diff --git a/.buildah.metadata b/.buildah.metadata index ca2a784..c1b361d 100644 --- a/.buildah.metadata +++ b/.buildah.metadata @@ -1 +1 @@ -da35ceecbee25d37313869956f602161fc282153 SOURCES/buildah-9513cb8.tar.gz +c663721202c90de628f175a2c078eb5a9273bba0 SOURCES/v1.14.9.tar.gz diff --git a/.gitignore b/.gitignore index dc35543..888b1c6 100644 --- a/.gitignore +++ b/.gitignore @@ -1 +1 @@ -SOURCES/buildah-9513cb8.tar.gz +SOURCES/v1.14.9.tar.gz diff --git a/SOURCES/1996.patch b/SOURCES/1996.patch deleted file mode 100644 index fd565dd..0000000 --- a/SOURCES/1996.patch +++ /dev/null @@ -1,153 +0,0 @@ -From f09346578021c12069b6deb9487a1462b8d28a83 Mon Sep 17 00:00:00 2001 -From: Nalin Dahyabhai -Date: Thu, 21 Nov 2019 15:32:41 -0500 -Subject: [PATCH 1/3] bind: don't complain about missing mountpoints - -When we go to unmount a tree of mounts, if one of the directories isn't -there, instead of returning an error as before, log a debug message and -keep going. - -Signed-off-by: Nalin Dahyabhai ---- - bind/mount.go | 4 ++++ - 1 file changed, 4 insertions(+) - -diff --git a/bind/mount.go b/bind/mount.go -index e1ae323b9..adde901fd 100644 ---- a/bind/mount.go -+++ b/bind/mount.go -@@ -264,6 +264,10 @@ func UnmountMountpoints(mountpoint string, mountpointsToRemove []string) error { - mount := getMountByID(id) - // check if this mountpoint is mounted - if err := unix.Lstat(mount.Mountpoint, &st); err != nil { -+ if os.IsNotExist(err) { -+ logrus.Debugf("mountpoint %q is not present(?), skipping", mount.Mountpoint) -+ continue -+ } - return errors.Wrapf(err, "error checking if %q is mounted", mount.Mountpoint) - } - if mount.Major != int(unix.Major(st.Dev)) || mount.Minor != int(unix.Minor(st.Dev)) { - -From c5fb681a6082b78c422eb3531667dc6d607a9355 Mon Sep 17 00:00:00 2001 -From: Nalin Dahyabhai -Date: Fri, 22 Nov 2019 14:22:26 -0500 -Subject: [PATCH 2/3] chroot: Unmount with MNT_DETACH instead of - UnmountMountpoints() - -Unmounting the rootfs with MNT_DETACH should unmount everything below -it, so we don't need to use the more exhaustive method that our bind -package uses for its bind mounts. - -Signed-off-by: Nalin Dahyabhai ---- - chroot/run.go | 25 +++++++++++++++---------- - 1 file changed, 15 insertions(+), 10 deletions(-) - -diff --git a/chroot/run.go b/chroot/run.go -index fbccbcdb0..76ac78d1f 100644 ---- a/chroot/run.go -+++ b/chroot/run.go -@@ -15,6 +15,7 @@ import ( - "strings" - "sync" - "syscall" -+ "time" - "unsafe" - - "github.com/containers/buildah/bind" -@@ -1002,12 +1003,19 @@ func isDevNull(dev os.FileInfo) bool { - // callback that will clean up its work. - func setupChrootBindMounts(spec *specs.Spec, bundlePath string) (undoBinds func() error, err error) { - var fs unix.Statfs_t -- removes := []string{} - undoBinds = func() error { -- if err2 := bind.UnmountMountpoints(spec.Root.Path, removes); err2 != nil { -- logrus.Warnf("pkg/chroot: error unmounting %q: %v", spec.Root.Path, err2) -- if err == nil { -- err = err2 -+ if err2 := unix.Unmount(spec.Root.Path, unix.MNT_DETACH); err2 != nil { -+ retries := 0 -+ for (err2 == unix.EBUSY || err2 == unix.EAGAIN) && retries < 50 { -+ time.Sleep(50 * time.Millisecond) -+ err2 = unix.Unmount(spec.Root.Path, unix.MNT_DETACH) -+ retries++ -+ } -+ if err2 != nil { -+ logrus.Warnf("pkg/chroot: error unmounting %q (retried %d times): %v", spec.Root.Path, retries, err2) -+ if err == nil { -+ err = err2 -+ } - } - } - return err -@@ -1096,6 +1104,7 @@ func setupChrootBindMounts(spec *specs.Spec, bundlePath string) (undoBinds func( - // Add /sys/fs/selinux to the set of masked paths, to ensure that we don't have processes - // attempting to interact with labeling, when they aren't allowed to do so. - spec.Linux.MaskedPaths = append(spec.Linux.MaskedPaths, "/sys/fs/selinux") -+ - // Bind mount in everything we've been asked to mount. - for _, m := range spec.Mounts { - // Skip anything that we just mounted. -@@ -1141,13 +1150,11 @@ func setupChrootBindMounts(spec *specs.Spec, bundlePath string) (undoBinds func( - if !os.IsNotExist(err) { - return undoBinds, errors.Wrapf(err, "error examining %q for mounting in mount namespace", target) - } -- // The target isn't there yet, so create it, and make a -- // note to remove it later. -+ // The target isn't there yet, so create it. - if srcinfo.IsDir() { - if err = os.MkdirAll(target, 0111); err != nil { - return undoBinds, errors.Wrapf(err, "error creating mountpoint %q in mount namespace", target) - } -- removes = append(removes, target) - } else { - if err = os.MkdirAll(filepath.Dir(target), 0111); err != nil { - return undoBinds, errors.Wrapf(err, "error ensuring parent of mountpoint %q (%q) is present in mount namespace", target, filepath.Dir(target)) -@@ -1157,7 +1164,6 @@ func setupChrootBindMounts(spec *specs.Spec, bundlePath string) (undoBinds func( - return undoBinds, errors.Wrapf(err, "error creating mountpoint %q in mount namespace", target) - } - file.Close() -- removes = append(removes, target) - } - } - requestFlags := bindFlags -@@ -1266,7 +1272,6 @@ func setupChrootBindMounts(spec *specs.Spec, bundlePath string) (undoBinds func( - if err := os.Mkdir(roEmptyDir, 0700); err != nil { - return undoBinds, errors.Wrapf(err, "error creating empty directory %q", roEmptyDir) - } -- removes = append(removes, roEmptyDir) - } - - // Set up any masked paths that we need to. If we're running inside of - -From ec1be6a51941e10b5316c911ef97c88940f7c095 Mon Sep 17 00:00:00 2001 -From: Nalin Dahyabhai -Date: Fri, 22 Nov 2019 14:52:25 -0500 -Subject: [PATCH 3/3] overlay.bats typo: fuse-overlays should be fuse-overlayfs - -Signed-off-by: Nalin Dahyabhai ---- - tests/overlay.bats | 4 ++-- - 1 file changed, 2 insertions(+), 2 deletions(-) - -diff --git a/tests/overlay.bats b/tests/overlay.bats -index 04056f680..7cc2d0c62 100644 ---- a/tests/overlay.bats -+++ b/tests/overlay.bats -@@ -3,14 +3,14 @@ - load helpers - - @test "overlay specific level" { -- if test \! -e /usr/bin/fuse-overlays -a "$BUILDAH_ISOLATION" = "rootless"; then -+ if test \! -e /usr/bin/fuse-overlayfs -a "$BUILDAH_ISOLATION" = "rootless"; then - skip "BUILDAH_ISOLATION = $BUILDAH_ISOLATION" and no /usr/bin/fuse-overlayfs present - fi - image=alpine - mkdir ${TESTDIR}/lower - touch ${TESTDIR}/lower/foo - --cid=$(buildah --log-level=error from -v ${TESTDIR}/lower:/lower:O --quiet --signature-policy ${TESTSDIR}/policy.json $image) -+ cid=$(buildah --log-level=error from -v ${TESTDIR}/lower:/lower:O --quiet --signature-policy ${TESTSDIR}/policy.json $image) - - # This should succeed - run_buildah --log-level=error run $cid ls /lower/foo diff --git a/SOURCES/2031.patch b/SOURCES/2031.patch deleted file mode 100644 index b674e80..0000000 --- a/SOURCES/2031.patch +++ /dev/null @@ -1,147 +0,0 @@ -From fb7d2b6bd6a16ffdbe4a69428e3ba5b487719e78 Mon Sep 17 00:00:00 2001 -From: Daniel J Walsh -Date: Tue, 17 Dec 2019 15:24:29 -0500 -Subject: [PATCH] Add support for FIPS-Mode backends - -If host is running in fips mode, then RHEL8.2 and beyond container images -will come with a directory /usr/share/crypto-policies/back-ends/FIPS. -This directory needs to be bind mounted over /etc/crypto-policies/back-ends in -order to make all tools in the container follow the FIPS Mode rules. - -Signed-off-by: Daniel J Walsh ---- - pkg/secrets/secrets.go | 48 +++++++++++++++++++++++++++++++++--------- - run_linux.go | 2 +- - 2 files changed, 39 insertions(+), 11 deletions(-) - -diff --git a/pkg/secrets/secrets.go b/pkg/secrets/secrets.go -index 80ca05016..ee2e9a7c8 100644 ---- a/pkg/secrets/secrets.go -+++ b/pkg/secrets/secrets.go -@@ -148,12 +148,21 @@ func getMountsMap(path string) (string, string, error) { - } - - // SecretMounts copies, adds, and mounts the secrets to the container root filesystem -+// Deprecated, Please use SecretMountWithUIDGID - func SecretMounts(mountLabel, containerWorkingDir, mountFile string, rootless, disableFips bool) []rspec.Mount { - return SecretMountsWithUIDGID(mountLabel, containerWorkingDir, mountFile, containerWorkingDir, 0, 