From 68096f89daf297468fab5330825c7e6c927bb1ce81e382e5c1ef4afd33f6fb57 Mon Sep 17 00:00:00 2001 From: Richard Brown Date: Fri, 25 Nov 2022 12:08:37 +0000 Subject: [PATCH 1/2] Accepting request 1037949 from home:dancermak:branches:devel:microos New upstream release 4.3.1 OBS-URL: https://build.opensuse.org/request/show/1037949 OBS-URL: https://build.opensuse.org/package/show/devel:microos/podman?expand=0&rev=10 --- _service | 2 +- _servicedata | 2 +- podman-4.2.1.tar.xz | 3 -- podman-4.3.1.tar.xz | 3 ++ podman-rpmlintrc | 5 -- podman.changes | 128 ++++++++++++++++++++++++++++++++++++++++++++ podman.spec | 40 +++++++------- 7 files changed, 155 insertions(+), 28 deletions(-) delete mode 100644 podman-4.2.1.tar.xz create mode 100644 podman-4.3.1.tar.xz delete mode 100644 podman-rpmlintrc diff --git a/_service b/_service index f0f8949..198b2ca 100644 --- a/_service +++ b/_service @@ -2,7 +2,7 @@ https://github.com/containers/podman.git git - v4.2.1 + v4.3.1 @PARENT_TAG@ enable v(.*) diff --git a/_servicedata b/_servicedata index 864a20b..c03bcd9 100644 --- a/_servicedata +++ b/_servicedata @@ -1,4 +1,4 @@ https://github.com/containers/podman.git - 62b324ddf718411b1d4d0ba8117c632f7f984a38 \ No newline at end of file + 814b7b003cc630bf6ab188274706c383f9fb9915 \ No newline at end of file diff --git a/podman-4.2.1.tar.xz b/podman-4.2.1.tar.xz deleted file mode 100644 index f175d39..0000000 --- a/podman-4.2.1.tar.xz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:2577f3c921effa04f9ecc3a350ceacfb74a7e24edb9acf913d61fa42a231b59d -size 7886360 diff --git a/podman-4.3.1.tar.xz b/podman-4.3.1.tar.xz new file mode 100644 index 0000000..2795355 --- /dev/null +++ b/podman-4.3.1.tar.xz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:7d3ba29fb78a56d63c8fc3f27560dcdbb2391c62c0b3b4600ebce66dd449fa86 +size 7652828 diff --git a/podman-rpmlintrc b/podman-rpmlintrc deleted file mode 100644 index 6078f68..0000000 --- a/podman-rpmlintrc +++ /dev/null @@ -1,5 +0,0 @@ -addFilter (".* W: explicit-lib-dependency libcontainers-common") -addFilter (".* W: explicit-lib-dependency libcontainers-image") -addFilter (".* W: explicit-lib-dependency libcontainers-storage") -addFilter (".* W: missing-call-to-setgroups-before-setuid") -addFilter (".* W: non-conffile-in-etc .*zsh_completion.d.*") diff --git a/podman.changes b/podman.changes index c3e91aa..f8e69f6 100644 --- a/podman.changes +++ b/podman.changes @@ -1,3 +1,131 @@ +------------------------------------------------------------------- +Tue Nov 22 08:20:16 UTC 2022 - dcermak@suse.com + +- switch to building with go 1.17 +- use %%make_* macros +- drop /usr/share/user-tmpfiles.d/podman-docker.conf on SLE & Leap +- remove rpmlintrc (contained only obsolete filters) +- remove obsolete with_libostree (we don't build on anything older than SLE 15) +- Update to version 4.3.1: + +4.3.1: + +### Bugfixes +- Fixed a deadlock between the `podman ps` and `podman container inspect` commands + +### Misc +- Updated the containers/image library to v5.23.1 + + +4.3.0: + +### Features +- A new command, `podman generate spec`, has been added, which creates a JSON struct based on a given container that can be used with the Podman REST API to create containers. +- A new command, `podman update`, has been added,which makes changes to the resource limits of existing containers. Please note that these changes do not persist if the container is restarted ([#15067](https://github.com/containers/podman/issues/15067)). +- A new command, `podman kube down`, has been added, which removes pods and containers created by the given Kubernetes YAML (functionality is identical to `podman kube play --down`, but it now has its own command). +- The `podman kube play` command now supports Kubernetes secrets using Podman's secrets backend. +- Systemd-managed pods created by the `podman kube play` command now integrate with sd-notify, using the `io.containers.sdnotify` annotation (or `io.containers.sdnotify/$name` for specific containers). +- Systemd-managed pods created by `podman kube play` can now be auto-updated, using the `io.containers.auto-update` annotation (or `io.containers.auto-update/$name` for specific containers). +- The `podman kube play` command can now read YAML from URLs, e.g. `podman kube play https://example.com/demo.yml` ([#14955](https://github.com/containers/podman/issues/14955)). +- The `podman kube play` command now supports the `emptyDir` volume type ([#13309](https://github.com/containers/podman/issues/13309)). +- The `podman kube play` command now supports the `HostUsers` field in the pod spec. +- The `podman play kube` command now supports `binaryData` in ConfigMaps. +- The `podman pod create` command can now set additional resource limits for pods using the new `--memory-swap`, `--cpuset-mems`, `--device-read-bps`, `--device-write-bps`, `--blkio-weight`, `--blkio-weight-device`, and `--cpu-shares` options. +- The `podman machine init` command now supports a new option, `--username`, to set the username that will be used to connect to the VM as a non-root user ([#15402](https://github.com/containers/podman/issues/15402)). +- The `podman volume create` command's `-o timeout=` option can now set a timeout of 0, indicating volume plugin operations will never time out. +- Added support for a new volume driver, `image`, which allows volumes to be created that are backed by images. +- The `podman run` and `podman create` commands support a new option, `--env-merge`, allowing environment variables to be specified relative to other environment variables in the image (e.g. `podman run --env-merge "PATH=$PATH:/my/app" ...`) ([#15288](https://github.com/containers/podman/issues/15288)). +- The `podman run` and `podman create` commands support a new option, `--on-failure`, to allow action to be taken when a container fails health checks, with the following supported actions: `none` (take no action, the default), `kill` (kill the container), `restart` (restart the container), and `stop` (stop the container). +- The `--keep-id` option to `podman create` and `podman run` now supports new options, `uid` and `gid`, to set the UID and GID of the user in the container that will be mapped to the user running Podman (e.g. `--userns=keep-id:uid=11` will made the user running Podman to UID 11 in the container) ([#15294](https://github.com/containers/podman/issues/15294)). +- The `podman generate systemd` command now supports a new option, `--env`/`-e`, to set environment variables in the generated unit file ([#15523](https://github.com/containers/podman/issues/15523)). +- The `podman pause` and `podman unpause` commands now support the `--latest`, `--cidfile`, and `--filter` options. +- The `podman restart` command now supports the `--cidfile` and `--filter` options. +- The `podman rm` command now supports the `--filter` option to select which containers will be removed. +- The `podman rmi` command now supports a new option, `--no-prune`, to prevent the removal of dangling parents of removed images. +- The `--dns-opt` option to `podman create`, `podman run`, and `podman pod create` has received a new alias, `--dns-option`, to improve Docker compatibility. +- The `podman` command now features a new global flag, `--debug`/`-D`, which enables debug-level logging (identical to `--log-level=debug`), improving Docker compatibility. +- The `podman` command now features a new global flag, `--config`. This flag is ignored, and is only included for Docker compatibility ([#14767](https://github.com/containers/podman/issues/14767)). +- The `podman manifest create` command now accepts a new option, `--amend`/`-a`. +- The `podman manifest create`, `podman manifest add` and `podman manifest push` commands now accept a new option, `--insecure` (identical to `--tls-verify=false`), improving Docker compatibility. +- The `podman secret create` command's `--driver` and `--format` options now have new aliases, `-d` for `--driver` and `-f` for `--format`. +- The `podman secret create` command now supports a new option, `--label`/`-l`, to add labels to created secrets. +- The `podman secret ls` command now accepts the `--quiet`/`-q` option. +- The `podman secret inspect` command now accepts a new option, `--pretty`, to print output in human-readable format. +- The `podman stats` command now accepts the `--no-trunc` option. +- The `podman save` command now accepts the `--signature-policy` option ([#15869](https://github.com/containers/podman/issues/15869)). +- The `podman pod inspect` command now allows multiple arguments to be passed. If so, it will return a JSON array of the inspected pods ([#15674](https://github.com/containers/podman/issues/15674)). +- A series of new hidden commands have been added under `podman context` as aliases to existing `podman system connection` commands, to improve Docker compatibility. +- The remote Podman client now supports proxying signals for attach sessions when the `--sig-proxy` option is set ([#14707](https://github.com/containers/podman/issues/14707)). + +### Changes +- Duplicate volume mounts are now allowed with the `-v` option to `podman run`, `podman create`, and `podman pod create`, so long as source, destination, and options all match ([#4217](https://github.com/containers/podman/issues/4217)). +- The `podman generate kube` and `podman play kube` commands have been renamed to `podman kube generate` and `podman kube play` to group Kubernetes-related commands. Aliases have been added to ensure the old command names still function. +- A number of Podman commands (`podman init`, `podman container checkpoint`, `podman container restore`, `podman container cleanup`) now print the user-inputted name of the container, instead of its full ID, on success. +- When an unsupported option (e.g. resource limit) is specified for a rootless container on a cgroups v1 system, a warning message is now printed that the limit will not be honored. +- The installer for the Windows Podman client has been improved. +- The `--cpu-rt-period` and `--cpu-rt-runtime` options to `podman run` and `podman create` now print a warning and are ignored on cgroups v2 systems (cgroups v2 having dropped support for these controllers) ([#15666](https://github.com/containers/podman/issues/15666)). +- Privileged containers running systemd will no longer mount `/dev/tty*` devices other than `/dev/tty` itself into the container ([#15878](https://github.com/containers/podman/issues/15878)). +- Events for containers that are part of a pod now include the ID of the pod in the event. +- SSH functionality for `podman machine` commands has seen a thorough rework, addressing many issues about authentication. +- The `--network` option to `podman kube play` now allows passing `host` to set the pod to use host networking, even if the YAML does not request this. +- The `podman inspect` command on containers now includes the digest of the image used to create the container. +- Pods created by `podman play kube` are now, by default, placed into a network named `podman-kube`. If the `podman-kube` network does not exist, it will be created. This ensures pods can connect to each other by their names, as the network has DNS enabled. + +### Bugfixes +- Fixed a bug where the `podman network prune` and `podman container prune` commands did not properly support the `--filter label!