From c03f40dcc17194ea7cb73380155e903aa5745fd0 Mon Sep 17 00:00:00 2001 From: Mathieu Tortuyaux Date: Tue, 22 Jul 2025 10:59:56 +0200 Subject: [PATCH] overlay profiles: adjust accepted keywords Signed-off-by: Mathieu Tortuyaux --- .../profiles/coreos/base/package.accept_keywords | 16 +++++++++++----- 1 file changed, 11 insertions(+), 5 deletions(-) diff --git a/sdk_container/src/third_party/coreos-overlay/profiles/coreos/base/package.accept_keywords b/sdk_container/src/third_party/coreos-overlay/profiles/coreos/base/package.accept_keywords index 66fc439ea8..eb4026b5c4 100644 --- a/sdk_container/src/third_party/coreos-overlay/profiles/coreos/base/package.accept_keywords +++ b/sdk_container/src/third_party/coreos-overlay/profiles/coreos/base/package.accept_keywords @@ -12,6 +12,9 @@ =app-containers/incus-6.0.4-r1 ~arm64 =app-containers/lxc-6.0.4-r1 ~arm64 +# CVE-2025-6032 +=app-containers/podman-5.5.2 ~amd64 ~arm64 + # No stable keywords. =app-containers/syft-1.18.1 ~amd64 ~arm64 @@ -48,9 +51,10 @@ dev-cpp/azure-identity dev-cpp/azure-security-keyvault-certificates dev-cpp/azure-security-keyvault-keys +# CVE-2025-4674 +=dev-lang/go-1.24.5-r1 ~arm64 ~amd64 + # Keep versions on both arches in sync. -=dev-db/sqlite-3.49.2 ~arm64 -=dev-lang/go-1.24.4 ~arm64 =dev-lang/yasm-1.3.0-r1 ~arm64 =dev-libs/cowsql-1.15.8 ~arm64 =dev-libs/ding-libs-0.6.2-r1 ~arm64 @@ -59,6 +63,9 @@ dev-cpp/azure-security-keyvault-keys =dev-libs/jose-12 ** =dev-libs/luksmeta-9-r1 ** +# CVE-2025-49794, CVE-2025-49795, CVE-2025-49796 +=dev-libs/libxml2-2.13.8-r2 ~amd64 ~arm64 + # Keep versions on both arches in sync. =dev-libs/raft-0.22.1 ~arm64 @@ -84,9 +91,6 @@ dev-cpp/azure-security-keyvault-keys =net-libs/libnetfilter_cthelper-1.0.1-r1 ~arm64 =net-libs/libnetfilter_cttimeout-1.0.1 ~arm64 -# Needed for addressing CVE-2025-47268 and CVE-2025-48964 -=net-misc/iputils-20250605 ~amd64 ~arm64 - # Packages are in Gentoo but not expected to be used outside Flatcar, so they # are generally never stabilised. Thus an unusual form is used to pick up the # latest version of the package with the unstable keywords. @@ -99,6 +103,8 @@ sys-apps/azure-vm-utils =sys-boot/mokutil-0.7.2 ** # Enable ipvsadm for arm64. +=sys-fs/zfs-2.3.3 ~arm64 +=sys-fs/zfs-kmod-2.3.3 ~arm64 =sys-cluster/ipvsadm-1.31-r1 ~arm64 # Keep versions on both arches in sync.