Releases: microsoft/azurelinux
2.0.20240829
Generic Kernel version-release: kernel-5.15.164.1-1
Add missing shadow-utils requirement to ceph
Add new package Mosh to spec-extended
Patch busybox to resolve CVE-2021-42380, CVE-2023-42363, CVE-2023-42364 & CVE-2023-42365
Patch cert-manager to address CVE-2024-25620 and CVE-2024-6104
Patch cmake for CVE-2023-28320
Patch cri-o to resolve CVE-2024-6104 (patched vendored gomodule)
Patch dhcp (bundled bind) for CVE-2024-1737 & CVE-2024-1975.
Patch influxdb to resolve CVE-2024-6104 (patched vendored gomodule)
Patch js-jquery to address CVE-2019-20149
Patch jx to resolve CVE-2023-45288
Patch keda to resolve CVE-2024-6104 (patched vendored gomodule)
Patch libcontainers-common to address CVE-2021-43565
Patch libtiff to resolve CVE-2023-6277 and CVE-2024-7006
Patch moby-cli to resolve CVE-2023-45288
Patch nginx to address CVE-2024-7347
Patch openldap to resolve CVE-2023-2953
Patch packer to resolve CVE-2024-6104 (patched vendored gomodule)
Patch prometheuus to resolve CVE-2024-6104 (patched vendored gomodule)
Patch protobuf to fix CVE-2022-1941
Patch python-twisted to address CVE-2024-41671 and CVE-2024-41810
Patch python3 to address CVE-2024-7592
Patch qt5-qtbase to resolve CVE-2024-39936.
Patch reaper to address reaper CVE-2024-42459, CVE-2024-42460, CVE-2024-42461
Patch rook to resolve CVE-2024-6104 (patched vendored gomodule)
Patch rpm-ostree to resolve CVE-2023-26964 in vendored h2 sources
Patch rust for CVE-2024-31852 and CVE-2024-32884
Patch tensorflow to resolve CVE-2023-33976
Patch unbound for CVE-2024-43168
Patch waagent.conf to add firewall rules
Upgrade azcopy version to 10.25.1 to fix CVE-2024-35255
Upgrade bind to version 9.16.50 to resolve CVE-2024-1737, CVE-2024-1975 & CVE-2024-4076
Upgrade ca-certificates Msft cert change
Upgrade frr to 8.5.5 to fix CVE-2024-31950, CVE-2024-31951, CVE-2024-44070
Upgrade kernel to version 5.15.164.1 to fix CVE-2024-36901, CVE-2024-26900, CVE-2024-39473, CVE-2024-39474, CVE-2024-39483, CVE-2024-39485, CVE-2024-41007, CVE-2024-41009, CVE-2024-42071, CVE-2024-42072, CVE-2024-42073, CVE-2024-42074, CVE-2024-42075, CVE-2024-42078, CVE-2024-42083, CVE-2024-42152, CVE-2024-42153, CVE-2024-42154, CVE-2024-42157, CVE-2024-42161, CVE-2024-42223, CVE-2024-42224, CVE-2024-42225, CVE-2024-42229, CVE-2024-42232, CVE-2024-42236, CVE-2024-42237, CVE-2024-42244, CVE-2024-42247, CVE-2022-48788, CVE-2022-48841, CVE-2023-52340
Upgrade kernel-mos to 5.15.164.1
Upgrade postgresql to 14.13 to fix CVE-2024-7348
Toolkit: Update gonum to v0.15.0
3.0.20240824
Generic Kernel version-release: kernel-6.6.47.1-1
Add Virtual Repo Snapshot support through patch to TDNF
Add automatic mode for DAILY_BUILD_ID
Add cdi tools binaries to cdi package build (cdi 1.57)
Add dracut setup script to WaLinuxAgent
Add drivers for DMI and EROFS, dm-verity verification
Add libnvidia-nscq to NVIDIA GPU driver container image
Add missing runtime dependencies for automake.
Add missing runtime dependencies to python-poetry-core.
