Package: libpod / 3.0.1+dfsg1-3+deb11u5

Metadata

Package Version Patches format
libpod 3.0.1+dfsg1-3+deb11u5 3.0 (quilt)

Patch series

view the series file
Patch File delta Description
test skip TestPostDeleteHooks.patch | (download)

libpod/container_internal_test.go | 1 1 + 0 - 0 !
1 file changed, 1 insertion(+)

 
 disable failing test
~~~~
 FAIL: TestPostDeleteHooks (0.00s)
    FAIL: TestPostDeleteHooks//tmp/libpod_test_150902934/state (0.00s)
        container_internal_test.go:70:
            Error Trace:    container_internal_test.go:70
            Error:          Expect "{"ociVersion":"1.0.1","id":"123abc","status":"stopped","bundle":"/tmp/libpod_test_150902934","annotations":{"a":"b"}}" to match "{"ociVersion":"1\.0\.1-dev","id":"123abc","status":"stopped","bundle":"/tmp/libpod_test_[0-9]*","annotations":{"a":"b"}}"
            Test:           TestPostDeleteHooks//tmp/libpod_test_150902934/state
    FAIL: TestPostDeleteHooks//tmp/libpod_test_150902934/copy (0.00s)
        container_internal_test.go:70:
            Error Trace:    container_internal_test.go:70
            Error:          Expect "{"ociVersion":"1.0.1","id":"123abc","status":"stopped","bundle":"/tmp/libpod_test_150902934","annotations":{"a":"b"}}" to match "{"ociVersion":"1\.0\.1-dev","id":"123abc","status":"stopped","bundle":"/tmp/libpod_test_[0-9]*","annotations":{"a":"b"}}"
            Test:           TestPostDeleteHooks//tmp/libpod_test_150902934/copy
 FAIL: TestMergeEmptyAndDefaultMemoryConfig (0.00s)
    config_test.go:30:
                Error Trace:    config_test.go:30
                Error:          Expected value not to be nil.
                Test:           TestMergeEmptyAndDefaultMemoryConfig
    config_test.go:31:
                Error Trace:    config_test.go:31
                Error:          Expected nil, but got: cannot mkdir /run/user/1000/libpod: mkdir /run/user/1000/libpod: no such file or directory
                Test:           TestMergeEmptyAndDefaultMemoryConfig
~~~~
rm containers mounts 5.patch | (download)

docs/source/markdown/containers-mounts.conf.5.md | 16 0 + 16 - 0 !
1 file changed, 16 deletions(-)

 
 remove conflicting manpage
Bug-Debian: https://bugs.debian.org/977502
systemd tweaks.patch | (download)

contrib/systemd/auto-update/podman-auto-update.service | 2 1 + 1 - 0 !
1 file changed, 1 insertion(+), 1 deletion(-)

 
 please don't enable podman-auto-update.service in default.target
Date: Tue, 26 Jan 2021 11:46:06 +0100
Bugs-Debian: https://bugs.debian.org/981097
networking lookup child IP in networks.patch | (download)

libpod/networking_linux.go | 14 13 + 1 - 0 !
test/system/500-networking.bats | 22 22 + 0 - 0 !
2 files changed, 35 insertions(+), 1 deletion(-)

 
---
0001 do not set the inheritable capabilities.patch | (download)

libpod/oci_conmon_linux.go | 7 5 + 2 - 0 !
pkg/specgen/generate/security.go | 7 5 + 2 - 0 !
test/e2e/run_test.go | 6 3 + 3 - 0 !
3 files changed, 13 insertions(+), 7 deletions(-)

 
 [patch] do not set the inheritable capabilities

The kernel never sets the inheritable capabilities for a process, they
are only set by userspace.  Emulate the same behavior.

Closes: CVE-2022-27649

(backported from upstream commit 7b368768c2990b9781b2b6813e1c7f91c7e6cb13)
CVE 2022 2989 Add container GID to additional groups.patch | (download)

libpod/container_internal_linux.go | 1 1 + 0 - 0 !
pkg/specgen/generate/namespaces.go | 1 1 + 0 - 0 !
test/e2e/run_test.go | 14 11 + 3 - 0 !
3 files changed, 13 insertions(+), 3 deletions(-)

 
 [patch] add container gid to additional groups

Mitigates a potential permissions issue. Mirrors Buildah PR #4200
and CRI-O PR #6159.

Cherry-pick conflicts for v3.0.1-rhel branch have been addressed.

Signed-off-by: Matthew Heon <mheon@redhat.com>