Releases: flatcar/scripts
Releases · flatcar/scripts
beta-3602.1.0
beta-3602.1.0
This tag was signed with the committer’s verified signature.
sayanchowdhury
Sayan Chowdhury
d149ebf
This commit was signed with the committer’s verified signature.
sayanchowdhury
Sayan Chowdhury
Changes since Beta 3572.1.0
Security fixes:
- Linux (CVE-2022-48425)
- Go (CVE-2023-24539, CVE-2023-24540, CVE-2023-29400)
- OpenSSH (CVE-2023-28531)
- OpenSSL (CVE-2023-0464, CVE-2023-0465, CVE-2023-0466, CVE-2023-1255)
- bash (CVE-2022-3715)
- c-ares (CVE-2022-4904)
- curl (CVE-2023-27533, CVE-2023-27534, CVE-2023-27535, CVE-2023-27536, CVE-2023-27537, CVE-2023-27538)
- libxml2 (CVE-2023-28484, CVE-2023-29469)
Bug fixes:
- Restored the reboot warning and delay for non-SSH console sessions (locksmith#21)
Changes:
- Changed coreos-cloudinit to now set the short hostname instead of the FQDN when fetched from the metadata service (coreos-cloudinit#19)
Updates:
- Linux (5.15.113 (includes 5.15.112))
- Go (1.19.9)
- OpenSSH (9.3)
- bash (5.2)
- bpftool (6.2.1)
- c-ares (1.19.0)
- containerd (1.6.21)
- curl (8.0.1)
- e2fsprogs (1.47.0)
- gdb (13.1.90)
- GLib (2.74.6)
- libarchive (3.6.2)
- libxml2 (2.10.4)
- multipath-tools (0.9.4)
- pinentry (1.2.1)
- readline (8.2)
- runc (1.1.7)
- sqlite (3.41.2)
- XZ utils (5.4.2)
- SDK: nano (7.2)
Changes since Alpha 3602.0.0
Security fixes:
- Linux (CVE-2022-48425)
Bug fixes:
Changes:
Updates:
alpha-3619.0.0
alpha-3619.0.0
This tag was signed with the committer’s verified signature.
sayanchowdhury
Sayan Chowdhury
92b29fd
This commit was signed with the committer’s verified signature.
sayanchowdhury
Sayan Chowdhury
NOTE: this release has an issue with Equinix Metal arm64. Specific instances like c3.large.arm64 (Ampere Altra systems) do not boot with Kernel 6.1, due to soft lockup. In case of the systems, please stay with the previous version 3602.0.0 with Kernel 5.15. No other cloud provider is affected by the issue. The amd64 systems are also not affected.
Changes since Alpha 3602.0.0
Security fixes:
- Linux (CVE-2020-36516, CVE-2021-26401, CVE-2021-33135, CVE-2021-33655, CVE-2021-3923, CVE-2021-4155, CVE-2021-4197, CVE-2021-43976, CVE-2021-44879, CVE-2021-45469, CVE-2022-0001, CVE-2022-0002, CVE-2022-0168, CVE-2022-0185, CVE-2022-0330, CVE-2022-0382, CVE-2022-0433, CVE-2022-0435, CVE-2022-0487, CVE-2022-0492, CVE-2022-0494, CVE-2022-0500, CVE-2022-0516, CVE-2022-0617, CVE-2022-0742, CVE-2022-0847, CVE-2022-0995, CVE-2022-1011, CVE-2022-1012, CVE-2022-1015, CVE-2022-1016, CVE-2022-1048, CVE-2022-1055, CVE-2022-1158, CVE-2022-1184, CVE-2022-1198, CVE-2022-1199, CVE-2022-1204, CVE-2022-1205, CVE-2022-1263, CVE-2022-1353, CVE-2022-1462, CVE-2022-1516, CVE-2022-1651, CVE-2022-1652, CVE-2022-1671, CVE-2022-1679, CVE-2022-1729, CVE-2022-1734, CVE-2022-1789, CVE-2022-1852, CVE-2022-1882, CVE-2022-1943, CVE-2022-1973, CVE-2022-1974, CVE-2022-1975, CVE-2022-1976, CVE-2022-1998, CVE-2022-20008, CVE-2022-20158, CVE-2022-20368, CVE-2022-20369, CVE-2022-20421, CVE-2022-20422, CVE-2022-20423, CVE-2022-20566, CVE-2022-20572, CVE-2022-2078, CVE-2022-21123, CVE-2022-21125, CVE-2022-21166, CVE-2022-21499, CVE-2022-21505, CVE-2022-2153, CVE-2022-2196, CVE-2022-22942, CVE-2022-23036, CVE-2022-23037, CVE-2022-23038, CVE-2022-23039, CVE-2022-23040, CVE-2022-23041, CVE-2022-23042, CVE-2022-2308, CVE-2022-2318, CVE-2022-23222, CVE-2022-2380, CVE-2022-23960, CVE-2022-24448, CVE-2022-24958, CVE-2022-24959, CVE-2022-2503, CVE-2022-25258, CVE-2022-25375, CVE-2022-25636, CVE-2022-2585, CVE-2022-2586, CVE-2022-2588, CVE-2022-2590, CVE-2022-2602, CVE-2022-26365, CVE-2022-26373, CVE-2022-2639, CVE-2022-26490, CVE-2022-2663, CVE-2022-26966, CVE-2022-27223, CVE-2022-27666, CVE-2022-27672, CVE-2022-2785, CVE-2022-27950, CVE-2022-28356, CVE-2022-28388, CVE-2022-28389, CVE-2022-28390, CVE-2022-2873, CVE-2022-28796, CVE-2022-28893, CVE-2022-2905, CVE-2022-29156, CVE-2022-2938, CVE-2022-29581, CVE-2022-29582, CVE-2022-2959, CVE-2022-2964, CVE-2022-2977, CVE-2022-2978, CVE-2022-29900, CVE-2022-29901, CVE-2022-29968, CVE-2022-3028, CVE-2022-30594, CVE-2022-3077, CVE-2022-3078, CVE-2022-3104, CVE-2022-3105, CVE-2022-3107, CVE-2022-3108, CVE-2022-3110, CVE-2022-3111, CVE-2022-3112, CVE-2022-3113, CVE-2022-3115, CVE-2022-3169, CVE-2022-3202, [CVE-2022-32250](https://nvd.ni...
beta-3572.1.0
beta-3572.1.0
This tag was signed with the committer’s verified signature.
sayanchowdhury
Sayan Chowdhury
6a8103a
This commit was signed with the committer’s verified signature.
sayanchowdhury
Sayan Chowdhury
Changes since Beta 3549.1.1
Security fixes:
- Linux (CVE-2023-1380, CVE-2023-2002, CVE-2023-31436)
- Docker (CVE-2023-28840, CVE-2023-28841, CVE-2023-28842)
- Go (CVE-2023-24534, CVE-2023-24536, CVE-2023-24537, CVE-2023-24538)
- runc (CVE-2023-25809, CVE-2023-27561, CVE-2023-28642)
- tar (CVE-2022-48303)
- vim (CVE-2023-1127, CVE-2023-1175, CVE-2023-1170)
Bug fixes:
- Fixed a miscompilation of getfacl causing it to dump core when executed (scripts#809)
Changes:
- Improved the OS reset tool to offer preview, backup and restore (init#94)
Updates:
- Linux (5.15.111 (includes 5.15.110, 5.15.109))
- Linux Firmware (20230404)
- ca-certificates (3.89.1)
- containerd (1.6.20)
- docker (20.10.24)
- go (1.19.8)
- iperf (3.13)
- runc (1.1.5)
- vim (9.0.1403)
- zstandard (1.5.4)
- SDK: pahole (1.24)
- SDK: rust (1.68.2)
Changes since Alpha 3572.0.1
Security fixes:
- Linux (CVE-2023-1380, CVE-2023-2002, CVE-2023-31436)
Bug fixes:
- Fixed a miscompilation of getfacl causing it to dump core when executed (scripts#809)
Updates:
alpha-3602.0.0
alpha-3602.0.0
This tag was signed with the committer’s verified signature.
sayanchowdhury
Sayan Chowdhury
b604f6d
This commit was signed with the committer’s verified signature.
