From 3d2fca72819f9093f67739e757f1b54e54b68792 Mon Sep 17 00:00:00 2001 From: Lokesh Mandvekar Date: Mon, 23 Jan 2023 16:04:03 +0530 Subject: [PATCH] Revert to v4.3.1 and bump Epoch to 5 This reverts commits 22fedbe, 4c4356f, 68abbd3 and 260db87. Prep for CVE-2022-41717. Signed-off-by: Lokesh Mandvekar --- .gitignore | 2 - podman.spec | 111 +++++++++++++------------------ sources | 2 +- tests/test_podman_cgroups_vn.yml | 2 - tests/test_podman_remote.yml | 2 - 5 files changed, 48 insertions(+), 71 deletions(-) diff --git a/.gitignore b/.gitignore index 005ebd8..bb786a9 100644 --- a/.gitignore +++ b/.gitignore @@ -1816,6 +1816,4 @@ /v4.3.0-rc1.tar.gz /v4.3.0.tar.gz /v4.3.1.tar.gz -/v4.4.0-rc1.tar.gz -/v4.4.0-rc2.tar.gz /gvisor-tap-vsock-aab0ac9367fc5142f5857c36ac2352bcb3c60ab7.tar.gz diff --git a/podman.spec b/podman.spec index e353d35..af957ac 100644 --- a/podman.spec +++ b/podman.spec @@ -29,12 +29,12 @@ %global git_gvproxy https://%{import_path_gvproxy} %global commit_gvproxy aab0ac9367fc5142f5857c36ac2352bcb3c60ab7 -%global built_tag v4.4.0-rc2 +%global built_tag v4.3.1 %global built_tag_strip %(b=%{built_tag}; echo ${b:1}) %global gen_version %(b=%{built_tag_strip}; echo ${b/-/"~"}) Name: podman -Epoch: 4 +Epoch: 5 Version: %{gen_version} License: ASL 2.0 and BSD and ISC and MIT and MPLv2.0 Release: %autorelease @@ -81,32 +81,33 @@ Recommends: %{name}-gvproxy = %{epoch}:%{version}-%{release} # vendored libraries # awk '{print "Provides: bundled(golang("$1")) = "$2}' go.mod | sort | uniq | sed -e 's/-/_/g' -e '/bundled(golang())/d' -e '/bundled(golang(go\|module\|replace\|require))/d' Provides: bundled(golang(github.com/Azure/go_ansiterm)) = v0.0.0_20210617225240_d185dfc1b5a1 -Provides: bundled(golang(github.com/BurntSushi/toml)) = v1.2.1 -Provides: bundled(golang(github.com/Microsoft/go_winio)) = v0.6.0 -Provides: bundled(golang(github.com/Microsoft/hcsshim)) = v0.9.6 +Provides: bundled(golang(github.com/BurntSushi/toml)) = v1.2.0 +Provides: bundled(golang(github.com/Microsoft/go_winio)) = v0.5.2 +Provides: bundled(golang(github.com/Microsoft/hcsshim)) = v0.9.4 Provides: bundled(golang(github.com/VividCortex/ewma)) = v1.2.0 Provides: bundled(golang(github.com/acarl005/stripansi)) = v0.0.0_20180116102854_5a71ef0e047d +Provides: bundled(golang(github.com/blang/semver)) = v3.5.1+incompatible Provides: bundled(golang(github.com/blang/semver/v4)) = v4.0.0 Provides: bundled(golang(github.com/buger/goterm)) = v1.0.4 Provides: bundled(golang(github.com/checkpoint_restore/checkpointctl)) = v0.0.0_20220321135231_33f4a66335f0 -Provides: bundled(golang(github.com/checkpoint_restore/go_criu/v6)) = v6.3.0 +Provides: bundled(golang(github.com/checkpoint_restore/go_criu/v5)) = v5.3.0 Provides: bundled(golang(github.com/chzyer/readline)) = v1.5.1 -Provides: bundled(golang(github.com/container_orchestrated_devices/container_device_interface)) = v0.5.3 +Provides: bundled(golang(github.com/container_orchestrated_devices/container_device_interface)) = v0.5.1 Provides: bundled(golang(github.com/containerd/cgroups)) = v1.0.4 -Provides: bundled(golang(github.com/containerd/containerd)) = v1.6.14 -Provides: bundled(golang(github.com/containerd/stargz_snapshotter/estargz)) = v0.13.0 +Provides: bundled(golang(github.com/containerd/containerd)) = v1.6.8 +Provides: bundled(golang(github.com/containerd/stargz_snapshotter/estargz)) = v0.12.0 Provides: bundled(golang(github.com/containernetworking/cni)) = v1.1.2 Provides: bundled(golang(github.com/containernetworking/plugins)) = v1.1.1 -Provides: bundled(golang(github.com/containers/buildah)) = v1.28.1_0.20221221082547_8403b6ebc13d -Provides: bundled(golang(github.com/containers/common)) = v0.50.2_0.20230105184634_df156f4ee73f +Provides: bundled(golang(github.com/containers/buildah)) = v1.27.1_0.20220921131114_d3064796af36 +Provides: bundled(golang(github.com/containers/common)) = v0.49.2_0.20220920205255_8062f81c5497 Provides: bundled(golang(github.com/containers/conmon)) = v2.0.20+incompatible -Provides: bundled(golang(github.com/containers/image/v5)) = v5.23.1_0.20230104183125_aaf0985b36f9 +Provides: bundled(golang(github.com/containers/image/v5)) = v5.22.1_0.20220919112403_fe51f7ffca50 Provides: bundled(golang(github.com/containers/libtrust)) = v0.0.0_20200511145503_9c3a6c22cd9a -Provides: bundled(golang(github.com/containers/ocicrypt)) = v1.1.6 -Provides: bundled(golang(github.com/containers/psgo)) = v1.8.0 -Provides: bundled(golang(github.com/containers/storage)) = v1.44.1_0.20230105105526_fc91849352e5 +Provides: bundled(golang(github.com/containers/ocicrypt)) = v1.1.5 +Provides: bundled(golang(github.com/containers/psgo)) = v1.7.3 +Provides: bundled(golang(github.com/containers/storage)) = v1.42.1_0.20220919112236_8a581aac3bdf Provides: bundled(golang(github.com/coreos/go_systemd)) = v0.0.0_20190719114852_fd7a80b32e1f -Provides: bundled(golang(github.com/coreos/go_systemd/v22)) = v22.5.0 +Provides: bundled(golang(github.com/coreos/go_systemd/v22)) = v22.4.0 Provides: bundled(golang(github.com/coreos/stream_metadata_go)) = v0.0.0_20210225230131_70edb9eb47b3 Provides: bundled(golang(github.com/cyphar/filepath_securejoin)) = v0.2.3 Provides: bundled(golang(github.com/davecgh/go_spew)) = v1.1.1 @@ -114,21 +115,22 @@ Provides: bundled(golang(github.com/digitalocean/go_libvirt)) = v0.0.0_202012091 Provides: bundled(golang(github.com/digitalocean/go_qemu)) = v0.0.0_20210326154740_ac9e0b687001 Provides: bundled(golang(github.com/disiqueira/gotree/v3)) = v3.0.2 Provides: bundled(golang(github.com/docker/distribution)) = v2.8.1+incompatible -Provides: bundled(golang(github.com/docker/docker)) = v20.10.22+incompatible -Provides: bundled(golang(github.com/docker/docker_credential_helpers)) = v0.7.0 +Provides: bundled(golang(github.com/docker/docker)) = v20.10.18+incompatible +Provides: bundled(golang(github.com/docker/docker_credential_helpers)) = v0.6.4 Provides: bundled(golang(github.com/docker/go_connections)) = v0.4.1_0.20210727194412_58542c764a11 Provides: bundled(golang(github.com/docker/go_plugins_helpers)) = v0.0.0_20211224144127_6eecb7beb651 Provides: bundled(golang(github.com/docker/go_units)) = v0.5.0 Provides: bundled(golang(github.com/felixge/httpsnoop)) = v1.0.3 -Provides: bundled(golang(github.com/fsnotify/fsnotify)) = v1.6.0 -Provides: bundled(golang(github.com/fsouza/go_dockerclient)) = v1.9.0 +Provides: bundled(golang(github.com/fsnotify/fsnotify)) = v1.5.4 +Provides: bundled(golang(github.com/fsouza/go_dockerclient)) = v1.8.3 Provides: bundled(golang(github.com/ghodss/yaml)) = v1.0.0 -Provides: bundled(golang(github.com/godbus/dbus/v5)) = v5.1.1_0.20221029134443_4b691ce883d5 +Provides: bundled(golang(github.com/go_task/slim_sprig)) = v0.0.0_20210107165309_348f09dbbbc0 +Provides: bundled(golang(github.com/godbus/dbus/v5)) = v5.1.0 Provides: bundled(golang(github.com/gogo/protobuf)) = v1.3.2 Provides: bundled(golang(github.com/golang/groupcache)) = v0.0.0_20210331224755_41bb18bfe9da Provides: bundled(golang(github.com/golang/protobuf)) = v1.5.2 Provides: bundled(golang(github.com/google/go_cmp)) = v0.5.9 -Provides: bundled(golang(github.com/google/go_containerregistry)) = v0.12.1 +Provides: bundled(golang(github.com/google/go_containerregistry)) = v0.11.0 Provides: bundled(golang(github.com/google/go_intervals)) = v0.0.2 Provides: bundled(golang(github.com/google/gofuzz)) = v1.2.0 Provides: bundled(golang(github.com/google/shlex)) = v0.0.0_20191202100458_e7afc7fbc510 @@ -139,15 +141,16 @@ Provides: bundled(golang(github.com/gorilla/schema)) = v1.2.0 Provides: bundled(golang(github.com/hashicorp/errwrap)) = v1.1.0 Provides: bundled(golang(github.com/hashicorp/go_multierror)) = v1.1.1 Provides: bundled(golang(github.com/imdario/mergo)) = v0.3.13 -Provides: bundled(golang(github.com/inconshreveable/mousetrap)) = v1.0.1 +Provides: bundled(golang(github.com/inconshreveable/mousetrap)) = v1.0.0 Provides: bundled(golang(github.com/jinzhu/copier)) = v0.3.5 Provides: bundled(golang(github.com/json_iterator/go)) = v1.1.12 -Provides: bundled(golang(github.com/klauspost/compress)) = v1.15.14 -Provides: bundled(golang(github.com/klauspost/pgzip)) = v1.2.6_0.20220930104621_17e8dac29df8 +Provides: bundled(golang(github.com/klauspost/compress)) = v1.15.10 +Provides: bundled(golang(github.com/klauspost/pgzip)) = v1.2.5 Provides: bundled(golang(github.com/kr/fs)) = v0.1.0 -Provides: bundled(golang(github.com/letsencrypt/boulder)) = v0.0.0_20221109233200_85aa52084eaf +Provides: bundled(golang(github.com/letsencrypt/boulder)) = v0.0.0_20220723181115_27de4befb95e Provides: bundled(golang(github.com/manifoldco/promptui)) = v0.9.0 -Provides: bundled(golang(github.com/mattn/go_runewidth)) = v0.0.14 +Provides: bundled(golang(github.com/mattn/go_isatty)) = v0.0.16 +Provides: bundled(golang(github.com/mattn/go_runewidth)) = v0.0.13 Provides: bundled(golang(github.com/mattn/go_shellwords)) = v1.0.12 Provides: bundled(golang(github.com/miekg/pkcs11)) = v1.1.1 Provides: bundled(golang(github.com/mistifyio/go_zfs/v3)) = v3.0.0 @@ -159,13 +162,13 @@ Provides: bundled(golang(github.com/modern_go/reflect2)) = v1.0.2 Provides: bundled(golang(github.com/morikuni/aec)) = v1.0.0 Provides: bundled(golang(github.com/nxadm/tail)) = v1.4.8 Provides: bundled(golang(github.com/onsi/ginkgo)) = v1.16.5 -Provides: bundled(golang(github.com/onsi/gomega)) = v1.24.2 +Provides: bundled(golang(github.com/onsi/gomega)) = v1.20.2 Provides: bundled(golang(github.com/opencontainers/go_digest)) = v1.0.0 -Provides: bundled(golang(github.com/opencontainers/image_spec)) = v1.1.0_rc2 +Provides: bundled(golang(github.com/opencontainers/image_spec)) = v1.0.3_0.20220114050600_8b9d41f48198 Provides: bundled(golang(github.com/opencontainers/runc)) = v1.1.4 -Provides: bundled(golang(github.com/opencontainers/runtime_spec)) = v1.0.3_0.20220825212826_86290f6a00fb -Provides: bundled(golang(github.com/opencontainers/runtime_tools)) = v0.9.1_0.20221014010322_58c91d646d86 -Provides: bundled(golang(github.com/opencontainers/selinux)) = v1.10.2 +Provides: bundled(golang(github.com/opencontainers/runtime_spec)) = v1.0.3_0.20211214071223_8958f93039ab +Provides: bundled(golang(github.com/opencontainers/runtime_tools)) = v0.9.1_0.20220714195903_17b3287fafb7 +Provides: bundled(golang(github.com/opencontainers/selinux)) = v1.10.1 Provides: bundled(golang(github.com/openshift/imagebuilder)) = v1.2.4_0.20220711175835_4151e43600df Provides: bundled(golang(github.com/ostreedev/ostree_go)) = v0.0.0_20210805093236_719684c64e4f Provides: bundled(golang(github.com/pkg/errors)) = v0.9.1 @@ -173,29 +176,32 @@ Provides: bundled(golang(github.com/pkg/sftp)) = v1.13.5 Provides: bundled(golang(github.com/pmezard/go_difflib)) = v1.0.0 Provides: bundled(golang(github.com/proglottis/gpgme)) = v0.1.3 Provides: bundled(golang(github.com/rivo/uniseg)) = v0.2.0 -Provides: bundled(golang(github.com/rootless_containers/rootlesskit)) = v1.1.0 +Provides: bundled(golang(github.com/rogpeppe/go_internal)) = v1.8.0 +Provides: bundled(golang(github.com/rootless_containers/rootlesskit)) = v1.0.1 Provides: bundled(golang(github.com/seccomp/libseccomp_golang)) = v0.10.0 -Provides: bundled(golang(github.com/sigstore/sigstore)) = v1.5.0 +Provides: bundled(golang(github.com/sigstore/sigstore)) = v1.4.1 Provides: bundled(golang(github.com/sirupsen/logrus)) = v1.9.0 -Provides: bundled(golang(github.com/spf13/cobra)) = v1.6.1 +Provides: bundled(golang(github.com/spf13/cobra)) = v1.5.0 Provides: bundled(golang(github.com/spf13/pflag)) = v1.0.5 Provides: bundled(golang(github.com/stefanberger/go_pkcs11uri)) = v0.0.0_20201008174630_78d3cae3a980 -Provides: bundled(golang(github.com/stretchr/testify)) = v1.8.1 -Provides: bundled(golang(github.com/sylabs/sif/v2)) = v2.9.0 +Provides: bundled(golang(github.com/stretchr/testify)) = v1.8.0 +Provides: bundled(golang(github.com/sylabs/sif/v2)) = v2.7.2 Provides: bundled(golang(github.com/syndtr/gocapability)) = v0.0.0_20200815063812_42c35b437635 Provides: bundled(golang(github.com/tchap/go_patricia)) = v2.3.0+incompatible -Provides: bundled(golang(github.com/theupdateframework/go_tuf)) = v0.5.2_0.20221207161717_9cb61d6e65f5 +Provides: bundled(golang(github.com/theupdateframework/go_tuf)) = v0.5.0 Provides: bundled(golang(github.com/titanous/rocacheck)) = v0.0.0_20171023193734_afe73141d399 Provides: bundled(golang(github.com/uber/jaeger_client_go)) = v2.30.0+incompatible -Provides: bundled(golang(github.com/ulikunitz/xz)) = v0.5.11 +Provides: bundled(golang(github.com/ulikunitz/xz)) = v0.5.10 Provides: bundled(golang(github.com/vbatts/tar_split)) = v0.11.2 Provides: bundled(golang(github.com/vbauerster/mpb/v7)) = v7.5.3 Provides: bundled(golang(github.com/vishvananda/netlink)) = v1.1.1_0.20220115184804_dd687eb2f2d4 Provides: bundled(golang(github.com/vishvananda/netns)) = v0.0.0_20210104183010_2eb08e3e575f +Provides: bundled(golang(github.com/vmihailenco/msgpack/v5)) = v5.3.5 Provides: bundled(golang(github.com/xeipuuv/gojsonpointer)) = v0.0.0_20190905194746_02993c407bfb Provides: bundled(golang(github.com/xeipuuv/gojsonreference)) = v0.0.0_20180127040603_bd5ef7bd5415 Provides: bundled(golang(github.com/xeipuuv/gojsonschema)) = v1.2.0 Provides: bundled(golang(sigs.k8s.io/yaml)) = v1.3.0 + %description %{name} (Pod Manager) is a fully featured container engine that is a simple daemonless tool. %{name} provides a Docker-CLI comparable command line that @@ -280,17 +286,6 @@ It is based on the network stack of gVisor. Compared to libslirp, gvisor-tap-vsock brings a configurable DNS server and dynamic port forwarding. -%package quadlet -Summary: Easily create systemd services using %{name} -Requires: %{name} = %{epoch}:%{version}-%{release} -Conflicts: quadlet - -%description quadlet -This package installs a systemd generator for *.container files in -/etc/containers/systemd. Such files are automatically converted into -systemd service units, allowing easily written and maintained -podman-based system services. - %prep %autosetup -Sgit -n %{name}-%{built_tag_strip} sed -i 's;@@PODMAN@@\;$(BINDIR);@@PODMAN@@\;%{_bindir};' Makefile @@ -329,21 +324,15 @@ LDFLAGS="-X %{import_path}/libpod/define.buildInfo=$(date +%s)" # build rootlessport first %gobuild -o bin/rootlessport %{import_path}/cmd/rootlessport -export BASEBUILDTAGS="seccomp exclude_graphdriver_devicemapper $(hack/selinux_tag.sh) $(hack/systemd_tag.sh) $(hack/libsubid_tag.sh)" - # build %%{name} -export BUILDTAGS="$BASEBUILDTAGS $(hack/btrfs_installed_tag.sh) $(hack/btrfs_tag.sh) $(hack/libdm_tag.sh)" +export BUILDTAGS="seccomp exclude_graphdriver_devicemapper $(hack/btrfs_installed_tag.sh) $(hack/btrfs_tag.sh) $(hack/libdm_tag.sh) $(hack/selinux_tag.sh) $(hack/systemd_tag.sh) $(hack/libsubid_tag.sh)" %gobuild -o bin/%{name} %{import_path}/cmd/%{name} # build %%{name}-remote -export BUILDTAGS="$BASEBUILDTAGS exclude_graphdriver_btrfs btrfs_noversion remote" +export BUILDTAGS="seccomp exclude_graphdriver_devicemapper exclude_graphdriver_btrfs btrfs_noversion $(hack/selinux_tag.sh) $(hack/systemd_tag.sh) $(hack/libsubid_tag.sh) remote" %gobuild -o bin/%{name}-remote %{import_path}/cmd/%{name} -# build quadlet -export BUILDTAGS="$BASEBUILDTAGS $(hack/btrfs_installed_tag.sh) $(hack/btrfs_tag.sh)" -%gobuild -o bin/quadlet %{import_path}/cmd/quadlet - cd %{repo_plugins}-%{commit_plugins} mkdir _build cd _build @@ -463,11 +452,5 @@ rm -f %{buildroot}%{_datadir}/user-tmpfiles.d/%{name}-docker.conf %dir %{_libexecdir}/%{name} %{_libexecdir}/%{name}/gvproxy -%files quadlet -%license LICENSE -%{_libexecdir}/%{name}/quadlet -%{_systemdgeneratordir}/%{name}-system-generator -%{_systemdusergeneratordir}/%{name}-user-generator - %changelog %autochangelog diff --git a/sources b/sources index 75652db..9b24543 100644 --- a/sources +++ b/sources @@ -1,3 +1,3 @@ SHA512 (dnsname-18822f9a4fb35d1349eb256f4cd2bfd372474d84.tar.gz) = de371722fbf18cd23b31485ee7ba36bb41d0d9a932d15e50872989c3ca1ff7246da63143c3725d81089fadda3821a54c18b22150d9d16005b07df6824f5f71f8 SHA512 (gvisor-tap-vsock-aab0ac9367fc5142f5857c36ac2352bcb3c60ab7.tar.gz) = e138125f0fad46f84afebad5769d4428cb29f24ce34e209b21689dc4409487bf2e946c9eb6551297baf36286c9be9a5310a77df4884563cfe247113980f18291 -SHA512 (v4.4.0-rc2.tar.gz) = c207d1bfe90c4d81638c88a1f08ee8441f8456f68736293bc4e17f88c116794cde99e46fcfca40c293f4264bd714b8d88fbeaffbb2012d2be7217d0bc5d4de54 +SHA512 (v4.3.1.tar.gz) = 907dafc6481cbcb7a9b6771c3682a88d6c3b055050c0a180f9ceb985c1a3826318056b62dd6d2859a2a23eba7aad4bf26404327d5479bde98658745fa7d88efa diff --git a/tests/test_podman_cgroups_vn.yml b/tests/test_podman_cgroups_vn.yml index 5d48663..f069182 100644 --- a/tests/test_podman_cgroups_vn.yml +++ b/tests/test_podman_cgroups_vn.yml @@ -12,10 +12,8 @@ package: podman environment: PODMAN: /usr/bin/podman - QUADLET: /usr/libexec/podman/quadlet - name: podman rootless cgroupsv{{ want_cgroups }} package: podman environment: PODMAN: /usr/bin/podman - QUADLET: /usr/libexec/podman/quadlet become: true diff --git a/tests/test_podman_remote.yml b/tests/test_podman_remote.yml index 204d137..8c61093 100644 --- a/tests/test_podman_remote.yml +++ b/tests/test_podman_remote.yml @@ -10,10 +10,8 @@ package: podman environment: PODMAN: /usr/bin/podman-remote - QUADLET: /usr/libexec/podman/quadlet - name: podman-remote rootless package: podman environment: PODMAN: /usr/bin/podman-remote - QUADLET: /usr/libexec/podman/quadlet become: true