Recommended update for buildah

Announcement ID: SUSE-RU-2023:1866-1
Rating: moderate
References:
Affected Products:
  • Containers Module 15-SP4
  • openSUSE Leap 15.4
  • SUSE Linux Enterprise High Performance Computing 15 SP4
  • SUSE Linux Enterprise Real Time 15 SP4
  • SUSE Linux Enterprise Server 15 SP4
  • SUSE Linux Enterprise Server for SAP Applications 15 SP4
  • SUSE Manager Proxy 4.3
  • SUSE Manager Retail Branch Server 4.3
  • SUSE Manager Server 4.3

An update that contains one feature can now be installed.

Description:

This update for buildah fixes the following issues:

Update to version 1.29.1 (jsc#PED-1805):

  • Update to c/image 5.24.1

Update to version 1.29.0:

  • tests: improve build-with-network-test
  • Flake 3710 has been closed. Reenable the test.
  • [CI:DOCS] Fix two diversity issues in a tutorial
  • vendor in latests containers/(storage, common, image)
  • fix bud-multiple-platform-with-base-as-default-arg flake
  • stage_executor: while mounting stages use freshly built stage
  • vendor in latests containers/(storage, common, image, ocicyrpt)
  • [Itests: change the runtime-flag test for crun
  • [CI:DOCS] README: drop sudo
  • Fix multi-arch manifest-list build timeouts
  • Cirrus: Update VM Images
  • bud: Consolidate multiple synthetic LABEL instructions
  • build, secret: allow realtive mountpoints wrt to work dir
  • fixed squash documentation
  • Vendor in latest containers/(common, image, storage)
  • system tests: remove unhelpful assertions
  • buildah: add prune command and expose CleanCacheMount API
  • Add support for --group-add to buildah from
  • Add documentation for buildah build --pull=missing
  • parse: default ignorefile must not point to symlink outside context
  • buildah: wrap network setup errors
  • build, mount: allow realtive mountpoints wrt to work dir
  • Update to F37 CI VM Images, re-enable prior-fedora
  • Update vendor or containers/(image, storage, common)
  • Update contact information
  • Replace io/ioutil calls with os calls
  • [skip-ci] GHA/Cirrus-cron: Fix execution order
  • Vendor in containers/common
  • remote-cache: support multiple sources and destinations
  • Update c/storage after https://github.com/containers/storage/pull/1436
  • util.SortMounts(): make the returned order more stable
  • version: Bump to 1.29.0-dev
  • [CI:BUILD] Cirrus: Migrate OSX task to M1
  • Update vendor of containers/(common, storage, image)
  • mount=type=cache: seperate cache parent on host for each user
  • Fix installation instructions for Gentoo Linux
  • GHA: Reuse both cirrus rerun and check workflows
  • Vendor in latest containers/(common,image,storage)
  • copier.Put(): clear up os/syscall mode bit confusion
  • Use TypeBind consistently to name bind/nullfs mounts
  • Add no-new-privileges flag
  • Update vendor of containers/(common, image, storage)
  • imagebuildah:build with --all-platforms must honor args for base images
  • codespell code
  • Expand args and env when using --all-platforms
  • GHA: Simplify Cirrus-Cron check slightly
  • Stop using ubi8
  • remove unnecessary (hence misleading) rmi
  • chroot: fix mounting of ro bind mounts
  • executor: honor default ARG value while eval base name
  • userns: add arbitrary steps/stage to --userns=auto test
  • Don't set allow.mount in the vnet jail on Freebsd
  • copier: Preserve file flags when copying archives on FreeBSD
  • Remove quiet flag, so that it works in podman-remote
  • test: fix preserve rootfs with --mount for podman-remote
  • test: fix prune logic for cache-from after adding content summary
  • vendor in latest containers/(storage, common, image)
  • Fix RUN --mount=type=bind,from=<stage> not preserving rootfs of stage
  • Define and use a safe, reliable test image
  • Fix word missing in Container Tools Guide
  • Makefile: Use $(MAKE) to start sub-makes in install.tools
  • imagebuildah: pull cache from remote repo after adding content summary
  • Makefile: Fix install on FreeBSD
  • Ensure the cache volume locks are unlocked on all paths
  • Vendor in latest containers/(common,storage)
  • Simplify the interface of GetCacheMount and getCacheMount
  • Fix cache locks with multiple mounts
  • Remove calls to Lockfile.Locked()
  • Maintain cache mount locks as lock objects instead of paths
  • test: cleaning cache must not clean lockfiles
  • run: honor lockfiles for multiple --mount instruction
  • mount,cache: lockfiles must not be part of users cache content
  • Update vendor containers/(common,image,storage)
  • [CI:BUILD] copr: buildah rpm should depend on containers-common-extra
  • pr-should-include-tests: allow specfile, golangci
  • sshagent: LockOSThread before setting SocketLabel
  • Update tests for error message changes
  • Update c/image after https://github.com/containers/image/pull/1299
  • Fix ident for dependabot gha block
  • Fix man pages to match latest cobra settings
  • test: retrofit 'bud with undefined build arg directory'
  • imagebuildah: warnOnUnsetBuildArgs while processing stages from executor
  • Update contrib/buildahimage/Containerfile
  • Cirrus CI add flavor parameter
  • Correction - FLAVOR not FLAVOUR
  • Changed build argument from RELEASE to FLAVOUR
  • Combine buildahimage Containerfiles
  • bud.bats refactoring: $TEST_SCRATCH_DIR, part 2 of 2
  • bud.bats refactoring: $TEST_SCRATCH_DIR, part 1 of 2
  • System test cleanup: document, clarify, fix

Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

  • openSUSE Leap 15.4
    zypper in -t patch openSUSE-SLE-15.4-2023-1866=1
  • Containers Module 15-SP4
    zypper in -t patch SUSE-SLE-Module-Containers-15-SP4-2023-1866=1

Package List:

  • openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64)
    • buildah-1.29.1-150400.3.14.1
  • Containers Module 15-SP4 (aarch64 ppc64le s390x x86_64)
    • buildah-1.29.1-150400.3.14.1

References: