Security update for podman

Announcement ID:	SUSE-SU-2025:20805-1
Release Date:	2025-10-01T13:49:41Z
Rating:	important
References:	bsc#1239088 bsc#1242132 bsc#1245320
Cross-References:	CVE-2025-6032
CVSS scores:	CVE-2025-6032 ( SUSE ): 9.0 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H CVE-2025-6032 ( SUSE ): 8.3 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H CVE-2025-6032 ( NVD ): 8.3 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H
Affected Products:	SUSE Linux Micro 6.1

An update that solves one vulnerability and has two fixes can now be installed.

Description:

This update for podman fixes the following issues:

CVE-2025-6032: Fixed machine init command failing to verify TLS certificate (bsc#1245320)
Fix conditional Requires (remove deprecated sle_version macro)
Update to version 5.4.2:
Add release notes for v5.4.2
Fix a potential deadlock during podman cp
Improve the file format documentation of podman-import.
Revert "podman-import only supports gz and tar"
Bump buildah to v1.39.4
libpod: do not cover idmapped mountpoint
test: Fix runc error message
oci: report empty exec path as ENOENT
test: adapt tests new crun error messages
test: remove duplicate test
cirrus: test only on f41/rawhide
CI: use z1d instance for windows machine testing
New images 2025-03-24
test/e2e: use go net.Dial() ov nc
test: use ncat over nc
New images 2025-03-12
RPM: Add riscv64 to ExclusiveArch-es
Fix HealthCheck log destination, count, and size defaults
Win installer test: hardcode latest GH release ID
Packit: Fix action script for fetching upstream commit
Bump to v5.4.2-dev
Bump to v5.4.1
update gvproxy version to 0.8.4
Update Buildah to v1.39.2
Update release notes for v5.4.1
Fix reporting summed image size for compat endpoint
podman-import only supports gz and tar
quadlet kube: correctly mark unit as failed
pkg/domain/infra/abi/play.go: fix two nilness issues
kube play: don't print start errors twice
libpod: race in WaitForConditionWithInterval()
libpod: race in WaitForExit() with autoremove
Don't try to resolve host path if copying to container from stdin.
Use svg for pkginstaller banner
Create quota before _data dir for volumes
Packit: clarify secondary status in CI
Packit/RPM: Display upstream commit SHA in all rpm builds
podman run: fix --pids-limit -1 wrt runc
vendor: update github.com/go-jose/go-jose/v3 to v3.0.4
chore(deps): update module github.com/go-jose/go-jose/v4 to v4.0.5 [security]
wire up --retry-delay for artifact pull
Revert "silence false positve from golangci-lint"
update golangci-lint to v1.64.4
update golangci-lint to v1.64.2
silence false positve from golangci-lint
cmd/podman: refactor Context handling
fix new usetesting lint issue
Packit/Copr: Fix podman version in rpm
Remove persist directory when cleaning up Conmon files
Bump to v5.4.1-dev
Bump to v5.4.0
Update release notes for v5.4.0 final
In SQLite state, use defaults for empty-string checks
Bump FreeBSD version to 13.4
docs: add v5.4 to API reference
Update rpm/podman.spec
RPM: set buildOrigin in LDFLAG
RPM: cleanup macro defs
Makefile: escape BUILD_ORIGIN properly
rootless: fix hang on s390x
Set Cirrus DEST_BRANCH appropriately to fix CI
Bump to v5.4.0-dev
Bump to v5.4.0-rc3
Update release notes for v5.4.0-rc3
Add BuildOrigin field to podman info
artifact: only allow single manifest
test/e2e: improve write/removeConf()
Add --noheading to artifact ls
Add --no-trunc to artifact ls
Add type and annotations to artifact add
pkg/api: honor cdi devices from the hostconfig
util: replace Walk with WalkDir
fix(pkg/rootless): avoid memleak during init() contructor.
