Hello community, here is the log from the commit of package podman for openSUSE:Factory checked in at 2020-05-28 09:10:33 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/podman (Old) and /work/SRC/openSUSE:Factory/.podman.new.3606 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "podman" Thu May 28 09:10:33 2020 rev:63 rq:808742 version:1.9.3 Changes: -------- --- /work/SRC/openSUSE:Factory/podman/podman.changes 2020-05-01 11:07:40.031105511 +0200 +++ /work/SRC/openSUSE:Factory/.podman.new.3606/podman.changes 2020-05-28 09:10:56.796260385 +0200 @@ -1,0 +2,20 @@ +Mon May 25 11:32:32 UTC 2020 - Paolo Stivanin <i...@paolostivanin.com> + +- Update to podman v1.9.3: + * Fixed a bug where, on FIPS enabled hosts, FIPS mode secrets + were not properly mounted into containers + * Fixed a bug where builds run over Varlink would hang + * Fixed a bug where podman save would fail when the target + image was specified by digest + * Fixed a bug where rootless containers with ports forwarded to them + could panic and dump core due to a concurrency issue (#6018) + * Fixed a bug where rootless Podman could race when opening the + rootless user namespace, resulting in commands failing to run + * Fixed a bug where HTTP proxy environment variables forwarded into + the container by the --http-proxy flag could not be overridden by --env or --env-file + * Fixed a bug where rootless Podman was setting resource limits on cgroups + v2 systems that were not using systemd-managed cgroups + (and thus did not support resource limits), resulting in containers failing to start + + +------------------------------------------------------------------- Old: ---- podman-1.9.1.tar.xz New: ---- podman-1.9.3.tar.xz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ podman.spec ++++++ --- /var/tmp/diff_new_pack.RX22RR/_old 2020-05-28 09:10:58.272263953 +0200 +++ /var/tmp/diff_new_pack.RX22RR/_new 2020-05-28 09:10:58.276263963 +0200 @@ -22,7 +22,7 @@ %define with_libostree 1 %endif Name: podman -Version: 1.9.1 +Version: 1.9.3 Release: 0 Summary: Daemon-less container engine for managing containers, pods and images License: Apache-2.0 ++++++ _service ++++++ --- /var/tmp/diff_new_pack.RX22RR/_old 2020-05-28 09:10:58.316264059 +0200 +++ /var/tmp/diff_new_pack.RX22RR/_new 2020-05-28 09:10:58.320264069 +0200 @@ -4,8 +4,8 @@ <param name="url">https://github.com/containers/libpod.git</param> <param name="scm">git</param> <param name="filename">podman</param> -<param name="versionformat">1.9.1</param> -<param name="revision">v1.9.1</param> +<param name="versionformat">1.9.3</param> +<param name="revision">v1.9.3</param> </service> <service name="set_version" mode="disabled"> ++++++ podman-1.9.1.tar.xz -> podman-1.9.3.tar.xz ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/podman-1.9.1/Makefile new/podman-1.9.3/Makefile --- old/podman-1.9.1/Makefile 2020-04-28 22:29:37.000000000 +0200 +++ new/podman-1.9.3/Makefile 2020-05-22 19:34:31.000000000 +0200 @@ -187,6 +187,10 @@ .PHONY: podman podman: bin/podman +.PHONY: bin/podman-remote-static +podman-remote-static: bin/podman-remote-static + CGO_ENABLED=0 $(GO) build $(BUILDFLAGS) -gcflags '$(GCFLAGS)' -asmflags '$(ASMFLAGS)' -ldflags '$(LDFLAGS_PODMAN_STATIC)' -tags "!ABISupport varlink containers_image_openpgp remoteclient" -o bin/podman-remote-static $(PROJECT)/cmd/podman + .PHONY: bin/podman-remote bin/podman-remote: .gopathok $(SOURCES) go.mod go.sum $(PODMAN_VARLINK_DEPENDENCIES) ## Build with podman on remote environment $(GO_BUILD) $(BUILDFLAGS) -gcflags '$(GCFLAGS)' -asmflags '$(ASMFLAGS)' -ldflags '$(LDFLAGS_PODMAN)' -tags "$(BUILDTAGS) remoteclient" -o $@ $(PROJECT)/cmd/podman diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/podman-1.9.1/RELEASE_NOTES.md new/podman-1.9.3/RELEASE_NOTES.md --- old/podman-1.9.1/RELEASE_NOTES.md 2020-04-28 22:29:37.000000000 +0200 +++ new/podman-1.9.3/RELEASE_NOTES.md 2020-05-22 19:34:31.000000000 +0200 @@ -1,5 +1,28 @@ # Release Notes +## 1.9.3 +### Bugfixes +- Fixed a bug where, on FIPS enabled hosts, FIPS mode secrets were not properly mounted into containers +- Fixed a bug where builds run over Varlink would hang ([#6237](https://github.com/containers/libpod/issues/6237)) + +### Misc +- Named volumes and tmpfs filesystems will no longer default to mounting `noexec` for improved compatibility with Docker +- Updated Buildah to v1.14.9 + +## 1.9.2 +### Bugfixes +- Fixed a bug where `podman save` would fail when the target image was specified by digest ([#5234](https://github.com/containers/libpod/issues/5234)) +- Fixed a bug where rootless containers with ports forwarded to them could panic and dump core due to a concurrency issue ([#6018](https://github.com/containers/libpod/issues/6018)) +- Fixed a bug where rootless Podman could race when opening the rootless user namespace, resulting in commands failing to run +- Fixed a bug where HTTP proxy environment variables forwarded into the container by the `--http-proxy` flag could not be overridden by `--env` or `--env-file` ([#6017](https://github.com/containers/libpod/issues/6017)) +- Fixed