a351e45170
[AUTOPATCHER-CORE] Upgrade fluent-bit to 2.1.10 upgrade to latest ( #6647 )
2023-11-01 10:14:21 -07:00
7bb826d753
Patch CVE-2023-45322 in libxml2 ( #6628 )
2023-11-01 09:50:43 +05:30
15bf461433
Fix golang CVE-2023-29409, CVE-2023-39318, CVE-2023-39319, CVE-2023-39323, CVE-2023-39533 ( #6470 )
2023-10-31 14:50:57 -07:00
03e7744dd9
libdrm 2.4.115 PyYAML 5.2 ( #6618 )
...
Co-authored-by: xiaohongdeng <“worldsky86rough@gmail.com”>
2023-10-30 17:04:47 -07:00
742489e5dd
Patch CVE-2023-45853 for rust ( #6629 )
2023-10-30 17:10:48 -04:00
03b0dcbabd
Fix zlib CVE-2023-45853 in cloud-hypervisor ( #6577 ) ( #6620 )
...
(cherry picked from commit fc02ff64b5
2023-10-30 22:29:13 +05:30
0633a5fda6
Update libX11 to v1.8.7 to fix CVEs 2023-43785, 2023-43786 and 2023-43787 ( #6467 )
...
* Update libX11 to v1.8.7 to fix CVEs 2023-43785, 2023-43786 and 2023-43787
* Update xorg-x11-proto-devel to v2023.2
2023-10-30 09:44:36 -07:00
d8faf13af6
Prepare October 2023 Release 2 ( #6570 )
...
* Prepare October 2023 Release 2
* Undo the livepatch changes
---------
Co-authored-by: Jon Slobodzian <joslobo@microsoft.com>
2023-10-27 16:50:57 -04:00
32fded6ef4
selinux-policy: Silence io.containerd.internal.v1.opt denial noise. ( #6449 )
...
Signed-off-by: Chris PeBenito <Christopher.PeBenito@microsoft.com>
2023-10-27 16:06:24 -04:00
c1f7319e00
fix cronie crond file ( #6616 )
2023-10-27 11:58:25 -07:00
d91c237e39
[AUTOPATCHER-CORE] Upgrade python-urllib3 to 1.26.18 fix CVE-2023-45803 ( #6617 )
...
* Upgrade python-urllib3 to 1.26.18 fix CVE-2023-45803
* remove CVE patch already addressed by new version
2023-10-27 11:57:03 -07:00
4cacf51386
Fix zhash CVE-2023-46228 ( #6615 )
2023-10-27 11:43:34 -07:00
7b6a4db176
Update libtiff to v4.6.0 to fix CVE 2023-40745 and 2023-41175 ( #6567 )
2023-10-27 11:05:11 -07:00
20fa459fff
Patch CVE-2023-45853 for boost ( #6601 ) ( #6608 )
...
(cherry picked from commit ac581c84a5
2023-10-27 21:17:37 +05:30
26f49539c0
Patch CVE-2023-45853 for tcl ( #6600 ) ( #6612 )
...
(cherry picked from commit f106d90aed
2023-10-27 21:16:42 +05:30
b05435d5ba
Patch grub2 to fix CVE-2021-3695, CVE-2021-3696, CVE-2021-3697, CVE-2022-28733, CVE-2022-28734, CVE-2022-28735, CVE-2022-28736 ( #6469 )
...
Backport 30 patches to bring grub 2.06 up to SBAT level 2 and resolve vulnerabilities for CVE-2021-3695, CVE-2021-3696, CVE-2021-3697, CVE-2022-28733, CVE-2022-28734, CVE-2022-28735, and CVE-2022-28736.
2023-10-26 12:45:44 -07:00
5fd99705b1
Nopatch CVE-2023-5345 and CVE-2023-4622 for hyperv-daemons ( #6610 )
2023-10-26 10:19:52 -07:00
10ba6760c1
Fix zlib CVE-2023-45853 ( #6611 )
...
* add patch to address CVE-2023-45853
* update manifests
* fix invalid source url
* update cgmanifest
2023-10-26 10:09:53 -07:00
fda9428160
Bumping sudo to version 1.9.14p3 ( #6068 )
2023-10-26 00:54:19 -07:00
fb524d6f5b
kubernetes: upgrade to 1.28.3 to address CVE-2023-44487 and CVE-2023-39325 ( #6578 )
...
Co-authored-by: CBL-Mariner Servicing Account <cblmargh@microsoft.com>
2023-10-24 17:12:21 -07:00
a7ebe53518
Enable CONFIG_BINFMT_MISC in ARM64 ( #6582 )
2023-10-24 16:13:53 -07:00
c82de0d3e0
fix: Enable lzo, snappy, zstd support in crash ( #6380 )
...
* fix: Enable lzo, snappy, zstd support in crash
Issue discovered in crash where lzo compressed kdump files were not
readable by our crash utility. So add a patch to enable support for
common compression types (lzo, snappy, zstd)
* chore: remove unused patch
* add missing build requires for lzo and snappy
* add fedora attribution of lzo_snappy_zstd patch
* add missing zstd-devel buildrequires
While the current default chroot build environment contains zstd-devel,
it is much better to be explicit about our build dependencies in the
spec.
Signed-off-by: Chris Co <chrco@microsoft.com>
2023-10-24 01:09:29 -07:00
17363384ba
httpd: upgrade 2.4.56 -> 2.4.58 to address CVE-2023-45802, CVE-2023-43622 & CVE-2023-31122 ( #6559 )
...
Reference: https://downloads.apache.org/httpd/CHANGES_2.4.58
Signed-off-by: Muhammad Falak R Wani <falakreyaz@gmail.com>
2023-10-24 09:21:31 +05:30
89a59542e5
systemd: enable zstd support in journald
...
Also for mariner 2, force journald to not use zstd compression, to
retain backwards compatibility.
Fixes : #6424
2023-10-23 14:39:52 -04:00
ca3eb31294
Nopatch CVE-2023-23000, CVE-2023-23039, CVE-2023-26242, CVE-2023-32252, CVE-2023-32257, CVE-2023-32258, CVE-2023-33951, CVE-2023-33952, CVE-2023-37453, CVE-2023-42754, CVE-2023-42756, CVE-2023-45871, CVE-2023-4611, CVE-2023-5345 ( #6574 )
...
* Nopatch several kernel CVEs
* Add configs with CVEs to required config check
2023-10-23 10:59:58 -07:00
a149f6928a
Patch hdf5 to address CVE-2021-37501 ( #6503 )
2023-10-20 17:15:30 -07:00
aea8c7ff52
Nopatch CVE-2023-45898 CVE-2023-45862 CVE-2023-45863 CVE-2023-40791 ( #6571 )
2023-10-20 15:50:52 -07:00
49486fdba9
libnbd: patch CVE-2023-5215 ( #6493 )
2023-10-20 09:11:03 -07:00
39a07634d6
Add Perl-Net-IP package to extended specs ( #6560 )
2023-10-20 17:05:54 +05:30
48b741e7dd
nodejs18: Re-enable building debuginfo. We can just ignore the dirs conflict failure in the pipelines! :)
2023-10-19 13:35:25 -04:00
7ddb68b6b2
Bump grpc release to rebuild with updated version of Go.
2023-10-19 13:35:11 -04:00
d35a458eca
Bump release to rebuild with updated version of Go.
2023-10-19 13:33:59 -04:00
7724bdc675
patch vendored nghttp2 for cve-2023-44487
2023-10-19 12:37:48 -04:00
3525c79d46
Update gawk to v5.1.1 to fix CVE 2023-4156 ( #6451 )
2023-10-19 08:37:32 -07:00
85846e8550
libXpm: set CVE-2023-43788 as fixed through version update ( #6474 )
2023-10-19 08:35:02 -07:00
c8f0975787
Kata-CC: UVM - Enable encfs sidecar container ( #6365 )
...
