Debian Patches
Status for docker.io/28.5.2+dfsg4-2
| Patch | Description | Author | Forwarded | Bugs | Origin | Last update |
|---|---|---|---|---|---|---|
| debian-bash-completion-no-shebang.patch | Remove shebang from bash completion file Discussed upstream, rejected as most code editors rely on the shebang to correctly indent and highlight the file. =================================================================== |
Arnaud Rebillout <elboulangero@gmail.com> | yes | 2020-11-27 | ||
| debian-systemd-unit-environment-file.patch | Use EnvironmentFile with the systemd unit file. =================================================================== |
Paul R. Tagliamonte <paultag@debian.org> | no | debian | 2014-05-07 | |
| debian-dockerd-binary-location.patch | FHS compliance. =================================================================== |
Tianon Gravi <tianon@debian.org> | not-needed | |||
| debian-nuke-no-prompt.patch | remove prompt and delay =================================================================== |
Dmitry Smirnov <onlyjob@debian.org> | not-needed | debian | 2018-06-09 | |
| cli-add-go.mod-file.patch | Add go.mod file to cli Fix build issue during tests with + gotest.tools/v3 |
Arnaud Rebillout <elboulangero@gmail.com> | no | 2020-11-24 | ||
| engine-add-go.mod-file.patch | Add go.mod file to engine Fix build issue with + github.com/coreos/go-systemd/v22 + gotest.tools/v3 |
Arnaud Rebillout <elboulangero@gmail.com> | no | 2020-11-24 | ||
| engine-avoid-hcsshim.patch | Avoid dependency on hcsshim =================================================================== |
Reinhard Tartler <siretart@tauware.de> | no | |||
| engine-ftbfs-mips.patch | Fix FTBFS on mips =================================================================== |
Tianon Gravi <tianon@debian.org> | no | |||
| engine-disable-gcp.patch | Disable gcp dependencies The copy of golang-google-cloud in Debian is very oudated. Disable gcplogging until it has been updated =================================================================== |
Reinhard Tartler <siretart@tauware.de> | no | |||
| engine-ftbfs-32bit.patch | Disable test that overflows on 32bit Trying to figure out how to reproduce this in an upstream checkout of moby/moby =================================================================== |
Reinhard Tartler <siretart@tauware.de> | invalid | 2026-01-13 | ||
| engine-go-archive-update.patch | =================================================================== | no | ||||
| engine-format-fixes.patch | Fix compilation errors from newer docker vet =================================================================== |
Reinhard Tartler <siretart@tauware.de> | no | |||
| buildkit-remove-jaeger.patch | Avoid jaeger dependency =================================================================== |
Reinhard Tartler <siretart@tauware.de> | no | |||
| cli-fix-generate-man.patch | defuse internet access =================================================================== |
Reinhard Tartler <siretart@tauware.de> | no | |||
| cli-fix-for-go-archive-0.2.0.patch | remove uses of deprecated go-archive consts | Sebastiaan van Stijn <github@gone.nl> | no | upstream, https://github.com/docker/cli/commit/03dfab40134db95154859d13ffd8d4e1be110176.patch | 2025-12-19 | |
| test--cli-skip-network-tests.patch | cli/command: Skip network tests Interestingly, the last time I tried, only the test 'TestRunBuildFromGitHubSpecialCase' failed, and it failed only for the armel architecture. Which makes absolutely no sense, given that it's supposed to fail when there's no network, and it should have nothing to do with the architecture. . Anyway. Let's disable this test. . Build error below: . === FAIL: cli/command/image TestRunBuildFromGitHubSpecialCase (0.10s) Error: unable to prepare context: unable to 'git clone' to temporary context directory: error fetching: fatal: unable to access 'https://github.com/docker/for-win/': Couldn't connect to server : exit status 128 build_test.go:136: assertion failed: expected error to contain "docker-build-git", got "unable to prepare context: unable to 'git clone' to temporary context directory: error fetching: fatal: unable to access 'https://github.com/docker/for-win/': Couldn't connect to server\n: exit status 128" =================================================================== |