a bug where rootless Podman was setting resource limits on cgroups v2 systems that were not using systemd-managed cgroups (and thus did not support resource limits), resulting in containers failing to start + +### Misc +- Rootless containers will now automatically set their ulimits to the maximum allowed for the user running the container, to match the behavior of containers run as root +- Packages managed by the core Podman team will no longer include a default `libpod.conf`, instead defaulting to `containers.conf`. The default libpod.conf will remain available in the Github repository until the release of Podman 2.0 +- The default Podman CNI network configuration now sets HairpinMode to allow containers to access other containers via ports published on the host +- Updated containers/common to v0.8.4 + ## 1.9.1 ### Bugfixes - Fixed a bug where healthchecks could become nonfunctional if container log paths were manually set with `--log-path` and multiple container logs were placed in the same directory ([#5915](https://github.com/containers/libpod/issues/5915)) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/podman-1.9.1/changelog.txt new/podman-1.9.3/changelog.txt --- old/podman-1.9.1/changelog.txt 2020-04-28 22:29:37.000000000 +0200 +++ new/podman-1.9.3/changelog.txt 2020-05-22 19:34:31.000000000 +0200 @@ -1,3 +1,27 @@ +- Changelog for v1.9.3 (2020-05-22): + * Update release notes for v1.9.3 + * Turn off 'noexec' option by default for named volumes + * Fix mountpont in SecretMountsWithUIDGID + * Fix EOM for SendFile + * vendor to containers/buildah 1.14.9 + +- Changelog for v1.9.2 (2020-05-13): + * Add release notes for v1.9.2 + * cgroup: skip unified if we are using v1 + * [1.9] vendor github.com/containers/common@v0.8.4 + * Add HairpinMode to our CNI configs + * Set pids-limit to 0 on non cgroupv2 rootless systems + * [1.9] add --conmon-pidfile/--cidfile system test + * Fix handling of overridden paths from database + * Add command to build podman-remote-static + * Set up ulimits for rootless containers. + * User specified environment after other environments are set + * rootless: move ns open before fork + * rootlessport: use two different channels + * Fixes podman save fails when specifying an image using a digest #5234 + * Bump to v1.9.1 + * Update vendor to containers/common v0.8.2 + - Changelog for v1.9.1 (2020-04-28): * Update release notes for v1.9.1 * separate healthcheck and container log paths diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/podman-1.9.1/cmd/podman/commands.go new/podman-1.9.3/cmd/podman/commands.go --- old/podman-1.9.1/cmd/podman/commands.go 2020-04-28 22:29:37.000000000 +0200 +++ new/podman-1.9.3/cmd/podman/commands.go 2020-05-22 19:34:31.000000000 +0200 @@ -7,6 +7,7 @@ "os" "github.com/containers/buildah/pkg/parse" + "github.com/containers/common/pkg/config" "github.com/containers/libpod/pkg/apparmor" "github.com/containers/libpod/pkg/cgroups" "github.com/containers/libpod/pkg/rootless" @@ -179,10 +180,13 @@ func getDefaultPidsLimit() int64 { if rootless.IsRootless() { - cgroup2, _ := cgroups.IsCgroup2UnifiedMode() - if cgroup2 { - return defaultContainerConfig.Containers.PidsLimit + if defaultContainerConfig.Engine.CgroupManager == config.SystemdCgroupsManager { + cgroup2, _ := cgroups.IsCgroup2UnifiedMode() + if cgroup2 { + return defaultContainerConfig.Containers.PidsLimit + } } + return 0 } return sysinfo.GetDefaultPidsLimit() } diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/podman-1.9.1/cni/87-podman-bridge.conflist new/podman-1.9.3/cni/87-podman-bridge.conflist --- old/podman-1.9.1/cni/87-podman-bridge.conflist 2020-04-28 22:29:37.000000000 +0200 +++ new/podman-1.9.3/cni/87-podman-bridge.conflist 2020-05-22 19:34:31.000000000 +0200 @@ -7,6 +7,7 @@ "bridge": "cni-podman0", "isGateway": true, "ipMasq": true, + "hairpinMode": true, "ipam": { "type": "host-local", "routes": [{ "dst": "0.0.0.0/0" }], diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/podman-1.9.1/go.mod new/podman-1.9.3/go.mod --- old/podman-1.9.1/go.mod 2020-04-28 22:29:37.000000000 +0200 +++ new/podman-1.9.3/go.mod 2020-05-22 19:34:31.000000000 +0200 @@ -9,8 +9,8 @@ github.com/codahale/hdrhistogram v0.0.0-20161010025455-3a0bb77429bd // indirect github.com/containernetworking/cni v0.7.2-0.20200304161608-4fae32b84921 github.com/containernetworking/plugins v0.8.5 - github.com/containers/buildah v1.14.8 - github.com/containers/common v0.8.2 + github.com/containers/buildah v1.14.9 + github.com/containers/common v0.8.4 github.com/containers/conmon v2.0.14+incompatible github.com/containers/image/v5 v5.4.3 github.com/containers/psgo v1.4.0 diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/podman-1.9.1/go.sum new/podman-1.9.3/go.sum --- old/podman-1.9.1/go.sum 2020-04-28 22:29:37.000000000 +0200 +++ new/podman-1.9.3/go.sum 2020-05-22 19:34:31.000000000 +0200 @@ -63,12 +63,10 @@ github.com/containernetworking/cni v0.7.2-0.20200304161608-4fae32b84921/go.mod h1:LGwApLUm2FpoOfxTDEeq8T9ipbpZ61X79hmU3w8FmsY= github.com/containernetworking/plugins