Change logs for lxc source package in Trusty

  • lxc (2.0.8-0ubuntu1~14.04.1) trusty-backports; urgency=medium
    
      * Backport to trusty
      * Add a versioned build-dependency on trusty-backports' libseccomp-dev.
      * Add a versioned dependency to liblxc1 on trusty-backports' cgroup-lite.
    
     -- Stéphane Graber <email address hidden>  Mon, 14 Aug 2017 02:06:16 -0400
  • lxc (2.0.7-0ubuntu1~14.04.1) trusty-backports; urgency=medium
    
      * Backport to trusty
      * Add a versioned build-dependency on trusty-backports' libseccomp-dev.
      * Add a versioned dependency to liblxc1 on trusty-backports' cgroup-lite.
    
     -- Stéphane Graber <email address hidden>  Tue, 14 Feb 2017 12:11:55 -0500
  • lxc (2.0.6-0ubuntu1~ubuntu14.04.1) trusty-backports; urgency=medium
    
      * Backport to trusty
      * Add a versioned build-dependency on trusty-backports' libseccomp-dev.
      * Add a versioned dependency to liblxc1 on trusty-backports' cgroup-lite.
    
     -- Stéphane Graber <email address hidden>  Wed, 21 Dec 2016 22:28:05 -0500
  • lxc (2.0.5-0ubuntu1~ubuntu14.04.1) trusty-backports; urgency=medium
    
      * Backport to trusty
      * Add a versioned build-dependency on trusty-backports' libseccomp-dev.
      * Add a versioned dependency to liblxc1 on trusty-backports' cgroup-lite.
    
     -- Stéphane Graber <email address hidden>  Tue, 25 Oct 2016 14:10:11 -0400
  • lxc (2.0.4-0ubuntu1~ubuntu14.04.1) trusty-backports; urgency=medium
    
      * Backport to trusty
      * Add a versioned build-dependency on trusty-backports' libseccomp-dev.
      * Add a versioned dependency to liblxc1 on trusty-backports' cgroup-lite.
    
     -- Stéphane Graber <email address hidden>  Mon, 03 Oct 2016 13:02:24 -0400
  • lxc (2.0.3-0ubuntu1~ubuntu14.04.1) trusty-backports; urgency=medium
    
      * Backport to trusty (LP: #1597523)
      * Add a versioned build-dependency on trusty-backports' libseccomp-dev.
      * Add a versioned dependency to liblxc1 on trusty-backports' cgroup-lite.
    
     -- Stéphane Graber <email address hidden>  Wed, 29 Jun 2016 17:23:18 -0400
  • lxc (2.0.1-0ubuntu1~ubuntu14.04.1) trusty-backports; urgency=medium
    
      * Backport to trusty
      * Add a versioned build-dependency on trusty-backports' libseccomp-dev.
    
     -- Stéphane Graber <email address hidden>  Mon, 06 Jun 2016 23:53:12 -0400
  • lxc (1.1.5-0ubuntu3~ubuntu14.04.1) trusty-backports; urgency=medium
    
      * Backport to trusty (LP: #1517583)
      * Add a versioned build-dependency on trusty-backports' libseccomp-dev.
      * Add a versioned build-dependency on trusty-backports' libcgmanager-dev.
      * Add a versioned recommends for liblxc1 on trusty-backports' cgmanager.
      * Add a versioned depends for liblxc1 on trusty-backports' cgmanager.
      * Add a versioned depends for lxc on trusty-backports' python3-lxc.
        This was suggested by Michael Vogt to get us one step closer to
        having apt resolve the installation of the lxd backport properly.
    
     -- Stéphane Graber <email address hidden>  Wed, 18 Nov 2015 13:50:02 -0500
  • lxc (1.1.5-0ubuntu2~ubuntu14.04.1) trusty-backports; urgency=medium
    
      * Backport to trusty (LP: #1516109)
      * Add a versioned build-dependency on trusty-backports' libseccomp-dev.
      * Add a versioned build-dependency on trusty-backports' libcgmanager-dev.
      * Add a versioned recommends for liblxc1 on trusty-backports' cgmanager.
      * Add a versioned depends for liblxc1 on trusty-backports' cgmanager.
      * Add a versioned depends for lxc on trusty-backports' python3-lxc.
        This was suggested by Michael Vogt to get us one step closer to
        having apt resolve the installation of the lxd backport properly.
    
     -- Stéphane Graber <email address hidden>  Fri, 13 Nov 2015 12:56:03 -0500
  • lxc (1.1.5-0ubuntu1~ubuntu14.04.1) trusty-backports; urgency=medium
    
      * Backport to trusty (LP: #1514595)
      * Add a versioned build-dependency on trusty-backports' libseccomp-dev.
      * Add a versioned build-dependency on trusty-backports' libcgmanager-dev.
      * Add a versioned recommends for liblxc1 on trusty-backports' cgmanager.
      * Add a versioned depends for liblxc1 on trusty-backports' cgmanager.
      * Add a versioned depends for lxc on trusty-backports' python3-lxc.
        This was suggested by Michael Vogt to get us one step closer to
        having apt resolve the installation of the lxd backport properly.
    
     -- Stéphane Graber <email address hidden>  Mon, 09 Nov 2015 16:33:09 -0500
  • lxc (1.1.4-0ubuntu1.1~ubuntu14.04.2) trusty-backports; urgency=medium
    
      * Add a versioned depends for lxc on trusty-backports' python3-lxc.
        This was suggested by Michael Vogt to get us one step closer to
        having apt resolve the installation of the lxd backport properly.
    
     -- Stéphane Graber <email address hidden>  Tue, 03 Nov 2015 12:22:21 -0500
  • lxc (1.1.4-0ubuntu1.1~ubuntu14.04.1) trusty-backports; urgency=medium
    
      * Backport to trusty (LP: #1505783)
      * Add a versioned build-dependency on trusty-backports' libseccomp-dev.
      * Add a versioned build-dependency on trusty-backports' libcgmanager-dev.
      * Add a versioned depends for liblxc1 on trusty-backports' cgmanager.
      * Add a versioned recommends for liblxc1 on trusty-backports' cgmanager.
    
     -- Stéphane Graber <email address hidden>  Sun, 01 Nov 2015 11:34:30 -0500
  • lxc (1.0.10-0ubuntu1.1) trusty-security; urgency=medium
    
      * No change rebuild as a security update.
    
     -- Marc Deslauriers <email address hidden>  Tue, 01 Aug 2017 11:31:21 -0400
  • lxc (1.0.10-0ubuntu1) trusty; urgency=medium
    
      * New upstream bugfix release. (LP: #1693002)
        - Security fix for CVE-2016-10124
        - Security fix for CVE-2017-5985
    
        - attach: simplify lsm_openat()
        - commands: improve logging
        - utils: add macro __LXC_NUMSTRLEN
        - tests; Don't cause test failures on cleanup errors
        - conf: clearly report to either use drop or keep
        - attach: close lsm label file descriptor
        - conf, attach: save errno across call to close
        - templates/lxc-debian.in: Fix typo in calling dpkg with
          --print-foreign-architectures option
        - templates/lxc-debian.in: handle ppc hostarch -> powerpc
        - Fix regression in errno handling cherry-pick
        - don't try to get stuff from /usr/lib/systemd on the host
        - lxc-opensuse: rm poweroff.target -> sigpwr.target copy
        - Add --enable-gnutls option
        - tests: skip unpriv tests on broken overlay module
        - Use AC_HEADER_MAJOR to detect major()/minor()/makedev()
        - Make lxc-start-ephemeral Python 3.2-compatible
        - systemd: enable delegate in service file
        - confile: clear lxc.network..ipv{4,6} when empty
        - seccomp: allow x32 guests on amd64 hosts.
        - squeeze is not a supported release anymore, drop the key
        - seccomp: set SCMP_FLTATR_ATL_TSKIP if available
        - lxc-checkconfig: verify new[ug]idmap are setuid-root
        - python3: Deal with potential NULL char*
        - lxc-download.in / allow setting keyserver from env
        - lxc-download.in / Document keyserver change in help
        - Change variable check to match existing style
        - tests: Support running on IPv6 networks
        - tests: Kill containers (don't wait for shutdown)
        - Fix opening wrong file in suggest_default_idmap
        - lxc_setup_tios(): Ignore SIGTTOU and SIGTTIN signals
        - Increased buffer length in print_stats()
        - remove obsolete note about api stability
        - conf: less error prone pointer access
        - create ISSUE_TEMPLATE.md
        - issue template: fix typo
        - conf: order mount options
        - commands: avoid NULL pointer dereference
        - commands: non-functional changes
        - lxccontainer: avoid NULL pointer dereference
    
     -- Stéphane Graber <email address hidden>  Tue, 23 May 2017 14:44:34 -0400
  • lxc (1.0.9-0ubuntu3) trusty-security; urgency=medium
    
      * SECURITY UPDATE: lxc-user-nic doesn't check netns ownership (LP: #1654676)
        - Ensure target netns is caller-owned
        - CVE-2017-5985
    
     -- Stéphane Graber <email address hidden>  Tue, 07 Mar 2017 14:39:58 -0500
  • lxc (1.0.9-0ubuntu2) trusty; urgency=medium
    
      * Cherry-pick upstream bugfix (LP: #1647016):
        - 0001-tests-skip-unpriv-tests-on-broken-overlay-module.patch
    
     -- Stéphane Graber <email address hidden>  Wed, 04 Jan 2017 12:38:37 -0500
  • lxc (1.0.9-0ubuntu1) trusty; urgency=medium
    
