Change log for lxc package in Ubuntu

lxc (1:6.0.0a-1) unstable; urgency=medium

  * New upstream release 6.0.0a
    Not an alpha release, but rather a minor fix of meson LXC_DEVEL tracker.

 -- Pierre-Elliott Bécue <email address hidden>  Thu, 02 May 2024 15:22:44 +0200

Available diffs

• diff from 1:5.0.3-2ubuntu7 (in Ubuntu) to 1:6.0.0a-1 (136.6 KiB)

lxc (1:5.0.3-2ubuntu7) noble; urgency=medium

  * Fixup typo in Depends field in time64_t transition

 -- Gianfranco Costamagna <email address hidden>  Wed, 17 Apr 2024 23:07:01 +0200

Available diffs

• diff from 1:5.0.3-2ubuntu5 to 1:5.0.3-2ubuntu7 (10.6 KiB)
• diff from 1:5.0.3-2ubuntu6 to 1:5.0.3-2ubuntu7 (538 bytes)

lxc (1:5.0.3-2ubuntu6) noble; urgency=medium

  * Manually apply the changes from 1:5.0.3-2.1 in Debian (the renaming for
    the 64-bit time_t transition) which somehow never got merged into the
    Ubuntu packaging.

 -- Michael Hudson-Doyle <email address hidden>  Wed, 17 Apr 2024 15:06:46 +1200

Available diffs

• diff from 1:5.0.3-2ubuntu5 to 1:5.0.3-2ubuntu6 (10.5 KiB)

lxc (1:5.0.3-2ubuntu5) noble; urgency=medium

  * Temporarily skip some buggy tests (LP: #2059550)
    - debian/tests/exercise: skip "lxc-test-unpriv" test (attempt #2)

 -- Alexander Mikhalitsyn <email address hidden>  Wed, 10 Apr 2024 17:23:26 +0200

Available diffs

• diff from 1:5.0.1-0ubuntu8 to 1:5.0.3-2ubuntu5 (140.4 KiB)
• diff from 1:5.0.3-2ubuntu4 to 1:5.0.3-2ubuntu5 (550 bytes)

lxc (1:5.0.3-2ubuntu4) noble; urgency=medium

  * Temporarily skip some buggy tests (LP: #2059550)
    - d/tests/control: remove "unprivileged-containers" autopkgtest
    - debian/tests/exercise: skip "lxc-test-unpriv" test
  * debian/rules
    - apply Ubuntu-specific patches in override_dh_auto_configure
      step instead of override_dh_clean. Otherwise, debuild fails
      to build source package if run from Ubuntu.

 -- Alexander Mikhalitsyn <email address hidden>  Tue, 09 Apr 2024 20:37:44 +0200

Available diffs

• diff from 1:5.0.3-2ubuntu3 to 1:5.0.3-2ubuntu4 (1.2 KiB)

lxc (1:5.0.3-2ubuntu3) noble; urgency=medium

  * No-change rebuild for CVE-2024-3094

 -- Steve Langasek <email address hidden>  Sun, 31 Mar 2024 20:01:40 +0000

Available diffs

• diff from 1:5.0.3-2ubuntu2 to 1:5.0.3-2ubuntu3 (328 bytes)

lxc (1:5.0.3-2ubuntu2) noble; urgency=medium

  * Merge with unrelated Debian packaging, remaining changes:
    - debian/control: Add transitional packages
      This is to allow for upgrades from 23.10 to 24.04.
      Those changes can go away once 24.10 opens.
  * The changes below are those that are set to be included in the next
    Debian upload.

  [ Aleksandr Mikhalitsyn ]
  * debian/tests: Addition of the "no-devel" test
  * debian/tests/unprivileged-containers: Fix and make work on Ubuntu

  [ Mathias Gibbens ]
  * d/control:
    - Update Build-Depends from systemd -> systemd-dev (Closes: #1060614)
    - Update Build-Depends from pkg-config -> pkgconf
  * Cherry-pick upstream fixes for d/tests/test-usernic
  * Update years in d/copyright

  [ Michael Biebl ]
  * Install PAM modules into /usr. (Closes: #1061490)
  * Drop Build-Depends on dh-exec, no longer necessary.

  [ Stéphane Graber ]
  * Cherry-pick upstream bugfixes:
    - 0013-cherry-pick-remove-broken-cgroup-tests.patch
    - 0014-cherry-pick-lxc-copy-apparmor.patch
  * Add Ubuntu-specific patch (for now):
    - Handle AppArmor ABI 4 with userns extension
  * debian/rules
    - Add lxc-copy apparmor profile
    - Apply Ubuntu-specific patch

 -- Stéphane Graber <email address hidden>  Thu, 21 Mar 2024 12:54:38 -0400

Available diffs

• diff from 1:5.0.3-2ubuntu1 to 1:5.0.3-2ubuntu2 (5.4 KiB)

lxc (1:5.0.3-2ubuntu1) noble; urgency=medium

  [ Aleksandr Mikhalitsyn ]
  * Merge with Debian, remaining changes:
    - debian/control: Add transitional packages
      This is to allow for upgrades from 23.10 to 24.04.
      Those changes can go away once 24.10 opens.
    - debian/patches:
      - 1000-ubuntu-apparmor-userns.patch
        Handles Ubuntu-specific divergance in userns behavior.
      - 1001-test-usernic-fixes.patch
        Remove deprecated logic from usernic test.
    - debian/tests: Addition of the "no-devel" test

 -- Stéphane Graber <email address hidden>  Tue, 13 Feb 2024 10:19:47 -0500

Available diffs

• diff from 1:5.0.1-0ubuntu8 to 1:5.0.3-2ubuntu1 (137.4 KiB)

lxc (1:5.0.0~git2209-g5a7b9ce67-0ubuntu1.1) jammy; urgency=medium

  [ Dave Jones ]
  * Fix the LXC_DEVEL value to be 0 (LP: #2039873)
    - d/p/0002-Set-DEVEL-flag-post-release.patch added to force this
      value in the autoconf script

  [ Alexander Mikhalitsyn ]
  * Added autopkgtest to ensure that LXC_DEVEL is always 0
    - debian/tests/no-devel: add "no-devel" autopkgtest script
    - debian/tests/control: declare "no-devel" autopkgtest

 -- Dave Jones <email address hidden>  Wed, 24 Jan 2024 16:26:06 +0000

Available diffs

• diff from 1:5.0.0~git2209-g5a7b9ce67-0ubuntu1 to 1:5.0.0~git2209-g5a7b9ce67-0ubuntu1.1 (1.2 KiB)

lxc (1:5.0.1-0ubuntu8~23.10.1) mantic; urgency=medium

  [ Alexander Mikhalitsyn ]
  * Fix the LXC_DEVEL value to be 0 (LP: #2039873)
    - d/p/0003-meson-Set-DEVEL-flag-post-release.patch was dropped
      as it should not be in the production builds
  * Added autopkgtest to ensure that LXC_DEVEL is always 0
    - debian/tests/no-devel: add "no-devel" autopkgtest script
    - debian/tests/control: declare "no-devel" autopkgtest

 -- Dave Jones <email address hidden>  Wed, 24 Jan 2024 16:25:47 +0000

Available diffs

• diff from 1:5.0.1-0ubuntu7 to 1:5.0.1-0ubuntu8~23.10.1 (1.4 KiB)

lxc (1:5.0.1-0ubuntu8) noble; urgency=medium

  * Fix the LXC_DEVEL value to be 0 (LP: #2039873)
    - d/p/0003-meson-Set-DEVEL-flag-post-release.patch was dropped
      as it should not be in the production builds
  * Added autopkgtest to ensure that LXC_DEVEL is always 0
    - debian/tests/no-devel: add "no-devel" autopkgtest script
    - debian/tests/control: declare "no-devel" autopkgtest
  * d/lxc-utils.install: Fixed lib/systemd path (to usr/lib/systemd)

 -- Alexander Mikhalitsyn <email address hidden>  Thu, 18 Jan 2024 16:20:47 +0100

Available diffs

• diff from 1:5.0.1-0ubuntu7 to 1:5.0.1-0ubuntu8 (1.5 KiB)

lxc (1:5.0.1-0ubuntu7) mantic; urgency=medium

  * Update apparmor profile to support new userns feature (LP: #2035315)
    - d/p/apparmor-userns.patch: Add userns permission to
      start-container abstraction and declare new 4.0 ABI in
      the usr.bin.lxc-start apparmor profile
    - debian/control: Declare Breaks on anything less than apparmor
      4.0.0~alpha2-0ubuntu4 for liblxc-common to ensure if apparmor is
      installed that it supports the new 4.0 ABI and add systemd-dev to
      Build-Depends to fix local build failure.

 -- Alex Murray <email address hidden>  Mon, 18 Sep 2023 13:28:16 +0930

Available diffs

• diff from 1:5.0.1-0ubuntu6 to 1:5.0.1-0ubuntu7 (1.2 KiB)

lxc (3.0.3-0ubuntu1~18.04.3) bionic; urgency=medium

  * Fix tests issue by avoiding falling back to inexistent trusty LXC images
    and using the bionic ones (LP: #1939537)

Available diffs

• diff from 3.0.3-0ubuntu1~18.04.1 to 3.0.3-0ubuntu1~18.04.3 (1.4 KiB)

lxc (1:5.0.1-0ubuntu6) lunar; urgency=medium

  * debian/control: add libcap-dev, libselinux1-dev, and libseccomp-dev to
    depends for liblxc-dev, to fix go-lxc autopktest failure.

 -- Serge Hallyn <email address hidden>  Thu, 19 Jan 2023 17:53:14 -0600

Available diffs

• diff from 1:5.0.0~git2209-g5a7b9ce67-0ubuntu3 to 1:5.0.1-0ubuntu6 (654.5 KiB)
• diff from 1:5.0.1-0ubuntu5 to 1:5.0.1-0ubuntu6 (592 bytes)

lxc (1:5.0.1-0ubuntu5) lunar; urgency=medium

  * disable lxc-test-fuzzers - the test is failing to download external
    artifacts

 -- Serge Hallyn <email address hidden>  Tue, 17 Jan 2023 21:44:40 -0600

Available diffs

• diff from 1:5.0.1-0ubuntu4 to 1:5.0.1-0ubuntu5 (458 bytes)

lxc (1:5.0.1-0ubuntu4) lunar; urgency=medium

  * Fix meson build in debian/tests/exercise: specify the rest of the
    required configuration parameters.
  * d/p/test-usernic-fixes:
    - drop the hunks dealing with cgroups.  lxc uses the systemd api
      to do that.
    - ifconfig is not available, use ip

 -- Serge Hallyn <email address hidden>  Mon, 16 Jan 2023 21:32:01 -0600

Available diffs

• diff from 1:5.0.1-0ubuntu3 to 1:5.0.1-0ubuntu4 (1.4 KiB)

lxc (1:5.0.1-0ubuntu3) lunar; urgency=medium

  * fix meson reconfiguration usage: the build/ directory doesn't exist
    yet when tests/exercise runs, so use meson setup to create it.

 -- Serge Hallyn <email address hidden>  Sun, 15 Jan 2023 22:53:15 -0600

Available diffs

• diff from 1:5.0.1-0ubuntu2 to 1:5.0.1-0ubuntu3 (557 bytes)

lxc (1:5.0.1-0ubuntu2) lunar; urgency=medium

  * Fix autopkg tests to use meson instead of autoconf

 -- Serge Hallyn <email address hidden>  Tue, 10 Jan 2023 16:21:26 -0600

Available diffs

• diff from 1:5.0.1-0ubuntu1 to 1:5.0.1-0ubuntu2 (666 bytes)

lxc (1:5.0.1-0ubuntu1) lunar; urgency=medium

  * Update to lxc-5.0.1 (using the orig tarball from debian)
  * d/p: add all patches up to current git master
  * d/control: add libsystemd-dev and meson
  * d/rules: follow guidance from daily packaging
  * remove d/.git-dpm
  * update paths in liblxc1.install and liblxc.lintian-overrides

 -- Serge Hallyn <email address hidden>  Wed, 16 Nov 2022 09:31:08 -0600

Available diffs

• diff from 1:5.0.0~git2209-g5a7b9ce67-0ubuntu3 to 1:5.0.1-0ubuntu1 (653.1 KiB)

lxc (1:5.0.0~git2209-g5a7b9ce67-0ubuntu3) kinetic; urgency=medium

  * d/p/ppc64el-gcc12-warning.patch: refine the patch to be less brittle in
    case of upstream changes

 -- Simon Chopin <email address hidden>  Wed, 07 Sep 2022 10:19:55 +0200

Available diffs

• diff from 1:5.0.0~git2209-g5a7b9ce67-0ubuntu2 to 1:5.0.0~git2209-g5a7b9ce67-0ubuntu3 (921 bytes)

lxc (1:5.0.0~git2209-g5a7b9ce67-0ubuntu2) kinetic; urgency=medium

  * d/p/lp1987625/*.patch: cherry-picked to fix FTBFS against glibc 2.36
    (LP: #1987625)
  * d/p/ppc64el-gcc12-warning.patch: work around a false positive warning in
    GCC 12 on ppc64el due to it defaulting to -O3

 -- Simon Chopin <email address hidden>  Fri, 26 Aug 2022 11:18:18 +0200

Available diffs

• diff from 1:5.0.0~git2209-g5a7b9ce67-0ubuntu1 to 1:5.0.0~git2209-g5a7b9ce67-0ubuntu2 (3.5 KiB)

lxc (1:5.0.0~git2209-g5a7b9ce67-0ubuntu1) jammy; urgency=medium

  * Pre-release snapshot of LXC 5.0 LTS (LP: #1967620)
    - New configuration keys:
      - lxc.cgroup.dir.monitor.pivot
      - lxc.cgroup.dir.monitor
      - lxc.cgroup.dir.container.inner
      - lxc.cgroup.dir.container
      - lxc.time.offset.boot
      - lxc.time.offset.monotonic
      - veth.n_rxqueues
      - veth.n_txqueues
      - veth.vlan.id
      - veth.vlan.tagged.id
  * Drop patches (now upstreamed):
    - 0002-lxc-checkconfig-Fix-bashism.patch
    - 0003-doc-Fix-reverse-allowlist-denylist.patch
  * Update lintian overrides for current lintian version
  * debian/control: Switch to debhelper-compat

 -- Stéphane Graber <email address hidden>  Tue, 05 Apr 2022 18:07:22 -0400

Available diffs

• diff from 1:4.0.12-0ubuntu2 to 1:5.0.0~git2209-g5a7b9ce67-0ubuntu1 (21.2 KiB)

lxc (1:4.0.12-0ubuntu1~21.10.1) impish; urgency=medium

  * Cherry-pick upstream bugfixes (stable-4.0):
    - 0002-lxc-checkconfig-Fix-bashism.patch
    - 0003-doc-Fix-reverse-allowlist-denylist.patch

  * New upstream bugfix release (4.0.12) (LP: #1959993):
    (https://discuss.linuxcontainers.org/t/lxc-4-0-12-has-been-released/13288)
    - Fixed CRIU restoration of containers with pre-created veth interfaces
    - Fixed issue with kernels lacking SMT support
    - Extended cgroup2 config options in lxc.mount.auto (cgroup2)
    - lxc-download now relies on HTTPS for validation (avoids GPG issues)

  * New upstream bugfix release (4.0.11):
    (https://discuss.linuxcontainers.org/t/lxc-4-0-11-has-been-released/12427)
    - Core scheduling support (lxc.sched.core)
    - riscv64 support in lxc.arch
    - Significantly improved bash completion profile
    - Greater use of the new VFS mount API (when supported by the kernel)
    - Fix containers with empty network namespaces
    - Handle kernels that lack TIOCGPTPEER
    - Improve CPU bitmask/id handling (handle skipped CPU numbers)
    - Reworked the tests to run offline

  * New upstream bugfix release (4.0.10):
    (https://discuss.linuxcontainers.org/t/lxc-4-0-10-has-been-released/11618)
    - Fix issues with less common architectures
    - Support for additional idmap mounts
    - nft support in lxc-net
    - Cleaner mount entries for sys:mixed
    - Switched GPG server to keyserver.ubuntu.com

  * New upstream bugfix release (4.0.9):
    (https://discuss.linuxcontainers.org/t/lxc-4-0-9-has-been-released/10999)
    - Fix incorrect personality setting when running 32bit containers on 64bit

  * New upstream bugfix release (4.0.8):
    - Fix CGroup attach against older running containers

