Releases: microsoft/azurelinux
CBL-Mariner 2.0 September 2022 Update
New Core Packages
none
Migrations from Extended to Core
none
New Extended packages
none
Package updates
cert-manager: update to 1.7.3
colord: CVE-2021-42523
dpkd: bump version to 21.11.2 to address CVE-2022-2132
go: update to 1.17.13, 1.18.5 to fix: CVE-2022-1705, CVE-2022-1962, CVE-2022-28131, CVE-2022-29526, CVE-2022-29804, CVE-2022-30580, CVE-2022-30629, CVE-2022-30630, CVE-2022-30631, CVE-2022-30632, CVE-2022-30633, CVE-2022-30634, CVE-2022-30635, CVE-2022-32148, CVE-2022-32189
libtar: Pull misc Fedora patches, fix CVE-2021-33643, CVE-2021-33644, CVE-2021-33645, CVE-2021-33646
libxml2: fix CVE-2022-2309
python-lxml: fix CVE-2022-2309
nodejs: fix npm version
python3: fix CVE-2021-28861, CVE-2015-20107
qemu: fix CVE-2021-4158, CVE-2022-35414
rubygem-yajl-ruby: fix CVE 2022 24795
virglrenderer: fix CVE-2022-0135
vim: upgrade to 9.0.0325 to fix CVE-2022-2980, CVE-2022-2982, CVE-2022-2923, CVE-2022-2946
Other
None
1.0.20220909
Mariner 1.0 September 2022 Update
kernel: Add 32bit time syscall support
kernel: Address CVE-2021-4135 CVE-2022-2380 CVE-2022-1158
kernel: CVE-2022-36123 nopatch
Update tzdata to version 2022c.
Fix file mode on toolchain scripts
Fix freshclam db download for clamav
Patch dpdk for CVE-2022-2132
Patch glibc to fix CVE-2021-3999
Patch libtar to fix CVE-2021-33643, CVE-2021-33644, CVE-2021-33645, CVE-2021-33646
Patch libtirpc to fix CVE-2021-46828
Patch libxml2 and python-lxml to fix CVE-2022-2309
Patch openvswtich to fix CVE-2021-3905
Patch python3 to fix CVE-2021-28861
Patch qemu-kvm to fix CVE-2022-35414
Upgrade ceph to 16.2.10 to fix CVE-2022-0670
Upgrade go 1.17 to 1.17.13 to fix CVE-2022-1705, CVE-2022-1962, CVE-2022-28131, CVE-2022-29804, CVE-2022-30580, CVE-2022-30629, CVE-2022-30630, CVE-2022-30631, CVE-2022-30632, CVE-2022-30633, CVE-2022-30634, CVE-2022-30635, CVE-2022-32148, CVE-2022-32189
Upgrade go 1.18 to 1.18.5 to fix CVE-2022-1705, CVE-2022-1962, CVE-2022-29526, CVE-2022-28131, CVE-2022-30630, CVE-2022-30631, CVE-2022-30632, CVE-2022-30633, CVE-2022-30635, CVE-2022-32148, CVE-2022-32189
Upgrade gzip version to 1.12 to fix CVE-2022-1271
Upgrade kernel to 5.10.134.1 to fix CVE-2021-3736, CVE-2022-3687
Upgrade libinput to 1.16.5 and patch for CVE-2022-1215 (in CBL-MarinerCoreUI Repo: microsoft/CBL-MarinerCoreUI#101)
Upgrade vim to 9.0.0360 to fix CVE-2022-2571, CVE-2022-2580, CVE-2022-2581, CVE-2022-2598, CVE-2022-2816, CVE-2022-2817,CVE-2022-2819, CVE-2022-3099, CVE-2022-2982, CVE-2022-2946, CVE-2022-3016, CVE-2022-3037
CBL-Mariner 2.0 August 2022 Update 2
New Core Packages
containerized-data-importer
perl-XML-LibXML
KeysInUse-OpenSSL
Add rubygems required for building td-agent
Migrations from Extended to Core
bluez
libicall
libel
nss_wrapper
pam_wrapper
rubygem-asciidoctor
rubygem-rspec
socket_wrapper
uid_wrapper
New Extended packages
None
Package updates
update gnutls to 3.7.7
update nodejs to v16.16.0 to address cves
xterm: bump version to 372 to address CVE-2021-27135
zlib: patch CVE-2022-37434
Bump exempi release to rebuild with zlib's CVE-2022-37434 fix
Update ceph to v16.2.10 to address CVE-2022-0670
Update gnupg2 to 2.3.7 to resolve CVE-2022-34903
Update helm version 3.9.3
Upgrade cassandra version to 4.0.5
busybox: patch CVE-2022-30065
e2fsprogs: patch CVE-2022-1304
tzdata: update package to version 2022b.
unbound: bump version to 1.16.2 to address CVE-2022-30698
rsync: bump version to 3.2.5 to address CVE-2022-29154
sqlite: bump version to 3.39.2 to address CVE-2022-35737
libtiff: patch CVE-2022-34526
libtirpc: bump verison to 1.3.3 to address CVE-2021-46828
lldpd: bump version to 1.0.14 to address CVE-2020-27827
freetype: bump version to 2.12.1 to address CVE-2022-{27405,27406}
m2crypto: patch CVE-2020-25657
openssl: align release number with 2.0 state.
perl-DBD-SQLite: add BR on perl(Test::More) & perl(Digest::MD5) to fix ptest
perl-DBI: add BR on perl(blib) & perl(Test::More) to fix ptest
perl-DBIx-Simple: add BR on perl(Test::More) to fix ptest
perl-Exporter-Tiny: add BR on perl(Test::More) to fix ptest
perl-File-HomeDir: add BR on perl-{(ExtUtils::MakeMaker),(Test::More)} to enable ptest
perl-IO-Socket-SSL: add BR on perl(ExtUtils::MakeMaker) & check deps to enable ptest
perl-JSON-Any: add BR on perl(ExtUtils::MakeMaker) & cpan to enable ptest
perl-JSON-XS: add BR on perl(ExtUtils::MakeMaker) & perl(Test::*) to enable ptest
perl-Object-Accessor: add BR on perl(ExtUtils::MakeMaker) & check deps to enable ptest
perl-Path-Class: add BR on perl-{(Test),(Test::More),(Perl::OSType)} to enable ptest
perl-Pod-POM: add BR on perl(FindBin) to enable ptest
perl-Test-Deep: promote to SPECS to fix ptest for perl-CPAN-Meta-Check
perl-Test-Warnings: add BR on perl(Test::More) to enable ptest
perl-YAML-Tiny: add BR on perl(JSON::PP) & perl(Test::More) to fix ptest
perl-generators: add BR on perl(Fedora::VSP) to fix ptest build
perl-libintl: add BR on perl-{(ExtUtils::MakeMaker),(Test)} to enable ptest
python-pexpect: disable flaky spawn_uses_env test.
Other
Mariner RT kernel: enable CONFIG_PCI_PF_STUB and CONFIG_VFIO_NOIOMMU
Mariner kernel: enable CONFIG_SECURITY_LANDLOCK and CONFIG_BLK_DEV_ZONED for x86_64
toolchain: update steps to build with latest libarchive.
tools: safechroot: TestInitializeShouldCreateChroot: fix if condition
Building reaper only for x86_64 architecture
update cloud-init service to add sysinit.target dependency
fix cloud-init dependency issue
CBL-Mariner 1.0 August 2022 Update 2
Package updates:
- curl: update to version 7.84.0 to fix CVE-2022-32207.
- freetype: update to version 2.12.1 to fix CVE-2022-27405 and CVE-2022-27406.
- kernel: nopatch CVE-2022-1012.
- libarchive: update to version 3.6.1 to fix CVE-2021-36976.
- mariner-release: bump 'Release' tag for August Update 2.
