-------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2024-d555be42a1 2024-09-14 01:57:36.689476 -------------------------------------------------------------------------------- Name : snapd Product : Fedora 40 Version : 2.65.1 Release : 0.fc40 URL : https://github.com/snapcore/snapd Summary : A transactional software package manager Description : Snappy is a modern, cross-distribution, transactional package manager designed for working with self-contained, immutable packages. -------------------------------------------------------------------------------- Update Information: New upstream release 2.65.1 Support building snapd using base Core22 (Snapcraft 8.x) FIPS: support building FIPS complaint snapd variant that switches to FIPS mode when the system boots with FIPS enabled AppArmor: update to latest 4.0.2 release AppArmor: enable using ABI 4.0 from host parser AppArmor: fix parser lookup AppArmor: support AppArmor snippet priorities AppArmor: allow reading cgroup memory.max file AppArmor: allow using snap-exec coming from the snapd snap when starting a confined process with jailmode AppArmor prompting (experimental): add checks for prompting support, include prompting status in system key, and restart snapd if prompting flag changes AppArmor prompting (experimental): include prompt prefix in AppArmor rules if prompting is supported and enabled AppArmor prompting (experimental): add common types, constraints, and mappings from AppArmor permissions to abstract permissions AppArmor prompting (experimental): add path pattern parsing and matching AppArmor prompting (experimental): add path pattern precedence based on specificity AppArmor prompting (experimental): add packages to manage outstanding request prompts and rules AppArmor prompting (experimental): add prompting API and notice types, which require snap-interfaces-requests-control interface AppArmor prompting (experimental): feature flag can only be enabled if prompting is supported, handler service connected, and the service can be started Registry views (experimental): rename from aspects to registries Registry views (experimental): support reading registry views and setting/unsetting registry data using snapctl Registry views (experimental): fetch and refresh registry assertions as needed Registry views (experimental): restrict view paths from using a number as first character and view names to storage path style patterns Snap components: support installing snaps and components from files at the same time (no REST API/CLI) Snap components: support downloading components related assertions from the store Snap components: support installing components from the store Snap components: support removing components individually and during snap removal Snap components: support kernel modules as components Snap components: support for component install, pre-refresh and post-refresh hooks Snap components: initial support for building systems that contain components Refresh app awareness (experimental): add data field for /v2/changes REST API to allow associating each task with affected snaps Refresh app awareness (experimental): use the app name from .desktop file in notifications Refresh app awareness (experimental): give snap-refresh-observe interface access to /v2/snaps/{name} endpoint Improve snap-confine compatibility with nvidia drivers Allow re-exec when SNAP_REEXEC is set for unlisted distros to simplify testing Allow mixing revision and channel on snap install Generate GNU build ID for Go binaries Add missing etelpmoc.sh for shell completion Do not attempt to run snapd on classic when re-exec is disabled Packaging/build maintenance for Debian sid, Fedora, Arch, openSuse Add snap debug API command to enable running raw queries Enable snap-confine snap mount directory detection Replace global seccomp filter with deny rules in standard seccomp template Remove support for Ubuntu Core Launcher (superseded by snap- confine) Support creating pending serial bound users after serial assertion becomes available Support disabling cloud-init using kernel command-line In hybrid systems, apps can refresh without waiting for restarts required by essential snaps Ship snap-debug-info.sh script used for system diagnostics Improve error messages when attempting to run non-existent snap Switch to -u UID:GID for strace-static Support enabling snapd logging with snap set system debug.snapd.{log,log-level} Add options system.coredump.enable and system.coredump.maxuse to support using systemd-coredump on Ubuntu Core Provide documentation URL for 'snap interface ' Fix snapd riscv64 build Fix restarting activated services instead of their activator units (i.e. sockets, timers) Fix potential unexpected auto-refresh of snap on managed schedule Fix potential segfault by guarding against kernel command-line changes on classic system Fix proxy entries in /etc/environment with missing newline that caused later manual entries to not be usable Fix offline remodelling by ignoring prerequisites that will otherwise be downloaded from store Fix devmode seccomp deny regression that caused spamming the log instead of actual denies Fix snap lock leak during refresh Fix not re-pinning validation sets that were already pinned when enforcing new validation sets Fix handling of unexpected