v0.8.5 h1:pCvEMrFf7yzJI8+/D/7jkvE96KD52b7/Eu+jpahihy8= github.com/containernetworking/plugins v0.8.5/go.mod h1:UZ2539umj8djuRQmBxuazHeJbYrLV8BSBejkk+she6o= -github.com/containers/buildah v1.14.8 h1:JbMI0QSOmyZ30Mr2633uCXAj+Fajgh/EFS9xX/Y14oQ= -github.com/containers/buildah v1.14.8/go.mod h1:ytEjHJQnRXC1ygXMyc0FqYkjcoCydqBQkOdxbH563QU= -github.com/containers/common v0.8.1 h1:1IUwAtZ4mC7GYRr4AC23cHf2oXCuoLzTUoSzIkSgnYw= -github.com/containers/common v0.8.1/go.mod h1:VxDJbaA1k6N1TNv9Rt6bQEF4hyKVHNfOfGA5L91ADEs= -github.com/containers/common v0.8.2 h1:TzbHcY1C6xAcZyPk0UJLAKVpW77AUkw5DWoApWB8Ge8= -github.com/containers/common v0.8.2/go.mod h1:VxDJbaA1k6N1TNv9Rt6bQEF4hyKVHNfOfGA5L91ADEs= +github.com/containers/buildah v1.14.9 h1:4YNSgXe+KobqMyu6uiUXFu6jHqHAqpT/mnqpEEPwP9A= +github.com/containers/buildah v1.14.9/go.mod h1:dw9G+L7OAZBdcGTshqNGIrIbChPZfWd3VlBBfEFPE50= +github.com/containers/common v0.8.4 h1:G9eNXQHUfZWkEOKaKDpXmDTcjVYc04K77dZe197SH44= +github.com/containers/common v0.8.4/go.mod h1:VxDJbaA1k6N1TNv9Rt6bQEF4hyKVHNfOfGA5L91ADEs= github.com/containers/conmon v2.0.14+incompatible h1:knU1O1QxXy5YxtjMQVKEyCajROaehizK9FHaICl+P5Y= github.com/containers/conmon v2.0.14+incompatible/go.mod h1:hgwZ2mtuDrppv78a/cOBNiCm6O0UMWGx1mu7P00nu5I= github.com/containers/image/v5 v5.4.3 h1:zn2HR7uu4hpvT5QQHgjqonOzKDuM1I1UHUEmzZT5sbs= diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/podman-1.9.1/libpod/container_internal_linux.go new/podman-1.9.3/libpod/container_internal_linux.go --- old/podman-1.9.1/libpod/container_internal_linux.go 2020-04-28 22:29:37.000000000 +0200 +++ new/podman-1.9.3/libpod/container_internal_linux.go 2020-05-22 19:34:31.000000000 +0200 @@ -1229,7 +1229,7 @@ } // Add Secret Mounts - secretMounts := secrets.SecretMountsWithUIDGID(c.config.MountLabel, c.state.RunDir, c.runtime.config.Containers.DefaultMountsFile, c.state.RunDir, c.RootUID(), c.RootGID(), rootless.IsRootless(), false) + secretMounts := secrets.SecretMountsWithUIDGID(c.config.MountLabel, c.state.RunDir, c.runtime.config.Containers.DefaultMountsFile, c.state.Mountpoint, c.RootUID(), c.RootGID(), rootless.IsRootless(), false) for _, mount := range secretMounts { if _, ok := c.state.BindMounts[mount.Destination]; !ok { c.state.BindMounts[mount.Destination] = mount.Source diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/podman-1.9.1/libpod/image/image.go new/podman-1.9.3/libpod/image/image.go --- old/podman-1.9.1/libpod/image/image.go 2020-04-28 22:29:37.000000000 +0200 +++ new/podman-1.9.3/libpod/image/image.go 2020-05-22 19:34:31.000000000 +0200 @@ -1412,14 +1412,14 @@ } manifestType = manifest.DockerV2Schema2MediaType case "docker-archive", "": - dst := output destImageName := imageNameForSaveDestination(i, source) - if destImageName != "" { - dst = fmt.Sprintf("%s:%s", dst, destImageName) + ref, err := dockerArchiveDstReference(destImageName) + if err != nil { + return err } - destRef, err = dockerarchive.ParseReference(dst) // FIXME? Add dockerarchive.NewReference + destRef, err = dockerarchive.NewReference(output, ref) if err != nil { - return errors.Wrapf(err, "error getting Docker archive ImageReference for %q", dst) + return errors.Wrapf(err, "error getting Docker archive ImageReference for %s:%v", output, ref) } default: return errors.Errorf("unknown format option %q", format) @@ -1439,6 +1439,23 @@ return nil } +// dockerArchiveDestReference returns a NamedTagged reference for a tagged image and nil for untagged image. +func dockerArchiveDstReference(normalizedInput string) (reference.NamedTagged, error) { + if normalizedInput == "" { + return nil, nil + } + ref, err := reference.ParseNormalizedNamed(normalizedInput) + if err != nil { + return nil, errors.Wrapf(err, "docker-archive parsing reference %s", normalizedInput) + } + ref = reference.TagNameOnly(ref) + namedTagged, isTagged := ref.(reference.NamedTagged) + if !isTagged { + namedTagged = nil + } + return namedTagged, nil +} + // GetConfigBlob returns a schema2image. If the image is not a schema2, then // it will return an error func (i *Image) GetConfigBlob(ctx context.Context) (*manifest.Schema2Image, error) { diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/podman-1.9.1/libpod/runtime.go new/podman-1.9.3/libpod/runtime.go --- old/podman-1.9.1/libpod/runtime.go 2020-04-28 22:29:37.000000000 +0200 +++ new/podman-1.9.3/libpod/runtime.go 2020-05-22 19:34:31.000000000 +0200 @@ -763,7 +763,7 @@ // mergeDBConfig merges the configuration from the database. func (r *Runtime) mergeDBConfig(dbConfig *DBConfig) error { - c := r.config.Engine + c := &r.config.Engine if !r.storageSet.RunRootSet && dbConfig.StorageTmp != "" { if r.storageConfig.RunRoot != dbConfig.StorageTmp && r.storageConfig.RunRoot != "" { diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/podman-1.9.1/pkg/cgroups/cgroups.go new/podman-1.9.3/pkg/cgroups/cgroups.go --- old/podman-1.9.1/pkg/cgroups/cgroups.go 2020-04-28 22:29:37.000000000 +0200 +++ new/podman-1.9.3/pkg/cgroups/cgroups.go 2020-05-22 19:34:31.000000000 +0200 @@ -517,6 +517,10 @@ } for _, n := range