Add new license validator tool
Add package cpufrequtils
Add package mtr
Add package sysfsutils
Add priorities to local repos
Add requires for shadow-utils in postgresql
Add systemd service to postgresql
Add xorg-x11-server-Xwayland v24.1.1
Change default binary install location for cloud-init
Change edk2 to not apply warning suppress patch
Changed selected kernel configs to modules on aarch64
Disabled PR check debug mode by default.
Don't include epoch in rpm name when resolving conflicts
Drop disable-xattr dracut patch, introduce config to optionally enable it Drop dracut multiple confdirs patch
Enable CONFIG_RT_GROUP_SCHED in kernel-rt
Enable EVM
Enable FS_VERITY and SECURITY_IPE LSM
Enable MPTCP
Enable USB_TMC as module
Enable xattr and acl support in coreutils.
Explaining package usage order.
Fix ABI compatibiity errors between abseil-cpp and dependent packages.
Fix Tensorflow Golden Container Smoke test
Fix bash package tests
Fix bfq patch to select "none" scheduler as default
Fix dracut for initrd not showing prompt when root device is locked
Fix duplicate file issues in harfbuzz, cyrus-sasl and rrdtool
Fix e2fsprogs ptest
Fix gdb package test
Fix libldb build failure by upgrading to build with Python 3.12 in 3.0
Fix libtdb build issue by upgrading to build with Python 3.12 in 3.0
Fix package tests for make
Fix path issue for compiler-rt
Fix perl(AutoLoader) capitalization for perl-NetAddr-IP BR
Fix tests for perl-HTTP-Message, python-pytest-mock, upgrade pyOpenSSL
Fix unnecessary Requires:libselinux from coreutils to fix Circular dependency
Fixed openssh ptests.
Move grub2-rpm-macros to azurelinux-rpm-macros package
Onboard NVIDIA Driver Container to PublishContainer script
Patch CVE-2024-32884 and CVE-2024-31852 in rust
Patch CVE-2024-7006 in libtiff
Patch Prometheus for Fix CVE-2024-6104
Patch busybox for CVE-2021-42380, CVE-2023-42363, CVE-2023-42364 & CVE-2023-42365
Patch cert-manager for CVE-2024-25620
Patch cf-cli for CVE-2023-39325
Patch coreutils to address CVE-2024-0684
Patch gtk2 and gtk3 for CVE-2024-6655
Patch influxdb for CVE-2024-6104.
Patch js-jquery for CVE-2019-20149
Patch keda for CVE-2024-6104 in by patching vendor gomodule
Patch libcontainers-common for CVE-2024-6104
Patch libsndfile to resolve CVE-2022-33065
Patch libtiff to resolve CVE-2023-6277
Patch moby-engine for CVE-2024-41110
Patch package for CVE-2024-6104
Patch python-twisted to fix CVE-2024-41671 and CVE-2024-41810
Patch python3 to address CVE-2024-7592
Patch rapidjson to address CVE-2024-38517 and CVE-2024-39684
Patch skopeo for CVE-2024-6104
Patch unbound for CVE-2024-43168
Patch yasm for CVE-2021-33454
Path vim for CVE-2024-41957 CVE-2024-41965, CVE-2024-43374
Remove daemon.json with backported fix
Remove kexec-tools from azure vm definition
Remove libssp files to fix avahi hang
Restore removed libguestfs tests
Restore syslog message passing behavior
Sdd patch in WALinuxAgent to update setup.py to support azurelinux
Update 3.0 kata-containers build invocations to use OS_VERSION=3.0
Update go link commands for go-1.21 in ubuntu prereq
Update msopenjdk to latest prod version and add hash verification
Updated kernel-uki to include systemd-cryptsetup in initrd
Updated kernel-uki to use new initrd
Upgade Kernel RT to version 6.6.43.1-rt38
Upgrade Kernel to version 6.6.47.1 to address CVE-2024-36288 CVE-2024-42075 CVE-2024-42071 CVE-2024-42078 CVE-2024-42083 CVE-2024-42072 CVE-2024-42226
Upgrade SymCrypt-OpenSSL to 1.5.1
Upgrade distribution-gpg-keys to version 1.104, a more recent version that includes the Azure Linux keys.
Upgrade valgrind to version 3.22.0.
Upgrade and Patch frr to 9.1.1 to fix CVE-224-31950, CVE-2024-31951, CVE-2024-44070
Upgrade azcopy to version to 10.25.1 to fix CVE-2024-35255
Upgrade bind to 9.20.0 to address CVE-CVE-2024-0760, CVE-2024-1737, CVE-2024-1975 & CVE-2024-4076
Upgrade ca-certificates to latest Msft cert change
Upgrade curl to 8.8.0 for CVE-2024-2398
Upgrade edk to 20240524; hvloader to ekd2 version
Upgrade golang to 1.22.6-1
Upgrade httpd to 2.4.62 to address CVE-2024-40725
Upgrade iperf3 version to 3.17.1 to address CVE-2024-26306
Upgrade krb5 to 1.21.3 CVE-2024-37371, CVE-2024-37370
Upgrade libtevent to build with Python 3.12
Upgrade nghttp2 to 1.61.0 to address CVE-2024-28182
Upgrade postgresql to 16.4 CVE-2024-7348
Upgrade python-idna to 3.7 CVE-2024-3651
Upgrade python-webob to 1.8.8 Fix CVE-2024-42353
Upgrade ruby version to 3.3.3 to fix CVE-2024-41946
Upgrade tpm2-tss version to 4.0.2 to resolve CVE-2024-29040
Upgrade walinuxagent to 2.11.1.4 and add azurelinux patch
selinux-policy: Change unconfined to a separate module.
selinux-policy: Clean up testing rules and add systemd fix.
selinux-policy: Updated SELinux policy module composition.
Image Customizer: Account for GPT footer when validating partitions.
Image Customizer: Add ISO tests.
Image Customizer: Add modprobe to list of chroot incompatible commands.
Image Customizer: Add check for installed kernel.
Image Customizer: Add checks for missing/duplicate partition labels.
Image Customizer: Add tests for services enable/disable.
Image Customizer: Add tests for users API.
Image Customizer: Always refresh RPM repo metadata.
Image Customizer: Be robust to lsblk and fdisk output ordering.
Image Customizer: Bugfix Verity dependency handling in Azl3.
Image Customizer: Bump release version to v0.6.
Image Customizer: Create and log image uuid in release file
Image Customizer: Do not shrink verity hash partition.
Image Customizer: Expand legacy boot tests.
Image Customizer: Fix call to parted mkpart.
Image Customizer: Fix merge in 'TestCustomizeImagePartitionsLegacy'.
Image Customizer: Fixes for grub2-install.
Image Customizer: Improve copy directory error message.
Image Customizer: Improve error message for missing filesystem entry.
Image Customizer: Increase loopback detach timeout.
Image Customizer: Partition UUID reset.
Image Customizer: Split up customizeutils.go.
Image Customizer: Validate HOME and USER env vars.
Image Customizer: Validate fields on FileConfig.
Image Customizer: Verity: Use loopback + Add tests.
Image Customizer: docs for run.sh
Image Customizer: fix typos
Image Customizer: rename /etc/mariner-customizer-release to /etc/image-customizer-release
Image Customizer: test mic container script
Toolkit: Add priorities to local repos
Toolkit: Do not give GPT partitions a default label of "primary".
Toolkit: Explicit toolchain signature validation
Toolkit: Fix readdirent toolchain errors for reusable chroots
Toolkit: Ignore bogus case-insensitive provides results from repocloner
Toolkit: Integrate new license checker package into image and package builds.
Toolkit: Make check-circular-deps.yml faster with -j, use lkg
Toolkit: Removed unused argument in preparerequest.go
Toolkit: Respect overridden home directory for .ssh path.
