Releases: microsoft/azurelinux
1.0 CBL-Mariner March 2022 Update 3
Backport systemd dhcp fix and enable netplan
Backport SELinux policy updates and SELinux size reduction for policy base
Add libselinux build requirements to coreutils/findutils to enable SELinux support (ls -Z and find -context)
Port cloud-init ovf_is_accessible DataSourceAzure.py fix
Disable kernel fw loader fallback
Automatic tzdata update.
Bump github.com/stretchr/testify from 1.7.0 to 1.7.1 in /toolkit/tools
Patch kernel to address CVE-2022-1016
Upgrade powershell to 7.2.2 to resolve CVE-2020-8927
Upgrade vim to 8.2.4563 to fix CVE-2022-0943
Upgrade python to 3.7.11 to fix CVE-2021-3737
Upgrade golang to 1.16.15 to address CVE-2022-24921
Upgrade httpd to 2.4.53 to fix CVE-2022-22719, CVE-2022-22720, CVE-2022-22721, CVE-2022-23943
Patch libvirt for CVE-2021-3631 & CVE-2021-3667
Patch libtiff to fix CVE-2022-0561, CVE-2022-0562 & CVE-2022-0891
Upgrade bind to 9.16.27 to address CVE-2021-25220 & CVE-2022-0396
Patch qemu-kvm to fix CVE-2021-3607, 3608, 3930, 3947, 4145
1.0 CBL-Mariner March 2022 Update 2
Restart containerd service 10 sec after crash
Upgrade Ruby to 2.6.9 to fix CVE-2021-41817, CVE-2021-41819
Patch postgresql: patch CVE-2021-23222
Patch openssl to fix CVE-2022-0778.
Upgrade rust to 1.59.0 to fix CVE-2022-21658.
Upgrade cyrus-sasl to 2.1.28 to fix CVE-2022-24407
Upgrade freetype to 2.11.1 to fix CVE-2020-15999.
Upgrade libxml2 to version 2.9.13 to fix CVE-2022-23308.
Upgrade nodejs to version 14.18.3 to fix CVE-2021-44531.
Upgrade openjdk8 to fix CVE-2022-21282 CVE-2022-21293 CVE-2022-21294 CVE-2022-21296 CVE-2022-21299 CVE-2022-21305 CVE-2022-21340 CVE-2022-21341 CVE-2022-21360 CVE-2022-21365
Modify toolkit to use local /run folder in chroot instead of mounted tmpfs
Enable SELinux by default on all images backport.
1.0 CBL-Mariner March 2022 Update
Upgrade kernel to 5.10.102.1 to address CVE-2021-3752, CVE-2021-3753, CVE-2021-4032, CVE-2021-20322, CVE-2021-45402, CVE-2022-0264, CVE-2022-0847 (Dirty Pipe CVE Fix), CVE-2022-24448, CVE-2022-24958, CVE-2022-24959, CVE-2022-25258, CVE-2022-25375
Upgrade Open JDK8 to fix CVE-2022-21282 CVE-2022-21293 CVE-2022-21294 CVE-2022-21296 CVE-2022-21299 CVE-2022-21305 CVE-2022-21340 CVE-2022-21341 CVE-2022-21360 CVE-2022-21365
Upgrade vim to 8.2.4495 to fix CVE-2022-0729
Patch moby-contianerd to fix CVE-2022-23648
Upgrade clamav to fix CVE-2022-20698
Upgrade MariaDB to 10.3.34 to fix CVE-2021-46661, CVE-2021-46662, CVE-2021-46663, CVE-2021-46664, CVE-2021-46665, CVE-2021-46668
Enable Perl Compatible Regular Expression (pcre) JIT feature
Distroless containers now include rpm manifest to support Distroless Container CVE scanning by Qualys.
Fix python3 self test for compatibility with newer expat
1.0 CBL-Mariner February 2022 Update 2
Fix issue with quotes in os-release
Fix golang to inherit proxy settings
Add cloud-init patches to support preprovisioned VMs
Upgrade expat to fix CVE-2022-25313, CVE-2022-25314, CVE-2022-25315, CVE-2022-25235, CVE-2022-25236
Patch python-twisted for CVE-2022-21712
Upgrade vm to fix CVE-2022-0554
Upgrade zsh to fix CVE-2021-45444
Upgrade tcpdump to 4.99.1 to fix CVE-2018-16301
1.0 CBL-Mariner February 2022 Update
Add gcovr package
Add compressed firmware support
Fix _topdir variable in gen-ld-script.sh
Bump github.com/deckarep/golang-set in /toolkit/tools
Upgrade moby-containerd to 1.5.9
Patch StrongSwan for CVE-2021-45079
Patch glibc for CVE-2022-23218, CVE-2022-23219
Patch kernel for CVE-2022-0435
Upgrade Golang to 1.16.14 to fix 2022-23806, 2022-23773 2022-23772
Upgrade expat to v.2.4.4 to fix CVE-2022-23852
Upgrade vim to 8.2.4281 to fix CVE-2022-0443, 0417, 0413, 0408, 0407, 0393, 0392, 0368, 0361, 0359
Upgrade MariaDB to v10.3.32 for CVE-2021-46658, CVE-2021-46657, CVE-2021-46667
Upgrade kernel for CVE-2021-4083
1.0 CBL-Mariner January 2022 Update 2
Patch polkit for CVE-2021-4034
kernel: update to 5.10.93.1
Removed linker script settings from pkgconfig.
1.0 CBL-Mariner January 2022 Update
Update openldap configure flags to disable rpath
Enable kernel to support building/installing Intel SGX Driver
Removed audit indirect dependency on finger
Update Mariner cert in kernel keyring
Update erlang to 24.2
Update btrfs-progs to 5.16
Fix broken link in docs/how_it_works/0_intro.md
Add config to create qcow image
Avoid starting the check-restart service on reboot
abseil-cpp: exclude tests 'absl_symbolize_test & absl_sysinfo_test'
Skipping flaky invalid_metadata test.
Fixed libgd test failures in 2.3.3
Update expat to 2.4.3 for CVE-2021-46143, CVE-2021-45960,CVE-2022-22822, CVE-2022-22823, CVE-2022-22824, CVE-2022-22825, CVE-2022-22826, CVE-2022-22827
Update vim to 8.2.4006 to fix CVE CVE-2021-4166
Update vim to 8.2.4006 to fix CVE CVE-2021-4166
Update kernel to 5.10.89.1 Address CVE-2021-28714, CVE-2021-43975, CVE-2021-43976, CVE-2021-44733, CVE-2021-45480, CVE-2021-45485, CVE-2021-45486
Update bash to version 4.4.23
Update vim to 8.2.4081 to fix CVE-2022-0128, CVE-2022-0158, CVE-2022-0156, CVE-2021-4193, CVE-2021-4192, CVE-2021-4173, CVE-2021-4166
Patched numpy for CVE-2021-41496
Make dstat use Python 3 and fix implicit dependencies
Fix moby-runc BuildRequires
Fix moby-runc for CVE-2021-43784
Fix golang CVE-2021-44716
1.0 CBL-Mariner December 2021 Update
Add partition and storage-rule for Azure VM extensions
Remove dnf-automatic from default image
Add coredns 1.8.4 and etcd 3.5.0
Update ostree to 2021.4
Update rpm-ostree to 2020.4
Upgrade bind to 9.16.22 to address CVE-2021-25219
Upgrade powershell to 7.2.1 to fix CVE-2021-43896
Upgrade httpd to 2.4.52 to fix CVE-2021-44224, CVE-2021-44790
Upgrade nss and nspr for CVE-2021-43527
Upgrade busybox to 1.34.1 to fix CVEs : CVE-2021-42376 CVE-2021-42377 CVE-2021-42378 CVE-2021-42379 CVE-2021-42380 CVE-2021-42381 CVE-2021-42382 CVE-2021-42383 CVE-2021-42384 CVE-2021-42385 CVE-2021-42386
Upgrade expat to fix CVE-2019-15903
Upgrade python-lxml to 4.7.1 to fix CVE-2021-43818
Patch binutils to fix CVE-2021-45078
Patch lapack for CVE-2021-4048
Patch vim for CVE-2021-4136, CVE-2021-4069 and CVE-2021-4019
Patch keepalived for CVE-2021-44225
1.0 CBL-Mariner November 2021 Update
Upgrade Kernel to 5.10.78.1 to fix Critical CVE.
