Revert "debian has iptables-legacy and iptables-nft now"

This reverts commit 7da66eea9f68e4abc83ed2892114ec565eddd66a.

Libnetwork should only use the iptables binary. Iptables v1.8 and above
uses the nftables backend. The translations for all the rules used by
libnetwork is supported by the new iptables binary.

Signed-off-by: Arko Dasgupta <arko.dasgupta@docker.com>
Origin: upstream, https://github.com/docker/libnetwork/pull/2343

Gbp-Pq: Name libnetwork-revert-iptables-legacy.patch

libnetwork_proto

Gbp-Pq: Name libnetwork_proto.patch

go-metrics_prometheus-fix_Observer

Gbp-Pq: Name go-metrics_prometheus-fix_Observer.patch

engine-test-noinstall

~~~~
 go test net: open /usr/lib/go-1.10/pkg/linux_amd64/net.a: permission denied
~~~~

Gbp-Pq: Name engine-test-noinstall.patch

mkimage: Fix Debian security presence check

Add Location following since security redirects to security-cdn and caused the repository to be added on Debian unstable.

Signed-off-by: Mattias Jernberg <nostrad@gmail.com>
Origin: upstream, https://github.com/docker/engine/commit/8db5403

Gbp-Pq: Name engine-contrib-debootstrap-curl-follow-location.patch

Add chroot for tar packing operations

Previously only unpack operations were supported with chroot.
This adds chroot support for packing operations.
This prevents potential breakouts when copying data from a container.

Signed-off-by: Brian Goff <cpuguy83@gmail.com>
Origin: upstream, https://github.com/moby/moby/pull/39292

Gbp-Pq: Name cve-2018-15664-02-add-chroot-for-tar-packing-operations.patch

Pass root to chroot to for chroot Untar

This is useful for preventing CVE-2018-15664 where a malicious container
process can take advantage of a race on symlink resolution/sanitization.

Before this change chrootarchive would chroot to the destination
directory which is attacker controlled. With this patch we always chroot
to the container's root which is not attacker controlled.

Signed-off-by: Brian Goff <cpuguy83@gmail.com>
Origin: upstream, https://github.com/moby/moby/pull/39292

Gbp-Pq: Name cve-2018-15664-01-pass-root-to-chroot-to-for-chroot-untar.patch

cli/registry: fix a Debugf statement

Fix this warning from go-1.11

> cli/registry/client/fetcher.go:234: Debugf format %s has arg
> repoEndpoint of wrong type client.repositoryEndpoint

Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
Origin: upstream, https://github.com/docker/cli/commit/51848bf

Gbp-Pq: Name cli-fix-registry-debug-message-go-1.11.patch

cli-fix-manpages-build-script

Gbp-Pq: Name cli-fix-manpages-build-script.patch

Build against google-grpc 1.11, where md.Get() does not exist.

This patch is based on the commit that introduced md.Get() in google-grpc:
<https://github.com/grpc/grpc-go/commit/291de7f0>.

Please drop this patch as soon as we build docker against google-grpc >= 1.12.

Origin: vendor, Debian
Forwarded: not-needed, Debian-specific
Signed-off-by: Arnaud Rebillout <arnaud.rebillout@collabora.com>
Gbp-Pq: Name buildkit-build-against-google-grpc-1.11.patch

debian-nuke-no-prompt

Gbp-Pq: Name debian-nuke-no-prompt.patch

debian-cgroupfs-mount-convenience-copy

Gbp-Pq: Name debian-cgroupfs-mount-convenience-copy.patch

debian-dockerd-binary-location

Gbp-Pq: Name debian-dockerd-binary-location.patch

debian-containerd-name

Gbp-Pq: Name debian-containerd-name.patch

debian-systemd-unit-environment-file

Gbp-Pq: Name debian-systemd-unit-environment-file.patch

docker.service: don't limit tasks

Signed-off-by: Pierre Carrier <pierre@meteor.com>
Gbp-Pq: Name debian-systemd-unit-tasksmax.patch

docker.io (18.09.1+dfsg1-7.1) unstable; urgency=medium

  * Non-maintainer upload.

  [ Hideki Yamane ]
  * upstream site moved to mobyproject.org

  [ Arnaud Rebillout ]
  * Add patch for CVE-2018-15664 (Closes: #929662).

[dgit import unpatched docker.io 18.09.1+dfsg1-7.1]

Import docker.io_18.09.1+dfsg1-7.1.debian.tar.xz

[dgit import tarball docker.io 18.09.1+dfsg1-7.1 docker.io_18.09.1+dfsg1-7.1.debian.tar.xz]

Import docker.io_18.09.1+dfsg1.orig.tar.xz

[dgit import orig docker.io_18.09.1+dfsg1.orig.tar.xz]

Import docker.io_18.09.1+dfsg1.orig-containerd.tar.xz

[dgit import orig docker.io_18.09.1+dfsg1.orig-containerd.tar.xz]

Import docker.io_18.09.1+dfsg1.orig-distribution.tar.xz

[dgit import orig docker.io_18.09.1+dfsg1.orig-distribution.tar.xz]

Import docker.io_18.09.1+dfsg1.orig-go-events.tar.xz

[dgit import orig docker.io_18.09.1+dfsg1.orig-go-events.tar.xz]

Import docker.io_18.09.1+dfsg1.orig-go-metrics.tar.xz

[dgit import orig docker.io_18.09.1+dfsg1.orig-go-metrics.tar.xz]

Import docker.io_18.09.1+dfsg1.orig-libnetwork.tar.xz

[dgit import orig docker.io_18.09.1+dfsg1.orig-libnetwork.tar.xz]

Import docker.io_18.09.1+dfsg1.orig-swarmkit.tar.xz

[dgit import orig docker.io_18.09.1+dfsg1.orig-swarmkit.tar.xz]