- Remove git-core recommends on SLE. Most SLE systems have
installRecommends=yes by default and thus end up installing git with Docker.
bsc#1250508
This feature is mostly intended for developers ("docker build git://") so
most users already have the dependency installed, and the error when git is
missing is fairly straightforward (so they can easily figure out what they
need to install).
- Include historical changelog data from before the docker-stable fork. The
initial changelog entry did technically provide all the necessary
information, but our CVE tracking tools do not understand how the package is
forked and so it seems that this package does not include fixes for ~12 years
of updates. So, include a copy of the original package's changelog up until
the fork point. bsc#1250596
- Backport <https://github.com/moby/moby/pull/48517>. bsc#1247362
+ 0015-bsc1247362-release-container-layer-on-export.patch
- Update to docker-buildx v0.25.0. Upstream changelog:
<https://github.com/docker/buildx/releases/tag/v0.25.0>
- Update to Go 1.23 for building now that upstream has switched their 23.0.x
LTSS to use Go 1.23.
- Do not try to inject SUSEConnect secrets when in Rootless Docker mode, as
Docker does not have permission to access the host zypper credentials in this
mode (and unprivileged users cannot disable the feature using
/etc/docker/suse-secrets-enable.) bsc#1240150
* 0003-SECRETS-SUSE-implement-SUSE-container-secrets.patch
Signed-off-by: Aleksa Sarai <cyphar@cyphar.com>
of whether the daemon was built with SUSEConnect support. Not doing this
causes containers from SUSEConnect-enabled daemons to fail to start when
running with SUSEConnect-disabled (i.e. upstream) daemons.
This was a long-standing issue with our secrets support but until recently
this would've required migrating from SLE packages to openSUSE packages
(which wasn't supported). However, as SLE Micro 6.x and SLES 16 will move
away from in-built SUSEConnect support, this is now a practical issue users
will run into. bsc#1244035
+ 0001-SECRETS-SUSE-always-clear-our-internal-secrets.patch
- Rearrange patches:
- 0001-SECRETS-daemon-allow-directory-creation-in-run-secre.patch
+ 0002-SECRETS-daemon-allow-directory-creation-in-run-secre.patch
- 0002-SECRETS-SUSE-implement-SUSE-container-secrets.patch
+ 0003-SECRETS-SUSE-implement-SUSE-container-secrets.patch
- 0003-BUILD-SLE12-revert-graphdriver-btrfs-use-kernel-UAPI.patch
+ 0004-BUILD-SLE12-revert-graphdriver-btrfs-use-kernel-UAPI.patch
- 0004-bsc1073877-apparmor-clobber-docker-default-profile-o.patch
+ 0005-bsc1073877-apparmor-clobber-docker-default-profile-o.patch
- 0005-SLE12-revert-apparmor-remove-version-conditionals-fr.patch
+ 0006-SLE12-revert-apparmor-remove-version-conditionals-fr.patch
- 0006-CVE-2024-2365x-update-buildkit-to-include-CVE-patche.patch
+ 0007-CVE-2024-2365x-update-buildkit-to-include-CVE-patche.patch
- 0007-bsc1221916-update-to-patched-buildkit-version-to-fix.patch
+ 0008-bsc1221916-update-to-patched-buildkit-version-to-fix.patch
- 0008-bsc1214855-volume-use-AtomicWriteFile-to-save-volume.patch
+ 0009-bsc1214855-volume-use-AtomicWriteFile-to-save-volume.patch
- 0009-CVE-2024-41110-AuthZ-plugin-securty-fixes.patch
+ 0010-CVE-2024-41110-AuthZ-plugin-securty-fixes.patch
- 0010-CVE-2024-29018-libnet-Don-t-forward-to-upstream-reso.patch
+ 0011-CVE-2024-29018-libnet-Don-t-forward-to-upstream-reso.patch
- 0011-CVE-2025-22868-vendor-jws-split-token-into-fixed-num.patch
+ 0012-CVE-2025-22868-vendor-jws-split-token-into-fixed-num.patch
- 0012-CVE-2025-22869-vendor-ssh-limit-the-size-of-the-inte.patch
+ 0013-CVE-2025-22869-vendor-ssh-limit-the-size-of-the-inte.patch
- 0013-TESTS-backport-fixes-for-integration-tests.patch
+ 0014-TESTS-backport-fixes-for-integration-tests.patch
OBS-URL: https://build.opensuse.org/package/show/Virtualization:containers/docker-stable?expand=0&rev=25
