Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package docker for openSUSE:Factory checked in at 2022-05-01 18:53:27 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/docker (Old) and /work/SRC/openSUSE:Factory/.docker.new.1538 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "docker" Sun May 1 18:53:27 2022 rev:120 rq:973798 version:20.10.14_ce Changes: -------- --- /work/SRC/openSUSE:Factory/docker/docker.changes 2022-04-16 00:13:14.997569042 +0200 +++ /work/SRC/openSUSE:Factory/.docker.new.1538/docker.changes 2022-05-01 18:53:34.267161987 +0200 @@ -1,0 +2,13 @@ +Fri Apr 29 02:51:43 UTC 2022 - Aleksa Sarai <asa...@suse.com> + +- Add patch to update golang.org/x/crypto for CVE-2021-43565 and CVE-2022-27191. + bsc#1193930 bsc#1197284 + * 0006-bsc1193930-vendor-update-golang.org-x-crypto.patch +- Rebase patches: + * 0001-SECRETS-daemon-allow-directory-creation-in-run-secre.patch + * 0002-SECRETS-SUSE-implement-SUSE-container-secrets.patch + * 0003-PRIVATE-REGISTRY-add-private-registry-mirror-support.patch + * 0004-bsc1073877-apparmor-clobber-docker-default-profile-o.patch + * 0005-bsc1183855-btrfs-Do-not-disable-quota-on-cleanup.patch + +------------------------------------------------------------------- New: ---- 0006-bsc1193930-vendor-update-golang.org-x-crypto.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ docker.spec ++++++ --- /var/tmp/diff_new_pack.JoqhhH/_old 2022-05-01 18:53:34.947162617 +0200 +++ /var/tmp/diff_new_pack.JoqhhH/_new 2022-05-01 18:53:34.951162621 +0200 @@ -94,6 +94,9 @@ Patch300: 0004-bsc1073877-apparmor-clobber-docker-default-profile-o.patch # SUSE-BACKPORT: Backport of https://github.com/moby/moby/pull/42273. bsc#1183855 bsc#1175081 Patch301: 0005-bsc1183855-btrfs-Do-not-disable-quota-on-cleanup.patch +# SUSE-BACKPORT: Backport of several golang.org/x/crypto updates. +# bsc#1193930 CVE-2021-43565 bsc#1197284 CVE-2022-27191 +Patch302: 0006-bsc1193930-vendor-update-golang.org-x-crypto.patch BuildRequires: audit BuildRequires: bash-completion BuildRequires: ca-certificates @@ -262,6 +265,8 @@ %patch300 -p1 # bsc#1183855 bsc#1175081 %patch301 -p1 +# bsc#1193930 CVE-2021-43565 bsc#1197284 CVE-2022-27191 +%patch302 -p1 # README_SUSE.md for documentation. cp %{SOURCE103} . ++++++ 0001-SECRETS-daemon-allow-directory-creation-in-run-secre.patch ++++++ --- /var/tmp/diff_new_pack.JoqhhH/_old 2022-05-01 18:53:34.971162640 +0200 +++ /var/tmp/diff_new_pack.JoqhhH/_new 2022-05-01 18:53:34.971162640 +0200 @@ -1,7 +1,7 @@ -From f6170a9d05df85cc61f3e5373eceed61ef3d741e Mon Sep 17 00:00:00 2001 +From 63d19d6ef58457e8aba6346157c9601e38f60929 Mon Sep 17 00:00:00 2001 From: Aleksa Sarai <asa...@suse.de> Date: Wed, 8 Mar 2017 12:41:54 +1100 -Subject: [PATCH 1/5] SECRETS: daemon: allow directory creation in /run/secrets +Subject: [PATCH 1/6] SECRETS: daemon: allow directory creation in /run/secrets Since FileMode can have the directory bit set, allow a SecretStore implementation to return secrets that are actually directories. This is @@ -73,6 +73,6 @@ return errors.Wrap(err, "error setting ownership for secret") } -- -2.33.1 +2.35.1 ++++++ 0002-SECRETS-SUSE-implement-SUSE-container-secrets.patch ++++++ --- /var/tmp/diff_new_pack.JoqhhH/_old 2022-05-01 18:53:34.983162651 +0200 +++ /var/tmp/diff_new_pack.JoqhhH/_new 2022-05-01 18:53:34.987162655 +0200 @@ -1,7 +1,7 @@ -From a28715c97b87152c41538b137f8ad49003db1756 Mon Sep 17 00:00:00 2001 +From a472a5da8d0aeb21b4cb6fbd2dc348a753c0a883 Mon Sep 17 00:00:00 2001 From: Aleksa Sarai <asa...@suse.de> Date: Wed, 8 Mar 2017 11:43:29 +1100 -Subject: [PATCH 2/5] SECRETS: SUSE: implement SUSE container secrets +Subject: [PATCH 2/6] SECRETS: SUSE: implement SUSE container secrets This allows for us to pass in host credentials to a container, allowing for SUSEConnect to work with containers. @@ -451,6 +451,6 @@ + return nil +} -- -2.33.1 +2.35.1 ++++++ 0003-PRIVATE-REGISTRY-add-private-registry-mirror-support.patch ++++++ --- /var/tmp/diff_new_pack.JoqhhH/_old 2022-05-01 18:53:34.995162662 +0200 +++ /var/tmp/diff_new_pack.JoqhhH/_new 2022-05-01 18:53:34.999162666 +0200 @@ -1,7 +1,7 @@ -From 4914111dcaf1257a9dd3f9f7a089de17c7dc6752 Mon Sep 17 00:00:00 2001 +From 098dd769a226407da7a695ae44cf2e41a5d13a4a Mon Sep 17 00:00:00 2001 From: Valentin Rothberg <vrothb...@suse.com> Date: Mon, 2 Jul 2018 13:37:34 +0200 -Subject: [PATCH 3/5] PRIVATE-REGISTRY: add private-registry mirror support +Subject: [PATCH 3/6] PRIVATE-REGISTRY: add private-registry mirror support NOTE: This is a backport/downstream patch of the upstream pull-request for Moby, which is still subject to changes. Please visit @@ -444,10 +444,10 @@ return err } diff --git a/distribution/pull_v2.go b/distribution/pull_v2.go -index 023ee2e71efd..e14cdd16b410 100644 +index 123abf6b497a..097ead45d0fd 100644 --- a/distribution/pull_v2.go +++ b/distribution/pull_v2.go -@@ -431,7 +431,7 @@ func (p *v2Puller) pullV2Tag(ctx context.Context, ref reference.Named, platform +@@ -432,7 +432,7 @@ func (p *v2Puller) pullV2Tag(ctx context.Context, ref reference.Named, platform // the other side speaks the v2 protocol. p.confirmedV2 = true @@ -1142,6 +1142,6 @@ endpoints = []APIEndpoint{ -- -2.33.1 +2.35.1 ++++++ 0004-bsc1073877-apparmor-clobber-docker-default-profile-o.patch ++++++ --- /var/tmp/diff_new_pack.JoqhhH/_old 2022-05-01 18:53:35.007162673 +0200 +++ /var/tmp/diff_new_pack.JoqhhH/_new 2022-05-01 18:53:35.011162677 +0200 @@ -1,7 +1,7 @@ -From 29779c3e010e387ef037e5ef9a33cf05a14c79ea Mon Sep 17 00:00:00 2001 +From 5e84bae968f7beadd92452795cfe2ce4f8995cef Mon Sep 17 00:00:00 2001 From: Aleksa Sarai <asa...@suse.de> Date: Fri, 29 Jun 2018 17:59:30 +1000 -Subject: [PATCH 4/5] bsc1073877: apparmor: clobber docker-default profile on +Subject: [PATCH 4/6] bsc1073877: apparmor: clobber docker-default profile on start In the process of making docker-default reloading far less expensive, @@ -85,6 +85,6 @@ } -- -2.33.1 +2.35.1 ++++++ 0005-bsc1183855-btrfs-Do-not-disable-quota-on-cleanup.patch ++++++ --- /var/tmp/diff_new_pack.JoqhhH/_old 2022-05-01 18:53:35.035162700 +0200 +++ /var/tmp/diff_new_pack.JoqhhH/_new 2022-05-01 18:53:35.039162703 +0200 @@ -1,7 +1,7 @@ -From a6aa2a591d31f43e01ba29abdf73658b34fded49 Mon Sep 17 00:00:00 2001 +From 98822d2010c709e64d5e86d7ec8e054861080a53 Mon Sep 17 00:00:00 2001 From: Michal Rostecki <mroste...@opensuse.org> Date: Thu, 8 Apr 2021 14:42:02 +0100 -Subject: [PATCH 5/5] bsc1183855: btrfs: Do not disable quota on cleanup +Subject: [PATCH 5/6] bsc1183855: btrfs: Do not disable quota on cleanup Before this change, cleanup of the btrfs driver (occuring on each daemon shutdown) resulted in disabling quotas. It was done with an assumption @@ -140,6 +140,6 @@ } if err := subvolLimitQgroup(dir, size); err != nil { -- -2.33.1 +2.35.1 ++++++ 0006-bsc1193930-vendor-update-golang.org-x-crypto.patch ++++++ ++++ 41073 lines (skipped)
