Releases: microsoft/azurelinux
2.0.20230904
Add Azure Marketplace Gen1 and Gen2 FIPS definition
Add better backoff, semaphore to packer
Add cfitsio package to SPECS-EXTENDED
Add libgta package to SPECS-EXTENDED
Add new EnableFIPS image configuration option
Add ogdi package to SPECS-EXTENDED
Add otel_ngx_module subpackage to nginx
Add package blosc to SPECS-EXTENDED
Add package liblerc to SPECS-EXTENDED
Add package qt5-qtserialport to SPECS-EXTENDED
Add package shapelib to SPECS-EXTENDED
Add package uriparser to SPECS-EXTENDED
Add simple pre-cache downloader
Add workflow to automatically cherry-pick commits to development branches
Adds package CharLS to SPECS-EXTENDED
Clear CVE-2023-3439 as mctp is not enabled in CBL-Mariner
Clear kernel CVE-2022-0850, CVE-2023-2007, CVE-2023-4385, CVE-2023-4387, CVE-2023-4389, CVE-2023-4459, CVE-2023-32247, CVE-2023-40283
Conditionally load kernel-mshv variables in grub if they are installed.
Disabled CCache for quick rebuilds.
Disabled missing ptest dependencies for 7 extended specs.
Don't pass toolchain Manifest to grapher and clean-workplan depend on clean-grapher-cache-worker
Enable cloud-init-output.log availability on the serial console
Enabled PR checks for the fast-track branches.
Fix httpd.conf log location incorrect
Fix parsing of releases containing '_'
Fix retry backoff sleep non-determinism
Fixed image build issues with packages lacking tests.
Fixed tarball generations for incremental toolchain builds.
Grapher resolves cyclic dependencies from remote repos
Limit cascading rebuilds in the scheduler
Limit running setfacl to package builds
Mitigate build failures in SPECS-EXTENDED during tests.
Patch CVE-2022-47022 in hwloc
Patch QEMU to fix CVE-2022-36648
Patch clamac to fix CVE-2022-48579
Patch etcd and bump fuzzing for CVE-2023-32082
Patch guava for CVE-2020-8908
Patch heimdal to fix CVE-2022-42898
Patch json-c to fix CVE-2021-32292
Patch libreswan to fix CVE-2023-38710, CVE-2023-38711, CVE-2023-38712
Patch mod_auth_mellon to address CVE-2021-3639
Patch rust for CVE-2023-3817
Rebuild qt5-qtsvg with qt5-qtbase fix for CVE-2023-37369
Remove dst file on failed network download
Skipping test node creation for duplicate nodes.
Strip epoch on packages that use it in pre-cache
Update toolkit dependencies to require acl
Update toolkit pre-cacher to use new timeout backoff
Update toolkit specreader tool to run in parallel with graphpkgfetcher tool.
Update toolkit to add vim & git tools in the containerized build env to improve dev experience
Update toolkit to generate image_pkg_manifest.json with image builds
Update toolkit to honor alternate $SPECS_DIR instead of hard-coding
Update wget to use TLSv1_2 and fix cgmanifest check
Upgrade gopkg.in/yaml.v3 to 3.0.0 to address CVE-2022-28948
Upgrade nvidia-container-toolkit, nvidia-container-runtime and libnvidia-container
Upgrade php to 8.1.22 to fix CVE-2023-3824
Upgrade telegraf release to rebuild with go 1.20.7
Upgrade xfsprogs to version 5.15 to match kernel version
2.0.20230823
Add new package xerces-c v3.2.4
Add package proj version 9.2.1
Add patch for cloud-init TestGetInterfaces mock test failure
Added package python-pyrpm with the pyrpm module
Added tool name to printed logs.
Clarified handling of rich dependencies and unified package string parsing.
Configure with nginx --with-stream_ssl_module to enable support for stream proxy server with SSL/TLS
Fixed ipset systemd unit file pointing to a non-existent service file.
Fixed image build issues with packages lacking tests.
Patch krb5 to address CVE-2023-36054
Patch msft-golang 1.19.12 to fix CVE-2023-39533
Patch openssl to fix CVE-2023-3817 and CVE-2023-2650
Patch plexus-archiver to fix CVE-2023-36617.
