flatcar/scripts beta-3549.1.0

on GitHub

Changes since Beta 3510.1.0

Security fixes:

• Linux (CVE-2022-4269, CVE-2022-4379, CVE-2023-1076, CVE-2023-1077, CVE-2023-1079, CVE-2023-1118, CVE-2023-1611, CVE-2023-1670, CVE-2023-1829, CVE-2023-1855, CVE-2023-1989, CVE-2023-1990, CVE-2023-23004, CVE-2023-25012, CVE-2023-28466, CVE-2023-30456, CVE-2023-30772)
• containerd (CVE-2023-25153, CVE-2023-25173)
• curl (CVE-2023-23914, CVE-2023-23915, CVE-2023-23916)
• e2fsprogs (CVE-2022-1304)
• git (CVE-2023-22490, CVE-2023-23946)
• GnuTLS (CVE-2023-0361)
• Go (CVE-2022-41723, CVE-2022-41724, CVE-2022-41725, CVE-2023-24532)
• intel-microcode (CVE-2022-21216, CVE-2022-33196, CVE-2022-38090)
• less (CVE-2022-46663)
• OpenSSH (CVE-2023-25136)
• OpenSSL (CVE-2022-4203, CVE-2022-4304, CVE-2022-4450, CVE-2023-0215, CVE-2023-0216, CVE-2023-0217, CVE-2023-0286, CVE-2023-0401)
• torcx (CVE-2022-32149)
• vim (CVE-2023-0288, CVE-2023-0433)
• SDK: dnsmasq (CVE-2022-0934)
• SDK: pkgconf (CVE-2023-24056)
• SDK: python (CVE-2023-24329)

Bug fixes:

• Ensured that /var/log/journal/ is created early enough for systemd-journald to persist the logs on first boot (bootengine#60, baselayout#29)
• Fixed journalctl --user permission issue (Flatcar#989)
• Restored the support to specify OEM partition files in Ignition when /usr/share/oem is given as initrd mount point (bootengine#58)

Changes:

• Added a new flatcar-reset tool and boot logic for selective OS resets to reconfigure the system with Ignition while avoiding config drift (bootengine#55, init#91)
• Added new image signing pub key to flatcar-install, needed for download verification of releases built from July 2023 onwards, if you have copies of flatcar-install or the image signing pub key, you need to update them as well (init#92)
• Added pigz to the image, a parallel gzip implementation, which is useful to speed up the (de)compression for large container image imports/exports (coreos-overlay#2504)
• Enabled elfutils support in systemd-coredump. A backtrace will now appear in the journal for any program that dumps core (coreos-overlay#2489)
• /etc is now set up as overlayfs with the original /etc folder being the store for changed files/directories and /usr/share/flatcar/etc providing the lower default directory tree (bootengine#53, scripts#666)
• On boot any files in /etc that are the same as provided by the booted /usr/share/flatcar/etc default for the overlay mount on /etc are deleted to ensure that future updates of /usr/share/flatcar/etc are propagated - to opt out create /etc/.no-dup-update in case you want to keep an unmodified config file as is or because you fear that a future Flatcar version may use the same file as you at which point your copy is cleaned up and any other future Flatcar changes would be applied (bootengine#54)
• Specifying the OEM filesystem in Ignition to write files to /usr/share/oem is not needed anymore (bootengine#58)
• Switched systemd log reporting to the combined format of both unit description, as before, and now the unit name to easily find the unit (coreos-overlay#2436)

Updates:

• Linux (5.15.106 (includes 5.15.105, 5.15.104, 5.15.103 5.15.102, 5.15.101, 5.15.100, 5.15.99))
• Linux Firmware (20230310 (includes 20230210))
• bind tools (9.16.37)
• btrfs-progs (6.0.2 (includes 6.0))
• ca-certificates (3.89)
• containerd (1.6.19 (includes 1.6.18))
• curl (7.88.1 (includes 7.88.0))
• diffutils (3.9)
• e2fsprogs (1.46.6)
• findutils (4.9.0)
• Go (1.19.7 (includes 1.19.6))
• gcc (12.2.1)
• git (2.39.2)
• GLib (2.74.5)
• GnuTLS (3.8.0)
• ignition (2.15.0)
• intel-microcode (20230214)
• iputils (20221126)
• less (608)
• libpcap (1.10.3 (includes 1.10.2))
• libpcre2 (10.42)
• OpenSSH (9.2)
• OpenSSL (3.0.8)
• qemu guest agent (7.1.0)
• socat (1.7.4.4)
• strace (6.1)
• traceroute (2.1.1)
• vim (9.0.1363)
• SDK: cmake (3.25.2)
• SDK: dnsmasq (2.89)
• SDK: portage (3.0.44)
• SDK: python (3.10.10 (includes 3.10.9, 3.10))
• SDK: Rust (1.68.0 (includes 1.67.1))
• VMware: open-vm-tools (12.2.0)

Changes since Alpha 3549.0.0

Security fixes:

• Linux (CVE-2022-4269, CVE-2022-4379, CVE-2023-1611, CVE-2023-1670, CVE-2023-1855, CVE-2023-1989, CVE-2023-1990, CVE-2023-28466, CVE-2023-30456, CVE-2023-30772)

Bug fixes:

• Ensured that /var/log/journal/ is created early enough for systemd-journald to persist the logs on first boot (bootengine#60, baselayout#29)
• Fixed journalctl --user permission issue (Flatcar#989)

Changes:

Updates:

• Linux (5.15.106 (includes 5.15.105, 5.15.104))