[ubuntu/xenial-security] snapd 2.45.1ubuntu0.2 (Accepted)

Maria Emilia Torino emilia.torino at canonical.com
Wed Jul 15 12:11:17 UTC 2020


snapd (2.45.1ubuntu0.2) xenial-security; urgency=medium

  * SECURITY UPDATE: sandbox escape vulnerability via snapctl user-open
    (xdg-open)
    - usersession/userd/launcher.go: remove XDG_DATA_DIRS environment 
      variable modification when calling the system xdg-open. Patch
      thanks to James Henstridge
    - packaging/ubuntu-16.04/snapd.postinst: kill userd on upgrade so it
      may autostart on next use. Patch thanks to Michael Vogt
    - CVE-2020-11934
    - LP: #1880085

snapd (2.45.1) xenial; urgency=medium

  * New upstream release, LP: #1875071
    - data/selinux: allow checking /var/cache/app-info
    - cmd/snap-confine: add support for libc6-lse
    - interfaces: miscellanious policy updates xlv
    - snap-bootstrap: remove sealed key file on reinstall
    - interfaces-ssh-keys: Support reading /etc/ssh/ssh_config.d/
    - gadget: make ext4 filesystems with or without metadata checksum
    - interfaces/fwupd: allow bind mount to /boot on core
    - tests: cherry-pick test fixes from master
    - snap/squashfs: also symlink snap Install with uc20 seed snap dir
      layout
    - interfaces/serial-port: add NXP SC16IS7xx (ttySCX) to allowed
      devices
    - snap,many: mv Open to snapfile pkg to support add'l options to
      Container methods
    - interfaces/builtin/desktop: do not mount fonts cache on distros
      with quirks
    - devicestate, sysconfig: revert support for cloud.cfg.d/ in the
      gadget
    - data/completion, packaging: cherry-pick zsh completion
    - state: log task errors in the journal too
    - devicestate: do not report "ErrNoState" for seeded up
    - interfaces/desktop: silence more /var/lib/snapd/desktop/icons
      denials
    - packaging/fedora: disable FIPS compliant crypto for static
      binaries
    - packaging: stop depending on python-docutils

snapd (2.45) xenial; urgency=medium

  * New upstream release, LP: #1875071
    - o/devicestate: support doing system action reboots from recover
      mode
    - vendor: update to latest secboot
    - tests: not fail when boot dir cannot be determined
    - configcore: only reload journald if systemd is new enough
    - cmd/snap-bootstrap/initramfs-mounts: append uuid to ubuntu-data
      when decrypting
    - tests/lib/prepare.sh: delete patching of the initrd
    - cmd/snap: coldplug auto-import assertions from all removable
      devices
    - cmd/snap: fix the order of positional parameters in help output
    - c/snap-bootstrap: port mount state mocking to the new style on
      master
    - cmd/snap-bootstrap/initramfs-mounts: add sudoers to dirs to copy
      as well
    - o/devicestate,cmd/snap-bootstrap: seal to recover mode cmdline,
      unlock in recover mode initramfs
    - progress: tweak multibyte label unit test data
    - gadget: fix fallback device lookup for 'mbr' type structures
    - progress: fix progress bar with multibyte duration units
    - many: use /run/mnt/data over /run/mnt/ubuntu-data for uc20
    - many: put the sealed keys in a directory on seed for tidiness
    - cmd/snap-bootstrap: measure epoch and model before unlocking
      encrypted data
    - o/configstate: core config handler for persistent journal
    - bootloader/uboot: use secondary ubootenv file boot.sel for uc20
    - packaging: add "$TAGS" to dh_auto_test for debian packaging
    - tests: ensure $cache_dir is actually available
    - secboot,cmd/snap-bootstrap: add model to pcr protection profile
    - devicestate: do not use snap-boostrap in devicestate to install
    - tests: fix a typo in nested.sh helper
    - devicestate: add support for cloud.cfg.d config from the gadget
    - cmd/snap-bootstrap: cleanups, naming tweaks
    - testutil: add NewDBusTestConn
    - snap-bootstrap: lock access to sealed keys
    - overlord/devicestate: preserve the current model inside ubuntu-
      boot
    - interfaces/apparmor: use differently templated policy for non-core
      bases
    - seccomp: add get_tls, io_pg* and *time64/*64 variants for existing
      syscalls
    - cmd/snap-bootstrap/initramfs-mounts: mount ubuntu-seed first,
      other misc changes
    - o/snapstate: tweak "waiting for restart" message
    - boot: store model model and grade information in modeenv
    - interfaces/firewall-control: allow -legacy and -nft for core20
    - boot: enable makeBootable20RunMode for EnvRefExtractedKernel
      bootloaders
    - boot/bootstate20: add EnvRefExtractedKernelBootloader bootstate20
      implementation
    - daemon: fix error message from `snap remove-user foo` on classic
    - overlord: have a variant of Mock that can take a state.State
    - tests: 16.04 and 18.04 now have mediating pulseaudio (again)
    - seed: clearer errors for missing essential snapd or core snap
    - cmd/snap-bootstrap/initramfs-mounts: support
      EnvRefExtractedKernelBootloader's
    - gadget, cmd/snap-bootstrap: MBR schema support
    - image: improve/adjust DownloadSnap doc comment
    - asserts: introduce ModelGrade.Code
    - tests: ignore user-12345 slice and service
    - image,seed/seedwriter: support redirect channel aka default
      tracks
    - bootloader: use binary.Read/Write
    - tests: uc20 nested suite part II
    - tests/boot: refactor to make it easier for new
      bootloaderKernelState20 impl
    - interfaces/openvswitch: support use of ovs-appctl
    - snap-bootstrap: copy auth data from real ubuntu-data in recovery
      mode
    - snap-bootstrap: seal and unseal encryption key using tpm
    - tests: disable special-home-can-run-classic-snaps due to jenkins
      repo issue
    - packaging: fix build on Centos8 to support BUILDTAGS
    - boot/bootstate20: small changes to bootloaderKernelState20
    - cmd/snap: Implement a "snap routine file-access" command
    - spread.yaml: switch back to latest/candidate for lxd snap
    - boot/bootstate20: re-factor kernel methods to use new interface
      for state
    - spread.yaml,tests/many: use global env var for lxd channel
    - boot/bootstate20: fix bug in try-kernel cleanup
    - config: add system.store-certs.[a-zA-Z0-9] support
    - secboot: key sealing also depends on secure boot enabled
    - httputil: fix client timeout retry tests
    - cmd/snap-update-ns: handle EBUSY when unlinking files
    - cmd/snap/debug/boot-vars: add opts for setting dir and/or uc20
      vars
    - secboot: add tpm support helpers
    - tests/lib/assertions/developer1-pi-uc20.model: use 20/edge for
      kernel and gadget
    - cmd/snap-bootstrap: switch to a 64-byte key for unlocking
    - tests: preserve size for centos images on spread.yaml
    - github: partition the github action workflows
    - run-checks: use consistent "Checking ..." style messages
    - bootloader: add efi pkg for reading efi variables
    - data/systemd: do not run snapd.system-shutdown if finalrd is
      available
    - overlord: update tests to work with latest go
    - cmd/snap: do not hide debug boot-vars on core
    - cmd/snap-bootstrap: no error when not input devices are found
    - snap-bootstrap: fix partition numbering in create-partitions
    - httputil/client_test.go: add two TLS version tests
    - tests: ignore user at 12345.service hierarchy
    - bootloader, gadget, cmd/snap-bootstrap: misc cosmetic things
    - tests: rewrite timeserver-control test
    - tests: fix racy pulseaudio tests
    - many: fix loading apparmor profiles on Ubuntu 20.04 with ZFS
    - tests: update snap-preseed --reset logic to accommodate for 2.44
      change
    - cmd/snap: don't wait for system key when stopping
    - sandbox/cgroup: avoid making arrays we don't use
    - osutil: mock proc/self/mountinfo properly everywhere
    - selinux: export MockIsEnforcing; systemd: use in tests
    - tests: add 32 bit machine to GH actions
    - tests/session-tool: kill cron session, if any
    - asserts: it should be possible to omit many snap-ids if allowed,
      fix
    - boot: cleanup more things, simplify code
    - github: skip spread jobs when corresponding label is set
    - dirs: don't depend on osutil anymore, mv apparmor vars to apparmor
      pkg
    - tests/session-tool: add session-tool --dump
    - github: allow cached debian downloads to restore
    - tests/session-tool: session ordering is non-deterministic
    - tests: enable unit tests on debian-sid again
    - github: move spread to self-hosted workers
    - secboot: import secboot on ubuntu, provide dummy on !ubuntu
    - overlord/devicestate: support for recover and run modes
    - snap/naming: add validator for snap security tag
    - interfaces: add case for rootWritableOverlay + NFS
    - tests/main/uc20-create-partitions: tweaks, renames, switch to
      20.04
    - github: port CLA check to Github Actions
    - interfaces/many: miscellaneous policy updates xliv
    - configcore,tests: fix setting watchdog options on UC18/20
    - tests/session-tool: collect information about services on startup
    - tests/main/uc20-snap-recovery: unbreak, rename to uc20-create-
      partitions
    - state: add state.CopyState() helper
    - tests/session-tool: stop anacron.service in prepare
    - interfaces: don't use the owner modifier for files shared via
      document portal
    - systemd: move the doc comments to the interface so they are
      visible
    - cmd/snap-recovery-chooser: tweaks
    - interfaces/docker-support: add overlayfs file access
    - packaging: use debian/not-installed to ignore snap-preseed
    - travis.yml: disable unit tests on travis
    - store: start splitting store.go and store_test.go into subtopic
      files
    - tests/session-tool: stop cron/anacron from meddling
    - github: disable fail-fast as spread cannot be interrupted
    - github: move static checks and spread over
    - tests: skip "/etc/machine-id" in "writablepaths" test
    - snap-bootstrap: store encrypted partition recovery key
    - httputil: increase testRetryStrategy max timelimit to 5s
    - tests/session-tool: kill leaking closing session
    - interfaces: allow raw access to USB printers
    - tests/session-tool: reset failed session-tool units
    - httputil: increase httpclient timeout in
      TestRetryRequestTimeoutHandling
    - usersession: extend timerange in TestExitOnIdle
    - client: increase timeout in client tests to 100ms
    - many: disentagle release and snapdenv from sandbox/*
    - boot: simplify modeenv mocking to always write a modeenv
    - snap-bootstrap: expand data partition on install
    - o/configstate: add backlight option for core config
    - cmd/snap-recovery-chooser: add recovery chooser
    - features: enable robust mount ns updates
    - snap: improve TestWaitRecovers test
    - sandbox/cgroup: add ProcessPathInTrackingCgroup
    - interfaces/policy: fix comment in recent new test
    - tests: make session tool way more robust
    - interfaces/seccomp: allow passing an address to setgroups
    - o/configcore: introduce core config handlers (3/N)
    - interfaces: updates to login-session-observe, network-manager and
      modem-manager interfaces
    - interfaces/policy/policy_test.go: add more tests'allow-
      installation: false' and we grant based on interface attributes
    - packaging: detect/disable broken seed in the postinst
    - cmd/snap-confine/mount-support-nvidia.c: add libnvoptix as nvidia
      library
    - tests: remove google-tpm backend from spread.yaml
    - tests: install dependencies with apt using --no-install-recommends
    - usersession/userd: add zoommtg url support
    - snap-bootstrap: fix disk layout sanity check
    - snap: add `snap debug state --is-seeded` helper
    - devicestate: generate warning if seeding fails
    - config, features: move and rename config.GetFeatureFlag helper to
      features.Flag
    - boot, overlord/devicestate, daemon:  implement requesting boot
      into a given recovery system
    - xdgopenproxy: forward requests to the desktop portal
    - many: support immediate reboot
    - store: search v2 tweaks
    - tests: fix cross build tests when installing dependencies
    - daemon: make POST /v2/systems/<label> root only
    - tests/lib/prepare.sh: use only initrd from the kernel snap
    - cmd/snap,seed: validate full seeds (UC 16/18)
    - tests/main/user-session-env: stop the user session before deleting
      the test-zsh user
    - overlord/devicestate, daemon: record the seed current system was
      installed from
    - gadget: SystemDefaults helper function to convert system defaults
      config into a flattened map suitable for FilesystemOnlyApply.
    - many: comment or avoid cryptic snap-ids in tests
    - tests: add LXD_CHANNEL environment
    - store: support for search API v2
    - .github: register a problem matcher to detect spread failures
    - seed: add Info() method for seed.Snap
    - github: always run the "Discard spread workers" step, even if the
      job fails
    - github: offload self-hosted workers
    - cmd/snap: the model command needs just a client, no waitMixin
    - github: combine tests into one workflow
    - github: fix order of go get caches
    - tests: adding more workers for ubuntu 20.04
    - boot,overlord: rename operating mode to system mode
    - config: add new Transaction.GetPristine{,Maybe}() function
    - o/devicestate: rename readMaybe* to maybeRead*
    - github: cache Debian dependencies for unit tests
    - wrappers: respect pre-seeding in error path
    - seed: validate UC20 seed system label
    - client, daemon, overlord/devicestate: request system action API
      and stubs
    - asserts,o/devicestate: support model specified alternative serial-
      authority
    - many: introduce naming.WellKnownSnapID
    - o/configcore: FilesystemOnlyApply method for early configuration
      of core (1/N)
    - github: run C unit tests
    - github: run spread tests on PRs only
    - interfaces/docker-support: make containerd abstract socket more
      generic
    - tests: cleanup security-private-tmp properly
    - overlord/devicestate,boot: do not hold to the originally read
      modeenv
    - dirs: rm RunMnt; boot: add vars for early boot env layout;
      sysconfig: take targetdir arg
    - cmd/snap-bootstrap/initramfs-mounts/tests: use dirs.RunMnt over
      s.runMnt
    - tests: add regression test for MAAS refresh bug
    - errtracker: add missing mocks
    - github: apt-get update before installing build-deps
    - github: don't fail-fast
    - github: run spread via github actions
    - boot,many: add modeenv.WriteTo, make Write take no args
    - wrappers: fix timer schedules that are days only
    - tests/main/snap-seccomp-syscalls: install gperf
    - github: always checkout to snapcore/snapd
    - github: add prototype workflow running unit tests
    - many: improve comments, naming, a possible TODO
    - client: use Assert when checking for error
    - tests: ensure sockets target is ready in session agent spread
      tests
    - osutil: do not leave processes behind after the test run
    - tests: update proxy-no-core to match latest CDN changes
    - devicestate,sysconfig: support "cloud.cfg.d" in uc20 for grade:
      dangerous
    - cmd/snap-failure,tests: try to make snap-failure more robust
    - many: fix packages having mistakenly their copyright as doc
    - many: enumerate system seeds, return them on the /v2/systems API
      endpoint
    - randutil: don't consume kernel entropy at init, just mix more info
      to try to avoid fleet collisions
    - snap-bootstrap: add creationSupported predicate for partition
      types
    - tests: umount partitions which are not umounted after remount
      gadget
    - snap: run gofmt -s
    - many: improve environment handling, fixing duplicate entries
    - boot_test: add many boot robustness tests for UC20 kernel
      MarkBootSuccessul and SetNextBoot
    - overlord: remove unneeded overlord.MockPruneInterval() mocks
    - interfaces/greengrass-support: fix typo
    - overlord,timings,daemon: separate timings from overlord/state
    - tests: enable nested on core20 and test current branch
    - snap-bootstrap: remove created partitions on reinstall
    - boot: apply Go 1.10 formatting
    - apparmor: use rw for uuidd request to default and remove from
      elsewhere
    - packaging: add README.source for debian
    - tests: cleanup various uc20 boot tests from previous PR
    - devicestate: disable cloud-init by default on uc20
    - run-checks: tweak formatting checks
    - packaging,tests: ensure debian-sid builds without vendor/
    - travis.yml: run unit tests with go/master as well* travis.yml: run
      unit tests with go/master as well
    - seed: make Brand() part of the Seed interface
    - cmd/snap-update-ns: ignore EROFS from rmdir/unlink
    - daemon: do a forceful server shutdown if we hit a deadline
    - tests/many: don't use StartLimitInterval anymore, unify snapd-
      failover variants, build snapd snap for UC16 tests
    - snap-seccomp: robustness improvements
    - run-tests: disable -v for go test to avoid spaming the logs
    - snap: whitelist lzo as support compression for snap pack
    - snap: tweak comment in Install() for overlayfs detection
    - many: introduce snapdenv.Preseeding instead of release.PreseedMode
    - client, daemon, overlord/devicestate: structures and stubs for
      systems API
    - o/devicestate: delay the creation of mark-seeded task until
      asserts are loaded
    - data/selinux, tests/main/selinux: cleanup tmpfs operations in the
      policy, updates
    - interfaces/greengrass-support: add new 1.9 access
    - snap: do not hardlink on overlayfs
    - boot,image: ARM kernel extract prepare image
    - interfaces: make gpio robust against not-existing gpios in /sys
    - cmd/snap-preseed: handle --reset flag
    - many: introduce snapdenv to present common snapd env options
    - interfaces/kubernetes-support: allow autobind to journald socket
    - snap-seccomp: allow mprotect() to unblock the tests
    - tests/lib/reset: workaround unicode dot in systemctl output
    - interfaces/udisks2: also allow Introspection on
      /org/freedesktop/UDisks/**
    - snap: introduce Container.RandomAccessFile
    - o/ifacestate, api: implementation of snap disconnect --forget
    - cmd/snap: make the portal-info command search for the network-
      status interface
    - interfaces: work around apparmor_parser slowness affecting uio
    - tests: fix/improve failing spread tests
    - many: clean separation of bootenv mocking vs mock bootloader kinds
    - tests: mock prune ticker in overlord tests to reduce wait times
    - travis: disable arm64 again
    - httputil: add support for extra snapd certs
    - travis.yml: run unit tests on arm64 as well
    - many: fix a pair of ineffectual assignments
    - tests: add uc20 kernel snap upgrade managers test, fix
      bootloadertest bugs
    - o/snapstate: set base in SnapSetup on snap revert
    - interfaces/{docker,kubernetes}-support: updates for lastest k8s
    - cmd/snap-exec: add test case for LP bug 1860369
    - interfaces: make the network-status interface implicit on
      classic
    - interfaces: power control interfaceIt is documented in the
      kernel
    - interfaces: miscellaneous policy updates
    - cmd/snap: add a "snap routine portal-info" command
    - usersession/userd: add "apt" to the white list of URL schemes
      handled by xdg-open
    - interfaces/desktop: allow access to system prompter interface
    - devicestate: allow encryption regardless of grade
    - tests: run ipv6 network-retry test too
    - tests: test that after "remove-user" the system is unmanaged
    - snap-confine: unconditionally add /dev/net/tun to the device
      cgroup
    - snapcraft.yaml: use sudo -E and remove workaround
    - interfaces/audio_playback: Fix pulseaudio config access
    - ovelord/snapstate: update only system wide fonts cache
    - wrappers: import /etc/environment in all services
    - interfaces/u2f: Add Titan USB-C key
    - overlord, taskrunner: exit on task/ensure error when preseeding
    - tests: add session-tool, a su / sudo replacement
    - wrappers: add mount unit dependency for snapd services on core
      devices
    - tests: just remove user when the system is not managed on create-
      user-2 test
    - snap-preseed: support for preseeding of snapd and core18
    - boot: misc UC20 changes
    - tests: adding arch-linux execution
    - packaging: revert "work around review-tools and snap-confine"
    - netlink: fix panic on arm64 with the new rawsockstop codewith a
      nil Timeval panics
    - spread, data/selinux: add CentOS 8, update policy
    - tests: updating checks to new test account for snapd-test snaps
    - spread.yaml: mv opensuse 15.1 to unstable
    - cmd/snap-bootstrap,seed: verify only in-play snaps
    - tests: use ipv4 in retry-network to unblock failing master
    - data/systemd: improve the description
    - client: add "Resume" to DownloadOptions and new test
    - tests: enable snapd-failover on uc20
    - tests: add more debug output to the snapd-failure handling
    - o/devicestate: unset recovery_system when done seeding

snapd (2.44.3) xenial; urgency=medium

  * New upstream release, LP: #1864808
    - tests: fix racy pulseaudio tests
    - many: fix loading apparmor profiles on Ubuntu 20.04 with ZFS
    - tests: update snap-preseed --reset logic
    - tests: backport partition fixes
    - cmd/snap: don't wait for system key when stopping
    - interfaces/many: miscellaneous policy updates xliv
    - tests/main/uc20-snap-recovery: use 20.04 system
    - tests: skip "/etc/machine-id" in "writablepaths
    - interfaces/docker-support: add overlays file access

snapd (2.44.2) xenial; urgency=medium

  * New upstream release, LP: #1864808
    - packaging: detect/disable broken seeds in the postinst
    - cmd/snap,seed: validate full seeds (UC 16/18)
    - snap: add `snap debug state --is-seeded` helper
    - devicestate: generate warning if seeding fails
    - store: support for search API v2
    - cmd/snap-seccomp/syscalls: update the list of known syscalls
    - snap/cmd: the model command needs just a client, no waitMixin
    - tests: cleanup security-private-tmp properly
    - wrappers: fix timer schedules that are days only
    - tests: update proxy-no-core to match latest CDN changes
    - cmd/snap-failure,tests: make snap-failure more robust
    - tests, many: don't use StartLimitInterval anymore, unify snapd-
      failover variants, build snapd snap for UC16 tests

snapd (2.44.1) xenial; urgency=medium

  * New upstream release, LP: #1864808
    - randutil: switch back to setting up seed with lower entropy data
    - interfaces/greengrass-support: fix typo
    - packaging,tests: ensure debian-sid builds without vendor/
    - travis.yml: run unit tests with go/master as well
    - cmd/snap-update-ns: ignore EROFS from rmdir/unlink

snapd (2.44) xenial; urgency=medium

  * New upstream release, LP: #1864808
    - daemon: do a forceful serer shutdown if we hit a deadline
    - snap: whitelist lzo as support compression for snap pack
    - data/selinux: update policy to allow more ops
    - interfaces/greengrass-support: add new 1.9 access
    - snap: do not hardlink on overlayfs
    - cmd/snap-preseed: handle --reset flag
    - interfaces/kubernetes-support: allow autobind to journald socket
    - snap-seccomp: allow mprotect() to unblock the tests
    - tests/lib/reset: workaround unicode dot in systemctl output
    - interfaces: work around apparmor_parser slowness affecting uio
    - interfaces/udisks2: also allow Introspection on
      /org/freedesktop/UDisks2/**
    - tests: mock prune ticker in overlord tests to reduce wait times
    - interfaces/{docker,kubernetes}-support: updates for lastest k8s
    - interfaces: miscellaneous policy updates
    - interfaces/audio_playback: Fix pulseaudio config access
    - overlord: disable Test..AbortShortlyAfterStartOfOperation for 2.44
    - ovelord/snapstate: update only system wide fonts cache
    - wrappers: import /etc/environment in all services
    - interfaces/u2f: Add Titan USB-C key
    - overlord, taskrunner: exit on task/ensure error when preseeding
    - overlord/snapstate/backend: update snapd services contents in unit
      tests
    - wrappers: add mount unit dependency for snapd services on core
      devices
    - Revert "tests: remove /tmp/snap.* left over by other tests"
    - Revert "packaging: work around review-tools and snap-confine"
    - netlink: fix panic on arm64 with the new rawsockstop code
    - spread, data/selinux: add CentOS 8, update policy
    - spread.yaml: mv opensuse tumbleweed to unstable too
    - spread.yaml: mv opensuse 15.1 to unstable
    - tests: use ipv4 in retry-network to unblock failing master
    - data/systemd: improve the description
    - tests/lib/prepare.sh: simplify, combine code paths
    - tests/main/user-session-env: add test verifying environment
      variables inside the user session
    - spread.yaml: make qemu ubuntu-core-20-64 use ubuntu-20.04-64
    - run-checks: SKIP_GMFMT really skips formatting checks
    - tests: enable more tests for UC20/UC18
    - tests: remove tmp dir for snap not-test-snapd-sh on security-
      private-tmp test
    - seed,cmd/snap-bootstrap: introduce seed.Snap.EssentialType,
      simplify bootstrap code
    - snapstate: do not restart in undoLinkSnap unless on first install
    - cmd/snap-bootstrap: subcommand to detect UC chooser trigger
    - cmd/snap-bootstrap/initramfs-mounts: mount the snapd snap in run-
      mode too
    - cmd/libsnap, tests: fix C unit tests failing as non-root
    - cmd/snap-bootstrap: verify kernel snap is in modeenv before
      mounting it
    - tests: adding amazon linux to google backend
    - cmd/snap-failure/snapd: rm snapd.socket, reset snapd.socket failed
      status
    - client: add support for "ResumeToken", "HeaderPeek" to download
    - build: enable type: snapd
    - tests: rm -rf /tmp/snap.* in restore
    - cmd/snap-confine: deny snap-confine to load nss libs
    - snapcraft.yaml: add comments, rename snapd part to snapd-deb
    - boot: write current_kernels in bootstate20, makebootable
    - packaging: work around review-tools and snap-confine
    - tests: skipping interfaces-openvswitch on centos due to package is
      not available
    - packaging,snap-confine: stop being setgid root
    - cmd/snap-confine: bring /var/lib/dhcp from host, if present
    - store: rely on CommandFromSystemSnap to find xdelta3
    - tests: bump sleep time of the new overlord tests
    - cmd/snap-preseed: snapd version check for the target
    - netlink: fix/support stopping goroutines reading netlink raw
      sockets
    - tests: reset PS1 before possibly interactive dash
    - overlord, state: don't abort changes if spawn time before
      StartOfOperationTime (2/2)
    - snapcraft.yaml: add python3-apt, tzdata as build-deps for the
      snapd snap
    - tests: ask tar to speak English
    - tests: using google storage when downloading ubuntu cloud images
      from gce
    - Coverity produces false positives for code like this:
    - many: maybe restart & security backend options
    - o/standby: add SNAPD_STANDBY_WAIT to control standby in
      development
    - snap: use the actual staging snap-id for snapd
    - cmd/snap-bootstrap: create a new parser instance
    - snapcraft.yaml: use build-base and adopt-info, rm builddeb
      plugin
    - tests: set StartLimitInterval in snapd failover test
    - tests: disable archlinux system
    - tests: add preseed test for classic
    - many, tests: integrate all preseed bits and add spread tests
    - daemon: support resuming downloads
    - tests: use Filename() instead of filepath.Base(sn.MountFile())
    - tests/core: add swapfiles test
    - interfaces/cpu-control: allow to control cpufreq tunables
    - interfaces: use commonInteface for desktopInterface
    - interfaces/{desktop-legacy,unity7}: adjust for new ibus socket
      location
    - snap/info: add Filename
    - bootloader: make uboot a RecoveryAwareBootloader
    - gadget: skip update when mounted filesystem content is identical
    - systemd: improve is-active check for 'failed' services
    - boot: add current_kernels to modeenv
    - o/devicestate: StartOfOperationTime helper for Prune (1/2)
    - tests: detect LXD launching i386 containers
    - tests: move main/ubuntu-core-* tests to core/ suite
    - tests: remove snapd in ubuntu-core-snapd
    - boot: enable base snap updates in bootstate20
    - tests: Fix core revert channel after 2.43 has been released to
      stable
    - data/selinux: unify tabs/spaces
    - o/ifacestate: move ResolveDisconnect to ifacestate
    - spread: move centos to stable systems
    - interfaces/opengl: allow datagrams to nvidia-driver
    - httputil: add NoNetwork(err) helper, spread test and use in serial
      acquire
    - store: detect if server does not support http range headers
    - test/lib/user: add helper lib for doing things for and as a user
    - overlord/snapstate, wrappers: undo of snapd on core
    - tests/main/interfaces-pulseaudio: use custom pulseaudio script,
      set kill timeout
    - store: add support for resume in DownloadStream
    - cmd/snap: implement 'snap remove-user'
    - overlord/devicestate: fix preseed unit tests on systems not using
      /snap
    - tests/main/static: ldd in glibc 2.31 logs to stderr now
    - run-checks, travis: allow skipping spread jobs by adding a label
    - tests: add new backend which includes images with tpm support
    - boot: use constants for boot status values
    - tests: add "core" suite for UC specific tests
    - tests/lib/prepare: use a local copy of uc20 initramfs skeleton
    - tests: retry mounting the udisk2 device due to timing issue
    - usersession/client: add a client library for the user session
      agent
    - o/devicestate: Handle preseed mode in the firstboot mode (core16
      only for now).
    - boot: add TryBase and BaseStatus to modeenv; use in snap-bootstrap
    - cmd/snap-confine: detect base transitions on core16
    - boot: don't use "kernel" from the modeenv anymore
    - interfaces: add uio interface
    - tests: repack the initramfs + kernel snap for UC20 spread tests
    - interfaces/greengrass-support: add /dev/null ->
      /proc/latency_stats mount
    - httputil: remove workaround for redirect handling in go1.7
    - httputil: remove go1.6 transport workaround
    - snap: add `snap pack --compression=<comp>` options
    - tests/lib/prepare: fix hardcoded loopback device names for UC
      images
    - timeutil: add a unit test case for trivial schedule
    - randutil,o/snapstate,-mkauthors.sh: follow ups to randutil
      introduction
    - dirs: variable with distros using alternate snap mount
    - many,randutil: centralize and streamline our random value
      generation
    - tests/lib/prepare-restore: Revert "Continue on errors updating or
      installing dependencies"
    - daemon: Allow clients to call /v2/logout via Polkit
    - dirs: manjaro-arm is like manjaro
    - data, packaging: Add sudoers snippet to allow snaps to be run with
      sudo
    - daemon, store: better expose single action errors
    - tests: switch mount-ns test to differential data set
    - snapstate: refactor things to add the re-refresh task last
    - daemon: drop support for the DELETE method
    - client: move to /v2/users; implement RemoveUser
    - boot: enable UC20 kernel extraction and bootState20 handling
    - interfaces/policy: enforce plug-names/slot-names constraints
    - asserts: parse plug-names/slot-names constraints
    - daemon: make users result more consistent
    - cmd/snap-confine,tests: support x.y.z nvidia version
    - dirs: fixlet for XdgRuntimeDirGlob
    - boot: add bootloader options to coreKernel
    - o/auth,daemon: do not remove unknown user
    - tests: tweak and enable tests on ubuntu 20.04
    - daemon: implement user removal
    - cmd/snap-confine: allow snap-confine to link to libpcre2
    - interfaces/builtin: Allow NotificationReplied signal on
      org.freedesktop.Notifications
    - overlord/auth: add RemoveUserByName
    - client: move user-related things to their own files
    - boot: tweak kernel cmdline helper docstring
    - osutil: implement deluser
    - gadget: skip update when raw structure content is unchanged
    - boot, cmd/snap, cmd/snap-bootstrap: move run mode and system label
      detection to boot
    - tests: fix revisions leaking from snapd-refresh test
    - daemon: refactor create-user to a user action & hide behind a flag
    - osutil/tests: check there are no leftover symlinks with
      AtomicSymlink
    - grub: support atomically renaming kernel symlinks
    - osutil: add helpers for creating symlinks and renaming in an
      atomic manner
    - tests: add marker tag for core 20 test failure
    - tests: fix gadget-update-pc test leaking snaps
    - tests: remove revision leaking from ubuntu-core-refresh
    - tests: remove revision leaking from remodel-kernel
    - tests: disable system-usernames test on core20
    - travis, tests, run-checks: skip nakedret
    - tests: run `uc20-snap-recovery-encrypt` test on 20.04-64 as well
    - tests: update mount-ns test tables
    - snap: disable auto-import in uc20 install-mode
    - tests: add a command-chain service test
    - tests: use test-snapd-upower instead of upower
    - data/selinux: workaround incorrect fonts cache labeling on RHEL7
    - spread.yaml: fix ubuntu 19.10 and 20.04 names
    - debian: check embedded keys for snap-{bootstrap,preseed} too
    - interfaces/apparmor: fix doc-comments, unnecessary code
    - o/ifacestate,o/devicestatate: merge gadget-connect logic into
      auto-connect
    - bootloader: add ExtractedRunKernelImageBootloader interface,
      implement in grub
    - tests: add spread test for hook permissions
    - cmd/snap-bootstrap: check device size before boostrapping and
      produce a meaningful error
    - cmd/snap: add ability to register "snap routine" commands
    - tests: add a test demonstrating that snaps can't access the
      session agent socket
    - api: don't return connections referring to non-existing
      plugs/slots
    - interfaces: refactor path() from raw-volume into utils with
      comments for old
    - gitignore: ignore snap files
    - tests: skip interfaces-network-manager on arm devices
    - o/devicestate: do not create perfTimings if not needed inside
      ensureSeed/Operational
    - tests: add ubuntu 20.04 to the tests execution and remove
      tumbleweed from unstable
    - usersession: add systemd user instance service control to user
      session agent
    - cmd/snap: print full channel in 'snap list', 'snap info'
    - tests: remove execution of ubuntu 19.04 from google backend
    - cmd/snap-boostrap: add mocking for fakeroot
    - tests/core18/snapd-failover: collect more debug info
    - many: run black formatter on all python files
    - overlord: increase settle timeout for slow machines
    - httputil: use shorter timeout in TestRetryRequestTimeoutHandling
    - store, o/snapstate: send default-tracks header, use
      RedirectChannel
    - overlord/standby: fix possible deadlock in standby test
    - cmd/snap-discard-ns: fix pattern for .info files
    - boot: add HasModeenv to Device
    - devicestate: do not allow remodel between core20 models
    - bootloader,snap: misc tweaks
    - store, overlord/snapstate, etc: SnapAction now returns a []…Result
    - snap-bootstrap: create encrypted partition
    - snap: remove "host" output from `snap version`
    - tests: use snap remove --purge flag in most of the spread tests
    - data/selinux, test/main/selinux-clean: update the test to cover
      more scenarios
    - many: drop NameAndRevision, use snap.PlaceInfo instead
    - boot: split MakeBootable tests into their own file
    - travis-ci: add go import path
    - boot: split MakeBootable implementations into their own file
    - tests: enable a lot of the tests of main on uc20
    - packaging, tests: stop services in prerm
    - tests: enable regression suite on core20
    - overlord/snapstate: improve snapd snap backend link unit tests
    - boot: implement SetNextBoot in terms of bootState.setNext
    - wrappers: write and undo snapd services on core
    - boot,o/devicestate: refactor MarkBootSuccessful over bootState
    - snap-bootstrap: mount the correct snapd snap to /run/mnt/snapd
    - snap-bootstrap: refactor partition creation
    - tests: use new snapd.spread-tests-run-mode-tweaks.service unit
    - tests: add core20 tests
    - boot,o/snapstate: SetNextBoot/LinkSnap return whether to reboot,
      use the information
    - tests/main/snap-sign: add test for non-stdin signing
    - snap-bootstrap: trigger udev after filesystem creation
    - boot,overlord: introduce internal abstraction bootState and use it
      for InUse/GetCurrentBoot
    - overlord/snapstate: tracks are now sticky
    - cmd: sign: add filename param
    - tests: remove "test-snapd-tools" in smoke/sandbox on restore
    - cmd/snap, daemon: stop over-normalising channels
    - tests: fix classic-ubuntu-core-transition-two-cores after refactor
      of MATCH -v
    - packaging: ship var/lib/snapd/desktop/applications in the pkg
    - spread: drop copr repo with F30 build dependencies
    - tests: use test-snapd-sh snap instead of test-snapd-tools - Part 3
    - tests: fix partition creation test
    - tests: unify/rename services-related spread tests to start with
      services- prefix
    - test: extract code that modifies "writable" for test prep
    - systemd: handle preseed mode
    - snap-bootstrap: read only stdout when parsing the sfdisk json
    - interfaces/browser-support: add more product/vendor paths
    - boot: write compat UC16 bootvars in makeBootable20RunMode
    - devicestate: avoid adding mockModel to deviceMgrInstallModeSuite
    - devicestate: request reboot after successful doSetupRunSystem()
    - snapd.core-fixup.sh: do not run on UC20 at all
    - tests: unmount automounted snap-bootstrap devices
    - devicestate: run boot.MakeBootable in doSetupRunSystem
    - boot: copy kernel/base to data partition in makeBootable20RunMode
    - tests: also check nested lxd container
    - run-checks: complain about MATCH -v
    - boot: always return the trivial boot participant in ephemeral mode
    - o/devicestate,o/snapstate: move the gadget.yaml checkdrive-by: use
      gadget.ReadInfoFromSnapFile in checkGadgetRemodelCompatible
    - snap-bootstrap: append new partitions
    - snap-bootstrap: mount filesystems after creation
    - snapstate: do not try to detect rollback in ephemeral modes
    - snap-bootstrap: trigger udev for new partitions
    - cmd/snap-bootstrap: xxx todos about kernel cross-checks
    - tests: avoid mask rsyslog service in case is not enabled on the
      system
    - tests: fix use of MATCH -v
    - cmd/snap-preseed: update help strings
    - cmd/snap-bootstrap: actually parse snapd_recovery_system label
    - bootstrap: reduce runmode mounts from 5 to 2 steps.
    - lkenv.go: adjust for new location of include file
    - snap: improve squashfs.ReadFile() error
    - systemd: fix uc20 shutdown
    - boot: write modeenv when creating the run mode
    - boot,image: add skeleton boot.makeBootable20RunMode
    - cmd/snap-preseed: add snap-preseed executable
    - overlord,boot: follow ups to #7889 and #7899
    - interfaces/wayland: Add access to Xwayland's shm files
    - o/hookstate/ctlcmd: fix command name in snapctl -h
    - daemon,snap: remove screenshot deprecation notice
    - overlord,o/snapstate: make sure we never leave config behind
    - many: pass consistently boot.Device state to boot methods
    - run-checks: check multiline string blocks in
      restore/prepare/execute sections of spread tests
    - intrefaces: login-session-control - added missing dbus commands
    - tests/main/parallel-install-remove-after: parallel installs should
      not break removal
    - overlord/snapstate: tweak assumes error hint
    - overlord: replace DeviceContext.OldModel with GroundContext
    - devicestate: use httputil.ShouldRetryError() in
      prepareSerialRequest
    - tests: replace "test-snapd-base-bare" with real "bare" base snap
    - many: pass a Model to the gadget info reading functions
    - snapstate: relax gadget constraints in ConfigDefaults Et al.
    - devicestate: only run ensureBootOk() in "run" mode
    - tests/many: quiet lxc launching, file pushing
    - tests: disable apt-hooks test until it can be properly fixed
    - tests: 16.04 and 18.04 now have mediating pulseaudio

snapd (2.43.3) xenial; urgency=medium

  * New upstream release, LP: #1856159
    - interfaces/opengl: allow datagrams to nvidia-driver
    - httputil: add NoNetwork(err) helper, spread test and use
      in serial acquire
    - interfaces: add uio interface
    - interfaces/greengrass-support: 'aws-iot-greengrass' snap fails to
      start due to apparmor deny on mounting of "/proc/latency_stats".
    - data, packaging: Add sudoers snippet to allow snaps to be run with
      sudo

snapd (2.43.2) xenial; urgency=medium

  * New upstream release, LP: #1856159
    - cmd/snap-confine: Revert #7421 (unmount /writable from snap view)
    - overlord/snapstate: fix for re-refresh bug
    - tests, run-checks, many: fix nakedret issues
    - data/selinux: workaround incorrect fonts cache labeling on RHEL7
    - tests: use test-snapd-upower instead of upower
    - overlord: increase overall settle timeout for slow arm boards

snapd (2.43.1) xenial; urgency=medium

  * New upstream release, LP: #1856159
    - devicestate: use httputil.ShouldRetryError() in prepareSerialRequest
    - overlord/standby: fix possible deadlock in standby test
    - cmd/snap-discard-ns: fix pattern for .info files
    - overlord,o/snapstate: make sure we never leave config behind
    - data/selinux: update policy to cover more cases
    - snap: remove "host" output from `snap version`

