Sync from SUSE:SLFO:Main podman revision 02daad6bf88a192041641f917b5c1fb9
This commit is contained in:
@@ -1,7 +1,7 @@
|
||||
From 72e71f35e16ef39b52f3dc65f38920633a3e8c8a Mon Sep 17 00:00:00 2001
|
||||
From ac688aeb523c6350f27f2dccbc833a3dfa6a0005 Mon Sep 17 00:00:00 2001
|
||||
From: Danish Prakash <contact@danishpraka.sh>
|
||||
Date: Thu, 13 Mar 2025 14:37:38 +0530
|
||||
Subject: [PATCH 3/3] CVE-2025-22869: ssh: limit the size of the internal
|
||||
Subject: [PATCH 1/2] CVE-2025-22869: ssh: limit the size of the internal
|
||||
packet queue while waiting for KEX (#13)
|
||||
|
||||
In the SSH protocol, clients and servers execute the key exchange to
|
||||
@@ -131,5 +131,5 @@ index 56cdc7c21c3b..a68d20f7f396 100644
|
||||
|
||||
return nil
|
||||
--
|
||||
2.46.0
|
||||
2.49.0
|
||||
|
File diff suppressed because it is too large
Load Diff
@@ -1,99 +0,0 @@
|
||||
From aae4b1bdc593b2b454469992977f776bd35435f3 Mon Sep 17 00:00:00 2001
|
||||
From: Danish Prakash <contact@danishpraka.sh>
|
||||
Date: Fri, 28 Feb 2025 12:54:41 +0530
|
||||
Subject: [PATCH 2/3] CVE-2025-27144: vendor: don't allow unbounded amounts of
|
||||
splits (#11)
|
||||
|
||||
In compact JWS/JWE, don't allow unbounded number of splits.
|
||||
Count to make sure there's the right number, then use SplitN.
|
||||
|
||||
This fixes CVE-2025-27144
|
||||
This fixes bsc#1237641
|
||||
|
||||
Cherry-picked from
|
||||
go-jose/go-jose@99b346c
|
||||
|
||||
Signed-off-by: Danish Prakash <contact@danishpraka.sh>
|
||||
Co-authored-by: Matthew McPherrin <git@mcpherrin.ca>
|
||||
---
|
||||
vendor/github.com/go-jose/go-jose/v3/jwe.go | 5 +++--
|
||||
vendor/github.com/go-jose/go-jose/v3/jws.go | 5 +++--
|
||||
vendor/github.com/go-jose/go-jose/v4/jwe.go | 5 +++--
|
||||
vendor/github.com/go-jose/go-jose/v4/jws.go | 5 +++--
|
||||
4 files changed, 12 insertions(+), 8 deletions(-)
|
||||
|
||||
diff --git a/vendor/github.com/go-jose/go-jose/v3/jwe.go b/vendor/github.com/go-jose/go-jose/v3/jwe.go
|
||||
index 4267ac75025a..1ba4ae0c0031 100644
|
||||
--- a/vendor/github.com/go-jose/go-jose/v3/jwe.go
|
||||
+++ b/vendor/github.com/go-jose/go-jose/v3/jwe.go
|
||||
@@ -202,10 +202,11 @@ func (parsed *rawJSONWebEncryption) sanitized() (*JSONWebEncryption, error) {
|
||||
|
||||
// parseEncryptedCompact parses a message in compact format.
|
||||
func parseEncryptedCompact(input string) (*JSONWebEncryption, error) {
|
||||
- parts := strings.Split(input, ".")
|
||||
- if len(parts) != 5 {
|
||||
+ // Five parts is four separators
|
||||
+ if strings.Count(input, ".") != 4 {
|
||||
return nil, fmt.Errorf("go-jose/go-jose: compact JWE format must have five parts")
|
||||
}
|
||||
+ parts := strings.SplitN(input, ".", 5)
|
||||
|
||||
rawProtected, err := base64URLDecode(parts[0])
|
||||
if err != nil {
|
||||
diff --git a/vendor/github.com/go-jose/go-jose/v3/jws.go b/vendor/github.com/go-jose/go-jose/v3/jws.go
|
||||
index e37007dbb855..401fc18ac4df 100644
|
||||
--- a/vendor/github.com/go-jose/go-jose/v3/jws.go
|
||||
+++ b/vendor/github.com/go-jose/go-jose/v3/jws.go
|
||||
@@ -275,10 +275,11 @@ func (parsed *rawJSONWebSignature) sanitized() (*JSONWebSignature, error) {
|
||||
|
||||
// parseSignedCompact parses a message in compact format.
|
||||
func parseSignedCompact(input string, payload []byte) (*JSONWebSignature, error) {
|
||||
- parts := strings.Split(input, ".")
|
||||
- if len(parts) != 3 {
|
||||
+ // Three parts is two separators
|
||||
+ if strings.Count(input, ".") != 2 {
|
||||
return nil, fmt.Errorf("go-jose/go-jose: compact JWS format must have three parts")
|
||||
}
|
||||
+ parts := strings.SplitN(input, ".", 3)
|
||||
|
||||
if parts[1] != "" && payload != nil {
|
||||
return nil, fmt.Errorf("go-jose/go-jose: payload is not detached")
|
||||
diff --git a/vendor/github.com/go-jose/go-jose/v4/jwe.go b/vendor/github.com/go-jose/go-jose/v4/jwe.go
|
||||
index 89f03ee3e1e6..9f1322dccc9c 100644
|
||||
--- a/vendor/github.com/go-jose/go-jose/v4/jwe.go
|
||||
+++ b/vendor/github.com/go-jose/go-jose/v4/jwe.go
|
||||
@@ -288,10 +288,11 @@ func ParseEncryptedCompact(
|
||||
keyAlgorithms []KeyAlgorithm,
|
||||
contentEncryption []ContentEncryption,
|
||||
) (*JSONWebEncryption, error) {
|
||||
- parts := strings.Split(input, ".")
|
||||
- if len(parts) != 5 {
|
||||
+ // Five parts is four separators
|
||||
+ if strings.Count(input, ".") != 4 {
|
||||
return nil, fmt.Errorf("go-jose/go-jose: compact JWE format must have five parts")
|
||||
}
|
||||
+ parts := strings.SplitN(input, ".", 5)
|
||||
|
||||
rawProtected, err := base64.RawURLEncoding.DecodeString(parts[0])
|
||||
if err != nil {
|
||||
diff --git a/vendor/github.com/go-jose/go-jose/v4/jws.go b/vendor/github.com/go-jose/go-jose/v4/jws.go
|
||||
index 3a912301afc2..d09d8ba5078c 100644
|
||||
--- a/vendor/github.com/go-jose/go-jose/v4/jws.go
|
||||
+++ b/vendor/github.com/go-jose/go-jose/v4/jws.go
|
||||
@@ -327,10 +327,11 @@ func parseSignedCompact(
|
||||
payload []byte,
|
||||
signatureAlgorithms []SignatureAlgorithm,
|
||||
) (*JSONWebSignature, error) {
|
||||
- parts := strings.Split(input, ".")
|
||||
- if len(parts) != 3 {
|
||||
+ // Three parts is two separators
|
||||
+ if strings.Count(input, ".") != 2 {
|
||||
return nil, fmt.Errorf("go-jose/go-jose: compact JWS format must have three parts")
|
||||
}
|
||||
+ parts := strings.SplitN(input, ".", 3)
|
||||
|
||||
if parts[1] != "" && payload != nil {
|
||||
return nil, fmt.Errorf("go-jose/go-jose: payload is not detached")
|
||||
--
|
||||
2.46.0
|
||||
|
@@ -0,0 +1,59 @@
|
||||
From d92ec6496d97963d8d151ef2c11c761a7ad48ec0 Mon Sep 17 00:00:00 2001
|
||||
From: rcmadhankumar <madhankumar.chellamuthu@suse.com>
|
||||
Date: Mon, 12 May 2025 19:34:12 +0530
|
||||
Subject: [PATCH 2/2] Fix: Remove appending rw as the default mount option
|
||||
|
||||
The backstory for this is that runc 1.2 (opencontainers/runc#3967)
|
||||
fixed a long-standing bug in our mount flag handling (a bug that crun
|
||||
still has). Before runc 1.2, when dealing with locked mount flags that
|
||||
user namespaced containers cannot clear, trying to explicitly clearing
|
||||
locked flags (like rw clearing MS_RDONLY) would silently ignore the rw
|
||||
flag in most cases and would result in a read-only mount. This is
|
||||
obviously not what the user expects.
|
||||
|
||||
What runc 1.2 did is that it made it so that passing clearing flags
|
||||
like rw would always result in an attempt to clear the flag (which was
|
||||
not the case before), and would (in all cases) explicitly return an
|
||||
error if we try to clear locking flags. (This also let us finally fix a
|
||||
bunch of other long-standing issues with locked mount flags causing
|
||||
seemingly spurious errors).
