- cve-2016-3697-numeric-uid.patch (merged upstream in gh@docker/docker#22998).
* Update Docker to 1.11.2. Changelog from upstream:
* Networking
* Fix a stale endpoint issue on overlay networks during ungraceful restart
(#23015)
* Fix an issue where the wrong port could be reported by docker
inspect/ps/port (#22997)
* Runtime
* Fix a potential panic when running docker build (#23032)
* Fix interpretation of --user parameter (#22998)
* Fix a bug preventing container statistics to be correctly reported (#22955)
* Fix an issue preventing container to be restarted after daemon restart
(#22947)
* Fix issues when running 32 bit binaries on Ubuntu 16.04 (#22922)
* Fix a possible deadlock on image deletion and container attach (#22918)
* Fix an issue where containers fail to start after a daemon restart if they
depend on a containerized cluster store (#22561)
* Fix an issue causing docker ps to hang on CentOS when using devicemapper
(#22168, #23067)
* Fix a bug preventing to docker exec into a container when using
devicemapper (#22168, #23067)
OBS-URL: https://build.opensuse.org/package/show/Virtualization:containers/docker?expand=0&rev=109
- boltdb_bolt_powerpc.patch
- fix-apparmor.patch
- fix-btrfs-ioctl-structure.patch
- fix-docker-init.patch
- libnetwork_drivers_bridge_powerpc.patch
- ignore-dockerinit-checksum.patch
* Require containerd, as it is the only currently supported Docker execdriver.
* Update docker.socket to require containerd.socket and use --containerd in
docker.service so that the services are self-contained.
* Update to Docker 1.11.0.
OBS-URL: https://build.opensuse.org/package/show/Virtualization:containers/docker?expand=0&rev=97
Runtime
Fix Docker client exiting with an "Unrecognized input header" error #20706
Fix Docker exiting if Exec is started with both AttachStdin and Detach #20647
Distribution
Fix a crash when pushing multiple images sharing the same layers to the same repository in parallel #20831
Fix a panic when pushing images to a registry which uses a misconfigured token service #21030
Plugin system
Fix issue preventing volume plugins to start when SELinux is enabled #20834
Prevent Docker from exiting if a volume plugin returns a null response for Get requests #20682
Fix plugin system leaking file descriptors if a plugin has an error #20680
Security
Fix linux32 emulation to fail during docker build #20672 It was due to the personality syscall being blocked by the default seccomp profile.
Fix Oracle XE 10g failing to start in a container #20981 It was due to the ipc syscall being blocked by the default seccomp profile.
Fix user namespaces not working on Linux From Scratch #20685
Fix issue preventing daemon to start if userns is enabled and the subuid or subgid files contain comments #20725
More at https://github.com/docker/docker/releases/tag/v1.10.3
OBS-URL: https://build.opensuse.org/package/show/Virtualization:containers/docker?expand=0&rev=82
* Runtime:
- Do not prevent daemon from booting if images could not be restored (#17695)
- Force IPC mount to unmount on daemon shutdown/init (#17539)
- Turn IPC unmount errors into warnings (#17554)
- Fix `docker stats` performance regression (#17638)
- Clarify cryptic error message upon `docker logs` if `--log-driver=none` (#17767)
- Fix seldom panics (#17639, #17634, #17703)
- Fix opq whiteouts problems for files with dot prefix (#17819)
- devicemapper: try defaulting to xfs instead of ext4 for performance reasons (#17903, #17918)
- devicemapper: fix displayed fs in docker info (#17974)
- selinux: only relabel if user requested so with the `z` option (#17450, #17834)
- Do not make network calls when normalizing names (#18014)
*Client:
- Fix `docker login` on windows (#17738)
- Fix bug with `docker inspect` output when not connected to daemon (#17715)
- Fix `docker inspect -f {{.HostConfig.Dns}} somecontainer` (#17680)
* Builder:
- Fix regression with symlink behavior in ADD/COPY (#17710)
* Networking:
- Allow passing a network ID as an argument for `--net` (#17558)
- Fix connect to host and prevent disconnect from host for `host` network (#17476)
- Fix `--fixed-cidr` issue when gateway ip falls in ip-range and ip-range is
not the first block in the network (#17853)
- Restore deterministic `IPv6` generation from `MAC` address on default `bridge` network (#17890)
- Allow port-mapping only for endpoints created on docker run (#17858)
- Fixed an endpoint delete issue with a possible stale sbox (#18102)
* Distribution:
- Correct parent chain in v2 push when v1Compatibility files on the disk are inconsistent (#18047)
OBS-URL: https://build.opensuse.org/package/show/Virtualization:containers/docker?expand=0&rev=44
* Fix layer IDs lead to local graph poisoning (CVE-2014-8178) (bnc#949660)
* Fix manifest validation and parsing logic errors allow pull-by-digest validation bypass (CVE-2014-8179)
* Add `--disable-legacy-registry` to prevent a daemon from using a v1 registry
OBS-URL: https://build.opensuse.org/package/show/Virtualization:containers/docker?expand=0&rev=39
building this package with debuginfo enabled (which is required for openSUSE:Factory)
was giving this warning:
[ 112s] extracting debug info from
/home/abuild/rpmbuild/BUILDROOT/docker-1.7.1-22.1.x86_64/usr/src/docker/bundles/1.7.1/dynbinary/docker-1.7.1
[ 112s] *** WARNING: identical binaries are copied, not linked:
[ 112s] /usr/src/docker/bundles/1.7.1/dynbinary/docker-1.7.1
[ 112s] and /usr/bin/docker
which was creating this error:
RPM build errors:
[ 292s] Installed (but unpackaged) file(s) found:
[ 292s]
/usr/lib/debug/usr/src/docker/bundles/1.7.1/dynbinary/docker-1.7.1.debug
Running fdupes fixes it.
OBS-URL: https://build.opensuse.org/package/show/Virtualization:containers/docker?expand=0&rev=22
Runtime
Fix default user spawning exec process with docker exec
Make --bridge=none not to configure the network bridge
Publish networking stats properly
Fix implicit devicemapper selection with static binaries
Fix socket connections that hung intermittently
Fix bridge interface creation on CentOS/RHEL 6.6
Fix local dns lookups added to resolv.conf
Fix copy command mounting volumes
Fix read/write privileges in volumes mounted with --volumes-from
Remote API
Fix unmarshalling of Command and Entrypoint
Set limit for minimum client version supported
Validate port specification
Return proper errors when attach/reattach fail
Distribution
Fix pulling private images
Fix fallback between registry V2 and V1
OBS-URL: https://build.opensuse.org/package/show/Virtualization:containers/docker?expand=0&rev=19
* Runtime
- Experimental feature: support for out-of-process volume plugins
- The userland proxy can be disabled in favor of hairpin NAT using the daemon’s `--userland-proxy=false` flag
- The `exec` command supports the `-u|--user` flag to specify the new process owner
- Default gateway for containers can be specified daemon-wide using the `--default-gateway` and `--default-gateway-v6` flags
- The CPU CFS (Completely Fair Scheduler) quota can be set in `docker run` using `--cpu-quota`
- Container block IO can be controlled in `docker run` using`--blkio-weight`
- ZFS support
- The `docker logs` command supports a `--since` argument
- UTS namespace can be shared with the host with `docker run --uts=host`
* Quality
- Networking stack was entirely rewritten as part of the libnetwork effort
- Engine internals refactoring
- Volumes code was entirely rewritten to support the plugins effort
- Sending SIGUSR1 to a daemon will dump all goroutines stacks without exiting
* Build
- Support ${variable:-value} and ${variable:+value} syntax for environment variables
- Support resource management flags `--cgroup-parent`, `--cpu-period`, `--cpu-quota`, `--cpuset-cpus`, `--cpuset-mems`
- git context changes with branches and directories
- The .dockerignore file support exclusion rules
* Distribution
- Client support for v2 mirroring support for the official registry
* Bugfixes
- Firewalld is now supported and will automatically be used when available
- mounting --device recursively
- Patch 0002-Stripped-dockerinit-binary.patch renamed to fix-docker-init.patch
and fixed to build with latest version of docker
OBS-URL: https://build.opensuse.org/package/show/Virtualization:containers/docker?expand=0&rev=12
* added sysconfig.docker.ppc64le: make docker daemon start on ppc64le
despite some iptables issues. To be removed soon
* ignore-dockerinit-checksum.patch: applied only when building with
gcc-go. Required to workaround a limitation of gcc-go
* gcc-go-build-static-libgo.patch: used only when building with gcc-go,
link libgo statically into docker itself.
OBS-URL: https://build.opensuse.org/package/show/Virtualization:containers/docker?expand=0&rev=9
- Updated to 1.4.0 (2014-12-11):
* Notable Features since 1.3.0:
- Set key=value labels to the daemon (displayed in `docker info`), applied with
new `-label` daemon flag
- Add support for `ENV` in Dockerfile of the form:
`ENV name=value name2=value2...`
- New Overlayfs Storage Driver
- `docker info` now returns an `ID` and `Name` field
- Filter events by event name, container, or image
- `docker cp` now supports copying from container volumes
- Fixed `docker tag`, so it honors `--force` when overriding a tag for existing
image.
- Changes introduced by 1.3.3 (2014-12-11):
* Security:
- Fix path traversal vulnerability in processing of absolute symbolic links (CVE-2014-9356) - (bnc#909709)
- Fix decompression of xz image archives, preventing privilege escalation (CVE-2014-9357) - (bnc#909710)
- Validate image IDs (CVE-2014-9358) - (bnc#909712)
* Runtime:
- Fix an issue when image archives are being read slowly
* Client:
- Fix a regression related to stdin redirection
- Fix a regression with `docker cp` when destination is the current directory
OBS-URL: https://build.opensuse.org/request/show/265920
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/docker?expand=0&rev=11
