Change log for ubuntu-core-launcher package in Ubuntu

ubuntu-core-launcher (1.0.30ubuntu1) yakkety; urgency=medium

  * Fix the Breaks/Replaces, to stop this wreaking havoc on autopkgtest
    testbed upgrades.

 -- Martin Pitt <email address hidden>  Wed, 22 Jun 2016 23:35:33 +0200

Available diffs

• diff from 1.0.30 to 1.0.30ubuntu1 (595 bytes)

ubuntu-core-launcher (1.0.30) yakkety; urgency=medium

  [ Zygmunt Krynicki ]
  * Rename the package and everything else from ubuntu-core-launcher to
    snap-confine
  * Allow for graceful migrations from ubuntu-core-launcher to snap-confine by
    providing both commands as binary packages, with proper dependencies and
    post-installation scripts that manage apparmor profile changes.
  * Discard the useless duplicate argument. Now snap-confine is invoked with
    'snap-name $SECURITY_TAG $COMMAND...'. Previously, security tag was
    duplicated. In the future this will change once again, so that security
    tag is derived from an argument containing $SNAP_NAME and $APP_NAME.
  * Clean up tests so that shellcheck reports no more errors or warnings
  * Ensure that shellcheck reports no errors on each build
  * Add #DEBHELPER# to maintainer scripts (thanks to lintian)
  * Switch to autotools, build-depend on pkg-config, autotools-dev, autoconf
    and automake (thanks to ogra for the missing bits).
  * Use "dh $@ --with autoreconf" to prepare the build system.
  * Change unreleased version back to 1.0.x after discussion with Michael Vogt.
  * Don't mark ubuntu-core-launcher as transitional (it isn't yet).
  * Move rm_conffile to ubuntu-core-launcher.maintscript, remove the now-empty
    postrm and preinst scripts.
  * Enable hardening options for snap-confine
  * Build-depend on udev, use udevlibdir instead of hardcoding /lib/udev
  * Rename executable to snap-confine, to fit the new execution model.
  * Update Vcs-Git pointer to point to
    https://github.com/snapcore/snap-confine
  * Make ubuntu-core-launcher a symlink to snap-confine
  * Bump version to 1.0.30
  * SRU for Ubuntu (LP: #1593396)

  [ Steve Langasek ]
  * Update Standards-Version.
  * Add lintian override for suid binary.

  [ Jamie Strandboge ]
  * debian/usr.bin.snap-confine: allow access to ecryptfs lower files
    (LP: #1574556, LP: #1592696)
  * chdir() to '/' before setting up private /tmp so private /tmp works when
    user is in /tmp (LP: #1592402)

 -- Michael Vogt <email address hidden>  Fri, 17 Jun 2016 09:03:32 +0200

Available diffs

• diff from 1.0.29+2 (in Debian) to 1.0.30 (138.0 KiB)

ubuntu-core-launcher (1.0.29+1ubuntu1) yakkety; urgency=medium

  * debian/usr.bin.ubuntu-core-launcher: add a couple more workaround rules
    for ecryptfs (LP: #1592696)

 -- Jamie Strandboge <email address hidden>  Thu, 16 Jun 2016 09:02:53 +0300

Available diffs

• diff from 1.0.29+1 (in Debian) to 1.0.29+1ubuntu1 (832 bytes)
• diff from 1.0.29+2 (in Debian) to 1.0.29+1ubuntu1 (26.2 KiB)

ubuntu-core-launcher (1.0.29+2) unstable; urgency=medium

  [ Zygmunt Krynicki ]
  * Rename the package and everything else from ubuntu-core-launcher to
    snap-run
  * Allow for graceful migrations from ubuntu-core-launcher to snap-run by
    providing both commands as binary packages, with proper dependencies and
    post-installation scripts that manage apparmor profile changes.
  * Discard the useless duplicate argument. Now snap-run is invoked with
    'snap-name $SECURITY_TAG $COMMAND...'. Previously, security tag was
    duplicated. In the future this will change once again, so that security
    tag is derived from an argument containing $SNAP_NAME and $APP_NAME. 
  * Clean up tests so that shellcheck reports no more errors or warnings
  * Ensure that shellcheck reports no errors on each build
  * Add #DEBHELPER# to maintainer scripts (thanks to lintian)
  * Switch to autotools, build-depend on pkg-config, autotools-dev, autoconf
    and automake (thanks to ogra for the missing bits).
  * Use "dh $@ --with autoreconf" to prepare the build system.
  * Rename executable to snap-confine, to fit the new execution model.

