container-tools:ol8 security, bug fix, and enhancement update

2020-02-17T00:00:00
ID ELSA-2020-0348
Type oraclelinux
Reporter Oracle
Modified 2020-02-17T00:00:00

Description

buildah [1.11.6-4.0.1] - Fixes troubles with oracle registry login [Orabug: 29937283] [1.11.6-4] - compile in FIPS mode - Related: RHELPLAN-25138 [1.11.6-3] - be sure to use golang >= 1.12.12-4 - Related: RHELPLAN-25138 [1.11.6-2] - fix chroot: unmount with MNT_DETACH instead of UnmountMountpoints() - bug reference 1772179 - Related: RHELPLAN-25138 [1.11.6-1] - update to buildah 1.11.6 - Related: RHELPLAN-25138 [1.11.5-1] - update to buildah 1.11.5 - Related: RHELPLAN-25138 [1.11.4-2] - fix %gobuild macro to not to ignore BUILDTAGS [1.11.4-1] - update to 1.11.4 [1.9.0-5] - Use autosetup macro again. [1.9.0-4] - Fix CVE-2019-10214 (#1734653). [1.9.0-3] - Resolves: #1721247 - enable fips mode [1.9.0-2] - Resolves: #1720654 - tests subpackage depends on golang explicitly [1.9.0-1] - Resolves: #1720654 - rebase to v1.9.0 [1.8.3-1] - Resolves: #1720654 - rebase to v1.8.3 [1.8-0.git021d607] - package system tests [1.5-3.gite94b4f9] - re-enable debuginfo [1.5-2.gite94b4f9] - go toolset not in scl anymore [1.5-1.gite94b4f9] - rebase [1.4-3.git608fa84] - fedora-like go compiler macro in buildrequires is enough [1.4-2.git608fa84] - rebase [1.3-3.git4888163] - Resolves: #1615611 - rebuild with gobuild tag 'no_openssl' [1.3-2.git4888163] - Resolves: #1614009 - built with updated scl-ized go-toolset dep - build with %gobuild [1.3-1] - Bump to v1.3 - Vendor in lates containers/image - build-using-dockerfile: let -t include transports again - Block use of /proc/acpi and /proc/keys from inside containers - Fix handling of --registries-conf - Fix becoming a maintainer link - add optional CI test fo darwin - Don't pass a nil error to errors.Wrapf() - image filter test: use kubernetes/pause as a 'since' - Add --cidfile option to from - vendor: update containers/storage - Contributors need to find the CONTRIBUTOR.md file easier - Add a --loglevel option to build-with-dockerfile - Create Development plan - cmd: Code improvement - allow buildah cross compile for a darwin target - Add unused function param lint check - docs: Follow man-pages(7) suggestions for SYNOPSIS - Start using github.com/seccomp/containers-golang - umount: add all option to umount all mounted containers - runConfigureNetwork(): remove an unused parameter - Update github.com/opencontainers/selinux - Fix buildah bud --layers - Force ownership of /etc/hosts and /etc/resolv.conf to 0:0 - main: if unprivileged, reexec in a user namespace - Vendor in latest imagebuilder - Reduce the complexity of the buildah.Run function - mount: output it before replacing lastError - Vendor in latest selinux-go code - Implement basic recognition of the '--isolation' option - Run(): try to resolve non-absolute paths using /usr/local/bin:/bin:/usr/bin - Run(): don't include any default environment variables - build without seccomp - vendor in latest runtime-tools - bind/mount_unsupported.go: remove import errors - Update github.com/opencontainers/runc - Add Capabilities lists to BuilderInfo - Tweaks for commit tests - commit: recognize committing to second storage locations - Fix ARGS parsing for run commands - Add info on registries.conf to from manpage - Switch from using docker to podman for testing in .papr - buildah: set the HTTP User-Agent - ONBUILD tutorial - Add information about the configuration files to the install docs - Makefile: add uninstall - Add tilde info for push to troubleshooting - mount: support multiple inputs - Use the right formatting when adding entries to /etc/hosts - Vendor in latest go-selinux bindings - Allow --userns-uid-map/--userns-gid-map to be global options - bind: factor out UnmountMountpoints - Run(): simplify runCopyStdio() - Run(): handle POLLNVAL results - Run(): tweak terminal mode handling - Run(): rename 'copyStdio' to 'copyPipes' - Run(): don't set a Pdeathsig for the runtime - Run(): add options for adding and removing capabilities - Run(): don't use a callback when a slice will do - setupSeccomp(): refactor - Change RunOptions.Stdin/Stdout/Stderr to just be Reader/Writers - Escape use of '' in .md docs - Break out getProcIDMappings() - Break out SetupIntermediateMountNamespace() - Add Multi From Demo - Use the c/image conversion code instead of converting configs manually - Don't throw away the manifest MIME type and guess again - Consolidate loading manifest and config in initConfig - Pass a types.Image to Builder.initConfig - Require an image ID in importBuilderDataFromImage - Use c/image/manifest.GuessMIMEType instead of a custom heuristic - Do not ignore any parsing errors in initConfig - Explicitly handle 'from scratch' images in Builder.initConfig - Fix parsing of OCI images - Simplify dead but dangerous-looking error handling - Don't ignore v2s1 history if docker_version is not set - Add --rm and --force-rm to buildah bud - Add --all,-a flag to buildah images - Separate stdio buffering from writing - Remove tty check from images --format - Add environment variable BUILDAH_RUNTIME - Add --layers and --no-cache to buildah bud - Touch up images man - version.md: fix DESCRIPTION - tests: add containers test - tests: add images test - images: fix usage - fix make clean error - Change 'registries' to 'container registries' in man - add commit test - Add(): learn to record hashes of what we add - Minor update to buildah config documentation for entrypoint - Bump to v1.2-dev - Add registries.conf link to a few man pages [1.2-3] - do not depend on btrfs-progs for rhel8 [1.2-2] - buildah does not require ostree [1.2-1] - Vendor in latest containers/image - build-using-dockerfile: let -t include transports again - Block use of /proc/acpi and /proc/keys from inside containers - Fix handling of --registries-conf - Fix becoming a maintainer link - add optional CI test fo darwin - Don't pass a nil error to errors.Wrapf() - image filter test: use kubernetes/pause as a 'since' - Add --cidfile option to from - vendor: update containers/storage - Contributors need to find the CONTRIBUTOR.md file easier - Add a --loglevel option to build-with-dockerfile - Create Development plan - cmd: Code improvement - allow buildah cross compile for a darwin target - Add unused function param lint check - docs: Follow man-pages(7) suggestions for SYNOPSIS - Start using github.com/seccomp/containers-golang - umount: add all option to umount all mounted containers - runConfigureNetwork(): remove an unused parameter - Update github.com/opencontainers/selinux - Fix buildah bud --layers - Force ownership of /etc/hosts and /etc/resolv.conf to 0:0 - main: if unprivileged, reexec in a user namespace - Vendor in latest imagebuilder - Reduce the complexity of the buildah.Run function - mount: output it before replacing lastError - Vendor in latest selinux-go code - Implement basic recognition of the '--isolation' option - Run(): try to resolve non-absolute paths using /usr/local/bin:/bin:/usr/bin - Run(): don't include any default environment variables - build without seccomp - vendor in latest runtime-tools - bind/mount_unsupported.go: remove import errors - Update github.com/opencontainers/runc - Add Capabilities lists to BuilderInfo - Tweaks for commit tests - commit: recognize committing to second storage locations - Fix ARGS parsing for run commands - Add info on registries.conf to from manpage - Switch from using docker to podman for testing in .papr - buildah: set the HTTP User-Agent - ONBUILD tutorial - Add information about the configuration files to the install docs - Makefile: add uninstall - Add tilde info for push to troubleshooting - mount: support multiple inputs - Use the right formatting when adding entries to /etc/hosts - Vendor in latest go-selinux bindings - Allow --userns-uid-map/--userns-gid-map to be global options - bind: factor out UnmountMountpoints - Run(): simplify runCopyStdio() - Run(): handle POLLNVAL results - Run(): tweak terminal mode handling - Run(): rename 'copyStdio' to 'copyPipes' - Run(): don't set a Pdeathsig for the runtime - Run(): add options for adding and removing capabilities - Run(): don't use a callback when a slice will do - setupSeccomp(): refactor - Change RunOptions.Stdin/Stdout/Stderr to just be Reader/Writers - Escape use of '' in .md docs - Break out getProcIDMappings() - Break out SetupIntermediateMountNamespace() - Add Multi From Demo - Use the c/image conversion code instead of converting configs manually - Don't throw away the manifest MIME type and guess again - Consolidate loading manifest and config in initConfig - Pass a types.Image to Builder.initConfig - Require an image ID in importBuilderDataFromImage - Use c/image/manifest.GuessMIMEType instead of a custom heuristic - Do not ignore any parsing errors in initConfig - Explicitly handle 'from scratch' images in Builder.initConfig - Fix parsing of OCI images - Simplify dead but dangerous-looking error handling - Don't ignore v2s1 history if docker_version is not set - Add --rm and --force-rm to buildah bud - Add --all,-a flag to buildah images - Separate stdio buffering from writing - Remove tty check from images --format - Add environment variable BUILDAH_RUNTIME - Add --layers and --no-cache to buildah bud - Touch up images man - version.md: fix DESCRIPTION - tests: add containers test - tests: add images test - images: fix usage - fix make clean error - Change 'registries' to 'container registries' in man - add commit test - Add(): learn to record hashes of what we add - Minor update to buildah config documentation for entrypoint - Add registries.conf link to a few man pages [1.1-1] - Drop capabilities if running container processes as non root - Print Warning message if cmd will not be used based on entrypoint - Update 01-intro.md - Shouldn't add insecure registries to list of search registries - Report errors on bad transports specification when pushing images - Move parsing code out of common for namespaces and into pkg/parse.go - Add disable-content-trust noop flag to bud - Change freenode chan to buildah - runCopyStdio(): don't close stdin unless we saw POLLHUP - Add registry errors for pull - runCollectOutput(): just read until the pipes are closed on us - Run(): provide redirection for stdio - rmi, rm: add test - add mount test - Add parameter judgment for commands that do not require parameters - Add context dir to bud command in baseline test - run.bats: check that we can run with symlinks in the bundle path - Give better messages to users when image can not be found - use absolute path for bundlePath - Add environment variable to buildah --format - rm: add validation to args and all option - Accept json array input for config entrypoint - Run(): process RunOptions.Mounts, and its flags - Run(): only collect error output from stdio pipes if we created some - Add OnBuild support for Dockerfiles - Quick fix on demo readme - run: fix validate flags - buildah bud should require a context directory or URL - Touchup tutorial for run changes - Validate common bud and from flags - images: Error if the specified imagename does not exist - inspect: Increase err judgments to avoid panic - add test to inspect - buildah bud picks up ENV from base image - Extend the amount of time travis_wait should wait - Add a make target for Installing CNI plugins - Add tests for namespace control flags - copy.bats: check ownerships in the container - Fix SELinux test errors when SELinux is enabled - Add example CNI configurations - Run: set supplemental group IDs - Run: use a temporary mount namespace - Use CNI to configure container networks - add/secrets/commit: Use mappings when setting permissions on added content - Add CLI options for specifying namespace and cgroup setup - Always set mappings when using user namespaces - Run(): break out creation of stdio pipe descriptors - Read UID/GID mapping information from containers and images - Additional bud CI tests - Run integration tests under travis_wait in Travis - build-using-dockerfile: add --annotation - Implement --squash for build-using-dockerfile and commit - Vendor in latest container/storage for devicemapper support - add test to inspect - Vendor github.com/onsi/ginkgo and github.com/onsi/gomega - Test with Go 1.10, too - Add console syntax highlighting to troubleshooting page - bud.bats: print '' before checking its contents - Manage 'Run' containers more closely - Break Builder.Run()'s 'run runc' bits out - util.ResolveName(): handle completion for tagged/digested image names - Handle /etc/hosts and /etc/resolv.conf properly in container - Documentation fixes - Make it easier to parse our temporary directory as an image name - Makefile: list new pkg/ subdirectoris as dependencies for buildah - containerImageSource: return more-correct errors - API cleanup: PullPolicy and TerminalPolicy should be types - Make 'run --terminal' and 'run -t' aliases for 'run --tty' - Vendor github.com/containernetworking/cni v0.6.0 - Update github.com/containers/storage - Update github.com/projectatomic/libpod - Add support for buildah bud --label - buildah push/from can push and pull images with no reference - Vendor in latest containers/image - Update gometalinter to fix install.tools error - Update troubleshooting with new run workaround - Added a bud demo and tidied up - Attempt to download file from url, if fails assume Dockerfile - Add buildah bud CI tests for ENV variables - Re-enable rpm .spec version check and new commit test - Update buildah scratch demo to support