Releases: microsoft/azurelinux
2.0.20230518
Add kata-containers-cc
Add moby-containerd-cc
Add mstflint kerner driver as a patch to kernel-hci
Add nlopt package version 2.7.1
Add toolchainrpms to protected directory list for docker-based builds
Add version constraint to moby-containerd-cc build dependency
Allow PackageRepo field to have configurable GPG
Avoid JIT'd Perl in dracut to avoid SELinux errors
Bump gd for libtiff update
Clear kernel CVE-2023-0458 CVE-2023-1382, CVE-2023-2008, CVE-2023-30772 CVE-2023-1872, CVE-2023-1998, CVE-2023-22997, CVE-2023-23005, CVE-2023-2006, CVE-2023-2019, CVE-2023-2162, CVE-2023-2166, CVE-2023-2177, CVE-2194, CVE-2023-28327, CVE-2023-28328, CVE-2023-2235 CVE-2023-31436 CVE-2023-2248
Correct FRR installation macro to resolve installation errors.
Enable CONFIG_EDAC_SKX
Enable DRM_AMDGPU module in kernel-drivers-gpu
Enable HW monitoring and tracing configs
Enable Kernel modules for TLS, Dell drivers, and supporting config options
Fix cgmanifest ordering
Fix chronyd to explicitly run as the chrony user
Fix CVE-2023-27477 by patching cranelift vulnerability that is exposed in rust
Fix flaky valgrind tests by including proper check-time requirements
Fix grubby to use dedicated installkernel package
Fix perl-WWW-Curl tests by adding check-time requirements
Fix relative time search tests in gh
Fixed architecture check during spec parsing and removed toolbox.
Install the bzImage for kernel-uvm
Introduce new hvloader.spec and required dependencies from -EXTENDED
Patch kernel-hci for CVE-2023-1989, CVE-2023-1829 and CVE-2023-1990
Patch libtiff for CVE-2023-0801 and CVE-2023-0795
Patch openvswitch for CVE-2023-1668
Patch qt5-qtbase to fix CVE-2023-24607 for qt5-qtbase
Patch shadow-utils to address CVE-2023-29383 -
Patch tidy to fix CVE-2021-33391
Promote containernetworking-plugins from extended to core
Remove explicit build-time dependency on npm in nodejs-nodemon
Remove old livepatches
Scan for orphaned mounts when cleaning toolchain
Update %__python macro to point to existing interpreter
Update ncurses to fix CVE-2023-29491
Updated Microsoft trusted root CAs. Release: April 2023 (2023-05-05)
Upgrade bcc to 0.27.0
Upgrade Cblmargh/moby engine to 20.10.24
Upgrade dmidecode to 3.5 to fix CVE-2023-30630
Upgrade freetype to 2.13.0 to fix CVE-2023-2004
Upgrade frr to 8.5.1 and promote to core specs
Upgrade git to 2.33.8 to address CVE-2023-25652 and CVE-2023-29007
Upgrade kata-containers to version 3.1.0
Upgrade kata-containers-cc to 0.4.1
Upgrade Kernel to 5.15.111.1 version
Upgrade kubevirt to v0.59.0
Upgrade qt5 to version 5.15.9
Upgrade redis to 6.2.12 to fix CVE-2023-28856
Upgrade ruby-time to v0.2.2 and ruby-uri to v0.11.1 to resolve CVE-20…
Upgrade strongswan to fix CVE-2023-26463
Upgrade vim to 9.0.1527 Fix CVE-2023-2426
Upgrade vim to 9.0.1562 to address CVE-2023-2609 & CVE-2023-2610
Upgrade zlib to 1.2.13 to correctly handle CRC inputs
1.0.20230518
Add patch for CVE-2023-0795 in libtiff
Add toolchainrpms to protected directory list for docker-based builds
Patch fluent-bit to fix CVE-2021-46878 and CVE-2021-46879
Patch kernel to address CVE-2023-30772
Patch tdnf to Retry on Failed Connection During curl Calls
Path Kernel CVE-2023-0458
Renamed patch in nmap to correct format to resolve CVE-2018-25032
