-
lxc (3.0.3-0ubuntu1~16.04.1) xenial-backports; urgency=medium
* Backport to Xenial.
-- Stéphane Graber <email address hidden> Wed, 19 Dec 2018 23:25:28 -0500
-
lxc (3.0.2-0ubuntu4~16.04.1) xenial-backports; urgency=medium
* Backport to Xenial.
-- Stéphane Graber <email address hidden> Wed, 07 Nov 2018 18:38:06 -0500
-
lxc (3.0.1-0ubuntu1~16.04.2) xenial-backports; urgency=medium
* SECURITY UPDATE: lxc-user-nic allows for open() of arbitrary paths
(LP: #1783591)
- Ensure that the provided path is a netns reference
- CVE-2018-6556
-- Stéphane Graber <email address hidden> Wed, 01 Aug 2018 00:03:10 -0400
-
lxc (3.0.1-0ubuntu1~16.04.1) xenial-backports; urgency=medium
* Backport to Xenial.
-- Stéphane Graber <email address hidden> Thu, 28 Jun 2018 19:54:15 -0400
-
lxc (2.0.11-0ubuntu1~16.04.3) xenial; urgency=medium
* Cherry-pick upstream bugfix (fixes regression on attach with uid/gid):
- attach: improve id switching
- utils: make id switching functions return bool
lxc (2.0.11-0ubuntu1~16.04.2) xenial; urgency=medium
* Use clean LDFLAGS when building the static init.lxc, otherwise we
end up with broken binaries on some architectures.
lxc (2.0.11-0ubuntu1~16.04.1) xenial; urgency=medium
* New upstream bugfix release (2.0.11) (LP: #1816642)
- Security fix for CVE-2018-6556 (affecting 2.0.9+)
- Mitigation for CVE-2019-5736
- Full changelog available at:
https://discuss.linuxcontainers.org/t/lxc-2-0-11-has-been-released/4238
-- Stéphane Graber <email address hidden> Tue, 09 Apr 2019 13:58:10 -0400
-
lxc (2.0.11-0ubuntu1~16.04.2) xenial; urgency=medium
* Use clean LDFLAGS when building the static init.lxc, otherwise we
end up with broken binaries on some architectures.
lxc (2.0.11-0ubuntu1~16.04.1) xenial; urgency=medium
* New upstream bugfix release (2.0.11) (LP: #1816642)
- Security fix for CVE-2018-6556 (affecting 2.0.9+)
- Mitigation for CVE-2019-5736
- Full changelog available at:
https://discuss.linuxcontainers.org/t/lxc-2-0-11-has-been-released/4238
-- Stéphane Graber <email address hidden> Tue, 09 Apr 2019 12:36:36 -0400
-
lxc (2.0.11-0ubuntu1~16.04.1) xenial; urgency=medium
* New upstream bugfix release (2.0.11) (LP: #1816642)
- Security fix for CVE-2018-6556 (affecting 2.0.9+)
- Mitigation for CVE-2019-5736
- Full changelog available at:
https://discuss.linuxcontainers.org/t/lxc-2-0-11-has-been-released/4238
-- Stéphane Graber <email address hidden> Mon, 04 Mar 2019 15:07:19 -0500
-
lxc (2.0.8-0ubuntu1~16.04.2) xenial; urgency=medium
* Cherry-pick upstream workaround for ppc64el failure:
- 0011-utils-fix-ppc64le-builds.patch
-- Stéphane Graber <email address hidden> Mon, 29 May 2017 14:37:15 -0400
-
lxc (2.0.8-0ubuntu1~16.04.1) xenial; urgency=medium
* New upstream bugfix release (2.0.8) (LP: #1691911):
- Security fix for CVE-2017-5985 (previously fixed in Ubuntu)
- All templates have been updated to not set default passwords anymore,
instead requiring lxc-attach be used to configure users.
This may affect some automated environments that were relying on our
default (very much insecure) users.
- Make lxc-start-ephemeral Python 3.2-compatible
- Fix typo
- Allow build without sys/capability.h
- lxc-opensuse: fix default value for release code
- util: always malloc for setproctitle
- util: update setproctitle comments
- confile: clear lxc.network..ipv{4,6} when empty
- lxc_setup_tios(): Ignore SIGTTOU and SIGTTIN signals
- Make lxc-net return non-zero on failure
- seccomp: allow x32 guests on amd64 hosts.
