Index index by Group index by Distribution index by Vendor index by creation date index by Name Mirrors Help Search

docker-rootless-extras-24.0.7_ce-150000.198.2 RPM for noarch

From OpenSuSE Leap 15.6 for noarch

Name: docker-rootless-extras Distribution: SUSE Linux Enterprise 15
Version: 24.0.7_ce Vendor: SUSE LLC <https://www.suse.com/>
Release: 150000.198.2 Build date: Fri Mar 8 18:17:36 2024
Group: System/Management Build host: h03-ch2c
Size: 19375 Source RPM: docker-24.0.7_ce-150000.198.2.src.rpm
Packager: https://www.suse.com/
Url: http://www.docker.io
Summary: Rootless support for Docker
Rootless support for Docker.
Use dockerd-rootless.sh to run the daemon.
Use dockerd-rootless-setuptool.sh to setup systemd for dockerd-rootless.sh.

Provides

Requires

License

Apache-2.0

Changelog

* Fri Mar 08 2024 dcermak@suse.com
  - Add patch to fix bsc#1220339
    * 0007-daemon-overlay2-remove-world-writable-permission-fro.patch
  - rebase patches:
    * 0001-SECRETS-daemon-allow-directory-creation-in-run-secre.patch
    * 0002-SECRETS-SUSE-implement-SUSE-container-secrets.patch
    * 0003-BUILD-SLE12-revert-graphdriver-btrfs-use-kernel-UAPI.patch
    * 0004-bsc1073877-apparmor-clobber-docker-default-profile-o.patch
    * 0005-SLE12-revert-apparmor-remove-version-conditionals-fr.patch
    * 0006-Vendor-in-latest-buildkit-v0.11-branch-including-CVE.patch
* Thu Feb 22 2024 kukuk@suse.com
  - Allow to disable apparmor support (ALP supports only SELinux)
* Wed Feb 14 2024 dcermak@suse.com
  - Vendor latest buildkit v0.11:
    Add patch 0006-Vendor-in-latest-buildkit-v0.11-branch-including-CVE.patch that
    vendors in the latest v0.11 buildkit branch including bugfixes for the following:
    * bsc#1219438: CVE-2024-23653
    * bsc#1219268: CVE-2024-23652
    * bsc#1219267: CVE-2024-23651
  - rebase patches:
    * 0001-SECRETS-daemon-allow-directory-creation-in-run-secre.patch
    * 0002-SECRETS-SUSE-implement-SUSE-container-secrets.patch
    * 0003-BUILD-SLE12-revert-graphdriver-btrfs-use-kernel-UAPI.patch
    * 0004-bsc1073877-apparmor-clobber-docker-default-profile-o.patch
    * 0005-SLE12-revert-apparmor-remove-version-conditionals-fr.patch
  - switch from %patchN to %patch -PN syntax
  - remove unused rpmlint filters and add filters to silence pointless bash & zsh
    completion warnings
* Fri Oct 27 2023 asarai@suse.com
  - Update to Docker 24.0.7-ce. See upstream changelong online at
    <https://docs.docker.com/engine/release-notes/24.0/#2407>. bsc#1217513
    * Deny containers access to /sys/devices/virtual/powercap by default.
    - CVE-2020-8694 bsc#1170415
    - CVE-2020-8695 bsc#1170446
    - CVE-2020-12912 bsc#1178760
  - Rebase patches:
    * 0001-SECRETS-daemon-allow-directory-creation-in-run-secre.patch
    * 0002-SECRETS-SUSE-implement-SUSE-container-secrets.patch
    * 0003-BUILD-SLE12-revert-graphdriver-btrfs-use-kernel-UAPI.patch
    * 0004-bsc1073877-apparmor-clobber-docker-default-profile-o.patch
    * 0005-SLE12-revert-apparmor-remove-version-conditionals-fr.patch
    * cli-0001-docs-include-required-tools-in-source-tree.patch
* Wed Oct 11 2023 asarai@suse.com
  - Add a patch to fix apparmor on SLE-12, reverting the upstream removal of
    version-specific templating for the default apparmor profile. bsc#1213500
    + 0005-SLE12-revert-apparmor-remove-version-conditionals-fr.patch
  - Rebase patches:
    * 0001-SECRETS-daemon-allow-directory-creation-in-run-secre.patch
    * 0002-SECRETS-SUSE-implement-SUSE-container-secrets.patch
    * 0003-BUILD-SLE12-revert-graphdriver-btrfs-use-kernel-UAPI.patch
    * 0004-bsc1073877-apparmor-clobber-docker-default-profile-o.patch
* Thu Sep 14 2023 asarai@suse.com
  - Update to Docker 24.0.6-ce. See upstream changelong online at
    <https://docs.docker.com/engine/release-notes/24.0/#2406>. bsc#1215323
  - Rebase patches:
    * 0001-SECRETS-daemon-allow-directory-creation-in-run-secre.patch
    * 0002-SECRETS-SUSE-implement-SUSE-container-secrets.patch
    * 0003-BUILD-SLE12-revert-graphdriver-btrfs-use-kernel-UAPI.patch
    * 0004-bsc1073877-apparmor-clobber-docker-default-profile-o.patch
    * cli-0001-docs-include-required-tools-in-source-tree.patch
  - Switch from disabledrun to manualrun in _service.
  - Add a docker.socket unit file, but with socket activation effectively
    disabled to ensure that Docker will always run even if you start the socket
    individually. Users should probably just ignore this unit file. bsc#1210141
* Tue Jul 25 2023 dmueller@suse.com
  - Update to Docker 24.0.5-ce. See upstream changelong online at
    <https://docs.docker.com/engine/release-notes/24.0/#2405>. bsc#1213229
* Fri Jul 07 2023 asarai@suse.com
  - Update to Docker 24.0.4-ce. See upstream changelog online at
    <https://docs.docker.com/engine/release-notes/24.0/#2404>. bsc#1213500
* Fri Jul 07 2023 asarai@suse.com
  - Update to Docker 24.0.3-ce. See upstream changelog online at
    <https://docs.docker.com/engine/release-notes/24.0/#2403>. bsc#1213120
  - Rebase patches:
    * cli-0001-docs-include-required-tools-in-source-tree.patch
* Thu Jun 29 2023 danish.prakash@suse.com
  - Recommend docker-rootless-extras instead of Require(ing) it, given
    it's an additional functionality and not inherently required for
    docker to function.
* Tue Jun 20 2023 danish.prakash@suse.com
  - Add docker-rootless-extras subpackage
    (https://docs.docker.com/engine/security/rootless)
* Wed Jun 14 2023 asarai@suse.com
  - Update to Docker 24.0.2-ce. See upstream changelog online at
    <https://docs.docker.com/engine/release-notes/24.0/#2402>. bsc#1212368
    * Includes the upstreamed fix for the mount table pollution issue.
      bsc#1210797
  - Add Recommends for docker-buildx, and add /usr/lib/docker/cli-plugins as
    being provided by this package.
  - Rebase patches:
    * 0001-SECRETS-daemon-allow-directory-creation-in-run-secre.patch
    * 0002-SECRETS-SUSE-implement-SUSE-container-secrets.patch
    * 0003-BUILD-SLE12-revert-graphdriver-btrfs-use-kernel-UAPI.patch
    * 0004-bsc1073877-apparmor-clobber-docker-default-profile-o.patch
    * cli-0001-docs-include-required-tools-in-source-tree.patch
* Sun May 21 2023 asarai@suse.com
  - Update to Docker 23.0.6-ce. See upstream changelog online at
    <https://docs.docker.com/engine/release-notes/23.0/#2306>. bsc#1211578
  - Rebase patches:
    * cli-0001-docs-include-required-tools-in-source-tree.patch
  - Re-unify packaging for SLE-12 and SLE-15.
  - Add patch to fix build on SLE-12 by switching back to libbtrfs-devel headers
    (the uapi headers in SLE-12 are too old).
    + 0003-BUILD-SLE12-revert-graphdriver-btrfs-use-kernel-UAPI.patch
  - Re-numbered patches:
    - 0003-bsc1073877-apparmor-clobber-docker-default-profile-o.patch
    + 0004-bsc1073877-apparmor-clobber-docker-default-profile-o.patch`
* Thu Apr 27 2023 asarai@suse.com
  - Update to Docker 23.0.5-ce. See upstream changelog online at
    <https://docs.docker.com/engine/release-notes/23.0/#2305>.
  - Rebase patches:
    * cli-0001-docs-include-required-tools-in-source-tree.patch
* Wed Apr 26 2023 asarai@suse.com
  - Update to Docker 23.0.4-ce. See upstream changelog online at
    <https://docs.docker.com/engine/release-notes/23.0/#2304>. bsc#1208074
  - Fixes:
    * bsc#1214107 - CVE-2023-28840
    * bsc#1214108 - CVE-2023-28841
    * bsc#1214109 - CVE-2023-28842
  - Rebase patches:
    * 0001-SECRETS-daemon-allow-directory-creation-in-run-secre.patch
    * 0002-SECRETS-SUSE-implement-SUSE-container-secrets.patch
    * 0003-bsc1073877-apparmor-clobber-docker-default-profile-o.patch
  - Renumbered patches:
    - 0004-bsc1073877-apparmor-clobber-docker-default-profile-o.patch
  - Remove upstreamed patches:
    - 0005-bsc1183855-btrfs-Do-not-disable-quota-on-cleanup.patch
    - 0006-bsc1193930-vendor-update-golang.org-x-crypto.patch
    - 0007-bsc1200022-fifo.Close-prevent-possible-panic-if-fifo.patch
  - Backport <https://github.com/docker/cli/pull/4228> to allow man pages to be
    built without internet access in OBS.
    + cli-0001-docs-include-required-tools-in-source-tree.patch
* Wed Feb 01 2023 dmueller@suse.com
  - update to 20.10.23-ce.
    * see upstream changelog at https://docs.docker.com/engine/release-notes/#201023
  - drop kubic flavor as kubic is EOL. this removes:
    kubelet.env docker-kubic-service.conf 0003-PRIVATE-REGISTRY-add-private-registry-mirror-support.patch
* Tue Dec 06 2022 asarai@suse.com
  - Update to Docker 20.10.21-ce. See upstream changelog online at
    <https://docs.docker.com/engine/release-notes/#201021>. bsc#1206065
    bsc#1205375 CVE-2022-36109
  - Rebase patches:
    * 0001-SECRETS-daemon-allow-directory-creation-in-run-secre.patch
    * 0002-SECRETS-SUSE-implement-SUSE-container-secrets.patch
    * 0003-PRIVATE-REGISTRY-add-private-registry-mirror-support.patch
    * 0004-bsc1073877-apparmor-clobber-docker-default-profile-o.patch
    * 0005-bsc1183855-btrfs-Do-not-disable-quota-on-cleanup.patch
    * 0006-bsc1193930-vendor-update-golang.org-x-crypto.patch
    * 0007-bsc1200022-fifo.Close-prevent-possible-panic-if-fifo.patch
  - The PRIVATE-REGISTRY patch will now output a warning if it is being used (in
    preparation for removing the feature). This feature was never meant to be
    used by users directly (and is only available in the -kubic/CaaSP version of
    the package anyway) and thus should not affect any users.
* Mon Oct 24 2022 dcermak@suse.com
  - Fix wrong After: in docker.service, fixes bsc#1188447
* Thu Sep 29 2022 asarai@suse.com
  - Add apparmor-parser as a Recommends to make sure that most users will end up
    with it installed even if they are primarily running SELinux.
* Thu Sep 29 2022 fvogt@suse.com
  - Fix syntax of boolean dependency
* Thu Jul 28 2022 fcrozat@suse.com
  - Allow to install container-selinux instead of apparmor-parser.
* Sun Jul 17 2022 gmbr3@opensuse.org
  - Change to using systemd-sysusers
* Wed Jun 29 2022 asarai@suse.com
  - Backport <https://github.com/containerd/fifo/pull/32> to fix a crash-on-start
    issue with dockerd. bsc#1200022
    + 0007-bsc1200022-fifo.Close-prevent-possible-panic-if-fifo.patch
* Tue Jun 07 2022 asarai@suse.com
  - Update to Docker 20.10.17-ce. See upstream changelog online at
    <https://docs.docker.com/engine/release-notes/#201017>. bsc#1200145
  - Rebase patches:
    * 0001-SECRETS-daemon-allow-directory-creation-in-run-secre.patch
    * 0002-SECRETS-SUSE-implement-SUSE-container-secrets.patch
    * 0003-PRIVATE-REGISTRY-add-private-registry-mirror-support.patch
    * 0004-bsc1073877-apparmor-clobber-docker-default-profile-o.patch
    * 0005-bsc1183855-btrfs-Do-not-disable-quota-on-cleanup.patch
    * 0006-bsc1193930-vendor-update-golang.org-x-crypto.patch
* Fri Apr 29 2022 asarai@suse.com
  - Add patch to update golang.org/x/crypto for CVE-2021-43565 and CVE-2022-27191.
    bsc#1193930 bsc#1197284
    * 0006-bsc1193930-vendor-update-golang.org-x-crypto.patch
  - Rebase patches:
    * 0001-SECRETS-daemon-allow-directory-creation-in-run-secre.patch
    * 0002-SECRETS-SUSE-implement-SUSE-container-secrets.patch
    * 0003-PRIVATE-REGISTRY-add-private-registry-mirror-support.patch
    * 0004-bsc1073877-apparmor-clobber-docker-default-profile-o.patch
    * 0005-bsc1183855-btrfs-Do-not-disable-quota-on-cleanup.patch
* Thu Apr 14 2022 asarai@suse.com
  - Update to Docker 20.10.14-ce. See upstream changelog online at
    <https://docs.docker.com/engine/release-notes/#201014>. bsc#1197517
    CVE-2022-24769
* Mon Jan 17 2022 asarai@suse.com
  - Update to Docker 20.10.12-ce. See upstream changelog online at
    <https://docs.docker.com/engine/release-notes/#201012>.
  - Remove CHANGELOG.md. It hasn't been maintained since 2017, and all of the
    changelogs are currently only available online.
* Thu Nov 18 2021 asarai@suse.com
  - Update to Docker 20.10.11-ce. See upstream changelog online at
    <https://docs.docker.com/engine/release-notes/#201011>. bsc#1192814
    bsc#1193273 CVE-2021-41190
  - Rebase patches:
    * 0001-SECRETS-daemon-allow-directory-creation-in-run-secre.patch
    * 0002-SECRETS-SUSE-implement-SUSE-container-secrets.patch
    * 0003-PRIVATE-REGISTRY-add-private-registry-mirror-support.patch
    * 0004-bsc1073877-apparmor-clobber-docker-default-profile-o.patch
    * 0005-bsc1183855-btrfs-Do-not-disable-quota-on-cleanup.patch
  - Remove upstreamed patches:
    - 0006-bsc1190670-seccomp-add-support-for-clone3-syscall-in.patch
* Wed Oct 06 2021 asarai@suse.com
  - Update to Docker 20.10.9-ce. See upstream changelog online at
    <https://docs.docker.com/engine/release-notes/#20109>. bsc#1191355
    CVE-2021-41089 bsc#1191015 CVE-2021-41091 bsc#1191434
    CVE-2021-41092 bsc#1191334 CVE-2021-41103 bsc#1191121
  - Rebase patches:
    * 0001-SECRETS-daemon-allow-directory-creation-in-run-secre.patch
    * 0002-SECRETS-SUSE-implement-SUSE-container-secrets.patch
    * 0003-PRIVATE-REGISTRY-add-private-registry-mirror-support.patch
    * 0004-bsc1073877-apparmor-clobber-docker-default-profile-o.patch
    * 0005-bsc1183855-btrfs-Do-not-disable-quota-on-cleanup.patch
    * 0006-bsc1190670-seccomp-add-support-for-clone3-syscall-in.patch
  - Switch to Go 1.16.x compiler, in line with upstream.
