-
snapd (2.62+23.10) mantic; urgency=medium
* New upstream release, LP: #2058277
- Aspects based configuration schema support (experimental)
- Refresh app awareness support for UI (experimental)
- Support for user daemons by introducing new control switches
--user/--system/--users for service start/stop/restart
(experimental)
- Add AppArmor prompting experimental flag (feature currently
unsupported)
- Installation of local snap components of type test
- Packaging of components with snap pack
- Expose experimental features supported/enabled in snapd REST API
endpoint /v2/system-info
- Support creating and removing recovery systems for use by factory
reset
- Enable API route for creating and removing recovery systems using
/v2/systems with action create and /v2/systems/{label} with action
remove
- Lift requirements for fde-setup hook for single boot install
- Enable single reboot gadget update for UC20+
- Allow core to be removed on classic systems
- Support for remodeling on hybrid systems
- Install desktop files on Ubuntu Core and update after snapd
upgrade
- Upgrade sandbox features to account for cgroup v2 device filtering
- Support snaps to manage their own cgroups
- Add support for AppArmor 4.0 unconfined profile mode
- Add AppArmor based read access to /etc/default/keyboard
- Upgrade to squashfuse 0.5.0
- Support useradd utility to enable removing Perl dependency for
UC24+
- Support for recovery-chooser to use console-conf snap
- Add support for --uid/--gid using strace-static
- Add support for notices (from pebble) and expose via the snapd
REST API endpoints /v2/notices and /v2/notice
- Add polkit authentication for snapd REST API endpoints
/v2/snaps/{snap}/conf and /v2/apps
- Add refresh-inhibit field to snapd REST API endpoint /v2/snaps
- Add refresh-inhibited select query to REST API endpoint /v2/snaps
- Take into account validation sets during remodeling
- Improve offline remodeling to use installed revisions of snaps to
fulfill the remodel revision requirement
- Add rpi configuration option sdtv_mode
- When snapd snap is not installed, pin policy ABI to 4.0 or 3.0 if
present on host
- Fix gadget zero-sized disk mapping caused by not ignoring zero
sized storage traits
- Fix gadget install case where size of existing partition was not
correctly taken into account
- Fix trying to unmount early kernel mount if it does not exist
- Fix restarting mount units on snapd start
- Fix call to udev in preseed mode
- Fix to ensure always setting up the device cgroup for base bare
and core24+
- Fix not copying data from newly set homedirs on revision change
- Fix leaving behind empty snap home directories after snap is
removed (resulting in broken symlink)
- Fix to avoid using libzstd from host by adding to snapd snap
- Fix autorefresh to correctly handle forever refresh hold
- Fix username regex allowed for system-user assertion to not allow
'+'
- Fix incorrect application icon for notification after autorefresh
completion
- Fix to restart mount units when changed
- Fix to support AppArmor running under incus
- Fix case of snap-update-ns dropping synthetic mounts due to
failure to match desired mount dependencies
- Fix parsing of base snap version to enable pre-seeding of Ubuntu
Core Desktop
- Fix packaging and tests for various distributions
- Add remoteproc interface to allow developers to interact with
Remote Processor Framework which enables snaps to load firmware to
ARM Cortex microcontrollers
- Add kernel-control interface to enable controlling the kernel
firmware search path
- Add nfs-mount interface to allow mounting of NFS shares
- Add ros-opt-data interface to allow snaps to access the host
/opt/ros/ paths
- Add snap-refresh-observe interface that provides refresh-app-
awareness clients access to relevant snapd API endpoints
- steam-support interface: generalize Pressure Vessel root paths and
allow access to driver information, features and container
versions
- steam-support interface: make implicit on Ubuntu Core Desktop
- desktop interface: improved support for Ubuntu Core Desktop and
limit autoconnection to implicit slots
- cups-control interface: make autoconnect depend on presence of
cupsd on host to ensure it works on classic systems
- opengl interface: allow read access to /usr/share/nvidia
- personal-files interface: extend to support automatic creation of
missing parent directories in write paths
- network-control interface: allow creating /run/resolveconf
- network-setup-control and network-setup-observe interfaces: allow
busctl bind as required for systemd 254+
- libvirt interface: allow r/w access to /run/libvirt/libvirt-sock-
ro and read access to /var/lib/libvirt/dnsmasq/**
- fwupd interface: allow access to IMPI devices (including locking
of device nodes), sysfs attributes needed by amdgpu and the COD
capsule update directory
- uio interface: allow configuring UIO drivers from userspace
libraries
- serial-port interface: add support for NXP Layerscape SoC
- lxd-support interface: add attribute enable-unconfined-mode to
require LXD to opt-in to run unconfined
- block-devices interface: add support for ZFS volumes
- system-packages-doc interface: add support for reading jquery and
sphinx documentation
- system-packages-doc interface: workaround to prevent autoconnect
failure for snaps using base bare
- microceph-support interface: allow more types of block devices to
be added as an OSD
- mount-observe interface: allow read access to
/proc/{pid}/task/{tid}/mounts and proc/{pid}/task/{tid}/mountinfo
- polkit interface: changed to not be implicit on core because
installing policy files is not possible
- upower-observe interface: allow stats refresh
- gpg-public-keys interface: allow creating lock file for certain
gpg operations
- shutdown interface: allow access to SetRebootParameter method
- media-control interface: allow device file locking
- u2f-devices interface: support for Trustkey G310H, JaCarta U2F,
Kensington VeriMark Guard, RSA DS100, Google Titan v2
-- Ernest Lotter <email address hidden> Thu, 21 Mar 2024 22:06:09 +0200
-
snapd (2.61.3+23.10) mantic; urgency=medium
* New upstream release, LP: #2039017
- Install systemd files in correct location for 24.04
-- Ernest Lotter <email address hidden> Wed, 06 Mar 2024 23:18:11 +0200
-
snapd (2.60.4+23.10.1) mantic; urgency=medium
[ Valentin David ]
* cmd/snapd-generator: read mountinfo for pid 1 (LP: #2039268)
-- Steve Langasek <email address hidden> Thu, 26 Oct 2023 13:25:44 -0700
-
snapd (2.60.4+23.10) mantic; urgency=medium
* New upstream release, LP: #2024007
- i/b/qualcomm_ipc_router.go: switch to plug/slot and add socket
permission
- interfaces/builtin: fix custom-device udev KERNEL values
- overlord: allow the firmware-updater snap to install user daemons
- interfaces: allow loopback as a block-device
-- Michael Vogt <email address hidden> Fri, 15 Sep 2023 20:46:59 +0200
-
snapd (2.60.3+23.10.1) mantic; urgency=medium
[ Sebastien Bacher ]
* debian/patches/firmware-updater.patch:
- cherry pick an upstream change to allow us to install firmware-updater
despite its use of the experimental dbus user daemon feature
-- Michael Vogt <email address hidden> Mon, 11 Sep 2023 12:51:35 +0200
-
snapd (2.60.2+23.10.1) mantic; urgency=medium
* debian/patches/firmware-updater.patch:
- cherry pick an upstream change to allow us to install firmware-updater
despite its use of the experimental dbus user daemon feature
-- Sebastien Bacher <email address hidden> Wed, 30 Aug 2023 16:10:23 +0200
-
snapd (2.60.2+23.10) mantic; urgency=medium
* New upstream release, LP: #2024007
- i/builtin: allow directories in private /dev/shm
- i/builtin: add read access to /proc/task/schedstat in system-
observe
- snap-bootstrap: print version information at startup
- go.mod: update gopkg.in/yaml.v3 to v3.0.1 to fix CVE-2022-28948
- snap, store: filter out invalid snap edited links from store info
and persisted state
- o/configcore: write netplan defaults to 00-snapd-config on seeding
- snapcraft.yaml: pull in apparmor_parser optimization patches from
https://gitlab.com/apparmor/apparmor/-/merge_requests/711
- snap-confine: fix missing \0 after readlink
- cmd/snap: hide append-integrity-data
- interfaces/opengl: add support for ARM Mali
-- Michael Vogt <email address hidden> Fri, 04 Aug 2023 12:14:04 +0200
-
snapd (2.60.1+23.10) mantic; urgency=medium
* New upstream release, LP: #2024007
- install: fallback to lazy unmount() in writeFilesystemContent
- data: include "modprobe.d" and "modules-load.d" in preseeded blob
- gadget: fix install test on armhf
- interfaces: fix typo in network_manager_observe
- sandbox/apparmor: don't let vendored apparmor conflict with system
- gadget/update: set parts in laid out data from the ones matched
- many: move SnapConfineAppArmorDir from dirs to sandbox/apparmor
- many: stop using `-O no-expr-simplify` in apparmor_parser
- go.mod: update secboot to latest uc22 branch
-- Michael Vogt <email address hidden> Tue, 04 Jul 2023 21:21:48 +0200
-
snapd (2.60+23.10) mantic; urgency=medium
* New upstream release, LP: #2024007
- Support for dynamic snapshot data exclusions
- Apparmor userspace is vendored inside the snapd snap
- Added a default-configure hook that exposes gadget default
configuration options to snaps during first install before
services are started
- Allow install from initrd to speed up the initial installation
for systems that do not have a install-device hook
- New `snap sign --chain` flag that appends the account and
account-key assertions
- Support validation-sets in the model assertion
- Support new "min-size" field in gadget.yaml
- New interface: "userns"
-- Michael Vogt <email address hidden> Thu, 15 Jun 2023 17:14:31 +0200
-
snapd (2.59.1+23.04ubuntu2) mantic; urgency=medium
* SECURITY UPDATE: possible sandbox escape via TIOCLINUX ioctl
- interfaces/seccomp/template.go: block ioctl with TIOCLINUX. Patch
from upstream. Graphical terminal emulators like xterm, gnome-terminal
and others are not affected - this can only be exploited when snaps
are run on a virtual console.
- https://github.com/snapcore/snapd/pull/12849
- CVE-2023-1523
-- Alex Murray <email address hidden> Mon, 29 May 2023 13:53:02 +0930
-
snapd (2.59.1+23.04ubuntu1) lunar; urgency=medium
* Cherry pick commit 0a66c2f9fa to fix missing startup of a
user service (LP: #2015468)
-- Michael Vogt <email address hidden> Thu, 06 Apr 2023 13:35:46 +0200