lxc 1.0.8-0ubuntu0.3~ubuntu12.04.1 source package in Ubuntu

Changelog

lxc (1.0.8-0ubuntu0.3~ubuntu12.04.1) precise-backports; urgency=medium

  * No-change backport to precise (LP: #1528403)

lxc (1.0.8-0ubuntu0.3) trusty; urgency=medium

  * Cherry-pick from upstream:
    - Fix preserve_ns to work on < 3.8 kernels. (LP: #1516971)

lxc (1.0.8-0ubuntu0.2) trusty; urgency=medium

  * Cherry-pick from upstream:
    - Fix ubuntu-cloud template to detect compression algorithm instead
      of hardcoding xz. Also update list of supported releases and use trusty
      as the fallback release. (LP: #1515463)
  * Update lxc-tests description to make it clear that this package is
    meant to be used by developers and by automated testing.

lxc (1.0.8-0ubuntu0.1) trusty; urgency=medium

  * New upstream bugfix release. (MRE tracking bug: LP: #1514623)
    (LP: #1429140)
    - Changelog at: https://linuxcontainers.org/lxc/news/
  * Drop proxy detection from the autopkgtest exercise script.
  * Add patch:
    - 0001-Trusty-Swap-out-the-CVE-2015-1335-fix-with-the-trust.patch
      This is a patch by Serge Hallyn to cope with the trusty 3.13 kernel.
      It updates the upstream CVE fix to the version which trusty ended
      up with after the few round of fixes.

lxc (1.0.7-0ubuntu0.10) trusty; urgency=medium

  * Update the /proc/self/mountinfo no-symlink verification to accomodate
    recursive mounts.  (LP: #1509752)

lxc (1.0.7-0ubuntu0.9) trusty; urgency=medium

  * Update previous patch to include some extra apparmor rules.
    (LP: #1504781)

lxc (1.0.7-0ubuntu0.8) trusty; urgency=medium

  * Update AppArmor profile from stable-1.0 branch which should fix the
    current test failures with the proposed 3.13 kernel. (LP: #1504781)

lxc (1.0.7-0ubuntu0.7) trusty-security; urgency=medium

  * REGRESSION FIX UPDATE:
    - Avoid /./ (LP: #1501491)

lxc (1.0.7-0ubuntu0.6) trusty-security; urgency=medium

  * Fix breakage of some configurations where // ends up in the mount
    target.  (LP: #1501310) (LP: #1476662)

lxc (1.0.7-0ubuntu0.5) trusty-security; urgency=medium

  * SECURITY UPDATE: Arbitrary host file access and AppArmor
    confinement breakout via lxc-start following symlinks while
    setting up mounts within a malicious container (LP: #1476662).
    - debian/patches/0003-CVE-2015-1335.patch: block mounts to paths
      containing symlinks and block bind mounts from relative paths
      containing symlinks. Patch from upstream.
    - CVE-2015-1335

lxc (1.0.7-0ubuntu0.2) trusty-security; urgency=medium

  * SECURITY UPDATE: Arbitrary file creation via unintentional symlink
    following when accessing an LXC lock file (LP: #1470842)
    - debian/patches/0001-CVE-2015-1331.patch: Use /run/lxc/lock, rather than
      /run/lock/lxc, as /run and /run/lxc is only writable by root. Based on
      patch from upstream.
    - CVE-2015-1131
  * SECURITY UPDATE: Container AppArmor/SELinux confinement breakout via
    lxc-attach using a potentially malicious container proc filesystem to
    initialize confinement (LP: #1475050)
    - debian/patches/0002-CVE-2015-1334.patch: Use the host's proc filesystem
      to set up AppArmor profile and SELinux domain transitions during
      lxc-attach. Based on patch from upstream.
    - CVE-2015-1334

lxc (1.0.7-0ubuntu0.1) trusty; urgency=medium

  * New upstream bugfix release. (MRE tracking bug: LP: #1404039)
    - Changelog at: https://linuxcontainers.org/lxc/news/
  * Update debian/rules apparmor handling to match Ubuntu 14.10

lxc (1.0.6-0ubuntu0.1) trusty; urgency=medium

  * New upstream bugfix release. (MRE tracking bug: LP: #1373619)
    - Changelog at: https://linuxcontainers.org/news/

  * Include the SELinux examples.

lxc (1.0.5-0ubuntu0.1) trusty; urgency=medium

  * New upstream bugfix release. (MRE tracking bug: LP: #1341638)
    - Changelog at: https://linuxcontainers.org/news/

  * Sync packaging with utopic:
    - Enable ppc64el adt as we now have ppc64el images available for download.

lxc (1.0.4-0ubuntu0.1) trusty; urgency=medium

  * New upstream bugfix release. (MRE trackaging bug LP: #1329932)
    - Drop all existing patches (all applied upstream).
    - Fix lxc-attach failing from a different login session. (LP: #1315052)
    - Fix wrong cgroup on login to container. (LP: #1315521)

  * Cherry-pick upstream (stable branch) commits to fix testsuite under adt:
    - tests: Avoid the download template when possible
    - tests: Don't fail when HOME isn't defined
    - tests: apparmor: Always end with a newline

  * Sync packaging with utopic:
    - Depend on either cgmanager or cgroup-lite and recommend cgmanager.
      This should ensure systems get cgmanager by default even if cgroup-lite
      is already installed, yet makes it possible for the user to remove
      cgmanager if they really want to.
    - Remove hardcoded dependency on apparmor, instead generate it from
      rules so that the source package can be backported without changes (the
      right apparmor version will be picked up based on the release number).
    - Do not start lxc-instance in postinst without any instance specified,
      as that is an invalid request.

lxc (1.0.3-0ubuntu3) trusty; urgency=medium

  * Add a dependency on the new apparmor to make sure we have the new
    parser around before we attempt to load a profile requiring the new
    stanza support. (LP: #1304167)

lxc (1.0.3-0ubuntu2) trusty; urgency=medium

  * Cherry-pick upstream fix for cgmanager integration. (LP: #1303649)

lxc (1.0.3-0ubuntu1) trusty; urgency=medium

  * New upstream bugfix release.
  * Drop debian/patches/apparmor-signal-ptrace.patch, now upstream.

lxc (1.0.2-0ubuntu2) trusty; urgency=medium

  * updates for AppArmor signal and ptrace mediation (LP: #1298611)
    - debian/patches/apparmor-signal-ptrace.patch: add signal and ptrace rules
      to abstractions/container-base and abstractions/start-container
    - debian/rules: remove signal and ptrace rules for Ubuntu releases earlier
      than 14.04 LTS

lxc (1.0.2-0ubuntu1) trusty; urgency=medium

  * New upstream bugfix release.
  * Update packaging from daily branch.
    - Build-depend on libcgmanager-dev
    - Build-depend on libseccomp-dev for armhf too
    - Move rsync dependency from lxc to liblxc1
    - Stop recommending cgroup-lite | cgroup-bin (replace by cgmanager)
    - Stop recommending libcap2-bin (lxc-setcap was dropped ages ago)
    - Stop recommending openssl from lxc (only used by templates)
    - Move uidmap recommend from lxc to liblxc1
    - Recommend busybox-static for lxc-templates
    - Add cgmanager as a dependency of liblxc1
    - Enable cgmanager support in LXC (LP: #1279048)
    - Drop cgroup-lite test suite dependency.
    - Update testsuite runner to work inside an unprivileged container.
    - Update testsuite runner to work in the LXC CI environment.

lxc (1.0.1-0ubuntu1) trusty; urgency=medium

  * New upstream bugfix release. (LP: #1246094, LP: #1277466)
    Changelog at: https://linuxcontainers.org/news
  * Add xz-utils to lxc-templates' dependencies.

lxc (1.0.0-0ubuntu4) trusty; urgency=medium

  * Tweak autopkgtest proxy detection to hopefully detect the right
    proxy on the armhf testers...

lxc (1.0.0-0ubuntu3) trusty; urgency=medium

  * Add debootstrap to autopkgtest dependencies.

lxc (1.0.0-0ubuntu2) trusty; urgency=medium

  * Update autopkgtest script to detect:
    - ppc64el
    - running in a container
    - running on an older kernel

lxc (1.0.0-0ubuntu1) trusty; urgency=medium

  * New upstream release (1.0.0).
  * Replace liblxc0 by liblxc1.

lxc (1.0.0~rc4-0ubuntu1) trusty; urgency=medium

  * New upstream release (1.0.0~rc4).

lxc (1.0.0~rc3-0ubuntu1) trusty; urgency=medium

  * New upstream release (1.0.0~rc3).

lxc (1.0.0~rc1-0ubuntu2) trusty; urgency=medium

  * Re-add adt proxy workaround, it should have been fixed in adt but
    apparently it's not, so keep hardcoding the right values for now.

lxc (1.0.0~rc1-0ubuntu1) trusty; urgency=medium

  * New upstream release (1.0.0~rc1).
  * Drop dont_crash_log_init.patch: upstreamed
  * Drop adt proxy workaround (fixed in adt).
  * Make lxc-templates arch:any since unfortunately lxc-sshd hardcodes
    some paths...

lxc (1.0.0~beta4-0ubuntu2) trusty; urgency=medium

  * debian/patches/dont_crash_log_init.patch: don't crash if no name is passed
    to lxc_log_init(), such as is the case with lxc-autostart. (LP: #1277450)

lxc (1.0.0~beta4-0ubuntu1) trusty; urgency=medium

  * New upstream release (1.0.0~beta4). (LP: #1273769)
  * Move uidmap from Depends to Recommends.
  * Drop duplicate python3 cflags (LP: #1272948)
  * Tweak adt to use a proxy server.

lxc (1.0.0~beta3-0ubuntu1) trusty; urgency=medium

  * New upstream release (1.0.0~beta3).
  * Drop Build-conflict and instead pass --disable-lua.
  * Update autopkgtests to dynamically run all upstream tests.
  * Create /etc/lxc/lxc-usernet if missing.
  * Apparmor profiles and upstart jobs are now upstream (drop from packaging).
  * Bash completetion is now upstream.
  * Update lintian overrides.
  * DEPRECATED: lxc-aa-custom-profile has been dropped, instead use the
    examples in the default configuration file.
  * DEPRECATED: lxc-list has been dropped. Use "lxc-ls -f" instead.
  * DEPRECATED: lxc-halt has been dropped. Use "lxc-stop" instead.

lxc (1.0.0~beta2-0ubuntu2) trusty; urgency=medium

  * Build python3 extension for all supported python versions. LP: #127236.
  * Build-conflict with lua5.2*, the packaging is not ready for it.

lxc (1.0.0~beta2-0ubuntu1) trusty; urgency=medium

  * New upstream release (1.0.0~beta2).
  * Removed patches (no remaining):
    - 0000-add-autostart.patch
    - 0001-fix-lxc-usernsexec-regression.patch
  * Update packaging for upstream's implementation of autostart.
  * Allow dbus in lxc-start apparmor profile (needed by the avahi hook).

lxc (1.0.0~beta1-0ubuntu3) trusty; urgency=medium

  * Add lxc-container-with-mounting apparmor profile.
  * Add iptables rules to always allow DHCP and DNS from the containers
    to the host.

lxc (1.0.0~beta1-0ubuntu2) trusty; urgency=medium

  * d/p/0001-fix-lxc-usernsexec-regression.patch: fix a regression breaking
    lxc-usernsexec and, through that, all unprivileged container use.

lxc (1.0.0~beta1-0ubuntu1) trusty; urgency=medium

  * New upstream release (1.0.0~beta1).
  * Removed patches:
    - 0001-lxcapi_clone-set-the-right-environment-variable-for-.patch
    - 0002-don-t-fail-lxc-init-if-we-couldn-t-mount-proc.patch

lxc (1.0.0~alpha3-0ubuntu8) trusty; urgency=low

  * Add iptables rule to fix checksum of udp packets for dhcp  (LP: #930962)

lxc (1.0.0~alpha3-0ubuntu7) trusty; urgency=low

  * Add a lxc-default-with-mounting profile which allows the container to
    mount block filesystems.  (LP: #1257389)

lxc (1.0.0~alpha3-0ubuntu6) trusty; urgency=low

  * lxc-net: detect whether iptables -w flag is supported, so that backports
    won't be broken.

lxc (1.0.0~alpha3-0ubuntu5) trusty; urgency=low

  * Add -w to iptables calls in lxc-net (LP: #1257117)

lxc (1.0.0~alpha3-0ubuntu4) trusty; urgency=low

  * Build-depend on libgnutls-dev for template checksuming.

lxc (1.0.0~alpha3-0ubuntu3) trusty; urgency=low

  * d/p/0002-don-t-fail-lxc-init-if-we-couldn-t-mount-proc.patch: fix
    failure to run lxc-init when lxc.cap.drop=sys_admin.  (LP: #1253669)

lxc (1.0.0~alpha3-0ubuntu2) trusty; urgency=low

  * Cherry-pick fix for lxc-clone hook script environment variable.
    0001-lxcapi_clone-set-the-right-environment-variable-for-.patch
    (LP: #1253573)

lxc (1.0.0~alpha3-0ubuntu1) trusty; urgency=low

  * New upstream release (1.0.0~alpha3).
  * Removed patches:
    - 0001-debian-template-set-hwaddr
    - 0002-lxc-start-if-we-pass-in-a-config-file-then-don-t-use.patch
    - get_rid_of_lxcpath_anon_idea.patch

lxc (1.0.0~alpha2-0ubuntu6) trusty; urgency=low

  * d/p/0002-lxc-start-if-we-pass-in-a-config-file-then-don-t-use.patch
    fix lxc-start -with -f option to not use multiple configuration
    files (LP: #1251352)

lxc (1.0.0~alpha2-0ubuntu5) trusty; urgency=low

  [ Serge Hallyn]
  * debian/rules and debian/lxc.postinst: set /var/lib/lxc and /var/cache/lxc
    to be perms 700.  That prevents unprivileged users from running setuid-root
    applications.  Install that way by default, and for any previous versions,
    update the permissions.  After this version, respect the user's choice.
    (LP: #1244635)

  [ Stéphane Graber ]
  * Allow lxc.conf to start even if LXC_AUTO=false so that other jobs
    can depend on it. Also make sure we always load our apparmor profiles.
    (LP: #1227937)

lxc (1.0.0~alpha2-0ubuntu4) trusty; urgency=low

  * get_rid_of_lxcpath_anon_idea.patch: allow lxc-stop and lxc-attach to
    work more easily with containers started with a custom config (-f).
    (LP: #1244301)

lxc (1.0.0~alpha2-0ubuntu3) trusty; urgency=low

  * Fix syntax error in upstart job.

lxc (1.0.0~alpha2-0ubuntu2) trusty; urgency=low

  * Set lxcpath in lxc-instance, that should make the containers visible
    in lxc-ls and other tools again. (LP: #1242074)

lxc (1.0.0~alpha2-0ubuntu1) trusty; urgency=low

  * New upstream release (1.0.0~alpha2).
  * Removed patches:
    - 0002-pin_rootfs-be-quiet-and-don-t-fail-container-start.patch
    - 0003-move-monitor-fifo-and-monitor-sock-to-run.patch
    - 0004-hash-lxcname-for-use-in-monitor-unix-socket-sun_path.patch
    - 0005-ignore-ability-to-init-lxc-monitord.log.patch
    - 0006-add-pstore-to-container-fstab.patch
    - 0007-apparmor.c-drop-newline-when-reading-current-profile.patch
    - 0008-Fix-crasher-in-get_ips.patch
    - 0009-lxc-ubuntu-cloud-pass-numeric-owner-and-p-to-untar.patch
    - 0010-lxc-ubuntu-cloud-Cope-with-spaces-in-paths.patch
    - 0011-ubuntu-cloud-prep-hook-fix-debug-helper-to-not-inapp.patch
  * Change website to new URL (http://linuxcontainers.org).
  * Build with the test binaries and introduce a new lxc-tests package.
  * Don't build any of the binary packages on !linux.
  * Enable SELinux support.
  * Add watch file.

 -- Stéphane Graber <email address hidden>  Mon, 21 Dec 2015 19:40:10 -0500