|
||||
|
||||
The problem is that podman sets rw on all mounts by default (even if
|
||||
the user doesn't specify anything). This is actually a no-op in
|
||||
runc 1.1 and crun because of a bug in how clearing flags were handled
|
||||
(rw is the absence of MS_RDONLY but until runc 1.2 we didn't correctly
|
||||
track clearing flags like that, meaning that rw would literally be
|
||||
handled as if it were not set at all by users) but in runc 1.2 leads to
|
||||
unfortunate breakages and a subtle change in behaviour (before, a ro
|
||||
mount being bind-mounted into a container would also be ro -- though
|
||||
due to the above bug even setting rw explicitly would result in ro in
|
||||
most cases -- but with runc 1.2 the mount will always be rw even if
|
||||
the user didn't explicitly request it which most users would find
|
||||
surprising). By the way, this "always set rw" behaviour is a departure
|
||||
from Docker and it is not necesssary.
|
||||
|
||||
Bugs: bsc#1242132
|
||||
|
||||
Signed-off-by: rcmadhankumar <madhankumar.chellamuthu@suse.com>
|
||||
Signed-off-by: Danish Prakash <contact@danishpraka.sh>
|
||||
---
|
||||
pkg/util/mount_opts.go | 3 ---
|
||||
1 file changed, 3 deletions(-)
|
||||
|
||||
diff --git a/pkg/util/mount_opts.go b/pkg/util/mount_opts.go
|
||||
index c9a773093e72..4e37fd74a0af 100644
|
||||
--- a/pkg/util/mount_opts.go
|
||||
+++ b/pkg/util/mount_opts.go
|
||||
@@ -191,9 +191,6 @@ func processOptionsInternal(options []string, isTmpfs bool, sourcePath string, g
|
||||
newOptions = append(newOptions, opt)
|
||||
}
|
||||
|
||||
- if !foundWrite {
|
||||
- newOptions = append(newOptions, "rw")
|
||||
- }
|
||||
if !foundProp {
|
||||
if recursiveBind {
|
||||
newOptions = append(newOptions, "rprivate")
|
||||
--
|
||||
2.49.0
|
||||
|
2
_service
2
_service
@@ -2,7 +2,7 @@
|
||||
<service name="obs_scm" mode="manual">
|
||||
<param name="url">https://github.com/containers/podman.git</param>
|
||||
<param name="scm">git</param>
|
||||
<param name="revision">v5.2.5</param>
|
||||
<param name="revision">v5.4.2</param>
|
||||
<param name="versionformat">@PARENT_TAG@</param>
|
||||
<param name="changesgenerate">enable</param>
|
||||
<param name="versionrewrite-pattern">v(.*)</param>
|
||||
|
@@ -1,4 +1,4 @@
|
||||
<servicedata>
|
||||
<service name="tar_scm">
|
||||
<param name="url">https://github.com/containers/podman.git</param>
|
||||
<param name="changesrevision">10c5aa720d59480bc7edad347c1f5d5b75d4424f</param></service></servicedata>
|
||||
<param name="changesrevision">be85287fcf4590961614ee37be65eeb315e5d9ff</param></service></servicedata>
|
BIN
podman-5.2.5.obscpio
(Stored with Git LFS)
BIN
podman-5.2.5.obscpio
(Stored with Git LFS)
Binary file not shown.
BIN
podman-5.4.2.obscpio
(Stored with Git LFS)
Normal file
BIN
podman-5.4.2.obscpio
(Stored with Git LFS)
Normal file
Binary file not shown.
861
podman.changes
861
podman.changes
@@ -1,3 +1,864 @@
|
||||
-------------------------------------------------------------------
|
||||
Mon May 12 13:44:13 UTC 2025 - Danish Prakash <danish.prakash@suse.com>
|
||||
|
||||
- Add patch for bsc#1242132:
|
||||
* 0002-Fix-Remove-appending-rw-as-the-default-mount-option.patch
|
||||
- Rebase patches:
|
||||
* 0001-CVE-2025-22869-ssh-limit-the-size-of-the-internal-pa.patch
|
||||
- Removed patches:
|
||||
* 0001-vendor-bump-buildah-to-1.37.6-CVE-2024-11218.patch
|
||||
* 0002-CVE-2025-27144-vendor-don-t-allow-unbounded-amounts-.patch
|
||||
* 0003-CVE-2025-22869-ssh-limit-the-size-of-the-internal-pa.patch
|
||||
- Drop iptables support in favor of nftables (required by netavark)
|
||||
- Fix conditional Requires (remove deprecated sle_version macro)
|
||||
- Update to version 5.4.2:
|
||||
* Bump to v5.4.2
|
||||
* Add release notes for v5.4.2
|
||||
* Fix a potential deadlock during `podman cp`
|
||||
* Improve the file format documentation of podman-import.
|
||||
* Revert "podman-import only supports gz and tar"
|
||||
* Bump buildah to v1.39.4
|
||||
* libpod: do not cover idmapped mountpoint
|
||||
* test: Fix runc error message
|
||||
* oci: report empty exec path as ENOENT
|
||||
* test: adapt tests new crun error messages
|
||||
* test: remove duplicate test
|
||||
* cirrus: test only on f41/rawhide
|
||||
* CI: use z1d instance for windows machine testing
|
||||
* New images 2025-03-24
|
||||
* test/e2e: use go net.Dial() ov nc
|
||||
* test: use ncat over nc
|
||||
* New images 2025-03-12
|
||||
* RPM: Add riscv64 to ExclusiveArch-es
|
||||
* Fix HealthCheck log destination, count, and size defaults
|
||||
* Win installer test: hardcode latest GH release ID
|
||||
* Packit: Fix action script for fetching upstream commit
|
||||
* Bump to v5.4.2-dev
|
||||
* Bump to v5.4.1
|
||||
* update gvproxy version to 0.8.4
|
||||
* Update Buildah to v1.39.2
|
||||
* Update release notes for v5.4.1
|
||||
* Fix reporting summed image size for compat endpoint
|
||||
* podman-import only supports gz and tar
|
||||
* quadlet kube: correctly mark unit as failed
|
||||
* pkg/domain/infra/abi/play.go: fix two nilness issues
|
||||
* kube play: don't print start errors twice
|
||||
* libpod: race in WaitForConditionWithInterval()
|
||||
* libpod: race in WaitForExit() with autoremove
|
||||
* Don't try to resolve host path if copying to container from stdin.
|
||||
* Use svg for pkginstaller banner
|
||||
* Create quota before _data dir for volumes
|
||||
* Packit: clarify secondary status in CI
|
||||
* Packit/RPM: Display upstream commit SHA in all rpm builds
|
||||
* podman run: fix --pids-limit -1 wrt runc
|
||||
* vendor: update github.com/go-jose/go-jose/v3 to v3.0.4
|
||||
* chore(deps): update module github.com/go-jose/go-jose/v4 to v4.0.5 [security]
|
||||
* wire up --retry-delay for artifact pull
|
||||
* Revert "silence false positve from golangci-lint"
|
||||
* update golangci-lint to v1.64.4
|
||||
* update golangci-lint to v1.64.2
|
||||
* silence false positve from golangci-lint
|
||||
* cmd/podman: refactor Context handling
|
||||
* fix new usetesting lint issue
|
||||
* Packit/Copr: Fix `podman version` in rpm
|
||||
* Remove persist directory when cleaning up Conmon files
|
||||
* Bump to v5.4.1-dev
|
||||
* Bump to v5.4.0
|
||||
* Update release notes for v5.4.0 final
|
||||
* In SQLite state, use defaults for empty-string checks
|
||||
* Bump FreeBSD version to 13.4
|
||||
* docs: add v5.4 to API reference
|
||||
* Update rpm/podman.spec
|
||||
* RPM: set buildOrigin in LDFLAG
|
||||
* RPM: cleanup macro defs
|
||||
* Makefile: escape BUILD_ORIGIN properly
|
||||
* rootless: fix hang on s390x
|
||||
* Set Cirrus DEST_BRANCH appropriately to fix CI
|
||||
* Bump to v5.4.0-dev
|
||||
* Bump to v5.4.0-rc3
|
||||
* Update release notes for v5.4.0-rc3
|
||||
* Add BuildOrigin field to podman info
|
||||
* artifact: only allow single manifest
|
||||
* test/e2e: improve write/removeConf()
|
||||
* Add --noheading to artifact ls
|
||||
* Add --no-trunc to artifact ls
|
||||
* Add type and annotations to artifact add
|
||||
* pkg/api: honor cdi devices from the hostconfig
|
||||
* util: replace Walk with WalkDir
|
||||
* fix(pkg/rootless): avoid memleak during init() contructor.
