Skip to content

3.0.20240824

Compare
Choose a tag to compare
@jslobodzian jslobodzian released this 27 Aug 15:54
· 313 commits to 3.0 since this release

Generic Kernel version-release: kernel-6.6.47.1-1

Add Virtual Repo Snapshot support through patch to TDNF
Add automatic mode for DAILY_BUILD_ID
Add cdi tools binaries to cdi package build (cdi 1.57)
Add dracut setup script to WaLinuxAgent
Add drivers for DMI and EROFS, dm-verity verification
Add libnvidia-nscq to NVIDIA GPU driver container image
Add missing runtime dependencies for automake.
Add missing runtime dependencies to python-poetry-core.
Add new license validator tool
Add package cpufrequtils
Add package mtr
Add package sysfsutils
Add priorities to local repos
Add requires for shadow-utils in postgresql
Add systemd service to postgresql
Add xorg-x11-server-Xwayland v24.1.1
Change default binary install location for cloud-init
Change edk2 to not apply warning suppress patch
Changed selected kernel configs to modules on aarch64
Disabled PR check debug mode by default.
Don't include epoch in rpm name when resolving conflicts
Drop disable-xattr dracut patch, introduce config to optionally enable it Drop dracut multiple confdirs patch
Enable CONFIG_RT_GROUP_SCHED in kernel-rt
Enable EVM
Enable FS_VERITY and SECURITY_IPE LSM
Enable MPTCP
Enable USB_TMC as module
Enable xattr and acl support in coreutils.
Explaining package usage order.
Fix ABI compatibiity errors between abseil-cpp and dependent packages.
Fix Tensorflow Golden Container Smoke test
Fix bash package tests
Fix bfq patch to select "none" scheduler as default
Fix dracut for initrd not showing prompt when root device is locked
Fix duplicate file issues in harfbuzz, cyrus-sasl and rrdtool
Fix e2fsprogs ptest
Fix gdb package test
Fix libldb build failure by upgrading to build with Python 3.12 in 3.0
Fix libtdb build issue by upgrading to build with Python 3.12 in 3.0
Fix package tests for make
Fix path issue for compiler-rt
Fix perl(AutoLoader) capitalization for perl-NetAddr-IP BR
Fix tests for perl-HTTP-Message, python-pytest-mock, upgrade pyOpenSSL
Fix unnecessary Requires:libselinux from coreutils to fix Circular dependency
Fixed openssh ptests.
Move grub2-rpm-macros to azurelinux-rpm-macros package
Onboard NVIDIA Driver Container to PublishContainer script
Patch CVE-2024-32884 and CVE-2024-31852 in rust
Patch CVE-2024-7006 in libtiff
Patch Prometheus for Fix CVE-2024-6104
Patch busybox for CVE-2021-42380, CVE-2023-42363, CVE-2023-42364 & CVE-2023-42365
Patch cert-manager for CVE-2024-25620
Patch cf-cli for CVE-2023-39325
Patch coreutils to address CVE-2024-0684
Patch gtk2 and gtk3 for CVE-2024-6655
Patch influxdb for CVE-2024-6104.
Patch js-jquery for CVE-2019-20149
Patch keda for CVE-2024-6104 in by patching vendor gomodule
Patch libcontainers-common for CVE-2024-6104
Patch libsndfile to resolve CVE-2022-33065
Patch libtiff to resolve CVE-2023-6277
Patch moby-engine for CVE-2024-41110
Patch package for CVE-2024-6104
Patch python-twisted to fix CVE-2024-41671 and CVE-2024-41810
Patch python3 to address CVE-2024-7592
Patch rapidjson to address CVE-2024-38517 and CVE-2024-39684
Patch skopeo for CVE-2024-6104
Patch unbound for CVE-2024-43168
Patch yasm for CVE-2021-33454
Path vim for CVE-2024-41957 CVE-2024-41965, CVE-2024-43374
Remove daemon.json with backported fix
Remove kexec-tools from azure vm definition
Remove libssp files to fix avahi hang
Restore removed libguestfs tests
Restore syslog message passing behavior
Sdd patch in WALinuxAgent to update setup.py to support azurelinux
Update 3.0 kata-containers build invocations to use OS_VERSION=3.0
Update go link commands for go-1.21 in ubuntu prereq
Update msopenjdk to latest prod version and add hash verification
Updated kernel-uki to include systemd-cryptsetup in initrd
Updated kernel-uki to use new initrd
Upgade Kernel RT to version 6.6.43.1-rt38
Upgrade Kernel to version 6.6.47.1 to address CVE-2024-36288 CVE-2024-42075 CVE-2024-42071 CVE-2024-42078 CVE-2024-42083 CVE-2024-42072 CVE-2024-42226
Upgrade SymCrypt-OpenSSL to 1.5.1
Upgrade distribution-gpg-keys to version 1.104, a more recent version that includes the Azure Linux keys.
Upgrade valgrind to version 3.22.0.
Upgrade and Patch frr to 9.1.1 to fix CVE-224-31950, CVE-2024-31951, CVE-2024-44070
Upgrade azcopy to version to 10.25.1 to fix CVE-2024-35255
Upgrade bind to 9.20.0 to address CVE-CVE-2024-0760, CVE-2024-1737, CVE-2024-1975 & CVE-2024-4076
Upgrade ca-certificates to latest Msft cert change
Upgrade curl to 8.8.0 for CVE-2024-2398
Upgrade edk to 20240524; hvloader to ekd2 version
Upgrade golang to 1.22.6-1
Upgrade httpd to 2.4.62 to address CVE-2024-40725
Upgrade iperf3 version to 3.17.1 to address CVE-2024-26306
Upgrade krb5 to 1.21.3 CVE-2024-37371, CVE-2024-37370
Upgrade libtevent to build with Python 3.12
Upgrade nghttp2 to 1.61.0 to address CVE-2024-28182
Upgrade postgresql to 16.4 CVE-2024-7348
Upgrade python-idna to 3.7 CVE-2024-3651
Upgrade python-webob to 1.8.8 Fix CVE-2024-42353
Upgrade ruby version to 3.3.3 to fix CVE-2024-41946
Upgrade tpm2-tss version to 4.0.2 to resolve CVE-2024-29040
Upgrade walinuxagent to 2.11.1.4 and add azurelinux patch
selinux-policy: Change unconfined to a separate module.
selinux-policy: Clean up testing rules and add systemd fix.
selinux-policy: Updated SELinux policy module composition.

Image Customizer: Account for GPT footer when validating partitions.
Image Customizer: Add ISO tests.
Image Customizer: Add modprobe to list of chroot incompatible commands.
Image Customizer: Add check for installed kernel.
Image Customizer: Add checks for missing/duplicate partition labels.
Image Customizer: Add tests for services enable/disable.
Image Customizer: Add tests for users API.
Image Customizer: Always refresh RPM repo metadata.
Image Customizer: Be robust to lsblk and fdisk output ordering.
Image Customizer: Bugfix Verity dependency handling in Azl3.
Image Customizer: Bump release version to v0.6.
Image Customizer: Create and log image uuid in release file
Image Customizer: Do not shrink verity hash partition.
Image Customizer: Expand legacy boot tests.
Image Customizer: Fix call to parted mkpart.
Image Customizer: Fix merge in 'TestCustomizeImagePartitionsLegacy'.
Image Customizer: Fixes for grub2-install.
Image Customizer: Improve copy directory error message.
Image Customizer: Improve error message for missing filesystem entry.
Image Customizer: Increase loopback detach timeout.
Image Customizer: Partition UUID reset.
Image Customizer: Split up customizeutils.go.
Image Customizer: Validate HOME and USER env vars.
Image Customizer: Validate fields on FileConfig.
Image Customizer: Verity: Use loopback + Add tests.
Image Customizer: docs for run.sh
Image Customizer: fix typos
Image Customizer: rename /etc/mariner-customizer-release to /etc/image-customizer-release
Image Customizer: test mic container script

Toolkit: Add priorities to local repos
Toolkit: Do not give GPT partitions a default label of "primary".
Toolkit: Explicit toolchain signature validation
Toolkit: Fix readdirent toolchain errors for reusable chroots
Toolkit: Ignore bogus case-insensitive provides results from repocloner
Toolkit: Integrate new license checker package into image and package builds.
Toolkit: Make check-circular-deps.yml faster with -j, use lkg
Toolkit: Removed unused argument in preparerequest.go
Toolkit: Respect overridden home directory for .ssh path.
Toolkit: bugfix: update_manifest.sh group name may not always exist
Toolkit: add a helper script to build packages locally
Toolkit: check for parted version before setting partition type
Toolkit: Update toolkit building docs for 3.0
Toolkit: Use structs to pass data to scheduler prints