Releases: microsoft/azurelinux
2.0.20230407
New Core Packages
apache-commons-cli
apache-commons-lang3
apache-commons-logging
atinject
atop - promoted from extended to core
cal10n
dracut-megaraid
glassfish-servlet-api
google-guice
guava
htop - promoted from extended to core
javapackages-bootstrap
javassist
jsr-305
junit
maven-compiler-plugin
maven-jar-plugin
maven-resolver
maven-resources-plugin
maven-surefire
maven-wagon
plexus-cipher
plexus-classworlds
plexus-containers
plexus-interpolation
plexus-sec-dispatcher
plexus-utils
rabbitmq-server
sisu
slf4j
wireguard-tools version 1.0.20210914
xmvn
Updated Core Packages
Add missing runtime dependency to sos package
Enable CONFIG_NET_CLS_FLOWER as module
Enable loadable modules and -devel subpackage for kernel-uvm
Enable wireguard as kernel module
PyTorch: Fix CVE-2022-25882
R: fix build with curl >= 8.0.0
Updated Microsoft trusted root CAs. Release: February 2023 (2023-03-29)
Updated packages with a BR on libtiff.
build nginx with http_gzip_static_module
c-ares update to 1.19.0 to address CVE-2022-4904
ccache: update to 4.8
cert-manager - patch to address CVE-2023-25165 -
cloud-hypervisor: patch vendored versionize crate to fix CVE-2023-28448
cloud-init - address ptest failure
curl: bump version to 8.0.1 to address CVE-2023-27533 to CVE-2023-27538
dnsmasq: patch CVE-2023-28450
gnupg2: add correct version of libgpg-error-devel as BR
golang update to 1.19.7 to address CVE-2023-24532
golang: upgrade to 1.19.8 to address CVE-2023-24534, CVE-2023-24536, CVE-2023-24537, CVE-2023-24538
javapackages-boostrap - Fix CVE-2021-35516 and CVE-2021-35517 by upgrading common-compress to 1.21
kata-containers: integrate fix to reduce UVM memory consumption
kata-containers: update kata-osbuilder.sh signature
kdump initrd assembly + cosmetic fixes on kdumpctl
kernel-mshv: add back config
kernel-uvm: consume dom0 source
kernel-uvm: remove aarch64
libtiff - upgrade to 4.5.0 to fix CVE-2022-4645 -
maven3 - update to match maven changes
mlnx-ofa_kernel - update BuildRequires to use kernel 5.15.87.1
msft-golang: bump version to 1.19.7 to address CVE-2022-41722, CVE-2022-41724, CVE-2022-41725, CVE-2022-41723, CVE-2023-24532
msft-golang: upgrade to 1.19.8 to address CVE-2023-24534, CVE-2023-24536, CVE-2023-24537, CVE-2023-24538
nginx - build with ngx_http_realip_module
opa - update to 0.50.2
openssl 1.1.1k - atching CVE-2023-0464
rust: bump version to 1.68.2 to revoke leaked github keys
telegraf - update to 1.26.0 to fix CVE-2022-23471
tzdata - update to version 2023c.
xinetd - patch with CVE-2013-4342 fix
New Extended Packages
none
Updated Extended Packages
none
New Proprietary packages
none
Updated Proprietary Packages
kubernetes-1.23.12-4
kubernetes-1.23.15-4
kubernetes-1.24.6-4
kubernetes-1.24.9-4
kubernetes-1.25.4-4
kubernetes-1.25.5-4
kubernetes-1.26.0-2
kubernetes-1.26.3-2
Updated NVIDIA packages
cuda-525.85.12-2_5.15.102.1.3
nvidia-fabric-manager-525.85.12-1
Tooling changes
Added signing stage for livepatches pipeline.
Fix unattended iso flag handling
Move toolchain RPMs to a dedicated location in ./build/toolchain_rpms
Prioritize already cached RPMs before using online repos
Translate and update build flow diagram into mermaid diagram
Update CBL-Mariner build prerequisites
Update contribution guide to include more detailed instructions
Updated livepatch spec template to print more logs.
Update old go file formatting with go-tidy-all.
