8539e10c93
[AUTOPATCHER-kernel] Kernel upgrade to version 5.15.162.2 - branch main ( #9867 )
2024-07-19 11:56:19 -07:00
77d1924e4c
[AUTO-CHERRYPICK] [AUTOPATCHER-kernel] Kernel upgrade to version 5.15.162.1 - branch fasttrack/2.0 - branch main ( #9834 )
2024-07-15 10:46:55 -07:00
e5d9cb6d2d
[AUTOPATCHER-kernel] Kernel upgrade to version 5.15.160.1 - branch main ( #9362 )
...
This upgrade also contains ccf143f "Revert netfilter: br_netfilter: skip conntrack input hook for promisc packets" to unblock hairpin functionality.
2024-06-25 17:07:38 -07:00
ddbdd8987b
libarchive: add patch to resolve CVE-2024-26256 ( #9340 )
2024-06-13 09:02:08 -07:00
e2c8d9e5da
[FASTTRACK-CHERRYPICK] openssl: Fix CVE-2023-50782 affecting python-cryptography - branch main ( #9318 )
...
Co-authored-by: J Camposeco <108859819+jcamposeco@users.noreply.github.com>
Co-authored-by: Juan Camposeco <juanarturoc@microsoft.com>
2024-06-07 14:54:22 -07:00
7b83725990
Upgrade kernel to 5.15.158.2 ( #9358 )
...
5.15.157.1 introduced a failure with network hairpinning on AKS. Upgrade to 5.15.158.2 which has the commit [dceb683] reverted.
2024-06-07 14:34:36 -07:00
0d51af78bb
[AUTO-CHERRYPICK] CVE-2022-34169: docbook-style-xsl - upgrade embedded xalan jar from 2.7.2 to 2.7.3 (fasttrrack/2.0) - branch main ( #9308 )
...
Co-authored-by: bfjelds <bfjelds@microsoft.com>
2024-06-06 11:28:44 -07:00
3eef9c87e1
openssl: only free buffers when done ( #9309 )
2024-06-04 15:21:33 -07:00
4246a18833
Revert "Fixed Perl automatic requires and provides. ( #9226 )"
...
This reverts commit 6b8eb01bf0
2024-06-04 00:09:50 -04:00
f0b8294283
[AUTOPATCHER-kernel] Kernel upgrade to version 5.15.159.1 - branch main ( #9187 )
2024-05-29 14:31:46 -07:00
6b8eb01bf0
Fixed Perl automatic requires and provides. ( #9226 )
2024-05-26 22:20:56 -07:00
fb499af135
fix python-jinja2 for CVE-2024-34064 ( #9188 )
2024-05-24 19:08:28 +05:30
90eef0e159
fix CVE-2024-34459 for libxml2 ( #9186 )
2024-05-23 13:38:38 +05:30
8f57105e73
move src tarballs to AME - mariner 2.0 ( #8925 )
...
Co-authored-by: CBL-Mariner Servicing Account <cblmargh@microsoft.com>
2024-05-17 14:12:32 -07:00
332adb9675
glibc: Fix nscd breakage and patch CVE-2024-33599, CVE-2024-33600, CVE-2024-33601, CVE-2024-33602 ( #9051 )
...
This commit does 3 things: address ipv6 breakage with nscd due to previous CVE fix, reformat previous CVE patches, and patch 4 new CVEs
The ipv6 w/ nscd breakage was due to CVE-2023-4806's patch and caused wrong results with IPv6 addresses when using nscd. The patch mixes up the variables i and count. Therefore backport the fix (227c903).
Additionally, the above fix highlighted that our original patches for CVE-2023-4806 and CVE-2023-5156 were malformed. Specifically, the CVE-2023-4806 patch which updates "/sysdeps/posix/getaddrinfo.c.” to latest from glibc-2.35 (commit 17092c0) did not include the changes to other files (mostly additional tests so impact was low) but did partially include CVE-2023-5156's changes. To fix, regenerate both patches based on commits from upstream stable 2.35.
Finally, this PR applies patches for CVE-2024-33599, CVE-2024-33600, CVE-2024-33601, CVE-2024-33602
2024-05-10 18:50:52 -07:00
ee407800d9
[AUTOPATCHER-kernel] Kernel upgrade to version 5.15.158.1 - branch main ( #9076 )
...
