Граф коммитов

30 Коммитов

Автор SHA1 Сообщение Дата
jslobodzian eb08b37916
Bump package version to recompile binaries with fixed gcc stack prote… (#6253)
* Bump package version to recompile binaries with fixed gcc stack protection (CVE-2023-4039)

* Bump debuginfo versions in toolchain manifests

* Bump kernel headers to match kernel

* Update SPECS/gettext/gettext.spec

Taking suggestion

Co-authored-by: Muhammad Falak R Wani <falakreyaz@gmail.com>

* Update for code review comments

* Fix for code review comment in qt5-qtdeclarative changelog

* Fix dash version for signed spec files

---------

Co-authored-by: Muhammad Falak R Wani <falakreyaz@gmail.com>
2023-09-21 17:10:15 -04:00
Henry Li bf799e2456
[main] Upgrade libsolv to v0.7.20, libsoup to v3.0.4, glib to v2.71.0, gtk-doc to v1.33.2 (#1998)
* save changes

* upgrade all related packages

* fix license check, update toolchain manifest and toolchain build steps

* update build toolchain script

* fix gtk-doc

* upgrade a bunch of other packages

* update gtk3

* fix cgmanifest URL

* upgrade vte291

* resolve comments

* fix changelog

Co-authored-by: Henry Li <lihl@microsoft.com>
2022-02-10 15:49:32 -08:00
Thomas Crain c264766b94
Remove manual pkgconfig(*) provides in toolchain specs (#2155) 2022-02-09 14:21:45 -08:00
Nick Samson dfad704a6f
Merge branch 'dev' into nisamson/python2-removal 2021-05-19 15:18:32 -07:00
Nick Samson 6aecc2bf6f
Updated spec releases and changelogs, but not manifests yet 2021-05-19 22:02:48 +00:00
Thomas Crain b6a0d17fe4
Add runtime requirement on glib-schemas from glib-devel (#959) 2021-05-19 13:56:31 -07:00
Nick Samson 4760d9b463
Squashed commit of the following:
commit 9ef9b4d3fd
Author: Thomas Crain <thcrain@microsoft.com>
Date:   Mon May 17 12:39:41 2021 -0700

    Ensure RUN_CHECK Make flag and with_check RPM define match (#945)

commit 794ac9ab2e
Merge: 6f354a36 ce5d3b4c
Author: Thomas Crain <thcrain@microsoft.com>
Date:   Mon May 17 12:38:59 2021 -0700

    Merge pull request #851: Merge 1.0 (up to April Update) into dev branch

commit ce5d3b4c5f
Author: Thomas Crain <thcrain@microsoft.com>
Date:   Mon May 17 12:31:13 2021 -0700

    Fix manifest

commit 258e455fb3
Author: Thomas Crain <thcrain@microsoft.com>
Date:   Mon May 17 11:40:42 2021 -0700

    Update python-pycurl source url

commit c04ccb29b2
Author: Thomas Crain <thcrain@microsoft.com>
Date:   Mon May 17 11:32:58 2021 -0700

    Fix License Map

commit 39c1d60663
Author: Thomas Crain <thcrain@microsoft.com>
Date:   Mon May 17 11:30:03 2021 -0700

    Re-add rubygem-bundler

commit f5ab309436
Author: Thomas Crain <thcrain@microsoft.com>
Date:   Mon May 17 11:23:27 2021 -0700

    Update entangled specs

commit 7b6df997a5
Merge: 4770f65c 6f354a36
Author: Thomas Crain <thcrain@microsoft.com>
Date:   Mon May 17 11:14:46 2021 -0700

    Merge remote-tracking branch 'origin/dev' into thcrain/pain

commit 4770f65cff
Author: Thomas Crain <thcrain@microsoft.com>
Date:   Mon May 17 10:57:48 2021 -0700

    Revert "Ensure RUN_CHECK Make flag and with_check RPM define match"

    This reverts commit 221d95ad94.

commit 221d95ad94
Author: Thomas Crain <thcrain@microsoft.com>
Date:   Fri May 14 09:45:40 2021 -0500

    Ensure RUN_CHECK Make flag and with_check RPM define match

commit 6f354a36e3
Author: Henry Li <69694695+henryli001@users.noreply.github.com>
Date:   Thu May 13 16:56:31 2021 -0700

    [dev] Fix build break caused by bind and man-db (#941)

    * fix bind and man-db

    * update changelog

    * update macros

    Co-authored-by: Henry Li <lihl@microsoft.com>

commit b11322afae
Author: Thomas Crain <thcrain@microsoft.com>
Date:   Thu May 13 10:55:38 2021 -0500

    fix aarch64 manifests

commit 60292cd8de
Author: Thomas Crain <thcrain@microsoft.com>
Date:   Thu May 6 20:04:53 2021 -0500

    Fix bogus date in clog

commit f7ae2aef4c
Author: Thomas Crain <thcrain@microsoft.com>
Date:   Wed May 5 10:52:31 2021 -0500

    Update rubygem specs with proper macros

    Bump rubygem specs

    Remove rubygems and td-agent for this PR

commit 13f6c96776
Author: Thomas Crain <thcrain@microsoft.com>
Date:   Wed May 5 10:04:00 2021 -0500

    Various build fixes

commit ada9b25e30
Author: Thomas Crain <thcrain@microsoft.com>
Date:   Tue May 4 12:45:49 2021 -0500

    Latest round of fixes

commit 199a57d1c8
Author: Henry Li <69694695+henryli001@users.noreply.github.com>
Date:   Mon May 3 18:13:56 2021 -0700

    [dev] Update bind to enable missing packages (#912)

    * save changes to bind

    * save changes for bind

    * update bind spec

    * update bind

    * remove service files

    * update linting

    Co-authored-by: Henry Li <lihl@microsoft.com>

commit e3d1e945a8
Author: Pawel Winogrodzki <pawelwi@microsoft.com>
Date:   Mon May 3 16:48:30 2021 -0700

    [dev] Adding symbolic links to `groff`. (#907)

commit 8ce94ae4e5
Author: Henry Li <69694695+henryli001@users.noreply.github.com>
Date:   Mon May 3 11:18:57 2021 -0700

    fix glib typo (#909)

    Co-authored-by: Henry Li <lihl@microsoft.com>

commit 90f361f753
Merge: f4a12106 0321aecb
Author: Thomas Crain <thcrain@microsoft.com>
Date:   Fri Apr 30 18:07:37 2021 -0500

    Merge branch '1.0' from April Update

commit 0321aecbfb
Merge: 8c018077 b7ed62e4
Author: jslobodzian <joslobo@microsoft.com>
Date:   Thu Apr 29 21:42:33 2021 -0700

    Merge pull request #903 from microsoft/joslobo/merge-for-april-update

    Joslobo/merge for april update

commit b7ed62e4ed
Merge: 8c018077 ec8da096
Author: Jon Slobodzian <joslobo@microsoft.com>
Date:   Thu Apr 29 21:34:03 2021 -0700

    Merge branch '1.0-dev' into joslobo/merge-for-april-update

commit ec8da09692
Merge: 066b103f 736bb358
Author: jslobodzian <joslobo@microsoft.com>
Date:   Thu Apr 29 20:59:40 2021 -0700

    Merge pull request #896 from christopherco/chrco/growpart/disk-lock-patch

    cloud-utils-growpart: Workaround for timeout

commit 066b103f3a
Merge: 3db16c15 ab2ca924
Author: jslobodzian <joslobo@microsoft.com>
Date:   Thu Apr 29 20:57:25 2021 -0700

    Merge pull request #899 from microsoft/nisamson/grpc-c-ares-unvendor

    Added config line to unvendor c-ares in grpc; now uses system package

commit 3db16c15dd
Author: Thomas Crain <thcrain@microsoft.com>
Date:   Thu Apr 29 14:40:57 2021 -0700

    Fix logic error in runliveinstaller (#901)

commit 72508199b4
Author: CBL-Mariner-Bot <75509084+CBL-Mariner-Bot@users.noreply.github.com>
Date:   Thu Apr 29 14:33:05 2021 -0700

    Automatic update of the `kubernetes` packages.

commit f4a121065f
Author: Thomas Crain <thcrain@microsoft.com>
Date:   Thu Apr 29 12:41:43 2021 -0500

    fix perl-JSON

commit ab2ca92467
Author: Nick Samson <nick.samson@microsoft.com>
Date:   Wed Apr 28 23:24:55 2021 +0000

    Added config line to unvendor c-ares in grpc; now uses system package

commit c304576df6
Author: Andrew Phelps <anphel31@users.noreply.github.com>
Date:   Wed Apr 28 11:34:44 2021 -0700

    Fix python3 test_ssl tests (#898)

    * fix python3 ssl tests

    * fix changelog linting issue

commit 8c018077d0
Merge: dff18f06 bd33c18a
Author: jslobodzian <joslobo@microsoft.com>
Date:   Wed Apr 28 11:07:11 2021 -0700

    Merge pull request #895 from microsoft/danmihai1/DRBG

    Enable CONFIG_CRYPTO_DRBG_HASH, CONFIG_CRYPTO_DRBG_CTR

commit dff18f0605
Merge: ab49164b e4516797
Author: jslobodzian <joslobo@microsoft.com>
Date:   Wed Apr 28 11:02:31 2021 -0700

    Merge pull request #897 from microsoft/niontive/update-openssl

    Upgrade OpenSSL to 1.1.1k (#812)

commit e451679727
Author: Nicolas Ontiveros <54044510+niontive@users.noreply.github.com>
Date:   Wed Mar 31 13:11:45 2021 -0700

    Upgrade OpenSSL to 1.1.1k (#812)

    * Update openssl to version 1.1.1k

    * Update pkggen and toolchain txt files

    * Update cgmanifest

commit bd33c18ac6
Author: Dan Mihai <Daniel.Mihai@microsoft.com>
Date:   Wed Apr 28 06:31:48 2021 -0700

    Fix kernel headers version in pkggen_core_x86_64.txt

commit 736bb358e0
Author: Chris Co <chrco@microsoft.com>
Date:   Wed Apr 28 06:36:24 2021 +0000

    cloud-utils-growpart: lint

    Signed-off-by: Chris Co <chrco@microsoft.com>

commit d49a08ac83
Author: Chris Co <chrco@microsoft.com>
Date:   Wed Apr 28 06:13:34 2021 +0000

    cloud-utils-growpart: Workaround for timeout

    Regression identified when using flock disk locking with 5.10 kernel and
    systemd-239. During unlock_disk_and_settle(), udevadm settle will not
    complete and eventually timeout after 2 minutes. When looking at the
    systemd-udevd logs, the daemon crashes and produces the following stack
    trace:

        Stack trace of thread 1531:
        #0  0x00007fd73d9be405 recvmsg (libpthread.so.0)
        #1  0x00007fd73dab33b8 udev_monitor_receive_device (libsystemd-shared-239.so)
        #2  0x0000600347316201 on_uevent (systemd-udevd)
        #3  0x0000600347316667 on_inotify (systemd-udevd)
        #4  0x00007fd73dbad6d7 source_dispatch (libsystemd-shared-239.so)
        #5  0x00007fd73dbaf4e5 sd_event_dispatch (libsystemd-shared-239.so)
        #6  0x00007fd73dbaf678 sd_event_run (libsystemd-shared-239.so)
        #7  0x00007fd73dbaf89f sd_event_loop (libsystemd-shared-239.so)
        #8  0x00006003473132df run (systemd-udevd)
        #9  0x00007fd73d80e133 __libc_start_main (libc.so.6)
        #10 0x0000600347313efe _start (systemd-udevd)

    The failing behavior appears to be directly linked to the "exec FD"
    actions. A quick way to replicate this issue in the repro environment:
        exec 9<>$disk
        exec 9>&-
        udevadm settle

    This patch comments out the initial lock_disk() call, which makes
    unlock_disk_and_settle() return early because ${FLOCK_DISK_FD} is not
    set to a valid FD, avoiding the file descriptor actions that lead to
    the failing behavior.

    Note that this change does re-introduce the possibility of udev race
    conditions during the disk operations, effectively reverting this
    behavior to pre-0.32 behavior.

    Signed-off-by: Chris Co <chrco@microsoft.com>

commit d236b22280
Author: Dan Mihai <Daniel.Mihai@microsoft.com>
Date:   Tue Apr 27 20:05:20 2021 -0700

    Use the same dates as the 1.0-dev branch

commit 84a37c465c
Author: Dan Mihai <Daniel.Mihai@microsoft.com>
Date:   Tue Apr 27 19:13:50 2021 -0700

    Enable CONFIG_CRYPTO_DRBG_HASH, CONFIG_CRYPTO_DRBG_CTR

    These changes were ported from commit
    8265b13074

commit b0c9dc882c
Merge: 4f48d846 ab49164b
Author: Thomas Crain <thcrain@microsoft.com>
Date:   Tue Apr 27 21:02:56 2021 -0500

    Merge branch '1.0' into thcrain/pain

commit e0955b0d22
Merge: f9a5cb86 22f1ccc5
Author: jslobodzian <joslobo@microsoft.com>
Date:   Tue Apr 27 17:11:38 2021 -0700

    Merge pull request #894 from microsoft/joslobo/bump-mariner-release-for-april-update

    Bump version number of release package for April Update

commit 22f1ccc5e3
Author: Jon Slobodzian <joslobo@microsoft.com>
Date:   Tue Apr 27 14:31:59 2021 -0700

    Bump version number of release package for April Update

commit f9a5cb862a
Merge: 8faf715b 9e36a4f2
Author: jslobodzian <joslobo@microsoft.com>
Date:   Tue Apr 27 14:26:33 2021 -0700

    Merge pull request #893 from microsoft/joslobo/sync-mariner-release-on-1.0-dev

    Sync 1.0-dev branch with updated mariner-release version from March update

commit 9e36a4f246
Author: Jon Slobodzian <joslobo@microsoft.com>
Date:   Tue Mar 30 20:57:40 2021 -0700

    Update release version for March update

commit 4f48d8460a
Merge: 534fd81b 06154eed
Author: Thomas Crain <thcrain@microsoft.com>
Date:   Tue Apr 27 15:29:59 2021 -0500

    Merge remote-tracking branch 'origin/dev' into thcrain/pain

commit 534fd81bfd
Author: Thomas Crain <thcrain@microsoft.com>
Date:   Tue Apr 27 15:25:53 2021 -0500

    More toolchain fixes

commit 8faf715bf9
Author: Thomas Crain <thcrain@microsoft.com>
Date:   Tue Apr 27 11:17:36 2021 -0700

    Update license map (#888)

commit 7f1416a970
Author: Thomas Crain <thcrain@microsoft.com>
Date:   Tue Apr 27 12:58:27 2021 -0500

    temporary toolchain fix

commit 0ec0716322
Author: Thomas Crain <thcrain@microsoft.com>
Date:   Tue Apr 27 12:51:41 2021 -0500

    Fix unzip build issue

commit f6f7e2b5b2
Merge: 1b92ffab d63cb598
Author: Thomas Crain <thcrain@microsoft.com>
Date:   Tue Apr 27 09:47:23 2021 -0700

    Merge branch 'dev' into thcrain/pain

commit 91a215094a
Author: Nick Samson <nick.samson@microsoft.com>
Date:   Tue Apr 27 08:57:30 2021 -0700

    Updated OpenJDK8 to patch 292 to address multiple CVEs (#862)

commit 1b92ffab8a
Author: Thomas Crain <thcrain@microsoft.com>
Date:   Tue Apr 27 08:52:01 2021 -0500

    Fix bad toolchain manifests (x86_64)

commit cf18b55bef
Author: Thomas Crain <thcrain@microsoft.com>
Date:   Mon Apr 26 20:54:43 2021 -0500

    Fix incorrect %%{_lib} macro usage

commit ea1e989497
Author: Thomas Crain <thcrain@microsoft.com>
Date:   Mon Apr 26 16:20:10 2021 -0700

    Fix espeakup issues in ISO (#879)

    * Only start speakup in runliveinstaller if attended

    * Restart speakup when installerview is shown

    * Update runliveinstaller

commit b4204939d5
Author: Thomas Crain <thcrain@microsoft.com>
Date:   Mon Apr 26 16:15:57 2021 -0700

    Update mysql to 8.0.24 to fix 30 CVEs (#882)

commit 86b756ae14
Author: Thomas Crain <thcrain@microsoft.com>
Date:   Mon Apr 26 14:56:46 2021 -0700

    Update dnsmasq to 2.85 to fix CVE-2021-3348 (#877)

commit 513c6fa2ae
Author: Thomas Crain <thcrain@microsoft.com>
Date:   Mon Apr 26 14:46:36 2021 -0700

    Patch several CVEs in Rust (#887)

    * Patch several CVEs in Rust

    * Update cloud-hypervisor.spec

commit 92d74837ab
Author: Christopher Co <35273088+christopherco@users.noreply.github.com>
Date:   Mon Apr 26 14:06:41 2021 -0700

    Incorporate signed shim package into default images/iso (#881)

    - iso-initrd: Use signed shim package

    - core-packages: Use signed shim package

    - core-efi-aarch64: Add new core-efi-aarch64 image

    aarch64 images still need to use the shim-unsigned package. Add a new
    core-efi-aarch64 image configuration and add a new
    core-packages-image-aarch64 packagelist with the shim-unsigned package.

    When a signed aarch64 shim is available, we can consider removing this
    image configuration and package list.

    - full-aarch64: Add new full-aarch64 iso config

    Signed-off-by: Chris Co <chrco@microsoft.com>

commit cbfa490644
Author: Christopher Co <35273088+christopherco@users.noreply.github.com>
Date:   Mon Apr 26 11:03:18 2021 -0700

    shim-unsigned: Force using shim-15 for aarch64 (#880)

    There is a regression in shim-15.4 aarch64 builds where, if built with
    binutils pre-2.35, the binary will fail to boot with "Synchronous Exception"
    error.

    See upstream shim issues page for more details.

    Force using shim-15 release for aarch64 only.
    Older cert is expired. Use new cert instead.

    Signed-off-by: Chris Co <chrco@microsoft.com>

commit e00cc4dc7b
Author: Pawel Winogrodzki <pawelwi@microsoft.com>
Date:   Mon Apr 26 10:39:50 2021 -0700

    Moving licenses script to toolkit and updating its functionality. (#885)

commit ff38ba49af
Author: Joseph Knierman <joknierm@microsoft.com>
Date:   Mon Apr 26 10:38:53 2021 -0700

    Adding `nvidia-container-runtime` package (#874)

commit de8f255023
Author: Christopher Co <35273088+christopherco@users.noreply.github.com>
Date:   Sun Apr 25 15:39:10 2021 -0700

    kernel: Disable CONFIG_EFI_DISABLE_PCI_DMA (#875)

    On certain poorly-behaving hardware, CONFIG_EFI_DISABLE_PCI_DMA can
    cause the kernel to fail to boot. When this happens, the boot log
    shows an EFI stub error where Exit boot services failed:

       EFI stub: Booting Linux Kernel...
       EFI stub: Using DTB from configuration table
       EFI stub: Exiting boot services and installing virtual address map...
       EFI stub: ERROR: Exit boot services failed.
       EFI stub: ERROR: Failed to update FDT and exit boot services

    To confirm if one is hitting this specific PCI busmastering issue, one
    can add "efi=no_disable_early_pci_dma" to the kernel command line
    and observe if the boot issue goes away.

    Since this kernel package serves a wider array of hardware, some of
    which do exhibit this boot failure, let's disable the config by default.

    Signed-off-by: Chris Co <chrco@microsoft.com>

commit ab49164b6c
Author: Thomas Crain <thcrain@microsoft.com>
Date:   Tue Apr 20 10:52:53 2021 -0500

    Fix CVEs in Rust

    Bump Rust packages

    Fix patch numbering

commit 42dd6a91c4
Author: Pawel Winogrodzki <pawelwi@microsoft.com>
Date:   Mon Apr 12 14:57:06 2021 -0700

    Fixing azure-iotedge.spec `BuildRequires` typo from '==' to '='. (#844)

commit a1a01b824d
Merge: 124e6fd5 cf05009f
Author: jslobodzian <joslobo@microsoft.com>
Date:   Sun Apr 25 13:41:27 2021 -0700

    Merge pull request #883 from microsoft/thcrain/rust-cves-oh-no

    Patch CVE-2021-28879 in Rust

commit cf05009f12
Author: Thomas Crain <thcrain@microsoft.com>
Date:   Tue Apr 20 10:52:53 2021 -0500

    Fix CVEs in Rust

    Bump Rust packages

    Fix patch numbering

commit 124e6fd530
Author: Pawel Winogrodzki <pawelwi@microsoft.com>
Date:   Fri Apr 23 16:48:52 2021 -0700

    Updating license info for 'kubernetes' and 'coredns'. (#878)

commit 368e1ddb02
Author: Thomas Crain <thcrain@microsoft.com>
Date:   Fri Apr 23 12:53:42 2021 -0700

    Update sqlite to 3.34.1 to fix CVE-2021-20227 (#873)

commit b8298ec75a
Author: Pawel Winogrodzki <pawelwi@microsoft.com>
Date:   Fri Apr 23 11:09:15 2021 -0700

    Adding missing patch signature for "kubernetes-1.18.17". (#876)

commit b4eb3b0b4e
Author: Thomas Crain <thcrain@microsoft.com>
Date:   Fri Apr 23 09:26:54 2021 -0700

    Upgrade ClamAV to 0.103.2 to fix multiple CVEs (#871)

commit 8dc788e26a
Author: CBL-Mariner-Bot <75509084+CBL-Mariner-Bot@users.noreply.github.com>
Date:   Thu Apr 22 17:23:07 2021 -0700

    Automatic update of the `kubernetes` packages. (#869)

    * Automatic package update.

    * Adjusted build steps for new sources from the 1.20.X versions.

    Co-authored-by: Pawel Winogrodzki <pawel.winogrodzki@microsoft.com>

commit 3233c84928
Author: Nicolas Ontiveros <54044510+niontive@users.noreply.github.com>
Date:   Thu Apr 22 08:26:44 2021 -0700

    Fix installation and removal of atd.service (#870)

commit 2b123e6354
Author: Nicolas Ontiveros <54044510+niontive@users.noreply.github.com>
Date:   Thu Apr 22 08:25:49 2021 -0700

    Exclude static libraries in openvswitch package (#865)

commit 67cf4f9b65
Author: Christopher Co <35273088+christopherco@users.noreply.github.com>
Date:   Wed Apr 21 20:37:29 2021 -0700

    grub-efi-binary-signed: define new grub2-efi-binary subpackage (#855)

    * grub-signed: Commonize on one spec

    Use macros to swap spec contents based on build architecture. We will
    still create an SRPM per arch, each with a unique name, so there is no
    risk of SRPM name collision.

    * grub-signed: Define new grub2-efi-binary subpackage

    New subpackage will contain the signed grubx64.efi/grubaa64.efi binary.
    This package name is identical to the unsigned version and we will
    prefer to use this signed version if built.

    * grub-signed: rename files

    * grub2: bump spec version to match signed version

    * Update github action checks

    CG manifest, license file, and spec entanglement checks are failing
    due to the grub-efi-binary-signed naming change. Update the checks to
    account for the new name.

    * grub2-signed: rename source0 to match subpackage

    Source0 previous pointed to grub2-efi-unsigned rpm which technically
    can work but it would be better to use the grub2-efi-binary package
    instead because grub2-efi-binary package is ultimately the package we
    will be replacing. We can also perform checks to make sure the output
    rpm matches the inputs, modulo the signed binary.

    Signed-off-by: Chris Co <chrco@microsoft.com>

commit 8a5fdab5d0
Author: Christopher Co <35273088+christopherco@users.noreply.github.com>
Date:   Wed Apr 21 20:29:33 2021 -0700

    shim: Introduce shim package (#866)

    * shim: Introduce shim package

    Shim package contains a signed shim bootloader which is signed with the
    Microsoft UEFI CA cert to allow it to load on many different platforms
    that support UEFI Secure boot. If UEFI Secure Boot is enabled, this shim
    binary will verify that next stage bootloaders (i.e., grub and kernel)
    are signed with the CBL-Mariner secure boot key.

    * shim: add extra versioning info to source0

    Renamed Source0 tarball naming to prevent future tarball naming
    collisions.

    * CI: ignore shim during cgmanifest check

    shim package's Source0 is a signed binary created by us.

    * licenses-map: Add shim to table

    * shim: prefer install over cp

    * licenses: Add shim to data file

    Fixes error thrown by spec license checker

    * shim: Add comment explaining why only x86_64 shim

    Signed-off-by: Chris Co <chrco@microsoft.com>

commit 6a3adec622
Author: Vincent Tam <vtam@microsoft.com>
Date:   Wed Apr 21 10:21:12 2021 -0700

    Add bmake for NV container build (#860)

commit e6c89b3300
Author: Christopher Co <35273088+christopherco@users.noreply.github.com>
Date:   Tue Apr 20 17:51:09 2021 -0700

    kernel-signed: define a new kernel subpackage (#785)

    * kernel-signed: define a new kernel subpackage

    This spec purpose is to take an input kernel rpm and input secure-boot-signed
    kernel binary from the same build and generate a new "kernel" rpm with the
    signed kernel binary + all of the other original kernel files, triggers,
    scriptlets, requires, provides, etc.

    We need to ensure the kernel modules and kernel binary used are from the exact
    same build because at build time the kernel modules are signed with an
    ephemeral key that the kernel enrolls in its keyring. We enforce kernel
    module signature checking when we enable security features like kernel
    lockdown so our kernel can only load those specific kernel modules at runtime.

    Additionally, to complete the UEFI Secure Boot chain, we must PE-sign the
    kernel binary. Ideally we would enable secure-boot signing tools like pesign
    or sbsign to be callable from inside the rpmbuild environment, that way we can
    secure-boot sign the kernel binary during the kernel's rpmbuild. It is best
    practice to sign as soon as possible. However there are issues getting that
    secure boot signing infrastructure in place today. Hence we sign the
    resulting kernel binary and "repackage" the kernel RPM (something rpm itself
    actively tries to make sure you never do...generally for good reasons).

    To achive this repackaging, this spec creates a new subpackage named
    "kernel". To retain all of the initial kernel package behaviors, we make sure
    the subpackage has the same requires, provides, triggers, post steps, and
    files as the original kernel package.

    This specific repackaging implementation leaves room for us to enable the
    more ideal secure-boot signing flow in the future without introducing any
    sort of breaking change or new packaging. Users still install a "kernel"
    package like they normally would.

    Maintenance Notes:
    - This spec's "version" and "release" must reflect the unsigned version that
    was signed. An important consequence is that when making a change to this
    spec or the normal kernel spec, the other spec's version version/release must
    be increased to keep the two versions consistent.

    - Make sure the kernel subpackage's Requires, Provides, triggers, post/postun
    scriptlets, and files match the normal kernel spec's. The kernel subpackage
    should contain the same content as the input kernel package but replace the
    kernel binary with our signed kernel binary. Since all the requires, provides,
    etc are the same, this new kernel package can be a direct replacement for the
    normal kernel package and RPM will resolve packages with kernel dependencies
    correctly.

    To populate the input sources:
      1. Build the unsigned packages as normal
      2. Sign the desired binary
      3. Place the unsigned package and signed binary in this spec's folder
      4. Build this spec

    * kernel-signed: refactor into one common spec file

    The only differences between kernel-signed-x86_64 and
    kernel-signed-aarch64 spec files were primarily the architecture
    type in the spec name and input Source0 rpm. We can use a macro to set
    these and reduce down to one spec file

    * Update checks to consider kernel-signed

    * kernel-hyperv: match release number

    Ideally we keep kernel-headers version/release in sync with kernel and
    kernel-hyperv package version/release. This allows the user to install
    kernel-headers on any Mariner system by using
       dnf install kernel-headers-$(uname -r)

    Signed-off-by: Chris Co <chrco@microsoft.com>

commit 0b20998c47
Merge: 96aee7d2 ad579968
Author: jslobodzian <joslobo@microsoft.com>
Date:   Tue Apr 20 17:38:46 2021 -0700

    Merge pull request #868 from microsoft/niontive/enc-bug

    Don't Configure Grub Encryption Settings in Chroot (#864)

commit ad579968d4
Author: Nicolas Ontiveros <54044510+niontive@users.noreply.github.com>
Date:   Tue Apr 20 15:08:14 2021 -0700

    Don't Configure Grub Encryption Settings in Chroot (#864)

commit 7aa42cedb3
Author: Nicolas Ontiveros <54044510+niontive@users.noreply.github.com>
Date:   Tue Apr 20 15:08:14 2021 -0700

    Don't Configure Grub Encryption Settings in Chroot (#864)

commit f0e65cb99b
Author: Pawel Winogrodzki <pawelwi@microsoft.com>
Date:   Tue Apr 20 10:15:43 2021 -0700

    Adding clarifications about config file paths. (#853)

commit c9cef09e94
Author: rlmenge <rachelmenge@microsoft.com>
Date:   Mon Apr 19 14:38:33 2021 -0400

    Add no patch for CVE-2021-29648 (#861)

commit c474a501a1
Author: CBL-Mariner-Bot <75509084+CBL-Mariner-Bot@users.noreply.github.com>
Date:   Fri Apr 16 18:31:13 2021 -0700

    Automatic update of the `icu` package. (#856)

    * Automatic package update.

    * Updating packages requiring re-compilation after 'icu' library version update.

    * Making shared library versions explicit inside the '%files' section.

