File distribution.changes of Package distribution.28991
-------------------------------------------------------------------
Fri May 12 16:05:11 UTC 2023 - Dirk Müller <dmueller@suse.com>
- update to 2.8.2 (bsc#1207705, CVE-2023-2253, bsc#1210428):
  * Revert registry/client: set `Accept: identity` header when
    getting layers
  * Parse `http` forbidden as denied
  * Fix CVE-2023-2253 runaway allocation on /v2/_catalog
  * Fix panic in inmemory driver
  * update to go1.19.9
  * Add code to handle pagination of parts. Fixes max layer size
    of 10GB bug
  * Dockerfile: fix filenames of artifacts
- drop aws-sdk-1.42.27-update.patch (no longer wanted)
- drop 0001-Fix-runaway-allocation-on-v2-_catalog.patch (upstream)
-------------------------------------------------------------------
Wed Apr 26 19:32:36 UTC 2023 - Dirk Müller <dmueller@suse.com>
- refresh 0001-Fix-runaway-allocation-on-v2-_catalog.patch to
  be more compatible with invalid pagination requests (CVE-2023-2253, bsc#1207705)␣
-------------------------------------------------------------------
Fri Feb 17 09:08:35 UTC 2023 - Dirk Müller <dmueller@suse.com>
- add 0001-Fix-runaway-allocation-on-v2-_catalog.patch (CVE-2023-2253, bsc#1207705)
-------------------------------------------------------------------
Fri Jan 13 11:06:26 UTC 2023 - Dirk Müller <dmueller@suse.com>
- add aws-sdk-1.42.27-update.patch to include AWS_ROLE_ARN
  support (SD-106252) 
-------------------------------------------------------------------
Fri Sep  9 14:16:41 UTC 2022 - Frederic Crozat <fcrozat@suse.com>
- Explicitly require nologin shell which is needed for registry
  system user (bsc#1203324)
-------------------------------------------------------------------
Wed Jun  8 15:53:47 UTC 2022 - Dirk Müller <dmueller@suse.com>
- switch to go 1.16 for 2.8.1 (jsc#SLE-24963)
- build the additional commands as well
- rename to follow upstream renaming
- cleanups 
- switch to systemd for user generation
-------------------------------------------------------------------
Mon May 02 10:04:01 UTC 2022 - dcermak@suse.com
- Update to version 2.8.1:
  * FIx typo
  * Update 2.8.1. release notes
  * go 1.16.15
-------------------------------------------------------------------
Tue Feb 15 09:51:24 UTC 2022 - rbrown@suse.com
- Update to version 2.8.0:
  * Update README so the release pipeline works properly.
  * Make this releaes a beta release first.
  * [2.8] Release artifacts
  * release workflow
  * Apply suggestions from code review
  * Prepare for v2.8.0 release
  * [release/2.7] vendor: github.com/opencontainers/image-spec v1.0.2
  * manifest: validate document type before unmarshal
  * [release/2.7] vendor: github.com/golang-jwt/jwt v3.2.1
- Drop merged patchs
  * 0001-Fix-s3-driver-for-supporting-ceph-radosgw.patch
  * 0002-Relax-filesystem-driver-folder-permissions-to-0777-cont.patch
  * 0003-Support-external-redis-sentinel-cluster.patch
  * 0004-Make-ipfilteredby-not-required.patch
-------------------------------------------------------------------
Thu Jul 15 07:30:22 UTC 2021 - Dirk Müller <dmueller@suse.com>
- go back to golang 1.15 to fix the build for now 
-------------------------------------------------------------------
Mon Oct 12 08:28:38 UTC 2020 - Dirk Mueller <dmueller@suse.com>
- add 0004-Make-ipfilteredby-not-required.patch
  Make ipfilteredby optional 
-------------------------------------------------------------------
Thu Sep 10 10:23:33 CEST 2020 - Jiri Suchomel <jsuchome@suse.com>
- Add 0003-Support-external-redis-sentinel-cluster.patch
  This is patch that is not officially merged in docker-distribution,
  but is being used by Harbor project when building docker-distribution
  image
- Bumped go BuildRequires to 1.13
-------------------------------------------------------------------
Tue Aug 18 19:43:21 UTC 2020 - Stefan Nica <snica@suse.com>
- Add 0002-Relax-filesystem-driver-folder-permissions-to-0777-cont.patch
to get the registry to honor the umask when creating new folders
(https://github.com/docker/distribution/pull/3204)
- Add 0001-Fix-s3-driver-for-supporting-ceph-radosgw.patch
(https://github.com/docker/distribution/pull/2879)
-------------------------------------------------------------------
Fri Jul 31 19:35:10 UTC 2020 - Stefan Nica <snica@suse.com>
- include OSS and GCS backend drivers in the build
-------------------------------------------------------------------
Tue Jul 28 14:00:03 UTC 2020 - Thorsten Kukuk <kukuk@suse.com>
- Remove registry.SuSEfirewall2, SuSEfirewall2 does not exist anymore
-------------------------------------------------------------------
Fri Jul 24 13:42:41 CEST 2020 - jsuchome@suse.com
- enabled changesgenerate option to automatically generate changes 
-------------------------------------------------------------------
Tue Jul  7 21:44:45 UTC 2020 - Stefan Nica <snica@suse.com>
- Run registry as non-privileged user
-------------------------------------------------------------------
Thu Jun 25 22:58:30 UTC 2020 - Stefan Nica <snica@suse.com>
- Reworked the RPM spec to use the golang-packaging macros instead
of the provided Makefile
-------------------------------------------------------------------
Fri Feb  7 08:30:49 UTC 2020 - Guillaume GARDET <guillaume.gardet@opensuse.org>
- Enable build on %arm (which include armv6), not only on armv7
-------------------------------------------------------------------
Wed Oct 30 10:09:38 UTC 2019 - Michel Normand <normand@linux.vnet.ibm.com>
- Enable ppc64le
-------------------------------------------------------------------
Thu Oct  3 14:04:28 UTC 2019 - kukuk@suse.de
- Use correct URL to project
- Remove fillup, we don't ship a sysconfig file
- Correct systemd requires
- Enable build on ARM
-------------------------------------------------------------------
Fri Jan 18 12:46:45 UTC 2019 - msabate@suse.com
- Upgraded to 2.7.1
  - Support for OCI images added
  - Fix upgrade issues from 2.6.x
  - Update Go version to 1.11
  - Switch to multi-stage Dockerfile
  - Validations enabled by default with new disabled config option
  - Optimize health check performance
  - Create separate permission for deleting objects in a repo
  - Fix storage driver error propagation for manifest GETs
  - Fix forwarded header resolution
  - Add prometheus metrics
  - Disable schema1 manifest by default
  - Graceful shutdown
  - TLS: remove ciphers that do not support perfect forward secrecy
  - Fix registry stripping newlines from manifests
  - Add bugsnag logrus hook
  - Support ARM builds
-------------------------------------------------------------------
Wed Jun 13 10:30:03 UTC 2018 - dcassany@suse.com
- Make use of %license macro
-------------------------------------------------------------------
Thu Mar  1 11:45:15 UTC 2018 - jmassaguerpla@suse.com
- Configuration files should be tagged in general as %config(noreplace)
  in order to keep the modified config files.
  see https://en.opensuse.org/openSUSE:Specfile_guidelines#Configuration_files
  This fixes bsc#1083474
-------------------------------------------------------------------
Fri Jul 21 10:48:11 UTC 2017 - msabate@suse.com
- Updated to 2.6.2
  This release is a special security release to address an issue allowing
  an attacker to force arbitrarily-sized memory allocations in a registry
  instance through the manifest endpoint. The problem has been mitigated
  by limiting the size of reads for image manifest content.
  Details for mitigation are in 29fa466
  Fixes bsc#1049850(CVE-2017-11468)
-------------------------------------------------------------------
Mon Jun 12 21:51:23 UTC 2017 - abergmann@suse.com
- Add SuSEfirewall2 service file for TCP port 5000.
-------------------------------------------------------------------
Thu Apr  6 14:49:36 UTC 2017 - msabate@suse.com
- Updated to 2.6.1;
  * Fix Forwarded header handling, revert use of X-Forwarded-Port
  * Use driver Stat for registry health check
  fix bsc#1033172
-------------------------------------------------------------------
Fri Jan 27 15:03:17 UTC 2017 - bg@suse.com
- enable build for s390x
-------------------------------------------------------------------
Wed Jan 18 11:07:05 UTC 2017 - msabate@suse.com
- Updated to v2.6.0
#### Storage
- S3: fixed bug in delete due to read-after-write inconsistency
- S3: allow EC2 IAM roles to be used when authorizing region endpoints
- S3: add Object ACL Support
- S3: fix delete method's notion of subpaths
- S3: use multipart upload API in `Move` method for performance
- S3: add v2 signature signing for legacy S3 clones
- Swift: add simple heuristic to detect incomplete DLOs during read ops
- Swift: support different user and tenant domains
- Swift: bulk deletes in chunks
- Aliyun OSS: fix delete method's notion of subpaths
- Aliyun OSS: optimize data copy after upload finishes
- Azure: close leaking response body
- Fix storage drivers dropping non-EOF errors when listing repositories
- Compare path properly when listing repositories in catalog
- Add a foreign layer URL host whitelist
- Improve catalog enumerate runtime
#### Registry
- Export `storage.CreateOptions` in top-level package
- Enable notifications to endpoints that use self-signed certificates
- Properly validate multi-URL foreign layers
- Add control over validation of URLs in pushed manifests
- Proxy mode: fix socket leak when pull is cancelled
- Tag service: properly handle error responses on HEAD request
- Support for custom authentication URL in proxying registry
- Add configuration option to disable access logging
- Add notification filtering by target media type
- Manifest: `References()` returns all children
- Honor `X-Forwarded-Port` and Forwarded headers
- Reference: Preserve tag and digest in With* functions
- Add policy configuration for enforcing repository classes
#### Client
- Changes the client Tags `All()` method to follow links
- Allow registry clients to connect via HTTP2
- Better handling of OAuth errors in client
#### Spec
- Manifest: clarify relationship between urls and foreign layers
- Authorization: add support for repository classes
#### Manifest
- Override media type returned from `Stat()` for existing manifests
- Add plugin mediatype to distribution manifest
#### Docs
- Document `TOOMANYREQUESTS` error code
- Document required Let's Encrypt port
- Improve documentation around implementation of OAuth2
- Improve documentation for configuration
#### Auth
- Add support for registry type in scope
- Add support for using v2 ping challenges for v1
- Add leeway to JWT `nbf` and `exp` checking
- htpasswd: dynamically parse htpasswd file
- Fix missing auth headers with PATCH HTTP request when pushing to default port
#### Dockerfile
- Update to go1.7
- Reorder Dockerfile steps for better layer caching
#### Notes
Documentation has moved to the documentation repository at
`github.com/docker/docker.github.io/tree/master/registry`
The registry is go 1.7 compliant, and passes newer, more restrictive `lint` and `vet` ing.
-------------------------------------------------------------------
Mon Aug  1 14:15:23 UTC 2016 - msabate@suse.com
- Updated to v2.5.0
### Storage
- Ensure uploads directory is cleaned after upload is commited
- Add ability to cap concurrent operations in filesystem driver
- S3: Add 'us-gov-west-1' to the valid region list
- Swift: Handle ceph not returning Last-Modified header for HEAD requests
- Add redirect middleware
#### Registry
- Add support for blobAccessController middleware
- Add support for layers from foreign sources
- Remove signature store
- Add support for Let's Encrypt
- Correct yaml key names in configuration
#### Client
- Add option to get content digest from manifest get
#### Spec
- Update the auth spec scope grammar to reflect the fact that hostnames are optionally supported
- Clarify API documentation around catalog fetch behavior
### API
- Support returning HTTP 429 (Too Many Requests)
### Documentation
- Update auth documentation examples to show "expires in" as int
### Docker Image
- Use Alpine Linux as base image
-------------------------------------------------------------------
Wed May 18 20:13:04 UTC 2016 - msabate@suse.com
- Updated to v2.4.1. It contains the following fixes:
93d7624 Preserve author information in schema1 manifests
ba672e8 When a blob upload is committed prevent writing out hashstate in the subsequent close.
96230de Add a test with a missing _manifests directory
c0d3813 Move garbage collect code into storage package
011b7e4 Ensure GC continues marking if _manifests is nonexistent
0a1fcf9 Fix wording for dry-run flag in useage message for garbage collector.
ed02e88 Sorting completed parts by part number for a better accordance with the S3 spec
fd5a404 Add blobWrtiter.Close() call into blobWriter.Commit()
3f538ca add cn-north-1 to valid check
3330cc5 wait for DLO segments to show up when Close()ing the writer
775d096 Use correct media type for config blob in schema2 manifest
64a9727 Only check validity of S3 region if not using custom endpoint
dafb59f Ensure we log io.Copy errors and bytes copied/total in uploads
431e46a GCS: FileWriter.Size: return offset + buffer size for Writers that are not closed
-------------------------------------------------------------------
Thu Apr 14 07:45:10 UTC 2016 - msabate@suse.com
- Upgraded to 2.4.0. Changelog:
* New S3 storage driver
The default s3 storage driver is now implemented on top of the official Amazon
S3 SDK, boasting major performance and stability goodness. The previous storage
is still available, but deprecated.
