- Update to Docker 19.03.11-ce. See upstream changelog in the packaged

/usr/share/doc/packages/docker/CHANGELOG.md. bsc#1172377 CVE-2020-13401

OBS-URL: https://build.opensuse.org/package/show/Virtualization:containers/docker?expand=0&rev=338
This commit is contained in:
Aleksa Sarai 2020-06-03 11:37:56 +00:00 committed by Git OBS Bridge
parent b485d9a3bd
commit 9234962d3a
6 changed files with 71 additions and 17 deletions

View File

@ -3,8 +3,8 @@
<param name="url">https://github.com/docker/docker-ce.git</param> <param name="url">https://github.com/docker/docker-ce.git</param>
<param name="scm">git</param> <param name="scm">git</param>
<param name="exclude">.git</param> <param name="exclude">.git</param>
<param name="versionformat">19.03.5_ce_%h</param> <param name="versionformat">19.03.11_ce_%h</param>
<param name="revision">v19.03.5</param> <param name="revision">v19.03.11</param>
<param name="filename">docker</param> <param name="filename">docker</param>
</service> </service>
<service name="recompress" mode="disabled"> <service name="recompress" mode="disabled">

View File

@ -0,0 +1,41 @@
From 90511b7f36b8243baf47e140d7a974db7874e660 Mon Sep 17 00:00:00 2001
From: Aleksa Sarai <asarai@suse.de>
Date: Wed, 3 Jun 2020 20:38:14 +1000
Subject: [PATCH] unexport testcase.Cleanup to fix Go 1.14
Backport of https://github.com/gotestyourself/gotest.tools/pull/169.
SUSE-Bugs: bsc#1172377
Signed-off-by: Aleksa Sarai <asarai@suse.de>
---
components/engine/vendor/gotest.tools/x/subtest/context.go | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/components/engine/vendor/gotest.tools/x/subtest/context.go b/components/engine/vendor/gotest.tools/x/subtest/context.go
index 878bdebf14d8..bcf13eed54ba 100644
--- a/components/engine/vendor/gotest.tools/x/subtest/context.go
+++ b/components/engine/vendor/gotest.tools/x/subtest/context.go
@@ -27,9 +27,9 @@ func (tc *testcase) Ctx() context.Context {
return tc.ctx
}
-// Cleanup runs all cleanup functions. Functions are run in the opposite order
+// cleanup runs all cleanup functions. Functions are run in the opposite order
// in which they were added. Cleanup is called automatically before Run exits.
-func (tc *testcase) Cleanup() {
+func (tc *testcase) cleanup() {
for _, f := range tc.cleanupFuncs {
// Defer all cleanup functions so they all run even if one calls
// t.FailNow() or panics. Deferring them also runs them in reverse order.
@@ -59,7 +59,7 @@ type parallel interface {
func Run(t *testing.T, name string, subtest func(t TestContext)) bool {
return t.Run(name, func(t *testing.T) {
tc := &testcase{TB: t}
- defer tc.Cleanup()
+ defer tc.cleanup()
subtest(tc)
})
}
--
2.26.2

View File

@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:d39dea75d6807992e212b64c79644430730e4f4600bb7c5366932451a792ac40
size 10222200

View File

@ -1,3 +0,0 @@
version https://git-lfs.github.com/spec/v1
oid sha256:8a797fea917592f68ff2dfdbef8ff25af9edb1645dcf5e6a8c5003d611948607
size 10094684

View File

@ -1,3 +1,12 @@
-------------------------------------------------------------------
Tue Jun 2 08:37:06 UTC 2020 - Aleksa Sarai <asarai@suse.com>
- Update to Docker 19.03.11-ce. See upstream changelog in the packaged
/usr/share/doc/packages/docker/CHANGELOG.md. bsc#1172377 CVE-2020-13401
- Backport https://github.com/gotestyourself/gotest.tools/pull/169 so that we
can build Docker with Go 1.14 (upstream uses Go 1.13).
+ bsc1172377-0001-unexport-testcase.Cleanup-to-fix-Go-1.14.patch
------------------------------------------------------------------- -------------------------------------------------------------------
Thu Dec 19 15:42:26 UTC 2019 - Dominique Leuenberger <dimstar@opensuse.org> Thu Dec 19 15:42:26 UTC 2019 - Dominique Leuenberger <dimstar@opensuse.org>

View File

@ -1,7 +1,7 @@
# #
# spec file for package docker # spec file for package docker
# #
# Copyright (c) 2019 SUSE LLC # Copyright (c) 2020 SUSE LLC
# #
# All modifications and additions to the file contributed by third parties # All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed # remain the property of their copyright owners, unless otherwise agreed
@ -42,17 +42,17 @@
# helpfully injects into our build environment from the changelog). If you want # helpfully injects into our build environment from the changelog). If you want
# to generate a new git_commit_epoch, use this: # to generate a new git_commit_epoch, use this:
# $ date --date="$(git show --format=fuller --date=iso $COMMIT_ID | grep -oP '(?<=^CommitDate: ).*')" '+%s' # $ date --date="$(git show --format=fuller --date=iso $COMMIT_ID | grep -oP '(?<=^CommitDate: ).*')" '+%s'
%define git_version 633a0ea838f1 %define git_version 42e35e61f352
%define git_commit_epoch 1573629549 %define git_commit_epoch 1591001995
# These are the git commits required. We verify them against the source to make # These are the git commits required. We verify them against the source to make
# sure we didn't miss anything important when doing upgrades. # sure we didn't miss anything important when doing upgrades.
%define required_containerd b34a5c8af56e510852c35414db4c1f4fa6172339 %define required_containerd 7ad184331fa3e55e52b890ea95e65ba581ae3429
%define required_dockerrunc 3e425f80a8c931f88e6d94a8c831b9d5aa481657 %define required_dockerrunc dc9208a3303feef5b3839f4323d9beb36df0a9dd
%define required_libnetwork 3eb39382bfa6a3c42f83674ab080ae13b0e34e5d %define required_libnetwork 153d0769a1181bf591a9637fd487a541ec7db1e6
Name: %{realname}%{name_suffix} Name: %{realname}%{name_suffix}
Version: 19.03.5_ce Version: 19.03.11_ce
Release: 0 Release: 0
Summary: The Moby-project Linux container runtime Summary: The Moby-project Linux container runtime
License: Apache-2.0 License: Apache-2.0
@ -83,6 +83,8 @@ Patch300: packaging-0001-revert-Remove-docker-prefix-for-containerd-and-ru
Patch401: bsc1073877-0001-apparmor-clobber-docker-default-profile-on-start.patch Patch401: bsc1073877-0001-apparmor-clobber-docker-default-profile-on-start.patch
# SUSE-BACKPORT: Backport of https://github.com/docker/docker/pull/39121. bsc#1122469 # SUSE-BACKPORT: Backport of https://github.com/docker/docker/pull/39121. bsc#1122469
Patch402: bsc1122469-0001-apparmor-allow-readby-and-tracedby.patch Patch402: bsc1122469-0001-apparmor-allow-readby-and-tracedby.patch
# FIX-UPSTREAM: Backport of https://github.com/gotestyourself/gotest.tools/pull/169. bsc#1172377
Patch410: bsc1172377-0001-unexport-testcase.Cleanup-to-fix-Go-1.14.patch
# SUSE-FEATURE: Add support to mirror inofficial/private registries # SUSE-FEATURE: Add support to mirror inofficial/private registries
# (https://github.com/docker/docker/pull/34319) # (https://github.com/docker/docker/pull/34319)
Patch500: private-registry-0001-Add-private-registry-mirror-support.patch Patch500: private-registry-0001-Add-private-registry-mirror-support.patch
@ -97,8 +99,8 @@ BuildRequires: libseccomp-devel >= 2.2
BuildRequires: libtool BuildRequires: libtool
BuildRequires: procps BuildRequires: procps
BuildRequires: sqlite3-devel BuildRequires: sqlite3-devel
BuildRequires: pkgconfig(libsystemd)
BuildRequires: zsh BuildRequires: zsh
BuildRequires: pkgconfig(libsystemd)
Requires: apparmor-parser Requires: apparmor-parser
Requires: ca-certificates-mozilla Requires: ca-certificates-mozilla
# Required in order for networking to work. fix_bsc_1057743 is a work-around # Required in order for networking to work. fix_bsc_1057743 is a work-around
@ -136,7 +138,7 @@ Recommends: git-core >= 1.7
Conflicts: lxc < 1.0 Conflicts: lxc < 1.0
ExcludeArch: s390 ppc ExcludeArch: s390 ppc
BuildRequires: go-go-md2man BuildRequires: go-go-md2man
BuildRequires: golang(API) >= 1.12 BuildRequires: golang(API) >= 1.13
# KUBIC-SPECIFIC: This was required when upgrading from the original kubic # KUBIC-SPECIFIC: This was required when upgrading from the original kubic
# packaging, when everything was renamed to -kubic. It also is # packaging, when everything was renamed to -kubic. It also is
# used to ensure that nothing complains too much when using # used to ensure that nothing complains too much when using
@ -263,6 +265,8 @@ docker container runtime configuration for kubeadm
%patch401 -p1 %patch401 -p1
# bsc#1122469 # bsc#1122469
%patch402 -p1 %patch402 -p1
# bsc#1172377
%patch410 -p1
%if "%flavour" == "kubic" %if "%flavour" == "kubic"
# PATCH-SUSE: Mirror patch. # PATCH-SUSE: Mirror patch.
%patch500 -p1 %patch500 -p1
@ -349,9 +353,9 @@ popd
# of the upstream vendoring scripts. This is done on-build to make sure that # of the upstream vendoring scripts. This is done on-build to make sure that
# someone doing an update didn't miss anything. # someone doing an update didn't miss anything.
cd components/engine cd components/engine
grep 'RUNC_COMMIT=%{required_dockerrunc}' hack/dockerfile/install/runc.installer grep 'RUNC_COMMIT:=%{required_dockerrunc}' hack/dockerfile/install/runc.installer
grep 'CONTAINERD_COMMIT=%{required_containerd}' hack/dockerfile/install/containerd.installer grep 'CONTAINERD_COMMIT:=%{required_containerd}' hack/dockerfile/install/containerd.installer
grep 'LIBNETWORK_COMMIT=%{required_libnetwork}' hack/dockerfile/install/proxy.installer grep 'LIBNETWORK_COMMIT:=%{required_libnetwork}' hack/dockerfile/install/proxy.installer
%install %install
install -d %{buildroot}%{_bindir} install -d %{buildroot}%{_bindir}