Skip to content

Releases: microsoft/azurelinux

1.0 CBL-Mariner March 2021 Update

07 Apr 03:47
@jslobodzian jslobodzian
1.0.20210331-1.0
7277504
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
1.0 CBL-Mariner March 2021 Update

Reduce disk footprint in Mariner Core images
Community builds now share public blob-store for tar ball packages.
VSCode SSH remoting into Mariner works now.

Add bnx2x and qed firmware, WHENCE, and license files for linux firmware
Add sp800-56a rev3 compliance to OpenSSL
Add ntopng
Add Broadcom NetXtreme and msr driver moudule support to kernel
Add more robust handling of disk/partition operations, refactored partition detection, improved error logging
Add Text-To-Speech experience in the ISO installer.
Add speakup support to kernel
Add grpc to mariner and enable it to use system zlib and openssl support
Add ssh brute force protection rules (IpTables)

Fix Makefile nits: Improved toolchain download logs, silence extraction of toolchain RPMs, clean SRPM expansion and chroot creation console output
Fix issue with multiple empty mount validation
Fix SRPMPacker tool to use system cert pool
Fix toolchain build robustness: (Added retries to jdk8 tarball downloads)
Fix older toolkit builds. (Ignore 'BuildRequires' on pre-installed packages.)
Fix installutils to only return grub2-pc on amd64 install

Updating Microsoft trusted root CAs.
Update Grub2 to 2.06-rc1
Update Kubernetes packages for CVE fixes.
Update shadow-utils and td-agent
Update azure-iotedge to version 1.1.0
Update ARM64 ISO config with new EULA paths
Update default sshd_config to match other distros
Add ability to change GUI installer EULA
Updating 'update_manifests.sh' script to remove the UI repo
Upgraded c-ares to 1.17.1 to address CVE
Update to 5.10.21 kernel and

  • enable CONFIG_FANOTIFY_ACCESS_PERMISSIONS and lockdown configs
  • disallow unprivileged BPFs (Berkley Packet Filters)
  • disable QAT kernel configs
    Update cloud-utils-growpart to 0.32 to fix kver parsing

CVE Fixes:
CVE-2019-13627

CVE-2020-8032, CVE-2020-8277, CVE-2020-8625, CVE-2020-17525, CVE-2020-35498, CVE-2020-35521, CVE-2020-35521, CVE-2020-35522, CVE-2020-35522, CVE-2020-35523, CVE-2020-35523, CVE-2020-35524

CVE-2021-0326, CVE-2021-3393, CVE-2021-3449, CVE-2021-3449, CVE-2021-3450, CVE-2021-20203, CVE-2021-20229, CVE-2021-20231, CVE-2021-20255, CVE-2021-20270, CVE-2021-21309, CVE-2021-23336, CVE-2021-27212, CVE-2021-27218, CVE-2021-27219, CVE-2021-27291, CVE-2021-27803, CVE-2021-28041, CVE-2021-28831, CVE_2021-20232

Test Fixes For
apparmor, espeak-ng, gdb, libpng, libxml2, net-snmp, perl-Crypt-SSLeay, python-distro, python-pycurl, python-requests, python-sqlalchemy, python-werkzeug, redis

Assets 2
Loading

1.0 CBL-Mariner February 2021 Update

03 Mar 03:20
@jslobodzian jslobodzian
1.0.20210224.0531-1.0
27b2a5b
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
1.0 CBL-Mariner February 2021 Update

Add DmVerity Support
Add support for kernel crypto API in user space
Add kernel crypto configs to enable tcrypt in FIPS mode
Add several networking tools. Enable LLVM RTTI.
Add Libacvp Package
Add sha512hmac-openssl to kernel-hyperv source
Add CONFIG_CRYPTO_STATS line in kernel configs
Add FIPS-enabled core image
Add FIPS patches for OpenSSL
Add package "dracut-fips"
Add conntrack-tools, nmap, pigz, blobfuse
Add verity-read-only-root package to LICENSES-MAP
Add support for read-only-roots to Imager tool
Add read-only-root config for images
Add verity-read-only-root package
Add initramfs library to write new initramfs files
Add libconfini
Add Kubernetes Containers
- etcd
- coredns
- flannel
Add smartpqi to kernel (enabled CONFIG_SCSI_SMARTPQI)
Add reed solomon decode 8 bit to kernel (enable REED_SOLOMON_DEC8)
Add extras repo configuration package.
Add Overlay Based Difference Image creation to roast.
Enable lz4 compression in systemd
Add LibConfini, bmon, bpftrace, libconfuse, libmaxminddb, ntopng, vnstat

Upgrade mysql to 8.0.23
Upgrade golang to 1.15.7
Upgrade openldap to 2.4.57
Upgrade dnsmasq to 2.84
Upgrade pigz to 2.6

Fixed sudo config.
Fixed documentation for typos, clone instructions, and added reference to demo repo.
Fixed kernel crash dump issue by disabling CONFIG_GCC_PLUGIN_RANDSTRUCT
Fixed td-agent installation issue
Fix reliability of mount/unmount of disks in imagegen tools
Fix WALinuxAgent logging by removing symlink and allowing WALinuxAgent to write to /var/log/waagent.log directly.
Miscelleaneous fixes to spec files for changelogs, urls, linter findings

Security Fixes
CVE-2020-15358
CVE-2020-17380
CVE-2020-25683
CVE-2020-25686
CVE-2020-25687
CVE 2020-36242
CVE-2021-3156
CVE-2021-3177
CVE-2021-3326

Fix package self tests for acl, mercurial, nss, perl-IO-Socket-SSL, gnutls

Assets 2
Loading

1.0 CBL-Mariner January 2021 Update

17 Feb 00:32
@jslobodzian jslobodzian
1.0.20210127-1.0
35988b4
Compare
Choose a tag to compare
1.0 CBL-Mariner January 2021 Update

Added Td Agent
Added i.MX8mq-evk board support
Added kernel patch to fix GUI installer crash due to mmap issue
Added Fedora 32 patch to make perl-WWW-Curl work with new version of curl
Added Minimal Distroless Mariner container
Added Kubernetes versions for 1.19.6, 1.18.14, 1.17.16
Added the following Kubernetes containers:

  • kube-proxy
  • kube-apiserver
  • kube-controller-manager
  • kube-scheduler
  • kube-pause

Upgraded meson to version 0.56.0.
Upgraded p11-kit to 0.23.22
Upgraded ansible to version 2.9.12
Upgraded kernel sources to 5.4.91

Remove IDEA and EC2M source code/support from OpenSSL

Fixed Diskutils to include virtual disk devices in search
Fixed Minor Documentation issues
Including fix to prereqs.
Fixed Kubernetes
Hotfixes for 1.19.3, 1.18.10 and 1.17.13 and fix container script

Security Fixes
CVE-2019-5094, CVE-2019-5188, CVE-2019-11236, CVE-2019-25013

 CVE-2020-8169, CVE-2020-8564, CVE-2020-8565, CVE-2020-8566, CVE-2020-25659, CVE-2020-26137, CVE-2020-27777, CVE-2020-28374, CVE-2020-35493, CVE-2020-35494, CVE-2020-35495, CVE-2020-35496, CVE-2020-35507, CVE-2020-36158

 CVE-2021-3156.

Fixed Package Self Tests For
coreutils, bc, swig, python-pycurl (removed unreliable memtest), cloud-init, chrony, ModemManager, mariadb, openssl, python-ecdsa tests, ruby, asciidoc, ipv6calc, strace python-attrs, libmodulemd, dracut, python-bcrypt, python-pynacl, librepo, libisoburn, grep, gawk, mozjs60, jna, openssh, gettest, libunistring, strongswan

Assets 2
Loading

1.0 CBL-Mariner December 2020 update

11 Jan 22:45
@PawelWMS PawelWMS
1.0.20201223-1.0
9142048
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
1.0 CBL-Mariner December 2020 update

  1. Fixed 14 CVEs:

  2. Updated kernel to version 5.4.83.

  3. Added an option to build distroless containers.

  4. Enabled and/or fixed 10+ package build tests.

  5. Added new versions of Kubernetes: 1.17, 1.18, and 1.19.

  6. Switched the tooling and build instructions to use Go 1.15 instead of 1.13.

  7. ARM64 ISOs and VHDXs can now be produced.

  8. Updated documentation for build instructions + minor documentation fixes.

Assets 2
Loading

1.0 CBL-Mariner November 2020 Update

18 Dec 19:29
@nicogbg nicogbg
1.0.20201124-1.0
bcfd58c
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
1.0 CBL-Mariner November 2020 Update

• Upgrade postgresql to 12.5
• Upgrade kernel to 5.4.72 to address kernel CVEs
• Upgrade clamav to 0.103.0.
• Python 3 upgraded to 3.7.9 to fix CVE-2019-20907, CVE-2020-26116, CVE-2019-18348, CVE-2020-14422, Patch CVE-2020-27619 (#358)
• Added libxcrypt, heimdal, ipvcalc, perl-JSON
• Multiple spec file fixes, removing legacy macros and missing dependency fixes
• Package test improvements for tdnf, tcsh, sysstat, svn and more.
• TLS certs added to ptest builds, networking enabled.
• Disable kernel config SLUB_DEBUG_ON due to tcp performance impact.
• Add support to build ARM64 ISOs.
• Enable Hyper-V daemons for ARM64 VHDX images
• Multiple CVE fixes, including QEMU, glibc, librepo, systemd, tcpdump and more.

CVE-2017-18207,

CVE-2018-12617, CVE-2018-19876, CVE-2018-19665

CVE-2019-3842, CVE-2019-3843, CVE-2019-3844, CVE-2019-6454, CVE-2019-9071, CVE-2019-9073, CVE-2019-9074, CVE-2019-12749, CVE-2019-12972, CVE-2019-14250, CVE-2019-14444, CVE-2019-17450, CVE-2019-17451, CVE-2019-19126, CVE-2019-20386, CVE-2019-20807, CVE-2019-20907, CVE-2019-20892

CVE-2020-1712, CVE-2020-8037, CVE-2020-8631, CVE-2020-8632, CVE-2020-8927, CVE-2020-11080, CVE-2020-13253, CVE-2020-13754, CVE-2020-13776, CVE-2020-13791, CVE-2020-13800, CVE-2020-14147, CVE-2020-14352, CVE-2020-14155 , CVE-2020-14364 , CVE-2020-15705, CVE-2020-15778, CVE-2020-24352, CVE-2020-24553, CVE-2020-24977, CVE-2020-25613, CVE-2020-25637, CVE-2020-26116, CVE-2020-27619

Assets 2
Loading

1.0 CBL-Mariner October 2020 Update

05 Nov 07:42
@jslobodzian jslobodzian
1.0.20201029-1.0
5bc8fa1
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
1.0 CBL-Mariner October 2020 Update

This is the October 2020 cumulative update for the CBL Mariner 1.0 release that includes tooling and CVE fixes.
Changes include:

Assets 2
Loading

1.0 CBL-Mariner September 2020 Update

09 Oct 22:34
@jslobodzian jslobodzian
1.0.20201003-1.0
6e9a239
Compare
Choose a tag to compare
1.0 CBL-Mariner September 2020 Update

CVE and tooling fixes

Assets 2
Loading

1.0 CBL-Mariner Release

16 Sep 03:50
@jslobodzian jslobodzian
1.0.20200906
0146aa2
Compare
Choose a tag to compare
1.0 CBL-Mariner Release

Initial Release of CBL-Mariner

Assets 2
Loading