1.0.20230414
Disable root login by default in cloud-init configuration
Fix UNATTENDED_INSTALLER make argument when building ISO
Patch cloud-hypervisor for vendored CVE-2023-28448
Patch openssl to fix CVE-2023-0460, CVE-2023-0465, CVE-2023-0466
Patch systemd to fix CVE-2023-26604
Patch xinetd with CVE-2013-4342
Update c-ares to 1.19.0 To fix CVE-2022-4904
Update Microsoft trusted root CAs for February 2023 release (2023-03-29)
Update moby-runc to 1.1.5 to fix CVE-2023-28642, CVE-2023-27561, CVE-2023-25809
Update tzdata to version 2023c
1.0.20230330
Patch kernel for CVE-2022-1943 CVE-2022-3110, CVE-2022-3707 CVE-2023-0461, CVE-2023-1118 CVE-2023-22996, CVE-2023-22997, CVE-2023-23001, CVE-2023-23002, CVE-2023-23003, CVE-2023-23004, CVE-2023-23005, CVE-2023-23006
Upgrade mysql to 8.0.32 fix CVE-2023-21875 to CVE-2023-21887
Upgrade redis to 6.2.11 patch CVE-2022-36021
Upgrade vim to 9.0.1367 patch CVE-2023-1127
Upgrade vim to 9.0.1378 patch CVE-2023-1175
Upgrade Kernel to version 5.10.174.1
Patch heimdal for CVE-2022-45142
Upgrade curl to version 7.88.1 to address CVE-2023-23914, CVE-2023-23915, CVE-2023-23916
Patch dnsmasq CVE-2023-28450
Upgrade httpd to 2.4.56 to fix CVE-2023-27522, CVE-2023-25690
Patch perl-WWW-Curl to work around macro bug introduced by curl 7.88.1 upgrade
Upgrade sudo to 1.9.13p3 to fix CVE-2023-27320
Upgrade vim to 9.0.1402 Fix CVE-2023-1264
2.0.20230321
PawelWMS
Pawel Winogrodzki
What's Changed
Added 13 python packages to extended.
Added 18 perl packages.
Added 9 packages to extended.
Added GeoIP-GeoLite-data package version 2018.06.
Added PostInstallScript entry, add note to extra cmdline.
Added a workaround for a breaking lint in rpm-ostree.
Added booth package version 1.0.
Added elixir package to Mariner to support rabbitmq.
Added freefont.
Added fstrm to extended.
Added geoclue2 package version 2.7.0.
Added libgovirt package version 0.3.9.
Added libindicator package version 12.10.1.
Added libxmlb package version 0.3.11.
Added netsniff-ng package version 0.6.8.
Added nopatches for kernel-hci: CVE-2022-41858, CVE-2023-0461, CVE-2023-0266, CVE-2022-4662, CVE-2022-47929, CVE-2023-22998, CVE-2022-42329, CVE-2022-4139, CVE-2023-1095, CVE-2022-47940, CVE-2023-22996, CVE-2022-41218, CVE-2023-0468, CVE-2023-23559, CVE-2022-1943, CVE-2023-26545, CVE-2022-2196, CVE-2022-42328, CVE-2023-22999, CVE-2023-0394.
Added pacemaker package version 2.1.5.
Added package advancecomp version 2.4.
Added package gdisk version 1.0.9.
Added package pykickstart version 3.36.
Added phodav package version 3.0.
Added python binding for gRPC (python3-grpcio) for aarch64.
Added python-beautifulsoup4 package version 4.11.2.
Added python-oslo-i18n package version 5.1.0.
Added python-stestr package version 3.2.0.
Added python-webtest package version 3.0.0.
Change source0 for python-msal & python-msrestazure.
Fixed python-cherrypy ptest.
Fixed the TestRPM-HydratedBuild pipeline to not report a toolchain error if allowToolchainRebuilds is true.
Kernel upgrade to version 5.15.102.1.
Nopatch kernel for CVE-2023-22998, CVE-2023-26545, CVE-2023-22999, CVE-2023-22996, CVE-2023-1095, CVE-2023-23001, CVE-2023-23002, CVE-2022-2196, CVE-2023-0461, CVE-2023-1118, CVE-2023-23004.
Parched python-werkzeug's CVE-2023-23934.
Patched emacs to fix CVE-2022-48337, CVE-2022-48338, CVE-2022-48339, CVE-2023-27986, CVE-2023-27985.
Patched gnutls' CVE-2023-0361.
Patched heimdal's CVE-2022-45142.
Patched moby-engine's CVE-2023-25153.
Patched perl-WWW-Curl to work around macro bug.
