Oval Definition:oval:org.opensuse.security:def:2621
Revision Date:2020-12-02Version:1
Title:Security update for buildah (Moderate)
Description:
This update for buildah fixes the following issues:

buildah was updated to v1.17.0 (bsc#1165184):

* Handle cases where other tools mount/unmount containers
* overlay.MountReadOnly: support RO overlay mounts
* overlay: use fusermount for rootless umounts
* overlay: fix umount
* Switch default log level of Buildah to Warn. Users need to see these messages
* Drop error messages about OCI/Docker format to Warning level
* build(deps): bump github.com/containers/common from 0.26.0 to 0.26.2
* tests/testreport: adjust for API break in storage v1.23.6
* build(deps): bump github.com/containers/storage from 1.23.5 to 1.23.7
* build(deps): bump github.com/fsouza/go-dockerclient from 1.6.5 to 1.6.6
* copier: put: ignore Typeflag='g'
* Use curl to get repo file (fix #2714)
* build(deps): bump github.com/containers/common from 0.25.0 to 0.26.0
* build(deps): bump github.com/spf13/cobra from 1.0.0 to 1.1.1
* Remove docs that refer to bors, since we're not using it
* Buildah bud should not use stdin by default
* bump containerd, docker, and golang.org/x/sys
* Makefile: cross: remove windows.386 target
* copier.copierHandlerPut: don't check length when there are errors
* Stop excessive wrapping
* CI: require that conformance tests pass
* bump(github.com/openshift/imagebuilder) to v1.1.8
* Skip tlsVerify insecure BUILD_REGISTRY_SOURCES
* Fix build path wrong containers/podman#7993
* refactor pullpolicy to avoid deps
* build(deps): bump github.com/containers/common from 0.24.0 to 0.25.0
* CI: run gating tasks with a lot more memory
* ADD and COPY: descend into excluded directories, sometimes
* copier: add more context to a couple of error messages
* copier: check an error earlier
* copier: log stderr output as debug on success
* Update nix pin with make nixpkgs
* Set directory ownership when copied with ID mapping
* build(deps): bump github.com/sirupsen/logrus from 1.6.0 to 1.7.0
* build(deps): bump github.com/containers/common from 0.23.0 to 0.24.0
* Cirrus: Remove bors artifacts
* Sort build flag definitions alphabetically
* ADD: only expand archives at the right time
* Remove configuration for bors
* Shell Completion for podman build flags
* Bump c/common to v0.24.0
* New CI check: xref --help vs man pages
* CI: re-enable several linters
* Move --userns-uid-map/--userns-gid-map description into buildah man page
* add: preserve ownerships and permissions on ADDed archives
* Makefile: tweak the cross-compile target
* Bump containers/common to v0.23.0
* chroot: create bind mount targets 0755 instead of 0700
* Change call to Split() to safer SplitN()
* chroot: fix handling of errno seccomp rules
* build(deps): bump github.com/containers/image/v5 from 5.5.2 to 5.6.0
* Add In Progress section to contributing
* integration tests: make sure tests run in ${topdir}/tests
* Run(): ignore containers.conf's environment configuration
* Warn when setting healthcheck in OCI format
* Cirrus: Skip git-validate on branches
* tools: update git-validation to the latest commit
* tools: update golangci-lint to v1.18.0
* Add a few tests of push command
* Add(): fix handling of relative paths with no ContextDir
* build(deps): bump github.com/containers/common from 0.21.0 to 0.22.0
* Lint: Use same linters as podman
* Validate: reference HEAD
* Fix buildah mount to display container names not ids
* Update nix pin with make nixpkgs
* Add missing --format option in buildah from man page
* Fix up code based on codespell
* build(deps): bump github.com/openshift/imagebuilder from 1.1.6 to 1.1.7
* build(deps): bump github.com/containers/storage from 1.23.4 to 1.23.5
* Improve buildah completions
* Cirrus: Fix validate commit epoch
* Fix bash completion of manifest flags
* Uniform some man pages
* Update Buildah Tutorial to address BZ1867426
* Update bash completion of manifest add sub command
* copier.Get(): hard link targets shouldn't be relative paths
* build(deps): bump github.com/onsi/gomega from 1.10.1 to 1.10.2
* Pass timestamp down to history lines
* Timestamp gets updated everytime you inspect an image
* bud.bats: use absolute paths in newly-added tests
* contrib/cirrus/lib.sh: don't use CN for the hostname
* tests: Add some tests
* Update manifest add man page
* Extend flags of manifest add
* build(deps): bump github.com/containers/storage from 1.23.3 to 1.23.4
* build(deps): bump github.com/onsi/ginkgo from 1.14.0 to 1.14.1
* CI: expand cross-compile checks

Update to v1.16.2:

