cloud-init security, bug fix, and enhancement update

2023-11-1100:00:00

linux.oracle.com

bug fixes enhancement oracle datasource oci network security permission detection logic services log file ol distros metadata ipv6-enable cloud-config resize encrypted volume network-ready rhel-9 centos settings

5.5 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

15.5%

JSON

[23.1.1-11.0.2]

Fix Oracle Datasource network and getdata methods for OCI OL [Orabug: 35950168]
[23.1.1-11.0.1]
Increase retry value and add timeout for OCI [Orabug: 35329883]
Fix log file permission [Orabug: 35302969]
Update detection logic for OL distros in config template [Orabug: 34845400]
Added missing services in rhel/systemd/cloud-init.service [Orabug: 32183938]
Added missing services in cloud-init.service.tmpl for sshd [Orabug: 32183938]
Forward port applicable cloud-init 18.4-2.0.3 changes to cloud-init-18-5 [Orabug: 30435672]
limit permissions [Orabug: 31352433]
Changes to ignore all enslaved interfaces [Orabug: 30092148]
Make Oracle datasource detect dracut based config files [Orabug: 29956753]
add modified version of enable-ec2_utils-to-stop-retrying-to-get-ec2-metadata.patch:
1. Enable ec2_utils.py having a way to stop retrying to get ec2 metadata
2. Apply stop retrying to get ec2 metadata to helper/openstack.py MetadataReader
  Resolves: Oracle-Bug:41660 (Bugzilla)
added OL to list of known distros
[23.1.1-11]
Resolves: bz#2232296
[23.1.1-10]
Resolves: bz#2229660 bz#2229952
[23.1.1-9]
0030-NM-renderer-set-default-IPv6-addr-gen-mode-for-all-i.patch [bz#2188388]
Resolves: bz#2188388
[23.1.1-8]
0022-test-fixes-update-tests-to-reflect-AUTOCONNECT_PRIOR.patch [bz#2217865]
0023-test-fixes-remove-NM_CONTROLLED-no-from-tests.patch [bz#2217865]
0024-Revert-limit-permissions-on-def_log_file.patch [bz#2217865]
0025-test-fixes-changes-to-apply-RHEL-specific-config-set.patch [bz#2217865]
0026-Enable-SUSE-based-distros-for-ca-handling-2036.patch [bz#2217865]
0027-Handle-non-existent-ca-cert-config-situation-2073.patch [bz#2217865]
0028-logging-keep-current-file-mode-of-log-file-if-its-st.patch [bz#2222498]
0029-DS-VMware-modify-a-few-log-level-4284.patch [bz#2225374]
Resolves: bz#2217865 bz#2222498 bz#2225374
[23.1.1-7]
0020-Revert-Set-default-renderer-as-sysconfig-for-c9s-RHE.patch
0021-Set-default-renderer-as-sysconfig-for-centos-rhel-41.patch [bz#2209349]
Resolves: bz#2209349
[23.1.1-6]
0011-Revert-Manual-revert-Use-Network-Manager-and-Netplan.patch
0012-Revert-Revert-Add-native-NetworkManager-support-1224.patch
0013-net-sysconfig-do-not-use-the-highest-autoconnect-pri.patch
0014-net-sysconfig-cosmetic-fix-tox-formatting.patch
0015-nm-generate-ipv6-stateful-dhcp-config-at-par-with-sy.patch [bz#2207716]
0016-network_manager-add-a-method-for-ipv6-static-IP-conf.patch [bz#2196284]
0017-net-sysconfig-enable-sysconfig-renderer-if-network-m.patch [bz#2194050]
0018-network-manager-Set-higher-autoconnect-priority-for-.patch [bz#2196231]
0019-Set-default-renderer-as-sysconfig-for-c9s-RHEL-9.patch [bz#2209349]
Resolves: bz#2118235 bz#2194050 bz#2196231 bz#2196284 bz#2207716 bz#2209349
[23.1.1-5]
0010-Do-not-generate-dsa-and-ed25519-key-types-when-crypt.patch [bz#2187164]
Resolves: bz#2187164
[23.1.1-4]
0009-Make-user-vendor-data-sensitive-and-remove-log-permi.patch [bz#2190083]
Resolves: bz#2190083
[23.1.1-3]
0008-Don-t-change-permissions-of-netrules-target-2076.patch [bz#2182948]
Resolves: bz#2182948
[23.1.1-2]
0007-rhel-make-sure-previous-hostname-file-ends-with-a-ne.patch [bz#2184608]
Resolves: bz#2184608
[23.1.1-1]
Rebase to 23.1.1 [bz#2172811]
Resolves: bz#2172811
[22.1-9]
ci-Allow-growpart-to-resize-encrypted-partitions-1316.patch [bz#2166245]
Resolves: bz#2166245
(Add support for resizing encrypted root volume)
[22.1-8]
ci-cc_set_hostname-ignore-var-lib-cloud-data-set-hostna.patch [bz#2140893]
Resolves: bz#2140893
(systemd[1]: Failed to start Initial cloud-init job after reboot system via sysrq ‘b’)
[22.1-7]
ci-Ensure-network-ready-before-cloud-init-service-runs-.patch [bz#2152100]
Resolves: bz#2152100
([RHEL-9] Ensure network ready before cloud-init service runs on RHEL)
[22.1-6]
ci-cloud.cfg.tmpl-make-sure-centos-settings-are-identic.patch [bz#2115565]
Resolves: bz#2115565
(cloud-init configures user ‘centos’ or ‘rhel’ instead of ‘cloud-user’ with cloud-init-22.1)
[22.1-5]
ci-Revert-Add-native-NetworkManager-support-1224.patch [bz#2107463 bz#2104389 bz#2117532 bz#2098501]
ci-Revert-Use-Network-Manager-and-Netplan-as-default-re.patch [bz#2107463 bz#2104389 bz#2117532 bz#2098501]
