[ubuntu/trusty-updates] docker.io 1.6.2~dfsg1-1ubuntu4~14.04.1 (Accepted)

Chris J Arges chris.j.arges at canonical.com
Wed Oct 28 18:25:46 UTC 2015


docker.io (1.6.2~dfsg1-1ubuntu4~14.04.1) trusty; urgency=medium

  * Backport to Ubuntu 14.04 (LP: #1454719).
  * Disabled
    - d/p/lxc.autodev-support.patch to minimise regression risk as
      it is not relevant for the version of LXC on Trusty (1.0.3-0ubuntu3).
    - d/p/update-go.net-golang.org.patch: there has been a url
      canonical name change upstream, but keeping this patch on involves
      backporting golang to 1.4 which is undesirable for this backport
      (golang-go.net-dev needs golang-x-text, which does not build
      successfully without a 1.4 backport).
    - Wily related fixes:
      + d/p/golang-1.5-wily.patch to fix FTBFS with golang-1.5 build on wily
      + d/p/ppc64el-wily.patch to fix ppc64le FTBFS on wily (LP: #1488668)
      + d/p/libcontainer_arm64_syscall_dup2_to_dup3-c_changes.patch (LP: #1488669)
      + d/p/libcontainer_arm64_syscall_dup2_to_dup3-golang_changes.patch (LP: #1488669)
      + d/rules to build with golang-go on arm64 (LP: #1488669)
      + d/control to build with golang-go on arm64 (LP: #1488669)
  * Reverted:
    d/rules: http://anonscm.debian.org/cgit/docker/docker.io.git/diff/?id=b1458f5
    commit to preserve docker.io symlink.

docker.io (1.6.2~dfsg1-1ubuntu4) wily; urgency=medium

  * Add patches from upstream to fix some upgrade path bugs:
    - d/p/add-mutex-read-m_path.patch to fix vivid upgrade-path
    - d/p/stop-systemd-on-destroy.patch to fix leftover ".scope" fails
  * Add patches to fix Wily FTBFS:
    - d/p/ppc64el-wily.patch to fix ppc64le FTBFS on wily (LP: #1488668)
    - d/p/golang-1.5-wily.patch to fix FTBFS with golang-1.5 build on
      wily
  * arm64 support fixes for golang-go build (LP: #1488669):
    - d/p/libcontainer_arm64_syscall_dup2_to_dup3-c_changes.patch (LP:
      #1488669)
    - d/p/libcontainer_arm64_syscall_dup2_to_dup3-golang_changes.patch
      (LP: #1488669)
  * d/rules to build with golang-go on arm64 (LP: #1488669)
  * d/control to build with golang-go on arm64 (LP: #1488669)
  * Revert device-mapper-cleanup.patch dropped with an new one:
    d/p/device-mapper-cleanup2.patch

docker.io (1.6.2~dfsg1-1ubuntu3~14.04.1) trusty; urgency=medium

  * Backport to Ubuntu 14.04 (LP: #1454719).
  * Disable d/p/lxc.autodev-support.patch to minimise regression risk as
    it is not relevant for the version of LXC on Trusty (1.0.3-0ubuntu3).
  * Disable d/p/update-go.net-golang.org.patch: there has been a url
    canonical name change upstream, but keeping this patch on involves
    backporting golang to 1.4 which is undesirable for this backport
    (golang-go.net-dev needs golang-x-text, which does not build
    successfully without a 1.4 backport).
  * d/rules: revert
    http://anonscm.debian.org/cgit/docker/docker.io.git/diff/?id=b1458f5
    commit to preserve docker.io symlink.

docker.io (1.6.2~dfsg1-1ubuntu3) wily; urgency=medium

  * d/docker.io.postinst: fix restart issue on upgrade path from
    1.5.0~dfsg1-1ubuntu2 (LP: #1459916).

docker.io (1.6.2~dfsg1-1ubuntu2) wily; urgency=medium

  * Add patches
    - d/p/lxc.autodev-support.patch: fix bug: LP: #1466550
      Make LXC exec driver compatible with recent lxc where lxc.autodev is enabled
      by default. 
    - d/p/update-go.net-golang.org.patch: fix FTBS bug from wily

docker.io (1.6.2~dfsg1-1ubuntu1) wily; urgency=medium

  [ Pierre-André MOREY ]
  * Merge from Debian unstable. Remaining changes:
    - d/control: bump minimum version of golang-pty-dev for broader
      architecture support.
    - d/{control,rules}: use gccgo instead of golang to enable builds on
      ppc64el, powerpc and arm64.
    - System call number updates:
      + d/p/arm64-support.patch
      + d/p/arm-syscall-fix.patch
      + d/p/powerpc-support.patch
  * d/p/sync-apparmor-with-lxc.patch replaced by
    sync-apparmor-with-lxc.2.patch: update AppArmor policy to be in sync with LXC.

docker.io (1.6.2~dfsg1-1) unstable; urgency=medium

  * Update to 1.6.2 upstream release
  * Update deps in d/control to match upstream's hack/vendor.sh specifications

docker.io (1.6.1+dfsg1-2) unstable; urgency=medium

  * Add --no-restart-on-upgrade to dh_installinit so that we don't force
    a stop on upgrade, which can cause other units to fall over. Many thanks
    to Michael Stapelberg (sECuRE) for the tip!

docker.io (1.6.1+dfsg1-1) unstable; urgency=high

  * Update to 1.6.1 upstream release (Closes: #784726)
    - CVE-2015-3627
      Insecure opening of file-descriptor 1 leading to privilege escalation
    - CVE-2015-3629
      Symlink traversal on container respawn allows local privilege escalation
    - CVE-2015-3630
      Read/write proc paths allow host modification & information disclosure
    - CVE-2015-3631
      Volume mounts allow LSM profile escalation

docker.io (1.6.0+dfsg1-1ubuntu1) wily; urgency=medium

  * Merge from Debian unstable. Remaining changes:
    - d/control: bump minimum version of golang-pty-dev for broader
      architecture support.
    - d/{control,rules}: use gccgo instead of golang to enable builds on
      ppc64el, powerpc and arm64.
    - d/p/sync-apparmor-with-lxc.patch: update AppArmor policy to be
      in sync with LXC.
    - System call number updates; dep3 headers updated. All these are in upstream
      master but not yet included in the libcontainer release we're using:
      + d/p/arm64-support.patch
      + d/p/arm-syscall-fix.patch
      + d/p/powerpc-support.patch
  * Drop changes:
    - No longer required as the original bug no longer reproduces:
      d/p/device-mapper-cleanup.patch: cleanup any stale docker mounts
      from previous shutdown.
    - ppc64el support upstreamed:
      + d/p/enable-gccgo-build-v2.patch: add support to docker build
        system for gccgo.
      + d/p/remove-X-flag-autogenerate-dockerversion.patch
      + d/p/dockerversion-to-autogen-go-rename.patch
      + d/p/fix-build-dir-autogen.patch: autogen straight into build tree.
      + d/p/fix-dynbinary-for-autogen.patch: fix FTBFS on amd64.

docker.io (1.6.0+dfsg1-1) unstable; urgency=medium

  * Upload to unstable
  * Backport PR 12943 to support golang-go-patricia 2.*
  * Remove convenience copies of cgroupfs-mount in init.d / upstart scripts
    (Re: #783143)

docker.io (1.6.0+dfsg1-1~exp1) experimental; urgency=medium

  * Update to 1.6.0 upstream release
  * Adjust "repack.sh" to be more tolerant of "dfsg" suffixes

docker.io (1.6.0~rc7~dfsg1-1~exp1) experimental; urgency=low

  * Update to 1.6.0-rc7 upstream release

docker.io (1.6.0~rc4~dfsg1-1) experimental; urgency=low

  [ Tianon Gravi ]
  * Update to 1.6.0-rc4 upstream release
    - drop golang 1.2 support (no longer supported upstream)
    - update Homepage to https://dockerproject.com
    - add check-config.sh to /usr/share/docker.io/contrib
    - add "distribution" as a new multitarball orig
    - backport auto "btrfs_noversion" patch from
      https://github.com/docker/docker/pull/12048
      (simplifying our logic for detecting whether to use it)
    - switch from dh-golang to direct install since we're not actually using the
      features it offers (due to upstream's build system)
    - enable "docker.service" on boot by default for restart policies to work

  [ Felipe Sateler ]
  * Add Built-Using for glibc (Closes: #769351).

docker.io (1.5.0~dfsg1-1ubuntu2) vivid; urgency=medium

  * d/p/arm-syscall-fix.patch: Fix incorrect setns syscall on ARM.
  * d/p/powerpc-support.patch: Resolve FTBFS with powerpc builds.

docker.io (1.5.0~dfsg1-1ubuntu1) vivid; urgency=medium

  * Merge from Debian experimental (LP: #1430760). Remaining changes:
    - d/p/sync-apparmor-with-lxc.patch: Update AppArmor policy to be
      in sync with LXC.
    - d/p/device-mapper-cleanup.patch: Cleanup any stale docker mounts
      from previous shutdown.
    - d/control: Bump minimum version of golang-pty-dev for broader
      architecture support.
    - d/control: use gccgo instead of golang on ppc64el.
  * Drop changes:
    - d/p/enable-gccgo-build.patch: superceded by new ppc64el patches.
    - d/p/enable-non-amd64-arches.patch: superceded by upstream-accepted
      patches from IBM as described below.
  * New implementation of ppc64el support based on upstreamed IBM patches:
    - d/p/enable-gccgo-build-v2.patch: add support to docker build
      system for gccgo.
    - d/p/remove-X-flag-autogenerate-dockerversion.patch
    - d/p/dockerversion-to-autogen-go-rename.patch
    - d/rules: conditional build against gccgo when on ppc64.
    - d/p/fix-build-dir-autogen.patch: autogen straight into build tree.
    - d/p/fix-dynbinary-for-autogen.patch: fix FTBFS on amd64.
  * d/p/arm64-support.patch: fix to allow build on arm64.

docker.io (1.5.0~dfsg1-1) experimental; urgency=low

  * Update to 1.5.0 upstream release (Closes: #773495)
  * Remove several patches applied upstream!
    - 9637-fix-nuke-bashism.patch
    - enable-non-amd64-arches.patch
  * Fix btrfs-tools handling to allow for building with btrfs-tools < 1.16.1

docker.io (1.3.3~dfsg1-2ubuntu7) vivid; urgency=medium

  * d/p/enable-gccgo-build.patch: Update for gccgo archs.

docker.io (1.3.3~dfsg1-2ubuntu6) vivid; urgency=medium

  * Drop the build dependency on gccgo-go, build-depend on gccgo instead.

docker.io (1.3.3~dfsg1-2ubuntu5) vivid; urgency=medium

  * d/p/enable-non-amd64-arches.patch: Replace in preference to upstream
    accepted patch from IBM.
  * d/p/device-mapper-cleanup.patch: Annotate with upstream bug report.
  * d/p/enable-gccgo-build.patch: Annotate with pull request upstream
    from IBM, update to deal with autogenerated go code.
  * d/p/sync-apparmor-with-lxc.patch: Annotate with upstream pull request
    for libcontainer, reference github.com working repository.
  * d/control: Drop arm64 architecture for now as its going to require
    further work in the dependency chain.

docker.io (1.3.3~dfsg1-2ubuntu4) vivid; urgency=medium

  * Enable arm64 architecture using gccgo.

docker.io (1.3.3~dfsg1-2ubuntu3) vivid; urgency=medium

  * Enable ppc64el architecture using gccgo:
    - d/p/enable-gccgo-build.patch: Add support to docker build
      system for gccgo.
    - d/control: Use gccgo-go for ppc64el, exclude ppc64el for golang.
    - d/control: Bump minimum version of golang-pty-dev for broader
      architecture support.

docker.io (1.3.3~dfsg1-2ubuntu2) vivid; urgency=medium

  * d/p/device-mapper-cleanup.patch: Cleanup any stale docker mounts
    from previous shutdown (LP: #1404300).

docker.io (1.3.3~dfsg1-2ubuntu1) vivid; urgency=low

  * Merge from Debian unstable (LP: #1407408).  Remaining changes:
    - d/p/sync-apparmor-with-lxc.patch: Update AppArmor policy to be
      in sync with LXC.

docker.io (1.3.3~dfsg1-2) unstable; urgency=medium

  * Add fatal-error-old-kernels.patch to make Docker refuse to start on old,
    unsupported kernels (Closes: #774376)
  * Fix dh_auto_clean to clean up after the build properly, especially to avoid
    FTBFS when built twice (Closes: #774482)

docker.io (1.3.3~dfsg1-1ubuntu1) vivid; urgency=medium

  * Merge from Debian unstable (LP: #1396572), remaining changes:
    - d/p/sync-apparmor-with-lxc.patch: Update AppArmor policy to be
      in sync with LXC.

docker.io (1.3.3~dfsg1-1) unstable; urgency=medium

  [ Tianon Gravi ]
  * Update to 1.3.3 upstream release (Closes: #772909)
    - Fix for CVE-2014-9356 (Path traversal during processing of absolute
      symlinks)
    - Fix for CVE-2014-9357 (Escalation of privileges during decompression of
      LZMA (.xz) archives)
    - Fix for CVE-2014-9358 (Path traversal and spoofing opportunities presented
      through image identifiers)
  * Fix bashism in nuke-graph-directory.sh (Closes: #772261)

  [ Didier Roche ]
  * Support starting systemd service without /etc/default/docker
    (Closes: #770293)

docker.io (1.3.2~dfsg1-1ubuntu1) vivid; urgency=low

  * Merge from Debian unstable. Remaining changes:
    - d/p/sync-apparmor-with-lxc.patch: Update AppArmor policy to be
      in sync with LXC.
  * Dropped changes, equivalents included in Debian updates:
    - d/p/support-no-env-default-file.patch.

docker.io (1.3.2~dfsg1-1) unstable; urgency=high

  * Severity is set to high due to the sensitive nature of the CVEs this
    upload fixes.
  * Update to 1.3.2 upstream release
    - Fix for CVE-2014-6407 (Archive extraction host privilege escalation)
    - Fix for CVE-2014-6408 (Security options applied to image could lead
                             to container escalation)
  * Remove Daniel Mizyrycki from Uploaders. Thanks for all your work!

docker.io (1.3.1~dfsg1-2) unstable; urgency=medium

  * Remove deprecated /usr/bin/docker.io symlink
    - added as a temporary shim in 1.0.0~dfsg1-1 (13 Jun 2014)
    - unused by package-installed files in 1.2.0~dfsg1-1 (13 Sep 2014)

docker.io (1.3.1~dfsg1-1) unstable; urgency=high

  * Update to 1.3.1 upstream release
    - fix for CVE-2014-5277
    - https://groups.google.com/d/topic/docker-user/oYm0i3xShJU/discussion

docker.io (1.3.0~dfsg1-1) unstable; urgency=medium

  * Updated to 1.3.0 upstream release.
  * Enable systemd socket activation (Closes: #752555).

docker.io (1.2.0~dfsg1-2) unstable; urgency=medium

  * Added "golang-docker-dev" package for the reusable bits of Docker's source.

docker.io (1.2.0~dfsg1-1ubuntu2) vivid; urgency=medium

  * Reenable socket activation (race fixed with systemd 215)
  * debian/patches/support-no-env-default-file.patch:
    - Support removed /etc/default/docker under systemd

docker.io (1.2.0~dfsg1-1ubuntu1) utopic; urgency=medium

  * debian/patches/sync-apparmor-with-lxc.patch: update AppArmor policy to
    by in sync with LXC. Specifically this:
    - reorganizes the rules to allow for easier comparison with other
      container policy
    - adds comments for many rules
    - adds bare dbus rule
    - adds ptrace rule to allow ptracing ourselves
    - adds deny mount options=(ro, remount, silent) -> /
    - allows hugetlbfs
    - adds cgmanager mount
    - adds /sys/fs/pstore mount
    - more specific /sys/kernel/security mount options
    - more specific /sys mount options
    - more specific /proc/sys/kernel/* deny rules
    - more specific /proc/sys/net deny rules
    - more specific /sys/class deny rules
    - more specific /sys/devices deny rules
    - more specific /sys/fs deny rules

docker.io (1.2.0~dfsg1-1) unstable; urgency=medium

  * Updated to 1.2.0 upstream release (Closes: #757183, #757023, #757024).
  * Added upstream man pages.
  * Updated bash and zsh completions to be installed as "docker" and "_docker".
  * Updated init scripts to also be installed as "docker".
  * Fixed "equivalent" typo in README.Debian (Closes: #756395). Thanks Reuben!
  * Removed "docker.io" mention in README.Debian (Closes: #756290). Thanks
    Olivier!

Date: 2015-09-23 14:13:11.352232+00:00
Changed-By: Kick In <pierre-andre.morey at canonical.com>
Signed-By: Chris J Arges <chris.j.arges at canonical.com>
https://launchpad.net/ubuntu/+source/docker.io/1.6.2~dfsg1-1ubuntu4~14.04.1
-------------- next part --------------
Sorry, changesfile not available.


More information about the Trusty-changes mailing list