- Update to version 5.2.4:

* Bump to v5.2.4 * Update release notes for v5.2.4 * Validate the bind-propagation option to `--mount` CVE-2024-9407 (bsc#1231208) * Bump Buildah to v1.37.4 * vendor: update c/common to v0.60.4 CVE-2024-9341 (bsc#1231230) * Bump to v5.2.4-dev - Removed patch: * 0001-Update-c-common-to-fix-CVE-2024-9341.patch (merged upstream) OBS-URL: https://build.opensuse.org/package/show/devel:microos/podman?expand=0&rev=68
2024-10-08 13:13:50 +00:00 · 2024-10-08 13:13:50 +00:00 · a7b22dc3e3
commit a7b22dc3e3
parent 39658542b2
8 changed files with 22 additions and 105 deletions
--- a/0001-Update-c-common-to-fix-CVE-2024-9341.patch
+++ b/0001-Update-c-common-to-fix-CVE-2024-9341.patch
@ -1,95 +0,0 @@
-From 16ef9d253fe1ec94162178557bdc36a1e634678f Mon Sep 17 00:00:00 2001
-From: Danish Prakash <contact@danishpraka.sh>
-Date: Fri, 4 Oct 2024 13:42:48 +0530
-Subject: [PATCH] Update c/common to fix CVE-2024-9341
-
-Fixes CVE-2024-9341
-
-Signed-off-by: Paul Holzinger <pholzing@redhat.com>
-Signed-off-by: Danish Prakash <contact@danishpraka.sh>
---
- go.mod                                                      | 2 +-
- go.sum                                                      | 4 ++--
- .../containers/common/pkg/subscriptions/subscriptions.go    | 6 +++++-
- vendor/github.com/containers/common/version/version.go      | 2 +-
- vendor/modules.txt                                          | 2 +-
- 5 files changed, 10 insertions(+), 6 deletions(-)
-
-diff --git a/go.mod b/go.mod
-index f3820edd0372..d53d70bb0ebb 100644
--- a/go.mod
-+++ b/go.mod
-@@ -13,7 +13,7 @@ require (
- 	github.com/checkpoint-restore/go-criu/v7 v7.1.0
- 	github.com/containernetworking/plugins v1.5.1
- 	github.com/containers/buildah v1.37.3
-	github.com/containers/common v0.60.3
-+	github.com/containers/common v0.60.4
- 	github.com/containers/conmon v2.0.20+incompatible
- 	github.com/containers/gvisor-tap-vsock v0.7.4
- 	github.com/containers/image/v5 v5.32.2
-diff --git a/go.sum b/go.sum
-index 4b83f1c8ff6a..67b58d680563 100644
--- a/go.sum
-+++ b/go.sum
-@@ -79,8 +79,8 @@ github.com/containernetworking/plugins v1.5.1 h1:T5ji+LPYjjgW0QM+KyrigZbLsZ8jaX+
- github.com/containernetworking/plugins v1.5.1/go.mod h1:MIQfgMayGuHYs0XdNudf31cLLAC+i242hNm6KuDGqCM=
- github.com/containers/buildah v1.37.3 h1:nSmbdBqaRMjvTtwVuOKZGT2jefaUKsZXbgpH9b4HzIs=
- github.com/containers/buildah v1.37.3/go.mod h1:alFCM3X0xfhE6ZjsFQkUlOMyKzOnbv9FL9fe1Ho48PA=
-github.com/containers/common v0.60.3 h1:pToT7gtFx/KWyMtWw98g4pIbW54i9KfGH2QrdN2s1io=
-github.com/containers/common v0.60.3/go.mod h1:I0upBi1qJX3QmzGbUOBN1LVP6RvkKhd3qQpZbQT+Q54=
-+github.com/containers/common v0.60.4 h1:H5+LAMHPZEqX6vVNOQ+IguVsaFl8kbO/SZ/VPXjxhy0=
-+github.com/containers/common v0.60.4/go.mod h1:I0upBi1qJX3QmzGbUOBN1LVP6RvkKhd3qQpZbQT+Q54=
- github.com/containers/conmon v2.0.20+incompatible h1:YbCVSFSCqFjjVwHTPINGdMX1F6JXHGTUje2ZYobNrkg=
- github.com/containers/conmon v2.0.20+incompatible/go.mod h1:hgwZ2mtuDrppv78a/cOBNiCm6O0UMWGx1mu7P00nu5I=
- github.com/containers/gvisor-tap-vsock v0.7.4 h1:iOtr/KEi+r599OOx1+9Qbss91jD5yxh1HO35MKTdths=
-diff --git a/vendor/github.com/containers/common/pkg/subscriptions/subscriptions.go b/vendor/github.com/containers/common/pkg/subscriptions/subscriptions.go
-index ded66365bb47..a6538ffb9082 100644
--- a/vendor/github.com/containers/common/pkg/subscriptions/subscriptions.go
-+++ b/vendor/github.com/containers/common/pkg/subscriptions/subscriptions.go
-@@ -11,6 +11,7 @@ import (
- 	"github.com/containers/common/pkg/umask"
- 	"github.com/containers/storage/pkg/fileutils"
- 	"github.com/containers/storage/pkg/idtools"
-+	securejoin "github.com/cyphar/filepath-securejoin"
- 	rspec "github.com/opencontainers/runtime-spec/specs-go"
- 	"github.com/opencontainers/selinux/go-selinux/label"
- 	"github.com/sirupsen/logrus"
-@@ -346,7 +347,10 @@ func addFIPSModeSubscription(mounts *[]rspec.Mount, containerRunDir, mountPoint,
- 
- 	srcBackendDir := "/usr/share/crypto-policies/back-ends/FIPS"
- 	destDir := "/etc/crypto-policies/back-ends"