|
||||
* Add `machine init --playbook`
|
||||
* RPM: include empty check to silence rpmlint
|
||||
* RPM: adjust qemu dependencies
|
||||
* Force use of iptables on Windows WSL
|
||||
* rpm: add attr as dependency for podman-tests
|
||||
* update gvproxy version
|
||||
* [v5.4] Bump Buildah to v1.39.0
|
||||
* podman exec: correctly support detaching
|
||||
* libpod: remove unused ExecStartAndAttach()
|
||||
* [v5.4] Bump c/storage to v1.57.1, c/image v5.34.0, c/common v0.62.0
|
||||
* Move detection of libkrun and intel
|
||||
* Prevent two podman machines running on darwin
|
||||
* Remove unnecessary error handling
|
||||
* Remove usused Kind() function
|
||||
* Bump to v5.4.0-dev
|
||||
* Bump to v5.4.0-rc2
|
||||
* Update release notes for v5.4.0-rc2
|
||||
* Safer use of `filepath.EvalSymlinks()` on Windows
|
||||
* error with libkrun on intel-based machines
|
||||
* chore(deps): update dependency pytest to v8.3.4
|
||||
* test/buildah-bud: skip two new problematic tests on remote
|
||||
* Fix podman-restart.service when there are no containers
|
||||
* Avoid upgrading from v5.3.1 on Windows
|
||||
* Clean up after unexpectedly terminated build
|
||||
* system-tests: switch ls with getfattr for selinux tests
|
||||
* vendor latest c/{buildah,common,image,storage}
|
||||
* Makefile: Add validatepr description for 'make help' output
|
||||
* docs: Enhance podman build --secret documentation and add examples
|
||||
* docs: mount.md - idmapped mounts only work for root user
|
||||
* Define, and use, PodmanExitCleanlyWithOptions
|
||||
* Eliminate PodmanSystemdScope
|
||||
* Fix image ID query
|
||||
* Revert "Use the config digest to compare images loaded/pulled using different methods"
|
||||
* Update c/image after https://github.com/containers/image/pull/2613
|
||||
* Update expected errors when pulling encrypted images
|
||||
* Eliminate PodmanExtraFiles
|
||||
* Introduce PodmanTestIntegration.PodmanWithOptions
|
||||
* Restructure use of options
|
||||
* Inline PodmanBase into callers
|
||||
* Pass all of PodmanExecOptions to various [mM]akeOptions functions
|
||||
* Turn PodmanAsUserBase into PodmanExecBaseWithOptions
|
||||
* Avoid indirect links through quadlet(5)
|
||||
* do not set the CreateCommand for API users
|
||||
* Add podman manifest rm --ignore
|
||||
* Bump to v5.4.0-dev
|
||||
* Bump to v5.4.0-rc1
|
||||
* fix(deps): update module github.com/containers/gvisor-tap-vsock to v0.8.2
|
||||
* podman artifact
|
||||
* vendor latest c/{common,image,storage}
|
||||
* fix(deps): update module github.com/rootless-containers/rootlesskit/v2 to v2.3.2
|
||||
* cirrus: bump macos machine test timeout
|
||||
* pkg/machine/e2e: improve podman.exe match
|
||||
* pkg/machine/e2e: improve "list machine from all providers"
|
||||
* Remove JSON tag from UseImageHosts in ContainerConfig
|
||||
* Set network ID if available during container inspect
|
||||
* Stop creating a patch for v5.3.1 upgrades on windows
|
||||
* compose docs: fix typo
|
||||
* Document kube-play CDI support
|
||||
* docs: Add quadlet debug method systemd-analyze
|
||||
* Replace instances of PodmanExitCleanly in play_kube_test.go
|
||||
* docs: add 'initialized' state to status filters
|
||||
* fix(deps): update module google.golang.org/protobuf to v1.36.3
|
||||
* Switch all calls of assert.Nil to assert.NoError
|
||||
* Add --no-hostname option
|
||||
* Fix unescaping octal escape sequence in values of Quadlet unit files
|
||||
* Remove `.exe` suffix if any
|
||||
* Add kube play support for CDI resource allocation
|
||||
* add support to `;` for comments in unit files as per systemd documentation
|
||||
* Use PodmanExitCleanly in attach_test.go
|
||||
* Introduce PodmanTestIntegration.PodmanExitCleanly
|
||||
* chore(deps): update dependency setuptools to ~=75.8.0
|
||||
* Add newer c/i to support artifacts
|
||||
* fix(deps): update module golang.org/x/tools to v0.29.0
|
||||
* fix(deps): update module golang.org/x/net to v0.34.0
|
||||
* specgenutil: Fix parsing of mount option ptmxmode
|
||||
* namespaces: allow configuring keep-id userns size
|
||||
* Update description for completion
|
||||
* Quadlet - make sure the /etc/containers/systemd/users is traversed in rootless
|
||||
* Document .build for Image .container option
|
||||
* fix(deps): update module github.com/vbauerster/mpb/v8 to v8.9.1
|
||||
* New VM Images
|
||||
* update golangci/golangci-lint to v1.63.4
|
||||
* fix(deps): update module google.golang.org/protobuf to v1.36.2
|
||||
* chore(deps): update dependency setuptools to ~=75.7.0
|
||||
* Fixing ~/.ssh/identity handling
|
||||
* vendor latest c/common from main
|
||||
* fix(deps): update module github.com/shirou/gopsutil/v4 to v4.24.12
|
||||
* fix(deps): update module github.com/opencontainers/runc to v1.2.4
|
||||
* specgen: fix comment
|
||||
* Add hint to restart Podman machine to really accept new certificates
|
||||
* fix(deps): update module github.com/onsi/gomega to v1.36.2
|
||||
* fix(deps): update module github.com/moby/term to v0.5.2
|
||||
* Pass container hostname to netavark
|
||||
* Fix slirp4netns typo in podman-network.1.md
|
||||
* Add support to ShmSize in Pods with Quadlet
|
||||
* fix(deps): update module github.com/onsi/ginkgo/v2 to v2.22.1
|
||||
* chore(deps): update module golang.org/x/crypto to v0.31.0 [security]
|
||||
* fix(deps): update module golang.org/x/net to v0.33.0 [security]
|
||||
* Kube volumes can not container _
|
||||
* fix(deps): update module github.com/docker/docker to v27.4.1+incompatible
|
||||
* test/system: fix "podman play --build private registry" error
|
||||
* test/system: CopyDirectory() do not chown files
|
||||
* test/system: remove system dial-stdio test
|
||||
* shell completion: respect CONTAINERS_REGISTRIES_CONF
|
||||
* fix(deps): update module github.com/cpuguy83/go-md2man/v2 to v2.0.6
|
||||
* When generating host volumes for k8s, force to lowercase
|
||||
* test: enable newly added test
|
||||
* vfkit: Use 0.6.0 binary
|
||||
* gvproxy: Use 0.8.1 binary
|
||||
* systemd: simplify parser and fix infinite loop
|
||||
* Revert "win-installer test: revert to v5.3.0"
|
||||
* Avoid rebooting twice when installing WSL
|
||||
* Avoid rebooting on Windows when upgrading and WSL isn't installed
|
||||
* Add win installer patch
|
||||
* Bump WiX toolset version to 5.0.2
|
||||
* test/e2e: SkipOnOSVersion() add reason field
|
||||
* test/e2e: remove outdated SkipOnOSVersion() calls
|
||||
* Update VM images
|
||||
* fix(deps): update module golang.org/x/crypto to v0.31.0 [security]
|
||||
* fix(deps): update module github.com/crc-org/crc/v2 to v2.45.0
|
||||
* fix(deps): update module github.com/opencontainers/runc to v1.2.3
|
||||
* quadlet: fix inter-dependency of containers in `Network=`
|
||||
* Add man pages to Mac installer
|
||||
* fix(deps): update module github.com/onsi/gomega to v1.36.1
|
||||
* fix(deps): update module github.com/docker/docker to v27.4.0+incompatible
|
||||
* Fix device limitations in podman-remote update on remote systems
|
||||
* Use latest version of VS BuildTools
|
||||
* bin/docker: fix broken escaping and variable substitution
|
||||
* manifest annotate: connect IndexAnnotations
|
||||
* Fix panic in `manifest annotate --index`
|
||||
* fix(deps): update module github.com/cyphar/filepath-securejoin to v0.3.5
|
||||
* fix(deps): update module golang.org/x/net to v0.32.0
|
||||
* fix(deps): update module golang.org/x/tools to v0.28.0
|
||||
* fix(deps): update module golang.org/x/crypto to v0.30.0
|
||||
* fix(deps): update module golang.org/x/sys to v0.28.0
|
||||
* Fix overwriting of LinuxResources structure in the database
|
||||
* api: replace inspectID with name
|
||||
* fix(deps): update github.com/opencontainers/runtime-tools digest to f7e3563
|
||||
* Replace ExclusiveArch with ifarch
|
||||
* fix(deps): update module github.com/containers/gvisor-tap-vsock to v0.8.1
|
||||
* Improve platform specific URL handling in `podman compose` for machines
|
||||
* Fix `podman info` with multiple imagestores
|
||||
* Switch to fixed common
|
||||
* refact: use uptime.minutes instead of uptime.seconds
|
||||
* fix(deps): update module github.com/shirou/gopsutil/v4 to v4.24.11
|
||||
* fix(deps): update golang.org/x/exp digest to 2d47ceb
|
||||
* fix(deps): update github.com/godbus/dbus/v5 digest to c266b19
|
||||
* Cover Unix socket in inpect test on Windows platform
|
||||
* Add a test for forcing compression and v2s2 format
|
||||
* fix(deps): update module github.com/crc-org/vfkit to v0.6.0
|
||||
* Package podman-machine on supported architectures only.
