The following Fedora EPEL 10.0 Security updates need testing:
Age URL
1 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2024-5de3513c56
rust-rustls-0.23.19-1.el10_0
1 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2024-6392f1c6e3
retsnoop-0.10.1-3.el10_0
The following builds have been pushed to Fedora EPEL 10.0 updates-testing
btrfs-progs-6.12-1.el10_0
gnome-common-3.18.0-20.el10_0
khard-0.19.1-4.el10_0
libappindicator-12.10.1-7.el10_0
libidn-1.42-4.el10_0
libindicator-12.10.1-26.el10_0
perl-Convert-PEM-0.13-1.el10_0
python-dill-0.3.9-1.el10_0
python-unidecode-1.3.8-3.el10_0
radare2-5.9.8-4.el10_0
rpmreaper-0.2.0-34.el10_0
snapd-2.66.1-1.el10_0
Details about builds:
================================================================================
btrfs-progs-6.12-1.el10_0 (FEDORA-EPEL-2024-0feceed9bc)
Userspace programs for btrfs
--------------------------------------------------------------------------------
Update Information:
Changelog
subvolume delete: add new option to do recursive subvolume deletion (for
regular user delete only accessible subvolumes)
mkfs:
new option --subvol to create subvolumes in given paths, read-write,
read-only and default
add hard link detection support for --rootdir option
fixes:
receive: message verbosity fixes
check: fix false positive report of missing checksum for extent holes
check: handle compressed extents when checking tree log
when asking Y/N user questions, flush the terminal so the question is
displayed (e.g. btrfstune -S)
other
code refactoring, error handling
python packaging fixes
documentation updates
new tests
--------------------------------------------------------------------------------
ChangeLog:
* Fri Nov 29 2024 Packit <[email protected]> - 6.12-1
- Update to version 6.12
- Resolves: rhbz#2329568
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2329568 - btrfs-progs-6.12 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2329568
--------------------------------------------------------------------------------
================================================================================
gnome-common-3.18.0-20.el10_0 (FEDORA-EPEL-2024-7dd1122a9d)
Useful things common to building GNOME packages from scratch
--------------------------------------------------------------------------------
Update Information:
Initial EPEL 10 release of gnome-shell-extension-appindicator dependencies
--------------------------------------------------------------------------------
ChangeLog:
* Fri Jul 26 2024 Miroslav Suchý <[email protected]> - 3.18.0-20
- convert license to SPDX
* Thu Jul 18 2024 Fedora Release Engineering <[email protected]> -
3.18.0-19
- Rebuilt for https://fedoraproject.org/wiki/Fedora_41_Mass_Rebuild
* Wed Jan 24 2024 Fedora Release Engineering <[email protected]> -
3.18.0-18
- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
* Fri Jan 19 2024 Fedora Release Engineering <[email protected]> -
3.18.0-17
- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
* Wed Jul 19 2023 Fedora Release Engineering <[email protected]> -
3.18.0-16
- Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild
* Thu Jan 19 2023 Fedora Release Engineering <[email protected]> -
3.18.0-15
- Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2324078 - Please branch and build gnome-common in epel10
https://bugzilla.redhat.com/show_bug.cgi?id=2324078
[ 2 ] Bug #2324079 - Please branch and build libindicator in epel10
https://bugzilla.redhat.com/show_bug.cgi?id=2324079
[ 3 ] Bug #2324088 - Please branch and build libappindicator in epel10
https://bugzilla.redhat.com/show_bug.cgi?id=2324088
[ 4 ] Bug #2325270 - gnome-shell-extension-appindicator: fails to install
from epel10
https://bugzilla.redhat.com/show_bug.cgi?id=2325270
--------------------------------------------------------------------------------
================================================================================
khard-0.19.1-4.el10_0 (FEDORA-EPEL-2024-e403db2cf7)
An address book for the Linux console
--------------------------------------------------------------------------------
Update Information:
Initial EPEL 10 release
--------------------------------------------------------------------------------
ChangeLog:
* Mon Jul 29 2024 Miroslav Suchý <[email protected]> - 0.19.1-4
- convert license to SPDX
* Thu Jul 18 2024 Fedora Release Engineering <[email protected]> -
0.19.1-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_41_Mass_Rebuild
* Fri Jun 7 2024 Python Maint <[email protected]> - 0.19.1-2
- Rebuilt for Python 3.13
* Thu May 30 2024 Ben Boeckel <[email protected]> - 0.19.1-1
- Update to 0.19.1
- Resolves #2152527
* Thu Jan 25 2024 Fedora Release Engineering <[email protected]> -
0.17.0-13
- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
* Sun Jan 21 2024 Fedora Release Engineering <[email protected]> -
0.17.0-12
- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
* Thu Jul 20 2023 Fedora Release Engineering <[email protected]> -
0.17.0-11
- Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild
* Tue Jun 13 2023 Python Maint <[email protected]> - 0.17.0-10
- Rebuilt for Python 3.12
* Thu Jan 19 2023 Fedora Release Engineering <[email protected]> -
0.17.0-9
- Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2323757 - Please branch and build khard in epel10
https://bugzilla.redhat.com/show_bug.cgi?id=2323757
[ 2 ] Bug #2323764 - Please branch and build python-unidecode in epel10
https://bugzilla.redhat.com/show_bug.cgi?id=2323764
--------------------------------------------------------------------------------
================================================================================
libappindicator-12.10.1-7.el10_0 (FEDORA-EPEL-2024-7dd1122a9d)
Application indicators library
--------------------------------------------------------------------------------
Update Information:
Initial EPEL 10 release of gnome-shell-extension-appindicator dependencies
--------------------------------------------------------------------------------
ChangeLog:
* Tue Nov 5 2024 Michel Lind <[email protected]> - 12.10.1-7
- Drop gtk2 support on EL >= 10
* Mon Sep 2 2024 Miroslav Suchý <[email protected]> - 12.10.1-6
- convert license to SPDX
* Thu Jul 18 2024 Fedora Release Engineering <[email protected]> -
12.10.1-5
- Rebuilt for https://fedoraproject.org/wiki/Fedora_41_Mass_Rebuild
* Thu Jan 25 2024 Fedora Release Engineering <[email protected]> -
12.10.1-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
* Sun Jan 21 2024 Fedora Release Engineering <[email protected]> -
12.10.1-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
* Thu Jul 20 2023 Fedora Release Engineering <[email protected]> -
12.10.1-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild
* Thu Jan 19 2023 Fedora Release Engineering <[email protected]> -
12.10.1-1
- Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild
* Mon Nov 7 2022 Timotheus Pokorra <[email protected]> -
12.10.1-0
- Upgrade to 12.10.1 to fix bug 2135815
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2324078 - Please branch and build gnome-common in epel10
https://bugzilla.redhat.com/show_bug.cgi?id=2324078
[ 2 ] Bug #2324079 - Please branch and build libindicator in epel10
https://bugzilla.redhat.com/show_bug.cgi?id=2324079