0, rootless, disableFips) - } - --// SecretMountsWithUIDGID specifies the uid/gid of the owner --func SecretMountsWithUIDGID(mountLabel, containerWorkingDir, mountFile, mountPrefix string, uid, gid int, rootless, disableFips bool) []rspec.Mount { -+// SecretMountsWithUIDGID copies, adds, and mounts the secrets to the container root filesystem -+// mountLabel: MAC/SELinux label for container content -+// containerWorkingDir: Private data for storing secrets on the host mounted in container. -+// mountFile: Additional mount points required for the container. -+// mountPoint: Container image mountpoint -+// uid: to assign to content created for secrets -+// gid: to assign to content created for secrets -+// rootless: indicates whether container is running in rootless mode -+// disableFips: indicates whether system should ignore fips mode -+func SecretMountsWithUIDGID(mountLabel, containerWorkingDir, mountFile, mountPoint string, uid, gid int, rootless, disableFips bool) []rspec.Mount { - var ( - secretMounts []rspec.Mount - mountFiles []string -@@ -171,7 +180,7 @@ func SecretMountsWithUIDGID(mountLabel, containerWorkingDir, mountFile, mountPre - } - for _, file := range mountFiles { - if _, err := os.Stat(file); err == nil { -- mounts, err := addSecretsFromMountsFile(file, mountLabel, containerWorkingDir, mountPrefix, uid, gid) -+ mounts, err := addSecretsFromMountsFile(file, mountLabel, containerWorkingDir, uid, gid) - if err != nil { - logrus.Warnf("error mounting secrets, skipping entry in %s: %v", file, err) - } -@@ -187,7 +196,7 @@ func SecretMountsWithUIDGID(mountLabel, containerWorkingDir, mountFile, mountPre - // Add FIPS mode secret if /etc/system-fips exists on the host - _, err := os.Stat("/etc/system-fips") - if err == nil { -- if err := addFIPSModeSecret(&secretMounts, containerWorkingDir, mountPrefix, mountLabel, uid, gid); err != nil { -+ if err := addFIPSModeSecret(&secretMounts, containerWorkingDir, mountPoint, mountLabel, uid, gid); err != nil { - logrus.Errorf("error adding FIPS mode secret to container: %v", err) - } - } else if os.IsNotExist(err) { -@@ -206,7 +215,7 @@ func rchown(chowndir string, uid, gid int) error { - - // addSecretsFromMountsFile copies the contents of host directory to container directory - // and returns a list of mounts --func addSecretsFromMountsFile(filePath, mountLabel, containerWorkingDir, mountPrefix string, uid, gid int) ([]rspec.Mount, error) { -+func addSecretsFromMountsFile(filePath, mountLabel, containerWorkingDir string, uid, gid int) ([]rspec.Mount, error) { - var mounts []rspec.Mount - defaultMountsPaths := getMounts(filePath) - for _, path := range defaultMountsPaths { -@@ -285,7 +294,7 @@ func addSecretsFromMountsFile(filePath, mountLabel, containerWorkingDir, mountPr - } - - m := rspec.Mount{ -- Source: filepath.Join(mountPrefix, ctrDirOrFile), -+ Source: ctrDirOrFileOnHost, - Destination: ctrDirOrFile, - Type: "bind", - Options: []string{"bind", "rprivate"}, -@@ -300,15 +309,15 @@ func addSecretsFromMountsFile(filePath, mountLabel, containerWorkingDir, mountPr - // root filesystem if /etc/system-fips exists on hosts. - // This enables the container to be FIPS compliant and run openssl in - // FIPS mode as the host is also in FIPS mode. --func addFIPSModeSecret(mounts *[]rspec.Mount, containerWorkingDir, mountPrefix, mountLabel string, uid, gid int) error { -+func addFIPSModeSecret(mounts *[]rspec.Mount, containerWorkingDir, mountPoint, mountLabel string, uid, gid int) error { - secretsDir := "/run/secrets" - ctrDirOnHost := filepath.Join(containerWorkingDir, secretsDir) - if _, err := os.Stat(ctrDirOnHost); os.IsNotExist(err) { - if err = idtools.MkdirAllAs(ctrDirOnHost, 0755, uid, gid); err != nil { -- return errors.Wrapf(err, "making container directory on host failed") -+ return errors.Wrapf(err, "making container directory %q on host failed", ctrDirOnHost) - } - if err = label.Relabel(ctrDirOnHost, mountLabel, false); err != nil { -- return errors.Wrap(err, "error applying correct labels") -+ return errors.Wrapf(err, "error applying correct labels on %q", ctrDirOnHost) - } - } - fipsFile := filepath.Join(ctrDirOnHost, "system-fips") -@@ -323,7 +332,7 @@ func addFIPSModeSecret(mounts *[]rspec.Mount, containerWorkingDir, mountPrefix, - - if !mountExists(*mounts, secretsDir) { - m := rspec.Mount{ -- Source: filepath.Join(mountPrefix, secretsDir), -+ Source: ctrDirOnHost, - Destination: secretsDir, - Type: "bind", - Options: []string{"bind", "rprivate"}, -@@ -331,6 +340,25 @@ func addFIPSModeSecret(mounts *[]rspec.Mount, containerWorkingDir, mountPrefix, - *mounts = append(*mounts, m) - } - -+ srcBackendDir := "/usr/share/crypto-policies/back-ends/FIPS" -+ destDir := "/etc/crypto-policies/back-ends" -+ srcOnHost := filepath.Join(mountPoint, srcBackendDir) -+ if _, err := os.Stat(srcOnHost); err != nil { -+ if os.IsNotExist(err) { -+ return nil -+ } -+ return errors.Wrapf(err, "failed to stat FIPS Backend directory %q", ctrDirOnHost) -+ } -+ -+ if !mountExists(*mounts, destDir) { -+ m := rspec.Mount{ -+ Source: srcOnHost, -+ Destination: destDir, -+ Type: "bind", -+ Options: []string{"bind", "rprivate"}, -+ } -+ *mounts = append(*mounts, m) -+ } - return nil - } - -diff --git a/run_linux.go b/run_linux.go -index 4c2d73edd..c8e75eada 100644 ---- a/run_linux.go -+++ b/run_linux.go -@@ -460,7 +460,7 @@ func (b *Builder) setupMounts(mountPoint string, spec *specs.Spec, bundlePath st - } - - // Get the list of secrets mounts. -- secretMounts := secrets.SecretMountsWithUIDGID(b.MountLabel, cdir, b.DefaultMountsFilePath, cdir, int(rootUID), int(rootGID), unshare.IsRootless(), false) -+ secretMounts := secrets.SecretMountsWithUIDGID(b.MountLabel, cdir, b.DefaultMountsFilePath, mountPoint, int(rootUID), int(rootGID), unshare.IsRootless(), false) - - // Add temporary copies of the contents of volume locations at the - // volume locations, unless we already have something there. diff --git a/SOURCES/CVE-2020-1702-1801926.patch b/SOURCES/CVE-2020-1702-1801926.patch deleted file mode 100644 index 00ea466..0000000 --- a/SOURCES/CVE-2020-1702-1801926.patch +++ /dev/null @@ -1,390 +0,0 @@ -From be1eb6f70fb40e45096b69aeb048d54c526a4a8f Mon Sep 17 00:00:00 2001 -From: Valentin Rothberg -Date: Thu, 6 Feb 2020 09:49:15 +0100 -Subject: [PATCH] [1.11-rhel] update github.com/containers/image - -Note that this includes fixes for -https://access.redhat.com/security/cve/CVE-2020-1702. - -Signed-off-by: Valentin Rothberg ---- - go.mod | 2 +- - go.sum | 2 + - .../image/v5/docker/docker_client.go | 6 +- - .../image/v5/docker/docker_image_dest.go | 3 +- - .../image/v5/docker/docker_image_src.go | 10 ++-- - .../image/v5/docker/tarfile/dest.go | 3 +- - .../containers/image/v5/docker/tarfile/src.go | 9 +-- - .../image/v5/image/docker_schema2.go | 4 +- - .../containers/image/v5/image/oci.go | 4 +- - .../image/v5/internal/iolimits/iolimits.go | 60 +++++++++++++++++++ - .../image/v5/openshift/openshift.go | 4 +- - vendor/modules.txt | 3 +- - 12 files changed, 89 insertions(+), 21 deletions(-) - create mode 100644 vendor/github.com/containers/image/v5/internal/iolimits/iolimits.go - -diff --git a/go.mod b/go.mod -index 684b00ff5..b94792238 100644 ---- a/go.mod -+++ b/go.mod -@@ -5,7 +5,7 @@ go 1.12 - require ( - github.com/blang/semver v3.5.0+incompatible // indirect - github.com/containernetworking/cni v0.7.1 -- github.com/containers/image/v5 v5.0.0 -+ github.com/containers/image/v5 v5.0.1-0.20200205124631-82291c45f2b0 - github.com/containers/storage v1.14.0 - github.com/cyphar/filepath-securejoin v0.2.2 - github.com/docker/distribution v2.7.1+incompatible -diff --git a/go.sum b/go.sum -index 1cce3ff7e..ef8729952 100644 ---- a/go.sum -+++ b/go.sum -@@ -54,6 +54,8 @@ github.com/containers/image/v4 v4.0.1 h1:idNGHChj0Pyv3vLrxul2oSVMZLeFqpoq3CjLeVg - github.com/containers/image/v4 v4.0.1/go.mod h1:0ASJH1YgJiX/eqFZObqepgsvIA4XjCgpyfwn9pDGafA= - github.com/containers/image/v5 v5.0.0 h1:arnXgbt1ucsC/ndtSpiQY87rA0UjhF+/xQnPzqdBDn4= - github.com/containers/image/v5 v5.0.0/go.mod