From ee7167fce206c759a651bf57f80a3f5430535b3c Mon Sep 17 00:00:00 2001 From: Omkhar Arasaratnam Date: Sat, 4 Jul 2026 07:42:29 -0400 Subject: [PATCH] Patch kernel to fix CVE-2026-43456 Backport upstream fix for CVE-2026-43456, a type confusion in the bonding driver's bond_setup_by_slave(). When a non-Ethernet slave (e.g. a GRE tunnel) is enslaved to a bond, the bond blindly copied the slave's header_ops onto itself; a later dev_hard_header() on the bond then called e.g. ipgre_header() with the bond device, so netdev_priv() returned the bond's struct bonding reinterpreted as struct ip_tunnel -> type confusion -> local privilege escalation (public kernelCTF PoC). Upstream commit: torvalds/linux 950803f7254721c1c15858fbbfae3deaaeeecb11 Author: Jiayuan Chen Fixes: 1284cd3a2b74 ("bonding: two small fixes for IPoIB support") Reviewed-by: Eric Dumazet The fix is single-file (drivers/net/bonding/bond_main.c) and applies cleanly to the 6.6.143.1 (rolling-lts/mariner-3) source via %autosetup -p1. Applied to both from-source kernels (kernel, kernel-64k); release bumped across the entangled kernel spec set (kernel-headers, kernel-signed, kernel-64k-signed, kernel-uki-signed) and the kernel-headers manifest. Signed-off-by: Omkhar Arasaratnam Co-Authored-By: Claude Opus 4.8 (1M context) --- .../kernel-64k-signed/kernel-64k-signed.spec | 5 +- SPECS-SIGNED/kernel-signed/kernel-signed.spec | 5 +- .../kernel-uki-signed/kernel-uki-signed.spec | 5 +- SPECS/kernel-64k/CVE-2026-43456.patch | 143 ++++++++++++++++++ SPECS/kernel-64k/kernel-64k.spec | 6 +- SPECS/kernel-headers/kernel-headers.spec | 5 +- SPECS/kernel/CVE-2026-43456.patch | 143 ++++++++++++++++++ SPECS/kernel/kernel-uki.spec | 5 +- SPECS/kernel/kernel.spec | 6 +- .../manifests/package/pkggen_core_aarch64.txt | 2 +- .../manifests/package/pkggen_core_x86_64.txt | 2 +- .../manifests/package/toolchain_aarch64.txt | 2 +- .../manifests/package/toolchain_x86_64.txt | 4 +- 13 files changed, 321 insertions(+), 12 deletions(-) create mode 100644 SPECS/kernel-64k/CVE-2026-43456.patch create mode 100644 SPECS/kernel/CVE-2026-43456.patch diff --git a/SPECS-SIGNED/kernel-64k-signed/kernel-64k-signed.spec b/SPECS-SIGNED/kernel-64k-signed/kernel-64k-signed.spec index c494f74f3ae..9f4ec06f1b9 100644 --- a/SPECS-SIGNED/kernel-64k-signed/kernel-64k-signed.spec +++ b/SPECS-SIGNED/kernel-64k-signed/kernel-64k-signed.spec @@ -7,7 +7,7 @@ Summary: Signed Linux Kernel for %{buildarch} systems Name: kernel-64k-signed-%{buildarch} Version: 6.6.143.1 -Release: 1%{?dist} +Release: 2%{?dist} License: GPLv2 Vendor: Microsoft Corporation Distribution: Azure Linux @@ -105,6 +105,9 @@ echo "initrd of kernel %{uname_r} removed" >&2 %exclude /module_info.ld %changelog +* Sat Jul 04 2026 Omkhar Arasaratnam - 6.6.143.1-2 +- Bump release to match kernel (CVE-2026-43456) + * Wed Jun 24 2026 CBL-Mariner Servicing Account - 6.6.143.1-1 - Auto-upgrade to 6.6.143.1 diff --git a/SPECS-SIGNED/kernel-signed/kernel-signed.spec b/SPECS-SIGNED/kernel-signed/kernel-signed.spec index 617fd063f11..b26f5a20efb 100644 --- a/SPECS-SIGNED/kernel-signed/kernel-signed.spec +++ b/SPECS-SIGNED/kernel-signed/kernel-signed.spec @@ -10,7 +10,7 @@ Summary: Signed Linux Kernel for %{buildarch} systems Name: kernel-signed-%{buildarch} Version: 6.6.143.1 -Release: 1%{?dist} +Release: 2%{?dist} License: GPLv2 Vendor: Microsoft Corporation Distribution: Azure Linux @@ -145,6 +145,9 @@ echo "initrd of kernel %{uname_r} removed" >&2 %exclude /module_info.ld %changelog +* Sat Jul 04 2026 Omkhar Arasaratnam - 6.6.143.1-2 +- Bump release to match kernel (CVE-2026-43456) + * Wed Jun 24 2026 CBL-Mariner Servicing Account - 6.6.143.1-1 - Auto-upgrade to 6.6.143.1 diff --git a/SPECS-SIGNED/kernel-uki-signed/kernel-uki-signed.spec b/SPECS-SIGNED/kernel-uki-signed/kernel-uki-signed.spec index b937b3685d0..432dca9f2de 100644 --- a/SPECS-SIGNED/kernel-uki-signed/kernel-uki-signed.spec +++ b/SPECS-SIGNED/kernel-uki-signed/kernel-uki-signed.spec @@ -6,7 +6,7 @@ Summary: Signed Unified Kernel Image for %{buildarch} systems Name: kernel-uki-signed-%{buildarch} Version: 6.6.143.1 -Release: 1%{?dist} +Release: 2%{?dist} License: GPLv2 Vendor: Microsoft Corporation Distribution: Azure Linux @@ -68,6 +68,9 @@ popd /boot/efi/EFI/Linux/vmlinuz-uki-%{kernelver}.efi %changelog +* Sat Jul 04 2026 Omkhar Arasaratnam - 6.6.143.1-2 +- Bump release to match kernel (CVE-2026-43456) + * Wed Jun 24 2026 CBL-Mariner Servicing Account - 6.6.143.1-1 - Auto-upgrade to 6.6.143.1 diff --git a/SPECS/kernel-64k/CVE-2026-43456.patch b/SPECS/kernel-64k/CVE-2026-43456.patch new file mode 100644 index 00000000000..a9e7f853664 --- /dev/null +++ b/SPECS/kernel-64k/CVE-2026-43456.patch @@ -0,0 +1,143 @@ +From 950803f7254721c1c15858fbbfae3deaaeeecb11 Mon Sep 17 00:00:00 2001 +From: Jiayuan Chen +Date: Fri, 6 Mar 2026 10:15:07 +0800 +Subject: [PATCH] bonding: fix type confusion in bond_setup_by_slave() + +kernel BUG at net/core/skbuff.c:2306! +Oops: invalid opcode: 0000 [#1] SMP KASAN NOPTI +RIP: 0010:pskb_expand_head+0xa08/0xfe0 net/core/skbuff.c:2306 +RSP: 0018:ffffc90004aff760 EFLAGS: 00010293 +RAX: 0000000000000000 RBX: ffff88807e3c8780 RCX: ffffffff89593e0e +RDX: ffff88807b7c4900 RSI: ffffffff89594747 RDI: ffff88807b7c4900 +RBP: 0000000000000820 R08: 0000000000000005 R09: 0000000000000000 +R10: 00000000961a63e0 R11: 0000000000000000 R12: ffff88807e3c8780 +R13: 00000000961a6560 R14: dffffc0000000000 R15: 00000000961a63e0 +CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 +CR2: 00007fe1a0ed8df0 CR3: 000000002d816000 CR4: 00000000003526f0 +Call Trace: + + ipgre_header+0xdd/0x540 net/ipv4/ip_gre.c:900 + dev_hard_header include/linux/netdevice.h:3439 [inline] + packet_snd net/packet/af_packet.c:3028 [inline] + packet_sendmsg+0x3ae5/0x53c0 net/packet/af_packet.c:3108 + sock_sendmsg_nosec net/socket.c:727 [inline] + __sock_sendmsg net/socket.c:742 [inline] + ____sys_sendmsg+0xa54/0xc30 net/socket.c:2592 + ___sys_sendmsg+0x190/0x1e0 net/socket.c:2646 + __sys_sendmsg+0x170/0x220 net/socket.c:2678 + do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline] + do_syscall_64+0x106/0xf80 