flatcar/scripts stable-4081.2.0

on GitHub

Changes since Stable 3975.2.2

Security fixes:

• Linux (CVE-2024-50179, CVE-2024-50176, CVE-2024-50175, CVE-2024-50012, CVE-2024-50008, CVE-2024-50007, CVE-2024-50006, CVE-2024-50005, CVE-2024-50016, CVE-2024-50015, CVE-2024-50013, CVE-2024-50003, CVE-2024-50002, CVE-2024-50001, CVE-2024-50000, CVE-2024-49997, CVE-2024-49996, CVE-2024-49995, CVE-2024-49955, CVE-2024-49963, CVE-2024-49962, CVE-2024-49961, CVE-2024-49960, CVE-2024-49959, CVE-2024-49993, CVE-2024-49992, CVE-2024-49991, CVE-2024-49989, CVE-2024-49988, CVE-2024-49987, CVE-2024-49986, CVE-2024-49985, CVE-2024-49958, CVE-2024-49983, CVE-2024-49982, CVE-2024-49981, CVE-2024-49980, CVE-2024-49978, CVE-2024-49977, CVE-2024-49976, CVE-2024-49975, CVE-2024-49957, CVE-2024-49973, CVE-2024-49969, CVE-2024-49967, CVE-2024-49966, CVE-2024-49965, CVE-2024-49924, CVE-2024-49954, CVE-2024-49953, CVE-2024-49952, CVE-2024-49951, CVE-2024-49950, CVE-2024-49949, CVE-2024-49948, CVE-2024-49947, CVE-2024-49946, CVE-2024-49944, CVE-2024-49939, CVE-2024-49938, CVE-2024-49937, CVE-2024-49936, CVE-2024-49935, CVE-2024-49933, CVE-2024-49931, CVE-2024-49930, CVE-2024-49929, CVE-2024-49927, CVE-2024-49925, CVE-2024-49875, CVE-2024-49884, CVE-2024-49883, CVE-2024-49882, CVE-2024-49881, CVE-2024-49879, CVE-2024-49913, CVE-2024-49912, CVE-2024-49907, CVE-2024-49905, CVE-2024-49878, CVE-2024-49903, CVE-2024-49902, CVE-2024-49901, CVE-2024-49900, CVE-2024-49896, CVE-2024-49895, CVE-2024-49877, CVE-2024-49894, CVE-2024-49892, CVE-2024-49890, CVE-2024-49889, CVE-2024-49886, CVE-2024-49863, CVE-2024-49871, CVE-2024-49870, CVE-2024-49868, CVE-2024-49867, CVE-2024-49866, CVE-2024-49874, CVE-2024-49864, CVE-2024-47704, CVE-2024-50191, CVE-2024-50189, CVE-2024-50188, CVE-2024-50187, CVE-2024-50186, CVE-2024-50185, CVE-2024-50184, CVE-2024-50183, CVE-2024-50182, CVE-2024-50180, CVE-2024-50181, CVE-2024-50097, CVE-2024-50096, CVE-2024-50095, CVE-2024-50093, CVE-2024-50089, CVE-2024-50058, CVE-2024-50065, CVE-2024-50064, CVE-2024-50063, CVE-2024-50062, CVE-2024-50061, CVE-2024-50060, CVE-2024-50059, CVE-2024-50026, CVE-2024-50024, CVE-2024-50023, CVE-2024-50057, CVE-2024-50055, CVE-2024-50049, CVE-2024-50022, CVE-2024-50048, CVE-2024-50047, CVE-2024-50046, CVE-2024-50045, CVE-2024-50044, CVE-2024-50041, CVE-2024-50040, CVE-2024-50039, CVE-2024-50038, CVE-2024-50036, CVE-2024-50035, CVE-2024-50033, CVE-2024-50032, CVE-2024-50031, CVE-2024-50029, CVE-2024-50019, CVE-2024-50201, CVE-2024-50202, CVE-2024-50101, CVE-2024-50098, CVE-2024-50099, CVE-2024-50088, CVE-2024-50087, CVE-2024-50086, CVE-2024-50085, CVE-2024-50084, CVE-2024-50083, CVE-2024-50082, CVE-2024-50080, CVE-2024-50077, CVE-2024-50076, CVE-2024-50075, CVE-2024-50074, CVE-2024-50073, CVE-2024-50072, CVE-2024-50070, CVE-2024-50078, CVE-2024-50069, CVE-2024-50066, CVE-2024-50211, CVE-2024-50210, CVE-2024-50209, CVE-2024-50208, CVE-2024-50205, CVE-2024-50155, CVE-2024-50164, CVE-2024-50163, CVE-2024-50162, CVE-2024-50160, CVE-2024-50159, CVE-2024-50158, CVE-2024-50172, CVE-2024-50171, CVE-2024-50170, CVE-2024-50169, CVE-2024-50168, CVE-2024-50167, CVE-2024-50166, CVE-2024-50156, CVE-2024-50148, CVE-2024-50147, CVE-2024-50145, CVE-2024-50143, CVE-2024-50142, CVE-2024-50141, CVE-2024-50154, CVE-2024-50153, CVE-2024-50152, CVE-2024-50151, CVE-2024-50150, CVE-2024-50139, CVE-2024-50140, CVE-2024-50128, CVE-2024-50136, CVE-2024-50135, CVE-2024-50134, CVE-2024-50133, CVE-2024-50131, CVE-2024-50130, CVE-2024-50111, CVE-2024-50110, CVE-2024-50108, CVE-2024-50127, CVE-2024-50126, CVE-2024-50125, CVE-2024-50124, CVE-2024-50121, CVE-2024-50120, CVE-2024-50117, CVE-2024-50116, CVE-2024-50115, CVE-2024-50112, CVE-2024-50103, CVE-2024-50262, CVE-2024-50259, CVE-2024-50261, CVE-2024-50226, CVE-2024-50235, CVE-2024-50234, CVE-2024-50233, CVE-2024-50232, CVE-2024-50231, CVE-2024-50230, CVE-2024-50258, CVE-2024-50257, CVE-2024-50256, CVE-2024-50229, CVE-2024-50255, CVE-2024-50252, CVE-2024-50251, CVE-2024-50250, CVE-2024-50249, CVE-2024-50248, CVE-2024-50247, CVE-2024-50246, CVE-2024-50228, CVE-2024-50245, CVE-2024-50244, CVE-2024-50243, CVE-2024-50242, CVE-2024-50240, CVE-2024-50239, CVE-2024-50237, CVE-2024-50236, CVE-2024-50219, CVE-2024-50218, CVE-2024-50216, CVE-2024-50215, CVE-2024-50224, CVE-2024-50223, CVE-2024-50222)
• curl (CVE-2024-6197, CVE-2024-6874, CVE-2024-7264)
• docker (CVE-2024-29018)
• git (CVE-2024-32002, CVE-2024-32004, CVE-2024-32020, CVE-2024-32021, CVE-2024-32465)
• glib (CVE-2024-34397)
• intel-microcode (CVE-2023-45733, CVE-2023-45745, CVE-2023-46103, CVE-2023-47855)
• libarchive (CVE-2024-26256, CVE-2024-37407)
• libxml2 (CVE-2024-34459)
• linux-firmware (CVE-2023-31315)
• mit-krb5 (CVE-2024-26461, CVE-2024-26462, CVE-2024-37370, CVE-2024-37371)
• sysext-podman: podman (CVE-2024-3727)
• tpm2-tools (CVE-2024-29038, CVE-2024-29039, CVE-2024-29040)
• SDK: go (CVE-2023-45288, CVE-2023-45289, CVE-2023-45290, CVE-2024-24783, CVE-2024-24784, CVE-2024-24785, CVE-2024-24788, CVE-2024-24789, CVE-2024-24790, CVE-2024-24791)
• SDK: nasm (CVE-2019-6290, CVE-2019-6291, CVE-2019-8343, CVE-2020-21528, CVE-2021-33450, CVE-2021-33452, CVE-2022-44368, CVE-2022-44369, CVE-2022-44370)
• SDK: re2c (CVE-2022-23901)

Bug fixes:

• CloudSigma: Disabled the new DHCP RapidCommit feature which is enabled by default since systemd 255. CloudSigma provides an incompatible implementation which results in cloud-init not being applied as no IP is issued. See: (flatcar/scripts#2016)
• Fixed bad usage of gpg that prevented flatcar-install from being used with custom signing keys (Flatcar#1471)
• Fixed the initrd option in the QEMU launcher script. It was -R, but this was already taken by the read-only pflash option, so use -r instead. (scripts#2239)

Changes:

• As part of the update to Catalyst 4 (used to build the SDK), the coreos package repository has been renamed to coreos-overlay to match its directory name. This will be reflected in package listings and package manager output. (flatcar/scripts#2115)
• Provided a Python Flatcar extension as optional systemd-sysext image with the release. Write 'python' to /etc/flatcar/enabled-sysext.conf through Ignition and the sysext will be installed during provisioning (scripts#1979)
• Added Akamai / Linode images (flatcar/scripts#1806)
• Removed unused grub executable duplicate files and removed grub modules that are already assembled in the grub executable (flatcar/scripts#1955).
• Replace nmap netcat with openbsd variant. The license didn't get an exception from CNCF. Something about the definition of "derivative works" being too broad.
• The docker build command will now use buildx as its backend as the old one became deprecated and a loud "DEPRECATED" information is printed every time it's used.
• The kernel security module Landlock is now enabled for programs to sandbox themselves (flatcar/scripts#2158)
• libcrypt is now provided by the libxcrypt library instead of glibc. Glibc libcrypt was deprecated long time ago.
• Disable CONFIG_NFS_V4_2_READ_PLUS kernel config to fix nfs-ganesha (flatcar/scripts#2390)

Updates:

• Ignition (2.19.0)
• Linux (6.6.60 (includes 6.6.59, 6.6.58, 6.6.57, 6.6.56, 6.6.55, 6.6.52, 6.6.50,6.6.49, 6.6.47, 6.6.46, 6.6.45, 6.6.44, 6.6.32, 6.6.31))
• Linux Firmware (20240811 (includes 20240709, 20240610))
• Open-iSCSI (2.1.10)
• SDK: Go (1.21.13 (includes 1.21.12 includes changes from 1.21))
• SDK: Rust (1.80.1 (includes 1.80.0, 1.79.0, 1.78.0))
• SDK: meson (1.5.1)
• SDK: nasm (2.16.01)
• SDK: portage (3.0.65 (includes 3.0.63))
• SDK: qemu (8.2.3)
• afterburn (5.6.0)
• audit (3.1.2)
• azure-nvme-utils (0.2.0)
• binutils (2.42)
• bpftool (6.9.2 (includes 6.8.2))
• btrfs-progs (6.9.2)
• c-ares (1.29.0 (includes 1.28.1, 1.28.0))
• cJSON (1.7.18)
• ca-certificates (3.106)
• conntrack-tools (1.4.8)
• containerd (1.7.21 (includes 1.7.20, 1.7.19, 1.7.18))
• cryptsetup (2.7.2 (includes 2.7.1 and 2.7.0))
• curl (8.9.1 (includes 8.9.0, 8.8.0))
• dev: minicom (2.9)
• docker (26.1.0, includes changes from 25.0)
• e2fsprogs (1.47.1)
• elfutils (0.191)
• ethtool (6.9)
• findutils (4.10.0)
• gcc (13.3.1_p20240614)
• gce, sysext-python: setuptools (72.1.0 (includes 71.1.0, 71.0.0))
• gflags (2.2.2)
• git (2.44.2 (includes 2.44.1, 2.44.0))
• glib (2.78.6 (includes 2.78.5, 2.78.4))
• glog (0.6.0)
• gnupg (2.4.5)
• hwdata (0.383 (includes 0.382))
• intel-microcode (20240514_p20240514)
• iproute2 (6.8.0 (includes 6.7.0))
• ipset (7.22)
• kexec-tools (2.0.28)
• kmod (32)
• libarchive (3.7.4 (includes 3.7.3))
• libassuan (2.5.7)
• libcap (2.70)
• libcap-ng (0.8.5)
• libdnet (1.18.0)
• libgpg-error (1.49)
• libksba (1.6.7)
• libmicrohttpd (1.0.1 (inlcudes 1.0.0))
• libnl (3.9.0)
• libnvme (1.9)
• libpcre2 (10.43)
• libunwind (1.8.1 (includes 1.8.0))
• libusb (1.0.27)
• libxml2 (2.12.7 (includes 2.12.6))
• linux-pam (1.5.3)
• lshw (02.20.2b)
• lz4 (1.10.0)
• mit-krb5 (1.21.3)
• multipath-tools (0.9.8)
• nghttp2 (1.62.1)
• nmap (7.95)
• npth (1.7)
• nvme-cli (2.9.1 (includes 2.9))
• pahole (1.27)
• pciutils (3.13.0 (includes 3.12.0))
• qemu-guest-agent (8.2.0)
• rsync (3.3.0)
• runc (1.1.13)
• sqlite (3.46.0 (includes 3.45.3))
• strace (6.9)
• sysext-podman: aardvark-dns (1.11.0)
• sysext-podman: containers-common (0.59.1)
• sysext-podman: podman (5.0.3)
• sysext-python: jaraco-text (3.12.1)
• sysext-python: more-itertools (10.4.0)
• sysext-python: pip (24.2 (includes 24.1.2))
• sysext-python: setuptools(70.3.0 (includes 70.1.1, 70.1.0, 70.0.0, 69.5.1, 69.5.0, 69.4.2, 69.4.1, 69.4.0, 69.3.1, 69.3.0, 69.2.0))
• sysext-python: trove-classifiers (2024.7.2)
• sysext-python: wheel (0.44.0)
• sysext-zfs: zfs (2.2.5 (includes 2.2.4, 2.2.3))
• systemd (255.8)
• talloc (2.4.1)
• tcpdump (4.99.4)
• tdb (1.4.9)
• tevent (0.15.0)
• tpm2-tools (5.7 (includes 5.6.1, 5.6))
• tpm2-tss (4.1.3 (includes 4.0.2))
• util-linux (2.39.4)
• vim (9.1.0366 (includes 9.1))
• wget (1.24.5)
• whois (5.5.21)
• xfsprogs (6.8.0 (includes 6.6.0))
• xz-utils (5.6.2)
• zlib (1.3.1)
• zstd (1.5.6)
• vmware: open-vm-tools (12.4.5)