h1:MgiLzCfIeo8lrHi+4Lb8HP+rh513sm0Mlk6RrhjFOLY= -+github.com/containers/image/v5 v5.0.1-0.20200205124631-82291c45f2b0 h1:iV4aHKRoPcHp5BISsuiPMyaCjGJfLKp/FUMAG1NeqvE= -+github.com/containers/image/v5 v5.0.1-0.20200205124631-82291c45f2b0/go.mod h1:MgiLzCfIeo8lrHi+4Lb8HP+rh513sm0Mlk6RrhjFOLY= - github.com/containers/libtrust v0.0.0-20190913040956-14b96171aa3b h1:Q8ePgVfHDplZ7U33NwHZkrVELsZP5fYj9pM5WBZB2GE= - github.com/containers/libtrust v0.0.0-20190913040956-14b96171aa3b/go.mod h1:9rfv8iPl1ZP7aqh9YA68wnZv2NUDbXdcdPHVz0pFbPY= - github.com/containers/storage v1.13.4 h1:j0bBaJDKbUHtAW1MXPFnwXJtqcH+foWeuXK1YaBV5GA= -diff --git a/vendor/github.com/containers/image/v5/docker/docker_client.go b/vendor/github.com/containers/image/v5/docker/docker_client.go -index 0b012c703..bff077a40 100644 ---- a/vendor/github.com/containers/image/v5/docker/docker_client.go -+++ b/vendor/github.com/containers/image/v5/docker/docker_client.go -@@ -6,7 +6,6 @@ import ( - "encoding/json" - "fmt" - "io" -- "io/ioutil" - "net/http" - "net/url" - "os" -@@ -17,6 +16,7 @@ import ( - "time" - - "github.com/containers/image/v5/docker/reference" -+ "github.com/containers/image/v5/internal/iolimits" - "github.com/containers/image/v5/pkg/docker/config" - "github.com/containers/image/v5/pkg/sysregistriesv2" - "github.com/containers/image/v5/pkg/tlsclientconfig" -@@ -597,7 +597,7 @@ func (c *dockerClient) getBearerToken(ctx context.Context, challenge challenge, - default: - return nil, errors.Errorf("unexpected http code: %d (%s), URL: %s", res.StatusCode, http.StatusText(res.StatusCode), authReq.URL) - } -- tokenBlob, err := ioutil.ReadAll(res.Body) -+ tokenBlob, err := iolimits.ReadAtMost(res.Body, iolimits.MaxAuthTokenBodySize) - if err != nil { - return nil, err - } -@@ -690,7 +690,7 @@ func (c *dockerClient) getExtensionsSignatures(ctx context.Context, ref dockerRe - return nil, errors.Wrapf(clientLib.HandleErrorResponse(res), "Error downloading signatures for %s in %s", manifestDigest, ref.ref.Name()) - } - -- body, err := ioutil.ReadAll(res.Body) -+ body, err := iolimits.ReadAtMost(res.Body, iolimits.MaxSignatureListBodySize) - if err != nil { - return nil, err - } -diff --git a/vendor/github.com/containers/image/v5/docker/docker_image_dest.go b/vendor/github.com/containers/image/v5/docker/docker_image_dest.go -index 417d97aec..ce8a1f357 100644 ---- a/vendor/github.com/containers/image/v5/docker/docker_image_dest.go -+++ b/vendor/github.com/containers/image/v5/docker/docker_image_dest.go -@@ -15,6 +15,7 @@ import ( - "strings" - - "github.com/containers/image/v5/docker/reference" -+ "github.com/containers/image/v5/internal/iolimits" - "github.com/containers/image/v5/manifest" - "github.com/containers/image/v5/pkg/blobinfocache/none" - "github.com/containers/image/v5/types" -@@ -620,7 +621,7 @@ sigExists: - } - defer res.Body.Close() - if res.StatusCode != http.StatusCreated { -- body, err := ioutil.ReadAll(res.Body) -+ body, err := iolimits.ReadAtMost(res.Body, iolimits.MaxErrorBodySize) - if err == nil { - logrus.Debugf("Error body %s", string(body)) - } -diff --git a/vendor/github.com/containers/image/v5/docker/docker_image_src.go b/vendor/github.com/containers/image/v5/docker/docker_image_src.go -index 35beb30e5..5436d9b7d 100644 ---- a/vendor/github.com/containers/image/v5/docker/docker_image_src.go -+++ b/vendor/github.com/containers/image/v5/docker/docker_image_src.go -@@ -12,6 +12,7 @@ import ( - "strconv" - - "github.com/containers/image/v5/docker/reference" -+ "github.com/containers/image/v5/internal/iolimits" - "github.com/containers/image/v5/manifest" - "github.com/containers/image/v5/pkg/sysregistriesv2" - "github.com/containers/image/v5/types" -@@ -156,7 +157,8 @@ func (s *dockerImageSource) fetchManifest(ctx context.Context, tagOrDigest strin - if res.StatusCode != http.StatusOK { - return nil, "", errors.Wrapf(client.HandleErrorResponse(res), "Error reading manifest %s in %s", tagOrDigest, s.ref.ref.Name()) - } -- manblob, err := ioutil.ReadAll(res.Body) -+ -+ manblob, err := iolimits.ReadAtMost(res.Body, iolimits.MaxManifestBodySize) - if err != nil { - return nil, "", err - } -@@ -342,7 +344,7 @@ func (s *dockerImageSource) getOneSignature(ctx context.Context, url *url.URL) ( - } else if res.StatusCode != http.StatusOK { - return nil, false, errors.Errorf("Error reading signature from %s: status %d (%s)", url.String(), res.StatusCode, http.StatusText(res.StatusCode)) - } -- sig, err := ioutil.ReadAll(res.Body) -+ sig, err := iolimits.ReadAtMost(res.Body, iolimits.MaxSignatureBodySize) - if err != nil { - return nil, false, err - } -@@ -401,7 +403,7 @@ func deleteImage(ctx context.Context, sys *types.SystemContext, ref dockerRefere - return err - } - defer get.Body.Close() -- manifestBody, err := ioutil.ReadAll(get.Body) -+ manifestBody, err := iolimits.ReadAtMost(get.Body, iolimits.MaxManifestBodySize) - if err != nil { - return err - } -@@ -424,7 +426,7 @@ func deleteImage(ctx context.Context, sys *types.SystemContext, ref dockerRefere - } - defer delete.Body.Close() - -- body, err := ioutil.ReadAll(delete.Body) -+ body, err := iolimits.ReadAtMost(delete.Body, iolimits.MaxErrorBodySize) - if err != nil { - return err - } -diff --git a/vendor/github.com/containers/image/v5/docker/tarfile/dest.go b/vendor/github.com/containers/image/v5/docker/tarfile/dest.go -index b02c60bb3..9748ca112 100644 ---- a/vendor/github.com/containers/image/v5/docker/tarfile/dest.go -+++ b/vendor/github.com/containers/image/v5/docker/tarfile/dest.go -@@ -13,6 +13,7 @@ import ( - "time" - - "github.com/containers/image/v5/docker/reference" -+ "github.com/containers/image/v5/internal/iolimits" - "github.com/containers/image/v5/internal/tmpdir" - "github.com/containers/image/v5/manifest" - "github.com/containers/image/v5/types" -@@ -135,7 +136,7 @@ func (d *Destination) PutBlob(ctx context.Context, stream io.Reader, inputInfo t - } - - if isConfig { -- buf, err := ioutil.ReadAll(stream) -+ buf, err := iolimits.ReadAtMost(stream, iolimits.MaxConfigBodySize) - if err != nil { - return types.BlobInfo{}, errors.Wrap(err, "Error reading Config file stream") - } -diff --git a/vendor/github.com/containers/image/v5/docker/tarfile/src.go b/vendor/github.com/containers/image/v5/docker/tarfile/src.go -index ad0a3d2cb..bbf604da6 100644 ---- a/vendor/github.com/containers/image/v5/docker/tarfile/src.go -+++ b/vendor/github.com/containers/image/v5/docker/tarfile/src.go -@@ -11,6 +11,7 @@ import ( - "path" - "sync" - -+ "github.com/containers/image/v5/internal/iolimits" - "github.com/containers/image/v5/internal/tmpdir" - "github.com/containers/image/v5/manifest" - "github.com/containers/image/v5/pkg/compression" -@@ -187,13 +188,13 @@ func findTarComponent(inputFile io.Reader, path string) (*tar.Reader, *tar.Heade - } - - // readTarComponent returns full contents of componentPath. --func (s *Source) readTarComponent(path string) ([]byte, error) { -+func (s *Source) readTarComponent(path string, limit int) ([]byte, error) { - file, err := s.openTarComponent(path) - if err != nil { - return nil, errors.Wrapf(err, "Error loading tar component %s", path) - } - defer file.Close() -- bytes, err := ioutil.ReadAll(file) -+ bytes, err := iolimits.ReadAtMost(file, limit) - if err != nil { - return nil, err - } -@@ -224,7 +225,7 @@ func (s *Source) ensureCachedDataIsPresentPrivate() error { - } - - // Read and parse config. -- configBytes, err := s.readTarComponent(tarManifest[0].Config) -+ configBytes, err := s.readTarComponent(tarManifest[0].Config, iolimits.MaxConfigBodySize) - if err != nil { - return err - } -@@ -250,7 +251,7 @@ func (s *Source) ensureCachedDataIsPresentPrivate() error { - // loadTarManifest loads and decodes the manifest.json. - func (s *Source) loadTarManifest() ([]ManifestItem, error) { - // FIXME? Do we need to deal with the legacy format? -- bytes, err := s.readTarComponent(manifestFileName) -+ bytes, err := s.readTarComponent(manifestFileName, iolimits.MaxTarFileManifestSize) - if err != nil { - return nil, err - } -diff --git