ELSA-2020-0348
- ULN >
- Oracle Linux Errata repository >
- ELSA-2020-0348
ELSA-2020-0348 - container-tools:ol8 security, bug fix, and enhancement update
| Type: | SECURITY |
| Severity: | IMPORTANT |
| Release Date: | 2020-02-17 |
Description
buildah
[1.11.6-4.0.1]
- Fixes troubles with oracle registry login [Orabug: 29937283]
[1.11.6-4]
- compile in FIPS mode
- Related: RHELPLAN-25138
[1.11.6-3]
- be sure to use golang >= 1.12.12-4
- Related: RHELPLAN-25138
[1.11.6-2]
- fix chroot: unmount with MNT_DETACH instead of UnmountMountpoints()
- bug reference 1772179
- Related: RHELPLAN-25138
[1.11.6-1]
- update to buildah 1.11.6
- Related: RHELPLAN-25138
[1.11.5-1]
- update to buildah 1.11.5
- Related: RHELPLAN-25138
[1.11.4-2]
- fix %gobuild macro to not to ignore BUILDTAGS
[1.11.4-1]
- update to 1.11.4
[1.9.0-5]
- Use autosetup macro again.
[1.9.0-4]
- Fix CVE-2019-10214 (#1734653).
[1.9.0-3]
- Resolves: #1721247 - enable fips mode
[1.9.0-2]
- Resolves: #1720654 - tests subpackage depends on golang explicitly
[1.9.0-1]
- Resolves: #1720654 - rebase to v1.9.0
[1.8.3-1]
- Resolves: #1720654 - rebase to v1.8.3
[1.8-0.git021d607]
- package system tests
[1.5-3.gite94b4f9]
- re-enable debuginfo
[1.5-2.gite94b4f9]
- go toolset not in scl anymore
[1.5-1.gite94b4f9]
- rebase
[1.4-3.git608fa84]
- fedora-like go compiler macro in buildrequires is enough
[1.4-2.git608fa84]
- rebase
[1.3-3.git4888163]
- Resolves: #1615611 - rebuild with gobuild tag 'no_openssl'
[1.3-2.git4888163]
- Resolves: #1614009 - built with updated scl-ized go-toolset dep
- build with %gobuild
[1.3-1]
- Bump to v1.3
- Vendor in lates containers/image
- build-using-dockerfile: let -t include transports again
- Block use of /proc/acpi and /proc/keys from inside containers
- Fix handling of --registries-conf
- Fix becoming a maintainer link
- add optional CI test fo darwin
- Don't pass a nil error to errors.Wrapf()
- image filter test: use kubernetes/pause as a 'since'
- Add --cidfile option to from
- vendor: update containers/storage
- Contributors need to find the CONTRIBUTOR.md file easier
- Add a --loglevel option to build-with-dockerfile
- Create Development plan
- cmd: Code improvement
- allow buildah cross compile for a darwin target
- Add unused function param lint check
- docs: Follow man-pages(7) suggestions for SYNOPSIS
- Start using github.com/seccomp/containers-golang
- umount: add all option to umount all mounted containers
- runConfigureNetwork(): remove an unused parameter
- Update github.com/opencontainers/selinux
- Fix buildah bud --layers
- Force ownership of /etc/hosts and /etc/resolv.conf to 0:0
- main: if unprivileged, reexec in a user namespace
- Vendor in latest imagebuilder
- Reduce the complexity of the buildah.Run function
- mount: output it before replacing lastError
- Vendor in latest selinux-go code
- Implement basic recognition of the '--isolation' option
- Run(): try to resolve non-absolute paths using /usr/local/bin:/bin:/usr/bin
- Run(): don't include any default environment variables
- build without seccomp
- vendor in latest runtime-tools
- bind/mount_unsupported.go: remove import errors
- Update github.com/opencontainers/runc
- Add Capabilities lists to BuilderInfo
- Tweaks for commit tests
- commit: recognize committing to second storage locations
- Fix ARGS parsing for run commands
- Add info on registries.conf to from manpage
- Switch from using docker to podman for testing in .papr
- buildah: set the HTTP User-Agent
- ONBUILD tutorial
- Add information about the configuration files to the install docs
- Makefile: add uninstall
- Add tilde info for push to troubleshooting
- mount: support multiple inputs
- Use the right formatting when adding entries to /etc/hosts
- Vendor in latest go-selinux bindings
- Allow --userns-uid-map/--userns-gid-map to be global options
- bind: factor out UnmountMountpoints
- Run(): simplify runCopyStdio()
- Run(): handle POLLNVAL results
- Run(): tweak terminal mode handling
- Run(): rename 'copyStdio' to 'copyPipes'
- Run(): don't set a Pdeathsig for the runtime
- Run(): add options for adding and removing capabilities
- Run(): don't use a callback when a slice will do
- setupSeccomp(): refactor
- Change RunOptions.Stdin/Stdout/Stderr to just be Reader/Writers
- Escape use of '_' in .md docs
- Break out getProcIDMappings()
- Break out SetupIntermediateMountNamespace()
- Add Multi From Demo
- Use the c/image conversion code instead of converting configs manually
- Don't throw away the manifest MIME type and guess again
- Consolidate loading manifest and config in initConfig
- Pass a types.Image to Builder.initConfig
- Require an image ID in importBuilderDataFromImage
- Use c/image/manifest.GuessMIMEType instead of a custom heuristic
- Do not ignore any parsing errors in initConfig
- Explicitly handle 'from scratch' images in Builder.initConfig
- Fix parsing of OCI images
- Simplify dead but dangerous-looking error handling
- Don't ignore v2s1 history if docker_version is not set
- Add --rm and --force-rm to buildah bud
- Add --all,-a flag to buildah images
- Separate stdio buffering from writing
- Remove tty check from images --format
- Add environment variable BUILDAH_RUNTIME
- Add --layers and --no-cache to buildah bud
- Touch up images man
- version.md: fix DESCRIPTION
- tests: add containers test
- tests: add images test
- images: fix usage
- fix make clean error
- Change 'registries' to 'container registries' in man
- add commit test
- Add(): learn to record hashes of what we add
- Minor update to buildah config documentation for entrypoint
- Bump to v1.2-dev
- Add registries.conf link to a few man pages
[1.2-3]
- do not depend on btrfs-progs for rhel8
[1.2-2]
- buildah does not require ostree
[1.2-1]
- Vendor in latest containers/image
- build-using-dockerfile: let -t include transports again
- Block use of /proc/acpi and /proc/keys from inside containers
- Fix handling of --registries-conf
- Fix becoming a maintainer link
- add optional CI test fo darwin
- Don't pass a nil error to errors.Wrapf()
- image filter test: use kubernetes/pause as a 'since'
- Add --cidfile option to from
- vendor: update containers/storage
- Contributors need to find the CONTRIBUTOR.md file easier
- Add a --loglevel option to build-with-dockerfile
- Create Development plan
- cmd: Code improvement
- allow buildah cross compile for a darwin target
- Add unused function param lint check
- docs: Follow man-pages(7) suggestions for SYNOPSIS
- Start using github.com/seccomp/containers-golang
- umount: add all option to umount all mounted containers
- runConfigureNetwork(): remove an unused parameter
- Update github.com/opencontainers/selinux
- Fix buildah bud --layers
- Force ownership of /etc/hosts and /etc/resolv.conf to 0:0
- main: if unprivileged, reexec in a user namespace
- Vendor in latest imagebuilder
- Reduce the complexity of the buildah.Run function
- mount: output it before replacing lastError
- Vendor in latest selinux-go code
- Implement basic recognition of the '--isolation' option
- Run(): try to resolve non-absolute paths using /usr/local/bin:/bin:/usr/bin
- Run(): don't include any default environment variables
- build without seccomp
- vendor in latest runtime-tools
- bind/mount_unsupported.go: remove import errors
- Update github.com/opencontainers/runc
- Add Capabilities lists to BuilderInfo
- Tweaks for commit tests
- commit: recognize committing to second storage locations
- Fix ARGS parsing for run commands
- Add info on registries.conf to from manpage
- Switch from using docker to podman for testing in .papr
- buildah: set the HTTP User-Agent
- ONBUILD tutorial
- Add information about the configuration files to the install docs
- Makefile: add uninstall
- Add tilde info for push to troubleshooting
- mount: support multiple inputs
- Use the right formatting when adding entries to /etc/hosts
- Vendor in latest go-selinux bindings
- Allow --userns-uid-map/--userns-gid-map to be global options
- bind: factor out UnmountMountpoints
- Run(): simplify runCopyStdio()
- Run(): handle POLLNVAL results
- Run(): tweak terminal mode handling
- Run(): rename 'copyStdio' to 'copyPipes'
- Run(): don't set a Pdeathsig for the runtime
- Run(): add options for adding and removing capabilities
- Run(): don't use a callback when a slice will do
- setupSeccomp(): refactor
- Change RunOptions.Stdin/Stdout/Stderr to just be Reader/Writers
- Escape use of '_' in .md docs
- Break out getProcIDMappings()
- Break out SetupIntermediateMountNamespace()
- Add Multi From Demo
- Use the c/image conversion code instead of converting configs manually
- Don't throw away the manifest MIME type and guess again