    Co-authored-by: Pawel Winogrodzki <pawel.winogrodzki@microsoft.com>

commit 9432e35aed
Author: Andrew Phelps <anphel31@users.noreply.github.com>
Date:   Fri Apr 16 16:22:07 2021 -0700

    Update moby-engine and moby-cli to version 19.10.15 (#859)

    * update to moby 19.10.15

    * fix go-md2man filename

    * add comment to moby-cli

commit 7fb3d61413
Author: Thomas Crain <thcrain@microsoft.com>
Date:   Fri Apr 16 17:26:33 2021 -0500

    manifest aarch64 fixes

commit 38353b5bc8
Author: Thomas Crain <thcrain@microsoft.com>
Date:   Fri Apr 16 17:24:04 2021 -0500

    third try fixes

commit 00ed1f883b
Author: Thomas Crain <thcrain@microsoft.com>
Date:   Fri Apr 16 17:16:26 2021 -0500

    second try fixes

commit b885a285a6
Author: Thomas Crain <thcrain@microsoft.com>
Date:   Fri Apr 16 17:01:52 2021 -0500

    first try fixes

commit 96aee7d2c9
Merge: 959d8e4a edcc1be8
Author: jslobodzian <joslobo@microsoft.com>
Date:   Fri Apr 16 10:48:22 2021 -0700

    Merge pull request #858 from PawelWMS/pawelwi/merging_net-snmp_fix

    1.0-dev cherry-pick: Making 'keepalived' link against latest 'net-snmp' libraries.

commit 959d8e4a2a
Merge: 7277504b 29009b6d
Author: jslobodzian <joslobo@microsoft.com>
Date:   Fri Apr 16 10:48:03 2021 -0700

    Merge pull request #857 from microsoft/thcrain/1.0-a11y-fixes-offcycle

    (1.0) ISO Installer: Various accessibility fixes

commit edcc1be85f
Author: Pawel Winogrodzki <pawelwi@microsoft.com>
Date:   Fri Apr 16 10:39:56 2021 -0700

    Making 'keepalived' link against latest 'net-snmp' libraries. (#854)

commit 71c449867a
Author: Pawel Winogrodzki <pawelwi@microsoft.com>
Date:   Fri Apr 16 10:39:56 2021 -0700

    Making 'keepalived' link against latest 'net-snmp' libraries. (#854)

commit 29009b6df8
Author: Thomas Crain <thcrain@microsoft.com>
Date:   Wed Apr 14 13:38:45 2021 -0700

    ISO Installer: Various accessibility fixes (#818)

    * Lockout input when using speakup buffer clear functionality

    * Add required field markers for input fields

    * Fix color contrast for exit modal

    * Change user feedback text color for better contrast

    * Persist user feedback on user input more reliably

    * Change cursor to solid white for contrast purposes

    * Remove asterisks from manual partition table header

    * Add bright colors

    * Slaying the contrast dragon

    * Remove extraneous configurations from full iso

    * Add no speech terminal installer

    * Add form focus to installer view resets

    * Adding logging warning to stop speakup invocation

    * Fix modal contrast (again)

commit f452d9eaee
Author: Thomas Crain <thcrain@microsoft.com>
Date:   Wed Apr 14 13:38:45 2021 -0700

    ISO Installer: Various accessibility fixes (#818)

    * Lockout input when using speakup buffer clear functionality

    * Add required field markers for input fields

    * Fix color contrast for exit modal

    * Change user feedback text color for better contrast

    * Persist user feedback on user input more reliably

    * Change cursor to solid white for contrast purposes

    * Remove asterisks from manual partition table header

    * Add bright colors

    * Slaying the contrast dragon

    * Remove extraneous configurations from full iso

    * Add no speech terminal installer

    * Add form focus to installer view resets

    * Adding logging warning to stop speakup invocation

    * Fix modal contrast (again)

commit 62ba07244f
Author: rlmenge <rachelmenge@microsoft.com>
Date:   Tue Apr 13 19:22:12 2021 -0400

    Nettle: Update to 3.7.2 for CVE-2021-20305 (#852)

commit 7778033a5f
Merge: 4859da4e 22586159
Author: Thomas Crain <thcrain@microsoft.com>
Date:   Tue Apr 13 16:24:37 2021 -0500

    Merge branch 'dev' into thcrain/pain

commit 4859da4e1b
Merge: eae5b400 7277504b
Author: Thomas Crain <thcrain@microsoft.com>
Date:   Tue Apr 13 15:40:16 2021 -0500

    Merge branch '1.0' into thcrain/pain (March Update)

commit 3ee7b49650
Author: Pawel Winogrodzki <pawelwi@microsoft.com>
Date:   Mon Apr 12 14:57:06 2021 -0700

    Fixing azure-iotedge.spec `BuildRequires` typo from '==' to '='. (#844)

commit f35dcd9451
Author: Nicolas Ontiveros <54044510+niontive@users.noreply.github.com>
Date:   Mon Apr 12 14:32:54 2021 -0700

    Update openvswitch signatures file to version 2.12.3 (#848)

commit 26d5c16802
Author: Christopher Co <35273088+christopherco@users.noreply.github.com>
Date:   Mon Apr 12 12:38:14 2021 -0700

    kernel: update to 5.10.28.1 (#846)

    Update the kernel to 5.10.28.1.

    - 5.10.28.1 addresses the following CVEs:
    CVE-2020-27170, CVE-2020-27171, CVE-2021-28375, CVE-2021-28660,
    CVE-2021-28950, CVE-2021-28951, CVE-2021-28952, CVE-2021-28971,
    CVE-2021-28972, CVE-2021-29266, CVE-2021-28964, CVE-2020-35508,
    CVE-2020-16120, CVE-2021-29264, CVE-2021-29265, CVE-2021-29646,
    CVE-2021-29647, CVE-2021-29649, CVE-2021-29650, CVE-2021-30002

    - update uname_r define

    It is generally expected that users can run "dnf install
    kernel-devel-$(uname -r)" to pull the proper kernel-devel package
    associated with the currently running kernel. Currently "uname -r"
    returns something like "5.10.28.1-rolling-lts-mariner-1.cm1". RPM
    package naming has the following convention:

    [name]-[version]-[release].[arch].rpm
    where [version] and [release] cannot contain any dash characters.
    Therefore it is impossible to name a corresponding kernel-devel RPM
    to match kernel-devel-$(uname -r).

    In 5.10.28.1, we changed the kernel Makefile's EXTRAVERSION value from
    "EXTRAVERSION=.1-rolling-lts-mariner" to "EXTRAVERSION=.1", dropping
    the extra "rolling-lts-mariner" from the uname. This allows the
    "dnf install kernel-devel-$(uname -r)" to work as intended.

    Signed-off-by: Chris Co <chrco@microsoft.com>

commit 679c6cf331
Author: chalamalasetty <42326515+chalamalasetty@users.noreply.github.com>
Date:   Fri Apr 9 17:21:49 2021 -0700

    Add CVE-2021-3470 for redis and CVE-2021-30004 for wpa_supplicant (#845)

commit ae0ff9b67a
Author: Nicolas Ontiveros <54044510+niontive@users.noreply.github.com>
Date:   Fri Apr 9 12:37:45 2021 -0700

    Upgrade openvswitch to 2.12.3 (#830)

commit 199e30ef60
Author: Nicolas Ontiveros <54044510+niontive@users.noreply.github.com>
Date:   Fri Apr 9 12:35:19 2021 -0700

    Upgrade mariadb to 10.3.28 (#832)

commit c01853748d
Author: Nicolas Ontiveros <54044510+niontive@users.noreply.github.com>
Date:   Fri Apr 9 12:28:45 2021 -0700

    Update cairo to 1.17.4 (#833)

commit 83e746603e
Author: Neha Agarwal <58672330+neha170@users.noreply.github.com>
Date:   Thu Apr 8 13:06:31 2021 -0700

    Fix CVE-2021-3392 and CVE-2021-3409 in Qemu (#842)

commit 7ee27c7d92
Author: chalamalasetty <42326515+chalamalasetty@users.noreply.github.com>
Date:   Wed Apr 7 22:16:59 2021 -0700

    Update git version to 2.23.4 for CVE-2021-21300 (#840)

commit 44aa302edf
Author: Pawel Winogrodzki <pawelwi@microsoft.com>
Date:   Wed Apr 7 18:36:26 2021 -0700

    Fixing parsing toolchain and worker chroot manifests (#843)

commit 7277504b91
Merge: ee38a79c f1964ff2
Author: jslobodzian <joslobo@microsoft.com>
Date:   Tue Apr 6 20:42:34 2021 -0700

    Merge pull request #824 from anphel31/anphel/community-build-source-url-1.0

    update community instructions (1.0 branch)

commit 4f7dd4480d
Merge: c5323ed4 1a3790d2
Author: jslobodzian <joslobo@microsoft.com>
Date:   Tue Apr 6 20:41:53 2021 -0700

    Merge pull request #821 from anphel31/anphel/community-build-source-url

    update community instructions

commit eae5b4006f
Merge: fb6e6f6d 2f96fa40
Author: Thomas Crain <thcrain@microsoft.com>
Date:   Tue Apr 6 22:39:22 2021 -0500

    Merge branch '1.0' into thcrain/ever-given

commit c5323ed418
Author: rlmenge <rachelmenge@microsoft.com>
Date:   Tue Apr 6 09:56:59 2021 -0400

    Configure /proc with hidepid by default and add doPseudoFsMount to addEntryToFstab (#797)

    * Add hidepid config option

    * Fix go formatting error

    * Add recommended changes

    * Expand documentation to reference potential problems with /proc in postinstall scripts

commit 75dfb7dae8
Author: Christopher Co <35273088+christopherco@users.noreply.github.com>
Date:   Mon Apr 5 16:05:55 2021 -0700

    shim-unsigned: update to shim-15.4 release (#819)

    In preparation for supporting UEFI Secure Boot, update shim to shim-15.4 release. This release incorporates all the latest fixes and implements the generation-based revocation scheme, also known as Secure Boot Advanced Targeting (SBAT).

    - Update to shim-15.4 release. Remove all previous patches. They are incorporated in latest shim-15.4 release
    - Update embedded cert
    - Add Mariner SBAT version data

    Signed-off-by: Chris Co <chrco@microsoft.com>

commit e426e26cb2
Author: CBL-Mariner-Bot <75509084+CBL-Mariner-Bot@users.noreply.github.com>
Date:   Mon Apr 5 15:41:50 2021 -0700

    Automatic update of the `tzdata` package. (#835)

    * Automatic package update.

    * Updated parsed zone info to match the source.

    Co-authored-by: Pawel Winogrodzki <pawelwi@microsoft.com>

commit 783a6b540e
Author: CBL-Mariner-Bot <75509084+CBL-Mariner-Bot@users.noreply.github.com>
Date:   Mon Apr 5 15:36:26 2021 -0700

    Automatic package update. (#836)

commit 8265b13074
Author: Dan Mihai <Daniel.Mihai@microsoft.com>
Date:   Fri Apr 2 19:27:18 2021 -0700

    Enable kernel crypto config options (#831)

    Enable NIST SP800-90A kernel DRBG config options:

    CONFIG_CRYPTO_DRBG_HASH
    CONFIG_CRYPTO_DRBG_CTR

commit 5ded532076
Author: rlmenge <rachelmenge@microsoft.com>
Date:   Fri Apr 2 21:57:16 2021 -0400

    Add nopatches for tooling (#834)

commit e1ea8ea060
Author: Christopher Co <35273088+christopherco@users.noreply.github.com>
Date:   Fri Apr 2 15:58:27 2021 -0700

    grub2: Add a few more patches (#809)

    Add a few more F34 patches that are useful to carry.

    Patches:
    - 017: fix for passing the kernel command line
    - 037, 052: updates the documentation and makes patch 166 apply cleanly
    - 069: Fix for tsc problem
    - 166: Prevent user from overwriting signed grub EFI binary when using
    grub2-install

    Signed-off-by: Chris Co <chrco@microsoft.com>

commit 3a4412a381
Author: Nicolas Ontiveros <54044510+niontive@users.noreply.github.com>
Date:   Thu Apr 1 17:02:37 2021 -0700

    Patch CVE-2021-20271 and CVE-2021-3421 in RPM (#829)

    * Patch CVE-2021-20271 and CVE-2021-3421 in RPM

    * Update pkggen and toolchain txt files

    * address spec linting

commit 8d674f012e
Author: Neha Agarwal <58672330+neha170@users.noreply.github.com>
Date:   Thu Apr 1 14:25:19 2021 -0700

    Patch CVE-2021-3416 and add tests to qemu-kvm (#822)

    * Patch CVE-2021-3416 and add tests to qemu-kvm

    * Add exit 1, remove redundant variable

commit 5b3ec77306
Author: Nicolas Ontiveros <54044510+niontive@users.noreply.github.com>
Date:   Wed Mar 31 19:04:36 2021 -0700

    Update curl to 7.76 (#823)

    * Update curl to 7.76

    * Addresse spec linting

commit f1964ff28a
Author: Andrew Phelps <anphel@microsoft.com>
Date:   Wed Mar 31 18:53:10 2021 -0700

    update instructions

commit a3d546d9b7
Merge: 464e20c4 ee38a79c
Author: Andrew Phelps <anphel@microsoft.com>
Date:   Wed Mar 31 18:51:39 2021 -0700

    Merge remote-tracking branch 'upstream/1.0' into 1.0

commit 1a3790d24c
Author: Andrew Phelps <anphel@microsoft.com>
Date:   Wed Mar 31 18:15:03 2021 -0700

    update per pr feedback

commit 77ce0024b0
Merge: 840b3050 f4606ada
Author: Nick Samson <nick.samson@microsoft.com>
Date:   Wed Mar 31 16:57:38 2021 -0700

    Merge pull request #820 from microsoft/nisamson/CVE-2020-27618-fix-build

    CVE-2020-27618 patch fixed to enable glibc build

commit ccd60d6b91
Author: Andrew Phelps <anphel@microsoft.com>
Date:   Wed Mar 31 16:30:06 2021 -0700

    update community instructions

commit f4606adad1
Author: Nick Samson <nick.samson@microsoft.com>
Date:   Wed Mar 31 20:15:48 2021 +0000

    CVE-2020-27618 patch fixed to enable glibc build

commit 840b30503e
Author: Christopher Co <35273088+christopherco@users.noreply.github.com>
Date:   Wed Mar 31 13:15:46 2021 -0700

    installkernel: Add custom installkernel package (#816)

    Add a custom installkernel script to easily install the Linux kernel
    onto a running Mariner system. This script will get called automatically
    by the Linux kernel's "make install" command.

    Signed-off-by: Chris Co <chrco@microsoft.com>

commit 840719ca1e
Author: Nicolas Ontiveros <54044510+niontive@users.noreply.github.com>
Date:   Wed Mar 31 13:11:45 2021 -0700

    Upgrade OpenSSL to 1.1.1k (#812)

    * Update openssl to version 1.1.1k

    * Update pkggen and toolchain txt files

    * Update cgmanifest

commit ee38a79ca8
Merge: 2f96fa40 52d51f7c
Author: jslobodzian <joslobo@microsoft.com>
Date:   Tue Mar 30 20:59:56 2021 -0700

    Merge pull request #817 from microsoft/joslobo/march-update-merge

    Merge 1.0-dev to 1.0 for March Update

commit 52d51f7c0a
Author: Jon Slobodzian <joslobo@microsoft.com>
Date:   Tue Mar 30 20:57:40 2021 -0700

    Update release version for March update

commit 1a3281d2a1
Merge: 426c47eb fd796da4
Author: Jon Slobodzian <joslobo@microsoft.com>
Date:   Tue Mar 30 19:28:34 2021 -0700

    Merge 1.0-dev to 1.0 for March Update

commit 426c47eb13
Author: Jon Slobodzian <joslobo@microsoft.com>
Date:   Tue Mar 30 19:16:18 2021 -0700

    Revert "Remove ntopng (#689)"

    This reverts commit 27b2a5ba92.

commit 8ab1aa022c
Author: Jon Slobodzian <joslobo@microsoft.com>
Date:   Tue Mar 30 19:14:46 2021 -0700

    Revert "Back out the 5.10.13.1 kernel test, to restore the 5.4 kernel and clear the way for the openssl cve fix."

    This reverts commit 015bebe1a2.

commit 528443704a
Author: Jon Slobodzian <joslobo@microsoft.com>
Date:   Tue Mar 30 19:13:37 2021 -0700

    Revert "Restore the 5.4 kernel settings from the February release.  We want to Disable RANDSTRUCT and enable SMARTPQI."

    This reverts commit d1b029b56f.

commit dd4859cfac
Merge: 8d5c63da 8c829411
Author: Nick Samson <nick.samson@microsoft.com>
Date:   Tue Mar 30 13:57:07 2021 -0700

    Merge pull request #775 from microsoft/nisamson/CVE-2020-27618

    Fix CVE-2020-27618 for glibc

commit 8c82941113
Merge: d31496ab 8d5c63da
Author: Nick Samson <nick.samson@microsoft.com>
Date:   Tue Mar 30 13:56:31 2021 -0700

    Merge branch '1.0-dev' into nisamson/CVE-2020-27618

commit 8d5c63da84
Author: Nicolas Ontiveros <54044510+niontive@users.noreply.github.com>
Date:   Tue Mar 30 07:29:28 2021 -0700

    Patch CVE-2021-28153 (#811)

    * Patch CVE-2021-28153

    * Update pkggen and toolchain txt files

commit 145da388cd
Author: CBL-Mariner-Bot <75509084+CBL-Mariner-Bot@users.noreply.github.com>
Date:   Mon Mar 29 15:34:52 2021 -0700

    Automatic package update. (#806)

commit fd796da401
Author: Christopher Co <35273088+christopherco@users.noreply.github.com>
Date:   Mon Mar 29 14:16:27 2021 -0700

    diskutils: add more robust handling of disk/partition operations (#805)

    This change has two parts:

    diskutils: always flock disk/partition operations
    Parted can't be trusted to fully complete all disk operations by
    the time it returns control. So add flock to every disk or partition
    operation.

    Also add a flock partprobe -s command after parted commands but before
    any other non-parted command could run.

    diskutils: add retry logic
    Partition creation and dynamic /dev file generation are still racing and all
    the "fixes" that supposedly prevent these timing issues are just not
    sufficient to fully solve the problem. So add retry logic to deal with
    this problem. Not ideal but also not worth wasting any more cycles on this.

    Signed-off-by: Chris Co chrco@microsoft.com

commit 6e244270ff
Author: Pawel Winogrodzki <pawelwi@microsoft.com>
Date:   Mon Mar 29 13:23:41 2021 -0700

    Cleaning SRPM expansion and chroot creation console output (#765)

    * Limiting toolkit output.

    * Shortening file paths.

    * Making toolchain download logs shorter.

    * Logging more details for SRPMs extraction.

commit aab304ca58
Author: Thomas Crain <thcrain@microsoft.com>
Date:   Mon Mar 29 09:25:50 2021 -0700

    Update PR template with new files (#807)

commit e7758f8a1e
Author: Thomas Crain <thcrain@microsoft.com>
Date:   Mon Mar 29 09:25:25 2021 -0700

    Remove shortcuts from ISO installer views (#808)

commit 1d0a641fcb
Author: Andrew Phelps <anphel31@users.noreply.github.com>
Date:   Sat Mar 27 22:19:24 2021 -0700

    remove toolchain-jdk8-md5sums (#792)

commit 6712181977
Author: Pawel Winogrodzki <pawelwi@microsoft.com>
Date:   Fri Mar 26 17:49:00 2021 -0700

    Fixing older toolkit builds. Ignoring 'BuildRequires' on pre-installed packages. (#803)

    Co-authored-by: Henry Beberman <henry.beberman@microsoft.com>

commit 47c29a2588
Merge: 760eb476 0354e52c
Author: jslobodzian <joslobo@microsoft.com>
Date:   Fri Mar 26 17:45:02 2021 -0700

    Merge pull request #804 from microsoft/mamalisz/accessibility

    Change dropdown menus to accessible input fields

commit 0354e52c0e
Author: Mateusz Malisz <maliszmat@outlook.com>
Date:   Fri Mar 26 17:34:58 2021 -0700

    Remove reset functions

commit 1989d61e5b
Author: Mateusz Malisz <maliszmat@outlook.com>
Date:   Fri Mar 26 16:07:39 2021 -0700

    Silence extraction of toolchain RPMs

commit 760eb4762a
Author: Henry Beberman <henry.beberman@microsoft.com>
Date:   Fri Mar 26 16:22:26 2021 -0700

    busybox patch CVE-2021-28831 (#800)

commit f1a520d43d
Author: Henry Beberman <henry.beberman@microsoft.com>
Date:   Fri Mar 26 16:22:00 2021 -0700

    python-pygments patch CVE-2021-20270 (#799)

commit fc362543fe
Author: Neha Agarwal <58672330+neha170@users.noreply.github.com>
Date:   Fri Mar 26 16:18:17 2021 -0700

    Make grpc use system zlib and openssl (#802)

    Co-authored-by: Henry Beberman <henry.beberman@microsoft.com>

commit 2f361d3268
Author: Mateusz Malisz <maliszmat@outlook.com>
Date:   Fri Mar 26 15:34:39 2021 -0700

    Modify input fields to work with enums

commit 7f6819f1dc
Author: Christopher Co <35273088+christopherco@users.noreply.github.com>
Date:   Thu Mar 25 15:06:01 2021 -0700

    grub2: Update to 2.06-rc1 (#781)

    Update grub2 from 2.02 to 2.06-rc1 which handles BootHole v2. Additionally, we
    drop all previous patches and rebaseline using a minimal number of patches
    from FC34. These patches implement Secure Boot Handover protocol (needed
    so the TPM Eventlog can be exposed to the kernel for TPM attestation scenarios)
    and a few other nice-to-have fixes.

    2.06 also introduces a new generation number based revocation mechanism known
    as Secure Boot Advanced Targeting (SBAT) into the grub EFI binary. Components
    that utilize the SHIM for secure boot will add an .sbat field into their binary's
    PE-header, allowing the SHIM to check the component's sbat field against known
    good component versions and allow for version-based revocation.

    Signed-off-by: Chris Co <chrco@microsoft.com>

commit 2f96fa4037
Merge: 6100c7dd af277463
Author: jslobodzian <joslobo@microsoft.com>
Date:   Thu Mar 25 14:13:51 2021 -0700

    Merge pull request #796 from microsoft/joslobo/pull-openssl

    Fix OpenSSL CVE-2021-3449 and CVE-2021-3450

commit af27746363
Author: Henry Beberman <henry.beberman@microsoft.com>
Date:   Thu Mar 25 12:05:55 2021 -0700

    openssl patch CVE-2021-3449, CVE-2021-3450 (#794)

commit 516207ee6b
Author: Nicolas Ontiveros <54044510+niontive@users.noreply.github.com>
Date:   Fri Mar 19 12:13:20 2021 -0700

    Fix Bugs in OpenSSL SP800-56a Rev3 Patch (#768)

commit daefedb645
Author: Nicolas Ontiveros <54044510+niontive@users.noreply.github.com>
Date:   Mon Mar 15 10:15:20 2021 -0700

    Add sp800-56a rev3 compliance to OpenSSL (#735)

commit 6100c7ddd1
Merge: cef3d6dd d1b029b5
Author: jslobodzian <joslobo@microsoft.com>
Date:   Thu Mar 25 13:06:20 2021 -0700

    Merge pull request #795 from microsoft/joslobo/backoutchanges

    Joslobo/backoutchanges

commit d1b029b56f
Author: Jon Slobodzian <joslobo@microsoft.com>
Date:   Thu Mar 25 13:01:30 2021 -0700

    Restore the 5.4 kernel settings from the February release.  We want to Disable RANDSTRUCT and enable SMARTPQI.
    Revert "Revert "Disable CONFIG_GCC_PLUGIN_RANDSTRUCT and enable CONFIG_SCSI_SMARTPQI (#661)""

    This reverts commit 89411a15db.

commit 015bebe1a2
Author: Jon Slobodzian <joslobo@microsoft.com>
Date:   Thu Mar 25 12:56:59 2021 -0700

    Back out the 5.10.13.1 kernel test, to restore the 5.4 kernel and clear the way for the openssl cve fix.
    Revert "Revert "Revert "Update kernel source to 5.10.13.1 (#601)" (#660)""

    This reverts commit fd81391933.

commit b93ec23892
Author: Henry Beberman <henry.beberman@microsoft.com>
Date:   Thu Mar 25 12:08:42 2021 -0700

    python-pygments patch CVE-2021-27291 (#787)

commit 5512b2e2bb
Author: Henry Beberman <henry.beberman@microsoft.com>
Date:   Thu Mar 25 12:08:16 2021 -0700

    subversion patch CVE-2020-17525 (#789)

commit da852dc89b
Author: Henry Beberman <henry.beberman@microsoft.com>
Date:   Thu Mar 25 12:05:55 2021 -0700

    openssl patch CVE-2021-3449, CVE-2021-3450 (#794)

commit bd6df2caf6
Author: Andrew Phelps <anphel31@users.noreply.github.com>
Date:   Thu Mar 25 10:24:25 2021 -0700

    update workflows to use golang 1.15 (#791)

commit e5c1ee74ef
Author: Thomas Crain <thcrain@microsoft.com>
Date:   Wed Mar 24 16:46:25 2021 -0700

    Add GitHub Action for LICENSE-MAP.md checking (#766)

commit cc924b0466
Author: Christopher Co <35273088+christopherco@users.noreply.github.com>
Date:   Wed Mar 24 11:57:54 2021 -0700

    kernel: Address CVEs and enable CONFIG_FANOTIFY_ACCESS_PERMISSIONS (#779)

    This PR has two changes:

    Address kernel CVEs, fix kernel-signed file copy
    Address CVE-2021-27365, CVE-2021-27364, CVE-2021-27363

    kernel-signed %install step was not copying hidden files to the
    buildroot directory (i.e., /boot/.vmlinuz-<uname_r>.hmac). So fix
    the copy step.

    Enable CONFIG_FANOTIFY_ACCESS_PERMISSIONS
    This allows security products to block access to malicious files in real-time

    Signed-off-by: Chris Co chrco@microsoft.com

commit 9879f4c92a
Author: Neha Agarwal <58672330+neha170@users.noreply.github.com>
Date:   Wed Mar 24 10:36:29 2021 -0700

    Add patch to qemu-kvm to fix CVE-2021-20255 (#782)

    * Add patch to fix CVE-2021-20255

    * Fix date

commit 225fb4a1dc
Author: Mateusz Malisz <maliszmat@outlook.com>
Date:   Wed Mar 24 06:45:12 2021 -0700

    Add nopatch for redis CVE-2021-21309 (#734)

commit cef3d6dd65
Author: jslobodzian <joslobo@microsoft.com>
Date:   Sun Mar 21 19:34:06 2021 -0700

    Patch CVE-2020-35521, CVE-2020-35522, CVE-2020-35523, CVE-2020-35524 (#773)

commit f17311f940
Author: Mateusz Malisz <maliszmat@outlook.com>
Date:   Tue Mar 23 01:17:16 2021 -0700

    Fix CVE-2021-20231 and CVE_2021-20232 (#774)

    * Patch gnutls CVE-2021-20231

    * Patch CVE-2021-20232

commit b2b6022623
Author: Henry Beberman <henry.beberman@microsoft.com>
Date:   Mon Mar 22 16:38:37 2021 -0700

    Update default sshd_config to match other distros (#746)

    Update default sshd_config to match other distros

commit 4384c45149
Author: Christopher Co <35273088+christopherco@users.noreply.github.com>
Date:   Mon Mar 22 16:38:03 2021 -0700

    add bios-grub partition flag (#764)

    When we released the initial tools, "bios-grub" was a valid partition
    Flag in the image configuration JSON. At some point, it got dropped
    in favor of "bios_grub". However calamares GUI ISO installer produces
    config files with the original "bios-grub" flag. So this change
    restores the "bios-grub" flag as a legacy option. We still prefer
    users to use "bios_grub" going forward.

    Signed-off-by: Chris Co <chrco@microsoft.com>

commit d31496abdd
Author: Nick Samson <nisamson@microsoft.com>
Date:   Mon Mar 22 21:23:09 2021 +0000

    Patched CVE-2020-27618 in glibc

commit ab6436ae86
Author: Neha Agarwal <58672330+neha170@users.noreply.github.com>
Date:   Mon Mar 22 10:31:28 2021 -0700

    Add patch to qemu-kvm to fix CVE-2021-20203 (#770)

    * add patch to resolve CVE-2021-20203 in qemu-kvm

    * add patch command, change log

    * change Release

commit 2335fa128b
Author: Andrew Phelps <anphel31@users.noreply.github.com>
Date:   Mon Mar 22 10:27:03 2021 -0700

    update srpmpacker (#757)

commit 11698ae9f4
Author: rlmenge <rachelmenge@microsoft.com>
Date:   Mon Mar 22 11:45:51 2021 -0400

    Iptables: Add ssh brute force protection rules  (#741)

    * Add iptables rules to prevent over 6 ssh connection attempts within a minute

    * Verify license

commit 9a99bef704
Author: jslobodzian <joslobo@microsoft.com>
Date:   Sun Mar 21 19:34:06 2021 -0700

    Patch CVE-2020-35521, CVE-2020-35522, CVE-2020-35523, CVE-2020-35524 (#773)

commit a07a2b62a6
Merge: fcf3924b 59e62fde
Author: Nick Samson <nick.samson@microsoft.com>
Date:   Fri Mar 19 21:53:36 2021 -0700

    Merge pull request #755 from microsoft/nisamson/CVE-2020-8277-1.0

    Fix CVE-2020-8277 in c-ares with version upgrade

commit fcf3924bae
Author: Neha Agarwal <58672330+neha170@users.noreply.github.com>
Date:   Fri Mar 19 17:12:17 2021 -0700

    Add grpc to mariner (#751)

    * add grpc to mariner

    * fix SPEC file using spec-cleaner, incorporate comments

    * incorporated comments

    * Incorporate comments

commit 3e60a4e063
Author: Nicolas Ontiveros <54044510+niontive@users.noreply.github.com>
Date:   Fri Mar 19 12:13:20 2021 -0700

    Fix Bugs in OpenSSL SP800-56a Rev3 Patch (#768)

commit 8870918cb8
Author: CBL-Mariner-Bot <75509084+CBL-Mariner-Bot@users.noreply.github.com>
Date:   Thu Mar 18 20:12:29 2021 -0700

    Automatic package update. (#762)

commit 44d226165e
Author: Christopher Co <35273088+christopherco@users.noreply.github.com>
Date:   Thu Mar 18 11:32:51 2021 -0700

    diskutils: Add partprobe after partition creation (#725)

    * diskutils: Add partprobe after partition creation

    There can be a timing issue where partition creation finishes but the
    devtmpfs files are not populated in time for partition initialization.
    So to deal with this, we call partprobe here to query and flush the
    partition table information, which should enforce that the devtmpfs
    files are created when partprobe returns control.

    * diskutils: invoke partprobe with flock

    Added flock because "partprobe -s" apparently doesn't always block.
    flock is part of the util-linux package and helps to synchronize access
    with other cooperating processes. The important part is it will block
    if the fd is busy, and then execute the command. Adding a 5 second timeout
    to prevent us from possibly waiting forever.

    * diskutils: Update timeout variable name

    * diskutils: clarify debug log message

    * Add parted to documentation and quickstart runner

    Signed-off-by: Chris Co <chrco@microsoft.com>

commit 8205caf3d2
Author: Pawel Winogrodzki <pawelwi@microsoft.com>
Date:   Wed Mar 17 22:12:23 2021 -0700

    Unifying `coredns` specs for the sake of automation. (#758)

commit eb68091b5e
Author: Nicolas Ontiveros <54044510+niontive@users.noreply.github.com>
Date:   Wed Mar 17 16:01:50 2021 -0700

    Disable QAT kernel configs (#759)

commit 464e20c49f
Merge: 9080fa1c fd813919
Author: Andrew Phelps <anphel@microsoft.com>
Date:   Tue Mar 16 18:19:32 2021 -0700

    Merge remote-tracking branch 'upstream/1.0' into 1.0

commit 59e62fde88
Author: Nick Samson <nisamson@microsoft.com>
Date:   Tue Mar 16 16:26:06 2021 -0700

    Applied linter diff to c-ares.spec

commit e1b8733021
Author: Nick Samson <nisamson@microsoft.com>
Date:   Tue Mar 16 16:16:01 2021 -0700

    Updated cgmanifest for c-ares upgrade

commit 0c0b7d0e41
Author: Nick Samson <nisamson@microsoft.com>
Date:   Tue Mar 16 11:21:09 2021 -0700

    Upgraded c-ares to 1.17.1 to address CVE

commit 79b9b3e4c5
Author: Nick Samson <nisamson@microsoft.com>
Date:   Mon Mar 15 17:38:21 2021 -0700

    Patched CVE-2020-8277 in c-ares

commit 55e42f31c8
Author: Christopher Co <35273088+christopherco@users.noreply.github.com>
Date:   Tue Mar 16 11:06:33 2021 -0700

    systemd: disallow unprivileged BPFs (#743)

    Additional mitigation step for CVE-2021-20194. Our kernels are typically
    hardened with CONFIG_HARDENED_USERCOPY=y so we are not exposed to this
    vulnerability specifically. But if this ends up not being the case in
    the future, we have this mitigation enabled as well.

    Signed-off-by: Chris Co <chrco@microsoft.com>

commit 56063ad3ba
Author: Christopher Co <35273088+christopherco@users.noreply.github.com>
Date:   Tue Mar 16 11:05:42 2021 -0700

    kernel: Update to 5.10.21.1 and add virtio drivers to initrd (#742)

    * initial update kernel to 5.10.21.1

    * add new CONFIG_KCMP

    CONFIG_KCMP was introduced between our last kernel version and
    this one. CONFIG_KCMP is selected (=y) by CONFIG_DRM and
    CONFIG_CHECKPOINT_RESTORE

    * Add virtio drivers to be added into initrd

    Adding these drivers into the initrd allows us to boot offline-created
    images on virtio-based machines (i.e., cloud-hypervisor VMs)

    * kernel: Address CVEs

    "Nopatch" the following CVEs. They are fixed in 5.10.21.1
    - CVE-2021-26930
    - CVE-2020-35499
    - CVE-2021-26931
    - CVE-2021-26932

    * Remove CONFIG_USB_LGM_PHY from aarch64 config

    New kernel version only exposes this config if building for X86.

    Signed-off-by: Chris Co <chrco@microsoft.com>

commit 559634161c
Author: Andrew Phelps <anphel31@users.noreply.github.com>
Date:   Mon Mar 15 23:09:14 2021 -0700

    fix perl-Crypt-SSLeay test (#750)

commit bcb2959124
Author: Christopher Co <35273088+christopherco@users.noreply.github.com>
Date:   Mon Mar 15 17:47:43 2021 -0700

    installutils: only return grub2-pc on amd64 install (#749)

    * installutils: only return grub2-pc on amd64 install

    grub2-pc package is only available for x86_64 systems so if the tools
    attempt to use it on arm64 image builds, the build will fail.

    This fix checks the current architecture and only includes grub2-pc if
    running on an x86_64 machine.

    * installutils: add test package and basic arch test

    * installutils: Fix empty required package return

    If no required packages are present, always return a slice
    with no elements instead of a nil pointer.

    Signed-off-by: Chris Co <chrco@microsoft.com>

commit 3de10b0f28
Author: Henry Beberman <henry.beberman@microsoft.com>
Date:   Mon Mar 15 12:52:26 2021 -0700

    Update cloud-utils-growpart to 0.32 to fix kver parsing (#747)

commit 9e8da9c7e6
Author: rlmenge <rachelmenge@microsoft.com>
Date:   Mon Mar 15 13:50:27 2021 -0400

    Add partscan flag (#730)

commit 0370897f73
Author: Nicolas Ontiveros <54044510+niontive@users.noreply.github.com>
Date:   Mon Mar 15 10:15:20 2021 -0700

    Add sp800-56a rev3 compliance to OpenSSL (#735)

commit fd81391933
Author: Jon Slobodzian <joslobo@microsoft.com>
Date:   Sat Mar 13 10:33:37 2021 -0800

    Revert "Revert "Update kernel source to 5.10.13.1 (#601)" (#660)"

    This reverts commit c96079399a.

commit 89411a15db
Author: Jon Slobodzian <joslobo@microsoft.com>
Date:   Sat Mar 13 10:31:32 2021 -0800

    Revert "Disable CONFIG_GCC_PLUGIN_RANDSTRUCT and enable CONFIG_SCSI_SMARTPQI (#661)"

    This reverts commit bdf678ddf6.

commit 91a43007fd
Author: Andrew Phelps <anphel31@users.noreply.github.com>
Date:   Fri Mar 12 17:29:31 2021 -0800

    Modify SRPMPacker tool to use system cert pool (#739)

    * use SystemCertPool()

    * update documentation

    * log error

commit e3d9a78e81
Author: CBL-Mariner-Bot <75509084+CBL-Mariner-Bot@users.noreply.github.com>
Date:   Thu Mar 11 20:48:22 2021 -0800

    Updating Microsoft trusted root CAs. (#736)

commit 99281a23bf
Author: Pawel Winogrodzki <pawelwi@microsoft.com>
Date:   Thu Mar 11 18:43:17 2021 -0800

    Updating 'openssh' to 8.5p1 to fix CVE-2021-28041. (#737) (#738)

    * Updating 'openssh' to 8.5p1.

    * Removing regressions test fixes - already part of new version.

    * Enabling running more tests.

commit 3ce5ee3dbb
Author: chalamalasetty <42326515+chalamalasetty@users.noreply.github.com>
Date:   Thu Mar 11 17:27:56 2021 -0800

    Reduce disk footprint in Mariner Core images (#723)

    * Reduce disk footprint in Mariner Core images

    * Fix lint issues in core-packages spec file

    * Fix lint issues in core-packages spec file

    * Reduce disk footprint in Mariner Core images

    * Reduce disk footprint in Mariner Core images

    * Reduce disk footprint in Mariner Core images

    * Refactor legacy bootloader install handling (#731)

    Currently the tools make the assumption that grub2-pc is part of the
    installroot (i.e., part of the final image). Unfortunately this
    assumption also bloats our final image size by 100+ MB with
    grub tools we do not need.

    So this change refactors how legacy bootloaders get installed.
    First, always include the grub2-pc package as part of the
    setupchroot so they are available in the installation environment
    but not in the final image.

    Next, run the grub2-mkinstall command from the setupchroot
    environment instead of the installroot environment, but target
    the install directories to paths inside the installroot.

    Finally, enlighten the imagepkgfetcher to always fetch the
    grub2-pc package so it is always available.

    * remove custom grub2-pc json files and scripts

    These files are no longer needed with the tooling changes present

    * installutils: clarify grub2-install arg

    * imager: only do one tdnf install for setup chroot

    Combines required tooling packages and dm-verity
    packages (if necessary) into a single list and
    installs it.

    Signed-off-by: Chris Co <chrco@microsoft.com>

    Co-authored-by: Christopher Co <35273088+christopherco@users.noreply.github.com>

commit 3281e16bfd
Author: Pawel Winogrodzki <pawelwi@microsoft.com>
Date:   Thu Mar 11 17:18:11 2021 -0800

    Updating 'openssh' to 8.5p1 to fix CVE-2021-28041. (#737)

    * Updating 'openssh' to 8.5p1.

    * Removing regressions test fixes - already part of new version.

    * Enabling running more tests.

commit 68739a884c
Author: Pawel Winogrodzki <pawelwi@microsoft.com>
Date:   Thu Mar 11 12:37:44 2021 -0800

    Adding retries to jdk8 tarballs downloads during toolchain builds (#719)

commit 4f61392183
Author: Christopher Co <35273088+christopherco@users.noreply.github.com>
Date:   Wed Mar 10 18:04:23 2021 -0800

    kernel: Enable kernel lockdown configs (#722)

    * kernel: enable kernel lockdown lsm

    * kernel-hyperv: enable kernel lockdown lsm

    * kernel-signed: Use uname_r macro everywhere

    There was a build break due to an incorrect name used
    for vmlinuz in SOURCE1.

    The new 5.10 kernel source introduced a new versioning
    scheme when built. EXTRAVERSION will always contain
    "-rolling-lts-mariner".

    In kernel.spec, the vmlinuz we output has the name:
    vmlinuz--rolling-lts-mariner-, which
    is constructed using vmlinuz-%{uname_r}

    So to fix, use vmlinuz-%{uname_r} in the kernel-signed
    specs as well.

    * add more lockdown configs

    CONFIG_SECURITY_LOCKDOWN_LSM_EARLY=y enables the lockdown lsm
    very early prior to the security subsystem's initialization.
    Still subject to kernel boot parameters.

    CONFIG_LOCK_DOWN_KERNEL_FORCE_NONE=y no lockdown functionality
    enabled by default, but can be enabled via kernel commandline or
    /sys/kernel/security/lockdown

    General distros should set lockdown integrity mode, while special
    purpose distros should set lockdown confidentiality mode. These
    can be set in the kernel command line

    Signed-off-by: Chris Co <chrco@microsoft.com>

commit 9eb6cebf7a
Author: rlmenge <rachelmenge@microsoft.com>
Date:   Wed Mar 10 16:25:36 2021 -0500

    installutils: Remove stale constant (#729)

    * Remove the stale constant

    * Remove additional unused constant

commit edd974de40
Author: Christopher Co <35273088+christopherco@users.noreply.github.com>
Date:   Wed Mar 10 13:15:43 2021 -0800

    file: add append data to debug output (#728)

    Print out the data being appended by file.Append() into
    the debug log. This is useful for debugging some of the image
    generation flows like /etc/fstab update.

    Signed-off-by: Chris Co <chrco@microsoft.com>

commit 3043b04561
Author: Henry Beberman <henry.beberman@microsoft.com>
Date:   Mon Mar 8 16:31:36 2021 -0800

    Fix typo in prerequisites.md (#724)

commit ec550334ae
Author: Pawel Winogrodzki <pawelwi@microsoft.com>
Date:   Mon Mar 8 15:46:14 2021 -0800

    Improving toolchain download logs. (#718)

commit 1939a78b6d
Author: Thomas Crain <thcrain@microsoft.com>
Date:   Mon Mar 8 14:42:20 2021 -0600

    Update Python3 to 3.7.10, Backport CVE-2021-23336 patch to Python2 (#679)

commit 6985404f12
Author: Thomas Crain <thcrain@microsoft.com>
Date:   Mon Mar 8 14:06:48 2021 -0600

    Patch CVE-2021-0326, CVE-2021-27803 in wpa_supplicant (#720)

commit 0bd20333b8
Author: Christopher Co <35273088+christopherco@users.noreply.github.com>
Date:   Mon Mar 8 10:35:36 2021 -0800

    diskutils: refactor partition detection (#705)

    Currently, there is an issue where if when we attempt to partition a
    virtual disk (/dev/vd*), we make the incorrect choice to append the
    "p#" suffix for the partition name, thus failing the partitioning.

    Instead of making certain assumptions about the path prefix,
    let's actually detect the partition file in /dev and use that
    knowledge to inform the rest of the partition initialization

    Signed-off-by: Chris Co <chrco@microsoft.com>

commit 9f8fe50893
Author: Christopher Co <35273088+christopherco@users.noreply.github.com>
Date:   Mon Mar 8 10:35:00 2021 -0800

    diskutils: add clearer error when no disk found (#716)

    Our ISO installer, via diskutils, checks to see if there are valid disks
    to install to before proceeding. If we boot the ISO on hardware where
    the installer cannot find any disks, the installer panics with a very
    cryptic error message:
        PANI[0000] unexpected end of JSON input

    This message leads people to believe that the error is with their
    imageconfig JSON file, but in reality, the JSON referenced here is
    from the output of our lsblk command. We use lsblk to see if the
    system has any disks we can install to and we get this output in JSON
    format. So in the case where no supported disk is found, we end up
    feeding an empty JSON input into the json.Unmarshal() and we get
    this panic message.

    So add a check to make sure the output from lsblk isn't empty
    before we feed it to the json.Unmarshal(). Now if no supported disks
    are found, you should get the following error message:
        ERRO[0000] no supported disks found
        PANI[0000] no supported disks found

    Signed-off-by: Chris Co <chrco@microsoft.com>

commit 20381f5cf2
Author: Thomas Crain <thcrain@microsoft.com>
Date:   Mon Mar 8 12:05:32 2021 -0600

    Fix failing test for espeak-ng (#717)

commit 6c67796397
Author: Thomas Crain <thcrain@microsoft.com>
Date:   Fri Mar 5 23:31:00 2021 -0600

    Nopatch CVE-2020-8032 in cyrus-sasl (#708)

    * Nopatch CVE-2020-8032 in cyrus-sasl

    * Address Pawel feedback

commit 1b6ef71f38
Author: Thomas Crain <thcrain@microsoft.com>
Date:   Fri Mar 5 23:23:40 2021 -0600

    Add patch for CVE-2021-27218, CVE-2021-27219 in glib (#715)

    * Add patch for CVE-2021-27218, CVE-2021-27219 in glib

    * Remove test that doesn't make sense in our version (g_memdup2 does not exist)

commit b52eb56c5c
Author: CBL-Mariner-Bot <75509084+CBL-Mariner-Bot@users.noreply.github.com>
Date:   Fri Mar 5 18:21:49 2021 -0800

    Updating Microsoft trusted root CAs. (#712)

    Co-authored-by: CBL-Mariner Servicing Account <clbmargh@microsoft.com>

commit 194116e505
Author: Andrew Phelps <anphel31@users.noreply.github.com>
Date:   Fri Mar 5 17:56:20 2021 -0800

    Fix libpng random test failure (#713)

    * fix libpng test failure

    * fix linting error

commit f6750f45f0
Author: Thomas Crain <thcrain@microsoft.com>
Date:   Fri Mar 5 15:24:19 2021 -0600

    Upgrade libgcrypt to 1.8.7 to fix CVE-2019-13627 (#580)

commit d4d849e3c9
Author: chalamalasetty <42326515+chalamalasetty@users.noreply.github.com>
Date:   Fri Mar 5 11:30:14 2021 -0800

    Add Broadcom NetXtreme and msr driver moudule support to kernel (#707)

commit 695b51b9c0
Author: Nicolas Ontiveros <54044510+niontive@users.noreply.github.com>
Date:   Thu Mar 4 14:04:51 2021 -0800

    Enable FIPS mode for NSS (#690)

commit 32cbac6c2c
Author: Neha Agarwal <58672330+neha170@users.noreply.github.com>
Date:   Thu Mar 4 15:35:05 2021 -0600

    Update postgresql for CVE-2021-20229 & CVE-2021-3393 (#699)

commit bf4a6f36b1
Author: Daniel McIlvaney <damcilva@microsoft.com>
Date:   Thu Mar 4 11:21:26 2021 -0800

    Fix issue with multiple empty mount validation (#692)

commit 1833823700
Author: Thomas Crain <thcrain@microsoft.com>
Date:   Thu Mar 4 12:38:03 2021 -0600

    Improve text-to-speech experience in the ISO installer (#694)

    * Explicitly add alsa packages to accessibility package list for ISO

    * Optimize UI text for TTS

    * Enable highlight tracking mode in speakup

    * Remove progress percentage, add speech-enabled text to terminal installer option

commit 2f47bcc561
Author: Andrew Phelps <anphel31@users.noreply.github.com>
Date:   Thu Mar 4 10:16:08 2021 -0800

    Fix tests for gdb, libxml2, net-snmp, python-werkzeug, skip python-psutil tests (#703)

    * fix libxml2 tests

    * fix python-werkzeug tests

    * fix net-snmp tests

    * skip python-psutil test

    * fix gdb tests

    * update manifests

commit 70fe5c1754
Author: Christopher Co <35273088+christopherco@users.noreply.github.com>
Date:   Thu Mar 4 09:55:25 2021 -0800

    Add common utilities to ISO environment and Full SKU (#645)

    * Add some debugging utilities to iso initrd
    * Add test tools to Full ISO install
    * alphabetize developer-packages list

    Signed-off-by: Chris Co <chrco@microsoft.com>

commit c29740747d
Author: Thomas Crain <thcrain@microsoft.com>
Date:   Wed Mar 3 19:18:12 2021 -0600

    Fix Makefile nits (#698)

commit af41befcaf
Author: Andrew Phelps <anphel31@users.noreply.github.com>
Date:   Wed Mar 3 16:38:59 2021 -0800

    Fix check tests for apparmor, redis, python-pycurl, skip WALinuxAgent (#693)

    * fix redis test issue

    * fix apparmor tests

    * skip WALinuxAgent tests

    * fix python-pycurl test

    * verify redis license

commit 27b2a5ba92
Author: jslobodzian <joslobo@microsoft.com>
Date:   Tue Mar 2 18:01:48 2021 -0800

    Remove ntopng (#689)

    * Remove ntopng

    * Also remove ntopng map and cgman

commit 9ee0a38a19
Author: Henry Li <69694695+henryli001@users.noreply.github.com>
Date:   Tue Mar 2 13:47:55 2021 -0800

    Update shadow-utils and td-agent (#683)

    * update shadow-utils and td-agent

    * fix linting

    * update td-agent Requires

    * fix more comments

    Co-authored-by: Henry Li <lihl@microsoft.com>

commit 593a4beba4
Author: Andrew Phelps <anphel31@users.noreply.github.com>
Date:   Mon Mar 1 16:26:39 2021 -0800

    Fix tests for python-distro and python-requests (#677)

    * fix python-distro tests

    * fix python-requests

commit 5a9426aa21
Author: Thomas Crain <thcrain@microsoft.com>
Date:   Mon Mar 1 15:33:53 2021 -0600

    [Tools] Fix parsing of new lsblk JSON output format in diskutils (#653)

    * Change blockDeviceInfo.Size to be a json.Number

    * Add test to ensure json.Number is the correct choice for size parsing

commit 0f5072e286
Author: Andrew Phelps <anphel31@users.noreply.github.com>
Date:   Mon Mar 1 10:26:59 2021 -0800

    Update azure-iotedge to version 1.1.0 (#669)

    * update azure-iotedge and rust

    * update cgmanifest.json

    * update rust BR version

    * update libiothsm-std. use rust 1.47.0

    * fix cgmanifest

    * remove 1.50.0 specific changes

commit 44f672d00b
Author: nicolas guibourge <nicogbg@gmail.com>
Date:   Mon Mar 1 10:12:19 2021 -0800

    bind: fix CVE-2020-8625 (#675)

    Co-authored-by: Nicolas Guibourge <nicolasg@microsoft.com>

commit 6eee32f12a
Author: Thomas Crain <thcrain@microsoft.com>
Date:   Fri Feb 26 21:07:53 2021 -0600

    Update ARM64 ISO config with new EULA paths (#674)

commit 06c9109803
Author: nicolas guibourge <nicogbg@gmail.com>
Date:   Fri Feb 26 15:28:35 2021 -0800

    openldap: fix CVE-2021-27212 (#670)

    Co-authored-by: nicolasg@microsoft.com <nicolasg@microsoft.com>

commit 9dbfb02934
Author: Pawel Winogrodzki <pawelwi@microsoft.com>
Date:   Fri Feb 26 14:43:44 2021 -0800

    Fixing `ntopng` source URLs. (#673)

commit 8ff6d710da
Author: Thomas Crain <thcrain@microsoft.com>
Date:   Thu Feb 25 19:22:48 2021 -0600

    Add ability to change GUI installer EULA (#672)

commit c339e6fa6e
Author: Thomas Crain <thcrain@microsoft.com>
Date:   Thu Feb 25 14:25:12 2021 -0600

    Update signatures for espeakup and kernel,  (#671)

commit 415af2d663
Author: Pawel Winogrodzki <pawelwi@microsoft.com>
Date:   Thu Feb 25 12:00:06 2021 -0800

    Updating 'update_manifests.sh' script to remove the UI repo (#667)

    * Cleaning-up unnecessary Mariner UI repo.

    * Script clean-up following SpellCheck VSCode extension's suggestions.

    * Updating manifests after running the script.

commit cb6b3515ce
Author: Christopher Co <35273088+christopherco@users.noreply.github.com>
Date:   Wed Feb 24 19:31:33 2021 -0800

    linux-firmware: Add bnx2x and qed firmware, WHENCE, and license files (#646)

    Signed-off-by: Chris Co <chrco@microsoft.com>

commit fbb71e839e
Author: Andrew Phelps <anphel31@users.noreply.github.com>
Date:   Wed Feb 24 17:29:35 2021 -0800

    Support kernel dumps using 5.10 kernel (#662)

    * update crash and kexec-tools to support printk in 5.10 kernel

    * update patch files with original commits

    * fix cgmanifest crash version

    * cleanup

commit 83e8aaa89a
Author: Thomas Crain <thcrain@microsoft.com>
Date:   Wed Feb 24 18:51:15 2021 -0600

    Tweak installer to meet accessibility standards (#668)

commit fe618fb04d
Author: Thomas Crain <thcrain@microsoft.com>
Date:   Wed Feb 24 18:51:05 2021 -0600

    Add text-to-speech packages to iso initrd (#665)

commit 2bbcb44f81
Author: Thomas Crain <thcrain@microsoft.com>
Date:   Wed Feb 24 18:50:50 2021 -0600

    Add text-to-speech packages for accessibility (#664)

commit 3c4c5f30f2
Author: Thomas Crain <thcrain@microsoft.com>
Date:   Wed Feb 24 18:50:27 2021 -0600

    Add speakup support to kernel (#655)

commit 2f2c835a50
Author: Emre Girgin <50592283+mrgirgin@users.noreply.github.com>
Date:   Wed Feb 24 09:33:31 2021 -0800

    Fix CVE-2020-35498 in openvswitch (#656)

    * Fix CVE-2020-35498 in openvswitch

    * Apply linter changes

    Co-authored-by: Emre Girgin <mrgirgin@microsoft.com>

commit bdf678ddf6
Author: Christopher Co <35273088+christopherco@users.noreply.github.com>
Date:   Tue Feb 23 21:28:28 2021 -0800

    Disable CONFIG_GCC_PLUGIN_RANDSTRUCT and enable CONFIG_SCSI_SMARTPQI (#661)

    * Remove RANDSTRUCT and add SCSI_SMARTPQI configs

    There is an issue where CONFIG_GCC_PLUGIN_RANDSTRUCT causes our
    vmcore files to be unparseable. Disable config for now.

    Enable CONFIG_SCSI_SMARTPQI so Mariner works on platforms with
    the smartpqi storage.

    Signed-off-by: Chris Co <chrco@microsoft.com>

    * Bump kernel release number

    Signed-off-by: Chris Co <chrco@microsoft.com>

    * Add CONFIG_DEBUG_INFO_BTF not set

    New config option required to pass our config checker.

    Signed-off-by: Chris Co <chrco@microsoft.com>

commit c96079399a
Author: jslobodzian <joslobo@microsoft.com>
Date:   Tue Feb 23 18:55:06 2021 -0800

    Revert "Update kernel source to 5.10.13.1 (#601)" (#660)

    This reverts commit aae537bbbc.

commit 9c4b708fc9
Author: Andrew Phelps <anphel31@users.noreply.github.com>
Date:   Tue Feb 23 16:36:56 2021 -0800

    fix python-sqlalchemy test (#658)

commit 8e3f3aef60
Merge: d09656cd 82bba640
Author: Jon Slobodzian <joslobo@microsoft.com>
Date:   Mon Feb 22 19:40:02 2021 -0800

    Merge branch '1.0-dev' into 1.0 for February update

commit 82bba640f4
Author: Mateusz Malisz <maliszmat@outlook.com>
Date:   Mon Feb 22 18:54:30 2021 -0800

    Update default sudo config (#648)

commit 3acc856d5e
Merge: 3235794f 9b2534a1
Author: jslobodzian <joslobo@microsoft.com>
Date:   Mon Feb 22 17:43:27 2021 -0800

    Merge pull request #651 from microsoft/mariner-bot/update-release-version

    Update for February release

commit 9b2534a123
Author: Jon Slobodzian <joslobo@microsoft.com>
Date:   Mon Feb 22 17:37:09 2021 -0800

    Update for February release

commit 3235794f29
Author: Christopher Co <35273088+christopherco@users.noreply.github.com>
Date:   Mon Feb 22 11:46:40 2021 -0800

    quickstart: update git clone to use https (#644)

    Signed-off-by: Chris Co <chrco@microsoft.com>

commit 54e0fd9eaf
Author: Mateusz Malisz <maliszmat@outlook.com>
Date:   Mon Feb 22 10:01:21 2021 -0800

    Update manifests with missing packages (#647)

commit 977de376d3
Author: Mateusz Malisz <maliszmat@outlook.com>
Date:   Fri Feb 19 18:26:42 2021 -0800

    Add mariner extras repo (#243)

    * Add mariner extras repo
    * Add extras preview repo
    * Bump version in manifests

commit aae537bbbc
Author: Christopher Co <35273088+christopherco@users.noreply.github.com>
Date:   Fri Feb 19 17:48:41 2021 -0800

    Update kernel source to 5.10.13.1 (#601)

    Move to the new CBL-Mariner kernel source location and use the latest
    5.10.13.1 version.

    As part of the upgrade to 5.10.13.1, we can remove some out-of-tree
    patches since these patches have been merged into upstream.

    Additionally, we need to account for the new location of module.lds
    for aarch64 builds. The aarch64 module.lds is no longer checked in
    as part of the source tree. See this upstream commit for more details:
    https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=596b0474d3d9b1242eab713f84d8873f9887d980

    Turn off CONFIG_GCC_PLUGIN_RANDSTRUCT protection. This struct
    randomization is causing difficulty in parsing vmcore files.

    Enable upstream smartpqi driver by default

    Signed-off-by: Chris Co <chrco@microsoft.com>

commit 489118276a
Merge: c9692465 172958fe
Author: jslobodzian <joslobo@microsoft.com>
Date:   Thu Feb 18 21:15:50 2021 -0800

    Merge pull request #640 from microsoft/joslobo/add-pointer-to-demo

    Reference the CBL-MarinerDemo repository from Core Documentation

commit d09656cd53
Merge: 6dcbcb2a cf2c8ebf
Author: jslobodzian <joslobo@microsoft.com>
Date:   Thu Feb 18 09:03:30 2021 -0800

    Merge pull request #641 from microsoft/mamalisz/cve-pick

    Cherry-pick Fix CVE 2020-36242 (#634)

commit c96924659d
Author: Mateusz Malisz <maliszmat@outlook.com>
Date:   Thu Feb 18 08:38:17 2021 -0800

    Fix CVE 2020-36242 (#634)

    * Update python-cryptography to 3.3.2
    * Update python-cffi
    * Update cgmanifest
    * Remove old patch file

commit 172958feed
Merge: 58427f2f 9382f384
Author: Jon Slobodzian <joslobo@microsoft.com>
Date:   Thu Feb 18 08:11:39 2021 -0800

    Merge branch '1.0-dev' into joslobo/add-pointer-to-demo

commit 58427f2fbb
Author: Jon Slobodzian <joslobo@microsoft.com>
Date:   Thu Feb 18 07:59:06 2021 -0800

    Add pointer to CBL-MarinerDemo repo through documentation

commit 9382f3845f
Author: Nicolas Ontiveros <54044510+niontive@users.noreply.github.com>
Date:   Thu Feb 18 06:56:53 2021 -0800

    Add kernel crypto configs to enable tcrypt in FIPS mode (#635)

commit 52badcdd8b
Merge: 84c823f7 7a698063
Author: jslobodzian <joslobo@microsoft.com>
Date:   Wed Feb 17 18:26:27 2021 -0500

    Merge pull request #614 from microsoft/thcrain/glibc-cve-2021-3326

    Patch CVE-2021-3326 in glibc

commit 84c823f7c1
Author: Henry Beberman <henry.beberman@microsoft.com>
Date:   Tue Feb 16 14:42:40 2021 -0800

    Enable lz4 compression in systemd (#637)

    Enable lz4 compression in systemd so that journalctl can read lz4 compressed journals

commit 7bd75d547d
Author: arvindkandhare <arvind.kandhare@emc.com>
Date:   Tue Feb 16 14:35:55 2021 -0800

    Overlay based diff image creation cherry pick (#611)

    * Overlay based diff image creation prototype

    Here is a link to the spec https://microsoft-my.sharepoint.com/:w:/g/personal/arvindka_microsoft_com1/ESrYHTpWUPBOgdi7LjDsE14Bf1mHSLG702551XctkFX1mA?e=CyCc2j. This is for early feedback on the approach.
    It introduces a new element, BaseImage for each partition. Instead of creating a complete new partition image, a new diff layer is created using overlay file system. Overlay file system is a simple implementation of union file system. The changes files are completely copied in the upper level overlay. The implementation then copies the higher level files in a tgz.
    This tgz can be transferred to the ADU agent which first rehydrates the base image and then uses SWUpdate to do the A/B switch.