snapd (2.43) xenial; urgency=medium

  * New upstream release, LP: #1856159
    - snap: default to "--direct" in `snap known`
    - packaging: ship var/lib/snapd/desktop/applications in the
      pkg
    - tests: cherry-pick fixes for  snap-set-core-config/ubuntu-core-
      config-defaults-once
    - tests: use test-snapd-sh snap instead of test-snapd-tools
    - tests: rename "test-snapd-sh" in smoke test to test-snapd-sandbox
    - tests: fix partition creation test
    - packaging: fix incorrect changelog entry
    - Revert "tests: 16.04 and 18.04 now have mediating pulseaudio"
    - tests: 16.04 and 18.04 now have mediating pulseaudio
    - interfaces: include hooks in plug/slot apparmor label
    - interfaces: add raw-volume interface for access to partitions
    - image: set recovery system label when creating the image
    - cmd/snapd-generator: fix unit name for non /snap mount locations
    - boot,bootloader: setup the snap recovery system bootenv
    - seed: support ModeSnaps(mode) for mode != "run"
    - seed: fix seed location of local but asserted snaps
    - doc: HACKING.md change autopkgtest-trusty-amd64.img name
    - interfaces/seccomp: parallelize seccomp backend setup
    - cmd/snap-bootstrap: mount ubuntu-data tmpfs, in one go with kernel
      & base
    - interfaces: add audio-playback/record and pulseaudio spread tests
    - apparmor: allow 'r'
      /sys/kernel/mm/transparent_hugepage/hpage_pmd_size
    - cmd/snap-mgmt, packaging/postrm: stop and remove socket units when
      purging
    - tests: use test-snapd-sh snap instead of test-snapd-tools
    - snap-confine: raise egid before calling setup_private_mount()
    - tests: fix fwupd version regular expression
    - snap-bootstrap: parse seed if either kernel or base are not
      mounted
    - tests: check for SELinux denials in interfaces-kvm spread test
    - tests: run snap-set-core-config on all core devices
    - selinux: update policy to allow modifications related to kmod
      backend
    - o/hookstate/ctlcmd: snapctl is-connected command
    - devicestate: add missing test for failing task setup-run-system
    - gadget: add missing test for duplicate detection of roles
    - tests/cmd/snapctl: unset SNAP_CONTEXT for the suite
    - snap/pack, cmd_pack: 'snap pack --check-skeleton' checks
      interfaces
    - gitignore: ignore visual studio code directory
    - snap-bootstrap: implement "run" mode in snap-bootstrap initramfs-
      mounts
    - interfaces/apparmor: handle pre-seeding mode
    - devicestate: implement creating partitions in "install" mode
    - seed: support extra snaps on top of Core 20 dangerous models
    - tests: cache snaps also for ubuntu core and add new snaps to cache
    - snap-bootstrap: support auto-detect device in create-partitions
    - tests: fix partitioning test debug message
    - tests: prevent partitioning test errors
    - cmd/snap-bootstrap: stub out snap.SanitizePlugsSlots for real
    - gadget: extract and export new DiskFromPartition() helper
    - snap-bootstrap: force partition table operations
    - HACKING.md: add nvidia options to configure example
    - tests: move the watchdog timeout to 2s to make the tests work in
      rpi
    - tests: demand silence from check_journalctl_log
    - tests: fix the channels checks done on nested tests
    - tests: reduce the complexity of the test-snapd-sh snap
    - snap/squashfs, osutil: verify files/dirs can be accessed by
      mksquashfs when building a snap
    - boot: add boot.Modeenv.Kernel support
    - devicestate: ensure system installation
    - tests: apply change on permissions to serial port on hotplug test
    - cmd/snap-update-ns: adjust debugging output for usability
    - devicestate: add reading of modeenv to uc20 firstboot code
    - tests/lib/prepare: drop workarounds for rpmbuild rewriting /bin/sh
    - cmd/snap-bootstrap: write /var/lib/snapd/modeenv to the right
      place
    - boot: add boot.Modeenv.Base support
    - overlord/snapstate: install task edges
    - cmd/snap-bootstrap: some small naming and code org tweaks
    - snap-bootstrap: remove SNAPPY_TESTING check, we use it for real
      now
    - interfaces: remove leftover reservedForOS
    - snap-bootstrap: write /run/mnt/ubuntu-data/var/lib/snapd/modeenv
    - osutil/mount: optimize flagOptSearch some more
    - devicestate: read modeenv early and store in devicestate
    - interfaces: add login-session-observe for who, {fail,last}log and
      loginctl
    - tests: add Ubuntu Eoan to google-sru backend
    - osutil/mount: de-duplicate code to use a list
    - interfaces: remove reservedForOS from commonInterface
    - interfaces/browser-support: allow reading status of huge pages
    - interfaces: update system-backup tests to not check for sanitize
      errors related to os
    - interfaces: add system-backup interface
    - osutil/mount: add {Unm,M}outFlagsToOpts helpers
    - snap-bootstrap: make cmdline parsing robust
    - overlord/patch: normalize tracking channel in state
    - boot: add boot.Modeenv that can read/write the UC20 modeenv files
    - bootloader: add new bootloader.InstallBootConfig()
    - many: share single implementation to list needed default-providers
    - snap-bootstrap: implement "snap-bootstrap initramfs-mounts"
    - seccomp: allow chown 'snap_daemon:root' and 'root:snap_daemon'
    - osutil: handle "rw" mount flag in ParseMountEntry
    - overlord/ifacestate: report bad plug/slots with warnings on snap
      install
    - po: sync translations from launchpad
    - tests: cleanup most test snaps icons, they were anyway in the
      wrong place
    - seed: fix confusing pre snapd dates in tests
    - many: make ValidateBasesAndProviders signature simpler/canonical
    - snap-bootstrap: set expected filesystem labels
    - testutil, many: make MockCommand() create prefix of absolute paths
    - tests: improve TestDoPrereqRetryWhenBaseInFlight to fix occasional
      flakiness.
    - seed: proper support for optional snaps for Core 20 models
    - many: test various kinds of overriding for the snapd snap in Core
      20
    - cmd/snap-failure: passthrough snapd logs, add informational
      logging
    - cmd/snap-failure: fallback to snapd from core, extend tests
    - configcore: fix missing error propagation
    - devicestate: rename ensureSeedYaml -> ensureSeeded
    - tests: adding fedora 31
    - tests: restart the snapd service in the snapd-failover test
    - seed: Core 20 seeds channel overrides support for grade dangerous
    - cmd: fix the get command help message
    - tests: enable degraded test on arch linux after latest image
      updates
    - overlord/snapstate: don't re-enable and start disabled services on
      refresh, etc.
    - seed: support in Core 20 seeds local unasserted snaps for model
      snaps
    - snap-bootstrap: add go-flags cmdline parsing and tests
    - gadget: skip fakeroot if not needed
    - overlord/state: panic in MarkEdge() if task is nil
    - spread: fix typo in spread suite
    - overlord: mock device serial in gadget remodel unit tests
    - tests: fix spread shellcheck and degraded tests to unbreak master
    - spread, tests: openSUSE Tumbleweed to unstable systems, update
      system-usernames on Amazon Linux 2
    - snap: extract printInstallHint in cmd_download.go
    - cmd: fix a pair of typos
    - release: preseed mode flag
    - cmd/snap-confine: tracking processes with classic confinement
    - overlord/ifacestate: remove automatic connections if plug/slot
      missing
    - o/ifacestate,interfaces,interfaces/policy: slots-per-plug: *
    - tests/lib/state: snapshot and restore /var/snap during the tests
    - overlord: add base->base remodel undo tests and fixes
    - seed: test and improve Core 20 seed handling errors
    - asserts: add "snapd" type to valid types in the model assertion
    - snap-bootstrap: check gadget versus disk partitions
    - devicestate: add support for gadget->gadget remodel
    - snap/snapenv: preserve XDG_RUNTIME_DIR for classic confinement
    - daemon: parse and reject invalid channels in snap ops
    - overlord: add kernel remodel undo tests and fix undo
    - cmd/snap: support (but warn) using deprecated multi-slash channel
    - overlord: refactor mgrsSuite and extract kernelSuite
    - tests/docker-smoke: add minimal docker smoke test
    - interfaces: extend the fwupd slot to be implicit on classic
    - cmd/snap: make 'snap list' shorten latest/$RISK to $RISK
    - tests: fix for journalctl which is failing to restart
    - cmd/snap,image: initial support for Core 20 in prepare-image with
      test
    - cmd/snap-confine: add support for parallel instances of classic
      snaps, global mount ns initialization
    - overlord: add kernel rollback across reboots manager test and
      fixes
    - o/devicestate: the basics of Core 20 firstboot support with test
    - asserts: support and parsing for slots-per-plug/plugs-per-slotSee
      https://forum.snapcraft.io/t/plug-slot-declaration-rules-greedy-
      plugs/12438
    - parts/plugins: don't xz-compress a deb we're going to discard
    - cmd/snap: make completion skip hidden commands (unless overridden)
    - many: load/consume Core 20 seeds (aka recovery systems)
    - tests: add netplan test on ubuntu core
    - seed/internal: doc comment fix and drop handled TODOs
    - o/ifacestate: unify code into
      autoConnectChecker.addAutoConnectionsneed to change to support
      slots-per-plugs: *
    - many: changes to testing in preparation of Core 20 seed consuming
      code
    - snapstate,devicestate: make OldModel() available in DeviceContext
    - tests: opensuse tumbleweed has similar issue than arch linux with
      snap --strace
    - client,daemon: pass sha3-384 in /v2/download to the client
    - builtin/browser_support.go: allow monitoring process memory
      utilization (used by chromium)
    - overlord/ifacestate: use SetupMany in setupSecurityByBackend
    - tests: add 14.04 canonical-livepatch test
    - snap: make `snap known --remote` use snapd if available
    - seed: share auxInfo20 and makeSystemSnap via internal
    - spread: disable secondary compression for deltas
    - interfaces/content: workaround for renamed target
    - tests/lib/gendevmodel: helper tool for generating developer model
      assertions
    - tests: tweak wording in mount-ns test
    - tests: don't depend on GNU time
    - o/snapstate, etc: SnapState.Channel -> TrackingChannel, and a
      setter
    - seed/seedwriter: support writing Core 20 seeds (aka recovery
      systems)
    - snap-recovery: rename to "snap-bootstrap"
    - managers: add remodel undo test for new required snaps case
    - client: add xerrors and wrap errors coming from "client"
    - tests: verify host is not affected by mount-ns tests
    - tests: configure the journald service for core systems
    - cmd/snap, store: include snapcraft.io page URL in snap info output
    - cmd/cmdutil: version helper
    - spread: enable bboozzoo/snapd-devel-deps COPR repo for getting
      golang-x-xerrors
    - interfaces: simplify AddUpdateNS and emit
    - interfaces/policy: expand cstrs/cstrs1 to
      altConstraints/constraints
    - overlord/devicestate: check snap handler for gadget remodel
      compatibility
    - snap-recovery: deploy gadget content when creating partitions
    - gadget: skip structures with MBR role during remodel
    - tests: do not use lsblk in uc20-snap-recovery test
    - overlord/snapstate: add LastActiveDisabledServices,
      missingDisabledServices
    - overlord/devicestate: refactor and split into per-functionality
      files, drop dead code
    - tests: update mount-ns after addition of /etc/systemd/user
    - interfaces/pulseaudio: adjust to manually connect by default
    - interfaces/u2f-devices: add OnlyKey to devices list
    - interfaces: emit update-ns snippets to function
    - interfaces/net-setup-{observe,control}: add Info D-Bus method
      accesses
    - tests: moving ubuntu-19.10-64 from google-unstable to google
      backend
    - gadget: rename existing and add new helpers for checking
      filesystem/partition presence
    - gadget, overlord/devicestate: add support for customized update
      policy, add remodel policy
    - snap-recovery: create filesystems as defined in the gadget
    - tests: ignore directories for go modules
    - policy: implement CanRemove policy for the snapd type
    - overlord/snapstate: skip catalog refresh if unseeded
    - strutil: add OrderedSet
    - snap-recovery: add minimal binary so that we can use spread on it
    - gadget, snap/pack: perform extended validation of gadget metadata
      and contents
    - timeutil: fix schedules with ambiguous nth weekday spans
    - interfaces/many: allow k8s/systemd-run to mount volume subPaths
      plus cleanups
    - client: add KnownOptions to Know() and support remote assertions
    - tests: check the apparmor_parser when the file exists on snap-
      confine test
    - gadget: helper for volume compatibility checks
    - tests: update snap logs to match for multiple lines for "running"
    - overlord: add checks for bootvars in
      TestRemodelSwitchToDifferentKernel
    - snap-install: add ext4,vfat creation support
    - snap-recovery: remove "usedPartitions" from sfdisk.Create()
    - image,seed: hide Seed16/Snap16, use seed.Open in image_test.go
    - cmd/snap: Sort tasks in snap debug timings output by lanes and
      ready-time.
    - snap-confine.apparmor.in: harden pivot_root until we have full
      mediation
    - gadget: refactor ensureVolumeConsistency
    - gadget: add a public helper for parsing gadget metadata
    - many: address issues related to explicit/implicit channels for
      image building
    - overlord/many: switch order of check snap parameters
    - cmd/snap-confine: remove leftover condition from capability world
    - overlord: set fake serial in TestRemodelSwitchToDifferentKernel
    - overlord/many: extend check snap callback to take snap container
    - recovery-tool: add sfdisk wrapper
    - tests: launch the lxd images following the pattern
      ubuntu:${VERSION_ID}
    - sandbox/cgroup: move freeze/thaw code
    - gadget: accept system-seed role and ubuntu-data label
    - test/lib/names.sh: make backslash escaping explicit
    - spread: generate delta when using google backend
    - cmd/snap-confine: remove loads of dead code
    - boot,dirs,image: various refinements in the prepare-image code
      switched to seedwriter
    - spread: include mounts list in task debug output
    - .gitignore: pair of trivial changes
    - image,seed/seedwriter: switch image to use seedwriter.Writer
    - asserts: introduce explicit support for grade for Core 20 models
    - usersession: drive by fixes for things flagged by unused or
      gosimple
    - spread.yaml: exclude vendor dir
    - sandbox/cgroup, overlord/snapstate: move helper for listing pids
      in group to the cgroup package
    - sandbox/cgroup: refactor process cgroup helper to support v2 and
      named hierarchies
    - snap-repair: error if run as non-root
    - snap: when running `snap repair` without arguments, show hint
    - interfaces: add cgroup-version to system-key
    - snap-repair: add missing check in TestRepairBasicRun
    - tests: use `snap model` instead of `snap known model` in tests
    - daemon: make /v2/download take snapRevisionOptions
    - snap-repair: add additional comment about trust in runner.Verify()
    - client: add support to use the new "download" API
    - interfaces: bump system-key version (and keep on bumping)
    - interfaces/mount: account for cgroup version when reporting
      supported features
    - tests: change regex to validate access to cdn during snap
      download
    - daemon: change /v2/download API to take "snap-name" as input
    - release: make forced dev mode look at cgroupv2 support
    - seed/seedwriter: support for extra snaps
    - wrappers/services.go: add disabled svc list arg to AddSnapServices
    - overlord/snapstate: add SetTaskSnapSetup helper + unit tests
    - cmd/libsnap: use cgroup.procs instead of tasks
    - tests: fix snapd-failover test for core18 tests on boards
    - overlord/snapstate/policy, etc: introduce policy, move canRemove
      to it
    - seed/seedwriter: cleanups and small left over todos* drive-by: use
      testutil.FilePresent consistently
    - cmd/snap: update 'snap find' help because it's no longer narrow
    - seed/seedwriter,snap/naming: support classic models
    - cmd/snap-confine: unmount /writable from snap view
    - spread.yaml: exclude automake cacheThe error message is looks like
      this:dpkg-source: info: local changes detected, the modified files
      are:
    - interfaces/openvswitch: allow access to other openvswitch sockets
    - cmd/model: don't show model with display-name inline w/ opts
    - daemon: add a 'prune' debug action
    - client: add doTimeout to http.Client{Timeout}
    - interfaces/seccomp: query apparmor sandbox helper rather than
      aggregate info
    - sandbox/cgroup: avoid dependency on dirs
    - seed/seedwriter,snap: support local snaps
    - overlord/snapstate: fix undo on firstboot seeding.
    - usersession: track connections to session agent for exit on idle
      and peer credential checks
    - tests: fix ubuntu-core-device-reg test for arm devices on core18
    - sandbox/seccomp: move the remaining sandbox bits to a
      corresponding sandbox package
    - osutil: generalize SyncDir with FileState interface
    - daemon, client, cmd/snap: include architecture in 'snap version'
    - daemon: allow /v2/assertions/{assertType} to query store
    - gadget: do not fail the update when old gadget snap is missing
      bare content
    - sandbox/selinux: move SELinux related bits from 'release' to
      'sandbox/selinux'
    - tests: add unit test for gadget defaults with a multiline string
    - overlord/snapstate: have more context in the errors about
      prerequisites
    - httputil: set user agent for CONNECT
    - seed/seedwriter: resolve channels using channel.Resolve* for snaps
    - run-checks: allow overriding gofmt binary, show gofmt diff
    - asserts,seed/seedwriter: follow snap type sorting in the model
      assertion snap listings
    - daemon: return "snapname_rev.snap" style when using /v2/download
    - tests: when the backend is external skip the loop waiting for snap
      version
    - many: move AppArmor probing code under sandbox/apparmor
    - cmd: add `snap debug boot-vars` that dumps the current bootvars
    - tests: skip the ubuntu-core-upgrade on arm devices on core18
    - seed/seedwriter: implement WriteMeta and tree16 corresponding code
    - interfaces/docker-support,kubernetes-support: misc updates for
      strict k8s
    - tests: restart the journald service while preparing the test
    - tests/cmd/debug_state: make the test output TZ independent
    - interfaces/kubernetes-support: allow use of /run/flannel
    - seed/seedwriter: start of Writer and internal policy16/tree16
    - sandbox/cgroup, usersession/userd: move cgroup related helper to a
      dedicated package
    - tests: move "centos-7" to unstable systems
    - snapstate: add missing tests for checkGadgetOrKernel
    - docs: Update README.md
    - snapcraft: set license to GPL-3.0
    - interfaces/wayland: allow a confined server running in a user
      session to work with Qt, GTK3 & SDL2 clients
    - selinux: move the package under sandbox/selinux
    - interfaces/udev: account for cgroup version when reporting
      supported features
    - store, ..., client: add a "website" field
    - sanity: sanity check cgroup probing
    - snapstate: increase settleTimeout in
      TestRemodelSwitchToDifferentKernel
    - packaging: remove obsolete usr.lib.snapd.snap-confine in postinst
    - data/selinux: allow snapd/snap to do statfs() on the cgroup
      mountpoint
    - usersession/userd: make sure to export DBus interfaces before
      requesting a name
    - data/selinux: allow snapd to issue sigkill to journalctl
    - docs: Add Code of Conduct
    - store: download propagates options to delta download
    - tests/main/listing: account for dots in ~pre suffix

snapd (2.42.5) xenial; urgency=medium

  * New upstream release, LP: #1853244
    - snap-confine: revert, with comment, explicit unix deny for nested
      lxd
    - Disable mount-ns test on 16.04. It is too flaky currently.