- tzdata: update to latest version 2022b.
- vim: update version to 9.0.0181 to fix CVE-2022-2522, CVE-2022-2571, CVE-2022-2580, CVE-2022-2581.
- zlib: patch CVE-2022-37434.
CBL-Mariner 2.0 August 2022 Update
New core packages
ctags
knem
mlnx-ofa_kernel
mlx-bootctl
mlx-tools
ofed-scripts
pam_krb5
perftest
python-botocore
python-cassandra-driver
python-retrying
skopeo
xxhash
Migrations from extended to core
authd
freeipmi
iptraf
ksh
libreswan
lldpd
nfs4-acl-tools
postfix
symlinks
ucx
New extended packages
umoci
Package updates
blobfuse: update version to 1.4.4
ca-certificates: June 2022 (2022-08-02) release of Microsoft trusted root CAs
fluent-bit: update version to 1.9.6.
grub2: remove provides from unsigned grub2
k3s: fix install to allow VHDX integration.
kernel: upgrade to version 5.15.57.1
ldns: handle current CVEs
openssl: fix test failure
perl-CGI: add BR on cpan & perl(Test::*) to enable ptest
perl-Crypt-SSLeay: add BR on perl(Test::More) & perl(Bytes::Random::Secure) to enable ptest
perl-File-Find-Object-Rule: add BR on perl(blib) to enable ptest
perl-File-Which: add BR on perl-{(Env),(ExtUtils::MakeMaker),(Test::More)} to enable ptest
perl-Object-Deadly: add an explicit BR on perl(English) to enable ptest
python-click: migrate to 'SPECS' folder and bump version to 8.0.4.
python-requests-mock: switch to tox for testing
python-testscenarios: add BR on pip to enable ptest
python-whoosh: pip install wheel in %check section to enable ptest
sysbench: fixe ptest issue.
Other
Fix network access check during package repo file generation
CBL-Mariner 1.0 August 2022 Update
Package updates:
ca-certificates: June 2022 (2022-08-02) release of Microsoft trusted root CAs
clang: add clang-libs subpackage
kernel: update to 5.10.131.1
selinux: backport changes for interactive container use, fds manipulation and minor fixes
mariner-repos: add source repos for base, update, ui, preview and preview-ui
vim: update version from 8.2.5172 to 9.0.0050
CVES
libtiff CVEs: 2022-2056, 2022-2057, 2022-2058
nodejs: upgrade to v14.20.0 to fix CVEs 2022-32213, 2022-32214, 2022-32215
postgresql: upgrade to v12.8 to fix CVE-2021-3677
python-jinja2: update to v2.11.3 to fix CVE-2020-28493
python2: patch CVE-2022-3733
kernel: CVE-2022-32296, CVE-2022-1652, CVE-2022-1786, CVE-2022-0854, CVE-2021-20194, CVE-2021-32078, CVE-2021-37159
CBL-Mariner 2.0 July 2022 Update 2
New packages: cpupower, turbostat, kernel-tools, kubevirt, libgdiplus, giflib, libexif, fio, nbd, libnbd, sysbench.
Add ability to build quickly by packing a subset of RPMs
Add missing dependencies to rpm-build
Add network configuration for unattended ISO install
Add nopatch for mcpp CVE-2019-14274
Add patch to libsafec to fix getenv_s error handler calling behavior
Add second grub efi binary without specifying the prefix directory
Add upstream patch to python-attrs to fix mypy tests
Add source and debuginfo repos for base and extended packages
Add apache maven SPEC to Mariner.
