pool/docker-stable
SHA256
17
0
Fork 0
Code Issues Pull Requests Activity

Commit Graph

  • f381bd54c2 Accepting request 1334906 from Virtualization:containers factory Ana Guerrero 2026-02-25 20:07:41 +00:00
  • de25607ec0 Fixes CVE-2025-30204, bsc##1240513. Fixes CVE-2025-58181 bsc#1253904 + Fix changelog entry for patch 0016 Danish Prakash 2026-02-25 06:07:17 +00:00
  • bf59a84620 Backport the missing patch and sync to Factory slfo-main vlefebvre 2026-02-24 17:50:41 +01:00
  • c7cac77479 Fix package for Immutable Mode (jsc#PED-14749) Danish Prakash 2026-02-23 11:08:59 +00:00
  • 6de0656a64 Fix CVE-2025-58181 bsc#1253904 vlefebvre 2026-02-20 13:18:22 +01:00
  • e077bad719 remove strings.Split and add parseToken function rcmadhankumar 2026-02-11 16:00:16 +05:30
  • ed8e0eaf6c Accepting request 1320421 from home:cyphar:docker Aleksa Sarai 2025-11-28 08:20:10 +00:00
  • 8dbb895eae Accepting request 1320217 from home:cyphar:docker Aleksa Sarai 2025-11-27 00:26:13 +00:00
  • 34b11f942e daemon.json: add --selinux-enabled to default config slfo-1.2 Aleksa Sarai 2025-10-29 18:35:13 +11:00
  • e0b0681b9d Accepting request 1314275 from Virtualization:containers Ana Guerrero 2025-10-29 20:07:17 +00:00
  • 03b7613216 Accepting request 1314274 from home:cyphar:docker Aleksa Sarai 2025-10-29 07:18:57 +00:00
  • 03ac02867b docker-stable: sync with Factory Aleksa Sarai 2025-10-22 15:46:05 +11:00
  • a3def3fc43 Accepting request 1307635 from Virtualization:containers Ana Guerrero 2025-09-30 15:40:32 +00:00
  • a1310abd7c Accepting request 1307633 from home:cyphar:docker Aleksa Sarai 2025-09-29 05:43:47 +00:00
  • 02f40a6788 Accepting request 1297601 from Virtualization:containers Dominique Leuenberger 2025-08-05 12:21:50 +00:00
  • 4c62c4b874 Accepting request 1297600 from home:cyphar:docker Aleksa Sarai 2025-08-05 05:31:04 +00:00
  • 377fed82a0 Accepting request 1293988 from Virtualization:containers Ana Guerrero 2025-07-17 15:18:56 +00:00
  • f11f13f29c Accepting request 1293987 from home:cyphar:docker Aleksa Sarai 2025-07-17 04:31:09 +00:00
  • c7b00de45a Accepting request 1284722 from Virtualization:containers Ana Guerrero 2025-07-01 09:34:07 +00:00
  • bcf41a6f53 Accepting request 1284721 from home:cyphar:docker Aleksa Sarai 2025-06-11 08:30:48 +00:00
  • c8e3fae22b Accepting request 1283417 from Virtualization:containers Ana Guerrero 2025-06-06 20:41:49 +00:00
  • 84b61e3078 Accepting request 1283415 from home:cyphar:docker Aleksa Sarai 2025-06-05 16:35:01 +00:00
  • 8461728396 Accepting request 1282505 from Virtualization:containers Dominique Leuenberger 2025-06-04 18:28:15 +00:00
  • 2599f63bd4 Accepting request 1282505 from Virtualization:containers Dominique Leuenberger 2025-06-04 18:28:15 +00:00
  • bb577e6225 - Always clear SUSEConnect suse_* secrets when starting containers regardless of whether the daemon was built with SUSEConnect support. Not doing this causes containers from SUSEConnect-enabled daemons to fail to start when running with SUSEConnect-disabled (i.e. upstream) daemons. This was a long-standing issue with our secrets support but until recently this would've required migrating from SLE packages to openSUSE packages (which wasn't supported). However, as SLE Micro 6.x and SLES 16 will move away from in-built SUSEConnect support, this is now a practical issue users will run into. bsc#1244035 + 0001-SECRETS-SUSE-always-clear-our-internal-secrets.patch - Rearrange patches: - 