Releases: microsoft/azurelinux
2.0.20221203
Add %{dist} macro to mariner-rpm-macros
Add ORBit2 version 2.14.19
Add Tensorflow
Add adcli package version 0.9.2
Add ephemeral-disk-warning.service
Add execute permissions for grpc's generate_source_tarball.sh
Add grubenv file and standard modification ability to mariner
Add kernel-hci-drivers-gpu
Add kernel-hci-signed
Add package xmlrpc-c version 1.54.06
Add prebuilt-ca-certificates and tzdata to 2.0 distroless minimal container
Add python-flatbuffers
Add python-gast
Add python-google-pasta
Add python-h5py package
Add python-libclang
Add python-opt-einsum
Add python-termcolor package
Add python-typing-extensions
Add python3-grpcio
Enable http2 support
Enable modules for TCP Congestion Algorithms
Increase Marketplace image size to 5GB
Livepatched CVE-2022-3543 in kernel 5.15.77.1-1.cm2.
NoPatch kernel to fix CVE-2022-3594, CVE-2022-3542
Nopatch kernel to address CVE-2022-3543
Patch libarchive to fix CVE-2022-36227
Patch libtiff to fix CVE-2022-3597, CVE-2022-3626, CVE-2022-3627, CVE-2022-3599, CVE-2022-3970
Patch libtomcrypt to fix CVE-2019-17362.
Patch mutt to fix CVE-2021-32055
Patch openblas for numpy
Patch openslp to fix CVE-2016-7567, CVE-2017-17833, and CVE-2019-5544.
Patch systemd to fix CVE-2022-3821
Remove deprecated APIs from Python RPM macros.
Remove explicit 'initrd' target from Mariner's toolkit.
Remove incorrect systemd operation
Split out rust-doc subpackage from Rust.
Update Blobfuse2 version to 2.0.0
Update gRPC python package to make it exclusive to AMD64
Update reference in cglib for objectweb-asm to fix runtime dependency
Update toolchain to build coreutils and findutils after libselinux.
Update toolkit's package resolution to accept installed packages.
Update tzdata to version 2022g.
Upgrade Kernel to 5.15.80.1 version to fix CVE-2022-3521, CVE-2022-3542, CVE-2022-3594, CVE-2022-3543
Upgrade bind to version 9.16.33 to fix CVE-2022-2795, CVE-2022-3080
Upgrade cloud-hypervisor to version 27.0.60
Upgrade cython to version 0.29.32 for numpy
Upgrade kata to version 3.0.0
Upgrade kernel-mshv to version 5.15.72
Upgrade libntlm to version 1.6 to fix CVE-2019-17455.
Upgrade libxml2 to version 2.10.3 to fix CVE-2022-40303
Upgrade ntfs-3g to version 2022.10.3 to fix CVE-2022-40284
Upgrade numpy to version 1.23.4
Upgrade php to version 8.1.12 to fix CVE-2022-37454
Upgrade pixman to version 0.42.2 to fix CVE-2022-44638
Upgrade screen to 4.9.0 to fix CVE-2021-26937
Upgrade sudo to version 1.9.12p1 to fix CVE-2022-43995
Upgrade sysstat to version 12.7.1 to fix CVE-2022-39377
Upgrade vim to version 9.0.0982 to fix CVE-2022-4141
1.0.20221202
Patch libarchive for CVE-2022-36227
Patch libxml2 for CVE-2022-40303 and CVE-2022-40304
Patch systemd to fix CVE-2022-3821
Update tzdata to version 2022g.
Upgrade kernel to 5.10.155.1 version to fix CVE-2022-40768 and CVE-2021-4037.
Upgrade vim to version 9.0.0982 to fix CVE-2022-4141
2.0.20221122-2.0
What's Changed
Add kernel-hci-drivers-gpu package
Enable modules for TCP Congestion Algorithms
Patch libtiff to fix CVE-2022-3597, CVE-2022-3626, CVE-2022-3627, CVE-2022-3599, CVE-2022-3970
Update toolkit's package resolution to accept installed packages
Upgrade kernel to version 5.15.79.1 to fix CVE-2022-3594, CVE-2022-3542, CVE-2022-3543
Upgrade sudo to version 1.9.12p1
Full Changelog: 2.0.20221110-2.0...2.0.20221122-2.0
1.0.20221119
What's Changed
Added prebuilt-ca-certificates and tzdata to the distroless minimal container.
Disabled running apparmor LSM at boot time.
Fixed python-twisted binaries conflicts.
Fixed package tests: python-execnet, python-six.
Mitigated CVE-2020-35505 by disabling qemu emulation for am53c974 devices.
Patched libtiff to fix CVE-2022-3597, CVE-2022-3598, CVE-2022-3599, CVE-2022-3626, and CVE-2022-3627.
Patched libtiff to fix CVE-2022-3970.
Patched sqlite to fix CVE-2022-35737.
Updated sudo to version 1.9.12p1 to fix CVE-2022-43995.
Updated sysstat to nopatch CVE-2022-39377.
Updated tzdata to version 2022f.
Upgrade bind to version 9.16.33.
Upgraded curl to version 7.86.0 to fix CVE-2022-42915.
Upgraded golang to 1.18.8 to fix CVE-2022-2879, CVE-2022-2880, CVE-2022-41715, CVE-2022-27664, CVE-2022-32190.
Upgraded httpd to version 2.4.54 to fix CVE-2022-28615 and CVE-2022-31813.
Upgraded kernel to version 5.10.153.1 to address: CVE-2022-3521, CVE-2022-3542, CVE-2022-3586, CVE-2022-3594, CVE-2022-41850, CVE-2022-43750.
Upgraded mysql to version 8.0.31 to fix 20 CVEs.
Upgraded python3-twisted to 22.10.0 to fix CVE-2022-39348.
Upgrades vim to version 9.0.0805 to fix CVE-2022-3705.
Full Changelog: 1.0.20221028-1.0...1.0.20221119-1.0
2.0.20221110
Add package glog version 0.3.5
Add patch to fix CVE-2022-39379 in rubygem-fluentd
Fix conntrack-tools service default configuration to prevent startup failures
Fix typo in CVE-2018-1000097 patch filename in sharutils to ensure detection by CVE tooling
Fix printing built RPMs from spec files
Freezing pytest deps in python-into-dbus-python
Upgrade tzdata to version 2022f
Updated rust test deps to include glibc-static
Upgrade blobfuse2 to preview 4
Upgrade golang to 1.18.8 to fix CVE-2022-2879, CVE-2022-2880, CVE-2022-41715, CVE-2022-27664, CVE-2022-32190
Upgrade bazel to version 4.2.3 to fix CVE-2022-3474
Upgrade helm to version 3.9.4 to fix CVE-2022-36055, CVE-2022-36049
Upgrade vim to version 9.0.0805 to fix CVE-2022-3705
Upgrade Kernel to version 5.15.77.1
Upgrade curl to version 7.86.0
Upgrade httpd to version 2.4.54
Upgrade python-twisted to version 22.10.0
Remove libc dependency from toolkit (CGO_ENABLED=0)
2.0.20221029
Add Instruction to filter gpg-pubkey from rpm cmd's output.
Add Microsoft GPG keys to installer env
Add cairomm package version 1.12.0
Add cpptest package version 1.1.2
Add dbus package provides for dbus-x11 & drop metapackage
Add github check-in action to warn about bumping package versions dependent on glibc-static
Add k-exec-tools to marketplace image
Add kernel-drivers-gpu package
Add krb5.conf to resolve pam_krb5 ptest failure
Add libcroco package version 0.6.13
Add libyang2 to mariner SPECs
Add logrotate conf entry for rsyslog to prevent logs growing too large
Add obsoletes between qemu-common, qemu-virtiofsd
Add python package python-google-auth-oauthlib and move its extended dependencies to the core
Add sgx-backwards-compatability package to marketplace images
Adding sriov-network-device-plugin spec file
Automatic upgrade of tzdata to 2022e
Bump toolkit/tools' cgmanifest.json's listing for ulikunitz/xz to v0.5.10 to match the go.mod version.
Clear libtar CVE-2021-33644 and CVE-2021-33646 (both fixed by earlier patch file)
Create missing systemd accounts
Enable modules for TCP Congestion Algorithms
Fix 4 Python ptests to use a set version of pytest.