* Kata-CC: UVM - Enable dm-crypt and dm-integrity for encfs sidecar functionality
* Kata-CC: UVM - Enable dm-crypt and dm-integrity for encfs sidecar functionality #2
* Kata-CC: UVM - Enable dm-crypt and dm-integrity for encfs sidecar functionality #3
2023-10-18 16:14:17 -07:00
f675a14845
disable debuginfo for nodejs18 :-(
2023-10-18 15:41:57 -04:00
b0d0b7bb7c
update nodejs18 to 18.18.2 for CVE-2023-44487
2023-10-18 15:41:57 -04:00
b857131ccf
Update vim to 9.0.2010 to fix CVE-2023-5535 ( #6463 )
2023-10-18 09:35:08 -07:00
ba51f1c7f0
update libXpm to v3.5.13 to fix CVE 2023-43789 ( #6458 )
2023-10-18 09:34:47 -07:00
5ff4059e62
Fix CVE-2023-0465 and CVE-2023-2650 ( #6441 )
2023-10-18 08:32:16 -07:00
112f1b22d5
Update skopeo to v1.13.3 to fix CVE-2023-33199 in rekor ( #6457 )
2023-10-17 21:43:58 -07:00
23219abfad
Nopatch CVE-2023-4244 and CVE-2023-5197 ( #6452 )
2023-10-17 11:39:41 -07:00
0576375e83
[AUTOPATCHER-kernel] Kernel upgrade to version 5.15.135.1 - branch main ( #6448 )
...
* Kernel upgrade to 5.15.135.1 version
---------
Co-authored-by: Rachel Menge <rachelmenge@microsoft.com>
2023-10-17 11:08:22 -07:00
47db34ffe5
kernel-hci: Add CVE-2023-1859 CVE-2023-2002 CVE-2022-48425 CVE-2023-3111 CVE-2023-22995 CVE-2023-3141 ( #5766 )
2023-10-17 11:04:56 -04:00
332cc4450b
Fix CVE-2023-3817 in edk2 package ( #6423 )
...
* Fix CVE-2023-3817 in bundled openSSL in edk2 package
2023-10-17 19:56:14 +05:30
335e0d3a42
Nopatch kernel cves CVE-2023-39189, CVE-2023-39192, CVE-2023-39193, CVE-2023-39194, CVE-2023-42753, CVE-2023-42755
2023-10-16 15:40:01 -07:00
5cd792796d
Upgraded `keyutils` to version 1.6.3 to fix DNS a refreshing issue (CP of #6432 ) ( #6435 )
...
Co-authored-by: Trung <tvuong@microsoft.com>
2023-10-16 11:54:57 -07:00
f83501c79b
Upgrade tensorflow to 2.11.1 to address CVEs (CP of #6418 ) ( #6434 )
...
Co-authored-by: Mitch Zhu <mitchzhu@microsoft.com>
2023-10-13 19:35:01 -07:00
f5ee78427a
SPECS/cni-plugins: update to v1.3.0 and set version while building ( #6396 )
...
Refs #6339
Also move declarations around to satisfy linter.
Signed-off-by: Mateusz Gozdek <mgozdek@microsoft.com>
2023-10-13 17:51:55 -07:00
4eac5eea76
Patched CVE-2023-5441 for vim (CP of #6411 ) ( #6421 )
...
Co-authored-by: Mykhailo Bykhovtsev <108374904+mbykhovtsev-ms@users.noreply.github.com>
2023-10-13 13:43:43 -07:00
8eae1bb92e
Add rust-cbindgen v0.24.3 ( #6274 )
...
Co-authored-by: Muhammad Falak R Wani <falakreyaz@gmail.com>
2023-10-13 15:18:27 +05:30
c23d3ce9d2
Patch urllib3 CVE-2023-43804 ( #6416 )
...
* Patch CVE-2023-43804 in urllib3
2023-10-12 22:09:04 -07:00
2329726b7f
upgrade cloud-init to 23.3 ( #6407 )
...
* upgrade cloud-init to 23.3
* fix typo
---------
Co-authored-by: minghe <rmhsawyer>
2023-10-12 15:17:29 -07:00
01547eeed5
Fixed CVE-2023-44487 in `nginx` and `golang` (CP of #6381 ) ( #6395 )
...
* Fixed CVE-2023-44487 in `nginx` and `golang` (#6381 )
Co-authored-by: Dan Streetman <ddstreet@ieee.org>
Co-authored-by: Pawel Winogrodzki <pawelwi@microsoft.com>
* Bumping 'kubernetes'.
---------
Co-authored-by: Dan Streetman <ddstreet@microsoft.com>
Co-authored-by: Dan Streetman <ddstreet@ieee.org>
2023-10-12 14:22:26 -07:00
ffa4cde012
Patched `python` CVE-2023-24329 (CP of #6412 ) ( #6415 )
...
Co-authored-by: amritakohli <56371098+amritakohli@users.noreply.github.com>
2023-10-12 14:16:07 -07:00
03448f6e80
Patched CVE-2023-38545, CVE-2023-38546 for `cmake` and `curl`. ( #6401 ) ( #6410 )
...
Co-authored-by: Mykhailo Bykhovtsev <108374904+mbykhovtsev-ms@users.noreply.github.com>
2023-10-12 14:01:27 -07:00
47ed0529c5
Add /opt/containerd/{bin,lib} to RPMs and cherry-pick fix for systemd-hostnamed default-hostname in SELinux. ( #6311 )
...
* filesystem: Restore /opt.
/opt is part of FHS. This fixes an issue on SELinux systems where
containerd will create /opt but we'd prefer not to allow this in
the policy.
Signed-off-by: Chris PeBenito <Christopher.PeBenito@microsoft.com>
* selinux-policy: systemd-hostnamed fix.
Cherry pick systemd-hostnamed fix for handling /run/systemd/default-hostname.
Signed-off-by: Chris PeBenito <Christopher.PeBenito@microsoft.com>
* containerd: Precreate /opt/containerd/{bin,lib}.
These are created by io.containerd.internal.v1.opt but it results in the
dirs having incorrect SELinux lables. Creating them in the package will
ensure correct labeling.
Signed-off-by: Chris PeBenito <Christopher.PeBenito@microsoft.com>
---------
Signed-off-by: Chris PeBenito <Christopher.PeBenito@microsoft.com>
2023-10-12 10:31:13 -04:00
21dae1ff6d
update nghttp2 to version 1.57.0 to include patches for cve-2023-44487
2023-10-12 09:55:56 -04:00
e2d3d55ce1
fix: make /media a directory ( #6378 )
...
Currently, /media is a symlink to /run/media, however /run is a tmpfs so
the symlink does not persist across reboots.
Generally the symlink is not useful and having it present is fragile. So
instead change /media to a proper directory in accordance with the Linux
Filesystem Hierarchy standard.
Signed-off-by: Chris Co <chrco@microsoft.com>
2023-10-11 19:30:01 -07:00
e3780e742a
Revert "Fixing `debugedit` ptests ( #6315 )" ( #6402 )
...
This reverts commit b948703107
2023-10-11 12:25:46 -07:00
7a157f46df
Update rust.spec to use ./x.py instead of x.py ( #6394 )
2023-10-11 10:34:20 -07:00
8cb5a4359b
Libcgroup create drop file folder ( #6099 )
...
* Create CGCONFIG_CONF_DIR for libcgroup-tools
Create the directory CGCONFIG_CONF_DIR on install of the RPM so users
are aware that the cgconfig servicessupports the drop files (.d) pattern.
* Do version bump
2023-10-10 21:59:58 -07:00
1a606dde49
Patched `vim` for CVE-2023-5344 ( #6372 ) ( #6377 )
...
Co-authored-by: Mitch Zhu <mitchzhu@microsoft.com>
2023-10-09 20:50:26 -07:00
e81ed2e99d
Patch irqbalance to fix incorrect balancing behavior ( #6359 )
2023-10-09 14:40:08 -07:00
e8d4e7a06e
Bump kubernetes release to rebuild against glibc 2.35-6 ( #6364 )
2023-10-06 17:18:22 -07:00
044098bc0b
add patches for Glibc CVE-2023-4806 and CVE-2023-5156 ( #6341 )
...
