_location(void* addr)
-+static void print_symbol(const char* symbol, const regmatch_t* match)
- {
--  if (!addr)
--    return;
-+  regoff_t off = match->rm_so;
-+  regoff_t len = match->rm_eo - match->rm_so;
- 
--  /* This requires the binary to be linked with '-rdynamic' */
--  backtrace_symbols_fd(&addr, 1, STDOUT_FILENO);
-+  fprintf(stdout, "%.*s\n", len, symbol + off);
-+  fflush(stdout);
- }
- 
--void fp_backtrace(void)
-+void fp_backtrace(value argv0)
- {
--  struct frame_info *fi;
--  struct frame_info* next;
--  void* retaddr;
--
--  fi = __builtin_frame_address(0);
--  retaddr = __builtin_extract_return_addr(__builtin_return_address(0));
--
--  for (; fi; fi = next) {
--    if (safe_read(fi, &next, &retaddr) != 0)
--      return;
-+  const char* execname = String_val(argv0);
-+  struct frame_info* next = NULL;
-+  const char* symbol = NULL;
- 
--    print_location(retaddr);
-+  for (struct frame_info* fi = __builtin_frame_address(0); fi; fi = next) {
-+    next = fi->prev;
- 
-     /* Detect the simplest kind of infinite loop */
-     if (fi == next) {
--      printf("fp_backtrace: loop detected\n");
--      return;
-+      fprintf(stderr, "fp_backtrace: loop detected\n");
-+      break;
-     }
-+
-+    symbol = backtrace_symbol(fi);
-+    if (!symbol)
-+      continue;
-+
-+    /* Skip entries not from the test */
-+    if (!is_from_executable(symbol, execname))
-+      goto skip;
-+
-+    /* Exctract the full function name */
-+    regmatch_t funcname = func_name_from_symbol(symbol);
-+    if (funcname.rm_so == -1)
-+      goto skip;
-+
-+    /* Trim numeric suffix from caml functions */
-+    regmatch_t functrimmed = trim_func_name(symbol, &funcname);
-+
-+    /* Use the trimmed caml name if available, otherwise use the full function
-+       name */
-+    const regmatch_t* match = (functrimmed.rm_so != -1) ?
-+      &functrimmed : &funcname;
-+
-+    print_symbol(symbol, match);
-+
-+    /* Stop the backtrace at caml_program */
-+    if (is_caml_entry(symbol, &funcname))
-+      break;
-+
-+skip:
-+    free((void*)symbol);
-+    symbol = NULL;
-   }
-+
-+  if (symbol)
-+    free((void*)symbol);
- }
-diff --git a/testsuite/tests/frame-pointers/reperform.ml b/testsuite/tests/frame-pointers/reperform.ml
-index 1af8452e5f..da251c98a7 100644
---- a/testsuite/tests/frame-pointers/reperform.ml
-+++ b/testsuite/tests/frame-pointers/reperform.ml
-@@ -11,7 +11,7 @@ all_modules = "${readonly_files} reperform.ml"
- open Effect
- open Effect.Deep
- 
--external fp_backtrace : unit -> unit = "fp_backtrace" [@@noalloc]
-+external fp_backtrace : string -> unit = "fp_backtrace" [@@noalloc]
- 
- type _ Effect.t += E : unit t
-                  | F : unit t
-@@ -22,7 +22,7 @@ let rec foo n =
-     if n = 5 then begin
-       perform E;
-       print_endline "# resumed...";
--      fp_backtrace ()
-+      fp_backtrace Sys.argv.(0)
-     end;
-     foo (n + 1) + n
-   end
-diff --git a/testsuite/tests/frame-pointers/reperform.reference b/testsuite/tests/frame-pointers/reperform.reference
-index 9ac6681d4b..e215f77169 100644
---- a/testsuite/tests/frame-pointers/reperform.reference
-+++ b/testsuite/tests/frame-pointers/reperform.reference
-@@ -15,6 +15,3 @@ camlReperform.bar
- caml_runstack
- camlReperform.entry
- caml_program
--caml_start_program
--caml_main/caml_startup
--main
-diff --git a/testsuite/tests/frame-pointers/reperform.run b/testsuite/tests/frame-pointers/reperform.run
-deleted file mode 100644
-index e96b5ea13a..0000000000
---- a/testsuite/tests/frame-pointers/reperform.run
-+++ /dev/null
-@@ -1,4 +0,0 @@
--#!/bin/sh
--
--${program} 2>&1 \
--  | ${test_source_directory}/filter-locations.sh ${program} >${output}
-diff --git a/testsuite/tests/frame-pointers/stack_realloc.ml b/testsuite/tests/frame-pointers/stack_realloc.ml
-index 79e70c2add..f24e4795d5 100644
---- a/testsuite/tests/frame-pointers/stack_realloc.ml
-+++ b/testsuite/tests/frame-pointers/stack_realloc.ml
-@@ -13,7 +13,7 @@ open Effect.Deep
- 
- type _ t += E : int -> int t
- 
--external fp_backtrace : unit -> unit = "fp_backtrace" [@@noalloc]
-+external fp_backtrace : string -> unit = "fp_backtrace" [@@noalloc]
- external c_fun : unit -> int = "c_fun"
- 
- let[@inline never][@local never] f x = x
-@@ -42,7 +42,7 @@ let[@inline never] consume_stack () =
- 
- let[@inline never] callback () =
-   consume_stack ();
--  fp_backtrace ();
-+  fp_backtrace Sys.argv.(0);
-   0
- 
- let _ = Callback.register "callback" callback
-diff --git a/testsuite/tests/frame-pointers/stack_realloc.reference b/testsuite/tests/frame-pointers/stack_realloc.reference
-index 016a03550a..e61d4104e0 100644
---- a/testsuite/tests/frame-pointers/stack_realloc.reference
-+++ b/testsuite/tests/frame-pointers/stack_realloc.reference
-@@ -7,6 +7,3 @@ camlStack_realloc.f_comp
- caml_runstack
- camlStack_realloc.entry
- caml_program
--caml_start_program
--caml_main/caml_startup
--main
-diff --git a/testsuite/tests/frame-pointers/stack_realloc.run b/testsuite/tests/frame-pointers/stack_realloc.run
-deleted file mode 100644
-index e96b5ea13a..0000000000
---- a/testsuite/tests/frame-pointers/stack_realloc.run
-+++ /dev/null
-@@ -1,4 +0,0 @@
--#!/bin/sh
--
--${program} 2>&1 \
--  | ${test_source_directory}/filter-locations.sh ${program} >${output}
-diff --git a/testsuite/tests/frame-pointers/stack_realloc2.ml b/testsuite/tests/frame-pointers/stack_realloc2.ml
-index a3d21bf2bf..218dd6a1c3 100644
---- a/testsuite/tests/frame-pointers/stack_realloc2.ml
-+++ b/testsuite/tests/frame-pointers/stack_realloc2.ml
-@@ -13,7 +13,7 @@ open Effect.Deep
- 
- type _ t += E : int -> int t
- 
--external fp_backtrace : unit -> unit = "fp_backtrace" [@@noalloc]
-+external fp_backtrace : string -> unit = "fp_backtrace" [@@noalloc]
- external c_fun : unit -> int = "c_fun"
- 
- let[@inline never][@local never] f x = x
-@@ -41,7 +41,7 @@ let[@inline never] consume_stack () =
-   ignore (gobbler count)
- 
- let[@inline never] callback () =
--  fp_backtrace ();
-+  fp_backtrace Sys.argv.(0);
-   0
- 
- let _ = Callback.register "callback" callback
-diff --git a/testsuite/tests/frame-pointers/stack_realloc2.reference b/testsuite/tests/frame-pointers/stack_realloc2.reference
-index ae492abd88..0051f3bad0 100644
---- a/testsuite/tests/frame-pointers/stack_realloc2.reference
-+++ b/testsuite/tests/frame-pointers/stack_realloc2.reference
-@@ -7,6 +7,3 @@ camlStack_realloc2.f_comp
- caml_runstack
- camlStack_realloc2.entry
- caml_program
--caml_start_program
--caml_main/caml_startup
--main
-diff --git a/testsuite/tests/frame-pointers/stack_realloc2.run b/testsuite/tests/frame-pointers/stack_realloc2.run
-deleted file mode 100644
-index e96b5ea13a..0000000000
---- a/testsuite/tests/frame-pointers/stack_realloc2.run
-+++ /dev/null
-@@ -1,4 +0,0 @@
--#!/bin/sh
--
--${program} 2>&1 \
--  | ${test_source_directory}/filter-locations.sh ${program} >${output}
--- 
diff --git a/SPECS/ocaml/0004-Fix-s390x-stack-reallocation-code-in-PIC-mode.patch b/SPECS/ocaml/0004-Fix-s390x-stack-reallocation-code-in-PIC-mode.patch
deleted file mode 100644
index 03eb7d0e8be..00000000000
--- a/SPECS/ocaml/0004-Fix-s390x-stack-reallocation-code-in-PIC-mode.patch
+++ /dev/null
@@ -1,24 +0,0 @@
-From 81d3fb3e20afede32298e4d3e78bcebf6a22858a Mon Sep 17 00:00:00 2001
-From: Vincent Laviron <vincent.laviron@gmail.com>
-Date: Fri, 15 Dec 2023 10:00:52 +0100
-Subject: [PATCH 4/4] Fix s390x stack reallocation code in PIC mode
- 
-(cherry picked from commit c40a955c029a203d0d7f05718e297e66987ec87f)
----
- asmcomp/s390x/emit.mlp | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
- 
-diff --git a/asmcomp/s390x/emit.mlp b/asmcomp/s390x/emit.mlp
-index 35ade079f6..0212cf3b00 100644
---- a/asmcomp/s390x/emit.mlp
-+++ b/asmcomp/s390x/emit.mlp
-@@ -751,7 +751,7 @@ let fundecl fundecl =
-       `  lay  %r15, -8(%r15)\n`;
-       `  stg  %r14, 0(%r15)\n`;
-       `  lgfi %r12, {emit_int s}\n`;
--      `  brasl %r14, {emit_symbol "caml_call_realloc_stack"}\n`;
-+      emit_call "caml_call_realloc_stack";
-       `  lg   %r14, 0(%r15)\n`;
-       `  la  %r15, 8(%r15)\n`;
-       `  brcl 15, {emit_label ret}\n`
--- 
diff --git a/SPECS/ocaml/macros.ocaml-rpm b/SPECS/ocaml/macros.ocaml-rpm
deleted file mode 100644
index 6942e917ace..00000000000
--- a/SPECS/ocaml/macros.ocaml-rpm
+++ /dev/null
@@ -1,69 +0,0 @@
-# Make %files lists from an installed tree of files.
-# Options:
-# -s: separate packaging; every subdirectory of %%{ocamldir}, except stublibs,
-#     is placed in its own package.  This option requires the existence of opam
-#     *.install files in the build tree.
-# -n: suppress creation of a devel subpackage.
-%ocaml_files(sn) %{python3} /usr/lib/rpm/redhat/ocaml_files.py %{-s} %{-n} %{buildroot} %{ocamldir}
-
-# Internal macro holding the common parts of ocaml_install and dune_install
-%ocaml_install_common(sn) %{expand:
-rm -rf %{buildroot}%{_prefix}/doc
-mlis=$(find %{buildroot}%{_libdir}/ocaml -name '*.mli')
-rm -f ${mlis//.mli/.ml}
-%ocaml_files %{-s} %{-n}}
-
-# Install files listed in opam *.install files.
-# Options:
-# -s: separate packaging; every subdirectory of %%{ocamldir}, except stublibs,
-#     is placed in its own package.
-# -n: suppress creation of a devel subpackage.
-%ocaml_install(sn) %{expand:
-%{python3} /usr/lib/rpm/redhat/ocaml_files.py -i %{-s} %{-n} %{buildroot} %{ocamldir}
-%ocaml_install_common %{-s} %{-n}}
-
-# Add smp_mflags to arguments if no -j release option is given.
-# Add --release to arguments if no -p or --release option is given.
-# Add --verbose to arguments if it is not given.
-%dune_add_flags(-) %{lua:
-  has_j = false
-  has_p = false
-  has_v = false
-  for _, flag in pairs(arg) do
-    if flag:find("^-j") then
-      has_j = true
-    elseif flag:find("^-p") or flag:find("^--release)") then
-      has_p = true
-    elseif flag:find("^--verbose") then
-      has_v = true
-    end
-  end
-  if not has_j then
-     table.insert(arg, 1, rpm.expand("%{?_smp_mflags}"))
-  end
-  if not has_p then
-     table.insert(arg, 1, "--release")
-  end
-  if not has_v then
-     table.insert(arg, 1, "--verbose")
-  end
-  print(table.concat(arg, " "))
-}
-
-# Build with dune
-%dune_build(-) dune build %{dune_add_flags %*}
-
-# Run tests with dune
-%dune_check(-) dune runtest %{dune_add_flags %*}
-
-# Install with dune
-# Options:
-# -s: separate packaging; every subdirectory of %%{ocamldir}, except stublibs,
-#     is placed in its own package.
-# -n: suppress creation of a devel subpackage.
-%dune_install(sn) %{expand:
-dune install --destdir=%{buildroot} %{dune_add_flags %*}
-if [ -d _build/default/_doc/_html ]; then
-    find _build/default/_doc/_html -name .dune-keep -delete
-fi
-%ocaml_install_common %{-s} %{-n}}
\ No newline at end of file
diff --git a/SPECS/ocaml/ocaml.signatures.json b/SPECS/ocaml/ocaml.signatures.json
index a3fe0ba1805..fe9762d62f5 100644
--- a/SPECS/ocaml/ocaml.signatures.json
+++ b/SPECS/ocaml/ocaml.signatures.json
@@ -1,7 +1,5 @@
 {
  "Signatures": {
-  "ocaml-5.1.1.tar.gz": "57f7b382b3d71198413ede405d95ef3506f1cdc480cda1dca1e26b37cb090e17",
-  "macros.ocaml-rpm": "c63f72f1386f8ad999daa2dcd3ea203ef07e34bc795e11b70e725a5db7ab026f",
-  "ocaml_files.py": "b1649462b720fb401d491bd5cbe879870a9f50bd99608d6488fc235a0e5f11e3"
+  "ocaml-4.13.1.tar.xz": "931d78dfad5bf938800c7a00eb647a27bbfe465a96a8eaae858ecbdb22e6fde8"
  }
 }
diff --git a/SPECS/ocaml/ocaml.spec b/SPECS/ocaml/ocaml.spec
index 5abbc7b13fa..026a33de12a 100644
--- a/SPECS/ocaml/ocaml.spec
+++ b/SPECS/ocaml/ocaml.spec
@@ -1,130 +1,45 @@
-# Don't add -Wl,-dT,<build dir>
-%undefine _package_note_flags
-
-# OCaml 5.1 broke building with LTO.  A file prims.c is generated with primitive
-# function declarations, all with "void" for their parameter list.  This does
-# not match the real definitions, leading to lots of -Wlto-type-mismatch
-# warnings.  These change the output of the tests, leading to many failed tests.
-%global _lto_cflags %{nil}
-
-# OCaml has a bytecode backend that works on anything with a C
-# compiler, and a native code backend available on a subset of
-# architectures.  A further subset of architectures support native
-# dynamic linking.
-
-%ifarch %{ocaml_native_compiler}
-%global native_compiler 1
-%else
-%global native_compiler 0
-%endif
-
-%ifarch %{ocaml_natdynlink}
-%global natdynlink 1
-%else
-%global natdynlink 0
-%endif
-
-# i686 support was dropped in OCaml 5 / Fedora 39.
-ExcludeArch: %{ix86}
-
-# These are all the architectures that the tests run on.  The tests
-# take a long time to run, so don't run them on slow machines.
-%global test_arches aarch64 %{power64} riscv64 s390x x86_64
-# These are the architectures for which the tests must pass otherwise
-# the build will fail.
-#global test_arches_required aarch64 ppc64le x86_64
-%global test_arches_required NONE
-
-# Architectures where parallel builds fail.
-#global no_parallel_build_arches aarch64
-
-#global rcver +git
-%global rcver %{nil}
-
-Name:           ocaml
-Version:        5.1.1
-Release:        1%{?dist}
+%global __ocaml_requires_opts -c -f '%{buildroot}%{_bindir}/ocamlrun %{buildroot}%{_bindir}/ocamlobjinfo.byte'
+%global __ocaml_provides_opts -f '%{buildroot}%{_bindir}/ocamlrun %{buildroot}%{_bindir}/ocamlobjinfo.byte'
+%global majmin %(echo %{version} | cut -d. -f1-2)
 Summary:        OCaml compiler and programming environment
-License:        LGPL-2.1-or-later WITH OCaml-LGPL-linking-exception
+Name:           ocaml
+Version:        4.13.1
+Release:        3%{?dist}
+License:        QPL and (LGPLv2+ with exceptions)
 Vendor:         Microsoft Corporation
 Distribution:   Azure Linux
 URL:            https://www.ocaml.org
-Source0:        https://github.com/ocaml/ocaml/archive/%{version}/%{name}-%{version}.tar.gz
-Source1:        macros.ocaml-rpm
-Source2:        ocaml_files.py
-
-# IMPORTANT NOTE:
-#
-# These patches are generated from unpacked sources stored in a
-# pagure.io git repository.  If you change the patches here, they will
-# be OVERWRITTEN by the next update.  Instead, request commit access
-# to the pagure project:
-#
-# https://pagure.io/fedora-ocaml
-#
-# Current branch: fedora-40-5.1.1
-#
-# ALTERNATIVELY add a patch to the end of the list (leaving the
-# existing patches unchanged) adding a comment to note that it should
-# be incorporated into the git repo at a later time.
-
-# Fedora-specific patches
-Patch:          0001-Don-t-add-rpaths-to-libraries.patch
-Patch:          0002-configure-Allow-user-defined-C-compiler-flags.patch
-
-# https://github.com/ocaml/ocaml/pull/11594
-Patch:          0003-Update-framepointers-tests-to-avoid-false-positive-w.patch
-
-# https://github.com/ocaml/ocaml/issues/12829
-# https://github.com/ocaml/ocaml/pull/12831
-Patch:          0004-Fix-s390x-stack-reallocation-code-in-PIC-mode.patch
-
-BuildRequires:  make
-BuildRequires:  git
-BuildRequires:  gcc
+Source0:        https://caml.inria.fr/pub/distrib/%{name}-%{majmin}/%{name}-%{version}.tar.xz
+Patch0001:      0001-Don-t-add-rpaths-to-libraries.patch
+Patch0002:      0002-configure-Allow-user-defined-C-compiler-flags.patch
+Patch0003:      0003-configure-Remove-incorrect-assumption-about-cross-co.patch
+Patch0004:      0004-remove-unused-var-in-alloc_aync_stubs.patch
 BuildRequires:  autoconf
+BuildRequires:  binutils-devel
+BuildRequires:  chrpath
 BuildRequires:  gawk
-BuildRequires:  hardlink
+BuildRequires:  gcc
+BuildRequires:  gdbm-devel
+BuildRequires:  git
+BuildRequires:  make
+BuildRequires:  ncurses-devel
 BuildRequires:  perl-interpreter
 BuildRequires:  util-linux
-BuildRequires:  /usr/bin/annocheck
-BuildRequires:  pkgconfig(libzstd)
-
-# Documentation requirements
-BuildRequires:  asciidoc
-BuildRequires:  python3-pygments
-
-# ocamlopt runs gcc to link binaries.  Because Fedora includes
-# hardening flags automatically, redhat-rpm-config is also required.
-# Compressed marshaling requires libzstd-devel.
+%if 0%{?with_check}
+BuildRequires:  diffutils
+%endif
+# ocamlopt runs gcc to link binaries.  Because Azure Linux includes
+# hardening flags automatically, azurelinux-rpm-macros is also required.
+Requires:       azurelinux-rpm-macros
 Requires:       gcc
-Requires:       redhat-rpm-config
-Requires:       libzstd-devel
-
 # Because we pass -c flag to ocaml-find-requires (to avoid circular
 # dependencies) we also have to explicitly depend on the right version
 # of ocaml-runtime.
 Requires:       ocaml-runtime = %{version}-%{release}
-
-# Force ocaml-srpm-macros to be at the latest version, both for builds
-# and installs, since OCaml 5.1 has a different set of native code
-# generators than previous versions.
-BuildRequires:  ocaml-srpm-macros >= 9
-Requires:       ocaml-srpm-macros >= 9
-
-# Bundles an MD5 implementation in runtime/caml/md5.h and runtime/md5.c
+# Bundles an MD5 implementation in byterun/md5.{c,h}
 Provides:       bundled(md5-plumb)
-
 Provides:       ocaml(compiler) = %{version}
 