    Co-authored-by: Arvind Kandhare <arvindka@microsoft.com>

commit fad9eb35df
Author: rlmenge <rachelmenge@microsoft.com>
Date:   Tue Feb 16 15:11:15 2021 -0500

    Update mysql to version 8.0.23 for CVE-2020-15358 (#629)

    * Update version of mysql

commit 7a69806354
Merge: fa579fc8 f6bc5aa1
Author: Thomas Crain <thcrain@microsoft.com>
Date:   Fri Feb 12 14:52:41 2021 -0600

    Merge branch '1.0-dev' into thcrain/glibc-cve-2021-3326

commit fa579fc877
Author: Thomas Crain <thcrain@microsoft.com>
Date:   Thu Feb 11 21:57:59 2021 -0800

    Take patch backported to our version

commit cf2c8ebf91
Author: Mateusz Malisz <maliszmat@outlook.com>
Date:   Thu Feb 18 08:38:17 2021 -0800

    Fix CVE 2020-36242 (#634)

    * Update python-cryptography to 3.3.2
    * Update python-cffi
    * Update cgmanifest
    * Remove old patch file

commit f6bc5aa1f5
Author: rlmenge <rachelmenge@microsoft.com>
Date:   Thu Feb 11 12:16:55 2021 -0500

    Add patch for qemu CVE-2020-17380 (#618)

    * Add upstream patch for qemu CVE-2020-17390

commit 487f102232
Author: Nicolas Ontiveros <54044510+niontive@users.noreply.github.com>
Date:   Wed Feb 10 15:44:36 2021 -0800

    Move dracut FIPS config to /etc/dracut.conf.d/ (#625)

commit 16c8e8df23
Author: Pawel Winogrodzki <pawelwi@microsoft.com>
Date:   Wed Feb 10 12:56:45 2021 -0800

    Addressing a few issues highlighted by "SpellCheck". (#626)

commit 53b234a2fe
Author: nicolas guibourge <nicogbg@gmail.com>
Date:   Wed Feb 10 11:56:36 2021 -0800

    create etcd, coredns and flannel containers (#624)

    Co-authored-by: Nicolas Guibourge <nicolasg@microsoft.com>

commit d30a71095d
Author: Nicolas Ontiveros <54044510+niontive@users.noreply.github.com>
Date:   Wed Feb 10 08:01:07 2021 -0800

    Correctly format output for sha512hmac in kernel hmac calculation (#620)

commit cbc4a106d6
Author: Nicolas Ontiveros <54044510+niontive@users.noreply.github.com>
Date:   Tue Feb 9 17:39:39 2021 -0800

    Add FIPS-enabled core image (#609)

    * Add "fips-packages" json

    * Add core-fips image

    * Check if "dracut-fips" is included if "fips=1" is set

    * Add fips check for imageconfigvalidator test

commit 6eddfe439e
Author: Thomas Crain <thcrain@microsoft.com>
Date:   Tue Feb 9 18:42:24 2021 -0600

    Fix handling of double-percent in cgmanifest check (#616)

commit edebc07c3e
Author: Henry Beberman <henry.beberman@microsoft.com>
Date:   Tue Feb 9 16:41:11 2021 -0800

    Add several networking tools. Enable LLVM RTTI. (#608)

    Enable RTTI in LLVM and clang for bpftrace

    Add bpftrace spec
    Add libmaxminddb spec
    Add ntopng spec
    Add vnstat spec
    Add libconfuse spec
    Add bmon spec
    Update pigz to 2.6 and change source to GitHub

commit 1f4d6064d2
Author: Nicolas Ontiveros <54044510+niontive@users.noreply.github.com>
Date:   Tue Feb 9 14:19:21 2021 -0800

    Add Libacvp Package (#607)

commit aeecf8701e
Author: Nicolas Ontiveros <54044510+niontive@users.noreply.github.com>
Date:   Tue Feb 9 14:00:03 2021 -0800

    Add sha512hmac-openssl to kernel-hyperv source (#617)

commit cdeaf32fa3
Author: Nicolas Ontiveros <54044510+niontive@users.noreply.github.com>
Date:   Tue Feb 9 13:43:57 2021 -0800

    Use OpenSSL to hmac calc the kernel (#615)

commit 2e9604aaeb
Author: Thomas Crain <thcrain@microsoft.com>
Date:   Tue Feb 9 12:44:40 2021 -0800

    Update release number

commit eeddecd005
Author: Thomas Crain <thcrain@microsoft.com>
Date:   Tue Feb 9 11:15:29 2021 -0800

    Patch CVE-2021-3326 in glibc

commit 124daab644
Author: Pawel Winogrodzki <pawelwi@microsoft.com>
Date:   Tue Feb 9 00:45:26 2021 -0800

    Removing the deprecated "Microsoft IT TLS CA 2" CA. (#188)

commit 6dcbcb2aaf
Merge: 2a3b8a5e 9c97e034
Author: jslobodzian <joslobo@microsoft.com>
Date:   Mon Feb 8 16:23:16 2021 -0800

    Merge pull request #606 from microsoft/mamalisz/pull-cves-to-10

    Automated Mariner Release - cherry-pick openldap and dnsmasq CVE fixes.

commit 3f40946afe
Author: Christopher Co <christopher.co@microsoft.com>
Date:   Sat Feb 6 18:07:08 2021 -0800

    golang: update latest changelog entry (#602)

commit 9c97e03433
Author: Henry Li <69694695+henryli001@users.noreply.github.com>
Date:   Fri Jan 29 14:40:52 2021 -0800

    Merge pull request #578 from microsoft/lihl/openldap-CVE

    resolve openldap CVEs

    (cherry picked from commit fbcaccde39)

commit 5ad155a4d4
Author: Henry Li <69694695+henryli001@users.noreply.github.com>
Date:   Thu Jan 28 16:39:15 2021 -0800

    Merge pull request #575 from microsoft/lihl/dnsmasq-CVE

    Resolve dnsmasq  CVE-2020-25683, CVE-2020-25686, CVE-2020-25687

    (cherry picked from commit c981b656ac)

commit 8e2cee37a7
Author: Nicolas Ontiveros <54044510+niontive@users.noreply.github.com>
Date:   Fri Feb 5 14:45:56 2021 -0800

    Add CONFIG_CRYPTO_STATS line in kernel configs (#599)

    * Add CONFIG_CRYPTO_STATS line in kernel configs

    * update kernel signatures.json

commit 3207645de2
Author: Nicolas Ontiveros <54044510+niontive@users.noreply.github.com>
Date:   Fri Feb 5 14:33:31 2021 -0800

    Use OpenSSL to perform hmac in libkcapi (#598)

commit 3f2b61ebcc
Author: Andrew Phelps <anphel31@users.noreply.github.com>
Date:   Fri Feb 5 13:35:16 2021 -0800

    update golang version to 1.15.7 (#595)

commit 13383d3997
Author: Nicolas Ontiveros <54044510+niontive@users.noreply.github.com>
Date:   Thu Feb 4 07:06:19 2021 -0800

    Add FIPS patches for OpenSSL (#593)

    * Apply openssl fips patches from CentOS8

    * Calculate and add hmac files for openssl

    * Fix patching ec_curve

    * Update pkggen and toolchain txt files

    * Address openssl spec linting

commit fbe4c52146
Author: Nicolas Ontiveros <54044510+niontive@users.noreply.github.com>
Date:   Thu Feb 4 07:04:22 2021 -0800

    Add package "dracut-fips" (#592)

    * Add dracut-fips package

    * Disable tcrypt check in dracut-fips

    * Format and apply disable-tcrypt patch

    * Minor cleanup

    * Fix patch issue

    * Address spec linting

    * Add dracut-fips to initramfs pkg watch list

    * Fix date in initramfs changelog

commit fd1089c861
Author: Nicolas Ontiveros <54044510+niontive@users.noreply.github.com>
Date:   Thu Feb 4 06:58:13 2021 -0800

    Add support for kernel crypto API in user space (#576)

    * Add kernel configs for userspace crypto support

    * First version of libkcapi

    * Add libkcapi to license map

    * Use hmac calc for kernel fips compliance

    * Update kernel-headers

    * Update kernel-signed* spec files

    * Address linting

    * Update cgmanifest

    * Address comments on libkcapi.spec

    * Address spec linting

    * Update kernel signatures.json

    * Update toolchain/pkggen txt files

    * Rename perl-interpreter to perl

    * Disable libkcapi tests for now

commit 6322b0f482
Merge: c244f0e2 d5e14bcd
Author: Henry Li <69694695+henryli001@users.noreply.github.com>
Date:   Wed Feb 3 14:58:55 2021 -0800

    Merge pull request #590 from microsoft/lihl/td-agent-fix

    Fix td-agent installation

commit c244f0e23d
Merge: ff02635e fdb00adf
Author: Jonathan Chiu <jochi@microsoft.com>
Date:   Wed Feb 3 14:53:40 2021 -0800

    Merge pull request #583 from microsoft/jochi/add-libconfini

    Add libconfini package

commit fdb00adf12
Merge: cdf97d22 ff02635e
Author: Jonathan Chiu <jochi@microsoft.com>
Date:   Wed Feb 3 14:50:33 2021 -0800

    Merge branch '1.0-dev' into jochi/add-libconfini

commit ff02635e90
Author: Henry Beberman <henry.beberman@microsoft.com>
Date:   Wed Feb 3 11:34:35 2021 -0800

    Add conntrack-tools, nmap, pigz, blobfuse (#591)

    * Add pigz spec
    * Add blobfuse spec
    * Import conntrack-tools spec
    * Add ncat spec

commit d0896d4a40
Author: Christopher Co <christopher.co@microsoft.com>
Date:   Wed Feb 3 10:43:00 2021 -0800

    kernel: enable REED_SOLOMON_DEC8 (#587)

    CONFIG_REED_SOLOMON_DEC8 is required for CONFIG_DM_VERITY_FEC. Enable this config. This fixes an arm64 kernel package build error.

commit 2a3b8a5e9f
Merge: f35eb610 fd45cb83
Author: jslobodzian <joslobo@microsoft.com>
Date:   Tue Feb 2 20:09:51 2021 -0800

    Merge pull request #588 from MateuszMalisz/mamalisz/pic-python-cve

    Pick Python and CVE fixes to 1.0

commit d5e14bcd7a
Author: Henry Li <lihl@microsoft.com>
Date:   Tue Feb 2 18:28:45 2021 -0800

    fix td-agent installation

commit fd45cb83e4
Author: Nick Samson <nick.samson@microsoft.com>
Date:   Fri Jan 29 13:49:01 2021 -0800

    Applied spec linter diff again

commit bb033d5d56
Author: Nick Samson <nick.samson@microsoft.com>
Date:   Fri Jan 29 13:44:39 2021 -0800

    Applied spec linter diff for python3

commit 29daba1102
Author: Nick Samson <nick.samson@microsoft.com>
Date:   Fri Jan 29 13:37:01 2021 -0800

    Fixes CVE-2021-3177 in Python 3

commit f35eb610c5
Merge: 35988b45 1e813b86
Author: jslobodzian <joslobo@microsoft.com>
Date:   Tue Feb 2 14:10:45 2021 -0800

    Merge pull request #584 from MateuszMalisz/mamalisz/automation

    Add automated build trigger for release PR

commit 1e813b86c8
Author: Mateusz Malisz <maliszmat@outlook.com>
Date:   Tue Feb 2 13:52:09 2021 -0800

    Add title filter

commit e97bc19712
Author: Pawel Winogrodzki <pawelwi@microsoft.com>
Date:   Tue Feb 2 11:57:13 2021 -0800

    Fixing changelog entries and license mapping. (#586)

commit 2ec6d13dcb
Author: Mateusz Malisz <maliszmat@outlook.com>
Date:   Mon Jan 25 05:56:14 2021 -0800

    Add automated build trigger for release PR

commit cdf97d2244
Merge: 3295208f 39c6d991
Author: Jonathan Chiu <jochi@microsoft.com>
Date:   Mon Feb 1 14:57:22 2021 -0800

    Merge branch '1.0-dev' into jochi/add-libconfini

commit 39c6d9917b
Merge: e5dc1d5f 346c8e8a
Author: Daniel McIlvaney <damcilva@microsoft.com>
Date:   Mon Feb 1 12:59:38 2021 -0800

    Merge pull request #549 from microsoft/damcilva/verity_staging/final

    [Staging -> 1.0-dev verity read-only root] Support dm-verity read-only roots for Mariner images and ISOs

commit 3295208f74
Author: Jonathan Chiu <jochi@microsoft.com>
Date:   Mon Feb 1 11:19:55 2021 -0800

    Apply linted spec changes

commit 722a1b209d
Author: Jonathan Chiu <jochi@microsoft.com>
Date:   Mon Feb 1 11:09:50 2021 -0800

    Fix source URL in spec file

commit e5dc1d5f45
Author: nicolas guibourge <nicogbg@gmail.com>
Date:   Mon Feb 1 09:44:01 2021 -0800

    Update etcd versions and add coredns and flannel (#569)

    * add coredns and flannel, move etcd to 3.4.3 and 3.4.13

    * fix etcd build changes

    * update cgmanifest

    * address PR comments

    Co-authored-by: Nicolas Guibourge <nicolasg@microsoft.com>

commit 5ab648bdf3
Merge: fbcaccde 8d40163d
Author: Nick Samson <nick.samson@microsoft.com>
Date:   Fri Jan 29 18:01:40 2021 -0800

    Merge pull request #579 from microsoft/nisamson/CVE-2021-3177

    Fixes CVE-2021-3177 in Python 3

commit 346c8e8a99
Author: Daniel McIlvaney <damcilva@microsoft.com>
Date:   Fri Jan 29 16:34:08 2021 -0800

    Avoid running parted when there is no flag to set

commit f2ecbf3a95
Author: Jonathan Chiu <jochi@microsoft.com>
Date:   Fri Jan 29 15:22:39 2021 -0800

    Update cgmanifest.json

commit 267db2a7c7
Author: Daniel McIlvaney <damcilva@microsoft.com>
Date:   Fri Jan 29 12:02:02 2021 -0800

    Support optional KernelOptions for rootfs

    While the ISO initrd image does have a kernel, most rootfs images will
    not have one. We need to support both flows.

    Make KernelOptions an optional key for rootfs images, and only include
    the kernel if it is set.

commit fbcaccde39
Merge: c981b656 e46d8323
Author: Henry Li <69694695+henryli001@users.noreply.github.com>
Date:   Fri Jan 29 14:40:52 2021 -0800

    Merge pull request #578 from microsoft/lihl/openldap-CVE

    resolve openldap CVEs

commit d0f75c6bf0
Author: Jonathan Chiu <jochi@microsoft.com>
Date:   Fri Jan 29 14:22:52 2021 -0800

    Add libconfini

commit 8d40163d39
Author: Nick Samson <nick.samson@microsoft.com>
Date:   Fri Jan 29 13:49:01 2021 -0800

    Applied spec linter diff again

commit 890f135c48
Author: Nick Samson <nick.samson@microsoft.com>
Date:   Fri Jan 29 13:44:39 2021 -0800

    Applied spec linter diff for python3

commit 3a5843f784
Author: Nick Samson <nick.samson@microsoft.com>
Date:   Fri Jan 29 13:37:01 2021 -0800

    Fixes CVE-2021-3177 in Python 3

commit e46d832351
Author: Henry Li <lihl@microsoft.com>
Date:   Fri Jan 29 12:07:16 2021 -0800

    resolve openldap CVEs

commit c981b656ac
Merge: db0cbb08 aadd50e4
Author: Henry Li <69694695+henryli001@users.noreply.github.com>
Date:   Thu Jan 28 16:39:15 2021 -0800

    Merge pull request #575 from microsoft/lihl/dnsmasq-CVE

    Resolve dnsmasq  CVE-2020-25683, CVE-2020-25686, CVE-2020-25687

commit 2f181f07f7
Author: Daniel McIlvaney <damcilva@microsoft.com>
Date:   Thu Jan 14 13:24:00 2021 -0800

    Read-only root configuraiton documentation

    Co-authored-by: Christopher Co <christopher.co@microsoft.com>

commit 10e689477c
Author: Daniel McIlvaney <damcilva@microsoft.com>
Date:   Thu Jan 28 12:55:30 2021 -0800

    Update sigs to use pipeline version of sources

commit 32a16b9874
Author: Daniel McIlvaney <damcilva@microsoft.com>
Date:   Mon Dec 21 13:42:10 2020 -0800

    Add verity-read-only-root package to LICENSES-MAP

commit e7d0c185f4
Author: Daniel McIlvaney <damcilva@microsoft.com>
Date:   Thu Dec 17 15:13:32 2020 -0800

    Attended installer supports new read-only root flows

commit c7842a2c93
Author: Daniel McIlvaney <damcilva@microsoft.com>
Date:   Wed Dec 16 13:51:30 2020 -0800

    Add support for read-only-roots to Imager tool

commit 3af5393828
Author: Daniel McIlvaney <damcilva@microsoft.com>
Date:   Wed Dec 16 13:47:21 2020 -0800

    Add read-only-root config for images

commit 7d582bd35d
Author: Daniel McIlvaney <damcilva@microsoft.com>
Date:   Wed Dec 16 13:44:40 2020 -0800

    Add verity-read-only-root package

commit bfc0734660
Author: Daniel McIlvaney <damcilva@microsoft.com>
Date:   Wed Dec 16 13:43:57 2020 -0800

    Make TdnfInstall a public function

commit 7d6f881bd1
Author: Daniel McIlvaney <damcilva@microsoft.com>
Date:   Wed Dec 16 13:32:15 2020 -0800

    Add initramfs library to write new initramfs files

commit 503b632146
Author: Daniel McIlvaney <damcilva@microsoft.com>
Date:   Wed Dec 16 13:30:33 2020 -0800

    Make mount/unmount of disks more reliable

commit 4445ad777a
Author: Daniel McIlvaney <damcilva@microsoft.com>
Date:   Wed Dec 16 13:26:20 2020 -0800

    Support validating packages during config check

commit 9e1fcf408e
Author: Daniel McIlvaney <damcilva@microsoft.com>
Date:   Wed Dec 16 13:20:00 2020 -0800

    Make device mapper roots more flexible & reliable

commit 85fb2102bd
Author: Daniel McIlvaney <damcilva@microsoft.com>
Date:   Wed Dec 16 12:58:47 2020 -0800

    Support seperate /boot partition with UEFI boot

commit aadd50e48a
Author: Henry Li <lihl@microsoft.com>
Date:   Thu Jan 28 12:49:29 2021 -0800

    update changelog

commit a3b634e5dc
Author: Henry Li <lihl@microsoft.com>
Date:   Thu Jan 28 12:41:09 2021 -0800

    Resolve dnsmasq CVEs

commit 366c485451
Author: Daniel McIlvaney <damcilva@microsoft.com>
Date:   Wed Dec 16 12:50:23 2020 -0800

    Redo RandomString() in common randomization package

    Upgrade the function to handle multibyte runes correctly
    Add test cases

commit db0cbb0873
Author: Andrew Phelps <anphel31@users.noreply.github.com>
Date:   Wed Jan 27 15:08:40 2021 -0800

    Fix check tests: acl, mercurial, nss, perl-IO-Socket-SSL (#574)

    * fix mercurial tests

    * fix nss tests

    * fix manifests

    * fix acl tests

    * fix perl-IO-Socket-SSL tests

commit 35988b45d9
Author: Mateusz Malisz <maliszmat@outlook.com>
Date:   Wed Jan 27 08:38:46 2021 -0800

    Fix sudo CVE-2021-3156 and sudoer config. (#573)

    * Fix CVE-2021-3156. Modify prompt.

    * Update cgmanifest

commit 151b705aac
Author: Mateusz Malisz <maliszmat@outlook.com>
Date:   Wed Jan 27 08:38:46 2021 -0800

    Fix sudo CVE-2021-3156 and sudoer config. (#573)

    * Fix CVE-2021-3156. Modify prompt.

    * Update cgmanifest

commit b1d2a88323
Author: Andrew Phelps <anphel31@users.noreply.github.com>
Date:   Tue Jan 26 13:29:26 2021 -0800

    fix gnutls tests (#570)

commit 5bb14b2bb8
Author: Henry Beberman <henry.beberman@microsoft.com>
Date:   Mon Jan 25 18:00:01 2021 -0800

    WALinuxAgent change log directory (#568)

    Make log directly to /var/log/waagent.log instead of a symlink to /opt/waagent/log/waagent.log

commit cfaf5daac6
Merge: 074f1811 20f6d243
Author: Jon Slobodzian <joslobo@microsoft.com>
Date:   Sun Jan 24 17:26:59 2021 -0800

    Merge branch '1.0-dev' into 1.0

commit 20f6d243ae
Author: jslobodzian <joslobo@microsoft.com>
Date:   Sun Jan 24 17:26:18 2021 -0800

    Update Mariner-Release Version (#566)

commit 074f181193
Merge: 91420480 b32a70d6
Author: Jon Slobodzian <joslobo@microsoft.com>
Date:   Sun Jan 24 17:00:55 2021 -0800

    Merge from 1.0-dev for January update

commit b32a70d67c
Author: Christopher Co <christopher.co@microsoft.com>
Date:   Sat Jan 23 17:04:37 2021 -0800

    Update kernel sources to 5.4.91 (#563)

    * kernel: update to 5.4.91

    * kernel: Add nopatch files

    * kernel: Remove hyperv GUI patch

    * kernel: update config file and hashes

    * kernel-hyperv: Update config file and hash

    * kernel: Remove framebuffer patch file

    * kernel: Remove PGTABLE_MAPPING

    CONFIG_PGTABLE_MAPPING not supported in new 5.4.91 kernel

commit 2f1ad05c3f
Author: Pawel Winogrodzki <pawelwi@microsoft.com>
Date:   Fri Jan 22 16:30:23 2021 -0800

    Extending `mariner-repos`. (#565)

commit 361de0b070
Author: Andrew Phelps <anphel31@users.noreply.github.com>
Date:   Fri Jan 22 15:07:52 2021 -0800

    Fix check tests for coreutils and bc (#564)

    * fix bc test

    * fix coreutils test

    * fix manifests

    * change bc URL

    * fix typo

commit 402ee03ea6
Author: Mateusz Malisz <maliszmat@outlook.com>
Date:   Fri Jan 22 00:49:59 2021 -0800

    Add minimal distroless image configuration (#492)

    * Add distroless minimal image configuration

commit 0b2fe52e72
Author: nicolas guibourge <nicogbg@gmail.com>
Date:   Thu Jan 21 15:24:43 2021 -0800

    kubernetes: move to 1.19.6, 1.18.14 and 1.17.16 (#559)

    * kubernetes: move to versions 1.17.16, 1.18.14 and 1.19.6

    * update cgmanifest and download tarball/URL

    * update signatures and remove unused .nopatch files

    Co-authored-by: nicolasg@microsoft.com <nicolasg@microsoft.com>

commit 7b7b73920e
Merge: 75ff8cd5 50e7a8e5
Author: jslobodzian <joslobo@microsoft.com>
Date:   Thu Jan 21 08:42:39 2021 -0800

    Merge pull request #562 from microsoft/jslobodzian/fix-quick-start-directions

    Add missing VHDX instrution and fix layout issue

commit 50e7a8e51a
Author: jslobodzian <joslobo@microsoft.com>
Date:   Wed Jan 20 18:32:07 2021 -0800

    Add missing VHDX instrution and fix layout issue

    Minor updates to the VHDX instructions.

commit 75ff8cd54d
Author: Henry Beberman <henry.beberman@microsoft.com>
Date:   Wed Jan 20 16:43:49 2021 -0800

    Patch python-cryptography CVE-2020-25659 (#560)

    Backport CVE-2020-25659 patch to python-cryptography 2.3.1

commit 7b1025cfd1
Author: Andrew Phelps <anphel31@users.noreply.github.com>
Date:   Wed Jan 20 14:15:05 2021 -0800

    Fix tests for swig, remove unreliable memtest from python-pycurl (#561)

    * fix swig tests

    * remove unreliable memory test from python-pycurl

    * fix manifests

commit e18c204c8f
Merge: a970743b 959fbacb
Author: Henry Li <69694695+henryli001@users.noreply.github.com>
Date:   Wed Jan 20 10:02:16 2021 -0800

    Merge pull request #555 from microsoft/lihl/removesourcefile

    Remove RubyGem Source File

commit a970743b24
Author: Mateusz Malisz <maliszmat@outlook.com>
Date:   Wed Jan 20 09:59:50 2021 -0800

    Update sudo package to 1.9.5p1 (#552)

    * Update sudo package to 1.9.5p1

commit 0a19ca3e9e
Author: nicolas guibourge <nicogbg@gmail.com>
Date:   Tue Jan 19 16:26:00 2021 -0800

    kubernetes: apply hotfixes for 1.19.3, 1.18.10 and 1.17.13 and fix container script (#556)

    * kubernetes: apply hotfixes for 1.19.3, 1.18.10 and 1.17.13

    * fix cgmanifest

    * fix cgmanifest

    * fix issue fix k8s container script when used in ADO pipeline

    * make cpio command less verbose

    Co-authored-by: Nicolas Guibourge <nicolasg@microsoft.com>

commit af922e4f33
Author: Daniel McIlvaney <damcilva@microsoft.com>
Date:   Tue Jan 19 14:19:57 2021 -0800

    Patch e2fsprogs CVE-2019-5094, CVE-2019-5188 (#535)

    Patch e2fsprogs CVE-2019-5094, CVE-2019-5188

    Co-authored-by: Henry Beberman <henry.beberman@microsoft.com>

commit 29e3d3d637
Author: Pawel Winogrodzki <pawelwi@microsoft.com>
Date:   Tue Jan 19 14:12:06 2021 -0800

    Moving "Provides: pkgconfig(*)" for "libpng" to correct subpackage. (#554)

commit 959fbacbe2
Author: Henry Li <lihl@microsoft.com>
Date:   Tue Jan 19 13:07:26 2021 -0800

    remove source tarball

commit 22c2ecfca4
Merge: d57a9a77 19982759
Author: Henry Li <69694695+henryli001@users.noreply.github.com>
Date:   Tue Jan 19 10:35:41 2021 -0800

    Merge pull request #523 from microsoft/joslobo/td-agent-fix

    Add td-agent to Mariner Core

commit d57a9a7783
Author: Emre Girgin <50592283+mrgirgin@users.noreply.github.com>
Date:   Tue Jan 19 10:23:45 2021 -0800

    Fix CVE-2020-35493, CVE-2020-35494, CVE-2020-35495, CVE-2020-35496, CVE-2020-35507 in binutils. (#529)

    * Update toolchain files

    * Add patch files/edit SPEC

    * Run spec linter

    * Minor fixes to pack srpm

    * Replace patches

    * Tweak patches to apply cleanly

commit 263d47d2a5
Merge: 1ca2394c f030011c
Author: jslobodzian <joslobo@microsoft.com>
Date:   Tue Jan 19 09:57:25 2021 -0800

    Merge pull request #553 from microsoft/jslobodzian/add-missing-prereqs

    Update prerequisites.md

commit f030011c38
Author: jslobodzian <joslobo@microsoft.com>
Date:   Tue Jan 19 09:14:11 2021 -0800

    Update prerequisites.md

    During independent build testing, it was found that three additional prerequisites were necessary to build the toolchain from scratch.  This change corrects the documentation to add the missing prereqs.

commit 1ca2394cc5
Author: nicolas guibourge <nicogbg@gmail.com>
Date:   Mon Jan 18 10:10:54 2021 -0800

    kubernetes: build RPM for containers and build containers (#545)

    * kubernetes: build RPM for containers

    * add script to create docker container for kubernetes

    * address PR comment

    Co-authored-by: Nicolas Guibourge <nicolasg@microsoft.com>

commit e9e70d7676
Author: Andrew Phelps <anphel31@users.noreply.github.com>
Date:   Sat Jan 16 13:51:59 2021 -0800

    Fix tests: cloud-init and python-pycurl (#551)

    * fix cloud-init tests

    * fix python-pycurl

commit 43dba0e6ce
Author: Pawel Winogrodzki <pawelwi@microsoft.com>
Date:   Fri Jan 15 18:17:33 2021 -0800

    Updating `meson` to version 0.56.0. (#548)

commit c9be8e95c1
Author: Andrew Phelps <anphel31@users.noreply.github.com>
Date:   Fri Jan 15 17:57:05 2021 -0800

    Fix tests: chrony and ModemManager (#550)

    * fix chrony tests

    * fix ModemManager test

commit 19982759c5
Author: Henry Li <lihl@microsoft.com>
Date:   Fri Jan 15 16:08:35 2021 -0800

    update LICENSE-MAP

commit 8525636ece
Author: Andrew Phelps <anphel31@users.noreply.github.com>
Date:   Fri Jan 15 15:35:14 2021 -0800

    fix mariadb tests (#544)

commit 7cce476afe
Author: Pawel Winogrodzki <pawelwi@microsoft.com>
Date:   Fri Jan 15 14:10:30 2021 -0800

    Fixing `Requires` cycles resolution across specs. #547

commit 314c8d8dc4
Author: Henry Li <lihl@microsoft.com>
Date:   Fri Jan 15 13:26:01 2021 -0800

    resolve comments

commit ca91239d67
Merge: c2d10990 d8b1a269
Author: Henry Li <69694695+henryli001@users.noreply.github.com>
Date:   Fri Jan 15 10:21:43 2021 -0800

    Merge pull request #540 from microsoft/lihl/qemu-fix

    Update qmu-kvm CVE-2020-15469 to resolve QEMU bug

commit c2d10990da
Author: Nicolas Ontiveros <54044510+niontive@users.noreply.github.com>
Date:   Fri Jan 15 06:45:33 2021 -0800

    Fix openssl and python-ecdsa tests (#542)

    * Fix openssl ecdsa and ssl_new tests

    * Disable nist192 tests in python-ecdsa

    * Update pkggen/toolchain txt files

    * Address SPEC linting for python-ecdsa

commit 1758eea20f
Author: Andrew Phelps <anphel31@users.noreply.github.com>
Date:   Thu Jan 14 22:36:16 2021 -0800

    Fix ruby tests and disable asciidoc and ipv6calc tests (#541)

    * fix ruby tests

    * skip asciidoc and ipv6calc tests

commit 188ea3e565
Author: Henry Li <lihl@microsoft.com>
Date:   Thu Jan 14 15:48:01 2021 -0800

    update licensing

commit d8b1a26935
Author: Henry Li <lihl@microsoft.com>
Date:   Thu Jan 14 14:09:37 2021 -0800

    update spec file

commit abaabf2282
Author: Henry Li <lihl@microsoft.com>
Date:   Wed Jan 13 16:32:01 2021 -0800

    fix licensing issue

commit 655e53b59a
Author: rlmenge <rachelmenge@microsoft.com>
Date:   Wed Jan 13 12:15:59 2021 -0500

    Add i.MX8mq-evk board support (#472)

    * Add i.MX8mq-evk board support

    Modify the kernel configs to include the needed drivers as well as voltage regulators.
    Add the dtb to the kernel spec as a subpackage by arch type
    Update the kernel files to match spec version number

commit 5af1624024
Author: Henry Li <lihl@microsoft.com>
Date:   Tue Jan 12 18:52:45 2021 -0800

    fix more comments

commit d1309e5a21
Author: Andrew Phelps <anphel31@users.noreply.github.com>
Date:   Tue Jan 12 12:04:01 2021 -0800

    Add kernel patch to fix GUI installer crash due to mmap issue (#526)

    * add kernel patch to fix gui installer crash

    * update kernel-hyperv release

    * revert hyperv-daemons and kernel-hyperv releasenum per feedback

commit 58ccba880f
Merge: d80a610d 616774c5
Author: Pawel Winogrodzki <pawelwi@microsoft.com>
Date:   Tue Jan 12 11:23:29 2021 -0800

    Adding `ca-certificates` and `prebuilt-ca-certificates-base` to entangled specs (#534)

    * Matching cert packages version and release.

    * Updating entangled specs check.

commit 616774c59a
Author: Pawel <pawelwi@microsoft.com>
Date:   Tue Jan 12 11:21:50 2021 -0800

    Addressing linter's suggestions.

commit 0f1a9ca9ae
Author: Henry Li <lihl@microsoft.com>
Date:   Tue Jan 12 11:12:22 2021 -0800

    fix comments

commit d2197ac791
Author: Pawel <pawelwi@microsoft.com>
Date:   Tue Jan 12 10:29:37 2021 -0800

    Updating entangled specs check.

commit 818912622e
Author: Pawel <pawelwi@microsoft.com>
Date:   Tue Jan 12 10:21:48 2021 -0800

    Matching cert packages version and release.

commit 1e41d01b1e
Author: Henry Li <lihl@microsoft.com>
Date:   Mon Jan 11 19:03:52 2021 -0800

    update patch changes

commit d80a610d9c
Author: Nicolas Ontiveros <54044510+niontive@users.noreply.github.com>
Date:   Mon Jan 11 14:01:39 2021 -0800

    Remove IDEA and EC2M source code/support from OpenSSL (#524)

    * Remove support for EC2M in OpenSSL

    * Remove IDEA source code from OpenSSL

    * Use hobbled tarball for openssl

    * Update pkggen and toolchain txt files

    * Add "hobbled" tarball to OpenSSL changelog

    * Add hobbled tarball code comment from Fedora

    * Address spec linting

commit a6cdc0240a
Author: Thomas Crain <thcrain@microsoft.com>
Date:   Mon Jan 11 15:08:04 2021 -0600

    Add workflow to check entangled specs (#528)

commit 2819dce8ea
Author: Andrew Phelps <anphel31@users.noreply.github.com>
Date:   Sun Jan 10 02:34:17 2021 -0800

    Fix gettest test and correct typo to disable strongswan test (#525)

    * fix gettext test

    * disable strongswan test

    * fix manifests

commit fbea513789
Author: Henry Li <lihl@microsoft.com>
Date:   Fri Jan 8 16:28:04 2021 -0800

    fix error caused by applying linting diff

commit 39490f9843
Author: Henry Li <lihl@microsoft.com>
Date:   Fri Jan 8 15:34:02 2021 -0800

    fix linting and manifest

commit c786d4646c
Author: Henry Li <lihl@microsoft.com>
Date:   Fri Jan 8 12:32:16 2021 -0800

    update td-agent changelog

commit 4825fa3e47
Author: Henry Li <lihl@microsoft.com>
Date:   Fri Jan 8 12:26:00 2021 -0800

    refactor td-agent implementation

commit eaf285b7d2
Author: nicolas guibourge <nicogbg@gmail.com>
Date:   Fri Jan 8 10:04:10 2021 -0800

    glibc: patch CVE-2019-25013 (#522)

    Co-authored-by: nicolasg@microsoft.com <nicolasg@microsoft.com>

commit f243094bba
Author: Andrew Phelps <anphel31@users.noreply.github.com>
Date:   Thu Jan 7 17:59:05 2021 -0800

    Fix libunistring test and skip strongswan (#521)

    * fix libunistring testcase

    * skip strongswan

    * verified license

commit dde135df99
Author: Nicolas Ontiveros <54044510+niontive@users.noreply.github.com>
Date:   Thu Jan 7 14:53:02 2021 -0800

    No patch kernel CVE-2020-27777 (#499)

    * No patch kernel CVE-2020-27777

    * Add upstream/stable commit info for CVE-2020-27777.nopatch

    Co-authored-by: Thomas Crain <thcrain@microsoft.com>

commit aea23c9d6e
Author: nicolas guibourge <nicogbg@gmail.com>
Date:   Thu Jan 7 02:17:09 2021 -0800

    Kubernetes: nopatch CVE-2020-8563, fix tests issue when built against golang 1.15 (k8s 1.17 and 1.18) (#516)

    * kubernetes: fix test issue with golang 1.15

    * kubernetes: CVE-2020-8563 - nopatch

    Co-authored-by: nicolasg@microsoft.com <nicolasg@microsoft.com>

commit 2ef1f76799
Author: Andrew Phelps <anphel31@users.noreply.github.com>
Date:   Wed Jan 6 16:47:11 2021 -0800

    fix strace tests (#518)

commit a0d8662055
Author: Thomas Crain <thcrain@microsoft.com>
Date:   Wed Jan 6 13:20:40 2021 -0600

    rust: Fix package test (#514)

commit e14ddf5557
Author: Andrew Phelps <anphel31@users.noreply.github.com>
Date:   Wed Jan 6 10:02:48 2021 -0800

    Fix test for python-attrs, libmodulemd, skip dracut tests (#515)

    * fix libmodulemd test reliability

    * fix python-attrs test

    * skip dracut test

commit df35b0997d
Author: Thomas Crain <thcrain@microsoft.com>
Date:   Tue Jan 5 19:35:22 2021 -0600

    python-bcrypt, python-pynacl: Fix package tests (#513)

commit 0dca020d64
Author: Thomas Crain <thcrain@microsoft.com>
Date:   Tue Jan 5 18:14:57 2021 -0600

    librepo: enable package tests (#512)

commit 0038cd4924
Author: Thomas Crain <thcrain@microsoft.com>
Date:   Tue Jan 5 17:40:35 2021 -0600

    libisoburn: fix package test (#511)

commit 8f82f9ef7c
Author: Andrew Phelps <anphel31@users.noreply.github.com>
Date:   Tue Jan 5 14:32:51 2021 -0800

    Fix tests for grep, gawk, mozjs60, skip jna test (#509)

    * fix grep test

    * fix mozjs60 test

    * fix gawk test

    * skip jna

    * fix manifests

commit c37b887e3c
Author: Thomas Crain <thcrain@microsoft.com>
Date:   Tue Jan 5 16:11:32 2021 -0600

    openssh: add BRs for check section, patch broken tests (#507)

commit 00bf30b30c
Author: nicolas guibourge <nicogbg@gmail.com>
Date:   Tue Jan 5 20:12:50 2021 +0100

    No patch CVE-2020-8564, CVE-2020-8565, CVE-2020-8566 (#505)

    Co-authored-by: nicolasg@microsoft.com <nicolasg@microsoft.com>

commit 20646032b8
Author: Christopher Co <christopher.co@microsoft.com>
Date:   Mon Jan 4 13:47:38 2021 -0800

    diskutils: Include virtual disk devices in search (#427)

    Virtual disk devices do not show up in ISO installer when searching for
    system block devices, causing the installer to fail immediately with
    "unexpected end of JSON input". This is because virtual disk devices
    typically have major device numbers of 252,253,254 and the installer's
    lsblk does not filter for these device numbers.

    Fix is to add these major device numbers to the lsblk filter so the installer
    can enumerate them during startup.

commit facdb2d2dd
Merge: 99a5dcfc df38104c
Author: Henry Li <lihl@microsoft.com>
Date:   Thu Dec 31 17:20:09 2020 -0800

    Merge branch '1.0-dev' into joslobo/td-agent-fix

commit df38104c98
Author: Thomas Crain <thcrain@microsoft.com>
Date:   Thu Dec 31 15:34:54 2020 -0600

    Upgrade python-urllib3 and python-requests to fix CVE-2019-11236, CVE-2020-26137 (#504)

    Co-authored-by: Rachel <rachelmenge@microsoft.com>

commit 7a2912082a
Author: Nicolas Ontiveros <54044510+niontive@users.noreply.github.com>
Date:   Wed Dec 30 15:34:54 2020 -0800

    Update ansible to version 2.9.12 (#503)

    * Update ansible to version 2.9.12

commit 8fa08b3e98
Author: Pawel Winogrodzki <pawelwi@microsoft.com>
Date:   Tue Dec 29 14:25:05 2020 -0800

    Adding Fedora 32 patch to make `perl-WWW-Curl` work with new version of `curl` (#502)

    * Adding Fedora 32 patch to make `perl-WWW-Curl` work with new version of `curl`.

    * Applying linter clean-up.

commit de7515cf52
Author: Nicolas Ontiveros <54044510+niontive@users.noreply.github.com>
Date:   Tue Dec 29 05:45:26 2020 -0800

    Upgrade p11-kit to 0.23.22 (#498)

    * Upgrade p11-kit to 0.23.22

commit 91420480ed
Merge: 153dedb2 0abb891a
Author: Pawel Winogrodzki <pawelwi@microsoft.com>
Date:   Mon Dec 28 19:19:02 2020 -0800

    Merge pull request #501 from PawelWMS/pawelwi/user_password_fix_merge

    * Regression fix to setting the user password for generated images.

commit 671069037f
Author: Pawel Winogrodzki <pawelwi@microsoft.com>
Date:   Mon Dec 28 19:07:06 2020 -0800

    Fixing spacing in TDNF's package list output (#497)

commit 0abb891ac4
Author: Mateusz Malisz <maliszmat@outlook.com>
Date:   Mon Dec 28 17:28:12 2020 -0800

    Mamalisz/fix chage shadow (#500)

    * Check shadow file inside the installChroot, not setupChroot

commit 035ce0670d
Author: Mateusz Malisz <maliszmat@outlook.com>
Date:   Mon Dec 28 17:28:12 2020 -0800

    Mamalisz/fix chage shadow (#500)

    * Check shadow file inside the installChroot, not setupChroot

commit 116533c12a
Author: Pawel Winogrodzki <pawelwi@microsoft.com>
Date:   Mon Dec 28 10:53:48 2020 -0800

    Updating `curl` to 7.74.0 to fix CVE-2020-8169 and stabilize tests. (#491)

    * Updating `curl` to version 7.74.0 to fix CVE-2020-8169.

    * Enabling more tests by adding `BuildRequires` and running them as a non-root user.

commit 852bc1e87a
Author: Pawel Winogrodzki <pawelwi@microsoft.com>
Date:   Wed Dec 23 14:17:41 2020 -0800

    Updating signed specs to be aligned with their unsigned counterparts. (#496)

commit 153dedb22c
Merge: 40b91253 7ca36c34
Author: Pawel Winogrodzki <pawelwi@microsoft.com>
Date:   Wed Dec 23 12:21:22 2020 -0800

    Updating SIGNED-SPECS to make the releases match their unsigned counterparts (#495)

commit 7ca36c3419
Author: Pawel <pawelwi@microsoft.com>
Date:   Wed Dec 23 12:12:33 2020 -0800

    Updating signed specs to be aligned with their unsigned counterparts.

commit 40b912533d
Merge: d53316bd ccce666f
Author: Pawel Winogrodzki <pawelwi@microsoft.com>
Date:   Tue Dec 22 22:00:20 2020 -0800

    Merging branch '1.0-dev' into '1.0' for the December release (#494)

commit ccce666ff8
Merge: d53316bd 3eae6178
Author: Pawel <pawelwi@microsoft.com>
Date:   Tue Dec 22 21:38:35 2020 -0800

    Merge branch '1.0-dev' into '1.0' for the December release.

commit 3eae617809
Author: rlmenge <rachelmenge@microsoft.com>
Date:   Tue Dec 22 20:09:31 2020 -0500

    Update python-pip to 19.2 to fix CVE-2019-20916 (#489)

    * Update python-pip to version 19.2 to fix CVE-2019-20916

commit 5db05d99cd
Author: Andrew Phelps <anphel31@users.noreply.github.com>
Date:   Tue Dec 22 15:56:31 2020 -0800

    Fix tests for elfutils and python-imagesize (#490)

    * fix python-imagesize tests

    * fix elfutils tests

    * update manifests

    * verify license and remove sha1

commit 63ef7aa39b
Author: rlmenge <rachelmenge@microsoft.com>
Date:   Tue Dec 22 17:43:08 2020 -0500

    Adding a patch for 'unbound' to fix CVE-2020-28935 (#487)

    * Fix CVE-2020-28935

commit 0481e800aa
Merge: ad87219b 1a277592
Author: jslobodzian <joslobo@microsoft.com>
Date:   Tue Dec 22 13:53:48 2020 -0800

    Merge pull request #476 from microsoft/joslobo/cloudinitdocfix

    Split out Quick Start, Add CBL-Mariner Usage Instructions

commit 1a27759278
Author: Jon Slobodzian <joslobo@microsoft.com>
Date:   Tue Dec 22 13:51:57 2020 -0800

    Minor corrections to build instructions

commit ad87219bf8
Author: Pawel Winogrodzki <pawelwi@microsoft.com>
Date:   Tue Dec 22 12:26:56 2020 -0800

    Updating `python-py` to 1.10.0 to fix CVE-2020-29651 (#488)

commit 22e52d78fa
Merge: 58a9be74 b0c589c9
Author: Nick Samson <nick.samson@microsoft.com>
Date:   Mon Dec 21 19:19:15 2020 -0800

    Merge pull request #477 from microsoft/nisamson/CVE-2020-35457

    Added patch for glib CVE-2020-35457

commit 58a9be7498
Author: Pawel Winogrodzki <pawelwi@microsoft.com>
Date:   Mon Dec 21 19:14:36 2020 -0800

    Updating `mariner-release.spec` for the December release. (#482)

commit 983b956fb9
Author: Pawel Winogrodzki <pawelwi@microsoft.com>
Date:   Mon Dec 21 18:56:19 2020 -0800

    Reverting ptest fix for Perl from PR #465 (commit: 283d6cd). (#486)

commit 943958ca1f
Author: Jon Slobodzian <joslobo@microsoft.com>
Date:   Mon Dec 21 15:45:22 2020 -0800

    Updated per peer review comment

commit c83a915313
Author: Nicolas Ontiveros <54044510+niontive@users.noreply.github.com>
Date:   Mon Dec 21 14:35:55 2020 -0800

    Add "at" and "uuid" packages (#425)

    * Add uuid package

    * Add at package

commit b0c589c9d0
Author: Nick Samson <nick.samson@microsoft.com>
Date:   Mon Dec 21 13:33:55 2020 -0800

    Verified license and removed sha line

commit bd872254ca
Author: rychenf1 <rychenf1@gmail.com>
Date:   Mon Dec 21 12:42:39 2020 -0800

    Patch curl CVE-2020-8231 (#478)

commit 5f0dd70f3a
Author: Nick Samson <nick.samson@microsoft.com>
Date:   Fri Dec 18 16:23:13 2020 -0800

    Undid manual whitespacing change

commit f27ad895c6
Author: Nick Samson <nick.samson@microsoft.com>
Date:   Fri Dec 18 16:19:26 2020 -0800

    Applied linter diff to glib spec

commit 1247485723
Author: Nick Samson <nick.samson@microsoft.com>
Date:   Fri Dec 18 15:08:20 2020 -0800

    Added patch for glib CVE-2020-35457

commit ca7c814c39
Author: Jon Slobodzian <joslobo@microsoft.com>
Date:   Fri Dec 18 14:13:41 2020 -0800

    Split out Quick Start, Add CBL-Mariner Usage Instructions

commit 99a5dcfc60
Author: Henry Li <lihl@microsoft.com>
Date:   Fri Dec 18 11:30:06 2020 -0800

    enable fluentd, jemalloc and update ruby; temporarily save the changes

commit a96c38b570
Author: Pawel Winogrodzki <pawelwi@microsoft.com>
Date:   Fri Dec 18 10:10:04 2020 -0800

    Fixing misleading doc entry about update repo's defaults. (#474)

commit a6280569dd
Author: Andrew Phelps <anphel31@users.noreply.github.com>
Date:   Thu Dec 17 16:45:17 2020 -0800

    Fix tests for llvm and libaio (#475)

    * fix libaio tests

    * fix llvm tests

    * update manifests

commit 14b8bd11a2
Author: Andrew Phelps <anphel31@users.noreply.github.com>
Date:   Thu Dec 17 15:35:38 2020 -0800

    Update prerequisites with golang 1.15 (#466)

    * update steps with golang 1.15

    * force create link

commit 91a4d79c55
Merge: c772ed9f 37011ead
Author: nicolas guibourge <nicogbg@gmail.com>
Date:   Thu Dec 17 19:13:41 2020 +0100

    Merge pull request #473 from microsoft/nicogbg/kubernetes-more-versions

    Nicogbg/kubernetes more versions

commit 37011ead45
Author: nicolasg@microsoft.com <nicolasg@microsoft.com>
Date:   Thu Dec 17 09:54:57 2020 -0800

    address PR comments

commit 689fe6fdff
Author: nicolasg@microsoft.com <nicolasg@microsoft.com>
Date:   Thu Dec 17 04:16:51 2020 -0800

    add more kubernetes versions

commit b54c2039ed
Author: nicolasg@microsoft.com <nicolasg@microsoft.com>
Date:   Thu Dec 17 01:06:05 2020 -0800

    rename existing kube spec to match full version

commit c772ed9fc8
Author: Mateusz Malisz <maliszmat@outlook.com>
Date:   Wed Dec 16 15:50:57 2020 -0800

    Fix file paths for prebuilt certificates (#471)

    * Fix file paths for prebuilt certificates

    * Delete instead of exclude
    * Fix xsltproc file path

commit 30ca334c63
Author: Henry Beberman <henry.beberman@microsoft.com>
Date:   Wed Dec 16 14:59:31 2020 -0800

    Update kernel to 4.5.83, Address 7 kernel CVEs  (#470)

    - Update kernel-headers, kernel, kernel-hyperv, and hyperv-daemons specs to use 5.4.83
    - Refresh version numbers for kernel-signed- specs
    - Update toolchain to use 5.4.83 source when building kernel headers
    - Address CVE-2020-14351, CVE-2020-14381, CVE-2020-25656, CVE-2020-25704,
      CVE-2020-29534, CVE-2020-29660, CVE-2020-29661
    - Update cgmanifest's download URLs to point to 5.4.83 source location

commit d2b2216972
Author: chalamalasetty <42326515+chalamalasetty@users.noreply.github.com>
Date:   Wed Dec 16 14:30:38 2020 -0800

    Remove password aging customized value to set default (#468)

    * Increase maxium number of days a password can be used

    * Update shadow utils version for toolchain deps

    * Update lint changes as per build logs

    * Remove PASS_MAX_DAYS customized value 90 to set default value

    * Update var in SPEC file by removing macro

    Co-authored-by: Suresh Babu Chalamalasetty <schalam@microsoft.com>

commit a84341942d
Author: rychenf1 <rychenf1@gmail.com>
Date:   Wed Dec 16 10:54:06 2020 -0800

    Patch curl CVE-2020-8177 (#469)

commit 0695cac045
Author: Mateusz Malisz <maliszmat@outlook.com>
Date:   Tue Dec 15 16:31:49 2020 -0800

    Add distroless containers (#403)

    Co-authored-by: Jon Slobodzian <joslobo@microsoft.com>

commit daa3e79f19
Author: Henry Li <lihl@microsoft.com>
Date:   Tue Dec 15 15:13:10 2020 -0800

    update td-agent and merge with latest 1.0-dev

commit 283d6cde5a
Author: Andrew Phelps <anphel31@users.noreply.github.com>
Date:   Mon Dec 14 19:29:20 2020 -0800

    Fix tests for grub2, perl, and skip libsoup tests (#465)

    * fix perl test

    * fix grub2 test

    * skip libsoup

    * cleanup

    * update manifests

    * update manifests

commit 1d38bbf67e
Merge: a46618d5 e1f798c0
Author: nicolas guibourge <nicogbg@gmail.com>
Date:   Mon Dec 14 10:16:40 2020 -0800

    Merge pull request #449 from microsoft/nicogbg/ms-kubernetes

    Nicogbg/ms kubernetes

commit a46618d5f3
Author: Nicolas Ontiveros <54044510+niontive@users.noreply.github.com>
Date:   Mon Dec 14 06:06:01 2020 -0800

    Patch  qemu CVE-2020-27821 (#462)

    * Patch CVE-2020-25723 in qemu-kvm

    * Patch qemu CVE-2020-27821

commit e1f798c011
Author: nicolasg@microsoft.com <nicolasg@microsoft.com>
Date:   Mon Dec 14 00:26:09 2020 -0800

    address PR comments

commit 22071220fb
Author: Nicolas Guibourge <nicolasg@microsoft.com>
Date:   Tue Dec 8 16:36:09 2020 -0800

    add kubernetes 1.17 1.18 and 1.19 in cgmanifest

commit c1cb2d363c
Author: Nicolas Guibourge <nicolasg@microsoft.com>
Date:   Tue Dec 8 15:53:39 2020 -0800

    build kube 1.19 from sources

commit 3efc7ee084
Author: Nicolas Guibourge <nicolasg@microsoft.com>
Date:   Tue Dec 8 12:02:03 2020 -0800

    build kube 1.18 from sources

commit 867768fdf5
Author: Nicolas Guibourge <nicolasg@microsoft.com>
Date:   Tue Dec 8 11:31:03 2020 -0800

    build kubernetes 1.17 from sources

commit d8b446625b
Author: Nicolas Guibourge <nicolasg@microsoft.com>
Date:   Fri Dec 4 14:44:10 2020 -0800

    move to kubernetes 1.17, 1.18 and 1.19

commit 819786cad8
Author: Andrew Phelps <anphel31@users.noreply.github.com>
Date:   Thu Dec 10 23:09:35 2020 -0800

    Increment release for all specs building with golang 1.15 (#460)

    * bump release for specs building with golang 1.15

    * changelog cleanup

commit c9192b5592
Author: Andrew Phelps <anphel31@users.noreply.github.com>
Date:   Thu Dec 10 19:42:17 2020 -0800

    Fix check tests for cpprest, libpipeline, librsync, postgresql, libsoup (#459)

    * fix cpprest test

    * fix libpipeline test

    * fix librsync test

    * fix postgresql test

    * remove override for libsoup test

    * update manifests for libpipeline

    * add with_check per PR feedback

commit cf6275ef0b
Author: Pawel Winogrodzki <pawelwi@microsoft.com>
Date:   Thu Dec 10 11:36:01 2020 -0800

    Removing binaries from the repository. (#441)

commit d53316bddd
Merge: b229c4ff f8e401aa
Author: jslobodzian <joslobo@microsoft.com>
Date:   Wed Dec 9 21:02:25 2020 -0800

    Merge pull request #457 from microsoft/joslobo/offcycle-merge-from-1.0-dev

    Offcycle fixes for Critical and High CVEs (also includes miscellaneous bug fixes)

commit 08e4ed6602
Author: Pawel Winogrodzki <pawelwi@microsoft.com>
Date:   Wed Dec 9 20:00:12 2020 -0800

    Fixing `rpm-ostree` ptests. (#451)

    * Fixing `rpm-ostree` ptests.

    * Adding linter changes.

commit f8e401aa7c
Merge: 3f43b39f 4630a3ca
Author: Jon Slobodzian <joslobo@microsoft.com>
Date:   Wed Dec 9 17:06:06 2020 -0800

    Merge branch '1.0-dev' into joslobo/offcycle-merge-from-1.0-dev

commit 4630a3ca4c
Author: jslobodzian <joslobo@microsoft.com>
Date:   Wed Dec 9 17:00:28 2020 -0800

    Revert "Enable td-agent in Mariner" (#458)

commit 3f43b39fcd
Merge: b229c4ff 13ba9d24
Author: Jon Slobodzian <joslobo@microsoft.com>
Date:   Wed Dec 9 12:22:31 2020 -0800

    Merge branch '1.0-dev' into joslobo/offcycle-merge-from-1.0-dev
    Fix for curl CVE-2020-8284, CVE-2020-8285, and CVE-2020-8286
    Fix for openSSL CVE-2020-1971
    Fix for openldap CVE-2020-25692
    Fix for qemu-kvm CVE-2020-25723
    Update to golang 1.15
    Fix for kernel CVE-2020-25705, CVE-2020-15436, CVE-2020-28974, CVE-2020-29368, CVE-2020-29369, CVE-2020-29370, CVE-2020-29374, CVE-2020-29373, CVE-2020-28915, CVE-2020-28941, CVE-2020-27675, CVE-2020-15437, CVE-2020-29371, CVE-2020-29372, CVE-2020-27194, CVE-2020-27152
    Fix for postresql CVE-2020-25695 CVE-2020-25694

commit 13ba9d24ae
Author: Nicolas Ontiveros <54044510+niontive@users.noreply.github.com>
Date:   Wed Dec 9 11:49:36 2020 -0800

    Patch curl CVEs: 2020-8284, 2020-8285, and 2020-8286 (#455)

    * Patch CVE-2020-8284

    * Patch CVE-2020-8285

    * Patch CVE-2020-8286

commit ef69a8e23a
Author: Joe Schmitt <1146681+schmittjoseph@users.noreply.github.com>
Date:   Wed Dec 9 13:14:10 2020 -0500

    Patch CVE-2020-1971 (#454)

commit d3afce09e2
Author: Joe Schmitt <1146681+schmittjoseph@users.noreply.github.com>
Date:   Wed Dec 9 12:49:55 2020 -0500

    Patch CVE-2020-25692 (#453)

commit ec501e25a1
Merge: fad702e2 7a2c7230
Author: Henry Li <69694695+henryli001@users.noreply.github.com>
Date:   Wed Dec 9 00:14:17 2020 -0800

    Merge pull request #450 from microsoft/lihl/walinuxagent-update

    Upgrade WALinuxAgent to 2.2.52

commit 7a2c72307d
Author: Henry Li <lihl@microsoft.com>
Date:   Tue Dec 8 23:03:44 2020 -0800

    fix patch file

commit fad702e21e
Author: Andrew Phelps <anphel31@users.noreply.github.com>
Date:   Tue Dec 8 21:49:41 2020 -0800

    fix autoconf213 changelog date (#452)

commit 66b3c11303
Author: Henry Li <lihl@microsoft.com>
Date:   Tue Dec 8 17:45:04 2020 -0800

    upgrade to 2.2.52

commit a1de597e49
Author: Henry Li <lihl@microsoft.com>
Date:   Tue Dec 8 17:01:55 2020 -0800

    upgrade WALinuxAgent

commit 1d7c44f288
Author: Andrew Phelps <anphel31@users.noreply.github.com>
Date:   Tue Dec 8 16:56:01 2020 -0800

    Fix check tests for Cython, libserf, librelp, apr and autoconf213 (#444)

    * fix Cython test

    * fix libserf tests

    * fix librelp test

    * fix apr test

    * fix autoconf213 tests

commit 1452909295
Author: Nicolas Ontiveros <54044510+niontive@users.noreply.github.com>
Date:   Tue Dec 8 12:37:29 2020 -0800

    Patch CVE-2020-25723 in qemu-kvm (#447)

commit b229c4ffd6
Author: Andrew Phelps <anphel31@users.noreply.github.com>
Date:   Tue Dec 8 10:08:23 2020 -0800

    update to golang 1.15 (#437)

commit 284e40ec62
Author: Pawel Winogrodzki <pawelwi@microsoft.com>
Date:   Tue Dec 8 09:57:37 2020 -0800

    Fixing `pkggen.mk` bug. (#446)

commit 28451002d5
Author: Christopher Co <christopher.co@microsoft.com>
Date:   Mon Dec 7 15:47:17 2020 -0800

    Update kernel to 5.4.81, Address 16 kernel CVEs (#434)

    * Initial update to 5.4.81 using autoupdater script

    * kernel: Address 16 CVEs

    Address CVE-2020-25705, CVE-2020-15436, CVE-2020-28974, CVE-2020-29368,
    CVE-2020-29369, CVE-2020-29370, CVE-2020-29374, CVE-2020-29373, CVE-2020-28915,
    CVE-2020-28941, CVE-2020-27675, CVE-2020-15437, CVE-2020-29371, CVE-2020-29372,
    CVE-2020-27194, CVE-2020-27152

    * kernel: Remove patch for kexec in HyperV

    Remove patch for kexec in HyperV. Integrated in 5.4.81.

    * kernel: Update kernel configs for 5.4.81

    * kernel: Add missing aarch64 configs

    * kernel-hyperv: fix up configs

commit 4a4c31a979
Author: Pawel Winogrodzki <pawelwi@microsoft.com>
Date:   Mon Dec 7 14:35:46 2020 -0800

    Decreasing logging noise for package test builds. (#436)

    * Decreasing logging noise for package test builds.

commit c822ea11b3
Author: Andrew Phelps <anphel31@users.noreply.github.com>
Date:   Mon Dec 7 13:06:58 2020 -0800

    Fix check tests for json-glib, libuv, pango (#439)

    * fix json-glib check

    * fix pango check

    * fix libuv check test

    * fix timestamp in json-glib

commit ea575ed96b
Author: Thomas Crain <thcrain@microsoft.com>
Date:   Mon Dec 7 09:16:07 2020 -0600

    Change link to ADO in ca-certificates.md (#438)

commit 71f86421f5
Merge: 35285d16 cf89b5ef
Author: Henry Li <69694695+henryli001@users.noreply.github.com>
Date:   Fri Dec 4 19:21:36 2020 -0800

    Merge pull request #429 from microsoft/lihl/td-agent

    Enable td-agent in Mariner

commit cf89b5ef7c
Author: Henry Li <lihl@microsoft.com>
Date:   Fri Dec 4 19:19:36 2020 -0800

    move source tarball to server and fix License field

commit 9080fa1ca6
Merge: 35285d16 bcfd58c5
Author: Andrew Phelps <anphel@microsoft.com>
Date:   Fri Dec 4 17:15:30 2020 -0800

    Merge remote-tracking branch 'upstream/1.0' into 1.0

commit 35285d16f9
Author: Pawel Winogrodzki <pawelwi@microsoft.com>
Date:   Fri Dec 4 16:19:09 2020 -0800

    Adding timestamp to toolchain builds. (#435)

    * Adding timestamp to toolchain builds.

commit b24f48ce1e
Author: rlmenge <rachelmenge@microsoft.com>
Date:   Fri Dec 4 10:37:28 2020 -0500

    Change systemConfig test to copy rather than reference valid users (#433)

    * Fix test to copy rather than reference the users array in systemConfig

commit e8ebc9e5de
Author: Henry Beberman <henry.beberman@microsoft.com>
Date:   Thu Dec 3 15:46:33 2020 -0800

    Update golang spec to 1.15 (#420)

    * Update golang spec to 1.15

    * Disable x509ignoreCN for srpm packing for golang-1.15

    * remove unused CVE patch, golang1.13 signatures file, and ifarch for bootstrap patch

    * fix linting errors

    * revert linting changes

    Co-authored-by: Andrew Phelps <anphel@microsoft.com>

commit 561ef16cf6
Author: rlmenge <rachelmenge@microsoft.com>
Date:   Thu Dec 3 17:21:37 2020 -0500

    Add user file and allow setting for password to never expire (#419)

    * Change the password expire days to an int to allow for -1 to be passed

    The -1 argument allows for user's passsword to never expire
    Also added users.go and tests for invalid settings
    Add documentation for the User field under SystemConfigs

commit aac1f33546
Author: Christopher Co <christopher.co@microsoft.com>
Date:   Thu Dec 3 11:28:37 2020 -0800

    kernel: Add tpm eventlog patch for arm (#426)

commit f9061c584f
Author: Henry Li <lihl@microsoft.com>
Date:   Thu Dec 3 10:44:47 2020 -0800

    fix licensing

commit 45524ef329
Author: Pawel Winogrodzki <pawelwi@microsoft.com>
Date:   Thu Dec 3 10:40:59 2020 -0800

    Updating Microsoft trusted root CAs. (#342)

commit 6f42a418b6
Author: Nicolas Ontiveros <54044510+niontive@users.noreply.github.com>
Date:   Thu Dec 3 08:01:24 2020 -0800

    Move "waagent" to sbindir in WALinuxAgent (#428)

    * Move "waagent" to sbindir in WALinuxAgent

    * Address spec linting

commit 3ed4d4bf17
Author: Henry Li <lihl@microsoft.com>
Date:   Wed Dec 2 11:13:51 2020 -0800

    fix changelog comment

commit 461cb383af
Author: Pawel Winogrodzki <pawelwi@microsoft.com>
Date:   Tue Dec 1 18:07:23 2020 -0800

    Unifying toolchain build log file names with package builds. (#430)

commit e64d292129
Author: Johnson George <johgeorg@microsoft.com>
Date:   Thu Nov 19 09:34:08 2020 +0000

    HyperV IP injection support

commit 6fd993fb84
Author: Henry Li <lihl@microsoft.com>
Date:   Tue Dec 1 13:33:25 2020 -0800

    fix linting and check in license map and cgmanifest

commit b9e1b90123
Author: Henry Li <lihl@microsoft.com>
Date:   Tue Dec 1 12:09:05 2020 -0800

    td-agent workload

commit 655e368366
Author: Pawel Winogrodzki <pawelwi@microsoft.com>
Date:   Mon Nov 30 16:49:46 2020 -0800

    Unblocking `ruby` test from being run. (#408)

commit dab3423b04
Merge: c51c6d44 9fdc0299
Author: Jason Goscinski <jasongos@users.noreply.github.com>
Date:   Mon Nov 30 16:48:07 2020 -0800

    Merge pull request #424 from microsoft/jasongos-patch-2

    Delete version-check.sh

commit c51c6d44f9
Author: Christopher Co <christopher.co@microsoft.com>
Date:   Mon Nov 30 16:14:43 2020 -0800

    Fix kexec() flow in HyperV (#415)

    When invoking kexec() on a Linux guest running on a Hyper-V host, the kernel panics. Created and applied kernel patch that fixes this issue.

commit 9fdc0299d2
Author: Jason Goscinski <jasongos@users.noreply.github.com>
Date:   Mon Nov 30 13:47:28 2020 -0800

    Delete version-check.sh

    Version-check.sh was meant to be deleted, but it was accidently restored during an internal 3 way merge.  As part of that merge, a Microsoft copyright was appended to the top of the file.  The origin of the file was LFS and was not intended to be included in CBL-Mariner.

commit cf46eb9bca
Author: Henry Beberman <henry.beberman@microsoft.com>
Date:   Tue Nov 24 16:41:38 2020 -0800

    Update libarchive source URL to GitHub (#418)

    Update libarchive source URL to GitHub

commit 881cdf26b7
Author: Pawel Winogrodzki <pawelwi@microsoft.com>
Date:   Tue Nov 24 14:09:52 2020 -0800

    Skipping `tdnf` package tests. (#417)

commit 78be43fd2d
Author: Pawel Winogrodzki <pawelwi@microsoft.com>
Date:   Tue Nov 24 14:08:39 2020 -0800

    Generalizing and simplifying TDNF output regex for reading RPM repo contents. (#411)

    * Generalizing and simplifying TDNF output regex.

    * Extending regex to catch package versions with tildes in them.

    Co-authored-by: Christopher Co <christopher.co@microsoft.com>

commit bcfd58c598
Merge: 4967c2d4 3525f42c
Author: nicolas guibourge <nicogbg@gmail.com>
Date:   Tue Nov 24 08:17:12 2020 -0800

    Merge pull request #413 from microsoft/nicogbg/November-Monthly-Release

    Nicogbg/november monthly release

commit 3525f42c39
Author: Henry Beberman <henry.beberman@microsoft.com>
Date:   Mon Nov 23 16:48:59 2020 -0800

    Upgrade postgresql to 12.5 (#414)

    postgresql v12.5 resolves CVE-2020-25695 and CVE-2020-25694

commit 37fc8b66b9
Author: Henry Beberman <henry.beberman@microsoft.com>
Date:   Mon Nov 23 16:48:59 2020 -0800

    Upgrade postgresql to 12.5 (#414)

    postgresql v12.5 resolves CVE-2020-25695 and CVE-2020-25694

commit a26725d543
Author: chalamalasetty <42326515+chalamalasetty@users.noreply.github.com>
Date:   Mon Nov 23 15:27:47 2020 -0800

    Update grub command line required to boot on some specific hardware SoCs  (#384)

    * Update grub command line with inst.stage2 label CDROM

    * Update grub command line required to boot on some specific hardware SoCs

    Co-authored-by: schalam <schalam@microsoft.com>

commit 55e0b1b54a
Author: chalamalasetty <42326515+chalamalasetty@users.noreply.github.com>
Date:   Mon Nov 23 15:27:47 2020 -0800

    Update grub command line required to boot on some specific hardware SoCs  (#384)

    * Update grub command line with inst.stage2 label CDROM

    * Update grub command line required to boot on some specific hardware SoCs

    Co-authored-by: schalam <schalam@microsoft.com>

commit 714f83171f
Merge: 4967c2d4 3b433a90
Author: Nicolas Guibourge <nicolasg@microsoft.com>
Date:   Mon Nov 23 08:25:38 2020 -0800

    Merge branch '1.0-dev' into nicogbg/November-Monthly-Release

commit 3b433a900c
Author: Thomas Crain <thcrain@microsoft.com>
Date:   Sun Nov 22 07:30:29 2020 -0800

    Remove instances of %ldconfig_scriptlets in specs (#412)

commit bda9ad6c01
Author: nicolas guibourge <nicogbg@gmail.com>
Date:   Fri Nov 20 16:27:08 2020 -0800

    increment release number for CBL-Mariner November release (#409)

    * increment release number for CBL-Mariner November release

    * increment release number for CBL-Mariner November release

    * address PR comments

commit 7da42bf31f
Author: Daniel McIlvaney <damcilva@microsoft.com>
Date:   Fri Nov 20 15:21:07 2020 -0800

    Fix qemu CVE-2018-12617 (#399)

    * Fix qemu CVE-2018-12617

commit 20ad7ea044
Author: Andrew Phelps <anphel31@users.noreply.github.com>
Date:   Fri Nov 20 10:50:34 2020 -0800

    Fix check tests for json-c, libmodulemd, libpwquality (#405)

    * fix tests

    * update manifests

    * fix typo

commit 9a632f38c4
Merge: 2d3633af 6855f30d
Author: Johnson <johnson.george@microsoft.com>
Date:   Fri Nov 20 10:44:29 2020 -0800

    Merge pull request #365 from microsoft/johgeorg/openssl_ptest

    Enable package test for openssl package

commit 2d3633af7f
Author: Pawel Winogrodzki <pawelwi@microsoft.com>
Date:   Thu Nov 19 15:42:59 2020 -0800

    Fixing `subversion` ptests. (#402)

    * Adding build-time dependencies for `%check`.

    * Aligning changelog with our conventions.

commit 58e41e2f43
Author: Pawel Winogrodzki <pawelwi@microsoft.com>
Date:   Thu Nov 19 13:24:00 2020 -0800

    Ptest fixes for `tdnf`, `tcsh`, `sysstat`. (#392)

    * Installing Python dependencies for the tests.

    * Adding `BuildRequires` on `shadow-utils` and `sudo` to fix `tcsh` package tests.

    * Removing `%check` section from `sysstat`.

    * Updating changelog and adding linter's suggestions.

commit 18397732ab
Author: Daniel McIlvaney <damcilva@microsoft.com>
Date:   Thu Nov 19 11:03:52 2020 -0800

    Don't warn about StreamOutput log buffer overflow (#400)

commit 28692542d0
Author: Christopher Co <christopher.co@microsoft.com>
Date:   Wed Nov 18 18:12:32 2020 -0800

    diskutils: Add MBR disk setup (#382)

    parted uses the msdos option to create an MBR disk. So let's pass the correct msdos
    option to parted instead of mbr when the user wants to make an MBR disk.

    - Create new ConvertToPartedArgument method to convert a given PartitionTableType to its associated parted argument
    - Add unit tests for ConvertToPartedArgument method
    - Pass "msdos" option to parted instead of "mbr" in diskutils

commit 8b3b80703b
Author: chalamalasetty <42326515+chalamalasetty@users.noreply.github.com>
Date:   Wed Nov 18 17:21:20 2020 -0800

    Disable kernel config SLUB_DEBUG_ON due to tcp throughput perf impact (#387)

commit ba513a2e53
Author: Joe Schmitt <1146681+schmittjoseph@users.noreply.github.com>
Date:   Wed Nov 18 14:55:44 2020 -0500

    Fix missing ant requires (#397) (#398)

commit 84a77c7b8a
Author: Pawel Winogrodzki <pawelwi@microsoft.com>
Date:   Wed Nov 18 10:46:26 2020 -0800

    Adding missing runtime dependency. (#388)

    * Adding missing runtime dependency.

    * Reordering toolkit package installation.

commit 87b598fe84
Author: Joe Schmitt <1146681+schmittjoseph@users.noreply.github.com>
Date:   Wed Nov 18 13:23:32 2020 -0500

    Install cracklib before building pam (#375) (#396)

commit de5e3c326d
Author: nicolas guibourge <nicogbg@gmail.com>
Date:   Tue Nov 17 12:41:52 2020 -0800

    CVE-2020-15778 - no patch (#393)

    * CVE-2020-15778 - no patch

    * re-lint spec (re-linting always add a white line in the spec => may be a bug in the tool)

commit 3af9abb617
Author: nicolas guibourge <nicogbg@gmail.com>
Date:   Tue Nov 17 12:40:54 2020 -0800

    nopatch nginx CVE-2009-4487 (#394)

commit 46a7401992
Author: Daniel McIlvaney <damcilva@microsoft.com>
Date:   Tue Nov 17 10:28:58 2020 -0800

    Nopatch QEMU CVE-2020-12829 (#391)

commit 513170d593
Author: nicolas guibourge <nicogbg@gmail.com>
Date:   Tue Nov 17 08:38:40 2020 -0800

    Change name of CVE-2019-16275 patch (#390)

    * Change name of CVE-2019-16275 patch

    * lint the .spec file

commit 450c329ab0
Author: Pawel Winogrodzki <pawelwi@microsoft.com>
Date:   Mon Nov 16 20:27:54 2020 -0800

    Installing `ca-certificates` package for ptest builds. (#389)

commit 00770b7334
Author: Thomas Crain <thcrain@microsoft.com>
Date:   Mon Nov 16 18:49:55 2020 -0800

    Patch CVE-2020-8037 in tcpdump (#383)

    Co-authored-by: Pawel Winogrodzki <pawelwi@microsoft.com>

commit ea706b71aa
Author: Nicolas Ontiveros <54044510+niontive@users.noreply.github.com>
Date:   Mon Nov 16 15:21:50 2020 -0800

    Fix systemd CVE-2019-6454 and CVE-2020-1712 patches (#374)

    * Fix CVE-2019-6454 patch

    * Update toolchain txt files

    * Fix CVE-2020-1712 patch

    * Update upstream patch info for CVE's 2019-6454/2020-1712

    * Fix async_polkit_callback patch

commit 6f11f9cd2b
Author: Pawel Winogrodzki <pawelwi@microsoft.com>
Date:   Mon Nov 16 11:31:49 2020 -0800

    Adding `local::lib` perl5 library to fix package tests. (#381)

    * Adding `local::lib` perl5 library to fix package tests.

commit b812866803
Author: Thomas Crain <thcrain@microsoft.com>
Date:   Mon Nov 16 05:31:23 2020 -0800

    Patch CVE-2019-19126 in glibc (#360)

commit 4967c2d412
Merge: 5bc8fa1c 7180b155
Author: jslobodzian <joslobo@microsoft.com>
Date:   Fri Nov 13 22:03:37 2020 -0800

    Merge pull request #376 from microsoft/jslobodzian/off-cycle-merge-to-fix-cves-and-community-build-issues

    Jslobodzian/off cycle merge to fix cves and community build issues

commit 7b9dcc5377
Author: chalamalasetty <42326515+chalamalasetty@users.noreply.github.com>
Date:   Fri Nov 13 16:50:24 2020 -0800

    Add support to build Arm64 ISO for CBL-Mariner (#373)

    * Add support to build Arm64 ISO for CBL-Mariner

    * Add support to build Arm64 ISO for CBL-Mariner

    * Add support to build Arm64 ISO for CBL-Mariner

    * Update to build_arch in imggen make file

    * Repetition removal suggestions. (#378)

    Repetition removal suggestions.

    Co-authored-by: schalam <schalam@microsoft.com>
    Co-authored-by: Pawel Winogrodzki <pawelwi@microsoft.com>

commit 177ea52526
Author: Pawel Winogrodzki <pawelwi@microsoft.com>
Date:   Fri Nov 13 16:49:07 2020 -0800

    Enabling network access for package builds running with `%check`. (#380)

commit 42ff7786ce
Author: Daniel McIlvaney <damcilva@microsoft.com>
Date:   Fri Nov 13 14:40:30 2020 -0800

    Add status badge, update quickstart workflow (#377)

commit fc79645dec
Author: Daniel McIlvaney <damcilva@microsoft.com>
Date:   Fri Nov 13 12:40:36 2020 -0800

    Add missing requires to auoms package (#369)

    * Clean auoms.spec with linter feedback

    * Add missing requirements to auoms

commit 717eb55dcf
Author: Henry Beberman <henry.beberman@microsoft.com>
Date:   Thu Nov 12 18:31:01 2020 -0800

    Add aspnetcore-runtime package (#372)

    Add aspnetcore-runtime-3.1 package
    Clean up dotnet-runtime-3.1 spec

commit 7180b15599
Author: Joe Schmitt <1146681+schmittjoseph@users.noreply.github.com>
Date:   Thu Nov 5 10:19:47 2020 -0800

    Include all sources in bond regardless of arch (#280)

commit 41a0fa61d1
Merge: cbcbaa2f 9ec151a2
Author: Jon Slobodzian <joslobo@microsoft.com>
Date:   Thu Nov 12 15:25:37 2020 -0800

    Merge branch 'jslobodzian/off-cycle-merge-to-fix-cves-and-community-build-issues' of github.com:microsoft/CBL-Mariner into jslobodzian/off-cycle-merge-to-fix-cves-and-community-build-issues

commit cbcbaa2f22
Author: Pawel Winogrodzki <pawelwi@microsoft.com>
Date:   Tue Nov 10 17:30:34 2020 -0800

    Creating packages summary for correct repo for Docker builds. (#362)

commit 27666f0324
Merge: 7902a2f4 48144ec5
Author: Henry Li <69694695+henryli001@users.noreply.github.com>
Date:   Thu Nov 12 14:30:46 2020 -0800

    Merge pull request #371 from microsoft/lihl/qemu-CVE

    Fix qemu-kvm CVEs (CVE-2020-13361, CVE-2020-11869, CVE-2020-14415, CVE-2020-15859, CVE-2020-13362, CVE-2020-25742, CVE-2020-25743, CVE-2020-15469, CVE-2020-24352)

commit 48144ec500
Author: Henry Li <lihl@microsoft.com>
Date:   Thu Nov 12 12:18:04 2020 -0800

    add patch for CVE-2020-24352

commit 409a7c6ca0
Author: Henry Li <lihl@microsoft.com>
Date:   Thu Nov 12 10:54:46 2020 -0800

    Fix qemu-kvm CVEs

commit 7902a2f471
Author: Thomas Crain <thcrain@microsoft.com>
Date:   Thu Nov 12 10:32:25 2020 -0800

    Patch CVE-2020-14352 in librepo (#368)

commit 3be3f8b4e9
Author: Pawel Winogrodzki <pawelwi@microsoft.com>
Date:   Thu Nov 5 16:55:37 2020 -0800

    Replacing deprecated flags with `imagepkgfetcher_extra_flags`. (#351)

    (cherry picked from commit bbde6ef1c7)

commit 00871c8194
Author: Joe Schmitt <1146681+schmittjoseph@users.noreply.github.com>
Date:   Thu Nov 5 11:09:52 2020 -0800

    Use archive for man-pages (#347) (#349)

commit e7e4b498f6
Author: chalamalasetty <42326515+chalamalasetty@users.noreply.github.com>
Date:   Thu Nov 12 00:01:05 2020 -0800

    Enable Hyper-V daemons for Arm64 VHDX image (#370)

    * Add core efi configuration file to generate Arm64 VHDX image

    * Enable Hyper-V daemons for Arm64 VHDX image

    Co-authored-by: schalam <schalam@microsoft.com>

commit d42ad2134f
Author: chalamalasetty <42326515+chalamalasetty@users.noreply.github.com>
Date:   Thu Nov 12 00:00:27 2020 -0800

    Enable arm64 hyperv and SoCs support for CBL-Mariner (#366)

    * Enable arm64 hyperv and SoCs support for CBL-Mariner

    * Update kernel config for Arm64 arch

    * Update kernel configs for arm64 arch

    * Enable arm64 hyperv and SoCs support for CBL-Mariner

    Co-authored-by: schalam <schalam@microsoft.com>

commit 9ec151a289
Author: Thomas Crain <thcrain@microsoft.com>
Date:   Wed Nov 11 16:23:50 2020 -0800

    Upgrade python-markupsafe and python-zope-interface for setuptools compatibility (#367)

commit d867ecef4b
Author: Thomas Crain <thcrain@microsoft.com>
Date:   Tue Nov 10 13:16:00 2020 -0800

    Python 3: Upgrade to fix CVE-2019-20907, CVE-2020-26116, CVE-2019-18348, CVE-2020-14422, Patch CVE-2020-27619 (#358)

commit fde43f8807
Author: Pawel Winogrodzki <pawelwi@microsoft.com>
Date:   Wed Nov 11 17:06:27 2020 -0800

    Skipping one `zsh` ptest testcase if ran as superuser. (#363)

    * Skipping test if ran as superuser.

    * Adding linter's suggestion.

commit 541801186b
Author: Thomas Crain <thcrain@microsoft.com>
Date:   Wed Nov 11 16:23:50 2020 -0800

    Upgrade python-markupsafe and python-zope-interface for setuptools compatibility (#367)

commit 3e1ac3f5cf
Author: Daniel McIlvaney <damcilva@microsoft.com>
Date:   Wed Nov 11 12:57:44 2020 -0800

    ExecuteLiveWithCallback can dump output on error. (#340)

    * ExecuteLiveWithCallback can dump output on error.

commit 6855f30d83
Author: Johnson George <johgeorg@microsoft.com>
Date:   Wed Nov 11 00:38:16 2020 +0000

    Enable package test for openssl package

commit 0b07e5e5ff
Author: Andrew Phelps <anphel31@users.noreply.github.com>
Date:   Wed Nov 11 10:51:22 2020 -0800

    Fix check tests for autoconf, gpgme, net-snmp (#364)

    * fix check tests for autoconf, gpgme, net-snmp

    * fix manifests

commit 8eed1092c1
Author: Pawel Winogrodzki <pawelwi@microsoft.com>
Date:   Tue Nov 10 17:30:34 2020 -0800

    Creating packages summary for correct repo for Docker builds. (#362)

commit 6874eeb1af
Author: Thomas Crain <thcrain@microsoft.com>
Date:   Tue Nov 10 13:28:55 2020 -0800

    Nopatch CVE-2013-0222, CVE-2013-0223 in coreutils (#359)

commit 93fe450a4f
Author: Thomas Crain <thcrain@microsoft.com>
Date:   Tue Nov 10 13:16:00 2020 -0800

    Python 3: Upgrade to fix CVE-2019-20907, CVE-2020-26116, CVE-2019-18348, CVE-2020-14422, Patch CVE-2020-27619 (#358)

commit 05687921cd
Author: Thomas Crain <thcrain@microsoft.com>
Date:   Mon Nov 9 09:57:46 2020 -0800

    Fix word wrapping in qemu-kvm CVE-2018-19665 patch (#356)

commit 9508d17831
Author: rlmenge <rlmenge@gmail.com>
Date:   Fri Nov 6 18:36:14 2020 -0500

    No patch for mySQL and CVE-2012-5627 (#353)

    * no patch for CVE-2012-5627

commit c041887a74
Author: Henry Beberman <henry.beberman@microsoft.com>
Date:   Fri Nov 6 09:41:36 2020 -0800

    Add libxcrypt spec (#343)

    libxcrypt is a replacement for the libcrypt functionality in glibc

    To enable a select few package installs we need to enable libxcrypt
    to install on top of an existing glibc libcrypt installation.

    This installation on top of glibc is a temporary measure, in future
    releases the plan is to move to libxcrypt completely.

commit bbde6ef1c7
Author: Pawel Winogrodzki <pawelwi@microsoft.com>
Date:   Thu Nov 5 16:55:37 2020 -0800

    Replacing deprecated flags with `imagepkgfetcher_extra_flags`. (#351)

commit 61c1b96e04
Author: Pawel Winogrodzki <pawelwi@microsoft.com>
Date:   Thu Nov 5 14:48:24 2020 -0800

    Nopatching CVE-2020-14145. (#337)

    * Nopatching CVE-2020-14145

    * Addressing linter's suggestions.

commit d661370179
Author: rlmenge <rlmenge@gmail.com>
Date:   Thu Nov 5 16:43:50 2020 -0500

    CVEs for mySQL (#341)

    * CVEs for mySQL
    Upgraded MySQL to version 8.0.22 to fix 40 CVEs.

commit aeb87c4fe7
Author: Thomas Crain <thcrain@microsoft.com>
Date:   Thu Nov 5 11:28:22 2020 -0800

    Remove RPM path macros from local package build contexts in go (#350)

commit 50066f4168
Author: Thomas Crain <thcrain@microsoft.com>
Date:   Thu Nov 5 11:27:46 2020 -0800

    Nopatch CVE-2019-18276 in bash (#266)

commit 5ae04be885
Author: Joe Schmitt <1146681+schmittjoseph@users.noreply.github.com>
Date:   Thu Nov 5 11:09:52 2020 -0800

    Use archive for man-pages (#347) (#349)

commit f8b35f6083
Author: Thomas Crain <thcrain@microsoft.com>
Date:   Thu Nov 5 10:58:59 2020 -0800

    Patch CVE-2018-19665 in qemu (#324)

commit a8867ab61d
Merge: 21b2c234 a5ab9b2a
Author: Thomas Crain <thcrain@microsoft.com>
Date:   Thu Nov 5 10:21:12 2020 -0800

    Patch CVE-2020-24553 in go (#326)

    * Patch CVE-2020-24553 in go

    * Fixup for patch

commit 21b2c234ab
Author: Thomas Crain <thcrain@microsoft.com>
Date:   Thu Nov 5 10:21:03 2020 -0800

    Patch CVE-2020-8927 in brotli (#323)

commit 90940092d4
Author: Joe Schmitt <1146681+schmittjoseph@users.noreply.github.com>
Date:   Thu Nov 5 10:19:47 2020 -0800

    Include all sources in bond regardless of arch (#280)

commit ee24ec7942
Author: Thomas Crain <thcrain@microsoft.com>
Date:   Thu Nov 5 08:11:38 2020 -0800

    Nopatch for trousers CVE-2020-24332 (#287)

commit 54dc069f66
Author: Thomas Crain <thcrain@microsoft.com>
Date:   Thu Nov 5 08:07:37 2020 -0800

    Nopatch CVE-2019-1010180 in gdb (#269)

commit 28da59c6a1
Author: Nicolas Ontiveros <54044510+niontive@users.noreply.github.com>
Date:   Thu Nov 5 08:00:22 2020 -0800

    OpenSSH: No patch CVE-2007-2768 (#315)

    * No patch CVE-2007-2768

    * Address linting

    * Remove extra space

    * Address PR comments

commit a5ab9b2a23
Author: Thomas Crain <thcrain@microsoft.com>
Date:   Wed Nov 4 19:45:54 2020 -0800

    Fixup for patch

commit 948c2dcd28
Author: Joe Schmitt <1146681+schmittjoseph@users.noreply.github.com>
Date:   Wed Nov 4 15:12:29 2020 -0800

    Fix pcre CVE-2020-14155 (#305)

commit f7a7f26f92
Author: Henry Beberman <henry.beberman@microsoft.com>
Date:   Wed Nov 4 14:58:38 2020 -0800

    Add heimdal, ipv6calc, perl-JSON (#338)

    Add heimdal, ipv6calc, perl-JSON specs

commit 157fad7d83
Author: Christopher Co <christopher.co@microsoft.com>
Date:   Wed Nov 4 10:57:49 2020 -0800

    Update kernel to 5.4.72, Address 54 kernel CVEs, Add license file (#273)

    Update kernel source to 5.4.72. New kernel source contains fixes for many kernel CVEs flagged by our tooling so address the CVEs. As part of this update, also add the kernel COPYING file to the packages missing the license file.

commit 22ee531895
Author: Pawel Winogrodzki <pawelwi@microsoft.com>
Date:   Wed Nov 4 10:29:29 2020 -0800

    Fixing CVE-2020-15705 in `grub2`. (#319)

    * Applying spec linter's suggestions.

    * Adding a patch for CVE-2020-15705.

commit 172fef1cf5
Author: Pawel Winogrodzki <pawelwi@microsoft.com>
Date:   Wed Nov 4 10:21:07 2020 -0800

    Updating `clamav` to 0.103.0. (#278)

commit 4239db8249
Author: Thomas Crain <thcrain@microsoft.com>
Date:   Wed Nov 4 06:23:04 2020 -0800

    Patch CVE-2020-25613 in ruby (#268)

    * Patch CVE-2020-25613 in ruby

    * Fix patch

commit b6dde3a5e7
Author: Thomas Crain <thcrain@microsoft.com>
Date:   Wed Nov 4 06:20:10 2020 -0800

    Patch CVE-2019-12749 in dbus (#267)

commit cd52570772
Author: Pawel Winogrodzki <pawelwi@microsoft.com>
Date:   Tue Nov 3 16:16:06 2020 -0800

    Updating `nghttp2` to 1.41.0 to fix CVE-2020-11080. (#333)

    * Updating `nghttp2` to 1.41.0 to fix CVE-2020-11080.

    * Addressing linter's suggestions.

commit 94a74df40f
Author: Pawel Winogrodzki <pawelwi@microsoft.com>
Date:   Tue Nov 3 16:14:02 2020 -0800

    Updating `postgresql` to 12.4 to fix CVE-2020-14349 and CVE-2020-14350. (#336)

    * Updating `postgresql` to 12.4 to fix CVE-2020-14349 and CVE-2020-14350.

    * Addressing linter's suggestions.

commit c98d311027
Author: Nicolas Ontiveros <54044510+niontive@users.noreply.github.com>
Date:   Tue Nov 3 15:40:13 2020 -0800

    Patch systemd CVEs: 2019-3842, 2019-3843, 2019-3844, 2019-6454, 2019-20386, 2020-1712, 2020-13776 (#248)

    * Patch CVE-2019-3842

    * Patch CVE-2019-3843

    * Fix URL in CVE-2019-3843.patch

    * Patch CVE-2019-3844

    * Patch CVE-2019-6454

    * Update CVE-2019-6454 patch

    * Patch CVE-2019-20386

    * Patch CVE-2020-1712

    * Patch CVE-2020-13776

    * Update toolchain txt files

    * Update systemd-bootstrap

    * Fix toolchain aarch64

    * Fix linting for systemd-bootstrap

    * Address more systemd-bootstrap linting

    * Addres systemd spec linting

    * Add newline at end of systemd spec

    * Fix systemd-bootstrap spec

commit d8f24c1187
Author: Thomas Crain <thcrain@microsoft.com>
Date:   Tue Nov 3 15:20:26 2020 -0800

    Patch CVE-2020-27619 in python2 (#330)

commit 233b085c1c
Merge: 391b026c 9ce1c1ba
Author: Nicolas Ontiveros <54044510+niontive@users.noreply.github.com>
Date:   Mon Nov 2 13:49:03 2020 -0800

    Merge pull request #312 from microsoft/niontive/flex-cve

    No Patch CVE-2019-6293

commit 391b026cdc
Merge: b809b4d1 c8b75741
Author: Nicolas Ontiveros <54044510+niontive@users.noreply.github.com>
Date:   Mon Nov 2 11:49:31 2020 -0800

    Merge pull request #277 from microsoft/niontive/libvirt-cve

    Patch CVE-2020-25637

commit a510f75be7
Author: Thomas Crain <thcrain@microsoft.com>
Date:   Mon Nov 2 07:52:41 2020 -0800

    Patch CVE-2020-24553 in go

commit b809b4d1bb
Merge: bde3e86b f267d1d7
Author: Nicolas Ontiveros <54044510+niontive@users.noreply.github.com>
Date:   Fri Oct 30 16:33:21 2020 -0700

    Merge pull request #308 from microsoft/niontive/core-utils-cve

    No patch CVE-2013-0221 and CVE-2016-2781

commit bde3e86b7b
Author: Pawel Winogrodzki <pawelwi@microsoft.com>
Date:   Sat Oct 31 00:29:33 2020 +0100

    Updating `vim` to version 8.1.1667 to fix CVE-2019-20807. (#320)

    * Updating `vim` to version 8.1.1667 to fix CVE-2019-20807.

