UbuntuUpdates.org

Package "lxc"

Name: lxc

Description:

Transitional package - lxc -> lxc-utils

Latest version: 3.0.3-0ubuntu1~18.04.1
Release: bionic (18.04)
Level: updates
Repository: universe
Homepage: https://linuxcontainers.org

Links

Save this URL for the latest version of "lxc": https://www.ubuntuupdates.org/lxc


Download "lxc"


Other versions of "lxc" in Bionic

Repository Area Version
base universe 3.0.0-0ubuntu2
base main 3.0.0-0ubuntu2
security main 3.0.1-0ubuntu1~18.04.2
security universe 3.0.1-0ubuntu1~18.04.2
updates main 3.0.3-0ubuntu1~18.04.1

Packages in group

Deleted packages are displayed in grey.


Changelog

Version: 3.0.3-0ubuntu1~18.04.1 2018-12-14 00:06:56 UTC

  lxc (3.0.3-0ubuntu1~18.04.1) bionic; urgency=medium

  * New upstream bugfix release (LP: #1804755):
    - CONTRIBUTING: Update reference to kernel coding style
    - CONTRIBUTING: Link to latest online kernel docs
    - CONTRIBUTING: Direct readers to CODING_STYLE.md
    - CODING_STYLE: Mention kernel style in introduction
    - CONTRIBUTING: Add 'be' to fix grammar
    - CODING_STLYE: Simplify explanation for use of 'extern'
    - CODING_STLYE: Remove sections implied by 'kernel style'
    - CODING_STYLE: Fix non-uniform heading level
    - CODING_STYLE: Update section header format
    - cmd: Use parenthesis around complex macro
    - cmd: Use 'void' instead of empty parameter list
    - cmd: Do not use braces for single statement block
    - cmd: Fix whitespace issues
    - cmd: Use 'const' for static string constant.
    - cmd: Remove unnecessary whitespace in string
    - cmd: Put trailing */ on a separate line
    - cmd: Remove typo'd semicolon
    - cmd: Do not use comparison to NULL
    - lxc_init: s/SYSDEBUG()/SYSERROR()/g in remove_self
    - tools: lxc-attach: add default log priority & cleanups
    - tools: lxc-cgroup: add default log priority & cleanups
    - tools: lxc-checkpoint: add default log priority & cleanups
    - tools: lxc-console: add default log priority & cleanups
    - tools: lxc-create: add default log priority & cleanups
    - tools: lxc-destroy: add default log priority & cleanups
    - tools: lxc-device: add default log priority & cleanups
    - tools: lxc-execute: add default log priority & cleanups
    - tools: lxc-start: add default log priority & cleanups
    - tools: lxc-stop: add default log priority & cleanups
    - tools: lxc-freeze: add default log priority & cleanups
    - tools: lxc-unfreeze: add default log priority & cleanups
    - storage_utils: move duplicated function from tools
    - tools: fix lxc-execute command parsing
    - lseek - integer overflow
    - cmd: lxc-user-nic: change log macro & cleanups
    - cmd: lxc-usernsexec reorder includes
    - cmd: move declarations to macro.h
    - cmd: use utils.{c,h} helpers in lxc-usernsexec
    - cmd: simplify lxc-usernsexec
    - cmd: use safe number parsers in lxc-usernsexec
    - macro: add missing headers
    - macro: add macvlan properties
    - tools: Indicate container startup failure
    - storage: exit() => _exit(). when exec is failed
    - tools: lxc-wait: add default log priority & cleanups
    - conf: fix path/lxcpath mixups in tty setup
    - cmd: use goto for cleanup in lxc-usernsexec
    - cmd: Do not reassign variable before it is used
    - cmd: Reduce scope of 'count' variable
    - cmd: Fix format issues found by clang-format
    - list: fix indent
    - utils: split into {file,string}_utils.{c,h}
    - pam_cgfs: build from the same sources as liblxc
    - conf: fix devpts mounting when fully unprivileged
    - macro: s/rexit()/_exit()/g
    - attach: move struct declaration to top
    - macro: move macros from attach.c
    - Makefile: don't allow undefined symbols
    - autotools: check if compiler is new enough
    - log: handle strerror_r() versions
    - autotools: add --{disable,enable}-thread-safety
    - log: fail build on ENFORCE_THREAD_SAFETY error
    - {file,string}_utils: remove NO_LOG
    - initutils: remove useless comment
    - string_utils: remove unnecessary include
    - string_utils: remove unused headers
    - string_utils: add remove_trailing_slashes()
    - Makefile: remove last pam_cgfs special-casing
    - conf: add missing headers
    - Fix typo
    - ifaddrs: add safe implementation of getifaddrs()
    - Makefile: conditionalize ifaddrs.h inclusion
    - execute: skip lxc-init logging when unprivileged
    - execute: pass /proc/self/fd/<nr>
    - tests: cleanup get_item.c
    - build: fix musl
    - configure: reorder header checks
    - compiler: add compiler.h header
    - commands: return -1 on lxc_cmd_get_init_pid() err
    - tests: add basic.c
    - tests: cleanup Makefile
    - commands: ensure -1 is sent on EPIPE for init pid
    - macro: add LXC_AUDS_ADDR_LEN
    - macro: move LXC_CMD_DATA_MAX from commands.h
    - macro: add PTR_TO_INT() and INT_TO_PTR()
    - macro: add INTTYPE_TO_STRLEN()
    - caps: s/LXC_NUMSTRLEN64/INTTYPE_TO_STRLEN()/
    - cgfsng: s/LXC_NUMSTRLEN64/INTTYPE_TO_STRLEN()/
    - confile: s/LXC_NUMSTRLEN64/INTTYPE_TO_STRLEN()/
    - log: s/LXC_NUMSTRLEN64/INTTYPE_TO_STRLEN()/
    - lsm: s/LXC_NUMSTRLEN64/INTTYPE_TO_STRLEN()/
    - macro: s/LXC_NUMSTRLEN64/INTTYPE_TO_STRLEN()/
    - lxccontainer: s/LXC_NUMSTRLEN64/INTTYPE_TO_STRLEN()/
    - monitor: s/LXC_NUMSTRLEN64/INTTYPE_TO_STRLEN()/
    - network: s/LXC_NUMSTRLEN64/INTTYPE_TO_STRLEN()/
    - string_utils: s/LXC_NUMSTRLEN64/INTTYPE_TO_STRLEN()/
    - utils: s/LXC_NUMSTRLEN64/INTTYPE_TO_STRLEN()/
    - tools: s/LXC_NUMSTRLEN64/INTTYPE_TO_STRLEN()/
    - conf: s/LXC_NUMSTRLEN64/INTTYPE_TO_STRLEN()/
    - tests: s/LXC_NUMSTRLEN64/INTTYPE_TO_STRLEN()/
    - macro: final INTTYPE_TO_STRLEN() related cleanups
    - macro: coding style fixes
    - Makefile: correctly add ifaddrs to noinst_HEADERS
    - start: remove duplicate macros
    - caps: move macros to macro header
    - string_utils: use UINT64_MAX macro
    - tree-wide: use sizeof on static arrays
    - Revert "tree-wide: use sizeof on static arrays"
    - commands: pass around intmax_t
    - commands: assign before converting to pointer
    - macro: calculate buffer lengths correctly
    - Revert "Revert "tree-wide: use sizeof on static arrays""
    - macro: move MS_* macros
    - caps: fix illegal access to array bound
    - utils: defensive programming
    - nl: remove duplicated define
    - syntax error: mismatch brace
    - commands: better error message
    - file_utils: add lxc_recv_nointr()
    - commands: switch to setting errno and returning -1
    - log: do not clobber errno
    - log: save errno on strerror_r()
    - tree-wide: s/recv()

