diff --git a/_service b/_service
index 25917fc..5ad56bf 100644
--- a/_service
+++ b/_service
@@ -3,8 +3,8 @@
https://github.com/docker/docker-ce.git
git
.git
- 19.03.0_ce_%h
- v19.03.0
+ 19.03.1_ce_%h
+ v19.03.1
docker
diff --git a/docker-19.03.0_ce_aeac9490dc54.tar.xz b/docker-19.03.0_ce_aeac9490dc54.tar.xz
deleted file mode 100644
index b537bb0..0000000
--- a/docker-19.03.0_ce_aeac9490dc54.tar.xz
+++ /dev/null
@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:8987d5663c875fe4dde2e367099fd737902b95c80a8d712d14723bea44e335d8
-size 9978876
diff --git a/docker-19.03.1_ce_74b1e89e8ac6.tar.xz b/docker-19.03.1_ce_74b1e89e8ac6.tar.xz
new file mode 100644
index 0000000..346c32f
--- /dev/null
+++ b/docker-19.03.1_ce_74b1e89e8ac6.tar.xz
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:ccedcf67eeafd17d390f03b696c8d262adc697e0b806a56cb32c11180cb544e4
+size 9978776
diff --git a/docker.changes b/docker.changes
index b7481c6..916929b 100644
--- a/docker.changes
+++ b/docker.changes
@@ -1,3 +1,16 @@
+-------------------------------------------------------------------
+Tue Jul 30 05:14:44 UTC 2019 - Aleksa Sarai
+
+- Fix default installation such that --userns-remap=default works properly
+ (this appears to be an upstream regression, where --userns-remap=default
+ doesn't auto-create the group and results in an error on-start). boo#1143349
+
+-------------------------------------------------------------------
+Fri Jul 26 12:49:18 UTC 2019 - Aleksa Sarai
+
+- Update to Docker 19.03.1-ce. See upstream changelog in the packaged
+ /usr/share/doc/packages/docker/CHANGELOG.md. CVE-2019-14271
+
-------------------------------------------------------------------
Mon Jul 22 22:13:30 UTC 2019 - Aleksa Sarai
diff --git a/docker.spec b/docker.spec
index f68e4d5..bda0e2b 100644
--- a/docker.spec
+++ b/docker.spec
@@ -42,8 +42,8 @@
# helpfully injects into our build environment from the changelog). If you want
# to generate a new git_commit_epoch, use this:
# $ date --date="$(git show --format=fuller --date=iso $COMMIT_ID | grep -oP '(?<=^CommitDate: ).*')" '+%s'
-%define git_version aeac9490dc54
-%define git_commit_epoch 1563384968
+%define git_version 74b1e89e8ac6
+%define git_commit_epoch 1564087121
# These are the git commits required. We verify them against the source to make
# sure we didn't miss anything important when doing upgrades.
@@ -52,7 +52,7 @@
%define required_libnetwork fc5a7d91d54cc98f64fc28f9e288b46a0bee756c
Name: %{realname}%{name_suffix}
-Version: 19.03.0_ce
+Version: 19.03.1_ce
Release: 0
Summary: The Moby-project Linux container runtime
License: Apache-2.0
@@ -413,7 +413,18 @@ install -D -m 0644 %{SOURCE5} %{buildroot}%{_fillupdir}/sysconfig.kubelet
%fdupes %{buildroot}
%pre
+# /var/run/docker.sock group owner.
getent group docker >/dev/null || groupadd -r docker
+
+# used for --userns-remap=default.
+getent passwd dockremap >/dev/null || \
+ useradd -Ur -p '!' -s /bin/false -c 'docker --userns-remap=default' dockremap
+# "useradd -r" doesn't add sub[ug]ids so we manually add some. Hopefully there
+# aren't any conflicts here, because usermod doesn't provide the same "get
+# unusued range" feature that dockremap does.
+grep -q '^dockremap:' /etc/sub[ug]id || \
+ usermod -v 100000000-100065536 -w 100000000-100065536 dockremap
+
%service_add_pre %{realname}.service
%post