Releases: flatcar/scripts
Releases · flatcar/scripts
beta-3549.1.0
beta-3549.1.0
This tag was signed with the committer’s verified signature.
sayanchowdhury
Sayan Chowdhury
65def8f
This commit was signed with the committer’s verified signature.
sayanchowdhury
Sayan Chowdhury
Changes since Beta 3510.1.0
Security fixes:
- Linux (CVE-2022-4269, CVE-2022-4379, CVE-2023-1076, CVE-2023-1077, CVE-2023-1079, CVE-2023-1118, CVE-2023-1611, CVE-2023-1670, CVE-2023-1829, CVE-2023-1855, CVE-2023-1989, CVE-2023-1990, CVE-2023-23004, CVE-2023-25012, CVE-2023-28466, CVE-2023-30456, CVE-2023-30772)
- containerd (CVE-2023-25153, CVE-2023-25173)
- curl (CVE-2023-23914, CVE-2023-23915, CVE-2023-23916)
- e2fsprogs (CVE-2022-1304)
- git (CVE-2023-22490, CVE-2023-23946)
- GnuTLS (CVE-2023-0361)
- Go (CVE-2022-41723, CVE-2022-41724, CVE-2022-41725, CVE-2023-24532)
- intel-microcode (CVE-2022-21216, CVE-2022-33196, CVE-2022-38090)
- less (CVE-2022-46663)
- OpenSSH (CVE-2023-25136)
- OpenSSL (CVE-2022-4203, CVE-2022-4304, CVE-2022-4450, CVE-2023-0215, CVE-2023-0216, CVE-2023-0217, CVE-2023-0286, CVE-2023-0401)
- torcx (CVE-2022-32149)
- vim (CVE-2023-0288, CVE-2023-0433)
- SDK: dnsmasq (CVE-2022-0934)
- SDK: pkgconf (CVE-2023-24056)
- SDK: python (CVE-2023-24329)
Bug fixes:
- Ensured that
/var/log/journal/is created early enough for systemd-journald to persist the logs on first boot (bootengine#60, baselayout#29) - Fixed
journalctl --userpermission issue (Flatcar#989) - Restored the support to specify OEM partition files in Ignition when
/usr/share/oemis given as initrd mount point (bootengine#58)
Changes:
- Added a new
flatcar-resettool and boot logic for selective OS resets to reconfigure the system with Ignition while avoiding config drift (bootengine#55, init#91) - Added new image signing pub key to
flatcar-install, needed for download verification of releases built from July 2023 onwards, if you have copies offlatcar-installor the image signing pub key, you need to update them as well (init#92) - Added
pigzto the image, a parallel gzip implementation, which is useful to speed up the (de)compression for large container image imports/exports (coreos-overlay#2504) - Enabled elfutils support in systemd-coredump. A backtrace will now appear in the journal for any program that dumps core (coreos-overlay#2489)
/etcis now set up as overlayfs with the original/etcfolder being the store for changed files/directories and/usr/share/flatcar/etcproviding the lower default directory tree (bootengine#53, scripts#666)- On boot any files in
/etcthat are the same as provided by the booted/usr/share/flatcar/etcdefault for the overlay mount on/etcare deleted to ensure that future updates of/usr/share/flatcar/etcare propagated - to opt out create/etc/.no-dup-updatein case you want to keep an unmodified config file as is or because you fear that a future Flatcar version may use the same file as you at which point your copy is cleaned up and any other future Flatcar changes would be applied (bootengine#54) - Specifying the OEM filesystem in Ignition to write files to
/usr/share/oemis not needed anymore (bootengine#58) - Switched systemd log reporting to the combined format of both unit description, as before, and now the unit name to easily find the unit (coreos-overlay#2436)
Updates:
- Linux (5.15.106 (includes 5.15.105, 5.15.104, 5.15.103 5.15.102, 5.15.101, 5.15.100, 5.15.99))
- Linux Firmware (20230310 (includes 20230210))
- bind tools (9.16.37)
- btrfs-progs (6.0.2 (includes 6.0))
- ca-certificates (3.89)
- containerd (1.6.19 (includes 1.6.18))
- curl (7.88.1 (includes 7.88.0))
- diffutils (3.9)
- e2fsprogs (1.46.6)
- findutils (4.9.0)
- Go (1.19.7 (includes 1.19.6))
- gcc (12.2.1)
- git (2.39.2)
- GLib (2.74.5)
- GnuTLS (3.8.0)
- ignition (2.15.0)
- intel-microcode (20230214)
- iputils (20221126)
- less (608)
- libpcap (1.10.3 (includes 1.10.2))
- libpcre2 (10.42)
- OpenSSH (9.2)
- OpenSSL (3.0.8)
- qemu guest agent (7.1.0)
- socat (1.7.4.4)
- strace (6.1)
- traceroute (2.1.1)
- vim (9.0.1363)
- SDK: cmake (3.25.2)
- SDK: dnsmasq (2.89)
- SDK: portage (3.0.44)
- SDK: python (3.10.10 (includes [3.10.9](https://docs.python.org/3.10/whatsnew/changelog.html...