Add machine init --playbook
RPM: include empty check to silence rpmlint
RPM: adjust qemu dependencies
Force use of iptables on Windows WSL
rpm: add attr as dependency for podman-tests
update gvproxy version
[v5.4] Bump Buildah to v1.39.0
podman exec: correctly support detaching
libpod: remove unused ExecStartAndAttach()
[v5.4] Bump c/storage to v1.57.1, c/image v5.34.0, c/common v0.62.0
Move detection of libkrun and intel
Prevent two podman machines running on darwin
Remove unnecessary error handling
Remove usused Kind() function
Bump to v5.4.0-dev
Bump to v5.4.0-rc2
Update release notes for v5.4.0-rc2
Safer use of filepath.EvalSymlinks() on Windows
error with libkrun on intel-based machines
chore(deps): update dependency pytest to v8.3.4
test/buildah-bud: skip two new problematic tests on remote
Fix podman-restart.service when there are no containers
Avoid upgrading from v5.3.1 on Windows
Clean up after unexpectedly terminated build
system-tests: switch ls with getfattr for selinux tests
vendor latest c/{buildah,common,image,storage}
Makefile: Add validatepr description for 'make help' output
docs: Enhance podman build --secret documentation and add examples
docs: mount.md - idmapped mounts only work for root user
Define, and use, PodmanExitCleanlyWithOptions
Eliminate PodmanSystemdScope
Fix image ID query
Revert "Use the config digest to compare images loaded/pulled using different methods"
Update c/image after https://github.com/containers/image/pull/2613
Update expected errors when pulling encrypted images
Eliminate PodmanExtraFiles
Introduce PodmanTestIntegration.PodmanWithOptions
Restructure use of options
Inline PodmanBase into callers
Pass all of PodmanExecOptions to various [mM]akeOptions functions
Turn PodmanAsUserBase into PodmanExecBaseWithOptions
Avoid indirect links through quadlet(5)
do not set the CreateCommand for API users
Add podman manifest rm --ignore
Bump to v5.4.0-dev
Bump to v5.4.0-rc1
fix(deps): update module github.com/containers/gvisor-tap-vsock to v0.8.2
podman artifact
vendor latest c/{common,image,storage}
fix(deps): update module github.com/rootless-containers/rootlesskit/v2 to v2.3.2
cirrus: bump macos machine test timeout
pkg/machine/e2e: improve podman.exe match
pkg/machine/e2e: improve "list machine from all providers"
Remove JSON tag from UseImageHosts in ContainerConfig
Set network ID if available during container inspect
Stop creating a patch for v5.3.1 upgrades on windows
compose docs: fix typo
Document kube-play CDI support
docs: Add quadlet debug method systemd-analyze
Replace instances of PodmanExitCleanly in play_kube_test.go
docs: add 'initialized' state to status filters
fix(deps): update module google.golang.org/protobuf to v1.36.3
Switch all calls of assert.Nil to assert.NoError
Add --no-hostname option
Fix unescaping octal escape sequence in values of Quadlet unit files
Remove .exe suffix if any
Add kube play support for CDI resource allocation
add support to ; for comments in unit files as per systemd documentation
Use PodmanExitCleanly in attach_test.go
Introduce PodmanTestIntegration.PodmanExitCleanly
chore(deps): update dependency setuptools to ~=75.8.0
Add newer c/i to support artifacts
fix(deps): update module golang.org/x/tools to v0.29.0
fix(deps): update module golang.org/x/net to v0.34.0
specgenutil: Fix parsing of mount option ptmxmode
namespaces: allow configuring keep-id userns size
Update description for completion
Quadlet - make sure the /etc/containers/systemd/users is traversed in rootless
Document .build for Image .container option
fix(deps): update module github.com/vbauerster/mpb/v8 to v8.9.1
New VM Images
update golangci/golangci-lint to v1.63.4
fix(deps): update module google.golang.org/protobuf to v1.36.2
chore(deps): update dependency setuptools to ~=75.7.0
Fixing ~/.ssh/identity handling
vendor latest c/common from main
fix(deps): update module github.com/shirou/gopsutil/v4 to v4.24.12
fix(deps): update module github.com/opencontainers/runc to v1.2.4
specgen: fix comment
Add hint to restart Podman machine to really accept new certificates
fix(deps): update module github.com/onsi/gomega to v1.36.2
fix(deps): update module github.com/moby/term to v0.5.2
Pass container hostname to netavark
Fix slirp4netns typo in podman-network.1.md
Add support to ShmSize in Pods with Quadlet
fix(deps): update module github.com/onsi/ginkgo/v2 to v2.22.1
chore(deps): update module golang.org/x/crypto to v0.31.0 [security]
fix(deps): update module golang.org/x/net to v0.33.0 [security]
Kube volumes can not container _
fix(deps): update module github.com/docker/docker to v27.4.1+incompatible
test/system: fix "podman play --build private registry" error
test/system: CopyDirectory() do not chown files
test/system: remove system dial-stdio test
shell completion: respect CONTAINERS_REGISTRIES_CONF
fix(deps): update module github.com/cpuguy83/go-md2man/v2 to v2.0.6
When generating host volumes for k8s, force to lowercase
test: enable newly added test
vfkit: Use 0.6.0 binary
gvproxy: Use 0.8.1 binary
systemd: simplify parser and fix infinite loop
Revert "win-installer test: revert to v5.3.0"
Avoid rebooting twice when installing WSL
Avoid rebooting on Windows when upgrading and WSL isn't installed
Add win installer patch
Bump WiX toolset version to 5.0.2
test/e2e: SkipOnOSVersion() add reason field
test/e2e: remove outdated SkipOnOSVersion() calls
Update VM images
fix(deps): update module golang.org/x/crypto to v0.31.0 [security]
fix(deps): update module github.com/crc-org/crc/v2 to v2.45.0
fix(deps): update module github.com/opencontainers/runc to v1.2.3
quadlet: fix inter-dependency of containers in Network=
Add man pages to Mac installer
fix(deps): update module github.com/onsi/gomega to v1.36.1
fix(deps): update module github.com/docker/docker to v27.4.0+incompatible
Fix device limitations in podman-remote update on remote systems
Use latest version of VS BuildTools
bin/docker: fix broken escaping and variable substitution
manifest annotate: connect IndexAnnotations
Fix panic in manifest annotate --index
fix(deps): update module github.com/cyphar/filepath-securejoin to v0.3.5
fix(deps): update module golang.org/x/net to v0.32.0
fix(deps): update module golang.org/x/tools to v0.28.0
fix(deps): update module golang.org/x/crypto to v0.30.0
fix(deps): update module golang.org/x/sys to v0.28.0
Fix overwriting of LinuxResources structure in the database
api: replace inspectID with name
fix(deps): update github.com/opencontainers/runtime-tools digest to f7e3563
Replace ExclusiveArch with ifarch
fix(deps): update module github.com/containers/gvisor-tap-vsock to v0.8.1
Improve platform specific URL handling in podman compose for machines
Fix podman info with multiple imagestores
Switch to fixed common
refact: use uptime.minutes instead of uptime.seconds
fix(deps): update module github.com/shirou/gopsutil/v4 to v4.24.11
fix(deps): update golang.org/x/exp digest to 2d47ceb
fix(deps): update github.com/godbus/dbus/v5 digest to c266b19
Cover Unix socket in inpect test on Windows platform
Add a test for forcing compression and v2s2 format
fix(deps): update module github.com/crc-org/vfkit to v0.6.0
Package podman-machine on supported architectures only.
