Releases: microsoft/azurelinux
2.0.20221004 September monthly 2.0 release
New Core Packages
Add emacs-filesystem subpackage
Add k3s version 1.23.8
Add k3s version 1.25.0
Add kata-containers
Add kube-vip-cloud-provider
Add local-path-provisioner
Add mstflint
Add multus version v3.8
Migrations from Extended to Core
nss_nis
yp-tools
ypbind
New Extended packages
none
Package updates
binutils: fix CVE-2022-38533
cloud-hypervisor: update to v26.0
fribidi: upgrade to version 1.0.12
k3s: bump version v1.23.6 -> v1.24.3
kernel: update to 5.15.67.1
kernel: fix CVE-2021-4155 CVE-2022-2938
kubevirt: upgrade to version 0.55.1
lasso: bump version to 2.8.0 to fix ptest
libbpf: bump version to 1.0.0
libjpeg-turbo: update to 2.1.4 to fix CVE-2020-35538
libnvidia-container: update to v1.11.0
libtiff: Patch CVE-2022-2953
mariadb: update to v10.6.9 to fix CVE-2022-32091, CVE-2022-32081
msft-golang - upgrade to 1.19.1-1
ncurses: update to 6.3 [patch 20220612] to fix CVE-2022-29458
nvidia-container-runtime: update to v3.11.0
nvidia-container-toolkit: update to v1.11.0
openblas: upgrade to 0.3.21 to fix CVE-2021-4048
postgresql: upgrade to version 14.5
pyflakes: bump version to 2.5.0 to fix ptest
python3: update to 3.9.14 to fix CVE-2020-10735
python-mako: version update CVE-2022-40023
python-tornado: bump version to 6.2.0
rpm: Upgrade to 4.18.0-rc1 to resolve CVE-2021-3521, CVE-2021-35938 and CVE-2021-35939
rpm: ensure rpm subpackage ABI compatability
rust: update to v1.62.1
rubygem-faraday: update to v.2.5.2
sos: update to 4.4
virglrenderer: patch CVE-2022-0175
xmlsec1: update to 1.2.34 to fix openscap build break
Other
audiofile: disable %check section to fix ptest pipeline break
ccache: add symlinks to ccache
clamav: Add preinstall/postuninstall requirement on shadow-utils
cppcheck: fix testrunner binary path to enable ptest
[fedramp]: Security changes to meet Azure security baseline
flac: bump version to 1.3.4 & run %check as non-root to fix ptest
grub2: add patch for reseting grub_errno
kata-containers: Generate initrd for guest on reload
kata-containers: Match Guest and Host cgroup setup and expose required devices from kata
kata-containers: set DEFSANDBOXCGROUPONLY to false
KeysInUse-OpenSSL: fix permission & simplify package install
kernel: Add 32bit time syscall support
kernel: Add SCSI logging facility
kernel: enable CONFIG_VFAT_FS
kernel: Enable kernel config CONFIG_NETFILTER_XT_TARGET_TRACE as a module
kernel: initial kernel config changes for criu
kernel: adjust crashkernel param based on available ram
libsemanage: Do not ignore /root.
livepatching: add package for livepatches management. make exclusive to x86_64.
mariadb - fix upgrade by adding shadow-utils pre/postun requirement
mock: add BR on python3-pip & drop un-needed deps to enable ptest
node-problem-detector: added arm64 support which is needed to support ARM64 AKS
perl-Config-IniFiles: add BR on perl(blib) to enable ptest
perl-Fedora-VSP: add BR on perl(Test::More) to fix ptest
perl-List-MoreUtils: add BR on perl-{(Math::Trig),(Test::More),(Tie::Array)} to enable ptest
perl-Module-Build: add BR on perl-{(ExtUtils::*),(CPAN::*)} to enable ptest
perl-Module-ScanDeps: add BR on perl-{(CPAN::*),(FindBin),(Test::More)} to enable ptest
perl-Net-SSLeay: add missing BRs & skip two failing tests
perl-NetAddr-IP: add BR on perl-{(Autoloader),(Test::More)} to enable ptest
perl-Try-Tiny: add BR on perl(Test::More) to fix ptest build
perl-Unicode-LineBreak: add BR on perl(FindBin) to fix ptest build
perl-YAML: add BR on perl(ExtUtils::MakeMaker) & cpan to enable ptest
perl-namespace-clean: add BR on perl-debugger to enable ptest
python-kdcproxy: add BR on python-pip and drop BR on pytest to enable ptest
python-ntlm-auth: add BR on pip & drop BR on pytest to enable ptest
python-suds: add BR on python3-pip & drop python3-pytest to enable ptest
reaper: fix install errors
rust: build as a stable release and disable unstable features
selinux-policy: Fix issue with preinst on systems that do not have selinux-policy. Various updates.
