Releases: microsoft/azurelinux
3.0.20250206
Generic Kernel version-release: kernel-6.6.64.2-9
Add Arm64 Fips Image Definition
Add Containerd2 Tardev-Snapshotter Patch
Add Ipmitool Support To Kernel-64k
Add Kernel-Srpm-Macros Package
Add Logic To Pr Checker To Detect Kernel Upgrade for Oot Module Specs
Add Lz4 Compression Support for Postgresql
Add Missing Modules for Python-Conda-Package-Handling Ptest
Add Mofed And Dependencies
Add Patch To Mlnx-Ofa_Kernel Module for Ibt Compatibility
Add Rdma-Core To Pmc's Extended Repo
Add Shell Variable Override To /Bin/Bash for Use By Default
Add Support for Prometheus Exporter in Haproxy
Add Ucx To Pmc's Extended Repo
Add Valkey Container (replacement for redis)
Add logging for Missed Pre-Cacher Download Error.
Add missing Kernel modules for IPTables
Added performance improvements via Kernel configuration parameters
Build Pci_Hyperv As A Built-in
Change Kernel-Mft Rpm Name To Mft_Kernel
Disable Debug Preemption in X86_64
Enable Drm Acceleration And Intel Vpu
Enable Kernel Config_Crypto_Dh in Aarch64
Enable Numa Balancing And Uclamp Task Feature
Enable Ucx Knem & Xpmem Subpackages
Fix Build of Volume_Key
Fix CNI for CVE-2022-29526 And CVE-2024-45338
Fix CNI-Plugins for CVE-2024-45338
Fix Ceph for CVE-2014-5461
Fix Cert-Manager for CVE-2024-45337
Fix Certmonger Extended Package To Make It Available
Fix Cmake for CVE-2024-7264 And CVE-2024-9681 CVE-2024-11053
Fix Containerd2 for CVE-2024-45338
Fix Containerized-Data-Importer for CVE-2023-39325 And CVE-2023-44487
Fix Containerized-Data-Importer for CVE-2024-28180
Fix Curl for CVE-2024-9681
Fix Docker-Compose for CVE-2024-45337
Fix Gh for CVE-2024-45337, CVE-2024-53858 And CVE-2024-53859
Fix Git-Lfs for CVE-2024-53263
Fix Golang Post Install And Post Uninstall Sriptlets
Fix Grpc for CVE-2024-11407
Fix Harfbuzz for CVE-2024-56732
Fix Hwloc To Fix CVE-2022-47022
Fix Influxdb for CVE-2024-28180
Fix Iperf3 for CVE-2024-53580
Fix Jitterentropy Init in Kernel And Kernel-64k
Fix Libtiff for CVE-2023-3164
Fix Libxml2 CVE-2023-45322 And CVE-2024-34459
Fix M2crypto To Fix CVE-2019-11358
Fix Multiple CVE in Skopeo
Fix Multiple Packages for CVE-2024-45338
Fix Mysql To Fix CVE-2024-9681
Fix Node-Problem-Detector for CVE-2024-45338
Fix Nodejs for CVE-2025-23083
Fix Packer for CVE-2025-21613 And CVE-2025-21614
Fix Ptest for Pugixml
Fix Ptest for Subunit Via Pip Installs
Fix Python-Jinja2 CVE-2024-22195, CVE-2024-34064, CVE-2024-56201, CVE-2024-56326
Fix Pytorch for CVE-2024-27319, CVE-2021-22918
Fix Qtbase for CVE-2024-30161 (Upgrade to 6.6.3)
Fix Qtbase for CVE-2024-56732
Fix Rsync for multiple CVEs (Upgrade to 3.4.1)
Fix Shadow-Utils Detection in Imager As Well As Validator
Fix Socat for CVE-2024-54661
Fix Sriov-Network-Device-Plugin CVE-2024-45339
Fix Systemd for CVE-2023-7008
Fix Tdnf To Fix Issue With Installonlypkgs Being Removed By Tdnf Autoremove Commands
Fix Tensorflow for CVE-2024-35195
Fix Valkey for CVE-2024-51741 and CVE-2024-46981 (Upgrade to 8.0.2)
Fix Vim To Fix CVE-2025-24014
Fix Vim for CVE-2025-22134
Fix Vitess for CVE-2024-45339
Fix Xerces-C forCVE-2024-23807
Fixing Rpm Macros Check.
Identify And Update Versions Of Mofed Dependency Specs That Are Present in Azure Linux Core
Mofed And Deps Signed Spec Cleanup
Move Symcrypt And Symcrypt-Openssl Recommends From Main Package To Libs
Remove Authselect Package From Specs-Extended
Remove Fdk-Aac-Free
Remove Opus And Opusfile
Remove Python-Pysocks Package From Extended
Rename CDI Binaries in The Spec File To Align With Upstream Naming Conventions
Revert Zone_Dma Option To Avoid Memory Ussage Overuse
Rollback Mft_Kernel Rpm Name And Add Provides for Kernel-Mft
Update aopalliance build for Javac Source And Javac Target From 1.6 To 1.8, fixed URL's
Upgarde Perl-Algorithm-Diff Version To 1.201
Upgrade Accountsservice to 23.13.9
Upgrade Acpid to 2.0.34
Upgrade Adobe-Mappings-Cmap To 20231115
Upgrade Adobe-Mappings-Pdf To 20230118
Upgrade Application-Gateway-Kubernetes-Ingress To V1.7.7
Upgrade Blosc To 1.21.6-1
Upgrade Bolt To Version 0.9.8
Upgrade Cert-Manager To 1.12.15 - To Fix CVE-2024-12401
Upgrade Cert-Manager to 1.12.15
Upgrade Cri-Tools To 1.32.0 To Sync Up With The Latest Aks Version
Upgrade Deltarpm to 3.6.5
Upgrade Diffstat to 1.66
Upgrade Dmidecode To 3.6
Upgrade Etcd To 3.5.18 To Fix CVE-2023-39325, CVE-2023-44487 And CVE-2023-45288.
