[ubuntu/xenial-proposed] lxc 2.0.8-0ubuntu1~16.04.1 (Accepted)
Stéphane Graber
stgraber at ubuntu.com
Mon May 29 09:58:01 UTC 2017
lxc (2.0.8-0ubuntu1~16.04.1) xenial; urgency=medium
* New upstream bugfix release (2.0.8) (LP: #1691911):
- Security fix for CVE-2017-5985 (previously fixed in Ubuntu)
- All templates have been updated to not set default passwords anymore,
instead requiring lxc-attach be used to configure users.
This may affect some automated environments that were relying on our
default (very much insecure) users.
- Make lxc-start-ephemeral Python 3.2-compatible
- Fix typo
- Allow build without sys/capability.h
- lxc-opensuse: fix default value for release code
- util: always malloc for setproctitle
- util: update setproctitle comments
- confile: clear lxc.network..ipv{4,6} when empty
- lxc_setup_tios(): Ignore SIGTTOU and SIGTTIN signals
- Make lxc-net return non-zero on failure
- seccomp: allow x32 guests on amd64 hosts.
- Add HAVE_LIBCAP
- c/r: only supply --ext-mount-map for bind mounts
- Added 'mkdir -p' functionality in create_or_remove_cgroup
- Use LXC_ROOTFS_MOUNT in clonehostname hook
- squeeze is not a supported release anymore, drop the key
- start: dumb down SIGCHLD from WARN() to NOTICE()
- log: fix lxc_unix_epoch_to_utc()
- cgfsng: make trim() safer
- seccomp: set SCMP_FLTATR_ATL_TSKIP if available
- lxc-user-nic: re-order #includes
- lxc-user-nic: improve + bugfix
- lxc-user-nic: delete link on failure
- conf: only try to delete veth when privileged
- Fix lxc-containers to support multiple bridges
- Fix mixed tab/spaces in previous patch
- lxc-alpine: use dl-cdn.a.o as default mirror instead of random one
- lxc-checkconfig: verify new[ug]idmap are setuid-root
- [templates] archlinux: resolve conflicting files
- [templates] archlinux: noneed default_timezone variable
- python3: Deal with potential NULL char*
- lxc-download.in / allow setting keyserver from env
- lxc-download.in / Document keyserver change in help
- Change variable check to match existing style
- tree-wide: include directly
- conf/ile: make sure buffer is large enough
- tree-wide: include directly
- tests: Support running on IPv6 networks
- tests: Kill containers (don't wait for shutdown)
- Fix opening wrong file in suggest_default_idmap
- do not set the root password in the debian template
- do not set insecure passwords
- don't set a default password for altlinux, gentoo, openmandriva and pld
- tools: exit with return code of lxc_execute()
- Keep veth.pair.name on network shutdown
- Makefile: fix static clang init.lxc build
- Avoid waiting for bridge interface if disabled in sysconfig/lxc
- Increased buffer length in print_stats()
- avoid assigning to a variable which is not POSIX shell proof (bug #1498)
- remove obsolete note about api stability
- conf: less error prone pointer access
- conf: lxc_map_ids() non-functional changes
- caps: add lxc_{proc,file}_cap_is_set()
- conf: check for {filecaps,setuid} on new{g,u}idmap
- conf: improve log when mounting rootfs
- ls: simplify the judgment condition when list active containers
- fix typo introduced in #1509
- attach|unshare: fix the wrong comment
- caps: skip file capability checks on android
- autotools: check for cap_get_file
- caps: return false if caps are not supported
- conf: non-functional changes to setup_pts()
- conf: use bind-mount for /dev/ptmx
- conf: non-functional changes
- utils: use loop device helpers from LXD
- create ISSUE_TEMPLATE.md
- cgroups: improve cgfsng debugging
- issue template: fix typo
- conf: close fd in lxc_setup_devpts()
- conf: non-functional changes
- utils: tweak lxc_mount_proc_if_needed()
- Change sshd template to work with Ubuntu 17.04
- conf: order mount options
- conf: add MS_LAZYTIME to mount options
- monitor: report errno on exec() error
- af unix: allow for maximum socket name
- commands: avoid NULL pointer dereference
- commands: non-functional changes
- lxccontainer: avoid NULL pointer dereference
- monitor: simplify abstract socket logic
- precise is not the latest LTS, let's use xenial instead
- fix the wrong exit status
- conf: non-functional changes lxc_fill_autodev()
- conf: remove /dev/console from lxc_fill_autodev()
- conf: non-functional changes lxc_setup()
- conf: non-functional changes to console functions
- conf: improve lxc_setup_dev_console()
- conf: lxc_setup_ttydir_console()
- config: remove /dev/console bind mount
- doc: document console behavior
- utils: add lxc_unstack_mountpoint()
- conf: unstack all mounts atop /dev/console
- console: fail when we cannot allocate peer tty
- start: remove umount2()
- conf: non-functional changes
- utils: handle > 2^31 in lxc_unstack_mountpoint()
- Install systemd units for CentOS
- Merge ubuntu and debiancase
- start: add crucial details about lxc_spawn()
* Cherry-pick some upstream fixes:
- conf{,ile}: allow one to clear all config items
- start: pin rootfs when privileged
- conf: fix build without libcap
- start: don't call lxc_map_ids() without id map
- lxc-attach: allow for situations without /dev/tty
- utils: fix num parsing functions
- tests: lxc_safe_{u}int() add corner-case tests
* Fix broken proxy detection in debian/tests/exercise
* Only move lxc bash completion from /etc if we installed it there
* Update tests to deal with cgroupv2 tree (recent systemd)
* Drop un-needed lintian override
Date: Thu, 18 May 2017 23:08:57 -0400
Changed-By: Stéphane Graber <stgraber at ubuntu.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
https://launchpad.net/ubuntu/+source/lxc/2.0.8-0ubuntu1~16.04.1
-------------- next part --------------
Format: 1.8
Date: Thu, 18 May 2017 23:08:57 -0400
Source: lxc
Binary: lxc lxc1 lxc-common lxc-dev lxc-templates lxc-tests liblxc1 python3-lxc lua-lxc
Architecture: source
Version: 2.0.8-0ubuntu1~16.04.1
Distribution: xenial
Urgency: medium
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Stéphane Graber <stgraber at ubuntu.com>
Description:
liblxc1 - Linux Containers userspace tools (library)
lua-lxc - Linux Containers userspace tools (Lua bindings)
lxc - Transitional package for lxc1
lxc-common - Linux Containers userspace tools (common tools)
lxc-dev - Linux Containers userspace tools (development)
lxc-templates - Linux Containers userspace tools (templates)
lxc-tests - Linux Containers userspace tools (test binaries)
lxc1 - Linux Containers userspace tools
python3-lxc - Linux Containers userspace tools (Python 3.x bindings)
Launchpad-Bugs-Fixed: 1691911
Changes:
lxc (2.0.8-0ubuntu1~16.04.1) xenial; urgency=medium
.
* New upstream bugfix release (2.0.8) (LP: #1691911):
- Security fix for CVE-2017-5985 (previously fixed in Ubuntu)
.
- All templates have been updated to not set default passwords anymore,
instead requiring lxc-attach be used to configure users.
.
This may affect some automated environments that were relying on our
default (very much insecure) users.
.
- Make lxc-start-ephemeral Python 3.2-compatible
- Fix typo
- Allow build without sys/capability.h
- lxc-opensuse: fix default value for release code
- util: always malloc for setproctitle
- util: update setproctitle comments
- confile: clear lxc.network..ipv{4,6} when empty
- lxc_setup_tios(): Ignore SIGTTOU and SIGTTIN signals
- Make lxc-net return non-zero on failure
- seccomp: allow x32 guests on amd64 hosts.
- Add HAVE_LIBCAP
- c/r: only supply --ext-mount-map for bind mounts
- Added 'mkdir -p' functionality in create_or_remove_cgroup
- Use LXC_ROOTFS_MOUNT in clonehostname hook
- squeeze is not a supported release anymore, drop the key
- start: dumb down SIGCHLD from WARN() to NOTICE()
- log: fix lxc_unix_epoch_to_utc()
- cgfsng: make trim() safer
- seccomp: set SCMP_FLTATR_ATL_TSKIP if available
- lxc-user-nic: re-order #includes
- lxc-user-nic: improve + bugfix
- lxc-user-nic: delete link on failure
- conf: only try to delete veth when privileged
- Fix lxc-containers to support multiple bridges
- Fix mixed tab/spaces in previous patch
- lxc-alpine: use dl-cdn.a.o as default mirror instead of random one
- lxc-checkconfig: verify new[ug]idmap are setuid-root
- [templates] archlinux: resolve conflicting files
- [templates] archlinux: noneed default_timezone variable
- python3: Deal with potential NULL char*
- lxc-download.in / allow setting keyserver from env
- lxc-download.in / Document keyserver change in help
- Change variable check to match existing style
- tree-wide: include directly