a/vendor/github.com/containers/image/v5/image/docker_schema2.go b/vendor/github.com/containers/image/v5/image/docker_schema2.go -index 254c13f78..29c5047d7 100644 ---- a/vendor/github.com/containers/image/v5/image/docker_schema2.go -+++ b/vendor/github.com/containers/image/v5/image/docker_schema2.go -@@ -7,10 +7,10 @@ import ( - "encoding/hex" - "encoding/json" - "fmt" -- "io/ioutil" - "strings" - - "github.com/containers/image/v5/docker/reference" -+ "github.com/containers/image/v5/internal/iolimits" - "github.com/containers/image/v5/manifest" - "github.com/containers/image/v5/pkg/blobinfocache/none" - "github.com/containers/image/v5/types" -@@ -102,7 +102,7 @@ func (m *manifestSchema2) ConfigBlob(ctx context.Context) ([]byte, error) { - return nil, err - } - defer stream.Close() -- blob, err := ioutil.ReadAll(stream) -+ blob, err := iolimits.ReadAtMost(stream, iolimits.MaxConfigBodySize) - if err != nil { - return nil, err - } -diff --git a/vendor/github.com/containers/image/v5/image/oci.go b/vendor/github.com/containers/image/v5/image/oci.go -index 18a38d463..406da262f 100644 ---- a/vendor/github.com/containers/image/v5/image/oci.go -+++ b/vendor/github.com/containers/image/v5/image/oci.go -@@ -4,9 +4,9 @@ import ( - "context" - "encoding/json" - "fmt" -- "io/ioutil" - - "github.com/containers/image/v5/docker/reference" -+ "github.com/containers/image/v5/internal/iolimits" - "github.com/containers/image/v5/manifest" - "github.com/containers/image/v5/pkg/blobinfocache/none" - "github.com/containers/image/v5/types" -@@ -67,7 +67,7 @@ func (m *manifestOCI1) ConfigBlob(ctx context.Context) ([]byte, error) { - return nil, err - } - defer stream.Close() -- blob, err := ioutil.ReadAll(stream) -+ blob, err := iolimits.ReadAtMost(stream, iolimits.MaxConfigBodySize) - if err != nil { - return nil, err - } -diff --git a/vendor/github.com/containers/image/v5/internal/iolimits/iolimits.go b/vendor/github.com/containers/image/v5/internal/iolimits/iolimits.go -new file mode 100644 -index 000000000..3fed1995c ---- /dev/null -+++ b/vendor/github.com/containers/image/v5/internal/iolimits/iolimits.go -@@ -0,0 +1,60 @@ -+package iolimits -+ -+import ( -+ "io" -+ "io/ioutil" -+ -+ "github.com/pkg/errors" -+) -+ -+// All constants below are intended to be used as limits for `ReadAtMost`. The -+// immediate use-case for limiting the size of in-memory copied data is to -+// protect against OOM DOS attacks as described inCVE-2020-1702. Instead of -+// copying data until running out of memory, we error out after hitting the -+// specified limit. -+const ( -+ // megaByte denotes one megabyte and is intended to be used as a limit in -+ // `ReadAtMost`. -+ megaByte = 1 << 20 -+ // MaxManifestBodySize is the maximum allowed size of a manifest. The limit -+ // of 4 MB aligns with the one of a Docker registry: -+ // https://github.com/docker/distribution/blob/a8371794149d1d95f1e846744b05c87f2f825e5a/registry/handlers/manifests.go#L30 -+ MaxManifestBodySize = 4 * megaByte -+ // MaxAuthTokenBodySize is the maximum allowed size of an auth token. -+ // The limit of 1 MB is considered to be greatly sufficient. -+ MaxAuthTokenBodySize = megaByte -+ // MaxSignatureListBodySize is the maximum allowed size of a signature list. -+ // The limit of 4 MB is considered to be greatly sufficient. -+ MaxSignatureListBodySize = 4 * megaByte -+ // MaxSignatureBodySize is the maximum allowed size of a signature. -+ // The limit of 4 MB is considered to be greatly sufficient. -+ MaxSignatureBodySize = 4 * megaByte -+ // MaxErrorBodySize is the maximum allowed size of an error-response body. -+ // The limit of 1 MB is considered to be greatly sufficient. -+ MaxErrorBodySize = megaByte -+ // MaxConfigBodySize is the maximum allowed size of a config blob. -+ // The limit of 4 MB is considered to be greatly sufficient. -+ MaxConfigBodySize = 4 * megaByte -+ // MaxOpenShiftStatusBody is the maximum allowed size of an OpenShift status body. -+ // The limit of 4 MB is considered to be greatly sufficient. -+ MaxOpenShiftStatusBody = 4 * megaByte -+ // MaxTarFileManifestSize is the maximum allowed size of a (docker save)-like manifest (which may contain multiple images) -+ // The limit of 1 MB is considered to be greatly sufficient. -+ MaxTarFileManifestSize = megaByte -+) -+ -+// ReadAtMost reads from reader and errors out if the specified limit (in bytes) is exceeded. -+func ReadAtMost(reader io.Reader, limit int) ([]byte, error) { -+ limitedReader := io.LimitReader(reader, int64(limit+1)) -+ -+ res, err := ioutil.ReadAll(limitedReader) -+ if err != nil { -+ return nil, err -+ } -+ -+ if len(res) > limit { -+ return nil, errors.Errorf("exceeded maximum allowed size of %d bytes", limit) -+ } -+ -+ return res, nil -+} -diff --git a/vendor/github.com/containers/image/v5/openshift/openshift.go b/vendor/github.com/containers/image/v5/openshift/openshift.go -index 016de4803..c37e1b751 100644 ---- a/vendor/github.com/containers/image/v5/openshift/openshift.go -+++ b/vendor/github.com/containers/image/v5/openshift/openshift.go -@@ -7,13 +7,13 @@ import ( - "encoding/json" - "fmt" - "io" -- "io/ioutil" - "net/http" - "net/url" - "strings" - - "github.com/containers/image/v5/docker" - "github.com/containers/image/v5/docker/reference" -+ "github.com/containers/image/v5/internal/iolimits" - "github.com/containers/image/v5/manifest" - "github.com/containers/image/v5/types" - "github.com/containers/image/v5/version" -@@ -102,7 +102,7 @@ func (c *openshiftClient) doRequest(ctx context.Context, method, path string, re - return nil, err - } - defer res.Body.Close() -- body, err := ioutil.ReadAll(res.Body) -+ body, err := iolimits.ReadAtMost(res.Body, iolimits.MaxOpenShiftStatusBody) - if err != nil { - return nil, err - } -diff --git a/vendor/modules.txt b/vendor/modules.txt -index 840dae067..3f72f3f34 100644 ---- a/vendor/modules.txt -+++ b/vendor/modules.txt -@@ -48,7 +48,7 @@ github.com/containernetworking/cni/pkg/types - github.com/containernetworking/cni/pkg/types/020 - github.com/containernetworking/cni/pkg/types/current - github.com/containernetworking/cni/pkg/version --# github.com/containers/image/v5 v5.0.0 -+# github.com/containers/image/v5 v5.0.1-0.20200205124631-82291c45f2b0 - github.com/containers/image/v5/copy - github.com/containers/image/v5/directory - github.com/containers/image/v5/directory/explicitfilepath -@@ -59,6 +59,7 @@ github.com/containers/image/v5/docker/policyconfiguration - github.com/containers/image/v5/docker/reference - github.com/containers/image/v5/docker/tarfile - github.com/containers/image/v5/image -+github.com/containers/image/v5/internal/iolimits - github.com/containers/image/v5/internal/pkg/keyctl - github.com/containers/image/v5/internal/tmpdir - github.com/containers/image/v5/manifest diff --git a/SOURCES/buildah-1756986.patch b/SOURCES/buildah-1756986.patch deleted file mode 100644 index e70ea76..0000000 --- a/SOURCES/buildah-1756986.patch +++ /dev/null @@ -1,98 +0,0 @@ -From 6d7ab38f33edb9ab87a290a0c68cfd27b55b061f Mon Sep 17 00:00:00 2001 -From: Nalin Dahyabhai -Date: Wed, 8 Jan 2020 11:02:05 -0500 -Subject: [PATCH 1/2] Check for .dockerignore specifically - -When generating the list of exclusions to process .dockerignore -contents, don't include .dockerignore if we don't have a .dockerignore -file in the context directory. That way, if the file doesn't exist, and -the caller didn't pass in any patterns, we get no patterns instead of -just one ".dockerignore" pattern, and we can hit the faster copy path. - -Signed-off-by: Nalin Dahyabhai - -Closes: #2072 -Approved by: giuseppe ---- - add.go | 10 ++++++++-- - 1 file changed, 8 insertions(+), 2 deletions(-) - -diff --git a/add.go b/add.go -index b5119e369..e82a5ef9a 100644 ---- a/add.go -+++ b/add.go -@@ -215,7 +215,12 @@ func dockerIgnoreMatcher(lines []string, contextDir string) (*fileutils.PatternM - if contextDir == "" { - return nil, nil - } -- patterns := []string{".dockerignore"} -+ // If there's no .dockerignore file, then we don't have to add a -+ // pattern to tell copy logic to ignore it later. -+ var patterns []string -+ if _, err := os.Stat(filepath.Join(contextDir, ".dockerignore")); err == nil || !os.IsNotExist(err) { -+ patterns = []string{".dockerignore"} -+ } - for _, ignoreSpec := range lines { - ignoreSpec = strings.TrimSpace(ignoreSpec) - // ignore comments passed back from .dockerignore -@@ -224,7 +229,8 @@ func dockerIgnoreMatcher(lines []string, contextDir string) (*fileutils.PatternM - } - // if the spec starts with '!' it means the pattern - // should be included. make a note so that we can move -- // it to the front of the updated pattern -+ // it to the front of the updated pattern, and insert -+ // the context dir's path in between - includeFlag := "" - if strings.HasPrefix(ignoreSpec, "!") { - includeFlag = "!" - -From f999964084ce75c833b0cffd17fb09b947dad506 Mon Sep 17 00:00:00 2001 -From: Nalin Dahyabhai -Date: Wed, 8 Jan 2020 11:04:57 -0500 -Subject: [PATCH 2/2] copyFileWithTar: close source files at the right time - -Close source files after we've finished reading from them, rather than -leaving it for later. - -Signed-off-by: Nalin Dahyabhai - -Closes: #2072 -Approved by: giuseppe ---- - util.go | 9 +++------ - 1 file changed, 3 insertions(+), 6 deletions(-) - -diff --git a/util.go b/util.go -index b4670e41c..2f923357c 100644 ---- a/util.go -+++ b/util.go -@@ -165,11 +165,6 @@ func (b *Builder) copyFileWithTar(tarIDMappingOptions *IDMappingOptions, chownOp - if err != nil { - return errors.Wrapf(err, "error opening %q to copy its contents", src) - } -- defer func() { -- if err := f.Close(); err != nil { -- logrus.Debugf("error closing %s: %v", fi.Name(), err) -- } -- }() - } - } - -@@ -200,6 +195,9 @@ func (b *Builder) copyFileWithTar(tarIDMappingOptions *IDMappingOptions, chownOp - logrus.Debugf("error copying contents of %s: %v", fi.Name(), err) - copyErr = err - } -+ if err = srcFile.Close(); err != nil { -+ logrus.Debugf("error closing %s: %v", fi.Name(), err) -+ } - } - if err = writer.Close(); err != nil { - logrus.Debugf("error closing write pipe for %s: %v", hdr.Name, err) -@@ -213,7 +211,6 @@ func (b *Builder) copyFileWithTar(tarIDMappingOptions *IDMappingOptions, chownOp - if err == nil { - err = copyErr - } -- f = nil - if pipeWriter != nil { - pipeWriter.Close() - } diff --git a/SOURCES/buildah-CVE-2020-10696.patch b/SOURCES/buildah-CVE-2020-10696.patch deleted file mode 100644 index b0c58fd..0000000 --- a/SOURCES/buildah-CVE-2020-10696.patch +++ /dev/null @@ -1,58 +0,0 @@ -From 840e7dad513b86f454573ad415701c0199f78d30 Mon Sep 17 00:00:00 2001 -From: TomSweeneyRedHat -Date: Tue, 24 Mar 2020 20:10:22 -0400 -Subject: [PATCH] Fix potential CVE in tarfile w/ symlink - -Stealing @nalind 's workaround to avoid refetching -content after a file read failure. Under the right -circumstances that could be a symlink to a file meant -to overwrite a good file with bad data. - -Testing: -``` -goodstuff - -[1] 14901 - -127.0.0.1 - - [24/Mar/2020 20:15:50] "GET / HTTP/1.1" 200 - -127.0.0.1 - - [24/Mar/2020 20:15:50] "GET / HTTP/1.1" 200 - -no FROM statement found - -goodstuff -``` - -Signed-off-by: TomSweeneyRedHat ---- - imagebuildah/util.go | 5 +++-- - 1 file changed, 3 insertions(+), 2 deletions(-) - -diff --git a/imagebuildah/util.go b/imagebuildah/util.go -index 29ea60970..5f14c9883 100644 ---- a/imagebuildah/util.go -+++ b/imagebuildah/util.go -@@ -14,6 +14,7 @@ import ( - - "github.com/containers/buildah" - "github.com/containers/storage/pkg/chrootarchive" -+ "github.com/containers/storage/pkg/ioutils" - "github.com/opencontainers/runtime-spec/specs-go" - "github.com/pkg/errors" - "github.com/sirupsen/logrus" -@@ -57,7 +58,7 @@ func downloadToDirectory(url, dir string) error { - } - dockerfile := filepath.Join(dir, "Dockerfile") - // Assume this is a Dockerfile -- if err := ioutil.WriteFile(dockerfile, body, 0600); err != nil { -+ if err := ioutils.AtomicWriteFile(dockerfile, body, 0600); err != nil { - return errors.Wrapf(err, "Failed to write %q to %q", url, dockerfile) - } - } -@@ -75,7 +76,7 @@ func stdinToDirectory(dir string) error { - if err := chrootarchive.Untar(reader, dir, nil); err != nil { - dockerfile := filepath.Join(dir, "Dockerfile") - // Assume this is a Dockerfile -- if err := ioutil.WriteFile(dockerfile, b, 0600); err != nil { -+ if err := ioutils.AtomicWriteFile(dockerfile, b, 0600); err != nil { - return errors.Wrapf(err, "Failed to write bytes to %q", dockerfile) - } - } diff --git a/SPECS/buildah.spec b/SPECS/buildah.spec index 8ef6f36..c6ea3d8 100644 --- a/SPECS/buildah.spec +++ b/SPECS/buildah.spec @@ -20,28 +20,14 @@ go build -buildmode pie -compiler gc -tags="rpm_crashtraceback libtrust_openssl # https://github.com/containers/buildah %global import_path %{provider}.%{provider_tld}/%{project}/%{repo} %global git0 https://%{import_path} -%global commit0 9513cb8c7bec0f7789c696aee4d252ebf85194cc -%global shortcommit0 %(c=%{commit0}; echo ${c:0:7}) Name: %{repo} -Version: 1.11.6 -Release: 8%{?dist} +Version: 1.14.9 +Release: 1%{?dist} Summary: A command line tool used for creating OCI Images License: ASL 2.0 URL: https://%{name}.io -Source: %{git0}/archive/%{commit0}/%{name}-%{shortcommit0}.tar.gz -Patch0: https://patch-diff.githubusercontent.com/raw/containers/buildah/pull/1996.patch -# https://bugzilla.redhat.com/show_bug.cgi?id=1784952 -Patch1: https://patch-diff.githubusercontent.com/raw/containers/buildah/pull/2031.patch -# https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1702 -# https://github.com/containers/buildah/commit/be1eb6f70fb40e45096b69aeb048d54c526a4a8f.patch -Patch2: CVE-2020-1702-1801926.patch -# related bug: https://bugzilla.redhat.com/show_bug.cgi?id=1756986 -# backported: https://patch-diff.githubusercontent.com/raw/containers/buildah/pull/2181.patch -Patch3: buildah-1756986.patch -# tracker bug: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10696 -# patch: https://github.com/containers/buildah/commit/c61925b8936e93a5e900f91b653a846f7ea3a9ed.patch -Patch4: buildah-CVE-2020-10696.patch +Source0: %{git0}/archive/v%{version}.tar.gz BuildRequires: golang >= 1.12.12-4 BuildRequires: git BuildRequires: glib2-devel @@ -55,7 +41,7 @@ BuildRequires: libassuan-devel BuildRequires: make Requires: runc >= 1.0.0-26 Requires: containers-common -Requires: container-selinux +Recommends: container-selinux Requires: slirp4netns >= 0.3-0 %description @@ -80,7 +66,7 @@ Requires: golang This package contains system tests for %{name} %prep -%autosetup -Sgit -n %{name}-%{commit0} +%autosetup -Sgit sed -i 's/GOMD2MAN =/GOMD2MAN ?=/' docs/Makefile sed -i '/docs install/d' Makefile @@ -127,611 +113,19 @@ make DESTDIR=%{buildroot} PREFIX=%{_prefix} -C docs install %{_datadir}/%{name}/test %changelog -* Tue Mar 31 2020 Jindrich Novy - 1.11.6-8 -- fix "CVE-2020-10696 buildah: crafted input tar file may lead to local file overwriting during image build process" -- Resolves: #1817742 - -* Mon Feb 24 2020 Jindrich Novy - 1.11.6-7 -- fix "COPY command takes long time with buildah" -- Resolves: #1806120 - -* Mon Feb 17 2020 Jindrich Novy - 1.11.6-6 -- fix CVE-2020-1702 -- Resolves: #1801926 - -* Thu Feb 13 2020 Jindrich Novy - 1.11.6-5 -- adding the first phase of FIPS fix -- Related: #1784952 - -* Wed Dec 11 2019 Jindrich Novy - 1.11.6-4 -- compile in FIPS mode -- Related: RHELPLAN-25139 - -* Mon Dec 09 2019 Jindrich Novy - 1.11.6-3 -- be sure to use golang >= 1.12.12-4 -- Related: RHELPLAN-25139 - -* Fri Dec 06 2019 Jindrich Novy - 1.11.6-2 -- fix chroot: unmount with MNT_DETACH instead of UnmountMountpoints() -- bug reference 1772179 -- Related: RHELPLAN-25139 - -* Thu Dec 05 2019 Jindrich Novy - 1.11.6-1 -- update to buildah 1.11.6 -- Related: RHELPLAN-25139 - -* Thu Nov 21 2019 Jindrich Novy - 1.11.5-1 -- update to buildah 1.11.5 -- Related: RHELPLAN-25139 - -* Thu Nov 07 2019 Jindrich Novy - 1.11.4-2 -- fix %%gobuild macro to not to ignore BUILDTAGS -- Related: RHELPLAN-25139 - -* Thu Nov 07 2019 Jindrich Novy - 1.11.4-1 -- update to 1.11.4 -- Related: RHELPLAN-25139 - -* Tue Sep 17 2019 Jindrich Novy - 1.9.0-5 -- Use autosetup macro