A container-tools:ol8 security, bug fix, and enhancement update has been released for Oracle Linux 8.

El-errata: ELSA-2021-0531 Moderate: Oracle Linux 8 container-tools:ol8 security, bug fix, and enhancement update

Oracle Linux Security Advisory ELSA-2021-0531

  http://linux.oracle.com/errata/ELSA-2021-0531.html

The following updated rpms for Oracle Linux 8 have been uploaded to the
Unbreakable Linux Network:

x86_64:
buildah-1.16.7-4.0.1.module+el8.3.1+9659+c1901784.x86_64.rpm
buildah-tests-1.16.7-4.0.1.module+el8.3.1+9659+c1901784.x86_64.rpm
cockpit-podman-27.1-3.module+el8.3.1+9659+c1901784.noarch.rpm
conmon-2.0.22-3.module+el8.3.1+9659+c1901784.x86_64.rpm
containernetworking-plugins-0.9.0-1.module+el8.3.1+9659+c1901784.x86_64.rpm
containers-common-1.2.0-9.0.1.module+el8.3.1+9659+c1901784.x86_64.rpm
container-selinux-2.155.0-1.module+el8.3.1+9659+c1901784.noarch.rpm
crit-3.15-1.module+el8.3.1+9659+c1901784.x86_64.rpm
criu-3.15-1.module+el8.3.1+9659+c1901784.x86_64.rpm
crun-0.16-2.module+el8.3.1+9659+c1901784.x86_64.rpm
fuse-overlayfs-1.3.0-2.module+el8.3.1+9659+c1901784.x86_64.rpm
libslirp-4.3.1-1.module+el8.3.1+9659+c1901784.x86_64.rpm
libslirp-devel-4.3.1-1.module+el8.3.1+9659+c1901784.x86_64.rpm
oci-seccomp-bpf-hook-1.2.0-1.module+el8.3.1+9659+c1901784.x86_64.rpm
podman-2.2.1-7.0.1.module+el8.3.1+9659+c1901784.x86_64.rpm
podman-catatonit-2.2.1-7.0.1.module+el8.3.1+9659+c1901784.x86_64.rpm
podman-docker-2.2.1-7.0.1.module+el8.3.1+9659+c1901784.noarch.rpm
podman-plugins-2.2.1-7.0.1.module+el8.3.1+9659+c1901784.x86_64.rpm
podman-remote-2.2.1-7.0.1.module+el8.3.1+9659+c1901784.x86_64.rpm
podman-tests-2.2.1-7.0.1.module+el8.3.1+9659+c1901784.x86_64.rpm
python3-criu-3.15-1.module+el8.3.1+9659+c1901784.x86_64.rpm
python-podman-api-1.2.0-0.2.gitd0a45fe.module+el8.3.1+9659+c1901784.noarch.rpm
runc-1.0.0-70.rc92.module+el8.3.1+9659+c1901784.x86_64.rpm
skopeo-1.2.0-9.0.1.module+el8.3.1+9659+c1901784.x86_64.rpm
skopeo-tests-1.2.0-9.0.1.module+el8.3.1+9659+c1901784.x86_64.rpm
slirp4netns-1.1.8-1.module+el8.3.1+9659+c1901784.x86_64.rpm
udica-0.2.4-1.module+el8.3.1+9659+c1901784.noarch.rpm

aarch64:
buildah-1.16.7-4.0.1.module+el8.3.1+9659+c1901784.aarch64.rpm
buildah-tests-1.16.7-4.0.1.module+el8.3.1+9659+c1901784.aarch64.rpm
cockpit-podman-27.1-3.module+el8.3.1+9659+c1901784.noarch.rpm
conmon-2.0.22-3.module+el8.3.1+9659+c1901784.aarch64.rpm
containernetworking-plugins-0.9.0-1.module+el8.3.1+9659+c1901784.aarch64.rpm
containers-common-1.2.0-9.0.1.module+el8.3.1+9659+c1901784.aarch64.rpm
container-selinux-2.155.0-1.module+el8.3.1+9659+c1901784.noarch.rpm
crit-3.15-1.module+el8.3.1+9659+c1901784.aarch64.rpm
criu-3.15-1.module+el8.3.1+9659+c1901784.aarch64.rpm
crun-0.16-2.module+el8.3.1+9659+c1901784.aarch64.rpm
fuse-overlayfs-1.3.0-2.module+el8.3.1+9659+c1901784.aarch64.rpm
libslirp-4.3.1-1.module+el8.3.1+9659+c1901784.aarch64.rpm
libslirp-devel-4.3.1-1.module+el8.3.1+9659+c1901784.aarch64.rpm
oci-seccomp-bpf-hook-1.2.0-1.module+el8.3.1+9659+c1901784.aarch64.rpm
podman-2.2.1-7.0.1.module+el8.3.1+9659+c1901784.aarch64.rpm
podman-catatonit-2.2.1-7.0.1.module+el8.3.1+9659+c1901784.aarch64.rpm
podman-docker-2.2.1-7.0.1.module+el8.3.1+9659+c1901784.noarch.rpm
podman-plugins-2.2.1-7.0.1.module+el8.3.1+9659+c1901784.aarch64.rpm
podman-remote-2.2.1-7.0.1.module+el8.3.1+9659+c1901784.aarch64.rpm
podman-tests-2.2.1-7.0.1.module+el8.3.1+9659+c1901784.aarch64.rpm
python3-criu-3.15-1.module+el8.3.1+9659+c1901784.aarch64.rpm
python-podman-api-1.2.0-0.2.gitd0a45fe.module+el8.3.1+9659+c1901784.noarch.rpm
runc-1.0.0-70.rc92.module+el8.3.1+9659+c1901784.aarch64.rpm
skopeo-1.2.0-9.0.1.module+el8.3.1+9659+c1901784.aarch64.rpm
skopeo-tests-1.2.0-9.0.1.module+el8.3.1+9659+c1901784.aarch64.rpm
slirp4netns-1.1.8-1.module+el8.3.1+9659+c1901784.aarch64.rpm
udica-0.2.4-1.module+el8.3.1+9659+c1901784.noarch.rpm

SRPMS:
  http://oss.oracle.com/ol8/SRPMS-updates/buildah-1.16.7-4.0.1.module+el8.3.1+9659+c1901784.src.rpm
  http://oss.oracle.com/ol8/SRPMS-updates/cockpit-podman-27.1-3.module+el8.3.1+9659+c1901784.src.rpm
  http://oss.oracle.com/ol8/SRPMS-updates/conmon-2.0.22-3.module+el8.3.1+9659+c1901784.src.rpm
  http://oss.oracle.com/ol8/SRPMS-updates/containernetworking-plugins-0.9.0-1.module+el8.3.1+9659+c1901784.src.rpm
  http://oss.oracle.com/ol8/SRPMS-updates/container-selinux-2.155.0-1.module+el8.3.1+9659+c1901784.src.rpm
  http://oss.oracle.com/ol8/SRPMS-updates/criu-3.15-1.module+el8.3.1+9659+c1901784.src.rpm
  http://oss.oracle.com/ol8/SRPMS-updates/crun-0.16-2.module+el8.3.1+9659+c1901784.src.rpm
  http://oss.oracle.com/ol8/SRPMS-updates/fuse-overlayfs-1.3.0-2.module+el8.3.1+9659+c1901784.src.rpm
  http://oss.oracle.com/ol8/SRPMS-updates/libslirp-4.3.1-1.module+el8.3.1+9659+c1901784.src.rpm
  http://oss.oracle.com/ol8/SRPMS-updates/oci-seccomp-bpf-hook-1.2.0-1.module+el8.3.1+9659+c1901784.src.rpm
  http://oss.oracle.com/ol8/SRPMS-updates/podman-2.2.1-7.0.1.module+el8.3.1+9659+c1901784.src.rpm
  http://oss.oracle.com/ol8/SRPMS-updates/python-podman-api-1.2.0-0.2.gitd0a45fe.module+el8.3.1+9659+c1901784.src.rpm
  http://oss.oracle.com/ol8/SRPMS-updates/runc-1.0.0-70.rc92.module+el8.3.1+9659+c1901784.src.rpm
  http://oss.oracle.com/ol8/SRPMS-updates/skopeo-1.2.0-9.0.1.module+el8.3.1+9659+c1901784.src.rpm
  http://oss.oracle.com/ol8/SRPMS-updates/slirp4netns-1.1.8-1.module+el8.3.1+9659+c1901784.src.rpm
  http://oss.oracle.com/ol8/SRPMS-updates/udica-0.2.4-1.module+el8.3.1+9659+c1901784.src.rpm


Description of changes:

buildah
[1.16.7-4.0.1]
- Handling redirect from the docker registry [Orabug: 29874238] (Nikita
Gerasimov)

[1.16.7-4]
- update to the latest content of
  https://github.com/containers/buildah/tree/release-1.16
(  https://github.com/containers/buildah/commit/aaed66b)
- Related: #1888571

[1.16.7-3]
- revert back to buildah-1.16 for the quarterly release
- Related: #1888571

[1.19.0-2]
- bump version to refrect buildah upgrade
- Related: #1888571

[1.16.7-2]
- bump to release-1.19 branch
- Related: #1888571

[1.16.5-5]
- update to the latest content of
  https://github.com/containers/buildah/tree/release-1.16
(  https://github.com/containers/buildah/commit/56ed75b)
- Related: #1888571

[1.16.5-4]
- simplify spec file
- use short commit ID in tarball name
- Related: #1888571

[1.16.5-3]
- update to the latest content of
  https://github.com/containers/buildah/tree/release-1.16
(  https://github.com/containers/buildah/commit/9e02bf9)
- Related: #1888571

[1.16.5-2]
- use shortcommit ID in branch tarball name
- Related: #1888571

[1.16.5-1]
- synchronize with stream-container-tools-rhel8-rhel-8.4.0
- Related: #1888571

cockpit-podman
[27.1-3]
- run much more tests - patch from Matej Marusak
- Related: #1888571

[27.1-2]
- gating tests - always set VM password
- Related: #1888571

[27.1-1]
- update to
  https://github.com/cockpit-project/cockpit-podman/releases/tag/27.1
- Related: #1888571

[27-1]
- update to
  https://github.com/cockpit-project/cockpit-podman/releases/tag/27
- Related: #1888571

[26-1]
- update to
  https://github.com/cockpit-project/cockpit-podman/releases/tag/26
- Related: #1888571

[25-5]
- remove redundant patch
- Related: #1888571

[25-4]
- replace docker.io with quay.io for gating tests due do
docker.io new pull rate limit requirements
- Related: #1888571

[25-3]
- test: Cleanup images before pulling the ones we need - thanks to Matej
Marusak
- Related: #1888571

[25-2]
- remove hack in tests
- add LICENSE
- Related: #1888571

[25-1]
- synchronize with stream-container-tools-rhel8-rhel-8.4.0
- Related: #1888571

conmon
[2:2.0.22-3]
- exclude i686 as golang is not suppoerted there
- Related: #1888571

[2:2.0.22-2]
- add BR: golang, go-md2man
- add man pages
- Related: #1888571

[2:2.0.22-1]
- update to   https://github.com/containers/conmon/releases/tag/v2.0.22
- Related: #1888571

[2:2.0.21-3]
- simplify spec
- Related: #1888571

[2:2.0.21-2]
- be sure to harden the linked binary
- compile with debuginfo enabled
- Related: #1888571

[2:2.0.21-1]
- synchronize with stream-container-tools-rhel8-rhel-8.4.0
- Related: #1888571

containernetworking-plugins
[0.9.0-1]
- update to
  https://github.com/containernetworking/plugins/releases/tag/v0.9.0
- Related: #1888571

container-selinux
[2:2.155.0-1]
- update to
  https://github.com/containers/container-selinux/releases/tag/v2.155.0
- Related: #1888571

[2:2.154.0-1]
- update to
  https://github.com/containers/container-selinux/releases/tag/v2.154.0
- Related: #1888571

[2:2.153.0-1]
- update to
  https://github.com/containers/container-selinux/releases/tag/v2.153.0
- Related: #1888571

[2:2.152.0-1]
- update to
  https://github.com/containers/container-selinux/releases/tag/v2.152.0
- Related: #1888571

[2:2.151.0-1]
- update to
  https://github.com/containers/container-selinux/releases/tag/v2.151.0
- Related: #1888571

[2:2.150.0-1]
- update to
  https://github.com/containers/container-selinux/releases/tag/v2.150.0
- Related: #1888571

[2:2.145.0-1]
- synchronize with stream-container-tools-rhel8-rhel-8.4.0
- Resolves: #1873064

criu
[3.15-1]
- update to   https://github.com/checkpoint-restore/criu/releases/tag/v3.15
- Related: #1888571

[3.14-2]
- fix 'Need to fix bugs found by coverity.'
- Related: #1821193

[3.14-1]
- synchronize containter-tools 8.3.0 with 8.2.1
- Related: #1821193

crun
[0.16-2]
- exclude i686 because of build failures
- Related: #1888571

[0.16-1]
- update to   https://github.com/containers/crun/releases/tag/0.16
- Related: #1888571

[0.15.1-1]
- update to   https://github.com/containers/crun/releases/tag/0.15.1
- Related: #1888571

[0.15-2]
- backport 'exec: check read bytes from sync' (gscrivan@redhat.com)
(  https://github.com/containers/crun/issues/511)
- Related: #1888571

[0.15-1]
- synchronize with stream-container-tools-rhel8-rhel-8.4.0
- Related: #1888571

fuse-overlayfs
[1.3.0-2]
- disable openat2 syscall again - still unsupported in current RHEL8 kernel
- Resolves: #1921863

[1.3.0-1]
- update to   https://github.com/containers/fuse-overlayfs/releases/tag/v1.3.0
- Related: #1888571

[1.2.0-3]
- be sure to harden the linked binary
- Related: #1888571

[1.2.0-2]
- ensure fuse module is loaded
- Related: #1888571

[1.2.0-1]
- synchronize with stream-container-tools-rhel8-rhel-8.4.0
- Related: #1888571

libslirp
oci-seccomp-bpf-hook
[1.2.0-1]
- update to
  https://github.com/containers/oci-seccomp-bpf-hook/releases/tag/v1.2.0
- Related: #1888571

podman
[2.2.1-7.0.1]
- Handling redirect from the docker registry [Orabug: 29874238] (Nikita
Gerasimov)

[2.2.1-7]
- Resolves: #1925928 - Fix varlink GetVersion()
- Upstream PR:   https://github.com/containers/podman/pull/9274

[2.2.1-6]
- update to the latest content of
  https://github.com/containers/podman/tree/v2.2.1-rhel
(  https://github.com/containers/podman/commit/1741f15)
- Related: #1888571

[2.2.1-5]
- update to the latest content of
  https://github.com/containers/podman/tree/v2.2.1-rhel
(  https://github.com/containers/podman/commit/b5bc6a7)
- Related: #1877188

[2.2.1-4]
- add Requires: oci-runtime
- Related: #1888571

[2.2.1-3]
- update to the latest content of
  https://github.com/containers/podman/tree/v2.2.1-rhel
(  https://github.com/containers/podman/commit/14c35f6)
- Related: #1888571

[2.2.1-2]
- update to   https://github.com/containers/dnsname/releases/tag/v1.1.1

