[ubuntu/noble-proposed] snapd 2.73+ubuntu24.04 (Accepted)
Ernest Lotter
ernest.lotter at canonical.com
Fri Dec 5 14:45:44 UTC 2025
snapd (2.73+ubuntu24.04) noble; urgency=medium
* New upstream release, LP: #2132084
- FDE: do not save incomplete FDE state when resealing was skipped
- FDE: warn of inconsistent primary or policy counter
- Confdb: document confdb in snapctl help messages
- Confdb: only confdb hooks wait if snaps are disabled
- Confdb: relax confdb change conflict checks
- Confdb: remove empty parent when removing last leaf
- Confdb: support parsing field filters
- Confdb: wrap confdb write values under "values" key
- dm-verity for essential snaps: add new naming convention for
verity files
- dm-verity for essential snaps: add snap integrity discovery
- dm-verity for essential snaps: fix verity salt calculation
- Assertions: add hardware identity assertion
- Assertions: add integrity stanza in snap resources revisions
- Assertions: add request message assertion required for remote
device management
- Assertions: add response-message assertion for secure remote
device management
- Assertions: expose WithStackedBackstore in RODatabase
- Packaging: cross-distro | install upstream NEWS file into relevant
snapd package doc directory
- Packaging: cross-distro | tweak how the blocks injecting
$SNAP_MOUNT_DIR/bin are generated as required for openSUSE
- Packaging: remove deprecated snap-gdb-shim and all references now
that snap run --gdb is unsupported and replaced by --gdbserver
- Preseed: call systemd-tmpfiles instead handle-writable-paths on
uc26
- Preseed: do not remove the /snap dir but rather all its contents
during reset
- snap-confine: attach name derived from security tag to BPF maps
and programs
- snap-confine: ensure permitted capabilities match expectation
- snap-confine: fix cached snap-confine profile cleanup to report
the correct error instead of masking backend setup failures
- snap-confine: Improve validation of user controlled paths
- snap-confine: tighten snap cgroup checks to ensure a snap cannot
start another snap in the same cgroup, preventing incorrect
device-filter installation
- core-initrd: add 26.04 ubuntu-core-initramfs package
- core-initrd: add missing order dependency for setting default
system files
- core-initrd: avoid scanning loop and mmc boot partitions as the
boot disk won't be any of these
- core-initrd: make cpio a Depends and remove from Build-Depends
- core-initrd: start plymouth sooner and reload when gadget is
available
- Cross-distro: modify syscheck to account for differences in
openSUSE 16.0+
- Validation sets: use in-flight validation sets when calling
'snapctl install' from hook
- Prompting: enable prompting for the camera interface
- Prompting: remove polkit authentication when modifying/deleting
prompting rules
- LP: #2127189 Prompting: do not record notices for unchanged rules
on snapd startup
- AppArmor: add free and pidof to the template
- AppArmor: adjust interfaces/profiles to cope with coreutils paths
- Interfaces: add support for compatibility expressions
- Interfaces: checkbox-support | complete overhaul
- Interfaces: define vulkan-driver-libs, cuda-driver-libs, egl-
driver-libs, gbm-driver-libs, opengl-driver-libs, and opengles-
driver-libs
- Interfaces: allow snaps on classic access to nvidia graphics
libraries exported by *-driver-libs interfaces
- Interfaces: fwupd | broaden access to /boot/efi/EFI
- Interfaces: gsettings | set dconf-service as profile for
ca.desrt.dconf.Writer
- Interfaces: iscsi-initiator, dm-multipath, nvme-control | add new
interfaces
- Interfaces: opengl | grant read/write permission to /run/nvidia-
persistenced/socket
- interfaces: ros-snapd-support | add access to /v2/changes/
- Interfaces: system-observe | read access to btrfs/ext4/zfs
filesystem information
- Interfaces: system-trace | allow /sys/kernel/tracing/** rw
- Interfaces: usb-gadget | add support for ffs mounts in attributes
- Add autocompletion to run command
- Introduce option for disallowing auto-connection of a specific
interface
- Only log errors for user service operations performed as a part of
snap removal
- Patch snap names in service requests for parallel installed snaps
- Simplify traits for eMMC special partitions
- Strip apparmor_parser from debug symbols shrinking snapd size by
~3MB
- Fix InstallPathMany skipping refresh control
- Fix waiting for GDB helper to stop before attaching gdbserver
- Protect the per-snap tmp directory against being reaped by age
- Prevent disabling base snaps to ensure dependent snaps can be
removed
- Modify API endpoint /v2/logs to reject n <= 0 (except for special
case -1 meaning all)
- Avoid potential deadlock when task is injected after the change
was aborted
- Avoid race between store download stream and cache cleanup
executing in parallel when invoked by snap download task
- LP: #1851490 Use "current" instead of revision number for icons
- LP: #2121853 Add snapctl version command
- LP: #2127214 Ensure no more than one partition on disk can match a
gadget partition
- LP: #2127244 snap-confine: update AppArmor profile to allow
read/write to journal as workaround for snap-confine fd
inheritance prevented by newer AppArmor
- LP: #2127766 Add new tracing mechanism with independently running
strace and shim synchronization
Date: Fri, 21 Nov 2025 09:08:02 +0200
Changed-By: Ernest Lotter <ernest.lotter at canonical.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Signed-By: Julian Andres Klode <julian.klode at canonical.com>
https://launchpad.net/ubuntu/+source/snapd/2.73+ubuntu24.04
-------------- next part --------------
Format: 1.8
Date: Fri, 21 Nov 2025 09:08:02 +0200
Source: snapd
Built-For-Profiles: noudeb
Architecture: source
Version: 2.73+ubuntu24.04
Distribution: noble
Urgency: medium
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Ernest Lotter <ernest.lotter at canonical.com>
Launchpad-Bugs-Fixed: 1851490 2121853 2127189 2127214 2127244 2127766 2132084
Changes:
snapd (2.73+ubuntu24.04) noble; urgency=medium
.
* New upstream release, LP: #2132084
- FDE: do not save incomplete FDE state when resealing was skipped
- FDE: warn of inconsistent primary or policy counter
- Confdb: document confdb in snapctl help messages
- Confdb: only confdb hooks wait if snaps are disabled
- Confdb: relax confdb change conflict checks
- Confdb: remove empty parent when removing last leaf
- Confdb: support parsing field filters
- Confdb: wrap confdb write values under "values" key
- dm-verity for essential snaps: add new naming convention for
verity files
- dm-verity for essential snaps: add snap integrity discovery
- dm-verity for essential snaps: fix verity salt calculation
- Assertions: add hardware identity assertion
- Assertions: add integrity stanza in snap resources revisions
- Assertions: add request message assertion required for remote
device management
- Assertions: add response-message assertion for secure remote
device management
- Assertions: expose WithStackedBackstore in RODatabase
- Packaging: cross-distro | install upstream NEWS file into relevant
snapd package doc directory
- Packaging: cross-distro | tweak how the blocks injecting
$SNAP_MOUNT_DIR/bin are generated as required for openSUSE
- Packaging: remove deprecated snap-gdb-shim and all references now
that snap run --gdb is unsupported and replaced by --gdbserver
- Preseed: call systemd-tmpfiles instead handle-writable-paths on
uc26
- Preseed: do not remove the /snap dir but rather all its contents
during reset
- snap-confine: attach name derived from security tag to BPF maps
and programs
- snap-confine: ensure permitted capabilities match expectation
- snap-confine: fix cached snap-confine profile cleanup to report
the correct error instead of masking backend setup failures
- snap-confine: Improve validation of user controlled paths
- snap-confine: tighten snap cgroup checks to ensure a snap cannot
start another snap in the same cgroup, preventing incorrect
device-filter installation
- core-initrd: add 26.04 ubuntu-core-initramfs package
- core-initrd: add missing order dependency for setting default
system files
- core-initrd: avoid scanning loop and mmc boot partitions as the
boot disk won't be any of these
- core-initrd: make cpio a Depends and remove from Build-Depends
- core-initrd: start plymouth sooner and reload when gadget is
available
- Cross-distro: modify syscheck to account for differences in
openSUSE 16.0+
- Validation sets: use in-flight validation sets when calling
'snapctl install' from hook
- Prompting: enable prompting for the camera interface
- Prompting: remove polkit authentication when modifying/deleting
prompting rules
- LP: #2127189 Prompting: do not record notices for unchanged rules
on snapd startup
- AppArmor: add free and pidof to the template
- AppArmor: adjust interfaces/profiles to cope with coreutils paths
- Interfaces: add support for compatibility expressions
- Interfaces: checkbox-support | complete overhaul
- Interfaces: define vulkan-driver-libs, cuda-driver-libs, egl-
driver-libs, gbm-driver-libs, opengl-driver-libs, and opengles-
driver-libs
- Interfaces: allow snaps on classic access to nvidia graphics
libraries exported by *-driver-libs interfaces
- Interfaces: fwupd | broaden access to /boot/efi/EFI
- Interfaces: gsettings | set dconf-service as profile for
ca.desrt.dconf.Writer
- Interfaces: iscsi-initiator, dm-multipath, nvme-control | add new
interfaces
- Interfaces: opengl | grant read/write permission to /run/nvidia-
persistenced/socket
- interfaces: ros-snapd-support | add access to /v2/changes/
- Interfaces: system-observe | read access to btrfs/ext4/zfs
filesystem information
- Interfaces: system-trace | allow /sys/kernel/tracing/** rw
- Interfaces: usb-gadget | add support for ffs mounts in attributes
- Add autocompletion to run command
- Introduce option for disallowing auto-connection of a specific
interface
- Only log errors for user service operations performed as a part of
snap removal
- Patch snap names in service requests for parallel installed snaps
- Simplify traits for eMMC special partitions
- Strip apparmor_parser from debug symbols shrinking snapd size by
~3MB
- Fix InstallPathMany skipping refresh control
- Fix waiting for GDB helper to stop before attaching gdbserver
- Protect the per-snap tmp directory against being reaped by age
- Prevent disabling base snaps to ensure dependent snaps can be
removed
- Modify API endpoint /v2/logs to reject n <= 0 (except for special
case -1 meaning all)
- Avoid potential deadlock when task is injected after the change
was aborted
- Avoid race between store download stream and cache cleanup
executing in parallel when invoked by snap download task
- LP: #1851490 Use "current" instead of revision number for icons
- LP: #2121853 Add snapctl version command
- LP: #2127214 Ensure no more than one partition on disk can match a
gadget partition
- LP: #2127244 snap-confine: update AppArmor profile to allow
read/write to journal as workaround for snap-confine fd
inheritance prevented by newer AppArmor
- LP: #2127766 Add new tracing mechanism with independently running
strace and shim synchronization
Checksums-Sha1:
e4018215ce3edf435be7780376aa7b85001e1bbb 3064 snapd_2.73+ubuntu24.04.dsc
8d61255c5a49e952b02fffc45bc09b442cec4d92 11040444 snapd_2.73+ubuntu24.04.tar.xz
ea5c7d265a23da6dce9f25ae56919bc2f9738717 16105 snapd_2.73+ubuntu24.04_source.buildinfo
Checksums-Sha256:
384a9722daa6b96ec01ef5b4b453f5c9fa90211d5f82a15bb1afc227d750cce6 3064 snapd_2.73+ubuntu24.04.dsc
d4cba46bb432c5f9bc10a610ce8c7fde9ed311f025ca3799ee5c5be03a298723 11040444 snapd_2.73+ubuntu24.04.tar.xz
9cca69a26a708d6fe907f0d0e9cc54e831dd1288fdc30db7a3c38d1eb59efb80 16105 snapd_2.73+ubuntu24.04_source.buildinfo
Files:
7a93276f905bc570b51eba62e4eb8b36 3064 devel optional snapd_2.73+ubuntu24.04.dsc
94657056765757b8a3ffbda30ada91f1 11040444 devel optional snapd_2.73+ubuntu24.04.tar.xz
8aa08f28ba38cbe41d11bb2ab0bf0fb0 16105 devel optional snapd_2.73+ubuntu24.04_source.buildinfo
More information about the noble-changes
mailing list