Bump github.com/containers/podman/v4 from 4.2.0 to 4.4.2

Bumps github.com/containers/podman/v4 from 4.2.0 to 4.4.2.

Release notes

Sourced from github.com/containers/podman/v4's releases.

v4.4.2

Security

This release fixes CVE-2023-0778, which allowed a malicious user to potentially replace a normal file in a volume with a symlink while exporting the volume, allowing for access to arbitrary files on the host file system.

Bugfixes

Fixed a bug where containers started via the podman-kube systemd template would always use the "passthrough" log driver (#17482).

Fixed a bug where pulls would unexpectedly encounter an EOF error. Now, Podman automatically transparently resumes aborted pull connections.

Fixed a race condition in Podman's signal proxy.

Misc

Updated the containers/image library to v5.24.1.

v4.4.1

Changes

Added the podman-systemd.unit man page, which can also be displayed using man quadlet (#17349).

Documented journald identifiers used in the journald backend for the podman events command.

Dropped the CAP_CHROOT, CAP_AUDIT_WRITE, CAP_MKNOD, CAP_MKNOD default capabilities.

Bugfixes

Fixed a bug where the default handling of pids-limit was incorrect.

Fixed a bug where parallel calls to make docs crashed (#17322).

Fixed a regression in the podman kube play command where existing resources got mistakenly removed.

v4.4.0

Features

Introduce Quadlet, a new systemd-generator that easily writes and maintains systemd services using Podman.

The podman kube play command now supports hostPID in the pod.spec (#17157).

The podman build command now supports the --group-add option.

A new command, podman network update has been added, which updates networks for containers and pods.

The podman network create command now supports a new option, --network-dns-server, which sets the DNS servers that this network will use.

The podman kube play command now accepts the--publish option, which sets or overrides port publishing.

The podman inspect command now returns an error field (#13729).

The podman update command now accepts the --pids-limit option, which sets the PIDs limit for a container (#16543).

Podman now supports container names beginning with a / to match Docker behaviour (#16663).

The podman events command now supports die as a value (mapping to died) to the --filter option, for better Docker compatibility (#16857).

The podman system dfcommand’s --format "{{ json . }}" option now outputs human-readable format to improve Docker compatibility

The podman rm -f command now also terminates containers in "stopping" state.

Rootless privileged containers will now mount all tty devices, except for the virtual-console related tty devices (/dev/tty[0-9]+) (#16925).

The podman play kube command now supports subpaths when using configmap and hostpath volume types (#16828).

All commands with the --no-heading option now include a short option, -n.

The podman push command no longer ignores the hidden --signature-policy flag.

The podman wait command now supports the --ignore option.

The podman network create command now supports the --ignore option to instruct Podman to not fail when trying to create an already existing network.

The podman kube play command now supports volume subpaths when using named volumes (#12929).

The podman kube play command now supports container startup probes.

A new command, podman buildx version, has been added, which shows the buildah version (#16793).

Remote usage of the podman build command now supports the --volume option (#16694).

The --opt parent=... option is now accepted with the ipvlan network driver in the podman network create command (#16621).

The --init-ctr option for the podman container create command now supports shell completion.

The podman kube play command run with a readOnlyTmpfs Flag in the kube YAML can now write to tmpfs inside of the container.

... (truncated)

Changelog

Sourced from github.com/containers/podman/v4's changelog.

4.4.2

Security

This release fixes CVE-2023-0778, which allowed a malicious user to potentially replace a normal file in a volume with a symlink while exporting the volume, allowing for access to arbitrary files on the host file system.

Bugfixes

Fixed a bug where containers started via the podman-kube systemd template would always use the "passthrough" log driver (#17482).

Fixed a bug where pulls would unexpectedly encounter an EOF error. Now, Podman automatically transparently resumes aborted pull connections.

Fixed a race condition in Podman's signal proxy.

Misc

Updated the containers/image library to v5.24.1.

4.4.1

Changes

Added the podman-systemd.unit man page, which can also be displayed using man quadlet (#17349).

Documented journald identifiers used in the journald backend for the podman events command.

Dropped the CAP_CHROOT, CAP_AUDIT_WRITE, CAP_MKNOD, CAP_MKNOD default capabilities.

Bugfixes

Fixed a bug where the default handling of pids-limit was incorrect.

Fixed a bug where parallel calls to make docs crashed (#17322).

Fixed a regression in the podman kube play command where existing resources got mistakenly removed.

4.4.0

Features

Introduce Quadlet, a new systemd-generator that easily writes and maintains systemd services using Podman.

The podman kube play command now supports hostPID in the pod.spec (#17157).

The podman build command now supports the --group-add option.

A new command, podman network update has been added, which updates networks for containers and pods.

The podman network create command now supports a new option, --network-dns-server, which sets the DNS servers that this network will use.

The podman kube play command now accepts the--publish option, which sets or overrides port publishing.

The podman inspect command now returns an error field (#13729).

The podman update command now accepts the --pids-limit option, which sets the PIDs limit for a container (#16543).

Podman now supports container names beginning with a / to match Docker behaviour (#16663).

The podman events command now supports die as a value (mapping to died) to the --filter option, for better Docker compatibility (#16857).

The podman system dfcommand’s --format "{{ json . }}" option now outputs human-readable format to improve Docker compatibility

The podman rm -f command now also terminates containers in "stopping" state.

Rootless privileged containers will now mount all tty devices, except for the virtual-console related tty devices (/dev/tty[0-9]+) (#16925).

The podman play kube command now supports subpaths when using configmap and hostpath volume types (#16828).

All commands with the --no-heading option now include a short option, -n.

The podman push command no longer ignores the hidden --signature-policy flag.

The podman wait command now supports the --ignore option.

The podman network create command now supports the --ignore option to instruct Podman to not fail when trying to create an already existing network.

The podman kube play command now supports volume subpaths when using named volumes (#12929).

The podman kube play command now supports container startup probes.

A new command, podman buildx version, has been added, which shows the buildah version (#16793).

Remote usage of the podman build command now supports the --volume option (#16694).

The --opt parent=... option is now accepted with the ipvlan network driver in the podman network create command (#16621).

The --init-ctr option for the podman container create command now supports shell completion.

The podman kube play command run with a readOnlyTmpfs Flag in the kube YAML can now write to tmpfs inside of the container.

... (truncated)

Commits

74afe26 Bump to v4.4.2
87a1c27 Release notes for v4.4.2
266ce9a Merge pull request #17557 from openshift-cherrypick-robot/cherry-pick-17554-t...
3abff42 Revert "CI: Temporarily disable all AWS EC2-based tasks"
2d68f21 Merge pull request #17553 from openshift-cherrypick-robot/cherry-pick-17548-t...
9168027 Merge pull request #17552 from openshift-cherrypick-robot/cherry-pick-17544-t...
f60a6cd Merge pull request #17549 from openshift-cherrypick-robot/cherry-pick-17525-t...
f17495e Merge pull request #17532 from mheon/backport_17528_44
8322cab kube play: only enforce passthrough in Quadlet
d69512b Emergency fix for man pages: check for broken includes
Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/containers/fetchit/network/alerts).

containers / fetchit

Bump github.com/containers/podman/v4 from 4.2.0 to 4.4.2 #297

v4.4.2

Security

Bugfixes

Misc

v4.4.1

Changes

Bugfixes

v4.4.0

Features

4.4.2

Security

Bugfixes

Misc

4.4.1

Changes

Bugfixes

4.4.0

Features