[ubuntu/focal-updates] snapd 2.61.3+20.04 (Accepted)
Timo Aaltonen
tjaalton at ubuntu.com
Wed Mar 27 09:33:28 UTC 2024
snapd (2.61.3+20.04) focal; urgency=medium
* New upstream release, LP: #2039017
- Install systemd files in correct location for 24.04
snapd (2.61.2) xenial; urgency=medium
* New upstream release, LP: #2039017
- Fix to enable plug/slot sanitization for prepare-image
- Fix panic when device-service.access=offline
- Support offline remodeling
- Allow offline update only remodels without serial
- Fail early when remodeling to old model revision
- Fix to enable plug/slot sanitization for validate-seed
- Allow removal of core snap on classic systems
- Fix network-control interface denial for file lock on /run/netns
- Add well-known core24 snap-id
- Fix remodel snap installation order
- Prevent remodeling from UC18+ to UC16
- Fix cups auto-connect on classic with cups snap installed
- u2f-devices interface support for GoTrust Idem Key with USB-C
- Fix to restore services after unlink failure
- Add libcudnn.so to Nvidia libraries
- Fix skipping base snap download due to false snapd downgrade
conflict
snapd (2.61.1) xenial; urgency=medium
* New upstream release, LP: #2024007
- Stop requiring default provider snaps on image building and first
boot if alternative providers are included and available
- Fix auth.json access for login as non-root group ID
- Fix incorrect remodelling conflict when changing track to older
snapd version
- Improved check-rerefresh message
- Fix UC16/18 kernel/gadget update failure due volume mismatch with
installed disk
- Stop auto-import of assertions during install modes
- Desktop interface exposes GetIdletime
- Polkit interface support for new polkit versions
- Fix not applying snapd snap changes in tracked channel when remodelling
snapd (2.61) xenial; urgency=medium
* New upstream release, LP: #2039017
- Fix control of activated services in 'snap start' and 'snap stop'
- Correctly reflect activated services in 'snap services'
- Disabled services are no longer enabled again when snap is
refreshed
- interfaces/builtin: added support for Token2 U2F keys
- interfaces/u2f-devices: add Swissbit iShield Key
- interfaces/builtin: update gpio apparmor to match pattern that
contains multiple subdirectories under /sys/devices/platform
- interfaces: add a polkit-agent interface
- interfaces: add pcscd interface
- Kernel command-line can now be edited in the gadget.yaml
- Only track validation-sets in run-mode, fixes validation-set
issues on first boot.
- Added support for using store.access to disable access to snap
store
- Support for fat16 partition in gadget
- Pre-seed authority delegation is now possible
- Support new system-user name daemon
- Several bug fixes and improvements around remodelling
- Offline remodelling support
snapd (2.60.4) xenial; urgency=medium
* New upstream release, LP: #2024007
- i/b/qualcomm_ipc_router.go: switch to plug/slot and add socket
permission
- interfaces/builtin: fix custom-device udev KERNEL values
- overlord: allow the firmware-updater snap to install user daemons
- interfaces: allow loopback as a block-device
snapd (2.60.3) xenial; urgency=medium
* New upstream release, LP: #2024007
- i/b/shared-memory: handle "private" plug attribute in shared-
memory interface correctly
- i/apparmor: support for home.d tunables from /etc/
snapd (2.60.2) xenial; urgency=medium
* New upstream release, LP: #2024007
- i/builtin: allow directories in private /dev/shm
- i/builtin: add read access to /proc/task/schedstat in system-
observe
- snap-bootstrap: print version information at startup
- go.mod: update gopkg.in/yaml.v3 to v3.0.1 to fix CVE-2022-28948
- snap, store: filter out invalid snap edited links from store info
and persisted state
- o/configcore: write netplan defaults to 00-snapd-config on seeding
- snapcraft.yaml: pull in apparmor_parser optimization patches from
https://gitlab.com/apparmor/apparmor/-/merge_requests/711
- snap-confine: fix missing \0 after readlink
- cmd/snap: hide append-integrity-data
- interfaces/opengl: add support for ARM Mali
snapd (2.60.1) xenial; urgency=medium
* New upstream release, LP: #2024007
- install: fallback to lazy unmount() in writeFilesystemContent
- data: include "modprobe.d" and "modules-load.d" in preseeded blob
- gadget: fix install test on armhf
- interfaces: fix typo in network_manager_observe
- sandbox/apparmor: don't let vendored apparmor conflict with system
- gadget/update: set parts in laid out data from the ones matched
- many: move SnapConfineAppArmorDir from dirs to sandbox/apparmor
- many: stop using `-O no-expr-simplify` in apparmor_parser
- go.mod: update secboot to latest uc22 branch
snapd (2.60) xenial; urgency=medium
* New upstream release, LP: #2024007
- Support for dynamic snapshot data exclusions
- Apparmor userspace is vendored inside the snapd snap
- Added a default-configure hook that exposes gadget default
configuration options to snaps during first install before
services are started
- Allow install from initrd to speed up the initial installation
for systems that do not have a install-device hook
- New `snap sign --chain` flag that appends the account and
account-key assertions
- Support validation-sets in the model assertion
- Support new "min-size" field in gadget.yaml
- New interface: "userns"
snapd (2.59.5) xenial; urgency=medium
* New upstream release, LP: #2009946
- Explicitly disallow the use of ioctl + TIOCLINUX
This fixes CVE-2023-1523.
snapd (2.59.4) xenial; urgency=medium
* New upstream release, LP: #2009946
- Retry when looking for disk label on non-UEFI systems
(LP: #2018977)
- Fix remodel from UC20 to UC22
snapd (2.59.3) xenial; urgency=medium
* New upstream release, LP: #2009946
- Fix quiet boot
- i/b/physical_memory_observe: allow reading virt-phys page mappings
- gadget: warn instead of returning error if overlapping with GPT
header
- overlord,wrappers: restart always enabled units
- go.mod: update github.com/snapcore/secboot to latest uc22
- boot: make sure we update assets for the system-seed-null role
- many: ignore case for vfat partitions when validating
snapd (2.59.2) xenial; urgency=medium
* New upstream release, LP: #2009946
- Notify users when a user triggered auto refresh finished
snapd (2.59.1) xenial; urgency=medium
* New upstream release, LP: #2009946
- Add udev rules from steam-devices to steam-support interface
- Bugfixes for layout path checking, dm_crypt permissions,
mount-control interface parameter checking, kernel commandline
parsing, docker-support, refresh-app-awareness
snapd (2.59) xenial; urgency=medium
* New upstream release, LP: #2009946
- Support setting extra kernel command line parameters via snap
configuration and under a gadget allow-list
- Support for Full-Disk-Encryption using ICE
- Support for arbitrary home dir locations via snap configuration
- New nvidia-drivers-support interface
- Support for udisks2 snap
- Pre-download of snaps ready for refresh and automatic refresh of
the snap when all apps are closed
- New microovn interface
- Support uboot with `CONFIG_SYS_REDUNDAND_ENV=n`
- Make "snap-preseed --reset" re-exec when needed
- Update the fwupd interface to support fully confined fwupd
- The memory,cpu,thread quota options are no longer experimental
- Support debugging snap client requests via the
`SNAPD_CLIENT_DEBUG_HTTP` environment variable
- Support ssh listen-address via snap configuration
- Support for quotas on single services
- prepare-image now takes into account snapd versions going into
the image, including in the kernel initrd, to fetch supported
assertion formats
snapd (2.58.3) xenial; urgency=medium
* New upstream release, LP: #1998462
- interfaces/screen-inhibit-control: Add support for xfce-power-
manager
- interfaces/network-manager: do not show ptrace read
denials
- interfaces: relax rules for mount-control `what` for functionfs
- cmd/snap-bootstrap: add support for snapd_system_disk
- interfaces/modem-manager: add net_admin capability
- interfaces/network-manager: add permission for OpenVPN
- httputil: fix checking x509 certification error on go 1.20
- i/b/fwupd: allow reading host os-release
- boot: on classic+modes `MarkBootSuccessfull` does not need a base
- boot: do not include `base=` in modeenv for classic+modes installs
- tests: add spread test that validates revert on boot for core does
not happen on classic+modes
- snapstate: only take boot participants into account in
UpdateBootRevisions
- snapstate: refactor UpdateBootRevisions() to make it easier to
check for boot.SnapTypeParticipatesInBoot()
snapd (2.58.2) xenial; urgency=medium
* New upstream release, LP: #1998462
- bootloader: fix dirty build by hardcoding copyright year
snapd (2.58.1) xenial; urgency=medium
* New upstream release, LP: #1998462
- secboot: detect lockout mode in CheckTPMKeySealingSupported
- cmd/snap-update-ns: prevent keeping unneeded mountpoints
- o/snapstate: do not infinitely retry when an update fails during
seeding
- interfaces/modem-manager: add permissions for NETLINK_ROUTE
- systemd/emulation.go: use `systemctl --root` to enable/disable
- snap: provide more error context in `NotSnapError`
- interfaces: add read access to /run for cryptsetup
- boot: avoid reboot loop if there is a bad try kernel
- devicestate: retry serial acquire on time based certificate
errors
- o/devicestate: run systemctl daemon-reload after install-device
hook
- cmd/snap,daemon: add 'held' to notes in 'snap list'
- o/snapshotstate: check snapshots are self-contained on import
- cmd/snap: show user+gating hold info in 'snap info'
- daemon: expose user and gating holds at /v2/snaps/{name}
Date: 2024-03-12 15:26:09.420523+00:00
Changed-By: Ernest Lotter <ernest.lotter at canonical.com>
Signed-By: Timo Aaltonen <tjaalton at ubuntu.com>
https://launchpad.net/ubuntu/+source/snapd/2.61.3+20.04
-------------- next part --------------
Sorry, changesfile not available.
More information about the Focal-changes
mailing list