forked from pool/podman
Accepting request 1192031 from devel:microos
OBS-URL: https://build.opensuse.org/request/show/1192031 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/podman?expand=0&rev=138
This commit is contained in:
commit
7234f2b4df
@ -1,84 +0,0 @@
|
|||||||
From 1a3445769d0a3c392487ec9480c0bfad07bde063 Mon Sep 17 00:00:00 2001
|
|
||||||
From: =?UTF-8?q?Dan=20=C4=8Cerm=C3=A1k?= <dcermak@suse.com>
|
|
||||||
Date: Sun, 30 Jun 2024 16:09:52 +0200
|
|
||||||
Subject: [PATCH] Backport fix for CVE-2024-6104
|
|
||||||
|
|
||||||
This is https://github.com/hashicorp/go-retryablehttp/pull/158 only directly
|
|
||||||
applied to the vendor/ source tree
|
|
||||||
See also https://github.com/advisories/GHSA-v6v8-xj6m-xwqh
|
|
||||||
---
|
|
||||||
.../hashicorp/go-retryablehttp/client.go | 28 ++++++++++++++-----
|
|
||||||
1 file changed, 21 insertions(+), 7 deletions(-)
|
|
||||||
|
|
||||||
diff --git a/vendor/github.com/hashicorp/go-retryablehttp/client.go b/vendor/github.com/hashicorp/go-retryablehttp/client.go
|
|
||||||
index 12ac50bcc..efee53c40 100644
|
|
||||||
--- a/vendor/github.com/hashicorp/go-retryablehttp/client.go
|
|
||||||
+++ b/vendor/github.com/hashicorp/go-retryablehttp/client.go
|
|
||||||
@@ -658,9 +658,9 @@ func (c *Client) Do(req *Request) (*http.Response, error) {
|
|
||||||
if logger != nil {
|
|
||||||
switch v := logger.(type) {
|
|
||||||
case LeveledLogger:
|
|
||||||
- v.Debug("performing request", "method", req.Method, "url", req.URL)
|
|
||||||
+ v.Debug("performing request", "method", req.Method, "url", redactURL(req.URL))
|
|
||||||
case Logger:
|
|
||||||
- v.Printf("[DEBUG] %s %s", req.Method, req.URL)
|
|
||||||
+ v.Printf("[DEBUG] %s %s", req.Method, redactURL(req.URL))
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
@@ -715,9 +715,9 @@ func (c *Client) Do(req *Request) (*http.Response, error) {
|
|
||||||
if err != nil {
|
|
||||||
switch v := logger.(type) {
|
|
||||||
case LeveledLogger:
|
|
||||||
- v.Error("request failed", "error", err, "method", req.Method, "url", req.URL)
|
|
||||||
+ v.Error("request failed", "error", err, "method", req.Method, "url", redactURL(req.URL))
|
|
||||||
case Logger:
|
|
||||||
- v.Printf("[ERR] %s %s request failed: %v", req.Method, req.URL, err)
|
|
||||||
+ v.Printf("[ERR] %s %s request failed: %v", req.Method, redactURL(req.URL), err)
|
|
||||||
}
|
|
||||||
} else {
|
|
||||||
// Call this here to maintain the behavior of logging all requests,
|
|
||||||
@@ -753,7 +753,7 @@ func (c *Client) Do(req *Request) (*http.Response, error) {
|
|
||||||
|
|
||||||
wait := c.Backoff(c.RetryWaitMin, c.RetryWaitMax, i, resp)
|
|
||||||
if logger != nil {
|
|
||||||
- desc := fmt.Sprintf("%s %s", req.Method, req.URL)
|
|
||||||
+ desc := fmt.Sprintf("%s %s", req.Method, redactURL(req.URL))
|
|
||||||
if resp != nil {
|
|
||||||
desc = fmt.Sprintf("%s (status: %d)", desc, resp.StatusCode)
|
|
||||||
}
|
|
||||||
@@ -818,11 +818,11 @@ func (c *Client) Do(req *Request) (*http.Response, error) {
|
|
||||||
// communicate why
|
|
||||||
if err == nil {
|
|
||||||
return nil, fmt.Errorf("%s %s giving up after %d attempt(s)",
|
|
||||||
- req.Method, req.URL, attempt)
|
|
||||||
+ req.Method, redactURL(req.URL), attempt)
|
|
||||||
}
|
|
||||||
|
|
||||||
return nil, fmt.Errorf("%s %s giving up after %d attempt(s): %w",
|
|
||||||
- req.Method, req.URL, attempt, err)
|
|
||||||
+ req.Method, redactURL(req.URL), attempt, err)
|
|
||||||
}
|
|
||||||
|
|
||||||
// Try to read the response body so we can reuse this connection.
