-
ubuntu-core-launcher (1.0.30ubuntu1) yakkety; urgency=medium
* Fix the Breaks/Replaces, to stop this wreaking havoc on autopkgtest
testbed upgrades.
-- Martin Pitt <email address hidden> Wed, 22 Jun 2016 23:35:33 +0200
-
ubuntu-core-launcher (1.0.30) yakkety; urgency=medium
[ Zygmunt Krynicki ]
* Rename the package and everything else from ubuntu-core-launcher to
snap-confine
* Allow for graceful migrations from ubuntu-core-launcher to snap-confine by
providing both commands as binary packages, with proper dependencies and
post-installation scripts that manage apparmor profile changes.
* Discard the useless duplicate argument. Now snap-confine is invoked with
'snap-name $SECURITY_TAG $COMMAND...'. Previously, security tag was
duplicated. In the future this will change once again, so that security
tag is derived from an argument containing $SNAP_NAME and $APP_NAME.
* Clean up tests so that shellcheck reports no more errors or warnings
* Ensure that shellcheck reports no errors on each build
* Add #DEBHELPER# to maintainer scripts (thanks to lintian)
* Switch to autotools, build-depend on pkg-config, autotools-dev, autoconf
and automake (thanks to ogra for the missing bits).
* Use "dh $@ --with autoreconf" to prepare the build system.
* Change unreleased version back to 1.0.x after discussion with Michael Vogt.
* Don't mark ubuntu-core-launcher as transitional (it isn't yet).
* Move rm_conffile to ubuntu-core-launcher.maintscript, remove the now-empty
postrm and preinst scripts.
* Enable hardening options for snap-confine
* Build-depend on udev, use udevlibdir instead of hardcoding /lib/udev
* Rename executable to snap-confine, to fit the new execution model.
* Update Vcs-Git pointer to point to
https://github.com/snapcore/snap-confine
* Make ubuntu-core-launcher a symlink to snap-confine
* Bump version to 1.0.30
* SRU for Ubuntu (LP: #1593396)
[ Steve Langasek ]
* Update Standards-Version.
* Add lintian override for suid binary.
[ Jamie Strandboge ]
* debian/usr.bin.snap-confine: allow access to ecryptfs lower files
(LP: #1574556, LP: #1592696)
* chdir() to '/' before setting up private /tmp so private /tmp works when
user is in /tmp (LP: #1592402)
-- Michael Vogt <email address hidden> Fri, 17 Jun 2016 09:03:32 +0200
-
ubuntu-core-launcher (1.0.29+2) unstable; urgency=medium
[ Zygmunt Krynicki ]
* Rename the package and everything else from ubuntu-core-launcher to
snap-run
* Allow for graceful migrations from ubuntu-core-launcher to snap-run by
providing both commands as binary packages, with proper dependencies and
post-installation scripts that manage apparmor profile changes.
* Discard the useless duplicate argument. Now snap-run is invoked with
'snap-name $SECURITY_TAG $COMMAND...'. Previously, security tag was
duplicated. In the future this will change once again, so that security
tag is derived from an argument containing $SNAP_NAME and $APP_NAME.
* Clean up tests so that shellcheck reports no more errors or warnings
* Ensure that shellcheck reports no errors on each build
* Add #DEBHELPER# to maintainer scripts (thanks to lintian)
* Switch to autotools, build-depend on pkg-config, autotools-dev, autoconf
and automake (thanks to ogra for the missing bits).
* Use "dh $@ --with autoreconf" to prepare the build system.
* Rename executable to snap-confine, to fit the new execution model.
[ Steve Langasek ]
* Update Standards-Version.
* Add lintian override for suid binary.
[ Zygmunt Krynicki ]
* Change unreleased version back to 1.0.x after discussion with Michael Vogt.
* Don't mark ubuntu-core-launcher as transitional (it isn't yet).
* Move rm_conffile to ubuntu-core-launcher.maintscript, remove the now-empty
postrm and preinst scripts.
* Enable hardening options for snap-confine
* Build-depend on udev, use udevlibdir instead of hardcoding /lib/udev
[ Steve Langasek ]
* Don't call --enable-rootfs-is-core-snap on Debian.
* Build with --disable-confinement for Debian, since Debian apparmor
support doesn't meet snap requirements.
* Revert package rename temporarily, to avoid a NEW roundtrip in Debian.
* Don't ignore errors from maintainer script.
-- Steve Langasek <email address hidden> Mon, 13 Jun 2016 22:11:07 +0000
-
ubuntu-core-launcher (1.0.29+1ubuntu1) yakkety; urgency=medium
* debian/usr.bin.ubuntu-core-launcher: add a couple more workaround rules
for ecryptfs (LP: #1592696)
-- Jamie Strandboge <email address hidden> Thu, 16 Jun 2016 09:02:53 +0300
-
ubuntu-core-launcher (1.0.29+1) unstable; urgency=medium
* Initial Debian upload.
* Update Standards-Version.
* Adjust package description; this is not just for running apps on Ubuntu
systems.
* Add several lintian overrides.
* Include dpkg-buildflags CPPFLAGS, not just CFLAGS, to get libc fortify
support.
* Update Vcs-Bzr for this source's branch.
-- Steve Langasek <email address hidden> Sun, 22 May 2016 06:15:24 +0000
-
ubuntu-core-launcher (1.0.29) yakkety; urgency=medium
* debian/usr.bin.ubuntu-core-launcher: add workaround rules for ecryptfs
until the upcoming kernel fix lands everywhere (LP: #1574556)
-- Jamie Strandboge <email address hidden> Tue, 10 May 2016 12:10:35 -0500
-
ubuntu-core-launcher (1.0.28) yakkety; urgency=medium
* SECURITY UPDATE: delayed attack snap data theft and privilege escalation
when using Snappy on traditional Ubuntu (classic) systems (LP: #1576699)
- src/main.c: remove glob code and hardcode /snap/ubuntu-core/current
instead. The glob code both used an improper glob and performed an
incorrect check due to a typo which allowed a snap named ubuntu-core-...
to be bind mounted into application runtimes instead of the ubuntu-core
OS snap. Ubuntu Core removed .<origin> and .sideload from the SNAP path
so the glob can simply be dropped.
- CVE-2016-1580
* debian/usr.bin.ubuntu-core-launcher:
- only allow mounting /snap/ubuntu-core/*/... to safeguard against this in
the future
- add lib32 and libx32 to match setup_snappy_os_mounts()
-- Jamie Strandboge <email address hidden> Fri, 29 Apr 2016 11:17:42 -0500
-
ubuntu-core-launcher (1.0.27) xenial; urgency=medium
* src/main.c:
- don't prepend snap. or snap_ since snapd is doing that for us now
(LP: #1571048)
- make whitelist_re strictly follow the 16.04 specification and adjust
testsuite accordingly
* debian/usr.bin.ubuntu-core-launcher: add locale and gconv reads for tr
ubuntu-core-launcher (1.0.26) xenial; urgency=medium
* src/main.c: allow caps in appname (LP: #1570914)
-- Jamie Strandboge <email address hidden> Fri, 15 Apr 2016 15:22:05 -0500