names { + // If we aren't using cgroup2, we won't write correctly to unified hierarchy + if !c.cgroup2 && n == "unified" { + continue + } p := filepath.Join(c.getCgroupv1Path(n), "tasks") if err := ioutil.WriteFile(p, pidString, 0644); err != nil { return errors.Wrapf(err, "write %s", p) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/podman-1.9.1/pkg/network/netconflist.go new/podman-1.9.3/pkg/network/netconflist.go --- old/podman-1.9.1/pkg/network/netconflist.go 2020-04-28 22:29:37.000000000 +0200 +++ new/podman-1.9.3/pkg/network/netconflist.go 2020-05-22 19:34:31.000000000 +0200 @@ -21,10 +21,11 @@ // NewHostLocalBridge creates a new LocalBridge for host-local func NewHostLocalBridge(name string, isGateWay, isDefaultGW, ipMasq bool, ipamConf IPAMHostLocalConf) *HostLocalBridge { hostLocalBridge := HostLocalBridge{ - PluginType: "bridge", - BrName: name, - IPMasq: ipMasq, - IPAM: ipamConf, + PluginType: "bridge", + BrName: name, + IPMasq: ipMasq, + HairpinMode: true, + IPAM: ipamConf, } if isGateWay { hostLocalBridge.IsGW = true diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/podman-1.9.1/pkg/rootless/rootless_linux.c new/podman-1.9.3/pkg/rootless/rootless_linux.c --- old/podman-1.9.1/pkg/rootless/rootless_linux.c 2020-04-28 22:29:37.000000000 +0200 +++ new/podman-1.9.3/pkg/rootless/rootless_linux.c 2020-05-22 19:34:31.000000000 +0200 @@ -535,32 +535,30 @@ } } -static void -join_namespace_or_die (int pid_to_join, const char *ns_file) +static int +open_namespace (int pid_to_join, const char *ns_file) { char ns_path[PATH_MAX]; int ret; - int fd; ret = snprintf (ns_path, PATH_MAX, "/proc/%d/ns/%s", pid_to_join, ns_file); if (ret == PATH_MAX) { fprintf (stderr, "internal error: namespace path too long\n"); - _exit (EXIT_FAILURE); + return -1; } - fd = open (ns_path, O_CLOEXEC | O_RDONLY); - if (fd < 0) - { - fprintf (stderr, "cannot open: %s\n", ns_path); - _exit (EXIT_FAILURE); - } - if (setns (fd, 0) < 0) + return open (ns_path, O_CLOEXEC | O_RDONLY); +} + +static void +join_namespace_or_die (const char *name, int ns_fd) +{ + if (setns (ns_fd, 0) < 0) { - fprintf (stderr, "cannot set namespace to %s: %s\n", ns_path, strerror (errno)); + fprintf (stderr, "cannot set %s namespace\n", name); _exit (EXIT_FAILURE); } - close (fd); } int @@ -570,6 +568,8 @@ char gid[16]; char **argv; int pid; + int mnt_ns = -1; + int user_ns = -1; char *cwd = getcwd (NULL, 0); sigset_t sigset, oldsigset; @@ -589,14 +589,28 @@ _exit (EXIT_FAILURE); } + user_ns = open_namespace (pid_to_join, "user"); + if (user_ns < 0) + return user_ns; + mnt_ns = open_namespace (pid_to_join, "mnt"); + if (mnt_ns < 0) + { + close (user_ns); + return mnt_ns; + } + pid = fork (); if (pid < 0) fprintf (stderr, "cannot fork: %s\n", strerror (errno)); if (pid) { - /* We passed down these fds, close them. */ int f; + + /* We passed down these fds, close them. */ + close (user_ns); + close (mnt_ns); + for (f = 3; f < open_files_max_fd; f++) if (open_files_set == NULL || FD_ISSET (f % FD_SETSIZE, &(open_files_set[f / FD_SETSIZE]))) close (f); @@ -634,8 +648,10 @@ _exit (EXIT_FAILURE); } - join_namespace_or_die (pid_to_join, "user"); - join_namespace_or_die (pid_to_join, "mnt"); + join_namespace_or_die ("user", user_ns); + join_namespace_or_die ("mnt", mnt_ns); + close (user_ns); + close (mnt_ns); if (syscall_setresgid (0, 0, 0) < 0) { diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/podman-1.9.1/pkg/rootlessport/rootlessport_linux.go new/podman-1.9.3/pkg/rootlessport/rootlessport_linux.go --- old/podman-1.9.1/pkg/rootlessport/rootlessport_linux.go 2020-04-28 22:29:37.000000000 +0200 +++ new/podman-1.9.3/pkg/rootlessport/rootlessport_linux.go 2020-05-22 19:34:31.000000000 +0200 @@ -102,25 +102,27 @@ return err } - sigC := make(chan os.Signal, 1) - signal.Notify(sigC, unix.SIGPIPE) - defer func() { - // dummy signal to terminate the goroutine - sigC <- unix.SIGKILL - }() + exitC := make(chan os.Signal, 1) + defer close(exitC) + go func() { + sigC := make(chan os.Signal, 1) + signal.Notify(sigC, unix.SIGPIPE) defer func() { signal.Stop(sigC) close(sigC) }() - s := <-sigC - if s == unix.SIGPIPE { - if f, err := os.OpenFile("/dev/null", os.O_WRONLY, 0755); err == nil { - unix.Dup2(int(f.Fd()), 1) // nolint:errcheck - unix.Dup2(int(f.Fd()), 2) // nolint:errcheck - f.Close() + select { + case s := <-sigC: + if s == unix.SIGPIPE { + if f, err := os.OpenFile("/dev/null", os.O_WRONLY, 0755); err == nil { + unix.Dup2(int(f.Fd()), 1) // nolint:errcheck + unix.Dup2(int(f.Fd()), 2) // nolint:errcheck + f.Close() + } } + case <-exitC: } }() diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/podman-1.9.1/pkg/spec/config_linux.go new/podman-1.9.3/pkg/spec/config_linux.go --- old/podman-1.9.1/pkg/spec/config_linux.go 2020-04-28 22:29:37.000000000 +0200 +++ new/podman-1.9.3/pkg/spec/config_linux.go 2020-05-22 19:34:31.000000000 +0200 @@ -16,6 +16,7 @@ spec "github.com/opencontainers/runtime-spec/specs-go" "github.com/opencontainers/runtime-tools/generate" "github.com/pkg/errors" + "github.com/sirupsen/logrus" "golang.org/x/sys/unix" ) @@ -366,3 +367,27 @@ err := unix.Stat(path, &s) return s, err } + +func getNOFILESettings() (uint64, uint64) { + if rootless.IsRootless() { + var rlimit unix.Rlimit + if err := unix.Getrlimit(unix.RLIMIT_NOFILE, &rlimit); err == nil { + return rlimit.Cur, rlimit.Max + } else { + logrus.Warnf("failed to return RLIMIT_NOFILE ulimit %q", err) + } + } + return kernelMax, kernelMax +} + +func getNPROCSettings() (uint64, uint64) { + if rootless.IsRootless() { + var rlimit unix.Rlimit + if err := unix.Getrlimit(unix.RLIMIT_NPROC, &rlimit); err == nil { + return rlimit.Cur, rlimit.Max + } else { + logrus.Warnf("failed to return RLIMIT_NPROC ulimit %q", err) + } + } + return kernelMax, kernelMax +} diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/podman-1.9.1/pkg/spec/config_unsupported.go new/podman-1.9.3/pkg/spec/config_unsupported.go --- old/podman-1.9.1/pkg/spec/config_unsupported.go 2020-04-28 22:29:37.000000000 +0200 +++ new/podman-1.9.3/pkg/spec/config_unsupported.go 2020-05-22 19:34:31.000000000 +0200 @@ -34,3 +34,11 @@ func deviceCgroupRules(g *generate.Generator, deviceCgroupRules []string) error { return errors.New("function not implemented") } + +func getNOFILESettings() (uint64, uint64) { + return kernelMax, kernelMax +} + +func getNPROCSettings() (uint64, uint64) { + return kernelMax, kernelMax +} diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/podman-1.9.1/pkg/spec/spec.go new/podman-1.9.3/pkg/spec/spec.go --- old/podman-1.9.1/pkg/spec/spec.go 2020-04-28 22:29:37.000000000 +0200 +++ new/podman-1.9.3/pkg/spec/spec.go 2020-05-22 19:34:31.000000000 +0200 @@ -18,7 +18,10 @@ "github.com/pkg/errors" ) -const CpuPeriod = 100000 +const ( + CpuPeriod = 100000 + kernelMax uint64 = 1048576 +) func GetAvailableGids() (int64, error) { idMap, err := user.ParseIDMapFile("/proc/self/gid_map") @@ -326,10 +329,6 @@ } defaultEnv = env.Join(env.DefaultEnvVariables, defaultEnv) } - config.Env = env.Join(defaultEnv, config.Env) - for name, val := range config.Env { - g.AddProcessEnv(name, val) - } if err := addRlimits(config, &g); err != nil { return nil, err @@ -360,6 +359,11 @@ if err := config.Cgroup.ConfigureGenerator(&g); err != nil { return nil, err } + + config.Env = env.Join(defaultEnv, config.Env) + for name, val := range config.Env { + g.AddProcessEnv(name, val) + } configSpec := g.Config // If the container image specifies an label with a @@ -501,10 +505,8 @@ func addRlimits(config *CreateConfig, g *generate.Generator) error { var ( - kernelMax uint64 = 1048576 - isRootless = rootless.IsRootless() - nofileSet = false - nprocSet = false + nofileSet = false + nprocSet = false ) for _, u := range config.Resources.Ulimit { @@ -533,11 +535,13 @@ // If not explicitly overridden by the user, default number of open // files and number of processes to the maximum they can be set to // (without overriding a sysctl) - if !nofileSet && !isRootless { - g.AddProcessRlimits("RLIMIT_NOFILE", kernelMax, kernelMax) - } - if !nprocSet && !isRootless { - g.AddProcessRlimits("RLIMIT_NPROC", kernelMax, kernelMax) + if !nofileSet { + current, max := getNOFILESettings() + g.AddProcessRlimits("RLIMIT_NOFILE", current, max) + } + if !nprocSet { + current, max := getNPROCSettings() + g.AddProcessRlimits("RLIMIT_NPROC", current, max) } return nil diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/podman-1.9.1/pkg/util/mountOpts_linux.go new/podman-1.9.3/pkg/util/mountOpts_linux.go --- old/podman-1.9.1/pkg/util/mountOpts_linux.go 2020-04-28 22:29:37.000000000 +0200 +++ new/podman-1.9.3/pkg/util/mountOpts_linux.go 2020-05-22 19:34:31.000000000 +0200 @@ -7,7 +7,7 @@ ) func getDefaultMountOptions(path string) (defaultMountOptions, error) { - opts := defaultMountOptions{true, true, true} + opts := defaultMountOptions{false, true, true} if path == "" { return opts, nil } diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/podman-1.9.1/pkg/varlinkapi/transfers.go new/podman-1.9.3/pkg/varlinkapi/transfers.go --- old/podman-1.9.1/pkg/varlinkapi/transfers.go 2020-04-28 22:29:37.000000000 +0200 +++ new/podman-1.9.3/pkg/varlinkapi/transfers.go 2020-05-22 19:34:31.000000000 +0200 @@ -4,6 +4,7 @@ import ( "bufio" + "fmt" "io" "io/ioutil" "os" @@ -39,7 +40,7 @@ logrus.Debugf("successfully received %s", outputFile.Name()) // Send an ACK to the client - call.Call.Writer.WriteString(outputFile.Name()) + call.Call.Writer.WriteString(fmt.Sprintf("%s:", outputFile.Name())) call.Call.Writer.Flush() return nil diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/podman-1.9.1/test/e2e/create_test.go new/podman-1.9.3/test/e2e/create_test.go --- old/podman-1.9.1/test/e2e/create_test.go 2020-04-28 22:29:37.000000000 +0200 +++ new/podman-1.9.3/test/e2e/create_test.go 2020-05-22 19:34:31.000000000 +0200 @@ -205,7 +205,7 @@ session = podmanTest.Podman([]string{"logs", "test_tmpfs"}) session.WaitWithDefaultTimeout() Expect(session.ExitCode()).To(Equal(0)) - Expect(session.OutputToString()).To(ContainSubstring("/create/test rw,nosuid,nodev,noexec,relatime - tmpfs")) + Expect(session.OutputToString()).To(ContainSubstring("/create/test