[ubuntu/plucky-proposed] snapd 2.73+ubuntu25.04 (Accepted)
Ernest Lotter
ernest.lotter at canonical.com
Fri Dec 5 14:40:48 UTC 2025
snapd (2.73+ubuntu25.04) plucky; urgency=medium
* New upstream release, LP: #2132084
- FDE: do not save incomplete FDE state when resealing was skipped
- FDE: warn of inconsistent primary or policy counter
- Confdb: document confdb in snapctl help messages
- Confdb: only confdb hooks wait if snaps are disabled
- Confdb: relax confdb change conflict checks
- Confdb: remove empty parent when removing last leaf
- Confdb: support parsing field filters
- Confdb: wrap confdb write values under "values" key
- dm-verity for essential snaps: add new naming convention for
verity files
- dm-verity for essential snaps: add snap integrity discovery
- dm-verity for essential snaps: fix verity salt calculation
- Assertions: add hardware identity assertion
- Assertions: add integrity stanza in snap resources revisions
- Assertions: add request message assertion required for remote
device management
- Assertions: add response-message assertion for secure remote
device management
- Assertions: expose WithStackedBackstore in RODatabase
- Packaging: cross-distro | install upstream NEWS file into relevant
snapd package doc directory
- Packaging: cross-distro | tweak how the blocks injecting
$SNAP_MOUNT_DIR/bin are generated as required for openSUSE
- Packaging: remove deprecated snap-gdb-shim and all references now
that snap run --gdb is unsupported and replaced by --gdbserver
- Preseed: call systemd-tmpfiles instead handle-writable-paths on
uc26
- Preseed: do not remove the /snap dir but rather all its contents
during reset
- snap-confine: attach name derived from security tag to BPF maps
and programs
- snap-confine: ensure permitted capabilities match expectation
- snap-confine: fix cached snap-confine profile cleanup to report
the correct error instead of masking backend setup failures
- snap-confine: Improve validation of user controlled paths
- snap-confine: tighten snap cgroup checks to ensure a snap cannot
start another snap in the same cgroup, preventing incorrect
device-filter installation
- core-initrd: add 26.04 ubuntu-core-initramfs package
- core-initrd: add missing order dependency for setting default
system files
- core-initrd: avoid scanning loop and mmc boot partitions as the
boot disk won't be any of these
- core-initrd: make cpio a Depends and remove from Build-Depends
- core-initrd: start plymouth sooner and reload when gadget is
available
- Cross-distro: modify syscheck to account for differences in
openSUSE 16.0+
- Validation sets: use in-flight validation sets when calling
'snapctl install' from hook
- Prompting: enable prompting for the camera interface
- Prompting: remove polkit authentication when modifying/deleting
prompting rules
- LP: #2127189 Prompting: do not record notices for unchanged rules
on snapd startup
- AppArmor: add free and pidof to the template
- AppArmor: adjust interfaces/profiles to cope with coreutils paths
- Interfaces: add support for compatibility expressions
- Interfaces: checkbox-support | complete overhaul
- Interfaces: define vulkan-driver-libs, cuda-driver-libs, egl-
driver-libs, gbm-driver-libs, opengl-driver-libs, and opengles-
driver-libs
- Interfaces: allow snaps on classic access to nvidia graphics
libraries exported by *-driver-libs interfaces
- Interfaces: fwupd | broaden access to /boot/efi/EFI
- Interfaces: gsettings | set dconf-service as profile for
ca.desrt.dconf.Writer
- Interfaces: iscsi-initiator, dm-multipath, nvme-control | add new
interfaces
- Interfaces: opengl | grant read/write permission to /run/nvidia-
persistenced/socket
- interfaces: ros-snapd-support | add access to /v2/changes/
- Interfaces: system-observe | read access to btrfs/ext4/zfs
filesystem information
- Interfaces: system-trace | allow /sys/kernel/tracing/** rw
- Interfaces: usb-gadget | add support for ffs mounts in attributes
- Add autocompletion to run command
- Introduce option for disallowing auto-connection of a specific
