[ubuntu/hirsute-proposed] lxc 1:4.0.6-0ubuntu1 (Accepted)

Stéphane Graber stgraber at ubuntu.com
Thu Feb 11 21:37:11 UTC 2021 

lxc (1:4.0.6-0ubuntu1) hirsute; urgency=medium

  * New upstream bugfix release (4.0.6):
    - Improve handling for compatibility architectures for seccomp
    - Harden seccomp notifier implementation
    - Rework parsing of /proc/<pid>/mountinfo to handle kernel regression
    - Improve network device restoration
    - Significantly cleanup and harden config file parsing
    - Support new capabilities CAP_PERFORM, CAP_BPF, and CAP_CHECKPOINT_RESTORE
    - Harden containers started without CAP_NET_ADMIN
  * New upstream bugfix release (4.0.5):
    - Support allocating PTS devices from within the container
    - Harden more path/mount handling logics
    - Rework LSM logic to limit initializer use
  * Cherry-pick upstream fixes:
    - 0002-commands-fix-check-for-seccomp-notify-support.patch
    - 0003-configure-skip-libseccomp-tests-if-it-is-disabled.patch
    - 0004-conf-fix-containers-retaining-CAP_NET_ADMIN.patch
    - 0005-cgroups-fix-cgroup-mounting.patch
    - 0006-lsm-remove-obsolute-comment-about-constructor.patch
    - 0007-lxc_attach-include-rexec-conditionally.patch
    - 0008-tree-wide-fix-some-header-inclusions.patch
    - 0009-initutils-fix-missing-includes.patch
    - 0010-configure-support-static-binaries.patch
    - 0011-autotools-enable-static-builds-for-tools.patch
    - 0012-autotools-enable-static-builds-for-commands.patch
    - 0013-tree-wide-fix-compilation-with-Wstrict-prototypes-Wo.patch
    - 0014-config-update-ax_pthread.m4.patch
    - 0015-configure-add-AC_SYS_LARGEFILE-checking.patch
    - 0016-autotools-update-build.patch
    - 0017-file_utils-introduce-read_file_at.patch
    - 0018-string_utils-add-must_make_path_relative.patch
    - 0019-cgroups-coding-style-fixes.patch
    - 0020-cgroups-rework-cg_unified_init.patch
    - 0021-cgroups-detect-and-record-cgroup2-freezer-support.patch
    - 0022-criu-handle-cgroup2-freezer.patch
    - 0023-mkdir-p-proc-sys-on-container-startup.patch
    - 0024-conf-fix-coding-style.patch
    - 0025-conf-coding-style-fixes.patch
    - 0026-conf-move-proc-and-sys-mountpoint-creation-int-lxc_m.patch
    - 0027-attach-invert-child-parent-handling.patch
    - 0028-attach-use-__do_free-cleanup-macro-for-cwd.patch
    - 0029-attach-tweak-logging.patch
    - 0030-attach-use-__do_close-for-labelfd.patch
    - 0031-attach-coding-style-fixes.patch
    - 0032-attach-use-free_disarm.patch
    - 0033-attach-s-attach_child_main-do_attach-g.patch
    - 0034-attach-mark-do_attach-as-__noreturn.patch
    - 0035-attach-make-do_attach-void.patch
    - 0036-attach-use-close_prot_errno_disarm.patch
    - 0037-attach-add-some-DEBUG-logging-to-stdfd-dpulication.patch
    - 0038-cgroups-fix-cgroup-mounting.patch
    - 0039-utils-fix-mount_at.patch
    - 0040-configure-fix-static-builds-with-clang-12-and-LTO.patch
    - 0041-cgroups-bpf-fixes.patch
    - 0042-croups-improve-__do_bpf_program_free.patch
    - 0043-cgroups-coding-style-fixes.patch
    - 0044-cgroups-don-t-initiliaze-NULL-log.patch
    - 0045-cgroups-ensure-all-memory-is-zeroed.patch
    - 0046-cgroups-use-zalloc.patch
    - 0047-cgroups-tweak-cgroup-initialization.patch
    - 0048-log-remove-pointless-inline.patch
    - 0049-log-add-lxc_log_get_fd.patch
    - 0050-seccomp-use-lxc_log_get_fd.patch
    - 0051-log-rework-lxc_log_get_level.patch
    - 0052-seccomp-use-lxc_log_get_level.patch
    - 0053-cgroups-use-bpf-log-when-logging-at-trace-level.patch
    - 0054-log-add-lxc_log_trace-helper.patch
    - 0055-cgroups-use-PTR_TO_U64.patch
    - 0056-cgroups-align-methods.patch
    - 0057-utils-use-SYSTRACE-when-logging-stdio-permission-fix.patch
    - 0058-attach-log-failues-to-dup2-with-SYSDEBUG.patch
    - 0059-attach-fix-logging-for-stdfd-replacement.patch
    - 0060-attach-fix-error-checking-for-dup2.patch
    - 0061-cgroups-initialize-variable.patch
    - 0062-commands_utils-don-t-leak-memory.patch
    - 0063-conf-use-lxc_log_trace.patch
    - 0064-confile_utils-use-lxc_log_trace.patch
    - 0065-rexec-check-lseek-return-value.patch

Date: Thu, 11 Feb 2021 16:34:13 -0500
Changed-By: Stéphane Graber <stgraber at ubuntu.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
https://launchpad.net/ubuntu/+source/lxc/1:4.0.6-0ubuntu1
-------------- next part --------------
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Thu, 11 Feb 2021 16:34:13 -0500
Source: lxc
Architecture: source
Version: 1:4.0.6-0ubuntu1
Distribution: hirsute
Urgency: medium
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Stéphane Graber <stgraber at ubuntu.com>
Changes:
 lxc (1:4.0.6-0ubuntu1) hirsute; urgency=medium
 .
   * New upstream bugfix release (4.0.6):
     - Improve handling for compatibility architectures for seccomp
     - Harden seccomp notifier implementation
     - Rework parsing of /proc/<pid>/mountinfo to handle kernel regression
     - Improve network device restoration
     - Significantly cleanup and harden config file parsing
     - Support new capabilities CAP_PERFORM, CAP_BPF, and CAP_CHECKPOINT_RESTORE
     - Harden containers started without CAP_NET_ADMIN
   * New upstream bugfix release (4.0.5):
     - Support allocating PTS devices from within the container
     - Harden more path/mount handling logics
     - Rework LSM logic to limit initializer use
   * Cherry-pick upstream fixes:
     - 0002-commands-fix-check-for-seccomp-notify-support.patch
     - 0003-configure-skip-libseccomp-tests-if-it-is-disabled.patch
     - 0004-conf-fix-containers-retaining-CAP_NET_ADMIN.patch
     - 0005-cgroups-fix-cgroup-mounting.patch
     - 0006-lsm-remove-obsolute-comment-about-constructor.patch
     - 0007-lxc_attach-include-rexec-conditionally.patch
     - 0008-tree-wide-fix-some-header-inclusions.patch
     - 0009-initutils-fix-missing-includes.patch
     - 0010-configure-support-static-binaries.patch
     - 0011-autotools-enable-static-builds-for-tools.patch
     - 0012-autotools-enable-static-builds-for-commands.patch
     - 0013-tree-wide-fix-compilation-with-Wstrict-prototypes-Wo.patch
     - 0014-config-update-ax_pthread.m4.patch
     - 0015-configure-add-AC_SYS_LARGEFILE-checking.patch
     - 0016-autotools-update-build.patch
     - 0017-file_utils-introduce-read_file_at.patch
     - 0018-string_utils-add-must_make_path_relative.patch
     - 0019-cgroups-coding-style-fixes.patch
     - 0020-cgroups-rework-cg_unified_init.patch
     - 0021-cgroups-detect-and-record-cgroup2-freezer-support.patch
     - 0022-criu-handle-cgroup2-freezer.patch
     - 0023-mkdir-p-proc-sys-on-container-startup.patch
     - 0024-conf-fix-coding-style.patch
     - 0025-conf-coding-style-fixes.patch
     - 0026-conf-move-proc-and-sys-mountpoint-creation-int-lxc_m.patch
     - 0027-attach-invert-child-parent-handling.patch
     - 0028-attach-use-__do_free-cleanup-macro-for-cwd.patch
     - 0029-attach-tweak-logging.patch
     - 0030-attach-use-__do_close-for-labelfd.patch
     - 0031-attach-coding-style-fixes.patch
     - 0032-attach-use-free_disarm.patch
     - 0033-attach-s-attach_child_main-do_attach-g.patch
     - 0034-attach-mark-do_attach-as-__noreturn.patch
     - 0035-attach-make-do_attach-void.patch
     - 0036-attach-use-close_prot_errno_disarm.patch
     - 0037-attach-add-some-DEBUG-logging-to-stdfd-dpulication.patch
     - 0038-cgroups-fix-cgroup-mounting.patch
     - 0039-utils-fix-mount_at.patch
     - 0040-configure-fix-static-builds-with-clang-12-and-LTO.patch
     - 0041-cgroups-bpf-fixes.patch
     - 0042-croups-improve-__do_bpf_program_free.patch
     - 0043-cgroups-coding-style-fixes.patch
     - 0044-cgroups-don-t-initiliaze-NULL-log.patch
     - 0045-cgroups-ensure-all-memory-is-zeroed.patch
     - 0046-cgroups-use-zalloc.patch
     - 0047-cgroups-tweak-cgroup-initialization.patch
     - 0048-log-remove-pointless-inline.patch
     - 0049-log-add-lxc_log_get_fd.patch
     - 0050-seccomp-use-lxc_log_get_fd.patch
     - 0051-log-rework-lxc_log_get_level.patch
     - 0052-seccomp-use-lxc_log_get_level.patch
     - 0053-cgroups-use-bpf-log-when-logging-at-trace-level.patch
     - 0054-log-add-lxc_log_trace-helper.patch
     - 0055-cgroups-use-PTR_TO_U64.patch
     - 0056-cgroups-align-methods.patch
     - 0057-utils-use-SYSTRACE-when-logging-stdio-permission-fix.patch
     - 0058-attach-log-failues-to-dup2-with-SYSDEBUG.patch
     - 0059-attach-fix-logging-for-stdfd-replacement.patch
     - 0060-attach-fix-error-checking-for-dup2.patch
     - 0061-cgroups-initialize-variable.patch
     - 0062-commands_utils-don-t-leak-memory.patch
     - 0063-conf-use-lxc_log_trace.patch
     - 0064-confile_utils-use-lxc_log_trace.patch
     - 0065-rexec-check-lseek-return-value.patch
Checksums-Sha1:
 cd9fbad2c161766222cf7d97ad0f9e1e263f549a 2834 lxc_4.0.6-0ubuntu1.dsc
 43b0bd4fe5a0409d9c790f308dc63172ba6c4ba8 1363162 lxc_4.0.6.orig.tar.gz
 6fe3a293f6faf51d206df58eb8474eaa9bc9481a 833 lxc_4.0.6.orig.tar.gz.asc
 943a026ee5fd8e2f7552a80653646f664b24a7dc 106976 lxc_4.0.6-0ubuntu1.debian.tar.xz
 d6343bd84a42c7932ff3a707875b3d18e0bbe78d 9482 lxc_4.0.6-0ubuntu1_source.buildinfo
Checksums-Sha256:
 c1cfae0ed1d1e2fd05242500debb6456f562b689da5a433e163652244b91b38c 2834 lxc_4.0.6-0ubuntu1.dsc
 9165dabc0bb6ef7f2fda2009aee90b20fbefe77ed8008347e9f06048eba1e463 1363162 lxc_4.0.6.orig.tar.gz
 216f753ee627c20a4953cac01b9e733debdb274b444855732f27bf61d89e42ed 833 lxc_4.0.6.orig.tar.gz.asc
 e795b9eec5f226b3562c3293cb95ee6e678a5a318217042cc129647c0784f16f 106976 lxc_4.0.6-0ubuntu1.debian.tar.xz
 6e2e220c561f263c79eaafd83cc91ae0f3c8f0f039b940ed77e6477b309e839c 9482 lxc_4.0.6-0ubuntu1_source.buildinfo
Files:
 e62cb6ced956f2e367cfb638db8634ee 2834 admin optional lxc_4.0.6-0ubuntu1.dsc
 732571c7cb4ab845068afb227bf35256 1363162 admin optional lxc_4.0.6.orig.tar.gz
 eef4ecce5fa60c543d8f9718e069b318 833 admin optional lxc_4.0.6.orig.tar.gz.asc
 13efb476c3355eccd2c4de9defc3060d 106976 admin optional lxc_4.0.6-0ubuntu1.debian.tar.xz
 39ea568ef3f955e408964e5a8fd7d72f 9482 admin optional lxc_4.0.6-0ubuntu1_source.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEYC9WdmPlk7y9FPM4xjiXTWR5LWcFAmAlo0sACgkQxjiXTWR5
LWdNqg//W48yZN1a5fSrFv6oO7zxK27jlOR6nx+q40ahhFfRzl6RrGZzgK3pYPvJ
r18teFoAaedwSfkYorc6CbBhZyTaXppZCRQrzS8V6Cg8jyHLuwyRlH+gVvqBtajG
hAeJvesBikeWvvDqZGV+TPrCehCaIgJaiIdCOJaOg1AB75WypPthR5eGwynAdhlU
V/s6n81ZQ5wWQVSCjFCGOrvjMcC1pJmYVoaX7eNPn/p0TO6ZO27GshXC1AsKq/kc
fWf3KjKEKzUbvRev2HB9QD6a0yQ9ojts4it+NmLkfp6orYrdWYZblo9GeV95NfBr
Rx9Q1LfZP+TGFkvkOXi2tNwU4oR0UJN9L65UZmYNxM+vrLe5tWVsJCuDtg0JGBvf
Yz2dVjnole4gSSEKBUoSRaIUfyDJX9g2UeLwU+ctRAQCYVimoyZNIkaM4f8UxT/J
4N7zo/ntm/iG/3Iqn77MFNwiVXopZ1owp16itI8BfsHUSsF2kJCEsJ4K4+AhNhiD
efR+gmEXys25BrO2C1BLCS5t1fOhJ03aykuqJVBFJIbyG/zBbmJDDiVCvN2MreME
ZUR1e1CJFOCVg7OUDQ/lGqB0i2ALHfxOiiHDHvBkeaFV/vf1Vd+h/i/RXvLypUTh
kArQ4BqU1OoCTrZ049M1ICn9tVeeX9rLxvqIlH9+het5ZLo4Z+U=
=Tvs5
-----END PGP SIGNATURE-----

More information about the Hirsute-changes mailing list