v1.37.5

What's Changed

Notable changes

• [release-1.37] Bump Buildah to v1.37.5 by @TomSweeneyRedHat
• [release-1.37] [skip-ci] Packit: constrain koji job to fedora package to avoid dupes by @openshift-cherrypick-robot in #5775
• [release-1.37] Properly validate cache IDs and sources - Resolves CVE-2024-9675 by @openshift-cherrypick-robot in #5780
• [release-1.37] Bump the containers/storage library to v1.55.1 - Resolves CVE-2024-9676 by @mheon in #5786

Full Changelog: v1.37.4...v1.37.5

v1.29.4

What's Changed

• [release-1.29] bump to v1.29.3, fix conformance, CVE-2024-1753, CVE-2024-24786 by @TomSweeneyRedHat in #5434

Full Changelog: v1.29.3...v1.29.4

v1.37.4

What's Changed

Notable changes

• [release-1.37] Fix CVE-2024-9407 and CVE-2024-9341 by @Luap99 in #5764

Full Changelog: v1.37.3...v1.37.4

v1.37.3

What's Changed

Notable changes

• [release-1.37] Bump Buildah to v1.37.2, c/common v0.60.2, c/image v5.32.2 by @TomSweeneyRedHat in #5696
• [release-1.37] Use Epoch: 2 and respect the epoch in dependencies. by @openshift-cherrypick-robot in #5699
• [release-1.37] imagebuildah.StageExecutor: clean up volumes/volumeCache by @nalind in #5740
• [release-1.37] manifest add --artifact: handle multiple values by @openshift-cherrypick-robot in #5739
• [skip-ci] Release 1.37 packit backports by @lsm5 in #5735
• [release-1.37] Do not error on trying to write IMA xattr as rootless by @mheon in #5746

Full Changelog: v1.37.2...v1.37.3

v1.37.2

What's Changed

Notable changes

• [release-1.37] Bump Buildah to v1.37.2, c/common v0.60.2, c/image v5.32.2 by @TomSweeneyRedHat in #5696

Full Changelog: v1.37.1...v1.37.2

v1.37.1

[release-1.37] Bump c/common v0.60.1, c/image v5.32.1
[release-1.37] Bump to Buildah v1.37.1

Full Changelog: v1.37.0...v1.37.1

v1.37.0

What's Changed

Notable changes

• Bump to Buildah v1.36.0 by @TomSweeneyRedHat in #5545
• fix secret mounts for env vars when using chroot isolation by @jonahbull in #5544
• CI: Clarify Debian use for conformance tests by @cevich in #5538
• imagebuildah: Support custom image reference lookup for cache push/pull by @aaronlehmann in #5532
• [skip-ci] Packit: enable c10s downstream sync by @lsm5 in #5514
• CI VMs: bump, to debian with cgroups v2 by @edsantiago in #5550
• Drop copyStringSlice() and copyStringStringMap() by @nalind in #5570
• Cross-build on Fedora by @cevich in #5572
• healthcheck: Add support for --start-interval by @flouthoc in #5472
• Re-enable two conformance tests by @nalind in #5566
• Clarify definition of --pull options by @rhatdan in #5407
• tests: set _CONTAINERS_USERNS_CONFIGURED=done for libnetwork by @nalind in #5574
• buildah: fix a nil pointer reference on FreeBSD by @dfr in #5580
• Add some NetBSD support by @coypoop in #5559
• CI VMs: bump by @edsantiago in #5600
• buildah copy: preserve owner info with --from= a container or image by @nalind in #5597
• containerImageRef.NewImageSource(): move the FROM comment to first by @nalind in #5595
• Update godoc for Builder.EnsureContainerPathAs by @nalind in #5594
• commit: set "parent" for docker format only when requested by @nalind in #5596
• imagebuildah.StageExecutor.prepare(): log the --platform flag by @nalind in #5599
• Rework parsing of --pull flags by @nalind in #5605
• Bump github.com/openshift/imagebuilder from v1.2.10 to v1.2.11 by @nalind in #5609
• Change default for podman build to --pull missing by @rhatdan in #5583
• Vendor in latest containers/(common, image, storage) by @rhatdan in #5585
• imagebuildah: make traditional volume handling not the default by @nalind in #5604
• Replace libimage.LookupReferenceFunc with the manifests version by @nalind in #5628
• Revert #5627 by @nalind in #5629
• CI: use local registry by @edsantiago in #5584
• Update github.com/openshift/imagebuilder to v1.2.14 by @nalind in #5641

Dependency updates

• fix(deps): update module github.com/onsi/ginkgo/v2 to v2.19.0 by @renovate in #5546
• fix(deps): update golang.org/x/exp digest to fd00a4e by @renovate in #5558
• fix(deps): update module github.com/openshift/imagebuilder to v1.2.10 by @renovate in #5563
• fix(deps): update module golang.org/x/crypto to v0.24.0 by @renovate in #5568
• fix(deps): update module github.com/containerd/containerd to v1.7.18 by @renovate in #5571
• fix(deps): update module github.com/docker/docker to v26.1.4+incompatible by @renovate in #5573
• fix(deps): update module github.com/containers/common to v0.59.1 by @renovate in #5567
• fix(deps): update module github.com/opencontainers/runc to v1.1.13 by @renovate in #5589
• fix(deps): update module github.com/spf13/cobra to v1.8.1 by @renovate in #5591
• fix(deps): update module github.com/containernetworking/cni to v1.2.0 by @renovate in #5475
• fix(deps): update module github.com/containers/image/v5 to v5.31.1 by @renovate in #5601
• fix(deps): update golang.org/x/exp digest to 7f521ea by @renovate in #5613
• fix(deps): update github.com/containers/luksy digest to a8846e2 by @renovate in #5612
• fix(deps): update module golang.org/x/sys to v0.22.0 by @renovate in #5618
• fix(deps): update module golang.org/x/term to v0.22.0 by @renovate in #5619
• fix(deps): update module github.com/containers/image/v5 to v5.31.1 by @renovate in #5627
• fix(deps): update module github.com/fsouza/go-dockerclient to v1.11.1 by @renovate in #5634
• fix(deps): update module github.com/docker/docker to v27.1.0+incompatible by @renovate in #5639
• fix(deps): update module github.com/cyphar/filepath-securejoin to v0.3.1 by @renovate in #5643
• fix(deps): update module github.com/docker/docker to v27.1.1+incompatible by @renovate in #5644

New Contributors

• @jonahbull made their first contribution in #5544
• @coypoop made their first contribution in #5559

Full Changelog: v1.36.0...v1.37.0

v1.36.0

What's Changed

Notable changes

• Bump c/* projects, Buildah to v1.35.0 and then to v1.36.0-dev by @TomSweeneyRedHat in #5385
• Update .gitignore by @mtrmac in #5389
• [CI:DOCS] Migrate buildah container image by @cevich in #5384
• tests: enable pasta tests by @Luap99 in #5381
• pr-should-include-tests: use GitHub label, not commit text by @edsantiago in #5374
• Bump google.golang.org/protobuf to v1.33.0 by @TomSweeneyRedHat in #5404
• [skip-ci] Makefile: update rpm target by @lsm5 in #5388
• [skip-ci] rpm: use go-rpm-macros supported vendoring by @lsm5 in #5410
• fix links to containerignore doc by @Pvlerick in #5402
• fix /etc/hosts and resolv.conf setup with network configs by @Luap99 in #5409
• CVE-2024-1753 container escape fix by @TomSweeneyRedHat in #5411
• [CI:DOCS] Stop rebasing renovate PRs automatically by @cevich in #5414
• Change RUN to comment in bud.bats by @TomSweeneyRedHat in #5415
• CI: bump VMs by @edsantiago in #5426
• Makefile - instead of calling as directly, use it from env var by @rahilarious in #5436
• Add support for passing CDI specs to --device by @nalind in #5443
• Makefile: softcode strip, use it from env var by @rahilarious in #5446
• Fix caching when mounting a cached stage with COPY/ADD by @aaronlehmann in #5445
• source-push: add support for --digestfile by @flouthoc in #5454
• Update install.md by @onlykzy in #5457
• heredoc: honor inline COPY irrespective of .containerignore file by @flouthoc in #5459
• [skip-ci] Fix issue/pr lock workflow by @cevich in #5466
• use containers/storage/pkg/fileutils/(Exists,Lexists) by @giuseppe in #5469
• Integration tests: fixup use of _prefetch by @nalind in #5480
• Switch packit configuration to use epel-9-$arch instead of centos-stream+epel-next-9-$arch by @nalind in #5484
• integration test: handle new labels in "bud and test --unsetlabel" by @nalind in #5487
• [CI:DOCS] Add golang 1.21 update warning by @cevich in #5437
• Makefile: add missing files to $(SOURCES) by @nalind in #5496
• Disable packit builds for centos-stream+epel-next-8 by @nalind in #5493
• Integration tests: switch some base images by @nalind in #5499
• Makefile: set GOTOOLCHAIN=local by @nalind in #5498
• containerImageRef.NewImageSource: merge the tar filters by @nalind in #5497
• Add link to Buildah image page to README.md by @TomSweeneyRedHat in #5515
• Don't set GOTOOLCHAIN=local by @nalind in #5513
• CI VMs: bump to new versions with tmpfs /tmp by @edsantiago in #5470
• Builder.cdiSetupDevicesInSpecdefConfig(): use configured CDI dirs by @nalind in #5494
• Address CVE-2024-3727 by @TomSweeneyRedHat in #5523
• Setting --arch should set the TARGETARCH build arg by @rhatdan in #5478
• fix CentOS/RHEL build - no BATS there by @jnovy in #5528
• Add release note template to split dependency chores by @der-eismann in #5463
• Don't leak temp files on failures by @rhatdan in #5527
• Don't expand RUN heredocs ourselves, let the shell do it by @nalind in #5473
• Integration tests: fake up a replacement for nixery.dev/shell by @nalind in #5495
• bud tests: fix breakage when vendoring into podman by @edsantiago in #5537
• Fix buildah prune --help examples by @naskya in #5534
• Bump to c/common v0.59.0 by @TomSweeneyRedHat in #5542
• build: be more selective about specifying the default OS by @nalind in #5543

