Update coreos-firmware to 20230625_p20230724, syncing with
linux-firmware of Gentoo, mainly to address CVE-2023-20593.
Gentoo ref: 6390ce05738eac80fc06663a73ca6b22fdaee8d1
- Carry over our custom tmpfiles and securetty files
- Remove /etc files and install them to /usr, use tmpfiles
- Switch /etc/login.defs edits to /usr/share/shadow/login.defs
- Drop moving passwd out of /usr since we don't have split-usr
- Drop pkg_postinst
- Mark the package as stable.
- Remove the socket unit's rate limiting.
- Fixes to configuration handling. We are trying to upstream these
changes, so this package will be eventually moved to
portage-stable. But updating it in coreos-overlay for now to drop
the use of the obsolete cygwin USE flags.
Upstream PR: https://github.com/gentoo/gentoo/pull/31615
Do not update to openldap 2.6.3+, to take different steps of updating
openldap.
1) from 2.4 to 2.5,
2) do an Alpha release around 2023-08, and
3) finally update from 2.5 to 2.6.
To fix invalid header issue that started to happen when being built with
Go 1.19.11+, it is necessary for the docker cli repo to vendor the new docker
client part of github.com/docker/docker.
Based on https://github.com/docker/cli/commit/5d4e44df90bb.
Reset to the state according to the state of Gentoo upstream,
to commit b93160fedf4e7a6f7f4101dfb7f3ff0df5cee2c0.
to create Flatcar patches on top of that.
Docker client and daemon started to fail at sending or handling most
local connections when being compiled with Go 1.19.11, which addresses
CVE-2023-29406 by blocking invalid host headers of HTTP/1. As a
workaround, Docker started to define a dummy host header, and to use
it for local connections.
Backport the fixes to Flatcar to fix the runtime failures.
See also https://github.com/moby/moby/issues/45935,
https://github.com/moby/moby/pull/45942.
Reset to the state according to the state of Gentoo upstream,
to commit 964117a9a27f8c048d646f423ffaf09b57bfad00,
to create Flatcar patches on top of that.
- Mark the package as stable.
- Remove the socket unit's rate limiting.
- Fixes to configuration handling. We are trying to upstream these
changes, so this package will be eventually moved to
portage-stable. But updating it in coreos-overlay for now to drop
the use of the obsolete cygwin USE flags.
Upstream PR: https://github.com/gentoo/gentoo/pull/31615
It's from Gentoo commit 7a8c3fa265d02fa74b8881a4dca3cfeb9d8a938c.
The modifications we did were upstreamed (under different USE flags
that we already properly set up), so no point it keeping the package
in overlay.
This reverts commit dd8c642794b4bfe3ae4febc614672a4703f36987.
This is to avoid having semodule utils package to be out of sync with
the rest of the selinux packages.