Source diff to previous version
1804755 SRU of LXC 3.0.3 (upstream bugfix release)

Version: 3.0.2-0ubuntu1~18.04.1 2018-10-16 21:06:34 UTC

  lxc (3.0.2-0ubuntu1~18.04.1) bionic; urgency=medium

  * New upstream bugfix release (LP: #1788457):
    - CVE 2018-6556: verify netns fd in lxc-user-nic
    - fixed a range of bugs found by Coverity
    - lxc-usernsexec: cleanup and bugfixes
    - log: add CMD_SYSINFO()
    - log: add CMD_SYSERROR()
    - state: s/sleep()/nanosleep()/
    - lxclock: improve file locking
    - lxccontainer: improve file locking
    - lxccontainer: fix F_OFD_GETLK checks
    - netlink: add __netlink_{send,recv,transaction}
    - netns: allocate network namespace id
    - MAINTAINERS: add Wolfgang Bumiller
    - pam_cgfs: cleanups
    - log: add default log priority
    - tree-wide: pass unsigned long to prctl()
    - macro: add new macro header
    - conf: mount devpts without “max” on EINVAL
    - tree-wide: handle EINTR in read() and write()
    - tree-wide: replace pipe() with pipe2()
    - confile: split mount options into flags and data
    - conf: improve rootfs setup
    - autotools: default to -Wvla -std=gnu11
    - tree-wide: remove VLAs
    - tree-wide: replace strtok_r() with lxc_iterate_parts()
    - utils: add lxc_iterate_parts()
    - apparmor: allow start-container to change to lxc-**
    - apparmor: update current profiles
    - apparmor: Allow /usr/lib* paths for mount and pivot_root
    - conf: the atime flags are locked in userns
    - conf: handle partially functional device nodes
    - conf: create /dev directory
    - autotools: build both a shared and static liblxc
    - namespace: add api to convert namespaces to standard identifiers
    - tree-wide: set MSG_NOSIGNAL
    - tree-wide: use mknod() to create dummy files
    - cgfsng: respect lxc.cgroup.use
    - cgroups: remove is_crucial_cgroup_subsystem()
    - tree-wide: remove unneeded log prefixes
    - tests: cleanup all tests
    - terminal: set FD_CLOEXEC on pty file descriptors
    - conf: simplify lxc_setup_dev_console()
    - tools: rework tools
    - autodev: adapt to changes in Linux 4.18
    - log: change DEBUG, INFO, TRACE, NOTICE macro using strerror to SYS* macro
    - log: add lxc_log_strerror_r macro
    - network: unpriv lxc will run lxc.net.[i].script.up now
    - conf: only use newuidmap and newgidmap when necessary
    - autotools: support tls in cross-compile

  * Cherry-pick upstream fixes:
    - 0002-tools-fix-lxc-execute-command-parsing.patch
    - 0003-lseek-integer-overflow.patch
    - 0004-cmd-lxc-usernsexec-reorder-includes.patch
    - 0005-cmd-move-declarations-to-macro.h.patch
    - 0006-cmd-use-utils.-c-h-helpers-in-lxc-usernsexec.patch
    - 0007-cmd-simplify-lxc-usernsexec.patch
    - 0008-cmd-use-safe-number-parsers-in-lxc-usernsexec.patch
    - 0009-tools-Indicate-container-startup-failure.patch
    - 0010-conf-fix-path-lxcpath-mixups-in-tty-setup.patch
    - 0011-cmd-use-goto-for-cleanup-in-lxc-usernsexec.patch
    - 0012-utils-split-into-file-string-_utils.-c-h.patch
    - 0013-pam_cgfs-build-from-the-same-sources-as-liblxc.patch
    - 0014-conf-fix-devpts-mounting-when-fully-unprivileged.patch
    - 0015-macro-s-rexit-_exit-g.patch
    - 0016-Makefile-don-t-allow-undefined-symbols.patch
    - 0017-autotools-check-if-compiler-is-new-enough.patch
    - 0018-log-handle-strerror_r-versions.patch
    - 0019-autotools-add-disable-enable-thread-safety.patch
    - 0020-log-fail-build-on-ENFORCE_THREAD_SAFETY-error.patch
    - 0021-macro-add-missing-headers.patch
    - 0022-execute-skip-lxc-init-logging-when-unprivileged.patch
    - 0023-execute-pass-proc-self-fd-nr.patch
    - 0024-commands-return-1-on-lxc_cmd_get_init_pid-err.patch

  * Bump standards to 4.2.0
    - Update lintian overrides
  * Include new .a file into liblxc-dev
  * Override GPG keyserver in autopkgtest
  * Run autoreconf during autopkgtest

 -- Stéphane Graber <email address hidden> Mon, 10 Sep 2018 14:43:52 -0400

Source diff to previous version
1788457 SRU of LXC 3.0.2 (upstream bugfix release)

Version: 3.0.1-0ubuntu1~18.04.2 2018-08-06 18:06:52 UTC

  lxc (3.0.1-0ubuntu1~18.04.2) bionic-security; urgency=medium

  * SECURITY UPDATE: lxc-user-nic allows for open() of arbitrary paths
    (LP: #1783591)
    - Ensure that the provided path is a netns reference
    - CVE-2018-6556

 -- Stéphane Graber <email address hidden> Wed, 01 Aug 2018 00:03:10 -0400

Source diff to previous version
1783591 lxc-user-nic allows unprivileged users to open arbitrary files
CVE-2018-6556 lxc-user-nic allows unprivileged users to open arbitrary files

Version: 3.0.1-0ubuntu1~18.04.1 2018-06-21 09:06:52 UTC

  lxc (3.0.1-0ubuntu1~18.04.1) bionic; urgency=medium

  * New upstream bugfix release (LP: #1775283):
    - tools: fix unitialized variable
    - storage: fix lvm fs uuid generation
    - lxc-oci: fix Cmd/Entrypoint parsing
    - lxc-oci: make umoci less verbose
    - lxclock: use thread-safe OFD fcntl() locks
    - locktests: fix test suite
    - conf: ensure umounts don’t propagate to host
    - doc: Tweak Japanese translation in lxc.container.conf(5)
    - fix signal sending in lxc.init
    - rootfs pinning: On NFS, make file hidden but don’t delete it
    - conf: fix temporary file creation
    - ringbuf: fix temporary file creation
    - Fix compilation with static libcap and shared gnutls
    - attach: always drop supplementary groups
    - lxc init: remove dead code
    - storage/rsync: free memory on error
    - tools/utils: free memory on error
    - lxc init: coding style
    - utils: define __NR_setns if missing on old glibcs
    - attach: try to always drop supplementary groups
    - conf: ret-try devpts mount without gid=5 on error
    - execute: fix app containers without root mapping
    - conf: fix net type checks in run_script_argv()
    - seccomp: handle arch inversion
    - seccomp: handle all errors
    - seccomp: cleanup compat architecture handling
    - seccomp: improve logging
    - tools: document -d/–daemonize for lxc-execute
    - seccomp: non-functional changes
    - seccomp: handle arch inversion II
    - lxc-oci: mkdir the download directory
    - do_lxcapi_create: set umask
    - lxc/tools/lxc_monitor: include missing <stddef.h>
    - pam-cgfs: ignore the system umask when creating the cgroup hierarchy
    - Also pass action scripts to CRIU on checkpointing
    - Fix the memory leak in cgfsng_attach
    - Fix memory leak in list_active_containers
    - Fix tool_utils.c build when HAVE_SETNS is unset
    - coverity: #1435210
    - coverity: #1435208
    - coverity: #1435207
    - coverity: #1435206
    - coverity: #1435205
    - coverity: #1435203
    - coverity: #1435200
    - coverity: #1435198
    - coverity: #1426734
    - lxccontainer: non-functional changes
    - lxccontainer: use thread-safe OFD locks
    - lxccontainer: non-functional changes
    - lxccontainer: do_lxcapi_is_running()
    - lxccontainer: do_lxcapi_freeze()
    - lxccontainer: do_lxcapi_unfreeze()
    - lxccontainer: non-functional changes
    - lxccontainer: use thread-safe open() + write()