snapd runtime failure Fix /v2/notices REST API skipping notices with duplicate timestamps Fix comparing systemd versions that may contain pre-release suffixes Fix udev potentially starting before snap-device-helper is made available Fix race in snap seed metadata loading Fix treating cloud-init exit status 2 as error Fix to prevent sending refresh complete notification if snap snap- refresh-observe interface is connected Fix to queue snapctl service commands if run from the default- configure hook to ensure they get up-to-date config values Fix stop service failure when the service is not actually running anymore Fix parsing /proc/PID/mounts with spaces Add registry interface that provides snaps access to a particular registry view Add snap-interfaces-requests-control interface to enable prompting client snaps steam-support interface: remove all AppArmor and seccomp restrictions to improve user experience opengl interface: improve compatibility with nvidia drivers home interface: autoconnect home on Ubuntu Core Desktop serial-port interface: support RPMsg tty display-control interface: allow changing LVDS backlight power and brightness power-control interface: support for battery charging thesholds, type/status and AC type/status cpu-control interface: allow CPU C-state control raw-usb interface: support RPi5 and Thinkpad x13s custom-device interface: allow device file locking lxd-support interface: allow LXD to self-manage its own cgroup network-manager interface: support MPTCP sockets network-control interface: allow plug/slot access to gnutls config and systemd resolved cache flushing via D-Bus network-control interface: allow wpa_supplicant dbus api gpio-control interface: support gpiochip* devices polkit interface: fix "rw" mount option check u2f-devices interface: enable additional security keys desktop interface: enable kde theming support -------------------------------------------------------------------------------- ChangeLog: * Sat Aug 24 2024 Ernest Lotter <ernest.lotter@xxxxxxxxxxxxx> - New upstream release 2.65.1 - Support building snapd using base Core22 (Snapcraft 8.x) - FIPS: support building FIPS complaint snapd variant that switches to FIPS mode when the system boots with FIPS enabled - AppArmor: update to latest 4.0.2 release - AppArmor: enable using ABI 4.0 from host parser - AppArmor: fix parser lookup - AppArmor: support AppArmor snippet priorities - AppArmor: allow reading cgroup memory.max file - AppArmor: allow using snap-exec coming from the snapd snap when starting a confined process with jailmode - AppArmor prompting (experimental): add checks for prompting support, include prompting status in system key, and restart snapd if prompting flag changes - AppArmor prompting (experimental): include prompt prefix in AppArmor rules if prompting is supported and enabled - AppArmor prompting (experimental): add common types, constraints, and mappings from AppArmor permissions to abstract permissions - AppArmor prompting (experimental): add path pattern parsing and matching - AppArmor prompting (experimental): add path pattern precedence based on specificity - AppArmor prompting (experimental): add packages to manage outstanding request prompts and rules - AppArmor prompting (experimental): add prompting API and notice types, which require snap-interfaces-requests-control interface - AppArmor prompting (experimental): feature flag can only be enabled if prompting is supported, handler service connected, and the service can be started - Registry views (experimental): rename from aspects to registries - Registry views (experimental): support reading registry views and setting/unsetting registry data using snapctl - Registry views (experimental): fetch and refresh registry assertions as needed - Registry views (experimental): restrict view paths from using a number as first character and view names to storage path style patterns - Snap components: support installing snaps and components from files at the same time (no REST API/CLI) - Snap components: support downloading components related assertions from the store - Snap components: support installing components from the store - Snap components: support removing components individually and during snap removal - Snap components: support kernel modules as components - Snap components: support for component install, pre-refresh and post-refresh hooks - Snap components: initial support for building systems that contain components - Refresh app awareness (experimental): add data field for /v2/changes REST API to allow associating each task with affected snaps - Refresh app awareness (experimental): use the app name from .desktop file in notifications - Refresh app awareness (experimental): give snap-refresh-observe interface access to /v2/snaps/{name} endpoint - Improve snap-confine compatibility with nvidia drivers - Allow re-exec when SNAP_REEXEC is set for unlisted distros to simplify testing - Allow mixing revision and channel on snap install - Generate GNU build ID for Go binaries - Add missing etelpmoc.sh for shell completion - Do not attempt to run snapd on classic when re-exec is disabled - Packaging/build maintenance for Debian sid, Fedora, Arch, openSuse - Add snap debug API command to enable running raw queries - Enable snap-confine snap mount directory detection - Replace global seccomp filter with deny rules in standard seccomp template - Remove support for Ubuntu Core Launcher (superseded by snap- confine) - Support creating pending serial bound users after serial assertion becomes available - Support disabling cloud-init using kernel command-line - In hybrid systems, apps can refresh without waiting for restarts required by essential snaps - Ship snap-debug-info.sh script used for system diagnostics - Improve error messages when attempting to run non-existent snap - Switch to -u UID:GID for strace-static - Support enabling snapd logging with snap set system debug.snapd.