Package: docker.io | Debian Sources

Package: docker.io / 20.10.24+dfsg1-1+deb12u1

Metadata

Package	Version	Patches format
docker.io	20.10.24+dfsg1-1+deb12u1	3.0 (quilt)

Patch series

view the series file

Patch	File delta	Description
debian bash completion no shebang.patch \| (download)	cli/contrib/completion/bash/docker \| 4 3 + 1 - 0 ! 1 file changed, 3 insertions(+), 1 deletion(-)	remove shebang from bash completion file Discussed upstream, rejected as most code editors rely on the shebang to correctly indent and highlight the file.
debian systemd unit tasksmax.patch \| (download)	engine/contrib/init/systemd/docker.service \| 2 1 + 1 - 0 ! 1 file changed, 1 insertion(+), 1 deletion(-)	[patch] docker.service: don't limit tasks
debian systemd unit environment file.patch \| (download)	engine/contrib/init/systemd/docker.service \| 3 2 + 1 - 0 ! 1 file changed, 2 insertions(+), 1 deletion(-)	use environmentfile with the systemd unit file. Bug-Debian: http://bugs.debian.org/746774
debian dockerd binary location.patch \| (download)	engine/contrib/init/systemd/docker.service \| 2 1 + 1 - 0 ! engine/contrib/init/sysvinit-debian/docker \| 2 1 + 1 - 0 ! engine/contrib/init/upstart/docker.conf \| 2 1 + 1 - 0 ! 3 files changed, 3 insertions(+), 3 deletions(-)	fhs compliance.
debian cgroupfs mount convenience copy.patch \| (download)	engine/contrib/init/sysvinit-debian/docker \| 25 0 + 25 - 0 ! engine/contrib/init/upstart/docker.conf \| 23 0 + 23 - 0 ! 2 files changed, 48 deletions(-)	remove convenience copies of cgroupfs-mount in init.d / upstart
debian nuke no prompt.patch \| (download)	engine/contrib/nuke-graph-directory.sh \| 7 0 + 7 - 0 ! 1 file changed, 7 deletions(-)	remove prompt and delay
cli add go.mod file.patch \| (download)	cli/go.mod \| 1 1 + 0 - 0 ! 1 file changed, 1 insertion(+)	add go.mod file to cli Fix build issue during tests with + gotest.tools/v3
cli dont duplicate authconfig.patch \| (download)	cli/cli/config/types/authconfig.go \| 23 4 + 19 - 0 ! 1 file changed, 4 insertions(+), 19 deletions(-)	prevent reverse build-deps nomad and gitlab-runner to ftbfs ~~~~ gitlab-runner src/gitlab.com/gitlab-org/gitlab-runner/helpers/docker/auth_config.go:102:22: cannot use config.AuthConfigs (type map[string]"github.com/docker/cli/cli/config/types".AuthConfig] as type map[string]"github.com/docker/docker/api/types".AuthConfig] in argument to addAll src/gitlab.com/gitlab-org/gitlab-runner/helpers/docker/auth_config.go:130:2: cannot use newAuths (type map[string]"github.com/docker/cli/cli/config/types".AuthConfig] as type map[string]"github.com/docker/docker/api/types".AuthConfig] in return argument src/gitlab.com/gitlab-org/gitlab-runner/helpers/docker/auth_config.go:144:26: cannot use newAuths (type "github.com/docker/cli/cli/config/types".AuthConfig) ~~~~ ~~~~ nomad src/github.com/hashicorp/nomad/drivers/docker/utils.go:118:57: cannot use cfile.AuthConfigs (type map[string]"github.com/docker/cli/cli/config/types".AuthConfig] as type map[string]"github.com/docker/docker/api/types".AuthConfig] in argument to "github.com/docker/docker/registry".ResolveAuthConfig ~~~~ Please update this patch when upstream provides a fix. Signed-off-by: Arnaud Rebillout <arnaud.rebillout@collabora.com>
engine add go.mod file.patch \| (download)	engine/go.mod \| 1 1 + 0 - 0 ! 1 file changed, 1 insertion(+)	add go.mod file to engine Fix build issue with + github.com/coreos/go-systemd/v22 + gotest.tools/v3
engine build against containerd v1.5.2.patch \| (download)	engine/plugin/backend_linux.go \| 4 2 + 2 - 0 ! 1 file changed, 2 insertions(+), 2 deletions(-)	vendor: github.com/containerd/containerd v1.5.2
engine build against runc 1.0.patch \| (download)	engine/oci/devices_linux.go \| 5 2 + 3 - 0 ! 1 file changed, 2 insertions(+), 3 deletions(-)	---
engine seccomp mipsx.patch \| (download)	engine/profiles/seccomp/default.json \| 32 31 + 1 - 0 ! engine/profiles/seccomp/default_linux.go \| 36 35 + 1 - 0 ! 2 files changed, 66 insertions(+), 2 deletions(-)	---
engine systemd service after containerd.patch \| (download)	engine/contrib/init/systemd/docker.service \| 6 3 + 3 - 0 ! 1 file changed, 3 insertions(+), 3 deletions(-)	order docker.service after containerd.service Fixes proper shutdown of containers.