* add patches for CVE
* bump dependency package release number
---------
Co-authored-by: minghe <rmhsawyer>
2023-10-06 14:55:34 -07:00
8608b3da98
[AUTOPATCHER-kernel] Kernel CVE - branch main - CVE-2023-44466 CVE-2020-27815 CVE-2014-9940 ( #6271 )
...
* CVE-2023-2163
* CVE-2023-44466 CVE-2020-27815 CVE-2014-9940
* clean up whitespace
---------
Co-authored-by: Cameron E Baird <cameronbaird@microsoft.com>
2023-10-06 10:47:13 -07:00
ca2e4fc92a
[AUTOPATCHER-CORE] Patched python-gevent to address CVE-2023-41419 ( #6346 )
...
* Patch python-gevent to address CVE-2023-41419
* Fix patch
* Add python3-pip as BuildRequires for tests
* Add python3-greenlet as BuildRequires for tests
---------
Co-authored-by: Mandeep Plaha <mandeepplaha@microsoft.com>
2023-10-06 08:58:05 -07:00
ac5096e1f1
re-add kubernetes in CBL-Mariner ( #6345 )
...
* add back kubernetes in core spec
* test work
* test work
* test work
* test work
* test work
* test work
* test work
* add k8s in CBL-Mariner
* upgrade etcd and coredns to match k8s 1.28.2 requested versions
* fix PR checks
* fix PR checks
* fix PR checks
* fix PR checks
* fix PR checks
* fix PR checks
* fix strict checking of license and attribution
* fix strict checking of license and attribution
---------
Co-authored-by: CBL-Mariner Servicing Account <cblmargh@microsoft.com>
2023-10-05 15:27:43 -07:00
1da13449b1
Fix kernel CVE detection issue due to bad date order in changelog ( #6340 )
...
* Fix kernel CVE detection issue due to bad date order in changelog
* No need to dash-roll for a changelog-only fix
---------
Co-authored-by: CBL-Mariner Servicing Account <cblmargh@microsoft.com>
Co-authored-by: Cameron Baird <cameronbaird@microsoft.com>
2023-10-05 14:36:08 -07:00
b948703107
Fixing `debugedit` ptests ( #6315 )
2023-10-05 10:56:05 -07:00
78f623cb56
Removed `exit` from specs' `%check` sections. ( #6289 )
2023-10-04 16:43:39 -07:00
d75967c714
Add patch for Bluez CVE-2022-3563 ( #6335 )
...
* add patch for CVE-2022-3563
* add patch
* update typo
---------
Co-authored-by: minghe <rmhsawyer>
2023-10-03 20:28:15 -07:00
6d613801b9
Add hping3 v0.0.20051105 ( #6162 )
...
Co-authored-by: Ameet Porwal <ameetporwal@microsoft.com>
2023-10-04 08:01:46 +05:30
115ecc713d
Mandeepsplaha/patch cves against gdb ( #6338 )
...
* Patch CVE-2023-4911 in glibc
* Update all specs that build require glibc-static
2023-10-03 16:38:04 -07:00
59a542e04d
Added explicit BR on `libxslt-devel` to `xmlsec1.spec`. ( #6331 )
2023-10-02 12:48:59 -07:00
af6ece3823
Upstream kata cc package updates ( #6297 )
...
* Initial katadev/main upstream draft
* Cherry-pick Daniel's CVE fix
* Remove alpha logs
2023-10-02 10:14:54 -07:00
d453a881bc
kernel: nopatch CVE-2023-4921 ( #6322 )
2023-10-02 09:01:56 -07:00
d8deceb6e8
nopatch kernel CVE-2023-2163 ( #6324 )
2023-10-02 08:58:46 -07:00
fca71a0288
[AUTOPATCHER-kernel] Kernel upgrade to version 5.15.133.1 - branch main ( #6286 )
...
* Remove NET_CLS_RSVP and CONFIG_NET_CLS_RSVP6 that don't apply to the new version
Co-authored-by: Neha Agarwal <nehaagarwal@microsoft.com>
2023-09-29 11:25:31 -07:00
307f520d1a
Update sriov to v3.5.1 ( #6312 )
...
* Update sriov to v3.5.1
* Update sriov-network-device-plugin.signatures.json
* Update sriov-network-device-plugin.spec
* Update cgmanifest.json
* Spec linitng
2023-09-28 22:52:19 -07:00
d2ba4f043a
[AUTOPATCHER-CORE] Upgrade cri-tools to 1.28.0 to fix vendored vulns CVE-2021-38561, CVE-2021-44716 CVE-2022-32149, CVE-2022-27664, CVE-2022-29526, CVE-2022-28948 ( #6300 )
2023-09-28 16:21:27 -07:00
45d111d407
Upgrade rust to 1.72.0 to resolve CVE-2023-38497, CVE-2023-40030 ( #6198 )
...
* Upgrade rust to 1.72.0 to resolve CVE-2023-38497, CVE-2023-40030
Rework the rust.spec to use .tar.xz source tarballs instead of .tar.gz
source tarballs. This removes the need to modify the bootstrap script
in the rust sources.
* Bump packges to use new rust
* flux: introduce patch to drop warnings are build blocker
Signed-off-by: Muhammad Falak R Wani <falakreyaz@gmail.com>
* kata-containers: drop mut for variables to unblock build
Signed-off-by: Muhammad Falak R Wani <falakreyaz@gmail.com>
* kata-containers-cc: enable gated feature & drop mut from immutable vars
Signed-off-by: Muhammad Falak R Wani <falakreyaz@gmail.com>
* clamav: regenerate cargo cache
Signed-off-by: Muhammad Falak R Wani <falakreyaz@gmail.com>
---------
Signed-off-by: Muhammad Falak R Wani <falakreyaz@gmail.com>
Co-authored-by: Muhammad Falak R Wani <falakreyaz@gmail.com>
2023-09-28 11:06:01 -07:00
d7f79b6fed
[AUTOPATCHER-CORE] Upgrade bind to 9.16.44 Fix CVE-2023-3341 ( #6296 )
...
* Upgrade bind to 9.16.44 Fix CVE-2023-3341
* Remove patch for old CVE
---------
Co-authored-by: Rakshaa Viswanathan <rviswanathan@microsoft.com>
2023-09-28 23:18:23 +05:30
3a3d4b24c2
Prepare October 2023 Release ( #6301 )
2023-09-28 13:28:50 -04:00
5d3fbb49a5
Cloud init datasource bug ( #6279 )
...
* add patch for cloud-init overrideDatasourceDetection
* remove 23.2
* add upstream background content in patch
---------
Co-authored-by: minghe <rmhsawyer>
2023-09-26 15:32:54 -07:00
9847e2e1b8
openmpi: Bump version to rebuild with pmix for CVE-2023-41915 ( #6285 )
2023-09-26 10:52:26 +05:30
f7721321ac
feat: Enable grub2-mkconfig generation of grub config ( #5989 )
...
* Implement grub2-mkconfig generation
* Introduce grub2-rpm-macros
* Remove mkconfig systemd behavior, move it to grub template. Make grub2-rpm-macros a subpackage under grub2
* Pack AzureLinux-specific grub configuration directory in its own subpackage
* Enable mkconfig flow for kernel-hci
* +kernel-hci-signed
* stop packaging macros in configuration rpm
Signed-Off-By: Cameron Baird <cameronbaird@microsoft.com>
2023-09-25 12:56:58 -07:00
b8d0cb188c
Upgrade curl to 8.3.0 CVE-2023-38039 ( #6261 )
2023-09-25 11:19:41 -07:00
cb5b8d9250
util-linux: add su-l file for PAM ( #6254 )
...
* add su-l file to util-linux
* update manifests
* bump to release 8 after merging with main
* linting
2023-09-25 11:14:41 -07:00
6a8f378cad
Update KeysInUse-OpenSSL package to 0.3.4 ( #5968 )
...
Co-authored-by: Olivia Crain <oliviacrain@microsoft.com>
2023-09-22 10:07:32 -07:00
aa5a23f030
Add gdal package to specs-extended ( #6230 )
...
