Linux Security
    Linux Security
    Linux Security

    openSUSE: 2020:2106-1 moderate: buildah

    Date 29 Nov 2020
    491
    Posted By LinuxSecurity Advisories
    --===============5559745400015135941==
    
    Announcement ID:    openSUSE-SU-2020:2106-1
    Rating:             moderate
    References:         #1165184 #1167864 
    Cross-References:   CVE-2019-10214 CVE-2020-10696
    Affected Products:
                        openSUSE Leap 15.1
    ______________________________________________________________________________
    
       An update that fixes two vulnerabilities is now available.
    
    Description:
    
       This update for buildah fixes the following issues:
    
       buildah was updated to v1.17.0 (bsc#1165184):
    
       * Handle cases where other tools mount/unmount containers
       * overlay.MountReadOnly: support RO overlay mounts
       * overlay: use fusermount for rootless umounts
       * overlay: fix umount
       * Switch default log level of Buildah to Warn. Users need to see these
         messages
       * Drop error messages about OCI/Docker format to Warning level
       * build(deps): bump github.com/containers/common from 0.26.0 to 0.26.2
       * tests/testreport: adjust for API break in storage v1.23.6
       * build(deps): bump github.com/containers/storage from 1.23.5 to 1.23.7
       * build(deps): bump github.com/fsouza/go-dockerclient from 1.6.5 to 1.6.6
       * copier: put: ignore Typeflag="g"
       * Use curl to get repo file (fix #2714)
       * build(deps): bump github.com/containers/common from 0.25.0 to 0.26.0
       * build(deps): bump github.com/spf13/cobra from 1.0.0 to 1.1.1
       * Remove docs that refer to bors, since we're not using it
       * Buildah bud should not use stdin by default
       * bump containerd, docker, and golang.org/x/sys
       * Makefile: cross: remove windows.386 target
       * copier.copierHandlerPut: don't check length when there are errors
       * Stop excessive wrapping
       * CI: require that conformance tests pass
       * bump(github.com/openshift/imagebuilder) to v1.1.8
       * Skip tlsVerify insecure BUILD_REGISTRY_SOURCES
       * Fix build path wrong containers/podman#7993
       * refactor pullpolicy to avoid deps
       * build(deps): bump github.com/containers/common from 0.24.0 to 0.25.0
       * CI: run gating tasks with a lot more memory
       * ADD and COPY: descend into excluded directories, sometimes
       * copier: add more context to a couple of error messages
       * copier: check an error earlier
       * copier: log stderr output as debug on success
       * Update nix pin with make nixpkgs
       * Set directory ownership when copied with ID mapping
       * build(deps): bump github.com/sirupsen/logrus from 1.6.0 to 1.7.0
       * build(deps): bump github.com/containers/common from 0.23.0 to 0.24.0
       * Cirrus: Remove bors artifacts
       * Sort build flag definitions alphabetically
       * ADD: only expand archives at the right time
       * Remove configuration for bors
       * Shell Completion for podman build flags
       * Bump c/common to v0.24.0
       * New CI check: xref --help vs man pages
       * CI: re-enable several linters
       * Move --userns-uid-map/--userns-gid-map description into buildah man page
       * add: preserve ownerships and permissions on ADDed archives
       * Makefile: tweak the cross-compile target
       * Bump containers/common to v0.23.0
       * chroot: create bind mount targets 0755 instead of 0700
       * Change call to Split() to safer SplitN()
       * chroot: fix handling of errno seccomp rules
       * build(deps): bump github.com/containers/image/v5 from 5.5.2 to 5.6.0
       * Add In Progress section to contributing
       * integration tests: make sure tests run in ${topdir}/tests
       * Run(): ignore containers.conf's environment configuration
       * Warn when setting healthcheck in OCI format
       * Cirrus: Skip git-validate on branches
       * tools: update git-validation to the latest commit
       * tools: update golangci-lint to v1.18.0
       * Add a few tests of push command
       * Add(): fix handling of relative paths with no ContextDir
       * build(deps): bump github.com/containers/common from 0.21.0 to 0.22.0
       * Lint: Use same linters as podman
       * Validate: reference HEAD
       * Fix buildah mount to display container names not ids
       * Update nix pin with make nixpkgs
       * Add missing --format option in buildah from man page
       * Fix up code based on codespell
       * build(deps): bump github.com/openshift/imagebuilder from 1.1.6 to 1.1.7
       * build(deps): bump github.com/containers/storage from 1.23.4 to 1.23.5
       * Improve buildah completions
       * Cirrus: Fix validate commit epoch
       * Fix bash completion of manifest flags
       * Uniform some man pages
       * Update Buildah Tutorial to address BZ1867426
       * Update bash completion of manifest add sub command
       * copier.Get(): hard link targets shouldn't be relative paths
       * build(deps): bump github.com/onsi/gomega from 1.10.1 to 1.10.2
       * Pass timestamp down to history lines
       * Timestamp gets updated everytime you inspect an image
       * bud.bats: use absolute paths in newly-added tests
       * contrib/cirrus/lib.sh: don't use CN for the hostname
       * tests: Add some tests
       * Update manifest add man page
       * Extend flags of manifest add
       * build(deps): bump github.com/containers/storage from 1.23.3 to 1.23.4
       * build(deps): bump github.com/onsi/ginkgo from 1.14.0 to 1.14.1
       * CI: expand cross-compile checks
    