systemd: sysusers fsync patch
toolkit: Enable package repo generation and network config for non-kickstart like ISO installation
toolkit: added RPMs snapshots.
toolkit: Skip compression on rpm/srpm archives
toolkit: Fix networkconfig test case
toolkit: Added an additional chrony config with updated version
toolkit: Adding grubenv file by default.
xdelta: run %check section via a non-root user to fix ptest build
1.0.20220926
Patch rpm to fix CVE-2021-3521
Patch python-mako to fix CVE-2022-40023.
Upgrade expat to 2.4.9 to fix CVE-2022-40674
Upgrade kernel to version 5.10.144.1 to fix CVE-2022-3028 CVE-2022-39188 CVE-2022-39190 CVE-2022-3202 CVE-2022-41222, CVE-2021-33655, CVE-2022-1263, CVE-2022-1508, CVE-2022-1976, CVE-2022-2905, CVE-2022-2977, CVE-2022-3077, CVE-2022-3078, CVE-2022-3170, CVE-2022-40307, CVE-2022-40476
Upgrade libjpeg-turbo version to 2.1.4 to fix CVE-2020-35538 CVE-2022-0850 CVE-2022-1043 CVE-2022-1198 CVE-2022-1199 CVE-2022-1205 CVE-2022-2153
Upgrade powershell to version 7.2.6
Upgrade tzdata to version 2022d.
Upgrade vim to version 9.0.0404
CBL-Mariner 2.0 September 2022 Update 3
New Core Packages
none
Migrations from Extended to Core
none
New Extended packages
none
Package updates
expat: fix CVE-2022-40674
mariner-release: update to 2.0.21
Other
None
CBL-Mariner 2.0 September 2022 Update 2
New Core Packages
none
Migrations from Extended to Core
none
New Extended packages
none
Package updates
cloud-init: update to 22.2-8 to resolve regressions seen with cloud-init version 22.2-7
mariner-release: update to 2.0.20
Other
None
CBL-Mariner 2.0 September 2022 Update
New Core Packages
none
Migrations from Extended to Core
none
New Extended packages
none
Package updates
cert-manager: update to 1.7.3
colord: CVE-2021-42523
dpkd: bump version to 21.11.2 to address CVE-2022-2132
go: update to 1.17.13, 1.18.5 to fix: CVE-2022-1705, CVE-2022-1962, CVE-2022-28131, CVE-2022-29526, CVE-2022-29804, CVE-2022-30580, CVE-2022-30629, CVE-2022-30630, CVE-2022-30631, CVE-2022-30632, CVE-2022-30633, CVE-2022-30634, CVE-2022-30635, CVE-2022-32148, CVE-2022-32189
libtar: Pull misc Fedora patches, fix CVE-2021-33643, CVE-2021-33644, CVE-2021-33645, CVE-2021-33646
libxml2: fix CVE-2022-2309
python-lxml: fix CVE-2022-2309
nodejs: fix npm version
python3: fix CVE-2021-28861, CVE-2015-20107
qemu: fix CVE-2021-4158, CVE-2022-35414
rubygem-yajl-ruby: fix CVE 2022 24795
virglrenderer: fix CVE-2022-0135
vim: upgrade to 9.0.0325 to fix CVE-2022-2980, CVE-2022-2982, CVE-2022-2923, CVE-2022-2946
Other
None
1.0.20220909
Mariner 1.0 September 2022 Update
kernel: Add 32bit time syscall support
kernel: Address CVE-2021-4135 CVE-2022-2380 CVE-2022-1158
kernel: CVE-2022-36123 nopatch
Update tzdata to version 2022c.
Fix file mode on toolchain scripts
Fix freshclam db download for clamav
Patch dpdk for CVE-2022-2132
Patch glibc to fix CVE-2021-3999
Patch libtar to fix CVE-2021-33643, CVE-2021-33644, CVE-2021-33645, CVE-2021-33646
Patch libtirpc to fix CVE-2021-46828
Patch libxml2 and python-lxml to fix CVE-2022-2309
Patch openvswtich to fix CVE-2021-3905
Patch python3 to fix CVE-2021-28861
Patch qemu-kvm to fix CVE-2022-35414
Upgrade ceph to 16.2.10 to fix CVE-2022-0670
Upgrade go 1.17 to 1.17.13 to fix CVE-2022-1705, CVE-2022-1962, CVE-2022-28131, CVE-2022-29804, CVE-2022-30580, CVE-2022-30629, CVE-2022-30630, CVE-2022-30631, CVE-2022-30632, CVE-2022-30633, CVE-2022-30634, CVE-2022-30635, CVE-2022-32148, CVE-2022-32189
Upgrade go 1.18 to 1.18.5 to fix CVE-2022-1705, CVE-2022-1962, CVE-2022-29526, CVE-2022-28131, CVE-2022-30630, CVE-2022-30631, CVE-2022-30632, CVE-2022-30633, CVE-2022-30635, CVE-2022-32148, CVE-2022-32189
Upgrade gzip version to 1.12 to fix CVE-2022-1271
Upgrade kernel to 5.10.134.1 to fix CVE-2021-3736, CVE-2022-3687
Upgrade libinput to 1.16.5 and patch for CVE-2022-1215 (in CBL-MarinerCoreUI Repo: microsoft/CBL-MarinerCoreUI#101)
Upgrade vim to 9.0.0360 to fix CVE-2022-2571, CVE-2022-2580, CVE-2022-2581, CVE-2022-2598, CVE-2022-2816, CVE-2022-2817,CVE-2022-2819, CVE-2022-3099, CVE-2022-2982, CVE-2022-2946, CVE-2022-3016, CVE-2022-3037
CBL-Mariner 2.0 August 2022 Update 2
New Core Packages
containerized-data-importer
perl-XML-LibXML
KeysInUse-OpenSSL
Add rubygems required for building td-agent
Migrations from Extended to Core
bluez
libicall
libel
nss_wrapper
pam_wrapper
rubygem-asciidoctor
rubygem-rspec
socket_wrapper
uid_wrapper
New Extended packages
None
Package updates
update gnutls to 3.7.7
update nodejs to v16.16.0 to address cves
xterm: bump version to 372 to address CVE-2021-27135
zlib: patch CVE-2022-37434
Bump exempi release to rebuild with zlib's CVE-2022-37434 fix
Update ceph to v16.2.10 to address CVE-2022-0670
Update gnupg2 to 2.3.7 to resolve CVE-2022-34903
Update helm version 3.9.3
Upgrade cassandra version to 4.0.5
busybox: patch CVE-2022-30065
e2fsprogs: patch CVE-2022-1304
tzdata: update package to version 2022b.
unbound: bump version to 1.16.2 to address CVE-2022-30698
rsync: bump version to 3.2.5 to address CVE-2022-29154
sqlite: bump version to 3.39.2 to address CVE-2022-35737
libtiff: patch CVE-2022-34526
libtirpc: bump verison to 1.3.3 to address CVE-2021-46828
lldpd: bump version to 1.0.14 to address CVE-2020-27827
freetype: bump version to 2.12.1 to address CVE-2022-{27405,27406}
m2crypto: patch CVE-2020-25657
openssl: align release number with 2.0 state.
perl-DBD-SQLite: add BR on perl(Test::More) & perl(Digest::MD5) to fix ptest
perl-DBI: add BR on perl(blib) & perl(Test::More) to fix ptest
perl-DBIx-Simple: add BR on perl(Test::More) to fix ptest
perl-Exporter-Tiny: add BR on perl(Test::More) to fix ptest
perl-File-HomeDir: add BR on perl-{(ExtUtils::MakeMaker),(Test::More)} to enable ptest
perl-IO-Socket-SSL: add BR on perl(ExtUtils::MakeMaker) & check deps to enable ptest
perl-JSON-Any: add BR on perl(ExtUtils::MakeMaker) & cpan to enable ptest
perl-JSON-XS: add BR on perl(ExtUtils::MakeMaker) & perl(Test::*) to enable ptest
perl-Object-Accessor: add BR on perl(ExtUtils::MakeMaker) & check deps to enable ptest
perl-Path-Class: add BR on perl-{(Test),(Test::More),(Perl::OSType)} to enable ptest
perl-Pod-POM: add BR on perl(FindBin) to enable ptest
perl-Test-Deep: promote to SPECS to fix ptest for perl-CPAN-Meta-Check
perl-Test-Warnings: add BR on perl(Test::More) to enable ptest
perl-YAML-Tiny: add BR on perl(JSON::PP) & perl(Test::More) to fix ptest
perl-generators: add BR on perl(Fedora::VSP) to fix ptest build
perl-libintl: add BR on perl-{(ExtUtils::MakeMaker),(Test)} to enable ptest
python-pexpect: disable flaky spawn_uses_env test.
Other
Mariner RT kernel: enable CONFIG_PCI_PF_STUB and CONFIG_VFIO_NOIOMMU
Mariner kernel: enable CONFIG_SECURITY_LANDLOCK and CONFIG_BLK_DEV_ZONED for x86_64
toolchain: update steps to build with latest libarchive.
tools: safechroot: TestInitializeShouldCreateChroot: fix if condition
Building reaper only for x86_64 architecture
update cloud-init service to add sysinit.target dependency
fix cloud-init dependency issue
CBL-Mariner 1.0 August 2022 Update 2
Package updates:
- curl: update to version 7.84.0 to fix CVE-2022-32207.
- freetype: update to version 2.12.1 to fix CVE-2022-27405 and CVE-2022-27406.
- kernel: nopatch CVE-2022-1012.
- libarchive: update to version 3.6.1 to fix CVE-2021-36976.
- mariner-release: bump 'Release' tag for August Update 2.
- tzdata: update to latest version 2022b.
- vim: update version to 9.0.0181 to fix CVE-2022-2522, CVE-2022-2571, CVE-2022-2580, CVE-2022-2581.
- zlib: patch CVE-2022-37434.
CBL-Mariner 2.0 August 2022 Update
New core packages
ctags
knem
mlnx-ofa_kernel
mlx-bootctl
mlx-tools
ofed-scripts
pam_krb5
perftest
python-botocore
python-cassandra-driver
python-retrying
skopeo
xxhash
Migrations from extended to core
authd
freeipmi
iptraf
ksh
libreswan
lldpd
nfs4-acl-tools
postfix
symlinks
ucx
New extended packages
umoci
Package updates
blobfuse: update version to 1.4.4
ca-certificates: June 2022 (2022-08-02) release of Microsoft trusted root CAs
fluent-bit: update version to 1.9.6.
grub2: remove provides from unsigned grub2
k3s: fix install to allow VHDX integration.
kernel: upgrade to version 5.15.57.1
ldns: handle current CVEs
openssl: fix test failure
perl-CGI: add BR on cpan & perl(Test::*) to enable ptest
perl-Crypt-SSLeay: add BR on perl(Test::More) & perl(Bytes::Random::Secure) to enable ptest
perl-File-Find-Object-Rule: add BR on perl(blib) to enable ptest
perl-File-Which: add BR on perl-{(Env),(ExtUtils::MakeMaker),(Test::More)} to enable ptest
perl-Object-Deadly: add an explicit BR on perl(English) to enable ptest
python-click: migrate to 'SPECS' folder and bump version to 8.0.4.
python-requests-mock: switch to tox for testing
python-testscenarios: add BR on pip to enable ptest
python-whoosh: pip install wheel in %check section to enable ptest
sysbench: fixe ptest issue.
Other
Fix network access check during package repo file generation
CBL-Mariner 1.0 August 2022 Update
Package updates:
ca-certificates: June 2022 (2022-08-02) release of Microsoft trusted root CAs
clang: add clang-libs subpackage
kernel: update to 5.10.131.1
selinux: backport changes for interactive container use, fds manipulation and minor fixes
mariner-repos: add source repos for base, update, ui, preview and preview-ui
vim: update version from 8.2.5172 to 9.0.0050
CVES
libtiff CVEs: 2022-2056, 2022-2057, 2022-2058
nodejs: upgrade to v14.20.0 to fix CVEs 2022-32213, 2022-32214, 2022-32215
postgresql: upgrade to v12.8 to fix CVE-2021-3677
python-jinja2: update to v2.11.3 to fix CVE-2020-28493
python2: patch CVE-2022-3733
kernel: CVE-2022-32296, CVE-2022-1652, CVE-2022-1786, CVE-2022-0854, CVE-2021-20194, CVE-2021-32078, CVE-2021-37159