Security update for buildah

Announcement ID:	SUSE-SU-2020:3423-1
Rating:	moderate
References:	bsc#1165184 bsc#1167864
Cross-References:	CVE-2019-10214 CVE-2020-10696
CVSS scores:	CVE-2019-10214 ( SUSE ): 9.0 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H CVE-2019-10214 ( NVD ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N CVE-2020-10696 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2020-10696 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Affected Products:	Containers Module 15-SP2 Containers Module 15-SP1 SUSE Linux Enterprise High Performance Computing 15 SP1 SUSE Linux Enterprise High Performance Computing 15 SP2 SUSE Linux Enterprise Server 15 SP1 SUSE Linux Enterprise Server 15 SP1 Business Critical Linux 15-SP1 SUSE Linux Enterprise Server 15 SP2 SUSE Linux Enterprise Server 15 SP2 Business Critical Linux 15-SP2 SUSE Linux Enterprise Server for SAP Applications 15 SP1 SUSE Linux Enterprise Server for SAP Applications 15 SP2 SUSE Manager Proxy 4.0 SUSE Manager Proxy 4.1 SUSE Manager Retail Branch Server 4.0 SUSE Manager Retail Branch Server 4.1 SUSE Manager Server 4.0 SUSE Manager Server 4.1

An update that solves two vulnerabilities can now be installed.

Description:

This update for buildah fixes the following issues:

buildah was updated to v1.17.0 (bsc#1165184):

Handle cases where other tools mount/unmount containers
overlay.MountReadOnly: support RO overlay mounts
overlay: use fusermount for rootless umounts
overlay: fix umount
Switch default log level of Buildah to Warn. Users need to see these messages
Drop error messages about OCI/Docker format to Warning level
build(deps): bump github.com/containers/common from 0.26.0 to 0.26.2
tests/testreport: adjust for API break in storage v1.23.6
build(deps): bump github.com/containers/storage from 1.23.5 to 1.23.7
build(deps): bump github.com/fsouza/go-dockerclient from 1.6.5 to 1.6.6
copier: put: ignore Typeflag="g"
Use curl to get repo file (fix #2714)
build(deps): bump github.com/containers/common from 0.25.0 to 0.26.0
build(deps): bump github.com/spf13/cobra from 1.0.0 to 1.1.1
Remove docs that refer to bors, since we're not using it
Buildah bud should not use stdin by default
bump containerd, docker, and golang.org/x/sys
Makefile: cross: remove windows.386 target
copier.copierHandlerPut: don't check length when there are errors
Stop excessive wrapping
CI: require that conformance tests pass
bump(github.com/openshift/imagebuilder) to v1.1.8
Skip tlsVerify insecure BUILD_REGISTRY_SOURCES
Fix build path wrong containers/podman#7993
refactor pullpolicy to avoid deps
build(deps): bump github.com/containers/common from 0.24.0 to 0.25.0
CI: run gating tasks with a lot more memory
ADD and COPY: descend into excluded directories, sometimes
copier: add more context to a couple of error messages
copier: check an error earlier
copier: log stderr output as debug on success
Update nix pin with make nixpkgs
Set directory ownership when copied with ID mapping
build(deps): bump github.com/sirupsen/logrus from 1.6.0 to 1.7.0
build(deps): bump github.com/containers/common from 0.23.0 to 0.24.0
Cirrus: Remove bors artifacts
Sort build flag definitions alphabetically
ADD: only expand archives at the right time
Remove configuration for bors
Shell Completion for podman build flags
Bump c/common to v0.24.0
New CI check: xref --help vs man pages
CI: re-enable several linters
Move --userns-uid-map/--userns-gid-map description into buildah man page
add: preserve ownerships and permissions on ADDed archives
Makefile: tweak the cross-compile target
Bump containers/common to v0.23.0
chroot: create bind mount targets 0755 instead of 0700
Change call to Split() to safer SplitN()
chroot: fix handling of errno seccomp rules
build(deps): bump github.com/containers/image/v5 from 5.5.2 to 5.6.0
Add In Progress section to contributing
integration tests: make sure tests run in ${topdir}/tests
Run(): ignore containers.conf's environment configuration
Warn when setting healthcheck in OCI format
Cirrus: Skip git-validate on branches
tools: update git-validation to the latest commit
tools: update golangci-lint to v1.18.0
Add a few tests of push command
Add(): fix handling of relative paths with no ContextDir
build(deps): bump github.com/containers/common from 0.21.0 to 0.22.0
Lint: Use same linters as podman
Validate: reference HEAD
Fix buildah mount to display container names not ids
Update nix pin with make nixpkgs
Add missing --format option in buildah from man page
Fix up code based on codespell
build(deps): bump github.com/openshift/imagebuilder from 1.1.6 to 1.1.7
build(deps): bump github.com/containers/storage from 1.23.4 to 1.23.5
Improve buildah completions
Cirrus: Fix validate commit epoch
Fix bash completion of manifest flags
Uniform some man pages
Update Buildah Tutorial to address BZ1867426
Update bash completion of manifest add sub command
copier.Get(): hard link targets shouldn't be relative paths
build(deps): bump github.com/onsi/gomega from 1.10.1 to 1.10.2
Pass timestamp down to history lines
Timestamp gets updated everytime you inspect an image
bud.bats: use absolute paths in newly-added tests
contrib/cirrus/lib.sh: don't use CN for the hostname
tests: Add some tests
Update manifest add man page
Extend flags of manifest add
build(deps): bump github.com/containers/storage from 1.23.3 to 1.23.4
build(deps): bump github.com/onsi/ginkgo from 1.14.0 to 1.14.1
CI: expand cross-compile checks