Toolkit: bugfix: update_manifest.sh group name may not always exist
Toolkit: add a helper script to build packages locally
Toolkit: check for parted version before setting partition type
Toolkit: Update toolkit building docs for 3.0
Toolkit: Use structs to pass data to scheduler prints
2.0.20240731
Generic Kernel version-release: kernel-5.15.162.2-1
Kernel upgrade to version 5.15.162.2 to resolved CVE-2021-3847, CVE-2024-26913, CVE-2024-26933, CVE-2024-26978, CVE-2024-36477, CVE-2024-36481, CVE-2024-38664, CVE-2024-39291, CVE-2024-36288, CVE-2024-38662, CVE-2024-38780, CVE-2024-39277, CVE-2024-39292
Filter out debuginfo packages when running sodiff
Fix CVE-2024-6104 in skopeo
Fix CVE-2024-6345 in python3
Patched CVE-2023-26253 in glusterfs. (CP: #9717)
Python3 patch CVE-2024-0397
Update shim-unsigned-x64 to 15.8 and updates signed shim
Upgrade kernel-mos version to 5.15.161.1
Add Patch in terraform for CVE-2024-6257.
Bug fix in patch CVE-2024-5535 in openssl
Patch CVE-2024-5535 in openssl
Patch for gtk2 and gtk3 CVE-2024-6655
Patch moby-buildx CVES CVE-2021-43565 CVE-2022-28948 CVE-2022-41723
Patch tpm2-tools for CVE-2024-29038 & CVE-2024-29039.
Patched CVE-2024-37890, CVE-2023-42282, and CVE-2017-18214 in reaper.
Reverted packer to version 1.9.5 and patched its CVEs.
Upgrade default golang to 1.22.5 and backport the fix for 1.18
Upgrade httpd to 2.4.61 to fix CVE-2024-38473
Upgrade httpd to 2.4.62 to address CVE-2024-40725
Upgrade python-idna to 3.7 CVE-2024-3651
Upgrade to version 5.15.162.1
ceph: Fix high CVE-2024-38517 and CVE-2024-39684
cf-cli: patch CVE-2021-43565
cloud-hypervisor-cvm: update to 38.0.72.2
cri-o: patch CVE-2021-43565
fix CVE-2024-41110 in moby-engine
gh: patch CVE-2021-43565
libcontainers-common: introduce patch to address CVE-2024-37298
libmemcached-awesome: Upgrading version to 1.1.4 to address CVE-2023-27478
openssh: fix "regresshion" CVE, CVE-2024-6387, with patch from debian.
rapidjson: fix CVE-2024-38517 and CVE-2024-39684
telegraf: Add patch for CVE-2024-37298
Upgrade krb5 to 1.21.3 CVE-2024-37371, CVE-2024-37370
curl: upgrade 8.5.0 -> 8.8.0 to address CVE-2024-2398
emacs: Upgrading emacs version to 29.4 to address CVE-2024-39331
fix intermittent openssl FIPS selftest failures in jitterentropy
golang: drop golang-1.17
hvloader: add patch for CVE-2023-0464
kata-cc: Fix make clean call in UVM build
kata-containers-cc: Adapt tarfs make install trgt
moby-engine: remove daemon.json with backported fix
msft-golang: upgrade 1.22.4 -> 1.22.5 to address CVE-2024-24790 & CVE-2024-24791
terraform: Patch CVE-2024-6104 for bundled hashicorp/go-retryablehttp.
3.0.20240727 GA Release
GA Release for Azure Linux 3.0.
2.0.20240628
KERNEL Notes
Generic Kernel version-release: kernel-5.15.160.1-1
Toolkit Notes
Bump azidentity 1.3.1 -> 1.6.0 to address CVE-2024-35255
General Notes:
Patch nano fo+r CVE-2024-5742
Patch R to address CVE-2024-27322
Patch cri-o to resolve CVE-2024-3727 (Patched vendored github.com/containers/image)
Patch edk2 for CVE-2024-1298
Patch guava for CVE-2023-2976
Patch hvloader to resolve CVE-2024-1298
Patch libarchive to resolve CVE-2024-26256
Patch libndp for CVE-2024-5564
Patch ntfs-3g for CVE-2023-52890
Patch openssh to fix CVE-2023-28531
Patch skopeo for CVE-2024-3727
Patch telegraf for CVE-2024-35255
Patch vte291 for CVE-2024-37535
Patch wget for CVE-2024-38428
Patch yasm for CVE-2021-33454
Remove isorelax project from 2.0 Extended
Update conntrack-tools to addresses situations where conntrack flush command exits with error code 1.
