Releases: microsoft/azurelinux
1.0.20230208
Clear openvswitch CVE-2021-3905
Modify toolchain build sequence
Patch OpenSSL for CVE-2022-4304, CVE-2022-4450, CVE-2023-0215, CVE-2023-0286
Patch cmake for CVE-2022-43551
Patch dbus for CVE-2022-42010, CVE-2022-42011, CVE-2022-42012
Patch libtar for CVE-2021-33640
Patch libtiff for CVE-2022-48281
Patch mozjs60 to address CVE-2023-22895
Patch tpm2-tss for CVE-2023-22745
Upgrade apr-util to 1.6.3 for CVE-2022-25147
Upgrade etcd to 3.4.23 to address CVE-2022-3064
Upgrade git to 2.33.6 to address CVE-2022-23521 and CVE-2022-41903
Upgrade httpd to version 2.4.55 for CVE-2022-36760
Upgrade kernel to 5.10.167.1 version CVE-2023-23454 CVE-2023-23455 CVE-2023-0394 CVE-2022-47929 CVE-2022-41858
Upgrade vim to 9.0.1247 to fix CVE-2023-0512 and CVE-2023-0433
2.0.20230126-2.0
New SPECS-EXTENDED packages:
SDL2: Add package version 2.24.9
SDL: add version 1.2.15
SDL_sound: add package version 1.0.3
alsa-firmware: add package version 1.2.4
alsa-plugins: add package version 1.2.7.1
cdparanoia: Add package version 10.2
cdrdao: Add package version 1.2.4
fftw: Add package version 3.3.10
gstreamer1-plugins-base: Add package version 1.20.0
libao: Add package version 1.2.0
libcanberra: Add package version 0.30
liblouis: add version 3.24.0
libmikmod: Add package version 3.3.11.1
libomxil-bellagio: add version 0.9.3
libsamplerate: Add package version 0.2.2
libwpg: add version 0.3.3
lilv: Add package version 0.24.14
linuxconsoletools: Add package version 1.8.1
lv2: Add package version 1.18.8
pipewire: Add package version 0.3.60
pulseaudio: Add package version 16.1
python-rdflib: Add package version 6.2.0
sratom: Add package version 0.6.10
zopfli: add version 1.0.3
zziplib: add package version 0.13.72
Package updates:
application-gateway-kubernetes-ingress – bump release to regenerate source and vendor code to fix CVE-2021-4235, CVE-2022-3064
coredns and etcd: create script to generate vendored modules tarball for etcd and coredns
curl - build with HTTP/2 support
dmraid - replace crontabs requirement with cronie
git - update to v2.33.6 to address critical CVE-2022-23521 & CVE-2022-41903
golang - upgrade to 1.19.4
golang – add 1.18 spec
kernel - CVE-2022-41858
kernel - add missing BuildRequires
kernel - upgrade to 5.15.87.1 version
libkcapi - Fixing 'Obsoletes' and 'Provides' for 'fipscheck' and 'hmaccalc' subpackages.
libtar: patch CVE-2021-33640
logwatch - replace crontabs requirement with cronie
ltp – add missing dependencies
prometheus – update from 2.36.0 to 2.37.0
pytest - Added missing runtime dependencies
python-certifi – update to version 2022.12.07 to address CVE-2022-23491
rear – replace crontabs requirement with cronie
systemd – update to address CVE-2022-4415
tensorflow – add missing deps
vim - update to 9.0.1189 to fix CVE-2023-0288
Removed packages:
crontabs – removed from SPECS-Extended
Tooling changes:
Github: add .gitattributes file for GitHub linguist attributes
Toolkit: CGroupsV2 Toggle Optionality for Mariner 2.0 Images
Toolkit: add ISO image verification instructions
Toolkit: add Microsoft repo to PACKAGE_URL_LIST
Toolkit: clear SRPM pack list file when SRPM_PACK_LIST argument is empty
Toolkit: fix missing dependency tracking for spec sources, refactor Makefile to skip shell commands during dry-run
Toolkit: fixed mariner_rpmspec command.
Toolkit: improve robustness of ISO initrd builds
Toolkit: move package repo update implementation to earlier stage in image build process
Toolkit: update cloud-int.cfg lock-passwd to lock_passwd
Toolkit: update documentation with packages.microsoft.com repo structure info
Toolkit: worked around RPM package resolution bug.