- Consolidate loading manifest and config in initConfig
- Pass a types.Image to Builder.initConfig
- Require an image ID in importBuilderDataFromImage
- Use c/image/manifest.GuessMIMEType instead of a custom heuristic
- Do not ignore any parsing errors in initConfig
- Explicitly handle 'from scratch' images in Builder.initConfig
- Fix parsing of OCI images
- Simplify dead but dangerous-looking error handling
- Don't ignore v2s1 history if docker_version is not set
- Add --rm and --force-rm to buildah bud
- Add --all,-a flag to buildah images
- Separate stdio buffering from writing
- Remove tty check from images --format
- Add environment variable BUILDAH_RUNTIME
- Add --layers and --no-cache to buildah bud
- Touch up images man
- version.md: fix DESCRIPTION
- tests: add containers test
- tests: add images test
- images: fix usage
- fix make clean error
- Change 'registries' to 'container registries' in man
- add commit test
- Add(): learn to record hashes of what we add
- Minor update to buildah config documentation for entrypoint
- Add registries.conf link to a few man pages
[1.1-1]
- Drop capabilities if running container processes as non root
- Print Warning message if cmd will not be used based on entrypoint
- Update 01-intro.md
- Shouldn't add insecure registries to list of search registries
- Report errors on bad transports specification when pushing images
- Move parsing code out of common for namespaces and into pkg/parse.go
- Add disable-content-trust noop flag to bud
- Change freenode chan to buildah
- runCopyStdio(): don't close stdin unless we saw POLLHUP
- Add registry errors for pull
- runCollectOutput(): just read until the pipes are closed on us
- Run(): provide redirection for stdio
- rmi, rm: add test
- add mount test
- Add parameter judgment for commands that do not require parameters
- Add context dir to bud command in baseline test
- run.bats: check that we can run with symlinks in the bundle path
- Give better messages to users when image can not be found
- use absolute path for bundlePath
- Add environment variable to buildah --format
- rm: add validation to args and all option
- Accept json array input for config entrypoint
- Run(): process RunOptions.Mounts, and its flags
- Run(): only collect error output from stdio pipes if we created some
- Add OnBuild support for Dockerfiles
- Quick fix on demo readme
- run: fix validate flags
- buildah bud should require a context directory or URL
- Touchup tutorial for run changes
- Validate common bud and from flags
- images: Error if the specified imagename does not exist
- inspect: Increase err judgments to avoid panic
- add test to inspect
- buildah bud picks up ENV from base image
- Extend the amount of time travis_wait should wait
- Add a make target for Installing CNI plugins
- Add tests for namespace control flags
- copy.bats: check ownerships in the container
- Fix SELinux test errors when SELinux is enabled
- Add example CNI configurations
- Run: set supplemental group IDs
- Run: use a temporary mount namespace
- Use CNI to configure container networks
- add/secrets/commit: Use mappings when setting permissions on added content
- Add CLI options for specifying namespace and cgroup setup
- Always set mappings when using user namespaces
- Run(): break out creation of stdio pipe descriptors
- Read UID/GID mapping information from containers and images
- Additional bud CI tests
- Run integration tests under travis_wait in Travis
- build-using-dockerfile: add --annotation
- Implement --squash for build-using-dockerfile and commit
- Vendor in latest container/storage for devicemapper support
- add test to inspect
- Vendor github.com/onsi/ginkgo and github.com/onsi/gomega
- Test with Go 1.10, too
- Add console syntax highlighting to troubleshooting page
- bud.bats: print '' before checking its contents
- Manage 'Run' containers more closely
- Break Builder.Run()'s 'run runc' bits out
- util.ResolveName(): handle completion for tagged/digested image names
- Handle /etc/hosts and /etc/resolv.conf properly in container
- Documentation fixes
- Make it easier to parse our temporary directory as an image name
- Makefile: list new pkg/ subdirectoris as dependencies for buildah
- containerImageSource: return more-correct errors
- API cleanup: PullPolicy and TerminalPolicy should be types
- Make 'run --terminal' and 'run -t' aliases for 'run --tty'
- Vendor github.com/containernetworking/cni v0.6.0
- Update github.com/containers/storage
- Update github.com/projectatomic/libpod
- Add support for buildah bud --label
- buildah push/from can push and pull images with no reference
- Vendor in latest containers/image
- Update gometalinter to fix install.tools error
- Update troubleshooting with new run workaround
- Added a bud demo and tidied up
- Attempt to download file from url, if fails assume Dockerfile
- Add buildah bud CI tests for ENV variables
- Re-enable rpm .spec version check and new commit test
- Update buildah scratch demo to support el7
- Added Docker compatibility demo
- Update to F28 and new run format in baseline test
- Touchup man page short options across man pages
- Added demo dir and a demo. chged distrorlease
- builder-inspect: fix format option
- Add cpu-shares short flag (-c) and cpu-shares CI tests
- Minor fixes to formatting in rpm spec changelog
- Fix rpm .spec changelog formatting
- CI tests and minor fix for cache related noop flags
- buildah-from: add effective value to mount propagation
[1.0-1]
- Remove buildah run cmd and entrypoint execution
- Add Files section with registries.conf to pertinent man pages
- Force 'localhost' as a default registry
- Add --compress, --rm, --squash flags as a noop for bud
- Add FIPS mode secret to buildah run and bud
- Add config --comment/--domainname/--history-comment/--hostname
- Add support for --iidfile to bud and commit
- Add /bin/sh -c to entrypoint in config
- buildah images and podman images are listing different sizes
- Remove tarball as an option from buildah push --help
- Update entrypoint behaviour to match docker
- Display imageId after commit
- config: add support for StopSignal
- Allow referencing stages as index and names
- Add multi-stage builds support
- Vendor in latest imagebuilder, to get mixed case AS support
- Allow umount to have multi-containers
- Update buildah push doc
- buildah bud walks symlinks
- Imagename is required for commit atm, update manpage
[0.16-3.git532e267]
- Resolves: #1573681
- built commit 532e267
[0.16.0-2.git6f7d05b]
- built commit 6f7d05b
[0.16-1]
- Add support for shell
- Vendor in latest containers/image
- docker-archive generates docker legacy compatible images
- Do not create subdirectories for layers with no configs
- Ensure the layer IDs in legacy docker/tarfile metadata are unique
- docker-archive: repeated layers are symlinked in the tar file
- sysregistries: remove all trailing slashes
- Improve docker/* error messages
- Fix failure to make auth directory
- Create a new slice in Schema1.UpdateLayerInfos
- Drop unused storageImageDestination.{image,systemContext}
- Load a *storage.Image only once in storageImageSource
- Support gzip for docker-archive files
- Remove .tar extension from blob and config file names
- ostree, src: support copy of compressed layers
- ostree: re-pull layer if it misses uncompressed_digest|uncompressed_size
- image: fix docker schema v1 -> OCI conversion
- Add /etc/containers/certs.d as default certs directory
- Change image time to locale, add troubleshooting.md, add logo to other mds
- Allow --cmd parameter to have commands as values
- Document the mounts.conf file
- Fix man pages to format correctly
- buildah from now supports pulling images using the following transports:
- docker-archive, oci-archive, and dir.
- If the user overrides the storage driver, the options should be dropped
- Show Config/Manifest as JSON string in inspect when format is not set
- Adds feature to pull compressed docker-archive files
[0.15-1]
- Fix handling of buildah run command options
[0.14-1]
- If commonOpts do not exist, we should return rather then segfault
- Display full error string instead of just status
- Implement --volume and --shm-size for bud and from
- Fix secrets patch for buildah bud
- Fixes the naming issue of blobs and config for the dir transport by removing the .tar extension
[0.13-1.git99066e0]
- use correct version
[0.12-4.git99066e0]
- enable debuginfo
[0.12-3.git99066e0]
- BR: libseccomp-devel
[0.12-2.git99066e0]
- Resolves: #1548535
- built commit 99066e0
[0.12-1]
- Added handing for simpler error message for Unknown Dockerfile instructions.