|
||||
* Fixes missing binary in systemd.
|
||||
* stats: ignore errors from containers without cgroups
|
||||
* api: Error checking before NULL dereference
|
||||
* [skip-ci] Packit/copr: switch to fedora-all
|
||||
* make remotesystem: fail early if serial tests fail
|
||||
* spec: clamp rlimits without CAP_SYS_RESOURCE
|
||||
* Clarify the reason for skip_if_remote
|
||||
* Sanity-check that the test is really using partial pulls
|
||||
* Fix apparent typos in zstd:chunked tests
|
||||
* Fix compilation issues in QEMU machine files (Windows platform)
|
||||
* Mount volumes before copying into a container
|
||||
* Revert "libpod: remove shutdown.Unregister()"
|
||||
* docs: improve documentation for internal networks
|
||||
* docs: document bridge mode option
|
||||
* [skip-ci] Packit: remove epel and re-enable c9s
|
||||
* chore(deps): update dependency golangci/golangci-lint to v1.62.2
|
||||
* vendor: update containers/common
|
||||
* OWNERS: remove edsantiago
|
||||
* fix(deps): update module github.com/onsi/gomega to v1.36.0
|
||||
* fix(deps): update github.com/containers/common digest to ceceb40
|
||||
* refact: EventerType and improve consistency
|
||||
* Add --hosts-file flag to container and pod commands
|
||||
* Add nohosts option to /build and /libpod/build
|
||||
* fix(deps): update module github.com/stretchr/testify to v1.10.0
|
||||
* Quadlet - Use = sign when setting the pull arg for build
|
||||
* win-installer test: revert to v5.3.0
|
||||
* fix(deps): update module github.com/crc-org/crc/v2 to v2.44.0
|
||||
* fix(deps): update module github.com/onsi/ginkgo/v2 to v2.22.0
|
||||
* chore(deps): update dependency setuptools to ~=75.6.0
|
||||
* Update windows installer tests
|
||||
* Windows: don't install WSL/HyperV on update
|
||||
* Switch to non-installing WSL by default
|
||||
* fix(deps): update github.com/containers/buildah digest to 52437ef
|
||||
* Configure HealthCheck with `podman update`
|
||||
* CI: --image-volume test: robustify
|
||||
* docs: add 5.3 as Reference version
|
||||
* Bump CI VMs
|
||||
* libpod: pass down NoPivotRoot to Buildah
|
||||
* vendor: bump containers/buildah
|
||||
* fix(deps): update module github.com/opencontainers/runc to v1.2.2
|
||||
* Overlay mounts supersede image volumes & volumes-from
|
||||
* libpod: addHosts() prevent nil deref
|
||||
* only read ssh_config for non machine connections
|
||||
* ssh_config: allow IdentityFile file with tilde
|
||||
* ssh_config: do not overwrite values from config file
|
||||
* connection: ignore errors when parsing ssh_config
|
||||
* Bump bundled krunkit to 0.1.4
|
||||
* fix(deps): update module google.golang.org/protobuf to v1.35.2
|
||||
* add support for driver-specific options during container creation
|
||||
* doc: fix words repetitions
|
||||
* Update release notes on main for v5.3.0
|
||||
* chore(deps): update dependency setuptools to ~=75.5.0
|
||||
* CI: system tests: parallelize 010
|
||||
* fix podman machine init --ignition-path
|
||||
* vendor: update containers/common
|
||||
* spec: clamp rlimits in a userns
|
||||
* Add subpath support to volumes in `--mount` option
|
||||
* refactor: simplify LinuxNS type definition and String method
|
||||
* test/e2e: remove FIPS test
|
||||
* vendor containers projects to tagged versions
|
||||
* fix(deps): update module github.com/moby/sys/capability to v0.4.0
|
||||
* chore(deps): update dependency setuptools to ~=75.4.0
|
||||
* system tests: safer install_kube_template()
|
||||
* Buildah treadmill tweaks
|
||||
* update golangci-lint to v1.62.0
|
||||
* fix(deps): update module golang.org/x/net to v0.31.0
|
||||
* fix(deps): update module golang.org/x/tools to v0.27.0
|
||||
* Revert "Reapply "CI: test nftables driver on fedora""
|
||||
* Yet another bump, f41 with fixed kernel
|
||||
* test: add zstd:chunked system tests
|
||||
* pkg/machine/e2e: remove dead code
|
||||
* fix(deps): update module golang.org/x/crypto to v0.29.0
|
||||
* kube SIGINT system test: fix race in timeout handling
|
||||
* New `system connection add` tests
|
||||
* Update codespell to v2.3.0
|
||||
* Avoid printing PR text to stdout in system test
|
||||
* Exclude symlink from pre-commit end-of-file-fixer
|
||||
* api: Add error check
|
||||
* [CI:ALL] Bump main to v5.4.0-dev
|
||||
* test/buildah-bud: build new inet helper
|
||||
* test/system: add regression test for TZDIR local issue
|
||||
* vendor latest c/{buildah,common,image,storage}
|
||||
* Reapply "CI: test nftables driver on fedora"
|
||||
* Revert "cirrus: test only on f40/rawhide"
|
||||
* test f41 VMs
|
||||
* AdditionalSupport for SubPath volume mounts
|
||||
* wsl-e2e: Add a test to ensure port 2222 is free with usermode networking
|
||||
* winmake.ps1: Fix the syntax of the function call Win-SSHProxy
|
||||
* volume ls: fix race that caused it to fail
|
||||
* gvproxy: Disable port-forwarding on WSL
|
||||
* build: update gvisor-tap-vsock to 0.8.0
|
||||
* podman: update roadmap
|
||||
* Log network creation and removal events in Podman
|
||||
* libpod: journald do not lock thread
|
||||
* Add key to control if a container can get started by its pod
|
||||
* Honor users requests in quadlet files
|
||||
* CI: systests: workaround for parallel podman-stop flake
|
||||
* Fix inconsistent line ending in win-installer project
|
||||
* fix(deps): update module github.com/opencontainers/runc to v1.2.1
|
||||
* Quadlet - support image file based mount in container file
|
||||
* API: container logs flush status code
|
||||
* rework event code to improve API errors
|
||||
* events: remove memory eventer
|
||||
* libpod: log file use Wait() over event API
|
||||
* Makefile: vendor target should always remove toolchain
|
||||
* cirrus: check consitent vendoring in test/tools
|
||||
* test/tools/go.mod: remove toolchain
|
||||
* fix(deps): update module github.com/shirou/gopsutil/v4 to v4.24.10
|
||||
* fix(deps): update module github.com/onsi/gomega to v1.35.1
|
||||
* doc: explain --interactive in more detail
|
||||
* fix(deps): update golang.org/x/exp digest to f66d83c
|
||||
* fix(deps): update github.com/opencontainers/runtime-tools digest to 6c9570a
|
||||
* fix(deps): update github.com/linuxkit/virtsock digest to cb6a20c
|
||||
* add default polling interval to Container.Wait
|
||||
* Instrument cleanup tracer to log weird volume removal flake
|
||||
* make podman-clean-transient.service work as user
|
||||
* Add default remote socket path if empty
|
||||
* Use current user if no user specified
|
||||
* Add support for ssh_config for connection
|
||||
* libpod: use pasta Setup() over Setup2()
|
||||
* fix(deps): update module github.com/onsi/ginkgo/v2 to v2.21.0
|
||||
* fix(deps): update module github.com/onsi/gomega to v1.35.0
|
||||
* logformatter: add cleanup tracer log link
|
||||
* docs: fix broken example
|
||||
* docs: add missing swagger links for the stable branches
|
||||
* readthedocs: build extra formats
|
||||
* pkg/machine/e2e: remove debug
|
||||
* fix(docs): Integrate pasta in rootless tutorial
|
||||
* chore(deps): update dependency setuptools to ~=75.3.0
|
||||
* libpod: report cgroups deleted during Stat() call
|
||||
* chore: fix some function names in comment
