Releases: microsoft/azurelinux
2.0.20230526
Add ldap backend support into sudo
Add nopatch for CVE-2023-2513, CVE-2023-32233, CVE-2023-32269
Add rootfs partition name in gen2 market place image
Add setuid bit to necessary binaries so regular users can now run them
Fix ISO mount retry race condition
Fix dnf-plugins-core tests by using unittests runner
Fix kernel-hci CVE-2023-2248 CVE-2023-2177 CVE-2023-2008 CVE-2023-0458 CVE-2023-1382 CVE-2023-23005 CVE-2023-2006 CVE-2023-1998 CVE-2023-28327 CVE-2023-2235 CVE-2023-30772 CVE-2023-28328 CVE-2023-2019 CVE-2023-2162 CVE-2023-22997 CVE-2023-2166 CVE-2023-31436 CVE-2023-1872 CVE-2023-2194 CVE-2023-32233 CVE-2023-32269 CVE-2023-2513
Fix ocaml-ppxlib tests failing due to ocaml-sexplib0-0.15.0
Fix python-pbr tests by pinning sphinx version used
Include arch in ResolveCompetingPackages() output
Introduce patch to enable new hypervisor loader.
Make RPM cache flat, improve tdnf arg formatting
Patch frr with CVE-2023-31490
Patch libtiff for CVE-2023-2731
Patch reaper to fix CVE-2023-28155
Patch sysstat for CVE-2023-33204
Pin version of hypothesis used in numpy tests to avoid test breakage
Provide k8s-cni in cni-plugins rpm
Remove influx-cli-bash-completion subpackage
Remove python2 test exclusion
Remove umask handling from bash.spec and change it in filesystem.spec
Remove x86 console params from ARM-specific grub config file
Remove zstd from package test exclusion list
Restored executable permissions for 'squid' scripts.
Revert "qt5: Upgrade to version 5.15.9"
Unified *_LIST arguments to accept spec names
Update CVE-2022-37601.patch to fix multiple occurrences
Upgrade cert-manager to v1.11.2
Upgrade cloud-hypervisor to 31.1, kernel-mshv to 5-15-110, and kernel…
Upgrade kernel to 5.15.112.1
Upgrade lua to 5.4.4 to fix CVE-2021-44964
Upgrade moby-containerd-cc to 1.7.1
Upgrade nasm to 2.16 patch CVE-2022-44370
Upgrade vitess to 16.0.2 to fix CVE-2023-29194
Use static resource management and build using the host OpenSSL for kata-containers-cc
2.0.20230518
Add kata-containers-cc
Add moby-containerd-cc
Add mstflint kerner driver as a patch to kernel-hci
Add nlopt package version 2.7.1
Add toolchainrpms to protected directory list for docker-based builds
Add version constraint to moby-containerd-cc build dependency
Allow PackageRepo field to have configurable GPG
Avoid JIT'd Perl in dracut to avoid SELinux errors
Bump gd for libtiff update
Clear kernel CVE-2023-0458 CVE-2023-1382, CVE-2023-2008, CVE-2023-30772 CVE-2023-1872, CVE-2023-1998, CVE-2023-22997, CVE-2023-23005, CVE-2023-2006, CVE-2023-2019, CVE-2023-2162, CVE-2023-2166, CVE-2023-2177, CVE-2194, CVE-2023-28327, CVE-2023-28328, CVE-2023-2235 CVE-2023-31436 CVE-2023-2248
Correct FRR installation macro to resolve installation errors.
Enable CONFIG_EDAC_SKX
Enable DRM_AMDGPU module in kernel-drivers-gpu
Enable HW monitoring and tracing configs
Enable Kernel modules for TLS, Dell drivers, and supporting config options
Fix cgmanifest ordering
Fix chronyd to explicitly run as the chrony user
Fix CVE-2023-27477 by patching cranelift vulnerability that is exposed in rust
Fix flaky valgrind tests by including proper check-time requirements
Fix grubby to use dedicated installkernel package
Fix perl-WWW-Curl tests by adding check-time requirements
Fix relative time search tests in gh
Fixed architecture check during spec parsing and removed toolbox.