Fixes missing binary in systemd.
stats: ignore errors from containers without cgroups
api: Error checking before NULL dereference
[skip-ci] Packit/copr: switch to fedora-all
make remotesystem: fail early if serial tests fail
spec: clamp rlimits without CAP_SYS_RESOURCE
Clarify the reason for skip_if_remote
Sanity-check that the test is really using partial pulls
Fix apparent typos in zstd:chunked tests
Fix compilation issues in QEMU machine files (Windows platform)
Mount volumes before copying into a container
Revert "libpod: remove shutdown.Unregister()"
docs: improve documentation for internal networks
docs: document bridge mode option
[skip-ci] Packit: remove epel and re-enable c9s
chore(deps): update dependency golangci/golangci-lint to v1.62.2
vendor: update containers/common
OWNERS: remove edsantiago
fix(deps): update module github.com/onsi/gomega to v1.36.0
fix(deps): update github.com/containers/common digest to ceceb40
refact: EventerType and improve consistency
Add --hosts-file flag to container and pod commands
Add nohosts option to /build and /libpod/build
fix(deps): update module github.com/stretchr/testify to v1.10.0
Quadlet - Use = sign when setting the pull arg for build
win-installer test: revert to v5.3.0
fix(deps): update module github.com/crc-org/crc/v2 to v2.44.0
fix(deps): update module github.com/onsi/ginkgo/v2 to v2.22.0
chore(deps): update dependency setuptools to ~=75.6.0
Update windows installer tests
Windows: don't install WSL/HyperV on update
Switch to non-installing WSL by default
fix(deps): update github.com/containers/buildah digest to 52437ef
Configure HealthCheck with podman update
CI: --image-volume test: robustify
docs: add 5.3 as Reference version
Bump CI VMs
libpod: pass down NoPivotRoot to Buildah
vendor: bump containers/buildah
fix(deps): update module github.com/opencontainers/runc to v1.2.2
Overlay mounts supersede image volumes & volumes-from
libpod: addHosts() prevent nil deref
only read ssh_config for non machine connections
ssh_config: allow IdentityFile file with tilde
ssh_config: do not overwrite values from config file
connection: ignore errors when parsing ssh_config
Bump bundled krunkit to 0.1.4
fix(deps): update module google.golang.org/protobuf to v1.35.2
add support for driver-specific options during container creation
doc: fix words repetitions
Update release notes on main for v5.3.0
chore(deps): update dependency setuptools to ~=75.5.0
CI: system tests: parallelize 010
fix podman machine init --ignition-path
vendor: update containers/common
spec: clamp rlimits in a userns
Add subpath support to volumes in --mount option
refactor: simplify LinuxNS type definition and String method
test/e2e: remove FIPS test
vendor containers projects to tagged versions
fix(deps): update module github.com/moby/sys/capability to v0.4.0
chore(deps): update dependency setuptools to ~=75.4.0
system tests: safer install_kube_template()
Buildah treadmill tweaks
update golangci-lint to v1.62.0
fix(deps): update module golang.org/x/net to v0.31.0
fix(deps): update module golang.org/x/tools to v0.27.0
Revert "Reapply "CI: test nftables driver on fedora""
Yet another bump, f41 with fixed kernel
test: add zstd:chunked system tests
pkg/machine/e2e: remove dead code
fix(deps): update module golang.org/x/crypto to v0.29.0
kube SIGINT system test: fix race in timeout handling
New system connection add tests
Update codespell to v2.3.0
Avoid printing PR text to stdout in system test
Exclude symlink from pre-commit end-of-file-fixer
api: Add error check
[CI:ALL] Bump main to v5.4.0-dev
test/buildah-bud: build new inet helper
test/system: add regression test for TZDIR local issue
vendor latest c/{buildah,common,image,storage}
Reapply "CI: test nftables driver on fedora"
Revert "cirrus: test only on f40/rawhide"
test f41 VMs
AdditionalSupport for SubPath volume mounts
wsl-e2e: Add a test to ensure port 2222 is free with usermode networking
winmake.ps1: Fix the syntax of the function call Win-SSHProxy
volume ls: fix race that caused it to fail
gvproxy: Disable port-forwarding on WSL
build: update gvisor-tap-vsock to 0.8.0
podman: update roadmap
Log network creation and removal events in Podman
libpod: journald do not lock thread
Add key to control if a container can get started by its pod
Honor users requests in quadlet files
CI: systests: workaround for parallel podman-stop flake
Fix inconsistent line ending in win-installer project
fix(deps): update module github.com/opencontainers/runc to v1.2.1
Quadlet - support image file based mount in container file
API: container logs flush status code
rework event code to improve API errors
events: remove memory eventer
libpod: log file use Wait() over event API
Makefile: vendor target should always remove toolchain
cirrus: check consitent vendoring in test/tools
test/tools/go.mod: remove toolchain
fix(deps): update module github.com/shirou/gopsutil/v4 to v4.24.10
fix(deps): update module github.com/onsi/gomega to v1.35.1
doc: explain --interactive in more detail
fix(deps): update golang.org/x/exp digest to f66d83c
fix(deps): update github.com/opencontainers/runtime-tools digest to 6c9570a
fix(deps): update github.com/linuxkit/virtsock digest to cb6a20c
add default polling interval to Container.Wait
Instrument cleanup tracer to log weird volume removal flake
make podman-clean-transient.service work as user
Add default remote socket path if empty
Use current user if no user specified
Add support for ssh_config for connection
libpod: use pasta Setup() over Setup2()
fix(deps): update module github.com/onsi/ginkgo/v2 to v2.21.0
fix(deps): update module github.com/onsi/gomega to v1.35.0
logformatter: add cleanup tracer log link
docs: fix broken example
docs: add missing swagger links for the stable branches
readthedocs: build extra formats
pkg/machine/e2e: remove debug
fix(docs): Integrate pasta in rootless tutorial
chore(deps): update dependency setuptools to ~=75.3.0
libpod: report cgroups deleted during Stat() call
chore: fix some function names in comment
CI: parallelize 450-interactive system tests
CI: parallelize 520-checkpoint tests
CI: make 070-build.bats use safe image names
test/system: add podman network reload test to distro gating
System tests: clean up unit file leaks
healthcheck: do not leak service on failed stop
healthcheck: do not leak statup service
fix(deps): update module github.com/containers/gvisor-tap-vsock to v0.8.0
Add Startup HealthCheck configuration to the podman inspect
buildah version display: use progress()
new showrun() for displaying and running shell commands
Buildah treadmill: redo the .cirrus.yml tweaks
Buildah treadmill: more allow-empty options
Buildah treadmill: improve test-failure instructions
Buildah treadmill: improve wording in test-fail instructions
doc: Remove whitespace before comma
fix(deps): update module github.com/checkpoint-restore/checkpointctl to v1.3.0
ps: fix display of exposed ports
ps: do not loop over port protocol
readme: Add reference to pasta in the readme
test/system: Fix spurious "duplicate tests" failures in pasta tests
Improve "podman load - from URL"
Try to repair c/storage after removing an additional image store
Use the config digest to compare images loaded/pulled using different methods
Simplify the additional store test
Fix the store choice in "podman pull image with additional store"
Bump to v5.3.0-dev
Bump to v5.3.0-rc1
Set quota on volume root directory, not _data
fix(deps): update module github.com/opencontainers/runc to v1.2.0
test: set soft ulimit
Vagrantfile: Delete
Enable pod restore with crun
vendor: update c/{buildah,common,image,storage}
Fix 330-corrupt-images.bats in composefs test runs
quadlet: add default network dependencies to all units
quadlet: ensure user units wait for the network
add new podman-user-wait-network-online.service
contrib/systemd: switch user symlink for file symlinks
Makefile: remove some duplication from install.systemd
contrib/systemd: move podman-auto-update units
quadlet: do not reject RemapUsers=keep-id as root
test/e2e: test quadlet with and without --user
CI: e2e: fix checkpoint flake
APIv2 test fix: image history
pasta udp tests: new bytecheck helper
Document packaging process
[skip-ci] RPM: remove dup Provides
Update dependency setuptools to ~=75.2.0
System tests: safer pause-image creation
Update module github.com/opencontainers/selinux to v1.11.1
Added escaping to invoked powershell command for hyperv stubber.
use slices.Clone instead of assignment
libpod API: only return exit code without conditions
Housekeeping: remove duplicates from success_task
Thorough overhaul of CONTRIBUTING doc.
api: Replace close function in condition body
test/e2e: fix default signal exit code test
Test new VM build
CI: fix changing-rootFsSize flake
scp: add option types
Unlock mutex before returning from function
Note in the README that we are moving to timed releases
cirrus: let tar extract figure out the compression
Make error messages more descriptive
Mention containers.conf settings for podman machine commands
[skip-ci] Packit: re-enable CentOS Stream 10/Fedora ELN teasks"
cmd: use logrus to print error
podman: do not set rlimits to the default value
spec: always specify default rlimits
vendor: update containers/common
Note in the README that we are moving to timed releases
Revert "CI: test nftables driver on fedora"
cirrus: use zstd over bzip2 for repo archive
cirrus: use shared repo_prep/repo_artifacts scripts
cirrus: speed up postbuild
cirrus: change alt arch task to only compile binaries
cirrus: run make with parallel jobs where useful
Makefile: allow man-page-check to be run in parallel
cirrus: use fastvm for builds
test/e2e: skip some Containerized checkpoint tests
test: update timezone checks
cirrus: update CI images
test/e2e: try debug potential pasta issue
CI: quadlet system tests: use airgapped testimage
Allow removing implicit quadlet systemd dependencies
fix(deps): update module github.com/cyphar/filepath-securejoin to v0.3.4
libpod API: make wait endpoint better against rm races
podman-remote run: improve how we get the exit code
[skip-ci] Packit: constrain koji and bodhi jobs to fedora package to avoid dupes
055-rm test: clean up a test, and document
CI: remove skips for libkrun
Bump bundled krunkit to 0.1.3
fix(deps): update module google.golang.org/protobuf to v1.35.0
fix(deps): update module golang.org/x/net to v0.30.0
server: fix url parsing in info
fix(deps): update module golang.org/x/tools to v0.26.0
Makefile: fix ginkgo FOCUS option
fix(deps): update module golang.org/x/crypto to v0.28.0
podman-systemd.unit.5: adjust example options
docs: prefer --network to --net
fix(deps): update module golang.org/x/term to v0.25.0
fix(deps): update module github.com/mattn/go-sqlite3 to v1.14.24
fix(deps): update module golang.org/x/sys to v0.26.0
OWNERS file audit and update
Exposed ports are only included when not --net=host
libpod: hasCurrentUserMapped checks for gid too
[CI:DOCS] Document TESTFLAGS in test README file
Validate the bind-propagation option to --mount
Fix typo in secret inspect examples
Mention no_hosts and base_hosts_file configs in CLI option docs
Fixes for vendoring Buildah
vendor: update buildah to latest
Makefile - silence skipped tests when focusing on a file
vendor: update to latest c/common
Quadlet - prefer "param val" over "param=val" to allow env expansion
System tests: sdnotify: wait for socket file creation
Switch to moby/sys/capability
platformInspectContainerHostConfig: rm dead code
CI: require and test CI_DESIRED_NETWORK on RHEL
Add ExposedPorts to Inspect's ContainerConfig
fix(deps): update golang.org/x/exp digest to 701f63a
quadlet: allow variables in PublishPort
fix(deps): update module github.com/shirou/gopsutil/v4 to v4.24.9
fix(deps): update github.com/godbus/dbus/v5 digest to a817f3c
Document that zstd:chunked is downgraded to zstd when encrypting
fix(deps): update module github.com/cyphar/filepath-securejoin to v0.3.3
chore(deps): update dependency ubuntu to v24
rpm: do not load iptables modules on f41+
adding docs for network-cmd-path
Include exposed ports in inspect output when net=host
feat(libpod): support kube play tar content-type (#24015)
podman mount: some better error wrapping
podman mount: ignore ErrLayerUnknown
Quadlet - make sure the order of the UnitsDir is deterministic
packit: disable Centos Stream/fedora ELN teasks
libpod: remove shutdown.Unregister()
libpod: rework shutdown handler flow
libpod: ensure we are not killed during netns creation
Update module github.com/moby/sys/capability to v0.3.0
Update documentation of --no-hosts, --hostname, and --name CLI options
Update documentation of --add-host CLI option
System tests: set a default XDG_RUNTIME_DIR
Modify machine "Remove machine" test
CORS system test: clean up
Add --health-max-log-count, --health-max-log-size, --health-log-destination flags
troubleshooting: adjust home path in tip 44
test/system: For pasta port forwarding tests don't bind socat server
Update connection on removal
Simplify RemoveConnections
Move DefaultMachineName to pkg/machine/define
vendor: update containers/image
vendor: update containers/storage
CI: skip the flaking quadlet test
CI: make systemd tests parallel-safe (*)
CI: run and collect cleanup tracer logs
add epbf program to trace podman cleanup errors
CI: parallelize logs test as much as possible
CI: format test: use local registry if available
CI: make 700-play parallel-safe
docs: Fix missing negation
bin/docker support warning message suppression from user config dir
Update module github.com/docker/docker to v27.3.1+incompatible
Quadlet - add full support for Symlinks
libpod: setupNetNS() correctly mount netns
vendor latest c/common
docs: remove usage of deprecated --storage
Update module github.com/docker/docker to v27.3.0+incompatible
CI: Quadlet rootfs test: use container image as rootfs
CI: system test registry: use --net=host
CI: rm system test: bump grace period
CI: system tests: minor documentation on parallel
fix typo in error message Fixes: containers/podman#24001
CI: system tests: always create pause image
CI: quadlet system test: be more forgiving
vendor latest c/common
CI: make 200-pod parallel-safe
allow exposed sctp ports
test/e2e: add netns leak check
test/system: netns leak check for rootless as well
test/system: Improve TODO comments on IPv6 pasta custom DNS forward test
test/system: Clarify "Local forwarder" pasta tests
test/system: Simplify testing for nameserver connectivity
test/system: Consolidate "External resolver" pasta tests
test/system: Move test for default forwarder into its own case
CI: make 090-events parallel-safe
Misc minor test fixes
Add network namespace leak check
Add workaround for buildah parallel bug
registry: lock start attempts
Update system test template and README
bats log: differentiate parallel tests from sequential
ci: bump system tests to fastvm
clean_setup: create pause image
CI: make 012-manifest parallel-safe
podman-manifest-remove: update docs and help output
test/system: remove wait workaround
wait: fix handling of multiple conditions with exited
Match output of Compat Top API to Docker
system test parallelization: enable two-pass approach
New VMs: test crun 1.17
libpod: hides env secrets from container inspect
CI: e2e: workaround for events out-of-sequence flake
update golangci-lint to 1.61.0
libpod: convert owner IDs only with :idmap
Podman CLI --add-host with multiple host for a single IP
Quadlet - Split getUnitDirs to small functions
fix(deps): update module github.com/cpuguy83/go-md2man/v2 to v2.0.5
chore(deps): update dependency setuptools to ~=75.1.0
Fxi typo in cache-ttl.md
Get WSL disk as an OCI artifact
CI: make 260-sdnotify parallel-safe
quadlet: do not log ENOENT errors
pkg/specgen: allow pasta when running inside userns
troubleshooting: add tip about the user containers
chore(deps): update dependency setuptools to v75
Convert windows paths in volume arg of the build command
Improve error when starting multiple machines
fix(deps): update module github.com/cyphar/filepath-securejoin to v0.3.2
Minor typo noticed when reading podman man page
Remove RemoveFilesAndConnections
Add GetAllMachinesAndRootfulness
rewrite typo osascript
typo
fix(deps): update module github.com/docker/docker to v27.2.1+incompatible
Add radio buttons to select WSL or Hyper-V in windows setup.exe
[skip-ci] Packit: split out ELN jobs and reuse fedora downstream targets
[skip-ci] Packit: Enable sidetags for bodhi updates
vendor: update c/common
CI: make 710-kube parallel-safe
CI: mark 320-system-df NOT parallel safe
Add kube play support for image volume source
refactor: add sshClient function
fix(deps): update module golang.org/x/tools to v0.25.0
CI: make 505-pasta parallel safe
CI: make 020-tag parallel-safe
CI: make 410-selinux parallel-safe
Bump VMs. ShellCheck is now built-in
troubleshooting: add tip about auto, keep-id, nomap
libpod: make use of new pasta option from c/common
vendor latest c/common
podman images: sort repository with tags
Remove containers/common/pkg/config from pkg/util
fix(deps): update module golang.org/x/net to v0.29.0
fix(deps): update module github.com/mattn/go-sqlite3 to v1.14.23
fix(deps): update module golang.org/x/crypto to v0.27.0
Fix CI
Detect and fix typos using codespell
Fix typo: replace buildin with built-in
Add codespell config, pre-commit definition, and move options from Makefile
prune: support clearing build cache using CleanCacheMount
test/e2e: fix network prune flake
Add support for Job to kube generate & play
Add podman-rootless.7 man page
Add DNS, DNSOption and DNSSearch to quadlet pod
podman.1.md: improve policy.json section
e2e: flake fix: SIGPIPE in hook test
libpod: fix rootless cgroup path with --cgroup-parent
vendor: update c/storage
CI: make 055-rm parallel-safe
CI: make 130-kill parallel-safe
CI: make 125-import parallel-safe
CI: make 110-history parallel-safe
CI: system tests: parallelize low-hanging fruit
Add disclaimer to podman machine info manpage.
