Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package docker for openSUSE:Factory checked in at 2021-11-22 23:03:43 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/docker (Old) and /work/SRC/openSUSE:Factory/.docker.new.1895 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "docker" Mon Nov 22 23:03:43 2021 rev:116 rq:932375 version:20.10.11_ce Changes: -------- --- /work/SRC/openSUSE:Factory/docker/docker.changes 2021-10-18 22:00:34.766023572 +0200 +++ /work/SRC/openSUSE:Factory/.docker.new.1895/docker.changes 2021-11-22 23:03:47.934009580 +0100 @@ -1,0 +2,14 @@ +Thu Nov 18 08:35:37 UTC 2021 - Aleksa Sarai <asa...@suse.com> + +- Update to Docker 20.10.11-ce. See upstream changelog in the packaged + /usr/share/doc/packages/docker/CHANGELOG.md. bsc#1192814 CVE-2021-41190 +- Rebase patches: + * 0001-SECRETS-daemon-allow-directory-creation-in-run-secre.patch + * 0002-SECRETS-SUSE-implement-SUSE-container-secrets.patch + * 0003-PRIVATE-REGISTRY-add-private-registry-mirror-support.patch + * 0004-bsc1073877-apparmor-clobber-docker-default-profile-o.patch + * 0005-bsc1183855-btrfs-Do-not-disable-quota-on-cleanup.patch +- Remove upstreamed patches: + - 0006-bsc1190670-seccomp-add-support-for-clone3-syscall-in.patch + +------------------------------------------------------------------- Old: ---- 0006-bsc1190670-seccomp-add-support-for-clone3-syscall-in.patch docker-20.10.9_ce_79ea9d308018.tar.xz docker-cli-20.10.9_ce.tar.xz New: ---- docker-20.10.11_ce_847da184ad50.tar.xz docker-cli-20.10.11_ce.tar.xz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ docker.spec ++++++ --- /var/tmp/diff_new_pack.5tjfSW/_old 2021-11-22 23:03:48.794006694 +0100 +++ /var/tmp/diff_new_pack.5tjfSW/_new 2021-11-22 23:03:48.794006694 +0100 @@ -42,8 +42,8 @@ # helpfully injects into our build environment from the changelog). If you want # to generate a new git_commit_epoch, use this: # $ date --date="$(git show --format=fuller --date=iso $COMMIT_ID | grep -oP '(?<=^CommitDate: ).*')" '+%s' -%define git_version 79ea9d308018 -%define git_commit_epoch 1632421578 +%define git_version 847da184ad50 +%define git_commit_epoch 1637194919 # We require a specific pin of libnetwork because it doesn't really do # versioning and minor version mismatches in libnetwork can break Docker @@ -56,10 +56,10 @@ %define proxy_builddir %{dist_builddir}/src/github.com/docker/libnetwork Name: %{realname}%{name_suffix} -Version: 20.10.9_ce +Version: 20.10.11_ce # This "nice version" is so that docker --version gives a result that can be # parsed by other people. boo#1182476 -%define nice_version 20.10.9-ce +%define nice_version 20.10.11-ce Release: 0 Summary: The Moby-project Linux container runtime License: Apache-2.0 @@ -94,8 +94,6 @@ Patch300: 0004-bsc1073877-apparmor-clobber-docker-default-profile-o.patch # SUSE-BACKPORT: Backport of https://github.com/moby/moby/pull/42273. bsc#1183855 bsc#1175081 Patch301: 0005-bsc1183855-btrfs-Do-not-disable-quota-on-cleanup.patch -# SUSE-BACKPORT: Backport of https://github.com/moby/moby/pull/42836. bsc#1190670 -Patch302: 0006-bsc1190670-seccomp-add-support-for-clone3-syscall-in.patch BuildRequires: audit BuildRequires: bash-completion BuildRequires: ca-certificates @@ -121,7 +119,7 @@ # Required to actually run containers. We require the minimum version that is # pinned by Docker, but in order to avoid headaches we allow for updates. Requires: runc >= 1.0.2 -Requires: containerd >= 1.4.11 +Requires: containerd >= 1.4.12 # Needed for --init support. We don't use "tini", we use our own implementation # which handles edge-cases better. Requires: catatonit @@ -264,8 +262,6 @@ %patch300 -p1 # bsc#1183855 bsc#1175081 %patch301 -p1 -# bsc#1190670 -%patch302 -p1 # README_SUSE.md for documentation. cp %{SOURCE103} . ++++++ 0001-SECRETS-daemon-allow-directory-creation-in-run-secre.patch ++++++ --- /var/tmp/diff_new_pack.5tjfSW/_old 2021-11-22 23:03:48.822006600 +0100 +++ /var/tmp/diff_new_pack.5tjfSW/_new 2021-11-22 23:03:48.822006600 +0100 @@ -1,7 +1,7 @@ -From 44214e643a578dfec9f5898f9225ccf3ccbec419 Mon Sep 17 00:00:00 2001 +From f6170a9d05df85cc61f3e5373eceed61ef3d741e Mon Sep 17 00:00:00 2001 From: Aleksa Sarai <asa...@suse.de> Date: Wed, 8 Mar 2017 12:41:54 +1100 -Subject: [PATCH 1/6] SECRETS: daemon: allow directory creation in /run/secrets +Subject: [PATCH 1/5] SECRETS: daemon: allow directory creation in /run/secrets Since FileMode can have the directory bit set, allow a SecretStore implementation to return secrets that are actually directories. This is @@ -10,22 +10,25 @@ Signed-off-by: Antonio Murdaca <run...@redhat.com> Signed-off-by: Aleksa Sarai <asa...@suse.de> --- - daemon/container_operations_unix.go | 24 +++++++++++++++++++++--- - 1 file changed, 21 insertions(+), 3 deletions(-) + daemon/container_operations_unix.go | 25 ++++++++++++++++++++++--- + 1 file changed, 22 insertions(+), 3 deletions(-) diff --git a/daemon/container_operations_unix.go b/daemon/container_operations_unix.go -index 1647df0ce7ba..4ea2efed241f 100644 +index 6a50b99bd29e..583db20aa459 100644 --- a/daemon/container_operations_unix.go +++ b/daemon/container_operations_unix.go -@@ -3,6 +3,7 @@ +@@ -1,8 +1,10 @@ ++//go:build linux || freebsd + // +build linux freebsd + package daemon // import "github.com/docker/docker/daemon" import ( + "bytes" - "context" "fmt" "io/ioutil" -@@ -14,6 +15,7 @@ import ( + "os" +@@ -12,6 +14,7 @@ import ( "github.com/docker/docker/container" "github.com/docker/docker/daemon/links" "github.com/docker/docker/errdefs" @@ -33,7 +36,7 @@ "github.com/docker/docker/pkg/idtools" "github.com/docker/docker/pkg/stringid" "github.com/docker/docker/pkg/system" -@@ -207,9 +209,6 @@ func (daemon *Daemon) setupSecretDir(c *container.Container) (setupErr error) { +@@ -205,9 +208,6 @@ func (daemon *Daemon) setupSecretDir(c *container.Container) (setupErr error) { if err != nil { return errors.Wrap(err, "unable to get secret from secret store") } @@ -43,7 +46,7 @@ uid, err := strconv.Atoi(s.File.UID) if err != nil { -@@ -220,6 +219,25 @@ func (daemon *Daemon) setupSecretDir(c *container.Container) (setupErr error) { +@@ -218,6 +218,25 @@ func (daemon *Daemon) setupSecretDir(c *container.Container) (setupErr error) { return err } @@ -70,5 +73,5 @@ return errors.Wrap(err, "error setting ownership for secret") } -- -2.33.0 +2.33.1 ++++++ 0002-SECRETS-SUSE-implement-SUSE-container-secrets.patch ++++++ --- /var/tmp/diff_new_pack.5tjfSW/_old 2021-11-22 23:03:48.834006560 +0100 +++ /var/tmp/diff_new_pack.5tjfSW/_new 2021-11-22 23:03:48.834006560 +0100 @@ -1,7 +1,7 @@ -From 7202e34c5cf8e5c0816bfc610689e2f9d246d131 Mon Sep 17 00:00:00 2001 +From a28715c97b87152c41538b137f8ad49003db1756 Mon Sep 17 00:00:00 2001 From: Aleksa Sarai <asa...@suse.de> Date: Wed, 8 Mar 2017 11:43:29 +1100 -Subject: [PATCH 2/6] SECRETS: SUSE: implement SUSE container secrets +Subject: [PATCH 2/5] SECRETS: SUSE: implement SUSE container secrets This allows for us to pass in host credentials to a container, allowing for SUSEConnect to work with containers. @@ -451,5 +451,5 @@ + return nil +} -- -2.33.0 +2.33.1 ++++++ 0003-PRIVATE-REGISTRY-add-private-registry-mirror-support.patch ++++++ --- /var/tmp/diff_new_pack.5tjfSW/_old 2021-11-22 23:03:48.846006520 +0100 +++ /var/tmp/diff_new_pack.5tjfSW/_new 2021-11-22 23:03:48.846006520 +0100 @@ -1,7 +1,7 @@ -From 0bb32212d07d21b0704ef3b3197fad118ae87e7f Mon Sep 17 00:00:00 2001 +From 4914111dcaf1257a9dd3f9f7a089de17c7dc6752 Mon Sep 17 00:00:00 2001 From: Valentin Rothberg <vrothb...@suse.com> Date: Mon, 2 Jul 2018 13:37:34 +0200 -Subject: [PATCH 3/6] PRIVATE-REGISTRY: add private-registry mirror support +Subject: [PATCH 3/5] PRIVATE-REGISTRY: add private-registry mirror support NOTE: This is a backport/downstream patch of the upstream pull-request for Moby, which is still subject to changes. Please visit @@ -1142,5 +1142,5 @@ endpoints = []APIEndpoint{ -- -2.33.0 +2.33.1 ++++++ 0004-bsc1073877-apparmor-clobber-docker-default-profile-o.patch ++++++ --- /var/tmp/diff_new_pack.5tjfSW/_old 2021-11-22 23:03:48.866006452 +0100 +++ /var/tmp/diff_new_pack.5tjfSW/_new 2021-11-22 23:03:48.866006452 +0100 @@ -1,7 +1,7 @@ -From 41a72d2a2d835de1e806a5b316067ea933f665e2 Mon Sep 17 00:00:00 2001 +From 29779c3e010e387ef037e5ef9a33cf05a14c79ea Mon Sep 17 00:00:00 2001 From: Aleksa Sarai <asa...@suse.de> Date: Fri, 29 Jun 2018 17:59:30 +1000 -Subject: [PATCH 4/6] bsc1073877: apparmor: clobber docker-default profile on +Subject: [PATCH 4/5] bsc1073877: apparmor: clobber docker-default profile on start In the process of making docker-default reloading far less expensive, @@ -85,5 +85,5 @@ } -- -2.33.0 +2.33.1 ++++++ 0005-bsc1183855-btrfs-Do-not-disable-quota-on-cleanup.patch ++++++ --- /var/tmp/diff_new_pack.5tjfSW/_old 2021-11-22 23:03:48.886006386 +0100 +++ /var/tmp/diff_new_pack.5tjfSW/_new 2021-11-22 23:03:48.890006373 +0100 @@ -1,7 +1,7 @@ -From db0df8889ebc1aad3613cf95803e4672dc8ce96a Mon Sep 17 00:00:00 2001 +From a6aa2a591d31f43e01ba29abdf73658b34fded49 Mon Sep 17 00:00:00 2001 From: Michal Rostecki <mroste...@opensuse.org> Date: Thu, 8 Apr 2021 14:42:02 +0100 -Subject: [PATCH 5/6] bsc1183855: btrfs: Do not disable quota on cleanup +Subject: [PATCH 5/5] bsc1183855: btrfs: Do not disable quota on cleanup Before this change, cleanup of the btrfs driver (occuring on each daemon shutdown) resulted in disabling quotas. It was done with an assumption @@ -140,5 +140,5 @@ } if err := subvolLimitQgroup(dir, size); err != nil { -- -2.33.0 +2.33.1 ++++++ _service ++++++ --- /var/tmp/diff_new_pack.5tjfSW/_old 2021-11-22 23:03:48.982006063 +0100 +++ /var/tmp/diff_new_pack.5tjfSW/_new 2021-11-22 23:03:48.982006063 +0100 @@ -3,16 +3,16 @@ <param name="url">https://github.com/moby/moby.git</param> <param name="scm">git</param> <param name="exclude">.git</param> - <param name="versionformat">20.10.9_ce_%h</param> - <param name="revision">v20.10.9</param> + <param name="versionformat">20.10.11_ce_%h</param> + <param name="revision">v20.10.11</param> <param name="filename">docker</param> </service> <service name="tar_scm" mode="disabled"> <param name="url">https://github.com/docker/cli.git</param> <param name="scm">git</param> <param name="exclude">.git</param> - <param name="versionformat">20.10.9_ce</param> - <param name="revision">v20.10.9</param> + <param name="versionformat">20.10.11_ce</param> + <param name="revision">v20.10.11</param> <param name="filename">docker-cli</param> </service> <service name="tar_scm" mode="disabled"> ++++++ docker-20.10.9_ce_79ea9d308018.tar.xz -> docker-20.10.11_ce_847da184ad50.tar.xz ++++++ /work/SRC/openSUSE:Factory/docker/docker-20.10.9_ce_79ea9d308018.tar.xz /work/SRC/openSUSE:Factory/.docker.new.1895/docker-20.10.11_ce_847da184ad50.tar.xz differ: char 15, line 1 ++++++ docker-cli-20.10.9_ce.tar.xz -> docker-cli-20.10.11_ce.tar.xz ++++++ ++++ 7969 lines of diff (skipped)