el7 - Added Docker compatibility demo - Update to F28 and new run format in baseline test - Touchup man page short options across man pages - Added demo dir and a demo. chged distrorlease - builder-inspect: fix format option - Add cpu-shares short flag (-c) and cpu-shares CI tests - Minor fixes to formatting in rpm spec changelog - Fix rpm .spec changelog formatting - CI tests and minor fix for cache related noop flags - buildah-from: add effective value to mount propagation [1.0-1] - Remove buildah run cmd and entrypoint execution - Add Files section with registries.conf to pertinent man pages - Force 'localhost' as a default registry - Add --compress, --rm, --squash flags as a noop for bud - Add FIPS mode secret to buildah run and bud - Add config --comment/--domainname/--history-comment/--hostname - Add support for --iidfile to bud and commit - Add /bin/sh -c to entrypoint in config - buildah images and podman images are listing different sizes - Remove tarball as an option from buildah push --help - Update entrypoint behaviour to match docker - Display imageId after commit - config: add support for StopSignal - Allow referencing stages as index and names - Add multi-stage builds support - Vendor in latest imagebuilder, to get mixed case AS support - Allow umount to have multi-containers - Update buildah push doc - buildah bud walks symlinks - Imagename is required for commit atm, update manpage [0.16-3.git532e267] - Resolves: #1573681 - built commit 532e267 [0.16.0-2.git6f7d05b] - built commit 6f7d05b [0.16-1] - Add support for shell - Vendor in latest containers/image - docker-archive generates docker legacy compatible images - Do not create subdirectories for layers with no configs - Ensure the layer IDs in legacy docker/tarfile metadata are unique - docker-archive: repeated layers are symlinked in the tar file - sysregistries: remove all trailing slashes - Improve docker/ error messages - Fix failure to make auth directory - Create a new slice in Schema1.UpdateLayerInfos - Drop unused storageImageDestination.{image,systemContext} - Load a storage.Image only once in storageImageSource - Support gzip for docker-archive files - Remove .tar extension from blob and config file names - ostree, src: support copy of compressed layers - ostree: re-pull layer if it misses uncompressed_digest|uncompressed_size - image: fix docker schema v1 -> OCI conversion - Add /etc/containers/certs.d as default certs directory - Change image time to locale, add troubleshooting.md, add logo to other mds - Allow --cmd parameter to have commands as values - Document the mounts.conf file - Fix man pages to format correctly - buildah from now supports pulling images using the following transports: - docker-archive, oci-archive, and dir. - If the user overrides the storage driver, the options should be dropped - Show Config/Manifest as JSON string in inspect when format is not set - Adds feature to pull compressed docker-archive files [0.15-1] - Fix handling of buildah run command options [0.14-1] - If commonOpts do not exist, we should return rather then segfault - Display full error string instead of just status - Implement --volume and --shm-size for bud and from - Fix secrets patch for buildah bud - Fixes the naming issue of blobs and config for the dir transport by removing the .tar extension [0.13-1.git99066e0] - use correct version [0.12-4.git99066e0] - enable debuginfo [0.12-3.git99066e0] - BR: libseccomp-devel [0.12-2.git99066e0] - Resolves: #1548535 - built commit 99066e0 [0.12-1] - Added handing for simpler error message for Unknown Dockerfile instructions. - Change default certs directory to /etc/containers/certs.dir - Vendor in latest containers/image - Vendor in latest containers/storage - build-using-dockerfile: set the 'author' field for MAINTAINER - Return exit code 1 when buildah-rmi fails - Trim the image reference to just its name before calling getImageName - Touch up rmi -f usage statement - Add --format and --filter to buildah containers - Add --prune,-p option to rmi command - Add authfile param to commit - Fix --runtime-flag for buildah run and bud - format should override quiet for images - Allow all auth params to work with bud - Do not overwrite directory permissions on --chown - Unescape HTML characters output into the terminal - Fix: setting the container name to the image - Prompt for un/pwd if not supplied with --creds - Make bud be really quiet - Return a better error message when failed to resolve an image - Update auth tests and fix bud man page [0.11-3.git49095a8] - Resolves: #1542236 - add ostree and bump runc dep [0.11-2.git49095a8] - rebased to 49095a83f8622cf69532352d183337635562e261 [0.11-1] - Add --all to remove containers - Add --all functionality to rmi - Show ctrid when doing rm -all - Ignore sequential duplicate layers when reading v2s1 - Lots of minor bug fixes - Vendor in latest containers/image and containers/storage [0.10-2] - Fix checkin [0.10-1] - Display Config and Manifest as strings - Bump containers/image - Use configured registries to resolve image names - Update to work with newer image library - Add --chown option to add/copy commands [0.9-2.git04ea079] - build for all arches [0.9-1] - Allow push to use the image id - Make sure builtin volumes have the correct label [0.8-1] - Buildah bud was failing on SELinux machines, this fixes this - Block access to certain kernel file systems inside of the container [0.7-1] - Ignore errors when trying to read containers buildah.json for loading SELinux reservations - Use credentials from kpod login for buildah - Adds support for converting manifest types when using the dir transport - Rework how we do UID resolution in images - Bump github.com/vbatts/tar-split - Set option.terminal appropriately in run [0.5-5.gitf7dc659] - revert building for s390x, it is intended for rhel 7.5 [0.5-4] - Add requires for container-selinux [0.5-3.gitf7dc659] - build for s390x, https://bugzilla.redhat.com/show_bug.cgi?id=1482234 [0.5-2] - Bump github.com/vbatts/tar-split - Fixes CVE That could allow a container image to cause a DOS [0.5-1] - Add secrets patch to buildah - Add proper SELinux labeling to buildah run - Add tls-verify to bud command - Make filtering by date use the image's date - images: don't list unnamed images twice - Fix timeout issue - Add further tty verbiage to buildah run - Make inspect try an image on failure if type not specified - Add support for - Tons of bug fixes and code cleanup [0.4-2.git01db066] - bump to latest version - set GIT_COMMIT at build-time [0.4-1.git9cbccf88c] - Add default transport to push if not provided - Avoid trying to print a nil ImageReference - Add authentication to commit and push - Add information on buildah from man page on transports - Remove --transport flag - Run: do not complain about missing volume locations - Add credentials to buildah from - Remove export command - Run(): create the right working directory - Improve 'from' behavior with unnamed references - Avoid parsing image metadata for dates and layers - Read the image's creation date from public API - Bump containers/storage and containers/image - Don't panic if an image's ID can't be parsed - Turn on --enable-gc when running gometalinter - rmi: handle truncated image IDs [0.4-1.git9cbccf8] - bump to v0.4 [0.3-4.gitb9b2a8a] - Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild [0.3-3.gitb9b2a8a] - Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild [0.3-2.gitb9b2a8a7e] - Bump for inclusion of OCI 1.0 Runtime and Image Spec [0.2.0-1.gitac2aad6] - buildah run: Add support for -- ending options parsing - buildah Add/Copy support for glob syntax - buildah commit: Add flag to remove containers on commit - buildah push: Improve man page and help information - buildah run: add a way to disable PTY allocation - Buildah docs: clarify --runtime-flag of run command - Update to match newer storage and image-spec APIs - Update containers/storage and containers/image versions - buildah export: add support - buildah images: update commands - buildah images: Add JSON output option - buildah rmi: update commands - buildah containers: Add JSON output option - buildah version: add command - buildah run: Handle run without an explicit command correctly - Ensure volume points get created, and with perms - buildah containers: Add a -a/--all option [0.1.0-2.git597d2ab9] - Release Candidate 1 - All features have now been implemented. [0.0.1-1.git7a0a5333] - First package for Fedora cockpit-podman [11-1] - Fix Alert notification in Image Search Modal - Allow more than a single Error Notification for Container action errors - Various Alert cleanups - Translation updates - Related: RHELPLAN-25138 [10-1] - Support for user containers - Show list of containers that use given image - Show placeholder while loading containers and images - Fix setting memory limit - bug 1732713 - Add container Terminal - bug 1703245 - Related: RHELPLAN-25138 conmon [2:2.0.6-1] - update to 2.0.6 - Related: RHELPLAN-25138 [2:2.0.5-1] - update to 2.0.5 - Related: RHELPLAN-25138 [2:2.0.4-1] - update to 2.0.4 bugfix release - Related: RHELPLAN-25138 [2:2.0.3-2.giteb5fa88] - BR: systemd-devel - Related: RHELPLAN-25138 [2:2.0.3-1.giteb5fa88] - update to 2.0.3 [2:2.0.2-0.1.dev.git422ce21] - build latest upstream master [2:2.0.0-2] - remove BR: go-md2man since no manpages yet [2:2.0.0-1] container-selinux [2:2.124.0-1] - update to 2.124.0 - Related: RHELPLAN-25138 [2:2.123.0-2] - implement spec file refactoring by Zdenek Pytela, namely: Change the uninstall command in the %postun section of the specfile to use the %selinux_modules_uninstall macro which uses priority 200. Change the install command in the %post section if the specfile to use the %selinux_modules_install macro. Replace relabel commands with using the %selinux_relabel_pre and %selinux_relabel_post macros. Change formatting so that the lines are vertically aligned in the %postun section. (https://github.com/containers/container-selinux/pull/85) - Related: RHELPLAN-25138 [2:2.123.0-1] - update to 2.123.0 - Related: RHELPLAN-25138 [2:2.122.0-1] - update to 2.122.0 [2:2.119.0-3.gita233788] - update to master container-selinux - bug 1769469 [2:2.119.0-2] - fix post scriptlet - fail if semodule fails - bug 1729272 [2:2.119.0-1] - update to 2.119.0 [2:2.116-1] - update to 2.116, bug 1748519 [2:2.107-2] - Use at least selinux policy 3.14.3-9.el8, Resolves: #1728700 [2:2.107-1] - Resolves: #1720654 - rebase to v2.107 [2:2.89-1.git2521d0d] - bump to v2.89 [2:2.75-1.git99e2cfd] - bump to v2.75 - built commit 99e2cfd [2:2.74-1] - Resolves: #1641655 - bump to v2.74 - built commit a62c2db [2:2.73-3] - tweak macro for fedora - applies to rhel8 as well [2:2.73-2] - moved changelog entries: - Define spc_t as a container_domain, so that container_runtime will transition to spc_t even when setup with nosuid. - Allow container_runtimes to setattr on callers fifo_files - Fix restorecon to not error on missing directory [2.69-3] - Make sure we pull in the latest selinux-policy [2.69-2] - Add map support to container-selinux for RHEL 7.5 - Dontudit attempts to write to kernel_sysctl_t [2.68-1] - Add label for /var/lib/origin - Add customizable_file_t to customizable_types [2.67-1] - Add policy for container_logreader_t [2.66-1] - Allow dnsmasq to dbus chat with spc_t [2.64-1] - Allow containers to create all socket classes [2.62-1] - Label overlay directories under /var/lib/containers/ correctly [2.61-1] - Allow spc_t to load kernel modules from inside of container [2.60-1] - Allow containers to list cgroup directories - Transition for unconfined_service_t to container_runtime_t when executing container_runtime_exec_t. [2.58-2] - Run restorecon /usr/bin/podman in postinstall [2.58-1] - Add labels to allow podman to be run from a systemd unit file [2.57-1] - Set the version of SELinux policy required to the latest to fix build issues. [2.56-1] - Allow container_runtime_t to transition to spc_t over unlabeled files [2.55-1] Allow iptables to read container state Dontaudit attempts from containers to write to /proc/self Allow spc_t to change attributes on container_runtime_t fifo files [2.52-1] - Add better support for writing custom selinux policy for customer container domains. [2.51-1] - Allow shell_exec_t as a container_runtime_t entrypoint [2.50-1] - Allow bin_t as a container_runtime_t entrypoint [2.49-1] - Add support for MLS running container runtimes - Add missing allow rules for running systemd in a container [2.48-1] - Update policy to match master branch - Remove typebounds and replace with nnp_transition and nosuid_transition calls [2.41-1] - Add support to nnp_transition for container domains - Eliminates need for typebounds. [2.40-1] - Allow container_runtime_t to use user ttys - Fixes bounds check for container_t [2.39-1] - Allow container runtimes to use interited terminals. This helps satisfy the bounds check of container_t versus container_runtime_t. [2.38-1] - Allow container runtimes to mmap container_file_t devices - Add labeling for rhel push plugin [2.37-1] - Allow containers to use inherited ttys - Allow ostree to handle labels under /var/lib/containers/ostree [2.36-1] - Allow containers to relabelto/from all file types to container_file_t [2.35-1] - Allow container to map chr_files labeled container_file_t [2.34-1] - Dontaudit container processes getattr on kernel file systems [2.33-1] - Allow containers to read /etc/resolv.conf and /etc/hosts if volume - mounted into container. [2.32-1] - Make sure users creating content in /var/lib with