Skip to content

umoci 0.4.7

Latest
Latest
Compare
Choose a tag to compare
@cyphar cyphar released this 06 Apr 11:06
v0.4.7
This tag was signed with the committer’s verified signature. The key has been revoked.
cyphar Aleksa Sarai
GPG key ID: 9D94B96321B9D012
Revoked
Learn about vigilant mode.
17f3851
This commit was signed with the committer’s verified signature. The key has been revoked.
cyphar Aleksa Sarai
GPG key ID: 9D94B96321B9D012
Revoked
Learn about vigilant mode.

NOTE This release has a minor bug -- umoci --version will tell you that the version is "unknown". This was fixed in #369.

A security flaw was found in umoci, and has been fixed in this release.
If umoci was used to unpack a malicious image (using either
umoci unpack or umoci raw unpack) that contained a symlink entry for /.,
umoci would apply subsequent layers to the target of the symlink
(resolved on the host filesystem). This means that if you ran umoci as
root, a malicious image could overwrite any file on the system (assuming
you didn't have any other access control restrictions). Thanks to Robin
Peraglie from Cure53 for discovering this bug. CVE-2021-29136

Other changes in this release:

  • umoci now compiles on FreeBSD and appears to work, with the notable
    limitation that it currently refuses to extract non-Linux images on any
    platform (this will be fixed in a future release -- see #364). #357
  • Initial fuzzer implementations for oss-fuzz. #365
  • umoci will now read all trailing data from image layers, to combat the
    existence of some image generators that appear to append NUL bytes to the end
    of the gzip stream (which would previously cause checksum failures because we
    didn't read nor checksum the trailing junk bytes). However, umoci will still
    not read past the descriptor length. #360
  • umoci now ignores all overlayfs xattrs during unpack and repack operations,
    to avoid causing issues when packing a raw overlayfs directory. #354
  • Changes to the (still-internal) APIs to allow for users to use umoci more
    effectively as a library.
    • The garbage collection API now supports custom GC policies. #338
    • The mutate API now returns information about what layers were added by the
      operation. #344
    • The mutate API now supports custom compression, and has in-tree support for
      zstd. #348 #350
    • Support overlayfs-style whiteouts during unpack and repack. #342

Thanks to all of the people who made this release possible:

LGTMs: @cyphar
Signed-off-by: Aleksa Sarai [email protected]

Assets 7