|
||||
* CI: parallelize 450-interactive system tests
|
||||
* CI: parallelize 520-checkpoint tests
|
||||
* CI: make 070-build.bats use safe image names
|
||||
* test/system: add podman network reload test to distro gating
|
||||
* System tests: clean up unit file leaks
|
||||
* healthcheck: do not leak service on failed stop
|
||||
* healthcheck: do not leak statup service
|
||||
* fix(deps): update module github.com/containers/gvisor-tap-vsock to v0.8.0
|
||||
* Add Startup HealthCheck configuration to the podman inspect
|
||||
* buildah version display: use progress()
|
||||
* new showrun() for displaying and running shell commands
|
||||
* Buildah treadmill: redo the .cirrus.yml tweaks
|
||||
* Buildah treadmill: more allow-empty options
|
||||
* Buildah treadmill: improve test-failure instructions
|
||||
* Buildah treadmill: improve wording in test-fail instructions
|
||||
* doc: Remove whitespace before comma
|
||||
* fix(deps): update module github.com/checkpoint-restore/checkpointctl to v1.3.0
|
||||
* ps: fix display of exposed ports
|
||||
* ps: do not loop over port protocol
|
||||
* readme: Add reference to pasta in the readme
|
||||
* test/system: Fix spurious "duplicate tests" failures in pasta tests
|
||||
* Improve "podman load - from URL"
|
||||
* Try to repair c/storage after removing an additional image store
|
||||
* Use the config digest to compare images loaded/pulled using different methods
|
||||
* Simplify the additional store test
|
||||
* Fix the store choice in "podman pull image with additional store"
|
||||
* Bump to v5.3.0-dev
|
||||
* Bump to v5.3.0-rc1
|
||||
* Set quota on volume root directory, not _data
|
||||
* fix(deps): update module github.com/opencontainers/runc to v1.2.0
|
||||
* test: set soft ulimit
|
||||
* Vagrantfile: Delete
|
||||
* Enable pod restore with crun
|
||||
* vendor: update c/{buildah,common,image,storage}
|
||||
* Fix 330-corrupt-images.bats in composefs test runs
|
||||
* quadlet: add default network dependencies to all units
|
||||
* quadlet: ensure user units wait for the network
|
||||
* add new podman-user-wait-network-online.service
|
||||
* contrib/systemd: switch user symlink for file symlinks
|
||||
* Makefile: remove some duplication from install.systemd
|
||||
* contrib/systemd: move podman-auto-update units
|
||||
* quadlet: do not reject RemapUsers=keep-id as root
|
||||
* test/e2e: test quadlet with and without --user
|
||||
* CI: e2e: fix checkpoint flake
|
||||
* APIv2 test fix: image history
|
||||
* pasta udp tests: new bytecheck helper
|
||||
* Document packaging process
|
||||
* [skip-ci] RPM: remove dup Provides
|
||||
* Update dependency setuptools to ~=75.2.0
|
||||
* System tests: safer pause-image creation
|
||||
* Update module github.com/opencontainers/selinux to v1.11.1
|
||||
* Added escaping to invoked powershell command for hyperv stubber.
|
||||
* use slices.Clone instead of assignment
|
||||
* libpod API: only return exit code without conditions
|
||||
* Housekeeping: remove duplicates from success_task
|
||||
* Thorough overhaul of CONTRIBUTING doc.
|
||||
* api: Replace close function in condition body
|
||||
* test/e2e: fix default signal exit code test
|
||||
* Test new VM build
|
||||
* CI: fix changing-rootFsSize flake
|
||||
* scp: add option types
|
||||
* Unlock mutex before returning from function
|
||||
* Note in the README that we are moving to timed releases
|
||||
* cirrus: let tar extract figure out the compression
|
||||
* Make error messages more descriptive
|
||||
* Mention containers.conf settings for podman machine commands
|
||||
* [skip-ci] Packit: re-enable CentOS Stream 10/Fedora ELN teasks"
|
||||
* cmd: use logrus to print error
|
||||
* podman: do not set rlimits to the default value
|
||||
* spec: always specify default rlimits
|
||||
* vendor: update containers/common
|
||||
* Note in the README that we are moving to timed releases
|
||||
* Revert "CI: test nftables driver on fedora"
|
||||
* cirrus: use zstd over bzip2 for repo archive
|
||||
* cirrus: use shared repo_prep/repo_artifacts scripts
|
||||
* cirrus: speed up postbuild
|
||||
* cirrus: change alt arch task to only compile binaries
|
||||
* cirrus: run make with parallel jobs where useful
|
||||
* Makefile: allow man-page-check to be run in parallel
|
||||
* cirrus: use fastvm for builds
|
||||
* test/e2e: skip some Containerized checkpoint tests
|
||||
* test: update timezone checks
|
||||
* cirrus: update CI images
|
||||
* test/e2e: try debug potential pasta issue
|
||||
* CI: quadlet system tests: use airgapped testimage
|
||||
* Allow removing implicit quadlet systemd dependencies
|
||||
* fix(deps): update module github.com/cyphar/filepath-securejoin to v0.3.4
|
||||
* libpod API: make wait endpoint better against rm races
|
||||
* podman-remote run: improve how we get the exit code
|
||||
* [skip-ci] Packit: constrain koji and bodhi jobs to fedora package to avoid dupes
|
||||
* 055-rm test: clean up a test, and document
|
||||
* CI: remove skips for libkrun
|
||||
* Bump bundled krunkit to 0.1.3
|
||||
* fix(deps): update module google.golang.org/protobuf to v1.35.0
|
||||
* fix(deps): update module golang.org/x/net to v0.30.0
|
||||
* server: fix url parsing in info
|
||||
* fix(deps): update module golang.org/x/tools to v0.26.0
|
||||
* Makefile: fix ginkgo FOCUS option
|
||||
* fix(deps): update module golang.org/x/crypto to v0.28.0
|
||||
* podman-systemd.unit.5: adjust example options
|
||||
* docs: prefer --network to --net
|
||||
* fix(deps): update module golang.org/x/term to v0.25.0
|
||||
* fix(deps): update module github.com/mattn/go-sqlite3 to v1.14.24
|
||||
* fix(deps): update module golang.org/x/sys to v0.26.0
|
||||
* OWNERS file audit and update
|
||||
* Exposed ports are only included when not --net=host
|
||||
* libpod: hasCurrentUserMapped checks for gid too
|
||||
* [CI:DOCS] Document TESTFLAGS in test README file
|
||||
* Validate the bind-propagation option to `--mount`
|
||||
* Fix typo in secret inspect examples
|
||||
* Mention `no_hosts` and `base_hosts_file` configs in CLI option docs
|
||||
* Fixes for vendoring Buildah
|
||||
* vendor: update buildah to latest
|
||||
* Makefile - silence skipped tests when focusing on a file
|
||||
* vendor: update to latest c/common
|
||||
* Quadlet - prefer "param val" over "param=val" to allow env expansion
|
||||
* System tests: sdnotify: wait for socket file creation
|
||||
* Switch to moby/sys/capability
|
||||
* platformInspectContainerHostConfig: rm dead code
|
||||
* CI: require and test CI_DESIRED_NETWORK on RHEL
|
||||
* Add ExposedPorts to Inspect's ContainerConfig
|
||||
* fix(deps): update golang.org/x/exp digest to 701f63a
|
||||
* quadlet: allow variables in PublishPort
|
||||
* fix(deps): update module github.com/shirou/gopsutil/v4 to v4.24.9
|
||||
* fix(deps): update github.com/godbus/dbus/v5 digest to a817f3c
|
||||
* Document that zstd:chunked is downgraded to zstd when encrypting
|
||||
* fix(deps): update module github.com/cyphar/filepath-securejoin to v0.3.3
|
||||
* chore(deps): update dependency ubuntu to v24
|
||||
* rpm: do not load iptables modules on f41+
|