right labels [2.31-1] - Allow the container runtime to dbus chat with dnsmasq - add dontaudit rules for container trying to write to /proc [2.29-1] - Add support for lxcd - Add support for labeling of tmpfs storage created within a container. [2.28-1] - Allow a container to umount a container_file_t filesystem [2.27-1] - Allow container runtimes to work with the netfilter sockets - Allow container_file_t to be an entrypoint for VM's - Allow spc_t domains to transition to svirt_t [2.24-1] - Make sure container_runtime_t has all access of container_t [2.23-1] - Allow container runtimes to create sockets in tmp dirs [2.22-1] - Add additonal support for crio labeling. [2.21-3] - Fixup spec file conditionals [2:2.21-2] - Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild [2.21-1] - Allow containers to execmod on container_share_t files. [2.20-2] - Relabel runc and crio executables [2.20-1] - Allow container processes to getsession [2:2.19-2.1] - update release tag to isolate from 7.3 [2:2.19-1] - Fix mcs transition problem on stdin/stdout/stderr - Add labels for CRI-O - Allow containers to use tunnel sockets [2:2.15-1.1] - Resolves: #1451289 - rebase to v2.15 - built @origin/RHEL-1.12 commit 583ca40 [2:2.10-2.1] - Make sure we have a late enough version of policycoreutils [2:2.10-1] - Update to the latest container-selinux patch from upstream - Label files under /usr/libexec/lxc as container_runtime_exec_t - Give container_t access to XFRM sockets - Allow spc_t to dbus chat with init system - Allow containers to read cgroup configuration mounted into a container [2:2.9-4] - Resolves: #1425574 - built commit 79a6d70 [2:2.9-3] - Resolves: #1420591 - built @origin/RHEL-1.12 commit 8f876c4 [2:2.9-2] - built @origin/RHEL-1.12 commit 33cb78b [2:2.8-2] - [2:2.7-1] - built origin/RHEL-1.12 commit 21dd37b [2:2.4-2] - correct version-release in changelog entries [2:2.4-1] - Add typebounds statement for container_t from container_runtime_t - We should only label runc not runc [2:2.3-1] - Fix labeling on /usr/bin/runc. - Add sandbox_net_domain access to container.te - Remove containers ability to look at /etc content [2:2.2-4] - use upstream's RHEL-1.12 branch, commit 56c32da for CentOS 7 [2:2.2-3] - properly disable docker module in %post [2:2.2-2] - depend on selinux-policy-targeted - relabel docker-latest files as well [2:2.2-1] - bump to v2.2 - additional labeling for ocid [2:2.0-2] - install policy at level 200 - From: Dan Walsh [2:2.0-1] - Resolves: #1406517 - bump to v2.0 (first upload to Fedora as a standalone package) - include projectatomic/RHEL-1.12 branch commit for building on centos/rhel [2:1.12.4-29] - new package (separated from docker) containernetworking-plugins [0.8.3-4.0.1] - Disable debuginfo [0.8.3-4] - compile with no_openssl - Related: RHELPLAN-25138 [0.8.3-3] - compile in FIPS mode - Related: RHELPLAN-25138 [0.8.3-2] - be sure to use golang >= 1.12.12-4 - Related: RHELPLAN-25138 [0.8.3-1] - update to 0.8.3 - Related: RHELPLAN-25138 [0.8.1-2] - backport https://github.com/coreos/go-iptables/pull/62 from Michael Cambria - Resolves: #1627561 [0.8.1-1] - Resolves: #1720319 - bump to v0.8.1 [0.7.5-1] - Resolves: #1616063 - bump to v0.7.5 [0.7.4-3.git9ebe139] - re-enable debuginfo [0.7.4-2.git9ebe139] - rebase, removed patch that is already upstream [0.7.3-7.git19f2f28] - go tools not in scl anymore [0.7.3-6.git19f2f28] - correct tag specification format in %gobuild macro [0.7.3-5.git19f2f28] - Resolves: #1616062 - patch to revert coreos/go-iptables bump [0.7.3-4.git19f2f28] - Resolves:#1603012 - fix versioning, upstream got it wrong at 7.2 [0.7.2-3.git19f2f28] - disable i686 temporarily for appstream builds - update golang deps and gobuild definition [0.7.2-2.git19f2f28] - rebase [0.7.0-103.gitdd8ff8a] - enable scl with the toolset [0.7.0-102.gitdd8ff8a] - remove devel and unittest subpackages - use new go-toolset deps [0.7.0-101] - rebase - patches already upstream, removed [0.6.0-6] - Imported from Fedora - Renamed CNI -> plugins [0.6.0-4] - Own the libexec cni directory [0.6.0-3] - Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild [0.6.0-2] - skip settling IPv4 addresses [0.6.0-1] - rebased to 7480240de9749f9a0a5c8614b17f1f03e0c06ab9 [0.5.2-7] - do not install to /opt (against Fedora Guidelines) [0.5.2-6] - Enable devel subpackage [0.5.2-5] - Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild [0.5.2-4] - Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild [0.5.2-3] - excludearch: ppc64 as it's not in goarches anymore - re-enable s390x [0.5.2-2] - upstream moved to github.com/containernetworking/plugins - built commit dcf7368 - provides: containernetworking-plugins - use vendored deps because they're a lot less of a PITA - excludearch: s390x for now (rhbz#1466865) [0.5.2-1] - Update to 0.5.2 - Softlink to default /opt/cni/bin directories [0.5.1-1] - Initial package fuse-overlayfs [0.7.2-1] - update to 0.7.2 - Related: RHELPLAN-25138 [0.7-1] - update to 0.7 - apply patch to fix build on RHEL-8 - Related: RHELPLAN-25138 [0.4.1-1] - Resolves: #1720654 - rebase to v0.4.1 [0.3-2] - rebase - Resolves:#1666510 [0.1-7.dev.git50c7a50] - Resolves: #1640232 - built commit 50c7a50 [0.1-6.dev.git1c72a1a] - Resolves: #1614856 - add manpage - built commit 1c72a1a - add BR: go-md2man [0.1-5.dev.gitd40ac75] - built commit d40ac75 - remove fedora bz ids - Exclude ix86 and ppc64 [0.1-4.dev.git79c70fd] - Resolves: #1609598 - initial upload to Fedora - bundled gnulib [0.1-3.dev.git79c70fd] - correct license field [0.1-2.dev.git79c70fd] - fix license [0.1-1.dev.git13575b6] - First package for Fedora podman [1.6.4-2.0.1] - delivering fix for [Orabug: 29874238] by Nikita Gerasimov [1.6.4-2] - apply fix for bug 1757845 - Related: RHELPLAN-25138 [1.6.4-1] - update to 1.6.4 - Related: RHELPLAN-25138 [1.6.3-6] - remove BR: device-mapper-devel, minor spec file changes - Related: RHELPLAN-25138 [1.6.3-5] - Ensure volumes reacquire locks on state refresh (thanks Matt Heon) - Related: RHELPLAN-25138 [1.6.3-4] - use the file events logger backend if systemd isn't available (thanks to Giuseppe Scrivano) - Related: RHELPLAN-25138 [1.6.3-3] - require slirp4netns >= 0.4.0-1 - Related: RHELPLAN-25138 [1.6.3-2] - apply fix to not to fail gating tests: don't parse the config for cgroup-manager default - don't hang while on podman run --rm - bug 1767663 [1.6.3-1] - update to podman 1.6.3 - addresses CVE-2019-18466 [1.6.2-6] - fix %gobuild macro to not to ignore BUILDTAGS [1.6.2-5] - use btrfs_noversion to really disable BTRFS support - amend/reuse BUILDTAGS - still keep device-mapper-devel BR otherwise build fails despite dm support being disabled (build scripting invokes pkg-config for devmapper which is shipped by the dm-devel package) [1.6.2-4] - disable BTRFS support [1.6.2-3] - split podman and conmon packages - drop BR: device-mapper-devel and update BRs in general [1.6.2-2] - drop oci-systemd-hook requirement - drop upstreamed CVE-2019-10214 patch [1.6.2-1] - update to podman 1.6.2 [1.4.2-6] - fix build with --nocheck (#1721394) - escape commented out macros [1.4.2-5] - Fix CVE-2019-10214 (#1734649). [1.4.2-4] - update to latest conmon (Resolves: #1743685) [1.4.2-3] - update to v1.4.2-stable1 - Resolves: #1741157 [1.4.2-2] - Resolves: #1669197, #1705763, #1737077, #1671622, #1723879, #1730281, - Resolves: #1731117 - built libpod v1.4.2-stable1 [1.4.2-1] - Resolves: #1721638 - bump to v1.4.2 [1.4.1-4] - Resolves: #1720654 - update dep on libvarlink - Resolves: #1721247 - enable fips mode [1.4.1-3] - Resolves: #1720654 - podman requires podman-manpages - update dep on cni plugins >= 0.8.1-1 [1.4.1-2] - Resolves: #1720654 - podman-manpages obsoletes podman < 1.4.1-2 [1.4.1-1] - Resolves: #1720654 - bump to v1.4.1 - bump conmon to v0.3.0 [1.4.0-1] - Resolves: #1720654 - bump to v1.4.0 [1.3.2-2] - Resolves: #1683217 - tests subpackage requires slirp4netns [1.3.2-1] - Resolves: #1707220 - bump to v1.3.2 - built conmon v0.2.0 [1.2.0-1.git3bd528e5] - package system tests, zsh completion. Update CI tests to use new -tests pkg [1.1.0-1.git006206a] - bump to v1.1.0 [1.0.1-1.git2c74edd] - bump to v1.0.1 [1.0.0-2.git921f98f] - rebase [1.0.0-1.git82e8011] - rebase to v1, yay! - rebase conmon to 9b1f0a08285a7f74b21cc9b6bfd98a48905a7ba2 - Resolves:#1623282 - python interface removed, moved to https://github.com/containers/python-podman/ [0.12.1.2-4.git9551f6b] - re-enable debuginfo [0.12.1.2-3.git9551f6b] - python libraries added - resolves: #1657180 [0.12.1.2-2.git9551f6b] - rebase [0.11.1.1-3.git594495d] - go tools not in scl anymore [0.11.1.1-2.git594495d] - fedora-like buildrequires go toolset [0.11.1.1-1.git594495d] - Resolves: #1636230 - build with FIPS enabled golang toolchain - bump to v0.11.1.1 - built commit 594495d [0.11.1-3.gita4adfe5] - podman-docker provides docker - Resolves: #1650355 [0.11.1-2.gita4adfe5] - Require platform-python-setuptools instead of python3-setuptools - Resolves: rhbz#1650144 [0.11.1-1.gita4adfe5] - bump to v0.11.1 - built libpod commit a4adfe5 - built conmon from cri-o commit 464dba6 [0.10.1.3-5.gitdb08685] - Resolves: #1625384 - keep BR: device-mapper-devel but don't build with it - not having device-mapper-devel seems to have brew not recognize %{_unitdir} [0.10.1.3-4.gitdb08685] - Resolves: #1625384 - correctly add buildtags to remove devmapper [0.10.1.3-3.gitdb08685] - Resolves: #1625384 - build without device-mapper-devel (no podman support) and lvm2 [0.10.1.3-2.gitdb08685] - Resolves: #1625384 - depend on lvm2 [0.10.1.3-1.gitdb08685] - Resolves: #1640298 - update vendored buildah to allow building when there are running containers - bump to v0.10.1.3 - built podman commit db08685 [0.10.1.2-1.git2b4f8d1] - Resolves: #1625378 - bump to v0.10.1.2 - built podman commit 2b4f8d1 [0.10.1.1-1.git4bea3e9] - bump to v0.10.1.1 - built podman commit 4bea3e9 [0.10.1-1.gite4a1553] - bump podman to v0.10.1 - built podman commit e4a1553 - built conmon from cri-o commit a30f93c [0.9.3.1-4.git1cd906d] - rebased cri-o to 1.11.6 [0.9.3.1-3.git1cd906d] - rebase [0.9.2-2.git37a2afe] - rebase to podman 0.9.2 - rebase to cri-o 0.11.4 [0.9.1.1-2.git123de30] - rebase [0.8.4-1.git9f9b8cf] - bump to v0.8.4 - built commit 9f9b8cf - upstream username changed from projectatomic to containers - use containernetworking-plugins >= 0.7.3-5 [0.8.2.1-2.git7a526bb] - Resolves: #1615607 - rebuild with gobuild tag 'no_openssl' [0.8.2.1-1.git7a526bb] - Upstream 0.8.2.1 release - Add support for podman-docker Resolves: rhbz#1615104 [0.8.2-1.dev.git8b2d38e] - Resolves: #1614710 - podman search name includes registry - bump to v0.8.2-dev - built libpod commit 8b2d38e - built conmon from cri-o commit acc0ee7 [0.8.1-2.git6b4ab2a] - Add recommends for slirp4netns and container-selinux [0.8.1-2.git6b4ab2a] - bump to v0.8.1 - use %go{build,generate} instead of go build and go generate - update go deps to use scl-ized builds - No need for Makefile patch for python installs [0.8.1-1.git6b4ab2a] - Bump to v0.8.1 [0.7.4-2.git079121] - podman should not require atomic-registries [0.7.4-1.dev.git9a18681] - bump to v0.7.4-dev - built commit 9a18681 [0.7.3-2.git079121] - Turn on ostree support - Upstream 0.7.3 [0.7.2-2.git4ca4c5f] - Upstream 0.7.2 release [0.7.1-3.git84cfdb2] - rebuilt [0.7.1-2.git84cfdb2] - rebase to 84cfdb2 [0.7.1-1.git802d4f2] - Upstream 0.7.1 release [0.6.4-2.gitd5beb2f] - disable devel and unittest subpackages - include conditionals for rhel-8.0 [0.6.4-1.gitd5beb2f] - do not compress debuginfo with dwz to support delve debugger [0.6.1-3.git3e0ff12] - do not compress debuginfo with dwz to support delve debugger [0.6.1-2.git3e0ff12] - bash completion shouldn't have shebang [0.6.1-1.git3e0ff12] - Resolves: #1584429 - drop capabilities when running a container as non-root - bump to v0.6.1 - built podman commit 3e0ff12 - built conmon from cri-o commit 1c0c3b0 - drop containernetworking-plugins subpackage, it's now split out into a standalone package [0.4.1-4.gitb51d327] - Resolves: #1572538 - build host-device and portmap plugins [0.4.1-3.gitb51d327] - correct dep on containernetworking-plugins [0.4.1-2.gitb51d327] - add containernetworking-plugins v0.7.0 as a subpackage (podman dep) - release tag for the containernetworking-plugins is actually gotten from podman release tag. [0.4.1-1.gitb51d327] - bump to v0.4.1 - built commit b51d327 [0.3.3-1.dev.gitbc358eb] - built podman commit bc358eb - built conmon from cri-o commit 712f3b8 [0.3.2-1.gitf79a39a] - Release 0.3.2-1 [0.3.1-2.git98b95ff] - Correct RPM version [0.3.1-1-gitc187538] - Release 0.3.1-1 [0.2.2-2.git525e3b1] - Build on ARMv7 too (Fedora supports containers on that arch too) [0.2.2-1.git525e3b1] - Release 0.2.2 [0.2.1-1.git3d0100b] - Release 0.2.1 [0.2-3.git3d0100b] - Add dep for atomic-registries [0.2-2.git3d0100b] - Add more 64bit arches - Add containernetworking-cni dependancy - Add iptables dependancy [0-2.1.git3d0100] - Release 0.2 [0-0.3.git367213a] - Resolves: #1541554 - first official build - built commit 367213a [0-0.2.git0387f69] - built commit 0387f69 [0-0.1.gitc1b2278] - First package for Fedora python-podman-api [1.2.0-0.2.gitd0a45fe] - revert update to 1.6.0 due to new python3-pbr dependency which is not in RHEL - Related: RHELPLAN-25138 [1.2.0-0.1.gitd0a45fe] - Initial package runc [1.0.0-64.rc9] - use no_openssl in BUILDTAGS (no vendored crypto in runc) - Related: RHELPLAN-25138 [1.0.0-63.rc9] - be sure to use golang >= 1.12.12-4 - Related: RHELPLAN-25138 [1.0.0-62.rc9] - rebuild because of CVE-2019-9512 and CVE-2019-9514 - Related: RHELPLAN-25138 [1.0.0-61.rc9] - update to