Releases: microsoft/azurelinux
2.0.20231130
Mariner
Add CUSE module for rshim interface support
Add ExtractNameFromRPMPath() to rpm.go
Add additional functions to pkggraph.go
Add cloud native repo to mariner-repos
Add containerized-build downloader to list of tools to build
Add kernel-mos to ccache config
Add linuxptp v3.1.1 with High-Availability patches
Add package python3-junit-xml.
Add package double-conversion to SPECS
Enable CONFIG_ARM_SMMU and CONFIG_ARM_SMMU_V3 in aarch64.
Enable CONFIG_BPF_LSM
Enable SELinux features to busybox
Fix tmux crashing bug
Fix signature checking for local sources to break the build on a mismatch.
Make cascanding rebuilds configurable
Move package glog from Extended to Core
Pass toolchain archive to make in pipeline template
Patch frr to fix CVE-2023-47234 and CVE-2023-47235
Patch opensc CVE-2023-4535
Patch python-werkzeug for CVE-2023-46136
Patch qemu to fix CVE-2023-3354
Patch syslog-ng for CVE-2022-38725
Print blocked node summary
Print chroot-tools progress
Print logs on build/test failure
Print more details on image fetch failures
Update change logs to sync up with the ones in PMC
Update kernel, kernel-hci, kernel-azure BuildRequires to include cpio
Update kernel-mshv, kernel-uvm, kernel-uvm-cvm BuildRequires to inclu…
Upgrade Blobfuse2 to 2.1.2
Upgrade kernel upgrade to version 5.15.138.1 to fix CVE-2023-39198, CVE-2023-5178
Upgrade msft-golang to 1.20.11.
Upgrade mysql to 8.0.35 to fix CVE-2023-22032, CVE-2023-22059, CVE-2023-22064, CVE-2023-22066, CVE-2023-22068, CVE-2023-22070 CVE-2023-22078, CVE-2023-22079, CVE-2023-22084, CVE-2023-22092, CVE-2023-22097, CVE-2023-22103, CVE-2023-22112, CVE-2023-22114
Upgrade valgrind to 3.22.0
Upgrade vim to 9.0.2112 to fix CVE-2023-46246, CVE-2023-48231, CVE-2023-48234, CVE-2023-48236, CVE-2023-48237, CVE-2023-48232, CVE-2023-48233, CVE-2023-48235, CVE-2023-48706,
kubernetes: fix version subcommand for components
Image Customizer:
Add Initial MIC release file
Implement fallback partition customization.
2.0.20231115
Add debug to PR check pipeline to debug intermittent issue
Add kernel-mos with AMDGPU drivers
Add retry workaround when Package Installation fail.
Add tdnf remove cache script and run it for marketplace images
Added CredScan exception for doc and test sample secrets.
Cherry Pick bug and feature template updates to main
Clarify login instructions
Clarify that passwords are not permitted for production use in meta user data configuration file
Cosmetic change with chrony removed references to NetworkManager
Fix safechoot unmount ordering.
Image Customizer: Move partition utils into their own file.
Merge branch 'main' into 2.0
Merge branch 'main' into 2.0
Nopatch kernel CVE-2023-2430, CVE-2023-3338, CVE-2023-39191, CVE-2023-42752 ...
Prepare November 2023 Release
Sparse disk creation bug fix.
Support N+1 goal nodes for scheduler
Switch ccache to using compiler content instead of its modified time.
Toolkit: Add retry to safemount.Close().
Toolkit: Improvements for UpdateFstab and CreateSparseDisk
Toolkit: Move ConfigureDiskBootloader function.
Update multus to v4.0.2
Upgrade blobfuse2 2.1.0 -> 2.1.1
Upgrade kata-containers-cc to 0.6.2
Upgrade kernel-mshv, kernel-uvm, kernel-uvm-cvm
Upgrade moby-containerd-cc to 1.7.2
Use embedded binary resources for grub templates.