Upgrade dhcp to 4.4.3-P1 to fix CVE-2022-2928, CVE-2022-2929
Upgrade golang to 1.21.11 to address CVE-2024-24790
Upgrade kernel to 5.15.160.1 to fix CVE-2024-26583, CVE-2024-26584, CVE-2024-26585, CVE-2022-48670, CVE-2024-36023, CVE-2024-36897, CVE-2024-36902, CVE-2024-36938, CVE-2024-36971
Upgrade libpng to 1.6.39 to fix CVE-2022-3857
Upgrade msft-golang to version 1.22.4 to address CVE-2024-24790
Upgrade mysql to 8.0.36 to fix 10 CVEs
Upgrade nodejs18 to 18.20.3 to fix CVE-2024-28863
Upgrade php to 8.1.29 to fix CVE-2024-4577, CVE-2024-5585, CVE-2024-5458
Upgrade python-urllib3 to 1.26.19 patch CVE-2024-37891
Upgrade vitess to v17.0.7 to fix CVE-2024-32886
3.0.20240624
This is the preview release for 3.0.20240624
2.0.20240609
Generic Kernel version-release: kernel-5.15.158.2-1
Added azl-compliance package.
Added tzdata dependency for php-pecl-zip.
Added back-compat symlink for docker-proxy to moby-engine.
Added fix for cloud-init growpart to selinux-policy.
Added patch for kubevirt CVE-2024-24786.
Added patch for pytorch CVE-2024-27318.
Added patch for ruby CVE-2024-35176.
Added patch for rubygem-rexml CVE-2024-35176.
Added patch in cri-o for CVE-2024-21626.
Added patch to moby-engine to address CVE-2023-44487.
Added patch to nodejs18 to address CVE-2023-21100.
Added patch to add network interface renaming support for CAPM3 Met.
Added stable release maintainers to CODEOWNERS.
Addressed graphviz CVE-2023-46045 & CVE-2020-18032.
Addressed hvloader openssl related CVEs (CVE-2023-0286, CVE-2023-0215, CVE-2022-4450, CVE-2022-4304).
Addressed reaper CVE-2024-4068.
Addressed hyperv-daemons CVE-2024-26951, CVE-2024-26961, CVE-2024-26965, CVE-2024-26966, CVE-2024-26973, CVE-2024-26977, CVE-2024-26984, CVE-2024-26993, CVE-2024-27000, CVE-2024-27018, CVE-2024-35848, CVE-2024-35912, CVE-2024-36008, CVE-2023-3269, CVE-2023-3338, CVE-2023-33951, CVE-2023-33952, CVE-2023-35826.
Addressed kernel CVE-2022-38096, CVE-2023-47233, CVE-2023-52827, CVE-2024-25739, CVE-2024-26900, CVE-2024-26902, CVE-2024-26929, CVE-2024-26934, CVE-2024-26949, CVE-2024-26952, CVE-2024-26979, CVE-2024-27013, CVE-2024-27015, CVE-2024-27016, CVE-2024-27018, CVE-2024-27019, CVE-2024-27020, CVE-2024-35978, CVE-2024-35982, CVE-2024-35984, CVE-2024-35990, CVE-2024-35997, CVE-2024-36008, CVE-2023-52447, CVE-2024-21803, CVE-2024-26587, CVE-2024-26588.
Attached EOL manifest to base containers as well.
Built redis with BUILD_TLS=yes.
CVE-2022-34169: docbook-style-xsl - upgraded embedded xalan jar from 2.7.2 to 2.7.3.
