docker.io (1.6.2~dfsg1-1ubuntu4~14.04.1) trusty; urgency=medium * Backport to Ubuntu 14.04 (LP: #1454719). * Disabled - d/p/lxc.autodev-support.patch to minimise regression risk as it is not relevant for the version of LXC on Trusty (1.0.3-0ubuntu3). - d/p/update-go.net-golang.org.patch: there has been a url canonical name change upstream, but keeping this patch on involves backporting golang to 1.4 which is undesirable for this backport (golang-go.net-dev needs golang-x-text, which does not build successfully without a 1.4 backport). - Wily related fixes: + d/p/golang-1.5-wily.patch to fix FTBFS with golang-1.5 build on wily + d/p/ppc64el-wily.patch to fix ppc64le FTBFS on wily (LP: #1488668) + d/p/libcontainer_arm64_syscall_dup2_to_dup3-c_changes.patch (LP: #1488669) + d/p/libcontainer_arm64_syscall_dup2_to_dup3-golang_changes.patch (LP: #1488669) + d/rules to build with golang-go on arm64 (LP: #1488669) + d/control to build with golang-go on arm64 (LP: #1488669) * Reverted: d/rules: http://anonscm.debian.org/cgit/docker/docker.io.git/diff/?id=b1458f5 commit to preserve docker.io symlink. -- Pierre-André MOREY Tue, 22 Sep 2015 13:47:53 +0200 docker.io (1.6.2~dfsg1-1ubuntu4) wily; urgency=medium * Add patches from upstream to fix some upgrade path bugs: - d/p/add-mutex-read-m_path.patch to fix vivid upgrade-path - d/p/stop-systemd-on-destroy.patch to fix leftover ".scope" fails * Add patches to fix Wily FTBFS: - d/p/ppc64el-wily.patch to fix ppc64le FTBFS on wily (LP: #1488668) - d/p/golang-1.5-wily.patch to fix FTBFS with golang-1.5 build on wily * arm64 support fixes for golang-go build (LP: #1488669): - d/p/libcontainer_arm64_syscall_dup2_to_dup3-c_changes.patch (LP: #1488669) - d/p/libcontainer_arm64_syscall_dup2_to_dup3-golang_changes.patch (LP: #1488669) * d/rules to build with golang-go on arm64 (LP: #1488669) * d/control to build with golang-go on arm64 (LP: #1488669) * Revert device-mapper-cleanup.patch dropped with an new one: d/p/device-mapper-cleanup2.patch -- Pierre-André MOREY Fri, 18 Sep 2015 14:50:57 +0200 docker.io (1.6.2~dfsg1-1ubuntu3~14.04.1) trusty; urgency=medium * Backport to Ubuntu 14.04 (LP: #1454719). * Disable d/p/lxc.autodev-support.patch to minimise regression risk as it is not relevant for the version of LXC on Trusty (1.0.3-0ubuntu3). * Disable d/p/update-go.net-golang.org.patch: there has been a url canonical name change upstream, but keeping this patch on involves backporting golang to 1.4 which is undesirable for this backport (golang-go.net-dev needs golang-x-text, which does not build successfully without a 1.4 backport). * d/rules: revert http://anonscm.debian.org/cgit/docker/docker.io.git/diff/?id=b1458f5 commit to preserve docker.io symlink. -- Pierre-André MOREY Fri, 10 Jul 2015 10:49:20 +0200 docker.io (1.6.2~dfsg1-1ubuntu3) wily; urgency=medium * d/docker.io.postinst: fix restart issue on upgrade path from 1.5.0~dfsg1-1ubuntu2 (LP: #1459916). -- Pierre-André MOREY Thu, 09 Jul 2015 14:22:14 +0200 docker.io (1.6.2~dfsg1-1ubuntu2) wily; urgency=medium * Add patches - d/p/lxc.autodev-support.patch: fix bug: LP: #1466550 Make LXC exec driver compatible with recent lxc where lxc.autodev is enabled by default. - d/p/update-go.net-golang.org.patch: fix FTBS bug from wily -- Pierre-André MOREY Thu, 25 Jun 2015 17:54:08 +0200 docker.io (1.6.2~dfsg1-1ubuntu1) wily; urgency=medium [ Pierre-André MOREY ] * Merge from Debian unstable. Remaining changes: - d/control: bump minimum version of golang-pty-dev for broader architecture support. - d/{control,rules}: use gccgo instead of golang to enable builds on ppc64el, powerpc and arm64. - System call number updates: + d/p/arm64-support.patch + d/p/arm-syscall-fix.patch + d/p/powerpc-support.patch * d/p/sync-apparmor-with-lxc.patch replaced by sync-apparmor-with-lxc.2.patch: update AppArmor policy to be in sync with LXC. -- Pierre-André MOREY Fri, 29 May 2015 11:45:26 +0000 docker.io (1.6.2~dfsg1-1) unstable; urgency=medium * Update to 1.6.2 upstream release * Update deps in d/control to match upstream's hack/vendor.sh specifications -- Tianon Gravi Thu, 21 May 2015 00:47:43 -0600 docker.io (1.6.1+dfsg1-2) unstable; urgency=medium * Add --no-restart-on-upgrade to dh_installinit so that we don't force a stop on upgrade, which can cause other units to fall over. Many thanks to Michael Stapelberg (sECuRE) for the tip! -- Paul Tagliamonte Sun, 10 May 2015 13:02:54 -0400 docker.io (1.6.1+dfsg1-1) unstable; urgency=high * Update to 1.6.1 upstream release (Closes: #784726) - CVE-2015-3627 Insecure opening of file-descriptor 1 leading to privilege escalation - CVE-2015-3629 Symlink traversal on container respawn allows local privilege escalation - CVE-2015-3630 Read/write proc paths allow host modification & information disclosure - CVE-2015-3631 Volume mounts allow LSM profile escalation -- Tianon Gravi Fri, 08 May 2015 17:57:10 -0600 docker.io (1.6.0+dfsg1-1ubuntu1) wily; urgency=medium * Merge from Debian unstable. Remaining changes: - d/control: bump minimum version of golang-pty-dev for broader architecture support. - d/{control,rules}: use gccgo instead of golang to enable builds on ppc64el, powerpc and arm64. - d/p/sync-apparmor-with-lxc.patch: update AppArmor policy to be in sync with LXC. - System call number updates; dep3 headers updated. All these are in upstream master but not yet included in the libcontainer release we're using: + d/p/arm64-support.patch + d/p/arm-syscall-fix.patch + d/p/powerpc-support.patch * Drop changes: - No longer required as the original bug no longer reproduces: d/p/device-mapper-cleanup.patch: cleanup any stale docker mounts from previous shutdown. - ppc64el support upstreamed: + d/p/enable-gccgo-build-v2.patch: add support to docker build system for gccgo. + d/p/remove-X-flag-autogenerate-dockerversion.patch + d/p/dockerversion-to-autogen-go-rename.patch + d/p/fix-build-dir-autogen.patch: autogen straight into build tree. + d/p/fix-dynbinary-for-autogen.patch: fix FTBFS on amd64. -- Robie Basak Thu, 07 May 2015 02:58:37 +0000 docker.io (1.6.0+dfsg1-1) unstable; urgency=medium * Upload to unstable * Backport PR 12943 to support golang-go-patricia 2.* * Remove convenience copies of cgroupfs-mount in init.d / upstart scripts (Re: #783143) -- Tianon Gravi Tue, 05 May 2015 15:10:49 -0600 docker.io (1.6.0+dfsg1-1~exp1) experimental; urgency=medium * Update to 1.6.0 upstream release * Adjust "repack.sh" to be more tolerant of "dfsg" suffixes -- Tianon Gravi Thu, 16 Apr 2015 18:00:21 -0600 docker.io (1.6.0~rc7~dfsg1-1~exp1) experimental; urgency=low * Update to 1.6.0-rc7 upstream release -- Tianon Gravi Wed, 15 Apr 2015 19:35:46 -0600 docker.io (1.6.0~rc4~dfsg1-1) experimental; urgency=low [ Tianon Gravi ] * Update to 1.6.0-rc4 upstream release - drop golang 1.2 support (no longer supported upstream) - update Homepage to https://dockerproject.com - add check-config.sh to /usr/share/docker.io/contrib - add "distribution" as a new multitarball orig - backport auto "btrfs_noversion" patch from https://github.com/docker/docker/pull/12048 (simplifying our logic for detecting whether to use it) - switch from dh-golang to direct install since we're not actually using the features it offers (due to upstream's build system) - enable "docker.service" on boot by default for restart policies to work [ Felipe Sateler ] * Add Built-Using for glibc (Closes: #769351). -- Tianon Gravi Mon, 06 Apr 2015 17:11:33 -0600 docker.io (1.5.0~dfsg1-1ubuntu2) vivid; urgency=medium * d/p/arm-syscall-fix.patch: Fix incorrect setns syscall on ARM. * d/p/powerpc-support.patch: Resolve FTBFS with powerpc builds. -- Adam Conrad Fri, 10 Apr 2015 12:26:43 -0600 docker.io (1.5.0~dfsg1-1ubuntu1) vivid; urgency=medium * Merge from Debian experimental (LP: #1430760). Remaining changes: - d/p/sync-apparmor-with-lxc.patch: Update AppArmor policy to be in sync with LXC. - d/p/device-mapper-cleanup.patch: Cleanup any stale docker mounts from previous shutdown. - d/control: Bump minimum version of golang-pty-dev for broader architecture support. - d/control: use gccgo instead of golang on ppc64el. * Drop changes: - d/p/enable-gccgo-build.patch: superceded by new ppc64el patches. - d/p/enable-non-amd64-arches.patch: superceded by upstream-accepted patches from IBM as described below. * New implementation of ppc64el support based on upstreamed IBM patches: - d/p/enable-gccgo-build-v2.patch: add support to docker build system for gccgo. - d/p/remove-X-flag-autogenerate-dockerversion.patch - d/p/dockerversion-to-autogen-go-rename.patch - d/rules: conditional build against gccgo when on ppc64. - d/p/fix-build-dir-autogen.patch: autogen straight into build tree. - d/p/fix-dynbinary-for-autogen.patch: fix FTBFS on amd64. * d/p/arm64-support.patch: fix to allow build on arm64. -- Robie Basak Thu, 02 Apr 2015 09:48:04 +0000 docker.io (1.5.0~dfsg1-1) experimental; urgency=low * Update to 1.5.0 upstream release (Closes: #773495) * Remove several patches applied upstream! - 9637-fix-nuke-bashism.patch - enable-non-amd64-arches.patch * Fix btrfs-tools handling to allow for building with btrfs-tools < 1.16.1 -- Tianon Gravi Tue, 10 Mar 2015 22:58:49 -0600 docker.io (1.3.3~dfsg1-2ubuntu7) vivid; urgency=medium * d/p/enable-gccgo-build.patch: Update for gccgo archs. -- Matthias Klose Sun, 08 Mar 2015 20:41:41 +0100 docker.io (1.3.3~dfsg1-2ubuntu6) vivid; urgency=medium * Drop the build dependency on gccgo-go, build-depend on gccgo instead. -- Matthias Klose Sat, 07 Mar 2015 22:35:36 +0100 docker.io (1.3.3~dfsg1-2ubuntu5) vivid; urgency=medium * d/p/enable-non-amd64-arches.patch: Replace in preference to upstream accepted patch from IBM. * d/p/device-mapper-cleanup.patch: Annotate with upstream bug report. * d/p/enable-gccgo-build.patch: Annotate with pull request upstream from IBM, update to deal with autogenerated go code. * d/p/sync-apparmor-with-lxc.patch: Annotate with upstream pull request for libcontainer, reference github.com working repository. * d/control: Drop arm64 architecture for now as its going to require further