[ubuntu/artful-proposed] lxc 2.0.8-0ubuntu1 (Accepted)
Stéphane Graber
stgraber at ubuntu.com
Fri May 12 16:41:14 UTC 2017
lxc (2.0.8-0ubuntu1) artful; urgency=medium
* New upstream bugfix release (2.0.8):
- Security fix for CVE-2017-5985 (previously fixed in Ubuntu)
- All templates have been updated to not set default passwords anymore,
instead requiring lxc-attach be used to configure users.
This may affect some automated environments that were relying on our
default (very much insecure) users.
- Make lxc-start-ephemeral Python 3.2-compatible
- Fix typo
- Allow build without sys/capability.h
- lxc-opensuse: fix default value for release code
- util: always malloc for setproctitle
- util: update setproctitle comments
- confile: clear lxc.network..ipv{4,6} when empty
- lxc_setup_tios(): Ignore SIGTTOU and SIGTTIN signals
- Make lxc-net return non-zero on failure
- seccomp: allow x32 guests on amd64 hosts.
- Add HAVE_LIBCAP
- c/r: only supply --ext-mount-map for bind mounts
- Added 'mkdir -p' functionality in create_or_remove_cgroup
- Use LXC_ROOTFS_MOUNT in clonehostname hook
- squeeze is not a supported release anymore, drop the key
- start: dumb down SIGCHLD from WARN() to NOTICE()
- log: fix lxc_unix_epoch_to_utc()
- cgfsng: make trim() safer
- seccomp: set SCMP_FLTATR_ATL_TSKIP if available
- lxc-user-nic: re-order #includes
- lxc-user-nic: improve + bugfix
- lxc-user-nic: delete link on failure
- conf: only try to delete veth when privileged
- Fix lxc-containers to support multiple bridges
- Fix mixed tab/spaces in previous patch
- lxc-alpine: use dl-cdn.a.o as default mirror instead of random one
- lxc-checkconfig: verify new[ug]idmap are setuid-root
- [templates] archlinux: resolve conflicting files
- [templates] archlinux: noneed default_timezone variable
- python3: Deal with potential NULL char*
- lxc-download.in / allow setting keyserver from env
- lxc-download.in / Document keyserver change in help
- Change variable check to match existing style
- tree-wide: include directly
- conf/ile: make sure buffer is large enough
- tree-wide: include directly
- tests: Support running on IPv6 networks
- tests: Kill containers (don't wait for shutdown)
- Fix opening wrong file in suggest_default_idmap
- do not set the root password in the debian template
- do not set insecure passwords
- don't set a default password for altlinux, gentoo, openmandriva and pld
- tools: exit with return code of lxc_execute()
- Keep veth.pair.name on network shutdown
- Makefile: fix static clang init.lxc build
- Avoid waiting for bridge interface if disabled in sysconfig/lxc
- Increased buffer length in print_stats()
- avoid assigning to a variable which is not POSIX shell proof (bug #1498)
- remove obsolete note about api stability
- conf: less error prone pointer access
- conf: lxc_map_ids() non-functional changes
- caps: add lxc_{proc,file}_cap_is_set()
- conf: check for {filecaps,setuid} on new{g,u}idmap
- conf: improve log when mounting rootfs
- ls: simplify the judgment condition when list active containers
- fix typo introduced in #1509
- attach|unshare: fix the wrong comment
- caps: skip file capability checks on android
- autotools: check for cap_get_file
- caps: return false if caps are not supported
- conf: non-functional changes to setup_pts()
- conf: use bind-mount for /dev/ptmx
- conf: non-functional changes
- utils: use loop device helpers from LXD
- create ISSUE_TEMPLATE.md
- cgroups: improve cgfsng debugging
- issue template: fix typo
- conf: close fd in lxc_setup_devpts()
- conf: non-functional changes
- utils: tweak lxc_mount_proc_if_needed()
- Change sshd template to work with Ubuntu 17.04
- conf: order mount options
- conf: add MS_LAZYTIME to mount options
- monitor: report errno on exec() error
- af unix: allow for maximum socket name
- commands: avoid NULL pointer dereference
- commands: non-functional changes
- lxccontainer: avoid NULL pointer dereference
- monitor: simplify abstract socket logic
- precise is not the latest LTS, let's use xenial instead
- fix the wrong exit status
- conf: non-functional changes lxc_fill_autodev()
- conf: remove /dev/console from lxc_fill_autodev()
- conf: non-functional changes lxc_setup()
- conf: non-functional changes to console functions
- conf: improve lxc_setup_dev_console()
- conf: lxc_setup_ttydir_console()
- config: remove /dev/console bind mount
- doc: document console behavior
- utils: add lxc_unstack_mountpoint()
- conf: unstack all mounts atop /dev/console
- console: fail when we cannot allocate peer tty
- start: remove umount2()
- conf: non-functional changes
- utils: handle > 2^31 in lxc_unstack_mountpoint()
- Install systemd units for CentOS
- Merge ubuntu and debiancase
- start: add crucial details about lxc_spawn()
* Fix broken proxy detection in debian/tests/exercise
* Only move lxc bash completion from /etc if we installed it there
Date: Fri, 12 May 2017 12:30:47 -0400
Changed-By: Stéphane Graber <stgraber at ubuntu.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
https://launchpad.net/ubuntu/+source/lxc/2.0.8-0ubuntu1
-------------- next part --------------
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Fri, 12 May 2017 12:30:47 -0400
Source: lxc
Binary: lxc lxc1 lxc-common lxc-dev lxc-templates lxc-tests liblxc1 python3-lxc lua-lxc
Architecture: source
Version: 2.0.8-0ubuntu1
Distribution: artful
Urgency: medium
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Stéphane Graber <stgraber at ubuntu.com>
Description:
liblxc1 - Linux Containers userspace tools (library)
lua-lxc - Linux Containers userspace tools (Lua bindings)
lxc - Transitional package for lxc1
lxc-common - Linux Containers userspace tools (common tools)
lxc-dev - Linux Containers userspace tools (development)
lxc-templates - Linux Containers userspace tools (templates)
lxc-tests - Linux Containers userspace tools (test binaries)
lxc1 - Linux Containers userspace tools
python3-lxc - Linux Containers userspace tools (Python 3.x bindings)
Changes:
lxc (2.0.8-0ubuntu1) artful; urgency=medium
.
* New upstream bugfix release (2.0.8):
- Security fix for CVE-2017-5985 (previously fixed in Ubuntu)
.
- All templates have been updated to not set default passwords anymore,
instead requiring lxc-attach be used to configure users.
.
This may affect some automated environments that were relying on our
default (very much insecure) users.
.
- Make lxc-start-ephemeral Python 3.2-compatible
- Fix typo
- Allow build without sys/capability.h
- lxc-opensuse: fix default value for release code
- util: always malloc for setproctitle
- util: update setproctitle comments
- confile: clear lxc.network..ipv{4,6} when empty
- lxc_setup_tios(): Ignore SIGTTOU and SIGTTIN signals
- Make lxc-net return non-zero on failure
- seccomp: allow x32 guests on amd64 hosts.
- Add HAVE_LIBCAP
- c/r: only supply --ext-mount-map for bind mounts
- Added 'mkdir -p' functionality in create_or_remove_cgroup
- Use LXC_ROOTFS_MOUNT in clonehostname hook
- squeeze is not a supported release anymore, drop the key
- start: dumb down SIGCHLD from WARN() to NOTICE()
- log: fix lxc_unix_epoch_to_utc()
- cgfsng: make trim() safer
- seccomp: set SCMP_FLTATR_ATL_TSKIP if available
- lxc-user-nic: re-order #includes
- lxc-user-nic: improve + bugfix
- lxc-user-nic: delete link on failure
- conf: only try to delete veth when privileged
- Fix lxc-containers to support multiple bridges
- Fix mixed tab/spaces in previous patch
- lxc-alpine: use dl-cdn.a.o as default mirror instead of random one
- lxc-checkconfig: verify new[ug]idmap are setuid-root
- [templates] archlinux: resolve conflicting files
- [templates] archlinux: noneed default_timezone variable
- python3: Deal with potential NULL char*
- lxc-download.in / allow setting keyserver from env
- lxc-download.in / Document keyserver change in help
- Change variable check to match existing style
- tree-wide: include directly
- conf/ile: make sure buffer is large enough
- tree-wide: include directly
- tests: Support running on IPv6 networks
- tests: Kill containers (don't wait for shutdown)
- Fix opening wrong file in suggest_default_idmap
- do not set the root password in the debian template
- do not set insecure passwords
- don't set a default password for altlinux, gentoo, openmandriva and pld
