rpm/podman
SHA256
1
0
Fork 0
forked from pool/podman
Code Pull Requests Activity

Accepting request 1192031 from devel:microos

Browse Source 
OBS-URL: https://build.opensuse.org/request/show/1192031
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/podman?expand=0&rev=138
This commit is contained in:
Dominique Leuenberger 2024-08-08 08:57:02 +00:00 committed by Git OBS Bridge
commit 7234f2b4df
8 changed files with 171 additions and 96 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

84
0001-Backport-fix-for-CVE-2024-6104.patch
View File

@ -1,84 +0,0 @@
From 1a3445769d0a3c392487ec9480c0bfad07bde063 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Dan=20=C4=8Cerm=C3=A1k?= <dcermak@suse.com>
Date: Sun, 30 Jun 2024 16:09:52 +0200
Subject: [PATCH] Backport fix for CVE-2024-6104
This is https://github.com/hashicorp/go-retryablehttp/pull/158 only directly
applied to the vendor/ source tree
See also https://github.com/advisories/GHSA-v6v8-xj6m-xwqh
---
.../hashicorp/go-retryablehttp/client.go | 28 ++++++++++++++-----
1 file changed, 21 insertions(+), 7 deletions(-)
diff --git a/vendor/github.com/hashicorp/go-retryablehttp/client.go b/vendor/github.com/hashicorp/go-retryablehttp/client.go
index 12ac50bcc..efee53c40 100644
--- a/vendor/github.com/hashicorp/go-retryablehttp/client.go
+++ b/vendor/github.com/hashicorp/go-retryablehttp/client.go
@@ -658,9 +658,9 @@ func (c *Client) Do(req *Request) (*http.Response, error) {
if logger != nil {
switch v := logger.(type) {
case LeveledLogger:
- v.Debug("performing request", "method", req.Method, "url", req.URL)
+ v.Debug("performing request", "method", req.Method, "url", redactURL(req.URL))
case Logger:
- v.Printf("[DEBUG] %s %s", req.Method, req.URL)
+ v.Printf("[DEBUG] %s %s", req.Method, redactURL(req.URL))
}
}
@@ -715,9 +715,9 @@ func (c *Client) Do(req *Request) (*http.Response, error) {
if err != nil {
switch v := logger.(type) {
case LeveledLogger:
- v.Error("request failed", "error", err, "method", req.Method, "url", req.URL)
+ v.Error("request failed", "error", err, "method", req.Method, "url", redactURL(req.URL))
case Logger:
- v.Printf("[ERR] %s %s request failed: %v", req.Method, req.URL, err)
+ v.Printf("[ERR] %s %s request failed: %v", req.Method, redactURL(req.URL), err)
}
} else {
// Call this here to maintain the behavior of logging all requests,
@@ -753,7 +753,7 @@ func (c *Client) Do(req *Request) (*http.Response, error) {
wait := c.Backoff(c.RetryWaitMin, c.RetryWaitMax, i, resp)
if logger != nil {
- desc := fmt.Sprintf("%s %s", req.Method, req.URL)
+ desc := fmt.Sprintf("%s %s", req.Method, redactURL(req.URL))
if resp != nil {
desc = fmt.Sprintf("%s (status: %d)", desc, resp.StatusCode)
}
@@ -818,11 +818,11 @@ func (c *Client) Do(req *Request) (*http.Response, error) {
// communicate why
if err == nil {
return nil, fmt.Errorf("%s %s giving up after %d attempt(s)",
- req.Method, req.URL, attempt)
+ req.Method, redactURL(req.URL), attempt)
}
return nil, fmt.Errorf("%s %s giving up after %d attempt(s): %w",
- req.Method, req.URL, attempt, err)
+ req.Method, redactURL(req.URL), attempt, err)
}
// Try to read the response body so we can reuse this connection.
@@ -903,3 +903,17 @@ func (c *Client) StandardClient() *http.Client {
Transport: &RoundTripper{Client: c},
}
}
+
+// Taken from url.URL#Redacted() which was introduced in go 1.15.
+// We can switch to using it directly if we'll bump the minimum required go version.
+func redactURL(u *url.URL) string {
+ if u == nil {
+ return ""
+ }
+
+ ru := *u
+ if _, has := ru.User.Password(); has {
+ ru.User = url.UserPassword(ru.User.Username(), "xxxxx")
+ }
+ return ru.String()
+}
--
2.45.2

2
_service
View File

@ -2,7 +2,7 @@
<service name="obs_scm" mode="manual">
<param name="url">https://github.com/containers/podman.git</param>
<param name="scm">git</param>
<param name="revision">v5.1.2</param>
<param name="revision">v5.2.0</param>
<param name="versionformat">@PARENT_TAG@</param>
<param name="changesgenerate">enable</param>
<param name="versionrewrite-pattern">v(.*)</param>

2
_servicedata
View File

@ -1,4 +1,4 @@
<servicedata>
<service name="tar_scm">
<param name="url">https://github.com/containers/podman.git</param>
<param name="changesrevision">94a24974ab345324db1a1489c924af4b89d2d0e9</param></service></servicedata>
<param name="changesrevision">b22d5c61eef93475413724f49fd6a32980d2c746</param></service></servicedata>

3
podman-5.1.2.obscpio
View File

@ -1,3 +0,0 @@
version https://git-lfs.github.com/spec/v1
oid sha256:86ae9f9404e0f605de8cb2f056dd61a8929038c4e6eecacb7b5fc903ad4f2471
size 109458446

3
podman-5.2.0.obscpio Normal file
View File

@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:af6c274fbcbd4b432e137f8ca0c43bd638d2a286bd3cb0a2455e05c22bb64a7a
size 109566478

159
podman.changes
View File

@ -1,3 +1,162 @@
-------------------------------------------------------------------
Fri Aug 02 12:32:21 UTC 2024 - dcermak@suse.com
- Update to version 5.2.0:
### Features
- Podman now supports `libkrun` as a backend for creating virtual machines on
MacOS. The `libkrun` backend has the advantage of allowing GPUs to be mounted
into the virtual machine to accelerate tasks. The default backend remains
`applehv`.
- Quadlet now has support for `.build` files, which allows images to be built by
Quadlet and then used by Quadlet containers.
- Quadlet `.container` files now support two new fields, `LogOpt` to specify
container logging configuration and `StopSignal` to specify container stop
signal ([#23050](https://github.com/containers/podman/issues/23050)).
- Quadlet `.container` and `.pod` files now support a new field, `NetworkAlias`,
to add network aliases.
- Quadlet drop-in search paths have been expanded to include top-level type
drop-ins (`container.d`, `pod.d`) and truncated unit drop-ins
(`unit-.container.d`)
([#23158](https://github.com/containers/podman/issues/23158)).
- Podman now supports a new command, `podman system check`, which will identify
(and, if possible, correct) corruption within local container storage.
- The `podman machine reset` command will now reset all providers available on
the current operating system (e.g. ensuring that both HyperV and WSL `podman
machine` VMs will be removed on Windows).
### Changes
- Podman now requires the new kernel mount API, introducing a dependency on
Linux Kernel v5.2 or higher.
- Quadlet `.image` units now have a dependency on `network-online.target`
([#21873](https://github.com/containers/podman/issues/21873)).
- The `--device` option to `podman create` and `podman run` is no longer ignored
when `--privileged` is also specified
([#23132](https://github.com/containers/podman/issues/23132)).
- The `podman start` and `podman stop` commands no longer print the full ID of
the pod started/stopped, but instead the user's input used to specify the pod
(e.g. `podman pod start b` will print `b` instead of the pod's full ID)
([#22590](https://github.com/containers/podman/issues/22590)).
- Virtual machines created by `podman machine` on Linux now use `virtiofs`
instead of `9p` for mounting host filesystems. Existing mounts will be
transparently changed on machine restart or recreation. This should improve
performance and reliability of host mounts. This requires the installation of
`virtiofsd` on the host system to function.
- Using both the `--squash` and `--layers=false` options to `podman build` at
the same time is now allowed.
- Podman now passes container's stop timeout to systemd when creating cgroups,
causing it to be honored when systemd stops the scope. This should prevent
hangs on system shutdown due to running Podman containers.
- The `--volume-driver` option to `podman machine init` is now deprecated.
### Bugfixes
- Fixed a bug where rootless containers created with the `--sdnotify=healthy`
option could panic when started
([#22651](https://github.com/containers/podman/issues/22651)).
- Fixed a bug where containers created with the `--sdnotify=healthy` option that
exited quickly would sometimes return an error instead of notifying that the
container was ready
([#22760](https://github.com/containers/podman/issues/22760)).
- Fixed a bug where the `podman system reset` command did not remove the
containers/image blob cache
([#22825](https://github.com/containers/podman/issues/22825)).
- Fixed a bug where Podman would sometimes create a cgroup for itself even when
the `--cgroups=disabled` option was specified at container creation time
([#20910](https://github.com/containers/podman/issues/20910)).
- Fixed a bug where the `/etc/hosts` file in a container was not created with a
newline at the end of the file
([#22729](https://github.com/containers/podman/issues/22729)).
- Fixed a bug where the `podman start` command could sometimes panic when
starting a container in the stopped state.
- Fixed a bug where the `podman system renumber` command would fail if volumes
existed when using the `sqlite` database backend
([#23052](https://github.com/containers/podman/issues/23052)).
- Fixed a bug where the `podman container restore` command could not
successfully restore a container in a pod.
- Fixed a bug where an error message from `podman diff` would suggest using the
`--latest` option when using the remote Podman client
([#23038](https://github.com/containers/podman/issues/23038)).
- Fixed a bug where user could assign more memory to a Podman machine than
existed on the host
([#18206](https://github.com/containers/podman/issues/18206)).
- Fixed a bug where the `podman events` command was rarely unable to report
errors that occurred
([#23165](https://github.com/containers/podman/issues/23165)).
- Fixed a bug where containers run in systemd units would sometimes not be
removed correctly on exit when using the `--cidfile` option.
- Fixed a bug where the first Podman command run after a reboot could cause hang
when using transient mode
([#22984](https://github.com/containers/podman/issues/22984)).
- Fixed a bug where Podman could throw errors about a database configuration
mismatch if certain paths did not exist on the host.
- Fixed a bug where the `podman run` and `podman start` commands could throw
strange errors if another Podman process stopped the container at a midpoint
in the process of starting
([#23246](https://github.com/containers/podman/issues/23246)).
- Fixed a bug where the `podman system service` command could leak a mount on
termination.
- Fixed a bug where the Podman remote client would panic if an invalid image
filter was passed to `podman images`
([#23120](https://github.com/containers/podman/issues/23120)).
- Fixed a bug where the `podman auto-update` and `podman system df` commands
could fail when a container was removed while the command was running
([#23279](https://github.com/containers/podman/issues/23279)).
- Fixed a bug where the `podman machine init` command could panic when trying to
decompress an empty file when preparing the VM image
([#23281](https://github.com/containers/podman/issues/23281)).
- Fixed a bug where the `podman ps --pod` and `podman pod stats` commands could
sometimes fail when a pod was removed while the command was running
([#23282](https://github.com/containers/podman/issues/23282)).
- Fixed a bug where the `podman stats` and `podman pod stats` commands would
sometimes exit with a `container is stopped` error when showing all containers
(or pod containers, for `pod stats`) if a container stopped while the command
was running ([#23334](https://github.com/containers/podman/issues/23334)).
- Fixed a bug where the output of container healthchecks was not properly logged
if it did not include a final newline
([#23332](https://github.com/containers/podman/issues/23332)).
- Fixed a bug where the port forwarding firewall rules of an existing container
could be be overwritten when starting a second container which forwarded the
same port on the host even if the second container failed to start as the
port was already bound.
- Fixed a bug where the containers created by the `podman play kube` command
could sometimes not properly clean up their network stacks
([#21569](https://github.com/containers/podman/issues/21569)).
### API
- The Build API for Images now accepts a comma-separated list in the Platform
query parameter, allowing a single API call to built an image for multiple
architectures ([#22071](https://github.com/containers/podman/issues/22071)).
- Fixed a bug where the Remove endpoint for Volumes would return an incorrectly
formatted error when called with an ambiguous volume name
([#22616](https://github.com/containers/podman/issues/22616)).
- Fixed a bug where the Stats endpoint for Containers would return an
incorrectly formatted error when called on a container that did not exist
([#22612](https://github.com/containers/podman/issues/22612)).
- Fixed a bug where the Start endpoint for Pods would return a 409 error code in
cases where a 500 error code should have been returned
([#22989](https://github.com/containers/podman/issues/22989)).
- Fixed a bug where the Top endpoint for Pods would return a 200 status code and
then subsequently an error
([#22986](https://github.com/containers/podman/issues/22986)).
### Misc
- Podman no longer requires all parent directories of its root and runroot to be
world-executable
([#23028](https://github.com/containers/podman/issues/23028)).
- Error messages from the `podman build` command when the `-f` option is given,
but points to a file that does not exist, have been improved
([#22940](https://github.com/containers/podman/issues/22940)).
- The Podman windows installer is now built using WiX 5.
- Updated the gvisor-tap-vsock library to v0.7.4. This release contains a fix
for a gvproxy crash on macOS when there is heavy network traffic on a fast
link.
- Updated Buildah to v1.37.0
- Updated the containers/image library to v5.32.0
- Updated the containers/storage library to v1.55.0
- Updated the containers/common library to v0.60.0
- Remove patch: 0001-Backport-fix-for-CVE-2024-6104.patch (merged upstream)
-------------------------------------------------------------------
Thu Jul 11 07:34:21 UTC 2024 - danish.prakash@suse.com

6
podman.obsinfo
View File

@ -1,4 +1,4 @@
name: podman
version: 5.1.2
mtime: 1720614055
commit: 94a24974ab345324db1a1489c924af4b89d2d0e9
version: 5.2.0
mtime: 1722533522
commit: b22d5c61eef93475413724f49fd6a32980d2c746

8
podman.spec
View File

@ -22,7 +22,7 @@
%bcond_without apparmor
Name: podman
Version: 5.1.2
Version: 5.2.0
Release: 0
Summary: Daemon-less container engine for managing containers, pods and images
License: Apache-2.0
@ -30,7 +30,6 @@ Group: System/Management
URL: https://%{project}
Source0: %{name}-%{version}.tar.gz
Source1: podman.conf
Patch0: 0001-Backport-fix-for-CVE-2024-6104.patch
BuildRequires: man
BuildRequires: bash-completion
BuildRequires: device-mapper-devel
@ -222,6 +221,7 @@ install -m 0644 -t %{buildroot}%{_prefix}/lib/modules-load.d/ %{SOURCE1}
%{_userunitdir}/podman-kube@.service
%{_userunitdir}/podman-restart.service
%{_userunitdir}/podman-auto-update.timer
%{_userunitdir}/podman-clean-transient.service
%{_systemdusergeneratordir}/podman-user-generator
%{_systemdgeneratordir}/podman-system-generator
%ghost /run/podman
@ -263,10 +263,10 @@ install -m 0644 -t %{buildroot}%{_prefix}/lib/modules-load.d/ %{SOURCE1}
%preun
%service_del_preun podman.service podman.socket podman-auto-update.service podman-restart.service podman-auto-update.timer podman-clean-transient.service
%systemd_user_preun podman.service podman.socket podman-auto-update.service podman-restart.service podman-auto-update.timer
%systemd_user_preun podman.service podman.socket podman-auto-update.service podman-restart.service podman-auto-update.timer podman-clean-transient.service
%postun
%service_del_postun podman.service podman.socket podman-auto-update.service podman-restart.service podman-auto-update.timer podman-clean-transient.service
%systemd_user_postun podman.service podman.socket podman-auto-update.service podman-restart.service podman-auto-update.timer
%systemd_user_postun podman.service podman.socket podman-auto-update.service podman-restart.service podman-auto-update.timer podman-clean-transient.service
%changelog