Skip to content

Releases: microsoft/azurelinux

1.0.20230518

25 May 06:23
@jslobodzian jslobodzian
1.0.20230518-1.0
49afcab
Compare
Choose a tag to compare
1.0.20230518

Add patch for CVE-2023-0795 in libtiff
Add toolchainrpms to protected directory list for docker-based builds
Patch fluent-bit to fix CVE-2021-46878 and CVE-2021-46879
Patch kernel to address CVE-2023-30772
Patch tdnf to Retry on Failed Connection During curl Calls
Path Kernel CVE-2023-0458
Renamed patch in nmap to correct format to resolve CVE-2018-25032
Update ncurses to version 6.4-20230408 to fix CVE-2023-29491
Updated Microsoft trusted root CAs. Release: April 2023 (2023-05-05)
Upgrade freetype to 2.13.0 Fix CVE-2023-2004
Upgrade git to 2.33.8 to address CVE-2023-25652 and CVE-2023-29007
Upgrade Kernel to version 5.10.179.1
Upgrade redis to 6.2.12 to fix CVE-2023-28856
Upgrade vim to 9.0.1562 to address CVE-2023-2609 & CVE-2023-2610 and CVE-2023-2426

Assets 2
Loading

1.0.20230427-1.0

03 May 20:13
@oliviacrain oliviacrain
1.0.20230427-1.0
2699d10
Compare
Choose a tag to compare
1.0.20230427-1.0

Add 3pm extension to perl, perl-File-Which, perl-File-HomeDir, and perl-List-MoreUtils man3 pages
Make python2 use system zlib to fix CVE-2018-25032
Make ccache use system zlib to fix CVE-2018-25032
Patch embedded zlib package within boost to fix CVE-2018-25032
Patch erlang for CVE-2018-25032
Patch nmap to fix CVE-2018-25032
Patch protobuf-c to fix CVE-2022-48468
Patch qt5-qtbase for CVE-2023-24607
Upgrade bundled njs version in nginx to 0.7.12 to fix CVE-2020-19692, CVE-2020-19695
Upgrade tcl to 8.6.13 to fix CVE-2018-25032
Upgrade kernel to version 5.10.177.1

Assets 2
Loading

2.0.20230426

03 May 21:02
@nicogbg nicogbg
2.0.20230426-2.0
1e10cc0
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
2.0.20230426

Add kata-containers-cc package
Adding XFS as a root filesystem type
Enable serial console for ISO installer
Fix CVE 2022 37601 on webpack loader-utils integrated with webpack
Fix CVE-2021-45985 on memcached and ntopng
Fix uninstallation of InfluxDB package
Patch CVE-2021-28235 for etcd packages
Patch CVE-2022-2989 in podman
Patch CVE-2022-3165 in qemu
Patch CVE-2023-25173 and CVE-2023-25153 for k3s
Patch embedded zlib package within boost to fix CVE 2018-25032
Upgrade bundled njs version in nginx to 0.7.12 to fix CVE-2020-19692, CVE-2020-19695
Upgrade bundled njs version in nginx to 0.7.12 to fix CVE-2020-19692, CVE-2020-19695
Upgrade k3s to 1.25.8 and 1.26.3
Upgrade k3s to v1.24.6 & add v1.25.5
Upgrade libyang to 2.1.55 to fix CVE-2023-26916
Upgrade moby-cli to 20.10.24
Upgrade moby-runc to 1.1.5 to fix CVE-2023-28642, CVE-2023-27561, CVE-2023-25809
Upgrade mysql to 8.0.33 address CVE-2023-21976, CVE-2023-21972, CVE-2023-21982, CVE-2023-21977, CVE-2023-21980
Upgrade nmap to version 7.93 to fix CVE-2018-25032
Upgrade tcl to 8.6.13 Fix CVE-2018-25032
Upgrade protobuf-c to 1.4.1 to fix CVE-2022-48468 -
Kernel upgrade to version 5.15.107.1
Add nodejs18.spec to support nodejs 18
clang-16 and llvm-16: add new SPECS
openssl: patch CVE-2023-0465 and CVE-2023-0466