       Update to v1.16.2:
    
       * fix build on 32bit arches
       * containerImageRef.NewImageSource(): don't always force timestamps
       * Add fuse module warning to image readme
       * Heed our retry delay option values when retrying commit/pull/push
       * Switch to containers/common for seccomp
       * Use --timestamp rather then --omit-timestamp
       * docs: remove outdated notice
       * docs: remove outdated notice
       * build-using-dockerfile: add a hidden --log-rusage flag
       * build(deps): bump github.com/containers/image/v5 from 5.5.1 to 5.5.2
       * Discard ReportWriter if user sets options.Quiet
       * build(deps): bump github.com/containers/common from 0.19.0 to 0.20.3
       * Fix ownership of content copied using COPY --from
       * newTarDigester: zero out timestamps in tar headers
       * Update nix pin with `make nixpkgs`
       * bud.bats: correct .dockerignore integration tests
       * Use pipes for copying
       * run: include stdout in error message
       * run: use the correct error for errors.Wrapf
       * copier: un-export internal types
       * copier: add Mkdir()
       * in_podman: don't get tripped up by $CIRRUS_CHANGE_TITLE
       * docs/buildah-commit.md: tweak some wording, add a --rm example
       * imagebuildah: don???t blank out destination names when COPYing
       * Replace retry functions with common/pkg/retry
       * StageExecutor.historyMatches: compare timestamps using .Equal
       * Update vendor of containers/common
       * Fix errors found in coverity scan
       * Change namespace handling flags to better match podman commands
       * conformance testing: ignore buildah.BuilderIdentityAnnotation labels
       * Vendor in containers/storage v1.23.0
       * Add buildah.IsContainer interface
       * Avoid feeding run_buildah to pipe
       * fix(buildahimage): add xz dependency in buildah image
       * Bump github.com/containers/common from 0.15.2 to 0.18.0
       * Howto for rootless image building from OpenShift
       * Add --omit-timestamp flag to buildah bud
       * Update nix pin with `make nixpkgs`
       * Shutdown storage on failures
       * Handle COPY --from when an argument is used
       * Bump github.com/seccomp/containers-golang from 0.5.0 to 0.6.0
       * Cirrus: Use newly built VM images
       * Bump github.com/opencontainers/runc from 1.0.0-rc91 to 1.0.0-rc92
       * Enhance the .dockerignore man pages
       * conformance: add a test for COPY from subdirectory
       * fix  bug manifest inspct
       * Add documentation for .dockerignore
       * Add BuilderIdentityAnnotation to identify buildah version
       * DOC: Add quay.io/containers/buildah image to README.md
       * Update buildahimages readme
       * fix spelling mistake in "info" command result display
       * Don't bind /etc/host and /etc/resolv.conf if network is not present
       * blobcache: avoid an unnecessary NewImage()
       * Build static binary with `buildGoModule`
       * copier: split StripSetidBits into
         StripSetuidBit/StripSetgidBit/StripStickyBit
       * tarFilterer: handle multiple archives
       * Fix a race we hit during conformance tests
       * Rework conformance testing
       * Update 02-registries-repositories.md
       * test-unit: invoke cmd/buildah tests with --flags
       * parse: fix a type mismatch in a test
       * Fix compilation of tests/testreport/testreport
       * build.sh: log the version of Go that we're using
       * test-unit: increase the test timeout to 40/45 minutes
       * Add the "copier" package
       * Fix & add notes regarding problematic language in codebase
       * Add dependency on github.com/stretchr/testify/require
       * CompositeDigester: add the ability to filter tar streams
       * BATS tests: make more robust
       * vendor golang.org/x/[email protected]
       * Switch golang 1.12 to golang 1.13
       * imagebuildah: wait for stages that might not have even started yet
       * chroot, run: not fail on bind mounts from /sys
       * chroot: do not use setgroups if it is blocked
       * Set engine env from containers.conf
       * imagebuildah: return the right stage's image as the "final" image
       * Fix a help string
       * Deduplicate environment variables
       * switch containers/libpod to containers/podman
       * Bump github.com/containers/ocicrypt from 1.0.2 to 1.0.3
       * Bump github.com/opencontainers/selinux from 1.5.2 to 1.6.0
       * Mask out /sys/dev to prevent information leak
       * linux: skip errors from the runtime kill
       * Mask over the /sys/fs/selinux in mask branch
       * Add VFS additional image store to container
       * tests: add auth tests
       * Allow "readonly" as alias to "ro" in mount options
       * Ignore OS X specific consistency mount option
       * Bump github.com/onsi/ginkgo from 1.13.0 to 1.14.0
       * Bump github.com/containers/common from 0.14.0 to 0.15.2
       * Rootless Buildah should default to IsolationOCIRootless
       * imagebuildah: fix inheriting multi-stage builds
       * Make imagebuildah.BuildOptions.Architecture/OS optional
       * Make imagebuildah.BuildOptions.Jobs optional
       * Resolve a possible race in imagebuildah.Executor.startStage()
       * Switch scripts to use containers.conf
       * Bump openshift/imagebuilder to v1.1.6
       * Bump go.etcd.io/bbolt from 1.3.4 to 1.3.5
       * buildah, bud: support --jobs=N for parallel execution
       * executor: refactor build code inside new function
       * Add bud regression tests
       * Cirrus: Fix missing htpasswd in registry img
       * docs: clarify the 'triples' format
       * CHANGELOG.md: Fix markdown formatting
       * Add nix derivation for static builds
       * Bump to v1.16.0-dev
    
       - Update to v1.15.1
       * Mask over the /sys/fs/selinux in mask branch
       * chroot: do not use setgroups if it is blocked
       * chroot, run: not fail on bind mounts from /sys
       * Allow "readonly" as alias to "ro" in mount options
       * Add VFS additional image store to container
       * vendor golang.org/x/[email protected]
       * Make imagebuildah.BuildOptions.Architecture/OS optional
    
       Update to v1.15.0:
    
       * Add CVE-2020-10696 to CHANGELOG.md and changelog.txt
       * fix lighttpd example
       * remove dependency on openshift struct
       * Warn on unset build arguments
       * vendor: update seccomp/containers-golang to v0.4.1
       * Updated docs
       * clean up comments
       * update exit code for tests
       * Implement commit for encryption
       * implementation of encrypt/decrypt push/pull/bud/from
       * fix resolve docker image name as transport
       * Add preliminary profiling support to the CLI
       * Evaluate symlinks in build context directory
       * fix error info about get signatures for containerImageSource
       * Add Security Policy
       * Cirrus: Fixes from review feedback
       * imagebuildah: stages shouldn't count as their base images
       * Update containers/common v0.10.0
       * Add registry to buildahimage Dockerfiles
       * Cirrus: Use pre-installed VM packages + F32
       * Cirrus: Re-enable all distro versions
       * Cirrus: Update to F31 + Use cache images
       * golangci-lint: Disable gosimple
       * Lower number of golangci-lint threads
       * Fix permissions on containers.conf
       * Don't force tests to use runc
       * Return exit code from failed containers
       * cgroup_manager should be under [engine]
       * Use c/common/pkg/auth in login/logout
       * Cirrus: Temporarily disable Ubuntu 19 testing
       * Add containers.conf to stablebyhand build
       * Update gitignore to exclude test Dockerfiles
       * Remove warning for systemd inside of container
    
       Update to v1.14.6:
    
       * Make image history work correctly with new args handling
       * Don't add args to the RUN environment from the Builder
    
       Update to v1.14.5:
    
       * Revert FIPS mode change
    
       Update to v1.14.4:
    
       * Update unshare man page to fix script example
       * Fix compilation errors on non linux platforms
       * Preserve volume uid and gid through subsequent commands
       * Fix potential CVE in tarfile w/ symlink
       * Fix .dockerignore with globs and ! commands
    
       Update to v1.14.2:
    
       * Search for local runtime per values in containers.conf
       * Set correct ownership on working directory
       * Improve remote manifest retrieval
       * Correct a couple of incorrect format specifiers
       * manifest push --format: force an image type, not a list type
       * run: adjust the order in which elements are added to $
       * getDateAndDigestAndSize(): handle creation time not being set
       * Make the commit id clear like Docker
       * Show error on copied file above context directory in build
       * pull/from/commit/push: retry on most failures
       * Repair buildah so it can use containers.conf on the server side
       * Fixing formatting & build instructions
       * Fix XDG_RUNTIME_DIR for authfile
       * Show validation command-line
    
       Update to v1.14.0:
    
       * getDateAndDigestAndSize(): use manifest.Digest
       * Touch up os/arch doc
       * chroot: handle slightly broken seccomp defaults
       * buildahimage: specify fuse-overlayfs mount options
       * parse: don't complain about not being able to rename something to itself
       * Fix build for 32bit platforms
       * Allow users to set OS and architecture on bud
       * Fix COPY in containerfile with envvar
       * Add --sign-by to bud/commit/push, --remove-signatures for pull/push
       * Add support for containers.conf
       * manifest push: add --format option
    
       Update to v1.13.1:
    
       * copyFileWithTar: close source files at the right time
       * copy: don't digest files that we ignore
       * Check for .dockerignore specifically
       * Don't setup excludes, if their is only one pattern to match
       * set HOME env to /root on chroot-isolation by default
       * docs: fix references to containers-*.5
       * fix bug Add check .dockerignore COPY file
       * buildah bud --volume: run from tmpdir, not source dir
       * Fix imageNamePrefix to give consistent names in buildah-from
       * cpp: use -traditional and -undef flags
       * discard outputs coming from onbuild command on buildah-from --quiet
       * make --format columnizing consistent with buildah images
       * Fix option handling for volumes in build
       * Rework overlay pkg for use with libpod
       * Fix buildahimage builds for buildah
       * Add support for FIPS-Mode backends
       * Set the TMPDIR for pulling/pushing image to $TMPDIR
    
       Update to v1.12.0:
    
       * Allow ADD to use http src
       * imgtype: reset storage opts if driver overridden
       * Start using containers/common
       * overlay.bats typo: fuse-overlays should be fuse-overlayfs
       * chroot: Unmount with MNT_DETACH instead of UnmountMountpoints()
       * bind: don't complain about missing mountpoints
       * imgtype: check earlier for expected manifest type
       * Add history names support
    
       Update to v1.11.6:
    
       * Handle missing equal sign in --from and --chown flags for COPY/ADD
       * bud COPY does not download URL
       * Fix .dockerignore exclude regression
       * commit(docker): always set ContainerID and ContainerConfig
       * Touch up commit man page image parameter
       * Add builder identity annotations.
    
