diff --git a/.buildah.metadata b/.buildah.metadata new file mode 100644 index 0000000..ca2a784 --- /dev/null +++ b/.buildah.metadata @@ -0,0 +1 @@ +da35ceecbee25d37313869956f602161fc282153 SOURCES/buildah-9513cb8.tar.gz diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..dc35543 --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +SOURCES/buildah-9513cb8.tar.gz diff --git a/SOURCES/1996.patch b/SOURCES/1996.patch new file mode 100644 index 0000000..fd565dd --- /dev/null +++ b/SOURCES/1996.patch @@ -0,0 +1,153 @@ +From f09346578021c12069b6deb9487a1462b8d28a83 Mon Sep 17 00:00:00 2001 +From: Nalin Dahyabhai +Date: Thu, 21 Nov 2019 15:32:41 -0500 +Subject: [PATCH 1/3] bind: don't complain about missing mountpoints + +When we go to unmount a tree of mounts, if one of the directories isn't +there, instead of returning an error as before, log a debug message and +keep going. + +Signed-off-by: Nalin Dahyabhai +--- + bind/mount.go | 4 ++++ + 1 file changed, 4 insertions(+) + +diff --git a/bind/mount.go b/bind/mount.go +index e1ae323b9..adde901fd 100644 +--- a/bind/mount.go ++++ b/bind/mount.go +@@ -264,6 +264,10 @@ func UnmountMountpoints(mountpoint string, mountpointsToRemove []string) error { + mount := getMountByID(id) + // check if this mountpoint is mounted + if err := unix.Lstat(mount.Mountpoint, &st); err != nil { ++ if os.IsNotExist(err) { ++ logrus.Debugf("mountpoint %q is not present(?), skipping", mount.Mountpoint) ++ continue ++ } + return errors.Wrapf(err, "error checking if %q is mounted", mount.Mountpoint) + } + if mount.Major != int(unix.Major(st.Dev)) || mount.Minor != int(unix.Minor(st.Dev)) { + +From c5fb681a6082b78c422eb3531667dc6d607a9355 Mon Sep 17 00:00:00 2001 +From: Nalin Dahyabhai +Date: Fri, 22 Nov 2019 14:22:26 -0500 +Subject: [PATCH 2/3] chroot: Unmount with MNT_DETACH instead of + UnmountMountpoints() + +Unmounting the rootfs with MNT_DETACH should unmount everything below +it, so we don't need to use the more exhaustive method that our bind +package uses for its bind mounts. + +Signed-off-by: Nalin Dahyabhai +--- + chroot/run.go | 25 +++++++++++++++---------- + 1 file changed, 15 insertions(+), 10 deletions(-) + +diff --git a/chroot/run.go b/chroot/run.go +index fbccbcdb0..76ac78d1f 100644 +--- a/chroot/run.go ++++ b/chroot/run.go +@@ -15,6 +15,7 @@ import ( + "strings" + "sync" + "syscall" ++ "time" + "unsafe" + + "github.com/containers/buildah/bind" +@@ -1002,12 +1003,19 @@ func isDevNull(dev os.FileInfo) bool { + // callback that will clean up its work. + func setupChrootBindMounts(spec *specs.Spec, bundlePath string) (undoBinds func() error, err error) { + var fs unix.Statfs_t +- removes := []string{} + undoBinds = func() error { +- if err2 := bind.UnmountMountpoints(spec.Root.Path, removes); err2 != nil { +- logrus.Warnf("pkg/chroot: error unmounting %q: %v", spec.Root.Path, err2) +- if err == nil { +- err = err2 ++ if err2 := unix.Unmount(spec.Root.Path, unix.MNT_DETACH); err2 != nil { ++ retries := 0 ++ for (err2 == unix.EBUSY || err2 == unix.EAGAIN) && retries < 50 { ++ time.Sleep(50 * time.Millisecond) ++ err2 = unix.Unmount(spec.Root.Path, unix.MNT_DETACH) ++ retries++ ++ } ++ if err2 != nil { ++ logrus.Warnf("pkg/chroot: error unmounting %q (retried %d times): %v", spec.Root.Path, retries, err2) ++ if err == nil { ++ err = err2 ++ } + } + } + return err +@@ -1096,6 +1104,7 @@ func setupChrootBindMounts(spec *specs.Spec, bundlePath string) (undoBinds func( + // Add /sys/fs/selinux to the set of masked paths, to ensure that we don't have processes + // attempting to interact with labeling, when they aren't allowed to do so. + spec.Linux.MaskedPaths = append(spec.Linux.MaskedPaths, "/sys/fs/selinux") ++ + // Bind mount in everything we've been asked to mount. + for _, m := range spec.Mounts { + // Skip anything that we just mounted. +@@ -1141,13 +1150,11 @@ func setupChrootBindMounts(spec *specs.Spec, bundlePath string) (undoBinds func( + if !os.IsNotExist(err) { + return undoBinds, errors.Wrapf(err, "error examining %q for mounting in mount namespace", target) + } +- // The target isn't there yet, so create it, and make a +- // note to remove it later. ++ // The target isn't there yet, so create it. + if srcinfo.IsDir() { + if err = os.MkdirAll(target, 0111); err != nil { + return undoBinds, errors.Wrapf(err, "error creating mountpoint %q in mount namespace", target) + } +- removes = append(removes, target) + } else { + if err = os.MkdirAll(filepath.Dir(target), 0111); err != nil { + return undoBinds, errors.Wrapf(err, "error ensuring parent of mountpoint %q (%q) is present in mount namespace", target, filepath.Dir(target)) +@@ -1157,7 +1164,6 @@ func setupChrootBindMounts(spec *specs.Spec, bundlePath string) (undoBinds func( + return undoBinds, errors.Wrapf(err, "error creating mountpoint %q in mount namespace", target) + } + file.Close() +- removes = append(removes, target) + } + } + requestFlags := bindFlags +@@ -1266,7 +1272,6 @@ func setupChrootBindMounts(spec *specs.Spec, bundlePath string) (undoBinds func( + if err := os.Mkdir(roEmptyDir, 0700); err != nil { + return undoBinds, errors.Wrapf(err, "error creating empty directory %q", roEmptyDir) + } +- removes = append(removes, roEmptyDir) + } + + // Set up any masked paths that we need to. If we're running inside of + +From ec1be6a51941e10b5316c911ef97c88940f7c095 Mon Sep 17 00:00:00 2001 +From: Nalin Dahyabhai +Date: Fri, 22 Nov 2019 14:52:25 -0500 +Subject: [PATCH 3/3] overlay.bats typo: fuse-overlays should be fuse-overlayfs + +Signed-off-by: Nalin Dahyabhai +--- + tests/overlay.bats | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/tests/overlay.bats b/tests/overlay.bats +index 04056f680..7cc2d0c62 100644 +--- a/tests/overlay.bats ++++ b/tests/overlay.bats +@@ -3,14 +3,14 @@ + load helpers + + @test "overlay specific level" { +- if test \! -e /usr/bin/fuse-overlays -a "$BUILDAH_ISOLATION" = "rootless"; then ++ if test \! -e /usr/bin/fuse-overlayfs -a "$BUILDAH_ISOLATION" = "rootless"; then + skip "BUILDAH_ISOLATION = $BUILDAH_ISOLATION" and no /usr/bin/fuse-overlayfs present + fi + image=alpine + mkdir ${TESTDIR}/lower + touch ${TESTDIR}/lower/foo + +-cid=$(buildah --log-level=error from -v ${TESTDIR}/lower:/lower:O --quiet --signature-policy ${TESTSDIR}/policy.json $image) ++ cid=$(buildah --log-level=error from -v ${TESTDIR}/lower:/lower:O --quiet --signature-policy ${TESTSDIR}/policy.json $image) + + # This should succeed + run_buildah --log-level=error run $cid ls /lower/foo diff --git a/SOURCES/2031.patch b/SOURCES/2031.patch new file mode 100644 index 0000000..b674e80 --- /dev/null +++ b/SOURCES/2031.patch @@ -0,0 +1,147 @@ +From fb7d2b6bd6a16ffdbe4a69428e3ba5b487719e78 Mon Sep 17 00:00:00 2001 +From: Daniel J Walsh +Date: Tue, 17 Dec 2019 15:24:29 -0500 +Subject: [PATCH] Add support for FIPS-Mode backends + +If host is running in fips mode, then RHEL8.2 and beyond container images +will come with a directory /usr/share/crypto-policies/back-ends/FIPS. +This directory needs to be bind mounted over /etc/crypto-policies/back-ends in +order to make all tools in the container follow the FIPS Mode rules. + +Signed-off-by: Daniel J Walsh +--- + pkg/secrets/secrets.go | 48 +++++++++++++++++++++++++++++++++--------- + run_linux.go | 2 +- + 2 files changed, 39 insertions(+), 11 deletions(-) + +diff --git a/pkg/secrets/secrets.go b/pkg/secrets/secrets.go +index 80ca05016..ee2e9a7c8 100644 +--- a/pkg/secrets/secrets.go ++++ b/pkg/secrets/secrets.go +@@ -148,12 +148,21 @@ func getMountsMap(path string) (string, string, error) { + } + + // SecretMounts copies, adds, and mounts the secrets to the container root filesystem ++// Deprecated, Please use SecretMountWithUIDGID + func SecretMounts(mountLabel, containerWorkingDir, mountFile string, rootless, disableFips bool) []rspec.Mount { + return SecretMountsWithUIDGID(mountLabel, containerWorkingDir, mountFile, containerWorkingDir, 0, 0, rootless, disableFips) + } + +-// SecretMountsWithUIDGID specifies the uid/gid of the owner +-func SecretMountsWithUIDGID(mountLabel, containerWorkingDir, mountFile, mountPrefix string, uid, gid int, rootless, disableFips bool) []rspec.Mount { ++// SecretMountsWithUIDGID copies, adds, and mounts the secrets to the container root