{log,log-level} - Add options system.coredump.enable and system.coredump.maxuse to support using systemd-coredump on Ubuntu Core - Provide documentation URL for 'snap interface ' - Fix snapd riscv64 build - Fix restarting activated services instead of their activator units (i.e. sockets, timers) - Fix potential unexpected auto-refresh of snap on managed schedule - Fix potential segfault by guarding against kernel command-line changes on classic system - Fix proxy entries in /etc/environment with missing newline that caused later manual entries to not be usable - Fix offline remodelling by ignoring prerequisites that will otherwise be downloaded from store - Fix devmode seccomp deny regression that caused spamming the log instead of actual denies - Fix snap lock leak during refresh - Fix not re-pinning validation sets that were already pinned when enforcing new validation sets - Fix handling of unexpected snapd runtime failure - Fix /v2/notices REST API skipping notices with duplicate timestamps - Fix comparing systemd versions that may contain pre-release suffixes - Fix udev potentially starting before snap-device-helper is made available - Fix race in snap seed metadata loading - Fix treating cloud-init exit status 2 as error - Fix to prevent sending refresh complete notification if snap snap- refresh-observe interface is connected - Fix to queue snapctl service commands if run from the default- configure hook to ensure they get up-to-date config values - Fix stop service failure when the service is not actually running anymore - Fix parsing /proc/PID/mounts with spaces - Add registry interface that provides snaps access to a particular registry view - Add snap-interfaces-requests-control interface to enable prompting client snaps - steam-support interface: remove all AppArmor and seccomp restrictions to improve user experience - opengl interface: improve compatibility with nvidia drivers - home interface: autoconnect home on Ubuntu Core Desktop - serial-port interface: support RPMsg tty - display-control interface: allow changing LVDS backlight power and brightness - power-control interface: support for battery charging thesholds, type/status and AC type/status - cpu-control interface: allow CPU C-state control - raw-usb interface: support RPi5 and Thinkpad x13s - custom-device interface: allow device file locking - lxd-support interface: allow LXD to self-manage its own cgroup - network-manager interface: support MPTCP sockets - network-control interface: allow plug/slot access to gnutls config and systemd resolved cache flushing via D-Bus - network-control interface: allow wpa_supplicant dbus api - gpio-control interface: support gpiochip* devices - polkit interface: fix "rw" mount option check - u2f-devices interface: enable additional security keys - desktop interface: enable kde theming support * Fri Aug 23 2024 Ernest Lotter <ernest.lotter@xxxxxxxxxxxxx> - New upstream release 2.65 - Support building snapd using base Core22 (Snapcraft 8.x) - FIPS: support building FIPS complaint snapd variant that switches to FIPS mode when the system boots with FIPS enabled - AppArmor: update to latest 4.0.2 release - AppArmor: enable using ABI 4.0 from host parser - AppArmor: fix parser lookup - AppArmor: support AppArmor snippet priorities - AppArmor: allow reading cgroup memory.max file - AppArmor: allow using snap-exec coming from the snapd snap when starting a confined process with jailmode - AppArmor prompting (experimental): add checks for prompting support, include prompting status in system key, and restart snapd if prompting flag changes - AppArmor prompting (experimental): include prompt prefix in AppArmor rules if prompting is supported and enabled - AppArmor prompting (experimental): add common types, constraints, and mappings from AppArmor permissions to abstract permissions - AppArmor prompting (experimental): add path pattern parsing and matching - AppArmor prompting (experimental): add path pattern precedence based on specificity - AppArmor prompting (experimental): add packages to manage outstanding request prompts and rules - AppArmor prompting (experimental): add prompting API and notice types, which require snap-interfaces-requests-control interface - AppArmor prompting (experimental): feature flag can only be enabled if prompting is supported, handler service connected, and the service can be started - Registry views (experimental): rename from aspects to registries - Registry views (experimental): support reading registry views and setting/unsetting registry data using snapctl - Registry views (experimental): fetch and refresh registry assertions as needed - Registry views (experimental): restrict view paths from using a number as first character and view names to storage path style patterns - Snap components: support installing snaps and components from files at the same time (no REST API/CLI) - Snap components: support downloading components related assertions from the store - Snap components: support installing components from the store - Snap components: support removing components individually and during snap removal - Snap components: support kernel modules as components - Snap components: support for component install, pre-refresh and post-refresh hooks - Snap components: initial support for building systems that contain components - Refresh app awareness (experimental): add data field for /v2/changes REST API to allow associating each task with affected snaps - Refresh app awareness (experimental): use the app name from .desktop file in notifications - Refresh app awareness (experimental): give snap-refresh-observe interface access to /v2/snaps/{name} endpoint - Improve snap-confine compatibility with nvidia drivers - Allow re-exec when SNAP_REEXEC is set for unlisted distros to simplify testing - Allow mixing revision and channel on snap install - Generate GNU build ID for Go binaries - Add missing etelpmoc.sh for shell completion - Do not attempt to run snapd on classic when re-exec is disabled - Packaging/build maintenance for Debian sid, Fedora, Arch, openSuse - Add snap debug API command to enable running raw queries - Enable snap-confine snap mount directory detection - Replace global seccomp filter with deny rules in standard seccomp template - Remove support for Ubuntu Core Launcher (superseded by snap- confine) - Support creating pending serial bound users after serial assertion becomes available - Support disabling cloud-init using kernel command-line - In hybrid systems, apps can refresh without waiting for restarts required by essential snaps - Ship snap-debug-info.sh script used for system diagnostics - Improve error messages when attempting to run non-existent snap - Switch to -u UID:GID for strace-static - Support enabling snapd logging with snap set system debug.snapd.{log,log-level} - Add options system.coredump.enable and system.coredump.maxuse to support using systemd-coredump on Ubuntu Core - Provide documentation URL for 'snap interface ' - Fix restarting activated services instead of their activator units (i.e. sockets, timers) - Fix potential unexpected auto-refresh of snap on managed schedule - Fix potential segfault by guarding against kernel command-line changes on classic system - Fix proxy entries in /etc/environment with missing newline that caused later manual entries to not be usable - Fix offline remodelling by ignoring prerequisites that will otherwise be downloaded from store - Fix devmode seccomp deny regression that caused spamming the log instead of actual denies - Fix snap lock leak during refresh - Fix not re-pinning validation sets that were already pinned when enforcing new validation sets - Fix handling of unexpected snapd runtime failure - Fix /v2/notices REST API skipping notices with duplicate timestamps - Fix comparing systemd versions that may contain pre-release suffixes - Fix udev potentially starting before snap-device-helper is made available - Fix race in snap seed metadata loading - Fix treating cloud-init exit status 2 as error - Fix to prevent sending refresh complete notification if snap snap- refresh-observe interface is connected - Fix to queue snapctl service commands if run from the default- configure hook to ensure they get up-to-date config values - Fix stop service failure when the service is not actually running anymore - Fix parsing /proc/PID/mounts with spaces - Add registry interface that provides snaps access to a particular registry view - Add snap-interfaces-requests-control interface to enable prompting client snaps - steam-support interface: remove all AppArmor and seccomp restrictions to improve user experience - opengl interface: improve compatibility with nvidia drivers - home interface: autoconnect home on Ubuntu Core Desktop - serial-port interface: support RPMsg tty - display-control interface: allow changing LVDS backlight power and brightness - power-control interface: support for battery charging thesholds, type/status and AC type/status - cpu-control interface: allow CPU C-state control - raw-usb interface: support RPi5 and Thinkpad x13s - custom-device interface: allow device file locking - lxd-support interface: allow LXD to self-manage its own cgroup - network-manager interface: support MPTCP sockets - network-control interface: allow plug/slot access to gnutls config and systemd resolved cache flushing via D-Bus - network-control interface: allow wpa_supplicant dbus api - gpio-control interface: support gpiochip* devices - polkit interface: fix "rw" mount option check - u2f-devices interface: enable additional security keys - desktop interface: enable kde theming support * Wed Jul 24 2024 Ernest Lotter <ernest.lotter@xxxxxxxxxxxxx> - New upstream release 2.64 - Support building snapd using base Core22 (Snapcraft 8.x) - FIPS: support building FIPS complaint snapd variant that switches to FIPS mode when the system boots with FIPS enabled - AppArmor: update to AppArmor 4.0.1 - AppArmor: support AppArmor snippet priorities - AppArmor prompting: add checks for prompting support, include prompting status in system key, and restart snapd if prompting flag changes - AppArmor prompting: include prompt prefix in AppArmor rules if prompting is supported and enabled - AppArmor prompting: add common types, constraints, and mappings from AppArmor permissions to abstract permissions - AppArmor prompting: add path pattern parsing and matching - Registry views (experimental): rename from aspects to registries - Registry views (experimental): support reading registry views using snapctl - Registry views (experimental): restrict view paths from using a number as first character and view names to storage path style patterns - Snap components: support installing snaps and components from files at the same time (no REST API/CLI) - Snap components: support downloading components related assertions from the store - Snap components: support installing components from the store (no REST API/CLI) - Snap components: support removing components (REST API, no CLI) - Snap components: started support for component hooks - Snap components: support kernel modules as components - Refresh app awareness (experimental): add data field for /v2/changes REST API to allow associating each task with affected snaps - Refresh app awareness (experimental): use the app name from .desktop file in notifications - Refresh app awareness (experimental): give snap-refresh-observe interface access to /v2/snaps/{name} endpoint - Allow re-exec when SNAP_REEXEC is set for unlisted distros to simplify testing - Generate GNU build ID for Go binaries - Add missing etelpmoc.sh for shell completion - Do not attempt to run snapd on classic when re-exec is disabled - Packaging/build maintenance for Debian sid, Fedora, Arch, openSuse - Add snap debug api command to enable running raw queries - Enable snap-confine snap mount directory detection - Replace global seccomp filter with deny rules in standard seccomp template - Remove support for Ubuntu Core Launcher (superseded by snap- confine) - Support creating pending serial bound users after serial assertion becomes available - Support disabling cloud-init using kernel command-line - In hybrid systems, apps can refresh without waiting for restarts required by essential snaps - Ship snap-debug-info.sh script used for system diagnostics - Improve error messages when attempting to run non-existent snap - Switch to -u UID:GID for strace-static - Support enabling snapd logging with snap set system debug.snapd.{log,log-level} - Fix restarting activated services instead of their activator units (i.e. sockets, timers) - Fix potential unexpected auto-refresh of snap on managed schedule - Fix potential segfault by guarding against kernel command-line changes on classic system - Fix proxy entries in /etc/environment with missing newline that caused later manual entries to not be usable - Fix offline remodelling by ignoring prerequisites that will otherwise be downloaded from store - Fix devmode seccomp deny regression that caused spamming the log instead of actual denies - Fix snap lock leak during refresh - Fix not re-pinning validation sets that were already pinned when enforcing new validation sets - Fix handling of unexpected snapd runtime failure - Fix /v2/notices REST API skipping notices with duplicate timestamps - Fix comparing systemd versions that may contain pre-release suffixes - Fix udev potentially starting before snap-device-helper is made available - Fix race in snap seed metadata loading - Fix treating cloud-init exit status 2 as error - Fix to prevent sending refresh complete notification if snap snap- refresh-observe interface is connected - Fix to queue snapctl service commands if run from the default- configure hook to ensure they get up-to-date config values - Fix stop service failure when the service is not actually running anymore - Add registry interface that provides snaps access to a particular registry view - steam-support interface: relaxed AppArmor and seccomp restrictions to improve user experience - home interface: autoconnect home on Ubuntu Core Desktop - serial-port interface: support RPMsg tty - display-control interface: allow changing LVDS backlight power and brightness - power-control interface: support for battery charging thesholds, type/status and AC type/status - cpu-control interface: allow CPU C-state control - raw-usb interface: support RPi5 and Thinkpad x13s - custom-device interface: allow device file locking - lxd-support interface: allow LXD to self-manage its own cgroup - network-manager interface: support MPTCP sockets - network-control interface: allow plug/slot access to gnutls config and systemd resolved cache flushing via D-Bus * Sat Jul 20 2024 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 2.63-1 - Rebuilt for https://fedoraproject.org/wiki/Fedora_41_Mass_Rebuild -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2024-d555be42a1' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list -- package-announce@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to package-announce-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/package-announce@xxxxxxxxxxxxxxxxxxxxxxx Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
