Releases: microsoft/azurelinux
2.0.20230805
Note that the Toolkit build now requires golang 1.19
Add Readme for containerized-rpmbuild
Add containerized rpmbuild to toolkit
Add dnf5
Add net/mlx5 patch (27) to kernel-hci and switch warn message to debug
Add new package libtraceevent v1.7.2
Add protobuf check section
Add shortest path print of unsolvable nodes when using trace level logging
Address hyperv-daemons cves
Adds c++ support in gmp-devel sub-package
Configure nginx with --with-compat to enable dynamic modules compatibility
Disabled extended ACLs for the build directory.
Disabled extended ACLs for whole projects.
Fix a bug in applying earlier patches in dhcp
Fixing 'ob_artifactBaseName'.
Patch CVE-2023-2828 in bind
Patch qt5-qtbase to address CVE-2023-33285, CVE-2023-37369, CVE-2023-38197
Patch reaper for CVE-2018-11694
Patch rpm-ostree to fix CVE-2022-47085
Promote opencsd to SPECS
Promote rlwrap to SPECS
Remove .bazelversion file to fix issue building keras, python-tensorboard, and tensorflow.
Removing prometheus from prometheus-adapter and making separate *-docs packages
Restored "Enable the graphpkgfetcher to pull build nodes from upstream repos if available V2"
Restored "Filter implicit run nodes before passing to collapse.
Set mariadb to explicitly use system's openSSL, PCRE, and zlib.
Switch rpm package building to use to zstd compression level 7
Tweak behavior of kernel-mshv initrd; let it remain in /boot.
Update blobfuse2 to 2.0.5
Update delta paths prior to implicit handling
Update kata-containers-cc to 0.6.0
Update kernel's mellanox configuratoins for bluefield2 in
Updated iperf3 to fix CVE-2023-38403.
Updated pcre2 to version 10.42 to fix CVE-2022-41409.
Updated tooling to use Golang 1.19.
Upgrade kernel to 5.15.122.1 to fix CVE-2022-3533, CVE-2022-3606, CVE-2022-45884, CVE-2022-45886, CVE-2023-3609, CVE-2023-3610, CVE-2023-3611, CVE-2023-3863, CVE-2023-3776 CVE-2023-38426, CVE-2023-38427, CVE-2023-38428, CVE-2023-38429, CVE-2023-38430, CVE-2023-38431 CVE-2023-38432
Upgrade openssh to 8.9p1 to fix CVE-2023-38408
2.0.20230721
Add functionality to serve stale DNS records
Add grace period for hotplug detach when hotplug pod is deleted in KubeVirt
Add new package opencsd v1.4.0
Add new package python-resolvelib
Add new package rlwrap v0.46.1
Added logging built toolchain RPMs and specs.
Build nginx with http_gunzip_module
Extended PR checks with package builds and ptests.
Fix bogus changelog times in toolchian packages
Fix strace's sockopt-sol_netlink test for kernel >= 5.15.116.1
Fixed the PACKAGE_CACHE_SUMMARY build option.
Include clippy linter tool in package rust
Map the expected RPMs to specs in toolchain
Modify LLVM_PARALLEL_COMPILE_JOBS in llvm
Package cmake modules in grpc-devel
Patch cloud-init to fix CVE-2023-1786
Patch libX11 to fix CVE-2023-3138
Patch nghttp2 to fix CVE-2023-35945
Patch nodejs v16 to fix CVE-2022-25883
Patch nodejs18 to fix CVE-2022-25883
Remove k3s from Mariner
Restore glibc-debuginfo package
Revert: Remove umask handling from bash.spec and change it in filesystem.spec
Update NVIDIA ofa_kernel SPEC
Update README.md
Upgrade Blobfuse2 to version 2.0.4
Upgrade cloud-init to version 23.2
Upgrade golang to version 1.19.11 to fix CVE-2023-29406
Upgrade kernel to version 5.15.118.1
Upgrade liblouis to version 3.26.0 to fix CVE-2023-26767, CVE-2023-26768, CVE-2023-26769
Upgrade librepo to version 1.15.1
Upgrade libsolv to version 0.7.24
Upgrade libtiff to version 4.5.1 patch CVE-2023-26966
Upgrade libxml2 to version 2.10.4 to fix CVE-2023-28484, CVE-2023-29469
Upgrade nodejs to version 16.20.1
Upgrade telegraf to version 1.27.2 to fix CVE-2023-34231, CVE-2023-25809, CVE-2023-28642
Upgrade uclibc-ng to version v1.0.43 to address CVE-2022-29503
1.0.20230713
Patch cloud-hypervisor to fix CVE-2023-2650, CVE-2023-0465
Patch cloud-init to fix CVE-2022-2084, CVE-2023-1786
Patch libcap to fix CVE-2023-2603
Patch mozjs60 to fix CVE-2023-34411, CVE-2022-48285
Patch perl to fix CVE-2023-31486
Patch uclibc-ng to fix gettimeofday static build
Patch yajl to fix CVE-2023-33460
Upgrade golang to version 1.19.10 to fix CVE-2023-24540, CVE-2023-29402, CVE-2023-29403, CVE-2023-29404, CVE-2023-29405
Upgrade kernel to version 5.10.185.1
Upgrade libtiff to version 4.5.1 to fix CVE-2023-26966
Upgrade postgresql to version 12.15 to fix CVE-2023-2454
Upgrade uclibc-ng to version v1.0.43 to fix CVE-2022-29503
2.0.20230630
Add delta toolchain build to automated PR check
Add extended specs to GitOps config.