  [ Steve Langasek ]
  * Update Standards-Version.
  * Add lintian override for suid binary.

  [ Zygmunt Krynicki ]
  * Change unreleased version back to 1.0.x after discussion with Michael Vogt.
  * Don't mark ubuntu-core-launcher as transitional (it isn't yet).
  * Move rm_conffile to ubuntu-core-launcher.maintscript, remove the now-empty
    postrm and preinst scripts.
  * Enable hardening options for snap-confine
  * Build-depend on udev, use udevlibdir instead of hardcoding /lib/udev

  [ Steve Langasek ]
  * Don't call --enable-rootfs-is-core-snap on Debian.
  * Build with --disable-confinement for Debian, since Debian apparmor
    support doesn't meet snap requirements.
  * Revert package rename temporarily, to avoid a NEW roundtrip in Debian.
  * Don't ignore errors from maintainer script.

 -- Steve Langasek <email address hidden>  Mon, 13 Jun 2016 22:11:07 +0000

Available diffs

• diff from 1.0.29+1 to 1.0.29+2 (26.1 KiB)

ubuntu-core-launcher (1.0.29+1) unstable; urgency=medium

  * Initial Debian upload.
  * Update Standards-Version.
  * Adjust package description; this is not just for running apps on Ubuntu
    systems.
  * Add several lintian overrides.
  * Include dpkg-buildflags CPPFLAGS, not just CFLAGS, to get libc fortify
    support.
  * Update Vcs-Bzr for this source's branch.

 -- Steve Langasek <email address hidden>  Sun, 22 May 2016 06:15:24 +0000

Available diffs

• diff from 1.0.29 (in Ubuntu) to 1.0.29+1 (1.1 KiB)

ubuntu-core-launcher (1.0.29) yakkety; urgency=medium

  * debian/usr.bin.ubuntu-core-launcher: add workaround rules for ecryptfs
    until the upcoming kernel fix lands everywhere (LP: #1574556)

 -- Jamie Strandboge <email address hidden>  Tue, 10 May 2016 12:10:35 -0500

Available diffs

• diff from 1.0.28 to 1.0.29 (699 bytes)

ubuntu-core-launcher (1.0.28) yakkety; urgency=medium

  * SECURITY UPDATE: delayed attack snap data theft and privilege escalation
    when using Snappy on traditional Ubuntu (classic) systems (LP: #1576699)
    - src/main.c: remove glob code and hardcode /snap/ubuntu-core/current
      instead. The glob code both used an improper glob and performed an
      incorrect check due to a typo which allowed a snap named ubuntu-core-...
      to be bind mounted into application runtimes instead of the ubuntu-core
      OS snap. Ubuntu Core removed .<origin> and .sideload from the SNAP path
      so the glob can simply be dropped.
    - CVE-2016-1580
  * debian/usr.bin.ubuntu-core-launcher:
    - only allow mounting /snap/ubuntu-core/*/... to safeguard against this in
      the future
    - add lib32 and libx32 to match setup_snappy_os_mounts()

 -- Jamie Strandboge <email address hidden>  Fri, 29 Apr 2016 11:17:42 -0500

Available diffs

• diff from 1.0.27 to 1.0.28 (1.4 KiB)

ubuntu-core-launcher (1.0.27.1) xenial-security; urgency=medium

  * SECURITY UPDATE: delayed attack snap data theft and privilege escalation
    when using Snappy on traditional Ubuntu (classic) systems (LP: #1576699)
    - src/main.c: remove glob code and hardcode /snap/ubuntu-core/current
      instead. The glob code both used an improper glob and performed an
      incorrect check due to a typo which allowed a snap named ubuntu-core-...
      to be bind mounted into application runtimes instead of the ubuntu-core
      OS snap. Ubuntu Core removed .<origin> and .sideload from the SNAP path
      so the glob can simply be dropped.
    - CVE-2016-1580
  * debian/usr.bin.ubuntu-core-launcher:
    - only allow mounting /snap/ubuntu-core/*/... to safeguard against this in
      the future
    - add lib32 and libx32 to match setup_snappy_os_mounts()

 -- Jamie Strandboge <email address hidden>  Fri, 29 Apr 2016 10:06:19 -0500

Available diffs

• diff from 1.0.27 (in Ubuntu) to 1.0.27.1 (1.4 KiB)

ubuntu-core-launcher (1.0.27) xenial; urgency=medium

  * src/main.c:
    - don't prepend snap. or snap_ since snapd is doing that for us now
      (LP: #1571048)
    - make whitelist_re strictly follow the 16.04 specification and adjust
      testsuite accordingly
  * debian/usr.bin.ubuntu-core-launcher: add locale and gconv reads for tr

Available diffs

• diff from 1.0.25.1 to 1.0.27 (2.4 KiB)

ubuntu-core-launcher (1.0.25.1) xenial; urgency=medium

  * check for both src and dst mount points when doing the
    ubuntu-core overlay mounts (LP: #1570712)

 -- Michael Vogt <email address hidden>  Fri, 15 Apr 2016 08:43:03 +0200

Available diffs

• diff from 1.0.25 to 1.0.25.1 (751 bytes)

ubuntu-core-launcher (1.0.25) xenial; urgency=medium

  * update cgroup handling for 16.04 (LP: #1564401):
    - debian/usr.bin.ubuntu-core-launcher:
      + allow creating cgroups with snap.*
      + allow ixr of 'tr'
      + remove access to /var/lib/apparmor/clicks/
    - update README to more fully explain the cgroups implementation
    - src/80-snappy-assign.rules: append an app-specific tag instead of
      adding a generic tag and snap-specific property
    - src/snappy-app-dev: convert the new tag to the directory name
    - src/main.c:
      + refactor and simplify control flow to query udev for device assignment
        instead of searching apparmor policy for a specific string
      + adjust udev query for app-specific tag
      + raise real_uid after fork() before calling /lib/udev/snappy-app-dev
        so non-root app launches work with the device cgroup

Available diffs

• diff from 1.0.23 to 1.0.25 (6.3 KiB)

ubuntu-core-launcher (1.0.24) xenial; urgency=medium

  [ Michael Vogt ]
  * ignore non-existing dirs when doing the overlay mount
  * add /lib32, /libx32 to the overlay mounts

  [ Jamie Strandboge ]
  * add back the use of /usr from the ubuntu-core snap instead of the host
    system (LP: #1570581)
  * implement @complain as a synonym for @unrestricted since snappy will use
    @complain to toggle developer mode. This allows snaps to work in developer
    mode while seccomp logging is being developed (LP: #1570578)

 -- Jamie Strandboge <email address hidden>  Thu, 14 Apr 2016 15:51:20 -0500

Available diffs

• diff from 1.0.23 to 1.0.24 (2.0 KiB)

ubuntu-core-launcher (1.0.23) xenial; urgency=medium

  [ Jamie Strandboge ]
  * update README for devpts
  * add README.syscalls
  * src/seccomp.c: various cleanups from security team audit (also add
    additional tests)
  * don't support obsoleted SNAP_APP_TMPDIR and SNAP_APP_USER_DATA_PATH
  * preprocess the seccomp file for '@' directives

  [ Michael Vogt ]
  * update paths /snaps -> /snap
  * update seccomp dir to /var/lib/snapd/seccomp/profiles/

 -- Michael Vogt <email address hidden>  Tue, 12 Apr 2016 01:10:11 +0200

Available diffs

• diff from 1.0.22 to 1.0.23 (9.0 KiB)

ubuntu-core-launcher (1.0.22) xenial; urgency=medium

  * debian/usr.bin.ubuntu-core-launcher: update unconfined change_profile
    checks to actually work (LP: #1562989)

Available diffs

• diff from 1.0.20 to 1.0.22 (10.9 KiB)

ubuntu-core-launcher (1.0.20) xenial; urgency=medium

  * don't set NO_NEW_PRIVS. This requires changing privilege dropping since
    CAP_SYS_ADMIN is needed with seccomp_load(). This means temporarily
    dropping until seccomp_load(), then raising before and permanently
    dropping after the filter is applied. As a result, setuid/setgid is
    required in all policy (but is still mediated by AppArmor)
    - LP: #1560211

