Releases: microsoft/azurelinux
1.0.20230308
Patch gnutls to fix CVE-2023-0361
Patch python2 to address CVE-2023-24329
Patch moby-containerd to fix CVE-2023-25153
Patch helm to fix CVE-2023-25165
Patch moby-containerd to fix CVE-2023-25173
Patch kernel for CVE-2022-2196, CVE-2023-26545, CVE-2023-22998, CVE-2023-22999, CVE-2023-1095
Skip pwd-long tests from coreutils which is failing in chroot
Upgrade git to 2.33.7 fix CVE-2023-22490, CVE-2023-23946
Upgrade libtiff to 4.5.0 to fix CVE-2023-0804
Upgrade moby-containerd to 1.6.18 to fix CVE-2023-25173, CVE-2023-25153
Upgrade Kernel to version 5.10.172.1
Upgrade harfbuzz version in 1.0 to fix CVE-2023-25193
2.0.20230303
New Core Packages
authbind: add package 2.1.2
geos: add package v3.11.1
prometheus-adapter: moved to core packages from extended
New Extended Packages
bolt: Add package version 0.9.2
crypto-policies: add package version 20200619
dleyna-connector-dbus: add package version 0.3.0
dleyna-core: add package version 0.6.0
foomatic: add package 4.0.13
foomatic-db: add package 4.0.69
frr: add package version 8.4.2
gssdp: add package version 1.6.2
gupnp: add package version 1.6.3
gupnp-dlna: add package version 0.12.0
gupnp-igd: add package version 1.2.0
libgdither: Add package version 0.6
mksh: add package v59c
opal: add package version 3.10.11
openrdate: add package version 1.2
ptlib: add package version 2.10.11
rcs: add package version 5.10.1
rubygem-bson
rubygem-diff-lcs
rubygem-flexmock
rubygem-maruku
rubygem-mysql2
rubygem-rspec-expectations
rubygem-rspec-mocks
rubygem-rspec-support
rubygem-thread_order
udisks2: add package version 2.9.4
Updated Core Packages
blobfuse2: upgrade to 2.0.2
ca-certificates: Added new Microsoft-owned root CAs to the base set of trusted CAs.
clamav: upgrade to 0.105.2 CVE-2023-20032 CVE-2023-20052
cloud-init: upgrade to 22.4
erlang: upgrade to version 25.2 to support rabbitmq
fluent-bit: upgrade to 2.0.9
harbuzz: patch CVE-2023-25193
helm: patch for CVE-2023-25165
initramfs: Only conditionally move kernel-mshv initrd if it exists
kernel: upgrade to 5.15.94.1 version
kernel: Install vmlinux with root executable permissions
kernel-azure: Install vmlinux with root executable permissions
kernel-hci: Add QinQ patches
kernel-hci: Install vmlinux with root executable permissions
kernel-mshv: Install vmlinux with root executable permissions
kernel-mshv: bump to 5.15.92.mshv1 to match lsg release v2302.8.1
kernel-uvm: enable Hyper-V enlightenments
less: patch with CVE-2022-46663
libtiff: patch for CVE-2023-0795(to 0799) and CVE-2023-0800(to 0804)
mariner-release: bump mariner-release to version 35
mstflint: Enable adb-generic-tools in mstflint build config
php: upgrade to 8.1.16 to fix CVE-2023-0568, CVE-2023-0662
python-werkzeug: patch CVE-2023-25577
telegraf: upgrade to 1.25.2 to fix several vendored CVEs
Updated Extended Packages
buildah: Fix runtime requirements.
Tooling changes
Bump golang.org/x/text from 0.3.7 to 0.3.8 in /toolkit/tools
Documentation for CGroup toggle in toolkit/docs/formats/imageconfig.md to generate Mariner images with cgroupv2
Ignored ccache directory.
Added an initial build pipeline for livepatches.
Fixed livepatch PR check.