snapd (2.42.4) xenial; urgency=medium

  * New upstream release, LP: #1853244
    - overlord/snapstate: make sure configuration defaults are applied
      only once

snapd (2.42.3) xenial; urgency=medium

  * New upstream release, LP: #1853244
    - overlord/snapstate: pick up system defaults when seeding the snapd
      snap
    - cmd/snap-update-ns: fix overlapping, nested writable mimic
      handling
    - interfaces: misc updates for u2f-devices, browser-support,
      hardware-observe, et al
    - tests: reset failing "fwupd-refresh.service" if needed
    - tests/main/gadget-update-pc: use a program to modify gadget yaml
    - snap-confine: suppress noisy classic snap file_inherit denials

snapd (2.42.2) xenial; urgency=medium

  * New upstream release, LP: #1853244
    - interfaces/lxd-support: Fix on core18
    - tests/main/system-usernames: Amazon Linux 2 comes with libseccomp
      2.4.1 now
    - snap-seccomp: add missing clock_getres_time64
    - cmd/snap-seccomp/syscalls: update the list of known
      syscalls
    - sandbox/seccomp: accept build ID generated by Go toolchain
    - interfaces: allow access to ovs bridge sockets

snapd (2.42.1) xenial; urgency=medium

  * New upstream release, LP: #1846181
    - interfaces: de-duplicate emitted update-ns profiles
    - packaging: tweak handling of usr.lib.snapd.snap-confine
    - interfaces: allow introspecting network-manager on core
    - tests/main/interfaces-contacts-service: disable on openSUSE
      Tumbleweed
    - tests/lib/lxd-snapfuse: restore mount changes introduced by LXD
    - snap: fix default-provider in seed validation
    - tests: update system-usernames test now that opensuse-15.1 works
    - overlord: set fake sertial in TestRemodelSwitchToDifferentKernel
    - gadget: rename "boot{select,img}" -> system-boot-{select,image}
    - tests: listing test, make accepted snapd/core versions consistent

snapd (2.42) xenial; urgency=medium

  * New upstream release, LP: #1846181
    - tests: disable {contacts,calendar}-service tests on debian-sid
    - tests/main/snap-run: disable strace test cases on Arch
    - cmd/system-shutdown: include correct prototype for die
    - snap/naming: add test for hook name connect-plug-i2c
    - cmd/snap-confine: allow digits in hook names
    - gadget: do not fail the update when old gadget snap is missing
      bare content
    - tests: disable {contacts,calendar}-service tests on Arch Linux
    - tests: move "centos-7" to unstable systems
    - interfaces/docker-support,kubernetes-support: misc updates for
      strict k8s
    - packaging: remove obsolete usr.lib.snapd.snap-confine in
      postinst
    - tests: add test that ensures our snapfuse binary actually works
    - packaging: use snapfuse_ll to speed up snapfuse performance
    - usersession/userd: make sure to export DBus interfaces before
      requesting a name
    - data/selinux: allow snapd to issue sigkill to journalctl
    - store: download propagates options to delta download
    - wrappers: allow snaps to install icon theme icons
    - debug: state-inspect debugging utility
    - sandbox/cgroup: introduce cgroup wrappers package
    - snap-confine: fix return value checks for udev functions
    - cmd/model: output tweaks, add'l tests
    - wrappers/services: add ServicesEnableState + unit tests
    - tests: fix newline and wrong test name pointed out in previous PRs
    - tests: extend mount-ns test to handle mimics
    - run-checks, tests/main/go: allow gofmt checks to be skipped on
      19.10
    - tests/main/interfaces-{calendar,contacts}-service: disable on
      19.10
    - tests: part3 making tests work on ubuntu-core-18
    - tests: fix interfaces-timeserver-control on 19.10
    - overlord/snapstate: config revision code cleanup and extra tests
    - devicestate: allow remodel to different kernels
    - overlord,daemon: adjust startup timeout via EXTEND_TIMEOUT_USEC
      using an estimate
    - tests/main/many: increase kill-timeout to 5m
    - interfaces/kubernetes-support: allow systemd-run to ptrace read
      unconfined
    - snapstate: auto transition on experimental.snapd-snap=true
    - tests: retry checking until the written file on desktop-portal-
      filechooser
    - tests: unit test for a refresh failing on configure hook
    - tests: remove mount_id and parent_id from mount-ns test data
    - tests: move classic-ubuntu-core-transition* to nightly
    - tests/mountinfo-tool: proper formatting of opt_fields
    - overlord/configstate: special-case "null" in transaction Changes()
    - snap-confine: fallback gracefully on a cgroup v2 only system
    - tests: debian sid now ships new seccomp, adjust tests
    - tests: explicitly restore after using LXD
    - snapstate: make progress reporting less granular
    - bootloader: little kernel support
    - fixme: rename ubuntu*architectures to dpkg*architectures
    - tests: run dbus-launch inside a systemd unit
    - channel: introduce Resolve and ResolveLocked
    - tests: run failing tests on ubuntu eoan due to is now set as
      unstable
    - systemd: detach rather than unmount .mount units
    - cmd/snap-confine: add unit tests for sc_invocation, cleanup memory
      leaks in tests
    - boot,dirs,image: introduce boot.MakeBootable, use it in image
      instead of ad hoc code
    - cmd/snap-update-ns: clarify sharing comment
    - tests/overlord/snapstate: refactor for cleaner test failures
    - cmd/snap-update-ns: don't propagate detaching changes
    - interfaces: allow reading mutter Xauthority file
    - cmd/snap-confine: fix /snap duplication in legacy mode
    - tests: fix mountinfo-tool filtering when used with rewriting
    - seed,image,o/devicestate: extract seed loading to seed/seed16.go
    - many: pass the rootdir and options to bootloader.Find
    - tests: part5 making tests work on ubuntu-core-18
    - cmd/snap-confine: keep track of snap instance name and the snap
      name
    - cmd: unify die() across C programs
    - tests: add functions to make an abstraction for the snaps
    - packaging/fedora, tests/lib/prepare-restore: helper tool for
      packing sources for RPM
    - cmd/snap: improve help and error msg for snapshot commands
    - hookstate/ctlcmd: fix snapctl set help message
    - cmd/snap: don't append / to snap name just because a dir exists
    - tests: support fastly-global.cdn.snapcraft.io url on proxy-no-core
      test
    - tests: add --quiet switch to retry-tool
    - tests: add unstable stage for travis execution
    - tests: disable interfaces-timeserver-control on 19.10
    - tests: don't guess in is_classic_confinement_supported
    - boot, etc: simplify BootParticipant (etc) usage
    - tests: verify retry-tool not retrying missing commands
    - tests: rewrite "retry" command as retry-tool
    - tests: move debug section after restore
    - cmd/libsnap-confine-private, cmd/s-c: use constants for
      snap/instance name lengths
    - tests: measure behavior of the device cgroup
    - boot, bootloader, o/devicestate: boot env manip goes in boot
    - tests: enabling ubuntu 19.10-64 on spread.yaml
    - tests: fix ephemeral mount table in left over by prepare
    - tests: add version-tool for comparing versions
    - cmd/libsnap: make feature flag enum 1<<N style
    - many: refactor boot/boottest and move to bootloader/bootloadertest
    - tests/cross/go-build: use go list rather than shell trickery
    - HACKING.md: clarify where "make fmt" is needed
    - osutil: make flock test more robust
    - features, overlord: make parallel-installs exported, export flags
      on startup
    - overlord/devicestate:  support the device service returning a
      stream of assertions
    - many: add snap model command, add /v2/model, /v2/model/serial REST
      APIs
    - debian: set GOCACHE dir during build to fix FTBFS on eoan
    - boot, etc.: refactor boot to have a lookup with different imps
    - many: add the start of Core 20 extensions support to the model
      assertion
    - overlord/snapstate: revert track-risk behavior change and
      validation on install
    - cmd/snap,image,seed:  move image.ValidateSeed to
      seed.ValidateFromYaml
    - image,o/devicestate,seed: oops, make sure to clear seedtest
      helpers
    - tests/main/snap-info: update check.py for test-snapd-tools 2.0
    - tests: moving tests to nightly suite
    - overlord/devicestate,seed:  small step, introduce
      seed.LoadAssertions and use it from firstboot
    - snapstate: add comment to checkVersion vs strutil.VersionCompare
    - tests: add unit tests for cmd_whoami
    - tests: add debug section to interfaces-contacts-service
    - many: introduce package seed and seedtest
    - interfaces/bluez: enable communication between bluetoothd and
      meshd via dbus
    - cmd/snap: fix snap switch message
    - overlord/snapstate: check channel names on install
    - tests: check snap_daemon user and group on system-usernames-
      illegal test are not created
    - cmd/snap-confine: fix group and permission of .info files
    - gadget: do not error on gadget refreshes with multiple volumes
    - snap: use deterministic paths to find the built deb
    - tests: just build snapd commands on go-build test
    - tests: re-enable mount-ns test on classic
    - tests: rename fuse_support to fuse-support
    - tests: move restore-project-each code to existing function
    - tests: simplify interfaces-account-control test
    - i18n, vendor, packaging: drop github.com/ojii/gettext.go, use
      github.com/snapcore/go-gettext
    - tests: always say 'restore: |'
    - tests: new test to check the output after refreshing/reverting
      core
    - snapstate: validate all system-usernames before creating them
    - tests: fix system version check on listing test for external
      backend
    - tests: add check for snap_daemon user/group
    - tests: don't look for lxcfs in mountinfo
    - tests: adding support for arm devices on ubuntu-core-device-reg
      test
    - snap: explicitly forbid trying to parallel install from seed
    - tests: remove trailing spaces from shell scripts
    - tests: remove locally installed revisions of core
    - tests: fix removal of snaps on ubuntu-core
    - interfaces: support Tegra display drivers
    - tests: move interfaces-contacts-service to /tmp
    - interfaces/network-manager: allow using
      org.freedesktop.DBus.ObjectManager
    - tests: restore dpkg selections after upgrade-from-2.15 test
    - tests: pass --remove to userdel on core
    - snap/naming: simplify SnapSet somewhat
    - devicestate/firstboot: check for missing bases early
    - httputil: rework protocol error detection
    - tests: unmount fuse connections only if not initially mounted
    - snap: prevent duplicated snap name and snap files when parsing
      seed.yaml
    - tests: re-implement user tool in python
    - image: improve/tweak some warning/error messages
    - cmd/libsnap-confine-private: add checks for parallel instances
      feature flag
    - tests: wait_for_service shows status after actual first minute
    - sanity: report proper errror when fuse is needed but not available
    - snap/naming: introduce SnapRef, Snap, and SnapSet
    - image: support prepare-image --classic for snapd snap only
      imagesConsequently:
    - tests/main/mount-ns: account for clone_children in cpuset cgroup
      on 18.04
    - many:  merging asserts.Batch Precheck with CommitTo and other
      clarifications
    - devicestate: add missing test for remodeling possibly removing
      required flag
    - tests: use user-tool to remove test user in the non-home test
    - overlord/configstate: sort patch keys to have deterministic order
      with snap set
    - many: generalize assertstate.Batch to asserts.Batch, have
      assertstate.AddBatch
    - gadget, overlord/devicestate: rename Position/Layout
    - store, image, cmd: make 'snap download' leave partials
    - httputil: improve http2 PROTOCOL_ERROR detection
    - tests: add new "user-tool" helper and use in system-user tests
    - tests: clean up after NFS tests
    - ifacestate: optimize auto-connect by setting profiles once after
      all connects
    - hookstate/ctlcmd: snapctl unset command
    - tests: allow test user XDG_RUNTIME_DIR to phase out
    - tests: cleanup "snap_daemon" user in system-usernames-install-
      twice
    - cmd/snap-mgmt: set +x on startup
    - interfaces/wayland,x11: allow reading an Xwayland Xauth file
    - many: move channel parsing to snap/channel
    - check-pr-title.py: allow {} in pr prefix
    - tests: spam test logs less while waiting for systemd unit to stop
    - tests: remove redundant activation check for snapd.socket
      snapd.service
    - tests: trivial snapctl test cleanup
    - tests: ubuntu 18.10 removed from the google-sru backend on the
      spread.yaml
    - tests: add new cases into arch_test
    - tests: clean user and group for test system-usernames-install-
      twice
    - interfaces: k8s worker node updates
    - asserts: move Model to its own model.go
    - tests: unmount binfmt_misc on cleanup
    - tests: restore nsdelegate clobbered by LXD
    - cmd/snap: fix snap unset help string
    - tests: unmount fusectl after testing
    - cmd/snap: fix remote snap info for parallel installed snaps

