kinvolk/manifest v3185.0.0

on GitHub

New Alpha Release 3185.0.0

Changes since Alpha-3165.0.0

Security fixes

• Linux (CVE-2022-25636)
• Go (CVE-2022-24921)
• containerd (CVE-2022-23648)
• cryptsetup (CVE-2021-4122)
• intel-microcode (CVE-2021-0127, CVE-2021-0146)
• nvidia-drivers (CVE-2022-21814, CVE-2022-21813)
• openssl (CVE-2022-0778)

Bug fixes

• Reverted the Linux kernel commit which broke networking on AWS instances which use Intel 82559 NIC (c4/m4) (Flatcar#665, coreos-overlay#1723)
• Re-added the brd drbd nbd rbd xen-blkfront zram libarc4 lru_cache zsmalloc kernel modules to the initramfs since they were missing compared to the Flatcar 3033.2.x releases where the 5.10 kernel is used (bootengine#40)

Changes

• Merge the Flatcar Pro features into the regular Flatcar images (coreos-overlay#1679)
• Besides Ignition v1 and v2 configurations, Ignition configurations with specification v3 (up to 3.3.0) are now supported, see the docs section for details
• Made SELinux enabled by default in default containerd configuration file. (coreos-overlay#1699)
• Removed rngd.service because it is not essential anymore for the kernel to boot fast in VM environments (coreos-overlay#1700)
• Enabled systemd-sysext.service to activate systemd-sysext images on boot, to disable you will need to mask it. Also added a helper service ensure-sysext.service which reloads the systemd units to reevaluate the sockets, timers, and multi-user targets when systemd-sysext.service is (re)started, making it possible to enable units that are part of a sysext image (init#65)
• For amd64 /usr/lib used to be a symlink to /usr/lib64 but now they became two separate folders as common in other distributions (and was the case for arm64 already). Compatibility symlinks exist in case /usr/lib64 was used to access, e.g., the modules folder or the systemd folder (coreos-overlay#1713, flatcar-scripts#255)
• Defined a systemd-sysext level that sysext images can match for instead of the OS version when they don't have a strong coupling, meaning the only metadata required is SYSEXT_LEVEL=1.0 and ID=flatcar (#643)
• OpenStack: In addition to the bz2 image, a gz compressed image is published. This allows Glance to directly consume the images by simply passing in the URL of the image.
• DigitalOcean: In addition to the bz2 image, a gz compressed image is published. This helps against hitting the compression timeout that sometimes lets the image import fail.
• SDK: The image compression format is now configurable. Supported formats are: bz2, gz, zip, none, zst. Selecting the image format can now be done by passing the --image_compression_formats option. This flag gets a comma separated list of formats.

Updates

• Linux (5.15.30 (from 5.15.25, includes 5.15.26, 5.15.27, 5.15.28, 5.15.29))
• Linux Firmware (20220310)
• Go (1.17.8)
• ca-certificates (3.76)
• containerd (1.6.1)
• cryptsetup (2.4.3)
• Docker (20.10.13)
• dosfstools (4.2)
• grep (3.7)
• ignition (2.13.0)
• intel-microcode (20220207_p20220207)
• iperf (3.10.1)
• less (590)
• lsscsi (0.32)
• nvidia-drivers (510.47.03)
• nvme-cli (1.16)
• openssl (3.0.2)
• pam (1.5.1_p20210622)
• pambase (20220214)
• pinentry (1.2.0)
• quota (4.06)
• rpcbind (1.2.6)
• socat (1.7.4.3)
• thin-provisioning-tools (0.9.0)
• timezone-data (2021a)
• whois (5.5.11)
• xfsprogs (5.14.2)
• VMWare: open-vm-tools (12.0.0)
• SDK: man-db (2.9.4)
• SDK: Rust (1.59.0)