Parse %check section when RUN_CHECK=y to add %check passing as a requirement
fix URL to mariner-nvidia.repo
add livepatch-5.15.87.1-1: CVEs: 2022-47929, 2023-0266, 2023-0394.
add livepatch-5.15.94.1-1
1.0.20230225
Install vmlinux with root executable permissions
Patch CVE 2023-0795 thru CVE-2023-0799 in libtiff
Patch binutils to address CVE-2022-4285
Patch curl to resolve CVE-2022-43552
Patch grub2 to address CVE-2022-3775
Patch helm to address CVE-2022-23524
Patch libconfuse to address CVE-2022-40320
Patch libksba patch for CVE-2022-3515
Patch libtiff to address CVE 2023-0800
Patch mariadb to address CVE-2022-47015
Patch pixman to address CVE-2022-44638
Patch python cryptography for CVE-2023-23931
Patch strongswan to address CVE-2022-40617
Patch syslog-ng to address CVE-2022-38725
Patch tmux to address CVE-2022-47016.
Patch unzip to address CVE-2021-4217
Update documentation to correct wget URL for mariner-nvidia.repo
Upgrade bind to 9.16.37 to fix CVE-2022-3736, CVE-2022-3094, CVE-2022-3924 -
Upgrade clamav to 0.103.8 CVE-2023-20032
Upgrade kernel to 5.10.168.1 version address CVE-2023-0266, CVE-2022-36280, CVE-2022-41218, CVE-2022-4139, CVE-2022-42328, CVE-2022-42329, CVE-2022-4662, CVE-2023-23559
Upgrade redis to 6.2.9 to fix CVE-2022-35977 and CVE-2023-22458
Upgrade sudo to 1.9.12p2 for CVE-2023-22809
2.0.20230218
New Core packages
openMpi
pytorch
smartmontools: Move from SPECS-EXTENDED to SPECS
maven3: package added without jdk bindings.
New Extended packages
elinks
libappstream-glib
libcmpiutil version 0.5.7
scotch version 6.1.2
squid v5.7
Modified packages
Cython: update to 0.29.33 to fix failing package tests
apr: upgrade to 1.7.2 to fix CVE-2022-24963
binutils: patch for CVE-2022-4285
cloud-hypervisor: update to v29.0
influx-cli-bash-completion: fix package conflict with bash-completion
k3s: update from v1.24.3 to v1.24.6
kernel: Disable INIT_ON_FREE Kernel config
kernel-mshv: update to v5.15.86
kubevirt: Add an upstream patch to SELinux issue
libtiff: patch for CVE-2022-48281
ltp: update to version 20230127.
mariadb: patch for CVE-2022-47015
maven: update to version 3.8.7
openldap: depend on cyrus-sasl
python-cryptography: patch CVE-2023-23931
qemu: Add, don't delete, romfiles when building for aarch64
redis: update to 6.2.9 for CVE-2022-35977 and CVE-2023-22458
skopeo: upgrade to 1.11.0 upgrade to latest
sudo: update to 1.9.12p2 to address CVE-2023-22809
tmux: patch for CVE-2022-47016
tpm2-tss: patch for CVE-2023-22745
Tooling changes
Fixed livepatch PR check.
Update workflows to use latest Ubuntu
docs: Make clearer how REPO_LIST is to be used
set disable_root true in cloud-init.cfg
2.0.20230208
Add 0001-cgroups-cpuset-fix-byte-order-while-parsing-cpuset-r.patch to moby-runc
Add Etcd, Coredns new spec: etcd-3.5.3 etcd-3.5.4 etcd-3.5.5 etcd-3.5.6 coredns-1.9.3 -
Add bsf package version 2.4.0
Add clutter package version 1.26.4
Add clutter-gst3 package version 3.0.27
Add clutter-gtk package version 1.8.4
Add cogl package version 1.22.8
Add cpulimit SPEC to Mariner
Add flux and influxdb2 packages to 2.0
Add grubenv file to iso_initrd_arm64.json
Add jansi package version 2.4.0
Add jline package version 2.14.6
Add libblockdev package version 2.28
Add luajit SPEC to Mariner
Add package libdeflate version 1.9
Add package libofa version 0.9.3
Add package liboggz version 1.1.1
Add python3-enchant to Mariner
Add subscription-manager package version 1.29.30
Add tclx package version 8.4.0
Add tix package version 8.4.3
Add vorbis-tools package version 1.4.2
Add wordnet package version 3.0
Add xapian-core package version 1.4.20
Disable systemd-oomd service & socket through 99-mariner.preset file
Enable building with cyrus-sasl.
