Releases: flatcar/scripts
Releases · flatcar/scripts
beta-3745.1.0
Changes since Beta 3732.1.0
Security fixes:
- curl (CVE-2023-38039, CVE-2023-38545, CVE-2023-38546)
- glibc (CVE-2023-4527, CVE-2023-4806)
- lua (CVE-2022-33099)
- mit-krb5 (CVE-2023-36054)
- procps (CVE-2023-4016)
- samba (CVE-2021-44142, CVE-2022-1615)
Bug fixes:
- Disabled systemd-networkd's RoutesToDNS setting by default to fix provisioning failures observed in VMs with multiple network interfaces on Azure (scripts#1206)
- Fixed the postinstall hook failure when updating from Azure instances without OEM systemd-sysext images to Flatcar Alpha 3745.x.y (update_engine#29)
Changes:
- AWS OEM images now use a systemd-sysext image for layering additional platform-specific software on top of
/usr
- Reworked the VMware OEM software to be shipped as A/B updated systemd-sysext image
- SDK: Experimental support for prefix builds to create distro independent, portable, self-contained applications w/ all dependencies included. With contributions from chewi and HappyTobi.
- Started shipping default ssh client and ssh daemon configs in
/etc/ssh/ssh_config
and/etc/ssh/sshd_config
which include config snippets in/etc/ssh/ssh_config.d
and/etc/ssh/sshd_config.d
, respectively. - The open-vm-tools package in VMware OEM now comes with vmhgfs-fuse, udev rules, pam and vgauth
- To make Kubernetes work by default,
/usr/libexec/kubernetes/kubelet-plugins/volume/exec
is now a symlink to the writable folder/var/kubernetes/kubelet-plugins/volume/exec
(Flatcar#1193)
Updates:
- Linux (6.1.58 (includes 6.1.57, 6.1.56))
- Linux Firmware (20230919)
- bind-tools (9.16.42)
- ca-certificates (3.94)
- checkpolicy (3.5)
- curl (8.3.0)
- gcc (13.2)
- gzip (1.13)
- libgcrypt (1.10.2)
- libselinux (3.5)
- libsemanage (3.5)
- libsepol (3.5)
- lua (5.4.6)
- mit-krb5 (1.21.2)
- openssh (9.4p1)
- policycoreutils (3.5)
- procps (4.0.4 (includes 4.0.3 and 4.0.0))
- rpcsvc-proto (1.4.4)
- samba (4.18.4)
- selinux-base (2.20221101)
- selinux-base-policy (2.20221101)
- selinux-container (2.20221101)
- selinux-sssd (2.20221101)
- selinux-unconfined (2.20221101)
- semodule-utils (3.5)
- SDK: Rust (1.72.1)
- VMWARE: libdnet (1.16.2 (includes 1.16))
Changes since Alpha 3745.0.0
Security fixes:
- curl (CVE-2023-38545, CVE-2023-38546)
Bug fixes:
- Disabled systemd-networkd's RoutesToDNS setting by default to fix provisioning failures observed in VMs with multiple network interfaces on Azure (scripts#1206)
- Fixed the postinstall hook failure when updating from Azure instances without OEM systemd-sysext images to Flatcar Alpha 3745.x.y (update_engine#29)
Changes:
- To make Kubernetes work by default,
/usr/libexec/kubernetes/kubelet-plugins/volume/exec
is now a symlink to the writable folder/var/kubernetes/kubelet-plugins/volume/exec
(Flatcar#1193)
Updates:
alpha-3760.0.0
Changes since Alpha 3745.0.0
Security fixes:
- Go (CVE-2023-39323, CVE-2023-39325)
- curl (CVE-2023-38545, CVE-2023-38546)
- glibc (CVE-2023-4911)
- grub (CVE-2023-4692, CVE-2023-4693)