filesystem ++// mountLabel: MAC/SELinux label for container content ++// containerWorkingDir: Private data for storing secrets on the host mounted in container. ++// mountFile: Additional mount points required for the container. ++// mountPoint: Container image mountpoint ++// uid: to assign to content created for secrets ++// gid: to assign to content created for secrets ++// rootless: indicates whether container is running in rootless mode ++// disableFips: indicates whether system should ignore fips mode ++func SecretMountsWithUIDGID(mountLabel, containerWorkingDir, mountFile, mountPoint string, uid, gid int, rootless, disableFips bool) []rspec.Mount { + var ( + secretMounts []rspec.Mount + mountFiles []string +@@ -171,7 +180,7 @@ func SecretMountsWithUIDGID(mountLabel, containerWorkingDir, mountFile, mountPre + } + for _, file := range mountFiles { + if _, err := os.Stat(file); err == nil { +- mounts, err := addSecretsFromMountsFile(file, mountLabel, containerWorkingDir, mountPrefix, uid, gid) ++ mounts, err := addSecretsFromMountsFile(file, mountLabel, containerWorkingDir, uid, gid) + if err != nil { + logrus.Warnf("error mounting secrets, skipping entry in %s: %v", file, err) + } +@@ -187,7 +196,7 @@ func SecretMountsWithUIDGID(mountLabel, containerWorkingDir, mountFile, mountPre + // Add FIPS mode secret if /etc/system-fips exists on the host + _, err := os.Stat("/etc/system-fips") + if err == nil { +- if err := addFIPSModeSecret(&secretMounts, containerWorkingDir, mountPrefix, mountLabel, uid, gid); err != nil { ++ if err := addFIPSModeSecret(&secretMounts, containerWorkingDir, mountPoint, mountLabel, uid, gid); err != nil { + logrus.Errorf("error adding FIPS mode secret to container: %v", err) + } + } else if os.IsNotExist(err) { +@@ -206,7 +215,7 @@ func rchown(chowndir string, uid, gid int) error { + + // addSecretsFromMountsFile copies the contents of host directory to container directory + // and returns a list of mounts +-func addSecretsFromMountsFile(filePath, mountLabel, containerWorkingDir, mountPrefix string, uid, gid int) ([]rspec.Mount, error) { ++func addSecretsFromMountsFile(filePath, mountLabel, containerWorkingDir string, uid, gid int) ([]rspec.Mount, error) { + var mounts []rspec.Mount + defaultMountsPaths := getMounts(filePath) + for _, path := range defaultMountsPaths { +@@ -285,7 +294,7 @@ func addSecretsFromMountsFile(filePath, mountLabel, containerWorkingDir, mountPr + } + + m := rspec.Mount{ +- Source: filepath.Join(mountPrefix, ctrDirOrFile), ++ Source: ctrDirOrFileOnHost, + Destination: ctrDirOrFile, + Type: "bind", + Options: []string{"bind", "rprivate"}, +@@ -300,15 +309,15 @@ func addSecretsFromMountsFile(filePath, mountLabel, containerWorkingDir, mountPr + // root filesystem if /etc/system-fips exists on hosts. + // This enables the container to be FIPS compliant and run openssl in + // FIPS mode as the host is also in FIPS mode. +-func addFIPSModeSecret(mounts *[]rspec.Mount, containerWorkingDir, mountPrefix, mountLabel string, uid, gid int) error { ++func addFIPSModeSecret(mounts *[]rspec.Mount, containerWorkingDir, mountPoint, mountLabel string, uid, gid int) error { + secretsDir := "/run/secrets" + ctrDirOnHost := filepath.Join(containerWorkingDir, secretsDir) + if _, err := os.Stat(ctrDirOnHost); os.IsNotExist(err) { + if err = idtools.MkdirAllAs(ctrDirOnHost, 0755, uid, gid); err != nil { +- return errors.Wrapf(err, "making container directory on host failed") ++ return errors.Wrapf(err, "making container directory %q on host failed", ctrDirOnHost) + } + if err = label.Relabel(ctrDirOnHost, mountLabel, false); err != nil { +- return errors.Wrap(err, "error applying correct labels") ++ return errors.Wrapf(err, "error applying correct labels on %q", ctrDirOnHost) + } + } + fipsFile := filepath.Join(ctrDirOnHost, "system-fips") +@@ -323,7 +332,7 @@ func addFIPSModeSecret(mounts *[]rspec.Mount, containerWorkingDir, mountPrefix, + + if !mountExists(*mounts, secretsDir) { + m := rspec.Mount{ +- Source: filepath.Join(mountPrefix, secretsDir), ++ Source: ctrDirOnHost, + Destination: secretsDir, + Type: "bind", + Options: []string{"bind", "rprivate"}, +@@ -331,6 +340,25 @@ func addFIPSModeSecret(mounts *[]rspec.Mount, containerWorkingDir, mountPrefix, + *mounts = append(*mounts, m) + } + ++ srcBackendDir := "/usr/share/crypto-policies/back-ends/FIPS" ++ destDir := "/etc/crypto-policies/back-ends" ++ srcOnHost := filepath.Join(mountPoint, srcBackendDir) ++ if _, err := os.Stat(srcOnHost); err != nil { ++ if os.IsNotExist(err) { ++ return nil ++ } ++ return errors.Wrapf(err, "failed to stat FIPS Backend directory %q", ctrDirOnHost) ++ } ++ ++ if !mountExists(*mounts, destDir) { ++ m := rspec.Mount{ ++ Source: srcOnHost, ++ Destination: destDir, ++ Type: "bind", ++ Options: []string{"bind", "rprivate"}, ++ } ++ *mounts = append(*mounts, m) ++ } + return nil + } + +diff --git a/run_linux.go b/run_linux.go +index 4c2d73edd..c8e75eada 100644 +--- a/run_linux.go ++++ b/run_linux.go +@@ -460,7 +460,7 @@ func (b *Builder) setupMounts(mountPoint string, spec *specs.Spec, bundlePath st + } + + // Get the list of secrets mounts. +- secretMounts := secrets.SecretMountsWithUIDGID(b.MountLabel, cdir, b.DefaultMountsFilePath, cdir, int(rootUID), int(rootGID), unshare.IsRootless(), false) ++ secretMounts := secrets.SecretMountsWithUIDGID(b.MountLabel, cdir, b.DefaultMountsFilePath, mountPoint, int(rootUID), int(rootGID), unshare.IsRootless(), false) + + // Add temporary copies of the contents of volume locations at the + // volume locations, unless we already have something there. diff --git a/SOURCES/CVE-2020-1702-1801930.patch b/SOURCES/CVE-2020-1702-1801930.patch new file mode 100644 index 0000000..00ea466 --- /dev/null +++ b/SOURCES/CVE-2020-1702-1801930.patch @@ -0,0 +1,390 @@ +From be1eb6f70fb40e45096b69aeb048d54c526a4a8f Mon Sep 17 00:00:00 2001 +From: Valentin Rothberg +Date: Thu, 6 Feb 2020 09:49:15 +0100 +Subject: [PATCH] [1.11-rhel] update github.com/containers/image + +Note that this includes fixes for +https://access.redhat.com/security/cve/CVE-2020-1702. + +Signed-off-by: Valentin Rothberg +--- + go.mod | 2 +- + go.sum | 2 + + .../image/v5/docker/docker_client.go | 6 +- + .../image/v5/docker/docker_image_dest.go | 3 +- + .../image/v5/docker/docker_image_src.go | 10 ++-- + .../image/v5/docker/tarfile/dest.go | 3 +- + .../containers/image/v5/docker/tarfile/src.go | 9 +-- + .../image/v5/image/docker_schema2.go | 4 +- + .../containers/image/v5/image/oci.go | 4 +- + .../image/v5/internal/iolimits/iolimits.go | 60 +++++++++++++++++++ + .../image/v5/openshift/openshift.go | 4 +- + vendor/modules.txt | 3 +- + 12 files changed, 89 insertions(+), 21 deletions(-) + create mode 100644 vendor/github.com/containers/image/v5/internal/iolimits/iolimits.go + +diff --git a/go.mod b/go.mod +index 684b00ff5..b94792238 100644 +--- a/go.mod ++++ b/go.mod +@@ -5,7 +5,7 @@ go 1.12 + require ( + github.com/blang/semver v3.5.0+incompatible // indirect + github.com/containernetworking/cni v0.7.1 +- github.com/containers/image/v5 v5.0.0 ++ github.com/containers/image/v5 v5.0.1-0.20200205124631-82291c45f2b0 + github.com/containers/storage v1.14.0 + github.com/cyphar/filepath-securejoin v0.2.2 + github.com/docker/distribution v2.7.1+incompatible +diff --git a/go.sum b/go.sum +index 1cce3ff7e..ef8729952 100644 +--- a/go.sum ++++ b/go.sum +@@ -54,6 +54,8 @@ github.com/containers/image/v4 v4.0.1 h1:idNGHChj0Pyv3vLrxul2oSVMZLeFqpoq3CjLeVg + github.com/containers/image/v4 v4.0.1/go.mod h1:0ASJH1YgJiX/eqFZObqepgsvIA4XjCgpyfwn9pDGafA= + github.com/containers/image/v5 v5.0.0 h1:arnXgbt1ucsC/ndtSpiQY87rA0UjhF+/xQnPzqdBDn4= + github.com/containers/image/v5 v5.0.0/go.mod h1:MgiLzCfIeo8lrHi+4Lb8HP+rh513sm0Mlk6RrhjFOLY= ++github.com/containers/image/v5 v5.0.1-0.20200205124631-82291c45f2b0 h1:iV4aHKRoPcHp5BISsuiPMyaCjGJfLKp/FUMAG1NeqvE= ++github.com/containers/image/v5 v5.0.1-0.20200205124631-82291c45f2b0/go.mod h1:MgiLzCfIeo8lrHi+4Lb8HP+rh513sm0Mlk6RrhjFOLY= + github.com/containers/libtrust v0.0.0-20190913040956-14b96171aa3b h1:Q8ePgVfHDplZ7U33NwHZkrVELsZP5fYj9pM5WBZB2GE= + github.com/containers/libtrust v0.0.0-20190913040956-14b96171aa3b/go.mod h1:9rfv8iPl1ZP7aqh9YA68wnZv2NUDbXdcdPHVz0pFbPY= + github.com/containers/storage v1.13.4 h1:j0bBaJDKbUHtAW1MXPFnwXJtqcH+foWeuXK1YaBV5GA= +diff --git a/vendor/github.com/containers/image/v5/docker/docker_client.go b/vendor/github.com/containers/image/v5/docker/docker_client.go +index 0b012c703..bff077a40 100644 +--- a/vendor/github.com/containers/image/v5/docker/docker_client.go ++++ b/vendor/github.com/containers/image/v5/docker/docker_client.go +@@ -6,7 +6,6 @@ import ( + "encoding/json" + "fmt" + "io" +- "io/ioutil" + "net/http" + "net/url" + "os" +@@ -17,6 +16,7 @@ import ( + "time" + + "github.com/containers/image/v5/docker/reference" ++ "github.com/containers/image/v5/internal/iolimits" + "github.com/containers/image/v5/pkg/docker/config" + "github.com/containers/image/v5/pkg/sysregistriesv2" + "github.com/containers/image/v5/pkg/tlsclientconfig" +@@ -597,7 +597,7 @@ func (c *dockerClient) getBearerToken(ctx context.Context, challenge challenge, + default: + return nil, errors.Errorf("unexpected http code: %d (%s), URL: %s", res.StatusCode, http.StatusText(res.StatusCode), authReq.URL) + } +- tokenBlob, err := ioutil.ReadAll(res.Body) ++ tokenBlob, err := iolimits.ReadAtMost(res.Body, iolimits.MaxAuthTokenBodySize) + if err != nil { + return nil, err + } +@@ -690,7 +690,7 @@ func (c *dockerClient) getExtensionsSignatures(ctx context.Context, ref dockerRe + return nil, errors.Wrapf(clientLib.HandleErrorResponse(res), "Error downloading signatures for %s in %s", manifestDigest, ref.ref.Name()) + } + +- body, err := ioutil.ReadAll(res.Body) ++ body, err := iolimits.ReadAtMost(res.Body, iolimits.MaxSignatureListBodySize) + if err != nil { + return nil, err + } +diff --git a/vendor/github.com/containers/image/v5/docker/docker_image_dest.go b/vendor/github.com/containers/image/v5/docker/docker_image_dest.go +index 417d97aec..ce8a1f357 100644 +--- a/vendor/github.com/containers/image/v5/docker/docker_image_dest.go ++++ b/vendor/github.com/containers/image/v5/docker/docker_image_dest.go +@@ -15,6 +15,7 @@ import ( + "strings" + + "github.com/containers/image/v5/docker/reference" ++ "github.com/containers/image/v5/internal/iolimits" + "github.com/containers/image/v5/manifest" + "github.com/containers/image/v5/pkg/blobinfocache/none" + "github.com/containers/image/v5/types" +@@ -620,7 +621,7 @@ sigExists: + } + defer res.Body.Close() + if res.StatusCode != http.StatusCreated { +- body, err := ioutil.ReadAll(res.Body) ++ body, err := iolimits.ReadAtMost(res.Body, iolimits.MaxErrorBodySize) + if err == nil { + logrus.Debugf("Error body %s", string(body)) + } +diff --git a/vendor/github.com/containers/image/v5/docker/docker_image_src.go b/vendor/github.com/containers/image/v5/docker/docker_image_src.go +index 35beb30e5..5436d9b7d 100644 +--- a/vendor/github.com/containers/image/v5/docker/docker_image_src.go ++++ b/vendor/github.com/containers/image/v5/docker/docker_image_src.go +@@ -12,6 +12,7 @@ import ( + "strconv" + + "github.com/containers/image/v5/docker/reference" ++ "github.com/containers/image/v5/internal/iolimits" + "github.com/containers/image/v5/manifest" + "github.com/containers/image/v5/pkg/sysregistriesv2" + "github.com/containers/image/v5/types" +@@ -156,7 +157,8 @@ func (s *dockerImageSource) fetchManifest(ctx context.Context, tagOrDigest strin + if res.StatusCode != http.StatusOK { + return nil, "", errors.Wrapf(client.HandleErrorResponse(res), "Error reading manifest %s in %s", tagOrDigest, s.ref.ref.Name()) + } +- manblob, err := ioutil.ReadAll(res.Body) ++ ++ manblob, err := iolimits.ReadAtMost(res.Body, iolimits.MaxManifestBodySize) + if err != nil { + return nil, "", err + } +@@ -342,7 +344,7 @@ func (s *dockerImageSource) getOneSignature(ctx context.Context, url *url.URL) ( + } else if res.StatusCode != http.StatusOK { + return nil, false, errors.Errorf("Error reading signature from %s: status %d (%s)", url.String(), res.StatusCode, http.StatusText(res.StatusCode)) + } +- sig, err := ioutil.ReadAll(res.Body) ++ sig, err := iolimits.ReadAtMost(res.Body, iolimits.MaxSignatureBodySize) + if err != nil { + return nil, false, err + } +@@ -401,7 +403,7 @@ func deleteImage(ctx context.Context, sys *types.SystemContext, ref dockerRefere + return err + } + defer get.Body.Close() +- manifestBody, err := ioutil.ReadAll(get.Body) ++ manifestBody, err := iolimits.ReadAtMost(get.Body, iolimits.MaxManifestBodySize) + if err != nil { + return err + } +@@ -424,7 +426,7 @@ func deleteImage(ctx context.Context, sys *types.SystemContext, ref dockerRefere + } + defer delete.Body.Close() + +- body, err := ioutil.ReadAll(delete.Body) ++ body, err := iolimits.ReadAtMost(delete.Body, iolimits.MaxErrorBodySize) + if err != nil { + return err + } +diff --git a/vendor/github.com/containers/image/v5/docker/tarfile/dest.go b/vendor/github.com/containers/image/v5/docker/tarfile/dest.go +index b02c60bb3..9748ca112 100644 +--- a/vendor/github.com/containers/image/v5/docker/tarfile/dest.go ++++ b/vendor/github.com/containers/image/v5/docker/tarfile/dest.go +@@ -13,6 +13,7 @@ import ( + "time" + + "github.com/containers/image/v5/docker/reference" ++ "github.com/containers/image/v5/internal/iolimits" + "github.com/containers/image/v5/internal/tmpdir" + "github.com/containers/image/v5/manifest" + "github.com/containers/image/v5/types" +@@ -135,7 +136,7 @@ func (d *Destination) PutBlob(ctx context.Context, stream io.Reader, inputInfo t + } + + if isConfig { +- buf, err := ioutil.ReadAll(stream) ++ buf, err := iolimits.ReadAtMost(stream, iolimits.MaxConfigBodySize) + if err != nil { + return types.BlobInfo{}, errors.Wrap(err, "Error reading Config file stream") + } +diff --git a/vendor/github.com/containers/image/v5/docker/tarfile/src.go b/vendor/github.com/containers/image/v5/docker/tarfile/src.go +index ad0a3d2cb..bbf604da6 100644 +--- a/vendor/github.com/containers/image/v5/docker/tarfile/src.go ++++ b/vendor/github.com/containers/image/v5/docker/tarfile/src.go +@@ -11,6 +11,7 @@ import ( + "path" + "sync" + ++ "github.com/containers/image/v5/internal/iolimits" + "github.com/containers/image/v5/internal/tmpdir" + "github.com/containers/image/v5/manifest" + "github.com/containers/image/v5/pkg/compression" +@@ -187,13 +188,13 @@ func findTarComponent(inputFile io.Reader, path string) (*tar.Reader, *tar.Heade + } + + // readTarComponent returns full contents of componentPath. +-func (s *Source) readTarComponent(path string) ([]byte, error) { ++func (s *Source) readTarComponent(path string, limit int) ([]byte, error) { + file, err := s.openTarComponent(path) + if err != nil { + return nil, errors.Wrapf(err, "Error loading tar component %s", path) + } + defer file.Close() +- bytes, err := ioutil.ReadAll(file) ++ bytes, err := iolimits.ReadAtMost(file, limit) + if err != nil { + return nil, err + } +@@ -224,7 +225,7 @@ func (s *Source) ensureCachedDataIsPresentPrivate() error { + } + + // Read and parse config. +- configBytes, err := s.readTarComponent(tarManifest[0].Config) ++ configBytes, err := s.readTarComponent(tarManifest[0].Config, iolimits.MaxConfigBodySize) + if err != nil { + return err + } +@@ -250,7 +251,7 @@ func (s *Source) ensureCachedDataIsPresentPrivate() error { + // loadTarManifest loads and decodes the manifest.json. + func (s *Source) loadTarManifest() ([]ManifestItem, error) { + // FIXME? Do we need to deal with the legacy format? +- bytes, err := s.readTarComponent(manifestFileName) ++ bytes, err := s.readTarComponent(manifestFileName, iolimits.MaxTarFileManifestSize) + if err != nil { + return nil, err + } +diff --git a/vendor/github.com/containers/image/v5/image/docker_schema2.go b/vendor/github.com/containers/image/v5/image/docker_schema2.go +index 254c13f78..29c5047d7 100644 +--- a/vendor/github.com/containers/image/v5/image/docker_schema2.go ++++ b/vendor/github.com/containers/image/v5/image/docker_schema2.go +@@ -7,10 +7,10 @@ import ( + "encoding/hex" + "encoding/json" + "fmt" +- "io/ioutil" + "strings" + + "github.com/containers/image/v5/docker/reference" ++ "github.com/containers/image/v5/internal/iolimits" + "github.com/containers/image/v5/manifest" + "github.com/containers/image/v5/pkg/blobinfocache/none" + "github.com/containers/image/v5/types" +@@ -102,7 +102,7 @@ func (m *manifestSchema2) ConfigBlob(ctx context.Context) ([]byte, error) { + return nil, err + } + defer stream.Close() +- blob, err := ioutil.ReadAll(stream) ++ blob, err := iolimits.ReadAtMost(stream, iolimits.MaxConfigBodySize) + if err != nil { + return nil, err + } +diff --git a/vendor/github.com/containers/image/v5/image/oci.go b/vendor/github.com/containers/image/v5/image/oci.go +index 18a38d463..406da262f 100644 +--- a/vendor/github.com/containers/image/v5/image/oci.go ++++ b/vendor/github.com/containers/image/v5/image/oci.go +@@ -4,9 +4,9 @@ import ( + "context" + "encoding/json" + "fmt" +- "io/ioutil" + + "github.com/containers/image/v5/docker/reference" ++ "github.com/containers/image/v5/internal/iolimits" + "github.com/containers/image/v5/manifest" + "github.com/containers/image/v5/pkg/blobinfocache/none" + "github.com/containers/image/v5/types" +@@ -67,7 +67,7 @@ func (m *manifestOCI1) ConfigBlob(ctx context.Context) ([]byte, error) { + return nil, err + } + defer stream.Close() +- blob, err := ioutil.ReadAll(stream) ++ blob, err := iolimits.ReadAtMost(stream, iolimits.MaxConfigBodySize) + if err != nil { + return nil, err + } +diff --git a/vendor/github.com/containers/image/v5/internal/iolimits/iolimits.go b/vendor/github.com/containers/image/v5/internal/iolimits/iolimits.go +new file mode 100644 +index 000000000..3fed1995c +--- /dev/null ++++ b/vendor/github.com/containers/image/v5/internal/iolimits/iolimits.go +@@ -0,0 +1,60 @@ ++package iolimits ++ ++import ( ++ "io" ++ "io/ioutil" ++ ++ "github.com/pkg/errors" ++) ++ ++// All constants below are intended to be used as limits for `ReadAtMost`. The ++// immediate use-case for limiting the size of in-memory copied data is to ++// protect against OOM DOS attacks as described inCVE-2020-1702. Instead of ++// copying data until running out of memory, we error out after hitting the ++// specified limit. ++const ( ++ // megaByte denotes one megabyte and is intended to be used as a limit in ++ // `ReadAtMost`. ++ megaByte = 1 << 20 ++ // MaxManifestBodySize is the maximum allowed size of a manifest. The limit ++ // of 4 MB aligns with the one of a Docker registry: ++ // https://github.com/docker/distribution/blob/a8371794149d1d95f1e846744b05c87f2f825e5a/registry/handlers/manifests.go#L30 ++ MaxManifestBodySize = 4 * megaByte ++ // MaxAuthTokenBodySize is the maximum allowed size of an auth token. ++ // The limit of 1 MB is considered to be greatly sufficient. ++ MaxAuthTokenBodySize = megaByte ++ // MaxSignatureListBodySize is the maximum allowed size of a signature list. ++ // The limit of 4 MB is considered to be greatly sufficient. ++ MaxSignatureListBodySize = 4 * megaByte ++ // MaxSignatureBodySize is the maximum allowed size of a signature. ++ // The limit of 4 MB is considered to be greatly sufficient. ++ MaxSignatureBodySize = 4 * megaByte ++ // MaxErrorBodySize is the maximum allowed size of an error-response body. ++ // The limit of 1 MB is considered to be greatly sufficient. ++ MaxErrorBodySize = megaByte ++ // MaxConfigBodySize is the maximum allowed size of a config blob. ++ // The limit of 4 MB is considered to be greatly sufficient. ++ MaxConfigBodySize = 4 * megaByte ++ // MaxOpenShiftStatusBody is the maximum allowed size of an OpenShift status body. ++ // The limit of 4 MB is considered to be greatly sufficient. ++ MaxOpenShiftStatusBody = 4 * megaByte ++ // MaxTarFileManifestSize is the maximum allowed size of a (docker save)-like manifest (which may contain multiple images) ++ // The limit of 1 MB is considered to be greatly sufficient. ++ MaxTarFileManifestSize = megaByte ++) ++ ++// ReadAtMost reads from reader and errors out if the specified limit (in bytes) is exceeded. ++func ReadAtMost(reader io.Reader, limit int) ([]byte, error) { ++ limitedReader := io.LimitReader(reader, int64(limit+1)) ++ ++ res, err := ioutil.ReadAll(limitedReader) ++ if err != nil { ++ return nil, err ++ } ++ ++ if len(res) > limit { ++ return nil, errors.Errorf("exceeded maximum allowed size of %d bytes", limit) ++ } ++ ++ return res, nil ++} +diff --git a/vendor/github.com/containers/image/v5/openshift/openshift.go b/vendor/github.com/containers/image/v5/openshift/openshift.go +index 016de4803..c37e1b751 100644 +--- a/vendor/github.com/containers/image/v5/openshift/openshift.go ++++ b/vendor/github.com/containers/image/v5/openshift/openshift.go +@@ -7,13 +7,13 @@ import ( + "encoding/json" + "fmt" + "io" +- "io/ioutil" + "net/http" + "net/url" + "strings" + + "github.com/containers/image/v5/docker" + "github.com/containers/image/v5/docker/reference" ++ "github.com/containers/image/v5/internal/iolimits" + "github.com/containers/image/v5/manifest" + "github.com/containers/image/v5/types" + "github.com/containers/image/v5/version" +@@ -102,7 +102,7 @@ func (c *openshiftClient) doRequest(ctx context.Context, method, path string, re + return nil, err + } + defer res.Body.Close() +- body, err := ioutil.ReadAll(res.Body) ++ body, err := iolimits.ReadAtMost(res.Body, iolimits.MaxOpenShiftStatusBody) + if err != nil { + return nil, err + } +diff --git a/vendor/modules.txt b/vendor/modules.txt +index 840dae067..3f72f3f34 100644 +--- a/vendor/modules.txt ++++ b/vendor/modules.txt +@@ -48,7 +48,7 @@ github.com/containernetworking/cni/pkg/types + github.com/containernetworking/cni/pkg/types/020 + github.com/containernetworking/cni/pkg/types/current + github.com/containernetworking/cni/pkg/version +-# github.com/containers/image/v5 v5.0.0 ++# github.com/containers/image/v5 v5.0.1-0.20200205124631-82291c45f2b0 + github.com/containers/image/v5/copy + github.com/containers/image/v5/directory + github.com/containers/image/v5/directory/explicitfilepath +@@ -59,6 +59,7 @@ github.com/containers/image/v5/docker/policyconfiguration + github.com/containers/image/v5/docker/reference + github.com/containers/image/v5/docker/tarfile + github.com/containers/image/v5/image ++github.com/containers/image/v5/internal/iolimits + github.com/containers/image/v5/internal/pkg/keyctl + github.com/containers/image/v5/internal/tmpdir + github.com/containers/image/v5/manifest diff --git a/SOURCES/buildah-1756986.patch b/SOURCES/buildah-1756986.patch new file mode 100644 index 0000000..e70ea76 --- /dev/null +++ b/SOURCES/buildah-1756986.patch @@ -0,0 +1,98 @@ +From 6d7ab38f33edb9ab87a290a0c68cfd27b55b061f Mon Sep 17 00:00:00 2001 +From: Nalin Dahyabhai +Date: Wed, 8 Jan 2020 11:02:05 -0500 +Subject: [PATCH 1/2] Check for .dockerignore specifically + +When generating the list of exclusions to process .dockerignore +contents, don't include .dockerignore if we don't have a .dockerignore +file in the context directory. That way, if the file doesn't exist, and +the caller didn't pass in any patterns, we get no patterns instead of +just one ".dockerignore" pattern, and we can hit the faster copy path. + +Signed-off-by: Nalin Dahyabhai + +Closes: #2072 +Approved by: giuseppe +--- + add.go | 10 ++++++++-- + 1 file changed, 8 insertions(+), 2 deletions(-) + +diff --git a/add.go b/add.go +index b5119e369..e82a5ef9a 100644 +--- a/add.go ++++ b/add.go +@@ -215,7 +215,12 @@ func dockerIgnoreMatcher(lines []string, contextDir string) (*fileutils.PatternM + if contextDir == "" { + return nil, nil + } +- patterns := []string{".dockerignore"} ++ // If there's no .dockerignore file, then we don't have to add a ++ // pattern to tell copy logic to ignore it later. ++ var patterns []string ++ if _, err := os.Stat(filepath.Join(contextDir, ".dockerignore")); err == nil || !os.IsNotExist(err) { ++ patterns = []string{".dockerignore"} ++ } + for _, ignoreSpec := range lines { + ignoreSpec = strings.TrimSpace(ignoreSpec) + // ignore comments passed back from .dockerignore +@@ -224,7 +229,8 @@ func dockerIgnoreMatcher(lines []string, contextDir string) (*fileutils.PatternM + } + // if the spec starts with '!' it means the pattern + // should be included. make a note so that we can move +- // it to the front of the updated pattern ++ // it to the front of the updated pattern, and insert ++ // the context dir's path in between + includeFlag := "" + if strings.HasPrefix(ignoreSpec, "!") { + includeFlag = "!" + +From f999964084ce75c833b0cffd17fb09b947dad506 Mon Sep 17 00:00:00 2001 +From: Nalin Dahyabhai +Date: Wed, 8 Jan 2020 11:04:57 -0500 +Subject: [PATCH 2/2] copyFileWithTar: close source files at the right time + +Close source files after we've finished reading from them, rather than +leaving it for later. + +Signed-off-by: Nalin Dahyabhai + +Closes: #2072 +Approved by: giuseppe +--- + util.go | 9 +++------ + 1 file changed, 3 insertions(+), 6 deletions(-) + +diff --git a/util.go b/util.go +index b4670e41c..2f923357c 100644 +--- a/util.go ++++ b/util.go +@@ -165,11 +165,6 @@ func (b *Builder) copyFileWithTar(tarIDMappingOptions *IDMappingOptions, chownOp + if err != nil { + return errors.Wrapf(err, "error opening %q to copy its contents", src) + } +- defer func() { +- if err := f.Close(); err != nil { +- logrus.Debugf("error closing %s: %v", fi.Name(), err) +- } +- }() + } + } + +@@ -200,6 +195,9 @@ func (b *Builder) copyFileWithTar(tarIDMappingOptions *IDMappingOptions, chownOp + logrus.Debugf("error copying contents of %s: %v", fi.Name(), err) + copyErr = err + } ++ if err = srcFile.Close(); err != nil { ++ logrus.Debugf("error closing %s: %v", fi.Name(), err) ++ } + } + if err = writer.Close(); err != nil { + logrus.Debugf("error closing write pipe for %s: %v", hdr.Name, err) +@@ -213,7 +211,6 @@ func (b *Builder) copyFileWithTar(tarIDMappingOptions *IDMappingOptions, chownOp + if err == nil { + err = copyErr + } +- f = nil + if pipeWriter != nil { + pipeWriter.Close() + } diff --git a/SOURCES/buildah-CVE-2020-10696.patch b/SOURCES/buildah-CVE-2020-10696.patch new file mode 100644 index 0000000..b0c58fd --- /dev/null +++ b/SOURCES/buildah-CVE-2020-10696.patch @@ -0,0 +1,58 @@ +From 840e7dad513b86f454573ad415701c0199f78d30 Mon Sep 17 00:00:00 2001 +From: TomSweeneyRedHat +Date: Tue, 24 Mar 2020 20:10:22 -0400 +Subject: [PATCH] Fix potential CVE in tarfile w/ symlink + +Stealing @nalind 's workaround to avoid refetching +content after a file read failure. Under the right +circumstances that could be a symlink to a file meant +to overwrite a good file with bad data. + +Testing: +``` +goodstuff + +[1] 14901 + +127.0.0.1 - - [24/Mar/2020 20:15:50] "GET / HTTP/1.1" 200 - +127.0.0.1 - - [24/Mar/2020 20:15:50] "GET / HTTP/1.1" 200 - +no FROM statement found + +goodstuff +``` + +Signed-off-by: TomSweeneyRedHat +--- + imagebuildah/util.go | 5 +++-- + 1 file changed, 3 insertions(+), 2 deletions(-) + +diff --git a/imagebuildah/util.go b/imagebuildah/util.go +index 29ea60970..5f14c9883 100644 +--- a/imagebuildah/util.go ++++ b/imagebuildah/util.go +@@ -14,6 +14,7 @@ import ( + + "github.com/containers/buildah" + "github.com/containers/storage/pkg/chrootarchive" ++ "github.com/containers/storage/pkg/ioutils" + "github.com/opencontainers/runtime-spec/specs-go" + "github.com/pkg/errors" + "github.com/sirupsen/logrus" +@@ -57,7 +58,7 @@ func downloadToDirectory(url, dir string) error { + } + dockerfile := filepath.Join(dir, "Dockerfile") + // Assume this is a Dockerfile +- if err := ioutil.WriteFile(dockerfile, body, 0600); err != nil { ++ if err := ioutils.AtomicWriteFile(dockerfile, body, 0600); err != nil { + return errors.Wrapf(err, "Failed to write %q to %q", url, dockerfile) + } + } +@@ -75,7 +76,7 @@ func stdinToDirectory(dir string) error { + if err := chrootarchive.Untar(reader, dir, nil); err != nil { + dockerfile := filepath.Join(dir, "Dockerfile") + // Assume this is a Dockerfile +- if err := ioutil.WriteFile(dockerfile, b, 0600); err != nil { ++ if err := ioutils.AtomicWriteFile(dockerfile, b, 0600); err != nil { + return errors.Wrapf(err, "Failed to write bytes to %q", dockerfile) + } + } diff --git a/SPECS/buildah.spec b/SPECS/buildah.spec new file mode 100644 index 0000000..0e2fbdf --- /dev/null +++ b/SPECS/buildah.spec @@ -0,0 +1,741 @@ +%global with_debug 1 +%global with_bundled 1 + +%if 0%{?with_debug} +%global _find_debuginfo_dwz_opts %{nil} +%global _dwz_low_mem_die_limit 0 +%else +%global debug_package %{nil} +%endif + +%if 0%{?rhel} > 7 && ! 0%{?fedora} +%define gobuild(o:) \ +go build -buildmode pie -compiler gc -tags="rpm_crashtraceback libtrust_openssl ${BUILDTAGS:-}" -ldflags "${LDFLAGS:-} -compressdwarf=false -B 0x$(head -c20 /dev/urandom|od -An -tx1|tr -d ' \\n') -extldflags '%__global_ldflags'" -a -v -x %{?**}; +%endif + +%global provider github +%global provider_tld com +%global project containers +%global repo buildah +# https://github.com/containers/buildah +%global import_path %{provider}.%{provider_tld}/%{project}/%{repo} +%global git0 https://%{import_path} +%global commit0 9513cb8c7bec0f7789c696aee4d252ebf85194cc +%global shortcommit0 %(c=%{commit0}; echo ${c:0:7}) + +Name: %{repo} +Version: 1.11.6 +Release: 8%{?dist} +Summary: A command line tool used for creating OCI Images +License: ASL 2.0 +URL: https://%{name}.io +# Build fails with: No matching package to install: 'golang >= 1.12.12-4' on i686 +ExcludeArch: i686 +Source: %{git0}/archive/%{commit0}/%{name}-%{shortcommit0}.tar.gz +Patch0: https://patch-diff.githubusercontent.com/raw/containers/buildah/pull/1996.patch +# https://bugzilla.redhat.com/show_bug.cgi?id=1784952 +Patch1: https://patch-diff.githubusercontent.com/raw/containers/buildah/pull/2031.patch +# https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1702 +# https://github.com/containers/buildah/commit/be1eb6f70fb40e45096b69aeb048d54c526a4a8f.patch +Patch2: CVE-2020-1702-1801930.patch +# related bug: https://bugzilla.redhat.com/show_bug.cgi?id=1756986 +# backported: https://patch-diff.githubusercontent.com/raw/containers/buildah/pull/2181.patch +Patch3: buildah-1756986.patch +# tracker bug: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10696 +# patch: https://github.com/containers/buildah/commit/c61925b8936e93a5e900f91b653a846f7ea3a9ed.patch +Patch4: buildah-CVE-2020-10696.patch +BuildRequires: golang >= 1.12.12-4 +BuildRequires: git +BuildRequires: glib2-devel +BuildRequires: libseccomp-devel +BuildRequires: ostree-devel +BuildRequires: glibc-static +BuildRequires: go-md2man +BuildRequires: gpgme-devel +BuildRequires: device-mapper-devel +BuildRequires: libassuan-devel +BuildRequires: make +Requires: runc >= 1.0.0-26 +Requires: containers-common +Requires: container-selinux +Requires: slirp4netns >= 0.3-0 + +%description +The %{name} package provides a command line tool which can be used to +* create a working container from scratch +or +* create a working container from an image as a starting point +* mount/umount a working container's root file system for manipulation +* save container's root file system layer to create a new image +* delete a working container or an image + +%package tests +Summary: Tests for %{name} +Requires: %{name} = %{version}-%{release} +Requires: bzip2 +Requires: podman +Requires: golang + +%description tests +%{summary} + +This package contains system tests for %{name} + +%prep +%autosetup -Sgit -n %{name}-%{commit0} +sed -i 's/GOMD2MAN =/GOMD2MAN ?=/' docs/Makefile +sed -i '/docs install/d' Makefile + +%build +mkdir _build +pushd _build +mkdir -p src/%{provider}.%{provider_tld}/%{project} +ln -s $(dirs +1 -l) src/%{import_path} +popd + +mv vendor src + +export GOPATH=$(pwd)/_build:$(pwd) +export BUILDTAGS='seccomp selinux btrfs_noversion exclude_graphdriver_btrfs' +export GO111MODULE=off +rm -f src/github.com/containers/storage/drivers/register/register_btrfs.go +%gobuild -o %{name} %{import_path}/cmd/%{name} +%gobuild -o imgtype %{import_path}/tests/imgtype +GOMD2MAN=go-md2man %{__make} -C docs + +%install +export GOPATH=$(pwd)/_build:$(pwd):%{gopath} +make DESTDIR=%{buildroot} PREFIX=%{_prefix} install install.completions +install -d -p %{buildroot}/%{_datadir}/%{name}/test/system +cp -pav tests/. %{buildroot}/%{_datadir}/%{name}/test/system +cp imgtype %{buildroot}/%{_bindir}/%{name}-imgtype +make DESTDIR=%{buildroot} PREFIX=%{_prefix} -C docs install + +#define license tag if not already defined +%{!?