=` option ([#14182](https://github.com/containers/podman/issues/14182)). +- Fixed a bug where the `podman kube generate` command added an unnecessary `Secret: null` line to generated YAML ([#15156](https://github.com/containers/podman/issues/15156)). +- Fixed a bug where the `podman kube generate` command did not set `enableServiceLinks` and `automountServiceAccountToken` to false in generated YAML ([#15478](https://github.com/containers/podman/issues/15478) and [#15243](https://github.com/containers/podman/issues/15243)). +- Fixed a bug where the `podman kube play` command did not properly handle CPU limits ([#15726](https://github.com/containers/podman/issues/15726)). +- Fixed a bug where the `podman kube play` command did not respect default values for liveness probes ([#15855](https://github.com/containers/podman/issues/15855)). +- Fixed a bug where the `podman kube play` command did not bind ports if `hostPort` was not specified but `containerPort` was ([#15942](https://github.com/containers/podman/issues/15942)). +- Fixed a bug where the `podman kube play` command sometimes did not create directories on the host for `hostPath` volumes. +- Fixed a bug where the remote Podman client's `podman manifest push` command did not display progress. +- Fixed a bug where the `--filter "{{.Config.Healthcheck}}"` option to `podman image inspect` did not print the image's configured healthcheck ([#14661](https://github.com/containers/podman/issues/14661)). +- Fixed a bug where the `podman volume create -o timeout=` option could be specified even when no volume plugin was in use. +- Fixed a bug where the `podman rmi` command did not emit `untag` events when removing tagged images ([#15485](https://github.com/containers/podman/issues/15485)). +- Fixed a bug where API forwarding with `podman machine` VMs on windows could sometimes fail because the pipe was not created in time ([#14811](https://github.com/containers/podman/issues/14811)). +- Fixed a bug where the `podman pod rm` command could error if removal of a container in the pod was interrupted by a reboot. +- Fixed a bug where the `exited` and `exec died` events for containers did not include the container's labels ([#15617](https://github.com/containers/podman/issues/15617)). +- Fixed a bug where running Systemd containers on a system not using Systemd as PID 1 could fail ([#15647](https://github.com/containers/podman/issues/15647)). +- Fixed a bug where Podman did not pass all necessary environment variables (including `$PATH`) to Conmon when starting containers ([#15707](https://github.com/containers/podman/issues/15707)). +- Fixed a bug where the `podman events` command could function improperly when no events were present ([#15688](https://github.com/containers/podman/issues/15688)). +- Fixed a bug where the `--format` flag to various Podman commands did not properly handle template strings including a newline (`\n`) ([#13446](https://github.com/containers/podman/issues/13446)). +- Fixed a bug where Systemd-managed pods would kill every container in a pod when a single container exited ([#14546](https://github.com/containers/podman/issues/14546)). +- Fixed a bug where the `podman generate systemd` command would generate incorrect YAML for pods created without the `--name` option. +- Fixed a bug where the `podman generate systemd --new` command did not properly set stop timeout ([#16149](https://github.com/containers/podman/issues/16149)). +- Fixed a bug where a broken OCI spec resulting from the system rebooting while a container is being started could cause the `podman inspect` command to be unable to inspect the container until it was restarted. +- Fixed a bug where creating a container with a working directory on an overlay volume would result in the container being unable to start ([#15789](https://github.com/containers/podman/issues/15789)). +- Fixed a bug where attempting to remove a pod with running containers without `--force` would not error and instead would result in the pod, and its remaining containers, being