-
lxc (1.0.0~alpha1-0ubuntu14.1) saucy-security; urgency=low
* SECURITY UPDATE: privilege escalation via sshd template (LP: #1261045)
- debian/patches/CVE-2013-6441.patch: don't bind-mount /sbin/init
read-write in templates/lxc-sshd.in.
- CVE-2013-6441
-- Marc Deslauriers <email address hidden> Thu, 16 Jan 2014 08:55:20 -0500
-
lxc (1.0.0~alpha1-0ubuntu14) saucy-proposed; urgency=low
* d/p/0014-lxc-start-if-we-pass-in-a-config-file-then-don-t-use.patch
fix lxc-start -with -f option to not use multiple configuration
files (LP: #1251352)
-- Serge Hallyn <email address hidden> Mon, 18 Nov 2013 10:08:53 -0600
-
lxc (1.0.0~alpha1-0ubuntu13) saucy-proposed; urgency=low
* debian/rules and debian/lxc.postinst: set /var/lib/lxc and /var/cache/lxc
to be perms 700. That prevents unprivileged users from running setuid-root
applications. Install that way by default, and for any previous versions,
update the permissions. After this version, respect the user's choice.
(LP: #1244635)
-- Serge Hallyn <email address hidden> Mon, 04 Nov 2013 08:12:35 -0600
-
lxc (1.0.0~alpha1-0ubuntu12) saucy-proposed; urgency=low
* 0012-ubuntu-Improper-pty-permissions.patch: fix pty permissions
(LP: #1242913)
* 0013-get-rid-of-lxcpath_anon-idea.patch: make containers started with
a custom config easier to manage. (LP: #1244301)
-- Serge Hallyn <email address hidden> Fri, 25 Oct 2013 15:42:27 -0500
-
lxc (1.0.0~alpha1-0ubuntu11) saucy; urgency=low
* Deny any kind of access to /sys/kernel/security/** as the containers
have no reason to read that and it's been causing dbus-daemon to think
it can integrate with apparmor.
-- Stephane Graber <email address hidden> Thu, 10 Oct 2013 12:58:54 -0400
-
lxc (1.0.0~alpha1-0ubuntu10) saucy; urgency=low
[ Serge Hallyn ]
* Cherrypicking bugfix from upstream
- 0011-ubuntu-cloud-prep-hook-fix-debug-helper-to-not-inapp.patch
[ Stéphane Graber ]
* On saucy and higher, add "dbus," to the container-base profile.
(done that way as LXC is backported down to 12.04)
-- Stephane Graber <email address hidden> Wed, 09 Oct 2013 14:04:23 -0400
-
lxc (1.0.0~alpha1-0ubuntu9) saucy; urgency=low
* Update patch with current upstream version (LP: #1236726)
- 0009-lxc-ubuntu-cloud-pass-numeric-owner-and-p-to-untar.patch
* Cherrypicking bugfix from upstream
- 0010-lxc-ubuntu-cloud-Cope-with-spaces-in-paths.patch
-- Stephane Graber <email address hidden> Tue, 08 Oct 2013 11:11:33 -0400
-
lxc (1.0.0~alpha1-0ubuntu8) saucy; urgency=low
* Add a recommends on uuid-runtime to lxc-templates as the
ubuntu-cloud template uses uuidgen.
-- Stephane Graber <email address hidden> Mon, 07 Oct 2013 17:35:56 -0400
-
lxc (1.0.0~alpha1-0ubuntu7) saucy; urgency=low
* Cherrypicking bugfix from upstream (LP: #1236577)
- 0009-lxc-ubuntu-cloud-pass-numeric-owner-and-p-to-untar.patch
-- Serge Hallyn <email address hidden> Mon, 07 Oct 2013 16:17:27 -0500
-
lxc (1.0.0~alpha1-0ubuntu6) saucy; urgency=low
* Cherrypicking bugfix from upstream
- 0008-Fix-crasher-in-get_ips.patch
(Fixes lxc-list on Ubuntu Touch amongst other cases)
-- Stephane Graber <email address hidden> Sun, 29 Sep 2013 20:52:53 -0400
-
lxc (1.0.0~alpha1-0ubuntu5) saucy; urgency=low
* Cherrypicking bugfix from upstream (LP: #1227313)
- 0001-apparmor.c-drop-newline-when-reading-current-profile.patch
-- Serge Hallyn <email address hidden> Fri, 27 Sep 2013 15:14:24 -0500
-
lxc (1.0.0~alpha1-0ubuntu4) saucy; urgency=low
* modify 0006-add-pstore-to-container-fstab.patch: make pstore mount
optional.
