Releases: flatcar/scripts
Releases · flatcar/scripts
beta-3745.1.0
beta-3745.1.0
This tag was signed with the committer’s verified signature.
sayanchowdhury
Sayan Chowdhury
a660ae3
This commit was signed with the committer’s verified signature.
sayanchowdhury
Sayan Chowdhury
Changes since Beta 3732.1.0
Security fixes:
- curl (CVE-2023-38039, CVE-2023-38545, CVE-2023-38546)
- glibc (CVE-2023-4527, CVE-2023-4806)
- lua (CVE-2022-33099)
- mit-krb5 (CVE-2023-36054)
- procps (CVE-2023-4016)
- samba (CVE-2021-44142, CVE-2022-1615)
Bug fixes:
- Disabled systemd-networkd's RoutesToDNS setting by default to fix provisioning failures observed in VMs with multiple network interfaces on Azure (scripts#1206)
- Fixed the postinstall hook failure when updating from Azure instances without OEM systemd-sysext images to Flatcar Alpha 3745.x.y (update_engine#29)
Changes:
- AWS OEM images now use a systemd-sysext image for layering additional platform-specific software on top of
/usr - Reworked the VMware OEM software to be shipped as A/B updated systemd-sysext image
- SDK: Experimental support for prefix builds to create distro independent, portable, self-contained applications w/ all dependencies included. With contributions from chewi and HappyTobi.
- Started shipping default ssh client and ssh daemon configs in
/etc/ssh/ssh_configand/etc/ssh/sshd_configwhich include config snippets in/etc/ssh/ssh_config.dand/etc/ssh/sshd_config.d, respectively. - The open-vm-tools package in VMware OEM now comes with vmhgfs-fuse, udev rules, pam and vgauth
- To make Kubernetes work by default,
/usr/libexec/kubernetes/kubelet-plugins/volume/execis now a symlink to the writable folder/var/kubernetes/kubelet-plugins/volume/exec(Flatcar#1193)
Updates:
- Linux (6.1.58 (includes 6.1.57, 6.1.56))
- Linux Firmware (20230919)
- bind-tools (9.16.42)
- ca-certificates (3.94)
- checkpolicy (3.5)
- curl (8.3.0)
- gcc (13.2)
- gzip (1.13)
- libgcrypt (1.10.2)
- libselinux (3.5)
- libsemanage (3.5)
- libsepol (3.5)
- lua (5.4.6)
- mit-krb5 (1.21.2)
- openssh (9.4p1)
- policycoreutils (3.5)
- procps (4.0.4 (includes 4.0.3 and 4.0.0))
- rpcsvc-proto (1.4.4)
- samba (4.18.4)
- selinux-base (2.20221101)
- selinux-base-policy (2.20221101)
- selinux-container (2.20221101)
- selinux-sssd (2.20221101)
- selinux-unconfined (2.20221101)
- semodule-utils (3.5)
- SDK: Rust (1.72.1)
- VMWARE: libdnet (1.16.2 (includes 1.16))
Changes since Alpha 3745.0.0
Security fixes:
- curl (CVE-2023-38545, CVE-2023-38546)
Bug fixes:
- Disabled systemd-networkd's RoutesToDNS setting by default to fix provisioning failures observed in VMs with multiple network interfaces on Azure (scripts#1206)
- Fixed the postinstall hook failure when updating from Azure instances without OEM systemd-sysext images to Flatcar Alpha 3745.x.y (update_engine#29)
Changes:
- To make Kubernetes work by default,
/usr/libexec/kubernetes/kubelet-plugins/volume/execis now a symlink to the writable folder/var/kubernetes/kubelet-plugins/volume/exec(Flatcar#1193)
Updates:
alpha-3760.0.0
alpha-3760.0.0
This tag was signed with the committer’s verified signature.
sayanchowdhury
Sayan Chowdhury
8f137e3
This commit was signed with the committer’s verified signature.
