Changelog for
umoci-0.4.7-4.2.x86_64.rpm :
* Tue Feb 20 2024 Dominique Leuenberger
- Use %patch -P N instead of deprecated %patchN.
* Mon Mar 27 2023 Frederic Crozat - Drop explicit BuildRequires on go1.14, no longer needed.
* Tue Apr 06 2021 Aleksa Sarai - Update to umoci v0.4.7. CVE-2021-29136 bsc#1184147 A security flaw was found in umoci, and has been fixed in this release. If umoci was used to unpack a malicious image (using either umoci unpack or umoci raw unpack) that contained a symlink entry for /., umoci would apply subsequent layers to the target of the symlink (resolved on the host filesystem). This means that if you ran umoci as root, a malicious image could overwrite any file on the system (assuming you didn\'t have any other access control restrictions). Thanks to Robin Peraglie from Cure53 for discovering this bug. CVE-2021-29136 Other changes in this release:
* umoci now compiles on FreeBSD and appears to work, with the notable limitation that it currently refuses to extract non-Linux images on any platform (this will be fixed in a future release).
* Initial fuzzer implementations for oss-fuzz.
* umoci will now read all trailing data from image layers, to combat the existence of some image generators that appear to append NUL bytes to the end of the gzip stream (which would previously cause checksum failures because we didn\'t read nor checksum the trailing junk bytes). However, umoci will still not read past the descriptor length.
* umoci now ignores all overlayfs xattrs during unpack and repack operations, to avoid causing issues when packing a raw overlayfs directory.
* For details, see CHANGELOG.md in the package.- Backport patch to fix KIWI which depends on umoci having sane output from \"umoci --version\". + 0001-makefile-fix-bad-build-flags.patch- Remove upstreamed patches: - CVE-2021-29136.patch
* Thu Apr 01 2021 Aleksa Sarai - Re-disable s390 builds.
* Tue Mar 30 2021 Aleksa Sarai [This was only ever released in Leap and SLES.]- Add fix for CVE-2021-29136. bsc#1184147 + CVE-2021-29136.patch
* Wed Jun 24 2020 Aleksa Sarai - Update to umoci v0.4.6. umoci has been adopted by the Open Container Initative as a reference implementation of the OCI Image Specification. This will have little impact on the roadmap or scope of umoci, but it does further solidify umoci as a useful piece of \"boring container infrastructure\" that can be used to build larger systems. >
*
*NOTICE
*
*: As part of the adoption procedure, the import path and module > name of umoci has changed from `github.com/openSUSE/umoci` to > `github.com/opencontainers/umoci`. This means that users of our (still > unstable) Go API will have to change their import paths in order to update > to newer versions of umoci. > > The old GitHub project will contain a snapshot of `v0.4.5` with a few > minor changes to the readme that explain the situation. Go projects which > import import the archived project will receive build warnings that > explain the need to update their import paths. + umoci now builds on MacOS, and we currently run the unit tests on MacOS to hopefully catch core regressions (in the future we will get the integration tests running to catch more possible regressions). opencontainers/umoci#318
* Suppress repeated xattr warnings on destination filesystems that do not support xattrs. opencontainers/umoci#311
* Work around a long-standing issue in our command-line parsing library (see urfave/cli#1152) by disabling argument re-ordering for `umoci config`, which often takes `-`-prefixed flag arguments. opencontainers/umoci#328
* For details, see CHANGELOG.md in the package.
* Tue Dec 03 2019 Aleksa Sarai - Update to umoci v0.4.5.
* Use \"type: bind\" for generated config.json bind-mounts.
* Don\'t insert a new layer if there is no diff.
* Only output a warning if forbidden extended attributes are present inside the tar archive.
* For details, see CHANGELOG.md in the package.
* Mon Mar 18 2019 - Enable build for s390x on openSUSE
* Thu Jan 31 2019 Aleksa Sarai - Update to umoci v0.4.4.
* Added full-stack verification of blob hashes and descriptors for all operations (improving our hardening against bad images).
* For details, see CHANGELOG.md in the package.
* Sun Nov 11 2018 asaraiAATTsuse.com- Update to umoci v0.4.3.
* Added --no-history to all commands with --history.
* flags. Should only be used for umoci-config(1).
* Added `umoci insert --tag` to allow non-destructive modifications.
* For details, see packaged /usr/share/doc/packages/umoci/CHANGELOG.md.