From fb5e6c3606b0e108cc68c61e0d9e7a0b9a4e7b4837084a7a4c3e6f40bef09731 Mon Sep 17 00:00:00 2001
From: Aleksa Sarai <asarai@suse.com>
Date: Sun, 28 Jul 2019 16:50:24 +0000
Subject: [PATCH 1/2] Accepting request 719412 from home:cyphar:docker

Docker 19.03.1-ce.

OBS-URL: https://build.opensuse.org/request/show/719412
OBS-URL: https://build.opensuse.org/package/show/Virtualization:containers/docker?expand=0&rev=317
---
 _service                              | 4 ++--
 docker-19.03.0_ce_aeac9490dc54.tar.xz | 3 ---
 docker-19.03.1_ce_74b1e89e8ac6.tar.xz | 3 +++
 docker.changes                        | 6 ++++++
 docker.spec                           | 6 +++---
 5 files changed, 14 insertions(+), 8 deletions(-)
 delete mode 100644 docker-19.03.0_ce_aeac9490dc54.tar.xz
 create mode 100644 docker-19.03.1_ce_74b1e89e8ac6.tar.xz

diff --git a/_service b/_service
index 25917fc..5ad56bf 100644
--- a/_service
+++ b/_service
@@ -3,8 +3,8 @@
     <param name="url">https://github.com/docker/docker-ce.git</param>
     <param name="scm">git</param>
     <param name="exclude">.git</param>
-    <param name="versionformat">19.03.0_ce_%h</param>
-    <param name="revision">v19.03.0</param>
+    <param name="versionformat">19.03.1_ce_%h</param>
+    <param name="revision">v19.03.1</param>
     <param name="filename">docker</param>
   </service>
   <service name="recompress" mode="disabled">
diff --git a/docker-19.03.0_ce_aeac9490dc54.tar.xz b/docker-19.03.0_ce_aeac9490dc54.tar.xz
deleted file mode 100644
index b537bb0..0000000
--- a/docker-19.03.0_ce_aeac9490dc54.tar.xz
+++ /dev/null
@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:8987d5663c875fe4dde2e367099fd737902b95c80a8d712d14723bea44e335d8
-size 9978876
diff --git a/docker-19.03.1_ce_74b1e89e8ac6.tar.xz b/docker-19.03.1_ce_74b1e89e8ac6.tar.xz
new file mode 100644
index 0000000..346c32f
--- /dev/null
+++ b/docker-19.03.1_ce_74b1e89e8ac6.tar.xz
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:ccedcf67eeafd17d390f03b696c8d262adc697e0b806a56cb32c11180cb544e4
+size 9978776
diff --git a/docker.changes b/docker.changes
index b7481c6..0208623 100644
--- a/docker.changes
+++ b/docker.changes
@@ -1,3 +1,9 @@
+-------------------------------------------------------------------
+Fri Jul 26 12:49:18 UTC 2019 - Aleksa Sarai <asarai@suse.com>
+
+- Update to Docker 19.03.1-ce. See upstream changelog in the packaged
+  /usr/share/doc/packages/docker/CHANGELOG.md. CVE-2019-14271
+
 -------------------------------------------------------------------
 Mon Jul 22 22:13:30 UTC 2019 - Aleksa Sarai <asarai@suse.com>
 
diff --git a/docker.spec b/docker.spec
index f68e4d5..9aa97a3 100644
--- a/docker.spec
+++ b/docker.spec
@@ -42,8 +42,8 @@
 # helpfully injects into our build environment from the changelog). If you want
 # to generate a new git_commit_epoch, use this:
 #  $ date --date="$(git show --format=fuller --date=iso $COMMIT_ID | grep -oP '(?<=^CommitDate: ).*')" '+%s'
-%define git_version aeac9490dc54
-%define git_commit_epoch 1563384968
+%define git_version 74b1e89e8ac6
+%define git_commit_epoch 1564087121
 
 # These are the git commits required. We verify them against the source to make
 # sure we didn't miss anything important when doing upgrades.
@@ -52,7 +52,7 @@
 %define required_libnetwork fc5a7d91d54cc98f64fc28f9e288b46a0bee756c
 
 Name:           %{realname}%{name_suffix}
-Version:        19.03.0_ce
+Version:        19.03.1_ce
 Release:        0
 Summary:        The Moby-project Linux container runtime
 License:        Apache-2.0

From 938c89861104ae5ea3554ea4f5c48fe83915e43116f228d1cc8adb79454b11b8 Mon Sep 17 00:00:00 2001
From: Aleksa Sarai <asarai@suse.com>
Date: Tue, 30 Jul 2019 05:44:55 +0000
Subject: [PATCH 2/2] Accepting request 719747 from home:cyphar:docker

- Fix default installation such that --userns-remap=default works properly
  (this appears to be an upstream regression, where --userns-remap=default
  doesn't auto-create the group and results in an error on-start). boo#1143349

OBS-URL: https://build.opensuse.org/request/show/719747
OBS-URL: https://build.opensuse.org/package/show/Virtualization:containers/docker?expand=0&rev=318
---
 docker.changes |  7 +++++++
 docker.spec    | 11 +++++++++++
 2 files changed, 18 insertions(+)

diff --git a/docker.changes b/docker.changes
index 0208623..916929b 100644
--- a/docker.changes
+++ b/docker.changes
@@ -1,3 +1,10 @@
+-------------------------------------------------------------------
+Tue Jul 30 05:14:44 UTC 2019 - Aleksa Sarai <asarai@suse.com>
+
+- Fix default installation such that --userns-remap=default works properly
+  (this appears to be an upstream regression, where --userns-remap=default
+  doesn't auto-create the group and results in an error on-start). boo#1143349
+
 -------------------------------------------------------------------
 Fri Jul 26 12:49:18 UTC 2019 - Aleksa Sarai <asarai@suse.com>
 
diff --git a/docker.spec b/docker.spec
index 9aa97a3..bda0e2b 100644
--- a/docker.spec
+++ b/docker.spec
@@ -413,7 +413,18 @@ install -D -m 0644 %{SOURCE5} %{buildroot}%{_fillupdir}/sysconfig.kubelet
 %fdupes %{buildroot}
 
 %pre
+# /var/run/docker.sock group owner.
 getent group docker >/dev/null || groupadd -r docker
+
+# used for --userns-remap=default.
+getent passwd dockremap >/dev/null || \
+	useradd -Ur -p '!' -s /bin/false -c 'docker --userns-remap=default' dockremap
+# "useradd -r" doesn't add sub[ug]ids so we manually add some. Hopefully there
+# aren't any conflicts here, because usermod doesn't provide the same "get
+# unusued range" feature that dockremap does.
+grep -q '^dockremap:' /etc/sub[ug]id || \
+	usermod -v 100000000-100065536 -w 100000000-100065536 dockremap
+
 %service_add_pre %{realname}.service
 
 %post