Enabled KNI module in DPDK build.
Fixed ceph CVE-2023-43040.
Fixed dhcp CVE-2022-38177, CVE-2022-38178, CVE-2022-2795 for bind.
Fixed fluent-bit CVE-2024-34250.
Fixed Fluent-bit issues #8198 and #8025.
Fixed glibc nscd breakage and patched CVE-2024-33599, CVE-2024-33600, CVE-2024-33601, CVE-2024-33602.
Fixed kubernetes missing autopatch for CVE-2023-5408.
Fixed moby-compose CVE-2024-24786, CVE-2024-23650, CVE-2023-2253.
Fixed openssl CVE-2023-50782 affecting python-cryptography.
Fixed openssl to only free buffers when done.
Fixed prometheus-adapter CVE-2024-24786.
Fixed python-jinja2 for CVE-2024-34064.
Fixed pytorch CVE-2024-31584.
Fixed CVE-2023-45288 in multiple packages.
Fixed CVE-2023-48795 in moby-compose by patching vendor packages.
Fixed CVE-2024-3154 in package cri-o.
Fixed CVE-2024-34459 for libxml2.
Fixed epoch matching in 'InstallPackageRegex'.
Fixed Kubernetes missing auto patch.
Fixed Perl automatic requires and provides.
Fixed Ptest zchunk.
Mitigated libdwarf CVE-2024-2002.
Moved nmi from SPEC to SPEC-EXTENDED.
Moved src tarballs to AME - mariner 2.0.
Patched apparmor for CVE-2024-31755.
Patched bluez for CVE-2023-50229.
Patched ceph for multiple CVEs.
Patched coredns cache plugin to address CVE-2024-0874.
Patched cups CVE-2022-26691.
Patched dhcp for CVE-2023-2828.
Patched frr CVE-2024-27913 and CVE-2024-34088.
Patched libvirt for CVE-2024-4418.
Patched python-requests CVE-2024-35195.
Patched python-tqdm CVE-2024-34062.
Patched python-werkzeug CVE-2024-34069.
Patched ruby CVE-2024-27282.
Patched CVE-2024-26147 for cert-manager.
Re-fixed telegraf CVE-2024-28110.
Refactored Golden Container main.
Removed newly added explicit version dependencies in gdal and netcdf.
Resolved hvloader CVEs in edk2's bundled openssl.
Resolved telegraf CVE-2024-27289.
Resolved overflow warnings from installutils.go:ProvisionUserSSHCerts.
Resolved regressed ansible CVE-2023-5764.
Tuned some kernel configs for aarch64.
Updated facter version to support Mariner.
Updated kernel-mos to 5.15.158.2.
Updated python h5py to fix build break caused by recent HDF5 update.
Updated and corrected ruby CVE-2024035176.patch.
Updated OpenSSL version in python-cryptography to fix CVE-2023-50782.
Upgraded azcopy to 10.24.0 to fix multiple security issues.
Upgraded azl-compliance to version 1.0.2.
Upgraded clamav to 1.0.6.
Upgraded cri-o to v1.22.3 to resolve regressed CVE-2022-0811.
Upgraded cri-tools to 1.29.0 CVE-2023-45142.
Upgraded fluent-bit to 2.2.3 to fix CVE-2024-4323.
Upgraded git to 2.39.4 Fix CVE-2024-32002, CVE-2024-32004, CVE-2024-32020, CVE-2024-32021, CVE-2024-32465.
Upgraded hdf5 to 1.14.4. to fix several CVEs.
Upgraded httpd to fix CVE-2024-27316, CVE-2023-38709, and CVE-2024-24795.
Upgraded iperf3 3.14 -> 3.17 to address CVE-2024-26306.
Upgraded kata(-cc) to LSG release v2405.9.2.
Upgraded kernel to 5.15.158.2.
Upgraded msft-golang 1.22.2 -> 1.22.3 to address CVE-2024-24787 & CVE-2024-24788.