-%if %{native_compiler}
-%global __ocaml_requires_opts -c -f '%{buildroot}%{_bindir}/ocamlrun %{buildroot}%{_bindir}/ocamlobjinfo.byte'
-%else
-%global __ocaml_requires_opts -c -f '%{buildroot}%{_bindir}/ocamlrun %{buildroot}%{_bindir}/ocamlobjinfo.byte' -i Backend_intf -i Inlining_decision_intf -i Simplify_boxed_integer_ops_intf
-%endif
-%global __ocaml_provides_opts -f '%{buildroot}%{_bindir}/ocamlrun %{buildroot}%{_bindir}/ocamlobjinfo.byte'
-
-
 %description
 OCaml is a high-level, strongly-typed, functional and object-oriented
 programming language from the ML family of languages.
@@ -134,12 +49,7 @@ and an optimizing native-code compiler), an interactive toplevel system,
 parsing tools (Lex,Yacc), a replay debugger, a documentation generator,
 and a comprehensive library.
 
-
-%package runtime
-# LGPL-2.1-or-later WITH OCaml-LGPL-linking-exception: the project as a whole
-# LicenseRef-Fedora-Public-Domain: the MD5 implementation in runtime/caml/md5.h
-#   and runtime/md5.c
-License:        LGPL-2.1-or-later WITH OCaml-LGPL-linking-exception AND LicenseRef-Fedora-Public-Domain
+%package        runtime
 Summary:        OCaml runtime environment
 Requires:       util-linux
 Provides:       ocaml(runtime) = %{version}
@@ -151,45 +61,35 @@ programming language from the ML family of languages.
 This package contains the runtime environment needed to run OCaml
 bytecode.
 
-
-%package source
+%package        source
 Summary:        Source code for OCaml libraries
 Requires:       ocaml = %{version}-%{release}
 
 %description source
 Source code for OCaml libraries.
 
-
-%package ocamldoc
-# LGPL-2.1-or-later WITH OCaml-LGPL-linking-exception: the project as a whole
-# LicenseRef-Fedora-Public-Domain: ocamldoc/ocamldoc.sty
-License:        LGPL-2.1-or-later WITH OCaml-LGPL-linking-exception AND LicenseRef-Fedora-Public-Domain
+%package        ocamldoc
 Summary:        Documentation generator for OCaml
 Requires:       ocaml = %{version}-%{release}
-Provides:       ocamldoc = %{version}
+Provides:       ocamldoc = %{version}-%{release}
 
 %description ocamldoc
 Documentation generator for OCaml.
 
-
 %package        docs
 Summary:        Documentation for OCaml
-BuildArch:      noarch
 Requires:       ocaml = %{version}-%{release}
 
-
 %description docs
 OCaml is a high-level, strongly-typed, functional and object-oriented
 programming language from the ML family of languages.
 
 This package contains man pages.
 
-
 %package        compiler-libs
 Summary:        Compiler libraries for OCaml
 Requires:       ocaml = %{version}-%{release}
 
-
 %description compiler-libs
 OCaml is a high-level, strongly-typed, functional and object-oriented
 programming language from the ML family of languages.
@@ -199,208 +99,123 @@ compilers, useful for the development of some OCaml applications.
 Note that this exposes internal details of the OCaml compiler which
 may not be portable between versions.
 
-
-%package        rpm-macros
-# LGPL-2.1-or-later WITH OCaml-LGPL-linking-exception: the project as a whole
-# BSD-3-Clause: ocaml_files.py
-License:        LGPL-2.1-or-later WITH OCaml-LGPL-linking-exception AND BSD-3-Clause
-Summary:        RPM macros for building OCaml packages
-BuildArch:      noarch
-Requires:       ocaml = %{version}-%{release}
-Requires:       python3
-
-
-%description rpm-macros
-This package contains macros that are useful for building OCaml RPMs.
-
-
 %prep
-%autosetup -S git -n %{name}-%{version}%{rcver}
+%autosetup -p1
 # Patches touch configure.ac, so rebuild it:
 autoconf --force
 
-
 %build
-%ifnarch %{no_parallel_build_arches}
-make="%make_build"
-%else
-unset MAKEFLAGS
-make=make
-%endif
-
-# Set ocamlmklib default flags to include Fedora linker flags
-sed -i '/ld_opts/s|\[\]|["%{build_ldflags}"]|' tools/ocamlmklib.ml
-
-# Expose a dependency on the math library
-sed -i '/^EXTRACAMLFLAGS=/aLINKOPTS=-cclib -lm' otherlibs/unix/Makefile
-
-# Don't use %%configure macro because it sets --build, --host which
-# breaks some incorrect assumptions made by OCaml's configure.ac
-#
-# See also:
-# https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org/thread/2O4HBOK6PTQZAFAVIRDVMZGG2PYB2QHM/
-# https://github.com/ocaml/ocaml/issues/8647
-#
 # We set --libdir to the unusual directory because we want OCaml to
 # install its libraries and other files into a subdirectory.
 #
+# Force --host because of:
+# https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org/thread/2O4HBOK6PTQZAFAVIRDVMZGG2PYB2QHM/
+# (see also https://github.com/ocaml/ocaml/issues/8647)
+#
 # OC_CFLAGS/OC_LDFLAGS control what flags OCaml passes to the linker
 # when doing final linking of OCaml binaries.  Setting these is
-# necessary to ensure that generated binaries have Fedora hardening
+# necessary to ensure that generated binaries have Azure Linux hardening
 # features.
-./configure \
-    --prefix=%{_prefix} \
-    --sysconfdir=%{_sysconfdir} \
-    --mandir=%{_mandir} \
-    --libdir=%{_libdir}/ocaml \
-    --enable-flambda \
-%if %{native_compiler}
-    --enable-native-compiler \
-    --enable-native-toplevel \
-%else
-    --disable-native-compiler \
-    --disable-native-toplevel \
-%endif
-%ifarch x86_64
-%if 0%{?_include_frame_pointers}
-    --enable-frame-pointers \
-%endif
-%endif
-%ifarch %{test_arches}
+%configure \
+    OC_CFLAGS="$CFLAGS" \
+    OC_LDFLAGS="$LDFLAGS" \
+%if 0%{?with_check}
     --enable-ocamltest \
-%else
-    --disable-ocamltest \
-%endif
-    OC_CFLAGS='%{build_cflags}' \
-    OC_LDFLAGS='%{build_ldflags}' \
-    %{nil}
-$make world
-%if %{native_compiler}
-$make opt
-$make opt.opt
-%endif
-
-# Build the README and fix up references to other doc files
-asciidoc -d book README.adoc
-for fil in CONTRIBUTING.md HACKING.adoc INSTALL.adoc README.win32.adoc; do
-  sed -e "s,\"$fil\",\"https://github.com/ocaml/ocaml/blob/trunk/$fil\"," \
-      -i README.html
-done
-
-
-%check
-%ifarch %{ocaml_native_compiler}
-# For information only, compile a binary and dump the annocheck data
-# from it.  Useful so we know if hardening is being enabled, but don't
-# fail because not every hardening feature can be enabled here.
-echo 'print_endline "hello, world"' > hello.ml
-./ocamlopt.opt -verbose -I stdlib hello.ml -o hello ||:
-annocheck -v hello ||:
-%endif
-
-%ifarch %{test_arches}
-%ifarch %{test_arches_required}
-make -j1 tests
-%else
-make -j1 tests ||:
-%endif
 %endif
+    --libdir=%{_libdir}/ocaml \
+    --host=`./build-aux/config.guess`
 
+%make_build world
+%make_build opt
+%make_build opt.opt
 
 %install
 %make_install
-perl -pi -e "s|^$RPM_BUILD_ROOT||" $RPM_BUILD_ROOT%{_libdir}/ocaml/ld.conf
-
-echo %{version} > $RPM_BUILD_ROOT%{_libdir}/ocaml/fedora-ocaml-release
+perl -pi -e "s|^%{buildroot}||" %{buildroot}%{_libdir}/ocaml/ld.conf
 
-# Remove the installed documentation.  We will install it using %%doc
-rm -rf $RPM_BUILD_ROOT%{_docdir}/ocaml
+echo %{version} > %{buildroot}%{_libdir}/ocaml/fedora-ocaml-release
 
-mkdir -p $RPM_BUILD_ROOT%{_rpmmacrodir}
-install -m 0644 %{SOURCE1} $RPM_BUILD_ROOT%{_rpmmacrodir}/macros.ocaml-rpm
+# Remove rpaths from stublibs .so files.
+chrpath --delete %{buildroot}%{_libdir}/ocaml/stublibs/*.so
 
-mkdir -p $RPM_BUILD_ROOT%{_rpmconfigdir}/azl
-install -m 0644 %{SOURCE2} $RPM_BUILD_ROOT%{_rpmconfigdir}/azl
+find %{buildroot} -type f -name "*.la" -delete -print
 
-# Link, rather than copy, identical binaries
-hardlink -t $RPM_BUILD_ROOT%{_libdir}/ocaml/stublibs
+# Remove .cmt and .cmti files, for now.  We could package them later.
+# See also: http://www.ocamlpro.com/blog/2012/08/20/ocamlpro-and-4.00.0.html
+find %{buildroot} \( -name '*.cmt' -o -name '*.cmti' \) -a -delete -print
 
+%check
+cd testsuite
+make -j1 all
 
 %files
 %license LICENSE
 %{_bindir}/ocaml
 
 %{_bindir}/ocamlcmt
-%{_bindir}/ocamlcp
 %{_bindir}/ocamldebug
-%{_bindir}/ocamlmklib
-%{_bindir}/ocamlmktop
-%{_bindir}/ocamlprof
 %{_bindir}/ocamlyacc
 
 # symlink to either .byte or .opt version
 %{_bindir}/ocamlc
+%{_bindir}/ocamlcp
 %{_bindir}/ocamldep
 %{_bindir}/ocamllex
+%{_bindir}/ocamlmklib
+%{_bindir}/ocamlmktop
 %{_bindir}/ocamlobjinfo
+%{_bindir}/ocamloptp
+%{_bindir}/ocamlprof
 
 # bytecode versions
 %{_bindir}/ocamlc.byte
+%{_bindir}/ocamlcp.byte
 %{_bindir}/ocamldep.byte
 %{_bindir}/ocamllex.byte
+%{_bindir}/ocamlmklib.byte
+%{_bindir}/ocamlmktop.byte
 %{_bindir}/ocamlobjinfo.byte
+%{_bindir}/ocamloptp.byte
+%{_bindir}/ocamlprof.byte
 
-%if %{native_compiler}
 # native code versions
 %{_bindir}/ocamlc.opt
+%{_bindir}/ocamlcp.opt
 %{_bindir}/ocamldep.opt
 %{_bindir}/ocamllex.opt
+%{_bindir}/ocamlmklib.opt
+%{_bindir}/ocamlmktop.opt
 %{_bindir}/ocamlobjinfo.opt
-%endif
-
-%if %{native_compiler}
-%{_bindir}/ocamlnat
+%{_bindir}/ocamloptp.opt
+%{_bindir}/ocamlprof.opt
 %{_bindir}/ocamlopt
 %{_bindir}/ocamlopt.byte
 %{_bindir}/ocamlopt.opt
-%{_bindir}/ocamloptp
-%endif
 
 %{_libdir}/ocaml/camlheader
 %{_libdir}/ocaml/camlheader_ur
 %{_libdir}/ocaml/expunge
+%{_libdir}/ocaml/eventlog_metadata
+%{_libdir}/ocaml/extract_crc
 %{_libdir}/ocaml/ld.conf
 %{_libdir}/ocaml/Makefile.config
-
 %{_libdir}/ocaml/*.a
-%if %{native_compiler}
+%{_libdir}/ocaml/*.cmxs
 %{_libdir}/ocaml/*.cmxa
 %{_libdir}/ocaml/*.cmx
 %{_libdir}/ocaml/*.o
 %{_libdir}/ocaml/libasmrun_shared.so
-%endif
 %{_libdir}/ocaml/*.mli
-%{_libdir}/ocaml/sys.ml.in
 %{_libdir}/ocaml/libcamlrun_shared.so
-
-%{_libdir}/ocaml/{dynlink,runtime_events,str,threads,unix}/*.mli
-%if %{native_compiler}
-%{_libdir}/ocaml/{dynlink,runtime_events,str,threads,unix}/*.a
-%{_libdir}/ocaml/{dynlink,runtime_events,str,threads,unix}/*.cmxa
-%{_libdir}/ocaml/{dynlink,profiling,runtime_events,str,threads,unix}/*.cmx
-%{_libdir}/ocaml/profiling/*.o
-%endif
-%if %{natdynlink}
-%{_libdir}/ocaml/{runtime_events,str,unix}/*.cmxs
-%endif
-
-# headers
+%{_libdir}/ocaml/threads/*.mli
+%{_libdir}/ocaml/threads/*.a
+%{_libdir}/ocaml/threads/*.cmxa
+%{_libdir}/ocaml/threads/*.cmx
 %{_libdir}/ocaml/caml
 