Fix 4 rubygem-* packages to obsolete older versions of ruby.
Fix SPEC file import information from CentOS as MIT
Fix perl-CGI, python-pytest-benchmark, and python-requests tests.
Fix chroot cleanup scripts
Fix cloud-init mariner variant not set properly
Fix gpg key import in worker chroot
Fix manifest checks with RPM 4.18
Fix python crypt to work with FIPS
Fix rsyslog.logrotate signature
Fix subsequent Make iso calls from failing (handle space parsing)
Fix tooling to rebuild worker chroot rpm db only when necessary
Fix unbound CVE
Mitigated attended installation regression
Move wireless-regdb and iw to Mariner core repo to resolve failure to load regulatory.db
Patch aspell to fix CVE-2019-25051
Patch libtiff to fix CVE-2022-3570
Patch redis to fix CVE-2022-3647
Patched CVE-2022-34918 with livepatch-5.15.48.1-4.cm2.
Remove 'ming' from SPECS-EXTENDED
Remove autodetected Go modules in toolkit/tools/cgmanifest.json
Update documentation with 2.0 related information and misc. fixes
Update kernel-rt config to build with new glibc
Update maven.spec to use macro instead of hard-coded source URL.
Updated rpmops.sh: added a '/bin/sh' check.
Updated livepatch macros and template to preserve signatures.
Upgrade 'libtasn1' to 4.19.0 to fix CVE-2021-46848.
Upgrade PHP to verion 8.1.11 and promote from SPECS-EXTENDED to SPECS
Upgrade nodejs to version 16.17.1 to fix CVE-2022-32213.
Upgrade cassandra version to 4.0.7
Upgrade dbus to version 1.15.2 to fix CVE-2022-42010,CVE-2022-42011,CVE-2022-42012
Upgrade expat to version 2.5.0 to fix CVE-2022-43680
Upgrade kernel to version 5.15.74.1 to fix CVE-2022-3541, CVE-2022-3544, CVE-2022-41674, CVE-2022-42719, CVE-2022-42703, CVE-2022-42719, CVE-2022-42720, CVE-2022-42721, CVE-2022-42722
Upgrade mod_wsgi to version 4.9.3 to fix CVE-2022-2255
Upgrade mysql to version 8.0.31 to fix CVE-2022-21592,CVE-2022-21594,CVE-2022-21599,CVE-2022-21604,CVE-2022-21608,CVE-2022-21611,CVE-2022-21617,CVE-2022-21625,CVE-2022-21632,CVE-2022-21633,CVE-2022-21635,CVE-2022-21637,CVE-2022-21638,CVE-2022-21640,CVE-2022-21641,CVE-2022-39400,CVE-2022-39402,CVE-2022-39403,CVE-2022-39408,CVE-2022-39410
Upgrade terraform to version 1.32.2 to CVE-2021-36230
Upgrade tidy to 5.8.0
Upgrade wireshark to version 3.4.16 to fix CVE-2022-3190
Upgraded nginx to version 1.22.1 to fix CVE-2022-3638
1.0.20221028
Add logrotate conf entry for rsyslog to prevent logs growing too large
Add support to build Mariner 1.0 on Mariner 2.0 host
Clear CVE-2021-33644 and CVE-2021-33646 for libtar.
Clear CVE-2022-26354 from qemu (this version not impacted)
Fix manifest checks with RPM 4.18
Overwrite 99-dhcp-en.network for marketplace img
Patch libtasn1 to fix CVE-2021-46848
Patch libtiff to fix CVE-2022-3570
Patch redis to fix CVE-2022-3647 .
Patch sos to fix CVE-2022-2806.
Remove autodetected Go modules in toolkit/tools/cgmanifest.json
Removed ARCHIVE_TOOL from toolkit for extraction because tar can figure out what to use on its own. Removal of this argument also allows decompression of archives created through simple packing of already compressed packages, greatly reducing archive creation time.