libnetwork add go.mod file.patch \| (download)	libnetwork/go.mod \| 1 1 + 0 - 0 ! 1 file changed, 1 insertion(+)	add go.mod file to libnetwork Fix build issue with + github.com/godbus/dbus/v5
libnetwork_proto.patch \| (download)	libnetwork/agent.go \| 2 1 + 1 - 0 ! libnetwork/drivers/overlay/overlay.go \| 2 1 + 1 - 0 ! libnetwork/networkdb/networkdb.go \| 2 1 + 1 - 0 ! 3 files changed, 3 insertions(+), 3 deletions(-)	fix generation of .pb.go files.
libnetwork_proto_no_unrecognized_all.patch \| (download)	libnetwork/agent.proto \| 1 1 + 0 - 0 ! 1 file changed, 1 insertion(+)	since gogo/protobuf 1.2 unknown fields in proto3 are preserved. This results in a XXX_unrecognized of type []byte to be created in the struct. As a side effect the struct can't be used as a map key anymore, resulting in a libnetwork build failure. Fix this by setting goproto_unrecognized_all=false which suppresses this field. Upstream doesn't have the problem because they have pinned an older version of gogo/protobuf: https://github.com/docker/libnetwork/pull/2242
test cli skip network tests.patch \| (download)	cli/cli/command/image/build_test.go \| 1 1 + 0 - 0 ! 1 file changed, 1 insertion(+)	cli/command: skip network tests Interestingly, the last time I tried, only the test 'TestRunBuildFromGitHubSpecialCase' failed, and it failed only for the armel architecture. Which makes absolutely no sense, given that it's supposed to fail when there's no network, and it should have nothing to do with the architecture. . Anyway. Let's disable this test. . Build error below: . === FAIL: cli/command/image TestRunBuildFromGitHubSpecialCase (0.10s) Error: unable to prepare context: unable to 'git clone' to temporary context directory: error fetching: fatal: unable to access 'https://github.com/docker/for-win/': Couldn't connect to server : exit status 128 build_test.go:136: assertion failed: expected error to contain "docker-build-git", got "unable to prepare context: unable to 'git clone' to temporary context directory: error fetching: fatal: unable to access 'https://github.com/docker/for-win/': Couldn't connect to server\n: exit status 128"
test cli skip TestRunLabel.patch \| (download)	cli/cli/command/container/run_test.go \| 1 1 + 0 - 0 ! 1 file changed, 1 insertion(+)	[patch] disable unreliable test, failing randomly on multiple architectures Starting from docker 19.03.12, this test fails on some buildd architectures. It succeeds on my machine though. It seems that there is no change between docker 19.03.11 and docker 19.03.12, regarding this part of the code. So it could be due to a change in the golang package. docker 19.03.11 was built with `golang-1.14-src amd64 1.14.4-1`, while 19.03.12 is now built with `golang-1.14-src amd64 1.14.4-2`. However, looking at the
test cli skip TestSignCommandLocalFlag.patch \| (download)	cli/cli/command/trust/sign_test.go \| 1 1 + 0 - 0 ! 1 file changed, 1 insertion(+)	skip testsigncommandlocalflag No idea why this test used to pass before and fails now... ~~~~ === RUN TestSignCommandLocalFlag
test skip daemon oci linux pbuilder tests.patch \| (download)	engine/daemon/oci_linux_test.go \| 1 1 + 0 - 0 ! 1 file changed, 1 insertion(+)	skip test in pbuilder