    * Adding linter's suggestions.

commit f0ab9457fa
Author: Pawel Winogrodzki <pawelwi@microsoft.com>
Date:   Fri Oct 30 23:33:57 2020 +0100

    Updating `net-snmp` to fix CVE-2019-20892. (#313)

commit 33a0035ec2
Author: Joe Schmitt <1146681+schmittjoseph@users.noreply.github.com>
Date:   Fri Oct 30 13:02:08 2020 -0700

    Use pointer to systemconfig (#311)

commit 5bc8fa1c8f
Author: Joe Schmitt <1146681+schmittjoseph@users.noreply.github.com>
Date:   Thu Oct 29 18:21:58 2020 -0700

    Properly update AdditionalFiles in isomaker (#309)

    Co-authored-by: Joe Schmitt <joschmit@microsoft.com>

commit 9ce1c1bacc
Author: Nicolas Ontiveros <niontive@microsoft.com>
Date:   Thu Oct 29 17:28:36 2020 -0700

    More flex spec linting

commit cc2128b11c
Author: Nicolas Ontiveros <niontive@microsoft.com>
Date:   Thu Oct 29 17:26:59 2020 -0700

    Move lex to separate script

commit 95329c7013
Author: Nicolas Ontiveros <niontive@microsoft.com>
Date:   Thu Oct 29 17:13:44 2020 -0700

    More linting

commit 79f39d9a42
Author: Nicolas Ontiveros <niontive@microsoft.com>
Date:   Thu Oct 29 17:08:40 2020 -0700

    Lint changelog

commit 8276cd532b
Author: Nicolas Ontiveros <niontive@microsoft.com>
Date:   Thu Oct 29 17:03:54 2020 -0700

    Update toolchain txt files

commit 6a01bda8c7
Author: Nicolas Ontiveros <niontive@microsoft.com>
Date:   Thu Oct 29 16:42:16 2020 -0700

    No patch CVE-2019-6293

commit a44aea8298
Author: rychenf1 <rychenf1@gmail.com>
Date:   Thu Oct 29 16:32:07 2020 -0700

    Patch CVE-2020-13791 in qemu (#281)

    * Patch CVE-2020-13791 in qemu

    * Run spec-cleaner

    * rebase, adjust release and patch number

commit f267d1d72d
Author: Nicolas Ontiveros <niontive@microsoft.com>
Date:   Thu Oct 29 15:37:49 2020 -0700

    Fix url HTTPS and changelog spaces

commit b508adacaa
Author: Nicolas Ontiveros <niontive@microsoft.com>
Date:   Thu Oct 29 15:35:56 2020 -0700

    Remove extra "url"

commit 147f0ff68e
Author: Nicolas Ontiveros <niontive@microsoft.com>
Date:   Thu Oct 29 15:29:52 2020 -0700

    Fix spec linting

commit 4d4e91ea68
Author: Nicolas Ontiveros <niontive@microsoft.com>
Date:   Thu Oct 29 15:22:00 2020 -0700

    Update toolchain and pkggen txt files

commit 81fc6423a7
Author: Nicolas Ontiveros <niontive@microsoft.com>
Date:   Thu Oct 29 15:18:53 2020 -0700

    No patch CVE-2013-0221

commit ac39c207f4
Author: Nicolas Ontiveros <niontive@microsoft.com>
Date:   Thu Oct 29 14:47:02 2020 -0700

    Nopatch CVE-2016-2781

commit 0fc247576d
Author: Joe Schmitt <1146681+schmittjoseph@users.noreply.github.com>
Date:   Thu Oct 29 11:23:21 2020 -0700

    Fix qemu CVE-2020-13800 and CVE-2020-14364 (#306)

commit 729cdc5224
Author: Pawel Winogrodzki <pawelwi@microsoft.com>
Date:   Thu Oct 29 19:05:05 2020 +0100

    Fixing `qemu-kvm` CVE-2020-13253 and CVE-2020-13754. (#304)

    * Adding a patch for CVE-2020-13754.

    * Adding a patch for CVE-2020-13253.

    * Moving back to %setup.

commit a27ee369fa
Author: jslobodzian <joslobo@microsoft.com>
Date:   Wed Oct 28 11:47:40 2020 -0700

    Corrected URL_LIST links to preview repo (#295)

commit 3062c2e9d8
Author: Joe Schmitt <1146681+schmittjoseph@users.noreply.github.com>
Date:   Wed Oct 28 12:29:12 2020 -0700

    Prevent AdditionalFiles from being modified during iteration (#297) (#298)

commit 7f2b151b34
Author: nicolas guibourge <nicogbg@gmail.com>
Date:   Wed Oct 28 16:45:03 2020 -0700

    Address source RPM publishing issue on packages.microsoft.com (#303)

commit 6aebeb578b
Author: nicolas guibourge <nicogbg@gmail.com>
Date:   Wed Oct 28 16:45:03 2020 -0700

    Address source RPM publishing issue on packages.microsoft.com (#303)

commit 8036be64d4
Merge: fd6779f2 d0e7c246
Author: Henry Li <69694695+henryli001@users.noreply.github.com>
Date:   Wed Oct 28 16:34:07 2020 -0700

    Merge pull request #302 from microsoft/lihl/glibc-CVE

    Fix glibc CVE-2019-7309

commit fd6779f293
Merge: f9017425 2b43e91b
Author: Henry Li <69694695+henryli001@users.noreply.github.com>
Date:   Wed Oct 28 16:32:11 2020 -0700

    Merge pull request #293 from microsoft/lihl/qemu-CVE

    Fix Qemu CVE-2020-10702, CVE-2020-10761

commit 2b43e91b33
Author: Henry Li <lihl@microsoft.com>
Date:   Wed Oct 28 16:27:45 2020 -0700

    address comment

commit d0e7c246ff
Author: Henry Li <lihl@microsoft.com>
Date:   Wed Oct 28 16:11:45 2020 -0700

    fix more toolchain manifest issue

commit ca583e3df4
Author: Henry Li <lihl@microsoft.com>
Date:   Wed Oct 28 16:07:22 2020 -0700

    save toolchain pkg changes

commit 8f1d2d2cd7
Merge: 880573c8 f9017425
Author: Henry Li <lihl@microsoft.com>
Date:   Wed Oct 28 15:04:31 2020 -0700

    resolve conflicts

commit 880573c82a
Author: Henry Li <lihl@microsoft.com>
Date:   Wed Oct 28 15:00:48 2020 -0700

    update toolchain information

commit f901742520
Author: rychenf1 <rychenf1@gmail.com>
Date:   Wed Oct 28 14:48:57 2020 -0700

    Patch CVE-2020-24977 in libxml2 (#282)

commit f9c480731d
Merge: 9ec95b3d 40ffdc79
Author: Nick Samson <nick.samson@microsoft.com>
Date:   Wed Oct 28 14:31:37 2020 -0700

    Merge pull request #275 from microsoft/nisamson/nopatch-old-comments

    Updated unzip spec to ensure CVE tooling detection

commit 9ec95b3ddc
Author: Pawel Winogrodzki <pawelwi@microsoft.com>
Date:   Wed Oct 28 22:24:57 2020 +0100

    Revert "Disabling the MD4 algorithm. (#272)" (#301)

    This reverts commit 85330c701f.

commit 4be01ba170
Author: Henry Li <lihl@microsoft.com>
Date:   Wed Oct 28 14:14:57 2020 -0700

    fix spec format

commit 545af35e7c
Author: Henry Li <lihl@microsoft.com>
Date:   Wed Oct 28 13:45:22 2020 -0700

    fix glibc CVE

commit 8d9d99c99b
Author: Joe Schmitt <1146681+schmittjoseph@users.noreply.github.com>
Date:   Wed Oct 28 12:29:12 2020 -0700

    Prevent AdditionalFiles from being modified during iteration (#297) (#298)

commit 3627b06043
Merge: 3159d7df 453926a1
Author: Henry Li <69694695+henryli001@users.noreply.github.com>
Date:   Wed Oct 28 12:20:54 2020 -0700

    Merge pull request #296 from microsoft/lihl/nginx-CVE

    Fix nginx CVE-2019-20372

commit 3159d7df3f
Author: jslobodzian <joslobo@microsoft.com>
Date:   Wed Oct 28 11:47:40 2020 -0700

    Corrected URL_LIST links to preview repo (#295)

commit 453926a1ca
Author: Henry Li <lihl@microsoft.com>
Date:   Wed Oct 28 11:26:27 2020 -0700

    fix SPEC format

commit 85df8b47e4
Author: Henry Li <lihl@microsoft.com>
Date:   Wed Oct 28 11:16:29 2020 -0700

    fix patch

commit b4894f7ab7
Author: Henry Li <lihl@microsoft.com>
Date:   Wed Oct 28 10:59:41 2020 -0700

    fix nginx CVE

commit e90b112b41
Author: Henry Li <lihl@microsoft.com>
Date:   Wed Oct 28 09:55:36 2020 -0700

    re-fix SPEC format

commit a0eecf077b
Author: Henry Li <lihl@microsoft.com>
Date:   Tue Oct 27 22:51:40 2020 -0700

    format SPEC file

commit e20bd54520
Merge: ff79df6f 2e705831
Author: Henry Li <lihl@microsoft.com>
Date:   Tue Oct 27 18:41:03 2020 -0700

    fix patch issues

commit 2e70583100
Author: Thomas Crain <thcrain@microsoft.com>
Date:   Tue Oct 27 15:59:35 2020 -0700

    Revamp failure test for spec linting action (#290)

commit 95f0d27c6c
Merge: 612528d6 993d2420
Author: Nicolas Ontiveros <54044510+niontive@users.noreply.github.com>
Date:   Tue Oct 27 13:05:51 2020 -0700

    Merge pull request #286 from microsoft/niontive/fix-binutils

    Fix CVE-2019-17450 patch file

commit 612528d6e6
Author: Thomas Crain <thcrain@microsoft.com>
Date:   Tue Oct 27 12:52:47 2020 -0700

    Fix bash script issue (#284)

commit 993d242031
Author: Nicolas Ontiveros <niontive@microsoft.com>
Date:   Tue Oct 27 12:40:39 2020 -0700

    Fix CVE-2019-17450 patch file

commit ff79df6fe3
Merge: 48dbe4a6 f327334e
Author: Henry Li <lihl@microsoft.com>
Date:   Tue Oct 27 12:09:07 2020 -0700

    commit before merge

commit 48dbe4a6e0
Author: Henry Li <lihl@microsoft.com>
Date:   Tue Oct 27 12:04:07 2020 -0700

    save current changes

commit f327334eaa
Author: Thomas Crain <thcrain@microsoft.com>
Date:   Tue Oct 27 09:24:52 2020 -0700

    Enable spec lint PR gating (#270)

commit 85330c701f
Author: Pawel Winogrodzki <pawelwi@microsoft.com>
Date:   Tue Oct 27 14:02:06 2020 +0100

    Disabling the MD4 algorithm. (#272)

    Co-authored-by: Henry Beberman <henry.beberman@microsoft.com>

commit c8b75741a1
Author: Nicolas Ontiveros <niontive@microsoft.com>
Date:   Mon Oct 26 16:30:35 2020 -0700

    Patch CVE-2020-25637

commit db82a19572
Merge: 02ef42a2 cbb64e4b
Author: Nicolas Ontiveros <54044510+niontive@users.noreply.github.com>
Date:   Mon Oct 26 16:27:27 2020 -0700

    Merge pull request #274 from microsoft/niontive/cloud-init-cve

    Patch CVE-2020-8631 and CVE-2020-8632 in cloud-init

commit 02ef42a22b
Merge: 1500b2ab d0e4bb01
Author: Henry Li <69694695+henryli001@users.noreply.github.com>
Date:   Mon Oct 26 15:38:26 2020 -0700

    Merge pull request #276 from microsoft/lihl/openldap-CVE

    Fix openldap CVE-2015-3276

commit d0e4bb0134
Author: Henry Li <lihl@microsoft.com>
Date:   Mon Oct 26 14:39:58 2020 -0700

    check in patch file

commit f256824e5d
Author: Henry Li <lihl@microsoft.com>
Date:   Mon Oct 26 14:24:01 2020 -0700

    fix CVE

commit 1500b2ab09
Merge: ff296a7d 2f6f3d48
Author: Henry Li <69694695+henryli001@users.noreply.github.com>
Date:   Mon Oct 26 11:51:20 2020 -0700

    Merge pull request #261 from microsoft/lihl/redis-CVE

    Fix redis CVE-2020-14147

commit ff296a7d05
Author: Daniel McIlvaney <damcilva@microsoft.com>
Date:   Mon Oct 26 11:48:18 2020 -0700

    Add validatechroot tool to check worker chroot dependencies (#231)

    * Add validatechroot tool to check chroot worker deps.

    Run `sudo make validate-chroot`

    Signed-off-by: Daniel McIlvaney <damcilva@microsoft.com>

commit cbb64e4bdc
Author: Nicolas Ontiveros <niontive@microsoft.com>
Date:   Mon Oct 26 11:45:01 2020 -0700

    Patch CVE-2020-8632

commit fdb0ec1de2
Author: Nicolas Ontiveros <niontive@microsoft.com>
Date:   Mon Oct 26 11:31:58 2020 -0700

    Patch CVE-2020-8631

commit 40ffdc7961
Author: Nick Samson <nick.samson@microsoft.com>
Date:   Fri Oct 23 15:05:20 2020 -0700

    Updated unzip spec to ensure CVE tooling detection

commit a12c296c0a
Merge: 573e9d0d 18b70f46
Author: Nicolas Ontiveros <54044510+niontive@users.noreply.github.com>
Date:   Mon Oct 26 10:55:30 2020 -0700

    Merge pull request #249 from microsoft/niontive/python2-cve

    Patch Python2 CVEs: 2019-9674, 2019-20907, 2020-26116

commit 18b70f464b
Author: Nicolas Ontiveros <niontive@microsoft.com>
Date:   Mon Oct 26 10:53:50 2020 -0700

    Use autosetup in python2

commit 2f6f3d48e6
Author: Henry Li <lihl@microsoft.com>
Date:   Mon Oct 26 10:42:36 2020 -0700

    resolve comments

commit 573e9d0dfc
Merge: 69e14af6 a1ab27c9
Author: Nicolas Ontiveros <54044510+niontive@users.noreply.github.com>
Date:   Mon Oct 26 10:40:56 2020 -0700

    Merge pull request #271 from microsoft/niontive/cairo-cves

    Patch CVE-2018-19876 (Cairo)

commit a1ab27c95b
Author: Nicolas Ontiveros <niontive@microsoft.com>
Date:   Mon Oct 26 09:30:11 2020 -0700

    Patch CVE-2018-19876

commit 69e14af622
Merge: 41ad04d1 651aee04
Author: Nicolas Ontiveros <54044510+niontive@users.noreply.github.com>
Date:   Mon Oct 26 08:46:45 2020 -0700

    Merge pull request #255 from microsoft/niontive/binutils-cve

    Patch Binutils CVEs

commit 41ad04d1a7
Merge: 534d5bfc b4938c2b
Author: Nicolas Ontiveros <54044510+niontive@users.noreply.github.com>
Date:   Mon Oct 26 08:44:13 2020 -0700

    Merge pull request #250 from microsoft/niontive/unzip-cves

    Fix CVE patch names for unzip

commit b4938c2b31
Author: Nicolas Ontiveros <niontive@microsoft.com>
Date:   Mon Oct 26 08:41:51 2020 -0700

    Use autosetup in unzip

commit 149c89e7a5
Merge: 3799615a 534d5bfc
Author: Nicolas Ontiveros <niontive@microsoft.com>
Date:   Mon Oct 26 08:28:10 2020 -0700

    Merge branch '1.0-dev' into niontive/unzip-cves

commit 651aee049f
Author: Nicolas Ontiveros <niontive@microsoft.com>
Date:   Mon Oct 26 08:24:34 2020 -0700

    Use autosetup for binutils

commit 6dc378e358
Merge: b9b48360 534d5bfc
Author: Nicolas Ontiveros <niontive@microsoft.com>
Date:   Mon Oct 26 07:56:24 2020 -0700

    Merge branch '1.0-dev' into niontive/binutils-cve

commit b2931d89d4
Merge: b3135d9b 534d5bfc
Author: Nicolas Ontiveros <niontive@microsoft.com>
Date:   Mon Oct 26 06:16:43 2020 -0700

    Merge branch '1.0-dev' into niontive/python2-cve

commit b3135d9bb3
Author: Nicolas Ontiveros <niontive@microsoft.com>
Date:   Mon Oct 26 06:13:04 2020 -0700

    Update toolchain txt

commit d05bd17433
Author: Nicolas Ontiveros <niontive@microsoft.com>
Date:   Mon Oct 26 06:10:45 2020 -0700

    Fix CVE-2017-18207 patch

commit fefbf5f03b
Author: jslobodzian <joslobo@microsoft.com>
Date:   Sun Oct 25 18:50:06 2020 -0700

    Merge distroless container revert to 1.0 (#265)

    * Revert "Implement "distroless" containers (#252)"

    This reverts commit e41efdda19.

    * Revert "Implement "distroless" containers (#252)" (#264)

    This reverts commit e41efdda19.

commit 534d5bfc58
Author: jslobodzian <joslobo@microsoft.com>
Date:   Sun Oct 25 18:37:45 2020 -0700

    Revert "Implement "distroless" containers (#252)" (#264)

    This reverts commit e41efdda19.

commit 5074ad915f
Merge: 3f20b40d 1129ca14
Author: Nicolas Ontiveros <niontive@microsoft.com>
Date:   Sun Oct 25 08:31:45 2020 -0700

    Merge branch '1.0-dev' into niontive/python2-cve

commit 5df20d406a
Author: Jon Slobodzian <joslobo@microsoft.com>
Date:   Sat Oct 24 23:12:44 2020 -0700

    Fixed poorly merged files

commit 08fe4cc6b8
Author: Jon Slobodzian <joslobo@microsoft.com>
Date:   Sat Oct 24 19:10:46 2020 -0700

    Fixed bad file merge

commit e10f52efdb
Author: Jon Slobodzian <joslobo@microsoft.com>
Date:   Sat Oct 24 19:07:44 2020 -0700

    fix missed merge file

commit e9af376abd
Merge: 1deb3342 1129ca14
Author: Jon Slobodzian <joslobo@microsoft.com>
Date:   Sat Oct 24 19:05:31 2020 -0700

    Merge branch '1.0-dev' into 1.0 for October Update

commit 1129ca147b
Author: Andrew Phelps <anphel31@users.noreply.github.com>
Date:   Sat Oct 24 16:47:46 2020 -0700

    fix setup (#263)

commit 71e34ba2e2
Author: jslobodzian <joslobo@microsoft.com>
Date:   Sat Oct 24 16:45:30 2020 -0700

    Updated mariner-release package version (#262)

commit e41efdda19
Author: Mateusz Malisz <maliszmat@outlook.com>
Date:   Sat Oct 24 11:28:47 2020 +0200

    Implement "distroless" containers (#252)

    * Create distroless container without bash and surplus dependencies
    * Remove RPM database for distroless
    * Add busybox and uclibc. Add distroless-packages-debug
    * Update cgmanifest

    Co-authored-by: Jon Slobodzian <joslobo@microsoft.com>
    Co-authored-by: MateuszMalisz <mamalisz@microsoft.com>

commit 6182dbd17a
Author: Henry Li <lihl@microsoft.com>
Date:   Fri Oct 23 16:09:17 2020 -0700

    resolve comments

commit e9d587aa94
Author: Henry Li <lihl@microsoft.com>
Date:   Fri Oct 23 14:40:43 2020 -0700

    fix CVE-2020-14147

commit a42f887eac
Author: Andrew Phelps <anphel31@users.noreply.github.com>
Date:   Fri Oct 23 13:10:31 2020 -0700

    Add auoms package (#258)

    * add auoms package

    * add auoms original source url comments

    * fix changelog history

    * fix auoms signatures

    * fix changelog

    * use %license

    * update licenses-map

    * add omi to LICENSES-MAP

    * merge latest LICENSES-MAP

commit 3f20b40dc6
Author: Nicolas Ontiveros <niontive@microsoft.com>
Date:   Fri Oct 23 12:13:08 2020 -0700

    Ignore CVE-2019-18348

commit dca52581ad
Author: Nicolas Ontiveros <niontive@microsoft.com>
Date:   Fri Oct 23 12:04:05 2020 -0700

    Patch CVE-2017-18207

commit 45ce54e16c
Author: Joe Schmitt <1146681+schmittjoseph@users.noreply.github.com>
Date:   Fri Oct 23 10:36:30 2020 -0700

    Generate ant signatures (#260)

commit da7210e6cc
Author: Nicolas Ontiveros <niontive@microsoft.com>
Date:   Fri Oct 23 08:38:38 2020 -0700

    No patch CVE-2007-4559

commit 159deec0aa
Merge: 21eee62c 56ad1646
Author: Nicolas Ontiveros <niontive@microsoft.com>
Date:   Fri Oct 23 08:34:55 2020 -0700

    Merge branch '1.0-dev' into niontive/python2-cve

commit 56ad1646fc
Author: Pawel Winogrodzki <pawelwi@microsoft.com>
Date:   Fri Oct 23 12:40:52 2020 +0200

    Adding the `ccache` and `clamav` packages. (#251)

commit 8397380840
Merge: 01d594a9 f95e72e0
Author: Nick Samson <nick.samson@microsoft.com>
Date:   Thu Oct 22 23:56:22 2020 -0700

    Merge pull request #259 from microsoft/nisamson/add-omi

    Adding omi package

commit f95e72e040
Author: Nick Samson <nick.samson@microsoft.com>
Date:   Thu Oct 22 18:27:22 2020 -0700

    Added omi package

commit b9b483602d
Author: Nicolas Ontiveros <niontive@microsoft.com>
Date:   Thu Oct 22 14:51:52 2020 -0700

    Update pkggen and toolchain txt files

commit 57bfd2059f
Author: Nicolas Ontiveros <niontive@microsoft.com>
Date:   Thu Oct 22 14:49:25 2020 -0700

    Fix CVE-2019-17451

commit dc15941223
Author: Nicolas Ontiveros <niontive@microsoft.com>
Date:   Thu Oct 22 14:32:13 2020 -0700

    Patch CVE-2019-17450

commit dd80c16575
Author: Nicolas Ontiveros <niontive@microsoft.com>
Date:   Thu Oct 22 14:13:12 2020 -0700

    Patch CVE-2019-9074

commit 615d12fdd3
Author: Nicolas Ontiveros <niontive@microsoft.com>
Date:   Thu Oct 22 14:02:40 2020 -0700

    Patch CVE-2019-9073

commit 01d594a934
Author: rychenf1 <rychenf1@gmail.com>
Date:   Thu Oct 22 13:55:24 2020 -0700

    Nopatch sqlite CVE-2015-3717 (#254)

commit 95938a8b4f
Author: Nicolas Ontiveros <niontive@microsoft.com>
Date:   Thu Oct 22 13:48:53 2020 -0700

    Nopatch CVE-2019-9072

commit fb1a9b4e37
Author: Nicolas Ontiveros <niontive@microsoft.com>
Date:   Thu Oct 22 13:42:33 2020 -0700

    Patch CVE-2019-9071

commit f6a5fb9955
Author: Nicolas Ontiveros <niontive@microsoft.com>
Date:   Thu Oct 22 13:18:07 2020 -0700

    Fix CVE-2019-14444

commit 234def32a8
Author: Nicolas Ontiveros <niontive@microsoft.com>
Date:   Thu Oct 22 12:57:58 2020 -0700

    Fix CVE-2019-14250

commit fca1bb7930
Author: Nicolas Ontiveros <niontive@microsoft.com>
Date:   Thu Oct 22 12:46:11 2020 -0700

    Patch CVE-2019-12972 in binutils

commit 8aca46a825
Merge: 4d498efe a400f02c
Author: Henry Li <69694695+henryli001@users.noreply.github.com>
Date:   Thu Oct 22 12:19:02 2020 -0700

    Merge pull request #253 from microsoft/lihl/ant-CVE-2020-11979

    Fix Ant CVE-2020-11979

commit a400f02c84
Author: Henry Li <lihl@microsoft.com>
Date:   Thu Oct 22 11:45:39 2020 -0700

    update cgmanifest

commit b92bed7765
Author: Henry Li <lihl@microsoft.com>
Date:   Thu Oct 22 11:18:29 2020 -0700

    fix changelog comment

commit af2bb119af
Author: Henry Li <lihl@microsoft.com>
Date:   Thu Oct 22 10:59:48 2020 -0700

    update ant verision

commit 3799615a81
Author: Nicolas Ontiveros <niontive@microsoft.com>
Date:   Thu Oct 22 09:21:47 2020 -0700

    Fix CVE patch names for unzip

commit 21eee62c1e
Author: Nicolas Ontiveros <niontive@microsoft.com>
Date:   Thu Oct 22 09:06:12 2020 -0700

    Fix python-curses/xml in toolchain txt files

commit adbf690f2c
Author: Nicolas Ontiveros <niontive@microsoft.com>
Date:   Thu Oct 22 09:02:16 2020 -0700

    Add ca-certificates back

commit fc24befbad
Author: Nicolas Ontiveros <niontive@microsoft.com>
Date:   Thu Oct 22 09:00:10 2020 -0700

    Update toolchain txt files

commit c6fd02ea17
Author: Nicolas Ontiveros <niontive@microsoft.com>
Date:   Thu Oct 22 08:54:06 2020 -0700

    Patch CVE-2019-20907 and CVE-2020-26116

commit 4a79d3cec4
Author: Nicolas Ontiveros <niontive@microsoft.com>
Date:   Thu Oct 22 07:27:55 2020 -0700

    Nopatch CVE-2019-9674

commit 4d498efe31
Author: Henry Beberman <henry.beberman@microsoft.com>
Date:   Wed Oct 21 19:00:48 2020 -0700

    Patch gnutls CVE-2020-24659 (#247)

    Upstream CVE discussion: https://gitlab.com/gnutls/gnutls/-/issues/1071

commit 7f1c1feb83
Author: Henry Beberman <henry.beberman@microsoft.com>
Date:   Wed Oct 21 16:53:40 2020 -0700

    Nopatch ed CVE-2015-2987 (#209)

    ed CVE-2015-2987 applies to a different program named ed.

commit d6586ff19a
Author: Daniel McIlvaney <damcilva@microsoft.com>
Date:   Wed Oct 21 14:05:31 2020 -0700

    Patch lua CVE-2019-6706, CVE-2020-15888, nopatch CVE-2020-24342 (#169)

    * Patch lua CVE-2019-6706, CVE-2020-15888, CVE-2020-15945, nopatch CVE-2020-24342

    Signed-off-by: Daniel McIlvaney <damcilva@microsoft.com>

    * Roll back CVE-2020-15945, patch ineffective

    Signed-off-by: Daniel McIlvaney <damcilva@microsoft.com>

commit 1a31576601
Author: chalamalasetty <42326515+chalamalasetty@users.noreply.github.com>
Date:   Wed Oct 21 13:25:26 2020 -0700

    Portablectl patches for to support --now --enable and --no-block flags (#139)

    * Portablectl patches for to support --now --enable and --no-block flags

    * Portablectl patches for to support --now --enable and --no-block flags

commit 5303d09258
Author: Joe Schmitt <1146681+schmittjoseph@users.noreply.github.com>
Date:   Wed Oct 21 12:42:33 2020 -0700

    Patch unbound CVE-2020-12662 and CVE-2020-12663 (#246)

commit 84903e9620
Author: Andrew Phelps <anphel31@users.noreply.github.com>
Date:   Wed Oct 21 12:31:38 2020 -0700

    Fix check tests for brotli, gzip and python-certifi (#245)

    * fix check test for brotli, gzip, python-cerifi

    * update manifest release version for gzip

    * skip check for vim

commit 9af371f703
Author: Pawel Winogrodzki <pawelwi@microsoft.com>
Date:   Wed Oct 21 19:18:28 2020 +0200

    Switching to correct source for the Microsoft bundle. (#244)

commit 627798a571
Merge: 2ae22e2c b54a5a8a
Author: chalamalasetty <42326515+chalamalasetty@users.noreply.github.com>
Date:   Tue Oct 20 23:53:43 2020 -0700

    Merge pull request #233 from microsoft/schalam/qatengine

    Enable QAT kernel configs in CBL-Mariner

commit 2ae22e2cea
Author: Emre Girgin <50592283+mrgirgin@users.noreply.github.com>
Date:   Tue Oct 20 11:12:30 2020 -0700

    Fix CVE-2019-12735 in vim (#230)

    * Fix CVE-2019-12735 in vim

    * Update the changelog to address only one CVE.

commit e6021229ce
Author: Andrew Phelps <anphel31@users.noreply.github.com>
Date:   Tue Oct 20 10:35:10 2020 -0700

    Fix check tests for git, make, krb5 and libcap-ng (#241)

    * fix check tests

    * update toolchain manifests

    * fix blank spaces and tabs in make.spec

commit bcf0e59d7d
Author: Emre Girgin <50592283+mrgirgin@users.noreply.github.com>
Date:   Tue Oct 20 10:09:31 2020 -0700

    Update pull_request_template.md (#236)

commit 3b5441ae14
Author: Andrew Phelps <anphel31@users.noreply.github.com>
Date:   Tue Oct 20 10:04:41 2020 -0700

    patch openssh (#238)

commit b54a5a8a61
Merge: c5ecb62a 99ec27ac
Author: chalamalasetty <42326515+chalamalasetty@users.noreply.github.com>
Date:   Mon Oct 19 20:50:14 2020 -0700

