From 2e6d120ee5385e6d1d6366c3163d0fd01194b2564da601a739de7dc79bf9cec6 Mon Sep 17 00:00:00 2001 From: Flavio Castelli Date: Mon, 12 Oct 2015 20:33:58 +0000 Subject: [PATCH] - Update docker to 1.8.3 version: * Fix layer IDs lead to local graph poisoning (CVE-2014-8178) (bnc#949660) * Fix manifest validation and parsing logic errors allow pull-by-digest validation bypass (CVE-2014-8179) * Add `--disable-legacy-registry` to prevent a daemon from using a v1 registry OBS-URL: https://build.opensuse.org/package/show/Virtualization:containers/docker?expand=0&rev=39 --- docker-1.8.2.tar.gz | 3 --- docker-1.8.3.tar.xz | 3 +++ docker-rpmlintrc | 10 ++-------- docker.changes | 8 ++++++++ docker.spec | 10 +++++----- 5 files changed, 18 insertions(+), 16 deletions(-) delete mode 100644 docker-1.8.2.tar.gz create mode 100644 docker-1.8.3.tar.xz diff --git a/docker-1.8.2.tar.gz b/docker-1.8.2.tar.gz deleted file mode 100644 index 3a821b7..0000000 --- a/docker-1.8.2.tar.gz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:457569ca8edd70293132789bfe51636f86cd8a46a60c6d02d5ee8600cf79f74b -size 7563667 diff --git a/docker-1.8.3.tar.xz b/docker-1.8.3.tar.xz new file mode 100644 index 0000000..6a50d88 --- /dev/null +++ b/docker-1.8.3.tar.xz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:1bfb9c73593f63508a325f88b4ca1d59a2802784e856f54abe292b2f087b6292 +size 6242212 diff --git a/docker-rpmlintrc b/docker-rpmlintrc index 3d6adae..4e49437 100644 --- a/docker-rpmlintrc +++ b/docker-rpmlintrc @@ -4,11 +4,5 @@ addFilter ("^docker.x86_64: W: statically-linked-binary /usr/lib/docker/dockerin addFilter ("^docker.x86_64: W: unstripped-binary-or-object /usr/lib/docker/dockerinit") addFilter ("^docker.x86_64: W: no-manual-page-for-binary docker") addFilter ("^docker.x86_64: W: no-manual-page-for-binary nsinit") -addFilter ("test.noarch.*: E: devel-file-in-non-devel-package") -addFilter ("test.noarch.*: W: pem-certificate") -addFilter ("test.noarch.*: W: non-executable-script") -addFilter ("test.noarch.*: W: hidden-file-or-dir") -addFilter ("test.noarch.*: W: files-duplicate") -addFilter ("test.noarch.*: W: script-without-shebang /usr/src/docker/docs/README.md") -addFilter ("test.noarch.*: W: sourced-script-with-shebang /etc/bash_completion.d/docker bash") -addFilter ("test.noarch.*: W: suse-filelist-forbidden-fhs23 /usr/src/docker") +addFilter ("^docker-test.noarch: W:.*") +addFilter ("^docker-test.noarch: E:.*") diff --git a/docker.changes b/docker.changes index b9832c5..b61f63e 100644 --- a/docker.changes +++ b/docker.changes @@ -1,3 +1,11 @@ +------------------------------------------------------------------- +Mon Oct 12 20:28:46 UTC 2015 - fcastelli@suse.com + +- Update docker to 1.8.3 version: + * Fix layer IDs lead to local graph poisoning (CVE-2014-8178) (bnc#949660) + * Fix manifest validation and parsing logic errors allow pull-by-digest validation bypass (CVE-2014-8179) + * Add `--disable-legacy-registry` to prevent a daemon from using a v1 registry + ------------------------------------------------------------------- Thu Sep 10 22:33:01 UTC 2015 - jmassaguerpla@suse.com diff --git a/docker.spec b/docker.spec index d2920c6..1132367 100644 --- a/docker.spec +++ b/docker.spec @@ -16,16 +16,16 @@ # -%define git_version 0a8c2e3 +%define git_version f4bf5c7 %define go_arches %ix86 x86_64 Name: docker -Version: 1.8.2 +Version: 1.8.3 Release: 0 Summary: The Linux container runtime License: Apache-2.0 Group: System/Management Url: http://www.docker.io -Source: %{name}-%{version}.tar.gz +Source: %{name}-%{version}.tar.xz Source1: docker.service Source3: 80-docker.rules Source4: sysconfig.docker @@ -60,7 +60,6 @@ BuildRequires: go-go-md2man %else BuildRequires: gcc5-go >= 5.0 %endif -BuildRequires: fdupes BuildRequires: libapparmor-devel BuildRequires: libbtrfs-devel >= 3.8 BuildRequires: procps @@ -127,6 +126,7 @@ Requires: go >= 1.4 %else Requires: gcc5-go >= 5.0 %endif +BuildRequires: fdupes Requires: apparmor-parser Requires: bash-completion Requires: libapparmor-devel @@ -149,7 +149,6 @@ Test package for docker. It contains the source code and the tests. %patch102 -p1 %endif cp %{SOURCE7} . -find . -name ".gitignore" | xargs rm %build %ifnarch %go_arches @@ -243,6 +242,7 @@ groupadd -r docker 2>/dev/null || : %{_bindir}/docker %{_sbindir}/rcdocker %{_prefix}/lib/docker/ +%{_prefix}/lib/docker/dockerinit %{_unitdir}/%{name}.service %{_unitdir}/%{name}.socket %{_prefix}/lib/udev/rules.d/80-%{name}.rules