[ 3 ] Bug #2324088 - Please branch and build libappindicator in epel10
https://bugzilla.redhat.com/show_bug.cgi?id=2324088
[ 4 ] Bug #2325270 - gnome-shell-extension-appindicator: fails to install
from epel10
https://bugzilla.redhat.com/show_bug.cgi?id=2325270
--------------------------------------------------------------------------------
================================================================================
libidn-1.42-4.el10_0 (FEDORA-EPEL-2024-0ef71831a6)
Internationalized Domain Name support library
--------------------------------------------------------------------------------
Update Information:
EPEL10 build
--------------------------------------------------------------------------------
ChangeLog:
* Thu Jul 18 2024 Fedora Release Engineering <[email protected]> - 1.42-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_41_Mass_Rebuild
* Thu Jan 25 2024 Fedora Release Engineering <[email protected]> - 1.42-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
* Sun Jan 21 2024 Fedora Release Engineering <[email protected]> - 1.42-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
* Mon Jan 15 2024 Miroslav Lichvar <[email protected]> - 1.42-1
- update to 1.42
- convert license tag to SPDX
* Thu Jul 20 2023 Fedora Release Engineering <[email protected]> - 1.41-5
- Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild
* Thu Jan 19 2023 Fedora Release Engineering <[email protected]> - 1.41-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild
* Thu Jul 21 2022 Fedora Release Engineering <[email protected]> - 1.41-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild
--------------------------------------------------------------------------------
================================================================================
libindicator-12.10.1-26.el10_0 (FEDORA-EPEL-2024-7dd1122a9d)
Shared functions for Ayatana indicators
--------------------------------------------------------------------------------
Update Information:
Initial EPEL 10 release of gnome-shell-extension-appindicator dependencies
--------------------------------------------------------------------------------
ChangeLog:
* Mon Jan 1 2024 Mamoru TASAKA <[email protected]> - 12.10.1-26
- SPDX migration
* Thu Jul 20 2023 Fedora Release Engineering <[email protected]> -
12.10.1-25
- Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild
* Thu Jan 19 2023 Fedora Release Engineering <[email protected]> -
12.10.1-24
- Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild
* Thu Jul 21 2022 Fedora Release Engineering <[email protected]> -
12.10.1-23
- Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild
* Thu Jan 20 2022 Fedora Release Engineering <[email protected]> -
12.10.1-22
- Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2324078 - Please branch and build gnome-common in epel10
https://bugzilla.redhat.com/show_bug.cgi?id=2324078
[ 2 ] Bug #2324079 - Please branch and build libindicator in epel10
https://bugzilla.redhat.com/show_bug.cgi?id=2324079
[ 3 ] Bug #2324088 - Please branch and build libappindicator in epel10
https://bugzilla.redhat.com/show_bug.cgi?id=2324088
[ 4 ] Bug #2325270 - gnome-shell-extension-appindicator: fails to install
from epel10
https://bugzilla.redhat.com/show_bug.cgi?id=2325270
--------------------------------------------------------------------------------
================================================================================
perl-Convert-PEM-0.13-1.el10_0 (FEDORA-EPEL-2024-da19b52572)
Read/write encrypted ASN.1 PEM files
--------------------------------------------------------------------------------
Update Information:
This update fixes an issue that caused the Crypt::DSA test suite to fail, and
also gets rid of some warnings.
--------------------------------------------------------------------------------
ChangeLog:
* Tue Dec 3 2024 Paul Howarth <[email protected]> - 0.13-1
- Update to 0.13 (rhbz#2330122)
- Fix recent issues in Crypt::DSA (CPAN RT#156495)
- Handle undefined values and redefined iv (GH#2)
- Switch source URL from cpan.metacpan.org to www.cpan.org
--------------------------------------------------------------------------------
================================================================================
python-dill-0.3.9-1.el10_0 (FEDORA-EPEL-2024-f5b7d4acfa)
Serialize all of Python
--------------------------------------------------------------------------------
Update Information:
New python package dill, that extends pickle module
--------------------------------------------------------------------------------
ChangeLog:
* Tue Dec 3 2024 Sergio Pascual <[email protected]> - 0.3.9-1
- Initial specfile
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2320989 - Please branch and build python-dill in epel10
https://bugzilla.redhat.com/show_bug.cgi?id=2320989
--------------------------------------------------------------------------------
================================================================================
python-unidecode-1.3.8-3.el10_0 (FEDORA-EPEL-2024-e403db2cf7)
US-ASCII transliterations of Unicode text
--------------------------------------------------------------------------------
Update Information:
Initial EPEL 10 release
--------------------------------------------------------------------------------
ChangeLog:
* Fri Jul 26 2024 Miroslav Suchý <[email protected]> - 1.3.8-3
- convert license to SPDX
* Fri Jul 19 2024 Fedora Release Engineering <[email protected]> -
1.3.8-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_41_Mass_Rebuild
* Thu Jun 13 2024 pjp <[email protected]> - 1.3.8-1
- Update to release 1.3.8
* Fri Jun 7 2024 Python Maint <[email protected]> - 1.3.4-8
- Rebuilt for Python 3.13
* Fri Jan 26 2024 Fedora Release Engineering <[email protected]> -
1.3.4-7
- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
* Mon Jan 22 2024 Fedora Release Engineering <[email protected]> -
1.3.4-6
- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
* Fri Jul 21 2023 Fedora Release Engineering <[email protected]> -
1.3.4-5
- Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild
* Tue Jun 13 2023 Python Maint <[email protected]> - 1.3.4-4
- Rebuilt for Python 3.12
* Fri Jan 20 2023 Fedora Release Engineering <[email protected]> -
1.3.4-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2323757 - Please branch and build khard in epel10
https://bugzilla.redhat.com/show_bug.cgi?id=2323757
[ 2 ] Bug #2323764 - Please branch and build python-unidecode in epel10
https://bugzilla.redhat.com/show_bug.cgi?id=2323764
--------------------------------------------------------------------------------
================================================================================
radare2-5.9.8-4.el10_0 (FEDORA-EPEL-2024-acbed9a263)
The reverse engineering framework
--------------------------------------------------------------------------------
Update Information:
Bump radare2 to 5.9.8, iaito to 5.9.9, fixes CVE-2024-11858
--------------------------------------------------------------------------------
ChangeLog:
* Sat Nov 30 2024 Michal Ambroz <[email protected]> - 5.9.8-4
- fix epel build
* Mon Nov 25 2024 Michal Ambroz <[email protected]> - 5.9.8-2
- documentation of embedded quickjs-ng library
* Fri Nov 22 2024 Michal Ambroz <[email protected]> - 5.9.8-1
- bump to 5.9.8
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2313891 - iaito: fails to install from epel9
https://bugzilla.redhat.com/show_bug.cgi?id=2313891
[ 2 ] Bug #2327286 - iaito-5.9.9 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2327286
[ 3 ] Bug #2327308 - radare2-5.9.8 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2327308
[ 4 ] Bug #2329104 - CVE-2024-11858 radare2: Command Injection via Pebble
Application Files in Radare2 [epel-8]
https://bugzilla.redhat.com/show_bug.cgi?id=2329104
[ 5 ] Bug #2329105 - CVE-2024-11858 radare2: Command Injection via Pebble
Application Files in Radare2 [epel-9]
https://bugzilla.redhat.com/show_bug.cgi?id=2329105
[ 6 ] Bug #2329107 - CVE-2024-11858 radare2: Command Injection via Pebble
Application Files in Radare2 [fedora-40]
https://bugzilla.redhat.com/show_bug.cgi?id=2329107
[ 7 ] Bug #2329108 - CVE-2024-11858 radare2: Command Injection via Pebble
Application Files in Radare2 [fedora-41]
https://bugzilla.redhat.com/show_bug.cgi?id=2329108
[ 8 ] Bug #2329622 - F41FailsToInstall: iaito
https://bugzilla.redhat.com/show_bug.cgi?id=2329622
[ 9 ] Bug #2329623 - F40FailsToInstall: iaito
https://bugzilla.redhat.com/show_bug.cgi?id=2329623
--------------------------------------------------------------------------------
================================================================================
rpmreaper-0.2.0-34.el10_0 (FEDORA-EPEL-2024-c4048e3441)
A tool for removing packages from system
--------------------------------------------------------------------------------
Update Information:
EPEL10 build
--------------------------------------------------------------------------------
ChangeLog:
* Fri Jul 19 2024 Fedora Release Engineering <[email protected]> -
0.2.0-34
- Rebuilt for https://fedoraproject.org/wiki/Fedora_41_Mass_Rebuild
* Fri Jan 26 2024 Fedora Release Engineering <[email protected]> -
0.2.0-33
- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
* Mon Jan 22 2024 Fedora Release Engineering <[email protected]> -
0.2.0-32
- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
* Fri Jul 21 2023 Fedora Release Engineering <[email protected]> -
0.2.0-31
- Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild
* Fri May 19 2023 Petr Pisar <[email protected]> - 0.2.0-30
- Rebuild against rpm-4.19 (https://fedoraproject.org/wiki/Changes/RPM-4.19)
* Fri Jan 20 2023 Fedora Release Engineering <[email protected]> -
0.2.0-29
- Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild
* Tue Jul 26 2022 Miroslav Lichvar <[email protected]> 0.2.0-28
- fix compiler warnings
* Sat Jul 23 2022 Fedora Release Engineering <[email protected]> -
0.2.0-27
- Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild
--------------------------------------------------------------------------------
================================================================================
snapd-2.66.1-1.el10_0 (FEDORA-EPEL-2024-e486e036fe)
A transactional software package manager
--------------------------------------------------------------------------------
Update Information:
Constrain dependency on xdelta to EPEL-9
AppArmor prompting (experimental): Fix kernel prompting support
check
Allow kernel snaps to have content slots
Fix ignoring snaps in try mode when amending
New upstream release 2.66
AppArmor prompting (experimental): expand kernel support checks
AppArmor prompting (experimental): consolidate error messages and
add error kinds
AppArmor prompting (experimental): grant /v2/snaps/{name} via
snap-interfaces-requests-control
AppArmor prompting (experimental): add checks for duplicate
pattern variants
Registry views (experimental): add handlers that commit (and
cleanup) registry transactions
Registry views (experimental): add a snapctl fail command for
rejecting registry transactions
Registry views (experimental): allow custodian snaps to implement
registry hooks that modify and save registry data
Registry views (experimental): run view-changed hooks only for
snaps plugging views affected by modified paths
Registry views (experimental): make registry transactions
serialisable
Snap components: handle refreshing components to revisions that
have been on the system before
Snap components: enable creating Ubuntu Core images that contain
components
Snap components: handle refreshing components independently of
snaps
Snap components: handle removing components when refreshing a snap
that no longer defines them
Snap components: extend snapd Ubuntu Core installation API to
allow for picking optional snaps and components to install
Snap components: extend kernel.yaml with "dynamic-modules",
allowing kernel to define a location for kmods from component
hooks
Snap components: renamed component type "test" to "standard"
Desktop IDs: support installing desktop files with custom names
based on desktop-file-ids desktop interface plug attr
Auto-install snapd on classic systems as prerequisite for any non-
essential snap install
Support loading AppArmor profiles on WSL2 with non-default kernel
and securityfs mounted
Debian/Fedora packaging updates
Add snap debug command for investigating execution aspects of the
snap toolchain
Improve snap pack error for easier parsing
Add support for user services when refreshing snaps
Add snap remove --terminate flag for terminating running snap
processes
Support building FIPS complaint snapd deb and snap
Fix to not use nss when looking up for users/groups from snapd
snap
Fix ordering in which layout changes are saved
Patch snapd snap dynamic linker to ignore LD_LIBRARY_PATH and
related variables
Fix libexec dir for openSUSE Slowroll
Fix handling of the shared snap directory for parallel installs
Allow writing to /run/systemd/journal/dev-log by default
Avoid state lock during snap removal to avoid delaying other snapd
operations
Add nomad-support interface to enable running Hashicorp Nomad
Add intel-qat interface
u2f-devices interface: add u2f trustkey t120 product id and fx
series fido u2f devices
desktop interface: improve integration with xdg-desktop-portal
desktop interface: add desktop-file-ids plug attr to desktop
interface
unity7 interface: support desktop-file-ids in desktop files rule
generation
desktop-legacy interface: support desktop-file-ids in desktop
files rule generation
desktop-legacy interface: grant access to gcin socket location
login-session-observe interface: allow introspection
custom-device interface: allow to explicitly identify matching
device in udev tagging block
system-packages-doc interface: allow reading /usr/share/javascript
modem-manager interface: add new format of WWAN ports
pcscd interface: allow pcscd to read opensc.conf
cpu-control interface: add IRQ affinity control to cpu_control
opengl interface: add support for cuda workloads on Tegra iGPU in
opengl interface
--------------------------------------------------------------------------------
ChangeLog:
* Tue Dec 3 2024 Zygmunt Krynicki <[email protected]>
- Constrain dependency on xdelta to EPEL-9
* Fri Nov 29 2024 Zygmunt Krynicki <[email protected]>
- Re-cherry pick fix for SELinux timedatex problem from upstream
as it was not released in 2.66.1, sorry.
* Wed Nov 20 2024 Zygmunt Krynicki <[email protected]>
- Drop only patch, applied upstream.
* Fri Oct 25 2024 Zygmunt Krynicki <[email protected]>
- Cherry pick fix for SELinux timedatex problem from upstream
* Fri Oct 11 2024 Ernest Lotter <[email protected]>
- New upstream release 2.66.1
- AppArmor prompting (experimental): Fix kernel prompting support
check
- Allow kernel snaps to have content slots
- Fix ignoring snaps in try mode when amending
* Fri Oct 4 2024 Ernest Lotter <[email protected]>
- New upstream release 2.66
- AppArmor prompting (experimental): expand kernel support checks
- AppArmor prompting (experimental): consolidate error messages and
add error kinds
- AppArmor prompting (experimental): grant /v2/snaps/{name} via
snap-interfaces-requests-control
- AppArmor prompting (experimental): add checks for duplicate
pattern variants
- Registry views (experimental): add handlers that commit (and
cleanup) registry transactions
- Registry views (experimental): add a snapctl fail command for
rejecting registry transactions
- Registry views (experimental): allow custodian snaps to implement
registry hooks that modify and save registry data
- Registry views (experimental): run view-changed hooks only for
snaps plugging views affected by modified paths
- Registry views (experimental): make registry transactions
serialisable
- Snap components: handle refreshing components to revisions that
have been on the system before
- Snap components: enable creating Ubuntu Core images that contain
components
- Snap components: handle refreshing components independently of
snaps
- Snap components: handle removing components when refreshing a snap
that no longer defines them
- Snap components: extend snapd Ubuntu Core installation API to
allow for picking optional snaps and components to install
- Snap components: extend kernel.yaml with "dynamic-modules",
allowing kernel to define a location for kmods from component
hooks
- Snap components: renamed component type "test" to "standard"
- Desktop IDs: support installing desktop files with custom names
based on desktop-file-ids desktop interface plug attr
- Auto-install snapd on classic systems as prerequisite for any non-
essential snap install
- Support loading AppArmor profiles on WSL2 with non-default kernel
and securityfs mounted
- Debian/Fedora packaging updates
- Add snap debug command for investigating execution aspects of the
snap toolchain
- Improve snap pack error for easier parsing
- Add support for user services when refreshing snaps
- Add snap remove --terminate flag for terminating running snap
processes
- Support building FIPS complaint snapd deb and snap
- Fix to not use nss when looking up for users/groups from snapd
snap
- Fix ordering in which layout changes are saved
- Patch snapd snap dynamic linker to ignore LD_LIBRARY_PATH and
related variables
- Fix libexec dir for openSUSE Slowroll
- Fix handling of the shared snap directory for parallel installs
- Allow writing to /run/systemd/journal/dev-log by default
- Avoid state lock during snap removal to avoid delaying other snapd
operations
- Add nomad-support interface to enable running Hashicorp Nomad
- Add intel-qat interface
- u2f-devices interface: add u2f trustkey t120 product id and fx
series fido u2f devices
- desktop interface: improve integration with xdg-desktop-portal
- desktop interface: add desktop-file-ids plug attr to desktop
interface
- unity7 interface: support desktop-file-ids in desktop files rule
generation
- desktop-legacy interface: support desktop-file-ids in desktop
files rule generation
- desktop-legacy interface: grant access to gcin socket location
- login-session-observe interface: allow introspection
- custom-device interface: allow to explicitly identify matching
device in udev tagging block
- system-packages-doc interface: allow reading /usr/share/javascript
- modem-manager interface: add new format of WWAN ports
- pcscd interface: allow pcscd to read opensc.conf
- cpu-control interface: add IRQ affinity control to cpu_control
- opengl interface: add support for cuda workloads on Tegra iGPU in
opengl interface
* Thu Sep 12 2024 Ernest Lotter <[email protected]>
- New upstream release 2.65.3
- Fix missing aux info from store on snap setup
* Fri Sep 6 2024 Ernest Lotter <[email protected]>
- New upstream release 2.65.2
- Bump squashfuse from version 0.5.0 to 0.5.2 (used in snapd deb
only)
* Sat Aug 24 2024 Ernest Lotter <[email protected]>
- New upstream release 2.65.1
- Support building snapd using base Core22 (Snapcraft 8.x)
- FIPS: support building FIPS complaint snapd variant that switches
to FIPS mode when the system boots with FIPS enabled
- AppArmor: update to latest 4.0.2 release
- AppArmor: enable using ABI 4.0 from host parser
- AppArmor: fix parser lookup
- AppArmor: support AppArmor snippet priorities
- AppArmor: allow reading cgroup memory.max file
- AppArmor: allow using snap-exec coming from the snapd snap when
starting a confined process with jailmode
- AppArmor prompting (experimental): add checks for prompting
support, include prompting status in system key, and restart snapd
if prompting flag changes
- AppArmor prompting (experimental): include prompt prefix in
AppArmor rules if prompting is supported and enabled
- AppArmor prompting (experimental): add common types, constraints,
and mappings from AppArmor permissions to abstract permissions
- AppArmor prompting (experimental): add path pattern parsing and
matching
- AppArmor prompting (experimental): add path pattern precedence
based on specificity
- AppArmor prompting (experimental): add packages to manage
outstanding request prompts and rules
- AppArmor prompting (experimental): add prompting API and notice
types, which require snap-interfaces-requests-control interface
- AppArmor prompting (experimental): feature flag can only be
enabled if prompting is supported, handler service connected, and
the service can be started
- Registry views (experimental): rename from aspects to registries
- Registry views (experimental): support reading registry views and
setting/unsetting registry data using snapctl
- Registry views (experimental): fetch and refresh registry
assertions as needed
- Registry views (experimental): restrict view paths from using a
number as first character and view names to storage path style
patterns
- Snap components: support installing snaps and components from
files at the same time (no REST API/CLI)
- Snap components: support downloading components related assertions
from the store
- Snap components: support installing components from the store
- Snap components: support removing components individually and
during snap removal
- Snap components: support kernel modules as components
- Snap components: support for component install, pre-refresh and
post-refresh hooks
- Snap components: initial support for building systems that contain
components
- Refresh app awareness (experimental): add data field for
/v2/changes REST API to allow associating each task with affected
snaps
- Refresh app awareness (experimental): use the app name from
.desktop file in notifications
- Refresh app awareness (experimental): give snap-refresh-observe
interface access to /v2/snaps/{name} endpoint
- Improve snap-confine compatibility with nvidia drivers
- Allow re-exec when SNAP_REEXEC is set for unlisted distros to
simplify testing
- Allow mixing revision and channel on snap install
- Generate GNU build ID for Go binaries
- Add missing etelpmoc.sh for shell completion
- Do not attempt to run snapd on classic when re-exec is disabled
- Packaging/build maintenance for Debian sid, Fedora, Arch, openSuse
- Add snap debug API command to enable running raw queries
- Enable snap-confine snap mount directory detection
- Replace global seccomp filter with deny rules in standard seccomp
template
- Remove support for Ubuntu Core Launcher (superseded by snap-
confine)
- Support creating pending serial bound users after serial assertion
becomes available
- Support disabling cloud-init using kernel command-line
- In hybrid systems, apps can refresh without waiting for restarts
required by essential snaps
- Ship snap-debug-info.sh script used for system diagnostics
- Improve error messages when attempting to run non-existent snap
- Switch to -u UID:GID for strace-static
- Support enabling snapd logging with snap set system
debug.snapd.{log,log-level}
- Add options system.coredump.enable and system.coredump.maxuse to
support using systemd-coredump on Ubuntu Core
- Provide documentation URL for 'snap interface '
- Fix snapd riscv64 build
- Fix restarting activated services instead of their activator units
(i.e. sockets, timers)
- Fix potential unexpected auto-refresh of snap on managed schedule
- Fix potential segfault by guarding against kernel command-line
changes on classic system
- Fix proxy entries in /etc/environment with missing newline that
caused later manual entries to not be usable
- Fix offline remodelling by ignoring prerequisites that will
otherwise be downloaded from store
- Fix devmode seccomp deny regression that caused spamming the log
instead of actual denies
- Fix snap lock leak during refresh
- Fix not re-pinning validation sets that were already pinned when
enforcing new validation sets
- Fix handling of unexpected snapd runtime failure
- Fix /v2/notices REST API skipping notices with duplicate
timestamps
- Fix comparing systemd versions that may contain pre-release
suffixes
- Fix udev potentially starting before snap-device-helper is made
available
- Fix race in snap seed metadata loading
- Fix treating cloud-init exit status 2 as error
- Fix to prevent sending refresh complete notification if snap snap-
refresh-observe interface is connected
- Fix to queue snapctl service commands if run from the default-
configure hook to ensure they get up-to-date config values
- Fix stop service failure when the service is not actually running
anymore
- Fix parsing /proc/PID/mounts with spaces
- Add registry interface that provides snaps access to a particular
registry view
- Add snap-interfaces-requests-control interface to enable prompting
client snaps
- steam-support interface: remove all AppArmor and seccomp
restrictions to improve user experience
- opengl interface: improve compatibility with nvidia drivers
- home interface: autoconnect home on Ubuntu Core Desktop
- serial-port interface: support RPMsg tty
- display-control interface: allow changing LVDS backlight power and
brightness
- power-control interface: support for battery charging thesholds,
type/status and AC type/status
- cpu-control interface: allow CPU C-state control
- raw-usb interface: support RPi5 and Thinkpad x13s
- custom-device interface: allow device file locking
- lxd-support interface: allow LXD to self-manage its own cgroup
- network-manager interface: support MPTCP sockets
- network-control interface: allow plug/slot access to gnutls config
and systemd resolved cache flushing via D-Bus
- network-control interface: allow wpa_supplicant dbus api
- gpio-control interface: support gpiochip* devices
- polkit interface: fix "rw" mount option check
- u2f-devices interface: enable additional security keys
- desktop interface: enable kde theming support
* Fri Aug 23 2024 Ernest Lotter <[email protected]>
- New upstream release 2.65
- Support building snapd using base Core22 (Snapcraft 8.x)
- FIPS: support building FIPS complaint snapd variant that switches
to FIPS mode when the system boots with FIPS enabled
- AppArmor: update to latest 4.0.2 release
- AppArmor: enable using ABI 4.0 from host parser
- AppArmor: fix parser lookup
- AppArmor: support AppArmor snippet priorities
- AppArmor: allow reading cgroup memory.max file
- AppArmor: allow using snap-exec coming from the snapd snap when
starting a confined process with jailmode
- AppArmor prompting (experimental): add checks for prompting
support, include prompting status in system key, and restart snapd
if prompting flag changes
- AppArmor prompting (experimental): include prompt prefix in
AppArmor rules if prompting is supported and enabled
- AppArmor prompting (experimental): add common types, constraints,
and mappings from AppArmor permissions to abstract permissions
- AppArmor prompting (experimental): add path pattern parsing and
matching
- AppArmor prompting (experimental): add path pattern precedence
based on specificity
- AppArmor prompting (experimental): add packages to manage
outstanding request prompts and rules
- AppArmor prompting (experimental): add prompting API and notice
types, which require snap-interfaces-requests-control interface
- AppArmor prompting (experimental): feature flag can only be
enabled if prompting is supported, handler service connected, and
the service can be started
- Registry views (experimental): rename from aspects to registries
- Registry views (experimental): support reading registry views and
setting/unsetting registry data using snapctl
- Registry views (experimental): fetch and refresh registry
assertions as needed
- Registry views (experimental): restrict view paths from using a
number as first character and view names to storage path style
patterns
- Snap components: support installing snaps and components from
files at the same time (no REST API/CLI)
- Snap components: support downloading components related assertions
from the store
- Snap components: support installing components from the store
- Snap components: support removing components individually and
during snap removal
- Snap components: support kernel modules as components
- Snap components: support for component install, pre-refresh and
post-refresh hooks
- Snap components: initial support for building systems that contain
components
- Refresh app awareness (experimental): add data field for
/v2/changes REST API to allow associating each task with affected
snaps
- Refresh app awareness (experimental): use the app name from
.desktop file in notifications
- Refresh app awareness (experimental): give snap-refresh-observe
interface access to /v2/snaps/{name} endpoint
- Improve snap-confine compatibility with nvidia drivers
- Allow re-exec when SNAP_REEXEC is set for unlisted distros to
simplify testing
- Allow mixing revision and channel on snap install
- Generate GNU build ID for Go binaries
- Add missing etelpmoc.sh for shell completion
- Do not attempt to run snapd on classic when re-exec is disabled
- Packaging/build maintenance for Debian sid, Fedora, Arch, openSuse
- Add snap debug API command to enable running raw queries
- Enable snap-confine snap mount directory detection
- Replace global seccomp filter with deny rules in standard seccomp
template
- Remove support for Ubuntu Core Launcher (superseded by snap-
confine)
- Support creating pending serial bound users after serial assertion
becomes available
- Support disabling cloud-init using kernel command-line
- In hybrid systems, apps can refresh without waiting for restarts
required by essential snaps
- Ship snap-debug-info.sh script used for system diagnostics
- Improve error messages when attempting to run non-existent snap
- Switch to -u UID:GID for strace-static
- Support enabling snapd logging with snap set system
debug.snapd.{log,log-level}
- Add options system.coredump.enable and system.coredump.maxuse to
support using systemd-coredump on Ubuntu Core
- Provide documentation URL for 'snap interface '
- Fix restarting activated services instead of their activator units
(i.e. sockets, timers)
- Fix potential unexpected auto-refresh of snap on managed schedule
- Fix potential segfault by guarding against kernel command-line
changes on classic system
- Fix proxy entries in /etc/environment with missing newline that
caused later manual entries to not be usable
- Fix offline remodelling by ignoring prerequisites that will
otherwise be downloaded from store
- Fix devmode seccomp deny regression that caused spamming the log
instead of actual denies
- Fix snap lock leak during refresh
- Fix not re-pinning validation sets that were already pinned when
enforcing new validation sets
- Fix handling of unexpected snapd runtime failure
- Fix /v2/notices REST API skipping notices with duplicate
timestamps
- Fix comparing systemd versions that may contain pre-release
suffixes
- Fix udev potentially starting before snap-device-helper is made
available
- Fix race in snap seed metadata loading
- Fix treating cloud-init exit status 2 as error
- Fix to prevent sending refresh complete notification if snap snap-
refresh-observe interface is connected
- Fix to queue snapctl service commands if run from the default-
configure hook to ensure they get up-to-date config values
- Fix stop service failure when the service is not actually running
anymore
- Fix parsing /proc/PID/mounts with spaces
- Add registry interface that provides snaps access to a particular
registry view
- Add snap-interfaces-requests-control interface to enable prompting
client snaps
- steam-support interface: remove all AppArmor and seccomp
restrictions to improve user experience
- opengl interface: improve compatibility with nvidia drivers
- home interface: autoconnect home on Ubuntu Core Desktop
- serial-port interface: support RPMsg tty
- display-control interface: allow changing LVDS backlight power and
brightness
- power-control interface: support for battery charging thesholds,
type/status and AC type/status
- cpu-control interface: allow CPU C-state control
- raw-usb interface: support RPi5 and Thinkpad x13s
- custom-device interface: allow device file locking
- lxd-support interface: allow LXD to self-manage its own cgroup
- network-manager interface: support MPTCP sockets
- network-control interface: allow plug/slot access to gnutls config
and systemd resolved cache flushing via D-Bus
- network-control interface: allow wpa_supplicant dbus api
- gpio-control interface: support gpiochip* devices
- polkit interface: fix "rw" mount option check
- u2f-devices interface: enable additional security keys
- desktop interface: enable kde theming support
* Mon Jul 29 2024 Miroslav Suchý <[email protected]> - 2.63-3
- convert license to SPDX
* Fri Jul 26 2024 Miroslav Suchý <[email protected]> - 2.63-2
- convert license to SPDX
* Wed Jul 24 2024 Ernest Lotter <[email protected]>
- New upstream release 2.64
- Support building snapd using base Core22 (Snapcraft 8.x)
- FIPS: support building FIPS complaint snapd variant that switches
to FIPS mode when the system boots with FIPS enabled
- AppArmor: update to AppArmor 4.0.1
- AppArmor: support AppArmor snippet priorities
- AppArmor prompting: add checks for prompting support, include
prompting status in system key, and restart snapd if prompting
flag changes
- AppArmor prompting: include prompt prefix in AppArmor rules if
prompting is supported and enabled
- AppArmor prompting: add common types, constraints, and mappings
from AppArmor permissions to abstract permissions
- AppArmor prompting: add path pattern parsing and matching
- Registry views (experimental): rename from aspects to registries
- Registry views (experimental): support reading registry views
using snapctl
- Registry views (experimental): restrict view paths from using a
number as first character and view names to storage path style
patterns
- Snap components: support installing snaps and components from
files at the same time (no REST API/CLI)
- Snap components: support downloading components related assertions
from the store
- Snap components: support installing components from the store (no
REST API/CLI)
- Snap components: support removing components (REST API, no CLI)
- Snap components: started support for component hooks
- Snap components: support kernel modules as components
- Refresh app awareness (experimental): add data field for
/v2/changes REST API to allow associating each task with affected
snaps
- Refresh app awareness (experimental): use the app name from
.desktop file in notifications
- Refresh app awareness (experimental): give snap-refresh-observe
interface access to /v2/snaps/{name} endpoint
- Allow re-exec when SNAP_REEXEC is set for unlisted distros to
simplify testing
- Generate GNU build ID for Go binaries
- Add missing etelpmoc.sh for shell completion
- Do not attempt to run snapd on classic when re-exec is disabled
- Packaging/build maintenance for Debian sid, Fedora, Arch, openSuse
- Add snap debug api command to enable running raw queries
- Enable snap-confine snap mount directory detection
- Replace global seccomp filter with deny rules in standard seccomp
template
- Remove support for Ubuntu Core Launcher (superseded by snap-
confine)
- Support creating pending serial bound users after serial assertion
becomes available
- Support disabling cloud-init using kernel command-line
- In hybrid systems, apps can refresh without waiting for restarts
required by essential snaps
- Ship snap-debug-info.sh script used for system diagnostics
- Improve error messages when attempting to run non-existent snap
- Switch to -u UID:GID for strace-static
- Support enabling snapd logging with snap set system
debug.snapd.{log,log-level}
- Fix restarting activated services instead of their activator units
(i.e. sockets, timers)
- Fix potential unexpected auto-refresh of snap on managed schedule
- Fix potential segfault by guarding against kernel command-line
changes on classic system
- Fix proxy entries in /etc/environment with missing newline that
caused later manual entries to not be usable
- Fix offline remodelling by ignoring prerequisites that will
otherwise be downloaded from store
- Fix devmode seccomp deny regression that caused spamming the log
instead of actual denies
- Fix snap lock leak during refresh
- Fix not re-pinning validation sets that were already pinned when
enforcing new validation sets
- Fix handling of unexpected snapd runtime failure
- Fix /v2/notices REST API skipping notices with duplicate
timestamps
- Fix comparing systemd versions that may contain pre-release
suffixes
- Fix udev potentially starting before snap-device-helper is made
available
- Fix race in snap seed metadata loading
- Fix treating cloud-init exit status 2 as error
- Fix to prevent sending refresh complete notification if snap snap-
refresh-observe interface is connected
- Fix to queue snapctl service commands if run from the default-
configure hook to ensure they get up-to-date config values
- Fix stop service failure when the service is not actually running
anymore
- Add registry interface that provides snaps access to a particular
registry view
- steam-support interface: relaxed AppArmor and seccomp restrictions
to improve user experience
- home interface: autoconnect home on Ubuntu Core Desktop
- serial-port interface: support RPMsg tty
- display-control interface: allow changing LVDS backlight power and
brightness
- power-control interface: support for battery charging thesholds,
type/status and AC type/status
- cpu-control interface: allow CPU C-state control
- raw-usb interface: support RPi5 and Thinkpad x13s
- custom-device interface: allow device file locking
- lxd-support interface: allow LXD to self-manage its own cgroup
- network-manager interface: support MPTCP sockets
- network-control interface: allow plug/slot access to gnutls config
and systemd resolved cache flushing via D-Bus
* Sat Jul 20 2024 Fedora Release Engineering <[email protected]> - 2.63-1
- Rebuilt for https://fedoraproject.org/wiki/Fedora_41_Mass_Rebuild
* Wed Apr 24 2024 Ernest Lotter <[email protected]>
- New upstream release 2.63
- Support for snap services to show the current status of user
services (experimental)
- Refresh app awareness: record snap-run-inhibit notice when
starting app from snap that is busy with refresh (experimental)
- Refresh app awareness: use warnings as fallback for desktop
notifications (experimental)
- Aspect based configuration: make request fields in the aspect-
bundle's rules optional (experimental)
- Aspect based configuration: make map keys conform to the same
format as path sub-keys (experimental)
- Aspect based configuration: make unset and set behaviour similar
to configuration options (experimental)
- Aspect based configuration: limit nesting level for setting value
(experimental)
- Components: use symlinks to point active snap component revisions
- Components: add model assertion support for components
- Components: fix to ensure local component installation always gets
a new revision number
- Add basic support for a CIFS remote filesystem-based home
directory
- Add support for AppArmor profile kill mode to avoid snap-confine
error
- Allow more than one interface to grant access to the same API
endpoint or notice type
- Allow all snapd service's control group processes to send systemd
notifications to prevent warnings flooding the log
- Enable not preseeded single boot install
- Update secboot to handle new sbatlevel
- Fix to not use cgroup for non-strict confined snaps (devmode,
classic)
- Fix two race conditions relating to freedesktop notifications
- Fix missing tunables in snap-update-ns AppArmor template
- Fix rejection of snapd snap udev command line by older host snap-
device-helper
- Rework seccomp allow/deny list
- Clean up files removed by gadgets
- Remove non-viable boot chains to avoid secboot failure
- posix_mq interface: add support for missing time64 mqueue syscalls
mq_timedreceive_time64 and mq_timedsend_time64
- password-manager-service interface: allow kwalletd version 6
- kubernetes-support interface: allow SOCK_SEQPACKET sockets
- system-observe interface: allow listing systemd units and their
properties
- opengl interface: enable use of nvidia container toolkit CDI
config generation
* Thu Mar 21 2024 Ernest Lotter <[email protected]>
- New upstream release 2.62
- Aspects based configuration schema support (experimental)
- Refresh app awareness support for UI (experimental)
- Support for user daemons by introducing new control switches
--user/--system/--users for service start/stop/restart
(experimental)
- Add AppArmor prompting experimental flag (feature currently
unsupported)
- Installation of local snap components of type test
- Packaging of components with snap pack
- Expose experimental features supported/enabled in snapd REST API
endpoint /v2/system-info
- Support creating and removing recovery systems for use by factory
reset
- Enable API route for creating and removing recovery systems using
/v2/systems with action create and /v2/systems/{label} with action
remove
- Lift requirements for fde-setup hook for single boot install
- Enable single reboot gadget update for UC20+
- Allow core to be removed on classic systems
- Support for remodeling on hybrid systems
- Install desktop files on Ubuntu Core and update after snapd
upgrade
- Upgrade sandbox features to account for cgroup v2 device filtering
- Support snaps to manage their own cgroups
- Add support for AppArmor 4.0 unconfined profile mode
- Add AppArmor based read access to /etc/default/keyboard
- Upgrade to squashfuse 0.5.0
- Support useradd utility to enable removing Perl dependency for
UC24+
- Support for recovery-chooser to use console-conf snap
- Add support for --uid/--gid using strace-static
- Add support for notices (from pebble) and expose via the snapd
REST API endpoints /v2/notices and /v2/notice
- Add polkit authentication for snapd REST API endpoints
/v2/snaps/{snap}/conf and /v2/apps
- Add refresh-inhibit field to snapd REST API endpoint /v2/snaps
- Add refresh-inhibited select query to REST API endpoint /v2/snaps
- Take into account validation sets during remodeling
- Improve offline remodeling to use installed revisions of snaps to
fulfill the remodel revision requirement
- Add rpi configuration option sdtv_mode
- When snapd snap is not installed, pin policy ABI to 4.0 or 3.0 if
present on host
- Fix gadget zero-sized disk mapping caused by not ignoring zero
sized storage traits
- Fix gadget install case where size of existing partition was not
correctly taken into account
- Fix trying to unmount early kernel mount if it does not exist
- Fix restarting mount units on snapd start
- Fix call to udev in preseed mode
- Fix to ensure always setting up the device cgroup for base bare
and core24+
- Fix not copying data from newly set homedirs on revision change
- Fix leaving behind empty snap home directories after snap is
removed (resulting in broken symlink)
- Fix to avoid using libzstd from host by adding to snapd snap
- Fix autorefresh to correctly handle forever refresh hold
- Fix username regex allowed for system-user assertion to not allow
'+'
- Fix incorrect application icon for notification after autorefresh
completion
- Fix to restart mount units when changed
- Fix to support AppArmor running under incus
- Fix case of snap-update-ns dropping synthetic mounts due to
failure to match desired mount dependencies
- Fix parsing of base snap version to enable pre-seeding of Ubuntu
Core Desktop
- Fix packaging and tests for various distributions
- Add remoteproc interface to allow developers to interact with
Remote Processor Framework which enables snaps to load firmware to
ARM Cortex microcontrollers
- Add kernel-control interface to enable controlling the kernel
firmware search path
- Add nfs-mount interface to allow mounting of NFS shares
- Add ros-opt-data interface to allow snaps to access the host
/opt/ros/ paths
- Add snap-refresh-observe interface that provides refresh-app-
awareness clients access to relevant snapd API endpoints
- steam-support interface: generalize Pressure Vessel root paths and
allow access to driver information, features and container
versions
- steam-support interface: make implicit on Ubuntu Core Desktop
- desktop interface: improved support for Ubuntu Core Desktop and
limit autoconnection to implicit slots
- cups-control interface: make autoconnect depend on presence of
cupsd on host to ensure it works on classic systems
- opengl interface: allow read access to /usr/share/nvidia
- personal-files interface: extend to support automatic creation of
missing parent directories in write paths
- network-control interface: allow creating /run/resolveconf
- network-setup-control and network-setup-observe interfaces: allow
busctl bind as required for systemd 254+
- libvirt interface: allow r/w access to /run/libvirt/libvirt-sock-
ro and read access to /var/lib/libvirt/dnsmasq/**
- fwupd interface: allow access to IMPI devices (including locking
of device nodes), sysfs attributes needed by amdgpu and the COD
capsule update directory
- uio interface: allow configuring UIO drivers from userspace
libraries
- serial-port interface: add support for NXP Layerscape SoC
- lxd-support interface: add attribute enable-unconfined-mode to
require LXD to opt-in to run unconfined
- block-devices interface: add support for ZFS volumes
- system-packages-doc interface: add support for reading jquery and
sphinx documentation
- system-packages-doc interface: workaround to prevent autoconnect
failure for snaps using base bare
- microceph-support interface: allow more types of block devices to
be added as an OSD
- mount-observe interface: allow read access to
/proc/{pid}/task/{tid}/mounts and proc/{pid}/task/{tid}/mountinfo
- polkit interface: changed to not be implicit on core because
installing policy files is not possible
- upower-observe interface: allow stats refresh
- gpg-public-keys interface: allow creating lock file for certain
gpg operations
- shutdown interface: allow access to SetRebootParameter method
- media-control interface: allow device file locking
- u2f-devices interface: support for Trustkey G310H, JaCarta U2F,
Kensington VeriMark Guard, RSA DS100, Google Titan v2
* Wed Mar 6 2024 Ernest Lotter <[email protected]>
- New upstream release 2.61.3
- Install systemd files in correct location for 24.04
* Fri Feb 16 2024 Ernest Lotter <[email protected]>
- New upstream release 2.61.2
- Fix to enable plug/slot sanitization for prepare-image
- Fix panic when device-service.access=offline
- Support offline remodeling
- Allow offline update only remodels without serial
- Fail early when remodeling to old model revision
- Fix to enable plug/slot sanitization for validate-seed
- Allow removal of core snap on classic systems
- Fix network-control interface denial for file lock on /run/netns
- Add well-known core24 snap-id
- Fix remodel snap installation order
- Prevent remodeling from UC18+ to UC16
- Fix cups auto-connect on classic with cups snap installed
- u2f-devices interface support for GoTrust Idem Key with USB-C
- Fix to restore services after unlink failure
- Add libcudnn.so to Nvidia libraries
- Fix skipping base snap download due to false snapd downgrade
conflict
* Sun Feb 11 2024 Maxwell G <[email protected]> - 2.61.1-2
- Rebuild for golang 1.22.0
* Sat Jan 27 2024 Fedora Release Engineering <[email protected]> -
2.61.1-1
- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
* Thu Jan 18 2024 Zygmunt Krynicki <[email protected]> - 2.61.1-1
- Changelog resynchronization
* Wed Jan 17 2024 Zygmunt Krynicki <[email protected]> - 2.58.3-3
- Require xdelta on Fedora or EPEL >= 9 (for delta updates)
* Fri Nov 24 2023 Ernest Lotter <[email protected]>
- New upstream release 2.61.1
- Stop requiring default provider snaps on image building and first
boot if alternative providers are included and available
- Fix auth.json access for login as non-root group ID
- Fix incorrect remodelling conflict when changing track to older
snapd version
- Improved check-rerefresh message
- Fix UC16/18 kernel/gadget update failure due volume mismatch with
installed disk
- Stop auto-import of assertions during install modes
- Desktop interface exposes GetIdletime
- Polkit interface support for new polkit versions
- Fix not applying snapd snap changes in tracked channel when remodelling
* Fri Oct 13 2023 Philip Meulengracht <[email protected]>
- New upstream release 2.61
- Fix control of activated services in 'snap start' and 'snap stop'
- Correctly reflect activated services in 'snap services'
- Disabled services are no longer enabled again when snap is
refreshed
- interfaces/builtin: added support for Token2 U2F keys
- interfaces/u2f-devices: add Swissbit iShield Key
- interfaces/builtin: update gpio apparmor to match pattern that
contains multiple subdirectories under /sys/devices/platform
- interfaces: add a polkit-agent interface
- interfaces: add pcscd interface
- Kernel command-line can now be edited in the gadget.yaml
- Only track validation-sets in run-mode, fixes validation-set
issues on first boot.
