pool/amazon-ssm-agent
SHA256
17
0
Fork 1
Code Issues Pull Requests Activity

Compare commits

base: pool:factory
Branches Tags
pool:factory pool:slfo-main pool:slfo-1.2
..
compare: pool:slfo-main
Branches Tags
pool:factory pool:slfo-main pool:slfo-1.2

1 Commits
factory ... slfo-main

Author SHA256 Message Date
John Paul Adrian Glaubitz
b446877a3f Backport fix for 2025-47913 
- Add CVE-2025-47913.patch to fix an SSH client process terminating
  when receiving an unexpected message type in response to a key
  listing or signing request (bsc#1253611, CVE-2025-47913)
 2025-11-18 11:12:42 +01:00
4 changed files with 6 additions and 79 deletions
Expand all files Collapse all files

BIN
amazon-ssm-agent-3.3.2299.0.tar.gz LFS Normal file
View File

Binary file not shown.

3
amazon-ssm-agent-3.3.3598.0.tar.gz
View File

@@ -1,3 +0,0 @@
version https://git-lfs.github.com/spec/v1
oid sha256:e892600cd0b24d29e4d574c2102bb6821359ccfda9f57ccae29a510620753d0a
size 32205624

73
amazon-ssm-agent.changes
View File

@@ -1,16 +1,3 @@
-------------------------------------------------------------------
Mon Jan 5 12:39:50 UTC 2026 - John Paul Adrian Glaubitz <adrian.glaubitz@suse.com>
- Update to version 3.3.3598.0
* Allow Patch execution to persist across reboots not registered to SSM Agent
- from version 3.3.3572.0
* Fix ENV_VAR interpolation to work correctly with parameter store value
* Implement immediate retries for failed reply messages to MGS for RunCommand documents
* Improve ssm-cli get-diagnostics command log output
* Support DomainJoin endpoint for EU sovereign cloud
* Support dualstack S3 endpoint for distributor packages
* Upgrade Go version to 1.24.11
-------------------------------------------------------------------
Tue Nov 18 09:53:32 UTC 2025 - John Paul Adrian Glaubitz <adrian.glaubitz@suse.com>
@@ -18,66 +5,6 @@ Tue Nov 18 09:53:32 UTC 2025 - John Paul Adrian Glaubitz <adrian.glaubitz@suse.c
when receiving an unexpected message type in response to a key
listing or signing request (bsc#1253611, CVE-2025-47913)
-------------------------------------------------------------------
Thu Oct 23 13:12:38 UTC 2025 - John Paul Adrian Glaubitz <adrian.glaubitz@suse.com>
- Update to version 3.3.3270.0
* Add initial IPv6 support with UseDualStackEndpoint configuration option
* Fix CPU utilization issue for instances with thousands of network interfaces
-------------------------------------------------------------------
Wed Oct 1 09:09:08 UTC 2025 - John Paul Adrian Glaubitz <adrian.glaubitz@suse.com>
- Update to version 3.3.3185.0
* Add IMDS retry count to account for EC2 droplet refresh
* Fix duplicate uid error logging in MDS module
* Update aws:Domainjoin plugin logging from Log4Net to NLog
* Upgrade Go version to 1.24.7
* Update github.com/go-git/go-git/v5 to 5.15.0
* Update golang.org/x/crypto to v0.37.0
* Update golang.org/x/net to v0.39.0
* Update golang.org/x/sys to v0.32.0
-------------------------------------------------------------------
Tue Sep 2 10:55:44 UTC 2025 - John Paul Adrian Glaubitz <adrian.glaubitz@suse.com>
- Update to version 3.3.3050.0
* Add EU sovereign cloud S3 endpoint for DownloadContent plugin
* Add configurable credential rotation max backoff interval
- from version 3.3.2958.0
* Migrate from twinj/uuid to google/uuid library
* Allow newer agent versions to be installed when deploying on Greengrass
* Harden function to remove non-admin run command documents in execution path
* Fix macOS credential refresher test issue due to missing Debugf from serialport skip file
* Enhance testability of custom certificate usage in debug SSM Agent builds
* Decouple serial port from startup and add credential refresher serialport logging
* Add GlobalEnhancedTelemetryEnabled config to README
* Add cloudwatch logs endpoint configuration to optional config for agent
* Update Greengrass component version
- from version 3.3.2746.0
* Add file privilege check before processing document state file
* Storing AWS document interpolation ENV_VAR types as environment variables
* Throw explicit error when running local cli as non-priviledged user
* Harden telemetry dynamic config folder permissions
* Add configuration option for HandshakeTimeout
- from version 3.3.2656.0
* Improve unit tests
* Add setup for emitting telemetry logs and metrics
* Add initial selection of error logs to emit to telemetry
* Simplify checkstyle and import organization in build scripts
* Update golang.org/x/net from v0.37.0 to v0.38.0
-------------------------------------------------------------------
Mon Jun 2 09:26:04 UTC 2025 - John Paul Adrian Glaubitz <adrian.glaubitz@suse.com>
- Update to version 3.3.2471.0
* Improve unit tests
* Agent hibernation reason is logged to EC2 system logs
* Add metrics for the EC2Detector and IMDS EC2 status findings
* Change Linux DomainJoin plugin parameter KeepHostName to accept
both boolean and string
* Upgrade GoLang to version 1.23.8
-------------------------------------------------------------------
Tue Apr 15 10:41:20 UTC 2025 - John Paul Adrian Glaubitz <adrian.glaubitz@suse.com>

6
amazon-ssm-agent.spec
View File

@@ -1,7 +1,7 @@
#
# spec file for package amazon-ssm-agent
#
# Copyright (c) 2026 SUSE LLC and contributors
# Copyright (c) 2025 SUSE LLC
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@@ -17,7 +17,7 @@
Name: amazon-ssm-agent
Version: 3.3.3598.0
Version: 3.3.2299.0
Release: 0
Summary: Amazon Remote System Config Management
License: Apache-2.0
@@ -28,7 +28,7 @@ Source0: https://github.com/aws/amazon-ssm-agent/archive/%{version}.tar.g
# message type in response to a key listing or signing request (CVE-2025-47913)
# Partial patch taken from https://cs.opensource.google/go/x/crypto/+/559e062ce8bfd6a39925294620b50906ca2a6f95
Patch0: CVE-2025-47913.patch
BuildRequires: go >= 1.24
BuildRequires: go >= 1.21
BuildRequires: pkgconfig(systemd)
Requires: systemd
Provides: bundled(golang(github.com/Microsoft/go-winio))