TestMaskSecretKeys: use subtests

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit 32d70c7e21631224674cd60021d3ec908c2d888c)
Signed-off-by: Tibor Vass <tibor@docker.com>
(cherry picked from commit ebb542b3f88d7f5551f6b6e1d8d2774a2c166409)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Origin: https://github.com/docker/engine/pull/298

Gbp-Pq: Name cve-2019-13509-02-TestMaskSecretKeys-use-subtests.patch

TestMaskSecretKeys: add more test-cases

Add tests for

- case-insensitive matching of fields
- recursive masking

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit db5f811216e70bcb4a10e477c1558d6c68f618c5)
Signed-off-by: Tibor Vass <tibor@docker.com>
(cherry picked from commit 18dac2cf32faeaada3bd4e8e2bffa576ad4329fe)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Origin: upstream, https://github.com/docker/engine/pull/298

Gbp-Pq: Name cve-2019-13509-01-TestMaskSecretKeys-add-more-test-cases.patch

gitutils: add validation for ref

Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
(cherry picked from commit 723b107ca4fba14580a6cd971e63d8af2e7d2bbe)
Signed-off-by: Andrew Hsu <andrewhsu@docker.com>
Origin: upstream, https://github.com/moby/moby/pull/38944

Gbp-Pq: Name cve-2019-13139-01-gitutils-add-validation-for-ref.patch

Add chroot for tar packing operations

Previously only unpack operations were supported with chroot.
This adds chroot support for packing operations.
This prevents potential breakouts when copying data from a container.

Signed-off-by: Brian Goff <cpuguy83@gmail.com>
Origin: upstream, https://github.com/moby/moby/pull/39292

Gbp-Pq: Name cve-2018-15664-02-add-chroot-for-tar-packing-operations.patch

Pass root to chroot to for chroot Untar

This is useful for preventing CVE-2018-15664 where a malicious container
process can take advantage of a race on symlink resolution/sanitization.

Before this change chrootarchive would chroot to the destination
directory which is attacker controlled. With this patch we always chroot
to the container's root which is not attacker controlled.

Signed-off-by: Brian Goff <cpuguy83@gmail.com>
Origin: upstream, https://github.com/moby/moby/pull/39292

Gbp-Pq: Name cve-2018-15664-01-pass-root-to-chroot-to-for-chroot-untar.patch

cli/registry: fix a Debugf statement

Fix this warning from go-1.11

> cli/registry/client/fetcher.go:234: Debugf format %s has arg
> repoEndpoint of wrong type client.repositoryEndpoint

Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
Origin: upstream, https://github.com/docker/cli/commit/51848bf

Gbp-Pq: Name cli-fix-registry-debug-message-go-1.11.patch

cli-fix-manpages-build-script

Gbp-Pq: Name cli-fix-manpages-build-script.patch

Build against google-grpc 1.11, where md.Get() does not exist.

This patch is based on the commit that introduced md.Get() in google-grpc:
<https://github.com/grpc/grpc-go/commit/291de7f0>.

Please drop this patch as soon as we build docker against google-grpc >= 1.12.

Origin: vendor, Debian
Forwarded: not-needed, Debian-specific
Signed-off-by: Arnaud Rebillout <arnaud.rebillout@collabora.com>
Gbp-Pq: Name buildkit-build-against-google-grpc-1.11.patch

debian-nuke-no-prompt

Gbp-Pq: Name debian-nuke-no-prompt.patch

debian-cgroupfs-mount-convenience-copy

Gbp-Pq: Name debian-cgroupfs-mount-convenience-copy.patch

debian-dockerd-binary-location

Gbp-Pq: Name debian-dockerd-binary-location.patch

debian-containerd-name

Gbp-Pq: Name debian-containerd-name.patch

debian-systemd-unit-environment-file

Gbp-Pq: Name debian-systemd-unit-environment-file.patch

docker.service: don't limit tasks

Signed-off-by: Pierre Carrier <pierre@meteor.com>
Gbp-Pq: Name debian-systemd-unit-tasksmax.patch

docker.io (18.09.1+dfsg1-7.1+deb10u1) buster-security; urgency=medium

  [ Arnaud Rebillout ]
  * Add upstream patch for CVE-2019-13139 (Closes: #933002).
  * Add upstream patches for CVE-2019-13509 (Closes: #932673).

  [ Felix Geyer ]
  * Add upstream patch for CVE-2019-14271
  * Cherry-pick upstream commits to fix test failures with
    golang >= 1.11.6-1+deb10u1

[dgit import unpatched docker.io 18.09.1+dfsg1-7.1+deb10u1]

Import docker.io_18.09.1+dfsg1-7.1+deb10u1.debian.tar.xz

[dgit import tarball docker.io 18.09.1+dfsg1-7.1+deb10u1 docker.io_18.09.1+dfsg1-7.1+deb10u1.debian.tar.xz]

Import docker.io_18.09.1+dfsg1.orig.tar.xz

[dgit import orig docker.io_18.09.1+dfsg1.orig.tar.xz]

Import docker.io_18.09.1+dfsg1.orig-containerd.tar.xz

[dgit import orig docker.io_18.09.1+dfsg1.orig-containerd.tar.xz]

Import docker.io_18.09.1+dfsg1.orig-distribution.tar.xz

[dgit import orig docker.io_18.09.1+dfsg1.orig-distribution.tar.xz]

Import docker.io_18.09.1+dfsg1.orig-go-events.tar.xz

[dgit import orig docker.io_18.09.1+dfsg1.orig-go-events.tar.xz]

Import docker.io_18.09.1+dfsg1.orig-go-metrics.tar.xz

[dgit import orig docker.io_18.09.1+dfsg1.orig-go-metrics.tar.xz]

Import docker.io_18.09.1+dfsg1.orig-libnetwork.tar.xz

[dgit import orig docker.io_18.09.1+dfsg1.orig-libnetwork.tar.xz]

Import docker.io_18.09.1+dfsg1.orig-swarmkit.tar.xz

[dgit import orig docker.io_18.09.1+dfsg1.orig-swarmkit.tar.xz]