[ubuntu/trusty-updates] snapd 2.37.4~14.04.1 (Accepted)
snapd (2.37.4~14.04.1) trusty-security; urgency=medium
* No change rebuild for trusty-security (LP: #1812973)
- CVE-2019-7303
snapd (2.37.4~14.04) trusty; urgency=medium
* New upstream release, LP: #1817949
- squashfs: unset SOURCE_DATE_EPOCH in the TestBuildDate test
- overlord/ifacestate: fix migration of connections on upgrade from
ubuntu-core
- tests: fix upgrade-from-2.15 with kernel 4.15
- interfaces/seccomp: increase filter precision
- tests: remove snapweb from tests
snapd (2.37.3~14.04) trusty; urgency=medium
* New upstream release, LP: #1811233
- interfaces/seccomp: generate global seccomp profile
- overlord/snapstate: add some randomness to the catalog refresh
- tests: add upgrade test from 2.15.2ubuntu1 -> current snapd
- snap-confine: fix fallback to ubuntu-core
- packaging: avoid race in snapd.postinst
- overlord/snapstate: discard mount namespace when undoing 1st link
snap
- cmd/snap-confine: allow writes to /var/lib/** again
- tests: stop catalog-update/apt-hooks test until the catlog refresh
is randomized
- debian: ensure leftover usr.lib.snapd.snap-confine is gone
snapd (2.37.2~14.04) trusty; urgency=medium
* New upstream release, LP: #1811233
- cmd/snap, overlord/snapstate: silently ignore classic flag when a
snap is strictly confined
- snap-confine: remove special handling of /var/lib/jenkins
- cmd/snap-confine: handle death of helper process gracefully
- snap-confine: fix classic snaps for users with /var/lib/* homedirs
like jenkins/postgres
- packaging: disable systemd environment generator on 18.04
- tests: update smoke/sandbox test for armhf
- cmd/snap-confine: refactor and cleanup of seccomp loading
- snap-confine: increase locking timeout to 30s
- snap-confine: fix incorrect "sanity timeout 3s" message
- snap: fix hook autodiscovery for parallel installed snaps
- tests: iterate getting journal logs to support delay on boards on
daemon-notify test
- interfaces/apparmor: deny inet/inet6 in snap-update-ns profile
- interfaces: add u2f-devices interface
snapd (2.37.1~14.04) trusty; urgency=medium
* New upstream release, LP: #1811233
- cmd/snap-confine: add special case for Jenkins
- tests: workaround missing go dependencies in debian-9
- daemon, polkit: pid_t is signed
- interfaces: add display-control interface
- interfaces: add block-devices interface
- tests/main/searching: video section got renamed to photo-and-video
- interfaces/camera: allow reading vendor/etc info from
/run/udev/data/+usb
- interfaces/dbus: be less strict about alternations for well-known
names
- interfaces/home: allow dac_read_search with 'read: all'
- interfaces/pulseaudio: allow reading subdirectories of
/etc/pulse
- interfaces/system-observe: allow read on
/proc/locks
- tests: get test-snapd-dbus-{provider,consumer} from the beta
channel
- interfaces/apparmor: mock presence of overlayfs root
- packaging/{fedora,opensuse,ubuntu}: add /var/lib/snapd/lib/glvnd
snapd (2.37~14.04) trusty; urgency=medium
* New upstream release, LP: #1811233
- snapd: fix race in TestSanityFailGoesIntoDegradedMode test
- cmd: fix snap-device-helper to deal correctly with hooks
- tests: various fixes for external backend
- interface: raw-usb: Adding ttyACM[0-9]* as many serial devices
have device node /dev/ttyACM[0-9]
- tests: fix enable-disable-unit-gpio test on external boards
- tests: define new "tests/smoke" suite and use that for
autopkgtests
- interfaces/builtin/opengl: allow access to NVIDIA VDPAU
library
- snapshotstate: don't task.Log without the lock
- overlord/configstate/configcore: support - and _ in cloud init
field names
- cmd/snap-confine: use makedev instead of MKDEV
- tests: review/fix the autopkgtest failures in disco
- systemd: allow only a single daemon-reload at the same time
- cmd/snap: only auto-enable unicode to a tty
- cmd/snap: right-align revision and size in info's channel map
- dirs, interfaces/builtin/desktop: system fontconfig cache path is
different on Fedora
- tests: fix "No space left on device" issue on amazon-linux
- store: undo workaround for timezone-less released-at
- store, snap, cmd/snap: channels have released-at
- snap-confine: fix incorrect use "src" var in mount-support.c
- release: support probing SELinux state
- release-tools: display self-help
- interface: add new `{personal,system}-files` interface
- snap: give Epoch an Equal method
- many: remove unused interface code
- interfaces/many: use 'unsafe' with docker-support change_profile
rules
- run-checks: stop running HEAD of staticcheck
- release: use sync.Once around lazy intialized state
- overlord/ifacestate: include interface name i
[ubuntu/trusty-security] snapd 2.37.4~14.04.1 (Accepted)
snapd (2.37.4~14.04.1) trusty-security; urgency=medium
* No change rebuild for trusty-security (LP: #1812973)
- CVE-2019-7303
snapd (2.37.4~14.04) trusty; urgency=medium
* New upstream release, LP: #1817949
- squashfs: unset SOURCE_DATE_EPOCH in the TestBuildDate test
- overlord/ifacestate: fix migration of connections on upgrade from
ubuntu-core
- tests: fix upgrade-from-2.15 with kernel 4.15
- interfaces/seccomp: increase filter precision
- tests: remove snapweb from tests
snapd (2.37.3~14.04) trusty; urgency=medium
* New upstream release, LP: #1811233
- interfaces/seccomp: generate global seccomp profile
- overlord/snapstate: add some randomness to the catalog refresh
- tests: add upgrade test from 2.15.2ubuntu1 -> current snapd
- snap-confine: fix fallback to ubuntu-core
- packaging: avoid race in snapd.postinst
- overlord/snapstate: discard mount namespace when undoing 1st link
snap
- cmd/snap-confine: allow writes to /var/lib/** again
- tests: stop catalog-update/apt-hooks test until the catlog refresh
is randomized
- debian: ensure leftover usr.lib.snapd.snap-confine is gone
snapd (2.37.2~14.04) trusty; urgency=medium
* New upstream release, LP: #1811233
- cmd/snap, overlord/snapstate: silently ignore classic flag when a
snap is strictly confined
- snap-confine: remove special handling of /var/lib/jenkins
- cmd/snap-confine: handle death of helper process gracefully
- snap-confine: fix classic snaps for users with /var/lib/* homedirs
like jenkins/postgres
- packaging: disable systemd environment generator on 18.04
- tests: update smoke/sandbox test for armhf
- cmd/snap-confine: refactor and cleanup of seccomp loading
- snap-confine: increase locking timeout to 30s
- snap-confine: fix incorrect "sanity timeout 3s" message
- snap: fix hook autodiscovery for parallel installed snaps
- tests: iterate getting journal logs to support delay on boards on
daemon-notify test
- interfaces/apparmor: deny inet/inet6 in snap-update-ns profile
- interfaces: add u2f-devices interface
snapd (2.37.1~14.04) trusty; urgency=medium
* New upstream release, LP: #1811233
- cmd/snap-confine: add special case for Jenkins
- tests: workaround missing go dependencies in debian-9
- daemon, polkit: pid_t is signed
- interfaces: add display-control interface
- interfaces: add block-devices interface
- tests/main/searching: video section got renamed to photo-and-video
- interfaces/camera: allow reading vendor/etc info from
/run/udev/data/+usb
