Note that this release includes a fix for CVE-2023-4039. The CVE impacts the code generator of gcc for aarch64 components only. Several, but not all, aarch64 packages with native code were impacted. We have bumped the versions of impacted packages so they are rebuilt with the fixed compiler. If you are leveraging gcc in an aarch64 environment, it is recommended that you recompile your software with the gcc 11.2.0-6 or newer. While the CVE only impacts the aarch64 packages, the x86_64 counterparts were also released because Mariner does not release treat aarch64 and x86_64 independently.
Add Mariner Image Customizer boilerplate
Add SPDX license guidance to spec guidelines error message
Add SliceToSet() to sliceutils
Add help
target to toolkit Makefile
Add freexl package to specs-extended
Add gpsbabel package to specs-extended
Add hdf package to specs-extended
Add libgeotiff package to specs-extended
Add libkml package to specs-extended
Add netcdf package to specs-extended
Add ptest results parsing to the PackageBuild
template
Cleaned-up invalid edges from duplicate nodes.
Fix librelp
tests by adding glibc-debuginfo
Fix systemd/systemd-bootstrap confusion by adding explicit requires
Fixing python-more-itertools tests
Get go tools unit tests to pass in VSCode
Made 'PipAuthenticate' artifact feeds optional for package builds.
Make CONFIG_FILE default assignment consistent
PAtch shadow-utils to address CVE-2023-29383
Patch CVE-2023-41910 in lldpd package
Patch booth to address CVE-2022-2553
Patch buildah to fix CVE-2022-2990
Patch cmake for CVE-2023-35495
Patch gcc for CVE-2023-4039
Patch libssh2 to address CVE-2020-22218
Patch libtommath to fix CVE-2023-36328
Patch mutt to address CVE-2023-4874
Patch nodejs to address CVE-2023-35945
Patch tcl to fix CVE-2023-36328
Re-enable tests for gnutls, jna, libsoup, strongswan
Remove default CONFIG_FILE=
Removed 'exit 1' from 'supermin'.
Removed toolchain package requirements to fix build break in libguestfs
Updated usage of pip
in the package build template.
Upgrade Kernel to version 5.15.131.1 to address CVE-2023-0160, CVE-2023-4015, CVE-2023-4206, CVE-2023-4207, CVE-2023-4208, CVE-2023-4273, CVE-2023-4394 and CVE-2023-4569, CVE-2023-4622
Upgrade advancecomp to 2.5 CVE-2023-2961
Upgrade bind version to 9.16.37 to fix CVE-2022-3924, CVE-2022-3094, CVE-2022-3736
Upgrade blobfuse2 to 2.1.0
Upgrade dovecot to 2.3.20 to address CVEs
Upgrade exiv2 to version 0.28.0
Upgrade fapolicyd to 1.3.2 to address CVE-2022-1117
Upgrade fetchmail to 6.4.22 to address CVE-2021-39272 & CVE-2021-36386
Upgrade flac to 1.4.3 to address CVE-2020-22219
Upgrade frr to 8.5.3 to fix CVE-2023-41358 CVE-2023-41359 CVE-2023-41360
Upgrade imaptest 20210305 to 20210511
Upgrade libmicrohttpd to 0.9.76 to address CVE-2023-27371
Upgrade mod_auth_openidc to 2.4.14.2 to address CVE-2021-20718, CVE-2021-39191, CVE-2022-23527, CVE-2023-28625
Upgrade mutt to 2.2.12 to address CVEs
Upgrade nodejs to 18.17.1 to address CVEs 2023-32002, CVE-2023-32006 and CVE-2023-32559
Upgrade opencryptoki to 3.17.0 to address CVE-2021-3798
Upgrade opensc to 0.23.0 to fix CVE-2021-34193
Upgrade pmix to 4.1.3 to address CVE-2023-41915
Upgrade python-ldap to 3.4.0 to address CVE-2021-46823
Upgrade re2c to version 2.0 to fix CVE-2018-21232
Upgrade redis to 6.2.13 fix CVE-2022-24834
Upgrade screen to 4.9.1 to address CVE-2023-24626
Upgrade stunnel to 5.70 to address CVE-2021-20230
Upgrade taglib 1.11.1 to 1.13.1 to address CVE-2018-11439, CVE-2017-12678
Upgrade tang to 14 to address CVE-2023-1672
Upgrade usbguard to 1.1.0 CVE-2019-25058
Upgrade vim to resolve CVE-2023-4733, CVE-2023-4734, CVE-2023-4735, CVE-2023-4736, CVE-2023-4738, CVE-2023-4750, CVE-2023-4752 and CVE-2023-4781
Upgrade wavpack to 5.6.0 to address CVE-2021-44269 & CVE-2022-2476
Upgrade wireshark to 4.0.8 to address 27 CVEs
Upgrade xterm to 380 to address CVE-2022-45063 & CVE-2023-40359
Use the PIC'ed version of libiberty.a static object