Releases: flatcar/scripts
Releases · flatcar/scripts
stable-3815.2.4
stable-3815.2.4
This tag was signed with the committer’s verified signature.
sayanchowdhury
Sayan Chowdhury
293b7d0
This commit was signed with the committer’s verified signature.
sayanchowdhury
Sayan Chowdhury
lts-3510.3.4
lts-3510.3.4
This tag was signed with the committer’s verified signature.
sayanchowdhury
Sayan Chowdhury
993c139
This commit was signed with the committer’s verified signature.
sayanchowdhury
Sayan Chowdhury
beta-3975.1.0
beta-3975.1.0
This tag was signed with the committer’s verified signature.
sayanchowdhury
Sayan Chowdhury
d78cfb6
This commit was signed with the committer’s verified signature.
sayanchowdhury
Sayan Chowdhury
Changes since Beta 3941.1.0
Security fixes:
- expat (CVE-2023-52425, CVE-2024-28757)
- gnutls (CVE-2024-28834, CVE-2024-28835)
- intel-microcode (CVE-2023-22655, CVE-2023-28746, CVE-2023-38575, CVE-2023-39368, CVE-2023-43490)
- less (CVE-2024-32487)
- SDK: python (CVE-2023-6597, CVE-2024-0450, gh-81194, gh-113659, gh-102388, gh-114572, gh-115243)
Bug fixes:
- Fixed issue file generation from
/etc/issue.d(scripts#2018)
Changes:
- Added KubeVirt qcow2 image for amd64/arm64 (flatcar/scripts#1962)
- Added azure-nvme-utils to the image, which is used by udev to create symlinks for NVMe disks on Azure v6 instances under /dev/disk/azure/. (scripts#1950)
- Backported systemd-sysext mutable overlays functionality from yet-unreleased systemd v256. (flatcar/scripts#1753)
- Provided a Podman Flatcar extension as optional systemd-sysext image with the release. Write 'podman' to
/etc/flatcar/enabled-sysext.confthrough Ignition and the sysext will be installed during provisioning (scripts#1964) - OpenStack: Changed metadata hostname source order. The service first tries with the config drive then fallback on the metadata service. (bootengine#96)
Updates:
- Linux (6.6.35 (includes 6.6.34, 6.6.33, 6.6.32 and 6.6.31))
- Linux Firmware (20240513)
- Rust (1.77.2)
- ca-certificates (3.101)
- containerd (1.7.17 (includes 1.7.16))
- expat (2.6.2 (includes 2.6.1 and 2.6.0))
- gnutls (3.8.5 (includes 3.8.4))
- intel-microcode (20240312)
- libunistring (1.2)
- systemd (255.4)
- SDK: python (3.11.9)
Changes since Alpha 3975.0.0
Bug fixes:
- Fixed issue file generation from
/etc/issue.d(scripts#2018)
Changes:
- OpenStack: Changed metadata hostname source order. The service first tries with the config drive then fallback on the metadata service. (bootengine#96)
Updates:
alpha-4012.0.0
alpha-4012.0.0
This tag was signed with the committer’s verified signature.
The key has expired.
tormath1
Mathieu Tortuyaux
33fb1d1
This commit was signed with the committer’s verified signature.
The key has expired.
tormath1
Mathieu Tortuyaux
Changes since Alpha 3975.0.0
Bug fixes:
- Fixed issue file generation from
/etc/issue.d(scripts#2018)
Changes:
- Added Akamai / Linode images (flatcar/scripts#1806)
- Provided a Python Flatcar extension as optional systemd-sysext image with the release. Write 'python' to
/etc/flatcar/enabled-sysext.confthrough Ignition and the sysext will be installed during provisioning (scripts#1979) - OpenStack: Changed metadata hostname source order. The service first tries with the config drive then fallback on the metadata service. (bootengine#96)
- Removed unused grub executable duplicate files and removed grub modules that are already assembled in the grub executable (scripts#1955).
- libcrypt is now provided by the libxcrypt library instead of glibc. Glibc libcrypt was deprecated long time ago.
