The following Fedora EPEL 10.0 Security updates need testing: Age URL 1 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2024-5de3513c56 rust-rustls-0.23.19-1.el10_0 1 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2024-6392f1c6e3 retsnoop-0.10.1-3.el10_0 The following builds have been pushed to Fedora EPEL 10.0 updates-testing btrfs-progs-6.12-1.el10_0 gnome-common-3.18.0-20.el10_0 khard-0.19.1-4.el10_0 libappindicator-12.10.1-7.el10_0 libidn-1.42-4.el10_0 libindicator-12.10.1-26.el10_0 perl-Convert-PEM-0.13-1.el10_0 python-dill-0.3.9-1.el10_0 python-unidecode-1.3.8-3.el10_0 radare2-5.9.8-4.el10_0 rpmreaper-0.2.0-34.el10_0 snapd-2.66.1-1.el10_0 Details about builds: ================================================================================ btrfs-progs-6.12-1.el10_0 (FEDORA-EPEL-2024-0feceed9bc) Userspace programs for btrfs -------------------------------------------------------------------------------- Update Information: Changelog subvolume delete: add new option to do recursive subvolume deletion (for regular user delete only accessible subvolumes) mkfs: new option --subvol to create subvolumes in given paths, read-write, read-only and default add hard link detection support for --rootdir option fixes: receive: message verbosity fixes check: fix false positive report of missing checksum for extent holes check: handle compressed extents when checking tree log when asking Y/N user questions, flush the terminal so the question is displayed (e.g. btrfstune -S) other code refactoring, error handling python packaging fixes documentation updates new tests -------------------------------------------------------------------------------- ChangeLog: * Fri Nov 29 2024 Packit <hello@xxxxxxxxxx> - 6.12-1 - Update to version 6.12 - Resolves: rhbz#2329568 -------------------------------------------------------------------------------- References: [ 1 ] Bug #2329568 - btrfs-progs-6.12 is available https://bugzilla.redhat.com/show_bug.cgi?id=2329568 -------------------------------------------------------------------------------- ================================================================================ gnome-common-3.18.0-20.el10_0 (FEDORA-EPEL-2024-7dd1122a9d) Useful things common to building GNOME packages from scratch -------------------------------------------------------------------------------- Update Information: Initial EPEL 10 release of gnome-shell-extension-appindicator dependencies -------------------------------------------------------------------------------- ChangeLog: * Fri Jul 26 2024 Miroslav Suchý <msuchy@xxxxxxxxxx> - 3.18.0-20 - convert license to SPDX * Thu Jul 18 2024 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 3.18.0-19 - Rebuilt for https://fedoraproject.org/wiki/Fedora_41_Mass_Rebuild * Wed Jan 24 2024 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 3.18.0-18 - Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild * Fri Jan 19 2024 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 3.18.0-17 - Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild * Wed Jul 19 2023 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 3.18.0-16 - Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild * Thu Jan 19 2023 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 3.18.0-15 - Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild -------------------------------------------------------------------------------- References: [ 1 ] Bug #2324078 - Please branch and build gnome-common in epel10 https://bugzilla.redhat.com/show_bug.cgi?id=2324078 [ 2 ] Bug #2324079 - Please branch and build libindicator in epel10 https://bugzilla.redhat.com/show_bug.cgi?id=2324079 [ 3 ] Bug #2324088 - Please branch and build libappindicator in epel10 https://bugzilla.redhat.com/show_bug.cgi?id=2324088 [ 4 ] Bug #2325270 - gnome-shell-extension-appindicator: fails to install from epel10 https://bugzilla.redhat.com/show_bug.cgi?id=2325270 -------------------------------------------------------------------------------- ================================================================================ khard-0.19.1-4.el10_0 (FEDORA-EPEL-2024-e403db2cf7) An address book for the Linux console -------------------------------------------------------------------------------- Update Information: Initial EPEL 10 release -------------------------------------------------------------------------------- ChangeLog: * Mon Jul 29 2024 Miroslav Suchý <msuchy@xxxxxxxxxx> - 0.19.1-4 - convert license to SPDX * Thu Jul 18 2024 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 0.19.1-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_41_Mass_Rebuild * Fri Jun 7 2024 Python Maint <python-maint@xxxxxxxxxx> - 0.19.1-2 - Rebuilt for Python 3.13 * Thu May 30 2024 Ben Boeckel <fedora@xxxxxxxxxxxxxxxxx> - 0.19.1-1 - Update to 0.19.1 - Resolves #2152527 * Thu Jan 25 2024 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 0.17.0-13 - Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild * Sun Jan 21 2024 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 0.17.0-12 - Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild * Thu Jul 20 2023 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 0.17.0-11 - Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild * Tue Jun 13 2023 Python Maint <python-maint@xxxxxxxxxx> - 0.17.0-10 - Rebuilt for Python 3.12 * Thu Jan 19 2023 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 0.17.0-9 - Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild -------------------------------------------------------------------------------- References: [ 1 ] Bug #2323757 - Please branch and build khard in epel10 https://bugzilla.redhat.com/show_bug.cgi?id=2323757 [ 2 ] Bug #2323764 - Please branch and build python-unidecode in epel10 https://bugzilla.redhat.com/show_bug.cgi?id=2323764 -------------------------------------------------------------------------------- ================================================================================ libappindicator-12.10.1-7.el10_0 (FEDORA-EPEL-2024-7dd1122a9d) Application indicators library -------------------------------------------------------------------------------- Update Information: Initial EPEL 10 release of gnome-shell-extension-appindicator dependencies -------------------------------------------------------------------------------- ChangeLog: * Tue Nov 5 2024 Michel Lind <salimma@xxxxxxxxxxxxxxxxx> - 12.10.1-7 - Drop gtk2 support on EL >= 10 * Mon Sep 2 2024 Miroslav Suchý <msuchy@xxxxxxxxxx> - 12.10.1-6 - convert license to SPDX * Thu Jul 18 2024 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 12.10.1-5 - Rebuilt for https://fedoraproject.org/wiki/Fedora_41_Mass_Rebuild * Thu Jan 25 2024 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 12.10.1-4 - Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild * Sun Jan 21 2024 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 12.10.1-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild * Thu Jul 20 2023 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 12.10.1-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild * Thu Jan 19 2023 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 12.10.1-1 - Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild * Mon Nov 7 2022 Timotheus Pokorra <timotheus.pokorra@xxxxxxxxxxxxxxxx> - 12.10.1-0 - Upgrade to 12.10.1 to fix bug 2135815 -------------------------------------------------------------------------------- References: [ 1 ] Bug #2324078 - Please branch and build gnome-common in epel10 https://bugzilla.redhat.com/show_bug.cgi?id=2324078 [ 2 ] Bug #2324079 - Please branch and build libindicator in epel10 https://bugzilla.redhat.com/show_bug.cgi?id=2324079 [ 3 ] Bug #2324088 - Please branch and build libappindicator in epel10 https://bugzilla.redhat.com/show_bug.cgi?id=2324088 [ 4 ] Bug #2325270 - gnome-shell-extension-appindicator: fails to install from epel10 https://bugzilla.redhat.com/show_bug.cgi?id=2325270 -------------------------------------------------------------------------------- ================================================================================ libidn-1.42-4.el10_0 (FEDORA-EPEL-2024-0ef71831a6) Internationalized Domain Name support library -------------------------------------------------------------------------------- Update Information: EPEL10 build -------------------------------------------------------------------------------- ChangeLog: * Thu Jul 18 2024 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 1.42-4 - Rebuilt for https://fedoraproject.org/wiki/Fedora_41_Mass_Rebuild * Thu Jan 25 2024 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 1.42-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild * Sun Jan 21 2024 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 1.42-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild * Mon Jan 15 2024 Miroslav Lichvar <mlichvar@xxxxxxxxxx> - 1.42-1 - update to 1.42 - convert license tag to SPDX * Thu Jul 20 2023 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 1.41-5 - Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild * Thu Jan 19 2023 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 1.41-4 - Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild * Thu Jul 21 2022 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 1.41-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild -------------------------------------------------------------------------------- ================================================================================ libindicator-12.10.1-26.el10_0 (FEDORA-EPEL-2024-7dd1122a9d) Shared functions for Ayatana indicators -------------------------------------------------------------------------------- Update Information: Initial EPEL 10 release of gnome-shell-extension-appindicator dependencies -------------------------------------------------------------------------------- ChangeLog: * Mon Jan 1 2024 Mamoru TASAKA <mtasaka@xxxxxxxxxxxxxxxxx> - 12.10.1-26 - SPDX migration * Thu Jul 20 2023 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 12.10.1-25 - Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild * Thu Jan 19 2023 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 12.10.1-24 - Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild * Thu Jul 21 2022 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 12.10.1-23 - Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild * Thu Jan 20 2022 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 12.10.1-22 - Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild -------------------------------------------------------------------------------- References: [ 1 ] Bug #2324078 - Please branch and build gnome-common in epel10 https://bugzilla.redhat.com/show_bug.cgi?id=2324078 [ 2 ] Bug #2324079 - Please branch and build libindicator in epel10 https://bugzilla.redhat.com/show_bug.cgi?id=2324079 [ 3 ] Bug #2324088 - Please branch and build libappindicator in epel10 https://bugzilla.redhat.com/show_bug.cgi?id=2324088 [ 4 ] Bug #2325270 - gnome-shell-extension-appindicator: fails to install from epel10 https://bugzilla.redhat.com/show_bug.cgi?id=2325270 -------------------------------------------------------------------------------- ================================================================================ perl-Convert-PEM-0.13-1.el10_0 (FEDORA-EPEL-2024-da19b52572) Read/write encrypted ASN.1 PEM files -------------------------------------------------------------------------------- Update Information: This update fixes an issue that caused the Crypt::DSA test suite to fail, and also gets rid of some warnings. -------------------------------------------------------------------------------- ChangeLog: * Tue Dec 3 2024 Paul Howarth <paul@xxxxxxxxxxxx> - 0.13-1 - Update to 0.13 (rhbz#2330122) - Fix recent issues in Crypt::DSA (CPAN RT#156495) - Handle undefined values and redefined iv (GH#2) - Switch source URL from cpan.metacpan.org to www.cpan.org -------------------------------------------------------------------------------- ================================================================================ python-dill-0.3.9-1.el10_0 (FEDORA-EPEL-2024-f5b7d4acfa) Serialize all of Python -------------------------------------------------------------------------------- Update Information: New python package dill, that extends pickle module -------------------------------------------------------------------------------- ChangeLog: * Tue Dec 3 2024 Sergio Pascual <sergiopr@xxxxxxxxxx> - 0.3.9-1 - Initial specfile -------------------------------------------------------------------------------- References: [ 1 ] Bug #2320989 - Please branch and build python-dill in epel10 https://bugzilla.redhat.com/show_bug.cgi?id=2320989 -------------------------------------------------------------------------------- ================================================================================ python-unidecode-1.3.8-3.el10_0 (FEDORA-EPEL-2024-e403db2cf7) US-ASCII transliterations of Unicode text -------------------------------------------------------------------------------- Update Information: Initial EPEL 10 release -------------------------------------------------------------------------------- ChangeLog: * Fri Jul 26 2024 Miroslav Suchý <msuchy@xxxxxxxxxx> - 1.3.8-3 - convert license to SPDX * Fri Jul 19 2024 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 1.3.8-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_41_Mass_Rebuild * Thu Jun 13 2024 pjp <pjp@xxxxxxxxxxxxxxxxx> - 1.3.8-1 - Update to release 1.3.8 * Fri Jun 7 2024 Python Maint <python-maint@xxxxxxxxxx> - 1.3.4-8 - Rebuilt for Python 3.13 * Fri Jan 26 2024 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 1.3.4-7 - Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild * Mon Jan 22 2024 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 1.3.4-6 - Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild * Fri Jul 21 2023 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 1.3.4-5 - Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild * Tue Jun 13 2023 Python Maint <python-maint@xxxxxxxxxx> - 1.3.4-4 - Rebuilt for Python 3.12 * Fri Jan 20 2023 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 1.3.4-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild -------------------------------------------------------------------------------- References: [ 1 ] Bug #2323757 - Please branch and build khard in epel10 https://bugzilla.redhat.com/show_bug.cgi?id=2323757 [ 2 ] Bug #2323764 - Please branch and build python-unidecode in epel10 https://bugzilla.redhat.com/show_bug.cgi?id=2323764 -------------------------------------------------------------------------------- ================================================================================ radare2-5.9.8-4.el10_0 (FEDORA-EPEL-2024-acbed9a263) The reverse engineering framework -------------------------------------------------------------------------------- Update Information: Bump radare2 to 5.9.8, iaito to 5.9.9, fixes CVE-2024-11858 -------------------------------------------------------------------------------- ChangeLog: * Sat Nov 30 2024 Michal Ambroz <rebus@xxxxxxxxx> - 5.9.8-4 - fix epel build * Mon Nov 25 2024 Michal Ambroz <rebus@xxxxxxxxx> - 5.9.8-2 - documentation of embedded quickjs-ng library * Fri Nov 22 2024 Michal Ambroz <rebus@xxxxxxxxx> - 5.9.8-1 - bump to 5.9.8 -------------------------------------------------------------------------------- References: [ 1 ] Bug #2313891 - iaito: fails to install from epel9 https://bugzilla.redhat.com/show_bug.cgi?id=2313891 [ 2 ] Bug #2327286 - iaito-5.9.9 is available https://bugzilla.redhat.com/show_bug.cgi?id=2327286 [ 3 ] Bug #2327308 - radare2-5.9.8 is available https://bugzilla.redhat.com/show_bug.cgi?id=2327308 [ 4 ] Bug #2329104 - CVE-2024-11858 radare2: Command Injection via Pebble Application Files in Radare2 [epel-8] https://bugzilla.redhat.com/show_bug.cgi?id=2329104 [ 5 ] Bug #2329105 - CVE-2024-11858 radare2: Command Injection via Pebble Application Files in Radare2 [epel-9] https://bugzilla.redhat.com/show_bug.cgi?id=2329105 [ 6 ] Bug #2329107 - CVE-2024-11858 radare2: Command Injection via Pebble Application Files in Radare2 [fedora-40] https://bugzilla.redhat.com/show_bug.cgi?id=2329107 [ 7 ] Bug #2329108 - CVE-2024-11858 radare2: Command Injection via Pebble Application Files in Radare2 [fedora-41] https://bugzilla.redhat.com/show_bug.cgi?id=2329108 [ 8 ] Bug #2329622 - F41FailsToInstall: iaito https://bugzilla.redhat.com/show_bug.cgi?id=2329622 [ 9 ] Bug #2329623 - F40FailsToInstall: iaito https://bugzilla.redhat.com/show_bug.cgi?id=2329623 -------------------------------------------------------------------------------- ================================================================================ rpmreaper-0.2.0-34.el10_0 (FEDORA-EPEL-2024-c4048e3441) A tool for removing packages from system -------------------------------------------------------------------------------- Update Information: EPEL10 build -------------------------------------------------------------------------------- ChangeLog: * Fri Jul 19 2024 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 0.2.0-34 - Rebuilt for https://fedoraproject.org/wiki/Fedora_41_Mass_Rebuild * Fri Jan 26 2024 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 0.2.0-33 - Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild * Mon Jan 22 2024 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 0.2.0-32 - Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild * Fri Jul 21 2023 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 0.2.0-31 - Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild * Fri May 19 2023 Petr Pisar <ppisar@xxxxxxxxxx> - 0.2.0-30 - Rebuild against rpm-4.19 (https://fedoraproject.org/wiki/Changes/RPM-4.19) * Fri Jan 20 2023 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 0.2.0-29 - Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild * Tue Jul 26 2022 Miroslav Lichvar <mlichvar@xxxxxxxxxx> 0.2.0-28 - fix compiler warnings * Sat Jul 23 2022 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 0.2.0-27 - Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild -------------------------------------------------------------------------------- ================================================================================ snapd-2.66.1-1.el10_0 (FEDORA-EPEL-2024-e486e036fe) A transactional software package manager -------------------------------------------------------------------------------- Update Information: Constrain dependency on xdelta to EPEL-9 AppArmor prompting (experimental): Fix kernel prompting support check Allow kernel snaps to have content slots Fix ignoring snaps in try mode when amending New upstream release 2.66 AppArmor prompting (experimental): expand kernel support checks AppArmor prompting (experimental): consolidate error messages and add error kinds AppArmor prompting (experimental): grant /v2/snaps/{name} via snap-interfaces-requests-control AppArmor prompting (experimental): add checks for duplicate pattern variants Registry views (experimental): add handlers that commit (and cleanup) registry transactions Registry views (experimental): add a snapctl fail command for rejecting registry transactions Registry views (experimental): allow custodian snaps to implement registry hooks that modify and save registry data Registry views (experimental): run view-changed hooks only for snaps plugging views affected by modified paths Registry views (experimental): make registry transactions serialisable Snap components: handle refreshing components to revisions that have been on the system before Snap components: enable creating Ubuntu Core images that contain components Snap components: handle refreshing components independently of snaps Snap components: handle removing components when refreshing a snap that no longer defines them Snap components: extend snapd Ubuntu Core installation API to allow for picking optional snaps and components to install Snap components: extend kernel.yaml with "dynamic-modules", allowing kernel to define a location for kmods from component hooks Snap components: renamed component type "test" to "standard" Desktop IDs: support installing desktop files with custom names based on desktop-file-ids desktop interface plug attr Auto-install snapd on classic systems as prerequisite for any non- essential snap install Support loading AppArmor profiles on WSL2 with non-default kernel and securityfs mounted Debian/Fedora packaging updates Add snap debug command for investigating execution aspects of the snap toolchain Improve snap pack error for easier parsing Add support for user services when refreshing snaps Add snap remove --terminate flag for terminating running snap processes Support building FIPS complaint snapd deb and snap Fix to not use nss when looking up for users/groups from snapd snap Fix ordering in which layout changes are saved Patch snapd snap dynamic linker to ignore LD_LIBRARY_PATH and related variables Fix libexec dir for openSUSE Slowroll Fix handling of the shared snap directory for parallel installs Allow writing to /run/systemd/journal/dev-log by default Avoid state lock during snap removal to avoid delaying other snapd operations Add nomad-support interface to enable running Hashicorp Nomad Add intel-qat interface u2f-devices interface: add u2f trustkey t120 product id and fx series fido u2f devices desktop interface: improve integration with xdg-desktop-portal desktop interface: add desktop-file-ids plug attr to desktop interface unity7 interface: support desktop-file-ids in desktop files rule generation desktop-legacy interface: support desktop-file-ids in desktop files rule generation desktop-legacy interface: grant access to gcin socket location login-session-observe interface: allow introspection custom-device interface: allow to explicitly identify matching device in udev tagging block system-packages-doc interface: allow reading /usr/share/javascript modem-manager interface: add new format of WWAN ports pcscd interface: allow pcscd to read opensc.conf cpu-control interface: add IRQ affinity control to cpu_control opengl interface: add support for cuda workloads on Tegra iGPU in opengl interface -------------------------------------------------------------------------------- ChangeLog: * Tue Dec 3 2024 Zygmunt Krynicki <me@xxxxxxxxx> - Constrain dependency on xdelta to EPEL-9 * Fri Nov 29 2024 Zygmunt Krynicki <me@xxxxxxxxx> - Re-cherry pick fix for SELinux timedatex problem from upstream as it was not released in 2.66.1, sorry. * Wed Nov 20 2024 Zygmunt Krynicki <me@xxxxxxxxx> - Drop only patch, applied upstream. * Fri Oct 25 2024 Zygmunt Krynicki <me@xxxxxxxxx> - Cherry pick fix for SELinux timedatex problem from upstream * Fri Oct 11 2024 Ernest Lotter <ernest.lotter@xxxxxxxxxxxxx> - New upstream release 2.66.1 - AppArmor prompting (experimental): Fix kernel prompting support check - Allow kernel snaps to have content slots - Fix ignoring snaps in try mode when amending * Fri Oct 4 2024 Ernest Lotter <ernest.lotter@xxxxxxxxxxxxx> - New upstream release 2.66 - AppArmor prompting (experimental): expand kernel support checks - AppArmor prompting (experimental): consolidate error messages and add error kinds - AppArmor prompting (experimental): grant /v2/snaps/{name} via snap-interfaces-requests-control - AppArmor prompting (experimental): add checks for duplicate pattern variants - Registry views (experimental): add handlers that commit (and cleanup) registry transactions - Registry views (experimental): add a snapctl fail command for rejecting registry transactions - Registry views (experimental): allow custodian snaps to implement registry hooks that modify and save registry data - Registry views (experimental): run view-changed hooks only for snaps plugging views affected by modified paths - Registry views (experimental): make registry transactions serialisable - Snap components: handle refreshing components to revisions that have been on the system before - Snap components: enable creating Ubuntu Core images that contain components - Snap components: handle refreshing components independently of snaps - Snap components: handle removing components when refreshing a snap that no longer defines them - Snap components: extend snapd Ubuntu Core installation API to allow for picking optional snaps and components to install - Snap components: extend kernel.yaml with "dynamic-modules", allowing kernel to define a location for kmods from component hooks - Snap components: renamed component type "test" to "standard" - Desktop IDs: support installing desktop files with custom names based on desktop-file-ids desktop interface plug attr - Auto-install snapd on classic systems as prerequisite for any non- essential snap install - Support loading AppArmor profiles on WSL2 with non-default kernel and securityfs mounted - Debian/Fedora packaging updates - Add snap debug command for investigating execution aspects of the snap toolchain - Improve snap pack error for easier parsing - Add support for user services when refreshing snaps - Add snap remove --terminate flag for terminating running snap processes - Support building FIPS complaint snapd deb and snap - Fix to not use nss when looking up for users/groups from snapd snap - Fix ordering in which layout changes are saved - Patch snapd snap dynamic linker to ignore LD_LIBRARY_PATH and related variables - Fix libexec dir for openSUSE Slowroll - Fix handling of the shared snap directory for parallel installs - Allow writing to /run/systemd/journal/dev-log by default - Avoid state lock during snap removal to avoid delaying other snapd operations - Add nomad-support interface to enable running Hashicorp Nomad - Add intel-qat interface - u2f-devices interface: add u2f trustkey t120 product id and fx series fido u2f devices - desktop interface: improve integration with xdg-desktop-portal - desktop interface: add desktop-file-ids plug attr to desktop interface - unity7 interface: support desktop-file-ids in desktop files rule generation - desktop-legacy interface: support desktop-file-ids in desktop files rule generation - desktop-legacy interface: grant access to gcin socket location - login-session-observe interface: allow introspection - custom-device interface: allow to explicitly identify matching device in udev tagging block - system-packages-doc interface: allow reading /usr/share/javascript - modem-manager interface: add new format of WWAN ports - pcscd interface: allow pcscd to read opensc.conf - cpu-control interface: add IRQ affinity control to cpu_control - opengl interface: add support for cuda workloads on Tegra iGPU in opengl interface * Thu Sep 12 2024 Ernest Lotter <ernest.lotter@xxxxxxxxxxxxx> - New upstream release 2.65.3 - Fix missing aux info from store on snap setup * Fri Sep 6 2024 Ernest Lotter <ernest.lotter@xxxxxxxxxxxxx> - New upstream release 2.65.2 - Bump squashfuse from version 0.5.0 to 0.5.2 (used in snapd deb only) * Sat Aug 24 2024 Ernest Lotter <ernest.lotter@xxxxxxxxxxxxx> - New upstream release 2.65.1 - Support building snapd using base Core22 (Snapcraft 8.x) - FIPS: support building FIPS complaint snapd variant that switches to FIPS mode when the system boots with FIPS enabled - AppArmor: update to latest 4.0.2 release - AppArmor: enable using ABI 4.0 from host parser - AppArmor: fix parser lookup - AppArmor: support AppArmor snippet priorities - AppArmor: allow reading cgroup memory.max file - AppArmor: allow using snap-exec coming from the snapd snap when starting a confined process with jailmode - AppArmor prompting (experimental): add checks for prompting support, include prompting status in system key, and restart snapd if prompting flag changes - AppArmor prompting (experimental): include prompt prefix in AppArmor rules if prompting is supported and enabled - AppArmor prompting (experimental): add common types, constraints, and mappings from AppArmor permissions to abstract permissions - AppArmor prompting (experimental): add path pattern parsing and matching - AppArmor prompting (experimental): add path pattern precedence based on specificity - AppArmor prompting (experimental): add packages to manage outstanding request prompts and rules - AppArmor prompting (experimental): add prompting API and notice types, which require snap-interfaces-requests-control interface - AppArmor prompting (experimental): feature flag can only be enabled if prompting is supported, handler service connected, and the service can be started - Registry views (experimental): rename from aspects to registries - Registry views (experimental): support reading registry views and setting/unsetting registry data using snapctl - Registry views (experimental): fetch and refresh registry assertions as needed - Registry views (experimental): restrict view paths from using a number as first character and view names to storage path style patterns - Snap components: support installing snaps and components from files at the same time (no REST API/CLI) - Snap components: support downloading components related assertions from the store - Snap components: support installing components from the store - Snap components: support removing components individually and during snap removal - Snap components: support kernel modules as components - Snap components: support for component install, pre-refresh and post-refresh hooks - Snap components: initial support for building systems that contain components - Refresh app awareness (experimental): add data field for /v2/changes REST API to allow associating each task with affected snaps - Refresh app awareness (experimental): use the app name from .desktop file in notifications - Refresh app awareness (experimental): give snap-refresh-observe interface access to /v2/snaps/{name} endpoint - Improve snap-confine compatibility with nvidia drivers - Allow re-exec when SNAP_REEXEC is set for unlisted distros to simplify testing - Allow mixing revision and channel on snap install - Generate GNU build ID for Go binaries - Add missing etelpmoc.sh for shell completion - Do not attempt to run snapd on classic when re-exec is disabled - Packaging/build maintenance for Debian sid, Fedora, Arch, openSuse - Add snap debug API command to enable running raw queries - Enable snap-confine snap mount directory detection - Replace global seccomp filter with deny rules in standard seccomp template - Remove support for Ubuntu Core Launcher (superseded by snap- confine) - Support creating pending serial bound users after serial assertion becomes available - Support disabling cloud-init using kernel command-line - In hybrid systems, apps can refresh without waiting for restarts required by essential snaps - Ship snap-debug-info.sh script used for system diagnostics - Improve error messages when attempting to run non-existent snap - Switch to -u UID:GID for strace-static - Support enabling snapd logging with snap set system debug.snapd.{log,log-level} - Add options system.coredump.enable and system.coredump.maxuse to support using systemd-coredump on Ubuntu Core - Provide documentation URL for 'snap interface ' - Fix snapd riscv64 build - Fix restarting activated services instead of their activator units (i.e. sockets, timers) - Fix potential unexpected auto-refresh of snap on managed schedule - Fix potential segfault by guarding against kernel command-line changes on classic system - Fix proxy entries in /etc/environment with missing newline that caused later manual entries to not be usable - Fix offline remodelling by ignoring prerequisites that will otherwise be downloaded from store - Fix devmode seccomp deny regression that caused spamming the log instead of actual denies - Fix snap lock leak during refresh - Fix not re-pinning validation sets that were already pinned when enforcing new validation sets - Fix handling of unexpected snapd runtime failure - Fix /v2/notices REST API skipping notices with duplicate timestamps - Fix comparing systemd versions that may contain pre-release suffixes - Fix udev potentially starting before snap-device-helper is made available - Fix race in snap seed metadata loading - Fix treating cloud-init exit status 2 as error - Fix to prevent sending refresh complete notification if snap snap- refresh-observe interface is connected - Fix to queue snapctl service commands if run from the default- configure hook to ensure they get up-to-date config values - Fix stop service failure when the service is not actually running anymore - Fix parsing /proc/PID/mounts with spaces - Add registry interface that provides snaps access to a particular registry view - Add snap-interfaces-requests-control interface to enable prompting client snaps - steam-support