Update ncurses to version 6.4-20230408 to fix CVE-2023-29491
Updated Microsoft trusted root CAs. Release: April 2023 (2023-05-05)
Upgrade freetype to 2.13.0 Fix CVE-2023-2004
Upgrade git to 2.33.8 to address CVE-2023-25652 and CVE-2023-29007
Upgrade Kernel to version 5.10.179.1
Upgrade redis to 6.2.12 to fix CVE-2023-28856
Upgrade vim to 9.0.1562 to address CVE-2023-2609 & CVE-2023-2610 and CVE-2023-2426
1.0.20230427-1.0
Add 3pm extension to perl, perl-File-Which, perl-File-HomeDir, and perl-List-MoreUtils man3 pages
Make python2 use system zlib to fix CVE-2018-25032
Make ccache use system zlib to fix CVE-2018-25032
Patch embedded zlib package within boost to fix CVE-2018-25032
Patch erlang for CVE-2018-25032
Patch nmap to fix CVE-2018-25032
Patch protobuf-c to fix CVE-2022-48468
Patch qt5-qtbase for CVE-2023-24607
Upgrade bundled njs version in nginx to 0.7.12 to fix CVE-2020-19692, CVE-2020-19695
Upgrade tcl to 8.6.13 to fix CVE-2018-25032
Upgrade kernel to version 5.10.177.1
2.0.20230426
Add kata-containers-cc package
Adding XFS as a root filesystem type
Enable serial console for ISO installer
Fix CVE 2022 37601 on webpack loader-utils integrated with webpack
Fix CVE-2021-45985 on memcached and ntopng
Fix uninstallation of InfluxDB package
Patch CVE-2021-28235 for etcd packages
Patch CVE-2022-2989 in podman
Patch CVE-2022-3165 in qemu
Patch CVE-2023-25173 and CVE-2023-25153 for k3s
Patch embedded zlib package within boost to fix CVE 2018-25032
Upgrade bundled njs version in nginx to 0.7.12 to fix CVE-2020-19692, CVE-2020-19695
Upgrade bundled njs version in nginx to 0.7.12 to fix CVE-2020-19692, CVE-2020-19695
Upgrade k3s to 1.25.8 and 1.26.3
Upgrade k3s to v1.24.6 & add v1.25.5
Upgrade libyang to 2.1.55 to fix CVE-2023-26916
Upgrade moby-cli to 20.10.24
Upgrade moby-runc to 1.1.5 to fix CVE-2023-28642, CVE-2023-27561, CVE-2023-25809
Upgrade mysql to 8.0.33 address CVE-2023-21976, CVE-2023-21972, CVE-2023-21982, CVE-2023-21977, CVE-2023-21980
Upgrade nmap to version 7.93 to fix CVE-2018-25032
Upgrade tcl to 8.6.13 Fix CVE-2018-25032
Upgrade protobuf-c to 1.4.1 to fix CVE-2022-48468 -
Kernel upgrade to version 5.15.107.1
Add nodejs18.spec to support nodejs 18
clang-16 and llvm-16: add new SPECS
openssl: patch CVE-2023-0465 and CVE-2023-0466
2.0.20230407
New Core Packages
apache-commons-cli
apache-commons-lang3
apache-commons-logging
atinject
atop - promoted from extended to core
cal10n
dracut-megaraid
glassfish-servlet-api
google-guice
guava
htop - promoted from extended to core
javapackages-bootstrap
javassist
jsr-305
junit
maven-compiler-plugin
maven-jar-plugin
maven-resolver
maven-resources-plugin
maven-surefire
maven-wagon
plexus-cipher
plexus-classworlds
plexus-containers
plexus-interpolation
plexus-sec-dispatcher
plexus-utils
rabbitmq-server
sisu
slf4j
wireguard-tools version 1.0.20210914
xmvn
Updated Core Packages
Add missing runtime dependency to sos package
Enable CONFIG_NET_CLS_FLOWER as module
Enable loadable modules and -devel subpackage for kernel-uvm
Enable wireguard as kernel module
PyTorch: Fix CVE-2022-25882
R: fix build with curl >= 8.0.0
Updated Microsoft trusted root CAs. Release: February 2023 (2023-03-29)
Updated packages with a BR on libtiff.