Enable CONFIG_COMPAT kernel configs
Upgrade cppunit to 1.15.1
Upgrade dnf to 4.10
Upgrade harfbuzz to 2.6.4
Upgrade libdnf to 0.65.0
Upgrade libmodulemd to 2.13
Upgrade librepo to 1.14.2
Upgrade libsolv to 0.7.20
Upgrade ostree to 20201.4
Upgrade rpm-ostree to 2020.4
Upgrade Trusted Root Certs
Changed 'grpc' to build with our default C++
Patch for glibc pthread_cond_signal failed to wake up pthread_cond_wait
Disabled provides bundled(simclist) pcsc-lite-ccid to avoid build issue.
Removed checked-in binaries from bond.
Removed vendored grpc packages re2 and abseil. Fixed dependency and added abseil-cpp.
Remove (ba)sh dependency from icu, glibc and krb5
Fix missing runtime requires for ansible
Upgrade c-ares to 1.18.1 to fix CVE-2021-3672
Upgrade pgbouncer to 1.16.1 to fix CVE-2021-3935
Upgrade vim to 8.2.3668 to fix CVE-2021-3903, 3968, 3973, 3974
Upgrade mc to 4.8.27 to fix CVE-2021-36370
Upgrade nodejs to v14.18.1 to fix several CVEs and cryptography bugs
Upgrade mysql version to 8.0.27
Upgrade golang to 1.16.10 to fix CVE-2021-38297, CVE-2021-39293
Upgrade libgd to 2.3.3 to address CVEs CVE-2021-38115, CVE-2021-40145, CVE-2021-40812
Patched gmp to fix CVE-2021-43618.
Patched uclibc-ng to fix CVE-2021-43523.
Patched libgcrypt for CVE-2021-33560
Patched ncurses for CVE-2021-39537
Patched strongswan for CVE-2021-41990, CVE-2021-41991
Patched babel for CVE-2021-42771
Patched qemu-kvm CVE-2020-35506, CVE-2021-3545
1.0 CBL-Mariner October 2021 Update
- Upgrade kernel to 5.10.74
- Upgrade opensc to 1.3.2
- Upgraded selinux-policy to 2.20210203
- Fix grpc-devel file conflict
- shadow-utils: Update SELinux and loginuid session entries.
- Add specfile for DataStax Cassandra CPP driver
- Add dwarves package
- Fix openscap buildrequires issue for dbus
- Fix python-distro package test
- Fix gd package test (gd builds without fontconfig support now)
- Reduced core image size (Remove python-2 from images)
- Fix issue where PAM did not bundle selinux related binaries
- Patch libacvp to support additional openssl tests
- Add libdivsufsort package
- Add cloud-init-azure-kvp subpackage and include in Azure defaults
- Fixed ISO bug where wala agent was automatically installed in error
- Fix: libusb and perl-generators tests
- Fix post-install script args in imageconfig being ignored
- Fix partition search ordering for part init
- Push nvidia-container library updates to 1.0
- Updating libnvidia-container version, nvidia-modprobe + signatures
- Upgrade openssh to 8.8p1 to fix CVE-2021-41617, CVE-2016-20012
- Upgrade cloud-init to 21.3 to fix CVE-2018-10896
- Upgrade httpd to 2.4.51 to fix CVE-2021-41773, CVE-2021-41524
ca-certificates: removing Mozilla CAs in favour of Microsoft ones- Upgrade wget to 1.21.1 to fix CVE-2021-31879
- Upgrade krb5 to 1.18.4 to fix CVE-2019-14844, CVE-2020-28196, CVE-2021-36222, CVE CVE-2021-37750,
- Fix CVE for ansible CVE-2021-3583, CVE-2021-20228
- Upgrade redis to fix CVE-2021-32761, CVE-2021-32672, CVE-2021-32626,CVE-2021-32627, CVE-2021-32628, CVE-2021-32675, CVE-2021-32687, CVE-2021-32762, CVE-2021-41099
- Fix moby-engine CVE-2021-41089, CVE-2021-41091
- Fix moby-containerd CVE-2021-41103
- Fix atftp CVE-2021-41054
- Fix vim CVE-2021-3778, CVE-2021-3796