* Adds package gdal
* Adds license info
* Update cgmanifest
* Update license map
* Refactor spec file
2023-09-22 14:19:58 +05:30
7a79706489
Upgrade libwebp to 1.3.2 to address CVE-2023-4863 ( #6265 )
2023-09-21 17:02:48 -07:00
627e4a414c
Nopatch kernel for CVE-2023-0160, CVE-2023-4273, CVE-2023-4394 and CVE-2023-4569 ( #6263 )
2023-09-21 14:16:16 -07:00
eb08b37916
Bump package version to recompile binaries with fixed gcc stack prote… ( #6253 )
...
* Bump package version to recompile binaries with fixed gcc stack protection (CVE-2023-4039)
* Bump debuginfo versions in toolchain manifests
* Bump kernel headers to match kernel
* Update SPECS/gettext/gettext.spec
Taking suggestion
Co-authored-by: Muhammad Falak R Wani <falakreyaz@gmail.com>
* Update for code review comments
* Fix for code review comment in qt5-qtdeclarative changelog
* Fix dash version for signed spec files
---------
Co-authored-by: Muhammad Falak R Wani <falakreyaz@gmail.com>
2023-09-21 17:10:15 -04:00
81ada2f4b4
Upgrade pmix to 4.1.3 to address CVE-2023-41915 ( #6256 )
...
* pmix: Bump package version to 4.1.3 to address CVE-2023-41915
Reference: https://github.com/openpmix/openpmix/releases/tag/v4.1.3
* pmix: update cgmanifest entry
2023-09-21 14:00:04 +05:30
79e99aa83a
Address CVE-2023-29383 in shadow-utils ( #6239 )
...
The CVE was fixed incorrectly in the first attempt by the shadow maintainers.
For the patch to work correctly, it requires the bad patch followed by the correct one.
For Mariner, both the patches are part of the same patch file.
2023-09-21 09:22:24 +05:30
8cc44ffe1e
Prepare September 2023 Update 2 ( #6241 )
2023-09-20 10:06:10 -04:00
d76627b897
Add netcdf package to specs-extended ( #6155 )
...
* Add package netcdf
* Add license info
* Update cgmanifest
* Update license map
* Refactor spec
2023-09-20 18:24:53 +05:30
b958e9287d
Use the PIC'ed version of libiberty.a static object ( #6100 )
...
* Use the PIC'ed version of libiberty.a static object
* Bumping binutils version in tool chain resource files
2023-09-19 20:07:44 -07:00
b0f5460c71
Add hdf package to specs-extended ( #6154 )
...
* Add package hdf
* Add license info
* Update cgmanifest
* Cleanup changes
* Remove unneeded patch
* Update License map
2023-09-18 18:43:16 +05:30
6630da3cf5
Add gpsbabel package to specs-extended ( #6151 )
...
* Adds package gpsbabel
* Adds license info
* Update cgmanifest
* Update patch tag
* Change setup to autosetup
* Update license map
---------
Co-authored-by: Muhammad Falak R Wani <falakreyaz@gmail.com>
2023-09-18 16:00:17 +05:30
5ff69889b5
Adds libkml package to specs-extended ( #6157 )
...
* Adds package libkml
* Adds license info
* Update cgmanifest
* Update license map
2023-09-18 14:24:28 +05:30
9177f76ef4
Patch libssh2 to address CVE-2020-22218 ( #6214 )
...
* Patch libssh2 to address CVE-2020-22218
* libssh2: Updating toolchain manifests
2023-09-18 14:11:43 +05:30
7534c4b5df
libguestfs: remove toolchain package requirements to fix build break ( #6225 )
...
* remove binutils BR from libguestfs
* remove tdnf install binutils
* remove all toolchain package installs
* remove procps BR
* enable toolchain-repo
* fix changelog
2023-09-17 22:41:30 -07:00
1f2b396d39
gcc: add patch for CVE-2023-4039 ( #6213 )
...
* patch gcc for CVE-2023-4039
* Add CVE-2023-4039.patch
* fix callee_offset issue in patch
* fix callee_offset issue in aarch64_expand_epilogue()
2023-09-16 17:37:14 -07:00
50afb7015d
Nopatch kernel to fix CVE-2023-4208, CVE-2023-4622 ( #6220 )
...
Co-authored-by: Betty Lakes <bettylakes@microsoft.com>
2023-09-15 14:13:43 -07:00
dcc0c34997
Removed 'exit 1' from 'supermin'. ( #6217 )
2023-09-15 09:22:51 -07:00
2f1656ca99
upgrade vim to resolve CVEs ( #6210 )
...
Co-authored-by: lihl <lihl@microsoft.com>
2023-09-13 10:20:13 -07:00
ba1ffa4070
Upgrade redis to 6.2.13 fix CVE-2022-24834 ( #6203 )
2023-09-13 16:10:05 +05:30
764666dd25
Patch CVE-2023-41910 in lldpd package ( #6205 )
2023-09-13 16:09:07 +05:30
5d25ec2d4c
Nopatch kernel to fix CVE-2023-4207 CVE-2023-4015 CVE-2023-4206 ( #6206 )
2023-09-12 12:02:41 -07:00
e94787c454
[AUTOPATCHER-kernel] Kernel upgrade to version 5.15.131.1 - branch main ( #6196 )
...
* Kernel upgrade to 5.15.131.1 version
* Update configs
* Update mariner-required-configs
---------
Co-authored-by: Rachel Menge <rachelmenge@microsoft.com>
2023-09-11 10:47:11 -07:00
f2229b253d
Add freexl package to specs-extended ( #6149 )
...
* Adds freexl to specs-extended
* Update cgmainfest entry
* Add license entry
* cleanup spec file
* Update license map
2023-09-11 14:13:44 +05:30
a85c2b7a83
Fix `librelp` tests by adding `glibc-debuginfo` ( #6181 )
...
* fixxed librelp
* fixing tabs
* fixing linter
2023-09-08 10:22:22 -07:00
e1230ee0b5
Bump the bind version to 9.16.37 to fix CVE-2022-3924, CVE-2022-3094, CVE-2022-3736 ( #6195 )
...
Bump the bind version to 9.16.37 to fix CVE-2022-3924, CVE-2022-3094, CVE-2022-3736 (#6195 )
---------
Co-authored-by: Betty Lakes <bettylakes@microsoft.com>
2023-09-08 09:48:02 -07:00
f78a6f5eb2
Adds libgeotiff package to specs-extended ( #6150 )
...
* Adds package libgeotiff
* Adds license info for libgeotiff
* Update cgmanifest entry
* Update license map
Co-authored-by: Muhammad Falak R Wani <falakreyaz@gmail.com>
---------
Co-authored-by: Muhammad Falak R Wani <falakreyaz@gmail.com>
2023-09-08 17:20:46 +05:30
380a01c3b5
nodejs: CVE-2023-35945 ( #6180 )
...
* add nghttp2 patch to nodejs and nodejs18
* fix versions
* try fixing up patches
* remove test files from patches
2023-09-07 22:31:48 -07:00
29ef7cdbe9
patch tcl for CVE-2023-36328 ( #6194 )
...
* patch tcl for CVE-2023-36328
* increment version; add changelog entry
* use https; use autosetup
2023-09-07 21:07:39 -07:00
5ac625b618
Address nodejs CVEs 32002 32006 32559 ( #6186 )
...
* bump to 16.20.2 and 18.17.1 to address CVE-2023-32002 CVE-2023-32006 CVE-2023-32559
* update signatures
* update patch for 18.17.1
* update cgmanifest.json
* Update SPECS/nodejs/nodejs18.spec
Co-authored-by: Muhammad Falak R Wani <falakreyaz@gmail.com>
---------
Co-authored-by: Muhammad Falak R Wani <falakreyaz@gmail.com>
2023-09-07 20:53:55 -07:00
502a10d2f7
cmake patch for CVE-2023-35495 ( #6182 )
...
* add cmake patch for CVE-2023-35495
* add new cmake version
2023-09-07 20:48:10 -07:00
fef9f5eb0a
bump frr to 8.5.3 for CVE-2023-41358 CVE-2023-41359 CVE-2023-41360 ( #6189 )
...
* bump frr to 8.5.3 for CVE-2023-41358 CVE-2023-41359 CVE-2023-41360
* update signature
* remove patch for CVE-2023-3149, it is included in 8.5.3
2023-09-07 20:39:03 -07:00
09059a4737
fix vim CVEs: CVE-2023-4734 CVE-2023-4735 CVE-2023-4736 ( #6191 )
2023-09-07 20:38:11 -07:00
2cc3ce4829
Fixing python-more-itertools tests ( #6171 )
2023-09-07 13:36:45 -07:00
a3dc2834a0
Upgrade opensc to 0.23.0 to fix CVE-2021-34193 ( #6134 )
2023-09-05 10:59:55 -07:00
956b309076
Upgrade blobfuse2 2.0.5 -> 2.1.0 ( #6144 )
...
This (v2.1.0) release of blobfuse2 introduces support for ARM64
Co-authored-by: Muhammad Falak R Wani <falakreyaz@gmail.com>
2023-09-05 08:57:06 +05:30
8d373241ad
Prepare September 2023 Update ( #6160 )
2023-09-04 15:21:21 -07:00
4244a7d1f1
Nopatch kernel for CVE-2023-4389, CVE-2023-32247 ( #6131 )
2023-09-01 10:15:39 -07:00
7288c7d438
Add package shapelib to SPECS-EXTENDED ( #6064 )
...
* Adds package shapelib
* Adds license info
* Update cgmanifest
* Cleanup changes
2023-09-01 00:48:38 +05:30
6acc7fa856
Add package qt5-qtserialport to SPECS-EXTENDED ( #6065 )
...
* Adds package qt5-qtserialport
* Adds license info-qtserialport
* Update cgmanifest-qtserialport
* Switch to autosetup and make_install
2023-09-01 00:17:12 +05:30
a6bb77e691
Add package uriparser to SPECS-EXTENDED ( #6067 )
...
* Adds package uriparser
* Adds license info
* Update cgmanifest
2023-08-31 23:26:34 +05:30
a8275430dc
Add package blosc to SPECS-EXTENDED ( #6066 )
...
* Adds package blosc
* Adds license info
* Update cgmanifest
* Remove comments
2023-08-31 23:09:33 +05:30
a7349bfc89
Add package liblerc to SPECS-EXTENDED ( #6063 )
...
* Adds package liblerc
* Adds license info
* Update cgmanifest
* Adds test execution command
* remove patch related to win32
* Lint spec file
2023-08-31 21:57:15 +05:30
56b5f6cb27
Add libgta package to SPECS-EXTENDED ( #6062 )
...
* Adds package libgta
* Adds license info
* Update cgmanifest
* Move global vars to top
2023-08-31 18:27:15 +05:30
1151dd44f8
Patch CVE-2022-47022 in hwloc ( #6109 )
2023-08-30 21:51:17 -07:00
5522b56551
CVE-2022-0850 ( #6073 )
2023-08-30 14:52:55 -07:00
41e5023e43
Upgrade nvidia-container-toolkit, nvidia-container-runtime and libnvidia-container ( #5898 )
...
* upgrade nvidia packages
* update signature of source tar
* save changes
* add patch to build nvidia-container-toolkit v1.13.3 with golang 1.19
* upgrade nvidia-container-toolkit and libnvidia to 1.13.5
* Update SPECS/libnvidia-container/libnvidia-container.spec
Co-authored-by: Henry Beberman <henry.beberman@microsoft.com>
* Update SPECS/nvidia-container-toolkit/nvidia-container-toolkit.spec
Co-authored-by: Henry Beberman <henry.beberman@microsoft.com>
* resolve coments
* remove patch and update vendor source tar
* Enforce golang to be equal to or greater than v1.20.7
---------
Co-authored-by: Henry Li <lihl@microsoft.com>
Co-authored-by: Henry Beberman <henry.beberman@microsoft.com>
2023-08-30 14:21:32 -07:00
271a0a4f43
Add ogdi package to SPECS-EXTENDED ( #6061 )
...
* Adds package ogdi
* Adds license info
* Update cgmanifest
* Update Source1 URL
2023-08-30 18:00:52 +05:30
5d31d3aba0
qt5-qtsvg: rebuild with qt5-qtbase fix for CVE-2023-37369 ( #6089 )
...
* bump qt5-qtsvg release
* lint spec
* modify linting
2023-08-29 15:40:55 -07:00
41accd1436
make cloud-init-output.log available to serial console ( #6051 )
...
Co-authored-by: minghe <rmhsawyer>
2023-08-29 13:54:56 -07:00
0ab6131aa6
Nopatch CVE-2023-2007 for kernel ( #6095 )
2023-08-29 12:49:20 -07:00
b06683f273
Nopatch CVE-2023-3439 as mctp is not enabled in CBL-Mariner ( #6072 )
2023-08-29 11:02:42 -07:00
f0ef831100
BugFix: httpd.conf log location incorrect ( #6004 )
...
* BugFix: httpd.conf log location incorrect
The default config.layout being used with Mariner is Apache, which
points to non existent log directory. As a result the default httpd
config provided with Mariner has an error in it, preventing httpd
serivce from starting
* Adding RuntimeDirectory to ensure httpd dir exists for pid file
2023-08-29 10:36:26 -07:00
e476484dc6
Fix CVE-2021-32292 in json-c ( #6083 )
2023-08-29 09:42:16 -07:00
4670aafbf8
Fix CVE-2023-38710, CVE-2023-38711, CVE-2023-38712 in libreswan ( #6085 )
2023-08-29 09:40:45 -07:00
ea37acfa62
Bump telegraf release to rebuild with go 1.20.7 ( #6079 )
...
* Bump telegraf release to rebuild with go 1.20.7
* telegraf: actually bump release
Signed-off-by: Muhammad Falak R Wani <falakreyaz@gmail.com>
---------
Signed-off-by: Muhammad Falak R Wani <falakreyaz@gmail.com>
Co-authored-by: Muhammad Falak R Wani <falakreyaz@gmail.com>
2023-08-29 09:23:25 -07:00
bb0a3a807a
fix: CVE-2022-48579 in clamav ( #6002 )
...
* fix: CVE-2022-48579 in clamav
* convert std::wstring to wchar*
* update changelog
2023-08-29 08:38:36 -07:00
0558adfb10
Add cfitsio package to SPECS-EXTENDED ( #6060 )
...
* Adds package cfitsio
* Add license info
* Update cgmanifest
* Update spec
2023-08-29 13:14:19 +05:30
0cceaaf45c
heimdal: address CVE-2022-42898 ( #6046 )
...
Signed-off-by: Muhammad Falak R Wani <falakreyaz@gmail.com>
2023-08-29 08:56:57 +05:30
f754814e7e
CVE-2022-36648: QEMU fix ( #6081 )
...
* add qemu CVE patch: CVE-2022-36648
* fix day of week that doesn't match date in changelog
* fix patch file
2023-08-28 14:10:12 -07:00
ad867f0a33
Nopatch kernel for CVE-2023-4459 ( #6071 )
2023-08-25 18:46:07 -07:00
761535f806
Adds package CharLS to SPECS-EXTENDED ( #6022 )
...
* Adds package CharLS
* Adds license info
* Update cgmanifest
* Update source URL
2023-08-25 15:50:54 +05:30
f571b3fabd
Patch etcd and bump fuzzing for CVE-2023-32082 ( #6041 )
...
* Address CVE-2023-32082 with patches
* Update fuzzing to default to 2
2023-08-24 11:13:30 -07:00
539005f105
[AUTOPATCHER-kernel] Kernel CVE - branch main - CVE-2023-4385 CVE-2023-4387 CVE-2023-40283 ( #6033 )
...
* CVE-2023-40283
* CVE-2023-4385 CVE-2023-4387
2023-08-24 11:09:56 -07:00
72f1d3085a
Patch guava for CVE-2020-8908 ( #6036 )
2023-08-23 14:51:05 -07:00
97d4a92b18
Upgrade php to 8.1.22 to fix CVE-2023-3824 ( #6032 )
2023-08-23 10:28:16 -07:00
06eb74e8ad
Patch rust for CVE-2023-3817 ( #6031 )
...
* Patch rust for CVE-2023-3817
* Only bump release as CBL-Mariner's rust does not use vendored version
2023-08-23 10:25:30 -07:00
5d77fdbfb4
Xfsprogs update1 ( #5963 )
...
* Update xfsprogs to version 5.15
Updating xfsprogs to version 5.15 to match kernel version. In addition
adding a new package called inih, which is a new C library that xfsprogs
requires
* Updating Fedora license import
* Updating source0
* Updating license-map
* Update SPECS/xfsprogs/xfsprogs.spec
Co-authored-by: Daniel McIlvaney <damcilva@microsoft.com>
---------
Co-authored-by: Daniel McIlvaney <damcilva@microsoft.com>
2023-08-22 20:09:10 -07:00
55e9faacd9
nginx: add otel_ngx_module subpackage ( #6012 )
...
Add OpenTelemetry distributed tracing support to nginx.
Signed-off-by: Muhammad Falak R Wani <falakreyaz@gmail.com>
2023-08-23 07:05:05 +05:30
674bd48228
Fixed `ipset` systemd unit file pointing to a non-existent service file. ( #5699 )
2023-08-22 14:56:54 -07:00
f130c41d12
Nopatch kernel for CVE-2023-1206, CVE-2023-2860, CVE-2023-3567, CVE-2… ( #6030 )
...
* Nopatch kernel for CVE-2023-1206, CVE-2023-2860, CVE-2023-3567, CVE-2023-3812, CVE-2023-4004, CVE-2023-4128, CVE-2023-4132, CVE-2023-4194 and CVE-2023-32248
* Fix nopatches that have multiple commit fixes
2023-08-22 11:37:25 -07:00
a856f48934
Add patch to openssl for CVE-2023-3817 ( #6027 )
2023-08-22 10:57:08 -07:00
884cb8cbda
[AUTOPATCHER-CORE] Patched krb5 to address CVE-2023-36054 ( #6005 )
...
* Patch krb5 to address CVE-2023-36054
* use autosetup
* update package manifests
* update changelog name and date
---------
Co-authored-by: Tobias Brick <tobiasb@microsoft.com>
2023-08-22 07:50:32 -07:00
6bc8a02d0c
Prepare August 2023 Release 3 ( #6028 )
2023-08-21 19:26:16 -05:00
76da9ef949
Apply patch CVE-2023-2650 in OpenSSL ( #6024 )
2023-08-21 15:10:53 -07:00
582793b72c
Upgrade rubygem-protocol-http1 to v0.15.1 ( #6025 )
...
- Upgrade rubygem-protocol-http1 to v0.15.1 to fix CVE-2023-38697
2023-08-21 12:13:26 -07:00
d82493a5f9
golang: bump golang 1.19.12 -> 1.20.7 ( #6001 )
...
Bump following packages:
- golang: 1.19.12 -> 1.20.7
- moby-cli: 20.10.24 -> 20.10.25
- moby-engine: 20.10.24 -> 20.10.25
- moby-containerd:1.6.18 -> 1.6.22
- moby-runc: 1.1.5 -> 1.1.9
This PR fixes docker `http: invalid Host header` error and
bootstraps the go1.20 compiler with go1.19.12 instead of go1.4
Reference: https://go.dev/doc/go1.20#bootstrap
Signed-off-by: Muhammad Falak R Wani <falakreyaz@gmail.com>
2023-08-21 22:31:35 +05:30
43b9eee090
Fix CVE-2023-40225 by upgrading haproxy ( #6021 )
...
* Fix CVE-2023-40225 in haproxy by upgrading to 2.4.21
* Update cgmanifest.json
2023-08-21 21:02:46 +05:30
38634d1817
Added package `python-pyrpm` with the `pyrpm` module ( #5994 )
...
Co-authored-by: Pawel Winogrodzki <pawelwi@microsoft.com>
2023-08-18 13:32:39 -07:00
b75df1137c
Fix CVE-2023-0286 by removing openssl from reaper source package ( #6011 )
2023-08-18 10:31:56 +05:30
15156c682e
Fix CVE-2023-39533: update msft-golang to use 1.19.12 which contains fix ( #6008 )
...
* update msft-golang to 1.19.12
* fix date
* update cgmanifest.json
* update signature
* linter
* address CR comment regarding macros (ignore linter)
* fix typo
2023-08-17 09:48:51 -07:00
ac19946a3f
Patch CVE-2023-3896 ( #5998 )
2023-08-17 09:57:50 +05:30
b2989bc023
Update ruby default uri to 0.12.2 and bundled uri to 0.10.3 and fix CVE-2023-36617 ( #5992 )
...
* Patch ruby-uri version and fix CVE-2023-36617
* add patch comment
* take complete patch that actually fixes CVE
* Update default uri to 0.12.2, patch bundled uri and fix CVE-2023-36617
* Add comment to patch
* Also bump bundled uri version
2023-08-16 14:35:23 -07:00
01acfe4f5a
Nopatch kernel to fix CVE-2023-4147 ( #6006 )
2023-08-16 14:04:17 -07:00
d39240a8c4
Kernel upgrade to 5.15.126.1 version ( #5991 )
2023-08-16 13:26:30 -07:00
e2ad74a2ca
Upgrade golang to 1.19.12 to address CVE-2023-29409 ( #5946 )
...
* golang: introduce patch to permit requests with invalid host headers
Reference: https://go-review.googlesource.com/c/go/+/518855
Signed-off-by: Muhammad Falak R Wani <falakreyaz@gmail.com>
2023-08-16 10:15:25 +05:30
dd9aac82d0
Fix CVE-2023-36617 by patching plexus-archiver ( #5996 )
2023-08-15 09:43:47 -07:00
5214fd9736
add patch for cloud-init TestGetInterfaces mock test failure ( #5987 )
...
* modify cloud.cfg
* add patch for unit test fail
2023-08-14 16:05:24 -07:00
a2f20dcbad
xorg-x11-server: Add patch for CVE-2023-1594 ( #5990 )
2023-08-14 10:22:05 -07:00
74e299b0b8
Add package proj version 9.2.1 ( #5974 )
...
* proj: Add cgmanifest entry
* proj: update license map entry
* proj: Verifying the license
* Proj: Addressing review comments
* proj: Including all files under {_datadir}/%{name}
2023-08-14 12:04:22 +05:30
0db6f968b5
Add new package xerces-c v3.2.4 ( #5976 )
2023-08-14 10:40:59 +05:30
a1596d1f4b
nginx: configure with `--with-stream_ssl_module` to enable support for stream proxy server with SSL/TLS ( #5975 )
...
Signed-off-by: Muhammad Falak R Wani <falakreyaz@gmail.com>
2023-08-14 09:28:27 +05:30
f3158c7a91
Prepare August 2023 Release 2 ( #5983 )
2023-08-10 17:26:29 -07:00
8b6982a318
Build nbd module ( #5972 )
...
Enable the nbd module for AMD by setting CONFIG_BLK_DEV_NBD=m.
This module is already available for ARM64.
2023-08-10 14:48:49 -07:00
a55536705f
Prepare August 2023 Update 2 ( #5978 )
2023-08-10 13:46:12 -07:00
43d970a050
Add python-cstruct package ( #5971 )
...
* Add python-cstruct package
2023-08-10 10:41:52 -07:00
19c3e1bde9
[AUTOPATCHER-kernel] Kernel upgrade to version 5.15.125.1 - branch main ( #5964 )
...
* Kernel upgrade to 5.15.125.1 version
* Add new configs set to defaults
* Update required configs json
---------
Co-authored-by: Rachel Menge <rachelmenge@microsoft.com>
2023-08-10 09:38:02 -07:00
3995717b83
opentelemetry-cpp: add package v1.10.0 ( #5947 )
...
