Граф коммитов

1617 Коммитов

Автор SHA1 Сообщение Дата
Rachel Menge c5b6704f80
Remove Amateur Radio X.25 PLP Rose for CVE-2022-2961 (#10826)
The rose_bind() function which is used in the AX.25 PLP Rose protocol introduced a race condition which has CVE-2022-2961. Therefore remove rose support.
2024-10-24 14:40:32 -07:00
Muhammad Falak R Wani b958bee0c4
curl: address CVE-2024-8096 (#10731)
Signed-off-by: Muhammad Falak R Wani <falakreyaz@gmail.com>
2024-10-23 11:40:11 +05:30
Muhammad Falak R Wani 60d78f8b22
nghttp2: address CVE-2024-28182 (#10656)
Signed-off-by: Muhammad Falak R Wani <falakreyaz@gmail.com>
2024-10-23 09:18:37 +05:30
CBL-Mariner-Bot cdd7571aab
[AUTO-CHERRYPICK] libarchive: Patch CVE-2024-48957, CVE-2024-48958, CVE-2024-20696 - branch main (#10770)
Co-authored-by: Nan Liu <108544011+liunan-ms@users.noreply.github.com>
2024-10-18 15:31:34 -04:00
CBL-Mariner-Bot 6677f60264
[AUTO-CHERRYPICK] python3: Add patch for CVE-2024-4032 - branch main (#10620)
Co-authored-by: Ankita Pareek <56152556+Ankita13-code@users.noreply.github.com>
2024-10-04 14:17:25 -07:00
Pawel Winogrodzki 2d9218893c
Fixed spec entanglement PR check (CP: #10585) (#10586) 2024-09-30 17:50:08 -07:00
Minghe Ren 2340f8b4e8
add Azure marketplace ARM64 FIPS image definition (#10526)
Co-authored-by: minghe <rmhsawyer>
2024-09-27 15:37:33 -07:00
CBL-Mariner-Bot a67cb06cad
[AUTO-CHERRYPICK] apply patch to fix CVE-2024-6232 and CVE-2024-8088 for python3 2.0 - branch main (#10553)
Co-authored-by: himaja-kesari <123194058+himaja-kesari@users.noreply.github.com>
2024-09-26 11:41:52 -07:00
CBL-Mariner-Bot 0dd6087151
[AUTO-CHERRYPICK] Patch CVE-2023-27534 in cmake - branch main (#10509)
Co-authored-by: suresh-thelkar <suresh.thelkar@yahoo.com>
2024-09-24 11:43:24 -07:00
CBL-Mariner-Bot 99c054afa8
[AUTO-CHERRYPICK] Revert to 1.19.4, add epoch and add patch for CVE-2024-37371 and CVE-2024-37370 - branch main (#10491)
Co-authored-by: nicolas guibourge <nicogbg@gmail.com>
2024-09-19 13:21:37 -07:00
CBL-Mariner-Bot fe555eb3f8
[AUTO-CHERRYPICK] Patch libxml2 to resolve CVE-2024-25062 - branch main (#10490)
Co-authored-by: Sumedh Alok Sharma <sumsharma@microsoft.com>
2024-09-19 11:49:26 -07:00
CBL-Mariner-Bot 030781f783
[AUTOPATCHER-kernel] Kernel upgrade to version 5.15.167.1 - branch main (#10482) 2024-09-18 14:47:00 -07:00
CBL-Mariner-Bot 1b5b551f9a
[AUTO-CHERRYPICK] Upgrade expat to 2.6.3 to fix CVE-2024-45490, CVE-2024-45491, CVE-2024-45492 - branch main (#10401)
Co-authored-by: Gary Swalling <31018813+gjswalling@users.noreply.github.com>
2024-09-13 17:46:06 -04:00
CBL-Mariner-Bot 31e961bbcc
[AUTO-CHERRYPICK] Patch CVE-2024-6197 in curl - branch main (#10397)
Co-authored-by: aadhar-agarwal <108542189+aadhar-agarwal@users.noreply.github.com>
2024-09-13 17:45:35 -04:00
CBL-Mariner-Bot 4fbe84fd70
[AUTO-CHERRYPICK] krb5: Add patch for fixing CVE-2024-26458 and CVE-2024-26461 - branch main (#10351)
Co-authored-by: Ankita Pareek <56152556+Ankita13-code@users.noreply.github.com>
2024-09-09 21:41:28 -07:00
CBL-Mariner-Bot 4afdb4c47c
[AUTOPATCHER-kernel] Kernel upgrade to version 5.15.165.1 - branch main (#10284) 2024-08-30 11:10:34 -07:00
Christopher Co 5470899977
feat: enable USB_TMC as module (#10006)
Enables USB Test and Measurement Class driver as a loadable kernel module. Used for many USB devices that meet the USB Test and Measurement device specification, like HW and Power Analyzers.