Assets 2
Loading

2.0.20230407

16 Apr 04:36
@anphel31 anphel31
2.0.20230407-2.0
7f52f3d
Compare
Choose a tag to compare
2.0.20230407

New Core Packages
apache-commons-cli
apache-commons-lang3
apache-commons-logging
atinject
atop - promoted from extended to core
cal10n
dracut-megaraid
glassfish-servlet-api
google-guice
guava
htop - promoted from extended to core
javapackages-bootstrap
javassist
jsr-305
junit
maven-compiler-plugin
maven-jar-plugin
maven-resolver
maven-resources-plugin
maven-surefire
maven-wagon
plexus-cipher
plexus-classworlds
plexus-containers
plexus-interpolation
plexus-sec-dispatcher
plexus-utils
rabbitmq-server
sisu
slf4j
wireguard-tools version 1.0.20210914
xmvn

Updated Core Packages
Add missing runtime dependency to sos package
Enable CONFIG_NET_CLS_FLOWER as module
Enable loadable modules and -devel subpackage for kernel-uvm
Enable wireguard as kernel module
PyTorch: Fix CVE-2022-25882
R: fix build with curl >= 8.0.0
Updated Microsoft trusted root CAs. Release: February 2023 (2023-03-29)
Updated packages with a BR on libtiff.
build nginx with http_gzip_static_module
c-ares update to 1.19.0 to address CVE-2022-4904
ccache: update to 4.8
cert-manager - patch to address CVE-2023-25165 -
cloud-hypervisor: patch vendored versionize crate to fix CVE-2023-28448
cloud-init - address ptest failure
curl: bump version to 8.0.1 to address CVE-2023-27533 to CVE-2023-27538
dnsmasq: patch CVE-2023-28450
gnupg2: add correct version of libgpg-error-devel as BR
golang update to 1.19.7 to address CVE-2023-24532
golang: upgrade to 1.19.8 to address CVE-2023-24534, CVE-2023-24536, CVE-2023-24537, CVE-2023-24538
javapackages-boostrap - Fix CVE-2021-35516 and CVE-2021-35517 by upgrading common-compress to 1.21
kata-containers: integrate fix to reduce UVM memory consumption
kata-containers: update kata-osbuilder.sh signature
kdump initrd assembly + cosmetic fixes on kdumpctl
kernel-mshv: add back config
kernel-uvm: consume dom0 source
kernel-uvm: remove aarch64
libtiff - upgrade to 4.5.0 to fix CVE-2022-4645 -
maven3 - update to match maven changes
mlnx-ofa_kernel - update BuildRequires to use kernel 5.15.87.1
msft-golang: bump version to 1.19.7 to address CVE-2022-41722, CVE-2022-41724, CVE-2022-41725, CVE-2022-41723, CVE-2023-24532
msft-golang: upgrade to 1.19.8 to address CVE-2023-24534, CVE-2023-24536, CVE-2023-24537, CVE-2023-24538
nginx - build with ngx_http_realip_module
opa - update to 0.50.2
openssl 1.1.1k - atching CVE-2023-0464
rust: bump version to 1.68.2 to revoke leaked github keys
telegraf - update to 1.26.0 to fix CVE-2022-23471
tzdata - update to version 2023c.
xinetd - patch with CVE-2013-4342 fix

New Extended Packages
none

Updated Extended Packages
none

New Proprietary packages
none

Updated Proprietary Packages
kubernetes-1.23.12-4
kubernetes-1.23.15-4
kubernetes-1.24.6-4
kubernetes-1.24.9-4
kubernetes-1.25.4-4
kubernetes-1.25.5-4
kubernetes-1.26.0-2
kubernetes-1.26.3-2

Updated NVIDIA packages
cuda-525.85.12-2_5.15.102.1.3
nvidia-fabric-manager-525.85.12-1

Tooling changes
Added signing stage for livepatches pipeline.
Fix unattended iso flag handling
Move toolchain RPMs to a dedicated location in ./build/toolchain_rpms
Prioritize already cached RPMs before using online repos
Translate and update build flow diagram into mermaid diagram
Update CBL-Mariner build prerequisites
Update contribution guide to include more detailed instructions
Updated livepatch spec template to print more logs.
Update old go file formatting with go-tidy-all.