interface: remove all AppArmor and seccomp restrictions to improve user experience - opengl interface: improve compatibility with nvidia drivers - home interface: autoconnect home on Ubuntu Core Desktop - serial-port interface: support RPMsg tty - display-control interface: allow changing LVDS backlight power and brightness - power-control interface: support for battery charging thesholds, type/status and AC type/status - cpu-control interface: allow CPU C-state control - raw-usb interface: support RPi5 and Thinkpad x13s - custom-device interface: allow device file locking - lxd-support interface: allow LXD to self-manage its own cgroup - network-manager interface: support MPTCP sockets - network-control interface: allow plug/slot access to gnutls config and systemd resolved cache flushing via D-Bus - network-control interface: allow wpa_supplicant dbus api - gpio-control interface: support gpiochip* devices - polkit interface: fix "rw" mount option check - u2f-devices interface: enable additional security keys - desktop interface: enable kde theming support * Fri Aug 23 2024 Ernest Lotter <ernest.lotter@xxxxxxxxxxxxx> - New upstream release 2.65 - Support building snapd using base Core22 (Snapcraft 8.x) - FIPS: support building FIPS complaint snapd variant that switches to FIPS mode when the system boots with FIPS enabled - AppArmor: update to latest 4.0.2 release - AppArmor: enable using ABI 4.0 from host parser - AppArmor: fix parser lookup - AppArmor: support AppArmor snippet priorities - AppArmor: allow reading cgroup memory.max file - AppArmor: allow using snap-exec coming from the snapd snap when starting a confined process with jailmode - AppArmor prompting (experimental): add checks for prompting support, include prompting status in system key, and restart snapd if prompting flag changes - AppArmor prompting (experimental): include prompt prefix in AppArmor rules if prompting is supported and enabled - AppArmor prompting (experimental): add common types, constraints, and mappings from AppArmor permissions to abstract permissions - AppArmor prompting (experimental): add path pattern parsing and matching - AppArmor prompting (experimental): add path pattern precedence based on specificity - AppArmor prompting (experimental): add packages to manage outstanding request prompts and rules - AppArmor prompting (experimental): add prompting API and notice types, which require snap-interfaces-requests-control interface - AppArmor prompting (experimental): feature flag can only be enabled if prompting is supported, handler service connected, and the service can be started - Registry views (experimental): rename from aspects to registries - Registry views (experimental): support reading registry views and setting/unsetting registry data using snapctl - Registry views (experimental): fetch and refresh registry assertions as needed - Registry views (experimental): restrict view paths from using a number as first character and view names to storage path style patterns - Snap components: support installing snaps and components from files at the same time (no REST API/CLI) - Snap components: support downloading components related assertions from the store - Snap components: support installing components from the store - Snap components: support removing components individually and during snap removal - Snap components: support kernel modules as components - Snap components: support for component install, pre-refresh and post-refresh hooks - Snap components: initial support for building systems that contain components - Refresh app awareness (experimental): add data field for /v2/changes REST API to allow associating each task with affected snaps - Refresh app awareness (experimental): use the app name from .desktop file in notifications - Refresh app awareness (experimental): give snap-refresh-observe interface access to /v2/snaps/{name} endpoint - Improve snap-confine compatibility with nvidia drivers - Allow re-exec when SNAP_REEXEC is set for unlisted distros to simplify testing - Allow mixing revision and channel on snap install - Generate GNU build ID for Go binaries - Add missing etelpmoc.sh for shell completion - Do not attempt to run snapd on classic when re-exec is disabled - Packaging/build maintenance for Debian sid, Fedora, Arch, openSuse - Add snap debug API command to enable running raw queries - Enable snap-confine snap mount directory detection - Replace global seccomp filter with deny rules in standard seccomp template - Remove support for Ubuntu Core Launcher (superseded by snap- confine) - Support creating pending serial bound users after serial assertion becomes available - Support disabling cloud-init using kernel command-line - In hybrid systems, apps can refresh without waiting for restarts required by essential snaps - Ship snap-debug-info.sh script used for system diagnostics - Improve error messages when attempting to run non-existent snap - Switch to -u UID:GID for strace-static - Support enabling snapd logging with snap set system debug.snapd.{log,log-level} - Add options system.coredump.enable and system.coredump.maxuse to support using systemd-coredump on Ubuntu Core - Provide documentation URL for 'snap interface ' - Fix restarting activated services instead of their activator units (i.e. sockets, timers) - Fix potential unexpected auto-refresh of snap on managed schedule - Fix potential segfault by guarding against kernel command-line changes on classic system - Fix proxy entries in /etc/environment with missing newline that caused later manual entries to not be usable - Fix offline remodelling by ignoring prerequisites that will otherwise be downloaded from store - Fix devmode seccomp deny regression that caused spamming the log instead of actual denies - Fix snap lock leak during refresh - Fix not re-pinning validation sets that were already pinned when enforcing new validation sets - Fix handling of unexpected snapd runtime failure - Fix /v2/notices REST API skipping notices with duplicate timestamps - Fix comparing systemd versions that may contain pre-release suffixes - Fix udev potentially starting before snap-device-helper is made available - Fix race in snap seed metadata loading - Fix treating cloud-init exit status 2 as error - Fix to prevent sending refresh complete notification if snap snap- refresh-observe interface is connected - Fix to queue snapctl service commands if run from the default- configure hook to ensure they get up-to-date config values - Fix stop service failure when the service is not actually running anymore - Fix parsing /proc/PID/mounts with spaces - Add registry interface that provides snaps access to a particular registry view - Add snap-interfaces-requests-control interface to enable prompting client snaps - steam-support interface: remove all AppArmor and seccomp restrictions to improve user experience - opengl interface: improve compatibility with nvidia drivers - home interface: autoconnect home on Ubuntu Core Desktop - serial-port interface: support RPMsg tty - display-control interface: allow changing LVDS backlight power and brightness - power-control interface: support for battery charging thesholds, type/status and AC type/status - cpu-control interface: allow CPU C-state control - raw-usb interface: support RPi5 and Thinkpad x13s - custom-device interface: allow device file locking - lxd-support interface: allow LXD to self-manage its own cgroup - network-manager interface: support MPTCP sockets - network-control interface: allow plug/slot access to gnutls config and systemd resolved cache flushing via D-Bus - network-control interface: allow wpa_supplicant dbus api - gpio-control interface: support gpiochip* devices - polkit interface: fix "rw" mount option check - u2f-devices interface: enable additional security keys - desktop interface: enable kde theming support * Mon Jul 29 2024 Miroslav Suchý <msuchy@xxxxxxxxxx> - 2.63-3 - convert license to SPDX * Fri Jul 26 2024 Miroslav Suchý <msuchy@xxxxxxxxxx> - 2.63-2 - convert license to SPDX * Wed Jul 24 2024 Ernest Lotter <ernest.lotter@xxxxxxxxxxxxx> - New upstream release 2.64 - Support building snapd using base Core22 (Snapcraft 8.x) - FIPS: support building FIPS complaint snapd variant that switches to FIPS mode when the system boots with FIPS enabled - AppArmor: update to AppArmor 4.0.1 - AppArmor: support AppArmor snippet priorities - AppArmor prompting: add checks for prompting support, include prompting status in system key, and restart snapd if prompting flag changes - AppArmor prompting: include prompt prefix in AppArmor rules if prompting is supported and enabled - AppArmor prompting: add common types, constraints, and mappings from AppArmor permissions to abstract permissions - AppArmor prompting: add path pattern parsing and matching - Registry views (experimental): rename from aspects to registries - Registry views (experimental): support reading registry views using snapctl - Registry views (experimental): restrict view paths from using a number as first character and view names to storage path style patterns - Snap components: support installing snaps and components from files at the same time (no REST API/CLI) - Snap components: support downloading components related assertions from the store - Snap components: support installing components from the store (no REST API/CLI) - Snap components: support removing components (REST API, no CLI) - Snap components: started support for component hooks - Snap components: support kernel modules as components - Refresh app awareness (experimental): add data field for /v2/changes REST API to allow associating each task with affected snaps - Refresh app awareness (experimental): use the app name from .desktop file in notifications - Refresh app awareness (experimental): give snap-refresh-observe interface access to /v2/snaps/{name} endpoint - Allow re-exec when SNAP_REEXEC is set for unlisted distros to simplify testing - Generate GNU build ID for Go binaries - Add missing etelpmoc.sh for shell completion - Do not attempt to run snapd on classic when re-exec is disabled - Packaging/build maintenance for Debian sid, Fedora, Arch, openSuse - Add snap debug api command to enable running raw queries - Enable snap-confine snap mount directory detection - Replace global seccomp filter with deny rules in standard seccomp template - Remove support for Ubuntu Core Launcher (superseded by snap- confine) - Support creating pending serial bound users after serial assertion becomes available - Support disabling cloud-init using kernel command-line - In hybrid systems, apps can refresh without waiting for restarts required by essential snaps - Ship snap-debug-info.sh script used for system diagnostics - Improve error messages when attempting to run non-existent snap - Switch to -u UID:GID for strace-static - Support enabling snapd logging with snap set system debug.snapd.{log,log-level} - Fix restarting activated services instead of their activator units (i.e. sockets, timers) - Fix potential unexpected auto-refresh of snap on managed schedule - Fix potential segfault by guarding against kernel command-line changes on classic system - Fix proxy entries in /etc/environment with missing newline that caused later manual entries to not be usable - Fix offline remodelling by ignoring prerequisites that will otherwise be downloaded from store - Fix devmode seccomp deny regression that caused spamming the log instead of actual denies - Fix snap lock leak during refresh - Fix not re-pinning validation sets that were already pinned when enforcing new validation sets - Fix handling of unexpected snapd runtime failure - Fix /v2/notices REST API skipping notices with duplicate timestamps - Fix comparing systemd versions that may contain pre-release suffixes - Fix udev potentially starting before snap-device-helper is made available - Fix race in snap seed metadata loading - Fix treating cloud-init exit status 2 as error - Fix to prevent sending refresh complete notification if snap snap- refresh-observe interface is connected - Fix to queue snapctl service commands if run from the default- configure hook to ensure they get up-to-date config values - Fix stop service failure when the service is not actually running anymore - Add registry interface that provides snaps access to a particular registry view - steam-support interface: relaxed AppArmor and seccomp restrictions to improve user experience - home interface: autoconnect home on Ubuntu Core Desktop - serial-port interface: support RPMsg tty - display-control interface: allow changing LVDS backlight power and brightness - power-control interface: support for battery charging thesholds, type/status and AC type/status - cpu-control interface: allow CPU C-state control - raw-usb interface: support RPi5 and Thinkpad x13s - custom-device interface: allow device file locking - lxd-support interface: allow LXD to self-manage its own cgroup - network-manager interface: support MPTCP sockets - network-control interface: allow plug/slot access to gnutls config and systemd resolved cache flushing via D-Bus * Sat Jul 20 2024 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 2.63-1 - Rebuilt for https://fedoraproject.org/wiki/Fedora_41_Mass_Rebuild * Wed Apr 24 2024 Ernest Lotter <ernest.lotter@xxxxxxxxxxxxx> - New upstream release 2.63 - Support for snap services to show the current status of user services (experimental) - Refresh app awareness: record snap-run-inhibit notice when starting app from snap that is busy with refresh (experimental) - Refresh app awareness: use warnings as fallback for desktop notifications (experimental) - Aspect based configuration: make request fields in the aspect- bundle's rules optional (experimental) - Aspect based configuration: make map keys conform to the same format as path sub-keys (experimental) - Aspect based configuration: make unset and set behaviour similar to configuration options (experimental) - Aspect based configuration: limit nesting level for setting value (experimental) - Components: use symlinks to point active snap component revisions - Components: add model assertion support for components - Components: fix to ensure local component installation always gets a new revision number - Add basic support for a CIFS remote filesystem-based home directory - Add support for AppArmor profile kill mode to avoid snap-confine error - Allow more than one interface to grant access to the same API endpoint or notice type - Allow all snapd service's control group processes to send systemd notifications to prevent warnings flooding the log - Enable not preseeded single boot install - Update secboot to handle new sbatlevel - Fix to not use cgroup for non-strict confined snaps (devmode, classic) - Fix two race conditions relating to freedesktop notifications - Fix missing tunables in snap-update-ns AppArmor template - Fix rejection of snapd snap udev command line by older host snap- device-helper - Rework seccomp allow/deny list - Clean up files removed by gadgets - Remove non-viable boot chains to avoid secboot failure - posix_mq interface: add support for missing time64 mqueue syscalls mq_timedreceive_time64 and mq_timedsend_time64 - password-manager-service interface: allow kwalletd version 6 - kubernetes-support interface: allow SOCK_SEQPACKET sockets - system-observe interface: allow listing systemd units and their properties - opengl interface: enable use of nvidia container toolkit CDI config generation * Thu Mar 21 2024 Ernest Lotter <ernest.lotter@xxxxxxxxxxxxx> - New upstream release 2.62 - Aspects based configuration schema support (experimental) - Refresh app awareness support for UI (experimental) - Support for user daemons by introducing new control switches --user/--system/--users for service start/stop/restart (experimental) - Add AppArmor prompting experimental flag (feature currently unsupported) - Installation of local snap components of type test - Packaging of components with snap pack - Expose experimental features supported/enabled in snapd REST API endpoint /v2/system-info - Support creating and removing recovery systems for use by factory reset - Enable API route for creating and removing recovery systems using /v2/systems with action create and /v2/systems/{label} with action remove - Lift requirements for fde-setup hook for single boot install - Enable single reboot gadget update for UC20+ - Allow core to be removed on classic systems - Support for remodeling on hybrid systems - Install desktop files on Ubuntu Core and update after snapd upgrade - Upgrade sandbox features to account for cgroup v2 device filtering - Support snaps to manage their own cgroups - Add support for AppArmor 4.0 unconfined profile mode - Add AppArmor based read access to /etc/default/keyboard - Upgrade to squashfuse 0.5.0 - Support useradd utility to enable removing Perl dependency for UC24+ - Support for recovery-chooser to use console-conf snap - Add support for --uid/--gid using strace-static - Add support for notices (from pebble) and expose via the snapd REST API endpoints /v2/notices and /v2/notice - Add polkit authentication for snapd REST API endpoints /v2/snaps/{snap}/conf and /v2/apps - Add refresh-inhibit field to snapd REST API endpoint /v2/snaps - Add refresh-inhibited select query to REST API endpoint /v2/snaps - Take into account validation sets during remodeling - Improve offline remodeling to use installed revisions of snaps to fulfill the remodel revision requirement - Add rpi configuration option sdtv_mode - When snapd snap is not installed, pin policy ABI to 4.0 or 3.0 if present on host - Fix gadget zero-sized disk mapping caused by not ignoring zero sized storage traits - Fix gadget install case where size of existing partition was not correctly taken into account - Fix trying to unmount early kernel mount if it does not exist - Fix restarting mount units on snapd start - Fix call to udev in preseed mode - Fix to ensure always setting up the device cgroup for base bare and core24+ - Fix not copying data from newly set homedirs on revision change - Fix leaving behind empty snap home directories after snap is removed (resulting in broken symlink) - Fix to avoid using libzstd from host by adding to snapd snap - Fix autorefresh to correctly handle forever refresh hold - Fix username regex allowed for system-user assertion to not allow '+' - Fix incorrect application icon for notification after autorefresh completion - Fix to restart mount units when changed - Fix to support AppArmor running under incus - Fix case of snap-update-ns dropping synthetic mounts due to failure to match desired mount dependencies - Fix parsing of base snap version to enable pre-seeding of Ubuntu Core Desktop - Fix packaging and tests for various distributions - Add remoteproc interface to allow developers to interact with Remote Processor Framework which enables snaps to load firmware to ARM Cortex microcontrollers - Add kernel-control interface to enable controlling the kernel firmware search path - Add nfs-mount interface to allow mounting of NFS shares - Add ros-opt-data interface to allow snaps to access the host /opt/ros/ paths - Add snap-refresh-observe interface that provides refresh-app- awareness clients access to relevant snapd API endpoints - steam-support interface: generalize Pressure Vessel root paths and allow access to driver information, features and container versions - steam-support interface: make implicit on Ubuntu Core Desktop - desktop interface: improved support for Ubuntu Core Desktop and limit autoconnection to implicit slots - cups-control interface: make autoconnect depend on presence of cupsd on host to ensure it works on classic systems - opengl interface: allow read access to /usr/share/nvidia - personal-files interface: extend to support automatic creation of missing parent directories in write paths - network-control interface: allow creating /run/resolveconf - network-setup-control and network-setup-observe interfaces: allow busctl bind as required for systemd 254+ - libvirt interface: allow r/w access to /run/libvirt/libvirt-sock- ro and read access to /var/lib/libvirt/dnsmasq/** - fwupd interface: allow access to IMPI devices (including locking of device nodes), sysfs attributes needed by amdgpu and the COD capsule update directory - uio interface: allow configuring UIO drivers from userspace libraries - serial-port interface: add support for NXP Layerscape SoC - lxd-support interface: add attribute enable-unconfined-mode to require LXD to opt-in to run unconfined - block-devices interface: add support for ZFS volumes - system-packages-doc interface: add support for reading jquery and sphinx documentation - system-packages-doc interface: workaround to prevent autoconnect failure for snaps using base bare - microceph-support interface: allow more types of block devices to be added as an OSD - mount-observe interface: allow read access to /proc/{pid}/task/{tid}/mounts and proc/{pid}/task/{tid}/mountinfo - polkit interface: changed to not be implicit on core because installing policy files is not possible - upower-observe interface: allow stats refresh - gpg-public-keys interface: allow creating lock file for certain gpg operations - shutdown interface: allow access to SetRebootParameter method - media-control interface: allow device file locking - u2f-devices interface: support for Trustkey G310H, JaCarta U2F, Kensington VeriMark Guard, RSA DS100, Google Titan v2 * Wed Mar 6 2024 Ernest Lotter <ernest.lotter@xxxxxxxxxxxxx> - New upstream release 2.61.3 - Install systemd files in correct location for 24.04 * Fri Feb 16 2024 Ernest Lotter <ernest.lotter@xxxxxxxxxxxxx> - New upstream release 2.61.2 - Fix to enable plug/slot sanitization for prepare-image - Fix panic when device-service.access=offline - Support offline remodeling - Allow offline update only remodels without serial - Fail early when remodeling to old model revision - Fix to enable plug/slot sanitization for validate-seed - Allow removal of core snap on classic systems - Fix network-control interface denial for file lock on /run/netns - Add well-known core24 snap-id - Fix remodel snap installation order - Prevent remodeling from UC18+ to UC16 - Fix cups auto-connect on classic with cups snap installed - u2f-devices interface support for GoTrust Idem Key with USB-C - Fix to restore services after unlink failure - Add libcudnn.so to Nvidia libraries - Fix skipping base snap download due to false snapd downgrade conflict * Sun Feb 11 2024 Maxwell G <maxwell@xxxxxxx> - 2.61.1-2 - Rebuild for golang 1.22.0 * Sat Jan 27 2024 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 2.61.1-1 - Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild * Thu Jan 18 2024 Zygmunt Krynicki <me@xxxxxxxxx> - 2.61.1-1 - Changelog resynchronization * Wed Jan 17 2024 Zygmunt Krynicki <me@xxxxxxxxx> - 2.58.3-3 - Require xdelta on Fedora or EPEL >= 9 (for delta updates) * Fri Nov 24 2023 Ernest Lotter <ernest.lotter@xxxxxxxxxxxxx> - New upstream release 2.61.1 - Stop requiring default provider snaps on image building and first boot if alternative providers are included and available - Fix auth.json access for login as non-root group ID - Fix incorrect remodelling conflict when changing track to older snapd version - Improved check-rerefresh message - Fix UC16/18 kernel/gadget update failure due volume mismatch with installed disk - Stop auto-import of assertions during install modes - Desktop interface exposes GetIdletime - Polkit interface support for new polkit versions - Fix not applying snapd snap changes in tracked channel when remodelling * Fri Oct 13 2023 Philip Meulengracht <philip.meulengracht@xxxxxxxxxxxxx> - New upstream release 2.61 - Fix control of activated services in 'snap start' and 'snap stop' - Correctly reflect activated services in 'snap services' - Disabled services are no longer enabled again when snap is refreshed - interfaces/builtin: added support for Token2 U2F keys - interfaces/u2f-devices: add Swissbit iShield Key - interfaces/builtin: update gpio apparmor to match pattern that contains multiple subdirectories under /sys/devices/platform - interfaces: add a polkit-agent interface - interfaces: add pcscd interface - Kernel command-line can now be edited in the gadget.yaml - Only track validation-sets in run-mode, fixes validation-set issues on first boot. - Added support for using store.access to disable access to snap store - Support for fat16 partition in gadget - Pre-seed authority delegation is now possible - Support new system-user name daemon - Several bug fixes and improvements around remodelling - Offline remodelling support * Fri Sep 15 2023 Michael Vogt <michael.vogt@xxxxxxxxxx> - New upstream release 2.60.4 - i/b/qualcomm_ipc_router.go: switch to plug/slot and add socket permission - interfaces/builtin: fix custom-device udev KERNEL values - overlord: allow the firmware-updater snap to install user daemons - interfaces: allow loopback as a block-device * Fri Aug 25 2023 Michael Vogt <michael.vogt@xxxxxxxxxx> - New upstream release 2.60.3 - i/b/shared-memory: handle "private" plug attribute in shared- memory interface correctly - i/apparmor: support for home.d tunables from /etc/ * Fri Aug 4 2023 Michael Vogt <michael.vogt@xxxxxxxxxx> - New upstream release 2.60.2 - i/builtin: allow directories in private /dev/shm - i/builtin: add read access to /proc/task/schedstat in system- observe - snap-bootstrap: print version information at startup - go.mod: update gopkg.in/yaml.v3 to v3.0.1 to fix CVE-2022-28948 - snap, store: filter out invalid snap edited links from store info and persisted state - o/configcore: write netplan defaults to 00-snapd-config on seeding - snapcraft.yaml: pull in apparmor_parser optimization patches from https://gitlab.com/apparmor/apparmor/-/merge_requests/711 - snap-confine: fix missing \0 after readlink - cmd/snap: hide append-integrity-data - interfaces/opengl: add support for ARM Mali * Sat Jul 22 2023 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 2.58.3-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild * Tue Jul 4 2023 Michael Vogt <michael.vogt@xxxxxxxxxx> - New upstream release 2.60.1 - install: fallback to lazy unmount() in writeFilesystemContent - data: include "modprobe.d" and "modules-load.d" in preseeded blob - gadget: fix install test on armhf - interfaces: fix typo in network_manager_observe - sandbox/apparmor: don't let vendored apparmor conflict with system - gadget/update: set parts in laid out data from the ones matched - many: move SnapConfineAppArmorDir from dirs to sandbox/apparmor - many: stop using `-O no-expr-simplify` in apparmor_parser - go.mod: update secboot to latest uc22 branch * Thu Jun 15 2023 Michael Vogt <michael.vogt@xxxxxxxxxx> - New upstream release 2.60 - Support for dynamic snapshot data exclusions - Apparmor userspace is vendored inside the snapd snap - Added a default-configure hook that exposes gadget default configuration options to snaps during first install before services are started - Allow install from initrd to speed up the initial installation for systems that do not have a install-device hook - New `snap sign --chain` flag that appends the account and account-key assertions - Support validation-sets in the model assertion - Support new "min-size" field in gadget.yaml - New interface: "userns" * Sat May 27 2023 Michael Vogt <michael.vogt@xxxxxxxxxx> - New upstream release 2.59.5 - Explicitly disallow the use of ioctl + TIOCLINUX This fixes CVE-2023-1523. * Fri May 12 2023 Michael Vogt <michael.vogt@xxxxxxxxxx> - New upstream release 2.59.4 - Retry when looking for disk label on non-UEFI systems (LP: #2018977) - Fix remodel from UC20 to UC22 * Wed May 3 2023 Michael Vogt <michael.vogt@xxxxxxxxxx> - New upstream release 2.59.3 - Fix quiet boot - i/b/physical_memory_observe: allow reading virt-phys page mappings - gadget: warn instead of returning error if overlapping with GPT header - overlord,wrappers: restart always enabled units - go.mod: update github.com/snapcore/secboot to latest uc22 - boot: make sure we update assets for the system-seed-null role - many: ignore case for vfat partitions when validating * Tue Apr 18 2023 Michael Vogt <michael.vogt@xxxxxxxxxx> - New upstream release 2.59.2 - Notify users when a user triggered auto refresh finished * Tue Mar 28 2023 Michael Vogt <michael.vogt@xxxxxxxxxx> - New upstream release 2.59.1 - Add udev rules from steam-devices to steam-support interface - Bugfixes for layout path checking, dm_crypt permissions, mount-control interface parameter checking, kernel commandline parsing, docker-support, refresh-app-awareness * Fri Mar 10 2023 Michael Vogt <michael.vogt@xxxxxxxxxx> - New upstream release 2.59 - Support setting extra kernel command line parameters via snap configuration and under a gadget allow-list - Support for Full-Disk-Encryption using ICE - Support for arbitrary home dir locations via snap configuration - New nvidia-drivers-support interface - Support for udisks2 snap - Pre-download of snaps ready for refresh and automatic refresh of the snap when all apps are closed - New microovn interface - Support uboot with `CONFIG_SYS_REDUNDAND_ENV=n` - Make "snap-preseed --reset" re-exec when needed - Update the fwupd interface to support fully confined fwupd - The memory,cpu,thread quota options are no longer experimental - Support debugging snap client requests via the `SNAPD_CLIENT_DEBUG_HTTP` environment variable - Support ssh listen-address via snap configuration - Support for quotas on single services - prepare-image now takes into account snapd versions going into the image, including in the kernel initrd, to fetch supported assertion formats * Sat Feb 25 2023 Maciek Borzecki <maciek.borzecki@xxxxxxxxx> - 2.58.3-1 - Releate 2.58.3 to Fedora RHBZ#2173056 * Tue Feb 21 2023 Michael Vogt <michael.vogt@xxxxxxxxxx> - New upstream release 2.58.3 - interfaces/screen-inhibit-control: Add support for xfce-power- manager - interfaces/network-manager: do not show ptrace read denials - interfaces: relax rules for mount-control `what` for functionfs - cmd/snap-bootstrap: add support for snapd_system_disk - interfaces/modem-manager: add net_admin capability - interfaces/network-manager: add permission for OpenVPN - httputil: fix checking x509 certification error on go 1.20 - i/b/fwupd: allow reading host os-release - boot: on classic+modes `MarkBootSuccessfull` does not need a base - boot: do not include `base=` in modeenv for classic+modes installs - tests: add spread test that validates revert on boot for core does not happen on classic+modes - snapstate: only take boot participants into account in UpdateBootRevisions - snapstate: refactor UpdateBootRevisions() to make it easier to check for boot.SnapTypeParticipatesInBoot() * Wed Jan 25 2023 Michael Vogt <michael.vogt@xxxxxxxxxx> - New upstream release 2.58.2 - bootloader: fix dirty build by hardcoding copyright year * Mon Jan 23 2023 Michael Vogt <michael.vogt@xxxxxxxxxx> - New upstream release 2.58.1 - secboot: detect lockout mode in CheckTPMKeySealingSupported - cmd/snap-update-ns: prevent keeping unneeded mountpoints - o/snapstate: do not infinitely retry when an update fails during seeding - interfaces/modem-manager: add permissions for NETLINK_ROUTE - systemd/emulation.go: use `systemctl --root` to enable/disable - snap: provide more error context in `NotSnapError` - interfaces: add read access to /run for cryptsetup - boot: avoid reboot loop if there is a bad try kernel - devicestate: retry serial acquire on time based certificate errors - o/devicestate: run systemctl daemon-reload after install-device hook - cmd/snap,daemon: add 'held' to notes in 'snap list' - o/snapshotstate: check snapshots are self-contained on import - cmd/snap: show user+gating hold info in 'snap info' - daemon: expose user and gating holds at /v2/snaps/{name} * Sat Jan 21 2023 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 2.57.6-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild * Fri Dec 16 2022 Maciek Borzecki <maciek.borzecki@xxxxxxxxx> - 2.57.6-2 - Fix for RHBZ#2152903 -------------------------------------------------------------------------------- References: [ 1 ] Bug #2327932 - snapd: fails to install from epel10 https://bugzilla.redhat.com/show_bug.cgi?id=2327932 --------------------------------------------------------------------------------
-- _______________________________________________ epel-devel mailing list -- epel-devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to epel-devel-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/epel-devel@xxxxxxxxxxxxxxxxxxxxxxx Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue