[ubuntu/questing-proposed] snapd 2.75.2+ubuntu25.10 (Accepted)
Katie May
katie.may at canonical.com
Thu May 7 17:10:40 UTC 2026
snapd (2.75.2+ubuntu25.10) questing; urgency=medium
* New upstream release, LP: #2143882
- Interfaces: network-setup-*| allow running python binaries from
the base on UC26+
- Cross-distro: modify SELinux policy to allow mounting on
/var/snap/<snap>/<rev>
- Fix potential task deadlock by considering all tasks in a lane
that might be waiting for a reboot when processing delayed
security backend effects
snapd (2.75.1+ubuntu25.10) questing; urgency=medium
- FDE: limit number of boot check log entries
- Allow a logged in user to refresh private snaps during a refresh
with multiple snaps
- Use precise prune pattern for tmpfiles (CVE-2026-3888)
snapd (2.75+ubuntu25.10) questing; urgency=medium
- FDE: run early boot check only once per boot
- FDE: update secboot to revision 77bc2457cc76
- FDE: add degraded state for status API
- FDE: prevent resealing tasks from running together
- FDE: enable using keyslot tokens to store protected keys for UC26+
- FDE: early commit kcmdline config transaction in update-gadget-
cmdline to mitigate possible race condition
- FDE: ensure extra snapd kcmdline fragments are applied
- FDE: remove old secboot activation API calls
- LP: #2142130 update apparmor parser to 4.1.7
- LP: #2137543 disable translations in formatted output for snapctl
services
- LP: #2142655 improve snap size reporting precision in snap info
output
- LP: #2139664 snap-confine: remove race condition triggered by hat
profile
- LP: #2139065 skip 70-snap.*.rules when building dracut initramfs
- LP: #2002697 error early on removal without purge if home is in
NFS mount
- LP: #2141461 Intefaces: allow snap-update-ns to read
/proc/pid/auxv
- LP: #2138268 Interfaces: kerberos-tickets| new interface allow
access to kerberos tickets stored in /tmp
- Interfaces: block-devices| allow Xen block devices
- Interfaces: u2f-devices| add Tokey 3 FIDO
- Interfaces: devlxd| new interface allowing acccess to LXD devlxd
socket and APIs
- Interfaces: browser-support| allow reading pressure stall info
information
- Interfaces: network-setup-control| allow additional netplan files
access
- Interfaces: desktop| allow access kvantum, lxqt, and gtk4
configuration files
- Interfaces: system-observe| allow fdinfo access for GPU monitoring
- Interfaces: ubuntu-pro-control| allow access to Ubuntu Advantage
client configuration
- Prompting: add API endpoint to ask whether application should have
access
- Prompting: add support for audio-record prompting via API endpoint
- Prompting: store snap name instead of apparmor label in requests
- Prompting: respond with 503 to API requests when prompting
subsystem is shutting down
- Prompting: generalize prompting subsystem to support requests from
outside AppArmor
- Confdb: unset data for missing paths in set request
- Confdb: return 400 for API requests with missing filter
constraints
- Confdb: return 400 for API requests with unmatched filter
constraints
- Confdb: support typed constraints in confdb filtering
- Confdb: fixed unmarshalling transaction with placeholder path in
deltas
- Confdb: refresh confdb-schema assertions during manual refresh
- Remote device management (experimental): add skeleton device
management manager
- Remote device management (experimental): add message exchange loop
- Components: add snap component command, include component summary
in snap info output
- Components: enforce validation sets when installing components
- Configuration: add system.motd configuration option to customize
message of the day (motd)
- packaging: remove dependencies libbrotli1, libfreetype6, and
libpng16-16 from snap
- snap-bootstrap: use libblkid for disk information to speed up boot
- snap-confine: improve data handling error
- snap-confine: use ld cache from the app base for core26+
- snap: add riscv ISA detection for snaps
- squashfs: reduce memory footprint of single file extraction
- Add experimental snap delta format
- Enable early download of seed snaps during refresh
- Enable parallel downloads of essential snaps during refresh
- Disallow removing components required by validation sets
- Make snap prepare-image fail on --validation=ignore if model has
enforced validation-sets
- Fix correctly handling interrupted snap downloads
- Fix handling of store throttling for refresh-app-awareness
monitored snaps
- Stop removed "endure" services on refresh
- Install by default from the initramfs for UC26+, removing the need
for a reboot after installation
- Keep minidebuginfo in snapd snap
- Make snap-specific systemd cgroup mandatory for snaps using core26
and later, improve messaging for failure scenarios
- Preserve stale connections of broken snaps
- Remove enforce-validation-sets need for network
- Opportunistic discarding of mount namespace when updating slot
providers
- Support for delaying updates of snap mount namespaces when
refreshing slot providers
- Use application CommonID as default source for desktop ID
Date: Mon, 30 Mar 2026 17:06:36 +0200
Changed-By: Katie May <katie.may at canonical.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Signed-By: Nick Rosbrook <nick.rosbrook at canonical.com>
https://launchpad.net/ubuntu/+source/snapd/2.75.2+ubuntu25.10
-------------- next part --------------
Format: 1.8
Date: Mon, 30 Mar 2026 17:06:36 +0200
Source: snapd
Built-For-Profiles: derivative.ubuntu noudeb
Architecture: source
Version: 2.75.2+ubuntu25.10
Distribution: questing
Urgency: medium
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Katie May <katie.may at canonical.com>
Launchpad-Bugs-Fixed: 2002697 2137543 2138268 2139065 2139664 2141461 2142130 2142655 2143882
Changes:
snapd (2.75.2+ubuntu25.10) questing; urgency=medium
.
* New upstream release, LP: #2143882
- Interfaces: network-setup-*| allow running python binaries from
the base on UC26+
- Cross-distro: modify SELinux policy to allow mounting on
/var/snap/<snap>/<rev>
- Fix potential task deadlock by considering all tasks in a lane
that might be waiting for a reboot when processing delayed
security backend effects
.
snapd (2.75.1+ubuntu25.10) questing; urgency=medium
.
- FDE: limit number of boot check log entries
- Allow a logged in user to refresh private snaps during a refresh
with multiple snaps
- Use precise prune pattern for tmpfiles (CVE-2026-3888)
.
snapd (2.75+ubuntu25.10) questing; urgency=medium
.
- FDE: run early boot check only once per boot
- FDE: update secboot to revision 77bc2457cc76
- FDE: add degraded state for status API
- FDE: prevent resealing tasks from running together
- FDE: enable using keyslot tokens to store protected keys for UC26+
- FDE: early commit kcmdline config transaction in update-gadget-
cmdline to mitigate possible race condition
- FDE: ensure extra snapd kcmdline fragments are applied
- FDE: remove old secboot activation API calls
- LP: #2142130 update apparmor parser to 4.1.7
- LP: #2137543 disable translations in formatted output for snapctl
services
- LP: #2142655 improve snap size reporting precision in snap info
output
- LP: #2139664 snap-confine: remove race condition triggered by hat
profile
- LP: #2139065 skip 70-snap.*.rules when building dracut initramfs
- LP: #2002697 error early on removal without purge if home is in
NFS mount
- LP: #2141461 Intefaces: allow snap-update-ns to read
/proc/pid/auxv
- LP: #2138268 Interfaces: kerberos-tickets| new interface allow
access to kerberos tickets stored in /tmp
- Interfaces: block-devices| allow Xen block devices
- Interfaces: u2f-devices| add Tokey 3 FIDO
- Interfaces: devlxd| new interface allowing acccess to LXD devlxd
socket and APIs
- Interfaces: browser-support| allow reading pressure stall info