Enable wireguard kernel module
Fix calamares bugs and update requires
Fix package tk install requires on tcl & tcl-devel
Fix whois package to take dependency on iana-etc. iana-etc provides /etc/services required by whois
Let openldap depend on cyrus-sasl
Pass pkgver to tar in mariabd src tar generation script
Patch CVE-2022-40897 in python3-setuptools
Patch CVE-2022-4304, CVE-2022-4450, CVE-2023-0215, CVE-2023-0286 in openssl
Patch util-linux to prevent cdrom probe on Azure VMs
Patched pkgconf to address CVE-2023-24056
Promote kernel-mshv and kernel-uvm to SPECS from extended
Promote libsmi from extended to core
Resolve CVE-2022-43551 in bundled curl in cmake
Switch to posix compliant invocation of test in mk file
Update apr-util to 1.6.3 for CVE-2022-25147
Update httpd to 2.4.55 for CVE-2022-36760
Upgrade Kernel to 5.15.92.1 for CVE-2023-0394, CVE-2022-1943, CVE-2022-4662, CVE-2022-41218, CVE-2022-42328, CVE-2022-42329,CVE-2022-47929, CVE-2023-0266, CVE-2023-0468, CVE-2023-23559
Upgrade golang to 1.19.5
Upgrade mysql to 8.0.32 CVE-2023-21879 CVE-2023-21875 CVE-2023-21877 CVE-2023-21876 CVE-2023-21878 CVE-2023-21883 CVE-2023-21881 CVE-2023-21880 CVE-2023-21882 CVE-2023-21887
Upgrade vim to 9.0.1247 to fix CVE-2023-0512 and CVE-2023-0433
1.0.20230208
Clear openvswitch CVE-2021-3905
Modify toolchain build sequence
Patch OpenSSL for CVE-2022-4304, CVE-2022-4450, CVE-2023-0215, CVE-2023-0286
Patch cmake for CVE-2022-43551
Patch dbus for CVE-2022-42010, CVE-2022-42011, CVE-2022-42012
Patch libtar for CVE-2021-33640
Patch libtiff for CVE-2022-48281
Patch mozjs60 to address CVE-2023-22895
Patch tpm2-tss for CVE-2023-22745
Upgrade apr-util to 1.6.3 for CVE-2022-25147
Upgrade etcd to 3.4.23 to address CVE-2022-3064
Upgrade git to 2.33.6 to address CVE-2022-23521 and CVE-2022-41903
Upgrade httpd to version 2.4.55 for CVE-2022-36760
Upgrade kernel to 5.10.167.1 version CVE-2023-23454 CVE-2023-23455 CVE-2023-0394 CVE-2022-47929 CVE-2022-41858
Upgrade vim to 9.0.1247 to fix CVE-2023-0512 and CVE-2023-0433
2.0.20230126-2.0
New SPECS-EXTENDED packages:
SDL2: Add package version 2.24.9
SDL: add version 1.2.15
SDL_sound: add package version 1.0.3
alsa-firmware: add package version 1.2.4
alsa-plugins: add package version 1.2.7.1
cdparanoia: Add package version 10.2
cdrdao: Add package version 1.2.4
fftw: Add package version 3.3.10
gstreamer1-plugins-base: Add package version 1.20.0
libao: Add package version 1.2.0
libcanberra: Add package version 0.30
liblouis: add version 3.24.0
libmikmod: Add package version 3.3.11.1
libomxil-bellagio: add version 0.9.3
libsamplerate: Add package version 0.2.2
libwpg: add version 0.3.3
lilv: Add package version 0.24.14
linuxconsoletools: Add package version 1.8.1
lv2: Add package version 1.18.8
pipewire: Add package version 0.3.60
pulseaudio: Add package version 16.1
python-rdflib: Add package version 6.2.0
sratom: Add package version 0.6.10
zopfli: add version 1.0.3
zziplib: add package version 0.13.72
Package updates:
application-gateway-kubernetes-ingress – bump release to regenerate source and vendor code to fix CVE-2021-4235, CVE-2022-3064
coredns and etcd: create script to generate vendored modules tarball for etcd and coredns
curl - build with HTTP/2 support
dmraid - replace crontabs requirement with cronie
git - update to v2.33.6 to address critical CVE-2022-23521 & CVE-2022-41903
golang - upgrade to 1.19.4
golang – add 1.18 spec
kernel - CVE-2022-41858
kernel - add missing BuildRequires
kernel - upgrade to 5.15.87.1 version
libkcapi - Fixing 'Obsoletes' and 'Provides' for 'fipscheck' and 'hmaccalc' subpackages.
