golang-github-containers-buildah - Debian Package Tracker

general

source: golang-github-containers-buildah (main)
version: 1.39.0+ds1-1
maintainer: Debian Go Packaging Team (DMD)
uploaders: Reinhard Tartler [DMD] – Dmitry Smirnov [DMD]
arch: all any
std-ver: 4.7.0
VCS: Git (Browse, QA)

versions [more versions can be listed by madison] [old versions available from snapshot.debian.org]

[pool directory]

oldstable: 1.19.6+dfsg1-1
stable: 1.28.2+ds1-3
stable-p-u: 1.28.2+ds1-3+deb12u1
testing: 1.39.0+ds1-1
unstable: 1.39.0+ds1-1

versioned links

1.19.6+dfsg1-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
1.28.2+ds1-3: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
1.28.2+ds1-3+deb12u1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
1.39.0+ds1-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]

binaries

buildah (1 bugs: 0, 1, 0, 0)
golang-github-containers-buildah-dev

action needed

Marked for autoremoval on 17 March due to notary: #1078632 high

Version 1.39.0+ds1-1 of golang-github-containers-buildah is marked for autoremoval from testing on Mon 17 Mar 2025. It depends (transitively) on notary, affected by #1078632. You should try to prevent the removal by fixing these RC bugs.

Created: 2025-02-15 Last update: 2025-02-21 12:30

1 security issue in trixie high

There is 1 open security issue in trixie.

1 important issue:

CVE-2024-9676: A vulnerability was found in Podman, Buildah, and CRI-O. A symlink traversal vulnerability in the containers/storage library can cause Podman, Buildah, and CRI-O to hang and result in a denial of service via OOM kill when running a malicious image using an automatically assigned user namespace (`--userns=auto` in Podman and Buildah). The containers/storage library will read /etc/passwd inside the container, but does not properly validate if that file is a symlink, which can be used to cause the library to read an arbitrary file on the host.

Created: 2024-10-05 Last update: 2025-02-19 11:55

1 security issue in sid high

There is 1 open security issue in sid.

1 important issue:

CVE-2024-9676: A vulnerability was found in Podman, Buildah, and CRI-O. A symlink traversal vulnerability in the containers/storage library can cause Podman, Buildah, and CRI-O to hang and result in a denial of service via OOM kill when running a malicious image using an automatically assigned user namespace (`--userns=auto` in Podman and Buildah). The containers/storage library will read /etc/passwd inside the container, but does not properly validate if that file is a symlink, which can be used to cause the library to read an arbitrary file on the host.

Created: 2024-10-05 Last update: 2025-02-19 11:55

lintian reports 1 error and 26 warnings high

Lintian reports 1 error and 26 warnings about this package. You should make the package lintian clean getting rid of them.

Created: 2025-02-13 Last update: 2025-02-13 02:30

2136 new commits since last upload, is it time to release? normal

vcswatch reports that this package seems to have new commits in its VCS but has not yet updated debian/changelog. You should consider updating the Debian changelog and uploading this new version into the archive.

Here are the relevant commit logs:

commit 823d1273a33401cb23e0e031704f2c9bbb71b566
Author: Reinhard Tartler <siretart@tauware.de>
Date:   Wed Feb 12 09:20:57 2025 -0500

    debian/changelog: update

commit 8a7b11aa5d78c1f0bab9c6b8f4aef01dda4e59e7
Author: Reinhard Tartler <siretart@tauware.de>
Date:   Wed Feb 12 12:20:31 2025 -0500

    debian/tests/control: Add parallel, unmark bats test as flaky

commit 4e03a79464bb1c74f4292236efac8becc352d891
Author: Reinhard Tartler <siretart@tauware.de>
Date:   Wed Feb 12 09:23:28 2025 -0500

    debian/control: tighten dependencies

commit c68c668d597b67f610867e095fab43e01b27cef0
Merge: ffac57a3e d777a2dbc
Author: Reinhard Tartler <siretart@tauware.de>
Date:   Wed Feb 12 09:20:42 2025 -0500

    Update upstream source from tag 'upstream/1.39.0+ds1'
    
    Update to upstream version '1.39.0+ds1'
    with Debian dir 2806650b8453b34180b0516787f62756665099f9

commit ffac57a3e6e20eab88afc5dd0e31a6a91af8584b
Author: Reinhard Tartler <siretart@tauware.de>
Date:   Thu Jan 23 06:35:12 2025 -0500

    debian/changelog: update

commit f47a819af3766792b90dde40475575aa6706ca91
Author: Reinhard Tartler <siretart@tauware.de>
Date:   Fri Jan 24 06:38:52 2025 -0500

    integration-tests: Prefer ubi8 over ubi9 image
    
    The ubi9 requires a x86-64-v2 capable cpu, which a default qemu VM
    does not support by default.
    
    Using an older version of rhel works equially fine without this requirement.

commit a47ab1cd0653a7a28d9021449ba2bc1358c1ec63
Author: Reinhard Tartler <siretart@tauware.de>
Date:   Fri Jan 24 06:38:42 2025 -0500

    refresh patches

commit ff5da971177fbd921d4ca341e5942a124253186e
Author: Reinhard Tartler <siretart@tauware.de>
Date:   Thu Jan 23 06:52:42 2025 -0500

    Expand patches/root-testfail-ignore.patch

commit e9ce4656d16125decbffd65afa6280940a59f218
Author: Reinhard Tartler <siretart@tauware.de>
Date:   Thu Jan 23 06:52:30 2025 -0500

    refresh patches/0006-tolerate-absence-of-netavark-binary-in-tests

commit 5a0a3f61423c6b8f82f796de12ef0f55eae99001
Author: Reinhard Tartler <siretart@tauware.de>
Date:   Thu Jan 23 06:34:08 2025 -0500

    Bump dependencies for containers/{storage,image,common}

commit 11ce368eac1fffc0604498e5bc11c591ec233d97
Merge: fd0b252f1 8fd6070e9
Author: Reinhard Tartler <siretart@tauware.de>
Date:   Thu Jan 23 06:31:27 2025 -0500

    Merge tag 'upstream/1.38.1' into debian/sid
    
    Upstream version 1.38.1

commit fd0b252f15ab8d9145ae80238d2c477ab575f5f4
Author: Reinhard Tartler <siretart@tauware.de>
Date:   Sun Nov 17 10:03:31 2024 -0500

    debian/changelog: update

commit f609b9c0afc6025d051376140c2a3aa98683b71a
Author: Reinhard Tartler <siretart@tauware.de>
Date:   Tue Nov 12 09:40:21 2024 -0500

    debian/changelog: update

commit ec49a5df7d5b51402aa6bbaa202a6e8dd0f04675
Author: Reinhard Tartler <siretart@tauware.de>
Date:   Mon Nov 11 22:12:00 2024 -0500

    install the 'inet' test binary

commit 0d2133c60debfd9459a423f56d38112db2e01e3b
Author: Reinhard Tartler <siretart@tauware.de>
Date:   Mon Nov 11 17:33:50 2024 -0500

    expand ignore-netavark patch

commit c5da0f6929277d31e7e02bd64631587f8d011b8a
Author: Reinhard Tartler <siretart@tauware.de>
Date:   Mon Nov 11 17:34:53 2024 -0500

    install additional test files

commit 761890fd6950a28872b578fd5353fc863048a835
Author: Reinhard Tartler <siretart@tauware.de>
Date:   Mon Nov 11 15:33:14 2024 -0500

    refresh patches

commit c3d0d9bd8ca4d9353b103dd5c98f93842342a724
Author: Reinhard Tartler <siretart@tauware.de>
Date:   Mon Nov 11 15:32:13 2024 -0500

    Tighten dependencies

commit 57ccd149b24121522382f5229b67907e0c9a7151
Author: Reinhard Tartler <siretart@tauware.de>
Date:   Mon Nov 11 12:54:14 2024 -0500

    debian/changelog: update

commit cc88d27ecd7e52f728514ff2e55ecfe5d3c06887
Merge: 24a15c811 0fbbcb0b9
Author: Reinhard Tartler <siretart@tauware.de>
Date:   Mon Nov 11 12:53:47 2024 -0500

    Merge tag 'upstream/1.38.0+ds1' into debian/experimental
    
    Upstream version 1.38.0+ds1

commit 24a15c811a2d1b4b98e2509cc04dfb53b2acf382
Author: Reinhard Tartler <siretart@tauware.de>
Date:   Sun Oct 20 10:45:36 2024 -0400

    debian/changelog: update

commit 40d83b14df1ee13edbb645227c883513193a9e05
Author: Reinhard Tartler <siretart@tauware.de>
Date:   Sun Oct 20 19:16:37 2024 -0400

    tests/bats: add some additional dependencies

commit 59809e849f73dd9179420a1afbf27d62fb0f8bdb
Author: Reinhard Tartler <siretart@tauware.de>
Date:   Sun Oct 20 11:12:44 2024 -0400

    Recommend cpp
    
    Buildah can build Containerfile.in  documents, which may use the
    cpp pre-processor for implementing conditionals.

commit c78b1b7e0fbb14056a033aca157bb4792dab7912
Author: Reinhard Tartler <siretart@tauware.de>
Date:   Sun Oct 20 10:44:50 2024 -0400

    Tighten dependency on containers/storage

commit 72aefee06c2913d2cdbbc41e0c2dd8689755f3a4
Author: Reinhard Tartler <siretart@tauware.de>
Date:   Sat Oct 19 08:28:34 2024 -0400

    drop 0005-Properly-validate-cache-IDs-and-sources.patch
    
    merged upstream

commit 5cf2f94eddd5b5ca2abb4f22855e099b474d31de
Merge: b9c74147a 157616646
Author: Reinhard Tartler <siretart@tauware.de>
Date:   Sat Oct 19 08:27:52 2024 -0400

    Update upstream source from tag 'upstream/1.37.5+ds1'
    
    Update to upstream version '1.37.5+ds1'
    with Debian dir 0462a5d3363c0e0dce92a39a279aa860b1f37d10

commit b9c74147a5cfb297a9930d500b4a23650ac49a4a
Author: Reinhard Tartler <siretart@tauware.de>
Date:   Sat Oct 19 08:23:32 2024 -0400

    add lintian override to ignore testdata-related error

commit 92ad7c3dc6f17f8f7fe0777386c2832ade996d55
Author: Reinhard Tartler <siretart@tauware.de>
Date:   Sat Oct 19 08:21:05 2024 -0400

    bats tests require root

commit f5f5b196bdb716baa3118ba34155e57fa4070bf3
Author: Reinhard Tartler <siretart@tauware.de>
Date:   Fri Oct 18 07:45:53 2024 -0400

    tests/bats: Requires a VM

commit 2ec5f212ef5979f56b939e762626100e4a4267a0
Author: Reinhard Tartler <siretart@tauware.de>
Date:   Thu Oct 17 07:02:43 2024 -0400

    Run upstream testsuite as autopkgtest

commit 4aeb60c3f7a8689ed56bfc67738bba21dd0e6bac
Author: Reinhard Tartler <siretart@tauware.de>
Date:   Thu Oct 17 07:01:08 2024 -0400

    Install support binaries into usr/libexec/buildah
    
    no need to pollute usr/bin

commit 5075a6d932a43276838cc6a96144fab872432254
Author: Reinhard Tartler <siretart@tauware.de>
Date:   Thu Oct 17 05:09:50 2024 -0400

    buildah: Fix lintian-overrides

commit e6f1a86cc7e2f2be5dc96ece0e58d6b95fd4d188
Author: Reinhard Tartler <siretart@tauware.de>
Date:   Wed Oct 16 06:39:27 2024 -0400

    debian/changelog: update

commit ca5861d4b28e091aa554077aae8720d353e1c21c
Author: Reinhard Tartler <siretart@tauware.de>
Date:   Wed Oct 16 08:07:16 2024 -0400

    debian/control: tighten dependencies on containers/common

commit b938724486d29f3d5ccb64b7c92860afa50fdc69
Author: Reinhard Tartler <siretart@tauware.de>
Date:   Wed Oct 16 06:40:31 2024 -0400

    Backport fix for CVE-2024-9675

commit d06805a0ef1009f87da05cc4dac339230103a79c
Merge: 989984be3 f6fc88764
Author: Reinhard Tartler <siretart@tauware.de>
Date:   Wed Oct 16 06:32:54 2024 -0400

    Merge tag 'upstream/1.37.4+ds1' into debian/experimental
    
    Upstream version 1.37.4+ds1

commit 989984be3534e2a8012827f9e864ca95afdb794c
Author: Reinhard Tartler <siretart@tauware.de>
Date:   Sun Sep 29 12:45:20 2024 -0400

    Update changelog for 1.37.3+ds1-3 release

commit bd15aaa2e05c69855c2a965f3d6bcac3518d664f
Author: Reinhard Tartler <siretart@tauware.de>
Date:   Sun Sep 29 13:16:20 2024 -0400

    debian/source/lintian-overrides: fixup to Ignore too long build-depends field
    
    Gbp-dch: ignore

commit 27fcf290c59942155164de1c570679b4682d94c1
Author: Reinhard Tartler <siretart@tauware.de>
Date:   Sun Sep 29 12:45:09 2024 -0400

    Avoid running problematic test on s390x
    
    Fixes typo in previously upload

commit 93091dcc87fa3c39149d6b38a80f1e0ebd247185
Author: Reinhard Tartler <siretart@tauware.de>
Date:   Sun Sep 29 12:40:57 2024 -0400

    debian/source/lintian-overrides: Ignore too long build-depends field

commit e1bb248af13ba4335376f45cf71833bc890aebc6
Author: Reinhard Tartler <siretart@tauware.de>
Date:   Sun Sep 29 12:42:54 2024 -0400

    Tweak pipeline
    
    disable crossbuild, fails due to unsatisfyable dependencies
    
    Gbp-dch: ignore

commit 550c41fe15f976fe9d394bb6f4a3efbd78e27b45
Author: Reinhard Tartler <siretart@tauware.de>
Date:   Sun Sep 29 11:58:21 2024 -0400

    Replace with standard salsa-ci pipeline
    
    the default golang team pipeline doesn't work for this package
    
    Gbp-dch: ignore

commit bb07c1ca8f37b114d4c1ca78f706db4fd2d170c1
Author: Reinhard Tartler <siretart@tauware.de>
Date:   Sun Sep 29 11:35:06 2024 -0400

    Update changelog for 1.37.3+ds1-2 release

commit 71b5b54da9f60e0902a8534cb7129e41d5ed5044
Author: Reinhard Tartler <siretart@tauware.de>
Date:   Sun Sep 29 11:24:05 2024 -0400

    Drop 0004-Revert-Builder.cdiSetupDevicesInSpecdefConfig-use-co.patch

commit 8c401391399a6741daa38fbb0fc19a25bc89f1bc
Author: Reinhard Tartler <siretart@tauware.de>
Date:   Sun Sep 29 11:20:09 2024 -0400

    debian/rules: Rework what tests are excluded and which are run

commit e7f2d31ea64099ea8cbb252731003f0fb99c53ce
Author: Reinhard Tartler <siretart@tauware.de>
Date:   Sun Sep 29 11:21:17 2024 -0400

    debian/patches/root-testfail-ignore.patch: Additional cases

commit 2ae0c52aa27c0ac7438dfe0c241af76d5b7b6a9d
Author: Reinhard Tartler <siretart@tauware.de>
Date:   Sun Sep 29 11:21:01 2024 -0400

    Improve netavark avoidance patch

commit 46f2561b04228a8abcf2f94912e095000de9ec82
Author: Reinhard Tartler <siretart@tauware.de>
Date:   Sun Sep 29 09:27:23 2024 -0400

    debian/patches/manpage-fixes.patch: mark as forwarded

commit a271de62014a8de2b5c65f5037e6e5f2ddc5af67
Author: Reinhard Tartler <siretart@tauware.de>
Date:   Sun Sep 29 09:19:12 2024 -0400

    debian/rules: remove ubuntu-specific hack
    
    this is no longer necessary

commit d21c1c5320755f6cc04bc6e65b78e1c9720fca54
Merge: 2cc88de42 429fb62bf
Author: Reinhard Tartler <siretart@tauware.de>
Date:   Thu Sep 26 05:54:40 2024 -0400

    Merge branch 'debian/experimental' into debian/sid

commit 429fb62bfd22e25e92a2c6507dc5d1973595ba03
Merge: d30f7eb39 273a50903
Author: Reinhard Tartler <siretart@tauware.de>
Date:   Thu Sep 26 05:52:25 2024 -0400

    Merge branch 'master' into debian/experimental

commit d30f7eb39a8491ee750fc1a3b65a0ebb23acdce1
Author: Reinhard Tartler <siretart@tauware.de>
Date:   Thu Sep 26 05:50:06 2024 -0400

    debian/changelog: update

commit 273a50903d7591e60187719c25d114820976482f
Merge: 0325175b1 0eb70dc61
Author: Reinhard Tartler <siretart@tauware.de>
Date:   Thu Sep 26 05:48:24 2024 -0400

    Update upstream source from tag 'upstream/1.37.3+ds1'
    
    Update to upstream version '1.37.3+ds1'
    with Debian dir b6e10a19daef29d68a90f3b396f19d3a6464686d

commit 2cc88de424f1525d84f44a523aae601959489bea
Author: Reinhard Tartler <siretart@tauware.de>
Date:   Tue Sep 10 07:00:26 2024 -0400

    debian/changelog: update

commit 228c786b4699bb349188a54951fdef5d71b1dc0b
Author: Reinhard Tartler <siretart@tauware.de>
Date:   Mon Sep 2 07:16:47 2024 -0400

    Update changelog for 1.37.2+ds1-2 release

commit 0ef7cec761db37783dfc860ff574caa7de0c3cda
Author: Reinhard Tartler <siretart@tauware.de>
Date:   Mon Sep 2 07:16:27 2024 -0400

    tighten dependency on containers/luksy
    
    Hopefully this addresses test failures from
    https://github.com/containers/buildah/issues/5713

commit 3e20336e2309e6cdd531ab3737df7a1e7a741d04
Author: Reinhard Tartler <siretart@tauware.de>
Date:   Sun Sep 1 15:55:37 2024 -0400

    tighten dependencies on containers/{common,image}

commit 7e3a0a51a6b8995d5850b2919213a96b244d4e53
Merge: 9b5f6558b 0325175b1
Author: Reinhard Tartler <siretart@tauware.de>
Date:   Sun Sep 1 15:51:37 2024 -0400

    Merge branch 'master' into debian/experimental

commit 9b5f6558b1c772b864f717d180e67edee6a63de3
Author: Reinhard Tartler <siretart@tauware.de>
Date:   Sun Sep 1 15:51:10 2024 -0400

    debian/changelog: update

commit 0325175b1c821d65cb76f67cb3069125aad67f56
Merge: 2bab13965 a480fecfe
Author: Reinhard Tartler <siretart@tauware.de>
Date:   Sun Sep 1 15:50:47 2024 -0400

    Update upstream source from tag 'upstream/1.37.2+ds1'
    
    Update to upstream version '1.37.2+ds1'
    with Debian dir b6e10a19daef29d68a90f3b396f19d3a6464686d

commit af94c6fe223a4af147e2860774014b4ec3f1b7a1
Author: Reinhard Tartler <siretart@tauware.de>
Date:   Sat Aug 17 07:37:18 2024 -0400

    debian/changelog: update

commit 5eb45a2345a09e34beb6528f2dc1f9a1ca4b7350
Author: Reinhard Tartler <siretart@tauware.de>
Date:   Thu Aug 15 20:25:39 2024 -0400

    Update changelog for 1.37.1+ds1-2 release

commit f9dee1359ae9c4d699e9c9b14115296392043997
Author: Reinhard Tartler <siretart@tauware.de>
Date:   Thu Aug 15 20:24:42 2024 -0400

    supress lintian error
    
    E: buildah: field-too-long Built-Using (5680 chars > 5000)

commit 842346071588cbce5c8548665f883a5907c440f9
Author: Reinhard Tartler <siretart@tauware.de>
Date:   Thu Aug 15 20:15:45 2024 -0400

    tighten build-deps on docker

commit 51f767a952777ed979e613799ea4dfcc12ab321a
Merge: 189db26ed 2bab13965
Author: Reinhard Tartler <siretart@tauware.de>
Date:   Thu Aug 15 08:57:37 2024 -0400

    Merge branch 'master' into debian/experimental

commit 189db26edd4d1c15f6bbbd9009c503ebe242a519
Author: Reinhard Tartler <siretart@tauware.de>
Date:   Thu Aug 15 08:57:14 2024 -0400

    debian/changelog: update

commit 53970701a3ef276cd7a1d7a2d5567469e64778c5
Author: Reinhard Tartler <siretart@tauware.de>
Date:   Thu Aug 15 08:56:39 2024 -0400

    Tigthen dependencies on containers/{image,common}

commit 2bab1396580de9b6e652b8e6ebe027736434adb9
Merge: e8adaf01d 5addcea17
Author: Reinhard Tartler <siretart@tauware.de>
Date:   Thu Aug 15 08:56:00 2024 -0400

    Update upstream source from tag 'upstream/1.37.1+ds1'
    
    Update to upstream version '1.37.1+ds1'
    with Debian dir b6e10a19daef29d68a90f3b396f19d3a6464686d

commit 41b19099552a770f53cee93708f7e6e45fcb35da
Author: Reinhard Tartler <siretart@tauware.de>
Date:   Wed Aug 7 07:31:38 2024 -0400

    tolerate absence of 'netavark' binary in tests

commit 0f1a34563c2d659d649ec9b90810fb9abd3ea65e
Author: Reinhard Tartler <siretart@tauware.de>
Date:   Wed Aug 7 07:31:13 2024 -0400

    refresh 0005-Disable-TestDeviceFromPath.patch
    
    Gbp-Dch: ignore

commit 246852328aa8e2b5bebb5449b10ee58bccf7011c
Author: Reinhard Tartler <siretart@tauware.de>
Date:   Wed Aug 7 07:15:20 2024 -0400

    Build against imagebuildah 1.2.14

commit 6d2ebeb5031e0e9bc48574731019bf09c1b1547b
Author: Reinhard Tartler <siretart@tauware.de>
Date:   Wed Aug 7 06:42:01 2024 -0400

    Build against container-device-interface 0.7

commit 11f0e3f07f38836e088b7cdb6899976c091fb060
Author: Reinhard Tartler <siretart@tauware.de>
Date:   Wed Aug 7 06:31:39 2024 -0400

    Normalize fields with wrap-and-sort
    
    Gbp-Dch: ignore

commit 57bc1aa19d364edba99420915df0bba0da0eedd7
Author: Reinhard Tartler <siretart@tauware.de>
Date:   Wed Aug 7 06:30:45 2024 -0400

    tighten dependencies on containers/{common,image,storage}

commit 325ab3c502c778d94118dcb3f777457c12424446
Author: Reinhard Tartler <siretart@tauware.de>
Date:   Wed Aug 7 06:25:22 2024 -0400

    refresh patches

commit 21499cfd0084d138096fcffeaee13ee9d35893ba
Author: Reinhard Tartler <siretart@tauware.de>
Date:   Wed Aug 7 06:24:08 2024 -0400

    drop patch 0006-healthcheck-Add-support-for-start-interval.patch

commit 8de9c65ed4e23ef4ab6d853ba1be43fc0d1cabc9
Author: Reinhard Tartler <siretart@tauware.de>
Date:   Wed Aug 7 06:23:11 2024 -0400

    debian/changelog: update

commit 8f1f5e0215995ee344b54c5cbdaed2fbd609d863
Merge: 64dbb0833 cd7fa73ef
Author: Reinhard Tartler <siretart@tauware.de>
Date:   Wed Aug 7 06:22:41 2024 -0400

    Update upstream source from tag 'upstream/1.37.0+ds1'
    
    Update to upstream version '1.37.0+ds1'
    with Debian dir d30109594754dc36eaa45ffaecb2a660fb9b94fe

commit 64dbb0833180f6baf0e614f272e008e54210eb4c
Author: Reinhard Tartler <siretart@tauware.de>
Date:   Wed Aug 7 06:21:24 2024 -0400

    gbp.conf: set upstream-vcs-tag

commit ec496260c0822a1806d5088c0a84127794f84fe5
Author: Mathias Gibbens <gibmat@debian.org>
Date:   Sat Jul 27 01:07:07 2024 +0000

    Upload version 1.35.3+ds1-3 to unstable

commit f8ea7480a86516f778bda882d28d9e6f290e8547
Merge: cb2b24ddf 11f1fa6ca
Author: Mathias Gibbens <gibmat@debian.org>
Date:   Sat Jul 27 01:01:47 2024 +0000

    Merge branch 'debian/experimental' into debian/sid

commit cb2b24ddfbbba617d76f1cff32f3cb540932d1b9
Merge: 8215d5136 b14140f59
Author: Mathias Gibbens <gibmat@debian.org>
Date:   Sat Jul 27 00:59:26 2024 +0000

    Update upstream source from tag 'upstream/1.35.3+ds1'
    
    Update to upstream version '1.35.3+ds1'
    with Debian dir 276f44357eedde9c0eaa40523d1a30ec11c8ee78

commit 11f1fa6ca90056e57ca9a80669cc8f86173dca75
Author: Reinhard Tartler <siretart@tauware.de>
Date:   Thu Jul 11 20:12:17 2024 -0400

    debian/changelog: update

commit 35e35a641e2d993b51c9b1d33a8420139162015c
Author: Reinhard Tartler <siretart@tauware.de>
Date:   Wed Jul 10 22:07:09 2024 -0400

    backport patch to support --start-interval

commit ca9e6ac76d64c38c5c39c9fea300958fe81ef9a2
Author: Reinhard Tartler <siretart@tauware.de>
Date:   Wed Jul 10 21:41:38 2024 -0400

    tighten dependency on imagebuildah to enable heredoc support

commit 48d84a56fc9bc5206f93c60f395219ab6ba35dcd
Author: Reinhard Tartler <siretart@tauware.de>
Date:   Wed Jul 10 21:21:40 2024 -0400

    Tighten depends on golang-github-fsouza-go-dockerclient-dev

commit 9f054b505ad9a6af9251dcc48287525420522ff7
Author: Reinhard Tartler <siretart@tauware.de>
Date:   Wed Jul 10 21:19:21 2024 -0400

    Disable TestDeviceFromPath, Closes: #1072147

commit 1885e12c72dd92d3169c6da4aade14e5c30b0aa8
Author: Reinhard Tartler <siretart@tauware.de>
Date:   Wed Jul 10 20:23:29 2024 -0400

    Build against docker 26.1, Closes: #1072578
    
    This enables HEREDOC and --checksum support in Dockerfiles

commit 907c517cffc5bd9d49031b91f44f00f07f501c43
Author: Reinhard Tartler <siretart@tauware.de>
Date:   Wed Jul 10 20:22:08 2024 -0400

    Refresh and document patches

commit 504f228696126bdebd9c799e5c6222732f3439f3
Author: Reinhard Tartler <siretart@tauware.de>
Date:   Sun May 5 07:27:02 2024 -0400

    debian/changelog: update

commit f4db5d8d86fa03f45e0793ddfb702aac765df920
Merge: 96ef0d2b9 b14140f59
Author: Reinhard Tartler <siretart@tauware.de>
Date:   Sun May 5 07:26:44 2024 -0400

    Update upstream source from tag 'upstream/1.35.3+ds1'
    
    Update to upstream version '1.35.3+ds1'
    with Debian dir 615ab68c398b17d407adc75d8eb3f3d32290a5cf

commit 8215d51369a8c8f4f85ec725de111a5cbffd50ae
Author: Reinhard Tartler <siretart@tauware.de>
Date:   Wed Mar 27 11:37:10 2024 +0000

