opensource/podman
1
0
Fork 0
mirror of https://github.com/containers/podman.git synced 2025-08-06 19:44:14 +08:00
Code Issues Packages Projects Releases Wiki Activity
23,152 Commits 54 Branches 249 Tags
Commit Graph

1451 Commits

Author SHA1 Message Date
Paul Holzinger
8671577b82 vendor: replace crypto with github.com/openshift/golang-crypto@v0.33.openshift.1 
The go 1.23 build requirement is to new for the older branches, switch
to a fork maintained by openshift.

Fixes: CVE-2025-22869
Fixes: https://issues.redhat.com/browse/RHEL-81318
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
 2025-03-13 17:39:11 +01:00
Paul Holzinger
848fc9eedc Revert "vendor: bump to golang.org/x/crypto@v0.36.0" 
This reverts commit 5f0ffedba21dabdc8f3f8f95e7e830407902e72b.

Signed-off-by: Paul Holzinger <pholzing@redhat.com>
 2025-03-13 17:38:39 +01:00
Paul Holzinger
5f0ffedba2 vendor: bump to golang.org/x/crypto@v0.36.0 
Fixes: CVE-2025-22869
Fixes: https://issues.redhat.com/browse/RHEL-81318
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
 2025-03-11 19:18:09 +01:00
tomsweeneyredhat
34f8d25733 [v5.2-rhel] CVE-2025-27144 
This addresses CVE-2025-27144, bumping github.com/go-jose/go-jose/v3 to v3.0.4
and github.com/go-jose/go-jose/v4 to v4.0.5.

Fixes: https://issues.redhat.com/browse/OCPBUGS-51250, https://issues.redhat.com/browse/OCPBUGS-51249

[NO NEW TESTS NEEDED]

Signed-off-by: tomsweeneyredhat <tsweeney@redhat.com>
 2025-03-03 20:56:22 -05:00
tomsweeneyredhat
6ce927fb73 [v5.2-rhel] CVE-2024-11218, Bump Buildah to v1.37.6 
This addresses CVE-2024-11218, a Buildah based CVE.

Fixes: https://issues.redhat.com/browse/RHEL-67606

Signed-off-by: tomsweeneyredhat <tsweeney@redhat.com>
 2025-01-22 16:56:53 -05:00
tomsweeneyredhat
0c12cb5917 [v5.2-rhel] Fix CVE-2024-9407, 9675, 9676, 9341 
This fixes four CVES:
CVE-2024-9341 - FIPS Crypto-Policy Directory Mounting Issue in containers/common Go Library
CVE-2024-9407 - Improper Input Validation in bind-propagation Option of Dockerfile RUN --mount Instruction
CVE-2024-9675 - Buildah allows arbitrary directory mount [rhel-9.5]
CVE-2024-9676 - symlink traversal vulnerability in the containers/storage library can cause Denial of Service (DoS)

And Jira cards:

https://issues.redhat.com/browse/RHEL-60963 - CVE-2024-9341
https://issues.redhat.com/browse/RHEL-62369 - CVE-2024-9341
https://issues.redhat.com/browse/RHEL-61152 - CVE-2024-9407
https://issues.redhat.com/browse/RHEL-61849 (RHEL 9.5) - CVE-2024-9675
https://issues.redhat.com/browse/RHEL-61849 (RHEL 9.5.z) - CVE-2024-9675
https://issues.redhat.com/browse/RHEL-61865 - CVE-2024-9676

Signed-off-by: tomsweeneyredhat <tsweeney@redhat.com>
 2024-10-20 14:09:25 -04:00
Paul Holzinger
2eb9b36958 vendor: update c/common to v0.60.4 
Update c/common to fix CVE-2024-9341

Fixes CVE-2024-9341
Fixes https://issues.redhat.com/browse/RHEL-60963
Fixes https://issues.redhat.com/browse/RHEL-60961

Signed-off-by: Paul Holzinger <pholzing@redhat.com>
 2024-10-02 11:19:56 +02:00
Paul Holzinger
6e9cd7363e vendor: update c/common to v0.60.3 
To include fixes for the netns mounting.

Signed-off-by: Paul Holzinger <pholzing@redhat.com>
 2024-09-23 10:26:06 +02:00
tomsweeneyredhat
570fbc49aa [v5.2] Bump Buildah to v1.37.2, c/common v0.60.2, c/image v5.32.2 
As the title says.  Finishes the vendor dance for Podman v5.2.2

Signed-off-by: tomsweeneyredhat <tsweeney@redhat.com>
 2024-08-21 12:06:44 -04:00
tomsweeneyredhat
854e0c2eb4 [v5.2] Bump Buildah to v1.37.1, c/common v0.60.1, c/image v5.32.1 
Bump Buildah to v1.37.1, c/common to v0.60.1, c/image v5.32.1
in preparation of Podman v5.2.1

Signed-off-by: tomsweeneyredhat <tsweeney@redhat.com>
 2024-08-13 14:29:01 -04:00
Matt Heon
8bc493324a Bump Buildah, c/storage, c/image, c/common 
Signed-off-by: Matt Heon <mheon@redhat.com>
 2024-07-31 14:31:23 -04:00
Christophe Fergeau
02a932372b build: Update gvisor-tap-vsock to 0.7.4 
This contains a fix for a gvproxy crash on macos on fast connections
with heavy network load.

This should fix https://github.com/containers/podman/issues/23114

Signed-off-by: Christophe Fergeau <cfergeau@redhat.com>
 2024-07-31 14:23:11 -04:00
renovate[bot]
742d29e9d8 Update module github.com/vbauerster/mpb/v8 to v8.7.4 
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
 2024-07-20 15:19:17 +00:00
openshift-merge-bot[bot]
89432899a7 Merge pull request #23299 from containers/renovate/github.com-rootless-containers-rootlesskit-v2-2.x 
fix(deps): update module github.com/rootless-containers/rootlesskit/v2 to v2.2.0
 2024-07-17 20:26:50 +00:00
Daniel J Walsh
1ec3edd3f6 Do not crash on invalid filters 
Vendor in latest containers/common
Fixes #23120

Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
 2024-07-17 10:44:55 -04:00
renovate[bot]
692d2a5b08 fix(deps): update module github.com/rootless-containers/rootlesskit/v2 to v2.2.0 
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
 2024-07-17 04:11:53 +00:00
Daniel J Walsh
eb750f61f6 Vendor in latest containers(common, storage,image, buildah) 
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
 2024-07-15 13:51:43 -04:00
openshift-merge-bot[bot]
42fa78b225 Merge pull request #23259 from giuseppe/vendor-storage-ab74785ce9e8 
vendor: bump c/storage
 2024-07-12 14:32:46 +00:00
Giuseppe Scrivano
f90bd48859 vendor: bump c/storage 
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
 2024-07-12 14:19:33 +02:00
Paul Holzinger
e24367aa14 update to docker 27 
Fixes compile issues with new docker changes, then fix all the new
depreciation warnings.
Also there seem to be larger pre-existing problems with the
/containers/json API output as the HostConfig field seems to be missing
but I don't have time to deal with that currently.

Note this does not include changes for the new docker API 1.46.