ci-Revert-Revert-Setting-highest-autoconnect-priority-f.patch [bz#2107463 bz#2104389 bz#2117532 bz#2098501]
Resolves: bz#2107463
([RHEL-9.1] Cannot run sysconfig when changing the priority of network renderers)
Resolves: bz#2104389
([RHEL-9.1]Failed to config static IP and IPv6 according to VMware Customization Config File)
Resolves: bz#2117532
([RHEL9.1] Revert patch of configuring networking by NM keyfiles)
Resolves: bz#2098501
([RHEL-9.1] IPv6 not workable when cloud-init configure network using NM keyfiles)
[22.1-4]
ci-Honor-system-locale-for-RHEL-1355.patch [bz#2061604]
ci-cloud-init.spec-adjust-path-for-66-azure-ephemeral.r.patch [bz#2096270]
ci-setup.py-adjust-udev-rules-default-path-1513.patch [bz#2096270]
Resolves: bz#2061604
(cloud-config will change /etc/locale.conf back to en_US.UTF-8 on rhel-guest-image-9.0)
Resolves: bz#2096270
(Adjust udev/rules default path[rhel-9])
[22.1-3]
ci-Support-EC2-tags-in-instance-metadata-1309.patch [bz#2091640]
ci-cc_set_hostname-do-not-write-localhost-when-no-hostn.patch [bz#1980403]
Resolves: bz#2091640
([cloud][init] Add support for reading tags from instance metadata)
Resolves: bz#1980403
([RHV] RHEL 9 VM with cloud-init without hostname set doesn’t result in the FQDN as hostname)
[22.1-2]
ci-Add-native-NetworkManager-support-1224.patch [bz#2056964]
ci-Use-Network-Manager-and-Netplan-as-default-renderers.patch [bz#2056964]
ci-Revert-Setting-highest-autoconnect-priority-for-netw.patch [bz#2056964]
ci-Align-rhel-custom-files-with-upstream-1431.patch [bz#2088448]
ci-Remove-rhel-specific-files.patch [bz#2088448]
Resolves: bz#2056964
([RHEL-9]Rebase cloud-init from Fedora so it can configure networking using NM keyfiles)
Resolves: bz#2088448
(Align cloud.cfg file and systemd with cloud-init upstream .tmpl files)
[22.1-1]
Rebase to 22.1 [bz#2065548]
Resolves: bz#2065548
([RHEL-9.1] cloud-init rebase to 22.1)
[21.1-19]
ci-Fix-IPv6-netmask-format-for-sysconfig-1215.patch [bz#2053546]
ci-Adding-_netdev-to-the-default-mount-configuration.patch [bz#1998445]
ci-Setting-highest-autoconnect-priority-for-network-scr.patch [bz#2036060]
Resolves: bz#2053546
(cloud-init writes route6- config with a HEX netmask. ip route does not like : Error: inet6 prefix is expected rather than ‘fd00:fd00:fd00::/ffff:ffff:ffff:ffff::’.)
Resolves: bz#1998445
([Azure][RHEL-9] ordering cycle exists after reboot)
Resolves: bz#2036060
([cloud-init][ESXi][RHEL-9] Failed to config static IP according to VMware Customization Config File)
[21.1-18]
ci-Add-_netdev-option-to-mount-Azure-ephemeral-disk-121.patch [bz#1998445]
Resolves: bz#1998445
([Azure][RHEL-9] ordering cycle exists after reboot)
[21.1-17]
ci-Add-flexibility-to-IMDS-api-version-793.patch [bz#2042351]
ci-Azure-helper-Ensure-Azure-http-handler-sleeps-betwee.patch [bz#2042351]
ci-azure-Removing-ability-to-invoke-walinuxagent-799.patch [bz#2042351]
ci-Azure-eject-the-provisioning-iso-before-reporting-re.patch [bz#2042351]
ci-Azure-Retrieve-username-and-hostname-from-IMDS-865.patch [bz#2042351]
ci-Azure-Retry-net-metadata-during-nic-attach-for-non-t.patch [bz#2042351]
ci-Azure-adding-support-for-consuming-userdata-from-IMD.patch [bz#2042351]
Resolves: bz#2042351
([RHEL-9] Support for provisioning Azure VM with userdata)
[21.1-16]
ci-Datasource-for-VMware-953.patch [bz#2040090]
ci-Change-netifaces-dependency-to-0.10.4-965.patch [bz#2040090]
ci-Update-dscheck_VMware-s-rpctool-check-970.patch [bz#2040090]
ci-Revert-unnecesary-lcase-in-ds-identify-978.patch [bz#2040090]
ci-Add-netifaces-package-as-a-Requires-in-cloud-init.sp.patch [bz#2040090]
Resolves: bz#2040090
([cloud-init][RHEL9] Support for cloud-init datasource ‘cloud-init-vmware-guestinfo’)
[21.1-15]
ci-Add-gdisk-and-openssl-as-deps-to-fix-UEFI-Azure-init.patch [bz#2032524]
Resolves: bz#2032524
([RHEL9] [Azure] cloud-init fails to configure the system)
[21.1-14]
ci-cloudinit-net-handle-two-different-routes-for-the-sa.patch [bz#2028031]
Resolves: bz#2028031
([RHEL-9] Above 19.2 of cloud-init fails to configure routes when configuring static and default routes to the same destination IP)
[21.1-13]
ci-fix-error-on-upgrade-caused-by-new-vendordata2-attri.patch [bz#2028381]
Resolves: bz#2028381
(cloud-init.service fails to start after package update)
[21.1-12]
ci-remove-unnecessary-EOF-string-in-disable-sshd-keygen.patch [bz#2016305]
Resolves: bz#2016305
(disable-sshd-keygen-if-cloud-init-active.conf:8: Missing ‘=’, ignoring line)
[21.1-11]
ci-cc_ssh.py-fix-private-key-group-owner-and-permission.patch [bz#2015974]
Resolves: bz#2015974
(cloud-init fails to set host key permissions correctly)

