libpod - Debian Package Tracker

general

source: libpod (main)
version: 4.3.1+ds1-5
maintainer: Debian Go Packaging Team (archive) (DMD)
uploaders: Reinhard Tartler [DMD] – Dmitry Smirnov [DMD]
arch: any
std-ver: 4.6.0
VCS: Git (Browse, QA)

versions [more versions can be listed by madison] [old versions available from snapshot.debian.org]

[pool directory]

stable: 3.0.1+dfsg1-3+deb11u1
testing: 3.4.7+ds1-3
unstable: 4.3.1+ds1-5

versioned links

3.0.1+dfsg1-3+deb11u1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
3.4.7+ds1-3: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
4.3.1+ds1-5: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]

binaries

podman (5 bugs: 0, 2, 3, 0)
podman-docker

action needed

Problems while searching for a new upstream version high

uscan had problems while searching for a new upstream version:

In debian/watch no matching files for watch line
  https://github.com/containers/podman/releases .*/archive/refs/tags/v?(\d[-\w\d\.]+)\.tar\.gz

Created: 2022-11-28 Last update: 2022-12-03 21:40

1 security issue in bookworm high

There is 1 open security issue in bookworm.

1 important issue:

CVE-2022-2989: An incorrect handling of the supplementary groups in the Podman container engine might lead to the sensitive information disclosure or possible data modification if an attacker has direct access to the affected container where supplementary groups are used to set access permissions and is able to execute a binary code in that container.

Created: 2022-08-26 Last update: 2022-11-28 06:53

lintian reports 1 error and 16 warnings high

Lintian reports 1 error and 16 warnings about this package. You should make the package lintian clean getting rid of them.

Created: 2021-10-13 Last update: 2022-11-25 09:37

The package has not entered testing even though the delay is over normal

The package has not entered testing even though the 2-day delay is over. Check why.

Created: 2022-11-30 Last update: 2022-12-03 21:37

1 bug tagged patch in the BTS normal

The BTS contains patches fixing 1 bug, consider including or untagging them.

Created: 2022-09-22 Last update: 2022-12-03 21:32

6 new commits since last upload, is it time to release? normal

vcswatch reports that this package seems to have new commits in its VCS but has not yet updated debian/changelog. You should consider updating the Debian changelog and uploading this new version into the archive.

Here are the relevant commit logs:

commit 366af867326cae2ee0ced48bd9a4f7229ae53f0e
Author: Reinhard Tartler <siretart@tauware.de>
Date:   Tue Nov 29 08:10:51 2022 -0500

    Re-enable builtin tests, but mark as flaky

commit 54d885f3fbfb52bc3c0a61f82f0d1de8105fa33a
Author: Reinhard Tartler <siretart@tauware.de>
Date:   Sun Nov 27 12:25:43 2022 -0500

    debian/changelog: update

commit 0bd955a3f620ad8ae0e692aad363d935c7d8f96d
Author: Reinhard Tartler <siretart@tauware.de>
Date:   Sun Nov 27 14:35:31 2022 -0500

    Add simple smoketest

commit 4ad20c788fd76cd7e4068e360c079e79f7e89ed5
Author: Reinhard Tartler <siretart@tauware.de>
Date:   Sun Nov 27 13:59:46 2022 -0500

    golang-github-containers-libpod-dev: stop building package
    
    Before re-enabling, please double check that the autopkgtest work

commit 3a3ac7154819dd6241104ca79f85dbfa978e9f8c
Author: Reinhard Tartler <siretart@tauware.de>
Date:   Sun Nov 27 12:17:32 2022 -0500

    avoid installing vendored sources after libpod->podman rename

commit 9856ce14c5fbd636094632fabd9c21e999dba03f
Author: Reinhard Tartler <siretart@tauware.de>
Date:   Sun Nov 27 12:05:31 2022 -0500

    debian/rules: cleanp DH_GOLANG_INSTALL_EXTRA

https://salsa.debian.org/api/v4/projects/debian%2Flibpod/pipelines?scope=finished&per_page=1 API request failed: 403 Forbidden at /srv/qa.debian.org/data/vcswatch/vcswatch line 423.

Created: 2022-11-27 Last update: 2022-11-29 14:41

3 low-priority security issues in bullseye low

There are 3 open security issues in bullseye.

3 issues left for the package maintainer to handle:

CVE-2022-1227: (needs triaging) A privilege escalation flaw was found in Podman. This flaw allows an attacker to publish a malicious image to a public registry. Once this image is downloaded by a potential victim, the vulnerability is triggered after a user runs the 'podman top' command. This action gives the attacker access to the host filesystem, leading to information disclosure or denial of service.
CVE-2022-2989: (needs triaging) An incorrect handling of the supplementary groups in the Podman container engine might lead to the sensitive information disclosure or possible data modification if an attacker has direct access to the affected container where supplementary groups are used to set access permissions and is able to execute a binary code in that container.
CVE-2022-27649: (needs triaging) A flaw was found in Podman, where containers were started incorrectly with non-empty default permissions. A vulnerability was found in Moby (Docker Engine), where containers were started incorrectly with non-empty inheritable Linux process capabilities. This flaw allows an attacker with access to programs with inheritable file capabilities to elevate those capabilities to the permitted set when execve(2) runs.

You can find information about how to handle these issues in the security team's documentation.

Created: 2022-07-04 Last update: 2022-11-28 06:53

Standards version of the package is outdated. wishlist

The package should be updated to follow the last version of Debian Policy (Standards-Version 4.6.1 instead of 4.6.0).

Created: 2022-05-11 Last update: 2022-11-28 06:58

testing migrations

excuses:
- Migration status: Blocked. Can't migrate due to a non-migratable dependency. Check status below.
- Blocked by: golang-github-containers-common
- Migrates after: golang-github-containers-buildah
- Migration status for libpod (3.4.7+ds1-3 to 4.3.1+ds1-5): BLOCKED: Cannot migrate due to another item, which is blocked (please check which dependencies are stuck)
- Issues preventing migration:
- ∙ ∙ Build-Depends(-Arch): libpod golang-github-containers-common (not considered)
- ∙ ∙ Built-Using: libpod golang-github-containers-common (not considered)
- ∙ ∙ Invalidated by build-dependency
- ∙ ∙ Invalidated by built-using
- ∙ ∙ Build-Depends(-Arch): libpod golang-github-containers-buildah
- ∙ ∙ Built-Using: libpod golang-github-containers-buildah
- Additional info:
- ∙ ∙ Piuparts tested OK - https://piuparts.debian.org/sid/source/libp/libpod.html
- ∙ ∙ autopkgtest for libpod/4.3.1+ds1-5: amd64: Pass, arm64: Pass, armel: Pass, armhf: Pass, i386: Pass, ppc64el: Pass, s390x: Pass
- ∙ ∙ Required age reduced by 3 days because of autopkgtest
- ∙ ∙ 6 days old (needed 2 days)
- Not considered

news

[rss feed]

[2022-11-27] Accepted libpod 4.3.1+ds1-5 (source) into unstable (Reinhard Tartler)
[2022-11-24] Accepted libpod 4.3.1+ds1-4 (source) into unstable (Reinhard Tartler)
[2022-11-23] Accepted libpod 4.3.1+ds1-3 (source) into experimental (Reinhard Tartler)
[2022-11-14] Accepted libpod 4.3.1+ds1-2 (source) into experimental (Reinhard Tartler)
[2022-11-14] Accepted libpod 4.3.1+ds1-1 (source) into experimental (Reinhard Tartler)
[2022-08-19] Accepted libpod 4.2.0+ds1-3 (source) into experimental (Reinhard Tartler)
[2022-08-17] Accepted libpod 4.2.0+ds1-2 (source) into experimental (Reinhard Tartler)
[2022-08-17] Accepted libpod 4.2.0+ds1-1 (source) into experimental (Reinhard Tartler)
[2022-07-04] Accepted libpod 4.1.1+ds1-2 (source) into experimental (Reinhard Tartler)
[2022-07-03] Accepted libpod 4.1.1+ds1-1 (source) into experimental (Reinhard Tartler)
[2022-05-19] Accepted libpod 4.1.0+ds2-2 (source) into experimental (Reinhard Tartler)
[2022-05-19] Accepted libpod 4.1.0+ds2-1 (source) into experimental (Reinhard Tartler)
[2022-04-26] libpod 3.4.7+ds1-3 MIGRATED to testing (Debian testing watch)
[2022-04-24] Accepted libpod 3.4.7+ds1-3 (source) into unstable (Reinhard Tartler)
[2022-04-23] Accepted libpod 3.4.7+ds1-2 (source) into unstable (Reinhard Tartler)
[2022-04-21] Accepted libpod 3.4.7+ds1-1 (source) into unstable (Reinhard Tartler)
[2022-04-19] libpod 3.4.6+ds1-1 MIGRATED to testing (Debian testing watch)
[2022-04-16] Accepted libpod 4.0.3+ds1-1 (source) into experimental (Reinhard Tartler)
[2022-04-14] Accepted libpod 3.4.6+ds1-1 (source) into unstable (Reinhard Tartler)
[2022-03-06] Accepted libpod 4.0.1+ds1-3 (source) into experimental (Reinhard Tartler)
[2022-03-05] Accepted libpod 3.0.1+dfsg1-3+deb11u1 (source) into proposed-updates->stable-new, proposed-updates (Debian FTP Masters) (signed by: Reinhard Tartler)
[2022-02-25] Accepted libpod 4.0.1+ds1-2 (source) into experimental (Reinhard Tartler)
[2022-02-24] Accepted libpod 4.0.1+ds1-1 (source) into experimental (Reinhard Tartler)
[2022-02-22] Accepted libpod 4.0.0~rc5+ds1-1 (source) into experimental (Reinhard Tartler)
[2022-01-04] libpod 3.4.4+ds1-1 MIGRATED to testing (Debian testing watch)
[2021-12-27] Accepted libpod 3.4.4+ds1-1 (source) into unstable (Reinhard Tartler)
[2021-12-27] libpod 3.4.3+ds1-1 MIGRATED to testing (Debian testing watch)
[2021-12-24] Accepted libpod 3.4.3+ds1-1 (source) into unstable (Reinhard Tartler)
[2021-12-09] libpod 3.4.2+ds1-1 MIGRATED to testing (Debian testing watch)
[2021-11-20] Accepted libpod 3.4.2+ds1-1 (source) into unstable (Reinhard Tartler)

bugs [bug history graph]

all: 5 6
RC: 0
I&N: 2
M&W: 2 3
F&P: 1
patch: 1

links

homepage
lintian (1, 16)
buildd: logs, checks, reproducibility, cross
popcon
browse source code
edit tags
other distros
security tracker
debci

ubuntu

[Information about Ubuntu for Debian Developers]

version: 3.4.4+ds1-1ubuntu1
4 bugs
patches for 3.4.4+ds1-1ubuntu1