Install the bzImage for kernel-uvm
Introduce new hvloader.spec and required dependencies from -EXTENDED
Patch kernel-hci for CVE-2023-1989, CVE-2023-1829 and CVE-2023-1990
Patch libtiff for CVE-2023-0801 and CVE-2023-0795
Patch openvswitch for CVE-2023-1668
Patch qt5-qtbase to fix CVE-2023-24607 for qt5-qtbase
Patch shadow-utils to address CVE-2023-29383 -
Patch tidy to fix CVE-2021-33391
Promote containernetworking-plugins from extended to core
Remove explicit build-time dependency on npm in nodejs-nodemon
Remove old livepatches
Scan for orphaned mounts when cleaning toolchain
Update %__python macro to point to existing interpreter
Update ncurses to fix CVE-2023-29491
Updated Microsoft trusted root CAs. Release: April 2023 (2023-05-05)
Upgrade bcc to 0.27.0
Upgrade Cblmargh/moby engine to 20.10.24
Upgrade dmidecode to 3.5 to fix CVE-2023-30630
Upgrade freetype to 2.13.0 to fix CVE-2023-2004
Upgrade frr to 8.5.1 and promote to core specs
Upgrade git to 2.33.8 to address CVE-2023-25652 and CVE-2023-29007
Upgrade kata-containers to version 3.1.0
Upgrade kata-containers-cc to 0.4.1
Upgrade Kernel to 5.15.111.1 version
Upgrade kubevirt to v0.59.0
Upgrade qt5 to version 5.15.9
Upgrade redis to 6.2.12 to fix CVE-2023-28856
Upgrade ruby-time to v0.2.2 and ruby-uri to v0.11.1 to resolve CVE-20…
Upgrade strongswan to fix CVE-2023-26463
Upgrade vim to 9.0.1527 Fix CVE-2023-2426
Upgrade vim to 9.0.1562 to address CVE-2023-2609 & CVE-2023-2610
Upgrade zlib to 1.2.13 to correctly handle CRC inputs
1.0.20230518
Add patch for CVE-2023-0795 in libtiff
Add toolchainrpms to protected directory list for docker-based builds
Patch fluent-bit to fix CVE-2021-46878 and CVE-2021-46879
Patch kernel to address CVE-2023-30772
Patch tdnf to Retry on Failed Connection During curl Calls
Path Kernel CVE-2023-0458
Renamed patch in nmap to correct format to resolve CVE-2018-25032
Update ncurses to version 6.4-20230408 to fix CVE-2023-29491
Updated Microsoft trusted root CAs. Release: April 2023 (2023-05-05)
Upgrade freetype to 2.13.0 Fix CVE-2023-2004
Upgrade git to 2.33.8 to address CVE-2023-25652 and CVE-2023-29007
Upgrade Kernel to version 5.10.179.1
Upgrade redis to 6.2.12 to fix CVE-2023-28856
Upgrade vim to 9.0.1562 to address CVE-2023-2609 & CVE-2023-2610 and CVE-2023-2426
1.0.20230427-1.0
Add 3pm extension to perl, perl-File-Which, perl-File-HomeDir, and perl-List-MoreUtils man3 pages
Make python2 use system zlib to fix CVE-2018-25032
Make ccache use system zlib to fix CVE-2018-25032
Patch embedded zlib package within boost to fix CVE-2018-25032
Patch erlang for CVE-2018-25032
Patch nmap to fix CVE-2018-25032
Patch protobuf-c to fix CVE-2022-48468
Patch qt5-qtbase for CVE-2023-24607
Upgrade bundled njs version in nginx to 0.7.12 to fix CVE-2020-19692, CVE-2020-19695
Upgrade tcl to 8.6.13 to fix CVE-2018-25032
Upgrade kernel to version 5.10.177.1
2.0.20230426
Add kata-containers-cc package
Adding XFS as a root filesystem type
Enable serial console for ISO installer
Fix CVE 2022 37601 on webpack loader-utils integrated with webpack
Fix CVE-2021-45985 on memcached and ntopng
Fix uninstallation of InfluxDB package
Patch CVE-2021-28235 for etcd packages
Patch CVE-2022-2989 in podman
Patch CVE-2022-3165 in qemu
Patch CVE-2023-25173 and CVE-2023-25153 for k3s
Patch embedded zlib package within boost to fix CVE 2018-25032
Upgrade bundled njs version in nginx to 0.7.12 to fix CVE-2020-19692, CVE-2020-19695
Upgrade bundled njs version in nginx to 0.7.12 to fix CVE-2020-19692, CVE-2020-19695
Upgrade k3s to 1.25.8 and 1.26.3
Upgrade k3s to v1.24.6 & add v1.25.5
Upgrade libyang to 2.1.55 to fix CVE-2023-26916
Upgrade moby-cli to 20.10.24
Upgrade moby-runc to 1.1.5 to fix CVE-2023-28642, CVE-2023-27561, CVE-2023-25809
Upgrade mysql to 8.0.33 address CVE-2023-21976, CVE-2023-21972, CVE-2023-21982, CVE-2023-21977, CVE-2023-21980
Upgrade nmap to version 7.93 to fix CVE-2018-25032
Upgrade tcl to 8.6.13 Fix CVE-2018-25032
Upgrade protobuf-c to 1.4.1 to fix CVE-2022-48468 -
Kernel upgrade to version 5.15.107.1
Add nodejs18.spec to support nodejs 18
clang-16 and llvm-16: add new SPECS
openssl: patch CVE-2023-0465 and CVE-2023-0466
2.0.20230407
New Core Packages
apache-commons-cli
apache-commons-lang3
apache-commons-logging
atinject
atop - promoted from extended to core
cal10n
dracut-megaraid
glassfish-servlet-api
google-guice
guava
htop - promoted from extended to core
javapackages-bootstrap
javassist
jsr-305
junit
maven-compiler-plugin
maven-jar-plugin
maven-resolver
maven-resources-plugin
maven-surefire
maven-wagon
plexus-cipher
plexus-classworlds
plexus-containers
plexus-interpolation
plexus-sec-dispatcher
plexus-utils
rabbitmq-server
sisu
slf4j
wireguard-tools version 1.0.20210914
xmvn
Updated Core Packages
Add missing runtime dependency to sos package
Enable CONFIG_NET_CLS_FLOWER as module
Enable loadable modules and -devel subpackage for kernel-uvm
Enable wireguard as kernel module
PyTorch: Fix CVE-2022-25882
R: fix build with curl >= 8.0.0
Updated Microsoft trusted root CAs. Release: February 2023 (2023-03-29)
Updated packages with a BR on libtiff.
build nginx with http_gzip_static_module
c-ares update to 1.19.0 to address CVE-2022-4904
ccache: update to 4.8
cert-manager - patch to address CVE-2023-25165 -
cloud-hypervisor: patch vendored versionize crate to fix CVE-2023-28448
cloud-init - address ptest failure
curl: bump version to 8.0.1 to address CVE-2023-27533 to CVE-2023-27538
dnsmasq: patch CVE-2023-28450
gnupg2: add correct version of libgpg-error-devel as BR
golang update to 1.19.7 to address CVE-2023-24532
golang: upgrade to 1.19.8 to address CVE-2023-24534, CVE-2023-24536, CVE-2023-24537, CVE-2023-24538
javapackages-boostrap - Fix CVE-2021-35516 and CVE-2021-35517 by upgrading common-compress to 1.21
kata-containers: integrate fix to reduce UVM memory consumption
kata-containers: update kata-osbuilder.sh signature
kdump initrd assembly + cosmetic fixes on kdumpctl
kernel-mshv: add back config
kernel-uvm: consume dom0 source
kernel-uvm: remove aarch64
libtiff - upgrade to 4.5.0 to fix CVE-2022-4645 -
maven3 - update to match maven changes
mlnx-ofa_kernel - update BuildRequires to use kernel 5.15.87.1
msft-golang: bump version to 1.19.7 to address CVE-2022-41722, CVE-2022-41724, CVE-2022-41725, CVE-2022-41723, CVE-2023-24532
msft-golang: upgrade to 1.19.8 to address CVE-2023-24534, CVE-2023-24536, CVE-2023-24537, CVE-2023-24538
nginx - build with ngx_http_realip_module
opa - update to 0.50.2
openssl 1.1.1k - atching CVE-2023-0464
rust: bump version to 1.68.2 to revoke leaked github keys
telegraf - update to 1.26.0 to fix CVE-2022-23471
tzdata - update to version 2023c.
xinetd - patch with CVE-2013-4342 fix
New Extended Packages
none
Updated Extended Packages
none
New Proprietary packages
none
Updated Proprietary Packages
kubernetes-1.23.12-4
kubernetes-1.23.15-4
kubernetes-1.24.6-4
kubernetes-1.24.9-4
kubernetes-1.25.4-4
kubernetes-1.25.5-4
kubernetes-1.26.0-2
kubernetes-1.26.3-2
Updated NVIDIA packages
cuda-525.85.12-2_5.15.102.1.3
nvidia-fabric-manager-525.85.12-1
Tooling changes
Added signing stage for livepatches pipeline.
Fix unattended iso flag handling
Move toolchain RPMs to a dedicated location in ./build/toolchain_rpms
Prioritize already cached RPMs before using online repos
Translate and update build flow diagram into mermaid diagram
Update CBL-Mariner build prerequisites
Update contribution guide to include more detailed instructions
Updated livepatch spec template to print more logs.
Update old go file formatting with go-tidy-all.
1.0.20230414
Disable root login by default in cloud-init configuration
Fix UNATTENDED_INSTALLER make argument when building ISO
Patch cloud-hypervisor for vendored CVE-2023-28448
Patch openssl to fix CVE-2023-0460, CVE-2023-0465, CVE-2023-0466
Patch systemd to fix CVE-2023-26604
Patch xinetd with CVE-2013-4342
Update c-ares to 1.19.0 To fix CVE-2022-4904
Update Microsoft trusted root CAs for February 2023 release (2023-03-29)
Update moby-runc to 1.1.5 to fix CVE-2023-28642, CVE-2023-27561, CVE-2023-25809
Update tzdata to version 2023c
1.0.20230330
Patch kernel for CVE-2022-1943 CVE-2022-3110, CVE-2022-3707 CVE-2023-0461, CVE-2023-1118 CVE-2023-22996, CVE-2023-22997, CVE-2023-23001, CVE-2023-23002, CVE-2023-23003, CVE-2023-23004, CVE-2023-23005, CVE-2023-23006
Upgrade mysql to 8.0.32 fix CVE-2023-21875 to CVE-2023-21887
Upgrade redis to 6.2.11 patch CVE-2022-36021
Upgrade vim to 9.0.1367 patch CVE-2023-1127
Upgrade vim to 9.0.1378 patch CVE-2023-1175
Upgrade Kernel to version 5.10.174.1
Patch heimdal for CVE-2022-45142
Upgrade curl to version 7.88.1 to address CVE-2023-23914, CVE-2023-23915, CVE-2023-23916
Patch dnsmasq CVE-2023-28450
Upgrade httpd to 2.4.56 to fix CVE-2023-27522, CVE-2023-25690
Patch perl-WWW-Curl to work around macro bug introduced by curl 7.88.1 upgrade
Upgrade sudo to 1.9.13p3 to fix CVE-2023-27320
Upgrade vim to 9.0.1402 Fix CVE-2023-1264
2.0.20230321
PawelWMS
Pawel Winogrodzki
What's Changed
Added 13 python packages to extended.
Added 18 perl packages.
Added 9 packages to extended.
Added GeoIP-GeoLite-data package version 2018.06.
Added PostInstallScript entry, add note to extra cmdline.
Added a workaround for a breaking lint in rpm-ostree.
Added booth package version 1.0.
Added elixir package to Mariner to support rabbitmq.
Added freefont.
Added fstrm to extended.
Added geoclue2 package version 2.7.0.
Added libgovirt package version 0.3.9.
Added libindicator package version 12.10.1.
Added libxmlb package version 0.3.11.
Added netsniff-ng package version 0.6.8.
Added nopatches for kernel-hci: CVE-2022-41858, CVE-2023-0461, CVE-2023-0266, CVE-2022-4662, CVE-2022-47929, CVE-2023-22998, CVE-2022-42329, CVE-2022-4139, CVE-2023-1095, CVE-2022-47940, CVE-2023-22996, CVE-2022-41218, CVE-2023-0468, CVE-2023-23559, CVE-2022-1943, CVE-2023-26545, CVE-2022-2196, CVE-2022-42328, CVE-2023-22999, CVE-2023-0394.
