[ubuntu/hirsute-updates] docker.io 20.10.7-0ubuntu5~21.04.1 (Accepted)

Łukasz Zemczak lukasz.zemczak at canonical.com
Thu Nov 4 17:16:21 UTC 2021


docker.io (20.10.7-0ubuntu5~21.04.1) hirsute; urgency=medium

  * Backport version 20.10.7-0ubuntu5 from Impish (LP: #1938908).

docker.io (20.10.7-0ubuntu5) impish; urgency=medium

  [ Sergio Durigan Junior ]
  * d/t/docker-in-lxd:
    Improve dep8 test.  Make it run a more complex test against an
    ubuntu:devel docker container, especially because glibc updates might
    break docker.io.  Improve test reliability when running autopkgtest
    locally.

  [ Steve Beattie ]
  * SECURITY UPDATE: insufficiently restricted directory permissions
    - d/p/CVE-2021-41091.patch: Lock down docker root dir perms.
    - CVE-2021-41091
  * SECURITY UPDATE: permissions modifications outside of install directory
    - d/p/CVE-2021-41089.patch: chrootarchive: don't create parent dirs
      outside of chroot.
    - CVE-2021-41089

docker.io (20.10.7-0ubuntu4) impish; urgency=medium

  * d/p/seccomp-add-support-for-clone3-syscall-in-default-policy.patch: Fix
    failure with new glibc clone3 syscall adding it to the default seccomp
    policy (LP: #1943049).

docker.io (20.10.7-0ubuntu3) impish; urgency=medium

  * d/t/docker-in-lxd:
    Perform a full upgrade and restart of the container before attempting
    to install docker.io. (LP: #1942276)

docker.io (20.10.7-0ubuntu2) impish; urgency=medium

  * Ship libnetwork into the golang-github-docker-docker-dev package.
    - d/golang-github-docker-docker-dev.install: add libnetwork directories.
    - d/control: add runtime dependency on golang-github-ishidawataru-sctp-dev

docker.io (20.10.7-0ubuntu1) impish; urgency=medium

  * New upstream release.
    - Among new features and bug fixes, the CVE-2021-21284 and CVE-2021-21285
      were addressed.
  * d/watch: adjust regex to correctly match the tarball files.
  * d/rules: make some improvements.
    - Adjust regex in the build-manpages target due to some upstream changes.
    - Separately install the systemd service and socket.
    - Tell dh_installsystemd to not stop the service during the upgrade.
      The previous implementation worked fine until debhelper compat 10 where
      dh_systemd_start was still a thing. In compat 11, it was deprecated
      which means that piece of code was not called.

Date: 2021-10-06 14:32:09.500347+00:00
Signed-By: Łukasz Zemczak <lukasz.zemczak at canonical.com>
https://launchpad.net/ubuntu/+source/docker.io/20.10.7-0ubuntu5~21.04.1
-------------- next part --------------
Sorry, changesfile not available.


More information about the Hirsute-changes mailing list