chore: update Linux to 5.15.16

See https://www.openwall.com/lists/oss-security/2022/01/18/7

Signed-off-by: Andrey Smirnov <andrey.smirnov@talos-systems.com>

Makefile

@@ -13,7 +13,7 @@ NAME = Talos
 
 ARTIFACTS := _out
 TOOLS ?= ghcr.io/talos-systems/tools:v0.9.0-1-gb1146f9
-PKGS ?= v0.9.0-1-g7a3419a
+PKGS ?= v0.9.0-2-g447ce75
 EXTRAS ?= v0.7.0-1-gd6b73a7
 GO_VERSION ?= 1.17
 GOFUMPT_VERSION ?= v0.1.1

hack/release.toml

@@ -6,7 +6,7 @@ github_repo = "talos-systems/talos"
 match_deps = "^github.com/(talos-systems/[a-zA-Z0-9-]+)$"
 
 # previous release
-previous = "v0.13.0"
+previous = "v0.14.0"
 
 pre_release = false
 
@@ -15,124 +15,12 @@ preface = """\
 
 [notes]
 
-    [notes.vlan]
-        title = "VLAN Enhancements"
-        description="""\
-Talos now supports setting MTU and Virtual IPs on VLAN interfaces.
-"""
-
-    [notes.upgrades]
-        title = "Kubernetes Upgrade Enhancements"
-        description="""\
-`talosctl upgrade-k8s` was improved to:
-
-* sync all boostrap manifest resources in the Kubernetes cluster with versions bundled with current version Talos
-* upgrade `kubelet` to the version of the control plane components (without node reboot)
-
-So there is no need to update CoreDNS, Flannel container manually after running `upgrade-k8s` anymore.
-"""
-
-    [notes.discovery]
-        title = "Cluster Discovery"
-        description="""\
-[Cluster Discovery](https://www.talos.dev/docs/v0.14/guides/discovery/) is enabled by default for Talos 0.14.
-Cluster Discovery can be disabled with `talosctl gen config --with-cluster-discovery=false`.
-"""
-
-    [notes.logs]
-        title = "Log Shipping"
-        description="""\
-Talos can now [ship system logs](https://www.talos.dev/docs/v0.14/guides/logging/)
-to the configured destination using either JSON-over-UDP or JSON-over-TCP:
-see `.machine.logging` machine configuration option.
-"""
-
     [notes.updates]
         title = "Component Updates"
         description="""\
-* Linux: 5.15.6
-* etcd: 3.5.1
-* containerd: 1.5.8
-* runc: 1.0.3
-* Kubernetes: 1.23.1
-* CoreDNS: 1.8.6
-* Flannel (default CNI): 0.15.1
-
-Talos is built with Go 1.17.5
+* Linux: 5.15.16
 """
 
-    [notes.caps]
-        title = "Kexec and capabilities"
-        description = """\
-When kexec support is disabled
-Talos no longer drops Linux capabilities (`CAP_SYS_BOOT` and `CAP_SYS_MODULES`) for child processes.
-That is helpful for advanced use-cases like Docker-in-Docker.
-
-If you want to permanently disable kexec and capabilities dropping, pass `kexec_load_disabled=1` argument to the kernel.
-
-For example:
-
-```yaml
-install:
-  extraKernelArgs:
-    - sysctl.kernel.kexec_load_disabled=1
-```
-
-Please note that capabilities are dropped before machine configuration is loaded,
-so disabling kexec via `machine.sysctls` will not be enough.
-"""
-
-    [notes.support]
-        title = "`talosctl support`"
-        description = """\
-`talosctl` CLI tool now has a new subcommand called `support`, that can gather all
-cluster information that could help with future debugging in a single run.
-
-Output of the command is a `zip` archive with all talos service logs, kubernetes pod logs and manifests,
-talos resources manifests and so on.
-Generated archive does not contain any secret information so it is safe to send it for analysis to a third party.
-"""
-
-    [notes.kubelet]
-        title = "Kubelet"
-        description = """\
-Kubelet configuration can be updated without node restart (`.machine.kubelet` section of machine configuration) with commands
-`talosctl edit mc --immediate`, `talosctl apply-config --immediate`, `talosctl patch mc --immediate`.
-
-Kubelet service can now be restarted with `talosctl service kubelet restart`.
-
-Kubelet node IP configuration (`.machine.kubelet.nodeIP.validSubnets`) can now include negative subnet matches (prefixed with `!`).
-"""
-
-    [notes.siderolink]
-        title = "SideroLink"
-        description = """\
-A set of Talos ehancements is going to unlock a number of exciting features in the upcoming release of [Sidero](https://www.sidero.dev/):
-
-* `SideroLink`: a point-to-point Wireguard tunnel connecting Talos node back to the provisioning platform (Sidero).
-* event sink (kernel arg `talos.event.sink=http://10.0.0.1:4000`) delivers Talos internal events to the specified destination.
-* kmsg log delivery (kernel arg `talos.logging.kernel=tcp://10.0.0.1:4001`) sends kernel logs as JSON lines over TCP or UDP.
-"""
-
-    [notes.ntp]
-        title = "NTP Sync"
-        description = """\
-Talos NTP sync process was improved to align better with kernel time adjustment periods and to filter out spikes.
-"""
-
-    [notes.installer]
-        title = "`installer` and `imager` images"
-        description = """\
-Talos supports two target architectures: `amd64` and `arm64`, so all Talos images are built for both `amd64` and `arm64`.
-
-New image `imager` was added which contains Talos assets for both architectures which allows to generate Talos disk images
-cross-arch: e.g. generate Talos Raspberry PI disk image on `amd64` machine.
-
-As `installer` image is used only to do initial install and upgrades, it now contains Talos assets for a specific architecture.
-This reduces size of the `installer` image leading to faster upgrades and less memory usage.
-
-There are no user-visible changes except that now `imager` container image should be used to produce Talos disk images.
-"""
 
 [make_deps]
 

pkg/machinery/constants/constants.go

@@ -13,7 +13,7 @@ import (
 
 const (
 	// DefaultKernelVersion is the default Linux kernel version.
-	DefaultKernelVersion = "5.15.6-talos"
+	DefaultKernelVersion = "5.15.16-talos"
 
 	// KernelParamConfig is the kernel parameter name for specifying the URL.
 	// to the config.