Kernel upgrade to 5.15.72.1 version (#3949)

SPECS-SIGNED/kernel-signed/kernel-signed.spec

@@ -9,7 +9,7 @@
 %define uname_r %{version}-%{release}
 Summary:        Signed Linux Kernel for %{buildarch} systems
 Name:           kernel-signed-%{buildarch}
-Version:        5.15.70.1
+Version:        5.15.72.1
 Release:        1%{?dist}
 License:        GPLv2
 Vendor:         Microsoft Corporation
@@ -153,6 +153,9 @@ ln -sf linux-%{uname_r}.cfg /boot/mariner.cfg
 %exclude /module_info.ld
 
 %changelog
+* Fri Oct 07 2022 CBL-Mariner Servicing Account <cblmargh@microsoft.com> - 5.15.72.1-1
+- Upgrade to 5.15.72.1
+
 * Tue Sep 27 2022 CBL-Mariner Servicing Account <cblmargh@microsoft.com> - 5.15.70.1-1
 - Upgrade to 5.15.70.1
 

SPECS/LICENSES-AND-NOTICES/data/licenses.json

@@ -2023,6 +2023,7 @@
                 "libsafec",
                 "libuv",
                 "libxml++",
+                "livepatch-5.15.72.1-1.cm2",
                 "livepatching",
                 "lld",
                 "local-path-provisioner",

SPECS/hyperv-daemons/hyperv-daemons.signatures.json

@@ -7,6 +7,6 @@
     "hypervkvpd.service": "c1bb207cf9f388f8f3cf5b649abbf8cfe4c4fcf74538612946e68f350d1f265f",
     "hypervvss.rules": "94cead44245ef6553ab79c0bbac8419e3ff4b241f01bcec66e6f508098cbedd1",
     "hypervvssd.service": "22270d9f0f23af4ea7905f19c1d5d5495e40c1f782cbb87a99f8aec5a011078d",
-    "kernel-5.15.70.1.tar.gz": "6a4e09c466d6b13118de2d40a4e554f7e692679562c4843b525f12e4bec17296"
+    "kernel-5.15.72.1.tar.gz": "643070141733112e3aa37e781de0a85916098bae6c2572227eb3c828cb53c344"
   }
 }

SPECS/hyperv-daemons/hyperv-daemons.spec

@@ -8,7 +8,7 @@
 %global udev_prefix 70
 Summary:        Hyper-V daemons suite
 Name:           hyperv-daemons
-Version:        5.15.70.1
+Version:        5.15.72.1
 Release:        1%{?dist}
 License:        GPLv2+
 Vendor:         Microsoft Corporation
@@ -219,6 +219,9 @@ fi
 %{_sbindir}/lsvmbus
 
 %changelog
+* Fri Oct 07 2022 CBL-Mariner Servicing Account <cblmargh@microsoft.com> - 5.15.72.1-1
+- Upgrade to 5.15.72.1
+
 * Tue Sep 27 2022 CBL-Mariner Servicing Account <cblmargh@microsoft.com> - 5.15.70.1-1
 - Upgrade to 5.15.70.1
 

SPECS/kernel-hci/config

@@ -1,6 +1,6 @@
 #
 # Automatically generated file; DO NOT EDIT.
-# Linux/x86_64 5.15.70.1 Kernel Configuration
+# Linux/x86_64 5.15.72.1 Kernel Configuration
 #
 CONFIG_CC_VERSION_TEXT="gcc (GCC) 11.2.0"
 CONFIG_CC_IS_GCC=y

SPECS/kernel-hci/kernel-hci.signatures.json

@@ -1,7 +1,7 @@
 {
   "Signatures": {
     "cbl-mariner-ca-20211013.pem": "5ef124b0924cb1047c111a0ecff1ae11e6ad7cac8d1d9b40f98f99334121f0b0",
-    "config": "7946cde6d9a69dc4d17212ed8a178d77f3e67929693889105d07aebb684b501b",
+    "config": "168d90b84ca69e0de7bdaf87c5ae879702c3ddc574ea3fc114cc140fa8b7a50b",
-    "kernel-5.15.70.1.tar.gz": "6a4e09c466d6b13118de2d40a4e554f7e692679562c4843b525f12e4bec17296"
+    "kernel-5.15.72.1.tar.gz": "643070141733112e3aa37e781de0a85916098bae6c2572227eb3c828cb53c344"
   }
 }

SPECS/kernel-hci/kernel-hci.spec

@@ -8,7 +8,7 @@
 
 Summary:        Linux Kernel for HCI
 Name:           kernel-hci
-Version:        5.15.70.1
+Version:        5.15.72.1
 Release:        1%{?dist}
 License:        GPLv2
 Vendor:         Microsoft Corporation
@@ -393,6 +393,9 @@ ln -sf linux-%{uname_r}.cfg /boot/mariner.cfg
 %{_sysconfdir}/bash_completion.d/bpftool
 
 %changelog
+* Fri Oct 07 2022 CBL-Mariner Servicing Account <cblmargh@microsoft.com> - 5.15.72.1-1
+- Upgrade to 5.15.72.1
+
 * Wed Oct 5 2022 Vince Perri <viperri@microsoft.com> - 5.15.70.1-1
 - Synchronize with mainline kernel:
 -   Upgrade to 5.15.70.1

SPECS/kernel-headers/kernel-headers.signatures.json

@@ -1,5 +1,5 @@
 {
   "Signatures": {
-    "kernel-5.15.70.1.tar.gz": "6a4e09c466d6b13118de2d40a4e554f7e692679562c4843b525f12e4bec17296"
+    "kernel-5.15.72.1.tar.gz": "643070141733112e3aa37e781de0a85916098bae6c2572227eb3c828cb53c344"
   }
 }

SPECS/kernel-headers/kernel-headers.spec

@@ -1,6 +1,6 @@
 Summary:        Linux API header files
 Name:           kernel-headers
-Version:        5.15.70.1
+Version:        5.15.72.1
 Release:        1%{?dist}
 License:        GPLv2
 Vendor:         Microsoft Corporation
@@ -36,6 +36,9 @@ cp -rv usr/include/* /%{buildroot}%{_includedir}
 %{_includedir}/*
 
 %changelog
+* Fri Oct 07 2022 CBL-Mariner Servicing Account <cblmargh@microsoft.com> - 5.15.72.1-1
+- Upgrade to 5.15.72.1
+
 * Tue Sep 27 2022 CBL-Mariner Servicing Account <cblmargh@microsoft.com> - 5.15.70.1-1
 - Upgrade to 5.15.70.1
 

SPECS/kernel/config

@@ -1,6 +1,6 @@
 #
 # Automatically generated file; DO NOT EDIT.
-# Linux/x86_64 5.15.70.1 Kernel Configuration
+# Linux/x86_64 5.15.72.1 Kernel Configuration
 #
 CONFIG_CC_VERSION_TEXT="gcc (GCC) 11.2.0"
 CONFIG_CC_IS_GCC=y

SPECS/kernel/config_aarch64

@@ -1,6 +1,6 @@
 #
 # Automatically generated file; DO NOT EDIT.
-# Linux/arm64 5.15.70.1 Kernel Configuration
+# Linux/arm64 5.15.72.1 Kernel Configuration
 #
 CONFIG_CC_VERSION_TEXT="gcc (GCC) 11.2.0"
 CONFIG_CC_IS_GCC=y

SPECS/kernel/kernel.signatures.json

@@ -1,9 +1,9 @@
 {
   "Signatures": {
     "cbl-mariner-ca-20211013.pem": "5ef124b0924cb1047c111a0ecff1ae11e6ad7cac8d1d9b40f98f99334121f0b0",
-    "config": "361db481a2d9f957beafa18e8d7eb9c781c7f3c47f1cf88eee77650deac32bb7",
+    "config": "77cf29713edf4624ef6be49b2a21ee9b29eb1969a95ff348fd4916b46fc25c04",
-    "config_aarch64": "cc3eb0aafa47268e801480faf126ce9977e01249e4137ad0f874980136573237",
+    "config_aarch64": "ad7ae07b61b12da3386ffc4b687c5a2b8a7e1998d3e12be26588f6a32d710407",
     "sha512hmac-openssl.sh": "02ab91329c4be09ee66d759e4d23ac875037c3b56e5a598e32fd1206da06a27f",
-    "kernel-5.15.70.1.tar.gz": "6a4e09c466d6b13118de2d40a4e554f7e692679562c4843b525f12e4bec17296"
+    "kernel-5.15.72.1.tar.gz": "643070141733112e3aa37e781de0a85916098bae6c2572227eb3c828cb53c344"
   }
 }

SPECS/kernel/kernel.spec

@@ -17,7 +17,7 @@
 
 Summary:        Linux Kernel
 Name:           kernel
-Version:        5.15.70.1
+Version:        5.15.72.1
 Release:        1%{?dist}
 License:        GPLv2
 Vendor:         Microsoft Corporation
@@ -391,6 +391,9 @@ ln -sf linux-%{uname_r}.cfg /boot/mariner.cfg
 %{_sysconfdir}/bash_completion.d/bpftool
 
 %changelog
+* Fri Oct 07 2022 CBL-Mariner Servicing Account <cblmargh@microsoft.com> - 5.15.72.1-1
+- Upgrade to 5.15.72.1
+
 * Tue Sep 27 2022 CBL-Mariner Servicing Account <cblmargh@microsoft.com> - 5.15.70.1-1
 - Upgrade to 5.15.70.1
 

SPECS/livepatch-5.15.72.1-1.cm2/livepatch-5.15.72.1-1.cm2.signatures.json

@@ -0,0 +1,7 @@
+{
+  "Signatures": {
+    "config-5.15.72.1-1.cm2": "77cf29713edf4624ef6be49b2a21ee9b29eb1969a95ff348fd4916b46fc25c04",
+    "kernel-5.15.72.1.tar.gz": "643070141733112e3aa37e781de0a85916098bae6c2572227eb3c828cb53c344",
+    "mariner-5.15.72.1-1.cm2.pem": "5ef124b0924cb1047c111a0ecff1ae11e6ad7cac8d1d9b40f98f99334121f0b0"
+  }
+}

SPECS/livepatch-5.15.72.1-1.cm2/livepatch-5.15.72.1-1.cm2.spec

@@ -0,0 +1,189 @@
+%define kernel_version_release 5.15.72.1-1.cm2
+%define kernel_version %(echo %{kernel_version_release} | grep -oP "^[^-]+")
+%define kernel_release %(echo %{kernel_version_release} | grep -oP "(?<=-).+")
+
+%define builds_module %([[ -n "$(echo "%{patches}" | grep -oP "CVE-\\d+-\\d+(?=\\.patch)")" ]] && echo 1 || echo 0)
+
+# Kpatch module names allow only alphanumeric characters and '_'.
+%define livepatch_name %(value="%{name}-%{version}-%{release}"; echo "${value//[^a-zA-Z0-9_]/_}")
+%define livepatch_install_dir %{_libdir}/livepatching/%{kernel_version_release}
+%define livepatch_module_name %{livepatch_name}.ko
+%define livepatch_module_path %{livepatch_install_dir}/%{livepatch_module_name}
+
+%define patch_applicable_for_kernel [[ -f "%{livepatch_module_path}" && "$(uname -r)" == "%{kernel_version_release}" ]]
+%define patch_installed kpatch list | grep -qP "%{livepatch_name}.*%{kernel_version_release}"
+%define patch_loaded    kpatch list | grep -qP "%{livepatch_name}.*enabled"
+
+# Install patch if the RUNNING kernel matches.
+# No-op for initial (empty) livepatch.
+%define install_if_should \
+if %{patch_applicable_for_kernel} && ! %{patch_installed} \
+then \
+    kpatch install %{livepatch_module_path} \
+fi
+
+# Load patch, if the RUNNING kernel matches.
+# No-op for initial (empty) livepatch.
+%define load_if_should \
+if %{patch_applicable_for_kernel} && ! %{patch_loaded} \
+then \
+    kpatch load %{livepatch_module_path} \
+fi
+
+%define uninstall_if_should \
+if %{patch_installed} \
+then \
+    kpatch uninstall %{livepatch_name} \
+fi
+
+%define unload_if_should \
+if %{patch_loaded} \
+then \
+    kpatch unload %{livepatch_name} \
+fi
+
+%define patches_description \
+%(
+    echo "Patches list ('*' - fixed, '!' - unfixable through livepatching, kernel update required):"
+    for patch in %{patches}
+    do
+        patch_file=$(basename "$patch")
+
+        cve_number="${patch_file%.*}"
+        patch_suffix="${patch_file#*.}"
+
+        if [ "$patch_suffix" = "patch" ]
+        then
+            echo "*$cve_number"
+        else
+            echo "\!$cve_number: $(cat "$patch")"
+        fi
+    done
+)
+
+Summary:        Set of livepatches for kernel %{kernel_version_release}
+Name:           livepatch-%{kernel_version_release}
+Version:        1.0.0
+Release:        1%{?dist}
+License:        MIT
+Vendor:         Microsoft Corporation
+Distribution:   Mariner
+Group:          System Environment/Base
+URL:            https://github.com/microsoft/CBL-Mariner
+Source0:        https://github.com/microsoft/CBL-Mariner-Linux-Kernel/archive/rolling-lts/mariner-2/%{kernel_version}.tar.gz#/kernel-%{kernel_version}.tar.gz
+Source1:        config-%{kernel_version_release}
+Source2:        mariner-%{kernel_version_release}.pem
+
+ExclusiveArch:  x86_64
+
+Provides:       livepatch = %{kernel_version_release}
+
+# Must be kept below the "Patch" tags to correctly evaluate %%builds_module.
+%if %{builds_module}
+BuildRequires:  audit-devel
+BuildRequires:  bash
+BuildRequires:  bc
+BuildRequires:  binutils
+BuildRequires:  bison
+BuildRequires:  diffutils
+BuildRequires:  dwarves
+BuildRequires:  elfutils-libelf-devel
+BuildRequires:  flex
+BuildRequires:  gcc
+BuildRequires:  glib-devel
+BuildRequires:  glibc-devel
+BuildRequires:  kbd
+BuildRequires:  kernel-debuginfo = %{kernel_version_release}
+BuildRequires:  kernel-headers = %{kernel_version_release}
+BuildRequires:  kmod-devel
+BuildRequires:  kpatch-build
+BuildRequires:  libdnet-devel
+BuildRequires:  libmspack-devel
+BuildRequires:  make
+BuildRequires:  openssl
+BuildRequires:  openssl-devel
+BuildRequires:  pam-devel
+BuildRequires:  procps-ng-devel
+BuildRequires:  python3-devel
+BuildRequires:  rpm-build
+
+Requires:       coreutils
+Requires:       livepatching-filesystem
+
+Requires(post): coreutils
+Requires(post): kpatch
+
+Requires(preun): kpatch
+
+%description
+A set of kernel livepatches addressing CVEs present in Mariner's
+%{kernel_version_release} kernel.
+%{patches_description}
+
+%prep
+%setup -q -n CBL-Mariner-Linux-Kernel-rolling-lts-mariner-2-%{kernel_version}
+
+cp %{SOURCE1} .config
+cp %{SOURCE2} certs/mariner.pem
+
+sed -i 's#CONFIG_SYSTEM_TRUSTED_KEYS=""#CONFIG_SYSTEM_TRUSTED_KEYS="certs/mariner.pem"#' .config
+sed -i 's/CONFIG_LOCALVERSION=""/CONFIG_LOCALVERSION="-%{kernel_release}"/' .config
+
+%build
+# Building cumulative patch.
+all_patches_file=all.patch
+for patch in %{patches}
+do
+    [[ "$patch" == *.patch ]] && cat "$patch" >> $all_patches_file
+done
+
+kpatch-build -ddd \
+    --sourcedir . \
+    --vmlinux %{_libdir}/debug/lib/modules/%{kernel_version_release}/vmlinux \
+    --name %{livepatch_name} \
+    $all_patches_file
+
+%install
+install -dm 755 %{buildroot}%{livepatch_install_dir}
+install -m 744 %{livepatch_module_name} %{buildroot}%{livepatch_module_path}
+
+%post
+%load_if_should
+%install_if_should
+
+%preun
+%uninstall_if_should
+%unload_if_should
+
+# Re-enable patch on rollbacks to supported kernel.
+%triggerin -- kernel = %{kernel_version_release}
+%load_if_should
+%install_if_should
+
+# Prevent the patch from being loaded after a reboot to a different kernel.
+# Previous kernel is still running, do NOT unload the livepatch.
+%triggerin -- kernel > %{kernel_version_release}, kernel < %{kernel_version_release}
+%uninstall_if_should
+
+%files
+%defattr(-,root,root)
+%dir %{livepatch_install_dir}
+%{livepatch_module_path}
+
+# else builds_module
+%else
+%global debug_package %{nil}
+
+%description
+Empty package enabling subscription to future kernel livepatches
+addressing CVEs present in Mariner's %{kernel_version_release} kernel.
+
+%files
+
+# endif builds_module
+%endif
+
+%changelog
+* Fri Oct 07 2022 CBL-Mariner Servicing Account <cblmargh@microsoft.com> - 1.0.0-1
+- Original version for CBL-Mariner.
+- License verified.

SPECS/livepatch-5.15.72.1-1.cm2/mariner-5.15.72.1-1.cm2.pem

@@ -0,0 +1,29 @@
+-----BEGIN CERTIFICATE-----
+MIIFBjCCA+6gAwIBAgITMwAABO5/lN6NQyelHwABAAAE7jANBgkqhkiG9w0BAQsF
+ADB5MQswCQYDVQQGEwJVUzETMBEGA1UECBMKV2FzaGluZ3RvbjEQMA4GA1UEBxMH
+UmVkbW9uZDEeMBwGA1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMSMwIQYDVQQD
+ExpNaWNyb3NvZnQgVGVzdGluZyBQQ0EgMjAxMDAeFw0yMTEwMTQxNzI4MDVaFw0y
+MjEwMTMxNzI4MDVaMIGGMQswCQYDVQQGEwJVUzETMBEGA1UECBMKV2FzaGluZ3Rv
+bjEQMA4GA1UEBxMHUmVkbW9uZDEeMBwGA1UEChMVTWljcm9zb2Z0IENvcnBvcmF0
+aW9uMTAwLgYDVQQDEydNYXJpbmVyIFNlY3VyZSBCb290KFByb2R1Y3Rpb24gU2ln
+bmluZykwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDF45hTHPQAA7yc
+6g3iVuqcQKF51ylCynjUySYqqQha2sQzE7tbJ2egVkW4cfY1UbJsm65i2/VGI1OL
+Zia4sRwXRN7toRK5aElYfpsghMgGEaCSPs6915BVqO4WX0jxXswqRZ2CPH+evNCC
+hQnOqtjvFCqp7aeQ44b/DpZmaMicL/DwbI4925HWGSYa+/Mp1Fs3yGhP5X75+c9v
+w4gJ5KoxcOFRmQEt0c7lOclOi5Np5jys7lrrdmPPbjoALERBatiXj8w72LUZu4+I
+970/6jqNEkHeGxqVSPRRNIEZubjvRIfg8uULr8k/Kj8TbznCWoGuaT/9yoVbHhqU
+KQMJxxFrAgMBAAGjggF3MIIBczATBgNVHSUEDDAKBggrBgEFBQcDAzAdBgNVHQ4E
+FgQUtC1rnigJt7kJfP+emwGUuG6Av5UwRQYDVR0RBD4wPKQ6MDgxHjAcBgNVBAsT
+FU1pY3Jvc29mdCBDb3Jwb3JhdGlvbjEWMBQGA1UEBRMNNDYwODk3KzQ2ODU5NzAf
+BgNVHSMEGDAWgBS/ZaKrb3WjTkWWVwXPOYf0wBUcHDBcBgNVHR8EVTBTMFGgT6BN
+hktodHRwOi8vd3d3Lm1pY3Jvc29mdC5jb20vcGtpb3BzL2NybC9NaWNyb3NvZnQl
+MjBUZXN0aW5nJTIwUENBJTIwMjAxMCgxKS5jcmwwaQYIKwYBBQUHAQEEXTBbMFkG
+CCsGAQUFBzAChk1odHRwOi8vd3d3Lm1pY3Jvc29mdC5jb20vcGtpb3BzL2NlcnRz
+L01pY3Jvc29mdCUyMFRlc3RpbmclMjBQQ0ElMjAyMDEwKDEpLmNydDAMBgNVHRMB
+Af8EAjAAMA0GCSqGSIb3DQEBCwUAA4IBAQCybuv6kmhT2y97FOLRljLCLvQlBL/E
+dxKPDYNFhHCKIUd550yUoUW8XIxSYa+Dmx/1+NYS4Nxql7ecuR4g9+4i0DOmNjYO
+NY8epPspIpjUd9OAiKNKJSs2303i2TQojXQcZVeTO89bK3pX+spoACGuEVEuWSdL
+q+oPDYZwNTKyobj9wHYO6WXJfcdLPlYZghDjR/WNO5bzvzpi2nn/c4OYvMihLNq0
+5uNO0IB/zquyAaCKbi15v/PqYos1BsT+Yft4zf8ry17yFVBIqJMa2An6Gex7SNWj
+jj1S7uBga3oZcTHvR8xv3fmbwfQMIrZRmZrq8xkySxQV7xea0sE7X/pJ
+-----END CERTIFICATE-----

cgmanifest.json

@@ -5850,8 +5850,8 @@
         "type": "other",
         "other": {
           "name": "hyperv-daemons",
-          "version": "5.15.70.1",
+          "version": "5.15.72.1",
-          "downloadUrl": "https://github.com/microsoft/CBL-Mariner-Linux-Kernel/archive/rolling-lts/mariner-2/5.15.70.1.tar.gz"
+          "downloadUrl": "https://github.com/microsoft/CBL-Mariner-Linux-Kernel/archive/rolling-lts/mariner-2/5.15.72.1.tar.gz"
         }
       }
     },
@@ -7361,8 +7361,8 @@
         "type": "other",
         "other": {
           "name": "kernel",
-          "version": "5.15.70.1",
+          "version": "5.15.72.1",
-          "downloadUrl": "https://github.com/microsoft/CBL-Mariner-Linux-Kernel/archive/rolling-lts/mariner-2/5.15.70.1.tar.gz"
+          "downloadUrl": "https://github.com/microsoft/CBL-Mariner-Linux-Kernel/archive/rolling-lts/mariner-2/5.15.72.1.tar.gz"
         }
       }
     },
@@ -7371,8 +7371,8 @@
         "type": "other",
         "other": {
           "name": "kernel-hci",
-          "version": "5.15.70.1",
+          "version": "5.15.72.1",
-          "downloadUrl": "https://github.com/microsoft/CBL-Mariner-Linux-Kernel/archive/rolling-lts/mariner-2/5.15.70.1.tar.gz"
+          "downloadUrl": "https://github.com/microsoft/CBL-Mariner-Linux-Kernel/archive/rolling-lts/mariner-2/5.15.72.1.tar.gz"
         }
       }
     },
@@ -7381,8 +7381,8 @@
         "type": "other",
         "other": {
           "name": "kernel-headers",
-          "version": "5.15.70.1",
+          "version": "5.15.72.1",
-          "downloadUrl": "https://github.com/microsoft/CBL-Mariner-Linux-Kernel/archive/rolling-lts/mariner-2/5.15.70.1.tar.gz"
+          "downloadUrl": "https://github.com/microsoft/CBL-Mariner-Linux-Kernel/archive/rolling-lts/mariner-2/5.15.72.1.tar.gz"
         }
       }
     },
@@ -10886,6 +10886,16 @@
         }
       }
     },
+    {
+      "component": {
+        "type": "other",
+        "other": {
+          "name": "livepatch-5.15.72.1-1.cm2",
+          "version": "1.0.0",
+          "downloadUrl": "https://github.com/microsoft/CBL-Mariner-Linux-Kernel/archive/rolling-lts/mariner-2/5.15.72.1.tar.gz"
+        }
+      }
+    },
     {
       "component": {
         "type": "other",
@@ -10916,16 +10926,6 @@
         }
       }
     },
-    {
-      "component": {
-        "type": "other",
-        "other": {
-          "name": "local-path-provisioner",
-          "version": "0.0.21",
-          "downloadUrl": "https://github.com/rancher/local-path-provisioner/archive/refs/tags/v0.0.21.tar.gz"
-        }
-      }
-    },
     {
       "component": {
         "type": "other",
@@ -10976,6 +10976,16 @@
         }
       }
     },
+    {
+      "component": {
+        "type": "other",
+        "other": {
+          "name": "local-path-provisioner",
+          "version": "0.0.21",
+          "downloadUrl": "https://github.com/rancher/local-path-provisioner/archive/refs/tags/v0.0.21.tar.gz"
+        }
+      }
+    },
     {
       "component": {
         "type": "other",

toolkit/resources/manifests/package/pkggen_core_aarch64.txt

@@ -1,5 +1,5 @@
 filesystem-1.1-11.cm2.aarch64.rpm
-kernel-headers-5.15.70.1-1.cm2.noarch.rpm
+kernel-headers-5.15.72.1-1.cm2.noarch.rpm
 glibc-2.35-2.cm2.aarch64.rpm
 glibc-devel-2.35-2.cm2.aarch64.rpm
 glibc-i18n-2.35-2.cm2.aarch64.rpm

toolkit/resources/manifests/package/pkggen_core_x86_64.txt

@@ -1,5 +1,5 @@
 filesystem-1.1-11.cm2.x86_64.rpm
-kernel-headers-5.15.70.1-1.cm2.noarch.rpm
+kernel-headers-5.15.72.1-1.cm2.noarch.rpm
 glibc-2.35-2.cm2.x86_64.rpm
 glibc-devel-2.35-2.cm2.x86_64.rpm
 glibc-i18n-2.35-2.cm2.x86_64.rpm

toolkit/resources/manifests/package/toolchain_aarch64.txt

@@ -132,7 +132,7 @@ intltool-0.51.0-7.cm2.noarch.rpm
 itstool-2.0.6-4.cm2.noarch.rpm
 kbd-2.2.0-1.cm2.aarch64.rpm
 kbd-debuginfo-2.2.0-1.cm2.aarch64.rpm
-kernel-headers-5.15.70.1-1.cm2.noarch.rpm
+kernel-headers-5.15.72.1-1.cm2.noarch.rpm
 kmod-29-1.cm2.aarch64.rpm
 kmod-debuginfo-29-1.cm2.aarch64.rpm
 kmod-devel-29-1.cm2.aarch64.rpm

toolkit/resources/manifests/package/toolchain_x86_64.txt

@@ -132,7 +132,7 @@ intltool-0.51.0-7.cm2.noarch.rpm
 itstool-2.0.6-4.cm2.noarch.rpm
 kbd-2.2.0-1.cm2.x86_64.rpm
 kbd-debuginfo-2.2.0-1.cm2.x86_64.rpm
-kernel-headers-5.15.70.1-1.cm2.noarch.rpm
+kernel-headers-5.15.72.1-1.cm2.noarch.rpm
 kmod-29-1.cm2.x86_64.rpm
 kmod-debuginfo-29-1.cm2.x86_64.rpm
 kmod-devel-29-1.cm2.x86_64.rpm