Upgraded net-snmp to 5.9.4 Fixes for CVE-2022-44792 and CVE-2022-44793.
Upgraded nodejs18 to 18.20.2 address CVEs.
Upgraded openvswitch to 2.17.9 to fix CVE-2023-5366 and CVE-2023-3966.
Upgraded php to 8.1.28 to fix CVE-2024-2756, CVE-2024-3096.
Upgraded postgresql to 14.12 CVE-2024-4317.
Upgraded rubygem-rexml to 3.2.7 to resolve CVE-2024-35176.
Upgraded zeromq to 4.3.5.
Upgraded Kata to 3.2.0.azl1.
Used legacy builder for distroless golden containers.
3.0.20240524
This is the preview release for 3.0.20240524
2.0.20240425
Add configurability in systemd to control default value of UseDomains parameter
Add image-id file in etc dir to support off-cycle container and image upgrades
Bump golang.org/x/net from 0.18.0 to 0.23.0 in /toolkit/tools
Cherry-pick delta for Overlay Dracut Module from 3.0-dev to main.
Downgrade cloud-init to 23.3 via epoch. (New version is 1:23.3-2)
Enable CONFIG_NFT_OBJREF
Fix CVE-2024-22189 in coredns by patching vendored package quic-go
Fix CVE-2024-28085 in util-linux by backporting the patch
Fix extended build breaks for libotr, gupnp, samba
Fix openssl unconstrained session cache growth in TLSv1.3
Fix the date in logs
Fixed setting of the ToolkitVersion variable for our Go tools.
Moved distroless cert dependencies out of the meta package distroless-packages.
Patch Perl for CVE-2023-47100, CVE-2023-31484, CVE-2023-31486
Patch cri-o to fix CVE-2021-3602, CVE-2022-27651, CVE-2022-2995, CVE-2023-42821
Patch cups for CVE-2023-4504, CVE-2023-32324 and CVE-2023-34241
Patch kubernetes for CVE-2023-5408
Patch less for cve-2024-32487
Patch libreswan for cve-2024-3652
Patch libvirt for CVE-2024-2494
Patch nodejs to fix CVE-2024-27983
Patch pytorch for CVE-2024-27319, CVE-2024-31580 CVE-2024-31583
Patch ruby for CVE-2024-27280 and CVE-2024-27281
Patch terraform for CVE-2024-3817 vendored go-getter
Remove Kernel Required Configs Check
Remove nodejs(16) as it's End of Life
Remove obsolete build dependency from moby-containerd-cc
Update selinux-policy to add checkpoint restore for getty.
Update sos to copy kernel config and vmcore
Upgrade ca-certificates Msft cert change
Upgrade conmon to 2.1.2 to fix CVE-2022-1708
Upgrade cri-o to 1.21.7 for CVE-2022-0811, add patch for CVE-2022-1708
Upgrade dhcp to 4.4.3 to fix CVE-2022-2928 and CVE-2022-2929
Upgrade fluent-bit to 2.2.2 to fix CVE-2024-23722
Upgrade git-lfs from 3.4.1 -> 3.5.1 to address CVE-2023-39325 & CVE-2023-45288
Upgrade git-lfs to 3.4.1 to fix multiple CVEs
Upgrade moby-engine & moby-cli from 20.10.27 -> 24.0.9
Upgrade msft-golang from 1.21.8 -> 1.22.2
Upgrade opa to 0.63.0 to fix CVE-2023-45142
Upgrade packer to 1.10.1 to address CVE-2023-49569
Upgrade skopeo from 0.14.1 -> 0.14.2 to include Docker Daemon fix
Upgrade telegraf to 1.29.4 to fix CVE-2023-50658
[kata-cc] kata-packages-uvm: add cifs-utils as dependency
[kata-cc] kernel-uvm: enable CIFS modules
2.0.20240403
Add patch for cloud-init pkg install error
Add patch to limit pytest-mypy-plugins version for python-attrs test
Disabled experimental c-ares module from python-gevent (also fixes CVE-2021-22931)
Enabled ccache and artifact suffixes for fast-track PR check
Exclude overlayfs module from main dracut package.