-
 %files runtime
-%doc README.html Changes
 %license LICENSE
+%doc README.adoc Changes
 %{_bindir}/ocamlrun
 %{_bindir}/ocamlrund
 %{_bindir}/ocamlruni
@@ -411,39 +226,14 @@ hardlink -t $RPM_BUILD_ROOT%{_libdir}/ocaml/stublibs
 %{_libdir}/ocaml/camlheaderd
 %{_libdir}/ocaml/camlheaderi
 %{_libdir}/ocaml/stublibs
-%dir %{_libdir}/ocaml/dynlink
-%{_libdir}/ocaml/dynlink/META
-%{_libdir}/ocaml/dynlink/*.cmi
-%{_libdir}/ocaml/dynlink/*.cma
-%dir %{_libdir}/ocaml/profiling
-%{_libdir}/ocaml/profiling/*.cmo
-%{_libdir}/ocaml/profiling/*.cmi
-%dir %{_libdir}/ocaml/runtime_events
-%{_libdir}/ocaml/runtime_events/META
-%{_libdir}/ocaml/runtime_events/*.cmi
-%{_libdir}/ocaml/runtime_events/*.cma
-%{_libdir}/ocaml/stdlib
-%dir %{_libdir}/ocaml/str
-%{_libdir}/ocaml/str/META
-%{_libdir}/ocaml/str/*.cmi
-%{_libdir}/ocaml/str/*.cma
 %dir %{_libdir}/ocaml/threads
-%{_libdir}/ocaml/threads/META
 %{_libdir}/ocaml/threads/*.cmi
 %{_libdir}/ocaml/threads/*.cma
-%dir %{_libdir}/ocaml/unix
-%{_libdir}/ocaml/unix/META
-%{_libdir}/ocaml/unix/*.cmi
-%{_libdir}/ocaml/unix/*.cma
 %{_libdir}/ocaml/fedora-ocaml-release
 
-
 %files source
 %license LICENSE
 %{_libdir}/ocaml/*.ml
-%{_libdir}/ocaml/*.cmt*
-%{_libdir}/ocaml/*/*.cmt*
-
 
 %files ocamldoc
 %license LICENSE
@@ -451,28 +241,23 @@ hardlink -t $RPM_BUILD_ROOT%{_libdir}/ocaml/stublibs
 %{_bindir}/ocamldoc*
 %{_libdir}/ocaml/ocamldoc
 
-
 %files docs
 %{_mandir}/man1/*
 %{_mandir}/man3/*
 
-
 %files compiler-libs
 %license LICENSE
-%{_libdir}/ocaml/compiler-libs
-
-
-%files rpm-macros
-%{_rpmmacrodir}/macros.ocaml-rpm
-%{_rpmconfigdir}/azl/ocaml_files.py
-
+%dir %{_libdir}/ocaml/compiler-libs
+%{_libdir}/ocaml/compiler-libs/*.mli
+%{_libdir}/ocaml/compiler-libs/*.cmi
+%{_libdir}/ocaml/compiler-libs/*.cmo
+%{_libdir}/ocaml/compiler-libs/*.cma
+%{_libdir}/ocaml/compiler-libs/*.a
+%{_libdir}/ocaml/compiler-libs/*.cmxa
+%{_libdir}/ocaml/compiler-libs/*.cmx
+%{_libdir}/ocaml/compiler-libs/*.o
 
 %changelog
-* Fri Mar 08 2024 Mykhailo Bykhovtsev <mbykhovtsev@microsoft.com> - 5.1.1-1
-- Upgraded ocaml to 5.1.1
-- Importing and adopting spec changes from Fedora (License: MIT).
-- Removed unused patch files and added new.
-
 * Thu Feb 22 2024 Pawel Winogrodzki <pawelwi@microsoft.com> - 4.13.1-3
 - Updating naming for 3.0 version of Azure Linux.
 
diff --git a/SPECS/ocaml/ocaml_files.py b/SPECS/ocaml/ocaml_files.py
deleted file mode 100644
index cbcacd950e9..00000000000
--- a/SPECS/ocaml/ocaml_files.py
+++ /dev/null
@@ -1,451 +0,0 @@
-# Copyright 2022-3, Jerry James
-#
-# Redistribution and use in source and binary forms, with or without
-# modification, are permitted provided that the following conditions
-# are met:
-#
-# 1. Redistributions of source code must retain the above copyright
-#    notice, this list of conditions and the following disclaimer.
-# 2. Redistributions in binary form must reproduce the above copyright
-#    notice, this list of conditions and the following disclaimer in the
-#    documentation and/or other materials provided with the
-#    distribution.
-# 3. Neither the name of Red Hat nor the names of its
-#    contributors may be used to endorse or promote products derived
-#    from this software without specific prior written permission.
-#
-# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
-# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
-# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
-# A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
-# OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
-# LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
-# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
-# THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
-# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
-# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
-
-import argparse
-import os
-import shutil
-import string
-import sys
-from collections.abc import Iterable, Iterator
-from enum import Enum, auto
-from typing import Callable, final
-
-# Version of this script
-version=2
-
-#
-# BUILDROOT CATEGORIZATION
-#
-
-# Directories to ignore when generating %dir entries
-root_dirs: set[str] = {
-    '/',
-    '/etc',
-    '/usr',
-    '/usr/bin',
-    '/usr/lib',
-    '/usr/lib/ocaml',
-    '/usr/lib/ocaml/caml',
-    '/usr/lib/ocaml/stublibs',
-    '/usr/lib/ocaml/threads',
-    '/usr/lib64',
-    '/usr/lib64/ocaml',
-    '/usr/lib64/ocaml/caml',
-    '/usr/lib64/ocaml/stublibs',
-    '/usr/lib64/ocaml/threads',
-    '/usr/libexec',
-    '/usr/sbin',
-    '/usr/share',
-    '/usr/share/doc'
-}
-
-def find_buildroot_toplevel(buildroot: str) -> list[str]:
-    """Find toplevel files and directories in the buildroot.
-
-    :param str buildroot: path to the buildroot
-    :return: a list of toplevel files and directories in the buildroot
-    """
-    bfiles: list[str] = []
-    for path, dirs, files in os.walk(buildroot):
-        for i in range(len(dirs) - 1, -1, -1):
-            d = os.path.join(path, dirs[i])[len(buildroot):]
-            if d not in root_dirs and not d.startswith('/usr/share/man'):
-                bfiles.append(d)
-                del dirs[i]
-        for f in files:
-            realfile = os.path.join(path, f)[len(buildroot):]
-            if realfile.startswith('/usr/share/man'):
-                bfiles.append(realfile + '*')
-            else:
-                bfiles.append(realfile)
-    return bfiles
-
-# File suffixes that go into a devel subpackage
-dev_suffixes: set[str] = {
-    'a', 'cmo', 'cmt', 'cmti', 'cmx', 'cmxa', 'h', 'idl', 'ml', 'mli', 'o'
-}
-
-def is_devel_file(filname: str) -> bool:
-    """Determine whether a file belongs to a devel subpackage.
-
-    :param str filname: the filename to check
-    :return: True if the file belongs to a devel subpackage, else False
-    """
-    return (filname == 'dune-package' or filname == 'opam' or
-            (os.path.splitext(filname)[1][1:] in dev_suffixes
-             and not filname.endswith('_top_init.ml')))
-
-def find_buildroot_all(buildroot: str, devel: bool, add_star: bool) -> list[set[str]]:
-    """Find all files and directories in the buildroot and optionally
-    categorize them as 'main' or 'devel'.
-
-    :param Namespace args: parsed command line arguments
-    :param bool devel: True to split into 'main' and 'devel', False otherwise
-    :param bool add_star: True to add a star to man page filenames
-    :return: a list of files and directories, in this order: main files,
-        main directories, devel files, and devel directories
-    """
-    bfiles: list[set[str]] = [set(), set(), set()]
-    bdirs: set[str] = set()
-    for path, dirs, files in os.walk(buildroot):
-        for d in dirs:
-            realdir = os.path.join(path, d)[len(buildroot):]
-            if realdir not in root_dirs and not realdir.startswith('/usr/share/man'):
-                bdirs.add(realdir)
-        for f in files:
-            realfile = os.path.join(path, f)[len(buildroot):]
-            if devel and is_devel_file(os.path.basename(realfile)):
-                bfiles[2].add(realfile)
-            else:
-                if add_star and realfile.startswith('/usr/share/man'):
-                    bfiles[0].add(realfile + '*')
-                else:
-                    bfiles[0].add(realfile)
-                parentdir = os.path.dirname(realfile)
-                if parentdir in bdirs:
-                    bfiles[1].add(parentdir)
-                    bdirs.remove(parentdir)
-                    # Catch intermediate directories, as in ocaml-mtime
-                    parentdir = os.path.dirname(parentdir)
-                    if parentdir in bdirs:
-                        bfiles[1].add(parentdir)
-                        bdirs.remove(parentdir)
-    bfiles.append(bdirs)
-    return bfiles
-
-#
-# INSTALL FILE LEXER AND PARSER
-#
-
-class TokenType(Enum):
-    """The types of tokens that can appear in an opam *.install file."""
-    ERROR  = auto()
-    COLON  = auto()
-    LBRACE = auto()
-    RBRACE = auto()
-    LBRACK = auto()
-    RBRACK = auto()
-    STRING = auto()
-    FIELD  = auto()
-
-@final
-class InstallFileLexer(Iterator[tuple[TokenType, str]]):
-    """Convert an opam *.install file into a sequence of tokens."""
-    __slots__ = ['index', 'text']
-
-    def __init__(self, filname: str) -> None:
-        """Create an opam *.install file lexer.
-
-        :param str filname: the name of the file to read from
-        """
-        self.index = 0
-        with open(filname, 'r') as f:
-            # Limit reads to 4 MB in case this file is bogus.
-            # Most install files are under 4K.
-            self.text = f.read(4194304)
-
-    def skip_whitespace(self) -> None:
-        """Skip over whitespace in the input."""
-        while self.index < len(self.text) and \
-              (self.text[self.index] == '#' or
-               self.text[self.index] in string.whitespace):
-            if self.text[self.index] == '#':
-                while (self.index < len(self.text) and
-                       self.text[self.index] != '\n' and
-                       self.text[self.index] != '\r'):
-                    self.index += 1
-            else:
-                self.index += 1
-
-    def __next__(self) -> tuple[TokenType, str]:
-        """Get the next token from the opam *.install file.
-
-        :return: a pair containing the type and text of the next token
-        """
-        self.skip_whitespace()
-        if self.index < len(self.text):
-            ch = self.text[self.index]
-            if ch == ':':
-                self.index += 1
-                return (TokenType.COLON, ch)
-            if ch == '{':
-                self.index += 1
-                return (TokenType.LBRACE, ch)
-            if ch == '}':
-                self.index += 1
-                return (TokenType.RBRACE, ch)
-            if ch == '[':
-                self.index += 1
-                return (TokenType.LBRACK, ch)
-            if ch == ']':
-                self.index += 1
-                return (TokenType.RBRACK, ch)
-            if ch == '"':
-                start = self.index + 1
-                end = start
-                while end < len(self.text) and self.text[end] != '"':
-                    end += 2 if self.text[end] == '\\' else 1
-                self.index = end + 1
-                return (TokenType.STRING, self.text[start:end])
-            if ch in string.ascii_letters:
-                start = self.index
-                end = start + 1
-                while (end < len(self.text) and
-                       (self.text[end] == '_' or
-                        self.text[end] in string.ascii_letters)):
-                    end += 1
-                self.index = end
-                return (TokenType.FIELD, self.text[start:end])
-            return (TokenType.ERROR, ch)
-        else:
-            raise StopIteration
-
-@final
-class InstallFileParser(Iterable[tuple[str, bool, str, str]]):
-    """Parse opam *.install files."""
-
-    __slots__ = ['pkgname', 'lexer', 'libdir']
-
-    def __init__(self, filname: str, libdir: str) -> None:
-        """Initialize an OCaml .install file parser.
-
-        :param str filname: name of the .install file to parse
-        :param str libdir: the OCaml library directory
-        """
-        self.pkgname = os.path.splitext(os.path.basename(filname))[0]
-        self.lexer = InstallFileLexer(filname)
-        self.libdir = libdir
-
-    def __iter__(self) -> Iterator[tuple[str, bool, str, str]]:
-        """Parse a .install file.
-        If there are any parse errors, we assume this file is not really an
-        opam .install file and abandon the parse.
-        """
-        # Map opam installer names to directories
-        opammap: dict[str, str] = {
-            'lib': os.path.join(self.libdir, self.pkgname),
-            'lib_root': self.libdir,
-            'libexec': os.path.join(self.libdir, self.pkgname),
-            'libexec_root': self.libdir,
-            'bin': '/usr/bin',
-            'sbin': '/usr/sbin',
-            'toplevel': os.path.join(self.libdir, 'toplevel'),
-            'share': os.path.join('/usr/share', self.pkgname),
-            'share_root': '/usr/share',
-            'etc': os.path.join('/etc', self.pkgname),
-            'doc': os.path.join('/usr/doc', self.pkgname),
-            'stublibs': os.path.join(self.libdir, 'stublibs'),
-            'man': '/usr/share/man'
-        }
-
-        # Parse the file
-        try:
-            toktyp, token = next(self.lexer)
-            while toktyp == TokenType.FIELD:
-                libname = token
-                toktyp, token = next(self.lexer)
-                if toktyp != TokenType.COLON:
-                    return
-
-                toktyp, token = next(self.lexer)
-                if toktyp != TokenType.LBRACK:
-                    return
-
-                directory = opammap.get(libname)
-                if not directory:
-                    return
-
-                toktyp, token = next(self.lexer)
-                while toktyp == TokenType.STRING:
-                    source = token
-                    optional = source[0] == '?'
-                    if optional:
-                        source = source[1:]
-                    nexttp, nexttk = next(self.lexer)
-                    if nexttp == TokenType.LBRACE:
-                        nexttp, nexttk = next(self.lexer)
-                        if nexttp == TokenType.STRING:
-                            filname = os.path.join(directory, nexttk)
-                            bracetp, bractk = next(self.lexer)
-                            if bracetp != TokenType.RBRACE:
-                                return
-                            nexttp, nexttk = next(self.lexer)
-                        else:
-                            return
-                    elif libname == 'man':
-                        index = token.rfind('.')
-                        if index < 0:
-                            return
-                        mandir = os.path.join(directory, 'man' + token[index+1:])
-                        filname = os.path.join(mandir, os.path.basename(token))
-                    else:
-                        filname = os.path.join(directory, os.path.basename(token))
-                    toktyp, token = nexttp, nexttk
-                    yield (self.pkgname, optional, source, filname)
-
-                if toktyp != TokenType.RBRACK:
-                    return
-                toktyp, token = next(self.lexer)
-        except StopIteration:
-            return
-
-def install_files(buildroot: str, libdir: str) -> None:
-    """Install the files listed in opam .install files in the buildroot.
-
-    For some projects, there are install files in both the project root
-    directory and somewhere under "_build", so be careful not to parse the same
-    install file twice.
-
-    :param str buildroot: path to the buildroot
-    :param str libdir: the OCaml library directory
-    """
-    install_files = set()
-    for path, dirs, files in os.walk('.'):
-        for f in files:
-            if f.endswith('.install') and f not in install_files:
-                install_files.add(f)
-                parser = InstallFileParser(os.path.join(path, f), libdir)
-                for _, optional, source, filname in parser:
-                    if not optional or os.path.exists(source):
-                        installpath = os.path.join(buildroot, filname[1:])
-                        os.makedirs(os.path.dirname(installpath), exist_ok=True)
-                        shutil.copy2(source, installpath)
-
-def get_package_map(buildroot: str, libdir: str, devel: bool) -> dict[str, set[str]]:
-    """Create a map from package names to installed files from the opam .install
-    files in the buildroot.
-
-    For some projects, there are install files in both the project root
-    directory and somewhere under "_build", so be careful not to parse the same
-    install file twice."""
-
-    pmap: dict[str, set[str]] = dict()
-    install_files = set()
-
-    def add_pkg(pkgname: str, filname: str) -> None:
-        """Add a mapping from a package name to a filename.
-
-        :param str pkgname: the package that acts as the map key
-        :param str filname: the filename to add to the package set
-        """
-        if pkgname not in pmap:
-            pmap[pkgname] = set()
-        pmap[pkgname].add(filname)
-
-    installed = find_buildroot_all(buildroot, devel, False)
-    for path, dirs, files in os.walk('.'):
-        for f in files:
-            if f.endswith('.install') and f not in install_files:
-                install_files.add(f)
-                parser = InstallFileParser(os.path.join(path, f), libdir)
-                for pkgname, _, _, filname in parser:
-                    if filname in installed[0]:
-                        if filname.startswith('/usr/share/man'):
-                            add_pkg(pkgname, filname + '*')
-                        else:
-                            add_pkg(pkgname, filname)
-                            dirname = os.path.dirname(filname)
-                            if dirname in installed[1]:
-                                add_pkg(pkgname, '%dir ' + dirname)
-                                installed[1].remove(dirname)
-                    elif filname in installed[2]:
-                        if filname.startswith('/usr/share/man'):
-                            add_pkg(pkgname + '-devel', filname + '*')
-                        else:
-                            add_pkg(pkgname + '-devel', filname)
-                            dirname = os.path.dirname(filname)
-                            if dirname in installed[3]:
-                                add_pkg(pkgname + '-devel', '%dir ' + dirname)
-                                installed[3].remove(dirname)
-    return pmap
-
-#
-# MAIN INTERFACE
-#
-
-def ocaml_files(no_devel: bool, separate: bool, install: bool, buildroot: str,
-                libdir: str) -> None:
-    """Generate %files lists from an installed buildroot.
-
-    :param bool no_devel: False to split files into a main package and a devel
-        package
-    :param bool separate: True to place each OCaml module in an RPM package
-    :param bool install: True to install files, False to generate %files
-    :param str buildroot: the installed buildroot
-    :param str libdir: the OCaml library directory
-    """
-    if install:
-        install_files(buildroot, libdir)
-    elif separate:
-        pkgmap = get_package_map(buildroot, libdir, not no_devel)
-        for pkg in pkgmap:
-            with open('.ofiles-' + pkg, 'w') as f:
-                for entry in pkgmap[pkg]:
-                    f.write(entry + '\n')
-    elif no_devel:
-        with open('.ofiles', 'w') as f:
-            for entry in find_buildroot_toplevel(buildroot):
-                f.write(entry + '\n')
-    else:
-        files = find_buildroot_all(buildroot, True, True)
-        with open('.ofiles', 'w') as f:
-            for entry in files[0]:
-                f.write(entry + '\n')
-            for entry in files[1]:
-                f.write('%dir ' + entry + '\n')
-        with open('.ofiles-devel', 'w') as f:
-            for entry in files[2]:
-                f.write(entry + '\n')
-            for entry in files[3]:
-                f.write('%dir ' + entry + '\n')
-
-if __name__ == "__main__":
-    parser = argparse.ArgumentParser(description='Support for building OCaml RPM packages')
-    parser.add_argument('-i', '--install',
-                        action='store_true',
-                        default=False,
-                        help='install files instead of generating %files')
-    parser.add_argument('-n', '--no-devel',
-                        action='store_true',
-                        default=False,
-                        help='suppress creation of a devel subpackage')
-    parser.add_argument('-s', '--separate',
-                        action='store_true',
-                        default=False,
-                        help='separate packaging.  Each OCaml module is in a distinct RPM package.  All modules are in a single RPM package by default.')
-    parser.add_argument('-v', '--version',
-                        action='version',
-                        version=f'%(prog)s {str(version)}')
-    parser.add_argument('buildroot', help='RPM build root')
-    parser.add_argument('libdir', help='OCaml library directory')
-    args = parser.parse_args()
-    ocaml_files(args.no_devel,
-                args.separate,
-                args.install,
-                args.buildroot,
-                args.libdir)
\ No newline at end of file
diff --git a/cgmanifest.json b/cgmanifest.json
index c128921ef85..68df4088f4e 100644
--- a/cgmanifest.json
+++ b/cgmanifest.json
@@ -195,8 +195,8 @@
         "type": "other",
         "other": {
           "name": "annobin",
-          "version": "12.49",
-          "downloadUrl": "https://nickc.fedorapeople.org/annobin-12.49.tar.xz"
+          "version": "9.27",
+          "downloadUrl": "https://nickc.fedorapeople.org/annobin-9.27.tar.xz"
         }
       }
     },
@@ -14402,8 +14402,8 @@
         "type": "other",
         "other": {
           "name": "ocaml",
-          "version": "5.1.1",
-          "downloadUrl": "https://github.com/ocaml/ocaml/archive/5.1.1/ocaml-5.1.1.tar.gz"
+          "version": "4.13.1",
+          "downloadUrl": "https://caml.inria.fr/pub/distrib/ocaml-4.13.1/ocaml-4.13.1.tar.xz"
         }
       }
     },