- libtirpc (libtirpc-rhbg-2138317, libtirpc-rhbg-2150611, libtirpc-rhbg-2224666)
Bug fixes:
- Added AWS EKS support for versions 1.24-1.28. Fixed
/usr/share/amazon/eks/download-kubelet.sh
to include download paths for these versions. (scripts#1210) - Disabled systemd-networkd's RoutesToDNS setting by default to fix provisioning failures observed in VMs with multiple network interfaces on Azure (scripts#1206)
- Fixed quotes handling for update-engine (Flatcar#1209)
- Fixed the postinstall hook failure when updating from Azure instances without OEM systemd-sysext images to Flatcar Alpha 3745.x.y (update_engine#29)
Changes:
- To make Kubernetes work by default,
/usr/libexec/kubernetes/kubelet-plugins/volume/exec
is now a symlink to the writable folder/var/kubernetes/kubelet-plugins/volume/exec
(Flatcar#1193)
Updates:
alpha-3745.0.0
Changes since Alpha 3732.0.0
Security fixes:
- Linux (CVE-2023-42755)
- curl (CVE-2023-38039)
- glibc (CVE-2023-4527, CVE-2023-4806)
- lua (CVE-2022-33099)
- mit-krb5 (CVE-2023-36054)
- procps (CVE-2023-4016)
- samba (CVE-2021-44142, CVE-2022-1615)
Bug fixes:
- Triggered re-reading of partition table to fix adding partitions to the boot disk (scripts#1202)
Changes:
- Reworked the VMware OEM software to be shipped as A/B updated systemd-sysext image
- Started shipping default ssh client and ssh daemon configs in
/etc/ssh/ssh_config
and/etc/ssh/sshd_config
which include config snippets in/etc/ssh/ssh_config.d
and/etc/ssh/sshd_config.d
, respectively. - Use qcow2 compressed format instead of additional compression layer in Qemu images (Flatcar#1135, scripts#1132)
- AWS: AWS OEM images now use a systemd-sysext image for layering additional platform-specific software on top of
/usr
- SDK: Experimental support for prefix builds to create distro independent, portable, self-contained applications w/ all dependencies included. With contributions from chewi and HappyTobi.
- VMware: The open-vm-tools package in VMware OEM now comes with vmhgfs-fuse, udev rules, pam and vgauth
Updates:
- Linux (6.1.55)
- Linux Firmware (20230919)
- bind-tools (9.16.42)
- checkpolicy (3.5)
- curl (8.3.0)
- gcc (13.2)
- gzip (1.13)
- libgcrypt (1.10.2)
- libselinux (3.5)
- libsemanage (3.5)
- libsepol (3.5)
- lua (5.4.6)
- mit-krb5 (1.21.2)
- openssh (9.4p1)
- policycoreutils (3.5)
- procps (4.0.4 (includes 4.0.3 and 4.0.0))
- rpcsvc-proto (1.4.4)
- samba (4.18.4)
- selinux-base (2.20221101)
- selinux-base-policy (2.20221101)
- selinux-container (2.20221101)
- selinux-sssd (2.20221101)
- selinux-unconfined (2.20221101)
- semodule-utils (3.5)
- SDK: Rust (1.72.1)
- VMWARE: libdnet (1.16.2 (includes 1.16))
stable-3602.2.0
Changes since Beta 3602.1.6
Security fixes:
- Linux (CVE-2023-42755)
Bug fixes:
- Triggered re-reading of partition table to fix adding partitions to the boot disk (scripts#1202)
Changes:
- Use qcow2 compressed format instead of additional compression layer in Qemu images (Flatcar#1135, scripts#1132)
Updates:
- Linux (5.15.133)
Changes compared to Stable 3510.2.8
Security fixes:
