lxc (2.0.6-0ubuntu1~ubuntu16.04.2) xenial; urgency=medium * Cherry-pick upstream bugfix: - 0003-tools-only-check-for-O_RDONLY.patch (LP: #1653725) -- Stéphane Graber Wed, 04 Jan 2017 19:52:32 -0500 lxc (2.0.6-0ubuntu1~ubuntu16.04.1) xenial; urgency=medium * New upstream bugfix release (2.0.6) (LP: #1647010): - Security fix for CVE-2016-8649 - utils: make detect_ramfs_rootfs() return bool - tests: add test for detect_ramfs_rootfs() - add Documentation entries to lxc and lxc@ units - mark the python examples as having utf-8 encoding - log: sanity check the returned value from snprintf() - lxc-alpine: mount /dev/shm as tmpfs - archlinux: Do DHCP on eth0 - archlinux: Fix resolving - Drop leftover references to lxc_strerror() - tests: fix image download for s390x - tools: fix coding style in lxc_attach - tools: make overlay valid backend - tools: better error reporting for lxc-start - alpine: Fix installing extra packages - lxc-alpine: do not drop setfcap - s390x: Fix seccomp handling of personalities - tools: correct the argument typo in lxc_copy - Use libtool for liblxc.so - c/r: use --external instead of --veth-pair - c/r: remember to increment netnr - c/r: add checkpoint/restore support for macvlan interfaces - ubuntu: Fix package upgrades requiring proc - c/r: drop duplicate hunk from macvlan case - c/r: use snprintf to compute device name - Tweak libtool handling to work with Android - tests: add lxc_error() and lxc_debug() - container start: clone newcgroup immediately - use python3_sitearch for including the python code - fix rpm build, include all built files, but only once - cgfs: fix invalid free() - find OpenSUSE's build also as obs-build - improve help text for --fancy and --fancy-format - improve wording of the help page for lxc-ls - cgfs: add print_cgfs_init_debuginfo() - cgfs: skip empty entries under /proc/self/cgroup - cgfs: explicitly check for NULL - tools: use correct exit code for lxc-stop - c/r: explicitly emit bind mounts as criu arguments - log: bump LXC_LOG_BUFFER_SIZE to 4096 - conf: merge network namespace move & rename on shutdown - c/r: save criu's stdout during dump too - c/r: remove extra ns from logs - c/r: fix off-by-one error - c/r: check state before doing a checkpoint/restore - start: CLONE_NEWCGROUP after we have setup cgroups - create symlink for /var/run - utils: add lxc_append_string() - cgroups: remove isolated cpus from cpuset.cpus - Update Ubuntu release name: add zesty and remove wily - templates: add squashfs support to lxc-ubuntu-cloud.in - cgroups: skip v2 hierarchy entry - also stop lxc-net in runlevels 0 and 6 - add lxc.egg-info to gitignore - install bash completion where pkg-config tells us to - conf: do not use %m format specifier - debian: Don't depend on libui-dialog-perl - cgroups: use %zu format specifier to print size_t - lxc-checkpoint: automatically detect if --external or --veth-pair - cgroups: prevent segfault in cgfsng - utils: add lxc_preserve_ns() - start: add netnsfd to lxc_handler - conf: use lxc_preserve_ns() - attach: use lxc_preserve_ns() - lxc_user_nic: use lxc_preserve_ns() - conf, start: improve log output - conf: explicitly remove veth device from host - conf, start: be smarter when deleting networks - start, utils: improve preserve_ns() - start, error: improve log + non-functional changes - start, namespace: move ns_info to namespace.