Dmitry Smirnov <onlyjob@debian.org> | not-needed | 2020-11-27 | ||
| test--cli-skip-TestSignCommandLocalFlag.patch | Skip TestSignCommandLocalFlag No idea why this test used to pass before and fails now... ~~~~ === RUN TestSignCommandLocalFlag --- FAIL: TestSignCommandLocalFlag (35.01s) sign_test.go:307: assertion failed: expected error to contain "error contacting notary server: dial tcp: lookup reg-name.io", got "Error: error contacting notary server: dial tcp 125.235.4.59:443: i/o timeout" ... FAIL github.com/docker/cli/cli/command/trust 49.235s ~~~~ =================================================================== |
Arnaud Rebillout <arnaud.rebillout@collabora.com> | not-needed | vendor, Debian | 2019-09-28 | |
| test--skip-daemon-oci-linux-pbuilder-tests.patch | Skip failing test TestGetSourceMount: "Can't find mount point of /" =================================================================== |
Arnaud Rebillout <elboulangero@gmail.com> | not-needed | 2020-12-01 | ||
| test--skip-pkg-system-chtimes-mips64.patch | Skip pkg/system chtimes tests on mips64 === RUN TestChtimesLinux chtimes_linux_test.go:87: Expected: 2262-04-11 23:47:16 +0000 UTC, got: 1990-01-27 10:50:44 +0000 UTC --- FAIL: TestChtimesLinux (0.00s) === RUN TestChtimes chtimes_test.go:92: Expected: 2262-04-11 23:47:16 +0000 UTC, got: 1990-01-27 10:50:44 +0000 UTC --- FAIL: TestChtimes (0.00s) =================================================================== |
Arnaud Rebillout <elboulangero@gmail.com> | yes | upstream | 2021-01-04 | |
| test--skip-TestGetRootUIDGID.patch | disable test failing is sbuild.~~~~ FAIL: TestGetRootUIDGID (0.00s) idtools_unix_test.go:287: Error Trace: idtools_unix_test.go:287 Error: Not equal: expected: 1009 actual : 2952 Test: TestGetRootUIDGID ~~~~ =================================================================== |
Dmitry Smirnov <onlyjob@debian.org> | not-needed | 2018-06-16 | ||
| test--skip-TestStateRunStop.patch | disabled unreliable test.~~~~ state_test.go:102: ExitCode -1, expected 2, err "context deadline exceeded" ~~~~ =================================================================== |
Dmitry Smirnov <onlyjob@debian.org> | not-needed | 2018-08-02 | ||
| test_invalid_cert_pem.patch | TestNewClientWithOpsFromEnv expects different response === FAIL: client TestNewClientWithOpsFromEnv/invalid_cert_path (0.00s) client_test.go:96: assertion failed: expected error "could not load X509 key pair: open invalid/path/cert.pem: no such file or directory", got "Could not load X509 key pair: open invalid/path/cert.pem: no such file or directory" open invalid/path/cert.pem: no such file or directory Could not load X509 key pair github.com/docker/go-connections/tlsconfig.getCert /<<PKGBUILDDIR>>/_build/src/github.com/docker/go-connections/tlsconfig/config.go:183 github.com/docker/go-connections/tlsconfig.Client /<<PKGBUILDDIR>>/_build/src/github.com/docker/go-connections/tlsconfig/config.go:216 github.com/docker/docker/client.FromEnv.WithTLSClientConfigFromEnv.func1 /<<PKGBUILDDIR>>/_build/src/github.com/docker/docker/client/options.go:174 github.com/docker/docker/client.FromEnv /<<PKGBUILDDIR>>/_build/src/github.com/docker/docker/client/options.go:40 github.com/docker/docker/client.NewClientWithOpts /<<PKGBUILDDIR>>/_build/src/github.com/docker/docker/client/client.go:201 github.com/docker/docker/client.TestNewClientWithOpsFromEnv.func1 /<<PKGBUILDDIR>>/_build/src/github.com/docker/docker/client/client_test.go:94 testing.tRunner /usr/lib/go-1.22/src/testing/testing.go:1689 runtime.goexit /usr/lib/go-1.22/src/runtime/asm_amd64.s:1695 =================================================================== |
Reinhard Tartler <siretart@tauware.de> | no | |||