_licensedir:%global license %doc} + +%files +%license LICENSE +%doc README.md +%{_bindir}/%{name} +%{_mandir}/man1/%{name}* +%dir %{_datadir}/bash-completion +%dir %{_datadir}/bash-completion/completions +%{_datadir}/bash-completion/completions/%{name} + +%files tests +%license LICENSE +%{_bindir}/%{name}-imgtype +%{_datadir}/%{name}/test + +%changelog +* Thu Jul 16 2020 Jindrich Novy - 1.11.6-8 +- exclude i686 arch +- Related: #1821193 + +* Wed Apr 01 2020 Jindrich Novy - 1.11.6-7 +- fix "CVE-2020-10696 buildah: crafted input tar file may lead to local file overwriting during image build process" +- Resolves: #1819393 + +* Mon Feb 24 2020 Jindrich Novy - 1.11.6-6 +- fix "COPY command takes long time with buildah" +- Resolves: #1806118 + +* Mon Feb 17 2020 Jindrich Novy - 1.11.6-5 +- fix CVE-2020-1702 +- Resolves: #1801930 +- adding the first phase of FIPS fix +- Related: #1784952 + +* Wed Dec 11 2019 Jindrich Novy - 1.11.6-4 +- compile in FIPS mode +- Related: RHELPLAN-25139 + +* Mon Dec 09 2019 Jindrich Novy - 1.11.6-3 +- be sure to use golang >= 1.12.12-4 +- Related: RHELPLAN-25139 + +* Sat Dec 07 2019 Jindrich Novy - 1.11.6-2 +- fix chroot: unmount with MNT_DETACH instead of UnmountMountpoints() +- bug reference 1772179 +- Related: RHELPLAN-25139 + +* Thu Dec 05 2019 Jindrich Novy - 1.11.6-1 +- update to buildah 1.11.6 +- Related: RHELPLAN-25139 + +* Thu Nov 21 2019 Jindrich Novy - 1.11.5-1 +- update to buildah 1.11.5 +- Related: RHELPLAN-25139 + +* Thu Nov 07 2019 Jindrich Novy - 1.11.4-2 +- fix %%gobuild macro to not to ignore BUILDTAGS +- Related: RHELPLAN-25139 + +* Thu Nov 07 2019 Jindrich Novy - 1.11.4-1 +- update to 1.11.4 +- Related: RHELPLAN-25139 + +* Tue Sep 17 2019 Jindrich Novy - 1.9.0-5 +- Use autosetup macro again. + +* Thu Sep 12 2019 Jindrich Novy - 1.9.0-4 +- Fix CVE-2019-10214 (#1734653). + +* Sat Jun 15 2019 Lokesh Mandvekar - 1.9.0-3 +- Resolves: #1721247 - enable fips mode + +* Sat Jun 15 2019 Lokesh Mandvekar - 1.9.0-2 +- Resolves: #1720654 - tests subpackage depends on golang explicitly + +* Sat Jun 15 2019 Lokesh Mandvekar - 1.9.0-1 +- Resolves: #1720654 - rebase to v1.9.0 + +* Fri Jun 14 2019 Lokesh Mandvekar - 1.8.3-1 +- Resolves: #1720654 - rebase to v1.8.3 + +* Tue Apr 9 2019 Eduardo Santiago - 1.8-0.git021d607 +- package system tests + +* Tue Dec 18 2018 Frantisek Kluknavsky - 1.5-3.gite94b4f9 +- re-enable debuginfo + +* Mon Dec 17 2018 Frantisek Kluknavsky - 1.5-2.gite94b4f9 +- go toolset not in scl anymore + +* Fri Nov 23 2018 Frantisek Kluknavsky - 1.5-1.gite94b4f9 +- rebase + +* Mon Nov 19 2018 Frantisek Kluknavsky - 1.4-3.git608fa84 +- fedora-like go compiler macro in buildrequires is enough + +* Wed Oct 10 2018 Frantisek Kluknavsky - 1.4-2.git608fa84 +- rebase + +* Mon Aug 13 2018 Lokesh Mandvekar - 1.3-3.git4888163 +- Resolves: #1615611 - rebuild with gobuild tag 'no_openssl' + +* Wed Aug 08 2018 Lokesh Mandvekar - 1.3-2.git4888163 +- Resolves: #1614009 - built with updated scl-ized go-toolset dep +- build with %%gobuild + +* Sun Aug 5 2018 Dan Walsh - 1.3-1 +- Bump to v1.3 +- Vendor in lates containers/image +- build-using-dockerfile: let -t include transports again +- Block use of /proc/acpi and /proc/keys from inside containers +- Fix handling of --registries-conf +- Fix becoming a maintainer link +- add optional CI test fo darwin +- Don't pass a nil error to errors.Wrapf() +- image filter test: use kubernetes/pause as a "since" +- Add --cidfile option to from +- vendor: update containers/storage +- Contributors need to find the CONTRIBUTOR.md file easier +- Add a --loglevel option to build-with-dockerfile +- Create Development plan +- cmd: Code improvement +- allow buildah cross compile for a darwin target +- Add unused function param lint check +- docs: Follow man-pages(7) suggestions for SYNOPSIS +- Start using github.com/seccomp/containers-golang +- umount: add all option to umount all mounted containers +- runConfigureNetwork(): remove an unused parameter +- Update github.com/opencontainers/selinux +- Fix buildah bud --layers +- Force ownership of /etc/hosts and /etc/resolv.conf to 0:0 +- main: if unprivileged, reexec in a user namespace +- Vendor in latest imagebuilder +- Reduce the complexity of the buildah.Run function +- mount: output it before replacing lastError +- Vendor in latest selinux-go code +- Implement basic recognition of the "--isolation" option +- Run(): try to resolve non-absolute paths using $PATH +- Run(): don't include any default environment variables +- build without seccomp +- vendor in latest runtime-tools +- bind/mount_unsupported.go: remove import errors +- Update github.com/opencontainers/runc +- Add Capabilities lists to BuilderInfo +- Tweaks for commit tests +- commit: recognize committing to second storage locations +- Fix ARGS parsing for run commands +- Add info on registries.conf to from manpage +- Switch from using docker to podman for testing in .papr +- buildah: set the HTTP User-Agent +- ONBUILD tutorial +- Add information about the configuration files to the install docs +- Makefile: add uninstall +- Add tilde info for push to troubleshooting +- mount: support multiple inputs +- Use the right formatting when adding entries to /etc/hosts +- Vendor in latest go-selinux bindings +- Allow --userns-uid-map/--userns-gid-map to be global options +- bind: factor out UnmountMountpoints +- Run(): simplify runCopyStdio() +- Run(): handle POLLNVAL results +- Run(): tweak terminal mode handling +- Run(): rename 'copyStdio' to 'copyPipes' +- Run(): don't set a Pdeathsig for the runtime +- Run(): add options for adding and removing capabilities +- Run(): don't use a callback when a slice will do +- setupSeccomp(): refactor +- Change RunOptions.Stdin/Stdout/Stderr to just be Reader/Writers +- Escape use of '_' in .md docs +- Break out getProcIDMappings() +- Break out SetupIntermediateMountNamespace() +- Add Multi From Demo +- Use the c/image conversion code instead of converting configs manually +- Don't throw away the manifest MIME type and guess again +- Consolidate loading manifest and config in initConfig +- Pass a types.Image to Builder.initConfig +- Require an image ID in importBuilderDataFromImage +- Use c/image/manifest.GuessMIMEType instead of a custom heuristic +- Do not ignore any parsing errors in initConfig +- Explicitly handle "from scratch" images in Builder.initConfig +- Fix parsing of OCI images +- Simplify dead but dangerous-looking error handling +- Don't ignore v2s1 history if docker_version is not set +- Add --rm and --force-rm to buildah bud +- Add --all,-a flag to buildah images +- Separate stdio buffering from writing +- Remove tty check from images --format +- Add environment variable BUILDAH_RUNTIME +- Add --layers and --no-cache to buildah bud +- Touch up images man +- version.md: fix DESCRIPTION +- tests: add containers test +- tests: add images test +- images: fix usage +- fix make clean error +- Change 'registries' to 'container registries' in man +- add commit test +- Add(): learn to record hashes of what we add +- Minor update to buildah config documentation for entrypoint +- Bump to v1.2-dev +- Add registries.conf link to a few man pages + +* Tue Jul 24 2018 Lokesh Mandvekar - 1.2-3 +- do not depend on btrfs-progs for rhel8 + +* Thu Jul 19 2018 Dan Walsh - 1.2-2 +- buildah does not require ostree + +* Sun Jul 15 2018 Dan Walsh 1.2-1 +- Vendor in latest containers/image +- build-using-dockerfile: let -t include transports again +- Block use of /proc/acpi and /proc/keys from inside containers +- Fix handling of --registries-conf +- Fix becoming a maintainer link +- add optional CI test fo darwin +- Don't pass a nil error to errors.Wrapf() +- image filter test: use kubernetes/pause as a "since" +- Add --cidfile option to from +- vendor: update containers/storage +- Contributors need to find the CONTRIBUTOR.md file easier +- Add a --loglevel option to build-with-dockerfile +- Create Development plan +- cmd: Code improvement +- allow buildah cross compile for a darwin target +- Add unused function param lint check +- docs: Follow man-pages(7) suggestions for SYNOPSIS +- Start using github.com/seccomp/containers-golang +- umount: add all option to umount all mounted containers +- runConfigureNetwork(): remove an unused parameter +- Update github.com/opencontainers/selinux +- Fix buildah bud --layers +- Force ownership of /etc/hosts and /etc/resolv.conf to 0:0 +- main: if unprivileged, reexec in a user namespace +- Vendor in latest imagebuilder +- Reduce the complexity of the buildah.Run function +- mount: output it before replacing lastError +- Vendor in latest selinux-go code +- Implement basic recognition of the "--isolation" option +- Run(): try to resolve non-absolute paths using $PATH +- Run(): don't include any default environment variables +- build without seccomp +- vendor in latest runtime-tools +- bind/mount_unsupported.go: remove import errors +- Update github.com/opencontainers/runc +- Add Capabilities lists to BuilderInfo +- Tweaks for commit tests +- commit: recognize committing to second storage locations +- Fix ARGS parsing for run commands +- Add info on registries.conf to from manpage +- Switch from using docker to podman for testing in .papr +- buildah: set the HTTP User-Agent +- ONBUILD tutorial +- Add information about the configuration files to the install docs +- Makefile: add uninstall +- Add tilde info for push to troubleshooting +- mount: support multiple inputs +- Use the right formatting when adding entries to /etc/hosts +- Vendor in latest go-selinux bindings +- Allow --userns-uid-map/--userns-gid-map to be global options +- bind: factor out UnmountMountpoints +- Run(): simplify runCopyStdio() +- Run(): handle POLLNVAL results +- Run(): tweak terminal mode handling +- Run(): rename 'copyStdio' to 'copyPipes' +- Run(): don't set a Pdeathsig for the runtime +- Run(): add options for adding and removing capabilities +- Run(): don't use a callback when a slice will do +- setupSeccomp(): refactor +- Change RunOptions.Stdin/Stdout/Stderr to just be Reader/Writers +- Escape use of '_' in .md docs +- Break out getProcIDMappings() +- Break out SetupIntermediateMountNamespace() +- Add Multi From Demo +- Use the c/image conversion code instead of converting configs manually +- Don't throw away the manifest MIME type and guess again +- Consolidate loading manifest and config in initConfig +- Pass a types.Image to Builder.initConfig +- Require an image ID in importBuilderDataFromImage +- Use c/image/manifest.GuessMIMEType instead of a custom heuristic +- Do not ignore any parsing errors in initConfig +- Explicitly handle "from scratch" images in Builder.initConfig +- Fix parsing of OCI images +- Simplify dead but dangerous-looking error handling +- Don't ignore v2s1 history if docker_version is not set +- Add --rm and --force-rm to buildah bud +- Add --all,-a flag to buildah images +- Separate stdio buffering from writing +- Remove tty check from images --format +- Add environment variable BUILDAH_RUNTIME +- Add --layers and --no-cache to buildah bud +- Touch up images man +- version.md: fix DESCRIPTION +- tests: add containers test +- tests: add images test +- images: fix usage +- fix make clean error +- Change 'registries' to 'container registries' in man +- add commit test +- Add(): learn to record hashes of what we add +- Minor update to buildah config documentation for entrypoint +- Add registries.conf link to a few man pages + +* Sun Jun 10 2018 Dan Walsh 1.1-1 +- Drop capabilities if running container processes as non root +- Print Warning message if cmd will not be used based on entrypoint +- Update 01-intro.md +- Shouldn't add insecure registries to list of search registries +- Report errors on bad transports specification when pushing images +- Move parsing code out of common for namespaces and into pkg/parse.go +- Add disable-content-trust noop flag to bud +- Change freenode chan to buildah +- runCopyStdio(): don't close stdin unless we saw POLLHUP +- Add registry errors for pull +- runCollectOutput(): just read until the pipes are closed on us +- Run(): provide redirection for stdio +- rmi, rm: add test +- add mount test +- Add parameter judgment for commands that do not require parameters +- Add context dir to bud command in baseline test +- run.bats: check that we can run with symlinks in the bundle path +- Give better messages to users when image can not be found +- use absolute path for bundlePath +- Add environment variable to buildah --format +- rm: add validation to args and all option +- Accept json array input for config entrypoint +- Run(): process RunOptions.Mounts, and its flags +- Run(): only collect error output from stdio pipes if we created some +- Add OnBuild support for Dockerfiles +- Quick fix on demo readme +- run: fix validate flags +- buildah bud should require a context directory or URL +- Touchup tutorial for run changes +- Validate common bud and from flags +- images: Error if the specified imagename does not exist +- inspect: Increase err judgments to avoid panic +- add test to inspect +- buildah bud picks up ENV from base image +- Extend the amount of time travis_wait should wait +- Add a make target for Installing CNI plugins +- Add tests for namespace control flags +- copy.bats: check ownerships in the container +- Fix SELinux test errors when SELinux is enabled +- Add example CNI configurations +- Run: set supplemental group IDs +- Run: use a temporary mount namespace +- Use CNI to configure container networks +- add/secrets/commit: Use mappings when setting permissions on added content +- Add CLI options for specifying namespace and cgroup setup +- Always set mappings when using user namespaces +- Run(): break out creation of stdio pipe descriptors +- Read UID/GID mapping information from containers and images +- Additional bud CI tests +- Run integration tests under travis_wait in Travis +- build-using-dockerfile: add --annotation +- Implement --squash for build-using-dockerfile and commit +- Vendor in latest container/storage for devicemapper support +- add test to inspect +- Vendor github.com/onsi/ginkgo and github.com/onsi/gomega +- Test with Go 1.10, too +- Add console syntax highlighting to troubleshooting page +- bud.bats: print "$output" before checking its contents +- Manage "Run" containers more closely +- Break Builder.Run()'s "run runc" bits out +- util.ResolveName(): handle completion for tagged/digested image names +- Handle /etc/hosts and /etc/resolv.conf properly in container +- Documentation fixes +- Make it easier to parse our temporary directory as an image name +- Makefile: list new pkg/ subdirectoris as dependencies for buildah +- containerImageSource: return more-correct errors +- API cleanup: PullPolicy and TerminalPolicy should be types +- Make "run --terminal" and "run -t" aliases for "run --tty" +- Vendor github.com/containernetworking/cni v0.6.0 +- Update github.com/containers/storage +- Update github.com/projectatomic/libpod +- Add support for buildah bud --label +- buildah push/from can push and pull images with no reference +- Vendor in latest containers/image +- Update gometalinter to fix install.tools error +- Update troubleshooting with new run workaround +- Added a bud demo and tidied up +- Attempt to download file from url, if fails assume Dockerfile +- Add buildah bud CI tests for ENV variables +- Re-enable rpm .spec version check and new commit test +- Update buildah scratch demo to support el7 +- Added Docker compatibility demo +- Update to F28 and new run format in baseline test +- Touchup man page short options across man pages +- Added demo dir and a demo. chged distrorlease +- builder-inspect: fix format option +- Add cpu-shares short flag (-c) and cpu-shares CI tests +- Minor fixes to formatting in rpm spec changelog +- Fix rpm .spec changelog formatting +- CI tests and minor fix for cache related noop flags +- buildah-from: add effective value to mount propagation + +* Mon May 7 2018 Dan Walsh 1.0-1 +- Remove buildah run cmd and entrypoint execution +- Add Files section with registries.conf to pertinent man pages +- Force "localhost" as a default registry +- Add --compress, --rm, --squash flags as a noop for bud +- Add FIPS mode secret to buildah run and bud +- Add config --comment/--domainname/--history-comment/--hostname +- Add support for --iidfile to bud and commit +- Add /bin/sh -c to entrypoint in config +- buildah images and podman images are listing different sizes +- Remove tarball as an option from buildah push --help +- Update entrypoint behaviour to match docker +- Display imageId after commit +- config: add support for StopSignal +- Allow referencing stages as index and names +- Add multi-stage builds support +- Vendor in latest imagebuilder, to get mixed case AS support +- Allow umount to have multi-containers +- Update buildah push doc +- buildah bud walks symlinks +- Imagename is required for commit atm, update manpage + +* Thu May 03 2018 Lokesh Mandvekar - 0.16-3.git532e267 +- Resolves: #1573681 +- built commit 532e267 + +* Tue Apr 10 2018 Lokesh Mandvekar - 0.16.0-2.git6f7d05b +- built commit 6f7d05b + +* Wed Apr 4 2018 Dan Walsh 0.16-1 +- Add support for shell +- Vendor in latest containers/image +- docker-archive generates docker legacy compatible images +- Do not create $DiffID subdirectories for layers with no configs +- Ensure the layer IDs in legacy docker/tarfile metadata are unique +- docker-archive: repeated layers are symlinked in the tar file +- sysregistries: remove all trailing slashes +- Improve docker/* error messages +- Fix failure to make auth directory +- Create a new slice in Schema1.UpdateLayerInfos +- Drop unused storageImageDestination.