sayanchowdhury
Sayan Chowdhury
Changes since Alpha 3745.0.0
Security fixes:
- Go (CVE-2023-39323, CVE-2023-39325)
- curl (CVE-2023-38545, CVE-2023-38546)
- glibc (CVE-2023-4911)
- grub (CVE-2023-4692, CVE-2023-4693)
- libtirpc (libtirpc-rhbg-2138317, libtirpc-rhbg-2150611, libtirpc-rhbg-2224666)
Bug fixes:
- Added AWS EKS support for versions 1.24-1.28. Fixed
/usr/share/amazon/eks/download-kubelet.shto include download paths for these versions. (scripts#1210) - Disabled systemd-networkd's RoutesToDNS setting by default to fix provisioning failures observed in VMs with multiple network interfaces on Azure (scripts#1206)
- Fixed quotes handling for update-engine (Flatcar#1209)
- Fixed the postinstall hook failure when updating from Azure instances without OEM systemd-sysext images to Flatcar Alpha 3745.x.y (update_engine#29)
Changes:
- To make Kubernetes work by default,
/usr/libexec/kubernetes/kubelet-plugins/volume/execis now a symlink to the writable folder/var/kubernetes/kubelet-plugins/volume/exec(Flatcar#1193)
Updates:
alpha-3745.0.0
Changes since Alpha 3732.0.0
Security fixes:
- Linux (CVE-2023-42755)
- curl (CVE-2023-38039)
- glibc (CVE-2023-4527, CVE-2023-4806)
- lua (CVE-2022-33099)
- mit-krb5 (CVE-2023-36054)
- procps (CVE-2023-4016)
- samba (CVE-2021-44142, CVE-2022-1615)
Bug fixes:
- Triggered re-reading of partition table to fix adding partitions to the boot disk (scripts#1202)
Changes:
- Reworked the VMware OEM software to be shipped as A/B updated systemd-sysext image
- Started shipping default ssh client and ssh daemon configs in
/etc/ssh/ssh_configand/etc/ssh/sshd_configwhich include config snippets in/etc/ssh/ssh_config.dand/etc/ssh/sshd_config.d, respectively. - Use qcow2 compressed format instead of additional compression layer in Qemu images (Flatcar#1135, scripts#1132)
- AWS: AWS OEM images now use a systemd-sysext image for layering additional platform-specific software on top of
/usr - SDK: Experimental support for prefix builds to create distro independent, portable, self-contained applications w/ all dependencies included. With contributions from chewi and HappyTobi.
- VMware: The open-vm-tools package in VMware OEM now comes with vmhgfs-fuse, udev rules, pam and vgauth
Updates:
- Linux (6.1.55)
- Linux Firmware (20230919)
- bind-tools (9.16.42)
- checkpolicy (3.5)
- curl (8.3.0)
- gcc (13.2)
- gzip (1.13)
- libgcrypt (1.10.2)
- libselinux (3.5)
- libsemanage (3.5)
- libsepol (3.5)
- lua (5.4.6)
- mit-krb5 (1.21.2)
- openssh (9.4p1)
- policycoreutils (3.5)
- procps (4.0.4 (includes 4.0.3 and 4.0.0))
- rpcsvc-proto (1.4.4)
- samba (4.18.4)
- selinux-base (2.20221101)
- selinux-base-policy (2.20221101)
- selinux-container (2.20221101)
- selinux-sssd (2.20221101)
- selinux-unconfined (2.20221101)
- semodule-utils (3.5)
- SDK: Rust (1.72.1)
- VMWARE: libdnet (1.16.2 (includes 1.16))
stable-3602.2.0
Changes since Beta 3602.1.6
Security fixes:
- Linux (CVE-2023-42755)
Bug fixes:
- Triggered re-reading of partition table to fix adding partitions to the boot disk (scripts#1202)
Changes:
- Use qcow2 compressed format instead of additional compression layer in Qemu images (Flatcar#1135, scripts#1132)