- Add HAVE_LIBCAP
- c/r: only supply --ext-mount-map for bind mounts
- Added 'mkdir -p' functionality in create_or_remove_cgroup
- Use LXC_ROOTFS_MOUNT in clonehostname hook
- squeeze is not a supported release anymore, drop the key
- start: dumb down SIGCHLD from WARN() to NOTICE()
- log: fix lxc_unix_epoch_to_utc()
- cgfsng: make trim() safer
- seccomp: set SCMP_FLTATR_ATL_TSKIP if available
- lxc-user-nic: re-order #includes
- lxc-user-nic: improve + bugfix
- lxc-user-nic: delete link on failure
- conf: only try to delete veth when privileged
- Fix lxc-containers to support multiple bridges
- Fix mixed tab/spaces in previous patch
- lxc-alpine: use dl-cdn.a.o as default mirror instead of random one
- lxc-checkconfig: verify new[ug]idmap are setuid-root
- [templates] archlinux: resolve conflicting files
- [templates] archlinux: noneed default_timezone variable
- python3: Deal with potential NULL char*
- lxc-download.in / allow setting keyserver from env
- lxc-download.in / Document keyserver change in help
- Change variable check to match existing style
- tree-wide: include directly
- conf/ile: make sure buffer is large enough
- tree-wide: include directly
- tests: Support running on IPv6 networks
- tests: Kill containers (don't wait for shutdown)
- Fix opening wrong file in suggest_default_idmap
- do not set the root password in the debian template
- do not set insecure passwords
- don't set a default password for altlinux, gentoo, openmandriva and pld
- tools: exit with return code of lxc_execute()
- Keep veth.pair.name on network shutdown
- Makefile: fix static clang init.lxc build
- Avoid waiting for bridge interface if disabled in sysconfig/lxc
- Increased buffer length in print_stats()
- avoid assigning to a variable which is not POSIX shell proof (bug #1498)
- remove obsolete note about api stability
- conf: less error prone pointer access
- conf: lxc_map_ids() non-functional changes
- caps: add lxc_{proc,file}_cap_is_set()
- conf: check for {filecaps,setuid} on new{g,u}idmap
- conf: improve log when mounting rootfs
- ls: simplify the judgment condition when list active containers
- fix typo introduced in #1509
- attach|unshare: fix the wrong comment
- caps: skip file capability checks on android
- autotools: check for cap_get_file
- caps: return false if caps are not supported
- conf: non-functional changes to setup_pts()
- conf: use bind-mount for /dev/ptmx
- conf: non-functional changes
- utils: use loop device helpers from LXD
- create ISSUE_TEMPLATE.md
- cgroups: improve cgfsng debugging
- issue template: fix typo
- conf: close fd in lxc_setup_devpts()
- conf: non-functional changes
- utils: tweak lxc_mount_proc_if_needed()
- Change sshd template to work with Ubuntu 17.04
- conf: order mount options
- conf: add MS_LAZYTIME to mount options
- monitor: report errno on exec() error
- af unix: allow for maximum socket name
- commands: avoid NULL pointer dereference
- commands: non-functional changes
- lxccontainer: avoid NULL pointer dereference
- monitor: simplify abstract socket logic
- precise is not the latest LTS, let's use xenial instead
- fix the wrong exit status
- conf: non-functional changes lxc_fill_autodev()
- conf: remove /dev/console from lxc_fill_autodev()
- conf: non-functional changes lxc_setup()
- conf: non-functional changes to console functions
- conf: improve lxc_setup_dev_console()
- conf: lxc_setup_ttydir_console()
- config: remove /dev/console bind mount
- doc: document console behavior
- utils: add lxc_unstack_mountpoint()
- conf: unstack all mounts atop /dev/console
- console: fail when we cannot allocate peer tty
- start: remove umount2()
- conf: non-functional changes
- utils: handle > 2^31 in lxc_unstack_mountpoint()
- Install systemd units for CentOS
- Merge ubuntu and debiancase
- start: add crucial details about lxc_spawn()
* Cherry-pick some upstream fixes:
- conf{,ile}: allow one to clear all config items
- start: pin rootfs when privileged
- conf: fix build without libcap
- start: don't call lxc_map_ids() without id map
- lxc-attach: allow for situations without /dev/tty
- utils: fix num parsing functions
- tests: lxc_safe_{u}int() add corner-case tests
* Fix broken proxy detection in debian/tests/exercise
* Only move lxc bash completion from /etc if we installed it there
* Update tests to deal with cgroupv2 tree (recent systemd)
* Drop un-needed lintian override
-- Stéphane Graber <email address hidden> Thu, 18 May 2017 23:08:57 -0400
-
lxc (2.0.7-0ubuntu1~16.04.2) xenial-security; urgency=medium
* SECURITY UPDATE: lxc-user-nic doesn't check netns ownership (LP: #1654676)
- Ensure target netns is caller-owned
- CVE-2017-5985
-- Stéphane Graber <email address hidden> Tue, 07 Mar 2017 14:37:03 -0500
-
lxc (2.0.7-0ubuntu1~16.04.1) xenial; urgency=medium
* New upstream bugfix release (2.0.7) (LP: #1660844)
- attach: Close lsm label file descriptor
- attach: Non-functional changes
- attach: Simplify lsm_openat()
- caps: Add lxc_cap_is_set()
- conf: attach: Save errno across call to close
- conf: Clearly report to either use drop or keep
- conf: criu: Add make_anonymous_mount_file()
- conf: Fix suggest_default_idmap()
- configure: Add --enable-gnutls option
- configure: Check for memfd_create()
- configure: Check whether gettid() is declared
- configure: Do not allow variable length arrays
- configure: Remove -Werror=vla
- configure: Use AC_HEADER_MAJOR to detect major()/minor()/makedev()
- conf: Non-functional changes
- conf: Remove thread-unsafe strsignal + improve log
- init: Add cgroupfs-mount to Should-Start/Stop sysvinit LSB headers
- log: Add lxc_unix_epoch_to_utc()
- log: Annotate lxc_unix_epoch_to_utc()
- log: Drop all timezone conversion functions
- log: Make sure that date is correctly formatted
- log: Use lxc_unix_epoch_to_utc()
- log: Use N/A if getpid() != gettid() when threaded
- log: Use thread-safe localtime_r()
- lvm: Suppress warnings about leaked files
- lxccontainer: Log failure to send sig to init pid
- monitor: Add more logging
- monitor: Close mainloop on exit if we opened it
- monitor: Improve log + set log level to DEBUG
- monitor: Log which pipe fd is currently used
- monitor: Make lxc-monitord async signal safe
- monitor: Non-functional changes
- python3-lxc: Fix api_test.py on s390x
- start: Check for CAP_SETGID before setgroups()
- start: Fix execute and improve setgroups() calls
- state: Use async signal safe fun in lxc_wait()
- templates: lxc-debian: Don't read from /usr/lib/systemd on the host
- templates: lxc-debian: Fix getty service startup
- templates: lxc-debian: Fix typo with dpkg --print-foreign-architectures
- templates: lxc-debian: Handle ppc hostarch -> powerpc
- templates: lxc-opensuse: Change openSUSE default release to Leap 42.2
- templates: lxc-opensuse: Remove libgcc_s1
- templates: lxc-opensuse: Remove poweroff.target -> sigpwr.target copy
- templates: lxc-opensuse: Set to be unconfined by AppArmor
- templates: lxc-opensuse: Update for Leap 42.2
- tests; Don't cause test failures on cleanup errors
- tests: Skip unpriv tests on broken overlay module
- tools: Improve logging
- tools: lxc-start: Remove c->is_defined(c) check
- tools: lxc-start: Set configfile after load_config
- tools: Only check for O_RDONLY
- tree-wide: Random macro cleanups
- tree-wide: Remove any variable length arrays
- tree-wide: Sic semper assertis!
- utils: Add macro __LXC_NUMSTRLEN
- utils: Add uid, gid, group convenience wrappers
* Cherry-pick upstream bugfix:
- 0002-Make-lxc-start-ephemeral-Python-3.2-compatible.patch
* Resolve lintian warnings
- Drop un-needed overrides
- Fix typos in debian/control
-- Stéphane Graber <email address hidden> Tue, 31 Jan 2017 18:37:52 -0500
-
lxc (2.0.6-0ubuntu1~ubuntu16.04.2) xenial; urgency=medium
* Cherry-pick upstream bugfix:
- 0003-tools-only-check-for-O_RDONLY.patch (LP: #1653725)
-- Stéphane Graber <email address hidden> Wed, 04 Jan 2017 19:52:32 -0500
-
lxc (2.0.6-0ubuntu1~ubuntu16.04.1) xenial; urgency=medium
* New upstream bugfix release (2.0.6) (LP: #1647010):
- Security fix for CVE-2016-8649
- utils: make detect_ramfs_rootfs() return bool
- tests: add test for detect_ramfs_rootfs()
- add Documentation entries to lxc and lxc@ units
- mark the python examples as having utf-8 encoding
- log: sanity check the returned value from snprintf()
- lxc-alpine: mount /dev/shm as tmpfs
- archlinux: Do DHCP on eth0
- archlinux: Fix resolving
- Drop leftover references to lxc_strerror()
- tests: fix image download for s390x
- tools: fix coding style in lxc_attach
- tools: make overlay valid backend
- tools: better error reporting for lxc-start
- alpine: Fix installing extra packages
- lxc-alpine: do not drop setfcap
- s390x: Fix seccomp handling of personalities
- tools: correct the argument typo in lxc_copy
- Use libtool for liblxc.so
- c/r: use --external instead of --veth-pair
- c/r: remember to increment netnr
- c/r: add checkpoint/restore support for macvlan interfaces
- ubuntu: Fix package upgrades requiring proc
- c/r: drop duplicate hunk from macvlan case
- c/r: use snprintf to compute device name
- Tweak libtool handling to work with Android
- tests: add lxc_error() and lxc_debug()
- container start: clone newcgroup immediately
- use python3_sitearch for including the python code
- fix rpm build, include all built files, but only once
- cgfs: fix invalid free()
- find OpenSUSE's build also as obs-build
- improve help text for --fancy and --fancy-format
- improve wording of the help page for lxc-ls
- cgfs: add print_cgfs_init_debuginfo()
- cgfs: skip empty entries under /proc/self/cgroup
- cgfs: explicitly check for NULL
- tools: use correct exit code for lxc-stop
- c/r: explicitly emit bind mounts as criu arguments
- log: bump LXC_LOG_BUFFER_SIZE to 4096
- conf: merge network namespace move & rename on shutdown
- c/r: save criu's stdout during dump too
- c/r: remove extra \ns from logs
- c/r: fix off-by-one error
- c/r: check state before doing a checkpoint/restore
- start: CLONE_NEWCGROUP after we have setup cgroups
- create symlink for /var/run
- utils: add lxc_append_string()
- cgroups: remove isolated cpus from cpuset.cpus
- Update Ubuntu release name: add zesty and remove wily
- templates: add squashfs support to lxc-ubuntu-cloud.in
- cgroups: skip v2 hierarchy entry
- also stop lxc-net in runlevels 0 and 6
- add lxc.egg-info to gitignore
- install bash completion where pkg-config tells us to
- conf: do not use %m format specifier
- debian: Don't depend on libui-dialog-perl
- cgroups: use %zu format specifier to print size_t
- lxc-checkpoint: automatically detect if --external or --veth-pair
- cgroups: prevent segfault in cgfsng
- utils: add lxc_preserve_ns()
- start: add netnsfd to lxc_handler
- conf: use lxc_preserve_ns()
- attach: use lxc_preserve_ns()
- lxc_user_nic: use lxc_preserve_ns()
- conf, start: improve log output
- conf: explicitly remove veth device from host
- conf, start: be smarter when deleting networks
- start, utils: improve preserve_ns()
- start, error: improve log + non-functional changes
- start, namespace: move ns_info to namespace.{c,h}
- attach, utils: bugfixes
- attach: use ns_info[LXC_NS_MAX] struct
- namespace: always attach to user namespace first
- cgroup: improve isolcpus handling
- cgroups: handle non-existent isolcpus file
- utils: add lxc_safe_uint()
- tests: add unit tests for lxc_safe_uint()
- utils: add lxc_safe_int()
- tests: add unit tests for lxc_safe_int()
- conf/ile: get ip prefix via lxc_safe_uint()
- confile: use lxc_safe_u/int in config_init_{u,g}id
- conf/ile: use lxc_safe_uint() in config_pts()
- conf/ile: use lxc_safe_u/int() in config_start()
- conf/ile: use lxc_safe_uint() in config_monitor()
- conf/ile: use lxc_safe_uint() in config_tty()
- conf/ile: use lxc_safe_uint() in config_kmsg()
- conf/ile: avoid atoi in config_lsm_aa_incomplete()
- conf/ile: use lxc_safe_uint() in config_autodev()
- conf/ile: avoid atoi() in config_ephemeral()
- utils: use lxc_safe_int()
- lxc_monitord: use lxc_safe_int() && use exit()
- start: use lxc_safe_int()
- conf: use lxc_safe_{u}int()
- tools/lxc_execute: use lxc_safe_uint()
- tools/lxc_stop: use lxc_safe_uint()
- utils: add lxc_safe_long()
- tests: add unit tests for lxc_safe_long()
- tools/lxc_stop: use lxc_safe_long()
- tools/lxc_top: use lxc_safe_int()
- tools/lxc_ls: use lxc_safe_uint()
- tools/lxc_autostart: use lxc_safe_{int,long}()
- tools/lxc_console: use lxc_safe_uint()
- tools: replace non-standard namespace identifiers
- Configure a static MAC address on the LXC bridge
- tests: remove overflow tests
- attach: do not send procfd to attached process
* Remaining patches:
- 0001-Allocate-new-lxcbr0-subnet-at-startup-time.patch
* Cherry-pick bugfix from upstream:
- tests: Don't cause test failures on-cleanup errors
* Autopkgtest:
- Re-enable lxc-test-ubuntu on yakkety/zesty (template was fixed).