  * New upstream bugfix release (4.0.7):
    - Testing improvements including fixes from oss-fuzz
    - Rework of the attach codepath
    - Cgroup handling rework

  * Bump to debhelper 12 (allows focal SRUs)
  * Bump standards to 4.6.0.1
  * Add lintian overrides for incorrect bashism detection
  * Remove bash completion install logic (now done upstream)

 -- Stéphane Graber <email address hidden>  Thu, 03 Feb 2022 23:50:20 -0500

Available diffs

• diff from 1:4.0.10-0ubuntu5 to 1:4.0.12-0ubuntu1~21.10.1 (301.6 KiB)

lxc (1:4.0.12-0ubuntu2) jammy; urgency=medium

  * No-change rebuild to update maintainer scripts, see LP: 1959054

 -- Dave Jones <email address hidden>  Wed, 16 Feb 2022 17:06:54 +0000

Available diffs

• diff from 1:4.0.12-0ubuntu1 to 1:4.0.12-0ubuntu2 (378 bytes)

lxc (1:4.0.12-0ubuntu1~20.04.1) focal; urgency=medium

  * Cherry-pick upstream bugfixes (stable-4.0):
    - 0002-lxc-checkconfig-Fix-bashism.patch
    - 0003-doc-Fix-reverse-allowlist-denylist.patch

  * New upstream bugfix release (4.0.12) (LP: #1959993):
    (https://discuss.linuxcontainers.org/t/lxc-4-0-12-has-been-released/13288)
    - Fixed CRIU restoration of containers with pre-created veth interfaces
    - Fixed issue with kernels lacking SMT support
    - Extended cgroup2 config options in lxc.mount.auto (cgroup2)
    - lxc-download now relies on HTTPS for validation (avoids GPG issues)

  * New upstream bugfix release (4.0.11):
    (https://discuss.linuxcontainers.org/t/lxc-4-0-11-has-been-released/12427)
    - Core scheduling support (lxc.sched.core)
    - riscv64 support in lxc.arch
    - Significantly improved bash completion profile
    - Greater use of the new VFS mount API (when supported by the kernel)
    - Fix containers with empty network namespaces
    - Handle kernels that lack TIOCGPTPEER
    - Improve CPU bitmask/id handling (handle skipped CPU numbers)
    - Reworked the tests to run offline

  * New upstream bugfix release (4.0.10):
    (https://discuss.linuxcontainers.org/t/lxc-4-0-10-has-been-released/11618)
    - Fix issues with less common architectures
    - Support for additional idmap mounts
    - nft support in lxc-net
    - Cleaner mount entries for sys:mixed
    - Switched GPG server to keyserver.ubuntu.com

  * New upstream bugfix release (4.0.9):
    (https://discuss.linuxcontainers.org/t/lxc-4-0-9-has-been-released/10999)
    - Fix incorrect personality setting when running 32bit containers on 64bit

  * New upstream bugfix release (4.0.8):
    - Fix CGroup attach against older running containers

  * New upstream bugfix release (4.0.7):
    - Testing improvements including fixes from oss-fuzz
    - Rework of the attach codepath
    - Cgroup handling rework

  * Bump to debhelper 12 (allows focal SRUs)
  * Bump standards to 4.6.0.1
  * Add lintian overrides for incorrect bashism detection
  * Remove bash completion install logic (now done upstream)

 -- Stéphane Graber <email address hidden>  Thu, 03 Feb 2022 23:50:20 -0500

Available diffs

• diff from 1:4.0.6-0ubuntu1~20.04.1 to 1:4.0.12-0ubuntu1~20.04.1 (706.5 KiB)

lxc (1:4.0.12-0ubuntu1) jammy; urgency=medium

  * Cherry-pick upstream bugfixes (stable-4.0):
    - 0002-lxc-checkconfig-Fix-bashism.patch
    - 0003-doc-Fix-reverse-allowlist-denylist.patch (LP: #1957934)

  * New upstream bugfix release (4.0.12):
    (https://discuss.linuxcontainers.org/t/lxc-4-0-12-has-been-released/13288)
    - Fixed CRIU restoration of containers with pre-created veth interfaces
    - Fixed issue with kernels lacking SMT support
    - Extended cgroup2 config options in lxc.mount.auto (cgroup2)
    - lxc-download now relies on HTTPS for validation (avoids GPG issues)

  * New upstream bugfix release (4.0.11)
    (LP: #1943441, LP: #1938771, LP: #1891903):
    (https://discuss.linuxcontainers.org/t/lxc-4-0-11-has-been-released/12427)
    - Core scheduling support (lxc.sched.core)
    - riscv64 support in lxc.arch
    - Significantly improved bash completion profile
    - Greater use of the new VFS mount API (when supported by the kernel)
    - Fix containers with empty network namespaces
    - Handle kernels that lack TIOCGPTPEER
    - Improve CPU bitmask/id handling (handle skipped CPU numbers)
    - Reworked the tests to run offline

  * Bump to debhelper 12 (allows focal SRUs)
  * Bump standards to 4.6.0.1
  * Add lintian overrides for incorrect bashism detection
  * Remove bash completion install logic (now done upstream)

 -- Stéphane Graber <email address hidden>  Wed, 02 Feb 2022 20:48:39 -0500

Available diffs

• diff from 1:4.0.10-0ubuntu5 to 1:4.0.12-0ubuntu1 (300.3 KiB)

lxc (1:4.0.10-0ubuntu5) impish; urgency=medium

  * d/t/exercise: Skip tests that are incompatible with cgroups v2
    (LP: #1943704)

 -- Lukas Märdian <email address hidden>  Fri, 17 Sep 2021 15:00:26 +0200

Available diffs

• diff from 1:4.0.10-0ubuntu4 to 1:4.0.10-0ubuntu5 (661 bytes)

lxc (1:4.0.10-0ubuntu4) impish; urgency=medium

  * Cherry-pick upstream bugfixes (stable-4.0):
    - 0002-cgroups-populate-hierarchy-for-device-cgroup.patch
    - 0003-cgroups-remove-unneeded-variables-from-cgroup_tree_c.patch
    - 0004-lxc_setup_ttys-Handle-existing-ttyN-file-without-und.patch
    - 0005-bpf-bpf_devices_cgroup_supported-should-check-if-bpf.patch
    - 0006-conf-use-new-mount-api-for-devpts-setup.patch
    - 0007-terminal-ttyname_r-returns-an-error-number-on-failur.patch
    - 0008-conf-ensure-devpts_fd-is-set-to-EBADF.patch
    - 0009-Fix-typos.patch
    - 0010-conf-surface-failures-to-setup-console.patch
    - 0011-conf-set-source-property-for-devpts.patch
    - 0012-conf-attach-devpts-mount-directly-when-new-mount-api.patch
    - 0013-conf-s-lxc_setup_devpts_parent-lxc_recv_devpts_from_.patch
    - 0014-conf-use-a-relative-path-in-symlinkat.patch
    - 0015-conf-update-comment.patch
    - 0016-conf-add-and-use-mount_beneath_fd.patch
    - 0017-terminal-don-t-use-ttyname_r-for-native-terminal-all.patch
    - 0018-conf-merge-devpts-setup-and-move-before-pivot-root.patch
    - 0019-string_utils-cast-__s64-to-long-long-signed-int.patch
    - 0020-terminal-split-out-lxc_devpts_terminal-helper.patch
    - 0021-conf-move-lxc_create_ttys-before-pivot-root.patch
    - 0022-conf-stash-pty_nr-in-struct-lxc_terminal.patch
    - 0023-mount_utils-add-mount_fd.patch
    - 0024-conf-use-mount_fd-helper-when-mounting-ttys.patch
    - 0025-conf-use-mount_fd-in-lxc_setup_dev_console.patch
    - 0026-conf-use-mount_fd-during-console-mounting.patch
    - 0027-file_utils-add-open_at_same.patch
    - 0028-conf-rework-console-setup.patch
    - 0029-terminal-remove-unused-argument-from-lxc_devpts_term.patch
    - 0030-start-allow-containers-to-use-a-native-console.patch
    - 0031-conf-handle-kernels-without-TIOCGPTPEER.patch
    - 0032-terminal-move-native-terminal-allocation-from-error-.patch
    - 0033-terminal-fail-on-unknown-error-during-TIOCGPTPEER.patch
    - 0034-mount_utils-introduce-mount_at.patch
    - 0035-conf-fix-logging-in-lxc_idmapped_mounts_child.patch
    - 0036-conf-refactor-lxc_recv_ttys_from_child.patch
    - 0037-conf-log-failure-to-create-tty-mountpoint.patch
    - 0038-conf-let-parse_vfs_attr-handle-legacy-mount-flags-as.patch
    - 0039-mount_utils-make-some-mount-helpers-static-inline.patch
    - 0040-conf-allow-mount-options-for-rootfs-when-using-new-m.patch
    - 0041-tests-add-test-for-rootfs-mount-options.patch
    - 0042-network-fix-container-with-empty-network-namespaces.patch
    - 0043-lsm-apparmor-log-failure-to-write-AppArmor-profile.patch
    - 0044-lsm-apparmor-use-cleanup-macro.patch
    - 0045-doc-api-extensions-Grammar-fix.patch

 -- Stéphane Graber <email address hidden>  Mon, 09 Aug 2021 13:45:59 -0400

Available diffs

• diff from 1:4.0.10-0ubuntu3 to 1:4.0.10-0ubuntu4 (34.6 KiB)

lxc (1:4.0.10-0ubuntu3) impish; urgency=medium

  * debian/rules: Fix setuid bit handling for lxc-user-nic

 -- Stéphane Graber <email address hidden>  Fri, 30 Jul 2021 14:52:48 -0400

Available diffs

• diff from 1:4.0.6-0ubuntu1 to 1:4.0.10-0ubuntu3 (543.4 KiB)
• diff from 1:4.0.10-0ubuntu2 to 1:4.0.10-0ubuntu3 (588 bytes)

lxc (1:4.0.10-0ubuntu2) impish; urgency=medium

  * debian/patches: Re-introduce default lxcbr0 configuration.
    0001-Ubuntu-default-lxcbr0-configuration.patch

 -- Stéphane Graber <email address hidden>  Thu, 29 Jul 2021 17:42:39 -0400

Available diffs

• diff from 1:4.0.10-0ubuntu1 to 1:4.0.10-0ubuntu2 (2.4 KiB)

lxc (1:4.0.10-0ubuntu1) impish; urgency=medium

  * New upstream bugfix release (4.0.10):
    - Fix issues with less common architectures
    - Support for additional idmap mounts
    - nft support in lxc-net
    - Cleaner mount entries for sys:mixed
    - Switched GPG server to keyserver.ubuntu.com

  * New upstream bugfix release (4.0.9):
    - Fix incorrect personality setting when running 32bit containers on 64bit

  * New upstream bugfix release (4.0.8):
    - Fix CGroup attach against older running containers

  * New upstream bugfix release (4.0.7):
    - Testing improvements including fixes from oss-fuzz
    - Rework of the attach codepath
    - Cgroup handling rework

  * Drop all patches:
    - Cherry-picks are all now included
    - "Allocate new lxcbr0 subnet at startup time" is no longer needed
      as LXC isn't pre-installed in Ubuntu images, so going with the
      upstream init script simplifies maintenance.

  * Bump standards to 4.5.1
    - Tweak lintian overrides (renames, cleanups, ...)
    - Drop --with systemd (built-in now)
    - Update debian/watch regexp and version

 -- Stéphane Graber <email address hidden>  Wed, 28 Jul 2021 15:42:28 -0400

Available diffs

• diff from 1:4.0.6-0ubuntu1 to 1:4.0.10-0ubuntu1 (542.4 KiB)

lxc (1:4.0.6-0ubuntu1~20.04.1) focal; urgency=medium

  * Backport hirsute fixes to focal. (LP: #1923232)

 -- Serge Hallyn <email address hidden>  Fri, 09 Apr 2021 11:19:38 -0500

Available diffs

• diff from 1:4.0.2-0ubuntu1 to 1:4.0.6-0ubuntu1~20.04.1 (227.1 KiB)

lxc (1:4.0.6-0ubuntu1) hirsute; urgency=medium

  * New upstream bugfix release (4.0.6):
    - Improve handling for compatibility architectures for seccomp
    - Harden seccomp notifier implementation
    - Rework parsing of /proc/<pid>/mountinfo to handle kernel regression
    - Improve network device restoration
    - Significantly cleanup and harden config file parsing
    - Support new capabilities CAP_PERFORM, CAP_BPF, and CAP_CHECKPOINT_RESTORE
    - Harden containers started without CAP_NET_ADMIN
  * New upstream bugfix release (4.0.5):
    - Support allocating PTS devices from within the container
    - Harden more path/mount handling logics
    - Rework LSM logic to limit initializer use
  * Cherry-pick upstream fixes:
    - 0002-commands-fix-check-for-seccomp-notify-support.patch
    - 0003-configure-skip-libseccomp-tests-if-it-is-disabled.patch
    - 0004-conf-fix-containers-retaining-CAP_NET_ADMIN.patch
    - 0005-cgroups-fix-cgroup-mounting.patch
    - 0006-lsm-remove-obsolute-comment-about-constructor.patch
    - 0007-lxc_attach-include-rexec-conditionally.patch
    - 0008-tree-wide-fix-some-header-inclusions.patch
    - 0009-initutils-fix-missing-includes.patch
    - 0010-configure-support-static-binaries.patch
    - 0011-autotools-enable-static-builds-for-tools.patch
    - 0012-autotools-enable-static-builds-for-commands.patch
    - 0013-tree-wide-fix-compilation-with-Wstrict-prototypes-Wo.patch
    - 0014-config-update-ax_pthread.m4.patch
    - 0015-configure-add-AC_SYS_LARGEFILE-checking.patch
    - 0016-autotools-update-build.patch
    - 0017-file_utils-introduce-read_file_at.patch
    - 0018-string_utils-add-must_make_path_relative.patch
    - 0019-cgroups-coding-style-fixes.patch
    - 0020-cgroups-rework-cg_unified_init.patch
    - 0021-cgroups-detect-and-record-cgroup2-freezer-support.patch
    - 0022-criu-handle-cgroup2-freezer.patch
    - 0023-mkdir-p-proc-sys-on-container-startup.patch
    - 0024-conf-fix-coding-style.patch
    - 0025-conf-coding-style-fixes.patch
    - 0026-conf-move-proc-and-sys-mountpoint-creation-int-lxc_m.patch
    - 0027-attach-invert-child-parent-handling.patch
    - 0028-attach-use-__do_free-cleanup-macro-for-cwd.patch
    - 0029-attach-tweak-logging.patch
    - 0030-attach-use-__do_close-for-labelfd.patch
    - 0031-attach-coding-style-fixes.patch
    - 0032-attach-use-free_disarm.patch
    - 0033-attach-s-attach_child_main-do_attach-g.patch
    - 0034-attach-mark-do_attach-as-__noreturn.patch
    - 0035-attach-make-do_attach-void.patch
    - 0036-attach-use-close_prot_errno_disarm.patch
    - 0037-attach-add-some-DEBUG-logging-to-stdfd-dpulication.patch
    - 0038-cgroups-fix-cgroup-mounting.patch
    - 0039-utils-fix-mount_at.patch
    - 0040-configure-fix-static-builds-with-clang-12-and-LTO.patch
    - 0041-cgroups-bpf-fixes.patch
    - 0042-croups-improve-__do_bpf_program_free.patch
    - 0043-cgroups-coding-style-fixes.patch
    - 0044-cgroups-don-t-initiliaze-NULL-log.patch
    - 0045-cgroups-ensure-all-memory-is-zeroed.patch
    - 0046-cgroups-use-zalloc.patch
    - 0047-cgroups-tweak-cgroup-initialization.patch
    - 0048-log-remove-pointless-inline.patch
    - 0049-log-add-lxc_log_get_fd.patch
    - 0050-seccomp-use-lxc_log_get_fd.patch
    - 0051-log-rework-lxc_log_get_level.patch
    - 0052-seccomp-use-lxc_log_get_level.patch
    - 0053-cgroups-use-bpf-log-when-logging-at-trace-level.patch
    - 0054-log-add-lxc_log_trace-helper.patch
    - 0055-cgroups-use-PTR_TO_U64.patch
    - 0056-cgroups-align-methods.patch
    - 0057-utils-use-SYSTRACE-when-logging-stdio-permission-fix.patch
    - 0058-attach-log-failues-to-dup2-with-SYSDEBUG.patch
    - 0059-attach-fix-logging-for-stdfd-replacement.patch
    - 0060-attach-fix-error-checking-for-dup2.patch
    - 0061-cgroups-initialize-variable.patch
    - 0062-commands_utils-don-t-leak-memory.patch
    - 0063-conf-use-lxc_log_trace.patch
    - 0064-confile_utils-use-lxc_log_trace.patch
    - 0065-rexec-check-lseek-return-value.patch