Patch xorg-x11-server to fix CVE-2023-1594
Remove openssl from reaper source package to clear CVE-2023-0286.
Resolved cyclic ptest dependencies
Update docs to add acl as an install prerequisite
Update ruby default uri to 0.12.2 and bundled uri to 0.10.3 and fix CVE-2023-36617
Upgrade haproxy to 2.4.24 to fix CVE-2023-40225
Upgrade golang to 1.20.7 to address CVE-2023-29409.
Upgrade moby-cli to 20.10.25 to accomodate golang CVE fix for CVE-2023-29406
Upgrade moby-engine to 20.10.25 to accomodate golang CVE fix for CVE-2023-29406
Upgrade moby-containerd to 1.6.22 to accomodate golang CVE fix for CVE-2023-29406
Upgrade moby-runc to 1.1.9 to accomodate golang CVE fix for CVE-2023-29406
Upgrade kernel to 5.15.126.1 to fix CVE-2023-1206, CVE-2023-2860, CVE-2023-3567, CVE-2023-3812, CVE-2023-3896, CVE-2023-4004, CVE-2023-4128, CVE-2023-4132, CVE-2023-4147, CVE-2023-4194 and CVE-2023-32248
Upgrade rubygem-protocol-http1 to v0.15.1
2.0.20230811-2.0
Add hard check on go version
Add lld16 package
Add opentelemetry-cpp package
Add python-cstruct package
Add requires for glibc-debuginfo to valgrind spec
Build nbd kernel module for AMD64
Extend AdditionalFiles config
Patch python-certifi package to fix CVE-2023-37920.
Refactor randomization to have const input strings
Restored the 'cache' subdirectory in tooling's internal build artifacts.
Update kernel-hci config to enable DM multipath Kernel configurations.
Updated package building pipeline templates to support external repos.
Upgrade kernel to version 5.15.125.1
Upgrade package curl to version 8.2.1 to address CVE-2023-32001
Upgrade package telegraf to version 1.27.3
Use sparse raw image as intermediate build image
1.0.20230811
Fix openssh CVE-2023-38408
Upgrade kernel to 5.10.189.1 to fix CVE-2022-3606, CVE-2022-3533 , CVE-2023-1295, CVE-2023-32250, CVE-2023-3776, CVE-2023-3609, CVE-2023-3610, CVE-2023-3611, CVE-2023-3863, CVE-2023-32254, CVE-2023-38409 ,2023-38426, CVE-2023-38427, CVE-2023-38428, CVE-2023-38429, CVE-2023-38430, CVE-2023-38431, CVE-2023-38432 CVE-2022-45884, and CVE-2022-45886
Patch CVE-2023-2828 in bind
Upgrade nodejs to 14.21.3 to fix CVE-2023-23918, CVE-2023-23919, CVE-2023-23920
2.0.20230805
Note that the Toolkit build now requires golang 1.19
Add Readme for containerized-rpmbuild
Add containerized rpmbuild to toolkit
Add dnf5
Add net/mlx5 patch (27) to kernel-hci and switch warn message to debug
Add new package libtraceevent v1.7.2
Add protobuf check section
Add shortest path print of unsolvable nodes when using trace level logging
Address hyperv-daemons cves
Adds c++ support in gmp-devel sub-package
Configure nginx with --with-compat to enable dynamic modules compatibility
Disabled extended ACLs for the build directory.
Disabled extended ACLs for whole projects.
Fix a bug in applying earlier patches in dhcp
Fixing 'ob_artifactBaseName'.
Patch CVE-2023-2828 in bind
Patch qt5-qtbase to address CVE-2023-33285, CVE-2023-37369, CVE-2023-38197
Patch reaper for CVE-2018-11694
Patch rpm-ostree to fix CVE-2022-47085
Promote opencsd to SPECS
Promote rlwrap to SPECS
Remove .bazelversion file to fix issue building keras, python-tensorboard, and tensorflow.