| test-disable-tests-that-require-root.patch | Disable tests that assume we run as root =================================================================== |
Reinhard Tartler <siretart@tauware.de> | no | |||
| test-docker-pull-error.patch | String mismatch === FAIL: distribution TestPullSchema2Config/unauthorized (0.00s) pull_v2_test.go:302: HTTP GET /v2/ pull_v2_test.go:302: HTTP GET /v2/docker.io/library/testremotename/blobs/sha256:66ad98165d38f53ee73868f82bd4eed60556ddfee824810a4062c4f777b20a5b pull_v2_test.go:332: expected error="download failed after attempts=1: unauthorized: authentication required" to contain "unauthorized: you need to be authenticated" =================================================================== |
Reinhard Tartler <siretart@tauware.de> | no | |||
| test--cli-TestInitializeFromClientHangs.patch | Not suitable for package tests =================================================================== |
Reinhard Tartler <siretart@tauware.de> | no | |||
| test--cli-TestUseHostOverrideEmpty.patch | Not suitable for package tests =================================================================== |
Reinhard Tartler <siretart@tauware.de> | no | |||
| test--cli-TestCloseRunningCommand.patch | Not suitable for package tests =================================================================== |
Reinhard Tartler <siretart@tauware.de> | no | |||
| test--cli-TestPrunePromptTerminaton.patch | Skip flaky test TestPrunePromptTermination =================================================================== |
Reinhard Tartler <siretart@tauware.de> | no | |||
| test--cli-fix-string-issues.patch | fix minor string issues in cli unit-test =================================================================== |
Badrikesh Prusty <badrikesh.prusty@siemens.com> | no | |||
| test-engine-ignore-scpt.patch | Tolerate SCTP test on buildds On build daemons, the sctp module may not be loaded, and setting up the test may fail. =================================================================== |
Reinhard Tartler <siretart@tauware.de> | not-needed | |||
| CVE-2026-33997.patch | plugin: Fix off-by-one in privilege validation Fix an off-by-one error in isEqual() where the comparison loop started at index 1 instead of 0, causing the first privilege (after sorting alphabetically by name) to never be validated. This allowed a malicious plugin to request different values for whichever privilege sorts first — most notably "allow-all-devices", which grants unrestricted rwm access to all host devices. The bug also meant that plugins requesting exactly one privilege had zero iterations of the comparison loop, bypassing validation entirely. Also fix an existing test case ("diff-order-but-same-value") that only passed due to the off-by-one bug, and add test cases for single-element and first-sorted-element mismatches. (cherry picked from commit 99a095ecf04e8849318f2811bb3f687905eab09b) |
Paweł Gronowski <pawel.gronowski@docker.com> | no | 2026-03-19 | ||
| CVE-2026-34040-a.patch | pkg/authz: Reject requests exceeding body size limit Previously, the authorization system would silently skip body inspection when request bodies exceeded the maximum size limit (1MiB). The authorization plugins would receive an empty body for inspection while the actual large payload would still be processed by the Docker daemon, allowing malicious requests to circumvent plugin-based security controls. (cherry picked from commit 7a767b27fd1238c89a5cc926c39e27d3bcf58e35) |
Paweł Gronowski <pawel.gronowski@docker.com> | no | 2026-02-16 | ||
| CVE-2026-34040-b.patch | pkg/authz: Increase body limit to 4 MiB Some endpoint could potentially use a body request than 1 MiB without malicious intent. (cherry picked from commit ec76e941838797fc762185c556c152f0a032d387) |
Paweł Gronowski <pawel.gronowski@docker.com> | no | 2026-02-16 |
All known versions for source package 'docker.io'
- 28.5.2+dfsg4-2 (sid, forky)
- 28.5.2+dfsg3-2 (experimental)
- 26.1.5+dfsg1-9 (trixie)
- 20.10.24+dfsg1-1+deb12u1 (bookworm)
- 20.10.24+dfsg1-1 (bookworm-backports)