[Touch-packages] [Bug 1691911] Re: SRU of LXC 2.0.8
** Changed in: lxc (Ubuntu Zesty) Status: Fix Committed => Fix Released -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to lxc in Ubuntu. https://bugs.launchpad.net/bugs/1691911 Title: SRU of LXC 2.0.8 Status in lxc package in Ubuntu: Fix Released Status in lxc source package in Trusty: New Status in lxc source package in Xenial: Fix Released Status in lxc source package in Yakkety: Fix Released Status in lxc source package in Zesty: Fix Released Status in lxc source package in Artful: Fix Released Bug description: LXC upstream released LXC 2.0.8 as a bugfix release with following changelog: - Security fix for CVE-2017-5985 (previously fixed in Ubuntu) - All templates have been updated to not set default passwords anymore, instead requiring lxc-attach be used to configure users. This may affect some automated environments that were relying on our default (very much insecure) users. - Make lxc-start-ephemeral Python 3.2-compatible - Fix typo - Allow build without sys/capability.h - lxc-opensuse: fix default value for release code - util: always malloc for setproctitle - util: update setproctitle comments - confile: clear lxc.network..ipv{4,6} when empty - lxc_setup_tios(): Ignore SIGTTOU and SIGTTIN signals - Make lxc-net return non-zero on failure - seccomp: allow x32 guests on amd64 hosts. - Add HAVE_LIBCAP - c/r: only supply --ext-mount-map for bind mounts - Added 'mkdir -p' functionality in create_or_remove_cgroup - Use LXC_ROOTFS_MOUNT in clonehostname hook - squeeze is not a supported release anymore, drop the key - start: dumb down SIGCHLD from WARN() to NOTICE() - log: fix lxc_unix_epoch_to_utc() - cgfsng: make trim() safer - seccomp: set SCMP_FLTATR_ATL_TSKIP if available - lxc-user-nic: re-order #includes - lxc-user-nic: improve + bugfix - lxc-user-nic: delete link on failure - conf: only try to delete veth when privileged - Fix lxc-containers to support multiple bridges - Fix mixed tab/spaces in previous patch - lxc-alpine: use dl-cdn.a.o as default mirror instead of random one - lxc-checkconfig: verify new[ug]idmap are setuid-root - [templates] archlinux: resolve conflicting files - [templates] archlinux: noneed default_timezone variable - python3: Deal with potential NULL char* - lxc-download.in / allow setting keyserver from env - lxc-download.in / Document keyserver change in help - Change variable check to match existing style - tree-wide: include directly - conf/ile: make sure buffer is large enough - tree-wide: include directly - tests: Support running on IPv6 networks - tests: Kill containers (don't wait for shutdown) - Fix opening wrong file in suggest_default_idmap - do not set the root password in the debian template - do not set insecure passwords - don't set a default password for altlinux, gentoo, openmandriva and pld - tools: exit with return code of lxc_execute() - Keep veth.pair.name on network shutdown - Makefile: fix static clang init.lxc build - Avoid waiting for bridge interface if disabled in sysconfig/lxc - Increased buffer length in print_stats() - avoid assigning to a variable which is not POSIX shell proof (bug #1498) - remove obsolete note about api stability - conf: less error prone pointer access - conf: lxc_map_ids() non-functional changes - caps: add lxc_{proc,file}_cap_is_set() - conf: check for {filecaps,setuid} on new{g,u}idmap - conf: improve log when mounting rootfs - ls: simplify the judgment condition when list active containers - fix typo introduced in #1509 - attach|unshare: fix the wrong comment - caps: skip file capability checks on android - autotools: check for cap_get_file - caps: return false if caps are not supported - conf: non-functional changes to setup_pts() - conf: use bind-mount for /dev/ptmx - conf: non-functional changes - utils: use loop device helpers from LXD - create ISSUE_TEMPLATE.md - cgroups: improve cgfsng debugging - issue template: fix typo - conf: close fd in lxc_setup_devpts() - conf: non-functional changes - utils: tweak lxc_mount_proc_if_needed() - Change sshd template to work with Ubuntu 17.04 - conf: order mount options - conf: add MS_LAZYTIME to mount options - monitor: report errno on exec() error - af unix: allow for maximum socket name - commands: avoid NULL pointer dereference - commands: non-functional changes - lxccontainer: avoid NULL pointer dereference - monitor: simplify abstract socket logic - precise is not the
[Touch-packages] [Bug 1691911] Re: SRU of LXC 2.0.8
This has been in the development release and our PPA for a while now without any report of regressions. Releasing. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to lxc in Ubuntu. https://bugs.launchpad.net/bugs/1691911 Title: SRU of LXC 2.0.8 Status in lxc package in Ubuntu: Fix Released Status in lxc source package in Trusty: New Status in lxc source package in Xenial: Fix Released Status in lxc source package in Yakkety: Fix Released Status in lxc source package in Zesty: Fix Released Status in lxc source package in Artful: Fix Released Bug description: LXC upstream released LXC 2.0.8 as a bugfix release with following changelog: - Security fix for CVE-2017-5985 (previously fixed in Ubuntu) - All templates have been updated to not set default passwords anymore, instead requiring lxc-attach be used to configure users. This may affect some automated environments that were relying on our default (very much insecure) users. - Make lxc-start-ephemeral Python 3.2-compatible - Fix typo - Allow build without sys/capability.h - lxc-opensuse: fix default value for release code - util: always malloc for setproctitle - util: update setproctitle comments - confile: clear lxc.network..ipv{4,6} when empty - lxc_setup_tios(): Ignore SIGTTOU and SIGTTIN signals - Make lxc-net return non-zero on failure - seccomp: allow x32 guests on amd64 hosts. - Add HAVE_LIBCAP - c/r: only supply --ext-mount-map for bind mounts - Added 'mkdir -p' functionality in create_or_remove_cgroup - Use LXC_ROOTFS_MOUNT in clonehostname hook - squeeze is not a supported release anymore, drop the key - start: dumb down SIGCHLD from WARN() to NOTICE() - log: fix lxc_unix_epoch_to_utc() - cgfsng: make trim() safer - seccomp: set SCMP_FLTATR_ATL_TSKIP if available - lxc-user-nic: re-order #includes - lxc-user-nic: improve + bugfix - lxc-user-nic: delete link on failure - conf: only try to delete veth when privileged - Fix lxc-containers to support multiple bridges - Fix mixed tab/spaces in previous patch - lxc-alpine: use dl-cdn.a.o as default mirror instead of random one - lxc-checkconfig: verify new[ug]idmap are setuid-root - [templates] archlinux: resolve conflicting files - [templates] archlinux: noneed default_timezone variable - python3: Deal with potential NULL char* - lxc-download.in / allow setting keyserver from env - lxc-download.in / Document keyserver change in help - Change variable check to match existing style - tree-wide: include directly - conf/ile: make sure buffer is large enough - tree-wide: include directly - tests: Support running on IPv6 networks - tests: Kill containers (don't wait for shutdown) - Fix opening wrong file in suggest_default_idmap - do not set the root password in the debian template - do not set insecure passwords - don't set a default password for altlinux, gentoo, openmandriva and pld - tools: exit with return code of lxc_execute() - Keep veth.pair.name on network shutdown - Makefile: fix static clang init.lxc build - Avoid waiting for bridge interface if disabled in sysconfig/lxc - Increased buffer length in print_stats() - avoid assigning to a variable which is not POSIX shell proof (bug #1498) - remove obsolete note about api stability - conf: less error prone pointer access - conf: lxc_map_ids() non-functional changes - caps: add lxc_{proc,file}_cap_is_set() - conf: check for {filecaps,setuid} on new{g,u}idmap - conf: improve log when mounting rootfs - ls: simplify the judgment condition when list active containers - fix typo introduced in #1509 - attach|unshare: fix the wrong comment - caps: skip file capability checks on android - autotools: check for cap_get_file - caps: return false if caps are not supported - conf: non-functional changes to setup_pts() - conf: use bind-mount for /dev/ptmx - conf: non-functional changes - utils: use loop device helpers from LXD - create ISSUE_TEMPLATE.md - cgroups: improve cgfsng debugging - issue template: fix typo - conf: close fd in lxc_setup_devpts() - conf: non-functional changes - utils: tweak lxc_mount_proc_if_needed() - Change sshd template to work with Ubuntu 17.04 - conf: order mount options - conf: add MS_LAZYTIME to mount options - monitor: report errno on exec() error - af unix: allow for maximum socket name - commands: avoid NULL pointer dereference - commands: non-functional changes - lxccontainer: avoid NULL pointer dereference - monitor: simplify abstract soc
[Touch-packages] [Bug 1691911] Re: SRU of LXC 2.0.8
This bug was fixed in the package lxc - 2.0.8-0ubuntu1~16.10.2 --- lxc (2.0.8-0ubuntu1~16.10.2) yakkety; urgency=medium * Cherry-pick upstream workaround for ppc64el failure: - 0011-utils-fix-ppc64le-builds.patch -- Stéphane Graber Mon, 29 May 2017 14:39:52 -0400 -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to lxc in Ubuntu. https://bugs.launchpad.net/bugs/1691911 Title: SRU of LXC 2.0.8 Status in lxc package in Ubuntu: Fix Released Status in lxc source package in Trusty: New Status in lxc source package in Xenial: Fix Released Status in lxc source package in Yakkety: Fix Released Status in lxc source package in Zesty: Fix Released Status in lxc source package in Artful: Fix Released Bug description: LXC upstream released LXC 2.0.8 as a bugfix release with following changelog: - Security fix for CVE-2017-5985 (previously fixed in Ubuntu) - All templates have been updated to not set default passwords anymore, instead requiring lxc-attach be used to configure users. This may affect some automated environments that were relying on our default (very much insecure) users. - Make lxc-start-ephemeral Python 3.2-compatible - Fix typo - Allow build without sys/capability.h - lxc-opensuse: fix default value for release code - util: always malloc for setproctitle - util: update setproctitle comments - confile: clear lxc.network..ipv{4,6} when empty - lxc_setup_tios(): Ignore SIGTTOU and SIGTTIN signals - Make lxc-net return non-zero on failure - seccomp: allow x32 guests on amd64 hosts. - Add HAVE_LIBCAP - c/r: only supply --ext-mount-map for bind mounts - Added 'mkdir -p' functionality in create_or_remove_cgroup - Use LXC_ROOTFS_MOUNT in clonehostname hook - squeeze is not a supported release anymore, drop the key - start: dumb down SIGCHLD from WARN() to NOTICE() - log: fix lxc_unix_epoch_to_utc() - cgfsng: make trim() safer - seccomp: set SCMP_FLTATR_ATL_TSKIP if available - lxc-user-nic: re-order #includes - lxc-user-nic: improve + bugfix - lxc-user-nic: delete link on failure - conf: only try to delete veth when privileged - Fix lxc-containers to support multiple bridges - Fix mixed tab/spaces in previous patch - lxc-alpine: use dl-cdn.a.o as default mirror instead of random one - lxc-checkconfig: verify new[ug]idmap are setuid-root - [templates] archlinux: resolve conflicting files - [templates] archlinux: noneed default_timezone variable - python3: Deal with potential NULL char* - lxc-download.in / allow setting keyserver from env - lxc-download.in / Document keyserver change in help - Change variable check to match existing style - tree-wide: include directly - conf/ile: make sure buffer is large enough - tree-wide: include directly - tests: Support running on IPv6 networks - tests: Kill containers (don't wait for shutdown) - Fix opening wrong file in suggest_default_idmap - do not set the root password in the debian template - do not set insecure passwords - don't set a default password for altlinux, gentoo, openmandriva and pld - tools: exit with return code of lxc_execute() - Keep veth.pair.name on network shutdown - Makefile: fix static clang init.lxc build - Avoid waiting for bridge interface if disabled in sysconfig/lxc - Increased buffer length in print_stats() - avoid assigning to a variable which is not POSIX shell proof (bug #1498) - remove obsolete note about api stability - conf: less error prone pointer access - conf: lxc_map_ids() non-functional changes - caps: add lxc_{proc,file}_cap_is_set() - conf: check for {filecaps,setuid} on new{g,u}idmap - conf: improve log when mounting rootfs - ls: simplify the judgment condition when list active containers - fix typo introduced in #1509 - attach|unshare: fix the wrong comment - caps: skip file capability checks on android - autotools: check for cap_get_file - caps: return false if caps are not supported - conf: non-functional changes to setup_pts() - conf: use bind-mount for /dev/ptmx - conf: non-functional changes - utils: use loop device helpers from LXD - create ISSUE_TEMPLATE.md - cgroups: improve cgfsng debugging - issue template: fix typo - conf: close fd in lxc_setup_devpts() - conf: non-functional changes - utils: tweak lxc_mount_proc_if_needed() - Change sshd template to work with Ubuntu 17.04 - conf: order mount options - conf: add MS_LAZYTIME to mount options - monitor: report errno on exec() error - af unix: allow for maximum socket name -
[Touch-packages] [Bug 1691911] Re: SRU of LXC 2.0.8
This bug was fixed in the package lxc - 2.0.8-0ubuntu1~16.04.2 --- lxc (2.0.8-0ubuntu1~16.04.2) xenial; urgency=medium * Cherry-pick upstream workaround for ppc64el failure: - 0011-utils-fix-ppc64le-builds.patch -- Stéphane Graber Mon, 29 May 2017 14:37:15 -0400 ** Changed in: lxc (Ubuntu Xenial) Status: Fix Committed => Fix Released ** Changed in: lxc (Ubuntu Yakkety) Status: Fix Committed => Fix Released -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to lxc in Ubuntu. https://bugs.launchpad.net/bugs/1691911 Title: SRU of LXC 2.0.8 Status in lxc package in Ubuntu: Fix Released Status in lxc source package in Trusty: New Status in lxc source package in Xenial: Fix Released Status in lxc source package in Yakkety: Fix Released Status in lxc source package in Zesty: Fix Released Status in lxc source package in Artful: Fix Released Bug description: LXC upstream released LXC 2.0.8 as a bugfix release with following changelog: - Security fix for CVE-2017-5985 (previously fixed in Ubuntu) - All templates have been updated to not set default passwords anymore, instead requiring lxc-attach be used to configure users. This may affect some automated environments that were relying on our default (very much insecure) users. - Make lxc-start-ephemeral Python 3.2-compatible - Fix typo - Allow build without sys/capability.h - lxc-opensuse: fix default value for release code - util: always malloc for setproctitle - util: update setproctitle comments - confile: clear lxc.network..ipv{4,6} when empty - lxc_setup_tios(): Ignore SIGTTOU and SIGTTIN signals - Make lxc-net return non-zero on failure - seccomp: allow x32 guests on amd64 hosts. - Add HAVE_LIBCAP - c/r: only supply --ext-mount-map for bind mounts - Added 'mkdir -p' functionality in create_or_remove_cgroup - Use LXC_ROOTFS_MOUNT in clonehostname hook - squeeze is not a supported release anymore, drop the key - start: dumb down SIGCHLD from WARN() to NOTICE() - log: fix lxc_unix_epoch_to_utc() - cgfsng: make trim() safer - seccomp: set SCMP_FLTATR_ATL_TSKIP if available - lxc-user-nic: re-order #includes - lxc-user-nic: improve + bugfix - lxc-user-nic: delete link on failure - conf: only try to delete veth when privileged - Fix lxc-containers to support multiple bridges - Fix mixed tab/spaces in previous patch - lxc-alpine: use dl-cdn.a.o as default mirror instead of random one - lxc-checkconfig: verify new[ug]idmap are setuid-root - [templates] archlinux: resolve conflicting files - [templates] archlinux: noneed default_timezone variable - python3: Deal with potential NULL char* - lxc-download.in / allow setting keyserver from env - lxc-download.in / Document keyserver change in help - Change variable check to match existing style - tree-wide: include directly - conf/ile: make sure buffer is large enough - tree-wide: include directly - tests: Support running on IPv6 networks - tests: Kill containers (don't wait for shutdown) - Fix opening wrong file in suggest_default_idmap - do not set the root password in the debian template - do not set insecure passwords - don't set a default password for altlinux, gentoo, openmandriva and pld - tools: exit with return code of lxc_execute() - Keep veth.pair.name on network shutdown - Makefile: fix static clang init.lxc build - Avoid waiting for bridge interface if disabled in sysconfig/lxc - Increased buffer length in print_stats() - avoid assigning to a variable which is not POSIX shell proof (bug #1498) - remove obsolete note about api stability - conf: less error prone pointer access - conf: lxc_map_ids() non-functional changes - caps: add lxc_{proc,file}_cap_is_set() - conf: check for {filecaps,setuid} on new{g,u}idmap - conf: improve log when mounting rootfs - ls: simplify the judgment condition when list active containers - fix typo introduced in #1509 - attach|unshare: fix the wrong comment - caps: skip file capability checks on android - autotools: check for cap_get_file - caps: return false if caps are not supported - conf: non-functional changes to setup_pts() - conf: use bind-mount for /dev/ptmx - conf: non-functional changes - utils: use loop device helpers from LXD - create ISSUE_TEMPLATE.md - cgroups: improve cgfsng debugging - issue template: fix typo - conf: close fd in lxc_setup_devpts() - conf: non-functional changes - utils: tweak lxc_mount_proc_if_needed() - Change sshd template to work with Ubuntu 17.04 - conf: order
[Touch-packages] [Bug 1691911] Re: SRU of LXC 2.0.8
Hello Stéphane, or anyone else affected, Accepted lxc into zesty-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/lxc/2.0.8-0ubuntu1~17.04.1 in a few hours, and then in the -proposed repository. Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed.Your feedback will aid us getting this update out to other Ubuntu users. If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, and change the tag from verification-needed to verification-done. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed. In either case, details of your testing will help us make a better decision. Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance! ** Changed in: lxc (Ubuntu Zesty) Status: In Progress => Fix Committed ** Tags added: verification-needed ** Changed in: lxc (Ubuntu Yakkety) Status: In Progress => Fix Committed -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to lxc in Ubuntu. https://bugs.launchpad.net/bugs/1691911 Title: SRU of LXC 2.0.8 Status in lxc package in Ubuntu: Fix Released Status in lxc source package in Trusty: New Status in lxc source package in Xenial: Fix Committed Status in lxc source package in Yakkety: Fix Committed Status in lxc source package in Zesty: Fix Committed Status in lxc source package in Artful: Fix Released Bug description: LXC upstream released LXC 2.0.8 as a bugfix release with following changelog: - Security fix for CVE-2017-5985 (previously fixed in Ubuntu) - All templates have been updated to not set default passwords anymore, instead requiring lxc-attach be used to configure users. This may affect some automated environments that were relying on our default (very much insecure) users. - Make lxc-start-ephemeral Python 3.2-compatible - Fix typo - Allow build without sys/capability.h - lxc-opensuse: fix default value for release code - util: always malloc for setproctitle - util: update setproctitle comments - confile: clear lxc.network..ipv{4,6} when empty - lxc_setup_tios(): Ignore SIGTTOU and SIGTTIN signals - Make lxc-net return non-zero on failure - seccomp: allow x32 guests on amd64 hosts. - Add HAVE_LIBCAP - c/r: only supply --ext-mount-map for bind mounts - Added 'mkdir -p' functionality in create_or_remove_cgroup - Use LXC_ROOTFS_MOUNT in clonehostname hook - squeeze is not a supported release anymore, drop the key - start: dumb down SIGCHLD from WARN() to NOTICE() - log: fix lxc_unix_epoch_to_utc() - cgfsng: make trim() safer - seccomp: set SCMP_FLTATR_ATL_TSKIP if available - lxc-user-nic: re-order #includes - lxc-user-nic: improve + bugfix - lxc-user-nic: delete link on failure - conf: only try to delete veth when privileged - Fix lxc-containers to support multiple bridges - Fix mixed tab/spaces in previous patch - lxc-alpine: use dl-cdn.a.o as default mirror instead of random one - lxc-checkconfig: verify new[ug]idmap are setuid-root - [templates] archlinux: resolve conflicting files - [templates] archlinux: noneed default_timezone variable - python3: Deal with potential NULL char* - lxc-download.in / allow setting keyserver from env - lxc-download.in / Document keyserver change in help - Change variable check to match existing style - tree-wide: include directly - conf/ile: make sure buffer is large enough - tree-wide: include directly - tests: Support running on IPv6 networks - tests: Kill containers (don't wait for shutdown) - Fix opening wrong file in suggest_default_idmap - do not set the root password in the debian template - do not set insecure passwords - don't set a default password for altlinux, gentoo, openmandriva and pld - tools: exit with return code of lxc_execute() - Keep veth.pair.name on network shutdown - Makefile: fix static clang init.lxc build - Avoid waiting for bridge interface if disabled in sysconfig/lxc - Increased buffer length in print_stats() - avoid assigning to a variable which is not POSIX shell proof (bug #1498) - remove obsolete note about api stability - conf: less error prone pointer access - conf: lxc_map_ids() non-functional changes - caps: add lxc_{proc,file}_cap_is_set() - conf: check for {filecaps,setuid} on new{g,u}idmap - conf: improve log when mounting rootfs - ls: simplify the judgment condition whe