again. - -* Thu Sep 12 2019 Jindrich Novy - 1.9.0-4 -- Fix CVE-2019-10214 (#1734653). - -* Sat Jun 15 2019 Lokesh Mandvekar - 1.9.0-3 -- Resolves: #1721247 - enable fips mode - -* Sat Jun 15 2019 Lokesh Mandvekar - 1.9.0-2 -- Resolves: #1720654 - tests subpackage depends on golang explicitly - -* Sat Jun 15 2019 Lokesh Mandvekar - 1.9.0-1 -- Resolves: #1720654 - rebase to v1.9.0 - -* Fri Jun 14 2019 Lokesh Mandvekar - 1.8.3-1 -- Resolves: #1720654 - rebase to v1.8.3 - -* Tue Apr 9 2019 Eduardo Santiago - 1.8-0.git021d607 -- package system tests - -* Tue Dec 18 2018 Frantisek Kluknavsky - 1.5-3.gite94b4f9 -- re-enable debuginfo - -* Mon Dec 17 2018 Frantisek Kluknavsky - 1.5-2.gite94b4f9 -- go toolset not in scl anymore - -* Fri Nov 23 2018 Frantisek Kluknavsky - 1.5-1.gite94b4f9 -- rebase - -* Mon Nov 19 2018 Frantisek Kluknavsky - 1.4-3.git608fa84 -- fedora-like go compiler macro in buildrequires is enough - -* Wed Oct 10 2018 Frantisek Kluknavsky - 1.4-2.git608fa84 -- rebase - -* Mon Aug 13 2018 Lokesh Mandvekar - 1.3-3.git4888163 -- Resolves: #1615611 - rebuild with gobuild tag 'no_openssl' - -* Wed Aug 08 2018 Lokesh Mandvekar - 1.3-2.git4888163 -- Resolves: #1614009 - built with updated scl-ized go-toolset dep -- build with %%gobuild - -* Sun Aug 5 2018 Dan Walsh - 1.3-1 -- Bump to v1.3 -- Vendor in lates containers/image -- build-using-dockerfile: let -t include transports again -- Block use of /proc/acpi and /proc/keys from inside containers -- Fix handling of --registries-conf -- Fix becoming a maintainer link -- add optional CI test fo darwin -- Don't pass a nil error to errors.Wrapf() -- image filter test: use kubernetes/pause as a "since" -- Add --cidfile option to from -- vendor: update containers/storage -- Contributors need to find the CONTRIBUTOR.md file easier -- Add a --loglevel option to build-with-dockerfile -- Create Development plan -- cmd: Code improvement -- allow buildah cross compile for a darwin target -- Add unused function param lint check -- docs: Follow man-pages(7) suggestions for SYNOPSIS -- Start using github.com/seccomp/containers-golang -- umount: add all option to umount all mounted containers -- runConfigureNetwork(): remove an unused parameter -- Update github.com/opencontainers/selinux -- Fix buildah bud --layers -- Force ownership of /etc/hosts and /etc/resolv.conf to 0:0 -- main: if unprivileged, reexec in a user namespace -- Vendor in latest imagebuilder -- Reduce the complexity of the buildah.Run function -- mount: output it before replacing lastError -- Vendor in latest selinux-go code -- Implement basic recognition of the "--isolation" option -- Run(): try to resolve non-absolute paths using $PATH -- Run(): don't include any default environment variables -- build without seccomp -- vendor in latest runtime-tools -- bind/mount_unsupported.go: remove import errors -- Update github.com/opencontainers/runc -- Add Capabilities lists to BuilderInfo -- Tweaks for commit tests -- commit: recognize committing to second storage locations -- Fix ARGS parsing for run commands -- Add info on registries.conf to from manpage -- Switch from using docker to podman for testing in .papr -- buildah: set the HTTP User-Agent -- ONBUILD tutorial -- Add information about the configuration files to the install docs -- Makefile: add uninstall -- Add tilde info for push to troubleshooting -- mount: support multiple inputs -- Use the right formatting when adding entries to /etc/hosts -- Vendor in latest go-selinux bindings -- Allow --userns-uid-map/--userns-gid-map to be global options -- bind: factor out UnmountMountpoints -- Run(): simplify runCopyStdio() -- Run(): handle POLLNVAL results -- Run(): tweak terminal mode handling -- Run(): rename 'copyStdio' to 'copyPipes' -- Run(): don't set a Pdeathsig for the runtime -- Run(): add options for adding and removing capabilities -- Run(): don't use a callback when a slice will do -- setupSeccomp(): refactor -- Change RunOptions.Stdin/Stdout/Stderr to just be Reader/Writers -- Escape use of '_' in .md docs -- Break out getProcIDMappings() -- Break out SetupIntermediateMountNamespace() -- Add Multi From Demo -- Use the c/image conversion code instead of converting configs manually -- Don't throw away the manifest MIME type and guess again -- Consolidate loading manifest and config in initConfig -- Pass a types.Image to Builder.initConfig -- Require an image ID in importBuilderDataFromImage -- Use c/image/manifest.GuessMIMEType instead of a custom heuristic -- Do not ignore any parsing errors in initConfig -- Explicitly handle "from scratch" images in Builder.initConfig -- Fix parsing of OCI images -- Simplify dead but dangerous-looking error handling -- Don't ignore v2s1 history if docker_version is not set -- Add --rm and --force-rm to buildah bud -- Add --all,-a flag to buildah images -- Separate stdio buffering from writing -- Remove tty check from images --format -- Add environment variable BUILDAH_RUNTIME -- Add --layers and --no-cache to buildah bud -- Touch up images man -- version.md: fix DESCRIPTION -- tests: add containers test -- tests: add images test -- images: fix usage -- fix make clean error -- Change 'registries' to 'container registries' in man -- add commit test -- Add(): learn to record hashes of what we add -- Minor update to buildah config documentation for entrypoint -- Bump to v1.2-dev -- Add registries.conf link to a few man pages - -* Tue Jul 24 2018 Lokesh Mandvekar - 1.2-3 -- do not depend on btrfs-progs for rhel8 - -* Thu Jul 19 2018 Dan Walsh - 1.2-2 -- buildah does not require ostree - -* Sun Jul 15 2018 Dan Walsh 1.2-1 -- Vendor in latest containers/image -- build-using-dockerfile: let -t include transports again -- Block use of /proc/acpi and /proc/keys from inside containers -- Fix handling of --registries-conf -- Fix becoming a maintainer link -- add optional CI test fo darwin -- Don't pass a nil error to errors.Wrapf() -- image filter test: use kubernetes/pause as a "since" -- Add --cidfile option to from -- vendor: update containers/storage -- Contributors need to find the CONTRIBUTOR.md file easier -- Add a --loglevel option to build-with-dockerfile -- Create Development plan -- cmd: Code improvement -- allow buildah cross compile for a darwin target -- Add unused function param lint check -- docs: Follow man-pages(7) suggestions for SYNOPSIS -- Start using github.com/seccomp/containers-golang -- umount: add all option to umount all mounted containers -- runConfigureNetwork(): remove an unused parameter -- Update github.com/opencontainers/selinux -- Fix buildah bud --layers -- Force ownership of /etc/hosts and /etc/resolv.conf to 0:0 -- main: if unprivileged, reexec in a user namespace -- Vendor in latest imagebuilder -- Reduce the complexity of the buildah.Run function -- mount: output it before replacing lastError -- Vendor in latest selinux-go code -- Implement basic recognition of the "--isolation" option -- Run(): try to resolve non-absolute paths using $PATH -- Run(): don't include any default environment variables -- build without seccomp -- vendor in latest runtime-tools -- bind/mount_unsupported.go: remove import errors -- Update github.com/opencontainers/runc -- Add Capabilities lists to BuilderInfo -- Tweaks for commit tests -- commit: recognize committing to second storage locations -- Fix ARGS parsing for run commands -- Add info on registries.conf to from manpage -- Switch from using docker to podman for testing in .papr -- buildah: set the HTTP User-Agent -- ONBUILD tutorial -- Add information about the configuration files to the install docs -- Makefile: add uninstall -- Add tilde info for push to troubleshooting -- mount: support multiple inputs -- Use the right formatting when adding entries to /etc/hosts -- Vendor in latest go-selinux bindings -- Allow --userns-uid-map/--userns-gid-map to be global options -- bind: factor out UnmountMountpoints -- Run(): simplify runCopyStdio() -- Run(): handle POLLNVAL results -- Run(): tweak terminal mode handling -- Run(): rename 'copyStdio' to 