Add sed as a post install requirement in the vim spec
Fixed CVE-2022-1852 and CVE-2022-2078
Fixed curl CVE-2022-32207
Fixed libtiff CVEs: 2022-2056, 2022-2057, 2022-2058
Fixed opensc non-check build by disabling unit tests
Fixed podman installation and feature functionality issues
Kernel upgrade to version 5.15.55.1
maven: Fix aarch64 builds by including 1.0 maven aarch64 rpm also sources in spec file.
e2fsprogs: running tests in a single thread to make them more consistent.
perl-Sys-Virt, pyproject-rpm-macros, and python-flit: fixed ptests.
git: upgraded to 2.33.4 to address CVE-2022-29187
vim: upgraded version to 9.0.0050 to fix CVEs: 2022-2257, 2022-2264, 2022-2284, 2022-2285, 2022-2286, 2022-2287
argparse-manpage: pip install latest deps to enable ptest
cloud-init: pip install test-requirements.txt to enable ptest
coreutils: Fix env-signal-handler test
kernel config: Add configs needed by eBPF tracers.
kernel: nopatch CVE-2022-34494, -34495
lua: patch CVE-2022-33099
mc, python3, vim: fix unversioned python shebangs
opensc: remove Fedora-specific test modifications
python-pytest-subtests: drop BR on pytest & pip install latest deps to enable ptest
python-pytest-timeout: drop BR on pytest and install latest deps to enable ptest
python-requests-toolbelt: pip install latest deps to enable ptest
selinux-policy: fixes for interactive container use.
selinux-policy: minor fixes for groupadd, systemd-cgroups, hv_utils.
unbound: build with libevent to fix libreswan
grub2: resolved CVE-2021-3981
protobuf-c: resolved CVE-2022-33070
Set default SOURCE_URL in Makefile
README: Add 2.0 quickstart workflow badge
Do not print a warning when image config file is explicitly defined as empty
CBL-Mariner 2.0 July 2022 Update
Added DELTA_BUILD toolkit variable.
Added Github CLI gh.
Added MBR Partitioning Support in Mariner.
Added azcopy, dcos-cli, cf-cli, intel-ipsec-mb, intel-pf-bb-config, libhugetlbfs, and msgpack.
Added retry logic in runliveinstaller to ensure network access during pxe boot.
Added swap partition entry to /etc/fstab.
Added patch to fix compilation with ncurses 6.3 for hunspell and liboping.
Bug fix for ResolveCompetingPackages when building on RPM-based distro.
Build turbostat and cpupower for the x86_64 platform.
Updated kernel to version 5.15.48.1 to fix CVE-2022-33981.
Initial KeysInUse Integration.
Introduced mariner_rpmspec function for GitHub PR check scripts.
K3s uninstall fix and exclusivity for x86_64.
Mark mcpp CVE-2019-14274 as fixed.
Migrate FabricBot Tasks to Config-as-Code.
Move su from shadow-utils to util-linux.
Running git as repo owner in Mariner's toolkit.
Switch to HTTPS source for autoconf213.
Updated Ubuntu version to 22.04 for CGmanifest checks.
Updated vim to 8.2.5172 to fix CVE-2022-2175, CVE-2022-2182.
Updated fish to 3.5.0 to resolve CVE-2022-20001.
Updated fakeroot to version 1.29 to fix a ptest.
ca-certificates: May 2022 (2022-06-28) release of Microsoft trusted root CAs.
abseil-cpp: removing GTest workarounds.
libftdi: disabling docs building to stabilize the build.
prebuilt-ca-certificates*: adding Conflicts: ca-certificates-shared.
python-sphinxcontrib-*: fixing 3 failing ptests.
usrsctp: nopatch CVE-2019-20503.
cloud-init: patch for CVE-2022-2084.
coreutils: Build arch binary.
gd: fix test.
kernel: enable virtio config, add vmlinuz symlink, enable verbose log, nopatch CVE-2022-1652, CVE-2022-32981.
msopenjdk-11: Upgrade to 11.0.15+10-LTS-1.
python3: Remove Windows executables, add add'l provides.
qemu: fix build break on aarch64, ship missing efi*rom & pxe*rom romfiles.
Only build crash-gcore-command on x86_64.
Use --no-clobber for toolchain downloads.
Bump Mariner 2.0 Release for July 2022 Update.