      * New upstream bugfix release. (LP: #1647016)
        - Security fix for CVE-2016-8649
        - utils: make detect_ramfs_rootfs() return bool
        - tests: add test for detect_ramfs_rootfs()
        - add Documentation entries to lxc and lxc@ units
        - mark the python examples as having utf-8 encoding
        - log: sanity check the returned value from snprintf()
        - lxc-alpine: mount /dev/shm as tmpfs
        - archlinux: Do DHCP on eth0
        - archlinux: Fix resolving
        - Drop leftover references to lxc_strerror()
        - tests: fix image download for s390x
        - tools: fix coding style in lxc_attach
        - tools: make overlay valid backend
        - tools: better error reporting for lxc-start
        - alpine: Fix installing extra packages
        - lxc-alpine: do not drop setfcap
        - s390x: Fix seccomp handling of personalities
        - tools: correct the argument typo in lxc_copy
        - Use libtool for liblxc.so
        - c/r: use --external instead of --veth-pair
        - c/r: remember to increment netnr
        - c/r: add checkpoint/restore support for macvlan interfaces
        - ubuntu: Fix package upgrades requiring proc
        - c/r: drop duplicate hunk from macvlan case
        - c/r: use snprintf to compute device name
        - Tweak libtool handling to work with Android
        - tests: add lxc_error() and lxc_debug()
        - container start: clone newcgroup immediately
        - use python3_sitearch for including the python code
        - fix rpm build, include all built files, but only once
        - cgfs: fix invalid free()
        - find OpenSUSE's build also as obs-build
        - improve help text for --fancy and --fancy-format
        - improve wording of the help page for lxc-ls
        - cgfs: add print_cgfs_init_debuginfo()
        - cgfs: skip empty entries under /proc/self/cgroup
        - cgfs: explicitly check for NULL
        - tools: use correct exit code for lxc-stop
        - c/r: explicitly emit bind mounts as criu arguments
        - log: bump LXC_LOG_BUFFER_SIZE to 4096
        - conf: merge network namespace move & rename on shutdown
        - c/r: save criu's stdout during dump too
        - c/r: remove extra \ns from logs
        - c/r: fix off-by-one error
        - c/r: check state before doing a checkpoint/restore
        - start: CLONE_NEWCGROUP after we have setup cgroups
        - create symlink for /var/run
        - utils: add lxc_append_string()
        - cgroups: remove isolated cpus from cpuset.cpus
        - Update Ubuntu release name: add zesty and remove wily
        - templates: add squashfs support to lxc-ubuntu-cloud.in
        - cgroups: skip v2 hierarchy entry
        - also stop lxc-net in runlevels 0 and 6
        - add lxc.egg-info to gitignore
        - install bash completion where pkg-config tells us to
        - conf: do not use %m format specifier
        - debian: Don't depend on libui-dialog-perl
        - cgroups: use %zu format specifier to print size_t
        - lxc-checkpoint: automatically detect if --external or --veth-pair
        - cgroups: prevent segfault in cgfsng
        - utils: add lxc_preserve_ns()
        - start: add netnsfd to lxc_handler
        - conf: use lxc_preserve_ns()
        - attach: use lxc_preserve_ns()
        - lxc_user_nic: use lxc_preserve_ns()
        - conf, start: improve log output
        - conf: explicitly remove veth device from host
        - conf, start: be smarter when deleting networks
        - start, utils: improve preserve_ns()
        - start, error: improve log + non-functional changes
        - start, namespace: move ns_info to namespace.{c,h}
        - attach, utils: bugfixes
        - attach: use ns_info[LXC_NS_MAX] struct
        - namespace: always attach to user namespace first
        - cgroup: improve isolcpus handling
        - cgroups: handle non-existent isolcpus file
        - utils: add lxc_safe_uint()
        - tests: add unit tests for lxc_safe_uint()
        - utils: add lxc_safe_int()
        - tests: add unit tests for lxc_safe_int()
        - conf/ile: get ip prefix via lxc_safe_uint()
        - confile: use lxc_safe_u/int in config_init_{u,g}id
        - conf/ile: use lxc_safe_uint() in config_pts()
        - conf/ile: use lxc_safe_u/int() in config_start()
        - conf/ile: use lxc_safe_uint() in config_monitor()
        - conf/ile: use lxc_safe_uint() in config_tty()
        - conf/ile: use lxc_safe_uint() in config_kmsg()
        - conf/ile: avoid atoi in config_lsm_aa_incomplete()
        - conf/ile: use lxc_safe_uint() in config_autodev()
        - conf/ile: avoid atoi() in config_ephemeral()
        - utils: use lxc_safe_int()
        - lxc_monitord: use lxc_safe_int() && use exit()
        - start: use lxc_safe_int()
        - conf: use lxc_safe_{u}int()
        - tools/lxc_execute: use lxc_safe_uint()
        - tools/lxc_stop: use lxc_safe_uint()
        - utils: add lxc_safe_long()
        - tests: add unit tests for lxc_safe_long()
        - tools/lxc_stop: use lxc_safe_long()
        - tools/lxc_top: use lxc_safe_int()
        - tools/lxc_ls: use lxc_safe_uint()
        - tools/lxc_autostart: use lxc_safe_{int,long}()
        - tools/lxc_console: use lxc_safe_uint()
        - tools: replace non-standard namespace identifiers
        - Configure a static MAC address on the LXC bridge
        - tests: remove overflow tests
        - attach: do not send procfd to attached process
      * Autopkgtest:
        - Restrict tests to run on standalone systems.
    
     -- Stéphane Graber <email address hidden>  Sat, 03 Dec 2016 00:16:35 -0500
  • lxc (1.0.8-0ubuntu0.4) trusty-security; urgency=medium
    
      * SECURITY UPDATE: Escape through ptrace and inherited fd (LP: #1639345)
        - attach: Do not send procfd to attached process
        - CVE-2016-8649
    
     -- Stéphane Graber <email address hidden>  Tue, 22 Nov 2016 00:49:00 -0500
  • lxc (1.0.8-0ubuntu0.3) trusty; urgency=medium
    
      * Cherry-pick from upstream:
        - Fix preserve_ns to work on < 3.8 kernels. (LP: #1516971)
    
    lxc (1.0.8-0ubuntu0.2) trusty; urgency=medium
    
      * Cherry-pick from upstream:
        - Fix ubuntu-cloud template to detect compression algorithm instead
          of hardcoding xz. Also update list of supported releases and use trusty
          as the fallback release. (LP: #1515463)
      * Update lxc-tests description to make it clear that this package is
        meant to be used by developers and by automated testing.
    
    lxc (1.0.8-0ubuntu0.1) trusty; urgency=medium
    
      * New upstream bugfix release. (MRE tracking bug: LP: #1514623)
        (LP: #1429140)
        - Changelog at: https://linuxcontainers.org/lxc/news/
      * Drop proxy detection from the autopkgtest exercise script.
      * Add patch:
        - 0001-Trusty-Swap-out-the-CVE-2015-1335-fix-with-the-trust.patch
          This is a patch by Serge Hallyn to cope with the trusty 3.13 kernel.
          It updates the upstream CVE fix to the version which trusty ended
          up with after the few round of fixes.
    
     -- Stéphane Graber <email address hidden>  Wed, 18 Nov 2015 13:42:07 -0500
  • lxc (1.0.8-0ubuntu0.2) trusty; urgency=medium
    
      * Cherry-pick from upstream:
        - Fix ubuntu-cloud template to detect compression algorithm instead
          of hardcoding xz. Also update list of supported releases and use trusty
          as the fallback release. (LP: #1515463)
      * Update lxc-tests description to make it clear that this package is
        meant to be used by developers and by automated testing.
    
    lxc (1.0.8-0ubuntu0.1) trusty; urgency=medium
    
      * New upstream bugfix release. (MRE tracking bug: LP: #1514623)
        (LP: #1429140)
        - Changelog at: https://linuxcontainers.org/lxc/news/
      * Drop proxy detection from the autopkgtest exercise script.
      * Add patch:
        - 0001-Trusty-Swap-out-the-CVE-2015-1335-fix-with-the-trust.patch
          This is a patch by Serge Hallyn to cope with the trusty 3.13 kernel.
          It updates the upstream CVE fix to the version which trusty ended
          up with after the few round of fixes.
    
     -- Stéphane Graber <email address hidden>  Fri, 13 Nov 2015 12:53:17 -0500
  • lxc (1.0.8-0ubuntu0.1) trusty; urgency=medium
    
      * New upstream bugfix release. (MRE tracking bug: LP: #1514623)
        (LP: #1429140)
        - Changelog at: https://linuxcontainers.org/lxc/news/
      * Drop proxy detection from the autopkgtest exercise script.
      * Add patch:
        - 0001-Trusty-Swap-out-the-CVE-2015-1335-fix-with-the-trust.patch
          This is a patch by Serge Hallyn to cope with the trusty 3.13 kernel.
          It updates the upstream CVE fix to the version which trusty ended
          up with after the few round of fixes.
    
     -- Stéphane Graber <email address hidden>  Mon, 09 Nov 2015 18:15:31 -0500
  • lxc (1.0.7-0ubuntu0.10) trusty; urgency=medium
    
      * Update the /proc/self/mountinfo no-symlink verification to accomodate
        recursive mounts.  (LP: #1509752)
    
     -- Serge Hallyn <email address hidden>  Wed, 28 Oct 2015 12:21:38 -0500
  • lxc (1.0.7-0ubuntu0.9) trusty; urgency=medium
    
      * Update previous patch to include some extra apparmor rules.
        (LP: #1504781)
    
     -- Stéphane Graber <email address hidden>  Wed, 14 Oct 2015 13:59:48 -0700
  • lxc (1.0.7-0ubuntu0.8) trusty; urgency=medium
    
      * Update AppArmor profile from stable-1.0 branch which should fix the
        current test failures with the proposed 3.13 kernel. (LP: #1504781)
    
     -- Stéphane Graber <email address hidden>  Wed, 14 Oct 2015 09:04:17 -0700
  • lxc (1.0.7-0ubuntu0.7) trusty-security; urgency=medium
    
      * REGRESSION FIX UPDATE:
        - Avoid /./ (LP: #1501491)
    
     -- Serge Hallyn <email address hidden>  Wed, 30 Sep 2015 15:41:40 -0500
  • lxc (1.0.7-0ubuntu0.6) trusty-security; urgency=medium
    
      * Fix breakage of some configurations where // ends up in the mount
        target.  (LP: #1501310) (LP: #1476662)
    
     -- Serge Hallyn <email address hidden>  Wed, 30 Sep 2015 10:38:14 -0500
  • lxc (1.0.7-0ubuntu0.5) trusty-security; urgency=medium
    
      * SECURITY UPDATE: Arbitrary host file access and AppArmor
        confinement breakout via lxc-start following symlinks while
        setting up mounts within a malicious container (LP: #1476662).
        - debian/patches/0003-CVE-2015-1335.patch: block mounts to paths
          containing symlinks and block bind mounts from relative paths
          containing symlinks. Patch from upstream.
        - CVE-2015-1335
    
     -- Steve Beattie <email address hidden>  Tue, 22 Sep 2015 15:07:00 -0700
  • lxc (1.0.7-0ubuntu0.3) trusty-proposed; urgency=medium
    
      * lxclock: use .$lxcname for the actual lockname (LP: #1410876)
    
     -- Serge Hallyn <email address hidden>  Fri, 14 Aug 2015 19:08:37 -0500
  • lxc (1.0.7-0ubuntu0.2) trusty-security; urgency=medium
    
      * SECURITY UPDATE: Arbitrary file creation via unintentional symlink
        following when accessing an LXC lock file (LP: #1470842)
        - debian/patches/0001-CVE-2015-1331.patch: Use /run/lxc/lock, rather than
          /run/lock/lxc, as /run and /run/lxc is only writable by root. Based on
          patch from upstream.
        - CVE-2015-1131
      * SECURITY UPDATE: Container AppArmor/SELinux confinement breakout via
        lxc-attach using a potentially malicious container proc filesystem to
        initialize confinement (LP: #1475050)
        - debian/patches/0002-CVE-2015-1334.patch: Use the host's proc filesystem
          to set up AppArmor profile and SELinux domain transitions during
          lxc-attach. Based on patch from upstream.
        - CVE-2015-1334
    
     -- Tyler Hicks <email address hidden>  Fri, 17 Jul 2015 10:58:00 -0500
  • lxc (1.0.7-0ubuntu0.1) trusty; urgency=medium
    
      * New upstream bugfix release. (MRE tracking bug: LP: #1404039)
        - Changelog at: https://linuxcontainers.org/lxc/news/
      * Update debian/rules apparmor handling to match Ubuntu 14.10
     -- Stephane Graber <email address hidden>   Thu, 18 Dec 2014 17:50:38 -0500
  • lxc (1.0.6-0ubuntu0.1) trusty; urgency=medium
    
      * New upstream bugfix release. (MRE tracking bug: LP: #1373619)
        - Changelog at: https://linuxcontainers.org/news/
    
      * Include the SELinux examples.
     -- Stephane Graber <email address hidden>   Wed, 24 Sep 2014 16:48:10 -0400
  • lxc (1.0.5-0ubuntu0.1) trusty; urgency=medium
    
      * New upstream bugfix release. (MRE tracking bug: LP: #1341638)
        - Changelog at: https://linuxcontainers.org/news/
    
      * Sync packaging with utopic:
        - Enable ppc64el adt as we now have ppc64el images available for download.
     -- Stephane Graber <email address hidden>   Mon, 14 Jul 2014 11:49:20 -0400
  • lxc (1.0.4-0ubuntu0.1) trusty; urgency=medium
    
      * New upstream bugfix release. (MRE trackaging bug LP: #1329932)
        - Drop all existing patches (all applied upstream).
        - Fix lxc-attach failing from a different login session. (LP: #1315052)
        - Fix wrong cgroup on login to container. (LP: #1315521)
    
      * Cherry-pick upstream (stable branch) commits to fix testsuite under adt:
        - tests: Avoid the download template when possible
        - tests: Don't fail when HOME isn't defined
        - tests: apparmor: Always end with a newline
    
      * Sync packaging with utopic:
        - Depend on either cgmanager or cgroup-lite and recommend cgmanager.
          This should ensure systems get cgmanager by default even if cgroup-lite
          is already installed, yet makes it possible for the user to remove
          cgmanager if they really want to.
        - Remove hardcoded dependency on apparmor, instead generate it from
          rules so that the source package can be backported without changes (the
          right apparmor version will be picked up based on the release number).
        - Do not start lxc-instance in postinst without any instance specified,
          as that is an invalid request.
     -- Stephane Graber <email address hidden>   Sat, 14 Jun 2014 20:09:57 -0400
  • lxc (1.0.3-0ubuntu3) trusty; urgency=medium
    
      * Add a dependency on the new apparmor to make sure we have the new
        parser around before we attempt to load a profile requiring the new
        stanza support. (LP: #1304167)
     -- Stephane Graber <email address hidden>   Mon, 14 Apr 2014 10:10:40 -0400
  • lxc (1.0.3-0ubuntu2) trusty; urgency=medium
    