* Mon Sep 20 2021 asarai@suse.com
  - Add patch to return ENOSYS for clone3 to avoid breaking glibc again.
    bsc#1190670
    + 0006-bsc1190670-seccomp-add-support-for-clone3-syscall-in.patch
* Mon May 03 2021 asarai@suse.com
  - Add shell requires for the *-completion subpackages.
* Thu Apr 15 2021 asarai@suse.com
  - Update to Docker 20.10.6-ce. See upstream changelog online at
    <https://docs.docker.com/engine/release-notes/#20106>. bsc#1184768
  - Rebase patches:
    * 0001-SECRETS-daemon-allow-directory-creation-in-run-secre.patch
    * 0002-SECRETS-SUSE-implement-SUSE-container-secrets.patch
    * 0003-PRIVATE-REGISTRY-add-private-registry-mirror-support.patch
    * 0004-bsc1073877-apparmor-clobber-docker-default-profile-o.patch
  - Backport upstream fix <https://github.com/moby/moby/pull/42273> for btrfs
    quotas being removed by Docker regularly. bsc#1183855 bsc#1175081
    + 0005-bsc1183855-btrfs-Do-not-disable-quota-on-cleanup.patch
* Wed Mar 03 2021 asarai@suse.com
  - Update to Docker 20.10.5-ce. See upstream changelog online at
    <https://docs.docker.com/engine/release-notes/#20105>. bsc#1182947
  - Update runc dependency to 1.0.0~rc93.
  - Remove upstreamed patches:
    - cli-0001-Rename-bin-md2man-to-bin-go-md2man.patch
  - Rebase patches:
    * 0001-SECRETS-daemon-allow-directory-creation-in-run-secre.patch
    * 0002-SECRETS-SUSE-implement-SUSE-container-secrets.patch
    * 0003-PRIVATE-REGISTRY-add-private-registry-mirror-support.patch
    * 0004-bsc1073877-apparmor-clobber-docker-default-profile-o.patch
  - Switch version to use -ce suffix rather than _ce to avoid confusing other
    tools. boo#1182476
* Sun Feb 14 2021 asarai@suse.com
  [NOTE: This update was only ever released in SLES and Leap.]
  - It turns out the boo#1178801 libnetwork patch is also broken on Leap, so drop
    the patch entirely. bsc#1180401 bsc#1182168
    - boo1178801-0001-Add-docker-interfaces-to-firewalld-docker-zone.patch
* Wed Feb 10 2021 asarai@suse.com
  - Fix incorrect cast in SUSE secrets patches causing warnings on SLES.
    * 0002-SECRETS-SUSE-implement-SUSE-container-secrets.patch
* Sat Feb 06 2021 asarai@suse.com
  [NOTE: This update was only ever released in SLES and Leap.]
  - Update Docker to 19.03.15-ce. See upstream changelog in the packaged
    /usr/share/doc/packages/docker/CHANGELOG.md. This update includes fixes for
    bsc#1181732 (CVE-2021-21284) and bsc#1181730 (CVE-2021-21285).
  - Rebase patches:
    * bsc1073877-0001-apparmor-clobber-docker-default-profile-on-start.patch
  - Only apply the boo#1178801 libnetwork patch to handle firewalld on openSUSE.
    It appears that SLES doesn't like the patch. bsc#1180401
* Tue Feb 02 2021 asarai@suse.com
  - Update to Docker 20.10.3-ce. See upstream changelog in the packaged
    /usr/share/doc/packages/docker/CHANGELOG.md. Fixes bsc#1181732
    (CVE-2021-21284) and bsc#1181730 (CVE-2021-21285).
  - Rebase patches on top of 20.10.3-ce.
    - 0002-SECRETS-daemon-allow-directory-creation-in-run-secre.patch
    + 0001-SECRETS-daemon-allow-directory-creation-in-run-secre.patch
    - 0003-SECRETS-SUSE-implement-SUSE-container-secrets.patch
    + 0002-SECRETS-SUSE-implement-SUSE-container-secrets.patch
    - 0004-PRIVATE-REGISTRY-add-private-registry-mirror-support.patch
    + 0003-PRIVATE-REGISTRY-add-private-registry-mirror-support.patch
    - 0005-bsc1073877-apparmor-clobber-docker-default-profile-o.patch
    + 0004-bsc1073877-apparmor-clobber-docker-default-profile-o.patch
* Tue Feb 02 2021 asarai@suse.com
  - Drop docker-runc, docker-test and docker-libnetwork packages. We now just use
    the upstream runc package (it's stable enough and Docker no longer pins git
    versions). docker-libnetwork is so unstable that it doesn't have any
    versioning scheme and so it really doesn't make sense to maintain the project
    as a separate package. bsc#1181641 bsc#1181677
  - Remove no-longer-needed patch for packaging now that we've dropped
    docker-runc and docker-libnetwork.
    - 0001-PACKAGING-revert-Remove-docker-prefix-for-containerd.patch
* Fri Jan 29 2021 asarai@suse.com
  - Update to Docker 20.10.2-ce. See upstream changelog in the packaged
    /usr/share/doc/packages/docker/CHANGELOG.md. bsc#1181594
  - Remove upstreamed patches:
    - bsc1122469-0001-apparmor-allow-readby-and-tracedby.patch
    - boo1178801-0001-Add-docker-interfaces-to-firewalld-docker-zone.patch
  - Add patches to fix build:
    + cli-0001-Rename-bin-md2man-to-bin-go-md2man.patch
  - Since upstream has changed their source repo (again) we have to rebase all of
    our patches. While doing this, I've collapsed all patches into one branch
    per-release and thus all the patches are now just one series:
    - packaging-0001-revert-Remove-docker-prefix-for-containerd-and-runc-.patch
    + 0001-PACKAGING-revert-Remove-docker-prefix-for-containerd.patch
    - secrets-0001-daemon-allow-directory-creation-in-run-secrets.patch
    + 0002-SECRETS-daemon-allow-directory-creation-in-run-secre.patch
    - secrets-0002-SUSE-implement-SUSE-container-secrets.patch
    + 0003-SECRETS-SUSE-implement-SUSE-container-secrets.patch
    - private-registry-0001-Add-private-registry-mirror-support.patch
    + 0004-PRIVATE-REGISTRY-add-private-registry-mirror-support.patch
    - bsc1073877-0001-apparmor-clobber-docker-default-profile-on-start.patch
    + 0005-bsc1073877-apparmor-clobber-docker-default-profile-o.patch
* Fri Jan 29 2021 asarai@suse.com
  - Re-apply secrets fix for bsc#1065609 which appears to have been lost after it
    was fixed.
    * secrets-0001-daemon-allow-directory-creation-in-run-secrets.patch
    * secrets-0002-SUSE-implement-SUSE-container-secrets.patch
* Wed Dec 23 2020 asarai@suse.com
  - Add Conflicts and Provides for kubic flavour of docker-fish-completion.
* Mon Dec 21 2020 asarai@suse.com
  - Update to Docker 19.03.14-ce. See upstream changelog in the packaged
    /usr/share/doc/packages/docker/CHANGELOG.md. CVE-2020-15257 bsc#1180243
    https://github.com/docker/docker-ce/releases/tag/v19.03.14
* Mon Dec 14 2020 rombert@apache.org
  - Enable fish-completion
* Thu Nov 12 2020 mrostecki@suse.com
  - Add a patch which makes Docker compatible with firewalld with
    nftables backend. Backport of https://github.com/moby/libnetwork/pull/2548
    (boo#1178801, SLE-16460)
    * boo1178801-0001-Add-docker-interfaces-to-firewalld-docker-zone.patch
* Fri Sep 18 2020 asarai@suse.com
  - Update to Docker 19.03.13-ce. See upstream changelog in the packaged
    /usr/share/doc/packages/docker/CHANGELOG.md. bsc#1176708
* Mon Aug 03 2020 callumjfarmer13@gmail.com
  - Fixes for %_libexecdir changing to /usr/libexec (bsc#1174075)
* Tue Jun 30 2020 dimstar@opensuse.org
  - Emergency fix: %requires_eq does not work with provide symbols,
    only effective package names. Convert back to regular Requires.
* Thu Jun 25 2020 asarai@suse.com
  - Update to Docker 19.03.12-ce. See upstream changelog in the packaged
    /usr/share/doc/packages/docker/CHANGELOG.md.
  - Use Go 1.13 instead of Go 1.14 because Go 1.14 can cause all sorts of
    spurrious errors due to Go returning -EINTR from I/O syscalls much more often
    (due to Go 1.14's pre-emptive goroutine support).
    - bsc1172377-0001-unexport-testcase.Cleanup-to-fix-Go-1.14.patch
  - Add BuildRequires for all -git dependencies so that we catch missing
    dependencies much more quickly.
* Tue Jun 02 2020 asarai@suse.com
  - Update to Docker 19.03.11-ce. See upstream changelog in the packaged
    /usr/share/doc/packages/docker/CHANGELOG.md. bsc#1172377 CVE-2020-13401
  - Backport https://github.com/gotestyourself/gotest.tools/pull/169 so that we
    can build Docker with Go 1.14 (upstream uses Go 1.13).
    + bsc1172377-0001-unexport-testcase.Cleanup-to-fix-Go-1.14.patch
* Thu Dec 19 2019 dimstar@opensuse.org
  - BuildRequire pkgconfig(libsystemd) instead of systemd-devel:
    Allow OBS to shortcut through the -mini flavors.
* Thu Dec 12 2019 asarai@suse.com
  - Add backport of https://github.com/docker/docker/pull/39121. bsc#1122469
    + bsc1122469-0001-apparmor-allow-readby-and-tracedby.patch
* Wed Dec 11 2019 asarai@suse.com
  - Support older SLE systems which don't have "usermod -w -v".
* Mon Nov 18 2019 asarai@suse.com
  - Update to Docker 19.03.5-ce. See upstream changelog in the packaged
    /usr/share/doc/packages/docker/CHANGELOG.md. bsc#1158590 bsc#1157330
* Sat Oct 19 2019 asarai@suse.com
  - Update to Docker 19.03.4-ce. See upstream changelog in the packaged
    /usr/share/doc/packages/docker/CHANGELOG.md.
* Tue Oct 08 2019 asarai@suse.com
  - Drop containerd.service workaround (we've released enough versions without
    containerd.service -- there's no need to support package upgrades that old).
  - Update to Docker 19.03.3-ce. See upstream changelog in the packaged
    /usr/share/doc/packages/docker/CHANGELOG.md. bsc#1153367
* Tue Oct 01 2019 asarai@suse.com
  - Update to Docker 19.03.2-ce. See upstream changelog in the packaged
    /usr/share/doc/packages/docker/CHANGELOG.md. bsc#1150397
* Sun Sep 22 2019 chrisbcoutinho@gmail.com
  - Fix zsh-completion (docker -> _docker)
* Tue Jul 30 2019 asarai@suse.com
  - Fix default installation such that --userns-remap=default works properly
    (this appears to be an upstream regression, where --userns-remap=default
    doesn't auto-create the group and results in an error on-start). boo#1143349
* Fri Jul 26 2019 asarai@suse.com
  - Update to Docker 19.03.1-ce. See upstream changelog in the packaged
    /usr/share/doc/packages/docker/CHANGELOG.md. CVE-2019-14271
* Mon Jul 22 2019 asarai@suse.com
  - Update to Docker 19.03.0-ce. See upstream changelog in the packaged
    /usr/share/doc/packages/docker/CHANGELOG.md. bsc#1142413
  - Remove upstreamed patches:
    - bsc1001161-0001-oci-include-the-domainname-in-kernel.domainname.patch
    - bsc1001161-0002-cli-add-a-separate-domainname-flag.patch
    - bsc1047218-0001-man-obey-SOURCE_DATE_EPOCH-when-generating-man-pages.patch
    - bsc1128746-0001-integration-cli-don-t-build-test-images-if-they-alre.patch
  - Rebase pacthes:
    * bsc1073877-0001-apparmor-clobber-docker-default-profile-on-start.patch
    * packaging-0001-revert-Remove-docker-prefix-for-containerd-and-runc-.patch
    * private-registry-0001-Add-private-registry-mirror-support.patch
    * secrets-0001-daemon-allow-directory-creation-in-run-secrets.patch
    * secrets-0002-SUSE-implement-SUSE-container-secrets.patch
* Wed Jul 17 2019 asarai@suse.com
  - Move bash-completion to correct location.
  - Update to Docker 18.09.8-ce. See upstream changelog in the packaged
    /usr/share/doc/packages/docker/CHANGELOG.md.
    * Includes fixes for CVE-2019-13509 bsc#1142160.
* Fri Jun 28 2019 asarai@suse.com
  - Update to Docker 18.09.7-ce. See upstream changelog in the packaged
    /usr/share/doc/packages/docker/CHANGELOG.md. bsc#1139649
  - Remove upstreamed patches:
    - CVE-2018-15664.patch
* Thu Jun 27 2019 asarai@suse.com
  - Use %config(noreplace) for /etc/docker/daemon.json. bsc#1138920
* Fri Jun 07 2019 asarai@suse.com
  - Add patch for CVE-2018-15664. bsc#1096726
    + CVE-2018-15664.patch
* Mon May 06 2019 asarai@suse.com
  - Update to Docker 18.09.6-ce see upstream changelog in the packaged
    /usr/share/doc/packages/docker/CHANGELOG.md.
  - Rebase patches:
    * bsc1128746-0001-integration-cli-don-t-build-test-images-if-they-alre.patch
* Fri May 03 2019 asarai@suse.com
  - Update to Docker 18.09.5-ce see upstream changelog in the packaged
    /usr/share/doc/packages/docker/CHANGELOG.md. bsc#1128376 boo#1134068
  - Rebase patches:
    * bsc1001161-0001-oci-include-the-domainname-in-kernel.domainname.patch
    * bsc1001161-0002-cli-add-a-separate-domainname-flag.patch
    * bsc1047218-0001-man-obey-SOURCE_DATE_EPOCH-when-generating-man-pages.patch
    * bsc1128746-0001-integration-cli-don-t-build-test-images-if-they-alre.patch
    * packaging-0001-revert-Remove-docker-prefix-for-containerd-and-runc-.patch
    * private-registry-0001-Add-private-registry-mirror-support.patch
    * secrets-0001-daemon-allow-directory-creation-in-run-secrets.patch
    * secrets-0002-SUSE-implement-SUSE-container-secrets.patch
  - Updated patch name:
    + bsc1073877-0001-apparmor-clobber-docker-default-profile-on-start.patch
    - bsc1073877-0002-apparmor-clobber-docker-default-profile-on-start.patch
* Fri Mar 22 2019 sgrunert@suse.com
  - Update to Docker 18.09.3-ce. See upstream changelog in the packaged
    /usr/share/doc/packages/docker/CHANGELOG.md.