- Linux (CVE-2023-42752, CVE-2023-42753, CVE-2023-42755, CVE-2023-4623, CVE-2023-4921)
- Go (CVE-2023-24532, CVE-2023-24534, CVE-2023-24536, CVE-2023-24537, CVE-2023-24538, CVE-2023-24539, CVE-2023-24540, CVE-2023-29400, CVE-2022-41723, CVE-2022-41724, CVE-2022-41725)
- bash (CVE-2022-3715)
- c-ares (CVE-2022-4904)
- containerd (CVE-2023-25153, CVE-2023-25173)
- curl (CVE-2023-23914, CVE-2023-23915 and CVE-2023-23916, CVE-2023-27533, CVE-2023-27534, CVE-2023-27535, CVE-2023-27536, CVE-2023-27537, CVE-2023-27538)
- Docker (CVE-2023-28840, CVE-2023-28841, CVE-2023-28842)
- e2fsprogs (CVE-2022-1304)
- git (CVE-2023-22490, CVE-2023-23946)
- GnuTLS (CVE-2023-0361)
- intel-microcode (CVE-2022-21216, CVE-2022-33196, CVE-2022-38090)
- less (CVE-2022-46663)
- libxml2 (CVE-2023-28484, CVE-2023-29469)
- OpenSSH (CVE-2023-25136, CVE-2023-28531, CVE-2023-38408)
- OpenSSL (CVE-2022-4203, CVE-2022-4304, CVE-2022-4450, CVE-2023-0215, CVE-2023-0216, CVE-2023-0217, CVE-2023-0286, CVE-2023-0401, CVE-2023-0464, CVE-2023-0465, CVE-2023-0466, CVE-2023-1255)
- runc (CVE-2023-25809, CVE-2023-27561, CVE-2023-28642)
- tar (CVE-2022-48303)
- torcx (CVE-2022-32149)
- vim (CVE-2023-0288, CVE-2023-0433, CVE-2023-1127, CVE-2023-1175, CVE-2023-1170)
- SDK: dnsmasq (CVE-2022-0934)
- SDK: pkgconf (CVE-2023-24056)
- SDK: python (CVE-2023-24329)
Bug fixes:
- Ensured that
/var/log/journal/
is created early enough for systemd-journald to persist the logs on first boot (bootengine#60, baselayout#29) - Fixed
journalctl --user
permission issue (Flatcar#989) - Ensured that the folder
/var/log/sssd
is created if it doesn't exist, required forsssd.service
(Flatcar#1096) - Fixed a miscompilation of getfacl causing it to dump core when executed (scripts#809)
- Restored the reboot warning and delay for non-SSH console sessions (locksmith#21)
- Triggered re-reading of partition table to fix adding partitions to the boot disk (scripts#1202)
- Worked around a bash regression in
flatcar-install
and added error reporting for disk write failures (Flatcar#1059)
Changes:
- Added
pigz
to the image, a parallel gzip implementation, which is useful to speed up the (de)compression for large container image imports/exports (coreos-overlay#2504) - Added a new
flatcar-reset
tool and boot logic for selective OS resets to reconfigure the system with Ignition while avoiding config drift (bootengine#55, init#91) - Enabled elfutils support in systemd-coredump. A backtrace will now appear in the journal for any program that dumps core (coreos-overlay#2489)
- Improved the OS reset tool to offer preview, backup and restore (init#94)
- On boot any files in
/etc
that are the same as provided by the booted/usr/share/flatcar/etc
default for the overlay mount on/etc
are deleted to ensure that future updates of/usr/share/flatcar/etc
are propagated - to opt out create/etc/.no-dup-update
in case you want to keep an unmodified config file as is or because you fear that a future Flatcar version may use the same file as you at which point your copy is cleaned up and any other future Flatcar changes would be applied (bootengine#54) - Switched systemd log reporting to the combined format of both unit description, as before, and now the unit name to easily find the unit (coreos-overlay#2436)
/etc
is now set up as overlayfs with the original/etc
folder being the store for changed files/directories and/usr/share/flatcar/etc
providing the lower default directory tree (bootengine#53, scripts#666)- Changed coreos-cloudinit to now set the short hostname instead of the FQDN when fetched from the metadata service (coreos-cloudinit#19)
- Use qcow2 compressed format instead of additional compression layer in Qemu images (Flatcar#1135, scripts#1132)
Updates:
lts-3510.3.0
Changes since Stable 3510.2.8
Security fixes:
- Linux (CVE-2023-42752, CVE-2023-42753, CVE-2023-4623, CVE-2023-4921)
Bug fixes:
Changes:
- Use qcow2 compressed format instead of additional compression layer in Qemu images (Flatcar#1135, scripts#1132)
Updates:
Changes compared to LTS-2022 3033.3.17
Security fixes:
- Linux (CVE-2019-15794,CVE-2020-16119,CVE-2020-24586,CVE-2020-24587,CVE-2020-24588,CVE-2020-25639,CVE-2020-25670,CVE-2020-25671,CVE-2020-25672,CVE-2020-25673,CVE-2020-26139,CVE-2020-26141,CVE-2020-26145,CVE-2020-26147,CVE-2020-26541,CVE-2020-26555,CVE-2020-26558,CVE-2020-27170,CVE-2020-27171,CVE-2020-27820,CVE-2020-36516,CVE-2021-0129,CVE-2021-0512,CVE-2021-0920,CVE-2021-0937,CVE-2021-0941,CVE-2021-20320,CVE-2021-20321,CVE-2021-20322,CVE-2021-22543,CVE-2021-22555,CVE-2021-22600,CVE-2021-23133,CVE-2021-23134,CVE-2021-26401,CVE-2021-26930,CVE-2021-26931,CVE-2021-26932,CVE-2021-27363,CVE-2021-27364,CVE-2021-27365,CVE-2021-28038,CVE-2021-28039,CVE-2021-28375,CVE-2021-28660,CVE-2021-28688,CVE-2021-28691,CVE-2021-28711,CVE-2021-28712,CVE-2021-28713,CVE-2021-28714,CVE-2021-28715,CVE-2021-28950,CVE-2021-28951,CVE-2021-28952,CVE-2021-28964,CVE-2021-28971,CVE-2021-28972,CVE-2021-29154,CVE-2021-29155,CVE-2021-29264,CVE-2021-29265,CVE-2021-29266,CVE-2021-29646,CVE-2021-29647,CVE-2021-29648,CVE-2021-29649,CVE-2021-29650,CVE-2021-29657,CVE-2021-30002,CVE-2021-31440,CVE-2021-31829,CVE-2021-31916,CVE-2021-32399,CVE-2021-32606,CVE-2021-33033,CVE-2021-33034,CVE-2021-33098,CVE-2021-33135,CVE-2021-33200,CVE-2021-33624,CVE-2021-33655,CVE-2021-33909,CVE-2021-3444,CVE-2021-34556,CVE-2021-34693,CVE-2021-3483,CVE-2021-34866,CVE-2021-3489,CVE-2021-3490,CVE-2021-3491,CVE-2021-34981,CVE-2021-3501,CVE-2021-35039,CVE-2021-3506,CVE-2021-3543,CVE-2021-35477,CVE-2021-3564,CVE-2021-3573,CVE-2021-3600,CVE-2021-3609,CVE-2021-3612,CVE-2021-3640,CVE-2021-3653,CVE-2021-3655,CVE-2021-3656,CVE-2021-3659,CVE-2021-3679,CVE-2021-37159,CVE-2021-3732,CVE-2021-3736,CVE-2021-3739,CVE-2021-3743,CVE-2021-3744,CVE-2021-3752,CVE-2021-3753,CVE-2021-37576,CVE-2021-3760,CVE-2021-3764,CVE-2021-3772,CVE-2021-38166,CVE-2021-38198,CVE-2021-38199,CVE-2021-38200,CVE-2021-38201,CVE-2021-38202,CVE-2021-38203,CVE-2021-38204,CVE-2021-38205,CVE-2021-38206,CVE-2021-38207,CVE-2021-38208,CVE-2021-38209,CVE-2021-38300,CVE-2021-3923,CVE-2021-39633,CVE-2021-39656,CVE-2021-39685,CVE-2021-39686,[CVE-2021-39698](https://nvd...