 -- Jamie Strandboge <email address hidden>  Mon, 21 Mar 2016 15:24:33 -0500

Available diffs

• diff from 1.0.19 to 1.0.20 (2.1 KiB)

ubuntu-core-launcher (1.0.19) xenial; urgency=medium

  [Michael Vogt]
  * remove obsolete prefix check

  [ Jamie Strandboge ]
  * src/main.c: don't set the obsoleted SNAPP_APP_TMPDIR (LP: #1550405)

 -- Michael Vogt <email address hidden>  Wed, 09 Mar 2016 08:41:47 +0100

Available diffs

• diff from 1.0.18 to 1.0.19 (818 bytes)

ubuntu-core-launcher (1.0.18) xenial; urgency=medium

  * re-enable running all tests on `make`

 -- Michael Vogt <email address hidden>  Thu, 25 Feb 2016 16:01:51 +0100

Available diffs

• diff from 1.0.17 to 1.0.18 (446 bytes)

ubuntu-core-launcher (1.0.17) xenial; urgency=medium

  * debian/usr.bin.ubuntu-core-launcher: add directory reads needed for
    creating directories for SNAP_USER_DATA. Also add accesses for shared
    memory directories for when they are supported. (LP: #1545786)

 -- Jamie Strandboge <email address hidden>  Tue, 16 Feb 2016 11:34:35 -0600

Available diffs

• diff from 1.0.14 to 1.0.17 (5.0 KiB)
• diff from 1.0.16 to 1.0.17 (766 bytes)

ubuntu-core-launcher (1.0.16) xenial; urgency=medium

  [ Kyle Fazzari ]
  * Add creation of user data directory. Previously this was only handled
    within Snappy's binary wrappers, which meant that it wasn't created for
    services. (LP: #1527612)

 -- Jamie Strandboge <email address hidden>  Wed, 10 Feb 2016 11:35:29 -0600

Available diffs

• diff from 1.0.15 to 1.0.16 (4.0 KiB)

ubuntu-core-launcher (1.0.15) xenial; urgency=medium

  * fully transition to /snaps as the snap location

 -- Michael Vogt <email address hidden>  Tue, 26 Jan 2016 16:06:10 +0100

Available diffs

• diff from 1.0.14 to 1.0.15 (1.3 KiB)

ubuntu-core-launcher (1.0.14) xenial; urgency=medium

  * remove unused is_mountpoint() function (thanks Tyler!)
  * do the mount namespace and MS_REC/MS_SLAVE earlier to
    avoid that the real /tmp is bind mounted in the main
    mount namespace (this will also prevent automount daemons
    from running under the ubuntu-core-launcher)

 -- Michael Vogt <email address hidden>  Thu, 03 Dec 2015 08:12:30 +0100

Available diffs

• diff from 1.0.13 to 1.0.14 (1.6 KiB)

ubuntu-core-launcher (1.0.13) xenial; urgency=medium

  * fix build failure on 32 bit arches

 -- Michael Vogt <email address hidden>  Tue, 01 Dec 2015 16:41:20 +0100

Available diffs

• diff from 1.0.10 to 1.0.13 (2.1 KiB)
• diff from 1.0.12 to 1.0.13 (495 bytes)

ubuntu-core-launcher (1.0.12) xenial; urgency=medium

  * update usr.bin.ubuntu-core-launcher apparmor profile
    for classic environment changes

 -- Michael Vogt <email address hidden>  Tue, 01 Dec 2015 15:28:00 +0100

Available diffs

• diff from 1.0.11 to 1.0.12 (532 bytes)

ubuntu-core-launcher (1.0.11) xenial; urgency=medium

  * fix running in classic environment

 -- Michael Vogt <email address hidden>  Mon, 30 Nov 2015 16:56:48 +0100

Available diffs

• diff from 1.0.10 to 1.0.11 (1.8 KiB)

ubuntu-core-launcher (1.0.10) xenial; urgency=medium

  * debian/usr.bin.ubuntu-core-launcher:
    - use attach_disconnected (LP: #1471862)
    - also allow 'mr' for /lib/@{multiarch}/ld-*.so