 -- Stéphane Graber <email address hidden>  Thu, 11 Feb 2021 16:34:13 -0500

Available diffs

• diff from 1:4.0.4-0ubuntu3 to 1:4.0.6-0ubuntu1 (108.8 KiB)

lxc (1:4.0.4-0ubuntu3) groovy; urgency=medium

  * Cherry-pick upstream bugfix:
    - cgroups: fix armhf builds

 -- Stéphane Graber <email address hidden>  Tue, 25 Aug 2020 09:45:30 -0400

Available diffs

• diff from 1:4.0.2-0ubuntu1 to 1:4.0.4-0ubuntu3 (130.5 KiB)
• diff from 1:4.0.4-0ubuntu2 to 1:4.0.4-0ubuntu3 (1.2 KiB)

lxc (1:4.0.4-0ubuntu2) groovy; urgency=medium

  * Cherry-pick upstream bugfix:
    - cgfsng: fix cgroup attach cgroup creation

 -- Stéphane Graber <email address hidden>  Fri, 21 Aug 2020 14:09:35 -0400

Available diffs

• diff from 1:4.0.4-0ubuntu1 to 1:4.0.4-0ubuntu2 (1.6 KiB)

lxc (1:4.0.4-0ubuntu1) groovy; urgency=medium

  * New upstream bugfix release (4.0.4):
    - Support for new Linux clone flags (clone into cgroup)
    - Support for new Linux VFS system calls
    - Internal symbols are now properly hidden from external consumers
  * New upstream bugfix release (4.0.3):
    - Improvement to cgroupv1/cgroupv2 handling
    - Various improvements and tests for lxc-usernsexec

 -- Stéphane Graber <email address hidden>  Thu, 20 Aug 2020 18:07:53 -0400

Available diffs

• diff from 1:4.0.2-0ubuntu1 to 1:4.0.4-0ubuntu1 (129.2 KiB)

lxc (1:4.0.2-0ubuntu1) focal; urgency=medium

  * New ypstream bugfix release (4.0.2):
    - RISC-V 64bit support
    - Better group handling in lxc-user-nic
    - Seccomp syscall interception fix for newer kernels
    - CGroup v1 limits are now automatically skipped on v2 systems
    - Fix a variety of issues identified by the Coverity Scan service

 -- Stéphane Graber <email address hidden>  Thu, 16 Apr 2020 15:52:36 -0400

Available diffs

• diff from 1:4.0.1-0ubuntu2 to 1:4.0.2-0ubuntu1 (15.2 KiB)

lxc (1:4.0.1-0ubuntu2) focal; urgency=medium

  * Cherry-pick upstream fixes:
    - 0001-Allocate-new-lxcbr0-subnet-at-startup-time.patch
    - 0002-start-ensure-all-file-descriptors-are-closed-during-.patch
    - 0003-syscall_numbers-handle-riscv.patch
    - 0004-lxc_user_nic-simplify-group-retrieval.patch
    - 0005-lxc_user_nic-continue-when-we-failed-to-find-a-group.patch
    - 0006-cgroups-whitespace-fixes.patch
    - 0007-seccomp-newer-kernels-require-the-buffer-to-be-zeroe.patch

 -- Stéphane Graber <email address hidden>  Wed, 08 Apr 2020 23:33:44 -0400

Available diffs

• diff from 1:4.0.1-0ubuntu1 to 1:4.0.1-0ubuntu2 (4.3 KiB)

lxc (1:4.0.1-0ubuntu1) focal; urgency=medium

  * New upstream bugfix release (4.0.1):
    - Tweak systemd ordering (start after remote-fs.target)
    - Fix various issues around attach and cgroups
    - Fix shutdown timeout not working on pidfd systems
    - Fix cgroup issue on 4.9 kernel
    - Fix write issues in /dev/stdout
  * Fix upgrade ordering (LP: #1870483)
  * Update lintian overrides:
    - Drop epoch bump override (no longer detecting it)
    - Add /usr/libexec override (LXC only uses /usr/lib)

 -- Stéphane Graber <email address hidden>  Mon, 06 Apr 2020 16:24:28 -0400

Available diffs

• diff from 1:4.0.0-0ubuntu2 to 1:4.0.1-0ubuntu1 (48.9 KiB)

lxc (1:4.0.0-0ubuntu2) focal; urgency=medium

  * Cherry-pick upstream bugfixes:
    - 0036-fix-non-root-user-cannot-write-dev-stdout.patch
    - 0037-cgroups-fix-uninitialized-transient_len-warning.patch
    - 0038-utils-rework-fix_stdio_permissions.patch
    - 0039-utils-use-setres-u-g-id-in-lxc_switch_uid_gid.patch
    - 0040-cgroups-fix-build-warning-on-GCC-7.patch
    - 0041-lxccontainer-poll-takes-millisecond-not-seconds.patch

 -- Stéphane Graber <email address hidden>  Thu, 02 Apr 2020 12:25:20 -0400

Available diffs

• diff from 3.0.4-0ubuntu2 to 1:4.0.0-0ubuntu2 (331.8 KiB)
• diff from 1:4.0.0-0ubuntu1 to 1:4.0.0-0ubuntu2 (4.0 KiB)

lxc (1:4.0.0-0ubuntu1) focal; urgency=medium

  * Bump epoch to match Debian. (LP: #1837537)
  * New upstream release (4.0.0):
    - Fixes (LP: #1867535, LP: #1861880, LP: #1858799, LP: #1831258)
    - cgroups: Full cgroup2 support
    - cgroups: Freezer support in CGroup2
    - cgroups: eBPF device controller support in CGroup2
    - config: Add lxc.autodev.tmpfs.size configuration key
    - config: Add lxc.selinux.context.keyring key
    - config: Add lxc.keyring.session
    - file utils: Add fopen_cached() and fdopen_cached
    - api: Add new init_pidfd() member
    - memory utils: Add new cleanup api
    - lxc-usernsexec: Make it easy to map own uid
    - seccomp: Add s390 support
    - syscalls: Improve manual syscall implementations
    - network: Improved network device creation and removal
    - network: Allow moving wireless devices
  * Cherry-pick upstream bugfixes:
    - 0002-lxc_init-move-main-down.patch
    - 0003-lxc_init-add-missing-O_CLOEXEC.patch
    - 0004-lxc.service-Starts-after-remote-fs.target-to-allow-c.patch
    - 0005-tree-wide-harden-mount-option-parsing.patch
    - 0006-dir-use-cleanup-macro-in-dir_mount.patch
    - 0007-dir-improve-dir-backend.patch
    - 0008-cgroups-fix-attaching-to-the-unified-cgroup.patch
    - 0009-conf-rework-and-fix-leak-in-userns_exec_1.patch
    - 0010-commands-log-actual-errno-when-lxc_cmd_get_cgroup2_f.patch
    - 0011-cgroups-move-pointer-dereference-after-check.patch
    - 0012-cgroups-rework-__cg_unified_attach.patch
    - 0013-attach-use-close_prot_errno_disarm.patch
    - 0014-cgroups-remove-unused-variable.patch
    - 0015-cgroups-fix-unified-cgroup-attach.patch
    - 0016-fixup-i-o-handler-return-values.patch
    - 0017-Revert-cgroups-fix-unified-cgroup-attach.patch
    - 0018-conf-introduce-and-use-userns_exec_minimal.patch
    - 0019-conf-simplify-userns_exec_minimal.patch
    - 0020-cgroups-use-hidden-directory-for-attaching-cgroup.patch
    - 0021-cgroups-please-compilers.patch
    - 0022-monitor-process-exited-by-signal-SIGKILL-clean-cgrou.patch
    - 0023-cgroups-move-check-for-valid-monitor-process-up.patch
    - 0024-cgroups-better-helper-naming.patch
    - 0025-tree-wide-s-recursive_destroy-lxc_rm_rf-g.patch
    - 0026-verify-cgroup-controller-name.patch
    - 0027-cgroups-handle-older-kernels-e.g.-v4.9.patch
    - 0028-start-log-error-when-failing-to-create-cgroup.patch
    - 0029-cgroups-send-two-attach-fds.patch
    - 0030-cgroups-send-two-fds-to-attach-to-unified-cgroup.patch
    - 0031-start-remove-unnecessary-check-for-valid-cgroup_ops.patch
    - 0032-init-add-ExecReload-to-lxc.service-to-only-reload-pr.patch
    - 0033-apparmor-generate-ro-bind-remount-rule-list.patch
    - 0034-autotools-don-t-install-run-coccinelle.sh.patch
    - 0035-systemd-Add-Documentation-key.patch
  * Bump to new standards (4.5.0)
  * Move manpages to the correct packages (libpam-cgfs, libpam-common)
  * Refresh lintian overrides (lxc-utils)

 -- Stéphane Graber <email address hidden>  Wed, 01 Apr 2020 17:35:58 -0400

Available diffs

• diff from 3.0.4-0ubuntu3 to 1:4.0.0-0ubuntu1 (328.6 KiB)

lxc (3.0.4-0ubuntu3) focal; urgency=medium

  * No-change rebuild for libgcc-s1 package name change.

 -- Matthias Klose <email address hidden>  Sun, 22 Mar 2020 16:48:35 +0100

Available diffs

• diff from 3.0.4-0ubuntu2 to 3.0.4-0ubuntu3 (335 bytes)

lxc (3.0.4-0ubuntu2) focal; urgency=medium

  * Cherry-pick upstream bugfixes (LP: #1848587):
    - tests: use /dev/loop-control instead of /dev/network_latency

 -- Stéphane Graber <email address hidden>  Tue, 26 Nov 2019 12:22:37 -0500

Available diffs

• diff from 3.0.4-0ubuntu1 to 3.0.4-0ubuntu2 (1.1 KiB)

lxc (3.0.4-0ubuntu1) eoan; urgency=medium

  * New upstream bugfix release (3.0.4).
  * Cherry-pick upstream bugfixes:
    - cgfsng: fix memory leak in lxc_cpumask_to_cpulist
    - cgroups: use __do_free
    - cgroups: move variables into tighter scope
    - cgroups: simplify cgfsng_setup_limits()
    - cgroups: use __do_free in cgfsng_attach()
    - cgroups: move variable into tighter scope
    - cgroups: move variable into tighter scope
    - cgroups: simplify cgfsng_nrtasks()
    - cgroups: move variable into tighter scope
    - cgroups: correctly order variables
    - cgroups: move variable into tighter scope
    - fix memory leak in do_storage_create
    - Move code/variable in smaller scope
    - start: expose LXC_PID to network hooks too
    - cgroups: hande cpuset initialization race
    - pidf_send_signal: fix return value
    - cgroup: check for non-empty conf
    - typo fix
    - Suppress hardcoded table sizes
    - lxc/log: add error_log_errno macro
    - pidfds: don't print a scary warning on ENOSYS
    - cgroups: initialize cpuset properly
    - lxccontainer: fix detaching wlan devices
    - utils: fix wrong integer of a function parameter
    - lxc.pc: Fix invalid @DLOG_LIBS@
  * debian/control: Set Rules-Requires-Root to no
  * debian/control: Bump standards to 4.4.0
  * debian/upstream: Reduce size of GPG key
  * debian/source: Remove unused lintian override

 -- Stéphane Graber <email address hidden>  Mon, 07 Oct 2019 19:24:07 -0400

Available diffs

• diff from 3.0.3-0ubuntu1 to 3.0.4-0ubuntu1 (176.4 KiB)

lxc (2.0.11-0ubuntu1~16.04.3) xenial; urgency=medium

  * Cherry-pick upstream bugfix (fixes regression on attach with uid/gid):
    - attach: improve id switching
    - utils: make id switching functions return bool

Available diffs

• diff from 2.0.8-0ubuntu1~16.04.2 to 2.0.11-0ubuntu1~16.04.3 (462.5 KiB)
• diff from 2.0.11-0ubuntu1~16.04.2 to 2.0.11-0ubuntu1~16.04.3 (3.7 KiB)

lxc (2.0.11-0ubuntu1~16.04.2) xenial; urgency=medium

  * Use clean LDFLAGS when building the static init.lxc, otherwise we
    end up with broken binaries on some architectures.

Available diffs

• diff from 2.0.11-0ubuntu1~16.04.1 to 2.0.11-0ubuntu1~16.04.2 (648 bytes)

lxc (2.0.11-0ubuntu1~16.04.1) xenial; urgency=medium

  * New upstream bugfix release (2.0.11) (LP: #1816642)
    - Security fix for CVE-2018-6556 (affecting 2.0.9+)
    - Mitigation for CVE-2019-5736

    - Full changelog available at:
      https://discuss.linuxcontainers.org/t/lxc-2-0-11-has-been-released/4238

 -- Stéphane Graber <email address hidden>  Mon, 04 Mar 2019 15:07:19 -0500

Available diffs

• diff from 2.0.8-0ubuntu1~16.04.2 to 2.0.11-0ubuntu1~16.04.1 (459.4 KiB)

lxc (3.0.3-0ubuntu1~16.04.1) xenial-backports; urgency=medium

  * Backport to Xenial.

 -- Stéphane Graber <email address hidden>  Wed, 19 Dec 2018 23:25:28 -0500

Available diffs

• diff from 3.0.2-0ubuntu4~16.04.1 to 3.0.3-0ubuntu1~16.04.1 (219.8 KiB)