Update to v1.16.2:

fix build on 32bit arches
containerImageRef.NewImageSource(): don't always force timestamps
Add fuse module warning to image readme
Heed our retry delay option values when retrying commit/pull/push
Switch to containers/common for seccomp
Use --timestamp rather then --omit-timestamp
docs: remove outdated notice
docs: remove outdated notice
build-using-dockerfile: add a hidden --log-rusage flag
build(deps): bump github.com/containers/image/v5 from 5.5.1 to 5.5.2
Discard ReportWriter if user sets options.Quiet
build(deps): bump github.com/containers/common from 0.19.0 to 0.20.3
Fix ownership of content copied using COPY --from
newTarDigester: zero out timestamps in tar headers
Update nix pin with make nixpkgs
bud.bats: correct .dockerignore integration tests
Use pipes for copying
run: include stdout in error message
run: use the correct error for errors.Wrapf
copier: un-export internal types
copier: add Mkdir()
in_podman: don't get tripped up by $CIRRUS_CHANGE_TITLE
docs/buildah-commit.md: tweak some wording, add a --rm example
imagebuildah: don’t blank out destination names when COPYing
Replace retry functions with common/pkg/retry
StageExecutor.historyMatches: compare timestamps using .Equal
Update vendor of containers/common
Fix errors found in coverity scan
Change namespace handling flags to better match podman commands
conformance testing: ignore buildah.BuilderIdentityAnnotation labels
Vendor in containers/storage v1.23.0
Add buildah.IsContainer interface
Avoid feeding run_buildah to pipe
fix(buildahimage): add xz dependency in buildah image
Bump github.com/containers/common from 0.15.2 to 0.18.0
Howto for rootless image building from OpenShift
Add --omit-timestamp flag to buildah bud
Update nix pin with make nixpkgs
Shutdown storage on failures
Handle COPY --from when an argument is used
Bump github.com/seccomp/containers-golang from 0.5.0 to 0.6.0
Cirrus: Use newly built VM images
Bump github.com/opencontainers/runc from 1.0.0-rc91 to 1.0.0-rc92
Enhance the .dockerignore man pages
conformance: add a test for COPY from subdirectory
fix bug manifest inspct
Add documentation for .dockerignore
Add BuilderIdentityAnnotation to identify buildah version
DOC: Add quay.io/containers/buildah image to README.md
Update buildahimages readme
fix spelling mistake in "info" command result display
Don't bind /etc/host and /etc/resolv.conf if network is not present
blobcache: avoid an unnecessary NewImage()
Build static binary with buildGoModule
copier: split StripSetidBits into StripSetuidBit/StripSetgidBit/StripStickyBit
tarFilterer: handle multiple archives
Fix a race we hit during conformance tests
Rework conformance testing
Update 02-registries-repositories.md
test-unit: invoke cmd/buildah tests with --flags
parse: fix a type mismatch in a test
Fix compilation of tests/testreport/testreport
build.sh: log the version of Go that we're using
test-unit: increase the test timeout to 40/45 minutes
Add the "copier" package
Fix & add notes regarding problematic language in codebase
Add dependency on github.com/stretchr/testify/require
CompositeDigester: add the ability to filter tar streams
BATS tests: make more robust
vendor golang.org/x/text@v0.3.3
Switch golang 1.12 to golang 1.13
imagebuildah: wait for stages that might not have even started yet
chroot, run: not fail on bind mounts from /sys
chroot: do not use setgroups if it is blocked
Set engine env from containers.conf
imagebuildah: return the right stage's image as the "final" image
Fix a help string
Deduplicate environment variables
switch containers/libpod to containers/podman
Bump github.com/containers/ocicrypt from 1.0.2 to 1.0.3
Bump github.com/opencontainers/selinux from 1.5.2 to 1.6.0
Mask out /sys/dev to prevent information leak
linux: skip errors from the runtime kill
Mask over the /sys/fs/selinux in mask branch
Add VFS additional image store to container
tests: add auth tests
Allow "readonly" as alias to "ro" in mount options
Ignore OS X specific consistency mount option
Bump github.com/onsi/ginkgo from 1.13.0 to 1.14.0
Bump github.com/containers/common from 0.14.0 to 0.15.2
Rootless Buildah should default to IsolationOCIRootless
imagebuildah: fix inheriting multi-stage builds
Make imagebuildah.BuildOptions.Architecture/OS optional
Make imagebuildah.BuildOptions.Jobs optional
Resolve a possible race in imagebuildah.Executor.startStage()
Switch scripts to use containers.conf
Bump openshift/imagebuilder to v1.1.6
Bump go.etcd.io/bbolt from 1.3.4 to 1.3.5
buildah, bud: support --jobs=N for parallel execution
executor: refactor build code inside new function
Add bud regression tests
Cirrus: Fix missing htpasswd in registry img
docs: clarify the 'triples' format
CHANGELOG.md: Fix markdown formatting
Add nix derivation for static builds
Bump to v1.16.0-dev
Update to v1.15.1
Mask over the /sys/fs/selinux in mask branch
chroot: do not use setgroups if it is blocked
chroot, run: not fail on bind mounts from /sys
Allow "readonly" as alias to "ro" in mount options
Add VFS additional image store to container
vendor golang.org/x/text@v0.3.3
Make imagebuildah.BuildOptions.Architecture/OS optional

Update to v1.15.0:

Add CVE-2020-10696 to CHANGELOG.md and changelog.txt
fix lighttpd example
remove dependency on openshift struct
Warn on unset build arguments
vendor: update seccomp/containers-golang to v0.4.1
Updated docs
clean up comments
update exit code for tests
Implement commit for encryption
implementation of encrypt/decrypt push/pull/bud/from
fix resolve docker image name as transport
Add preliminary profiling support to the CLI
Evaluate symlinks in build context directory
fix error info about get signatures for containerImageSource
Add Security Policy
Cirrus: Fixes from review feedback
imagebuildah: stages shouldn't count as their base images
Update containers/common v0.10.0
Add registry to buildahimage Dockerfiles
Cirrus: Use pre-installed VM packages + F32
Cirrus: Re-enable all distro versions
Cirrus: Update to F31 + Use cache images
golangci-lint: Disable gosimple
Lower number of golangci-lint threads
Fix permissions on containers.conf
Don't force tests to use runc
Return exit code from failed containers
cgroup_manager should be under [engine]
Use c/common/pkg/auth in login/logout
Cirrus: Temporarily disable Ubuntu 19 testing
Add containers.conf to stablebyhand build
Update gitignore to exclude test Dockerfiles
Remove warning for systemd inside of container

Update to v1.14.6:

Make image history work correctly with new args handling
Don't add args to the RUN environment from the Builder

Update to v1.14.5:

Revert FIPS mode change

Update to v1.14.4:

Update unshare man page to fix script example
Fix compilation errors on non linux platforms
Preserve volume uid and gid through subsequent commands
Fix potential CVE in tarfile w/ symlink
Fix .dockerignore with globs and ! commands

Update to v1.14.2:

Search for local runtime per values in containers.conf
Set correct ownership on working directory
Improve remote manifest retrieval
Correct a couple of incorrect format specifiers
manifest push --format: force an image type, not a list type
run: adjust the order in which elements are added to $
getDateAndDigestAndSize(): handle creation time not being set
Make the commit id clear like Docker
Show error on copied file above context directory in build
pull/from/commit/push: retry on most failures
Repair buildah so it can use containers.conf on the server side
Fixing formatting & build instructions
Fix XDG_RUNTIME_DIR for authfile
Show validation command-line

Update to v1.14.0:

getDateAndDigestAndSize(): use manifest.Digest
Touch up os/arch doc
chroot: handle slightly broken seccomp defaults
buildahimage: specify fuse-overlayfs mount options
parse: don't complain about not being able to rename something to itself
Fix build for 32bit platforms
Allow users to set OS and architecture on bud
Fix COPY in containerfile with envvar
Add --sign-by to bud/commit/push, --remove-signatures for pull/push
Add support for containers.conf
manifest push: add --format option

Update to v1.13.1:

copyFileWithTar: close source files at the right time
copy: don't digest files that we ignore
Check for .dockerignore specifically
Don't setup excludes, if their is only one pattern to match
set HOME env to /root on chroot-isolation by default
docs: fix references to containers-*.5
fix bug Add check .dockerignore COPY file
buildah bud --volume: run from tmpdir, not source dir
Fix imageNamePrefix to give consistent names in buildah-from
cpp: use -traditional and -undef flags
discard outputs coming from onbuild command on buildah-from --quiet
make --format columnizing consistent with buildah images
Fix option handling for volumes in build
Rework overlay pkg for use with libpod
Fix buildahimage builds for buildah
Add support for FIPS-Mode backends
Set the TMPDIR for pulling/pushing image to $TMPDIR

Update to v1.12.0:

Allow ADD to use http src
imgtype: reset storage opts if driver overridden
Start using containers/common
overlay.bats typo: fuse-overlays should be fuse-overlayfs
chroot: Unmount with MNT_DETACH instead of UnmountMountpoints()
bind: don't complain about missing mountpoints
imgtype: check earlier for expected manifest type
Add history names support

Update to v1.11.6:

Handle missing equal sign in --from and --chown flags for COPY/ADD
bud COPY does not download URL
Fix .dockerignore exclude regression
commit(docker): always set ContainerID and ContainerConfig
Touch up commit man page image parameter
Add builder identity annotations.

Update to v1.11.5:

buildah: add "manifest" command
pkg/supplemented: add a package for grouping images together
pkg/manifests: add a manifest list build/manipulation API
Update for ErrUnauthorizedForCredentials API change in containers/image
Update for manifest-lists API changes in containers/image
version: also note the version of containers/image
Move to containers/image v5.0.0
Enable --device directory as src device
Add clarification to the Tutorial for new users
Silence "using cache" to ensure -q is fully quiet
Move runtime flag to bud from common
Commit: check for storage.ErrImageUnknown using errors.Cause()
Fix crash when invalid COPY --from flag is specified.

Update to v1.11.4:

buildah: add a "manifest" command
pkg/manifests: add a manifest list build/manipulation API
Update for ErrUnauthorizedForCredentials API change in containers/image
Update for manifest-lists API changes in containers/image
Move to containers/image v5.0.0
Enable --device directory as src device
Add clarification to the Tutorial for new users
Silence "using cache" to ensure -q is fully quiet
Move runtime flag to bud from common
Commit: check for storage.ErrImageUnknown using errors.Cause()
Fix crash when invalid COPY --from flag is specified.

Update to v1.11.3:

Add cgroups2
Add support for retrieving context from stdin "-"
Added tutorial on how to include Buildah as library
Fix --build-args handling
Print build 'STEP' line to stdout, not stderr
Use Containerfile by default

Update to v1.11.2:

Add some cleanup code
Move devices code to unit specific directory.

Update to v1.11.1:

Add --devices flag to bud and from
Add support for /run/.containerenv
Allow mounts.conf entries for equal source and destination paths
Fix label and annotation for 1-line Dockerfiles
Preserve file and directory mount permissions
Replace --debug=false with --log-level=error
Set TMPDIR to /var/tmp by default
Truncate output of too long image names
Ignore EmptyLayer if Squash is set

Update to v1.11.0:

Add --digestfile and Re-add push statement as debug
Add --log-level command line option and deprecate --debug
Add security-related volume options to validator
Allow buildah bud to be called without arguments
Allow to override build date with SOURCE_DATE_EPOCH
Correctly detect ExitError values from Run()
Disable empty logrus timestamps to reduce logger noise
Fix directory pull image names
Fix handling of /dev/null masked devices
Fix possible runtime panic on bud
Update bud/from help to contain indicator for --dns=none
Update documentation about bud
Update shebangs to take env into consideration
Use content digests in ADD/COPY history entries
add support for cgroupsV2
add: add a DryRun flag to AddAndCopyOptions
add: handle hard links when copying with .dockerignore
add: teach copyFileWithTar() about symlinks and directories
imagebuilder: fix detection of referenced stage roots
pull/commit/push: pay attention to $BUILD_REGISTRY_SOURCES
run_linux: fix mounting /sys in a userns

Update to v1.10.1:

Add automatic apparmor tag discovery
Add overlayfs to fuse-overlayfs tip
Bug fix for volume minus syntax
Bump container/storage v1.13.1 and containers/image v3.0.1
Bump containers/image to v3.0.2 to fix keyring issue
Fix bug whereby --get-login has no effect
Bump github.com/containernetworking/cni to v0.7.1
Add appamor-pattern requirement
Update build process to match the latest repository architecture
Update to v1.10.0
vendor github.com/containers/image@v3.0.0
Remove GO111MODULE in favor of -mod=vendor
Vendor in containers/storage v1.12.16
Add '-' minus syntax for removal of config values
tests: enable overlay tests for rootless
rootless, overlay: use fuse-overlayfs
vendor github.com/containers/image@v2.0.1
Added '-' syntax to remove volume config option
delete successfully pushed message
Add golint linter and apply fixes
vendor github.com/containers/storage@v1.12.15
Change wait to sleep in buildahimage readme
Handle ReadOnly images when deleting images
Add support for listing read/only images
from/import: record the base image's digest, if it has one
Fix CNI version retrieval to not require network connection
Add misspell linter and apply fixes
Add goimports linter and apply fixes
Add stylecheck linter and apply fixes
Add unconvert linter and apply fixes
image: make sure we don't try to use zstd compression
run.bats: skip the "z" flag when testing --mount
Update to runc v1.0.0-rc8
Update to match updated runtime-tools API
bump github.com/opencontainers/runtime-tools to v0.9.0
Build e2e tests using the proper build tags
Add unparam linter and apply fixes
Run: correct a typo in the --cap-add help text
unshare: add a --mount flag
fix push check image name is not empty
add: fix slow copy with no excludes
Add errcheck linter and fix missing error check
Improve tests/tools/Makefile parallelism and abstraction
Fix response body not closed resource leak
Switch to golangci-lint
Add gomod instructions and mailing list links
On Masked path, check if /dev/null already mounted before mounting
Update to containers/storage v1.12.13
Refactor code in package imagebuildah
Add rootless podman with NFS issue in documentation
Add --mount for buildah run
import method ValidateVolumeOpts from libpod
Fix typo
Makefile: set GO111MODULE=off
rootless: add the built-in slirp DNS server
Update docker/libnetwork to get rid of outdated sctp package
Update buildah-login.md
migrate to go modules
install.md: mention go modules
tests/tools: go module for test binaries
fix --volume splits comma delimited option
Add bud test for RUN with a priv'd command
vendor logrus v1.4.2
pkg/cli: panic when flags can't be hidden
pkg/unshare: check all errors
pull: check error during report write
run_linux.go: ignore unchecked errors
conformance test: catch copy error
chroot/run_test.go: export funcs to actually be executed
tests/imgtype: ignore error when shutting down the store
testreport: check json error
bind/util.go: remove unused func
rm chroot/util.go
imagebuildah: remove unused dedupeStringSlice
StageExecutor: EnsureContainerPath: catch error from SecureJoin()
imagebuildah/build.go: return instead of branching
rmi: avoid redundant branching
conformance tests: nilness: allocate map
imagebuildah/build.go: avoid redundant filepath.Join()
imagebuildah/build.go: avoid redundant os.Stat()
imagebuildah: omit comparison to bool
fix "ineffectual assignment" lint errors
docker: ignore "repeats json tag" lint error
pkg/unshare: use ... instead of iterating a slice
conformance: bud test: use raw strings for regexes
conformance suite: remove unused func/var
buildah test suite: remove unused vars/funcs
testreport: fix golangci-lint errors
util: remove redundant return statement
chroot: only log clean-up errors
images_test: ignore golangci-lint error
blobcache: log error when draining the pipe
imagebuildah: check errors in deferred calls
chroot: fix error handling in deferred funcs
cmd: check all errors
chroot/run_test.go: check errors
chroot/run.go: check errors in deferred calls
imagebuildah.Executor: remove unused onbuild field
docker/types.go: remove unused struct fields
util: use strings.ContainsRune instead of index check
Cirrus: Initial implementation
buildah-run: fix-out-of-range panic (2)
Update containers/image to v2.0.0
run: fix hang with run and --isolation=chroot
run: fix hang when using run
chroot: drop unused function call
remove --> before imgageID on build
Always close stdin pipe
Write deny to setgroups when doing single user mapping
Avoid including linux/memfd.h
Add a test for the symlink pointing to a directory
Add missing continue
Fix the handling of symlinks to absolute paths
Only set default network sysctls if not rootless
Support --dns=none like podman
fix bug --cpu-shares parsing typo
Fix validate complaint
Update vendor on containers/storage to v1.12.10
Create directory paths for COPY thereby ensuring correct perms
imagebuildah: use a stable sort for comparing build args
imagebuildah: tighten up cache checking
bud.bats: add a test verying the order of --build-args
add -t to podman run
imagebuildah: simplify screening by top layers
imagebuildah: handle ID mappings for COPY --from
imagebuildah: apply additionalTags ourselves
bud.bats: test additional tags with cached images
bud.bats: add a test for WORKDIR and COPY with absolute destinations
Cleanup Overlay Mounts content
Add support for file secret mounts
Add ability to skip secrets in mounts file
allow 32bit builds
fix tutorial instructions
imagebuilder: pass the right contextDir to Add()
add: use fileutils.PatternMatcher for .dockerignore
bud.bats: add another .dockerignore test
unshare: fallback to single usermapping
addHelperSymlink: clear the destination on os.IsExist errors
bud.bats: test replacing symbolic links
imagebuildah: fix handling of destinations that end with '/'
bud.bats: test COPY with a final "/" in the destination
linux: add check for sysctl before using it
unshare: set _CONTAINERS_ROOTLESS_GID
Rework buildahimamges
build context: support https git repos
Add a test for ENV special chars behaviour
Check in new Dockerfiles
Apply custom SHELL during build time
config: expand variables only at the command line
SetEnv: we only need to expand v once
Add default /root if empty on chroot iso
Add support for Overlay volumes into the container.
Export buildah validate volume functions so it can share code with libpod
Bump baseline test to F30
Fix rootless handling of /dev/shm size
Avoid fmt.Printf() in the library
imagebuildah: tighten cache checking back up
Handle WORKDIR with dangling target
Default Authfile to proper path
Make buildah run --isolation follow BUILDAH_ISOLATION environment
Vendor in latest containers/storage and containers/image
getParent/getChildren: handle layerless images
imagebuildah: recognize cache images for layerless images
bud.bats: test scratch images with --layers caching
Get CHANGELOG.md updates
Add some symlinks to test our .dockerignore logic
imagebuildah: addHelper: handle symbolic links
commit/push: use an everything-allowed policy
Correct manpage formatting in files section
Remove must be root statement from buildah doc
Change image names to stable, testing and upstream
Don't create directory on container
Replace kubernetes/pause in tests with k8s.gcr.io/pause
imagebuildah: don't remove intermediate images if we need them
Rework buildahimagegit to buildahimageupstream
Fix Transient Mounts
Handle WORKDIRs that are symlinks
allow podman to build a client for windows
Touch up 1.9-dev to 1.9.0-dev
Resolve symlink when checking container path
commit: commit on every instruction, but not always with layers
CommitOptions: drop the unused OnBuild field
makeImageRef: pass in the whole CommitOptions structure
cmd: API cleanup: stores before images
run: check if SELinux is enabled
Fix buildahimages Dockerfiles to include support for additionalimages mounted from host.
Detect changes in rootdir
Fix typo in buildah-pull(1)
Vendor in latest containers/storage
Keep track of any build-args used during buildah bud --layers
commit: always set a parent ID
imagebuildah: rework unused-argument detection
fix bug dest path when COPY .dockerignore
Move Host IDMAppings code from util to unshare
Add BUILDAH_ISOLATION rootless back
Travis CI: fail fast, upon error in any step
imagebuildah: only commit images for intermediate stages if we have to
Use errors.Cause() when checking for IsNotExist errors
auto pass http_proxy to container
imagebuildah: don't leak image structs
Add Dockerfiles for buildahimages
Bump to Replace golang 1.10 with 1.12
add --dns* flags to buildah bud
Add hack/build_speed.sh test speeds on building container images
Create buildahimage Dockerfile for Quay
rename 'is' to 'expect_output'
squash.bats: test squashing in multi-layered builds
bud.bats: test COPY --from in a Dockerfile while using the cache
commit: make target image names optional
Fix bud-args to allow comma separation
oops, missed some tests in commit.bats
new helper: expect_line_count
New tests for #1467 (string slices in cmdline opts)
Workarounds for dealing with travis; review feedback
BATS tests - extensive but minor cleanup
imagebuildah: defer pulling images for COPY --from
imagebuildah: centralize COMMIT and image ID output
Travis: do not use traviswait
imagebuildah: only initialize imagebuilder configuration once per stage
Make cleaner error on Dockerfile build errors
unshare: move to pkg/
unshare: move some code from cmd/buildah/unshare
Fix handling of Slices versus Arrays
imagebuildah: reorganize stage and per-stage logic
imagebuildah: add empty layers for instructions
Add missing step in installing into Ubuntu
fix bug in .dockerignore support
imagebuildah: deduplicate prepended "FROM" instructions
Touch up intro
commit: set created-by to the shell if it isn't set
commit: check that we always set a "created-by"
docs/buildah.md: add "containers-" prefixes under "SEE ALSO"

Update to v1.7.2

Updates vendored containers/storage to latest version
rootless: by default use the host network namespace
Full changelog: https://github.com/containers/buildah/releases/tag/v1.6

Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

Containers Module 15-SP1
zypper in -t patch SUSE-SLE-Module-Containers-15-SP1-2020-3423=1
Containers Module 15-SP2
zypper in -t patch SUSE-SLE-Module-Containers-15-SP2-2020-3423=1

Package List:

Containers Module 15-SP1 (aarch64 ppc64le s390x x86_64)
- buildah-1.17.0-3.6.1
Containers Module 15-SP2 (aarch64 ppc64le s390x x86_64)
- buildah-1.17.0-3.6.1

Security update for buildah

Description:

Patch Instructions:

Package List:

References: