Ubuntu
lxc package

Change logs for lxc source package in Vivid

  1. Vivid (15.04)
  2. Change log 
  • lxc (1.1.5-0ubuntu0.15.04.4) vivid-security; urgency=medium

  * SECURITY UPDATE: Escape through ptrace and inherited fd (LP: #1639345)
    - attach: Do not send procfd to attached process
    - CVE-2016-8649

 -- Stéphane Graber <email address hidden>  Tue, 22 Nov 2016 00:49:00 -0500
  • lxc (1.1.5-0ubuntu0.15.04.3) vivid-proposed; urgency=medium

  * Cherry-pick from upstream:
    - Fix preserve_ns to work on < 3.8 kernels. (LP: #1516971)
    - Fix process title rewrite to not mangle the environment. (LP: #1517107)

lxc (1.1.5-0ubuntu0.15.04.2) vivid-proposed; urgency=medium

  * Cherry-pick from upstream:
    - Fix ubuntu-cloud template to detect compression algorithm instead
      of hardcoding xz. Also update list of supported releases and use trusty
      as the fallback release. (LP: #1515463)
  * Update lxc-tests description to make it clear that this package is
    meant to be used by developers and by automated testing.

lxc (1.1.5-0ubuntu0.15.04.1) vivid-proposed; urgency=medium

  * New upstream bugfix release (MRE) (1.1.5)
    (LP: #1497420, LP: #1436723, LP: #1441068, LP: #1504496,
     LP: #1466458, LP: #1510619)
  * Drop proxy detection from the autopkgtest exercise script.

 -- Stéphane Graber <email address hidden>  Wed, 18 Nov 2015 13:41:23 -0500
  • lxc (1.1.5-0ubuntu0.15.04.2) vivid-proposed; urgency=medium

  * Cherry-pick from upstream:
    - Fix ubuntu-cloud template to detect compression algorithm instead
      of hardcoding xz. Also update list of supported releases and use trusty
      as the fallback release. (LP: #1515463)
  * Update lxc-tests description to make it clear that this package is
    meant to be used by developers and by automated testing.

lxc (1.1.5-0ubuntu0.15.04.1) vivid-proposed; urgency=medium

  * New upstream bugfix release (MRE) (1.1.5)
    (LP: #1497420, LP: #1436723, LP: #1441068, LP: #1504496,
     LP: #1466458, LP: #1510619)
  * Drop proxy detection from the autopkgtest exercise script.

 -- Stéphane Graber <email address hidden>  Fri, 13 Nov 2015 12:48:23 -0500
  • lxc (1.1.4-0ubuntu0.1) vivid; urgency=medium

  * New upstream bugfix release. (MRE tracking bug: LP: #1503330)
    - Changelog at: https://linuxcontainers.org/lxc/news/
  * Updated packaging to match wily's as much as possible
    - Add README
    - Drop lxc-restore-net internal script (no longer used as of 1.1.3)
    - Don't restart the main LXC unit on restart
    - Update comment in preinst script
    - Fix autopkgtest on armhf/ppc64el
    - Add GPG signature to watch file
    - Add lintian override

 -- Stéphane Graber <email address hidden>  Tue, 06 Oct 2015 16:16:18 +0100
  • lxc (1.1.2-0ubuntu3.2) vivid-security; urgency=medium

  * SECURITY UPDATE: Arbitrary host file access and AppArmor
    confinement breakout via lxc-start following symlinks while
    setting up mounts within a malicious container (LP: #1476662).
    - debian/patches/0010-CVE-2015-1335.patch: block mounts to paths
      containing symlinks and block bind mounts from relative paths
      containing symlinks. Patch from upstream.
    - CVE-2015-1335

 -- Steve Beattie <email address hidden>  Tue, 22 Sep 2015 16:04:18 -0700
  • lxc (1.1.2-0ubuntu3.1) vivid-security; urgency=medium

  * SECURITY UPDATE: Arbitrary file creation via unintentional symlink
    following when accessing an LXC lock file (LP: #1470842)
    - debian/patches/0008-CVE-2015-1331.patch: Use /run/lxc/lock, rather than
      /run/lock/lxc, as /run and /run/lxc is only writable by root. Based on
      patch from upstream.
    - CVE-2015-1131
  * SECURITY UPDATE: Container AppArmor/SELinux confinement breakout via
    lxc-attach using a potentially malicious container proc filesystem to
    initialize confinement (LP: #1475050)
    - debian/patches/0009-CVE-2015-1334.patch: Use the host's proc filesystem
      to set up AppArmor profile and SELinux domain transitions during
      lxc-attach. Based on patch from upstream.
    - CVE-2015-1334

 -- Tyler Hicks <email address hidden>  Fri, 17 Jul 2015 10:57:31 -0500
  • lxc (1.1.2-0ubuntu3) vivid; urgency=medium

  * Cherry-pick a bunch of bugfixes:
    - 81216170c1c2555498573e9fe200e20d3b433b14 fix integer overflow in setproctitle
    - e310e136b9de89c9f8596c004afa217f308aea3d c/r: no double fclose() of mnts
    - 216113e77331881d3c45bd4e141a4f458c9a4565 fix NULL dereference
    - 53caaac80f6850287251cc5e3a02479fb4a27087 fix dead code
    - 8721f7f43185208e0c1802ff2bc03108fd3e3204 lxc-fedora: manage secondary architectures
    - 3149bd4c0e81973b3db2e1230bd1784dc222a4ed don't compare unsigned values as negative ones
    - 17f48b9679b2bb6d4e5d156fa59e6399f82277d9 Revert (by hand) "logs: introduce a thread-local 'current' lxc_config"