libtar: patch CVE-2021-33640
logwatch - replace crontabs requirement with cronie
ltp – add missing dependencies
prometheus – update from 2.36.0 to 2.37.0
pytest - Added missing runtime dependencies
python-certifi – update to version 2022.12.07 to address CVE-2022-23491
rear – replace crontabs requirement with cronie
systemd – update to address CVE-2022-4415
tensorflow – add missing deps
vim - update to 9.0.1189 to fix CVE-2023-0288
Removed packages:
crontabs – removed from SPECS-Extended
Tooling changes:
Github: add .gitattributes file for GitHub linguist attributes
Toolkit: CGroupsV2 Toggle Optionality for Mariner 2.0 Images
Toolkit: add ISO image verification instructions
Toolkit: add Microsoft repo to PACKAGE_URL_LIST
Toolkit: clear SRPM pack list file when SRPM_PACK_LIST argument is empty
Toolkit: fix missing dependency tracking for spec sources, refactor Makefile to skip shell commands during dry-run
Toolkit: fixed mariner_rpmspec command.
Toolkit: improve robustness of ISO initrd builds
Toolkit: move package repo update implementation to earlier stage in image build process
Toolkit: update cloud-int.cfg lock-passwd to lock_passwd
Toolkit: update documentation with packages.microsoft.com repo structure info
Toolkit: worked around RPM package resolution bug.
1.0.20230123
Patch curl to fix patch CVE-2022-43551
Patch krb5 to fix CVE-2022-42898
Upgrade heimdal to 7.7.1 to fix CVE-2021-44758, CVE-2022-42898, CVE-2022-41916, and CVE-2022-44640
Upgrade kernel to 5.10.162.1
Upgrade openvswitch to 2.15.7 to fix CVE-2022-4337, and CVE-2022-4338
Upgrade vim to 9.0.1189 to fix CVE-2023-0288, CVE-2023-0049, CVE-2023-0054, and CVE-2023-0051
2.0.20230107
Add aide package
Add apache-commons-beanutils package version 1.9.4
Add apache-commons-dbcp package version 2.1.1
Add apache-commons-digester package version 2.1
Add apache-commons-jexl package version 2.1.1
Add apache-commons-pool package version 1.6
Add apache-commons-pool2 package version 2.4.2
Add apache-commons-validator package version 1.5.0
Add apache-commons-vfs2 package version 2.2
Add libreport package version 2.13.1
Add libtheora package version 1.1.1
Add missing TensorFlow deps
Add package libosinfo, osinfo-db & osinfo-db-tools
Add package libucil & libunicap
Add package libwpd version 0.10.3
Bump Mariner Release for January 2023 Update
Clear CVE-2022-4515 for ctags
Clear kernel-hci CVE-2007-4998, CVE-2022-47520 CVE-2022-47521 CVE-2022-45934 CVE-2022-47518 CVE-2022-47519 CVE-2022-3545 CVE-2007-4998
Enabled helm self checks
Increasing marketplace images os disk size to 5GB
Kernel upgrade to 5.15.86.1 version to fix or clear CVE-2022-3545, CVE-2022-45934, CVE-2022-47518, CVE-2022-47519, CVE-2022-47520, CVE-2022-47521, CVE-2022-47938, CVE-2022-47941, CVE-2022-47942, CVE-2022-47943, CVE-2022-47518 CVE-2022-47519 CVE-2022-47520 CVE-2022-47521,
Patch CVE-2022-47943 for kernel HCI
Patch device-mapper-multipath to fix CVE-2022-41973, CVE-2022-41974 -
Patch grub2 for CVE-2022-2601
Patch qemu for CVE-2021-3929 and CVE-2021-4207
Upgrade helm to 3.10.3 to fix CVE-2022-23524
Upgrade kubevirt to 0.58.0
Upgrade libksba to 1.6.3 to fix CVE-2022-47629
1.0.20230106-1.0
Patch grub2 to fix CVE-2022-2601
Patch helm to fix CVE fix CVE-2022-23525 and CVE-2022-23526
Patch kernel to fix CVE-2022-3545 CVE-2022-47518 CVE-2022-47519 CVE-2022-47520 CVE-2022-47521 and CVE-2022-45934
Patch libksba to fix CVE-2022-47629
Patch python-setuptools to fix CVE-2022-40897
Patch qemu-kvm to fix CVE-2021-4207 and CVE-2022-3872
Upgrade kernel to 5.10.161.1