* fix build on 32bit arches
* containerImageRef.NewImageSource(): don't always force timestamps
* Add fuse module warning to image readme
* Heed our retry delay option values when retrying commit/pull/push
* Switch to containers/common for seccomp
* Use --timestamp rather then --omit-timestamp
* docs: remove outdated notice
* docs: remove outdated notice
* build-using-dockerfile: add a hidden --log-rusage flag
* build(deps): bump github.com/containers/image/v5 from 5.5.1 to 5.5.2
* Discard ReportWriter if user sets options.Quiet
* build(deps): bump github.com/containers/common from 0.19.0 to 0.20.3
* Fix ownership of content copied using COPY --from
* newTarDigester: zero out timestamps in tar headers
* Update nix pin with `make nixpkgs`
* bud.bats: correct .dockerignore integration tests
* Use pipes for copying
* run: include stdout in error message
* run: use the correct error for errors.Wrapf
* copier: un-export internal types
* copier: add Mkdir()
* in_podman: don't get tripped up by $CIRRUS_CHANGE_TITLE
* docs/buildah-commit.md: tweak some wording, add a --rm example
* imagebuildah: don’t blank out destination names when COPYing
* Replace retry functions with common/pkg/retry
* StageExecutor.historyMatches: compare timestamps using .Equal
* Update vendor of containers/common
* Fix errors found in coverity scan
* Change namespace handling flags to better match podman commands
* conformance testing: ignore buildah.BuilderIdentityAnnotation labels
* Vendor in containers/storage v1.23.0
* Add buildah.IsContainer interface
* Avoid feeding run_buildah to pipe
* fix(buildahimage): add xz dependency in buildah image
* Bump github.com/containers/common from 0.15.2 to 0.18.0
* Howto for rootless image building from OpenShift
* Add --omit-timestamp flag to buildah bud
* Update nix pin with `make nixpkgs`
* Shutdown storage on failures
* Handle COPY --from when an argument is used
* Bump github.com/seccomp/containers-golang from 0.5.0 to 0.6.0
* Cirrus: Use newly built VM images
* Bump github.com/opencontainers/runc from 1.0.0-rc91 to 1.0.0-rc92
* Enhance the .dockerignore man pages
* conformance: add a test for COPY from subdirectory
* fix bug manifest inspct
* Add documentation for .dockerignore
* Add BuilderIdentityAnnotation to identify buildah version
* DOC: Add quay.io/containers/buildah image to README.md
* Update buildahimages readme
* fix spelling mistake in 'info' command result display
* Don't bind /etc/host and /etc/resolv.conf if network is not present
* blobcache: avoid an unnecessary NewImage()
* Build static binary with `buildGoModule`
* copier: split StripSetidBits into StripSetuidBit/StripSetgidBit/StripStickyBit
* tarFilterer: handle multiple archives
* Fix a race we hit during conformance tests
* Rework conformance testing
* Update 02-registries-repositories.md
* test-unit: invoke cmd/buildah tests with --flags
* parse: fix a type mismatch in a test
* Fix compilation of tests/testreport/testreport
* build.sh: log the version of Go that we're using
* test-unit: increase the test timeout to 40/45 minutes
* Add the 'copier' package
* Fix & add notes regarding problematic language in codebase
* Add dependency on github.com/stretchr/testify/require
* CompositeDigester: add the ability to filter tar streams
* BATS tests: make more robust
* vendor golang.org/x/text@v0.3.3
* Switch golang 1.12 to golang 1.13
* imagebuildah: wait for stages that might not have even started yet
* chroot, run: not fail on bind mounts from /sys
* chroot: do not use setgroups if it is blocked
* Set engine env from containers.conf
* imagebuildah: return the right stage's image as the 'final' image
* Fix a help string
* Deduplicate environment variables
* switch containers/libpod to containers/podman
* Bump github.com/containers/ocicrypt from 1.0.2 to 1.0.3
* Bump github.com/opencontainers/selinux from 1.5.2 to 1.6.0
* Mask out /sys/dev to prevent information leak
* linux: skip errors from the runtime kill
* Mask over the /sys/fs/selinux in mask branch
* Add VFS additional image store to container
* tests: add auth tests
* Allow 'readonly' as alias to 'ro' in mount options
* Ignore OS X specific consistency mount option
* Bump github.com/onsi/ginkgo from 1.13.0 to 1.14.0
* Bump github.com/containers/common from 0.14.0 to 0.15.2
* Rootless Buildah should default to IsolationOCIRootless
* imagebuildah: fix inheriting multi-stage builds
* Make imagebuildah.BuildOptions.Architecture/OS optional
* Make imagebuildah.BuildOptions.Jobs optional
* Resolve a possible race in imagebuildah.Executor.startStage()
* Switch scripts to use containers.conf
* Bump openshift/imagebuilder to v1.1.6
* Bump go.etcd.io/bbolt from 1.3.4 to 1.3.5
* buildah, bud: support --jobs=N for parallel execution
* executor: refactor build code inside new function
* Add bud regression tests
* Cirrus: Fix missing htpasswd in registry img
* docs: clarify the 'triples' format
* CHANGELOG.md: Fix markdown formatting
* Add nix derivation for static builds
* Bump to v1.16.0-dev

- Update to v1.15.1
* Mask over the /sys/fs/selinux in mask branch
* chroot: do not use setgroups if it is blocked
* chroot, run: not fail on bind mounts from /sys
* Allow 'readonly' as alias to 'ro' in mount options
* Add VFS additional image store to container
* vendor golang.org/x/text@v0.3.3
* Make imagebuildah.BuildOptions.Architecture/OS optional

Update to v1.15.0:

* Add CVE-2020-10696 to CHANGELOG.md and changelog.txt
* fix lighttpd example
* remove dependency on openshift struct
* Warn on unset build arguments
* vendor: update seccomp/containers-golang to v0.4.1
* Updated docs
* clean up comments
* update exit code for tests
* Implement commit for encryption
* implementation of encrypt/decrypt push/pull/bud/from
* fix resolve docker image name as transport
* Add preliminary profiling support to the CLI
* Evaluate symlinks in build context directory
* fix error info about get signatures for containerImageSource
* Add Security Policy
* Cirrus: Fixes from review feedback
* imagebuildah: stages shouldn't count as their base images
* Update containers/common v0.10.0
* Add registry to buildahimage Dockerfiles
* Cirrus: Use pre-installed VM packages + F32
* Cirrus: Re-enable all distro versions
* Cirrus: Update to F31 + Use cache images
* golangci-lint: Disable gosimple
* Lower number of golangci-lint threads
* Fix permissions on containers.conf
* Don't force tests to use runc
* Return exit code from failed containers
* cgroup_manager should be under [engine]
* Use c/common/pkg/auth in login/logout
* Cirrus: Temporarily disable Ubuntu 19 testing
* Add containers.conf to stablebyhand build
* Update gitignore to exclude test Dockerfiles
* Remove warning for systemd inside of container

Update to v1.14.6:

* Make image history work correctly with new args handling
* Don't add args to the RUN environment from the Builder

Update to v1.14.5:

* Revert FIPS mode change

Update to v1.14.4:

* Update unshare man page to fix script example
* Fix compilation errors on non linux platforms
* Preserve volume uid and gid through subsequent commands
* Fix potential CVE in tarfile w/ symlink
* Fix .dockerignore with globs and ! commands

Update to v1.14.2:

* Search for local runtime per values in containers.conf
* Set correct ownership on working directory
* Improve remote manifest retrieval
* Correct a couple of incorrect format specifiers
* manifest push --format: force an image type, not a list type
* run: adjust the order in which elements are added to $
* getDateAndDigestAndSize(): handle creation time not being set
* Make the commit id clear like Docker
* Show error on copied file above context directory in build
* pull/from/commit/push: retry on most failures
* Repair buildah so it can use containers.conf on the server side
* Fixing formatting & build instructions
* Fix XDG_RUNTIME_DIR for authfile
* Show validation command-line

