microsoft
diff --git a/‎SPECS-SIGNED/kernel-azure-signed/kernel-azure-signed.spec
+4-1 b/‎SPECS-SIGNED/kernel-azure-signed/kernel-azure-signed.spec
+4-1
diff --git a/‎SPECS-SIGNED/kernel-hci-signed/kernel-hci-signed.spec
+4-1 b/‎SPECS-SIGNED/kernel-hci-signed/kernel-hci-signed.spec
+4-1
diff --git a/‎SPECS-SIGNED/kernel-signed/kernel-signed.spec
+4-1 b/‎SPECS-SIGNED/kernel-signed/kernel-signed.spec
+4-1
diff --git a/‎SPECS/R/CVE-2024-27322.patch
+49 b/‎SPECS/R/CVE-2024-27322.patch
+49
diff --git a/‎SPECS/R/R.spec
+5-1 b/‎SPECS/R/R.spec
+5-1
diff --git a/‎SPECS/conntrack-tools/conntrack-tools.signatures.json
+1-1 b/‎SPECS/conntrack-tools/conntrack-tools.signatures.json
+1-1
diff --git a/‎SPECS/conntrack-tools/conntrack-tools.spec
+9-4 b/‎SPECS/conntrack-tools/conntrack-tools.spec
+9-4
@@ -9,7 +9,7 @@
 %define uname_r %{version}-%{release}
 Summary:        Signed Linux Kernel for Azure
 Name:           kernel-azure-signed-%{buildarch}
-Version:        5.15.158.2
+Version:        5.15.160.1
 Release:        1%{?dist}
 License:        GPLv2
 Vendor:         Microsoft Corporation
@@ -153,6 +153,9 @@ ln -sf linux-%{uname_r}.cfg /boot/mariner.cfg
 %exclude /module_info.ld
 
 %changelog
+* Sat Jun 08 2024 CBL-Mariner Servicing Account <[email protected]> - 5.15.160.1-1
+- Auto-upgrade to 5.15.160.1
+
 * Fri Jun 07 2024 Rachel Menge <[email protected]> - 5.15.158.2-1
 - Revert to 5.15.158.2
 
 
@@ -4,7 +4,7 @@
 %define uname_r %{version}-%{release}
 Summary:        Signed Linux Kernel for HCI
 Name:           kernel-hci-signed-%{buildarch}
-Version:        5.15.158.2
+Version:        5.15.160.1
 Release:        1%{?dist}
 License:        GPLv2
 Vendor:         Microsoft Corporation
@@ -149,6 +149,9 @@ ln -sf linux-%{uname_r}.cfg /boot/mariner.cfg
 %exclude /module_info.ld
 
 %changelog
+* Sat Jun 08 2024 CBL-Mariner Servicing Account <[email protected]> - 5.15.160.1-1
+- Auto-upgrade to 5.15.160.1
+
 * Fri Jun 07 2024 Rachel Menge <[email protected]> - 5.15.158.2-1
 - Revert to 5.15.158.2
 
 
@@ -9,7 +9,7 @@
 %define uname_r %{version}-%{release}
 Summary:        Signed Linux Kernel for %{buildarch} systems
 Name:           kernel-signed-%{buildarch}
-Version:        5.15.158.2
+Version:        5.15.160.1
 Release:        1%{?dist}
 License:        GPLv2
 Vendor:         Microsoft Corporation
@@ -153,6 +153,9 @@ ln -sf linux-%{uname_r}.cfg /boot/mariner.cfg
 %exclude /module_info.ld
 
 %changelog
+* Sat Jun 08 2024 CBL-Mariner Servicing Account <[email protected]> - 5.15.160.1-1
+- Auto-upgrade to 5.15.160.1
+
 * Fri Jun 07 2024 Rachel Menge <[email protected]> - 5.15.158.2-1
 - Revert to 5.15.158.2
 
 
@@ -0,0 +1,49 @@
+From f7c46500f455eb4edfc3656c3fa20af61b16abb7 Mon Sep 17 00:00:00 2001
+From: luke <luke@00db46b3-68df-0310-9c12-caf00c1e9a41>
+Date: Sun, 31 Mar 2024 19:35:58 +0000
+Subject: [PATCH] readRDS() and unserialize() now signal an errorr instead of
+ returning a PROMSXP.
+
+git-svn-id: https://svn.r-project.org/R/trunk@86235 00db46b3-68df-0310-9c12-caf00c1e9a41
+---
+ src/main/serialize.c | 13 ++++++++++---
+ 1 file changed, 10 insertions(+), 3 deletions(-)
+
+diff --git a/src/main/serialize.c b/src/main/serialize.c
+index a389f713116..a190fbf8f3c 100644
+--- a/src/main/serialize.c
++++ b/src/main/serialize.c
+@@ -2650,6 +2650,13 @@ do_serializeToConn(SEXP call, SEXP op, SEXP args, SEXP env)
+     return R_NilValue;
+ }
+ 
++static SEXP checkNotPromise(SEXP val)
++{
++    if (TYPEOF(val) == PROMSXP)
++	error(_("cannot return a promise (PROMSXP) object"));
++    return val;
++}
++
+ /* unserializeFromConn(conn, hook) used from readRDS().
+    It became public in R 2.13.0, and that version added support for
+    connections internally */
+@@ -2699,7 +2706,7 @@ do_unserializeFromConn(SEXP call, SEXP op, SEXP args, SEXP env)
+ 	con->close(con);
+ 	UNPROTECT(1);
+     }
+-    return ans;
++    return checkNotPromise(ans);
+ }
+ 
+ /*
+@@ -3330,8 +3337,8 @@ attribute_hidden SEXP
+ do_serialize(SEXP call, SEXP op, SEXP args, SEXP env)
+ {
+     checkArity(op, args);
+-    if (PRIMVAL(op) == 2) return R_unserialize(CAR(args), CADR(args));
+-
++    if (PRIMVAL(op) == 2) //return R_unserialize(CAR(args), CADR(args));
++	return checkNotPromise(R_unserialize(CAR(args), CADR(args)));
+     SEXP object, icon, type, ver, fun;
+     object = CAR(args); args = CDR(args);
+     icon = CAR(args); args = CDR(args);
@@ -2,7 +2,7 @@
 Summary:        A language for data analysis and graphics
 Name:           R
 Version:        4.1.0
-Release:        4%{?dist}
+Release:        5%{?dist}
 License:        GPLv2
 Vendor:         Microsoft Corporation
 Distribution:   Mariner
@@ -13,6 +13,7 @@ Source0:        https://cran.r-project.org/src/base/R-4/R-%{version}.tar.gz
 # in 2018. Given curl 8.0.0 is not an actual breaking change, this patch should be fine.
 # We should drop this when R eventually gets official support for build with curl >= 8.0.0
 Patch0:         0001-configure-fix-compilation-with-curl-8.0.0.patch
+Patch1:         CVE-2024-27322.patch
 BuildRequires:  build-essential
 BuildRequires:  bzip2-devel
 BuildRequires:  curl-devel
@@ -121,6 +122,9 @@ TZ="Europe/Paris" make check -k -i
 %endif
 
 %changelog
+* Wed Jun 19 2024 Saul Paredes <[email protected]> - 4.1.0-5
+- Patch CVE-2024-27322
+
 * Wed Sep 20 2023 Jon Slobodzian <[email protected]> - 4.1.0-4
 - Recompile with stack-protection fixed gcc version (CVE-2023-4039)
 
 
@@ -1,6 +1,6 @@
 {
  "Signatures": {
-  "conntrack-tools-1.4.5.tar.bz2": "36c6d99c7684851d4d72e75bd07ff3f0ff1baaf4b6f069eb7244990cd1a9a462",
+  "conntrack-tools-1.4.8.tar.xz": "067677f4c5f6564819e78ed3a9d4a8980935ea9273f3abb22a420ea30ab5ded6",
   "conntrackd.conf": "dc7fa36293263d0674508cba4499c90d20df15eabea7a7d901f2050094ede38b",
   "conntrackd.service": "c18f00e7b76df6dce5b7b46e1bb35e6c34f5d1fe329892c1f0327c2712282778"
  }
 
@@ -1,19 +1,19 @@
 Summary:        Manipulate netfilter connection tracking table and run High Availability
 Name:           conntrack-tools
-Version:        1.4.5
-Release:        8%{?dist}
+Version:        1.4.8
+Release:        1%{?dist}
 License:        GPLv2
 Vendor:         Microsoft Corporation
 Distribution:   Mariner
 URL:            https://conntrack-tools.netfilter.org/
-Source0:        https://netfilter.org/projects/%{name}/files/%{name}-%{version}.tar.bz2
+Source0:        https://netfilter.org/projects/%{name}/files/%{name}-%{version}.tar.xz
 Source1:        conntrackd.service
 Source2:        conntrackd.conf
 BuildRequires:  bison
 BuildRequires:  flex
 BuildRequires:  gcc
 BuildRequires:  libmnl-devel >= 1.0.3
-BuildRequires:  libnetfilter_conntrack-devel >= 1.0.7
+BuildRequires:  libnetfilter_conntrack-devel >= 1.0.9
 BuildRequires:  libnetfilter_cthelper-devel >= 1.0.0
 BuildRequires:  libnetfilter_cttimeout-devel >= 1.0.0
 BuildRequires:  libnetfilter_queue-devel >= 1.0.2
@@ -96,6 +96,11 @@ echo "disable conntrackd.service" > %{buildroot}%{_libdir}/systemd/system-preset
 %systemd_postun conntrackd.service
 
 %changelog
+* Wed Jun 12 2024 corvus-callidus <[email protected]> - 1.4.8-1
+- Update to version 1.4.8
+- Updating source from tar.bz2 to tar.xz
+- Build requires libnetfilter_conntrack >= 1.0.9
+
 * Wed Sep 20 2023 Jon Slobodzian <[email protected]> - 1.4.5-8
 - Recompile with stack-protection fixed gcc version (CVE-2023-4039)
Original file line number	Diff line number	Diff line change
`@@ -1,6 +1,6 @@`
`1`	`1`	`{`
`2`	`2`	`"Signatures": {`
`3`		`- "conntrack-tools-1.4.5.tar.bz2": "36c6d99c7684851d4d72e75bd07ff3f0ff1baaf4b6f069eb7244990cd1a9a462",`
	`3`	`+ "conntrack-tools-1.4.8.tar.xz": "067677f4c5f6564819e78ed3a9d4a8980935ea9273f3abb22a420ea30ab5ded6",`
`4`	`4`	`"conntrackd.conf": "dc7fa36293263d0674508cba4499c90d20df15eabea7a7d901f2050094ede38b",`
`5`	`5`	`"conntrackd.service": "c18f00e7b76df6dce5b7b46e1bb35e6c34f5d1fe329892c1f0327c2712282778"`
`6`	`6`	`}`