libpod (3.4.4+ds1-1ubuntu1.22.04.2) jammy-security; urgency=medium * SECURITY UPDATE: Incorrect handling of the supplementary groups - debian/patches/CVE-2022-2989.patch: Add container GID to additional groups in libpod/container_internal_linux.go, pkg/specgen/namespaces.go, test/e2e/run_test.go. - CVE-2022-2989 -- Leonidas Da Silva Barbosa Tue, 15 Aug 2023 12:08:54 -0300 libpod (3.4.4+ds1-1ubuntu1.22.04.1) jammy-security; urgency=medium * Add d/p/lp-2007972-play-kube-don-t-force-pull-infra-image.patch to prevent play kube from unwanted force-pull of infra image and with that unwanted (untrusted) k8s pause (LP: #2007972). -- Frank Heimes Wed, 22 Feb 2023 10:46:22 +0100 libpod (3.4.4+ds1-1ubuntu1) jammy; urgency=medium * Merge from Debian unstable. Remaining changes: - docker.io package in ubuntu installs some sources into different locations, work around that in debian/rules -- Reinhard Tartler Sun, 23 Jan 2022 14:04:53 -0500 libpod (3.4.4+ds1-1) unstable; urgency=medium * New upstream release Confirming that CVE-2021-4024 is fixed in 3.4.3, Closes: #1000844 -- Reinhard Tartler Sat, 25 Dec 2021 19:48:14 -0500 libpod (3.4.3+ds1-1) unstable; urgency=medium * New upstream release, Closes: #1001321 - podman machine spawns gvproxy with port binded to all IPs, Closes: #1000844 -- Reinhard Tartler Fri, 24 Dec 2021 14:40:01 -0500 libpod (3.4.2+ds1-1) unstable; urgency=medium * New upstream release * Compile against system github.com/dtylman/scp * Revert upstream commit that requires newer godbus than we currently have in unstable -- Reinhard Tartler Wed, 17 Nov 2021 14:30:31 -0500 libpod (3.4.1+ds1-2) unstable; urgency=medium * Upload to unstable * podman: Install tmpfiles.d/podman.conf, Closes: #995586 -- Reinhard Tartler Tue, 26 Oct 2021 18:20:56 -0400 libpod (3.4.1+ds1-1) experimental; urgency=medium * New upstream release -- Reinhard Tartler Mon, 25 Oct 2021 13:58:58 -0400 libpod (3.4.0+ds1-1) experimental; urgency=medium * New upstream release -- Reinhard Tartler Fri, 08 Oct 2021 16:19:40 -0400 libpod (3.3.1+ds2-1) unstable; urgency=medium * New upstream release - drop coreos/{go-iptables,go-systemd} * Drop unneeded dependency on golang-github-openshift-api-dev * Bump Standards-Version, no changes needed -- Reinhard Tartler Tue, 07 Sep 2021 11:53:40 +0200 libpod (3.3.0+ds2-2) unstable; urgency=medium * Apply missing patches that were forgotten in the last merge from experimental: - Prefer crun over runc - Add depends in iptables * Upstream improved documentation on requirements for rootless, Closes: #983395 -- Reinhard Tartler Sat, 04 Sep 2021 18:57:31 +0200 libpod (3.3.0+ds2-1) unstable; urgency=medium * New upstream release, Closes: #992138, #992142 -- Reinhard Tartler Mon, 30 Aug 2021 12:37:34 +0200 libpod (3.2.3+ds1-1) experimental; urgency=medium * New upstream releases, Closes: #991197 * Bump dependency on golang-github-containers-common,buildah -- Reinhard Tartler Tue, 20 Jul 2021 18:22:50 -0400 libpod (3.2.2+ds1-1) experimental; urgency=medium * New upstream releases, Closes: #990333 * Bump dependency on golang-github-containers-common -- Reinhard Tartler Mon, 28 Jun 2021 08:15:51 -0400 libpod (3.2.1+ds1-2) experimental; urgency=medium * Provide 'podman-docker' package, Closes: #984770 * Tighten build dependency on golang-golang-x-net-dev -- Reinhard Tartler Tue, 15 Jun 2021 13:41:46 -0400 libpod (3.2.1+ds1-1) experimental; urgency=medium * New upstream release * Tighten build-depends on golang-github-containers-common-dev and golang-github-containers-buildah-dev -- Reinhard Tartler Mon, 14 Jun 2021 14:08:01 -0400 libpod (3.2.0+ds5-2) experimental; urgency=medium * Add patch from upstream to fix FTBFS on !