Security update for skopeo SUSE Patch security@suse.de SUSE Security Team SUSE-SU-2024:1497-1 Final 1 1 2024-05-06T07:40:10Z current 2024-05-06T07:40:10Z 2024-05-06T07:40:10Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for skopeo This update for skopeo fixes the following issues: - Update to version 1.14.2: * [release-1.14] Bump Skopeo to v1.14.2 * [release-1.14] Bump c/image to v5.29.2, c/common to v0.57.3 (fixes bsc#1219563) - Update to version 1.14.1: * Bump to v1.14.1 * fix(deps): update module github.com/containers/common to v0.57.2 * fix(deps): update module github.com/containers/image/v5 to v5.29.1 * chore(deps): update dependency containers/automation_images to v20240102 * Fix libsubid detection * fix(deps): update module golang.org/x/term to v0.16.0 * fix(deps): update golang.org/x/exp digest to 02704c9 * chore(deps): update dependency containers/automation_images to v20231208 * [skip-ci] Update actions/stale action to v9 * fix(deps): update module github.com/containers/common to v0.57.1 * fix(deps): update golang.org/x/exp digest to 6522937 * DOCS: add Gentoo in install.md * DOCS: Update to add Arch Linux in install.md * fix(deps): update module golang.org/x/term to v0.15.0 * Bump to v1.14.1-dev - Update to version 1.14.0: * Bump to v1.14.0 * fix(deps): update module github.com/containers/common to v0.57.0 * chore(deps): update dependency containers/automation_images to v20231116 * fix(deps): update module github.com/containers/image/v5 to v5.29.0 * Add documentation and smoke tests for the new --compat-auth-file options * Update c/image and c/common to latest * fix(deps): update module github.com/containers/storage to v1.51.0 * fix(deps): update module golang.org/x/term to v0.14.0 * fix(deps): update module github.com/spf13/cobra to v1.8.0 * [CI:DOCS] Update dependency golangci/golangci-lint to v1.55.2 * [CI:DOCS] Update dependency golangci/golangci-lint to v1.55.1 * fix(deps): update github.com/containers/common digest to 3e5caa0 * chore(deps): update module google.golang.org/grpc to v1.57.1 [security] * fix(deps): update module github.com/containers/ocicrypt to v1.1.9 * Update github.com/klauspost/compress to v1.17.2 * chore(deps): update module github.com/docker/docker to v24.0.7+incompatible [security] * Fix ENTRYPOINT documentation, drop others. * Remove unused environment variables in Cirrus * [CI:DOCS] Update dependency golangci/golangci-lint to v1.55.0 * chore(deps): update dependency containers/automation_images to v20231004 * chore(deps): update module golang.org/x/net to v0.17.0 [security] * copy: Note support for `zstd:chunked` * fix(deps): update module golang.org/x/term to v0.13.0 * fix(deps): update module github.com/docker/distribution to v2.8.3+incompatible * fix(deps): update github.com/containers/common digest to 745eaa4 * Packit: switch to @containers/packit-build team for copr failure notification comments * Packit: tag @lsm5 on copr build failures * vendor of containers/common * fix(deps): update module github.com/opencontainers/image-spec to v1.1.0-rc5 * fix(deps): update module github.com/containers/common to v0.56.0 * Cirrus: Remove multi-arch skopeo image builds * fix(deps): update module github.com/containers/image/v5 to v5.28.0 * Increase the golangci-lint timeout * fix(deps): update module github.com/containers/storage to v1.50.2 * fix(deps): update module github.com/containers/storage to v1.50.1 * fix(deps): update golang.org/x/exp digest to 9212866 * Fix a man page link * fix(deps): update github.com/containers/image/v5 digest to 58d5eb6 * GHA: Closed issue/PR comment-lock test * fix(deps): update module github.com/containers/common to v0.55.4 * fix(deps): update module github.com/containers/storage to v1.49.0 * rpm: spdx compatible license field * chore(deps): update dependency golangci/golangci-lint to v1.54.2 * chore(deps): update dependency containers/automation_images to v20230816 * Packit: set eln target correctly * packit: Build PRs into default packit COPRs * DOCS: Update Go version requirement info * DOCS: Add information about the cross-build * fix(deps): update module github.com/containers/ocicrypt to v1.1.8 * fix(deps): update module github.com/containers/common to v0.55.3 * Update c/image after https://github.com/containers/image/pull/2070 * chore(deps): update dependency golangci/golangci-lint to v1.54.1 * chore(deps): update dependency containers/automation_images to v20230809 * fix(deps): update golang.org/x/exp digest to 352e893 * chore(deps): update dependency containers/automation_images to v20230807 * Update to Go 1.19 * fix(deps): update module golang.org/x/term to v0.11.0 * Update c/image for golang.org/x/exp * RPM: define gobuild macro for rhel/centos stream * Fix handling the unexpected return value combination from IsRunningImageAllowed * Close the PolicyContext, as required by the API * Use globalOptions.getPolicyContext instead of an image-targeted SystemContext * Packit: remove pre-sync action * fix(deps): update module github.com/containers/common to v0.55.2 * proxy: Change the imgid to uint64 * [CI:BUILD] Packit: install golist before updating downstream spec * Update module golang.org/x/term to v0.10.0 * Bump to v1.14.0-dev * Bump to v1.13.0 - Bump go version to 1.21 (bsc#1215611) - Update to version 1.13.2: * [release-1.13] Bump to v1.13.2 * [release-1.31] Bump c/common v0.55.3 * Packit: remove pre-sync action * [release-1.13] Bump to v1.13.2-dev - Update to version 1.13.1: * [release-1.13] Bump to v1.13.1 * [release-1.13] Bump c/common to v0.55.2 * [release-1.13 backport] [CI:BUILD] Packit: install golist before updating downstream spec * [release-1.13] Bump to v1.13.1-dev - Update to version 1.13.0: * Bump to v1.13.0 * proxy: Policy verification of OCI Image before pulling * Update module github.com/opencontainers/image-spec to v1.1.0-rc4 * Update module github.com/containers/common to v0.55.1 * Update module github.com/containers/common to v0.54.0 * Update module github.com/containers/image/v5 to v5.26.0 * [CI:BUILD] RPM: fix ELN builds * Update module github.com/containers/storage to v1.47.0 * Packit: easier to read distro conditionals * Update dependency golangci/golangci-lint to v1.53.3 * Help Renovate manage the golangci-lint version * Minor: Cleanup renovate configuration * Update dependency containers/automation_images to v20230614 * Update module golang.org/x/term to v0.9.0 * [CI:BUILD] Packit: add jobs for downstream Fedora package builds * Update module github.com/sirupsen/logrus to v1.9.3 * Update dependency containers/automation_images to v20230601 * Update golang.org/x/exp digest to 2e198f4 * Update github.com/containers/image/v5 digest to e14c1c5 * Update module github.com/stretchr/testify to v1.8.4 * Update module github.com/stretchr/testify to v1.8.3 * Update dependency containers/automation_images to v20230517 * Update module github.com/sirupsen/logrus to v1.9.2 * Update module github.com/docker/distribution to v2.8.2+incompatible * Trigger an update of the ostree_ext container image * Update c/image with https://github.com/containers/image/pull/1944 * Update module github.com/containers/common to v0.53.0 * Update module golang.org/x/term to v0.8.0 * Update dependency containers/automation_images to v20230426 * Update golang.org/x/exp digest to 47ecfdc * Emphasize the semantics of --preserve-digests a tiny bit * Improve the static build documentation a tiny bit * Bump to v1.12.1-dev The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). SUSE-2024-1497,SUSE-SLE-Micro-5.5-2024-1497,SUSE-SLE-Module-Basesystem-15-SP5-2024-1497,SUSE-SLE-Product-HPC-15-SP3-LTSS-2024-1497,SUSE-SLE-Product-HPC-15-SP4-ESPOS-2024-1497,SUSE-SLE-Product-HPC-15-SP4-LTSS-2024-1497,SUSE-SLE-Product-SLED-15-SP4-LTSS-2024-1497,SUSE-SLE-Product-SLES-15-SP3-LTSS-2024-1497,SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-1497,SUSE-SLE-Product-SLES_SAP-15-SP3-2024-1497,SUSE-SLE-Product-SLES_SAP-15-SP4-2024-1497,SUSE-SLE-Product-SUSE-Manager-Proxy-4.3-2024-1497,SUSE-SLE-Product-SUSE-Manager-Server-4.3-2024-1497,SUSE-Storage-7.1-2024-1497,openSUSE-SLE-15.5-2024-1497 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/update/announcement/2024/suse-su-20241497-1/ Link for SUSE-SU-2024:1497-1 https://lists.suse.com/pipermail/sle-updates/2024-May/035145.html E-Mail link for SUSE-SU-2024:1497-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1215611 SUSE Bug 1215611 https://bugzilla.suse.com/1219563 SUSE Bug 1219563 SUSE Enterprise Storage 7.1 SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS SUSE Linux Enterprise Micro 5.5 SUSE Linux Enterprise Module for Basesystem 15 SP5 SUSE Linux Enterprise Server 15 SP3-LTSS SUSE Linux Enterprise Server 15 SP4-LTSS SUSE Linux Enterprise Server for SAP Applications 15 SP3 SUSE Linux Enterprise Server for SAP Applications 15 SP4 SUSE Manager Proxy 4.3 SUSE Manager Server 4.3 openSUSE Leap 15.5 skopeo-1.14.2-150300.11.8.1 skopeo-bash-completion-1.14.2-150300.11.8.1 skopeo-fish-completion-1.14.2-150300.11.8.1 skopeo-zsh-completion-1.14.2-150300.11.8.1 skopeo-1.14.2-150300.11.8.1 as a component of SUSE Enterprise Storage 7.1 skopeo-1.14.2-150300.11.8.1 as a component of SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS skopeo-1.14.2-150300.11.8.1 as a component of SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS skopeo-1.14.2-150300.11.8.1 as a component of SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS skopeo-1.14.2-150300.11.8.1 as a component of SUSE Linux Enterprise Micro 5.5 skopeo-1.14.2-150300.11.8.1 as a component of SUSE Linux Enterprise Module for Basesystem 15 SP5 skopeo-1.14.2-150300.11.8.1 as a component of SUSE Linux Enterprise Server 15 SP3-LTSS skopeo-1.14.2-150300.11.8.1 as a component of SUSE Linux Enterprise Server 15 SP4-LTSS skopeo-1.14.2-150300.11.8.1 as a component of SUSE Linux Enterprise Server for SAP Applications 15 SP3 skopeo-1.14.2-150300.11.8.1 as a component of SUSE Linux Enterprise Server for SAP Applications 15 SP4 skopeo-1.14.2-150300.11.8.1 as a component of SUSE Manager Proxy 4.3 skopeo-1.14.2-150300.11.8.1 as a component of SUSE Manager Server 4.3 skopeo-1.14.2-150300.11.8.1 as a component of openSUSE Leap 15.5