Using separate buffer per analyzed spec in rpmssnapshot.go.
Patch frr for CVE-2023-46752 and CVE-2023-46753 - branch main
Patched CVE-2023-46316 for traceroute - branch main.
Patched telegraf CVE-2023-46129. - branch main
Switched to building with fewer CPUs per package. - branch main
Upgrade kured to 1.13.2 for CVEs on vendor code - branch main
Upgrade memcached to v1.6.22: Fixes CVEs 2023-46852 and 2023-46853 - branch main
Upgraded PyYAML to 5.4 to fix CVEs: 2020-1747, CVE-2020-14343. - branch main
Upgrade kernel to version 5.15.137.1 to address CVE-2023-1192 CVE-2023-46813 CVE-2023-5717
containerized-build: Add option to keep container
fix wrong rights for toolkit/imageconfigs/additionalconfigs/configure…
fix wrong rights for toolkit/imageconfigs/postinstallscripts/remove-tdnf-cache.sh
toolkit: fix user instructions on toolchain build error
toolkit: gomod: bump dependencies to address CVEs
toolkit: gomod: upgrade gonum 0.11.0 -> 0.14.0
Upgrade mysql to 8.0.34
Kata-CC: Fixed occasional, sudden node crashes on CC pod start-up (fix in kernel-mshv based on new LSG release)
Kata-CC: Support for container images from private container image registries
Kata-CC: Support for v1 container images for the tardev-snapshotter (still unsupported by the policy feature)
Kata-CC: Support for container image layer sharing between different pod runtime handlers (runc, kernel-isolation, confidential containers)
Kata-CC: Support for updating ConfigMaps/Secrets at pod run time
2.0.20231106
Add /opt/containerd/{bin,lib} to RPMs and cherry-pick fix for systemd-hostnamed default-hostname in SELinux.
Add Perl-Net-IP package to extended specs
Add abort immediately on 404 errors for go-downloader in toolkit.
Add explicit timeout to package builds
Add extra_packages option for containerized-rpmbuild
Add kata-containers-cc patch to retain uvm dependencies
Add kubernetes back to CBL-Mariner
Add rust-cbindgen v0.24.3
Add short test flag to full go test coverage
Add single transaction for image package cloner
Add sodiff to Fasttrack builds and PR checks
Add support for downloading/uploading ccache archives
Add the repoquerywrapper tool.
Add timestamp arguments to build_mariner_toolchain.sh
Add wget replacement go-downloader
Build image if missing for containerized-rpmbuild:
Bump grpc release to rebuild with updated version of Go.
Bump kubernetes release to rebuild against glibc 2.35-6
Bump release to rebuild with updated version of Go.
Disable TestReferenceDOTFile() in toolkit until fix is found
Enable CONFIG_BINFMT_MISC in ARM64
Enable encfs sidecar container to UVM
Enable lzo, snappy, zstd support in crash
Enable zstd support in journald
Fix CCache failure to not fail the build + Allow in-place updates of remote artifacts
Fix cronie crond file
Fix freeradius installation issues
Fix handle --no-clobber correctly without explicit dst in toolkit.
Fix kernel CVE detection issue due to bad date order in changelog
Fix marketplace images to remove unnecessary and inappropriate (on ARM) line to create serial getty
Fix systemd to add missing Requires on zstd-libs
Fix toolkit imagecustomizer to correctly return rootfs partition instead of Boot Partition
Fix toolkit missing package rebuilds.
Fix with_check handling in toolchain
Force chronyd to correctly wait for /dev/ptp_hyperv device on images where it's configured to require /dev/ptp_hyperv
Image Customizer: Add Config struct.
Image Customizer: Add documentation.
Image Customizer: Add support to load and unload modules
Image Customizer: Add to Makefile.
Image Customizer: Add tool version.
Image Customizer: Add/remove packages
Image Customizer: Add/update users.
Image Customizer: Enable/disable services.
Image Customizer: Ensure loopback cleanly detaches.
Image Customizer: Fix TestCustomizeImageCopyFiles.
Image Customizer: Fix XFS disk handling.
Image Customizer: Fix disk corruption
Image Customizer: Handle separate boot partition.
Image Customizer: Improve safemount.
Image Customizer: Support legacy boot images.
Image Customizer: Use absolute path for base config path.
Increase image size for baremetal and qemu guest to 4GB
Libcgroup create drop file folder
Made image build always have full toolchain visibility.
Made pipeline artifact subfolder names customizable.
Make /media a directory
Make rpms-snapshot run faster
Modify running order of yum_add_repo so that it runs before package-update-upgrade-install in cloud-init.
Move cherry-pick automation to ADO
Only query precacher repos if one is passed in
Patch CVE-2023-38545, CVE-2023-38546 for cmake and curl.
Patch Glibc for CVE-2023-4806 and CVE-2023-5156
Patch boost for CVE-2023-45853 in vendored zlib code
Patch cloud-hypervisor for CVE-2023-45853 in vendored zlib code.
Patch cmake to address ve-2023-44487 in vendored nghttp2.
Patch edk2 CVE-2023-3817
Patch golang for CVE-2023-44487
Patch grub2 to fix CVE-2021-3695, CVE-2021-3696, CVE-2021-3697, CVE-2022-28733, CVE-2022-28734, CVE-2022-28735, CVE-2022-28736
Patch hdf5 to address CVE-2021-37501
Patch irqbalance to fix incorrect balancing behavior
Patch libnbd to address CVE-2023-5215
Patch libxml2 for CVE-2023-45322
Patch nginx for CVE-2023-44487
Patch python for CVE-2023-24329 (CP of #6412)
Patch python-gevent to address CVE-2023-41419
Patch rust for CVE-2023-45853 in vendored zlib code.
Patch snappy to fix build with RTTI enabled
Patch tcl for CVE-2023-45853 in vendored zlib code
Patch urllib3 for CVE-2023-43804
Patch vim for CVE-2023-5344
Patch vim for CVE-2023-5441 (CP of #6411)
Patch zchunk for CVE-2023-46228
Patch zlib for CVE-2023-45853
Remove additional error logic from sodiff-check command
Remove error from sodiff to unblock main builds
Removed exit from specs' %check sections.
Replace the sample username and password with user replaceable values
Revert Add scheduler stuck debug code
Running 'PipAuthenticate@1' in each template separately.
Switch ccache to use azure managed identity.
Unify behavior of USE_PREVIEW_REPO on url and repo lists
Update 2.0 workflow to use golang 1.20
Update go-test-coverage.yml with explicit go version
Update rust.spec to use ./x.py instead of x.py
Update selinux-policy to Silence io.containerd.internal.v1.opt denial noise
Updated Ubuntu requirements doc with better Golang instructions.