lxc (3.0.3-0ubuntu1~18.04.1) bionic; urgency=medium

  * New upstream bugfix release (LP: #1804755):
    - CONTRIBUTING: Update reference to kernel coding style
    - CONTRIBUTING: Link to latest online kernel docs
    - CONTRIBUTING: Direct readers to CODING_STYLE.md
    - CODING_STYLE: Mention kernel style in introduction
    - CONTRIBUTING: Add 'be' to fix grammar
    - CODING_STLYE: Simplify explanation for use of 'extern'
    - CODING_STLYE: Remove sections implied by 'kernel style'
    - CODING_STYLE: Fix non-uniform heading level
    - CODING_STYLE: Update section header format
    - cmd: Use parenthesis around complex macro
    - cmd: Use 'void' instead of empty parameter list
    - cmd: Do not use braces for single statement block
    - cmd: Fix whitespace issues
    - cmd: Use 'const' for static string constant.
    - cmd: Remove unnecessary whitespace in string
    - cmd: Put trailing */ on a separate line
    - cmd: Remove typo'd semicolon
    - cmd: Do not use comparison to NULL
    - lxc_init: s/SYSDEBUG()/SYSERROR()/g in remove_self
    - tools: lxc-attach: add default log priority & cleanups
    - tools: lxc-cgroup: add default log priority & cleanups
    - tools: lxc-checkpoint: add default log priority & cleanups
    - tools: lxc-console: add default log priority & cleanups
    - tools: lxc-create: add default log priority & cleanups
    - tools: lxc-destroy: add default log priority & cleanups
    - tools: lxc-device: add default log priority & cleanups
    - tools: lxc-execute: add default log priority & cleanups
    - tools: lxc-start: add default log priority & cleanups
    - tools: lxc-stop: add default log priority & cleanups
    - tools: lxc-freeze: add default log priority & cleanups
    - tools: lxc-unfreeze: add default log priority & cleanups
    - storage_utils: move duplicated function from tools
    - tools: fix lxc-execute command parsing
    - lseek - integer overflow
    - cmd: lxc-user-nic: change log macro & cleanups
    - cmd: lxc-usernsexec reorder includes
    - cmd: move declarations to macro.h
    - cmd: use utils.{c,h} helpers in lxc-usernsexec
    - cmd: simplify lxc-usernsexec
    - cmd: use safe number parsers in lxc-usernsexec
    - macro: add missing headers
    - macro: add macvlan properties
    - tools: Indicate container startup failure
    - storage: exit() => _exit(). when exec is failed
    - tools: lxc-wait: add default log priority & cleanups
    - conf: fix path/lxcpath mixups in tty setup
    - cmd: use goto for cleanup in lxc-usernsexec
    - cmd: Do not reassign variable before it is used
    - cmd: Reduce scope of 'count' variable
    - cmd: Fix format issues found by clang-format
    - list: fix indent
    - utils: split into {file,string}_utils.{c,h}
    - pam_cgfs: build from the same sources as liblxc
    - conf: fix devpts mounting when fully unprivileged
    - macro: s/rexit()/_exit()/g
    - attach: move struct declaration to top
    - macro: move macros from attach.c
    - Makefile: don't allow undefined symbols
    - autotools: check if compiler is new enough
    - log: handle strerror_r() versions
    - autotools: add --{disable,enable}-thread-safety
    - log: fail build on ENFORCE_THREAD_SAFETY error
    - {file,string}_utils: remove NO_LOG
    - initutils: remove useless comment
    - string_utils: remove unnecessary include
    - string_utils: remove unused headers
    - string_utils: add remove_trailing_slashes()
    - Makefile: remove last pam_cgfs special-casing
    - conf: add missing headers
    - Fix typo
    - ifaddrs: add safe implementation of getifaddrs()
    - Makefile: conditionalize ifaddrs.h inclusion
    - execute: skip lxc-init logging when unprivileged
    - execute: pass /proc/self/fd/<nr>
    - tests: cleanup get_item.c
    - build: fix musl
    - configure: reorder header checks
    - compiler: add compiler.h header
    - commands: return -1 on lxc_cmd_get_init_pid() err
    - tests: add basic.c
    - tests: cleanup Makefile
    - commands: ensure -1 is sent on EPIPE for init pid
    - macro: add LXC_AUDS_ADDR_LEN
    - macro: move LXC_CMD_DATA_MAX from commands.h
    - macro: add PTR_TO_INT() and INT_TO_PTR()
    - macro: add INTTYPE_TO_STRLEN()
    - caps: s/LXC_NUMSTRLEN64/INTTYPE_TO_STRLEN()/
    - cgfsng: s/LXC_NUMSTRLEN64/INTTYPE_TO_STRLEN()/
    - confile: s/LXC_NUMSTRLEN64/INTTYPE_TO_STRLEN()/
    - log: s/LXC_NUMSTRLEN64/INTTYPE_TO_STRLEN()/
    - lsm: s/LXC_NUMSTRLEN64/INTTYPE_TO_STRLEN()/
    - macro: s/LXC_NUMSTRLEN64/INTTYPE_TO_STRLEN()/
    - lxccontainer: s/LXC_NUMSTRLEN64/INTTYPE_TO_STRLEN()/
    - monitor: s/LXC_NUMSTRLEN64/INTTYPE_TO_STRLEN()/
    - network: s/LXC_NUMSTRLEN64/INTTYPE_TO_STRLEN()/
    - string_utils: s/LXC_NUMSTRLEN64/INTTYPE_TO_STRLEN()/
    - utils: s/LXC_NUMSTRLEN64/INTTYPE_TO_STRLEN()/
    - tools: s/LXC_NUMSTRLEN64/INTTYPE_TO_STRLEN()/
    - conf: s/LXC_NUMSTRLEN64/INTTYPE_TO_STRLEN()/
    - tests: s/LXC_NUMSTRLEN64/INTTYPE_TO_STRLEN()/
    - macro: final INTTYPE_TO_STRLEN() related cleanups
    - macro: coding style fixes
    - Makefile: correctly add ifaddrs to noinst_HEADERS
    - start: remove duplicate macros
    - caps: move macros to macro header
    - string_utils: use UINT64_MAX macro
    - tree-wide: use sizeof on static arrays
    - Revert "tree-wide: use sizeof on static arrays"
    - commands: pass around intmax_t
    - commands: assign before converting to pointer
    - macro: calculate buffer lengths correctly
    - Revert "Revert "tree-wide: use sizeof on static arrays""
    - macro: move MS_* macros
    - caps: fix illegal access to array bound
    - utils: defensive programming
    - nl: remove duplicated define
    - syntax error: mismatch brace
    - commands: better error message
    - file_utils: add lxc_recv_nointr()
    - commands: switch to setting errno and returning -1
    - log: do not clobber errno
    - log: save errno on strerror_r()
    - tree-wide: s/recv()/lxc_recv_nointr()/g
    - file_utils: add lxc_send_nointr()
    - tree-wide: s/send()/lxc_send_nointr()/g
    - nl: save errno on lxc_netns_set_nsid()
    - log: log_append_logfile() add new error path
    - lxccontainer: fix dereferenced pointer
    - lxc: fix build with --disable-werror
    - utils: improve get_ns_uid() and add get_ns_gid()
    - utils: improve lxc_switch_uid_gid()
    - log: support dlog
    - attach: handle id switching smarter
    - start: avoid unnecessary syscalls
    - utils: make lxc_setgroups() return bool
    - utils: make lxc_switch_uid_gid() return bool
    - lxccontainer: use correct pid_t type
    - conf: remove extra MS_BIND with sysfs:mixed
    - network: use correct type in lxc_netns_set_nsid()
    - network: add lxc_netns_get_nsid()
    - remove unused variables
    - file_utils: remove unused function
    - network: minor tweaks
    - add compile flags for dlog
    - log: add common functions
    - log: add additional info of dlog
    - attach: don't shutdown ipc socket in child
    - security: fix too wide or inconsistent non-owner permissions
    - attach: report standard shell exit codes
    - af_unix: add function to remove duplicated codes for set sockaddr
    - lxccontainer: remove locks from set_cgroup_item()
    - lxccontainer: remove locks from get_cgroup_item()
    - apparmor: account for specified rootfs path (closes #2617)
    - conf: realpath() uses null as second parameter to prevent buffer overflow
    - start: s/backgrounded/daemonize/g
    - cgfsng: mark ops with \_\_cgfsng_ops\_\_ attribute
    - autotools: add -Wimplicit-fallthrough
    - cgroup: rename container specific cgroup functions
    - cgroups: s/fullcgpath/container_full_path/g
    - cgroups: add missing string.h include
    - cgroups: s/base_cgroup/container_base_path/g
    - autotools: fix wrong AX_CHECK_COMPILE_FLAG test
    - compiler: s/\_\_fallthrough\_\_/\_\_fallthrough/g
    - compiler: s/\_\_noreturn\_\_/\_\_noreturn/g
    - cgfsng: s/\_\_cgfsng_ops\_\_/\_\_cgfsng_ops/g
    - macro: add STRLITERALLEN() and STRARRAYLEN()
    - tree-wide: replace sizeof() with SIZEOF2STRLEN()
    - compiler: \_\_attribute\_\_((noreturn)) on bionic
    - autotools: support -Wcast-align
    - autotools: support -Wstrict-prototypes
    - network: add netns_getifaddrs() implementation
    - tree_wide: switch to netns_getifaddrs()
    - netns_ifaddrs: mark casts as safe
    - autotools: fix lxc_user_nic build
    - stop: Only freeze if freezer is available
    - doc: tweak documentation a little
    - cgfsng: set errno to ENOENT on get_hierarchy()
    - cgfsng: s/cgfsng_destroy/cgfsng_payload_destroy/g
    - cgfsng: s/25/INTTYPE_TO_STRLEN(pid_t)/g
    - compiler: fix \_\_noreturn on bionic
    - compiler: add \_\_hot attribute
    - netns_ifaddrs: fix missing include
    - autools: prevent dlog build on stable branch
    - tree-wide: fix includes to fix bionic builds
    - template: oci template supports for char user info
    - btrfs: fix btrfs containers
    - oci-template: Add logic for no /etc/passwd, group
    - configure: fix -Wimplicit-fallthrough check
    - utils: add lxc_setup_keyring()
    - autotools: support -z relro and -z now
    - netns_ifaddrs: handle IFLA_STATS{64} correctly
    - syscall_wrappers: add pivot_root()
    - raw_syscalls: add lxc_raw_execveat()
    - raw_syscalls: add lxc_raw_clone{_cb}()
    - raw_syscalls: add lxc_raw_getpid()
    - autotools: fix lxc init build
    - autotools: fix lxc-monitord build
    - autotools: fix lxc-user-nic build
    - autotools: fix lxc-usernsexec build
    - tests: add missing build dependencies
    - netns_ifaddrs: only use struct rtnl_link_stats64
    - cgroups: remove unnecessary line
    - netns_iaddrs: remove unused functions
    - parse: prefault config file with MAP_POPULATE
    - cgfsng: avoid tiny race window
    - utils: fix lxc_set_death_signal()
    - cgfsng: handle v1 cpuset hierarchy first
    - syscall_wrappers: move memfd_create()
    - syscall_wrappers: move setns()
    - syscall_wrappers: move sethostname()
    - syscall_wrappers: move unshare()
    - syscall_wrappers: move signalfd()
    - raw_syscalls: move lxc_raw_gettid()
    - tools: lxc-start: remove unused argument
    - tools: lxc-unshare: remove unnecessary initialization
    - parse: remove access() check
    - parse: report errors when failing config parsing
    - macro: add PATH_MAX
    - cmd: s/MAXPATHLEN/PATH_MAX/g
    - conf: s/MAXPATHLEN/PATH_MAX/g
    - confile: s/MAXPATHLEN/PATH_MAX/g
    - log: s/MAXPATHLEN/PATH_MAX/g
    - lxccontainer: s/MAXPATHLEN/PATH_MAX/g
    - macro: s/MAXPATHLEN/PATH_MAX/g
    - network: s/MAXPATHLEN/PATH_MAX/g
    - pam: s/MAXPATHLEN/PATH_MAX/g
    - start: s/MAXPATHLEN/PATH_MAX/g
    - terminal: s/MAXPATHLEN/PATH_MAX/g
    - utils: s/MAXPATHLEN/PATH_MAX/g
    - storage: s/MAXPATHLEN/PATH_MAX/g
    - tools: s/MAXPATHLEN/PATH_MAX/g
    - attach: reset signal mask
    - start: change log level
    - file_utils: fix too wide or inconsistent non-owner permissions
    - attach: fix missing pthread.h include
    - macro: add NETLINK_DUMP_STRICT_CHK
    - macro: add SOL_NETLINK
    - netns_ifaddrs: check for NETLINK_DUMP_STRICT_CHK
    - parse: do not mask failed parse
    - test: test invalid config keys
    - confile: remove unused variable
    - parse: fix uninitialized pointer access
    - fix rpm packaging error for static library
    - fix post section script error for rpm install
    - conf: log prlimit setup
    - conf: verify_start_hooks() after lxc.mount.entry
    - checkpoint: fix running do_dump()
    - monitor: log cleanups
    - monitor: checking name too long to make monitor sock name
    - commands_utils: improve code redundancy to make abstract unix socket name
    - monitor: fix coding standard
    - autools: use -fno-strict-aliasing
    - checkconfig: Handle missing kernel version
    - lxc-init: log to /dev/console
    - autotools: fix --disable-commands builds
    - string_utils: fix global buffer overflow issue
    - include: simplify strlcpy()
    - raw_syscalls: ensure function always returns value
    - confile: fix append_unexp_config_line()
    - parse: protect against config updates during parse
    - parse: fix uninitialized value
    - tree-wide: coding style fixes
    - start: simplify
    - autotools: compiler based hardening
    - coverity: update .travis.yml
    - coverity: update .travis.yml
    - coverity: update .travis.yml
    - coverity: update .travis.yml
    - coverity: update .travis.yml
    - confile: do not overwrite global variable
    - commands: simplify
    - cgfsng: move increment out of branch
    - monitord: do not hide global variable
    - tools/lxc_copy: do not hide global variable
    - tools/lxc_top: do not hide global variable
    - tools/lxc_info: do not hide global variable
    - state: remove tautological check
    - conf: remove tautological check
    - conf: use O_CLOEXEC in lxc_pivot_root()
    - conf: remove tautological check
    - lxccontainer: remove check from goto target
    - start: prevent values smaller 0
    - tools/lxc_stop: use correct check
    - cmd/lxc_init: do not hide global variable
    - coverity: #1440391
    - coverity: #1440389
    - coverity: #1426130
    - storage_utils: add error handling
    - storage_utils: cleanups
    - storage_utils: use _exit() instead of exit() in child process
    - parse: cleanups
    - dlog: inherit dlog fds
    - spelling: allocate
    - spelling: ambiguous
    - spelling: answer
    - spelling: architecture
    - spelling: array
    - spelling: asynchronous
    - spelling: backingstorage
    - spelling: capabilities
    - spelling: character
    - spelling: checkpoint
    - spelling: comma
    - spelling: command
    - spelling: committer
    - spelling: configuration
    - spelling: constant
    - spelling: container
    - spelling: control
    - spelling: convenience
    - spelling: could
    - spelling: describing
    - spelling: device
    - spelling: exiting
    - spelling: explicitly
    - spelling: feature
    - spelling: github
    - spelling: hierarchy
    - spelling: hoops
    - spelling: ifindices
    - spelling: implementations
    - spelling: inherited
    - spelling: initialize
    - spelling: javascript
    - spelling: keepdata
    - spelling: libraries
    - spelling: loglevel
    - spelling: namespace
    - spelling: otherwise
    - spelling: output
    - spelling: overlayfs
    - spelling: overridden
    - spelling: override
    - spelling: passphrase
    - spelling: perhaps
    - spelling: pertains
    - spelling: portion
    - spelling: potentially
    - spelling: returns
    - spelling: root
    - spelling: securityfs
    - spelling: snapshotting
    - spelling: specified
    - spelling: specify
    - spelling: subtracting
    - spelling: successfully
    - spelling: syscall
    - spelling: timeout
    - spelling: unsigned
    - spelling: userns
    - spelling: without
    - lxcmntent: coding rules
    - string_utils: coding rules
    - log: fix too wide or inconsistent non-owner permissions
    - coverity: move to separate branch
    - include: correctly include macro.h
    - Fix spacing error in namespace.c
    - caps: replace read with lxc_read_nointr
    - log: replace write with lxc_write_nointr
    - dlog: move match_dlog_fds()
    - conf: s/ty/tty/g
    - pam_cgfs: remove redundancy file utils
    - cgfs: remove redundancy utils
    - pam_cgfs: remove dependency from cap & log
    - utils: fix coding styles
    - utils: add errno logs for exception case
    - Adds -qq flags to lvcreate commands
    - utils: make keyring allocation failure non-fatal
    - autotools: fix lxc-{create,copy} build
    - cgfsng: remove freezer requirement
    - start: don't call cgroup_exit() twice

  * Bump standards to 4.2.0
    - Update lintian overrides

 -- Stéphane Graber <email address hidden>  Thu, 22 Nov 2018 23:49:34 -0500

Available diffs

• diff from 3.0.2-0ubuntu1~18.04.1 to 3.0.3-0ubuntu1~18.04.1 (219.2 KiB)