runc 1.0.0-rc9 release - amend golang deps - fixes CVE-2019-16884 [1.0.0-60.rc8] - Resolves: #1721247 - enable fips mode [1.0.0-59.rc8] - Resolves: #1720654 - rebase to v1.0.0-rc8 [1.0.0-57.rc5.dev.git2abd837] - Resolves: #1693424 - podman rootless: cannot specify gid= mount options [1.0.0-56.rc5.dev.git2abd837] - change-default-root patch not needed as there's no docker on rhel8 [1.0.0-55.rc5.dev.git2abd837] - Resolves: CVE-2019-5736 [1.0.0-54.rc5.dev.git2abd837] - re-enable debuginfo [1.0.0-53.rc5.dev.git2abd837] - go toolset not in scl anymore [1.0.0-52.rc5.dev.git2abd837] - rebase [2:1.0.0-51.dev.gitfdd8055] - Fix handling of tmpcopyup [2:1.0.0-49.rc5.dev.gitb4e2ecb] - %gobuild uses no_openssl - remove unused devel and unit-test subpackages [2:1.0.0-48.rc5.dev.gitad0f525] - build with %gobuild - exlude i686 temporarily because of go-toolset issues [1.0.0-47.dev.gitb4e2ecb] - Rebuild with fixed binutils [2:1.0.0-46.dev.gitb4e2ecb] - Add patch https://github.com/opencontainers/runc/pull/1807 to allow - runc and podman to work with sd_notify [2:1.0.0-40.rc5.dev.gitad0f525] - Remove sysclt handling, not needed in RHEL8 - Make sure package built with seccomp flags - Remove rectty - Add completions [2:1.0.0-36.rc5.dev.gitad0f525] - Better handling of user namespace [2:1.0.0-31.rc5.git0cbfd83] - Fix issues between SELinux and UserNamespace [1.0.0-27.rc5.dev.git4bb1fe4] - rebuilt, placed missing changelog entry back [2:1.0.0-26.rc5.git4bb1fe4] - release v1.0.0~rc5 [1.0.0-26.rc4.git9f9c962] - Bump to the latest from upstream [1.0.0-25.rc4.gite6516b3] - built commit e6516b3 [1.0.0-24.rc4.dev.gitc6e4a1e.1] - rebase to c6e4a1ebeb1a72b529c6f1b6ee2b1ae5b868b14f - https://github.com/opencontainers/runc/pull/1651 [1.0.0-23.rc4.git1d3ab6d] - Resolves: #1524654 [1.0.0-22.rc4.git1d3ab6d] - Many Stability fixes - Many fixes for rootless containers - Many fixes for static builds [1.0.0-21.rc4.dev.gitaea4f21] - enable debuginfo and include -buildmode=pie for go build [1.0.0-20.rc4.dev.gitaea4f21] - use Makefile [1.0.0-19.rc4.dev.gitaea4f21] - disable debuginfo temporarily [1.0.0-18.rc4.dev.gitaea4f21] - enable debuginfo [1.0.0-17.rc4.gitaea4f21] - Add container-selinux prerequires to make sure runc is labeled correctly [1.0.0-16.rc4.dev.gitaea4f21] - correct the release tag 'rc4dev' -> 'rc4.dev' cause I'm OCD [1.0.0-15.rc4dev.gitaea4f21] - Use the same checkout as Fedora for lates CRI-O [1.0.0-14.rc4dev.git84a082b] - rebase to 84a082bfef6f932de921437815355186db37aeb1 [1.0.0-13.rc3.gitd40db12] - Resolves: #1479489 - built commit d40db12 [1.0.0-12.1.gitf8ce01d] - disable s390x temporarily because of indefinite wait times on brew [1.0.0-11.1.gitf8ce01d] - correct previous bogus date : [1.0.0-10.1.gitf8ce01d] - Resolves: #1441737 - run sysctl_apply for sysctl knob [1.0.0-9.1.gitf8ce01d] - Resolves: #1447078 - change default root path - add commit e800860 from runc @projectatomic/change-root-path [1.0.0-8.1.gitf8ce01d] - Resolves: #1441737 - enable kernel sysctl knob /proc/sys/fs/may_detach_mounts [1.0.0-7.1.gitf8ce01d] - Resolves: #1429675 - built @opencontainers/master commit f8ce01d [1.0.0-4.1.gitee992e5] - built @projectatomic/master commit ee992e5 [1.0.0-3.rc2] - Resolves: #1426674 - built projectatomic/runc_rhel_7 commit 5d93f81 [1.0.0-2.rc2] - Resolves: #1419702 - rebase to latest upstream master - built commit b263a43 [1.0.0-1.rc2] - Resolves: #1412239 - CVE-2016-9962 - set init processes as non-dumpable, runc patch from Michael Crosby [0.1.1-6] - Resolves: #1373980 - rebuild for 7.3.0 [0.1.1-5] - build with golang >= 1.6.2 [0.1.1-4] - release tags were inconsistent in the previous build [0.1.1-1] - Resolves: #1341267 - rebase runc to v0.1.1 [0.1.0-3] - add selinux build tag - add BR: libseccomp-devel [0.1.0-2] - Resolves: #1328970 - add seccomp buildtag [0.1.0-1] - Resolves: rhbz#1328616 - rebase to v0.1.0 [0.0.8-1.git4155b68] - Resolves: rhbz#1277245 - bump to 0.0.8 - Resolves: rhbz#1302363 - criu is a runtime dep - Resolves: rhbz#1302348 - libseccomp-golang is bundled in Godeps - manpages included [1:0.0.5-0.1.git97bc9a7] - Update to 0.0.5, introduce Epoch for Fedora due to 0.2 version instead of 0.0.2 [0.2-0.2.git90e6d37] - First package for Fedora resolves: #1255179 skopeo [0.1.40-8.0.1] - Add oracle registry into the conf file [Orabug: 29845934] - Fix oracle registry login issues [Orabug: 29937192] [1:0.1.40-8] - change the search order of registries and remove quay.io (#1784267) [1:0.1.40-7] - compile in FIPS mode - Related: RHELPLAN-25138 [1:0.1.40-6] - be sure to use golang >= 1.12.12-4 - Related: RHELPLAN-25138 [1:0.1.40-5] - fix file list - Related: RHELPLAN-25138 [1:0.1.40-4] - add missing source files to git - Related: RHELPLAN-25138 [1:0.1.40-3] - rebuild because of CVE-2019-9512 and CVE-2019-9514 - Related: RHELPLAN-25138 [1:0.1.40-2] - comment out mountopt option in order to fix gating tests see bug 1769769 [1:0.1.40-1] - update to 0.1.40 [1:0.1.37-5] - Fix CVE-2019-10214 (#1734651). [1:0.1.37-4] - fix permissions of rhel/secrets Resolves: #1691543 [1:0.1.37-3] - Resolves: #1719994 - add registry.access.redhat.com to registries.conf [1:0.1.37-2] - Resolves: #1721247 - enable fips mode [1:0.1.37-1] - Resolves: #1720654 - rebase to v0.1.37 [1:0.1.36-1.git6307635] - built upstream tag v0.1.36, including system tests [1:0.1.32-4.git1715c90] - Fixes @openshift/machine-config-operator#669 - install /etc/containers/oci/hooks.d and /etc/containers/certs.d [1:0.1.32-3.git1715c90] - rebase [1:0.1.32-2.git1715c90] - re-enable debuginfo [1:0.1.31-12.gitb0b750d] - go tools not in scl anymore [1:0.1.31-11.gitb0b750d] - Resolves: #1615609 - built upstream tag v0.1.31 [1:0.1.31-10.git0144aa8] - Resolves: #1616069 - correct order of registries [1:0.1.31-9.git0144aa8] - Resolves: #1615609 - rebuild with gobuild tag 'no_openssl' [1:0.1.31-8.git0144aa8] - Resolves: #1614934 - containers-common soft dep on slirp4netns and fuse-overlayfs [1:0.1.31-7.git0144aa8] - build with %gobuild - use scl-ized go-toolset as dep - disable i686 builds temporarily because of go-toolset issues [1:0.1.31-6.git0144aa8] - add statx to seccomp.json to containers-config - add seccomp.json to containers-config [1:0.1.31-4.git0144aa8] - Resolves: #1597629 - handle dependency issue for skopeo-containers - rename skopeo-containers to containers-common as in Fedora [1:0.1.31-3.git0144aa8] - Resolves: #1583762 - btrfs dep removal needs exclude_graphdriver_btrfs buildtag [1:0.1.31-2.git0144aa8] - correct bz in previous changelog [1:0.1.31-1.git0144aa8] - Resolves: #1580938 - resolve FTBFS - Resolves: #1583762 - remove dependency on btrfs-progs-devel - bump to v0.1.31 (from master) - built commit ca3bff6 - use go-toolset deps for rhel8 [0.1.29-5.git7add6fc] - Fix small typo in registries.conf [0.1.29-4.git] - Add policy.json.5 [0.1.29-3.git] - Add registries.conf [0.1.29-2.git] - Add registries.conf man page [0.1.29-1.git] - bump to 0.1.29-1 - Updated containers/image docker-archive generates docker legacy compatible images Do not create subdirectories for layers with no configs Ensure the layer IDs in legacy docker/tarfile metadata are unique docker-archive: repeated layers are symlinked in the tar file sysregistries: remove all trailing slashes Improve docker/ error messages Fix failure to make auth directory Create a new slice in Schema1.UpdateLayerInfos Drop unused storageImageDestination.