Upgrade PyYAML to 5.2
Upgrade cloud-init to 23.3
Upgrade cni-plugins to v1.3.0 and set version while building
Upgrade fluent-bit to 2.1.10 upgrade to latest
Upgrade gawk to v5.1.1 to fix CVE 2023-4156
Upgrade golang to 1.20.10 to fix CVE-2023-29409, CVE-2023-39318, CVE-2023-39319, CVE-2023-39323, CVE-2023-39533
Upgrade httpd to 2.4.58 to address CVE-2023-45802, CVE-2023-43622 & CVE-2023-31122
Upgrade kernel-hci to fix CVE-2023-1859 CVE-2023-2002 CVE-2022-48425 CVE-2023-3111 CVE-2023-22995 CVE-2023-3141
Upgrade kubernetes to 1.28.3 to address CVE-2023-44487 and CVE-2023-39325
Upgrade libX11 to v1.8.7 to fix CVEs 2023-43785, 2023-43786 and 2023-43787
Upgrade libXpm to v3.5.13 to fix CVE 2023-43789 and CVE-2023-43788
Upgrade libdrm to 2.4.115
Upgrade libtiff to v4.6.0 to fix CVE 2023-40745 and 2023-41175
Upgrade libvpx to 1.13.1 to fix CVE-2023-5217
Upgrade nghttp2 to version 1.57.0 to include patches for cve-2023-44487
Upgrade nodejs18 to 18.18.2 for CVE-2023-44487
Upgrade python-urllib3 to 1.26.18 fix CVE-2023-45803
Upgrade redis to 6.2.14 Fixes CVE-2023-45145
Upgrade skopeo to v1.13.3 to fix CVE-2023-33199 in rekor
Upgrade sudo to version 1.9.14p3
Upgrade tensorflow to 2.11.1 to address CVEs (CP of #6418)
Upgrade to version 5.15.135.1 to fix CVE-2023-4623, CVE-2023-44466 CVE-2020-27815 CVE-2014-9940
Upgrade vim to 9.0.2010 to fix CVE-2023-5535
Upgraded keyutils to version 1.6.3 to fix DNS a refreshing issue (CP of #6432)
Use * instead of ! to designate user's password login is disabled for PAM/sshd.
Use test short mode flag.
2.0.20231004-2.0-toolkitfix
This is a toolkit-only fix for occasional go test failures seen on 2.0-stable/2.0.20231004-2.0
The following tests in the toolkit erroneously fail on some machines, and they have been skipped with this change.
TestReferenceDOTFile, TestCustomizeImageEmptyConfig, TestCustomizeImageCopyFiles
2.0.20231004-2.0
Add Hostname Support to Image Customizer
Add a fallback lazy mode to chroot unmount
Add gdal package to specs-extended
Add handy graph make targets
Add hping3 package v0.0.20051105
Add mkconfig-based template to iso installer manifest
Add scheduler stuck debug code
Add shell.ExecuteInDirectory()
Add su-l file for PAM in util-linux package
Added explicit BuildRequires on libxslt-devel to xmlsec1.spec.
Added gtk-doc dependencies to the chroot.
Allow scheduler to update cached implicit nodes
Centralize assets mount point definition.
Cloud init datasource bug
Disabled ACLs for toolchain builds.
Discover partitions using grub.cfg and fstab files for Image Customizer
Enable grub2-mkconfig generation of grub config
Fix clean-input-srpms
Fix go-deps circular dependency
Genericize partition functions
Implement PostInstallScripts and FinalizeImageScripts for Image Customizer
Made package test name configurable.
Make safeunmount.sh run in parallel
Mandeepsplaha/patch cves against gdb
Patch Bluez to address CVE-2022-3563
QEMU guest & BareMetal image definitions
Support repofiles in precacher tool
Update KeysInUse-OpenSSL package to 0.3.4
Update openmpi to rebuild with pmix for CVE-2023-41915
Update pmc link to 2.0 for nvidia in docs
Update read-only-root-efi.json to remove demo credentials
Update sriov to v3.5.1
Upgrade bind to 9.16.44 address CVE-2023-3341
Upgrade cri-tools to 1.28.0 to address CVE-2021-38561, CVE-2021-44716 CVE-2022-32149, CVE-2022-27664, CVE-2022-29526, CVE-2022-28948
Upgrade curl to 8.3.0 CVE-2023-38039
Upgrade freeradius to 3.2.3 to address 2 CVEs
Upgrade kernel to version 5.15.133.1
Upgrade libsprio to 20221101 to address CVE-2019-19847
Upgrade libvorbis to 1.3.7 to address CVE-2018-10392 CVE-2018-10393
Upgrade libwebp to 1.3.2 to address CVE-2023-4863
Upgrade rust to 1.72.0 to address CVE-2023-38497, CVE-2023-40030
Upstream kata cc package updates
2.0.20230924
Note that this release includes a fix for CVE-2023-4039. The CVE impacts the code generator of gcc for aarch64 components only. Several, but not all, aarch64 packages with native code were impacted. We have bumped the versions of impacted packages so they are rebuilt with the fixed compiler. If you are leveraging gcc in an aarch64 environment, it is recommended that you recompile your software with the gcc 11.2.0-6 or newer. While the CVE only impacts the aarch64 packages, the x86_64 counterparts were also released because Mariner does not release treat aarch64 and x86_64 independently.
