Request 540195: Submit docker - openSUSE Build Service

Overview

Request 540195 accepted

- Add a backport of https://github.com/moby/moby/pull/35424, which fixes a
security issue where a maliciously crafted image could be used to crash a
Docker daemon. bsc#1066210 CVE-2017-14992
+ bsc1066210-0001-vendor-update-to-github.com-vbatts-tar-split-v0.10.2.patch
- Add a backport of https://github.com/moby/moby/pull/35399, which fixes a
security issue where a Docker container (with a disabled AppArmor profile)
could write to /proc/scsi/... and subsequently DoS the host. bsc#1066801
CVE-2017-16539
+ bsc1066801-0001-oci-add-proc-scsi-to-masked-paths.patch
- Fix bsc#1059011
The systemd service helper script used a timeout of 60 seconds to
start the daemon, which is insufficient in cases where the daemon
takes longer to start. Instead, set the service type from 'simple' to
'notify' and remove the now superfluous helper script.
- fix bsc#1057743: Add a Requires: fix_bsc_1057743 which is provided by the
newer version of docker-libnetwork. This is necessary because of a versioning
bug we found in bsc#1057743.

Created by cyphar about 7 years ago
In state accepted

Submit docker

Comments for request 540195 0

Login required, please login in order to comment

Request History

cyphar created request about 7 years ago

- Add a backport of https://github.com/moby/moby/pull/35424, which fixes a
security issue where a maliciously crafted image could be used to crash a
Docker daemon. bsc#1066210 CVE-2017-14992
+ bsc1066210-0001-vendor-update-to-github.com-vbatts-tar-split-v0.10.2.patch
- Add a backport of https://github.com/moby/moby/pull/35399, which fixes a
security issue where a Docker container (with a disabled AppArmor profile)
could write to /proc/scsi/... and subsequently DoS the host. bsc#1066801
CVE-2017-16539
+ bsc1066801-0001-oci-add-proc-scsi-to-masked-paths.patch
- Fix bsc#1059011
The systemd service helper script used a timeout of 60 seconds to
start the daemon, which is insufficient in cases where the daemon
takes longer to start. Instead, set the service type from 'simple' to
'notify' and remove the now superfluous helper script.
- fix bsc#1057743: Add a Requires: fix_bsc_1057743 which is provided by the
newer version of docker-libnetwork. This is necessary because of a versioning
bug we found in bsc#1057743.

factory-auto added opensuse-review-team as a reviewer about 7 years ago

Please review sources

factory-auto added repo-checker as a reviewer about 7 years ago

Please review build success

factory-auto accepted review about 7 years ago

Check script succeeded

dimstar_suse set openSUSE:Factory:Staging:K as a staging project about 7 years ago

Being evaluated by staging project "openSUSE:Factory:Staging:K"

dimstar_suse accepted review about 7 years ago

Picked openSUSE:Factory:Staging:K

licensedigger accepted review about 7 years ago

ok

dimstar_suse set openSUSE:Factory:Staging:H as a staging project about 7 years ago

Being evaluated by staging project "openSUSE:Factory:Staging:H"

dimstar_suse accepted review about 7 years ago

Moved to openSUSE:Factory:Staging:H

jengelh accepted review about 7 years ago

repo-checker accepted review about 7 years ago

cycle and install check passed

dimstar_suse accepted review about 7 years ago

ready to accept

dimstar_suse approved review about 7 years ago

ready to accept

dimstar_suse accepted request about 7 years ago

Accept to openSUSE:Factory

openSUSE Build Service is sponsored by