sayanchowdhury
Sayan Chowdhury
Changes since Alpha 3572.0.1
Security fixes:
- Linux (CVE-2023-1380, CVE-2023-2002, CVE-2023-31436)
- Go (CVE-2023-24539, CVE-2023-24540, CVE-2023-29400)
- OpenSSH (CVE-2023-28531)
- OpenSSL (CVE-2023-0464, CVE-2023-0465, CVE-2023-0466, CVE-2023-1255)
- bash (CVE-2022-3715)
- c-ares (CVE-2022-4904)
- curl (CVE-2023-27533, CVE-2023-27534, CVE-2023-27535, CVE-2023-27536, CVE-2023-27537, CVE-2023-27538)
- libxml2 (CVE-2023-28484, CVE-2023-29469)
Bug fixes:
- Fixed a miscompilation of getfacl causing it to dump core when executed (scripts#809)
- Restored the reboot warning and delay for non-SSH console sessions (locksmith#21)
Changes:
- Changed coreos-cloudinit to now set the short hostname instead of the FQDN when fetched from the metadata service (coreos-cloudinit#19)
Updates:
- Linux (5.15.111 (includes 5.15.110, 5.15.109))
- bash (5.2)
- bpftool (6.2.1)
- c-ares (1.19.0)
- ca-certificates (3.89.1)
- containerd (1.6.21)
- curl (8.0.1)
- e2fsprogs (1.47.0)
- gdb (13.1.90)
- glib (2.74.6)
- go (1.19.9)
- libarchive (3.6.2)
- libxml2 (2.10.4)
- multipath-tools (0.9.4)
- openSSH (9.3)
- pinentry (1.2.1)
- readline (8.2)
- runc (1.1.7)
- sqlite (3.41.2)
- xz-utils (5.4.2)
- SDK: nano (7.2)
stable-3510.2.1
stable-3510.2.1
This tag was signed with the committer’s verified signature.
sayanchowdhury
Sayan Chowdhury
dc60613
This commit was signed with the committer’s verified signature.
sayanchowdhury
Sayan Chowdhury
Changes since Stable 3510.2.0
Security fixes:
- Linux (CVE-2022-4269, CVE-2022-4379, CVE-2023-1076, CVE-2023-1077, CVE-2023-1079, CVE-2023-1118, CVE-2023-1611, CVE-2023-1670, CVE-2023-1829, CVE-2023-1855, CVE-2023-1989, CVE-2023-1990, CVE-2023-23004, CVE-2023-25012, CVE-2023-28466, CVE-2023-30456, CVE-2023-30772)
- nvidia-drivers (CVE-2022-31607, CVE-2022-31608, CVE-2022-31615, CVE-2022-34665, CVE-2022-34666, CVE-2022-34670, CVE-2022-34673, CVE-2022-34674, CVE-2022-34676, CVE-2022-34677, CVE-2022-34678, CVE-2022-34679, CVE-2022-34680, CVE-2022-34682, CVE-2022-34684, CVE-2022-42254, CVE-2022-42255, CVE-2022-42256, CVE-2022-42257, CVE-2022-42258, CVE-2022-42259, CVE-2022-42260, CVE-2022-42261, CVE-2022-42263, CVE-2022-42264, CVE-2022-42265)
Bug fixes:
- Fixed the broken emerge-gitclone in the dev-container owing to the missing migration action around the unification of the Flatcar core repositories
Changes:
- The package upgrade for nvidia-drivers might result in not supporting a few of the older NVIDIA Tesla GPUs. If you are facing issues, set
NVIDIA_DRIVER_VERSION=460.106.00in/etc/flatcar/nvidia-metadata
Updates:
lts-3033.3.12
lts-3033.3.12
This tag was signed with the committer’s verified signature.
sayanchowdhury
Sayan Chowdhury
8117308
This commit was signed with the committer’s verified signature.
sayanchowdhury
Sayan Chowdhury
Changes since LTS 3033.3.11
Security fixes:
- nvidia-drivers (CVE-2022-31607, CVE-2022-31608, CVE-2022-31615, CVE-2022-34665, CVE-2022-34666, CVE-2022-34670, CVE-2022-34673, CVE-2022-34674, CVE-2022-34676, CVE-2022-34677, CVE-2022-34678, CVE-2022-34679, CVE-2022-34680, CVE-2022-34682, CVE-2022-34684, CVE-2022-42254, CVE-2022-42255, CVE-2022-42256, CVE-2022-42257, CVE-2022-42258, CVE-2022-42259, CVE-2022-42260, CVE-2022-42261, CVE-2022-42263, CVE-2022-42264, CVE-2022-42265)
Bug fixes:
- Fix the broken emerge-gitclone in the dev-container owing to the missing migration action around the unification of the Flatcar core repositories
Changes:
- The package upgrade for nvidia-drivers might result in not supporting a few of the older NVIDIA Tesla GPUs. If you are facing issues, set
NVIDIA_DRIVER_VERSION=460.106.00in/etc/flatcar/nvidia-metadata
Updates:
- Linux (5.10.178)
- nvidia-drivers (525.105.17)
beta-3549.1.1
beta-3549.1.1
This tag was signed with the committer’s verified signature.