Add Mariner Image Customizer boilerplate
Add SPDX license guidance to spec guidelines error message
Add SliceToSet() to sliceutils
Add help target to toolkit Makefile
Add freexl package to specs-extended
Add gpsbabel package to specs-extended
Add hdf package to specs-extended
Add libgeotiff package to specs-extended
Add libkml package to specs-extended
Add netcdf package to specs-extended
Add ptest results parsing to the PackageBuild template
Cleaned-up invalid edges from duplicate nodes.
Fix librelp tests by adding glibc-debuginfo
Fix systemd/systemd-bootstrap confusion by adding explicit requires
Fixing python-more-itertools tests
Get go tools unit tests to pass in VSCode
Made 'PipAuthenticate' artifact feeds optional for package builds.
Make CONFIG_FILE default assignment consistent
PAtch shadow-utils to address CVE-2023-29383
Patch CVE-2023-41910 in lldpd package
Patch booth to address CVE-2022-2553
Patch buildah to fix CVE-2022-2990
Patch cmake for CVE-2023-35495
Patch gcc for CVE-2023-4039
Patch libssh2 to address CVE-2020-22218
Patch libtommath to fix CVE-2023-36328
Patch mutt to address CVE-2023-4874
Patch nodejs to address CVE-2023-35945
Patch tcl to fix CVE-2023-36328
Re-enable tests for gnutls, jna, libsoup, strongswan
Remove default CONFIG_FILE=
Removed 'exit 1' from 'supermin'.
Removed toolchain package requirements to fix build break in libguestfs
Updated usage of pip in the package build template.
Upgrade Kernel to version 5.15.131.1 to address CVE-2023-0160, CVE-2023-4015, CVE-2023-4206, CVE-2023-4207, CVE-2023-4208, CVE-2023-4273, CVE-2023-4394 and CVE-2023-4569, CVE-2023-4622
Upgrade advancecomp to 2.5 CVE-2023-2961
Upgrade bind version to 9.16.37 to fix CVE-2022-3924, CVE-2022-3094, CVE-2022-3736
Upgrade blobfuse2 to 2.1.0
Upgrade dovecot to 2.3.20 to address CVEs
Upgrade exiv2 to version 0.28.0
Upgrade fapolicyd to 1.3.2 to address CVE-2022-1117
Upgrade fetchmail to 6.4.22 to address CVE-2021-39272 & CVE-2021-36386
Upgrade flac to 1.4.3 to address CVE-2020-22219
Upgrade frr to 8.5.3 to fix CVE-2023-41358 CVE-2023-41359 CVE-2023-41360
Upgrade imaptest 20210305 to 20210511
Upgrade libmicrohttpd to 0.9.76 to address CVE-2023-27371
Upgrade mod_auth_openidc to 2.4.14.2 to address CVE-2021-20718, CVE-2021-39191, CVE-2022-23527, CVE-2023-28625
Upgrade mutt to 2.2.12 to address CVEs
Upgrade nodejs to 18.17.1 to address CVEs 2023-32002, CVE-2023-32006 and CVE-2023-32559
Upgrade opencryptoki to 3.17.0 to address CVE-2021-3798
Upgrade opensc to 0.23.0 to fix CVE-2021-34193
Upgrade pmix to 4.1.3 to address CVE-2023-41915
Upgrade python-ldap to 3.4.0 to address CVE-2021-46823
Upgrade re2c to version 2.0 to fix CVE-2018-21232
Upgrade redis to 6.2.13 fix CVE-2022-24834
Upgrade screen to 4.9.1 to address CVE-2023-24626
Upgrade stunnel to 5.70 to address CVE-2021-20230
Upgrade taglib 1.11.1 to 1.13.1 to address CVE-2018-11439, CVE-2017-12678