work in the dependency chain. -- James Page Mon, 23 Feb 2015 14:04:11 +0000 docker.io (1.3.3~dfsg1-2ubuntu4) vivid; urgency=medium * Enable arm64 architecture using gccgo. -- James Page Thu, 19 Feb 2015 15:27:38 +0000 docker.io (1.3.3~dfsg1-2ubuntu3) vivid; urgency=medium * Enable ppc64el architecture using gccgo: - d/p/enable-gccgo-build.patch: Add support to docker build system for gccgo. - d/control: Use gccgo-go for ppc64el, exclude ppc64el for golang. - d/control: Bump minimum version of golang-pty-dev for broader architecture support. -- James Page Wed, 18 Feb 2015 10:14:06 +0000 docker.io (1.3.3~dfsg1-2ubuntu2) vivid; urgency=medium * d/p/device-mapper-cleanup.patch: Cleanup any stale docker mounts from previous shutdown (LP: #1404300). -- James Page Thu, 22 Jan 2015 08:50:14 +0000 docker.io (1.3.3~dfsg1-2ubuntu1) vivid; urgency=low * Merge from Debian unstable (LP: #1407408). Remaining changes: - d/p/sync-apparmor-with-lxc.patch: Update AppArmor policy to be in sync with LXC. -- Gianfranco Costamagna Sun, 04 Jan 2015 12:06:00 +0100 docker.io (1.3.3~dfsg1-2) unstable; urgency=medium * Add fatal-error-old-kernels.patch to make Docker refuse to start on old, unsupported kernels (Closes: #774376) * Fix dh_auto_clean to clean up after the build properly, especially to avoid FTBFS when built twice (Closes: #774482) -- Tianon Gravi Sat, 03 Jan 2015 00:11:47 -0700 docker.io (1.3.3~dfsg1-1ubuntu1) vivid; urgency=medium * Merge from Debian unstable (LP: #1396572), remaining changes: - d/p/sync-apparmor-with-lxc.patch: Update AppArmor policy to be in sync with LXC. -- James Page Fri, 19 Dec 2014 14:32:31 +0000 docker.io (1.3.3~dfsg1-1) unstable; urgency=medium [ Tianon Gravi ] * Update to 1.3.3 upstream release (Closes: #772909) - Fix for CVE-2014-9356 (Path traversal during processing of absolute symlinks) - Fix for CVE-2014-9357 (Escalation of privileges during decompression of LZMA (.xz) archives) - Fix for CVE-2014-9358 (Path traversal and spoofing opportunities presented through image identifiers) * Fix bashism in nuke-graph-directory.sh (Closes: #772261) [ Didier Roche ] * Support starting systemd service without /etc/default/docker (Closes: #770293) -- Tianon Gravi Thu, 18 Dec 2014 21:54:12 -0700 docker.io (1.3.2~dfsg1-1ubuntu1) vivid; urgency=low * Merge from Debian unstable. Remaining changes: - d/p/sync-apparmor-with-lxc.patch: Update AppArmor policy to be in sync with LXC. * Dropped changes, equivalents included in Debian updates: - d/p/support-no-env-default-file.patch. -- James Page Tue, 25 Nov 2014 17:59:07 +0000 docker.io (1.3.2~dfsg1-1) unstable; urgency=high * Severity is set to high due to the sensitive nature of the CVEs this upload fixes. * Update to 1.3.2 upstream release - Fix for CVE-2014-6407 (Archive extraction host privilege escalation) - Fix for CVE-2014-6408 (Security options applied to image could lead to container escalation) * Remove Daniel Mizyrycki from Uploaders. Thanks for all your work! -- Paul Tagliamonte Mon, 24 Nov 2014 19:14:28 -0500 docker.io (1.3.1~dfsg1-2) unstable; urgency=medium * Remove deprecated /usr/bin/docker.io symlink - added as a temporary shim in 1.0.0~dfsg1-1 (13 Jun 2014) - unused by package-installed files in 1.2.0~dfsg1-1 (13 Sep 2014) -- Tianon Gravi Fri, 07 Nov 2014 13:11:34 -0700 docker.io (1.3.1~dfsg1-1) unstable; urgency=high * Update