Add nbkdit as a dependency for the containerized-data-importer:
Add nvram-template mapping to ovmf x64 config for edk2
Add package fsverity-utils
Add patch for cloud-init CVE-2023-1786
Add toolkit feature to profile & trace to have better diagnostics
Enable CONFIG_IP_VS_MH module
Enable audit integration for systemd.
Enable dbus audit logs.
Enable dm-verity in the kernel-uvm
Fix kernel-hci for CVE-2023-3161 CVE-2023-3159 CVE-2023-35788
Fix outdated edk2.signatures.json
Include curl and grep in all core packages.
Patch cloud-init to address CVE-2023-1786
Patch kernel for CVE-2023-3159, CVE-2023-3161, CVE-2023-35788, CVE-2022-48425, CVE-2023-1859, CVE-2023-2002, CVE-2023-22995, CVE-2023-3111, CVE-2023-3141
Patching graphviz dot to png error
Remove duplicate systemd parameters from kernel-mshv cfg
Remove unnecessary brp-strip scripts from RPM
Unified fmt.Error formatting with Go's conventions.
Update Skopeo to 1.12
Upgrade kata-containers-cc to version 0.4.2
Use latest 2.0 Mariner toolchain container for bootstrap build
add patch for Mozjs CVE
2.0.20230621
Add specarchchecker tool to allow arch validation
Add workflow to check for required kernel configs
Exclude ccache directory from toolkit cleanup
Fix CVE-2019-19977
Fix CVE-2023-2454, CVE-2023-2455 and CVE-2022-41862 by upgrading
Fix against race condition in unattended install
Fix qt5-qtbase CVE-2023-32762
Fix qt5-qtbase CVE-2023-32763
Fix typo in changelog
Fully qualify libcap name in official toolchain script
Kernel CVE-2023-2985 CVE-2023-34256
Kernel upgrade to version 5.15.116.1 - branch main -
Patch OpenSSL to fix CVE-2023-2650
Patch QEMU to fix CVE-2021-3750
Patch grub2 to fix CVE-2022-3775 in
Patch kernel-hci for CVE-2023-0459 CVE-2023-2985 CVE-2023-34256
Patch opensc to fix CVE-2023-2977
Patch python-requests to fix CVE-2023-32681
Patch tdnf to include SELECTION_DOTARCH libsolv flag for package query/install
Patch yajl to fix CVE-2023-33460
Patch yasm to fix CVE-2023-31975
Refactor graphpkgfetcher in preparation for delta feature
Registering /usr/local/sbin within filesystem package
Remove redirect and add icmp to default iptables
Resolve libcap CVE-2023-2602 and CVE-2023-2603
Switched to GitOps.ResourceManagement from FabricBot.
Toolkit: Add MAX_CPU flag to limit number of CPUS used for package building
Upgrade golang to 1.19.10 Address CVE-2023-24540, CVE-2023-29402, CVE-2023-29403, CVE-2023-29404, CVE-2023-29405
Upgrade msft-golang to fix CVE-2023-29404
Upgrade tdnf package to version 3.5.2
1.0.20230615
Modified core packages:
c-ares: upgrade to 1.19.1 to fix CVE-2023-32067, CVE-2023-31130, and CVE-2023-31147
curl: patch CVE-2023-28322
haproxy: fix CVE-2023-25725
hyperv-daemons: upgrade to 5.10.183.1
kernel-hyperv: upgrade to version 5.10.183.1
kernel: upgrade to version 5.10.183.1
nodejs: build with system c-ares to fix CVE-2023-32067, CVE-2023-31130, and CVE-2023-31147
opensc: patch CVE-2023-2977
openssh: patch CVE-2023-28531
openssl: patch CVE-2023-2650
python-requests: patch CVE-2023-32681
qt5-qtbase: fix CVE-2023-36762, CVE-2023-32763
yasm: patch CVE-2023-31975
2.0.20230609
New Core packages
debootstrap: upgrade to 1.0.128+nmu2 and promote to base repo
edk2: promoted from extended, upgrade to 20230301gitf80f052277c8
future: promoted from extended, upgraded to 0.18.3
libssh: promoted from extended, upgrade to 0.10.4
mtools: promoted from extended, upgrade to 4.0.43
nbdkit: promoted from extended, upgrade to 1.32.6
networkd-dispatcher: add version 2.2.4
priv_wrapper: added version 1.0.1
python-pefile: version 2023.2.7 added for pyton-virt-firmware
python-virt-firmware: version 23.5 added for edk2
Modified Core Packages
KeysInUse-OpenSSL: upgrade to 0.3.3
SymCrypt-OpenSSL: upgraded to v1.3.0
SymCrypt: upgraded to v103.0.1
c-ares: upgrade to 1.19.1 for CVE-2023-32067, CVE-2023-31130, and CVE-2023-31147
cmake: Patch vendored curl for CVE-2023-23914
containerized-data-importer: upgrade to version 1.55.0
cryptsetup: Disable ssh-token subpackage since requiring libssh-devel creates a circular dependency.