Upgrade tang to 14 to address CVE-2023-1672
Upgrade usbguard to 1.1.0 CVE-2019-25058
Upgrade vim to resolve CVE-2023-4733, CVE-2023-4734, CVE-2023-4735, CVE-2023-4736, CVE-2023-4738, CVE-2023-4750, CVE-2023-4752 and CVE-2023-4781
Upgrade wavpack to 5.6.0 to address CVE-2021-44269 & CVE-2022-2476
Upgrade wireshark to 4.0.8 to address 27 CVEs
Upgrade xterm to 380 to address CVE-2022-45063 & CVE-2023-40359
Use the PIC'ed version of libiberty.a static object
2.0.20230904
Add Azure Marketplace Gen1 and Gen2 FIPS definition
Add better backoff, semaphore to packer
Add cfitsio package to SPECS-EXTENDED
Add libgta package to SPECS-EXTENDED
Add new EnableFIPS image configuration option
Add ogdi package to SPECS-EXTENDED
Add otel_ngx_module subpackage to nginx
Add package blosc to SPECS-EXTENDED
Add package liblerc to SPECS-EXTENDED
Add package qt5-qtserialport to SPECS-EXTENDED
Add package shapelib to SPECS-EXTENDED
Add package uriparser to SPECS-EXTENDED
Add simple pre-cache downloader
Add workflow to automatically cherry-pick commits to development branches
Adds package CharLS to SPECS-EXTENDED
Clear CVE-2023-3439 as mctp is not enabled in CBL-Mariner
Clear kernel CVE-2022-0850, CVE-2023-2007, CVE-2023-4385, CVE-2023-4387, CVE-2023-4389, CVE-2023-4459, CVE-2023-32247, CVE-2023-40283
Conditionally load kernel-mshv variables in grub if they are installed.
Disabled CCache for quick rebuilds.
Disabled missing ptest dependencies for 7 extended specs.
Don't pass toolchain Manifest to grapher and clean-workplan depend on clean-grapher-cache-worker
Enable cloud-init-output.log availability on the serial console
Enabled PR checks for the fast-track branches.
Fix httpd.conf log location incorrect
Fix parsing of releases containing '_'
Fix retry backoff sleep non-determinism
Fixed image build issues with packages lacking tests.
Fixed tarball generations for incremental toolchain builds.
Grapher resolves cyclic dependencies from remote repos
Limit cascading rebuilds in the scheduler
Limit running setfacl to package builds
Mitigate build failures in SPECS-EXTENDED during tests.
Patch CVE-2022-47022 in hwloc
Patch QEMU to fix CVE-2022-36648
Patch clamac to fix CVE-2022-48579
Patch etcd and bump fuzzing for CVE-2023-32082
Patch guava for CVE-2020-8908
Patch heimdal to fix CVE-2022-42898
Patch json-c to fix CVE-2021-32292
Patch libreswan to fix CVE-2023-38710, CVE-2023-38711, CVE-2023-38712
Patch mod_auth_mellon to address CVE-2021-3639
Patch rust for CVE-2023-3817
Rebuild qt5-qtsvg with qt5-qtbase fix for CVE-2023-37369
Remove dst file on failed network download
Skipping test node creation for duplicate nodes.
Strip epoch on packages that use it in pre-cache
Update toolkit dependencies to require acl
Update toolkit pre-cacher to use new timeout backoff
Update toolkit specreader tool to run in parallel with graphpkgfetcher tool.