{c,h} - attach, utils: bugfixes - attach: use ns_info[LXC_NS_MAX] struct - namespace: always attach to user namespace first - cgroup: improve isolcpus handling - cgroups: handle non-existent isolcpus file - utils: add lxc_safe_uint() - tests: add unit tests for lxc_safe_uint() - utils: add lxc_safe_int() - tests: add unit tests for lxc_safe_int() - conf/ile: get ip prefix via lxc_safe_uint() - confile: use lxc_safe_u/int in config_init_{u,g}id - conf/ile: use lxc_safe_uint() in config_pts() - conf/ile: use lxc_safe_u/int() in config_start() - conf/ile: use lxc_safe_uint() in config_monitor() - conf/ile: use lxc_safe_uint() in config_tty() - conf/ile: use lxc_safe_uint() in config_kmsg() - conf/ile: avoid atoi in config_lsm_aa_incomplete() - conf/ile: use lxc_safe_uint() in config_autodev() - conf/ile: avoid atoi() in config_ephemeral() - utils: use lxc_safe_int() - lxc_monitord: use lxc_safe_int() && use exit() - start: use lxc_safe_int() - conf: use lxc_safe_{u}int() - tools/lxc_execute: use lxc_safe_uint() - tools/lxc_stop: use lxc_safe_uint() - utils: add lxc_safe_long() - tests: add unit tests for lxc_safe_long() - tools/lxc_stop: use lxc_safe_long() - tools/lxc_top: use lxc_safe_int() - tools/lxc_ls: use lxc_safe_uint() - tools/lxc_autostart: use lxc_safe_{int,long}() - tools/lxc_console: use lxc_safe_uint() - tools: replace non-standard namespace identifiers - Configure a static MAC address on the LXC bridge - tests: remove overflow tests - attach: do not send procfd to attached process * Remaining patches: - 0001-Allocate-new-lxcbr0-subnet-at-startup-time.patch * Cherry-pick bugfix from upstream: - tests: Don't cause test failures on-cleanup errors * Autopkgtest: - Re-enable lxc-test-ubuntu on yakkety/zesty (template was fixed). - Workaround autopkgtest failures when using gpg2 with dirmngr. - Restrict tests to run on standalone systems. -- Stéphane Graber Fri, 02 Dec 2016 23:15:21 -0500 lxc (2.0.5-0ubuntu1~ubuntu16.04.2) xenial; urgency=medium * Cherry-pick bugfix from upstream: - s390x: Fix seccomp handling of personalities (LP: #1635639) -- Stéphane Graber Fri, 21 Oct 2016 12:39:18 -0400 lxc (2.0.5-0ubuntu1~ubuntu16.04.1) xenial; urgency=medium * New upstream bugfix release (2.0.5) (LP: #1632144) - Fix .gitignore after /tools/ split - Add lxc-test-utils to .gitignore - bdev: use correct overlay module name - cleanup: tools: remove --name from lxc-top usage message - cleanup: whitespaces in option alignment for lxc-execute - Use full GPG fingerprint instead of long IDs. - tools: move --rcfile to the common options list - tools: set configfile after load_config - doc: add --rcfile to common opts - doc: Update Korean lxc-attach(1) - doc: Add --rcfile to Korean common opts - doc: Add --rcfile to Japanese common opts - tools: use exit(EXIT_*) everywhere - tools: unify exit() calls outside of main() - utils: Add mips signalfd syscall numbers - seccomp: Implement MIPS seccomp handling - seccomp: Add mips and mips64 entries to lxc_config_parse_arch - seccomp: fix strerror() - confile: add more archs to lxc_config_parse_arch() - seccomp: add support for s390x - seccomp: remove double include and order includes - seccomp: non functional changes - templates: use fd 9 instead of 200 - templates: fedora requires openssl binary - tools: use boolean for ret in lxc_device.c - c/r: use /proc/self/tid/children instead of pidfile - c/r: Fix pid_t on some arches - templates: Add mips hostarch detection to debian - cleanup: replace tabs wth spaces in usage strings - remove extra 'ret' - c/r: write status only after trying to parse the pid - set FULL_PATH_NAMES=NO in doc/api/Doxyfile - templates: rm halt.target -> sigpwr.target symlink - templates: remove creation of bogus directory - console: use correct log name - configure: add --disable-werror - tests: fix get_item tests - templates: use correct cron version in alpine template - c/r: zero a smaller than known migrate_opts struct - lxczfs: small fixes - c/r: free valid_opts if necessary - make rsync deal with sparse files efficiently - lxc-create -t debian fails on ppc64el arch - c/r: fix typo in comment - cgroup: add new functions for interacting with hierachies - utils: add lxc_deslashify - c/r: pass --cgroup-roots on checkpoint - cgroup: get