* opentelemetry-cpp: enable OTLP_GRPC & OTLP_HTTP
* opentelemetry-cpp: refactor into libs & devel subpackage
Signed-off-by: Muhammad Falak R Wani <falakreyaz@gmail.com>
2023-08-10 10:23:18 +05:30
2f6c8a3a6e
Add requires for glibc-debuginfo to valgrind spec ( #5958 )
...
* add glibc-debuginfo to valgrind requires
* bump version of valgrind spec
* fix spacing on glibc-debuginfo in changelog
---------
Co-authored-by: Sam Meluch <sam.meluch@microsoft.com>
2023-08-08 15:51:56 -07:00
0d620dc747
Add lld16 package to Mariner ( #5952 )
...
* Add lld16 package to Mariner
* Update cgmanifest and License map files for lld16
* update changelog in lld16.spec
* update formatting for lld16 in licenses.json
* fix spacing in lld16.spec
---------
Co-authored-by: Sam Meluch <sam.meluch@microsoft.com>
2023-08-08 15:45:53 -07:00
b9ca4e444b
kernel-hci: Update config to enable DM multipath Kernel configurations. ( #5951 )
2023-08-08 16:13:44 -04:00
04b890c312
Upgrade curl to 8.2.1 to address CVE-2023-32001 ( #5955 )
...
Signed-off-by: Muhammad Falak R Wani <falakreyaz@gmail.com>
2023-08-08 20:23:18 +05:30
1276138ebe
Upgrade telegraf to 1.27.3 resolve vulnerability with jaeger v1.38.0 ( #5949 )
2023-08-07 15:49:21 -07:00
9c98773ff3
[AUTOPATCHER-kernel] Kernel upgrade to version 5.15.123.1 - branch main ( #5916 )
...
* Kernel upgrade to 5.15.123.1 version
* Apply config changes to ARM64
* Add required configs
---------
Co-authored-by: Saul Paredes <saulparedes@microsoft.com>
2023-08-07 14:24:52 -07:00
d9d4b4766b
Made `python-certifi` stop using its bundled certificates to fix CVE-2023-37920. ( #5939 )
2023-08-06 13:10:15 -07:00
90eff3e470
Prepare August 2023 Release ( #5934 )
2023-08-04 19:06:18 -07:00
a286e563f3
qt5-qtbase: Add patch for CVE-2023-33285, CVE-2023-37369, CVE-2023-38197 ( #5923 )
2023-08-04 08:42:14 -07:00
1c1fd0bddd
reaper: Add patch for CVE-2018-11694 ( #5937 )
2023-08-04 16:58:41 +05:30
2489bb76d4
nginx: configure with `--with-compat` to enable dynamic modules compatibility ( #5913 )
...
Signed-off-by: Muhammad Falak R Wani <falakreyaz@gmail.com>
2023-08-04 09:54:32 +05:30
78e9237f28
Address hyperv-daemons cves ( #5928 )
2023-08-03 09:22:15 -07:00
2fcd7ae197
gmp: adds c++ support in gmp-devel sub-package ( #5918 )
...
* gmp: adds c++ support in gmp-devel sub-package
* Updates manifest files
2023-08-03 17:50:11 +05:30
7be6adcd98
Fix a bug in applying earlier patches in dhcp ( #5892 )
...
* dhcp: Remove tabs at the start of the spec file
* dhcp: Fix a bug in applying earlier patches
2023-08-03 08:23:36 +05:30
6e05f4fdc4
Add protobuf check section ( #5127 )
...
* adding back protobuf java subpackage
* fixing order of descriptions
* fixing protobuf java build and req
* fixing description reference for protobuf java
* fixing versions for temurin for protobuf java
* fixed build for maven and added make test
* formatting the spec file
* formatting protobuf spec file again
* adjusting subpackge name for protobuf java
* fixing description for protobuf java subpackage
* moving comment and removing not needed provides for protobuf java
* adding python check macro and adding python tests for protobuf python subpackage
* incrementing mariner macros spec file
* updating spec file per suggestions
* de-coupling test changes from adding java subpackage
* removing the loose file
* updating manifests for the toolchain
* switch protobuf to use tox for testing
* fixing signature for mariner-rpm-macros
* fixing dependency name for the package
* removing python subpackage tests and tox as could not get tox to work
* removing addition of python macro as it is depricated
2023-08-02 16:18:01 -07:00
b925e99b11
[AUTOPATCHER-kernel] Kernel CVE - branch main - CVE-2023-3863 CVE-2023-3610 CVE-2023-3611 CVE-2023-3609 CVE-2023-3776 ( #5920 )
...
* CVE-2023-3610 CVE-2023-3611 CVE-2023-3609 CVE-2023-3776
* CVE-2023-3863
2023-08-02 16:02:11 -07:00
3d6087d308
Update blobfuse2 to 2.0.5 ( #5925 )
2023-08-02 09:18:39 -07:00
5dd60a2824
Fix Bug 45595561: Remove .bazelversion file ( #5922 )
2023-08-02 09:05:00 -07:00
b632863ab7
rpm-ostree: Add patch to fix CVE-2022-47085 ( #5917 )
2023-08-02 10:32:27 +05:30
85cd092ef8
Updated `iperf3` to fix CVE-2023-38403. ( #5919 )
2023-08-01 15:53:54 -07:00
e4346e4140
kernel: update mellanox configuratoins for bluefield2 ( #5896 )
...
* Enabling Mellanox configs
* Remove POWER_MLXBF
* update required configs
* Add new configs
* update PR number in rewuired config json
2023-08-01 13:31:46 -07:00
4ed6e29789
Set `mariadb` to explicitly use system's openSSL, PCRE, and zlib. ( #5908 )
2023-08-01 09:43:27 -07:00
374a11474f
Add new package libtraceevent v1.7.2 ( #5870 )
2023-08-01 14:53:59 +05:30
6a1f17bb19
Promote opencsd to SPECS ( #5871 )
2023-08-01 14:52:39 +05:30
d88acb348e
Promote rlwrap to SPECS ( #5872 )
2023-08-01 14:52:11 +05:30
e07618745d
Updated `pcre2` to version 10.42 to fix CVE-2022-41409. ( #5906 )
2023-07-31 17:04:38 -07:00
2f821725e7
Nopatch kernel for CVE-2023-38427, CVE-2023-38430, and CVE-2023-38431 ( #5910 )
2023-07-31 15:44:57 -07:00
7f85fab85b
kernel-hci: Add net/mlx5 patch (27) switching warn message to debug ( #5885 )
...
* kernel-hci: Add 0028-net-mlx5-Bridge-use-debug-not-warn-if-entry-not-found.patch
* Bump release number and add to changelog
* Fix changelog
* Update entangled spec
2023-07-31 13:15:34 -04:00
707e2a9a00
[AUTOPATCHER-kernel] Kernel CVE - branch main - CVE-2023-38426 CVE-2023-38428 CVE-2023-38429 CVE-2023-38432 ( #5890 )
...
* CVE-2022-48502 CVE-2023-38409
* CVE-2023-38426 CVE-2023-38428 CVE-2023-38429 CVE-2023-38432
2023-07-31 08:49:42 -07:00
02c4869938
Tweak behavior of kernel-mshv initrd; let it remain in /boot. ( #5765 )
...
* Tweak behavior of kernel-mshv initrd; let it remain in /boot.
* remove bad whitespace
* update comment on initramfs script
2023-07-28 22:34:53 -07:00
c678e6f890
Update kata-containers-cc to 0.6.0 ( #5816 )
...
* Update kata-containers-cc to 0.6.0
2023-07-28 16:04:06 -07:00
6edf78ca15
Patch CVE-2023-2828 in bind ( #5880 )
...
* Patch CVE-2023-2828 in bind
* bind: Adding upstream patch details
2023-07-28 09:02:30 +05:30
fc4a87cac4
Fixes openssh CVE-2023-38408 and Update openssh to 8.9p1 ( #5889 )
2023-07-27 17:00:10 -07:00
0213819410
Removing prometheus from prometheus-adapter and making separate *-docs packages ( #5888 )
2023-07-27 15:28:15 -07:00
674f033b6f
Kernel upgrade to 5.15.122.1 version ( #5887 )
2023-07-26 15:17:31 -07:00
52904c7e63
Nopatch kernel CVE-2022-45884 and CVE-2022-45886 ( #5877 )
2023-07-25 16:46:19 -07:00
680adbbe5d
Nopatch several kernel cves ( #5868 )
...
Nopatch kernel CVE-2022-41848, CVE-2022-44032, CVE-2022-44033, CVE-2022-44034, CVE-2022-45887, CVE-2022-45888, CVE-2022-45919, CVE-2023-0469, CVE-2023-0615, CVE-2023-2124, CVE-2023-28464, CVE-2023-28866, CVE-2023-3268, CVE-2023-3269, CVE-2023-3389, CVE-2023-3390, CVE-2023-35826, CVE-2023-35828
2023-07-25 11:18:35 -07:00
a957082832
Nopatch kernel to address CVE-2022-3533 CVE-2022-3606 ( #5862 )
2023-07-24 12:42:45 -07:00
098c302f9c
switch to zstd compression level 7 ( #5800 )
2023-07-19 16:57:38 -07:00
f2e04e508c
Nopatch kernel for CVE-2023-21102, CVE-2023-32250, CVE-2023-32254 ( #5850 )
...
* add nopatch for CVE-2023-21102
* add CVE-2023-32250, CVE-2023-32254
2023-07-19 15:23:25 -07:00
d28db732e1
hyperv-daemons: add nopatch for CVE-2023-1989, CVE-2023-1998, CVE-2023-21102, CVE-2023-25012, CVE-2023-3359 ( #5853 )
2023-07-19 14:03:34 -07:00
cb3a2a93e7
Revert "Add CONFIGs for Mellanox Bluefield SOC in ARM64 ( #5789 )" ( #5852 )
...
This reverts commit 800a2e0bb3
2023-07-19 13:35:15 -07:00
0a3a8bcf16
Upgrade libxml2 to 2.10.4 to fix CVE-2023-28484, CVE-2023-29469 ( #5559 )
2023-07-19 12:31:01 -07:00
f63c659fab
Upgrade Blobfuse2 to 2.0.4 ( #5839 )
...
* Update blobfuse2 to 2.0.4
* Review comment
2023-07-19 09:51:39 -07:00
676a1d7cca
Add upstream patch for CVE-2023-35945 in nghttp2 ( #5842 )
2023-07-19 11:37:12 -05:00
eb56c36487
Add new package opencsd v1.4.0 ( #5826 )
...
Co-authored-by: Muhammad Falak R Wani <falakreyaz@gmail.com>
Co-authored-by: Olivia Crain <olivia@olivia.dev>
Signed-off-by: saranyareddy <saranyareddipalle@yahoo.in>
2023-07-17 16:19:35 +05:30
9018b05f7d
Remove k3s from Mariner ( #5814 )
...
* Remove k8s from Mariner
* Fix license check error
2023-07-14 17:52:35 -07:00
6d35fdd2fc
glibc: restore glibc-debuginfo package ( #5795 )
...
* update glibc so binaries are not stripped
* restore glibc-debuginfo
2023-07-14 16:20:19 -07:00
7ac8e796ca
nopatch CVE-2023-23003 ( #5830 )
2023-07-14 11:22:52 -07:00
4c9a99a79f
[AUTOPATCHER-CORE] Upgrade telegraf to 1.27.2 to fix CVE-2023-34231, CVE-2023-25809, CVE-2023-28642 ( #5834 )
...
Co-authored-by: Olivia Crain <oliviacrain@microsoft.com>
2023-07-14 11:12:44 -07:00
3e9c3cb502
build nginx with http_gunzip_module ( #5827 )
...
Signed-off-by: Pete Birley <petebirley@microsoft.com>
Co-authored-by: Pete Birley <petebirley@microsoft.com>
2023-07-14 09:57:12 -07:00
78e1d24d47
Upgrade golang to 1.19.11 to fix CVE-2023-29406 ( #5828 )
2023-07-13 13:55:07 -07:00
c3aff1d1a0
Package cmake modules in grpc-devel ( #5719 )
2023-07-12 17:26:38 -07:00
e10b21f9eb
Patch CVE-2022-25883 in nodejs v16 ( #5823 )
2023-07-12 17:05:49 -07:00
9ea5f187b3
Add python-resolvelib package to support ansible-galaxy ( #5752 )
...
* add python-resolvelib to mariner
* add python-resolvelib dependency to ansible
* update resolvelib spec with corrected tarball name
* update license map, add license verification to spec
* add ISC license for fedora import
* fix licenses-map.md
* Update name in changelog entry
Co-authored-by: Olivia Crain <oliviacrain@microsoft.com>
---------
Co-authored-by: Sam Meluch <sam.meluch@microsoft.com>
Co-authored-by: Olivia Crain <oliviacrain@microsoft.com>
2023-07-12 18:34:16 -05:00
39cedf0192
Add dnf5 package to Mariner 2.0. Upgrade librepo to version 1.15.1. Upgrade libsolv to version 0.7.24 ( #5730 )
...
* initial commit for dnf5
* update dnf5 spec for mariner, librepo signature, add libsolv REPO_COMPS option
* update changelogs for dnf5 and libso
* Updating spec source attribution.
* PR checks and comment updates, stop building dnf5-daemon packages
---------
Co-authored-by: Sam Meluch <sam.meluch@microsoft.com>
Co-authored-by: Olivia Crain <oliviacrain@microsoft.com>
Co-authored-by: Pawel Winogrodzki <pawelwi@microsoft.com>
2023-07-12 14:15:06 -05:00
0d16422b71
Bump nodejs to 16.20.1 ( #5758 )
...
Co-authored-by: Olivia Crain <olivia@olivia.dev>
2023-07-12 12:12:00 -07:00
33b9e90f57
CVE-2023-3090 CVE-2023-3117 CVE-2023-3355 CVE-2023-3357 CVE-2023-3358 CVE-2023-3359 ( #5804 )
2023-07-12 10:14:43 -07:00
0e21beebb2
Upgrade cloud-init to 23.2 ( #5797 )
...
* modify cloud.cfg
* add patch mozjs cve
* add cloud-init CVE
* upgrade cloud-init to 23.2
2023-07-11 22:32:48 -07:00
dc7a894215
Patch CVE-2022-25883 for nodejs18 ( #5810 )
...
Signed-off-by: Muhammad Falak R Wani <falakreyaz@gmail.com>
2023-07-11 22:47:23 +05:30
7a29ef4dc8
Add functionality to serve stale DNS records
2023-07-10 21:32:46 -04:00
CBL-Mariner-Bot
suresh-thelkar
Nan Liu
xiaohong
Rohit Rawat
Neha Agarwal
Chris PeBenito
Andrew Phelps
Jonathan Behrens
Gary Swalling
rlmenge
AZaugg
nicolas guibourge
Christopher Co
Muhammad Falak R Wani
Dan Streetman
jslobodzian
Archana Choudhary
ms-mahuber
Paco Huelsz
sindhu-karri
Pawel Winogrodzki
Mateusz Gozdek
Shweta Bindal
amritakohli
Minghe Ren
Daniel McIlvaney
Henry Beberman
osamaesmailmsft
porwalameet
Mandeep Plaha
Mitch Zhu
Adub17030MS
Sumynwa
Cameron E Baird
Maxwell McKee
Saul Paredes
kanikanema
Betty
Henry Li
bfjelds
ashruti-msft
Trung
Tobias Brick
Dallas Delaney
aadhar-agarwal
Bala
SeanDougherty
Saranya Reddipalli
Sam Meluch
Lanze Liu
Mykhailo Bykhovtsev
Sourav Gupta
Riken Maharjan
J Camposeco
Vince Perri
Olivia Crain
Pete Birley
reuben olinsky
dsteeley