Upgrade Exempi to Version To 2.6.5
Upgrade Fabtests to Version To 1.18.0
Upgrade Gcr To 3.38.1
Upgrade Gdisk to 1.0.10-1
Upgrade Git To 2.45.3 for CVE-2024-50349 And CVE-2024-52006
Upgrade Glew to 2.2.0
Upgrade Go From 1.20 To 1.21 in .Github/Workflows/Quickstart_2.0.Yml
Upgrade Golang to 1.22.10-1
Upgrade Iptraf-Ng for 1.2.2 None
Upgrade Kata-Containers(-Cc) to 3.2.0.Azl4
Upgrade Kernel To Version 6.6.64.2
Upgrade Libbytesize to 2.11
Upgrade Libdeflate Version To 1.22
Upgrade Libexttextcat to 3.4.6-11
Upgrade Liblouis To 3.31.0
Upgrade Libraw Version To 0.21.3
Upgrade Metis To Version 5.1.0.3
Upgrade Mofed Signed Specs To Avoid Stripping Signatures Off Oot Kernel Modules By Os_Install_Post Macro
Upgrade Neon to 0.33.0
Upgrade Numatop to 2.4
Upgrade Ocaml-Libvirt To 0.6.1.7
Upgrade Ocaml-Markup To 1.0.3
Upgrade Ocaml-ZarithTo 1.14
Upgrade Orc Version To 0.4.39
Upgrade Parallel Version To 20240922
Upgrade Perl-Class-C3-Xs Version To 0.15
Upgrade Perl-Class-Method-Modifiers Version To 2.15
Upgrade Perl-Class-Singleton Version To 1.6
Upgrade Perl-Config-Inifiles Version To 3.000003
Upgrade Perl-File-Sharedir-Install To Version 0.14
Upgrade Perl-Ipc-Run3 To Version 0.049-1
Upgrade Perl-Lingua-En-Inflect To Version 1.905-1
Upgrade Puppet To 7.34.0
Upgrade Python-Dbus-Client-Gen Version To 0.5.1
Upgrade Python-Dbus-Python-Client-Gen Version To 0.8.3
Upgrade Python-Dbus-Signature-Pyparsing Version To 0.4.1
Upgrade Python-Into-Dbus-Python Version To 0.8.2
Upgrade Python-Justbases Version To 0.15.2
Upgrade Python-Justbytes Version To 0.15.2
Upgrade Python-Kmod Version To 0.9.2
Upgrade Python-Rpmfluff Version To 0.6.5
Upgrade Python-Sphinxcontrib-Apidoc Version To 0.3.0
Upgrade Python-Uritemplate Version to 4.1.1
Upgrade Python-Xmltodict Version to 0.13.0
Upgrade Pywbem Version to 0.17.6
Upgrade Re2c Version to 3.1
Upgrade Recode Version to 3.7.14
Upgrade Symcrypt And Scossl
Upgrade Url for Ostree
Upgrade Xapian-Core To Version 1.4.26
Upgrade Xaw3d Version To 1.6.6
Upgrade Xdg-Utils To Version 1.2.1
3.0.20250102
Add AMD PMC repo for tdnf
Add containerd2 package
Add distrusted CAs to the cert bundles.
Add generate-tarball.sh script for gh package to improve auto-patching
Add kernel-drivers-gpu package to NVIDIA GPU driver container build
Cache clean-up fix.
Enable arch conditionals in azurelinux-repos.spec
Enable selinux for liveos iso flow
Fix avahi for CVE-2023-38469, CVE-2023-38470, 2023-38741, CVE-2023-38472, CVE-2023-38473
Fix ceph for CVE-2024-52338
Fix cf-cli for CVE-2024-45337
Fix docker-buildx for CVE-2024-45337
Fix docker-cli for CVE-2024-36623
Fix etcd for CVE-2024-24786
Fix flannel for CVE-2024-24786
Fix fluent-bit for CVE-2024-27532
Fix kubevirt for CVE-2024-45337
Fix libarrow for CVE-2024-52338
Fix libxml2 for CVE-2024-40896
Fix moby-engine for CVE-2024-36620, CVE-2024-36621, CVE-2024-36623, CVE-2024-45337
Fix packer for CVE-2024-45337
Fix pam for CVE-2024-10041, CVE-2024-10963
Fix python-virtualenv for CVE-2024-53899
Fix python-zipp for CVE-2024-5569
Fix python3 for CVE-2024-12254
Fix telegraf for CVE-2024-45337
Fix tuned for CVE-2024-52336 and CVE-2024-52337
Update kernel configuration to support CONFIG_INTEL_TDX_GUEST, CONFIG_TDX_GUEST_DRIVER
Update kernel-64k to have kexec signature verification
Upgrade DPDK for CVE-2024-11614
Upgrade erlang to 26.2.5.6 fix cve CVE-2024-53846
Upgrade gh to 2.62.0 to address CVE-2024-52308 and CVE-2024-54132
Upgrade kubernetes to 1.30.3 for fix CVE-2024-10220
Upgrade nvidia container toolkit and libnvidia-container to v1.17.3
Upgrade php to 8.3.14 to fix CVE-2024-8932, CVE-2024-11234, CVE-2024-11233, CVE-2024-11236
Upgrade ruby to 3.3.5 to resolve CVE-2024-39908 and CVE-2024-49761
Upgrade runc version to 1.2.2 and libseccomp to 2.5.5
Toolkit: Fix ISO installer regression. Encrypted root now boots.
Toolkit: Fix issue when version pinning packages that are checked by the configvalidator tool
Toolkit: Fix golang.org/x/crypto and golang.org/x/net vulnerabilities.
Toolkit: Make install_dependencies in containerized-rpmbuild environment work with file dependencies
Documentation: Add references to ARM64 3.0 ISO
2.0.20241230
Generic Kernel version-release: kernel-5.15.173.1-1
Add distrusted CAs to the cert bundles.
Add missing Obsoletes: dbus-x11 in dbus.spec
Add module-setup.sh to cloud-init azure module for dracut to run
Fix golang.org/x/crypto and golang.org/x/net vulnerabilities.
Fix avahi for multiple CVEs
Fix blobfuse2 CVE-2024-24786
Fix cert-manager: patch CVE-2024-45337
Fix cf-cli for CVE-2024-24786
Fix coredns forCVE-2024-24786
Fix cri-tools for CVE-2024-24786
Fix etcd for CVE-2024-24786
Fix fluent-bit for CVE-2024-27532
Fix grpc for CVE-2023-32067
Fix influxdb for CVE-2024-24786
Fix moby-buildx for CVE-2024-24786
Fix moby-cli CVE-2024-36623
Fix moby-cli for CVE-2024-24786
Fix moby-compose for CVE-2024-36623 and CVE-2024-45337
Fix moby-containerd for CVE-2024-24786
Fix moby-containerd-cc for CVE-2024-24786
Fix moby-engine for CVE-2024-24786, CVE-2024-36621, CVE-2024-36623, CVE-2024-45337
Fix packer for CVE-2024-24786 and CVE-2024-45337
Fix python3 for CVE-2024-6923
Fix pytorch for CVE-2022-1941
Fix rust for CVE-2024-43806
Fix terraform for CVE-2024-24786
Fix tuned for CVE-2024-52336 and CVE-2024-52337
Upgrade iperf3 to 3.18 to address CVE-2024-53580
Upgrade iptraf-ng: upgrade to 1.2.2
Upgrade nvidia container toolkit and libnvidia-container to v1.17.3
Upgrade tzdata to 2024b
2.0.20241208
Generic Kernel version-release: kernel-5.15.173.1-1
Add merge conflict github PR check
Added the 2.0 fast-track merge notifier pipeline.
Fix rabbitmqserver Golden Container 2.0
avahi: Fix CVE-2023-1981, add %check section
binutils: Address CVE-2022-47007, CVE-2022-47008, CVE-2022-47010, CVE-2022-47011
binutils: address CVE-2022-35205, CVE-2022-48063, CVE-2023-1972
cloud-hypervisor-cvm: add upstream patch to work around lack of support for extended guest requests
file: address CVE-2022-48554
mariadb: [AUTOPATCHER-CORE] Upgrade mariadb to 10.6.20 none
perl-Module-ScanDeps: Extended CVE-2024-10224 patch and fixed ptests in perl-Module-ScanDeps.
python3: Address CVE-2024-11168 with a formatted patch
python-werkzeug: Patch CVE-2024-49767 in python-werkzeug
rabbitmq-server: Fix CVE-2023-46118 for rabbitmq-server
vim: Upgraded vim to 9.1.0791 to fix several CVEs
[2.0] Upgrade nvidia container toolkit and libnvidia-containers to v1.17.1
Toolkit: Backport toolkit container detection using systemd-detect-virt
Toolkit: Don't allow multiple build queues
Toolkit: Fix call to IsSRPMTestActive in new multi build fix
Toolkit: Updated package build templates to capture all build logs.
3.0.20241203
Note that this release of 3.0 is signed differently from the previous releases with respect to secure boot. The shim and kernel must be upgraded together for this release.
Generic Kernel version-release: kernel-6.6.57.1-5
Add kernel-64k.
Add make dependency to kata-packages-uvm
Add merge conflict github PR check
Add nftables
Add obsoletes and provides to fix errors in shim-unsigned upgrade to shim
Add tdnf installonlypkgs functionality to tdnf on Azure Linux 3.0
Change name produced for cvm and marketplace images
Enable Dracut's livenet rootfs handling when systemd-networkd is in use.
Enable Intel Ethernet Connection E800 networking driver
Enable lua support for fluent-bit
Enable signature verification of kexec kernel and use new Mariner Trusted Base CA in trusted keyring
Extended CVE-2024-10224 patch and fixed ptests in perl-Module-ScanDeps. (Note the previous CVE fix for CVE-2024-10224 in version 1.35-2 was only partially resolved. Upgrade to 1.35-3 for the full fix.)
Fix CVE-2024-24786 in multiple packages by patching
Fix Multus CVE-2023-39325, CVE-2023-44487 and CVE-2023-45288
Fix busybox CVE-2023-42366
Fix fluent-bit CVE-2024-25431
Fix glib CVE-2024-52533
Fix libsoup CVE-2024-52530, CVE-2024-52531, CVE-2024-52532
Fix mysql for CVE-2012-2677
Fix nano for CVE-2024-5742 for
Fix netplan CVE-2022-4968
Fix nmap for CVE-2023-7256 and CVE-2024-8006
Fix nodejs CVE-2024-21538
Fix python-pip for CVE-2024-37891 for
Fix python-werkzeug for CVE-2024-49767
Fix pytorch CVE-2024-5187
Fix unzip for CVE-2022-0529 and CVE-2022-0530
Fix xorg-x11-server-Xwayland for CVE-2024-9632
Fox Prometheus CVE-2023-45288
Modified mysql to explicitly not use curl (this was the mysql default but this intentional change clarifies that curl is not used from either the system or the bundled version)
Removed references to old dm-verity boot tooling
Toolkit: Use systemd-detect-virt instead of /.dockerenv to detect container builds.