- Workaround autopkgtest failures when using gpg2 with dirmngr.
- Restrict tests to run on standalone systems.
-- Stéphane Graber <email address hidden> Fri, 02 Dec 2016 23:15:21 -0500
-
lxc (2.0.5-0ubuntu1~ubuntu16.04.3) xenial-security; urgency=medium
* SECURITY UPDATE: Escape through ptrace and inherited fd (LP: #1639345)
- attach: Do not send procfd to attached process
- CVE-2016-8649
-- Stéphane Graber <email address hidden> Tue, 22 Nov 2016 00:49:00 -0500
-
lxc (2.0.5-0ubuntu1~ubuntu16.04.2) xenial; urgency=medium
* Cherry-pick bugfix from upstream:
- s390x: Fix seccomp handling of personalities (LP: #1635639)
-- Stéphane Graber <email address hidden> Fri, 21 Oct 2016 12:39:18 -0400
-
lxc (2.0.5-0ubuntu1~ubuntu16.04.1) xenial; urgency=medium
* New upstream bugfix release (2.0.5) (LP: #1632144)
- Fix .gitignore after /tools/ split
- Add lxc-test-utils to .gitignore
- bdev: use correct overlay module name
- cleanup: tools: remove --name from lxc-top usage message
- cleanup: whitespaces in option alignment for lxc-execute
- Use full GPG fingerprint instead of long IDs.
- tools: move --rcfile to the common options list
- tools: set configfile after load_config
- doc: add --rcfile to common opts
- doc: Update Korean lxc-attach(1)
- doc: Add --rcfile to Korean common opts
- doc: Add --rcfile to Japanese common opts
- tools: use exit(EXIT_*) everywhere
- tools: unify exit() calls outside of main()
- utils: Add mips signalfd syscall numbers
- seccomp: Implement MIPS seccomp handling
- seccomp: Add mips and mips64 entries to lxc_config_parse_arch
- seccomp: fix strerror()
- confile: add more archs to lxc_config_parse_arch()
- seccomp: add support for s390x
- seccomp: remove double include and order includes
- seccomp: non functional changes
- templates: use fd 9 instead of 200
- templates: fedora requires openssl binary
- tools: use boolean for ret in lxc_device.c
- c/r: use /proc/self/tid/children instead of pidfile
- c/r: Fix pid_t on some arches
- templates: Add mips hostarch detection to debian
- cleanup: replace tabs wth spaces in usage strings
- remove extra 'ret'
- c/r: write status only after trying to parse the pid
- set FULL_PATH_NAMES=NO in doc/api/Doxyfile
- templates: rm halt.target -> sigpwr.target symlink
- templates: remove creation of bogus directory
- console: use correct log name
- configure: add --disable-werror
- tests: fix get_item tests
- templates: use correct cron version in alpine template
- c/r: zero a smaller than known migrate_opts struct
- lxczfs: small fixes
- c/r: free valid_opts if necessary
- make rsync deal with sparse files efficiently
- lxc-create -t debian fails on ppc64el arch
- c/r: fix typo in comment
- cgroup: add new functions for interacting with hierachies
- utils: add lxc_deslashify
- c/r: pass --cgroup-roots on checkpoint
- cgroup: get rid of weird hack in cgfsng_escape
- cgroup: drop cgroup_canonical_path
- c/r: check that cgroup_num_hierarchies > 0
- tools: do not add trailing spaces on lxc-ls -1
- conf: retrieve mtu from netdev->link
- conf: try to retrieve mtu from veth
- c/r: detatch from controlling tty on restore
- Fix null derefence if attach is called without access to any tty
- utils: fix lxc_string_split()
- tools: lxc_deslashify() handle special cases
- tests: add unit tests for lxc_deslashify()
- Fix for ALTLinux container creation in all branches
- utils: lxc_deslashify() free memory
- Fix spelling of CentOS in the templates
- Define LXC_DEVEL to detect development releases
- tools: lxc-checkconfig conditionalize devpts check
* Drop all cherry-pick patches, now upstream.
* Update to newer standards. Drop un-needed debian/control field.
* Address all lintian messages.
* Sync packaging with Yakkety's.
-- Stéphane Graber <email address hidden> Mon, 10 Oct 2016 19:11:02 -0400
-
lxc (2.0.4-0ubuntu1~ubuntu16.04.2) xenial; urgency=medium
* Cherry-pick from upstream (fixes checkpoint/restore regression):
- 0003-c-r-use-proc-self-tid-children-instead-of-pidfile.patch
- 0004-c-r-Fix-pid_t-on-some-arches.patch
lxc (2.0.4-0ubuntu1~ubuntu16.04.1) xenial; urgency=medium
* New upstream bugfix release (2.0.4) (LP: #1615099):
- core: Add a prefix to the lxc.pc
- core: Add flag in mount_entry to skip NODEV in case of a
persistent dev entry
- core: Add missing cgroup namespace to ns_info struct
- core: attach: setns instead of unshare in lxc-attach
- core: bdev: Add subdirectories to search path
- core: bdev: Be smarter about btrfs subvolume detection
- core: cgfsng: Don't pre-calculate path
- core: cgfsng: Fix is_lxcfs() and is_cgroupfs()
- core: cgroups: Move cgroup files to common subfolder
- core: conf: Set pty_info to NULL after free
- core: Detect if we should send SIGRTMIN+3
- core: Replace readdir_r() with readdir()
- core: Set up MTU for vlan-type interfaces.