Explicitly add libgcc as a requires to distroless base
Fix imagegen tools (toolkit) to Write fstab file in correct order.
Fix kata-containers to use system OpenSSL
Fix kata-containers-cc to fix macro expansion (use grub2-rpm-macros)
Fix kata-containers-cc virtiofsd dependency
Fix mariner_2_initrd_use_suffix kdump.conf option
Fix moby-compose license for ASL 2.0
Fix msft-golang to include go.env in GOROOT
Fix python-prettytables ptest.
Fix python-remoto ptest
Fix toolchain rebuilds for delta builds.
Force systemd coredump to use LZ4 compression
Limited cascading rebuilds for the fast-track PR check to 1.
Modify cython to skip long tests.
Patch CVE-2023-52160 for wpa_supplicant
Patch libtiff to fix CVE-2023-52356
Patch PAM to fix CVE-2024-22365
Patch azure-iot-sdk-c to address CVE-2024-25110 and CVE-2024-27099 - bran
Patch clamav to fix CVE-2024-20328
Patch expat to fix CVE-2023-52426
Patch kubervirt for CVE-2022-41723
Patch less to fix CVE-2022-48624
Patch libvirt to fix CVE-2024-1441 and CVE-2024-2496
Patch nodejs18 to fix CVE-2024-22025 (NOTE: nodejs[16] is end of life and will be removed from build at next monthly update)
Patch open-vm-tools to address CVE-2023-34058 & CVE-2023-34059
Patch to package qt5-qtbase to address CVE-2022-25643
Patch unixODBC to fix CVE-2024-1013
Patch xorg-x11-server to fix CVE-2023-5574, CVE-2023-5367 & CVE-2023-5380, CVE-2023-6816, CVE-2024-21885
Removed the runOnHost flag to fix the fast-track PR check pipelines.
Switch qemu-guest base image to kernel instead of kernel-hci
Update expat changelog
Update guava to 32.1.3 in Javapackages-bootstrap
Update toolchain container bootstrap to 2.0.20240123
Upgrade Kernel to 5.15.153.1 to address kernel CVE-2014-3185, CVE-2015-5157, CVE-2022-2585, CVE-2022-2586, CVE-2022-2588,CVE-2022-2602, CVE-2023-5090, CVE-2023-5633, CVE-2023-6040, CVE-2023-6200, CVE-2023-6560, CVE-2023-35827, CVE-2023-46838, CVE-2023-52429, CVE-2023-50431, CVE-2023-52434, CVE-2023-52435, CVE-2024-0340, CVE-2024-0562, CVE-2024-0646, CVE-2024-0775, CVE-2024-1086, CVE-2024-23849, CVE-2024-23850, CVE-2024-23851
Upgrade ansible to 2.14.4 fix CVE-2024-0690
Upgrade ca-certificates Msft cert change
Upgrade emacs to 29.3 to fix CVE-2024-30202, CVE-2024-30204, CVE-2024-30205
Upgrade expat to 2.6.2 CVE-2023-52425 and CVE-2024-28757
Upgrade helm to 3.14.2 CVE-2024-26147
Upgrade libreswan to 4.14
Upgrade msft-golang to 1.21.8 to fix CVEs
Upgrade nmi to 1.8.17 CVE-2022-41717, CVE-2022-23551
Upgrade node-problem-detector to version v0.8.17 and patch CVE-2024-24786
Upgrade python to 3.9.19: address CVE-2023-6597 and other security concerns
Upgrade zstd to 1.5.4 CVE-2022-4899
Upgrade etcd to version 3.5.12.
Patch gnutls to fix CVE-2024-0567
Patch telegraf for CVE-2024-27304 and CVE-2024-28110
Kata: Release v3.2.0.azl0 for both vanilla and CC based on aligned sources
Kata: upgrade kernel-uvm and kata-conatainers-cc for LSG release v2402.26.1