Removing prometheus from prometheus-adapter and making separate *-docs packages
Restored "Enable the graphpkgfetcher to pull build nodes from upstream repos if available V2"
Restored "Filter implicit run nodes before passing to collapse.
Set mariadb to explicitly use system's openSSL, PCRE, and zlib.
Switch rpm package building to use to zstd compression level 7
Tweak behavior of kernel-mshv initrd; let it remain in /boot.
Update blobfuse2 to 2.0.5
Update delta paths prior to implicit handling
Update kata-containers-cc to 0.6.0
Update kernel's mellanox configuratoins for bluefield2 in
Updated iperf3 to fix CVE-2023-38403.
Updated pcre2 to version 10.42 to fix CVE-2022-41409.
Updated tooling to use Golang 1.19.
Upgrade kernel to 5.15.122.1 to fix CVE-2022-3533, CVE-2022-3606, CVE-2022-45884, CVE-2022-45886, CVE-2023-3609, CVE-2023-3610, CVE-2023-3611, CVE-2023-3863, CVE-2023-3776 CVE-2023-38426, CVE-2023-38427, CVE-2023-38428, CVE-2023-38429, CVE-2023-38430, CVE-2023-38431 CVE-2023-38432
Upgrade openssh to 8.9p1 to fix CVE-2023-38408
2.0.20230721
Add functionality to serve stale DNS records
Add grace period for hotplug detach when hotplug pod is deleted in KubeVirt
Add new package opencsd v1.4.0
Add new package python-resolvelib
Add new package rlwrap v0.46.1
Added logging built toolchain RPMs and specs.
Build nginx with http_gunzip_module
Extended PR checks with package builds and ptests.
Fix bogus changelog times in toolchian packages
Fix strace's sockopt-sol_netlink test for kernel >= 5.15.116.1
Fixed the PACKAGE_CACHE_SUMMARY build option.
Include clippy linter tool in package rust
Map the expected RPMs to specs in toolchain
Modify LLVM_PARALLEL_COMPILE_JOBS in llvm
Package cmake modules in grpc-devel
Patch cloud-init to fix CVE-2023-1786
Patch libX11 to fix CVE-2023-3138
Patch nghttp2 to fix CVE-2023-35945
Patch nodejs v16 to fix CVE-2022-25883
Patch nodejs18 to fix CVE-2022-25883
Remove k3s from Mariner
Restore glibc-debuginfo package
Revert: Remove umask handling from bash.spec and change it in filesystem.spec
Update NVIDIA ofa_kernel SPEC
Update README.md
Upgrade Blobfuse2 to version 2.0.4
Upgrade cloud-init to version 23.2
Upgrade golang to version 1.19.11 to fix CVE-2023-29406
Upgrade kernel to version 5.15.118.1
Upgrade liblouis to version 3.26.0 to fix CVE-2023-26767, CVE-2023-26768, CVE-2023-26769
Upgrade librepo to version 1.15.1
Upgrade libsolv to version 0.7.24
Upgrade libtiff to version 4.5.1 patch CVE-2023-26966
Upgrade libxml2 to version 2.10.4 to fix CVE-2023-28484, CVE-2023-29469
Upgrade nodejs to version 16.20.1
Upgrade telegraf to version 1.27.2 to fix CVE-2023-34231, CVE-2023-25809, CVE-2023-28642
Upgrade uclibc-ng to version v1.0.43 to address CVE-2022-29503
1.0.20230713
Patch cloud-hypervisor to fix CVE-2023-2650, CVE-2023-0465
Patch cloud-init to fix CVE-2022-2084, CVE-2023-1786
Patch libcap to fix CVE-2023-2603
Patch mozjs60 to fix CVE-2023-34411, CVE-2022-48285
Patch perl to fix CVE-2023-31486
Patch uclibc-ng to fix gettimeofday static build
Patch yajl to fix CVE-2023-33460
Upgrade golang to version 1.19.10 to fix CVE-2023-24540, CVE-2023-29402, CVE-2023-29403, CVE-2023-29404, CVE-2023-29405
Upgrade kernel to version 5.10.185.1
Upgrade libtiff to version 4.5.1 to fix CVE-2023-26966
Upgrade postgresql to version 12.15 to fix CVE-2023-2454
Upgrade uclibc-ng to version v1.0.43 to fix CVE-2022-29503
2.0.20230630
Add delta toolchain build to automated PR check
Add extended specs to GitOps config.