Updates:
stable-3815.2.3
beta-3941.1.0
beta-3941.1.0
This tag was signed with the committer’s verified signature.
sayanchowdhury
Sayan Chowdhury
22af446
This commit was signed with the committer’s verified signature.
sayanchowdhury
Sayan Chowdhury
Beta 3941.1.0
Changes since Beta 3913.1.0
Security fixes:
- Linux (CVE-2023-28746, CVE-2023-47233, CVE-2023-52639, CVE-2023-6270, CVE-2023-7042, CVE-2024-22099, CVE-2024-23307, CVE-2024-24861, CVE-2024-26642, CVE-2024-26643, CVE-2024-26651, CVE-2024-26652, CVE-2024-26654, CVE-2024-26656, CVE-2024-26783, CVE-2024-26809)
- c-ares (CVE-2024-25629)
- coreutils (coreutils-2024-03-28)
- curl (CVE-2024-2004, CVE-2024-2379, CVE-2024-2398, CVE-2024-2466)
- glibc (CVE-2024-2961, CVE-2024-33599, CVE-2024-33600, CVE-2024-33601, CVE-2024-33602)
- nghttp2 (CVE-2024-28182)
Bug fixes:
Changes:
- Added zram-generator package to the image (scripts#1772)
- Add Intel igc driver to support I225/I226 family NICs. (scripts#1786)
- Added Hetzner images (scripts#1880)
- Added Hyper-V VHDX image (scripts#1791)
- Enabled amd-pstate,amd-pstate-epp cpufreq drivers for some AMD CPUs in the kernel. (scripts#1770)
- Enabled ntpd by default on AWS & GCP, enabled chronyd by default on Azure. The native time sync source is used on each cloud. (scripts#1792)
- Enabled the ptp_vmw module in the kernel.
- Hyper-V images, both .vhd and .vhdx files are available as
zipcompressed, switching frombzip2to a built-in available Windows compression -zip(scripts#1878) - OpenStack, Brightbox: Added the
flatcar.autologinkernel cmdline parameter by default as the hypervisor manages access to the console (scripts#1866) - Removed
actoolfrom the image andacbuildfrom the SDK as these tools are deprecated and not used (scripts#1817) - Scaleway: images are now provided directly as
.qcow2to ease the import on Scaleway (scripts#1953) - Switched ptp_kvm from kernel builtin to module.
- The default VM memory was bumped to 2 GB in the Qemu script and for VMware OVFs
Updates:
- Linux (6.6.30 (includes 6.6.29, 6.6.28, 6.6.27, 6.6.26, 6.6.25, 6.6.24, 6.6.23, 6.6.22))
- acl (2.3.2)
- attr (2.5.2)
- bpftool (6.7.6)
- c-ares (1.27.0 (includes 1.26.0))
- ca-certificates (3.100 (includes 3.99))
- containerd (1.7.15 includes (1.7.14))
- coreutils (9.5)
- curl (8.7.1 (includes 8.7.0))
- ethtool (6.7)
- git (2.43.2)
- inih (58)
- ipset (7.21 (includes 7.20))
- iputils (20240117 (includes 20231222)
- libnvme (1.8)
- nghttp2 (1.61.0 (includes 1.58.0, 1.59.0 and 1.60.0))
- nvme-cli (2.8)
- open-vm-tools (12.4.0)
- samba (4.18.9)
- selinux-refpolicy (2.20240226)
- SDK: libpng (1.6.43 (includes 1.6.42 and 1.6.41))
- SDK: Rust (1.77.1 (includes 1.77.0))
Changes since Alpha 3941.0.0
Security fixes:
- Linux (CVE-2023-28746, CVE-2023-47233, CVE-2023-52639, CVE-2023-6270, CVE-2023-7042, CVE-2024-22099, CVE-2024-23307, CVE-2024-24861, CVE-2024-26642, CVE-2024-26643, CVE-2024-26651, CVE-2024-26652, CVE-2024-26654, CVE-2024-26656, CVE-2024-26783, CVE-2024-26809)
- glibc (CVE-2024-2961, CVE-2024-33599, CVE-2024-33600, CVE-2024-33601, CVE-2024-33602)
Bug fixes:
Changes:
- Added Hetzner images (scripts#1880)
- Scaleway: images are now provided directly as
.qcow2to ease the import on Scaleway (scripts#1953)
Updates:
alpha-3975.0.0
alpha-3975.0.0
This tag was signed with the committer’s verified signature.
sayanchowdhury
Sayan Chowdhury
e05073b
This commit was signed with the committer’s verified signature.
