- cve-2016-3697-numeric-uid.patch (merged upstream in gh@docker/docker#22998).
* Update Docker to 1.11.2. Changelog from upstream:
* Networking
* Fix a stale endpoint issue on overlay networks during ungraceful restart
(#23015)
* Fix an issue where the wrong port could be reported by docker
inspect/ps/port (#22997)
* Runtime
* Fix a potential panic when running docker build (#23032)
* Fix interpretation of --user parameter (#22998)
* Fix a bug preventing container statistics to be correctly reported (#22955)
* Fix an issue preventing container to be restarted after daemon restart
(#22947)
* Fix issues when running 32 bit binaries on Ubuntu 16.04 (#22922)
* Fix a possible deadlock on image deletion and container attach (#22918)
* Fix an issue where containers fail to start after a daemon restart if they
depend on a containerized cluster store (#22561)
* Fix an issue causing docker ps to hang on CentOS when using devicemapper
(#22168, #23067)
* Fix a bug preventing to docker exec into a container when using
devicemapper (#22168, #23067)
OBS-URL: https://build.opensuse.org/package/show/Virtualization:containers/docker?expand=0&rev=109
- boltdb_bolt_powerpc.patch
- fix-apparmor.patch
- fix-btrfs-ioctl-structure.patch
- fix-docker-init.patch
- libnetwork_drivers_bridge_powerpc.patch
- ignore-dockerinit-checksum.patch
* Require containerd, as it is the only currently supported Docker execdriver.
* Update docker.socket to require containerd.socket and use --containerd in
docker.service so that the services are self-contained.
* Update to Docker 1.11.0.
OBS-URL: https://build.opensuse.org/package/show/Virtualization:containers/docker?expand=0&rev=97
Runtime
Fix Docker client exiting with an "Unrecognized input header" error #20706
Fix Docker exiting if Exec is started with both AttachStdin and Detach #20647
Distribution
Fix a crash when pushing multiple images sharing the same layers to the same repository in parallel #20831
Fix a panic when pushing images to a registry which uses a misconfigured token service #21030
Plugin system
Fix issue preventing volume plugins to start when SELinux is enabled #20834
Prevent Docker from exiting if a volume plugin returns a null response for Get requests #20682
Fix plugin system leaking file descriptors if a plugin has an error #20680
Security
Fix linux32 emulation to fail during docker build #20672 It was due to the personality syscall being blocked by the default seccomp profile.
Fix Oracle XE 10g failing to start in a container #20981 It was due to the ipc syscall being blocked by the default seccomp profile.
Fix user namespaces not working on Linux From Scratch #20685
Fix issue preventing daemon to start if userns is enabled and the subuid or subgid files contain comments #20725
More at https://github.com/docker/docker/releases/tag/v1.10.3
OBS-URL: https://build.opensuse.org/package/show/Virtualization:containers/docker?expand=0&rev=82
* Runtime:
- Do not prevent daemon from booting if images could not be restored (#17695)
- Force IPC mount to unmount on daemon shutdown/init (#17539)
- Turn IPC unmount errors into warnings (#17554)
- Fix `docker stats` performance regression (#17638)
- Clarify cryptic error message upon `docker logs` if `--log-driver=none` (#17767)
- Fix seldom panics (#17639, #17634, #17703)
- Fix opq whiteouts problems for files with dot prefix (#17819)
- devicemapper: try defaulting to xfs instead of ext4 for performance reasons (#17903, #17918)
- devicemapper: fix displayed fs in docker info (#17974)
- selinux: only relabel if user requested so with the `z` option (#17450, #17834)
- Do not make network calls when normalizing names (#18014)
*Client:
- Fix `docker login` on windows (#17738)
- Fix bug with `docker inspect` output when not connected to daemon (#17715)
- Fix `docker inspect -f {{.HostConfig.Dns}} somecontainer` (#17680)
* Builder:
- Fix regression with symlink behavior in ADD/COPY (#17710)
* Networking:
- Allow passing a network ID as an argument for `--net` (#17558)
- Fix connect to host and prevent disconnect from host for `host` network (#17476)
- Fix `--fixed-cidr` issue when gateway ip falls in ip-range and ip-range is
not the first block in the network (#17853)
- Restore deterministic `IPv6` generation from `MAC` address on default `bridge` network (#17890)
- Allow port-mapping only for endpoints created on docker run (#17858)
- Fixed an endpoint delete issue with a possible stale sbox (#18102)
* Distribution:
- Correct parent chain in v2 push when v1Compatibility files on the disk are inconsistent (#18047)
OBS-URL: https://build.opensuse.org/package/show/Virtualization:containers/docker?expand=0&rev=44
* Fix layer IDs lead to local graph poisoning (CVE-2014-8178) (bnc#949660)
* Fix manifest validation and parsing logic errors allow pull-by-digest validation bypass (CVE-2014-8179)
* Add `--disable-legacy-registry` to prevent a daemon from using a v1 registry
OBS-URL: https://build.opensuse.org/package/show/Virtualization:containers/docker?expand=0&rev=39
Runtime
Fix default user spawning exec process with docker exec
Make --bridge=none not to configure the network bridge
Publish networking stats properly
Fix implicit devicemapper selection with static binaries
Fix socket connections that hung intermittently
Fix bridge interface creation on CentOS/RHEL 6.6
Fix local dns lookups added to resolv.conf
Fix copy command mounting volumes
Fix read/write privileges in volumes mounted with --volumes-from
Remote API
Fix unmarshalling of Command and Entrypoint
Set limit for minimum client version supported
Validate port specification
Return proper errors when attach/reattach fail
Distribution
Fix pulling private images
Fix fallback between registry V2 and V1
OBS-URL: https://build.opensuse.org/package/show/Virtualization:containers/docker?expand=0&rev=19