- Update to Docker 19.03.11-ce. See upstream changelog in the packaged
/usr/share/doc/packages/docker/CHANGELOG.md. bsc#1172377 CVE-2020-13401 OBS-URL: https://build.opensuse.org/package/show/Virtualization:containers/docker?expand=0&rev=338
This commit is contained in:
parent
b485d9a3bd
commit
9234962d3a
4
_service
4
_service
@ -3,8 +3,8 @@
|
||||
<param name="url">https://github.com/docker/docker-ce.git</param>
|
||||
<param name="scm">git</param>
|
||||
<param name="exclude">.git</param>
|
||||
<param name="versionformat">19.03.5_ce_%h</param>
|
||||
<param name="revision">v19.03.5</param>
|
||||
<param name="versionformat">19.03.11_ce_%h</param>
|
||||
<param name="revision">v19.03.11</param>
|
||||
<param name="filename">docker</param>
|
||||
</service>
|
||||
<service name="recompress" mode="disabled">
|
||||
|
@ -0,0 +1,41 @@
|
||||
From 90511b7f36b8243baf47e140d7a974db7874e660 Mon Sep 17 00:00:00 2001
|
||||
From: Aleksa Sarai <asarai@suse.de>
|
||||
Date: Wed, 3 Jun 2020 20:38:14 +1000
|
||||
Subject: [PATCH] unexport testcase.Cleanup to fix Go 1.14
|
||||
|
||||
Backport of https://github.com/gotestyourself/gotest.tools/pull/169.
|
||||
|
||||
SUSE-Bugs: bsc#1172377
|
||||
Signed-off-by: Aleksa Sarai <asarai@suse.de>
|
||||
---
|
||||
components/engine/vendor/gotest.tools/x/subtest/context.go | 6 +++---
|
||||
1 file changed, 3 insertions(+), 3 deletions(-)
|
||||
|
||||
diff --git a/components/engine/vendor/gotest.tools/x/subtest/context.go b/components/engine/vendor/gotest.tools/x/subtest/context.go
|
||||
index 878bdebf14d8..bcf13eed54ba 100644
|
||||
--- a/components/engine/vendor/gotest.tools/x/subtest/context.go
|
||||
+++ b/components/engine/vendor/gotest.tools/x/subtest/context.go
|
||||
@@ -27,9 +27,9 @@ func (tc *testcase) Ctx() context.Context {
|
||||
return tc.ctx
|
||||
}
|
||||
|
||||
-// Cleanup runs all cleanup functions. Functions are run in the opposite order
|
||||
+// cleanup runs all cleanup functions. Functions are run in the opposite order
|
||||
// in which they were added. Cleanup is called automatically before Run exits.
|
||||
-func (tc *testcase) Cleanup() {
|
||||
+func (tc *testcase) cleanup() {
|
||||
for _, f := range tc.cleanupFuncs {
|
||||
// Defer all cleanup functions so they all run even if one calls
|
||||
// t.FailNow() or panics. Deferring them also runs them in reverse order.
|
||||
@@ -59,7 +59,7 @@ type parallel interface {
|
||||
func Run(t *testing.T, name string, subtest func(t TestContext)) bool {
|
||||
return t.Run(name, func(t *testing.T) {
|
||||
tc := &testcase{TB: t}
|
||||
- defer tc.Cleanup()
|
||||
+ defer tc.cleanup()
|
||||
subtest(tc)
|
||||
})
|
||||
}
|
||||
--
|
||||
2.26.2
|
||||
|
3
docker-19.03.11_ce_42e35e61f352.tar.xz
Normal file
3
docker-19.03.11_ce_42e35e61f352.tar.xz
Normal file
@ -0,0 +1,3 @@
|
||||
version https://git-lfs.github.com/spec/v1
|
||||
oid sha256:d39dea75d6807992e212b64c79644430730e4f4600bb7c5366932451a792ac40
|
||||
size 10222200
|
@ -1,3 +0,0 @@
|
||||
version https://git-lfs.github.com/spec/v1
|
||||
oid sha256:8a797fea917592f68ff2dfdbef8ff25af9edb1645dcf5e6a8c5003d611948607
|
||||
size 10094684
|
@ -1,3 +1,12 @@
|
||||
-------------------------------------------------------------------
|
||||
Tue Jun 2 08:37:06 UTC 2020 - Aleksa Sarai <asarai@suse.com>
|
||||
|
||||
- Update to Docker 19.03.11-ce. See upstream changelog in the packaged
|
||||
/usr/share/doc/packages/docker/CHANGELOG.md. bsc#1172377 CVE-2020-13401
|
||||
- Backport https://github.com/gotestyourself/gotest.tools/pull/169 so that we
|
||||
can build Docker with Go 1.14 (upstream uses Go 1.13).
|
||||
+ bsc1172377-0001-unexport-testcase.Cleanup-to-fix-Go-1.14.patch
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Thu Dec 19 15:42:26 UTC 2019 - Dominique Leuenberger <dimstar@opensuse.org>
|
||||
|
||||
|
28
docker.spec
28
docker.spec
@ -1,7 +1,7 @@
|
||||
#
|
||||
# spec file for package docker
|
||||
#
|
||||
# Copyright (c) 2019 SUSE LLC
|
||||
# Copyright (c) 2020 SUSE LLC
|
||||
#
|
||||
# All modifications and additions to the file contributed by third parties
|
||||
# remain the property of their copyright owners, unless otherwise agreed
|
||||
@ -42,17 +42,17 @@
|
||||
# helpfully injects into our build environment from the changelog). If you want
|
||||
# to generate a new git_commit_epoch, use this:
|
||||
# $ date --date="$(git show --format=fuller --date=iso $COMMIT_ID | grep -oP '(?<=^CommitDate: ).*')" '+%s'
|
||||
%define git_version 633a0ea838f1
|
||||
%define git_commit_epoch 1573629549
|
||||
%define git_version 42e35e61f352
|
||||
%define git_commit_epoch 1591001995
|
||||
|
||||
# These are the git commits required. We verify them against the source to make
|
||||
# sure we didn't miss anything important when doing upgrades.
|
||||
%define required_containerd b34a5c8af56e510852c35414db4c1f4fa6172339
|
||||
%define required_dockerrunc 3e425f80a8c931f88e6d94a8c831b9d5aa481657
|
||||
%define required_libnetwork 3eb39382bfa6a3c42f83674ab080ae13b0e34e5d
|
||||
%define required_containerd 7ad184331fa3e55e52b890ea95e65ba581ae3429
|
||||
%define required_dockerrunc dc9208a3303feef5b3839f4323d9beb36df0a9dd
|
||||
%define required_libnetwork 153d0769a1181bf591a9637fd487a541ec7db1e6
|
||||
|
||||
Name: %{realname}%{name_suffix}
|
||||
Version: 19.03.5_ce
|
||||
Version: 19.03.11_ce
|
||||
Release: 0
|
||||
Summary: The Moby-project Linux container runtime
|
||||
License: Apache-2.0
|
||||
@ -83,6 +83,8 @@ Patch300: packaging-0001-revert-Remove-docker-prefix-for-containerd-and-ru
|
||||
Patch401: bsc1073877-0001-apparmor-clobber-docker-default-profile-on-start.patch
|
||||
# SUSE-BACKPORT: Backport of https://github.com/docker/docker/pull/39121. bsc#1122469
|
||||
Patch402: bsc1122469-0001-apparmor-allow-readby-and-tracedby.patch
|
||||
# FIX-UPSTREAM: Backport of https://github.com/gotestyourself/gotest.tools/pull/169. bsc#1172377
|
||||
Patch410: bsc1172377-0001-unexport-testcase.Cleanup-to-fix-Go-1.14.patch
|
||||
# SUSE-FEATURE: Add support to mirror inofficial/private registries
|
||||
# (https://github.com/docker/docker/pull/34319)
|
||||
Patch500: private-registry-0001-Add-private-registry-mirror-support.patch
|
||||
@ -97,8 +99,8 @@ BuildRequires: libseccomp-devel >= 2.2
|
||||
BuildRequires: libtool
|
||||
BuildRequires: procps
|
||||
BuildRequires: sqlite3-devel
|
||||
BuildRequires: pkgconfig(libsystemd)
|
||||
BuildRequires: zsh
|
||||
BuildRequires: pkgconfig(libsystemd)
|
||||
Requires: apparmor-parser
|
||||
Requires: ca-certificates-mozilla
|
||||
# Required in order for networking to work. fix_bsc_1057743 is a work-around
|
||||
@ -136,7 +138,7 @@ Recommends: git-core >= 1.7
|
||||
Conflicts: lxc < 1.0
|
||||
ExcludeArch: s390 ppc
|
||||
BuildRequires: go-go-md2man
|
||||
BuildRequires: golang(API) >= 1.12
|
||||
BuildRequires: golang(API) >= 1.13
|
||||
# KUBIC-SPECIFIC: This was required when upgrading from the original kubic
|
||||
# packaging, when everything was renamed to -kubic. It also is
|
||||
# used to ensure that nothing complains too much when using
|
||||
@ -263,6 +265,8 @@ docker container runtime configuration for kubeadm
|
||||
%patch401 -p1
|
||||
# bsc#1122469
|
||||
%patch402 -p1
|
||||
# bsc#1172377
|
||||
%patch410 -p1
|
||||
%if "%flavour" == "kubic"
|
||||
# PATCH-SUSE: Mirror patch.
|
||||
%patch500 -p1
|
||||
@ -349,9 +353,9 @@ popd
|
||||
# of the upstream vendoring scripts. This is done on-build to make sure that
|
||||
# someone doing an update didn't miss anything.
|
||||
cd components/engine
|
||||
grep 'RUNC_COMMIT=%{required_dockerrunc}' hack/dockerfile/install/runc.installer
|
||||
grep 'CONTAINERD_COMMIT=%{required_containerd}' hack/dockerfile/install/containerd.installer
|
||||
grep 'LIBNETWORK_COMMIT=%{required_libnetwork}' hack/dockerfile/install/proxy.installer
|
||||
grep 'RUNC_COMMIT:=%{required_dockerrunc}' hack/dockerfile/install/runc.installer
|
||||
grep 'CONTAINERD_COMMIT:=%{required_containerd}' hack/dockerfile/install/containerd.installer
|
||||
grep 'LIBNETWORK_COMMIT:=%{required_libnetwork}' hack/dockerfile/install/proxy.installer
|
||||
|
||||
%install
|
||||
install -d %{buildroot}%{_bindir}
|
||||
|
Loading…
Reference in New Issue
Block a user