|
|
||||||
@@ -903,3 +903,17 @@ func (c *Client) StandardClient() *http.Client {
|
|
||||||
Transport: &RoundTripper{Client: c},
|
|
||||||
}
|
|
||||||
}
|
|
||||||
+
|
|
||||||
+// Taken from url.URL#Redacted() which was introduced in go 1.15.
|
|
||||||
+// We can switch to using it directly if we'll bump the minimum required go version.
|
|
||||||
+func redactURL(u *url.URL) string {
|
|
||||||
+ if u == nil {
|
|
||||||
+ return ""
|
|
||||||
+ }
|
|
||||||
+
|
|
||||||
+ ru := *u
|
|
||||||
+ if _, has := ru.User.Password(); has {
|
|
||||||
+ ru.User = url.UserPassword(ru.User.Username(), "xxxxx")
|
|
||||||
+ }
|
|
||||||
+ return ru.String()
|
|
||||||
+}
|
|
||||||
--
|
|
||||||
2.45.2
|
|
||||||
|
|
2
_service
2
_service
@ -2,7 +2,7 @@
|
|||||||
<service name="obs_scm" mode="manual">
|
<service name="obs_scm" mode="manual">
|
||||||
<param name="url">https://github.com/containers/podman.git</param>
|
<param name="url">https://github.com/containers/podman.git</param>
|
||||||
<param name="scm">git</param>
|
<param name="scm">git</param>
|
||||||
<param name="revision">v5.1.2</param>
|
<param name="revision">v5.2.0</param>
|
||||||
<param name="versionformat">@PARENT_TAG@</param>
|
<param name="versionformat">@PARENT_TAG@</param>
|
||||||
<param name="changesgenerate">enable</param>
|
<param name="changesgenerate">enable</param>
|
||||||
<param name="versionrewrite-pattern">v(.*)</param>
|
<param name="versionrewrite-pattern">v(.*)</param>
|
||||||
|
@ -1,4 +1,4 @@
|
|||||||
<servicedata>
|
<servicedata>
|
||||||
<service name="tar_scm">
|
<service name="tar_scm">
|
||||||
<param name="url">https://github.com/containers/podman.git</param>
|
<param name="url">https://github.com/containers/podman.git</param>
|
||||||
<param name="changesrevision">94a24974ab345324db1a1489c924af4b89d2d0e9</param></service></servicedata>
|
<param name="changesrevision">b22d5c61eef93475413724f49fd6a32980d2c746</param></service></servicedata>
|
@ -1,3 +0,0 @@
|
|||||||
version https://git-lfs.github.com/spec/v1
|
|
||||||
oid sha256:86ae9f9404e0f605de8cb2f056dd61a8929038c4e6eecacb7b5fc903ad4f2471
|
|
||||||
size 109458446
|
|
3
podman-5.2.0.obscpio
Normal file
3
podman-5.2.0.obscpio
Normal file
@ -0,0 +1,3 @@
|
|||||||
|
version https://git-lfs.github.com/spec/v1
|
||||||
|
oid sha256:af6c274fbcbd4b432e137f8ca0c43bd638d2a286bd3cb0a2455e05c22bb64a7a
|
||||||
|
size 109566478
|
159
podman.changes
159
podman.changes
@ -1,3 +1,162 @@
|
|||||||
|
-------------------------------------------------------------------
|
||||||
|
Fri Aug 02 12:32:21 UTC 2024 - dcermak@suse.com
|
||||||
|
|
||||||
|
- Update to version 5.2.0:
|
||||||
|
|
||||||
|
### Features
|
||||||
|
- Podman now supports `libkrun` as a backend for creating virtual machines on
|
||||||
|
MacOS. The `libkrun` backend has the advantage of allowing GPUs to be mounted
|
||||||
|
into the virtual machine to accelerate tasks. The default backend remains
|
||||||
|
`applehv`.
|
||||||
|
- Quadlet now has support for `.build` files, which allows images to be built by
|
||||||
|
Quadlet and then used by Quadlet containers.
|
||||||
|
- Quadlet `.container` files now support two new fields, `LogOpt` to specify
|
||||||
|
container logging configuration and `StopSignal` to specify container stop
|
||||||
|
signal ([#23050](https://github.com/containers/podman/issues/23050)).
|
||||||
|
- Quadlet `.container` and `.pod` files now support a new field, `NetworkAlias`,
|
||||||
|
to add network aliases.
|
||||||
|
- Quadlet drop-in search paths have been expanded to include top-level type
|
||||||
|
drop-ins (`container.d`, `pod.d`) and truncated unit drop-ins
|
||||||
|
(`unit-.container.d`)
|
||||||
|
([#23158](https://github.com/containers/podman/issues/23158)).
|
||||||
|
- Podman now supports a new command, `podman system check`, which will identify
|
||||||
|
(and, if possible, correct) corruption within local container storage.
|
||||||
|
- The `podman machine reset` command will now reset all providers available on
|
||||||
|
the current operating system (e.g. ensuring that both HyperV and WSL `podman
|
||||||
|
machine` VMs will be removed on Windows).
|
||||||
|
|
||||||
|
### Changes
|
||||||
|
- Podman now requires the new kernel mount API, introducing a dependency on
|
||||||
|
Linux Kernel v5.2 or higher.
|
||||||
|
- Quadlet `.image` units now have a dependency on `network-online.target`
|
||||||
|
([#21873](https://github.com/containers/podman/issues/21873)).
|
||||||
|
- The `--device` option to `podman create` and `podman run` is no longer ignored
|
||||||
|
when `--privileged` is also specified
|
||||||
|
([#23132](https://github.com/containers/podman/issues/23132)).
|
||||||
|
- The `podman start` and `podman stop` commands no longer print the full ID of
|
||||||
|
the pod started/stopped, but instead the user's input used to specify the pod
|
||||||
|
(e.g. `podman pod start b` will print `b` instead of the pod's full ID)
|
||||||
|
([#22590](https://github.com/containers/podman/issues/22590)).
|
||||||
|
- Virtual machines created by `podman machine` on Linux now use `virtiofs`
|
||||||
|
instead of `9p` for mounting host filesystems. Existing mounts will be
|
||||||
|
transparently changed on machine restart or recreation. This should improve
|
||||||
|
performance and reliability of host mounts. This requires the installation of
|
||||||
|
`virtiofsd` on the host system to function.
|
||||||
|
- Using both the `--squash` and `--layers=false` options to `podman build` at
|
||||||
|
the same time is now allowed.
|
||||||
|
- Podman now passes container's stop timeout to systemd when creating cgroups,
|
||||||
|
causing it to be honored when systemd stops the scope. This should prevent
|
||||||
|
hangs on system shutdown due to running Podman containers.
|
||||||
|
- The `--volume-driver` option to `podman machine init` is now deprecated.
|
||||||
|
|
||||||
|
### Bugfixes
|
||||||
|
- Fixed a bug where rootless containers created with the `--sdnotify=healthy`
|
||||||
|
option could panic when started
|
||||||
|
([#22651](https://github.com/containers/podman/issues/22651)).
|
||||||
|
- Fixed a bug where containers created with the `--sdnotify=healthy` option that
|
||||||
|
exited quickly would sometimes return an error instead of notifying that the
|
||||||
|
container was ready
|
||||||
|
([#22760](https://github.com/containers/podman/issues/22760)).
|
||||||
|
- Fixed a bug where the `podman system reset` command did not remove the
|
||||||
|
containers/image blob cache
|
||||||
|
([#22825](https://github.com/containers/podman/issues/22825)).
|
||||||
|
- Fixed a bug where Podman would sometimes create a cgroup for itself even when
|
||||||
|
the `--cgroups=disabled` option was specified at container creation time
|
||||||
|
([#20910](https://github.com/containers/podman/issues/20910)).
|
||||||
|
- Fixed a bug where the `/etc/hosts` file in a container was not created with a
|
||||||
|
newline at the end of the file
|
||||||
|
([#22729](https://github.com/containers/podman/issues/22729)).
|
||||||
|
- Fixed a bug where the `podman start` command could sometimes panic when
|
||||||
|
starting a container in the stopped state.
|
||||||
|
- Fixed a bug where the `podman system renumber` command would fail if volumes
|
||||||
|
existed when using the `sqlite` database backend
|
||||||
|
([#23052](https://github.com/containers/podman/issues/23052)).
|
||||||
|
- Fixed a bug where the `podman container restore` command could not
|
||||||
|
successfully restore a container in a pod.
|
||||||
|
- Fixed a bug where an error message from `podman diff` would suggest using the
|
||||||
|
`--latest` option when using the remote Podman client
|
||||||
|
([#23038](https://github.com/containers/podman/issues/23038)).
|
||||||
|
- Fixed a bug where user could assign more memory to a Podman machine than
|
||||||
|
existed on the host
|
||||||
|
([#18206](https://github.com/containers/podman/issues/18206)).
|
||||||
|
- Fixed a bug where the `podman events` command was rarely unable to report
|
||||||
|
errors that occurred
|
||||||
|
([#23165](https://github.com/containers/podman/issues/23165)).
|
||||||
|
- Fixed a bug where containers run in systemd units would sometimes not be
|
||||||
|
removed correctly on exit when using the `--cidfile` option.
|
||||||
|
- Fixed a bug where the first Podman command run after a reboot could cause hang
|
||||||
|
when using transient mode
|
||||||
|
([#22984](https://github.com/containers/podman/issues/22984)).
|
||||||
|
- Fixed a bug where Podman could throw errors about a database configuration
|
||||||
|
mismatch if certain paths did not exist on the host.
|
||||||
|
- Fixed a bug where the `podman run` and `podman start` commands could throw
|
||||||
|
strange errors if another Podman process stopped the container at a midpoint
|
||||||
|
in the process of starting
|
||||||
|
([#23246](https://github.com/containers/podman/issues/23246)).
|
||||||
|
- Fixed a bug where the `podman system service` command could leak a mount on
|
||||||
|
termination.
|
||||||
|
- Fixed a bug where the Podman remote client would panic if an invalid image
|
||||||
|
filter was passed to `podman images`
|
||||||
|
([#23120](https://github.com/containers/podman/issues/23120)).
|
||||||
|
- Fixed a bug where the `podman auto-update` and `podman system df` commands
|
||||||
|
could fail when a container was removed while the command was running
|
||||||
|
([#23279](https://github.com/containers/podman/issues/23279)).
|
||||||
|
- Fixed a bug where the `podman machine init` command could panic when trying to
|
||||||
|
decompress an empty file when preparing the VM image
|
||||||
|
([#23281](https://github.com/containers/podman/issues/23281)).
|
||||||
|
- Fixed a bug where the `podman ps --pod` and `podman pod stats` commands could
|
||||||
|
sometimes fail when a pod was removed while the command was running
|
||||||
|
([#23282](https://github.com/containers/podman/issues/23282)).
|
||||||
|
- Fixed a bug where the `podman stats` and `podman pod stats` commands would
|
||||||
|
sometimes exit with a `container is stopped` error when showing all containers
|
||||||
|
(or pod containers, for `pod stats`) if a container stopped while the command
|
||||||
|
was running ([#23334](https://github.com/containers/podman/issues/23334)).
|
||||||
|
- Fixed a bug where the output of container healthchecks was not properly logged
|
||||||
|
if it did not include a final newline
|
||||||
|
([#23332](https://github.com/containers/podman/issues/23332)).
|
||||||
|
- Fixed a bug where the port forwarding firewall rules of an existing container
|
||||||
|
could be be overwritten when starting a second container which forwarded the
|
||||||
|
same port on the host even if the second container failed to start as the
|
||||||
|
port was already bound.
|
||||||
|
- Fixed a bug where the containers created by the `podman play kube` command
|
||||||
|
could sometimes not properly clean up their network stacks
|
||||||
|
([#21569](https://github.com/containers/podman/issues/21569)).
|
||||||
|
|
||||||
|
### API
|
||||||
|
- The Build API for Images now accepts a comma-separated list in the Platform
|
||||||
|
query parameter, allowing a single API call to built an image for multiple
|
||||||
|
architectures ([#22071](https://github.com/containers/podman/issues/22071)).
|
||||||
|
- Fixed a bug where the Remove endpoint for Volumes would return an incorrectly
|
||||||
|
formatted error when called with an ambiguous volume name
|
||||||
|
([#22616](https://github.com/containers/podman/issues/22616)).
|
||||||
|
- Fixed a bug where the Stats endpoint for Containers would return an
|
||||||
|
incorrectly formatted error when called on a container that did not exist
|
||||||
|
([#22612](https://github.com/containers/podman/issues/22612)).
|
||||||
|
- Fixed a bug where the Start endpoint for Pods would return a 409 error code in
|
||||||
|
cases where a 500 error code should have been returned
|
||||||
|
([#22989](https://github.com/containers/podman/issues/22989)).
|
||||||
|
- Fixed a bug where the Top endpoint for Pods would return a 200 status code and
|
||||||
|
then subsequently an error
|
||||||
|
([#22986](https://github.com/containers/podman/issues/22986)).
|
||||||
|
|
||||||
|
### Misc
|
||||||
|
- Podman no longer requires all parent directories of its root and runroot to be
|
||||||
|
world-executable
|
||||||
|
([#23028](https://github.com/containers/podman/issues/23028)).
|
||||||
|
- Error messages from the `podman build` command when the `-f` option is given,
|
||||||
|
but points to a file that does not exist, have been improved
|
||||||
|
([#22940](https://github.com/containers/podman/issues/22940)).
|
||||||
|
- The Podman windows installer is now built using WiX 5.
|
||||||
|
- Updated the gvisor-tap-vsock library to v0.7.4. This release contains a fix
|
||||||
|
for a gvproxy crash on macOS when there is heavy network traffic on a fast
|
||||||
|
link.
|
||||||
|
- Updated Buildah to v1.37.0
|
||||||
|
- Updated the containers/image library to v5.32.0
|
||||||
|
- Updated the containers/storage library to v1.55.0
|
||||||
|
- Updated the containers/common library to v0.60.0
|
||||||
|
|
||||||
|
- Remove patch: 0001-Backport-fix-for-CVE-2024-6104.patch (merged upstream)
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
-------------------------------------------------------------------
|
||||||
Thu Jul 11 07:34:21 UTC 2024 - danish.prakash@suse.com
|
Thu Jul 11 07:34:21 UTC 2024 - danish.prakash@suse.com
|
||||||
|
|
||||||
|
@ -1,4 +1,4 @@
|
|||||||
name: podman
|
name: podman
|
||||||
version: 5.1.2
|
version: 5.2.0
|
||||||
mtime: 1720614055
|
mtime: 1722533522
|
||||||
commit: 94a24974ab345324db1a1489c924af4b89d2d0e9
|
commit: b22d5c61eef93475413724f49fd6a32980d2c746
|
||||||
|
@ -22,7 +22,7 @@
|
|||||||
%bcond_without apparmor
|
%bcond_without apparmor
|
||||||
|
|
||||||
Name: podman
|
Name: podman
|
||||||
Version: 5.1.2
|
Version: 5.2.0
|
||||||
Release: 0
|
Release: 0
|
||||||
Summary: Daemon-less container engine for managing containers, pods and images
|
Summary: Daemon-less container engine for managing containers, pods and images
|
||||||
License: Apache-2.0
|
License: Apache-2.0
|
||||||
@ -30,7 +30,6 @@ Group: System/Management
|
|||||||
URL: https://%{project}
|
URL: https://%{project}
|
||||||
Source0: %{name}-%{version}.tar.gz
|
Source0: %{name}-%{version}.tar.gz
|
||||||
Source1: podman.conf
|
Source1: podman.conf
|
||||||
Patch0: 0001-Backport-fix-for-CVE-2024-6104.patch
|
|
||||||
BuildRequires: man
|
BuildRequires: man
|
||||||
BuildRequires: bash-completion
|
BuildRequires: bash-completion
|
||||||
BuildRequires: device-mapper-devel
|
BuildRequires: device-mapper-devel
|
||||||
@ -222,6 +221,7 @@ install -m 0644 -t %{buildroot}%{_prefix}/lib/modules-load.d/ %{SOURCE1}
|
|||||||
%{_userunitdir}/podman-kube@.service
|
%{_userunitdir}/podman-kube@.service
|
||||||
%{_userunitdir}/podman-restart.service
|
%{_userunitdir}/podman-restart.service
|
||||||
%{_userunitdir}/podman-auto-update.timer
|
%{_userunitdir}/podman-auto-update.timer
|
||||||
|
%{_userunitdir}/podman-clean-transient.service
|
||||||
%{_systemdusergeneratordir}/podman-user-generator
|
%{_systemdusergeneratordir}/podman-user-generator
|
||||||
%{_systemdgeneratordir}/podman-system-generator
|
%{_systemdgeneratordir}/podman-system-generator
|
||||||
%ghost /run/podman
|
%ghost /run/podman
|
||||||
@ -263,10 +263,10 @@ install -m 0644 -t %{buildroot}%{_prefix}/lib/modules-load.d/ %{SOURCE1}
|
|||||||
|
|
||||||
%preun
|
%preun
|
||||||
%service_del_preun podman.service podman.socket podman-auto-update.service podman-restart.service podman-auto-update.timer podman-clean-transient.service
|
%service_del_preun podman.service podman.socket podman-auto-update.service podman-restart.service podman-auto-update.timer podman-clean-transient.service
|
||||||
%systemd_user_preun podman.service podman.socket podman-auto-update.service podman-restart.service podman-auto-update.timer
|
%systemd_user_preun podman.service podman.socket podman-auto-update.service podman-restart.service podman-auto-update.timer podman-clean-transient.service
|
||||||
|
|
||||||
%postun
|
%postun
|
||||||
%service_del_postun podman.service podman.socket podman-auto-update.service podman-restart.service podman-auto-update.timer podman-clean-transient.service
|
%service_del_postun podman.service podman.socket podman-auto-update.service podman-restart.service podman-auto-update.timer podman-clean-transient.service
|
||||||
%systemd_user_postun podman.service podman.socket podman-auto-update.service podman-restart.service podman-auto-update.timer
|
%systemd_user_postun podman.service podman.socket podman-auto-update.service podman-restart.service podman-auto-update.timer podman-clean-transient.service
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
Loading…
Reference in New Issue
Block a user