2f47bcc561
Fix tests for gdb, libxml2, net-snmp, python-werkzeug, skip python-psutil tests ( #703 )
...
* fix libxml2 tests
* fix python-werkzeug tests
* fix net-snmp tests
* skip python-psutil test
* fix gdb tests
* update manifests
2021-03-04 10:16:08 -08:00
af41befcaf
Fix check tests for apparmor, redis, python-pycurl, skip WALinuxAgent ( #693 )
...
* fix redis test issue
* fix apparmor tests
* skip WALinuxAgent tests
* fix python-pycurl test
* verify redis license
2021-03-03 16:38:59 -08:00
9ee0a38a19
Update shadow-utils and td-agent ( #683 )
...
* update shadow-utils and td-agent
* fix linting
* update td-agent Requires
* fix more comments
Co-authored-by: Henry Li <lihl@microsoft.com>
2021-03-02 13:47:55 -08:00
593a4beba4
Fix tests for python-distro and python-requests ( #677 )
...
* fix python-distro tests
* fix python-requests
2021-03-01 16:26:39 -08:00
0f5072e286
Update azure-iotedge to version 1.1.0 ( #669 )
...
* update azure-iotedge and rust
* update cgmanifest.json
* update rust BR version
* update libiothsm-std. use rust 1.47.0
* fix cgmanifest
* remove 1.50.0 specific changes
2021-03-01 10:26:59 -08:00
44f672d00b
bind: fix CVE-2020-8625 ( #675 )
...
Co-authored-by: Nicolas Guibourge <nicolasg@microsoft.com>
2021-03-01 10:12:19 -08:00
06c9109803
openldap: fix CVE-2021-27212 ( #670 )
...
Co-authored-by: nicolasg@microsoft.com <nicolasg@microsoft.com>
2021-02-26 15:28:35 -08:00
9dbfb02934
Fixing `ntopng` source URLs. ( #673 )
2021-02-26 14:43:44 -08:00
c339e6fa6e
Update signatures for espeakup and kernel, ( #671 )
2021-02-25 14:25:12 -06:00
cb6b3515ce
linux-firmware: Add bnx2x and qed firmware, WHENCE, and license files ( #646 )
...
Signed-off-by: Chris Co <chrco@microsoft.com>
2021-02-24 19:31:33 -08:00
fbb71e839e
Support kernel dumps using 5.10 kernel ( #662 )
...
* update crash and kexec-tools to support printk in 5.10 kernel
* update patch files with original commits
* fix cgmanifest crash version
* cleanup
2021-02-24 17:29:35 -08:00
2bbcb44f81
Add text-to-speech packages for accessibility ( #664 )
2021-02-24 16:50:50 -08:00
3c4c5f30f2
Add speakup support to kernel ( #655 )
2021-02-24 16:50:27 -08:00
2f2c835a50
Fix CVE-2020-35498 in openvswitch ( #656 )
...
* Fix CVE-2020-35498 in openvswitch
* Apply linter changes
Co-authored-by: Emre Girgin <mrgirgin@microsoft.com>
2021-02-24 09:33:31 -08:00
9c4b708fc9
fix python-sqlalchemy test ( #658 )
2021-02-23 16:36:56 -08:00
82bba640f4
Update default sudo config ( #648 )
2021-02-22 18:54:30 -08:00
9b2534a123
Update for February release
2021-02-22 17:37:09 -08:00
977de376d3
Add mariner extras repo ( #243 )
...
* Add mariner extras repo
* Add extras preview repo
* Bump version in manifests
2021-02-20 03:26:42 +01:00
aae537bbbc
Update kernel source to 5.10.13.1 ( #601 )
...
Move to the new CBL-Mariner kernel source location and use the latest
5.10.13.1 version.
As part of the upgrade to 5.10.13.1, we can remove some out-of-tree
patches since these patches have been merged into upstream.
Additionally, we need to account for the new location of module.lds
for aarch64 builds. The aarch64 module.lds is no longer checked in
as part of the source tree. See this upstream commit for more details:
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=596b0474d3d9b1242eab713f84d8873f9887d980
Turn off CONFIG_GCC_PLUGIN_RANDSTRUCT protection. This struct
randomization is causing difficulty in parsing vmcore files.
Enable upstream smartpqi driver by default
Signed-off-by: Chris Co <chrco@microsoft.com>
2021-02-19 17:48:41 -08:00
c96924659d
Fix CVE 2020-36242 ( #634 )
...
* Update python-cryptography to 3.3.2
* Update python-cffi
* Update cgmanifest
* Remove old patch file
2021-02-18 17:38:17 +01:00
9382f3845f
Add kernel crypto configs to enable tcrypt in FIPS mode ( #635 )
2021-02-18 06:56:53 -08:00
52badcdd8b
Merge pull request #614 from microsoft/thcrain/glibc-cve-2021-3326
...
Patch CVE-2021-3326 in glibc
2021-02-17 18:26:27 -05:00
84c823f7c1
Enable lz4 compression in systemd ( #637 )
...
Enable lz4 compression in systemd so that journalctl can read lz4 compressed journals
2021-02-16 14:42:40 -08:00
fad9eb35df
Update mysql to version 8.0.23 for CVE-2020-15358 ( #629 )
...
* Update version of mysql
2021-02-16 15:11:15 -05:00
7a69806354
Merge branch '1.0-dev' into thcrain/glibc-cve-2021-3326
2021-02-12 14:52:41 -06:00
fa579fc877
Take patch backported to our version
2021-02-11 21:57:59 -08:00
f6bc5aa1f5
Add patch for qemu CVE-2020-17380 ( #618 )
...
* Add upstream patch for qemu CVE-2020-17390
2021-02-11 12:16:55 -05:00
487f102232
Move dracut FIPS config to /etc/dracut.conf.d/ ( #625 )
2021-02-10 15:44:36 -08:00
d30a71095d
Correctly format output for sha512hmac in kernel hmac calculation ( #620 )
2021-02-10 08:01:07 -08:00
edebc07c3e
Add several networking tools. Enable LLVM RTTI. ( #608 )
...
Enable RTTI in LLVM and clang for bpftrace
Add bpftrace spec
Add libmaxminddb spec
Add ntopng spec
Add vnstat spec
Add libconfuse spec
Add bmon spec
Update pigz to 2.6 and change source to GitHub
2021-02-09 16:41:11 -08:00
1f4d6064d2
Add Libacvp Package ( #607 )
2021-02-09 14:19:21 -08:00
aeecf8701e
Add sha512hmac-openssl to kernel-hyperv source ( #617 )
2021-02-09 14:00:03 -08:00
cdeaf32fa3
Use OpenSSL to hmac calc the kernel ( #615 )
2021-02-09 13:43:57 -08:00
2e9604aaeb
Update release number
2021-02-09 12:44:40 -08:00
eeddecd005
Patch CVE-2021-3326 in glibc
2021-02-09 11:15:29 -08:00
124daab644
Removing the deprecated "Microsoft IT TLS CA 2" CA. ( #188 )
2021-02-09 00:45:26 -08:00
3f40946afe
golang: update latest changelog entry ( #602 )
2021-02-06 18:07:08 -08:00
8e2cee37a7
Add CONFIG_CRYPTO_STATS line in kernel configs ( #599 )
...
* Add CONFIG_CRYPTO_STATS line in kernel configs
* update kernel signatures.json
2021-02-05 14:45:56 -08:00
3207645de2
Use OpenSSL to perform hmac in libkcapi ( #598 )
2021-02-05 14:33:31 -08:00
3f2b61ebcc
update golang version to 1.15.7 ( #595 )
2021-02-05 13:35:16 -08:00
13383d3997
Add FIPS patches for OpenSSL ( #593 )
...
* Apply openssl fips patches from CentOS8
* Calculate and add hmac files for openssl
* Fix patching ec_curve
* Update pkggen and toolchain txt files
* Address openssl spec linting
2021-02-04 07:06:19 -08:00
fbe4c52146
Add package "dracut-fips" ( #592 )
...
* Add dracut-fips package
* Disable tcrypt check in dracut-fips
* Format and apply disable-tcrypt patch
* Minor cleanup
* Fix patch issue
* Address spec linting
* Add dracut-fips to initramfs pkg watch list
* Fix date in initramfs changelog
2021-02-04 07:04:22 -08:00
fd1089c861
Add support for kernel crypto API in user space ( #576 )
...
* Add kernel configs for userspace crypto support
* First version of libkcapi
* Add libkcapi to license map
* Use hmac calc for kernel fips compliance
* Update kernel-headers
* Update kernel-signed* spec files
* Address linting
* Update cgmanifest
* Address comments on libkcapi.spec
* Address spec linting
* Update kernel signatures.json
* Update toolchain/pkggen txt files
* Rename perl-interpreter to perl
* Disable libkcapi tests for now
2021-02-04 06:58:13 -08:00
6322b0f482
Merge pull request #590 from microsoft/lihl/td-agent-fix
...
Fix td-agent installation
2021-02-03 14:58:55 -08:00
fdb00adf12
Merge branch '1.0-dev' into jochi/add-libconfini
2021-02-03 14:50:33 -08:00
ff02635e90
Add conntrack-tools, nmap, pigz, blobfuse ( #591 )
...
* Add pigz spec
* Add blobfuse spec
* Import conntrack-tools spec
* Add ncat spec
2021-02-03 11:34:35 -08:00
d0896d4a40
kernel: enable REED_SOLOMON_DEC8 ( #587 )
...
CONFIG_REED_SOLOMON_DEC8 is required for CONFIG_DM_VERITY_FEC. Enable this config. This fixes an arm64 kernel package build error.
2021-02-03 10:43:00 -08:00
d5e14bcd7a
fix td-agent installation
2021-02-02 18:28:45 -08:00
e97bc19712
Fixing changelog entries and license mapping. ( #586 )
2021-02-02 11:57:13 -08:00
cdf97d2244
Merge branch '1.0-dev' into jochi/add-libconfini
2021-02-01 14:57:22 -08:00
Andrew Phelps
Henry Li
nicolas guibourge
Pawel Winogrodzki
Thomas Crain
Christopher Co
Emre Girgin
Mateusz Malisz
Jon Slobodzian
Nicolas Ontiveros
Henry Beberman
rlmenge
Christopher Co
Jonathan Chiu
Henry Li