* Sun Mar 10 2019 asarai@suse.com
  - docker-test: improvements to test packaging (we don't need to ship around the
    entire source tree, and we also need to build the born-again integration/
    tests which contain a suite-per-directory). We also need a new patch which
    fixes the handling of *-test images. bsc#1128746
    + bsc1128746-0001-integration-cli-don-t-build-test-images-if-they-alre.patch
* Tue Feb 26 2019 mjura@suse.com
  - Move daemon.json file to /etc/docker directory, bsc#1114832
* Sat Feb 09 2019 asarai@suse.com
  - Update shell completion to use Group: System/Shells.
* Wed Feb 06 2019 mjura@suse.com
  -  Add daemon.json file with rotation logs cofiguration, bsc#1114832
* Tue Feb 05 2019 asarai@suse.com
  - Update to Docker 18.09.1-ce. See upstream changelog in the packaged
    /usr/share/doc/packages/docker/CHANGELOG.md. bsc#1124308
    * Includes fix for CVE-2018-10892 bsc#1100331.
    * Includes fix for CVE-2018-20699 bsc#1121768.
  - Remove upstreamed patches.
    - bsc1073877-0001-apparmor-allow-receiving-of-signals-from-docker-kill.patch
* Fri Jan 11 2019 sgrunert@suse.com
  - Disable leap based builds for kubic flavor. bsc#1121412
* Wed Dec 19 2018 clee@suse.com
  - Update go requirements to >= go1.10.6 to fix
    * bsc#1118897 CVE-2018-16873
      go#29230 cmd/go: remote command execution during "go get -u"
    * bsc#1118898 CVE-2018-16874
      go#29231 cmd/go: directory traversal in "go get" via curly braces in import paths
    * bsc#1118899 CVE-2018-16875
      go#29233 crypto/x509: CPU denial of service
* Tue Dec 18 2018 asarai@suse.com
  - Handle build breakage due to missing 'export GOPATH' (caused by resolution of
    boo#1119634). I believe Docker is one of the only packages with this problem.
* Mon Dec 03 2018 asarai@suse.com
  - Add backports of https://github.com/docker/docker/pull/37302 and
    https://github.com/docker/cli/pull/1130, which allow for users to explicitly
    specify the NIS domainname of a container. bsc#1001161
    + bsc1001161-0001-oci-include-the-domainname-in-kernel.domainname.patch
    + bsc1001161-0002-cli-add-a-separate-domainname-flag.patch
* Thu Nov 29 2018 asarai@suse.com
  - Update docker.service to match upstream and avoid rlimit problems.
    bsc#1112980
  - Upgrade to Docker 18.09.0-ce. See upstream changelog in the packaged
    /usr/share/doc/packages/docker/CHANGELOG.md. boo#1115464 bsc#1118990
  - Add revert of an upstream patch to fix docker-* handling.
    + packaging-0001-revert-Remove-docker-prefix-for-containerd-and-runc-.patch
  - Rebase patches:
    * bsc1047218-0001-man-obey-SOURCE_DATE_EPOCH-when-generating-man-pages.patch
    * bsc1073877-0001-apparmor-allow-receiving-of-signals-from-docker-kill.patch
    * bsc1073877-0002-apparmor-clobber-docker-default-profile-on-start.patch
    * private-registry-0001-Add-private-registry-mirror-support.patch
    * secrets-0001-daemon-allow-directory-creation-in-run-secrets.patch
    * secrets-0002-SUSE-implement-SUSE-container-secrets.patch
  - Remove upstreamed patches:
    - bsc1100727-0001-build-add-buildmode-pie.patch
* Mon Oct 08 2018 vrothberg@suse.com
  - Reduce the disk footprint by recommending git-core instead of
    hard requiring it.
    bsc#1108038
* Tue Sep 04 2018 rbrown@suse.com
  - ExcludeArch i586 for entire docker-kubic flavour
* Tue Sep 04 2018 rbrown@suse.com
  - ExcludeArch i586 for docker-kubic-kubeadm-criconfig subpackage
* Fri Aug 24 2018 asarai@suse.com
  - Add patch to make package reproducible, which is a backport of
    https://github.com/docker/cli/pull/1306. boo#1047218
    + bsc1047218-0001-man-obey-SOURCE_DATE_EPOCH-when-generating-man-pages.patch
* Wed Aug 22 2018 asarai@suse.com
  - Upgrade to docker-ce v18.06.1-ce. bsc#1102522 bsc#1113313
    Upstream changelog:
    https://github.com/docker/docker-ce/releases/tag/v18.06.1-ce
  - Remove patches that were merged upstream:
    - bsc1102522-0001-18.06-disable-containerd-CRI-plugin.patch
* Tue Aug 21 2018 asarai@suse.com
  - Add a backport of https://github.com/docker/engine/pull/29 for the 18.06.0-ce
    upgrade. This is a potential security issue (the CRI plugin was enabled by
    default, which listens on a TCP port bound to 0.0.0.0) that will be fixed
    upstream in the 18.06.1-ce upgrade. bsc#1102522
    + bsc1102522-0001-18.06-disable-containerd-CRI-plugin.patch
* Tue Aug 21 2018 rbrown@suse.com
  - Kubic: Make crio default, docker as alternative runtime
    (boo#1104821)
  - Provide kubernetes CRI config with docker-kubic-kubeadm-criconfig
    subpackage
* Thu Aug 16 2018 asarai@suse.com
  - Merge -kubic packages back into the main Virtualization:containers packages.
    This is done using _multibuild to add a "kubic" flavour, which is then used
    to conditionally compile patches and other kubic-specific features.
    bsc#1105000
  - Rework docker-rpmlintrc with the new _multibuild setup.
* Wed Aug 01 2018 asarai@suse.com
  - Enable seccomp support on SLE12, since libseccomp is now a new enough vintage
    to work with Docker and containerd. fate#325877
* Tue Jul 31 2018 asarai@suse.com
  - Upgrade to docker-ce v18.06.0-ce. bsc#1102522
  - Remove systemd-service dependency on containerd, which is now being started
    by dockerd to align with upstream defaults.
  - Removed the following patches as they are merged upstream:
    - bsc1021227-0001-pkg-devmapper-dynamically-load-dm_task_deferred_remo.patch
    - bsc1055676-0001-daemon-oci-obey-CL_UNPRIVILEGED-for-user-namespaced-.patch
  - Rebased the following patches:
    * bsc1073877-0001-apparmor-allow-receiving-of-signals-from-docker-kill.patch
    * bsc1073877-0002-apparmor-clobber-docker-default-profile-on-start.patch
    * bsc1100727-0001-build-add-buildmode-pie.patch
    * secrets-0001-daemon-allow-directory-creation-in-run-secrets.patch
    * secrets-0002-SUSE-implement-SUSE-container-secrets.patch
* Mon Jul 30 2018 asarai@suse.com
  - Build the client binary with -buildmode=pie to fix issues on POWER.
    bsc#1100727
    + bsc1100727-0001-build-add-buildmode-pie.patch
* Fri Jun 29 2018 asarai@suse.com
  - Update the AppArmor patchset again to fix a separate issue where changed
    AppArmor profiles don't actually get applied on Docker daemon reboot.
    bsc#1099277
    * bsc1073877-0001-apparmor-allow-receiving-of-signals-from-docker-kill.patch
    + bsc1073877-0002-apparmor-clobber-docker-default-profile-on-start.patch
* Tue Jun 05 2018 asarai@suse.com
  - Update to AppArmor patch so that signal mediation also works for signals
    between in-container processes. bsc#1073877
    * bsc1073877-0001-apparmor-allow-receiving-of-signals-from-docker-kill.patch
* Tue Jun 05 2018 dcassany@suse.com
  - Make use of %license macro
* Tue Jun 05 2018 asarai@suse.com
  - Remove 'go test' from %check section, as it has only ever caused us problems
    and hasn't (as far as I remember) ever caught a release-blocking issue. Smoke
    testing has been far more useful. boo#1095817
* Tue May 29 2018 asarai@suse.com
  - Update secrets patch to not log incorrect warnings when attempting to inject
    non-existent host files. bsc#1065609
    * secrets-0001-daemon-allow-directory-creation-in-run-secrets.patch
    * secrets-0002-SUSE-implement-SUSE-container-secrets.patch
* Wed May 16 2018 jmassaguerpla@suse.com
  - Review Obsoletes to fix bsc#1080978
* Thu Apr 12 2018 fcastelli@suse.com
  - Put docker under the podruntime slice. This the recommended
    deployment to allow fine resource control on Kubernetes.
    bsc#1086185
* Tue Apr 10 2018 mmeister@suse.com
  - Add patch to handle AppArmor changes that make 'docker kill' stop working.
    bsc#1073877 boo#1089732
    + bsc1073877-0001-apparmor-allow-receiving-of-signals-from-docker-kill.patch
* Fri Apr 06 2018 asarai@suse.com
  - Fix manpage generation breaking ppc64le builds due to a missing
    - buildemode=pie.
* Wed Apr 04 2018 vrothberg@suse.com
  - Compile and install all manpages.
    bsc#1085117
* Tue Mar 27 2018 asarai@suse.com
  - Add requirement for catatonit, which provides a docker-init implementation.
    fate#324652 bsc#1085380
* Thu Mar 08 2018 vrothberg@suse.com
  - Fix private-registry-0001-Add-private-registry-mirror-support.patch to
    deal corretly with TLS configs of 3rd party registries.
    fix bsc#1084533
* Tue Feb 13 2018 asarai@suse.com
  - Update patches to be sourced from https://github.com/suse/docker-ce (which
    are based on the upstream docker/docker-ce repo). The reason for this change
    (though it is functionally identical to the old patches) is so that public
    patch maintenance is much simpler.
    * bsc1021227-0001-pkg-devmapper-dynamically-load-dm_task_deferred_remo.patch
    * bsc1055676-0001-daemon-oci-obey-CL_UNPRIVILEGED-for-user-namespaced-.patch
    * private-registry-0001-Add-private-registry-mirror-support.patch
    * secrets-0001-daemon-allow-directory-creation-in-run-secrets.patch
    * secrets-0002-SUSE-implement-SUSE-container-secrets.patch
* Mon Feb 12 2018 rbrown@suse.com
  - Add ${version} to equivalent non-kubic package provides
* Thu Feb 08 2018 rbrown@suse.com
  - Add Provides for equivalent non-kubic packages
* Tue Jan 30 2018 vrothberg@suse.com
  - Disable all tests for docker/client and docker/pkg/discovery.  The unit tests
    of those packages broke reproducibly the builds in IBS.
* Mon Jan 29 2018 vrothberg@suse.com
  - Disable flaky tests github.com/docker/docker/pkg/discovery/kv.
* Fri Jan 26 2018 vrothberg@suse.com
  - Add patch to support mirroring of private/non-upstream registries. As soon as
    the upstream PR (https://github.com/moby/moby/pull/34319) is merged, this
    patch will be replaced by the backported one from upstream.
    + private-registry-0001-Add-private-registry-mirror-support.patch
    fix bsc#1074971
* Fri Jan 19 2018 asarai@suse.com
  - Add Obsoletes: docker-image-migrator, as the tool is no longer needed and
    we've pretty much removed it from everywhere except the containers module.
    bsc#1069758
* Fri Jan 19 2018 vrothberg@suse.com
  - Remove requirement on bridge-utils, which has been replaced by libnetwork in
    Docker. bsc#1072798
* Mon Dec 18 2017 asarai@suse.com
  - Update to Docker v17.09.1_ce (bsc#1069758). Upstream changelog:
    https://github.com/docker/docker-ce/releases/tag/v17.09.1-ce
  - Removed patches (merged upstream):
    - bsc1045628-0001-devicemapper-remove-container-rootfs-mountPath-after.patch
    - bsc1066210-0001-vendor-update-to-github.com-vbatts-tar-split-v0.10.2.patch
    - bsc1066801-0001-oci-add-proc-scsi-to-masked-paths.patch
* Mon Dec 18 2017 asarai@suse.com
  - Update to Docker v17.09.0_ce. Upstream changelog:
    https://github.com/docker/docker-ce/releases/tag/v17.09.0-ce
  - Rebased patches:
    * bsc1021227-0001-pkg-devmapper-dynamically-load-dm_task_deferred_remo.patch
    * bsc1045628-0001-devicemapper-remove-container-rootfs-mountPath-after.patch
    * bsc1055676-0001-daemon-oci-obey-CL_UNPRIVILEGED-for-user-namespaced-.patch
    * secrets-0001-daemon-allow-directory-creation-in-run-secrets.patch
    * secrets-0002-SUSE-implement-SUSE-container-secrets.patch
  - Removed patches (merged upstream):
    - bsc1064781-0001-Allow-to-override-build-date.patch
* Tue Dec 05 2017 asarai@suse.com
  - Add a patch to dynamically probe whether libdevmapper supports
    dm_task_deferred_remove. This is necessary because we build the containers
    module on a SLE12 base, but later SLE versions have libdevmapper support.
    This should not affect openSUSE, as all openSUSE versions have a new enough
    libdevmapper. Backport of https://github.com/moby/moby/pull/35518.
    bsc#1021227 bsc#1029320 bsc#1058173
    + bsc1021227-0001-pkg-devmapper-dynamically-load-dm_task_deferred_remo.patch
* Mon Dec 04 2017 asarai@suse.com
  - Fix up the ordering of tests in docker.spec. This is to keep things easier to
    backport into the SLE package.
* Thu Nov 30 2017 asarai@suse.com
  - Include secrets fix to handle "old" containers that have orphaned secret
    data. It's not clear why Docker caches these secrets, but fix the problem by
    trashing the references manually. bsc#1057743
    * secrets-0002-SUSE-implement-SUSE-container-secrets.patch
* Thu Nov 23 2017 rbrown@suse.com
  - Replace references to /var/adm/fillup-templates with new
    %_fillupdir macro (boo#1069468)
* Tue Nov 14 2017 asarai@suse.com
  - Remove migration code for the v1.9.x -> v1.10.x migration. This has been
    around for a while, and we no longer support migrating from such an old
    version "nicely". Docker still has migration code that will run on
    first-boot, we are merely removing all of the "nice" warnings which tell
    users how to avoid issues during an upgrade that ocurred more than a year
    ago.