Co-authored-by: Rachel Menge <rachelmenge@microsoft.com>
2024-05-10 17:34:24 -07:00
043fdf285e
[AUTOPATCHER-kernel] Kernel upgrade to version 5.15.157.1 - branch main ( #8958 )
...
Co-authored-by: Rachel Menge <rachelmenge@microsoft.com>
This upgrade introduces several upstream kernel kconfig changes.
Notably, it turned on additional mitigations for spectre attacks
and introduced function alignment knobs.
2024-05-01 23:03:56 -07:00
8fe3453f03
Tune some kernel configs for aarch64 ( #8899 )
2024-04-29 09:55:37 -07:00
a3681e13db
[AUTOUPGRADE-CORE] Upgrade ca-certificates Msft cert change ( #8858 )
2024-04-22 12:02:54 -07:00
c2c6f21656
openssl: Fix unconstrained session cache growth in TLSv1.3 ( #8839 )
2024-04-19 09:37:29 -07:00
dbfc0d1c6e
[AUTO-CHERRYPICK] Fix CVE-2024-28085 in util-linux by backporting the patch - branch main ( #8840 )
...
Co-authored-by: Bala <kumaran.4353@gmail.com>
2024-04-19 11:36:12 +05:30
18c464f2da
Enable CONFIG_NFT_OBJREF ( #8362 )
...
Add the nft_objref module to AMD64 for object reference support for nftables. This allows for AMD customers using nftables to get instight into their running Routing Policy (RP) policies.
This config is already enabled in ARM64.
2024-04-16 20:42:12 -07:00
f8509ca275
[AUTO-CHERRYPICK] [cherry-pick] Andrew's Change for Perl CVEs (CVE-2023-47100, CVE-2023-31484, CVE-2023-31486) - branch main ( #8718 )
...
Co-authored-by: Riken Maharjan <106988478+rikenm1@users.noreply.github.com>
2024-04-05 14:45:49 -07:00
533f23ba1e
Update expat changelog ( #8601 )
...
Co-authored-by: Pawel Winogrodzki <pawelwi@microsoft.com>
2024-04-01 13:42:42 -07:00
853ffb8e34
[AUTOUPGRADE-CORE] Upgrade ca-certificates Msft cert change ( #8606 )
2024-04-01 11:24:49 -07:00
c749e02944
[AUTO-CHERRYPICK] Upgrade expat to 2.6.2 CVE-2023-52425 and CVE-2024-28757 - branch main ( #8563 )
...
Co-authored-by: Adub17030MS <110563293+Adub17030MS@users.noreply.github.com>
2024-03-28 15:11:36 -07:00
d838a1da58
[AUTO-CHERRYPICK] Upgrade python to 3.9.19: address CVE-2023-6597 and other security concerns - branch main ( #8592 )
...
Co-authored-by: binujp <binujp@gmail.com>
2024-03-28 14:23:16 -07:00
136593e8b6
[AUTOPATCHER-kernel] Kernel upgrade to version 5.15.153.1 - branch main ( #8586 )
...
Co-authored-by: Rachel Menge <rachelmenge@microsoft.com>
This update contains backports for
ovl: let helper ovl_i_path_real() return the realinode [upstream b2dd05f]
ovl: fix null pointer dereference in ovl_permission() [upstream 1a73f5b]
2024-03-28 09:49:19 -07:00
2bf08ea7cf
Upgrade kernel to 5.15.151.2 ( #8557 )
...
This contains an LSG backported patch [27b7b5779b95fe7be1dd71e3b193bfcf6c3f16b1] for hv_netvsc. Note that all versions afterward (>=5.15.152.1) contain this patch within the stable source
2024-03-26 16:14:33 -07:00
392fadb5a2
Cython: skip long tests ( #8546 )
2024-03-25 14:57:14 -07:00
dc9686d402
[AUTOPATCHER-kernel] Kernel upgrade to version 5.15.151.1 - branch main ( #8376 )
2024-03-18 10:59:15 -07:00
72631720c7
[AUTO-CHERRYPICK] [AUTOPATCHER-CORE] Upgrade zstd to 1.5.4 CVE-2022-4899 - branch main ( #8315 )
2024-03-13 14:21:04 -07:00
88d859e3e2
pam: patch CVE-2024-22365 ( #8320 )
2024-03-08 13:39:34 -08:00
09b8c5971b
expat: patch CVE-2023-52426 ( #8290 )
2024-03-08 11:10:46 -08:00
1897a8ac3b
[AUTOPATCHER-kernel] Kernel upgrade to version 5.15.150.1 - branch main ( #8223 )
...