1.0.20230123
Patch curl to fix patch CVE-2022-43551
Patch krb5 to fix CVE-2022-42898
Upgrade heimdal to 7.7.1 to fix CVE-2021-44758, CVE-2022-42898, CVE-2022-41916, and CVE-2022-44640
Upgrade kernel to 5.10.162.1
Upgrade openvswitch to 2.15.7 to fix CVE-2022-4337, and CVE-2022-4338
Upgrade vim to 9.0.1189 to fix CVE-2023-0288, CVE-2023-0049, CVE-2023-0054, and CVE-2023-0051
2.0.20230107
Add aide package
Add apache-commons-beanutils package version 1.9.4
Add apache-commons-dbcp package version 2.1.1
Add apache-commons-digester package version 2.1
Add apache-commons-jexl package version 2.1.1
Add apache-commons-pool package version 1.6
Add apache-commons-pool2 package version 2.4.2
Add apache-commons-validator package version 1.5.0
Add apache-commons-vfs2 package version 2.2
Add libreport package version 2.13.1
Add libtheora package version 1.1.1
Add missing TensorFlow deps
Add package libosinfo, osinfo-db & osinfo-db-tools
Add package libucil & libunicap
Add package libwpd version 0.10.3
Bump Mariner Release for January 2023 Update
Clear CVE-2022-4515 for ctags
Clear kernel-hci CVE-2007-4998, CVE-2022-47520 CVE-2022-47521 CVE-2022-45934 CVE-2022-47518 CVE-2022-47519 CVE-2022-3545 CVE-2007-4998
Enabled helm self checks
Increasing marketplace images os disk size to 5GB
Kernel upgrade to 5.15.86.1 version to fix or clear CVE-2022-3545, CVE-2022-45934, CVE-2022-47518, CVE-2022-47519, CVE-2022-47520, CVE-2022-47521, CVE-2022-47938, CVE-2022-47941, CVE-2022-47942, CVE-2022-47943, CVE-2022-47518 CVE-2022-47519 CVE-2022-47520 CVE-2022-47521,
Patch CVE-2022-47943 for kernel HCI
Patch device-mapper-multipath to fix CVE-2022-41973, CVE-2022-41974 -
Patch grub2 for CVE-2022-2601
Patch qemu for CVE-2021-3929 and CVE-2021-4207
Upgrade helm to 3.10.3 to fix CVE-2022-23524
Upgrade kubevirt to 0.58.0
Upgrade libksba to 1.6.3 to fix CVE-2022-47629
1.0.20230106-1.0
Patch grub2 to fix CVE-2022-2601
Patch helm to fix CVE fix CVE-2022-23525 and CVE-2022-23526
Patch kernel to fix CVE-2022-3545 CVE-2022-47518 CVE-2022-47519 CVE-2022-47520 CVE-2022-47521 and CVE-2022-45934
Patch libksba to fix CVE-2022-47629
Patch python-setuptools to fix CVE-2022-40897
Patch qemu-kvm to fix CVE-2021-4207 and CVE-2022-3872
Upgrade kernel to 5.10.161.1
2.0.20221222
Add -nv --no-clobber to toolchain wget
Add a comment to ensure scan vendors are contacted before any rpm que…
Add compiler-rt package for clang options like code coverage to work
Add config to create qcow image
Add iwd package version 1.22
Add lensfun package version 0.3.2
Add libnetfilter_log SPEC to Mariner
Add package suitesparse version 5.4.0
Add patch to sqlite to resolve CVE-2022-46908
Add toolkit ccache support with USE_CCACHE
Added selinux-policy macros to fix openvswitch-selinux-policy installation.
Added the Linux Test Project kernel testing tools.
Adding in the hwdata and gawk dependencies
Backport upstream fix in containerd to add ptrace readby and tracedby to default AppArmor profile
Change "demo" to "tutorial" wording changes (CBL-MarinerDemo Repo renamed to CBL-MarinerTutorials)
Clear Kernel CVE-1999-0656 and CVE-2007-4998
Corrected typo in building instructions
Enable Generic Target Core Mod in kernel
Enable hibernation in kernel
Enable transparent hugepage for kernel-mshv
Extended Boost with the boost_stacktrace_backtrace library.