beta-3732.1.0
Changes since Alpha 3732.0.0
Security fixes:
- Linux (CVE-2023-42755)
Bug fixes:
- Triggered re-reading of partition table to fix adding partitions to the boot disk (scripts#1202)
Changes:
- Use qcow2 compressed format instead of additional compression layer in Qemu images (Flatcar#1135, scripts#1132)
Updates:
- Linux (6.1.55)
Changes compared to Beta 3602.1.6
Security fixes:
- Linux (CVE-2020-36516,CVE-2021-26401,CVE-2021-33135,CVE-2021-33655,CVE-2021-3923,CVE-2021-4155,CVE-2021-4197,CVE-2021-43976,CVE-2021-44879,CVE-2021-45469,CVE-2022-0001,CVE-2022-0002,CVE-2022-0168,CVE-2022-0185,CVE-2022-0330,CVE-2022-0382,CVE-2022-0433,CVE-2022-0435,CVE-2022-0487,CVE-2022-0492,CVE-2022-0494,CVE-2022-0500,CVE-2022-0516,CVE-2022-0617,CVE-2022-0742,CVE-2022-0847,CVE-2022-0995,CVE-2022-1011,CVE-2022-1012,CVE-2022-1015,CVE-2022-1016,CVE-2022-1048,CVE-2022-1055,CVE-2022-1158,CVE-2022-1184,CVE-2022-1198,CVE-2022-1199,CVE-2022-1204,CVE-2022-1205,CVE-2022-1263,CVE-2022-1353,CVE-2022-1462,CVE-2022-1516,CVE-2022-1651,CVE-2022-1652,CVE-2022-1671,CVE-2022-1679,CVE-2022-1729,CVE-2022-1734,CVE-2022-1789,CVE-2022-1852,CVE-2022-1882,CVE-2022-1943,CVE-2022-1973,CVE-2022-1974,CVE-2022-1975,CVE-2022-1976,CVE-2022-1998,CVE-2022-20008,CVE-2022-20158,CVE-2022-20368,CVE-2022-20369,CVE-2022-20421,CVE-2022-20422,CVE-2022-20423,CVE-2022-20566,CVE-2022-20572,CVE-2022-2078,CVE-2022-21123,CVE-2022-21125,CVE-2022-21166,CVE-2022-21499,CVE-2022-21505,CVE-2022-2153,CVE-2022-2196,CVE-2022-22942,CVE-2022-23036,CVE-2022-23037,CVE-2022-23038,CVE-2022-23039,CVE-2022-23040,CVE-2022-23041,CVE-2022-23042,CVE-2022-2308,CVE-2022-2318,CVE-2022-23222,CVE-2022-2380,CVE-2022-23960,CVE-2022-24448,CVE-2022-24958,CVE-2022-24959,CVE-2022-2503,CVE-2022-25258,CVE-2022-25375,CVE-2022-25636,CVE-2022-2585,CVE-2022-2586,CVE-2022-2588,CVE-2022-2590,CVE-2022-2602,CVE-2022-26365,CVE-2022-26373,CVE-2022-2639,CVE-2022-26490,CVE-2022-2663,CVE-2022-26966,CVE-2022-27223,CVE-2022-27666,CVE-2022-27672,CVE-2022-2785,CVE-2022-27950,CVE-2022-28356,CVE-2022-28388,CVE-2022-28389,CVE-2022-28390,CVE-2022-2873,CVE-2022-28796,CVE-2022-28893,CVE-2022-2905,CVE-2022-29156,CVE-2022-2938,CVE-2022-29581,CVE-2022-29582,CVE-2022-2959,CVE-2022-2964,CVE-2022-2977,CVE-2022-2978,CVE-2022-29900,CVE-2022-29901,CVE-2022-29968,CVE-2022-3028,CVE-2022-30594,CVE-2022-3077,CVE-2022-3078,CVE-2022-3104,CVE-2022-3105,CVE-2022-3107,CVE-2022-3108,CVE-2022-3110,CVE-2022-3111,CVE-2022-3112,CVE-2022-3113,CVE-2022-3115,[CVE-2022-3169](http...
stable-3510.2.8
Changes since Stable 3510.2.7
Security fixes:
- Linux (CVE-2023-20588, CVE-2023-3772, CVE-2023-40283, CVE-2023-4128, CVE-2023-4206, CVE-2023-4207, CVE-2023-4208, CVE-2023-4273, CVE-2023-4569)
Changes:
- Azure: Add support for Microsoft Azure Network Adapter (MANA) NICs on Azure (scripts#1131)
Updates:
beta-3602.1.6
Changes since Beta 3602.1.5
Changes:
- Azure: Add support for Microsoft Azure Network Adapter (MANA) NICs on Azure (scripts#1131)
Updates:
alpha-3732.0.0
Changes since Alpha 3717.0.0
Known issues:
- Regression in Kernel 6.1.54, so that a specific cgroupv1 sysfs entry for reading Kernel memory limit disappeared. Container runtimes like runc are mainly affected. The issue was already reported to the upstream Kernel community.
Security fixes:
- Linux (CVE-2023-25775, CVE-2023-4623)
- Go (CVE-2023-39318, CVE-2023-39319, CVE-2023-39320, CVE-2023-39321, CVE-2023-39322)
- nvidia-drivers (CVE-2023-25515, CVE-2023-25516)
- torcx (CVE-2022-28948)
- SDK: Python (CVE-2023-40217, CVE-2023-41105)
Bug fixes:
- Fix the RemainAfterExit clause in nvidia.service (Flatcar#1169)
- Fixed bug in handling renamed network interfaces when generating login issue (init#102)
Changes:
- OEM vendor tools are now A/B updated if they are shipped as systemd-sysext images, the migration happens when both partitions require a systemd-sysext OEM image - note that this will delete the
nvidia.service
from/etc
on Azure because it's now part of/usr
(Flatcar#60) - Azure: Add support for Microsoft Azure Network Adapter (MANA) NICs on Azure (scripts#1131)
Updates:
- Linux (6.1.54 (includes 6.1.53, 6.1.52, 6.1.51))
- Go (1.19.13)
- Go (1.20.8)
- cJSON (1.7.16)
- ca-certificates (3.93)
- containerd (1.7.6)
- ethtool (6.4)
- glib (2.76.4)
- glibc (2.37)
- gmp (6.3.0)
- hwdata (0.373 (includes 0.372))
- inih (57)
- iproute2 (6.4.0)
- libmicrohttpd (0.9.77)
- libnftnl (1.2.6)
- libnvme (1.5)
- nvidia-drivers (535.104.05)
- nvme-cli (2.5)
- openldap (2.6.4)
- tar (1.35)
- xfsprogs (6.4.0)
- SDK: file (5.45)
- SDK: gnuconfig (20230731)
- SDK: kbd (2.6.1 (includes 2.6.0))
- SDK: python (3.11.5)
- SDK: qemu (8.0.4)
stable-3510.2.7
Changes since Stable 3510.2.6
Security fixes:
- Linux (CVE-2022-40982, CVE-2022-41804, CVE-2023-1206, CVE-2023-20569, CVE-2023-4004, CVE-2023-4147, CVE-2023-20569, CVE-2023-23908)
Bug fixes:
- Fixed the restart of Systemd services when the main process is being killed by a SIGHUP signal (flatcar#1157)