to 1.3.1 upstream release - fix for CVE-2014-5277 - https://groups.google.com/d/topic/docker-user/oYm0i3xShJU/discussion -- Tianon Gravi Mon, 03 Nov 2014 08:26:29 -0700 docker.io (1.3.0~dfsg1-1) unstable; urgency=medium * Updated to 1.3.0 upstream release. * Enable systemd socket activation (Closes: #752555). -- Tianon Gravi Fri, 17 Oct 2014 00:56:07 -0600 docker.io (1.2.0~dfsg1-2) unstable; urgency=medium * Added "golang-docker-dev" package for the reusable bits of Docker's source. -- Tianon Gravi Thu, 09 Oct 2014 00:08:11 +0000 docker.io (1.2.0~dfsg1-1ubuntu2) vivid; urgency=medium * Reenable socket activation (race fixed with systemd 215) * debian/patches/support-no-env-default-file.patch: - Support removed /etc/default/docker under systemd -- Didier Roche Thu, 20 Nov 2014 10:18:42 +0100 docker.io (1.2.0~dfsg1-1ubuntu1) utopic; urgency=medium * debian/patches/sync-apparmor-with-lxc.patch: update AppArmor policy to by in sync with LXC. Specifically this: - reorganizes the rules to allow for easier comparison with other container policy - adds comments for many rules - adds bare dbus rule - adds ptrace rule to allow ptracing ourselves - adds deny mount options=(ro, remount, silent) -> / - allows hugetlbfs - adds cgmanager mount - adds /sys/fs/pstore mount - more specific /sys/kernel/security mount options - more specific /sys mount options - more specific /proc/sys/kernel/* deny rules - more specific /proc/sys/net deny rules - more specific /sys/class deny rules - more specific /sys/devices deny rules - more specific /sys/fs deny rules -- Jamie Strandboge Wed, 01 Oct 2014 13:24:01 -0500 docker.io (1.2.0~dfsg1-1) unstable; urgency=medium * Updated to 1.2.0 upstream release (Closes: #757183, #757023, #757024). * Added upstream man pages. * Updated bash and zsh completions to be installed as "docker" and "_docker". * Updated init scripts to also be installed as "docker". * Fixed "equivalent" typo in README.Debian (Closes: #756395). Thanks Reuben! * Removed "docker.io" mention in README.Debian (Closes: #756290). Thanks Olivier! -- Tianon Gravi Sat, 13 Sep 2014 11:43:17 -0600 docker.io (1.0.0~dfsg1-1) unstable; urgency=medium * Updated to 1.0.0 upstream release. Huzzah! * I've removed what is commonly called a `button' of patches against the docker package. Exact patches: - bash-completion-docker.io.patch - systemd-docker.io.patch - sysvinit-provides-docker.io.patch - zsh-completion-docker.io.patch - mkimage-docker.io.patch * I know y'all are guessing why; and the answer's pretty simple -- we're no longer docker.io(1). Since the src:docker package now ships wmdocker(1), we can safely declare a breaks/replaces on the pre-wmdocker version of the package, allowing existing users to safely update, both src:docker and src:docker.io side. This brings us into line with other distros, which now ship wmdocker(1) and docker(1). * As a stop-gap, I'm still shipping a docker.io(1) symlink to allow migration away. -- Paul Tagliamonte Fri, 13 Jun 2014 21:04:53 -0400 docker.io (0.11.1~dfsg1-1) unstable; urgency=medium [ Paul Tagliamonte ] * Use EnvironmentFile with the systemd unit file. (Closes: #746774) * Patch out version checking code. (Closes: #747140) * Remove all host checking for non-amd64 host arches. Let docker build and run on all platforms now. (Closes: #747139, #739914) [ Tianon Gravi ] * Updated to 0.11.1 upstream release. * Added backported upstream patch for removing RemoteAddr assumptions that cause events to not be delivered to more than one unix socket listener. -- Tianon Gravi Fri, 09 May 2014 17:30:45 -0400 docker.io (0.9.1~dfsg1-2) unstable; urgency=medium * Added upstream apparmor patch to fix newer apparmor versions (such as the version appearing in Ubuntu 14.04). * Added mkimage-* docker.io binary name patches (Closes: #740855). -- Tianon Gravi Tue, 08 Apr 2014 23:19:08 -0400 docker.io (0.9.1~dfsg1-1) unstable; urgency=medium * Updated to 0.9.1 upstream release (Closes: #743424). * Added cgroupfs-mount dependency (Closes: #742641). * Added Suggests entries for optional features, chiefly lxc (Closes: #742081). * Added notes about "root-equivalence" to README.Debian (Closes: #742387). -- Tianon Gravi Thu, 03 Apr 2014 21:38:30 -0400 docker.io (0.9.0+dfsg1-1) unstable; urgency=medium * Updated README.Debian to not be quite so outdated (Closes: #740850). * Updated to 0.9.0 upstream release. -- Tianon Gravi Tue, 11 Mar 2014 22:24:31 -0400 docker.io (0.8.1+dfsg1-1) unstable; urgency=medium * Updated to 0.8.1 upstream release. -- Tianon Gravi Tue, 25 Feb 2014 20:56:31 -0500 docker.io (0.8.0+dfsg1-2) unstable; urgency=medium [ Tianon Gravi ] * Added more license notes to debian/copyright (Closes: #738627). -- Tianon Gravi Sat, 15 Feb 2014 17:51:58 -0500 docker.io (0.8.0+dfsg1-1) unstable; urgency=medium [ Prach Pongpanich ] * Added zsh completion. [ Tianon Gravi ] * Updated to 0.8.0 upstream release. * Added vim syntax files in new vim-syntax-docker package. * Added note about minimum recommended kernel version to Description. * Added contrib/*-integration files in /usr/share/docker.io/contrib. -- Tianon Gravi Mon, 10 Feb 2014 20:41:10 -0500 docker.io (0.7.6+dfsg1-1) unstable; urgency=medium [ Johan Euphrosine ] * Updated to 0.7.6. * Added dependency to gocapability. * Clean patches. [ Tianon Gravi ] * Added contrib/mk* scripts from upstream into /usr/share/docker.io/contrib (Closes: #736068). * Added upstream udev rules file to stop device-mapper devices and mounts from appearing in desktop environments through udisks. -- Johan Euphrosine Wed, 22 Jan 2014 22:50:47 -0500 docker.io (0.7.1+dfsg1-1) unstable; urgency=medium [ Prach Pongpanich ] * Fixed "docker: command not found" errors while using bash tab completion (Closes: #735372). [ Tianon Gravi ] * Updated to 0.7.1 upstream release (while we wait for gocapability to be packaged). * Added xz-utils recommend which is required for decompressing certain images from the index. -- Tianon Gravi Wed, 15 Jan 2014 20:22:34 -0500 docker.io (0.6.7+dfsg1-3) unstable; urgency=medium * Fixed FTBFS on non-amd64 platforms by setting the correct GOPATH. * Fixed issues with Docker finding a valid dockerinit (Closes: #734758). * Added aufs-tools dependency. -- Tianon Gravi Thu, 09 Jan 2014 20:10:20 -0500 docker.io (0.6.7+dfsg1-2) unstable; urgency=medium * Added iptables dependency required for Docker to start. * Added ca-certificates recommend required for pulling from the index. -- Tianon Gravi Wed, 08 Jan 2014 19:14:02 -0500 docker.io (0.6.7+dfsg1-1) unstable; urgency=medium * Initial release (Closes: #706060, #730569) * Document missing licenses in the source tree. Bad, paultag. Thanks alteholz. -- Paul Tagliamonte Tue, 07 Jan 2014 21:06:10 -0500