||||
* adding docs for network-cmd-path
|
||||
* Include exposed ports in inspect output when net=host
|
||||
* feat(libpod): support kube play tar content-type (#24015)
|
||||
* podman mount: some better error wrapping
|
||||
* podman mount: ignore ErrLayerUnknown
|
||||
* Quadlet - make sure the order of the UnitsDir is deterministic
|
||||
* packit: disable Centos Stream/fedora ELN teasks
|
||||
* libpod: remove shutdown.Unregister()
|
||||
* libpod: rework shutdown handler flow
|
||||
* libpod: ensure we are not killed during netns creation
|
||||
* Update module github.com/moby/sys/capability to v0.3.0
|
||||
* Update documentation of `--no-hosts`, `--hostname`, and `--name` CLI options
|
||||
* Update documentation of `--add-host` CLI option
|
||||
* System tests: set a default XDG_RUNTIME_DIR
|
||||
* Modify machine "Remove machine" test
|
||||
* CORS system test: clean up
|
||||
* Add --health-max-log-count, --health-max-log-size, --health-log-destination flags
|
||||
* troubleshooting: adjust home path in tip 44
|
||||
* test/system: For pasta port forwarding tests don't bind socat server
|
||||
* Update connection on removal
|
||||
* Simplify `RemoveConnections`
|
||||
* Move `DefaultMachineName` to `pkg/machine/define`
|
||||
* vendor: update containers/image
|
||||
* vendor: update containers/storage
|
||||
* CI: skip the flaking quadlet test
|
||||
* CI: make systemd tests parallel-safe (*)
|
||||
* CI: run and collect cleanup tracer logs
|
||||
* add epbf program to trace podman cleanup errors
|
||||
* CI: parallelize logs test as much as possible
|
||||
* CI: format test: use local registry if available
|
||||
* CI: make 700-play parallel-safe
|
||||
* docs: Fix missing negation
|
||||
* bin/docker support warning message suppression from user config dir
|
||||
* Update module github.com/docker/docker to v27.3.1+incompatible
|
||||
* Quadlet - add full support for Symlinks
|
||||
* libpod: setupNetNS() correctly mount netns
|
||||
* vendor latest c/common
|
||||
* docs: remove usage of deprecated `--storage`
|
||||
* Update module github.com/docker/docker to v27.3.0+incompatible
|
||||
* CI: Quadlet rootfs test: use container image as rootfs
|
||||
* CI: system test registry: use --net=host
|
||||
* CI: rm system test: bump grace period
|
||||
* CI: system tests: minor documentation on parallel
|
||||
* fix typo in error message Fixes: containers/podman#24001
|
||||
* CI: system tests: always create pause image
|
||||
* CI: quadlet system test: be more forgiving
|
||||
* vendor latest c/common
|
||||
* CI: make 200-pod parallel-safe
|
||||
* allow exposed sctp ports
|
||||
* test/e2e: add netns leak check
|
||||
* test/system: netns leak check for rootless as well
|
||||
* test/system: Improve TODO comments on IPv6 pasta custom DNS forward test
|
||||
* test/system: Clarify "Local forwarder" pasta tests
|
||||
* test/system: Simplify testing for nameserver connectivity
|
||||
* test/system: Consolidate "External resolver" pasta tests
|
||||
* test/system: Move test for default forwarder into its own case
|
||||
* CI: make 090-events parallel-safe
|
||||
* Misc minor test fixes
|
||||
* Add network namespace leak check
|
||||
* Add workaround for buildah parallel bug
|
||||
* registry: lock start attempts
|
||||
* Update system test template and README
|
||||
* bats log: differentiate parallel tests from sequential
|
||||
* ci: bump system tests to fastvm
|
||||
* clean_setup: create pause image
|
||||
* CI: make 012-manifest parallel-safe
|
||||
* podman-manifest-remove: update docs and help output
|
||||
* test/system: remove wait workaround
|
||||
* wait: fix handling of multiple conditions with exited
|
||||
* Match output of Compat Top API to Docker
|
||||
* system test parallelization: enable two-pass approach
|
||||
* New VMs: test crun 1.17
|
||||
* libpod: hides env secrets from container inspect
|
||||
* CI: e2e: workaround for events out-of-sequence flake
|
||||
* update golangci-lint to 1.61.0
|
||||
* libpod: convert owner IDs only with :idmap
|
||||
* Podman CLI --add-host with multiple host for a single IP
|
||||
* Quadlet - Split getUnitDirs to small functions
|
||||
* fix(deps): update module github.com/cpuguy83/go-md2man/v2 to v2.0.5
|
||||
* chore(deps): update dependency setuptools to ~=75.1.0
|
||||
* Fxi typo in cache-ttl.md
|
||||
* Get WSL disk as an OCI artifact
|
||||
* CI: make 260-sdnotify parallel-safe
|
||||
* quadlet: do not log ENOENT errors
|
||||
* pkg/specgen: allow pasta when running inside userns
|
||||
* troubleshooting: add tip about the user containers
|
||||
* chore(deps): update dependency setuptools to v75
|
||||
* Convert windows paths in volume arg of the build command
|
||||
* Improve error when starting multiple machines
|
||||
* fix(deps): update module github.com/cyphar/filepath-securejoin to v0.3.2
|
||||
* Minor typo noticed when reading podman man page
|
||||
* Remove `RemoveFilesAndConnections`
|
||||
* Add `GetAllMachinesAndRootfulness`
|
||||
* rewrite typo osascript
|
||||
* typo
|
||||
* fix(deps): update module github.com/docker/docker to v27.2.1+incompatible
|
||||
* Add radio buttons to select WSL or Hyper-V in windows setup.exe
|
||||
* [skip-ci] Packit: split out ELN jobs and reuse fedora downstream targets
|
||||
* [skip-ci] Packit: Enable sidetags for bodhi updates
|
||||
* vendor: update c/common
|
||||
* CI: make 710-kube parallel-safe
|
||||
* CI: mark 320-system-df *NOT* parallel safe
|
||||
* Add kube play support for image volume source
|
||||
* refactor: add sshClient function
|
||||
* fix(deps): update module golang.org/x/tools to v0.25.0
|
||||
* CI: make 505-pasta parallel safe
|
||||
* CI: make 020-tag parallel-safe
|
||||
* CI: make 410-selinux parallel-safe
|
||||
* Bump VMs. ShellCheck is now built-in
|
||||
* troubleshooting: add tip about auto, keep-id, nomap
|
||||
* libpod: make use of new pasta option from c/common
|
||||
* vendor latest c/common
|
||||
* podman images: sort repository with tags
|
||||
* Remove containers/common/pkg/config from pkg/util
|
||||
* fix(deps): update module golang.org/x/net to v0.29.0
|
||||
* fix(deps): update module github.com/mattn/go-sqlite3 to v1.14.23
|
||||
* fix(deps): update module golang.org/x/crypto to v0.27.0
|
||||
* Fix CI
|
||||
* Detect and fix typos using codespell
|
||||
* Fix typo: replace buildin with built-in
|
||||
* Add codespell config, pre-commit definition, and move options from Makefile
|
||||
* prune: support clearing build cache using CleanCacheMount
|
||||
* test/e2e: fix network prune flake
|
||||
* Add support for Job to kube generate & play
|
||||
* Add podman-rootless.7 man page
|
||||
* Add DNS, DNSOption and DNSSearch to quadlet pod
|
||||
* podman.1.md: improve policy.json section
|
||||
* e2e: flake fix: SIGPIPE in hook test
|
||||
* libpod: fix rootless cgroup path with --cgroup-parent
|
||||
* vendor: update c/storage
|
||||
* CI: make 055-rm parallel-safe
|
||||
* CI: make 130-kill parallel-safe
|
||||
* CI: make 125-import parallel-safe
|
||||
* CI: make 110-history parallel-safe
|
||||
* CI: system tests: parallelize low-hanging fruit
|
||||
* Add disclaimer to `podman machine info` manpage.
|
||||
* man pages: refactor two more options
|
||||
* update github.com/opencontainers/runc to v1.2.0-rc.3
|
||||
* update go.etcd.io/bbolt to v1.3.11
|
||||
* update github.com/onsi/{ginkgo,gomega}
|
||||
* Update module github.com/shirou/gopsutil to v4
|
||||
* packit: update fedora and epel targets
|
||||
* bump go to 1.22
|
||||
* cirrus: test only on f40/rawhide
|
||||
* cirrus: remove CI_DESIRED_NETWORK reference
|
||||
* cirrus: prebuild use f40 for extra tests
|
||||
* chore(deps): update dependency setuptools to ~=74.1.0
|
||||
* libpod: fix HostConfig.Devices output from 'podman inspect' on FreeBSD
|
||||
* fix(deps): update golang.org/x/exp digest to 9b4947d
|
||||
* Implement publishing API UNIX socket on Windows platforms
|
||||
* Vendor c/common:8483ef6022b4
|
||||
* quadlet: support container network reusing
|
||||
* docs: update read the docs changes
|
||||
* CI: parallel-safe network system test
|
||||
* Quadlet - Support multiple image tags in .build files
|
||||
* fix(deps): update module github.com/vbauerster/mpb/v8 to v8.8.3
|
||||
* cirrus: remove _bail_if_test_can_be_skipped
|
||||
* cirrus: move renovate check into validate
|
||||
* cirrus: remove 3rd party connectivity check
|
||||
* cirrus: remove cross jobs for aarch64 and x86_64
|
||||
* cirrus: do not upload alt arch cross artifacts
|
||||
* cirrus: remove ginkgo-e2e.json artifact
|
||||
* cirrus: fix default timeouts
|
||||
* github: remove fcos-podman-next-build-prepush
|
||||
* Clarify podman machine volume mounting behavior under WSL
|
||||
* machine: Add -all-providers flag to machine list
|
||||
* Create a podman-troubleshooting man page
|
||||
* chore(deps): update dependency setuptools to v74
|
||||
* fix(deps): update module github.com/docker/docker to v27.2.0+incompatible
|
||||
* Fix an improperly ignored error in SQLite
|
||||
* CI: flake workaround: ignore socat waitpid warnings
|
||||
* fix(deps): update module github.com/rootless-containers/rootlesskit/v2 to v2.3.1
|
||||
* Stop skipping machine volume test on Hyper-V
|
||||
* cleanup: add new --stopped-only option
|
||||
* fix races in the HTTP attach API
|
||||
* cirrus: skip windows/macos machine task on RHEL branches
|
||||
* Update module github.com/containers/gvisor-tap-vsock to v0.7.5
|
||||
* run: fix detach passthrough and --rmi
|
||||
* podman run: ignore image rm error
|
||||
* Add support for AddHost in quadlet .pod and .container
|
||||
* [CI:DOCS] Update dependency golangci/golangci-lint to v1.60.3
|
||||
* update github.com/vishvananda/netlink to v1.3.0
|
||||
* build: Update gvisor-tap-vsock to 0.7.5
|
||||
* Quote systemd DefaultEnvironment Proxy values, as documented in systemd.conf man page:
|
||||
* fix typo in podman-network-create.1.md
|
||||
* Use HTTP path prefix of TCP connections to match Docker context behavior
|
||||
* Makefile: remotesystem: use real podman server, no --url
|
||||
* Update module github.com/openshift/imagebuilder to v1.2.15
|
||||
* CI: parallel-safe userns test
|
||||
* Update module github.com/onsi/ginkgo/v2 to v2.20.1
|
||||
* Add support for IP in quadlet .pod files
|
||||
* Specify format to use for referencing fixed bugs.
|
||||
* CI: parallel-safe run system test
|
||||
* Revert "test/e2e: work around for pasta issue"
|
||||
* CI: On vX.Y-rhel branches, ensure that some downstream Jira issue is linked
|
||||
* quadlet: support user mapping in pod unit
|
||||
* Update Release Process
|
||||
* Test new VM build
|
||||
* command is not optional to podman exec
|
||||
* CI: parallel-safe namespaces system test
|
||||
* [CI:DOCS] Update dependency golangci/golangci-lint to v1.60.2
|
||||
* quadlet: add key CgroupsMode
|
||||
* Fix `podman stop` and `podman run --rmi`
|
||||
* quadlet: set infra name to %s-infra
|
||||
* chore(deps): update dependency setuptools to v73
|
||||
* [skip-ci] Packit: update targets for propose-downstream
|
||||
* Do not segfault on hard stop
|
||||
* Fix description of :Z to talk about pods
|
||||
* CI: disable ginkgo flake retries
|
||||
* vendor: update go-criu to latest
|
||||
* golangci-lint: make darwin linting happy
|
||||
* golangci-lint: make windows linting happy
|
||||
* test/e2e: remove kernel version check
|
||||
* golangci-lint: remove most skip dirs
|
||||
* set !remote build tags where needed
|
||||
* update golangci-lint to 1.60.1
|
||||
* test/e2e: rm systemd start test
|
||||
* fix(deps): update module github.com/vbauerster/mpb/v8 to v8.8.1
|
||||
* podman wait: allow waiting for removal of containers
|
||||
* libpod: remove UpdateContainerStatus()
|
||||
* podman mount: fix storage/libpod ctr race
|
||||
* CI: quadlet tests: make parallel-safe
|
||||
* CI: system tests: make random_free_port() parallel-safe
|
||||
* remove trailing comma in example
|
||||
* CI: format test: make parallel-safe
|
||||
* Fix podman-docker.sh under -eu shells (fixes #23628)
|
||||
* docs: update podman-wait man page
|
||||
* libpod: remove duplicated HasVolume() check
|
||||
* podman volume rm --force: fix ABBA deadlock
|
||||
* test/system: fix network cleanup restart test
|
||||
* libpod: do not stop pod on init ctr exit
|
||||
* libpod: simplify WaitForExit()
|
||||
* CI: remove build-time quay check
|
||||
* Fix known_hosts file clogging and remote host id
|
||||
* Update docker.io/library/golang Docker tag to v1.23
|
||||
* Update dependency setuptools to ~=72.2.0
|
||||
* Update module github.com/docker/docker to v27.1.2+incompatible
|
||||
* healthcheck system check: reduce raciness
|
||||
* CI: healthcheck system test: make parallel-safe
|
||||
* Validate renovate config in every PR
|
||||
* pkg/machine: Read stderr from ssh-keygen correctly
|
||||
* Fix renovate config syntax error
|
||||
* CI: 080-pause.bats: make parallel-safe
|
||||
* CI: 050-stop.bats: make parallel-safe
|
||||
* Additional potential race condition on os.Readdir
|
||||
* pkg/bindings/containers: handle ignore for stop
|
||||
* remote: fix invalid --cidfile + --ignore
|
||||
* Update/simplify renovate config header comment
|
||||
* Migrate renovate config to latest schema
|
||||
* Fix race condition when listing /dev
|
||||
* docs/podman-systemd: Try to clarify `Exec=` more
|
||||
* libpod: reset state error on init
|
||||
* test/system: pasta_test_do add explicit port check
|
||||
* test/e2e: work around new push warning
|
||||
* vendor: update c/common to latest
|
||||
* stopIfOnlyInfraRemains: log all errors
|
||||
* libpod: do not save expected stop errors in ctr state
|
||||
* libpod: fix broken saveContainerError()
|
||||
* Quadlet: fix filters failure when the search paths are symlinks
|
||||
* readme: replace GPG with PGP
|
||||
* Drop APIv2 CNI configuration
|
||||
* De-duplicate docker-py testing
|
||||
* chore(podmansnoop): explain why crun comm is 3
|
||||
* libpod: cleanupNetwork() return error
|
||||
* fix(deps): update module golang.org/x/sys to v0.24.0
|
||||
* Reduce python APIv2 test net dependency
|
||||
* Fix not testing registry.conf updates
|
||||
* test/e2e: improve command timeout handling
|
||||
* Update module github.com/onsi/ginkgo/v2 to v2.20.0
|
||||
* Update module github.com/moby/sys/user to v0.3.0
|
||||
* Add passwd validate and generate steps
|
||||
* podman container cleanup: ignore common errors
|
||||
* Quadlet - Allow the user to override the default service name
|
||||
* CI: e2e: serialize root containerPort tests
|
||||
* Should not force conversion of manifest type to DockerV2ListMediaType
|
||||
* fix(deps): update module golang.org/x/tools to v0.24.0
|
||||
* fix(deps): update github.com/containers/common digest to 05b2e1f
|
||||
* CI: mount system test: parallelize
|
||||
* Update module golang.org/x/net to v0.28.0
|
||||
* Ignore ERROR_SHARING_VIOLATION error on windows
|
||||
* CI: manifest system tests: make parallel-safe
|
||||
* Create volume path before state initialization
|
||||
* vendor: update c/storage
|
||||
* CI: fix broken libkrun test
|
||||
* test/e2e: work around for pasta issue
|
||||
* test/e2e: fix missing exit code checks
|
||||
* Test new CI images
|
||||
* Remove another race condition when mounting containers or images
|
||||
* fix(deps): update github.com/containers/common digest to c0cc6b7
|
||||
* Change Windows installer MajorUpgrade Schedule
|
||||
* Ignore missing containers when calling GetExternalContainerLists
|
||||
* Remove runc edit to lock to specific version
|
||||
* fix(deps): update module golang.org/x/sys to v0.23.0
|
||||
* CI: podman-machine: do not use cache registry
|
||||
* CI: completion system test: use safename
|
||||
* Temporarly disable failing Windows Installer CI test
|
||||
* libpod: fix volume copyup with idmap
|
||||
* libpod: avoid hang on errors
|
||||
* Temp. disable PM basic Volume ops test
|
||||
* Add libkrun Mac task
|
||||
* Never skip checkout step in release workflow
|
||||
* System tests: leak_test: readable output
|
||||
* fix(deps): update github.com/docker/go-plugins-helpers digest to 45e2431
|
||||
* vendor: bump c/common
|
||||
* Version: bump to v5.3.0-dev
|
||||
* libpod: inhibit SIGTERM during cleanup()
|
||||
* Tweak versions in register_images.go
|
||||
* fix network cleanup flake in play kube
|
||||
* WIP: Fixes for vendoring Buildah
|
||||
* Add --compat-volumes option to build and farm build
|
||||
* Bump to Buildah v1.37.0
|
||||
* Quadlet test - Split between success, warning and error cases
|
||||
* libpod: bind ports before network setup
|
||||
* Disable compose-warning-logs if PODMAN_COMPOSE_WARNING_LOGS=false
|
||||
* Use new syntax for selinux options in quadlet
|
||||
* fix(deps): update module github.com/onsi/gomega to v1.34.1
|
||||
* CI: kube test: fix broken external-storage test
|
||||
* Update dependency setuptools to v72
|
||||
* Convert additional build context paths on Windows
|
||||
* pkg/api: do not leak config pointers into specgen
|
||||
* Quadlet - Allow the user to set the service name for .pod files
|
||||
* Quadlet tests - allow overriding the expected service name
|
||||
* fix(deps): update module github.com/moby/sys/user to v0.2.0
|
||||
* fix(deps): update module github.com/vbauerster/mpb/v8 to v8.7.5
|
||||
* CI: enable root user namespaces
|
||||
* libpod: force rootfs for OCI path with idmap
|
||||
* fix(deps): update module github.com/onsi/ginkgo/v2 to v2.19.1
|
||||
* Add test steps for automount with multi images
|
||||
* CI: cp tests: use safename
|
||||
* [skip-ci] RPM: podman-iptables.conf only on Fedora
|
||||
* CI: 700-play: fix a leaked non-safename
|
||||
* test: check that kube generate/play restores the userns
|
||||
* test: disable artifacts cache with composefs
|
||||
* test: fix podman pull tests
|
||||
* vendor: bump c/storage
|
||||
* Update module github.com/cyphar/filepath-securejoin to v0.3.1
|
||||
* Add /run/containers/systemd, ${XDG_RUNTIME_DIR}/containers/systemd quadlet dirs
|
||||
* build: Update gvisor-tap-vsock to 0.7.4
|
||||
* test/system: fix borken pasta interface name checks
|
||||
* test/system: fix bridge host.containers.internal test
|
||||
* api: honor the userns for the infra container
|
||||
* play: handle 'private' as 'auto'
|
||||
* kube: record infra user namespace
|
||||
* infra: user ns annotation higher precedence
|
||||
* specgenutil: record the pod userns in the annotations
|
||||
* kube: invert branches
|
||||
* CI: system log test: use safe names
|
||||
* Update encryption tests to avoid a warning if zstd:chunked is the default
|
||||
* Fix "podman pull and decrypt"/"from local registry"
|
||||
* Use unique image names for the encrypted test images
|
||||
* CI: system tests: instrument to allow failure analysis
|
||||
* Fix outdated comment for the build step win-gvproxy
|
||||
* Add utility to convert VMFile to URL for UNIX sockets
|
||||
* Run codespell on source
|
||||
* fix(deps): update module github.com/docker/docker to v27.1.0+incompatible
|
||||
* chore(deps): update dependency setuptools to ~=71.1.0
|
||||
* logformatter: tweaks to pass html tidy
|
||||
* More information for podman --remote build and running out of space.
|
||||
* Fix windows installer deleting machine provider config file
|
||||
* Use uploaded .zip for Windows action
|
||||
* pr-should-include-tests: no more CI:DOCS override
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Thu Mar 27 16:49:43 UTC 2025 - Dan Čermák <dcermak@suse.com>
|
||||
|
||||
|
@@ -1,4 +1,4 @@
|
||||
name: podman
|
||||
version: 5.2.5
|
||||
mtime: 1729263108
|
||||
commit: 10c5aa720d59480bc7edad347c1f5d5b75d4424f
|
||||
version: 5.4.2
|
||||
mtime: 1743601389
|
||||
commit: be85287fcf4590961614ee37be65eeb315e5d9ff
|
||||
|
19
podman.spec
19
podman.spec
@@ -22,7 +22,7 @@
|
||||
%bcond_without apparmor
|
||||
|
||||
Name: podman
|
||||
Version: 5.2.5
|
||||
Version: 5.4.2
|
||||
Release: 0
|
||||
Summary: Daemon-less container engine for managing containers, pods and images
|
||||
License: Apache-2.0
|
||||
@@ -30,9 +30,8 @@ Group: System/Management
|
||||
URL: https://%{project}
|
||||
Source0: %{name}-%{version}.tar.gz
|
||||
Source1: podman.conf
|
||||
Patch0: 0001-vendor-bump-buildah-to-1.37.6-CVE-2024-11218.patch
|
||||
Patch1: 0002-CVE-2025-27144-vendor-don-t-allow-unbounded-amounts-.patch
|
||||
Patch2: 0003-CVE-2025-22869-ssh-limit-the-size-of-the-internal-pa.patch
|
||||
Patch0: 0001-CVE-2025-22869-ssh-limit-the-size-of-the-internal-pa.patch
|
||||
Patch1: 0002-Fix-Remove-appending-rw-as-the-default-mount-option.patch
|
||||
BuildRequires: bash-completion
|
||||
BuildRequires: device-mapper-devel
|
||||
BuildRequires: fdupes
|
||||
@@ -64,9 +63,8 @@ Recommends: gvisor-tap-vsock
|
||||
Requires: catatonit >= 0.1.7
|
||||
Requires: conmon >= 2.0.24
|
||||
Requires: fuse-overlayfs
|
||||
Requires: iptables
|
||||
Requires: libcontainers-common >= 20230214
|
||||
%if 0%{?sle_version} && 0%{?sle_version} <= 150500
|
||||
%if 0%{?suse_version} && 0%{?suse_version} < 1600
|
||||
# Build podman with CNI support for SLE-15-SP5 and lower
|
||||
Requires: (netavark or cni-plugins)
|
||||
# We still want users with fresh installation to start off
|
||||
@@ -185,6 +183,7 @@ install -m 0644 -t %{buildroot}%{_prefix}/lib/modules-load.d/ %{SOURCE1}
|
||||
%{_mandir}/man1/podman*.1*
|
||||
%{_mandir}/man5/podman*.5*
|
||||
%{_mandir}/man5/quadlet*.5*
|
||||
%{_mandir}/man7/podman*.7*
|
||||
%exclude %{_mandir}/man1/podman-remote*.1*
|
||||
# Configs
|
||||
%dir %{_prefix}/lib/modules-load.d
|
||||
@@ -207,6 +206,7 @@ install -m 0644 -t %{buildroot}%{_prefix}/lib/modules-load.d/ %{SOURCE1}
|
||||
%{_unitdir}/podman-restart.service
|
||||
%{_unitdir}/podman-auto-update.timer
|
||||
%{_unitdir}/podman-clean-transient.service
|
||||
%{_userunitdir}/podman-user-wait-network-online.service
|
||||
%{_userunitdir}/podman.service
|
||||
%{_userunitdir}/podman.socket
|
||||
%{_userunitdir}/podman-auto-update.service
|
||||
@@ -247,18 +247,19 @@ install -m 0644 -t %{buildroot}%{_prefix}/lib/modules-load.d/ %{SOURCE1}
|
||||
|
||||
%pre
|
||||
%service_add_pre podman.service podman.socket podman-auto-update.service podman-restart.service podman-auto-update.timer podman-clean-transient.service
|
||||
%systemd_user_pre podman.service podman.socket podman-auto-update.service podman-restart.service podman-auto-update.timer podman-clean-transient.service podman-user-wait-network-online.service
|
||||
|
||||
%post
|
||||
%service_add_post podman.service podman.socket podman-auto-update.service podman-restart.service podman-auto-update.timer podman-clean-transient.service
|
||||
%tmpfiles_create %{_tmpfilesdir}/podman.conf
|
||||
%systemd_user_post podman.service podman.socket podman-auto-update.service podman-restart.service podman-auto-update.timer podman-clean-transient.service
|
||||
%systemd_user_post podman.service podman.socket podman-auto-update.service podman-restart.service podman-auto-update.timer podman-clean-transient.service podman-user-wait-network-online.service
|
||||
|
||||
%preun
|
||||
%service_del_preun podman.service podman.socket podman-auto-update.service podman-restart.service podman-auto-update.timer podman-clean-transient.service
|
||||
%systemd_user_preun podman.service podman.socket podman-auto-update.service podman-restart.service podman-auto-update.timer podman-clean-transient.service
|
||||
%systemd_user_preun podman.service podman.socket podman-auto-update.service podman-restart.service podman-auto-update.timer podman-clean-transient.service podman-user-wait-network-online.service
|
||||
|
||||
%postun
|
||||
%service_del_postun podman.service podman.socket podman-auto-update.service podman-restart.service podman-auto-update.timer podman-clean-transient.service
|
||||
%systemd_user_postun podman.service podman.socket podman-auto-update.service podman-restart.service podman-auto-update.timer podman-clean-transient.service
|
||||
%systemd_user_postun podman.service podman.socket podman-auto-update.service podman-restart.service podman-auto-update.timer podman-clean-transient.service podman-user-wait-network-online.service
|
||||
|
||||
%changelog
|
||||
|
Reference in New Issue
Block a user