Signed-off-by: Chris Co <chrco@microsoft.com>
2024-08-28 08:10:52 -07:00
CBL-Mariner-Bot 54b7e86fd1
[AUTO-CHERRYPICK] python3: CVE-2024-7592 (mariner 2) - branch main (#10223)
Co-authored-by: bfjelds <bfjelds@microsoft.com>
2024-08-23 14:38:46 -04:00
CBL-Mariner-Bot f056ffd982
[AUTO-CHERRYPICK] Set ptest retries to 1 for PR package build check. - branch main (#10215)
Co-authored-by: Pawel Winogrodzki <pawelwi@microsoft.com>
2024-08-23 14:38:17 -04:00
CBL-Mariner-Bot f619b67495
[AUTO-CHERRYPICK] Patch cmake for CVE-2023-28320 - branch main (#10137)
Co-authored-by: joejoew <111843948+joejoew@users.noreply.github.com>
2024-08-19 11:43:03 -07:00
CBL-Mariner-Bot 76613af222
[AUTO-CHERRYPICK] [AUTOPATCHER-kernel] Kernel upgrade to version 5.15.164.1 - branch fasttrack/2.0 - branch main (#10170) 2024-08-19 10:17:49 -07:00
CBL-Mariner-Bot 93ca32cc0d
[AUTOUPGRADE-CORE] Upgrade ca-certificates Msft cert change (#10080) 2024-08-13 17:37:39 -07:00
Daniel McIlvaney de885a9964
Backport: Update toolkit's gonum to v0.15.0 (#9965)
Co-authored-by: Sam Meluch <109628994+sameluch@users.noreply.github.com>
2024-08-06 13:11:26 -07:00
Rohit Rawat 788cd8f52d
Python3 patch CVE-2024-0397 (#9970) 2024-07-30 07:39:55 -04:00
CBL-Mariner-Bot a80826bba9
[AUTO-CHERRYPICK] Bug fix in patch CVE-2024-5535 in openssl - branch main (#9961)
Co-authored-by: suresh-thelkar <suresh.thelkar@yahoo.com>
Co-authored-by: Suresh Thelkar <sthelkar@microsoft.com>
2024-07-29 22:24:08 -04:00
sindhu-karri dd995b7be9
Fix CVE-2024-6345 in python3 (#9904) 2024-07-26 10:53:15 +05:30
Muhammad Falak R Wani a76c83ad92
curl: upgrade 8.5.0 -> 8.8.0 to address CVE-2024-2398 (#9832)
Changelog: https://curl.se/changes.html#8_8_0
Signed-off-by: Muhammad Falak R Wani <falakreyaz@gmail.com>
2024-07-26 10:14:11 +05:30
CBL-Mariner-Bot e5afaac73c
[AUTOPATCHER-CORE] Upgrade krb5 to 1.21.3 CVE-2024-37371, CVE-2024-37370 (#9921)
Co-authored-by: Adit Jha <aditjha@microsoft.com>
2024-07-25 17:16:18 -07:00
Sam Meluch 8ecb1756f5
Filter out debuginfo packages when running sodiff (#6698)
Co-authored-by: Sam Meluch <sam.meluch@microsoft.com>
2024-07-25 12:35:06 -05:00
CBL-Mariner-Bot 5e921ee588
[AUTO-CHERRYPICK] Patch CVE-2024-5535 in openssl - branch main (#9905) 2024-07-25 20:34:06 +05:30
Tobias Brick 297b90e3d0
fix intermittent openssl FIPS selftest failures in jitterentropy (#9890) 2024-07-23 12:58:32 -07:00
CBL-Mariner-Bot 8539e10c93
[AUTOPATCHER-kernel] Kernel upgrade to version 5.15.162.2 - branch main (#9867) 2024-07-19 11:56:19 -07:00
CBL-Mariner-Bot 77d1924e4c
[AUTO-CHERRYPICK] [AUTOPATCHER-kernel] Kernel upgrade to version 5.15.162.1 - branch fasttrack/2.0 - branch main (#9834) 2024-07-15 10:46:55 -07:00
Muhammad Falak R Wani 36367cba80
toolkit: bump azidentity 1.3.1 -> 1.6.0 to address CVE-2024-35255 (#9382)
Fixes: https://github.com/microsoft/azurelinux/security/dependabot/13
Signed-off-by: Muhammad Falak R Wani <falakreyaz@gmail.com>
2024-06-27 07:43:10 +05:30
CBL-Mariner-Bot e5d9cb6d2d
[AUTOPATCHER-kernel] Kernel upgrade to version 5.15.160.1 - branch main (#9362)
This upgrade also contains ccf143f "Revert netfilter: br_netfilter: skip conntrack input hook for promisc packets" to unblock hairpin functionality.
2024-06-25 17:07:38 -07:00
Nan Liu ddbdd8987b
libarchive: add patch to resolve CVE-2024-26256 (#9340) 2024-06-13 09:02:08 -07:00
CBL-Mariner-Bot e2c8d9e5da
[FASTTRACK-CHERRYPICK] openssl: Fix CVE-2023-50782 affecting python-cryptography - branch main (#9318)
Co-authored-by: J Camposeco <108859819+jcamposeco@users.noreply.github.com>
Co-authored-by: Juan Camposeco <juanarturoc@microsoft.com>
2024-06-07 14:54:22 -07:00
Rachel Menge 7b83725990
Upgrade kernel to 5.15.158.2 (#9358)
5.15.157.1 introduced a failure with network hairpinning on AKS. Upgrade to 5.15.158.2 which has the commit [dceb683] reverted.
2024-06-07 14:34:36 -07:00
CBL-Mariner-Bot 0d51af78bb
[AUTO-CHERRYPICK] CVE-2022-34169: docbook-style-xsl - upgrade embedded xalan jar from 2.7.2 to 2.7.3 (fasttrrack/2.0) - branch main (#9308)
Co-authored-by: bfjelds <bfjelds@microsoft.com>
2024-06-06 11:28:44 -07:00
Tobias Brick 3eef9c87e1
openssl: only free buffers when done (#9309) 2024-06-04 15:21:33 -07:00
jslobodzian 4246a18833 Revert "Fixed Perl automatic requires and provides. (#9226)"
This reverts commit 6b8eb01bf0.
2024-06-04 00:09:50 -04:00
CBL-Mariner-Bot f0b8294283
[AUTOPATCHER-kernel] Kernel upgrade to version 5.15.159.1 - branch main (#9187) 2024-05-29 14:31:46 -07:00
Pawel Winogrodzki 6b8eb01bf0
Fixed Perl automatic requires and provides. (#9226) 2024-05-26 22:20:56 -07:00
Sudipta Pandit fb499af135
fix python-jinja2 for CVE-2024-34064 (#9188) 2024-05-24 19:08:28 +05:30
Sudipta Pandit 90eef0e159
fix CVE-2024-34459 for libxml2 (#9186) 2024-05-23 13:38:38 +05:30
nicolas guibourge 8f57105e73
move src tarballs to AME - mariner 2.0 (#8925)
Co-authored-by: CBL-Mariner Servicing Account <cblmargh@microsoft.com>
2024-05-17 14:12:32 -07:00
CBL-Mariner-Bot 4310410a6f
[AUTO-CHERRYPICK] Fixing epoch matching in 'InstallPackageRegex'. - branch main (#9131)
Co-authored-by: Pawel Winogrodzki <pawelwi@microsoft.com>
2024-05-16 14:18:15 -07:00
Rachel Menge 332adb9675
glibc: Fix nscd breakage and patch CVE-2024-33599, CVE-2024-33600, CVE-2024-33601, CVE-2024-33602 (#9051)
This commit does 3 things: address ipv6 breakage with nscd due to previous CVE fix, reformat previous CVE patches, and patch 4 new CVEs