sayanchowdhury
Sayan Chowdhury
6cf82c0
This commit was signed with the committer’s verified signature.
sayanchowdhury
Sayan Chowdhury
Changes since Beta 3549.1.0
Security fixes:
- nvidia-drivers (CVE-2022-31607, CVE-2022-31608, CVE-2022-31615, CVE-2022-34665, CVE-2022-34666, CVE-2022-34670, CVE-2022-34673, CVE-2022-34674, CVE-2022-34676, CVE-2022-34677, CVE-2022-34678, CVE-2022-34679, CVE-2022-34680, CVE-2022-34682, CVE-2022-34684, CVE-2022-42254, CVE-2022-42255, CVE-2022-42256, CVE-2022-42257, CVE-2022-42258, CVE-2022-42259, CVE-2022-42260, CVE-2022-42261, CVE-2022-42263, CVE-2022-42264, CVE-2022-42265)
Bug fixes:
- Fixed systemd journal logs persistency on the first boot (flatcar#1005)
- Fixed the broken emerge-gitclone in the dev-container owing to the missing migration action around the unification of the Flatcar core repositories
Changes:
- The package upgrade for nvidia-drivers might result in not supporting a few of the older NVIDIA Tesla GPUs. If you are facing issues, set
NVIDIA_DRIVER_VERSION=460.106.00in/etc/flatcar/nvidia-metadata
Updates:
- Linux (5.15.108 (includes 5.15.107))
- nvidia-drivers (525.105.17)
alpha-3572.0.1
alpha-3572.0.1
This tag was signed with the committer’s verified signature.
sayanchowdhury
Sayan Chowdhury
ad5bbd0
This commit was signed with the committer’s verified signature.
sayanchowdhury
Sayan Chowdhury
Changes since Alpha 3572.0.0
Security fixes:
- nvidia-drivers (CVE-2022-31607, CVE-2022-31608, CVE-2022-31615, CVE-2022-34665, CVE-2022-34666, CVE-2022-34670, CVE-2022-34673, CVE-2022-34674, CVE-2022-34676, CVE-2022-34677, CVE-2022-34678, CVE-2022-34679, CVE-2022-34680, CVE-2022-34682, CVE-2022-34684, CVE-2022-42254, CVE-2022-42255, CVE-2022-42256, CVE-2022-42257, CVE-2022-42258, CVE-2022-42259, CVE-2022-42260, CVE-2022-42261, CVE-2022-42263, CVE-2022-42264, CVE-2022-42265)
Bug fixes:
- Fixed the broken emerge-gitclone in the dev-container owing to the missing migration action around the unification of the Flatcar core repositories
Changes:
- The package upgrade for nvidia-drivers might result in not supporting a few of the older NVIDIA Tesla GPUs. If you are facing issues, set
NVIDIA_DRIVER_VERSION=460.106.00in/etc/flatcar/nvidia-metadata
Updates:
- Linux (5.15.108 (includes 5.15.107))
- nvidia-drivers (525.105.17)
stable-3510.2.0
stable-3510.2.0
This tag was signed with the committer’s verified signature.
sayanchowdhury
Sayan Chowdhury
d409d94
This commit was signed with the committer’s verified signature.
sayanchowdhury
Sayan Chowdhury
Changes since Stable 3374.2.5
Security fixes:
- Linux (CVE-2022-2196, CVE-2022-27672, CVE-2022-3707, CVE-2023-1078, CVE-2023-1281, CVE-2023-1513, CVE-2023-26545)
- bind tools (CVE-2022-2795, CVE-2022-2881, CVE-2022-2906, CVE-2022-3080, CVE-2022-38177, CVE-2022-38178)
- binutils (CVE-2022-38126, CVE-2022-38127)
- containerd (CVE-2022-23471)
- cpio (CVE-2021-38185)
- curl (CVE-2022-35252, CVE-2022-43551, CVE-2022-43552,CVE-2022-32221, CVE-2022-35260, CVE-2022-42915, CVE-2022-42916)
- dbus (CVE-2022-42010, CVE-2022-42011, CVE-2022-42012)
- git (CVE-2022-39253, CVE-2022-39260, CVE-2022-23521, CVE-2022-41903)
- glib (fixes to normal form handling in GVariant)
- Go (CVE-2022-41717)
- libarchive (CVE-2022-36227)
- libksba (CVE-2022-47629, CVE-2022-3515)
- libxml2 (CVE-2022-40303, CVE-2022-40304)
- logrotate (CVE-2022-1348)
- multipath-tools (CVE-2022-41973, CVE-2022-41974)
- sudo (CVE-2023-22809, CVE-2022-43995)
- systemd (CVE-2022-3821, CVE-2022-4415)
- vim (CVE-2023-0049, CVE-2023-0051, CVE-2023-0054, CVE-2022-3705, CVE-2022-3491, CVE-2022-3520, CVE-2022-3591, CVE-2022-4141, CVE-2022-4292, CVE-2022-4293,CVE-2022-1725, CVE-2022-3234, CVE-2022-3235, CVE-2022-3278, CVE-2022-3256, CVE-2022-3296, CVE-2022-3297, CVE-2022-3324, CVE-2022-3352, CVE-2022-2042, CVE-2022-2124, CVE-2022-2125, CVE-2022-2126, CVE-2022-2129, CVE-2022-2175, CVE-2022-2182, CVE-2022-2183, CVE-2022-2206, CVE-2022-2207, CVE-2022-2208, CVE-2022-2210, CVE-2022-2231, CVE-2022-2257, CVE-2022-2264, CVE-2022-2284, CVE-2022-2285, CVE-2022-2286, CVE-2022-2287, CVE-2022-2288, CVE-2022-2289, CVE-2022-2304, CVE-2022-2343, CVE-2022-2344, CVE-2022-2345, CVE-2022-2522, CVE-2022-2816, CVE-2022-2817, CVE-2022-2819, CVE-2022-2845, CVE-2022-2849, CVE-2022-2862, CVE-2022-2874, CVE-2022-2889, CVE-2022-2923, CVE-2022-2946, CVE-2022-2980, CVE-2022-2982, CVE-2022-3016, CVE-2022-3099, CVE-2022-3134, CVE-2022-3153)
- SDK: Python (CVE-2015-20107, CVE-2020-10735, CVE-2021-3654, CVE-2022-37454, CVE-2022-42919, CVE-2022-45061)
- SDK: qemu (CVE-2022-4172, CVE-2020-14394, CVE-2022-0216, CVE-2022-35414, CVE-2022-3872)
- SDK: rust (CVE-2022-46176, CVE-2022-36113, CVE-2022-36114)
Bug fixes:
- Added back Ignition support for Vagrant (coreos-overlay#2351)
- Added support for hardware security keys in update-ssh-keys (update-ssh-keys#7)
- Enabled IOMMU on arm64 kernels, the lack of which prevented some systems from booting (coreos-overlay#2235)
- Fixed a regression (in Alpha/Beta) where machines failed to boot if they didn't have the
coreuser or group in/etc/passwdor/etc/group(baselayout#26) - Fix "ext4 deadlock under heavy I/O load" kernel issue. The patch for this is included provisionally while we wait for it to be merged upstream (Flatcar#847, coreos-overlay#2315)
- Restored the support to specify OEM partition files in Ignition when
/usr/share/oemis given as initrd mount point (bootengine#58) - The rootfs setup in the initrd now runs systemd-tmpfiles on every boot, not only when Ignition runs, to fix a dbus failure due to missing files (Flatcar#944)
Changes:
- Added
CONFIG_NF_CONNTRACK_BRIDGE(for nf_conntrack_bridge) andCONFIG_NFT_BRIDGE_META(for nft_meta_bridge) to the kernel config to allow using conntrack rules for bridges in nftables and to match on bridge interface names (coreos-overlay#2207) - Added new image signing pub key to
flatcar-install, needed for dow...
lts-3033.3.11
lts-3033.3.11
This tag was signed with the committer’s verified signature.
sayanchowdhury
Sayan Chowdhury
d1bf01e
This commit was signed with the committer’s verified signature.
sayanchowdhury
Sayan Chowdhury
Changes since LTS 3033.3.10
Security fixes:
- Linux (CVE-2022-4379, CVE-2023-1076, CVE-2023-1077, CVE-2023-1079, CVE-2023-1118, CVE-2023-1611, CVE-2023-1670, CVE-2023-1829, CVE-2023-1855, CVE-2023-1989, CVE-2023-1990, CVE-2023-23004, CVE-2023-25012, CVE-2023-28466, CVE-2023-30456, CVE-2023-30772)
Bug fixes:
Changes:
- Added new image signing pub key to
flatcar-install, needed for download verification of releases built from July 2023 onwards, if you have copies offlatcar-installor the image signing pub key, you need to update them as well (init#92)