- Change default certs directory to /etc/containers/certs.dir
- Vendor in latest containers/image
- Vendor in latest containers/storage
- build-using-dockerfile: set the 'author' field for MAINTAINER
- Return exit code 1 when buildah-rmi fails
- Trim the image reference to just its name before calling getImageName
- Touch up rmi -f usage statement
- Add --format and --filter to buildah containers
- Add --prune,-p option to rmi command
- Add authfile param to commit
- Fix --runtime-flag for buildah run and bud
- format should override quiet for images
- Allow all auth params to work with bud
- Do not overwrite directory permissions on --chown
- Unescape HTML characters output into the terminal
- Fix: setting the container name to the image
- Prompt for un/pwd if not supplied with --creds
- Make bud be really quiet
- Return a better error message when failed to resolve an image
- Update auth tests and fix bud man page
[0.11-3.git49095a8]
- Resolves: #1542236 - add ostree and bump runc dep
[0.11-2.git49095a8]
- rebased to 49095a83f8622cf69532352d183337635562e261
[0.11-1]
- Add --all to remove containers
- Add --all functionality to rmi
- Show ctrid when doing rm -all
- Ignore sequential duplicate layers when reading v2s1
- Lots of minor bug fixes
- Vendor in latest containers/image and containers/storage
[0.10-2]
- Fix checkin
[0.10-1]
- Display Config and Manifest as strings
- Bump containers/image
- Use configured registries to resolve image names
- Update to work with newer image library
- Add --chown option to add/copy commands
[0.9-2.git04ea079]
- build for all arches
[0.9-1]
- Allow push to use the image id
- Make sure builtin volumes have the correct label
[0.8-1]
- Buildah bud was failing on SELinux machines, this fixes this
- Block access to certain kernel file systems inside of the container
[0.7-1]
- Ignore errors when trying to read containers buildah.json for loading SELinux reservations
- Use credentials from kpod login for buildah
- Adds support for converting manifest types when using the dir transport
- Rework how we do UID resolution in images
- Bump github.com/vbatts/tar-split
- Set option.terminal appropriately in run
[0.5-5.gitf7dc659]
- revert building for s390x, it is intended for rhel 7.5
[0.5-4]
- Add requires for container-selinux
[0.5-3.gitf7dc659]
- build for s390x, https://bugzilla.redhat.com/show_bug.cgi?id=1482234
[0.5-2]
- Bump github.com/vbatts/tar-split
- Fixes CVE That could allow a container image to cause a DOS
[0.5-1]
- Add secrets patch to buildah
- Add proper SELinux labeling to buildah run
- Add tls-verify to bud command
- Make filtering by date use the image's date
- images: don't list unnamed images twice
- Fix timeout issue
- Add further tty verbiage to buildah run
- Make inspect try an image on failure if type not specified
- Add support for
- Tons of bug fixes and code cleanup
[0.4-2.git01db066]
- bump to latest version
- set GIT_COMMIT at build-time
[0.4-1.git9cbccf88c]
- Add default transport to push if not provided
- Avoid trying to print a nil ImageReference
- Add authentication to commit and push
- Add information on buildah from man page on transports
- Remove --transport flag
- Run: do not complain about missing volume locations
- Add credentials to buildah from
- Remove export command
- Run(): create the right working directory
- Improve 'from' behavior with unnamed references
- Avoid parsing image metadata for dates and layers
- Read the image's creation date from public API
- Bump containers/storage and containers/image
- Don't panic if an image's ID can't be parsed
- Turn on --enable-gc when running gometalinter
- rmi: handle truncated image IDs
[0.4-1.git9cbccf8]
- bump to v0.4
[0.3-4.gitb9b2a8a]
- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild
[0.3-3.gitb9b2a8a]
- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild
[0.3-2.gitb9b2a8a7e]
- Bump for inclusion of OCI 1.0 Runtime and Image Spec
[0.2.0-1.gitac2aad6]
- buildah run: Add support for -- ending options parsing
- buildah Add/Copy support for glob syntax
- buildah commit: Add flag to remove containers on commit
- buildah push: Improve man page and help information
- buildah run: add a way to disable PTY allocation
- Buildah docs: clarify --runtime-flag of run command
- Update to match newer storage and image-spec APIs
- Update containers/storage and containers/image versions
- buildah export: add support
- buildah images: update commands
- buildah images: Add JSON output option
- buildah rmi: update commands
- buildah containers: Add JSON output option
- buildah version: add command
- buildah run: Handle run without an explicit command correctly
- Ensure volume points get created, and with perms
- buildah containers: Add a -a/--all option
[0.1.0-2.git597d2ab9]
- Release Candidate 1
- All features have now been implemented.
[0.0.1-1.git7a0a5333]
- First package for Fedora
cockpit-podman
[11-1]
- Fix Alert notification in Image Search Modal
- Allow more than a single Error Notification for Container action errors
- Various Alert cleanups
- Translation updates
- Related: RHELPLAN-25138
[10-1]
- Support for user containers
- Show list of containers that use given image
- Show placeholder while loading containers and images
- Fix setting memory limit - bug 1732713
- Add container Terminal - bug 1703245
- Related: RHELPLAN-25138
conmon
[2:2.0.6-1]
- update to 2.0.6
- Related: RHELPLAN-25138
[2:2.0.5-1]
- update to 2.0.5
- Related: RHELPLAN-25138
[2:2.0.4-1]
- update to 2.0.4 bugfix release
- Related: RHELPLAN-25138
[2:2.0.3-2.giteb5fa88]
- BR: systemd-devel
- Related: RHELPLAN-25138
[2:2.0.3-1.giteb5fa88]
- update to 2.0.3
[2:2.0.2-0.1.dev.git422ce21]
- build latest upstream master
[2:2.0.0-2]
- remove BR: go-md2man since no manpages yet
[2:2.0.0-1]
container-selinux
[2:2.124.0-1]
- update to 2.124.0
- Related: RHELPLAN-25138
[2:2.123.0-2]
- implement spec file refactoring by Zdenek Pytela, namely:
Change the uninstall command in the %postun section of the specfile
to use the %selinux_modules_uninstall macro which uses priority 200.
Change the install command in the %post section if the specfile
to use the %selinux_modules_install macro.
Replace relabel commands with using the %selinux_relabel_pre and
%selinux_relabel_post macros.
Change formatting so that the lines are vertically aligned
in the %postun section.
(https://github.com/containers/container-selinux/pull/85)
- Related: RHELPLAN-25138
[2:2.123.0-1]
- update to 2.123.0
- Related: RHELPLAN-25138
[2:2.122.0-1]
- update to 2.122.0
[2:2.119.0-3.gita233788]
- update to master container-selinux - bug 1769469
[2:2.119.0-2]
- fix post scriptlet - fail if semodule fails - bug 1729272
[2:2.119.0-1]
- update to 2.119.0
[2:2.116-1]
- update to 2.116, bug 1748519
[2:2.107-2]
- Use at least selinux policy 3.14.3-9.el8,
Resolves: #1728700
[2:2.107-1]
- Resolves: #1720654 - rebase to v2.107
[2:2.89-1.git2521d0d]
- bump to v2.89
[2:2.75-1.git99e2cfd]
- bump to v2.75
- built commit 99e2cfd
[2:2.74-1]
- Resolves: #1641655 - bump to v2.74
- built commit a62c2db
[2:2.73-3]
- tweak macro for fedora - applies to rhel8 as well
[2:2.73-2]
- moved changelog entries:
- Define spc_t as a container_domain, so that container_runtime will transition
to spc_t even when setup with nosuid.
- Allow container_runtimes to setattr on callers fifo_files
- Fix restorecon to not error on missing directory
[2.69-3]
- Make sure we pull in the latest selinux-policy
[2.69-2]
- Add map support to container-selinux for RHEL 7.5
- Dontudit attempts to write to kernel_sysctl_t
[2.68-1]
- Add label for /var/lib/origin
- Add customizable_file_t to customizable_types
[2.67-1]
- Add policy for container_logreader_t
[2.66-1]
- Allow dnsmasq to dbus chat with spc_t
[2.64-1]
- Allow containers to create all socket classes
[2.62-1]
- Label overlay directories under /var/lib/containers/ correctly
[2.61-1]
- Allow spc_t to load kernel modules from inside of container
[2.60-1]
- Allow containers to list cgroup directories
- Transition for unconfined_service_t to container_runtime_t when executing container_runtime_exec_t.
[2.58-2]
- Run restorecon /usr/bin/podman in postinstall
[2.58-1]
- Add labels to allow podman to be run from a systemd unit file
[2.57-1]
- Set the version of SELinux policy required to the latest to fix build issues.
[2.56-1]
- Allow container_runtime_t to transition to spc_t over unlabeled files
[2.55-1]
Allow iptables to read container state
Dontaudit attempts from containers to write to /proc/self
Allow spc_t to change attributes on container_runtime_t fifo files
[2.52-1]
- Add better support for writing custom selinux policy for customer container domains.
[2.51-1]
- Allow shell_exec_t as a container_runtime_t entrypoint
[2.50-1]
- Allow bin_t as a container_runtime_t entrypoint
[2.49-1]
- Add support for MLS running container runtimes
- Add missing allow rules for running systemd in a container
[2.48-1]
- Update policy to match master branch
- Remove typebounds and replace with nnp_transition and nosuid_transition calls
[2.41-1]
- Add support to nnp_transition for container domains
- Eliminates need for typebounds.
[2.40-1]
- Allow container_runtime_t to use user ttys
- Fixes bounds check for container_t
[2.39-1]
- Allow container runtimes to use interited terminals. This helps
satisfy the bounds check of container_t versus container_runtime_t.
[2.38-1]
- Allow container runtimes to mmap container_file_t devices
- Add labeling for rhel push plugin
[2.37-1]
- Allow containers to use inherited ttys
- Allow ostree to handle labels under /var/lib/containers/ostree
[2.36-1]
- Allow containers to relabelto/from all file types to container_file_t
[2.35-1]
- Allow container to map chr_files labeled container_file_t
[2.34-1]
- Dontaudit container processes getattr on kernel file systems
[2.33-1]
- Allow containers to read /etc/resolv.conf and /etc/hosts if volume
- mounted into container.
[2.32-1]
- Make sure users creating content in /var/lib with right labels
[2.31-1]
- Allow the container runtime to dbus chat with dnsmasq
- add dontaudit rules for container trying to write to /proc
[2.29-1]
- Add support for lxcd
- Add support for labeling of tmpfs storage created within a container.