    Add bug closure

commit afac243d6648a1d0ef5061ba4f46abccfab88f1c
Author: Reinhard Tartler <siretart@tauware.de>
Date:   Wed Mar 27 11:35:15 2024 +0000

    debian/changelog: update

commit 4ba7f6ab3989b6aa739f8ad3a9309c47581bf918
Merge: caa3574ab ee4eaa709
Author: Reinhard Tartler <siretart@tauware.de>
Date:   Wed Mar 27 11:32:30 2024 +0000

    Update upstream source from tag 'upstream/1.33.7+ds1'
    
    Update to upstream version '1.33.7+ds1'
    with Debian dir 91c763c02e45555e758d298b77013edf478e29a7

commit ee4eaa7090d58574c02502fed8e64e6a0f63b945
Merge: 495f6f8fd acfde2aed
Author: Reinhard Tartler <siretart@tauware.de>
Date:   Wed Mar 27 11:32:30 2024 +0000

    New upstream version 1.33.7+ds1

commit caa3574ab39a444fbd61d859bf5a55d95752737f
Merge: 33210af3b 495f6f8fd
Author: Reinhard Tartler <siretart@tauware.de>
Date:   Wed Mar 27 11:30:34 2024 +0000

    Update upstream source from tag 'upstream/1.33.7+ds1'
    
    Update to upstream version '1.33.7+ds1'
    with Debian dir 91c763c02e45555e758d298b77013edf478e29a7

commit 495f6f8fdd336998785181ddb74425c277ba0f07
Author: Reinhard Tartler <siretart@tauware.de>
Date:   Wed Mar 27 11:30:34 2024 +0000

    New upstream version 1.33.7+ds1

commit 96ef0d2b982b1ed4190285799a81ae2e9fdb4500
Author: Reinhard Tartler <siretart@tauware.de>
Date:   Mon Mar 18 01:30:21 2024 +0000

    tighten dependencies on containers/{storage,image,common}

commit 3bdb2768c7f9675e401ad9f300a4b51ac4ef6906
Author: Reinhard Tartler <siretart@tauware.de>
Date:   Mon Mar 18 01:27:23 2024 +0000

    refresh patches

commit c48f3370eaa7ca30719f89bb724d9f55b871cb2e
Author: Reinhard Tartler <siretart@tauware.de>
Date:   Mon Mar 18 01:21:44 2024 +0000

    debian/changelog: prepare new upload

Created: 2025-02-12 Last update: 2025-02-19 06:05

5 low-priority security issues in bookworm low

There are 5 open security issues in bookworm.

5 issues left for the package maintainer to handle:

CVE-2024-1753: (needs triaging) A flaw was found in Buildah (and subsequently Podman Build) which allows containers to mount arbitrary locations on the host filesystem into build containers. A malicious Containerfile can use a dummy image with a symbolic link to the root filesystem as a mount source and cause the mount operation to mount the host root filesystem inside the RUN step. The commands inside the RUN step will then have read-write access to the host filesystem, allowing for full container escape at build time.
CVE-2024-9407: (needs triaging) A vulnerability exists in the bind-propagation option of the Dockerfile RUN --mount instruction. The system does not properly validate the input passed to this option, allowing users to pass arbitrary parameters to the mount instruction. This issue can be exploited to mount sensitive directories from the host into a container during the build process and, in some cases, modify the contents of those mounted files. Even if SELinux is used, this vulnerability can bypass its protection by allowing the source directory to be relabeled to give the container access to host files.
CVE-2024-9675: (needs triaging) A vulnerability was found in Buildah. Cache mounts do not properly validate that user-specified paths for the cache are within our cache directory, allowing a `RUN` instruction in a Container file to mount an arbitrary directory from the host (read/write) into the container as long as those files can be accessed by the user running Buildah.
CVE-2024-9676: (needs triaging) A vulnerability was found in Podman, Buildah, and CRI-O. A symlink traversal vulnerability in the containers/storage library can cause Podman, Buildah, and CRI-O to hang and result in a denial of service via OOM kill when running a malicious image using an automatically assigned user namespace (`--userns=auto` in Podman and Buildah). The containers/storage library will read /etc/passwd inside the container, but does not properly validate if that file is a symlink, which can be used to cause the library to read an arbitrary file on the host.
CVE-2024-11218: (needs triaging) A vulnerability was found in `podman build` and `buildah.` This issue occurs in a container breakout by using --jobs=2 and a race condition when building a malicious Containerfile. SELinux might mitigate it, but even with SELinux on, it still allows the enumeration of files and directories on the host.

You can find information about how to handle these issues in the security team's documentation.

Created: 2024-03-19 Last update: 2025-02-19 11:55

debian/patches: 4 patches to forward upstream low

Among the 4 debian patches available in version 1.39.0+ds1-1 of the package, we noticed the following issues:

4 patches where the metadata indicates that the patch has not yet been forwarded upstream. You should either forward the patch upstream or update the metadata to document its real status.

Created: 2023-02-26 Last update: 2025-02-13 06:01

Standards version of the package is outdated. wishlist

The package should be updated to follow the last version of Debian Policy (Standards-Version 4.7.1 instead of 4.7.0).

Created: 2025-02-21 Last update: 2025-02-21 04:27

news

[rss feed]

[2025-02-15] golang-github-containers-buildah 1.39.0+ds1-1 MIGRATED to testing (Debian testing watch)
[2025-02-12] Accepted golang-github-containers-buildah 1.39.0+ds1-1 (source) into unstable (Reinhard Tartler)
[2025-02-03] Accepted golang-github-containers-buildah 1.28.2+ds1-3+deb12u1 (source) into proposed-updates (Debian FTP Masters) (signed by: Jonathan Wiltshire)
[2025-01-28] golang-github-containers-buildah 1.38.1+ds1-1 MIGRATED to testing (Debian testing watch)
[2025-01-24] Accepted golang-github-containers-buildah 1.38.1+ds1-1 (source) into unstable (Reinhard Tartler)
[2024-11-21] golang-github-containers-buildah 1.38.0+ds1-2 MIGRATED to testing (Debian testing watch)
[2024-11-17] Accepted golang-github-containers-buildah 1.38.0+ds1-2 (source) into unstable (Reinhard Tartler)
[2024-11-12] Accepted golang-github-containers-buildah 1.38.0+ds1-1 (source) into experimental (Reinhard Tartler)
[2024-10-27] golang-github-containers-buildah 1.37.5+ds1-1 MIGRATED to testing (Debian testing watch)
[2024-10-20] Accepted golang-github-containers-buildah 1.37.5+ds1-1 (source) into unstable (Reinhard Tartler)
[2024-10-18] golang-github-containers-buildah 1.37.4+ds1-1 MIGRATED to testing (Debian testing watch)
[2024-10-16] Accepted golang-github-containers-buildah 1.37.4+ds1-1 (source) into unstable (Reinhard Tartler)
[2024-10-03] golang-github-containers-buildah 1.37.3+ds1-3 MIGRATED to testing (Debian testing watch)
[2024-09-29] Accepted golang-github-containers-buildah 1.37.3+ds1-3 (source) into unstable (Reinhard Tartler)
[2024-09-29] Accepted golang-github-containers-buildah 1.37.3+ds1-2 (source) into unstable (Reinhard Tartler)
[2024-09-26] Accepted golang-github-containers-buildah 1.37.3+ds1-1 (source) into unstable (Reinhard Tartler)
[2024-09-14] golang-github-containers-buildah 1.37.2+ds1-3 MIGRATED to testing (Debian testing watch)
[2024-09-10] Accepted golang-github-containers-buildah 1.37.2+ds1-3 (source) into unstable (Reinhard Tartler)
[2024-09-02] Accepted golang-github-containers-buildah 1.37.2+ds1-2 (source) into experimental (Reinhard Tartler)
[2024-09-01] Accepted golang-github-containers-buildah 1.37.2+ds1-1 (source) into experimental (Reinhard Tartler)
[2024-08-28] golang-github-containers-buildah 1.37.1+ds1-2 MIGRATED to testing (Debian testing watch)
[2024-08-17] Accepted golang-github-containers-buildah 1.37.1+ds1-2 (source) into unstable (Reinhard Tartler)
[2024-08-16] Accepted golang-github-containers-buildah 1.37.1+ds1-1 (source) into experimental (Reinhard Tartler)
[2024-08-07] Accepted golang-github-containers-buildah 1.37.0+ds1-1 (source) into experimental (Reinhard Tartler)
[2024-08-07] golang-github-containers-buildah 1.35.3+ds1-3 MIGRATED to testing (Debian testing watch)
[2024-07-27] Accepted golang-github-containers-buildah 1.35.3+ds1-3 (source) into unstable (Mathias Gibbens)
[2024-07-12] Accepted golang-github-containers-buildah 1.35.3+ds1-2 (source) into experimental (Reinhard Tartler)
[2024-05-05] Accepted golang-github-containers-buildah 1.35.3+ds1-1 (source) into experimental (Reinhard Tartler)
[2024-05-03] golang-github-containers-buildah 1.33.7+ds1-1 MIGRATED to testing (Debian testing watch)
[2024-03-27] Accepted golang-github-containers-buildah 1.33.7+ds1-1 (source) into unstable (Reinhard Tartler)

bugs [bug history graph]

all: 2
RC: 0
I&N: 2
M&W: 0
F&P: 0
patch: 0

links

homepage
lintian (1, 26)
buildd: logs, checks, reproducibility, cross
popcon
browse source code
edit tags
other distros
security tracker
debian patches
debci

ubuntu

[Information about Ubuntu for Debian Developers]

version: 1.35.3+ds1-3