interface
- Only log errors for user service operations performed as a part of
snap removal
- Patch snap names in service requests for parallel installed snaps
- Simplify traits for eMMC special partitions
- Strip apparmor_parser from debug symbols shrinking snapd size by
~3MB
- Fix InstallPathMany skipping refresh control
- Fix waiting for GDB helper to stop before attaching gdbserver
- Protect the per-snap tmp directory against being reaped by age
- Prevent disabling base snaps to ensure dependent snaps can be
removed
- Modify API endpoint /v2/logs to reject n <= 0 (except for special
case -1 meaning all)
- Avoid potential deadlock when task is injected after the change
was aborted
- Avoid race between store download stream and cache cleanup
executing in parallel when invoked by snap download task
- LP: #1851490 Use "current" instead of revision number for icons
- LP: #2121853 Add snapctl version command
- LP: #2127214 Ensure no more than one partition on disk can match a
gadget partition
- LP: #2127244 snap-confine: update AppArmor profile to allow
read/write to journal as workaround for snap-confine fd
inheritance prevented by newer AppArmor
- LP: #2127766 Add new tracing mechanism with independently running
strace and shim synchronization
Date: Fri, 21 Nov 2025 09:08:02 +0200
Changed-By: Ernest Lotter <ernest.lotter at canonical.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Signed-By: Julian Andres Klode <julian.klode at canonical.com>
https://launchpad.net/ubuntu/+source/snapd/2.73+ubuntu25.04
-------------- next part --------------
Format: 1.8
Date: Fri, 21 Nov 2025 09:08:02 +0200
Source: snapd
Built-For-Profiles: noudeb
Architecture: source
Version: 2.73+ubuntu25.04
Distribution: plucky
Urgency: medium
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Ernest Lotter <ernest.lotter at canonical.com>
Launchpad-Bugs-Fixed: 1851490 2121853 2127189 2127214 2127244 2127766 2132084
Changes:
snapd (2.73+ubuntu25.04) plucky; urgency=medium
.
* New upstream release, LP: #2132084
- FDE: do not save incomplete FDE state when resealing was skipped
- FDE: warn of inconsistent primary or policy counter
- Confdb: document confdb in snapctl help messages
- Confdb: only confdb hooks wait if snaps are disabled
- Confdb: relax confdb change conflict checks
- Confdb: remove empty parent when removing last leaf
- Confdb: support parsing field filters
- Confdb: wrap confdb write values under "values" key
- dm-verity for essential snaps: add new naming convention for
verity files
- dm-verity for essential snaps: add snap integrity discovery
- dm-verity for essential snaps: fix verity salt calculation
- Assertions: add hardware identity assertion
- Assertions: add integrity stanza in snap resources revisions
- Assertions: add request message assertion required for remote
device management
- Assertions: add response-message assertion for secure remote
device management
- Assertions: expose WithStackedBackstore in RODatabase
- Packaging: cross-distro | install upstream NEWS file into relevant
snapd package doc directory
- Packaging: cross-distro | tweak how the blocks injecting
$SNAP_MOUNT_DIR/bin are generated as required for openSUSE
- Packaging: remove deprecated snap-gdb-shim and all references now
that snap run --gdb is unsupported and replaced by --gdbserver
- Preseed: call systemd-tmpfiles instead handle-writable-paths on
uc26
- Preseed: do not remove the /snap dir but rather all its contents
during reset
- snap-confine: attach name derived from security tag to BPF maps
and programs
- snap-confine: ensure permitted capabilities match expectation
- snap-confine: fix cached snap-confine profile cleanup to report
the correct error instead of masking backend setup failures
- snap-confine: Improve validation of user controlled paths
- snap-confine: tighten snap cgroup checks to ensure a snap cannot
start another snap in the same cgroup, preventing incorrect
device-filter installation
- core-initrd: add 26.04 ubuntu-core-initramfs package