       Update to v1.11.5:
    
       * buildah: add "manifest" command
       * pkg/supplemented: add a package for grouping images together
       * pkg/manifests: add a manifest list build/manipulation API
       * Update for ErrUnauthorizedForCredentials API change in containers/image
       * Update for manifest-lists API changes in containers/image
       * version: also note the version of containers/image
       * Move to containers/image v5.0.0
       * Enable --device directory as src device
       * Add clarification to the Tutorial for new users
       * Silence "using cache" to ensure -q is fully quiet
       * Move runtime flag to bud from common
       * Commit: check for storage.ErrImageUnknown using errors.Cause()
       * Fix crash when invalid COPY --from flag is specified.
    
       Update to v1.11.4:
    
       * buildah: add a "manifest" command
       * pkg/manifests: add a manifest list build/manipulation API
       * Update for ErrUnauthorizedForCredentials API change in containers/image
       * Update for manifest-lists API changes in containers/image
       * Move to containers/image v5.0.0
       * Enable --device directory as src device
       * Add clarification to the Tutorial for new users
       * Silence "using cache" to ensure -q is fully quiet
       * Move runtime flag to bud from common
       * Commit: check for storage.ErrImageUnknown using errors.Cause()
       * Fix crash when invalid COPY --from flag is specified.
    
       Update to v1.11.3:
    
       * Add cgroups2
       * Add support for retrieving context from stdin "-"
       * Added tutorial on how to include Buildah as library
       * Fix --build-args handling
       * Print build 'STEP' line to stdout, not stderr
       * Use Containerfile by default
    
       Update to v1.11.2:
    
       * Add some cleanup code
       * Move devices code to unit specific directory.
    
       Update to v1.11.1:
    
       * Add --devices flag to bud and from
       * Add support for /run/.containerenv
       * Allow mounts.conf entries for equal source and destination paths
       * Fix label and annotation for 1-line Dockerfiles
       * Preserve file and directory mount permissions
       * Replace --debug=false with --log-level=error
       * Set TMPDIR to /var/tmp by default
       * Truncate output of too long image names
       * Ignore EmptyLayer if Squash is set
    
       Update to v1.11.0:
    
       * Add --digestfile and Re-add push statement as debug
       * Add --log-level command line option and deprecate --debug
       * Add security-related volume options to validator
       * Allow buildah bud to be called without arguments
       * Allow to override build date with SOURCE_DATE_EPOCH
       * Correctly detect ExitError values from Run()
       * Disable empty logrus timestamps to reduce logger noise
       * Fix directory pull image names
       * Fix handling of /dev/null masked devices
       * Fix possible runtime panic on bud
       * Update bud/from help to contain indicator for --dns=none
       * Update documentation about bud
       * Update shebangs to take env into consideration
       * Use content digests in ADD/COPY history entries
       * add support for cgroupsV2
       * add: add a DryRun flag to AddAndCopyOptions
       * add: handle hard links when copying with .dockerignore
       * add: teach copyFileWithTar() about symlinks and directories
       * imagebuilder: fix detection of referenced stage roots
       * pull/commit/push: pay attention to $BUILD_REGISTRY_SOURCES
       * run_linux: fix mounting /sys in a userns
    
    
       Update to v1.10.1:
    
       * Add automatic apparmor tag discovery
       * Add overlayfs to fuse-overlayfs tip
       * Bug fix for volume minus syntax
       * Bump container/storage v1.13.1 and containers/image v3.0.1
       * Bump containers/image to v3.0.2 to fix keyring issue
       * Fix bug whereby --get-login has no effect
       * Bump github.com/containernetworking/cni to v0.7.1
       - Add appamor-pattern requirement
    