Add nbkdit as a dependency for the containerized-data-importer:
Add nvram-template mapping to ovmf x64 config for edk2
Add package fsverity-utils
Add patch for cloud-init CVE-2023-1786
Add toolkit feature to profile & trace to have better diagnostics
Enable CONFIG_IP_VS_MH module
Enable audit integration for systemd.
Enable dbus audit logs.
Enable dm-verity in the kernel-uvm
Fix kernel-hci for CVE-2023-3161 CVE-2023-3159 CVE-2023-35788
Fix outdated edk2.signatures.json
Include curl and grep in all core packages.
Patch cloud-init to address CVE-2023-1786
Patch kernel for CVE-2023-3159, CVE-2023-3161, CVE-2023-35788, CVE-2022-48425, CVE-2023-1859, CVE-2023-2002, CVE-2023-22995, CVE-2023-3111, CVE-2023-3141
Patching graphviz dot to png error
Remove duplicate systemd parameters from kernel-mshv cfg
Remove unnecessary brp-strip scripts from RPM
Unified fmt.Error formatting with Go's conventions.
Update Skopeo to 1.12
Upgrade kata-containers-cc to version 0.4.2
Use latest 2.0 Mariner toolchain container for bootstrap build
add patch for Mozjs CVE
2.0.20230621
Add specarchchecker tool to allow arch validation
Add workflow to check for required kernel configs
Exclude ccache directory from toolkit cleanup
Fix CVE-2019-19977
Fix CVE-2023-2454, CVE-2023-2455 and CVE-2022-41862 by upgrading
Fix against race condition in unattended install
Fix qt5-qtbase CVE-2023-32762
Fix qt5-qtbase CVE-2023-32763
Fix typo in changelog
Fully qualify libcap name in official toolchain script
Kernel CVE-2023-2985 CVE-2023-34256
Kernel upgrade to version 5.15.116.1 - branch main -
Patch OpenSSL to fix CVE-2023-2650
Patch QEMU to fix CVE-2021-3750
Patch grub2 to fix CVE-2022-3775 in
Patch kernel-hci for CVE-2023-0459 CVE-2023-2985 CVE-2023-34256
Patch opensc to fix CVE-2023-2977
Patch python-requests to fix CVE-2023-32681
Patch tdnf to include SELECTION_DOTARCH libsolv flag for package query/install
Patch yajl to fix CVE-2023-33460
Patch yasm to fix CVE-2023-31975
Refactor graphpkgfetcher in preparation for delta feature
Registering /usr/local/sbin within filesystem package
Remove redirect and add icmp to default iptables
Resolve libcap CVE-2023-2602 and CVE-2023-2603
Switched to GitOps.ResourceManagement from FabricBot.
Toolkit: Add MAX_CPU flag to limit number of CPUS used for package building
Upgrade golang to 1.19.10 Address CVE-2023-24540, CVE-2023-29402, CVE-2023-29403, CVE-2023-29404, CVE-2023-29405
Upgrade msft-golang to fix CVE-2023-29404
Upgrade tdnf package to version 3.5.2
1.0.20230615
Modified core packages:
c-ares: upgrade to 1.19.1 to fix CVE-2023-32067, CVE-2023-31130, and CVE-2023-31147
curl: patch CVE-2023-28322
haproxy: fix CVE-2023-25725
hyperv-daemons: upgrade to 5.10.183.1
kernel-hyperv: upgrade to version 5.10.183.1
kernel: upgrade to version 5.10.183.1
nodejs: build with system c-ares to fix CVE-2023-32067, CVE-2023-31130, and CVE-2023-31147
opensc: patch CVE-2023-2977
openssh: patch CVE-2023-28531
openssl: patch CVE-2023-2650
python-requests: patch CVE-2023-32681
qt5-qtbase: fix CVE-2023-36762, CVE-2023-32763
yasm: patch CVE-2023-31975