- tools: exit with return code of lxc_execute()
- Keep veth.pair.name on network shutdown
- Makefile: fix static clang init.lxc build
- Avoid waiting for bridge interface if disabled in sysconfig/lxc
- Increased buffer length in print_stats()
- avoid assigning to a variable which is not POSIX shell proof (bug #1498)
- remove obsolete note about api stability
- conf: less error prone pointer access
- conf: lxc_map_ids() non-functional changes
- caps: add lxc_{proc,file}_cap_is_set()
- conf: check for {filecaps,setuid} on new{g,u}idmap
- conf: improve log when mounting rootfs
- ls: simplify the judgment condition when list active containers
- fix typo introduced in #1509
- attach|unshare: fix the wrong comment
- caps: skip file capability checks on android
- autotools: check for cap_get_file
- caps: return false if caps are not supported
- conf: non-functional changes to setup_pts()
- conf: use bind-mount for /dev/ptmx
- conf: non-functional changes
- utils: use loop device helpers from LXD
- create ISSUE_TEMPLATE.md
- cgroups: improve cgfsng debugging
- issue template: fix typo
- conf: close fd in lxc_setup_devpts()
- conf: non-functional changes
- utils: tweak lxc_mount_proc_if_needed()
- Change sshd template to work with Ubuntu 17.04
- conf: order mount options
- conf: add MS_LAZYTIME to mount options
- monitor: report errno on exec() error
- af unix: allow for maximum socket name
- commands: avoid NULL pointer dereference
- commands: non-functional changes
- lxccontainer: avoid NULL pointer dereference
- monitor: simplify abstract socket logic
- precise is not the latest LTS, let's use xenial instead
- fix the wrong exit status
- conf: non-functional changes lxc_fill_autodev()
- conf: remove /dev/console from lxc_fill_autodev()
- conf: non-functional changes lxc_setup()
- conf: non-functional changes to console functions
- conf: improve lxc_setup_dev_console()
- conf: lxc_setup_ttydir_console()
- config: remove /dev/console bind mount
- doc: document console behavior
- utils: add lxc_unstack_mountpoint()
- conf: unstack all mounts atop /dev/console
- console: fail when we cannot allocate peer tty
- start: remove umount2()
- conf: non-functional changes
- utils: handle > 2^31 in lxc_unstack_mountpoint()
- Install systemd units for CentOS
- Merge ubuntu and debiancase
- start: add crucial details about lxc_spawn()
.
* Fix broken proxy detection in debian/tests/exercise
* Only move lxc bash completion from /etc if we installed it there
Checksums-Sha1:
62b539a44326c93e6b1b956f39ead6f2f97d4b97 2655 lxc_2.0.8-0ubuntu1.dsc
65883786c24312ab36e53231e312d94851957516 1308705 lxc_2.0.8.orig.tar.gz
2b8a6dd67fb85dccafd275af9d304675ddae9b2c 111452 lxc_2.0.8-0ubuntu1.debian.tar.xz
Checksums-Sha256:
b1643080c14b51ccf6fdb3ca772d136f0dba6e0954b1ee7b91b5d0a4f5a83684 2655 lxc_2.0.8-0ubuntu1.dsc
0d8e34b302cfe4c40c6c9ae5097096aa5cc2c1dfceea3f0f22e3e16c4a4e8494 1308705 lxc_2.0.8.orig.tar.gz
4d4d80f041b77b3c68b9a7d93da039e93ae7b379fe94acb03e01529cffd945df 111452 lxc_2.0.8-0ubuntu1.debian.tar.xz
Files:
be0a22318ffb124a932d9f9b8015c609 2655 admin optional lxc_2.0.8-0ubuntu1.dsc
7bfd95280522d7936c0979dfea92cdb5 1308705 admin optional lxc_2.0.8.orig.tar.gz
73d405700c891a8cde831675fff44892 111452 admin optional lxc_2.0.8-0ubuntu1.debian.tar.xz
-----BEGIN PGP SIGNATURE-----
iQIcBAEBCgAGBQJZFeQhAAoJEMY4l01keS1nLUYP/1Bh9aiIeoLwmdfZb1kquYFl
IexEKMeNCTy1o0TGKrPnO9opa83AR0dJxKwFvZPvRi3GnZ1JWEUkjegxy8vLleMF
lxeS9JUgYcGXm+RUjGQ7NAiXMG/iUrMGq9/eIob3vVxMFWUev9cIvcypgMpj+Tol
FH4VEcsQpdNIJFOfRbXbJtIahIRK0+qoyVQJT4ycppXtk2aP5qSOjGetpF7+/zM+
V6GHhKKCw32PaW+JwX+ZmPpiXUgxSmyBfBnSKXy16i14mjgJSHGg/VshOWyvH/Tq
fbIMHyPHU0IC6iM3k5weq5pQU0YefIUFTEhnn4bj4aHDrygkCqiRLeWK64ckP/8u
ldhGwpW4wVu/Lp7gf9vXiCcPtBEph2FllNkQUCIt4A/DV7x3R6jsS+Zby0pjpsMS
GumiEzkw3ctF8BINpKJig+H+BvH4tTyIRN2NWIUzOrryZB2gFZCfq+DJKpLfshsd
wbPD0h2mkGvKeso6j35FxAz28suSd3yDATJ1aLXlFXSLRYXNhjuRNJM5QMUXYBxT
e8OKmvo2uLNdBv174pwJ97odcrcxvvk3ofH/UbGwBDr2+Np20olO4H0qurKIOL53
m5jhSaIg3Qdkgxt85x/5K0EpxWvQbbr1e4iaqhPxssJma+6ScBPPA8CZYD37Pw2D
N/ibGW8+IRXIumTOp3/T
=Njw3
-----END PGP SIGNATURE-----
More information about the Artful-changes
mailing list