kinvolk/manifest v3033.2.0

on GitHub

New Stable release 3033.2.0

Changes since Stable 2983.2.1

Security fixes

• Linux (CVE-2021-4002, CVE-2020-27820, CVE-2021-4001, CVE-2021-43975)
• Go (CVE-2021-29923, CVE-2021-39293, CVE-2021-38297,CVE-2021-39293, CVE-2021-44717, CVE-2021-44716)
• bash (CVE-2019-9924, CVE-2019-18276)
• binutils (CVE-2021-3530, CVE-2021-3549)
• ca-certificates (CVE-2021-43527)
• containerd (CVE-2021-41103)
• curl (CVE-2021-22945, CVE-2021-22946, CVE-2021-22947)
• Docker (CVE-2021-41092, CVE-2021-41089, CVE-2021-41091)
• git (CVE-2021-40330)
• glibc (CVE-2021-38604)
• gnupg (CVE-2020-25125)
• libgcrypt (CVE-2021-40528)
• nettle (CVE-2021-20305, CVE-2021-3580)
• polkit (CVE-2021-3560)
• sssd (CVE-2021-3621)
• util-linux (CVE-2021-37600)
• vim (CVE-2021-3770, CVE-2021-3778, CVE-2021-3796)
• SDK: bison (CVE-2020-14150, CVE-2020-24240)
• SDK: perl (CVE-2020-10878)

Bug fixes

• arm64: the Polkit service does not crash anymore. (flatcar-linux/Flatcar#156)
• toolbox: fixed support for multi-layered docker images (toolbox#5)
• Run emergency.target on ignition/torcx service unit failure in dracut (bootengine#28)
• Fix vim warnings on missing file, when built with USE=”minimal” (portage-stable#260)
• The Torcx profile docker-1.12-no got fixed to reference the current Docker version instead of 19.03 which wasn't found on the image, causing Torcx to fail to provide Docker (PR#1456)

Changes

• Added GPIO support (coreos-overlay#1236)
• Enabled SELinux in permissive mode on ARM64 (coreos-overlay#1245)
• The iptables command uses the nftables kernel backend instead of the iptables backend, you can also migrate to using the nft tool instead of iptables. Containers with iptables binaries that use the iptables backend will result in mixing both kernel backends which is supported but you have to look up the rules separately (on the host you can use the iptables-legacy and friends).

Updates

• Linux (5.10.84)
• Linux Firmware (20210919)
• Docker (20.10.9)
• Go (1.17.5)
• containerd (1.5.8)
• systemd (249.4)
• bash (5.1_p8)
• binutils (2.37)
• curl (7.79.1)
• ca-certificates (3.73)
• duktape (2.6.0)
• ebtables (2.0.11)
• git (2.32.0)
• gnupg (2.2.29)
• iptables (1.8.7)
• keyutils (1.6.1)
• ldb (2.3.0)
• libgcrypt (1.9.4)
• libmnl (1.0.4)
• libnftnl (1.2.0)
• libtirpc (1.3.2)
• lvm2 (2.02.188)
• nettle (3.7.3)
• nftables (0.9.9)
• net-tools (2.10)
• openssh (8.7_p1-r1)
• open-vm-tools (11.3.5)
• polkit (0.119)
• realmd (0.17.0)
• runc (1.0.3)
• talloc (2.3.2)
• util-linux (2.37.2)
• vim (8.2.3428)
• xenstore (4.14.2)
• SDK: gnuconfig (20210107)
• SDK: google-cloud-sdk (355.0.0)
• SDK: meson (0.57.2)
• SDK: mtools (4.0.35)
• SDK: perl (5.34.0)
• SDK: Rust (1.55.0)
• SDK: texinfo (6.8)

Changes since Beta 3033.1.1

Security fixes

• Linux (CVE-2021-4002, CVE-2020-27820, CVE-2021-4001, CVE-2021-43975)
• Go (CVE-2021-29923, CVE-2021-39293, CVE-2021-38297,CVE-2021-39293, CVE-2021-44717, CVE-2021-44716)
• ca-certificates (CVE-2021-43527)

Bug fixes

• Fix vim warnings on missing file, when built with USE=”minimal” (portage-stable#260)

Updates

• Linux (5.10.84)
• Go (1.17.5)
• ca-certificates (3.73)