{image,systemContext} +- Load a *storage.Image only once in storageImageSource +- Support gzip for docker-archive files +- Remove .tar extension from blob and config file names +- ostree, src: support copy of compressed layers +- ostree: re-pull layer if it misses uncompressed_digest|uncompressed_size +- image: fix docker schema v1 -> OCI conversion +- Add /etc/containers/certs.d as default certs directory +- Change image time to locale, add troubleshooting.md, add logo to other mds +- Allow --cmd parameter to have commands as values +- Document the mounts.conf file +- Fix man pages to format correctly +- buildah from now supports pulling images using the following transports: +- docker-archive, oci-archive, and dir. +- If the user overrides the storage driver, the options should be dropped +- Show Config/Manifest as JSON string in inspect when format is not set +- Adds feature to pull compressed docker-archive files + +* Tue Feb 27 2018 Dan Walsh 0.15-1 +- Fix handling of buildah run command options + +* Mon Feb 26 2018 Dan Walsh 0.14-1 +- If commonOpts do not exist, we should return rather then segfault +- Display full error string instead of just status +- Implement --volume and --shm-size for bud and from +- Fix secrets patch for buildah bud +- Fixes the naming issue of blobs and config for the dir transport by removing the .tar extension + +* Mon Feb 26 2018 Lokesh Mandvekar - 0.13-1.git99066e0 +- use correct version + +* Mon Feb 26 2018 Lokesh Mandvekar - 0.12-4.git99066e0 +- enable debuginfo + +* Mon Feb 26 2018 Lokesh Mandvekar - 0.12-3.git99066e0 +- BR: libseccomp-devel + +* Mon Feb 26 2018 Lokesh Mandvekar - 0.12-2.git99066e0 +- Resolves: #1548535 +- built commit 99066e0 + +* Mon Feb 12 2018 Dan Walsh 0.12-1 +- Added handing for simpler error message for Unknown Dockerfile instructions. +- Change default certs directory to /etc/containers/certs.dir +- Vendor in latest containers/image +- Vendor in latest containers/storage +- build-using-dockerfile: set the 'author' field for MAINTAINER +- Return exit code 1 when buildah-rmi fails +- Trim the image reference to just its name before calling getImageName +- Touch up rmi -f usage statement +- Add --format and --filter to buildah containers +- Add --prune,-p option to rmi command +- Add authfile param to commit +- Fix --runtime-flag for buildah run and bud +- format should override quiet for images +- Allow all auth params to work with bud +- Do not overwrite directory permissions on --chown +- Unescape HTML characters output into the terminal +- Fix: setting the container name to the image +- Prompt for un/pwd if not supplied with --creds +- Make bud be really quiet +- Return a better error message when failed to resolve an image +- Update auth tests and fix bud man page + +* Mon Feb 05 2018 Lokesh Mandvekar - 0.11-3.git49095a8 +- Resolves: #1542236 - add ostree and bump runc dep + +* Thu Feb 01 2018 Frantisek Kluknavsky - 0.11-2.git49095a8 +- rebased to 49095a83f8622cf69532352d183337635562e261 + +* Tue Jan 16 2018 Dan Walsh 0.11-1 +- Add --all to remove containers +- Add --all functionality to rmi +- Show ctrid when doing rm -all +- Ignore sequential duplicate layers when reading v2s1 +- Lots of minor bug fixes +- Vendor in latest containers/image and containers/storage + +* Sat Dec 23 2017 Dan Walsh 0.10-2 +- Fix checkin + +* Sat Dec 23 2017 Dan Walsh 0.10-1 +- Display Config and Manifest as strings +- Bump containers/image +- Use configured registries to resolve image names +- Update to work with newer image library +- Add --chown option to add/copy commands + +* Tue Dec 12 2017 Lokesh Mandvekar - 0.9-2.git04ea079 +- build for all arches + +* Sat Dec 2 2017 Dan Walsh 0.9-1 +- Allow push to use the image id +- Make sure builtin volumes have the correct label + +* Wed Nov 22 2017 Dan Walsh 0.8-1 +- Buildah bud was failing on SELinux machines, this fixes this +- Block access to certain kernel file systems inside of the container + +* Thu Nov 16 2017 Dan Walsh 0.7-1 +- Ignore errors when trying to read containers buildah.json for loading SELinux reservations +- Use credentials from kpod login for buildah +- Adds support for converting manifest types when using the dir transport +- Rework how we do UID resolution in images +- Bump github.com/vbatts/tar-split +- Set option.terminal appropriately in run + +* Thu Nov 16 2017 Frantisek Kluknavsky - 0.5-5.gitf7dc659 +- revert building for s390x, it is intended for rhel 7.5 + +* Wed Nov 15 2017 Dan Walsh 0.5-4 +- Add requires for container-selinux + +* Mon Nov 13 2017 Frantisek Kluknavsky - 0.5-3.gitf7dc659 +- build for s390x, https://bugzilla.redhat.com/show_bug.cgi?id=1482234 + +* Wed Nov 08 2017 Dan Walsh 0.5-2 +- Bump github.com/vbatts/tar-split +- Fixes CVE That could allow a container image to cause a DOS + +* Tue Nov 07 2017 Dan Walsh 0.5-1 +- Add secrets patch to buildah +- Add proper SELinux labeling to buildah run +- Add tls-verify to bud command +- Make filtering by date use the image's date +- images: don't list unnamed images twice +- Fix timeout issue +- Add further tty verbiage to buildah run +- Make inspect try an image on failure if type not specified +- Add support for `buildah run --hostname` +- Tons of bug fixes and code cleanup + +* Tue Nov 7 2017 Nalin Dahyabhai - 0.4-2.git01db066 +- bump to latest version +- set GIT_COMMIT at build-time + +* Fri Sep 22 2017 Dan Walsh 0.4-1.git9cbccf88c +- Add default transport to push if not provided +- Avoid trying to print a nil ImageReference +- Add authentication to commit and push +- Add information on buildah from man page on transports +- Remove --transport flag +- Run: do not complain about missing volume locations +- Add credentials to buildah from +- Remove export command +- Run(): create the right working directory +- Improve "from" behavior with unnamed references +- Avoid parsing image metadata for dates and layers +- Read the image's creation date from public API +- Bump containers/storage and containers/image +- Don't panic if an image's ID can't be parsed +- Turn on --enable-gc when running gometalinter +- rmi: handle truncated image IDs + +* Fri Sep 22 2017 Lokesh Mandvekar - 0.4-1.git9cbccf8 +- bump to v0.4 + +* Wed Aug 02 2017 Fedora Release Engineering - 0.3-4.gitb9b2a8a +- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild + +* Wed Jul 26 2017 Fedora Release Engineering - 0.3-3.gitb9b2a8a +- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild + +* Thu Jul 20 2017 Dan Walsh 0.3-2.gitb9b2a8a7e +- Bump for inclusion of OCI 1.0 Runtime and Image Spec + +* Tue Jul 18 2017 Dan Walsh 0.2.0-1.gitac2aad6 +- buildah run: Add support for -- ending options parsing +- buildah Add/Copy support for glob syntax +- buildah commit: Add flag to remove containers on commit +- buildah push: Improve man page and help information +- buildah run: add a way to disable PTY allocation +- Buildah docs: clarify --runtime-flag of run command +- Update to match newer storage and image-spec APIs +- Update containers/storage and containers/image versions +- buildah export: add support +- buildah images: update commands +- buildah images: Add JSON output option +- buildah rmi: update commands +- buildah containers: Add JSON output option +- buildah version: add command +- buildah run: Handle run without an explicit command correctly +- Ensure volume points get created, and with perms +- buildah containers: Add a -a/--all option + +* Wed Jun 14 2017 Dan Walsh 0.1.0-2.git597d2ab9 +- Release Candidate 1 +- All features have now been implemented. + +* Fri Apr 14 2017 Dan Walsh 0.0.1-1.git7a0a5333 +- First package for Fedora