Update CONFIG_DRM as loadable module and create sub-package for in-tree amdgpu modules
Update shim to v15.8
Upgrade SymCrypt to 103.6.0
Upgrade SymCrypt-OpenSSL to 1.6.1
Upgrade Valkey to 8.0.1 to fix CVE-2024-31449 CVE-2024-21228 CVE-2024-31227
Upgrade golang to version to 1.23.3-1
Upgrade mariadb to 10.11.10 none
Upgrade nvidia container toolkit and libnvidia-containers to v1.17.1
Upgrade postgresql to 16.5 to fix CVE-2024-10976, CVE-2024-10977, CVE-2024-10978, CVE-2024-10979
Image Customizer: Bump to v0.8
Image Customizer: generate PXE-bootable ISO images.
3.0.20241101
Generic Kernel version-release: kernel-6.6.57.1-2
Add stable release maintainers to CODEOWNERS
Add SymCrypt-debuginfo package
Add missing flock calls for Toolkit
Add fedora SBAT entries to grub2
Add directory check before cleaning-up the RPM caches
Bump dracut to rebuild with latest systemd
Change rm to use find to avoid deleting cache directory during snapshot cleanup
Disable liblastlog2 for util-linux in raw toolchain build
Disable flaky mem tests for Valkey
Enable Arm FF-A Support
Enable Intel IFS
Enable x86_amd_platform_device builtin
Fix Kernel CVE-2024-46863 CVE-2024-26596 CVE-2024-27017 CVE-2024-27012 CVE-2024-36478 CVE-2024-46710
Fix apache-commons-io for CVE-2024-47554
Fix partition initialization bug
Fix pytest by adding python-iniconfig dependency
Fix kubevirt for CVE-2023-48795
Fix giflib for CVE-2022-28506 and CVE-2023-48161
Fix gdb 13.2 for CVE-2023-39128, CVE-2023-39129, CVE-2023-39130
Fix influxdb for CVE-2023-45288
Fix python-gevent for CVE-2024-25629
Fix unbound for CVE-2024-43167 and CVE-2024-8508
Fix dcos-cli and kubernetes for CVE-2024-28180
Fix libcxx for CVE-2024-31852
Fix curl for CVE-2024-8096
Fix fluent-bit for CVE-2024-34250, CVE-2024-25629, CVE-2024-28182
Fix Avahi forCVE-2023-1981, add %check section
Fix oath-toolkit for CVE-2024-47191
Fix expat for CVE-2024-50602
Fix vim to resolve CVE-2024-43802
Fix bluez for CVE-2023-45866
Fix pam for CVE-2024-22365
Fix ISO customization, partition creation on Ubuntu build hosts and verity docs on Image Customizer
Fix gnutls for CVE-2024-28834, CVE-2024-2883
Generate log files for raw toolchain builds
Increase build verbosity in kernel-mshv
Make pytorch vendor generation script executable
Make tpm2-tss an optional dependency of systemd-pcrphase in dracut
Re-enable installonlypkgs on tdnf for Azure Linux 3.0
Remove Amateur Radio X.25 PLP Rose for CVE-2022-2961
Remove noxsaves parameter from cmdline in kernel-uki
Support v1.22 and v1.23 golang
Switch mysql to use AZL's version of protobuf to fix CVE-2024-2410
Upgrade nvidia repo instructions with the appropriate 3.0 repofile
Upgrade OpenIPMI to 2.0.36 to fix CVE-2024-42934
Upgrade libpcap version to 1.10.5 to fix CVE-2024-8006
Upgrade vim to 9.1.0791 to fix CVE-2024-47814 and remove older unnecessary patches
Upgrade nvidia-container-toolkit to fix CVE-2024-0132 CVE-2024-0133
Upgrade python-pip to fix CVE-2024-6345
Upgrade mysql to 8.0.40 Fix multiple CVEs
Upgrade apr version 1.7.4 -> 1.7.5 to address CVE-2023-49582
Upgrade clamav 1.0.6 -> 1.0.7
Upgrade cloud-init to 24.3.1
Upgrade php to 8.3.12 to fix CVE-2024-8927, CVE-2024-8925
Upgrade mdadm from 4.2 to 4.3
Upgrade symcrypt to 103.5.1
Upgrade libarchive to 3.7.7 to fix CVE-2024-48957, CVE-2024-48958, CVE-2024-20696
kata-containers: Use build recipes from sources for kata-containers, only build for x86_64
kata-containers: only build for x86_64
Image Customizer: Make verity API a list.
Image Customizer: Move resetPartitionsUuidsType into storage.
Image Customizer: Remove "sudo" calls.
Image Customizer: Restore CODEOWNERS rules.
Image Customizer: Set VHDX block-size to 2 MiB.
Image Customizer: Support string mountPoint
Image Customizer: Service and Overlay recommendations for Verity-enabled images.
