Security update for skopeo

Announcement ID:	SUSE-SU-2024:1497-1
Rating:	important
References:	bsc#1215611 bsc#1219563
Affected Products:	Basesystem Module 15-SP5 openSUSE Leap 15.3 openSUSE Leap 15.5 SUSE Enterprise Storage 7.1 SUSE Linux Enterprise Desktop 15 SP4 LTSS 15-SP4 SUSE Linux Enterprise Desktop 15 SP5 SUSE Linux Enterprise High Performance Computing 15 SP3 SUSE Linux Enterprise High Performance Computing 15 SP4 SUSE Linux Enterprise High Performance Computing 15 SP5 SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 SUSE Linux Enterprise Micro 5.5 SUSE Linux Enterprise Real Time 15 SP5 SUSE Linux Enterprise Server 15 SP3 SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 SUSE Linux Enterprise Server 15 SP4 SUSE Linux Enterprise Server 15 SP4 LTSS 15-SP4 SUSE Linux Enterprise Server 15 SP5 SUSE Linux Enterprise Server for SAP Applications 15 SP3 SUSE Linux Enterprise Server for SAP Applications 15 SP4 SUSE Linux Enterprise Server for SAP Applications 15 SP5 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.3

An update that has two security fixes can now be installed.

Description:

This update for skopeo fixes the following issues:

• Update to version 1.14.2:
• [release-1.14] Bump Skopeo to v1.14.2

• [release-1.14] Bump c/image to v5.29.2, c/common to v0.57.3 (fixes bsc#1219563)

• Update to version 1.14.1:

• Bump to v1.14.1
• fix(deps): update module github.com/containers/common to v0.57.2
• fix(deps): update module github.com/containers/image/v5 to v5.29.1
• chore(deps): update dependency containers/automation_images to v20240102
• Fix libsubid detection
• fix(deps): update module golang.org/x/term to v0.16.0
• fix(deps): update golang.org/x/exp digest to 02704c9
• chore(deps): update dependency containers/automation_images to v20231208
• [skip-ci] Update actions/stale action to v9
• fix(deps): update module github.com/containers/common to v0.57.1
• fix(deps): update golang.org/x/exp digest to 6522937
• DOCS: add Gentoo in install.md
• DOCS: Update to add Arch Linux in install.md
• fix(deps): update module golang.org/x/term to v0.15.0

• Bump to v1.14.1-dev

• Update to version 1.14.0:

• Bump to v1.14.0
• fix(deps): update module github.com/containers/common to v0.57.0
• chore(deps): update dependency containers/automation_images to v20231116
• fix(deps): update module github.com/containers/image/v5 to v5.29.0
• Add documentation and smoke tests for the new --compat-auth-file options
• Update c/image and c/common to latest
• fix(deps): update module github.com/containers/storage to v1.51.0
• fix(deps): update module golang.org/x/term to v0.14.0
• fix(deps): update module github.com/spf13/cobra to v1.8.0
• [CI:DOCS] Update dependency golangci/golangci-lint to v1.55.2
• [CI:DOCS] Update dependency golangci/golangci-lint to v1.55.1
• fix(deps): update github.com/containers/common digest to 3e5caa0
• chore(deps): update module google.golang.org/grpc to v1.57.1 [security]
• fix(deps): update module github.com/containers/ocicrypt to v1.1.9
• Update github.com/klauspost/compress to v1.17.2
• chore(deps): update module github.com/docker/docker to v24.0.7+incompatible [security]
• Fix ENTRYPOINT documentation, drop others.
• Remove unused environment variables in Cirrus
• [CI:DOCS] Update dependency golangci/golangci-lint to v1.55.0
• chore(deps): update dependency containers/automation_images to v20231004
• chore(deps): update module golang.org/x/net to v0.17.0 [security]
• copy: Note support for zstd:chunked
• fix(deps): update module golang.org/x/term to v0.13.0
• fix(deps): update module github.com/docker/distribution to v2.8.3+incompatible
• fix(deps): update github.com/containers/common digest to 745eaa4
• Packit: switch to @containers/packit-build team for copr failure notification comments
• Packit: tag @lsm5 on copr build failures
• vendor of containers/common
• fix(deps): update module github.com/opencontainers/image-spec to v1.1.0-rc5
• fix(deps): update module github.com/containers/common to v0.56.0
• Cirrus: Remove multi-arch skopeo image builds
• fix(deps): update module github.com/containers/image/v5 to v5.28.0
• Increase the golangci-lint timeout
• fix(deps): update module github.com/containers/storage to v1.50.2
• fix(deps): update module github.com/containers/storage to v1.50.1
• fix(deps): update golang.org/x/exp digest to 9212866
• Fix a man page link
• fix(deps): update github.com/containers/image/v5 digest to 58d5eb6
• GHA: Closed issue/PR comment-lock test
• fix(deps): update module github.com/containers/common to v0.55.4
• fix(deps): update module github.com/containers/storage to v1.49.0
• rpm: spdx compatible license field
• chore(deps): update dependency golangci/golangci-lint to v1.54.2
• chore(deps): update dependency containers/automation_images to v20230816
• Packit: set eln target correctly
• packit: Build PRs into default packit COPRs
• DOCS: Update Go version requirement info
• DOCS: Add information about the cross-build
• fix(deps): update module github.com/containers/ocicrypt to v1.1.8
• fix(deps): update module github.com/containers/common to v0.55.3
• Update c/image after https://github.com/containers/image/pull/2070
• chore(deps): update dependency golangci/golangci-lint to v1.54.1
• chore(deps): update dependency containers/automation_images to v20230809
• fix(deps): update golang.org/x/exp digest to 352e893
• chore(deps): update dependency containers/automation_images to v20230807
• Update to Go 1.19
• fix(deps): update module golang.org/x/term to v0.11.0
• Update c/image for golang.org/x/exp
• RPM: define gobuild macro for rhel/centos stream
• Fix handling the unexpected return value combination from IsRunningImageAllowed
• Close the PolicyContext, as required by the API
• Use globalOptions.getPolicyContext instead of an image-targeted SystemContext
• Packit: remove pre-sync action
• fix(deps): update module github.com/containers/common to v0.55.2
• proxy: Change the imgid to uint64
• [CI:BUILD] Packit: install golist before updating downstream spec
• Update module golang.org/x/term to v0.10.0
• Bump to v1.14.0-dev

• Bump to v1.13.0

• Bump go version to 1.21 (bsc#1215611)

• Update to version 1.13.2:

• [release-1.13] Bump to v1.13.2
• [release-1.31] Bump c/common v0.55.3
• Packit: remove pre-sync action

• [release-1.13] Bump to v1.13.2-dev

• Update to version 1.13.1:

• [release-1.13] Bump to v1.13.1
• [release-1.13] Bump c/common to v0.55.2
• [release-1.13 backport] [CI:BUILD] Packit: install golist before updating downstream spec

• [release-1.13] Bump to v1.13.1-dev

• Update to version 1.13.0:

• Bump to v1.13.0
• proxy: Policy verification of OCI Image before pulling
• Update module github.com/opencontainers/image-spec to v1.1.0-rc4
• Update module github.com/containers/common to v0.55.1
• Update module github.com/containers/common to v0.54.0
• Update module github.com/containers/image/v5 to v5.26.0
• [CI:BUILD] RPM: fix ELN builds
• Update module github.com/containers/storage to v1.47.0
• Packit: easier to read distro conditionals
• Update dependency golangci/golangci-lint to v1.53.3
• Help Renovate manage the golangci-lint version
• Minor: Cleanup renovate configuration
• Update dependency containers/automation_images to v20230614
• Update module golang.org/x/term to v0.9.0
• [CI:BUILD] Packit: add jobs for downstream Fedora package builds
• Update module github.com/sirupsen/logrus to v1.9.3
• Update dependency containers/automation_images to v20230601
• Update golang.org/x/exp digest to 2e198f4
• Update github.com/containers/image/v5 digest to e14c1c5
• Update module github.com/stretchr/testify to v1.8.4
• Update module github.com/stretchr/testify to v1.8.3
• Update dependency containers/automation_images to v20230517
• Update module github.com/sirupsen/logrus to v1.9.2
• Update module github.com/docker/distribution to v2.8.2+incompatible
• Trigger an update of the ostree_ext container image
• Update c/image with https://github.com/containers/image/pull/1944
• Update module github.com/containers/common to v0.53.0
• Update module golang.org/x/term to v0.8.0
• Update dependency containers/automation_images to v20230426
• Update golang.org/x/exp digest to 47ecfdc
• Emphasize the semantics of --preserve-digests a tiny bit
• Improve the static build documentation a tiny bit
• Bump to v1.12.1-dev

Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

• openSUSE Leap 15.3
  zypper in -t patch SUSE-2024-1497=1
• openSUSE Leap 15.5
  zypper in -t patch openSUSE-SLE-15.5-2024-1497=1
• SUSE Linux Enterprise Micro 5.5
  zypper in -t patch SUSE-SLE-Micro-5.5-2024-1497=1
• Basesystem Module 15-SP5
  zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2024-1497=1
• SUSE Linux Enterprise High Performance Computing LTSS 15 SP3
  zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2024-1497=1
• SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4
  zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-ESPOS-2024-1497=1
• SUSE Linux Enterprise High Performance Computing LTSS 15 SP4
  zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-LTSS-2024-1497=1
• SUSE Linux Enterprise Desktop 15 SP4 LTSS 15-SP4
  zypper in -t patch SUSE-SLE-Product-SLED-15-SP4-LTSS-2024-1497=1
• SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3
  zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2024-1497=1
• SUSE Linux Enterprise Server 15 SP4 LTSS 15-SP4
  zypper in -t patch SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-1497=1
• SUSE Linux Enterprise Server for SAP Applications 15 SP3
  zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2024-1497=1
• SUSE Linux Enterprise Server for SAP Applications 15 SP4
  zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP4-2024-1497=1
• SUSE Manager Proxy 4.3
  zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.3-2024-1497=1
• SUSE Manager Retail Branch Server 4.3
  zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.3-2024-1497=1
• SUSE Manager Server 4.3
  zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.3-2024-1497=1
• SUSE Enterprise Storage 7.1
  zypper in -t patch SUSE-Storage-7.1-2024-1497=1

Package List:

• openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64 i586)
  • skopeo-debuginfo-1.14.2-150300.11.8.1
  • skopeo-1.14.2-150300.11.8.1
• openSUSE Leap 15.3 (noarch)
  • skopeo-zsh-completion-1.14.2-150300.11.8.1
  • skopeo-bash-completion-1.14.2-150300.11.8.1
  • skopeo-fish-completion-1.14.2-150300.11.8.1
• openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64)
  • skopeo-debuginfo-1.14.2-150300.11.8.1
  • skopeo-1.14.2-150300.11.8.1
• SUSE Linux Enterprise Micro 5.5 (aarch64 s390x x86_64)
  • skopeo-debuginfo-1.14.2-150300.11.8.1
  • skopeo-1.14.2-150300.11.8.1
• Basesystem Module 15-SP5 (aarch64 ppc64le s390x x86_64)
  • skopeo-debuginfo-1.14.2-150300.11.8.1
  • skopeo-1.14.2-150300.11.8.1
• SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64 x86_64)
  • skopeo-debuginfo-1.14.2-150300.11.8.1
  • skopeo-1.14.2-150300.11.8.1
• SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (aarch64 x86_64)
  • skopeo-debuginfo-1.14.2-150300.11.8.1
  • skopeo-1.14.2-150300.11.8.1
• SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (aarch64 x86_64)
  • skopeo-debuginfo-1.14.2-150300.11.8.1
  • skopeo-1.14.2-150300.11.8.1
• SUSE Linux Enterprise Desktop 15 SP4 LTSS 15-SP4 (x86_64)
  • skopeo-debuginfo-1.14.2-150300.11.8.1
  • skopeo-1.14.2-150300.11.8.1
• SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 ppc64le s390x x86_64)
  • skopeo-debuginfo-1.14.2-150300.11.8.1
  • skopeo-1.14.2-150300.11.8.1
• SUSE Linux Enterprise Server 15 SP4 LTSS 15-SP4 (aarch64 ppc64le s390x x86_64)
  • skopeo-debuginfo-1.14.2-150300.11.8.1
  • skopeo-1.14.2-150300.11.8.1
• SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64)
  • skopeo-debuginfo-1.14.2-150300.11.8.1
  • skopeo-1.14.2-150300.11.8.1
• SUSE Linux Enterprise Server for SAP Applications 15 SP4 (ppc64le x86_64)
  • skopeo-debuginfo-1.14.2-150300.11.8.1
  • skopeo-1.14.2-150300.11.8.1
• SUSE Manager Proxy 4.3 (x86_64)
  • skopeo-debuginfo-1.14.2-150300.11.8.1
  • skopeo-1.14.2-150300.11.8.1
• SUSE Manager Retail Branch Server 4.3 (x86_64)
  • skopeo-debuginfo-1.14.2-150300.11.8.1
  • skopeo-1.14.2-150300.11.8.1
• SUSE Manager Server 4.3 (ppc64le s390x x86_64)
  • skopeo-debuginfo-1.14.2-150300.11.8.1
  • skopeo-1.14.2-150300.11.8.1
• SUSE Enterprise Storage 7.1 (aarch64 x86_64)
  • skopeo-debuginfo-1.14.2-150300.11.8.1
  • skopeo-1.14.2-150300.11.8.1

References:

• https://bugzilla.suse.com/show_bug.cgi?id=1215611
• https://bugzilla.suse.com/show_bug.cgi?id=1219563