New Alpha Release 3165.0.0
Changes since Alpha 3139.0.0
Security fixes
- Linux (CVE-2022-0492, CVE-2022-0516, CVE-2022-0435, CVE-2022-0487, CVE-2022-25375, CVE-2022-25258, CVE-2022-0847)
- Go (CVE-2022-23806, CVE-2022-23772, CVE-2022-23773)
- systemd (CVE-2021-3997)
- cifs-utils (CVE-2021-20208)
- expat (CVE-2022-25235, CVE-2022-25236, CVE-2022-25313, CVE-2022-25314, CVE-2022-25315)
- duktape (CVE-2021-46322)
- libarchive (CVE-2021-31566, CVE-2021-36976)
- libxml2 (CVE-2022-23308)
- shadow (CVE-2013-4235)
- vim (CVE-2021-3984, CVE-2021-4019, CVE-2021-4069, CVE-2021-4136, CVE-2021-4173, CVE-2021-4166, CVE-2021-4187, CVE-2021-4192, CVE-2021-4193, CVE-2022-0128, CVE-2022-0156, CVE-2022-0158, CVE-2022-0213, CVE-2022-0261, CVE-2022-0318, CVE-2022-0319, CVE-2022-0351, CVE-2022-0359, CVE-2022-0361, CVE-2022-0368, CVE-2022-0392, CVE-2022-0393, CVE-2022-0407, CVE-2022-0408, CVE-2022-0413, CVE-2022-0417, CVE-2022-0443)
- SDK: squashfs-tools (CVE-2021-40153, CVE-2021-41072)
Bug fixes
- Disabled the systemd-networkd settings
ManageForeignRoutesandManageForeignRoutingPolicyRulesby default to ensure that CNIs like Cilium don't get their routes or routing policy rules discarded on network reconfiguration events (Flatcar#620). - AWS: specify correct console (ttyS0) on kernel command line for ARM64 instances (coreos-overlay#1628)
- Prevented hitting races when creating filesystems in Ignition, these races caused boot failures like
fsck[1343]: Failed to stat /dev/disk/by-label/ROOT: No such file or directorywhen creating a btrfs root filesystem (ignition#35) - Reverted the Linux kernel change to forbid xfrm id 0 for IPSec state because it broke Cilium (Flatcar#626, coreos-overlay#1682)
- Added
auditd.servicebut left it disabled by default, a custom configuration can be created by removing/etc/audit/auditd.confand replacing it with an own file (coreos-overlay#1636)
Changes
- The systemd-networkd
ManageForeignRoutesandManageForeignRoutingPolicyRulessettings are now disabled through a drop-in file and thus can only be enabled again by a drop-in file under/etc/systemd/networkd.conf.d/because drop-in files take precedence over/etc/systemd/networkd.conf(init#61) - Bring in dependencies for NFS4 with Kerberos both in kernel and userspace. Tested against NFS4.1 server. (coreos-overlay#1664)
- Added support for switching back to CGroupsV1 without requiring a reboot. Create
/etc/flatcar-cgroupv1through ignition. (coreos-overlay#1666) - Azure VHD disks are now created using subformat=fixed, which makes them suitable for immediate upload to Azure using any tool.
Updates
- Linux (5.15.25) (from 5.15.19)
- Linux Firmware (20220209)
- Go (1.17.7)
- systemd (250.3)
- bpftool (5.15.8)
- bridge-utils (1.7.1)
- cifs-utils (6.13)
- containerd (1.6.0)
- duktape (2.7.0)
- expat (2.4.6)
- kexec-tools (2.0.22)
- libarchive (3.5.3)
- libmspack (0.10.1_alpha)
- libxml2 (2.9.13)
- nfs-utils (2.5.4)
- shadow (4.11.1)
- vim (8.2.4328)
- Azure: WALinuxAgent (2.6.0.2)
- SDK: gcc-config (2.5)
- SDK: iasl (20200717)
- SDK: man-pages (5.12-r2)
- SDK: netperf (2.7.0)
- SDK: squashfs-tools (4.5_p20210914)