File docker-distribution.changes of Package docker-distribution.6808

Thu Mar  1 11:45:15 UTC 2018 -

- Configuration files should be tagged in general as %config(noreplace)
  in order to keep the modified config files.


  This fixes bsc#1083474

Fri Jul 21 10:48:11 UTC 2017 -

- Updated to 2.6.2

  This release is a special security release to address an issue allowing
  an attacker to force arbitrarily-sized memory allocations in a registry
  instance through the manifest endpoint. The problem has been mitigated
  by limiting the size of reads for image manifest content.

  Details for mitigation are in 29fa466

  Fixes bsc#1049850(CVE-2017-11468)

Mon Jun 12 21:51:23 UTC 2017 -

- Add SuSEfirewall2 service file for TCP port 5000.

Thu Apr  6 14:49:36 UTC 2017 -

- Updated to 2.6.1;
  * Fix Forwarded header handling, revert use of X-Forwarded-Port
  * Use driver Stat for registry health check
  fix bsc#1033172

Fri Jan 27 15:03:17 UTC 2017 -

- enable build for s390x

Wed Jan 18 11:07:05 UTC 2017 -

- Updated to v2.6.0

#### Storage
- S3: fixed bug in delete due to read-after-write inconsistency
- S3: allow EC2 IAM roles to be used when authorizing region endpoints
- S3: add Object ACL Support
- S3: fix delete method's notion of subpaths
- S3: use multipart upload API in `Move` method for performance
- S3: add v2 signature signing for legacy S3 clones
- Swift: add simple heuristic to detect incomplete DLOs during read ops
- Swift: support different user and tenant domains
- Swift: bulk deletes in chunks
- Aliyun OSS: fix delete method's notion of subpaths
- Aliyun OSS: optimize data copy after upload finishes
- Azure: close leaking response body
- Fix storage drivers dropping non-EOF errors when listing repositories
- Compare path properly when listing repositories in catalog
- Add a foreign layer URL host whitelist
- Improve catalog enumerate runtime

#### Registry
- Export `storage.CreateOptions` in top-level package
- Enable notifications to endpoints that use self-signed certificates
- Properly validate multi-URL foreign layers
- Add control over validation of URLs in pushed manifests
- Proxy mode: fix socket leak when pull is cancelled
- Tag service: properly handle error responses on HEAD request
- Support for custom authentication URL in proxying registry
- Add configuration option to disable access logging
- Add notification filtering by target media type
- Manifest: `References()` returns all children
- Honor `X-Forwarded-Port` and Forwarded headers
- Reference: Preserve tag and digest in With* functions
- Add policy configuration for enforcing repository classes

#### Client
- Changes the client Tags `All()` method to follow links
- Allow registry clients to connect via HTTP2
- Better handling of OAuth errors in client

#### Spec
- Manifest: clarify relationship between urls and foreign layers
- Authorization: add support for repository classes

#### Manifest
- Override media type returned from `Stat()` for existing manifests
- Add plugin mediatype to distribution manifest

#### Docs
- Document `TOOMANYREQUESTS` error code
- Document required Let's Encrypt port
- Improve documentation around implementation of OAuth2
- Improve documentation for configuration

#### Auth
- Add support for registry type in scope
- Add support for using v2 ping challenges for v1
- Add leeway to JWT `nbf` and `exp` checking
- htpasswd: dynamically parse htpasswd file
- Fix missing auth headers with PATCH HTTP request when pushing to default port

#### Dockerfile
- Update to go1.7
- Reorder Dockerfile steps for better layer caching

#### Notes

Documentation has moved to the documentation repository at

The registry is go 1.7 compliant, and passes newer, more restrictive `lint` and `vet` ing.

Mon Aug  1 14:15:23 UTC 2016 -

- Updated to v2.5.0

### Storage
- Ensure uploads directory is cleaned after upload is commited
- Add ability to cap concurrent operations in filesystem driver
- S3: Add 'us-gov-west-1' to the valid region list
- Swift: Handle ceph not returning Last-Modified header for HEAD requests
- Add redirect middleware

#### Registry
- Add support for blobAccessController middleware
- Add support for layers from foreign sources
- Remove signature store
- Add support for Let's Encrypt
- Correct yaml key names in configuration

#### Client
- Add option to get content digest from manifest get

#### Spec
- Update the auth spec scope grammar to reflect the fact that hostnames are optionally supported
- Clarify API documentation around catalog fetch behavior