'copyPipes' -- Run(): don't set a Pdeathsig for the runtime -- Run(): add options for adding and removing capabilities -- Run(): don't use a callback when a slice will do -- setupSeccomp(): refactor -- Change RunOptions.Stdin/Stdout/Stderr to just be Reader/Writers -- Escape use of '_' in .md docs -- Break out getProcIDMappings() -- Break out SetupIntermediateMountNamespace() -- Add Multi From Demo -- Use the c/image conversion code instead of converting configs manually -- Don't throw away the manifest MIME type and guess again -- Consolidate loading manifest and config in initConfig -- Pass a types.Image to Builder.initConfig -- Require an image ID in importBuilderDataFromImage -- Use c/image/manifest.GuessMIMEType instead of a custom heuristic -- Do not ignore any parsing errors in initConfig -- Explicitly handle "from scratch" images in Builder.initConfig -- Fix parsing of OCI images -- Simplify dead but dangerous-looking error handling -- Don't ignore v2s1 history if docker_version is not set -- Add --rm and --force-rm to buildah bud -- Add --all,-a flag to buildah images -- Separate stdio buffering from writing -- Remove tty check from images --format -- Add environment variable BUILDAH_RUNTIME -- Add --layers and --no-cache to buildah bud -- Touch up images man -- version.md: fix DESCRIPTION -- tests: add containers test -- tests: add images test -- images: fix usage -- fix make clean error -- Change 'registries' to 'container registries' in man -- add commit test -- Add(): learn to record hashes of what we add -- Minor update to buildah config documentation for entrypoint -- Add registries.conf link to a few man pages - -* Sun Jun 10 2018 Dan Walsh 1.1-1 -- Drop capabilities if running container processes as non root -- Print Warning message if cmd will not be used based on entrypoint -- Update 01-intro.md -- Shouldn't add insecure registries to list of search registries -- Report errors on bad transports specification when pushing images -- Move parsing code out of common for namespaces and into pkg/parse.go -- Add disable-content-trust noop flag to bud -- Change freenode chan to buildah -- runCopyStdio(): don't close stdin unless we saw POLLHUP -- Add registry errors for pull -- runCollectOutput(): just read until the pipes are closed on us -- Run(): provide redirection for stdio -- rmi, rm: add test -- add mount test -- Add parameter judgment for commands that do not require parameters -- Add context dir to bud command in baseline test -- run.bats: check that we can run with symlinks in the bundle path -- Give better messages to users when image can not be found -- use absolute path for bundlePath -- Add environment variable to buildah --format -- rm: add validation to args and all option -- Accept json array input for config entrypoint -- Run(): process RunOptions.Mounts, and its flags -- Run(): only collect error output from stdio pipes if we created some -- Add OnBuild support for Dockerfiles -- Quick fix on demo readme -- run: fix validate flags -- buildah bud should require a context directory or URL -- Touchup tutorial for run changes -- Validate common bud and from flags -- images: Error if the specified imagename does not exist -- inspect: Increase err judgments to avoid panic -- add test to inspect -- buildah bud picks up ENV from base image -- Extend the amount of time travis_wait should wait -- Add a make target for Installing CNI plugins -- Add tests for namespace control flags -- copy.bats: check ownerships in the container -- Fix SELinux test errors when SELinux is enabled -- Add example CNI configurations -- Run: set supplemental group IDs -- Run: use a temporary mount namespace -- Use CNI to configure container networks -- add/secrets/commit: Use mappings when setting permissions on added content -- Add CLI options for specifying namespace and cgroup setup -- Always set mappings when using user namespaces -- Run(): break out creation of stdio pipe descriptors -- Read UID/GID mapping information from containers and images -- Additional bud CI tests -- Run integration tests under travis_wait in Travis -- build-using-dockerfile: add --annotation -- Implement --squash for build-using-dockerfile and commit -- Vendor in latest container/storage for devicemapper support -- add test to inspect -- Vendor github.com/onsi/ginkgo and github.com/onsi/gomega -- Test with Go 1.10, too -- Add console syntax highlighting to troubleshooting page -- bud.bats: print "$output" before checking its contents -- Manage "Run" containers more closely -- Break Builder.Run()'s "run runc" bits out -- util.ResolveName(): handle completion for tagged/digested image names -- Handle /etc/hosts and /etc/resolv.conf properly in container -- Documentation fixes -- Make it easier to parse our temporary directory as an image name -- Makefile: list new pkg/ subdirectoris as dependencies for buildah -- containerImageSource: return more-correct errors -- API cleanup: PullPolicy and TerminalPolicy should be types -- Make "run --terminal" and "run -t" aliases for "run --tty" -- Vendor github.com/containernetworking/cni v0.6.0 -- Update github.com/containers/storage -- Update github.com/projectatomic/libpod -- Add support for buildah bud --label -- buildah push/from can push and pull images with no reference -- Vendor in latest containers/image -- Update gometalinter to fix install.tools error -- Update troubleshooting with new run workaround -- Added a bud demo and tidied up -- Attempt to download file from url, if fails assume Dockerfile -- Add buildah bud CI tests for ENV variables -- Re-enable rpm .spec version check and new commit test -- Update buildah scratch demo to support el7 -- Added Docker compatibility demo -- Update to F28 and new run format in baseline test -- Touchup man page short options across man pages -- Added demo dir and a demo. chged distrorlease -- builder-inspect: fix format option -- Add cpu-shares short flag (-c) and cpu-shares CI tests -- Minor fixes to formatting in rpm spec changelog -- Fix rpm .spec changelog formatting -- CI tests and minor fix for cache related noop flags -- buildah-from: add effective value to mount propagation - -* Mon May 7 2018 Dan Walsh 1.0-1 -- Remove buildah run cmd and entrypoint execution -- Add Files section with registries.conf to pertinent man pages -- Force "localhost" as a default registry -- Add --compress, --rm, --squash flags as a noop for bud -- Add FIPS mode secret to buildah run and bud -- Add config --comment/--domainname/--history-comment/--hostname -- Add support for --iidfile to bud and commit -- Add /bin/sh -c to entrypoint in config -- buildah images and podman images are listing different sizes -- Remove tarball as an option from buildah push --help -- Update entrypoint behaviour to match docker -- Display imageId after commit -- config: add support for StopSignal -- Allow referencing stages as index and names -- Add multi-stage builds support -- Vendor in latest imagebuilder, to get mixed case AS support -- Allow umount to have multi-containers -- Update buildah push doc -- buildah bud walks symlinks -- Imagename is required for commit atm, update manpage - -* Thu May 03 2018 Lokesh Mandvekar - 0.16-3.git532e267 -- Resolves: #1573681 -- built commit 532e267 - -* Tue Apr 10 2018 Lokesh Mandvekar - 0.16.0-2.git6f7d05b -- built commit 6f7d05b - -* Wed Apr 4 2018 Dan Walsh 0.16-1 -- Add support for shell -- Vendor in latest containers/image -- docker-archive generates docker legacy compatible images -- Do not create $DiffID subdirectories for layers with no configs -- Ensure the layer IDs in legacy docker/tarfile metadata are unique -- docker-archive: repeated layers are symlinked in the tar file -- sysregistries: remove all trailing slashes -- Improve docker/* error messages -- Fix failure to make auth directory -- Create a new slice in Schema1.UpdateLayerInfos -- Drop unused storageImageDestination.