[ubuntu/jammy-security] snapd 2.63+22.04ubuntu0.1 (Accepted)
Alex Murray
alex.murray at canonical.com
Thu Aug 1 05:21:16 UTC 2024
snapd (2.63+22.04ubuntu0.1) jammy-security; urgency=medium
* SECURITY UPDATE: sandbox escape via $HOME/bin
- interfaces/builtin/home: explicitly deny writing to @{HOME}/bin
- CVE-2024-1724
* SECURITY UPDATE: denial-of-service via crafted files in squashfs image
- snap, snapdir, squashfs: improve validation of target file
mode/types
- CVE-2024-29068
* SECURITY UPDATE: information disclosure via crafted symlinks in
squashfs image
- snap, snapdir, squashfs: improve external symlink validation
- CVE-2024-29069
* Fix FTBFS due to missing systemd from Build-Depends
- debian/control: add systemd to Build-Depends to ensure pkg-config
can find the systemdutildir to install into
snapd (2.63+22.04) jammy; urgency=medium
* New upstream release, LP: #2061179
- Support for snap services to show the current status of user
services (experimental)
- Refresh app awareness: record snap-run-inhibit notice when
starting app from snap that is busy with refresh (experimental)
- Refresh app awareness: use warnings as fallback for desktop
notifications (experimental)
- Aspect based configuration: make request fields in the aspect-
bundle's rules optional (experimental)
- Aspect based configuration: make map keys conform to the same
format as path sub-keys (experimental)
- Aspect based configuration: make unset and set behaviour similar
to configuration options (experimental)
- Aspect based configuration: limit nesting level for setting value
(experimental)
- Components: use symlinks to point active snap component revisions
- Components: add model assertion support for components
- Components: fix to ensure local component installation always gets
a new revision number
- Add basic support for a CIFS remote filesystem-based home
directory
- Add support for AppArmor profile kill mode to avoid snap-confine
error
- Allow more than one interface to grant access to the same API
endpoint or notice type
- Allow all snapd service's control group processes to send systemd
notifications to prevent warnings flooding the log
- Enable not preseeded single boot install
- Update secboot to handle new sbatlevel
- Fix to not use cgroup for non-strict confined snaps (devmode,
classic)
- Fix two race conditions relating to freedesktop notifications
- Fix missing tunables in snap-update-ns AppArmor template
- Fix rejection of snapd snap udev command line by older host snap-
device-helper
- Rework seccomp allow/deny list
- Clean up files removed by gadgets
- Remove non-viable boot chains to avoid secboot failure
- posix_mq interface: add support for missing time64 mqueue syscalls
mq_timedreceive_time64 and mq_timedsend_time64
- password-manager-service interface: allow kwalletd version 6
- kubernetes-support interface: allow SOCK_SEQPACKET sockets
- system-observe interface: allow listing systemd units and their
properties
- opengl interface: enable use of nvidia container toolkit CDI
config generation
snapd (2.62) xenial; urgency=medium
* New upstream release, LP: #2058277
- Aspects based configuration schema support (experimental)
- Refresh app awareness support for UI (experimental)
- Support for user daemons by introducing new control switches
--user/--system/--users for service start/stop/restart
(experimental)
- Add AppArmor prompting experimental flag (feature currently
unsupported)
- Installation of local snap components of type test
- Packaging of components with snap pack
- Expose experimental features supported/enabled in snapd REST API
endpoint /v2/system-info
- Support creating and removing recovery systems for use by factory
reset
- Enable API route for creating and removing recovery systems using
/v2/systems with action create and /v2/systems/{label} with action
remove
- Lift requirements for fde-setup hook for single boot install
- Enable single reboot gadget update for UC20+
- Allow core to be removed on classic systems
- Support for remodeling on hybrid systems
- Install desktop files on Ubuntu Core and update after snapd
upgrade
- Upgrade sandbox features to account for cgroup v2 device filtering
- Support snaps to manage their own cgroups
- Add support for AppArmor 4.0 unconfined profile mode
- Add AppArmor based read access to /etc/default/keyboard
- Upgrade to squashfuse 0.5.0
- Support useradd utility to enable removing Perl dependency for
UC24+
- Support for recovery-chooser to use console-conf snap
- Add support for --uid/--gid using strace-static
- Add support for notices (from pebble) and expose via the snapd
REST API endpoints /v2/notices and /v2/notice
- Add polkit authentication for snapd REST API endpoints
/v2/snaps/{snap}/conf and /v2/apps
- Add refresh-inhibit field to snapd REST API endpoint /v2/snaps