Dependency updates

• chore(deps): update module github.com/go-jose/go-jose/v3 to v3.0.3 [security] by @renovate in #5395
• fix(deps): update module github.com/docker/docker to v25.0.4+incompatible by @renovate in #5387
• fix(deps): update module github.com/containers/ocicrypt to v1.1.10 by @renovate in #5397
• chore(deps): update module gopkg.in/go-jose/go-jose.v2 to v2.6.3 [security] by @renovate in #5396
• fix(deps): update module github.com/onsi/ginkgo/v2 to v2.16.0 by @renovate in #5377
• fix(deps): update module github.com/onsi/ginkgo/v2 to v2.17.0 by @renovate in #5412
• fix(deps): update module github.com/docker/docker to v25.0.5+incompatible by @renovate in #5418
• fix(deps): update github.com/containers/luksy digest to 3d2cf0e by @renovate in #5447
• fix(deps): update module github.com/onsi/ginkgo/v2 to v2.17.1 by @renovate in #5430
• chore(deps): update module golang.org/x/net to v0.23.0 [security] by @renovate in #5485
• fix(deps): update module github.com/containers/luksy to v0.0.0-20240408185936-afd8e7619947 by @renovate in #5502
• fix(deps): update module github.com/onsi/ginkgo/v2 to v2.17.2 by @renovate in #5505
• fix(deps): update module github.com/cyphar/filepath-securejoin to v0.2.5 by @renovate in #5511
• fix(deps): update module golang.org/x/exp to v0.0.0-20240416160154-fe59bbe5cc7f by @renovate in #5516
• chore(deps): update module github.com/opencontainers/runtime-spec to v1.2.0 by @renovate in #5363
• fix(deps): update module github.com/containers/luksy to v0.0.0-20240506205542-84b50f50f3ee by @renovate in #5518
• fix(deps): update module github.com/onsi/ginkgo/v2 to v2.18.0 by @renovate in #5540
• fix(deps): update module github.com/containers/image/v5 to v5.31.0 by @renovate in #5539

New Contributors

• @Pvlerick made their first contribution in #5402
• @aaronlehmann made their first contribution in #5445
• @onlykzy made their first contribution in #5457
• @jnovy made their first contribution in #5528
• @der-eismann made their first contribution in #5463
• @naskya made their first contribution in #5534

Full Changelog: v1.35.0...v1.36.0

v1.33.8

What's Changed

• [release-1.33] Bump to Buildah v1.33.8, CVE-2024-3727 by @TomSweeneyRedHat in #5533
• [release-1.33] Fix CVE-2024-1753, bump to v1.33.7 by @TomSweeneyRedHat in #5417
• [release-1.33] Bump ocicrypt and go-jose CVE-2024-28180 by @TomSweeneyRedHat in #5468
• [release-1.33] Bump go-jose CVE-2024-28180 by @TomSweeneyRedHat in #5482
• [release-1.33] integration test: handle new labels in "bud and test --unsetlabel" by @openshift-cherrypick-robot in #5504

Full Changelog: v1.33.7...v1.33.8

v1.35.4

What's Changed

• [release-1.35] Address CVE-2024-3727 by @TomSweeneyRedHat in #5521
• [release-1.35] Bump c/common to v0.58.1, Buildah to v1.35.3 by @TomSweeneyRedHat in #5441
• [release-1.35] Bump ocicrypt and go-jose CVE-2024-28180 by @TomSweeneyRedHat in #5467
• [release-1.35] Bump go-jose CVE-2024-28180 by @TomSweeneyRedHat in #5481
• [release-1.35] integration test: handle new labels in "bud and test --unsetlabel" by @openshift-cherrypick-robot in #5503

Full Changelog: v1.35.3...v1.35.4