0001-SECRETS-daemon-allow-directory-creation-in-run-secre.patch + 0002-SECRETS-daemon-allow-directory-creation-in-run-secre.patch - 0002-SECRETS-SUSE-implement-SUSE-container-secrets.patch + 0003-SECRETS-SUSE-implement-SUSE-container-secrets.patch - 0003-BUILD-SLE12-revert-graphdriver-btrfs-use-kernel-UAPI.patch + 0004-BUILD-SLE12-revert-graphdriver-btrfs-use-kernel-UAPI.patch - 0004-bsc1073877-apparmor-clobber-docker-default-profile-o.patch + 0005-bsc1073877-apparmor-clobber-docker-default-profile-o.patch - 0005-SLE12-revert-apparmor-remove-version-conditionals-fr.patch + 0006-SLE12-revert-apparmor-remove-version-conditionals-fr.patch - 0006-CVE-2024-2365x-update-buildkit-to-include-CVE-patche.patch + 0007-CVE-2024-2365x-update-buildkit-to-include-CVE-patche.patch - 0007-bsc1221916-update-to-patched-buildkit-version-to-fix.patch + 0008-bsc1221916-update-to-patched-buildkit-version-to-fix.patch - 0008-bsc1214855-volume-use-AtomicWriteFile-to-save-volume.patch + 0009-bsc1214855-volume-use-AtomicWriteFile-to-save-volume.patch - 0009-CVE-2024-41110-AuthZ-plugin-securty-fixes.patch + 0010-CVE-2024-41110-AuthZ-plugin-securty-fixes.patch - 0010-CVE-2024-29018-libnet-Don-t-forward-to-upstream-reso.patch + 0011-CVE-2024-29018-libnet-Don-t-forward-to-upstream-reso.patch - 0011-CVE-2025-22868-vendor-jws-split-token-into-fixed-num.patch + 0012-CVE-2025-22868-vendor-jws-split-token-into-fixed-num.patch - 0012-CVE-2025-22869-vendor-ssh-limit-the-size-of-the-inte.patch + 0013-CVE-2025-22869-vendor-ssh-limit-the-size-of-the-inte.patch - 0013-TESTS-backport-fixes-for-integration-tests.patch + 0014-TESTS-backport-fixes-for-integration-tests.patch Aleksa Sarai 2025-06-04 06:14:16 +00:00
  • 390bf601fc Accepting request 1282503 from home:cyphar:docker Aleksa Sarai 2025-06-04 06:14:16 +00:00
  • bdfa56d393 Accepting request 1268265 from Virtualization:containers Ana Guerrero 2025-04-10 19:59:20 +00:00
  • 1b9577f500 Accepting request 1268265 from Virtualization:containers Ana Guerrero 2025-04-10 19:59:20 +00:00
  • 47dc4f48fa - Update to docker-buildx v0.22.0. Upstream changelog: <https://github.com/docker/buildx/releases/tag/v0.22.0> * Includes fixes for CVE-2025-0495. bsc#1239765 - Disable transparent SUSEConnect support for SLE-16. PED-12534 When this patchset was first added in 2013 (and rewritten over the years), there was no upstream way to easily provide SLE customers with a way to build container images based on SLE using the host subscription. However, with docker-buildx you can now define secrets for builds (this is not entirely transparent, but we can easily document this new requirement for SLE-16). Users should use RUN --mount=type=secret,id=SCCcredentials zypper -n ... in their Dockerfiles, and docker buildx build --secret id=SCCcredentials,src=/etc/zypp/credentials.d/SCCcredentials,type=file . when doing their builds. - Now that the only blocker for docker-buildx support was removed for SLE-16, enable docker-buildx for SLE-16 as well. PED-8905 Aleksa Sarai 2025-04-10 03:37:04 +00:00
  • 1f8344d0f9 Accepting request 1268263 from home:cyphar:docker Aleksa Sarai 2025-04-10 03:37:04 +00:00
  • 3b21671934 Accepting request 1256097 from home:cyphar:docker Aleksa Sarai 2025-03-26 02:43:22 +00:00
  • 0d9bc8b632 Accepting request 1256097 from home:cyphar:docker Aleksa Sarai 2025-03-26 02:43:22 +00:00
  • 87bc6e5edc Accepting request 1255774 from Virtualization:containers Ana Guerrero 2025-03-25 21:11:17 +00:00
