From 4eac9e8a2ff6fcd327ba19a6ab2f5eeaf3039251 Mon Sep 17 00:00:00 2001 From: Oskari Rauta Date: Mon, 27 Feb 2023 15:15:09 +0000 Subject: [PATCH] podman: update to v4.4.2 Security: - This release fixes CVE-2023-0778, which allowed a malicious user to potentially replace a normal file in a volume with a symlink while exporting the volume, allowing for access to arbitrary files on the host file system. Bugfixes: - Fixed a bug where containers started via the podman-kube systemd template would always use the "passthrough" log driver (#17482). - Fixed a bug where pulls would unexpectedly encounter an EOF error. Now, Podman automatically transparently resumes aborted pull connections. - Fixed a race condition in Podman's signal proxy. Misc: - Updated the containers/image library to v5.24.1. Patch also refreshed Signed-off-by: Oskari Rauta --- utils/podman/Makefile | 4 ++-- utils/podman/patches/010-do-not-build-docs.patch | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/utils/podman/Makefile b/utils/podman/Makefile index d18411e7c6..4584f4a2c6 100644 --- a/utils/podman/Makefile +++ b/utils/podman/Makefile @@ -1,12 +1,12 @@ include $(TOPDIR)/rules.mk PKG_NAME:=podman -PKG_VERSION:=4.4.1 +PKG_VERSION:=4.4.2 PKG_RELEASE:=1 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz PKG_SOURCE_URL:=https://github.com/containers/podman/archive/v$(PKG_VERSION) -PKG_HASH:=0b84dbc3ca1d3cc75708635e3a322c481bb679103040866024b1fa2be6826455 +PKG_HASH:=59cec158438efa8a3e651b19e150d9afd90f7e3f07c30605a997e18b8c54b67c PKG_LICENSE:=Apache-2.0 PKG_LICENSE_FILES:=LICENSE diff --git a/utils/podman/patches/010-do-not-build-docs.patch b/utils/podman/patches/010-do-not-build-docs.patch index 67317fda39..6f77e1b874 100644 --- a/utils/podman/patches/010-do-not-build-docs.patch +++ b/utils/podman/patches/010-do-not-build-docs.patch @@ -9,7 +9,7 @@ .PHONY: binaries ifeq ($(shell uname -s),FreeBSD) -@@ -792,7 +792,7 @@ package-install: package ## Install rpm +@@ -797,7 +797,7 @@ package-install: package ## Install rpm /usr/bin/podman info # will catch a broken conmon .PHONY: install