man pages: refactor two more options
update github.com/opencontainers/runc to v1.2.0-rc.3
update go.etcd.io/bbolt to v1.3.11
update github.com/onsi/{ginkgo,gomega}
Update module github.com/shirou/gopsutil to v4
packit: update fedora and epel targets
bump go to 1.22
cirrus: test only on f40/rawhide
cirrus: remove CI_DESIRED_NETWORK reference
cirrus: prebuild use f40 for extra tests
chore(deps): update dependency setuptools to ~=74.1.0
libpod: fix HostConfig.Devices output from 'podman inspect' on FreeBSD
fix(deps): update golang.org/x/exp digest to 9b4947d
Implement publishing API UNIX socket on Windows platforms
Vendor c/common:8483ef6022b4
quadlet: support container network reusing
docs: update read the docs changes
CI: parallel-safe network system test
Quadlet - Support multiple image tags in .build files
fix(deps): update module github.com/vbauerster/mpb/v8 to v8.8.3
cirrus: remove _bail_if_test_can_be_skipped
cirrus: move renovate check into validate
cirrus: remove 3rd party connectivity check
cirrus: remove cross jobs for aarch64 and x86_64
cirrus: do not upload alt arch cross artifacts
cirrus: remove ginkgo-e2e.json artifact
cirrus: fix default timeouts
github: remove fcos-podman-next-build-prepush
Clarify podman machine volume mounting behavior under WSL
machine: Add -all-providers flag to machine list
Create a podman-troubleshooting man page
chore(deps): update dependency setuptools to v74
fix(deps): update module github.com/docker/docker to v27.2.0+incompatible
Fix an improperly ignored error in SQLite
CI: flake workaround: ignore socat waitpid warnings
fix(deps): update module github.com/rootless-containers/rootlesskit/v2 to v2.3.1
Stop skipping machine volume test on Hyper-V
cleanup: add new --stopped-only option
fix races in the HTTP attach API
cirrus: skip windows/macos machine task on RHEL branches
Update module github.com/containers/gvisor-tap-vsock to v0.7.5
run: fix detach passthrough and --rmi
podman run: ignore image rm error
Add support for AddHost in quadlet .pod and .container
[CI:DOCS] Update dependency golangci/golangci-lint to v1.60.3
update github.com/vishvananda/netlink to v1.3.0
build: Update gvisor-tap-vsock to 0.7.5
Quote systemd DefaultEnvironment Proxy values, as documented in systemd.conf man page:
fix typo in podman-network-create.1.md
Use HTTP path prefix of TCP connections to match Docker context behavior
Makefile: remotesystem: use real podman server, no --url
Update module github.com/openshift/imagebuilder to v1.2.15
CI: parallel-safe userns test
Update module github.com/onsi/ginkgo/v2 to v2.20.1
Add support for IP in quadlet .pod files
Specify format to use for referencing fixed bugs.
CI: parallel-safe run system test
Revert "test/e2e: work around for pasta issue"
CI: On vX.Y-rhel branches, ensure that some downstream Jira issue is linked
quadlet: support user mapping in pod unit
Update Release Process
Test new VM build
command is not optional to podman exec
CI: parallel-safe namespaces system test
[CI:DOCS] Update dependency golangci/golangci-lint to v1.60.2
quadlet: add key CgroupsMode
Fix podman stop and podman run --rmi
quadlet: set infra name to %s-infra
chore(deps): update dependency setuptools to v73
[skip-ci] Packit: update targets for propose-downstream
Do not segfault on hard stop
Fix description of :Z to talk about pods
CI: disable ginkgo flake retries
vendor: update go-criu to latest
golangci-lint: make darwin linting happy
golangci-lint: make windows linting happy
test/e2e: remove kernel version check
golangci-lint: remove most skip dirs
set !remote build tags where needed
update golangci-lint to 1.60.1
test/e2e: rm systemd start test
fix(deps): update module github.com/vbauerster/mpb/v8 to v8.8.1
podman wait: allow waiting for removal of containers
libpod: remove UpdateContainerStatus()
podman mount: fix storage/libpod ctr race
CI: quadlet tests: make parallel-safe
CI: system tests: make random_free_port() parallel-safe
remove trailing comma in example
CI: format test: make parallel-safe
Fix podman-docker.sh under -eu shells (fixes #23628)
docs: update podman-wait man page
libpod: remove duplicated HasVolume() check
podman volume rm --force: fix ABBA deadlock
test/system: fix network cleanup restart test
libpod: do not stop pod on init ctr exit
libpod: simplify WaitForExit()
CI: remove build-time quay check
Fix known_hosts file clogging and remote host id
Update docker.io/library/golang Docker tag to v1.23
Update dependency setuptools to ~=72.2.0
Update module github.com/docker/docker to v27.1.2+incompatible
healthcheck system check: reduce raciness
CI: healthcheck system test: make parallel-safe
Validate renovate config in every PR
pkg/machine: Read stderr from ssh-keygen correctly
Fix renovate config syntax error
CI: 080-pause.bats: make parallel-safe
CI: 050-stop.bats: make parallel-safe
Additional potential race condition on os.Readdir
pkg/bindings/containers: handle ignore for stop
remote: fix invalid --cidfile + --ignore
Update/simplify renovate config header comment
Migrate renovate config to latest schema
Fix race condition when listing /dev
docs/podman-systemd: Try to clarify Exec= more
libpod: reset state error on init
test/system: pasta_test_do add explicit port check
test/e2e: work around new push warning
vendor: update c/common to latest
stopIfOnlyInfraRemains: log all errors
libpod: do not save expected stop errors in ctr state
