snapd 2.48.3+20.10 source package in Ubuntu

Changelog

snapd (2.48.3+20.10) groovy-security; urgency=medium

  * SECURITY UPDATE: sandbox escape vulnerability for containers
    (LP: #1910456)
    - many: add Delegate=true to generated systemd units for special
      interfaces
    - interfaces/greengrass-support: back-port interface changes to
      2.48
    - CVE-2020-27352
  * interfaces/builtin/docker-support: allow /run/containerd/s/...
    - This is a new path that docker 19.03.14 (with a new version of
      containerd) uses to avoid containerd CVE issues around the unix
      socket. See also CVE-2020-15257.

snapd (2.48.2) xenial; urgency=medium

  * New upstream release, LP: #1906690
    - tests: sign new nested-18|20* models to allow for generic serials
    - secboot: add extra paranoia when waiting for that fde-reveal-key
    - tests: backport netplan workarounds from #9785
    - secboot: add workaround for snapcore/core-initrd issue #13
    - devicestate: log checkEncryption errors via logger.Noticef
    - tests: add nested spread end-to-end test for fde-hooks
    - devicestate: implement checkFDEFeatures()
    - boot: tweak resealing with fde-setup hooks
    - sysconfig/cloudinit.go: add "manual_cache_clean: true" to cloud-
      init restrict file
    - secboot: add new LockSealedKeys() that uses either TPM or
      fde-reveal-key
    - gadget: use "sealed-keys" to determine what method to use for
      reseal
    - boot: add sealKeyToModeenvUsingFdeSetupHook()
    - secboot: use `fde-reveal-key` if available to unseal key
    - cmd/snap-update-ns: fix sorting of overname mount entries wrt
      other entries
    - o/devicestate: save model with serial in the device save db
    - devicestate: add runFDESetupHook() helper
    - secboot,devicestate: add scaffoling for "fde-reveal-key" support
    - hookstate: add new HookManager.EphemeralRunHook()
    - update-pot: fix typo in plural keyword spec
    - store,cmd/snap-repair: increase initial expontential time
      intervals
    - o/devicestate,daemon: fix reboot system action to not require a
      system label
    - github: run nested suite when commit is pushed to release branch
    - tests: reset fakestore unit status
    - tests: fix uc20-create-parition-* tests for updated gadget
    - hookstate: implement snapctl fde-setup-{request,result}
    - devicestate: make checkEncryption fde-setup hook aware
    - client,snapctl: add naive support for "stdin"
    - devicestate: support "storage-safety" defaults during install
    - snap: use the boot-base for kernel hooks
    - vendor: update secboot repo to avoid including secboot.test binary

snapd (2.48.1) xenial; urgency=medium

  * New upstream release, LP: #1906690
    - gadget: disable ubuntu-boot role validation check

 -- Michael Vogt <email address hidden>  Tue, 02 Feb 2021 09:21:12 +0100