test skip pkg signal flaky tests.patch \| (download)	engine/pkg/signal/signal_linux_test.go \| 2 2 + 0 - 0 ! 1 file changed, 2 insertions(+)	skip some pkg/signal linux tests Issue mentioned upstream at <https://github.com/moby/moby/pull/40353>, there was a tentative fix at <https://github.com/moby/moby/pull/40496>, but the issue is still present. === Failed === FAIL: pkg/signal TestCatchAll (0.00s) signal_linux_test.go:32: assertion failed: urgent I/O condition (string) != hangup (string) signal_linux_test.go:32: assertion failed: hangup (string) != child exited (string) signal_linux_test.go:32: assertion failed: child exited (string) != illegal instruction (string) signal_linux_test.go:32: assertion failed: illegal instruction (string) != floating point exception (string) signal_linux_test.go:32: assertion failed: floating point exception (string) != child exited (string)
test skip pkg system chtimes mips64.patch \| (download)	engine/pkg/system/chtimes_linux_test.go \| 7 7 + 0 - 0 ! engine/pkg/system/chtimes_test.go \| 7 7 + 0 - 0 ! 2 files changed, 14 insertions(+)	skip pkg/system chtimes tests on mips64 === RUN TestChtimesLinux chtimes_linux_test.go:87: Expected: 2262-04-11 23:47:16 +0000 UTC, got: 1990-01-27 10:50:44 +0000 UTC
test skip TestGetRootUIDGID.patch \| (download)	engine/pkg/idtools/idtools_unix_test.go \| 1 1 + 0 - 0 ! 1 file changed, 1 insertion(+)	disable test failing is sbuild. ~~~~ FAIL: TestGetRootUIDGID (0.00s) idtools_unix_test.go:287: Error Trace: idtools_unix_test.go:287 Error: Not equal: expected: 1009 actual : 2952 Test: TestGetRootUIDGID ~~~~
test skip TestStateRunStop.patch \| (download)	engine/container/state_test.go \| 1 1 + 0 - 0 ! 1 file changed, 1 insertion(+)	disabled unreliable test. ~~~~ state_test.go:102: ExitCode -1, expected 2, err "context deadline exceeded" ~~~~
avoid consul.patch \| (download)	engine/pkg/discovery/kv/kv.go \| 3 0 + 3 - 0 ! libnetwork/hostdiscovery/hostdiscovery.go \| 2 0 + 2 - 0 ! libnetwork/store.go \| 2 0 + 2 - 0 ! 3 files changed, 7 deletions(-)	---
CVE 2024 41110.patch \| (download)	engine/pkg/authorization/authz.go \| 38 34 + 4 - 0 ! engine/pkg/authorization/authz_unix_test.go \| 49 46 + 3 - 0 ! 2 files changed, 80 insertions(+), 7 deletions(-)	cve-2024-41110 [patch] authz plugin security fixes for 0-length content and path validation Signed-off-by: Jameson Hyde <jameson.hyde@docker.com> MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit fix comments [debian description] A security vulnerability has been detected in certain versions of Docker Engine, which could allow an attacker to bypass authorization plugins (AuthZ) under specific circumstances. The base likelihood of this being exploited is low. (cherry picked from commit 9659c3a52bac57e615b5fb49b0652baca448643e) Signed-off-by: Pawe Gronowski <pawel.gronowski@docker.com> (cherry picked from commit 2ac8a479c53d9b8e67c55f1e283da9d85d2b3415) Signed-off-by: Pawe Gronowski <pawel.gronowski@docker.com>

Patch	File delta	Description
debian bash completion no shebang.patch \| (download)	cli/contrib/completion/bash/docker \| 4 3 + 1 - 0 ! 1 file changed, 3 insertions(+), 1 deletion(-)	remove shebang from bash completion file Discussed upstream, rejected as most code editors rely on the shebang to correctly indent and highlight the file.