build nginx with http_gzip_static_module
c-ares update to 1.19.0 to address CVE-2022-4904
ccache: update to 4.8
cert-manager - patch to address CVE-2023-25165 -
cloud-hypervisor: patch vendored versionize crate to fix CVE-2023-28448
cloud-init - address ptest failure
curl: bump version to 8.0.1 to address CVE-2023-27533 to CVE-2023-27538
dnsmasq: patch CVE-2023-28450
gnupg2: add correct version of libgpg-error-devel as BR
golang update to 1.19.7 to address CVE-2023-24532
golang: upgrade to 1.19.8 to address CVE-2023-24534, CVE-2023-24536, CVE-2023-24537, CVE-2023-24538
javapackages-boostrap - Fix CVE-2021-35516 and CVE-2021-35517 by upgrading common-compress to 1.21
kata-containers: integrate fix to reduce UVM memory consumption
kata-containers: update kata-osbuilder.sh signature
kdump initrd assembly + cosmetic fixes on kdumpctl
kernel-mshv: add back config
kernel-uvm: consume dom0 source
kernel-uvm: remove aarch64
libtiff - upgrade to 4.5.0 to fix CVE-2022-4645 -
maven3 - update to match maven changes
mlnx-ofa_kernel - update BuildRequires to use kernel 5.15.87.1
msft-golang: bump version to 1.19.7 to address CVE-2022-41722, CVE-2022-41724, CVE-2022-41725, CVE-2022-41723, CVE-2023-24532
msft-golang: upgrade to 1.19.8 to address CVE-2023-24534, CVE-2023-24536, CVE-2023-24537, CVE-2023-24538
nginx - build with ngx_http_realip_module
opa - update to 0.50.2
openssl 1.1.1k - atching CVE-2023-0464
rust: bump version to 1.68.2 to revoke leaked github keys
telegraf - update to 1.26.0 to fix CVE-2022-23471
tzdata - update to version 2023c.
xinetd - patch with CVE-2013-4342 fix
New Extended Packages
none
Updated Extended Packages
none
New Proprietary packages
none
Updated Proprietary Packages
kubernetes-1.23.12-4
kubernetes-1.23.15-4
kubernetes-1.24.6-4
kubernetes-1.24.9-4
kubernetes-1.25.4-4
kubernetes-1.25.5-4
kubernetes-1.26.0-2
kubernetes-1.26.3-2
Updated NVIDIA packages
cuda-525.85.12-2_5.15.102.1.3
nvidia-fabric-manager-525.85.12-1
Tooling changes
Added signing stage for livepatches pipeline.
Fix unattended iso flag handling
Move toolchain RPMs to a dedicated location in ./build/toolchain_rpms
Prioritize already cached RPMs before using online repos
Translate and update build flow diagram into mermaid diagram
Update CBL-Mariner build prerequisites
Update contribution guide to include more detailed instructions
Updated livepatch spec template to print more logs.
Update old go file formatting with go-tidy-all.
1.0.20230414
Disable root login by default in cloud-init configuration
Fix UNATTENDED_INSTALLER make argument when building ISO
Patch cloud-hypervisor for vendored CVE-2023-28448
Patch openssl to fix CVE-2023-0460, CVE-2023-0465, CVE-2023-0466
Patch systemd to fix CVE-2023-26604
Patch xinetd with CVE-2013-4342
Update c-ares to 1.19.0 To fix CVE-2022-4904
Update Microsoft trusted root CAs for February 2023 release (2023-03-29)
Update moby-runc to 1.1.5 to fix CVE-2023-28642, CVE-2023-27561, CVE-2023-25809
Update tzdata to version 2023c
1.0.20230330
Patch kernel for CVE-2022-1943 CVE-2022-3110, CVE-2022-3707 CVE-2023-0461, CVE-2023-1118 CVE-2023-22996, CVE-2023-22997, CVE-2023-23001, CVE-2023-23002, CVE-2023-23003, CVE-2023-23004, CVE-2023-23005, CVE-2023-23006
Upgrade mysql to 8.0.32 fix CVE-2023-21875 to CVE-2023-21887
Upgrade redis to 6.2.11 patch CVE-2022-36021
Upgrade vim to 9.0.1367 patch CVE-2023-1127
Upgrade vim to 9.0.1378 patch CVE-2023-1175
Upgrade Kernel to version 5.10.174.1
Patch heimdal for CVE-2022-45142
Upgrade curl to version 7.88.1 to address CVE-2023-23914, CVE-2023-23915, CVE-2023-23916
Patch dnsmasq CVE-2023-28450
Upgrade httpd to 2.4.56 to fix CVE-2023-27522, CVE-2023-25690
Patch perl-WWW-Curl to work around macro bug introduced by curl 7.88.1 upgrade
Upgrade sudo to 1.9.13p3 to fix CVE-2023-27320
Upgrade vim to 9.0.1402 Fix CVE-2023-1264
2.0.20230321
PawelWMS
Pawel Winogrodzki
What's Changed
Added 13 python packages to extended.