[2.28-1]
- Allow a container to umount a container_file_t filesystem
[2.27-1]
- Allow container runtimes to work with the netfilter sockets
- Allow container_file_t to be an entrypoint for VM's
- Allow spc_t domains to transition to svirt_t
[2.24-1]
- Make sure container_runtime_t has all access of container_t
[2.23-1]
- Allow container runtimes to create sockets in tmp dirs
[2.22-1]
- Add additonal support for crio labeling.
[2.21-3]
- Fixup spec file conditionals
[2:2.21-2]
- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild
[2.21-1]
- Allow containers to execmod on container_share_t files.
[2.20-2]
- Relabel runc and crio executables
[2.20-1]
- Allow container processes to getsession
[2:2.19-2.1]
- update release tag to isolate from 7.3
[2:2.19-1]
- Fix mcs transition problem on stdin/stdout/stderr
- Add labels for CRI-O
- Allow containers to use tunnel sockets
[2:2.15-1.1]
- Resolves: #1451289
- rebase to v2.15
- built @origin/RHEL-1.12 commit 583ca40
[2:2.10-2.1]
- Make sure we have a late enough version of policycoreutils
[2:2.10-1]
- Update to the latest container-selinux patch from upstream
- Label files under /usr/libexec/lxc as container_runtime_exec_t
- Give container_t access to XFRM sockets
- Allow spc_t to dbus chat with init system
- Allow containers to read cgroup configuration mounted into a container
[2:2.9-4]
- Resolves: #1425574
- built commit 79a6d70
[2:2.9-3]
- Resolves: #1420591
- built @origin/RHEL-1.12 commit 8f876c4
[2:2.9-2]
- built @origin/RHEL-1.12 commit 33cb78b
[2:2.8-2]
-
[2:2.7-1]
- built origin/RHEL-1.12 commit 21dd37b
[2:2.4-2]
- correct version-release in changelog entries
[2:2.4-1]
- Add typebounds statement for container_t from container_runtime_t
- We should only label runc not runc*
[2:2.3-1]
- Fix labeling on /usr/bin/runc.*
- Add sandbox_net_domain access to container.te
- Remove containers ability to look at /etc content
[2:2.2-4]
- use upstream's RHEL-1.12 branch, commit 56c32da for CentOS 7
[2:2.2-3]
- properly disable docker module in %post
[2:2.2-2]
- depend on selinux-policy-targeted
- relabel docker-latest* files as well
[2:2.2-1]
- bump to v2.2
- additional labeling for ocid
[2:2.0-2]
- install policy at level 200
- From: Dan Walsh
[2:2.0-1]
- Resolves: #1406517 - bump to v2.0 (first upload to Fedora as a
standalone package)
- include projectatomic/RHEL-1.12 branch commit for building on centos/rhel
[2:1.12.4-29]
- new package (separated from docker)
containernetworking-plugins
[0.8.3-4.0.1]
- Disable debuginfo
[0.8.3-4]
- compile with no_openssl
- Related: RHELPLAN-25138
[0.8.3-3]
- compile in FIPS mode
- Related: RHELPLAN-25138
[0.8.3-2]
- be sure to use golang >= 1.12.12-4
- Related: RHELPLAN-25138
[0.8.3-1]
- update to 0.8.3
- Related: RHELPLAN-25138
[0.8.1-2]
- backport https://github.com/coreos/go-iptables/pull/62
from Michael Cambria
- Resolves: #1627561
[0.8.1-1]
- Resolves: #1720319 - bump to v0.8.1
[0.7.5-1]
- Resolves: #1616063
- bump to v0.7.5
[0.7.4-3.git9ebe139]
- re-enable debuginfo
[0.7.4-2.git9ebe139]
- rebase, removed patch that is already upstream
[0.7.3-7.git19f2f28]
- go tools not in scl anymore
[0.7.3-6.git19f2f28]
- correct tag specification format in %gobuild macro
[0.7.3-5.git19f2f28]
- Resolves: #1616062 - patch to revert coreos/go-iptables bump
[0.7.3-4.git19f2f28]
- Resolves:#1603012
- fix versioning, upstream got it wrong at 7.2
[0.7.2-3.git19f2f28]
- disable i686 temporarily for appstream builds
- update golang deps and gobuild definition
[0.7.2-2.git19f2f28]
- rebase
[0.7.0-103.gitdd8ff8a]
- enable scl with the toolset
[0.7.0-102.gitdd8ff8a]
- remove devel and unittest subpackages
- use new go-toolset deps
[0.7.0-101]
- rebase
- patches already upstream, removed
[0.6.0-6]
- Imported from Fedora
- Renamed CNI -> plugins
[0.6.0-4]
- Own the libexec cni directory
[0.6.0-3]
- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild
[0.6.0-2]
- skip settling IPv4 addresses
[0.6.0-1]
- rebased to 7480240de9749f9a0a5c8614b17f1f03e0c06ab9
[0.5.2-7]
- do not install to /opt (against Fedora Guidelines)
[0.5.2-6]
- Enable devel subpackage
[0.5.2-5]
- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild
[0.5.2-4]
- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild
[0.5.2-3]
- excludearch: ppc64 as it's not in goarches anymore
- re-enable s390x
[0.5.2-2]
- upstream moved to github.com/containernetworking/plugins
- built commit dcf7368
- provides: containernetworking-plugins
- use vendored deps because they're a lot less of a PITA
- excludearch: s390x for now (rhbz#1466865)
[0.5.2-1]
- Update to 0.5.2
- Softlink to default /opt/cni/bin directories
[0.5.1-1]
- Initial package
fuse-overlayfs
[0.7.2-1]
- update to 0.7.2
- Related: RHELPLAN-25138
[0.7-1]
- update to 0.7
- apply patch to fix build on RHEL-8
- Related: RHELPLAN-25138
[0.4.1-1]
- Resolves: #1720654 - rebase to v0.4.1
[0.3-2]
- rebase
- Resolves:#1666510
[0.1-7.dev.git50c7a50]
- Resolves: #1640232
- built commit 50c7a50
[0.1-6.dev.git1c72a1a]
- Resolves: #1614856 - add manpage
- built commit 1c72a1a
- add BR: go-md2man
[0.1-5.dev.gitd40ac75]
- built commit d40ac75
- remove fedora bz ids
- Exclude ix86 and ppc64
[0.1-4.dev.git79c70fd]
- Resolves: #1609598 - initial upload to Fedora
- bundled gnulib
[0.1-3.dev.git79c70fd]
- correct license field
[0.1-2.dev.git79c70fd]
- fix license
[0.1-1.dev.git13575b6]
- First package for Fedora
podman
[1.6.4-2.0.1]
- delivering fix for [Orabug: 29874238] by Nikita Gerasimov
[1.6.4-2]
- apply fix for bug 1757845
- Related: RHELPLAN-25138
[1.6.4-1]
- update to 1.6.4
- Related: RHELPLAN-25138
[1.6.3-6]
- remove BR: device-mapper-devel, minor spec file changes
- Related: RHELPLAN-25138
[1.6.3-5]
- Ensure volumes reacquire locks on state refresh (thanks Matt Heon)
- Related: RHELPLAN-25138
[1.6.3-4]
- use the file events logger backend if systemd isn't available
(thanks to Giuseppe Scrivano)
- Related: RHELPLAN-25138
[1.6.3-3]
- require slirp4netns >= 0.4.0-1
- Related: RHELPLAN-25138
[1.6.3-2]
- apply fix to not to fail gating tests:
don't parse the config for cgroup-manager default
- don't hang while on podman run --rm - bug 1767663
[1.6.3-1]
- update to podman 1.6.3
- addresses CVE-2019-18466
[1.6.2-6]
- fix %gobuild macro to not to ignore BUILDTAGS
[1.6.2-5]
- use btrfs_noversion to really disable BTRFS support
- amend/reuse BUILDTAGS
- still keep device-mapper-devel BR otherwise build fails
despite dm support being disabled (build scripting invokes
pkg-config for devmapper which is shipped by the dm-devel
package)
[1.6.2-4]
- disable BTRFS support
[1.6.2-3]
- split podman and conmon packages
- drop BR: device-mapper-devel and update BRs in general
[1.6.2-2]
- drop oci-systemd-hook requirement
- drop upstreamed CVE-2019-10214 patch
[1.6.2-1]
- update to podman 1.6.2
[1.4.2-6]
- fix build with --nocheck (#1721394)
- escape commented out macros
[1.4.2-5]
- Fix CVE-2019-10214 (#1734649).
[1.4.2-4]
- update to latest conmon (Resolves: #1743685)
[1.4.2-3]
- update to v1.4.2-stable1
- Resolves: #1741157
[1.4.2-2]
- Resolves: #1669197, #1705763, #1737077, #1671622, #1723879, #1730281,
- Resolves: #1731117
- built libpod v1.4.2-stable1
[1.4.2-1]
- Resolves: #1721638
- bump to v1.4.2
[1.4.1-4]
- Resolves: #1720654 - update dep on libvarlink
- Resolves: #1721247 - enable fips mode
[1.4.1-3]
- Resolves: #1720654 - podman requires podman-manpages
- update dep on cni plugins >= 0.8.1-1
[1.4.1-2]
- Resolves: #1720654 - podman-manpages obsoletes podman < 1.4.1-2
[1.4.1-1]
- Resolves: #1720654 - bump to v1.4.1
- bump conmon to v0.3.0
[1.4.0-1]
- Resolves: #1720654 - bump to v1.4.0
[1.3.2-2]
- Resolves: #1683217 - tests subpackage requires slirp4netns
[1.3.2-1]
- Resolves: #1707220 - bump to v1.3.2
- built conmon v0.2.0
[1.2.0-1.git3bd528e5]
- package system tests, zsh completion. Update CI tests to use new -tests pkg
[1.1.0-1.git006206a]
- bump to v1.1.0
[1.0.1-1.git2c74edd]
- bump to v1.0.1
[1.0.0-2.git921f98f]
- rebase
[1.0.0-1.git82e8011]
- rebase to v1, yay!