alpha-3572.0.0
alpha-3572.0.0
This tag was signed with the committer’s verified signature.
sayanchowdhury
Sayan Chowdhury
f492073
This commit was signed with the committer’s verified signature.
sayanchowdhury
Sayan Chowdhury
Changes since Alpha 3549.0.0
Security fixes:
- Linux (CVE-2022-4269, CVE-2022-4379, CVE-2023-1611, CVE-2023-1670, CVE-2023-1855, CVE-2023-1989, CVE-2023-1990, CVE-2023-28466, CVE-2023-30456, CVE-2023-30772)
- Docker (CVE-2023-28840, CVE-2023-28841, CVE-2023-28842)
- Go (CVE-2023-24534, CVE-2023-24536, CVE-2023-24537, CVE-2023-24538)
- runc (CVE-2023-25809, CVE-2023-27561, CVE-2023-28642)
- tar (CVE-2022-48303)
- vim (CVE-2023-1127, CVE-2023-1175, CVE-2023-1170)
Bug fixes:
- Ensured that
/var/log/journal/is created early enough for systemd-journald to persist the logs on first boot (bootengine#60, baselayout#29) - Fixed
journalctl --userpermission issue (Flatcar#989)
Changes:
- Improved the OS reset tool to offer preview, backup and restore (init#94)
Updates:
alpha-3549.0.0
alpha-3549.0.0
This tag was signed with the committer’s verified signature.
sayanchowdhury
Sayan Chowdhury
d840a73
This commit was signed with the committer’s verified signature.
sayanchowdhury
Sayan Chowdhury
Changes since Alpha 3535.0.0
Security fixes:
- Go (CVE-2023-24532)
- GnuTLS (CVE-2023-0361)
- curl (CVE-2023-23914, CVE-2023-23915, CVE-2023-23916)
- git (CVE-2023-22490, CVE-2023-23946)
- pkgconf (CVE-2023-24056)
- python (CVE-2023-24329)
- vim (CVE-2023-0288, CVE-2023-0433)
Bug fixes:
- Restored the support to specify OEM partition files in Ignition when
/usr/share/oemis given as initrd mount point (bootengine#58)
Changes:
- Added
pigzto the image, a parallel gzip implementation, which is useful to speed up the (de)compression for large container image imports/exports (coreos-overlay#2504) - Added new image signing pub key to
flatcar-install, needed for download verification of releases built from July 2023 onwards, if you have copies offlatcar-installor the image signing pub key, you need to update them as well (init#92) - Enabled elfutils support in systemd-coredump. A backtrace will now appear in the journal for any program that dumps core (coreos-overlay#2489)
- Specifying the OEM filesystem in Ignition to write files to
/usr/share/oemis not needed anymore (bootengine#58)
Updates:
- Go (1.19.7)
- Linux (5.15.103 (includes 5.15.102, 5.15.101, 5.15.100, 5.15.99))
- Linux Firmware (20230310)
- Rust (1.68.0)
- ca-certificates (3.89)
- open-vm-tools (12.2.0)
- GLib (2.74.5)
- GnuTLS (3.8.0)
- SDK: portage (3.0.44)
- SDK: python (3.10.10)
- bind tools (9.16.37)
- curl (7.88.1 (includes 7.88.0))
- diffutils (3.9)
- gcc (12.2.1)
- git (2.39.2)
- libpcap (1.10.3 (includes 1.10.2))
- qemu guest agent (7.1.0)
- socat (1.7.4.4)
- traceroute (2.1.1)
- vim (9.0.1363)
stable-3374.2.5
stable-3374.2.5
This tag was signed with the committer’s verified signature.
sayanchowdhury
Sayan Chowdhury
583531d
This commit was signed with the committer’s verified signature.
sayanchowdhury
Sayan Chowdhury
Changes since Stable 3374.2.4
Security fixes:
Bug fixes:
- Excluded the special Kubernetes network interfaces
nodelocaldnsandkube-ipvs0from being managed with systemd-networkd which interfered with the setup (init#89).
Updates:
lts-3033.3.10
lts-3033.3.10
This tag was signed with the committer’s verified signature.
sayanchowdhury
Sayan Chowdhury
49f4578
This commit was signed with the committer’s verified signature.
sayanchowdhury
Sayan Chowdhury
Changes since LTS 3033.3.9
Security fixes:
- Linux (CVE-2022-2196, CVE-2022-3707, CVE-2022-4129, CVE-2022-4382, CVE-2023-1073, CVE-2023-1074, CVE-2023-1078, CVE-2023-22998, CVE-2023-23559, CVE-2023-26545)
Updates:
beta-3510.1.0
beta-3510.1.0
This tag was signed with the committer’s verified signature.
sayanchowdhury
Sayan Chowdhury
7881173
This commit was signed with the committer’s verified signature.
sayanchowdhury
Sayan Chowdhury
Changes since Beta 3493.1.0
Security fixes:
- Linux (CVE-2022-2196, CVE-2022-27672, CVE-2022-3707, CVE-2023-1078, CVE-2023-26545)
- curl (CVE-2022-43551, CVE-2022-43552)
- sudo (CVE-2023-22809)
- vim (CVE-2023-0049, CVE-2023-0051, CVE-2023-0054)
- SDK: qemu (CVE-2022-4172)
Bug fixes:
- Excluded the special Kubernetes network interfaces
nodelocaldnsandkube-ipvs0from being managed with systemd-networkd which interfered with the setup (init#89).
Updates:
- Linux (5.15.98 (includes 5.15.97, 5.15.96, 5.15.95, 5.15.94, 5.15.93))
- Docker (20.10.23)
- bind tools (9.16.36 (includes 9.16.34 and 9.16.35))
- bpftool (5.19.12)
- ca-certificates (3.88.1)
- containerd (1.6.16)
- curl (7.87.0)
- git (2.39.1 (includes 2.39.0))
- iptables (1.8.8)
- sudo (1.9.12_p2)
- systemd (252.5)
- vim (9.0.1157)
- XZ utils (5.4.1 (includes 5.4.0))
- SDK: boost (1.81.0)
- SDK: file (5.44)
- SDK: portage (3.0.43 (includes 3.0.42))
- SDK: qemu (7.2.0)
- SDK: Rust (1.67.0)
Changes since Alpha 3510.0.0
Security fixes:
Bug fixes:
- Excluded the special Kubernetes network interfaces
nodelocaldnsandkube-ipvs0from being managed with systemd-networkd which interfered with the setup (init#89).
Updates:
alpha-3535.0.0
alpha-3535.0.0
This tag was signed with the committer’s verified signature.
sayanchowdhury
Sayan Chowdhury
c435fd8
This commit was signed with the committer’s verified signature.
sayanchowdhury
Sayan Chowdhury
Changes since Alpha 3510.0.0
Security fixes:
- Linux (CVE-2022-2196, CVE-2022-27672, CVE-2022-3707, CVE-2023-1078, CVE-2023-26545)
- Go (CVE-2022-41723, CVE-2022-41724, CVE-2022-41725)
- OpenSSH (CVE-2023-25136)
- OpenSSL (CVE-2022-4203, CVE-2022-4304, CVE-2022-4450, CVE-2023-0215, CVE-2023-0216, CVE-2023-0217, CVE-2023-0286, CVE-2023-0401)
- containerd (CVE-2023-25153, CVE-2023-25173)
- e2fsprogs (CVE-2022-1304)
- intel-microcode (CVE-2022-21216, CVE-2022-33196, CVE-2022-38090)
- less (CVE-2022-46663)
- torcx (CVE-2022-32149)
- SDK: dnsmasq (CVE-2022-0934)
Bug fixes:
- Excluded the special Kubernetes network interfaces
nodelocaldnsandkube-ipvs0from being managed with systemd-networkd which interfered with the setup (init#89).
Changes:
- Added a new
flatcar-resettool and boot logic for selective OS resets to reconfigure the system with Ignition while avoiding config drift (bootengine#55, init#91) - On boot any files in
/etcthat are the same as provided by the booted/usr/share/flatcar/etcdefault for the overlay mount on/etcare deleted to ensure that future updates of/usr/share/flatcar/etcare propagated - to opt out create/etc/.no-dup-updatein case you want to keep an unmodified config file as is or because you fear that a future Flatcar version may use the same file as you at which point your copy is cleaned up and any other future Flatcar changes would be applied (bootengine#54) - Switched systemd log reporting to the combined format of both unit description, as before, and now the unit name to easily find the unit (coreos-overlay#2436)
/etcis now set up as overlayfs with the original/etcfolder being the store for changed files/directories and/usr/share/flatcar/etcproviding the lower default directory tree (bootengine#53, scripts#666)
Updates:
- Linux (5.15.98 (includes 5.15.97, 5.15.96, 5.15.95, 5.15.94, 5.15.93))
- Go (1.19.6)
- Linux Firmware (20230210)
- OpenSSH (9.2)
- OpenSSL (3.0.8)
- btrfs-progs (6.0.2, includes 6.0)
- containerd (1.6.19 (includes 1.6.18))
- e2fsprogs (1.46.6)
- findutils (4.9.0)
- ignition (2.15.0)
- intel-microcode (20230214)
- iputils (20221126)
- less (608)
- libpcre2 (10.42)
- strace (6.1)
- SDK: cmake (3.25.2)
- SDK: dnsmasq (2.89)
- SDK: python (3.10.9 (includes 3.10))
- SDK: Rust (1.67.1)
stable-3374.2.4
Changes since Stable 3374.2.3
Security fixes:
- Linux (CVE-2022-36280, CVE-2022-41218, CVE-2022-47929, CVE-2023-0045, CVE-2023-0179, CVE-2023-0210, CVE-2023-0266, CVE-2023-0394, CVE-2023-23454, CVE-2023-23455)
Updates:
alpha-3510.0.0
Changes since Alpha 3493.0.0
Security fixes:
- Linux (CVE-2022-4842)
- curl (CVE-2022-43551, CVE-2022-43552)
- sudo (CVE-2023-22809)
- vim (CVE-2023-0049, CVE-2023-0051, CVE-2023-0054)
- SDK: qemu (CVE-2022-4172)
Bug fixes:
Changes:
Updates:
- Linux (5.15.92 (includes 5.15.91, 5.15.90))
- bind tools (9.16.36 (includes 9.16.34 and 9.16.35))
- bpftool (5.19.12)
- containerd (1.6.16)
- cri-tools (1.24.2)
- curl (7.87.0)
- Docker (20.10.23)
- git (2.39.1 (includes 2.39.0))
- iptables (1.8.8)
- sudo (1.9.12_p2)
- systemd (252.5 (includes 252))
- XZ utils (5.4.1 (includes 5.4.0))
- vim (9.0.1157)
- SDK: boost (1.81.0)
- SDK: file (5.44)
- SDK: portage (3.0.43 (includes 3.0.42))
- SDK: qemu (7.2.0)
- SDK: Rust (1.67.0)
stable-3374.2.3
Changes since Stable 3374.2.2
Security fixes:
- Linux (CVE-2022-3169, CVE-2022-3344, CVE-2022-3424, CVE-2022-3521, CVE-2022-3534, CVE-2022-3545, CVE-2022-3643, CVE-2022-4378, CVE-2022-45869, CVE-2022-45934, CVE-2022-47518, CVE-2022-47519, CVE-2022-47520, CVE-2022-47521)
- git (CVE-2022-23521, CVE-2022-41903)
Bug fixes:
- Fix "ext4 deadlock under heavy I/O load" kernel issue. The patch for this is included provisionally while we stay with Kernel 5.15.86. (Flatcar#847, coreos-overlay#2402)