From 1dec206825c40471f9ae0359976ff461956760c7 Mon Sep 17 00:00:00 2001
From: Muhammad Falak R Wani <falakreyaz@gmail.com>
Date: Fri, 26 Apr 2024 11:34:37 +0530
Subject: [PATCH 49/62] fio: upgrade 3.30 -> 3.37 (#7092)

Signed-off-by: Muhammad Falak R Wani <falakreyaz@gmail.com>
---
 SPECS/fio/fio.signatures.json | 3 ++-
 SPECS/fio/fio.spec            | 7 +++++--
 cgmanifest.json               | 4 ++--
 3 files changed, 9 insertions(+), 5 deletions(-)

diff --git a/SPECS/fio/fio.signatures.json b/SPECS/fio/fio.signatures.json
index 02ea05afa8d..9bbb08c6791 100644
--- a/SPECS/fio/fio.signatures.json
+++ b/SPECS/fio/fio.signatures.json
@@ -1,5 +1,6 @@
 {
  "Signatures": {
-  "fio-3.30.tar.bz2": "a6f4c0181112588a826b36ee634d5476dd562b7d19ac9c239abd1dabe3dc51e2"
+  "fio-3.37.tar.bz2": "88f0fd6549ca07f7387e784a91706ab11e36d5c12ec26540f1b2d33c6f2d8327"
  }
 }
+
diff --git a/SPECS/fio/fio.spec b/SPECS/fio/fio.spec
index 625813a331b..fcbafc2ad15 100644
--- a/SPECS/fio/fio.spec
+++ b/SPECS/fio/fio.spec
@@ -1,7 +1,7 @@
 Summary:        Multithreaded IO generation tool
 Name:           fio
-Version:        3.30
-Release:        3%{?dist}
+Version:        3.37
+Release:        1%{?dist}
 License:        GPLv2
 Vendor:         Microsoft Corporation
 Distribution:   Azure Linux
@@ -173,6 +173,9 @@ EXTFLAGS="$RPM_OPT_FLAGS" LDFLAGS="$RPM_LD_FLAGS" %make_build
 %{_libdir}/fio/fio-rdma.so
 
 %changelog
+* Wed Apr 17 2024 Muhammad Falak <mwani@microsoft.com> - 3.37-1
+- Bump version to 3.37
+
 * Mon Mar 11 2023 Andrew Phelps <anphel@microsoft.com> - 3.30-3
 - Remove engine-pmemblk subpackage and BR on libpmemblk-devel
 
diff --git a/cgmanifest.json b/cgmanifest.json
index 68df4088f4e..60bead114ad 100644
--- a/cgmanifest.json
+++ b/cgmanifest.json
@@ -3588,8 +3588,8 @@
         "type": "other",
         "other": {
           "name": "fio",
-          "version": "3.30",
-          "downloadUrl": "https://brick.kernel.dk/snaps/fio-3.30.tar.bz2"
+          "version": "3.37",
+          "downloadUrl": "https://brick.kernel.dk/snaps/fio-3.37.tar.bz2"
         }
       }
     },

From b7e443c75912563f515c66cb4b0b46dcea805829 Mon Sep 17 00:00:00 2001
From: Andrew Phelps <anphel31@users.noreply.github.com>
Date: Fri, 26 Apr 2024 09:26:12 -0700
Subject: [PATCH 50/62] strace: upgrade to 6.8 (#8908)

---
 SPECS/strace/strace.signatures.json | 2 +-
 SPECS/strace/strace.spec            | 5 ++++-
 cgmanifest.json                     | 4 ++--
 3 files changed, 7 insertions(+), 4 deletions(-)

diff --git a/SPECS/strace/strace.signatures.json b/SPECS/strace/strace.signatures.json
index 91f49fecb21..a509df2f574 100644
--- a/SPECS/strace/strace.signatures.json
+++ b/SPECS/strace/strace.signatures.json
@@ -1,5 +1,5 @@
 {
  "Signatures": {
-  "strace-6.6.tar.xz": "421b4186c06b705163e64dc85f271ebdcf67660af8667283147d5e859fc8a96c"
+  "strace-6.8.tar.xz": "ba6950a96824cdf93a584fa04f0a733896d2a6bc5f0ad9ffe505d9b41e970149"
  }
 }
diff --git a/SPECS/strace/strace.spec b/SPECS/strace/strace.spec
index 13bc571e796..08089f38648 100644
--- a/SPECS/strace/strace.spec
+++ b/SPECS/strace/strace.spec
@@ -1,7 +1,7 @@
 %global __requires_exclude ^%{_bindir}/perl$
 Summary:        Tracks system calls that are made by a running process
 Name:           strace
-Version:        6.6
+Version:        6.8
 Release:        1%{?dist}
 License:        GPL-2.0-or-later AND LGPL-2.1-or-later
 Vendor:         Microsoft Corporation
@@ -44,6 +44,9 @@ all the arugments and return values from the system calls. This is useful in deb
 %{_mandir}/man1/*
 
 %changelog
+* Thu Apr 25 2024 Andrew Phelps <anphel@microsoft.com> - 6.8-1
+- Upgrade to version 6.8
+
 * Tue Dec 19 2023 Andrew Phelps <anphel@microsoft.com> - 6.6-1
 - Upgrade to version 6.6
 
diff --git a/cgmanifest.json b/cgmanifest.json
index 60bead114ad..4ce3d8aad9f 100644
--- a/cgmanifest.json
+++ b/cgmanifest.json
@@ -27936,8 +27936,8 @@
         "type": "other",
         "other": {
           "name": "strace",
-          "version": "6.6",
-          "downloadUrl": "https://strace.io/files/6.6/strace-6.6.tar.xz"
+          "version": "6.8",
+          "downloadUrl": "https://strace.io/files/6.8/strace-6.8.tar.xz"
         }
       }
     },

From 4f4715d7f77f55ac134164a3fb9ab00d9d627253 Mon Sep 17 00:00:00 2001
From: Andrew Phelps <anphel31@users.noreply.github.com>
Date: Fri, 26 Apr 2024 09:28:37 -0700
Subject: [PATCH 51/62] php-pecl-zip: fix runtime requirements to match php
 8.3.4 (#8923)

---
 SPECS/php-pecl-zip/php-pecl-zip.spec | 9 ++++++---
 1 file changed, 6 insertions(+), 3 deletions(-)

diff --git a/SPECS/php-pecl-zip/php-pecl-zip.spec b/SPECS/php-pecl-zip/php-pecl-zip.spec
index 06b86dd8a2c..583e480c3a1 100644
--- a/SPECS/php-pecl-zip/php-pecl-zip.spec
+++ b/SPECS/php-pecl-zip/php-pecl-zip.spec
@@ -13,7 +13,7 @@
 Summary:        A ZIP archive management extension
 Name:           php-pecl-zip
 Version:        1.22.3
-Release:        1%{?dist}
+Release:        2%{?dist}
 License:        PHP
 Vendor:         Microsoft Corporation
 Distribution:   Azure Linux
@@ -27,8 +27,8 @@ BuildRequires:  pkg-config
 BuildRequires:  tzdata
 BuildRequires:  zlib-devel
 BuildRequires:  pkgconfig(libzip) >= 1.0.0
-Requires:       php(api) = 20210902-%{__isa_bits}
-Requires:       php(zend-abi) = 20210902-%{__isa_bits}
+Requires:       php(api) = 20230831-%{__isa_bits}
+Requires:       php(zend-abi) = 20230831-%{__isa_bits}
 Requires:       tzdata
 # Supposed to use these macros from SPECS/php/macros.php
 #Requires:     php(zend-abi) = %{php_zend_api}
@@ -154,6 +154,9 @@ TEST_PHP_EXECUTABLE=%{_bindir}/zts-php \
 %endif
 
 %changelog
+* Thu Apr 25 2024 Andrew Phelps <anphel@microsoft.com> - 1.22.3-2
+- Update `php(abi)` and `php(zend-abi)` requires for php 8.3.4
+
 * Fri Mar 29 2024 Andrew Phelps <anphel@microsoft.com> - 1.22.3-1
 - Upgrade to version 1.22.3
 - Add tzdata BR and requires.

From 6f205511793d2672b6be4c692416f2b2fccf8d1b Mon Sep 17 00:00:00 2001
From: CBL-Mariner-Bot <75509084+CBL-Mariner-Bot@users.noreply.github.com>
Date: Fri, 26 Apr 2024 09:44:00 -0700
Subject: [PATCH 52/62] [AUTOPATCHER-CORE] Upgrade python-distlib to 0.3.8 none
 (#8898)

Co-authored-by: Osama Esmail <osamaesmail@microsoft.com>
---
 SPECS/python-distlib/python-distlib.signatures.json | 10 +++++-----
 SPECS/python-distlib/python-distlib.spec            | 13 +++++++++----
 cgmanifest.json                                     |  4 ++--
 3 files changed, 16 insertions(+), 11 deletions(-)

diff --git a/SPECS/python-distlib/python-distlib.signatures.json b/SPECS/python-distlib/python-distlib.signatures.json
index 7fc4e421e4f..5ac76b96b1d 100644
--- a/SPECS/python-distlib/python-distlib.signatures.json
+++ b/SPECS/python-distlib/python-distlib.signatures.json
@@ -1,5 +1,5 @@
-{
-    "Signatures": {
-     "python-distlib-0.3.6.tar.gz": "14bad2d9b04d3a36127ac97f30b12a19268f211063d8f8ee4f47108896e11b46"
-    }
-   }
+{
+  "Signatures": {
+    "python-distlib-0.3.8.tar.gz": "1530ea13e350031b6312d8580ddb6b27a104275a31106523b8f123787f494f64"
+  }
+}
diff --git a/SPECS/python-distlib/python-distlib.spec b/SPECS/python-distlib/python-distlib.spec
index ff792aa9ceb..0dbb4937786 100644
--- a/SPECS/python-distlib/python-distlib.spec
+++ b/SPECS/python-distlib/python-distlib.spec
@@ -1,8 +1,8 @@
 %global srcname distlib
 Summary:        Low-level components of distutils2/packaging, augmented with higher-level APIs
 Name:           python-distlib
-Version:        0.3.6
-Release:        2%{?dist}
+Version:        0.3.8
+Release:        1%{?dist}
 License:        Python
 Vendor:         Microsoft Corporation
 Distribution:   Azure Linux
@@ -43,7 +43,6 @@ between tools.
 
 rm distlib/*.exe
 
-
 %build
 %pyproject_wheel
 
@@ -53,16 +52,22 @@ rm distlib/*.exe
 
 %check
 export PYTHONHASHSEED=0
+pip3 install iniconfig
 # test_sequencer_basic test fails due to relying
 # on the ordering of the input, hence disabling it.
 # https://github.com/pypa/distlib/issues/161
-%pytest -k "not test_sequencer_basic"
+# test_is_writable depends on network access
+%pytest -k "not test_sequencer_basic and not test_is_writable"
 
 %files -n python%{python3_pkgversion}-%{srcname} -f %pyproject_files
 %license LICENSE.txt
 %doc README.rst
 
 %changelog
+* Wed Apr 24 2024 Osama Esmail <osamaesmail@microsoft.com> - 0.3.8-1
+- Auto-upgrade to 0.3.8
+- Added "and not test_is_writable" to the %%check section
+
 * Tue Dec 21 2021 Riken Maharjan <rmaharjan@microsoft.com> - 0.3.6-2
 - Initial CBL-Mariner import from Fedora 37 (license: MIT)
 - License verified.
diff --git a/cgmanifest.json b/cgmanifest.json
index 4ce3d8aad9f..0bc4ee0d674 100644
--- a/cgmanifest.json
+++ b/cgmanifest.json
@@ -22163,8 +22163,8 @@
         "type": "other",
         "other": {
           "name": "python-distlib",
-          "version": "0.3.6",
-          "downloadUrl": "https://files.pythonhosted.org/packages/source/d/distlib/distlib-0.3.6.tar.gz"
+          "version": "0.3.8",
+          "downloadUrl": "https://files.pythonhosted.org/packages/source/d/distlib/distlib-0.3.8.tar.gz"
         }
       }
     },

From 559ef5fffe53f2d1e01e90855b26209db232949e Mon Sep 17 00:00:00 2001
From: CBL-Mariner-Bot <75509084+CBL-Mariner-Bot@users.noreply.github.com>
Date: Fri, 26 Apr 2024 10:00:51 -0700
Subject: [PATCH 53/62] [AUTOPATCHER-CORE] Upgrade python-hypothesis to 6.100.1
 none (#8907)

Co-authored-by: Osama Esmail <osamaesmail@microsoft.com>
---
 SPECS/python-hypothesis/python-hypothesis.signatures.json | 6 +++---
 SPECS/python-hypothesis/python-hypothesis.spec            | 7 +++++--
 cgmanifest.json                                           | 4 ++--
 3 files changed, 10 insertions(+), 7 deletions(-)

diff --git a/SPECS/python-hypothesis/python-hypothesis.signatures.json b/SPECS/python-hypothesis/python-hypothesis.signatures.json
index 1ef9043e04a..664c706e494 100644
--- a/SPECS/python-hypothesis/python-hypothesis.signatures.json
+++ b/SPECS/python-hypothesis/python-hypothesis.signatures.json
@@ -1,5 +1,5 @@
 {
- "Signatures": {
-  "hypothesis-6.36.2.tar.gz": "7202ea05759f591adf6c1887edbd4d53c049821284f630c5ec8ec3f3f57fd46b"
- }
+  "Signatures": {
+    "hypothesis-6.100.1.tar.gz": "ebff09d7fa4f1fb6a855a812baf17e578b4481b7b70ec6d96496210d1a4c6c35"
+  }
 }
diff --git a/SPECS/python-hypothesis/python-hypothesis.spec b/SPECS/python-hypothesis/python-hypothesis.spec
index 98d2ab2cd7e..01ee7e6cd9a 100644
--- a/SPECS/python-hypothesis/python-hypothesis.spec
+++ b/SPECS/python-hypothesis/python-hypothesis.spec
@@ -1,13 +1,13 @@
 Summary:        Python library for creating unit tests which are simpler to write and more powerful
 Name:           python-hypothesis
-Version:        6.36.2
+Version:        6.100.1
 Release:        1%{?dist}
 License:        MPLv2.0
 Vendor:         Microsoft Corporation
 Distribution:   Azure Linux
 Group:          Development/Languages/Python
 URL:            https://github.com/HypothesisWorks/hypothesis-python
-Source0:        https://files.pythonhosted.org/packages/24/05/d03211fc959ddf8c4a26d04957d9640a86a723f5d6a4359a4430cf5fa0b4/hypothesis-%{version}.tar.gz
+Source0:        https://files.pythonhosted.org/packages/5a/30/eaf0f26a982bc3b9bdc701b6b289347275beb1ae50aea146cf443c32ce7c/hypothesis-%{version}.tar.gz
 BuildArch:      noarch
 
 %description
@@ -47,6 +47,9 @@ and then generates simple and comprehensible examples that make your tests fail.
 %{_bindir}/*
 
 %changelog
+* Thu Apr 25 2024 CBL-Mariner Servicing Account <cblmargh@microsoft.com> - 6.100.1-1
+- Auto-upgrade to 6.100.1
+
 * Tue Feb 15 2022 Nick Samson <nisamson@microsoft.com> - 6.36.2-1
 - Updated source URL, updated to 6.36.2
 - Added hypothesis binary
diff --git a/cgmanifest.json b/cgmanifest.json
index 0bc4ee0d674..071fd5d439c 100644
--- a/cgmanifest.json
+++ b/cgmanifest.json
@@ -22633,8 +22633,8 @@
         "type": "other",
         "other": {
           "name": "python-hypothesis",
-          "version": "6.36.2",
-          "downloadUrl": "https://files.pythonhosted.org/packages/24/05/d03211fc959ddf8c4a26d04957d9640a86a723f5d6a4359a4430cf5fa0b4/hypothesis-6.36.2.tar.gz"
+          "version": "6.100.1",
+          "downloadUrl": "https://files.pythonhosted.org/packages/5a/30/eaf0f26a982bc3b9bdc701b6b289347275beb1ae50aea146cf443c32ce7c/hypothesis-6.100.1.tar.gz"
         }
       }
     },

From 34c9bea42c117dfcfda844f9f308455f7f6db8eb Mon Sep 17 00:00:00 2001
From: CBL-Mariner-Bot <75509084+CBL-Mariner-Bot@users.noreply.github.com>
Date: Fri, 26 Apr 2024 10:01:16 -0700
Subject: [PATCH 54/62] [AUTOPATCHER-CORE] Upgrade python-incremental to
 22.10.0 none (#8906)

Co-authored-by: Osama Esmail <osamaesmail@microsoft.com>
---
 SPECS/python-incremental/python-incremental.signatures.json | 6 +++---
 SPECS/python-incremental/python-incremental.spec            | 5 ++++-
 cgmanifest.json                                             | 4 ++--
 3 files changed, 9 insertions(+), 6 deletions(-)

diff --git a/SPECS/python-incremental/python-incremental.signatures.json b/SPECS/python-incremental/python-incremental.signatures.json
index 616d8a3d74c..145d620bc50 100644
--- a/SPECS/python-incremental/python-incremental.signatures.json
+++ b/SPECS/python-incremental/python-incremental.signatures.json
@@ -1,5 +1,5 @@
 {
- "Signatures": {
-  "incremental-21.3.0.tar.gz": "02f5de5aff48f6b9f665d99d48bfc7ec03b6e3943210de7cfc88856d755d6f57"
- }
+  "Signatures": {
+    "incremental-22.10.0.tar.gz": "912feeb5e0f7e0188e6f42241d2f450002e11bbc0937c65865045854c24c0bd0"
+  }
 }
diff --git a/SPECS/python-incremental/python-incremental.spec b/SPECS/python-incremental/python-incremental.spec
index 8eb94aa31e1..546774a37b6 100644
--- a/SPECS/python-incremental/python-incremental.spec
+++ b/SPECS/python-incremental/python-incremental.spec
@@ -1,6 +1,6 @@
 Summary:        Incremental is a small library that versions your Python projects.
 Name:           python-incremental
-Version:        21.3.0
+Version:        22.10.0
 Release:        1%{?dist}
 License:        MIT
 Vendor:         Microsoft Corporation
@@ -43,6 +43,9 @@ Incremental is a small library that versions your Python projects.
 %{python3_sitelib}/*
 
 %changelog
+* Thu Apr 25 2024 CBL-Mariner Servicing Account <cblmargh@microsoft.com> - 22.10.0-1
+- Auto-upgrade to 22.10.0 - none
+
 * Thu Feb 24 2022 Nick Samson <nisamson@microsoft.com> - 21.3.0-1
 - Update to 21.3.0.
 
diff --git a/cgmanifest.json b/cgmanifest.json
index 071fd5d439c..4575159d497 100644
--- a/cgmanifest.json
+++ b/cgmanifest.json
@@ -22673,8 +22673,8 @@
         "type": "other",
         "other": {
           "name": "python-incremental",
-          "version": "21.3.0",
-          "downloadUrl": "https://files.pythonhosted.org/packages/source/i/incremental/incremental-21.3.0.tar.gz"
+          "version": "22.10.0",
+          "downloadUrl": "https://files.pythonhosted.org/packages/source/i/incremental/incremental-22.10.0.tar.gz"
         }
       }
     },

From 36bf5b8ef32aab1deb5998b6465cf983bc4d1093 Mon Sep 17 00:00:00 2001
From: osamaesmailmsft <110202916+osamaesmailmsft@users.noreply.github.com>
Date: Fri, 26 Apr 2024 10:43:36 -0700
Subject: [PATCH 55/62] Upgrading `python-libclang` from `14.0.6` from `18.1.1`
 (#8909)

---
 SPECS/python-libclang/python-libclang.signatures.json | 2 +-
 SPECS/python-libclang/python-libclang.spec            | 8 ++++++--
 cgmanifest.json                                       | 4 ++--
 3 files changed, 9 insertions(+), 5 deletions(-)

diff --git a/SPECS/python-libclang/python-libclang.signatures.json b/SPECS/python-libclang/python-libclang.signatures.json
index 7d7050f8e5b..9dc254e70c6 100644
--- a/SPECS/python-libclang/python-libclang.signatures.json
+++ b/SPECS/python-libclang/python-libclang.signatures.json
@@ -1,5 +1,5 @@
 {
     "Signatures": {
-     "libclang-14.0.6.tar.gz": "9052a8284d8846984f6fa826b1d7460a66d3b23a486d782633b42b6e3b418789"
+     "libclang-18.1.1.tar.gz": "a1214966d08d73d971287fc3ead8dfaf82eb07fb197680d8b3859dbbbbf78250"
     }
    }
diff --git a/SPECS/python-libclang/python-libclang.spec b/SPECS/python-libclang/python-libclang.spec
index f75f913322d..7c3b64f12d9 100644
--- a/SPECS/python-libclang/python-libclang.spec
+++ b/SPECS/python-libclang/python-libclang.spec
@@ -1,8 +1,8 @@
 %global pypi_name libclang
 
 Summary:        Clang's python bindings
-Name:           python-%{pypi_name}
-Version:        14.0.6
+Name:           python-libclang
+Version:        18.1.1
 Release:        1%{?dist}
 License:        ASL 2.0
 Vendor:         Microsoft Corporation
@@ -37,5 +37,9 @@ This library makes it easier to install clang's python bindings.
 %{python3_sitelib}/*
 
 %changelog
+* Thu Apr 25 2024 Osama Esmail <osamaesmail@microsoft.com> - 18.1.1-1
+- Upgrading version for 3.0-dev
+- Using actual package name so auto-upgrader can read the spec
+
 * Mon Oct 17 2022 Riken Maharjan <rmaharjan@microsoft.com> - 14.0.6-1
 - Original version for CBL-Mariner. License Verified.
diff --git a/cgmanifest.json b/cgmanifest.json
index 4575159d497..e082dde334b 100644
--- a/cgmanifest.json
+++ b/cgmanifest.json
@@ -22953,8 +22953,8 @@
         "type": "other",
         "other": {
           "name": "python-libclang",
-          "version": "14.0.6",
-          "downloadUrl": "https://files.pythonhosted.org/packages/source/l/libclang/libclang-14.0.6.tar.gz"
+          "version": "18.1.1",
+          "downloadUrl": "https://files.pythonhosted.org/packages/source/l/libclang/libclang-18.1.1.tar.gz"
         }
       }
     },

From cb31ab4f44af8b0cd753ca008e63d6c572994634 Mon Sep 17 00:00:00 2001
From: Dan Streetman <ddstreet@microsoft.com>
Date: Thu, 18 Apr 2024 05:18:44 -0400
Subject: [PATCH 56/62] systemd: move libidn2 recommends dep from core systemd
 to systemd-networkd

Only systemd-resolved and systemd-networkd use libidn2, so the core
systemd package doesn't need to recommend it.

Related work item: https://microsoft.visualstudio.com/OS/_workitems/edit/49774049/
---
 SPECS/systemd/systemd.spec | 9 ++++++---
 1 file changed, 6 insertions(+), 3 deletions(-)

diff --git a/SPECS/systemd/systemd.spec b/SPECS/systemd/systemd.spec
index a6604f1c5d3..24c4157f642 100644
--- a/SPECS/systemd/systemd.spec
+++ b/SPECS/systemd/systemd.spec
@@ -50,7 +50,7 @@ Version:        255
 # determine the build information from local checkout
 Version:        %(tools/meson-vcs-tag.sh . error | sed -r 's/-([0-9])/.^\1/; s/-g/_g/')
 %endif
-Release:        11%{?dist}
+Release:        12%{?dist}
 
 # FIXME - hardcode to 'stable' for now as that's what we have in our blobstore
 %global stable 1
@@ -303,8 +303,6 @@ Conflicts:      %{name}-standalone-shutdown < %{version}-%{release}^
 Provides:       %{name}-shutdown = %{version}-%{release}
 
 # Recommends to replace normal Requires deps for stuff that is dlopen()ed
-Recommends:     libidn2.so.0%{?elf_suffix}
-Recommends:     libidn2.so.0(IDN2_0.0.0)%{?elf_bits}
 Recommends:     libpcre2-8.so.0%{?elf_suffix}
 Recommends:     libpwquality.so.1%{?elf_suffix}
 Recommends:     libpwquality.so.1(LIBPWQUALITY_1.0)%{?elf_bits}
@@ -535,6 +533,8 @@ Requires:       %{name}%{_isa} = %{version}-%{release}
 License:        LGPL-2.1-or-later
 # https://src.fedoraproject.org/rpms/systemd/pull-request/34
 Obsoletes:      systemd < 246.6-2
+Recommends:     libidn2.so.0%{?elf_suffix}
+Recommends:     libidn2.so.0(IDN2_0.0.0)%{?elf_bits}
 
 %description networkd
 systemd-networkd is a system service that manages networks. It detects and
@@ -1192,6 +1192,9 @@ rm -f %{name}.lang
 # %autochangelog. So we need to continue manually maintaining the
 # changelog here.
 %changelog
+* Thu Apr 18 2024 Dan Streetman <ddstreet@microsoft.com> - 255-12
+- move libidn2 recommends from core package to systemd-networkd
+
 * Wed Apr 24 2024 Dan Streetman <ddstreet@microsoft.com> - 255-11
 - adjust pam.d/systemd-user file to include correct pam files
 

From d230af4b30f15aae46ad89a0b82cdb7d5721e8f3 Mon Sep 17 00:00:00 2001
From: Tobias Brick <39196763+tobiasb-ms@users.noreply.github.com>
Date: Fri, 26 Apr 2024 12:01:07 -0700
Subject: [PATCH 57/62] Add SymCrypt and SymCrypt-OpenSSL to images. (#8848)

As SymCrypt is meant to be the main crypto provider for openssl in azl3, and the only FIPS-compatible provider. As such, we need both SymCrypt and SymCrypt-OpenSSL in our base images. We can't have openssl have a direct runtime dependency on one of them, because it creates a circular dependency. So instead we have a "recommends", and then explicitly add them to image definitions that have openssl.
---
 SPECS/core-packages/core-packages.spec               |  7 ++++++-
 SPECS/distroless-packages/distroless-packages.spec   |  7 ++++++-
 SPECS/openssl/openssl.spec                           |  8 +++++++-
 .../manifests/package/pkggen_core_aarch64.txt        | 10 +++++-----
 .../manifests/package/pkggen_core_x86_64.txt         | 10 +++++-----
 .../manifests/package/toolchain_aarch64.txt          | 12 ++++++------
 .../resources/manifests/package/toolchain_x86_64.txt | 12 ++++++------
 7 files changed, 41 insertions(+), 25 deletions(-)

diff --git a/SPECS/core-packages/core-packages.spec b/SPECS/core-packages/core-packages.spec
index fb315055fef..764b8b94840 100644
--- a/SPECS/core-packages/core-packages.spec
+++ b/SPECS/core-packages/core-packages.spec
@@ -1,7 +1,7 @@
 Summary:        Metapackage with core sets of packages
 Name:           core-packages
 Version:        %{azl}.0
-Release:        3%{?dist}
+Release:        4%{?dist}
 License:        ASL 2.0
 Vendor:         Microsoft Corporation
 Distribution:   Azure Linux
@@ -71,6 +71,8 @@ Requires:       rpm
 Requires:       rpm-libs
 Requires:       sed
 Requires:       sqlite-libs
+Requires:       SymCrypt
+Requires:       SymCrypt-OpenSSL
 Requires:       tdnf
 Requires:       tdnf-plugin-repogpgcheck
 Requires:       xz
@@ -88,6 +90,9 @@ Requires:       zlib
 %files container
 
 %changelog
+* Fri Apr 26 2024 Tobias Brick <tobiasb@microsoft.com> - 3.0-4
+- Add SymCrypt and SymCrypt-OpenSSL
+
 * Wed Mar 13 2024 Pawel Winogrodzki <pawelwi@microsoft.com> - 3.0-3
 - Preview-only changes in the 'container' subpackage.
 - Removed dependencies: 'azurelinux-repos-ms-oss'.
diff --git a/SPECS/distroless-packages/distroless-packages.spec b/SPECS/distroless-packages/distroless-packages.spec
index 8eed70de743..5dd79e0ae16 100644
--- a/SPECS/distroless-packages/distroless-packages.spec
+++ b/SPECS/distroless-packages/distroless-packages.spec
@@ -1,7 +1,7 @@
 Summary:        Metapackage with core sets of packages for distroless containers.
 Name:           distroless-packages
 Version:        %{azl}.0
-Release:        4%{?dist}
+Release:        5%{?dist}
 License:        MIT
 Vendor:         Microsoft Corporation
 Distribution:   Azure Linux
@@ -31,6 +31,8 @@ Requires:       libgcc
 Requires:       azurelinux-release
 Requires:       openssl
 Requires:       openssl-libs
+Requires:       SymCrypt
+Requires:       SymCrypt-OpenSSL
 Requires:       tzdata
 
 %description base
@@ -55,6 +57,9 @@ Requires:       busybox
 %files debug
 
 %changelog
+* Fri Apr 26 2024 Tobias Brick <tobiasb@microsoft.com> - 3.0-5
+- Add SymCrypt and SymCrypt-OpenSSL
+
 * Thu Apr 04 2024 Pawel Winogrodzki <pawelwi@microsoft.com> - 3.0-4
 - Remove dependency on "prebuilt-ca-certificates".
 
diff --git a/SPECS/openssl/openssl.spec b/SPECS/openssl/openssl.spec
index b1ac8dd4f4e..1284e9b5f45 100644
--- a/SPECS/openssl/openssl.spec
+++ b/SPECS/openssl/openssl.spec
@@ -9,7 +9,7 @@
 Summary: Utilities from the general purpose cryptography library with TLS implementation
 Name: openssl
 Version: 3.1.4
-Release: 8%{?dist}
+Release: 9%{?dist}
 Vendor:         Microsoft Corporation
 Distribution:   Azure Linux
 Source: https://www.openssl.org/source/openssl-%{version}.tar.gz
@@ -92,6 +92,9 @@ BuildRequires: perl(Test::More)
 
 Requires: %{name}-libs%{?_isa} = %{version}-%{release}
 
+Recommends: SymCrypt
+Recommends: SymCrypt-OpenSSL
+
 %description
 The OpenSSL toolkit provides support for secure communications between
 machines. OpenSSL includes a certificate management tool and shared
@@ -356,6 +359,9 @@ install -m644 %{SOURCE9} \
 %ldconfig_scriptlets libs
 
 %changelog
+* Fri Apr 26 2024 Tobias Brick <tobiasb@microsoft.com> - 3.1.4-9
+- Add recommends on SymCrypt and SymCrypt-OpenSSL
+
 * Tue Apr 23 2024 Tobias Brick <tobiasb@microsoft.com> - 3.1.4-8
 - Add FIPS_mode patch back for compatibility
 
diff --git a/toolkit/resources/manifests/package/pkggen_core_aarch64.txt b/toolkit/resources/manifests/package/pkggen_core_aarch64.txt
index fe5de485624..80ae8da6c23 100644
--- a/toolkit/resources/manifests/package/pkggen_core_aarch64.txt
+++ b/toolkit/resources/manifests/package/pkggen_core_aarch64.txt
@@ -165,11 +165,11 @@ texinfo-7.0.3-1.azl3.aarch64.rpm
 gtk-doc-1.33.2-1.azl3.noarch.rpm
 autoconf-2.72-1.azl3.noarch.rpm
 automake-1.16.5-1.azl3.noarch.rpm
-openssl-3.1.4-8.azl3.aarch64.rpm
-openssl-devel-3.1.4-8.azl3.aarch64.rpm
-openssl-libs-3.1.4-8.azl3.aarch64.rpm
-openssl-perl-3.1.4-8.azl3.aarch64.rpm
-openssl-static-3.1.4-8.azl3.aarch64.rpm
+openssl-3.1.4-9.azl3.aarch64.rpm
+openssl-devel-3.1.4-9.azl3.aarch64.rpm
+openssl-libs-3.1.4-9.azl3.aarch64.rpm
+openssl-perl-3.1.4-9.azl3.aarch64.rpm
+openssl-static-3.1.4-9.azl3.aarch64.rpm
 libcap-2.69-1.azl3.aarch64.rpm
 libcap-devel-2.69-1.azl3.aarch64.rpm
 debugedit-5.0-2.azl3.aarch64.rpm
diff --git a/toolkit/resources/manifests/package/pkggen_core_x86_64.txt b/toolkit/resources/manifests/package/pkggen_core_x86_64.txt
index 6033e4db50f..4c29950381d 100644
--- a/toolkit/resources/manifests/package/pkggen_core_x86_64.txt
+++ b/toolkit/resources/manifests/package/pkggen_core_x86_64.txt
@@ -165,11 +165,11 @@ texinfo-7.0.3-1.azl3.x86_64.rpm
 gtk-doc-1.33.2-1.azl3.noarch.rpm
 autoconf-2.72-1.azl3.noarch.rpm
 automake-1.16.5-1.azl3.noarch.rpm
-openssl-3.1.4-8.azl3.x86_64.rpm
-openssl-devel-3.1.4-8.azl3.x86_64.rpm
-openssl-libs-3.1.4-8.azl3.x86_64.rpm
-openssl-perl-3.1.4-8.azl3.x86_64.rpm
-openssl-static-3.1.4-8.azl3.x86_64.rpm
+openssl-3.1.4-9.azl3.x86_64.rpm
+openssl-devel-3.1.4-9.azl3.x86_64.rpm
+openssl-libs-3.1.4-9.azl3.x86_64.rpm
+openssl-perl-3.1.4-9.azl3.x86_64.rpm
+openssl-static-3.1.4-9.azl3.x86_64.rpm
 libcap-2.69-1.azl3.x86_64.rpm
 libcap-devel-2.69-1.azl3.x86_64.rpm
 debugedit-5.0-2.azl3.x86_64.rpm
diff --git a/toolkit/resources/manifests/package/toolchain_aarch64.txt b/toolkit/resources/manifests/package/toolchain_aarch64.txt
index 1947c855a50..094f3dead29 100644
--- a/toolkit/resources/manifests/package/toolchain_aarch64.txt
+++ b/toolkit/resources/manifests/package/toolchain_aarch64.txt
@@ -275,12 +275,12 @@ npth-1.6-4.azl3.aarch64.rpm
 npth-debuginfo-1.6-4.azl3.aarch64.rpm
 npth-devel-1.6-4.azl3.aarch64.rpm
 ntsysv-1.25-1.azl3.aarch64.rpm
-openssl-3.1.4-8.azl3.aarch64.rpm
-openssl-debuginfo-3.1.4-8.azl3.aarch64.rpm
-openssl-devel-3.1.4-8.azl3.aarch64.rpm
-openssl-libs-3.1.4-8.azl3.aarch64.rpm
-openssl-perl-3.1.4-8.azl3.aarch64.rpm
-openssl-static-3.1.4-8.azl3.aarch64.rpm
+openssl-3.1.4-9.azl3.aarch64.rpm
+openssl-debuginfo-3.1.4-9.azl3.aarch64.rpm
+openssl-devel-3.1.4-9.azl3.aarch64.rpm
+openssl-libs-3.1.4-9.azl3.aarch64.rpm
+openssl-perl-3.1.4-9.azl3.aarch64.rpm
+openssl-static-3.1.4-9.azl3.aarch64.rpm
 p11-kit-0.25.0-1.azl3.aarch64.rpm
 p11-kit-debuginfo-0.25.0-1.azl3.aarch64.rpm
 p11-kit-devel-0.25.0-1.azl3.aarch64.rpm
diff --git a/toolkit/resources/manifests/package/toolchain_x86_64.txt b/toolkit/resources/manifests/package/toolchain_x86_64.txt
index 5ae37652d2b..ed5874ab114 100644
--- a/toolkit/resources/manifests/package/toolchain_x86_64.txt
+++ b/toolkit/resources/manifests/package/toolchain_x86_64.txt
@@ -281,12 +281,12 @@ npth-1.6-4.azl3.x86_64.rpm
 npth-debuginfo-1.6-4.azl3.x86_64.rpm
 npth-devel-1.6-4.azl3.x86_64.rpm
 ntsysv-1.25-1.azl3.x86_64.rpm
-openssl-3.1.4-8.azl3.x86_64.rpm
-openssl-debuginfo-3.1.4-8.azl3.x86_64.rpm
-openssl-devel-3.1.4-8.azl3.x86_64.rpm
-openssl-libs-3.1.4-8.azl3.x86_64.rpm
-openssl-perl-3.1.4-8.azl3.x86_64.rpm
-openssl-static-3.1.4-8.azl3.x86_64.rpm
+openssl-3.1.4-9.azl3.x86_64.rpm
+openssl-debuginfo-3.1.4-9.azl3.x86_64.rpm
+openssl-devel-3.1.4-9.azl3.x86_64.rpm
+openssl-libs-3.1.4-9.azl3.x86_64.rpm
+openssl-perl-3.1.4-9.azl3.x86_64.rpm
+openssl-static-3.1.4-9.azl3.x86_64.rpm
 p11-kit-0.25.0-1.azl3.x86_64.rpm
 p11-kit-debuginfo-0.25.0-1.azl3.x86_64.rpm
 p11-kit-devel-0.25.0-1.azl3.x86_64.rpm

From 0de3bb84593f2f6b71128a004292042346857af1 Mon Sep 17 00:00:00 2001
From: CBL-Mariner-Bot <75509084+CBL-Mariner-Bot@users.noreply.github.com>
Date: Fri, 26 Apr 2024 12:15:56 -0700
Subject: [PATCH 58/62] [AUTOPATCHER-CORE] Upgrade python-google-auth to 2.29.0
 none (#8905)

Co-authored-by: Osama Esmail <osamaesmail@microsoft.com>
---
 .../python-google-auth.signatures.json                 |  6 +++---
 SPECS/python-google-auth/python-google-auth.spec       | 10 +++++++---
 cgmanifest.json                                        |  4 ++--
 3 files changed, 12 insertions(+), 8 deletions(-)

diff --git a/SPECS/python-google-auth/python-google-auth.signatures.json b/SPECS/python-google-auth/python-google-auth.signatures.json
index 959e7218e14..2772bebf855 100644
--- a/SPECS/python-google-auth/python-google-auth.signatures.json
+++ b/SPECS/python-google-auth/python-google-auth.signatures.json
@@ -1,5 +1,5 @@
 {
- "Signatures": {
-  "google-auth-2.6.6.tar.gz": "1ba4938e032b73deb51e59c4656a00e0939cf0b1112575099f136babb4563312"
- }
+  "Signatures": {
+    "google-auth-2.29.0.tar.gz": "672dff332d073227550ffc7457868ac4218d6c500b155fe6cc17d2b13602c360"
+  }
 }
diff --git a/SPECS/python-google-auth/python-google-auth.spec b/SPECS/python-google-auth/python-google-auth.spec
index fe27bc802b2..c1bf1163a59 100644
--- a/SPECS/python-google-auth/python-google-auth.spec
+++ b/SPECS/python-google-auth/python-google-auth.spec
@@ -2,7 +2,7 @@
 %{!?python3_sitelib: %define python3_sitelib %(python3 -c "from distutils.sysconfig import get_python_lib;print(get_python_lib())")}
 
 Name:           python-%{library}
-Version:        2.6.6
+Version:        2.29.0
 Release:        1%{?dist}
 Summary:        Google Auth Python Library
 License:        ASL 2.0
@@ -49,10 +49,14 @@ python3 setup.py install --skip-build --root=%{buildroot}
 %{python3_sitelib}/google/auth
 %{python3_sitelib}/google/oauth2
 %{python3_sitelib}/google_auth-%{version}*.egg-info
-%{python3_sitelib}/google_auth-%{version}*.pth
 
 %changelog
-* Thu Apr 27 2022 Mateusz Malisz <mamalisz@microsoft.com> - 2.6.6-1
+* Thu Apr 25 2024 Osama Esmail <osamaesmail@microsoft.com> - 2.29.0-1
+- Auto-upgrade to 2.29.0 - none
+- Fixed previous log's day of week
+- Remove 'google_auth-%%{version}*.pth' from %%files
+
+* Wed Apr 27 2022 Mateusz Malisz <mamalisz@microsoft.com> - 2.6.6-1
 - Update to 2.6.6
 
 * Fri Aug 21 2020 Thomas Crain <thcrain@microsoft.com> - 1.20.1-1
diff --git a/cgmanifest.json b/cgmanifest.json
index e082dde334b..376ad1e909c 100644
--- a/cgmanifest.json
+++ b/cgmanifest.json
@@ -22483,8 +22483,8 @@
         "type": "other",
         "other": {
           "name": "python-google-auth",
-          "version": "2.6.6",
-          "downloadUrl": "https://pypi.python.org/packages/source/g/google-auth/google-auth-2.6.6.tar.gz"
+          "version": "2.29.0",
+          "downloadUrl": "https://pypi.python.org/packages/source/g/google-auth/google-auth-2.29.0.tar.gz"
         }
       }
     },

From 119c40da5c66168e58d21b111d865396cbe06aeb Mon Sep 17 00:00:00 2001
From: Mandeep Plaha <99760213+mandeepsplaha@users.noreply.github.com>
Date: Mon, 29 Apr 2024 10:24:18 -0700
Subject: [PATCH 59/62] attach EOL manifest to base containers as well (#8935)

---
 .../scripts/BuildBaseContainers.sh            | 21 +++++++++++++++++--
 1 file changed, 19 insertions(+), 2 deletions(-)

diff --git a/.pipelines/containerSourceData/scripts/BuildBaseContainers.sh b/.pipelines/containerSourceData/scripts/BuildBaseContainers.sh
index 134be3c2b61..ddbffdbd2c7 100755
--- a/.pipelines/containerSourceData/scripts/BuildBaseContainers.sh
+++ b/.pipelines/containerSourceData/scripts/BuildBaseContainers.sh
@@ -194,6 +194,8 @@ function initialization {
 
     ROOT_FOLDER="$(git rev-parse --show-toplevel)"
     EULA_FILE_PATH="$ROOT_FOLDER/.pipelines/container_artifacts/data"
+    END_OF_LIFE_1_YEAR=$(date -d "+1 year" "+%Y-%m-%dT%H:%M:%SZ")
+    echo "END_OF_LIFE_1_YEAR                    -> $END_OF_LIFE_1_YEAR"
 }
 
 function build_builder_image {
@@ -270,16 +272,31 @@ function docker_build_marinara {
     save_container_image "$MARINARA" "$MARINARA_IMAGE_NAME"
 }
 
+function oras_attach {
+    local image_name=$1
+    oras attach \
+        --artifact-type "application/vnd.microsoft.artifact.lifecycle" \
+        --annotation "vnd.microsoft.artifact.lifecycle.end-of-life.date=$END_OF_LIFE_1_YEAR" \
+        "$image_name"
+}
+
 function publish_to_acr {
     local image=$1
     if [[ ! "$PUBLISH_TO_ACR" =~ [Tt]rue ]]; then
         echo "+++ Skip publishing to ACR"
         return
     fi
+    
+    echo "+++ az login into Azure ACR $ACR"
+    local oras_access_token
+    oras_access_token=$(az acr login --name "$ACR" --expose-token --output tsv --query accessToken)
+    oras login "$ACR.azurecr.io" \
+        --username "00000000-0000-0000-0000-000000000000" \
+        --password "$oras_access_token"
+
     echo "+++ Publish container $image"
-    echo "login into ACR: $ACR"
-    az acr login --name "$ACR"
     docker image push "$image"
+    oras_attach "$image"
 }
 
 function save_container_image {

From 4b9fed882682f4ed62f26e49e0b4af17fbdb9fbb Mon Sep 17 00:00:00 2001
From: Riken Maharjan <106988478+rikenm1@users.noreply.github.com>
Date: Mon, 29 Apr 2024 11:58:40 -0700
Subject: [PATCH 60/62] Update tensorboard to 2.16.2 (#8942)

---
 .../0000-Use-system-package.patch             | 12 +++++
 SPECS/python-tensorboard/dockerfile           | 50 +++++++++++++++++
 .../genereate_source_tarball.sh               | 14 +++++
 .../python-tensorboard.signatures.json        |  5 +-
 .../python-tensorboard.spec                   | 53 +++++++++----------
 SPECS/tensorflow/tensorflow.spec              |  6 ++-
 cgmanifest.json                               |  4 +-
 7 files changed, 110 insertions(+), 34 deletions(-)
 create mode 100644 SPECS/python-tensorboard/0000-Use-system-package.patch
 create mode 100644 SPECS/python-tensorboard/dockerfile
 create mode 100644 SPECS/python-tensorboard/genereate_source_tarball.sh

diff --git a/SPECS/python-tensorboard/0000-Use-system-package.patch b/SPECS/python-tensorboard/0000-Use-system-package.patch
new file mode 100644
index 00000000000..a30a929f698
--- /dev/null
+++ b/SPECS/python-tensorboard/0000-Use-system-package.patch
@@ -0,0 +1,12 @@
+diff -urN tensorboard-2.16.2/tensorboard/pip_package/build_pip_package.sh tensorboard-2.16.2/tensorboard/pip_package/build_pip_package.sh
+--- tensorboard-2.16.2/tensorboard/pip_package/build_pip_package.sh	2024-04-29 08:54:07.635971311 -0700
++++ tensorboard-2.16.2/tensorboard/pip_package/build_pip_package.sh	2024-04-29 08:55:27.281331937 -0700
+@@ -103,8 +103,6 @@
+ 
+   virtualenv -q -p python3 venv
+   export VIRTUAL_ENV=venv
+-  export PATH="${PWD}/venv/bin:${PATH}"
+-  unset PYTHON_HOME
+ 
+   # Require wheel for bdist_wheel command, and setuptools 36.2.0+ so that
+   # env markers are handled (https://github.com/pypa/setuptools/pull/1081)
diff --git a/SPECS/python-tensorboard/dockerfile b/SPECS/python-tensorboard/dockerfile
new file mode 100644
index 00000000000..d87f74c8685
--- /dev/null
+++ b/SPECS/python-tensorboard/dockerfile
@@ -0,0 +1,50 @@
+# Three things important for creating the cache
+# i) Bazel version should match .bazelversion file
+# ii) The Working directory should match the directory where this cache will be used.
+# for example: In AZL3.0 tensorflow is built in "/usr/src/azl/BUILD/tensorflow-$version".
+# iii) Python version should match the version in caching phase and the build phase
+
+FROM mcr.microsoft.com/cbl-mariner/base/core:2.0
+
+ARG TB_VERSION
+
+WORKDIR /root/
+# RUN tdnf -y install createrepo
+# COPY RPMS /opt/rpms
+# COPY custom.repo /etc/yum.repos.d
+
+# COPY toolchain_rpms /opt/rpms
+# RUN createrepo /opt/rpms
+#bazel version must match with the .bazelversion
+RUN tdnf -y install build-essential git tar bazel python3-devel python3-numpy python3-pip python3-wheel python3-six python3-setuptools python3-virtualenv python3-protobuf python3-absl-py gcc zlib wget ca-certificates
+RUN tdnf -y install which python3-werkzeug
+# Create Working Directory
+RUN wget https://github.com/tensorflow/tensorboard/archive/refs/tags/$TB_VERSION.tar.gz
+RUN mkdir -p /usr/src/azl/BUILD
+RUN tar -xvf $TB_VERSION.tar.gz -C /usr/src/azl/BUILD
+WORKDIR /usr/src/azl/BUILD/tensorboard-$TB_VERSION
+RUN ln -s /usr/bin/python3 /usr/bin/python
+
+RUN bazel --output_user_root=./tb_tmp fetch //tensorboard/pip_package:build_pip_package
+# As compiling start we exit the command. This indicates all the dependencies has been downloaded
+# should take 5-10 mins
+RUN bazel --output_user_root=./tb_tmp build //tensorboard/pip_package:build_pip_package > /tmp/bazel_output.log 2>&1 & \
+    pid=$! && \
+    while true; do \
+        if grep -q "Compiling" /tmp/bazel_output.log; then \
+            echo "Compiling detected, exiting..." && \
+            kill $pid && \
+            exit 0; \
+        fi; \
+        sleep 1; \
+    done
+
+
+# clean up any compiled code
+RUN bazel clean
+
+WORKDIR /usr/src/azl/BUILD
+RUN tar -czf tensorboard-$TB_VERSION.tar.gz tensorboard-$TB_VERSION
+RUN mv tensorboard-$TB_VERSION.tar.gz /root
+
+CMD ["bash"]
diff --git a/SPECS/python-tensorboard/genereate_source_tarball.sh b/SPECS/python-tensorboard/genereate_source_tarball.sh
new file mode 100644
index 00000000000..e09844ea8fa
--- /dev/null
+++ b/SPECS/python-tensorboard/genereate_source_tarball.sh
@@ -0,0 +1,14 @@
+#!/bin/bash
+
+# output = tensorboard-$TB_VERSION.tar.gz
+# Tensorboard version to use
+TB_VERSION="2.16.2"
+
+docker build --build-arg TB_VERSION=$TB_VERSION -t tensorboard .
+
+CONTAINER_ID=$(docker run -d tensorboard)
+
+docker cp $CONTAINER_ID:/root/tensorboard-$TB_VERSION.tar.gz $PWD
+
+docker stop $CONTAINER_ID
+docker rm $CONTAINER_ID
diff --git a/SPECS/python-tensorboard/python-tensorboard.signatures.json b/SPECS/python-tensorboard/python-tensorboard.signatures.json
index b0bfcd8446a..adea6a48847 100644
--- a/SPECS/python-tensorboard/python-tensorboard.signatures.json
+++ b/SPECS/python-tensorboard/python-tensorboard.signatures.json
@@ -1,6 +1,5 @@
 {
     "Signatures": {
-     "python-tensorboard-2.11.0.tar.gz": "4045f3eca77ef335dcd70879ff9aecc2d2ba09e3fb5f39e501f868b4ab23c2b2",
-     "python-tensorboard-2.11.0-cache.tar.gz": "77b35869c63fc15b5cdeeff3dc6ac472e79a62739a69537bf60a38fa902b66a4"
+     "python-tensorboard-2.16.2.tar.gz": "9e69ad2243289a82500547271a213a4ee7a8be89fdebdd87372dac953e61b834"
     }
-   }
+}
diff --git a/SPECS/python-tensorboard/python-tensorboard.spec b/SPECS/python-tensorboard/python-tensorboard.spec
index 3fd9c6f0742..1b8e7515d17 100644
--- a/SPECS/python-tensorboard/python-tensorboard.spec
+++ b/SPECS/python-tensorboard/python-tensorboard.spec
@@ -6,24 +6,31 @@ TensorBoard is a suite of web applications for inspecting and understanding your
 
 Summary:        TensorBoard is a suite of web applications for inspecting and understanding your TensorFlow runs and graphs
 Name:           python-%{pypi_name}
-Version:        2.11.0
-Release:        4%{?dist}
+Version:        2.16.2
+Release:        1%{?dist}
 License:        ASL 2.0
 Vendor:         Microsoft Corporation
 Distribution:   Azure Linux
 URL:            https://github.com/tensorflow/tensorboard
-Source0:        https://github.com/tensorflow/tensorboard/archive/refs/tags/%{version}.tar.gz#/%{name}-%{version}.tar.gz
-Source1:        %{name}-%{version}-cache.tar.gz
-BuildRequires:  python3-setuptools
-BuildRequires:  python3-pip
-BuildRequires:  python3-wheel
-BuildRequires:  python3-six
+# This source also contains the dependencies required for building tensorboard
+Source0:        %{_distro_sources_url}/%{name}-%{version}.tar.gz#/%{name}-%{version}.tar.gz
+
+Patch0:         0000-Use-system-package.patch
 BuildRequires:  bazel
-BuildRequires:  gcc
 BuildRequires:  build-essential
-BuildRequires:  protobuf
-BuildRequires:  zlib
+BuildRequires:  gcc
+BuildRequires:  git
+BuildRequires:  python3-absl-py
+BuildRequires:  python3-numpy
+BuildRequires:  python3-pip
+BuildRequires:  python3-protobuf
+BuildRequires:  python3-setuptools
+BuildRequires:  python3-six
 BuildRequires:  python3-virtualenv
+BuildRequires:  python3-wheel
+BuildRequires:  python3-werkzeug
+BuildRequires:  which
+BuildRequires:  zlib
 ExclusiveArch:  x86_64
 
 
@@ -56,10 +63,8 @@ Summary:        %{summary}
 %autosetup -p1 -n tensorboard-%{version}
 
 %build
-tar -xf %{SOURCE1} -C /root/
-
-ln -s /usr/bin/python3 /usr/bin/python
 
+ln -s %{_bindir}/python3 %{_bindir}/python
 #tensorboard-data-server
 pushd tensorboard/data/server/pip_package
 python3 setup.py -q bdist_wheel
@@ -67,21 +72,10 @@ popd
 mkdir -p pyproject-wheeldir/ && cp tensorboard/data/server/pip_package/dist/*.whl pyproject-wheeldir/
 
 #tensorboard built using bazel
-bazel --batch build //tensorboard/pip_package:build_pip_package
-#cache
-# ---------
-# steps to create the cache tar. network connection is required to create the cache.
-#----------------------------------
-# bazel clean
-# pushd /root
-# tar -czvf %{name}-%{version}-cache.tar.gz .cache  #creating the cache using the /root/.cache directory
-# popd
-# mv /root/%{name}-%{version}-cache.tar.gz /usr/
-
-#tensorboard package build script build_pip_package.sh doesn't assign RUNFILES variable successfully.
-sed -i 's/output="$1"/output="$1"\n \ RUNFILES="$(CDPATH="" cd -- "$0.runfiles" \&\& pwd)"/' bazel-bin/tensorboard/pip_package/build_pip_package
+#tb_tmp contains all the dependencies for bazel build
+bazel --batch --output_user_root=./tb_tmp build //tensorboard/pip_package:build_pip_package
 bazel-bin/tensorboard/pip_package/build_pip_package .
-mv %{pypi_name}-%{version}-*.whl pyproject-wheeldir/
+mv %{pypi_name}-*.whl pyproject-wheeldir/
 
 %install
 %{pyproject_install}
@@ -100,6 +94,9 @@ mv %{pypi_name}-%{version}-*.whl pyproject-wheeldir/
 %{python3_sitelib}/tensorboard_data_server*
 
 %changelog
+* Thu Apr 25 2024 Riken Maharjan <rmaharjan@microsoft.com> - 2.16.2-1
+- Upgrade tensorboard to 2.16.2.
+
 * Tue Apr 23 2024 Andrew Phelps <anphel@microsoft.com> - 2.11.0-4
 - Remove missing requirements `python3-tf-nightly` and `python3-tensorflow-estimator`
 
diff --git a/SPECS/tensorflow/tensorflow.spec b/SPECS/tensorflow/tensorflow.spec
index 9d70411b343..51b0bedc8c6 100644
--- a/SPECS/tensorflow/tensorflow.spec
+++ b/SPECS/tensorflow/tensorflow.spec
@@ -1,7 +1,7 @@
 Summary:        TensorFlow is an open source machine learning framework for everyone.
 Name:           tensorflow
 Version:        2.16.1
-Release:        1%{?dist}
+Release:        3%{?dist}
 License:        ASL 2.0
 Vendor:         Microsoft Corporation
 Distribution:   Azure Linux
@@ -49,6 +49,7 @@ Requires:       python3-requests
 Requires:       python3-setuptools
 Requires:       python3-six
 Requires:       python3-termcolor
+Requires:       python3-tensorboard
 Requires:       python3-typing-extensions
 Requires:       python3-wrapt
 
@@ -91,6 +92,9 @@ bazel --batch build  //tensorflow/tools/pip_package:build_pip_package
 %{_bindir}/toco_from_protos
 
 %changelog
+* Mon Apr 29 2024 Riken Maharjan <rmaharjan@microsoft> - 2.16.1-3
+- Add tensorboard as runtime requirement
+
 * Wed Mar 27 2024 Riken Maharjan <rmaharjan@microsoft> - 2.16.1-2
 - Remove Unnecessary requirements and add keras as runtime req
 
diff --git a/cgmanifest.json b/cgmanifest.json
index 376ad1e909c..6fc25dd105e 100644
--- a/cgmanifest.json
+++ b/cgmanifest.json
@@ -24533,8 +24533,8 @@
         "type": "other",
         "other": {
           "name": "python-tensorboard",
-          "version": "2.11.0",
-          "downloadUrl": "https://github.com/tensorflow/tensorboard/archive/refs/tags/2.11.0.tar.gz"
+          "version": "2.16.2",
+          "downloadUrl": "https://cblmarinerstorage.blob.core.windows.net/sources/core/python-tensorboard-2.16.2.tar.gz"
         }
       }
     },

From 71192c437a8bb6024fd24121be235bb9af53b08a Mon Sep 17 00:00:00 2001
From: Andrew Phelps <anphel31@users.noreply.github.com>
Date: Mon, 29 Apr 2024 14:29:41 -0700
Subject: [PATCH 61/62] rocksdb: fix compilation issue with x86-64-v3
 architecture (#8943)

---
 SPECS/rocksdb/rocksdb.spec | 28 +++++++++++++++++++---------
 1 file changed, 19 insertions(+), 9 deletions(-)

diff --git a/SPECS/rocksdb/rocksdb.spec b/SPECS/rocksdb/rocksdb.spec
index d16d98c6a55..1feede0b2c9 100644
--- a/SPECS/rocksdb/rocksdb.spec
+++ b/SPECS/rocksdb/rocksdb.spec
@@ -3,7 +3,7 @@
 Name:           rocksdb
 Summary:        A library that provides an embeddable, persistent key-value store for fast storage.
 Version:        8.9.1
-Release:        1%{?dist}
+Release:        2%{?dist}
 License:        GPLv2+ and ASL 2.0 and BSD
 Vendor:         Microsoft Corporation
 Distribution:   Azure Linux
@@ -37,7 +37,12 @@ Development files for %{name}
 %build
 mkdir build
 cd build
-%cmake -DPORTABLE=1 ..
+%ifarch x86_64
+PORTABLE_OPTION=haswell
+%else
+PORTABLE_OPTION=1
+%endif
+%cmake -DPORTABLE=$PORTABLE_OPTION ..
 make %{?_smp_mflags}
 
 %install
@@ -58,16 +63,21 @@ make install DESTDIR=%{buildroot}
 %{_libdir}/pkgconfig/rocksdb.pc
 
 %changelog
+* Mon Apr 29 2024 Andrew Phelps <anphel@microsoft.com> - 8.9.1-2
+- Fix build issue with -march=x86-64-v3
+
 * Wed Dec 13 2023 Andrew Phelps <anphel@microsoft.com> - 8.9.1-1
 - Upgrade to 8.9.1
 
 * Wed Sep 20 2023 Jon Slobodzian <joslobo@microsoft.com> - 6.26.0-2
 - Recompile with stack-protection fixed gcc version (CVE-2023-4039)
 
-*   Thu Nov 11 2021 Andrew Phelps <anphel@microsoft.com> 6.26.0-1
--   Update to version 6.26.0
-*   Thu Oct 08 2020 Pawel Winogrodzki <pawelwi@microsoft.com> 6.7.3-2
--   Fixed 'Source0' URL.
--   License verified.
-*   Mon Mar 30 2020 Jonathan Chiu <jochi@microsoft.com> 6.7.3-1
--   Original version for CBL-Mariner.
+* Thu Nov 11 2021 Andrew Phelps <anphel@microsoft.com> 6.26.0-1
+- Update to version 6.26.0
+
+* Thu Oct 08 2020 Pawel Winogrodzki <pawelwi@microsoft.com> 6.7.3-2
+- Fixed 'Source0' URL.
+- License verified.
+
+* Mon Mar 30 2020 Jonathan Chiu <jochi@microsoft.com> 6.7.3-1
+- Original version for CBL-Mariner.

From e395adcacbff687e6420d249977712894db0c356 Mon Sep 17 00:00:00 2001
From: Adub17030MS <110563293+Adub17030MS@users.noreply.github.com>
Date: Mon, 29 Apr 2024 16:46:28 -0700
Subject: [PATCH 62/62] Adding additionalDirs support to MIC API  (#8444)

---
 .../imagecustomizer/docs/configuration.md     | 122 +++++++++++++++---
 toolkit/tools/imagecustomizerapi/dirconfig.go |  77 +++++++++++
 toolkit/tools/imagecustomizerapi/os.go        |   6 +
 toolkit/tools/internal/file/file.go           |  60 +++++++++
 toolkit/tools/internal/file/file_test.go      | 114 ++++++++++++++++
 .../tools/internal/safechroot/safechroot.go   |  14 ++
 .../pkg/imagecustomizerlib/customizeutils.go  |  36 ++++++
 7 files changed, 413 insertions(+), 16 deletions(-)
 create mode 100644 toolkit/tools/imagecustomizerapi/dirconfig.go

diff --git a/toolkit/tools/imagecustomizer/docs/configuration.md b/toolkit/tools/imagecustomizer/docs/configuration.md
index 0e951f0b45b..62ce4dcb94b 100644
--- a/toolkit/tools/imagecustomizer/docs/configuration.md
+++ b/toolkit/tools/imagecustomizer/docs/configuration.md
@@ -24,47 +24,49 @@ The Azure Linux Image Customizer is configured using a YAML (or JSON) file.
 4. Update hostname. ([hostname](#hostname-string))
 
 5. Copy additional files. ([additionalFiles](#additionalfiles-mapstring-fileconfig))
+  
+6. Copy additional directories. ([additionalDirs](#additionaldirs-dirconfig))
 
-6. Add/update users. ([users](#users-user))
+7. Add/update users. ([users](#users-user))
 
-7. Enable/disable services. ([services](#services-type))
+8. Enable/disable services. ([services](#services-type))
 
-8. Configure kernel modules. ([modules](#modules-module))
+9. Configure kernel modules. ([modules](#modules-module))
 
-9. Write the `/etc/mariner-customizer-release` file.
+10. Write the `/etc/mariner-customizer-release` file.
 
-10. If [resetBootLoaderType](#resetbootloadertype-string) is set to `hard-reset`, then
+11. If [resetBootLoaderType](#resetbootloadertype-string) is set to `hard-reset`, then
     reset the boot-loader.
 
     If [resetBootLoaderType](#resetbootloadertype-string) is not set, then
     append the [extraCommandLine](#extracommandline-string) value to the existing
     `grub.cfg` file.
 
-11. Update the SELinux mode.
+12. Update the SELinux mode.
 
-12. If ([overlays](#overlay-type)) are specified, then add the overlays dracut module
+13. If ([overlays](#overlay-type)) are specified, then add the overlays dracut module
     and update the grub config.
 
-13. If ([verity](#verity-type)) is specified, then add the dm-verity dracut driver
+14. If ([verity](#verity-type)) is specified, then add the dm-verity dracut driver
     and update the grub config.
 
-14. Regenerate the initramfs file (if needed).
+15. Regenerate the initramfs file (if needed).
 
-15. Run ([postCustomization](#postcustomization-script)) scripts.
+16. Run ([postCustomization](#postcustomization-script)) scripts.
 
-16. If SELinux is enabled, call `setfiles`.
+17. If SELinux is enabled, call `setfiles`.
 
-17. Delete `/etc/resolv.conf` file.
+18. Delete `/etc/resolv.conf` file.
 
-18. Run finalize image scripts. ([finalizeCustomization](#finalizecustomization-script))
+19. Run finalize image scripts. ([finalizeCustomization](#finalizecustomization-script))
 
-19. If [--shrink-filesystems](./cli.md#shrink-filesystems) is specified, then shrink
+20. If [--shrink-filesystems](./cli.md#shrink-filesystems) is specified, then shrink
     the file systems.
 
-20. If ([verity](#verity-type)) is specified, then create the hash tree and update the
+21. If ([verity](#verity-type)) is specified, then create the hash tree and update the
     grub config.
 