sayanchowdhury
Sayan Chowdhury
Changes since Alpha 3941.0.0
Security fixes:
- Linux (CVE-2023-28746, CVE-2023-47233, CVE-2023-52639, CVE-2023-6270, CVE-2023-7042, CVE-2024-22099, CVE-2024-23307, CVE-2024-24861, CVE-2024-26642, CVE-2024-26643, CVE-2024-26651, CVE-2024-26652, CVE-2024-26654, CVE-2024-26656, CVE-2024-26783, CVE-2024-26809)
- expat (CVE-2023-52425, CVE-2024-28757)
- glibc (CVE-2024-2961, CVE-2024-33599, CVE-2024-33600, CVE-2024-33601, CVE-2024-33602)
- gnutls (CVE-2024-28834, CVE-2024-28835)
- intel-microcode (CVE-2023-22655, CVE-2023-28746, CVE-2023-38575, CVE-2023-39368, CVE-2023-43490)
- less (CVE-2024-32487)
- SDK: python (CVE-2023-6597, CVE-2024-0450, gh-81194, gh-113659, gh-102388, gh-114572, gh-115243)
Changes:
- Added Hetzner images (scripts#1880)
- Added KubeVirt qcow2 image for amd64/arm64 (scripts#1962)
- Added azure-nvme-utils to the image, which is used by udev to create symlinks for NVMe disks on Azure v6 instances under /dev/disk/azure/. (scripts#1950)
- Backported systemd-sysext mutable overlays functionality from yet-unreleased systemd v256. (scripts#1753)
- Provided a Podman Flatcar extension as optional systemd-sysext image with the release. Write 'podman' to
/etc/flatcar/enabled-sysext.confthrough Ignition and the sysext will be installed during provisioning (scripts#1964) - Scaleway: images are now provided directly as
.qcow2to ease the import on Scaleway (scripts#1953)
Updates:
- Linux (6.6.30 (includes 6.6.29, 6.6.28, 6.6.27, 6.6.26, 6.6.25, 6.6.24, 6.6.23, 6.6.22))
- Linux Firmware (20240513)
- ca-certificates (3.100)
- containerd (1.7.17 (includes 1.7.16))
- expat (2.6.2 (includes 2.6.1 and 2.6.0))
- gnutls (3.8.5 (includes 3.8.4))
- intel-microcode (20240312)
- libunistring (1.2)
- systemd (255.4)
- SDK: python (3.11.9)
- SDK: Rust (1.77.2)
stable-3815.2.2
Changes since Stable 3815.2.1
Security fixes:
- Linux (CVE-2023-28746, CVE-2023-47233, CVE-2023-52639, CVE-2023-6270, CVE-2023-7042, CVE-2024-22099, CVE-2024-23307, CVE-2024-24861, CVE-2024-26584, CVE-2024-26585, CVE-2024-26642, CVE-2024-26651, CVE-2024-26654, CVE-2024-26659, CVE-2024-26686, CVE-2024-26700, CVE-2024-26809)
- Downgraded xz-utils to 5.4.2 as precaution even though Flatcar is not affected of the SSH backdoor (CVE-2024-3094)
- openssh (CVE-2023-48795, CVE-2023-51384, CVE-2023-51385)
Bug fixes:
- Disabled user-configdrive.service on OpenStack when config drive is used, which caused the hostname to be overwritten. The coreos-cloudinit.service unit already runs on OpenStack if the system is not configured via ignition. (Flatcar#1385)
- Fixed
toolboxto prevent mountedctrsnapshots from being garbage-collected (toolbox#9)
Changes:
- Disabled real-time priority for multipathd as it prevents the cgroups2 cpu controller from working. (scripts#1771)