Fix CVE-2022-41880 and CVE-2022-41900: Update TensorFlow to 2.11.0
Fix apache-commons-compress package install failure due to missing runtime dependency
Fix certain failing python tests by specifying explicity tox version (packages cannot use tox 4.0.0+)
Fix generation 2 boot order during iso installation
Fix nodejs SPEC file to reference artistic 2.0 license
Fix rubygem-bundler provides with obsoletes
Gate systemd's preset-all so it runs only on first install
Improved ltp package clean-up.
Mitigate CVE-2022-4144 by avoiding buffer overrun in qxl_phys2virt
Moving php-pear to core & adding php-pecl-zip
Patch QEMU to fix CVE-2022-3872
Patch curl to resolve CVE-2022-43551 and CVE-2022-43552
Patch emacs for CVE-2022-45939
Patch golang to resolve CVE-2022-41717
Patch helm to address CVE-2022-23525 and CVE-2022-23526
Patch libconfuse for CVE-2022-40320
Patch python3 for CVE-2022-37454
Patch python3 for CVE-2022-42919
Patch python3 for CVE-2022-45061
Patch systemd to address CVE-2022-45873
Patched llvm to fix periodic crashes during DWARF finalization
Reduce initrd image size in Mariner 2.0
Removed libbacktrace.a from the default gcc package.
Update CH to v28.0, kernel-mshv to v5.15.80
Update TensorFlow correct package name
Update heimdal for CVE-2022-41916
Update k3s vendor tarball with the corrected versions of the dependencies
Update strongswan for CVE-2022-40617
Updated Microsoft trusted root CAs. Release: October 2022 (2022-12-05).
Upgrade Blobfuse2 to 2.0.1
Upgrade Kernel to 5.15.82.1 to fix CVE-2022-1204, CVE-2022-2785, CVE-2022-3104 CVE-2022-3105 CVE-2022-3106 CVE-2022-3107 CVE-2022-3108 CVE-2022-3110 CVE-2022-3111 CVE-2022-3112 CVE-2022-3113 CVE-2022-3115, CVE-2022-3344, CVE-2022-3586, CVE-2022-3595, CVE-2022-3910, CVE-2022-4127, CVE-2022-40768, CVE-2022-41849, CVE-2022-41850, CVE-2022-43945, CVE-2022-45869,
Upgrade bazel to version 5.3.2
Upgrade moby-containerd to 1.6.12 to fix CVE-2022-23471
Upgrade nodejs to version 16.18.1 to fix CVE-2022-43548
Upgrade ruby to version 3.1.3 to resolve CVE-2021-33621
Note on Rubygem-bundler w/tdnf:
"tdnf install ruby rubygem-bundler" will complain that ruby obsoletes the rubygem and won't install even though the provides are the same and the version is a strict upgrade.
"tdnf install rubygem-bundler" will install old ruby + the gem, then "tdnf update ruby" will correctly swap to the new one and obsolete the gem. DNF handles this situation correctly, but TDNF does not.
1.0.20221220
Add ephemeral disk warning to WALinuxAgent
Fixed updating from ca-certificates-microsoft to ca-certificates.
Patch glib to fix CVE-2021-3800.
Patch gnutls to fix CVE-2022-2509
Patch golang to fix CVE-2022-41717.
Patch moby-containerd for CVE-2022-23471.
Patch rsync to fix cve CVE-2022-29154
Removed TDNF's dependency on RPM.
Revert apparmor disable change
Updated Microsoft trusted root CAs. Release: October 2022 (2022-12-05).
