Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Merge 3.0-dev into 3.0 #9473

Merged
merged 41 commits into from
Jun 24, 2024
Merged

Merge 3.0-dev into 3.0 #9473

merged 41 commits into from
Jun 24, 2024

Conversation

anphel31
Copy link
Member

Merge Checklist

All boxes should be checked before merging the PR (just tick any boxes which don't apply to this PR)

  • The toolchain has been rebuilt successfully (or no changes were made to it)
  • The toolchain/worker package manifests are up-to-date
  • Any updated packages successfully build (or no packages were changed)
  • Packages depending on static components modified in this PR (Golang, *-static subpackages, etc.) have had their Release tag incremented.
  • Package tests (%check section) have been verified with RUN_CHECK=y for existing SPEC files, or added to new SPEC files
  • All package sources are available
  • cgmanifest files are up-to-date and sorted (./cgmanifest.json, ./toolkit/scripts/toolchain/cgmanifest.json, .github/workflows/cgmanifest.json)
  • LICENSE-MAP files are up-to-date (./SPECS/LICENSES-AND-NOTICES/data/licenses.json, ./SPECS/LICENSES-AND-NOTICES/LICENSES-MAP.md, ./SPECS/LICENSES-AND-NOTICES/LICENSE-EXCEPTIONS.PHOTON)
  • All source files have up-to-date hashes in the *.signatures.json files
  • sudo make go-tidy-all and sudo make go-test-coverage pass
  • Documentation has been updated to match any changes to the build system
  • If you are adding/removing a .spec file that has multiple-versions supported, please add @microsoft/cbl-mariner-multi-package-reviewers team as reviewer (Eg. golang has 2 versions 1.18, 1.21+)
  • Ready to merge
Summary

What does the PR accomplish, why was it needed?

Change Log
  • Change
  • Change
  • Change
Does this affect the toolchain?

YES/NO

Associated issues
  • #xxxx
Links to CVEs
Test Methodology
  • Pipeline build id: xxxx

mandeepsplaha and others added 30 commits June 12, 2024 11:00
@mandeepsplaha
add nodejs-npm to nodejs golden container (#9386)
abbbe63
@mfrw
toolkit: bump azidentity 1.3.1 -> 1.6.0 to address CVE-2024-35255 (#9383
42a30eb 
)

Fixes: https://github.com/microsoft/azurelinux/security/dependabot/13
Signed-off-by: Muhammad Falak R Wani <[email protected]>
@neha170
php: udpate to v8.3.8 to fix CVEs (#9377)
a63d5a4
@sameluch
Bump azurelinux release for preview (#9389)
070daa8
@bfjelds
Address CVE-2024-3727 by patching vendored github.com/containers/image (
a961baf 
#9342)
@Alberto-Perez-Guevara
Python XlsxWriter Initial Azure Linux Import from Fedora 40 (#9387)
c0c4848
@rmhsawyer
Add patch for cloud init dhcp issue (#9331)
a21765f 
Co-authored-by: minghe <rmhsawyer>
@mandeepsplaha
add oneliner to memcached dockerfile to add user (#9399)
d751e04
@tobiasb-ms
Fix shadow-utils to reenable user groups (#9363)
3d6f28d 
Change #7761 upgraded shadow-utils and took part of a change from upstream that modifies /etc/login.defs so that USERGROUPS_ENAB is set to no. This makes all users be created in the same group (in our case users) rather than created with their own group.

This change undoes that, so users will once again be created with their own group with the same name as the user.
@christopherco
systemd: disable llmnr by default (#9396)
7791dfe 
LLMNR poisoning is a MitM attack used to capture credential material by tampering with LLMNR request and response messages.

To prevent LLMNR poisoning, disable LLMNR in systemd. LLMNR is actively being phased out in favor of mDNS.

