File _patchinfo of Package patchinfo.12794

<patchinfo incident="12794">
  <issue tracker="bnc" id="1152752">Update libcontainers-common to latest version</issue>
  <issue tracker="bnc" id="1151028">bootstrap fails due to crio not starting in case /var/lib/containers is not btrfs</issue>
  <issue tracker="bnc" id="1139526">man containers-registries.conf not available</issue>
  <category>recommended</category>
  <rating>moderate</rating>
  <packager>sgrunert</packager>
  <description>This update for libcontainers-common fixes the following issues:

Update to image 1.4.4:

- Hard-code the kernel keyring use to be disabled for now

Update to libpod 1.5.1:

- The hostname of pods is now set to the pod's name
- Minor bugfixes

Update to storage 1.12.16:

- Ignore ro mount options in btrfs and windows drivers

- Check /var/lib/containers if possible before setting btrfs backend (bsc#1151028)

- Add a default registries.d configuration file, used to specify images 
  signatures storage location.

Update to image v3.0.0:

- Add "Env" to ImageInspectInfo
- Add API function TryUpdatingCache
- Add ability to install man pages
- Add user registry auth to kernel keyring
- Fix policy.json.md -&gt; containers-policy.json.5.md references
- Fix typo in docs/containers-registries.conf.5.md
- Remove pkg/sysregistries
- Touch up transport man page
- Try harder in storageImageDestination.TryReusingBlob
- Use the same HTTP client for contacting the bearer token server and the
registry
- ci: change GOCACHE to a writeable path
- config.go: improve debug message
- config.go: log where credentials come from
- docker client: error if registry is blocked
- docker: allow deleting OCI images
- docker: delete: support all MIME types
- ostree: default is no OStree support
- ostree: improve error message
- progress bar: use spinners for unknown blob sizes
- use 'containers_image_ostree' as build tag
- use keyring when authfile empty
- Update to storage v1.12.16
- Add cirrus vendor check
- Add storage options to IgnoreChownErrors
- Add support for UID as well as UserName in /etc/subuid files.
- Add support for ignoreChownErrors to vfs
- Add support for installing man pages
- Fix cross-compilation
- Keep track of the UIDs and GIDs used in applied layers
- Move lockfiles to their own package
- Remove merged directory when it is unmounted
- Switch to go modules
- Switch to golangci-lint
- Update generated files
- Use same variable name on both commands
- cirrus: ubuntu: try removing cryptsetup-initramfs
- compression: add support for the zstd algorithm
- getLockfile(): use the absolute path
- loadMounts(): reset counts before merging just-loaded data
- lockfile: don't bother releasing a lock when closing a file
- locking test updates
- locking: take read locks on read-only stores
- make local-cross more reliable for CI
- overlay: cache the results of supported/using-metacopy/use-naive-diff feature tests
- overlay: fix small piece of repeated work
- utils: fix check for missing conf file
- zstd: use github.com/klauspost/compress directly

Update to libpod v1.4.4:

- Fixed a bug where rootless Podman would attempt to use the
  entire root configuration if no rootless configuration was
  present for the user, breaking rootless Podman for new
  installations
- Fixed a bug where rootless Podman's pause process would block
  SIGTERM, preventing graceful system shutdown and hanging until
  the system's init send SIGKILL
- Fixed a bug where running Podman as root with sudo -E would not
  work after running rootless Podman at least once
- Fixed a bug where options for tmpfs volumes added with the
  --tmpfs flag were being ignored
- Fixed a bug where images with no layers could not properly be
  displayed and removed by Podman
- Fixed a bug where locks were not properly freed on failure to
  create a container or pod
- Podman now has greatly improved support for containers using
  multiple OCI runtimes. Containers now remember if they were
  created with a different runtime using --runtime and will
  always use that runtime
- The cached and delegated options for volume mounts are now
  allowed for Docker compatability (#3340)
- The podman diff command now supports the --latest flag
- Fixed a bug where podman cp on a single file would create a
  directory at the target and place the file in it (#3384)
- Fixed a bug where podman inspect --format '{{.Mounts}}' would
  print a hexadecimal address instead of a container's mounts
- Fixed a bug where rootless Podman would not add an entry to
  container's /etc/hosts files for their own hostname (#3405)
- Fixed a bug where podman ps --sync would segfault (#3411)
- Fixed a bug where podman generate kube would produce an invalid
  ports configuration (#3408)
- Podman now performs much better on systems with heavy I/O load
- The --cgroup-manager flag to podman now shows the correct
  default setting in help if the default was overridden by
  libpod.conf
- For backwards compatability, setting --log-driver=json-file in
  podman run is now supported as an alias for
  --log-driver=k8s-file. This is considered deprecated, and
  json-file will be moved to a new implementation in the future
  ([#3363](https://github.com/containers/libpod/issues/3363))
- Podman's default libpod.conf file now allows the crun OCI
  runtime to be used if it is installed
- Fixed a bug where Podman could not run containers using an
  older version of Systemd as init (#3295)
- Updated vendored Buildah to v1.9.0 to resolve a critical bug
  with Dockerfile RUN instructions
- The error message for running podman kill on containers that
  are not running has been improved
- The Podman remote client can now log to a file if syslog is not
  available
- The MacOS dmg file is experimental, use at your own risk.
- The podman exec command now sets its error code differently
  based on whether the container does not exist, and the command
  in the container does not exist
- The podman inspect command on containers now outputs Mounts
  JSON that matches that of docker inspect, only including
  user-specified volumes and differentiating bind mounts and
  named volumes
- The podman inspect command now reports the path to a
  container's OCI spec with the OCIConfigPath key (only included
  when the container is initialized or running)
- The podman run --mount command now supports the
  bind-nonrecursive option for bind mounts (#3314)
- Fixed a bug where podman play kube would fail to create
  containers due to an unspecified log driver
- Fixed a bug where Podman would fail to build with musl libc
  (#3284)
- Fixed a bug where rootless Podman using slirp4netns networking
  in an environment with no nameservers on the host other than
  localhost would result in nonfunctional networking (#3277)
- Fixed a bug where podman import would not properly set
  environment variables, discarding their values and retaining
  only keys
- Fixed a bug where Podman would fail to run when built with
  Apparmor support but run on systems without the Apparmor kernel
  module loaded (#3331)
- Remote Podman will now default the username it uses to log in
  to remote systems to the username of the current user
- Podman now uses JSON logging with OCI runtimes that support it,
  allowing for better error reporting

Updated vendored Buildah to v1.8.4

Updated vendored containers/image to v2.0

Update to image v2.0.0:

- Add registry mirror support
- Include missing man pages (bsc#1139526)

Update to storage v1.12.10:

- Add support for UID as well as UserName in /etc/subuid files.
- utils: fix check for missing conf file
- compression: add support for the zstd algorithm
- overlay: cache the results of
  supported/using-metacopy/use-naive-diff feature tests

Update to libpod v1.4.0
</description>
  <summary>Recommended update for libcontainers-common</summary>
</patchinfo>