lxc (3.0.3-0ubuntu1~18.10.1) cosmic; urgency=medium

  * New upstream bugfix release (LP: #1804755):
    - CONTRIBUTING: Update reference to kernel coding style
    - CONTRIBUTING: Link to latest online kernel docs
    - CONTRIBUTING: Direct readers to CODING_STYLE.md
    - CODING_STYLE: Mention kernel style in introduction
    - CONTRIBUTING: Add 'be' to fix grammar
    - CODING_STLYE: Simplify explanation for use of 'extern'
    - CODING_STLYE: Remove sections implied by 'kernel style'
    - CODING_STYLE: Fix non-uniform heading level
    - CODING_STYLE: Update section header format
    - cmd: Use parenthesis around complex macro
    - cmd: Use 'void' instead of empty parameter list
    - cmd: Do not use braces for single statement block
    - cmd: Fix whitespace issues
    - cmd: Use 'const' for static string constant.
    - cmd: Remove unnecessary whitespace in string
    - cmd: Put trailing */ on a separate line
    - cmd: Remove typo'd semicolon
    - cmd: Do not use comparison to NULL
    - lxc_init: s/SYSDEBUG()/SYSERROR()/g in remove_self
    - tools: lxc-attach: add default log priority & cleanups
    - tools: lxc-cgroup: add default log priority & cleanups
    - tools: lxc-checkpoint: add default log priority & cleanups
    - tools: lxc-console: add default log priority & cleanups
    - tools: lxc-create: add default log priority & cleanups
    - tools: lxc-destroy: add default log priority & cleanups
    - tools: lxc-device: add default log priority & cleanups
    - tools: lxc-execute: add default log priority & cleanups
    - tools: lxc-start: add default log priority & cleanups
    - tools: lxc-stop: add default log priority & cleanups
    - tools: lxc-freeze: add default log priority & cleanups
    - tools: lxc-unfreeze: add default log priority & cleanups
    - storage_utils: move duplicated function from tools
    - tools: fix lxc-execute command parsing
    - lseek - integer overflow
    - cmd: lxc-user-nic: change log macro & cleanups
    - cmd: lxc-usernsexec reorder includes
    - cmd: move declarations to macro.h
    - cmd: use utils.{c,h} helpers in lxc-usernsexec
    - cmd: simplify lxc-usernsexec
    - cmd: use safe number parsers in lxc-usernsexec
    - macro: add missing headers
    - macro: add macvlan properties
    - tools: Indicate container startup failure
    - storage: exit() => _exit(). when exec is failed
    - tools: lxc-wait: add default log priority & cleanups
    - conf: fix path/lxcpath mixups in tty setup
    - cmd: use goto for cleanup in lxc-usernsexec
    - cmd: Do not reassign variable before it is used
    - cmd: Reduce scope of 'count' variable
    - cmd: Fix format issues found by clang-format
    - list: fix indent
    - utils: split into {file,string}_utils.{c,h}
    - pam_cgfs: build from the same sources as liblxc
    - conf: fix devpts mounting when fully unprivileged
    - macro: s/rexit()/_exit()/g
    - attach: move struct declaration to top
    - macro: move macros from attach.c
    - Makefile: don't allow undefined symbols
    - autotools: check if compiler is new enough
    - log: handle strerror_r() versions
    - autotools: add --{disable,enable}-thread-safety
    - log: fail build on ENFORCE_THREAD_SAFETY error
    - {file,string}_utils: remove NO_LOG
    - initutils: remove useless comment
    - string_utils: remove unnecessary include
    - string_utils: remove unused headers
    - string_utils: add remove_trailing_slashes()
    - Makefile: remove last pam_cgfs special-casing
    - conf: add missing headers
    - Fix typo
    - ifaddrs: add safe implementation of getifaddrs()
    - Makefile: conditionalize ifaddrs.h inclusion
    - execute: skip lxc-init logging when unprivileged
    - execute: pass /proc/self/fd/<nr>
    - tests: cleanup get_item.c
    - build: fix musl
    - configure: reorder header checks
    - compiler: add compiler.h header
    - commands: return -1 on lxc_cmd_get_init_pid() err
    - tests: add basic.c
    - tests: cleanup Makefile
    - commands: ensure -1 is sent on EPIPE for init pid
    - macro: add LXC_AUDS_ADDR_LEN
    - macro: move LXC_CMD_DATA_MAX from commands.h
    - macro: add PTR_TO_INT() and INT_TO_PTR()
    - macro: add INTTYPE_TO_STRLEN()
    - caps: s/LXC_NUMSTRLEN64/INTTYPE_TO_STRLEN()/
    - cgfsng: s/LXC_NUMSTRLEN64/INTTYPE_TO_STRLEN()/
    - confile: s/LXC_NUMSTRLEN64/INTTYPE_TO_STRLEN()/
    - log: s/LXC_NUMSTRLEN64/INTTYPE_TO_STRLEN()/
    - lsm: s/LXC_NUMSTRLEN64/INTTYPE_TO_STRLEN()/
    - macro: s/LXC_NUMSTRLEN64/INTTYPE_TO_STRLEN()/
    - lxccontainer: s/LXC_NUMSTRLEN64/INTTYPE_TO_STRLEN()/
    - monitor: s/LXC_NUMSTRLEN64/INTTYPE_TO_STRLEN()/
    - network: s/LXC_NUMSTRLEN64/INTTYPE_TO_STRLEN()/
    - string_utils: s/LXC_NUMSTRLEN64/INTTYPE_TO_STRLEN()/
    - utils: s/LXC_NUMSTRLEN64/INTTYPE_TO_STRLEN()/
    - tools: s/LXC_NUMSTRLEN64/INTTYPE_TO_STRLEN()/
    - conf: s/LXC_NUMSTRLEN64/INTTYPE_TO_STRLEN()/
    - tests: s/LXC_NUMSTRLEN64/INTTYPE_TO_STRLEN()/
    - macro: final INTTYPE_TO_STRLEN() related cleanups
    - macro: coding style fixes
    - Makefile: correctly add ifaddrs to noinst_HEADERS
    - start: remove duplicate macros
    - caps: move macros to macro header
    - string_utils: use UINT64_MAX macro
    - tree-wide: use sizeof on static arrays
    - Revert "tree-wide: use sizeof on static arrays"
    - commands: pass around intmax_t
    - commands: assign before converting to pointer
    - macro: calculate buffer lengths correctly
    - Revert "Revert "tree-wide: use sizeof on static arrays""
    - macro: move MS_* macros
    - caps: fix illegal access to array bound
    - utils: defensive programming
    - nl: remove duplicated define
    - syntax error: mismatch brace
    - commands: better error message
    - file_utils: add lxc_recv_nointr()
    - commands: switch to setting errno and returning -1
    - log: do not clobber errno
    - log: save errno on strerror_r()
    - tree-wide: s/recv()/lxc_recv_nointr()/g
    - file_utils: add lxc_send_nointr()
    - tree-wide: s/send()/lxc_send_nointr()/g
    - nl: save errno on lxc_netns_set_nsid()
    - log: log_append_logfile() add new error path
    - lxccontainer: fix dereferenced pointer
    - lxc: fix build with --disable-werror
    - utils: improve get_ns_uid() and add get_ns_gid()
    - utils: improve lxc_switch_uid_gid()
    - log: support dlog
    - attach: handle id switching smarter
    - start: avoid unnecessary syscalls
    - utils: make lxc_setgroups() return bool
    - utils: make lxc_switch_uid_gid() return bool
    - lxccontainer: use correct pid_t type
    - conf: remove extra MS_BIND with sysfs:mixed
    - network: use correct type in lxc_netns_set_nsid()
    - network: add lxc_netns_get_nsid()
    - remove unused variables
    - file_utils: remove unused function
    - network: minor tweaks
    - add compile flags for dlog
    - log: add common functions
    - log: add additional info of dlog
    - attach: don't shutdown ipc socket in child
    - security: fix too wide or inconsistent non-owner permissions
    - attach: report standard shell exit codes
    - af_unix: add function to remove duplicated codes for set sockaddr
    - lxccontainer: remove locks from set_cgroup_item()
    - lxccontainer: remove locks from get_cgroup_item()
    - apparmor: account for specified rootfs path (closes #2617)
    - conf: realpath() uses null as second parameter to prevent buffer overflow
    - start: s/backgrounded/daemonize/g
    - cgfsng: mark ops with \_\_cgfsng_ops\_\_ attribute
    - autotools: add -Wimplicit-fallthrough
    - cgroup: rename container specific cgroup functions
    - cgroups: s/fullcgpath/container_full_path/g
    - cgroups: add missing string.h include
    - cgroups: s/base_cgroup/container_base_path/g
    - autotools: fix wrong AX_CHECK_COMPILE_FLAG test
    - compiler: s/\_\_fallthrough\_\_/\_\_fallthrough/g
    - compiler: s/\_\_noreturn\_\_/\_\_noreturn/g
    - cgfsng: s/\_\_cgfsng_ops\_\_/\_\_cgfsng_ops/g
    - macro: add STRLITERALLEN() and STRARRAYLEN()
    - tree-wide: replace sizeof() with SIZEOF2STRLEN()
    - compiler: \_\_attribute\_\_((noreturn)) on bionic
    - autotools: support -Wcast-align
    - autotools: support -Wstrict-prototypes
    - network: add netns_getifaddrs() implementation
    - tree_wide: switch to netns_getifaddrs()
    - netns_ifaddrs: mark casts as safe
    - autotools: fix lxc_user_nic build
    - stop: Only freeze if freezer is available
    - doc: tweak documentation a little
    - cgfsng: set errno to ENOENT on get_hierarchy()
    - cgfsng: s/cgfsng_destroy/cgfsng_payload_destroy/g
    - cgfsng: s/25/INTTYPE_TO_STRLEN(pid_t)/g
    - compiler: fix \_\_noreturn on bionic
    - compiler: add \_\_hot attribute
    - netns_ifaddrs: fix missing include
    - autools: prevent dlog build on stable branch
    - tree-wide: fix includes to fix bionic builds
    - template: oci template supports for char user info
    - btrfs: fix btrfs containers
    - oci-template: Add logic for no /etc/passwd, group
    - configure: fix -Wimplicit-fallthrough check
    - utils: add lxc_setup_keyring()
    - autotools: support -z relro and -z now
    - netns_ifaddrs: handle IFLA_STATS{64} correctly
    - syscall_wrappers: add pivot_root()
    - raw_syscalls: add lxc_raw_execveat()
    - raw_syscalls: add lxc_raw_clone{_cb}()
    - raw_syscalls: add lxc_raw_getpid()
    - autotools: fix lxc init build
    - autotools: fix lxc-monitord build
    - autotools: fix lxc-user-nic build
    - autotools: fix lxc-usernsexec build
    - tests: add missing build dependencies
    - netns_ifaddrs: only use struct rtnl_link_stats64
    - cgroups: remove unnecessary line
    - netns_iaddrs: remove unused functions
    - parse: prefault config file with MAP_POPULATE
    - cgfsng: avoid tiny race window
    - utils: fix lxc_set_death_signal()
    - cgfsng: handle v1 cpuset hierarchy first
    - syscall_wrappers: move memfd_create()
    - syscall_wrappers: move setns()
    - syscall_wrappers: move sethostname()
    - syscall_wrappers: move unshare()
    - syscall_wrappers: move signalfd()
    - raw_syscalls: move lxc_raw_gettid()
    - tools: lxc-start: remove unused argument
    - tools: lxc-unshare: remove unnecessary initialization
    - parse: remove access() check
    - parse: report errors when failing config parsing
    - macro: add PATH_MAX
    - cmd: s/MAXPATHLEN/PATH_MAX/g
    - conf: s/MAXPATHLEN/PATH_MAX/g
    - confile: s/MAXPATHLEN/PATH_MAX/g
    - log: s/MAXPATHLEN/PATH_MAX/g
    - lxccontainer: s/MAXPATHLEN/PATH_MAX/g
    - macro: s/MAXPATHLEN/PATH_MAX/g
    - network: s/MAXPATHLEN/PATH_MAX/g
    - pam: s/MAXPATHLEN/PATH_MAX/g
    - start: s/MAXPATHLEN/PATH_MAX/g
    - terminal: s/MAXPATHLEN/PATH_MAX/g
    - utils: s/MAXPATHLEN/PATH_MAX/g
    - storage: s/MAXPATHLEN/PATH_MAX/g
    - tools: s/MAXPATHLEN/PATH_MAX/g
    - attach: reset signal mask
    - start: change log level
    - file_utils: fix too wide or inconsistent non-owner permissions
    - attach: fix missing pthread.h include
    - macro: add NETLINK_DUMP_STRICT_CHK
    - macro: add SOL_NETLINK
    - netns_ifaddrs: check for NETLINK_DUMP_STRICT_CHK
    - parse: do not mask failed parse
    - test: test invalid config keys
    - confile: remove unused variable
    - parse: fix uninitialized pointer access
    - fix rpm packaging error for static library
    - fix post section script error for rpm install
    - conf: log prlimit setup
    - conf: verify_start_hooks() after lxc.mount.entry
    - checkpoint: fix running do_dump()
    - monitor: log cleanups
    - monitor: checking name too long to make monitor sock name
    - commands_utils: improve code redundancy to make abstract unix socket name
    - monitor: fix coding standard
    - autools: use -fno-strict-aliasing
    - checkconfig: Handle missing kernel version
    - lxc-init: log to /dev/console
    - autotools: fix --disable-commands builds
    - string_utils: fix global buffer overflow issue
    - include: simplify strlcpy()
    - raw_syscalls: ensure function always returns value
    - confile: fix append_unexp_config_line()
    - parse: protect against config updates during parse
    - parse: fix uninitialized value
    - tree-wide: coding style fixes
    - start: simplify
    - autotools: compiler based hardening
    - coverity: update .travis.yml
    - coverity: update .travis.yml
    - coverity: update .travis.yml
    - coverity: update .travis.yml
    - coverity: update .travis.yml
    - confile: do not overwrite global variable
    - commands: simplify
    - cgfsng: move increment out of branch
    - monitord: do not hide global variable
    - tools/lxc_copy: do not hide global variable
    - tools/lxc_top: do not hide global variable
    - tools/lxc_info: do not hide global variable
    - state: remove tautological check
    - conf: remove tautological check
    - conf: use O_CLOEXEC in lxc_pivot_root()
    - conf: remove tautological check
    - lxccontainer: remove check from goto target
    - start: prevent values smaller 0
    - tools/lxc_stop: use correct check
    - cmd/lxc_init: do not hide global variable
    - coverity: #1440391
    - coverity: #1440389
    - coverity: #1426130
    - storage_utils: add error handling
    - storage_utils: cleanups
    - storage_utils: use _exit() instead of exit() in child process
    - parse: cleanups
    - dlog: inherit dlog fds
    - spelling: allocate
    - spelling: ambiguous
    - spelling: answer
    - spelling: architecture
    - spelling: array
    - spelling: asynchronous
    - spelling: backingstorage
    - spelling: capabilities
    - spelling: character
    - spelling: checkpoint
    - spelling: comma
    - spelling: command
    - spelling: committer
    - spelling: configuration
    - spelling: constant
    - spelling: container
    - spelling: control
    - spelling: convenience
    - spelling: could
    - spelling: describing
    - spelling: device
    - spelling: exiting
    - spelling: explicitly
    - spelling: feature
    - spelling: github
    - spelling: hierarchy
    - spelling: hoops
    - spelling: ifindices
    - spelling: implementations
    - spelling: inherited
    - spelling: initialize
    - spelling: javascript
    - spelling: keepdata
    - spelling: libraries
    - spelling: loglevel
    - spelling: namespace
    - spelling: otherwise
    - spelling: output
    - spelling: overlayfs
    - spelling: overridden
    - spelling: override
    - spelling: passphrase
    - spelling: perhaps
    - spelling: pertains
    - spelling: portion
    - spelling: potentially
    - spelling: returns
    - spelling: root
    - spelling: securityfs
    - spelling: snapshotting
    - spelling: specified
    - spelling: specify
    - spelling: subtracting
    - spelling: successfully
    - spelling: syscall
    - spelling: timeout
    - spelling: unsigned
    - spelling: userns
    - spelling: without
    - lxcmntent: coding rules
    - string_utils: coding rules
    - log: fix too wide or inconsistent non-owner permissions
    - coverity: move to separate branch
    - include: correctly include macro.h
    - Fix spacing error in namespace.c
    - caps: replace read with lxc_read_nointr
    - log: replace write with lxc_write_nointr
    - dlog: move match_dlog_fds()
    - conf: s/ty/tty/g
    - pam_cgfs: remove redundancy file utils
    - cgfs: remove redundancy utils
    - pam_cgfs: remove dependency from cap & log
    - utils: fix coding styles
    - utils: add errno logs for exception case
    - Adds -qq flags to lvcreate commands
    - utils: make keyring allocation failure non-fatal
    - autotools: fix lxc-{create,copy} build
    - cgfsng: remove freezer requirement
    - start: don't call cgroup_exit() twice

  * Bump standards to 4.2.0
    - Update lintian overrides

 -- Stéphane Graber <email address hidden>  Thu, 22 Nov 2018 23:49:34 -0500

Available diffs

• diff from 3.0.2-0ubuntu4 to 3.0.3-0ubuntu1~18.10.1 (219.1 KiB)

lxc (3.0.3-0ubuntu1) disco; urgency=medium

  * New upstream bugfix release (LP: #1804755):
    - CONTRIBUTING: Update reference to kernel coding style
    - CONTRIBUTING: Link to latest online kernel docs
    - CONTRIBUTING: Direct readers to CODING_STYLE.md
    - CODING_STYLE: Mention kernel style in introduction
    - CONTRIBUTING: Add 'be' to fix grammar
    - CODING_STLYE: Simplify explanation for use of 'extern'
    - CODING_STLYE: Remove sections implied by 'kernel style'
    - CODING_STYLE: Fix non-uniform heading level
    - CODING_STYLE: Update section header format
    - cmd: Use parenthesis around complex macro
    - cmd: Use 'void' instead of empty parameter list
    - cmd: Do not use braces for single statement block
    - cmd: Fix whitespace issues
    - cmd: Use 'const' for static string constant.
    - cmd: Remove unnecessary whitespace in string
    - cmd: Put trailing */ on a separate line
    - cmd: Remove typo'd semicolon
    - cmd: Do not use comparison to NULL
    - lxc_init: s/SYSDEBUG()/SYSERROR()/g in remove_self
    - tools: lxc-attach: add default log priority & cleanups
    - tools: lxc-cgroup: add default log priority & cleanups
    - tools: lxc-checkpoint: add default log priority & cleanups
    - tools: lxc-console: add default log priority & cleanups
    - tools: lxc-create: add default log priority & cleanups
    - tools: lxc-destroy: add default log priority & cleanups
    - tools: lxc-device: add default log priority & cleanups
    - tools: lxc-execute: add default log priority & cleanups
    - tools: lxc-start: add default log priority & cleanups
    - tools: lxc-stop: add default log priority & cleanups
    - tools: lxc-freeze: add default log priority & cleanups
    - tools: lxc-unfreeze: add default log priority & cleanups
    - storage_utils: move duplicated function from tools
    - tools: fix lxc-execute command parsing
    - lseek - integer overflow
    - cmd: lxc-user-nic: change log macro & cleanups
    - cmd: lxc-usernsexec reorder includes
    - cmd: move declarations to macro.h
    - cmd: use utils.{c,h} helpers in lxc-usernsexec
    - cmd: simplify lxc-usernsexec
    - cmd: use safe number parsers in lxc-usernsexec
    - macro: add missing headers
    - macro: add macvlan properties
    - tools: Indicate container startup failure
    - storage: exit() => _exit(). when exec is failed
    - tools: lxc-wait: add default log priority & cleanups
    - conf: fix path/lxcpath mixups in tty setup
    - cmd: use goto for cleanup in lxc-usernsexec
    - cmd: Do not reassign variable before it is used
    - cmd: Reduce scope of 'count' variable
    - cmd: Fix format issues found by clang-format
    - list: fix indent
    - utils: split into {file,string}_utils.{c,h}
    - pam_cgfs: build from the same sources as liblxc
    - conf: fix devpts mounting when fully unprivileged
    - macro: s/rexit()/_exit()/g
    - attach: move struct declaration to top
    - macro: move macros from attach.c
    - Makefile: don't allow undefined symbols
    - autotools: check if compiler is new enough
    - log: handle strerror_r() versions
    - autotools: add --{disable,enable}-thread-safety
    - log: fail build on ENFORCE_THREAD_SAFETY error
    - {file,string}_utils: remove NO_LOG
    - initutils: remove useless comment
    - string_utils: remove unnecessary include
    - string_utils: remove unused headers
    - string_utils: add remove_trailing_slashes()
    - Makefile: remove last pam_cgfs special-casing
    - conf: add missing headers
    - Fix typo
    - ifaddrs: add safe implementation of getifaddrs()
    - Makefile: conditionalize ifaddrs.h inclusion
    - execute: skip lxc-init logging when unprivileged
    - execute: pass /proc/self/fd/<nr>
    - tests: cleanup get_item.c
    - build: fix musl
    - configure: reorder header checks
    - compiler: add compiler.h header
    - commands: return -1 on lxc_cmd_get_init_pid() err
    - tests: add basic.c
    - tests: cleanup Makefile
    - commands: ensure -1 is sent on EPIPE for init pid
    - macro: add LXC_AUDS_ADDR_LEN
    - macro: move LXC_CMD_DATA_MAX from commands.h
    - macro: add PTR_TO_INT() and INT_TO_PTR()
    - macro: add INTTYPE_TO_STRLEN()
    - caps: s/LXC_NUMSTRLEN64/INTTYPE_TO_STRLEN()/
    - cgfsng: s/LXC_NUMSTRLEN64/INTTYPE_TO_STRLEN()/
    - confile: s/LXC_NUMSTRLEN64/INTTYPE_TO_STRLEN()/
    - log: s/LXC_NUMSTRLEN64/INTTYPE_TO_STRLEN()/
    - lsm: s/LXC_NUMSTRLEN64/INTTYPE_TO_STRLEN()/
    - macro: s/LXC_NUMSTRLEN64/INTTYPE_TO_STRLEN()/
    - lxccontainer: s/LXC_NUMSTRLEN64/INTTYPE_TO_STRLEN()/
    - monitor: s/LXC_NUMSTRLEN64/INTTYPE_TO_STRLEN()/
    - network: s/LXC_NUMSTRLEN64/INTTYPE_TO_STRLEN()/
    - string_utils: s/LXC_NUMSTRLEN64/INTTYPE_TO_STRLEN()/
    - utils: s/LXC_NUMSTRLEN64/INTTYPE_TO_STRLEN()/
    - tools: s/LXC_NUMSTRLEN64/INTTYPE_TO_STRLEN()/
    - conf: s/LXC_NUMSTRLEN64/INTTYPE_TO_STRLEN()/
    - tests: s/LXC_NUMSTRLEN64/INTTYPE_TO_STRLEN()/
    - macro: final INTTYPE_TO_STRLEN() related cleanups
    - macro: coding style fixes
    - Makefile: correctly add ifaddrs to noinst_HEADERS
    - start: remove duplicate macros
    - caps: move macros to macro header
    - string_utils: use UINT64_MAX macro
    - tree-wide: use sizeof on static arrays
    - Revert "tree-wide: use sizeof on static arrays"
    - commands: pass around intmax_t
    - commands: assign before converting to pointer
    - macro: calculate buffer lengths correctly
    - Revert "Revert "tree-wide: use sizeof on static arrays""
    - macro: move MS_* macros
    - caps: fix illegal access to array bound
    - utils: defensive programming
    - nl: remove duplicated define
    - syntax error: mismatch brace
    - commands: better error message
    - file_utils: add lxc_recv_nointr()
    - commands: switch to setting errno and returning -1
    - log: do not clobber errno
    - log: save errno on strerror_r()
    - tree-wide: s/recv()/lxc_recv_nointr()/g
    - file_utils: add lxc_send_nointr()
    - tree-wide: s/send()/lxc_send_nointr()/g
    - nl: save errno on lxc_netns_set_nsid()
    - log: log_append_logfile() add new error path
    - lxccontainer: fix dereferenced pointer
    - lxc: fix build with --disable-werror
    - utils: improve get_ns_uid() and add get_ns_gid()
    - utils: improve lxc_switch_uid_gid()
    - log: support dlog
    - attach: handle id switching smarter
    - start: avoid unnecessary syscalls
    - utils: make lxc_setgroups() return bool
    - utils: make lxc_switch_uid_gid() return bool
    - lxccontainer: use correct pid_t type
    - conf: remove extra MS_BIND with sysfs:mixed
    - network: use correct type in lxc_netns_set_nsid()
    - network: add lxc_netns_get_nsid()
    - remove unused variables
    - file_utils: remove unused function
    - network: minor tweaks
    - add compile flags for dlog
    - log: add common functions
    - log: add additional info of dlog
    - attach: don't shutdown ipc socket in child
    - security: fix too wide or inconsistent non-owner permissions
    - attach: report standard shell exit codes
    - af_unix: add function to remove duplicated codes for set sockaddr
    - lxccontainer: remove locks from set_cgroup_item()
    - lxccontainer: remove locks from get_cgroup_item()
    - apparmor: account for specified rootfs path (closes #2617)
    - conf: realpath() uses null as second parameter to prevent buffer overflow
    - start: s/backgrounded/daemonize/g
    - cgfsng: mark ops with \_\_cgfsng_ops\_\_ attribute
    - autotools: add -Wimplicit-fallthrough
    - cgroup: rename container specific cgroup functions
    - cgroups: s/fullcgpath/container_full_path/g
    - cgroups: add missing string.h include
    - cgroups: s/base_cgroup/container_base_path/g
    - autotools: fix wrong AX_CHECK_COMPILE_FLAG test
    - compiler: s/\_\_fallthrough\_\_/\_\_fallthrough/g
    - compiler: s/\_\_noreturn\_\_/\_\_noreturn/g
    - cgfsng: s/\_\_cgfsng_ops\_\_/\_\_cgfsng_ops/g
    - macro: add STRLITERALLEN() and STRARRAYLEN()
    - tree-wide: replace sizeof() with SIZEOF2STRLEN()
    - compiler: \_\_attribute\_\_((noreturn)) on bionic
    - autotools: support -Wcast-align
    - autotools: support -Wstrict-prototypes
    - network: add netns_getifaddrs() implementation
    - tree_wide: switch to netns_getifaddrs()
    - netns_ifaddrs: mark casts as safe
    - autotools: fix lxc_user_nic build
    - stop: Only freeze if freezer is available
    - doc: tweak documentation a little
    - cgfsng: set errno to ENOENT on get_hierarchy()
    - cgfsng: s/cgfsng_destroy/cgfsng_payload_destroy/g
    - cgfsng: s/25/INTTYPE_TO_STRLEN(pid_t)/g
    - compiler: fix \_\_noreturn on bionic
    - compiler: add \_\_hot attribute
    - netns_ifaddrs: fix missing include
    - autools: prevent dlog build on stable branch
    - tree-wide: fix includes to fix bionic builds
    - template: oci template supports for char user info
    - btrfs: fix btrfs containers
    - oci-template: Add logic for no /etc/passwd, group
    - configure: fix -Wimplicit-fallthrough check
    - utils: add lxc_setup_keyring()
    - autotools: support -z relro and -z now
    - netns_ifaddrs: handle IFLA_STATS{64} correctly
    - syscall_wrappers: add pivot_root()
    - raw_syscalls: add lxc_raw_execveat()
    - raw_syscalls: add lxc_raw_clone{_cb}()
    - raw_syscalls: add lxc_raw_getpid()
    - autotools: fix lxc init build
    - autotools: fix lxc-monitord build
    - autotools: fix lxc-user-nic build
    - autotools: fix lxc-usernsexec build
    - tests: add missing build dependencies
    - netns_ifaddrs: only use struct rtnl_link_stats64
    - cgroups: remove unnecessary line
    - netns_iaddrs: remove unused functions
    - parse: prefault config file with MAP_POPULATE
    - cgfsng: avoid tiny race window
    - utils: fix lxc_set_death_signal()
    - cgfsng: handle v1 cpuset hierarchy first
    - syscall_wrappers: move memfd_create()
    - syscall_wrappers: move setns()
    - syscall_wrappers: move sethostname()
    - syscall_wrappers: move unshare()
    - syscall_wrappers: move signalfd()
    - raw_syscalls: move lxc_raw_gettid()
    - tools: lxc-start: remove unused argument
    - tools: lxc-unshare: remove unnecessary initialization
    - parse: remove access() check
    - parse: report errors when failing config parsing
    - macro: add PATH_MAX
    - cmd: s/MAXPATHLEN/PATH_MAX/g
    - conf: s/MAXPATHLEN/PATH_MAX/g
    - confile: s/MAXPATHLEN/PATH_MAX/g
    - log: s/MAXPATHLEN/PATH_MAX/g
    - lxccontainer: s/MAXPATHLEN/PATH_MAX/g
    - macro: s/MAXPATHLEN/PATH_MAX/g
    - network: s/MAXPATHLEN/PATH_MAX/g
    - pam: s/MAXPATHLEN/PATH_MAX/g
    - start: s/MAXPATHLEN/PATH_MAX/g
    - terminal: s/MAXPATHLEN/PATH_MAX/g
    - utils: s/MAXPATHLEN/PATH_MAX/g
    - storage: s/MAXPATHLEN/PATH_MAX/g
    - tools: s/MAXPATHLEN/PATH_MAX/g
    - attach: reset signal mask
    - start: change log level
    - file_utils: fix too wide or inconsistent non-owner permissions
    - attach: fix missing pthread.h include
    - macro: add NETLINK_DUMP_STRICT_CHK
    - macro: add SOL_NETLINK
    - netns_ifaddrs: check for NETLINK_DUMP_STRICT_CHK
    - parse: do not mask failed parse
    - test: test invalid config keys
    - confile: remove unused variable
    - parse: fix uninitialized pointer access
    - fix rpm packaging error for static library
    - fix post section script error for rpm install
    - conf: log prlimit setup
    - conf: verify_start_hooks() after lxc.mount.entry
    - checkpoint: fix running do_dump()
    - monitor: log cleanups
    - monitor: checking name too long to make monitor sock name
    - commands_utils: improve code redundancy to make abstract unix socket name
    - monitor: fix coding standard
    - autools: use -fno-strict-aliasing
    - checkconfig: Handle missing kernel version
    - lxc-init: log to /dev/console
    - autotools: fix --disable-commands builds
    - string_utils: fix global buffer overflow issue
    - include: simplify strlcpy()
    - raw_syscalls: ensure function always returns value
    - confile: fix append_unexp_config_line()
    - parse: protect against config updates during parse
    - parse: fix uninitialized value
    - tree-wide: coding style fixes
    - start: simplify
    - autotools: compiler based hardening
    - coverity: update .travis.yml
    - coverity: update .travis.yml
    - coverity: update .travis.yml
    - coverity: update .travis.yml
    - coverity: update .travis.yml
    - confile: do not overwrite global variable
    - commands: simplify
    - cgfsng: move increment out of branch
    - monitord: do not hide global variable
    - tools/lxc_copy: do not hide global variable
    - tools/lxc_top: do not hide global variable
    - tools/lxc_info: do not hide global variable
    - state: remove tautological check
    - conf: remove tautological check
    - conf: use O_CLOEXEC in lxc_pivot_root()
    - conf: remove tautological check
    - lxccontainer: remove check from goto target
    - start: prevent values smaller 0
    - tools/lxc_stop: use correct check
    - cmd/lxc_init: do not hide global variable
    - coverity: #1440391
    - coverity: #1440389
    - coverity: #1426130
    - storage_utils: add error handling
    - storage_utils: cleanups
    - storage_utils: use _exit() instead of exit() in child process
    - parse: cleanups
    - dlog: inherit dlog fds
    - spelling: allocate
    - spelling: ambiguous
    - spelling: answer
    - spelling: architecture
    - spelling: array
    - spelling: asynchronous
    - spelling: backingstorage
    - spelling: capabilities
    - spelling: character
    - spelling: checkpoint
    - spelling: comma
    - spelling: command
    - spelling: committer
    - spelling: configuration
    - spelling: constant
    - spelling: container
    - spelling: control
    - spelling: convenience
    - spelling: could
    - spelling: describing
    - spelling: device
    - spelling: exiting
    - spelling: explicitly
    - spelling: feature
    - spelling: github
    - spelling: hierarchy
    - spelling: hoops
    - spelling: ifindices
    - spelling: implementations
    - spelling: inherited
    - spelling: initialize
    - spelling: javascript
    - spelling: keepdata
    - spelling: libraries
    - spelling: loglevel
    - spelling: namespace
    - spelling: otherwise
    - spelling: output
    - spelling: overlayfs
    - spelling: overridden
    - spelling: override
    - spelling: passphrase
    - spelling: perhaps
    - spelling: pertains
    - spelling: portion
    - spelling: potentially
    - spelling: returns
    - spelling: root
    - spelling: securityfs
    - spelling: snapshotting
    - spelling: specified
    - spelling: specify
    - spelling: subtracting
    - spelling: successfully
    - spelling: syscall
    - spelling: timeout
    - spelling: unsigned
    - spelling: userns
    - spelling: without
    - lxcmntent: coding rules
    - string_utils: coding rules
    - log: fix too wide or inconsistent non-owner permissions
    - coverity: move to separate branch
    - include: correctly include macro.h
    - Fix spacing error in namespace.c
    - caps: replace read with lxc_read_nointr
    - log: replace write with lxc_write_nointr
    - dlog: move match_dlog_fds()
    - conf: s/ty/tty/g
    - pam_cgfs: remove redundancy file utils
    - cgfs: remove redundancy utils
    - pam_cgfs: remove dependency from cap & log
    - utils: fix coding styles
    - utils: add errno logs for exception case
    - Adds -qq flags to lvcreate commands
    - utils: make keyring allocation failure non-fatal
    - autotools: fix lxc-{create,copy} build
    - cgfsng: remove freezer requirement
    - start: don't call cgroup_exit() twice

  * Bump standards to 4.2.0
    - Update lintian overrides

 -- Stéphane Graber <email address hidden>  Thu, 22 Nov 2018 23:49:34 -0500

Available diffs

• diff from 3.0.2-0ubuntu4 to 3.0.3-0ubuntu1 (219.1 KiB)

lxc (3.0.2-0ubuntu4~16.04.1) xenial-backports; urgency=medium

  * Backport to Xenial.

 -- Stéphane Graber <email address hidden>  Wed, 07 Nov 2018 18:38:06 -0500

Available diffs

• diff from 3.0.1-0ubuntu1~16.04.2 (in ~ubuntu-lxc-security/ubuntu/devirt-security-backports) to 3.0.2-0ubuntu4~16.04.1 (199.3 KiB)

lxc (3.0.2-0ubuntu1~18.04.1) bionic; urgency=medium

  * New upstream bugfix release (LP: #1788457):
    - CVE 2018-6556: verify netns fd in lxc-user-nic
    - fixed a range of bugs found by Coverity
    - lxc-usernsexec: cleanup and bugfixes
    - log: add CMD_SYSINFO()
    - log: add CMD_SYSERROR()
    - state: s/sleep()/nanosleep()/
    - lxclock: improve file locking
    - lxccontainer: improve file locking
    - lxccontainer: fix F_OFD_GETLK checks
    - netlink: add __netlink_{send,recv,transaction}
    - netns: allocate network namespace id
    - MAINTAINERS: add Wolfgang Bumiller
    - pam_cgfs: cleanups
    - log: add default log priority
    - tree-wide: pass unsigned long to prctl()
    - macro: add new macro header
    - conf: mount devpts without “max” on EINVAL
    - tree-wide: handle EINTR in read() and write()
    - tree-wide: replace pipe() with pipe2()
    - confile: split mount options into flags and data
    - conf: improve rootfs setup
    - autotools: default to -Wvla -std=gnu11
    - tree-wide: remove VLAs
    - tree-wide: replace strtok_r() with lxc_iterate_parts()
    - utils: add lxc_iterate_parts()
    - apparmor: allow start-container to change to lxc-**
    - apparmor: update current profiles
    - apparmor: Allow /usr/lib* paths for mount and pivot_root
    - conf: the atime flags are locked in userns
    - conf: handle partially functional device nodes
    - conf: create /dev directory
    - autotools: build both a shared and static liblxc
    - namespace: add api to convert namespaces to standard identifiers
    - tree-wide: set MSG_NOSIGNAL
    - tree-wide: use mknod() to create dummy files
    - cgfsng: respect lxc.cgroup.use
    - cgroups: remove is_crucial_cgroup_subsystem()
    - tree-wide: remove unneeded log prefixes
    - tests: cleanup all tests
    - terminal: set FD_CLOEXEC on pty file descriptors
    - conf: simplify lxc_setup_dev_console()
    - tools: rework tools
    - autodev: adapt to changes in Linux 4.18
    - log: change DEBUG, INFO, TRACE, NOTICE macro using strerror to SYS* macro
    - log: add lxc_log_strerror_r macro
    - network: unpriv lxc will run lxc.net.[i].script.up now
    - conf: only use newuidmap and newgidmap when necessary
    - autotools: support tls in cross-compile

  * Cherry-pick upstream fixes:
    - 0002-tools-fix-lxc-execute-command-parsing.patch
    - 0003-lseek-integer-overflow.patch
    - 0004-cmd-lxc-usernsexec-reorder-includes.patch
    - 0005-cmd-move-declarations-to-macro.h.patch
    - 0006-cmd-use-utils.-c-h-helpers-in-lxc-usernsexec.patch
    - 0007-cmd-simplify-lxc-usernsexec.patch
    - 0008-cmd-use-safe-number-parsers-in-lxc-usernsexec.patch
    - 0009-tools-Indicate-container-startup-failure.patch
    - 0010-conf-fix-path-lxcpath-mixups-in-tty-setup.patch
    - 0011-cmd-use-goto-for-cleanup-in-lxc-usernsexec.patch
    - 0012-utils-split-into-file-string-_utils.-c-h.patch
    - 0013-pam_cgfs-build-from-the-same-sources-as-liblxc.patch
    - 0014-conf-fix-devpts-mounting-when-fully-unprivileged.patch
    - 0015-macro-s-rexit-_exit-g.patch
    - 0016-Makefile-don-t-allow-undefined-symbols.patch
    - 0017-autotools-check-if-compiler-is-new-enough.patch
    - 0018-log-handle-strerror_r-versions.patch
    - 0019-autotools-add-disable-enable-thread-safety.patch
    - 0020-log-fail-build-on-ENFORCE_THREAD_SAFETY-error.patch
    - 0021-macro-add-missing-headers.patch
    - 0022-execute-skip-lxc-init-logging-when-unprivileged.patch
    - 0023-execute-pass-proc-self-fd-nr.patch
    - 0024-commands-return-1-on-lxc_cmd_get_init_pid-err.patch

  * Bump standards to 4.2.0
    - Update lintian overrides
  * Include new .a file into liblxc-dev
  * Override GPG keyserver in autopkgtest
  * Run autoreconf during autopkgtest

 -- Stéphane Graber <email address hidden>  Mon, 10 Sep 2018 14:43:52 -0400

Available diffs

• diff from 3.0.1-0ubuntu1~18.04.2 (in ~ubuntu-lxc-security/ubuntu/devirt-security1) to 3.0.2-0ubuntu1~18.04.1 (199.0 KiB)
• diff from 3.0.1-0ubuntu1~18.04.1 to 3.0.2-0ubuntu1~18.04.1 (197.7 KiB)

lxc (3.0.2-0ubuntu4) cosmic; urgency=medium

  * Cherry-pick upstream fixes:
    - 0024-commands-return-1-on-lxc_cmd_get_init_pid-err.patch

 -- Stéphane Graber <email address hidden>  Sat, 25 Aug 2018 00:49:17 -0400

Available diffs

• diff from 3.0.1-0ubuntu2 (in ~ubuntu-lxc-security/ubuntu/devirt-security1) to 3.0.2-0ubuntu4 (199.1 KiB)
• diff from 3.0.2-0ubuntu3 to 3.0.2-0ubuntu4 (1.2 KiB)

lxc (3.0.2-0ubuntu3) cosmic; urgency=medium

  * Run autoreconf during autopkgtest.

 -- Stéphane Graber <email address hidden>  Fri, 24 Aug 2018 15:24:19 -0400

Available diffs

• diff from 3.0.2-0ubuntu2 to 3.0.2-0ubuntu3 (649 bytes)

lxc (3.0.2-0ubuntu2) cosmic; urgency=medium

  * Cherry-pick upstream fixes:
    - 0022-execute-skip-lxc-init-logging-when-unprivileged.patch
    - 0023-execute-pass-proc-self-fd-nr.patch

 -- Stéphane Graber <email address hidden>  Thu, 23 Aug 2018 12:33:49 -0400

Available diffs

• diff from 3.0.2-0ubuntu1 to 3.0.2-0ubuntu2 (1.8 KiB)

lxc (3.0.2-0ubuntu1) cosmic; urgency=medium

  * New upstream bugfix release (LP: #1788457):
    - CVE 2018-6556: verify netns fd in lxc-user-nic
    - fixed a range of bugs found by Coverity
    - lxc-usernsexec: cleanup and bugfixes
    - log: add CMD_SYSINFO()
    - log: add CMD_SYSERROR()
    - state: s/sleep()/nanosleep()/
    - lxclock: improve file locking
    - lxccontainer: improve file locking
    - lxccontainer: fix F_OFD_GETLK checks
    - netlink: add __netlink_{send,recv,transaction}
    - netns: allocate network namespace id
    - MAINTAINERS: add Wolfgang Bumiller
    - pam_cgfs: cleanups
    - log: add default log priority
    - tree-wide: pass unsigned long to prctl()
    - macro: add new macro header
    - conf: mount devpts without “max” on EINVAL
    - tree-wide: handle EINTR in read() and write()
    - tree-wide: replace pipe() with pipe2()
    - confile: split mount options into flags and data
    - conf: improve rootfs setup
    - autotools: default to -Wvla -std=gnu11
    - tree-wide: remove VLAs
    - tree-wide: replace strtok_r() with lxc_iterate_parts()
    - utils: add lxc_iterate_parts()
    - apparmor: allow start-container to change to lxc-**
    - apparmor: update current profiles
    - apparmor: Allow /usr/lib* paths for mount and pivot_root
    - conf: the atime flags are locked in userns
    - conf: handle partially functional device nodes
    - conf: create /dev directory
    - autotools: build both a shared and static liblxc
    - namespace: add api to convert namespaces to standard identifiers
    - tree-wide: set MSG_NOSIGNAL
    - tree-wide: use mknod() to create dummy files
    - cgfsng: respect lxc.cgroup.use
    - cgroups: remove is_crucial_cgroup_subsystem()
    - tree-wide: remove unneeded log prefixes
    - tests: cleanup all tests
    - terminal: set FD_CLOEXEC on pty file descriptors
    - conf: simplify lxc_setup_dev_console()
    - tools: rework tools
    - autodev: adapt to changes in Linux 4.18
    - log: change DEBUG, INFO, TRACE, NOTICE macro using strerror to SYS* macro
    - log: add lxc_log_strerror_r macro
    - network: unpriv lxc will run lxc.net.[i].script.up now
    - conf: only use newuidmap and newgidmap when necessary
    - autotools: support tls in cross-compile

  * Cherry-pick upstream fixes:
    - 0002-tools-fix-lxc-execute-command-parsing.patch
    - 0003-lseek-integer-overflow.patch
    - 0004-cmd-lxc-usernsexec-reorder-includes.patch
    - 0005-cmd-move-declarations-to-macro.h.patch
    - 0006-cmd-use-utils.-c-h-helpers-in-lxc-usernsexec.patch
    - 0007-cmd-simplify-lxc-usernsexec.patch
    - 0008-cmd-use-safe-number-parsers-in-lxc-usernsexec.patch
    - 0009-tools-Indicate-container-startup-failure.patch
    - 0010-conf-fix-path-lxcpath-mixups-in-tty-setup.patch
    - 0011-cmd-use-goto-for-cleanup-in-lxc-usernsexec.patch
    - 0012-utils-split-into-file-string-_utils.-c-h.patch
    - 0013-pam_cgfs-build-from-the-same-sources-as-liblxc.patch
    - 0014-conf-fix-devpts-mounting-when-fully-unprivileged.patch
    - 0015-macro-s-rexit-_exit-g.patch
    - 0016-Makefile-don-t-allow-undefined-symbols.patch
    - 0017-autotools-check-if-compiler-is-new-enough.patch
    - 0018-log-handle-strerror_r-versions.patch
    - 0019-autotools-add-disable-enable-thread-safety.patch
    - 0020-log-fail-build-on-ENFORCE_THREAD_SAFETY-error.patch
    - 0021-macro-add-missing-headers.patch

  * Bump standards to 4.2.0
    - Update lintian overrides
  * Include new .a file into liblxc-dev
  * Override GPG keyserver in autopkgtest

 -- Stéphane Graber <email address hidden>  Wed, 22 Aug 2018 11:26:07 -0400

Available diffs

• diff from 3.0.1-0ubuntu1 to 3.0.2-0ubuntu1 (196.2 KiB)

lxc (3.0.1-0ubuntu2) cosmic; urgency=medium

  * SECURITY UPDATE: lxc-user-nic allows for open() of arbitrary paths
    (LP: #1783591)
    - Ensure that the provided path is a netns reference
    - CVE-2018-6556

 -- Stéphane Graber <email address hidden>  Wed, 01 Aug 2018 00:03:10 -0400

Available diffs

• diff from 3.0.1-0ubuntu1 (in Ubuntu) to 3.0.1-0ubuntu2 (2.0 KiB)

lxc (3.0.1-0ubuntu1~18.04.2) bionic-security; urgency=medium

  * SECURITY UPDATE: lxc-user-nic allows for open() of arbitrary paths
    (LP: #1783591)
    - Ensure that the provided path is a netns reference
    - CVE-2018-6556

 -- Stéphane Graber <email address hidden>  Wed, 01 Aug 2018 00:03:10 -0400

Available diffs

• diff from 3.0.1-0ubuntu1~18.04.1 (in Ubuntu) to 3.0.1-0ubuntu1~18.04.2 (2.0 KiB)
• diff from 3.0.0-0ubuntu2 (in Ubuntu) to 3.0.1-0ubuntu1~18.04.2 (71.1 KiB)

lxc (3.0.1-0ubuntu1~16.04.2) xenial-backports; urgency=medium

  * SECURITY UPDATE: lxc-user-nic allows for open() of arbitrary paths
    (LP: #1783591)
    - Ensure that the provided path is a netns reference
    - CVE-2018-6556

 -- Stéphane Graber <email address hidden>  Wed, 01 Aug 2018 00:03:10 -0400

Available diffs

• diff from 3.0.1-0ubuntu1~16.04.1 (in Ubuntu) to 3.0.1-0ubuntu1~16.04.2 (2.0 KiB)
• diff from 2.0.0-0ubuntu2 (in Ubuntu) to 3.0.1-0ubuntu1~16.04.2 (1.2 MiB)

lxc (3.0.1-0ubuntu1~16.04.1) xenial-backports; urgency=medium

  * Backport to Xenial.

 -- Stéphane Graber <email address hidden>  Thu, 28 Jun 2018 19:54:15 -0400

Available diffs

• diff from 2.0.0-0ubuntu2 to 3.0.1-0ubuntu1~16.04.1 (1.2 MiB)

lxc (3.0.1-0ubuntu1~18.04.1) bionic; urgency=medium

  * New upstream bugfix release (LP: #1775283):
    - tools: fix unitialized variable
    - storage: fix lvm fs uuid generation
    - lxc-oci: fix Cmd/Entrypoint parsing
    - lxc-oci: make umoci less verbose
    - lxclock: use thread-safe OFD fcntl() locks
    - locktests: fix test suite
    - conf: ensure umounts don’t propagate to host
    - doc: Tweak Japanese translation in lxc.container.conf(5)
    - fix signal sending in lxc.init
    - rootfs pinning: On NFS, make file hidden but don’t delete it
    - conf: fix temporary file creation
    - ringbuf: fix temporary file creation
    - Fix compilation with static libcap and shared gnutls
    - attach: always drop supplementary groups
    - lxc init: remove dead code
    - storage/rsync: free memory on error
    - tools/utils: free memory on error
    - lxc init: coding style
    - utils: define __NR_setns if missing on old glibcs
    - attach: try to always drop supplementary groups
    - conf: ret-try devpts mount without gid=5 on error
    - execute: fix app containers without root mapping
    - conf: fix net type checks in run_script_argv()
    - seccomp: handle arch inversion
    - seccomp: handle all errors
    - seccomp: cleanup compat architecture handling
    - seccomp: improve logging
    - tools: document -d/–daemonize for lxc-execute
    - seccomp: non-functional changes
    - seccomp: handle arch inversion II
    - lxc-oci: mkdir the download directory
    - do_lxcapi_create: set umask
    - lxc/tools/lxc_monitor: include missing <stddef.h>
    - pam-cgfs: ignore the system umask when creating the cgroup hierarchy
    - Also pass action scripts to CRIU on checkpointing
    - Fix the memory leak in cgfsng_attach
    - Fix memory leak in list_active_containers
    - Fix tool_utils.c build when HAVE_SETNS is unset
    - coverity: #1435210
    - coverity: #1435208
    - coverity: #1435207
    - coverity: #1435206
    - coverity: #1435205
    - coverity: #1435203
    - coverity: #1435200
    - coverity: #1435198
    - coverity: #1426734
    - lxccontainer: non-functional changes
    - lxccontainer: use thread-safe OFD locks
    - lxccontainer: non-functional changes
    - lxccontainer: do_lxcapi_is_running()
    - lxccontainer: do_lxcapi_freeze()
    - lxccontainer: do_lxcapi_unfreeze()
    - lxccontainer: non-functional changes
    - lxccontainer: use thread-safe open() + write()
    - lxccontainer: non-functional changes
    - lxccontainer: non-functional changes
    - lxccontainer: non-functional changes
    - coverity: #1435263
    - fix logic for execute log file
    - utils: add LXC_PROC_PID_FD_LEN
    - execute: use static buffer
    - execute: do not check inherited fds again
    - add some TRACE/ERROR reporting
    - execute: account for -o path option count
    - execute: set init_path when existing init is found
    - genl: remove
    - coverity: #1248104
    - coverity: #1248105
    - coverity: #1425744
    - utils: account for terminating \0 byte
    - confile: satisfy gcc-8
    - network: silence gcc-8
    - network: adhere to IFNAMSIZ limit
    - support case ignored suffix for sizes
    - utils: fix parse_byte_size_string() coding style
    - strlcpy: add strlcpy() implementation
    - tree-wide: s/strncpy()/strlcpy()/g
    - CODING_STYLE: add section about using strlcpy()
    - tools: s/strncpy()/strlcpy()/g
    - Revert “tools: s/strncpy()/strlcpy()/g”
    - tools: s/strncpy()/memcpy()/
    - doc: Add “-d/–daemon” option to Japanese lxc-execute(1)
    - doc: Fix size unit style in Japanese lxc.container.conf(5)
    - coverity: #1435604
    - coverity: #1435603
    - coverity: #1435602
    - coverity: #1425844
    - config: allow read-write /sys in user namespace
    - coverity: #1425836
    - coverity: #1248106
    - capabilities: raise ambient capabilities
    - coverity: #1425802
    - cgroups: refactor cgroup handling
    - cgroups: remove freezer_state()
    - seccomp: #ifdef SCMP_ARCH_AARCH64
    - conf: simplify write_id_mapping()
    - log: enable per-thread container name prefix
    - lxc-init: skip signals that can’t be caught
    - execute: use execveat() syscall if supported
    - tools: only create log file when requested
    - seccomp: fix off-by-one error in array allocation for sscanf
    - seccomp: remove confusing comment line
    - seccomp: remove unnecessary memset
    - seccomp: fix type mismatch when parsing syscall arguments filters
    - lxcseccomp: cleanup header
    - seccomp: parse_config_v1()
    - utils: add remove_trailing_newlines()
    - seccomp: get_v2_default_action()
    - seccomp: get_action_name()
    - seccomp: get_v2_action()
    - seccomp: fix get_seccomp_arg_value()
    - seccomp: parse_v2_rules()
    - seccomp: move #ifdefines
    - seccomp: get_hostarch()
    - seccomp: scmp_filter_ctx get_new_ctx()
    - seccomp: do_resolve_add_rule()
    - seccomp: parse_config_v2()
    - seccomp: parse_config()
    - seccomp: lxc_read_seccomp_config()
    - tree-wide: s/sigprocmask/pthread_sigmask()/g
    - utils: fix task_blocking_signal()
    - lxccontainer: fix fd leaks when sending signals
    - confile: order architectures
    - start: log setns() failure
    - seccomp: leak fixup
    - seccomp: re-add action parse error handling
    - seccomp: refactor line handling of parse_config
    - seccomp: error on unrecognized actions
    - seccomp: lxc_read_seccomp_config()
    - seccomp: parse_v2_rules()
    - seccomp: make do_resolve_add_rule() more strict
    - tools: fix lxc-create with global config value
    - tools: fix lxc-create with global config value II
    - coverity: #1435806
    - coverity: #1435805
    - coverity: #1435803
    - coverity: #1435747
    - conf: non-functional changes
    - conf: make is_execute a boolean
    - conf: non-functional changes
    - conf: make close_all_fds a boolean
    - conf: reshuffle mount members
    - conf: simplify tty handling
    - conf: pts -> pty_max
    - conf: non-functional changes
    - utils: fix task_blocking_signal()
    - network: fix socket handle leak
    - start: do not init ns_clone_flags to -1
    - conf: ensure lxc_delete_tty() does not crash
    - start: add reboot macros
    - conf: make root idmap structs const
    - conf: make tmp_umount_proc bool
    - conf: non-functional changes
    - conf: va_end was not called.
    - confile: improve strprint()
    - change defines for return value of handlers
    - start: fix waitpid() blocking issue
    - start: log unknown info.si_code
    - tree-wide: fix mode of some files
    - confile_utils: apply strprint()
    - templates: actually create DOWNLOAD_TEMP directory
    - templates: fix download template
    - Patch lxc-update-config