    Merge branch '1.0-dev' into schalam/qatengine

commit 99ec27ac42
Author: Thomas Crain <thcrain@microsoft.com>
Date:   Mon Oct 19 15:28:41 2020 -0700

    Initial spec lint action commit (#172) (#191)

    * Initial spec-cleaner commit for CBL-Mariner

    * Add cgmanifest.json file for GitHub workflows folder

    * Set continue-on-error to true for a trial period

commit d8a4371f5e
Author: jslobodzian <joslobo@microsoft.com>
Date:   Mon Oct 19 15:15:07 2020 -0700

    Joslobo/add azure storage (#232)

    * Add azure-storage spec file to mariner-core

    * Register with legal and update map file

    * Fixed #source0 link

    * Updated per code review comments

    * Fixed URL to use https

commit 6ea7fde951
Author: Pawel Winogrodzki <pawelwi@microsoft.com>
Date:   Mon Oct 19 19:57:27 2020 +0200

    Adding the `bond`, `fluent-bit`, and `ivykis` packages. (#234)

commit b354cbf3da
Author: Christopher Co <christopher.co@microsoft.com>
Date:   Mon Oct 19 10:06:38 2020 -0700

    Nopatch kernel CVE-2020-10757, CVE-2020-12653, CVE-2020-12657, CVE-2010-3865, CVE-2020-11668, CVE-2020-12654, CVE-2020-24394, CVE-2020-8428 (#193)

    * Address CVE-2020-10757, CVE-2020-12653, CVE-2020-12657, CVE-2010-3865, CVE-2020-11668, CVE-2020-12654, CVE-2020-24394, CVE-2020-8428

commit c5ecb62a31
Author: chalamalasetty <chalamalasetty@live.com>
Date:   Sun Oct 18 17:35:18 2020 -0700

    Enable QAT kernel configs in CBL-Mariner

commit 1deb33421d
Author: Emre Girgin <50592283+mrgirgin@users.noreply.github.com>
Date:   Thu Oct 15 07:21:25 2020 -0700

    Fix CVE-2020-26159 in oniguruma (#211)

    * Fix CVE-2020-26159

    * Increment release, fix autosetup.

commit 9f379520e2
Author: Daniel McIlvaney <damcilva@microsoft.com>
Date:   Fri Oct 16 16:54:14 2020 -0700

    Nopatch qemu CVE-2015-7504 CVE-2017-5931 CVE-2017-14167 (#162)

commit 89fec183a4
Author: Emre Girgin <50592283+mrgirgin@users.noreply.github.com>
Date:   Fri Oct 16 16:47:24 2020 -0700

    Upgrade ruby to 2.6.6 to resolve CVE-2019-16255, CVE-2019-16201, CVE-2020-10933, CVE-2020-5247, CVE-2019-15845, CVE-2019-16254 (#224)

    * Upgrade ruby to 2.6.6 to resolve CVEs

    * Update cgmanifest

commit 0eb5d55fb2
Author: Thomas Crain <thcrain@microsoft.com>
Date:   Fri Oct 16 13:32:34 2020 -0700

    Add rapidjson package (#225)

commit 47156600f5
Author: Thomas Crain <thcrain@microsoft.com>
Date:   Fri Oct 16 12:25:15 2020 -0700

    Disable debug package for nlohmann-json (#228)

commit 916b6f74d7
Author: Thomas Crain <thcrain@microsoft.com>
Date:   Fri Oct 16 06:33:57 2020 -0700

    Add pugixml package (#222)

commit d3b01bd0f3
Author: Thomas Crain <thcrain@microsoft.com>
Date:   Fri Oct 16 06:32:55 2020 -0700

    Add babeltrace2 and lttng-consume packages (#226)

commit 5fc0ddbc16
Author: Thomas Crain <thcrain@microsoft.com>
Date:   Fri Oct 16 06:29:42 2020 -0700

    Update libestr (#213)

commit cb250578cc
Author: Andrew Phelps <anphel31@users.noreply.github.com>
Date:   Thu Oct 15 21:48:55 2020 -0700

    update libffi to use https source0 (#227)

commit f213e1f17f
Author: Thomas Crain <thcrain@microsoft.com>
Date:   Thu Oct 15 15:26:56 2020 -0700

    Add jsonbuilder package (#223)

commit 61bf24159c
Author: Emre Girgin <50592283+mrgirgin@users.noreply.github.com>
Date:   Thu Oct 15 14:02:15 2020 -0700

    Remove implicit git repository dependency from toolkit (#197)

    * Remove implicit git repository dependency

    * Remove the new GIT_REV variable

commit 511ee60b97
Author: Emre Girgin <50592283+mrgirgin@users.noreply.github.com>
Date:   Thu Oct 15 14:01:35 2020 -0700

    Remove toolchain-local-wget-list after use (#212)

    * Remove toolchain-local-wget-list after use

    - toolchain-local-wget-list has been left at the end of a toolchain build. It shows up on `git status` whene toolchain is built locally.
    - Another solution would be adding it to `.gitignore`.

    * Add temporary toolchain build files to toolkit/.gitignore

commit 3312d3721b
Author: Pawel Winogrodzki <pawelwi@microsoft.com>
Date:   Thu Oct 15 21:53:15 2020 +0200

    Adding the 'span-lite' and 'telegraf' packages. (#220)

commit 6df1d23f8c
Author: Thomas Crain <thcrain@microsoft.com>
Date:   Thu Oct 15 12:50:22 2020 -0700

    Add msgpack package (#216)

commit 329cf32b14
Author: Thomas Crain <thcrain@microsoft.com>
Date:   Thu Oct 15 12:44:45 2020 -0700

    Add nlohmann-json package (#217)

commit 010d470a6f
Author: Thomas Crain <thcrain@microsoft.com>
Date:   Thu Oct 15 12:18:55 2020 -0700

    Add liblogging package (#214)

commit c42ddb8c0c
Author: Thomas Crain <thcrain@microsoft.com>
Date:   Thu Oct 15 12:13:20 2020 -0700

    Add mm-common and libxml++ packages (#215)

commit a7682dd26d
Author: Pawel Winogrodzki <pawelwi@microsoft.com>
Date:   Thu Oct 15 20:48:16 2020 +0200

    Adding the 'tracelogging' and 'zipper' packages. (#208)

commit c2c7f85327
Author: Pawel Winogrodzki <pawelwi@microsoft.com>
Date:   Thu Oct 15 19:56:37 2020 +0200

    Adding the 'toml11' package. (#207)

commit d8e7691afc
Author: Pawel Winogrodzki <pawelwi@microsoft.com>
Date:   Thu Oct 15 19:52:49 2020 +0200

    Adding the 'tinyxml2' package. (#206)

commit 228dc7df54
Author: Pawel Winogrodzki <pawelwi@microsoft.com>
Date:   Thu Oct 15 19:26:39 2020 +0200

    Adding the 'syslog-ng' package. (#205)

commit d7c5db2a79
Author: Emre Girgin <50592283+mrgirgin@users.noreply.github.com>
Date:   Thu Oct 15 07:21:25 2020 -0700

    Fix CVE-2020-26159 in oniguruma (#211)

    * Fix CVE-2020-26159

    * Increment release, fix autosetup.

commit e9552392cb
Author: Joe Schmitt <1146681+schmittjoseph@users.noreply.github.com>
Date:   Wed Oct 14 15:40:10 2020 -0700

    Natively support pulling from the preview repo (#199)

commit 791c4b9e19
Author: jslobodzian <joslobo@microsoft.com>
Date:   Tue Oct 13 19:37:01 2020 -0700

    Build Break Fix:  Rollback selinux checkins.   (#204)

    * Revert "Add missing %libsepolver definition in secilc.spec (#192)"

    This reverts commit 9cff088bec.

    * Revert "Add SELinux packages to Mariner. (#100)"

    This reverts commit b2d918efac.

commit 78d83a1d20
Author: Chirag Shah <chsha@microsoft.com>
Date:   Tue Oct 13 15:56:30 2020 -0700

    Update README.md (#180)

commit 110619ae47
Author: Chirag Shah <chsha@microsoft.com>
Date:   Tue Oct 13 15:56:30 2020 -0700

    Update README.md (#180)

commit c1ce89832d
Author: nicolas guibourge <nicogbg@gmail.com>
Date:   Tue Oct 13 14:27:56 2020 -0700

    enable fetching RPMs from pacakges.microsoft.com for Docker based build (#198)

commit d5101f4f60
Author: Pawel Winogrodzki <pawelwi@microsoft.com>
Date:   Mon Oct 12 23:10:38 2020 +0200

    Adding a missing '%{?dist}' tag. (#195)

commit c0faafa421
Author: Emre Girgin <50592283+mrgirgin@users.noreply.github.com>
Date:   Mon Oct 12 12:17:47 2020 -0700

    Add architecture at the end of toolkit archive (#182)

    - Also add `version.txt` file in the toolkit archive as an easy way to verify toolkit version.

commit ce47c3d346
Merge: 397c1f02 e3880eda
Author: Henry Beberman <henry.beberman@microsoft.com>
Date:   Mon Oct 12 12:15:38 2020 -0700

    Merge pull request #165 from hbeberman/cifs_utils_fix

    Patch CVE-2020-14342 in cifs-utils

commit 397c1f0236
Author: Pawel Winogrodzki <pawelwi@microsoft.com>
Date:   Mon Oct 12 20:11:57 2020 +0200

    Removing 'TERMINAL_ISO_INSTALLER' from the docs. (#189)

commit 9cff088bec
Author: Thomas Crain <thcrain@microsoft.com>
Date:   Fri Oct 9 15:56:19 2020 -0700

    Add missing %libsepolver definition in secilc.spec (#192)

commit 71ce404b2b
Author: Pawel Winogrodzki <pawelwi@microsoft.com>
Date:   Thu Oct 8 20:15:12 2020 +0200

    Adding the `gflags` and `rocksdb` packages. (#183)

    * Adding the 'rocksdb' package.

    * Adding the 'gflags' package.

commit 9e6952ff3c
Author: Pawel Winogrodzki <pawelwi@microsoft.com>
Date:   Wed Oct 7 20:52:49 2020 +0200

    Updating cert bundle paths. (#181)

    * Updating cert bundle paths.

    * Updating cgmanifest.json.

commit 0bec6a1db6
Author: Pawel Winogrodzki <pawelwi@microsoft.com>
Date:   Wed Oct 7 20:52:21 2020 +0200

    Adding a .nopatch for CVE-2007-0086. (#176)

commit 0181cc7cc0
Author: Thomas Crain <thcrain@microsoft.com>
Date:   Wed Oct 7 08:07:48 2020 -0700

    Remove "::set-env" commands in GitHub Actions (#178)

commit b2d918efac
Author: Daniel Burgener <burgener.daniel@gmail.com>
Date:   Wed Oct 7 09:13:55 2020 -0400

    Add SELinux packages to Mariner. (#100)

    * Add SELinux packages to Mariner.

    This commit add the following packages to Mariner to provide basic
    SELinux support:

    - checkpolicy
    - libsemanage
    - mcstrans
    - policycoreutils
    - secilc
    - selinux-policy
    - setools

    The selinux-policy provided here is a generic base policy, which is not
    specifically tuned for Mariner, therefore only permissive mode support
    is enabled in this commit.  (Although users could load a custom policy
    to run in enforcing mode).  Future phases have been discussed to add
    SELinux enforcing mode support.

    This commit does not enable SELinux by default.  In order to enable
    SELinux support, one must first install necessary packages (libselinux,
    policycoreutils, secilc, selinux-policy), and then append "lsm=selinux
    selinux=1" to the kernel command line.  This will trigger an initial
    boot to relabel the system, at which point the system will reboot, and
    boot into an SELinux enabled system.  SELinux state can be queried with
    the "getenforce" command line tool.  If SELinux has not been enabled, it
    will report "Disabled" (the default).  If SELinux support has been
    enabled as described in this paragraph, it will report "permissive".

    This commit also modifies the following packages to enabled SELinux
    functionality in existing packages:

    - coreutils
    - cronie
    - dbus
    - openssh
    - pam
    - rpm
    - shadow-utils
    - systemd
    - util-linux

    This enables them to build with SELinux support so that when SELinux is
    enabled, they have SELinux related functionality available.

    Because coreutils is a basic package and requires building with
    libselinux-devel present in order to enable key SELinux functionality,
    several dependencies in other packages that rely on coreutils (namely
    python2, python3 and systemd-bootstrap) had to be removed in order to
    avoid circular dependencies.  There does not appear to be a functional
    impact from this change based on my testing.

commit d6a262815f
Author: Christopher Co <christopher.co@microsoft.com>
Date:   Tue Oct 6 11:16:17 2020 -0700

    installutils: Remove root password expiry when no root user is specified in imageconfig file (#161)

commit 328cd7b4c1
Author: Christopher Co <christopher.co@microsoft.com>
Date:   Tue Oct 6 11:15:49 2020 -0700

    installutils: Supply blank /etc/machine-id file (#147)

    From https://www.freedesktop.org/software/systemd/man/machine-id.html:
    For operating system images which are created once and used on multiple
    machines, for example for containers or in the cloud, /etc/machine-id
    should be an empty file in the generic file system image. An ID will be
    generated during boot and saved to this file if possible.

commit e3880eda03
Author: Henry Beberman <henry.beberman@microsoft.com>
Date:   Mon Oct 5 11:49:05 2020 -0700

    Fix CVE-2020-14342 patch to not depend on PATH

commit 3169bfd8c2
Author: Pawel Winogrodzki <pawelwi@microsoft.com>
Date:   Mon Oct 5 20:18:15 2020 +0200

    Extending 'strongswan' test timeout. (#173)

commit e9fead7ec2
Author: Mateusz Malisz <maliszmat@outlook.com>
Date:   Mon Oct 5 20:14:22 2020 +0200

    Update fontconfig to 2.13.91 (#175)

commit 6e9a239772
Author: Christopher Co <christopher.co@microsoft.com>
Date:   Fri Oct 2 17:19:24 2020 -0700

    Fix kernel aarch64 package build break due to missing CONFIG_IMA_KEXEC (#171)

commit c5d866a3b1
Merge: c6ccffa5 69a5be2c
Author: Emre Girgin <50592283+mrgirgin@users.noreply.github.com>
Date:   Fri Oct 2 17:30:25 2020 -0700

    Merge pull request #167 from microsoft/mrgirgin/mariner-repos-post

    Replace mariner-repos's %post scriptlet as %posttrans

commit c6ccffa563
Author: Christopher Co <christopher.co@microsoft.com>
Date:   Fri Oct 2 17:19:24 2020 -0700

    Fix kernel aarch64 package build break due to missing CONFIG_IMA_KEXEC (#171)

commit 69a5be2ce6
Merge: 00ea8627 4826b65d
Author: Emre Girgin <mrgirgin@microsoft.com>
Date:   Fri Oct 2 16:47:04 2020 +0000

    Merge branch '1.0-dev' into mrgirgin/mariner-repos-post

commit 4826b65d1a
Author: Pawel Winogrodzki <pawelwi@microsoft.com>
Date:   Fri Oct 2 16:47:58 2020 +0200

    Adding new 'preview' repository. (#146)

    * Adding new 'preview' repository.

    * Addressing comments.

commit 563639e25b
Merge: e95dc987 f86fe912
Author: Jon Slobodzian <joslobo@microsoft.com>
Date:   Thu Oct 1 21:34:16 2020 -0700

    Merge branch '1.0-dev' into 1.0

commit f86fe912bd
Author: Emre Girgin <50592283+mrgirgin@users.noreply.github.com>
Date:   Thu Oct 1 21:32:16 2020 -0700

    Fix kernel specs' %postun scripts (#164)

    * Fix `kernel.spec`'s `%postun` script

    * Fix `kernel-signed-aarch64`'s `%postun` script

    * Fix kernel-signed-x64.spec's %postun script

    * Fix kernel-hyperv.spec's %postun script

commit 49b0a95947
Author: Christopher Co <christopher.co@microsoft.com>
Date:   Thu Oct 1 21:31:38 2020 -0700

    initramfs: Regenerate initrd using host-only mode on file-based trigger (#170)

    * initramfs: Always use host-only mode

    kdump currently uses the host system's initrd when enrolling a crash kernel
    and initrd. There is a limitation where the kdump initrd must be generated
    with dracut in "host-only" mode.

    The -k option forces a host-only initrd build.
    The -q option suppresses verbose output

    If mkinitrd is called without <image> and <kernel-version> parameters, it will
    default to calling dracut in "host-mode" mode on every kernel version it can
    find in /boot.

    If mkinitrd is called with <image> and <kernel-version> parameters, it will
    default to calling dracut in "generic host" mode for rebuilding the specific
    initrd. Therefore we need to make sure to add the -k option when invoking
    mkinitrd with an explicit <image> and <kernel version>

    * Reword comment block

commit e95dc987c1
Merge: 70315169 906693b5
Author: Jon Slobodzian <joslobo@microsoft.com>
Date:   Thu Oct 1 21:14:46 2020 -0700

    Merge branch '1.0-dev' into 1.0

commit 9c3499f4fe
Author: Henry Beberman <henry.beberman@microsoft.com>
Date:   Thu Oct 1 12:17:58 2020 -0700

    Address changelog and prep section comments

commit 906693b5ae
Author: Thomas Crain <thcrain@microsoft.com>
Date:   Thu Oct 1 11:15:25 2020 -0700

    Remove chrony-wait as a boot service dependency (#166)

    * Remove chrony-wait as a boot service dependency

    * Add cgmanifest entry for chrony

commit 00ea86274a
Author: Emre Girgin <50592283+mrgirgin@users.noreply.github.com>
Date:   Thu Oct 1 09:46:41 2020 -0700

    Add a more verbose changelog

commit 1a1ed8c1ec
Author: Emre Girgin <50592283+mrgirgin@users.noreply.github.com>
Date:   Thu Oct 1 09:38:23 2020 -0700

    Update toolchain_x86_64.txt

commit 8756d186e6
Author: Emre Girgin <50592283+mrgirgin@users.noreply.github.com>
Date:   Thu Oct 1 09:38:07 2020 -0700

    Update toolchain_aarch64.txt

commit 41a6c75f85
Author: Emre Girgin <50592283+mrgirgin@users.noreply.github.com>
Date:   Thu Oct 1 09:37:52 2020 -0700

    Update pkggen_core_x86_64.txt

commit c3ccb82cef
Author: Emre Girgin <50592283+mrgirgin@users.noreply.github.com>
Date:   Thu Oct 1 09:37:32 2020 -0700

    Update pkggen_core_aarch64.txt

commit 9115bc45b9
Author: Emre Girgin <50592283+mrgirgin@users.noreply.github.com>
Date:   Thu Oct 1 09:32:42 2020 -0700

    Replace mariner-repos's %post script as %posttrans

    - After looking at here, it shows that %post script for a new version runs before the %preun script for an old version. Which means, after an upgrade, the keys would be removed by the older version: https://docs.fedoraproject.org/en-US/packaging-guidelines/Scriptlets/#ordering

commit adf08fb404
Author: Henry Beberman <henry.beberman@microsoft.com>
Date:   Wed Sep 30 17:39:07 2020 -0700

    Patch CVE-2020-14342 in cifs-utils

commit b5564be248
Author: Joe Schmitt <1146681+schmittjoseph@users.noreply.github.com>
Date:   Wed Sep 30 10:18:19 2020 -0700

    Support downloading preview SRPMs (#160)

    Replace SRPM_URL* with SRPM_URL_LIST

commit b556e4d970
Merge: 5e3844e7 4c83bb02
Author: chalamalasetty <42326515+chalamalasetty@users.noreply.github.com>
Date:   Tue Sep 29 18:17:49 2020 -0700

    Merge pull request #142 from microsoft/schalam/mlx_sr-iov

    Enable Mellanox kernel configs

commit 5e3844e788
Author: Christopher Co <christopher.co@microsoft.com>
Date:   Tue Sep 29 15:19:08 2020 -0700

    full: Always install the default kernel (#132)

    Currently, when installing CBL-Mariner via ISO, the ISO will
    install the standard kernel package or the kernel-hyperv package
    depending on if installing on HyperV VM or not.

    The HyperV kernel is still under evaluation so use the standard kernel
    package across the board.

commit 10cdad051f
Author: Daniel McIlvaney <damcilva@microsoft.com>
Date:   Tue Sep 29 13:30:12 2020 -0700

    Nopatch unzip CVE-2008-0888 (#154)

    Signed-off-by: Daniel McIlvaney <damcilva@microsoft.com>

commit f4528b8ecc
Author: Daniel McIlvaney <damcilva@microsoft.com>
Date:   Tue Sep 29 13:28:46 2020 -0700

    Nopatch lua CVE-2020-15889 (#153)

    * nopatch lua CVE-2020-15889

    Signed-off-by: Daniel McIlvaney <damcilva@microsoft.com>

commit d04ebb2437
Author: Daniel McIlvaney <damcilva@microsoft.com>
Date:   Tue Sep 29 13:24:52 2020 -0700

    Nopatch qemu CVE-2016-7161 (#152)

    * Nopatch qemu CVE-2016-7161

    Signed-off-by: Daniel McIlvaney <damcilva@microsoft.com>

commit 4f331e71e1
Author: Daniel McIlvaney <damcilva@microsoft.com>
Date:   Tue Sep 29 13:18:51 2020 -0700

    Nopatch apparmor CVE-2016-1585 (#150)

    * Nopatch apparmor CVE-2016-1585

    Signed-off-by: Daniel McIlvaney <damcilva@microsoft.com>

commit a7ae423538
Author: Daniel McIlvaney <damcilva@microsoft.com>
Date:   Tue Sep 29 13:15:58 2020 -0700

    Nopatch groff CVE-2000-0803 (#149)

    * Nopatch groff CVE-2000-0803

    Signed-off-by: Daniel McIlvaney <damcilva@microsoft.com>

commit 486f4fc1f9
Author: Daniel McIlvaney <damcilva@microsoft.com>
Date:   Tue Sep 29 13:13:04 2020 -0700

    Nopatch httpd CVE-1999-0236, CVE-1999-1412 (#148)

    * Nopatch httpd CVE-1999-0236, CVE-1999-1412

    Signed-off-by: Daniel McIlvaney <damcilva@microsoft.com>

commit b3ea131993
Author: Christopher Co <christopher.co@microsoft.com>
Date:   Mon Sep 28 17:05:07 2020 -0700

    Create quickstart.yml (#119)

    This patch adds a GitHub Action to verify our Quickstart instructions

commit 32a07873c2
Author: Daniel McIlvaney <damcilva@microsoft.com>
Date:   Mon Sep 28 10:31:24 2020 -0700

    Update tpm2-abrmd to 2.3.3 (#144)

    * Update tpm2-abrmd to 2.3.3

commit 4c83bb02b6
Author: chalamalasetty <chalamalasetty@live.com>
Date:   Fri Sep 25 22:17:53 2020 -0700

    Enable Mellanox kernel configs

commit 4b56414903
Author: Daniel McIlvaney <damcilva@microsoft.com>
Date:   Fri Sep 25 16:07:43 2020 -0700

    Update tpm2 tools to 4.2, tss to 2.4.0 (#134)

    Signed-off-by: Daniel McIlvaney <damcilva@microsoft.com>

commit 6068d8b5b4
Author: Daniel McIlvaney <damcilva@microsoft.com>
Date:   Fri Sep 25 16:07:17 2020 -0700

    Add  IMA feature to the kernel, add config for it (#135)

    * Add  IMA feature to the kernel, add config for it

    - Add IMA measurement configs to the x86_64, and aarch64 kernel configs (IMA_APPRAISE currently disabled).
    - Add KernelCommandLine config field to control IMA, and allow additional configs to be passed.

    Signed-off-by: Daniel McIlvaney <damcilva@microsoft.com>
    Co-authored-by: Christopher Co <christopher.co@microsoft.com>

commit b3d74966b0
Author: Pawel Winogrodzki <pawelwi@microsoft.com>
Date:   Wed Sep 23 11:48:24 2020 +0200

    Markdown lint-induced clean-up of doc files. (#122)

    * Makrdownlint-induced clean-up.

    * Removing redundant lines.

    * Removing redundant lines 2.

commit 0bfe2f9da7
Author: Pawel Winogrodzki <pawelwi@microsoft.com>
Date:   Tue Sep 22 19:34:33 2020 +0200

    Updating 'ca-certificates' nssckbi.h header and unifying changelog entries with package version (#125)

    * Updating changelog to be consistent with package version.

    * Fixing missed update to 'nssckbi.h'.

    * Updating manifests.

    * Updating signatures.

commit 5197a48564
Author: Mateusz Malisz <maliszmat@outlook.com>
Date:   Mon Sep 21 23:35:05 2020 +0200

    Add cloud-init-vmware-guestinfo package (#124)

    * Add cloud-init-vmware-guestinfo package

commit 4e504e32ae
Author: Pawel Winogrodzki <pawelwi@microsoft.com>
Date:   Mon Sep 21 21:21:11 2020 +0200

    Adding a small build tip to the quick start instructions. (#123)

commit 070331fc51
Author: Nicolas Ontiveros <54044510+niontive@users.noreply.github.com>
Date:   Sat Sep 19 13:59:40 2020 -0700

    Upgrade golang to 1.13.15 (#93)

commit 7126e0be4f
Author: Mateusz Malisz <maliszmat@outlook.com>
Date:   Sat Sep 19 22:58:40 2020 +0200

    Fix libffi normal package build (#116)

    * Fix libffi normal package build

    * Add comment explaining the purpose of the sed call

commit 83de3e225d
Author: Jim Perrin <Jim.Perrin@microsoft.com>
Date:   Tue Sep 15 08:36:19 2020 -0700

    add wants=sshd-keygen.service to sshd (#58)

    * add wants=sshd-keygen.service to sshd

    Signed-off-by: Jim Perrin <Jim.Perrin@microsoft.com>

    * modify signatures.json and bump release for pr

    Signed-off-by: Jim Perrin <Jim.Perrin@microsoft.com>

commit 09940d60f3
Author: Jason Goscinski <jasongos@users.noreply.github.com>
Date:   Thu Sep 10 18:06:34 2020 -0700

    Update building.md (#104)

commit ff4b770cf5
Author: Jim Perrin <Jim.Perrin@microsoft.com>
Date:   Tue Sep 8 12:53:14 2020 -0700

    Update trademark section of the readme

    Signed-off-by: Jim Perrin <Jim.Perrin@microsoft.com>
2021-05-17 22:41:17 +00:00
Thomas Crain 7b6df997a5 Merge remote-tracking branch 'origin/dev' into thcrain/pain 2021-05-17 11:14:46 -07:00
Thomas Crain ada9b25e30 Latest round of fixes 2021-05-04 12:45:49 -05:00
Henry Li 8ce94ae4e5
fix glib typo (#909)
Co-authored-by: Henry Li <lihl@microsoft.com>
2021-05-03 11:18:57 -07:00
Thomas Crain 90f361f753 Merge branch '1.0' from April Update 2021-04-30 18:07:37 -05:00
Nick Samson 028f925481
Toolchain fixes for Python2 removal 2021-04-30 22:44:58 +00:00
Henry Li d6c17151b4
[dev] Update glib and add libsepol and libselinux to worker chroot (#905)
* update glib and manifest

* revert incorrect changes and update update_manifest

* update manifests

Co-authored-by: Henry Li <lihl@microsoft.com>
2021-04-30 12:07:57 -07:00
Thomas Crain 534fd81bfd More toolchain fixes 2021-04-27 15:25:53 -05:00
Thomas Crain f6f7e2b5b2 Merge branch 'dev' into thcrain/pain 2021-04-27 09:47:23 -07:00
Henry Li d63cb59840
[dev] Update pango, harfbuzz, glib, python3, llvm and add fribidi (#867)
* save changes

* update changes

* fix linting error

* fix comments

* update script to fix toolcahin dependency

* fix comments

* update changelog

* use widcards

Co-authored-by: Henry Li <lihl@microsoft.com>
2021-04-26 14:35:56 -07:00
Thomas Crain 4859da4e1b Merge branch '1.0' into thcrain/pain (March Update) 2021-04-13 15:40:16 -05:00
Thomas Crain eae5b4006f Merge branch '1.0' into thcrain/ever-given 2021-04-06 22:39:22 -05:00
Nicolas Ontiveros 8d5c63da84
Patch CVE-2021-28153 (#811)
* Patch CVE-2021-28153

* Update pkggen and toolchain txt files
2021-03-30 07:29:28 -07:00
Henry Li 6206a84618
Update vim, util-linux and glib (#754)
* upgrade swig

* fix linting

* update licensing

* update URLs and linting

* update util-linux, glib and vim

* fix manifests and update linting

Co-authored-by: Henry Li <lihl@microsoft.com>
2021-03-16 17:21:52 -07:00
Thomas Crain 1b6ef71f38
Add patch for CVE-2021-27218, CVE-2021-27219 in glib (#715)
* Add patch for CVE-2021-27218, CVE-2021-27219 in glib

* Remove test that doesn't make sense in our version (g_memdup2 does not exist)
2021-03-05 23:23:40 -06:00
Henry Li e6e4018f45
Update glib, libsepol, python-sphinx, python-sqlalchemy, python-virtualenv (#659)
* save changes

* update glib, libsepol

* update toolchain manifests and cgmanifest

* resolve linting and source url for libsepol

* fix comments

* update python-sphinx

* fix libsepol changelog

Co-authored-by: Henry Li <lihl@microsoft.com>
2021-02-24 13:02:31 -08:00
rychenf1 d08950db43
[dev] Add additional provides and capabilities for several specs (#536) 2021-01-14 10:59:46 -08:00
Joe Schmitt 4f6e6fafc0
[dev] Add additional provides to several specs (#467) 2021-01-04 09:22:01 -08:00
Nick Samson b0c589c9d0
Verified license and removed sha line 2020-12-21 13:33:55 -08:00
Nick Samson 5f0dd70f3a
Undid manual whitespacing change 2020-12-18 16:23:13 -08:00
Nick Samson f27ad895c6
Applied linter diff to glib spec 2020-12-18 16:19:26 -08:00
Nick Samson 1247485723
Added patch for glib CVE-2020-35457 2020-12-18 15:08:20 -08:00
Joe Schmitt 62103bd568
Improve spec file compatibility [2/2] (#163) 2020-10-07 13:22:31 -07:00
Jon Slobodzian b877013b27 Initial CBL-Mariner commit to GitHub 2020-08-06 20:17:52 -07:00