Changes since Beta 4081.1.0

Security fixes:

• Linux (CVE-2024-50179, CVE-2024-50176, CVE-2024-50175, CVE-2024-50012, CVE-2024-50008, CVE-2024-50007, CVE-2024-50006, CVE-2024-50005, CVE-2024-50016, CVE-2024-50015, CVE-2024-50013, CVE-2024-50003, CVE-2024-50002, CVE-2024-50001, CVE-2024-50000, CVE-2024-49997, CVE-2024-49996, CVE-2024-49995, CVE-2024-49955, CVE-2024-49963, CVE-2024-49962, CVE-2024-49961, CVE-2024-49960, CVE-2024-49959, CVE-2024-49993, CVE-2024-49992, CVE-2024-49991, CVE-2024-49989, CVE-2024-49988, CVE-2024-49987, CVE-2024-49986, CVE-2024-49985, CVE-2024-49958, CVE-2024-49983, CVE-2024-49982, CVE-2024-49981, CVE-2024-49980, CVE-2024-49978, CVE-2024-49977, CVE-2024-49976, CVE-2024-49975, CVE-2024-49957, CVE-2024-49973, CVE-2024-49969, CVE-2024-49967, CVE-2024-49966, CVE-2024-49965, CVE-2024-49924, CVE-2024-49954, CVE-2024-49953, CVE-2024-49952, CVE-2024-49951, CVE-2024-49950, CVE-2024-49949, CVE-2024-49948, CVE-2024-49947, CVE-2024-49946, CVE-2024-49944, CVE-2024-49939, CVE-2024-49938, CVE-2024-49937, CVE-2024-49936, CVE-2024-49935, CVE-2024-49933, CVE-2024-49931, CVE-2024-49930, CVE-2024-49929, CVE-2024-49927, CVE-2024-49925, CVE-2024-49875, CVE-2024-49884, CVE-2024-49883, CVE-2024-49882, CVE-2024-49881, CVE-2024-49879, CVE-2024-49913, CVE-2024-49912, CVE-2024-49907, CVE-2024-49905, CVE-2024-49878, CVE-2024-49903, CVE-2024-49902, CVE-2024-49901, CVE-2024-49900, CVE-2024-49896, CVE-2024-49895, CVE-2024-49877, CVE-2024-49894, CVE-2024-49892, CVE-2024-49890, CVE-2024-49889, CVE-2024-49886, CVE-2024-49863, CVE-2024-49871, CVE-2024-49870, CVE-2024-49868, CVE-2024-49867, CVE-2024-49866, CVE-2024-49874, CVE-2024-49864, CVE-2024-47704, CVE-2024-50191, CVE-2024-50189, CVE-2024-50188, CVE-2024-50187, CVE-2024-50186, CVE-2024-50185, CVE-2024-50184, CVE-2024-50183, CVE-2024-50182, CVE-2024-50180, CVE-2024-50181, CVE-2024-50097, CVE-2024-50096, CVE-2024-50095, CVE-2024-50093, CVE-2024-50089, CVE-2024-50058, CVE-2024-50065, CVE-2024-50064, CVE-2024-50063, CVE-2024-50062, CVE-2024-50061, CVE-2024-50060, CVE-2024-50059, CVE-2024-50026, CVE-2024-50024, CVE-2024-50023, CVE-2024-50057, CVE-2024-50055, CVE-2024-50049, CVE-2024-50022, CVE-2024-50048, CVE-2024-50047, CVE-2024-50046, CVE-2024-50045, CVE-2024-50044, CVE-2024-50041, CVE-2024-50040, CVE-2024-50039, CVE-2024-50038, CVE-2024-50036, CVE-2024-50035, CVE-2024-50033, CVE-2024-50032, CVE-2024-50031, CVE-2024-50029, CVE-2024-50019, CVE-2024-50201, CVE-2024-50202, CVE-2024-50101, CVE-2024-50098, CVE-2024-50099, CVE-2024-50088, CVE-2024-50087, CVE-2024-50086, CVE-2024-50085, CVE-2024-50084, CVE-2024-50083, CVE-2024-50082, CVE-2024-50080, CVE-2024-50077, CVE-2024-50076, CVE-2024-50075, CVE-2024-50074, CVE-2024-50073, CVE-2024-50072, CVE-2024-50070, CVE-2024-50078, CVE-2024-50069, CVE-2024-50066, CVE-2024-50211, CVE-2024-50210, CVE-2024-50209, CVE-2024-50208, CVE-2024-50205, CVE-2024-50155, CVE-2024-50164, CVE-2024-50163, CVE-2024-50162, CVE-2024-50160, CVE-2024-50159, CVE-2024-50158, CVE-2024-50172, CVE-2024-50171, CVE-2024-50170, CVE-2024-50169, CVE-2024-50168, CVE-2024-50167, CVE-2024-50166, CVE-2024-50156, CVE-2024-50148, CVE-2024-50147, CVE-2024-50145, CVE-2024-50143, CVE-2024-50142, CVE-2024-50141, CVE-2024-50154, CVE-2024-50153, CVE-2024-50152, CVE-2024-50151, CVE-2024-50150, CVE-2024-50139, CVE-2024-50140, CVE-2024-50128, CVE-2024-50136, CVE-2024-50135, CVE-2024-50134, CVE-2024-50133, CVE-2024-50131, CVE-2024-50130, CVE-2024-50111, CVE-2024-50110, CVE-2024-50108, CVE-2024-50127, CVE-2024-50126, CVE-2024-50125, CVE-2024-50124, CVE-2024-50121, CVE-2024-50120, CVE-2024-50117, CVE-2024-50116, CVE-2024-50115, CVE-2024-50112, CVE-2024-50103, CVE-2024-50262, CVE-2024-50259, CVE-2024-50261, CVE-2024-50226, CVE-2024-50235, CVE-2024-50234, CVE-2024-50233, CVE-2024-50232, CVE-2024-50231, CVE-2024-50230, CVE-2024-50258, CVE-2024-50257, CVE-2024-50256, CVE-2024-50229, CVE-2024-50255, CVE-2024-50252, CVE-2024-50251, CVE-2024-50250, CVE-2024-50249, CVE-2024-50248, CVE-2024-50247, CVE-2024-50246, CVE-2024-50228, CVE-2024-50245, CVE-2024-50244, CVE-2024-50243, CVE-2024-50242, CVE-2024-50240, CVE-2024-50239, CVE-2024-50237, CVE-2024-50236, CVE-2024-50219, CVE-2024-50218, CVE-2024-50216, CVE-2024-50215, CVE-2024-50224, CVE-2024-50223, CVE-2024-50222)

Changes:

• Disable CONFIG_NFS_V4_2_READ_PLUS kernel config to fix nfs-ganesha (flatcar/scripts#2390)

Updates:

• ca-certificates (3.106)
• Linux (6.6.60 (includes 6.6.59, 6.6.58, 6.6.57, 6.6.56))