- core-initrd: add missing order dependency for setting default
system files
- core-initrd: avoid scanning loop and mmc boot partitions as the
boot disk won't be any of these
- core-initrd: make cpio a Depends and remove from Build-Depends
- core-initrd: start plymouth sooner and reload when gadget is
available
- Cross-distro: modify syscheck to account for differences in
openSUSE 16.0+
- Validation sets: use in-flight validation sets when calling
'snapctl install' from hook
- Prompting: enable prompting for the camera interface
- Prompting: remove polkit authentication when modifying/deleting
prompting rules
- LP: #2127189 Prompting: do not record notices for unchanged rules
on snapd startup
- AppArmor: add free and pidof to the template
- AppArmor: adjust interfaces/profiles to cope with coreutils paths
- Interfaces: add support for compatibility expressions
- Interfaces: checkbox-support | complete overhaul
- Interfaces: define vulkan-driver-libs, cuda-driver-libs, egl-
driver-libs, gbm-driver-libs, opengl-driver-libs, and opengles-
driver-libs
- Interfaces: allow snaps on classic access to nvidia graphics
libraries exported by *-driver-libs interfaces
- Interfaces: fwupd | broaden access to /boot/efi/EFI
- Interfaces: gsettings | set dconf-service as profile for
ca.desrt.dconf.Writer
- Interfaces: iscsi-initiator, dm-multipath, nvme-control | add new
interfaces
- Interfaces: opengl | grant read/write permission to /run/nvidia-
persistenced/socket
- interfaces: ros-snapd-support | add access to /v2/changes/
- Interfaces: system-observe | read access to btrfs/ext4/zfs
filesystem information
- Interfaces: system-trace | allow /sys/kernel/tracing/** rw
- Interfaces: usb-gadget | add support for ffs mounts in attributes
- Add autocompletion to run command
- Introduce option for disallowing auto-connection of a specific
interface
- Only log errors for user service operations performed as a part of
snap removal
- Patch snap names in service requests for parallel installed snaps
- Simplify traits for eMMC special partitions
- Strip apparmor_parser from debug symbols shrinking snapd size by
~3MB
- Fix InstallPathMany skipping refresh control
- Fix waiting for GDB helper to stop before attaching gdbserver
- Protect the per-snap tmp directory against being reaped by age
- Prevent disabling base snaps to ensure dependent snaps can be
removed
- Modify API endpoint /v2/logs to reject n <= 0 (except for special
case -1 meaning all)
- Avoid potential deadlock when task is injected after the change
was aborted
- Avoid race between store download stream and cache cleanup
executing in parallel when invoked by snap download task
- LP: #1851490 Use "current" instead of revision number for icons
- LP: #2121853 Add snapctl version command
- LP: #2127214 Ensure no more than one partition on disk can match a
gadget partition
- LP: #2127244 snap-confine: update AppArmor profile to allow
read/write to journal as workaround for snap-confine fd
inheritance prevented by newer AppArmor
- LP: #2127766 Add new tracing mechanism with independently running
strace and shim synchronization
Checksums-Sha1:
8b031e5371e26e2b750c1f3e6410633731052d48 3064 snapd_2.73+ubuntu25.04.dsc
9d6f49aba3de7fde911aef360be092f889ed40da 11039708 snapd_2.73+ubuntu25.04.tar.xz
a5eec31eb8aaf7331c10277ff94407ee8fbe69d5 16105 snapd_2.73+ubuntu25.04_source.buildinfo
Checksums-Sha256:
0f424c1acb62b7e34a9fdbaa0d302827bc61dec7cf92f9d7918714bbd75e66e5 3064 snapd_2.73+ubuntu25.04.dsc
3876e22c49b10768f1bcad5071db6a8bc9770739a904d27303925f3218b27411 11039708 snapd_2.73+ubuntu25.04.tar.xz
62e2f138ab0e8791c3580e9261039719793788a844c905b73240c5dcfc0e6d69 16105 snapd_2.73+ubuntu25.04_source.buildinfo
Files:
a4e26812222c4f5db0030e8238c2ead6 3064 devel optional snapd_2.73+ubuntu25.04.dsc
72d9bc5062b2814cfa5871cf39868516 11039708 devel optional snapd_2.73+ubuntu25.04.tar.xz
2fa4b05a692350398f5d4cae9fb1f30a 16105 devel optional snapd_2.73+ubuntu25.04_source.buildinfo
More information about the plucky-changes
mailing list