OSVersionArchitecturePackageVersionFilename
oracle linux9srccloud-init< 23.1.1-11.0.2.el9cloud-init-23.1.1-11.0.2.el9.src.rpm
oracle linux9noarchcloud-init< 23.1.1-11.0.2.el9cloud-init-23.1.1-11.0.2.el9.noarch.rpm
oracle linux9srccloud-init< 23.1.1-11.0.2.el9cloud-init-23.1.1-11.0.2.el9.src.rpm
oracle linux9noarchcloud-init< 23.1.1-11.0.2.el9cloud-init-23.1.1-11.0.2.el9.noarch.rpm

OS	Version	Architecture	Package	Version	Filename
oracle linux	9	src	cloud-init	< 23.1.1-11.0.2.el9	cloud-init-23.1.1-11.0.2.el9.src.rpm
oracle linux	9	noarch	cloud-init	< 23.1.1-11.0.2.el9	cloud-init-23.1.1-11.0.2.el9.noarch.rpm
oracle linux	9	src	cloud-init	< 23.1.1-11.0.2.el9	cloud-init-23.1.1-11.0.2.el9.src.rpm
oracle linux	9	noarch	cloud-init	< 23.1.1-11.0.2.el9	cloud-init-23.1.1-11.0.2.el9.noarch.rpm