microsoft · BinduSri-6522866 · Jun 4, 2026 · Jun 4, 2026 · Jun 5, 2026 · Jun 5, 2026
@@ -2,7 +2,7 @@
 Summary:        Tool for generating C bindings to Rust code
 Name:           rust-cbindgen
 Version:        0.24.3
-Release:        10%{?dist}
+Release:        11%{?dist}
 License:        MIT
 Vendor:         Microsoft Corporation
 Distribution:   Azure Linux
@@ -96,6 +96,9 @@ RUSTFLAGS=%{rustflags} cargo test --release
 %endif
 
 %changelog
+* Fri Jun 05 2026 BinduSri Adabala <v-badabala@microsoft.com> - 0.24.3-11
+- Bump release to rebuild with rust
+
 * Tue Apr 07 2026 BinduSri Adabala <v-badabala@microsoft.com> - 0.24.3-10
 - Bump release to rebuild with rust
 

@@ -3,7 +3,7 @@
 Summary: Tardev Snapshotter for containerd
 Name: tardev-snapshotter
 Version: 3.2.0.tardev1
-Release: 8%{?dist}
+Release: 9%{?dist}
 License: ASL 2.0
 Group: Tools/Container
 Vendor: Microsoft Corporation
@@ -67,6 +67,9 @@ fi
 %config(noreplace) %{_unitdir}/%{name}.service
 
 %changelog
+* Fri Jun 05 2026 BinduSri Adabala <v-badabala@microsoft.com> - 3.2.0.tardev1-9
+- Bump release to rebuild with rust
+
 * Tue Apr 07 2026 BinduSri Adabala <v-badabala@microsoft.com> - 3.2.0.tardev1-8
 - Bump release to rebuild with rust
 

@@ -1,7 +1,7 @@
 Summary:        Open source antivirus engine
 Name:           clamav
 Version:        1.5.2
-Release:        2%{?dist}
+Release:        3%{?dist}
 License:        ASL 2.0 AND BSD AND bzip2-1.0.4 AND GPLv2 AND LGPLv2+ AND MIT AND Public Domain AND UnRar
 Vendor:         Microsoft Corporation
 Distribution:   Azure Linux
@@ -152,6 +152,9 @@ fi
 %dir %attr(-,clamav,clamav) %{_sharedstatedir}/clamav
 
 %changelog
+* Fri Jun 05 2026 BinduSri Adabala <v-badabala@microsoft.com> - 1.5.2-3
+- Bump release to rebuild with rust
+
 * Mon Apr 20 2026 Azure Linux Security Servicing Account <azurelinux-security@microsoft.com> - 1.5.2-2
 - Patch for CVE-2026-33056, CVE-2026-33055
 

@@ -5,7 +5,7 @@
 Name:           cloud-hypervisor
 Summary:        Cloud Hypervisor is an open source Virtual Machine Monitor (VMM) that runs on top of the KVM hypervisor and the Microsoft Hypervisor (MSHV).
 Version:        51.1.56
-Release:        1%{?dist}
+Release:        2%{?dist}
 License:        ASL 2.0 OR BSD-3-clause
 Vendor:         Microsoft Corporation
 Distribution:   Azure Linux
@@ -137,6 +137,9 @@ cargo build --release --target=%{rust_musl_target} %{cargo_pkg_feature_opts} %{c
 %license LICENSES/CC-BY-4.0.txt
 
 %changelog
+* Fri Jun 05 2026 BinduSri Adabala <v-badabala@microsoft.com> - 51.1.56-2
+- Bump release to rebuild with rust
+
 * Wed Apr 16 2026 CBL-Mariner Servicing Account <cblmargh@microsoft.com> - 51.1.56-1
 - Auto-upgrade to 51.1.56
 - Remove CVE-2026-27211.patch that no longer applies

@@ -22,7 +22,7 @@
 Summary:        Influx data language
 Name:           flux
 Version:        0.194.5
-Release:        9%{?dist}
+Release:        10%{?dist}
 License:        MIT
 Vendor:         Microsoft Corporation
 Distribution:   Azure Linux
@@ -146,6 +146,9 @@ RUSTFLAGS=%{rustflags} cargo test --release
 %{_includedir}/influxdata/flux.h
 