Added pacemaker package version 2.1.5.
Added package advancecomp version 2.4.
Added package gdisk version 1.0.9.
Added package pykickstart version 3.36.
Added phodav package version 3.0.
Added python binding for gRPC (python3-grpcio) for aarch64.
Added python-beautifulsoup4 package version 4.11.2.
Added python-oslo-i18n package version 5.1.0.
Added python-stestr package version 3.2.0.
Added python-webtest package version 3.0.0.
Change source0 for python-msal & python-msrestazure.
Fixed python-cherrypy ptest.
Fixed the TestRPM-HydratedBuild pipeline to not report a toolchain error if allowToolchainRebuilds is true.
Kernel upgrade to version 5.15.102.1.
Nopatch kernel for CVE-2023-22998, CVE-2023-26545, CVE-2023-22999, CVE-2023-22996, CVE-2023-1095, CVE-2023-23001, CVE-2023-23002, CVE-2022-2196, CVE-2023-0461, CVE-2023-1118, CVE-2023-23004.
Parched python-werkzeug's CVE-2023-23934.
Patched emacs to fix CVE-2022-48337, CVE-2022-48338, CVE-2022-48339, CVE-2023-27986, CVE-2023-27985.
Patched gnutls' CVE-2023-0361.
Patched heimdal's CVE-2022-45142.
Patched moby-engine's CVE-2023-25153.
Patched perl-WWW-Curl to work around macro bug.
Patched systemd-bootstrap's CVE-2022-4415.
Patched vendor package hyper in rpm-ostree to fix CVE-2022-31394.
Removed k3s v1.23.8.
Updated bootstrap toolchain.
Updated selinux-policy refpolicy to 2.20221101.
Updated sources paths for ca-certificates.
Updated sudo to 1.9.13p3 to fix CVE-2023-27320.
Upgrade curl to 7.88.1.
Upgraded dnsmasq to 2.89 fix CVE-2021-45951, CVE-2021-45952, CVE-2021-45953, CVE-2021-45955, CVE-2021-45956, CVE-2021-45957, CVE-2022-0934.
Upgraded emacs to 28.2 fix CVE-2022-48338, CVE-2022-48339 -.
Upgraded gnupg2 to v2.4.0 to address CVE-2022-3515.
Upgraded golang to 1.19.6 Address CVE-2022-41722, CVE-2022-41724, CVE-2022-41725, CVE-2022-41723.
Upgraded httpd to 2.4.56.
Upgraded libgit2 to 1.4.5 none.
Upgraded moby-containerd to 1.6.18 to fix CVE-2023-25173, CVE-2023-25153.
Upgraded nodejs to 16.19.1 to fix CVE-2023-23936 -.
Upgraded redis to 6.2.11 to fix CVE-2022-36021, CVE-2023-25155.
Upgraded rust to 1.68.0, address some vendoring issues and promote libgit2 to core.
Upgraded vim to 9.0.1367 to fix CVE-2023-1127.
Upgraded vim to 9.0.1378 to fix CVE-2023-1175.
Upgraded vim to 9.0.1402 fix CVE-2023-1355, CVE-2023-1264.
New Contributors
- @rakshaa2000 made their first contribution in #5079
Full Changelog: 2.0.20230303-2.0...2.0.20230321-2.0
Contributors
Assets 2
1.0.20230308
Patch gnutls to fix CVE-2023-0361
Patch python2 to address CVE-2023-24329
Patch moby-containerd to fix CVE-2023-25153
Patch helm to fix CVE-2023-25165
Patch moby-containerd to fix CVE-2023-25173
Patch kernel for CVE-2022-2196, CVE-2023-26545, CVE-2023-22998, CVE-2023-22999, CVE-2023-1095
Skip pwd-long tests from coreutils which is failing in chroot
Upgrade git to 2.33.7 fix CVE-2023-22490, CVE-2023-23946
Upgrade libtiff to 4.5.0 to fix CVE-2023-0804
Upgrade moby-containerd to 1.6.18 to fix CVE-2023-25173, CVE-2023-25153
Upgrade Kernel to version 5.10.172.1
Upgrade harfbuzz version in 1.0 to fix CVE-2023-25193