* Garbage Collector
A garbage collector tool has been added to the registry. For more details see
the garbage collector documentation.
* Tagged Manifest Events
Manifest push and pull events will now include the tag which was used in the
operation (if applicable).
* Relative URLs
The registry can now be configured to return relative URLs in Location headers.
* V1 Signature disabled
With the ongoing adoption of the schema 2 manifest format and deprecation of
signatures, this option will improve pull performance by generating and
returning a single libtrust signature.
* Gotchas
The RADOS storage driver has been removed. The registry can still be used with
Ceph as the storage backend using the swift driver in conjunction with the
Swift API gateway.
The command line format has changed to support subcommands. To run a registry
as before an additional subcommand - serve - is required.
The legacy S3 storage driver, based on adroll/goamz is now deprecated and will
be removed in a future release.
-------------------------------------------------------------------
Thu Mar 10 15:22:12 UTC 2016 - msabate@suse.com
- Updated changelog
bsc#970507
The fix_version.patch file has been removed because it has been fixed upstream
-------------------------------------------------------------------
Thu Mar 10 12:13:56 UTC 2016 - msabate@suse.com
- Removed old tarball
-------------------------------------------------------------------
Thu Mar 10 12:05:58 UTC 2016 - msabate@suse.com
- Ugraded to 2.3.1. The changelog is as follows:
- Allow uppercase characters in hostnames (https://github.com/docker/distribution/commit/34c3acf8a8d800524ac06444290b26ed96d4dac0)
- Fix schema1 manifest etag and docker content digest header (https://github.com/docker/distribution/commit/d7eb5d118a6a14a6f320062296b1808506c35241)
- Add option to disable signatures (https://github.com/docker/distribution/commit/d1c173078fe47f45c7f7b96098410d4f13dd68ab)
- To avoid any network use unless necessary, delay establishing authorization (https://github.com/docker/distribution/commit/740ed699f40e1522faacb2a706e44fa1560af8ea)
- Extend authChallenger interface to remove type cast.  (https://github.com/docker/distribution/commit/16445b67679e91eab408a40a34625aa1f4dabfd1)
- Enable proxying registries to downgrade fetched manifests to Schema 1.  (https://github.com/docker/distribution/commit/36936218c2e6a4527fc99a5c04126bb1f4c7d55c)
-------------------------------------------------------------------
Fri Feb  5 11:02:49 UTC 2016 - msabate@suse.com
- Update to 2.3
This Docker Registry release is the first to support the Image Manifest
Version 2, Schema 2 manifest format.
-------------------------------------------------------------------
Wed Sep 23 11:05:51 UTC 2015 - jmassaguerpla@suse.com
- set exclusive arch to x86_64 since this is the only arch we build for
-------------------------------------------------------------------
Mon Sep  7 18:39:59 UTC 2015 - jmassaguerpla@suse.com
- Update to 2.1.1 (bsc#948097)
  This release provides a bug fix where the filesystem layout of manifests was
not backwards compatible with v2.0.x registries.
- Update to 2.1.0
  - Support for listing Registry repositories
  - Manifest and layer soft deletion
  - Pull through caching (experimental)
  - Storage Drivers
  more details on: https://github.com/docker/distribution/releases
  add fix_version.patch: fix version to 2.1.1 instead of git version
-------------------------------------------------------------------
Fri May 29 11:30:56 UTC 2015 - fcastelli@suse.com
- Added README-registry.SUSE
-------------------------------------------------------------------
Fri May 29 10:09:41 UTC 2015 - fcastelli@suse.com
- Create /etc/registry to hold all the configuration files of registry
-------------------------------------------------------------------
Thu May 14 07:52:09 UTC 2015 - fcastelli@suse.com
- Update to 2.0.1:
  * Enable blob streaming upload
  * S3 consistency checking and better resource utilization
  * Eliminate resource leakage in the notification system
  * Request error and storage driver logging
  * Documentation corrections and additions
-------------------------------------------------------------------
Fri Apr 17 14:06:13 UTC 2015 - fcastelli@suse.com
- Update to 2.0.0: first stable release of distribution
-------------------------------------------------------------------
Thu Apr 16 08:20:05 UTC 2015 - fcastelli@suse.com
- Update to 2.0.0-rc4:  Several fixes have been made to contextual logging
  output, including ensuring accurate http response status, authorized user
  name and correct output of the version.
-------------------------------------------------------------------
Thu Apr  9 09:52:37 UTC 2015 - fcastelli@suse.com
- Created initial package