- rebase conmon to 9b1f0a08285a7f74b21cc9b6bfd98a48905a7ba2
- Resolves:#1623282
- python interface removed, moved to https://github.com/containers/python-podman/
[0.12.1.2-4.git9551f6b]
- re-enable debuginfo
[0.12.1.2-3.git9551f6b]
- python libraries added
- resolves: #1657180
[0.12.1.2-2.git9551f6b]
- rebase
[0.11.1.1-3.git594495d]
- go tools not in scl anymore
[0.11.1.1-2.git594495d]
- fedora-like buildrequires go toolset
[0.11.1.1-1.git594495d]
- Resolves: #1636230 - build with FIPS enabled golang toolchain
- bump to v0.11.1.1
- built commit 594495d
[0.11.1-3.gita4adfe5]
- podman-docker provides docker
- Resolves: #1650355
[0.11.1-2.gita4adfe5]
- Require platform-python-setuptools instead of python3-setuptools
- Resolves: rhbz#1650144
[0.11.1-1.gita4adfe5]
- bump to v0.11.1
- built libpod commit a4adfe5
- built conmon from cri-o commit 464dba6
[0.10.1.3-5.gitdb08685]
- Resolves: #1625384 - keep BR: device-mapper-devel but don't build with it
- not having device-mapper-devel seems to have brew not recognize %{_unitdir}
[0.10.1.3-4.gitdb08685]
- Resolves: #1625384 - correctly add buildtags to remove devmapper
[0.10.1.3-3.gitdb08685]
- Resolves: #1625384 - build without device-mapper-devel (no podman support) and lvm2
[0.10.1.3-2.gitdb08685]
- Resolves: #1625384 - depend on lvm2
[0.10.1.3-1.gitdb08685]
- Resolves: #1640298 - update vendored buildah to allow building when there are
running containers
- bump to v0.10.1.3
- built podman commit db08685
[0.10.1.2-1.git2b4f8d1]
- Resolves: #1625378
- bump to v0.10.1.2
- built podman commit 2b4f8d1
[0.10.1.1-1.git4bea3e9]
- bump to v0.10.1.1
- built podman commit 4bea3e9
[0.10.1-1.gite4a1553]
- bump podman to v0.10.1
- built podman commit e4a1553
- built conmon from cri-o commit a30f93c
[0.9.3.1-4.git1cd906d]
- rebased cri-o to 1.11.6
[0.9.3.1-3.git1cd906d]
- rebase
[0.9.2-2.git37a2afe]
- rebase to podman 0.9.2
- rebase to cri-o 0.11.4
[0.9.1.1-2.git123de30]
- rebase
[0.8.4-1.git9f9b8cf]
- bump to v0.8.4
- built commit 9f9b8cf
- upstream username changed from projectatomic to containers
- use containernetworking-plugins >= 0.7.3-5
[0.8.2.1-2.git7a526bb]
- Resolves: #1615607 - rebuild with gobuild tag 'no_openssl'
[0.8.2.1-1.git7a526bb]
- Upstream 0.8.2.1 release
- Add support for podman-docker
Resolves: rhbz#1615104
[0.8.2-1.dev.git8b2d38e]
- Resolves: #1614710 - podman search name includes registry
- bump to v0.8.2-dev
- built libpod commit 8b2d38e
- built conmon from cri-o commit acc0ee7
[0.8.1-2.git6b4ab2a]
- Add recommends for slirp4netns and container-selinux
[0.8.1-2.git6b4ab2a]
- bump to v0.8.1
- use %go{build,generate} instead of go build and go generate
- update go deps to use scl-ized builds
- No need for Makefile patch for python installs
[0.8.1-1.git6b4ab2a]
- Bump to v0.8.1
[0.7.4-2.git079121]
- podman should not require atomic-registries
[0.7.4-1.dev.git9a18681]
- bump to v0.7.4-dev
- built commit 9a18681
[0.7.3-2.git079121]
- Turn on ostree support
- Upstream 0.7.3
[0.7.2-2.git4ca4c5f]
- Upstream 0.7.2 release
[0.7.1-3.git84cfdb2]
- rebuilt
[0.7.1-2.git84cfdb2]
- rebase to 84cfdb2
[0.7.1-1.git802d4f2]
- Upstream 0.7.1 release
[0.6.4-2.gitd5beb2f]
- disable devel and unittest subpackages
- include conditionals for rhel-8.0
[0.6.4-1.gitd5beb2f]
- do not compress debuginfo with dwz to support delve debugger
[0.6.1-3.git3e0ff12]
- do not compress debuginfo with dwz to support delve debugger
[0.6.1-2.git3e0ff12]
- bash completion shouldn't have shebang
[0.6.1-1.git3e0ff12]
- Resolves: #1584429 - drop capabilities when running a container as non-root
- bump to v0.6.1
- built podman commit 3e0ff12
- built conmon from cri-o commit 1c0c3b0
- drop containernetworking-plugins subpackage, it's now split out into a standalone
package
[0.4.1-4.gitb51d327]
- Resolves: #1572538 - build host-device and portmap plugins
[0.4.1-3.gitb51d327]
- correct dep on containernetworking-plugins
[0.4.1-2.gitb51d327]
- add containernetworking-plugins v0.7.0 as a subpackage (podman dep)
- release tag for the containernetworking-plugins is actually gotten from
podman release tag.
[0.4.1-1.gitb51d327]
- bump to v0.4.1
- built commit b51d327
[0.3.3-1.dev.gitbc358eb]
- built podman commit bc358eb
- built conmon from cri-o commit 712f3b8
[0.3.2-1.gitf79a39a]
- Release 0.3.2-1
[0.3.1-2.git98b95ff]
- Correct RPM version
[0.3.1-1-gitc187538]
- Release 0.3.1-1
[0.2.2-2.git525e3b1]
- Build on ARMv7 too (Fedora supports containers on that arch too)
[0.2.2-1.git525e3b1]
- Release 0.2.2
[0.2.1-1.git3d0100b]
- Release 0.2.1
[0.2-3.git3d0100b]
- Add dep for atomic-registries
[0.2-2.git3d0100b]
- Add more 64bit arches
- Add containernetworking-cni dependancy
- Add iptables dependancy
[0-2.1.git3d0100]
- Release 0.2
[0-0.3.git367213a]
- Resolves: #1541554 - first official build
- built commit 367213a
[0-0.2.git0387f69]
- built commit 0387f69
[0-0.1.gitc1b2278]
- First package for Fedora
python-podman-api
[1.2.0-0.2.gitd0a45fe]
- revert update to 1.6.0 due to new python3-pbr dependency which
is not in RHEL
- Related: RHELPLAN-25138
[1.2.0-0.1.gitd0a45fe]
- Initial package
runc
[1.0.0-64.rc9]
- use no_openssl in BUILDTAGS (no vendored crypto in runc)
- Related: RHELPLAN-25138
[1.0.0-63.rc9]
- be sure to use golang >= 1.12.12-4
- Related: RHELPLAN-25138
[1.0.0-62.rc9]
- rebuild because of CVE-2019-9512 and CVE-2019-9514
- Related: RHELPLAN-25138
[1.0.0-61.rc9]
- update to runc 1.0.0-rc9 release
- amend golang deps
- fixes CVE-2019-16884
[1.0.0-60.rc8]
- Resolves: #1721247 - enable fips mode
[1.0.0-59.rc8]
- Resolves: #1720654 - rebase to v1.0.0-rc8
[1.0.0-57.rc5.dev.git2abd837]
- Resolves: #1693424 - podman rootless: cannot specify gid= mount options
[1.0.0-56.rc5.dev.git2abd837]
- change-default-root patch not needed as there's no docker on rhel8
[1.0.0-55.rc5.dev.git2abd837]
- Resolves: CVE-2019-5736
[1.0.0-54.rc5.dev.git2abd837]
- re-enable debuginfo
[1.0.0-53.rc5.dev.git2abd837]
- go toolset not in scl anymore
[1.0.0-52.rc5.dev.git2abd837]
- rebase
[2:1.0.0-51.dev.gitfdd8055]
- Fix handling of tmpcopyup
[2:1.0.0-49.rc5.dev.gitb4e2ecb]
- %gobuild uses no_openssl
- remove unused devel and unit-test subpackages
[2:1.0.0-48.rc5.dev.gitad0f525]
- build with %gobuild
- exlude i686 temporarily because of go-toolset issues
[1.0.0-47.dev.gitb4e2ecb]
- Rebuild with fixed binutils
[2:1.0.0-46.dev.gitb4e2ecb]
- Add patch https://github.com/opencontainers/runc/pull/1807 to allow
- runc and podman to work with sd_notify
[2:1.0.0-40.rc5.dev.gitad0f525]
- Remove sysclt handling, not needed in RHEL8
- Make sure package built with seccomp flags
- Remove rectty
- Add completions
[2:1.0.0-36.rc5.dev.gitad0f525]
- Better handling of user namespace
[2:1.0.0-31.rc5.git0cbfd83]
- Fix issues between SELinux and UserNamespace
[1.0.0-27.rc5.dev.git4bb1fe4]
- rebuilt, placed missing changelog entry back
[2:1.0.0-26.rc5.git4bb1fe4]
- release v1.0.0~rc5
[1.0.0-26.rc4.git9f9c962]
- Bump to the latest from upstream
[1.0.0-25.rc4.gite6516b3]
- built commit e6516b3
[1.0.0-24.rc4.dev.gitc6e4a1e.1]
- rebase to c6e4a1ebeb1a72b529c6f1b6ee2b1ae5b868b14f
- https://github.com/opencontainers/runc/pull/1651
[1.0.0-23.rc4.git1d3ab6d]
- Resolves: #1524654
[1.0.0-22.rc4.git1d3ab6d]
- Many Stability fixes
- Many fixes for rootless containers
- Many fixes for static builds
[1.0.0-21.rc4.dev.gitaea4f21]
- enable debuginfo and include -buildmode=pie for go build
[1.0.0-20.rc4.dev.gitaea4f21]
- use Makefile
[1.0.0-19.rc4.dev.gitaea4f21]
- disable debuginfo temporarily
[1.0.0-18.rc4.dev.gitaea4f21]
- enable debuginfo
[1.0.0-17.rc4.gitaea4f21]
- Add container-selinux prerequires to make sure runc is labeled correctly
[1.0.0-16.rc4.dev.gitaea4f21]
- correct the release tag 'rc4dev' -> 'rc4.dev' cause I'm OCD
[1.0.0-15.rc4dev.gitaea4f21]
- Use the same checkout as Fedora for lates CRI-O
[1.0.0-14.rc4dev.git84a082b]
- rebase to 84a082bfef6f932de921437815355186db37aeb1
[1.0.0-13.rc3.gitd40db12]
- Resolves: #1479489
- built commit d40db12
[1.0.0-12.1.gitf8ce01d]
- disable s390x temporarily because of indefinite wait times on brew
[1.0.0-11.1.gitf8ce01d]
- correct previous bogus date :
[1.0.0-10.1.gitf8ce01d]
- Resolves: #1441737 - run sysctl_apply for sysctl knob
[1.0.0-9.1.gitf8ce01d]
- Resolves: #1447078 - change default root path
- add commit e800860 from runc @projectatomic/change-root-path
[1.0.0-8.1.gitf8ce01d]
- Resolves: #1441737 - enable kernel sysctl knob /proc/sys/fs/may_detach_mounts
[1.0.0-7.1.gitf8ce01d]
- Resolves: #1429675
- built @opencontainers/master commit f8ce01d
[1.0.0-4.1.gitee992e5]
- built @projectatomic/master commit ee992e5
[1.0.0-3.rc2]
- Resolves: #1426674
- built projectatomic/runc_rhel_7 commit 5d93f81
[1.0.0-2.rc2]
- Resolves: #1419702 - rebase to latest upstream master
- built commit b263a43
[1.0.0-1.rc2]
- Resolves: #1412239 - *CVE-2016-9962* - set init processes as non-dumpable,
runc patch from Michael Crosby
[0.1.1-6]
- Resolves: #1373980 - rebuild for 7.3.0
[0.1.1-5]
- build with golang >= 1.6.2
[0.1.1-4]
- release tags were inconsistent in the previous build
[0.1.1-1]
- Resolves: #1341267 - rebase runc to v0.1.1
[0.1.0-3]
- add selinux build tag
- add BR: libseccomp-devel
[0.1.0-2]
- Resolves: #1328970 - add seccomp buildtag
[0.1.0-1]
- Resolves: rhbz#1328616 - rebase to v0.1.0
[0.0.8-1.git4155b68]
- Resolves: rhbz#1277245 - bump to 0.0.8
- Resolves: rhbz#1302363 - criu is a runtime dep
- Resolves: rhbz#1302348 - libseccomp-golang is bundled in Godeps
- manpages included
[1:0.0.5-0.1.git97bc9a7]
- Update to 0.0.5, introduce Epoch for Fedora due to 0.2 version instead of 0.0.2
[0.2-0.2.git90e6d37]
- First package for Fedora
resolves: #1255179
skopeo
[0.1.40-8.0.1]
- Add oracle registry into the conf file [Orabug: 29845934]
- Fix oracle registry login issues [Orabug: 29937192]
[1:0.1.40-8]
- change the search order of registries and remove quay.io (#1784267)
[1:0.1.40-7]
- compile in FIPS mode
- Related: RHELPLAN-25138
[1:0.1.40-6]
- be sure to use golang >= 1.12.12-4
- Related: RHELPLAN-25138
[1:0.1.40-5]
- fix file list
- Related: RHELPLAN-25138
[1:0.1.40-4]
- add missing source files to git
- Related: RHELPLAN-25138
[1:0.1.40-3]
- rebuild because of CVE-2019-9512 and CVE-2019-9514
- Related: RHELPLAN-25138
[1:0.1.40-2]
- comment out mountopt option in order to fix gating tests
see bug 1769769
[1:0.1.40-1]
- update to 0.1.40
[1:0.1.37-5]
- Fix CVE-2019-10214 (#1734651).
[1:0.1.37-4]
- fix permissions of rhel/secrets
Resolves: #1691543
[1:0.1.37-3]
- Resolves: #1719994 - add registry.access.redhat.com to registries.conf
[1:0.1.37-2]
- Resolves: #1721247 - enable fips mode
[1:0.1.37-1]
- Resolves: #1720654 - rebase to v0.1.37
[1:0.1.36-1.git6307635]
- built upstream tag v0.1.36, including system tests
[1:0.1.32-4.git1715c90]
- Fixes @openshift/machine-config-operator#669
- install /etc/containers/oci/hooks.d and /etc/containers/certs.d
[1:0.1.32-3.git1715c90]
- rebase
[1:0.1.32-2.git1715c90]
- re-enable debuginfo
[1:0.1.31-12.gitb0b750d]
- go tools not in scl anymore
[1:0.1.31-11.gitb0b750d]
- Resolves: #1615609
- built upstream tag v0.1.31
[1:0.1.31-10.git0144aa8]
- Resolves: #1616069 - correct order of registries
[1:0.1.31-9.git0144aa8]
- Resolves: #1615609 - rebuild with gobuild tag 'no_openssl'
[1:0.1.31-8.git0144aa8]
- Resolves: #1614934 - containers-common soft dep on slirp4netns and
fuse-overlayfs
[1:0.1.31-7.git0144aa8]
- build with %gobuild
- use scl-ized go-toolset as dep
- disable i686 builds temporarily because of go-toolset issues
[1:0.1.31-6.git0144aa8]
- add statx to seccomp.json to containers-config
- add seccomp.json to containers-config
[1:0.1.31-4.git0144aa8]
- Resolves: #1597629 - handle dependency issue for skopeo-containers
- rename skopeo-containers to containers-common as in Fedora
[1:0.1.31-3.git0144aa8]
- Resolves: #1583762 - btrfs dep removal needs exclude_graphdriver_btrfs
buildtag
[1:0.1.31-2.git0144aa8]
- correct bz in previous changelog
[1:0.1.31-1.git0144aa8]
- Resolves: #1580938 - resolve FTBFS
- Resolves: #1583762 - remove dependency on btrfs-progs-devel
- bump to v0.1.31 (from master)
- built commit ca3bff6
- use go-toolset deps for rhel8
[0.1.29-5.git7add6fc]
- Fix small typo in registries.conf
[0.1.29-4.git]
- Add policy.json.5
[0.1.29-3.git]
- Add registries.conf
[0.1.29-2.git]
- Add registries.conf man page
[0.1.29-1.git]
- bump to 0.1.29-1
- Updated containers/image
docker-archive generates docker legacy compatible images
Do not create subdirectories for layers with no configs
Ensure the layer IDs in legacy docker/tarfile metadata are unique
docker-archive: repeated layers are symlinked in the tar file
sysregistries: remove all trailing slashes
Improve docker/* error messages
Fix failure to make auth directory
Create a new slice in Schema1.UpdateLayerInfos
Drop unused storageImageDestination.{image,systemContext}
Load a *storage.Image only once in storageImageSource
Support gzip for docker-archive files
Remove .tar extension from blob and config file names
ostree, src: support copy of compressed layers
ostree: re-pull layer if it misses uncompressed_digest|uncompressed_size
image: fix docker schema v1 -> OCI conversion
Add /etc/containers/certs.d as default certs directory
[0.1.28-2.git0270e56]
- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild
[0.1.28-1.git]
- Vendor in fixed libraries in containers/image and containers/storage
[0.1.27-1.git]
- Fix Conflicts to Obsoletes
- Add better docs to man pages.