1.0.20220709
Add apparmor dependencies to moby-containerd
Add golang-1.17 for packages that break with v1.18
Added patch for CVE-2021-4206 to qemu-kvm
Build moby-containerd with mod=vendor and upgrade to version 1.6.6+azure to resolve CVE-2022-31030
Bump Mariner Release for Mariner 1.0 June Update 2
Fix bad interpreter error when run pip3
Fix openssl for ptest failure
Fixed spuriously failing defrag test in redis
Modify toolchain so it no longer consumes from the "toolchain" subfolder on source archive
Patch Kernel to fix CVE-2022-33981
Patch openssl to fix CVE-2022-2068
Patch ptfdisk & irqbalance to fix build with ncurses-6.3
Patch qemu-kvm for CVE-2021-3750
Refresh Mariner Release for July Update
Updated vim to 8.2.5172 to fix CVEs
Upgrade pygobject3 to fix ptest.
Upgrade ca-certificates to May 2022 (2022-06-28) release of Microsoft trusted root CAs
Upgrade Vim version to 8.2.5154 to fix CVEs
Upgrade libjpeg-turbo version 2.1.2 to fix CVE-2021-46822
Upgrade libtiff version to 4.4.0 to fix CVE-2022-0908
Upgrade libxml2 to 2.9.14 to fix CVE-2022-29824
Upgrade logrotate to 3.20.0 to fix CVE-2022-1348
Upgrade ncurses to 6.3 [patch 20220612] to fix CVE-2022-29458
Upgrade ncurses to 6.3 to fix CVE-2022-29458
Upgrade python-jwt to 2.4.0 to fix 2022-29217
Upgrade python3 to 3.7.13 to resolve CVE-2019-12900
Upgrade rubygem-elasticsearch to 8.2.2 to fix CVE-2022-23712.
Upgrade to moby-runc version 1.1.2 to fix CVE-2022-29162
Upgrade uclibc-ng to 1.0.41 to fix CVE-2022-30295
backported redis 6.2.7 to 1.0 to fix CVE-2021-24736
kernel: Update to 5.10.123.1
2.0.20220625
Add command line tool jx SPEC
Add less to git runtime Requires
Add libreswan to SPECS-EXTENDED
Enable Vgem driver in kernel
Fix /etc/my.cnf conflict from mariadb.
Fix link to documentation in readme
Fix util-linux buildrequires to include libcap-ng-devel
Patch libcdio to build with ncurses 6.3
Patch numatop to fix format-security errors caused by ncurses-6.3 upgrade
Patch openssl to fix CVE-2022-2068
Patch powertop to fix build errors caused by ncurses 6.3 upgrade.
Remove auditd requirement on base package from libs subpackage
Remove nspr, nss-libs from base container image
Toolchain: Add ability to partially rehydrate from upstream repos
Toolchain: Remove openssl-debuginfo from the worker chroot
Toolchain: Update Depsolver to print all unsolvable nodes blocking subgraph
Update baseurl in mariner-nvidia repo manifest to match the PMC nvidia repo url
Update rpm macros to use other macros
Upgrade clamav to 0.105.0
Upgrade curl to fix CVE-2022-27779, CVE-2022-27780, CVE-2022-27781, CVE-2022-30115, CVE-2022-27782, CVE-2022-27778
Upgrade dpkg to version 1.20.10 to address CVE-2022-1664
Upgrade ipstate to version 2.2.7 to fix build errors caused by ncurses 6.3 upgrade.
Upgrade iptraf-ng to resolve -Werror=format-security compilation failures caused by ncurses 6.3 upgrade
Upgrade kernel to v5.15.48.1
Upgrade libinput to version 1.21.0 for CVE-2022-1215
Upgrade moby-containerd to version 1.6.6 to fix CVE-2022-31030
Upgrade mtr to version 0.95 to fix build errors caused by ncurses 6.3 upgrade.
Upgrade mysql to version 8.0.29 to fix 17 CVEs
Upgrade python3 to 3.9.13
Upgrade uclibc-ng to 1.0.41 to fix CVE-2022-30295