Added 18 perl packages.
Added 9 packages to extended.
Added GeoIP-GeoLite-data package version 2018.06.
Added PostInstallScript entry, add note to extra cmdline.
Added a workaround for a breaking lint in rpm-ostree.
Added booth package version 1.0.
Added elixir package to Mariner to support rabbitmq.
Added freefont.
Added fstrm to extended.
Added geoclue2 package version 2.7.0.
Added libgovirt package version 0.3.9.
Added libindicator package version 12.10.1.
Added libxmlb package version 0.3.11.
Added netsniff-ng package version 0.6.8.
Added nopatches for kernel-hci: CVE-2022-41858, CVE-2023-0461, CVE-2023-0266, CVE-2022-4662, CVE-2022-47929, CVE-2023-22998, CVE-2022-42329, CVE-2022-4139, CVE-2023-1095, CVE-2022-47940, CVE-2023-22996, CVE-2022-41218, CVE-2023-0468, CVE-2023-23559, CVE-2022-1943, CVE-2023-26545, CVE-2022-2196, CVE-2022-42328, CVE-2023-22999, CVE-2023-0394.
Added pacemaker package version 2.1.5.
Added package advancecomp version 2.4.
Added package gdisk version 1.0.9.
Added package pykickstart version 3.36.
Added phodav package version 3.0.
Added python binding for gRPC (python3-grpcio) for aarch64.
Added python-beautifulsoup4 package version 4.11.2.
Added python-oslo-i18n package version 5.1.0.
Added python-stestr package version 3.2.0.
Added python-webtest package version 3.0.0.
Change source0 for python-msal & python-msrestazure.
Fixed python-cherrypy ptest.
Fixed the TestRPM-HydratedBuild pipeline to not report a toolchain error if allowToolchainRebuilds is true.
Kernel upgrade to version 5.15.102.1.
Nopatch kernel for CVE-2023-22998, CVE-2023-26545, CVE-2023-22999, CVE-2023-22996, CVE-2023-1095, CVE-2023-23001, CVE-2023-23002, CVE-2022-2196, CVE-2023-0461, CVE-2023-1118, CVE-2023-23004.
Parched python-werkzeug's CVE-2023-23934.
Patched emacs to fix CVE-2022-48337, CVE-2022-48338, CVE-2022-48339, CVE-2023-27986, CVE-2023-27985.
Patched gnutls' CVE-2023-0361.
Patched heimdal's CVE-2022-45142.
Patched moby-engine's CVE-2023-25153.
Patched perl-WWW-Curl to work around macro bug.
Patched systemd-bootstrap's CVE-2022-4415.
Patched vendor package hyper in rpm-ostree to fix CVE-2022-31394.
Removed k3s v1.23.8.
Updated bootstrap toolchain.
Updated selinux-policy refpolicy to 2.20221101.
Updated sources paths for ca-certificates.
Updated sudo to 1.9.13p3 to fix CVE-2023-27320.
Upgrade curl to 7.88.1.
Upgraded dnsmasq to 2.89 fix CVE-2021-45951, CVE-2021-45952, CVE-2021-45953, CVE-2021-45955, CVE-2021-45956, CVE-2021-45957, CVE-2022-0934.
Upgraded emacs to 28.2 fix CVE-2022-48338, CVE-2022-48339 -.
Upgraded gnupg2 to v2.4.0 to address CVE-2022-3515.
Upgraded golang to 1.19.6 Address CVE-2022-41722, CVE-2022-41724, CVE-2022-41725, CVE-2022-41723.
Upgraded httpd to 2.4.56.
Upgraded libgit2 to 1.4.5 none.
Upgraded moby-containerd to 1.6.18 to fix CVE-2023-25173, CVE-2023-25153.
Upgraded nodejs to 16.19.1 to fix CVE-2023-23936 -.
Upgraded redis to 6.2.11 to fix CVE-2022-36021, CVE-2023-25155.
Upgraded rust to 1.68.0, address some vendoring issues and promote libgit2 to core.
Upgraded vim to 9.0.1367 to fix CVE-2023-1127.
Upgraded vim to 9.0.1378 to fix CVE-2023-1175.