Upgrade kenrl to 5.10.158.1 to fix CVE-2022-3104 CVE-2022-3105 CVE-2022-3106 CVE-2022-3107 CVE-2022-3111 CVE-2022-3112 CVE-2022-3113 CVE-2022-3115
Upgrade nodejs to version 14.21.1 to fix CVE-2022-3602_CVE-2022-3786_CVE-2022-43548
patch python3 to fix CVE-2022-37454
patch unbound to fix CVE-2022-3204
2.0.20221215
Add nodejs reference to artistic-2.0 license
Enable hibernation in kernel
Patch kernel for CVE-2022-45869, CVE-2022-1204, CVE-2022-2785, CVE-2022-3586, CVE-2022-3595, CVE-2022-3910, CVE-2022-40768, CVE-2022-4127, CVE-2022-41849, CVE-2022-41850, CVE-2022-43945, CVE-2022-3344
Patch kernel-hci for CVE-2022-40768, CVE-2022-41850, CVE-2022-2785, CVE-2022-41849, CVE-2022-43945, CVE-2022-3595, CVE-2022-3910, CVE-2022-3344, CVE-2022-4127, CVE-2022-1204, CVE-2022-3586
Patch python3 to fix CVE-2022-37454, CVE-2022-42919, CVE-2022-45061
Patch to sqlite to resolve CVE-2022-46908
Update the k3s vendor tarball with the corrected versions of the dependencies
Upgrade TensorFlow to version 2.11.0 to fix CVE-2022-41880 and CVE-2022-41900
Upgrade kernel to version 5.15.82.1
Upgrade nodejs to version 16.18.1 to fix CVE-2022-43548
2.0.20221203
Add %{dist} macro to mariner-rpm-macros
Add ORBit2 version 2.14.19
Add Tensorflow
Add adcli package version 0.9.2
Add ephemeral-disk-warning.service
Add execute permissions for grpc's generate_source_tarball.sh
Add grubenv file and standard modification ability to mariner
Add kernel-hci-drivers-gpu
Add kernel-hci-signed
Add package xmlrpc-c version 1.54.06
Add prebuilt-ca-certificates and tzdata to 2.0 distroless minimal container
Add python-flatbuffers
Add python-gast
Add python-google-pasta
Add python-h5py package
Add python-libclang
Add python-opt-einsum
Add python-termcolor package
Add python-typing-extensions
Add python3-grpcio
Enable http2 support
Enable modules for TCP Congestion Algorithms
Increase Marketplace image size to 5GB
Livepatched CVE-2022-3543 in kernel 5.15.77.1-1.cm2.
NoPatch kernel to fix CVE-2022-3594, CVE-2022-3542
Nopatch kernel to address CVE-2022-3543
Patch libarchive to fix CVE-2022-36227
Patch libtiff to fix CVE-2022-3597, CVE-2022-3626, CVE-2022-3627, CVE-2022-3599, CVE-2022-3970
Patch libtomcrypt to fix CVE-2019-17362.
Patch mutt to fix CVE-2021-32055
Patch openblas for numpy
Patch openslp to fix CVE-2016-7567, CVE-2017-17833, and CVE-2019-5544.
Patch systemd to fix CVE-2022-3821
Remove deprecated APIs from Python RPM macros.
Remove explicit 'initrd' target from Mariner's toolkit.
Remove incorrect systemd operation
Split out rust-doc subpackage from Rust.
Update Blobfuse2 version to 2.0.0
Update gRPC python package to make it exclusive to AMD64
Update reference in cglib for objectweb-asm to fix runtime dependency
Update toolchain to build coreutils and findutils after libselinux.
Update toolkit's package resolution to accept installed packages.
Update tzdata to version 2022g.
Upgrade Kernel to 5.15.80.1 version to fix CVE-2022-3521, CVE-2022-3542, CVE-2022-3594, CVE-2022-3543
Upgrade bind to version 9.16.33 to fix CVE-2022-2795, CVE-2022-3080
Upgrade cloud-hypervisor to version 27.0.60
Upgrade cython to version 0.29.32 for numpy
Upgrade kata to version 3.0.0
Upgrade kernel-mshv to version 5.15.72
Upgrade libntlm to version 1.6 to fix CVE-2019-17455.
Upgrade libxml2 to version 2.10.3 to fix CVE-2022-40303
Upgrade ntfs-3g to version 2022.10.3 to fix CVE-2022-40284
Upgrade numpy to version 1.23.4
Upgrade php to version 8.1.12 to fix CVE-2022-37454
Upgrade pixman to version 0.42.2 to fix CVE-2022-44638
Upgrade screen to 4.9.0 to fix CVE-2021-26937
Upgrade sudo to version 1.9.12p1 to fix CVE-2022-43995
Upgrade sysstat to version 12.7.1 to fix CVE-2022-39377
Upgrade vim to version 9.0.0982 to fix CVE-2022-4141
1.0.20221202
Patch libarchive for CVE-2022-36227
Patch libxml2 for CVE-2022-40303 and CVE-2022-40304
Patch systemd to fix CVE-2022-3821
Update tzdata to version 2022g.
Upgrade kernel to 5.10.155.1 version to fix CVE-2022-40768 and CVE-2021-4037.
Upgrade vim to version 9.0.0982 to fix CVE-2022-4141