### API
- Support returning HTTP 429 (Too Many Requests)

### Documentation
- Update auth documentation examples to show "expires in" as int

### Docker Image
- Use Alpine Linux as base image

Wed May 18 20:13:04 UTC 2016 -

- Updated to v2.4.1. It contains the following fixes:

93d7624 Preserve author information in schema1 manifests
ba672e8 When a blob upload is committed prevent writing out hashstate in the subsequent close.
96230de Add a test with a missing _manifests directory
c0d3813 Move garbage collect code into storage package
011b7e4 Ensure GC continues marking if _manifests is nonexistent
0a1fcf9 Fix wording for dry-run flag in useage message for garbage collector.
ed02e88 Sorting completed parts by part number for a better accordance with the S3 spec
fd5a404 Add blobWrtiter.Close() call into blobWriter.Commit()
3f538ca add cn-north-1 to valid check
3330cc5 wait for DLO segments to show up when Close()ing the writer
775d096 Use correct media type for config blob in schema2 manifest
64a9727 Only check validity of S3 region if not using custom endpoint
dafb59f Ensure we log io.Copy errors and bytes copied/total in uploads
431e46a GCS: FileWriter.Size: return offset + buffer size for Writers that are not closed

Thu Apr 14 07:45:10 UTC 2016 -

- Upgraded to 2.4.0. Changelog:

* New S3 storage driver

The default s3 storage driver is now implemented on top of the official Amazon
S3 SDK, boasting major performance and stability goodness. The previous storage
is still available, but deprecated.

* Garbage Collector

A garbage collector tool has been added to the registry. For more details see
the garbage collector documentation.

* Tagged Manifest Events

Manifest push and pull events will now include the tag which was used in the
operation (if applicable).

* Relative URLs

The registry can now be configured to return relative URLs in Location headers.

* V1 Signature disabled

With the ongoing adoption of the schema 2 manifest format and deprecation of
signatures, this option will improve pull performance by generating and
returning a single libtrust signature.

* Gotchas

The RADOS storage driver has been removed. The registry can still be used with
Ceph as the storage backend using the swift driver in conjunction with the
Swift API gateway.

The command line format has changed to support subcommands. To run a registry
as before an additional subcommand - serve - is required.

The legacy S3 storage driver, based on adroll/goamz is now deprecated and will
be removed in a future release.

Thu Mar 10 15:22:12 UTC 2016 -

- Updated changelog


The fix_version.patch file has been removed because it has been fixed upstream

Thu Mar 10 12:13:56 UTC 2016 -

- Removed old tarball

Thu Mar 10 12:05:58 UTC 2016 -

- Ugraded to 2.3.1. The changelog is as follows:

- Allow uppercase characters in hostnames (
- Fix schema1 manifest etag and docker content digest header (
- Add option to disable signatures (
- To avoid any network use unless necessary, delay establishing authorization (
- Extend authChallenger interface to remove type cast.  (
- Enable proxying registries to downgrade fetched manifests to Schema 1.  (

Fri Feb  5 11:02:49 UTC 2016 -

- Update to 2.3

This Docker Registry release is the first to support the Image Manifest
Version 2, Schema 2 manifest format.

Wed Sep 23 11:05:51 UTC 2015 -

- set exclusive arch to x86_64 since this is the only arch we build for

Mon Sep  7 18:39:59 UTC 2015 -

- Update to 2.1.1 (bsc#948097)

  This release provides a bug fix where the filesystem layout of manifests was
not backwards compatible with v2.0.x registries.

- Update to 2.1.0
  - Support for listing Registry repositories
  - Manifest and layer soft deletion
  - Pull through caching (experimental)
  - Storage Drivers

  more details on:

  add fix_version.patch: fix version to 2.1.1 instead of git version

Fri May 29 11:30:56 UTC 2015 -

- Added README-registry.SUSE

Fri May 29 10:09:41 UTC 2015 -

- Create /etc/registry to hold all the configuration files of registry

Thu May 14 07:52:09 UTC 2015 -

- Update to 2.0.1:
  * Enable blob streaming upload
  * S3 consistency checking and better resource utilization
  * Eliminate resource leakage in the notification system
  * Request error and storage driver logging
  * Documentation corrections and additions

Fri Apr 17 14:06:13 UTC 2015 -

- Update to 2.0.0: first stable release of distribution

Thu Apr 16 08:20:05 UTC 2015 -

- Update to 2.0.0-rc4:  Several fixes have been made to contextual logging
  output, including ensuring accurate http response status, authorized user
  name and correct output of the version.

Thu Apr  9 09:52:37 UTC 2015 -

- Created initial package
openSUSE Build Service is sponsored by