{image,systemContext} Load a *storage.Image only once in storageImageSource Support gzip for docker-archive files Remove .tar extension from blob and config file names ostree, src: support copy of compressed layers ostree: re-pull layer if it misses uncompressed_digest|uncompressed_size image: fix docker schema v1 -> OCI conversion Add /etc/containers/certs.d as default certs directory [0.1.28-2.git0270e56] - Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild [0.1.28-1.git] - Vendor in fixed libraries in containers/image and containers/storage [0.1.27-1.git] - Fix Conflicts to Obsoletes - Add better docs to man pages. - Use credentials from authfile for skopeo commands - Support storage='' in /etc/containers/storage.conf - Add global --override-arch and --override-os options [0.1.25-2.git2e8377a7] - Add manifest type conversion to skopeo copy - User can select from 3 manifest types: oci, v2s1, or v2s2 - e.g skopeo copy --format v2s1 --compress-blobs docker-archive:alp.tar dir:my-directory [0.1.25-2.git7fd6f66b] - Force storage.conf to default to overlay [0.1.25-1.git7fd6f66b] - Fix CVE in tar-split - copy: add shared blob directory support for OCI sources/destinations - Aligning Docker version between containers/image and skopeo - Update image-tools, and remove the duplicate Sirupsen/logrus vendor - makefile: use -buildmode=pie [0.1.24-8.git28d4e08a] - Add /usr/share/containers/mounts.conf [0.1.24-7.git28d4e08a] - Bug fixes - Update to release [0.1.24-6.dev.git28d4e08] - skopeo-containers conflicts with docker-rhsubscription <= 2:1.13.1-31 [0.1.24-5.dev.git28d4e08] - Add rhel subscription secrets data to skopeo-containers [0.1.24-4.dev.git28d4e08] - Update container/storage.conf and containers-storage.conf man page - Default override to true so it is consistent with RHEL. [0.1.24-3.dev.git28d4e08] - built commit 28d4e08 [0.1.24-2.dev.git875dd2e] - built commit 875dd2e - Resolves: gh#416 [0.1.24-1.dev.gita41cd0] - bump to 0.1.24-dev - correct a prior bogus date - fix macro in comment warning [0.1.23-6.dev.git1bbd87] - Change name of storage.conf.5 man page to containers-storage.conf.5, since it conflicts with inn package - Also remove default to 'overalay' in the configuration, since we should - allow containers storage to pick the best default for the platform. [0.1.23-5.git1bbd87f] - Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild [0.1.23-4.git1bbd87f] - Rebuild with binutils fix for ppc64le (#1475636) [0.1.23-3.git1bbd87f] - Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild [0.1.23-2.dev.git1bbd87] - Fix storage.conf man page to be storage.conf.5.gz so that it works. [0.1.23-1.dev.git1bbd87] - Support for OCI V1.0 Images - Update to image-spec v1.0.0 and revendor - Fixes for authentication [0.1.22-2.dev.git5d24b67] - Epoch: 1 for CentOS as CentOS Extras' build already has epoch set to 1 [0.1.22-1.dev.git5d24b67] - Give more useful help when explaining usage - Also specify container-storage as a valid transport - Remove docker reference wherever possible - vendor in ostree fixes [0.1.21-1.dev.git0b73154] - Add support for storage.conf and storage-config.5.md from github container storage package - Bump to the latest version of skopeo - vendor.conf: add ostree-go - it is used by containers/image for pulling images to the OSTree storage. - fail early when image os does not match host os - Improve documentation on what to do with containers/image failures in test-skopeo - We now have the docker-archive: transport - Integration tests with built registries also exist - Support /etc/docker/certs.d - update image-spec to v1.0.0-rc6 [0.1.20-1.dev.git0224d8c] - BZ #1380078 - New release [0.1.19-2.dev.git0224d8c] - No golang support for ppc64. Adding exclude arch. BZ #1445490 [0.1.19-1.dev.git0224d8c] - bump to v0.1.19-dev - built commit 0224d8c [0.1.17-3.dev.git2b3af4a] - Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild [0.1.17-2.dev.git2b3af4a] - Rebuild for gpgme 1.18 [0.1.17-1.dev.git2b3af4a] - bump to 0.1.17-dev [0.1.14-6.git550a480] - Fix BZ#1391932 [0.1.14-5.git550a480] - Conflicts with atomic in skopeo-containers [0.1.14-4.git550a480] - built skopeo-containers [0.1.14-3.gitd830391] - built mtrmac/integrate-all-the-things commit d830391 [0.1.14-2.git362bfc5] - built commit 362bfc5 [0.1.14-1.gitffe92ed] - build origin/master commit ffe92ed [0.1.13-6] - https://fedoraproject.org/wiki/Changes/golang1.7 [0.1.13-5] - include go-srpm-macros and compiler(go-compiler) in fedora conditionals - define %gobuild if not already - add patch to build with older version of golang [0.1.13-4] - update to v0.1.12 [0.1.12-3] - fix go build source path [0.1.12-2] - update to v0.1.12 [0.1.11-1] - update to v0.1.11 [0.1.10-1] - update to v0.1.10 - change runcom -> projectatomic [0.1.9-1] - update to v0.1.9 [0.1.8-1] - update to v0.1.8 [0.1.4-2] - https://fedoraproject.org/wiki/Changes/golang1.6 [0.1.4] - First package for Fedora slirp4netns [0.4.2-2.git21fdece] - Fix CVE-2020-7039. - Related: RHELPLAN-25138 [0.4.2-1.git21fdece] - update to latest 0.4.2, fixes bug 1763454 - Related: RHELPLAN-25138 [0.4.0-2] - add new BR: libseccomp-devel [0.4.0-1] - update to v.0.4.0 - sync with fedora spec - drop applied CVE-2019-14378 patch [0.3.0-4] - Fix CVE-2019-14378 (#1755595). [0.3.0-3] - Resolves: #1683217 - BR: glib2-devel [0.3.0-2] - Resolves: #1683217 - bump slirp4netns to v0.3.0 [0.3.0-1.alpha.2.git30883b5] - bump to v0.3.0-alpha.2 [0.1-2.dev.gitc4e1bc5] - changed summary [0.1-1.dev.gitc4e1bc5] - First package for RHEL 8 - import from Fedora rawhide - Exclude ix86 and ppc64 toolbox [0.0.4-1.el8] - Update for rhel8.1 container-tools module [0.0.4-1.rhaos4.2.el8] - Add help switch per RHBZ#1684258 - Spec fixes found by rpmlint [0.0.3-1.rhaos4.1.el8] - Use rhel8/support-tools [0.0.2-1.rhaos4.1.el8] - Add runlabel options and fix default image [0.0.1-1.rhaos4.1.el8] - Initial Specfile for Red Hat CoreOS Toolbox udica [0.2.1-2] - initial import to container-tools 8.2.0 - Related: RHELPLAN-25139 [0.2.1-1] - New rebase https://github.com/containers/udica/releases/tag/v0.2.0 Resolves: rhbz#1757693 [0.2.0-1] - New rebase https://github.com/containers/udica/releases/tag/v0.2.0 Resolves: rhbz#1757693