[ubuntu/focal-security] docker.io 20.10.2-0ubuntu1~20.04.3 (Accepted)

Marc Deslauriers marc.deslauriers at canonical.com
Mon Jul 26 14:13:55 UTC 2021

docker.io (20.10.2-0ubuntu1~20.04.3) focal-security; urgency=medium

  * No change rebuild in -security pocket. (LP: #1937286)

docker.io (20.10.2-0ubuntu1~20.04.2) focal; urgency=medium

  * d/rules: pass --no-restart-after-upgrade to dh_installsystemd.
    The --no-start flag we pass to dh_installsystemd in d/rules is supposed
    to also disable --restart-after-upgrade, however, this feature was buggy
    before the now fixed debhelper 13. Due to that we need to manually add

docker.io (20.10.2-0ubuntu1~20.04.1) focal; urgency=medium

  * Backport version 20.10.2-0ubuntu1 from Hirsute (LP: #1919322).

docker.io (20.10.2-0ubuntu1) hirsute; urgency=medium

  * New upstream release.
  * d/watch: update components, docker-ce is deprecated now.
    Add "engine", "cli" and "packaging" components which were previously
    provided by docker-ce.
  * Pass create-empty-orig to dpkg-source since now there is no main tarball.
    Due to docker-ce deprecation this source package is now composed by
    multiple components but no main tarball. In order to allow that,
    create-empty-orig is passed to dpkg-source which creates an empty
    tarball for us.
  * Drop patches applied by upstream:
    - d/p/41518--apparmor-parser-beta.patch
    - d/p/CVE-2020-15157.patch
  * Add docker systemd service and socket to the debian directory.
    Instead of using the packaging component just to get those two files
    let's embed them in the debian directory. They were downloaded from the
    master branch of the docker/docker-ce-packaging:
  * Apply changes in do-not-bind-docker-to-containerd.patch to systemd service.
    The systemd service is part of the debian packaging directory, so no
    need to have a patch for this.
    This change was a decision made by the Ubuntu community, pay attention
    to this when updating the systemd service file.
  * Pass --name=docker to dh_installsystemd
  * Remove "components/" from all references of engine and cli.
    Now engine and cli are regular components in the root of the source
    package. They are not under the components directory anymore.
  * d/rules: use DEB_VERSION_UPSTREAM from pkg-info.mk instead of VERSION file.
    The VERSION file was previously provided by the deprecated docker-ce.
  * d/rules: do not try to install md2man in /go/bin/md2man.
    Upstream source code changed and by default it tries to install it in
    /go/bin/md2man. A sed command was added to replace this path with
  * d/vim-syntax-docker.install: do not install files from engine.
    Those files do not exist anymore because they were incorporated in vim
    itself upstream.
  * Remove d/{helpers/gitcommit.sh,upstream-version-gitcommits}
    Since the main repo, docker-ce, is deprecated there is no way to get a
    consistent git commit hash across all the components. Let's use
    DEB_VERSION for now.
  * Bump debhelper compatibility level to 11.
    For instance to call dh_installsystemd we need a compat level > 9.
    I picked 11 because it is available from Bionic on in case we want to
    backport the package.

docker.io (19.03.13-0ubuntu6) hirsute; urgency=medium

  * d/docker.io.postinst: check if zfs exists before calling it (LP: #1910133).
    The zfs executable is provided by zfs-fuse | zfsutils and they are
    runtime Suggested dependencies, which means they might not be available
    during configuration time.

docker.io (19.03.13-0ubuntu5) hirsute; urgency=medium

  * d/rules: pass -r instead of --no-stop-on-upgrade to dh_systemd_start.
    The --no-stop-on-upgrade is not backport-able to xenial because
    debhelper 9 does not support that, and --no-restart-on-upgrade will be
    deprecated in debhelper 14. Therefore, let's use the short version which
    is supported by a larger range of debhelper versions.

docker.io (19.03.13-0ubuntu4) hirsute; urgency=medium

  * d/p/do_not_bind_docker_to_containerd.patch: Update docker.io to not
    stop when containerd is upgraded, by using Wants= rather than BindTo=.
    (LP: #1870514)
  * d/rules: Fix docker.io to not restart its service during package
    upgrades, to prevent service downtime from automatic updates via
    (LP: #1906364)

docker.io (19.03.13-0ubuntu3) groovy; urgency=medium

  * SECURITY UPDATE: Sensitive information disclosure
    - debian/patches/CVE-2020-15157.patch: Improve fetch function.
    - CVE-2020-15157

docker.io (19.03.13-0ubuntu2) groovy; urgency=medium

  [ Tianon Gravi ]
  * Backport https://github.com/moby/moby/pull/41518 to handle newer AppArmor

docker.io (19.03.13-0ubuntu1) groovy; urgency=medium

  [ Tianon Gravi ]
  * Update to 19.03.13 upstream release
  * Build against Go 1.13 (per upstream)
  * Use dh-golang to generate appropriate Built-Using

docker.io (19.03.11-0ubuntu1) groovy; urgency=medium

  * Update to 19.03.11 upstream release (CVE-2020-13401, LP: #1881679)
  * Apply wrap-and-sort
  * Move cgroupfs-mount to Suggests
    (esp. on Ubuntu where systemd is canonical)

docker.io (19.03.8-0ubuntu4) groovy; urgency=medium

  * Provide "image" and "oci" components in golang dev package,
    mirroring Debian to address libpod FTBFS

docker.io (19.03.8-0ubuntu3) groovy; urgency=medium

  * Provide the rootless component in golang dev package, mirroring Debian
    (addresses nomad FTBFS).

docker.io (19.03.8-0ubuntu2) groovy; urgency=medium

  [ Jean-Baptiste Lallement ]
  [ Didier Roche ]
  * Fix use with ZFS on root:
    - docker creates one dataset for any layer of containers that were
      created. Create now a <pool>/var/lib/docker for creating them in
      the persistent namespace and migrate existing one here.
    - purge the automated historic that was created.
    The migration only impacts the ubuntu desktop installation with
    experimental ZFS on root, and we have thus to stop and start the daemon
    to migrate data. (LP: #1879473)

Date: 2021-07-23 21:04:11.802561+00:00
Changed-By: Marc Deslauriers <marc.deslauriers at canonical.com>
-------------- next part --------------
Sorry, changesfile not available.

More information about the Focal-changes mailing list