       - Update build process to match the latest repository architecture
       - Update to v1.10.0
       * vendor github.com/containers/[email protected]
       * Remove GO111MODULE in favor of -mod=vendor
       * Vendor in containers/storage v1.12.16
       * Add '-' minus syntax for removal of config values
       * tests: enable overlay tests for rootless
       * rootless, overlay: use fuse-overlayfs
       * vendor github.com/containers/[email protected]
       * Added '-' syntax to remove volume config option
       * delete successfully pushed message
       * Add golint linter and apply fixes
       * vendor github.com/containers/[email protected]
       * Change wait to sleep in buildahimage readme
       * Handle ReadOnly images when deleting images
       * Add support for listing read/only images
       * from/import: record the base image's digest, if it has one
       * Fix CNI version retrieval to not require network connection
       * Add misspell linter and apply fixes
       * Add goimports linter and apply fixes
       * Add stylecheck linter and apply fixes
       * Add unconvert linter and apply fixes
       * image: make sure we don't try to use zstd compression
       * run.bats: skip the "z" flag when testing --mount
       * Update to runc v1.0.0-rc8
       * Update to match updated runtime-tools API
       * bump github.com/opencontainers/runtime-tools to v0.9.0
       * Build e2e tests using the proper build tags
       * Add unparam linter and apply fixes
       * Run: correct a typo in the --cap-add help text
       * unshare: add a --mount flag
       * fix push check image name is not empty
       * add: fix slow copy with no excludes
       * Add errcheck linter and fix missing error check
       * Improve tests/tools/Makefile parallelism and abstraction
       * Fix response body not closed resource leak
       * Switch to golangci-lint
       * Add gomod instructions and mailing list links
       * On Masked path, check if /dev/null already mounted before mounting
       * Update to containers/storage v1.12.13
       * Refactor code in package imagebuildah
       * Add rootless podman with NFS issue in documentation
       * Add --mount for buildah run
       * import method ValidateVolumeOpts from libpod
       * Fix typo
       * Makefile: set GO111MODULE=off
       * rootless: add the built-in slirp DNS server
       * Update docker/libnetwork to get rid of outdated sctp package
       * Update buildah-login.md
       * migrate to go modules
       * install.md: mention go modules
       * tests/tools: go module for test binaries
       * fix --volume splits comma delimited option
       * Add bud test for RUN with a priv'd command
       * vendor logrus v1.4.2
       * pkg/cli: panic when flags can't be hidden
       * pkg/unshare: check all errors
       * pull: check error during report write
       * run_linux.go: ignore unchecked errors
       * conformance test: catch copy error
       * chroot/run_test.go: export funcs to actually be executed
       * tests/imgtype: ignore error when shutting down the store
       * testreport: check json error
       * bind/util.go: remove unused func
       * rm chroot/util.go
       * imagebuildah: remove unused dedupeStringSlice
       * StageExecutor: EnsureContainerPath: catch error from SecureJoin()
       * imagebuildah/build.go: return instead of branching
       * rmi: avoid redundant branching
       * conformance tests: nilness: allocate map
       * imagebuildah/build.go: avoid redundant filepath.Join()
       * imagebuildah/build.go: avoid redundant os.Stat()
       * imagebuildah: omit comparison to bool
       * fix "ineffectual assignment" lint errors
       * docker: ignore "repeats json tag" lint error
       * pkg/unshare: use ... instead of iterating a slice
       * conformance: bud test: use raw strings for regexes
       * conformance suite: remove unused func/var
       * buildah test suite: remove unused vars/funcs
       * testreport: fix golangci-lint errors
       * util: remove redundant return statement
       * chroot: only log clean-up errors
       * images_test: ignore golangci-lint error
       * blobcache: log error when draining the pipe
       * imagebuildah: check errors in deferred calls
       * chroot: fix error handling in deferred funcs
       * cmd: check all errors
       * chroot/run_test.go: check errors
       * chroot/run.go: check errors in deferred calls
       * imagebuildah.Executor: remove unused onbuild field
       * docker/types.go: remove unused struct fields
       * util: use strings.ContainsRune instead of index check
       * Cirrus: Initial implementation
       * buildah-run: fix-out-of-range panic (2)
       * Update containers/image to v2.0.0
       * run: fix hang with run and --isolation=chroot
       * run: fix hang when using run
       * chroot: drop unused function call
       * remove --> before imgageID on build
       * Always close stdin pipe
       * Write deny to setgroups when doing single user mapping
       * Avoid including linux/memfd.h
       * Add a test for the symlink pointing to a directory
       * Add missing continue
       * Fix the handling of symlinks to absolute paths
       * Only set default network sysctls if not rootless
       * Support --dns=none like podman
       * fix bug --cpu-shares parsing typo
       * Fix validate complaint
       * Update vendor on containers/storage to v1.12.10
       * Create directory paths for COPY thereby ensuring correct perms
       * imagebuildah: use a stable sort for comparing build args
       * imagebuildah: tighten up cache checking
       * bud.bats: add a test verying the order of --build-args
       * add -t to podman run
       * imagebuildah: simplify screening by top layers
       * imagebuildah: handle ID mappings for COPY --from
       * imagebuildah: apply additionalTags ourselves
       * bud.bats: test additional tags with cached images
       * bud.bats: add a test for WORKDIR and COPY with absolute destinations
       * Cleanup Overlay Mounts content
       * Add support for file secret mounts
       * Add ability to skip secrets in mounts file
       * allow 32bit builds
       * fix tutorial instructions
       * imagebuilder: pass the right contextDir to Add()
       * add: use fileutils.PatternMatcher for .dockerignore
       * bud.bats: add another .dockerignore test
       * unshare: fallback to single usermapping
       * addHelperSymlink: clear the destination on os.IsExist errors
       * bud.bats: test replacing symbolic links
       * imagebuildah: fix handling of destinations that end with '/'
       * bud.bats: test COPY with a final "/" in the destination
       * linux: add check for sysctl before using it
       * unshare: set _CONTAINERS_ROOTLESS_GID
       * Rework buildahimamges
       * build context: support https git repos
       * Add a test for ENV special chars behaviour
       * Check in new Dockerfiles
       * Apply custom SHELL during build time
       * config: expand variables only at the command line
       * SetEnv: we only need to expand v once
       * Add default /root if empty on chroot iso
       * Add support for Overlay volumes into the container.
       * Export buildah validate volume functions so it can share code with libpod
       * Bump baseline test to F30
       * Fix rootless handling of /dev/shm size
       * Avoid fmt.Printf() in the library
       * imagebuildah: tighten cache checking back up
       * Handle WORKDIR with dangling target
       * Default Authfile to proper path
       * Make buildah run --isolation follow BUILDAH_ISOLATION environment
       * Vendor in latest containers/storage and containers/image
