Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

build(deps): bump github.com/containers/podman/v3 from 3.2.2 to 3.4.7 #60

Open
wants to merge 1 commit into
base: master
Choose a base branch
from

Conversation

dependabot[bot]
Copy link

@dependabot dependabot bot commented on behalf of github Apr 21, 2022

Bumps github.com/containers/podman/v3 from 3.2.2 to 3.4.7.

Release notes

Sourced from github.com/containers/podman/v3's releases.

v3.4.7

Security

  • This release addresses CVE-2022-1227, where running podman top on a container made from a maliciously-crafted image and using a user namespace could allow for code execution in the host context.

v3.4.6

Security

  • This release addresses CVE-2022-27191, where an attacker could potentially cause crashes in remote Podman by using incorrect SSH ciphers.

v3.4.5

Security

  • This release addresses CVE-2022-27649, where Podman would set excess inheritable capabilities for processes in containers.

Bugfixes

  • Fixed a bug where the podman images command could, under some circumstances, take an excessive amount of time to list images (#11997).

Misc

  • Updates the containers/common library to v0.44.5

v3.4.4

Bugfixes

  • Fixed a bug where the podman exec command would, under some circumstances, print a warning message about failing to move conmon to the appropriate cgroup (#12535).
  • Fixed a bug where named volumes created as part of container creation (e.g. podman run --volume avolume:/a/mountpoint or similar) would be mounted with incorrect permissions (#12523).
  • Fixed a bug where the podman-remote create and podman-remote run commands did not properly handle the --entrypoint="" option (to clear the container's entrypoint) (#12521).

v3.4.3

Security

  • This release addresses CVE-2021-4024, where the podman machine command opened the gvproxy API (used to forward ports to podman machine VMs) to the public internet on port 7777.
  • This release addresses CVE-2021-41190, where incomplete specification of behavior regarding image manifests could lead to inconsistent decoding on different clients.

Features

  • The --secret type=mount option to podman create and podman run supports a new option, target=, which specifies where in the container the secret will be mounted (#12287).

Bugfixes

  • Fixed a bug where rootless Podman would occasionally print warning messages about failing to move the pause process to a new cgroup (#12065).
  • Fixed a bug where the podman run and podman create commands would, when pulling images, still require TLS even with registries set to Insecure via config file (#11933).
  • Fixed a bug where the podman generate systemd command generated units that depended on multi-user.target, which has been removed from some distributions (#12438).
  • Fixed a bug where Podman could not run containers with images that had /etc/ as a symlink (#12189).
  • Fixed a bug where the podman logs -f command would, when using the journald logs backend, exit immediately if the container had previously been restarted (#12263).
  • Fixed a bug where, in containers on VMs created by podman machine, the host.containers.internal name pointed to the VM, not the host system (#11642).
  • Fixed a bug where containers and pods created by the podman play kube command in VMs managed by podman machine would not automatically forward ports from the host machine (#12248).
  • Fixed a bug where podman machine init would fail on OS X when GNU Coreutils was installed (#12329).
  • Fixed a bug where podman machine start would exit before SSH on the started VM was accepting connections (#11532).
  • Fixed a bug where the podman run command with signal proxying (--sig-proxy) enabled could print an error if it attempted to send a signal to a container that had just exited (#8086).
  • Fixed a bug where the podman stats command would not return correct information for containers running Systemd as PID1 (#12400).
  • Fixed a bug where the podman image save command would fail on OS X when writing the image to STDOUT (#12402).
  • Fixed a bug where the podman ps command did not properly handle PS arguments which contained whitespace (#12452).
  • Fixed a bug where the podman-remote wait command could fail to detect that the container exited and return an error under some circumstances (#12457).
  • Fixed a bug where the Windows MSI installer for podman-remote would break the PATH environment variable by adding an extra " (#11416).

API

... (truncated)

Changelog

Sourced from github.com/containers/podman/v3's changelog.

