Hello community, here is the log from the commit of package docker for openSUSE:Factory checked in at 2019-07-30 12:37:03 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/docker (Old) and /work/SRC/openSUSE:Factory/.docker.new.4126 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Package is "docker" Tue Jul 30 12:37:03 2019 rev:93 rq:719750 version:19.03.1_ce Changes: -------- --- /work/SRC/openSUSE:Factory/docker/docker.changes 2019-07-28 10:16:57.940598564 +0200 +++ /work/SRC/openSUSE:Factory/.docker.new.4126/docker.changes 2019-07-30 12:37:07.154951761 +0200 @@ -1,0 +2,13 @@ +Tue Jul 30 05:14:44 UTC 2019 - Aleksa Sarai <asarai@suse.com> + +- Fix default installation such that --userns-remap=default works properly + (this appears to be an upstream regression, where --userns-remap=default + doesn't auto-create the group and results in an error on-start). boo#1143349 + +------------------------------------------------------------------- +Fri Jul 26 12:49:18 UTC 2019 - Aleksa Sarai <asarai@suse.com> + +- Update to Docker 19.03.1-ce. See upstream changelog in the packaged + /usr/share/doc/packages/docker/CHANGELOG.md. CVE-2019-14271 + +------------------------------------------------------------------- Old: ---- docker-19.03.0_ce_aeac9490dc54.tar.xz New: ---- docker-19.03.1_ce_74b1e89e8ac6.tar.xz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ docker.spec ++++++ --- /var/tmp/diff_new_pack.iGD76r/_old 2019-07-30 12:37:08.498951590 +0200 +++ /var/tmp/diff_new_pack.iGD76r/_new 2019-07-30 12:37:08.506951589 +0200 @@ -42,8 +42,8 @@ # helpfully injects into our build environment from the changelog). If you want # to generate a new git_commit_epoch, use this: # $ date --date="$(git show --format=fuller --date=iso $COMMIT_ID | grep -oP '(?<=^CommitDate: ).*')" '+%s' -%define git_version aeac9490dc54 -%define git_commit_epoch 1563384968 +%define git_version 74b1e89e8ac6 +%define git_commit_epoch 1564087121 # These are the git commits required. We verify them against the source to make # sure we didn't miss anything important when doing upgrades. @@ -52,7 +52,7 @@ %define required_libnetwork fc5a7d91d54cc98f64fc28f9e288b46a0bee756c Name: %{realname}%{name_suffix} -Version: 19.03.0_ce +Version: 19.03.1_ce Release: 0 Summary: The Moby-project Linux container runtime License: Apache-2.0 @@ -413,7 +413,18 @@ %fdupes %{buildroot} %pre +# /var/run/docker.sock group owner. getent group docker >/dev/null || groupadd -r docker + +# used for --userns-remap=default. +getent passwd dockremap >/dev/null || \ + useradd -Ur -p '!' -s /bin/false -c 'docker --userns-remap=default' dockremap +# "useradd -r" doesn't add sub[ug]ids so we manually add some. Hopefully there +# aren't any conflicts here, because usermod doesn't provide the same "get +# unusued range" feature that dockremap does. +grep -q '^dockremap:' /etc/sub[ug]id || \ + usermod -v 100000000-100065536 -w 100000000-100065536 dockremap + %service_add_pre %{realname}.service %post ++++++ _service ++++++ --- /var/tmp/diff_new_pack.iGD76r/_old 2019-07-30 12:37:08.582951579 +0200 +++ /var/tmp/diff_new_pack.iGD76r/_new 2019-07-30 12:37:08.586951579 +0200 @@ -3,8 +3,8 @@ <param name="url">https://github.com/docker/docker-ce.git</param> <param name="scm">git</param> <param name="exclude">.git</param> - <param name="versionformat">19.03.0_ce_%h</param> - <param name="revision">v19.03.0</param> + <param name="versionformat">19.03.1_ce_%h</param> + <param name="revision">v19.03.1</param> <param name="filename">docker</param> </service> <service name="recompress" mode="disabled"> ++++++ docker-19.03.0_ce_aeac9490dc54.tar.xz -> docker-19.03.1_ce_74b1e89e8ac6.tar.xz ++++++ /work/SRC/openSUSE:Factory/docker/docker-19.03.0_ce_aeac9490dc54.tar.xz /work/SRC/openSUSE:Factory/.docker.new.4126/docker-19.03.1_ce_74b1e89e8ac6.tar.xz differ: char 26, line 1