Update to v1.14.0:

* getDateAndDigestAndSize(): use manifest.Digest
* Touch up os/arch doc
* chroot: handle slightly broken seccomp defaults
* buildahimage: specify fuse-overlayfs mount options
* parse: don't complain about not being able to rename something to itself
* Fix build for 32bit platforms
* Allow users to set OS and architecture on bud
* Fix COPY in containerfile with envvar
* Add --sign-by to bud/commit/push, --remove-signatures for pull/push
* Add support for containers.conf
* manifest push: add --format option

Update to v1.13.1:

* copyFileWithTar: close source files at the right time
* copy: don't digest files that we ignore
* Check for .dockerignore specifically
* Don't setup excludes, if their is only one pattern to match
* set HOME env to /root on chroot-isolation by default
* docs: fix references to containers-*.5
* fix bug Add check .dockerignore COPY file
* buildah bud --volume: run from tmpdir, not source dir
* Fix imageNamePrefix to give consistent names in buildah-from
* cpp: use -traditional and -undef flags
* discard outputs coming from onbuild command on buildah-from --quiet
* make --format columnizing consistent with buildah images
* Fix option handling for volumes in build
* Rework overlay pkg for use with libpod
* Fix buildahimage builds for buildah
* Add support for FIPS-Mode backends
* Set the TMPDIR for pulling/pushing image to $TMPDIR

Update to v1.12.0:

* Allow ADD to use http src
* imgtype: reset storage opts if driver overridden
* Start using containers/common
* overlay.bats typo: fuse-overlays should be fuse-overlayfs
* chroot: Unmount with MNT_DETACH instead of UnmountMountpoints()
* bind: don't complain about missing mountpoints
* imgtype: check earlier for expected manifest type
* Add history names support

Update to v1.11.6:

* Handle missing equal sign in --from and --chown flags for COPY/ADD
* bud COPY does not download URL
* Fix .dockerignore exclude regression
* commit(docker): always set ContainerID and ContainerConfig
* Touch up commit man page image parameter
* Add builder identity annotations.

Update to v1.11.5:

* buildah: add 'manifest' command
* pkg/supplemented: add a package for grouping images together
* pkg/manifests: add a manifest list build/manipulation API
* Update for ErrUnauthorizedForCredentials API change in containers/image
* Update for manifest-lists API changes in containers/image
* version: also note the version of containers/image
* Move to containers/image v5.0.0
* Enable --device directory as src device
* Add clarification to the Tutorial for new users
* Silence 'using cache' to ensure -q is fully quiet
* Move runtime flag to bud from common
* Commit: check for storage.ErrImageUnknown using errors.Cause()
* Fix crash when invalid COPY --from flag is specified.

Update to v1.11.4:

* buildah: add a 'manifest' command
* pkg/manifests: add a manifest list build/manipulation API
* Update for ErrUnauthorizedForCredentials API change in containers/image
* Update for manifest-lists API changes in containers/image
* Move to containers/image v5.0.0
* Enable --device directory as src device
* Add clarification to the Tutorial for new users
* Silence 'using cache' to ensure -q is fully quiet
* Move runtime flag to bud from common
* Commit: check for storage.ErrImageUnknown using errors.Cause()
* Fix crash when invalid COPY --from flag is specified.

Update to v1.11.3:

* Add cgroups2
* Add support for retrieving context from stdin '-'
* Added tutorial on how to include Buildah as library
* Fix --build-args handling
* Print build 'STEP' line to stdout, not stderr
* Use Containerfile by default

Update to v1.11.2:

* Add some cleanup code
* Move devices code to unit specific directory.

Update to v1.11.1:

* Add --devices flag to bud and from
* Add support for /run/.containerenv
* Allow mounts.conf entries for equal source and destination paths
* Fix label and annotation for 1-line Dockerfiles
* Preserve file and directory mount permissions
* Replace --debug=false with --log-level=error
* Set TMPDIR to /var/tmp by default
* Truncate output of too long image names
* Ignore EmptyLayer if Squash is set

Update to v1.11.0:

* Add --digestfile and Re-add push statement as debug
* Add --log-level command line option and deprecate --debug
* Add security-related volume options to validator
* Allow buildah bud to be called without arguments
* Allow to override build date with SOURCE_DATE_EPOCH
* Correctly detect ExitError values from Run()
* Disable empty logrus timestamps to reduce logger noise
* Fix directory pull image names
* Fix handling of /dev/null masked devices
* Fix possible runtime panic on bud
* Update bud/from help to contain indicator for --dns=none
* Update documentation about bud
* Update shebangs to take env into consideration
* Use content digests in ADD/COPY history entries
* add support for cgroupsV2
* add: add a DryRun flag to AddAndCopyOptions
* add: handle hard links when copying with .dockerignore
* add: teach copyFileWithTar() about symlinks and directories
* imagebuilder: fix detection of referenced stage roots
* pull/commit/push: pay attention to $BUILD_REGISTRY_SOURCES
* run_linux: fix mounting /sys in a userns


Update to v1.10.1:

* Add automatic apparmor tag discovery
* Add overlayfs to fuse-overlayfs tip
* Bug fix for volume minus syntax
* Bump container/storage v1.13.1 and containers/image v3.0.1
* Bump containers/image to v3.0.2 to fix keyring issue
* Fix bug whereby --get-login has no effect
* Bump github.com/containernetworking/cni to v0.7.1
- Add appamor-pattern requirement