 -- Jamie Strandboge <email address hidden>  Tue, 27 Oct 2015 08:24:00 -0500

Available diffs

• diff from 1.0.9 to 1.0.10 (665 bytes)

ubuntu-core-launcher (1.0.9) wily; urgency=medium

  * debian/usr.bin.ubuntu-core-launcher: add rw for /dev/null, /dev/full and
    /dev/zero

 -- Jamie Strandboge <email address hidden>  Wed, 19 Aug 2015 08:16:53 -0500

Available diffs

• diff from 1.0.8 to 1.0.9 (484 bytes)

ubuntu-core-launcher (1.0.8) wily; urgency=medium

  [ John Lenton ]
  * add libgcc_s to the apparmor profile, for 32 bit platforms.
    LP: #1470210.

 -- Michael Vogt <email address hidden>  Thu, 02 Jul 2015 09:42:26 +0200

Available diffs

• diff from 1.0.7 to 1.0.8 (489 bytes)

ubuntu-core-launcher (1.0.7) wily; urgency=medium

  * debian/usr.bin.ubuntu-core-launcher:
    - libseccomp.so moved to /lib (LP: #1466311)

 -- Michael Vogt <email address hidden>  Thu, 18 Jun 2015 17:23:43 +0200

Available diffs

• diff from 1.0.6 to 1.0.7 (462 bytes)

ubuntu-core-launcher (1.0.6) wily; urgency=low

  [ Michael Vogt ]
  * add librt.so to apparmor profile

  [ John Lenton ]
  * lp:~chipaca/ubuntu-core-launcher/drop-spurious-newlines:
    - fix spurious newlines

 -- Michael Vogt <email address hidden>  Thu, 11 Jun 2015 16:46:20 +0200

Available diffs

• diff from 1.0.5 to 1.0.6 (1.0 KiB)

ubuntu-core-launcher (1.0.5) wily; urgency=low

  * simplify TMPDIR handling by providing a private /tmp for each snap and
    set TMPDIR, TEMPDIR, SNAP_APP_TMPDIR, SNAPP_APP_TMPDIR to it

 -- Michael Vogt <email address hidden>  Mon, 08 Jun 2015 10:41:07 +0200

Available diffs

• diff from 1.0.4 to 1.0.5 (2.0 KiB)

ubuntu-core-launcher (1.0.4) wily; urgency=medium

  * Allow writing to all forms of TMPDIR (LP: #1460517)

 -- Sergio Schvezov <email address hidden>  Fri, 05 Jun 2015 13:45:35 -0300

Available diffs

• diff from 1.0.3 to 1.0.4 (502 bytes)

ubuntu-core-launcher (1.0.3) wily; urgency=low

  [ Michael Terry ]
  * lp:~mterry/ubuntu-core-launcher/tmpdir:
    - Fix propagation of TMPDIR from the launcher to the command
      being run LP: #1457183
  * lp:~mterry/ubuntu-core-launcher/fix-tests:
    - re-enable tests

 -- Michael Vogt <email address hidden>  Thu, 04 Jun 2015 23:36:04 +0200

Available diffs

• diff from 1.0.2 to 1.0.3 (1.6 KiB)

ubuntu-core-launcher (1.0.2) wily; urgency=low

  [ John Lenton ]
  * lp:~chipaca/ubuntu-core-launcher/unshare:
    - Set up a private mount namespace for /tmp.
  * lp:~chipaca/ubuntu-core-launcher/mktmpdir:
    - Make a best-effort attempt at creating the old TMPDIR.

  [ Sergio Schvezov ]
  * Allow executing from /frameworks.

 -- Michael Vogt <email address hidden>  Mon, 01 Jun 2015 08:17:40 +0200

Available diffs

• diff from 1.0.1 to 1.0.2 (3.0 KiB)

ubuntu-core-launcher (1.0.1) vivid; urgency=low

  * fix typo in udev rule
  * add COPYING/copyright headers
  * fix incorrect Vcs-Bzr link
 -- Michael Vogt <email address hidden>   Thu, 23 Apr 2015 16:08:26 +0200

Available diffs

• diff from 1.0 to 1.0.1 (13.2 KiB)

ubuntu-core-launcher (1.0) vivid; urgency=low

  * 15.04 upload to the archive
 -- Michael Vogt <email address hidden>   Thu, 23 Apr 2015 11:05:01 +0200