* Fix layer IDs lead to local graph poisoning (CVE-2014-8178) (bnc#949660)
* Fix manifest validation and parsing logic errors allow pull-by-digest validation bypass (CVE-2014-8179)
* Add `--disable-legacy-registry` to prevent a daemon from using a v1 registry
OBS-URL: https://build.opensuse.org/package/show/Virtualization:containers/docker?expand=0&rev=39
Runtime
Fix default user spawning exec process with docker exec
Make --bridge=none not to configure the network bridge
Publish networking stats properly
Fix implicit devicemapper selection with static binaries
Fix socket connections that hung intermittently
Fix bridge interface creation on CentOS/RHEL 6.6
Fix local dns lookups added to resolv.conf
Fix copy command mounting volumes
Fix read/write privileges in volumes mounted with --volumes-from
Remote API
Fix unmarshalling of Command and Entrypoint
Set limit for minimum client version supported
Validate port specification
Return proper errors when attach/reattach fail
Distribution
Fix pulling private images
Fix fallback between registry V2 and V1
OBS-URL: https://build.opensuse.org/package/show/Virtualization:containers/docker?expand=0&rev=19
* Runtime
- Experimental feature: support for out-of-process volume plugins
- The userland proxy can be disabled in favor of hairpin NAT using the daemon’s `--userland-proxy=false` flag
- The `exec` command supports the `-u|--user` flag to specify the new process owner
- Default gateway for containers can be specified daemon-wide using the `--default-gateway` and `--default-gateway-v6` flags
- The CPU CFS (Completely Fair Scheduler) quota can be set in `docker run` using `--cpu-quota`
- Container block IO can be controlled in `docker run` using`--blkio-weight`
- ZFS support
- The `docker logs` command supports a `--since` argument
- UTS namespace can be shared with the host with `docker run --uts=host`
* Quality
- Networking stack was entirely rewritten as part of the libnetwork effort
- Engine internals refactoring
- Volumes code was entirely rewritten to support the plugins effort
- Sending SIGUSR1 to a daemon will dump all goroutines stacks without exiting
* Build
- Support ${variable:-value} and ${variable:+value} syntax for environment variables
- Support resource management flags `--cgroup-parent`, `--cpu-period`, `--cpu-quota`, `--cpuset-cpus`, `--cpuset-mems`
- git context changes with branches and directories
- The .dockerignore file support exclusion rules
* Distribution
- Client support for v2 mirroring support for the official registry
* Bugfixes
- Firewalld is now supported and will automatically be used when available
- mounting --device recursively
- Patch 0002-Stripped-dockerinit-binary.patch renamed to fix-docker-init.patch
and fixed to build with latest version of docker
OBS-URL: https://build.opensuse.org/package/show/Virtualization:containers/docker?expand=0&rev=12
* added sysconfig.docker.ppc64le: make docker daemon start on ppc64le
despite some iptables issues. To be removed soon
* ignore-dockerinit-checksum.patch: applied only when building with
gcc-go. Required to workaround a limitation of gcc-go
* gcc-go-build-static-libgo.patch: used only when building with gcc-go,
link libgo statically into docker itself.
OBS-URL: https://build.opensuse.org/package/show/Virtualization:containers/docker?expand=0&rev=9
- Updated to 1.4.0 (2014-12-11):
* Notable Features since 1.3.0:
- Set key=value labels to the daemon (displayed in `docker info`), applied with
new `-label` daemon flag
- Add support for `ENV` in Dockerfile of the form:
`ENV name=value name2=value2...`
- New Overlayfs Storage Driver
- `docker info` now returns an `ID` and `Name` field
- Filter events by event name, container, or image
- `docker cp` now supports copying from container volumes
- Fixed `docker tag`, so it honors `--force` when overriding a tag for existing
image.
- Changes introduced by 1.3.3 (2014-12-11):
* Security:
- Fix path traversal vulnerability in processing of absolute symbolic links (CVE-2014-9356) - (bnc#909709)
- Fix decompression of xz image archives, preventing privilege escalation (CVE-2014-9357) - (bnc#909710)
- Validate image IDs (CVE-2014-9358) - (bnc#909712)
* Runtime:
- Fix an issue when image archives are being read slowly
* Client:
- Fix a regression related to stdin redirection
- Fix a regression with `docker cp` when destination is the current directory
OBS-URL: https://build.opensuse.org/request/show/265920
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/docker?expand=0&rev=11