- Added support for using store.access to disable access to snap
store
- Support for fat16 partition in gadget
- Pre-seed authority delegation is now possible
- Support new system-user name daemon
- Several bug fixes and improvements around remodelling
- Offline remodelling support
* Fri Sep 15 2023 Michael Vogt <[email protected]>
- New upstream release 2.60.4
- i/b/qualcomm_ipc_router.go: switch to plug/slot and add socket
permission
- interfaces/builtin: fix custom-device udev KERNEL values
- overlord: allow the firmware-updater snap to install user daemons
- interfaces: allow loopback as a block-device
* Fri Aug 25 2023 Michael Vogt <[email protected]>
- New upstream release 2.60.3
- i/b/shared-memory: handle "private" plug attribute in shared-
memory interface correctly
- i/apparmor: support for home.d tunables from /etc/
* Fri Aug 4 2023 Michael Vogt <[email protected]>
- New upstream release 2.60.2
- i/builtin: allow directories in private /dev/shm
- i/builtin: add read access to /proc/task/schedstat in system-
observe
- snap-bootstrap: print version information at startup
- go.mod: update gopkg.in/yaml.v3 to v3.0.1 to fix CVE-2022-28948
- snap, store: filter out invalid snap edited links from store info
and persisted state
- o/configcore: write netplan defaults to 00-snapd-config on seeding
- snapcraft.yaml: pull in apparmor_parser optimization patches from
https://gitlab.com/apparmor/apparmor/-/merge_requests/711
- snap-confine: fix missing \0 after readlink
- cmd/snap: hide append-integrity-data
- interfaces/opengl: add support for ARM Mali
* Sat Jul 22 2023 Fedora Release Engineering <[email protected]> -
2.58.3-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild
* Tue Jul 4 2023 Michael Vogt <[email protected]>
- New upstream release 2.60.1
- install: fallback to lazy unmount() in writeFilesystemContent
- data: include "modprobe.d" and "modules-load.d" in preseeded blob
- gadget: fix install test on armhf
- interfaces: fix typo in network_manager_observe
- sandbox/apparmor: don't let vendored apparmor conflict with system
- gadget/update: set parts in laid out data from the ones matched
- many: move SnapConfineAppArmorDir from dirs to sandbox/apparmor
- many: stop using `-O no-expr-simplify` in apparmor_parser
- go.mod: update secboot to latest uc22 branch
* Thu Jun 15 2023 Michael Vogt <[email protected]>
- New upstream release 2.60
- Support for dynamic snapshot data exclusions
- Apparmor userspace is vendored inside the snapd snap
- Added a default-configure hook that exposes gadget default
configuration options to snaps during first install before
services are started
- Allow install from initrd to speed up the initial installation
for systems that do not have a install-device hook
- New `snap sign --chain` flag that appends the account and
account-key assertions
- Support validation-sets in the model assertion
- Support new "min-size" field in gadget.yaml
- New interface: "userns"
* Sat May 27 2023 Michael Vogt <[email protected]>
- New upstream release 2.59.5
- Explicitly disallow the use of ioctl + TIOCLINUX
This fixes CVE-2023-1523.
* Fri May 12 2023 Michael Vogt <[email protected]>
- New upstream release 2.59.4
- Retry when looking for disk label on non-UEFI systems
(LP: #2018977)
- Fix remodel from UC20 to UC22
* Wed May 3 2023 Michael Vogt <[email protected]>
- New upstream release 2.59.3
- Fix quiet boot
- i/b/physical_memory_observe: allow reading virt-phys page mappings
- gadget: warn instead of returning error if overlapping with GPT
header
- overlord,wrappers: restart always enabled units
- go.mod: update github.com/snapcore/secboot to latest uc22
- boot: make sure we update assets for the system-seed-null role
- many: ignore case for vfat partitions when validating
* Tue Apr 18 2023 Michael Vogt <[email protected]>
- New upstream release 2.59.2
- Notify users when a user triggered auto refresh finished
* Tue Mar 28 2023 Michael Vogt <[email protected]>
- New upstream release 2.59.1
- Add udev rules from steam-devices to steam-support interface
- Bugfixes for layout path checking, dm_crypt permissions,
mount-control interface parameter checking, kernel commandline
parsing, docker-support, refresh-app-awareness
* Fri Mar 10 2023 Michael Vogt <[email protected]>
- New upstream release 2.59
- Support setting extra kernel command line parameters via snap
configuration and under a gadget allow-list
- Support for Full-Disk-Encryption using ICE
- Support for arbitrary home dir locations via snap configuration
- New nvidia-drivers-support interface
- Support for udisks2 snap
- Pre-download of snaps ready for refresh and automatic refresh of
the snap when all apps are closed
- New microovn interface
- Support uboot with `CONFIG_SYS_REDUNDAND_ENV=n`
- Make "snap-preseed --reset" re-exec when needed
- Update the fwupd interface to support fully confined fwupd
- The memory,cpu,thread quota options are no longer experimental
- Support debugging snap client requests via the
`SNAPD_CLIENT_DEBUG_HTTP` environment variable
- Support ssh listen-address via snap configuration
- Support for quotas on single services
- prepare-image now takes into account snapd versions going into
the image, including in the kernel initrd, to fetch supported
assertion formats
* Sat Feb 25 2023 Maciek Borzecki <[email protected]> - 2.58.3-1
- Releate 2.58.3 to Fedora RHBZ#2173056
* Tue Feb 21 2023 Michael Vogt <[email protected]>
- New upstream release 2.58.3
- interfaces/screen-inhibit-control: Add support for xfce-power-
manager
- interfaces/network-manager: do not show ptrace read
denials
- interfaces: relax rules for mount-control `what` for functionfs
- cmd/snap-bootstrap: add support for snapd_system_disk
- interfaces/modem-manager: add net_admin capability
- interfaces/network-manager: add permission for OpenVPN
- httputil: fix checking x509 certification error on go 1.20
- i/b/fwupd: allow reading host os-release
- boot: on classic+modes `MarkBootSuccessfull` does not need a base
- boot: do not include `base=` in modeenv for classic+modes installs
- tests: add spread test that validates revert on boot for core does
not happen on classic+modes
- snapstate: only take boot participants into account in
UpdateBootRevisions
- snapstate: refactor UpdateBootRevisions() to make it easier to
check for boot.SnapTypeParticipatesInBoot()
* Wed Jan 25 2023 Michael Vogt <[email protected]>
- New upstream release 2.58.2
- bootloader: fix dirty build by hardcoding copyright year
* Mon Jan 23 2023 Michael Vogt <[email protected]>
- New upstream release 2.58.1
- secboot: detect lockout mode in CheckTPMKeySealingSupported
- cmd/snap-update-ns: prevent keeping unneeded mountpoints
- o/snapstate: do not infinitely retry when an update fails during
seeding
- interfaces/modem-manager: add permissions for NETLINK_ROUTE
- systemd/emulation.go: use `systemctl --root` to enable/disable
- snap: provide more error context in `NotSnapError`
- interfaces: add read access to /run for cryptsetup
- boot: avoid reboot loop if there is a bad try kernel
- devicestate: retry serial acquire on time based certificate
errors
- o/devicestate: run systemctl daemon-reload after install-device
hook
- cmd/snap,daemon: add 'held' to notes in 'snap list'
- o/snapshotstate: check snapshots are self-contained on import
- cmd/snap: show user+gating hold info in 'snap info'
- daemon: expose user and gating holds at /v2/snaps/{name}
* Sat Jan 21 2023 Fedora Release Engineering <[email protected]> -
2.57.6-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild
* Fri Dec 16 2022 Maciek Borzecki <[email protected]> - 2.57.6-2
- Fix for RHBZ#2152903
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2327932 - snapd: fails to install from epel10
https://bugzilla.redhat.com/show_bug.cgi?id=2327932
--------------------------------------------------------------------------------
--
_______________________________________________
epel-devel mailing list -- [email protected]
To unsubscribe send an email to [email protected]
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedoraproject.org/archives/list/[email protected]
Do not reply to spam, report it:
https://pagure.io/fedora-infrastructure/new_issue