Assets 2
Loading

1.0.20230414

20 Apr 21:01
@oliviacrain oliviacrain
1.0.20230414-1.0
e96d12e
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
1.0.20230414

Disable root login by default in cloud-init configuration
Fix UNATTENDED_INSTALLER make argument when building ISO
Patch cloud-hypervisor for vendored CVE-2023-28448
Patch openssl to fix CVE-2023-0460, CVE-2023-0465, CVE-2023-0466
Patch systemd to fix CVE-2023-26604
Patch xinetd with CVE-2013-4342
Update c-ares to 1.19.0 To fix CVE-2022-4904
Update Microsoft trusted root CAs for February 2023 release (2023-03-29)
Update moby-runc to 1.1.5 to fix CVE-2023-28642, CVE-2023-27561, CVE-2023-25809
Update tzdata to version 2023c

Assets 2
Loading

1.0.20230330

07 Apr 05:17
@jslobodzian jslobodzian
1.0.20230330-1.0
073df86
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
1.0.20230330

Patch kernel for CVE-2022-1943 CVE-2022-3110, CVE-2022-3707 CVE-2023-0461, CVE-2023-1118 CVE-2023-22996, CVE-2023-22997, CVE-2023-23001, CVE-2023-23002, CVE-2023-23003, CVE-2023-23004, CVE-2023-23005, CVE-2023-23006
Upgrade mysql to 8.0.32 fix CVE-2023-21875 to CVE-2023-21887
Upgrade redis to 6.2.11 patch CVE-2022-36021
Upgrade vim to 9.0.1367 patch CVE-2023-1127
Upgrade vim to 9.0.1378 patch CVE-2023-1175
Upgrade Kernel to version 5.10.174.1
Patch heimdal for CVE-2022-45142
Upgrade curl to version 7.88.1 to address CVE-2023-23914, CVE-2023-23915, CVE-2023-23916
Patch dnsmasq CVE-2023-28450
Upgrade httpd to 2.4.56 to fix CVE-2023-27522, CVE-2023-25690
Patch perl-WWW-Curl to work around macro bug introduced by curl 7.88.1 upgrade
Upgrade sudo to 1.9.13p3 to fix CVE-2023-27320
Upgrade vim to 9.0.1402 Fix CVE-2023-1264

Assets 2
Loading

2.0.20230321

25 Mar 02:24
@PawelWMS PawelWMS
2.0.20230321-2.0
This tag was signed with the committer’s verified signature. The key has expired.
PawelWMS Pawel Winogrodzki
GPG key ID: 8595AEEF3559B0EF
Expired
Learn about vigilant mode.
66f8ef1
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
2.0.20230321

What's Changed

Added 13 python packages to extended.
Added 18 perl packages.
Added 9 packages to extended.
Added GeoIP-GeoLite-data package version 2018.06.
Added PostInstallScript entry, add note to extra cmdline.
Added a workaround for a breaking lint in rpm-ostree.
Added booth package version 1.0.
Added elixir package to Mariner to support rabbitmq.
Added freefont.
Added fstrm to extended.
Added geoclue2 package version 2.7.0.
Added libgovirt package version 0.3.9.
Added libindicator package version 12.10.1.
Added libxmlb package version 0.3.11.
Added netsniff-ng package version 0.6.8.
Added nopatches for kernel-hci: CVE-2022-41858, CVE-2023-0461, CVE-2023-0266, CVE-2022-4662, CVE-2022-47929, CVE-2023-22998, CVE-2022-42329, CVE-2022-4139, CVE-2023-1095, CVE-2022-47940, CVE-2023-22996, CVE-2022-41218, CVE-2023-0468, CVE-2023-23559, CVE-2022-1943, CVE-2023-26545, CVE-2022-2196, CVE-2022-42328, CVE-2023-22999, CVE-2023-0394.
Added pacemaker package version 2.1.5.
Added package advancecomp version 2.4.
Added package gdisk version 1.0.9.
Added package pykickstart version 3.36.
Added phodav package version 3.0.
Added python binding for gRPC (python3-grpcio) for aarch64.
Added python-beautifulsoup4 package version 4.11.2.
Added python-oslo-i18n package version 5.1.0.
Added python-stestr package version 3.2.0.
Added python-webtest package version 3.0.0.
Change source0 for python-msal & python-msrestazure.
Fixed python-cherrypy ptest.
Fixed the TestRPM-HydratedBuild pipeline to not report a toolchain error if allowToolchainRebuilds is true.
Kernel upgrade to version 5.15.102.1.
Nopatch kernel for CVE-2023-22998, CVE-2023-26545, CVE-2023-22999, CVE-2023-22996, CVE-2023-1095, CVE-2023-23001, CVE-2023-23002, CVE-2022-2196, CVE-2023-0461, CVE-2023-1118, CVE-2023-23004.
Parched python-werkzeug's CVE-2023-23934.
Patched emacs to fix CVE-2022-48337, CVE-2022-48338, CVE-2022-48339, CVE-2023-27986, CVE-2023-27985.
Patched gnutls' CVE-2023-0361.
Patched heimdal's CVE-2022-45142.
Patched moby-engine's CVE-2023-25153.
Patched perl-WWW-Curl to work around macro bug.
Patched systemd-bootstrap's CVE-2022-4415.
Patched vendor package hyper in rpm-ostree to fix CVE-2022-31394.
Removed k3s v1.23.8.
Updated bootstrap toolchain.
Updated selinux-policy refpolicy to 2.20221101.
Updated sources paths for ca-certificates.
Updated sudo to 1.9.13p3 to fix CVE-2023-27320.
Upgrade curl to 7.88.1.
Upgraded dnsmasq to 2.89 fix CVE-2021-45951, CVE-2021-45952, CVE-2021-45953, CVE-2021-45955, CVE-2021-45956, CVE-2021-45957, CVE-2022-0934.
Upgraded emacs to 28.2 fix CVE-2022-48338, CVE-2022-48339 -.
Upgraded gnupg2 to v2.4.0 to address CVE-2022-3515.
Upgraded golang to 1.19.6 Address CVE-2022-41722, CVE-2022-41724, CVE-2022-41725, CVE-2022-41723.
Upgraded httpd to 2.4.56.
Upgraded libgit2 to 1.4.5 none.
Upgraded moby-containerd to 1.6.18 to fix CVE-2023-25173, CVE-2023-25153.
Upgraded nodejs to 16.19.1 to fix CVE-2023-23936 -.
Upgraded redis to 6.2.11 to fix CVE-2022-36021, CVE-2023-25155.
Upgraded rust to 1.68.0, address some vendoring issues and promote libgit2 to core.
Upgraded vim to 9.0.1367 to fix CVE-2023-1127.
Upgraded vim to 9.0.1378 to fix CVE-2023-1175.
Upgraded vim to 9.0.1402 fix CVE-2023-1355, CVE-2023-1264.

New Contributors

Full Changelog: 2.0.20230303-2.0...2.0.20230321-2.0

Contributors

rakshaa2000
Assets 2
Loading

1.0.20230308

15 Mar 17:31
@jslobodzian jslobodzian
1.0.20230308-1.0
847aa9b
Compare
Choose a tag to compare
1.0.20230308

Patch gnutls to fix CVE-2023-0361
Patch python2 to address CVE-2023-24329
Patch moby-containerd to fix CVE-2023-25153
Patch helm to fix CVE-2023-25165
Patch moby-containerd to fix CVE-2023-25173
Patch kernel for CVE-2022-2196, CVE-2023-26545, CVE-2023-22998, CVE-2023-22999, CVE-2023-1095
Skip pwd-long tests from coreutils which is failing in chroot
Upgrade git to 2.33.7 fix CVE-2023-22490, CVE-2023-23946
Upgrade libtiff to 4.5.0 to fix CVE-2023-0804
Upgrade moby-containerd to 1.6.18 to fix CVE-2023-25173, CVE-2023-25153
Upgrade Kernel to version 5.10.172.1
Upgrade harfbuzz version in 1.0 to fix CVE-2023-25193

Assets 2
Loading

2.0.20230303

09 Mar 01:39
@anphel31 anphel31
2.0.20230303-2.0
c39cab1
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
2.0.20230303

New Core Packages
authbind: add package 2.1.2
geos: add package v3.11.1
prometheus-adapter: moved to core packages from extended

New Extended Packages
bolt: Add package version 0.9.2
crypto-policies: add package version 20200619
dleyna-connector-dbus: add package version 0.3.0
dleyna-core: add package version 0.6.0
foomatic: add package 4.0.13
foomatic-db: add package 4.0.69
frr: add package version 8.4.2
gssdp: add package version 1.6.2
gupnp: add package version 1.6.3
gupnp-dlna: add package version 0.12.0
gupnp-igd: add package version 1.2.0
libgdither: Add package version 0.6
mksh: add package v59c
opal: add package version 3.10.11
openrdate: add package version 1.2
ptlib: add package version 2.10.11
rcs: add package version 5.10.1
rubygem-bson
rubygem-diff-lcs
rubygem-flexmock
rubygem-maruku
rubygem-mysql2
rubygem-rspec-expectations
rubygem-rspec-mocks
rubygem-rspec-support
rubygem-thread_order
udisks2: add package version 2.9.4

Updated Core Packages
blobfuse2: upgrade to 2.0.2
ca-certificates: Added new Microsoft-owned root CAs to the base set of trusted CAs.
clamav: upgrade to 0.105.2 CVE-2023-20032 CVE-2023-20052
cloud-init: upgrade to 22.4
erlang: upgrade to version 25.2 to support rabbitmq
fluent-bit: upgrade to 2.0.9
harbuzz: patch CVE-2023-25193
helm: patch for CVE-2023-25165
initramfs: Only conditionally move kernel-mshv initrd if it exists
kernel: upgrade to 5.15.94.1 version
kernel: Install vmlinux with root executable permissions
kernel-azure: Install vmlinux with root executable permissions
kernel-hci: Add QinQ patches
kernel-hci: Install vmlinux with root executable permissions
kernel-mshv: Install vmlinux with root executable permissions
kernel-mshv: bump to 5.15.92.mshv1 to match lsg release v2302.8.1
kernel-uvm: enable Hyper-V enlightenments
less: patch with CVE-2022-46663
libtiff: patch for CVE-2023-0795(to 0799) and CVE-2023-0800(to 0804)
mariner-release: bump mariner-release to version 35
mstflint: Enable adb-generic-tools in mstflint build config
php: upgrade to 8.1.16 to fix CVE-2023-0568, CVE-2023-0662
python-werkzeug: patch CVE-2023-25577
telegraf: upgrade to 1.25.2 to fix several vendored CVEs

Updated Extended Packages
buildah: Fix runtime requirements.

Tooling changes
Bump golang.org/x/text from 0.3.7 to 0.3.8 in /toolkit/tools
Documentation for CGroup toggle in toolkit/docs/formats/imageconfig.md to generate Mariner images with cgroupv2
Ignored ccache directory.
Added an initial build pipeline for livepatches.
Fixed livepatch PR check.
Parse %check section when RUN_CHECK=y to add %check passing as a requirement
fix URL to mariner-nvidia.repo
add livepatch-5.15.87.1-1: CVEs: 2022-47929, 2023-0266, 2023-0394.
add livepatch-5.15.94.1-1

Assets 2
Loading

1.0.20230225

02 Mar 03:53
@jslobodzian jslobodzian
1.0.20230225-1.0
534dfba
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
1.0.20230225

Install vmlinux with root executable permissions
Patch CVE 2023-0795 thru CVE-2023-0799 in libtiff
Patch binutils to address CVE-2022-4285
Patch curl to resolve CVE-2022-43552
Patch grub2 to address CVE-2022-3775
Patch helm to address CVE-2022-23524
Patch libconfuse to address CVE-2022-40320
Patch libksba patch for CVE-2022-3515
Patch libtiff to address CVE 2023-0800
Patch mariadb to address CVE-2022-47015
Patch pixman to address CVE-2022-44638
Patch python cryptography for CVE-2023-23931
Patch strongswan to address CVE-2022-40617
Patch syslog-ng to address CVE-2022-38725
Patch tmux to address CVE-2022-47016.
Patch unzip to address CVE-2021-4217
Update documentation to correct wget URL for mariner-nvidia.repo
Upgrade bind to 9.16.37 to fix CVE-2022-3736, CVE-2022-3094, CVE-2022-3924 -
Upgrade clamav to 0.103.8 CVE-2023-20032
Upgrade kernel to 5.10.168.1 version address CVE-2023-0266, CVE-2022-36280, CVE-2022-41218, CVE-2022-4139, CVE-2022-42328, CVE-2022-42329, CVE-2022-4662, CVE-2023-23559
Upgrade redis to 6.2.9 to fix CVE-2022-35977 and CVE-2023-22458
Upgrade sudo to 1.9.12p2 for CVE-2023-22809

Assets 2
Loading