* Bump package version to recompile binaries with fixed gcc stack protection (CVE-2023-4039)
* Bump debuginfo versions in toolchain manifests
* Bump kernel headers to match kernel
* Update SPECS/gettext/gettext.spec
Taking suggestion
Co-authored-by: Muhammad Falak R Wani <falakreyaz@gmail.com>
* Update for code review comments
* Fix for code review comment in qt5-qtdeclarative changelog
* Fix dash version for signed spec files
---------
Co-authored-by: Muhammad Falak R Wani <falakreyaz@gmail.com>
commit 9ef9b4d3fd
Author: Thomas Crain <thcrain@microsoft.com>
Date: Mon May 17 12:39:41 2021 -0700
Ensure RUN_CHECK Make flag and with_check RPM define match (#945)
commit 794ac9ab2e
Merge: 6f354a36ce5d3b4c
Author: Thomas Crain <thcrain@microsoft.com>
Date: Mon May 17 12:38:59 2021 -0700
Merge pull request #851: Merge 1.0 (up to April Update) into dev branch
commit ce5d3b4c5f
Author: Thomas Crain <thcrain@microsoft.com>
Date: Mon May 17 12:31:13 2021 -0700
Fix manifest
commit 258e455fb3
Author: Thomas Crain <thcrain@microsoft.com>
Date: Mon May 17 11:40:42 2021 -0700
Update python-pycurl source url
commit c04ccb29b2
Author: Thomas Crain <thcrain@microsoft.com>
Date: Mon May 17 11:32:58 2021 -0700
Fix License Map
commit 39c1d60663
Author: Thomas Crain <thcrain@microsoft.com>
Date: Mon May 17 11:30:03 2021 -0700
Re-add rubygem-bundler
commit f5ab309436
Author: Thomas Crain <thcrain@microsoft.com>
Date: Mon May 17 11:23:27 2021 -0700
Update entangled specs
commit 7b6df997a5
Merge: 4770f65c6f354a36
Author: Thomas Crain <thcrain@microsoft.com>
Date: Mon May 17 11:14:46 2021 -0700
Merge remote-tracking branch 'origin/dev' into thcrain/pain
commit 4770f65cff
Author: Thomas Crain <thcrain@microsoft.com>
Date: Mon May 17 10:57:48 2021 -0700
Revert "Ensure RUN_CHECK Make flag and with_check RPM define match"
This reverts commit 221d95ad94.
commit 221d95ad94
Author: Thomas Crain <thcrain@microsoft.com>
Date: Fri May 14 09:45:40 2021 -0500
Ensure RUN_CHECK Make flag and with_check RPM define match
commit 6f354a36e3
Author: Henry Li <69694695+henryli001@users.noreply.github.com>
Date: Thu May 13 16:56:31 2021 -0700
[dev] Fix build break caused by bind and man-db (#941)
* fix bind and man-db
* update changelog
* update macros
Co-authored-by: Henry Li <lihl@microsoft.com>
commit b11322afae
Author: Thomas Crain <thcrain@microsoft.com>
Date: Thu May 13 10:55:38 2021 -0500
fix aarch64 manifests
commit 60292cd8de
Author: Thomas Crain <thcrain@microsoft.com>
Date: Thu May 6 20:04:53 2021 -0500
Fix bogus date in clog
commit f7ae2aef4c
Author: Thomas Crain <thcrain@microsoft.com>
Date: Wed May 5 10:52:31 2021 -0500
Update rubygem specs with proper macros
Bump rubygem specs
Remove rubygems and td-agent for this PR
commit 13f6c96776
Author: Thomas Crain <thcrain@microsoft.com>
Date: Wed May 5 10:04:00 2021 -0500
Various build fixes
commit ada9b25e30
Author: Thomas Crain <thcrain@microsoft.com>
Date: Tue May 4 12:45:49 2021 -0500
Latest round of fixes
commit 199a57d1c8
Author: Henry Li <69694695+henryli001@users.noreply.github.com>
Date: Mon May 3 18:13:56 2021 -0700
[dev] Update bind to enable missing packages (#912)
* save changes to bind
* save changes for bind
* update bind spec
* update bind
* remove service files
* update linting
Co-authored-by: Henry Li <lihl@microsoft.com>
commit e3d1e945a8
Author: Pawel Winogrodzki <pawelwi@microsoft.com>
Date: Mon May 3 16:48:30 2021 -0700
[dev] Adding symbolic links to `groff`. (#907)
commit 8ce94ae4e5
Author: Henry Li <69694695+henryli001@users.noreply.github.com>
Date: Mon May 3 11:18:57 2021 -0700
fix glib typo (#909)
Co-authored-by: Henry Li <lihl@microsoft.com>
commit 90f361f753
Merge: f4a121060321aecb
Author: Thomas Crain <thcrain@microsoft.com>
Date: Fri Apr 30 18:07:37 2021 -0500
Merge branch '1.0' from April Update
commit 0321aecbfb
Merge: 8c018077b7ed62e4
Author: jslobodzian <joslobo@microsoft.com>
Date: Thu Apr 29 21:42:33 2021 -0700
Merge pull request #903 from microsoft/joslobo/merge-for-april-update
Joslobo/merge for april update
commit b7ed62e4ed
Merge: 8c018077ec8da096
Author: Jon Slobodzian <joslobo@microsoft.com>
Date: Thu Apr 29 21:34:03 2021 -0700
Merge branch '1.0-dev' into joslobo/merge-for-april-update
commit ec8da09692
Merge: 066b103f736bb358
Author: jslobodzian <joslobo@microsoft.com>
Date: Thu Apr 29 20:59:40 2021 -0700
Merge pull request #896 from christopherco/chrco/growpart/disk-lock-patch
cloud-utils-growpart: Workaround for timeout
commit 066b103f3a
Merge: 3db16c15ab2ca924
Author: jslobodzian <joslobo@microsoft.com>
Date: Thu Apr 29 20:57:25 2021 -0700
Merge pull request #899 from microsoft/nisamson/grpc-c-ares-unvendor
Added config line to unvendor c-ares in grpc; now uses system package
commit 3db16c15dd
Author: Thomas Crain <thcrain@microsoft.com>
Date: Thu Apr 29 14:40:57 2021 -0700
Fix logic error in runliveinstaller (#901)
commit 72508199b4
Author: CBL-Mariner-Bot <75509084+CBL-Mariner-Bot@users.noreply.github.com>
Date: Thu Apr 29 14:33:05 2021 -0700
Automatic update of the `kubernetes` packages.
commit f4a121065f
Author: Thomas Crain <thcrain@microsoft.com>
Date: Thu Apr 29 12:41:43 2021 -0500
fix perl-JSON
commit ab2ca92467
Author: Nick Samson <nick.samson@microsoft.com>
Date: Wed Apr 28 23:24:55 2021 +0000
Added config line to unvendor c-ares in grpc; now uses system package
commit c304576df6
Author: Andrew Phelps <anphel31@users.noreply.github.com>
Date: Wed Apr 28 11:34:44 2021 -0700
Fix python3 test_ssl tests (#898)
* fix python3 ssl tests
* fix changelog linting issue
commit 8c018077d0
Merge: dff18f06bd33c18a
Author: jslobodzian <joslobo@microsoft.com>
Date: Wed Apr 28 11:07:11 2021 -0700
Merge pull request #895 from microsoft/danmihai1/DRBG
Enable CONFIG_CRYPTO_DRBG_HASH, CONFIG_CRYPTO_DRBG_CTR
commit dff18f0605
Merge: ab49164be4516797
Author: jslobodzian <joslobo@microsoft.com>
Date: Wed Apr 28 11:02:31 2021 -0700
Merge pull request #897 from microsoft/niontive/update-openssl
Upgrade OpenSSL to 1.1.1k (#812)
commit e451679727
Author: Nicolas Ontiveros <54044510+niontive@users.noreply.github.com>
Date: Wed Mar 31 13:11:45 2021 -0700
Upgrade OpenSSL to 1.1.1k (#812)
* Update openssl to version 1.1.1k
* Update pkggen and toolchain txt files
* Update cgmanifest
commit bd33c18ac6
Author: Dan Mihai <Daniel.Mihai@microsoft.com>
Date: Wed Apr 28 06:31:48 2021 -0700
Fix kernel headers version in pkggen_core_x86_64.txt
commit 736bb358e0
Author: Chris Co <chrco@microsoft.com>
Date: Wed Apr 28 06:36:24 2021 +0000
cloud-utils-growpart: lint
Signed-off-by: Chris Co <chrco@microsoft.com>
commit d49a08ac83
Author: Chris Co <chrco@microsoft.com>
Date: Wed Apr 28 06:13:34 2021 +0000
cloud-utils-growpart: Workaround for timeout
Regression identified when using flock disk locking with 5.10 kernel and
systemd-239. During unlock_disk_and_settle(), udevadm settle will not
complete and eventually timeout after 2 minutes. When looking at the
systemd-udevd logs, the daemon crashes and produces the following stack
trace:
Stack trace of thread 1531:
#0 0x00007fd73d9be405 recvmsg (libpthread.so.0)
#1 0x00007fd73dab33b8 udev_monitor_receive_device (libsystemd-shared-239.so)
#2 0x0000600347316201 on_uevent (systemd-udevd)
#3 0x0000600347316667 on_inotify (systemd-udevd)
#4 0x00007fd73dbad6d7 source_dispatch (libsystemd-shared-239.so)
#5 0x00007fd73dbaf4e5 sd_event_dispatch (libsystemd-shared-239.so)
#6 0x00007fd73dbaf678 sd_event_run (libsystemd-shared-239.so)
#7 0x00007fd73dbaf89f sd_event_loop (libsystemd-shared-239.so)
#8 0x00006003473132df run (systemd-udevd)
#9 0x00007fd73d80e133 __libc_start_main (libc.so.6)
#10 0x0000600347313efe _start (systemd-udevd)
The failing behavior appears to be directly linked to the "exec FD"
actions. A quick way to replicate this issue in the repro environment:
exec 9<>$disk
exec 9>&-
udevadm settle
This patch comments out the initial lock_disk() call, which makes
unlock_disk_and_settle() return early because ${FLOCK_DISK_FD} is not
set to a valid FD, avoiding the file descriptor actions that lead to
the failing behavior.
Note that this change does re-introduce the possibility of udev race
conditions during the disk operations, effectively reverting this
behavior to pre-0.32 behavior.
Signed-off-by: Chris Co <chrco@microsoft.com>
commit d236b22280
Author: Dan Mihai <Daniel.Mihai@microsoft.com>
Date: Tue Apr 27 20:05:20 2021 -0700
Use the same dates as the 1.0-dev branch
commit 84a37c465c
Author: Dan Mihai <Daniel.Mihai@microsoft.com>
Date: Tue Apr 27 19:13:50 2021 -0700
Enable CONFIG_CRYPTO_DRBG_HASH, CONFIG_CRYPTO_DRBG_CTR
These changes were ported from commit
8265b13074
commit b0c9dc882c
Merge: 4f48d846ab49164b
Author: Thomas Crain <thcrain@microsoft.com>
Date: Tue Apr 27 21:02:56 2021 -0500
Merge branch '1.0' into thcrain/pain
commit e0955b0d22
Merge: f9a5cb8622f1ccc5
Author: jslobodzian <joslobo@microsoft.com>
Date: Tue Apr 27 17:11:38 2021 -0700
Merge pull request #894 from microsoft/joslobo/bump-mariner-release-for-april-update
Bump version number of release package for April Update
commit 22f1ccc5e3
Author: Jon Slobodzian <joslobo@microsoft.com>
Date: Tue Apr 27 14:31:59 2021 -0700
Bump version number of release package for April Update
commit f9a5cb862a
Merge: 8faf715b9e36a4f2
Author: jslobodzian <joslobo@microsoft.com>
Date: Tue Apr 27 14:26:33 2021 -0700
Merge pull request #893 from microsoft/joslobo/sync-mariner-release-on-1.0-dev
Sync 1.0-dev branch with updated mariner-release version from March update
commit 9e36a4f246
Author: Jon Slobodzian <joslobo@microsoft.com>
Date: Tue Mar 30 20:57:40 2021 -0700
Update release version for March update
commit 4f48d8460a
Merge: 534fd81b06154eed
Author: Thomas Crain <thcrain@microsoft.com>
Date: Tue Apr 27 15:29:59 2021 -0500
Merge remote-tracking branch 'origin/dev' into thcrain/pain
commit 534fd81bfd
Author: Thomas Crain <thcrain@microsoft.com>
Date: Tue Apr 27 15:25:53 2021 -0500
More toolchain fixes
commit 8faf715bf9
Author: Thomas Crain <thcrain@microsoft.com>
Date: Tue Apr 27 11:17:36 2021 -0700
Update license map (#888)
commit 7f1416a970
Author: Thomas Crain <thcrain@microsoft.com>
Date: Tue Apr 27 12:58:27 2021 -0500
temporary toolchain fix
commit 0ec0716322
Author: Thomas Crain <thcrain@microsoft.com>
Date: Tue Apr 27 12:51:41 2021 -0500
Fix unzip build issue
commit f6f7e2b5b2
Merge: 1b92ffabd63cb598
Author: Thomas Crain <thcrain@microsoft.com>
Date: Tue Apr 27 09:47:23 2021 -0700
Merge branch 'dev' into thcrain/pain
commit 91a215094a
Author: Nick Samson <nick.samson@microsoft.com>
Date: Tue Apr 27 08:57:30 2021 -0700
Updated OpenJDK8 to patch 292 to address multiple CVEs (#862)
commit 1b92ffab8a
Author: Thomas Crain <thcrain@microsoft.com>
Date: Tue Apr 27 08:52:01 2021 -0500
Fix bad toolchain manifests (x86_64)
commit cf18b55bef
Author: Thomas Crain <thcrain@microsoft.com>
Date: Mon Apr 26 20:54:43 2021 -0500
Fix incorrect %%{_lib} macro usage
commit ea1e989497
Author: Thomas Crain <thcrain@microsoft.com>
Date: Mon Apr 26 16:20:10 2021 -0700
Fix espeakup issues in ISO (#879)
* Only start speakup in runliveinstaller if attended
* Restart speakup when installerview is shown
* Update runliveinstaller
commit b4204939d5
Author: Thomas Crain <thcrain@microsoft.com>
Date: Mon Apr 26 16:15:57 2021 -0700
Update mysql to 8.0.24 to fix 30 CVEs (#882)
commit 86b756ae14
Author: Thomas Crain <thcrain@microsoft.com>
Date: Mon Apr 26 14:56:46 2021 -0700
Update dnsmasq to 2.85 to fix CVE-2021-3348 (#877)
commit 513c6fa2ae
Author: Thomas Crain <thcrain@microsoft.com>
Date: Mon Apr 26 14:46:36 2021 -0700
Patch several CVEs in Rust (#887)
* Patch several CVEs in Rust
* Update cloud-hypervisor.spec
commit 92d74837ab
Author: Christopher Co <35273088+christopherco@users.noreply.github.com>
Date: Mon Apr 26 14:06:41 2021 -0700
Incorporate signed shim package into default images/iso (#881)
- iso-initrd: Use signed shim package
- core-packages: Use signed shim package
- core-efi-aarch64: Add new core-efi-aarch64 image
aarch64 images still need to use the shim-unsigned package. Add a new
core-efi-aarch64 image configuration and add a new
core-packages-image-aarch64 packagelist with the shim-unsigned package.
When a signed aarch64 shim is available, we can consider removing this
image configuration and package list.
- full-aarch64: Add new full-aarch64 iso config
Signed-off-by: Chris Co <chrco@microsoft.com>
commit cbfa490644
Author: Christopher Co <35273088+christopherco@users.noreply.github.com>
Date: Mon Apr 26 11:03:18 2021 -0700
shim-unsigned: Force using shim-15 for aarch64 (#880)
There is a regression in shim-15.4 aarch64 builds where, if built with
binutils pre-2.35, the binary will fail to boot with "Synchronous Exception"
error.
See upstream shim issues page for more details.
Force using shim-15 release for aarch64 only.
Older cert is expired. Use new cert instead.
Signed-off-by: Chris Co <chrco@microsoft.com>
commit e00cc4dc7b
Author: Pawel Winogrodzki <pawelwi@microsoft.com>
Date: Mon Apr 26 10:39:50 2021 -0700
Moving licenses script to toolkit and updating its functionality. (#885)
commit ff38ba49af
Author: Joseph Knierman <joknierm@microsoft.com>
Date: Mon Apr 26 10:38:53 2021 -0700
Adding `nvidia-container-runtime` package (#874)
commit de8f255023
Author: Christopher Co <35273088+christopherco@users.noreply.github.com>
Date: Sun Apr 25 15:39:10 2021 -0700
kernel: Disable CONFIG_EFI_DISABLE_PCI_DMA (#875)
On certain poorly-behaving hardware, CONFIG_EFI_DISABLE_PCI_DMA can
cause the kernel to fail to boot. When this happens, the boot log
shows an EFI stub error where Exit boot services failed:
EFI stub: Booting Linux Kernel...
EFI stub: Using DTB from configuration table
EFI stub: Exiting boot services and installing virtual address map...
EFI stub: ERROR: Exit boot services failed.
EFI stub: ERROR: Failed to update FDT and exit boot services
To confirm if one is hitting this specific PCI busmastering issue, one
can add "efi=no_disable_early_pci_dma" to the kernel command line
and observe if the boot issue goes away.
Since this kernel package serves a wider array of hardware, some of
which do exhibit this boot failure, let's disable the config by default.
Signed-off-by: Chris Co <chrco@microsoft.com>
commit ab49164b6c
Author: Thomas Crain <thcrain@microsoft.com>
Date: Tue Apr 20 10:52:53 2021 -0500
Fix CVEs in Rust
Bump Rust packages
Fix patch numbering
commit 42dd6a91c4
Author: Pawel Winogrodzki <pawelwi@microsoft.com>
Date: Mon Apr 12 14:57:06 2021 -0700
Fixing azure-iotedge.spec `BuildRequires` typo from '==' to '='. (#844)
commit a1a01b824d
Merge: 124e6fd5cf05009f
Author: jslobodzian <joslobo@microsoft.com>
Date: Sun Apr 25 13:41:27 2021 -0700
Merge pull request #883 from microsoft/thcrain/rust-cves-oh-no
Patch CVE-2021-28879 in Rust
commit cf05009f12
Author: Thomas Crain <thcrain@microsoft.com>
Date: Tue Apr 20 10:52:53 2021 -0500
Fix CVEs in Rust
Bump Rust packages
Fix patch numbering
commit 124e6fd530
Author: Pawel Winogrodzki <pawelwi@microsoft.com>
Date: Fri Apr 23 16:48:52 2021 -0700
Updating license info for 'kubernetes' and 'coredns'. (#878)
commit 368e1ddb02
Author: Thomas Crain <thcrain@microsoft.com>
Date: Fri Apr 23 12:53:42 2021 -0700
Update sqlite to 3.34.1 to fix CVE-2021-20227 (#873)
commit b8298ec75a
Author: Pawel Winogrodzki <pawelwi@microsoft.com>
Date: Fri Apr 23 11:09:15 2021 -0700
Adding missing patch signature for "kubernetes-1.18.17". (#876)
commit b4eb3b0b4e
Author: Thomas Crain <thcrain@microsoft.com>
Date: Fri Apr 23 09:26:54 2021 -0700
Upgrade ClamAV to 0.103.2 to fix multiple CVEs (#871)
commit 8dc788e26a
Author: CBL-Mariner-Bot <75509084+CBL-Mariner-Bot@users.noreply.github.com>
Date: Thu Apr 22 17:23:07 2021 -0700
Automatic update of the `kubernetes` packages. (#869)
* Automatic package update.
* Adjusted build steps for new sources from the 1.20.X versions.
Co-authored-by: Pawel Winogrodzki <pawel.winogrodzki@microsoft.com>
commit 3233c84928
Author: Nicolas Ontiveros <54044510+niontive@users.noreply.github.com>
Date: Thu Apr 22 08:26:44 2021 -0700
Fix installation and removal of atd.service (#870)
commit 2b123e6354
Author: Nicolas Ontiveros <54044510+niontive@users.noreply.github.com>
Date: Thu Apr 22 08:25:49 2021 -0700
Exclude static libraries in openvswitch package (#865)
commit 67cf4f9b65
Author: Christopher Co <35273088+christopherco@users.noreply.github.com>
Date: Wed Apr 21 20:37:29 2021 -0700
grub-efi-binary-signed: define new grub2-efi-binary subpackage (#855)
* grub-signed: Commonize on one spec
Use macros to swap spec contents based on build architecture. We will
still create an SRPM per arch, each with a unique name, so there is no
risk of SRPM name collision.
* grub-signed: Define new grub2-efi-binary subpackage
New subpackage will contain the signed grubx64.efi/grubaa64.efi binary.
This package name is identical to the unsigned version and we will
prefer to use this signed version if built.
* grub-signed: rename files
* grub2: bump spec version to match signed version
* Update github action checks
CG manifest, license file, and spec entanglement checks are failing
due to the grub-efi-binary-signed naming change. Update the checks to
account for the new name.
* grub2-signed: rename source0 to match subpackage
Source0 previous pointed to grub2-efi-unsigned rpm which technically
can work but it would be better to use the grub2-efi-binary package
instead because grub2-efi-binary package is ultimately the package we
will be replacing. We can also perform checks to make sure the output
rpm matches the inputs, modulo the signed binary.
Signed-off-by: Chris Co <chrco@microsoft.com>
commit 8a5fdab5d0
Author: Christopher Co <35273088+christopherco@users.noreply.github.com>
Date: Wed Apr 21 20:29:33 2021 -0700
shim: Introduce shim package (#866)
* shim: Introduce shim package
Shim package contains a signed shim bootloader which is signed with the
Microsoft UEFI CA cert to allow it to load on many different platforms
that support UEFI Secure boot. If UEFI Secure Boot is enabled, this shim
binary will verify that next stage bootloaders (i.e., grub and kernel)
are signed with the CBL-Mariner secure boot key.
* shim: add extra versioning info to source0
Renamed Source0 tarball naming to prevent future tarball naming
collisions.
* CI: ignore shim during cgmanifest check
shim package's Source0 is a signed binary created by us.
* licenses-map: Add shim to table
* shim: prefer install over cp
* licenses: Add shim to data file
Fixes error thrown by spec license checker
* shim: Add comment explaining why only x86_64 shim
Signed-off-by: Chris Co <chrco@microsoft.com>
commit 6a3adec622
Author: Vincent Tam <vtam@microsoft.com>
Date: Wed Apr 21 10:21:12 2021 -0700
Add bmake for NV container build (#860)
commit e6c89b3300
Author: Christopher Co <35273088+christopherco@users.noreply.github.com>
Date: Tue Apr 20 17:51:09 2021 -0700
kernel-signed: define a new kernel subpackage (#785)
* kernel-signed: define a new kernel subpackage
This spec purpose is to take an input kernel rpm and input secure-boot-signed
kernel binary from the same build and generate a new "kernel" rpm with the
signed kernel binary + all of the other original kernel files, triggers,
scriptlets, requires, provides, etc.
We need to ensure the kernel modules and kernel binary used are from the exact
same build because at build time the kernel modules are signed with an
ephemeral key that the kernel enrolls in its keyring. We enforce kernel
module signature checking when we enable security features like kernel
lockdown so our kernel can only load those specific kernel modules at runtime.
Additionally, to complete the UEFI Secure Boot chain, we must PE-sign the
kernel binary. Ideally we would enable secure-boot signing tools like pesign
or sbsign to be callable from inside the rpmbuild environment, that way we can
secure-boot sign the kernel binary during the kernel's rpmbuild. It is best
practice to sign as soon as possible. However there are issues getting that
secure boot signing infrastructure in place today. Hence we sign the
resulting kernel binary and "repackage" the kernel RPM (something rpm itself
actively tries to make sure you never do...generally for good reasons).
To achive this repackaging, this spec creates a new subpackage named
"kernel". To retain all of the initial kernel package behaviors, we make sure
the subpackage has the same requires, provides, triggers, post steps, and
files as the original kernel package.
This specific repackaging implementation leaves room for us to enable the
more ideal secure-boot signing flow in the future without introducing any
sort of breaking change or new packaging. Users still install a "kernel"
package like they normally would.
Maintenance Notes:
- This spec's "version" and "release" must reflect the unsigned version that
was signed. An important consequence is that when making a change to this
spec or the normal kernel spec, the other spec's version version/release must
be increased to keep the two versions consistent.
- Make sure the kernel subpackage's Requires, Provides, triggers, post/postun
scriptlets, and files match the normal kernel spec's. The kernel subpackage
should contain the same content as the input kernel package but replace the
kernel binary with our signed kernel binary. Since all the requires, provides,
etc are the same, this new kernel package can be a direct replacement for the
normal kernel package and RPM will resolve packages with kernel dependencies
correctly.
To populate the input sources:
1. Build the unsigned packages as normal
2. Sign the desired binary
3. Place the unsigned package and signed binary in this spec's folder
4. Build this spec
* kernel-signed: refactor into one common spec file
The only differences between kernel-signed-x86_64 and
kernel-signed-aarch64 spec files were primarily the architecture
type in the spec name and input Source0 rpm. We can use a macro to set
these and reduce down to one spec file
* Update checks to consider kernel-signed
* kernel-hyperv: match release number
Ideally we keep kernel-headers version/release in sync with kernel and
kernel-hyperv package version/release. This allows the user to install
kernel-headers on any Mariner system by using
dnf install kernel-headers-$(uname -r)
Signed-off-by: Chris Co <chrco@microsoft.com>
commit 0b20998c47
Merge: 96aee7d2ad579968
Author: jslobodzian <joslobo@microsoft.com>
Date: Tue Apr 20 17:38:46 2021 -0700
Merge pull request #868 from microsoft/niontive/enc-bug
Don't Configure Grub Encryption Settings in Chroot (#864)
commit ad579968d4
Author: Nicolas Ontiveros <54044510+niontive@users.noreply.github.com>
Date: Tue Apr 20 15:08:14 2021 -0700
Don't Configure Grub Encryption Settings in Chroot (#864)
commit 7aa42cedb3
Author: Nicolas Ontiveros <54044510+niontive@users.noreply.github.com>
Date: Tue Apr 20 15:08:14 2021 -0700
Don't Configure Grub Encryption Settings in Chroot (#864)
commit f0e65cb99b
Author: Pawel Winogrodzki <pawelwi@microsoft.com>
Date: Tue Apr 20 10:15:43 2021 -0700
Adding clarifications about config file paths. (#853)
commit c9cef09e94
Author: rlmenge <rachelmenge@microsoft.com>
Date: Mon Apr 19 14:38:33 2021 -0400
Add no patch for CVE-2021-29648 (#861)
commit c474a501a1
Author: CBL-Mariner-Bot <75509084+CBL-Mariner-Bot@users.noreply.github.com>
Date: Fri Apr 16 18:31:13 2021 -0700
Automatic update of the `icu` package. (#856)
* Automatic package update.
* Updating packages requiring re-compilation after 'icu' library version update.
* Making shared library versions explicit inside the '%files' section.