rid of weird hack in cgfsng_escape - cgroup: drop cgroup_canonical_path - c/r: check that cgroup_num_hierarchies > 0 - tools: do not add trailing spaces on lxc-ls -1 - conf: retrieve mtu from netdev->link - conf: try to retrieve mtu from veth - c/r: detatch from controlling tty on restore - Fix null derefence if attach is called without access to any tty - utils: fix lxc_string_split() - tools: lxc_deslashify() handle special cases - tests: add unit tests for lxc_deslashify() - Fix for ALTLinux container creation in all branches - utils: lxc_deslashify() free memory - Fix spelling of CentOS in the templates - Define LXC_DEVEL to detect development releases - tools: lxc-checkconfig conditionalize devpts check * Drop all cherry-pick patches, now upstream. * Update to newer standards. Drop un-needed debian/control field. * Address all lintian messages. * Sync packaging with Yakkety's. -- Stéphane Graber Mon, 10 Oct 2016 19:11:02 -0400 lxc (2.0.4-0ubuntu1~ubuntu16.04.2) xenial; urgency=medium * Cherry-pick from upstream (fixes checkpoint/restore regression): - 0003-c-r-use-proc-self-tid-children-instead-of-pidfile.patch - 0004-c-r-Fix-pid_t-on-some-arches.patch -- Stéphane Graber Fri, 26 Aug 2016 16:31:18 -0400 lxc (2.0.4-0ubuntu1~ubuntu16.04.1) xenial; urgency=medium * New upstream bugfix release (2.0.4) (LP: #1615099): - core: Add a prefix to the lxc.pc - core: Add flag in mount_entry to skip NODEV in case of a persistent dev entry - core: Add missing cgroup namespace to ns_info struct - core: attach: setns instead of unshare in lxc-attach - core: bdev: Add subdirectories to search path - core: bdev: Be smarter about btrfs subvolume detection - core: cgfsng: Don't pre-calculate path - core: cgfsng: Fix is_lxcfs() and is_cgroupfs() - core: cgroups: Move cgroup files to common subfolder - core: conf: Set pty_info to NULL after free - core: Detect if we should send SIGRTMIN+3 - core: Replace readdir_r() with readdir() - core: Set up MTU for vlan-type interfaces. - core: tools, tests: Reorganize repo - c/r: Add support for CRIU's --action-script - c/r: Add support for ghost-limit in CRIU - c/r: Drop in-flight connections during CRIU dump - c/r: Initialize migrate_opts properly - c/r: Make local function static - c/r: Replace tmpnam() with mkstemp() - c/r: Store criu version - c/r: Use PRIu64 format specifier - doc: Fix typo found by lintian - doc: Update Japanese lxc-attach(1) - doc: Update lxc-attach(1) - lxc-attach: Add -f option (rcfile) - lxc-attach: Cleanup whitespaces - lxc-create: Add missing newline in output - lxc-ls: Use correct runtime path - templates: alpine: Add support for new arch - templates: alpine: Mount tmpfs under /run - templates: debian: Add more quotes to variables (at least $rootfs should now be covered) - templates: debian: Avoid noisy perl warnings caused by missing locales - templates: debian: fix regression when creating wheezy containers - templates: debian: Make shellcheck (Ubuntu: 0.3.7-5 amd64) most possible happy - tests: Add unit tests for lxc_string_in_array() - tests: Add unit tests for lxc_string_replace() * Cherry-pick from upstream (for 4.6 kernel): - 0002-bdev-use-correct-overlay-module-name * Sync packaging with yakkety: - Tweak debian/tests/exercise to skip lxc-test-ubuntu on yakkety - Build-depend on libgnutls28-dev rather than libgnutls-dev -- Stéphane Graber Fri, 19 Aug 2016 15:32:14 -0400 lxc (2.0.3-0ubuntu1~ubuntu16.04.1) xenial; urgency=medium * New upstream bugfix release (2.0.3) (LP: #1597523): - apparmor: Refresh generated file * New upstream bugfix release (2.0.2): - apparmor: add make-rslave to usr.bin.lxc-start - apparmor: Allow bind-mounts - apparmor: Allow mount move - apparmor: Update mount states handling - core: Drop lxc-devsetup as unneeded by current autodev - core: Fix redefinition of struct in6_addr - core: Include all lxcmntent.h function declarations on Bionic - c/r: c/r: use criu's "full" mode for cgroups - systemd: start containers in foreground when using the lxc@.service - templates: debian: Make sure init is installed - templates: oracle: Fix console login - templates: plamo: Fix various issues - templates: ubuntu: Install apt-transport-https by default - travis: ensure 'make install' doesn't fail - travis: test VPATH builds - upstart: Force lxc-instance to behave like a good Upstart client * Tighten versioned dependencies between the various binary packages. * Drop lxc-devsetup as it was removed upstream (unneeded with LXC 2.0). -- Stéphane Graber Wed, 29 Jun 2016 17:31:18 -0400 lxc (2.0.1-0ubuntu1~ubuntu16.04.1) xenial; urgency=medium * New upstream bugfix release (2.0.1) (LP: #1582887) - apparmor: Also allow fstype=fuse for fuse filesystems - attach: adapt lxc-attach tests & add test for pty logging - attach: don't fail attach on failure to setup a SIGWINCH handler. - attach: fix a variety of lxc-attach pts handling issues - attach: switch console pty to raw mode (fixes ncurses-based programs) - attach: use raw settings of ssh for pty - bindings: fixed python-lxc reference to var before assignment in create() - bindings: set PyErr when Container.init fails - cgfsng: defer to cgfs if needed subsystems are not available - cgfsng: don't require that systemd subsystem be mounted - core: Added missing type to keys in lxc_list_nicconfigs - core: Allow configuration file values to be quoted - core: log: remove duplicate definitons and bump buffer size - core: sync: properly fail on unexpected message sizes - core: Unshare netns after setting the userns mappings (fixes ownership of /proc/net) - core: various fixes as reported by static analysis - c/r: add an option to use faster inotify support in CRIU - c/r: rearrange things to pass struct migrate_opts all the way down - doc: ignore temporary files generated by doxygen - doc: tweak manpage generation date to be compatible with reproducible builds - doc: update MAINTAINERS - doc: update to translated manpages - init: add missing lsb headers to sysvinit scripts - init: don't make sysv init scripts dependant on distribution specifics - init: drop obsolete syslog.target from lxc.service.in - lxc-attach: add logging option to manpage - lxc-checkconfig: better render when stdout isn't a terminal - lxc-create: fix -B best option - lxc-destroy: avoid double print - lxc-ls: use fewer syscalls when doing ipc - templates: Add apt-transport-https to minbase variant of Ubuntu template - templates: fix a typo in the capabilities name for Gentoo (sys_resource) - templates: logic fix in the Centos template for RHEL7+ support - templates: tweak Alpine DHCP configuration to send its hostname - templates: tweak to network configuration of the Oracle template -- Stéphane Graber Tue, 17 May 2016 17:19:58 -0400 lxc (2.0.0-0ubuntu2) xenial; urgency=medium * Add a distro-info test dependency as it's needed to get information about new Ubuntu releases. (LP: #1572188) This is needed to fix the current autopkgtest failures. -- Stéphane Graber Tue, 19 Apr 2016 16:06:32 +0100 lxc (2.0.0-0ubuntu1) xenial; urgency=medium * New upstream release (2.0.0 final) - Upstream announcement: https://linuxcontainers.org/lxc/news - Change from last rc: + Allow bypassing bdev auto detection by setting lxc.rootfs.backend This fixes a longstanding performance issue caused by LXC having to run through all its backends and forking sub-processes to perform the detection. * Make new lintian happy: - Bump to 3.9.7 standards - Update git URL to https - Override systemd Documentation field warning (upstream units) -- Stéphane Graber Wed, 06 Apr 2016 14:42:39 -0400 # For older changelog entries, run 'apt-get changelog liblxc1'