[ubuntu/resolute-proposed] snapd 2.73+ubuntu26.04 (Accepted)
Ernest Lotter
ernest.lotter at canonical.com
Mon Dec 1 07:51:39 UTC 2025
snapd (2.73+ubuntu26.04) resolute; urgency=medium
* New upstream release, LP: #2132084
- FDE: do not save incomplete FDE state when resealing was skipped
- FDE: warn of inconsistent primary or policy counter
- Confdb: document confdb in snapctl help messages
- Confdb: only confdb hooks wait if snaps are disabled
- Confdb: relax confdb change conflict checks
- Confdb: remove empty parent when removing last leaf
- Confdb: support parsing field filters
- Confdb: wrap confdb write values under "values" key
- dm-verity for essential snaps: add new naming convention for
verity files
- dm-verity for essential snaps: add snap integrity discovery
- dm-verity for essential snaps: fix verity salt calculation
- Assertions: add hardware identity assertion
- Assertions: add integrity stanza in snap resources revisions
- Assertions: add request message assertion required for remote
device management
- Assertions: add response-message assertion for secure remote
device management
- Assertions: expose WithStackedBackstore in RODatabase
- Packaging: cross-distro | install upstream NEWS file into relevant
snapd package doc directory
- Packaging: cross-distro | tweak how the blocks injecting
$SNAP_MOUNT_DIR/bin are generated as required for openSUSE
- Packaging: remove deprecated snap-gdb-shim and all references now
that snap run --gdb is unsupported and replaced by --gdbserver
- Preseed: call systemd-tmpfiles instead handle-writable-paths on
uc26
- Preseed: do not remove the /snap dir but rather all its contents
during reset
- snap-confine: attach name derived from security tag to BPF maps
and programs
- snap-confine: ensure permitted capabilities match expectation
- snap-confine: fix cached snap-confine profile cleanup to report
the correct error instead of masking backend setup failures
- snap-confine: Improve validation of user controlled paths
- snap-confine: tighten snap cgroup checks to ensure a snap cannot
start another snap in the same cgroup, preventing incorrect
device-filter installation
- core-initrd: add 26.04 ubuntu-core-initramfs package
- core-initrd: add missing order dependency for setting default
system files
- core-initrd: avoid scanning loop and mmc boot partitions as the
boot disk won't be any of these
- core-initrd: make cpio a Depends and remove from Build-Depends
- core-initrd: start plymouth sooner and reload when gadget is
available
- Cross-distro: modify syscheck to account for differences in
openSUSE 16.0+
- Validation sets: use in-flight validation sets when calling
'snapctl install' from hook
- Prompting: enable prompting for the camera interface
- Prompting: remove polkit authentication when modifying/deleting
prompting rules
- LP: #2127189 Prompting: do not record notices for unchanged rules
on snapd startup
- AppArmor: add free and pidof to the template
- AppArmor: adjust interfaces/profiles to cope with coreutils paths
- Interfaces: add support for compatibility expressions
- Interfaces: checkbox-support | complete overhaul
- Interfaces: define vulkan-driver-libs, cuda-driver-libs, egl-
driver-libs, gbm-driver-libs, opengl-driver-libs, and opengles-
driver-libs
- Interfaces: allow snaps on classic access to nvidia graphics
libraries exported by *-driver-libs interfaces
- Interfaces: fwupd | broaden access to /boot/efi/EFI
- Interfaces: gsettings | set dconf-service as profile for
ca.desrt.dconf.Writer
- Interfaces: iscsi-initiator, dm-multipath, nvme-control | add new
interfaces
- Interfaces: opengl | grant read/write permission to /run/nvidia-
persistenced/socket
- interfaces: ros-snapd-support | add access to /v2/changes/
- Interfaces: system-observe | read access to btrfs/ext4/zfs
filesystem information
- Interfaces: system-trace | allow /sys/kernel/tracing/** rw
- Interfaces: usb-gadget | add support for ffs mounts in attributes
- Add autocompletion to run command
- Introduce option for disallowing auto-connection of a specific
interface
- Only log errors for user service operations performed as a part of
snap removal
- Patch snap names in service requests for parallel installed snaps
- Simplify traits for eMMC special partitions
- Strip apparmor_parser from debug symbols shrinking snapd size by
~3MB
- Fix InstallPathMany skipping refresh control
- Fix waiting for GDB helper to stop before attaching gdbserver
- Protect the per-snap tmp directory against being reaped by age
- Prevent disabling base snaps to ensure dependent snaps can be
removed
- Modify API endpoint /v2/logs to reject n <= 0 (except for special
case -1 meaning all)
- Avoid potential deadlock when task is injected after the change
was aborted
- Avoid race between store download stream and cache cleanup
executing in parallel when invoked by snap download task
- LP: #1851490 Use "current" instead of revision number for icons
- LP: #2121853 Add snapctl version command
- LP: #2127214 Ensure no more than one partition on disk can match a
gadget partition
- LP: #2127244 snap-confine: update AppArmor profile to allow
read/write to journal as workaround for snap-confine fd
inheritance prevented by newer AppArmor
- LP: #2127766 Add new tracing mechanism with independently running
strace and shim synchronization
Date: Fri, 21 Nov 2025 09:08:02 +0200
Changed-By: Ernest Lotter <ernest.lotter at canonical.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Signed-By: Julian Andres Klode <julian.klode at canonical.com>
https://launchpad.net/ubuntu/+source/snapd/2.73+ubuntu26.04
-------------- next part --------------
Format: 1.8
Date: Fri, 21 Nov 2025 09:08:02 +0200
Source: snapd
Built-For-Profiles: noudeb
Architecture: source
Version: 2.73+ubuntu26.04
Distribution: resolute
Urgency: medium
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Ernest Lotter <ernest.lotter at canonical.com>
Launchpad-Bugs-Fixed: 1851490 2121853 2127189 2127214 2127244 2127766 2132084
Changes:
snapd (2.73+ubuntu26.04) resolute; urgency=medium
.
* New upstream release, LP: #2132084
- FDE: do not save incomplete FDE state when resealing was skipped
- FDE: warn of inconsistent primary or policy counter
- Confdb: document confdb in snapctl help messages
- Confdb: only confdb hooks wait if snaps are disabled
- Confdb: relax confdb change conflict checks
- Confdb: remove empty parent when removing last leaf
- Confdb: support parsing field filters
- Confdb: wrap confdb write values under "values" key
- dm-verity for essential snaps: add new naming convention for
verity files
- dm-verity for essential snaps: add snap integrity discovery
- dm-verity for essential snaps: fix verity salt calculation
- Assertions: add hardware identity assertion
- Assertions: add integrity stanza in snap resources revisions
- Assertions: add request message assertion required for remote
device management
- Assertions: add response-message assertion for secure remote
device management
- Assertions: expose WithStackedBackstore in RODatabase
- Packaging: cross-distro | install upstream NEWS file into relevant
snapd package doc directory
- Packaging: cross-distro | tweak how the blocks injecting
$SNAP_MOUNT_DIR/bin are generated as required for openSUSE
- Packaging: remove deprecated snap-gdb-shim and all references now
that snap run --gdb is unsupported and replaced by --gdbserver
- Preseed: call systemd-tmpfiles instead handle-writable-paths on
uc26
- Preseed: do not remove the /snap dir but rather all its contents
during reset
- snap-confine: attach name derived from security tag to BPF maps
and programs
- snap-confine: ensure permitted capabilities match expectation
- snap-confine: fix cached snap-confine profile cleanup to report
the correct error instead of masking backend setup failures
- snap-confine: Improve validation of user controlled paths
- snap-confine: tighten snap cgroup checks to ensure a snap cannot
start another snap in the same cgroup, preventing incorrect
device-filter installation
- core-initrd: add 26.04 ubuntu-core-initramfs package
- core-initrd: add missing order dependency for setting default
system files
- core-initrd: avoid scanning loop and mmc boot partitions as the
boot disk won't be any of these
- core-initrd: make cpio a Depends and remove from Build-Depends
- core-initrd: start plymouth sooner and reload when gadget is
available
- Cross-distro: modify syscheck to account for differences in
openSUSE 16.0+
- Validation sets: use in-flight validation sets when calling
'snapctl install' from hook
- Prompting: enable prompting for the camera interface
- Prompting: remove polkit authentication when modifying/deleting
prompting rules
- LP: #2127189 Prompting: do not record notices for unchanged rules
on snapd startup
- AppArmor: add free and pidof to the template
- AppArmor: adjust interfaces/profiles to cope with coreutils paths
- Interfaces: add support for compatibility expressions
- Interfaces: checkbox-support | complete overhaul
- Interfaces: define vulkan-driver-libs, cuda-driver-libs, egl-
driver-libs, gbm-driver-libs, opengl-driver-libs, and opengles-
driver-libs
- Interfaces: allow snaps on classic access to nvidia graphics
libraries exported by *-driver-libs interfaces
- Interfaces: fwupd | broaden access to /boot/efi/EFI
- Interfaces: gsettings | set dconf-service as profile for
ca.desrt.dconf.Writer
- Interfaces: iscsi-initiator, dm-multipath, nvme-control | add new
interfaces
- Interfaces: opengl | grant read/write permission to /run/nvidia-
persistenced/socket
- interfaces: ros-snapd-support | add access to /v2/changes/
- Interfaces: system-observe | read access to btrfs/ext4/zfs
filesystem information
- Interfaces: system-trace | allow /sys/kernel/tracing/** rw
- Interfaces: usb-gadget | add support for ffs mounts in attributes
- Add autocompletion to run command
- Introduce option for disallowing auto-connection of a specific
interface
- Only log errors for user service operations performed as a part of
snap removal
- Patch snap names in service requests for parallel installed snaps
- Simplify traits for eMMC special partitions
- Strip apparmor_parser from debug symbols shrinking snapd size by
~3MB
- Fix InstallPathMany skipping refresh control
- Fix waiting for GDB helper to stop before attaching gdbserver
- Protect the per-snap tmp directory against being reaped by age
- Prevent disabling base snaps to ensure dependent snaps can be
removed
- Modify API endpoint /v2/logs to reject n <= 0 (except for special
case -1 meaning all)
- Avoid potential deadlock when task is injected after the change
was aborted
- Avoid race between store download stream and cache cleanup
executing in parallel when invoked by snap download task
- LP: #1851490 Use "current" instead of revision number for icons
- LP: #2121853 Add snapctl version command
- LP: #2127214 Ensure no more than one partition on disk can match a
gadget partition
- LP: #2127244 snap-confine: update AppArmor profile to allow
read/write to journal as workaround for snap-confine fd
inheritance prevented by newer AppArmor
- LP: #2127766 Add new tracing mechanism with independently running
strace and shim synchronization
Checksums-Sha1:
7e3fa01c29521705165ddf2a1c4d97a3aed8dad3 3067 snapd_2.73+ubuntu26.04.dsc
2656548edf24509b3ebf0ef2baba1173b008eba5 193252276 snapd_2.73+ubuntu26.04.tar.xz
c2fe24f7fdfeefe1d7635afb80a92ac35c8f0cc1 16106 snapd_2.73+ubuntu26.04_source.buildinfo
Checksums-Sha256:
307322d0105d85ac6bc86693bc6c5ad21be24fb62db3b92223b82659e0e65177 3067 snapd_2.73+ubuntu26.04.dsc
35a71c617dd8d98a5a78c3a9b75d7bf281f9180f1aa696f4d71fb31fba250dec 193252276 snapd_2.73+ubuntu26.04.tar.xz
44fd26f395a00b6babe4b0ff9cdd962068ae00d57f1f1d721e3eef176e43b928 16106 snapd_2.73+ubuntu26.04_source.buildinfo
Files:
a55098f774b61e53b81ecfc25945c72b 3067 devel optional snapd_2.73+ubuntu26.04.dsc
5229f82f84ccca65b68c1a62af44bbd3 193252276 devel optional snapd_2.73+ubuntu26.04.tar.xz
953d3e441d60852df37396824b79d912 16106 devel optional snapd_2.73+ubuntu26.04_source.buildinfo
More information about the Resolute-changes
mailing list