Patched systemd-bootstrap's CVE-2022-4415.
Patched vendor package hyper in rpm-ostree to fix CVE-2022-31394.
Removed k3s v1.23.8.
Updated bootstrap toolchain.
Updated selinux-policy refpolicy to 2.20221101.
Updated sources paths for ca-certificates.
Updated sudo to 1.9.13p3 to fix CVE-2023-27320.
Upgrade curl to 7.88.1.
Upgraded dnsmasq to 2.89 fix CVE-2021-45951, CVE-2021-45952, CVE-2021-45953, CVE-2021-45955, CVE-2021-45956, CVE-2021-45957, CVE-2022-0934.
Upgraded emacs to 28.2 fix CVE-2022-48338, CVE-2022-48339 -.
Upgraded gnupg2 to v2.4.0 to address CVE-2022-3515.
Upgraded golang to 1.19.6 Address CVE-2022-41722, CVE-2022-41724, CVE-2022-41725, CVE-2022-41723.
Upgraded httpd to 2.4.56.
Upgraded libgit2 to 1.4.5 none.
Upgraded moby-containerd to 1.6.18 to fix CVE-2023-25173, CVE-2023-25153.
Upgraded nodejs to 16.19.1 to fix CVE-2023-23936 -.
Upgraded redis to 6.2.11 to fix CVE-2022-36021, CVE-2023-25155.
Upgraded rust to 1.68.0, address some vendoring issues and promote libgit2 to core.
Upgraded vim to 9.0.1367 to fix CVE-2023-1127.
Upgraded vim to 9.0.1378 to fix CVE-2023-1175.
Upgraded vim to 9.0.1402 fix CVE-2023-1355, CVE-2023-1264.
New Contributors
- @rakshaa2000 made their first contribution in #5079
Full Changelog: 2.0.20230303-2.0...2.0.20230321-2.0
Contributors
Assets 2
1.0.20230308
Patch gnutls to fix CVE-2023-0361
Patch python2 to address CVE-2023-24329
Patch moby-containerd to fix CVE-2023-25153
Patch helm to fix CVE-2023-25165
Patch moby-containerd to fix CVE-2023-25173
Patch kernel for CVE-2022-2196, CVE-2023-26545, CVE-2023-22998, CVE-2023-22999, CVE-2023-1095
Skip pwd-long tests from coreutils which is failing in chroot
Upgrade git to 2.33.7 fix CVE-2023-22490, CVE-2023-23946
Upgrade libtiff to 4.5.0 to fix CVE-2023-0804
Upgrade moby-containerd to 1.6.18 to fix CVE-2023-25173, CVE-2023-25153
Upgrade Kernel to version 5.10.172.1
Upgrade harfbuzz version in 1.0 to fix CVE-2023-25193
2.0.20230303
New Core Packages
authbind: add package 2.1.2
geos: add package v3.11.1
prometheus-adapter: moved to core packages from extended
New Extended Packages
bolt: Add package version 0.9.2
crypto-policies: add package version 20200619
dleyna-connector-dbus: add package version 0.3.0
dleyna-core: add package version 0.6.0
foomatic: add package 4.0.13
foomatic-db: add package 4.0.69
frr: add package version 8.4.2
gssdp: add package version 1.6.2
gupnp: add package version 1.6.3
gupnp-dlna: add package version 0.12.0
gupnp-igd: add package version 1.2.0
libgdither: Add package version 0.6
mksh: add package v59c
opal: add package version 3.10.11
openrdate: add package version 1.2
ptlib: add package version 2.10.11
rcs: add package version 5.10.1
rubygem-bson
rubygem-diff-lcs
rubygem-flexmock
rubygem-maruku
rubygem-mysql2
rubygem-rspec-expectations
rubygem-rspec-mocks
rubygem-rspec-support
rubygem-thread_order
udisks2: add package version 2.9.4
Updated Core Packages
blobfuse2: upgrade to 2.0.2
ca-certificates: Added new Microsoft-owned root CAs to the base set of trusted CAs.
clamav: upgrade to 0.105.2 CVE-2023-20032 CVE-2023-20052
cloud-init: upgrade to 22.4
erlang: upgrade to version 25.2 to support rabbitmq
fluent-bit: upgrade to 2.0.9
harbuzz: patch CVE-2023-25193
helm: patch for CVE-2023-25165
initramfs: Only conditionally move kernel-mshv initrd if it exists
kernel: upgrade to 5.15.94.1 version
kernel: Install vmlinux with root executable permissions
kernel-azure: Install vmlinux with root executable permissions
kernel-hci: Add QinQ patches
kernel-hci: Install vmlinux with root executable permissions
kernel-mshv: Install vmlinux with root executable permissions
kernel-mshv: bump to 5.15.92.mshv1 to match lsg release v2302.8.1
kernel-uvm: enable Hyper-V enlightenments
less: patch with CVE-2022-46663
libtiff: patch for CVE-2023-0795(to 0799) and CVE-2023-0800(to 0804)
mariner-release: bump mariner-release to version 35
mstflint: Enable adb-generic-tools in mstflint build config
php: upgrade to 8.1.16 to fix CVE-2023-0568, CVE-2023-0662
python-werkzeug: patch CVE-2023-25577
telegraf: upgrade to 1.25.2 to fix several vendored CVEs
Updated Extended Packages
buildah: Fix runtime requirements.
Tooling changes
Bump golang.org/x/text from 0.3.7 to 0.3.8 in /toolkit/tools
Documentation for CGroup toggle in toolkit/docs/formats/imageconfig.md to generate Mariner images with cgroupv2
Ignored ccache directory.
Added an initial build pipeline for livepatches.
Fixed livepatch PR check.
Parse %check section when RUN_CHECK=y to add %check passing as a requirement
fix URL to mariner-nvidia.repo
add livepatch-5.15.87.1-1: CVEs: 2022-47929, 2023-0266, 2023-0394.
add livepatch-5.15.94.1-1
1.0.20230225
Install vmlinux with root executable permissions
Patch CVE 2023-0795 thru CVE-2023-0799 in libtiff
Patch binutils to address CVE-2022-4285
Patch curl to resolve CVE-2022-43552
Patch grub2 to address CVE-2022-3775
Patch helm to address CVE-2022-23524
Patch libconfuse to address CVE-2022-40320
Patch libksba patch for CVE-2022-3515
Patch libtiff to address CVE 2023-0800
Patch mariadb to address CVE-2022-47015
Patch pixman to address CVE-2022-44638
Patch python cryptography for CVE-2023-23931
Patch strongswan to address CVE-2022-40617
Patch syslog-ng to address CVE-2022-38725
Patch tmux to address CVE-2022-47016.
Patch unzip to address CVE-2021-4217
Update documentation to correct wget URL for mariner-nvidia.repo
Upgrade bind to 9.16.37 to fix CVE-2022-3736, CVE-2022-3094, CVE-2022-3924 -
Upgrade clamav to 0.103.8 CVE-2023-20032
Upgrade kernel to 5.10.168.1 version address CVE-2023-0266, CVE-2022-36280, CVE-2022-41218, CVE-2022-4139, CVE-2022-42328, CVE-2022-42329, CVE-2022-4662, CVE-2023-23559
Upgrade redis to 6.2.9 to fix CVE-2022-35977 and CVE-2023-22458
Upgrade sudo to 1.9.12p2 for CVE-2023-22809
2.0.20230218
New Core packages
openMpi
pytorch
smartmontools: Move from SPECS-EXTENDED to SPECS
maven3: package added without jdk bindings.
New Extended packages
elinks
libappstream-glib
libcmpiutil version 0.5.7
scotch version 6.1.2
squid v5.7
Modified packages
Cython: update to 0.29.33 to fix failing package tests
apr: upgrade to 1.7.2 to fix CVE-2022-24963
binutils: patch for CVE-2022-4285
cloud-hypervisor: update to v29.0
influx-cli-bash-completion: fix package conflict with bash-completion
k3s: update from v1.24.3 to v1.24.6
kernel: Disable INIT_ON_FREE Kernel config
kernel-mshv: update to v5.15.86
kubevirt: Add an upstream patch to SELinux issue
libtiff: patch for CVE-2022-48281
ltp: update to version 20230127.
mariadb: patch for CVE-2022-47015
maven: update to version 3.8.7
openldap: depend on cyrus-sasl
python-cryptography: patch CVE-2023-23931
qemu: Add, don't delete, romfiles when building for aarch64
redis: update to 6.2.9 for CVE-2022-35977 and CVE-2023-22458
skopeo: upgrade to 1.11.0 upgrade to latest
sudo: update to 1.9.12p2 to address CVE-2023-22809
tmux: patch for CVE-2022-47016
tpm2-tss: patch for CVE-2023-22745
Tooling changes
Fixed livepatch PR check.
Update workflows to use latest Ubuntu
docs: Make clearer how REPO_LIST is to be used
set disable_root true in cloud-init.cfg
2.0.20230208
Add 0001-cgroups-cpuset-fix-byte-order-while-parsing-cpuset-r.patch to moby-runc
Add Etcd, Coredns new spec: etcd-3.5.3 etcd-3.5.4 etcd-3.5.5 etcd-3.5.6 coredns-1.9.3 -
Add bsf package version 2.4.0
Add clutter package version 1.26.4
Add clutter-gst3 package version 3.0.27
Add clutter-gtk package version 1.8.4
Add cogl package version 1.22.8
Add cpulimit SPEC to Mariner
Add flux and influxdb2 packages to 2.0
Add grubenv file to iso_initrd_arm64.json
Add jansi package version 2.4.0
Add jline package version 2.14.6
Add libblockdev package version 2.28
Add luajit SPEC to Mariner
Add package libdeflate version 1.9
Add package libofa version 0.9.3
Add package liboggz version 1.1.1
Add python3-enchant to Mariner
Add subscription-manager package version 1.29.30
Add tclx package version 8.4.0
Add tix package version 8.4.3
Add vorbis-tools package version 1.4.2
Add wordnet package version 3.0
Add xapian-core package version 1.4.20
Disable systemd-oomd service & socket through 99-mariner.preset file
Enable building with cyrus-sasl.
Enable wireguard kernel module
Fix calamares bugs and update requires
Fix package tk install requires on tcl & tcl-devel
Fix whois package to take dependency on iana-etc. iana-etc provides /etc/services required by whois
Let openldap depend on cyrus-sasl
Pass pkgver to tar in mariabd src tar generation script
Patch CVE-2022-40897 in python3-setuptools
Patch CVE-2022-4304, CVE-2022-4450, CVE-2023-0215, CVE-2023-0286 in openssl
Patch util-linux to prevent cdrom probe on Azure VMs
Patched pkgconf to address CVE-2023-24056
Promote kernel-mshv and kernel-uvm to SPECS from extended
Promote libsmi from extended to core
Resolve CVE-2022-43551 in bundled curl in cmake
Switch to posix compliant invocation of test in mk file
Update apr-util to 1.6.3 for CVE-2022-25147
Update httpd to 2.4.55 for CVE-2022-36760
Upgrade Kernel to 5.15.92.1 for CVE-2023-0394, CVE-2022-1943, CVE-2022-4662, CVE-2022-41218, CVE-2022-42328, CVE-2022-42329,CVE-2022-47929, CVE-2023-0266, CVE-2023-0468, CVE-2023-23559
Upgrade golang to 1.19.5
Upgrade mysql to 8.0.32 CVE-2023-21879 CVE-2023-21875 CVE-2023-21877 CVE-2023-21876 CVE-2023-21878 CVE-2023-21883 CVE-2023-21881 CVE-2023-21880 CVE-2023-21882 CVE-2023-21887
Upgrade vim to 9.0.1247 to fix CVE-2023-0512 and CVE-2023-0433
1.0.20230208
Clear openvswitch CVE-2021-3905
Modify toolchain build sequence
Patch OpenSSL for CVE-2022-4304, CVE-2022-4450, CVE-2023-0215, CVE-2023-0286
Patch cmake for CVE-2022-43551
Patch dbus for CVE-2022-42010, CVE-2022-42011, CVE-2022-42012
Patch libtar for CVE-2021-33640
Patch libtiff for CVE-2022-48281
Patch mozjs60 to address CVE-2023-22895
Patch tpm2-tss for CVE-2023-22745
Upgrade apr-util to 1.6.3 for CVE-2022-25147
Upgrade etcd to 3.4.23 to address CVE-2022-3064
Upgrade git to 2.33.6 to address CVE-2022-23521 and CVE-2022-41903
Upgrade httpd to version 2.4.55 for CVE-2022-36760
Upgrade kernel to 5.10.167.1 version CVE-2023-23454 CVE-2023-23455 CVE-2023-0394 CVE-2022-47929 CVE-2022-41858
Upgrade vim to 9.0.1247 to fix CVE-2023-0512 and CVE-2023-0433