debian systemd unit tasksmax.patch \| (download)	engine/contrib/init/systemd/docker.service \| 2 1 + 1 - 0 ! 1 file changed, 1 insertion(+), 1 deletion(-)	[patch] docker.service: don't limit tasks
debian systemd unit environment file.patch \| (download)	engine/contrib/init/systemd/docker.service \| 3 2 + 1 - 0 ! 1 file changed, 2 insertions(+), 1 deletion(-)	use environmentfile with the systemd unit file. Bug-Debian: http://bugs.debian.org/746774
debian dockerd binary location.patch \| (download)	engine/contrib/init/systemd/docker.service \| 2 1 + 1 - 0 ! engine/contrib/init/sysvinit-debian/docker \| 2 1 + 1 - 0 ! engine/contrib/init/upstart/docker.conf \| 2 1 + 1 - 0 ! 3 files changed, 3 insertions(+), 3 deletions(-)	fhs compliance.
debian cgroupfs mount convenience copy.patch \| (download)	engine/contrib/init/sysvinit-debian/docker \| 25 0 + 25 - 0 ! engine/contrib/init/upstart/docker.conf \| 23 0 + 23 - 0 ! 2 files changed, 48 deletions(-)	remove convenience copies of cgroupfs-mount in init.d / upstart
debian nuke no prompt.patch \| (download)	engine/contrib/nuke-graph-directory.sh \| 7 0 + 7 - 0 ! 1 file changed, 7 deletions(-)	remove prompt and delay
cli add go.mod file.patch \| (download)	cli/go.mod \| 1 1 + 0 - 0 ! 1 file changed, 1 insertion(+)	add go.mod file to cli Fix build issue during tests with + gotest.tools/v3
cli dont duplicate authconfig.patch \| (download)	cli/cli/config/types/authconfig.go \| 23 4 + 19 - 0 ! 1 file changed, 4 insertions(+), 19 deletions(-)	prevent reverse build-deps nomad and gitlab-runner to ftbfs ~~~~ gitlab-runner src/gitlab.com/gitlab-org/gitlab-runner/helpers/docker/auth_config.go:102:22: cannot use config.AuthConfigs (type map[string]"github.com/docker/cli/cli/config/types".AuthConfig] as type map[string]"github.com/docker/docker/api/types".AuthConfig] in argument to addAll src/gitlab.com/gitlab-org/gitlab-runner/helpers/docker/auth_config.go:130:2: cannot use newAuths (type map[string]"github.com/docker/cli/cli/config/types".AuthConfig] as type map[string]"github.com/docker/docker/api/types".AuthConfig] in return argument src/gitlab.com/gitlab-org/gitlab-runner/helpers/docker/auth_config.go:144:26: cannot use newAuths (type "github.com/docker/cli/cli/config/types".AuthConfig) ~~~~ ~~~~ nomad src/github.com/hashicorp/nomad/drivers/docker/utils.go:118:57: cannot use cfile.AuthConfigs (type map[string]"github.com/docker/cli/cli/config/types".AuthConfig] as type map[string]"github.com/docker/docker/api/types".AuthConfig] in argument to "github.com/docker/docker/registry".ResolveAuthConfig ~~~~ Please update this patch when upstream provides a fix. Signed-off-by: Arnaud Rebillout <arnaud.rebillout@collabora.com>
engine add go.mod file.patch \| (download)	engine/go.mod \| 1 1 + 0 - 0 ! 1 file changed, 1 insertion(+)	add go.mod file to engine Fix build issue with + github.com/coreos/go-systemd/v22 + gotest.tools/v3
engine build against containerd v1.5.2.patch \| (download)	engine/plugin/backend_linux.go \| 4 2 + 2 - 0 ! 1 file changed, 2 insertions(+), 2 deletions(-)	vendor: github.com/containerd/containerd v1.5.2
engine build against runc 1.0.patch \| (download)	engine/oci/devices_linux.go \| 5 2 + 3 - 0 ! 1 file changed, 2 insertions(+), 3 deletions(-)	---
engine seccomp mipsx.patch \| (download)	engine/profiles/seccomp/default.json \| 32 31 + 1 - 0 ! engine/profiles/seccomp/default_linux.go \| 36 35 + 1 - 0 ! 2 files changed, 66 insertions(+), 2 deletions(-)	---
engine systemd service after containerd.patch \| (download)	engine/contrib/init/systemd/docker.service \| 6 3 + 3 - 0 ! 1 file changed, 3 insertions(+), 3 deletions(-)	order docker.service after containerd.service Fixes proper shutdown of containers.
libnetwork add go.mod file.patch \| (download)	libnetwork/go.mod \| 1 1 + 0 - 0 ! 1 file changed, 1 insertion(+)	add go.mod file to libnetwork Fix build issue with + github.com/godbus/dbus/v5
libnetwork_proto.patch \| (download)	libnetwork/agent.go \| 2 1 + 1 - 0 ! libnetwork/drivers/overlay/overlay.go \| 2 1 + 1 - 0 ! libnetwork/networkdb/networkdb.go \| 2 1 + 1 - 0 ! 3 files changed, 3 insertions(+), 3 deletions(-)	fix generation of .pb.go files.
libnetwork_proto_no_unrecognized_all.patch \| (download)	libnetwork/agent.proto \| 1 1 + 0 - 0 ! 1 file changed, 1 insertion(+)	since gogo/protobuf 1.2 unknown fields in proto3 are preserved. This results in a XXX_unrecognized of type []byte to be created in the struct. As a side effect the struct can't be used as a map key anymore, resulting in a libnetwork build failure. Fix this by setting goproto_unrecognized_all=false which suppresses this field. Upstream doesn't have the problem because they have pinned an older version of gogo/protobuf: https://github.com/docker/libnetwork/pull/2242
test cli skip network tests.patch \| (download)	cli/cli/command/image/build_test.go \| 1 1 + 0 - 0 ! 1 file changed, 1 insertion(+)	cli/command: skip network tests Interestingly, the last time I tried, only the test 'TestRunBuildFromGitHubSpecialCase' failed, and it failed only for the armel architecture. Which makes absolutely no sense, given that it's supposed to fail when there's no network, and it should have nothing to do with the architecture. . Anyway. Let's disable this test. . Build error below: . === FAIL: cli/command/image TestRunBuildFromGitHubSpecialCase (0.10s) Error: unable to prepare context: unable to 'git clone' to temporary context directory: error fetching: fatal: unable to access 'https://github.com/docker/for-win/': Couldn't connect to server : exit status 128 build_test.go:136: assertion failed: expected error to contain "docker-build-git", got "unable to prepare context: unable to 'git clone' to temporary context directory: error fetching: fatal: unable to access 'https://github.com/docker/for-win/': Couldn't connect to server\n: exit status 128"
test cli skip TestRunLabel.patch \| (download)	cli/cli/command/container/run_test.go \| 1 1 + 0 - 0 ! 1 file changed, 1 insertion(+)	[patch] disable unreliable test, failing randomly on multiple architectures Starting from docker 19.03.12, this test fails on some buildd architectures. It succeeds on my machine though. It seems that there is no change between docker 19.03.11 and docker 19.03.12, regarding this part of the code. So it could be due to a change in the golang package. docker 19.03.11 was built with `golang-1.14-src amd64 1.14.4-1`, while 19.03.12 is now built with `golang-1.14-src amd64 1.14.4-2`. However, looking at the
test cli skip TestSignCommandLocalFlag.patch \| (download)	cli/cli/command/trust/sign_test.go \| 1 1 + 0 - 0 ! 1 file changed, 1 insertion(+)	skip testsigncommandlocalflag No idea why this test used to pass before and fails now... ~~~~ === RUN TestSignCommandLocalFlag
test skip daemon oci linux pbuilder tests.patch \| (download)	engine/daemon/oci_linux_test.go \| 1 1 + 0 - 0 ! 1 file changed, 1 insertion(+)	skip test in pbuilder
test skip pkg signal flaky tests.patch \| (download)	engine/pkg/signal/signal_linux_test.go \| 2 2 + 0 - 0 ! 1 file changed, 2 insertions(+)	skip some pkg/signal linux tests Issue mentioned upstream at <https://github.com/moby/moby/pull/40353>, there was a tentative fix at <https://github.com/moby/moby/pull/40496>, but the issue is still present. === Failed === FAIL: pkg/signal TestCatchAll (0.00s) signal_linux_test.go:32: assertion failed: urgent I/O condition (string) != hangup (string) signal_linux_test.go:32: assertion failed: hangup (string) != child exited (string) signal_linux_test.go:32: assertion failed: child exited (string) != illegal instruction (string) signal_linux_test.go:32: assertion failed: illegal instruction (string) != floating point exception (string) signal_linux_test.go:32: assertion failed: floating point exception (string) != child exited (string)
test skip pkg system chtimes mips64.patch \| (download)	engine/pkg/system/chtimes_linux_test.go \| 7 7 + 0 - 0 ! engine/pkg/system/chtimes_test.go \| 7 7 + 0 - 0 ! 2 files changed, 14 insertions(+)	skip pkg/system chtimes tests on mips64 === RUN TestChtimesLinux chtimes_linux_test.go:87: Expected: 2262-04-11 23:47:16 +0000 UTC, got: 1990-01-27 10:50:44 +0000 UTC
test skip TestGetRootUIDGID.patch \| (download)	engine/pkg/idtools/idtools_unix_test.go \| 1 1 + 0 - 0 ! 1 file changed, 1 insertion(+)	disable test failing is sbuild. ~~~~ FAIL: TestGetRootUIDGID (0.00s) idtools_unix_test.go:287: Error Trace: idtools_unix_test.go:287 Error: Not equal: expected: 1009 actual : 2952 Test: TestGetRootUIDGID ~~~~
test skip TestStateRunStop.patch \| (download)	engine/container/state_test.go \| 1 1 + 0 - 0 ! 1 file changed, 1 insertion(+)	disabled unreliable test. ~~~~ state_test.go:102: ExitCode -1, expected 2, err "context deadline exceeded" ~~~~
avoid consul.patch \| (download)	engine/pkg/discovery/kv/kv.go \| 3 0 + 3 - 0 ! libnetwork/hostdiscovery/hostdiscovery.go \| 2 0 + 2 - 0 ! libnetwork/store.go \| 2 0 + 2 - 0 ! 3 files changed, 7 deletions(-)	---
CVE 2024 41110.patch \| (download)	engine/pkg/authorization/authz.go \| 38 34 + 4 - 0 ! engine/pkg/authorization/authz_unix_test.go \| 49 46 + 3 - 0 ! 2 files changed, 80 insertions(+), 7 deletions(-)	cve-2024-41110 [patch] authz plugin security fixes for 0-length content and path validation Signed-off-by: Jameson Hyde <jameson.hyde@docker.com> MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit fix comments [debian description] A security vulnerability has been detected in certain versions of Docker Engine, which could allow an attacker to bypass authorization plugins (AuthZ) under specific circumstances. The base likelihood of this being exploited is low. (cherry picked from commit 9659c3a52bac57e615b5fb49b0652baca448643e) Signed-off-by: Pawe Gronowski <pawel.gronowski@docker.com> (cherry picked from commit 2ac8a479c53d9b8e67c55f1e283da9d85d2b3415) Signed-off-by: Pawe Gronowski <pawel.gronowski@docker.com>