Signed-off-by: Paul Holzinger <pholzing@redhat.com>
 2024-07-12 14:00:29 +02:00
renovate[bot]
7c775a3f4c Update module github.com/cyphar/filepath-securejoin to v0.3.0 
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
 2024-07-11 15:41:50 +00:00
renovate[bot]
176630b5db chore(deps): update module google.golang.org/grpc to v1.64.1 [security] 
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
 2024-07-10 00:44:17 +00:00
renovate[bot]
766955fc6d fix(deps): update module tags.cncf.io/container-device-interface to v0.8.0 
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
 2024-07-09 12:59:59 +00:00
renovate[bot]
f90060bff3 fix(deps): update module golang.org/x/net to v0.27.0 
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
 2024-07-05 14:35:37 +00:00
renovate[bot]
ea86582f6c fix(deps): update module golang.org/x/term to v0.22.0 
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
 2024-07-04 22:17:33 +00:00
renovate[bot]
2c2da039de fix(deps): update module github.com/containers/ocicrypt to v1.2.0 
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
 2024-07-04 02:02:06 +00:00
openshift-merge-bot[bot]
189d862d54 Merge pull request #23159 from containers/renovate/go-github.com/gorilla/schema-vulnerability 
fix(deps): update module github.com/gorilla/schema to v1.4.1 [security]
 2024-07-03 13:46:02 +00:00
openshift-merge-bot[bot]
c279ce0a86 Merge pull request #23113 from containers/renovate/github.com-openshift-imagebuilder-1.x 
Update module github.com/openshift/imagebuilder to v1.2.11
 2024-07-02 18:39:18 +00:00
renovate[bot]
1c704157c2 fix(deps): update module github.com/gorilla/schema to v1.4.1 [security] 
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
 2024-07-01 23:11:04 +00:00
Giuseppe Scrivano
5e156c424f vendor: update c/storage 
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
 2024-07-01 11:35:45 +02:00
renovate[bot]
541cdaa441 Update module github.com/openshift/imagebuilder to v1.2.11 
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
 2024-06-26 17:25:24 +00:00
renovate[bot]
d1bfc6d8d0 Update module github.com/crc-org/crc/v2 to v2.38.0 
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
 2024-06-25 07:59:35 +00:00
openshift-merge-bot[bot]
b8d95a5893 Merge pull request #23024 from containers/renovate/github.com-containernetworking-plugins-1.x 
Update module github.com/containernetworking/plugins to v1.5.1
 2024-06-18 15:01:34 +00:00
openshift-merge-bot[bot]
5b62c2cc2b Merge pull request #23021 from containers/renovate/github.com-checkpoint-restore-checkpointctl-1.x 
Update module github.com/checkpoint-restore/checkpointctl to v1.2.1
 2024-06-18 14:58:51 +00:00
renovate[bot]
f611ac9304 Update module github.com/containernetworking/plugins to v1.5.1 
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
 2024-06-17 21:28:37 +00:00
openshift-merge-bot[bot]
afe55cded0 Merge pull request #23006 from containers/renovate/github.com-gorilla-schema-1.x 
Update module github.com/gorilla/schema to v1.4.0
 2024-06-17 19:38:02 +00:00
renovate[bot]
043ce618bc Update module github.com/checkpoint-restore/checkpointctl to v1.2.1 
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
 2024-06-17 19:36:33 +00:00
renovate[bot]
f4aa71e730 Update module github.com/spf13/cobra to v1.8.1 
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
 2024-06-17 18:07:20 +00:00
renovate[bot]
0627fce798 Update module github.com/gorilla/schema to v1.4.0 
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
 2024-06-17 18:05:54 +00:00
renovate[bot]
5b24d1b48c fix(deps): update module google.golang.org/protobuf to v1.34.2 
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
 2024-06-11 09:15:15 +00:00
renovate[bot]
858b3b7def fix(deps): update module github.com/checkpoint-restore/checkpointctl to v1.2.0 
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
 2024-06-10 14:51:22 +00:00
renovate[bot]
5b23a2e1c7 fix(deps): update module github.com/docker/docker to v26.1.4+incompatible 
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
 2024-06-05 20:02:49 +00:00
renovate[bot]
2334a7ea6c fix(deps): update module github.com/crc-org/crc/v2 to v2.37.1 
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
 2024-06-05 13:20:35 +00:00
openshift-merge-bot[bot]
bdd07c2f7f Merge pull request #22906 from containers/renovate/golang.org-x-net-0.x 
fix(deps): update module golang.org/x/net to v0.26.0
 2024-06-05 10:58:36 +00:00
openshift-merge-bot[bot]
5bfea70e87 Merge pull request #22878 from containers/renovate/common-image-and-storage-deps 
fix(deps): update github.com/containers/image/v5 digest to aa93504
 2024-06-05 09:41:32 +00:00
renovate[bot]
8cc9bb1842 fix(deps): update module golang.org/x/net to v0.26.0 
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
 2024-06-05 09:40:42 +00:00
openshift-merge-bot[bot]
3f2ecbdf1f Merge pull request #22897 from containers/renovate/golang.org-x-sys-0.x 
fix(deps): update module golang.org/x/sys to v0.21.0
 2024-06-05 09:38:47 +00:00
openshift-merge-bot[bot]
e9ef7278c5 Merge pull request #22896 from Luap99/reexec-env 
pkg/rootless: set _CONTAINERS_USERNS_CONFIGURED correctly
 2024-06-04 17:24:50 +00:00
renovate[bot]
df0c2e5d03 fix(deps): update module golang.org/x/sys to v0.21.0 
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
 2024-06-04 17:14:21 +00:00
Paul Holzinger
15a4e1dffd vendor latest c/common 
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
 2024-06-04 17:58:40 +02:00