lxc (2.0.8-0ubuntu1~16.04.1) xenial; urgency=medium * New upstream bugfix release (2.0.8) (LP: #1691911): - Security fix for CVE-2017-5985 (previously fixed in Ubuntu)
- All templates have been updated to not set default passwords anymore, instead requiring lxc-attach be used to configure users. This may affect some automated environments that were relying on our default (very much insecure) users. - Make lxc-start-ephemeral Python 3.2-compatible - Fix typo - Allow build without sys/capability.h - lxc-opensuse: fix default value for release code - util: always malloc for setproctitle - util: update setproctitle comments - confile: clear lxc.network..ipv{4,6} when empty - lxc_setup_tios(): Ignore SIGTTOU and SIGTTIN signals - Make lxc-net return non-zero on failure - seccomp: allow x32 guests on amd64 hosts. - Add HAVE_LIBCAP - c/r: only supply --ext-mount-map for bind mounts - Added 'mkdir -p' functionality in create_or_remove_cgroup - Use LXC_ROOTFS_MOUNT in clonehostname hook - squeeze is not a supported release anymore, drop the key - start: dumb down SIGCHLD from WARN() to NOTICE() - log: fix lxc_unix_epoch_to_utc() - cgfsng: make trim() safer - seccomp: set SCMP_FLTATR_ATL_TSKIP if available - lxc-user-nic: re-order #includes - lxc-user-nic: improve + bugfix - lxc-user-nic: delete link on failure - conf: only try to delete veth when privileged - Fix lxc-containers to support multiple bridges - Fix mixed tab/spaces in previous patch - lxc-alpine: use dl-cdn.a.o as default mirror instead of random one - lxc-checkconfig: verify new[ug]idmap are setuid-root - [templates] archlinux: resolve conflicting files - [templates] archlinux: noneed default_timezone variable - python3: Deal with potential NULL char* - lxc-download.in / allow setting keyserver from env - lxc-download.in / Document keyserver change in help - Change variable check to match existing style - tree-wide: include directly - conf/ile: make sure buffer is large enough - tree-wide: include directly - tests: Support running on IPv6 networks - tests: Kill containers (don't wait for shutdown) - Fix opening wrong file in suggest_default_idmap - do not set the root password in the debian template - do not set insecure passwords - don't set a default password for altlinux, gentoo, openmandriva and pld - tools: exit with return code of lxc_execute() - Keep veth.pair.name on network shutdown - Makefile: fix static clang init.lxc build - Avoid waiting for bridge interface if disabled in sysconfig/lxc - Increased buffer length in print_stats() - avoid assigning to a variable which is not POSIX shell proof (bug #1498) - remove obsolete note about api stability - conf: less error prone pointer access - conf: lxc_map_ids() non-functional changes - caps: add lxc_{proc,file}_cap_is_set() - conf: check for {filecaps,setuid} on new{g,u}idmap - conf: improve log when mounting rootfs - ls: simplify the judgment condition when list active containers - fix typo introduced in #1509 - attach|unshare: fix the wrong comment - caps: skip file capability checks on android - autotools: check for cap_get_file - caps: return false if caps are not supported - conf: non-functional changes to setup_pts() - conf: use bind-mount for /dev/ptmx - conf: non-functional changes - utils: use loop device helpers from LXD - create ISSUE_TEMPLATE.md - cgroups: improve cgfsng debugging - issue template: fix typo - conf: close fd in lxc_setup_devpts() - conf: non-functional changes - utils: tweak lxc_mount_proc_if_needed() - Change sshd template to work with Ubuntu 17.04 - conf: order mount options - conf: add MS_LAZYTIME to mount options - monitor: report errno on exec() error - af unix: allow for maximum socket name - commands: avoid NULL pointer dereference - commands: non-functional changes - lxccontainer: avoid NULL pointer dereference - monitor: simplify abstract socket logic - precise is not the latest LTS, let's use xenial instead - fix the wrong exit status - conf: non-functional changes lxc_fill_autodev() - conf: remove /dev/console from lxc_fill_autodev() - conf: non-functional changes lxc_setup() - conf: non-functional changes to console functions - conf: improve lxc_setup_dev_console() - conf: lxc_setup_ttydir_console() - config: remove /dev/console bind mount - doc: document console behavior - utils: add lxc_unstack_mountpoint() - conf: unstack all mounts atop /dev/console - console: fail when we cannot allocate peer tty - start: remove umount2() - conf: non-functional changes - utils: handle > 2^31 in lxc_unstack_mountpoint() - Install systemd units for CentOS - Merge ubuntu and debiancase - start: add crucial details about lxc_spawn() * Cherry-pick some upstream fixes: - conf{,ile}: allow one to clear all config items - start: pin rootfs when privileged - conf: fix build without libcap - start: don't call lxc_map_ids() without id map - lxc-attach: allow for situations without /dev/tty - utils: fix num parsing functions - tests: lxc_safe_{u}int() add corner-case tests * Fix broken proxy detection in debian/tests/exercise * Only move lxc bash completion from /etc if we installed it there * Update tests to deal with cgroupv2 tree (recent systemd) * Drop un-needed lintian override Date: Thu, 18 May 2017 23:08:57 -0400 Changed-By: Stéphane Graber <stgra...@ubuntu.com> Maintainer: Ubuntu Developers <ubuntu-devel-disc...@lists.ubuntu.com> https://launchpad.net/ubuntu/+source/lxc/2.0.8-0ubuntu1~16.04.1
Format: 1.8 Date: Thu, 18 May 2017 23:08:57 -0400 Source: lxc Binary: lxc lxc1 lxc-common lxc-dev lxc-templates lxc-tests liblxc1 python3-lxc lua-lxc Architecture: source Version: 2.0.8-0ubuntu1~16.04.1 Distribution: xenial Urgency: medium Maintainer: Ubuntu Developers <ubuntu-devel-disc...@lists.ubuntu.com> Changed-By: Stéphane Graber <stgra...@ubuntu.com> Description: liblxc1 - Linux Containers userspace tools (library) lua-lxc - Linux Containers userspace tools (Lua bindings) lxc - Transitional package for lxc1 lxc-common - Linux Containers userspace tools (common tools) lxc-dev - Linux Containers userspace tools (development) lxc-templates - Linux Containers userspace tools (templates) lxc-tests - Linux Containers userspace tools (test binaries) lxc1 - Linux Containers userspace tools python3-lxc - Linux Containers userspace tools (Python 3.x bindings) Launchpad-Bugs-Fixed: 1691911 Changes: lxc (2.0.8-0ubuntu1~16.04.1) xenial; urgency=medium . * New upstream bugfix release (2.0.8) (LP: #1691911): - Security fix for CVE-2017-5985 (previously fixed in Ubuntu) . - All templates have been updated to not set default passwords anymore, instead requiring lxc-attach be used to configure users. . This may affect some automated environments that were relying on our default (very much insecure) users. . - Make lxc-start-ephemeral Python 3.2-compatible - Fix typo - Allow build without sys/capability.h - lxc-opensuse: fix default value for release code - util: always malloc for setproctitle - util: update setproctitle comments - confile: clear lxc.network..ipv{4,6} when empty - lxc_setup_tios(): Ignore SIGTTOU and SIGTTIN signals - Make lxc-net return non-zero on failure - seccomp: allow x32 guests on amd64 hosts. - Add HAVE_LIBCAP - c/r: only supply --ext-mount-map for bind mounts - Added 'mkdir -p' functionality in create_or_remove_cgroup - Use LXC_ROOTFS_MOUNT in clonehostname hook - squeeze is not a supported release anymore, drop the key - start: dumb down SIGCHLD from WARN() to NOTICE() - log: fix lxc_unix_epoch_to_utc() - cgfsng: make trim() safer - seccomp: set SCMP_FLTATR_ATL_TSKIP if available - lxc-user-nic: re-order #includes - lxc-user-nic: improve + bugfix - lxc-user-nic: delete link on failure - conf: only try to delete veth when privileged - Fix lxc-containers to support multiple bridges - Fix mixed tab/spaces in previous patch - lxc-alpine: use dl-cdn.a.o as default mirror instead of random one - lxc-checkconfig: verify new[ug]idmap are setuid-root - [templates] archlinux: resolve conflicting files - [templates] archlinux: noneed default_timezone variable - python3: Deal with potential NULL char* - lxc-download.in / allow setting keyserver from env - lxc-download.in / Document keyserver change in help - Change variable check to match existing style - tree-wide: include directly - conf/ile: make sure buffer is large enough - tree-wide: include directly - tests: Support running on IPv6 networks - tests: Kill containers (don't wait for shutdown) - Fix opening wrong file in suggest_default_idmap - do not set the root password in the debian template - do not set insecure passwords - don't set a default password for altlinux, gentoo, openmandriva and pld - tools: exit with return code of lxc_execute() - Keep veth.pair.name on network shutdown - Makefile: fix static clang init.lxc build - Avoid waiting for bridge interface if disabled in sysconfig/lxc - Increased buffer length in print_stats() - avoid assigning to a variable which is not POSIX shell proof (bug #1498) - remove obsolete note about api stability - conf: less error prone pointer access - conf: lxc_map_ids() non-functional changes - caps: add lxc_{proc,file}_cap_is_set() - conf: check for {filecaps,setuid} on new{g,u}idmap - conf: improve log when mounting rootfs - ls: simplify the judgment condition when list active containers - fix typo introduced in #1509 - attach|unshare: fix the wrong comment - caps: skip file capability checks on android - autotools: check for cap_get_file - caps: return false if caps are not supported - conf: non-functional changes to setup_pts() - conf: use bind-mount for /dev/ptmx - conf: non-functional changes - utils: use loop device helpers from LXD - create ISSUE_TEMPLATE.md - cgroups: improve cgfsng debugging - issue template: fix typo - conf: close fd in lxc_setup_devpts() - conf: non-functional changes - utils: tweak lxc_mount_proc_if_needed() - Change sshd template to work with Ubuntu 17.04 - conf: order mount options - conf: add MS_LAZYTIME to mount options - monitor: report errno on exec() error - af unix: allow for maximum socket name - commands: avoid NULL pointer dereference - commands: non-functional changes - lxccontainer: avoid NULL pointer dereference - monitor: simplify abstract socket logic - precise is not the latest LTS, let's use xenial instead - fix the wrong exit status - conf: non-functional changes lxc_fill_autodev() - conf: remove /dev/console from lxc_fill_autodev() - conf: non-functional changes lxc_setup() - conf: non-functional changes to console functions - conf: improve lxc_setup_dev_console() - conf: lxc_setup_ttydir_console() - config: remove /dev/console bind mount - doc: document console behavior - utils: add lxc_unstack_mountpoint() - conf: unstack all mounts atop /dev/console - console: fail when we cannot allocate peer tty - start: remove umount2() - conf: non-functional changes - utils: handle > 2^31 in lxc_unstack_mountpoint() - Install systemd units for CentOS - Merge ubuntu and debiancase - start: add crucial details about lxc_spawn() . * Cherry-pick some upstream fixes: - conf{,ile}: allow one to clear all config items - start: pin rootfs when privileged - conf: fix build without libcap - start: don't call lxc_map_ids() without id map - lxc-attach: allow for situations without /dev/tty - utils: fix num parsing functions - tests: lxc_safe_{u}int() add corner-case tests . * Fix broken proxy detection in debian/tests/exercise * Only move lxc bash completion from /etc if we installed it there * Update tests to deal with cgroupv2 tree (recent systemd) * Drop un-needed lintian override Checksums-Sha1: 41f738112144cdcfc8565464c0558bbb0473561e 2687 lxc_2.0.8-0ubuntu1~16.04.1.dsc 65883786c24312ab36e53231e312d94851957516 1308705 lxc_2.0.8.orig.tar.gz dcceee9241962aa307bdf18b24490338d0c81ea6 114400 lxc_2.0.8-0ubuntu1~16.04.1.debian.tar.xz Checksums-Sha256: 23e2219a908823c5b54d7f7f954c5625d1b0e9c6ef9cdb99ce6eb824fc5ed042 2687 lxc_2.0.8-0ubuntu1~16.04.1.dsc 0d8e34b302cfe4c40c6c9ae5097096aa5cc2c1dfceea3f0f22e3e16c4a4e8494 1308705 lxc_2.0.8.orig.tar.gz 78f82e4ae3a070b5e8d3b81fdad1cfe2b01941353f44a52117893cbc9bcb73ad 114400 lxc_2.0.8-0ubuntu1~16.04.1.debian.tar.xz Files: cc9a2083d8b330e4b16cdf2d7a3bfb6d 2687 admin optional lxc_2.0.8-0ubuntu1~16.04.1.dsc 7bfd95280522d7936c0979dfea92cdb5 1308705 admin optional lxc_2.0.8.orig.tar.gz fc5634587cc9894283eabb1299c17f9d 114400 admin optional lxc_2.0.8-0ubuntu1~16.04.1.debian.tar.xz
-- Xenial-changes mailing list Xenial-changes@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/xenial-changes