Image Customizer: MIC should clean-up cache and any system files after run
2.0.20241029
Generic Kernel version-release: kernel-5.15.167.1-2
Fix Kernel CVE-2024-38381 CVE-2024-42228 CVE-2024-38577 CVE-2024-41098 CVE-2024-42246 CVE-2024-43853 CVE-2024-43905 CVE-2024-43884 CVE-2024-44946 CVE-2024-44986 CVE-2024-44987 CVE-2024-44985 CVE-2024-44974 CVE-2024-43892 CVE-2024-43897 CVE-2024-44989 CVE-2024-44999 CVE-2024-44995 CVE-2024-44990 CVE-2024-45006 CVE-2024-41011 CVE-2024-44998 CVE-2024-44983 CVE-2024-46677 CVE-2024-45021 CVE-2024-46674 CVE-2024-45026 CVE-2024-45025 CVE-2024-46673 CVE-2024-45009 CVE-2024-45028 CVE-2024-45011 CVE-2024-45018 CVE-2024-45016 CVE-2024-46685 CVE-2024-44947 CVE-2024-38588 CVE-2024-42297 CVE-2024-43829 CVE-2024-46863
Fix Reaper for multiple CVEs
Fix apache-commons-io for CVE-2024-47554
Fix cni-plugins to resolve CVE-2023-3978
Fix curl for CVE-2024-8096
Fix dcos-cli CVE-2024-28180
Fix fluent-bit for CVE-2024-26455, CVE-2024-25629
Fix for CVE-2024-28180 by patching vendored go-jose
Fix gdb 11.2 for CVE-2023-39128, CVE-2023-39129, CVE-2023-39130
Fix gh for CVE-2022-32149
Fix giflib for CVE-2022-28506 and CVE-2023-48161
Fix heimdal for CVE-2022-3116
Fix kubernetes for CVE-2024-24786 and CVE-2024-28180
Fix libarchive for CVE-2024-48957, CVE-2024-48958, CVE-2024-20696, CVE-2024-4032
Fix libpcap for CVE-2024-8006
Fix nghttp2 for CVE-2024-28182
Fix oath-toolkit for CVE-2024-47191
Fix prometheus for CVE 2024 24786 and CVE 2022 41717
Fix qt5-qtbase for CVE-2022-25255
Fix reaper for CVE-2024-45590
Fix redis for CVE-2024-31449
Fix terraform to resolve CVE-2022-32149 & CVE-2023-4782
Fix unbound to fix CVE-2024-33655, CVE-2024-8508, and CVE-2024-43167
Fix vim to resolve CVE-2024-43802
Remove Amateur Radio X.25 PLP Rose for CVE-2022-2961
Remove version dependency of rubygem-protocol-http1
Upgrade OpenIPMI to 2.0.36 to fix CVE-2024-42934
Upgrade apr to 1.7.5 to address CVE-2023-49582
Upgrade gnutls 3.7.7 -> 3.7.11 to address CVE-2023-5981, CVE-2024-28835, CVE-2024-28834 & CVE-2024-0553
Upgrade msft-golang to 1.22.8 To fix CVE-2022-41717
Upgrade mysql to 8.0.40 to fix CVE-2024-21193, CVE-2024-21194, CVE-2024-21162, CVE-2024-21157, CVE-2024-21130, CVE-2024-20996, CVE-2024-21129, CVE-2024-21159, CVE-2024-21135, CVE-2024-21173, CVE-2024-21160, CVE-2024-21125, CVE-2024-21134,CVE-2024-21127, CVE-2024-21142, CVE-2024-21166, CVE-2024-21163, CVE-2024-21203, CVE-2024-21219, CVE-2024-21247, CVE-2024-21237, CVE-2024-21231, CVE-2024-21213, CVE-2024-21218, CVE-2024-21197, CVE-2024-21230, CVE-2024-21207, CVE-2024-21201, CVE-2024-21198, CVE-2024-21238, CVE-2024-21196, CVE-2024-21239, CVE-2024-21199, CVE-2024-21241, CVE-2024-21236, CVE-2024-21212, CVE-2024-21096, CVE-2024-21171, CVE-2024-21165, CVE-2023-46219
Upgrade nvidia-container-toolkit to 1.16.2 Critical vulnerability CVE-2024-0132, Medium vulnerability CVE-2024-0133
Upgrade php to 8.1.30 CVE-2024-8927, CVE-2024-8925
Upgrade redis to 6.2.16 to address CVE-2024-31228 and CVE-2024-31449
3.0.20241005
389-ds-base: init at v3.1.0
Add exclude snapshot repo option to virtual snapshot
Add host metadata to logs (Host distro & version and versions of dependencies)
add missing tags
add missing vendor and distribution tags in new specs
add missing vendor and distribution tags to core specs
Add Mosh to Extended packages
Add package libmd
Add package php-pecl-apcu v5.1.23
Add packages subunit and python-junitxml
add patch for edk2 CVE-2024-6119
Add patch to fix CVE-2024-43788 in python-tensorboard
Add patch to resolve CVE 2024 28085
add perl-Devel-Refcount
add perl-Match-Simple and perl-Sub-Infix
Add postgresql-service subpackage
Add REPO_SNAPSHOT_TIME to the toolkit for package and image build.
Add Valkey to 3.0
Adding swtpmtools to list of required packages for kubevirt
Azurelinux-rpm-macros: include release in elf module version
Azurelinux-sysinfo: add rpm as a requirement
Blobfuse2: upgrade to 2.3.2 to fix CVE-2024-35255
Build Break: Bump dracut to rebuild with latest systemd
Build mpt2sas and mpt3sas drivers, and pata_legacy as modules
Bump Go Version to 1.22.7-1
ccache: remove dangling link to host-cc
cmake: Fix CVE-2024-6197, CVE-2024-6874, and CVE-2024-8096
cmake: Update to 3.30.3 to fix CVE-2024-24806
cni: address CVE-2022-32149
Creating Busybox SBOM by not deleting the rpm db
Disable xen debugfs, and I2C Baytrail configs
edk2: Deprecate hvloader; introduce edk2-hvloader
Enable building mokutil for aarch64
Enable CET, IBT, and Paravirt spinlocks
Enable check section for glibc
Enable check section in python-platformdirs
Enable iptables by default
Enable nfsd v4 security label
Enable usb hiddev and serial ch341
Enable virtio console by default and build e1000 drivers as modules
Enabled ccache and set ptest retries to 1 for PR checks (CP: #8503, #10133)
Enabled circular deps PR check for fast-track PRs.
Extended spec PR check to validate the Distribution and Vendor tags.
Filter out debuginfo packages when running sodiff
Fix bad interactions between timeouts and build retires
Fix CVE-2024-6104 in cert-manager by patching vendor gomodules
Fix CVE-2024-6345 in setuptools
Fix for Azure Linux 3.0 Arm64 ISO OS installation issue
Fix for CVE-2024-39908 in rubygem-rexml
Fix nfs-utils to build rsc.svcgssd and provide the missing rpc-gssd
Fix ocaml test issues
Fix use static search path for toolchain GPG keys during validation
Fixed nbdkit test-time dependency on /sbin/ss.
Fixed nghttp2 test-time dependency on CUnit.
Fixed numpy ptests. Added python3-pyproject-metadata.
Fixed tdnf provides parsing to recognize epochs in package names.
Fixed spec entanglement PR check
Fixed toolchain tests blocking non-toolchain packages' tests.
Fixed toolkit's handling of RPMs with epoch values in their name
GitHub actions: Update version of actions/upload-artifact task
golang: bump Go version to 1.22.7-3
haproxy: upgrade to 2.9.11 to fix CVE-2024-45506
ig: Bump to v0.32.0.
Image Customizer: Add doc for 'sshPublicKeys'.
Image Customizer: Add doc for cloning an RPM repo.
Image Customizer: Add support for 'vfat' filesystem.
Image Customizer: Add tests for Azure Linux 3.0.
Image Customizer: Allow omitting disk maxSize and partition start.
Image Customizer: Allow verity partitions to be specified by 'id'.
Image Customizer: Bump version to v0.7
Image Customizer: Change additionalFiles to a list.
Image Customizer: Fix 'TestCustomizeImagePartitionsSizeOnly' test.
Image Customizer: Fix merge conflict.
Image Customizer: Functional tests for kernel modules API.
Image Customizer: Rename 'fileSystems' to 'filesystems'.
Image Customizer: Rename 'isRootfsOverlay' to 'isInitrdOverlay'.
Image Customizer: Rename additionDirs fields.
Image Customizer: Support filesystem-less partitions.
ImageCustomizer: Implement new MIC Overlays APIs.
Install UKI and sd-boot binaries to ESP
jx: Add patch to resolve CVE-2023-45288
keda: upgrade to 2.14.1 to fix CVE-2024-35255
kernel-uki: drop dbus in initrd
kernel-uki: remove usrmount from initrd
kernel: enable MLX5 TC Offload
krb5: Add patch for fixing CVE-2024-26458 and CVE-2024-26461
libnbd: CVE-2024-7383 (azl 3)
libsafec: upgrade to 3.8.1
libsolv: enable zstd support to match createrepo_c
libzip: fix package tests
Makefile: fix typo clean-imggen
minimal-os image definition.
mock: upgrade and port from extended to core (including dependencies)
move perl strictures and bareword-filehandles
move perl-indirect from extended to core
multus: Add patch to resolve CVE-2023-3978
nginx: Address CVE-2024-7347
nss: Disable DBM backend.
openldap: enable slapd
Optimizing OverlayFS module with new IFS separator and new supported mode.
OSModifier: Add support for updating grub
OSModifier: allow two linux cmdline in grub.cfg
OSModifier: Read root device from grub.cfg
Patch CVE-2019-10906 in nodejs
Patch CVE-2024-29018 in moby-engine to fix
Patch CVE-2024-3651 for python-pip
Patch CVE-2024-43796 in python-tensorboard
Patch CVE-2024-45590 in python-tensorboard
Patch CVE-2024-6197 in curl
patch CVE-2024-6232 and CVE-2024-8088 for python3 3.0
Patch CVE-2024-6923 in python3
Patch gdk-pixbuf2 for CVE-2022-48622
Patch ruby for CVE-2024-41946 in bundled gem rexml
patch wget to prevent debug output from printing binary request bodies
perl-sub-name update to v0.27
port 3 perl packages from extended into core
port more perl packages from extended
port perl module from extended into core: part-3
port perl module from extended into core: part-4
port perl modules from extended into core - part 6
port perl modules from extended into core: part-7
port perl modules from extended to core
port perl-Algorithm-C3
port perl-Devel-GlobalDestruction
port perl-IO-String from extended into core
port perl-Sub-Exporter-Progressive
Prepare October 2024 Update
python-argcomplete: drop check dep BR fish to enable build
python-ldap: upgrade 3.4.0 -> 3.4.4
python-packaging: fix provides
pytorch: add patch for CVE-2024-27318, CVE-2022-1941
rabbitmq-server: upgrade to 3.13.7 to fix CVE-2023-50966
Remove exit 1 for glibc check section
remove unused source signature
remove unused source signature from extra-cmake-modules
remove unused source signature: plexus-utils
remove unused source signature: rabbitmq-server
Resolve CVE-2024-41946 by upgrading ruby to 3.3.5
selinux-policy: Add cloud-utils-growpart fix.
Set ptest retries to 1 for PR package build check. (CP: #10133)
swap fix-ssl-read-and-write-error-check.patch for a slightly different version from upstream
sysstat: upgrade 12.7.4 -> 12.7.6 to address CVE-2018-19416
tensorflow: CVE-2024-7592
tensorflow: patch for CVE-2024-6232, CVE-2024-8088, CVE-2024-3651
toolkit: pkgbld: add ccache option & switch QUICK_REBUILD_PACKAGES=y
toolkit: scripts: use '#!/usr/bin/env python3' instead of hardcoding interpreter
unbound: Add patch to resolve CVE-2024-33655
update clang llvm lld with fixes and add libcxx spec
Update MIC doc to reference overlay driver and fstab for overlay feature.
Update openssl to 3.3.2 under cloud-hypervisor-cvm in order to address CVE-2024-6119
Update virt_launcher.cil installation path in virt-handler container
update wget to fix potential infinite loop
update wget with patches from fedora
Updated raw toolchain source for 3.0 PR check ADO builds.
Upgrade and build samba in 3.0
Upgrade cert-manager to 1.12.13 to get upstream patches for CVE-2024-25620 and CVE-2024-26147
Upgrade CharLS version 2.0.0 -> 2.4.2
Upgrade expat to 2.6.3 to fix CVE-2024-45490, CVE-2024-45491, CVE-2024-45492
Upgrade Kernel RT to version 6.6.44.1-rt39
Upgrade Kernel to version 6.6.51.1 to address CVE-2024-38381 CVE-2024-39472 CVE-2024-43884 CVE-2024-44946 CVE-2024-44985 CVE-2024-44974 CVE-2024-44987 CVE-2024-44986 CVE-2024-43891 CVE-2024-45006 CVE-2024-45000 CVE-2024-44990 CVE-2024-44999 CVE-2024-44989 CVE-2024-44998 CVE-2024-44995 CVE-2024-44997 CVE-2024-45002 CVE-2024-44983 CVE-2024-45029 CVE-2024-45028 CVE-2024-45022 CVE-2024-45020 CVE-2024-45009 CVE-2024-46677 CVE-2024-46674 CVE-2024-45025 CVE-2024-45030 CVE-2024-45016 CVE-2024-45021 CVE-2024-45018 CVE-2024-45015 CVE-2024-46673 CVE-2024-45011 CVE-2024-46672 CVE-2024-46693 CVE-2024-45010 CVE-2024-45026 CVE-2024-45012 CVE-2024-45019 CVE-2024-46692 CVE-2024-46686 CVE-2024-46687 CVE-2024-46685 CVE-2024-44947 CVE-2024-44996
Upgrade openssl to 3.3.2
Upgrade perl-sub-install to v0.929
Upgrade realmd version 0.16.3 -> 0.17.1
Upgrade tdnf to version 3.5.8 and Fix the ptests
Upgraded keepalived to 2.3.1 and patched CVE-2024-41184
Use build type RelWithDebInfo to generate debug info with sources
Use Toolchain RPMS when building Golden Container
util-linux: Upgrade from 2.39.2 to 2.40.2
vte291: patch CVE-2024-37535
2.0.20241006
Generic Kernel version-release: kernel-5.15.167.1-1
"Reverted" krb5 1.21.3 to 1.19.4. Epoch bumped for "upgrade" continuity (that is 1.21.3 upgrades to 1.19.4). This change was to resolve an issue with krb5 where powershell's ssh woiuld hang during authentication. These CVE's were also patched in the 1.19.4 version CVE-2024-37371 and CVE-2024-37370. Note that these were also fixed in the 1.21.3 version.
Add Azure marketplace ARM64 FIPS image definition
Add azure proxy agent to cloud-init
Add patch to cloud-init for PPS support of auzre-proxy-agent
Backport trace-cmd and dependencies from 3.0
Enable USB_TMC kernel module
Fix CVE-2022-32149 by backporting the fix as a patch file
Fix cloud-hypervisor-cvm to prevent crash when SEV-SNP guest queries ext. att. report
Fix nfs-utils to build rsc.svcgssd and provide the missing rpc-gssd service
Fixed Busybox SBOM creation by not deleting the rpm db
Patch application-gateway-kubernetes-ingress to fix CVE-2022-32149
Patch cdi to fix CVE-2022-41717, CVE-2022-32149, CVE-2024-28180
Patch cert-manager to fix CVE-2023-3978, CVE-2024-24786, CVE-2024-28180, CVE-2023-2253
Patch cmake for CVE-2023-27534
Patch cri-o to fix CVE-2022-32149
Patch curl for CVE-2024-6197
Patch edk2 for CVE-2022-36763, CVE-2022-36764, CVE-2022-36765, CVE-2023-45230, CVE-2023-45236, CVE-2023-45232, CVE-2023-45233, CVE-2023-45234, CVE-2023-45235, CVE-2023-45237
Patch gdk-pixbuf2 for CVE-2022-48622.
Patch influxdb to resolve CVE-2022-32149
Patch jasper to resolve CVE-2023-51257
Patch keda to address CVE-2022-32149
Patch krb5 to fix CVE-2024-26458 and CVE-2024-26461
Patch kubevirt to fix CVE-2022-32149 and CVE-2023-26484
Patch libcontainers-common for CVE-2024-3727
Patch libcontainers-common to fix CVE-2022-32149
Patch libnbd to resolve cve-2024-7383
Patch libsndfile to resolve CVE-2022-33065
Patch libxml2 to resolve CVE-2024-25062
Patch moby-engine for CVE-2024-29018
Patch multiple CVEs in moby-buildx package
Patch multus to resolve CVE-2023-3978
Patch nginx to fix CVE-2024-7347
Patch prometheus-adapter CVE-2022-32149 in
Patch python-wheel to fix CVE-2022-40898 for
Patch python3 to fix CVE-2024-6232 and CVE-2024-8088 for python3 2.0
Patch qemu to fix CVE-2024-24474
Patch reaper for CVE-2024-43796
Patch reaper to address CVE-2024-42459, CVE-2024-42460, CVE-2024-42461
Patch ruby for CVE-2024-41946
Patch rubygem-rexml for CVE-2024-41946
Patch telegraf to fix CVE-2024-24786 & CVE-2024-28180
Patch tpm2-tss to resolve CVE-2024-29040
Patch vim for CVE-2024-43374 CVE-2024-41957 & CVE-2024-41965
Patch vte291 for cve-2024-37535 (corrected patch)
Patch xorg-x11-server for CVE-2024-0229, CVE-2024-0409 & CVE-2024-21886
Patch xorg-x11-server for CVE-2024-31080, CVE-2024-31081, CVE-2024-31082 & CVE-2024-31083
Removed hotplug detach grace period patch from kubevirt
Separated toolchain tests from non-toolchain package builds.
Update openssl to 3.3.2 under cloud-hypervisor-cvm in order to address CVE-2024-6119
Updated the upload-artifact GitHub Action to version 4.
Upgrade Kernel to 5.15.167.1 to address CVE-2024-43855 CVE-2024-42240 CVE-2024-39472 CVE-2024-42269 CVE-2024-42284 CVE-2024-42283 CVE-2023-52889 CVE-2024-42285 CVE-2024-42270 CVE-2024-42271 CVE-2024-43856 CVE-2024-43828 CVE-2024-42313 CVE-2024-43858 CVE-2024-43854 CVE-2024-42302 CVE-2024-42301 CVE-2024-42310 CVE-2024-43860 CVE-2024-42309 CVE-2024-43902 CVE-2024-43907 CVE-2024-44935 CVE-2024-43909 CVE-2024-42114 CVE-2024-43908 CVE-2024-44934 CVE-2024-43889
Upgrade expat to 2.6.3 to fix CVE-2024-45490, CVE-2024-45491, CVE-2024-45492
Upgrade msft-golang to 1.22.7 to address 3
Upgrade python-webob to 1.8.8 Fix CVE-2024-42353
Upgrade sysstat from version 12.7.1 -> 12.7.6 to address CVE-2018-19416
Upgraded keepalived to 2.3.1 and patch CVE-2024-41184.
2.0.20240829
Generic Kernel version-release: kernel-5.15.164.1-1
Add missing shadow-utils requirement to ceph
Add new package Mosh to spec-extended
Patch busybox to resolve CVE-2021-42380, CVE-2023-42363, CVE-2023-42364 & CVE-2023-42365
Patch cert-manager to address CVE-2024-25620 and CVE-2024-6104
Patch cmake for CVE-2023-28320
Patch cri-o to resolve CVE-2024-6104 (patched vendored gomodule)
Patch dhcp (bundled bind) for CVE-2024-1737 & CVE-2024-1975.
Patch influxdb to resolve CVE-2024-6104 (patched vendored gomodule)
Patch js-jquery to address CVE-2019-20149
Patch jx to resolve CVE-2023-45288
Patch keda to resolve CVE-2024-6104 (patched vendored gomodule)
Patch libcontainers-common to address CVE-2021-43565
Patch libtiff to resolve CVE-2023-6277 and CVE-2024-7006
Patch moby-cli to resolve CVE-2023-45288
Patch nginx to address CVE-2024-7347
Patch openldap to resolve CVE-2023-2953
Patch packer to resolve CVE-2024-6104 (patched vendored gomodule)
Patch prometheuus to resolve CVE-2024-6104 (patched vendored gomodule)
Patch protobuf to fix CVE-2022-1941
Patch python-twisted to address CVE-2024-41671 and CVE-2024-41810
Patch python3 to address CVE-2024-7592
Patch qt5-qtbase to resolve CVE-2024-39936.
Patch reaper to address reaper CVE-2024-42459, CVE-2024-42460, CVE-2024-42461
Patch rook to resolve CVE-2024-6104 (patched vendored gomodule)
Patch rpm-ostree to resolve CVE-2023-26964 in vendored h2 sources
Patch rust for CVE-2024-31852 and CVE-2024-32884
Patch tensorflow to resolve CVE-2023-33976
Patch unbound for CVE-2024-43168
Patch waagent.conf to add firewall rules
Upgrade azcopy version to 10.25.1 to fix CVE-2024-35255
Upgrade bind to version 9.16.50 to resolve CVE-2024-1737, CVE-2024-1975 & CVE-2024-4076
Upgrade ca-certificates Msft cert change
Upgrade frr to 8.5.5 to fix CVE-2024-31950, CVE-2024-31951, CVE-2024-44070
Upgrade kernel to version 5.15.164.1 to fix CVE-2024-36901, CVE-2024-26900, CVE-2024-39473, CVE-2024-39474, CVE-2024-39483, CVE-2024-39485, CVE-2024-41007, CVE-2024-41009, CVE-2024-42071, CVE-2024-42072, CVE-2024-42073, CVE-2024-42074, CVE-2024-42075, CVE-2024-42078, CVE-2024-42083, CVE-2024-42152, CVE-2024-42153, CVE-2024-42154, CVE-2024-42157, CVE-2024-42161, CVE-2024-42223, CVE-2024-42224, CVE-2024-42225, CVE-2024-42229, CVE-2024-42232, CVE-2024-42236, CVE-2024-42237, CVE-2024-42244, CVE-2024-42247, CVE-2022-48788, CVE-2022-48841, CVE-2023-52340
Upgrade kernel-mos to 5.15.164.1
Upgrade postgresql to 14.13 to fix CVE-2024-7348
Toolkit: Update gonum to v0.15.0