- SDK: Unified qemu image formats, so that the
qemu_uefibuild target provides the regularqemuand theqemu_uefi_secureartifacts (scripts#1847)
Updates:
lts-3510.3.3
Changes since LTS 3510.3.2
Security fixes:
- Linux (CVE-2023-52429, CVE-2023-52434, CVE-2023-52435, CVE-2023-52447, CVE-2023-52486, CVE-2023-52489, CVE-2023-52491, CVE-2023-52492, CVE-2023-52493, CVE-2023-52494, CVE-2023-52497, CVE-2023-52498, CVE-2023-52583, CVE-2023-52587, CVE-2023-52588, CVE-2023-52594, CVE-2023-52595, CVE-2023-52597, CVE-2023-52598, CVE-2023-52599, CVE-2023-52600, CVE-2023-52601, CVE-2023-52602, CVE-2023-52603, CVE-2023-52604, CVE-2023-52606, CVE-2023-52607, CVE-2023-52608, CVE-2023-52614, CVE-2023-52615, CVE-2023-52616, CVE-2023-52617, CVE-2023-52618, CVE-2023-52619, CVE-2023-52620, CVE-2023-52622, CVE-2023-52623, CVE-2023-52627, CVE-2023-52630, CVE-2023-52631, CVE-2023-52633, CVE-2023-52635, CVE-2023-52637, CVE-2023-52638, CVE-2023-52640, CVE-2023-52641, CVE-2023-6270, CVE-2023-7042, CVE-2024-0340, CVE-2024-0565, CVE-2024-0841, CVE-2024-1086, CVE-2024-1151, CVE-2024-22099, CVE-2024-23849, CVE-2024-23850, CVE-2024-23851, CVE-2024-26592, CVE-2024-26593, CVE-2024-26594, CVE-2024-26600, CVE-2024-26601, CVE-2024-26602, CVE-2024-26603, CVE-2024-26606, CVE-2024-26608, CVE-2024-26610, CVE-2024-26614, CVE-2024-26615, CVE-2024-26622, CVE-2024-26625, CVE-2024-26627, CVE-2024-26635, CVE-2024-26636, CVE-2024-26640, CVE-2024-26641, CVE-2024-26644, CVE-2024-26645, CVE-2024-26651, CVE-2024-26659, CVE-2024-26660, CVE-2024-26663, CVE-2024-26664, CVE-2024-26665, CVE-2024-26668, CVE-2024-26671, CVE-2024-26673, CVE-2024-26675, CVE-2024-26676, CVE-2024-26679, CVE-2024-26684, CVE-2024-26685, CVE-2024-26688, CVE-2024-26689, CVE-2024-26696, CVE-2024-26697, CVE-2024-26698, CVE-2024-26702, CVE-2024-26704, CVE-2024-26707, CVE-2024-26712, CVE-2024-26715, CVE-2024-26717, CVE-2024-26720, CVE-2024-26727, CVE-2024-26733, CVE-2024-26735, CVE-2024-26736, CVE-2024-26737, CVE-2024-26743, CVE-2024-26744, CVE-2024-26747, CVE-2024-26748, CVE-2024-26749, CVE-2024-26751, CVE-2024-26752, CVE-2024-26754, CVE-2024-26763, CVE-2024-26764, CVE-2024-26766, CVE-2024-26769, CVE-2024-26771, CVE-2024-26772, CVE-2024-26773, CVE-2024-26774, CVE-2024-26776, CVE-2024-26777, CVE-2024-26778, CVE-2024-26779, CVE-2024-26782, CVE-2024-26787, CVE-2024-26788, CVE-2024-26790, CVE-2024-26791, CVE-2024-26793, CVE-2024-26795, CVE-2024-26798, CVE-2024-26801, CVE-2024-26802, CVE-2024-26803, CVE-2024-26804, CVE-2024-26805, CVE-2024-26808, CVE-2024-26809)
Bug fixes:
- Fixed
toolboxto prevent mountedctrsnapshots from being garbage-collected (toolbox#9)
Changes:
- SDK: Unified qemu image formats, so that the
qemu_uefibuild target provides the regularqemuand the `qemu...
