1.0 CBL-Mariner January 2021 Update

Added Td Agent
Added i.MX8mq-evk board support
Added kernel patch to fix GUI installer crash due to mmap issue
Added Fedora 32 patch to make perl-WWW-Curl work with new version of curl
Added Minimal Distroless Mariner container
Added Kubernetes versions for 1.19.6, 1.18.14, 1.17.16
Added the following Kubernetes containers:

• kube-proxy
• kube-apiserver
• kube-controller-manager
• kube-scheduler
• kube-pause

Upgraded meson to version 0.56.0.
Upgraded p11-kit to 0.23.22
Upgraded ansible to version 2.9.12
Upgraded kernel sources to 5.4.91

Remove IDEA and EC2M source code/support from OpenSSL

Fixed Diskutils to include virtual disk devices in search
Fixed Minor Documentation issues
Including fix to prereqs.
Fixed Kubernetes
Hotfixes for 1.19.3, 1.18.10 and 1.17.13 and fix container script

Security Fixes
CVE-2019-5094, CVE-2019-5188, CVE-2019-11236, CVE-2019-25013

 CVE-2020-8169, CVE-2020-8564, CVE-2020-8565, CVE-2020-8566, CVE-2020-25659, CVE-2020-26137, CVE-2020-27777, CVE-2020-28374, CVE-2020-35493, CVE-2020-35494, CVE-2020-35495, CVE-2020-35496, CVE-2020-35507, CVE-2020-36158

 CVE-2021-3156.  

Fixed Package Self Tests For
coreutils, bc, swig, python-pycurl (removed unreliable memtest), cloud-init, chrony, ModemManager, mariadb, openssl, python-ecdsa tests, ruby, asciidoc, ipv6calc, strace python-attrs, libmodulemd, dracut, python-bcrypt, python-pynacl, librepo, libisoburn, grep, gawk, mozjs60, jna, openssh, gettest, libunistring, strongswan

1.0 CBL-Mariner December 2020 update

1. Fixed 14 CVEs:

   • curl: CVE-2020-8177 and CVE-2020-8231;
   • glib: CVE-2020-35457;
   • kernel: 7 CVEs fixed by the version update;
   • python-pip: CVE-2019-20916;
   • python-py: CVE-2020-29651;
   • qemu: CVE-2020-27821;
   • unbound: CVE-2020-28935.

2. Updated kernel to version 5.4.83.

3. Added an option to build distroless containers.

4. Enabled and/or fixed 10+ package build tests.

5. Added new versions of Kubernetes: 1.17, 1.18, and 1.19.

6. Switched the tooling and build instructions to use Go 1.15 instead of 1.13.

7. ARM64 ISOs and VHDXs can now be produced.

8. Updated documentation for build instructions + minor documentation fixes.

1.0 CBL-Mariner November 2020 Update

• Upgrade postgresql to 12.5
• Upgrade kernel to 5.4.72 to address kernel CVEs
• Upgrade clamav to 0.103.0.
• Python 3 upgraded to 3.7.9 to fix CVE-2019-20907, CVE-2020-26116, CVE-2019-18348, CVE-2020-14422, Patch CVE-2020-27619 (#358)
• Added libxcrypt, heimdal, ipvcalc, perl-JSON
• Multiple spec file fixes, removing legacy macros and missing dependency fixes
• Package test improvements for tdnf, tcsh, sysstat, svn and more.
• TLS certs added to ptest builds, networking enabled.
• Disable kernel config SLUB_DEBUG_ON due to tcp performance impact.
• Add support to build ARM64 ISOs.
• Enable Hyper-V daemons for ARM64 VHDX images
• Multiple CVE fixes, including QEMU, glibc, librepo, systemd, tcpdump and more.

CVE-2017-18207,

CVE-2018-12617, CVE-2018-19876, CVE-2018-19665

CVE-2019-3842, CVE-2019-3843, CVE-2019-3844, CVE-2019-6454, CVE-2019-9071, CVE-2019-9073, CVE-2019-9074, CVE-2019-12749, CVE-2019-12972, CVE-2019-14250, CVE-2019-14444, CVE-2019-17450, CVE-2019-17451, CVE-2019-19126, CVE-2019-20386, CVE-2019-20807, CVE-2019-20907, CVE-2019-20892

CVE-2020-1712, CVE-2020-8037, CVE-2020-8631, CVE-2020-8632, CVE-2020-8927, CVE-2020-11080, CVE-2020-13253, CVE-2020-13754, CVE-2020-13776, CVE-2020-13791, CVE-2020-13800, CVE-2020-14147, CVE-2020-14352, CVE-2020-14155 , CVE-2020-14364 , CVE-2020-15705, CVE-2020-15778, CVE-2020-24352, CVE-2020-24553, CVE-2020-24977, CVE-2020-25613, CVE-2020-25637, CVE-2020-26116, CVE-2020-27619

1.0 CBL-Mariner October 2020 Update

This is the October 2020 cumulative update for the CBL Mariner 1.0 release that includes tooling and CVE fixes.
Changes include:

• Ability to build Mariner Toolchain and Packages from the Preview Repository.
• Fixed issue where additionalfiles were improperly handled during iso image build
• Fix CVE-2020-14342 in cifs-utils
• Fix CVE-2020-26159 in oniguruma
• Fix CVE-2019-12735 in vim
• Patch lua CVE-2019-6706, CVE-2020-15888
• Patch unbound CVE-2020-12662 and CVE-2020-12663
• Patch gnutls CVE-2020-24659
• Upgrade ruby to 2.6.6 to resolve CVE-2019-16255, CVE-2019-16201, CVE-2020-10933, CVE-2020-5247, CVE-2019-15845, CVE-2019-16254
• Update fontconfig to 2.13.91
• Added several packages: gflags, rocksdb, syslog-ng, tinyxml2, toml11 tracelogging zipper mm-common libxml++ liblogging nlohmann-json msgpack span-lite telegraf jsonbuilder babeltrace2 lttng-consume pugixml rapidjson bond fluent-bit ivykis azure-storage omi ccache clamav auoms
• Enable QAT kernel configs in CBL-Mariner
• Fixed multiple SPEC files so %check sections are valid

1.0 CBL-Mariner September 2020 Update

CVE and tooling fixes

1.0 CBL-Mariner Release

Initial Release of CBL-Mariner