kinvolk/manifest v2723.0.0

on GitHub

Security fixes

• bsdiff
  • CVE-2014-9862
• containerd
  • CVE-2020-15257
• pam
  • CVE-2020-27780
• Linux
  • CVE-2020-29661
  • CVE-2020-29660
  • CVE-2020-27830
  • CVE-2020-28588 (only affects 32-bit systems, Flatcar Container Linux is not affected)
  • CVE-2020-27835 (only affects systems with Infiniband HF1 driver, Flatcar Container Linux is not affected)

Bug fixes

• The sysctl net.ipv4.conf.*.rp_filter is set to 0 for the Cilium CNI plugin to work (Flatcar#181)
• Package downloads in the developer container now use the correct URL again (Flatcar#298)

Changes

• A symlink vimdiff should not be created, if the USE flag minimal is enabled. (Flatcar/#221)
• The sysctl default config file is now applied under the prefix 60 which allows for custom sysctl config files to take effect when they start with a prefix of 70, 80, or 90 (baselayout#13)
• Containerd CRI plugin got enabled by default, only the containerd socket path needs to be specified as kubelet parameter for Kubernetes 1.20 to use containerd instead of Docker (Flatcar#283)
• For users with a custom update server a machine alias setting in update-engine allows to give human-friendly names to client instances (update-engine#8)
• Enable BCMGENET as a module on arm64_defconfig-5.9 (coreos-overlay#717)
• Enable BCM7XXX_PHY as a module on arm64_defconfig-5.9 for Raspberry Pi 4 (coreos-overlay#716)
• Disable jpeg USE flag from QEMU (coreos-overlay#729)
• flatcar_production_qemu.sh: Use more CPUs for ARM if available (scripts#91)

Updates

• Linux (5.9.14)
• Linux firmware (20201118)
• Docker (19.03.14)
• containerd (1.4.3)
• pam (1.5.1)
• sqlite (3.33)
• SDK: Rust (1.47.0)
• SDK: Go (1.15.6)
• SDK: repo (2.8)
• SDK: dwarves (1.19)

Note: Please note that ARM images remain experimental for now.