SUSE-SU-2020:0712-1

Source
https://www.suse.com/support/update/announcement/2020/suse-su-20200712-1/
Import Source
https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2020:0712-1.json
JSON Data
https://api.osv.dev/v1/vulns/SUSE-SU-2020:0712-1
Related
Published
2020-03-18T09:26:58Z
Modified
2020-03-18T09:26:58Z
Summary
Security update for skopeo
Details

This update for skopeo fixes the following issues:

Update to skopeo v0.1.41 (bsc#1165715):

  • Bump github.com/containers/image/v5 from 5.2.0 to 5.2.1
  • Bump gopkg.in/yaml.v2 from 2.2.7 to 2.2.8
  • Bump github.com/containers/common from 0.0.7 to 0.1.4
  • Remove the reference to openshift/api
  • vendor github.com/containers/image/v5@v5.2.0
  • Manually update buildah to v1.13.1
  • add specific authfile options to copy (and sync) command.
  • Bump github.com/containers/buildah from 1.11.6 to 1.12.0
  • Add context to --encryption-key / --decryption-key processing failures
  • Bump github.com/containers/storage from 1.15.2 to 1.15.3
  • Bump github.com/containers/buildah from 1.11.5 to 1.11.6
  • remove direct reference on c/image/storage
  • Makefile: set GOBIN
  • Bump gopkg.in/yaml.v2 from 2.2.2 to 2.2.7
  • Bump github.com/containers/storage from 1.15.1 to 1.15.2
  • Introduce the sync command
  • openshift cluster: remove .docker directory on teardown
  • Bump github.com/containers/storage from 1.14.0 to 1.15.1
  • document installation via apk on alpine
  • Fix typos in doc for image encryption
  • Image encryption/decryption support in skopeo
  • make vendor-in-container
  • Bump github.com/containers/buildah from 1.11.4 to 1.11.5
  • Travis: use go v1.13
  • Use a Windows Nano Server image instead of Server Core for multi-arch testing
  • Increase test timeout to 15 minutes
  • Run the test-system container without --net=host
  • Mount /run/systemd/journal/socket into test-system containers
  • Don't unnecessarily filter out vendor from (go list ./...) output
  • Use -mod=vendor in (go {list,test,vet})
  • Bump github.com/containers/buildah from 1.8.4 to 1.11.4
  • Bump github.com/urfave/cli from 1.20.0 to 1.22.1
  • skopeo: drop support for ostree
  • Don't critically fail on a 403 when listing tags
  • Revert 'Temporarily work around auth.json location confusion'
  • Remove references to atomic
  • Remove references to storage.conf
  • Dockerfile: use golang-github-cpuguy83-go-md2man
  • bump version to v0.1.41-dev
  • systemtest: inspect container image different from current platform arch

Changes in v0.1.40:

  • vendor containers/image v5.0.0
  • copy: add a --all/-a flag
  • System tests: various fixes
  • Temporarily work around auth.json location confusion
  • systemtest: copy: docker->storage->oci-archive
  • systemtest/010-inspect.bats: require only PATH
  • systemtest: add simple env test in inspect.bats
  • bash completion: add comments to keep scattered options in sync
  • bash completion: use read -r instead of disabling SC2207
  • bash completion: support --opt arg completion
  • bash-completion: use replacement instead of sed
  • bash completion: disable shellcheck SC2207
  • bash completion: double-quote to avoid re-splitting
  • bash completions: use bash replacement instead of sed
  • bash completion: remove unused variable
  • bash-completions: split decl and assignment to avoid masking retvals
  • bash completion: double-quote fixes
  • bash completion: hard-set PROG=skopeo
  • bash completion: remove unused variable
  • bash completion: use || instead of -o
  • bash completion: rm eval on assigned variable
  • copy: add --dest-compress-format and --dest-compress-level
  • flag: add optionalIntValue
  • Makefile: use go proxy
  • inspect --raw: skip the NewImage() step
  • update OCI image-spec to 775207bd45b6cb8153ce218cc59351799217451f
  • inspect.go: inspect env variables
  • ostree: use both image and & storage buildtags

Update to skopeo v0.1.39 (bsc#1159530):

  • inspect: add a --config flag
  • Add --no-creds flag to skopeo inspect
  • Add --quiet option to skopeo copy
  • New progress bars
  • Parallel Pulls and Pushes for major speed improvements
  • containers/image moved to a new progress-bar library to fix various issues related to overlapping bars and redundant entries.
  • enforce blocking of registries
  • Allow storage-multiple-manifests
  • When copying images and the output is not a tty (e.g., when piping to a file) print single lines instead of using progress bars. This avoids long and hard to parse output
  • man pages: add --dest-oci-accept-uncompressed-layers
  • completions:
    • Introduce transports completions
    • Fix bash completions when a option requires a argument
    • Use only spaces in indent
      • Fix completions with a global option
    • add --dest-oci-accept-uncompressed-layers
References

Affected packages

SUSE:Linux Enterprise Module for Server Applications 15 SP1 / skopeo

Package

Name
skopeo
Purl
purl:rpm/suse/skopeo&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Server%20Applications%2015%20SP1

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.1.41-4.11.1

Ecosystem specific

{
    "binaries": [
        {
            "skopeo": "0.1.41-4.11.1"
        }
    ]
}