Co-authored-by: Vince Perri <viperri@microsoft.com>
Co-authored-by: Rachel Menge <rachelmenge@microsoft.com>
2024-03-04 13:02:26 -08:00
87bd75da1b
Revert "[AUTO-CHERRYPICK] [AUTOPATCHER-CORE] Upgrade pam to 1.5.3 fix CVE-2022-28321 - branch main ( #8149 )"
...
This reverts commit cac464eb5a
2024-02-29 15:48:04 -08:00
cac464eb5a
[AUTO-CHERRYPICK] [AUTOPATCHER-CORE] Upgrade pam to 1.5.3 fix CVE-2022-28321 - branch main ( #8149 )
2024-02-28 14:43:26 -08:00
25857d9db5
Enable Broadcom MPI3 Storage Controller Device Driver ( #7897 )
...
Enable the mpi3mr module to allow for testing Broadcom/LSI SCSI devices that require the MIP3MR driver.
2024-02-14 21:58:03 -08:00
25bb8ef6b3
patch openssl with null checks against ContentInfo ( #7892 )
2024-02-14 14:00:53 -08:00
f4ecbfe59b
[AUTOPATCHER-kernel] Kernel and kernel-mos upgrade to version 5.15.148.2 - branch main ( #7793 )
...
Co-authored-by: Rachel Menge <rachelmenge@microsoft.com>
2024-02-08 16:43:06 -08:00
bb769f7c44
[AUTO-CHERRYPICK] lz4: Upgrade to 1.9.4-1 to fix CVE-2021-3520 - branch main ( #7676 )
...
Co-authored-by: Rohit Rawat <rohitrawat@microsoft.com>
2024-02-06 08:32:17 +05:30
964f2fabfa
[AUTOPATCHER-kernel] Kernel upgrade to version 5.15.148.1 - branch main ( #7535 )
...
Note that arm64 had MMC_SDHCI_OMAP turned off due to a change upstream [106136f] which specified it depends on architecture which CBL-Mariner 2.0 does not support.
2024-01-31 12:03:34 -08:00
971e0e8a4d
[AUTOUPGRADE-CORE] Upgrade ca-certificates Msft cert change ( #7499 )
2024-01-26 16:02:47 -08:00
0d4d499a62
[AUTOPATCHER-kernel] Kernel upgrade to version 5.15.147.1 - branch main ( #7469 )
2024-01-25 13:04:54 -08:00
6e7be29036
Added a cross-compilation subpackage for aarch64 into `gcc`. ( #6996 )
...
Co-authored-by: dallasd1 <dadelan@microsoft.com>
2024-01-25 09:16:51 -08:00
f9093913b2
python-jinja2: add patch for CVE-2024-22195 ( #7426 )
2024-01-24 12:10:51 -08:00
e1cbb1d9b8
Remove /etc/host.conf from filesystem ( #7389 )
2024-01-23 10:28:55 -08:00
4cc8642e31
Enable CONFIG_X86_IOPL_IOPERM ( #7181 )
...
Enable for hardware platforms that use AMBIOS. Interacting with the firmware on these platforms from Linux user space uses the AMI Setup Control Environment Utility, SCELNX_64. This closed source vendor provided program depends on the iopl deprecated, legacy syscall. This syscall's availability is controlled by CONFIG_X86_IOPL_IOPERM kernel configuration item. Therefore, enable to prevent segfaults.
2024-01-19 12:04:48 -08:00
4002115d51
Patch libssh2 for CVE-2023-48795 ( #7292 )
...
Co-authored-by: Harshit Gupta <guptaharshit@microsoft.com>
2024-01-18 16:36:22 -05:00
119bf4061e
Added cross-compilation `binutils` and `kernel-headers`. ( #6945 )
2024-01-18 11:14:34 -08:00
CBL-Mariner-Bot
Nan Liu
Rachel Menge
Tobias Brick
jslobodzian
Pawel Winogrodzki
Sudipta Pandit
nicolas guibourge
Sriram Nambakam
Adub17030MS
Andrew Phelps
Saul Paredes
Henry Beberman
Harshit Gupta