arch/x86/entry/syscall_64.c:94 + entry_SYSCALL_64_after_hwframe+0x77/0x7f +RIP: 0033:0x7fe1a0e6c1a9 + +When a non-Ethernet device (e.g. GRE tunnel) is enslaved to a bond, +bond_setup_by_slave() directly copies the slave's header_ops to the +bond device: + + bond_dev->header_ops = slave_dev->header_ops; + +This causes a type confusion when dev_hard_header() is later called +on the bond device. Functions like ipgre_header(), ip6gre_header(),all use +netdev_priv(dev) to access their device-specific private data. When +called with the bond device, netdev_priv() returns the bond's private +data (struct bonding) instead of the expected type (e.g. struct +ip_tunnel), leading to garbage values being read and kernel crashes. + +Fix this by introducing bond_header_ops with wrapper functions that +delegate to the active slave's header_ops using the slave's own +device. This ensures netdev_priv() in the slave's header functions +always receives the correct device. + +The fix is placed in the bonding driver rather than individual device +drivers, as the root cause is bond blindly inheriting header_ops from +the slave without considering that these callbacks expect a specific +netdev_priv() layout. + +The type confusion can be observed by adding a printk in +ipgre_header() and running the following commands: + + ip link add dummy0 type dummy + ip addr add 10.0.0.1/24 dev dummy0 + ip link set dummy0 up + ip link add gre1 type gre local 10.0.0.1 + ip link add bond1 type bond mode active-backup + ip link set gre1 master bond1 + ip link set gre1 up + ip link set bond1 up + ip addr add fe80::1/64 dev bond1 + +Fixes: 1284cd3a2b74 ("bonding: two small fixes for IPoIB support") +Suggested-by: Jay Vosburgh +Reviewed-by: Eric Dumazet +Signed-off-by: Jiayuan Chen +Link: https://patch.msgid.link/20260306021508.222062-1-jiayuan.chen@linux.dev +Signed-off-by: Paolo Abeni +--- + drivers/net/bonding/bond_main.c | 47 ++++++++++++++++++++++++++++++++- + 1 file changed, 46 insertions(+), 1 deletion(-) + +diff --git a/drivers/net/bonding/bond_main.c b/drivers/net/bonding/bond_main.c +index 444519078da39a..c1fb92602e4681 100644 +--- a/drivers/net/bonding/bond_main.c ++++ b/drivers/net/bonding/bond_main.c +@@ -1509,6 +1509,50 @@ static netdev_features_t bond_fix_features(struct net_device *dev, + return features; + } + ++static int bond_header_create(struct sk_buff *skb, struct net_device *bond_dev, ++ unsigned short type, const void *daddr, ++ const void *saddr, unsigned int len) ++{ ++ struct bonding *bond = netdev_priv(bond_dev); ++ const struct header_ops *slave_ops; ++ struct slave *slave; ++ int ret = 0; ++ ++ rcu_read_lock(); ++ slave = rcu_dereference(bond->curr_active_slave); ++ if (slave) { ++ slave_ops = READ_ONCE(slave->dev->header_ops); ++ if (slave_ops && slave_ops->create) ++ ret = slave_ops->create(skb, slave->dev, ++ type, daddr, saddr, len); ++ } ++ rcu_read_unlock(); ++ return ret; ++} ++ ++static int bond_header_parse(const struct sk_buff *skb, unsigned char *haddr) ++{ ++ struct bonding *bond = netdev_priv(skb->dev); ++ const struct