rw,nosuid,nodev,relatime - tmpfs")) }) It("podman create --pod automatically", func() { diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/podman-1.9.1/test/e2e/run_volume_test.go new/podman-1.9.3/test/e2e/run_volume_test.go --- old/podman-1.9.1/test/e2e/run_volume_test.go 2020-04-28 22:29:37.000000000 +0200 +++ new/podman-1.9.3/test/e2e/run_volume_test.go 2020-05-22 19:34:31.000000000 +0200 @@ -117,7 +117,7 @@ session = podmanTest.Podman([]string{"run", "--rm", "--mount", "type=tmpfs,target=" + dest, ALPINE, "grep", dest, "/proc/self/mountinfo"}) session.WaitWithDefaultTimeout() Expect(session.ExitCode()).To(Equal(0)) - Expect(session.OutputToString()).To(ContainSubstring(dest + " rw,nosuid,nodev,noexec,relatime - tmpfs")) + Expect(session.OutputToString()).To(ContainSubstring(dest + " rw,nosuid,nodev,relatime - tmpfs")) session = podmanTest.Podman([]string{"run", "--rm", "--mount", "type=tmpfs,target=/etc/ssl,tmpcopyup", ALPINE, "ls", "/etc/ssl"}) session.WaitWithDefaultTimeout() diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/podman-1.9.1/test/e2e/save_test.go new/podman-1.9.3/test/e2e/save_test.go --- old/podman-1.9.1/test/e2e/save_test.go 2020-04-28 22:29:37.000000000 +0200 +++ new/podman-1.9.3/test/e2e/save_test.go 2020-05-22 19:34:31.000000000 +0200 @@ -116,4 +116,16 @@ Expect(save).To(ExitWithError()) }) + It("podman save image with digest reference", func() { + // pull a digest reference + session := podmanTest.PodmanNoCache([]string{"pull", ALPINELISTDIGEST}) + session.WaitWithDefaultTimeout() + Expect(session.ExitCode()).To(Equal(0)) + + // save a digest reference should exit without error. + outfile := filepath.Join(podmanTest.TempDir, "temp.tar") + save := podmanTest.PodmanNoCache([]string{"save", "-o", outfile, ALPINELISTDIGEST}) + save.WaitWithDefaultTimeout() + Expect(save.ExitCode()).To(Equal(0)) + }) }) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/podman-1.9.1/test/system/030-run.bats new/podman-1.9.3/test/system/030-run.bats --- old/podman-1.9.1/test/system/030-run.bats 2020-04-28 22:29:37.000000000 +0200 +++ new/podman-1.9.3/test/system/030-run.bats 2020-05-22 19:34:31.000000000 +0200 @@ -158,4 +158,20 @@ run_podman 1 image exists $NONLOCAL_IMAGE } +# 'run --conmon-pidfile --cid-file' makes sure we don't regress on these flags. +# Both are critical for systemd units. +@test "podman run --conmon-pidfile --cidfile" { + pid=$(mktemp) + cid=$(mktemp) + + # CID file exists -> expected to fail. + run_podman 125 run --rm --conmon-pidfile=$pid --cidfile=$cid $IMAGE ls + + rm $pid $cid + run_podman run --name keepme --conmon-pidfile=$pid --cidfile=$cid --detach $IMAGE sleep infinity + stat $pid $cid + run_podman rm -f keepme + rm $pid $cid +} + # vim: filetype=sh diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/podman-1.9.1/test/system/160-volumes.bats new/podman-1.9.3/test/system/160-volumes.bats --- old/podman-1.9.1/test/system/160-volumes.bats 1970-01-01 01:00:00.000000000 +0100 +++ new/podman-1.9.3/test/system/160-volumes.bats 2020-05-22 19:34:31.000000000 +0200 @@ -0,0 +1,164 @@ +#!/usr/bin/env bats -*- bats -*- +# +# podman volume-related tests +# + +load helpers + +function setup() { + basic_setup + + run_podman '?' volume rm -a +} + +function teardown() { + run_podman '?' rm -a --volumes + run_podman '?' volume rm -a -f + + basic_teardown +} + + +# Simple volume tests: share files between host and container +@test "podman run --volumes : basic" { + skip_if_remote "volumes cannot be shared across hosts" + + # Create three temporary directories + vol1=${PODMAN_TMPDIR}/v1_$(random_string) + vol2=${PODMAN_TMPDIR}/v2_$(random_string) + vol3=${PODMAN_TMPDIR}/v3_$(random_string) + mkdir $vol1 $vol2 $vol3 + + # In each directory, write a random string to a file + echo $(random_string) >$vol1/file1_in + echo $(random_string) >$vol2/file2_in + echo $(random_string) >$vol3/file3_in + + # Run 'cat' on each file, and compare against local files. Mix -v / --volume + # flags, and specify them out of order just for grins. The shell wildcard + # expansion must sort vol1/2/3 lexically regardless. + v_opts="-v $vol1:/vol1:z --volume $vol3:/vol3:z -v $vol2:/vol2:z" + run_podman run --rm $v_opts $IMAGE sh -c "cat /vol?/file?_in" + + for i in 1 2 3; do + eval voldir=\$vol${i} + is "${lines[$(($i - 1))]}" "$(< $voldir/file${i}_in)" \ + "contents of /vol${i}/file${i}_in" + done + + # Confirm that container sees vol1 as a mount point + run_podman run --rm $v_opts $IMAGE mount + is "$output" ".* on /vol1 type .*" "'mount' in container lists vol1" + + # Have the container do write operations, confirm them on host + out1=$(random_string) + run_podman run --rm $v_opts $IMAGE sh -c "echo $out1 >/vol1/file1_out; + cp /vol2/file2_in /vol3/file3_out" + is "$(<$vol1/file1_out)" "$out1" "contents of /vol1/file1_out" + is "$(<$vol3/file3_out)" "$(<$vol2/file2_in)" "contents of /vol3/file3_out" + + # Writing to read-only volumes: not allowed + run_podman 1 run --rm -v $vol1:/vol1ro:z,ro $IMAGE sh -c "touch /vol1ro/abc" + is "$output" ".