  Those combined will make LXD pass its testsutie (fixing threading bugs).
 -- Stephane Graber <email address hidden>   Tue, 14 Apr 2015 18:39:15 -0500
  • lxc (1.1.2-0ubuntu2) vivid; urgency=medium

  * Cherry-pick a fix from upstream to resolve invalid command message
    on container stop.
 -- Stephane Graber <email address hidden>   Mon, 13 Apr 2015 17:02:41 -0500
  • lxc (1.1.2-0ubuntu1) vivid; urgency=medium

  * New upstream bugfix release (1.1.2)
    - Drop all patches (all upstream now)
    - Fix checkpoint/restore of vivid containers
    - Fix unprivileged containers under systemd
    - Fix a few race conditions and hangs
    - Update manpages
 -- Stephane Graber <email address hidden>   Fri, 10 Apr 2015 15:24:50 -0400
  • lxc (1.1.1-0ubuntu4) vivid; urgency=medium

  * Cherry-pick fix for lxc-test-apparmor:
    - fad5004627bebe251228450a8a086500d803b9e4
 -- Stephane Graber <email address hidden>   Mon, 06 Apr 2015 12:32:31 -0400
  • lxc (1.1.1-0ubuntu3) vivid; urgency=medium

  * Add lxcfs as a test dependency of lxc.
  * Reload apparmor at configure time if the profile helper script isn't
    around and apparmor appears to be installed (ignore errors).
 -- Stephane Graber <email address hidden>   Mon, 30 Mar 2015 12:49:37 -0400
  • lxc (1.1.1-0ubuntu2) vivid; urgency=medium

  * Cherry-pick fix for attach when stdin isn't a tty:
    - d3b6301135280d21d0c1c7d427e1c587b3177b69
 -- Stephane Graber <email address hidden>   Tue, 17 Mar 2015 15:51:09 -0400
  • lxc (1.1.1-0ubuntu1) vivid; urgency=medium

  * New upstream bugfix release (1.1.1)
 -- Stephane Graber <email address hidden>   Mon, 16 Mar 2015 17:09:54 -0400
  • lxc (1.1.0-0ubuntu1) vivid; urgency=medium

  * New upstream release (1.1.0)
 -- Stephane Graber <email address hidden>   Fri, 30 Jan 2015 14:17:14 +0100
  • lxc (1.1.0~rc4-0ubuntu1) vivid; urgency=medium

  * New upstream release (1.1.0~rc4)
 -- Stephane Graber <email address hidden>   Fri, 30 Jan 2015 00:04:05 +0100
  • lxc (1.1.0~rc3-0ubuntu1) vivid; urgency=medium

  * New upstream release (1.1.0~rc3)
 -- Stephane Graber <email address hidden>   Wed, 28 Jan 2015 23:35:01 +0100
  • lxc (1.1.0~rc2-0ubuntu1) vivid; urgency=medium

  * New upstream release (1.1.0~rc2)
 -- Stephane Graber <email address hidden>   Sun, 25 Jan 2015 15:55:35 -0500
  • lxc (1.1.0~rc1-0ubuntu1) vivid; urgency=medium

  * New upstream release (1.1.0~rc1)
  * Add lxcfs to lxc-templates recommends. (MIR: #1413405)
  * Build the lua-lxc binding. (MIR: #1413402)
 -- Stephane Graber <email address hidden>   Wed, 21 Jan 2015 17:34:45 -0500
  • lxc (1.1.0~alpha3-0ubuntu1) vivid; urgency=medium

  * New upstream release (1.1.0~alpha3)
    - Drop all patches, they are now all upstream.
 -- Stephane Graber <email address hidden>   Wed, 03 Dec 2014 15:31:34 -0500
  • lxc (1.1.0~alpha2-0ubuntu7) vivid; urgency=medium

  * Cherrypick 0010-apparmor-check-for-mount-feature-at-a-better-time.patch
    from upstream to fix startup failure with certain setups (LP: #1386840)
 -- Serge Hallyn <email address hidden>   Tue, 11 Nov 2014 14:54:44 -0600
  • lxc (1.1.0~alpha2-0ubuntu6) vivid; urgency=medium

  * 0009-attach-dont-ignore-sigint-sigkill-if-stdin-is-redirected: cherrypick
    an upstream patch needed to keep lxd from being exited with ctrl-c after
    a lxc shell.
 -- Serge Hallyn <email address hidden>   Fri, 07 Nov 2014 15:58:58 +0100
  • lxc (1.1.0~alpha2-0ubuntu5) vivid; urgency=medium

  * cherrypick 0008-cgmanager-fix-attach-with-all-controller from upstream to
    fix regression in attaching to containers.
 -- Serge Hallyn <email address hidden>   Mon, 03 Nov 2014 17:22:53 +0100
  • lxc (1.1.0~alpha2-0ubuntu4) vivid; urgency=medium

  * install lxc-restore-net to /usr/share so that it doesn't get overmounted by
    the rootfs in preparation for restore.  (LP: #1384751)
 -- Tycho Andersen <email address hidden>   Mon, 27 Oct 2014 19:36:21 -0500
  • lxc (1.1.0~alpha2-0ubuntu3) utopic; urgency=medium

  * fix usernic and apparmor-mounts tests to not clear out the host's
    /etc/lxc/lxc-usernet
  * fix unprivileged containers when user's cgroup paths are not all
    equivalent, and add a testcase for that.
  * fix broken behavior when configuration has 'lxc.mount.auto ='
    (LP: #1379030)
 -- Serge Hallyn <email address hidden>   Thu, 09 Oct 2014 12:25:16 -0500