beta-3913.1.0
Changes since Beta 3874.1.0
Security fixes:
- Downgraded xz-utils to 5.4.2 as precaution even though Flatcar is not affected of the SSH backdoor (CVE-2024-3094)
- coreutils (CVE-2024-0684)
- dnsmasq (CVE-2023-28450, CVE-2023-50387, CVE-2023-50868)
- gcc (CVE-2023-4039)
- glibc (CVE-2023-5156, CVE-2023-6246, CVE-2023-6779, CVE-2023-6780)
- gnupg (gnupg-2024-01-25)
- gnutls (CVE-2024-0567, CVE-2024-0553)
- libuv (CVE-2024-24806)
- libxml2 (CVE-2024-25062)
- openssl (CVE-2023-5678, CVE-2023-6129, CVE-2023-6237, CVE-2024-0727)
- sudo (CVE-2023-42465)
- vim (CVE-2023-48231, CVE-2023-48232, CVE-2023-48233, CVE-2023-48234, CVE-2023-48235, CVE-2023-48236, CVE-2023-48237, CVE-2023-48706)
Bug fixes:
- Disabled user-configdrive.service on OpenStack when config drive is used, which caused the hostname to be overwritten. The coreos-cloudinit.service unit already runs on OpenStack if the system is not configured via ignition. (Flatcar#1385)
- Fixed
toolboxto prevent mountedctrsnapshots from being garbage-collected (toolbox#9) - Removed custom CloudSigma coreos-cloudinit service configuration since it will be called with the cloudsigma oem anyway. The restart of the service can also cause the serial port to be stuck in an nondeterministic state which breaks future runs.
Changes:
- A new format
qemu_uefi_secureis introduced to test Flatcar for SecureBoot-enabled features. The format will be later merged intoqemu_uefi. - Added Ignition Clevis support for encrypted disks unlocked with a TPM2 device or a Tang server (scripts#1560)
- Added Scaleway images (flatcar/scripts#1683)
- Added support for unlocking the rootfs with a TPM set up by systemd-cryptenroll (bootengine#93)
- Disabled real-time priority for multipathd as it prevents the cgroups2 cpu controller from working. (flatcar/scripts#1771)
- Enabled the GRUB TPM2 module to measure the boot code path and files into PCR 8+9 in UEFI (scripts#1861)
- Provided a ZFS-2.2.2 Flatcar extension as optional systemd-sysext image with the release. Write 'zfs' to
/etc/flatcar/enabled-sysext.confthrough Ignition and the sysext will be installed during provisioning. ZFS support is experimental and ZFS is not supported for the root partition. (flatcar/scripts#1742) - Removed Linux drivers for Mellanox Technologies Switch ASICs family and Spectrum/Spectrum-2/Spectrum-3/Spectrum-4 Ethernet Switch ASICs to reduce the initrd size on AMD64 by ~5MB (flatcar/scripts#1734). This change is part of the effort to reduce the initrd size (flatcar#1381).
- Removed coreos-cloudinit support for automatic keys conversion (e.g
reboot-strategy->reboot_strategy) (scripts#1687) - SDK: Unified qemu image formats, so that the
qemu_uefibuild target provides the regularqemuand theqemu_uefi_secureartifacts (scripts#1847)
Updates:
- Go (1.20.14)
- Ignition (2.18.0 (includes 2.17.0, 2.16.2, 2.16.1 and 2.16.0))
- Linux Firmware (20240312 (includes 20240220))
- audit (3.1.1)
- bind-tools (9.16.48)
- c-ares (1.25.0)
- cJSON (1.7.17)
- ca-certificates (3.99)
- checkpolicy (3.6)
- curl (8.6.0)
- ethtool (6.6)
- glibc (2.38)
- gnupg (2.4.4 (includes 2.2.42))
- less (643)
- libbsd (0.11.8)
- libcap-ng (0.8.4)
- libgcrypt (1.10.3)
- libidn2 (2.3.7 (includes https://gitlab.com/libidn/libidn2/-/releases/v2.3.4)))
- libksba (1.6.6)
- libnvme (1.7.1 (includes 1.7))
- libpsl (0.21.5)
- libseccomp (2.5.5)
- libselinux (3.6)
- libsemanage (3.6)
- libsepol (3.6)
- libuv (1.48.0)
- libverto (0.3.2)
- libxml2 (2.12.5 (includes 2.12.4))
- lsof (4.99.3 (includes 4.99.2 and 4.99.1))
- mime-types (2.1.54)
- multipath-tools (0.9.7)
- nvme-cli (2.7.1 (includes 2.7))
- openssl (3.2.1)
- policycoreutils (3.6)
- semodule-utils (3.6)
- shim (15.8)
- sqlite (3.45.1)
- sudo (1.9.15p5)
- systemd (255.3 (from 252.11))
- thin-provisioning-tools (1.0.10)
- traceroute (2.1.5 (includes 2.1.4))
- usbutils (017)
- util-linux (2.39.3)
- vim (9.0.2167)
- xmlsec ([1.3.3](https://github.com...