libpod: fix broken saveContainerError()
Quadlet: fix filters failure when the search paths are symlinks
readme: replace GPG with PGP
Drop APIv2 CNI configuration
De-duplicate docker-py testing
chore(podmansnoop): explain why crun comm is 3
libpod: cleanupNetwork() return error
fix(deps): update module golang.org/x/sys to v0.24.0
Reduce python APIv2 test net dependency
Fix not testing registry.conf updates
test/e2e: improve command timeout handling
Update module github.com/onsi/ginkgo/v2 to v2.20.0
Update module github.com/moby/sys/user to v0.3.0
Add passwd validate and generate steps
podman container cleanup: ignore common errors
Quadlet - Allow the user to override the default service name
CI: e2e: serialize root containerPort tests
Should not force conversion of manifest type to DockerV2ListMediaType
fix(deps): update module golang.org/x/tools to v0.24.0
fix(deps): update github.com/containers/common digest to 05b2e1f
CI: mount system test: parallelize
Update module golang.org/x/net to v0.28.0
Ignore ERROR_SHARING_VIOLATION error on windows
CI: manifest system tests: make parallel-safe
Create volume path before state initialization
vendor: update c/storage
CI: fix broken libkrun test
test/e2e: work around for pasta issue
test/e2e: fix missing exit code checks
Test new CI images
Remove another race condition when mounting containers or images
fix(deps): update github.com/containers/common digest to c0cc6b7
Change Windows installer MajorUpgrade Schedule
Ignore missing containers when calling GetExternalContainerLists
Remove runc edit to lock to specific version
fix(deps): update module golang.org/x/sys to v0.23.0
CI: podman-machine: do not use cache registry
CI: completion system test: use safename
Temporarly disable failing Windows Installer CI test
libpod: fix volume copyup with idmap
libpod: avoid hang on errors
Temp. disable PM basic Volume ops test
Add libkrun Mac task
Never skip checkout step in release workflow
System tests: leak_test: readable output
fix(deps): update github.com/docker/go-plugins-helpers digest to 45e2431
vendor: bump c/common
Version: bump to v5.3.0-dev
libpod: inhibit SIGTERM during cleanup()
Tweak versions in register_images.go
fix network cleanup flake in play kube
WIP: Fixes for vendoring Buildah
Add --compat-volumes option to build and farm build
Bump to Buildah v1.37.0
Quadlet test - Split between success, warning and error cases
libpod: bind ports before network setup
Disable compose-warning-logs if PODMAN_COMPOSE_WARNING_LOGS=false
Use new syntax for selinux options in quadlet
fix(deps): update module github.com/onsi/gomega to v1.34.1
CI: kube test: fix broken external-storage test
Update dependency setuptools to v72
Convert additional build context paths on Windows
pkg/api: do not leak config pointers into specgen
Quadlet - Allow the user to set the service name for .pod files
Quadlet tests - allow overriding the expected service name
fix(deps): update module github.com/moby/sys/user to v0.2.0
fix(deps): update module github.com/vbauerster/mpb/v8 to v8.7.5
CI: enable root user namespaces
libpod: force rootfs for OCI path with idmap
fix(deps): update module github.com/onsi/ginkgo/v2 to v2.19.1
Add test steps for automount with multi images
CI: cp tests: use safename
[skip-ci] RPM: podman-iptables.conf only on Fedora
CI: 700-play: fix a leaked non-safename
test: check that kube generate/play restores the userns
test: disable artifacts cache with composefs
test: fix podman pull tests
vendor: bump c/storage
Update module github.com/cyphar/filepath-securejoin to v0.3.1
Add /run/containers/systemd, ${XDG_RUNTIME_DIR}/containers/systemd quadlet dirs
build: Update gvisor-tap-vsock to 0.7.4
test/system: fix borken pasta interface name checks
test/system: fix bridge host.containers.internal test
api: honor the userns for the infra container
play: handle 'private' as 'auto'
kube: record infra user namespace
infra: user ns annotation higher precedence
specgenutil: record the pod userns in the annotations
kube: invert branches
CI: system log test: use safe names
Update encryption tests to avoid a warning if zstd:chunked is the default
Fix "podman pull and decrypt"/"from local registry"
Use unique image names for the encrypted test images
CI: system tests: instrument to allow failure analysis
Fix outdated comment for the build step win-gvproxy
Add utility to convert VMFile to URL for UNIX sockets
Run codespell on source
fix(deps): update module github.com/docker/docker to v27.1.0+incompatible
chore(deps): update dependency setuptools to ~=71.1.0
logformatter: tweaks to pass html tidy
More information for podman --remote build and running out of space.
Fix windows installer deleting machine provider config file
Use uploaded .zip for Windows action
pr-should-include-tests: no more CI:DOCS override
Depend on runc unconditionally, not only on SLE 15 (bsc#1239088)

Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

SUSE Linux Micro 6.1
zypper in -t patch SUSE-SLE-Micro-6.1-292=1

Package List:

SUSE Linux Micro 6.1 (aarch64 ppc64le s390x x86_64)
- podman-remote-5.4.2-slfo.1.1_1.1
- podmansh-5.4.2-slfo.1.1_1.1
- podman-debuginfo-5.4.2-slfo.1.1_1.1
- podman-5.4.2-slfo.1.1_1.1
- podman-remote-debuginfo-5.4.2-slfo.1.1_1.1
SUSE Linux Micro 6.1 (noarch)
- podman-docker-5.4.2-slfo.1.1_1.1

Security update for podman

Description:

Patch Instructions:

Package List:

References: