An update that solves three vulnerabilities and has four
fixes is now available.
Description:
This is a version update for podman to version 1.4.4 (bsc#1143386).
Additional changes by SUSE on top:
Version update podman to v1.4.4:
Features
Bugfixes
Misc
Update podman to v1.4.2:
Updated podman to version 1.4.0 (bsc#1137860) and (bsc#1135460)
Podman checkpoint and podman restore commands can now be used to migrate
containers between Podman installations on different systems.
The podman cp now supports pause flag.
The remote client now supports a configuration file for pre-configuring
connections to remote Podman installations
CVE-2019-10152: Fixed an iproper dereference of symlinks of the the
podman cp command which introduced in version 1.1.0 (bsc#1136974).
Fixed a bug where podman commit could improperly set environment
variables that contained = characters
Fixed a bug where rootless podman would sometimes fail to start
containers with forwarded ports
Fixed a bug where podman version on the remote client could segfault
Fixed a bug where podman container runlabel would use /proc/self/exe
instead of the path of the Podman command when printing the command
being executed
Fixed a bug where filtering images by label did not work
Fixed a bug where specifying a bing mount or tmpfs mount over an image
volume would cause a container to be unable to start
Fixed a bug where podman generate kube did not work with containers with
named volumes
Fixed a bug where rootless podman would receive permission denied errors
accessing conmon.pid
Fixed a bug where podman cp with a folder specified as target would
replace the folder, as opposed to copying into it
Fixed a bug where rootless Podman commands could double-unlock a lock,
causing a crash
Fixed a bug where podman incorrectly set tmpcopyup on /dev/ mounts,
causing errors when using the Kata containers runtime
Fixed a bug where podman exec would fail on older kernels
Podman commit command is now usable with the Podman remote client
Signature-policy flag has been deprecated
Updated vendored containers/storage and containers/image libraries with
numerous bugfixes
Updated vendored Buildah to v1.8.3
Podman now requires Conmon v0.2.0
The podman cp command is now aliased as podman container cp
Rootless podman will now default init_path using root Podman’s
configuration files (/etc/containers/libpod.conf and
/usr/share/containers/libpod.conf) if not overridden in the rootless
configuration
Added fuse-overlayfs dependency to support overlay based rootless image
manipulations
The podman cp command can now read input redirected to STDIN, and output
to STDOUT instead of a file, using - instead of an argument.
The podman remote client now displays version information from both the
client and server in podman version
The podman unshare command has been added, allowing easy entry into the
user namespace set up by rootless Podman (allowing the removal of files
created by rootless podman, among other things)
Fixed a bug where Podman containers with the --rm flag were removing
created volumes when they were automatically removed
Fixed a bug where container and pod locks were incorrectly marked as
released after a system reboot, causing errors on container and pod
removal
Fixed a bug where Podman pods could not be removed if any container in
the pod encountered an error during removal
Fixed a bug where Podman pods run with the cgroupfs CGroup driver would
encounter a race condition during removal, potentially failing to remove
the pod CGroup
Fixed a bug where the podman container checkpoint and podman container
restore commands were not visible in the remote client
Fixed a bug where podman remote ps --ns would not print the container’s
namespaces
Fixed a bug where removing stopped containers with healthchecks could
cause an error
Fixed a bug where the default libpod.conf file was causing parsing errors
Fixed a bug where pod locks were not being freed when pods were removed,
potentially leading to lock exhaustion
Fixed a bug where ‘podman run’ with SD_NOTIFY set could, on
short-running containers, create an inconsistent state rendering the
container unusable
The remote Podman client now uses the Varlink bridge to establish remote
connections by default
Fixed an issue with apparmor_parser (bsc#1123387)
Update to libpod v1.4.0 (bsc#1137860):
The podman checkpoint and podman restore commands can now be used to
migrate containers between Podman installations on different systems
The podman cp command now supports a pause flag to pause containers
while copying into them
The remote client now supports a configuration file for pre-configuring
connections to remote Podman installations
Fixed CVE-2019-10152 - The podman cp command improperly dereferenced
symlinks in host context
Fixed a bug where podman commit could improperly set environment
variables that contained = characters
Fixed a bug where rootless Podman would sometimes fail to start
containers with forwarded ports
Fixed a bug where podman version on the remote client could segfault
Fixed a bug where podman container runlabel would use /proc/self/exe
instead of the path of the Podman command when printing the command
being executed
Fixed a bug where filtering images by label did not work
Fixed a bug where specifying a bing mount or tmpfs mount over an image
volume would cause a container to be unable to start
Fixed a bug where podman generate kube did not work with containers with
named volumes
Fixed a bug where rootless Podman would receive permission denied errors
accessing conmon.pid
Fixed a bug where podman cp with a folder specified as target would
replace the folder, as opposed to copying into it
Fixed a bug where rootless Podman commands could double-unlock a lock,
causing a crash
Fixed a bug where Podman incorrectly set tmpcopyup on /dev/ mounts,
causing errors when using the Kata containers runtime
Fixed a bug where podman exec would fail on older kernels
The podman commit command is now usable with the Podman remote client
The --signature-policy flag (used with several image-related commands)
has been deprecated
The podman unshare command now defines two environment variables in the
spawned shell: CONTAINERS_RUNROOT and CONTAINERS_GRAPHROOT, pointing to
temporary and permanent storage for rootless containers
Updated vendored containers/storage and containers/image libraries with
numerous bugfixes
Updated vendored Buildah to v1.8.3
Podman now requires Conmon v0.2.0
The podman cp command is now aliased as podman container cp
Rootless Podman will now default init_path using root Podman’s
configuration files (/etc/containers/libpod.conf and
/usr/share/containers/libpod.conf) if not overridden in the rootless
configuration
Update to image v1.5.1
Vendor in latest containers/storage
docker/docker_client: Drop redundant Domain(ref.ref) call
pkg/blobinfocache: Split implementations into subpackages
copy: progress bar: show messages on completion
docs: rename manpages to *.5.command
add container-certs.d.md manpage
pkg/docker/config: Bring auth tests from docker/docker_client_test
Don’t allocate a sync.Mutex separately
Update to storage v1.12.10:
slirp4netns was updated to 0.3.0:
This update also includes:
This update was imported from the SUSE:SLE-15-SP1:Update update project.
Patch Instructions:
To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or “zypper patch”.
Alternatively you can run the command listed for your product:
openSUSE Leap 15.1:
zypper in -t patch openSUSE-2019-2044=1
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
openSUSE Leap | 15.1 | x86_64 | < - openSUSE Leap 15.1 (x86_64): | - openSUSE Leap 15.1 (x86_64):.x86_64.rpm | |
openSUSE Leap | 15.1 | noarch | < - openSUSE Leap 15.1 (noarch): | - openSUSE Leap 15.1 (noarch):.noarch.rpm |