      * Cherry-pick upstream fix for cgmanager integration. (LP: #1303649)
     -- Stephane Graber <email address hidden>   Fri, 11 Apr 2014 12:17:41 -0400
  • lxc (1.0.3-0ubuntu1) trusty; urgency=medium
    
      * New upstream bugfix release.
      * Drop debian/patches/apparmor-signal-ptrace.patch, now upstream.
     -- Stephane Graber <email address hidden>   Tue, 08 Apr 2014 19:32:40 -0400
  • lxc (1.0.2-0ubuntu2) trusty; urgency=medium
    
      * updates for AppArmor signal and ptrace mediation (LP: #1298611)
        - debian/patches/apparmor-signal-ptrace.patch: add signal and ptrace rules
          to abstractions/container-base and abstractions/start-container
        - debian/rules: remove signal and ptrace rules for Ubuntu releases earlier
          than 14.04 LTS
     -- Jamie Strandboge <email address hidden>   Thu, 03 Apr 2014 07:06:56 -0500
  • lxc (1.0.2-0ubuntu1) trusty; urgency=medium
    
      * New upstream bugfix release.
      * Update packaging from daily branch.
        - Build-depend on libcgmanager-dev
        - Build-depend on libseccomp-dev for armhf too
        - Move rsync dependency from lxc to liblxc1
        - Stop recommending cgroup-lite | cgroup-bin (replace by cgmanager)
        - Stop recommending libcap2-bin (lxc-setcap was dropped ages ago)
        - Stop recommending openssl from lxc (only used by templates)
        - Move uidmap recommend from lxc to liblxc1
        - Recommend busybox-static for lxc-templates
        - Add cgmanager as a dependency of liblxc1
        - Enable cgmanager support in LXC (LP: #1279048)
        - Drop cgroup-lite test suite dependency.
        - Update testsuite runner to work inside an unprivileged container.
        - Update testsuite runner to work in the LXC CI environment.
     -- Stephane Graber <email address hidden>   Thu, 27 Mar 2014 23:18:11 -0400
  • lxc (1.0.1-0ubuntu1) trusty; urgency=medium
    
      * New upstream bugfix release. (LP: #1246094, LP: #1277466)
        Changelog at: https://linuxcontainers.org/news
      * Add xz-utils to lxc-templates' dependencies.
     -- Stephane Graber <email address hidden>   Fri, 07 Mar 2014 12:18:28 -0500
  • lxc (1.0.0-0ubuntu4) trusty; urgency=medium
    
      * Tweak autopkgtest proxy detection to hopefully detect the right
        proxy on the armhf testers...
     -- Stephane Graber <email address hidden>   Sat, 22 Feb 2014 00:28:50 -0500
  • lxc (1.0.0-0ubuntu3) trusty; urgency=medium
    
      * Add debootstrap to autopkgtest dependencies.
     -- Stephane Graber <email address hidden>   Fri, 21 Feb 2014 22:24:03 -0500
  • lxc (1.0.0-0ubuntu2) trusty; urgency=medium
    
      * Update autopkgtest script to detect:
        - ppc64el
        - running in a container
        - running on an older kernel
     -- Stephane Graber <email address hidden>   Fri, 21 Feb 2014 20:16:44 -0500
  • lxc (1.0.0-0ubuntu1) trusty; urgency=medium
    
      * New upstream release (1.0.0).
      * Replace liblxc0 by liblxc1.
     -- Stephane Graber <email address hidden>   Thu, 20 Feb 2014 13:53:18 -0500
  • lxc (1.0.0~rc4-0ubuntu1) trusty; urgency=medium
    
      * New upstream release (1.0.0~rc4).
     -- Stephane Graber <email address hidden>   Wed, 19 Feb 2014 15:04:25 -0500
  • lxc (1.0.0~rc3-0ubuntu1) trusty; urgency=medium
    
      * New upstream release (1.0.0~rc3).
     -- Stephane Graber <email address hidden>   Mon, 17 Feb 2014 22:16:17 -0500
  • lxc (1.0.0~rc1-0ubuntu2) trusty; urgency=medium
    
      * Re-add adt proxy workaround, it should have been fixed in adt but
        apparently it's not, so keep hardcoding the right values for now.
     -- Stephane Graber <email address hidden>   Thu, 13 Feb 2014 23:55:59 -0500
  • lxc (1.0.0~rc1-0ubuntu1) trusty; urgency=medium
    
      * New upstream release (1.0.0~rc1).
      * Drop dont_crash_log_init.patch: upstreamed
      * Drop adt proxy workaround (fixed in adt).
      * Make lxc-templates arch:any since unfortunately lxc-sshd hardcodes
        some paths...
     -- Stephane Graber <email address hidden>   Thu, 13 Feb 2014 18:58:51 -0500
  • lxc (1.0.0~beta4-0ubuntu2) trusty; urgency=medium
    
      * debian/patches/dont_crash_log_init.patch: don't crash if no name is passed
        to lxc_log_init(), such as is the case with lxc-autostart. (LP: #1277450)
     -- Mathieu Trudel-Lapierre <email address hidden>   Fri, 07 Feb 2014 07:06:50 -0500
  • lxc (1.0.0~beta4-0ubuntu1) trusty; urgency=medium
    
      * New upstream release (1.0.0~beta4). (LP: #1273769)
      * Move uidmap from Depends to Recommends.
      * Drop duplicate python3 cflags (LP: #1272948)
      * Tweak adt to use a proxy server.
     -- Stephane Graber <email address hidden>   Thu, 06 Feb 2014 19:32:23 -0500
  • lxc (1.0.0~beta3-0ubuntu1) trusty; urgency=medium
    
      * New upstream release (1.0.0~beta3).
      * Drop Build-conflict and instead pass --disable-lua.
      * Update autopkgtests to dynamically run all upstream tests.
      * Create /etc/lxc/lxc-usernet if missing.
      * Apparmor profiles and upstart jobs are now upstream (drop from packaging).
      * Bash completetion is now upstream.
      * Update lintian overrides.
      * DEPRECATED: lxc-aa-custom-profile has been dropped, instead use the
        examples in the default configuration file.
      * DEPRECATED: lxc-list has been dropped. Use "lxc-ls -f" instead.
      * DEPRECATED: lxc-halt has been dropped. Use "lxc-stop" instead.
     -- Stephane Graber <email address hidden>   Mon, 27 Jan 2014 14:40:48 +0000
  • lxc (1.0.0~beta2-0ubuntu2) trusty; urgency=medium
    
      * Build python3 extension for all supported python versions. LP: #127236.
      * Build-conflict with lua5.2*, the packaging is not ready for it.
     -- Matthias Klose <email address hidden>   Sun, 26 Jan 2014 09:57:03 +0100
  • lxc (1.0.0~beta2-0ubuntu1) trusty; urgency=medium
    
      * New upstream release (1.0.0~beta2).
      * Removed patches (no remaining):
        - 0000-add-autostart.patch
        - 0001-fix-lxc-usernsexec-regression.patch
      * Update packaging for upstream's implementation of autostart.
      * Allow dbus in lxc-start apparmor profile (needed by the avahi hook).
     -- Stephane Graber <email address hidden>   Wed, 15 Jan 2014 20:22:45 -0500
  • lxc (1.0.0~beta1-0ubuntu3) trusty; urgency=medium
    
      * Add lxc-container-with-mounting apparmor profile.
      * Add iptables rules to always allow DHCP and DNS from the containers
        to the host.
     -- Stephane Graber <email address hidden>   Wed, 01 Jan 2014 14:37:49 +0100
  • lxc (1.0.0~beta1-0ubuntu2) trusty; urgency=medium
    
      * d/p/0001-fix-lxc-usernsexec-regression.patch: fix a regression breaking
        lxc-usernsexec and, through that, all unprivileged container use.
     -- Serge Hallyn <email address hidden>   Thu, 19 Dec 2013 14:04:58 -0600
  • lxc (1.0.0~beta1-0ubuntu1) trusty; urgency=medium
    
      * New upstream release (1.0.0~beta1).
      * Removed patches:
        - 0001-lxcapi_clone-set-the-right-environment-variable-for-.patch
        - 0002-don-t-fail-lxc-init-if-we-couldn-t-mount-proc.patch
     -- Stephane Graber <email address hidden>   Tue, 17 Dec 2013 15:52:17 -0500
  • lxc (1.0.0~alpha3-0ubuntu8) trusty; urgency=low
    
      * Add iptables rule to fix checksum of udp packets for dhcp  (LP: #930962)
     -- Serge Hallyn <email address hidden>   Tue, 10 Dec 2013 11:27:09 -0600
  • lxc (1.0.0~alpha3-0ubuntu7) trusty; urgency=low
    
      * Add a lxc-default-with-mounting profile which allows the container to
        mount block filesystems.  (LP: #1257389)
     -- Serge Hallyn <email address hidden>   Mon, 09 Dec 2013 13:19:31 -0600
  • lxc (1.0.0~alpha3-0ubuntu6) trusty; urgency=low
    
      * lxc-net: detect whether iptables -w flag is supported, so that backports
        won't be broken.
     -- Serge Hallyn <email address hidden>   Mon, 02 Dec 2013 21:06:47 -0600
  • lxc (1.0.0~alpha3-0ubuntu5) trusty; urgency=low
    
      * Add -w to iptables calls in lxc-net (LP: #1257117)
     -- Serge Hallyn <email address hidden>   Mon, 02 Dec 2013 17:49:28 -0600
  • lxc (1.0.0~alpha3-0ubuntu4) trusty; urgency=low
    
      * Build-depend on libgnutls-dev for template checksuming.
     -- Stephane Graber <email address hidden>   Fri, 29 Nov 2013 20:16:56 -0500
  • lxc (1.0.0~alpha3-0ubuntu3) trusty; urgency=low
    
      * d/p/0002-don-t-fail-lxc-init-if-we-couldn-t-mount-proc.patch: fix
        failure to run lxc-init when lxc.cap.drop=sys_admin.  (LP: #1253669)
     -- Serge Hallyn <email address hidden>   Fri, 22 Nov 2013 15:57:59 -0600
  • lxc (1.0.0~alpha3-0ubuntu2) trusty; urgency=low
    
      * Cherry-pick fix for lxc-clone hook script environment variable.
        0001-lxcapi_clone-set-the-right-environment-variable-for-.patch
        (LP: #1253573)
     -- Stephane Graber <email address hidden>   Thu, 21 Nov 2013 10:29:45 -0500
  • lxc (1.0.0~alpha3-0ubuntu1) trusty; urgency=low
    
      * New upstream release (1.0.0~alpha3).
      * Removed patches:
        - 0001-debian-template-set-hwaddr
        - 0002-lxc-start-if-we-pass-in-a-config-file-then-don-t-use.patch
        - get_rid_of_lxcpath_anon_idea.patch
     -- Stephane Graber <email address hidden>   Fri, 15 Nov 2013 16:31:01 -0500
  • lxc (1.0.0~alpha2-0ubuntu6) trusty; urgency=low
    
      * d/p/0002-lxc-start-if-we-pass-in-a-config-file-then-don-t-use.patch
        fix lxc-start -with -f option to not use multiple configuration
        files (LP: #1251352)
     -- Serge Hallyn <email address hidden>   Thu, 14 Nov 2013 14:19:02 -0600
  • lxc (1.0.0~alpha2-0ubuntu5) trusty; urgency=low
    
      [ Serge Hallyn]
      * debian/rules and debian/lxc.postinst: set /var/lib/lxc and /var/cache/lxc
        to be perms 700.  That prevents unprivileged users from running setuid-root
        applications.  Install that way by default, and for any previous versions,
        update the permissions.  After this version, respect the user's choice.
        (LP: #1244635)
    
      [ Stéphane Graber ]
      * Allow lxc.conf to start even if LXC_AUTO=false so that other jobs
        can depend on it. Also make sure we always load our apparmor profiles.
        (LP: #1227937)
     -- Stephane Graber <email address hidden>   Tue, 29 Oct 2013 12:15:21 -0400
  • lxc (1.0.0~alpha2-0ubuntu4) trusty; urgency=low
    
      * get_rid_of_lxcpath_anon_idea.patch: allow lxc-stop and lxc-attach to
        work more easily with containers started with a custom config (-f).
        (LP: #1244301)
     -- Serge Hallyn <email address hidden>   Thu, 24 Oct 2013 11:55:06 -0500
  • lxc (1.0.0~alpha2-0ubuntu3) trusty; urgency=low
    
      * Fix syntax error in upstart job.
     -- Stephane Graber <email address hidden>   Mon, 21 Oct 2013 18:51:36 -0400
  • lxc (1.0.0~alpha2-0ubuntu2) trusty; urgency=low
    
      * Set lxcpath in lxc-instance, that should make the containers visible
        in lxc-ls and other tools again. (LP: #1242074)
     -- Stephane Graber <email address hidden>   Mon, 21 Oct 2013 15:27:05 -0400
  • lxc (1.0.0~alpha2-0ubuntu1) trusty; urgency=low
    
      * New upstream release (1.0.0~alpha2).
      * Removed patches:
        - 0002-pin_rootfs-be-quiet-and-don-t-fail-container-start.patch
        - 0003-move-monitor-fifo-and-monitor-sock-to-run.patch
        - 0004-hash-lxcname-for-use-in-monitor-unix-socket-sun_path.patch
        - 0005-ignore-ability-to-init-lxc-monitord.log.patch
        - 0006-add-pstore-to-container-fstab.patch
        - 0007-apparmor.c-drop-newline-when-reading-current-profile.patch
        - 0008-Fix-crasher-in-get_ips.patch
        - 0009-lxc-ubuntu-cloud-pass-numeric-owner-and-p-to-untar.patch
        - 0010-lxc-ubuntu-cloud-Cope-with-spaces-in-paths.patch
        - 0011-ubuntu-cloud-prep-hook-fix-debug-helper-to-not-inapp.patch
      * Change website to new URL (http://linuxcontainers.org).
      * Build with the test binaries and introduce a new lxc-tests package.
      * Don't build any of the binary packages on !linux.
      * Enable SELinux support.
      * Add watch file.
     -- Stephane Graber <email address hidden>   Mon, 21 Oct 2013 09:17:18 -0400
  • lxc (1.0.0~alpha1-0ubuntu11) saucy; urgency=low
    
      * Deny any kind of access to /sys/kernel/security/** as the containers
        have no reason to read that and it's been causing dbus-daemon to think
        it can integrate with apparmor.
     -- Stephane Graber <email address hidden>   Thu, 10 Oct 2013 12:58:54 -0400