- interfaces/dbus: be less strict about alternations for well-known
names
- interfaces/home: allow dac_read_search with 'read: all'
- interfaces/pulseaudio: allow reading subdirectories of
/etc/pulse
- interfaces/system-observe: allow read on
/proc/locks
- tests: get test-snapd-dbus-{provider,consumer} from the beta
channel
- interfaces/apparmor: mock presence of overlayfs root
- packaging/{fedora,opensuse,ubuntu}: add /var/lib/snapd/lib/glvnd
snapd (2.37~14.04) trusty; urgency=medium
* New upstream release, LP: #1811233
- snapd: fix race in TestSanityFailGoesIntoDegradedMode test
- cmd: fix snap-device-helper to deal correctly with hooks
- tests: various fixes for external backend
- interface: raw-usb: Adding ttyACM[0-9]* as many serial devices
have device node /dev/ttyACM[0-9]
- tests: fix enable-disable-unit-gpio test on external boards
- tests: define new "tests/smoke" suite and use that for
autopkgtests
- interfaces/builtin/opengl: allow access to NVIDIA VDPAU
library
- snapshotstate: don't task.Log without the lock
- overlord/configstate/configcore: support - and _ in cloud init
field names
- cmd/snap-confine: use makedev instead of MKDEV
- tests: review/fix the autopkgtest failures in disco
- systemd: allow only a single daemon-reload at the same time
- cmd/snap: only auto-enable unicode to a tty
- cmd/snap: right-align revision and size in info's channel map
- dirs, interfaces/builtin/desktop: system fontconfig cache path is
different on Fedora
- tests: fix "No space left on device" issue on amazon-linux
- store: undo workaround for timezone-less released-at
- store, snap, cmd/snap: channels have released-at
- snap-confine: fix incorrect use "src" var in mount-support.c
- release: support probing SELinux state
- release-tools: display self-help
- interface: add new `{personal,system}-files` interface
- snap: give Epoch an Equal method
- many: remove unused interface code
- interfaces/many: use 'unsafe' with docker-support change_profile
rules
- run-checks: stop running HEAD of staticcheck
- release: use sync.Once around lazy intialized state
- overlord/ifacestate: include interface name i
[ubuntu/trusty-updates] ghostscript 9.26~dfsg+0-0ubuntu0.14.04.8 (Accepted)
ghostscript (9.26~dfsg+0-0ubuntu0.14.04.8) trusty-security; urgency=medium * SECURITY UPDATE: superexec operator is available - debian/patches/CVE-2019-3835-pre1.patch: Have gs_cet.ps run from gs_init.ps in Resource/Init/gs_cet.ps, Resource/Init/gs_init.ps. - debian/patches/CVE-2019-3835-pre2.patch: Undef /odef in Resource/Init/gs_cet.ps, Resource/Init/gs_init.ps. - debian/patches/CVE-2019-3835-1.patch: restrict superexec and remove it in Resource/Init/gs_cet.ps, Resource/Init/gs_dps1.ps, Resource/Init/gs_fonts.ps, Resource/Init/gs_init.ps, Resource/Init/gs_ttf.ps, Resource/Init/gs_type1.ps. - debian/patches/CVE-2019-3835-2.patch: obliterate superexec in Resource/Init/gs_init.ps, psi/icontext.c, psi/icstate.h, psi/zcontrol.c, psi/zdict.c, psi/zgeneric.c. - CVE-2019-3835 * SECURITY UPDATE: forceput in DefineResource is still accessible - debian/patches/CVE-2019-3838-1.patch: make a transient proc executeonly in Resource/Init/gs_res.ps. - debian/patches/CVE-2019-3838-2.patch: an extra transient proc needs executeonly in Resource/Init/gs_res.ps. - CVE-2019-3838 Date: 2019-03-19 14:24:14.467842+00:00 Changed-By: Marc Deslauriers Signed-By: Ubuntu Archive Robot https://launchpad.net/ubuntu/+source/ghostscript/9.26~dfsg+0-0ubuntu0.14.04.8 Sorry, changesfile not available.-- Trusty-changes mailing list Trusty-changes@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/trusty-changes
[ubuntu/trusty-security] ghostscript 9.26~dfsg+0-0ubuntu0.14.04.8 (Accepted)
ghostscript (9.26~dfsg+0-0ubuntu0.14.04.8) trusty-security; urgency=medium * SECURITY UPDATE: superexec operator is available - debian/patches/CVE-2019-3835-pre1.patch: Have gs_cet.ps run from gs_init.ps in Resource/Init/gs_cet.ps, Resource/Init/gs_init.ps. - debian/patches/CVE-2019-3835-pre2.patch: Undef /odef in Resource/Init/gs_cet.ps, Resource/Init/gs_init.ps. - debian/patches/CVE-2019-3835-1.patch: restrict superexec and remove it in Resource/Init/gs_cet.ps, Resource/Init/gs_dps1.ps, Resource/Init/gs_fonts.ps, Resource/Init/gs_init.ps, Resource/Init/gs_ttf.ps, Resource/Init/gs_type1.ps. - debian/patches/CVE-2019-3835-2.patch: obliterate superexec in Resource/Init/gs_init.ps, psi/icontext.c, psi/icstate.h, psi/zcontrol.c, psi/zdict.c, psi/zgeneric.c. - CVE-2019-3835 * SECURITY UPDATE: forceput in DefineResource is still accessible - debian/patches/CVE-2019-3838-1.patch: make a transient proc executeonly in Resource/Init/gs_res.ps. - debian/patches/CVE-2019-3838-2.patch: an extra transient proc needs executeonly in Resource/Init/gs_res.ps. - CVE-2019-3838 Date: 2019-03-19 14:24:14.467842+00:00 Changed-By: Marc Deslauriers https://launchpad.net/ubuntu/+source/ghostscript/9.26~dfsg+0-0ubuntu0.14.04.8 Sorry, changesfile not available.-- Trusty-changes mailing list Trusty-changes@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/trusty-changes
[ubuntu/trusty-proposed] linux-signed-lts-xenial 4.4.0-144.170~14.04.1 (Accepted)
linux-signed-lts-xenial (4.4.0-144.170~14.04.1) trusty; urgency=medium * Master version: 4.4.0-144.170~14.04.1 Date: 2019-03-18 14:59:26.652705+00:00 Changed-By: Khaled El Mously Signed-By: Łukasz Zemczak https://launchpad.net/ubuntu/+source/linux-signed-lts-xenial/4.4.0-144.170~14.04.1 Sorry, changesfile not available.-- Trusty-changes mailing list Trusty-changes@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/trusty-changes
[ubuntu/trusty-proposed] linux-meta-lts-xenial 4.4.0.144.127 (Accepted)
linux-meta-lts-xenial (4.4.0.144.127) trusty; urgency=medium * Bump ABI 4.4.0-144 Date: 2019-03-20 14:23:14.277399+00:00 Changed-By: Stefan Bader Signed-By: Łukasz Zemczak https://launchpad.net/ubuntu/+source/linux-meta-lts-xenial/4.4.0.144.127 Sorry, changesfile not available.-- Trusty-changes mailing list Trusty-changes@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/trusty-changes
[ubuntu/trusty-updates] apt 1.0.1ubuntu2.22 (Accepted)
apt (1.0.1ubuntu2.22) trusty; urgency=medium * apt.dirs: Install auth.conf.d directory (LP: #1818996) * Merge translations from 1.2.31 apt (1.0.1ubuntu2.21) trusty; urgency=medium [ Julian Andres Klode ] * travis CI: Use docker container to get useful results * fix and non-silent fail dpkg-overwrite error test (LP: #1817088) * Introduce experimental 'never' pinning for sources (LP: #1814727) * Add support for /etc/apt/auth.conf.d/*.conf (netrcparts) (LP: #1811120) * Add a Packages-Require-Authorization Release file field (LP: #1814727) * NeverAutoRemove kernel meta packages (LP: #1787460) * Introduce APT::Install::Pre-Invoke / Post-Invoke-Success (LP: #1815761) [ David Kalnischkies ] * ftparchive/writer.cc: use a std::vector instead of hardcoded array (LP: #1817048) Date: 2019-03-12 14:23:08.990093+00:00 Changed-By: Julian Andres Klode Signed-By: Łukasz Zemczak https://launchpad.net/ubuntu/+source/apt/1.0.1ubuntu2.22 Sorry, changesfile not available.-- Trusty-changes mailing list Trusty-changes@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/trusty-changes
