Sync from SUSE:SLFO:Main podman revision 02daad6bf88a192041641f917b5c1fb9

This commit is contained in:
2025-05-19 21:54:14 +02:00
parent 903d09d8ad
commit 221e73468e
11 changed files with 941 additions and 2311 deletions

View File

@@ -1,7 +1,7 @@
From 72e71f35e16ef39b52f3dc65f38920633a3e8c8a Mon Sep 17 00:00:00 2001
From ac688aeb523c6350f27f2dccbc833a3dfa6a0005 Mon Sep 17 00:00:00 2001
From: Danish Prakash <contact@danishpraka.sh>
Date: Thu, 13 Mar 2025 14:37:38 +0530
Subject: [PATCH 3/3] CVE-2025-22869: ssh: limit the size of the internal
Subject: [PATCH 1/2] CVE-2025-22869: ssh: limit the size of the internal
packet queue while waiting for KEX (#13)
In the SSH protocol, clients and servers execute the key exchange to
@@ -131,5 +131,5 @@ index 56cdc7c21c3b..a68d20f7f396 100644
return nil
--
2.46.0
2.49.0

File diff suppressed because it is too large Load Diff

View File

@@ -1,99 +0,0 @@
From aae4b1bdc593b2b454469992977f776bd35435f3 Mon Sep 17 00:00:00 2001
From: Danish Prakash <contact@danishpraka.sh>
Date: Fri, 28 Feb 2025 12:54:41 +0530
Subject: [PATCH 2/3] CVE-2025-27144: vendor: don't allow unbounded amounts of
splits (#11)
In compact JWS/JWE, don't allow unbounded number of splits.
Count to make sure there's the right number, then use SplitN.
This fixes CVE-2025-27144
This fixes bsc#1237641
Cherry-picked from
go-jose/go-jose@99b346c
Signed-off-by: Danish Prakash <contact@danishpraka.sh>
Co-authored-by: Matthew McPherrin <git@mcpherrin.ca>
---
vendor/github.com/go-jose/go-jose/v3/jwe.go | 5 +++--
vendor/github.com/go-jose/go-jose/v3/jws.go | 5 +++--
vendor/github.com/go-jose/go-jose/v4/jwe.go | 5 +++--
vendor/github.com/go-jose/go-jose/v4/jws.go | 5 +++--
4 files changed, 12 insertions(+), 8 deletions(-)
diff --git a/vendor/github.com/go-jose/go-jose/v3/jwe.go b/vendor/github.com/go-jose/go-jose/v3/jwe.go
index 4267ac75025a..1ba4ae0c0031 100644
--- a/vendor/github.com/go-jose/go-jose/v3/jwe.go
+++ b/vendor/github.com/go-jose/go-jose/v3/jwe.go
@@ -202,10 +202,11 @@ func (parsed *rawJSONWebEncryption) sanitized() (*JSONWebEncryption, error) {
// parseEncryptedCompact parses a message in compact format.
func parseEncryptedCompact(input string) (*JSONWebEncryption, error) {
- parts := strings.Split(input, ".")
- if len(parts) != 5 {
+ // Five parts is four separators
+ if strings.Count(input, ".") != 4 {
return nil, fmt.Errorf("go-jose/go-jose: compact JWE format must have five parts")
}
+ parts := strings.SplitN(input, ".", 5)
rawProtected, err := base64URLDecode(parts[0])
if err != nil {
diff --git a/vendor/github.com/go-jose/go-jose/v3/jws.go b/vendor/github.com/go-jose/go-jose/v3/jws.go
index e37007dbb855..401fc18ac4df 100644
--- a/vendor/github.com/go-jose/go-jose/v3/jws.go
+++ b/vendor/github.com/go-jose/go-jose/v3/jws.go
@@ -275,10 +275,11 @@ func (parsed *rawJSONWebSignature) sanitized() (*JSONWebSignature, error) {
// parseSignedCompact parses a message in compact format.
func parseSignedCompact(input string, payload []byte) (*JSONWebSignature, error) {
- parts := strings.Split(input, ".")
- if len(parts) != 3 {
+ // Three parts is two separators
+ if strings.Count(input, ".") != 2 {
return nil, fmt.Errorf("go-jose/go-jose: compact JWS format must have three parts")
}
+ parts := strings.SplitN(input, ".", 3)
if parts[1] != "" && payload != nil {
return nil, fmt.Errorf("go-jose/go-jose: payload is not detached")
diff --git a/vendor/github.com/go-jose/go-jose/v4/jwe.go b/vendor/github.com/go-jose/go-jose/v4/jwe.go
index 89f03ee3e1e6..9f1322dccc9c 100644
--- a/vendor/github.com/go-jose/go-jose/v4/jwe.go
+++ b/vendor/github.com/go-jose/go-jose/v4/jwe.go
@@ -288,10 +288,11 @@ func ParseEncryptedCompact(
keyAlgorithms []KeyAlgorithm,
contentEncryption []ContentEncryption,
) (*JSONWebEncryption, error) {
- parts := strings.Split(input, ".")
- if len(parts) != 5 {
+ // Five parts is four separators
+ if strings.Count(input, ".") != 4 {
return nil, fmt.Errorf("go-jose/go-jose: compact JWE format must have five parts")
}
+ parts := strings.SplitN(input, ".", 5)
rawProtected, err := base64.RawURLEncoding.DecodeString(parts[0])
if err != nil {
diff --git a/vendor/github.com/go-jose/go-jose/v4/jws.go b/vendor/github.com/go-jose/go-jose/v4/jws.go
index 3a912301afc2..d09d8ba5078c 100644
--- a/vendor/github.com/go-jose/go-jose/v4/jws.go
+++ b/vendor/github.com/go-jose/go-jose/v4/jws.go
@@ -327,10 +327,11 @@ func parseSignedCompact(
payload []byte,
signatureAlgorithms []SignatureAlgorithm,
) (*JSONWebSignature, error) {
- parts := strings.Split(input, ".")
- if len(parts) != 3 {
+ // Three parts is two separators
+ if strings.Count(input, ".") != 2 {
return nil, fmt.Errorf("go-jose/go-jose: compact JWS format must have three parts")
}
+ parts := strings.SplitN(input, ".", 3)
if parts[1] != "" && payload != nil {
return nil, fmt.Errorf("go-jose/go-jose: payload is not detached")
--
2.46.0

View File

@@ -0,0 +1,59 @@
From d92ec6496d97963d8d151ef2c11c761a7ad48ec0 Mon Sep 17 00:00:00 2001
From: rcmadhankumar <madhankumar.chellamuthu@suse.com>
Date: Mon, 12 May 2025 19:34:12 +0530
Subject: [PATCH 2/2] Fix: Remove appending rw as the default mount option
The backstory for this is that runc 1.2 (opencontainers/runc#3967)
fixed a long-standing bug in our mount flag handling (a bug that crun
still has). Before runc 1.2, when dealing with locked mount flags that
user namespaced containers cannot clear, trying to explicitly clearing
locked flags (like rw clearing MS_RDONLY) would silently ignore the rw
flag in most cases and would result in a read-only mount. This is
obviously not what the user expects.
What runc 1.2 did is that it made it so that passing clearing flags
like rw would always result in an attempt to clear the flag (which was
not the case before), and would (in all cases) explicitly return an
error if we try to clear locking flags. (This also let us finally fix a
bunch of other long-standing issues with locked mount flags causing
seemingly spurious errors).
The problem is that podman sets rw on all mounts by default (even if
the user doesn't specify anything). This is actually a no-op in
runc 1.1 and crun because of a bug in how clearing flags were handled
(rw is the absence of MS_RDONLY but until runc 1.2 we didn't correctly
track clearing flags like that, meaning that rw would literally be
handled as if it were not set at all by users) but in runc 1.2 leads to
unfortunate breakages and a subtle change in behaviour (before, a ro
mount being bind-mounted into a container would also be ro -- though
due to the above bug even setting rw explicitly would result in ro in
most cases -- but with runc 1.2 the mount will always be rw even if
the user didn't explicitly request it which most users would find
surprising). By the way, this "always set rw" behaviour is a departure
from Docker and it is not necesssary.
Bugs: bsc#1242132
Signed-off-by: rcmadhankumar <madhankumar.chellamuthu@suse.com>
Signed-off-by: Danish Prakash <contact@danishpraka.sh>
---
pkg/util/mount_opts.go | 3 ---
1 file changed, 3 deletions(-)
diff --git a/pkg/util/mount_opts.go b/pkg/util/mount_opts.go
index c9a773093e72..4e37fd74a0af 100644
--- a/pkg/util/mount_opts.go
+++ b/pkg/util/mount_opts.go
@@ -191,9 +191,6 @@ func processOptionsInternal(options []string, isTmpfs bool, sourcePath string, g
newOptions = append(newOptions, opt)
}
- if !foundWrite {
- newOptions = append(newOptions, "rw")
- }
if !foundProp {
if recursiveBind {
newOptions = append(newOptions, "rprivate")
--
2.49.0

View File

@@ -2,7 +2,7 @@
<service name="obs_scm" mode="manual">
<param name="url">https://github.com/containers/podman.git</param>
<param name="scm">git</param>
<param name="revision">v5.2.5</param>
<param name="revision">v5.4.2</param>
<param name="versionformat">@PARENT_TAG@</param>
<param name="changesgenerate">enable</param>
<param name="versionrewrite-pattern">v(.*)</param>

View File

@@ -1,4 +1,4 @@
<servicedata>
<service name="tar_scm">
<param name="url">https://github.com/containers/podman.git</param>
<param name="changesrevision">10c5aa720d59480bc7edad347c1f5d5b75d4424f</param></service></servicedata>
<param name="changesrevision">be85287fcf4590961614ee37be65eeb315e5d9ff</param></service></servicedata>

BIN
podman-5.2.5.obscpio (Stored with Git LFS)

Binary file not shown.

BIN
podman-5.4.2.obscpio (Stored with Git LFS) Normal file

Binary file not shown.

View File

@@ -1,3 +1,864 @@
-------------------------------------------------------------------
Mon May 12 13:44:13 UTC 2025 - Danish Prakash <danish.prakash@suse.com>
- Add patch for bsc#1242132:
* 0002-Fix-Remove-appending-rw-as-the-default-mount-option.patch
- Rebase patches:
* 0001-CVE-2025-22869-ssh-limit-the-size-of-the-internal-pa.patch
- Removed patches:
* 0001-vendor-bump-buildah-to-1.37.6-CVE-2024-11218.patch
* 0002-CVE-2025-27144-vendor-don-t-allow-unbounded-amounts-.patch
* 0003-CVE-2025-22869-ssh-limit-the-size-of-the-internal-pa.patch
- Drop iptables support in favor of nftables (required by netavark)
- Fix conditional Requires (remove deprecated sle_version macro)
- Update to version 5.4.2:
* Bump to v5.4.2
* Add release notes for v5.4.2
* Fix a potential deadlock during `podman cp`
* Improve the file format documentation of podman-import.
* Revert "podman-import only supports gz and tar"
* Bump buildah to v1.39.4
* libpod: do not cover idmapped mountpoint
* test: Fix runc error message
* oci: report empty exec path as ENOENT
* test: adapt tests new crun error messages
* test: remove duplicate test
* cirrus: test only on f41/rawhide
* CI: use z1d instance for windows machine testing
* New images 2025-03-24
* test/e2e: use go net.Dial() ov nc
* test: use ncat over nc
* New images 2025-03-12
* RPM: Add riscv64 to ExclusiveArch-es
* Fix HealthCheck log destination, count, and size defaults
* Win installer test: hardcode latest GH release ID
* Packit: Fix action script for fetching upstream commit
* Bump to v5.4.2-dev
* Bump to v5.4.1
* update gvproxy version to 0.8.4
* Update Buildah to v1.39.2
* Update release notes for v5.4.1
* Fix reporting summed image size for compat endpoint
* podman-import only supports gz and tar
* quadlet kube: correctly mark unit as failed
* pkg/domain/infra/abi/play.go: fix two nilness issues
* kube play: don't print start errors twice
* libpod: race in WaitForConditionWithInterval()
* libpod: race in WaitForExit() with autoremove
* Don't try to resolve host path if copying to container from stdin.
* Use svg for pkginstaller banner
* Create quota before _data dir for volumes
* Packit: clarify secondary status in CI
* Packit/RPM: Display upstream commit SHA in all rpm builds
* podman run: fix --pids-limit -1 wrt runc
* vendor: update github.com/go-jose/go-jose/v3 to v3.0.4
* chore(deps): update module github.com/go-jose/go-jose/v4 to v4.0.5 [security]
* wire up --retry-delay for artifact pull
* Revert "silence false positve from golangci-lint"
* update golangci-lint to v1.64.4
* update golangci-lint to v1.64.2
* silence false positve from golangci-lint
* cmd/podman: refactor Context handling
* fix new usetesting lint issue
* Packit/Copr: Fix `podman version` in rpm
* Remove persist directory when cleaning up Conmon files
* Bump to v5.4.1-dev
* Bump to v5.4.0
* Update release notes for v5.4.0 final
* In SQLite state, use defaults for empty-string checks
* Bump FreeBSD version to 13.4
* docs: add v5.4 to API reference
* Update rpm/podman.spec
* RPM: set buildOrigin in LDFLAG
* RPM: cleanup macro defs
* Makefile: escape BUILD_ORIGIN properly
* rootless: fix hang on s390x
* Set Cirrus DEST_BRANCH appropriately to fix CI
* Bump to v5.4.0-dev
* Bump to v5.4.0-rc3
* Update release notes for v5.4.0-rc3
* Add BuildOrigin field to podman info
* artifact: only allow single manifest
* test/e2e: improve write/removeConf()
* Add --noheading to artifact ls
* Add --no-trunc to artifact ls
* Add type and annotations to artifact add
* pkg/api: honor cdi devices from the hostconfig
* util: replace Walk with WalkDir
* fix(pkg/rootless): avoid memleak during init() contructor.
* Add `machine init --playbook`
* RPM: include empty check to silence rpmlint
* RPM: adjust qemu dependencies
* Force use of iptables on Windows WSL
* rpm: add attr as dependency for podman-tests
* update gvproxy version
* [v5.4] Bump Buildah to v1.39.0
* podman exec: correctly support detaching
* libpod: remove unused ExecStartAndAttach()
* [v5.4] Bump c/storage to v1.57.1, c/image v5.34.0, c/common v0.62.0
* Move detection of libkrun and intel
* Prevent two podman machines running on darwin
* Remove unnecessary error handling
* Remove usused Kind() function
* Bump to v5.4.0-dev
* Bump to v5.4.0-rc2
* Update release notes for v5.4.0-rc2
* Safer use of `filepath.EvalSymlinks()` on Windows
* error with libkrun on intel-based machines
* chore(deps): update dependency pytest to v8.3.4
* test/buildah-bud: skip two new problematic tests on remote
* Fix podman-restart.service when there are no containers
* Avoid upgrading from v5.3.1 on Windows
* Clean up after unexpectedly terminated build
* system-tests: switch ls with getfattr for selinux tests
* vendor latest c/{buildah,common,image,storage}
* Makefile: Add validatepr description for 'make help' output
* docs: Enhance podman build --secret documentation and add examples
* docs: mount.md - idmapped mounts only work for root user
* Define, and use, PodmanExitCleanlyWithOptions
* Eliminate PodmanSystemdScope
* Fix image ID query
* Revert "Use the config digest to compare images loaded/pulled using different methods"
* Update c/image after https://github.com/containers/image/pull/2613
* Update expected errors when pulling encrypted images
* Eliminate PodmanExtraFiles
* Introduce PodmanTestIntegration.PodmanWithOptions
* Restructure use of options
* Inline PodmanBase into callers
* Pass all of PodmanExecOptions to various [mM]akeOptions functions
* Turn PodmanAsUserBase into PodmanExecBaseWithOptions
* Avoid indirect links through quadlet(5)
* do not set the CreateCommand for API users
* Add podman manifest rm --ignore
* Bump to v5.4.0-dev
* Bump to v5.4.0-rc1
* fix(deps): update module github.com/containers/gvisor-tap-vsock to v0.8.2
* podman artifact
* vendor latest c/{common,image,storage}
* fix(deps): update module github.com/rootless-containers/rootlesskit/v2 to v2.3.2
* cirrus: bump macos machine test timeout
* pkg/machine/e2e: improve podman.exe match
* pkg/machine/e2e: improve "list machine from all providers"
* Remove JSON tag from UseImageHosts in ContainerConfig
* Set network ID if available during container inspect
* Stop creating a patch for v5.3.1 upgrades on windows
* compose docs: fix typo
* Document kube-play CDI support
* docs: Add quadlet debug method systemd-analyze
* Replace instances of PodmanExitCleanly in play_kube_test.go
* docs: add 'initialized' state to status filters
* fix(deps): update module google.golang.org/protobuf to v1.36.3
* Switch all calls of assert.Nil to assert.NoError
* Add --no-hostname option
* Fix unescaping octal escape sequence in values of Quadlet unit files
* Remove `.exe` suffix if any
* Add kube play support for CDI resource allocation
* add support to `;` for comments in unit files as per systemd documentation
* Use PodmanExitCleanly in attach_test.go
* Introduce PodmanTestIntegration.PodmanExitCleanly
* chore(deps): update dependency setuptools to ~=75.8.0
* Add newer c/i to support artifacts
* fix(deps): update module golang.org/x/tools to v0.29.0
* fix(deps): update module golang.org/x/net to v0.34.0
* specgenutil: Fix parsing of mount option ptmxmode
* namespaces: allow configuring keep-id userns size
* Update description for completion
* Quadlet - make sure the /etc/containers/systemd/users is traversed in rootless
* Document .build for Image .container option
* fix(deps): update module github.com/vbauerster/mpb/v8 to v8.9.1
* New VM Images
* update golangci/golangci-lint to v1.63.4
* fix(deps): update module google.golang.org/protobuf to v1.36.2
* chore(deps): update dependency setuptools to ~=75.7.0
* Fixing ~/.ssh/identity handling
* vendor latest c/common from main
* fix(deps): update module github.com/shirou/gopsutil/v4 to v4.24.12
* fix(deps): update module github.com/opencontainers/runc to v1.2.4
* specgen: fix comment
* Add hint to restart Podman machine to really accept new certificates
* fix(deps): update module github.com/onsi/gomega to v1.36.2
* fix(deps): update module github.com/moby/term to v0.5.2
* Pass container hostname to netavark
* Fix slirp4netns typo in podman-network.1.md
* Add support to ShmSize in Pods with Quadlet
* fix(deps): update module github.com/onsi/ginkgo/v2 to v2.22.1
* chore(deps): update module golang.org/x/crypto to v0.31.0 [security]
* fix(deps): update module golang.org/x/net to v0.33.0 [security]
* Kube volumes can not container _
* fix(deps): update module github.com/docker/docker to v27.4.1+incompatible
* test/system: fix "podman play --build private registry" error
* test/system: CopyDirectory() do not chown files
* test/system: remove system dial-stdio test
* shell completion: respect CONTAINERS_REGISTRIES_CONF
* fix(deps): update module github.com/cpuguy83/go-md2man/v2 to v2.0.6
* When generating host volumes for k8s, force to lowercase
* test: enable newly added test
* vfkit:Use 0.6.0 binary
* gvproxy:Use 0.8.1 binary
* systemd: simplify parser and fix infinite loop
* Revert "win-installer test: revert to v5.3.0"
* Avoid rebooting twice when installing WSL
* Avoid rebooting on Windows when upgrading and WSL isn't installed
* Add win installer patch
* Bump WiX toolset version to 5.0.2
* test/e2e: SkipOnOSVersion() add reason field
* test/e2e: remove outdated SkipOnOSVersion() calls
* Update VM images
* fix(deps): update module golang.org/x/crypto to v0.31.0 [security]
* fix(deps): update module github.com/crc-org/crc/v2 to v2.45.0
* fix(deps): update module github.com/opencontainers/runc to v1.2.3
* quadlet: fix inter-dependency of containers in `Network=`
* Add man pages to Mac installer
* fix(deps): update module github.com/onsi/gomega to v1.36.1
* fix(deps): update module github.com/docker/docker to v27.4.0+incompatible
* Fix device limitations in podman-remote update on remote systems
* Use latest version of VS BuildTools
* bin/docker: fix broken escaping and variable substitution
* manifest annotate: connect IndexAnnotations
* Fix panic in `manifest annotate --index`
* fix(deps): update module github.com/cyphar/filepath-securejoin to v0.3.5
* fix(deps): update module golang.org/x/net to v0.32.0
* fix(deps): update module golang.org/x/tools to v0.28.0
* fix(deps): update module golang.org/x/crypto to v0.30.0
* fix(deps): update module golang.org/x/sys to v0.28.0
* Fix overwriting of LinuxResources structure in the database
* api: replace inspectID with name
* fix(deps): update github.com/opencontainers/runtime-tools digest to f7e3563
* Replace ExclusiveArch with ifarch
* fix(deps): update module github.com/containers/gvisor-tap-vsock to v0.8.1
* Improve platform specific URL handling in `podman compose` for machines
* Fix `podman info` with multiple imagestores
* Switch to fixed common
* refact: use uptime.minutes instead of uptime.seconds
* fix(deps): update module github.com/shirou/gopsutil/v4 to v4.24.11
* fix(deps): update golang.org/x/exp digest to 2d47ceb
* fix(deps): update github.com/godbus/dbus/v5 digest to c266b19
* Cover Unix socket in inpect test on Windows platform
* Add a test for forcing compression and v2s2 format
* fix(deps): update module github.com/crc-org/vfkit to v0.6.0
* Package podman-machine on supported architectures only.
* Fixes missing binary in systemd.
* stats: ignore errors from containers without cgroups
* api: Error checking before NULL dereference
* [skip-ci] Packit/copr: switch to fedora-all
* make remotesystem: fail early if serial tests fail
* spec: clamp rlimits without CAP_SYS_RESOURCE
* Clarify the reason for skip_if_remote
* Sanity-check that the test is really using partial pulls
* Fix apparent typos in zstd:chunked tests
* Fix compilation issues in QEMU machine files (Windows platform)
* Mount volumes before copying into a container
* Revert "libpod: remove shutdown.Unregister()"
* docs: improve documentation for internal networks
* docs: document bridge mode option
* [skip-ci] Packit: remove epel and re-enable c9s
* chore(deps): update dependency golangci/golangci-lint to v1.62.2
* vendor: update containers/common
* OWNERS: remove edsantiago
* fix(deps): update module github.com/onsi/gomega to v1.36.0
* fix(deps): update github.com/containers/common digest to ceceb40
* refact: EventerType and improve consistency
* Add --hosts-file flag to container and pod commands
* Add nohosts option to /build and /libpod/build
* fix(deps): update module github.com/stretchr/testify to v1.10.0
* Quadlet - Use = sign when setting the pull arg for build
* win-installer test: revert to v5.3.0
* fix(deps): update module github.com/crc-org/crc/v2 to v2.44.0
* fix(deps): update module github.com/onsi/ginkgo/v2 to v2.22.0
* chore(deps): update dependency setuptools to ~=75.6.0
* Update windows installer tests
* Windows: don't install WSL/HyperV on update
* Switch to non-installing WSL by default
* fix(deps): update github.com/containers/buildah digest to 52437ef
* Configure HealthCheck with `podman update`
* CI: --image-volume test: robustify
* docs: add 5.3 as Reference version
* Bump CI VMs
* libpod: pass down NoPivotRoot to Buildah
* vendor: bump containers/buildah
* fix(deps): update module github.com/opencontainers/runc to v1.2.2
* Overlay mounts supersede image volumes & volumes-from
* libpod: addHosts() prevent nil deref
* only read ssh_config for non machine connections
* ssh_config: allow IdentityFile file with tilde
* ssh_config: do not overwrite values from config file
* connection: ignore errors when parsing ssh_config
* Bump bundled krunkit to 0.1.4
* fix(deps): update module google.golang.org/protobuf to v1.35.2
* add support for driver-specific options during container creation
* doc: fix words repetitions
* Update release notes on main for v5.3.0
* chore(deps): update dependency setuptools to ~=75.5.0
* CI: system tests: parallelize 010
* fix podman machine init --ignition-path
* vendor: update containers/common
* spec: clamp rlimits in a userns
* Add subpath support to volumes in `--mount` option
* refactor: simplify LinuxNS type definition and String method
* test/e2e: remove FIPS test
* vendor containers projects to tagged versions
* fix(deps): update module github.com/moby/sys/capability to v0.4.0
* chore(deps): update dependency setuptools to ~=75.4.0
* system tests: safer install_kube_template()
* Buildah treadmill tweaks
* update golangci-lint to v1.62.0
* fix(deps): update module golang.org/x/net to v0.31.0
* fix(deps): update module golang.org/x/tools to v0.27.0
* Revert "Reapply "CI: test nftables driver on fedora""
* Yet another bump, f41 with fixed kernel
* test: add zstd:chunked system tests
* pkg/machine/e2e: remove dead code
* fix(deps): update module golang.org/x/crypto to v0.29.0
* kube SIGINT system test: fix race in timeout handling
* New `system connection add` tests
* Update codespell to v2.3.0
* Avoid printing PR text to stdout in system test
* Exclude symlink from pre-commit end-of-file-fixer
* api: Add error check
* [CI:ALL] Bump main to v5.4.0-dev
* test/buildah-bud: build new inet helper
* test/system: add regression test for TZDIR local issue
* vendor latest c/{buildah,common,image,storage}
* Reapply "CI: test nftables driver on fedora"
* Revert "cirrus: test only on f40/rawhide"
* test f41 VMs
* AdditionalSupport for SubPath volume mounts
* wsl-e2e: Add a test to ensure port 2222 is free with usermode networking
* winmake.ps1: Fix the syntax of the function call Win-SSHProxy
* volume ls: fix race that caused it to fail
* gvproxy: Disable port-forwarding on WSL
* build: update gvisor-tap-vsock to 0.8.0
* podman: update roadmap
* Log network creation and removal events in Podman
* libpod: journald do not lock thread
* Add key to control if a container can get started by its pod
* Honor users requests in quadlet files
* CI: systests: workaround for parallel podman-stop flake
* Fix inconsistent line ending in win-installer project
* fix(deps): update module github.com/opencontainers/runc to v1.2.1
* Quadlet - support image file based mount in container file
* API: container logs flush status code
* rework event code to improve API errors
* events: remove memory eventer
* libpod: log file use Wait() over event API
* Makefile: vendor target should always remove toolchain
* cirrus: check consitent vendoring in test/tools
* test/tools/go.mod: remove toolchain
* fix(deps): update module github.com/shirou/gopsutil/v4 to v4.24.10
* fix(deps): update module github.com/onsi/gomega to v1.35.1
* doc: explain --interactive in more detail
* fix(deps): update golang.org/x/exp digest to f66d83c
* fix(deps): update github.com/opencontainers/runtime-tools digest to 6c9570a
* fix(deps): update github.com/linuxkit/virtsock digest to cb6a20c
* add default polling interval to Container.Wait
* Instrument cleanup tracer to log weird volume removal flake
* make podman-clean-transient.service work as user
* Add default remote socket path if empty
* Use current user if no user specified
* Add support for ssh_config for connection
* libpod: use pasta Setup() over Setup2()
* fix(deps): update module github.com/onsi/ginkgo/v2 to v2.21.0
* fix(deps): update module github.com/onsi/gomega to v1.35.0
* logformatter: add cleanup tracer log link
* docs: fix broken example
* docs: add missing swagger links for the stable branches
* readthedocs: build extra formats
* pkg/machine/e2e: remove debug
* fix(docs): Integrate pasta in rootless tutorial
* chore(deps): update dependency setuptools to ~=75.3.0
* libpod: report cgroups deleted during Stat() call
* chore: fix some function names in comment
* CI: parallelize 450-interactive system tests
* CI: parallelize 520-checkpoint tests
* CI: make 070-build.bats use safe image names
* test/system: add podman network reload test to distro gating
* System tests: clean up unit file leaks
* healthcheck: do not leak service on failed stop
* healthcheck: do not leak statup service
* fix(deps): update module github.com/containers/gvisor-tap-vsock to v0.8.0
* Add Startup HealthCheck configuration to the podman inspect
* buildah version display: use progress()
* new showrun() for displaying and running shell commands
* Buildah treadmill: redo the .cirrus.yml tweaks
* Buildah treadmill: more allow-empty options
* Buildah treadmill: improve test-failure instructions
* Buildah treadmill: improve wording in test-fail instructions
* doc: Remove whitespace before comma
* fix(deps): update module github.com/checkpoint-restore/checkpointctl to v1.3.0
* ps: fix display of exposed ports
* ps: do not loop over port protocol
* readme: Add reference to pasta in the readme
* test/system: Fix spurious "duplicate tests" failures in pasta tests
* Improve "podman load - from URL"
* Try to repair c/storage after removing an additional image store
* Use the config digest to compare images loaded/pulled using different methods
* Simplify the additional store test
* Fix the store choice in "podman pull image with additional store"
* Bump to v5.3.0-dev
* Bump to v5.3.0-rc1
* Set quota on volume root directory, not _data
* fix(deps): update module github.com/opencontainers/runc to v1.2.0
* test: set soft ulimit
* Vagrantfile: Delete
* Enable pod restore with crun
* vendor: update c/{buildah,common,image,storage}
* Fix 330-corrupt-images.bats in composefs test runs
* quadlet: add default network dependencies to all units
* quadlet: ensure user units wait for the network
* add new podman-user-wait-network-online.service
* contrib/systemd: switch user symlink for file symlinks
* Makefile: remove some duplication from install.systemd
* contrib/systemd: move podman-auto-update units
* quadlet: do not reject RemapUsers=keep-id as root
* test/e2e: test quadlet with and without --user
* CI: e2e: fix checkpoint flake
* APIv2 test fix: image history
* pasta udp tests: new bytecheck helper
* Document packaging process
* [skip-ci] RPM: remove dup Provides
* Update dependency setuptools to ~=75.2.0
* System tests: safer pause-image creation
* Update module github.com/opencontainers/selinux to v1.11.1
* Added escaping to invoked powershell command for hyperv stubber.
* use slices.Clone instead of assignment
* libpod API: only return exit code without conditions
* Housekeeping: remove duplicates from success_task
* Thorough overhaul of CONTRIBUTING doc.
* api: Replace close function in condition body
* test/e2e: fix default signal exit code test
* Test new VM build
* CI: fix changing-rootFsSize flake
* scp: add option types
* Unlock mutex before returning from function
* Note in the README that we are moving to timed releases
* cirrus: let tar extract figure out the compression
* Make error messages more descriptive
* Mention containers.conf settings for podman machine commands
* [skip-ci] Packit: re-enable CentOS Stream 10/Fedora ELN teasks"
* cmd: use logrus to print error
* podman: do not set rlimits to the default value
* spec: always specify default rlimits
* vendor: update containers/common
* Note in the README that we are moving to timed releases
* Revert "CI: test nftables driver on fedora"
* cirrus: use zstd over bzip2 for repo archive
* cirrus: use shared repo_prep/repo_artifacts scripts
* cirrus: speed up postbuild
* cirrus: change alt arch task to only compile binaries
* cirrus: run make with parallel jobs where useful
* Makefile: allow man-page-check to be run in parallel
* cirrus: use fastvm for builds
* test/e2e: skip some Containerized checkpoint tests
* test: update timezone checks
* cirrus: update CI images
* test/e2e: try debug potential pasta issue
* CI: quadlet system tests: use airgapped testimage
* Allow removing implicit quadlet systemd dependencies
* fix(deps): update module github.com/cyphar/filepath-securejoin to v0.3.4
* libpod API: make wait endpoint better against rm races
* podman-remote run: improve how we get the exit code
* [skip-ci] Packit: constrain koji and bodhi jobs to fedora package to avoid dupes
* 055-rm test: clean up a test, and document
* CI: remove skips for libkrun
* Bump bundled krunkit to 0.1.3
* fix(deps): update module google.golang.org/protobuf to v1.35.0
* fix(deps): update module golang.org/x/net to v0.30.0
* server: fix url parsing in info
* fix(deps): update module golang.org/x/tools to v0.26.0
* Makefile: fix ginkgo FOCUS option
* fix(deps): update module golang.org/x/crypto to v0.28.0
* podman-systemd.unit.5: adjust example options
* docs: prefer --network to --net
* fix(deps): update module golang.org/x/term to v0.25.0
* fix(deps): update module github.com/mattn/go-sqlite3 to v1.14.24
* fix(deps): update module golang.org/x/sys to v0.26.0
* OWNERS file audit and update
* Exposed ports are only included when not --net=host
* libpod: hasCurrentUserMapped checks for gid too
* [CI:DOCS] Document TESTFLAGS in test README file
* Validate the bind-propagation option to `--mount`
* Fix typo in secret inspect examples
* Mention `no_hosts` and `base_hosts_file` configs in CLI option docs
* Fixes for vendoring Buildah
* vendor: update buildah to latest
* Makefile - silence skipped tests when focusing on a file
* vendor: update to latest c/common
* Quadlet - prefer "param val" over "param=val" to allow env expansion
* System tests: sdnotify: wait for socket file creation
* Switch to moby/sys/capability
* platformInspectContainerHostConfig: rm dead code
* CI: require and test CI_DESIRED_NETWORK on RHEL
* Add ExposedPorts to Inspect's ContainerConfig
* fix(deps): update golang.org/x/exp digest to 701f63a
* quadlet: allow variables in PublishPort
* fix(deps): update module github.com/shirou/gopsutil/v4 to v4.24.9
* fix(deps): update github.com/godbus/dbus/v5 digest to a817f3c
* Document that zstd:chunked is downgraded to zstd when encrypting
* fix(deps): update module github.com/cyphar/filepath-securejoin to v0.3.3
* chore(deps): update dependency ubuntu to v24
* rpm: do not load iptables modules on f41+
* adding docs for network-cmd-path
* Include exposed ports in inspect output when net=host
* feat(libpod): support kube play tar content-type (#24015)
* podman mount: some better error wrapping
* podman mount: ignore ErrLayerUnknown
* Quadlet - make sure the order of the UnitsDir is deterministic
* packit: disable Centos Stream/fedora ELN teasks
* libpod: remove shutdown.Unregister()
* libpod: rework shutdown handler flow
* libpod: ensure we are not killed during netns creation
* Update module github.com/moby/sys/capability to v0.3.0
* Update documentation of `--no-hosts`, `--hostname`, and `--name` CLI options
* Update documentation of `--add-host` CLI option
* System tests: set a default XDG_RUNTIME_DIR
* Modify machine "Remove machine" test
* CORS system test: clean up
* Add --health-max-log-count, --health-max-log-size, --health-log-destination flags
* troubleshooting: adjust home path in tip 44
* test/system: For pasta port forwarding tests don't bind socat server
* Update connection on removal
* Simplify `RemoveConnections`
* Move `DefaultMachineName` to `pkg/machine/define`
* vendor: update containers/image
* vendor: update containers/storage
* CI: skip the flaking quadlet test
* CI: make systemd tests parallel-safe (*)
* CI: run and collect cleanup tracer logs
* add epbf program to trace podman cleanup errors
* CI: parallelize logs test as much as possible
* CI: format test: use local registry if available
* CI: make 700-play parallel-safe
* docs: Fix missing negation
* bin/docker support warning message suppression from user config dir
* Update module github.com/docker/docker to v27.3.1+incompatible
* Quadlet - add full support for Symlinks
* libpod: setupNetNS() correctly mount netns
* vendor latest c/common
* docs: remove usage of deprecated `--storage`
* Update module github.com/docker/docker to v27.3.0+incompatible
* CI: Quadlet rootfs test: use container image as rootfs
* CI: system test registry: use --net=host
* CI: rm system test: bump grace period
* CI: system tests: minor documentation on parallel
* fix typo in error message Fixes: containers/podman#24001
* CI: system tests: always create pause image
* CI: quadlet system test: be more forgiving
* vendor latest c/common
* CI: make 200-pod parallel-safe
* allow exposed sctp ports
* test/e2e: add netns leak check
* test/system: netns leak check for rootless as well
* test/system: Improve TODO comments on IPv6 pasta custom DNS forward test
* test/system: Clarify "Local forwarder" pasta tests
* test/system: Simplify testing for nameserver connectivity
* test/system: Consolidate "External resolver" pasta tests
* test/system: Move test for default forwarder into its own case
* CI: make 090-events parallel-safe
* Misc minor test fixes
* Add network namespace leak check
* Add workaround for buildah parallel bug
* registry: lock start attempts
* Update system test template and README
* bats log: differentiate parallel tests from sequential
* ci: bump system tests to fastvm
* clean_setup: create pause image
* CI: make 012-manifest parallel-safe
* podman-manifest-remove: update docs and help output
* test/system: remove wait workaround
* wait: fix handling of multiple conditions with exited
* Match output of Compat Top API to Docker
* system test parallelization: enable two-pass approach
* New VMs: test crun 1.17
* libpod: hides env secrets from container inspect
* CI: e2e: workaround for events out-of-sequence flake
* update golangci-lint to 1.61.0
* libpod: convert owner IDs only with :idmap
* Podman CLI --add-host with multiple host for a single IP
* Quadlet - Split getUnitDirs to small functions
* fix(deps): update module github.com/cpuguy83/go-md2man/v2 to v2.0.5
* chore(deps): update dependency setuptools to ~=75.1.0
* Fxi typo in cache-ttl.md
* Get WSL disk as an OCI artifact
* CI: make 260-sdnotify parallel-safe
* quadlet: do not log ENOENT errors
* pkg/specgen: allow pasta when running inside userns
* troubleshooting: add tip about the user containers
* chore(deps): update dependency setuptools to v75
* Convert windows paths in volume arg of the build command
* Improve error when starting multiple machines
* fix(deps): update module github.com/cyphar/filepath-securejoin to v0.3.2
* Minor typo noticed when reading podman man page
* Remove `RemoveFilesAndConnections`
* Add `GetAllMachinesAndRootfulness`
* rewrite typo osascript
* typo
* fix(deps): update module github.com/docker/docker to v27.2.1+incompatible
* Add radio buttons to select WSL or Hyper-V in windows setup.exe
* [skip-ci] Packit: split out ELN jobs and reuse fedora downstream targets
* [skip-ci] Packit: Enable sidetags for bodhi updates
* vendor: update c/common
* CI: make 710-kube parallel-safe
* CI: mark 320-system-df *NOT* parallel safe
* Add kube play support for image volume source
* refactor: add sshClient function
* fix(deps): update module golang.org/x/tools to v0.25.0
* CI: make 505-pasta parallel safe
* CI: make 020-tag parallel-safe
* CI: make 410-selinux parallel-safe
* Bump VMs. ShellCheck is now built-in
* troubleshooting: add tip about auto, keep-id, nomap
* libpod: make use of new pasta option from c/common
* vendor latest c/common
* podman images: sort repository with tags
* Remove containers/common/pkg/config from pkg/util
* fix(deps): update module golang.org/x/net to v0.29.0
* fix(deps): update module github.com/mattn/go-sqlite3 to v1.14.23
* fix(deps): update module golang.org/x/crypto to v0.27.0
* Fix CI
* Detect and fix typos using codespell
* Fix typo: replace buildin with built-in
* Add codespell config, pre-commit definition, and move options from Makefile
* prune: support clearing build cache using CleanCacheMount
* test/e2e: fix network prune flake
* Add support for Job to kube generate & play
* Add podman-rootless.7 man page
* Add DNS, DNSOption and DNSSearch to quadlet pod
* podman.1.md: improve policy.json section
* e2e: flake fix: SIGPIPE in hook test
* libpod: fix rootless cgroup path with --cgroup-parent
* vendor: update c/storage
* CI: make 055-rm parallel-safe
* CI: make 130-kill parallel-safe
* CI: make 125-import parallel-safe
* CI: make 110-history parallel-safe
* CI: system tests: parallelize low-hanging fruit
* Add disclaimer to `podman machine info` manpage.
* man pages: refactor two more options
* update github.com/opencontainers/runc to v1.2.0-rc.3
* update go.etcd.io/bbolt to v1.3.11
* update github.com/onsi/{ginkgo,gomega}
* Update module github.com/shirou/gopsutil to v4
* packit: update fedora and epel targets
* bump go to 1.22
* cirrus: test only on f40/rawhide
* cirrus: remove CI_DESIRED_NETWORK reference
* cirrus: prebuild use f40 for extra tests
* chore(deps): update dependency setuptools to ~=74.1.0
* libpod: fix HostConfig.Devices output from 'podman inspect' on FreeBSD
* fix(deps): update golang.org/x/exp digest to 9b4947d
* Implement publishing API UNIX socket on Windows platforms
* Vendor c/common:8483ef6022b4
* quadlet: support container network reusing
* docs: update read the docs changes
* CI: parallel-safe network system test
* Quadlet - Support multiple image tags in .build files
* fix(deps): update module github.com/vbauerster/mpb/v8 to v8.8.3
* cirrus: remove _bail_if_test_can_be_skipped
* cirrus: move renovate check into validate
* cirrus: remove 3rd party connectivity check
* cirrus: remove cross jobs for aarch64 and x86_64
* cirrus: do not upload alt arch cross artifacts
* cirrus: remove ginkgo-e2e.json artifact
* cirrus: fix default timeouts
* github: remove fcos-podman-next-build-prepush
* Clarify podman machine volume mounting behavior under WSL
* machine: Add -all-providers flag to machine list
* Create a podman-troubleshooting man page
* chore(deps): update dependency setuptools to v74
* fix(deps): update module github.com/docker/docker to v27.2.0+incompatible
* Fix an improperly ignored error in SQLite
* CI: flake workaround: ignore socat waitpid warnings
* fix(deps): update module github.com/rootless-containers/rootlesskit/v2 to v2.3.1
* Stop skipping machine volume test on Hyper-V
* cleanup: add new --stopped-only option
* fix races in the HTTP attach API
* cirrus: skip windows/macos machine task on RHEL branches
* Update module github.com/containers/gvisor-tap-vsock to v0.7.5
* run: fix detach passthrough and --rmi
* podman run: ignore image rm error
* Add support for AddHost in quadlet .pod and .container
* [CI:DOCS] Update dependency golangci/golangci-lint to v1.60.3
* update github.com/vishvananda/netlink to v1.3.0
* build: Update gvisor-tap-vsock to 0.7.5
* Quote systemd DefaultEnvironment Proxy values, as documented in systemd.conf man page:
* fix typo in podman-network-create.1.md
* Use HTTP path prefix of TCP connections to match Docker context behavior
* Makefile: remotesystem: use real podman server, no --url
* Update module github.com/openshift/imagebuilder to v1.2.15
* CI: parallel-safe userns test
* Update module github.com/onsi/ginkgo/v2 to v2.20.1
* Add support for IP in quadlet .pod files
* Specify format to use for referencing fixed bugs.
* CI: parallel-safe run system test
* Revert "test/e2e: work around for pasta issue"
* CI: On vX.Y-rhel branches, ensure that some downstream Jira issue is linked
* quadlet: support user mapping in pod unit
* Update Release Process
* Test new VM build
* command is not optional to podman exec
* CI: parallel-safe namespaces system test
* [CI:DOCS] Update dependency golangci/golangci-lint to v1.60.2
* quadlet: add key CgroupsMode
* Fix `podman stop` and `podman run --rmi`
* quadlet: set infra name to %s-infra
* chore(deps): update dependency setuptools to v73
* [skip-ci] Packit: update targets for propose-downstream
* Do not segfault on hard stop
* Fix description of :Z to talk about pods
* CI: disable ginkgo flake retries
* vendor: update go-criu to latest
* golangci-lint: make darwin linting happy
* golangci-lint: make windows linting happy
* test/e2e: remove kernel version check
* golangci-lint: remove most skip dirs
* set !remote build tags where needed
* update golangci-lint to 1.60.1
* test/e2e: rm systemd start test
* fix(deps): update module github.com/vbauerster/mpb/v8 to v8.8.1
* podman wait: allow waiting for removal of containers
* libpod: remove UpdateContainerStatus()
* podman mount: fix storage/libpod ctr race
* CI: quadlet tests: make parallel-safe
* CI: system tests: make random_free_port() parallel-safe
* remove trailing comma in example
* CI: format test: make parallel-safe
* Fix podman-docker.sh under -eu shells (fixes #23628)
* docs: update podman-wait man page
* libpod: remove duplicated HasVolume() check
* podman volume rm --force: fix ABBA deadlock
* test/system: fix network cleanup restart test
* libpod: do not stop pod on init ctr exit
* libpod: simplify WaitForExit()
* CI: remove build-time quay check
* Fix known_hosts file clogging and remote host id
* Update docker.io/library/golang Docker tag to v1.23
* Update dependency setuptools to ~=72.2.0
* Update module github.com/docker/docker to v27.1.2+incompatible
* healthcheck system check: reduce raciness
* CI: healthcheck system test: make parallel-safe
* Validate renovate config in every PR
* pkg/machine: Read stderr from ssh-keygen correctly
* Fix renovate config syntax error
* CI: 080-pause.bats: make parallel-safe
* CI: 050-stop.bats: make parallel-safe
* Additional potential race condition on os.Readdir
* pkg/bindings/containers: handle ignore for stop
* remote: fix invalid --cidfile + --ignore
* Update/simplify renovate config header comment
* Migrate renovate config to latest schema
* Fix race condition when listing /dev
* docs/podman-systemd: Try to clarify `Exec=` more
* libpod: reset state error on init
* test/system: pasta_test_do add explicit port check
* test/e2e: work around new push warning
* vendor: update c/common to latest
* stopIfOnlyInfraRemains: log all errors
* libpod: do not save expected stop errors in ctr state
* libpod: fix broken saveContainerError()
* Quadlet: fix filters failure when the search paths are symlinks
* readme: replace GPG with PGP
* Drop APIv2 CNI configuration
* De-duplicate docker-py testing
* chore(podmansnoop): explain why crun comm is 3
* libpod: cleanupNetwork() return error
* fix(deps): update module golang.org/x/sys to v0.24.0
* Reduce python APIv2 test net dependency
* Fix not testing registry.conf updates
* test/e2e: improve command timeout handling
* Update module github.com/onsi/ginkgo/v2 to v2.20.0
* Update module github.com/moby/sys/user to v0.3.0
* Add passwd validate and generate steps
* podman container cleanup: ignore common errors
* Quadlet - Allow the user to override the default service name
* CI: e2e: serialize root containerPort tests
* Should not force conversion of manifest type to DockerV2ListMediaType
* fix(deps): update module golang.org/x/tools to v0.24.0
* fix(deps): update github.com/containers/common digest to 05b2e1f
* CI: mount system test: parallelize
* Update module golang.org/x/net to v0.28.0
* Ignore ERROR_SHARING_VIOLATION error on windows
* CI: manifest system tests: make parallel-safe
* Create volume path before state initialization
* vendor: update c/storage
* CI: fix broken libkrun test
* test/e2e: work around for pasta issue
* test/e2e: fix missing exit code checks
* Test new CI images
* Remove another race condition when mounting containers or images
* fix(deps): update github.com/containers/common digest to c0cc6b7
* Change Windows installer MajorUpgrade Schedule
* Ignore missing containers when calling GetExternalContainerLists
* Remove runc edit to lock to specific version
* fix(deps): update module golang.org/x/sys to v0.23.0
* CI: podman-machine: do not use cache registry
* CI: completion system test: use safename
* Temporarly disable failing Windows Installer CI test
* libpod: fix volume copyup with idmap
* libpod: avoid hang on errors
* Temp. disable PM basic Volume ops test
* Add libkrun Mac task
* Never skip checkout step in release workflow
* System tests: leak_test: readable output
* fix(deps): update github.com/docker/go-plugins-helpers digest to 45e2431
* vendor: bump c/common
* Version: bump to v5.3.0-dev
* libpod: inhibit SIGTERM during cleanup()
* Tweak versions in register_images.go
* fix network cleanup flake in play kube
* WIP: Fixes for vendoring Buildah
* Add --compat-volumes option to build and farm build
* Bump to Buildah v1.37.0
* Quadlet test - Split between success, warning and error cases
* libpod: bind ports before network setup
* Disable compose-warning-logs if PODMAN_COMPOSE_WARNING_LOGS=false
* Use new syntax for selinux options in quadlet
* fix(deps): update module github.com/onsi/gomega to v1.34.1
* CI: kube test: fix broken external-storage test
* Update dependency setuptools to v72
* Convert additional build context paths on Windows
* pkg/api: do not leak config pointers into specgen
* Quadlet - Allow the user to set the service name for .pod files
* Quadlet tests - allow overriding the expected service name
* fix(deps): update module github.com/moby/sys/user to v0.2.0
* fix(deps): update module github.com/vbauerster/mpb/v8 to v8.7.5
* CI: enable root user namespaces
* libpod: force rootfs for OCI path with idmap
* fix(deps): update module github.com/onsi/ginkgo/v2 to v2.19.1
* Add test steps for automount with multi images
* CI: cp tests: use safename
* [skip-ci] RPM: podman-iptables.conf only on Fedora
* CI: 700-play: fix a leaked non-safename
* test: check that kube generate/play restores the userns
* test: disable artifacts cache with composefs
* test: fix podman pull tests
* vendor: bump c/storage
* Update module github.com/cyphar/filepath-securejoin to v0.3.1
* Add /run/containers/systemd, ${XDG_RUNTIME_DIR}/containers/systemd quadlet dirs
* build: Update gvisor-tap-vsock to 0.7.4
* test/system: fix borken pasta interface name checks
* test/system: fix bridge host.containers.internal test
* api: honor the userns for the infra container
* play: handle 'private' as 'auto'
* kube: record infra user namespace
* infra: user ns annotation higher precedence
* specgenutil: record the pod userns in the annotations
* kube: invert branches
* CI: system log test: use safe names
* Update encryption tests to avoid a warning if zstd:chunked is the default
* Fix "podman pull and decrypt"/"from local registry"
* Use unique image names for the encrypted test images
* CI: system tests: instrument to allow failure analysis
* Fix outdated comment for the build step win-gvproxy
* Add utility to convert VMFile to URL for UNIX sockets
* Run codespell on source
* fix(deps): update module github.com/docker/docker to v27.1.0+incompatible
* chore(deps): update dependency setuptools to ~=71.1.0
* logformatter: tweaks to pass html tidy
* More information for podman --remote build and running out of space.
* Fix windows installer deleting machine provider config file
* Use uploaded .zip for Windows action
* pr-should-include-tests: no more CI:DOCS override
-------------------------------------------------------------------
Thu Mar 27 16:49:43 UTC 2025 - Dan Čermák <dcermak@suse.com>