-	srcOnHost := filepath.Join(mountPoint, srcBackendDir)
-+	srcOnHost, err := securejoin.SecureJoin(mountPoint, srcBackendDir)
-+	if err != nil {
-+		return fmt.Errorf("resolve %s in the container: %w", srcBackendDir, err)
-+	}
- 	if err := fileutils.Exists(srcOnHost); err != nil {
- 		if errors.Is(err, os.ErrNotExist) {
- 			return nil
-diff --git a/vendor/github.com/containers/common/version/version.go b/vendor/github.com/containers/common/version/version.go
-index 3703dc8d93fb..8f30e4688179 100644
--- a/vendor/github.com/containers/common/version/version.go
-+++ b/vendor/github.com/containers/common/version/version.go
-@@ -1,4 +1,4 @@
- package version
- 
- // Version is the version of the build.
-const Version = "0.60.3"
-+const Version = "0.60.4"
-diff --git a/vendor/modules.txt b/vendor/modules.txt
-index dd7c7b81638b..b9ab6aeaf263 100644
--- a/vendor/modules.txt
-+++ b/vendor/modules.txt
-@@ -170,7 +170,7 @@ github.com/containers/buildah/pkg/sshagent
- github.com/containers/buildah/pkg/util
- github.com/containers/buildah/pkg/volumes
- github.com/containers/buildah/util
-# github.com/containers/common v0.60.3
-+# github.com/containers/common v0.60.4
- ## explicit; go 1.21.0
- github.com/containers/common/internal
- github.com/containers/common/internal/attributedstring
-- 
-2.46.0
-
--- a/2
+++ b/2
@ -2,7 +2,7 @@
  <service name="obs_scm" mode="manual">
    <param name="url">https://github.com/containers/podman.git</param>
    <param name="scm">git</param>
-    <param name="revision">v5.2.3</param>
+    <param name="revision">v5.2.4</param>
    <param name="versionformat">@PARENT_TAG@</param>
    <param name="changesgenerate">enable</param>
    <param name="versionrewrite-pattern">v(.*)</param>
--- a/2
+++ b/2
@ -1,4 +1,4 @@
 <servicedata>
 <service name="tar_scm">
                <param name="url">https://github.com/containers/podman.git</param>
-              <param name="changesrevision">c5366a308e89edd9636b66faf79bd5cb18ed0905</param></service></servicedata>
+              <param name="changesrevision">76d0859d9f6e5d7c84392da9dcd2fae3447f789d</param></service></servicedata>
--- a/podman-5.2.3.obscpio
+++ b/podman-5.2.3.obscpio
@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:68afd310737244fa8a86cd852d5eb047c529b0b666b7e3e3a04dafe5b07bb4dd
-size 109700110
--- a/podman-5.2.4.obscpio
+++ b/podman-5.2.4.obscpio
@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:d98c93f568b31cecc530b86cfd0078fb290f72ec0ab61649b63ca4407173a809
+size 109701646
--- a/podman.changes
+++ b/podman.changes
@ -1,3 +1,16 @@
+-------------------------------------------------------------------
+Tue Oct 08 07:05:58 UTC 2024 - madhankumar.chellamuthu@suse.com
+
+- Update to version 5.2.4:
+  * Bump to v5.2.4
+  * Update release notes for v5.2.4
+  * Validate the bind-propagation option to `--mount` CVE-2024-9407 (bsc#1231208)
+  * Bump Buildah to v1.37.4
+  * vendor: update c/common to v0.60.4 CVE-2024-9341 (bsc#1231230)
+  * Bump to v5.2.4-dev
+- Removed patch:
+  * 0001-Update-c-common-to-fix-CVE-2024-9341.patch (merged upstream)
+
 -------------------------------------------------------------------
 Fri Oct  4 08:27:53 UTC 2024 - Alexandre Vicenzi <alexandre.vicenzi@suse.com>

--- a/podman.obsinfo
+++ b/podman.obsinfo
@ -1,4 +1,4 @@
 name: podman
-version: 5.2.3
-mtime: 1727187376
-commit: c5366a308e89edd9636b66faf79bd5cb18ed0905
+version: 5.2.4
+mtime: 1728308549
+commit: 76d0859d9f6e5d7c84392da9dcd2fae3447f789d
--- a/podman.spec
+++ b/podman.spec
@ -22,7 +22,7 @@
 %bcond_without  apparmor

 Name:           podman
-Version:        5.2.3
+Version:        5.2.4
 Release:        0
 Summary:        Daemon-less container engine for managing containers, pods and images
 License:        Apache-2.0
@ -30,7 +30,6 @@ Group:          System/Management
 URL:            https://%{project}
 Source0:        %{name}-%{version}.tar.gz
 Source1:        podman.conf
-Patch0:         0001-Update-c-common-to-fix-CVE-2024-9341.patch
 BuildRequires:  man
 BuildRequires:  bash-completion
 BuildRequires:  device-mapper-devel