  * Bump standard to 4.1.4

 -- Stéphane Graber <email address hidden>  Tue, 05 Jun 2018 17:05:49 -0400

Available diffs

• diff from 3.0.0-0ubuntu2 to 3.0.1-0ubuntu1~18.04.1 (69.7 KiB)

lxc (3.0.1-0ubuntu1) cosmic; urgency=medium

  * New upstream bugfix release:
    - tools: fix unitialized variable
    - storage: fix lvm fs uuid generation
    - lxc-oci: fix Cmd/Entrypoint parsing
    - lxc-oci: make umoci less verbose
    - lxclock: use thread-safe OFD fcntl() locks
    - locktests: fix test suite
    - conf: ensure umounts don’t propagate to host
    - doc: Tweak Japanese translation in lxc.container.conf(5)
    - fix signal sending in lxc.init
    - rootfs pinning: On NFS, make file hidden but don’t delete it
    - conf: fix temporary file creation
    - ringbuf: fix temporary file creation
    - Fix compilation with static libcap and shared gnutls
    - attach: always drop supplementary groups
    - lxc init: remove dead code
    - storage/rsync: free memory on error
    - tools/utils: free memory on error
    - lxc init: coding style
    - utils: define __NR_setns if missing on old glibcs
    - attach: try to always drop supplementary groups
    - conf: ret-try devpts mount without gid=5 on error
    - execute: fix app containers without root mapping
    - conf: fix net type checks in run_script_argv()
    - seccomp: handle arch inversion
    - seccomp: handle all errors
    - seccomp: cleanup compat architecture handling
    - seccomp: improve logging
    - tools: document -d/–daemonize for lxc-execute
    - seccomp: non-functional changes
    - seccomp: handle arch inversion II
    - lxc-oci: mkdir the download directory
    - do_lxcapi_create: set umask
    - lxc/tools/lxc_monitor: include missing <stddef.h>
    - pam-cgfs: ignore the system umask when creating the cgroup hierarchy
    - Also pass action scripts to CRIU on checkpointing
    - Fix the memory leak in cgfsng_attach
    - Fix memory leak in list_active_containers
    - Fix tool_utils.c build when HAVE_SETNS is unset
    - coverity: #1435210
    - coverity: #1435208
    - coverity: #1435207
    - coverity: #1435206
    - coverity: #1435205
    - coverity: #1435203
    - coverity: #1435200
    - coverity: #1435198
    - coverity: #1426734
    - lxccontainer: non-functional changes
    - lxccontainer: use thread-safe OFD locks
    - lxccontainer: non-functional changes
    - lxccontainer: do_lxcapi_is_running()
    - lxccontainer: do_lxcapi_freeze()
    - lxccontainer: do_lxcapi_unfreeze()
    - lxccontainer: non-functional changes
    - lxccontainer: use thread-safe open() + write()
    - lxccontainer: non-functional changes
    - lxccontainer: non-functional changes
    - lxccontainer: non-functional changes
    - coverity: #1435263
    - fix logic for execute log file
    - utils: add LXC_PROC_PID_FD_LEN
    - execute: use static buffer
    - execute: do not check inherited fds again
    - add some TRACE/ERROR reporting
    - execute: account for -o path option count
    - execute: set init_path when existing init is found
    - genl: remove
    - coverity: #1248104
    - coverity: #1248105
    - coverity: #1425744
    - utils: account for terminating \0 byte
    - confile: satisfy gcc-8
    - network: silence gcc-8
    - network: adhere to IFNAMSIZ limit
    - support case ignored suffix for sizes
    - utils: fix parse_byte_size_string() coding style
    - strlcpy: add strlcpy() implementation
    - tree-wide: s/strncpy()/strlcpy()/g
    - CODING_STYLE: add section about using strlcpy()
    - tools: s/strncpy()/strlcpy()/g
    - Revert “tools: s/strncpy()/strlcpy()/g”
    - tools: s/strncpy()/memcpy()/
    - doc: Add “-d/–daemon” option to Japanese lxc-execute(1)
    - doc: Fix size unit style in Japanese lxc.container.conf(5)
    - coverity: #1435604
    - coverity: #1435603
    - coverity: #1435602
    - coverity: #1425844
    - config: allow read-write /sys in user namespace
    - coverity: #1425836
    - coverity: #1248106
    - capabilities: raise ambient capabilities
    - coverity: #1425802
    - cgroups: refactor cgroup handling
    - cgroups: remove freezer_state()
    - seccomp: #ifdef SCMP_ARCH_AARCH64
    - conf: simplify write_id_mapping()
    - log: enable per-thread container name prefix
    - lxc-init: skip signals that can’t be caught
    - execute: use execveat() syscall if supported
    - tools: only create log file when requested
    - seccomp: fix off-by-one error in array allocation for sscanf
    - seccomp: remove confusing comment line
    - seccomp: remove unnecessary memset
    - seccomp: fix type mismatch when parsing syscall arguments filters
    - lxcseccomp: cleanup header
    - seccomp: parse_config_v1()
    - utils: add remove_trailing_newlines()
    - seccomp: get_v2_default_action()
    - seccomp: get_action_name()
    - seccomp: get_v2_action()
    - seccomp: fix get_seccomp_arg_value()
    - seccomp: parse_v2_rules()
    - seccomp: move #ifdefines
    - seccomp: get_hostarch()
    - seccomp: scmp_filter_ctx get_new_ctx()
    - seccomp: do_resolve_add_rule()
    - seccomp: parse_config_v2()
    - seccomp: parse_config()
    - seccomp: lxc_read_seccomp_config()
    - tree-wide: s/sigprocmask/pthread_sigmask()/g
    - utils: fix task_blocking_signal()
    - lxccontainer: fix fd leaks when sending signals
    - confile: order architectures
    - start: log setns() failure
    - seccomp: leak fixup
    - seccomp: re-add action parse error handling
    - seccomp: refactor line handling of parse_config
    - seccomp: error on unrecognized actions
    - seccomp: lxc_read_seccomp_config()
    - seccomp: parse_v2_rules()
    - seccomp: make do_resolve_add_rule() more strict
    - tools: fix lxc-create with global config value
    - tools: fix lxc-create with global config value II
    - coverity: #1435806
    - coverity: #1435805
    - coverity: #1435803
    - coverity: #1435747
    - conf: non-functional changes
    - conf: make is_execute a boolean
    - conf: non-functional changes
    - conf: make close_all_fds a boolean
    - conf: reshuffle mount members
    - conf: simplify tty handling
    - conf: pts -> pty_max
    - conf: non-functional changes
    - utils: fix task_blocking_signal()
    - network: fix socket handle leak
    - start: do not init ns_clone_flags to -1
    - conf: ensure lxc_delete_tty() does not crash
    - start: add reboot macros
    - conf: make root idmap structs const
    - conf: make tmp_umount_proc bool
    - conf: non-functional changes
    - conf: va_end was not called.
    - confile: improve strprint()
    - change defines for return value of handlers
    - start: fix waitpid() blocking issue
    - start: log unknown info.si_code
    - tree-wide: fix mode of some files
    - confile_utils: apply strprint()
    - templates: actually create DOWNLOAD_TEMP directory
    - templates: fix download template
    - Patch lxc-update-config

  * Bump standard to 4.1.4

 -- Stéphane Graber <email address hidden>  Tue, 05 Jun 2018 17:05:49 -0400

Available diffs

• diff from 3.0.0-0ubuntu2 to 3.0.1-0ubuntu1 (69.6 KiB)

lxc (3.0.0-0ubuntu2) bionic; urgency=medium

  * Add missing breaks/replaces for lxc-init moving from lxc1 to
    liblxc-common (LP: #1760609).

 -- Stéphane Graber <email address hidden>  Mon, 02 Apr 2018 11:56:45 -0400

Available diffs

• diff from 3.0.0-0ubuntu1 to 3.0.0-0ubuntu2 (571 bytes)

lxc (3.0.0-0ubuntu1) bionic; urgency=medium

  * New upstream LTS release:
    - LXC 3.0 will be supported until June 2023.
    - Announcement: https://linuxcontainers.org/lxc/news/

 -- Stéphane Graber <email address hidden>  Wed, 28 Mar 2018 00:07:48 -0400

Available diffs

• diff from 3.0.0~beta4-0ubuntu1 to 3.0.0-0ubuntu1 (4.2 KiB)

lxc (3.0.0~beta4-0ubuntu1) bionic; urgency=medium

  * New upstream beta (3.0.0~beta4)

 -- Stéphane Graber <email address hidden>  Mon, 26 Mar 2018 23:40:44 -0400

Available diffs

• diff from 3.0.0~beta3-0ubuntu1 to 3.0.0~beta4-0ubuntu1 (4.8 KiB)

lxc (3.0.0~beta3-0ubuntu1) bionic; urgency=medium

  * New upstream beta (3.0.0~beta3)

 -- Stéphane Graber <email address hidden>  Fri, 23 Mar 2018 16:25:55 -0400

Available diffs

• diff from 3.0.0~beta2-0ubuntu2 to 3.0.0~beta3-0ubuntu1 (6.7 KiB)

lxc (3.0.0~beta2-0ubuntu2) bionic; urgency=medium

  * Move LXC's init and init.static to liblxc-common

 -- Stéphane Graber <email address hidden>  Mon, 19 Mar 2018 18:36:31 -0400

Available diffs

• diff from 3.0.0~beta1-0ubuntu3 to 3.0.0~beta2-0ubuntu2 (39.1 KiB)
• diff from 3.0.0~beta2-0ubuntu1 to 3.0.0~beta2-0ubuntu2 (994 bytes)

lxc (3.0.0~beta2-0ubuntu1) bionic; urgency=medium

  * New upstream beta (3.0.0~beta2)

 -- Stéphane Graber <email address hidden>  Mon, 19 Mar 2018 17:43:49 -0400

Available diffs

• diff from 3.0.0~beta1-0ubuntu3 to 3.0.0~beta2-0ubuntu1 (38.4 KiB)

lxc (3.0.0~beta1-0ubuntu3) bionic; urgency=medium

  * Make liblxc-common conflicts/replaces lxc-common rather than
    breaks/replaces.

 -- Stéphane Graber <email address hidden>  Mon, 05 Mar 2018 04:31:40 -0500

Available diffs

• diff from 2.1.1-0ubuntu1 to 3.0.0~beta1-0ubuntu3 (624.9 KiB)
• diff from 3.0.0~beta1-0ubuntu2 to 3.0.0~beta1-0ubuntu3 (620 bytes)

lxc (3.0.0~beta1-0ubuntu2) bionic; urgency=medium

  * Fix autopkgtest
    - Record timing of tests in autopkgtest.
    - Disable the lxc-test-state-server test due to broken busybox.

 -- Stéphane Graber <email address hidden>  Fri, 02 Mar 2018 17:20:11 -0500

Available diffs

• diff from 3.0.0~beta1-0ubuntu1 to 3.0.0~beta1-0ubuntu2 (753 bytes)

lxc (3.0.0~beta1-0ubuntu1) bionic; urgency=medium

  * New upstream beta (3.0.0~beta1)
  * Remove lxc-templates, now its own source
    - Move lxc-templates from recommends to suggests
    - liblxc-common now replaces part of lxc-templates
  * Remove python3-lxc, now its own source
  * Add libpam-cgfs (moved from lxcfs)

 -- Stéphane Graber <email address hidden>  Thu, 01 Mar 2018 14:02:28 -0500

Available diffs

• diff from 2.1.1-0ubuntu4 to 3.0.0~beta1-0ubuntu1 (615.2 KiB)

lxc (2.1.1-0ubuntu4) bionic; urgency=medium

  * Loosen dependency on lxc-templates ahead of LXC 3.0.

 -- Stéphane Graber <email address hidden>  Wed, 28 Feb 2018 18:33:11 -0500

Available diffs

• diff from 2.1.1-0ubuntu3 to 2.1.1-0ubuntu4 (485 bytes)

lxc (2.1.1-0ubuntu3) bionic; urgency=medium

  * Drop lxc-utils dependency on python3-lxc.

 -- Stéphane Graber <email address hidden>  Wed, 28 Feb 2018 18:26:35 -0500

Available diffs

• diff from 2.1.1-0ubuntu2 to 2.1.1-0ubuntu3 (469 bytes)

lxc (2.1.1-0ubuntu2) bionic; urgency=medium

  * Drop some packages ahead of LXC 3.0:
    - lxc-tests (not needed for autopkgtests anymore)
    - lua-lxc (unused and moved out of tree upstream)

  * Rename packages:
    - lxc1 to lxc-utils (lxc1 becomes transitional)
    - lxc-common to liblxc-common
    - lxc-dev to liblxc-dev (lxc-dev becomes transitional)

  * Update debian/tests/exercise
    - Make it build the test binaries

  * Drop backward compatibility code for pre-16.04 Ubuntu

  * Update to current standards
    - Fix trailing whitespaces in debian/changelog
    - Move debian/source.lintian-overrides to debian/lintian-overrides
    - Update all URLs in debian/changelog to https
    - Bump compat to 10
    - Bump standards to 4.1.3
    - Drop --with autotools_dev from debian/rules
    - Bump debhelper dependency to 10 or higher
    - Drop dh-autoreconf, autotools-dev and dh-systemd build-dependencies
    - Drop un-needed lintian source overrides

 -- Stéphane Graber <email address hidden>  Mon, 26 Feb 2018 16:01:23 -0500

Available diffs

• diff from 2.1.1-0ubuntu1 to 2.1.1-0ubuntu2 (11.0 KiB)