Releases: microsoft/azurelinux
1.0.20230106-1.0
Patch grub2 to fix CVE-2022-2601
Patch helm to fix CVE fix CVE-2022-23525 and CVE-2022-23526
Patch kernel to fix CVE-2022-3545 CVE-2022-47518 CVE-2022-47519 CVE-2022-47520 CVE-2022-47521 and CVE-2022-45934
Patch libksba to fix CVE-2022-47629
Patch python-setuptools to fix CVE-2022-40897
Patch qemu-kvm to fix CVE-2021-4207 and CVE-2022-3872
Upgrade kernel to 5.10.161.1
2.0.20221222
Add -nv --no-clobber to toolchain wget
Add a comment to ensure scan vendors are contacted before any rpm que…
Add compiler-rt package for clang options like code coverage to work
Add config to create qcow image
Add iwd package version 1.22
Add lensfun package version 0.3.2
Add libnetfilter_log SPEC to Mariner
Add package suitesparse version 5.4.0
Add patch to sqlite to resolve CVE-2022-46908
Add toolkit ccache support with USE_CCACHE
Added selinux-policy macros to fix openvswitch-selinux-policy installation.
Added the Linux Test Project kernel testing tools.
Adding in the hwdata and gawk dependencies
Backport upstream fix in containerd to add ptrace readby and tracedby to default AppArmor profile
Change "demo" to "tutorial" wording changes (CBL-MarinerDemo Repo renamed to CBL-MarinerTutorials)
Clear Kernel CVE-1999-0656 and CVE-2007-4998
Corrected typo in building instructions
Enable Generic Target Core Mod in kernel
Enable hibernation in kernel
Enable transparent hugepage for kernel-mshv
Extended Boost with the boost_stacktrace_backtrace library.
Fix CVE-2022-41880 and CVE-2022-41900: Update TensorFlow to 2.11.0
Fix apache-commons-compress package install failure due to missing runtime dependency
Fix certain failing python tests by specifying explicity tox version (packages cannot use tox 4.0.0+)
Fix generation 2 boot order during iso installation
Fix nodejs SPEC file to reference artistic 2.0 license
Fix rubygem-bundler provides with obsoletes
Gate systemd's preset-all so it runs only on first install
Improved ltp package clean-up.
Mitigate CVE-2022-4144 by avoiding buffer overrun in qxl_phys2virt
Moving php-pear to core & adding php-pecl-zip
Patch QEMU to fix CVE-2022-3872
Patch curl to resolve CVE-2022-43551 and CVE-2022-43552
Patch emacs for CVE-2022-45939
Patch golang to resolve CVE-2022-41717
Patch helm to address CVE-2022-23525 and CVE-2022-23526
Patch libconfuse for CVE-2022-40320
Patch python3 for CVE-2022-37454
Patch python3 for CVE-2022-42919
Patch python3 for CVE-2022-45061
Patch systemd to address CVE-2022-45873
Patched llvm to fix periodic crashes during DWARF finalization
Reduce initrd image size in Mariner 2.0
Removed libbacktrace.a from the default gcc package.
Update CH to v28.0, kernel-mshv to v5.15.80
Update TensorFlow correct package name
Update heimdal for CVE-2022-41916
Update k3s vendor tarball with the corrected versions of the dependencies
Update strongswan for CVE-2022-40617
Updated Microsoft trusted root CAs. Release: October 2022 (2022-12-05).
Upgrade Blobfuse2 to 2.0.1
Upgrade Kernel to 5.15.82.1 to fix CVE-2022-1204, CVE-2022-2785, CVE-2022-3104 CVE-2022-3105 CVE-2022-3106 CVE-2022-3107 CVE-2022-3108 CVE-2022-3110 CVE-2022-3111 CVE-2022-3112 CVE-2022-3113 CVE-2022-3115, CVE-2022-3344, CVE-2022-3586, CVE-2022-3595, CVE-2022-3910, CVE-2022-4127, CVE-2022-40768, CVE-2022-41849, CVE-2022-41850, CVE-2022-43945, CVE-2022-45869,
Upgrade bazel to version 5.3.2
Upgrade moby-containerd to 1.6.12 to fix CVE-2022-23471
Upgrade nodejs to version 16.18.1 to fix CVE-2022-43548
Upgrade ruby to version 3.1.3 to resolve CVE-2021-33621
Note on Rubygem-bundler w/tdnf:
"tdnf install ruby rubygem-bundler" will complain that ruby obsoletes the rubygem and won't install even though the provides are the same and the version is a strict upgrade.
"tdnf install rubygem-bundler" will install old ruby + the gem, then "tdnf update ruby" will correctly swap to the new one and obsolete the gem. DNF handles this situation correctly, but TDNF does not.
1.0.20221220
Add ephemeral disk warning to WALinuxAgent
Fixed updating from ca-certificates-microsoft to ca-certificates.
Patch glib to fix CVE-2021-3800.
Patch gnutls to fix CVE-2022-2509
Patch golang to fix CVE-2022-41717.
Patch moby-containerd for CVE-2022-23471.
Patch rsync to fix cve CVE-2022-29154
Removed TDNF's dependency on RPM.
Revert apparmor disable change
Updated Microsoft trusted root CAs. Release: October 2022 (2022-12-05).
Upgrade kenrl to 5.10.158.1 to fix CVE-2022-3104 CVE-2022-3105 CVE-2022-3106 CVE-2022-3107 CVE-2022-3111 CVE-2022-3112 CVE-2022-3113 CVE-2022-3115
Upgrade nodejs to version 14.21.1 to fix CVE-2022-3602_CVE-2022-3786_CVE-2022-43548
patch python3 to fix CVE-2022-37454
patch unbound to fix CVE-2022-3204
2.0.20221215
Add nodejs reference to artistic-2.0 license
Enable hibernation in kernel
Patch kernel for CVE-2022-45869, CVE-2022-1204, CVE-2022-2785, CVE-2022-3586, CVE-2022-3595, CVE-2022-3910, CVE-2022-40768, CVE-2022-4127, CVE-2022-41849, CVE-2022-41850, CVE-2022-43945, CVE-2022-3344
Patch kernel-hci for CVE-2022-40768, CVE-2022-41850, CVE-2022-2785, CVE-2022-41849, CVE-2022-43945, CVE-2022-3595, CVE-2022-3910, CVE-2022-3344, CVE-2022-4127, CVE-2022-1204, CVE-2022-3586
Patch python3 to fix CVE-2022-37454, CVE-2022-42919, CVE-2022-45061
Patch to sqlite to resolve CVE-2022-46908
Update the k3s vendor tarball with the corrected versions of the dependencies
Upgrade TensorFlow to version 2.11.0 to fix CVE-2022-41880 and CVE-2022-41900
Upgrade kernel to version 5.15.82.1
Upgrade nodejs to version 16.18.1 to fix CVE-2022-43548
2.0.20221203
Add %{dist} macro to mariner-rpm-macros
Add ORBit2 version 2.14.19
Add Tensorflow
Add adcli package version 0.9.2
Add ephemeral-disk-warning.service
Add execute permissions for grpc's generate_source_tarball.sh
Add grubenv file and standard modification ability to mariner
Add kernel-hci-drivers-gpu
Add kernel-hci-signed
Add package xmlrpc-c version 1.54.06
Add prebuilt-ca-certificates and tzdata to 2.0 distroless minimal container
Add python-flatbuffers
Add python-gast
Add python-google-pasta
Add python-h5py package
Add python-libclang
Add python-opt-einsum
Add python-termcolor package
Add python-typing-extensions
Add python3-grpcio
Enable http2 support
Enable modules for TCP Congestion Algorithms
Increase Marketplace image size to 5GB
Livepatched CVE-2022-3543 in kernel 5.15.77.1-1.cm2.
NoPatch kernel to fix CVE-2022-3594, CVE-2022-3542
Nopatch kernel to address CVE-2022-3543
Patch libarchive to fix CVE-2022-36227
Patch libtiff to fix CVE-2022-3597, CVE-2022-3626, CVE-2022-3627, CVE-2022-3599, CVE-2022-3970
Patch libtomcrypt to fix CVE-2019-17362.
Patch mutt to fix CVE-2021-32055
Patch openblas for numpy
Patch openslp to fix CVE-2016-7567, CVE-2017-17833, and CVE-2019-5544.
Patch systemd to fix CVE-2022-3821
Remove deprecated APIs from Python RPM macros.
Remove explicit 'initrd' target from Mariner's toolkit.
Remove incorrect systemd operation
Split out rust-doc subpackage from Rust.
Update Blobfuse2 version to 2.0.0
Update gRPC python package to make it exclusive to AMD64
Update reference in cglib for objectweb-asm to fix runtime dependency
Update toolchain to build coreutils and findutils after libselinux.
Update toolkit's package resolution to accept installed packages.
Update tzdata to version 2022g.
Upgrade Kernel to 5.15.80.1 version to fix CVE-2022-3521, CVE-2022-3542, CVE-2022-3594, CVE-2022-3543
Upgrade bind to version 9.16.33 to fix CVE-2022-2795, CVE-2022-3080
Upgrade cloud-hypervisor to version 27.0.60
Upgrade cython to version 0.29.32 for numpy
Upgrade kata to version 3.0.0
Upgrade kernel-mshv to version 5.15.72
Upgrade libntlm to version 1.6 to fix CVE-2019-17455.
Upgrade libxml2 to version 2.10.3 to fix CVE-2022-40303
Upgrade ntfs-3g to version 2022.10.3 to fix CVE-2022-40284
Upgrade numpy to version 1.23.4
Upgrade php to version 8.1.12 to fix CVE-2022-37454
Upgrade pixman to version 0.42.2 to fix CVE-2022-44638
Upgrade screen to 4.9.0 to fix CVE-2021-26937
Upgrade sudo to version 1.9.12p1 to fix CVE-2022-43995
Upgrade sysstat to version 12.7.1 to fix CVE-2022-39377
Upgrade vim to version 9.0.0982 to fix CVE-2022-4141
1.0.20221202
Patch libarchive for CVE-2022-36227
Patch libxml2 for CVE-2022-40303 and CVE-2022-40304
Patch systemd to fix CVE-2022-3821
Update tzdata to version 2022g.
Upgrade kernel to 5.10.155.1 version to fix CVE-2022-40768 and CVE-2021-4037.
Upgrade vim to version 9.0.0982 to fix CVE-2022-4141
2.0.20221122-2.0
What's Changed
Add kernel-hci-drivers-gpu package
Enable modules for TCP Congestion Algorithms
Patch libtiff to fix CVE-2022-3597, CVE-2022-3626, CVE-2022-3627, CVE-2022-3599, CVE-2022-3970
Update toolkit's package resolution to accept installed packages
Upgrade kernel to version 5.15.79.1 to fix CVE-2022-3594, CVE-2022-3542, CVE-2022-3543
Upgrade sudo to version 1.9.12p1
Full Changelog: 2.0.20221110-2.0...2.0.20221122-2.0
1.0.20221119
What's Changed
Added prebuilt-ca-certificates and tzdata to the distroless minimal container.
Disabled running apparmor LSM at boot time.
Fixed python-twisted binaries conflicts.
Fixed package tests: python-execnet, python-six.
Mitigated CVE-2020-35505 by disabling qemu emulation for am53c974 devices.
Patched libtiff to fix CVE-2022-3597, CVE-2022-3598, CVE-2022-3599, CVE-2022-3626, and CVE-2022-3627.
Patched libtiff to fix CVE-2022-3970.
Patched sqlite to fix CVE-2022-35737.
Updated sudo to version 1.9.12p1 to fix CVE-2022-43995.
Updated sysstat to nopatch CVE-2022-39377.
Updated tzdata to version 2022f.
Upgrade bind to version 9.16.33.
Upgraded curl to version 7.86.0 to fix CVE-2022-42915.
Upgraded golang to 1.18.8 to fix CVE-2022-2879, CVE-2022-2880, CVE-2022-41715, CVE-2022-27664, CVE-2022-32190.
Upgraded httpd to version 2.4.54 to fix CVE-2022-28615 and CVE-2022-31813.
Upgraded kernel to version 5.10.153.1 to address: CVE-2022-3521, CVE-2022-3542, CVE-2022-3586, CVE-2022-3594, CVE-2022-41850, CVE-2022-43750.
Upgraded mysql to version 8.0.31 to fix 20 CVEs.
Upgraded python3-twisted to 22.10.0 to fix CVE-2022-39348.
Upgrades vim to version 9.0.0805 to fix CVE-2022-3705.
Full Changelog: 1.0.20221028-1.0...1.0.20221119-1.0
2.0.20221110
Add package glog version 0.3.5
Add patch to fix CVE-2022-39379 in rubygem-fluentd
Fix conntrack-tools service default configuration to prevent startup failures
Fix typo in CVE-2018-1000097 patch filename in sharutils to ensure detection by CVE tooling
Fix printing built RPMs from spec files
Freezing pytest deps in python-into-dbus-python
Upgrade tzdata to version 2022f
Updated rust test deps to include glibc-static
Upgrade blobfuse2 to preview 4
Upgrade golang to 1.18.8 to fix CVE-2022-2879, CVE-2022-2880, CVE-2022-41715, CVE-2022-27664, CVE-2022-32190
Upgrade bazel to version 4.2.3 to fix CVE-2022-3474
Upgrade helm to version 3.9.4 to fix CVE-2022-36055, CVE-2022-36049
Upgrade vim to version 9.0.0805 to fix CVE-2022-3705
Upgrade Kernel to version 5.15.77.1
Upgrade curl to version 7.86.0
Upgrade httpd to version 2.4.54
Upgrade python-twisted to version 22.10.0
Remove libc dependency from toolkit (CGO_ENABLED=0)
2.0.20221029
Add Instruction to filter gpg-pubkey from rpm cmd's output.
Add Microsoft GPG keys to installer env
Add cairomm package version 1.12.0
Add cpptest package version 1.1.2
Add dbus package provides for dbus-x11 & drop metapackage
Add github check-in action to warn about bumping package versions dependent on glibc-static
Add k-exec-tools to marketplace image
Add kernel-drivers-gpu package
Add krb5.conf to resolve pam_krb5 ptest failure
Add libcroco package version 0.6.13
Add libyang2 to mariner SPECs
Add logrotate conf entry for rsyslog to prevent logs growing too large
Add obsoletes between qemu-common, qemu-virtiofsd
Add python package python-google-auth-oauthlib and move its extended dependencies to the core
Add sgx-backwards-compatability package to marketplace images
Adding sriov-network-device-plugin spec file
Automatic upgrade of tzdata to 2022e
Bump toolkit/tools' cgmanifest.json's listing for ulikunitz/xz to v0.5.10 to match the go.mod version.
Clear libtar CVE-2021-33644 and CVE-2021-33646 (both fixed by earlier patch file)
Create missing systemd accounts
Enable modules for TCP Congestion Algorithms
Fix 4 Python ptests to use a set version of pytest.
Fix 4 rubygem-* packages to obsolete older versions of ruby.
Fix SPEC file import information from CentOS as MIT
Fix perl-CGI, python-pytest-benchmark, and python-requests tests.
Fix chroot cleanup scripts
Fix cloud-init mariner variant not set properly
Fix gpg key import in worker chroot
Fix manifest checks with RPM 4.18
Fix python crypt to work with FIPS
Fix rsyslog.logrotate signature
Fix subsequent Make iso calls from failing (handle space parsing)
Fix tooling to rebuild worker chroot rpm db only when necessary
Fix unbound CVE
Mitigated attended installation regression
Move wireless-regdb and iw to Mariner core repo to resolve failure to load regulatory.db
Patch aspell to fix CVE-2019-25051
Patch libtiff to fix CVE-2022-3570
Patch redis to fix CVE-2022-3647
Patched CVE-2022-34918 with livepatch-5.15.48.1-4.cm2.
Remove 'ming' from SPECS-EXTENDED
Remove autodetected Go modules in toolkit/tools/cgmanifest.json
Update documentation with 2.0 related information and misc. fixes
Update kernel-rt config to build with new glibc
Update maven.spec to use macro instead of hard-coded source URL.
Updated rpmops.sh: added a '/bin/sh' check.
Updated livepatch macros and template to preserve signatures.
Upgrade 'libtasn1' to 4.19.0 to fix CVE-2021-46848.
Upgrade PHP to verion 8.1.11 and promote from SPECS-EXTENDED to SPECS
Upgrade nodejs to version 16.17.1 to fix CVE-2022-32213.
Upgrade cassandra version to 4.0.7
Upgrade dbus to version 1.15.2 to fix CVE-2022-42010,CVE-2022-42011,CVE-2022-42012
Upgrade expat to version 2.5.0 to fix CVE-2022-43680
Upgrade kernel to version 5.15.74.1 to fix CVE-2022-3541, CVE-2022-3544, CVE-2022-41674, CVE-2022-42719, CVE-2022-42703, CVE-2022-42719, CVE-2022-42720, CVE-2022-42721, CVE-2022-42722
Upgrade mod_wsgi to version 4.9.3 to fix CVE-2022-2255
Upgrade mysql to version 8.0.31 to fix CVE-2022-21592,CVE-2022-21594,CVE-2022-21599,CVE-2022-21604,CVE-2022-21608,CVE-2022-21611,CVE-2022-21617,CVE-2022-21625,CVE-2022-21632,CVE-2022-21633,CVE-2022-21635,CVE-2022-21637,CVE-2022-21638,CVE-2022-21640,CVE-2022-21641,CVE-2022-39400,CVE-2022-39402,CVE-2022-39403,CVE-2022-39408,CVE-2022-39410
Upgrade terraform to version 1.32.2 to CVE-2021-36230
Upgrade tidy to 5.8.0
Upgrade wireshark to version 3.4.16 to fix CVE-2022-3190
Upgraded nginx to version 1.22.1 to fix CVE-2022-3638