Updates:
- Linux (5.15.133)
Changes compared to Stable 3510.2.8
Security fixes:
- Linux (CVE-2023-42752, CVE-2023-42753, CVE-2023-42755, CVE-2023-4623, CVE-2023-4921)
- Go (CVE-2023-24532, CVE-2023-24534, CVE-2023-24536, CVE-2023-24537, CVE-2023-24538, CVE-2023-24539, CVE-2023-24540, CVE-2023-29400, CVE-2022-41723, CVE-2022-41724, CVE-2022-41725)
- bash (CVE-2022-3715)
- c-ares (CVE-2022-4904)
- containerd (CVE-2023-25153, CVE-2023-25173)
- curl (CVE-2023-23914, CVE-2023-23915 and CVE-2023-23916, CVE-2023-27533, CVE-2023-27534, CVE-2023-27535, CVE-2023-27536, CVE-2023-27537, CVE-2023-27538)
- Docker (CVE-2023-28840, CVE-2023-28841, CVE-2023-28842)
- e2fsprogs (CVE-2022-1304)
- git (CVE-2023-22490, CVE-2023-23946)
- GnuTLS (CVE-2023-0361)
- intel-microcode (CVE-2022-21216, CVE-2022-33196, CVE-2022-38090)
- less (CVE-2022-46663)
- libxml2 (CVE-2023-28484, CVE-2023-29469)
- OpenSSH (CVE-2023-25136, CVE-2023-28531, CVE-2023-38408)
- OpenSSL (CVE-2022-4203, CVE-2022-4304, CVE-2022-4450, CVE-2023-0215, CVE-2023-0216, CVE-2023-0217, CVE-2023-0286, CVE-2023-0401, CVE-2023-0464, CVE-2023-0465, CVE-2023-0466, CVE-2023-1255)
- runc (CVE-2023-25809, CVE-2023-27561, CVE-2023-28642)
- tar (CVE-2022-48303)
- torcx (CVE-2022-32149)
- vim (CVE-2023-0288, CVE-2023-0433, CVE-2023-1127, CVE-2023-1175, CVE-2023-1170)
- SDK: dnsmasq (CVE-2022-0934)
- SDK: pkgconf (CVE-2023-24056)
- SDK: python (CVE-2023-24329)
Bug fixes:
- Ensured that
/var/log/journal/is created early enough for systemd-journald to persist the logs on first boot (bootengine#60, baselayout#29) - Fixed
journalctl --userpermission issue (Flatcar#989) - Ensured that the folder
/var/log/sssdis created if it doesn't exist, required forsssd.service(Flatcar#1096) - Fixed a miscompilation of getfacl causing it to dump core when executed (scripts#809)
- Restored the reboot warning and delay for non-SSH console sessions (locksmith#21)
- Triggered re-reading of partition table to fix adding partitions to the boot disk (scripts#1202)
- Worked around a bash regression in
flatcar-installand added error reporting for disk write failures (Flatcar#1059)
Changes:
- Added
pigzto the image, a parallel gzip implementation, which is useful to speed up the (de)compression for large container image imports/exports (coreos-overlay#2504) - Added a new
flatcar-resettool and boot logic for selective OS resets to reconfigure the system with Ignition while avoiding config drift (bootengine#55, init#91) - Enabled elfutils support in systemd-coredump. A backtrace will now appear in the journal for any program that dumps core (coreos-overlay#2489)
- Improved the OS reset tool to offer preview, backup and restore (init#94)
- On boot any files in
/etcthat are the same as provided by the booted/usr/share/flatcar/etcdefault for the overlay mount on/etcare deleted to ensure that future updates of/usr/share/flatcar/etcare propagated - to opt out create/etc/.no-dup-updatein case you want to keep an unmodified config file as is or because you fear that a future Flatcar version may use the same file as you at which point your copy is cleaned up and any other future Flatcar changes would be applied (bootengine#54) - Switched systemd log reporting to the combined format of both unit description, as before, and now the unit name to easily find the unit (coreos-overlay#2436)
/etcis now set up as overlayfs with the original/etcfolder being the store for changed files/directories and/usr/share/flatcar/etcproviding the lower default directory tree (bootengine#53, scripts#666)- Changed coreos-cloudinit to now set the short hostname instead of the FQDN when fetched from the metadata service (coreos-cloudinit#19)
- Use qcow2 compressed format instead of additional compression layer in Qemu images (Flatcar#1135, scripts#1132)
Updates:
lts-3510.3.0
Changes since Stable 3510.2.8
Security fixes:
- Linux (CVE-2023-42752, CVE-2023-42753, CVE-2023-4623, CVE-2023-4921)
Bug fixes:
Changes:
- Use qcow2 compressed format instead of additional compression layer in Qemu images (Flatcar#1135, scripts#1132)
Updates:
Changes compared to LTS-2022 3033.3.17
Security fixes:
- Linux (CVE-2019-15794,CVE-2020-16119,CVE-2020-24586,CVE-2020-24587,CVE-2020-24588,CVE-2020-25639,CVE-2020-25670,CVE-2020-25671,CVE-2020-25672,CVE-2020-25673,CVE-2020-26139,CVE-2020-26141,CVE-2020-26145,CVE-2020-26147,CVE-2020-26541,CVE-2020-26555,CVE-2020-26558,CVE-2020-27170,CVE-2020-27171,CVE-2020-27820,CVE-2020-36516,CVE-2021-0129,CVE-2021-0512,CVE-2021-0920,CVE-2021-0937,CVE-2021-0941,CVE-2021-20320,CVE-2021-20321,CVE-2021-20322,CVE-2021-22543,CVE-2021-22555,CVE-2021-22600,CVE-2021-23133,CVE-2021-23134,CVE-2021-26401,CVE-2021-26930,CVE-2021-26931,CVE-2021-26932,CVE-2021-27363,CVE-2021-27364,CVE-2021-27365,CVE-2021-28038,CVE-2021-28039,CVE-2021-28375,CVE-2021-28660,CVE-2021-28688,CVE-2021-28691,CVE-2021-28711,CVE-2021-28712,CVE-2021-28713,CVE-2021-28714,CVE-2021-28715,CVE-2021-28950,CVE-2021-28951,CVE-2021-28952,CVE-2021-28964,CVE-2021-28971,CVE-2021-28972,CVE-2021-29154,CVE-2021-29155,CVE-2021-29264,CVE-2021-29265,CVE-2021-29266,CVE-2021-29646,CVE-2021-29647,CVE-2021-29648,CVE-2021-29649,CVE-2021-29650,CVE-2021-29657,CVE-2021-30002,CVE-2021-31440,CVE-2021-31829,CVE-2021-31916,CVE-2021-32399,CVE-2021-32606,CVE-2021-33033,CVE-2021-33034,CVE-2021-33098,CVE-2021-33135,CVE-2021-33200,CVE-2021-33624,CVE-2021-33655,CVE-2021-33909,CVE-2021-3444,CVE-2021-34556,CVE-2021-34693,CVE-2021-3483,CVE-2021-34866,CVE-2021-3489,CVE-2021-3490,CVE-2021-3491,CVE-2021-34981,CVE-2021-3501,CVE-2021-35039,CVE-2021-3506,CVE-2021-3543,CVE-2021-35477,CVE-2021-3564,CVE-2021-3573,CVE-2021-3600,CVE-2021-3609,CVE-2021-3612,CVE-2021-3640,CVE-2021-3653,CVE-2021-3655,CVE-2021-3656,CVE-2021-3659,CVE-2021-3679,CVE-2021-37159,CVE-2021-3732,CVE-2021-3736,CVE-2021-3739,CVE-2021-3743,CVE-2021-3744,CVE-2021-3752,CVE-2021-3753,CVE-2021-37576,CVE-2021-3760,CVE-2021-3764,CVE-2021-3772,CVE-2021-38166,CVE-2021-38198,CVE-2021-38199,CVE-2021-38200,CVE-2021-38201,CVE-2021-38202,CVE-2021-38203,CVE-2021-38204,CVE-2021-38205,CVE-2021-38206,CVE-2021-38207,CVE-2021-38208,CVE-2021-38209,CVE-2021-38300,CVE-2021-3923,CVE-2021-39633,CVE-2021-39656,CVE-2021-39685,CVE-2021-39686,[CVE-2021-39698](https://nvd...