snapd (2.41) xenial; urgency=medium

  * New upstream release, LP: #1840740
    - overlord/snapstate: revert track-risk behavior
    - tests: fix snap info test
    - httputil: rework protocol error detection
    - gadget: do not error on gadget refreshes with multiple volumes
    - i18n, vendor, packaging: drop github.com/ojii/gettext.go, use
      github.com/snapcore/go-gettext
    - snapstate: validate all system-usernames before creating them
    - mkversion.sh: fix version from git checkouts
    - interfaces/network-{control,manager}: allow 'k' on
      /run/resolvconf/**
    - interfaces/wayland,x11: allow reading an Xwayland Xauth file
    - interfaces: k8s worker node updates
    - debian: re-enable systemd environment generator
    - many: create system-usernames user/group if both don't exist
    - packaging: fix symlink for snapd.session-agent.socket
    - tests: change cgroups so that LXD doesn't have to
    - interfaces/network-setup-control: allow dbus netplan apply
      messages
    - tests: add /var/cache/snapd to the snapd state to prevent error on
      the store
    - tests: add test for services disabled during refresh hook
    - many: simpler access to snap-seccomp version-info
    - snap: cleanup some tests, clarify some errorsThis is a follow up
      from work on system usernames:
    - osutil: add osutil.Find{Uid,Gid}
    - tests: use a different archive based on the spread backend on go-
      build test
    - cmd/snap-update-ns: fix pair of bugs affecting refresh of snap
      with layouts
    - overlord/devicestate: detect clashing concurrent (ongoing, just
      finished) remodels or changes
    - interfaces/docker-support: declare controls-device-cgroup
    - packaging: fix removal of old apparmor profile
    - store: use track/risk for "channel" name when parsing store
      details
    - many: allow 'system-usernames' with libseccomp > 2.4 and golang-
      seccomp > 0.9.0
    - overlord/devicestate, tests: use gadget.Update() proper, spread
      test
    - overlord/configstate/configcore: allow setting start_x=1 to enable
      CSI camera on RPi
    - interfaces: remove BeforePrepareSlot from commonInterface
    - many: support system-usernames for 'snap_daemon' user
    - overlord/devicestate,o/snapstate: queue service commands before
      mark-seeded and other final tasks
    - interfaces/mount: discard mount ns on backend Remove
    - packaging/fedora: build on RHEL8
    - overlord/devicestate: support seeding a classic system with the
      snapd snap and no core
    - interfaces: fix test failure in gpio_control_test
    - interfaces, policy: remove sanitize helpers and use minimal policy
      check
    - packaging: use %systemd_user_* macros to enable session agent
      socket according to presets
    - snapstate, store: handle 429s on catalog refresh a little bit
      better
    - tests: part4 making tests work on ubuntu-core-18
    - many: drop snap.ReadGadgetInfo wrapper
    - xdgopenproxy: update test API to match upstream
    - tests: show why sbuild failed
    - data/selinux: allow mandb_t to search /var/lib/snapd
    - tests: be less verbose when checking service status
    - tests: set sbuild test as manual
    - overlord: DeviceCtx must find the remodel context for a remodel
      change
    - tests: use snap info --verbose to check for base
    - sanity: unmount squashfs with --lazy
    - overlord/snapstate: keep current track if only risk is specified
    - interfaces/firewall-control: support nft routing expressions and
      device groups
    - gadget: support for writing symlinks
    - tests: mountinfo-tool fail if there are no matches
    - tests: sync journal log before start the test
    - cmd/snap, data/completion: improve completion for 'snap debug'
    - httputil: retry for http2 PROTOCOL_ERROR
    - Errata commit: pulseaudio still auto-connects on classic
    - interfaces/misc: updates for k8s 1.15 (and greengrass test)
    - tests: set GOTRACEBACK=1 when running tests
    - cmd/libsnap: don't leak memory in sc_die_on_error
    - tests: improve how the system is restored when the upgrade-
      from-2.15 test fails
    - interfaces/bluetooth-control: add udev rules for BT_chrdev devices
    - interfaces: add audio-playback/audio-record and make pulseaudio
      manually connect
    - tests: split the sbuild test in 2 depending on the type of build
    - interfaces: add an interface granting access to AppStream metadata
    - gadget: ensure filesystem labels are unique
    - usersession/agent: use background context when stopping the agent
    - HACKING.md: update spread section, other updates
    - data/selinux: allow snap-confine to read entries on nsfs
    - tests: respect SPREAD_DEBUG_EACH on the main suite
    - packaging/debian-sid: set GOCACHE to a known writable location
    - interfaces: add gpio-control interface
    - cmd/snap: use showDone helper with 'snap switch'
    - gadget: effective structure role fallback, extra tests
    - many: fix unit tests getting stuck
    - tests: remove installed snap on restore
    - daemon: do not modify test data in user suite
    - data/selinux: allow read on sysfs
    - packaging/debian: don't md5sum absent files
    - tests: remove test-snapd-curl
    - tests: remove test-snapd-snapctl-core18 in restore
    - tests: remove installed snap in the restore section
    - tests: remove installed test snap
    - tests: correctly escape mount unit path
    - cmd/Makefile.am: support building with the go snap
    - tests: work around classic snap affecting the host
    - tests: fix typo "current"
    - overlord/assertstate: add Batch.Precheck to check for the full
      validity of the batch before Commit
    - tests: restore cpuset clone_children clobbered by lxd
    - usersession: move userd package to usersession/userd
    - tests: reformat and fix markdown in snapd-state.md
    - gadget: select the right updater for given structure
    - tests: show stderr only if it exists
    - sessionagent: add a REST interface with socket activation
    - tests: remove locally installed core in more tests
    - tests: remove local revision of core
    - packaging/debian-sid: use correct apparmor Depends for Debian
    - packaging/debian-sid: merge debian upload changes back into master
    - cmd/snap-repair: make sure the goroutine doesn't stick around on
      timeout
    - packaging/fedora: github.com/cheggaaa/pb is no longer used
    - configstate/config: fix crash in purgeNulls
    - boot, o/snapst, o/devicest: limit knowledge of boot vars to boot
    - client,cmd/snap: stop depending on status/status-code in the JSON
      responses in client
    - tests: unmount leftover /run/netns
    - tests: switch mount-ns test to manual
    - overlord,daemon,cmd/snapd:  move expensive startup to dedicated
      StartUp methods
    - osutil: add EnsureTreeState helper
    - tests: measure properties of various  mount namespaces
    - tests: part2 making tests work on ubuntu-core-18
    - interfaces/policy: minimal policy check for replacing
      sanitizeReservedFor helpers (1/2)
    - interfaces: add an interface that grants access to the PackageKit
      service
    - overlord/devicestate: update gadget update handlers and mocks
    - tests: add mountinfo-tool --ref-x1000
    - tests: remove lxd / lxcfs if pre-installed
    - tests: removing support for ubuntu cosmic on spread test suite
    - tests: don't leak /run/netns mount
    - image: clean up the validateSuite
    - bootloader: remove "Dir()" from Bootloader interface
    - many: retry to reboot if snapd gets restarted before expected
      reboot
    - overlord: implement re-registration remodeling
    - cmd: revert PR#6933 (tweak of GOMAXPROCS)
    - cmd/snap: add snap unset command
    - many: add Client-User-Agent to "SnapAction" install API call
    - tests: first part making tests run on ubuntu-core-18
    - hookstate/ctlcmd: support hidden commands in snapctl
    - many: replace snapd snap name checks with type checks (3/4)
    - overlord: mostly stop needing Kernel/CoreInfo, make GadgetInfo
      consider a DeviceContext
    - snapctl: handle unsetting of config options with "!"
    - tests: move core migration snaps to tests/lib/snaps dir
    - cmd/snap: handle unsetting of config options with "!"
    - cmd/snap, etc: add health to 'snap list' and 'snap info'
    - gadget: use struct field names when intializing data in mounted
      updater unit tests
    - cmd/snap-confine: bring /lib/firmware from the host
    - snap: set snapd snap type (1/4)
    - snap: add checks in validate-seed for missing base/default-
      provider
    - daemon: replace shutdownServer with net/http's native shutdown
      support
    - interfaces/builtin: add exec "/bin/runc" to docker-support
    - gadget: mounted filesystem updater
    - overlord/patch: simplify conditions for re-applying sublevel
      patches for level 6
    - seccomp/compiler: adjust test case names and comment for later
      changes
    - tests: fix error doing snap pack running failover test
    - tests: don't preserve size= when rewriting mount tables
    - tests: allow reordering of rewrite operations
    - gadget: main update routine
    - overlord/config: normalize nulls to support config unsetting
      semantics
    - snap-userd-autostart: don't list as a startup application on the
      GUI
    - tests: renumber snap revisions as seen via writable
    - tests: change allocation for mount options
    - tests: re-enable ns-re-associate test
    - tests: mountinfo-tool allow many --refs
    - overlord/devicestate: implement reregRemodelContext with the
      essential re-registration logic
    - tests: replace various numeric mount options
    - gadget: filesystem image writer
    - tests: add more unit tests for mountinfo-tool
    - tests: introduce mountinfo-tool --ref feature
    - tests: refactor mountinfo-tool rewrite state
    - tests: allow renumbering mount namespace identifiers
    - snap: refactor and explain layout blacklisting
    - tests: renumber snap revisions as seen via hostfs
    - daemon, interfaces, travis: workaround build ID with Go 1.9, use
      1.9 for travis tests
    - cmd/libsnap: add sc_error_init_{simple,api_misuse}
    - gadget: make raw updater handle shifted structures
    - tests/lib/nested: create WORK_DIR before accessing it
    - cmd/libsnap: rename SC_LIBSNAP_ERROR to SC_LIBSNAP_DOMAIN
    - cmd,tests: forcibly discard mount namespace when bases change
    - many: introduce healthstate, run check-health
      post-(install/refresh/try/revert)
    - interfaces/optical-drive: add scsi-generic type 4 and 5 support
    - cmd/snap-confine: exit from helper when parent dies

