Accepting request 872225 from Virtualization:containers

OBS-URL: https://build.opensuse.org/request/show/872225
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/docker?expand=0&rev=110

0002-SECRETS-SUSE-implement-SUSE-container-secrets.patch

@@ -1,4 +1,4 @@
-From b7419429d17675d8db949bd7c35812308684254a Mon Sep 17 00:00:00 2001
+From eaedebbcf735732c00e565ff6077f4374cc87519 Mon Sep 17 00:00:00 2001
 From: Aleksa Sarai <asarai@suse.de>
 Date: Wed, 8 Mar 2017 11:43:29 +1100
 Subject: [PATCH 2/4] SECRETS: SUSE: implement SUSE container secrets
@@ -36,7 +36,7 @@ index d9bc082b1078..091dae2ae65e 100644
  		return errdefs.System(err)
 diff --git a/daemon/suse_secrets.go b/daemon/suse_secrets.go
 new file mode 100644
-index 000000000000..177efcb22295
+index 000000000000..9ee33adf7497
 --- /dev/null
 +++ b/daemon/suse_secrets.go
 @@ -0,0 +1,410 @@
@@ -68,6 +68,7 @@ index 000000000000..177efcb22295
 +	"os"
 +	"path/filepath"
 +	"strings"
++	"syscall"
 +
 +	"github.com/docker/docker/container"
 +	"github.com/docker/docker/pkg/archive"
@@ -79,7 +80,6 @@ index 000000000000..177efcb22295
 +
 +	"github.com/opencontainers/go-digest"
 +	"github.com/sirupsen/logrus"
-+	"golang.org/x/sys/unix"
 +)
 +
 +func init() {
@@ -285,7 +285,7 @@ index 000000000000..177efcb22295
 +	}
 +
 +	var uid, gid int
-+	if stat, ok := fi.Sys().(*unix.Stat_t); ok {
++	if stat, ok := fi.Sys().(*syscall.Stat_t); ok {
 +		uid, gid = int(stat.Uid), int(stat.Gid)
 +	} else {
 +		logrus.Warnf("SUSE:secrets :: failed to cast file stat_t: defaulting to owned by root:root: %s", path)

docker.changes

@@ -1,8 +1,37 @@
+-------------------------------------------------------------------
+Sun Feb 14 06:33:16 UTC 2021 - Aleksa Sarai <asarai@suse.com>
+
+[NOTE: This update was only ever released in SLES and Leap.]
+
+- It turns out the boo#1178801 libnetwork patch is also broken on Leap, so drop
+  the patch entirely. bsc#1180401 bsc#1182168
+  - boo1178801-0001-Add-docker-interfaces-to-firewalld-docker-zone.patch
+
+-------------------------------------------------------------------
+Wed Feb 10 07:40:36 UTC 2021 - Aleksa Sarai <asarai@suse.com>
+
+- Fix incorrect cast in SUSE secrets patches causing warnings on SLES.
+  * 0002-SECRETS-SUSE-implement-SUSE-container-secrets.patch
+
+-------------------------------------------------------------------
+Sat Feb  6 12:36:42 UTC 2021 - Aleksa Sarai <asarai@suse.com>
+
+[NOTE: This update was only ever released in SLES and Leap.]
+
+- Update Docker to 19.03.15-ce. See upstream changelog in the packaged
+  /usr/share/doc/packages/docker/CHANGELOG.md. This update includes fixes for
+  bsc#1181732 (CVE-2021-21284) and bsc#1181730 (CVE-2021-21285).
+- Rebase patches:
+  * bsc1073877-0001-apparmor-clobber-docker-default-profile-on-start.patch
+- Only apply the boo#1178801 libnetwork patch to handle firewalld on openSUSE.
+  It appears that SLES doesn't like the patch. bsc#1180401
+
 -------------------------------------------------------------------
 Tue Feb  2 13:06:17 UTC 2021 - Aleksa Sarai <asarai@suse.com>
 
 - Update to Docker 20.10.3-ce. See upstream changelog in the packaged
-  /usr/share/doc/packages/docker/CHANGELOG.md. CVE-2021-21285 CVE-2021-21284
+  /usr/share/doc/packages/docker/CHANGELOG.md. Fixes bsc#1181732
+  (CVE-2021-21284) and bsc#1181730 (CVE-2021-21285).
 - Rebase patches on top of 20.10.3-ce.
   - 0002-SECRETS-daemon-allow-directory-creation-in-run-secre.patch
   + 0001-SECRETS-daemon-allow-directory-creation-in-run-secre.patch
@@ -142,7 +171,7 @@ Wed Dec 11 23:55:40 UTC 2019 - Aleksa Sarai <asarai@suse.com>
 Mon Nov 18 04:46:31 UTC 2019 - Aleksa Sarai <asarai@suse.com>
 
 - Update to Docker 19.03.5-ce. See upstream changelog in the packaged
-  /usr/share/doc/packages/docker/CHANGELOG.md. bsc#1158590
+  /usr/share/doc/packages/docker/CHANGELOG.md. bsc#1158590 bsc#1157330
 
 -------------------------------------------------------------------
 Sat Oct 19 11:21:03 UTC 2019 - Aleksa Sarai <asarai@suse.com>