This bug was fixed in the package snapd - 2.76+ubuntu26.10.1
---------------
snapd (2.76+ubuntu26.10.1) stonking; urgency=medium
* New upstream release, LP: #2154498
- assertions: add helper for validating integrity data
- assertions: drop incorrect/non-standard Ed25519 support
- confdb: allow only API admin read access to confdb secrets
- confdb: block concurrent confdb accesses
- confdb: block concurrent snapctl accesses to configuration
database
- confdb: check for ephemeral data when missing save-view hook on
commit
- confdb: ignore not-found errors in confdb-schema refreshes
- confdb: support --wait-for timeouts when accessing confdb
- core-initrd: add group referenced in udev rules
- core-initrd: add libbpf dependency to initramfs
- core-initrd: add missing libbpf dependency in 24.04 packaging
- core-initrd: ensure audio is a system group
- core-initrd: fix /boot/uboot mount with u-boot env in dedicated
partition
- core-initrd: increase mount burst from 5 to 128 for faster boot
- core-initrd: sync partition udev rules with the ones in core-base
- core-initrd: sync with latest upload to snappy-dev PPA
- core-initrd: synchronize changelogs with latest PPA upload
- core-initrd: update changelog with latest PPA upload
- core-initrd: add nfnetlink module to fix nf netlink
socket speed regression (Ubuntu Core only)
- cross-distro: allow snapd to manipulate systemd unit files in
SELinux policy
- cross-distro: FIPS bootstrap and dispatch via snap-fips-dispatch
- desktop: fix common ID selection with multiple desktop plugs
- FDE: allow user mode on core in secboot TPM handling
- FDE: bump go-efilib dependency
- FDE: bump secboot to rev cdcb64992e54 for FDE fixes
- FDE: deprecate check-pin/passphrase API endpoints
- LP: #2147606 FDE: give inactive state on classic
- FDE: improve tracing for OP-TEE probing
- FDE: move auto-repair logic to overlord/fdestate and provide state
- FDE: update secboot for TPM/FDE bug fixes including Intel HAP and
recovery key parsing
- FDE: use any primary key matching digest when adding a keyslot
- FDE: use ignore action for preinstall check in VM
- interfaces: bluez | drop explicit deny send_destination in D-Bus
configuration
- interfaces: conditionally deny /proc/self/mountinfo to suppress Go
1.25+ denials
- interfaces: custom-device | fix for-device validation panic on
non-string value
- interfaces: disallow auto-connect to parallel installs
- interfaces: docker | make plug implicit on classic systems
- interfaces: ignore errors in disconnect hooks during explicit snap
disconnect
- interfaces: mediatek-accel | add plug interface base declaration
- interfaces: microceph-support | suppress noisy sudo denial audit
logs
- interfaces: podman | add new interface for podman socket access
- interfaces: pulseaudio | fix security tag syntax inconsistency
- interfaces: raw-usb | allow USB device enumeration on Fairphone 5
with NexDock
- interfaces: restore auto-connections on failed refresh undo
- LP: #2148544 interfaces: bool-file | support deep SoC sysfs paths
for LED brightness
- LP: #2139213 packaging: make Ubuntu 16.04 packaging dep17
compliant
- packaging: add cross-distro build script and instructions
- packaging: add openSUSE 16.0 spread support
- packaging: Debian build improvements
- packaging: default openSUSE to /var/lib/snapd/snap and sync from
downstream
- packaging: drop transitional packages only for Ubuntu 26.04
(Resolute)
- packaging: fix Launchpad FIPS build detection for snapd-fips job
- packaging: refactor and clean up snapd.mk, standardize test-data
directories
- packaging: switch to golang-github-chai2010-gettext-go-dev
- packaging: update bundled AppArmor 4.1.7 (snapd snap only)
- prompting: escape paths in prompt constraints
- prompting: improve API error handling and validation
- prompting: improve error message when no handler service is
present
- prompting: re-enable the prompting notice backend
- prompting: respond with full user-allowed permission set
- prompting: validate permissions while unmarshalling
- remote device management: implement dispatch-mgmt-messages task
with sequencing support
- LP: #2125344 snap: avoid empty channel forwarding message
- LP: #2150683 snap: clarify snap install help text for --classic
and --devmode
- LP: #2152908 snap: print complex attributes in snap interface
--attrs output
- snap: add run-inhibit hint and inhibit info when a snap is
disabled
- snap: allow removing a snap and its base at the same time
- snap: display detailed component information in snap info
- snap: extend AlreadyInstalledError to multiple snaps and
components
- snap: extend set-quota command options description with accepted
value formats
- snap: implement snap delta command for computing snap deltas
- snap: improve consistency for snap install when some snaps are
already installed
- snap: show hint in snap list that a snap has components
- snap-confine: allow inheriting unix sockets from snaps
- snap-confine: allow linking to libm in AppArmor profile
- snap-confine: fix out-of-bounds read in mountinfo parser for
partial escape sequences
- snap-confine: harden bpffs mount with nosuid, nodev, noexec flags
- snap-confine: remove experimental persistent per-user mount
namespace feature
- snap-confine: set FD_CLOEXEC on file descriptors returned by BPF
helpers
- snap-confine: support transparent_hugepage in AppArmor profile
- snap-confine: use strchr after NUL-terminating in infofile parser
- snap-update-ns: switch to a multi-pass process for constructing
and updating mount namespaces
- RemoveMountUnitFile now unmounts even if mount unit file is
missing
- Add explicit mount phase during single-reboot refresh to fix undo
of kernel refreshes
- Add security audit logging subsystem
- Add base prioritized AppArmmor snippets for strictly confined or
jailed snaps
- Allow openshell snap to use experimental daemon-scope: user
- Allow configuring mount unit options based on filesystem type
- Allow equals signs in uevent values in netlink parser
- Also bind-mount directories modified by kmod backend during
preseed
- Clean up potentially corrupted files during snap download undo
- Complete the bootloader environment implementation
- Copy integrity data files during snap install
- Create hook for seed refresh mode
- Create removal tasks for old seed-refresh seeds
- Dispatch systemctl commands asynchronously when calling Stop()
- Ensure /tmp/.X11-unix created inside mount namespace has correct
permissions
- Ensure exclusive changes conflict with refresh/revert
- Ensure existing snap confinement flags are not dropped when
installing or removing components
- Export ubuntu-boot-state filename constant from bootloader package
- Fix duplicate removal of apps under $SNAP_MOUNT_DIR/bin
- Fix integration between prerequisites task and seed-refresh mode
- Fix split-refresh overwriting provided lane
- Fix use of umask in GetListener for socket activation
- Ignore net.ErrClosed during daemon shutdown
- Implement ResolveValidationSetsEnforcementError in terms of one
call
- Improve snapctl install consistency when components are already
installed
- Inject seed creation tasks into snap refresh flow
- Introduce system options for custom certificates on Ubuntu Core
- Keep idle services with activation units stopped on reload
- List snap components in snap-debug-info via debug-tools
- Look at gadget.yaml instead of marker file to determine ubootpart
usage
- LP: #1966067 Skip redundant xdg-settings confirmation prompt when
setting is already correct
- LP: #2110368 Fix component installation for private snaps via
snapctl
- LP: #2110368 Fix download of private snap components by setting
UserID
- LP: #2144666 Fix mount namespace updates with synthetic bind
mounts on same target paths
- LP: #2146337 Improve handling of failed downloads and retain
partial files for resume
- LP: #2147207 Fix snap enable/disable cycle forgetting components
- Make run-inhibit hint for kill-snap-apps task based on kill reason
- Merge content-provider prerequisite updates into seed-refresh
- Move SortServices into Backend.StartServices
- Move state to client change conversion to ctlcmd package
- Omit misleading "try to refresh snapd" suggestion for ISA-related
errors
- Only create link-component tasks when needed during refresh to
existing revision
- Reconfigure piboot bootloader on gadget refreshes to preserve
os_prefix
- Reduce the number of AppArmor profile regenerations during snap
operations
- Refactor seed-refresh ownership to devicestate
- Regenerate certificate database on remodels
- Remove obsolete FIXME comment in VersionCompare
- Remove unused GenerateDmVerityData helper from snap/integrity
- Rename and document error type for ISA assumes flags
- Restart snapd from daemon.Stop to improve restart reliability
- Restart stopped services on error in stopSnapServices for
transactionality
- Simplify certificate-db updates on model-base refresh/installs
- Support racing Loop and Stop correctly in overlord
- Support sending file descriptors to systemd via sd_notify
- Unroll CPU-heavy recursive function in snap state handlers
- Update seccomp syscalls list for kernel 7.1.0
- Use change ID to prevent nested seed-refresh spawned by
prerequisites
- Validate content interface plug target directories exist for
core26+ snaps
- Validate layout paths exist in snap tree for snaps using bare or
core26+
-- Ernest Lotter <[email protected]> Thu, 28 May 2026
20:00:16 +0200
** Changed in: snapd (Ubuntu)
Status: Fix Committed => Fix Released
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2139213
Title:
[usrmerge] evaluate snapd for DEP17 compliance
To manage notifications about this bug go to:
https://bugs.launchpad.net/snapd/+bug/2139213/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