  • 8a54fdc6c2 Accepting request 1255774 from Virtualization:containers Ana Guerrero 2025-03-25 21:11:17 +00:00
  • 9e69e34cc5 - Add backport for golang.org/x/oauth2 CVE-2025-22868 fix. bsc#1239185 + 0011-CVE-2025-22868-vendor-jws-split-token-into-fixed-num.patch - Add backport for golang.org/x/crypto CVE-2025-22869 fix. bsc#1239322 + 0012-CVE-2025-22869-vendor-ssh-limit-the-size-of-the-inte.patch - Refresh patches: * 0001-SECRETS-daemon-allow-directory-creation-in-run-secre.patch * 0002-SECRETS-SUSE-implement-SUSE-container-secrets.patch * 0003-BUILD-SLE12-revert-graphdriver-btrfs-use-kernel-UAPI.patch * 0004-bsc1073877-apparmor-clobber-docker-default-profile-o.patch * 0005-SLE12-revert-apparmor-remove-version-conditionals-fr.patch * 0006-CVE-2024-2365x-update-buildkit-to-include-CVE-patche.patch * 0007-bsc1221916-update-to-patched-buildkit-version-to-fix.patch * 0008-bsc1214855-volume-use-AtomicWriteFile-to-save-volume.patch * 0009-CVE-2024-41110-AuthZ-plugin-securty-fixes.patch * 0010-CVE-2024-29018-libnet-Don-t-forward-to-upstream-reso.patch - Move test-related patch to the end of the patch stack: - 0011-TESTS-backport-fixes-for-integration-tests.patch + 0013-TESTS-backport-fixes-for-integration-tests.patch Aleksa Sarai 2025-03-25 04:02:47 +00:00
  • 509ddf3ea0 Accepting request 1255773 from home:cyphar:docker Aleksa Sarai 2025-03-25 04:02:47 +00:00
  • 9c336ff601 Accepting request 1237207 from Virtualization:containers Ana Guerrero 2025-01-13 16:50:43 +00:00
  • 6b71823f13 Accepting request 1237207 from Virtualization:containers Ana Guerrero 2025-01-13 16:50:43 +00:00
  • 1d00d6bb91 Fix changelog. Aleksa Sarai 2025-01-13 01:29:23 +00:00
  • e566dff820 Accepting request 1237206 from home:cyphar:docker Aleksa Sarai 2025-01-13 01:29:23 +00:00
  • 2a6e8f4c54 Accepting request 1231782 from Virtualization:containers Ana Guerrero 2024-12-18 19:09:45 +00:00
  • 0e8748a993 Accepting request 1231782 from Virtualization:containers Ana Guerrero 2024-12-18 19:09:45 +00:00
  • c393080e52 - Add backport for CVE-2024-29018 fix. bsc#1234089 + 0010-CVE-2024-29018-libnet-Don-t-forward-to-upstream-reso.patch - Add backport for CVE-2024-23650 fix. bsc#1219437 - 0006-CVE-2024-23653-update-buildkit-to-include-CVE-patche.patch + 0006-CVE-2024-2365x-update-buildkit-to-include-CVE-patche.patch - Reorder and rebase patches: * 0001-SECRETS-daemon-allow-directory-creation-in-run-secre.patch * 0002-SECRETS-SUSE-implement-SUSE-container-secrets.patch * 0003-BUILD-SLE12-revert-graphdriver-btrfs-use-kernel-UAPI.patch * 0004-bsc1073877-apparmor-clobber-docker-default-profile-o.patch * 0005-SLE12-revert-apparmor-remove-version-conditionals-fr.patch * 0007-bsc1221916-update-to-patched-buildkit-version-to-fix.patch * 0008-bsc1214855-volume-use-AtomicWriteFile-to-save-volume.patch * 0009-CVE-2024-41110-AuthZ-plugin-securty-fixes.patch - 0010-TESTS-backport-fixes-for-integration-tests.patch + 0011-TESTS-backport-fixes-for-integration-tests.patch Aleksa Sarai 2024-12-18 06:26:49 +00:00
  • e34a7a6675 Accepting request 1231778 from home:cyphar:docker Aleksa Sarai 2024-12-18 06:26:49 +00:00
  • c27b8c2d8f Accepting request 1231697 from Virtualization:containers Ana Guerrero 2024-12-17 18:25:20 +00:00
  • 643f13f9e8 Accepting request 1231697 from Virtualization:containers Ana Guerrero 2024-12-17 18:25:20 +00:00
  • 0380cf68a8 Accepting request 1231695 from home:cyphar:docker Aleksa Sarai 2024-12-17 13:26:31 +00:00
  • 2a126e7386 Accepting request 1231695 from home:cyphar:docker Aleksa Sarai 2024-12-17 13:26:31 +00:00
  • 0b754a6ceb Accepting request 1230150 from Virtualization:containers Ana Guerrero 2024-12-12 20:17:51 +00:00
  • d7ffb34ada Accepting request 1230150 from Virtualization:containers Ana Guerrero 2024-12-12 20:17:51 +00:00
  • ff3bcb3eda Remove DOCKER_SUSE_SECRETS_ENABLE changelog entry. Aleksa Sarai 2024-12-11 15:36:10 +00:00
  • 839b3feb5f Accepting request 1230149 from home:cyphar:docker Aleksa Sarai 2024-12-11 15:36:10 +00:00
  • f61acbec84 - Update docker-buildx to v0.19.2. See upstream changelog online at <https://github.com/docker/buildx/releases/tag/v0.19.2>. Some notable changelogs from the last update: * <https://github.com/docker/buildx/releases/tag/v0.19.0> * <https://github.com/docker/buildx/releases/tag/v0.18.0> - Update to Go 1.22. Aleksa Sarai 2024-12-11 10:51:10 +00:00
  • 1ed3b74234 Accepting request 1230067 from home:cyphar:docker Aleksa Sarai 2024-12-11 10:51:10 +00:00
  • 6baeb55273 Accepting request 1228306 from Virtualization:containers Ana Guerrero 2024-12-05 16:08:47 +00:00
  • 4fd3b176a3 Accepting request 1228306 from Virtualization:containers Ana Guerrero 2024-12-05 16:08:47 +00:00
  • 1a4287f660 - Disable docker-buildx builds for SLES. It turns out that build containers with docker-buildx don't currently get the SUSE secrets mounts applied, meaning that container-suseconnect doesn't work when building images. bsc#1233819 Aleksa Sarai 2024-11-27 12:52:23 +00:00
  • 2ff752171e Accepting request 1226898 from home:cyphar:docker:no-buildx Aleksa Sarai 2024-11-27 12:52:23 +00:00
  • 1d2100e493 Accepting request 1224329 from Virtualization:containers Ana Guerrero 2024-11-15 14:43:32 +00:00
  • 6ff4a6c834 Accepting request 1224329 from Virtualization:containers Ana Guerrero 2024-11-15 14:43:32 +00:00
  • 310b0df6c4 Re-add comment removed by auto-format. Aleksa Sarai 2024-11-15 00:49:44 +00:00
  • abc8f6ed35 Accepting request 1224328 from home:cyphar:docker Aleksa Sarai 2024-11-15 00:49:44 +00:00
  • a8cee429ef - Remove DOCKER_NETWORK_OPTS from docker.service. This was removed from sysconfig a long time ago, and apparently this causes issues with systemd in some cases. - Update --add-runtime to point to correct binary path. Aleksa Sarai 2024-11-15 00:13:41 +00:00
  • 2eee18668a Accepting request 1224191 from home:cyphar:docker Aleksa Sarai 2024-11-15 00:13:41 +00:00
  • 9e516b4cdf Accepting request 1219925 from Virtualization:containers Dominique Leuenberger 2024-11-01 20:04:47 +00:00
  • 88fab01f49 Accepting request 1219925 from Virtualization:containers Dominique Leuenberger 2024-11-01 20:04:47 +00:00
  • 1931d76a2c Apply patches properly. Aleksa Sarai 2024-10-31 17:47:03 +00:00
  • 96ce48c3fa Accepting request 1219924 from home:cyphar:docker Aleksa Sarai 2024-10-31 17:47:03 +00:00
  • de974cbb79 docker.spec -> docker-stable.spec Aleksa Sarai 2024-10-30 14:42:40 +00:00
  • 5e7f6808d2 Accepting request 1219598 from home:cyphar:docker Aleksa Sarai 2024-10-30 14:42:40 +00:00
  • 0bcaef05f2 docker.changes -> docker-stable.changes Aleksa Sarai 2024-10-30 14:24:16 +00:00
  • 408f5fbd63 Accepting request 1219594 from home:cyphar:docker Aleksa Sarai 2024-10-30 14:24:16 +00:00
  • d3d431381b Add docker-stable package. Aleksa Sarai 2024-10-18 00:35:19 +00:00
  • 079c092ad1 Accepting request 1208740 from home:cyphar:docker Aleksa Sarai 2024-10-18 00:35:19 +00:00