- core: tools, tests: Reorganize repo
- c/r: Add support for CRIU's --action-script
- c/r: Add support for ghost-limit in CRIU
- c/r: Drop in-flight connections during CRIU dump
- c/r: Initialize migrate_opts properly
- c/r: Make local function static
- c/r: Replace tmpnam() with mkstemp()
- c/r: Store criu version
- c/r: Use PRIu64 format specifier
- doc: Fix typo found by lintian
- doc: Update Japanese lxc-attach(1)
- doc: Update lxc-attach(1)
- lxc-attach: Add -f option (rcfile)
- lxc-attach: Cleanup whitespaces
- lxc-create: Add missing newline in output
- lxc-ls: Use correct runtime path
- templates: alpine: Add support for new arch
- templates: alpine: Mount tmpfs under /run
- templates: debian: Add more quotes to variables (at least $rootfs
should now be covered)
- templates: debian: Avoid noisy perl warnings caused by missing locales
- templates: debian: fix regression when creating wheezy containers
- templates: debian: Make shellcheck (Ubuntu: 0.3.7-5 amd64) most
possible happy
- tests: Add unit tests for lxc_string_in_array()
- tests: Add unit tests for lxc_string_replace()
* Cherry-pick from upstream (for 4.6 kernel):
- 0002-bdev-use-correct-overlay-module-name
* Sync packaging with yakkety:
- Tweak debian/tests/exercise to skip lxc-test-ubuntu on yakkety
- Build-depend on libgnutls28-dev rather than libgnutls-dev
-- Stéphane Graber <email address hidden> Fri, 26 Aug 2016 16:31:18 -0400
-
lxc (2.0.4-0ubuntu1~ubuntu16.04.1) xenial; urgency=medium
* New upstream bugfix release (2.0.4) (LP: #1615099):
- core: Add a prefix to the lxc.pc
- core: Add flag in mount_entry to skip NODEV in case of a
persistent dev entry
- core: Add missing cgroup namespace to ns_info struct
- core: attach: setns instead of unshare in lxc-attach
- core: bdev: Add subdirectories to search path
- core: bdev: Be smarter about btrfs subvolume detection
- core: cgfsng: Don't pre-calculate path
- core: cgfsng: Fix is_lxcfs() and is_cgroupfs()
- core: cgroups: Move cgroup files to common subfolder
- core: conf: Set pty_info to NULL after free
- core: Detect if we should send SIGRTMIN+3
- core: Replace readdir_r() with readdir()
- core: Set up MTU for vlan-type interfaces.
- core: tools, tests: Reorganize repo
- c/r: Add support for CRIU's --action-script
- c/r: Add support for ghost-limit in CRIU
- c/r: Drop in-flight connections during CRIU dump
- c/r: Initialize migrate_opts properly
- c/r: Make local function static
- c/r: Replace tmpnam() with mkstemp()
- c/r: Store criu version
- c/r: Use PRIu64 format specifier
- doc: Fix typo found by lintian
- doc: Update Japanese lxc-attach(1)
- doc: Update lxc-attach(1)
- lxc-attach: Add -f option (rcfile)
- lxc-attach: Cleanup whitespaces
- lxc-create: Add missing newline in output
- lxc-ls: Use correct runtime path
- templates: alpine: Add support for new arch
- templates: alpine: Mount tmpfs under /run
- templates: debian: Add more quotes to variables (at least $rootfs
should now be covered)
- templates: debian: Avoid noisy perl warnings caused by missing locales
- templates: debian: fix regression when creating wheezy containers
- templates: debian: Make shellcheck (Ubuntu: 0.3.7-5 amd64) most
possible happy
- tests: Add unit tests for lxc_string_in_array()
- tests: Add unit tests for lxc_string_replace()
* Cherry-pick from upstream (for 4.6 kernel):
- 0002-bdev-use-correct-overlay-module-name
* Sync packaging with yakkety:
- Tweak debian/tests/exercise to skip lxc-test-ubuntu on yakkety
- Build-depend on libgnutls28-dev rather than libgnutls-dev
-- Stéphane Graber <email address hidden> Fri, 19 Aug 2016 15:32:14 -0400
-
lxc (2.0.3-0ubuntu1~ubuntu16.04.1) xenial; urgency=medium
* New upstream bugfix release (2.0.3) (LP: #1597523):
- apparmor: Refresh generated file
* New upstream bugfix release (2.0.2):
- apparmor: add make-rslave to usr.bin.lxc-start
- apparmor: Allow bind-mounts
- apparmor: Allow mount move
- apparmor: Update mount states handling
- core: Drop lxc-devsetup as unneeded by current autodev
- core: Fix redefinition of struct in6_addr
- core: Include all lxcmntent.h function declarations on Bionic
- c/r: c/r: use criu's "full" mode for cgroups
- systemd: start containers in foreground when using the lxc@.service
- templates: debian: Make sure init is installed
- templates: oracle: Fix console login
- templates: plamo: Fix various issues
- templates: ubuntu: Install apt-transport-https by default
- travis: ensure 'make install' doesn't fail
- travis: test VPATH builds
- upstart: Force lxc-instance to behave like a good Upstart client
* Tighten versioned dependencies between the various binary packages.
* Drop lxc-devsetup as it was removed upstream (unneeded with LXC 2.0).
-- Stéphane Graber <email address hidden> Wed, 29 Jun 2016 17:31:18 -0400
-
lxc (2.0.1-0ubuntu1~16.04.1) xenial; urgency=medium
* New upstream bugfix release (2.0.1) (LP: #1582887)
- apparmor: Also allow fstype=fuse for fuse filesystems
- attach: adapt lxc-attach tests & add test for pty logging
- attach: don't fail attach on failure to setup a SIGWINCH handler.
- attach: fix a variety of lxc-attach pts handling issues
- attach: switch console pty to raw mode (fixes ncurses-based programs)
- attach: use raw settings of ssh for pty
- bindings: fixed python-lxc reference to var before assignment in create()
- bindings: set PyErr when Container.init fails
- cgfsng: defer to cgfs if needed subsystems are not available
- cgfsng: don't require that systemd subsystem be mounted
- core: Added missing type to keys in lxc_list_nicconfigs
- core: Allow configuration file values to be quoted
- core: log: remove duplicate definitons and bump buffer size
- core: sync: properly fail on unexpected message sizes
- core: Unshare netns after setting the userns mappings
(fixes ownership of /proc/net)
- core: various fixes as reported by static analysis
- c/r: add an option to use faster inotify support in CRIU
- c/r: rearrange things to pass struct migrate_opts all the way down
- doc: ignore temporary files generated by doxygen
- doc: tweak manpage generation date to be compatible with
reproducible builds
- doc: update MAINTAINERS
- doc: update to translated manpages
- init: add missing lsb headers to sysvinit scripts
- init: don't make sysv init scripts dependant on distribution specifics
- init: drop obsolete syslog.target from lxc.service.in
- lxc-attach: add logging option to manpage
- lxc-checkconfig: better render when stdout isn't a terminal
- lxc-create: fix -B best option
- lxc-destroy: avoid double print
- lxc-ls: use fewer syscalls when doing ipc
- templates: Add apt-transport-https to minbase variant of Ubuntu template
- templates: fix a typo in the capabilities name for Gentoo (sys_resource)
- templates: logic fix in the Centos template for RHEL7+ support
- templates: tweak Alpine DHCP configuration to send its hostname
- templates: tweak to network configuration of the Oracle template
-- Stéphane Graber <email address hidden> Tue, 17 May 2016 17:19:58 -0400
-
lxc (2.0.0-0ubuntu2) xenial; urgency=medium
* Add a distro-info test dependency as it's needed to get information
about new Ubuntu releases. (LP: #1572188)
This is needed to fix the current autopkgtest failures.
-- Stéphane Graber <email address hidden> Tue, 19 Apr 2016 16:06:32 +0100
-
lxc (2.0.0-0ubuntu1) xenial; urgency=medium
* New upstream release (2.0.0 final)
- Upstream announcement: https://linuxcontainers.org/lxc/news
- Change from last rc:
+ Allow bypassing bdev auto detection by setting lxc.rootfs.backend
This fixes a longstanding performance issue caused by LXC having
to run through all its backends and forking sub-processes to
perform the detection.
* Make new lintian happy:
- Bump to 3.9.7 standards
- Update git URL to https
- Override systemd Documentation field warning (upstream units)
-- Stéphane Graber <email address hidden> Wed, 06 Apr 2016 14:42:39 -0400
-
lxc (2.0.0~rc15-0ubuntu1) xenial; urgency=medium
* New upstream release (2.0.0~rc15)
- lxc-debian: Update supported release names
- lxc-ubuntu: Fix building on secondary architectures
- Update .gitignore for *.so.*
- Use smarter error handling for lxc_strmmap()
- Use common lxc ordering for included headers
- Fix possible buffer overflow strncat only returns its first
argument and not the end of the written string. Thus "buf-pos" is always
0 and consquently no range check is performed.
- Use snprintf instead of strncat
- CRIU: Support using the CRIU page server for faster migrations.
This optimization isn't used by default, it requires a custom liblxc1
client.
- Fix buffer overflow in do_start()
- Fixed indentation and comments
* Drop previously cherry-picked change, now upstream.
-- Stéphane Graber <email address hidden> Thu, 31 Mar 2016 18:14:44 -0400
-
lxc (2.0.0~rc14-0ubuntu2) xenial; urgency=medium
* Cherry-pick tentative upstream fix:
- lxc-ubuntu: Fix building on secondary architectures
-- Stéphane Graber <email address hidden> Wed, 30 Mar 2016 01:29:09 -0400
-
lxc (2.0.0~rc14-0ubuntu1) xenial; urgency=medium
* New upstream release (2.0.0~rc14)
- open_without_symlink: Don't SYSERROR on something else than ELOOP
- lxc-busybox: Touch /etc/fstab in the container rootfs
- lxc.spec.in: fixed hardcoded path to lxc-net config file
- sync: add LXC_SYNC_ERROR to report errors from another process.
- start: use LXC_SYNC_ERROR to report errors.
- lxc-busybox: Remove warning for dynamically linked Busybox
- utils: split null_stdfds() to open_devnull() and set_stdfds()
- start: open /dev/null from "host" /dev
- Fix installation of out-of-tree (VPATH) builds
- Timezone inside the container is not the same as the host
- use httpredir.debian.org as the default Debian mirror
- always provide a default mirror for debootstraping Ubuntu
- only enable Debian's main repository by default
- start: only use host's /dev/null when absolutely necessary
- add funs to mmap() files to \0-terminated strings
- use lxc_mmap() and lxc_munmap()
- better naming for mmap helpers
-- Stéphane Graber <email address hidden> Tue, 29 Mar 2016 21:35:55 -0400
-
lxc (2.0.0~rc13-0ubuntu2) xenial; urgency=medium
* Fix the bash completion profiles.
Now that it's in /usr/share, we need it to match the command name,
so rename the main profile to lxc1 and add a symlink for each supported
command.
-- Stéphane Graber <email address hidden> Wed, 23 Mar 2016 13:17:02 -0400
-
lxc (2.0.0~rc13-0ubuntu1) xenial; urgency=medium
* New usptream release (2.0.0~rc13)
- c/r: don't pass --ext-mount-map flag when console=none
- c/r: don't fail if there is no console_fd on restore
- lxc-checkpoint: make things static when they can be
- c/r: rename restore & friends to __criu_restore
-- Stéphane Graber <email address hidden> Tue, 22 Mar 2016 17:24:32 -0400
-
lxc (2.0.0~rc12-0ubuntu1) xenial; urgency=medium
* New upstream release (2.0.0~rc12)
- c/r: print criu's stdout when it fails
- c/r: log the exact command we exec
-- Stéphane Graber <email address hidden> Mon, 21 Mar 2016 16:48:24 -0400
-
lxc (2.0.0~rc11-0ubuntu1) xenial; urgency=medium
* New upstream release (2.0.0~rc11)
- download: Bump to compat level 3
- autodev: don't always create /dev/console
- cgfsng: two fixes for cgroup-full
- use hierarchy base path not just controller cgroup
- cgroups: try to load cgmanager first
- implement lxc.mount.auto = cgroup for cgfsng
- Prevent access to pci devices
- nesting: remove the nesting hint from configuration templates
- nesting: document how to enable nesting in container configurations
- c/r: drop lxc.console=none config requirement
- criu: hide more stuff in criu.c
-- Stéphane Graber <email address hidden> Thu, 17 Mar 2016 23:26:54 -0400
-
lxc (2.0.0~rc10-0ubuntu2) xenial; urgency=medium
* Re-order the systemd | cgroup-lite dependency to be
cgroup-lite | systemd instead.
Systems using systemd will already have it installed, satisfying the
condition and systems that don't have it installed want cgroup-lite
pulled in instead of systemd.
-- Stéphane Graber <email address hidden> Fri, 11 Mar 2016 12:07:21 -0500
-
lxc (2.0.0~rc10-0ubuntu1) xenial; urgency=medium
* New upstream release (2.0.0~rc10)
- Improve the lxc-attach tests
- Make the exec_criu function static
- cgfsng: Fix cgroup_escape for CRIU
- cgfsng: Return the cgroup path, not the full mounted path
- cgfsng: Fix mode of tasks and procs
- cgfsng: Fix cgroup removal on stop
-- Stéphane Graber <email address hidden> Fri, 11 Mar 2016 01:19:24 -0500
-
lxc (2.0.0~rc9-0ubuntu1) xenial; urgency=medium
* New upstream release (2.0.0~rc9)
- cgfsng: Fix bad readline length.
- cgfsng: Workaround issue with small size reallocs on i386.
- cgfsng: Make sure a cgroup does not already exist.
-- Stéphane Graber <email address hidden> Wed, 09 Mar 2016 03:06:27 -0500
-
lxc (2.0.0~rc8-0ubuntu1) xenial; urgency=medium
* New upstream release (2.0.0~rc7)
- Prevent writes to /sys/kernel/debug
- Fix debug output from cgfsng
- Set clone_children to 1 in cgfsng (fixes adt)
-- Stéphane Graber <email address hidden> Tue, 08 Mar 2016 17:47:24 -0500
-
lxc (2.0.0~rc7-0ubuntu1) xenial; urgency=medium
* New upstream release (2.0.0~rc6)
- Fix upstream tarball to include lxc-devsetup
-- Stéphane Graber <email address hidden> Mon, 07 Mar 2016 18:52:29 -0500
-
lxc (2.0.0~rc5-0ubuntu1) xenial; urgency=medium
* New usptream release (2.0.0~rc5)
- Fix a number of cgfs issues (LP: #1549363, LP: #1543697, LP: #1552355)
- Fix attach failing to allocate a tty (LP: #1551960)
- Fix LXC rebooting the container despite post-stop failure
- Fix lxc-copy output (LP: #1551935)
- Documentation, manpagen and manpage translations update
- Update to the plamo template
-- Stéphane Graber <email address hidden> Thu, 03 Mar 2016 11:05:25 -0500
-
lxc (2.0.0~rc4-0ubuntu1) xenial; urgency=medium
* New usptream release (2.0.0~rc4)
- Various cgfs fixes
- Updated documentation
-- Stéphane Graber <email address hidden> Fri, 26 Feb 2016 22:38:43 -0500
-
lxc (2.0.0~rc3-0ubuntu3) xenial; urgency=medium
* Tweak the apparmor part of the lxc postinst:
- Allow loading on systems without mount mediation (precise backport)
- Always wipe the apparmor cache before reloading the profiles.
-- Stéphane Graber <email address hidden> Fri, 26 Feb 2016 01:45:48 -0500
-
lxc (2.0.0~rc3-0ubuntu2) xenial; urgency=medium
* Cherry-pick bugfix from upstream:
- cgfs: make sure we use valid cgroup mountpoints
-- Stéphane Graber <email address hidden> Thu, 25 Feb 2016 14:40:08 -0500
-
lxc (2.0.0~rc3-0ubuntu1) xenial; urgency=medium
* New upstream release (2.0.0~rc3)
- Make the cgfs backend and cgns work without cgmanager
- Manpage updates
- Mark lxc-clone and lxc-start-ephemeral deprecated (still included)
* Set --enable-deprecated so we still ship lxc-clone and lxc-start-ephemeral
-- Stéphane Graber <email address hidden> Wed, 24 Feb 2016 21:16:50 -0500
-
lxc (2.0.0~rc2-0ubuntu3) xenial; urgency=medium
* Use versioned dependencies against the various binary packages.
* Update lxc-templates to depend on lxc1 not lxc. (LP: #1549136)
* Move the lxcfs recommends from lxc-templates to liblxc1.
* Drop cgmanager, use the cgfs backend instead.
* Have liblxc1 depend on systemd | cgroup-lite for cgfs backend.
-- Stéphane Graber <email address hidden> Wed, 24 Feb 2016 11:34:25 -0500
-
lxc (2.0.0~rc2-0ubuntu2) xenial; urgency=medium
* Fix apparmor profile loading order.
-- Stéphane Graber <email address hidden> Mon, 22 Feb 2016 17:24:44 -0500
-
lxc (2.0.0~rc2-0ubuntu1) xenial; urgency=medium
* New upstream snapshot (2.0.0~rc2)
- Support upstream Linux cgns. (LP: #1548440)
* Move bash completion profile to /usr/share/bash-completion
* Update a bunch of lintian overrides
* Update packaging for the LTS
- Drop lxc-dbg in favor of the dbgsym packages
- Introduce a new lxc1 package for the old command line tools
- Turn the lxc package into a transitional package to lxc1
- Introduce a new lxc-common package for all the bits needed by liblxc1
- Move apparmor, selinux and binary helpers from lxc to lxc-common
- Make lxc-dev depend on liblxc1 rather than lxc
- Move the hooks and template configs from lxc to lxc-templates
All this moving around of files and new packages will not affect the
functionality of any existing system, nor the behavior of "apt-get
install lxc". It will however make it possible for LXD to provide a new
"lxc2" package which will install a LXD-only experience.
-- Stéphane Graber <email address hidden> Fri, 19 Feb 2016 23:16:23 -0500
-
lxc (2.0.0~rc1-0ubuntu1) xenial; urgency=medium
* New upstream snapshot (2.0.0~beta2)
- Drop all patches except for the fix for LP: #1509414
* Add logic to fix bash completion on 12.04 backports.
-- Stéphane Graber <email address hidden> Thu, 18 Feb 2016 12:32:36 -0500
-
lxc (2.0.0~beta2-0ubuntu2) xenial; urgency=medium
* Cherry-pick upstream bugfix for lxc-ls behavior.
This should fix the current juju test regression.
-- Stéphane Graber <email address hidden> Tue, 02 Feb 2016 14:53:40 +0100
-
lxc (2.0.0~beta2-0ubuntu1) xenial; urgency=medium
* New upstream snapshot (2.0.0~beta2)
- Drop all patches except for the fix for LP: #1509414
-- Stéphane Graber <email address hidden> Mon, 01 Feb 2016 17:25:03 +0100
-
lxc (1.1.5-0ubuntu6) xenial; urgency=medium
* Switch recommends from libpam-cgm to libpam-cgfs.
-- Serge Hallyn <email address hidden> Fri, 29 Jan 2016 11:32:16 +0100
-
lxc (1.1.5-0ubuntu5) xenial; urgency=medium
* No-change rebuild to drop python3.4 support.
-- Matthias Klose <email address hidden> Tue, 19 Jan 2016 13:33:28 +0000
-
lxc (1.1.5-0ubuntu4) xenial; urgency=medium
* Add libpam-cgm to Recommends
* Cherrypick upstream patches to support starting containers when not all
cgroups are writeable.
* Cherrypick upstream patch to avoid null dereference in failure case.
-- Serge Hallyn <email address hidden> Tue, 12 Jan 2016 18:01:07 -0800
-
lxc (1.1.5-0ubuntu3) xenial; urgency=medium
* Cherry-pick from upstream:
- Fix preserve_ns to work on < 3.8 kernels. (LP: #1516971)
- Fix process title rewrite to not mangle the environment. (LP: #1517107)
-- Stéphane Graber <email address hidden> Wed, 18 Nov 2015 13:30:41 -0500
-
lxc (1.1.5-0ubuntu2) xenial; urgency=medium
* Cherry-pick from upstream:
- Fix ubuntu-cloud template to detect compression algorithm instead
of hardcoding xz. Also update list of supported releases and use trusty
as the fallback release. (LP: #1515463)
* Update lxc-tests description to make it clear that this package is
meant to be used by developers and by automated testing.
-- Stéphane Graber <email address hidden> Fri, 13 Nov 2015 12:05:36 -0500
-
lxc (1.1.5-0ubuntu1) xenial; urgency=medium
* New upstream bugfix release (1.1.5)
(LP: #1514558, LP: #1497420, LP: #1466458, LP: #1510619)
* Drop proxy detection from the autopkgtest exercise script.
-- Stéphane Graber <email address hidden> Mon, 09 Nov 2015 14:22:16 -0500
-
lxc (1.1.4-0ubuntu3) xenial; urgency=medium
* Revert previous upload as we now have a NetworkManager fix!
-- Stéphane Graber <email address hidden> Tue, 03 Nov 2015 15:47:55 -0500
-
lxc (1.1.4-0ubuntu2) xenial; urgency=medium
* Add a workaround for the broken NetworkManager which breaks lxcbr0
from under us. (LP: #1512749)
-- Stéphane Graber <email address hidden> Tue, 03 Nov 2015 12:05:10 -0500
-
lxc (1.1.4-0ubuntu1.1) wily-proposed; urgency=medium
* lxc-net init script: update to select the default lxc bridge network
at first service start time rather than install time. (LP: #1509414)
* lxc-net init script: also move cleanup() definition as it was undefined
when called after failed dnsmasq.
* lxc.preinst:
- remove code for writing /etc/default/lxc-net (moved to lxc-net service)
- add code removing just the known-potentially-bad /etc/default/lxc-net
- if user had deleted /etc/default/lxc-net (intending to disable lxcbr0),
honor that by creating one which says not to use lxcbr0.
-- Serge Hallyn <email address hidden> Fri, 23 Oct 2015 19:29:23 -0500
-
lxc (1.1.4-0ubuntu1) wily; urgency=medium
* New upstream bugfix release (1.1.4)
- This fixes CVE-2015-1335 (LP: #1476662)
- Detailed changelog at: https://linuxcontainers.org/lxc/news
-- Stéphane Graber <email address hidden> Tue, 06 Oct 2015 15:45:15 +0100