Co-authored-by: Pawel Winogrodzki <pawel.winogrodzki@microsoft.com>
commit 9432e35aed
Author: Andrew Phelps <anphel31@users.noreply.github.com>
Date: Fri Apr 16 16:22:07 2021 -0700
Update moby-engine and moby-cli to version 19.10.15 (#859)
* update to moby 19.10.15
* fix go-md2man filename
* add comment to moby-cli
commit 7fb3d61413
Author: Thomas Crain <thcrain@microsoft.com>
Date: Fri Apr 16 17:26:33 2021 -0500
manifest aarch64 fixes
commit 38353b5bc8
Author: Thomas Crain <thcrain@microsoft.com>
Date: Fri Apr 16 17:24:04 2021 -0500
third try fixes
commit 00ed1f883b
Author: Thomas Crain <thcrain@microsoft.com>
Date: Fri Apr 16 17:16:26 2021 -0500
second try fixes
commit b885a285a6
Author: Thomas Crain <thcrain@microsoft.com>
Date: Fri Apr 16 17:01:52 2021 -0500
first try fixes
commit 96aee7d2c9
Merge: 959d8e4aedcc1be8
Author: jslobodzian <joslobo@microsoft.com>
Date: Fri Apr 16 10:48:22 2021 -0700
Merge pull request #858 from PawelWMS/pawelwi/merging_net-snmp_fix
1.0-dev cherry-pick: Making 'keepalived' link against latest 'net-snmp' libraries.
commit 959d8e4a2a
Merge: 7277504b29009b6d
Author: jslobodzian <joslobo@microsoft.com>
Date: Fri Apr 16 10:48:03 2021 -0700
Merge pull request #857 from microsoft/thcrain/1.0-a11y-fixes-offcycle
(1.0) ISO Installer: Various accessibility fixes
commit edcc1be85f
Author: Pawel Winogrodzki <pawelwi@microsoft.com>
Date: Fri Apr 16 10:39:56 2021 -0700
Making 'keepalived' link against latest 'net-snmp' libraries. (#854)
commit 71c449867a
Author: Pawel Winogrodzki <pawelwi@microsoft.com>
Date: Fri Apr 16 10:39:56 2021 -0700
Making 'keepalived' link against latest 'net-snmp' libraries. (#854)
commit 29009b6df8
Author: Thomas Crain <thcrain@microsoft.com>
Date: Wed Apr 14 13:38:45 2021 -0700
ISO Installer: Various accessibility fixes (#818)
* Lockout input when using speakup buffer clear functionality
* Add required field markers for input fields
* Fix color contrast for exit modal
* Change user feedback text color for better contrast
* Persist user feedback on user input more reliably
* Change cursor to solid white for contrast purposes
* Remove asterisks from manual partition table header
* Add bright colors
* Slaying the contrast dragon
* Remove extraneous configurations from full iso
* Add no speech terminal installer
* Add form focus to installer view resets
* Adding logging warning to stop speakup invocation
* Fix modal contrast (again)
commit f452d9eaee
Author: Thomas Crain <thcrain@microsoft.com>
Date: Wed Apr 14 13:38:45 2021 -0700
ISO Installer: Various accessibility fixes (#818)
* Lockout input when using speakup buffer clear functionality
* Add required field markers for input fields
* Fix color contrast for exit modal
* Change user feedback text color for better contrast
* Persist user feedback on user input more reliably
* Change cursor to solid white for contrast purposes
* Remove asterisks from manual partition table header
* Add bright colors
* Slaying the contrast dragon
* Remove extraneous configurations from full iso
* Add no speech terminal installer
* Add form focus to installer view resets
* Adding logging warning to stop speakup invocation
* Fix modal contrast (again)
commit 62ba07244f
Author: rlmenge <rachelmenge@microsoft.com>
Date: Tue Apr 13 19:22:12 2021 -0400
Nettle: Update to 3.7.2 for CVE-2021-20305 (#852)
commit 7778033a5f
Merge: 4859da4e22586159
Author: Thomas Crain <thcrain@microsoft.com>
Date: Tue Apr 13 16:24:37 2021 -0500
Merge branch 'dev' into thcrain/pain
commit 4859da4e1b
Merge: eae5b4007277504b
Author: Thomas Crain <thcrain@microsoft.com>
Date: Tue Apr 13 15:40:16 2021 -0500
Merge branch '1.0' into thcrain/pain (March Update)
commit 3ee7b49650
Author: Pawel Winogrodzki <pawelwi@microsoft.com>
Date: Mon Apr 12 14:57:06 2021 -0700
Fixing azure-iotedge.spec `BuildRequires` typo from '==' to '='. (#844)
commit f35dcd9451
Author: Nicolas Ontiveros <54044510+niontive@users.noreply.github.com>
Date: Mon Apr 12 14:32:54 2021 -0700
Update openvswitch signatures file to version 2.12.3 (#848)
commit 26d5c16802
Author: Christopher Co <35273088+christopherco@users.noreply.github.com>
Date: Mon Apr 12 12:38:14 2021 -0700
kernel: update to 5.10.28.1 (#846)
Update the kernel to 5.10.28.1.
- 5.10.28.1 addresses the following CVEs:
CVE-2020-27170, CVE-2020-27171, CVE-2021-28375, CVE-2021-28660,
CVE-2021-28950, CVE-2021-28951, CVE-2021-28952, CVE-2021-28971,
CVE-2021-28972, CVE-2021-29266, CVE-2021-28964, CVE-2020-35508,
CVE-2020-16120, CVE-2021-29264, CVE-2021-29265, CVE-2021-29646,
CVE-2021-29647, CVE-2021-29649, CVE-2021-29650, CVE-2021-30002
- update uname_r define
It is generally expected that users can run "dnf install
kernel-devel-$(uname -r)" to pull the proper kernel-devel package
associated with the currently running kernel. Currently "uname -r"
returns something like "5.10.28.1-rolling-lts-mariner-1.cm1". RPM
package naming has the following convention:
[name]-[version]-[release].[arch].rpm
where [version] and [release] cannot contain any dash characters.
Therefore it is impossible to name a corresponding kernel-devel RPM
to match kernel-devel-$(uname -r).
In 5.10.28.1, we changed the kernel Makefile's EXTRAVERSION value from
"EXTRAVERSION=.1-rolling-lts-mariner" to "EXTRAVERSION=.1", dropping
the extra "rolling-lts-mariner" from the uname. This allows the
"dnf install kernel-devel-$(uname -r)" to work as intended.
Signed-off-by: Chris Co <chrco@microsoft.com>
commit 679c6cf331
Author: chalamalasetty <42326515+chalamalasetty@users.noreply.github.com>
Date: Fri Apr 9 17:21:49 2021 -0700
Add CVE-2021-3470 for redis and CVE-2021-30004 for wpa_supplicant (#845)
commit ae0ff9b67a
Author: Nicolas Ontiveros <54044510+niontive@users.noreply.github.com>
Date: Fri Apr 9 12:37:45 2021 -0700
Upgrade openvswitch to 2.12.3 (#830)
commit 199e30ef60
Author: Nicolas Ontiveros <54044510+niontive@users.noreply.github.com>
Date: Fri Apr 9 12:35:19 2021 -0700
Upgrade mariadb to 10.3.28 (#832)
commit c01853748d
Author: Nicolas Ontiveros <54044510+niontive@users.noreply.github.com>
Date: Fri Apr 9 12:28:45 2021 -0700
Update cairo to 1.17.4 (#833)
commit 83e746603e
Author: Neha Agarwal <58672330+neha170@users.noreply.github.com>
Date: Thu Apr 8 13:06:31 2021 -0700
Fix CVE-2021-3392 and CVE-2021-3409 in Qemu (#842)
commit 7ee27c7d92
Author: chalamalasetty <42326515+chalamalasetty@users.noreply.github.com>
Date: Wed Apr 7 22:16:59 2021 -0700
Update git version to 2.23.4 for CVE-2021-21300 (#840)
commit 44aa302edf
Author: Pawel Winogrodzki <pawelwi@microsoft.com>
Date: Wed Apr 7 18:36:26 2021 -0700
Fixing parsing toolchain and worker chroot manifests (#843)
commit 7277504b91
Merge: ee38a79cf1964ff2
Author: jslobodzian <joslobo@microsoft.com>
Date: Tue Apr 6 20:42:34 2021 -0700
Merge pull request #824 from anphel31/anphel/community-build-source-url-1.0
update community instructions (1.0 branch)
commit 4f7dd4480d
Merge: c5323ed41a3790d2
Author: jslobodzian <joslobo@microsoft.com>
Date: Tue Apr 6 20:41:53 2021 -0700
Merge pull request #821 from anphel31/anphel/community-build-source-url
update community instructions
commit eae5b4006f
Merge: fb6e6f6d2f96fa40
Author: Thomas Crain <thcrain@microsoft.com>
Date: Tue Apr 6 22:39:22 2021 -0500
Merge branch '1.0' into thcrain/ever-given
commit c5323ed418
Author: rlmenge <rachelmenge@microsoft.com>
Date: Tue Apr 6 09:56:59 2021 -0400
Configure /proc with hidepid by default and add doPseudoFsMount to addEntryToFstab (#797)
* Add hidepid config option
* Fix go formatting error
* Add recommended changes
* Expand documentation to reference potential problems with /proc in postinstall scripts
commit 75dfb7dae8
Author: Christopher Co <35273088+christopherco@users.noreply.github.com>
Date: Mon Apr 5 16:05:55 2021 -0700
shim-unsigned: update to shim-15.4 release (#819)
In preparation for supporting UEFI Secure Boot, update shim to shim-15.4 release. This release incorporates all the latest fixes and implements the generation-based revocation scheme, also known as Secure Boot Advanced Targeting (SBAT).
- Update to shim-15.4 release. Remove all previous patches. They are incorporated in latest shim-15.4 release
- Update embedded cert
- Add Mariner SBAT version data
Signed-off-by: Chris Co <chrco@microsoft.com>
commit e426e26cb2
Author: CBL-Mariner-Bot <75509084+CBL-Mariner-Bot@users.noreply.github.com>
Date: Mon Apr 5 15:41:50 2021 -0700
Automatic update of the `tzdata` package. (#835)
* Automatic package update.
* Updated parsed zone info to match the source.
Co-authored-by: Pawel Winogrodzki <pawelwi@microsoft.com>
commit 783a6b540e
Author: CBL-Mariner-Bot <75509084+CBL-Mariner-Bot@users.noreply.github.com>
Date: Mon Apr 5 15:36:26 2021 -0700
Automatic package update. (#836)
commit 8265b13074
Author: Dan Mihai <Daniel.Mihai@microsoft.com>
Date: Fri Apr 2 19:27:18 2021 -0700
Enable kernel crypto config options (#831)
Enable NIST SP800-90A kernel DRBG config options:
CONFIG_CRYPTO_DRBG_HASH
CONFIG_CRYPTO_DRBG_CTR
commit 5ded532076
Author: rlmenge <rachelmenge@microsoft.com>
Date: Fri Apr 2 21:57:16 2021 -0400
Add nopatches for tooling (#834)
commit e1ea8ea060
Author: Christopher Co <35273088+christopherco@users.noreply.github.com>
Date: Fri Apr 2 15:58:27 2021 -0700
grub2: Add a few more patches (#809)
Add a few more F34 patches that are useful to carry.
Patches:
- 017: fix for passing the kernel command line
- 037, 052: updates the documentation and makes patch 166 apply cleanly
- 069: Fix for tsc problem
- 166: Prevent user from overwriting signed grub EFI binary when using
grub2-install
Signed-off-by: Chris Co <chrco@microsoft.com>
commit 3a4412a381
Author: Nicolas Ontiveros <54044510+niontive@users.noreply.github.com>
Date: Thu Apr 1 17:02:37 2021 -0700
Patch CVE-2021-20271 and CVE-2021-3421 in RPM (#829)
* Patch CVE-2021-20271 and CVE-2021-3421 in RPM
* Update pkggen and toolchain txt files
* address spec linting
commit 8d674f012e
Author: Neha Agarwal <58672330+neha170@users.noreply.github.com>
Date: Thu Apr 1 14:25:19 2021 -0700
Patch CVE-2021-3416 and add tests to qemu-kvm (#822)
* Patch CVE-2021-3416 and add tests to qemu-kvm
* Add exit 1, remove redundant variable
commit 5b3ec77306
Author: Nicolas Ontiveros <54044510+niontive@users.noreply.github.com>
Date: Wed Mar 31 19:04:36 2021 -0700
Update curl to 7.76 (#823)
* Update curl to 7.76
* Addresse spec linting
commit f1964ff28a
Author: Andrew Phelps <anphel@microsoft.com>
Date: Wed Mar 31 18:53:10 2021 -0700
update instructions
commit a3d546d9b7
Merge: 464e20c4ee38a79c
Author: Andrew Phelps <anphel@microsoft.com>
Date: Wed Mar 31 18:51:39 2021 -0700
Merge remote-tracking branch 'upstream/1.0' into 1.0
commit 1a3790d24c
Author: Andrew Phelps <anphel@microsoft.com>
Date: Wed Mar 31 18:15:03 2021 -0700
update per pr feedback
commit 77ce0024b0
Merge: 840b3050f4606ada
Author: Nick Samson <nick.samson@microsoft.com>
Date: Wed Mar 31 16:57:38 2021 -0700
Merge pull request #820 from microsoft/nisamson/CVE-2020-27618-fix-build
CVE-2020-27618 patch fixed to enable glibc build
commit ccd60d6b91
Author: Andrew Phelps <anphel@microsoft.com>
Date: Wed Mar 31 16:30:06 2021 -0700
update community instructions
commit f4606adad1
Author: Nick Samson <nick.samson@microsoft.com>
Date: Wed Mar 31 20:15:48 2021 +0000
CVE-2020-27618 patch fixed to enable glibc build
commit 840b30503e
Author: Christopher Co <35273088+christopherco@users.noreply.github.com>
Date: Wed Mar 31 13:15:46 2021 -0700
installkernel: Add custom installkernel package (#816)
Add a custom installkernel script to easily install the Linux kernel
onto a running Mariner system. This script will get called automatically
by the Linux kernel's "make install" command.
Signed-off-by: Chris Co <chrco@microsoft.com>
commit 840719ca1e
Author: Nicolas Ontiveros <54044510+niontive@users.noreply.github.com>
Date: Wed Mar 31 13:11:45 2021 -0700
Upgrade OpenSSL to 1.1.1k (#812)
* Update openssl to version 1.1.1k
* Update pkggen and toolchain txt files
* Update cgmanifest
commit ee38a79ca8
Merge: 2f96fa4052d51f7c
Author: jslobodzian <joslobo@microsoft.com>
Date: Tue Mar 30 20:59:56 2021 -0700
Merge pull request #817 from microsoft/joslobo/march-update-merge
Merge 1.0-dev to 1.0 for March Update
commit 52d51f7c0a
Author: Jon Slobodzian <joslobo@microsoft.com>
Date: Tue Mar 30 20:57:40 2021 -0700
Update release version for March update
commit 1a3281d2a1
Merge: 426c47ebfd796da4
Author: Jon Slobodzian <joslobo@microsoft.com>
Date: Tue Mar 30 19:28:34 2021 -0700
Merge 1.0-dev to 1.0 for March Update
commit 426c47eb13
Author: Jon Slobodzian <joslobo@microsoft.com>
Date: Tue Mar 30 19:16:18 2021 -0700
Revert "Remove ntopng (#689)"
This reverts commit 27b2a5ba92.
commit 8ab1aa022c
Author: Jon Slobodzian <joslobo@microsoft.com>
Date: Tue Mar 30 19:14:46 2021 -0700
Revert "Back out the 5.10.13.1 kernel test, to restore the 5.4 kernel and clear the way for the openssl cve fix."
This reverts commit 015bebe1a2.
commit 528443704a
Author: Jon Slobodzian <joslobo@microsoft.com>
Date: Tue Mar 30 19:13:37 2021 -0700
Revert "Restore the 5.4 kernel settings from the February release. We want to Disable RANDSTRUCT and enable SMARTPQI."
This reverts commit d1b029b56f.
commit dd4859cfac
Merge: 8d5c63da8c829411
Author: Nick Samson <nick.samson@microsoft.com>
Date: Tue Mar 30 13:57:07 2021 -0700
Merge pull request #775 from microsoft/nisamson/CVE-2020-27618
Fix CVE-2020-27618 for glibc
commit 8c82941113
Merge: d31496ab8d5c63da
Author: Nick Samson <nick.samson@microsoft.com>
Date: Tue Mar 30 13:56:31 2021 -0700
Merge branch '1.0-dev' into nisamson/CVE-2020-27618
commit 8d5c63da84
Author: Nicolas Ontiveros <54044510+niontive@users.noreply.github.com>
Date: Tue Mar 30 07:29:28 2021 -0700
Patch CVE-2021-28153 (#811)
* Patch CVE-2021-28153
* Update pkggen and toolchain txt files
commit 145da388cd
Author: CBL-Mariner-Bot <75509084+CBL-Mariner-Bot@users.noreply.github.com>
Date: Mon Mar 29 15:34:52 2021 -0700
Automatic package update. (#806)
commit fd796da401
Author: Christopher Co <35273088+christopherco@users.noreply.github.com>
Date: Mon Mar 29 14:16:27 2021 -0700
diskutils: add more robust handling of disk/partition operations (#805)
This change has two parts:
diskutils: always flock disk/partition operations
Parted can't be trusted to fully complete all disk operations by
the time it returns control. So add flock to every disk or partition
operation.
Also add a flock partprobe -s command after parted commands but before
any other non-parted command could run.
diskutils: add retry logic
Partition creation and dynamic /dev file generation are still racing and all
the "fixes" that supposedly prevent these timing issues are just not
sufficient to fully solve the problem. So add retry logic to deal with
this problem. Not ideal but also not worth wasting any more cycles on this.
Signed-off-by: Chris Co chrco@microsoft.com
commit 6e244270ff
Author: Pawel Winogrodzki <pawelwi@microsoft.com>
Date: Mon Mar 29 13:23:41 2021 -0700
Cleaning SRPM expansion and chroot creation console output (#765)
* Limiting toolkit output.
* Shortening file paths.
* Making toolchain download logs shorter.
* Logging more details for SRPMs extraction.
commit aab304ca58
Author: Thomas Crain <thcrain@microsoft.com>
Date: Mon Mar 29 09:25:50 2021 -0700
Update PR template with new files (#807)
commit e7758f8a1e
Author: Thomas Crain <thcrain@microsoft.com>
Date: Mon Mar 29 09:25:25 2021 -0700
Remove shortcuts from ISO installer views (#808)
commit 1d0a641fcb
Author: Andrew Phelps <anphel31@users.noreply.github.com>
Date: Sat Mar 27 22:19:24 2021 -0700
remove toolchain-jdk8-md5sums (#792)
commit 6712181977
Author: Pawel Winogrodzki <pawelwi@microsoft.com>
Date: Fri Mar 26 17:49:00 2021 -0700
Fixing older toolkit builds. Ignoring 'BuildRequires' on pre-installed packages. (#803)
Co-authored-by: Henry Beberman <henry.beberman@microsoft.com>
commit 47c29a2588
Merge: 760eb4760354e52c
Author: jslobodzian <joslobo@microsoft.com>
Date: Fri Mar 26 17:45:02 2021 -0700
Merge pull request #804 from microsoft/mamalisz/accessibility
Change dropdown menus to accessible input fields
commit 0354e52c0e
Author: Mateusz Malisz <maliszmat@outlook.com>
Date: Fri Mar 26 17:34:58 2021 -0700
Remove reset functions
commit 1989d61e5b
Author: Mateusz Malisz <maliszmat@outlook.com>
Date: Fri Mar 26 16:07:39 2021 -0700
Silence extraction of toolchain RPMs
commit 760eb4762a
Author: Henry Beberman <henry.beberman@microsoft.com>
Date: Fri Mar 26 16:22:26 2021 -0700
busybox patch CVE-2021-28831 (#800)
commit f1a520d43d
Author: Henry Beberman <henry.beberman@microsoft.com>
Date: Fri Mar 26 16:22:00 2021 -0700
python-pygments patch CVE-2021-20270 (#799)
commit fc362543fe
Author: Neha Agarwal <58672330+neha170@users.noreply.github.com>
Date: Fri Mar 26 16:18:17 2021 -0700
Make grpc use system zlib and openssl (#802)
Co-authored-by: Henry Beberman <henry.beberman@microsoft.com>
commit 2f361d3268
Author: Mateusz Malisz <maliszmat@outlook.com>
Date: Fri Mar 26 15:34:39 2021 -0700
Modify input fields to work with enums
commit 7f6819f1dc
Author: Christopher Co <35273088+christopherco@users.noreply.github.com>
Date: Thu Mar 25 15:06:01 2021 -0700
grub2: Update to 2.06-rc1 (#781)
Update grub2 from 2.02 to 2.06-rc1 which handles BootHole v2. Additionally, we
drop all previous patches and rebaseline using a minimal number of patches
from FC34. These patches implement Secure Boot Handover protocol (needed
so the TPM Eventlog can be exposed to the kernel for TPM attestation scenarios)
and a few other nice-to-have fixes.
2.06 also introduces a new generation number based revocation mechanism known
as Secure Boot Advanced Targeting (SBAT) into the grub EFI binary. Components
that utilize the SHIM for secure boot will add an .sbat field into their binary's
PE-header, allowing the SHIM to check the component's sbat field against known
good component versions and allow for version-based revocation.
Signed-off-by: Chris Co <chrco@microsoft.com>
commit 2f96fa4037
Merge: 6100c7ddaf277463
Author: jslobodzian <joslobo@microsoft.com>
Date: Thu Mar 25 14:13:51 2021 -0700
Merge pull request #796 from microsoft/joslobo/pull-openssl
Fix OpenSSL CVE-2021-3449 and CVE-2021-3450
commit af27746363
Author: Henry Beberman <henry.beberman@microsoft.com>
Date: Thu Mar 25 12:05:55 2021 -0700
openssl patch CVE-2021-3449, CVE-2021-3450 (#794)
commit 516207ee6b
Author: Nicolas Ontiveros <54044510+niontive@users.noreply.github.com>
Date: Fri Mar 19 12:13:20 2021 -0700
Fix Bugs in OpenSSL SP800-56a Rev3 Patch (#768)
commit daefedb645
Author: Nicolas Ontiveros <54044510+niontive@users.noreply.github.com>
Date: Mon Mar 15 10:15:20 2021 -0700
Add sp800-56a rev3 compliance to OpenSSL (#735)
commit 6100c7ddd1
Merge: cef3d6ddd1b029b5
Author: jslobodzian <joslobo@microsoft.com>
Date: Thu Mar 25 13:06:20 2021 -0700
Merge pull request #795 from microsoft/joslobo/backoutchanges
Joslobo/backoutchanges
commit d1b029b56f
Author: Jon Slobodzian <joslobo@microsoft.com>
Date: Thu Mar 25 13:01:30 2021 -0700
Restore the 5.4 kernel settings from the February release. We want to Disable RANDSTRUCT and enable SMARTPQI.
Revert "Revert "Disable CONFIG_GCC_PLUGIN_RANDSTRUCT and enable CONFIG_SCSI_SMARTPQI (#661)""
This reverts commit 89411a15db.
commit 015bebe1a2
Author: Jon Slobodzian <joslobo@microsoft.com>
Date: Thu Mar 25 12:56:59 2021 -0700
Back out the 5.10.13.1 kernel test, to restore the 5.4 kernel and clear the way for the openssl cve fix.
Revert "Revert "Revert "Update kernel source to 5.10.13.1 (#601)" (#660)""
This reverts commit fd81391933.
commit b93ec23892
Author: Henry Beberman <henry.beberman@microsoft.com>
Date: Thu Mar 25 12:08:42 2021 -0700
python-pygments patch CVE-2021-27291 (#787)
commit 5512b2e2bb
Author: Henry Beberman <henry.beberman@microsoft.com>
Date: Thu Mar 25 12:08:16 2021 -0700
subversion patch CVE-2020-17525 (#789)
commit da852dc89b
Author: Henry Beberman <henry.beberman@microsoft.com>
Date: Thu Mar 25 12:05:55 2021 -0700
openssl patch CVE-2021-3449, CVE-2021-3450 (#794)
commit bd6df2caf6
Author: Andrew Phelps <anphel31@users.noreply.github.com>
Date: Thu Mar 25 10:24:25 2021 -0700
update workflows to use golang 1.15 (#791)
commit e5c1ee74ef
Author: Thomas Crain <thcrain@microsoft.com>
Date: Wed Mar 24 16:46:25 2021 -0700
Add GitHub Action for LICENSE-MAP.md checking (#766)
commit cc924b0466
Author: Christopher Co <35273088+christopherco@users.noreply.github.com>
Date: Wed Mar 24 11:57:54 2021 -0700
kernel: Address CVEs and enable CONFIG_FANOTIFY_ACCESS_PERMISSIONS (#779)
This PR has two changes:
Address kernel CVEs, fix kernel-signed file copy
Address CVE-2021-27365, CVE-2021-27364, CVE-2021-27363
kernel-signed %install step was not copying hidden files to the
buildroot directory (i.e., /boot/.vmlinuz-<uname_r>.hmac). So fix
the copy step.
Enable CONFIG_FANOTIFY_ACCESS_PERMISSIONS
This allows security products to block access to malicious files in real-time
Signed-off-by: Chris Co chrco@microsoft.com
commit 9879f4c92a
Author: Neha Agarwal <58672330+neha170@users.noreply.github.com>
Date: Wed Mar 24 10:36:29 2021 -0700
Add patch to qemu-kvm to fix CVE-2021-20255 (#782)
* Add patch to fix CVE-2021-20255
* Fix date
commit 225fb4a1dc
Author: Mateusz Malisz <maliszmat@outlook.com>
Date: Wed Mar 24 06:45:12 2021 -0700
Add nopatch for redis CVE-2021-21309 (#734)
commit cef3d6dd65
Author: jslobodzian <joslobo@microsoft.com>
Date: Sun Mar 21 19:34:06 2021 -0700
Patch CVE-2020-35521, CVE-2020-35522, CVE-2020-35523, CVE-2020-35524 (#773)
commit f17311f940
Author: Mateusz Malisz <maliszmat@outlook.com>
Date: Tue Mar 23 01:17:16 2021 -0700
Fix CVE-2021-20231 and CVE_2021-20232 (#774)
* Patch gnutls CVE-2021-20231
* Patch CVE-2021-20232
commit b2b6022623
Author: Henry Beberman <henry.beberman@microsoft.com>
Date: Mon Mar 22 16:38:37 2021 -0700
Update default sshd_config to match other distros (#746)
Update default sshd_config to match other distros
commit 4384c45149
Author: Christopher Co <35273088+christopherco@users.noreply.github.com>
Date: Mon Mar 22 16:38:03 2021 -0700
add bios-grub partition flag (#764)
When we released the initial tools, "bios-grub" was a valid partition
Flag in the image configuration JSON. At some point, it got dropped
in favor of "bios_grub". However calamares GUI ISO installer produces
config files with the original "bios-grub" flag. So this change
restores the "bios-grub" flag as a legacy option. We still prefer
users to use "bios_grub" going forward.
Signed-off-by: Chris Co <chrco@microsoft.com>
commit d31496abdd
Author: Nick Samson <nisamson@microsoft.com>
Date: Mon Mar 22 21:23:09 2021 +0000
Patched CVE-2020-27618 in glibc
commit ab6436ae86
Author: Neha Agarwal <58672330+neha170@users.noreply.github.com>
Date: Mon Mar 22 10:31:28 2021 -0700
Add patch to qemu-kvm to fix CVE-2021-20203 (#770)
* add patch to resolve CVE-2021-20203 in qemu-kvm
* add patch command, change log
* change Release
commit 2335fa128b
Author: Andrew Phelps <anphel31@users.noreply.github.com>
Date: Mon Mar 22 10:27:03 2021 -0700
update srpmpacker (#757)
commit 11698ae9f4
Author: rlmenge <rachelmenge@microsoft.com>
Date: Mon Mar 22 11:45:51 2021 -0400
Iptables: Add ssh brute force protection rules (#741)
* Add iptables rules to prevent over 6 ssh connection attempts within a minute
* Verify license
commit 9a99bef704
Author: jslobodzian <joslobo@microsoft.com>
Date: Sun Mar 21 19:34:06 2021 -0700
Patch CVE-2020-35521, CVE-2020-35522, CVE-2020-35523, CVE-2020-35524 (#773)
commit a07a2b62a6
Merge: fcf3924b59e62fde
Author: Nick Samson <nick.samson@microsoft.com>
Date: Fri Mar 19 21:53:36 2021 -0700
Merge pull request #755 from microsoft/nisamson/CVE-2020-8277-1.0
Fix CVE-2020-8277 in c-ares with version upgrade
commit fcf3924bae
Author: Neha Agarwal <58672330+neha170@users.noreply.github.com>
Date: Fri Mar 19 17:12:17 2021 -0700
Add grpc to mariner (#751)
* add grpc to mariner
* fix SPEC file using spec-cleaner, incorporate comments
* incorporated comments
* Incorporate comments
commit 3e60a4e063
Author: Nicolas Ontiveros <54044510+niontive@users.noreply.github.com>
Date: Fri Mar 19 12:13:20 2021 -0700
Fix Bugs in OpenSSL SP800-56a Rev3 Patch (#768)
commit 8870918cb8
Author: CBL-Mariner-Bot <75509084+CBL-Mariner-Bot@users.noreply.github.com>
Date: Thu Mar 18 20:12:29 2021 -0700
Automatic package update. (#762)
commit 44d226165e
Author: Christopher Co <35273088+christopherco@users.noreply.github.com>
Date: Thu Mar 18 11:32:51 2021 -0700
diskutils: Add partprobe after partition creation (#725)
* diskutils: Add partprobe after partition creation
There can be a timing issue where partition creation finishes but the
devtmpfs files are not populated in time for partition initialization.
So to deal with this, we call partprobe here to query and flush the
partition table information, which should enforce that the devtmpfs
files are created when partprobe returns control.
* diskutils: invoke partprobe with flock
Added flock because "partprobe -s" apparently doesn't always block.
flock is part of the util-linux package and helps to synchronize access
with other cooperating processes. The important part is it will block
if the fd is busy, and then execute the command. Adding a 5 second timeout
to prevent us from possibly waiting forever.
* diskutils: Update timeout variable name
* diskutils: clarify debug log message
* Add parted to documentation and quickstart runner
Signed-off-by: Chris Co <chrco@microsoft.com>
commit 8205caf3d2
Author: Pawel Winogrodzki <pawelwi@microsoft.com>
Date: Wed Mar 17 22:12:23 2021 -0700
Unifying `coredns` specs for the sake of automation. (#758)
commit eb68091b5e
Author: Nicolas Ontiveros <54044510+niontive@users.noreply.github.com>
Date: Wed Mar 17 16:01:50 2021 -0700
Disable QAT kernel configs (#759)
commit 464e20c49f
Merge: 9080fa1cfd813919
Author: Andrew Phelps <anphel@microsoft.com>
Date: Tue Mar 16 18:19:32 2021 -0700
Merge remote-tracking branch 'upstream/1.0' into 1.0
commit 59e62fde88
Author: Nick Samson <nisamson@microsoft.com>
Date: Tue Mar 16 16:26:06 2021 -0700
Applied linter diff to c-ares.spec
commit e1b8733021
Author: Nick Samson <nisamson@microsoft.com>
Date: Tue Mar 16 16:16:01 2021 -0700
Updated cgmanifest for c-ares upgrade
commit 0c0b7d0e41
Author: Nick Samson <nisamson@microsoft.com>
Date: Tue Mar 16 11:21:09 2021 -0700
Upgraded c-ares to 1.17.1 to address CVE
commit 79b9b3e4c5
Author: Nick Samson <nisamson@microsoft.com>
Date: Mon Mar 15 17:38:21 2021 -0700
Patched CVE-2020-8277 in c-ares
commit 55e42f31c8
Author: Christopher Co <35273088+christopherco@users.noreply.github.com>
Date: Tue Mar 16 11:06:33 2021 -0700
systemd: disallow unprivileged BPFs (#743)
Additional mitigation step for CVE-2021-20194. Our kernels are typically
hardened with CONFIG_HARDENED_USERCOPY=y so we are not exposed to this
vulnerability specifically. But if this ends up not being the case in
the future, we have this mitigation enabled as well.
Signed-off-by: Chris Co <chrco@microsoft.com>
commit 56063ad3ba
Author: Christopher Co <35273088+christopherco@users.noreply.github.com>
Date: Tue Mar 16 11:05:42 2021 -0700
kernel: Update to 5.10.21.1 and add virtio drivers to initrd (#742)
* initial update kernel to 5.10.21.1
* add new CONFIG_KCMP
CONFIG_KCMP was introduced between our last kernel version and
this one. CONFIG_KCMP is selected (=y) by CONFIG_DRM and
CONFIG_CHECKPOINT_RESTORE
* Add virtio drivers to be added into initrd
Adding these drivers into the initrd allows us to boot offline-created
images on virtio-based machines (i.e., cloud-hypervisor VMs)
* kernel: Address CVEs
"Nopatch" the following CVEs. They are fixed in 5.10.21.1
- CVE-2021-26930
- CVE-2020-35499
- CVE-2021-26931
- CVE-2021-26932
* Remove CONFIG_USB_LGM_PHY from aarch64 config
New kernel version only exposes this config if building for X86.
Signed-off-by: Chris Co <chrco@microsoft.com>
commit 559634161c
Author: Andrew Phelps <anphel31@users.noreply.github.com>
Date: Mon Mar 15 23:09:14 2021 -0700
fix perl-Crypt-SSLeay test (#750)
commit bcb2959124
Author: Christopher Co <35273088+christopherco@users.noreply.github.com>
Date: Mon Mar 15 17:47:43 2021 -0700
installutils: only return grub2-pc on amd64 install (#749)
* installutils: only return grub2-pc on amd64 install
grub2-pc package is only available for x86_64 systems so if the tools
attempt to use it on arm64 image builds, the build will fail.
This fix checks the current architecture and only includes grub2-pc if
running on an x86_64 machine.
* installutils: add test package and basic arch test
* installutils: Fix empty required package return
If no required packages are present, always return a slice
with no elements instead of a nil pointer.
Signed-off-by: Chris Co <chrco@microsoft.com>
commit 3de10b0f28
Author: Henry Beberman <henry.beberman@microsoft.com>
Date: Mon Mar 15 12:52:26 2021 -0700
Update cloud-utils-growpart to 0.32 to fix kver parsing (#747)
commit 9e8da9c7e6
Author: rlmenge <rachelmenge@microsoft.com>
Date: Mon Mar 15 13:50:27 2021 -0400
Add partscan flag (#730)
commit 0370897f73
Author: Nicolas Ontiveros <54044510+niontive@users.noreply.github.com>
Date: Mon Mar 15 10:15:20 2021 -0700
Add sp800-56a rev3 compliance to OpenSSL (#735)
commit fd81391933
Author: Jon Slobodzian <joslobo@microsoft.com>
Date: Sat Mar 13 10:33:37 2021 -0800
Revert "Revert "Update kernel source to 5.10.13.1 (#601)" (#660)"
This reverts commit c96079399a.
commit 89411a15db
Author: Jon Slobodzian <joslobo@microsoft.com>
Date: Sat Mar 13 10:31:32 2021 -0800
Revert "Disable CONFIG_GCC_PLUGIN_RANDSTRUCT and enable CONFIG_SCSI_SMARTPQI (#661)"
This reverts commit bdf678ddf6.
commit 91a43007fd
Author: Andrew Phelps <anphel31@users.noreply.github.com>
Date: Fri Mar 12 17:29:31 2021 -0800
Modify SRPMPacker tool to use system cert pool (#739)
* use SystemCertPool()
* update documentation
* log error
commit e3d9a78e81
Author: CBL-Mariner-Bot <75509084+CBL-Mariner-Bot@users.noreply.github.com>
Date: Thu Mar 11 20:48:22 2021 -0800
Updating Microsoft trusted root CAs. (#736)
commit 99281a23bf
Author: Pawel Winogrodzki <pawelwi@microsoft.com>
Date: Thu Mar 11 18:43:17 2021 -0800
Updating 'openssh' to 8.5p1 to fix CVE-2021-28041. (#737) (#738)
* Updating 'openssh' to 8.5p1.
* Removing regressions test fixes - already part of new version.
* Enabling running more tests.
commit 3ce5ee3dbb
Author: chalamalasetty <42326515+chalamalasetty@users.noreply.github.com>
Date: Thu Mar 11 17:27:56 2021 -0800
Reduce disk footprint in Mariner Core images (#723)
* Reduce disk footprint in Mariner Core images
* Fix lint issues in core-packages spec file
* Fix lint issues in core-packages spec file
* Reduce disk footprint in Mariner Core images
* Reduce disk footprint in Mariner Core images
* Reduce disk footprint in Mariner Core images
* Refactor legacy bootloader install handling (#731)
Currently the tools make the assumption that grub2-pc is part of the
installroot (i.e., part of the final image). Unfortunately this
assumption also bloats our final image size by 100+ MB with
grub tools we do not need.
So this change refactors how legacy bootloaders get installed.
First, always include the grub2-pc package as part of the
setupchroot so they are available in the installation environment
but not in the final image.
Next, run the grub2-mkinstall command from the setupchroot
environment instead of the installroot environment, but target
the install directories to paths inside the installroot.
Finally, enlighten the imagepkgfetcher to always fetch the
grub2-pc package so it is always available.
* remove custom grub2-pc json files and scripts
These files are no longer needed with the tooling changes present
* installutils: clarify grub2-install arg
* imager: only do one tdnf install for setup chroot
Combines required tooling packages and dm-verity
packages (if necessary) into a single list and
installs it.
Signed-off-by: Chris Co <chrco@microsoft.com>
Co-authored-by: Christopher Co <35273088+christopherco@users.noreply.github.com>
commit 3281e16bfd
Author: Pawel Winogrodzki <pawelwi@microsoft.com>
Date: Thu Mar 11 17:18:11 2021 -0800
Updating 'openssh' to 8.5p1 to fix CVE-2021-28041. (#737)
* Updating 'openssh' to 8.5p1.
* Removing regressions test fixes - already part of new version.
* Enabling running more tests.
commit 68739a884c
Author: Pawel Winogrodzki <pawelwi@microsoft.com>
Date: Thu Mar 11 12:37:44 2021 -0800
Adding retries to jdk8 tarballs downloads during toolchain builds (#719)
commit 4f61392183
Author: Christopher Co <35273088+christopherco@users.noreply.github.com>
Date: Wed Mar 10 18:04:23 2021 -0800
kernel: Enable kernel lockdown configs (#722)
* kernel: enable kernel lockdown lsm
* kernel-hyperv: enable kernel lockdown lsm
* kernel-signed: Use uname_r macro everywhere
There was a build break due to an incorrect name used
for vmlinuz in SOURCE1.
The new 5.10 kernel source introduced a new versioning
scheme when built. EXTRAVERSION will always contain
"-rolling-lts-mariner".
In kernel.spec, the vmlinuz we output has the name:
vmlinuz--rolling-lts-mariner-, which
is constructed using vmlinuz-%{uname_r}
So to fix, use vmlinuz-%{uname_r} in the kernel-signed
specs as well.
* add more lockdown configs
CONFIG_SECURITY_LOCKDOWN_LSM_EARLY=y enables the lockdown lsm
very early prior to the security subsystem's initialization.
Still subject to kernel boot parameters.
CONFIG_LOCK_DOWN_KERNEL_FORCE_NONE=y no lockdown functionality
enabled by default, but can be enabled via kernel commandline or
/sys/kernel/security/lockdown
General distros should set lockdown integrity mode, while special
purpose distros should set lockdown confidentiality mode. These
can be set in the kernel command line
Signed-off-by: Chris Co <chrco@microsoft.com>
commit 9eb6cebf7a
Author: rlmenge <rachelmenge@microsoft.com>
Date: Wed Mar 10 16:25:36 2021 -0500
installutils: Remove stale constant (#729)
* Remove the stale constant
* Remove additional unused constant
commit edd974de40
Author: Christopher Co <35273088+christopherco@users.noreply.github.com>
Date: Wed Mar 10 13:15:43 2021 -0800
file: add append data to debug output (#728)
Print out the data being appended by file.Append() into
the debug log. This is useful for debugging some of the image
generation flows like /etc/fstab update.
Signed-off-by: Chris Co <chrco@microsoft.com>
commit 3043b04561
Author: Henry Beberman <henry.beberman@microsoft.com>
Date: Mon Mar 8 16:31:36 2021 -0800
Fix typo in prerequisites.md (#724)
commit ec550334ae
Author: Pawel Winogrodzki <pawelwi@microsoft.com>
Date: Mon Mar 8 15:46:14 2021 -0800
Improving toolchain download logs. (#718)
commit 1939a78b6d
Author: Thomas Crain <thcrain@microsoft.com>
Date: Mon Mar 8 14:42:20 2021 -0600
Update Python3 to 3.7.10, Backport CVE-2021-23336 patch to Python2 (#679)
commit 6985404f12
Author: Thomas Crain <thcrain@microsoft.com>
Date: Mon Mar 8 14:06:48 2021 -0600
Patch CVE-2021-0326, CVE-2021-27803 in wpa_supplicant (#720)
commit 0bd20333b8
Author: Christopher Co <35273088+christopherco@users.noreply.github.com>
Date: Mon Mar 8 10:35:36 2021 -0800
diskutils: refactor partition detection (#705)
Currently, there is an issue where if when we attempt to partition a
virtual disk (/dev/vd*), we make the incorrect choice to append the
"p#" suffix for the partition name, thus failing the partitioning.
Instead of making certain assumptions about the path prefix,
let's actually detect the partition file in /dev and use that
knowledge to inform the rest of the partition initialization
Signed-off-by: Chris Co <chrco@microsoft.com>
commit 9f8fe50893
Author: Christopher Co <35273088+christopherco@users.noreply.github.com>
Date: Mon Mar 8 10:35:00 2021 -0800
diskutils: add clearer error when no disk found (#716)
Our ISO installer, via diskutils, checks to see if there are valid disks
to install to before proceeding. If we boot the ISO on hardware where
the installer cannot find any disks, the installer panics with a very
cryptic error message:
PANI[0000] unexpected end of JSON input
This message leads people to believe that the error is with their
imageconfig JSON file, but in reality, the JSON referenced here is
from the output of our lsblk command. We use lsblk to see if the
system has any disks we can install to and we get this output in JSON
format. So in the case where no supported disk is found, we end up
feeding an empty JSON input into the json.Unmarshal() and we get
this panic message.
So add a check to make sure the output from lsblk isn't empty
before we feed it to the json.Unmarshal(). Now if no supported disks
are found, you should get the following error message:
ERRO[0000] no supported disks found
PANI[0000] no supported disks found
Signed-off-by: Chris Co <chrco@microsoft.com>
commit 20381f5cf2
Author: Thomas Crain <thcrain@microsoft.com>
Date: Mon Mar 8 12:05:32 2021 -0600
Fix failing test for espeak-ng (#717)
commit 6c67796397
Author: Thomas Crain <thcrain@microsoft.com>
Date: Fri Mar 5 23:31:00 2021 -0600
Nopatch CVE-2020-8032 in cyrus-sasl (#708)
* Nopatch CVE-2020-8032 in cyrus-sasl
* Address Pawel feedback
commit 1b6ef71f38
Author: Thomas Crain <thcrain@microsoft.com>
Date: Fri Mar 5 23:23:40 2021 -0600
Add patch for CVE-2021-27218, CVE-2021-27219 in glib (#715)
* Add patch for CVE-2021-27218, CVE-2021-27219 in glib
* Remove test that doesn't make sense in our version (g_memdup2 does not exist)
commit b52eb56c5c
Author: CBL-Mariner-Bot <75509084+CBL-Mariner-Bot@users.noreply.github.com>
Date: Fri Mar 5 18:21:49 2021 -0800
Updating Microsoft trusted root CAs. (#712)
Co-authored-by: CBL-Mariner Servicing Account <clbmargh@microsoft.com>
commit 194116e505
Author: Andrew Phelps <anphel31@users.noreply.github.com>
Date: Fri Mar 5 17:56:20 2021 -0800
Fix libpng random test failure (#713)
* fix libpng test failure
* fix linting error
commit f6750f45f0
Author: Thomas Crain <thcrain@microsoft.com>
Date: Fri Mar 5 15:24:19 2021 -0600
Upgrade libgcrypt to 1.8.7 to fix CVE-2019-13627 (#580)
commit d4d849e3c9
Author: chalamalasetty <42326515+chalamalasetty@users.noreply.github.com>
Date: Fri Mar 5 11:30:14 2021 -0800
Add Broadcom NetXtreme and msr driver moudule support to kernel (#707)
commit 695b51b9c0
Author: Nicolas Ontiveros <54044510+niontive@users.noreply.github.com>
Date: Thu Mar 4 14:04:51 2021 -0800
Enable FIPS mode for NSS (#690)
commit 32cbac6c2c
Author: Neha Agarwal <58672330+neha170@users.noreply.github.com>
Date: Thu Mar 4 15:35:05 2021 -0600
Update postgresql for CVE-2021-20229 & CVE-2021-3393 (#699)
commit bf4a6f36b1
Author: Daniel McIlvaney <damcilva@microsoft.com>
Date: Thu Mar 4 11:21:26 2021 -0800
Fix issue with multiple empty mount validation (#692)
commit 1833823700
Author: Thomas Crain <thcrain@microsoft.com>
Date: Thu Mar 4 12:38:03 2021 -0600
Improve text-to-speech experience in the ISO installer (#694)
* Explicitly add alsa packages to accessibility package list for ISO
* Optimize UI text for TTS
* Enable highlight tracking mode in speakup
* Remove progress percentage, add speech-enabled text to terminal installer option
commit 2f47bcc561
Author: Andrew Phelps <anphel31@users.noreply.github.com>
Date: Thu Mar 4 10:16:08 2021 -0800
Fix tests for gdb, libxml2, net-snmp, python-werkzeug, skip python-psutil tests (#703)
* fix libxml2 tests
* fix python-werkzeug tests
* fix net-snmp tests
* skip python-psutil test
* fix gdb tests
* update manifests
commit 70fe5c1754
Author: Christopher Co <35273088+christopherco@users.noreply.github.com>
Date: Thu Mar 4 09:55:25 2021 -0800
Add common utilities to ISO environment and Full SKU (#645)
* Add some debugging utilities to iso initrd
* Add test tools to Full ISO install
* alphabetize developer-packages list
Signed-off-by: Chris Co <chrco@microsoft.com>
commit c29740747d
Author: Thomas Crain <thcrain@microsoft.com>
Date: Wed Mar 3 19:18:12 2021 -0600
Fix Makefile nits (#698)
commit af41befcaf
Author: Andrew Phelps <anphel31@users.noreply.github.com>
Date: Wed Mar 3 16:38:59 2021 -0800
Fix check tests for apparmor, redis, python-pycurl, skip WALinuxAgent (#693)
* fix redis test issue
* fix apparmor tests
* skip WALinuxAgent tests
* fix python-pycurl test
* verify redis license
commit 27b2a5ba92
Author: jslobodzian <joslobo@microsoft.com>
Date: Tue Mar 2 18:01:48 2021 -0800
Remove ntopng (#689)
* Remove ntopng
* Also remove ntopng map and cgman
commit 9ee0a38a19
Author: Henry Li <69694695+henryli001@users.noreply.github.com>
Date: Tue Mar 2 13:47:55 2021 -0800
Update shadow-utils and td-agent (#683)
* update shadow-utils and td-agent
* fix linting
* update td-agent Requires
* fix more comments
Co-authored-by: Henry Li <lihl@microsoft.com>
commit 593a4beba4
Author: Andrew Phelps <anphel31@users.noreply.github.com>
Date: Mon Mar 1 16:26:39 2021 -0800
Fix tests for python-distro and python-requests (#677)
* fix python-distro tests
* fix python-requests
commit 5a9426aa21
Author: Thomas Crain <thcrain@microsoft.com>
Date: Mon Mar 1 15:33:53 2021 -0600
[Tools] Fix parsing of new lsblk JSON output format in diskutils (#653)
* Change blockDeviceInfo.Size to be a json.Number
* Add test to ensure json.Number is the correct choice for size parsing
commit 0f5072e286
Author: Andrew Phelps <anphel31@users.noreply.github.com>
Date: Mon Mar 1 10:26:59 2021 -0800
Update azure-iotedge to version 1.1.0 (#669)
* update azure-iotedge and rust
* update cgmanifest.json
* update rust BR version
* update libiothsm-std. use rust 1.47.0
* fix cgmanifest
* remove 1.50.0 specific changes
commit 44f672d00b
Author: nicolas guibourge <nicogbg@gmail.com>
Date: Mon Mar 1 10:12:19 2021 -0800
bind: fix CVE-2020-8625 (#675)
Co-authored-by: Nicolas Guibourge <nicolasg@microsoft.com>
commit 6eee32f12a
Author: Thomas Crain <thcrain@microsoft.com>
Date: Fri Feb 26 21:07:53 2021 -0600
Update ARM64 ISO config with new EULA paths (#674)
commit 06c9109803
Author: nicolas guibourge <nicogbg@gmail.com>
Date: Fri Feb 26 15:28:35 2021 -0800
openldap: fix CVE-2021-27212 (#670)
Co-authored-by: nicolasg@microsoft.com <nicolasg@microsoft.com>
commit 9dbfb02934
Author: Pawel Winogrodzki <pawelwi@microsoft.com>
Date: Fri Feb 26 14:43:44 2021 -0800
Fixing `ntopng` source URLs. (#673)
commit 8ff6d710da
Author: Thomas Crain <thcrain@microsoft.com>
Date: Thu Feb 25 19:22:48 2021 -0600
Add ability to change GUI installer EULA (#672)
commit c339e6fa6e
Author: Thomas Crain <thcrain@microsoft.com>
Date: Thu Feb 25 14:25:12 2021 -0600
Update signatures for espeakup and kernel, (#671)
commit 415af2d663
Author: Pawel Winogrodzki <pawelwi@microsoft.com>
Date: Thu Feb 25 12:00:06 2021 -0800
Updating 'update_manifests.sh' script to remove the UI repo (#667)
* Cleaning-up unnecessary Mariner UI repo.
* Script clean-up following SpellCheck VSCode extension's suggestions.
* Updating manifests after running the script.
commit cb6b3515ce
Author: Christopher Co <35273088+christopherco@users.noreply.github.com>
Date: Wed Feb 24 19:31:33 2021 -0800
linux-firmware: Add bnx2x and qed firmware, WHENCE, and license files (#646)
Signed-off-by: Chris Co <chrco@microsoft.com>
commit fbb71e839e
Author: Andrew Phelps <anphel31@users.noreply.github.com>
Date: Wed Feb 24 17:29:35 2021 -0800
Support kernel dumps using 5.10 kernel (#662)
* update crash and kexec-tools to support printk in 5.10 kernel
* update patch files with original commits
* fix cgmanifest crash version
* cleanup
commit 83e8aaa89a
Author: Thomas Crain <thcrain@microsoft.com>
Date: Wed Feb 24 18:51:15 2021 -0600
Tweak installer to meet accessibility standards (#668)
commit fe618fb04d
Author: Thomas Crain <thcrain@microsoft.com>
Date: Wed Feb 24 18:51:05 2021 -0600
Add text-to-speech packages to iso initrd (#665)
commit 2bbcb44f81
Author: Thomas Crain <thcrain@microsoft.com>
Date: Wed Feb 24 18:50:50 2021 -0600
Add text-to-speech packages for accessibility (#664)
commit 3c4c5f30f2
Author: Thomas Crain <thcrain@microsoft.com>
Date: Wed Feb 24 18:50:27 2021 -0600
Add speakup support to kernel (#655)
commit 2f2c835a50
Author: Emre Girgin <50592283+mrgirgin@users.noreply.github.com>
Date: Wed Feb 24 09:33:31 2021 -0800
Fix CVE-2020-35498 in openvswitch (#656)
* Fix CVE-2020-35498 in openvswitch
* Apply linter changes
Co-authored-by: Emre Girgin <mrgirgin@microsoft.com>
commit bdf678ddf6
Author: Christopher Co <35273088+christopherco@users.noreply.github.com>
Date: Tue Feb 23 21:28:28 2021 -0800
Disable CONFIG_GCC_PLUGIN_RANDSTRUCT and enable CONFIG_SCSI_SMARTPQI (#661)
* Remove RANDSTRUCT and add SCSI_SMARTPQI configs
There is an issue where CONFIG_GCC_PLUGIN_RANDSTRUCT causes our
vmcore files to be unparseable. Disable config for now.
Enable CONFIG_SCSI_SMARTPQI so Mariner works on platforms with
the smartpqi storage.
Signed-off-by: Chris Co <chrco@microsoft.com>
* Bump kernel release number
Signed-off-by: Chris Co <chrco@microsoft.com>
* Add CONFIG_DEBUG_INFO_BTF not set
New config option required to pass our config checker.
Signed-off-by: Chris Co <chrco@microsoft.com>
commit c96079399a
Author: jslobodzian <joslobo@microsoft.com>
Date: Tue Feb 23 18:55:06 2021 -0800
Revert "Update kernel source to 5.10.13.1 (#601)" (#660)
This reverts commit aae537bbbc.
commit 9c4b708fc9
Author: Andrew Phelps <anphel31@users.noreply.github.com>
Date: Tue Feb 23 16:36:56 2021 -0800
fix python-sqlalchemy test (#658)
commit 8e3f3aef60
Merge: d09656cd82bba640
Author: Jon Slobodzian <joslobo@microsoft.com>
Date: Mon Feb 22 19:40:02 2021 -0800
Merge branch '1.0-dev' into 1.0 for February update
commit 82bba640f4
Author: Mateusz Malisz <maliszmat@outlook.com>
Date: Mon Feb 22 18:54:30 2021 -0800
Update default sudo config (#648)
commit 3acc856d5e
Merge: 3235794f9b2534a1
Author: jslobodzian <joslobo@microsoft.com>
Date: Mon Feb 22 17:43:27 2021 -0800
Merge pull request #651 from microsoft/mariner-bot/update-release-version
Update for February release
commit 9b2534a123
Author: Jon Slobodzian <joslobo@microsoft.com>
Date: Mon Feb 22 17:37:09 2021 -0800
Update for February release
commit 3235794f29
Author: Christopher Co <35273088+christopherco@users.noreply.github.com>
Date: Mon Feb 22 11:46:40 2021 -0800
quickstart: update git clone to use https (#644)
Signed-off-by: Chris Co <chrco@microsoft.com>
commit 54e0fd9eaf
Author: Mateusz Malisz <maliszmat@outlook.com>
Date: Mon Feb 22 10:01:21 2021 -0800
Update manifests with missing packages (#647)
commit 977de376d3
Author: Mateusz Malisz <maliszmat@outlook.com>
Date: Fri Feb 19 18:26:42 2021 -0800
Add mariner extras repo (#243)
* Add mariner extras repo
* Add extras preview repo
* Bump version in manifests
commit aae537bbbc
Author: Christopher Co <35273088+christopherco@users.noreply.github.com>
Date: Fri Feb 19 17:48:41 2021 -0800
Update kernel source to 5.10.13.1 (#601)
Move to the new CBL-Mariner kernel source location and use the latest
5.10.13.1 version.
As part of the upgrade to 5.10.13.1, we can remove some out-of-tree
patches since these patches have been merged into upstream.
Additionally, we need to account for the new location of module.lds
for aarch64 builds. The aarch64 module.lds is no longer checked in
as part of the source tree. See this upstream commit for more details:
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=596b0474d3d9b1242eab713f84d8873f9887d980
Turn off CONFIG_GCC_PLUGIN_RANDSTRUCT protection. This struct
randomization is causing difficulty in parsing vmcore files.
Enable upstream smartpqi driver by default
Signed-off-by: Chris Co <chrco@microsoft.com>
commit 489118276a
Merge: c9692465172958fe
Author: jslobodzian <joslobo@microsoft.com>
Date: Thu Feb 18 21:15:50 2021 -0800
Merge pull request #640 from microsoft/joslobo/add-pointer-to-demo
Reference the CBL-MarinerDemo repository from Core Documentation
commit d09656cd53
Merge: 6dcbcb2acf2c8ebf
Author: jslobodzian <joslobo@microsoft.com>
Date: Thu Feb 18 09:03:30 2021 -0800
Merge pull request #641 from microsoft/mamalisz/cve-pick
Cherry-pick Fix CVE 2020-36242 (#634)
commit c96924659d
Author: Mateusz Malisz <maliszmat@outlook.com>
Date: Thu Feb 18 08:38:17 2021 -0800
Fix CVE 2020-36242 (#634)
* Update python-cryptography to 3.3.2
* Update python-cffi
* Update cgmanifest
* Remove old patch file
commit 172958feed
Merge: 58427f2f9382f384
Author: Jon Slobodzian <joslobo@microsoft.com>
Date: Thu Feb 18 08:11:39 2021 -0800
Merge branch '1.0-dev' into joslobo/add-pointer-to-demo
commit 58427f2fbb
Author: Jon Slobodzian <joslobo@microsoft.com>
Date: Thu Feb 18 07:59:06 2021 -0800
Add pointer to CBL-MarinerDemo repo through documentation
commit 9382f3845f
Author: Nicolas Ontiveros <54044510+niontive@users.noreply.github.com>
Date: Thu Feb 18 06:56:53 2021 -0800
Add kernel crypto configs to enable tcrypt in FIPS mode (#635)
commit 52badcdd8b
Merge: 84c823f77a698063
Author: jslobodzian <joslobo@microsoft.com>
Date: Wed Feb 17 18:26:27 2021 -0500
Merge pull request #614 from microsoft/thcrain/glibc-cve-2021-3326
Patch CVE-2021-3326 in glibc
commit 84c823f7c1
Author: Henry Beberman <henry.beberman@microsoft.com>
Date: Tue Feb 16 14:42:40 2021 -0800
Enable lz4 compression in systemd (#637)
Enable lz4 compression in systemd so that journalctl can read lz4 compressed journals
commit 7bd75d547d
Author: arvindkandhare <arvind.kandhare@emc.com>
Date: Tue Feb 16 14:35:55 2021 -0800
Overlay based diff image creation cherry pick (#611)
* Overlay based diff image creation prototype
Here is a link to the spec https://microsoft-my.sharepoint.com/:w:/g/personal/arvindka_microsoft_com1/ESrYHTpWUPBOgdi7LjDsE14Bf1mHSLG702551XctkFX1mA?e=CyCc2j. This is for early feedback on the approach.
It introduces a new element, BaseImage for each partition. Instead of creating a complete new partition image, a new diff layer is created using overlay file system. Overlay file system is a simple implementation of union file system. The changes files are completely copied in the upper level overlay. The implementation then copies the higher level files in a tgz.
This tgz can be transferred to the ADU agent which first rehydrates the base image and then uses SWUpdate to do the A/B switch.
Co-authored-by: Arvind Kandhare <arvindka@microsoft.com>
commit fad9eb35df
Author: rlmenge <rachelmenge@microsoft.com>
Date: Tue Feb 16 15:11:15 2021 -0500
Update mysql to version 8.0.23 for CVE-2020-15358 (#629)
* Update version of mysql
commit 7a69806354
Merge: fa579fc8f6bc5aa1
Author: Thomas Crain <thcrain@microsoft.com>
Date: Fri Feb 12 14:52:41 2021 -0600
Merge branch '1.0-dev' into thcrain/glibc-cve-2021-3326
commit fa579fc877
Author: Thomas Crain <thcrain@microsoft.com>
Date: Thu Feb 11 21:57:59 2021 -0800
Take patch backported to our version
commit cf2c8ebf91
Author: Mateusz Malisz <maliszmat@outlook.com>
Date: Thu Feb 18 08:38:17 2021 -0800
Fix CVE 2020-36242 (#634)
* Update python-cryptography to 3.3.2
* Update python-cffi
* Update cgmanifest
* Remove old patch file
commit f6bc5aa1f5
Author: rlmenge <rachelmenge@microsoft.com>
Date: Thu Feb 11 12:16:55 2021 -0500
Add patch for qemu CVE-2020-17380 (#618)
* Add upstream patch for qemu CVE-2020-17390
commit 487f102232
Author: Nicolas Ontiveros <54044510+niontive@users.noreply.github.com>
Date: Wed Feb 10 15:44:36 2021 -0800
Move dracut FIPS config to /etc/dracut.conf.d/ (#625)
commit 16c8e8df23
Author: Pawel Winogrodzki <pawelwi@microsoft.com>
Date: Wed Feb 10 12:56:45 2021 -0800
Addressing a few issues highlighted by "SpellCheck". (#626)
commit 53b234a2fe
Author: nicolas guibourge <nicogbg@gmail.com>
Date: Wed Feb 10 11:56:36 2021 -0800
create etcd, coredns and flannel containers (#624)
Co-authored-by: Nicolas Guibourge <nicolasg@microsoft.com>
commit d30a71095d
Author: Nicolas Ontiveros <54044510+niontive@users.noreply.github.com>
Date: Wed Feb 10 08:01:07 2021 -0800
Correctly format output for sha512hmac in kernel hmac calculation (#620)
commit cbc4a106d6
Author: Nicolas Ontiveros <54044510+niontive@users.noreply.github.com>
Date: Tue Feb 9 17:39:39 2021 -0800
Add FIPS-enabled core image (#609)
* Add "fips-packages" json
* Add core-fips image
* Check if "dracut-fips" is included if "fips=1" is set
* Add fips check for imageconfigvalidator test
commit 6eddfe439e
Author: Thomas Crain <thcrain@microsoft.com>
Date: Tue Feb 9 18:42:24 2021 -0600
Fix handling of double-percent in cgmanifest check (#616)
commit edebc07c3e
Author: Henry Beberman <henry.beberman@microsoft.com>
Date: Tue Feb 9 16:41:11 2021 -0800
Add several networking tools. Enable LLVM RTTI. (#608)
Enable RTTI in LLVM and clang for bpftrace
Add bpftrace spec
Add libmaxminddb spec
Add ntopng spec
Add vnstat spec
Add libconfuse spec
Add bmon spec
Update pigz to 2.6 and change source to GitHub
commit 1f4d6064d2
Author: Nicolas Ontiveros <54044510+niontive@users.noreply.github.com>
Date: Tue Feb 9 14:19:21 2021 -0800
Add Libacvp Package (#607)
commit aeecf8701e
Author: Nicolas Ontiveros <54044510+niontive@users.noreply.github.com>
Date: Tue Feb 9 14:00:03 2021 -0800
Add sha512hmac-openssl to kernel-hyperv source (#617)
commit cdeaf32fa3
Author: Nicolas Ontiveros <54044510+niontive@users.noreply.github.com>
Date: Tue Feb 9 13:43:57 2021 -0800
Use OpenSSL to hmac calc the kernel (#615)
commit 2e9604aaeb
Author: Thomas Crain <thcrain@microsoft.com>
Date: Tue Feb 9 12:44:40 2021 -0800
Update release number
commit eeddecd005
Author: Thomas Crain <thcrain@microsoft.com>
Date: Tue Feb 9 11:15:29 2021 -0800
Patch CVE-2021-3326 in glibc
commit 124daab644
Author: Pawel Winogrodzki <pawelwi@microsoft.com>
Date: Tue Feb 9 00:45:26 2021 -0800
Removing the deprecated "Microsoft IT TLS CA 2" CA. (#188)
commit 6dcbcb2aaf
Merge: 2a3b8a5e9c97e034
Author: jslobodzian <joslobo@microsoft.com>
Date: Mon Feb 8 16:23:16 2021 -0800
Merge pull request #606 from microsoft/mamalisz/pull-cves-to-10
Automated Mariner Release - cherry-pick openldap and dnsmasq CVE fixes.
commit 3f40946afe
Author: Christopher Co <christopher.co@microsoft.com>
Date: Sat Feb 6 18:07:08 2021 -0800
golang: update latest changelog entry (#602)
commit 9c97e03433
Author: Henry Li <69694695+henryli001@users.noreply.github.com>
Date: Fri Jan 29 14:40:52 2021 -0800
Merge pull request #578 from microsoft/lihl/openldap-CVE
resolve openldap CVEs
(cherry picked from commit fbcaccde39)
commit 5ad155a4d4
Author: Henry Li <69694695+henryli001@users.noreply.github.com>
Date: Thu Jan 28 16:39:15 2021 -0800
Merge pull request #575 from microsoft/lihl/dnsmasq-CVE
Resolve dnsmasq CVE-2020-25683, CVE-2020-25686, CVE-2020-25687
(cherry picked from commit c981b656ac)
commit 8e2cee37a7
Author: Nicolas Ontiveros <54044510+niontive@users.noreply.github.com>
Date: Fri Feb 5 14:45:56 2021 -0800
Add CONFIG_CRYPTO_STATS line in kernel configs (#599)
* Add CONFIG_CRYPTO_STATS line in kernel configs
* update kernel signatures.json
commit 3207645de2
Author: Nicolas Ontiveros <54044510+niontive@users.noreply.github.com>
Date: Fri Feb 5 14:33:31 2021 -0800
Use OpenSSL to perform hmac in libkcapi (#598)
commit 3f2b61ebcc
Author: Andrew Phelps <anphel31@users.noreply.github.com>
Date: Fri Feb 5 13:35:16 2021 -0800
update golang version to 1.15.7 (#595)
commit 13383d3997
Author: Nicolas Ontiveros <54044510+niontive@users.noreply.github.com>
Date: Thu Feb 4 07:06:19 2021 -0800
Add FIPS patches for OpenSSL (#593)
* Apply openssl fips patches from CentOS8
* Calculate and add hmac files for openssl
* Fix patching ec_curve
* Update pkggen and toolchain txt files
* Address openssl spec linting
commit fbe4c52146
Author: Nicolas Ontiveros <54044510+niontive@users.noreply.github.com>
Date: Thu Feb 4 07:04:22 2021 -0800
Add package "dracut-fips" (#592)
* Add dracut-fips package
* Disable tcrypt check in dracut-fips
* Format and apply disable-tcrypt patch
* Minor cleanup
* Fix patch issue
* Address spec linting
* Add dracut-fips to initramfs pkg watch list
* Fix date in initramfs changelog
commit fd1089c861
Author: Nicolas Ontiveros <54044510+niontive@users.noreply.github.com>
Date: Thu Feb 4 06:58:13 2021 -0800
Add support for kernel crypto API in user space (#576)
* Add kernel configs for userspace crypto support
* First version of libkcapi
* Add libkcapi to license map
* Use hmac calc for kernel fips compliance
* Update kernel-headers
* Update kernel-signed* spec files
* Address linting
* Update cgmanifest
* Address comments on libkcapi.spec
* Address spec linting
* Update kernel signatures.json
* Update toolchain/pkggen txt files
* Rename perl-interpreter to perl
* Disable libkcapi tests for now
commit 6322b0f482
Merge: c244f0e2d5e14bcd
Author: Henry Li <69694695+henryli001@users.noreply.github.com>
Date: Wed Feb 3 14:58:55 2021 -0800
Merge pull request #590 from microsoft/lihl/td-agent-fix
Fix td-agent installation
commit c244f0e23d
Merge: ff02635efdb00adf
Author: Jonathan Chiu <jochi@microsoft.com>
Date: Wed Feb 3 14:53:40 2021 -0800
Merge pull request #583 from microsoft/jochi/add-libconfini
Add libconfini package
commit fdb00adf12
Merge: cdf97d22ff02635e
Author: Jonathan Chiu <jochi@microsoft.com>
Date: Wed Feb 3 14:50:33 2021 -0800
Merge branch '1.0-dev' into jochi/add-libconfini
commit ff02635e90
Author: Henry Beberman <henry.beberman@microsoft.com>
Date: Wed Feb 3 11:34:35 2021 -0800
Add conntrack-tools, nmap, pigz, blobfuse (#591)
* Add pigz spec
* Add blobfuse spec
* Import conntrack-tools spec
* Add ncat spec
commit d0896d4a40
Author: Christopher Co <christopher.co@microsoft.com>
Date: Wed Feb 3 10:43:00 2021 -0800
kernel: enable REED_SOLOMON_DEC8 (#587)
CONFIG_REED_SOLOMON_DEC8 is required for CONFIG_DM_VERITY_FEC. Enable this config. This fixes an arm64 kernel package build error.
commit 2a3b8a5e9f
Merge: f35eb610fd45cb83
Author: jslobodzian <joslobo@microsoft.com>
Date: Tue Feb 2 20:09:51 2021 -0800
Merge pull request #588 from MateuszMalisz/mamalisz/pic-python-cve
Pick Python and CVE fixes to 1.0
commit d5e14bcd7a
Author: Henry Li <lihl@microsoft.com>
Date: Tue Feb 2 18:28:45 2021 -0800
fix td-agent installation
commit fd45cb83e4
Author: Nick Samson <nick.samson@microsoft.com>
Date: Fri Jan 29 13:49:01 2021 -0800
Applied spec linter diff again
commit bb033d5d56
Author: Nick Samson <nick.samson@microsoft.com>
Date: Fri Jan 29 13:44:39 2021 -0800
Applied spec linter diff for python3
commit 29daba1102
Author: Nick Samson <nick.samson@microsoft.com>
Date: Fri Jan 29 13:37:01 2021 -0800
Fixes CVE-2021-3177 in Python 3
commit f35eb610c5
Merge: 35988b451e813b86
Author: jslobodzian <joslobo@microsoft.com>
Date: Tue Feb 2 14:10:45 2021 -0800
Merge pull request #584 from MateuszMalisz/mamalisz/automation
Add automated build trigger for release PR
commit 1e813b86c8
Author: Mateusz Malisz <maliszmat@outlook.com>
Date: Tue Feb 2 13:52:09 2021 -0800
Add title filter
commit e97bc19712
Author: Pawel Winogrodzki <pawelwi@microsoft.com>
Date: Tue Feb 2 11:57:13 2021 -0800
Fixing changelog entries and license mapping. (#586)
commit 2ec6d13dcb
Author: Mateusz Malisz <maliszmat@outlook.com>
Date: Mon Jan 25 05:56:14 2021 -0800
Add automated build trigger for release PR
commit cdf97d2244
Merge: 3295208f39c6d991
Author: Jonathan Chiu <jochi@microsoft.com>
Date: Mon Feb 1 14:57:22 2021 -0800
Merge branch '1.0-dev' into jochi/add-libconfini
commit 39c6d9917b
Merge: e5dc1d5f346c8e8a
Author: Daniel McIlvaney <damcilva@microsoft.com>
Date: Mon Feb 1 12:59:38 2021 -0800
Merge pull request #549 from microsoft/damcilva/verity_staging/final
[Staging -> 1.0-dev verity read-only root] Support dm-verity read-only roots for Mariner images and ISOs
commit 3295208f74
Author: Jonathan Chiu <jochi@microsoft.com>
Date: Mon Feb 1 11:19:55 2021 -0800
Apply linted spec changes
commit 722a1b209d
Author: Jonathan Chiu <jochi@microsoft.com>
Date: Mon Feb 1 11:09:50 2021 -0800
Fix source URL in spec file
commit e5dc1d5f45
Author: nicolas guibourge <nicogbg@gmail.com>
Date: Mon Feb 1 09:44:01 2021 -0800
Update etcd versions and add coredns and flannel (#569)
* add coredns and flannel, move etcd to 3.4.3 and 3.4.13
* fix etcd build changes
* update cgmanifest
* address PR comments
Co-authored-by: Nicolas Guibourge <nicolasg@microsoft.com>
commit 5ab648bdf3
Merge: fbcaccde8d40163d
Author: Nick Samson <nick.samson@microsoft.com>
Date: Fri Jan 29 18:01:40 2021 -0800
Merge pull request #579 from microsoft/nisamson/CVE-2021-3177
Fixes CVE-2021-3177 in Python 3
commit 346c8e8a99
Author: Daniel McIlvaney <damcilva@microsoft.com>
Date: Fri Jan 29 16:34:08 2021 -0800
Avoid running parted when there is no flag to set
commit f2ecbf3a95
Author: Jonathan Chiu <jochi@microsoft.com>
Date: Fri Jan 29 15:22:39 2021 -0800
Update cgmanifest.json
commit 267db2a7c7
Author: Daniel McIlvaney <damcilva@microsoft.com>
Date: Fri Jan 29 12:02:02 2021 -0800
Support optional KernelOptions for rootfs
While the ISO initrd image does have a kernel, most rootfs images will
not have one. We need to support both flows.
Make KernelOptions an optional key for rootfs images, and only include
the kernel if it is set.
commit fbcaccde39
Merge: c981b656e46d8323
Author: Henry Li <69694695+henryli001@users.noreply.github.com>
Date: Fri Jan 29 14:40:52 2021 -0800
Merge pull request #578 from microsoft/lihl/openldap-CVE
resolve openldap CVEs
commit d0f75c6bf0
Author: Jonathan Chiu <jochi@microsoft.com>
Date: Fri Jan 29 14:22:52 2021 -0800
Add libconfini
commit 8d40163d39
Author: Nick Samson <nick.samson@microsoft.com>
Date: Fri Jan 29 13:49:01 2021 -0800
Applied spec linter diff again
commit 890f135c48
Author: Nick Samson <nick.samson@microsoft.com>
Date: Fri Jan 29 13:44:39 2021 -0800
Applied spec linter diff for python3
commit 3a5843f784
Author: Nick Samson <nick.samson@microsoft.com>
Date: Fri Jan 29 13:37:01 2021 -0800
Fixes CVE-2021-3177 in Python 3
commit e46d832351
Author: Henry Li <lihl@microsoft.com>
Date: Fri Jan 29 12:07:16 2021 -0800
resolve openldap CVEs
commit c981b656ac
Merge: db0cbb08aadd50e4
Author: Henry Li <69694695+henryli001@users.noreply.github.com>
Date: Thu Jan 28 16:39:15 2021 -0800
Merge pull request #575 from microsoft/lihl/dnsmasq-CVE
Resolve dnsmasq CVE-2020-25683, CVE-2020-25686, CVE-2020-25687
commit 2f181f07f7
Author: Daniel McIlvaney <damcilva@microsoft.com>
Date: Thu Jan 14 13:24:00 2021 -0800
Read-only root configuraiton documentation
Co-authored-by: Christopher Co <christopher.co@microsoft.com>
commit 10e689477c
Author: Daniel McIlvaney <damcilva@microsoft.com>
Date: Thu Jan 28 12:55:30 2021 -0800
Update sigs to use pipeline version of sources
commit 32a16b9874
Author: Daniel McIlvaney <damcilva@microsoft.com>
Date: Mon Dec 21 13:42:10 2020 -0800
Add verity-read-only-root package to LICENSES-MAP
commit e7d0c185f4
Author: Daniel McIlvaney <damcilva@microsoft.com>
Date: Thu Dec 17 15:13:32 2020 -0800
Attended installer supports new read-only root flows
commit c7842a2c93
Author: Daniel McIlvaney <damcilva@microsoft.com>
Date: Wed Dec 16 13:51:30 2020 -0800
Add support for read-only-roots to Imager tool
commit 3af5393828
Author: Daniel McIlvaney <damcilva@microsoft.com>
Date: Wed Dec 16 13:47:21 2020 -0800
Add read-only-root config for images
commit 7d582bd35d
Author: Daniel McIlvaney <damcilva@microsoft.com>
Date: Wed Dec 16 13:44:40 2020 -0800
Add verity-read-only-root package
commit bfc0734660
Author: Daniel McIlvaney <damcilva@microsoft.com>
Date: Wed Dec 16 13:43:57 2020 -0800
Make TdnfInstall a public function
commit 7d6f881bd1
Author: Daniel McIlvaney <damcilva@microsoft.com>
Date: Wed Dec 16 13:32:15 2020 -0800
Add initramfs library to write new initramfs files
commit 503b632146
Author: Daniel McIlvaney <damcilva@microsoft.com>
Date: Wed Dec 16 13:30:33 2020 -0800
Make mount/unmount of disks more reliable
commit 4445ad777a
Author: Daniel McIlvaney <damcilva@microsoft.com>
Date: Wed Dec 16 13:26:20 2020 -0800
Support validating packages during config check
commit 9e1fcf408e
Author: Daniel McIlvaney <damcilva@microsoft.com>
Date: Wed Dec 16 13:20:00 2020 -0800
Make device mapper roots more flexible & reliable
commit 85fb2102bd
Author: Daniel McIlvaney <damcilva@microsoft.com>
Date: Wed Dec 16 12:58:47 2020 -0800
Support seperate /boot partition with UEFI boot
commit aadd50e48a
Author: Henry Li <lihl@microsoft.com>
Date: Thu Jan 28 12:49:29 2021 -0800
update changelog
commit a3b634e5dc
Author: Henry Li <lihl@microsoft.com>
Date: Thu Jan 28 12:41:09 2021 -0800
Resolve dnsmasq CVEs
commit 366c485451
Author: Daniel McIlvaney <damcilva@microsoft.com>
Date: Wed Dec 16 12:50:23 2020 -0800
Redo RandomString() in common randomization package
Upgrade the function to handle multibyte runes correctly
Add test cases
commit db0cbb0873
Author: Andrew Phelps <anphel31@users.noreply.github.com>
Date: Wed Jan 27 15:08:40 2021 -0800
Fix check tests: acl, mercurial, nss, perl-IO-Socket-SSL (#574)
* fix mercurial tests
* fix nss tests
* fix manifests
* fix acl tests
* fix perl-IO-Socket-SSL tests
commit 35988b45d9
Author: Mateusz Malisz <maliszmat@outlook.com>
Date: Wed Jan 27 08:38:46 2021 -0800
Fix sudo CVE-2021-3156 and sudoer config. (#573)
* Fix CVE-2021-3156. Modify prompt.
* Update cgmanifest
commit 151b705aac
Author: Mateusz Malisz <maliszmat@outlook.com>
Date: Wed Jan 27 08:38:46 2021 -0800
Fix sudo CVE-2021-3156 and sudoer config. (#573)
* Fix CVE-2021-3156. Modify prompt.
* Update cgmanifest
commit b1d2a88323
Author: Andrew Phelps <anphel31@users.noreply.github.com>
Date: Tue Jan 26 13:29:26 2021 -0800
fix gnutls tests (#570)
commit 5bb14b2bb8
Author: Henry Beberman <henry.beberman@microsoft.com>
Date: Mon Jan 25 18:00:01 2021 -0800
WALinuxAgent change log directory (#568)
Make log directly to /var/log/waagent.log instead of a symlink to /opt/waagent/log/waagent.log
commit cfaf5daac6
Merge: 074f181120f6d243
Author: Jon Slobodzian <joslobo@microsoft.com>
Date: Sun Jan 24 17:26:59 2021 -0800
Merge branch '1.0-dev' into 1.0
commit 20f6d243ae
Author: jslobodzian <joslobo@microsoft.com>
Date: Sun Jan 24 17:26:18 2021 -0800
Update Mariner-Release Version (#566)
commit 074f181193
Merge: 91420480b32a70d6
Author: Jon Slobodzian <joslobo@microsoft.com>
Date: Sun Jan 24 17:00:55 2021 -0800
Merge from 1.0-dev for January update
commit b32a70d67c
Author: Christopher Co <christopher.co@microsoft.com>
Date: Sat Jan 23 17:04:37 2021 -0800
Update kernel sources to 5.4.91 (#563)
* kernel: update to 5.4.91
* kernel: Add nopatch files
* kernel: Remove hyperv GUI patch
* kernel: update config file and hashes
* kernel-hyperv: Update config file and hash
* kernel: Remove framebuffer patch file
* kernel: Remove PGTABLE_MAPPING
CONFIG_PGTABLE_MAPPING not supported in new 5.4.91 kernel
commit 2f1ad05c3f
Author: Pawel Winogrodzki <pawelwi@microsoft.com>
Date: Fri Jan 22 16:30:23 2021 -0800
Extending `mariner-repos`. (#565)
commit 361de0b070
Author: Andrew Phelps <anphel31@users.noreply.github.com>
Date: Fri Jan 22 15:07:52 2021 -0800
Fix check tests for coreutils and bc (#564)
* fix bc test
* fix coreutils test
* fix manifests
* change bc URL
* fix typo
commit 402ee03ea6
Author: Mateusz Malisz <maliszmat@outlook.com>
Date: Fri Jan 22 00:49:59 2021 -0800
Add minimal distroless image configuration (#492)
* Add distroless minimal image configuration
commit 0b2fe52e72
Author: nicolas guibourge <nicogbg@gmail.com>
Date: Thu Jan 21 15:24:43 2021 -0800
kubernetes: move to 1.19.6, 1.18.14 and 1.17.16 (#559)
* kubernetes: move to versions 1.17.16, 1.18.14 and 1.19.6
* update cgmanifest and download tarball/URL
* update signatures and remove unused .nopatch files
Co-authored-by: nicolasg@microsoft.com <nicolasg@microsoft.com>
commit 7b7b73920e
Merge: 75ff8cd550e7a8e5
Author: jslobodzian <joslobo@microsoft.com>
Date: Thu Jan 21 08:42:39 2021 -0800
Merge pull request #562 from microsoft/jslobodzian/fix-quick-start-directions
Add missing VHDX instrution and fix layout issue
commit 50e7a8e51a
Author: jslobodzian <joslobo@microsoft.com>
Date: Wed Jan 20 18:32:07 2021 -0800
Add missing VHDX instrution and fix layout issue
Minor updates to the VHDX instructions.
commit 75ff8cd54d
Author: Henry Beberman <henry.beberman@microsoft.com>
Date: Wed Jan 20 16:43:49 2021 -0800
Patch python-cryptography CVE-2020-25659 (#560)
Backport CVE-2020-25659 patch to python-cryptography 2.3.1
commit 7b1025cfd1
Author: Andrew Phelps <anphel31@users.noreply.github.com>
Date: Wed Jan 20 14:15:05 2021 -0800
Fix tests for swig, remove unreliable memtest from python-pycurl (#561)
* fix swig tests
* remove unreliable memory test from python-pycurl
* fix manifests
commit e18c204c8f
Merge: a970743b959fbacb
Author: Henry Li <69694695+henryli001@users.noreply.github.com>
Date: Wed Jan 20 10:02:16 2021 -0800
Merge pull request #555 from microsoft/lihl/removesourcefile
Remove RubyGem Source File
commit a970743b24
Author: Mateusz Malisz <maliszmat@outlook.com>
Date: Wed Jan 20 09:59:50 2021 -0800
Update sudo package to 1.9.5p1 (#552)
* Update sudo package to 1.9.5p1
commit 0a19ca3e9e
Author: nicolas guibourge <nicogbg@gmail.com>
Date: Tue Jan 19 16:26:00 2021 -0800
kubernetes: apply hotfixes for 1.19.3, 1.18.10 and 1.17.13 and fix container script (#556)
* kubernetes: apply hotfixes for 1.19.3, 1.18.10 and 1.17.13
* fix cgmanifest
* fix cgmanifest
* fix issue fix k8s container script when used in ADO pipeline
* make cpio command less verbose
Co-authored-by: Nicolas Guibourge <nicolasg@microsoft.com>
commit af922e4f33
Author: Daniel McIlvaney <damcilva@microsoft.com>
Date: Tue Jan 19 14:19:57 2021 -0800
Patch e2fsprogs CVE-2019-5094, CVE-2019-5188 (#535)
Patch e2fsprogs CVE-2019-5094, CVE-2019-5188
Co-authored-by: Henry Beberman <henry.beberman@microsoft.com>
commit 29e3d3d637
Author: Pawel Winogrodzki <pawelwi@microsoft.com>
Date: Tue Jan 19 14:12:06 2021 -0800
Moving "Provides: pkgconfig(*)" for "libpng" to correct subpackage. (#554)
commit 959fbacbe2
Author: Henry Li <lihl@microsoft.com>
Date: Tue Jan 19 13:07:26 2021 -0800
remove source tarball
commit 22c2ecfca4
Merge: d57a9a7719982759
Author: Henry Li <69694695+henryli001@users.noreply.github.com>
Date: Tue Jan 19 10:35:41 2021 -0800
Merge pull request #523 from microsoft/joslobo/td-agent-fix
Add td-agent to Mariner Core
commit d57a9a7783
Author: Emre Girgin <50592283+mrgirgin@users.noreply.github.com>
Date: Tue Jan 19 10:23:45 2021 -0800
Fix CVE-2020-35493, CVE-2020-35494, CVE-2020-35495, CVE-2020-35496, CVE-2020-35507 in binutils. (#529)
* Update toolchain files
* Add patch files/edit SPEC
* Run spec linter
* Minor fixes to pack srpm
* Replace patches
* Tweak patches to apply cleanly
commit 263d47d2a5
Merge: 1ca2394cf030011c
Author: jslobodzian <joslobo@microsoft.com>
Date: Tue Jan 19 09:57:25 2021 -0800
Merge pull request #553 from microsoft/jslobodzian/add-missing-prereqs
Update prerequisites.md
commit f030011c38
Author: jslobodzian <joslobo@microsoft.com>
Date: Tue Jan 19 09:14:11 2021 -0800
Update prerequisites.md
During independent build testing, it was found that three additional prerequisites were necessary to build the toolchain from scratch. This change corrects the documentation to add the missing prereqs.
commit 1ca2394cc5
Author: nicolas guibourge <nicogbg@gmail.com>
Date: Mon Jan 18 10:10:54 2021 -0800
kubernetes: build RPM for containers and build containers (#545)
* kubernetes: build RPM for containers
* add script to create docker container for kubernetes
* address PR comment
Co-authored-by: Nicolas Guibourge <nicolasg@microsoft.com>
commit e9e70d7676
Author: Andrew Phelps <anphel31@users.noreply.github.com>
Date: Sat Jan 16 13:51:59 2021 -0800
Fix tests: cloud-init and python-pycurl (#551)
* fix cloud-init tests
* fix python-pycurl
commit 43dba0e6ce
Author: Pawel Winogrodzki <pawelwi@microsoft.com>
Date: Fri Jan 15 18:17:33 2021 -0800
Updating `meson` to version 0.56.0. (#548)
commit c9be8e95c1
Author: Andrew Phelps <anphel31@users.noreply.github.com>
Date: Fri Jan 15 17:57:05 2021 -0800
Fix tests: chrony and ModemManager (#550)
* fix chrony tests
* fix ModemManager test
commit 19982759c5
Author: Henry Li <lihl@microsoft.com>
Date: Fri Jan 15 16:08:35 2021 -0800
update LICENSE-MAP
commit 8525636ece
Author: Andrew Phelps <anphel31@users.noreply.github.com>
Date: Fri Jan 15 15:35:14 2021 -0800
fix mariadb tests (#544)
commit 7cce476afe
Author: Pawel Winogrodzki <pawelwi@microsoft.com>
Date: Fri Jan 15 14:10:30 2021 -0800
Fixing `Requires` cycles resolution across specs. #547
commit 314c8d8dc4
Author: Henry Li <lihl@microsoft.com>
Date: Fri Jan 15 13:26:01 2021 -0800
resolve comments
commit ca91239d67
Merge: c2d10990d8b1a269
Author: Henry Li <69694695+henryli001@users.noreply.github.com>
Date: Fri Jan 15 10:21:43 2021 -0800
Merge pull request #540 from microsoft/lihl/qemu-fix
Update qmu-kvm CVE-2020-15469 to resolve QEMU bug
commit c2d10990da
Author: Nicolas Ontiveros <54044510+niontive@users.noreply.github.com>
Date: Fri Jan 15 06:45:33 2021 -0800
Fix openssl and python-ecdsa tests (#542)
* Fix openssl ecdsa and ssl_new tests
* Disable nist192 tests in python-ecdsa
* Update pkggen/toolchain txt files
* Address SPEC linting for python-ecdsa
commit 1758eea20f
Author: Andrew Phelps <anphel31@users.noreply.github.com>
Date: Thu Jan 14 22:36:16 2021 -0800
Fix ruby tests and disable asciidoc and ipv6calc tests (#541)
* fix ruby tests
* skip asciidoc and ipv6calc tests
commit 188ea3e565
Author: Henry Li <lihl@microsoft.com>
Date: Thu Jan 14 15:48:01 2021 -0800
update licensing
commit d8b1a26935
Author: Henry Li <lihl@microsoft.com>
Date: Thu Jan 14 14:09:37 2021 -0800
update spec file
commit abaabf2282
Author: Henry Li <lihl@microsoft.com>
Date: Wed Jan 13 16:32:01 2021 -0800
fix licensing issue
commit 655e53b59a
Author: rlmenge <rachelmenge@microsoft.com>
Date: Wed Jan 13 12:15:59 2021 -0500
Add i.MX8mq-evk board support (#472)
* Add i.MX8mq-evk board support
Modify the kernel configs to include the needed drivers as well as voltage regulators.
Add the dtb to the kernel spec as a subpackage by arch type
Update the kernel files to match spec version number
commit 5af1624024
Author: Henry Li <lihl@microsoft.com>
Date: Tue Jan 12 18:52:45 2021 -0800
fix more comments
commit d1309e5a21
Author: Andrew Phelps <anphel31@users.noreply.github.com>
Date: Tue Jan 12 12:04:01 2021 -0800
Add kernel patch to fix GUI installer crash due to mmap issue (#526)
* add kernel patch to fix gui installer crash
* update kernel-hyperv release
* revert hyperv-daemons and kernel-hyperv releasenum per feedback
commit 58ccba880f
Merge: d80a610d616774c5
Author: Pawel Winogrodzki <pawelwi@microsoft.com>
Date: Tue Jan 12 11:23:29 2021 -0800
Adding `ca-certificates` and `prebuilt-ca-certificates-base` to entangled specs (#534)
* Matching cert packages version and release.
* Updating entangled specs check.
commit 616774c59a
Author: Pawel <pawelwi@microsoft.com>
Date: Tue Jan 12 11:21:50 2021 -0800
Addressing linter's suggestions.
commit 0f1a9ca9ae
Author: Henry Li <lihl@microsoft.com>
Date: Tue Jan 12 11:12:22 2021 -0800
fix comments
commit d2197ac791
Author: Pawel <pawelwi@microsoft.com>
Date: Tue Jan 12 10:29:37 2021 -0800
Updating entangled specs check.
commit 818912622e
Author: Pawel <pawelwi@microsoft.com>
Date: Tue Jan 12 10:21:48 2021 -0800
Matching cert packages version and release.
commit 1e41d01b1e
Author: Henry Li <lihl@microsoft.com>
Date: Mon Jan 11 19:03:52 2021 -0800
update patch changes
commit d80a610d9c
Author: Nicolas Ontiveros <54044510+niontive@users.noreply.github.com>
Date: Mon Jan 11 14:01:39 2021 -0800
Remove IDEA and EC2M source code/support from OpenSSL (#524)
* Remove support for EC2M in OpenSSL
* Remove IDEA source code from OpenSSL
* Use hobbled tarball for openssl
* Update pkggen and toolchain txt files
* Add "hobbled" tarball to OpenSSL changelog
* Add hobbled tarball code comment from Fedora
* Address spec linting
commit a6cdc0240a
Author: Thomas Crain <thcrain@microsoft.com>
Date: Mon Jan 11 15:08:04 2021 -0600
Add workflow to check entangled specs (#528)
commit 2819dce8ea
Author: Andrew Phelps <anphel31@users.noreply.github.com>
Date: Sun Jan 10 02:34:17 2021 -0800
Fix gettest test and correct typo to disable strongswan test (#525)
* fix gettext test
* disable strongswan test
* fix manifests
commit fbea513789
Author: Henry Li <lihl@microsoft.com>
Date: Fri Jan 8 16:28:04 2021 -0800
fix error caused by applying linting diff
commit 39490f9843
Author: Henry Li <lihl@microsoft.com>
Date: Fri Jan 8 15:34:02 2021 -0800
fix linting and manifest
commit c786d4646c
Author: Henry Li <lihl@microsoft.com>
Date: Fri Jan 8 12:32:16 2021 -0800
update td-agent changelog
commit 4825fa3e47
Author: Henry Li <lihl@microsoft.com>
Date: Fri Jan 8 12:26:00 2021 -0800
refactor td-agent implementation
commit eaf285b7d2
Author: nicolas guibourge <nicogbg@gmail.com>
Date: Fri Jan 8 10:04:10 2021 -0800
glibc: patch CVE-2019-25013 (#522)
Co-authored-by: nicolasg@microsoft.com <nicolasg@microsoft.com>
commit f243094bba
Author: Andrew Phelps <anphel31@users.noreply.github.com>
Date: Thu Jan 7 17:59:05 2021 -0800
Fix libunistring test and skip strongswan (#521)
* fix libunistring testcase
* skip strongswan
* verified license
commit dde135df99
Author: Nicolas Ontiveros <54044510+niontive@users.noreply.github.com>
Date: Thu Jan 7 14:53:02 2021 -0800
No patch kernel CVE-2020-27777 (#499)
* No patch kernel CVE-2020-27777
* Add upstream/stable commit info for CVE-2020-27777.nopatch
Co-authored-by: Thomas Crain <thcrain@microsoft.com>
commit aea23c9d6e
Author: nicolas guibourge <nicogbg@gmail.com>
Date: Thu Jan 7 02:17:09 2021 -0800
Kubernetes: nopatch CVE-2020-8563, fix tests issue when built against golang 1.15 (k8s 1.17 and 1.18) (#516)
* kubernetes: fix test issue with golang 1.15
* kubernetes: CVE-2020-8563 - nopatch
Co-authored-by: nicolasg@microsoft.com <nicolasg@microsoft.com>
commit 2ef1f76799
Author: Andrew Phelps <anphel31@users.noreply.github.com>
Date: Wed Jan 6 16:47:11 2021 -0800
fix strace tests (#518)
commit a0d8662055
Author: Thomas Crain <thcrain@microsoft.com>
Date: Wed Jan 6 13:20:40 2021 -0600
rust: Fix package test (#514)
commit e14ddf5557
Author: Andrew Phelps <anphel31@users.noreply.github.com>
Date: Wed Jan 6 10:02:48 2021 -0800
Fix test for python-attrs, libmodulemd, skip dracut tests (#515)
* fix libmodulemd test reliability
* fix python-attrs test
* skip dracut test
commit df35b0997d
Author: Thomas Crain <thcrain@microsoft.com>
Date: Tue Jan 5 19:35:22 2021 -0600
python-bcrypt, python-pynacl: Fix package tests (#513)
commit 0dca020d64
Author: Thomas Crain <thcrain@microsoft.com>
Date: Tue Jan 5 18:14:57 2021 -0600
librepo: enable package tests (#512)
commit 0038cd4924
Author: Thomas Crain <thcrain@microsoft.com>
Date: Tue Jan 5 17:40:35 2021 -0600
libisoburn: fix package test (#511)
commit 8f82f9ef7c
Author: Andrew Phelps <anphel31@users.noreply.github.com>
Date: Tue Jan 5 14:32:51 2021 -0800
Fix tests for grep, gawk, mozjs60, skip jna test (#509)
* fix grep test
* fix mozjs60 test
* fix gawk test
* skip jna
* fix manifests
commit c37b887e3c
Author: Thomas Crain <thcrain@microsoft.com>
Date: Tue Jan 5 16:11:32 2021 -0600
openssh: add BRs for check section, patch broken tests (#507)
commit 00bf30b30c
Author: nicolas guibourge <nicogbg@gmail.com>
Date: Tue Jan 5 20:12:50 2021 +0100
No patch CVE-2020-8564, CVE-2020-8565, CVE-2020-8566 (#505)
Co-authored-by: nicolasg@microsoft.com <nicolasg@microsoft.com>
commit 20646032b8
Author: Christopher Co <christopher.co@microsoft.com>
Date: Mon Jan 4 13:47:38 2021 -0800
diskutils: Include virtual disk devices in search (#427)
Virtual disk devices do not show up in ISO installer when searching for
system block devices, causing the installer to fail immediately with
"unexpected end of JSON input". This is because virtual disk devices
typically have major device numbers of 252,253,254 and the installer's
lsblk does not filter for these device numbers.
Fix is to add these major device numbers to the lsblk filter so the installer
can enumerate them during startup.
commit facdb2d2dd
Merge: 99a5dcfcdf38104c
Author: Henry Li <lihl@microsoft.com>
Date: Thu Dec 31 17:20:09 2020 -0800
Merge branch '1.0-dev' into joslobo/td-agent-fix
commit df38104c98
Author: Thomas Crain <thcrain@microsoft.com>
Date: Thu Dec 31 15:34:54 2020 -0600
Upgrade python-urllib3 and python-requests to fix CVE-2019-11236, CVE-2020-26137 (#504)
Co-authored-by: Rachel <rachelmenge@microsoft.com>
commit 7a2912082a
Author: Nicolas Ontiveros <54044510+niontive@users.noreply.github.com>
Date: Wed Dec 30 15:34:54 2020 -0800
Update ansible to version 2.9.12 (#503)
* Update ansible to version 2.9.12
commit 8fa08b3e98
Author: Pawel Winogrodzki <pawelwi@microsoft.com>
Date: Tue Dec 29 14:25:05 2020 -0800
Adding Fedora 32 patch to make `perl-WWW-Curl` work with new version of `curl` (#502)
* Adding Fedora 32 patch to make `perl-WWW-Curl` work with new version of `curl`.
* Applying linter clean-up.
commit de7515cf52
Author: Nicolas Ontiveros <54044510+niontive@users.noreply.github.com>
Date: Tue Dec 29 05:45:26 2020 -0800
Upgrade p11-kit to 0.23.22 (#498)
* Upgrade p11-kit to 0.23.22
commit 91420480ed
Merge: 153dedb20abb891a
Author: Pawel Winogrodzki <pawelwi@microsoft.com>
Date: Mon Dec 28 19:19:02 2020 -0800
Merge pull request #501 from PawelWMS/pawelwi/user_password_fix_merge
* Regression fix to setting the user password for generated images.
commit 671069037f
Author: Pawel Winogrodzki <pawelwi@microsoft.com>
Date: Mon Dec 28 19:07:06 2020 -0800
Fixing spacing in TDNF's package list output (#497)
commit 0abb891ac4
Author: Mateusz Malisz <maliszmat@outlook.com>
Date: Mon Dec 28 17:28:12 2020 -0800
Mamalisz/fix chage shadow (#500)
* Check shadow file inside the installChroot, not setupChroot
commit 035ce0670d
Author: Mateusz Malisz <maliszmat@outlook.com>
Date: Mon Dec 28 17:28:12 2020 -0800
Mamalisz/fix chage shadow (#500)
* Check shadow file inside the installChroot, not setupChroot
commit 116533c12a
Author: Pawel Winogrodzki <pawelwi@microsoft.com>
Date: Mon Dec 28 10:53:48 2020 -0800
Updating `curl` to 7.74.0 to fix CVE-2020-8169 and stabilize tests. (#491)
* Updating `curl` to version 7.74.0 to fix CVE-2020-8169.
* Enabling more tests by adding `BuildRequires` and running them as a non-root user.
commit 852bc1e87a
Author: Pawel Winogrodzki <pawelwi@microsoft.com>
Date: Wed Dec 23 14:17:41 2020 -0800
Updating signed specs to be aligned with their unsigned counterparts. (#496)
commit 153dedb22c
Merge: 40b912537ca36c34
Author: Pawel Winogrodzki <pawelwi@microsoft.com>
Date: Wed Dec 23 12:21:22 2020 -0800
Updating SIGNED-SPECS to make the releases match their unsigned counterparts (#495)
commit 7ca36c3419
Author: Pawel <pawelwi@microsoft.com>
Date: Wed Dec 23 12:12:33 2020 -0800
Updating signed specs to be aligned with their unsigned counterparts.
commit 40b912533d
Merge: d53316bdccce666f
Author: Pawel Winogrodzki <pawelwi@microsoft.com>
Date: Tue Dec 22 22:00:20 2020 -0800
Merging branch '1.0-dev' into '1.0' for the December release (#494)
commit ccce666ff8
Merge: d53316bd3eae6178
Author: Pawel <pawelwi@microsoft.com>
Date: Tue Dec 22 21:38:35 2020 -0800
Merge branch '1.0-dev' into '1.0' for the December release.
commit 3eae617809
Author: rlmenge <rachelmenge@microsoft.com>
Date: Tue Dec 22 20:09:31 2020 -0500
Update python-pip to 19.2 to fix CVE-2019-20916 (#489)
* Update python-pip to version 19.2 to fix CVE-2019-20916
commit 5db05d99cd
Author: Andrew Phelps <anphel31@users.noreply.github.com>
Date: Tue Dec 22 15:56:31 2020 -0800
Fix tests for elfutils and python-imagesize (#490)
* fix python-imagesize tests
* fix elfutils tests
* update manifests
* verify license and remove sha1
commit 63ef7aa39b
Author: rlmenge <rachelmenge@microsoft.com>
Date: Tue Dec 22 17:43:08 2020 -0500
Adding a patch for 'unbound' to fix CVE-2020-28935 (#487)
* Fix CVE-2020-28935
commit 0481e800aa
Merge: ad87219b1a277592
Author: jslobodzian <joslobo@microsoft.com>
Date: Tue Dec 22 13:53:48 2020 -0800
Merge pull request #476 from microsoft/joslobo/cloudinitdocfix
Split out Quick Start, Add CBL-Mariner Usage Instructions
commit 1a27759278
Author: Jon Slobodzian <joslobo@microsoft.com>
Date: Tue Dec 22 13:51:57 2020 -0800
Minor corrections to build instructions
commit ad87219bf8
Author: Pawel Winogrodzki <pawelwi@microsoft.com>
Date: Tue Dec 22 12:26:56 2020 -0800
Updating `python-py` to 1.10.0 to fix CVE-2020-29651 (#488)
commit 22e52d78fa
Merge: 58a9be74b0c589c9
Author: Nick Samson <nick.samson@microsoft.com>
Date: Mon Dec 21 19:19:15 2020 -0800
Merge pull request #477 from microsoft/nisamson/CVE-2020-35457
Added patch for glib CVE-2020-35457
commit 58a9be7498
Author: Pawel Winogrodzki <pawelwi@microsoft.com>
Date: Mon Dec 21 19:14:36 2020 -0800
Updating `mariner-release.spec` for the December release. (#482)
commit 983b956fb9
Author: Pawel Winogrodzki <pawelwi@microsoft.com>
Date: Mon Dec 21 18:56:19 2020 -0800
Reverting ptest fix for Perl from PR #465 (commit: 283d6cd). (#486)
commit 943958ca1f
Author: Jon Slobodzian <joslobo@microsoft.com>
Date: Mon Dec 21 15:45:22 2020 -0800
Updated per peer review comment
commit c83a915313
Author: Nicolas Ontiveros <54044510+niontive@users.noreply.github.com>
Date: Mon Dec 21 14:35:55 2020 -0800
Add "at" and "uuid" packages (#425)
* Add uuid package
* Add at package
commit b0c589c9d0
Author: Nick Samson <nick.samson@microsoft.com>
Date: Mon Dec 21 13:33:55 2020 -0800
Verified license and removed sha line
commit bd872254ca
Author: rychenf1 <rychenf1@gmail.com>
Date: Mon Dec 21 12:42:39 2020 -0800
Patch curl CVE-2020-8231 (#478)
commit 5f0dd70f3a
Author: Nick Samson <nick.samson@microsoft.com>
Date: Fri Dec 18 16:23:13 2020 -0800
Undid manual whitespacing change
commit f27ad895c6
Author: Nick Samson <nick.samson@microsoft.com>
Date: Fri Dec 18 16:19:26 2020 -0800
Applied linter diff to glib spec
commit 1247485723
Author: Nick Samson <nick.samson@microsoft.com>
Date: Fri Dec 18 15:08:20 2020 -0800
Added patch for glib CVE-2020-35457
commit ca7c814c39
Author: Jon Slobodzian <joslobo@microsoft.com>
Date: Fri Dec 18 14:13:41 2020 -0800
Split out Quick Start, Add CBL-Mariner Usage Instructions
commit 99a5dcfc60
Author: Henry Li <lihl@microsoft.com>
Date: Fri Dec 18 11:30:06 2020 -0800
enable fluentd, jemalloc and update ruby; temporarily save the changes
commit a96c38b570
Author: Pawel Winogrodzki <pawelwi@microsoft.com>
Date: Fri Dec 18 10:10:04 2020 -0800
Fixing misleading doc entry about update repo's defaults. (#474)
commit a6280569dd
Author: Andrew Phelps <anphel31@users.noreply.github.com>
Date: Thu Dec 17 16:45:17 2020 -0800
Fix tests for llvm and libaio (#475)
* fix libaio tests
* fix llvm tests
* update manifests
commit 14b8bd11a2
Author: Andrew Phelps <anphel31@users.noreply.github.com>
Date: Thu Dec 17 15:35:38 2020 -0800
Update prerequisites with golang 1.15 (#466)
* update steps with golang 1.15
* force create link
commit 91a4d79c55
Merge: c772ed9f37011ead
Author: nicolas guibourge <nicogbg@gmail.com>
Date: Thu Dec 17 19:13:41 2020 +0100
Merge pull request #473 from microsoft/nicogbg/kubernetes-more-versions
Nicogbg/kubernetes more versions
commit 37011ead45
Author: nicolasg@microsoft.com <nicolasg@microsoft.com>
Date: Thu Dec 17 09:54:57 2020 -0800
address PR comments
commit 689fe6fdff
Author: nicolasg@microsoft.com <nicolasg@microsoft.com>
Date: Thu Dec 17 04:16:51 2020 -0800
add more kubernetes versions
commit b54c2039ed
Author: nicolasg@microsoft.com <nicolasg@microsoft.com>
Date: Thu Dec 17 01:06:05 2020 -0800
rename existing kube spec to match full version
commit c772ed9fc8
Author: Mateusz Malisz <maliszmat@outlook.com>
Date: Wed Dec 16 15:50:57 2020 -0800
Fix file paths for prebuilt certificates (#471)
* Fix file paths for prebuilt certificates
* Delete instead of exclude
* Fix xsltproc file path
commit 30ca334c63
Author: Henry Beberman <henry.beberman@microsoft.com>
Date: Wed Dec 16 14:59:31 2020 -0800
Update kernel to 4.5.83, Address 7 kernel CVEs (#470)
- Update kernel-headers, kernel, kernel-hyperv, and hyperv-daemons specs to use 5.4.83
- Refresh version numbers for kernel-signed- specs
- Update toolchain to use 5.4.83 source when building kernel headers
- Address CVE-2020-14351, CVE-2020-14381, CVE-2020-25656, CVE-2020-25704,
CVE-2020-29534, CVE-2020-29660, CVE-2020-29661
- Update cgmanifest's download URLs to point to 5.4.83 source location
commit d2b2216972
Author: chalamalasetty <42326515+chalamalasetty@users.noreply.github.com>
Date: Wed Dec 16 14:30:38 2020 -0800
Remove password aging customized value to set default (#468)
* Increase maxium number of days a password can be used
* Update shadow utils version for toolchain deps
* Update lint changes as per build logs
* Remove PASS_MAX_DAYS customized value 90 to set default value
* Update var in SPEC file by removing macro
Co-authored-by: Suresh Babu Chalamalasetty <schalam@microsoft.com>
commit a84341942d
Author: rychenf1 <rychenf1@gmail.com>
Date: Wed Dec 16 10:54:06 2020 -0800
Patch curl CVE-2020-8177 (#469)
commit 0695cac045
Author: Mateusz Malisz <maliszmat@outlook.com>
Date: Tue Dec 15 16:31:49 2020 -0800
Add distroless containers (#403)
Co-authored-by: Jon Slobodzian <joslobo@microsoft.com>
commit daa3e79f19
Author: Henry Li <lihl@microsoft.com>
Date: Tue Dec 15 15:13:10 2020 -0800
update td-agent and merge with latest 1.0-dev
commit 283d6cde5a
Author: Andrew Phelps <anphel31@users.noreply.github.com>
Date: Mon Dec 14 19:29:20 2020 -0800
Fix tests for grub2, perl, and skip libsoup tests (#465)
* fix perl test
* fix grub2 test
* skip libsoup
* cleanup
* update manifests
* update manifests
commit 1d38bbf67e
Merge: a46618d5e1f798c0
Author: nicolas guibourge <nicogbg@gmail.com>
Date: Mon Dec 14 10:16:40 2020 -0800
Merge pull request #449 from microsoft/nicogbg/ms-kubernetes
Nicogbg/ms kubernetes
commit a46618d5f3
Author: Nicolas Ontiveros <54044510+niontive@users.noreply.github.com>
Date: Mon Dec 14 06:06:01 2020 -0800
Patch qemu CVE-2020-27821 (#462)
* Patch CVE-2020-25723 in qemu-kvm
* Patch qemu CVE-2020-27821
commit e1f798c011
Author: nicolasg@microsoft.com <nicolasg@microsoft.com>
Date: Mon Dec 14 00:26:09 2020 -0800
address PR comments
commit 22071220fb
Author: Nicolas Guibourge <nicolasg@microsoft.com>
Date: Tue Dec 8 16:36:09 2020 -0800
add kubernetes 1.17 1.18 and 1.19 in cgmanifest
commit c1cb2d363c
Author: Nicolas Guibourge <nicolasg@microsoft.com>
Date: Tue Dec 8 15:53:39 2020 -0800
build kube 1.19 from sources
commit 3efc7ee084
Author: Nicolas Guibourge <nicolasg@microsoft.com>
Date: Tue Dec 8 12:02:03 2020 -0800
build kube 1.18 from sources
commit 867768fdf5
Author: Nicolas Guibourge <nicolasg@microsoft.com>
Date: Tue Dec 8 11:31:03 2020 -0800
build kubernetes 1.17 from sources
commit d8b446625b
Author: Nicolas Guibourge <nicolasg@microsoft.com>
Date: Fri Dec 4 14:44:10 2020 -0800
move to kubernetes 1.17, 1.18 and 1.19
commit 819786cad8
Author: Andrew Phelps <anphel31@users.noreply.github.com>
Date: Thu Dec 10 23:09:35 2020 -0800
Increment release for all specs building with golang 1.15 (#460)
* bump release for specs building with golang 1.15
* changelog cleanup
commit c9192b5592
Author: Andrew Phelps <anphel31@users.noreply.github.com>
Date: Thu Dec 10 19:42:17 2020 -0800
Fix check tests for cpprest, libpipeline, librsync, postgresql, libsoup (#459)
* fix cpprest test
* fix libpipeline test
* fix librsync test
* fix postgresql test
* remove override for libsoup test
* update manifests for libpipeline
* add with_check per PR feedback
commit cf6275ef0b
Author: Pawel Winogrodzki <pawelwi@microsoft.com>
Date: Thu Dec 10 11:36:01 2020 -0800
Removing binaries from the repository. (#441)
commit d53316bddd
Merge: b229c4fff8e401aa
Author: jslobodzian <joslobo@microsoft.com>
Date: Wed Dec 9 21:02:25 2020 -0800
Merge pull request #457 from microsoft/joslobo/offcycle-merge-from-1.0-dev
Offcycle fixes for Critical and High CVEs (also includes miscellaneous bug fixes)
commit 08e4ed6602
Author: Pawel Winogrodzki <pawelwi@microsoft.com>
Date: Wed Dec 9 20:00:12 2020 -0800
Fixing `rpm-ostree` ptests. (#451)
* Fixing `rpm-ostree` ptests.
* Adding linter changes.
commit f8e401aa7c
Merge: 3f43b39f4630a3ca
Author: Jon Slobodzian <joslobo@microsoft.com>
Date: Wed Dec 9 17:06:06 2020 -0800
Merge branch '1.0-dev' into joslobo/offcycle-merge-from-1.0-dev
commit 4630a3ca4c
Author: jslobodzian <joslobo@microsoft.com>
Date: Wed Dec 9 17:00:28 2020 -0800
Revert "Enable td-agent in Mariner" (#458)
commit 3f43b39fcd
Merge: b229c4ff13ba9d24
Author: Jon Slobodzian <joslobo@microsoft.com>
Date: Wed Dec 9 12:22:31 2020 -0800
Merge branch '1.0-dev' into joslobo/offcycle-merge-from-1.0-dev
Fix for curl CVE-2020-8284, CVE-2020-8285, and CVE-2020-8286
Fix for openSSL CVE-2020-1971
Fix for openldap CVE-2020-25692
Fix for qemu-kvm CVE-2020-25723
Update to golang 1.15
Fix for kernel CVE-2020-25705, CVE-2020-15436, CVE-2020-28974, CVE-2020-29368, CVE-2020-29369, CVE-2020-29370, CVE-2020-29374, CVE-2020-29373, CVE-2020-28915, CVE-2020-28941, CVE-2020-27675, CVE-2020-15437, CVE-2020-29371, CVE-2020-29372, CVE-2020-27194, CVE-2020-27152
Fix for postresql CVE-2020-25695 CVE-2020-25694
commit 13ba9d24ae
Author: Nicolas Ontiveros <54044510+niontive@users.noreply.github.com>
Date: Wed Dec 9 11:49:36 2020 -0800
Patch curl CVEs: 2020-8284, 2020-8285, and 2020-8286 (#455)
* Patch CVE-2020-8284
* Patch CVE-2020-8285
* Patch CVE-2020-8286
commit ef69a8e23a
Author: Joe Schmitt <1146681+schmittjoseph@users.noreply.github.com>
Date: Wed Dec 9 13:14:10 2020 -0500
Patch CVE-2020-1971 (#454)
commit d3afce09e2
Author: Joe Schmitt <1146681+schmittjoseph@users.noreply.github.com>
Date: Wed Dec 9 12:49:55 2020 -0500
Patch CVE-2020-25692 (#453)
commit ec501e25a1
Merge: fad702e27a2c7230
Author: Henry Li <69694695+henryli001@users.noreply.github.com>
Date: Wed Dec 9 00:14:17 2020 -0800
Merge pull request #450 from microsoft/lihl/walinuxagent-update
Upgrade WALinuxAgent to 2.2.52
commit 7a2c72307d
Author: Henry Li <lihl@microsoft.com>
Date: Tue Dec 8 23:03:44 2020 -0800
fix patch file
commit fad702e21e
Author: Andrew Phelps <anphel31@users.noreply.github.com>
Date: Tue Dec 8 21:49:41 2020 -0800
fix autoconf213 changelog date (#452)
commit 66b3c11303
Author: Henry Li <lihl@microsoft.com>
Date: Tue Dec 8 17:45:04 2020 -0800
upgrade to 2.2.52
commit a1de597e49
Author: Henry Li <lihl@microsoft.com>
Date: Tue Dec 8 17:01:55 2020 -0800
upgrade WALinuxAgent
commit 1d7c44f288
Author: Andrew Phelps <anphel31@users.noreply.github.com>
Date: Tue Dec 8 16:56:01 2020 -0800
Fix check tests for Cython, libserf, librelp, apr and autoconf213 (#444)
* fix Cython test
* fix libserf tests
* fix librelp test
* fix apr test
* fix autoconf213 tests
commit 1452909295
Author: Nicolas Ontiveros <54044510+niontive@users.noreply.github.com>
Date: Tue Dec 8 12:37:29 2020 -0800
Patch CVE-2020-25723 in qemu-kvm (#447)
commit b229c4ffd6
Author: Andrew Phelps <anphel31@users.noreply.github.com>
Date: Tue Dec 8 10:08:23 2020 -0800
update to golang 1.15 (#437)
commit 284e40ec62
Author: Pawel Winogrodzki <pawelwi@microsoft.com>
Date: Tue Dec 8 09:57:37 2020 -0800
Fixing `pkggen.mk` bug. (#446)
commit 28451002d5
Author: Christopher Co <christopher.co@microsoft.com>
Date: Mon Dec 7 15:47:17 2020 -0800
Update kernel to 5.4.81, Address 16 kernel CVEs (#434)
* Initial update to 5.4.81 using autoupdater script
* kernel: Address 16 CVEs
Address CVE-2020-25705, CVE-2020-15436, CVE-2020-28974, CVE-2020-29368,
CVE-2020-29369, CVE-2020-29370, CVE-2020-29374, CVE-2020-29373, CVE-2020-28915,
CVE-2020-28941, CVE-2020-27675, CVE-2020-15437, CVE-2020-29371, CVE-2020-29372,
CVE-2020-27194, CVE-2020-27152
* kernel: Remove patch for kexec in HyperV
Remove patch for kexec in HyperV. Integrated in 5.4.81.
* kernel: Update kernel configs for 5.4.81
* kernel: Add missing aarch64 configs
* kernel-hyperv: fix up configs
commit 4a4c31a979
Author: Pawel Winogrodzki <pawelwi@microsoft.com>
Date: Mon Dec 7 14:35:46 2020 -0800
Decreasing logging noise for package test builds. (#436)
* Decreasing logging noise for package test builds.
commit c822ea11b3
Author: Andrew Phelps <anphel31@users.noreply.github.com>
Date: Mon Dec 7 13:06:58 2020 -0800
Fix check tests for json-glib, libuv, pango (#439)
* fix json-glib check
* fix pango check
* fix libuv check test
* fix timestamp in json-glib
commit ea575ed96b
Author: Thomas Crain <thcrain@microsoft.com>
Date: Mon Dec 7 09:16:07 2020 -0600
Change link to ADO in ca-certificates.md (#438)
commit 71f86421f5
Merge: 35285d16cf89b5ef
Author: Henry Li <69694695+henryli001@users.noreply.github.com>
Date: Fri Dec 4 19:21:36 2020 -0800
Merge pull request #429 from microsoft/lihl/td-agent
Enable td-agent in Mariner
commit cf89b5ef7c
Author: Henry Li <lihl@microsoft.com>
Date: Fri Dec 4 19:19:36 2020 -0800
move source tarball to server and fix License field
commit 9080fa1ca6
Merge: 35285d16bcfd58c5
Author: Andrew Phelps <anphel@microsoft.com>
Date: Fri Dec 4 17:15:30 2020 -0800
Merge remote-tracking branch 'upstream/1.0' into 1.0
commit 35285d16f9
Author: Pawel Winogrodzki <pawelwi@microsoft.com>
Date: Fri Dec 4 16:19:09 2020 -0800
Adding timestamp to toolchain builds. (#435)
* Adding timestamp to toolchain builds.
commit b24f48ce1e
Author: rlmenge <rachelmenge@microsoft.com>
Date: Fri Dec 4 10:37:28 2020 -0500
Change systemConfig test to copy rather than reference valid users (#433)
* Fix test to copy rather than reference the users array in systemConfig
commit e8ebc9e5de
Author: Henry Beberman <henry.beberman@microsoft.com>
Date: Thu Dec 3 15:46:33 2020 -0800
Update golang spec to 1.15 (#420)
* Update golang spec to 1.15
* Disable x509ignoreCN for srpm packing for golang-1.15
* remove unused CVE patch, golang1.13 signatures file, and ifarch for bootstrap patch
* fix linting errors
* revert linting changes
Co-authored-by: Andrew Phelps <anphel@microsoft.com>
commit 561ef16cf6
Author: rlmenge <rachelmenge@microsoft.com>
Date: Thu Dec 3 17:21:37 2020 -0500
Add user file and allow setting for password to never expire (#419)
* Change the password expire days to an int to allow for -1 to be passed
The -1 argument allows for user's passsword to never expire
Also added users.go and tests for invalid settings
Add documentation for the User field under SystemConfigs
commit aac1f33546
Author: Christopher Co <christopher.co@microsoft.com>
Date: Thu Dec 3 11:28:37 2020 -0800
kernel: Add tpm eventlog patch for arm (#426)
commit f9061c584f
Author: Henry Li <lihl@microsoft.com>
Date: Thu Dec 3 10:44:47 2020 -0800
fix licensing
commit 45524ef329
Author: Pawel Winogrodzki <pawelwi@microsoft.com>
Date: Thu Dec 3 10:40:59 2020 -0800
Updating Microsoft trusted root CAs. (#342)
commit 6f42a418b6
Author: Nicolas Ontiveros <54044510+niontive@users.noreply.github.com>
Date: Thu Dec 3 08:01:24 2020 -0800
Move "waagent" to sbindir in WALinuxAgent (#428)
* Move "waagent" to sbindir in WALinuxAgent
* Address spec linting
commit 3ed4d4bf17
Author: Henry Li <lihl@microsoft.com>
Date: Wed Dec 2 11:13:51 2020 -0800
fix changelog comment
commit 461cb383af
Author: Pawel Winogrodzki <pawelwi@microsoft.com>
Date: Tue Dec 1 18:07:23 2020 -0800
Unifying toolchain build log file names with package builds. (#430)
commit e64d292129
Author: Johnson George <johgeorg@microsoft.com>
Date: Thu Nov 19 09:34:08 2020 +0000
HyperV IP injection support
commit 6fd993fb84
Author: Henry Li <lihl@microsoft.com>
Date: Tue Dec 1 13:33:25 2020 -0800
fix linting and check in license map and cgmanifest
commit b9e1b90123
Author: Henry Li <lihl@microsoft.com>
Date: Tue Dec 1 12:09:05 2020 -0800
td-agent workload
commit 655e368366
Author: Pawel Winogrodzki <pawelwi@microsoft.com>
Date: Mon Nov 30 16:49:46 2020 -0800
Unblocking `ruby` test from being run. (#408)
commit dab3423b04
Merge: c51c6d449fdc0299
Author: Jason Goscinski <jasongos@users.noreply.github.com>
Date: Mon Nov 30 16:48:07 2020 -0800
Merge pull request #424 from microsoft/jasongos-patch-2
Delete version-check.sh
commit c51c6d44f9
Author: Christopher Co <christopher.co@microsoft.com>
Date: Mon Nov 30 16:14:43 2020 -0800
Fix kexec() flow in HyperV (#415)
When invoking kexec() on a Linux guest running on a Hyper-V host, the kernel panics. Created and applied kernel patch that fixes this issue.
commit 9fdc0299d2
Author: Jason Goscinski <jasongos@users.noreply.github.com>
Date: Mon Nov 30 13:47:28 2020 -0800
Delete version-check.sh
Version-check.sh was meant to be deleted, but it was accidently restored during an internal 3 way merge. As part of that merge, a Microsoft copyright was appended to the top of the file. The origin of the file was LFS and was not intended to be included in CBL-Mariner.
commit cf46eb9bca
Author: Henry Beberman <henry.beberman@microsoft.com>
Date: Tue Nov 24 16:41:38 2020 -0800
Update libarchive source URL to GitHub (#418)
Update libarchive source URL to GitHub
commit 881cdf26b7
Author: Pawel Winogrodzki <pawelwi@microsoft.com>
Date: Tue Nov 24 14:09:52 2020 -0800
Skipping `tdnf` package tests. (#417)
commit 78be43fd2d
Author: Pawel Winogrodzki <pawelwi@microsoft.com>
Date: Tue Nov 24 14:08:39 2020 -0800
Generalizing and simplifying TDNF output regex for reading RPM repo contents. (#411)
* Generalizing and simplifying TDNF output regex.
* Extending regex to catch package versions with tildes in them.
Co-authored-by: Christopher Co <christopher.co@microsoft.com>
commit bcfd58c598
Merge: 4967c2d43525f42c
Author: nicolas guibourge <nicogbg@gmail.com>
Date: Tue Nov 24 08:17:12 2020 -0800
Merge pull request #413 from microsoft/nicogbg/November-Monthly-Release
Nicogbg/november monthly release
commit 3525f42c39
Author: Henry Beberman <henry.beberman@microsoft.com>
Date: Mon Nov 23 16:48:59 2020 -0800
Upgrade postgresql to 12.5 (#414)
postgresql v12.5 resolves CVE-2020-25695 and CVE-2020-25694
commit 37fc8b66b9
Author: Henry Beberman <henry.beberman@microsoft.com>
Date: Mon Nov 23 16:48:59 2020 -0800
Upgrade postgresql to 12.5 (#414)
postgresql v12.5 resolves CVE-2020-25695 and CVE-2020-25694
commit a26725d543
Author: chalamalasetty <42326515+chalamalasetty@users.noreply.github.com>
Date: Mon Nov 23 15:27:47 2020 -0800
Update grub command line required to boot on some specific hardware SoCs (#384)
* Update grub command line with inst.stage2 label CDROM
* Update grub command line required to boot on some specific hardware SoCs
Co-authored-by: schalam <schalam@microsoft.com>
commit 55e0b1b54a
Author: chalamalasetty <42326515+chalamalasetty@users.noreply.github.com>
Date: Mon Nov 23 15:27:47 2020 -0800
Update grub command line required to boot on some specific hardware SoCs (#384)
* Update grub command line with inst.stage2 label CDROM
* Update grub command line required to boot on some specific hardware SoCs
Co-authored-by: schalam <schalam@microsoft.com>
commit 714f83171f
Merge: 4967c2d43b433a90
Author: Nicolas Guibourge <nicolasg@microsoft.com>
Date: Mon Nov 23 08:25:38 2020 -0800
Merge branch '1.0-dev' into nicogbg/November-Monthly-Release
commit 3b433a900c
Author: Thomas Crain <thcrain@microsoft.com>
Date: Sun Nov 22 07:30:29 2020 -0800
Remove instances of %ldconfig_scriptlets in specs (#412)
commit bda9ad6c01
Author: nicolas guibourge <nicogbg@gmail.com>
Date: Fri Nov 20 16:27:08 2020 -0800
increment release number for CBL-Mariner November release (#409)
* increment release number for CBL-Mariner November release
* increment release number for CBL-Mariner November release
* address PR comments
commit 7da42bf31f
Author: Daniel McIlvaney <damcilva@microsoft.com>
Date: Fri Nov 20 15:21:07 2020 -0800
Fix qemu CVE-2018-12617 (#399)
* Fix qemu CVE-2018-12617
commit 20ad7ea044
Author: Andrew Phelps <anphel31@users.noreply.github.com>
Date: Fri Nov 20 10:50:34 2020 -0800
Fix check tests for json-c, libmodulemd, libpwquality (#405)
* fix tests
* update manifests
* fix typo
commit 9a632f38c4
Merge: 2d3633af6855f30d
Author: Johnson <johnson.george@microsoft.com>
Date: Fri Nov 20 10:44:29 2020 -0800
Merge pull request #365 from microsoft/johgeorg/openssl_ptest
Enable package test for openssl package
commit 2d3633af7f
Author: Pawel Winogrodzki <pawelwi@microsoft.com>
Date: Thu Nov 19 15:42:59 2020 -0800
Fixing `subversion` ptests. (#402)
* Adding build-time dependencies for `%check`.
* Aligning changelog with our conventions.
commit 58e41e2f43
Author: Pawel Winogrodzki <pawelwi@microsoft.com>
Date: Thu Nov 19 13:24:00 2020 -0800
Ptest fixes for `tdnf`, `tcsh`, `sysstat`. (#392)
* Installing Python dependencies for the tests.
* Adding `BuildRequires` on `shadow-utils` and `sudo` to fix `tcsh` package tests.
* Removing `%check` section from `sysstat`.
* Updating changelog and adding linter's suggestions.
commit 18397732ab
Author: Daniel McIlvaney <damcilva@microsoft.com>
Date: Thu Nov 19 11:03:52 2020 -0800
Don't warn about StreamOutput log buffer overflow (#400)
commit 28692542d0
Author: Christopher Co <christopher.co@microsoft.com>
Date: Wed Nov 18 18:12:32 2020 -0800
diskutils: Add MBR disk setup (#382)
parted uses the msdos option to create an MBR disk. So let's pass the correct msdos
option to parted instead of mbr when the user wants to make an MBR disk.
- Create new ConvertToPartedArgument method to convert a given PartitionTableType to its associated parted argument
- Add unit tests for ConvertToPartedArgument method
- Pass "msdos" option to parted instead of "mbr" in diskutils
commit 8b3b80703b
Author: chalamalasetty <42326515+chalamalasetty@users.noreply.github.com>
Date: Wed Nov 18 17:21:20 2020 -0800
Disable kernel config SLUB_DEBUG_ON due to tcp throughput perf impact (#387)
commit ba513a2e53
Author: Joe Schmitt <1146681+schmittjoseph@users.noreply.github.com>
Date: Wed Nov 18 14:55:44 2020 -0500
Fix missing ant requires (#397) (#398)
commit 84a77c7b8a
Author: Pawel Winogrodzki <pawelwi@microsoft.com>
Date: Wed Nov 18 10:46:26 2020 -0800
Adding missing runtime dependency. (#388)
* Adding missing runtime dependency.
* Reordering toolkit package installation.
commit 87b598fe84
Author: Joe Schmitt <1146681+schmittjoseph@users.noreply.github.com>
Date: Wed Nov 18 13:23:32 2020 -0500
Install cracklib before building pam (#375) (#396)
commit de5e3c326d
Author: nicolas guibourge <nicogbg@gmail.com>
Date: Tue Nov 17 12:41:52 2020 -0800
CVE-2020-15778 - no patch (#393)
* CVE-2020-15778 - no patch
* re-lint spec (re-linting always add a white line in the spec => may be a bug in the tool)
commit 3af9abb617
Author: nicolas guibourge <nicogbg@gmail.com>
Date: Tue Nov 17 12:40:54 2020 -0800
nopatch nginx CVE-2009-4487 (#394)
commit 46a7401992
Author: Daniel McIlvaney <damcilva@microsoft.com>
Date: Tue Nov 17 10:28:58 2020 -0800
Nopatch QEMU CVE-2020-12829 (#391)
commit 513170d593
Author: nicolas guibourge <nicogbg@gmail.com>
Date: Tue Nov 17 08:38:40 2020 -0800
Change name of CVE-2019-16275 patch (#390)
* Change name of CVE-2019-16275 patch
* lint the .spec file
commit 450c329ab0
Author: Pawel Winogrodzki <pawelwi@microsoft.com>
Date: Mon Nov 16 20:27:54 2020 -0800
Installing `ca-certificates` package for ptest builds. (#389)
commit 00770b7334
Author: Thomas Crain <thcrain@microsoft.com>
Date: Mon Nov 16 18:49:55 2020 -0800
Patch CVE-2020-8037 in tcpdump (#383)
Co-authored-by: Pawel Winogrodzki <pawelwi@microsoft.com>
commit ea706b71aa
Author: Nicolas Ontiveros <54044510+niontive@users.noreply.github.com>
Date: Mon Nov 16 15:21:50 2020 -0800
Fix systemd CVE-2019-6454 and CVE-2020-1712 patches (#374)
* Fix CVE-2019-6454 patch
* Update toolchain txt files
* Fix CVE-2020-1712 patch
* Update upstream patch info for CVE's 2019-6454/2020-1712
* Fix async_polkit_callback patch
commit 6f11f9cd2b
Author: Pawel Winogrodzki <pawelwi@microsoft.com>
Date: Mon Nov 16 11:31:49 2020 -0800
Adding `local::lib` perl5 library to fix package tests. (#381)
* Adding `local::lib` perl5 library to fix package tests.
commit b812866803
Author: Thomas Crain <thcrain@microsoft.com>
Date: Mon Nov 16 05:31:23 2020 -0800
Patch CVE-2019-19126 in glibc (#360)
commit 4967c2d412
Merge: 5bc8fa1c7180b155
Author: jslobodzian <joslobo@microsoft.com>
Date: Fri Nov 13 22:03:37 2020 -0800
Merge pull request #376 from microsoft/jslobodzian/off-cycle-merge-to-fix-cves-and-community-build-issues
Jslobodzian/off cycle merge to fix cves and community build issues
commit 7b9dcc5377
Author: chalamalasetty <42326515+chalamalasetty@users.noreply.github.com>
Date: Fri Nov 13 16:50:24 2020 -0800
Add support to build Arm64 ISO for CBL-Mariner (#373)
* Add support to build Arm64 ISO for CBL-Mariner
* Add support to build Arm64 ISO for CBL-Mariner
* Add support to build Arm64 ISO for CBL-Mariner
* Update to build_arch in imggen make file
* Repetition removal suggestions. (#378)
Repetition removal suggestions.
Co-authored-by: schalam <schalam@microsoft.com>
Co-authored-by: Pawel Winogrodzki <pawelwi@microsoft.com>
commit 177ea52526
Author: Pawel Winogrodzki <pawelwi@microsoft.com>
Date: Fri Nov 13 16:49:07 2020 -0800
Enabling network access for package builds running with `%check`. (#380)
commit 42ff7786ce
Author: Daniel McIlvaney <damcilva@microsoft.com>
Date: Fri Nov 13 14:40:30 2020 -0800
Add status badge, update quickstart workflow (#377)
commit fc79645dec
Author: Daniel McIlvaney <damcilva@microsoft.com>
Date: Fri Nov 13 12:40:36 2020 -0800
Add missing requires to auoms package (#369)
* Clean auoms.spec with linter feedback
* Add missing requirements to auoms
commit 717eb55dcf
Author: Henry Beberman <henry.beberman@microsoft.com>
Date: Thu Nov 12 18:31:01 2020 -0800
Add aspnetcore-runtime package (#372)
Add aspnetcore-runtime-3.1 package
Clean up dotnet-runtime-3.1 spec
commit 7180b15599
Author: Joe Schmitt <1146681+schmittjoseph@users.noreply.github.com>
Date: Thu Nov 5 10:19:47 2020 -0800
Include all sources in bond regardless of arch (#280)
commit 41a0fa61d1
Merge: cbcbaa2f9ec151a2
Author: Jon Slobodzian <joslobo@microsoft.com>
Date: Thu Nov 12 15:25:37 2020 -0800
Merge branch 'jslobodzian/off-cycle-merge-to-fix-cves-and-community-build-issues' of github.com:microsoft/CBL-Mariner into jslobodzian/off-cycle-merge-to-fix-cves-and-community-build-issues
commit cbcbaa2f22
Author: Pawel Winogrodzki <pawelwi@microsoft.com>
Date: Tue Nov 10 17:30:34 2020 -0800
Creating packages summary for correct repo for Docker builds. (#362)
commit 27666f0324
Merge: 7902a2f448144ec5
Author: Henry Li <69694695+henryli001@users.noreply.github.com>
Date: Thu Nov 12 14:30:46 2020 -0800
Merge pull request #371 from microsoft/lihl/qemu-CVE
Fix qemu-kvm CVEs (CVE-2020-13361, CVE-2020-11869, CVE-2020-14415, CVE-2020-15859, CVE-2020-13362, CVE-2020-25742, CVE-2020-25743, CVE-2020-15469, CVE-2020-24352)
commit 48144ec500
Author: Henry Li <lihl@microsoft.com>
Date: Thu Nov 12 12:18:04 2020 -0800
add patch for CVE-2020-24352
commit 409a7c6ca0
Author: Henry Li <lihl@microsoft.com>
Date: Thu Nov 12 10:54:46 2020 -0800
Fix qemu-kvm CVEs
commit 7902a2f471
Author: Thomas Crain <thcrain@microsoft.com>
Date: Thu Nov 12 10:32:25 2020 -0800
Patch CVE-2020-14352 in librepo (#368)
commit 3be3f8b4e9
Author: Pawel Winogrodzki <pawelwi@microsoft.com>
Date: Thu Nov 5 16:55:37 2020 -0800
Replacing deprecated flags with `imagepkgfetcher_extra_flags`. (#351)
(cherry picked from commit bbde6ef1c7)
commit 00871c8194
Author: Joe Schmitt <1146681+schmittjoseph@users.noreply.github.com>
Date: Thu Nov 5 11:09:52 2020 -0800
Use archive for man-pages (#347) (#349)
commit e7e4b498f6
Author: chalamalasetty <42326515+chalamalasetty@users.noreply.github.com>
Date: Thu Nov 12 00:01:05 2020 -0800
Enable Hyper-V daemons for Arm64 VHDX image (#370)
* Add core efi configuration file to generate Arm64 VHDX image
* Enable Hyper-V daemons for Arm64 VHDX image
Co-authored-by: schalam <schalam@microsoft.com>
commit d42ad2134f
Author: chalamalasetty <42326515+chalamalasetty@users.noreply.github.com>
Date: Thu Nov 12 00:00:27 2020 -0800
Enable arm64 hyperv and SoCs support for CBL-Mariner (#366)
* Enable arm64 hyperv and SoCs support for CBL-Mariner
* Update kernel config for Arm64 arch
* Update kernel configs for arm64 arch
* Enable arm64 hyperv and SoCs support for CBL-Mariner
Co-authored-by: schalam <schalam@microsoft.com>
commit 9ec151a289
Author: Thomas Crain <thcrain@microsoft.com>
Date: Wed Nov 11 16:23:50 2020 -0800
Upgrade python-markupsafe and python-zope-interface for setuptools compatibility (#367)
commit d867ecef4b
Author: Thomas Crain <thcrain@microsoft.com>
Date: Tue Nov 10 13:16:00 2020 -0800
Python 3: Upgrade to fix CVE-2019-20907, CVE-2020-26116, CVE-2019-18348, CVE-2020-14422, Patch CVE-2020-27619 (#358)
commit fde43f8807
Author: Pawel Winogrodzki <pawelwi@microsoft.com>
Date: Wed Nov 11 17:06:27 2020 -0800
Skipping one `zsh` ptest testcase if ran as superuser. (#363)
* Skipping test if ran as superuser.
* Adding linter's suggestion.
commit 541801186b
Author: Thomas Crain <thcrain@microsoft.com>
Date: Wed Nov 11 16:23:50 2020 -0800
Upgrade python-markupsafe and python-zope-interface for setuptools compatibility (#367)
commit 3e1ac3f5cf
Author: Daniel McIlvaney <damcilva@microsoft.com>
Date: Wed Nov 11 12:57:44 2020 -0800
ExecuteLiveWithCallback can dump output on error. (#340)
* ExecuteLiveWithCallback can dump output on error.
commit 6855f30d83
Author: Johnson George <johgeorg@microsoft.com>
Date: Wed Nov 11 00:38:16 2020 +0000
Enable package test for openssl package
commit 0b07e5e5ff
Author: Andrew Phelps <anphel31@users.noreply.github.com>
Date: Wed Nov 11 10:51:22 2020 -0800
Fix check tests for autoconf, gpgme, net-snmp (#364)
* fix check tests for autoconf, gpgme, net-snmp
* fix manifests
commit 8eed1092c1
Author: Pawel Winogrodzki <pawelwi@microsoft.com>
Date: Tue Nov 10 17:30:34 2020 -0800
Creating packages summary for correct repo for Docker builds. (#362)
commit 6874eeb1af
Author: Thomas Crain <thcrain@microsoft.com>
Date: Tue Nov 10 13:28:55 2020 -0800
Nopatch CVE-2013-0222, CVE-2013-0223 in coreutils (#359)
commit 93fe450a4f
Author: Thomas Crain <thcrain@microsoft.com>
Date: Tue Nov 10 13:16:00 2020 -0800
Python 3: Upgrade to fix CVE-2019-20907, CVE-2020-26116, CVE-2019-18348, CVE-2020-14422, Patch CVE-2020-27619 (#358)
commit 05687921cd
Author: Thomas Crain <thcrain@microsoft.com>
Date: Mon Nov 9 09:57:46 2020 -0800
Fix word wrapping in qemu-kvm CVE-2018-19665 patch (#356)
commit 9508d17831
Author: rlmenge <rlmenge@gmail.com>
Date: Fri Nov 6 18:36:14 2020 -0500
No patch for mySQL and CVE-2012-5627 (#353)
* no patch for CVE-2012-5627
commit c041887a74
Author: Henry Beberman <henry.beberman@microsoft.com>
Date: Fri Nov 6 09:41:36 2020 -0800
Add libxcrypt spec (#343)
libxcrypt is a replacement for the libcrypt functionality in glibc
To enable a select few package installs we need to enable libxcrypt
to install on top of an existing glibc libcrypt installation.
This installation on top of glibc is a temporary measure, in future
releases the plan is to move to libxcrypt completely.
commit bbde6ef1c7
Author: Pawel Winogrodzki <pawelwi@microsoft.com>
Date: Thu Nov 5 16:55:37 2020 -0800
Replacing deprecated flags with `imagepkgfetcher_extra_flags`. (#351)
commit 61c1b96e04
Author: Pawel Winogrodzki <pawelwi@microsoft.com>
Date: Thu Nov 5 14:48:24 2020 -0800
Nopatching CVE-2020-14145. (#337)
* Nopatching CVE-2020-14145
* Addressing linter's suggestions.
commit d661370179
Author: rlmenge <rlmenge@gmail.com>
Date: Thu Nov 5 16:43:50 2020 -0500
CVEs for mySQL (#341)
* CVEs for mySQL
Upgraded MySQL to version 8.0.22 to fix 40 CVEs.
commit aeb87c4fe7
Author: Thomas Crain <thcrain@microsoft.com>
Date: Thu Nov 5 11:28:22 2020 -0800
Remove RPM path macros from local package build contexts in go (#350)
commit 50066f4168
Author: Thomas Crain <thcrain@microsoft.com>
Date: Thu Nov 5 11:27:46 2020 -0800
Nopatch CVE-2019-18276 in bash (#266)
commit 5ae04be885
Author: Joe Schmitt <1146681+schmittjoseph@users.noreply.github.com>
Date: Thu Nov 5 11:09:52 2020 -0800
Use archive for man-pages (#347) (#349)
commit f8b35f6083
Author: Thomas Crain <thcrain@microsoft.com>
Date: Thu Nov 5 10:58:59 2020 -0800
Patch CVE-2018-19665 in qemu (#324)
commit a8867ab61d
Merge: 21b2c234a5ab9b2a
Author: Thomas Crain <thcrain@microsoft.com>
Date: Thu Nov 5 10:21:12 2020 -0800
Patch CVE-2020-24553 in go (#326)
* Patch CVE-2020-24553 in go
* Fixup for patch
commit 21b2c234ab
Author: Thomas Crain <thcrain@microsoft.com>
Date: Thu Nov 5 10:21:03 2020 -0800
Patch CVE-2020-8927 in brotli (#323)
commit 90940092d4
Author: Joe Schmitt <1146681+schmittjoseph@users.noreply.github.com>
Date: Thu Nov 5 10:19:47 2020 -0800
Include all sources in bond regardless of arch (#280)
commit ee24ec7942
Author: Thomas Crain <thcrain@microsoft.com>
Date: Thu Nov 5 08:11:38 2020 -0800
Nopatch for trousers CVE-2020-24332 (#287)
commit 54dc069f66
Author: Thomas Crain <thcrain@microsoft.com>
Date: Thu Nov 5 08:07:37 2020 -0800
Nopatch CVE-2019-1010180 in gdb (#269)
commit 28da59c6a1
Author: Nicolas Ontiveros <54044510+niontive@users.noreply.github.com>
Date: Thu Nov 5 08:00:22 2020 -0800
OpenSSH: No patch CVE-2007-2768 (#315)
* No patch CVE-2007-2768
* Address linting
* Remove extra space
* Address PR comments
commit a5ab9b2a23
Author: Thomas Crain <thcrain@microsoft.com>
Date: Wed Nov 4 19:45:54 2020 -0800
Fixup for patch
commit 948c2dcd28
Author: Joe Schmitt <1146681+schmittjoseph@users.noreply.github.com>
Date: Wed Nov 4 15:12:29 2020 -0800
Fix pcre CVE-2020-14155 (#305)
commit f7a7f26f92
Author: Henry Beberman <henry.beberman@microsoft.com>
Date: Wed Nov 4 14:58:38 2020 -0800
Add heimdal, ipv6calc, perl-JSON (#338)
Add heimdal, ipv6calc, perl-JSON specs
commit 157fad7d83
Author: Christopher Co <christopher.co@microsoft.com>
Date: Wed Nov 4 10:57:49 2020 -0800
Update kernel to 5.4.72, Address 54 kernel CVEs, Add license file (#273)
Update kernel source to 5.4.72. New kernel source contains fixes for many kernel CVEs flagged by our tooling so address the CVEs. As part of this update, also add the kernel COPYING file to the packages missing the license file.
commit 22ee531895
Author: Pawel Winogrodzki <pawelwi@microsoft.com>
Date: Wed Nov 4 10:29:29 2020 -0800
Fixing CVE-2020-15705 in `grub2`. (#319)
* Applying spec linter's suggestions.
* Adding a patch for CVE-2020-15705.
commit 172fef1cf5
Author: Pawel Winogrodzki <pawelwi@microsoft.com>
Date: Wed Nov 4 10:21:07 2020 -0800
Updating `clamav` to 0.103.0. (#278)
commit 4239db8249
Author: Thomas Crain <thcrain@microsoft.com>
Date: Wed Nov 4 06:23:04 2020 -0800
Patch CVE-2020-25613 in ruby (#268)
* Patch CVE-2020-25613 in ruby
* Fix patch
commit b6dde3a5e7
Author: Thomas Crain <thcrain@microsoft.com>
Date: Wed Nov 4 06:20:10 2020 -0800
Patch CVE-2019-12749 in dbus (#267)
commit cd52570772
Author: Pawel Winogrodzki <pawelwi@microsoft.com>
Date: Tue Nov 3 16:16:06 2020 -0800
Updating `nghttp2` to 1.41.0 to fix CVE-2020-11080. (#333)
* Updating `nghttp2` to 1.41.0 to fix CVE-2020-11080.
* Addressing linter's suggestions.
commit 94a74df40f
Author: Pawel Winogrodzki <pawelwi@microsoft.com>
Date: Tue Nov 3 16:14:02 2020 -0800
Updating `postgresql` to 12.4 to fix CVE-2020-14349 and CVE-2020-14350. (#336)
* Updating `postgresql` to 12.4 to fix CVE-2020-14349 and CVE-2020-14350.
* Addressing linter's suggestions.
commit c98d311027
Author: Nicolas Ontiveros <54044510+niontive@users.noreply.github.com>
Date: Tue Nov 3 15:40:13 2020 -0800
Patch systemd CVEs: 2019-3842, 2019-3843, 2019-3844, 2019-6454, 2019-20386, 2020-1712, 2020-13776 (#248)
* Patch CVE-2019-3842
* Patch CVE-2019-3843
* Fix URL in CVE-2019-3843.patch
* Patch CVE-2019-3844
* Patch CVE-2019-6454
* Update CVE-2019-6454 patch
* Patch CVE-2019-20386
* Patch CVE-2020-1712
* Patch CVE-2020-13776
* Update toolchain txt files
* Update systemd-bootstrap
* Fix toolchain aarch64
* Fix linting for systemd-bootstrap
* Address more systemd-bootstrap linting
* Addres systemd spec linting
* Add newline at end of systemd spec
* Fix systemd-bootstrap spec
commit d8f24c1187
Author: Thomas Crain <thcrain@microsoft.com>
Date: Tue Nov 3 15:20:26 2020 -0800
Patch CVE-2020-27619 in python2 (#330)
commit 233b085c1c
Merge: 391b026c9ce1c1ba
Author: Nicolas Ontiveros <54044510+niontive@users.noreply.github.com>
Date: Mon Nov 2 13:49:03 2020 -0800
Merge pull request #312 from microsoft/niontive/flex-cve
No Patch CVE-2019-6293
commit 391b026cdc
Merge: b809b4d1c8b75741
Author: Nicolas Ontiveros <54044510+niontive@users.noreply.github.com>
Date: Mon Nov 2 11:49:31 2020 -0800
Merge pull request #277 from microsoft/niontive/libvirt-cve
Patch CVE-2020-25637
commit a510f75be7
Author: Thomas Crain <thcrain@microsoft.com>
Date: Mon Nov 2 07:52:41 2020 -0800
Patch CVE-2020-24553 in go
commit b809b4d1bb
Merge: bde3e86bf267d1d7
Author: Nicolas Ontiveros <54044510+niontive@users.noreply.github.com>
Date: Fri Oct 30 16:33:21 2020 -0700
Merge pull request #308 from microsoft/niontive/core-utils-cve
No patch CVE-2013-0221 and CVE-2016-2781
commit bde3e86b7b
Author: Pawel Winogrodzki <pawelwi@microsoft.com>
Date: Sat Oct 31 00:29:33 2020 +0100
Updating `vim` to version 8.1.1667 to fix CVE-2019-20807. (#320)
* Updating `vim` to version 8.1.1667 to fix CVE-2019-20807.
* Adding linter's suggestions.
commit f0ab9457fa
Author: Pawel Winogrodzki <pawelwi@microsoft.com>
Date: Fri Oct 30 23:33:57 2020 +0100
Updating `net-snmp` to fix CVE-2019-20892. (#313)
commit 33a0035ec2
Author: Joe Schmitt <1146681+schmittjoseph@users.noreply.github.com>
Date: Fri Oct 30 13:02:08 2020 -0700
Use pointer to systemconfig (#311)
commit 5bc8fa1c8f
Author: Joe Schmitt <1146681+schmittjoseph@users.noreply.github.com>
Date: Thu Oct 29 18:21:58 2020 -0700
Properly update AdditionalFiles in isomaker (#309)
Co-authored-by: Joe Schmitt <joschmit@microsoft.com>
commit 9ce1c1bacc
Author: Nicolas Ontiveros <niontive@microsoft.com>
Date: Thu Oct 29 17:28:36 2020 -0700
More flex spec linting
commit cc2128b11c
Author: Nicolas Ontiveros <niontive@microsoft.com>
Date: Thu Oct 29 17:26:59 2020 -0700
Move lex to separate script
commit 95329c7013
Author: Nicolas Ontiveros <niontive@microsoft.com>
Date: Thu Oct 29 17:13:44 2020 -0700
More linting
commit 79f39d9a42
Author: Nicolas Ontiveros <niontive@microsoft.com>
Date: Thu Oct 29 17:08:40 2020 -0700
Lint changelog
commit 8276cd532b
Author: Nicolas Ontiveros <niontive@microsoft.com>
Date: Thu Oct 29 17:03:54 2020 -0700
Update toolchain txt files
commit 6a01bda8c7
Author: Nicolas Ontiveros <niontive@microsoft.com>
Date: Thu Oct 29 16:42:16 2020 -0700
No patch CVE-2019-6293
commit a44aea8298
Author: rychenf1 <rychenf1@gmail.com>
Date: Thu Oct 29 16:32:07 2020 -0700
Patch CVE-2020-13791 in qemu (#281)
* Patch CVE-2020-13791 in qemu
* Run spec-cleaner
* rebase, adjust release and patch number
commit f267d1d72d
Author: Nicolas Ontiveros <niontive@microsoft.com>
Date: Thu Oct 29 15:37:49 2020 -0700
Fix url HTTPS and changelog spaces
commit b508adacaa
Author: Nicolas Ontiveros <niontive@microsoft.com>
Date: Thu Oct 29 15:35:56 2020 -0700
Remove extra "url"
commit 147f0ff68e
Author: Nicolas Ontiveros <niontive@microsoft.com>
Date: Thu Oct 29 15:29:52 2020 -0700
Fix spec linting
commit 4d4e91ea68
Author: Nicolas Ontiveros <niontive@microsoft.com>
Date: Thu Oct 29 15:22:00 2020 -0700
Update toolchain and pkggen txt files
commit 81fc6423a7
Author: Nicolas Ontiveros <niontive@microsoft.com>
Date: Thu Oct 29 15:18:53 2020 -0700
No patch CVE-2013-0221
commit ac39c207f4
Author: Nicolas Ontiveros <niontive@microsoft.com>
Date: Thu Oct 29 14:47:02 2020 -0700
Nopatch CVE-2016-2781
commit 0fc247576d
Author: Joe Schmitt <1146681+schmittjoseph@users.noreply.github.com>
Date: Thu Oct 29 11:23:21 2020 -0700
Fix qemu CVE-2020-13800 and CVE-2020-14364 (#306)
commit 729cdc5224
Author: Pawel Winogrodzki <pawelwi@microsoft.com>
Date: Thu Oct 29 19:05:05 2020 +0100
Fixing `qemu-kvm` CVE-2020-13253 and CVE-2020-13754. (#304)
* Adding a patch for CVE-2020-13754.
* Adding a patch for CVE-2020-13253.
* Moving back to %setup.
commit a27ee369fa
Author: jslobodzian <joslobo@microsoft.com>
Date: Wed Oct 28 11:47:40 2020 -0700
Corrected URL_LIST links to preview repo (#295)
commit 3062c2e9d8
Author: Joe Schmitt <1146681+schmittjoseph@users.noreply.github.com>
Date: Wed Oct 28 12:29:12 2020 -0700
Prevent AdditionalFiles from being modified during iteration (#297) (#298)
commit 7f2b151b34
Author: nicolas guibourge <nicogbg@gmail.com>
Date: Wed Oct 28 16:45:03 2020 -0700
Address source RPM publishing issue on packages.microsoft.com (#303)
commit 6aebeb578b
Author: nicolas guibourge <nicogbg@gmail.com>
Date: Wed Oct 28 16:45:03 2020 -0700
Address source RPM publishing issue on packages.microsoft.com (#303)
commit 8036be64d4
Merge: fd6779f2d0e7c246
Author: Henry Li <69694695+henryli001@users.noreply.github.com>
Date: Wed Oct 28 16:34:07 2020 -0700
Merge pull request #302 from microsoft/lihl/glibc-CVE
Fix glibc CVE-2019-7309
commit fd6779f293
Merge: f90174252b43e91b
Author: Henry Li <69694695+henryli001@users.noreply.github.com>
Date: Wed Oct 28 16:32:11 2020 -0700
Merge pull request #293 from microsoft/lihl/qemu-CVE
Fix Qemu CVE-2020-10702, CVE-2020-10761
commit 2b43e91b33
Author: Henry Li <lihl@microsoft.com>
Date: Wed Oct 28 16:27:45 2020 -0700
address comment
commit d0e7c246ff
Author: Henry Li <lihl@microsoft.com>
Date: Wed Oct 28 16:11:45 2020 -0700
fix more toolchain manifest issue
commit ca583e3df4
Author: Henry Li <lihl@microsoft.com>
Date: Wed Oct 28 16:07:22 2020 -0700
save toolchain pkg changes
commit 8f1d2d2cd7
Merge: 880573c8f9017425
Author: Henry Li <lihl@microsoft.com>
Date: Wed Oct 28 15:04:31 2020 -0700
resolve conflicts
commit 880573c82a
Author: Henry Li <lihl@microsoft.com>
Date: Wed Oct 28 15:00:48 2020 -0700
update toolchain information
commit f901742520
Author: rychenf1 <rychenf1@gmail.com>
Date: Wed Oct 28 14:48:57 2020 -0700
Patch CVE-2020-24977 in libxml2 (#282)
commit f9c480731d
Merge: 9ec95b3d40ffdc79
Author: Nick Samson <nick.samson@microsoft.com>
Date: Wed Oct 28 14:31:37 2020 -0700
Merge pull request #275 from microsoft/nisamson/nopatch-old-comments
Updated unzip spec to ensure CVE tooling detection
commit 9ec95b3ddc
Author: Pawel Winogrodzki <pawelwi@microsoft.com>
Date: Wed Oct 28 22:24:57 2020 +0100
Revert "Disabling the MD4 algorithm. (#272)" (#301)
This reverts commit 85330c701f.
commit 4be01ba170
Author: Henry Li <lihl@microsoft.com>
Date: Wed Oct 28 14:14:57 2020 -0700
fix spec format
commit 545af35e7c
Author: Henry Li <lihl@microsoft.com>
Date: Wed Oct 28 13:45:22 2020 -0700
fix glibc CVE
commit 8d9d99c99b
Author: Joe Schmitt <1146681+schmittjoseph@users.noreply.github.com>
Date: Wed Oct 28 12:29:12 2020 -0700
Prevent AdditionalFiles from being modified during iteration (#297) (#298)
commit 3627b06043
Merge: 3159d7df453926a1
Author: Henry Li <69694695+henryli001@users.noreply.github.com>
Date: Wed Oct 28 12:20:54 2020 -0700
Merge pull request #296 from microsoft/lihl/nginx-CVE
Fix nginx CVE-2019-20372
commit 3159d7df3f
Author: jslobodzian <joslobo@microsoft.com>
Date: Wed Oct 28 11:47:40 2020 -0700
Corrected URL_LIST links to preview repo (#295)
commit 453926a1ca
Author: Henry Li <lihl@microsoft.com>
Date: Wed Oct 28 11:26:27 2020 -0700
fix SPEC format
commit 85df8b47e4
Author: Henry Li <lihl@microsoft.com>
Date: Wed Oct 28 11:16:29 2020 -0700
fix patch
commit b4894f7ab7
Author: Henry Li <lihl@microsoft.com>
Date: Wed Oct 28 10:59:41 2020 -0700
fix nginx CVE
commit e90b112b41
Author: Henry Li <lihl@microsoft.com>
Date: Wed Oct 28 09:55:36 2020 -0700
re-fix SPEC format
commit a0eecf077b
Author: Henry Li <lihl@microsoft.com>
Date: Tue Oct 27 22:51:40 2020 -0700
format SPEC file
commit e20bd54520
Merge: ff79df6f2e705831
Author: Henry Li <lihl@microsoft.com>
Date: Tue Oct 27 18:41:03 2020 -0700
fix patch issues
commit 2e70583100
Author: Thomas Crain <thcrain@microsoft.com>
Date: Tue Oct 27 15:59:35 2020 -0700
Revamp failure test for spec linting action (#290)
commit 95f0d27c6c
Merge: 612528d6993d2420
Author: Nicolas Ontiveros <54044510+niontive@users.noreply.github.com>
Date: Tue Oct 27 13:05:51 2020 -0700
Merge pull request #286 from microsoft/niontive/fix-binutils
Fix CVE-2019-17450 patch file
commit 612528d6e6
Author: Thomas Crain <thcrain@microsoft.com>
Date: Tue Oct 27 12:52:47 2020 -0700
Fix bash script issue (#284)
commit 993d242031
Author: Nicolas Ontiveros <niontive@microsoft.com>
Date: Tue Oct 27 12:40:39 2020 -0700
Fix CVE-2019-17450 patch file
commit ff79df6fe3
Merge: 48dbe4a6f327334e
Author: Henry Li <lihl@microsoft.com>
Date: Tue Oct 27 12:09:07 2020 -0700
commit before merge
commit 48dbe4a6e0
Author: Henry Li <lihl@microsoft.com>
Date: Tue Oct 27 12:04:07 2020 -0700
save current changes
commit f327334eaa
Author: Thomas Crain <thcrain@microsoft.com>
Date: Tue Oct 27 09:24:52 2020 -0700
Enable spec lint PR gating (#270)
commit 85330c701f
Author: Pawel Winogrodzki <pawelwi@microsoft.com>
Date: Tue Oct 27 14:02:06 2020 +0100
Disabling the MD4 algorithm. (#272)
Co-authored-by: Henry Beberman <henry.beberman@microsoft.com>
commit c8b75741a1
Author: Nicolas Ontiveros <niontive@microsoft.com>
Date: Mon Oct 26 16:30:35 2020 -0700
Patch CVE-2020-25637
commit db82a19572
Merge: 02ef42a2cbb64e4b
Author: Nicolas Ontiveros <54044510+niontive@users.noreply.github.com>
Date: Mon Oct 26 16:27:27 2020 -0700
Merge pull request #274 from microsoft/niontive/cloud-init-cve
Patch CVE-2020-8631 and CVE-2020-8632 in cloud-init
commit 02ef42a22b
Merge: 1500b2abd0e4bb01
Author: Henry Li <69694695+henryli001@users.noreply.github.com>
Date: Mon Oct 26 15:38:26 2020 -0700
Merge pull request #276 from microsoft/lihl/openldap-CVE
Fix openldap CVE-2015-3276
commit d0e4bb0134
Author: Henry Li <lihl@microsoft.com>
Date: Mon Oct 26 14:39:58 2020 -0700
check in patch file
commit f256824e5d
Author: Henry Li <lihl@microsoft.com>
Date: Mon Oct 26 14:24:01 2020 -0700
fix CVE
commit 1500b2ab09
Merge: ff296a7d2f6f3d48
Author: Henry Li <69694695+henryli001@users.noreply.github.com>
Date: Mon Oct 26 11:51:20 2020 -0700
Merge pull request #261 from microsoft/lihl/redis-CVE
Fix redis CVE-2020-14147
commit ff296a7d05
Author: Daniel McIlvaney <damcilva@microsoft.com>
Date: Mon Oct 26 11:48:18 2020 -0700
Add validatechroot tool to check worker chroot dependencies (#231)
* Add validatechroot tool to check chroot worker deps.
Run `sudo make validate-chroot`
Signed-off-by: Daniel McIlvaney <damcilva@microsoft.com>
commit cbb64e4bdc
Author: Nicolas Ontiveros <niontive@microsoft.com>
Date: Mon Oct 26 11:45:01 2020 -0700
Patch CVE-2020-8632
commit fdb0ec1de2
Author: Nicolas Ontiveros <niontive@microsoft.com>
Date: Mon Oct 26 11:31:58 2020 -0700
Patch CVE-2020-8631
commit 40ffdc7961
Author: Nick Samson <nick.samson@microsoft.com>
Date: Fri Oct 23 15:05:20 2020 -0700
Updated unzip spec to ensure CVE tooling detection
commit a12c296c0a
Merge: 573e9d0d18b70f46
Author: Nicolas Ontiveros <54044510+niontive@users.noreply.github.com>
Date: Mon Oct 26 10:55:30 2020 -0700
Merge pull request #249 from microsoft/niontive/python2-cve
Patch Python2 CVEs: 2019-9674, 2019-20907, 2020-26116
commit 18b70f464b
Author: Nicolas Ontiveros <niontive@microsoft.com>
Date: Mon Oct 26 10:53:50 2020 -0700
Use autosetup in python2
commit 2f6f3d48e6
Author: Henry Li <lihl@microsoft.com>
Date: Mon Oct 26 10:42:36 2020 -0700
resolve comments
commit 573e9d0dfc
Merge: 69e14af6a1ab27c9
Author: Nicolas Ontiveros <54044510+niontive@users.noreply.github.com>
Date: Mon Oct 26 10:40:56 2020 -0700
Merge pull request #271 from microsoft/niontive/cairo-cves
Patch CVE-2018-19876 (Cairo)
commit a1ab27c95b
Author: Nicolas Ontiveros <niontive@microsoft.com>
Date: Mon Oct 26 09:30:11 2020 -0700
Patch CVE-2018-19876
commit 69e14af622
Merge: 41ad04d1651aee04
Author: Nicolas Ontiveros <54044510+niontive@users.noreply.github.com>
Date: Mon Oct 26 08:46:45 2020 -0700
Merge pull request #255 from microsoft/niontive/binutils-cve
Patch Binutils CVEs
commit 41ad04d1a7
Merge: 534d5bfcb4938c2b
Author: Nicolas Ontiveros <54044510+niontive@users.noreply.github.com>
Date: Mon Oct 26 08:44:13 2020 -0700
Merge pull request #250 from microsoft/niontive/unzip-cves
Fix CVE patch names for unzip
commit b4938c2b31
Author: Nicolas Ontiveros <niontive@microsoft.com>
Date: Mon Oct 26 08:41:51 2020 -0700
Use autosetup in unzip
commit 149c89e7a5
Merge: 3799615a534d5bfc
Author: Nicolas Ontiveros <niontive@microsoft.com>
Date: Mon Oct 26 08:28:10 2020 -0700
Merge branch '1.0-dev' into niontive/unzip-cves
commit 651aee049f
Author: Nicolas Ontiveros <niontive@microsoft.com>
Date: Mon Oct 26 08:24:34 2020 -0700
Use autosetup for binutils
commit 6dc378e358
Merge: b9b48360534d5bfc
Author: Nicolas Ontiveros <niontive@microsoft.com>
Date: Mon Oct 26 07:56:24 2020 -0700
Merge branch '1.0-dev' into niontive/binutils-cve
commit b2931d89d4
Merge: b3135d9b534d5bfc
Author: Nicolas Ontiveros <niontive@microsoft.com>
Date: Mon Oct 26 06:16:43 2020 -0700
Merge branch '1.0-dev' into niontive/python2-cve
commit b3135d9bb3
Author: Nicolas Ontiveros <niontive@microsoft.com>
Date: Mon Oct 26 06:13:04 2020 -0700
Update toolchain txt
commit d05bd17433
Author: Nicolas Ontiveros <niontive@microsoft.com>
Date: Mon Oct 26 06:10:45 2020 -0700
Fix CVE-2017-18207 patch
commit fefbf5f03b
Author: jslobodzian <joslobo@microsoft.com>
Date: Sun Oct 25 18:50:06 2020 -0700
Merge distroless container revert to 1.0 (#265)
* Revert "Implement "distroless" containers (#252)"
This reverts commit e41efdda19.
* Revert "Implement "distroless" containers (#252)" (#264)
This reverts commit e41efdda19.
commit 534d5bfc58
Author: jslobodzian <joslobo@microsoft.com>
Date: Sun Oct 25 18:37:45 2020 -0700
Revert "Implement "distroless" containers (#252)" (#264)
This reverts commit e41efdda19.
commit 5074ad915f
Merge: 3f20b40d1129ca14
Author: Nicolas Ontiveros <niontive@microsoft.com>
Date: Sun Oct 25 08:31:45 2020 -0700
Merge branch '1.0-dev' into niontive/python2-cve
commit 5df20d406a
Author: Jon Slobodzian <joslobo@microsoft.com>
Date: Sat Oct 24 23:12:44 2020 -0700
Fixed poorly merged files
commit 08fe4cc6b8
Author: Jon Slobodzian <joslobo@microsoft.com>
Date: Sat Oct 24 19:10:46 2020 -0700
Fixed bad file merge
commit e10f52efdb
Author: Jon Slobodzian <joslobo@microsoft.com>
Date: Sat Oct 24 19:07:44 2020 -0700
fix missed merge file
commit e9af376abd
Merge: 1deb33421129ca14
Author: Jon Slobodzian <joslobo@microsoft.com>
Date: Sat Oct 24 19:05:31 2020 -0700
Merge branch '1.0-dev' into 1.0 for October Update
commit 1129ca147b
Author: Andrew Phelps <anphel31@users.noreply.github.com>
Date: Sat Oct 24 16:47:46 2020 -0700
fix setup (#263)
commit 71e34ba2e2
Author: jslobodzian <joslobo@microsoft.com>
Date: Sat Oct 24 16:45:30 2020 -0700
Updated mariner-release package version (#262)
commit e41efdda19
Author: Mateusz Malisz <maliszmat@outlook.com>
Date: Sat Oct 24 11:28:47 2020 +0200
Implement "distroless" containers (#252)
* Create distroless container without bash and surplus dependencies
* Remove RPM database for distroless
* Add busybox and uclibc. Add distroless-packages-debug
* Update cgmanifest
Co-authored-by: Jon Slobodzian <joslobo@microsoft.com>
Co-authored-by: MateuszMalisz <mamalisz@microsoft.com>
commit 6182dbd17a
Author: Henry Li <lihl@microsoft.com>
Date: Fri Oct 23 16:09:17 2020 -0700
resolve comments
commit e9d587aa94
Author: Henry Li <lihl@microsoft.com>
Date: Fri Oct 23 14:40:43 2020 -0700
fix CVE-2020-14147
commit a42f887eac
Author: Andrew Phelps <anphel31@users.noreply.github.com>
Date: Fri Oct 23 13:10:31 2020 -0700
Add auoms package (#258)
* add auoms package
* add auoms original source url comments
* fix changelog history
* fix auoms signatures
* fix changelog
* use %license
* update licenses-map
* add omi to LICENSES-MAP
* merge latest LICENSES-MAP
commit 3f20b40dc6
Author: Nicolas Ontiveros <niontive@microsoft.com>
Date: Fri Oct 23 12:13:08 2020 -0700
Ignore CVE-2019-18348
commit dca52581ad
Author: Nicolas Ontiveros <niontive@microsoft.com>
Date: Fri Oct 23 12:04:05 2020 -0700
Patch CVE-2017-18207
commit 45ce54e16c
Author: Joe Schmitt <1146681+schmittjoseph@users.noreply.github.com>
Date: Fri Oct 23 10:36:30 2020 -0700
Generate ant signatures (#260)
commit da7210e6cc
Author: Nicolas Ontiveros <niontive@microsoft.com>
Date: Fri Oct 23 08:38:38 2020 -0700
No patch CVE-2007-4559
commit 159deec0aa
Merge: 21eee62c56ad1646
Author: Nicolas Ontiveros <niontive@microsoft.com>
Date: Fri Oct 23 08:34:55 2020 -0700
Merge branch '1.0-dev' into niontive/python2-cve
commit 56ad1646fc
Author: Pawel Winogrodzki <pawelwi@microsoft.com>
Date: Fri Oct 23 12:40:52 2020 +0200
Adding the `ccache` and `clamav` packages. (#251)
commit 8397380840
Merge: 01d594a9f95e72e0
Author: Nick Samson <nick.samson@microsoft.com>
Date: Thu Oct 22 23:56:22 2020 -0700
Merge pull request #259 from microsoft/nisamson/add-omi
Adding omi package
commit f95e72e040
Author: Nick Samson <nick.samson@microsoft.com>
Date: Thu Oct 22 18:27:22 2020 -0700
Added omi package
commit b9b483602d
Author: Nicolas Ontiveros <niontive@microsoft.com>
Date: Thu Oct 22 14:51:52 2020 -0700
Update pkggen and toolchain txt files
commit 57bfd2059f
Author: Nicolas Ontiveros <niontive@microsoft.com>
Date: Thu Oct 22 14:49:25 2020 -0700
Fix CVE-2019-17451
commit dc15941223
Author: Nicolas Ontiveros <niontive@microsoft.com>
Date: Thu Oct 22 14:32:13 2020 -0700
Patch CVE-2019-17450
commit dd80c16575
Author: Nicolas Ontiveros <niontive@microsoft.com>
Date: Thu Oct 22 14:13:12 2020 -0700
Patch CVE-2019-9074
commit 615d12fdd3
Author: Nicolas Ontiveros <niontive@microsoft.com>
Date: Thu Oct 22 14:02:40 2020 -0700
Patch CVE-2019-9073
commit 01d594a934
Author: rychenf1 <rychenf1@gmail.com>
Date: Thu Oct 22 13:55:24 2020 -0700
Nopatch sqlite CVE-2015-3717 (#254)
commit 95938a8b4f
Author: Nicolas Ontiveros <niontive@microsoft.com>
Date: Thu Oct 22 13:48:53 2020 -0700
Nopatch CVE-2019-9072
commit fb1a9b4e37
Author: Nicolas Ontiveros <niontive@microsoft.com>
Date: Thu Oct 22 13:42:33 2020 -0700
Patch CVE-2019-9071
commit f6a5fb9955
Author: Nicolas Ontiveros <niontive@microsoft.com>
Date: Thu Oct 22 13:18:07 2020 -0700
Fix CVE-2019-14444
commit 234def32a8
Author: Nicolas Ontiveros <niontive@microsoft.com>
Date: Thu Oct 22 12:57:58 2020 -0700
Fix CVE-2019-14250
commit fca1bb7930
Author: Nicolas Ontiveros <niontive@microsoft.com>
Date: Thu Oct 22 12:46:11 2020 -0700
Patch CVE-2019-12972 in binutils
commit 8aca46a825
Merge: 4d498efea400f02c
Author: Henry Li <69694695+henryli001@users.noreply.github.com>
Date: Thu Oct 22 12:19:02 2020 -0700
Merge pull request #253 from microsoft/lihl/ant-CVE-2020-11979
Fix Ant CVE-2020-11979
commit a400f02c84
Author: Henry Li <lihl@microsoft.com>
Date: Thu Oct 22 11:45:39 2020 -0700
update cgmanifest
commit b92bed7765
Author: Henry Li <lihl@microsoft.com>
Date: Thu Oct 22 11:18:29 2020 -0700
fix changelog comment
commit af2bb119af
Author: Henry Li <lihl@microsoft.com>
Date: Thu Oct 22 10:59:48 2020 -0700
update ant verision
commit 3799615a81
Author: Nicolas Ontiveros <niontive@microsoft.com>
Date: Thu Oct 22 09:21:47 2020 -0700
Fix CVE patch names for unzip
commit 21eee62c1e
Author: Nicolas Ontiveros <niontive@microsoft.com>
Date: Thu Oct 22 09:06:12 2020 -0700
Fix python-curses/xml in toolchain txt files
commit adbf690f2c
Author: Nicolas Ontiveros <niontive@microsoft.com>
Date: Thu Oct 22 09:02:16 2020 -0700
Add ca-certificates back
commit fc24befbad
Author: Nicolas Ontiveros <niontive@microsoft.com>
Date: Thu Oct 22 09:00:10 2020 -0700
Update toolchain txt files
commit c6fd02ea17
Author: Nicolas Ontiveros <niontive@microsoft.com>
Date: Thu Oct 22 08:54:06 2020 -0700
Patch CVE-2019-20907 and CVE-2020-26116
commit 4a79d3cec4
Author: Nicolas Ontiveros <niontive@microsoft.com>
Date: Thu Oct 22 07:27:55 2020 -0700
Nopatch CVE-2019-9674
commit 4d498efe31
Author: Henry Beberman <henry.beberman@microsoft.com>
Date: Wed Oct 21 19:00:48 2020 -0700
Patch gnutls CVE-2020-24659 (#247)
Upstream CVE discussion: https://gitlab.com/gnutls/gnutls/-/issues/1071
commit 7f1c1feb83
Author: Henry Beberman <henry.beberman@microsoft.com>
Date: Wed Oct 21 16:53:40 2020 -0700
Nopatch ed CVE-2015-2987 (#209)
ed CVE-2015-2987 applies to a different program named ed.
commit d6586ff19a
Author: Daniel McIlvaney <damcilva@microsoft.com>
Date: Wed Oct 21 14:05:31 2020 -0700
Patch lua CVE-2019-6706, CVE-2020-15888, nopatch CVE-2020-24342 (#169)
* Patch lua CVE-2019-6706, CVE-2020-15888, CVE-2020-15945, nopatch CVE-2020-24342
Signed-off-by: Daniel McIlvaney <damcilva@microsoft.com>
* Roll back CVE-2020-15945, patch ineffective
Signed-off-by: Daniel McIlvaney <damcilva@microsoft.com>
commit 1a31576601
Author: chalamalasetty <42326515+chalamalasetty@users.noreply.github.com>
Date: Wed Oct 21 13:25:26 2020 -0700
Portablectl patches for to support --now --enable and --no-block flags (#139)
* Portablectl patches for to support --now --enable and --no-block flags
* Portablectl patches for to support --now --enable and --no-block flags
commit 5303d09258
Author: Joe Schmitt <1146681+schmittjoseph@users.noreply.github.com>
Date: Wed Oct 21 12:42:33 2020 -0700
Patch unbound CVE-2020-12662 and CVE-2020-12663 (#246)
commit 84903e9620
Author: Andrew Phelps <anphel31@users.noreply.github.com>
Date: Wed Oct 21 12:31:38 2020 -0700
Fix check tests for brotli, gzip and python-certifi (#245)
* fix check test for brotli, gzip, python-cerifi
* update manifest release version for gzip
* skip check for vim
commit 9af371f703
Author: Pawel Winogrodzki <pawelwi@microsoft.com>
Date: Wed Oct 21 19:18:28 2020 +0200
Switching to correct source for the Microsoft bundle. (#244)
commit 627798a571
Merge: 2ae22e2cb54a5a8a
Author: chalamalasetty <42326515+chalamalasetty@users.noreply.github.com>
Date: Tue Oct 20 23:53:43 2020 -0700
Merge pull request #233 from microsoft/schalam/qatengine
Enable QAT kernel configs in CBL-Mariner
commit 2ae22e2cea
Author: Emre Girgin <50592283+mrgirgin@users.noreply.github.com>
Date: Tue Oct 20 11:12:30 2020 -0700
Fix CVE-2019-12735 in vim (#230)
* Fix CVE-2019-12735 in vim
* Update the changelog to address only one CVE.
commit e6021229ce
Author: Andrew Phelps <anphel31@users.noreply.github.com>
Date: Tue Oct 20 10:35:10 2020 -0700
Fix check tests for git, make, krb5 and libcap-ng (#241)
* fix check tests
* update toolchain manifests
* fix blank spaces and tabs in make.spec
commit bcf0e59d7d
Author: Emre Girgin <50592283+mrgirgin@users.noreply.github.com>
Date: Tue Oct 20 10:09:31 2020 -0700
Update pull_request_template.md (#236)
commit 3b5441ae14
Author: Andrew Phelps <anphel31@users.noreply.github.com>
Date: Tue Oct 20 10:04:41 2020 -0700
patch openssh (#238)
commit b54a5a8a61
Merge: c5ecb62a99ec27ac
Author: chalamalasetty <42326515+chalamalasetty@users.noreply.github.com>
Date: Mon Oct 19 20:50:14 2020 -0700
Merge branch '1.0-dev' into schalam/qatengine
commit 99ec27ac42
Author: Thomas Crain <thcrain@microsoft.com>
Date: Mon Oct 19 15:28:41 2020 -0700
Initial spec lint action commit (#172) (#191)
* Initial spec-cleaner commit for CBL-Mariner
* Add cgmanifest.json file for GitHub workflows folder
* Set continue-on-error to true for a trial period
commit d8a4371f5e
Author: jslobodzian <joslobo@microsoft.com>
Date: Mon Oct 19 15:15:07 2020 -0700
Joslobo/add azure storage (#232)
* Add azure-storage spec file to mariner-core
* Register with legal and update map file
* Fixed #source0 link
* Updated per code review comments
* Fixed URL to use https
commit 6ea7fde951
Author: Pawel Winogrodzki <pawelwi@microsoft.com>
Date: Mon Oct 19 19:57:27 2020 +0200
Adding the `bond`, `fluent-bit`, and `ivykis` packages. (#234)
commit b354cbf3da
Author: Christopher Co <christopher.co@microsoft.com>
Date: Mon Oct 19 10:06:38 2020 -0700
Nopatch kernel CVE-2020-10757, CVE-2020-12653, CVE-2020-12657, CVE-2010-3865, CVE-2020-11668, CVE-2020-12654, CVE-2020-24394, CVE-2020-8428 (#193)
* Address CVE-2020-10757, CVE-2020-12653, CVE-2020-12657, CVE-2010-3865, CVE-2020-11668, CVE-2020-12654, CVE-2020-24394, CVE-2020-8428
commit c5ecb62a31
Author: chalamalasetty <chalamalasetty@live.com>
Date: Sun Oct 18 17:35:18 2020 -0700
Enable QAT kernel configs in CBL-Mariner
commit 1deb33421d
Author: Emre Girgin <50592283+mrgirgin@users.noreply.github.com>
Date: Thu Oct 15 07:21:25 2020 -0700
Fix CVE-2020-26159 in oniguruma (#211)
* Fix CVE-2020-26159
* Increment release, fix autosetup.
commit 9f379520e2
Author: Daniel McIlvaney <damcilva@microsoft.com>
Date: Fri Oct 16 16:54:14 2020 -0700
Nopatch qemu CVE-2015-7504 CVE-2017-5931 CVE-2017-14167 (#162)
commit 89fec183a4
Author: Emre Girgin <50592283+mrgirgin@users.noreply.github.com>
Date: Fri Oct 16 16:47:24 2020 -0700
Upgrade ruby to 2.6.6 to resolve CVE-2019-16255, CVE-2019-16201, CVE-2020-10933, CVE-2020-5247, CVE-2019-15845, CVE-2019-16254 (#224)
* Upgrade ruby to 2.6.6 to resolve CVEs
* Update cgmanifest
commit 0eb5d55fb2
Author: Thomas Crain <thcrain@microsoft.com>
Date: Fri Oct 16 13:32:34 2020 -0700
Add rapidjson package (#225)
commit 47156600f5
Author: Thomas Crain <thcrain@microsoft.com>
Date: Fri Oct 16 12:25:15 2020 -0700
Disable debug package for nlohmann-json (#228)
commit 916b6f74d7
Author: Thomas Crain <thcrain@microsoft.com>
Date: Fri Oct 16 06:33:57 2020 -0700
Add pugixml package (#222)
commit d3b01bd0f3
Author: Thomas Crain <thcrain@microsoft.com>
Date: Fri Oct 16 06:32:55 2020 -0700
Add babeltrace2 and lttng-consume packages (#226)
commit 5fc0ddbc16
Author: Thomas Crain <thcrain@microsoft.com>
Date: Fri Oct 16 06:29:42 2020 -0700
Update libestr (#213)
commit cb250578cc
Author: Andrew Phelps <anphel31@users.noreply.github.com>
Date: Thu Oct 15 21:48:55 2020 -0700
update libffi to use https source0 (#227)
commit f213e1f17f
Author: Thomas Crain <thcrain@microsoft.com>
Date: Thu Oct 15 15:26:56 2020 -0700
Add jsonbuilder package (#223)
commit 61bf24159c
Author: Emre Girgin <50592283+mrgirgin@users.noreply.github.com>
Date: Thu Oct 15 14:02:15 2020 -0700
Remove implicit git repository dependency from toolkit (#197)
* Remove implicit git repository dependency
* Remove the new GIT_REV variable
commit 511ee60b97
Author: Emre Girgin <50592283+mrgirgin@users.noreply.github.com>
Date: Thu Oct 15 14:01:35 2020 -0700
Remove toolchain-local-wget-list after use (#212)
* Remove toolchain-local-wget-list after use
- toolchain-local-wget-list has been left at the end of a toolchain build. It shows up on `git status` whene toolchain is built locally.
- Another solution would be adding it to `.gitignore`.
* Add temporary toolchain build files to toolkit/.gitignore
commit 3312d3721b
Author: Pawel Winogrodzki <pawelwi@microsoft.com>
Date: Thu Oct 15 21:53:15 2020 +0200
Adding the 'span-lite' and 'telegraf' packages. (#220)
commit 6df1d23f8c
Author: Thomas Crain <thcrain@microsoft.com>
Date: Thu Oct 15 12:50:22 2020 -0700
Add msgpack package (#216)
commit 329cf32b14
Author: Thomas Crain <thcrain@microsoft.com>
Date: Thu Oct 15 12:44:45 2020 -0700
Add nlohmann-json package (#217)
commit 010d470a6f
Author: Thomas Crain <thcrain@microsoft.com>
Date: Thu Oct 15 12:18:55 2020 -0700
Add liblogging package (#214)
commit c42ddb8c0c
Author: Thomas Crain <thcrain@microsoft.com>
Date: Thu Oct 15 12:13:20 2020 -0700
Add mm-common and libxml++ packages (#215)
commit a7682dd26d
Author: Pawel Winogrodzki <pawelwi@microsoft.com>
Date: Thu Oct 15 20:48:16 2020 +0200
Adding the 'tracelogging' and 'zipper' packages. (#208)
commit c2c7f85327
Author: Pawel Winogrodzki <pawelwi@microsoft.com>
Date: Thu Oct 15 19:56:37 2020 +0200
Adding the 'toml11' package. (#207)
commit d8e7691afc
Author: Pawel Winogrodzki <pawelwi@microsoft.com>
Date: Thu Oct 15 19:52:49 2020 +0200
Adding the 'tinyxml2' package. (#206)
commit 228dc7df54
Author: Pawel Winogrodzki <pawelwi@microsoft.com>
Date: Thu Oct 15 19:26:39 2020 +0200
Adding the 'syslog-ng' package. (#205)
commit d7c5db2a79
Author: Emre Girgin <50592283+mrgirgin@users.noreply.github.com>
Date: Thu Oct 15 07:21:25 2020 -0700
Fix CVE-2020-26159 in oniguruma (#211)
* Fix CVE-2020-26159
* Increment release, fix autosetup.
commit e9552392cb
Author: Joe Schmitt <1146681+schmittjoseph@users.noreply.github.com>
Date: Wed Oct 14 15:40:10 2020 -0700
Natively support pulling from the preview repo (#199)
commit 791c4b9e19
Author: jslobodzian <joslobo@microsoft.com>
Date: Tue Oct 13 19:37:01 2020 -0700
Build Break Fix: Rollback selinux checkins. (#204)
* Revert "Add missing %libsepolver definition in secilc.spec (#192)"
This reverts commit 9cff088bec.
* Revert "Add SELinux packages to Mariner. (#100)"
This reverts commit b2d918efac.
commit 78d83a1d20
Author: Chirag Shah <chsha@microsoft.com>
Date: Tue Oct 13 15:56:30 2020 -0700
Update README.md (#180)
commit 110619ae47
Author: Chirag Shah <chsha@microsoft.com>
Date: Tue Oct 13 15:56:30 2020 -0700
Update README.md (#180)
commit c1ce89832d
Author: nicolas guibourge <nicogbg@gmail.com>
Date: Tue Oct 13 14:27:56 2020 -0700
enable fetching RPMs from pacakges.microsoft.com for Docker based build (#198)
commit d5101f4f60
Author: Pawel Winogrodzki <pawelwi@microsoft.com>
Date: Mon Oct 12 23:10:38 2020 +0200
Adding a missing '%{?dist}' tag. (#195)
commit c0faafa421
Author: Emre Girgin <50592283+mrgirgin@users.noreply.github.com>
Date: Mon Oct 12 12:17:47 2020 -0700
Add architecture at the end of toolkit archive (#182)
- Also add `version.txt` file in the toolkit archive as an easy way to verify toolkit version.
commit ce47c3d346
Merge: 397c1f02e3880eda
Author: Henry Beberman <henry.beberman@microsoft.com>
Date: Mon Oct 12 12:15:38 2020 -0700
Merge pull request #165 from hbeberman/cifs_utils_fix
Patch CVE-2020-14342 in cifs-utils
commit 397c1f0236
Author: Pawel Winogrodzki <pawelwi@microsoft.com>
Date: Mon Oct 12 20:11:57 2020 +0200
Removing 'TERMINAL_ISO_INSTALLER' from the docs. (#189)
commit 9cff088bec
Author: Thomas Crain <thcrain@microsoft.com>
Date: Fri Oct 9 15:56:19 2020 -0700
Add missing %libsepolver definition in secilc.spec (#192)
commit 71ce404b2b
Author: Pawel Winogrodzki <pawelwi@microsoft.com>
Date: Thu Oct 8 20:15:12 2020 +0200
Adding the `gflags` and `rocksdb` packages. (#183)
* Adding the 'rocksdb' package.
* Adding the 'gflags' package.
commit 9e6952ff3c
Author: Pawel Winogrodzki <pawelwi@microsoft.com>
Date: Wed Oct 7 20:52:49 2020 +0200
Updating cert bundle paths. (#181)
* Updating cert bundle paths.
* Updating cgmanifest.json.
commit 0bec6a1db6
Author: Pawel Winogrodzki <pawelwi@microsoft.com>
Date: Wed Oct 7 20:52:21 2020 +0200
Adding a .nopatch for CVE-2007-0086. (#176)
commit 0181cc7cc0
Author: Thomas Crain <thcrain@microsoft.com>
Date: Wed Oct 7 08:07:48 2020 -0700
Remove "::set-env" commands in GitHub Actions (#178)
commit b2d918efac
Author: Daniel Burgener <burgener.daniel@gmail.com>
Date: Wed Oct 7 09:13:55 2020 -0400
Add SELinux packages to Mariner. (#100)
* Add SELinux packages to Mariner.
This commit add the following packages to Mariner to provide basic
SELinux support:
- checkpolicy
- libsemanage
- mcstrans
- policycoreutils
- secilc
- selinux-policy
- setools
The selinux-policy provided here is a generic base policy, which is not
specifically tuned for Mariner, therefore only permissive mode support
is enabled in this commit. (Although users could load a custom policy
to run in enforcing mode). Future phases have been discussed to add
SELinux enforcing mode support.
This commit does not enable SELinux by default. In order to enable
SELinux support, one must first install necessary packages (libselinux,
policycoreutils, secilc, selinux-policy), and then append "lsm=selinux
selinux=1" to the kernel command line. This will trigger an initial
boot to relabel the system, at which point the system will reboot, and
boot into an SELinux enabled system. SELinux state can be queried with
the "getenforce" command line tool. If SELinux has not been enabled, it
will report "Disabled" (the default). If SELinux support has been
enabled as described in this paragraph, it will report "permissive".
This commit also modifies the following packages to enabled SELinux
functionality in existing packages:
- coreutils
- cronie
- dbus
- openssh
- pam
- rpm
- shadow-utils
- systemd
- util-linux
This enables them to build with SELinux support so that when SELinux is
enabled, they have SELinux related functionality available.
Because coreutils is a basic package and requires building with
libselinux-devel present in order to enable key SELinux functionality,
several dependencies in other packages that rely on coreutils (namely
python2, python3 and systemd-bootstrap) had to be removed in order to
avoid circular dependencies. There does not appear to be a functional
impact from this change based on my testing.
commit d6a262815f
Author: Christopher Co <christopher.co@microsoft.com>
Date: Tue Oct 6 11:16:17 2020 -0700
installutils: Remove root password expiry when no root user is specified in imageconfig file (#161)
commit 328cd7b4c1
Author: Christopher Co <christopher.co@microsoft.com>
Date: Tue Oct 6 11:15:49 2020 -0700
installutils: Supply blank /etc/machine-id file (#147)
From https://www.freedesktop.org/software/systemd/man/machine-id.html:
For operating system images which are created once and used on multiple
machines, for example for containers or in the cloud, /etc/machine-id
should be an empty file in the generic file system image. An ID will be
generated during boot and saved to this file if possible.
commit e3880eda03
Author: Henry Beberman <henry.beberman@microsoft.com>
Date: Mon Oct 5 11:49:05 2020 -0700
Fix CVE-2020-14342 patch to not depend on PATH
commit 3169bfd8c2
Author: Pawel Winogrodzki <pawelwi@microsoft.com>
Date: Mon Oct 5 20:18:15 2020 +0200
Extending 'strongswan' test timeout. (#173)
commit e9fead7ec2
Author: Mateusz Malisz <maliszmat@outlook.com>
Date: Mon Oct 5 20:14:22 2020 +0200
Update fontconfig to 2.13.91 (#175)
commit 6e9a239772
Author: Christopher Co <christopher.co@microsoft.com>
Date: Fri Oct 2 17:19:24 2020 -0700
Fix kernel aarch64 package build break due to missing CONFIG_IMA_KEXEC (#171)
commit c5d866a3b1
Merge: c6ccffa569a5be2c
Author: Emre Girgin <50592283+mrgirgin@users.noreply.github.com>
Date: Fri Oct 2 17:30:25 2020 -0700
Merge pull request #167 from microsoft/mrgirgin/mariner-repos-post
Replace mariner-repos's %post scriptlet as %posttrans
commit c6ccffa563
Author: Christopher Co <christopher.co@microsoft.com>
Date: Fri Oct 2 17:19:24 2020 -0700
Fix kernel aarch64 package build break due to missing CONFIG_IMA_KEXEC (#171)
commit 69a5be2ce6
Merge: 00ea86274826b65d
Author: Emre Girgin <mrgirgin@microsoft.com>
Date: Fri Oct 2 16:47:04 2020 +0000
Merge branch '1.0-dev' into mrgirgin/mariner-repos-post
commit 4826b65d1a
Author: Pawel Winogrodzki <pawelwi@microsoft.com>
Date: Fri Oct 2 16:47:58 2020 +0200
Adding new 'preview' repository. (#146)
* Adding new 'preview' repository.
* Addressing comments.
commit 563639e25b
Merge: e95dc987f86fe912
Author: Jon Slobodzian <joslobo@microsoft.com>
Date: Thu Oct 1 21:34:16 2020 -0700
Merge branch '1.0-dev' into 1.0
commit f86fe912bd
Author: Emre Girgin <50592283+mrgirgin@users.noreply.github.com>
Date: Thu Oct 1 21:32:16 2020 -0700
Fix kernel specs' %postun scripts (#164)
* Fix `kernel.spec`'s `%postun` script
* Fix `kernel-signed-aarch64`'s `%postun` script
* Fix kernel-signed-x64.spec's %postun script
* Fix kernel-hyperv.spec's %postun script
commit 49b0a95947
Author: Christopher Co <christopher.co@microsoft.com>
Date: Thu Oct 1 21:31:38 2020 -0700
initramfs: Regenerate initrd using host-only mode on file-based trigger (#170)
* initramfs: Always use host-only mode
kdump currently uses the host system's initrd when enrolling a crash kernel
and initrd. There is a limitation where the kdump initrd must be generated
with dracut in "host-only" mode.
The -k option forces a host-only initrd build.
The -q option suppresses verbose output
If mkinitrd is called without <image> and <kernel-version> parameters, it will
default to calling dracut in "host-mode" mode on every kernel version it can
find in /boot.
If mkinitrd is called with <image> and <kernel-version> parameters, it will
default to calling dracut in "generic host" mode for rebuilding the specific
initrd. Therefore we need to make sure to add the -k option when invoking
mkinitrd with an explicit <image> and <kernel version>
* Reword comment block
commit e95dc987c1
Merge: 70315169906693b5
Author: Jon Slobodzian <joslobo@microsoft.com>
Date: Thu Oct 1 21:14:46 2020 -0700
Merge branch '1.0-dev' into 1.0
commit 9c3499f4fe
Author: Henry Beberman <henry.beberman@microsoft.com>
Date: Thu Oct 1 12:17:58 2020 -0700
Address changelog and prep section comments
commit 906693b5ae
Author: Thomas Crain <thcrain@microsoft.com>
Date: Thu Oct 1 11:15:25 2020 -0700
Remove chrony-wait as a boot service dependency (#166)
* Remove chrony-wait as a boot service dependency
* Add cgmanifest entry for chrony
commit 00ea86274a
Author: Emre Girgin <50592283+mrgirgin@users.noreply.github.com>
Date: Thu Oct 1 09:46:41 2020 -0700
Add a more verbose changelog
commit 1a1ed8c1ec
Author: Emre Girgin <50592283+mrgirgin@users.noreply.github.com>
Date: Thu Oct 1 09:38:23 2020 -0700
Update toolchain_x86_64.txt
commit 8756d186e6
Author: Emre Girgin <50592283+mrgirgin@users.noreply.github.com>
Date: Thu Oct 1 09:38:07 2020 -0700
Update toolchain_aarch64.txt
commit 41a6c75f85
Author: Emre Girgin <50592283+mrgirgin@users.noreply.github.com>
Date: Thu Oct 1 09:37:52 2020 -0700
Update pkggen_core_x86_64.txt
commit c3ccb82cef
Author: Emre Girgin <50592283+mrgirgin@users.noreply.github.com>
Date: Thu Oct 1 09:37:32 2020 -0700
Update pkggen_core_aarch64.txt
commit 9115bc45b9
Author: Emre Girgin <50592283+mrgirgin@users.noreply.github.com>
Date: Thu Oct 1 09:32:42 2020 -0700
Replace mariner-repos's %post script as %posttrans
- After looking at here, it shows that %post script for a new version runs before the %preun script for an old version. Which means, after an upgrade, the keys would be removed by the older version: https://docs.fedoraproject.org/en-US/packaging-guidelines/Scriptlets/#ordering
commit adf08fb404
Author: Henry Beberman <henry.beberman@microsoft.com>
Date: Wed Sep 30 17:39:07 2020 -0700
Patch CVE-2020-14342 in cifs-utils
commit b5564be248
Author: Joe Schmitt <1146681+schmittjoseph@users.noreply.github.com>
Date: Wed Sep 30 10:18:19 2020 -0700
Support downloading preview SRPMs (#160)
Replace SRPM_URL* with SRPM_URL_LIST
commit b556e4d970
Merge: 5e3844e74c83bb02
Author: chalamalasetty <42326515+chalamalasetty@users.noreply.github.com>
Date: Tue Sep 29 18:17:49 2020 -0700
Merge pull request #142 from microsoft/schalam/mlx_sr-iov
Enable Mellanox kernel configs
commit 5e3844e788
Author: Christopher Co <christopher.co@microsoft.com>
Date: Tue Sep 29 15:19:08 2020 -0700
full: Always install the default kernel (#132)
Currently, when installing CBL-Mariner via ISO, the ISO will
install the standard kernel package or the kernel-hyperv package
depending on if installing on HyperV VM or not.
The HyperV kernel is still under evaluation so use the standard kernel
package across the board.
commit 10cdad051f
Author: Daniel McIlvaney <damcilva@microsoft.com>
Date: Tue Sep 29 13:30:12 2020 -0700
Nopatch unzip CVE-2008-0888 (#154)
Signed-off-by: Daniel McIlvaney <damcilva@microsoft.com>
commit f4528b8ecc
Author: Daniel McIlvaney <damcilva@microsoft.com>
Date: Tue Sep 29 13:28:46 2020 -0700
Nopatch lua CVE-2020-15889 (#153)
* nopatch lua CVE-2020-15889
Signed-off-by: Daniel McIlvaney <damcilva@microsoft.com>
commit d04ebb2437
Author: Daniel McIlvaney <damcilva@microsoft.com>
Date: Tue Sep 29 13:24:52 2020 -0700
Nopatch qemu CVE-2016-7161 (#152)
* Nopatch qemu CVE-2016-7161
Signed-off-by: Daniel McIlvaney <damcilva@microsoft.com>
commit 4f331e71e1
Author: Daniel McIlvaney <damcilva@microsoft.com>
Date: Tue Sep 29 13:18:51 2020 -0700
Nopatch apparmor CVE-2016-1585 (#150)
* Nopatch apparmor CVE-2016-1585
Signed-off-by: Daniel McIlvaney <damcilva@microsoft.com>
commit a7ae423538
Author: Daniel McIlvaney <damcilva@microsoft.com>
Date: Tue Sep 29 13:15:58 2020 -0700
Nopatch groff CVE-2000-0803 (#149)
* Nopatch groff CVE-2000-0803
Signed-off-by: Daniel McIlvaney <damcilva@microsoft.com>
commit 486f4fc1f9
Author: Daniel McIlvaney <damcilva@microsoft.com>
Date: Tue Sep 29 13:13:04 2020 -0700
Nopatch httpd CVE-1999-0236, CVE-1999-1412 (#148)
* Nopatch httpd CVE-1999-0236, CVE-1999-1412
Signed-off-by: Daniel McIlvaney <damcilva@microsoft.com>
commit b3ea131993
Author: Christopher Co <christopher.co@microsoft.com>
Date: Mon Sep 28 17:05:07 2020 -0700
Create quickstart.yml (#119)
This patch adds a GitHub Action to verify our Quickstart instructions
commit 32a07873c2
Author: Daniel McIlvaney <damcilva@microsoft.com>
Date: Mon Sep 28 10:31:24 2020 -0700
Update tpm2-abrmd to 2.3.3 (#144)
* Update tpm2-abrmd to 2.3.3
commit 4c83bb02b6
Author: chalamalasetty <chalamalasetty@live.com>
Date: Fri Sep 25 22:17:53 2020 -0700
Enable Mellanox kernel configs
commit 4b56414903
Author: Daniel McIlvaney <damcilva@microsoft.com>
Date: Fri Sep 25 16:07:43 2020 -0700
Update tpm2 tools to 4.2, tss to 2.4.0 (#134)
Signed-off-by: Daniel McIlvaney <damcilva@microsoft.com>
commit 6068d8b5b4
Author: Daniel McIlvaney <damcilva@microsoft.com>
Date: Fri Sep 25 16:07:17 2020 -0700
Add IMA feature to the kernel, add config for it (#135)
* Add IMA feature to the kernel, add config for it
- Add IMA measurement configs to the x86_64, and aarch64 kernel configs (IMA_APPRAISE currently disabled).
- Add KernelCommandLine config field to control IMA, and allow additional configs to be passed.
Signed-off-by: Daniel McIlvaney <damcilva@microsoft.com>
Co-authored-by: Christopher Co <christopher.co@microsoft.com>
commit b3d74966b0
Author: Pawel Winogrodzki <pawelwi@microsoft.com>
Date: Wed Sep 23 11:48:24 2020 +0200
Markdown lint-induced clean-up of doc files. (#122)
* Makrdownlint-induced clean-up.
* Removing redundant lines.
* Removing redundant lines 2.
commit 0bfe2f9da7
Author: Pawel Winogrodzki <pawelwi@microsoft.com>
Date: Tue Sep 22 19:34:33 2020 +0200
Updating 'ca-certificates' nssckbi.h header and unifying changelog entries with package version (#125)
* Updating changelog to be consistent with package version.
* Fixing missed update to 'nssckbi.h'.
* Updating manifests.
* Updating signatures.
commit 5197a48564
Author: Mateusz Malisz <maliszmat@outlook.com>
Date: Mon Sep 21 23:35:05 2020 +0200
Add cloud-init-vmware-guestinfo package (#124)
* Add cloud-init-vmware-guestinfo package
commit 4e504e32ae
Author: Pawel Winogrodzki <pawelwi@microsoft.com>
Date: Mon Sep 21 21:21:11 2020 +0200
Adding a small build tip to the quick start instructions. (#123)
commit 070331fc51
Author: Nicolas Ontiveros <54044510+niontive@users.noreply.github.com>
Date: Sat Sep 19 13:59:40 2020 -0700
Upgrade golang to 1.13.15 (#93)
commit 7126e0be4f
Author: Mateusz Malisz <maliszmat@outlook.com>
Date: Sat Sep 19 22:58:40 2020 +0200
Fix libffi normal package build (#116)
* Fix libffi normal package build
* Add comment explaining the purpose of the sed call
commit 83de3e225d
Author: Jim Perrin <Jim.Perrin@microsoft.com>
Date: Tue Sep 15 08:36:19 2020 -0700
add wants=sshd-keygen.service to sshd (#58)
* add wants=sshd-keygen.service to sshd
Signed-off-by: Jim Perrin <Jim.Perrin@microsoft.com>
* modify signatures.json and bump release for pr
Signed-off-by: Jim Perrin <Jim.Perrin@microsoft.com>
commit 09940d60f3
Author: Jason Goscinski <jasongos@users.noreply.github.com>
Date: Thu Sep 10 18:06:34 2020 -0700
Update building.md (#104)
commit ff4b770cf5
Author: Jim Perrin <Jim.Perrin@microsoft.com>
Date: Tue Sep 8 12:53:14 2020 -0700
Update trademark section of the readme
Signed-off-by: Jim Perrin <Jim.Perrin@microsoft.com>
* upgrade swig
* fix linting
* update licensing
* update URLs and linting
* update util-linux, glib and vim
* fix manifests and update linting
Co-authored-by: Henry Li <lihl@microsoft.com>