Feature fixes, security and maintenance update candidates for you to test!
This release batch contains fixes on the major storage feature previously announced,
read the RC2 announcement for QCOW2 image format support for 2TiB+ images.
The whole platform has been hardened with back-porting security patches from the latest version of OpenSSH.
An additional driver fix is part of this minor package set.
What changed
Storage
QCOW2 image format support is the major feature of this release batch,
check related announcement in forum.
Some fixes have been applied to fix issues found during the testing phase. Many thanks go to @Andrew who found a CBT-related bug on file-based SRs!
sm: 3.2.12-17.5
Fix a regression on CBT (Changed block tracking) on file-based SRs (EXT, NFS, ...), causing backup jobs using the "purge snapshot data when using CBT" option to create full backups each time instead of deltas.
Deactivate unused LVM snapshot base before deletion to prevent LVM leak. This fix is not related to the QCOW2 feature, but is important and localized enough for us to provide it in addition the other changes.
Minor fix that prevents a warning when updating the package.
blktap: 3.55.5-6.5
Fix install warning when triggering mdadm to generate a udev rule.
Network
openssh: Update to 9.8p1-1.2.3
Two vulnerabilities disclosed along with the OpenSSH 10.3 release have been fixed.
In authorized_keys, when principals="" was defined along with a CA with a common CA, an interpretation error occurred, which could lead to unauthorized access.
When one ECDSA algorithm was active, it activated all others regardless of their configuration. (By default, all ECDSA algorithms are active.)
For more details please track the upcoming Vates Security Advisories.
Drivers updates
More information about drivers and current versions is maintained on the drivers wiki page.
qlogic-fastlinq-alt: 8.74.6.0-1
Fixes 2 issues in the qede module driver:
Driver does not retain configured MAC and MTU post reset recovery
Driver does not recover from TX timeout error
Versions:
blktap: 3.55.5-6.4.xcpng8.3 -> 3.55.5-6.5.xcpng8.3
openssh: 9.8p1-1.2.2.xcpng8.3 -> 9.8p1-1.2.3.xcpng8.3
sm: 3.2.12-17.2.xcpng8.3 -> 3.2.12-17.5.xcpng8.3
Optional packages:
qlogic-fastlinq-alt: 8.70.12.0-1.xcpng8.3 -> 8.74.6.0-1.xcpng8.3
Test on XCP-ng 8.3
If you are using XOSTOR, please refer to our documentation for the update method.
yum clean metadata --enablerepo=xcp-ng-testing,xcp-ng-candidates
yum update --enablerepo=xcp-ng-testing,xcp-ng-candidates
reboot
The usual update rules apply: pool coordinator first, etc.
What to test
The most important change is related to storage: adding QCOW2 support also affects the codebase managing VHD disks. What matters here is, above all, to detect any regression on VHD support (we tested it deeply, but on this matter there's no such thing as too much testing). Of course, you are also welcome to test the QCOW2 image format support.
See the dedicated thread for more information.
Other significant changes requiring attention:
SSH connectivity
And, as usual, normal use and anything else you want to test.
Test window before official release of the updates
~4 days
We would like to thank users who reported feedback on the QCOW RC2 release: @acebmxer, @andrew, @bufanda, @flakpyro, @jeffberntsen, @ph7
