Changes since Alpha 3874.0.0
Security fixes:
- Linux (CVE-2023-52429, CVE-2024-1151, CVE-2024-23850, CVE-2024-23851, CVE-2024-26581, CVE-2024-26582, CVE-2024-26583, CVE-2024-26584, CVE-2024-26585, CVE-2024-26593)
- coreutils (CVE-2024-0684)
- dnsmasq (CVE-2023-28450, CVE-2023-50387, CVE-2023-50868)
- gcc (CVE-2023-4039)
- glibc (CVE-2023-5156, CVE-2023-6246, CVE-2023-6779, CVE-2023-6780)
- gnupg (gnupg-2024-01-25)
- gnutls (CVE-2024-0567, CVE-2024-0553)
- libuv (CVE-2024-24806)
- libxml2 (CVE-2024-25062)
- openssl (CVE-2023-5678, CVE-2023-6129, CVE-2023-6237, CVE-2024-0727)
- sudo (CVE-2023-42465)
- vim (CVE-2023-48231, CVE-2023-48232, CVE-2023-48233, CVE-2023-48234, CVE-2023-48235, CVE-2023-48236, CVE-2023-48237, CVE-2023-48706)
Bug fixes:
- Fixed that systemd-sysext images can extend directories where Flatcar extensions are also shipping files, e.g., that the sysext-bakery Kubernetes extension works when OEM extensions are present (sysext-bakery#50)
- Fixed kubevirt vm creation by ensuring that /dev/vhost-net exists (Flatcar#1336)
- Removed custom CloudSigma coreos-cloudinit service configuration since it will be called with the cloudsigma oem anyway. The restart of the service can also cause the serial port to be stuck in an nondeterministic state which breaks future runs.
- Resolved kmod static nodes creation in bootengine (bootengine#85)
- Restored support for custom OEMs supplied in the PXE boot where
/usr/share/oem
brings the OEM partition contents (Flatcar#1376)
Changes:
- Introduced a new format
qemu_uefi_secure
to test Flatcar for SecureBoot-enabled features. The format will be later merged intoqemu_uefi
. - Added Ignition Clevis support for encrypted disks unlocked with a TPM2 device or a Tang server (scripts#1560)
- Added Scaleway images (flatcar/scripts#1683)
- Provided a ZFS-2.2.2 Flatcar extension as optional systemd-sysext image with the release. Write 'zfs' to
/etc/flatcar/enabled-sysext.conf
through Ignition and the sysext will be installed during provisioning. ZFS support is experimental and ZFS is not supported for the root partition. (flatcar/scripts#1742) - Removed Linux drivers for Mellanox Technologies Switch ASICs family and Spectrum/Spectrum-2/Spectrum-3/Spectrum-4 Ethernet Switch ASICs to reduce the initrd size on AMD64 by ~5MB (flatcar/scripts#1734). This change is part of the effort to reduce the initrd size (Flatcar#1381).
- Removed coreos-cloudinit support for automatic keys conversion (e.g
reboot-strategy
->reboot_strategy
) (scripts#1687)
Updates:
- Go (1.20.14)
- Ignition (2.18.0 (includes 2.17.0, 2.16.2, 2.16.1 and 2.16.0))
- Linux (6.6.21 (includes 6.6.20, 6.6.19, 6.6.18, 6.6.17))
- Linux Firmware (20240312 (includes 20240220))
- audit (3.1.1)
- bind-tools (9.16.48)
- c-ares (1.25.0)
- cJSON (1.7.17)
- ca-certificates (3.98)
- checkpolicy (3.6)
- curl (8.6.0)
- ethtool (6.6)
- glibc (2.38)
- gnupg (2.4.4)
- keyutils (1.6.3 (includes 1.6.2))
- less (643)
- libbsd (0.11.8)
- libcap-ng (0.8.4)
- libgcrypt (1.10.3)
- libidn2 (2.3.7)
- libksba (1.6.6)
- libnvme (1.7.1 (includes 1.7))
- libpsl (0.21.5)
- libseccomp (2.5.5)
- libselinux (3.6)
- libsemanage (3.6)
- libsepol (3.6)
- libuv (1.48.0)
- libverto (0.3.2)
- libxml2 (2.12.5)
- lsof (4.99.3 (includes 4.99.2 and 4.99.1))
- mime-types (2.1.54)
- multipath-tools (0.9.7)
- nvme-cli (2.7.1 (includes 2.7))
- openssl (3.2.1)
- policycoreutils (3.6)
- semodule-utils (3.6)
- shim (15.8)
- sqlite (3.45.1)
- sudo (1.9.15p5)
- systemd (255.3)
- thin-provisioning-tools (1.0.10)
- traceroute (2.1.5 (includes 2.1.4))
- usbutils (017)
- util-linux (2.39.3)
- vim (9.0.2167)
- xmlsec (1.3.3)
- xz-utils (5.4.6)
- SDK: python (3.11.8)
- SDK: Rust (1.76.0)
- SDK: qemu (8.1.5)