information
- Interfaces: network-setup-control| allow additional netplan files
access
- Interfaces: desktop| allow access kvantum, lxqt, and gtk4
configuration files
- Interfaces: system-observe| allow fdinfo access for GPU monitoring
- Interfaces: ubuntu-pro-control| allow access to Ubuntu Advantage
client configuration
- Prompting: add API endpoint to ask whether application should have
access
- Prompting: add support for audio-record prompting via API endpoint
- Prompting: store snap name instead of apparmor label in requests
- Prompting: respond with 503 to API requests when prompting
subsystem is shutting down
- Prompting: generalize prompting subsystem to support requests from
outside AppArmor
- Confdb: unset data for missing paths in set request
- Confdb: return 400 for API requests with missing filter
constraints
- Confdb: return 400 for API requests with unmatched filter
constraints
- Confdb: support typed constraints in confdb filtering
- Confdb: fixed unmarshalling transaction with placeholder path in
deltas
- Confdb: refresh confdb-schema assertions during manual refresh
- Remote device management (experimental): add skeleton device
management manager
- Remote device management (experimental): add message exchange loop
- Components: add snap component command, include component summary
in snap info output
- Components: enforce validation sets when installing components
- Configuration: add system.motd configuration option to customize
message of the day (motd)
- packaging: remove dependencies libbrotli1, libfreetype6, and
libpng16-16 from snap
- snap-bootstrap: use libblkid for disk information to speed up boot
- snap-confine: improve data handling error
- snap-confine: use ld cache from the app base for core26+
- snap: add riscv ISA detection for snaps
- squashfs: reduce memory footprint of single file extraction
- Add experimental snap delta format
- Enable early download of seed snaps during refresh
- Enable parallel downloads of essential snaps during refresh
- Disallow removing components required by validation sets
- Make snap prepare-image fail on --validation=ignore if model has
enforced validation-sets
- Fix correctly handling interrupted snap downloads
- Fix handling of store throttling for refresh-app-awareness
monitored snaps
- Stop removed "endure" services on refresh
- Install by default from the initramfs for UC26+, removing the need
for a reboot after installation
- Keep minidebuginfo in snapd snap
- Make snap-specific systemd cgroup mandatory for snaps using core26
and later, improve messaging for failure scenarios
- Preserve stale connections of broken snaps
- Remove enforce-validation-sets need for network
- Opportunistic discarding of mount namespace when updating slot
providers
- Support for delaying updates of snap mount namespaces when
refreshing slot providers
- Use application CommonID as default source for desktop ID
Checksums-Sha1:
75261966410b9f5f0dc8d538048ce01bfdbabcfb 3051 snapd_2.75.2+ubuntu25.10.dsc
c6ae0aff3b069095b7e43e3c5789e10f76334794 11283468 snapd_2.75.2+ubuntu25.10.tar.xz
e8196309c9d8d4cfefd75b9c5d4c44f9516bb6c2 12041 snapd_2.75.2+ubuntu25.10_source.buildinfo
Checksums-Sha256:
858d1b601d9377b89fac66f22a0d28c5d5263cfa9d24dd7ff2c4319cc7bbb9b4 3051 snapd_2.75.2+ubuntu25.10.dsc
1dc459aa8e33b0148b1a73fd48b449492a6ce40cac0f073271e95704089d80c3 11283468 snapd_2.75.2+ubuntu25.10.tar.xz
6e7b486a971c801a99ac9590a6272534fc2ad3abe6b26acef4c7953d123eb677 12041 snapd_2.75.2+ubuntu25.10_source.buildinfo
Files:
395084da121654ffe7c906f48a33e665 3051 devel optional snapd_2.75.2+ubuntu25.10.dsc
e5b2d899abb78fa5960b2424fd1a224a 11283468 devel optional snapd_2.75.2+ubuntu25.10.tar.xz
8b11ae3899849d4cae72110b43632486 12041 devel optional snapd_2.75.2+ubuntu25.10_source.buildinfo
More information about the Questing-changes
mailing list