header_ops *slave_ops; ++ struct slave *slave; ++ int ret = 0; ++ ++ rcu_read_lock(); ++ slave = rcu_dereference(bond->curr_active_slave); ++ if (slave) { ++ slave_ops = READ_ONCE(slave->dev->header_ops); ++ if (slave_ops && slave_ops->parse) ++ ret = slave_ops->parse(skb, haddr); ++ } ++ rcu_read_unlock(); ++ return ret; ++} ++ ++static const struct header_ops bond_header_ops = { ++ .create = bond_header_create, ++ .parse = bond_header_parse, ++}; ++ + static void bond_setup_by_slave(struct net_device *bond_dev, + struct net_device *slave_dev) + { +@@ -1516,7 +1560,8 @@ static void bond_setup_by_slave(struct net_device *bond_dev, + + dev_close(bond_dev); + +- bond_dev->header_ops = slave_dev->header_ops; ++ bond_dev->header_ops = slave_dev->header_ops ? ++ &bond_header_ops : NULL; + + bond_dev->type = slave_dev->type; + bond_dev->hard_header_len = slave_dev->hard_header_len; diff --git a/SPECS/kernel-64k/kernel-64k.spec b/SPECS/kernel-64k/kernel-64k.spec index 73f4eaaf117..a5bb8b8e0d3 100644 --- a/SPECS/kernel-64k/kernel-64k.spec +++ b/SPECS/kernel-64k/kernel-64k.spec @@ -27,7 +27,7 @@ Summary: Linux Kernel Name: kernel-64k Version: 6.6.143.1 -Release: 1%{?dist} +Release: 2%{?dist} License: GPLv2 Vendor: Microsoft Corporation Distribution: Azure Linux @@ -41,6 +41,7 @@ Source4: cpupower Source5: cpupower.service Patch0: 0001-add-mstflint-kernel-%{mstflintver}.patch Patch1: 0002-efi-Added-efi-cmdline-line-option-to-dynamically-adj.patch +Patch2: CVE-2026-43456.patch ExclusiveArch: aarch64 BuildRequires: audit-devel BuildRequires: bash @@ -380,6 +381,9 @@ echo "initrd of kernel %{uname_r} removed" >&2 %{_sysconfdir}/bash_completion.d/bpftool %changelog +* Sat Jul 04 2026 Omkhar Arasaratnam - 6.6.143.1-2 +- Add patch to fix CVE-2026-43456 (bonding: type confusion in bond_setup_by_slave()) + * Wed Jun 24 2026 CBL-Mariner Servicing Account - 6.6.143.1-1 - Auto-upgrade to 6.6.143.1 diff --git a/SPECS/kernel-headers/kernel-headers.spec b/SPECS/kernel-headers/kernel-headers.spec index 0014a479ed9..263d1c0608d 100644 --- a/SPECS/kernel-headers/kernel-headers.spec +++ b/SPECS/kernel-headers/kernel-headers.spec @@ -14,7 +14,7 @@ Summary: Linux API header files Name: kernel-headers Version: 6.6.143.1 -Release: 1%{?dist} +Release: 2%{?dist} License: GPLv2 Vendor: Microsoft Corporation Distribution: Azure Linux @@ -75,6 +75,9 @@ done %endif %changelog +* Sat Jul 04 2026 Omkhar Arasaratnam - 6.6.143.1-2 +- Bump release to match kernel (CVE-2026-43456) + * Wed Jun 24 2026 CBL-Mariner Servicing Account - 6.6.143.1-1 - Auto-upgrade to 6.6.143.1 diff --git a/SPECS/kernel/CVE-2026-43456.patch b/SPECS/kernel/CVE-2026-43456.patch new file mode 100644 index 00000000000..a9e7f853664 --- /dev/null +++ b/SPECS/kernel/CVE-2026-43456.patch @@ -0,0 +1,143 @@ +From 950803f7254721c1c15858fbbfae3deaaeeecb11 Mon Sep 17 00:00:00 2001 +From: Jiayuan Chen +Date: Fri, 6 Mar 2026 10:15:07 +0800 +Subject: [PATCH] bonding: fix type confusion in bond_setup_by_slave() + +kernel BUG at net/core/skbuff.c:2306! +Oops: invalid opcode: 0000 [#1] SMP KASAN NOPTI +RIP: 0010:pskb_expand_head+0xa08/0xfe0 net/core/skbuff.c:2306 +RSP: 0018:ffffc90004aff760 EFLAGS: 00010293 +RAX: 0000000000000000 RBX: ffff88807e3c8780 RCX: ffffffff89593e0e +RDX: ffff88807b7c4900 RSI: ffffffff89594747 RDI: ffff88807b7c4900 +RBP: 0000000000000820 R08: 0000000000000005 R09: 0000000000000000 +R10: 00000000961a63e0 R11: 0000000000000000 R12: ffff88807e3c8780 +R13: 00000000961a6560 R14: dffffc0000000000 R15: 00000000961a63e0 +CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 +CR2: 00007fe1a0ed8df0 CR3: 000000002d816000 CR4: 00000000003526f0 +Call Trace: + + ipgre_header+0xdd/0x540 net/ipv4/ip_gre.c:900 + dev_hard_header include/linux/netdevice.h:3439 [inline] + packet_snd net/packet/af_packet.c:3028 [inline] + packet_sendmsg+0x3ae5/0x53c0 net/packet/af_packet.c:3108 + sock_sendmsg_nosec net/socket.c:727 [inline] + __sock_sendmsg net/socket.c:742 [inline] + ____sys_sendmsg+0xa54/0xc30 net/socket.c:2592 + ___sys_sendmsg+0x190/0x1e0 net/socket.c:2646 + __sys_sendmsg+0x170/0x220 net/socket.c:2678 + do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline] + do_syscall_64+0x106/0xf80 arch/x86/entry/syscall_64.c:94 + entry_SYSCALL_64_after_hwframe+0x77/0x7f +RIP: 0033:0x7fe1a0e6c1a9 + +When a non-Ethernet device (e.g. GRE tunnel) is enslaved to a bond, +bond_setup_by_slave() directly copies the slave's header_ops to the +bond device: + + bond_dev->header_ops = slave_dev->header_ops; + +This causes a type confusion when dev_hard_header() is later called +on the bond device. Functions like ipgre_header(), ip6gre_header(),all use +netdev_priv(dev) to access their device-specific private data. When +called with the bond device, netdev_priv() returns the bond's private +data (struct bonding) instead of the expected type (e.g. struct +ip_tunnel), leading to garbage values being read and kernel crashes. + +Fix this by introducing bond_header_ops with wrapper functions that +delegate to the active slave's header_ops using the slave's own +device. This ensures netdev_priv() in the slave's header functions +always receives the correct device. + +The fix is placed in the bonding driver rather than individual device +drivers, as the root cause is bond blindly inheriting header_ops from +the slave without considering that these callbacks expect a specific +netdev_priv() layout. + +The type confusion can be observed by adding a printk in +ipgre_header() and running the following commands: + + ip link add dummy0 type dummy + ip addr add 10.0.0.1/24 dev dummy0 + ip link set dummy0 up + ip link add gre1 type gre local 10.0.0.1 + ip link add bond1 type bond mode active-backup + ip link set gre1 master bond1 + ip link set gre1 up + ip link set bond1 up + ip addr add fe80::1/64 dev bond1 + +Fixes: 1284cd3a2b74 ("bonding: two small fixes for IPoIB support") +Suggested-by: Jay Vosburgh +Reviewed-by: Eric Dumazet +Signed-off-by: Jiayuan Chen +Link: https://patch.msgid.link/20260306021508.222062-1-jiayuan.chen@linux.dev +Signed-off-by: Paolo Abeni +--- + drivers/net/bonding/bond_main.c | 47 ++++++++++++++++++++++++++++++++- + 1 file changed, 46 insertions(+), 1 deletion(-) + +diff --git a/drivers/net/bonding/bond_main.c b/drivers/net/bonding/bond_main.c +index 444519078da39a..c1fb92602e4681 100644 +--- a/drivers/net/bonding/bond_main.c ++++ b/drivers/net/bonding/bond_main.c +@@ -1509,6 +1509,50 @@ static netdev_features_t bond_fix_features(struct net_device *dev, + return features; + } + ++static int bond_header_create(struct sk_buff *skb, struct net_device *bond_dev, ++ unsigned short type, const void *daddr, ++ const void *saddr, unsigned int len) ++{ ++ struct bonding *bond = netdev_priv(bond_dev); ++ const struct header_ops *slave_ops; ++ struct slave *slave; ++ int ret = 0; ++ ++ rcu_read_lock(); ++ slave = rcu_dereference(bond->curr_active_slave); ++ if (slave) { ++ slave_ops = READ_ONCE(slave->dev->header_ops); ++ if (slave_ops && slave_ops->create) ++ ret = slave_ops->create(skb, slave->dev, ++ type, daddr, saddr, len); ++ } ++ rcu_read_unlock(); ++ return ret; ++} ++ ++static int bond_header_parse(const struct sk_buff *skb, unsigned char *haddr) ++{ ++ struct bonding *bond = netdev_priv(skb->dev); ++ const struct header_ops *slave_ops; ++ struct slave *slave; ++ int ret = 0; ++ ++ rcu_read_lock(); ++ slave = rcu_dereference(bond->curr_active_slave); ++ if (slave) { ++ slave_ops = READ_ONCE(slave->dev->header_ops); ++ if (slave_ops && slave_ops->parse) ++ ret = slave_ops->parse(skb, haddr); ++ } ++ rcu_read_unlock(); ++ return ret; ++} ++ ++static const struct header_ops bond_header_ops = { ++ .create = bond_header_create, ++ .parse = bond_header_parse, ++}; ++ + static void bond_setup_by_slave(struct net_device *bond_dev, + struct net_device *slave_dev) + { +@@ -1516,7 +1560,8 @@ static void bond_setup_by_slave(struct net_device *bond_dev, + + dev_close(bond_dev); + +- bond_dev->header_ops = slave_dev->header_ops; ++ bond_dev->header_ops = slave_dev->header_ops ? ++ &bond_header_ops : NULL; + + bond_dev->type = slave_dev->type; + bond_dev->hard_header_len = slave_dev->hard_header_len; diff --git a/SPECS/kernel/kernel-uki.spec b/SPECS/kernel/kernel-uki.spec index 88515613a98..f0611826b7e 100644 --- a/SPECS/kernel/kernel-uki.spec +++ b/SPECS/kernel/kernel-uki.spec @@ -13,7 +13,7 @@ Summary: Unified Kernel Image Name: kernel-uki Version: 6.6.143.1 -Release: 1%{?dist} +Release: 2%{?dist} License: GPLv2 Vendor: Microsoft Corporation Distribution: Azure Linux @@ -70,6 +70,9 @@ cp %{buildroot}/boot/vmlinuz-uki-%{kernelver}.efi %{buildroot}/boot/efi/EFI/Linu /boot/efi/EFI/Linux/vmlinuz-uki-%{kernelver}.efi %changelog +* Sat Jul 04 2026 Omkhar Arasaratnam - 6.6.143.1-2 +- Bump release to match kernel (CVE-2026-43456) + * Wed Jun 24 2026 CBL-Mariner Servicing Account - 6.6.143.1-1 - Auto-upgrade to 6.6.143.1 diff --git a/SPECS/kernel/kernel.spec b/SPECS/kernel/kernel.spec index abd83a990c2..3f365128e31 100644 --- a/SPECS/kernel/kernel.spec +++ b/SPECS/kernel/kernel.spec @@ -32,7 +32,7 @@ Summary: Linux Kernel Name: kernel Version: 6.6.143.1 -Release: 1%{?dist} +Release: 2%{?dist} License: GPLv2 Vendor: Microsoft Corporation