[2.2.1-1]
- update to the latest content of
  https://github.com/containers/podman/tree/v2.2.1-rhel
(  https://github.com/containers/podman/commit/a0d478e)
- Related: #1888571

[2.2.0-2]
- attempt to fix gatng tests
- Related: #1888571

[2.2.0-1]
- update to   https://github.com/containers/podman/releases/tag/v2.2.0
- Related: #1888571

[2.1.1-3]
- attempt to fix linker error with golang-1.15
- add Requires: httpd-tools to tests, needed to work around
missing htpasswd in docker registry image, thanks to Ed Santiago
- Related: #1888571

[2.1.1-2]
- update to the latest content of
  https://github.com/containers/podman/tree/v2.1.1-rhel
(  https://github.com/containers/podman/commit/450615a)
- Resolves: #1873204
- Resolves: #1884668

[2.1.1-1]
- update podman to 2.1.1-rhel
- Resolves: #1743687
- Resolves: #1811570
- Resolves: #1869322
- Resolves: #1678546
- Resolves: #1853455
- Resolves: #1874271

python-podman-api
[1.2.0-0.2.gitd0a45fe]
- revert update to 1.6.0 due to new python3-pbr dependency which
is not in RHEL
- Related: RHELPLAN-25139

[1.2.0-0.1.gitd0a45fe]
- Initial package

runc
[1.0.0-70.rc92]
- add Provides: oci-runtime = 1
- Related: #1888571

[1.0.0-69.rc92]
- still use ExcludeArch as go_arches macro is broken for 8.4
- Related: #1888571

skopeo
[1:1.2.0-9.0.1]
- Handling redirect from the docker registry [Orabug: 29874238] (Nikita
Gerasimov)
- Add oracle registry into the conf file [Orabug: 29845934 31306708]

[1:1.2.0-9]
- upload proper source tarball
- Related: #1888571

[1:1.2.0-8]
- revert back to version aimed at 8.3.1 - skopeo-1.2.0
- also downgrade versions of vendored libraries
- Related: #1888571

[1:1.2.1-1]
- update vendored component versions
- update to the latest content of
  https://github.com/containers/skopeo/tree/release-1.2
(  https://github.com/containers/skopeo/commit/2e90a8a)
- Related: #1888571

[1:1.2.0-6]
- always build with debuginfo
- use less verbose output when compiling
- Related: #1888571

[1:1.2.0-5]
- re-sync config files
- assure events_logger = 'file'
- Related: #1888571

[1:1.2.0-4]
- change default logging mechanism to use for container engine events
in containers.conf to be events_logger = 'file' - it should fix
RHEL gating tests for podman nonroot (thanks to Dan Walsh)
- Related: #1888571

[1:1.2.0-3]
- simplify spec file
- use short commit ID in tarball name
- Related: #1888571

[1:1.2.0-2]
- use shortcommit ID in branch tarball name
- Related: #1888571

[1:1.2.0-1]
- synchronize with stream-container-tools-rhel8-rhel-8.4.0
- Related: #1888571

slirp4netns
[1.1.8-1]
- update to
  https://github.com/rootless-containers/slirp4netns/releases/tag/v1.1.8
- Related: #1888571

[1.1.7-2]
- exclude i686 because of build failures
- Related: #1888571

[1.1.7-1]
- update to
  https://github.com/rootless-containers/slirp4netns/releases/tag/v1.1.7
- Related: #1888571

[1.1.6-2]
- - be sure to harden the linked binary
- Related: #1888571

[1.1.6-1]
- update to
  https://github.com/rootless-containers/slirp4netns/releases/tag/v1.1.6
- Related: #1888571

udica
[0.2.4-1]
- update to   https://github.com/containers/udica/releases/tag/v0.2.4
- Related: #1888571

[0.2.3-1]
- synchronize with stream-container-tools-rhel8-rhel-8.4.0
- Related: #1888571

[0.2.2-1]
-   https://github.com/containers/udica/releases/tag/v0.2.2
- Related: #1821193