-- Serge Hallyn <email address hidden> Mon, 16 Sep 2013 11:50:05 -0500
-
lxc (1.0.0~alpha1-0ubuntu3) saucy; urgency=low
* Cherrypick bugfix from upstream
(pre-mount pstore to avoid mountall hanging at boot time):
- 0006-add-pstore-to-container-fstab.patch
-- Stephane Graber <email address hidden> Fri, 13 Sep 2013 16:57:29 -0400
-
lxc (1.0.0~alpha1-0ubuntu2) saucy; urgency=low
* Add allow-stderr to autopkgtst restrictions as the Ubuntu template
uses policy-rc.d to disable some daemons and that causes a message to
be printed on stderr when the service tries to start.
-- Stephane Graber <email address hidden> Thu, 12 Sep 2013 13:57:17 -0400
-
lxc (1.0.0~alpha1-0ubuntu1) saucy; urgency=low
* New upstream release (LP: #1218426)
- A very long list of bugfixes, including:
(LP: #1081786, LP: #1029777, LP: #987770, LP: #1212290, LP: #1199146,
LP: #1124526, LP: #1014916, LP: #1212414, LP: #1168526, LP: #1135871)
* Removed patches:
- transition/00-redirect-lxc-halt.patch
- 0001-fix-race-with-fast-init
- 0002-lxc-functions-safe-in-dash
- 0003-python-module-fixes
- 0004-lxc-ps-handle-cgroup-collisions.patch
- 0005-cgroup-prevent-DOS-when-a-hierachy-is-mounted-multip.patch
- 0006-lxc-clone-fix-lvm-blockdev-usage
- 0007-lxc.conf.doc
- 0008-ignore-rootfs-pin-fail.patch
- 0009-conf.c-if-we-don-t-specify-a-rootfs-we-still-need-pr.patch
- conf.c-always-strdup-rootfs.mount
- 0011-cgroup-hook-handle-stricter-kernel
- 0012-add-kernel-filesystems-to-fstab
- 0013-ubuntu-cloud-fix-hostid
- 0014-lxc-apparmor-null-terminate-buffer
- 0015-fix-ipv6-pton
* Refreshed patches:
- transition/00-redirect-lxc-list.patch
- 0000-add-autostart.patch
- 0001-debian-template-set-hwaddr
* New patches (fix regression when /var/lib/lxc is read-only):
- 0002-pin_rootfs-be-quiet-and-don-t-fail-container-start.patch
- 0003-move-monitor-fifo-and-monitor-sock-to-run.patch
- 0004-hash-lxcname-for-use-in-monitor-unix-socket-sun_path.patch
- 0005-ignore-ability-to-init-lxc-monitord.log.patch
* Updated debian/copyright to reflect reality.
* Fix lxc-template's short description.
* Replace the cloud-utils recommends by cloud-image-utils | cloud-utils
to use the new saucy package and still allow for easy backports.
(LP: #1224545)
-- Stephane Graber <email address hidden> Thu, 12 Sep 2013 12:45:05 -0400
-
lxc (0.9.0-0ubuntu23) saucy; urgency=low
* 0014-lxc-apparmor-null-terminate-buffer: make sure a value we fread is
null-terminated (LP: #1215386)
* 0015-fix-ipv6-pton: call inet_pton on the value without the netmask.
(LP: #1215391)
-- Serge Hallyn <email address hidden> Fri, 23 Aug 2013 11:39:55 -0500
-
lxc (0.9.0-0ubuntu22) saucy; urgency=low
* ubuntu-cloud: fix typo keeping --hostid from working (LP: #1197357)
-- Serge Hallyn <email address hidden> Thu, 15 Aug 2013 14:40:58 -0500
-
lxc (0.9.0-0ubuntu21) saucy; urgency=low
* Fix autopkgtest failure by unsetting TMPDIR in the test.
-- Stephane Graber <email address hidden> Fri, 09 Aug 2013 16:30:47 +0200
-
lxc (0.9.0-0ubuntu20) saucy; urgency=low
* Build-depend on hardening-wrapper to meet MIR security requirements.
This is done instead of using the new dpkg-buildflags as those are a pain
to get to work when building both binaries and libraries when using -PIE.
-- Stephane Graber <email address hidden> Fri, 09 Aug 2013 14:33:59 +0200
-
lxc (0.9.0-0ubuntu19) saucy; urgency=low
* Add variable in /etc/default/lxc-net to optionally resolve .lxc on
lxcbr0.
-- Serge Hallyn <email address hidden> Tue, 06 Aug 2013 09:03:59 -0500
-
lxc (0.9.0-0ubuntu18) saucy; urgency=low
* 0012-add-kernel-filesystems-to-fstab: saucy containers will fail to start
unless security, debug, and connections are pre-mounted.
-- Serge Hallyn <email address hidden> Thu, 25 Jul 2013 22:01:02 -0500
-
lxc (0.9.0-0ubuntu17) saucy; urgency=low
* 0011-cgroup-hook-handle-stricter-kernel: fix the mountcgroups hook in the
face of new restrictions imposed by the kernel on devices cgroups.