The ipv6 w/ nscd breakage was due to CVE-2023-4806's patch and caused wrong results with IPv6 addresses when using nscd. The patch mixes up the variables i and count. Therefore backport the fix (227c903).

Additionally, the above fix highlighted that our original patches for CVE-2023-4806 and CVE-2023-5156 were malformed. Specifically, the CVE-2023-4806 patch which updates "/sysdeps/posix/getaddrinfo.c.” to latest from glibc-2.35 (commit 17092c0) did not include the changes to other files (mostly additional tests so impact was low) but did partially include CVE-2023-5156's changes. To fix, regenerate both patches based on commits from upstream stable 2.35.

Finally, this PR applies patches for CVE-2024-33599, CVE-2024-33600, CVE-2024-33601, CVE-2024-33602
2024-05-10 18:50:52 -07:00
CBL-Mariner-Bot ee407800d9
[AUTOPATCHER-kernel] Kernel upgrade to version 5.15.158.1 - branch main (#9076)
Co-authored-by: Rachel Menge <rachelmenge@microsoft.com>
2024-05-10 17:34:24 -07:00
CBL-Mariner-Bot 043fdf285e
[AUTOPATCHER-kernel] Kernel upgrade to version 5.15.157.1 - branch main (#8958)
Co-authored-by: Rachel Menge <rachelmenge@microsoft.com>
This upgrade introduces several upstream kernel kconfig changes.
Notably, it turned on additional mitigations for spectre attacks 
and introduced function alignment knobs.
2024-05-01 23:03:56 -07:00