Distribution: Azure Linux @@ -46,6 +46,7 @@ Source4: azurelinux-ca-20230216.pem Source5: cpupower Source6: cpupower.service Patch0: 0001-add-mstflint-kernel-%{mstflintver}.patch +Patch1: CVE-2026-43456.patch BuildRequires: audit-devel BuildRequires: bash BuildRequires: bc @@ -440,6 +441,9 @@ echo "initrd of kernel %{uname_r} removed" >&2 %{_sysconfdir}/bash_completion.d/bpftool %changelog +* Sat Jul 04 2026 Omkhar Arasaratnam - 6.6.143.1-2 +- Add patch to fix CVE-2026-43456 (bonding: type confusion in bond_setup_by_slave()) + * Wed Jun 24 2026 CBL-Mariner Servicing Account - 6.6.143.1-1 - Auto-upgrade to 6.6.143.1 diff --git a/toolkit/resources/manifests/package/pkggen_core_aarch64.txt b/toolkit/resources/manifests/package/pkggen_core_aarch64.txt index a390e06ded5..1d1ec0c5fd6 100644 --- a/toolkit/resources/manifests/package/pkggen_core_aarch64.txt +++ b/toolkit/resources/manifests/package/pkggen_core_aarch64.txt @@ -1,5 +1,5 @@ filesystem-1.1-21.azl3.aarch64.rpm -kernel-headers-6.6.143.1-1.azl3.noarch.rpm +kernel-headers-6.6.143.1-2.azl3.noarch.rpm glibc-2.38-20.azl3.aarch64.rpm glibc-devel-2.38-20.azl3.aarch64.rpm glibc-i18n-2.38-20.azl3.aarch64.rpm diff --git a/toolkit/resources/manifests/package/pkggen_core_x86_64.txt b/toolkit/resources/manifests/package/pkggen_core_x86_64.txt index d9b90c06115..bcf492f907f 100644 --- a/toolkit/resources/manifests/package/pkggen_core_x86_64.txt +++ b/toolkit/resources/manifests/package/pkggen_core_x86_64.txt @@ -1,5 +1,5 @@ filesystem-1.1-21.azl3.x86_64.rpm -kernel-headers-6.6.143.1-1.azl3.noarch.rpm +kernel-headers-6.6.143.1-2.azl3.noarch.rpm glibc-2.38-20.azl3.x86_64.rpm glibc-devel-2.38-20.azl3.x86_64.rpm glibc-i18n-2.38-20.azl3.x86_64.rpm diff --git a/toolkit/resources/manifests/package/toolchain_aarch64.txt b/toolkit/resources/manifests/package/toolchain_aarch64.txt index 37732fa4225..102c872311a 100644 --- a/toolkit/resources/manifests/package/toolchain_aarch64.txt +++ b/toolkit/resources/manifests/package/toolchain_aarch64.txt @@ -158,7 +158,7 @@ intltool-0.51.0-7.azl3.noarch.rpm itstool-2.0.7-1.azl3.noarch.rpm kbd-2.2.0-2.azl3.aarch64.rpm kbd-debuginfo-2.2.0-2.azl3.aarch64.rpm -kernel-headers-6.6.143.1-1.azl3.noarch.rpm +kernel-headers-6.6.143.1-2.azl3.noarch.rpm kmod-30-1.azl3.aarch64.rpm kmod-debuginfo-30-1.azl3.aarch64.rpm kmod-devel-30-1.azl3.aarch64.rpm diff --git a/toolkit/resources/manifests/package/toolchain_x86_64.txt b/toolkit/resources/manifests/package/toolchain_x86_64.txt index 13415530e1a..2bbc6bd83eb 100644 --- a/toolkit/resources/manifests/package/toolchain_x86_64.txt +++ b/toolkit/resources/manifests/package/toolchain_x86_64.txt @@ -165,8 +165,8 @@ intltool-0.51.0-7.azl3.noarch.rpm itstool-2.0.7-1.azl3.noarch.rpm kbd-2.2.0-2.azl3.x86_64.rpm kbd-debuginfo-2.2.0-2.azl3.x86_64.rpm -kernel-cross-headers-6.6.143.1-1.azl3.noarch.rpm -kernel-headers-6.6.143.1-1.azl3.noarch.rpm +kernel-cross-headers-6.6.143.1-2.azl3.noarch.rpm +kernel-headers-6.6.143.1-2.azl3.noarch.rpm kmod-30-1.azl3.x86_64.rpm kmod-debuginfo-30-1.azl3.x86_64.rpm kmod-devel-30-1.azl3.x86_64.rpm