(arm64, amd64) -- Reinhard Tartler Sat, 12 Jun 2021 07:07:45 -0400 libpod (3.2.0+ds5-1) experimental; urgency=medium * New upstream release * Install zsh completions (Closes: #989411) * Disable LTO, cf. https://wiki.debian.org/ToolChain/LTO -- Reinhard Tartler Tue, 08 Jun 2021 17:33:43 -0400 libpod (3.1.2+ds1-2) experimental; urgency=medium * add missing vendored files included in tarball * (explicitly) build-depend on golang-github-moby-term-dev -- Reinhard Tartler Mon, 31 May 2021 09:55:52 -0400 libpod (3.1.2+ds1-1) experimental; urgency=medium * New upstream release * Drop dependency on golang-github-seccomp-containers-golang-dev, Closes: #988445 -- Reinhard Tartler Fri, 28 May 2021 17:57:28 -0400 libpod (3.1.0+ds1-1) experimental; urgency=medium * New upstream release * Reorganized git source layout. Drop a number of vendored libraries (in favor of versions from the Debian archive) - github.com/go-logr/logr - github.com/moby/term - github.com/nxadm/tail - github.com/willf/bitset - go.etcd.io/bbolt - google.golang.org/protobuf -- Reinhard Tartler Sat, 03 Apr 2021 16:28:54 -0400 libpod (3.0.1+dfsg1-3) unstable; urgency=medium * Add networking-lookup-child-IP-in-networks.patch, fixes rootless connection issue "Connection reset by peer", Closes: #989803 -- Reinhard Tartler Sun, 13 Jun 2021 18:28:49 -0400 libpod (3.0.1+dfsg1-2) unstable; urgency=medium * Prefer crun over runc, Closes: #985379 * Add depends in iptables, Closes: #987207 -- Reinhard Tartler Wed, 21 Apr 2021 17:36:07 -0400 libpod (3.0.1+dfsg1-1) unstable; urgency=medium * New upstream release * debian/control: tighten dependencies * drop inspect-volume-data.patch, merged upstream * Use packaged version of ocicrypt -- Reinhard Tartler Wed, 24 Feb 2021 06:46:17 -0500 libpod (3.0.0+dfsg1-2ubuntu4) hirsute; urgency=medium * Tighten dependency on golang-golang-x-net (>> 1:0.0+git20210119) -- Reinhard Tartler Sun, 21 Feb 2021 08:27:28 -0500 libpod (3.0.0+dfsg1-2ubuntu2) hirsute; urgency=medium * Avoid building golang-github-containers-libpod-dev - Because docker.io vendors golang modules differently, this package is not usable on ubuntu anyways. -- Reinhard Tartler Sat, 20 Feb 2021 11:52:11 -0500 libpod (3.0.0+dfsg1-2ubuntu1) hirsute; urgency=medium * Merge from Debian unstable. Remaining changes: - docker.io package in ubuntu installs some sources into different locations, work around that in debian/rules -- Reinhard Tartler Wed, 17 Feb 2021 20:26:23 -0500 libpod (3.0.0+dfsg1-2) unstable; urgency=medium * Adjust dependencies on containers/{storage,image,common,buildah} as discussed with upstream -- Reinhard Tartler Fri, 12 Feb 2021 08:42:39 -0500 libpod (3.0.0+dfsg1-1) unstable; urgency=medium * New upstream release -- Reinhard Tartler Fri, 12 Feb 2021 06:12:02 -0500 libpod (3.0.0~rc3+dfsg1-1) experimental; urgency=medium * New upstream release * Cleanup varlink service, closes: #981708 * Tighten dependency on buildah to pickup fix for caching bug, closes: #982467 -- Reinhard Tartler Wed, 10 Feb 2021 06:54:28 -0500 libpod (3.0.0~rc2+dfsg1-2) unstable; urgency=medium * Upload to unstable -- Reinhard Tartler Tue, 02 Feb 2021 17:21:00 -0500 libpod (3.0.0~rc2+dfsg1-1) experimental; urgency=medium * New upstream release * Install auto-update systemd units * debian/copyright: more updates * Install auto-update systemd units * systemd: Don't enable podman-auto-update.service in default.target (Closes: #981097) * Pass buildtags also go test invocation to unbreak autopkgtests when run as root -- Reinhard Tartler Sat, 30 Jan 2021 22:17:33 -0500 libpod (3.0.0~rc1+dfsg1-1) experimental; urgency=medium * New upstream version * Drop varlink references, dropped upstream * Remove confusing line (Closes: #980480) -- Reinhard Tartler Sun, 24 Jan 2021 11:16:44 -0500 libpod (2.2.1+dfsg1-1) experimental; urgency=medium * New upstream version * drop cobra-spf13-api.patch, no longer needed * Rely on upstream's build scripts to install manpages (Closes: #977502) * Remove conflicting manpage container-mounts(5), Closes: #977502 * drop old-docker-api.patch, no longer needed -- Reinhard Tartler Fri, 18 Dec 2020 07:16:27 -0500 libpod (2.2.0+dfsg1-1) experimental; urgency=medium * debian/changelog: Bump to libpod 2.2.0 * Refresh distro patches * debian/control: Tighten build-dependency on buildah * add cobra-spf13-api.patch * debian/copyright: manual updates * podman: Add depends on golang-github-containernetworking-plugin-dnsname -- Reinhard Tartler Tue, 08 Dec 2020 15:45:22 -0500 libpod (2.1.1+dfsg1-7) unstable; urgency=medium * Pass buildtags also go test invocation to unbreak autopkgtests on machines that run as real root. -- Reinhard Tartler Mon, 01 Feb 2021 06:43:56 -0500 libpod (2.1.1+dfsg1-6) unstable; urgency=medium * debian/rules: Remove confusing line (Closes: #980480) * systemd: Don't enable podman-auto-update.service in default.target (Closes: #981097) -- Reinhard Tartler Tue, 26 Jan 2021 21:51:00 -0500 libpod (2.1.1+dfsg1-5) unstable; urgency=medium * Install auto-update systemd units -- Reinhard Tartler Mon, 25 Jan 2021 07:49:44 -0500 libpod (2.1.1+dfsg1-4ubuntu1) hirsute; urgency=medium * Merge from Debian unstable. Remaining changes: - docker.io package in ubuntu installs some sources into different locations, work around that in debian/rules -- Reinhard Tartler Thu, 21 Jan 2021 11:03:01 -0500 libpod (2.1.1+dfsg1-4) unstable; urgency=medium * Ignore containers.conf sysctl when namespaces set to host (Closes: #979313) -- Reinhard Tartler Wed, 06 Jan 2021 20:48:36 -0500 libpod (2.1.1+dfsg1-3) unstable; urgency=medium [ Dmitry Smirnov ] * Tightened versioned dependency on "containernetworking-plugins". [ Reinhard Tartler ] * debian/copyright: various cleanups * Fix handling of Ambient/Inheritable caps for non root user, Closes: #977717 * Rely on upstream's build scripts to install manpages * Remove conflicting manpage container-mounts(5), Closes: #977502 -- Reinhard Tartler Tue, 22 Dec 2020 13:00:57 -0500 libpod (2.1.1+dfsg1-2) unstable; urgency=medium [ Reinhard Tartler ] * Install runc by default, Closes: #971253 * Builds against structured-merge-diff/v4, Closes: #976410 [ Antonio Terceiro ] * Recommend catatonit before the other inits (Closes: #971815) -- Reinhard Tartler Mon, 07 Dec 2020 06:56:09 -0500 libpod (2.1.1+dfsg1-1) unstable; urgency=medium [ Reinhard Tartler ] * New upstream release: 2.1.1 * golang-github-containers-libpod-dev: expose golang sources * debian/copyright: update using cme update dpkg-copyright [ Arnaud