Update toolkit to add vim & git tools in the containerized build env to improve dev experience
Update toolkit to generate image_pkg_manifest.json with image builds
Update toolkit to honor alternate $SPECS_DIR instead of hard-coding
Update wget to use TLSv1_2 and fix cgmanifest check
Upgrade gopkg.in/yaml.v3 to 3.0.0 to address CVE-2022-28948
Upgrade nvidia-container-toolkit, nvidia-container-runtime and libnvidia-container
Upgrade php to 8.1.22 to fix CVE-2023-3824
Upgrade telegraf release to rebuild with go 1.20.7
Upgrade xfsprogs to version 5.15 to match kernel version
2.0.20230823
Add new package xerces-c v3.2.4
Add package proj version 9.2.1
Add patch for cloud-init TestGetInterfaces mock test failure
Added package python-pyrpm with the pyrpm module
Added tool name to printed logs.
Clarified handling of rich dependencies and unified package string parsing.
Configure with nginx --with-stream_ssl_module to enable support for stream proxy server with SSL/TLS
Fixed ipset systemd unit file pointing to a non-existent service file.
Fixed image build issues with packages lacking tests.
Patch krb5 to address CVE-2023-36054
Patch msft-golang 1.19.12 to fix CVE-2023-39533
Patch openssl to fix CVE-2023-3817 and CVE-2023-2650
Patch plexus-archiver to fix CVE-2023-36617.
Patch xorg-x11-server to fix CVE-2023-1594
Remove openssl from reaper source package to clear CVE-2023-0286.
Resolved cyclic ptest dependencies
Update docs to add acl as an install prerequisite
Update ruby default uri to 0.12.2 and bundled uri to 0.10.3 and fix CVE-2023-36617
Upgrade haproxy to 2.4.24 to fix CVE-2023-40225
Upgrade golang to 1.20.7 to address CVE-2023-29409.
Upgrade moby-cli to 20.10.25 to accomodate golang CVE fix for CVE-2023-29406
Upgrade moby-engine to 20.10.25 to accomodate golang CVE fix for CVE-2023-29406
Upgrade moby-containerd to 1.6.22 to accomodate golang CVE fix for CVE-2023-29406
Upgrade moby-runc to 1.1.9 to accomodate golang CVE fix for CVE-2023-29406
Upgrade kernel to 5.15.126.1 to fix CVE-2023-1206, CVE-2023-2860, CVE-2023-3567, CVE-2023-3812, CVE-2023-3896, CVE-2023-4004, CVE-2023-4128, CVE-2023-4132, CVE-2023-4147, CVE-2023-4194 and CVE-2023-32248
Upgrade rubygem-protocol-http1 to v0.15.1
2.0.20230811-2.0
Add hard check on go version
Add lld16 package
Add opentelemetry-cpp package
Add python-cstruct package
Add requires for glibc-debuginfo to valgrind spec
Build nbd kernel module for AMD64
Extend AdditionalFiles config
Patch python-certifi package to fix CVE-2023-37920.
Refactor randomization to have const input strings
Restored the 'cache' subdirectory in tooling's internal build artifacts.
Update kernel-hci config to enable DM multipath Kernel configurations.
Updated package building pipeline templates to support external repos.
Upgrade kernel to version 5.15.125.1
Upgrade package curl to version 8.2.1 to address CVE-2023-32001
Upgrade package telegraf to version 1.27.3
Use sparse raw image as intermediate build image
1.0.20230811
Fix openssh CVE-2023-38408
Upgrade kernel to 5.10.189.1 to fix CVE-2022-3606, CVE-2022-3533 , CVE-2023-1295, CVE-2023-32250, CVE-2023-3776, CVE-2023-3609, CVE-2023-3610, CVE-2023-3611, CVE-2023-3863, CVE-2023-32254, CVE-2023-38409 ,2023-38426, CVE-2023-38427, CVE-2023-38428, CVE-2023-38429, CVE-2023-38430, CVE-2023-38431, CVE-2023-38432 CVE-2022-45884, and CVE-2022-45886
Patch CVE-2023-2828 in bind
Upgrade nodejs to 14.21.3 to fix CVE-2023-23918, CVE-2023-23919, CVE-2023-23920