beta-3732.1.0
Changes since Alpha 3732.0.0
Security fixes:
- Linux (CVE-2023-42755)
Bug fixes:
- Triggered re-reading of partition table to fix adding partitions to the boot disk (scripts#1202)
Changes:
- Use qcow2 compressed format instead of additional compression layer in Qemu images (Flatcar#1135, scripts#1132)
Updates:
- Linux (6.1.55)
Changes compared to Beta 3602.1.6
Security fixes:
- Linux (CVE-2020-36516,CVE-2021-26401,CVE-2021-33135,CVE-2021-33655,CVE-2021-3923,CVE-2021-4155,CVE-2021-4197,CVE-2021-43976,CVE-2021-44879,CVE-2021-45469,CVE-2022-0001,CVE-2022-0002,CVE-2022-0168,CVE-2022-0185,CVE-2022-0330,CVE-2022-0382,CVE-2022-0433,CVE-2022-0435,CVE-2022-0487,CVE-2022-0492,CVE-2022-0494,CVE-2022-0500,CVE-2022-0516,CVE-2022-0617,CVE-2022-0742,CVE-2022-0847,CVE-2022-0995,CVE-2022-1011,CVE-2022-1012,CVE-2022-1015,CVE-2022-1016,CVE-2022-1048,CVE-2022-1055,CVE-2022-1158,CVE-2022-1184,CVE-2022-1198,CVE-2022-1199,CVE-2022-1204,CVE-2022-1205,CVE-2022-1263,CVE-2022-1353,CVE-2022-1462,CVE-2022-1516,CVE-2022-1651,CVE-2022-1652,CVE-2022-1671,CVE-2022-1679,CVE-2022-1729,CVE-2022-1734,CVE-2022-1789,CVE-2022-1852,CVE-2022-1882,CVE-2022-1943,CVE-2022-1973,CVE-2022-1974,CVE-2022-1975,CVE-2022-1976,CVE-2022-1998,CVE-2022-20008,CVE-2022-20158,CVE-2022-20368,CVE-2022-20369,CVE-2022-20421,CVE-2022-20422,CVE-2022-20423,CVE-2022-20566,CVE-2022-20572,CVE-2022-2078,CVE-2022-21123,CVE-2022-21125,CVE-2022-21166,CVE-2022-21499,CVE-2022-21505,CVE-2022-2153,CVE-2022-2196,CVE-2022-22942,CVE-2022-23036,CVE-2022-23037,CVE-2022-23038,CVE-2022-23039,CVE-2022-23040,CVE-2022-23041,CVE-2022-23042,CVE-2022-2308,CVE-2022-2318,CVE-2022-23222,CVE-2022-2380,CVE-2022-23960,CVE-2022-24448,CVE-2022-24958,CVE-2022-24959,CVE-2022-2503,CVE-2022-25258,CVE-2022-25375,CVE-2022-25636,CVE-2022-2585,CVE-2022-2586,CVE-2022-2588,CVE-2022-2590,CVE-2022-2602,CVE-2022-26365,CVE-2022-26373,CVE-2022-2639,CVE-2022-26490,CVE-2022-2663,CVE-2022-26966,CVE-2022-27223,CVE-2022-27666,CVE-2022-27672,CVE-2022-2785,CVE-2022-27950,CVE-2022-28356,CVE-2022-28388,CVE-2022-28389,CVE-2022-28390,CVE-2022-2873,CVE-2022-28796,CVE-2022-28893,CVE-2022-2905,CVE-2022-29156,CVE-2022-2938,CVE-2022-29581,CVE-2022-29582,CVE-2022-2959,CVE-2022-2964,CVE-2022-2977,CVE-2022-2978,CVE-2022-29900,CVE-2022-29901,CVE-2022-29968,CVE-2022-3028,CVE-2022-30594,CVE-2022-3077,CVE-2022-3078,CVE-2022-3104,CVE-2022-3105,CVE-2022-3107,CVE-2022-3108,CVE-2022-3110,CVE-2022-3111,CVE-2022-3112,CVE-2022-3113,CVE-2022-3115,[CVE-2022-3169](http...
stable-3510.2.8
Changes since Stable 3510.2.7
Security fixes:
- Linux (CVE-2023-20588, CVE-2023-3772, CVE-2023-40283, CVE-2023-4128, CVE-2023-4206, CVE-2023-4207, CVE-2023-4208, CVE-2023-4273, CVE-2023-4569)
Changes:
- Azure: Add support for Microsoft Azure Network Adapter (MANA) NICs on Azure (scripts#1131)
Updates:
beta-3602.1.6
Changes since Beta 3602.1.5
Changes:
- Azure: Add support for Microsoft Azure Network Adapter (MANA) NICs on Azure (scripts#1131)
Updates:
alpha-3732.0.0
Changes since Alpha 3717.0.0
Known issues:
- Regression in Kernel 6.1.54, so that a specific cgroupv1 sysfs entry for reading Kernel memory limit disappeared. Container runtimes like runc are mainly affected. The issue was already reported to the upstream Kernel community.
Security fixes:
- Linux (CVE-2023-25775, CVE-2023-4623)
- Go (CVE-2023-39318, CVE-2023-39319, CVE-2023-39320, CVE-2023-39321, CVE-2023-39322)
- nvidia-drivers (CVE-2023-25515, CVE-2023-25516)
- torcx (CVE-2022-28948)
- SDK: Python (CVE-2023-40217, CVE-2023-41105)
Bug fixes:
- Fix the RemainAfterExit clause in nvidia.service (Flatcar#1169)
- Fixed bug in handling renamed network interfaces when generating login issue (init#102)
Changes:
- OEM vendor tools are now A/B updated if they are shipped as systemd-sysext images, the migration happens when both partitions require a systemd-sysext OEM image - note that this will delete the
nvidia.servicefrom/etcon Azure because it's now part of/usr(Flatcar#60) - Azure: Add support for Microsoft Azure Network Adapter (MANA) NICs on Azure (scripts#1131)
Updates:
- Linux (6.1.54 (includes 6.1.53, 6.1.52, 6.1.51))
- Go (1.19.13)
- Go (1.20.8)
- cJSON (1.7.16)
- ca-certificates (3.93)
- containerd (1.7.6)
- ethtool (6.4)
- glib (2.76.4)
- glibc (2.37)
- gmp (6.3.0)
- hwdata (0.373 (includes 0.372))
- inih (57)
- iproute2 (6.4.0)
- libmicrohttpd (0.9.77)
- libnftnl (1.2.6)
- libnvme (1.5)
- nvidia-drivers (535.104.05)
- nvme-cli (2.5)
- openldap (2.6.4)
- tar (1.35)
- xfsprogs (6.4.0)
- SDK: file (5.45)
- SDK: gnuconfig (20230731)
- SDK: kbd (2.6.1 (includes 2.6.0))
- SDK: python (3.11.5)
- SDK: qemu (8.0.4)
stable-3510.2.7
Changes since Stable 3510.2.6
Security fixes:
- Linux (CVE-2022-40982, CVE-2022-41804, CVE-2023-1206, CVE-2023-20569, CVE-2023-4004, CVE-2023-4147, CVE-2023-20569, CVE-2023-23908)
Bug fixes:
- Fixed the restart of Systemd services when the main process is being killed by a SIGHUP signal (flatcar#1157)