- conf/ile: make sure buffer is large enough
- tree-wide: include directly
- tests: Support running on IPv6 networks
- tests: Kill containers (don't wait for shutdown)
- Fix opening wrong file in suggest_default_idmap
- do not set the root password in the debian template
- do not set insecure passwords
- don't set a default password for altlinux, gentoo, openmandriva and pld
- tools: exit with return code of lxc_execute()
- Keep veth.pair.name on network shutdown
- Makefile: fix static clang init.lxc build
- Avoid waiting for bridge interface if disabled in sysconfig/lxc
- Increased buffer length in print_stats()
- avoid assigning to a variable which is not POSIX shell proof (bug #1498)
- remove obsolete note about api stability
- conf: less error prone pointer access
- conf: lxc_map_ids() non-functional changes
- caps: add lxc_{proc,file}_cap_is_set()
- conf: check for {filecaps,setuid} on new{g,u}idmap
- conf: improve log when mounting rootfs
- ls: simplify the judgment condition when list active containers
- fix typo introduced in #1509
- attach|unshare: fix the wrong comment
- caps: skip file capability checks on android
- autotools: check for cap_get_file
- caps: return false if caps are not supported
- conf: non-functional changes to setup_pts()
- conf: use bind-mount for /dev/ptmx
- conf: non-functional changes
- utils: use loop device helpers from LXD
- create ISSUE_TEMPLATE.md
- cgroups: improve cgfsng debugging
- issue template: fix typo
- conf: close fd in lxc_setup_devpts()
- conf: non-functional changes
- utils: tweak lxc_mount_proc_if_needed()
- Change sshd template to work with Ubuntu 17.04
- conf: order mount options
- conf: add MS_LAZYTIME to mount options
- monitor: report errno on exec() error
- af unix: allow for maximum socket name
- commands: avoid NULL pointer dereference
- commands: non-functional changes
- lxccontainer: avoid NULL pointer dereference
- monitor: simplify abstract socket logic
- precise is not the latest LTS, let's use xenial instead
- fix the wrong exit status
- conf: non-functional changes lxc_fill_autodev()
- conf: remove /dev/console from lxc_fill_autodev()
- conf: non-functional changes lxc_setup()
- conf: non-functional changes to console functions
- conf: improve lxc_setup_dev_console()
- conf: lxc_setup_ttydir_console()
- config: remove /dev/console bind mount
- doc: document console behavior
- utils: add lxc_unstack_mountpoint()
- conf: unstack all mounts atop /dev/console
- console: fail when we cannot allocate peer tty
- start: remove umount2()
- conf: non-functional changes
- utils: handle > 2^31 in lxc_unstack_mountpoint()
- Install systemd units for CentOS
- Merge ubuntu and debiancase
- start: add crucial details about lxc_spawn()
.
* Cherry-pick some upstream fixes:
- conf{,ile}: allow one to clear all config items
- start: pin rootfs when privileged
- conf: fix build without libcap
- start: don't call lxc_map_ids() without id map
- lxc-attach: allow for situations without /dev/tty
- utils: fix num parsing functions
- tests: lxc_safe_{u}int() add corner-case tests
.
* Fix broken proxy detection in debian/tests/exercise
* Only move lxc bash completion from /etc if we installed it there
* Update tests to deal with cgroupv2 tree (recent systemd)
* Drop un-needed lintian override
Checksums-Sha1:
41f738112144cdcfc8565464c0558bbb0473561e 2687 lxc_2.0.8-0ubuntu1~16.04.1.dsc
65883786c24312ab36e53231e312d94851957516 1308705 lxc_2.0.8.orig.tar.gz
dcceee9241962aa307bdf18b24490338d0c81ea6 114400 lxc_2.0.8-0ubuntu1~16.04.1.debian.tar.xz
Checksums-Sha256:
23e2219a908823c5b54d7f7f954c5625d1b0e9c6ef9cdb99ce6eb824fc5ed042 2687 lxc_2.0.8-0ubuntu1~16.04.1.dsc
0d8e34b302cfe4c40c6c9ae5097096aa5cc2c1dfceea3f0f22e3e16c4a4e8494 1308705 lxc_2.0.8.orig.tar.gz
78f82e4ae3a070b5e8d3b81fdad1cfe2b01941353f44a52117893cbc9bcb73ad 114400 lxc_2.0.8-0ubuntu1~16.04.1.debian.tar.xz
Files:
cc9a2083d8b330e4b16cdf2d7a3bfb6d 2687 admin optional lxc_2.0.8-0ubuntu1~16.04.1.dsc
7bfd95280522d7936c0979dfea92cdb5 1308705 admin optional lxc_2.0.8.orig.tar.gz
fc5634587cc9894283eabb1299c17f9d 114400 admin optional lxc_2.0.8-0ubuntu1~16.04.1.debian.tar.xz
More information about the Xenial-changes
mailing list