*Read-only file system" "touch on read-only volume" +} + + +# Running scripts (executables) from a volume +@test "podman volume: exec/noexec" { + myvolume=myvol$(random_string) + + run_podman volume create $myvolume + is "$output" "$myvolume" "output from volume create" + + run_podman volume inspect --format '{{.Mountpoint}}' $myvolume + mountpoint="$output" + + # Create a script, make it runnable + rand=$(random_string) + cat >$mountpoint/myscript <<EOF +#!/bin/sh +echo "got here -$rand-" +EOF + chmod 755 $mountpoint/myscript + + # By default, volumes are mounted exec, but we have manually added the + # noexec option. This should fail. + # ARGH. Unfortunately, runc (used for cgroups v1) produces a different error + local expect_rc=126 + local expect_msg='.* OCI runtime permission denied.*' + run_podman info --format '{{ .Host.OCIRuntime.Path }}' + if expr "$output" : ".*/runc"; then + expect_rc=1 + expect_msg='.* exec user process caused.*permission denied' + fi + + run_podman ${expect_rc} run --rm --volume $myvolume:/vol:noexec,z $IMAGE /vol/myscript + is "$output" "$expect_msg" "run on volume, noexec" + + # With the default, it should pass + run_podman run --rm -v $myvolume:/vol:z $IMAGE /vol/myscript + is "$output" "got here -$rand-" "script in volume is runnable with default (exec)" + + # Clean up + run_podman volume rm $myvolume +} + + +# Confirm that container sees the correct id +@test "podman volume with --userns=keep-id" { + is_rootless || skip "only meaningful when run rootless" + + myvoldir=${PODMAN_TMPDIR}/volume_$(random_string) + mkdir $myvoldir + touch $myvoldir/myfile + + # With keep-id + run_podman run --rm -v $myvoldir:/vol:z --userns=keep-id $IMAGE \ + stat -c "%u:%s" /vol/myfile + is "$output" "$(id -u):0" "with keep-id: stat(file in container) == my uid" + + # Without + run_podman run --rm -v $myvoldir:/vol:z $IMAGE \ + stat -c "%u:%s" /vol/myfile + is "$output" "0:0" "w/o keep-id: stat(file in container) == root" +} + + +# 'volume prune' identifies and cleans up unused volumes +@test "podman volume prune" { + # Create four named volumes + local -a v=() + for i in 1 2 3 4;do + vol=myvol${i}$(random_string) + v[$i]=$vol + run_podman volume create $vol + done + + # Run two containers: one mounting v1, one mounting v2 & v3 + run_podman run --name c1 --volume ${v[1]}:/vol1 $IMAGE date + run_podman run --name c2 --volume ${v[2]}:/vol2 -v ${v[3]}:/vol3 \ + $IMAGE date + + # prune should remove v4 + run_podman volume prune --force + is "$output" "${v[4]}" "volume prune, with 1, 2, 3 in use, deletes only 4" + + # Remove the container using v2 and v3. Prune should now remove those. + # The 'echo sort' is to get the output sorted and in one line. + run_podman rm c2 + run_podman volume prune --force + is "$(echo $(sort <<<$output))" "${v[2]} ${v[3]}" \ + "volume prune, after rm c2, deletes volumes 2 and 3" + + # Remove the final container. Prune should now remove v1. + run_podman rm c1 + run_podman volume prune --force + is "$output" "${v[1]}" "volume prune, after rm c2 & c1, deletes volume 1" + + # Further prunes are NOPs + run_podman volume prune --force + is "$output" "" "no more volumes to prune" +} + + +# vim: filetype=sh diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/podman-1.9.1/vendor/github.com/containers/buildah/CHANGELOG.md new/podman-1.9.3/vendor/github.com/containers/buildah/CHANGELOG.md --- old/podman-1.9.1/vendor/github.com/containers/buildah/CHANGELOG.md 2020-04-28 22:29:37.000000000 +0200 +++ new/podman-1.9.3/vendor/github.com/containers/buildah/CHANGELOG.md 2020-05-22 19:34:31.000000000 +0200 @@ -2,6 +2,9 @@ # Changelog +## v1.14.9 (2020-05-11) + Bump github.com/containers/common to 0.8.4 + ## v1.14.8 (2020-04-09) Run (make vendor) Run (make -C tests/tools vendor) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/podman-1.9.1/vendor/github.com/containers/buildah/buildah.go new/podman-1.9.3/vendor/github.com/containers/buildah/buildah.go --- old/podman-1.9.1/vendor/github.com/containers/buildah/buildah.go 2020-04-28 22:29:37.000000000 +0200 +++ new/podman-1.9.3/vendor/github.com/containers/buildah/buildah.go 2020-05-22 19:34:31.000000000 +0200 @@ -27,7 +27,7 @@ Package = "buildah" // Version for the Package. Bump version in contrib/rpm/buildah.spec // too. - Version = "1.14.8" + Version = "1.14.9" // The value we use to identify what type of information, currently a // serialized Builder structure, we are using as per-container state. // This should only be changed when we make incompatible changes to diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/podman-1.9.1/vendor/github.com/containers/buildah/go.mod new/podman-1.9.3/vendor/github.com/containers/buildah/go.mod --- old/podman-1.9.1/vendor/github.com/containers/buildah/go.mod 2020-04-28 22:29:37.000000000 +0200 +++ new/podman-1.9.3/vendor/github.com/containers/buildah/go.mod 2020-05-22 19:34:31.000000000 +0200 @@ -4,7 +4,7 @@ require ( github.com/containernetworking/cni v0.7.2-0.20190904153231-83439463f784 - github.com/containers/common v0.8.1 + github.com/containers/common v0.8.4 