- Update build process to match the latest repository architecture
- Update to v1.10.0
* vendor github.com/containers/image@v3.0.0
* Remove GO111MODULE in favor of -mod=vendor
* Vendor in containers/storage v1.12.16
* Add '-' minus syntax for removal of config values
* tests: enable overlay tests for rootless
* rootless, overlay: use fuse-overlayfs
* vendor github.com/containers/image@v2.0.1
* Added '-' syntax to remove volume config option
* delete successfully pushed message
* Add golint linter and apply fixes
* vendor github.com/containers/storage@v1.12.15
* Change wait to sleep in buildahimage readme
* Handle ReadOnly images when deleting images
* Add support for listing read/only images
* from/import: record the base image's digest, if it has one
* Fix CNI version retrieval to not require network connection
* Add misspell linter and apply fixes
* Add goimports linter and apply fixes
* Add stylecheck linter and apply fixes
* Add unconvert linter and apply fixes
* image: make sure we don't try to use zstd compression
* run.bats: skip the 'z' flag when testing --mount
* Update to runc v1.0.0-rc8
* Update to match updated runtime-tools API
* bump github.com/opencontainers/runtime-tools to v0.9.0
* Build e2e tests using the proper build tags
* Add unparam linter and apply fixes
* Run: correct a typo in the --cap-add help text
* unshare: add a --mount flag
* fix push check image name is not empty
* add: fix slow copy with no excludes
* Add errcheck linter and fix missing error check
* Improve tests/tools/Makefile parallelism and abstraction
* Fix response body not closed resource leak
* Switch to golangci-lint
* Add gomod instructions and mailing list links
* On Masked path, check if /dev/null already mounted before mounting
* Update to containers/storage v1.12.13
* Refactor code in package imagebuildah
* Add rootless podman with NFS issue in documentation
* Add --mount for buildah run
* import method ValidateVolumeOpts from libpod
* Fix typo
* Makefile: set GO111MODULE=off
* rootless: add the built-in slirp DNS server
* Update docker/libnetwork to get rid of outdated sctp package
* Update buildah-login.md
* migrate to go modules
* install.md: mention go modules
* tests/tools: go module for test binaries
* fix --volume splits comma delimited option
* Add bud test for RUN with a priv'd command
* vendor logrus v1.4.2
* pkg/cli: panic when flags can't be hidden
* pkg/unshare: check all errors
* pull: check error during report write
* run_linux.go: ignore unchecked errors
* conformance test: catch copy error
* chroot/run_test.go: export funcs to actually be executed
* tests/imgtype: ignore error when shutting down the store
* testreport: check json error
* bind/util.go: remove unused func
* rm chroot/util.go
* imagebuildah: remove unused dedupeStringSlice
* StageExecutor: EnsureContainerPath: catch error from SecureJoin()
* imagebuildah/build.go: return instead of branching
* rmi: avoid redundant branching
* conformance tests: nilness: allocate map
* imagebuildah/build.go: avoid redundant filepath.Join()
* imagebuildah/build.go: avoid redundant os.Stat()
* imagebuildah: omit comparison to bool
* fix 'ineffectual assignment' lint errors
* docker: ignore 'repeats json tag' lint error
* pkg/unshare: use ... instead of iterating a slice
* conformance: bud test: use raw strings for regexes
* conformance suite: remove unused func/var
* buildah test suite: remove unused vars/funcs
* testreport: fix golangci-lint errors
* util: remove redundant return statement
* chroot: only log clean-up errors
* images_test: ignore golangci-lint error
* blobcache: log error when draining the pipe
* imagebuildah: check errors in deferred calls
* chroot: fix error handling in deferred funcs
* cmd: check all errors
* chroot/run_test.go: check errors
* chroot/run.go: check errors in deferred calls
* imagebuildah.Executor: remove unused onbuild field
* docker/types.go: remove unused struct fields
* util: use strings.ContainsRune instead of index check
* Cirrus: Initial implementation
* buildah-run: fix-out-of-range panic (2)
* Update containers/image to v2.0.0
* run: fix hang with run and --isolation=chroot
* run: fix hang when using run
* chroot: drop unused function call
* remove --> before imgageID on build
* Always close stdin pipe
* Write deny to setgroups when doing single user mapping
* Avoid including linux/memfd.h
* Add a test for the symlink pointing to a directory
* Add missing continue
* Fix the handling of symlinks to absolute paths
* Only set default network sysctls if not rootless
* Support --dns=none like podman
* fix bug --cpu-shares parsing typo
* Fix validate complaint
* Update vendor on containers/storage to v1.12.10
* Create directory paths for COPY thereby ensuring correct perms
* imagebuildah: use a stable sort for comparing build args
* imagebuildah: tighten up cache checking
* bud.bats: add a test verying the order of --build-args
* add -t to podman run
* imagebuildah: simplify screening by top layers
* imagebuildah: handle ID mappings for COPY --from
* imagebuildah: apply additionalTags ourselves
* bud.bats: test additional tags with cached images
* bud.bats: add a test for WORKDIR and COPY with absolute destinations
* Cleanup Overlay Mounts content
* Add support for file secret mounts
* Add ability to skip secrets in mounts file
* allow 32bit builds
* fix tutorial instructions
* imagebuilder: pass the right contextDir to Add()
* add: use fileutils.PatternMatcher for .dockerignore
* bud.bats: add another .dockerignore test
* unshare: fallback to single usermapping
* addHelperSymlink: clear the destination on os.IsExist errors
* bud.bats: test replacing symbolic links
* imagebuildah: fix handling of destinations that end with '/'
* bud.bats: test COPY with a final '/' in the destination
* linux: add check for sysctl before using it
* unshare: set _CONTAINERS_ROOTLESS_GID
* Rework buildahimamges
* build context: support https git repos
* Add a test for ENV special chars behaviour
* Check in new Dockerfiles
* Apply custom SHELL during build time
* config: expand variables only at the command line
* SetEnv: we only need to expand v once
* Add default /root if empty on chroot iso
* Add support for Overlay volumes into the container.
* Export buildah validate volume functions so it can share code with libpod
* Bump baseline test to F30
* Fix rootless handling of /dev/shm size
* Avoid fmt.Printf() in the library
* imagebuildah: tighten cache checking back up
* Handle WORKDIR with dangling target
* Default Authfile to proper path
* Make buildah run --isolation follow BUILDAH_ISOLATION environment
* Vendor in latest containers/storage and containers/image
* getParent/getChildren: handle layerless images
* imagebuildah: recognize cache images for layerless images
* bud.bats: test scratch images with --layers caching
* Get CHANGELOG.md updates
* Add some symlinks to test our .dockerignore logic
* imagebuildah: addHelper: handle symbolic links
* commit/push: use an everything-allowed policy
* Correct manpage formatting in files section
* Remove must be root statement from buildah doc
* Change image names to stable, testing and upstream
* Don't create directory on container
* Replace kubernetes/pause in tests with k8s.gcr.io/pause
* imagebuildah: don't remove intermediate images if we need them
* Rework buildahimagegit to buildahimageupstream
* Fix Transient Mounts
* Handle WORKDIRs that are symlinks
* allow podman to build a client for windows
* Touch up 1.9-dev to 1.9.0-dev
* Resolve symlink when checking container path
* commit: commit on every instruction, but not always with layers
* CommitOptions: drop the unused OnBuild field
* makeImageRef: pass in the whole CommitOptions structure
* cmd: API cleanup: stores before images
* run: check if SELinux is enabled
* Fix buildahimages Dockerfiles to include support for additionalimages mounted from host.
* Detect changes in rootdir
* Fix typo in buildah-pull(1)
* Vendor in latest containers/storage
* Keep track of any build-args used during buildah bud --layers
* commit: always set a parent ID
* imagebuildah: rework unused-argument detection
* fix bug dest path when COPY .dockerignore
* Move Host IDMAppings code from util to unshare
* Add BUILDAH_ISOLATION rootless back
* Travis CI: fail fast, upon error in any step
* imagebuildah: only commit images for intermediate stages if we have to
* Use errors.Cause() when checking for IsNotExist errors
* auto pass http_proxy to container
* imagebuildah: don't leak image structs
* Add Dockerfiles for buildahimages
* Bump to Replace golang 1.10 with 1.12
* add --dns* flags to buildah bud
* Add hack/build_speed.sh test speeds on building container images
* Create buildahimage Dockerfile for Quay
* rename 'is' to 'expect_output'
* squash.bats: test squashing in multi-layered builds
* bud.bats: test COPY --from in a Dockerfile while using the cache
* commit: make target image names optional
* Fix bud-args to allow comma separation
* oops, missed some tests in commit.bats
* new helper: expect_line_count
* New tests for #1467 (string slices in cmdline opts)
* Workarounds for dealing with travis; review feedback
* BATS tests - extensive but minor cleanup
* imagebuildah: defer pulling images for COPY --from
* imagebuildah: centralize COMMIT and image ID output
* Travis: do not use traviswait
* imagebuildah: only initialize imagebuilder configuration once per stage
* Make cleaner error on Dockerfile build errors
* unshare: move to pkg/
* unshare: move some code from cmd/buildah/unshare
* Fix handling of Slices versus Arrays
* imagebuildah: reorganize stage and per-stage logic
* imagebuildah: add empty layers for instructions
* Add missing step in installing into Ubuntu
* fix bug in .dockerignore support
* imagebuildah: deduplicate prepended 'FROM' instructions
* Touch up intro
* commit: set created-by to the shell if it isn't set
* commit: check that we always set a 'created-by'
* docs/buildah.md: add 'containers-' prefixes under 'SEE ALSO'

