Rachel Menge
c5b6704f80
Remove Amateur Radio X.25 PLP Rose for CVE-2022-2961 ( #10826 )
...
The rose_bind() function which is used in the AX.25 PLP Rose protocol introduced a race condition which has CVE-2022-2961. Therefore remove rose support.
2024-10-24 14:40:32 -07:00
Muhammad Falak R Wani
b958bee0c4
curl: address CVE-2024-8096 ( #10731 )
...
Signed-off-by: Muhammad Falak R Wani <falakreyaz@gmail.com>
2024-10-23 11:40:11 +05:30
Muhammad Falak R Wani
60d78f8b22
nghttp2: address CVE-2024-28182 ( #10656 )
...
Signed-off-by: Muhammad Falak R Wani <falakreyaz@gmail.com>
2024-10-23 09:18:37 +05:30
CBL-Mariner-Bot
cdd7571aab
[AUTO-CHERRYPICK] libarchive: Patch CVE-2024-48957, CVE-2024-48958, CVE-2024-20696 - branch main ( #10770 )
...
Co-authored-by: Nan Liu <108544011+liunan-ms@users.noreply.github.com>
2024-10-18 15:31:34 -04:00
CBL-Mariner-Bot
6677f60264
[AUTO-CHERRYPICK] python3: Add patch for CVE-2024-4032 - branch main ( #10620 )
...
Co-authored-by: Ankita Pareek <56152556+Ankita13-code@users.noreply.github.com>
2024-10-04 14:17:25 -07:00
Pawel Winogrodzki
2d9218893c
Fixed spec entanglement PR check (CP: #10585 ) ( #10586 )
2024-09-30 17:50:08 -07:00
Minghe Ren
2340f8b4e8
add Azure marketplace ARM64 FIPS image definition ( #10526 )
...
Co-authored-by: minghe <rmhsawyer>
2024-09-27 15:37:33 -07:00
CBL-Mariner-Bot
a67cb06cad
[AUTO-CHERRYPICK] apply patch to fix CVE-2024-6232 and CVE-2024-8088 for python3 2.0 - branch main ( #10553 )
...
Co-authored-by: himaja-kesari <123194058+himaja-kesari@users.noreply.github.com>
2024-09-26 11:41:52 -07:00
CBL-Mariner-Bot
0dd6087151
[AUTO-CHERRYPICK] Patch CVE-2023-27534 in cmake - branch main ( #10509 )
...
Co-authored-by: suresh-thelkar <suresh.thelkar@yahoo.com>
2024-09-24 11:43:24 -07:00
CBL-Mariner-Bot
99c054afa8
[AUTO-CHERRYPICK] Revert to 1.19.4, add epoch and add patch for CVE-2024-37371 and CVE-2024-37370 - branch main ( #10491 )
...
Co-authored-by: nicolas guibourge <nicogbg@gmail.com>
2024-09-19 13:21:37 -07:00
CBL-Mariner-Bot
fe555eb3f8
[AUTO-CHERRYPICK] Patch libxml2 to resolve CVE-2024-25062 - branch main ( #10490 )
...
Co-authored-by: Sumedh Alok Sharma <sumsharma@microsoft.com>
2024-09-19 11:49:26 -07:00
CBL-Mariner-Bot
030781f783
[AUTOPATCHER-kernel] Kernel upgrade to version 5.15.167.1 - branch main ( #10482 )
2024-09-18 14:47:00 -07:00
CBL-Mariner-Bot
1b5b551f9a
[AUTO-CHERRYPICK] Upgrade expat to 2.6.3 to fix CVE-2024-45490, CVE-2024-45491, CVE-2024-45492 - branch main ( #10401 )
...
Co-authored-by: Gary Swalling <31018813+gjswalling@users.noreply.github.com>
2024-09-13 17:46:06 -04:00
CBL-Mariner-Bot
31e961bbcc
[AUTO-CHERRYPICK] Patch CVE-2024-6197 in curl - branch main ( #10397 )
...
Co-authored-by: aadhar-agarwal <108542189+aadhar-agarwal@users.noreply.github.com>
2024-09-13 17:45:35 -04:00
CBL-Mariner-Bot
4fbe84fd70
[AUTO-CHERRYPICK] krb5: Add patch for fixing CVE-2024-26458 and CVE-2024-26461 - branch main ( #10351 )
...
Co-authored-by: Ankita Pareek <56152556+Ankita13-code@users.noreply.github.com>
2024-09-09 21:41:28 -07:00
CBL-Mariner-Bot
4afdb4c47c
[AUTOPATCHER-kernel] Kernel upgrade to version 5.15.165.1 - branch main ( #10284 )
2024-08-30 11:10:34 -07:00
Christopher Co
5470899977
feat: enable USB_TMC as module ( #10006 )
...
Enables USB Test and Measurement Class driver as a loadable kernel module. Used for many USB devices that meet the USB Test and Measurement device specification, like HW and Power Analyzers.
Signed-off-by: Chris Co <chrco@microsoft.com>
2024-08-28 08:10:52 -07:00
CBL-Mariner-Bot
54b7e86fd1
[AUTO-CHERRYPICK] python3: CVE-2024-7592 (mariner 2) - branch main ( #10223 )
...
Co-authored-by: bfjelds <bfjelds@microsoft.com>
2024-08-23 14:38:46 -04:00
CBL-Mariner-Bot
f056ffd982
[AUTO-CHERRYPICK] Set ptest retries to 1 for PR package build check. - branch main ( #10215 )
...
Co-authored-by: Pawel Winogrodzki <pawelwi@microsoft.com>
2024-08-23 14:38:17 -04:00
CBL-Mariner-Bot
f619b67495
[AUTO-CHERRYPICK] Patch cmake for CVE-2023-28320 - branch main ( #10137 )
...
Co-authored-by: joejoew <111843948+joejoew@users.noreply.github.com>
2024-08-19 11:43:03 -07:00
CBL-Mariner-Bot
76613af222
[AUTO-CHERRYPICK] [AUTOPATCHER-kernel] Kernel upgrade to version 5.15.164.1 - branch fasttrack/2.0 - branch main ( #10170 )
2024-08-19 10:17:49 -07:00
CBL-Mariner-Bot
93ca32cc0d
[AUTOUPGRADE-CORE] Upgrade ca-certificates Msft cert change ( #10080 )
2024-08-13 17:37:39 -07:00
Daniel McIlvaney
de885a9964
Backport: Update toolkit's gonum to v0.15.0 ( #9965 )
...
Co-authored-by: Sam Meluch <109628994+sameluch@users.noreply.github.com>
2024-08-06 13:11:26 -07:00
Rohit Rawat
788cd8f52d
Python3 patch CVE-2024-0397 ( #9970 )
2024-07-30 07:39:55 -04:00
CBL-Mariner-Bot
a80826bba9
[AUTO-CHERRYPICK] Bug fix in patch CVE-2024-5535 in openssl - branch main ( #9961 )
...
Co-authored-by: suresh-thelkar <suresh.thelkar@yahoo.com>
Co-authored-by: Suresh Thelkar <sthelkar@microsoft.com>
2024-07-29 22:24:08 -04:00
sindhu-karri
dd995b7be9
Fix CVE-2024-6345 in python3 ( #9904 )
2024-07-26 10:53:15 +05:30
Muhammad Falak R Wani
a76c83ad92
curl: upgrade 8.5.0 -> 8.8.0 to address CVE-2024-2398 ( #9832 )
...
Changelog: https://curl.se/changes.html#8_8_0
Signed-off-by: Muhammad Falak R Wani <falakreyaz@gmail.com>
2024-07-26 10:14:11 +05:30
CBL-Mariner-Bot
e5afaac73c
[AUTOPATCHER-CORE] Upgrade krb5 to 1.21.3 CVE-2024-37371, CVE-2024-37370 ( #9921 )
...
Co-authored-by: Adit Jha <aditjha@microsoft.com>
2024-07-25 17:16:18 -07:00
Sam Meluch
8ecb1756f5
Filter out debuginfo packages when running sodiff ( #6698 )
...
Co-authored-by: Sam Meluch <sam.meluch@microsoft.com>
2024-07-25 12:35:06 -05:00
CBL-Mariner-Bot
5e921ee588
[AUTO-CHERRYPICK] Patch CVE-2024-5535 in openssl - branch main ( #9905 )
2024-07-25 20:34:06 +05:30
Tobias Brick
297b90e3d0
fix intermittent openssl FIPS selftest failures in jitterentropy ( #9890 )
2024-07-23 12:58:32 -07:00
CBL-Mariner-Bot
8539e10c93
[AUTOPATCHER-kernel] Kernel upgrade to version 5.15.162.2 - branch main ( #9867 )
2024-07-19 11:56:19 -07:00
CBL-Mariner-Bot
77d1924e4c
[AUTO-CHERRYPICK] [AUTOPATCHER-kernel] Kernel upgrade to version 5.15.162.1 - branch fasttrack/2.0 - branch main ( #9834 )
2024-07-15 10:46:55 -07:00
Muhammad Falak R Wani
36367cba80
toolkit: bump azidentity 1.3.1 -> 1.6.0 to address CVE-2024-35255 ( #9382 )
...
Fixes: https://github.com/microsoft/azurelinux/security/dependabot/13
Signed-off-by: Muhammad Falak R Wani <falakreyaz@gmail.com>
2024-06-27 07:43:10 +05:30
CBL-Mariner-Bot
e5d9cb6d2d
[AUTOPATCHER-kernel] Kernel upgrade to version 5.15.160.1 - branch main ( #9362 )
...
This upgrade also contains ccf143f "Revert netfilter: br_netfilter: skip conntrack input hook for promisc packets" to unblock hairpin functionality.
2024-06-25 17:07:38 -07:00
Nan Liu
ddbdd8987b
libarchive: add patch to resolve CVE-2024-26256 ( #9340 )
2024-06-13 09:02:08 -07:00
CBL-Mariner-Bot
e2c8d9e5da
[FASTTRACK-CHERRYPICK] openssl: Fix CVE-2023-50782 affecting python-cryptography - branch main ( #9318 )
...
Co-authored-by: J Camposeco <108859819+jcamposeco@users.noreply.github.com>
Co-authored-by: Juan Camposeco <juanarturoc@microsoft.com>
2024-06-07 14:54:22 -07:00
Rachel Menge
7b83725990
Upgrade kernel to 5.15.158.2 ( #9358 )
...
5.15.157.1 introduced a failure with network hairpinning on AKS. Upgrade to 5.15.158.2 which has the commit [dceb683] reverted.
2024-06-07 14:34:36 -07:00
CBL-Mariner-Bot
0d51af78bb
[AUTO-CHERRYPICK] CVE-2022-34169: docbook-style-xsl - upgrade embedded xalan jar from 2.7.2 to 2.7.3 (fasttrrack/2.0) - branch main ( #9308 )
...
Co-authored-by: bfjelds <bfjelds@microsoft.com>
2024-06-06 11:28:44 -07:00
Tobias Brick
3eef9c87e1
openssl: only free buffers when done ( #9309 )
2024-06-04 15:21:33 -07:00
jslobodzian
4246a18833
Revert "Fixed Perl automatic requires and provides. ( #9226 )"
...
This reverts commit 6b8eb01bf0
.
2024-06-04 00:09:50 -04:00
CBL-Mariner-Bot
f0b8294283
[AUTOPATCHER-kernel] Kernel upgrade to version 5.15.159.1 - branch main ( #9187 )
2024-05-29 14:31:46 -07:00
Pawel Winogrodzki
6b8eb01bf0
Fixed Perl automatic requires and provides. ( #9226 )
2024-05-26 22:20:56 -07:00
Sudipta Pandit
fb499af135
fix python-jinja2 for CVE-2024-34064 ( #9188 )
2024-05-24 19:08:28 +05:30
Sudipta Pandit
90eef0e159
fix CVE-2024-34459 for libxml2 ( #9186 )
2024-05-23 13:38:38 +05:30
nicolas guibourge
8f57105e73
move src tarballs to AME - mariner 2.0 ( #8925 )
...
Co-authored-by: CBL-Mariner Servicing Account <cblmargh@microsoft.com>
2024-05-17 14:12:32 -07:00
CBL-Mariner-Bot
4310410a6f
[AUTO-CHERRYPICK] Fixing epoch matching in 'InstallPackageRegex'. - branch main ( #9131 )
...
Co-authored-by: Pawel Winogrodzki <pawelwi@microsoft.com>
2024-05-16 14:18:15 -07:00
Rachel Menge
332adb9675
glibc: Fix nscd breakage and patch CVE-2024-33599, CVE-2024-33600, CVE-2024-33601, CVE-2024-33602 ( #9051 )
...
This commit does 3 things: address ipv6 breakage with nscd due to previous CVE fix, reformat previous CVE patches, and patch 4 new CVEs
The ipv6 w/ nscd breakage was due to CVE-2023-4806's patch and caused wrong results with IPv6 addresses when using nscd. The patch mixes up the variables i and count. Therefore backport the fix (227c903).
Additionally, the above fix highlighted that our original patches for CVE-2023-4806 and CVE-2023-5156 were malformed. Specifically, the CVE-2023-4806 patch which updates "/sysdeps/posix/getaddrinfo.c.” to latest from glibc-2.35 (commit 17092c0) did not include the changes to other files (mostly additional tests so impact was low) but did partially include CVE-2023-5156's changes. To fix, regenerate both patches based on commits from upstream stable 2.35.
Finally, this PR applies patches for CVE-2024-33599, CVE-2024-33600, CVE-2024-33601, CVE-2024-33602
2024-05-10 18:50:52 -07:00
CBL-Mariner-Bot
ee407800d9
[AUTOPATCHER-kernel] Kernel upgrade to version 5.15.158.1 - branch main ( #9076 )
...
Co-authored-by: Rachel Menge <rachelmenge@microsoft.com>
2024-05-10 17:34:24 -07:00
CBL-Mariner-Bot
043fdf285e
[AUTOPATCHER-kernel] Kernel upgrade to version 5.15.157.1 - branch main ( #8958 )
...
Co-authored-by: Rachel Menge <rachelmenge@microsoft.com>
This upgrade introduces several upstream kernel kconfig changes.
Notably, it turned on additional mitigations for spectre attacks
and introduced function alignment knobs.
2024-05-01 23:03:56 -07:00