Signed-off-by: Chris Co <[email protected]>
@gmileka
[grub] Disable code optimization for ip frame checksum calculation. (#…
c50d4af 
…9391)
@sameluch
Test Fix for Package annobin (#9406)
4994e48
@sameluch
Test Fix for Package brotli (#9409)
77b1718
@sameluch
Upgrade babel to Version 2.15.0 to Fix Package Tests (#9408)
daea85d
@sharath-srikanth-chellappa
Changes to kubevirt, multus to build container images on 3.0 (#9412)
c687f6d 
Co-authored-by: Sharath Srikanth Chellappa <[email protected]>
@Alberto-Perez-Guevara
xlsxwriter build issue (#9411)
640ece2
@nisamson
[3.0-dev] Patch CVE-2024-5564 in libndp (#9414)
6fda93c 
Co-authored-by: Nick Samson <[email protected]>
@gjswalling
Upgrade grub2 from 2.06 to 2.12 (#9407)
26d9bca
@hbeberman
Import capnproto and rr specs (#9405)
79bca29
@miz060
kata-containers(-cc): enable sandbox_cgroup_only to support cgroupv2 (#…
5463f3a 
…9417)
@dmcilvaney
Fix ordering issues with new preview repo handling in derivative buil…
7d8b2b2 
…ds (#9400)
@henryli001
[3.0] Fix and upgrade nvidia-container-toolkit and libnvidia-container (
2df8b96 
#9403)

Co-authored-by: Henry Li <[email protected]>
@nicogbg @CBL-Mariner-Bot
glibc - Address CVE-2023-4911, CVE-2023-5156, CVE-2023-6246, CVE-2023…
c025a0c 
…-6779, CVE-2023-6780 (#9423)

Co-authored-by: CBL-Mariner Servicing Account <[email protected]>
@amritakohli
python-jsonschema: revert upgrade (#9427)
5a20c8e
@dmcilvaney
Remove locales from core images, add documentation on restoring local…
a6d8189 
…es (#9430)
@dmcilvaney
Patch bash to load startup files when invoked with '-bash' (#9425)
f32fdc4
@nicogbg @CBL-Mariner-Bot
3.0-dev - telegraf upgrade to 1.31.0 to address CVE-2024-27304, CVE-2… (
2af92d3 
#9437)

Co-authored-by: CBL-Mariner Servicing Account <[email protected]>
@neha170
add script to update toolchain and package manifest (#9345)
df2f8f4
@anphel31
coreutils - add patch to fix uname (#9420)
68f6278
@cwize1
Image Customizer: Minor doc updates. (#9449)
38bbb2f
nicogbg and others added 11 commits June 19, 2024 16:06
@nicogbg @CBL-Mariner-Bot
3.0-dev - influxdb fix CVE-2021-4238 (#9452)
137d105 
Co-authored-by: CBL-Mariner Servicing Account <[email protected]>
@christopherco
Move cri-o to Extended (#9451)
690b2cb 
Azure Linux's primary supported container runtime is containerd. We will provide CRI-O as an option for users to try, but will be community maintained in the Extended repository.

Signed-off-by: Chris Co <[email protected]>
@jcamposeco
Add patch to add msflint kernel driver 4.28 as module (#9380)
90f521f
@AZaugg
Package argparse-manpage naming convention consistency (#9419)
70b1a20 
Renaming package name argparse-manpage -> python-argparse-manpage

To be consistent, all python pypi modules are named python- the
package argparse-manpage does not follow this convention, updating base
package name to be consistent.
@anphel31
crash: add crash-target-arm64 binary (#9442)
d5c2a09
@anphel31
azurelinux-release: bump to 3.0-15 for June preview update 2 (#9462)
b9a0a26
@neha170
[3.0] mariadb: patch CVE-2024-0901 (#9466)
e9ab586
@neha170
[3.0] bluez: patch CVE-2023-50229 and CVE-2023-50230 (#9467)
f5aee66
@cwize1
Image Customizer: Add tests for additionalFiles and additionalDirs. (#…
238a839 
…9461)
@anphel31
gcc: update and re-enable CVE-2023-4039.patch (#9465)
63a3aa7
@anphel31
Merge branch '3.0-dev' into anphel/3-pull-dev-changes-jun-23
beca895
@anphel31 anphel31 requested review from a team as code owners June 23, 2024 21:40
@anphel31 anphel31 merged commit bb57b03 into 3.0 Jun 24, 2024
12 checks passed
@anphel31 anphel31 deleted the anphel/3-pull-dev-changes-jun-23 branch June 24, 2024 16:57
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jslobodzian jslobodzian jslobodzian approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.