flatcar/scripts stable-3602.2.0

on GitHub

Changes since Beta 3602.1.6

Security fixes:

• Linux (CVE-2023-42755)

Bug fixes:

• Triggered re-reading of partition table to fix adding partitions to the boot disk (scripts#1202)

Changes:

• Use qcow2 compressed format instead of additional compression layer in Qemu images (Flatcar#1135, scripts#1132)

Updates:

• Linux (5.15.133)

Changes compared to Stable 3510.2.8

Security fixes:

• Linux (CVE-2023-42752, CVE-2023-42753, CVE-2023-42755, CVE-2023-4623, CVE-2023-4921)
• Go (CVE-2023-24532, CVE-2023-24534, CVE-2023-24536, CVE-2023-24537, CVE-2023-24538, CVE-2023-24539, CVE-2023-24540, CVE-2023-29400, CVE-2022-41723, CVE-2022-41724, CVE-2022-41725)
• bash (CVE-2022-3715)
• c-ares (CVE-2022-4904)
• containerd (CVE-2023-25153, CVE-2023-25173)
• curl (CVE-2023-23914, CVE-2023-23915 and CVE-2023-23916, CVE-2023-27533, CVE-2023-27534, CVE-2023-27535, CVE-2023-27536, CVE-2023-27537, CVE-2023-27538)
• Docker (CVE-2023-28840, CVE-2023-28841, CVE-2023-28842)
• e2fsprogs (CVE-2022-1304)
• git (CVE-2023-22490, CVE-2023-23946)
• GnuTLS (CVE-2023-0361)
• intel-microcode (CVE-2022-21216, CVE-2022-33196, CVE-2022-38090)
• less (CVE-2022-46663)
• libxml2 (CVE-2023-28484, CVE-2023-29469)
• OpenSSH (CVE-2023-25136, CVE-2023-28531, CVE-2023-38408)
• OpenSSL (CVE-2022-4203, CVE-2022-4304, CVE-2022-4450, CVE-2023-0215, CVE-2023-0216, CVE-2023-0217, CVE-2023-0286, CVE-2023-0401, CVE-2023-0464, CVE-2023-0465, CVE-2023-0466, CVE-2023-1255)
• runc (CVE-2023-25809, CVE-2023-27561, CVE-2023-28642)
• tar (CVE-2022-48303)
• torcx (CVE-2022-32149)
• vim (CVE-2023-0288, CVE-2023-0433, CVE-2023-1127, CVE-2023-1175, CVE-2023-1170)
• SDK: dnsmasq (CVE-2022-0934)
• SDK: pkgconf (CVE-2023-24056)
• SDK: python (CVE-2023-24329)

Bug fixes:

• Ensured that /var/log/journal/ is created early enough for systemd-journald to persist the logs on first boot (bootengine#60, baselayout#29)
• Fixed journalctl --user permission issue (Flatcar#989)
• Ensured that the folder /var/log/sssd is created if it doesn't exist, required for sssd.service (Flatcar#1096)
• Fixed a miscompilation of getfacl causing it to dump core when executed (scripts#809)
• Restored the reboot warning and delay for non-SSH console sessions (locksmith#21)
• Triggered re-reading of partition table to fix adding partitions to the boot disk (scripts#1202)
• Worked around a bash regression in flatcar-install and added error reporting for disk write failures (Flatcar#1059)

Changes:

• Added pigz to the image, a parallel gzip implementation, which is useful to speed up the (de)compression for large container image imports/exports (coreos-overlay#2504)
• Added a new flatcar-reset tool and boot logic for selective OS resets to reconfigure the system with Ignition while avoiding config drift (bootengine#55, init#91)
• Enabled elfutils support in systemd-coredump. A backtrace will now appear in the journal for any program that dumps core (coreos-overlay#2489)
• Improved the OS reset tool to offer preview, backup and restore (init#94)
• On boot any files in /etc that are the same as provided by the booted /usr/share/flatcar/etc default for the overlay mount on /etc are deleted to ensure that future updates of /usr/share/flatcar/etc are propagated - to opt out create /etc/.no-dup-update in case you want to keep an unmodified config file as is or because you fear that a future Flatcar version may use the same file as you at which point your copy is cleaned up and any other future Flatcar changes would be applied (bootengine#54)
• Switched systemd log reporting to the combined format of both unit description, as before, and now the unit name to easily find the unit (coreos-overlay#2436)
• /etc is now set up as overlayfs with the original /etc folder being the store for changed files/directories and /usr/share/flatcar/etc providing the lower default directory tree (bootengine#53, scripts#666)
• Changed coreos-cloudinit to now set the short hostname instead of the FQDN when fetched from the metadata service (coreos-cloudinit#19)
• Use qcow2 compressed format instead of additional compression layer in Qemu images (Flatcar#1135, scripts#1132)

Updates:

• Linux (5.15.133 (includes 5.15.132, 5.15.131, 5.15.130, 5.15.129, 5.15.128, 5.15.127, 5.15.126, 5.15.125, 5.15.124, 5.15.123, 5.15.122, 5.15.121, 5.15.120, 5.15.119, 5.15.118, 5.15.117, 5.15.116, 5.15.115, 5.15.114, 5.15.113, 5.15.112, 5.15.111, 5.15.110, 5.15.109, 5.15.108, 5.15.107, 5.15.106, 5.15.105, 5.15.104, 5.15.103, 5.15.102, 5.15.101, 5.15.100, 5.15.99))
• Linux Firmware (20230404 (includes 20230310, 20230210))
• Go (1.19.9 (includes 1.19.8, 1.19.7, 1.19.6))
• bash (5.2)
• bind tools (9.16.37)
• bpftool (6.2.1)
• btrfs-progs (6.0.2, includes 6.0)
• c-ares (1.19.0)
• containerd (1.6.21 (includes 1.6.20, 1.6.19 1.6.18)
• curl (8.0.1 (includes 7.88.1, 7.88.0))
• diffutils (3.9)
• Docker (20.10.24)
• e2fsprogs (1.47.0 (includes 1.46.6))
• findutils (4.9.0)
• gcc (12.2.1)
• gdb (13.1.90)
• git (2.39.2)
• GLib (2.74.6 (includes 2.74.5))
• GnuTLS (3.8.0)
• ignition (2.15.0)
• intel-microcode (20230214)
• iperf (3.13)
• iputils (20221126)
• less (608)
• libarchive (3.6.2)
• libpcap (1.10.3 (includes 1.10.2))
• libpcre2 (10.42)
• libxml2 (2.10.4)
• multipath-tools (0.9.4)
• OpenSSH (9.3 (includes 9.2))
• OpenSSL (3.0.8)
• pinentry (1.2.1)
• qemu guest agent (7.1.0)
• readline (8.2)
• runc (1.1.7 (includes 1.1.6, 1.1.5))
• socat (1.7.4.4)
• sqlite (3.41.2)
• strace (6.1)
• traceroute (2.1.1)
• vim (9.0.1403 (includes 9.0.1363))
• XZ utils (5.4.2)
• Zstandard (1.5.4 (includes 1.5.2, 1.5.1 and 1.5.0))
• SDK: cmake (3.25.2)
• SDK: dnsmasq (2.89)
• SDK: pahole (1.24)
• SDK: portage (3.0.44)
• SDK: python (3.10.10 (includes 3.10.9, 3.10))
• SDK: Rust (1.68.2 (includes 1.68.0, 1.67.1))
• SDK: nano (7.2)
• VMware: open-vm-tools (12.2.0)