Update to v1.7.2

* Updates vendored containers/storage to latest version
* rootless: by default use the host network namespace

- Full changelog: https://github.com/containers/buildah/releases/tag/v1.6
Family:unixClass:patch
Status:Reference(s):1046299
1046303
1046305
1048046
1050244
1050536
1050545
1051429
1051510
1055186
1061840
1064802
1065600
1066129
1073313
1073513
1082635
1083647
1086323
1087092
1089644
1090631
1093205
1096254
1096945
1097583
1097584
1097585
1097586
1097587
1097588
1098291
1099358
1100691
1101674
1104841
1107424
1109158
1111388
1114279
1114832
1114845
1115722
1115723
1115724
1117665
1118897
1118898
1118899
1119461
1119465
1121086
1121967
1122193
1122838
1122839
1123034
1123080
1124308
1127838
1129124
1129403
1129528
1133140
1133283
1134303
1134978
1135642
1135854
1135873
1135966
1135967
1136440
1137040
1137799
1137990
1138190
1139073
1140090
1140729
1140845
1140883
1141600
1142635
1142667
1142988
1143194
1143273
1143706
1144338
1144363
1144375
1144449
1144903
1145099
1146612
1146657
1148410
1149119
1149429
1150452
1150457
1150465
1150875
1151186
1151488
1151508
1152624
1152685
1152788
1152791
1153112
1153158
1153236
1153263
1153423
1153476
1153509
1153646
1153713
1153717
1153718
1153719
1153811
1153869
1153969
1154092
1154108
1154189
1154354
1154372
1154578
1154607
1154608
1154610
1154611
1154651
1154737
1154738
1154747
1154848
1154858
1154905
1155178
1155179
1155184
1155186
1155671
1159639
1165184
1167864
CVE-2017-17740
CVE-2018-1000622
CVE-2018-12207
CVE-2018-16548
CVE-2018-16873
CVE-2018-16874
CVE-2018-16875
CVE-2018-17189
CVE-2018-17199
CVE-2018-19198
CVE-2018-19199
CVE-2018-19200
CVE-2018-20721
CVE-2019-0154
CVE-2019-0155
CVE-2019-0804
CVE-2019-0816
CVE-2019-10086
CVE-2019-10214
CVE-2019-10220
CVE-2019-11135
CVE-2019-11757
CVE-2019-11758
CVE-2019-11759
CVE-2019-11760
CVE-2019-11761
CVE-2019-11762
CVE-2019-11763
CVE-2019-11764
CVE-2019-12083
CVE-2019-13057
CVE-2019-13565
CVE-2019-15903
CVE-2019-16232
CVE-2019-16233
CVE-2019-16234
CVE-2019-16995
CVE-2019-17056
CVE-2019-17133
CVE-2019-17666
CVE-2019-5736
CVE-2020-10696
SUSE-SU-2019:0228-1
SUSE-SU-2019:0495-1
SUSE-SU-2019:0504-1
SUSE-SU-2019:2245-1
SUSE-SU-2019:2395-1
SUSE-SU-2019:2439-1
SUSE-SU-2019:2750-1
SUSE-SU-2019:2871-1
SUSE-SU-2019:3097-1
SUSE-SU-2019:3393-1
SUSE-SU-2020:3423-1
Platform(s):SUSE Linux Enterprise Desktop 11 SP2
SUSE Linux Enterprise Desktop 11 SP3
SUSE Linux Enterprise Desktop 12
SUSE Linux Enterprise Desktop 12 SP1
SUSE Linux Enterprise Desktop 12 SP2
SUSE Linux Enterprise Desktop 12 SP4
SUSE Linux Enterprise for SAP 12
SUSE Linux Enterprise High Availability 12 SP2
SUSE Linux Enterprise High Availability 12 SP3
SUSE Linux Enterprise High Availability 12 SP4
SUSE Linux Enterprise High Availability 15
SUSE Linux Enterprise High Availability 15 SP1
SUSE Linux Enterprise Module for additional PackageHub packages 15
SUSE Linux Enterprise Module for Containers 12
SUSE Linux Enterprise Module for Containers 15 SP1
SUSE Linux Enterprise Module for Containers 15 SP2
SUSE Linux Enterprise Module for High Performance Computing 15
SUSE Linux Enterprise Module for High Performance Computing 15 SP1
SUSE Linux Enterprise Module for Legacy Software 12
SUSE Linux Enterprise Module for Legacy Software 15
SUSE Linux Enterprise Module for Legacy Software 15 SP1
SUSE Linux Enterprise Module for Live Patching 15
SUSE Linux Enterprise Module for Live Patching 15 SP1
SUSE Linux Enterprise Module for Open Buildservice Development Tools 15
SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SP1
SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SP2
SUSE Linux Enterprise Module for Server Applications 15
SUSE Linux Enterprise Module for Server Applications 15 SP1
SUSE Linux Enterprise Module for Web Scripting 12
SUSE Linux Enterprise Module for Web Scripting 15
SUSE Linux Enterprise Server 11
SUSE Linux Enterprise Server 11 SP1-LTSS
SUSE Linux Enterprise Server 11 SP2
SUSE Linux Enterprise Server 11 SP2-LTSS
SUSE Linux Enterprise Server 11 SP3
SUSE Linux Enterprise Server 11 SP4
SUSE Linux Enterprise Server 12
SUSE Linux Enterprise Server 12 SP2
SUSE Linux Enterprise Server 12 SP3
SUSE Linux Enterprise Server for Raspberry Pi 12 SP2
SUSE Linux Enterprise Server for VMWare 11 SP2
SUSE Linux Enterprise Server for VMWare 11 SP3
SUSE Linux Enterprise Software Development Kit 12
SUSE Linux Enterprise Software Development Kit 12 SP1
SUSE Linux Enterprise Workstation Extension 12 SP1
