Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package docker for openSUSE:Factory checked
in at 2021-11-22 23:03:43
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/docker (Old)
and /work/SRC/openSUSE:Factory/.docker.new.1895 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "docker"
Mon Nov 22 23:03:43 2021 rev:116 rq:932375 version:20.10.11_ce
Changes:
--------
--- /work/SRC/openSUSE:Factory/docker/docker.changes 2021-10-18
22:00:34.766023572 +0200
+++ /work/SRC/openSUSE:Factory/.docker.new.1895/docker.changes 2021-11-22
23:03:47.934009580 +0100
@@ -1,0 +2,14 @@
+Thu Nov 18 08:35:37 UTC 2021 - Aleksa Sarai <asa...@suse.com>
+
+- Update to Docker 20.10.11-ce. See upstream changelog in the packaged
+ /usr/share/doc/packages/docker/CHANGELOG.md. bsc#1192814 CVE-2021-41190
+- Rebase patches:
+ * 0001-SECRETS-daemon-allow-directory-creation-in-run-secre.patch
+ * 0002-SECRETS-SUSE-implement-SUSE-container-secrets.patch
+ * 0003-PRIVATE-REGISTRY-add-private-registry-mirror-support.patch
+ * 0004-bsc1073877-apparmor-clobber-docker-default-profile-o.patch
+ * 0005-bsc1183855-btrfs-Do-not-disable-quota-on-cleanup.patch
+- Remove upstreamed patches:
+ - 0006-bsc1190670-seccomp-add-support-for-clone3-syscall-in.patch
+
+-------------------------------------------------------------------
Old:
----
0006-bsc1190670-seccomp-add-support-for-clone3-syscall-in.patch
docker-20.10.9_ce_79ea9d308018.tar.xz
docker-cli-20.10.9_ce.tar.xz
New:
----
docker-20.10.11_ce_847da184ad50.tar.xz
docker-cli-20.10.11_ce.tar.xz
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ docker.spec ++++++
--- /var/tmp/diff_new_pack.5tjfSW/_old 2021-11-22 23:03:48.794006694 +0100
+++ /var/tmp/diff_new_pack.5tjfSW/_new 2021-11-22 23:03:48.794006694 +0100
@@ -42,8 +42,8 @@
# helpfully injects into our build environment from the changelog). If you want
# to generate a new git_commit_epoch, use this:
# $ date --date="$(git show --format=fuller --date=iso $COMMIT_ID | grep -oP
'(?<=^CommitDate: ).*')" '+%s'
-%define git_version 79ea9d308018
-%define git_commit_epoch 1632421578
+%define git_version 847da184ad50
+%define git_commit_epoch 1637194919
# We require a specific pin of libnetwork because it doesn't really do
# versioning and minor version mismatches in libnetwork can break Docker
@@ -56,10 +56,10 @@
%define proxy_builddir %{dist_builddir}/src/github.com/docker/libnetwork
Name: %{realname}%{name_suffix}
-Version: 20.10.9_ce
+Version: 20.10.11_ce
# This "nice version" is so that docker --version gives a result that can be
# parsed by other people. boo#1182476
-%define nice_version 20.10.9-ce
+%define nice_version 20.10.11-ce
Release: 0
Summary: The Moby-project Linux container runtime
License: Apache-2.0
@@ -94,8 +94,6 @@
Patch300: 0004-bsc1073877-apparmor-clobber-docker-default-profile-o.patch
# SUSE-BACKPORT: Backport of https://github.com/moby/moby/pull/42273.
bsc#1183855 bsc#1175081
Patch301: 0005-bsc1183855-btrfs-Do-not-disable-quota-on-cleanup.patch
-# SUSE-BACKPORT: Backport of https://github.com/moby/moby/pull/42836.
bsc#1190670
-Patch302: 0006-bsc1190670-seccomp-add-support-for-clone3-syscall-in.patch
BuildRequires: audit
BuildRequires: bash-completion
BuildRequires: ca-certificates
@@ -121,7 +119,7 @@
# Required to actually run containers. We require the minimum version that is
# pinned by Docker, but in order to avoid headaches we allow for updates.
Requires: runc >= 1.0.2
-Requires: containerd >= 1.4.11
+Requires: containerd >= 1.4.12
# Needed for --init support. We don't use "tini", we use our own implementation
# which handles edge-cases better.
Requires: catatonit
@@ -264,8 +262,6 @@
%patch300 -p1
# bsc#1183855 bsc#1175081
%patch301 -p1
-# bsc#1190670
-%patch302 -p1
# README_SUSE.md for documentation.
cp %{SOURCE103} .
++++++ 0001-SECRETS-daemon-allow-directory-creation-in-run-secre.patch ++++++
--- /var/tmp/diff_new_pack.5tjfSW/_old 2021-11-22 23:03:48.822006600 +0100
+++ /var/tmp/diff_new_pack.5tjfSW/_new 2021-11-22 23:03:48.822006600 +0100
@@ -1,7 +1,7 @@
-From 44214e643a578dfec9f5898f9225ccf3ccbec419 Mon Sep 17 00:00:00 2001
+From f6170a9d05df85cc61f3e5373eceed61ef3d741e Mon Sep 17 00:00:00 2001
From: Aleksa Sarai <asa...@suse.de>
Date: Wed, 8 Mar 2017 12:41:54 +1100
-Subject: [PATCH 1/6] SECRETS: daemon: allow directory creation in /run/secrets
+Subject: [PATCH 1/5] SECRETS: daemon: allow directory creation in /run/secrets
Since FileMode can have the directory bit set, allow a SecretStore
implementation to return secrets that are actually directories. This is
@@ -10,22 +10,25 @@
Signed-off-by: Antonio Murdaca <run...@redhat.com>
Signed-off-by: Aleksa Sarai <asa...@suse.de>
---
- daemon/container_operations_unix.go | 24 +++++++++++++++++++++---
- 1 file changed, 21 insertions(+), 3 deletions(-)
+ daemon/container_operations_unix.go | 25 ++++++++++++++++++++++---
+ 1 file changed, 22 insertions(+), 3 deletions(-)
diff --git a/daemon/container_operations_unix.go
b/daemon/container_operations_unix.go
-index 1647df0ce7ba..4ea2efed241f 100644
+index 6a50b99bd29e..583db20aa459 100644
--- a/daemon/container_operations_unix.go
+++ b/daemon/container_operations_unix.go
-@@ -3,6 +3,7 @@
+@@ -1,8 +1,10 @@
++//go:build linux || freebsd
+ // +build linux freebsd
+
package daemon // import "github.com/docker/docker/daemon"
import (
+ "bytes"
- "context"
"fmt"
"io/ioutil"
-@@ -14,6 +15,7 @@ import (
+ "os"
+@@ -12,6 +14,7 @@ import (
"github.com/docker/docker/container"
"github.com/docker/docker/daemon/links"
"github.com/docker/docker/errdefs"
@@ -33,7 +36,7 @@
"github.com/docker/docker/pkg/idtools"
"github.com/docker/docker/pkg/stringid"
"github.com/docker/docker/pkg/system"
-@@ -207,9 +209,6 @@ func (daemon *Daemon) setupSecretDir(c
*container.Container) (setupErr error) {
+@@ -205,9 +208,6 @@ func (daemon *Daemon) setupSecretDir(c
*container.Container) (setupErr error) {
if err != nil {
return errors.Wrap(err, "unable to get secret from
secret store")
}
@@ -43,7 +46,7 @@
uid, err := strconv.Atoi(s.File.UID)
if err != nil {
-@@ -220,6 +219,25 @@ func (daemon *Daemon) setupSecretDir(c
*container.Container) (setupErr error) {
+@@ -218,6 +218,25 @@ func (daemon *Daemon) setupSecretDir(c
*container.Container) (setupErr error) {
return err
}
@@ -70,5 +73,5 @@
return errors.Wrap(err, "error setting ownership for
secret")
}
--
-2.33.0
+2.33.1
++++++ 0002-SECRETS-SUSE-implement-SUSE-container-secrets.patch ++++++
--- /var/tmp/diff_new_pack.5tjfSW/_old 2021-11-22 23:03:48.834006560 +0100
+++ /var/tmp/diff_new_pack.5tjfSW/_new 2021-11-22 23:03:48.834006560 +0100
@@ -1,7 +1,7 @@
-From 7202e34c5cf8e5c0816bfc610689e2f9d246d131 Mon Sep 17 00:00:00 2001
+From a28715c97b87152c41538b137f8ad49003db1756 Mon Sep 17 00:00:00 2001
From: Aleksa Sarai <asa...@suse.de>
Date: Wed, 8 Mar 2017 11:43:29 +1100
-Subject: [PATCH 2/6] SECRETS: SUSE: implement SUSE container secrets
+Subject: [PATCH 2/5] SECRETS: SUSE: implement SUSE container secrets
This allows for us to pass in host credentials to a container, allowing
for SUSEConnect to work with containers.
@@ -451,5 +451,5 @@
+ return nil
+}
--
-2.33.0
+2.33.1
++++++ 0003-PRIVATE-REGISTRY-add-private-registry-mirror-support.patch ++++++
--- /var/tmp/diff_new_pack.5tjfSW/_old 2021-11-22 23:03:48.846006520 +0100
+++ /var/tmp/diff_new_pack.5tjfSW/_new 2021-11-22 23:03:48.846006520 +0100
@@ -1,7 +1,7 @@
-From 0bb32212d07d21b0704ef3b3197fad118ae87e7f Mon Sep 17 00:00:00 2001
+From 4914111dcaf1257a9dd3f9f7a089de17c7dc6752 Mon Sep 17 00:00:00 2001
From: Valentin Rothberg <vrothb...@suse.com>
Date: Mon, 2 Jul 2018 13:37:34 +0200
-Subject: [PATCH 3/6] PRIVATE-REGISTRY: add private-registry mirror support
+Subject: [PATCH 3/5] PRIVATE-REGISTRY: add private-registry mirror support
NOTE: This is a backport/downstream patch of the upstream pull-request
for Moby, which is still subject to changes. Please visit
@@ -1142,5 +1142,5 @@
endpoints = []APIEndpoint{
--
-2.33.0
+2.33.1
++++++ 0004-bsc1073877-apparmor-clobber-docker-default-profile-o.patch ++++++
--- /var/tmp/diff_new_pack.5tjfSW/_old 2021-11-22 23:03:48.866006452 +0100
+++ /var/tmp/diff_new_pack.5tjfSW/_new 2021-11-22 23:03:48.866006452 +0100
@@ -1,7 +1,7 @@
-From 41a72d2a2d835de1e806a5b316067ea933f665e2 Mon Sep 17 00:00:00 2001
+From 29779c3e010e387ef037e5ef9a33cf05a14c79ea Mon Sep 17 00:00:00 2001
From: Aleksa Sarai <asa...@suse.de>
Date: Fri, 29 Jun 2018 17:59:30 +1000
-Subject: [PATCH 4/6] bsc1073877: apparmor: clobber docker-default profile on
+Subject: [PATCH 4/5] bsc1073877: apparmor: clobber docker-default profile on
start
In the process of making docker-default reloading far less expensive,
@@ -85,5 +85,5 @@
}
--
-2.33.0
+2.33.1
++++++ 0005-bsc1183855-btrfs-Do-not-disable-quota-on-cleanup.patch ++++++
--- /var/tmp/diff_new_pack.5tjfSW/_old 2021-11-22 23:03:48.886006386 +0100
+++ /var/tmp/diff_new_pack.5tjfSW/_new 2021-11-22 23:03:48.890006373 +0100
@@ -1,7 +1,7 @@
-From db0df8889ebc1aad3613cf95803e4672dc8ce96a Mon Sep 17 00:00:00 2001
+From a6aa2a591d31f43e01ba29abdf73658b34fded49 Mon Sep 17 00:00:00 2001
From: Michal Rostecki <mroste...@opensuse.org>
Date: Thu, 8 Apr 2021 14:42:02 +0100
-Subject: [PATCH 5/6] bsc1183855: btrfs: Do not disable quota on cleanup
+Subject: [PATCH 5/5] bsc1183855: btrfs: Do not disable quota on cleanup
Before this change, cleanup of the btrfs driver (occuring on each daemon
shutdown) resulted in disabling quotas. It was done with an assumption
@@ -140,5 +140,5 @@
}
if err := subvolLimitQgroup(dir, size); err != nil {
--
-2.33.0
+2.33.1
++++++ _service ++++++
--- /var/tmp/diff_new_pack.5tjfSW/_old 2021-11-22 23:03:48.982006063 +0100
+++ /var/tmp/diff_new_pack.5tjfSW/_new 2021-11-22 23:03:48.982006063 +0100
@@ -3,16 +3,16 @@
<param name="url">https://github.com/moby/moby.git</param>
<param name="scm">git</param>
<param name="exclude">.git</param>
- <param name="versionformat">20.10.9_ce_%h</param>
- <param name="revision">v20.10.9</param>
+ <param name="versionformat">20.10.11_ce_%h</param>
+ <param name="revision">v20.10.11</param>
<param name="filename">docker</param>
</service>
<service name="tar_scm" mode="disabled">
<param name="url">https://github.com/docker/cli.git</param>
<param name="scm">git</param>
<param name="exclude">.git</param>
- <param name="versionformat">20.10.9_ce</param>
- <param name="revision">v20.10.9</param>
+ <param name="versionformat">20.10.11_ce</param>
+ <param name="revision">v20.10.11</param>
<param name="filename">docker-cli</param>
</service>
<service name="tar_scm" mode="disabled">
++++++ docker-20.10.9_ce_79ea9d308018.tar.xz ->
docker-20.10.11_ce_847da184ad50.tar.xz ++++++
/work/SRC/openSUSE:Factory/docker/docker-20.10.9_ce_79ea9d308018.tar.xz
/work/SRC/openSUSE:Factory/.docker.new.1895/docker-20.10.11_ce_847da184ad50.tar.xz
differ: char 15, line 1
++++++ docker-cli-20.10.9_ce.tar.xz -> docker-cli-20.10.11_ce.tar.xz ++++++
++++ 7969 lines of diff (skipped)