 %changelog
+* Fri Jun 05 2026 BinduSri Adabala <v-badabala@microsoft.com> - 0.194.5-10
+- Bump release to rebuild with rust
+
 * Tue Apr 07 2026 BinduSri Adabala <v-badabala@microsoft.com> - 0.194.5-9
 - Bump release to rebuild with rust
 

@@ -18,7 +18,7 @@
 Summary:        Scalable datastore for metrics, events, and real-time analytics
 Name:           influxdb
 Version:        2.7.5
-Release:        17%{?dist}
+Release:        18%{?dist}
 License:        MIT
 Vendor:         Microsoft Corporation
 Distribution:   Azure Linux
@@ -169,6 +169,9 @@ go test ./...
 %{_tmpfilesdir}/influxdb.conf
 
 %changelog
+* Fri Jun 05 2026 BinduSri Adabala <v-badabala@microsoft.com> - 2.7.5-18
+- Bump release to rebuild with rust
+
 * Wed May 27 2026 Azure Linux Security Servicing Account <azurelinux-security@microsoft.com> - 2.7.5-17
 - Patch for CVE-2026-42506, CVE-2026-39821, CVE-2026-27136, CVE-2026-42502, CVE-2026-25681, CVE-2026-25680
 

@@ -3,7 +3,7 @@
 
 Name:         kata-containers-cc
 Version:      3.15.0.aks0
-Release:      11%{?dist}
+Release:      12%{?dist}
 Summary:      Kata Confidential Containers package developed for Confidential Containers on AKS
 License:      ASL 2.0
 URL:          https://github.com/microsoft/kata-containers
@@ -152,6 +152,9 @@ fi
 %{tools_pkg}/tools/osbuilder/node-builder/azure-linux/agent-install/usr/lib/systemd/system/kata-agent.service
 
 %changelog
+* Fri Jun 05 2026 BinduSri Adabala <v-badabala@microsoft.com> - 3.15.0-aks0-12
+- Bump release to rebuild with rust
+
 * Wed May 27 2026 Azure Linux Security Servicing Account <azurelinux-security@microsoft.com> - 3.15.0.aks0-11
 - Patch for CVE-2026-39821
 

@@ -2,7 +2,7 @@
 
 Name:           kata-containers
 Version:        3.19.1.kata3
-Release:        3%{?dist}
+Release:        4%{?dist}
 
 Summary:        Kata Containers package developed for Pod Sandboxing on AKS
 License:        ASL 2.0
@@ -118,6 +118,9 @@ popd
 %{tools_pkg}/tools/osbuilder/node-builder/azure-linux/agent-install/usr/lib/systemd/system/kata-agent.service
 
 %changelog
+* Fri Jun 05 2026 BinduSri Adabala <v-badabala@microsoft.com> - 3.19.1.kata3-4
+- Bump release to rebuild with rust
+
 * Wed May 27 2026 Azure Linux Security Servicing Account <azurelinux-security@microsoft.com> - 3.19.1.kata3-3
 - Patch for CVE-2026-39821
 

@@ -8,7 +8,7 @@
 Summary:        An SVG library based on cairo
 Name:           librsvg2
 Version:        2.58.1
-Release:        7%{?dist}
+Release:        8%{?dist}
 License:        LGPLv2+
 Vendor:         Microsoft Corporation
 Distribution:   Azure Linux
@@ -125,6 +125,9 @@ rm -vrf %{buildroot}%{_docdir}
 %{_bindir}/rsvg-convert
 
 %changelog
+* Fri Jun 05 2026 BinduSri Adabala <v-badabala@microsoft.com> - 2.58.1-8
+- Bump release to rebuild with rust
+
 * Tue Apr 07 2026 BinduSri Adabala <v-badabala@microsoft.com> - 2.58.1-7
 - Bump release to rebuild with rust
 

@@ -67,7 +67,7 @@
 Name:           mesa
 Summary:        Mesa graphics libraries
 Version:        24.0.1
-Release:        8%{?dist}
+Release:        9%{?dist}
 License:        BSD
 Vendor:         Microsoft Corporation
 Distribution:   Azure Linux
@@ -741,6 +741,9 @@ popd
 %endif
 
 %changelog
+* Fri Jun 05 2026 BinduSri Adabala <v-badabala@microsoft.com> - 24.0.1-9
+- Bump release to rebuild with rust
+
 * Mon Apr 13 2026 Azure Linux Security Servicing Account <azurelinux-security@microsoft.com> - 24.0.1-8
 - Patch for CVE-2026-40393
 

@@ -11,7 +11,7 @@
 
 Name:          netavark
 Version:       1.10.3
-Release:       8%{?dist}
+Release:       9%{?dist}
 Summary:       OCI network stack
 License:       ASL 2.0 and BSD and MIT
 Vendor:        Microsoft Corporation
@@ -225,6 +225,9 @@ popd
 %{_unitdir}/%{name}-firewalld-reload.service
 
 %changelog
+* Fri Jun 05 2026 BinduSri Adabala <v-badabala@microsoft.com> - 1.10.3-9
+- Bump release to rebuild with rust
+
 * Tue Apr 07 2026 BinduSri Adabala <v-badabala@microsoft.com> - 1.10.3-8
 - Bump release to rebuild with rust
 

@@ -1,7 +1,7 @@
 Summary:        Commit RPMs to an OSTree repository
 Name:           rpm-ostree
 Version:        2024.4
-Release:        10%{?dist}
+Release:        11%{?dist}
 License:        LGPLv2+
 Vendor:         Microsoft Corporation
 Distribution:   Azure Linux
@@ -182,6 +182,9 @@ make check
 %{_datadir}/gir-1.0/*-1.0.gir
 
 %changelog
+* Fri Jun 05 2026 BinduSri Adabala <v-badabala@microsoft.com> - 2024.4-11
+- Bump release to rebuild with rust
+
 * Tue Apr 21 2026 Azure Linux Security Servicing Account <azurelinux-security@microsoft.com> - 2024.4-10
 - Patch for CVE-2026-33056, CVE-2026-33055
 

@@ -0,0 +1,104 @@
+From e3ca1e64b0bcd627c7c5d3620f891cc22d1d03c7 Mon Sep 17 00:00:00 2001
+From: Sebastian Thiel <sebastian.thiel@icloud.com>
+Date: Thu, 23 Apr 2026 16:45:43 +0800
+Subject: [PATCH] fix(gix-submodule): make sure that `update` commands won't be
+ from `.gitmodules` files
+
+This is a proper fix for what previously was also already attempted,
+but wasn't correctly implemented.
+
+Upstream Patch reference: https://github.com/GitoxideLabs/gitoxide/commit/e3ca1e64b0bcd627c7c5d3620f891cc22d1d03c7.patch
+---
+ vendor/gix-submodule-0.17.0/.cargo-checksum.json |  2 +-
+ vendor/gix-submodule-0.17.0/src/access.rs        | 16 +++++++---------
+ vendor/gix-submodule-0.20.0/.cargo-checksum.json |  2 +-
+ vendor/gix-submodule-0.20.0/src/access.rs        | 16 +++++++---------
+ 4 files changed, 16 insertions(+), 20 deletions(-)
+
+diff --git a/vendor/gix-submodule-0.17.0/.cargo-checksum.json b/vendor/gix-submodule-0.17.0/.cargo-checksum.json
+index a0208d753..491cbd99d 100644
+--- a/vendor/gix-submodule-0.17.0/.cargo-checksum.json
++++ b/vendor/gix-submodule-0.17.0/.cargo-checksum.json
+@@ -1 +1 @@
+-{"files":{".cargo_vcs_info.json":"ab3ec1abaf6a9268e93545baf49803608a05d0b6d91b07e5ebc1350c97a268c7","Cargo.toml":"ed2807eec51202824aada3584dae26df93dc08b4f63ec83101b5a3eacf7f77ff","Cargo.toml.orig":"9b2c32c1baec946ba0053804d85ec8798795b8a5ac05a9a1749239c4f04f89c7","LICENSE-APACHE":"ee54e469a7971f7c331e03e5530db15c897417116e2ee4f1b802a02f683f5dba","LICENSE-MIT":"f9c4c77baa3828004ee54b8a4f2db2e88ed44a6237a493965bf551fac0fcb62d","src/access.rs":"0d8dc84318f7f40e83bddf2c385b164398a034be4d499597275c6d06ee4198e4","src/config.rs":"c79da16fabb8b9a9420324c680fefb43a45a2f91f7bd013e8a162bea9a2661c3","src/is_active_platform.rs":"f557a1b194b4e332f64dab6877cf2950eae14c482452975cd1e17b6ca98a8db1","src/lib.rs":"8a97de59b418727e22e194761faf6ffa0c40956ca301285e8ec51771c795c78c"},"package":"74972fe8d46ac8a09490ae1e843b4caf221c5b157c5ac17057e8e1c38417a3ac"}
+\ No newline at end of file
++{"files":{".cargo_vcs_info.json":"ab3ec1abaf6a9268e93545baf49803608a05d0b6d91b07e5ebc1350c97a268c7","Cargo.toml":"ed2807eec51202824aada3584dae26df93dc08b4f63ec83101b5a3eacf7f77ff","Cargo.toml.orig":"9b2c32c1baec946ba0053804d85ec8798795b8a5ac05a9a1749239c4f04f89c7","LICENSE-APACHE":"ee54e469a7971f7c331e03e5530db15c897417116e2ee4f1b802a02f683f5dba","LICENSE-MIT":"f9c4c77baa3828004ee54b8a4f2db2e88ed44a6237a493965bf551fac0fcb62d","src/access.rs":"f08153ebfc3f19899966f189fd6d558649df0f024774d5279d407e995337dbe3","src/config.rs":"c79da16fabb8b9a9420324c680fefb43a45a2f91f7bd013e8a162bea9a2661c3","src/is_active_platform.rs":"f557a1b194b4e332f64dab6877cf2950eae14c482452975cd1e17b6ca98a8db1","src/lib.rs":"8a97de59b418727e22e194761faf6ffa0c40956ca301285e8ec51771c795c78c"},"package":"74972fe8d46ac8a09490ae1e843b4caf221c5b157c5ac17057e8e1c38417a3ac"}
+diff --git a/vendor/gix-submodule-0.17.0/src/access.rs b/vendor/gix-submodule-0.17.0/src/access.rs
+index deba9a140..cd3e9ec3d 100644
+--- a/vendor/gix-submodule-0.17.0/src/access.rs
++++ b/vendor/gix-submodule-0.17.0/src/access.rs
+@@ -166,7 +166,12 @@ impl File {
+
+     /// Retrieve the `update` field of the submodule named `name`, if present.
+     pub fn update(&self, name: &BStr) -> Result<Option<Update>, config::update::Error> {
+-        let value: Update = match self.config.string(format!("submodule.{name}.update")) {
++        let mut value_is_from_modules_file = None;
++        let our_meta = self.config.meta();
++        let value: Update = match self.config.string_filter(&format!("submodule.{name}.update"), |meta| {
++            value_is_from_modules_file = Some(std::ptr::eq(meta, our_meta));
++            true
++        }) {
+             Some(v) => v.as_ref().try_into().map_err(|()| config::update::Error::Invalid {
+                 submodule: name.to_owned(),
+                 actual: v.into_owned(),
+@@ -175,14 +180,7 @@ impl File {
+         };
+
+         if let Update::Command(cmd) = &value {
+-            let ours = self.config.meta();
+-            let has_value_from_foreign_section = self
+-                .config
+-                .sections_by_name("submodule")
+-                .into_iter()
+-                .flatten()
+-                .any(|s| (s.header().subsection_name() == Some(name) && s.meta() as *const _ != ours as *const _));
+-            if !has_value_from_foreign_section {
++            if value_is_from_modules_file.unwrap_or_default() {
+                 return Err(config::update::Error::CommandForbiddenInModulesConfiguration {
+                     submodule: name.to_owned(),
+                     actual: cmd.to_owned(),
+diff --git a/vendor/gix-submodule-0.20.0/.cargo-checksum.json b/vendor/gix-submodule-0.20.0/.cargo-checksum.json
+index 121ede370..0bdae38d7 100644
+--- a/vendor/gix-submodule-0.20.0/.cargo-checksum.json
++++ b/vendor/gix-submodule-0.20.0/.cargo-checksum.json
+@@ -1 +1 @@
+-{"files":{".cargo_vcs_info.json":"e5bf5de8bdb21a0b2b614540a4663716c6d478ca0f6b98bee0f4b74c1131ae47","Cargo.lock":"6153c19206300561c1ccb850eb55d74da9c47e4d3379182dff477b3b95356d52","Cargo.toml":"c8cfcb2e1dc52ec08aac03b624ccb8bebfbfa9466281aad5cf8ac40a05df00b4","Cargo.toml.orig":"ce89fc89563f177913bd57e0880d6913374e776f94c9b8b331ecdd580991568a","LICENSE-APACHE":"0d542e0c8804e39aa7f37eb00da5a762149dc682d7829451287e11b938e94594","LICENSE-MIT":"f9c4c77baa3828004ee54b8a4f2db2e88ed44a6237a493965bf551fac0fcb62d","src/access.rs":"d62e97f0b3809cf215934484b43997fd5e5539d93e1623ac5bdd8c592b465858","src/config.rs":"c79da16fabb8b9a9420324c680fefb43a45a2f91f7bd013e8a162bea9a2661c3","src/is_active_platform.rs":"ee956af6a52f418b0ef2ef8533f06877f08d7f38b73f1728465eff90a0a8b2c1","src/lib.rs":"8a97de59b418727e22e194761faf6ffa0c40956ca301285e8ec51771c795c78c"},"package":"657cc5dd43cbc7a14d9c5aaf02cfbe9c2a15d077cded3f304adb30ef78852d3e"}
+\ No newline at end of file
++{"files":{".cargo_vcs_info.json":"e5bf5de8bdb21a0b2b614540a4663716c6d478ca0f6b98bee0f4b74c1131ae47","Cargo.lock":"6153c19206300561c1ccb850eb55d74da9c47e4d3379182dff477b3b95356d52","Cargo.toml":"c8cfcb2e1dc52ec08aac03b624ccb8bebfbfa9466281aad5cf8ac40a05df00b4","Cargo.toml.orig":"ce89fc89563f177913bd57e0880d6913374e776f94c9b8b331ecdd580991568a","LICENSE-APACHE":"0d542e0c8804e39aa7f37eb00da5a762149dc682d7829451287e11b938e94594","LICENSE-MIT":"f9c4c77baa3828004ee54b8a4f2db2e88ed44a6237a493965bf551fac0fcb62d","src/access.rs":"f08153ebfc3f19899966f189fd6d558649df0f024774d5279d407e995337dbe3","src/config.rs":"c79da16fabb8b9a9420324c680fefb43a45a2f91f7bd013e8a162bea9a2661c3","src/is_active_platform.rs":"ee956af6a52f418b0ef2ef8533f06877f08d7f38b73f1728465eff90a0a8b2c1","src/lib.rs":"8a97de59b418727e22e194761faf6ffa0c40956ca301285e8ec51771c795c78c"},"package":"657cc5dd43cbc7a14d9c5aaf02cfbe9c2a15d077cded3f304adb30ef78852d3e"}
+diff --git a/vendor/gix-submodule-0.20.0/src/access.rs b/vendor/gix-submodule-0.20.0/src/access.rs
+index 2d52705c2..cd3e9ec3d 100644
+--- a/vendor/gix-submodule-0.20.0/src/access.rs
++++ b/vendor/gix-submodule-0.20.0/src/access.rs
+@@ -166,7 +166,12 @@ impl File {
+
+     /// Retrieve the `update` field of the submodule named `name`, if present.
+     pub fn update(&self, name: &BStr) -> Result<Option<Update>, config::update::Error> {
+-        let value: Update = match self.config.string(format!("submodule.{name}.update")) {
++        let mut value_is_from_modules_file = None;
++        let our_meta = self.config.meta();
++        let value: Update = match self.config.string_filter(&format!("submodule.{name}.update"), |meta| {
++            value_is_from_modules_file = Some(std::ptr::eq(meta, our_meta));
++            true
++        }) {
+             Some(v) => v.as_ref().try_into().map_err(|()| config::update::Error::Invalid {
+                 submodule: name.to_owned(),
+                 actual: v.into_owned(),
+@@ -175,14 +180,7 @@ impl File {
+         };
+
+         if let Update::Command(cmd) = &value {
+-            let ours = self.config.meta();
+-            let has_value_from_foreign_section = self
+-                .config
+-                .sections_by_name("submodule")
+-                .into_iter()
+-                .flatten()
+-                .any(|s| (s.header().subsection_name() == Some(name) && !std::ptr::eq(s.meta(), ours)));
+-            if !has_value_from_foreign_section {
++            if value_is_from_modules_file.unwrap_or_default() {
+                 return Err(config::update::Error::CommandForbiddenInModulesConfiguration {
+                     submodule: name.to_owned(),
+                     actual: cmd.to_owned(),
+-- 
+2.43.0
+