curl: add patch for CVE-2023-28322
edk2: patch CVE-2023-0464 in bundled openssl
iptables: Allow DHCP6 related packets through firewall
kernel-mshv: Align mariner_cmdline_mshv with the working configuration from old loader's linuxloader.conf
kernel: Add nvme_multipath and change default
libdrm: update to 2.4.114
libvirt: patch for CVE-2023-2700
llvm16: limit 2 compile jobs in parallel
llvm: limit 2 compile jobs in parallel
python-pyvmomi: this package has been removed
qt5-qtbase: patch for CVE-2023-24607
qt5-stsvg: patch CVE-2023-32573
New Extended Packages
fonts-rpm-macros
Modified Extended Packages
GeoIP: Dropping package requirement of GeoIP-data in GeoIP
cassandra: upgrade version to 4.0.10 to address CVE-2023-30601
Modifed Extras Packages
mshv-bootloader: update to v25357.1.230428-1528.1
mshv-kd: update to v25357.1.230428-1528.1
mshv-linuxloader: update to 0.5.0-2.2
Toolkit changes
Add flag to disable PMC repository
Documentation: Update recommended golang version to 1.19
timestamp: Record performance of tooling using timestamps
1.0.20230607
Fix CVE-2023-28155 by patching request module in nodejs
Fix formatting in qt5-qtsvg patch file
Kernel upgrade to 5.10.181.1 version to address CVE-2022-4696, CVE-2023-1382, CVE-2023-1859, CVE-2023-2006, CVE-2023-2008, CVE-2023-2162, CVE-2023-2166, CVE-2023-2177, CVE-2023-2194, CVE-2023-2513, CVE-2023-28328 CVE-2023-31436, CVE-2023-32269, CVE-2023-33288, CVE-2023-33203, CVE-2023-1195 CVE-2022-39189, CVE-2023-32233, CVE-2023-0459
Patch Python 2.7.18 for CVE-2022-45061
Patch gnupg2 CVE-2022-34903
Patch libtiff for CVE-2023-2731
Patch qt5 CVE-2023-24607, CVE-2023-32573
Resolve CVE-2018-25032 in openjdk8
Upgrade nasm to 2.16 to patch CVE-2022-44370 -
Upgrade python3 to 3.7.16 to address CVE-2022-42929 and CVE-2022-45061
2.0.20230526
Add ldap backend support into sudo
Add nopatch for CVE-2023-2513, CVE-2023-32233, CVE-2023-32269
Add rootfs partition name in gen2 market place image
Add setuid bit to necessary binaries so regular users can now run them
Fix ISO mount retry race condition
Fix dnf-plugins-core tests by using unittests runner
Fix kernel-hci CVE-2023-2248 CVE-2023-2177 CVE-2023-2008 CVE-2023-0458 CVE-2023-1382 CVE-2023-23005 CVE-2023-2006 CVE-2023-1998 CVE-2023-28327 CVE-2023-2235 CVE-2023-30772 CVE-2023-28328 CVE-2023-2019 CVE-2023-2162 CVE-2023-22997 CVE-2023-2166 CVE-2023-31436 CVE-2023-1872 CVE-2023-2194 CVE-2023-32233 CVE-2023-32269 CVE-2023-2513
Fix ocaml-ppxlib tests failing due to ocaml-sexplib0-0.15.0
Fix python-pbr tests by pinning sphinx version used
Include arch in ResolveCompetingPackages() output
Introduce patch to enable new hypervisor loader.