snapd (2.40) xenial; urgency=medium

  * New upstream release, LP: #1836327
    - overlord/patch: simplify conditions for re-applying sublevel
      patches for level 6
    - cmd,tests: forcibly discard mount namespace when bases change
    - cmd/snap-confine: handle device cgroup before pivot
    - cmd/snap-apparmor-service: quit if there are no profiles
    - cmd/snap, image: add --target-directory and --basename to 'snap
      download'
    - interfaces: add jack1 implicit classic interface
    - interfaces: miscellaneous policy updates
    - daemon: classic confinement is not supported on core
    - interfaces: bluetooth-control: add mtk BT device node
    - cmd/snap-seccomp: initial support for negative arguments with
      uid/gid caching
    - snap-confine: move seccomp load after permanent privilege drop
    - tests: new profiler snap used to track cpu and memory for snapd
      and snap commands
    - debian: make maintainer scripts do nothing on powerpc
    - gadget: mounted filesystem writer
    - cmd/snap: use padded checkers for snapshot output
    - bootloader: switch to bootloader_test style testing
    - gadget: add a wrapper for generating partitioned images with
      sfdisk
    - tests/main/snap-seccomp-syscalls: add description
    - tests: continue executing on errors either updating the repo db or
      installing dependencies
    - cmd/snap-seccomp/syscalls: add io_uring syscalls
    - systemd: add InstanceMode enumeration to control which systemd
      instance to control
    - netutil: extract socket activation helpers from daemon package.
    - interfaces: spi: update regex rules to accept spi nodes like
      spidev12345.0
    - gadget: fallback device lookup
    - many: add strutil.ElliptLeft, use it for shortening cohorts
    - wrappers: allow sockets under $XDG_RUNTIME_DIR
    - gadget: add wrapper for creating and populating filesystems
    - gadget: add writer for offset-write
    - gadget: support relative symlinks in device lookup
    - snap, snapstate: additional validation of base field
    - many: fix some races and missing locking, make sure UDevMonitor is
      stopped
    - boot: move ExtractKernelAssets
    - daemon, snap: screenshots _only_ shows the deprecation notice,
      from 2.39
    - osutil: add a workaround for overlayfs apparmor as it is used on
      Manjaro
    - snap: introduce GetType() function for snap.Info
    - tests: update systems to be used for during sru validation
    - daemon: increase `shutdownTimeout` to 25s to deal with slow
      HW
    - interfaces/network-manager: move deny ptrace to the connected slot
    - interfaces: allow locking of pppd files
    - cmd/snap-exec: fix snap completion for classic snaps with non
      /usr/lib/snapd libexecdir
    - daemon: expose pprof endpoints
    - travis: disable snap pack on OSX
    - client, cmd/snap: expose the new cohort options for snap ops
    - overlord/snapstate: tweak switch summaries
    - tests: reuse the image created initially for nested tests
      execution
    - tests/lib/nested: tweak assert disk prepare step
    - daemon, overlord/snapstate: support leave-cohort
    - tests/main/appstream-id: collect debug info
    - store,daemon: add client-user-agent support to store.SnapInfo
    - tests: add check for invalid PR titles in the static checks
    - tests: add snap-tool for easier access to internal tools
    - daemon: unexport file{Response,Stream}
    - devicestate: make TestUpdateGadgetOnClassicErrorsOut less racy
    - tests: fix test desktop-portal-filechooser
    - tests: sort commands from DumpCommands in the dumpDbHook
    - cmd/snap: add unit test for "advise-snap --dump-db".
    - bootloader: remove extra mock bootloader implementation
    - daemon: tweak for "add api endpoint for download" PR
    - packaging: fix reproducible build error
    - tests: synchronize journal logs before check logs
    - tests: fix snap service watchdog test
    - tests: use more readable test directory names
    - tests/regression/lp-1805485: update test description
    - overlord: make changes conflict with remodel
    - tests: make sure the snapshot unit test uses a snapshot time
      relative to Now()
    - tests: revert "tests: stop catalog-update/apt-hooks test for now"
    - tests: mountinfo-tool --one prints matches on failure
    - data/selinux: fix policy for snaps with bases and classic snaps
    - debian: fix building on eoan by tweaking golang build-deps
    - packaging/debian-sid: update required golang version to 1.10
    - httputil: handle "no such host" error explicitly and do not retry
      it
    - overlord/snapstate, & fallout: give Install a *RevisionOptions
    - cmd/snap: don't run install on 'snap --help install'
    - gadget: raw/bare structure writer and updater
    - daemon, client, cmd/snap: show cohort key in snap info --verbose
    - overlord/snapstate: add update-gadget task when needed, block
      other changes
    - image: turn a missing default content provider into an error
    - overlord/devicestate: update-gadget-assets task handler with
      stubbed gadget callbacks
    - interface: builtin: avahi-observe/control: update label for
      implicit slot
    - tests/lib/nested: fix multi argument copy_remote
    - tests/lib/nested: have mkfs.ext4 use a rootdir instead of mounting
      an image
    - packaging: fix permissions powerpc docs dir
    - overlord: mock store to avoid net requests
    - debian: rework how we run autopkgtests
    - interface: builtin: avahi-observe/control: allow slots
      implementation also by app snap on classic system
    - interfaces: builtin: utils: add helper function to identify system
      slots
    - interfaces: add missing adjtimex to time-control
    - overlord/snapstate, snap: support base = "none"
    - daemon, overlord/snapstate: give RevisionOptions a CohortKey
    - data/selinux: permit init_t to remount snappy_snap_t
    - cmd/snap: test for a friendly error on 'okay' without 'warnings'
    - cmd/snap: support snap debug timings --startup=.. and measure
      loadState time
    - advise-snap: add --dump-db which dumps the command database
    - interfaces/docker-support: support overlayfs on ubuntu core
    - cmd/okay: Remove err message when warning file not exist
    - devicestate: disallow removal of snaps used in booting early
    - packaging: fix build-depends on powerpc
    - tests: run spread tests on opensuse leap 15.1
    - strutil/shlex: fix ineffassign
    - cmd/snapd: ensure GOMAXPROCS is at least 2
    - cmd/snap-update-ns: detach unused mount points
    - gadget: record gadget root directory used during positioning
    - tests: force removal to prevent restore fails when directory
      doesn't exist on lp-1801955 test
    - overlord: implement store switch remodeling
    - tests: stop using ! for naive negation in shell scripts
    - snap,store,daemon,client: send new "Snap-Client-User-Agent" header
      in Search()
    - osutil: now that we require golang-1.10, use user.LookupGroup()
    - spread.yaml,tests: change MATCH and REBOOT to cmds
    - packaging/fedora: force external linker to ensure static linking
      and -extldflags use
    - timings: tweak the conditional for ensure timings
    - timings: always store ensure timings as long as they have an
      associated change
    - cmd/snap: tweak the output of snap debug timings --ensure=...
    - overlord/devicestate: introduce remodel kinds and
      contextsregistrationContext:
    - snaptest: add helper for mocking snap with contents
    - snapstate: allow removal of non-model kernels
    - tests: change strace parameters on snap-run test to avoid the test
      gets stuck
    - gadget: keep track of the index where structure content was
      defined
    - cmd/snap-update-ns: rename leftover ctx to upCtx
    - tests: add "not" command
    - spread.yaml: use "snap connections" in debug
    - tests: fix how strings are matched on auto-refresh-retry test
    - spread-shellcheck: add support for variants and environment
    - gadget: helper for shifting structure start position
    - cmd/snap-update-ns: add several TODO comments
    - cmd/snap-update-ns: rename ctx to upCtx
    - spread.yaml: make HOST: usage shellcheck-clean
    - overlord/snapstate, daemon: snapstate.Switch now takes a
      RevisionOption
    - tests: add mountinfo-tool
    - many: make snapstate.Update take *RevisionOptions instead of chan,
      rev
    - tests/unit/spread-shellcheck: temporary workaround for SC2251
    - daemon: refactor user ops to api_users
    - cmd/snap, tests: refactor info to unify handling of 'direct' snaps
    - cmd/snap-confine: combine sc_make_slave_mount_ns into caller
    - cmd/snap-update-ns: use "none" for propagation changes
    - cmd/snap-confine: don't pass MS_SLAVE along with MS_BIND
    - cmd/snap, api, snapstate: implement "snap remove --purge"
    - tests: new hotplug test executed on ubuntu core
    - tests: running tests on fedora 30
    - gadget: offset-write: fix validation, calculate absolute position
    - data/selinux: allow snap-confine to do search on snappy_var_t
      directories
    - daemon, o/snapstate, store: support for installing from cohorts
    - cmd/snap-confine: do not mount over non files/directories
    - tests: validates snapd from ppa
    - overlord/configstate: don't panic on invalid configuration
    - gadget: improve device lookup, add helper for mount point lookup
    - cmd/snap-update-ns: add tests for executeMountProfileUpdate
    - overlord/hookstate: don't run handler unless hooksup.Always
    - cmd/snap-update-ns: allow changing mount propagation
    - systemd: workaround systemctl show quirks on older systemd
      versions
    - cmd/snap: allow option descriptions to start with the command
    - many: introduce a gadget helper for locating device matching given
      structure
    - cmd/snap-update-ns: fix golint complaints about variable names
    - cmd/snap: unit tests for debug timings
    - testutil: support sharing-related mount flags
    - packaging/fedora: Merge changes from Fedora Dist-Git and drop EOL
      Fedora releases
    - cmd/snap: support for --ensure argument for snap debug timings
    - cmd,sandbox: tweak seccomp version info handling
    - gadget: record sector size in positioned volume
    - tests: make create-user test support managed devices
    - packaging: build empty package on powerpc
    - overlord/snapstate: perform hard refresh check
    - gadget: add volume level update checks
    - cmd/snap: mangle descriptions that have indent > terminal width
    - cmd/snap-update-ns: rename applyFstab to executeMountProfileUpdate
    - cmd/snap-confine: unshare per-user mount ns once
    - tests: retry govendor sync
    - tests: avoid removing snaps which are cached to speed up the
      prepare on boards
    - tests: fix how the base snap are deleted when there are multiple
      to deleted on reset
    - cmd/snap-update-ns: merge apply functions
    - many: introduce assertstest.SigningAccounts and AddMany test
      helpers
    - interfaces: special-case "snapd" in sanitizeSlotReservedForOS*
      helpers
    - cmd/snap-update-ns: make apply{User,System}Fstab identical
    - gadget: introduce checkers for sanitizing structure updates
    - cmd/snap-update-ns: move apply{Profile,{User,System}Fstab} to same
      file
    - overlord/devicestate: introduce registrationContext
    - cmd/snap-update-ns: add no-op load/save current user profile logic
    - devicestate: set "new-model" on the remodel change
    - devicestate: use deviceCtx in checkGadgetOrKernel
    - many: use a fake assertion model in the device contexts for tests
    - gadget: fix handling of positioning constrains for structures of
      MBR role
    - snap-confine: improve error when running on a not /home homedir
    - devicestate: make Remodel() return a state.Change
    - many: make which store to use contextualThis reworks
      snapstate.Store instead of relying solely on DeviceContext,
      because:
    - tests: enable tests on centos 7 again
    - interfaces: add login-session-control interface
    - tests: extra debug for snapshot-basic test
    - overlord,overlord/devicestate: do without GadgetInfo/KernelInfo in
      devicestate
    - gadget: more validation checks for legacy MBR structure type &
      role
    - osutil: fix TestReadBuildGo test in sbuild
    - data: update XDG_DATA_DIRS via the systemd environment.d mechanism
      too
    - many: do without device state/assertions accessors based on state
      only outside of devicestate/tests
    - interfaces/dbus: fix unit tests when default snap mount dir is not
      /snap
    - tests: add security-seccomp to verify seccomp with arg filtering
    - snapshotstate: disable automatic snapshots on core for now
    - snapstate: auto-install snapd when needed
    - overlord/ifacestate: update static attributes of "content"
      interface
    - interfaces: add support for the snapd snap in the dbus backend*
    - overlord/snapstate: tweak autorefresh logic if network is not
      available
    - snapcraft: also include ld.so.conf from libc in the snapcraft.yml
    - snapcraft.yaml: fix links ld-linux-x86-64.so.2/ld64.so.2
    - overlord: pass a DeviceContext to the checkSnap implementations
    - daemon: add RootOnly flag to commands
    - many:  make access to the device model assertion etc contextual
      via a DeviceCtx hook/DeviceContext interface
    - snapcraft.yaml: include libc6 in snapd
    - tests: reduce snapcraft leftovers from PROJECT_PATH,  temp disable
      centos
    - overlord: make the store context composably backed by separate
      backends for device asserts/info etc.
    - snapstate: revert "overlord/snapstate: remove PlugsOnly"
    - osutil,cmdutil: move CommandFromCore and make it use the snapd
      snap (if available)
    - travis: bump Go version to 1.10.x
    - cmd/snap-update-ns: remove instanceName argument from applyProfile
    - gadget: embed volume in positioned volume, rename fields
    - osutil: use go build-id when no gnu build-id is available
    - snap-seccomp: add 4th field to version-info for golang-seccomp
      features
    - cmd/snap-update-ns: merge computeAndSaveSystemChanges into
      applySystemFstab
    - cmd/snap, client, daemon, store: create-cohort
    - tests: give more time until nc returns on appstream test
    - tests: run spread tests on ubuntu 19.04
    - gadget: layout, smaller fixes
    - overlord: update static attrs when reloading connections
    - daemon: verify snap instructions for multi-snap requests
    - overlord/corecfg: make expiration of automatic snapshots
      configurable (4/4)
    - cmd/snap-update-ns: pass MountProfileUpdate to
      apply{System,User}Fstab
    - snap: fix interface bindings on implicit hooks
    - tests: improve how snaps are cached
    - cmd/snap-update-ns: formatting tweaks
    - data/selinux: policy tweaks
    - cmd/snap-update-ns: move locking to the common layer
    - overlord: use private YAML inside several tests
    - cmd/snap, store, image: support for cohorts in "snap download"
    - overlord/snapstate: add timings to critical task handlers and the
      backend
    - cmd: add `snap debug validate-seed <path>` cmd
    - state: add possible error return to TaskSet.Edge()
    - snap-seccomp: use username regex as defined in osutil/user.go
    - osutil: make IsValidUsername public and fix regex
    - store: serialize the acquisition of device sessions
    - interfaces/builtin/desktop: fonconfig v6/v7 cache handling on
      Fedora
    - many: move Device/SetDevice to devicestate, start of making them
      pluggable in storecontext
    - overlord/snapstate: remove PlugsOnly
    - interfaces/apparmor: allow running /usr/bin/od
    - spread: add qemu:fedora-29-64
    - tests: make test parallel-install-interfaces work for boards with
      pre-installed snaps
    - interfaces/builtin/intel_mei: fix /dev/mei* AppArmor pattern
    - spread.yaml: add qemu:centos-7-64
    - overlord/devicestate: extra measurements related to
      populateStateFromSeed
    - cmd/snap-update-ns: move Assumption to {System,User}ProfileUpdate
    - cmd/libsnap: remove fringe error function
    - gadget: add validation of cross structure overlap and offset
      writes
    - cmd/snap-update-ns: refactor of profile application (3/N)
    - data/selinux: tweak the policy for runuser and s-c, interpret
      audit entries
    - tests: fix spaces issue in the base snaps names to remove during
      reset phase
    - tests: wait for man db cache is updated before after install snapd
      on Fedora
    - tests: extend timeout of sbuild test

snapd (2.39.3) xenial; urgency=medium

  * New upstream release, LP: #1827495
    - daemon: increase `shutdownTimeout` to 25s to deal with slow HW
    - spread: run tests against openSUSE 15.1
    - data/selinux: fix policy for snaps with bases and classic snaps

snapd (2.39.2) xenial; urgency=medium

  * New upstream release, LP: #1827495
    - debian: rework how we run autopkgtests
    - interfaces/docker-support: add overlayfs accesses for ubuntu core
    - data/selinux: permit init_t to remount snappy_snap_t
    - strutil/shlex: fix ineffassign
    - packaging: fix build-depends on powerpc

snapd (2.39.1) xenial; urgency=medium

  * New upstream release, LP: #1827495
    - spread: enable Fedora 30
    - cmd/snap-confine, data/selinux: cherry pick Fedora 30 fixes
    - tests/unit/spread-shellcheck: temporary workaround for SC2251
    - packaging: build empty package on powerpc
    - interfaces: special-case "snapd" in sanitizeSlotReservedForOS*
      helper
    - cmd/snap: mangle descriptions that have indent > terminal width
    - cmd/snap-confine: unshare per-user mount ns once
    - tests: avoid adding spaces to the base snaps names
    - systemd: workaround systemctl show quirks on older systemd
      versions

snapd (2.39) xenial; urgency=medium

  * New upstream release, LP: #1827495
    - overlord/ifacestate: update static attributes of "content"
      interface
    - data/selinux: tweak the policy for runuser and s-c, interpret
      audit entries
    - snapshotstate: disable automatic snapshots on core for now
    - overlord/corecfg: make expiration of automatic snapshots
      configurable
    - snapstate: auto-install snapd when needed
    - interfaces: add support for the snapd snap in the dbus backend
    - overlord/snapstate: tweak autorefresh logic if network is not
      available
    - interfaces/apparmor: allow running /usr/bin/od
    - osutil,cmdutil: move CommandFromCore and make it use the snapd
      snap (if available)
    - daemon: also verify snap instructions for multi-snap requests
    - data/selinux: allow snap-confine to mount on top of bin
    - data/selinux: auto transition /var/snap to snappy_var_t
    - cmd: add `snap debug validate-seed <path>` cmd
    - interfaces/builtin/desktop: fonconfig v6/v7 cache handling on
      Fedora
    - interfaces/builtin/intel_mei: fix /dev/mei* AppArmor pattern
    - tests: make snap-connections test work on boards with snaps pre-
      installed
    - tests: check for /snap/core16/current in core16-provided-by-core
    - tests: run livepatch test on 18.04 as well
    - devicestate: deal correctly with the "required" flag on Remodel
    - snapstate,state: add TaskSet.AddAllWithEdges() and use in doUpdate
    - snapstate: add new NoReRefresh flag and use in Remodel()
    - many: allow core as a fallback for core16
    - snapcraft: build static fontconfig in the snapd snap
    - cmd/snap-confine: remove unused sc_open_snap_{update,discard}_ns
    - data/selinux: allow snapd to execute runuser under snappy_t
    - spread, tests: do not leave mislabeled files in restorecon test,
      attempt to catch similar files
    - interfaces: cleanup internal tool lookup in system-key
    - many: move auth.AuthContext to store.DeviceAndAuthContext, the
      implemention to a separate storecontext packageThis:
    - overlord/devicestate: measurements around ensure and related tasks
    - cmd: tweak internal tool lookup to accept more possible locations
    - overlord/snapstate,snapshotstate: create snapshot on snap removal
    - tests: run smoke tests on (almost) pristine systems
    - tests: system disable ssh for config defaults in gadget
    - cmd/debug: integrate new task timings with "snap debug timings"
    - tests/upgrade/basic, packaging/fedoar: restore SELinux context of
      /var/cache/fontconfig, patch pre-2.39 mount units
    - image: simplify prefer local logic  and fixes
    - tests/main/selinux-lxd: make sure LXD from snaps works cleanly
      with enforcing SELinux
    - tests: deny ioctl - TIOCSTI with garbage in high bits
    - overlord: factor out mocking of device service and gadget w.
      prepare-device for registration tests
    - data/selinux, tests/main/selinux-clean: fine tune the policy, make
      sure that no denials are raised
    - cmd/libsnap,osutil: fix parsing of mountinfo
    - ubuntu: disable -buildmode=pie on armhf to fix memory issue
    - overlord/snapstate: inhibit refresh for up to a week
    - cmd/snap-confine: prevent cwd restore permission bypass
    - overlord/ifacestate: introduce HotplugKey type use short key in
      change summaries
    - many: make Remodel() download everything first before installing
    - tests: fixes discovered debugging refresh-app-awareness
    - overlord/snapstate: track time of postponed refreshes
    - snap-confine: set rootfs_dir in sc_invocation struct
    - tests: run create-user on core devices
    - boot: add flag file "meta/force-kernel-extraction"
    - tests: add regression test for systemctl race fix
    - overlord/snapshotstate: helpers for snapshot expirations
    - overlord,tests: perform soft refresh check in doInstall
    - tests: enable tests that write /etc/{hostname,timezone} on core18
    - overlord/ifacestate: implement String() method of
      HotplugDeviceInfo for better logs/messages
    - cmd/snap-confine: move ubuntu-core fallback checks
    - testutil: fix MockCmd for shellcheck 0.5
    - snap, gadget: move gadget read/validation into separate package,
      tweak naming
    - tests: split travis spread execution in 2 jobs for ubuntu and non
      ubuntu systems
    - testutil: make mocked command work with shellcheck from snaps
    - packaging/fedora, tests/upgrade/basic: patch existing mount units
      with SELinux context on upgrade
    - metautil, snap: extract yaml value normalization to a helper
      package
    - tests: use apt via eatmydata
    - dirs,overlord/snapstate: add Soft and Hard refresh checks
    - cmd/snap-confine: allow using tools from snapd snap
    - cmd,interfaces: replace local helpers with cmd.InternalToolPath
    - tweak: fix "make hack" on Fedora
    - snap: add validation of gadget.yaml
    - cmd/snap-update-ns: refactor of profile application
    - cmd/snap,client,daemon,store: layout and sanity tweaks for
      find/search options
    - tests: add workaround for missing cache reset on older snapd
    - interfaces: deal with the snapd snap correctly for apparmor 2.13
    - release-tools: add debian-package-builder
    - tests: enable opensuse 15 and add force-resolution installing
      packages
    - timings: AddTag helper
    - testutil: run mocked commands through shellcheck
    - overlord/snapshotstate: support auto flag
    - client, daemon, store: search by common-id
    - tests: all the systems for google backend with 6 workers
    - interfaces: hotplug nested vm test, updated serial-port interface
      for hotplug.
    - sanity: use proper SELinux context when mounting squashfs
    - cmd/libsnap: neuter variables in cleanup functions
    - interfaces/adb-support: account for hubs on sysfs path
    - interfaces/seccomp: regenerate changed profiles only
    - snap: reject layouts to /lib/{firmware,modules}
    - cmd/snap-confine, packaging: support SELinux
    - selinux, systemd: support mount contexts for snap images
    - interfaces/builtin/opengl: allow access to Tegra X1
    - cmd/snap: make 'snap warnings' output yamlish
    - tests: add check to detect a broken snap on reset
    - interfaces: add one-plus devices to adb-support
    - cmd: prevent umask from breaking snap-run chain
    - tests/lib/pkgdb: allow downgrade when installing packages in
      openSUSE
    - cmd/snap-confine: use fixed private tmp directory
    - snap: tweak parsing errors of gadget updates
    - overlord/ifacemgr: basic measurements
    - spread: refresh metadata on openSUSE
    - cmd/snap-confine: pass sc_invocation instead of numerous args
      around
    - snap/gadget: introduce volume update info
    - partition,bootloader: rename 'partition' package to 'bootloader'
    - interfaces/builtin: add dev/pts/ptmx access to docker_support
    - tests: restore sbuild test
    - strutil: make SplitUnit public, allow negative numbers
    - overlord/snapstate,: retry less for auto-stuff
    - interfaces/builtin: add add exec "/" to docker-support
    - cmd/snap: fix regression of snap saved command
    - cmd/libsnap: rename C enum for feature flag
    - cmd: typedef mountinfo structures
    - tests/main/remodel: clean up before reverting the state
    - cmd/snap-confine: umount scratch dir using UMOUNT_NOFOLLOW
    - timings: add new helpers, Measurer interface and DurationThreshold
    - cmd/snap-seccomp: version-info subcommand
    - errortracker: fix panic in Report if db cannot be opened
    - sandbox/seccomp: a helper package wrapping calls to snap-seccomp
    - many: add /v2/model API, `snap remodel` CLI and spread test
    - tests: enable opensuse tumbleweed back
    - overlord/snapstate, store: set a header when auto-refreshing
    - data/selinux, tests: refactor SELinux policy, add minimal tests
    - spread: restore SELinux context when we mess with system files
    - daemon/api: filter connections with hotplug-gone=true
    - daemon: support returning assertion information as JSON with the
      "json" query parameter
    - cmd/snap: hide 'interfaces' command, show deprecation notice
    - timings: base API for recording timings in state
    - cmd/snap-confine: drop unused dependency on libseccomp
    - interfaces/apparmor: factor out test boilerplate
    - daemon: extract assertions api endpoint implementation into
      api_asserts.go
    - spread.yaml: bump delta reference
    - cmd/snap-confine: track per-app and per-hook processes
    - cmd/snap-confine: make sc_args helpers const-correct
    - daemon: move a function that was between an other struct and its
      methods
    - overlord/snapstate: fix restoring of "old-current" revision config
      in undoLinkSnap
    - cmd/snap, client, daemon, ifacestate: show a leading attribute of
      a connection
    - cmd/snap-confine: call sc_should_use_normal_mode once
    - cmd/snap-confine: populate enter_non_classic_execution_environment
    - daemon: allow downloading snaps blobs via .../file
    - cmd/snap-confine: introduce sc_invocation
    - devicestate: add initial Remodel support
    - snap: remove obsolete license-* fields in the yaml
    - cmd/libsnap: add cgroup-pids-support module
    - overlord/snapstate/backend: make LinkSnap clean up more
    - snapstate: only keep 2 snaps on classic
    - ctlcmd/tests: tests tweaks (followup to #6322)

