Accepting request 1253034 from devel:microos

update to 5.4.1 and drop patch 0001-CVE-2025-27144-vendor-don-t-allow-unbounded-amounts-.patch (forwarded request 1252224 from ojkastl_buildservice)

OBS-URL: https://build.opensuse.org/request/show/1253034
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/podman?expand=0&rev=154

0001-CVE-2025-27144-vendor-don-t-allow-unbounded-amounts-.patch

@@ -1,60 +0,0 @@
-From 30b8c23e81ef0328586b49075e78ca4ea1a11bc7 Mon Sep 17 00:00:00 2001
-From: Matthew McPherrin <git@mcpherrin.ca>
-Date: Mon, 24 Feb 2025 14:42:50 -0500
-Subject: [PATCH] CVE-2025-27144: vendor: don't allow unbounded amounts of
- splits
-
-In compact JWS/JWE, don't allow unbounded number of splits.
-Count to make sure there's the right number, then use SplitN.
-
-This fixes CVE-2025-27144
-This fixes bsc#1237641
-
-Cherry-picked from
-go-jose/go-jose@99b346c
-
-Signed-off-by: Danish Prakash <contact@danishpraka.sh>
----
- vendor/github.com/go-jose/go-jose/v4/jwe.go | 5 +++--
- vendor/github.com/go-jose/go-jose/v4/jws.go | 5 +++--
- 2 files changed, 6 insertions(+), 4 deletions(-)
-
-diff --git a/vendor/github.com/go-jose/go-jose/v4/jwe.go b/vendor/github.com/go-jose/go-jose/v4/jwe.go
-index 89f03ee3e1e6..9f1322dccc9c 100644
---- a/vendor/github.com/go-jose/go-jose/v4/jwe.go
-+++ b/vendor/github.com/go-jose/go-jose/v4/jwe.go
-@@ -288,10 +288,11 @@ func ParseEncryptedCompact(
- 	keyAlgorithms []KeyAlgorithm,
- 	contentEncryption []ContentEncryption,
- ) (*JSONWebEncryption, error) {
--	parts := strings.Split(input, ".")
--	if len(parts) != 5 {
-+	// Five parts is four separators
-+	if strings.Count(input, ".") != 4 {
- 		return nil, fmt.Errorf("go-jose/go-jose: compact JWE format must have five parts")
- 	}
-+	parts := strings.SplitN(input, ".", 5)
- 
- 	rawProtected, err := base64.RawURLEncoding.DecodeString(parts[0])
- 	if err != nil {
-diff --git a/vendor/github.com/go-jose/go-jose/v4/jws.go b/vendor/github.com/go-jose/go-jose/v4/jws.go
-index 3a912301afc2..d09d8ba5078c 100644
---- a/vendor/github.com/go-jose/go-jose/v4/jws.go
-+++ b/vendor/github.com/go-jose/go-jose/v4/jws.go
-@@ -327,10 +327,11 @@ func parseSignedCompact(
- 	payload []byte,
- 	signatureAlgorithms []SignatureAlgorithm,
- ) (*JSONWebSignature, error) {
--	parts := strings.Split(input, ".")
--	if len(parts) != 3 {
-+	// Three parts is two separators
-+	if strings.Count(input, ".") != 2 {
- 		return nil, fmt.Errorf("go-jose/go-jose: compact JWS format must have three parts")
- 	}
-+	parts := strings.SplitN(input, ".", 3)
- 
- 	if parts[1] != "" && payload != nil {
- 		return nil, fmt.Errorf("go-jose/go-jose: payload is not detached")
--- 
-2.46.0
-

_service

@@ -2,7 +2,7 @@
   <service name="obs_scm" mode="manual">
     <param name="url">https://github.com/containers/podman.git</param>
     <param name="scm">git</param>
-    <param name="revision">v5.4.0</param>
+    <param name="revision">v5.4.1</param>
     <param name="versionformat">@PARENT_TAG@</param>
     <param name="changesgenerate">enable</param>
     <param name="versionrewrite-pattern">v(.*)</param>

_servicedata

@@ -1,4 +1,4 @@
 <servicedata>
 <service name="tar_scm">
                 <param name="url">https://github.com/containers/podman.git</param>
-              <param name="changesrevision">f9f7d48b24b1ca4403f189caaeab1cb8ff4a9aa2</param></service></servicedata>
+              <param name="changesrevision">b79bc8afe796cba51dd906270a7e1056ccdfcf9e</param></service></servicedata>

podman-5.4.0.obscpio

@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:6bf980846212f7be2a3e82fee74d5ee3d34dfabd8ad24b86da557861fd2db1ed
-size 119035918

podman-5.4.1.obscpio

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:16be7292e16b91a3d8ee4ad8dd5d1284c3c910c3392fbc8e66186d9be850c6bc
+size 119042062

podman.changes

@@ -1,3 +1,31 @@
+-------------------------------------------------------------------
+Wed Mar 12 06:55:21 UTC 2025 - opensuse_buildservice@ojkastl.de
+
+- Update to version 5.4.1:
+  * Bugfixes
+    - Fixed a bug where volume quotas were not being applied
+      (#25368).
+    - Fixed a bug where the --pid-limit=-1 option did not function
+      properly with containers using the runc OCI runtime.
+    - Fixed a bug where the podman artifact pull command did not
+      respect the --retry-delay option.
+    - Fixed a bug where Podman would leak a file and directory for
+      every container created.
+    - Fixed a bug where the podman wait command would sometimes
+      error when waiting for a container set to auto-remove.
+    - Fixed a bug where Quadlet .kube units would not report an
+      error (and stay running) even when a pod failed to start
+      (#20667).
+  * API
+    - Fixed a bug where the Compat DF endpoint did not correctly
+      report total size of all images.
+  * Misc
+    - Updated Buildah to v1.39.2
+    - Updated the containers/common library to v0.62.1
+    - Updated the containers/image library to v5.34.1
+- drop patch
+  0001-CVE-2025-27144-vendor-don-t-allow-unbounded-amounts-.patch
+
 -------------------------------------------------------------------
 Mon Mar 10 08:22:39 UTC 2025 - Danish Prakash <danish.prakash@suse.com>
 

podman.obsinfo

@@ -1,4 +1,4 @@
 name: podman
-version: 5.4.0
-mtime: 1739290083
-commit: f9f7d48b24b1ca4403f189caaeab1cb8ff4a9aa2
+version: 5.4.1
+mtime: 1741713733
+commit: b79bc8afe796cba51dd906270a7e1056ccdfcf9e

podman.spec

@@ -22,7 +22,7 @@
 %bcond_without  apparmor
 
 Name:           podman
-Version:        5.4.0
+Version:        5.4.1
 Release:        0
 Summary:        Daemon-less container engine for managing containers, pods and images
 License:        Apache-2.0
@@ -30,7 +30,6 @@ Group:          System/Management
 URL:            https://%{project}
 Source0:        %{name}-%{version}.tar.gz
 Source1:        podman.conf
-Patch0:         0001-CVE-2025-27144-vendor-don-t-allow-unbounded-amounts-.patch
 BuildRequires:  man
 BuildRequires:  bash-completion
 BuildRequires:  device-mapper-devel