Make RPM cache flat, improve tdnf arg formatting
Patch frr with CVE-2023-31490
Patch libtiff for CVE-2023-2731
Patch reaper to fix CVE-2023-28155
Patch sysstat for CVE-2023-33204
Pin version of hypothesis used in numpy tests to avoid test breakage
Provide k8s-cni in cni-plugins rpm
Remove influx-cli-bash-completion subpackage
Remove python2 test exclusion
Remove umask handling from bash.spec and change it in filesystem.spec
Remove x86 console params from ARM-specific grub config file
Remove zstd from package test exclusion list
Restored executable permissions for 'squid' scripts.
Revert "qt5: Upgrade to version 5.15.9"
Unified *_LIST arguments to accept spec names
Update CVE-2022-37601.patch to fix multiple occurrences
Upgrade cert-manager to v1.11.2
Upgrade cloud-hypervisor to 31.1, kernel-mshv to 5-15-110, and kernel…
Upgrade kernel to 5.15.112.1
Upgrade lua to 5.4.4 to fix CVE-2021-44964
Upgrade moby-containerd-cc to 1.7.1
Upgrade nasm to 2.16 patch CVE-2022-44370
Upgrade vitess to 16.0.2 to fix CVE-2023-29194
Use static resource management and build using the host OpenSSL for kata-containers-cc
2.0.20230518
Add kata-containers-cc
Add moby-containerd-cc
Add mstflint kerner driver as a patch to kernel-hci
Add nlopt package version 2.7.1
Add toolchainrpms to protected directory list for docker-based builds
Add version constraint to moby-containerd-cc build dependency
Allow PackageRepo field to have configurable GPG
Avoid JIT'd Perl in dracut to avoid SELinux errors
Bump gd for libtiff update
Clear kernel CVE-2023-0458 CVE-2023-1382, CVE-2023-2008, CVE-2023-30772 CVE-2023-1872, CVE-2023-1998, CVE-2023-22997, CVE-2023-23005, CVE-2023-2006, CVE-2023-2019, CVE-2023-2162, CVE-2023-2166, CVE-2023-2177, CVE-2194, CVE-2023-28327, CVE-2023-28328, CVE-2023-2235 CVE-2023-31436 CVE-2023-2248
Correct FRR installation macro to resolve installation errors.
Enable CONFIG_EDAC_SKX
Enable DRM_AMDGPU module in kernel-drivers-gpu
Enable HW monitoring and tracing configs
Enable Kernel modules for TLS, Dell drivers, and supporting config options
Fix cgmanifest ordering
Fix chronyd to explicitly run as the chrony user
Fix CVE-2023-27477 by patching cranelift vulnerability that is exposed in rust
Fix flaky valgrind tests by including proper check-time requirements
Fix grubby to use dedicated installkernel package
Fix perl-WWW-Curl tests by adding check-time requirements
Fix relative time search tests in gh
Fixed architecture check during spec parsing and removed toolbox.
Install the bzImage for kernel-uvm
Introduce new hvloader.spec and required dependencies from -EXTENDED
Patch kernel-hci for CVE-2023-1989, CVE-2023-1829 and CVE-2023-1990
Patch libtiff for CVE-2023-0801 and CVE-2023-0795
Patch openvswitch for CVE-2023-1668
Patch qt5-qtbase to fix CVE-2023-24607 for qt5-qtbase
Patch shadow-utils to address CVE-2023-29383 -
Patch tidy to fix CVE-2021-33391
Promote containernetworking-plugins from extended to core
Remove explicit build-time dependency on npm in nodejs-nodemon
Remove old livepatches
Scan for orphaned mounts when cleaning toolchain
Update %__python macro to point to existing interpreter
Update ncurses to fix CVE-2023-29491
Updated Microsoft trusted root CAs. Release: April 2023 (2023-05-05)
Upgrade bcc to 0.27.0
Upgrade Cblmargh/moby engine to 20.10.24
Upgrade dmidecode to 3.5 to fix CVE-2023-30630
Upgrade freetype to 2.13.0 to fix CVE-2023-2004
Upgrade frr to 8.5.1 and promote to core specs
Upgrade git to 2.33.8 to address CVE-2023-25652 and CVE-2023-29007
Upgrade kata-containers to version 3.1.0
Upgrade kata-containers-cc to 0.4.1
Upgrade Kernel to 5.15.111.1 version
Upgrade kubevirt to v0.59.0
Upgrade qt5 to version 5.15.9
Upgrade redis to 6.2.12 to fix CVE-2023-28856
Upgrade ruby-time to v0.2.2 and ruby-uri to v0.11.1 to resolve CVE-20…
Upgrade strongswan to fix CVE-2023-26463
Upgrade vim to 9.0.1527 Fix CVE-2023-2426
Upgrade vim to 9.0.1562 to address CVE-2023-2609 & CVE-2023-2610
Upgrade zlib to 1.2.13 to correctly handle CRC inputs