3.4.7

  • This release addresses CVE-2022-1227, where running podman top on a container made from a maliciously-crafted image and using a user namespace could allow for code execution in the host context.

3.4.6

Security

  • This release addresses CVE-2022-27191, where an attacker could potentially cause crashes in remote Podman by using incorrect SSH ciphers.

3.4.5

Security

  • This release addresses CVE-2022-27649, where Podman would set excess inheritable capabilities for processes in containers.

Bugfixes

  • Fixed a bug where the podman images command could, under some circumstances, take an excessive amount of time to list images (#11997).

Misc

  • Updates the containers/common library to v0.44.5

3.4.4

Bugfixes

  • Fixed a bug where the podman exec command would, under some circumstances, print a warning message about failing to move conmon to the appropriate cgroup (#12535).
  • Fixed a bug where named volumes created as part of container creation (e.g. podman run --volume avolume:/a/mountpoint or similar) would be mounted with incorrect permissions (#12523).
  • Fixed a bug where the podman-remote create and podman-remote run commands did not properly handle the --entrypoint="" option (to clear the container's entrypoint) (#12521).

3.4.3

Security

  • This release addresses CVE-2021-4024, where the podman machine command opened the gvproxy API (used to forward ports to podman machine VMs) to the public internet on port 7777.
  • This release addresses CVE-2021-41190, where incomplete specification of behavior regarding image manifests could lead to inconsistent decoding on different clients.

Features

  • The --secret type=mount option to podman create and podman run supports a new option, target=, which specifies where in the container the secret will be mounted (#12287).

Bugfixes

  • Fixed a bug where rootless Podman would occasionally print warning messages about failing to move the pause process to a new cgroup (#12065).
  • Fixed a bug where the podman run and podman create commands would, when pulling images, still require TLS even with registries set to Insecure via config file (#11933).
  • Fixed a bug where the podman generate systemd command generated units that depended on multi-user.target, which has been removed from some distributions (#12438).
  • Fixed a bug where Podman could not run containers with images that had /etc/ as a symlink (#12189).
  • Fixed a bug where the podman logs -f command would, when using the journald logs backend, exit immediately if the container had previously been restarted (#12263).
  • Fixed a bug where, in containers on VMs created by podman machine, the host.containers.internal name pointed to the VM, not the host system (#11642).
  • Fixed a bug where containers and pods created by the podman play kube command in VMs managed by podman machine would not automatically forward ports from the host machine (#12248).
  • Fixed a bug where podman machine init would fail on OS X when GNU Coreutils was installed (#12329).
  • Fixed a bug where podman machine start would exit before SSH on the started VM was accepting connections (#11532).
  • Fixed a bug where the podman run command with signal proxying (--sig-proxy) enabled could print an error if it attempted to send a signal to a container that had just exited (#8086).
  • Fixed a bug where the podman stats command would not return correct information for containers running Systemd as PID1 (#12400).
  • Fixed a bug where the podman image save command would fail on OS X when writing the image to STDOUT (#12402).
  • Fixed a bug where the podman ps command did not properly handle PS arguments which contained whitespace (#12452).
  • Fixed a bug where the podman-remote wait command could fail to detect that the container exited and return an error under some circumstances (#12457).
  • Fixed a bug where the Windows MSI installer for podman-remote would break the PATH environment variable by adding an extra " (#11416).

API

  • Updated the containers/image library to v5.17.0

... (truncated)

Commits

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Bumps [github.com/containers/podman/v3](https://github.com/containers/podman) from 3.2.2 to 3.4.7.
- [Release notes](https://github.com/containers/podman/releases)
- [Changelog](https://github.com/containers/podman/blob/v3.4.7/RELEASE_NOTES.md)
- [Commits](containers/podman@v3.2.2...v3.4.7)

---
updated-dependencies:
- dependency-name: github.com/containers/podman/v3
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot @github
Copy link
Author

dependabot bot commented on behalf of github Apr 21, 2022

The following labels could not be found: release-note-none.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

0 participants