- Add refresh-inhibited select query to REST API endpoint /v2/snaps
- Take into account validation sets during remodeling
- Improve offline remodeling to use installed revisions of snaps to
fulfill the remodel revision requirement
- Add rpi configuration option sdtv_mode
- When snapd snap is not installed, pin policy ABI to 4.0 or 3.0 if
present on host
- Fix gadget zero-sized disk mapping caused by not ignoring zero
sized storage traits
- Fix gadget install case where size of existing partition was not
correctly taken into account
- Fix trying to unmount early kernel mount if it does not exist
- Fix restarting mount units on snapd start
- Fix call to udev in preseed mode
- Fix to ensure always setting up the device cgroup for base bare
and core24+
- Fix not copying data from newly set homedirs on revision change
- Fix leaving behind empty snap home directories after snap is
removed (resulting in broken symlink)
- Fix to avoid using libzstd from host by adding to snapd snap
- Fix autorefresh to correctly handle forever refresh hold
- Fix username regex allowed for system-user assertion to not allow
'+'
- Fix incorrect application icon for notification after autorefresh
completion
- Fix to restart mount units when changed
- Fix to support AppArmor running under incus
- Fix case of snap-update-ns dropping synthetic mounts due to
failure to match desired mount dependencies
- Fix parsing of base snap version to enable pre-seeding of Ubuntu
Core Desktop
- Fix packaging and tests for various distributions
- Add remoteproc interface to allow developers to interact with
Remote Processor Framework which enables snaps to load firmware to
ARM Cortex microcontrollers
- Add kernel-control interface to enable controlling the kernel
firmware search path
- Add nfs-mount interface to allow mounting of NFS shares
- Add ros-opt-data interface to allow snaps to access the host
/opt/ros/ paths
- Add snap-refresh-observe interface that provides refresh-app-
awareness clients access to relevant snapd API endpoints
- steam-support interface: generalize Pressure Vessel root paths and
allow access to driver information, features and container
versions
- steam-support interface: make implicit on Ubuntu Core Desktop
- desktop interface: improved support for Ubuntu Core Desktop and
limit autoconnection to implicit slots
- cups-control interface: make autoconnect depend on presence of
cupsd on host to ensure it works on classic systems
- opengl interface: allow read access to /usr/share/nvidia
- personal-files interface: extend to support automatic creation of
missing parent directories in write paths
- network-control interface: allow creating /run/resolveconf
- network-setup-control and network-setup-observe interfaces: allow
busctl bind as required for systemd 254+
- libvirt interface: allow r/w access to /run/libvirt/libvirt-sock-
ro and read access to /var/lib/libvirt/dnsmasq/**
- fwupd interface: allow access to IMPI devices (including locking
of device nodes), sysfs attributes needed by amdgpu and the COD
capsule update directory
- uio interface: allow configuring UIO drivers from userspace
libraries
- serial-port interface: add support for NXP Layerscape SoC
- lxd-support interface: add attribute enable-unconfined-mode to
require LXD to opt-in to run unconfined
- block-devices interface: add support for ZFS volumes
- system-packages-doc interface: add support for reading jquery and
sphinx documentation
- system-packages-doc interface: workaround to prevent autoconnect
failure for snaps using base bare
- microceph-support interface: allow more types of block devices to
be added as an OSD
- mount-observe interface: allow read access to
/proc/{pid}/task/{tid}/mounts and proc/{pid}/task/{tid}/mountinfo
- polkit interface: changed to not be implicit on core because
installing policy files is not possible
- upower-observe interface: allow stats refresh
- gpg-public-keys interface: allow creating lock file for certain
gpg operations
- shutdown interface: allow access to SetRebootParameter method
- media-control interface: allow device file locking
- u2f-devices interface: support for Trustkey G310H, JaCarta U2F,
Kensington VeriMark Guard, RSA DS100, Google Titan v2
snapd (2.61.3) xenial; urgency=medium
* New upstream release, LP: #2039017
- Install systemd files in correct location for 24.04
snapd (2.61.2) xenial; urgency=medium
* New upstream release, LP: #2039017
- Fix to enable plug/slot sanitization for prepare-image
- Fix panic when device-service.access=offline
- Support offline remodeling
- Allow offline update only remodels without serial
- Fail early when remodeling to old model revision
- Fix to enable plug/slot sanitization for validate-seed
- Allow removal of core snap on classic systems