Rebillout ] * Unvendor sigs.k8s.io/yaml -- Reinhard Tartler Fri, 27 Nov 2020 12:45:58 -0500 libpod (2.0.6+dfsg1-2ubuntu1) hirsute; urgency=low * Merge from Debian unstable. Remaining changes: - docker.io package in ubuntu installs some sources into different locations, work around that in debian/rules - allow building with older runc -- Steve Langasek Mon, 30 Nov 2020 12:57:54 -0800 libpod (2.0.6+dfsg1-2) unstable; urgency=medium * Restored io.podman/varlink interface, which is still in use by nomad-driver-podman. -- Dmitry Smirnov Thu, 22 Oct 2020 21:33:07 +1100 libpod (2.0.6+dfsg1-1ubuntu2) hirsute; urgency=medium * No-change rebuild using new golang -- Steve Langasek Wed, 11 Nov 2020 22:19:18 +0000 libpod (2.0.6+dfsg1-1ubuntu1) groovy; urgency=low * Merge from Debian unstable. Remaining changes: - docker.io package in ubuntu installs some sources into different locations, work around that in debian/rules - allow building with older runc -- Reinhard Tartler Fri, 18 Sep 2020 13:52:59 -0400 libpod (2.0.6+dfsg1-1) unstable; urgency=medium * New upstream release * debian/copyright: cleanups * drop malformed lintian override * Bump standard version, no changes needed -- Reinhard Tartler Mon, 14 Sep 2020 15:35:01 -0400 libpod (2.0.4+dfsg2-5) unstable; urgency=medium * Team upload. * Upload to unstable -- Shengjing Zhu Sun, 23 Aug 2020 02:42:00 +0800 libpod (2.0.4+dfsg2-4) experimental; urgency=medium * Team upload. * Tighten buildah Build-Depends version -- Shengjing Zhu Thu, 20 Aug 2020 02:54:27 +0800 libpod (2.0.4+dfsg2-3) experimental; urgency=medium * Team upload. [ Reinhard Tartler ] * Add more notes on how to get started with Debian kernels [ Shengjing Zhu ] * Add patch to fix build with new runc -- Shengjing Zhu Thu, 20 Aug 2020 01:00:02 +0800 libpod (2.0.4+dfsg2-2) unstable; urgency=medium [ Martin Pitt ] * Bump conmon dependency [ Dmitry Smirnov ] * Harmonize repacksuffix to fix CI. * Tighten recommendation on fuse-overlayfs (>= 1.0.0~). [ Reinhard Tartler ] * Bug fix: "Breaks docker", thanks to Jan Hudec (Closes: #968207). - No longer create symlink /run/docker.sock to avoid interfering with the docker daemon. Users that wish to replace the docker daemon with podman are advised to install the symlink themselves and arrange appropriate permissions for podman.sock. -- Reinhard Tartler Tue, 11 Aug 2020 07:41:44 -0400 libpod (2.0.4+dfsg2-1ubuntu1) groovy; urgency=low * Merge from Debian unstable. Remaining changes: - docker.io package in ubuntu installs some sources into different locations, work around that in debian/rules -- Reinhard Tartler Tue, 04 Aug 2020 07:01:48 -0400 libpod (2.0.4+dfsg2-1) unstable; urgency=medium * Vendor in protobuf 3 to workaround #961814 * Remove "insanity workaround" related to protobuf * Hand in forgotten changelog entry in 2.0.4+dfsg1-1 -- Reinhard Tartler Mon, 03 Aug 2020 07:20:45 -0400 libpod (2.0.4+dfsg1-1) unstable; urgency=medium * New upstream release * No longer install /etc/containers/libpod.conf (Closes: #961016) This file is deprecated in version 2.0 and is superseeded by /etc/containers/containers.conf, which is provided by the golang-github-containers-common package. The old file hardcodes a default OCI runtime that breaks in default installations. * Fixed REST API regression (Closes: #966501) -- Reinhard Tartler Thu, 30 Jul 2020 07:12:41 -0400 libpod (2.0.3+dfsg1-1ubuntu1) groovy; urgency=low * Merge from Debian unstable. Remaining changes: - docker.io package in ubuntu installs some sources into different locations, work around that in debian/rules -- Reinhard Tartler Wed, 29 Jul 2020 13:24:08 -0400 libpod (2.0.3+dfsg1-1) unstable; urgency=medium * Team upload. * New upstream release * Install systemd helper files in favor of varlink (Closes: #966118) -- Reinhard Tartler Sun, 26 Jul 2020 10:53:39 -0400 libpod (2.0.2+dfsg1-3ubuntu1) groovy; urgency=low * Merge from Debian unstable. Remaining changes: - docker.io package in ubuntu installs some sources into different locations, work around that in debian/rules -- Reinhard Tartler Sat, 25 Jul 2020 10:07:52 -0400 libpod (2.0.2+dfsg1-3) unstable; urgency=medium * Team upload. * Upload to unstable. -- Reinhard Tartler Mon, 20 Jul 2020 10:18:00 -0400 libpod (2.0.2+dfsg1-2) experimental; urgency=medium * Team upload. * debian/rules: Add XDG_RUNTIME_DIR settings on build - Based on debian/rules from the ibus package, unbreaks testsuite on many buildds -- Reinhard Tartler Fri, 17 Jul 2020 06:56:20 -0400 libpod (2.0.2+dfsg1-1) experimental; urgency=medium * Team upload. * New upstream version, Closes: #964378 -- Reinhard Tartler Thu, 16 Jul 2020 18:06:15 -0400 libpod (1.6.4+dfsg1-4) unstable; urgency=medium * Team upload. * Rename golang-x-text-dev to golang-golang-x-text-dev -- Shengjing Zhu Sun, 12 Jul 2020 18:51:51 +0800 libpod (1.6.4+dfsg1-3ubuntu1) groovy; urgency=medium * Work around differences of github-golang-docker-docker-dev vendored libraries in Debian and tighten build-dependency -- Reinhard Tartler Sat, 30 May 2020 08:59:54 -0400 libpod (1.6.4+dfsg1-3) unstable; urgency=high * Team upload. * Do not copy up when volume is not empty CVE-2020-1726, Closes: #961421 -- Reinhard Tartler Thu, 28 May 2020 17:24:41 -0400 libpod (1.6.4+dfsg1-2) unstable; urgency=medium * Un-vendored "golang-github-checkpoint-restore-go-criu-dev". * Tightened dependency: "conmon (>= 2.0.2~)". * rules: + Golang insanity workaround. + Removed obsolete "containers_image_ostree" build tag. -- Dmitry Smirnov Tue, 14 Jan 2020 10:56:58 +1100 libpod (1.6.4+dfsg-1) unstable; urgency=medium * New upstream release. * Install "seccomp.json". * Install tutorials. * Un-vendored "openshift/api" library. * Build-Depends: - golang-github-boltdb-bolt-dev + golang-github-coreos-bbolt-dev (>= 1.3.3~) - golang-github-containerd-continuity-dev = golang-github-containers-buildah-dev (>= 1.11.6~) = golang-github-containers-image-dev (>= 5.0.0~) + golang-github-openshift-api-dev -- Dmitry Smirnov Fri, 03 Jan 2020 08:36:51 +1100 libpod (1.6.2+dfsg-3) unstable; urgency=medium * Install annotated CNI examples. * Replaced default CNI "bridge" policy with "ptp". -- Dmitry Smirnov Tue, 31 Dec 2019 12:07:07 +1100 libpod (1.6.2+dfsg-2) unstable; urgency=medium * Added note about "swapaccount" to README.Debian. * libpod.conf: prefer "crun" over "runc". * Tightened "fuse-overlayfs" dependency. * Only install "registries.conf" example but not conf file. * Use "tini-static" for "init_path" built-in default instead of "catatonit". * Added "buildah" to Recommends since it provides "containers/image" man pages. * Standards-Version: 4.4.1 -- Dmitry Smirnov Sun, 29 Dec 2019 20:49:01 +1100 libpod (1.6.2+dfsg-1) unstable; urgency=medium * Initial release (Closes: #930440). -- Dmitry Smirnov Tue, 12 Nov 2019 13:29:33 +1100