- Use credentials from authfile for skopeo commands
- Support storage='' in /etc/containers/storage.conf
- Add global --override-arch and --override-os options
[0.1.25-2.git2e8377a7]
- Add manifest type conversion to skopeo copy
- User can select from 3 manifest types: oci, v2s1, or v2s2
- e.g skopeo copy --format v2s1 --compress-blobs docker-archive:alp.tar dir:my-directory
[0.1.25-2.git7fd6f66b]
- Force storage.conf to default to overlay
[0.1.25-1.git7fd6f66b]
- Fix CVE in tar-split
- copy: add shared blob directory support for OCI sources/destinations
- Aligning Docker version between containers/image and skopeo
- Update image-tools, and remove the duplicate Sirupsen/logrus vendor
- makefile: use -buildmode=pie
[0.1.24-8.git28d4e08a]
- Add /usr/share/containers/mounts.conf
[0.1.24-7.git28d4e08a]
- Bug fixes
- Update to release
[0.1.24-6.dev.git28d4e08]
- skopeo-containers conflicts with docker-rhsubscription <= 2:1.13.1-31
[0.1.24-5.dev.git28d4e08]
- Add rhel subscription secrets data to skopeo-containers
[0.1.24-4.dev.git28d4e08]
- Update container/storage.conf and containers-storage.conf man page
- Default override to true so it is consistent with RHEL.
[0.1.24-3.dev.git28d4e08]
- built commit 28d4e08
[0.1.24-2.dev.git875dd2e]
- built commit 875dd2e
- Resolves: gh#416
[0.1.24-1.dev.gita41cd0]
- bump to 0.1.24-dev
- correct a prior bogus date
- fix macro in comment warning
[0.1.23-6.dev.git1bbd87]
- Change name of storage.conf.5 man page to containers-storage.conf.5, since
it conflicts with inn package
- Also remove default to 'overalay' in the configuration, since we should
- allow containers storage to pick the best default for the platform.
[0.1.23-5.git1bbd87f]
- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild
[0.1.23-4.git1bbd87f]
- Rebuild with binutils fix for ppc64le (#1475636)
[0.1.23-3.git1bbd87f]
- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild
[0.1.23-2.dev.git1bbd87]
- Fix storage.conf man page to be storage.conf.5.gz so that it works.
[0.1.23-1.dev.git1bbd87]
- Support for OCI V1.0 Images
- Update to image-spec v1.0.0 and revendor
- Fixes for authentication
[0.1.22-2.dev.git5d24b67]
- Epoch: 1 for CentOS as CentOS Extras' build already has epoch set to 1
[0.1.22-1.dev.git5d24b67]
- Give more useful help when explaining usage
- Also specify container-storage as a valid transport
- Remove docker reference wherever possible
- vendor in ostree fixes
[0.1.21-1.dev.git0b73154]
- Add support for storage.conf and storage-config.5.md from github container storage package
- Bump to the latest version of skopeo
- vendor.conf: add ostree-go
- it is used by containers/image for pulling images to the OSTree storage.
- fail early when image os does not match host os
- Improve documentation on what to do with containers/image failures in test-skopeo
- We now have the docker-archive: transport
- Integration tests with built registries also exist
- Support /etc/docker/certs.d
- update image-spec to v1.0.0-rc6
[0.1.20-1.dev.git0224d8c]
- BZ #1380078 - New release
[0.1.19-2.dev.git0224d8c]
- No golang support for ppc64. Adding exclude arch. BZ #1445490
[0.1.19-1.dev.git0224d8c]
- bump to v0.1.19-dev
- built commit 0224d8c
[0.1.17-3.dev.git2b3af4a]
- Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild
[0.1.17-2.dev.git2b3af4a]
- Rebuild for gpgme 1.18
[0.1.17-1.dev.git2b3af4a]
- bump to 0.1.17-dev
[0.1.14-6.git550a480]
- Fix BZ#1391932
[0.1.14-5.git550a480]
- Conflicts with atomic in skopeo-containers
[0.1.14-4.git550a480]
- built skopeo-containers
[0.1.14-3.gitd830391]
- built mtrmac/integrate-all-the-things commit d830391
[0.1.14-2.git362bfc5]
- built commit 362bfc5
[0.1.14-1.gitffe92ed]
- build origin/master commit ffe92ed
[0.1.13-6]
- https://fedoraproject.org/wiki/Changes/golang1.7
[0.1.13-5]
- include go-srpm-macros and compiler(go-compiler) in fedora conditionals
- define %gobuild if not already
- add patch to build with older version of golang
[0.1.13-4]
- update to v0.1.12
[0.1.12-3]
- fix go build source path
[0.1.12-2]
- update to v0.1.12
[0.1.11-1]
- update to v0.1.11
[0.1.10-1]
- update to v0.1.10
- change runcom -> projectatomic
[0.1.9-1]
- update to v0.1.9
[0.1.8-1]
- update to v0.1.8
[0.1.4-2]
- https://fedoraproject.org/wiki/Changes/golang1.6
[0.1.4]
- First package for Fedora
slirp4netns
[0.4.2-2.git21fdece]
- Fix CVE-2020-7039.
- Related: RHELPLAN-25138
[0.4.2-1.git21fdece]
- update to latest 0.4.2, fixes bug 1763454
- Related: RHELPLAN-25138
[0.4.0-2]
- add new BR: libseccomp-devel
[0.4.0-1]
- update to v.0.4.0
- sync with fedora spec
- drop applied CVE-2019-14378 patch
[0.3.0-4]
- Fix CVE-2019-14378 (#1755595).
[0.3.0-3]
- Resolves: #1683217 - BR: glib2-devel
[0.3.0-2]
- Resolves: #1683217 - bump slirp4netns to v0.3.0
[0.3.0-1.alpha.2.git30883b5]
- bump to v0.3.0-alpha.2
[0.1-2.dev.gitc4e1bc5]
- changed summary
[0.1-1.dev.gitc4e1bc5]
- First package for RHEL 8
- import from Fedora rawhide
- Exclude ix86 and ppc64
toolbox
[0.0.4-1.el8]
- Update for rhel8.1 container-tools module
[0.0.4-1.rhaos4.2.el8]
- Add help switch per RHBZ#1684258
- Spec fixes found by rpmlint
[0.0.3-1.rhaos4.1.el8]
- Use rhel8/support-tools
[0.0.2-1.rhaos4.1.el8]
- Add runlabel options and fix default image
[0.0.1-1.rhaos4.1.el8]
- Initial Specfile for Red Hat CoreOS Toolbox
udica
[0.2.1-2]
- initial import to container-tools 8.2.0
- Related: RHELPLAN-25139
[0.2.1-1]
- New rebase https://github.com/containers/udica/releases/tag/v0.2.0
Resolves: rhbz#1757693
[0.2.0-1]
- New rebase https://github.com/containers/udica/releases/tag/v0.2.0
Resolves: rhbz#1757693
Related CVEs
| CVE-2020-7039 |
Updated Packages
| Release/Architecture | Filename | MD5sum | Superseded By Advisory |
| Oracle Linux 8 (aarch64) | buildah-1.11.6-4.0.1.module+el8.1.1+5502+fbec5cc6.src.rpm | fc89b8e0a2d44dad66511e6a806d3942 | - |
| cockpit-podman-11-1.module+el8.1.1+5502+fbec5cc6.src.rpm | c5f794847cbd69a0819c0f13267772dc | - | |
| conmon-2.0.6-1.module+el8.1.1+5502+fbec5cc6.src.rpm | 672bca19ef051561e53845d051d5ce95 | - | |
| container-selinux-2.124.0-1.module+el8.1.1+5502+fbec5cc6.src.rpm | 836a92c5bc5212825b26fa5d7400d5a3 | - | |
| containernetworking-plugins-0.8.3-4.0.1.module+el8.1.1+5502+fbec5cc6.src.rpm | 46afb88183087a9c6efec5caad55287b | - | |
| fuse-overlayfs-0.7.2-1.module+el8.1.1+5502+fbec5cc6.src.rpm | b0cb213e3f75bc9ae2813a16f20b86d2 | - | |
| podman-1.6.4-2.0.1.module+el8.1.1+5502+fbec5cc6.src.rpm | fcfbc1e84025f99ec19448a1766fea00 | - | |
| python-podman-api-1.2.0-0.2.gitd0a45fe.module+el8.1.1+5502+fbec5cc6.src.rpm | ef63b17277fde89259d6987091876f28 | - | |
| runc-1.0.0-64.rc9.module+el8.1.1+5502+fbec5cc6.src.rpm | b53427ad35ade2a4787f0abca02ee7fc | - | |
| skopeo-0.1.40-8.0.1.module+el8.1.1+5502+fbec5cc6.src.rpm | ba6c1fada68216bf696c94998c111a78 | - | |
| slirp4netns-0.4.2-2.git21fdece.module+el8.1.1+5502+fbec5cc6.src.rpm | 5808a148f9e3bbfc6a9be689263379d2 | - | |
| toolbox-0.0.4-1.module+el8.1.1+5502+fbec5cc6.src.rpm | daed81d9da1167122fab8ecb43f84430 | - | |
| udica-0.2.1-2.module+el8.1.1+5502+fbec5cc6.src.rpm | 33363176ab07a8f9a7a2173dfdd4268b | - | |
| buildah-1.11.6-4.0.1.module+el8.1.1+5502+fbec5cc6.aarch64.rpm | 988a4aebe4caeeaf68c1fd3687ece0bf | - | |
| buildah-tests-1.11.6-4.0.1.module+el8.1.1+5502+fbec5cc6.aarch64.rpm | e57c13663ec418ef24d6d1c4e7891e03 | - | |
| cockpit-podman-11-1.module+el8.1.1+5502+fbec5cc6.noarch.rpm | 90dde5b368a2504de1adf897a586be17 | - | |
| conmon-2.0.6-1.module+el8.1.1+5502+fbec5cc6.aarch64.rpm | 5c2637759770c2afb1eb013597dbbda4 | - | |
| container-selinux-2.124.0-1.module+el8.1.1+5502+fbec5cc6.noarch.rpm | c4f871aaf65fef69d499f8e134875654 | - | |
| containernetworking-plugins-0.8.3-4.0.1.module+el8.1.1+5502+fbec5cc6.aarch64.rpm | ef0f5eae78b60671cfc018f3c6025578 | - | |
| containers-common-0.1.40-8.0.1.module+el8.1.1+5502+fbec5cc6.aarch64.rpm | cc08eb89d0264f79f866ee61bf8a9d90 | - | |
| fuse-overlayfs-0.7.2-1.module+el8.1.1+5502+fbec5cc6.aarch64.rpm | 1325d348e81d78d1068d6384089b020b | - | |
| podman-1.6.4-2.0.1.module+el8.1.1+5502+fbec5cc6.aarch64.rpm | f7b13dc37a6b6c33cde3dc605ab7295b | - | |
| podman-docker-1.6.4-2.0.1.module+el8.1.1+5502+fbec5cc6.noarch.rpm | 0db53ccf715e9ab011a391c15836b4f1 | - | |
| podman-manpages-1.6.4-2.0.1.module+el8.1.1+5502+fbec5cc6.noarch.rpm | f44383c4b74e9257463a2617d43ab587 | - | |
| podman-remote-1.6.4-2.0.1.module+el8.1.1+5502+fbec5cc6.aarch64.rpm | 140e3c144dd7b2c82dde7380896894d6 | - | |
| podman-tests-1.6.4-2.0.1.module+el8.1.1+5502+fbec5cc6.aarch64.rpm | 68117aa87d090e6ac41976243bf6c617 | - | |
| python-podman-api-1.2.0-0.2.gitd0a45fe.module+el8.1.1+5502+fbec5cc6.noarch.rpm | 11ae7070a4cbde5ee55c05db1f8fd78f | - | |
| runc-1.0.0-64.rc9.module+el8.1.1+5502+fbec5cc6.aarch64.rpm | e5138994f6c54b1f87f551088acadbaf | - | |
| skopeo-0.1.40-8.0.1.module+el8.1.1+5502+fbec5cc6.aarch64.rpm | ee8dc79ca3cfa1217f79c44774f46dd8 | - | |
| skopeo-tests-0.1.40-8.0.1.module+el8.1.1+5502+fbec5cc6.aarch64.rpm | a67422180113112c9f9aa16e8df12e94 | - | |
| slirp4netns-0.4.2-2.git21fdece.module+el8.1.1+5502+fbec5cc6.aarch64.rpm | f13ea13c3f686b799155b9c14de8c546 | - | |
| toolbox-0.0.4-1.module+el8.1.1+5502+fbec5cc6.aarch64.rpm | eea7bc757bbf75ce6b6f5d1f004da172 | - | |
| udica-0.2.1-2.module+el8.1.1+5502+fbec5cc6.noarch.rpm | 68f52978d5d58ed0175f09191456e4fc | - | |
| Oracle Linux 8 (x86_64) | buildah-1.11.6-4.0.1.module+el8.1.1+5502+fbec5cc6.src.rpm | fc89b8e0a2d44dad66511e6a806d3942 | - |
| cockpit-podman-11-1.module+el8.1.1+5502+fbec5cc6.src.rpm | c5f794847cbd69a0819c0f13267772dc | - | |
| conmon-2.0.6-1.module+el8.1.1+5502+fbec5cc6.src.rpm | 672bca19ef051561e53845d051d5ce95 | - | |
| container-selinux-2.124.0-1.module+el8.1.1+5502+fbec5cc6.src.rpm | 836a92c5bc5212825b26fa5d7400d5a3 | - | |
| containernetworking-plugins-0.8.3-4.0.1.module+el8.1.1+5502+fbec5cc6.src.rpm | 46afb88183087a9c6efec5caad55287b | - | |
| fuse-overlayfs-0.7.2-1.module+el8.1.1+5502+fbec5cc6.src.rpm | b0cb213e3f75bc9ae2813a16f20b86d2 | - | |
| podman-1.6.4-2.0.1.module+el8.1.1+5502+fbec5cc6.src.rpm | fcfbc1e84025f99ec19448a1766fea00 | - | |
| python-podman-api-1.2.0-0.2.gitd0a45fe.module+el8.1.1+5502+fbec5cc6.src.rpm | ef63b17277fde89259d6987091876f28 | - | |
| runc-1.0.0-64.rc9.module+el8.1.1+5502+fbec5cc6.src.rpm | b53427ad35ade2a4787f0abca02ee7fc | - | |
| skopeo-0.1.40-8.0.1.module+el8.1.1+5502+fbec5cc6.src.rpm | ba6c1fada68216bf696c94998c111a78 | - | |
| slirp4netns-0.4.2-2.git21fdece.module+el8.1.1+5502+fbec5cc6.src.rpm | 5808a148f9e3bbfc6a9be689263379d2 | - | |
| toolbox-0.0.4-1.module+el8.1.1+5502+fbec5cc6.src.rpm | daed81d9da1167122fab8ecb43f84430 | - | |
| udica-0.2.1-2.module+el8.1.1+5502+fbec5cc6.src.rpm | 33363176ab07a8f9a7a2173dfdd4268b | - | |
| buildah-1.11.6-4.0.1.module+el8.1.1+5502+fbec5cc6.x86_64.rpm | e777fbb5692dc3133cc1f360934d1e4f | - | |
| buildah-tests-1.11.6-4.0.1.module+el8.1.1+5502+fbec5cc6.x86_64.rpm | 40d8a59c41208cbf57b7dc8262bbc2b4 | - | |
| cockpit-podman-11-1.module+el8.1.1+5502+fbec5cc6.noarch.rpm | 90dde5b368a2504de1adf897a586be17 | - | |
| conmon-2.0.6-1.module+el8.1.1+5502+fbec5cc6.x86_64.rpm | 446f83d5d5a3583faa2d175c91abcbc9 | - | |
| container-selinux-2.124.0-1.module+el8.1.1+5502+fbec5cc6.noarch.rpm | c4f871aaf65fef69d499f8e134875654 | - | |
| containernetworking-plugins-0.8.3-4.0.1.module+el8.1.1+5502+fbec5cc6.x86_64.rpm | 189aff32f595ff4114a4bb20994b872d | - | |
| containers-common-0.1.40-8.0.1.module+el8.1.1+5502+fbec5cc6.x86_64.rpm | bbd4455b421a447d30812188e783deaf | - | |
| fuse-overlayfs-0.7.2-1.module+el8.1.1+5502+fbec5cc6.x86_64.rpm | 1665105e2743b2c07b7d888d1bcdbd33 | - | |
| podman-1.6.4-2.0.1.module+el8.1.1+5502+fbec5cc6.x86_64.rpm | 0ebd4aa5cc2ded105929741df88385e1 | - | |
| podman-docker-1.6.4-2.0.1.module+el8.1.1+5502+fbec5cc6.noarch.rpm | 0db53ccf715e9ab011a391c15836b4f1 | - | |
| podman-manpages-1.6.4-2.0.1.module+el8.1.1+5502+fbec5cc6.noarch.rpm | f44383c4b74e9257463a2617d43ab587 | - | |
| podman-remote-1.6.4-2.0.1.module+el8.1.1+5502+fbec5cc6.x86_64.rpm | 1a0a0199986561484fe269ba76faaa6b | - | |
| podman-tests-1.6.4-2.0.1.module+el8.1.1+5502+fbec5cc6.x86_64.rpm | d02eab96d10118dc3d7f79521fcf3e92 | - | |
| python-podman-api-1.2.0-0.2.gitd0a45fe.module+el8.1.1+5502+fbec5cc6.noarch.rpm | 11ae7070a4cbde5ee55c05db1f8fd78f | - | |
| runc-1.0.0-64.rc9.module+el8.1.1+5502+fbec5cc6.x86_64.rpm | c4ca09ce4d672b70c53c96852ca65302 | - | |
| skopeo-0.1.40-8.0.1.module+el8.1.1+5502+fbec5cc6.x86_64.rpm | 40b1b4fd52f565f41b00929aba7cfad5 | - | |
| skopeo-tests-0.1.40-8.0.1.module+el8.1.1+5502+fbec5cc6.x86_64.rpm | 841fa30cc9ee7a7c7e263ed592658865 | - | |
| slirp4netns-0.4.2-2.git21fdece.module+el8.1.1+5502+fbec5cc6.x86_64.rpm | e5701792b77ab8e479ae0f48c3b8a472 | - | |
| toolbox-0.0.4-1.module+el8.1.1+5502+fbec5cc6.x86_64.rpm | 55e9cb23cc644d5dd0586e8d251f73c3 | - | |
| udica-0.2.1-2.module+el8.1.1+5502+fbec5cc6.noarch.rpm | 68f52978d5d58ed0175f09191456e4fc | - | |
This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team