(LP: #1196518)
-- Serge Hallyn <email address hidden> Fri, 05 Jul 2013 20:44:57 +0200
-
lxc (0.9.0-0ubuntu16) saucy; urgency=low
* conf.c-always-strdup-rootfs.mount: prevent segfault when using
lxc.rootfs.mount.
-- Serge Hallyn <email address hidden> Mon, 01 Jul 2013 15:29:17 -0500
-
lxc (0.9.0-0ubuntu15) saucy; urgency=low
* lxc-net: support an optional dnsmasq configuration file.
* 0010-debian-template-set-hwaddr: set persistent macaddr when creating a
debian container (LP: #1080681)
* lxc.apport: add /etc/lxc/{dnsmasq,default,lxc}.conf and
/etc/default/lxc{,-net}.conf
-- Serge Hallyn <email address hidden> Tue, 11 Jun 2013 07:47:32 -0500
-
lxc (0.9.0-0ubuntu14) saucy; urgency=low
* 0009-conf.c-if-we-don-t-specify-a-rootfs-we-still-need-pr.patch: if
apparmor is enabled and no rootfs was specified, then re-mount /proc
so that we can write the requested apparmor profile under /proc/1.
(LP: #1188501)
-- Serge Hallyn <email address hidden> Mon, 10 Jun 2013 09:27:32 -0500
-
lxc (0.9.0-0ubuntu13) saucy; urgency=low
* 0008-ignore-rootfs-pin-fail.patch: don't refuse to start a container
on readonly fs.
-- Serge Hallyn <email address hidden> Wed, 05 Jun 2013 21:35:40 +0200
-
lxc (0.9.0-0ubuntu12) saucy; urgency=low
* 0007-lxc.conf.doc: Fill in missing sections in lxc.conf(5) manual
page (LP: 1182085)
-- Serge Hallyn <email address hidden> Tue, 28 May 2013 13:23:57 -0500
-
lxc (0.9.0-0ubuntu11) saucy; urgency=low
* lxc-net: deal with the fact that some kernels may not have the needed
network bridge support.
-- Stephane Graber <email address hidden> Tue, 28 May 2013 10:52:22 -0400
-
lxc (0.9.0-0ubuntu10) saucy; urgency=low
* Rebuild-only upload (LP: #1183807)
-- Serge Hallyn <email address hidden> Fri, 24 May 2013 10:51:44 -0500
-
lxc (0.9.0-0ubuntu9) saucy; urgency=low
* 0006-lxc-clone-fix-lvm-blockdev-usage: fix use of wrong pathnames for both
block devices and mount targets in the LVM case. (LP: #1183354)
-- Serge Hallyn <email address hidden> Thu, 23 May 2013 14:22:38 -0500
-
lxc (0.9.0-0ubuntu8) saucy; urgency=low
[ James Hunt ]
* Add basic DEP-8 tests to ensure a container can be created, started,
stopped and cloned.
-- James Hunt <email address hidden> Tue, 21 May 2013 14:44:12 +0100
-
lxc (0.9.0-0ubuntu7) saucy; urgency=low
* 0005-cgroup-prevent-DOS-when-a-hierachy-is-mounted-multip.patch: prevent
DOS when a cgroup hierarchy is mounted multiple times (LP: #1176287)
-- Serge Hallyn <email address hidden> Wed, 15 May 2013 22:19:59 +0000
-
lxc (0.9.0-0ubuntu6) saucy; urgency=low
* debian/lxc.default, debian/lxc.preinst: calculate an open 10.0.x.0 network
for lxcbr0 to use at package install time. This allows easier package
installion when nested.
-- Serge Hallyn <email address hidden> Tue, 14 May 2013 14:34:51 -0500
-
lxc (0.9.0-0ubuntu5) saucy; urgency=low
* push 0004-lxc-ps-handle-cgroup-collisions.patch from upstream to handle
the case where $container's cgroup is
/sys/fs/cgroup/$cgroup/lxc/$container-1.
-- Serge Hallyn <email address hidden> Wed, 08 May 2013 16:02:44 -0500
-
lxc (0.9.0-0ubuntu4) saucy; urgency=low
* Fix lxc-list crashing when passed --nesting with nested containers.
(LP: #1177408)
* Fix lxc-ls to show nested containers when using alternate lxcpath.
(LP: #1177412)
* Fix python3 API bug leading to parameter corruption in create and start.
(LP: #1177400)
-- Stephane Graber <email address hidden> Tue, 07 May 2013 10:48:40 -0400
-
lxc (0.9.0-0ubuntu3) raring; urgency=low
* 0003-python-module-fixes: Cherry pick python module bugfixes from upstream.
* Update deprecation warning for lxc-halt and lxc-list, moving the
deprecation from 0.9 to 1.0.
-- Stephane Graber <email address hidden> Thu, 18 Apr 2013 22:29:39 +0200