View File

@@ -1,4 +1,4 @@
name: podman
version: 5.2.5
mtime: 1729263108
commit: 10c5aa720d59480bc7edad347c1f5d5b75d4424f
version: 5.4.2
mtime: 1743601389
commit: be85287fcf4590961614ee37be65eeb315e5d9ff

View File

@@ -22,7 +22,7 @@
%bcond_without apparmor
Name: podman
Version: 5.2.5
Version: 5.4.2
Release: 0
Summary: Daemon-less container engine for managing containers, pods and images
License: Apache-2.0
@@ -30,9 +30,8 @@ Group: System/Management
URL: https://%{project}
Source0: %{name}-%{version}.tar.gz
Source1: podman.conf
Patch0: 0001-vendor-bump-buildah-to-1.37.6-CVE-2024-11218.patch
Patch1: 0002-CVE-2025-27144-vendor-don-t-allow-unbounded-amounts-.patch
Patch2: 0003-CVE-2025-22869-ssh-limit-the-size-of-the-internal-pa.patch
Patch0: 0001-CVE-2025-22869-ssh-limit-the-size-of-the-internal-pa.patch
Patch1: 0002-Fix-Remove-appending-rw-as-the-default-mount-option.patch
BuildRequires: bash-completion
BuildRequires: device-mapper-devel
BuildRequires: fdupes
@@ -64,9 +63,8 @@ Recommends: gvisor-tap-vsock
Requires: catatonit >= 0.1.7
Requires: conmon >= 2.0.24
Requires: fuse-overlayfs
Requires: iptables
Requires: libcontainers-common >= 20230214
%if 0%{?sle_version} && 0%{?sle_version} <= 150500
%if 0%{?suse_version} && 0%{?suse_version} < 1600
# Build podman with CNI support for SLE-15-SP5 and lower
Requires: (netavark or cni-plugins)
# We still want users with fresh installation to start off
@@ -185,6 +183,7 @@ install -m 0644 -t %{buildroot}%{_prefix}/lib/modules-load.d/ %{SOURCE1}
%{_mandir}/man1/podman*.1*
%{_mandir}/man5/podman*.5*
%{_mandir}/man5/quadlet*.5*
%{_mandir}/man7/podman*.7*
%exclude %{_mandir}/man1/podman-remote*.1*
# Configs
%dir %{_prefix}/lib/modules-load.d
@@ -207,6 +206,7 @@ install -m 0644 -t %{buildroot}%{_prefix}/lib/modules-load.d/ %{SOURCE1}
%{_unitdir}/podman-restart.service
%{_unitdir}/podman-auto-update.timer
%{_unitdir}/podman-clean-transient.service
%{_userunitdir}/podman-user-wait-network-online.service
%{_userunitdir}/podman.service
%{_userunitdir}/podman.socket
%{_userunitdir}/podman-auto-update.service
@@ -247,18 +247,19 @@ install -m 0644 -t %{buildroot}%{_prefix}/lib/modules-load.d/ %{SOURCE1}
%pre
%service_add_pre podman.service podman.socket podman-auto-update.service podman-restart.service podman-auto-update.timer podman-clean-transient.service
%systemd_user_pre podman.service podman.socket podman-auto-update.service podman-restart.service podman-auto-update.timer podman-clean-transient.service podman-user-wait-network-online.service
%post
%service_add_post podman.service podman.socket podman-auto-update.service podman-restart.service podman-auto-update.timer podman-clean-transient.service
%tmpfiles_create %{_tmpfilesdir}/podman.conf
%systemd_user_post podman.service podman.socket podman-auto-update.service podman-restart.service podman-auto-update.timer podman-clean-transient.service
%systemd_user_post podman.service podman.socket podman-auto-update.service podman-restart.service podman-auto-update.timer podman-clean-transient.service podman-user-wait-network-online.service
%preun
%service_del_preun podman.service podman.socket podman-auto-update.service podman-restart.service podman-auto-update.timer podman-clean-transient.service
%systemd_user_preun podman.service podman.socket podman-auto-update.service podman-restart.service podman-auto-update.timer podman-clean-transient.service
%systemd_user_preun podman.service podman.socket podman-auto-update.service podman-restart.service podman-auto-update.timer podman-clean-transient.service podman-user-wait-network-online.service
%postun
%service_del_postun podman.service podman.socket podman-auto-update.service podman-restart.service podman-auto-update.timer podman-clean-transient.service
%systemd_user_postun podman.service podman.socket podman-auto-update.service podman-restart.service podman-auto-update.timer podman-clean-transient.service
%systemd_user_postun podman.service podman.socket podman-auto-update.service podman-restart.service podman-auto-update.timer podman-clean-transient.service podman-user-wait-network-online.service
%changelog