       * getParent/getChildren: handle layerless images
       * imagebuildah: recognize cache images for layerless images
       * bud.bats: test scratch images with --layers caching
       * Get CHANGELOG.md updates
       * Add some symlinks to test our .dockerignore logic
       * imagebuildah: addHelper: handle symbolic links
       * commit/push: use an everything-allowed policy
       * Correct manpage formatting in files section
       * Remove must be root statement from buildah doc
       * Change image names to stable, testing and upstream
       * Don't create directory on container
       * Replace kubernetes/pause in tests with k8s.gcr.io/pause
       * imagebuildah: don't remove intermediate images if we need them
       * Rework buildahimagegit to buildahimageupstream
       * Fix Transient Mounts
       * Handle WORKDIRs that are symlinks
       * allow podman to build a client for windows
       * Touch up 1.9-dev to 1.9.0-dev
       * Resolve symlink when checking container path
       * commit: commit on every instruction, but not always with layers
       * CommitOptions: drop the unused OnBuild field
       * makeImageRef: pass in the whole CommitOptions structure
       * cmd: API cleanup: stores before images
       * run: check if SELinux is enabled
       * Fix buildahimages Dockerfiles to include support for additionalimages
         mounted from host.
       * Detect changes in rootdir
       * Fix typo in buildah-pull(1)
       * Vendor in latest containers/storage
       * Keep track of any build-args used during buildah bud --layers
       * commit: always set a parent ID
       * imagebuildah: rework unused-argument detection
       * fix bug dest path when COPY .dockerignore
       * Move Host IDMAppings code from util to unshare
       * Add BUILDAH_ISOLATION rootless back
       * Travis CI: fail fast, upon error in any step
       * imagebuildah: only commit images for intermediate stages if we have to
       * Use errors.Cause() when checking for IsNotExist errors
       * auto pass http_proxy to container
       * imagebuildah: don't leak image structs
       * Add Dockerfiles for buildahimages
       * Bump to Replace golang 1.10 with 1.12
       * add --dns* flags to buildah bud
       * Add hack/build_speed.sh test speeds on building container images
       * Create buildahimage Dockerfile for Quay
       * rename 'is' to 'expect_output'
       * squash.bats: test squashing in multi-layered builds
       * bud.bats: test COPY --from in a Dockerfile while using the cache
       * commit: make target image names optional
       * Fix bud-args to allow comma separation
       * oops, missed some tests in commit.bats
       * new helper: expect_line_count
       * New tests for #1467 (string slices in cmdline opts)
       * Workarounds for dealing with travis; review feedback
       * BATS tests - extensive but minor cleanup
       * imagebuildah: defer pulling images for COPY --from
       * imagebuildah: centralize COMMIT and image ID output
       * Travis: do not use traviswait
       * imagebuildah: only initialize imagebuilder configuration once per stage
       * Make cleaner error on Dockerfile build errors
       * unshare: move to pkg/
       * unshare: move some code from cmd/buildah/unshare
       * Fix handling of Slices versus Arrays
       * imagebuildah: reorganize stage and per-stage logic
       * imagebuildah: add empty layers for instructions
       * Add missing step in installing into Ubuntu
       * fix bug in .dockerignore support
       * imagebuildah: deduplicate prepended "FROM" instructions
       * Touch up intro
       * commit: set created-by to the shell if it isn't set
       * commit: check that we always set a "created-by"
       * docs/buildah.md: add "containers-" prefixes under "SEE ALSO"
    