SUSE Linux Enterprise Workstation Extension 15
SUSE Linux Enterprise Workstation Extension 15 SP1
SUSE Package Hub for SUSE Linux Enterprise 12
SUSE Package Hub for SUSE Linux Enterprise 12 SP1
Product(s):
Definition Synopsis
  • SUSE Linux Enterprise Desktop 12 is installed
  • AND Package Information
  • alsa-1.0.27.2-11 is installed
  • OR libasound2-1.0.27.2-11 is installed
  • OR libasound2-32bit-1.0.27.2-11 is installed
  • Definition Synopsis
  • SUSE Linux Enterprise Desktop 12 SP1 is installed
  • AND Package Information
  • libzzip-0-13-0.13.62-9 is installed
  • OR zziplib-0.13.62-9 is installed
  • Definition Synopsis
  • SUSE Linux Enterprise Desktop 12 SP2 is installed
  • AND Package Information
  • ImageMagick-6.8.8.1-47 is installed
  • OR libMagick++-6_Q16-3-6.8.8.1-47 is installed
  • OR libMagickCore-6_Q16-1-6.8.8.1-47 is installed
  • OR libMagickCore-6_Q16-1-32bit-6.8.8.1-47 is installed
  • OR libMagickWand-6_Q16-1-6.8.8.1-47 is installed
  • Definition Synopsis
  • SUSE Linux Enterprise Desktop 12 SP4 is installed
  • AND Package Information
  • libjson-c2-0.11-2 is installed
  • OR libjson-c2-32bit-0.11-2 is installed
  • Definition Synopsis
  • SUSE Linux Enterprise for SAP 12 is installed
  • AND Package Information
  • apache2-2.4.10-14.17.1 is installed
  • OR apache2-doc-2.4.10-14.17.1 is installed
  • OR apache2-example-pages-2.4.10-14.17.1 is installed
  • OR apache2-prefork-2.4.10-14.17.1 is installed
  • OR apache2-utils-2.4.10-14.17.1 is installed
  • OR apache2-worker-2.4.10-14.17.1 is installed
  • Definition Synopsis
  • SUSE Linux Enterprise High Availability 12 SP2 is installed
  • AND Package Information
  • cluster-md-kmp-default-4.4.21-69 is installed
  • OR cluster-network-kmp-default-4.4.21-69 is installed
  • OR dlm-kmp-default-4.4.21-69 is installed
  • OR gfs2-kmp-default-4.4.21-69 is installed
  • OR ocfs2-kmp-default-4.4.21-69 is installed
  • Definition Synopsis
  • SUSE Linux Enterprise High Availability 12 SP3 is installed
  • AND lighttpd-1.4.35-3 is installed
  • Definition Synopsis
  • SUSE Linux Enterprise High Availability 12 SP4 is installed
  • AND conntrack-tools-1.4.2-5 is installed
  • Definition Synopsis
  • SUSE Linux Enterprise High Availability 15 is installed
  • AND haproxy-1.8.14~git0.52e4d43b-3.3 is installed
  • Definition Synopsis
  • SUSE Linux Enterprise High Availability 15 SP1 is installed
  • AND Package Information
  • graphviz-addons-2.40.1-6.3 is installed
  • OR graphviz-gd-2.40.1-6.3 is installed
  • OR graphviz-python-2.40.1-6.3 is installed
  • Definition Synopsis
  • SUSE Linux Enterprise Module for additional PackageHub packages 15 is installed
  • AND Package Information
  • postgresql10-10.6-4.8 is installed
  • OR postgresql10-test-10.6-4.8 is installed
  • Definition Synopsis
  • SUSE Linux Enterprise Module for Containers 12 is installed
  • AND python-PyYAML-3.10-15 is installed
  • Definition Synopsis
  • SUSE Linux Enterprise Module for Containers 15 SP1 is installed
  • AND buildah-1.17.0-3.6 is installed
  • Definition Synopsis
  • SUSE Linux Enterprise Module for Containers 15 SP2 is installed
  • AND buildah-1.17.0-3.6 is installed
  • Definition Synopsis
  • SUSE Linux Enterprise Module for High Performance Computing 15 is installed
  • AND Package Information
  • python-numpy_1_16_1-gnu-hpc-1.16.1-4.8 is installed
  • OR python2-numpy-gnu-hpc-1.16.1-4.8 is installed
  • OR python2-numpy-gnu-hpc-devel-1.16.1-4.8 is installed
  • OR python3-numpy-gnu-hpc-1.16.1-4.8 is installed
  • OR python3-numpy-gnu-hpc-devel-1.16.1-4.8 is installed
  • Definition Synopsis
  • SUSE Linux Enterprise Module for High Performance Computing 15 SP1 is installed
  • AND Package Information
  • python-numpy_1_16_1-gnu-hpc-1.16.1-4.8 is installed
  • OR python2-numpy-gnu-hpc-1.16.1-4.8 is installed
  • OR python2-numpy-gnu-hpc-devel-1.16.1-4.8 is installed
  • OR python3-numpy-gnu-hpc-1.16.1-4.8 is installed
  • OR python3-numpy-gnu-hpc-devel-1.16.1-4.8 is installed
  • Definition Synopsis
  • SUSE Linux Enterprise Module for Legacy Software 12 is installed
  • AND Package Information
  • cups154-1.5.4-2 is installed
  • OR cups154-client-1.5.4-2 is installed
  • OR cups154-filters-1.5.4-2 is installed
  • OR cups154-libs-1.5.4-2 is installed
  • Definition Synopsis
  • SUSE Linux Enterprise Module for Legacy Software 15 is installed
  • AND Package Information
  • kernel-default-4.12.14-25.19 is installed
  • OR reiserfs-kmp-default-4.12.14-25.19 is installed
  • Definition Synopsis
  • SUSE Linux Enterprise Module for Legacy Software 15 SP1 is installed
  • AND Package Information
  • kernel-default-4.12.14-197.7 is installed
  • OR reiserfs-kmp-default-4.12.14-197.7 is installed
  • Definition Synopsis
  • SUSE Linux Enterprise Module for Live Patching 15 is installed
  • AND Package Information
  • kernel-default-4.12.14-25.13 is installed
  • OR kernel-default-livepatch-4.12.14-25.13 is installed
  • Definition Synopsis
  • SUSE Linux Enterprise Module for Live Patching 15 SP1 is installed
  • AND Package Information
  • kernel-livepatch-4_12_14-197_4-default-2-2 is installed
  • OR kernel-livepatch-SLE15-SP1_Update_1-2-2 is installed
  • Definition Synopsis
  • SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 is installed
  • AND Package Information
  • apache-commons-beanutils-1.9.2-4.3 is installed
  • OR apache-commons-beanutils-javadoc-1.9.2-4.3 is installed
  • Definition Synopsis
  • SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SP1 is installed
  • AND Package Information
  • graphviz-addons-2.40.1-6.3 is installed
  • OR graphviz-doc-2.40.1-6.3 is installed
  • OR graphviz-gnome-2.40.1-6.3 is installed
  • OR graphviz-guile-2.40.1-6.3 is installed
  • OR graphviz-gvedit-2.40.1-6.3 is installed
  • OR graphviz-java-2.40.1-6.3 is installed
  • OR graphviz-lua-2.40.1-6.3 is installed
  • OR graphviz-php-2.40.1-6.3 is installed
  • OR graphviz-ruby-2.40.1-6.3 is installed
  • OR graphviz-smyrna-2.40.1-6.3 is installed
  • Definition Synopsis
  • SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SP2 is installed
  • AND Package Information
  • MozillaFirefox-68.6.0-3.75 is installed
  • OR MozillaFirefox-branding-upstream-68.6.0-3.75 is installed
  • OR MozillaFirefox-buildsymbols-68.6.0-3.75 is installed
  • OR MozillaFirefox-devel-68.6.0-3.75 is installed
  • Definition Synopsis
  • SUSE Linux Enterprise Module for Server Applications 15 is installed
  • AND rmt-server-1.1.1-3.13 is installed
  • Definition Synopsis
  • SUSE Linux Enterprise Module for Server Applications 15 SP1 is installed
  • AND Package Information
  • libvirt-5.1.0-8.3 is installed
  • OR libvirt-admin-5.1.0-8.3 is installed
  • OR libvirt-bash-completion-5.1.0-8.3 is installed
  • OR libvirt-client-5.1.0-8.3 is installed
  • OR libvirt-daemon-5.1.0-8.3 is installed
  • OR libvirt-daemon-config-network-5.1.0-8.3 is installed
  • OR libvirt-daemon-config-nwfilter-5.1.0-8.3 is installed
  • OR libvirt-daemon-driver-interface-5.1.0-8.3 is installed
  • OR libvirt-daemon-driver-libxl-5.1.0-8.3 is installed
  • OR libvirt-daemon-driver-lxc-5.1.0-8.3 is installed
  • OR libvirt-daemon-driver-network-5.1.0-8.3 is installed
  • OR libvirt-daemon-driver-nodedev-5.1.0-8.3 is installed
  • OR libvirt-daemon-driver-nwfilter-5.1.0-8.3 is installed
  • OR libvirt-daemon-driver-qemu-5.1.0-8.3 is installed
  • OR libvirt-daemon-driver-secret-5.1.0-8.3 is installed
  • OR libvirt-daemon-driver-storage-5.1.0-8.3 is installed
  • OR libvirt-daemon-driver-storage-core-5.1.0-8.3 is installed
  • OR libvirt-daemon-driver-storage-disk-5.1.0-8.3 is installed
  • OR libvirt-daemon-driver-storage-iscsi-5.1.0-8.3 is installed
  • OR libvirt-daemon-driver-storage-logical-5.1.0-8.3 is installed
  • OR libvirt-daemon-driver-storage-mpath-5.1.0-8.3 is installed
  • OR libvirt-daemon-driver-storage-rbd-5.1.0-8.3 is installed
  • OR libvirt-daemon-driver-storage-scsi-5.1.0-8.3 is installed
  • OR libvirt-daemon-hooks-5.1.0-8.3 is installed
  • OR libvirt-daemon-lxc-5.1.0-8.3 is installed
  • OR libvirt-daemon-qemu-5.1.0-8.3 is installed
  • OR libvirt-daemon-xen-5.1.0-8.3 is installed
  • OR libvirt-devel-5.1.0-8.3 is installed
  • OR libvirt-doc-5.1.0-8.3 is installed
  • OR libvirt-lock-sanlock-5.1.0-8.3 is installed
  • OR libvirt-nss-5.1.0-8.3 is installed
  • Definition Synopsis
  • SUSE Linux Enterprise Module for Web Scripting 12 is installed
  • AND Package Information
  • apache2-mod_php7-7.0.7-15 is installed
  • OR php7-7.0.7-15 is installed
  • OR php7-bcmath-7.0.7-15 is installed
  • OR php7-bz2-7.0.7-15 is installed
  • OR php7-calendar-7.0.7-15 is installed
  • OR php7-ctype-7.0.7-15 is installed
  • OR php7-curl-7.0.7-15 is installed
  • OR php7-dba-7.0.7-15 is installed
  • OR php7-dom-7.0.7-15 is installed
  • OR php7-enchant-7.0.7-15 is installed
  • OR php7-exif-7.0.7-15 is installed
  • OR php7-fastcgi-7.0.7-15 is installed
  • OR php7-fileinfo-7.0.7-15 is installed
  • OR php7-fpm-7.0.7-15 is installed
  • OR php7-ftp-7.0.7-15 is installed
  • OR php7-gd-7.0.7-15 is installed
  • OR php7-gettext-7.0.7-15 is installed
  • OR php7-gmp-7.0.7-15 is installed
  • OR php7-iconv-7.0.7-15 is installed
  • OR php7-imap-7.0.7-15 is installed
  • OR php7-intl-7.0.7-15 is installed
  • OR php7-json-7.0.7-15 is installed
  • OR php7-ldap-7.0.7-15 is installed
  • OR php7-mbstring-7.0.7-15 is installed
  • OR php7-mcrypt-7.0.7-15 is installed
  • OR php7-mysql-7.0.7-15 is installed
  • OR php7-odbc-7.0.7-15 is installed
  • OR php7-opcache-7.0.7-15 is installed
  • OR php7-openssl-7.0.7-15 is installed
  • OR php7-pcntl-7.0.7-15 is installed
  • OR php7-pdo-7.0.7-15 is installed
  • OR php7-pear-7.0.7-15 is installed
  • OR php7-pear-Archive_Tar-7.0.7-15 is installed
  • OR php7-pgsql-7.0.7-15 is installed
  • OR php7-phar-7.0.7-15 is installed
  • OR php7-posix-7.0.7-15 is installed
  • OR php7-pspell-7.0.7-15 is installed
  • OR php7-shmop-7.0.7-15 is installed
  • OR php7-snmp-7.0.7-15 is installed
  • OR php7-soap-7.0.7-15 is installed
  • OR php7-sockets-7.0.7-15 is installed
  • OR php7-sqlite-7.0.7-15 is installed
  • OR php7-sysvmsg-7.0.7-15 is installed
  • OR php7-sysvsem-7.0.7-15 is installed
  • OR php7-sysvshm-7.0.7-15 is installed
  • OR php7-tokenizer-7.0.7-15 is installed
  • OR php7-wddx-7.0.7-15 is installed
  • OR php7-xmlreader-7.0.7-15 is installed
  • OR php7-xmlrpc-7.0.7-15 is installed
  • OR php7-xmlwriter-7.0.7-15 is installed
  • OR php7-xsl-7.0.7-15 is installed
  • OR php7-zip-7.0.7-15 is installed
  • OR php7-zlib-7.0.7-15 is installed
  • Definition Synopsis
  • SUSE Linux Enterprise Module for Web Scripting 15 is installed
  • AND Package Information
  • nodejs8-8.15.0-3.11 is installed
  • OR nodejs8-devel-8.15.0-3.11 is installed
  • OR nodejs8-docs-8.15.0-3.11 is installed
  • OR npm8-8.15.0-3.11 is installed
  • Definition Synopsis
  • SUSE Linux Enterprise Server 12 is installed
  • AND Package Information
  • apache-commons-daemon-1.0.15-4 is installed
  • OR apache-commons-daemon-javadoc-1.0.15-4 is installed
  • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP2 is installed
  • AND Package Information
  • libXcursor1-1.1.14-3 is installed
  • OR libXcursor1-32bit-1.1.14-3 is installed
  • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP3 is installed
  • AND Package Information
  • apache-commons-daemon-1.0.15-6 is installed
  • OR apache-commons-daemon-javadoc-1.0.15-6 is installed
  • Definition Synopsis
  • SUSE Linux Enterprise Server for Raspberry Pi 12 SP2 is installed
  • AND Package Information
  • sysconfig-0.84.0-13 is installed
  • OR sysconfig-netconfig-0.84.0-13 is installed
  • Definition Synopsis
  • SUSE Linux Enterprise Software Development Kit 12 is installed
  • AND Package Information
  • postgresql93-devel-9.3.8-8.1 is installed
  • OR postgresql93-libs-9.3.8-8.1 is installed
  • Definition Synopsis
  • SUSE Linux Enterprise Software Development Kit 12 SP1 is installed
  • AND osc-0.152.0-11.1 is installed
  • Definition Synopsis
  • SUSE Linux Enterprise Workstation Extension 12 SP1 is installed
  • AND telepathy-idle-0.2.0-1.62 is installed
  • Definition Synopsis
  • SUSE Linux Enterprise Workstation Extension 15 is installed
  • AND Package Information
  • MozillaThunderbird-60.8.0-3.46 is installed
  • OR MozillaThunderbird-translations-common-60.8.0-3.46 is installed
  • OR MozillaThunderbird-translations-other-60.8.0-3.46 is installed
  • Definition Synopsis
  • SUSE Linux Enterprise Workstation Extension 15 SP1 is installed
  • AND Package Information
  • MozillaThunderbird-60.7.0-3.36 is installed
  • OR MozillaThunderbird-translations-common-60.7.0-3.36 is installed
  • OR MozillaThunderbird-translations-other-60.7.0-3.36 is installed
  • Definition Synopsis
  • SUSE Package Hub for SUSE Linux Enterprise 12 is installed
  • AND Package Information
  • irssi-0.8.20-9 is installed
  • OR irssi-devel-0.8.20-9 is installed
  • Definition Synopsis
  • SUSE Package Hub for SUSE Linux Enterprise 12 SP1 is installed
  • AND Package Information
  • kinit-5.20.0-6 is installed
  • OR kinit-devel-5.20.0-6 is installed
  • OR kinit-lang-5.20.0-6 is installed
  • BACK