  - Drop un-needed files:
    - docker-plugin-message.txt
    - docker-update-message.txt
* Tue Nov 07 2017 asarai@suse.com
  - Add a backport of https://github.com/moby/moby/pull/35424, which fixes a
    security issue where a maliciously crafted image could be used to crash a
    Docker daemon. bsc#1066210 CVE-2017-14992
    + bsc1066210-0001-vendor-update-to-github.com-vbatts-tar-split-v0.10.2.patch
* Tue Nov 07 2017 asarai@suse.com
  - Add a backport of https://github.com/moby/moby/pull/35399, which fixes a
    security issue where a Docker container (with a disabled AppArmor profile)
    could write to /proc/scsi/... and subsequently DoS the host. bsc#1066801
    CVE-2017-16539
    + bsc1066801-0001-oci-add-proc-scsi-to-masked-paths.patch
* Tue Oct 24 2017 asarai@suse.com
  - Correctly set `docker version` information, including the version, git
    commit, and SOURCE_DATE_EPOCH (requires a backport). This should
    * effectively* make Docker builds reproducible, with minimal cost. boo#1064781
    + bsc1064781-0001-Allow-to-override-build-date.patch
* Mon Oct 16 2017 asarai@suse.com
  - Add backport of https://github.com/moby/moby/pull/35205. This used to be
    fixed in docker-runc, but we're moving it here after upstream discussion.
    bsc#1055676
    + bsc1055676-0001-daemon-oci-obey-CL_UNPRIVILEGED-for-user-namespaced-.patch
* Mon Oct 09 2017 asarai@suse.com
  - Update to Docker v17.07.0_ce. Upstream changelog:
    https://github.com/docker/docker-ce/releases/tag/v17.06.0-ce
    https://github.com/docker/docker-ce/releases/tag/v17.07.0-ce
  - Removed no-longer needed patches.
    - bsc1037436-0001-client-check-tty-before-creating-exec-job.patch
    - bsc1037607-0001-apparmor-make-pkg-aaparser-work-on-read-only-root.patch
    - integration-cli-fix-TestInfoEnsureSucceeds.patch
  - Added backport of https://github.com/moby/moby/pull/34573. bsc#1045628
    + bsc1045628-0001-devicemapper-remove-container-rootfs-mountPath-after.patch
  - Rewrite secrets patches to correctly handle directories in a way that doesn't
    cause errors when starting new containers.
    * secrets-0001-daemon-allow-directory-creation-in-run-secrets.patch
    * secrets-0002-SUSE-implement-SUSE-container-secrets.patch
* Mon Oct 02 2017 vrothberg@suse.com
  - Fix bsc#1059011
    The systemd service helper script used a timeout of 60 seconds to
    start the daemon, which is insufficient in cases where the daemon
    takes longer to start. Instead, set the service type from 'simple' to
    'notify' and remove the now superfluous helper script.
* Wed Sep 27 2017 jmassaguerpla@suse.com
  - fix bsc#1057743: Add a Requires: fix_bsc_1057743 which is provided by the
    newer version of docker-libnetwork. This is necessary because of a versioning
    bug we found in bsc#1057743.
* Fri Sep 15 2017 jmassaguerpla@suse.com
  - fix /var/adm/update-message/docker file name to be
    /var/adm/update-message/docker-%{version}-%{release}
* Wed Sep 06 2017 asarai@suse.com
  - devicemapper: add patch to make the dm storage driver remove a container's
    rootfs mountpoint before attempting to do libdm operations on it. This helps
    avoid complications when live mounts will leak into containers. Backport of
    https://github.com/moby/moby/pull/34573. bsc#1045628
    + bsc1045628-0001-devicemapper-remove-container-rootfs-mountPath-after.patch
* Wed Aug 30 2017 asarai@suse.com
  - Fix a regression in our SUSE secrets patches, which caused the copied files
    to not carry the correct {uid,gid} mapping when using user namespaces. This
    would not cause any bugs (SUSEConnect does the right thing anyway) but it's
    possible some programs would not treat the files correctly. This is
    tangentially related to bsc#1055676.
    * secrets-0001-daemon-allow-directory-creation-in-run-secrets.patch
    * secrets-0002-SUSE-implement-SUSE-container-secrets.patch
* Wed Aug 02 2017 asarai@suse.com
  - Use -buildmode=pie for tests and binary build. bsc#1048046 bsc#1051429
* Wed Jul 19 2017 jmassaguerpla@suse.com
  - enable deferred removal for sle12sp2 and newer (and openSUSE
    equivalent. fix bsc#1021227
* Wed Jul 19 2017 jmassaguerpla@suse.com
  - enable libseccomp on sle12sp2 and newer, 42.2 and newer
    fix bsc#1028638 - docker: conditional filtering not supported on
    libseccomp for sle12
* Tue Jul 11 2017 jmassaguerpla@suse.com
  - add SuSEfirewall2.service to the After clause in docker.service
    in order to fix bsc#1046024
* Fri Jul 07 2017 thipp@suse.de
  - fix path to docker-runc in systemd service file
* Thu Jul 06 2017 thipp@suse.de
  - change dependency to docker-runc
* Mon Jun 19 2017 jmassaguerpla@suse.com
  - Fix bsc#1029630: docker does not wait for lvm on system startup
    I added "lvm2-monitor.service" as an "After dependency" of the docker systemd
    unit.
* Tue May 30 2017 jmassaguerpla@suse.com
  - Fix bsc#1032287: missing docker systemd configuration
* Mon May 29 2017 asarai@suse.com
  - Update SUSE secrets patch to correctly handle restarting of containers.
    + secrets-0001-daemon-allow-directory-creation-in-run-secrets.patch
    + secrets-0002-SUSE-implement-SUSE-container-secrets.patch
* Wed May 17 2017 asarai@suse.com
  - Fix bsc#1037607 which was causing read-only issues on Kubic, this is a
    backport of https://github.com/moby/moby/pull/33250.
    + bsc1037607-0001-apparmor-make-pkg-aaparser-work-on-read-only-root.patch
* Thu May 11 2017 tchvatal@suse.com
  - Fix bsc#1038476 warning about non-executable docker
    * Simply verify we have binary prior using it, might happen if
      someone had docker installed and then did remove it and install
      from scratch again
* Wed May 10 2017 asarai@suse.com
  - Add a partial fix for boo#1038493.
  - Fixed bsc#1037436 where execids were being leaked due to bad error handling.
    This is a backport of https://github.com/docker/cli/pull/52.
    + bsc1037436-0001-client-check-tty-before-creating-exec-job.patch
* Thu May 04 2017 jmassaguerpla@suse.com
  - Fix golang requirements in the subpackages
* Mon May 01 2017 fcastelli@suse.com
  - Update golang build requirements to use golang(API) symbol: this is
    needed to solve a conflict between multiple versions of Go being available
* Tue Apr 18 2017 jmassaguerpla@suse.com
  - Fix secrets-0002-SUSE-implement-SUSE-container-secrets.patch:
    substitute docker/distribution/digest by opencontainers/digest
* Thu Apr 13 2017 jmassaguerpla@suse.com
  - Update to version 17.04.0-ce (fix bsc#1034053 )
  - Patches removed because have been merged into this version:
    * pr31549-cmd-docker-fix-TestDaemonCommand.patch
    * pr31773-daemon-also-ensureDefaultApparmorProfile-in-exec-pat.patch
  - Patches rebased:
    * integration-cli-fix-TestInfoEnsureSucceeds.patch
  - Build man pages for all archs (bsc#953182)
  - Containers cannot resolve DNS if docker host uses 127.0.0.1 as resolver (bsc#1034063)
    see /usr/share/doc/packages/docker/CHANGELOG.md
* Wed Apr 12 2017 jmassaguerpla@suse.com
  - Make sure this is being built with go 1.7
* Wed Apr 12 2017 jmassaguerpla@suse.com
  - remove the go_arches macro because we are using go1.7 which
    is available in all archs
  - remove gcc specific patches
    * gcc-go-patches.patch
    * netlink_netns_powerpc.patch
    * boltdb_bolt_add_brokenUnaligned.patch
* Wed Apr 12 2017 asarai@suse.com
  - Enable Delegate=yes, since systemd will safely ignore lvalues it doesn't
    understand.
* Tue Apr 11 2017 asarai@suse.com
  - Update SUSE secrets patch to handle boo#1030702.
    * secrets-0001-daemon-allow-directory-creation-in-run-secrets.patch
    * secrets-0002-SUSE-implement-SUSE-container-secrets.patch
* Tue Apr 11 2017 mmeister@suse.com
  - Fix (bsc#1032644)
    Change lvm2 from Requires to Recommends
    Docker usually uses a default storage driver, when it's not configured
    explicitly. This default driver then depends on the underlying
    system and gets chosen during installation.
* Mon Mar 20 2017 jmassaguerpla@suse.com
  - Disable libseccomp for leap 42.1, sle12sp1 and sle12, because
    docker needs a higher version. Otherwise, we get the error
      "conditional filtering requires libseccomp version >= 2.2.1
    (bsc#1028639 and bsc#1028638)
* Fri Mar 17 2017 asarai@suse.com
  - Add a backport of fix to AppArmor lazy loading docker-exec case.
    https://github.com/docker/docker/pull/31773
    + pr31773-daemon-also-ensureDefaultApparmorProfile-in-exec-pat.patch
* Wed Mar 08 2017 asarai@suse.com
  - Clean up docker-mount-secrets.patch to use the new swarm secrets internals of
    Docker 1.13.0, which removes the need to implement any secret handling
    ourselves. This resulted in a split up of the patch.
    - docker-mount-secrets.patch
    + secrets-0001-daemon-allow-directory-creation-in-run-secrets.patch
    + secrets-0002-SUSE-implement-SUSE-container-secrets.patch
* Mon Mar 06 2017 jmassaguerpla@suse.com
  - Remove old plugins.json to prevent docker-1.13 to fail to start
* Mon Mar 06 2017 jmassaguerpla@suse.com
  - Fix bsc#1026827: systemd TasksMax default throttles docker
* Mon Mar 06 2017 jmassaguerpla@suse.com
  - Fix post section by adding shadow as a package requirement
    Otherwise the groupadd instruction fails
* Sun Mar 05 2017 asarai@suse.com
  - Add patch to fix TestDaemonCommand failure in %check. This is an upstream
    bug, and has an upstream PR to fix it https://github.com/docker/docker/pull/31549.
    + pr31549-cmd-docker-fix-TestDaemonCommand.patch
* Wed Feb 01 2017 jmassaguerpla@suse.com
  - update docker to 1.13.0
    see details in https://github.com/docker/docker/releases/tag/v1.13.0
  - use the same buildflags for building docker and for building the
    tests.
  - enable pkcs11:
    https://github.com/docker/docker/commit/37fa75b3447007bb8ea311f02610bb383b0db77f
* Fri Jan 27 2017 bg@suse.com
  - enable architecture s390x for openSUSE
* Thu Jan 26 2017 jmassaguerpla@suse.com
  - provide the oci runtime so that containers which were using an old
    runtime option, when started on the new docker version, the runtime
    is changed to the new one. fix bsc#1020806 bsc#1016992
* Fri Jan 13 2017 jmassaguerpla@suse.com
  - fix CVE-2016-9962 bsc#1012568 . Fix it by updating to 1.12.6
    plus an extra commit to fix liverestore:
    https://github.com/docker/docker/commit/97cd32a6a9076306baa637a29bba84c3f1f3d218
* Wed Jan 11 2017 jmassaguerpla@suse.com
  - add "a wait" when starting docker service to fix
    bsc#1019251
* Tue Dec 20 2016 normand@linux.vnet.ibm.com
  - remove netlink_gcc_go.patch after integration of PR
    https://github.com/golang/go/issues/11707
  - new boltdb_bolt_add_brokenUnaligned.patch for ppc64
    waiting for https://github.com/boltdb/bolt/pull/635
* Tue Dec 20 2016 asarai@suse.com
  - Remove old flags from dockerd's command-line, to be more inline with
    upstream (now that docker-runc is provided by the runc package). -H is
    dropped because upstream dropped it due to concerns with socket
    activation.
  - Remove socket activation entirely.
* Mon Dec 19 2016 jmassaguerpla@suse.com
  - update docker to 1.12.5 (bsc#1016307).
    This fixes bsc#1015661
* Mon Dec 05 2016 jmassaguerpla@suse.com
  - fix bash-completion
* Tue Nov 29 2016 jimmy@boombatower.com
  - Add packageand(docker:bash) to bash-completion to match zsh-completion.
* Thu Nov 24 2016 jmassaguerpla@suse.com
  - fix runc and containerd revisions
    fix bsc#1009961
* Thu Oct 27 2016 jmassaguerpla@suse.com
  - update docker to 1.12.3
    - fix bsc#1007249 - CVE-2016-8867: Fix ambient capability usage in containers
    - other fixes:
    https://github.com/docker/docker/releases/tag/v1.12.3
* Thu Oct 13 2016 jmassaguerpla@suse.com
  - update docker to 1.12.2 (bsc#1004490). See changelog
    https://github.com/docker/docker/blob/v1.12.2/CHANGELOG.md
  - update docker-mount-secrets.patch to 1.12.2 code
* Tue Oct 11 2016 asarai@suse.com
  - docker-mount-secrets.patch: change the internal mountpoint name to not use
    ":" as that character can be considered a special character by other tools.
    bsc#999582
* Mon Sep 19 2016 jmassaguerpla@suse.com
  - fix go_arches definition: use global instead of define, otherwise
    it fails to build
* Wed Sep 14 2016 asarai@suse.com
  - Add dockerd(8) man page.
* Fri Sep 09 2016 thipp@suse.de
  - add missing patch to changelog
* Wed Sep 07 2016 thipp@suse.de
  - fix integration test case
  - add integration-cli-fix-TestInfoEnsureSucceeds.patch
* Tue Sep 06 2016 thipp@suse.de
  - update rpmlintrc
* Fri Sep 02 2016 thipp@suse.de
  - make test timeout configurable
* Fri Sep 02 2016 asarai@suse.com
  - Remove noarch from docker-test, which was causing lots of fun issues when
    trying to run them.
* Tue Aug 30 2016 jmassaguerpla@suse.com
  - Fix build for ppc64le: use static libgo for dockerd and docker-proxy
    as in docker build.
* Mon Aug 29 2016 jmassaguerpla@suse.com
  - Update docker to 1.12.1 (bsc#996015)
    see changelog in https://github.com/docker/docker/releases/tag/v1.12.1
* Fri Aug 26 2016 cbrauner@suse.de
  - Add asaurin@suse.com's test.sh test script.
  - Add integration test binary in docker.spec file. This is work done by
    asaurin@suse.com.
* Fri Aug 26 2016 asarai@suse.com
  - Package docker-proxy (which was split out of the docker binary in 1.12).
    boo#995620
* Fri Aug 26 2016 jmassaguerpla@suse.com
  - fix bsc#995102 - Docker "migrator" prevents installing "docker",
    if docker 1.9 was installed before but there were no images
* Fri Aug 26 2016 asarai@suse.com
  - Update docker.service file with several changes.
    * Reapply fix for bsc#983015 (Limit*=infinity).
    * Specify an "OCI" runtime for our runc package explicitly. bsc#978260
* Thu Aug 25 2016 jmassaguerpla@suse.com
  - remove disable-pprof-trace.patch: We can remove this patch because
    we use go 1.6, either gcc6-go or gc-go. This patch was for gcc5-go
* Wed Aug 24 2016 jmassaguerpla@suse.com
  - add go_arches in project configuration: this way, we can use the
    same spec file but decide in the project configuration if to
    use gc-go or gcc-go for some archs.
* Tue Aug 23 2016 jmassaguerpla@suse.com
  - use gcc6-go instead of gcc5-go (bsc#988408)
  - build ppc64le with gc-go because this version builds with gc-go 1.6
  - remove bnc964673-boltdb-metadata-recovery.patch because it has already
    been merged
* Tue Aug 23 2016 cbrauner@suse.com
  - update to v1.12.0 (bsc#995058)
    see detailed changelog at
      https://github.com/docker/docker/releases/tag/v1.12.0
  - disable test that fail in obs build context
  - only run unit tests on architectures that provide the go list and go test
    tools
  - disable dockerd, parser, integration test, and devicemapper related tests
    on versions below SLE12 and openSUSE_13.2
  - bump test timeout to 10m (for aarch64)
  - run unit tests during the build
  - Adapt docker.service file.
  - adapt install sections for gccgo builds: gccgo build are not built in separate
    folders for client and daemon. They both reside in dyngccgo.
  - gcc-go-patch: link against systemd when compiling the daemon.
  - Add disable-pprof-trace.patch
    pprof.Trace() is not available in go version <= 1.4 which we use to build SLES
    packages. This patch comments out the pprof.Trace() section.
  - update gcc-go-patch and docker-mount-secrets.patch
* Tue Aug 23 2016 tboerger@suse.com
  - Fixed binary split, install both required binaries correctly
* Tue Aug 16 2016 asarai@suse.com
  * Explicitly state the version dependencies for runC and containerd, to
    avoid potential issues with incompatible component versions. These
    must be updated *each time we do a release*. bsc#993847
* Mon Jul 25 2016 sflees@suse.de
  - Don't exit mid install, add the ability to not restart the docker
    service during certain updates with long migration phases
    bsc#980555
* Tue Jul 19 2016 jmassaguerpla@suse.com
  - remove kernel dependency (bsc#987198)
* Wed Jul 13 2016 cbrauner@suse.de
  - remove sysconfig.docker.ppc64le patch
    setting iptables option on ppc64le works now (bsc#988707)
* Tue Jul 05 2016 jmassaguerpla@suse.com
  - fix bsc#984942: audit.rules in docker-1.9.1-58.1.x86_64.rpm has a
    syntax error
* Tue Jul 05 2016 asarai@suse.com
  * Update docker.service to include changes from upstream, including the
    soon-to-be-merged patch https://github.com/docker/docker/pull/24307,
    which fixes bnc#983015.
* Fri Jun 24 2016 dmueller@suse.com
  - readd dropped declaration for patch200
* Wed Jun 08 2016 asarai@suse.de
  * Removed patches:
    - cve-2016-3697-numeric-uid.patch (merged upstream in gh@docker/docker#22998).
    * Update Docker to 1.11.2. (bsc#989566) Changelog from upstream:
    * Networking
    * Fix a stale endpoint issue on overlay networks during ungraceful restart
      (#23015)
    * Fix an issue where the wrong port could be reported by docker
      inspect/ps/port (#22997)
    * Runtime
    * Fix a potential panic when running docker build (#23032)
    * Fix interpretation of --user parameter (#22998)
    * Fix a bug preventing container statistics to be correctly reported (#22955)
    * Fix an issue preventing container to be restarted after daemon restart
      (#22947)
    * Fix issues when running 32 bit binaries on Ubuntu 16.04 (#22922)
    * Fix a possible deadlock on image deletion and container attach (#22918)
    * Fix an issue where containers fail to start after a daemon restart if they
      depend on a containerized cluster store (#22561)
    * Fix an issue causing docker ps to hang on CentOS when using devicemapper
      (#22168, #23067)
    * Fix a bug preventing to docker exec into a container when using
      devicemapper (#22168, #23067)
* Fri May 20 2016 jmassaguerpla@suse.com
  - Fix udev files ownership
* Thu May 19 2016 tchvatal@suse.com
  - Pass over with spec-cleaner, no factual changes
* Wed May 18 2016 asarai@suse.de
  * Make sure we *always* build unstripped Go binaries.
* Mon May 16 2016 asarai@suse.de
  * Add a patch to fix database soft corruption issues if the Docker dameon dies
    in a bad state. There is a PR upstream to vendor Docker to have this fix as
    well, but it probably won't get in until 1.11.2. bnc#964673
    (https://github.com/docker/docker/pull/22765)
    + bnc964673-boltdb-metadata-recovery.patch
* Mon May 02 2016 asarai@suse.de
  * Remove conditional Patch directive for SUSE secrets, since conditionally
    including patches results in incompatible .src.rpms. The patch is still
    applied conditionally.
* Fri Apr 29 2016 asarai@suse.de
  * Update to Docker 1.11.1. Changelog from upstream:
    * Distribution
    - Fix schema2 manifest media type to be of type `application/vnd.docker.container.image.v1+json` ([#21949](https://github.com/docker/docker/pull/21949))
    * Documentation
      + Add missing API documentation for changes introduced with 1.11.0 ([#22048](https://github.com/docker/docker/pull/22048))
    * Builder
    * Append label passed to `docker build` as arguments as an implicit `LABEL` command at the end of the processed `Dockerfile` ([#22184](https://github.com/docker/docker/pull/22184))
    * Networking
    - Fix a panic that would occur when forwarding DNS query ([#22261](https://github.com/docker/docker/pull/22261))
    - Fix an issue where OS threads could end up within an incorrect network namespace when using user defined networks ([#22261](https://github.com/docker/docker/pull/22261))
    * Runtime
    - Fix a bug preventing labels configuration to be reloaded via the config file ([#22299](https://github.com/docker/docker/pull/22299))
    - Fix a regression where container mounting `/var/run` would prevent other containers from being removed ([#22256](https://github.com/docker/docker/pull/22256))
    - Fix an issue where it would be impossible to update both `memory-swap` and `memory` value together ([#22255](https://github.com/docker/docker/pull/22255))
    - Fix a regression from 1.11.0 where the `/auth` endpoint would not initialize `serveraddress` if it is not provided ([#22254](https://github.com/docker/docker/pull/22254))
    - Add missing cleanup of container temporary files when cancelling a schedule restart ([#22237](https://github.com/docker/docker/pull/22237))
    - Removed scary error message when no restart policy is specified ([#21993](https://github.com/docker/docker/pull/21993))
    - Fix a panic that would occur when the plugins were activated via the json spec ([#22191](https://github.com/docker/docker/pull/22191))
    - Fix restart backoff logic to correctly reset delay if container ran for at least 10secs ([#22125](https://github.com/docker/docker/pull/22125))
    - Remove error message when a container restart get cancelled ([#22123](https://github.com/docker/docker/pull/22123))
    - Fix an issue where `docker` would not correcly clean up after `docker exec` ([#22121](https://github.com/docker/docker/pull/22121))
    - Fix a panic that could occur when servicing concurrent `docker stats` commands ([#22120](https://github.com/docker/docker/pull/22120))`
    - Revert deprecation of non-existing host directories auto-creation ([#22065](https://github.com/docker/docker/pull/22065))
    - Hide misleading rpc error on daemon shutdown ([#22058](https://github.com/docker/docker/pull/22058))
* Wed Apr 27 2016 jmassaguerpla@suse.com
  - Fix go version to 1.5 (bsc#977394)
* Fri Apr 22 2016 asarai@suse.de
  - Add patch to fix vulnerability in Docker <= 1.11.0. This patch is upstream,
    but was merged after the 1.11.0 merge window. CVE-2016-3697. bsc#976777.
      + cve-2016-3697-numeric-uid.patch
    The upstream PR is here[1] and was vendored into Docker here[2].
    [1]: https://github.com/opencontainers/runc/pull/708
    [2]: https://github.com/docker/docker/pull/21665
* Mon Apr 18 2016 mpluskal@suse.com
  - Supplemnent zsh from zsh-completion
    * zsh-completion will be automatically installed if zsh and
      docker are installed
* Mon Apr 18 2016 jmassaguerpla@suse.com
  - Remove gcc5_socker_workaround.patch: This patch is not needed anymore
    since gcc5 has been updated in all platforms
* Mon Apr 18 2016 asarai@suse.de
  * Removed patches that have been fixed upstream and in gcc-go:
    - boltdb_bolt_powerpc.patch
    - fix-apparmor.patch
    - fix-btrfs-ioctl-structure.patch
    - fix-docker-init.patch
    - libnetwork_drivers_bridge_powerpc.patch
    - ignore-dockerinit-checksum.patch
    * Require containerd, as it is the only currently supported Docker execdriver.
    * Update docker.socket to require containerd.socket and use --containerd in
    docker.service so that the services are self-contained.
    * Update to Docker 1.11.0. Changelog from upstream:
    * Builder
    - Fix a bug where Docker would not used the correct uid/gid when processing the `WORKDIR` command ([#21033](https://github.com/docker/docker/pull/21033))
    - Fix a bug where copy operations with userns would not use the proper uid/gid ([#20782](https://github.com/docker/docker/pull/20782), [#21162](https://github.com/docker/docker/pull/21162))
    * Client
    * Usage of the `:` separator for security option has been deprecated. `=` should be used instead ([#21232](https://github.com/docker/docker/pull/21232))
    + The client user agent is now passed to the registry on `pull`, `build`, `push`, `login` and `search` operations ([#21306](https://github.com/docker/docker/pull/21306), [#21373](https://github.com/docker/docker/pull/21373))
    * Allow setting the Domainname and Hostname separately through the API ([#20200](https://github.com/docker/docker/pull/20200))
    * Docker info will now warn users if it can not detect the kernel version or the operating system ([#21128](https://github.com/docker/docker/pull/21128))
    - Fix an issue where `docker stats --no-stream` output could be all 0s ([#20803](https://github.com/docker/docker/pull/20803))
    - Fix a bug where some newly started container would not appear in a running `docker stats` command ([#20792](https://github.com/docker/docker/pull/20792))
    * Post processing is no longer enabled for linux-cgo terminals ([#20587](https://github.com/docker/docker/pull/20587))
    - Values to `--hostname` are now refused if they do not comply with [RFC1123](https://tools.ietf.org/html/rfc1123) ([#20566](https://github.com/docker/docker/pull/20566))
    + Docker learned how to use a SOCKS proxy ([#20366](https://github.com/docker/docker/pull/20366), [#18373](https://github.com/docker/docker/pull/18373))
    + Docker now supports external credential stores ([#20107](https://github.com/docker/docker/pull/20107))
    * `docker ps` now supports displaying the list of volumes mounted inside a container ([#20017](https://github.com/docker/docker/pull/20017))
    * `docker info` now also report Docker's root directory location ([#19986](https://github.com/docker/docker/pull/19986))
    - Docker now prohibits login in with an empty username (spaces are trimmed) ([#19806](https://github.com/docker/docker/pull/19806))
    * Docker events attributes are now sorted by key ([#19761](https://github.com/docker/docker/pull/19761))
    * `docker ps` no longer show exported port for stopped containers ([#19483](https://github.com/docker/docker/pull/19483))
    - Docker now cleans after itself if a save/export command fails ([#17849](https://github.com/docker/docker/pull/17849))
    * Docker load learned how to display a progress bar ([#17329](https://github.com/docker/docker/pull/17329), [#120078](https://github.com/docker/docker/pull/20078))
    * Distribution
    - Fix a panic that occurred when pulling an images with 0 layers ([#21222](https://github.com/docker/docker/pull/21222))
    - Fix a panic that could occur on error while pushing to a registry with a misconfigured token service ([#21212](https://github.com/docker/docker/pull/21212))
    + All first-level delegation roles are now signed when doing a trusted push ([#21046](https://github.com/docker/docker/pull/21046))
    + OAuth support for registries was added ([#20970](https://github.com/docker/docker/pull/20970))
    * `docker login` now handles token using the implementation found in [docker/distribution](https://github.com/docker/distribution) ([#20832](https://github.com/docker/docker/pull/20832))
    * `docker login` will no longer prompt for an email ([#20565](https://github.com/docker/docker/pull/20565))
    * Docker will now fallback to registry V1 if no basic auth credentials are available ([#20241](https://github.com/docker/docker/pull/20241))
    * Docker will now try to resume layer download where it left off after a network error/timeout ([#19840](https://github.com/docker/docker/pull/19840))
    - Fix generated manifest mediaType when pushing cross-repository ([#19509](https://github.com/docker/docker/pull/19509))
    - Fix docker requesting additional push credentials when pulling an image if Content Trust is enabled ([#20382](https://github.com/docker/docker/pull/20382))
    * Logging
    - Fix a race in the journald log driver ([#21311](https://github.com/docker/docker/pull/21311))
    * Docker syslog driver now uses the RFC-5424 format when emitting logs ([#20121](https://github.com/docker/docker/pull/20121))
    * Docker GELF log driver now allows to specify the compression algorithm and level via the `gelf-compression-type` and `gelf-compression-level` options ([#19831](https://github.com/docker/docker/pull/19831))
    * Docker daemon learned to output uncolorized logs via the `--raw-logs` options ([#19794](https://github.com/docker/docker/pull/19794))
    + Docker, on Windows platform, now includes an ETW (Event Tracing in Windows) logging driver named `etwlogs` ([#19689](https://github.com/docker/docker/pull/19689))
    * Journald log driver learned how to handle tags ([#19564](https://github.com/docker/docker/pull/19564))
    + The fluentd log driver learned the following options: `fluentd-address`, `fluentd-buffer-limit`, `fluentd-retry-wait`, `fluentd-max-retries` and `fluentd-async-connect` ([#19439](https://github.com/docker/docker/pull/19439))
    + Docker learned to send log to Google Cloud via the new `gcplogs` logging driver. ([#18766](https://github.com/docker/docker/pull/18766))
    * Misc
    + When saving linked images together with `docker save` a subsequent `docker load` will correctly restore their parent/child relationship ([#21385](https://github.com/docker/docker/pull/c))
    + Support for building the Docker cli for OpenBSD was added ([#21325](https://github.com/docker/docker/pull/21325))
    + Labels can now be applied at network, volume and image creation ([#21270](https://github.com/docker/docker/pull/21270))
    * The `dockremap` is now created as a system user ([#21266](https://github.com/docker/docker/pull/21266))
    - Fix a few response body leaks ([#21258](https://github.com/docker/docker/pull/21258))
    - Docker, when run as a service with systemd, will now properly manage its processes cgroups ([#20633](https://github.com/docker/docker/pull/20633))
    * Docker info now reports the value of cgroup KernelMemory or emits a warning if it is not supported ([#20863](https://github.com/docker/docker/pull/20863))
    * Docker info now also reports the cgroup driver in use ([#20388](https://github.com/docker/docker/pull/20388))
    * Docker completion is now available on PowerShell ([#19894](https://github.com/docker/docker/pull/19894))
    * `dockerinit` is no more ([#19490](https://github.com/docker/docker/pull/19490),[#19851](https://github.com/docker/docker/pull/19851))
    + Support for building Docker on arm64 was added ([#19013](https://github.com/docker/docker/pull/19013))
    + Experimental support for building docker.exe in a native Windows Docker installation ([#18348](https://github.com/docker/docker/pull/18348))
    * Networking
    - Fix panic if a node is forcibly removed from the cluster ([#21671](https://github.com/docker/docker/pull/21671))
    - Fix "error creating vxlan interface" when starting a container in a Swarm cluster ([#21671](https://github.com/docker/docker/pull/21671))
    * `docker network inspect` will now report all endpoints whether they have an active container or not ([#21160](https://github.com/docker/docker/pull/21160))
    + Experimental support for the MacVlan and IPVlan network drivers have been added ([#21122](https://github.com/docker/docker/pull/21122))
    * Output of `docker network ls` is now sorted by network name ([#20383](https://github.com/docker/docker/pull/20383))
    - Fix a bug where Docker would allow a network to be created with the reserved `default` name ([#19431](https://github.com/docker/docker/pull/19431))
    * `docker network inspect` returns whether a network is internal or not ([#19357](https://github.com/docker/docker/pull/19357))
    + Control IPv6 via explicit option when creating a network (`docker network create --ipv6`). This shows up as a new `EnableIPv6` field in `docker network inspect` ([#17513](https://github.com/docker/docker/pull/17513))
    * Support for AAAA Records (aka IPv6 Service Discovery) in embedded DNS Server ([#21396](https://github.com/docker/docker/pull/21396))
    - Fix to not forward docker domain IPv6 queries to external servers ([#21396](https://github.com/docker/docker/pull/21396))
    * Multiple A/AAAA records from embedded DNS Server for DNS Round robin ([#21019](https://github.com/docker/docker/pull/21019))
    - Fix endpoint count inconsistency after an ungraceful dameon restart ([#21261](https://github.com/docker/docker/pull/21261))
    - Move the ownership of exposed ports and port-mapping options from Endpoint to Sandbox ([#21019](https://github.com/docker/docker/pull/21019))
    - Fixed a bug which prevents docker reload when host is configured with ipv6.disable=1 ([#21019](https://github.com/docker/docker/pull/21019))
    - Added inbuilt nil IPAM driver ([#21019](https://github.com/docker/docker/pull/21019))
    - Fixed bug in iptables.Exists() logic [#21019](https://github.com/docker/docker/pull/21019)
    - Fixed a Veth interface leak when using overlay network ([#21019](https://github.com/docker/docker/pull/21019))
    - Fixed a bug which prevents docker reload after a network delete during shutdown ([#20214](https://github.com/docker/docker/pull/20214))
    - Make sure iptables chains are recreated on firewalld reload ([#20419](https://github.com/docker/docker/pull/20419))
    - Allow to pass global datastore during config reload ([#20419](https://github.com/docker/docker/pull/20419))
    - For anonymous containers use the alias name for IP to name mapping, ie:DNS PTR record ([#21019](https://github.com/docker/docker/pull/21019))
    - Fix a panic when deleting an entry from /etc/hosts file  ([#21019](https://github.com/docker/docker/pull/21019))
    - Source the forwarded DNS queries from the container net namespace  ([#21019](https://github.com/docker/docker/pull/21019))
    - Fix to retain the network internal mode config for bridge networks on daemon reload ([#21780] (https://github.com/docker/docker/pull/21780))
    - Fix to retain IPAM driver option configs on daemon reload ([#21914] (https://github.com/docker/docker/pull/21914))
    * Plugins
    - Fix a file descriptor leak that would occur every time plugins were enumerated ([#20686](https://github.com/docker/docker/pull/20686))
    - Fix an issue where Authz plugin would corrupt the payload body when faced with a large amount of data ([#20602](https://github.com/docker/docker/pull/20602))
    * Runtime
    - Fix a panic that could occur when cleanup after a container started with invalid parameters ([#21716](https://github.com/docker/docker/pull/21716))
    - Fix a race with event timers stopping early ([#21692](https://github.com/docker/docker/pull/21692))
    - Fix race conditions in the layer store, potentially corrupting the map and crashing the process ([#21677](https://github.com/docker/docker/pull/21677))
    - Un-deprecate auto-creation of host directories for mounts. This feature was marked deprecated in ([#21666](https://github.com/docker/docker/pull/21666))
    Docker 1.9, but was decided to be too much of an backward-incompatible change, so it was decided to keep the feature.
    + It is now possible for containers to share the NET and IPC namespaces when `userns` is enabled ([#21383](https://github.com/docker/docker/pull/21383))
    + `docker inspect <image-id>` will now expose the rootfs layers ([#21370](https://github.com/docker/docker/pull/21370))
    + Docker Windows gained a minimal `top` implementation ([#21354](https://github.com/docker/docker/pull/21354))
    * Docker learned to report the faulty exe when a container cannot be started due to its condition ([#21345](https://github.com/docker/docker/pull/21345))
    * Docker with device mapper will now refuse to run if `udev sync` is not available ([#21097](https://github.com/docker/docker/pull/21097))
    - Fix a bug where Docker would not validate the config file upon configuration reload ([#21089](https://github.com/docker/docker/pull/21089))
    - Fix a hang that would happen on attach if initial start was to fail ([#21048](https://github.com/docker/docker/pull/21048))
    - Fix an issue where registry service options in the daemon configuration file were not properly taken into account ([#21045](https://github.com/docker/docker/pull/21045))
    - Fix a race between the exec and resize operations ([#21022](https://github.com/docker/docker/pull/21022))
    - Fix an issue where nanoseconds were not correctly taken in account when filtering Docker events ([#21013](https://github.com/docker/docker/pull/21013))
    - Fix the handling of Docker command when passed a 64 bytes id ([#21002](https://github.com/docker/docker/pull/21002))
    * Docker will now return a `204` (i.e http.StatusNoContent) code when it successfully deleted a network ([#20977](https://github.com/docker/docker/pull/20977))
    - Fix a bug where the daemon would wait indefinitely in case the process it was about to killed had already exited on its own ([#20967](https://github.com/docker/docker/pull/20967)
    * The devmapper driver learned the `dm.min_free_space` option. If the mapped device free space reaches the passed value, new device creation will be prohibited. ([#20786](https://github.com/docker/docker/pull/20786))
    + Docker can now prevent processes in container to gain new privileges via the `--security-opt=no-new-privileges` flag ([#20727](https://github.com/docker/docker/pull/20727))
    - Starting a container with the `--device` option will now correctly resolves symlinks ([#20684](https://github.com/docker/docker/pull/20684))
    + Docker now relies on [`containerd`](https://github.com/docker/containerd) and [`runc`](https://github.com/opencontainers/runc) to spawn containers. ([#20662](https://github.com/docker/docker/pull/20662))
    - Fix docker configuration reloading to only alter value present in the given config file ([#20604](https://github.com/docker/docker/pull/20604))
    + Docker now allows setting a container hostname via the `--hostname` flag when `--net=host` ([#20177](https://github.com/docker/docker/pull/20177))
    + Docker now allows executing privileged container while running with `--userns-remap` if both `--privileged` and the new `--userns=host` flag are specified ([#20111](https://github.com/docker/docker/pull/20111))
    - Fix Docker not cleaning up correctly old containers upon restarting after a crash ([#19679](https://github.com/docker/docker/pull/19679))
    * Docker will now error out if it doesn't recognize a configuration key within the config file ([#19517](https://github.com/docker/docker/pull/19517))
    - Fix container loading, on daemon startup, when they depends on a plugin running within a container ([#19500](https://github.com/docker/docker/pull/19500))
    * `docker update` learned how to change a container restart policy ([#19116](https://github.com/docker/docker/pull/19116))
    * `docker inspect` now also returns a new `State` field containing the container state in a human readable way (i.e. one of `created`, `restarting`, `running`, `paused`, `exited` or `dead`)([#18966](https://github.com/docker/docker/pull/18966))
    + Docker learned to limit the number of active pids (i.e. processes) within the container via the `pids-limit` flags. NOTE: This requires `CGROUP_PIDS=y` to be in the kernel configuration. ([#18697](https://github.com/docker/docker/pull/18697))
    - `docker load` now has a `--quiet` option to suppress the load output ([#20078](https://github.com/docker/docker/pull/20078))
    - Fix a bug in neighbor discovery for IPv6 peers ([#20842](https://github.com/docker/docker/pull/20842))
    - Fix a panic during cleanup if a container was started with invalid options ([#21802](https://github.com/docker/docker/pull/21802))
    - Fix a situation where a container cannot be stopped if the terminal is closed ([#21840](https://github.com/docker/docker/pull/21840))
    * Security
    * Object with the `pcp_pmcd_t` selinux type were given management access to `/var/lib/docker(/.*)?` ([#21370](https://github.com/docker/docker/pull/21370))
    * `restart_syscall`, `copy_file_range`, `mlock2` joined the list of allowed calls in the default seccomp profile ([#21117](https://github.com/docker/docker/pull/21117), [#21262](https://github.com/docker/docker/pull/21262))
    * `send`, `recv` and `x32` were added to the list of allowed syscalls and arch in the default seccomp profile ([#19432](https://github.com/docker/docker/pull/19432))
    * Docker Content Trust now requests the server to perform snapshot signing ([#21046](https://github.com/docker/docker/pull/21046))
    * Support for using YubiKeys for Content Trust signing has been moved out of experimental ([#21591](https://github.com/docker/docker/pull/21591))
    * Volumes
    * Output of `docker volume ls` is now sorted by volume name ([#20389](https://github.com/docker/docker/pull/20389))
    * Local volumes can now accepts options similar to the unix `mount` tool ([#20262](https://github.com/docker/docker/pull/20262))
    - Fix an issue where one letter directory name could not be used as source for volumes ([#21106](https://github.com/docker/docker/pull/21106))
    + `docker run -v` now accepts a new flag `nocopy`. This tell the runtime not to copy the container path content into the volume (which is the default behavior) ([#21223](https://github.com/docker/docker/pull/21223))
* Wed Apr 13 2016 jmassaguerpla@suse.com
  - docker.spec: apply gcc5 socket patch also for sle12 and leap
    because gcc5 has been updated there as well.
  - docker.spec: add a "is_opensuse" check for the mount-secrets patch.
    This way we can use this same package for opensuse.
* Fri Apr 08 2016 dmueller@suse.com
  - use go-lang for aarch64:
    - drop fix_platform_type_arm.patch (works around a gcc-go bug, so
    unnecessary)
* Thu Apr 07 2016 asarai@suse.de
  - Add patch from upstream (https://github.com/docker/docker/pull/21723) to fix
    compilation on Factory and Tumbleweed (which have btrfsprogs >= 4.5).
      + fix-btrfs-ioctl-structure.patch  bnc#974208
* Tue Mar 22 2016 fcastelli@suse.com
  - Changed systemd unit file and default sysconfig file to include network options,
    this is needed to get SDN like flannel to work
* Tue Mar 15 2016 asarai@suse.de
  - docker.spec: update warning to mention that /etc/sysconfig/docker is sourced
    by the migration script.
* Mon Mar 14 2016 asarai@suse.de
  - docker.spec: only Reccomends: the docker-image-migrator package as it is no
    longer required for our ugly systemctl hacks.
  - docker.spec: fix up documentation to refer to the script you need to run in
    the migrator package.
  - docker.spec: print a warning if you force the DOCKER_FORCE_INSTALL option.
* Fri Mar 11 2016 asarai@suse.de
  - spec: switch to new done file name from docker-image-migrator
* Fri Mar 11 2016 jmassaguerpla@suse.com
  - update to docker 1.10.3 (bnc#970637)
    Runtime
      Fix Docker client exiting with an "Unrecognized input header" error #20706
      Fix Docker exiting if Exec is started with both AttachStdin and Detach #20647
    Distribution
      Fix a crash when pushing multiple images sharing the same layers to the same repository in parallel #20831
      Fix a panic when pushing images to a registry which uses a misconfigured token service #21030
    Plugin system
      Fix issue preventing volume plugins to start when SELinux is enabled #20834
      Prevent Docker from exiting if a volume plugin returns a null response for Get requests #20682
      Fix plugin system leaking file descriptors if a plugin has an error #20680
    Security
      Fix linux32 emulation to fail during docker build #20672 It was due to the personality syscall being blocked by the default seccomp profile.
      Fix Oracle XE 10g failing to start in a container #20981 It was due to the ipc syscall being blocked by the default seccomp profile.
      Fix user namespaces not working on Linux From Scratch #20685
      Fix issue preventing daemon to start if userns is enabled and the subuid or subgid files contain comments #20725
    More at https://github.com/docker/docker/releases/tag/v1.10.3
* Thu Mar 10 2016 asarai@suse.de
  - spec: improve file-based migration checks to make sure that it doesn't cause
    errors if running on a /var/lib/docker without /var/lib/docker/graph.
* Wed Mar 09 2016 asarai@suse.de
  - spec: implement file-based migration checks. The migrator will be updated to
    match the warning message's instructions. This looks like it works with my
    testing.
* Mon Mar 07 2016 normand@linux.vnet.ibm.com
  - more patches to build on ppc64 architecture
    update netlink_gcc_go.patch
    new netlink_netns_powerpc.patch
    new boltdb_bolt_powerpc.patch
    new libnetwork_drivers_bridge_powerpc.patch to replace
      deleted fix-ppc64le.patch
* Tue Mar 01 2016 jmassaguerpla@suse.com
  - fix bsc#968972 - let docker manage the cgroups of the processes
    that it launches without systemd
* Tue Mar 01 2016 jmassaguerpla@suse.com
  - Require docker-image-migrator (bnc#968933)
* Tue Feb 23 2016 jmassaguerpla@suse.com
  Update to version 1.10.2 (bnc#968933)
    - Runtime
      Prevent systemd from deleting containers' cgroups when its configuration is reloaded #20518
      Fix SELinux issues by disregarding --read-only when mounting /dev/mqueue #20333
      Fix chown permissions used during docker cp when userns is used #20446
      Fix configuration loading issue with all booleans defaulting to true #20471
      Fix occasional panic with docker logs -f #20522
    - Distribution
      Keep layer reference if deletion failed to avoid a badly inconsistent state #20513
      Handle gracefully a corner case when canceling migration #20372
      Fix docker import on compressed data #20367
      Fix tar-split files corruption during migration that later cause docker push and docker save to fail #20458
    - Networking
      Fix daemon crash if embedded DNS is sent garbage #20510
    - Volumes
      Fix issue with multiple volume references with same name #20381
    - Security
      Fix potential cache corruption and delegation conflict issues #20523
    link to changelog:
    https://github.com/docker/docker/blob/v1.10.2/CHANGELOG.md
* Mon Feb 15 2016 asarai@suse.com
  - fix-apparmor.patch: switch to a backported version of docker/docker#20305,
    which also fixes several potential issues if the major version of apparmor
    changes.
* Mon Feb 15 2016 asarai@suse.com
  - Remove 1.10.0 tarball.
* Fri Feb 12 2016 jmassaguerpla@suse.com
  - Update to docker 1.10.1
    It includes some fixes to 1.10.0, see detailed changelog in
    https://github.com/docker/docker/blob/v1.10.1/CHANGELOG.md
* Tue Feb 09 2016 jmassaguerpla@suse.com
  - Update docker to 1.10.0 (bnc#965918)
    Add usernamespace support
    Add support for custom seccomp profiles
    Improvements in network and volume management
    detailed changelog in
    https://github.com/docker/docker/blob/590d5108bbdaabb05af590f76c9757daceb6d02e/CHANGELOG.md
  - removed patches, because code has been merged in 1.10.0 release:
      libcontainer-apparmor-fixes.patch: see: https://github.com/docker/docker/blob/release/v1.10/contrib/apparmor/template.go
      fix_bnc_958255.patch: see https://github.com/docker/docker/commit/2b4f64e59018c21aacbf311d5c774dd5521b5352
      use_fs_cgroups_by_default.patch
      fix_cgroup.parent_path_sanitisation.patch
      add_bolt_ppc64.patch
      add_bolt_arm64.patch
      add_bolt_s390x.patch
  - remove gcc-go-build-static-libgo.patch: This has been replace by gcc-go-patches.patch
  - removed patches, because arm and ppc are not build using the dynbinary target, but the dyngccgo one:
      docker_remove_journald_to_fix_dynbinary_build_on_arm.patch
      docker_remove_journald_to_fix_dynbinary_build_on_powerpc.patch
      docker_remove_journald_to_fix_dynbinary_build_on_arm64.patch
  - added patches:
      fix_platform_type_arm.patch: fix build for arm64 and aarch64: set utsname as uint8 for arm64 and aarch64
      gcc5_socket_workaround.patch: gcc5-go in Tumbleweed includes this commit
      https://github.com/golang/gofrontend/commit/a850225433a66a58613c22185c3b09626f5545eb
      Which "fixes" the data type for RawSockaddr.Data
      However, docker now expects the "wrong" data type, since docker had a workaround
      for that issue.
      Thus, we need to workaround the workaround in tumbleweed
      netlink_gcc_go.patch: add constants for syscalls TUNSETIFF and TUNSETPERSIST to fix a gcc issue.
      This is a workaround for bnc#964468: gcc-go can no longer compile Docker.
      fix-apparmor.patch: fix https://github.com/docker/docker/issues/20269 . It affects SLE12 which has apparmor
      version 2.8 and not openSUSE which has version 2.9.
      fix-ppc64le.patch: Build netlink driver using int8 and not uint8 for the data structure
  - reviewed patches:
      ignore-dockerinit-checksum.patch: review context in patch
      fix-docker-init.patch: review patch because build method has been changed in spec file for gcc-go
      gcc-go-patches.patch: review context in patch
  - Build requires go >= 1.5: For version 1.9, we could use Go 1.4.3
      see GO_VERSION https://github.com/docker/docker/blob/release/v1.9/Dockerfile
    However, for version 1.10, we need go 1.5.3
      see GO_VERSION https://github.com/docker/docker/blob/release/v1.10/Dockerfile
  - fix bnc#965600 - SLES12 SP1 - Static shared memory limit in container
* Tue Feb 09 2016 asarai@suse.com
  - docker-mount-secrets.patch: fix up this patch to work on Docker 1.10
* Wed Jan 27 2016 asarai@suse.com
  - docker-mount-secrets.patch: properly register /run/secrets as a
    mountpoint, so that it is unmounted properly when the container
    is removed and thus container removal works. (bnc#963142)
  - docker-mount-secrets.patch: in addition, add some extra debugging
    information to the secrets patch.
* Wed Jan 27 2016 asarai@suse.com
  - fix_json_econnreset_bug.patch: fix JSON bug that causes containers to not start
    in weird circumstances. https://github.com/docker/docker/issues/14203
* Wed Dec 23 2015 fcastelli@suse.com jmassaguerpla@suse.com
  - fix_bnc_958255.patch: fix Docker creates strange apparmor profile
    (bnc#958255)
  - use_fs_cgroups_by_default.patch: Use fs cgroups by default:
    https://github.com/docker/docker/commit/419fd7449fe1a984f582731fcd4d9455000846b0
  - fix_cgroup.parent_path_sanitisation.patch: fix cgroup.Parent path
    sanitisation:
    https://github.com/opencontainers/runc/commit/bf899fef451956be4abd63de6d6141d9f9096a02
  - Add rules for auditd. This is required to fix bnc#959405
  - Remove 7 patches, add 6 and modify 1, after 1.9.1 upgrade
    * Removed:
    - docker_missing_ppc64le_netlink_linux_files.patch: the code that this
      bug refers to has benn removed upstream
    - docker_rename_jump_amd64_as_jump_linux.patch: the code that this bug
      refers to has been removed upstream
    - Remove fix_15279.patch: code has been merged upstream
    - Remove add_missing_syscall_for_s390x.patch: code has been merged upstream
    - Remove fix_incompatible_assignment_error_bnc_950931.patch: code has been
      merged upstream
    - Remove fix_libsecomp_error_bnc_950931.patch: the code that this bug refers to
      has been removed upstream
    - Remove gcc5_socket_workaround.patch: Code has been fixed. Building with
      this patch is giving the error we were trying to fix, implying that the
      code has been fixed somewhere else.
    * Added:
    - add_bolt_ppc64.patch
    - add_bolt_arm64.patch
    - docker_remove_journald_to_fix_dynbinary_build_on_arm.patch
    - docker_remove_journald_to_fix_dynbinary_build_on_powerpc.patch
    - docker_remove_journald_to_fix_dynbinary_build_on_arm64.patch
    - gcc-go-build-static-libgo.patch: enable static linking of libgo in ggc-go
      In order to do this, we had to work-around an issue from gcc-go:
    https://gcc.gnu.org/bugzilla/show_bug.cgi?id=69357
    * Modify:
  - Upgrade to 1.9.1(bnc#956434)
    * Runtime:
    - Do not prevent daemon from booting if images could not be restored
      (#17695)
    - Force IPC mount to unmount on daemon shutdown/init (#17539)
    - Turn IPC unmount errors into warnings (#17554)
    - Fix `docker stats` performance regression (#17638)
    - Clarify cryptic error message upon `docker logs` if `--log-driver=none`
      (#17767)
    - Fix seldom panics (#17639, #17634, #17703)
    - Fix opq whiteouts problems for files with dot prefix (#17819)
    - devicemapper: try defaulting to xfs instead of ext4 for performance
      reasons (#17903, #17918)
    - devicemapper: fix displayed fs in docker info (#17974)
    - selinux: only relabel if user requested so with the `z` option
      (#17450, #17834)
    - Do not make network calls when normalizing names (#18014)
    * Client:
    - Fix `docker login` on windows (#17738)
    - Fix bug with `docker inspect` output when not connected to daemon
      (#17715)
    - Fix `docker inspect -f {{.HostConfig.Dns}} somecontainer` (#17680)
    * Builder:
    - Fix regression with symlink behavior in ADD/COPY (#17710)
    * Networking:
    - Allow passing a network ID as an argument for `--net` (#17558)
    - Fix connect to host and prevent disconnect from host for `host` network
      (#17476)
    - Fix `--fixed-cidr` issue when gateway ip falls in ip-range and ip-range
      is not the first block in the network (#17853)
    - Restore deterministic `IPv6` generation from `MAC` address on default
      `bridge` network (#17890)
    - Allow port-mapping only for endpoints created on docker run (#17858)
    - Fixed an endpoint delete issue with a possible stale sbox (#18102)
    * Distribution:
    - Correct parent chain in v2 push when v1Compatibility files on the disk
      are inconsistent (#18047)
  - Update to version 1.9.0 (bnc#954812):
    * Runtime:
    - `docker stats` now returns block IO metrics (#15005)
    - `docker stats` now details network stats per interface (#15786)
    - Add `ancestor=<image>` filter to `docker ps --filter` flag to filter
      containers based on their ancestor images (#14570)
    - Add `label=<somelabel>` filter to `docker ps --filter` to filter
      containers based on label (#16530)
    - Add `--kernel-memory` flag to `docker run` (#14006)
    - Add `--message` flag to `docker import` allowing to specify an optional
      message (#15711)
    - Add `--privileged` flag to `docker exec` (#14113)
    - Add `--stop-signal` flag to `docker run` allowing to replace the
      container process stopping signal (#15307)
    - Add a new `unless-stopped` restart policy (#15348)
    - Inspecting an image now returns tags (#13185)
    - Add container size information to `docker inspect` (#15796)
    - Add `RepoTags` and `RepoDigests` field to `/images/{name:.*}/json`
      (#17275)
    - Remove the deprecated `/container/ps` endpoint from the API (#15972)
    - Send and document correct HTTP codes for `/exec/<name>/start` (#16250)
    - Share shm and mqueue between containers sharing IPC namespace (#15862)
    - Event stream now shows OOM status when `--oom-kill-disable` is
      set (#16235)
    - Ensure special network files (/etc/hosts etc.) are read-only if
      bind-mounted
      with `ro` option (#14965)
    - Improve `rmi` performance (#16890)
    - Do not update /etc/hosts for the default bridge network, except for links
      (#17325)
    - Fix conflict with duplicate container names (#17389)
    - Fix an issue with incorrect template execution in `docker inspect`
      (#17284)
    - DEPRECATE `-c` short flag variant for `--cpu-shares` in docker run
      (#16271)
    * Client:
    - Allow `docker import` to import from local files (#11907)
    * Builder:
    - Add a `STOPSIGNAL` Dockerfile instruction allowing to set a different
      stop-signal for the container process (#15307)
    - Add an `ARG` Dockerfile instruction and a `--build-arg` flag to
      `docker build`
      that allows to add build-time environment variables (#15182)
    - Improve cache miss performance (#16890)
    * Storage:
    - devicemapper: Implement deferred deletion capability (#16381)
    * Networking:
    - `docker network` exits experimental and is part of standard release
      (#16645)
    - New network top-level concept, with associated subcommands and API
      (#16645)
      WARNING: the API is different from the experimental API
    - Support for multiple isolated/micro-segmented networks (#16645)
    - Built-in multihost networking using VXLAN based overlay driver (#14071)
    - Support for third-party network plugins (#13424)
    - Ability to dynamically connect containers to multiple networks (#16645)
    - Support for user-defined IP address management via pluggable IPAM drivers
      (#16910)
    - Add daemon flags `--cluster-store` and `--cluster-advertise` for built-in
      nodes discovery (#16229)
    - Add `--cluster-store-opt` for setting up TLS settings (#16644)
    - Add `--dns-opt` to the daemon (#16031)
    - DEPRECATE following container `NetworkSettings` fields in API v1.21:
      `EndpointID`, `Gateway`, `GlobalIPv6Address`, `GlobalIPv6PrefixLen`,
      `IPAddress`, `IPPrefixLen`, `IPv6Gateway` and `MacAddress`.
      Those are now specific to the `bridge` network. Use
      `NetworkSettings.Networks` to inspect
      the networking settings of a container per network.
    * Volumes:
    - New top-level `volume` subcommand and API (#14242)
    - Move API volume driver settings to host-specific config (#15798)
    - Print an error message if volume name is not unique (#16009)
    - Ensure volumes created from Dockerfiles always use the local volume driver
      (#15507)
    - DEPRECATE auto-creating missing host paths for bind mounts (#16349)
    * Logging:
    - Add `awslogs` logging driver for Amazon CloudWatch (#15495)
    - Add generic `tag` log option to allow customizing container/image
      information passed to driver (e.g. show container names) (#15384)
    - Implement the `docker logs` endpoint for the journald driver (#13707)
    - DEPRECATE driver-specific log tags (e.g. `syslog-tag`, etc.) (#15384)
    * Distribution:
    - `docker search` now works with partial names (#16509)
    - Push optimization: avoid buffering to file (#15493)
    - The daemon will display progress for images that were already being
      pulled by another client (#15489)
    - Only permissions required for the current action being performed are
      requested (#)
    - Renaming trust keys (and respective environment variables) from `offline`
      to `root` and `tagging` to `repository` (#16894)
    - DEPRECATE trust key environment variables
      `DOCKER_CONTENT_TRUST_OFFLINE_PASSPHRASE` and
      `DOCKER_CONTENT_TRUST_TAGGING_PASSPHRASE` (#16894)
    * Security:
    - Add SELinux profiles to the rpm package (#15832)
    - Fix various issues with AppArmor profiles provided in the deb package
      (#14609)
    - Add AppArmor policy that prevents writing to /proc (#15571)
  - Change systemd unit file to no longer use the deprecated "-d" option
    (bnc#954737)
* Tue Nov 24 2015 fcastelli@suse.com
  - Changed docker-mount-secrets.patch: allow removal of containers
    even when the entry point failed. bnc#954797
* Tue Nov 03 2015 msabate@suse.com
  - Fixed the format of the fix_libsecomp_error_bnc_950931 patch.
* Tue Nov 03 2015 msabate@suse.com
  - Merged the fix_libsecomp_error_bnc_950931.patch and the
    fix_x86_build_removing_empty_file_jump_amd_64.patch patches.
* Tue Nov 03 2015 jmassaguerpla@suse.com
  - Fix build for x86_64. Patch fix_libsecomp_error_bnc_950931.patch
    had created and empty file jump_amd64.go instead of removing it.
    This broke the build for x86_64.
    This commit fixes it by removing that empty file.
    fix_x86_build_removing_empty_file_jump_amd_64.patch: patch that
    removes empty file jump_amd64.go
* Mon Nov 02 2015 msabate@suse.com
  - Added patch that fixes a known gcc-go for ppc64xe in the syscall.RawSockAddr
    type.
    gcc5_socket_workaround.patch
* Thu Oct 29 2015 jmassaguerpla@suse.com
  - Add patches for fixing ppc64le build (bnc#950931)
    fix_libsecomp_error_bnc_950931.patch
    fix_incompatible_assignment_error_bnc_950931.patch
    docker_missing_ppc64le_netlink_linux_files.patch
  - Remove docker_rename_jump_amd64_as_jump_linux.patch because it clashes
    with the previous patches.
* Thu Oct 22 2015 jmassaguerpla@suse.com
  - Exclude libgo as a requirement. The auto requires script was adding
    libgo as a requirement when building with gcc-go which was wrong.
* Fri Oct 16 2015 jmassaguerpla@suse.com
  - Add patch for missing systemcall for s390x. See
    https://github.com/docker/docker/commit/eecf6cd48cf7c48f00aa8261cf431c87084161ae
    add_missing_syscall_for_s390x.patch: contains the patch
  - Exclude s390x for sle12 because it hangs when running go. It works for sle12sp1
    thus we don't want to exclude sle12sp1 but only sle12.
* Mon Oct 12 2015 fcastelli@suse.com
  - Update docker to 1.8.3 version:
    * Fix layer IDs lead to local graph poisoning (CVE-2014-8178) (bnc#949660)
    * Fix manifest validation and parsing logic errors allow pull-by-digest validation bypass (CVE-2014-8179)
    * Add `--disable-legacy-registry` to prevent a daemon from using a v1 registry
* Tue Sep 22 2015 jmassaguerpla@suse.com
  - Update docker to 1.8.2 version
    see detailed changelog in
    https://github.com/docker/docker/releases/tag/v1.8.2
    fix bsc#946653 update do docker 1.8.2
  - devicemapper: fix zero-sized field access
    Fix issue #15279: does not build with Go 1.5 tip
    Due to golang/go@7904946
    the devices field is dropped.
    This solution works on go1.4 and go1.5
    See more in https://github.com/docker/docker/pull/15404
    This fix was not included in v1.8.2. See previous link
    on why.
    fix_15279.patch: contains the patch for issue#15279
* Fri Aug 21 2015 normand@linux.vnet.ibm.com
  - new patch as per upstream issue
    https://github.com/docker/docker/issues/14056#issuecomment-113680944
    docker_rename_jump_amd64_as_jump_linux.patch
* Fri Aug 21 2015 normand@linux.vnet.ibm.com
  - ignore-dockerinit-checksum.patch need -p1 in spec
* Thu Aug 13 2015 jmassaguerpla@suse.com
  - Update to docker 1.8.1(bsc#942369 and bsc#942370):
    - Fix a bug where pushing multiple tags would result in invalid images
  - Update to docker 1.8.0:
    see detailed changelog in
    https://github.com/docker/docker/releases/tag/v1.8.0
  - remove docker-netns-aarch64.patch: This patch was adding
    vendor/src/github.com/vishvananda/netns/netns_linux_arm64.go
    which is now included upstream, so we don't need this patch anymore
* Fri Jul 24 2015 jmassaguerpla@suse.com
  - Remove 0002-Stripped-dockerinit-binary.patch because we do not
    use it anymore (we got rid of that when updating to 1.7.1)
* Fri Jul 24 2015 jmassaguerpla@suse.com
  - Exclude archs where docker does not build. Otherwise it gets into
    and infinite loop when building.
    We'll fix that later if we want to release for those archs.
* Wed Jul 15 2015 jmassaguerpla@suse.com
  - Update to 1.7.1 (2015-07-14) (bnc#938156)
    * Runtime
    - Fix default user spawning exec process with docker exec
    - Make --bridge=none not to configure the network bridge
    - Publish networking stats properly
    - Fix implicit devicemapper selection with static binaries
    - Fix socket connections that hung intermittently
    - Fix bridge interface creation on CentOS/RHEL 6.6
    - Fix local dns lookups added to resolv.conf
    - Fix copy command mounting volumes
    - Fix read/write privileges in volumes mounted with --volumes-from
    * Remote API
    - Fix unmarshalling of Command and Entrypoint
    - Set limit for minimum client version supported
    - Validate port specification
    - Return proper errors when attach/reattach fail
    * Distribution
    - Fix pulling private images
    - Fix fallback between registry V2 and V1
* Fri Jul 10 2015 jmassaguerpla@suse.com
  - Exclude init scripts other than systemd from the test-package
* Wed Jul 01 2015 jmassaguerpla@suse.com
  - Exclude intel 32 bits arch. Docker does not built on that. Let's
    make it explicit.
* Thu Jun 25 2015 dmueller@suse.com
  - rediff ignore-dockerinit-checksum.patch, gcc-go-build-static-libgo.patch
    to make them apply again.
  - introduce go_arches for architectures that use the go compiler
    instead of gcc-go
  - add docker-netns-aarch64.patch: Add support for AArch64
  - enable build for aarch64
* Wed Jun 24 2015 fcastelli@suse.com
  - Build man pages only on platforms where gc compiler is available.
* Mon Jun 22 2015 fcastelli@suse.com
  - Updated to 1.7.0 (2015-06-16) - bnc#935570
    * Runtime
    - Experimental feature: support for out-of-process volume plugins
    - The userland proxy can be disabled in favor of hairpin NAT using the daemon’s `--userland-proxy=false` flag
    - The `exec` command supports the `-u|--user` flag to specify the new process owner
    - Default gateway for containers can be specified daemon-wide using the `--default-gateway` and `--default-gateway-v6` flags
    - The CPU CFS (Completely Fair Scheduler) quota can be set in `docker run` using `--cpu-quota`
    - Container block IO can be controlled in `docker run` using`--blkio-weight`
    - ZFS support
    - The `docker logs` command supports a `--since` argument
    - UTS namespace can be shared with the host with `docker run --uts=host`
    * Quality
    - Networking stack was entirely rewritten as part of the libnetwork effort
    - Engine internals refactoring
    - Volumes code was entirely rewritten to support the plugins effort
    - Sending SIGUSR1 to a daemon will dump all goroutines stacks without exiting
    * Build
    - Support ${variable:-value} and ${variable:+value} syntax for environment variables
    - Support resource management flags `--cgroup-parent`, `--cpu-period`, `--cpu-quota`, `--cpuset-cpus`, `--cpuset-mems`
    - git context changes with branches and directories
    - The .dockerignore file support exclusion rules
    * Distribution
    - Client support for v2 mirroring support for the official registry
    * Bugfixes
    - Firewalld is now supported and will automatically be used when available
    - mounting --device recursively
  - Patch 0002-Stripped-dockerinit-binary.patch renamed to fix-docker-init.patch
    and fixed to build with latest version of docker
* Tue Jun 09 2015 jmassaguerpla@suse.com
  - Add test subpackage and fix line numbers in patches
* Fri Jun 05 2015 fcastelli@suse.com
  - Fixed ppc64le name inside of spec file
* Fri Jun 05 2015 fcastelli@suse.com
  - Build docker on PPC and S390x using gcc-go provided by gcc5
    * added sysconfig.docker.ppc64le: make docker daemon start on ppc64le
      despite some iptables issues. To be removed soon
    * ignore-dockerinit-checksum.patch: applied only when building with
      gcc-go. Required to workaround a limitation of gcc-go
    * gcc-go-build-static-libgo.patch: used only when building with gcc-go,
      link libgo statically into docker itself.
* Mon Jun 01 2015 fcastelli@suse.com
  - Remove set-SCC_URL-env-variable.patch, the SCC_URL is now read
    from SUSEConnect by the container service
* Mon Jun 01 2015 fcastelli@suse.com
  - Automatically set SCC_URL environment variable inside of the
    containers by parsing the /etc/SUSEConnect.example file
    * Add set-SCC_URL-env-variable.patch
* Mon Jun 01 2015 fcastelli@suse.com
  - Place SCC machine credentials inside of /run/secrets/credentials.d
    * Edit docker-mount-scc-credentials.patch¬
* Thu May 28 2015 dmacvicar@suse.de
  - pass the SCC machine credentials to the container
    * Add docker-mount-scc-credentials.patch
* Wed May 27 2015 dmacvicar@suse.de
  - build and install man pages
* Mon May 18 2015 fcastelli@suse.com
  - Update to version 1.6.2 (2015-05-13) [bnc#931301]
    * Revert change prohibiting mounting into /sys
* Fri May 08 2015 fcastelli@suse.com
  Updated to version 1.6.1 (2015-05-07) [bnc#930235]
    * Security
    - Fix read/write /proc paths (CVE-2015-3630)
    - Prohibit VOLUME /proc and VOLUME / (CVE-2015-3631)
    - Fix opening of file-descriptor 1 (CVE-2015-3627)
    - Fix symlink traversal on container respawn allowing local privilege escalation (CVE-2015-3629)
    - Prohibit mount of /sys
    * Runtime
    - Update Apparmor policy to not allow mounts
  - Updated libcontainer-apparmor-fixes.patch: adapt patch to reflect
    changes introduced by docker 1.6.1
* Thu May 07 2015 develop7@develop7.info
  - Get rid of SocketUser and SocketGroup workarounds for docker.socket
* Fri Apr 17 2015 fcastelli@suse.com
  - Updated to version 1.6.0 (2015-04-07) [bnc#908033]
    * Builder:
      + Building images from an image ID
      + build containers with resource constraints, ie `docker build --cpu-shares=100 --memory=1024m...`
      + `commit --change` to apply specified Dockerfile instructions while committing the image
      + `import --change` to apply specified Dockerfile instructions while importing the image
      + basic build cancellation
    * Client:
      + Windows Support
    * Runtime:
      + Container and image Labels
      + `--cgroup-parent` for specifying a parent cgroup to place container cgroup within
      + Logging drivers, `json-file`, `syslog`, or `none`
      + Pulling images by ID
      + `--ulimit` to set the ulimit on a container
      + `--default-ulimit` option on the daemon which applies to all created containers (and overwritten by `--ulimit` on run)
  - Updated '0002-Stripped-dockerinit-binary.patch' to reflect changes inside of
    the latest version of Docker.
  - bnc#908033: support of Docker Registry API v2.
* Fri Apr 03 2015 dmueller@suse.com
  - enable build for armv7l
* Fri Apr 03 2015 fcastelli@suse.com
  - Updated docker.spec to fixed building with the latest version of our
    Go pacakge.
  - Updated 0002-Stripped-dockerinit-binary.patch to fix check made by
    the docker daemon against the dockerinit binary.
* Fri Mar 27 2015 fcastelli@suse.com
  - Updated systemd service and socket units to fix socket activation
    and to align with best practices recommended by upstram. Moreover
    socket activation fixes bnc#920645.
* Wed Feb 11 2015 fcastelli@suse.com
  - Updated to 1.5.0 (2015-02-10):
    * Builder:
    - Dockerfile to use for a given `docker build` can be specified with
      the `-f` flag
    - Dockerfile and .dockerignore files can be themselves excluded as part
      of the .dockerignore file, thus preventing modifications to these files
      invalidating ADD or COPY instructions cache
    - ADD and COPY instructions accept relative paths
    - Dockerfile `FROM scratch` instruction is now interpreted as a no-base
      specifier
    - Improve performance when exposing a large number of ports
    * Hack:
    - Allow client-side only integration tests for Windows
    - Include docker-py integration tests against Docker daemon as part of our
      test suites
    * Packaging:
    - Support for the new version of the registry HTTP API
    - Speed up `docker push` for images with a majority of already existing
      layers
    - Fixed contacting a private registry through a proxy
    * Remote API:
    - A new endpoint will stream live container resource metrics and can be
      accessed with the `docker stats` command
    - Containers can be renamed using the new `rename` endpoint and the
      associated `docker rename` command
    - Container `inspect` endpoint show the ID of `exec` commands running in
      this container
    - Container `inspect` endpoint show the number of times Docker
      auto-restarted the container
    - New types of event can be streamed by the `events` endpoint: ‘OOM’
      (container died with out of memory), ‘exec_create’, and ‘exec_start'
    - Fixed returned string fields which hold numeric characters incorrectly
      omitting surrounding double quotes
    * Runtime:
    - Docker daemon has full IPv6 support
    - The `docker run` command can take the `--pid=host` flag to use the host
      PID namespace, which makes it possible for example to debug host processes
      using containerized debugging tools
    - The `docker run` command can take the `--read-only` flag to make the
      container’s root filesystem mounted as readonly, which can be used in
      combination with volumes to force a container’s processes to only write to
      locations that will be persisted
    - Container total memory usage can be limited for `docker run` using the
      `—memory-swap` flag
    - Major stability improvements for devicemapper storage driver
    - Better integration with host system: containers will reflect changes
      to the host's `/etc/resolv.conf` file when restarted
    - Better integration with host system: per-container iptable rules are moved
      to the DOCKER chain
    - Fixed container exiting on out of memory to return an invalid exit code
    * Other:
    - The HTTP_PROXY, HTTPS_PROXY, and NO_PROXY environment variables are
      properly taken into account by the client when connecting to the
      Docker daemon
* Thu Jan 15 2015 fcastelli@suse.com
  - Updated to 1.4.1 (2014-12-15):
    * Runtime:
    - Fix issue with volumes-from and bind mounts not being honored after
      create (fixes bnc#913213)
* Thu Jan 15 2015 fcastelli@suse.com
  - Added e2fsprogs as runtime dependency, this is required when the
    devicemapper driver is used. (bnc#913211).
  - Fixed owner & group for docker.socket (thanks to Andrei Dziahel and
    https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=752555#5)
* Fri Dec 12 2014 fcastelli@suse.com
  - Updated to 1.4.0 (2014-12-11):
    * Notable Features since 1.3.0:
    - Set key=value labels to the daemon (displayed in `docker info`), applied with
      new `-label` daemon flag
    - Add support for `ENV` in Dockerfile of the form:
      `ENV name=value name2=value2...`
    - New Overlayfs Storage Driver
    - `docker info` now returns an `ID` and `Name` field
    - Filter events by event name, container, or image
    - `docker cp` now supports copying from container volumes
    - Fixed `docker tag`, so it honors `--force` when overriding a tag for existing
      image.
  - Changes introduced by 1.3.3 (2014-12-11):
    * Security:
    - Fix path traversal vulnerability in processing of absolute symbolic links (CVE-2014-9356) - (bnc#909709)
    - Fix decompression of xz image archives, preventing privilege escalation (CVE-2014-9357) - (bnc#909710)
    - Validate image IDs (CVE-2014-9358) - (bnc#909712)
    * Runtime:
    - Fix an issue when image archives are being read slowly
    * Client:
    - Fix a regression related to stdin redirection
    - Fix a regression with `docker cp` when destination is the current directory
* Wed Nov 26 2014 fcastelli@suse.com
  - Updated to 1.3.2 (2014-11-20) - fixes bnc#907012 (CVE-2014-6407) and
    bnc#907014 (CVE-2014-6408)
    * Security:
    - Fix tar breakout vulnerability
    - Extractions are now sandboxed chroot
    - Security options are no longer committed to images
    * Runtime:
    - Fix deadlock in `docker ps -f exited=1`
    - Fix a bug when `--volumes-from` references a container that failed to start
    * Registry:
    - `--insecure-registry` now accepts CIDR notation such as 10.1.0.0/16
    - Private registries whose IPs fall in the 127.0.0.0/8 range do no need
      the `--insecure-registry` flag
    - Skip the experimental registry v2 API when mirroring is enabled
  - Fixed minor packaging issues.
* Fri Oct 31 2014 fcastelli@suse.com
  - Updated to version 1.3.1 2014-10-28)
    * Security:
    - Prevent fallback to SSL protocols < TLS 1.0 for client, daemon and
      registry [CVE-2014-5277]
    - Secure HTTPS connection to registries with certificate verification and
      without HTTP fallback unless `--insecure-registry` is specified
    * Runtime:
    - Fix issue where volumes would not be shared
    * Client:
    - Fix issue with `--iptables=false` not automatically
      setting `--ip-masq=false`
    - Fix docker run output to non-TTY stdout
    * Builder:
    - Fix escaping `$` for environment variables
    - Fix issue with lowercase `onbuild` Dockerfile instruction
    - Restrict envrionment variable expansion to `ENV`, `ADD`, `COPY`,
      `WORKDIR`, `EXPOSE`, `VOLUME` and `USER`
* Mon Oct 20 2014 fcastelli@suse.com
  - Upgraded to version 1.3.0 (2014-10-14)
    * docker `exec` allows you to run additional processes inside existing containers
    * docker `create` gives you the ability to create a container via the cli without executing a process
    * `--security-opts` options to allow user to customize container labels and apparmor profiles
    * docker `ps` filters
    * wildcard support to copy/add
    * move production urls to get.docker.com from get.docker.io
    * allocate ip address on the bridge inside a valid cidr
    * use drone.io for pr and ci testing
    * ability to setup an official registry mirror
    * Ability to save multiple images with docker `save`

Files

/usr/bin/dockerd-rootless-setuptool.sh
/usr/bin/dockerd-rootless.sh


Generated by rpm2html 1.8.1

Fabrice Bellet, Tue Jul 9 19:58:50 2024