- Fix network-control interface denial for file lock on /run/netns
- Add well-known core24 snap-id
- Fix remodel snap installation order
- Prevent remodeling from UC18+ to UC16
- Fix cups auto-connect on classic with cups snap installed
- u2f-devices interface support for GoTrust Idem Key with USB-C
- Fix to restore services after unlink failure
- Add libcudnn.so to Nvidia libraries
- Fix skipping base snap download due to false snapd downgrade
conflict
snapd (2.61.1) xenial; urgency=medium
* New upstream release, LP: #2024007
- Stop requiring default provider snaps on image building and first
boot if alternative providers are included and available
- Fix auth.json access for login as non-root group ID
- Fix incorrect remodelling conflict when changing track to older
snapd version
- Improved check-rerefresh message
- Fix UC16/18 kernel/gadget update failure due volume mismatch with
installed disk
- Stop auto-import of assertions during install modes
- Desktop interface exposes GetIdletime
- Polkit interface support for new polkit versions
- Fix not applying snapd snap changes in tracked channel when remodelling
snapd (2.61) xenial; urgency=medium
* New upstream release, LP: #2039017
- Fix control of activated services in 'snap start' and 'snap stop'
- Correctly reflect activated services in 'snap services'
- Disabled services are no longer enabled again when snap is
refreshed
- interfaces/builtin: added support for Token2 U2F keys
- interfaces/u2f-devices: add Swissbit iShield Key
- interfaces/builtin: update gpio apparmor to match pattern that
contains multiple subdirectories under /sys/devices/platform
- interfaces: add a polkit-agent interface
- interfaces: add pcscd interface
- Kernel command-line can now be edited in the gadget.yaml
- Only track validation-sets in run-mode, fixes validation-set
issues on first boot.
- Added support for using store.access to disable access to snap
store
- Support for fat16 partition in gadget
- Pre-seed authority delegation is now possible
- Support new system-user name daemon
- Several bug fixes and improvements around remodelling
- Offline remodelling support
snapd (2.60.4) xenial; urgency=medium
* New upstream release, LP: #2024007
- i/b/qualcomm_ipc_router.go: switch to plug/slot and add socket
permission
- interfaces/builtin: fix custom-device udev KERNEL values
- overlord: allow the firmware-updater snap to install user daemons
- interfaces: allow loopback as a block-device
snapd (2.60.3) xenial; urgency=medium
* New upstream release, LP: #2024007
- i/b/shared-memory: handle "private" plug attribute in shared-
memory interface correctly
- i/apparmor: support for home.d tunables from /etc/
snapd (2.60.2) xenial; urgency=medium
* New upstream release, LP: #2024007
- i/builtin: allow directories in private /dev/shm
- i/builtin: add read access to /proc/task/schedstat in system-
observe
- snap-bootstrap: print version information at startup
- go.mod: update gopkg.in/yaml.v3 to v3.0.1 to fix CVE-2022-28948
- snap, store: filter out invalid snap edited links from store info
and persisted state
- o/configcore: write netplan defaults to 00-snapd-config on seeding
- snapcraft.yaml: pull in apparmor_parser optimization patches from
https://gitlab.com/apparmor/apparmor/-/merge_requests/711
- snap-confine: fix missing \0 after readlink
- cmd/snap: hide append-integrity-data
- interfaces/opengl: add support for ARM Mali
snapd (2.60.1) xenial; urgency=medium
* New upstream release, LP: #2024007
- install: fallback to lazy unmount() in writeFilesystemContent
- data: include "modprobe.d" and "modules-load.d" in preseeded blob
- gadget: fix install test on armhf
- interfaces: fix typo in network_manager_observe
- sandbox/apparmor: don't let vendored apparmor conflict with system
- gadget/update: set parts in laid out data from the ones matched
- many: move SnapConfineAppArmorDir from dirs to sandbox/apparmor
- many: stop using `-O no-expr-simplify` in apparmor_parser
- go.mod: update secboot to latest uc22 branch
snapd (2.60) xenial; urgency=medium
* New upstream release, LP: #2024007
- Support for dynamic snapshot data exclusions
- Apparmor userspace is vendored inside the snapd snap
- Added a default-configure hook that exposes gadget default
configuration options to snaps during first install before
services are started
- Allow install from initrd to speed up the initial installation
for systems that do not have a install-device hook
- New `snap sign --chain` flag that appends the account and
account-key assertions
- Support validation-sets in the model assertion
- Support new "min-size" field in gadget.yaml
- New interface: "userns"
snapd (2.59.5) xenial; urgency=medium
* New upstream release, LP: #2009946
- Explicitly disallow the use of ioctl + TIOCLINUX
This fixes CVE-2023-1523.
snapd (2.59.4) xenial; urgency=medium
* New upstream release, LP: #2009946
- Retry when looking for disk label on non-UEFI systems
(LP: #2018977)
- Fix remodel from UC20 to UC22
snapd (2.59.3) xenial; urgency=medium
* New upstream release, LP: #2009946
- Fix quiet boot
- i/b/physical_memory_observe: allow reading virt-phys page mappings
- gadget: warn instead of returning error if overlapping with GPT
header
- overlord,wrappers: restart always enabled units
- go.mod: update github.com/snapcore/secboot to latest uc22
- boot: make sure we update assets for the system-seed-null role
- many: ignore case for vfat partitions when validating
snapd (2.59.2) xenial; urgency=medium
* New upstream release, LP: #2009946
- Notify users when a user triggered auto refresh finished
snapd (2.59.1) xenial; urgency=medium
* New upstream release, LP: #2009946
- Add udev rules from steam-devices to steam-support interface
- Bugfixes for layout path checking, dm_crypt permissions,
mount-control interface parameter checking, kernel commandline
parsing, docker-support, refresh-app-awareness
snapd (2.59) xenial; urgency=medium
* New upstream release, LP: #2009946
- Support setting extra kernel command line parameters via snap
configuration and under a gadget allow-list
- Support for Full-Disk-Encryption using ICE
- Support for arbitrary home dir locations via snap configuration
- New nvidia-drivers-support interface
- Support for udisks2 snap
- Pre-download of snaps ready for refresh and automatic refresh of
the snap when all apps are closed
- New microovn interface
- Support uboot with `CONFIG_SYS_REDUNDAND_ENV=n`
- Make "snap-preseed --reset" re-exec when needed
- Update the fwupd interface to support fully confined fwupd
- The memory,cpu,thread quota options are no longer experimental
- Support debugging snap client requests via the
`SNAPD_CLIENT_DEBUG_HTTP` environment variable
- Support ssh listen-address via snap configuration
- Support for quotas on single services
- prepare-image now takes into account snapd versions going into
the image, including in the kernel initrd, to fetch supported
assertion formats
snapd (2.58.3) xenial; urgency=medium
* New upstream release, LP: #1998462
- interfaces/screen-inhibit-control: Add support for xfce-power-
manager
- interfaces/network-manager: do not show ptrace read
denials
- interfaces: relax rules for mount-control `what` for functionfs
- cmd/snap-bootstrap: add support for snapd_system_disk
- interfaces/modem-manager: add net_admin capability
- interfaces/network-manager: add permission for OpenVPN
- httputil: fix checking x509 certification error on go 1.20
- i/b/fwupd: allow reading host os-release
- boot: on classic+modes `MarkBootSuccessfull` does not need a base
- boot: do not include `base=` in modeenv for classic+modes installs
- tests: add spread test that validates revert on boot for core does
not happen on classic+modes
- snapstate: only take boot participants into account in
UpdateBootRevisions
- snapstate: refactor UpdateBootRevisions() to make it easier to
check for boot.SnapTypeParticipatesInBoot()
snapd (2.58.2) xenial; urgency=medium
* New upstream release, LP: #1998462
- bootloader: fix dirty build by hardcoding copyright year
snapd (2.58.1) xenial; urgency=medium
* New upstream release, LP: #1998462
- secboot: detect lockout mode in CheckTPMKeySealingSupported
- cmd/snap-update-ns: prevent keeping unneeded mountpoints
- o/snapstate: do not infinitely retry when an update fails during
seeding
- interfaces/modem-manager: add permissions for NETLINK_ROUTE
- systemd/emulation.go: use `systemctl --root` to enable/disable
- snap: provide more error context in `NotSnapError`
- interfaces: add read access to /run for cryptsetup
- boot: avoid reboot loop if there is a bad try kernel
- devicestate: retry serial acquire on time based certificate
errors
- o/devicestate: run systemctl daemon-reload after install-device
hook
- cmd/snap,daemon: add 'held' to notes in 'snap list'
- o/snapshotstate: check snapshots are self-contained on import
- cmd/snap: show user+gating hold info in 'snap info'
- daemon: expose user and gating holds at /v2/snaps/{name}
Date: 2024-07-29 15:03:17.650930+00:00
Changed-By: Alex Murray <alex.murray at canonical.com>
https://launchpad.net/ubuntu/+source/snapd/2.63+22.04ubuntu0.1
-------------- next part --------------
Sorry, changesfile not available.
More information about the jammy-changes
mailing list