Update tzdata to 2022e
Upgrade Kernel to 5.10.149.1 to fix or clear CVE-2022-3541, CVE-2022-3543, CVE-2022-3544, CVE-2022-3595 CVE-2022-0171 CVE-2022-3303 CVE-2022-42720 CVE-2022-42721 CVE-2022-42722 CVE-2022-41674 CVE-2022-42719 CVE-2022-42703
Upgrade expat to version 2.5.0 to fix CVE-2022-43680
Upgrade nginx to 1.22.1 to fix CVE-2022-41741, CVE-2022-41742, CVE-2022-3638
Upgrade openssh to 8.9p1 to fix CVE-2021-36368
2.0.20221026-2.0
What's Changed
- Fixed GPG key import during worker chroot creation.
- Patched
libtiffCVE-2022-3570. - Updated 4
rubygem-*packages to obsolete older versions ofruby. - Upgraded 'libtasn1' to 4.19.0 to fix CVE-2021-46848.
- Upgraded
nodejsto version 16.17.1 to fix CVE-2022-32213.
New Contributors
- @liulanze made their first contribution in #3786
- @lukebarone made their first contribution in #3859
- @gapra-msft made their first contribution in #3890
Contributors
Assets 2
CBL-Mariner 2.0 October 2022 Release
PawelWMS
Pawel Winogrodzki
2f2540f
PawelWMS
Pawel Winogrodzki
Important update in glibc: all of the statically-linked libraries have been moved to a separate glibc-static package. Every package depending on these static binaries will now require to include a BuildRequires: glibc-static line in their spec files.
Add automation for generating livepatch packages.
Add csi-driver-lvm.
Add git-lfs and move rubygem-ronn dependencies to SPECS
Add initial support for finalizeImage
Add large file support to unzip
Add option to build a package for a specific architecture
Add python-absl-py package to Mariner
Add python-astunparse package to Mariner
Add support for blobfuse2
Add UEFI support in Mariner partition parser
Fix kernel CVE-2022-3303
Fix moby-engine CVE-2022-24769
Fix python-jwt CVE-2022-39227
Update ca-certificates: September 2022 (2022-10-05) release of Microsoft trusted root CAs
Update csi-driver-lvm by splitting binaries to two packages.
Update dracut, systemd, systemtap: fix log file paths.
Update generate_source_tarball script(s) so they interface with auto-upgrade tool
Update iana-etc: move documents to own subpackage to reduce size of base package
Update kata : add patch to avoid memory hotplug timeout, fix systemd service
Update perl-XML-SAX tarball generation script so it can be used by autopugrade tool
Update rpm to ensure rpm-* ABI compatibility
Update systemd: gpt-auto fixes for backing device detection
Update tzdata to version 2022d.
Upgrade bpftrace version to 0.16.0
Upgrade cassandra to 4.0.6
Upgrade kernel to 5.15.70.1
Upgrade kernel-hci to 5.15.70.1 and other updates from main kernel package
Upgrade libbpf version to 1.0.1
Upgrade vim version 9.0.0614
Upgrade wayland to 1.21.0 to fix CVE-2021-3782
1.0.20221007
Add runtime requirement on iana-etc to fping
Patch gnutls to fix CVE-2021-4209
Patch libvirt to fix CVE-2021-3975
Patch libtiff to fix CVE 2022 2953
Patch mlocate test to adjust deep heirarchy ptest for Mariner
Patch python2 and python3 to fix CVE-2015-20107 (this removes mailcap functionality)
Patch python-mako to fix CVE-2022-40023.
Upgrade cryptsetup to version 2.3.7 to fix CVE-2021-4122
Upgrade Kernel to 5.10.145.1 to fix CVE-2022-1204, CVE-2022-1882, CVE-2022-1973, CVE-2022-2503, CVE-2022-2785, CVE-2022-2873, CVE-2022-2991, CVE-2022-33743, CVE-2022-33744, CVE-2022-36946 CVE-2022-39842
Upgrade mariadb to version 10.3.36 to fix CVE-2022-32091, CVE-2022-38791, CVE-2018-25032 -
Upgrade nghttp2 to version 1.50.0
Upgrade nodejs to version 14.20.1 to fix CVE-2022-32213, CVE-2022-32214, CVE-2022-32215
Upgrade postgresql to version 12.12 to fix CVE-2022-1552
Upgrade vim to version 9.0.0614 to fix multiple CVE's
Update ca-certificates to September 2022 (2022-10-05) release of Microsoft trusted root CAs