-21. if the output format is set to `iso`, copy additional iso media files.
+22. if the output format is set to `iso`, copy additional iso media files.
 ([iso](#iso-type))
 
 ### /etc/resolv.conf
@@ -150,6 +152,13 @@ os:
       - [fileConfig type](#fileconfig-type)
         - [path](#fileconfig-path)
         - [permissions](#permissions-string)
+     - [additionalDirs](#additionaldirs-dirconfig)
+        - [dirConfig](#dirconfig-type)
+           - [sourcePath](#dirconfig-sourcePath)
+           - [destinationPath](#dirconfig-destinationPath)
+           - [newDirPermissions](#newDirPermissions-string)
+           - [mergedDirPermissions](#mergedDirPermissions-string)
+           - [childFilePermissions](#childFilePermissions-string)
     - [users](#users-user)
       - [user type](#user-type)
         - [name](#user-name)
@@ -409,6 +418,65 @@ os:
       permissions: "664"
 ```
 
+## dirConfig type
+
+Specifies options for placing a directory in the OS.
+
+Type is used by: [additionalDirs](#additionaldirs-dirconfig)
+
+<div id="dirconfig-sourcePath"></div>
+
+### sourcePath [string]
+
+The absolute path to the source directory that will be copied.
+
+<div id="dirconfig-destinationPath"></div>
+
+### destinationPath [string]
+
+The absolute path in the target OS that the source directory will be copied to.
+
+Example:
+
+```yaml
+os:
+  additionalDirs:
+    - sourcePath: "home/files/targetDir"
+      destinationPath: "usr/project/targetDir"
+```
+
+### newDirPermissions [string]
+
+The permissions to set on all of the new directories being created on the target OS
+(including the top-level directory). Default value: `755`.
+
+### mergedDirPermissions [string]
+
+The permissions to set on the directories being copied that already do exist on the
+target OS (including the top-level directory). **Note:** If this value is not specified
+in the config, the permissions for this field will be the same as that of the
+pre-existing directory.
+
+### childFilePermissions [string]
+
+The permissions to set on the children file of the directory. Default value: `755`.
+
+Supported formats for permission values:
+
+- String containing an octal value. e.g. `664`
+
+Example:
+
+```yaml
+os:
+  additionalDirs:
+    - sourcePath: "home/files/targetDir"
+      destinationPath: "usr/project/targetDir"
+      newDirPermissions: "644"
+      mergedDirPermissions: "777"
+      childFilePermissions: "644"
+```
+
 ## fileSystem type
 
 Specifies the mount options for a partition.
@@ -996,6 +1064,28 @@ os:
       permissions: "664"
 ```
 
+### additionalDirs [[dirConfig](#dirconfig-type)[]]
+
+Copy directories into the OS image.
+
+This property is a list of [dirConfig](#dirconfig-type) objects.
+
+Example:
+
+```yaml
+os:
+  additionalDirs:
+    # Copying directory with default permission options.
+    - sourcePath: "path/to/local/directory/"
+      destinationPath: "/path/to/destination/directory/"
+    # Copying directory with specific permission options.
+    - sourcePath: "path/to/local/directory/"
+      destinationPath: "/path/to/destination/directory/"
+      newDirPermissions: 0644
+      mergedDirPermissions: 0777
+      childFilePermissions: 0644
+```
+
 ### users [[user](#user-type)]
 
 Used to add and/or update user accounts.
diff --git a/toolkit/tools/imagecustomizerapi/dirconfig.go b/toolkit/tools/imagecustomizerapi/dirconfig.go
new file mode 100644
index 00000000000..2c2d98b1c17
--- /dev/null
+++ b/toolkit/tools/imagecustomizerapi/dirconfig.go
@@ -0,0 +1,77 @@
+// Copyright (c) Microsoft Corporation.
+// Licensed under the MIT License.
+
+//
+
+package imagecustomizerapi
+
+import (
+	"fmt"
+)
+
+// DirConfigList is a list of destination files where the source file will be copied to in the final image.
+// This type exists to allow a custom marshaller to be attached to it.
+type DirConfigList []DirConfig
+
+type DirConfig struct {
+	// The path to the source directory that will be copied (can be relative or absolute path).
+	SourcePath string `yaml:"sourcePath"`
+
+	// The absolute path in the target OS that the directory will be copied to.
+	DestinationPath string `yaml:"destinationPath"`
+
+	// The permissions to set on all of the new directories being created on the target OS (including the top-level directory).
+	// Note: If this value is not specified in the config, the permissions for these directories will be set to 0755.
+	NewDirPermissions *FilePermissions `yaml:"newDirPermissions"`
+
+	// The permissions to set on the directories being copied that already do exist on the target OS (including the top-level directory).
+	// Note: If this value is not specified in the config, the permissions for this field will be the same as that of the pre-existing directory.
+	MergedDirPermissions *FilePermissions `yaml:"mergedDirPermissions"`
+
+	// The permissions to set on the children file of the directory.
+	// Note: If this value is not specified in the config, the permissions for these directories will be set to 0755.
+	ChildFilePermissions *FilePermissions `yaml:"childFilePermissions"`
+}
+
+func (l *DirConfigList) IsValid() (err error) {
+	for i, dirConfig := range *l {
+		err = dirConfig.IsValid()
+		if err != nil {
+			return fmt.Errorf("invalid value at index %d:\n%w", i, err)
+		}
+	}
+
+	return nil
+}
+
+func (d *DirConfig) IsValid() (err error) {
+	// Paths
+	if d.SourcePath == "" {
+		return fmt.Errorf("invalid [sourcePath] value: empty string")
+	}
+	if d.DestinationPath == "" {
+		return fmt.Errorf("invalid [destinationPath] value: empty string")
+	}
+
+	// Permissions
+	if d.NewDirPermissions != nil {
+		err = d.NewDirPermissions.IsValid()
+		if err != nil {
+			return fmt.Errorf("invalid [newDirPermissions] value:\n%w", err)
+		}
+	}
+	if d.MergedDirPermissions != nil {
+		err = d.MergedDirPermissions.IsValid()
+		if err != nil {
+			return fmt.Errorf("invalid [mergedDirPermissions] value:\n%w", err)
+		}
+	}
+	if d.ChildFilePermissions != nil {
+		err = d.ChildFilePermissions.IsValid()
+		if err != nil {
+			return fmt.Errorf("invalid [childFilePermissions] value:\n%w", err)
+		}
+	}
+
+	return nil
+}
diff --git a/toolkit/tools/imagecustomizerapi/os.go b/toolkit/tools/imagecustomizerapi/os.go
index 385229e6be7..c7c32e1eaee 100644
--- a/toolkit/tools/imagecustomizerapi/os.go
+++ b/toolkit/tools/imagecustomizerapi/os.go
@@ -18,6 +18,7 @@ type OS struct {
 	SELinux             SELinux             `yaml:"selinux"`
 	KernelCommandLine   KernelCommandLine   `yaml:"kernelCommandLine"`
 	AdditionalFiles     AdditionalFilesMap  `yaml:"additionalFiles"`
+	AdditionalDirs      DirConfigList       `yaml:"additionalDirs"`
 	Users               []User              `yaml:"users"`
 	Services            Services            `yaml:"services"`
 	Modules             []Module            `yaml:"modules"`
@@ -53,6 +54,11 @@ func (s *OS) IsValid() error {
 		return fmt.Errorf("invalid additionalFiles: %w", err)
 	}
 
+	err = s.AdditionalDirs.IsValid()
+	if err != nil {
+		return fmt.Errorf("invalid additionalDirs: %w", err)
+	}
+
 	for i, user := range s.Users {
 		err = user.IsValid()
 		if err != nil {
diff --git a/toolkit/tools/internal/file/file.go b/toolkit/tools/internal/file/file.go
index 40674f13164..471cb7d49d4 100644
--- a/toolkit/tools/internal/file/file.go
+++ b/toolkit/tools/internal/file/file.go
@@ -89,6 +89,66 @@ func Copy(src, dst string) (err error) {
 	return NewFileCopyBuilder(src, dst).Run()
 }
 
+// CopyDir copies src directory to dst, creating the dst directory if needed.
+// dst is assumed to be a directory and not a file.
+func CopyDir(src, dst string, newDirPermissions, childFilePermissions fs.FileMode, mergedDirPermissions *fs.FileMode) (err error) {
+	isDstExist, err := PathExists(dst)
+	if err != nil {
+		return err
+	}
+	if isDstExist {
+		isDstDir, err := IsDir(dst)
+		if err != nil {
+			return err
+		}
+		if !isDstDir {
+			return fmt.Errorf("destination exists but is not a directory (%s)", dst)
+		}
+		logger.Log.Debugf("Destination (%s) already exists and is a directory", dst)
+		if mergedDirPermissions != nil {
+			if err := os.Chmod(dst, *mergedDirPermissions); err != nil {
+				return fmt.Errorf("error setting file permissions: %w", err)
+			}
+		}
+	}
+
+	if !isDstExist {
+		logger.Log.Infof("Creating destination directory on chroot (%s)", dst)
+		// Create dst dir
+		err = os.MkdirAll(dst, newDirPermissions)
+		if err != nil {
+			return err
+		}
+
+	}
+
+	// Open the source directory
+	entries, err := os.ReadDir(src)
+	if err != nil {
+		return err
+	}
+
+	// Iterate over the entries in the source directory
+	for _, entry := range entries {
+		srcPath := filepath.Join(src, entry.Name())
+		dstPath := filepath.Join(dst, entry.Name())
+
+		if entry.IsDir() {
+			// If it's a directory, recursively copy it
+			if err := CopyDir(srcPath, dstPath, newDirPermissions, childFilePermissions, mergedDirPermissions); err != nil {
+				return err
+			}
+		} else {
+			// If it's a file, copy it and set file permissions
+			if err := NewFileCopyBuilder(srcPath, dstPath).SetFileMode(childFilePermissions).Run(); err != nil {
+				return err
+			}
+		}
+	}
+
+	return nil
+}
+
 // Read reads a string from the file src.
 func Read(src string) (data string, err error) {
 	logger.Log.Debugf("Reading from (%s)", src)
diff --git a/toolkit/tools/internal/file/file_test.go b/toolkit/tools/internal/file/file_test.go
index 2cc5ba8d99b..bd8d60bed8c 100644
--- a/toolkit/tools/internal/file/file_test.go
+++ b/toolkit/tools/internal/file/file_test.go
@@ -4,6 +4,8 @@
 package file
 
 import (
+	"fmt"
+	"io/fs"
 	"os"
 	"path/filepath"
 	"testing"
@@ -123,3 +125,115 @@ func TestRemoveDirectoryContentsNonExistent(t *testing.T) {
 	err = RemoveDirectoryContents(tempDir)
 	assert.Error(t, err)
 }
+
+func TestCopyDir(t *testing.T) {
+	workingDir, err := os.Getwd()
+	if !assert.NoError(t, err) {
+		return
+	}
+	testDir := filepath.Join(workingDir, "testdata")
+
+	// Defining and creating src directory
+	src := testDir + "/source"
+	err = os.MkdirAll(src, os.ModePerm)
+	assert.NoError(t, err)
+
+	// Adding test files into src directory
+	err = createTestFiles("testfile", src)
+	assert.NoError(t, err)
+
+	// Defining dst directory and child permissions
+	newDirPermissions := fs.FileMode(0755)
+	mergeDirPermissions := fs.FileMode(0755)
+	childFilePermissions := fs.FileMode(0755)
+
+	// Defining dst directory and copying src into dst
+	dst := testDir + "/destination"
+	err = CopyDir(src, dst, newDirPermissions, childFilePermissions, &mergeDirPermissions)
+	assert.NoError(t, err)
+
+	// verifying the directories are equal
+	equal, err := areDirectoriesEqual(src, dst)
+	assert.NoError(t, err)
+	assert.True(t, equal)
+
+	// Removing all test files and directories
+	err = os.RemoveAll(testDir)
+	assert.NoError(t, err)
+}
+
+func createTestFiles(filename string, outputDir string) error {
+	// Test data
+	testData := []byte{0x01, 0x02, 0x03, 0x04, 0x05}
+
+	// Test file names
+	outputFilepath1 := fmt.Sprintf("%s/%s.txt", outputDir, filename+"1")
+	outputFilepath2 := fmt.Sprintf("%s/%s.txt", outputDir, filename+"2")
+	err := os.MkdirAll(outputDir+"/innerTestDir", os.ModePerm)
+	if err != nil {
+		return err
+	}
+	outputFilepath3 := fmt.Sprintf("%s/innerTestDir/%s.txt", outputDir, filename+"3")
+
+	// Write data to files
+	err = os.WriteFile(outputFilepath1, testData, os.ModePerm)
+	if err != nil {
+		return err
+	}
+	err = os.WriteFile(outputFilepath2, testData, os.ModePerm)
+	if err != nil {
+		return err
+	}
+	err = os.WriteFile(outputFilepath3, testData, os.ModePerm)
+	if err != nil {
+		return err
+	}
+	logger.Log.Infof("Test files created: %s, %s, %s,", outputFilepath1, outputFilepath2, outputFilepath3)
+	return nil
+}
+
+// AreDirectoriesEqual checks if two directories are equal based on their files.
+func areDirectoriesEqual(dir1, dir2 string) (bool, error) {
+	files1, err := ListFiles(dir1)
+	if err != nil {
+		return false, err
+	}
+
+	files2, err := ListFiles(dir2)
+	if err != nil {
+		return false, err
+	}
+
+	if len(files1) != len(files2) {
+		return false, nil
+	}
+
+	for i, file1 := range files1 {
+		if file1 != files2[i] {
+			return false, nil
+		}
+	}
+
+	return true, nil
+}
+
+// ListFiles lists all files in a directory.
+func ListFiles(dir string) ([]string, error) {
+	var files []string
+
+	err := filepath.Walk(dir, func(path string, info os.FileInfo, err error) error {
+		if err != nil {
+			return err
+		}
+		if !info.IsDir() {
+			files = append(files, info.Name())
+		}
+		return nil
+	})
+
+	if err != nil {
+		return nil, err
+	}
+
+	return files, nil
+}
diff --git a/toolkit/tools/internal/safechroot/safechroot.go b/toolkit/tools/internal/safechroot/safechroot.go
index e2dbfcb10ce..2ba402df84a 100644
--- a/toolkit/tools/internal/safechroot/safechroot.go
+++ b/toolkit/tools/internal/safechroot/safechroot.go
@@ -37,6 +37,15 @@ type FileToCopy struct {
 	NoDereference bool
 }
 
+// DirToCopy represents a directory to copy into a chroot using AddDirs. Dest is relative to the chroot directory.
+type DirToCopy struct {
+	Src                  string
+	Dest                 string
+	NewDirPermissions    os.FileMode
+	ChildFilePermissions os.FileMode
+	MergedDirPermissions *os.FileMode
+}
+
 // MountPoint represents a system mount point used by a Chroot.
 // It is guaranteed to be unmounted on application exit even on a SIGTERM so long as registerSIGTERMCleanup is invoked.
 // The fields of MountPoint mirror those of the `mount` syscall.
@@ -305,6 +314,11 @@ func (c *Chroot) Initialize(tarPath string, extraDirectories []string, extraMoun
 	return
 }
 
+// AddDirs copies each directory 'Src' to the relative path chrootRootDir/'Dest' in the chroot.
+func (c *Chroot) AddDirs(dirToCopy DirToCopy) (err error) {
+	return file.CopyDir(dirToCopy.Src, filepath.Join(c.rootDir, dirToCopy.Dest), dirToCopy.NewDirPermissions, dirToCopy.ChildFilePermissions, dirToCopy.MergedDirPermissions)
+}
+
 // AddFiles copies each file 'Src' to the relative path chrootRootDir/'Dest' in the chroot.
 func (c *Chroot) AddFiles(filesToCopy ...FileToCopy) (err error) {
 	return AddFilesToDestination(c.rootDir, filesToCopy...)
diff --git a/toolkit/tools/pkg/imagecustomizerlib/customizeutils.go b/toolkit/tools/pkg/imagecustomizerlib/customizeutils.go
index 9819133b7aa..a2f945a0d07 100644
--- a/toolkit/tools/pkg/imagecustomizerlib/customizeutils.go
+++ b/toolkit/tools/pkg/imagecustomizerlib/customizeutils.go
@@ -26,6 +26,7 @@ import (
 const (
 	configDirMountPathInChroot = "/_imageconfigs"
 	resolveConfPath            = "/etc/resolv.conf"
+	defaultFilePermissions     = 0o755
 )
 
 func doCustomizations(buildDir string, baseConfigPath string, config *imagecustomizerapi.Config,
@@ -53,6 +54,11 @@ func doCustomizations(buildDir string, baseConfigPath string, config *imagecusto
 		return err
 	}
 
+	err = copyAdditionalDirs(baseConfigPath, config.OS.AdditionalDirs, imageChroot)
+	if err != nil {
+		return err
+	}
+
 	err = copyAdditionalFiles(baseConfigPath, config.OS.AdditionalFiles, imageChroot)
 	if err != nil {
 		return err
@@ -206,6 +212,36 @@ func copyAdditionalFiles(baseConfigPath string, additionalFiles imagecustomizera
 	return nil
 }
 
+func copyAdditionalDirs(baseConfigPath string, additionalDirs imagecustomizerapi.DirConfigList, imageChroot *safechroot.Chroot) error {
+	for _, dirConfigElement := range additionalDirs {
+		absSourceDir := file.GetAbsPathWithBase(baseConfigPath, dirConfigElement.SourcePath)
+		logger.Log.Infof("Copying %s into %s", absSourceDir, dirConfigElement.DestinationPath)
+
+		// Setting permissions values. They are set to a default value if they have not been specified.
+		newDirPermissionsValue := fs.FileMode(defaultFilePermissions)
+		if dirConfigElement.NewDirPermissions != nil {
+			newDirPermissionsValue = *(*fs.FileMode)(dirConfigElement.NewDirPermissions)
+		}
+		childFilePermissionsValue := fs.FileMode(defaultFilePermissions)
+		if dirConfigElement.ChildFilePermissions != nil {
+			childFilePermissionsValue = *(*fs.FileMode)(dirConfigElement.ChildFilePermissions)
+		}
+
+		dirToCopy := safechroot.DirToCopy{
+			Src:                  absSourceDir,
+			Dest:                 dirConfigElement.DestinationPath,
+			NewDirPermissions:    newDirPermissionsValue,
+			ChildFilePermissions: childFilePermissionsValue,
+			MergedDirPermissions: (*fs.FileMode)(dirConfigElement.MergedDirPermissions),
+		}
+		err := imageChroot.AddDirs(dirToCopy)
+		if err != nil {
+			return err
+		}
+	}
+	return nil
+}
+
 func runScripts(baseConfigPath string, scripts []imagecustomizerapi.Script, imageChroot *safechroot.Chroot) error {
 	if len(scripts) <= 0 {
 		return nil