placed in an unusable state ([#15526](https://github.com/containers/podman/issues/15526)). +- Fixed a bug where memory limits reported by `podman stats` could exceed the maximum memory available on the system ([#15765](https://github.com/containers/podman/issues/15765)). +- Fixed a bug where the `podman container clone` command did not properly handle environment variables whose value contained an `=` character ([#15836](https://github.com/containers/podman/issues/15836)). +- Fixed a bug where the remote Podman client would not print the container ID when running the `podman-remote run --attach stdin` command. +- Fixed a bug where the `podman machine list --format json` command did not properly show machine starting status. +- Fixed a bug where automatic updates would not error when attempting to update a container with a non-fully qualified image name ([#15879](https://github.com/containers/podman/issues/15879)). +- Fixed a bug where the `podman pod logs --latest` command could panic ([#15556](https://github.com/containers/podman/issues/15556)). +- Fixed a bug where Podman could leave lingering network namespace mounts on the system if cleaning up the network failed. +- Fixed a bug where specifying an unsupported URI scheme for `podman system service` to listen at would result in a panic. +- Fixed a bug where the `podman kill` command would sometimes not transition containers to the exited state ([#16142](https://github.com/containers/podman/issues/16142)). + +### API +- Fixed a bug where the Compat DF endpoint reported incorrect reference counts for volumes ([#15720](https://github.com/containers/podman/issues/15720)). +- Fixed a bug in the Compat Inspect endpoint for Networks where an incorrect network option was displayed, causing issues with `docker-compose` ([#15580](https://github.com/containers/podman/issues/15580)). +- The Libpod Restore endpoint for Containers now features a new query parameter, `pod`, to set the pod that the container will be restored into ([#15018](https://github.com/containers/podman/issues/15018)). +- Fixed a bug where the REST API could panic while retrieving images. +- Fixed a bug where a cancelled connection to several endpoints could induce a memory leak. + +### Misc +- Error messages when attempting to remove an image used by a non-Podman container have been improved ([#15006](https://github.com/containers/podman/issues/15006)). +- Podman will no longer print a warning that `/` is not a shared mount when run inside a container ([#15295](https://github.com/containers/podman/issues/15295)). +- Work is ongoing to port Podman to FreeBSD. +- The output of `podman generate systemd` has been adjusted to improve readability. +- A number of performance improvements have been made to `podman create` and `podman run`. +- A major reworking of the manpages to ensure duplicated options between commands have the same description text has been performed. +- Updated Buildah to v1.28.0 +- Updated the containers/image library to v5.23.0 +- Updated the containers/storage library to v1.43.0 +- Updated the containers/common library to v0.50.1 + + ------------------------------------------------------------------- Wed Sep 21 02:01:16 UTC 2022 - asarai@suse.com diff --git a/podman.spec b/podman.spec index 97e011e..e1bee18 100644 --- a/podman.spec +++ b/podman.spec @@ -1,7 +1,7 @@ # # spec file for package podman # -# Copyright (c) 2021 SUSE LLC +# Copyright (c) 2022 SUSE LLC # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -15,23 +15,18 @@ # Please submit bugfixes or comments via https://bugs.opensuse.org/ # - +%{!?_user_tmpfilesdir: %global _user_tmpfilesdir %{_datadir}/user-tmpfiles.d} %define project github.com/containers/podman -# Build with libostree-devel in Tumbleweed, Leap 15 and SLES 15 -%if 0%{?suse_version} >= 1500 -%define with_libostree 1 -%endif Name: podman -Version: 4.2.1 +Version: 4.3.1 Release: 0 Summary: Daemon-less container engine for managing containers, pods and images License: Apache-2.0 Group: System/Management -URL: https://github.com/containers/podman +URL: https://%{project} Source0: %{name}-%{version}.tar.xz Source1: podman.conf -Source3: %{name}-rpmlintrc -Source4: README.SUSE.SLES +Source2: README.SUSE.SLES BuildRequires: bash-completion BuildRequires: cni BuildRequires: device-mapper-devel @@ -47,7 +42,7 @@ BuildRequires: libbtrfs-devel BuildRequires: libcontainers-common BuildRequires: libgpgme-devel BuildRequires: libseccomp-devel -BuildRequires: golang(API) = 1.16 +BuildRequires: golang(API) = 1.17 BuildRequires: pkgconfig(libselinux) BuildRequires: pkgconfig(libsystemd) Recommends: apparmor-abstractions @@ -64,9 +59,8 @@ Requires: slirp4netns >= 0.4.0 Requires: timezone Recommends: %{name}-cni-config = %{version} Suggests: katacontainers -%if 0%{?with_libostree} BuildRequires: libostree-devel -%endif + %description Podman is a container engine for managing pods, containers, and container @@ -118,17 +112,22 @@ pages and %{name}. %build # Build podman -BUILDFLAGS="-buildmode=pie" make +BUILDFLAGS="-buildmode=pie" %make_build # Build manpages -make %{?_smp_mflags} docs +%make_build docs %check # Too many tests fail due to the restricted permissions in the build enviroment. # Updates must be tested manually. %install -make DESTDIR=%{buildroot} PREFIX=/usr LIBEXECDIR=%{_libexecdir} install install.completions install.docker +%make_install PREFIX=/usr LIBEXECDIR=%{_libexecdir} install.completions install.docker + +# remove the user tmpfile on SLE/Leap as it cannot handle them +%if 0%{?suse_version} == 1500 +rm %{buildroot}%{_user_tmpfilesdir}/podman-docker.conf +%endif # Add podman modprobe.d drop-in config mkdir -p %{buildroot}%{_prefix}/lib/modules-load.d @@ -136,10 +135,11 @@ install -m 0644 -t %{buildroot}%{_prefix}/lib/modules-load.d/ %{SOURCE1} # README.SUSE is SLES specifc currently %if !0%{?is_opensuse} -install -D -m 0644 %{SOURCE4} %{buildroot}%{_docdir}/%{name}/README.SUSE +install -D -m 0644 %{SOURCE2} %{buildroot}%{_docdir}/%{name}/README.SUSE %endif -%fdupes %{buildroot}/%{_prefix} +%fdupes %{buildroot}/%{_datadir} +%fdupes %{buildroot}/%{_systemd_util_dir} %files %if !0%{?is_opensuse} @@ -194,6 +194,10 @@ install -D -m 0644 %{SOURCE4} %{buildroot}%{_docdir}/%{name}/README.SUSE %files docker %{_bindir}/docker %{_tmpfilesdir}/podman-docker.conf +%if 0%{?suse_version} > 1500 +%{_user_tmpfilesdir}/podman-docker.conf +%dir %{_user_tmpfilesdir} +%endif %post docker %tmpfiles_create %{_tmpfilesdir}/podman-docker.conf From d73f060088f13030a0ab4d98ec314a01cd1dba17ea80e05f1b4a9f41dc13ab70 Mon Sep 17 00:00:00 2001 From: Fabian Vogt Date: Wed, 7 Dec 2022 17:36:12 +0000 Subject: [PATCH 2/2] Accepting request 1041171 from home:dancermak:branches:devel:microos Add patch to fix openQA failures OBS-URL: https://build.opensuse.org/request/show/1041171 OBS-URL: https://build.opensuse.org/package/show/devel:microos/podman?expand=0&rev=11 --- ...issing-hostPort-to-containerPort-is-.patch | 93 +++++++++++++++++++ podman.changes | 4 +- podman.spec | 2 + 3 files changed, 98 insertions(+), 1 deletion(-) create mode 100644 0001-Revert-Default-missing-hostPort-to-containerPort-is-.patch diff --git a/0001-Revert-Default-missing-hostPort-to-containerPort-is-.patch b/0001-Revert-Default-missing-hostPort-to-containerPort-is-.patch new file mode 100644 index 0000000..404f197 --- /dev/null +++ b/0001-Revert-Default-missing-hostPort-to-containerPort-is-.patch @@ -0,0 +1,93 @@ +From 07151aaec3312b3235847106cfd76608c2d823e5 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Dan=20=C4=8Cerm=C3=A1k?= +Date: Wed, 7 Dec 2022 17:28:39 +0100 +Subject: [PATCH] Revert "Default missing hostPort to containerPort is defined + in kube.yaml" + +This reverts commit f5fc0960e5eddf64a7d8fbf8fbfd3652b4ee5db3. +--- + pkg/specgen/generate/kube/kube.go | 3 --- + test/e2e/play_kube_test.go | 6 ++++++ + test/system/700-play.bats | 24 ------------------------ + 3 files changed, 6 insertions(+), 27 deletions(-) + +diff --git a/pkg/specgen/generate/kube/kube.go b/pkg/specgen/generate/kube/kube.go +index 5186a2f72..b707c52a2 100644 +--- a/pkg/specgen/generate/kube/kube.go ++++ b/pkg/specgen/generate/kube/kube.go +@@ -918,9 +918,6 @@ func getPodPorts(containers []v1.Container) []types.PortMapping { + if p.HostPort != 0 && p.ContainerPort == 0 { + p.ContainerPort = p.HostPort + } +- if p.HostPort == 0 && p.ContainerPort != 0 { +- p.HostPort = p.ContainerPort +- } + if p.Protocol == "" { + p.Protocol = "tcp" + } +diff --git a/test/e2e/play_kube_test.go b/test/e2e/play_kube_test.go +index 97823e232..6fe299b38 100644 +--- a/test/e2e/play_kube_test.go ++++ b/test/e2e/play_kube_test.go +@@ -133,6 +133,8 @@ spec: + containers: + - name: podnameEqualsContainerNameYaml + image: quay.io/libpod/alpine:latest ++ ports: ++ - containerPort: 80 + ` + + var podWithoutAName = ` +@@ -237,6 +239,8 @@ spec: + - "1.5" + name: alpine + image: quay.io/libpod/alpine:latest ++ ports: ++ - containerPort: 80 + livenessProbe: + exec: + command: +@@ -270,6 +274,8 @@ spec: + - "1.5" + name: alpine + image: quay.io/libpod/alpine:latest ++ ports: ++ - containerPort: 80 + livenessProbe: + exec: + command: +diff --git a/test/system/700-play.bats b/test/system/700-play.bats +index 5f3eb1ef2..3ff1e1ed6 100644 +--- a/test/system/700-play.bats ++++ b/test/system/700-play.bats +@@ -392,27 +392,3 @@ status: {} + run_podman rm -a -f + run_podman rm -f -t0 myyaml + } +- +-@test "podman kube play - hostport" { +- HOST_PORT=$(random_free_port) +- echo " +-apiVersion: v1 +-kind: Pod +-metadata: +- labels: +- app: test +- name: test_pod +-spec: +- containers: +- - name: server +- image: $IMAGE +- ports: +- - name: hostp +- containerPort: $HOST_PORT +-" > $PODMAN_TMPDIR/testpod.yaml +- +- run_podman kube play $PODMAN_TMPDIR/testpod.yaml +- run_podman pod inspect test_pod --format "{{.InfraConfig.PortBindings}}" +- assert "$output" = "map[$HOST_PORT/tcp:[{ $HOST_PORT}]]" +- run_podman kube down $PODMAN_TMPDIR/testpod.yaml +-} +-- +2.38.1 + diff --git a/podman.changes b/podman.changes index f8e69f6..88e4ffd 100644 --- a/podman.changes +++ b/podman.changes @@ -6,6 +6,8 @@ Tue Nov 22 08:20:16 UTC 2022 - dcermak@suse.com - drop /usr/share/user-tmpfiles.d/podman-docker.conf on SLE & Leap - remove rpmlintrc (contained only obsolete filters) - remove obsolete with_libostree (we don't build on anything older than SLE 15) +- add patch: 0001-Revert-Default-missing-hostPort-to-containerPort-is-.patch + (hotfix for https://github.com/containers/podman/issues/16765) - Update to version 4.3.1: 4.3.1: @@ -136,7 +138,7 @@ Wed Sep 21 02:01:16 UTC 2022 - asarai@suse.com * fix podman events with custom format * Drop stale config value resulting in asymmetric config * Fix list of default capabilities - * Add container GID to additional groups + * Add container GID to additional groups (CVE-2022-2989 / bsc#1202809, removes patch 0001-Add-container-GID-to-additional-groups.patch) * libpod: Ensure that generated container names are random * Fix bind-mount-option annotation in gen/play kube * Improved Windows compatibility for machine command diff --git a/podman.spec b/podman.spec index e1bee18..9219b65 100644 --- a/podman.spec +++ b/podman.spec @@ -27,6 +27,8 @@ URL: https://%{project} Source0: %{name}-%{version}.tar.xz Source1: podman.conf Source2: README.SUSE.SLES +# hotfix for https://github.com/containers/podman/issues/16765 +Patch0: 0001-Revert-Default-missing-hostPort-to-containerPort-is-.patch BuildRequires: bash-completion BuildRequires: cni BuildRequires: device-mapper-devel