github.com/containers/image/v5 v5.4.3 github.com/containers/storage v1.18.2 github.com/cyphar/filepath-securejoin v0.2.2 diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/podman-1.9.1/vendor/github.com/containers/buildah/go.sum new/podman-1.9.3/vendor/github.com/containers/buildah/go.sum --- old/podman-1.9.1/vendor/github.com/containers/buildah/go.sum 2020-04-28 22:29:37.000000000 +0200 +++ new/podman-1.9.3/vendor/github.com/containers/buildah/go.sum 2020-05-22 19:34:31.000000000 +0200 @@ -47,8 +47,8 @@ github.com/containerd/typeurl v0.0.0-20180627222232-a93fcdb778cd/go.mod h1:Cm3kwCdlkCfMSHURc+r6fwoGH6/F1hH3S4sg0rLFWPc= github.com/containernetworking/cni v0.7.2-0.20190904153231-83439463f784 h1:rqUVLD8I859xRgUx/WMC3v7QAFqbLKZbs+0kqYboRJc= github.com/containernetworking/cni v0.7.2-0.20190904153231-83439463f784/go.mod h1:LGwApLUm2FpoOfxTDEeq8T9ipbpZ61X79hmU3w8FmsY= -github.com/containers/common v0.8.1 h1:1IUwAtZ4mC7GYRr4AC23cHf2oXCuoLzTUoSzIkSgnYw= -github.com/containers/common v0.8.1/go.mod h1:VxDJbaA1k6N1TNv9Rt6bQEF4hyKVHNfOfGA5L91ADEs= +github.com/containers/common v0.8.4 h1:G9eNXQHUfZWkEOKaKDpXmDTcjVYc04K77dZe197SH44= +github.com/containers/common v0.8.4/go.mod h1:VxDJbaA1k6N1TNv9Rt6bQEF4hyKVHNfOfGA5L91ADEs= github.com/containers/image/v5 v5.4.3 h1:zn2HR7uu4hpvT5QQHgjqonOzKDuM1I1UHUEmzZT5sbs= github.com/containers/image/v5 v5.4.3/go.mod h1:pN0tvp3YbDd7BWavK2aE0mvJUqVd2HmhPjekyWSFm0U= github.com/containers/libtrust v0.0.0-20190913040956-14b96171aa3b h1:Q8ePgVfHDplZ7U33NwHZkrVELsZP5fYj9pM5WBZB2GE= diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/podman-1.9.1/vendor/github.com/containers/common/pkg/config/config.go new/podman-1.9.3/vendor/github.com/containers/common/pkg/config/config.go --- old/podman-1.9.1/vendor/github.com/containers/common/pkg/config/config.go 2020-04-28 22:29:37.000000000 +0200 +++ new/podman-1.9.3/vendor/github.com/containers/common/pkg/config/config.go 2020-05-22 19:34:31.000000000 +0200 @@ -19,12 +19,15 @@ ) const ( + // _configPath is the path to the containers/containers.conf + // inside a given config directory. + _configPath = "containers/containers.conf" // DefaultContainersConfig holds the default containers config path - DefaultContainersConfig = "/usr/share/containers/containers.conf" + DefaultContainersConfig = "/usr/share/" + _configPath // OverrideContainersConfig holds the default config paths overridden by the root user - OverrideContainersConfig = "/etc/containers/containers.conf" + OverrideContainersConfig = "/etc/" + _configPath // UserOverrideContainersConfig holds the containers config path overridden by the rootless user - UserOverrideContainersConfig = ".config/containers/containers.conf" + UserOverrideContainersConfig = ".config/" + _configPath ) // RuntimeStateStore is a constant indicating which state store implementation @@ -435,16 +438,6 @@ if err != nil { return nil, fmt.Errorf("unable to decode configuration %v: %v", path, err) } - if config.Engine.VolumePath != "" { - config.Engine.VolumePathSet = true - } - if config.Engine.StaticDir != "" { - config.Engine.StaticDirSet = true - } - if config.Engine.TmpDir != "" { - config.Engine.TmpDirSet = true - } - return config, err } @@ -854,7 +847,7 @@ func rootlessConfigPath() (string, error) { if configHome := os.Getenv("XDG_CONFIG_HOME"); configHome != "" { - return filepath.Join(configHome, UserOverrideContainersConfig), nil + return filepath.Join(configHome, _configPath), nil } home, err := unshare.HomeDir() if err != nil { diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/podman-1.9.1/vendor/modules.txt new/podman-1.9.3/vendor/modules.txt --- old/podman-1.9.1/vendor/modules.txt 2020-04-28 22:29:37.000000000 +0200 +++ new/podman-1.9.3/vendor/modules.txt 2020-05-22 19:34:31.000000000 +0200 @@ -64,7 +64,7 @@ github.com/containernetworking/plugins/pkg/utils/hwaddr github.com/containernetworking/plugins/plugins/ipam/host-local/backend github.com/containernetworking/plugins/plugins/ipam/host-local/backend/allocator -# github.com/containers/buildah v1.14.8 +# github.com/containers/buildah v1.14.9 github.com/containers/buildah github.com/containers/buildah/bind github.com/containers/buildah/chroot @@ -82,7 +82,7 @@ github.com/containers/buildah/pkg/supplemented github.com/containers/buildah/pkg/umask github.com/containers/buildah/util -# github.com/containers/common v0.8.2 +# github.com/containers/common v0.8.4 github.com/containers/common/pkg/apparmor github.com/containers/common/pkg/capabilities github.com/containers/common/pkg/cgroupv2 diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/podman-1.9.1/version/version.go new/podman-1.9.3/version/version.go --- old/podman-1.9.1/version/version.go 2020-04-28 22:29:37.000000000 +0200 +++ new/podman-1.9.3/version/version.go 2020-05-22 19:34:31.000000000 +0200 @@ -4,7 +4,7 @@ // NOTE: remember to bump the version at the top // of the top-level README.md file when this is // bumped. -const Version = "1.9.1" +const Version = "1.9.3" // RemoteAPIVersion is the version for the remote // client API. It is used to determine compatibility