{image,systemContext} -- Load a *storage.Image only once in storageImageSource -- Support gzip for docker-archive files -- Remove .tar extension from blob and config file names -- ostree, src: support copy of compressed layers -- ostree: re-pull layer if it misses uncompressed_digest|uncompressed_size -- image: fix docker schema v1 -> OCI conversion -- Add /etc/containers/certs.d as default certs directory -- Change image time to locale, add troubleshooting.md, add logo to other mds -- Allow --cmd parameter to have commands as values -- Document the mounts.conf file -- Fix man pages to format correctly -- buildah from now supports pulling images using the following transports: -- docker-archive, oci-archive, and dir. -- If the user overrides the storage driver, the options should be dropped -- Show Config/Manifest as JSON string in inspect when format is not set -- Adds feature to pull compressed docker-archive files - -* Tue Feb 27 2018 Dan Walsh 0.15-1 -- Fix handling of buildah run command options - -* Mon Feb 26 2018 Dan Walsh 0.14-1 -- If commonOpts do not exist, we should return rather then segfault -- Display full error string instead of just status -- Implement --volume and --shm-size for bud and from -- Fix secrets patch for buildah bud -- Fixes the naming issue of blobs and config for the dir transport by removing the .tar extension - -* Mon Feb 26 2018 Lokesh Mandvekar - 0.13-1.git99066e0 -- use correct version - -* Mon Feb 26 2018 Lokesh Mandvekar - 0.12-4.git99066e0 -- enable debuginfo - -* Mon Feb 26 2018 Lokesh Mandvekar - 0.12-3.git99066e0 -- BR: libseccomp-devel - -* Mon Feb 26 2018 Lokesh Mandvekar - 0.12-2.git99066e0 -- Resolves: #1548535 -- built commit 99066e0 - -* Mon Feb 12 2018 Dan Walsh 0.12-1 -- Added handing for simpler error message for Unknown Dockerfile instructions. -- Change default certs directory to /etc/containers/certs.dir -- Vendor in latest containers/image -- Vendor in latest containers/storage -- build-using-dockerfile: set the 'author' field for MAINTAINER -- Return exit code 1 when buildah-rmi fails -- Trim the image reference to just its name before calling getImageName -- Touch up rmi -f usage statement -- Add --format and --filter to buildah containers -- Add --prune,-p option to rmi command -- Add authfile param to commit -- Fix --runtime-flag for buildah run and bud -- format should override quiet for images -- Allow all auth params to work with bud -- Do not overwrite directory permissions on --chown -- Unescape HTML characters output into the terminal -- Fix: setting the container name to the image -- Prompt for un/pwd if not supplied with --creds -- Make bud be really quiet -- Return a better error message when failed to resolve an image -- Update auth tests and fix bud man page - -* Mon Feb 05 2018 Lokesh Mandvekar - 0.11-3.git49095a8 -- Resolves: #1542236 - add ostree and bump runc dep - -* Thu Feb 01 2018 Frantisek Kluknavsky - 0.11-2.git49095a8 -- rebased to 49095a83f8622cf69532352d183337635562e261 - -* Tue Jan 16 2018 Dan Walsh 0.11-1 -- Add --all to remove containers -- Add --all functionality to rmi -- Show ctrid when doing rm -all -- Ignore sequential duplicate layers when reading v2s1 -- Lots of minor bug fixes -- Vendor in latest containers/image and containers/storage - -* Sat Dec 23 2017 Dan Walsh 0.10-2 -- Fix checkin - -* Sat Dec 23 2017 Dan Walsh 0.10-1 -- Display Config and Manifest as strings -- Bump containers/image -- Use configured registries to resolve image names -- Update to work with newer image library -- Add --chown option to add/copy commands - -* Tue Dec 12 2017 Lokesh Mandvekar - 0.9-2.git04ea079 -- build for all arches - -* Sat Dec 2 2017 Dan Walsh 0.9-1 -- Allow push to use the image id -- Make sure builtin volumes have the correct label - -* Wed Nov 22 2017 Dan Walsh 0.8-1 -- Buildah bud was failing on SELinux machines, this fixes this -- Block access to certain kernel file systems inside of the container - -* Thu Nov 16 2017 Dan Walsh 0.7-1 -- Ignore errors when trying to read containers buildah.json for loading SELinux reservations -- Use credentials from kpod login for buildah -- Adds support for converting manifest types when using the dir transport -- Rework how we do UID resolution in images -- Bump github.com/vbatts/tar-split -- Set option.terminal appropriately in run - -* Thu Nov 16 2017 Frantisek Kluknavsky - 0.5-5.gitf7dc659 -- revert building for s390x, it is intended for rhel 7.5 - -* Wed Nov 15 2017 Dan Walsh 0.5-4 -- Add requires for container-selinux - -* Mon Nov 13 2017 Frantisek Kluknavsky - 0.5-3.gitf7dc659 -- build for s390x, https://bugzilla.redhat.com/show_bug.cgi?id=1482234 - -* Wed Nov 08 2017 Dan Walsh 0.5-2 -- Bump github.com/vbatts/tar-split -- Fixes CVE That could allow a container image to cause a DOS - -* Tue Nov 07 2017 Dan Walsh 0.5-1 -- Add secrets patch to buildah -- Add proper SELinux labeling to buildah run -- Add tls-verify to bud command -- Make filtering by date use the image's date -- images: don't list unnamed images twice -- Fix timeout issue -- Add further tty verbiage to buildah run -- Make inspect try an image on failure if type not specified -- Add support for `buildah run --hostname` -- Tons of bug fixes and code cleanup - -* Tue Nov 7 2017 Nalin Dahyabhai - 0.4-2.git01db066 -- bump to latest version -- set GIT_COMMIT at build-time - -* Fri Sep 22 2017 Dan Walsh 0.4-1.git9cbccf88c -- Add default transport to push if not provided -- Avoid trying to print a nil ImageReference -- Add authentication to commit and push -- Add information on buildah from man page on transports -- Remove --transport flag -- Run: do not complain about missing volume locations -- Add credentials to buildah from -- Remove export command -- Run(): create the right working directory -- Improve "from" behavior with unnamed references -- Avoid parsing image metadata for dates and layers -- Read the image's creation date from public API -- Bump containers/storage and containers/image -- Don't panic if an image's ID can't be parsed -- Turn on --enable-gc when running gometalinter -- rmi: handle truncated image IDs - -* Fri Sep 22 2017 Lokesh Mandvekar - 0.4-1.git9cbccf8 -- bump to v0.4 - -* Wed Aug 02 2017 Fedora Release Engineering - 0.3-4.gitb9b2a8a -- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild - -* Wed Jul 26 2017 Fedora Release Engineering - 0.3-3.gitb9b2a8a -- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild - -* Thu Jul 20 2017 Dan Walsh 0.3-2.gitb9b2a8a7e -- Bump for inclusion of OCI 1.0 Runtime and Image Spec - -* Tue Jul 18 2017 Dan Walsh 0.2.0-1.gitac2aad6 -- buildah run: Add support for -- ending options parsing -- buildah Add/Copy support for glob syntax -- buildah commit: Add flag to remove containers on commit -- buildah push: Improve man page and help information -- buildah run: add a way to disable PTY allocation -- Buildah docs: clarify --runtime-flag of run command -- Update to match newer storage and image-spec APIs -- Update containers/storage and containers/image versions -- buildah export: add support -- buildah images: update commands -- buildah images: Add JSON output option -- buildah rmi: update commands -- buildah containers: Add JSON output option -- buildah version: add command -- buildah run: Handle run without an explicit command correctly -- Ensure volume points get created, and with perms -- buildah containers: Add a -a/--all option - -* Wed Jun 14 2017 Dan Walsh 0.1.0-2.git597d2ab9 -- Release Candidate 1 -- All features have now been implemented. - -* Fri Apr 14 2017 Dan Walsh 0.0.1-1.git7a0a5333 -- First package for Fedora +* Tue May 19 2020 Jindrich Novy - 1.14.9-1 +- update to https://github.com/containers/buildah/releases/tag/v1.14.9 +- Related: RHELPLAN-39206 + +* Fri May 01 2020 Jindrich Novy - 1.14.8-2 +- make container-selinux a soft dependency +- Related: #1806044 + +* Fri Apr 10 2020 Jindrich Novy - 1.14.8-1 +- update to https://github.com/containers/buildah/releases/tag/v1.14.8 +- Related: RHELPLAN-39206 + +* Thu Apr 09 2020 Jindrich Novy - 1.14.7-1 +- initial rhel8-8.2.1 build +- update to https://github.com/containers/buildah/releases/tag/v1.14.7 +- Related: RHELPLAN-39206