snapd (2.38.1) xenial; urgency=medium

  * New upstream release, LP: #1824394
    - tests: add workaround for missing cache reset on older snapd
    - ubuntu: disable -buildmode=pie on armhf to fix memory issue

snapd (2.38) xenial; urgency=medium

  * New upstream release, LP: #1818648
    - overlord/snapstate,: retry less for auto-stuff
    - cmd/snap: fix regression of snap saved command
    - interfaces/builtin: add dev/pts/ptmx access to docker_support
    - overlord/snapstate, store: set a header when auto-refreshing
    - interfaces/builtin: add add exec "/" to docker-support
    - cmd/snap, client, daemon, ifacestate: show a leading attribute of
      a connection
    - interface: avahi-observe: Fixing socket permissions on 4.15
      kernels
    - tests: check that apt works before using it
    - apparmor: support AppArmor 2.13
    - snapstate: restart into the snapd snap on classic
    - overlord/snapstate: during refresh, re-refresh on epoch bump
    - cmd, daemon: split out the common bits of mapLocal and mapRemote
    - cmd/snap-confine: chown private /tmp to root.root
    - cmd/snap-confine: drop uid from random /tmp name
    - overlord/hookstate: apply pending transaction changes onto
      temporary configuration for snapctl get
    - cmd/snap: `snap connections` command
    - interfaces/greengrass_support: update accesses for GGC 1.8
    - cmd/snap, daemon: make the connectivity check use GET
    - interfaces/builtin,/udev: add spec support to disable udev +
      device cgroup and use it for greengrass
    - interfaces/intel-mei: small follow up tweaks
    - ifacestate/tests: fix/improve udev mon test
    - interfaces: add multipass-support interface
    - tests/main/high-user-handling: fix the test for Go 1.12
    - interfaces: add new intel-mei interface
    - systemd: decrease the checker counter before unlocking otherwise
      we can get spurious panics
    - daemon/tests: fix race in the disconnect conflict test
    - cmd/snap-confine: allow moving tasks to pids cgroup
    - tests: enable opensuse tumbleweed on spread
    - cmd/snap: fix `snap services` completion
    - ifacestate/hotplug: integration with udev monitor
    - packaging: build snapctl as a static binary
    - packaging/opensuse: move most logic to snapd.mk
    - overlord: fix ensure before slowness on Retry
    - overlord/ifacestate: fix migration of connections on upgrade from
      ubuntu-core
    - daemon, client, cmd/snap: debug GETs ask aspects, not actions
    - tests/main/desktop-portal-*: fix handling of python dependencies
    - interfaces/wayland: allow wayland server snaps function on classic
      too
    - daemon, client, cmd/snap: snap debug base-declaration
    - tests: run tests on opensuse leap 15.0 instead of 42.3
    - cmd/snap: fix error messages for snapshots commands if ID is not
      uint
    - interfaces/seccomp: increase filter precision
    - interfaces/network-manager: no peer label check for hostname1
    - tests: add a tests for xdg-desktop-portal integration
    - tests: not checking 'tracking channel' after refresh core on
      nested execution
    - tests: remove snapweb from tests
    - snap, wrappers: support StartTimeout
    - wrappers: Add an X-SnapInstanceName field to desktop files
    - cmd/snap: produce better output for help on subcommands
    - tests/main/nfs-support: use archive mode for creating fstab backup
    - many: collect time each task runs and display it with `snap debug
      timings <id>`
    - tests: add attribution to helper script
    - daemon: make ucrednetGet not loop
    - squashfs: unset SOURCE_DATE_EPOCH in the TestBuildDate test
    - features,cmd/libsnap: add new feature "refresh-app-awareness"
    - overlord: fix random typos
    - interfaces/seccomp: generate global seccomp profile
    - daemon/api: fix error case for disconnect conflict
    - overlord/snapstate: add some randomness to the catalog refresh
    - tests: disable trusty-proposed for now
    - tests: fix upgrade-from-2.15 with kernel 4.15
    - interfaces/apparmor: allow sending and receiving signals from
      ourselves
    - tests: split the test interfaces-many in 2 and remove snaps on
      restore
    - tests: use snap which takes 15 seconds to install on retryable-
      error test
    - packaging: avoid race in snapd.postinst
    - overlord/snapstate: discard mount namespace when undoing 1st link
      snap
    - cmd/snap-confine: allow writes to /var/lib/**
    - tests: stop catalog-update test for now
    - tests/main/auto-refresh-private: make sure to actually download
      with the expired macaroon
    - many: save media info when installing, show it when listing
    - userd: handle help urls which requires prepending XDG_DATA_DIRS
    - tests: fix NFS home mocking
    - tests: improve snaps-system-env test
    - tests: pre-cache core on core18 systems
    - interfaces/hotplug: renamed RequestedSlotSpec to ProposedSlot,
      removed Specification
    - debian: ensure leftover usr.lib.snapd.snap-confine is gone
    - image,cmd/snap,tests: introduce support for modern prepare-image
      --snap <snap>[=<channel>]
    - overlord/ifacestate: tweak logic for generating unique slot names
    - packaging: import debian salsa packaging work, add sbuild test and
      use in spead
    - overlord/ifacestate: hotplug-add-slot handler
    - image,cmd/snap:  simplify --classic-arch to --arch, expose
      prepare-image
    - tests: run test snap as user in the smoke test
    - cmd/snap: tweak man output to have no doubled up .TP lines
    - cmd/snap, overlord/snapstate: silently ignore classic flag when a
      snap is strictly confined
    - snap-confine: remove special handling of /var/lib/jenkins
    - cmd/snap-confine: handle death of helper process
    - packaging: disable systemd environment generator on 18.04
    - snap-confine: fix classic snaps for users with /var/lib/* homedirs
    - tests/prepare: prevent console-conf from running
    - image: bootstrapToRootDir => setupSeed
    - image,cmd/snap,tests:  introduce prepare-image --classic
    - tests: update smoke/sandbox test for armhf
    - client, daemon: introduce helper for querying snapd API for the
      list of slot/plug connections
    - cmd/snap-confine: refactor and cleanup of seccomp loading
    - snapstate, snap: allow update/switch requests with risk only
      channel to DTRT
    - interfaces: add network-manager-observe interface
    - snap-confine: increase locking timeout to 30s
    - snap-confine: fix incorrect "sanity timeout 3s" message
    - snap-confine: provide proper error message on sc_sanity_timeout
    - snapd,state: improve error message on state reading failure
    - interfaces/apparmor: deny inet/inet6 in snap-update-ns profile
    - snap: fix reexec from the snapd snap for classic snaps
    - snap: fix hook autodiscovery for parallel installed snaps
    - overlord/snapstate: format the refresh time for the log
    - cmd/snap-confine: add special case for Jenkins
    - snapcraft.yaml: fix XBuildDeb PATH for go-1.10
    - overlord/snapstate: validate instance names early
    - overlord/ifacestate: handler for hotplug-update-slot tasks
    - polkit: cast pid to uint32 to keep polkit happy for now
    - snap/naming: move various name validation helpers to separate
      package
    - tests: iterate getting journal logs to support delay on boards on
      daemon-notify test
    - cmd/snap: fix typo in cmd_wait.go
    - snap/channel: improve channel parsing
    - daemon, polkit: pid_t is signed
    - daemon: introduce /v2/connections snapd API endpoint
    - cmd/snap: small refactor of cmd_info's channel handling
    - overlord/snapstate: use an ad-hoc error when no results
    - cmd/snap: wrap "summary" better
    - tests: workaround missing go dependencies in debian-9
    - daemon: try to tidy up the icon stuff a little
    - interfaces: add display-control interface
    - snapcraft.yaml: fix snap building in launchpad
    - tests: update fedora 29 workers to speed up the whole testing time
    - interfaces: add u2f-devices interface and allow reading udev
      +power_supply:* in hardware-observe
    - cmd/snap-update-ns: save errno from strtoul
    - tests: interfaces tests normalization
    - many: cleanup golang.org/x/net/context
    - tests: add spread test for system dbus interface
    - tests: remove -o pipefail
    - interfaces: add block-devices interface
    - spread: enable upgrade suite on fedora
    - tests/main/searching: video section got renamed to photo-and-video
    - interfaces/home: use dac_read_search instead of dac_override with
      'read: all'
    - snap: really run the RunSuite
    - interfaces/camera: allow reading vendor/etc info from
      /run/udev/data/+usb:*
    - interfaces/dbus: be less strict about alternations for well-known
      names
    - interfaces/home: allow dac_override with 'read:
      all'
    - interfaces/pulseaudio: allow reading subdirectories of
      /etc/pulse
    - interfaces/system-observe: allow read on
      /proc/locks
    - run-checks: ensure we use go-1.10 if available
    - tests: get test-snapd-dbus-{provider,consumer} from the beta
      channel
    - interfaces/apparmor: mock presence of overlayfs root
    - spread: increase default kill-timeout to 30min
    - tests: simplify interfaces-contacts-service test
    - packaging/ubuntu: build with golang 1.10
    - ifacestate/tests: extra test for hotplug-connect handler
    - packaging: make sure that /var/lib/snapd/lib/glvnd is accounted
      for
    - overlord/snapstate/backend: call fontconfig helpers from the new
      'current'
    - kvm: load required kernel modules if necessary
    - cmd/snap: use a fake user for 'run' tests
    - tests: update systems for google sru backend
    - tests: fix install-snaps test by changing the snap info regex
    - interfaces: helpers for sorting plug/slot/connection refs
    - tests: moving core-snap-refresh-on-core test from main to nested
      suite
    - tests: fix daemon-notify test checking denials considering all the
      log lines
    - tests: skip lp-1802591 on "official" images
    - tests: fix listing tests to match "snap list --unicode=never"
    - debian: fix silly typo in the spread test invocation
    - interface: raw-usb: Adding ttyACM ttyACA permissions
    - tests: fix enable-disable-unit-gpio test on external boards
    - overlord/ifacestate: helper API to obtain the state of connections
    - tests: define new "tests/smoke" suite and use that for
      autopkgtests
    - cmd/snap-update-ns: explicitly check for return value from
      parse_arg_u
    - interfaces/builtin/opengl: allow access to NVIDIA VDPAU library
    - tests: auto-clean the test directory
    - cmd/snap: further tweak messaging; add a test
    - overlord/ifacestate: handler for hotplug-connect task
    - cmd/snap-confine: join freezer only after setting up user mount
    - cmd/snap-confine: don't preemptively create .mnt files
    - cmd/snap-update-ns: manually implement isspace
    - cmd/snap-update-ns: let the go parser know we are parsing -u
    - cmd/snap-discard-ns: fix name of user fstab files
    - snapshotstate: don't task.Log without the lock
    - tests: exclude some more slow tests from runs in autopkgtest
    - many: remove .user-fstab files from /run/snapd/ns
    - cmd/libsnap: pass --from-snap-confine when calling snap-update-ns
      as user
    - cmd/snap-update-ns: make freezer mockable
    - cmd/snap-update-ns: move XDG code to dedicated file
    - osutil: add helper for loading fstab from string
    - cmd/snap-update-ns: move existing code around, renaming some
      functions
    - overlord/configstate/configcore: support - and _ in cloud init
      field names
    - * cmd/snap-confine: use makedev instead of MKDEV
    - tests: review/fix the autopkgtest failures in disco
    - overlord: drop old v1 store api support from managers test
    - tests: new test for snapshots with more than 1 user

Date: 2020-07-10 18:43:13.385626+00:00
Changed-By: Maria Emilia Torino <emilia.torino at canonical.com>
https://launchpad.net/ubuntu/+source/snapd/2.45.1ubuntu0.2
-------------- next part --------------
Sorry, changesfile not available.


More information about the Xenial-changes mailing list