Skip to content

2022.5
Compare
Choose a tag to compare
@cgwalters cgwalters released this 22 Jul 20:25
· 1086 commits to main since this release
v2022.5
This tag was signed with the committer’s verified signature.
cgwalters Colin Walters
GPG key ID: DC45FD5921C13F0B
Learn about vigilant mode.
15740d0

This release fixes a denial of service security issue: GHSA-gqf4-p3gv-g8vw
The core fix is in sign/ed25519: Verify signatures are minimum length in 83e6357 which should be an easily backportable commit. (There's some further changes to add test coverage for this that can be ignored)
This only affects builds that use libsodium; it is however remotely reachable (assuming that the client is talking to a compromised server; ordinarily exploiting this would require that or breaking TLS/https). Thanks to @DemiMarie for the report!

Additional highlights are:

  • Greatly improved performance for ostree prune on large repositories
  • Support for in-place kargs changes

Thanks to everyone who contributed!

Chris Mucciolo (1):
      docs add debos to readme distribution build tools

Colin Walters (44):
      configure: post-release version bump
      repo: Optimize memory use of `ostree_repo_list_objects()`
      rust: Bump semver, add feature for current release
      repo: Further optimize `ostree_repo_list_objects_set()`
      ci: Add a flow that does a git libostree + git rust-bindings
      prune: Also use object set API in `ostree_repo_prune_from_reachable()`
      lib: Fix symbol versioning inheritance
      tests/inst: Bump the version of ostree-ext
      rust-bindings: Fix repository reference
      rust-bindings: use correct README.md
      rust-bindings: Update cargo package list
      rust: Switch to 2021 edition
      ci: Bump MSRV
      rust: Use inline `format!` variables in a few places
      repo: Document non-obvious way to list all commits
      fsck: Don't load all object names into memory
      fsck: De-indent loop
      fsck: Move most commit processing into helper function
      fsck: Use `load_variant_if_exists`
      rust-bindings: Wire up `tests/`
      cli/os-init: Port to C99 style
      cli/undeploy: Port to C99 style
      cli/unlock: Port to C99 style
      cli/config: Port to C99 style
      cli/diff: Port to C99 style
      cli/gpg-sign: Port to C99 style
      cli/remote-list: Port to C99 style
      cli/refs: Port to C99 style
      ci/rust: Enable `cap-std-apis` in default build, add a no-feature build
      ci/rust: Change MSRV to `cargo check`
      Fix clippy lint in cap-std bits
      rust: Bump semver to 0.15
      Bump to cap-std 0.25 and io-lifetimes 0.7
      repo: Metadata return values from `load_file` are not nullable
      tests/staged-deploy.sh: Hack around cosa systemd unit check
      tests/inst: Port to cap-std
      lib: Stop using old `ostree_sysroot_get_repo()` API
      deny: Sync with rpm-ostree
      deploy: Ensure sysroot is initialized for kargs in place
      sysroot: Have `ensure_writable` also always initialize
      sysroot: Add a few more assertions about `boot_fd`
      sign/ed25519: Verify signatures are minimum length
      rust: Add a test case for ed25519
      Release 2022.5

Huijing Hei (4):
      RFE: Add a hidden option to `ostree admin kargs edit-in-place` to update all existing deployments in place
      Fix `ostree admin kargs edit-in-place` fails issue
      Add test to verify `ostree admin kargs edit-in-place` working
      Update doc about adding new function to libostree

Jonathan Lebon (2):
      Drop `.packit.yaml`
      tests/inst/destructive: stop disabling fedora-coreos-pinger

Matthias Beyer (1):
      Fix link to rust bindings

Nikita Dubrovskii (1):
      s390x: rename sd-boot to sdboot

Saqib Ali (2):
      lib/prune: speed up pruning by retrieving only commits
      ostree-repo: bls-append-except-default followup

Simon McVittie (1):
      test-basic-c: Don't assert that extended attributes are available

Full Changelog: v2022.4...v2022.5

Contributors

DemiMarie
Assets 3
Loading