[PATCH] Pass root to chroot to for chroot Untar

This is useful for preventing CVE-2018-15664 where a malicious container
process can take advantage of a race on symlink resolution/sanitization.

Before this change chrootarchive would chroot to the destination
directory which is attacker controlled. With this patch we always chroot
to the container's root which is not attacker controlled.

Signed-off-by: Brian Goff <cpuguy83@gmail.com>
Origin: upstream, https://github.com/moby/moby/pull/39292

Gbp-Pq: Name cve-2018-15664-01-pass-root-to-chroot-to-for-chroot-untar.patch

[PATCH] cli/registry: fix a Debugf statement

Fix this warning from go-1.11

> cli/registry/client/fetcher.go:234: Debugf format %s has arg
> repoEndpoint of wrong type client.repositoryEndpoint

Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
Origin: upstream, https://github.com/docker/cli/commit/51848bf

Gbp-Pq: Name cli-fix-registry-debug-message-go-1.11.patch

fix man pages build

Forwarded: not-needed
Last-Update: 2018-04-03

Gbp-Pq: Name cli-fix-manpages-build-script.patch

Build against google-grpc 1.11, where md.Get() does not exist.

This patch is based on the commit that introduced md.Get() in google-grpc:
<https://github.com/grpc/grpc-go/commit/291de7f0>.

Please drop this patch as soon as we build docker against google-grpc >= 1.12.

Origin: vendor, Debian
Forwarded: not-needed, Debian-specific
Signed-off-by: Arnaud Rebillout <arnaud.rebillout@collabora.com>
Gbp-Pq: Name buildkit-build-against-google-grpc-1.11.patch

remove prompt and delay

Last-Update: 2018-06-09
Bug-Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=853258
Forwarded: not-needed

Gbp-Pq: Name debian-nuke-no-prompt.patch

remove convenience copies of cgroupfs-mount in init.d / upstart

Forwarded: not-needed
Bug-Debian: https://bugs.debian.org/783143

Gbp-Pq: Name debian-cgroupfs-mount-convenience-copy.patch

FHS compliance.

Forwarded: not-needed

Gbp-Pq: Name debian-dockerd-binary-location.patch

"fix" containerd executable name.

Last-Update: 2019-01-27
Forwarded: not-needed
Bug-Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=920597

Gbp-Pq: Name debian-containerd-name.patch

Use EnvironmentFile with the systemd unit file.

Last-Update: 2014-05-07
Bug-Debian: http://bugs.debian.org/746774
Forwarded: no

Gbp-Pq: Name debian-systemd-unit-environment-file.patch

[PATCH] docker.service: don't limit tasks

From 33a8ab29ed9e51697772a0642b8d651b9a845532 Mon Sep 17 00:00:00 2001
Origin: https://github.com/docker/docker/pull/21491

Signed-off-by: Pierre Carrier <pierre@meteor.com>
Gbp-Pq: Name debian-systemd-unit-tasksmax.patch

docker.io (18.09.1+dfsg1-7.1+deb10u3) buster-security; urgency=medium

  * Backport upstream patches for:
    - CVE-2020-15157
    - CVE-2020-15257
    - CVE-2021-21284
    - CVE-2021-21285

[dgit import unpatched docker.io 18.09.1+dfsg1-7.1+deb10u3]

Import docker.io_18.09.1+dfsg1-7.1+deb10u3.debian.tar.xz

[dgit import tarball docker.io 18.09.1+dfsg1-7.1+deb10u3 docker.io_18.09.1+dfsg1-7.1+deb10u3.debian.tar.xz]

Import docker.io_18.09.1+dfsg1.orig.tar.xz

[dgit import orig docker.io_18.09.1+dfsg1.orig.tar.xz]

Import docker.io_18.09.1+dfsg1.orig-containerd.tar.xz

[dgit import orig docker.io_18.09.1+dfsg1.orig-containerd.tar.xz]

Import docker.io_18.09.1+dfsg1.orig-distribution.tar.xz

[dgit import orig docker.io_18.09.1+dfsg1.orig-distribution.tar.xz]

Import docker.io_18.09.1+dfsg1.orig-go-events.tar.xz

[dgit import orig docker.io_18.09.1+dfsg1.orig-go-events.tar.xz]

Import docker.io_18.09.1+dfsg1.orig-go-metrics.tar.xz

[dgit import orig docker.io_18.09.1+dfsg1.orig-go-metrics.tar.xz]

Import docker.io_18.09.1+dfsg1.orig-libnetwork.tar.xz

[dgit import orig docker.io_18.09.1+dfsg1.orig-libnetwork.tar.xz]

Import docker.io_18.09.1+dfsg1.orig-swarmkit.tar.xz

[dgit import orig docker.io_18.09.1+dfsg1.orig-swarmkit.tar.xz]