       Update to v1.7.2
    
       * Updates vendored containers/storage to latest version
       * rootless: by default use the host network namespace
    
       - Full changelog: https://github.com/containers/buildah/releases/tag/v1.6
    
       This update was imported from the SUSE:SLE-15-SP1:Update update project.
    
    
    Patch Instructions:
    
       To install this openSUSE Security Update use the SUSE recommended installation methods
       like YaST online_update or "zypper patch".
    
       Alternatively you can run the command listed for your product:
    
       - openSUSE Leap 15.1:
    
          zypper in -t patch openSUSE-2020-2106=1
    
    
    
    Package List:
    
       - openSUSE Leap 15.1 (x86_64):
    
          buildah-1.17.0-lp151.2.6.1
    
    
    References:
    
       https://www.suse.com/security/cve/CVE-2019-10214.html
       https://www.suse.com/security/cve/CVE-2020-10696.html
       https://bugzilla.suse.com/1165184
       https://bugzilla.suse.com/1167864
    --===============5559745400015135941==
    

    LinuxSecurity Poll

    'Tis the season of giving! How have you given back to the open-source community?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /main-polls/49-tis-the-season-of-giving-how-have-you-given-back-to-the-open-source-community?task=poll.vote&format=json
    49
    radio
    [{"id":"171","title":"I've contributed to the development of an open-source project.","votes":"11","type":"x","order":"1","pct":34.38,"resources":[]},{"id":"172","title":"I've reviewed open-source code for security bugs.","votes":"6","type":"x","order":"2","pct":18.75,"resources":[]},{"id":"173","title":"I've made a donation to an open-source project.","votes":"15","type":"x","order":"3","pct":46.88,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350

    Please vote first in order to view vote results.


    VIEW MORE POLLS

    bottom 200

    Please enable / Bitte aktiviere JavaScript!
    Veuillez activer / Por favor activa el Javascript![ ? ]

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.