Skip to content

2.0.20231106
Compare
Choose a tag to compare
@jslobodzian jslobodzian released this 08 Nov 03:10
· 532 commits to 2.0 since this release
2.0.20231106-2.0
1e1b784

Add /opt/containerd/{bin,lib} to RPMs and cherry-pick fix for systemd-hostnamed default-hostname in SELinux.
Add Perl-Net-IP package to extended specs
Add abort immediately on 404 errors for go-downloader in toolkit.
Add explicit timeout to package builds
Add extra_packages option for containerized-rpmbuild
Add kata-containers-cc patch to retain uvm dependencies
Add kubernetes back to CBL-Mariner
Add rust-cbindgen v0.24.3
Add short test flag to full go test coverage
Add single transaction for image package cloner
Add sodiff to Fasttrack builds and PR checks
Add support for downloading/uploading ccache archives
Add the repoquerywrapper tool.
Add timestamp arguments to build_mariner_toolchain.sh
Add wget replacement go-downloader
Build image if missing for containerized-rpmbuild:
Bump grpc release to rebuild with updated version of Go.
Bump kubernetes release to rebuild against glibc 2.35-6
Bump release to rebuild with updated version of Go.
Disable TestReferenceDOTFile() in toolkit until fix is found
Enable CONFIG_BINFMT_MISC in ARM64
Enable encfs sidecar container to UVM
Enable lzo, snappy, zstd support in crash
Enable zstd support in journald
Fix CCache failure to not fail the build + Allow in-place updates of remote artifacts
Fix cronie crond file
Fix freeradius installation issues
Fix handle --no-clobber correctly without explicit dst in toolkit.
Fix kernel CVE detection issue due to bad date order in changelog
Fix marketplace images to remove unnecessary and inappropriate (on ARM) line to create serial getty
Fix systemd to add missing Requires on zstd-libs
Fix toolkit imagecustomizer to correctly return rootfs partition instead of Boot Partition
Fix toolkit missing package rebuilds.
Fix with_check handling in toolchain
Force chronyd to correctly wait for /dev/ptp_hyperv device on images where it's configured to require /dev/ptp_hyperv
Image Customizer: Add Config struct.
Image Customizer: Add documentation.
Image Customizer: Add support to load and unload modules
Image Customizer: Add to Makefile.
Image Customizer: Add tool version.
Image Customizer: Add/remove packages
Image Customizer: Add/update users.
Image Customizer: Enable/disable services.
Image Customizer: Ensure loopback cleanly detaches.
Image Customizer: Fix TestCustomizeImageCopyFiles.
Image Customizer: Fix XFS disk handling.
Image Customizer: Fix disk corruption
Image Customizer: Handle separate boot partition.
Image Customizer: Improve safemount.
Image Customizer: Support legacy boot images.
Image Customizer: Use absolute path for base config path.
Increase image size for baremetal and qemu guest to 4GB
Libcgroup create drop file folder
Made image build always have full toolchain visibility.
Made pipeline artifact subfolder names customizable.
Make /media a directory
Make rpms-snapshot run faster
Modify running order of yum_add_repo so that it runs before package-update-upgrade-install in cloud-init.
Move cherry-pick automation to ADO
Only query precacher repos if one is passed in
Patch CVE-2023-38545, CVE-2023-38546 for cmake and curl.
Patch Glibc for CVE-2023-4806 and CVE-2023-5156
Patch boost for CVE-2023-45853 in vendored zlib code
Patch cloud-hypervisor for CVE-2023-45853 in vendored zlib code.
Patch cmake to address ve-2023-44487 in vendored nghttp2.
Patch edk2 CVE-2023-3817
Patch golang for CVE-2023-44487
Patch grub2 to fix CVE-2021-3695, CVE-2021-3696, CVE-2021-3697, CVE-2022-28733, CVE-2022-28734, CVE-2022-28735, CVE-2022-28736
Patch hdf5 to address CVE-2021-37501
Patch irqbalance to fix incorrect balancing behavior
Patch libnbd to address CVE-2023-5215
Patch libxml2 for CVE-2023-45322
Patch nginx for CVE-2023-44487
Patch python for CVE-2023-24329 (CP of #6412)
Patch python-gevent to address CVE-2023-41419
Patch rust for CVE-2023-45853 in vendored zlib code.
Patch snappy to fix build with RTTI enabled
Patch tcl for CVE-2023-45853 in vendored zlib code
Patch urllib3 for CVE-2023-43804
Patch vim for CVE-2023-5344
Patch vim for CVE-2023-5441 (CP of #6411)
Patch zchunk for CVE-2023-46228
Patch zlib for CVE-2023-45853
Remove additional error logic from sodiff-check command
Remove error from sodiff to unblock main builds
Removed exit from specs' %check sections.
Replace the sample username and password with user replaceable values
Revert Add scheduler stuck debug code
Running 'PipAuthenticate@1' in each template separately.
Switch ccache to use azure managed identity.
Unify behavior of USE_PREVIEW_REPO on url and repo lists
Update 2.0 workflow to use golang 1.20
Update go-test-coverage.yml with explicit go version
Update rust.spec to use ./x.py instead of x.py
Update selinux-policy to Silence io.containerd.internal.v1.opt denial noise
Updated Ubuntu requirements doc with better Golang instructions.
Upgrade PyYAML to 5.2
Upgrade cloud-init to 23.3
Upgrade cni-plugins to v1.3.0 and set version while building
Upgrade fluent-bit to 2.1.10 upgrade to latest
Upgrade gawk to v5.1.1 to fix CVE 2023-4156
Upgrade golang to 1.20.10 to fix CVE-2023-29409, CVE-2023-39318, CVE-2023-39319, CVE-2023-39323, CVE-2023-39533
Upgrade httpd to 2.4.58 to address CVE-2023-45802, CVE-2023-43622 & CVE-2023-31122
Upgrade kernel-hci to fix CVE-2023-1859 CVE-2023-2002 CVE-2022-48425 CVE-2023-3111 CVE-2023-22995 CVE-2023-3141
Upgrade kubernetes to 1.28.3 to address CVE-2023-44487 and CVE-2023-39325
Upgrade libX11 to v1.8.7 to fix CVEs 2023-43785, 2023-43786 and 2023-43787
Upgrade libXpm to v3.5.13 to fix CVE 2023-43789 and CVE-2023-43788
Upgrade libdrm to 2.4.115
Upgrade libtiff to v4.6.0 to fix CVE 2023-40745 and 2023-41175
Upgrade libvpx to 1.13.1 to fix CVE-2023-5217
Upgrade nghttp2 to version 1.57.0 to include patches for cve-2023-44487
Upgrade nodejs18 to 18.18.2 for CVE-2023-44487
Upgrade python-urllib3 to 1.26.18 fix CVE-2023-45803
Upgrade redis to 6.2.14 Fixes CVE-2023-45145
Upgrade skopeo to v1.13.3 to fix CVE-2023-33199 in rekor
Upgrade sudo to version 1.9.14p3
Upgrade tensorflow to 2.11.1 to address CVEs (CP of #6418)
Upgrade to version 5.15.135.1 to fix CVE-2023-4623, CVE-2023-44466 CVE-2020-27815 CVE-2014-9940
Upgrade vim to 9.0.2010 to fix CVE-2023-5535
Upgraded keyutils to version 1.6.3 to fix DNS a refreshing issue (CP of #6432)
Use * instead of ! to designate user's password login is disabled for PAM/sshd.
Use test short mode flag.

Assets 2