Upgraded vim to 9.0.1402 fix CVE-2023-1355, CVE-2023-1264.
New Contributors
- @rakshaa2000 made their first contribution in #5079
Full Changelog: 2.0.20230303-2.0...2.0.20230321-2.0
Contributors
Assets 2
1.0.20230308
Patch gnutls to fix CVE-2023-0361
Patch python2 to address CVE-2023-24329
Patch moby-containerd to fix CVE-2023-25153
Patch helm to fix CVE-2023-25165
Patch moby-containerd to fix CVE-2023-25173
Patch kernel for CVE-2022-2196, CVE-2023-26545, CVE-2023-22998, CVE-2023-22999, CVE-2023-1095
Skip pwd-long tests from coreutils which is failing in chroot
Upgrade git to 2.33.7 fix CVE-2023-22490, CVE-2023-23946
Upgrade libtiff to 4.5.0 to fix CVE-2023-0804
Upgrade moby-containerd to 1.6.18 to fix CVE-2023-25173, CVE-2023-25153
Upgrade Kernel to version 5.10.172.1
Upgrade harfbuzz version in 1.0 to fix CVE-2023-25193
2.0.20230303
New Core Packages
authbind: add package 2.1.2
geos: add package v3.11.1
prometheus-adapter: moved to core packages from extended
New Extended Packages
bolt: Add package version 0.9.2
crypto-policies: add package version 20200619
dleyna-connector-dbus: add package version 0.3.0
dleyna-core: add package version 0.6.0
foomatic: add package 4.0.13
foomatic-db: add package 4.0.69
frr: add package version 8.4.2
gssdp: add package version 1.6.2
gupnp: add package version 1.6.3
gupnp-dlna: add package version 0.12.0
gupnp-igd: add package version 1.2.0
libgdither: Add package version 0.6
mksh: add package v59c
opal: add package version 3.10.11
openrdate: add package version 1.2
ptlib: add package version 2.10.11
rcs: add package version 5.10.1
rubygem-bson
rubygem-diff-lcs
rubygem-flexmock
rubygem-maruku
rubygem-mysql2
rubygem-rspec-expectations
rubygem-rspec-mocks
rubygem-rspec-support
rubygem-thread_order
udisks2: add package version 2.9.4
Updated Core Packages
blobfuse2: upgrade to 2.0.2
ca-certificates: Added new Microsoft-owned root CAs to the base set of trusted CAs.
clamav: upgrade to 0.105.2 CVE-2023-20032 CVE-2023-20052
cloud-init: upgrade to 22.4
erlang: upgrade to version 25.2 to support rabbitmq
fluent-bit: upgrade to 2.0.9
harbuzz: patch CVE-2023-25193
helm: patch for CVE-2023-25165
initramfs: Only conditionally move kernel-mshv initrd if it exists
kernel: upgrade to 5.15.94.1 version
kernel: Install vmlinux with root executable permissions
kernel-azure: Install vmlinux with root executable permissions
kernel-hci: Add QinQ patches
kernel-hci: Install vmlinux with root executable permissions
kernel-mshv: Install vmlinux with root executable permissions
kernel-mshv: bump to 5.15.92.mshv1 to match lsg release v2302.8.1
kernel-uvm: enable Hyper-V enlightenments
less: patch with CVE-2022-46663
libtiff: patch for CVE-2023-0795(to 0799) and CVE-2023-0800(to 0804)
mariner-release: bump mariner-release to version 35
mstflint: Enable adb-generic-tools in mstflint build config
php: upgrade to 8.1.16 to fix CVE-2023-0568, CVE-2023-0662
python-werkzeug: patch CVE-2023-25577
telegraf: upgrade to 1.25.2 to fix several vendored CVEs
Updated Extended Packages
buildah: Fix runtime requirements.
Tooling changes
Bump golang.org/x/text from 0.3.7 to 0.3.8 in /toolkit/tools
Documentation for CGroup toggle in toolkit/docs/formats/imageconfig.md to generate Mariner images with cgroupv2
Ignored ccache directory.
Added an initial build pipeline for livepatches.
Fixed livepatch PR check.
Parse %check section when RUN_CHECK=y to add %check passing as a requirement
fix URL to mariner-nvidia.repo
add livepatch-5.15.87.1-1: CVEs: 2022-47929, 2023-0266, 2023-0394.
add livepatch-5.15.94.1-1