podman

~jackweirdy/podman/+git/main:v4.4.1-crio

  1. Git
  2. lp:~jackweirdy/podman/+git/main
  3. v4.4.1-crio
Last commit made on 2024-05-16
Get this branch:
git clone -b v4.4.1-crio https://git.launchpad.net/~jackweirdy/podman/+git/main

Branch merges

Branch information

Name:
v4.4.1-crio
Repository:
lp:~jackweirdy/podman/+git/main

Recent commits

6071a2b... by "openshift-merge-bot[bot]" <148852131+openshift-merge-bot[bot]@users.noreply.github.com>

Merge pull request #22339 from TomSweeneyRedHat/dev/tsweeney/cve-jose-v4.4.1-crio

[v4.4.1-crio] Bump ocicrypt and go-jose CVE-2024-28180

05d0889... by tomsweeneyredhat <email address hidden>

[v4.4.1-crio] Bump ocicrypt and go-jose CVE-2024-28180

Bump github.com/go-jose/go-jose to v3.0.0 and
github.com/containers/ocicrypt to v1.1.10

Addresses: CVE-2024-28180
https://issues.redhat.com/browse/OCPBUGS-30784

Also tailors the .cirrus.yml to turn off a number of tests.

Signed-off-by: tomsweeneyredhat <email address hidden>

b87bac3... by Matt Heon <email address hidden>

Merge pull request #22210 from TomSweeneyRedHat/dev/tsweeney/cve-v4.4.1-crio

[v4.4.1-crio] Bump Buildah to v1.29.3 CVE-2024-1753

fdd3eb2... by tomsweeneyredhat <email address hidden>

[v4.4.1-crio] Bump Buildah to v1.29.3 CVE-2024-1753

As the title says. Addresses CVE-2024-1753
https://issues.redhat.com/browse/OCPBUGS-30996

[NO NEW TESTS NEEDED]

Signed-off-by: tomsweeneyredhat <email address hidden>

f14c6a2... by Matt Heon <email address hidden>

Merge pull request #21488 from mheon/bump_runc_441crio

Port #21480 to v4.4.1-crio

4a8f262... by Matt Heon <email address hidden>

Fix Cirrus dest-branch

Signed-off-by: Matt Heon <email address hidden>

a428555... by Nalin Dahyabhai <email address hidden>

"podman pull by digest and list --all" test: untag instead of rmi

The "podman pull by digest and list --all" e2e test pulls an image using
a tagged reference when an image with the same ID is already present in
a read-only additional image store.
This causes a new image record to be created in read-write storage.
The test then removes this entry, pulls the image again using a digested
reference, and then expects the image to not have any tagged names in it
when it goes to look at it again.
Newer containers/storage will ensure that at the point when the
read-write image record is created, that it includes all of the data
items and naming information from the read-only copy of the image, so
that this information doesn't appear to be lost.
Change the test to use "untag" instead of "rmi", which should pass with
either the older or newer containers/storage.
The test is checking that `podman images` doesn't choke when it
encounters a digested name attached to an image, so the difference in
behavior between containers/storage versions is irrelevant.

Signed-off-by: Nalin Dahyabhai <email address hidden>

6ce1a49... by Ed Santiago <email address hidden>

(Temporary) Emergency CI fix: quay search is broken

Someone please revert this once quay search is fixed.

Signed-off-by: Ed Santiago <email address hidden>

a51f723... by Ed Santiago <email address hidden>

systests: kube with policies test: fix race

Add a wait_for_ready() to one kube-play test, to make sure
container output has made it to the journal.

Probably does not fix #18501, but I think it might fix its
most common presentation.

Signed-off-by: Ed Santiago <email address hidden>

35955bc... by Matt Heon <email address hidden>

Fix updated runc dep breaking pod devices cgroup

The update to runc broke creation of devices for containers in
the pod cgroup. We don't support the device cgroup for pods at
present, so just disable it for now, resolving the issue.

Thanks to Giuseppe for finding the fix.

[NO NEW TESTS NEEDED] fixes a test break

Signed-off-by: Matt Heon <email address hidden>