    - lxccontainer: non-functional changes
    - lxccontainer: non-functional changes
    - lxccontainer: non-functional changes
    - coverity: #1435263
    - fix logic for execute log file
    - utils: add LXC_PROC_PID_FD_LEN
    - execute: use static buffer
    - execute: do not check inherited fds again
    - add some TRACE/ERROR reporting
    - execute: account for -o path option count
    - execute: set init_path when existing init is found
    - genl: remove
    - coverity: #1248104
    - coverity: #1248105
    - coverity: #1425744
    - utils: account for terminating \0 byte
    - confile: satisfy gcc-8
    - network: silence gcc-8
    - network: adhere to IFNAMSIZ limit
    - support case ignored suffix for sizes
    - utils: fix parse_byte_size_string() coding style
    - strlcpy: add strlcpy() implementation
    - tree-wide: s/strncpy()/strlcpy()/g
    - CODING_STYLE: add section about using strlcpy()
    - tools: s/strncpy()/strlcpy()/g
    - Revert “tools: s/strncpy()/strlcpy()/g”
    - tools: s/strncpy()/memcpy()/
    - doc: Add “-d/–daemon” option to Japanese lxc-execute(1)
    - doc: Fix size unit style in Japanese lxc.container.conf(5)
    - coverity: #1435604
    - coverity: #1435603
    - coverity: #1435602
    - coverity: #1425844
    - config: allow read-write /sys in user namespace
    - coverity: #1425836
    - coverity: #1248106
    - capabilities: raise ambient capabilities
    - coverity: #1425802
    - cgroups: refactor cgroup handling
    - cgroups: remove freezer_state()
    - seccomp: #ifdef SCMP_ARCH_AARCH64
    - conf: simplify write_id_mapping()
    - log: enable per-thread container name prefix
    - lxc-init: skip signals that can’t be caught
    - execute: use execveat() syscall if supported
    - tools: only create log file when requested
    - seccomp: fix off-by-one error in array allocation for sscanf
    - seccomp: remove confusing comment line
    - seccomp: remove unnecessary memset
    - seccomp: fix type mismatch when parsing syscall arguments filters
    - lxcseccomp: cleanup header
    - seccomp: parse_config_v1()
    - utils: add remove_trailing_newlines()
    - seccomp: get_v2_default_action()
    - seccomp: get_action_name()
    - seccomp: get_v2_action()
    - seccomp: fix get_seccomp_arg_value()
    - seccomp: parse_v2_rules()
    - seccomp: move #ifdefines
    - seccomp: get_hostarch()
    - seccomp: scmp_filter_ctx get_new_ctx()
    - seccomp: do_resolve_add_rule()
    - seccomp: parse_config_v2()
    - seccomp: parse_config()
    - seccomp: lxc_read_seccomp_config()
    - tree-wide: s/sigprocmask/pthread_sigmask()/g
    - utils: fix task_blocking_signal()
    - lxccontainer: fix fd leaks when sending signals
    - confile: order architectures
    - start: log setns() failure
    - seccomp: leak fixup
    - seccomp: re-add action parse error handling
    - seccomp: refactor line handling of parse_config
    - seccomp: error on unrecognized actions
    - seccomp: lxc_read_seccomp_config()
    - seccomp: parse_v2_rules()
    - seccomp: make do_resolve_add_rule() more strict
    - tools: fix lxc-create with global config value
    - tools: fix lxc-create with global config value II
    - coverity: #1435806
    - coverity: #1435805
    - coverity: #1435803
    - coverity: #1435747
    - conf: non-functional changes
    - conf: make is_execute a boolean
    - conf: non-functional changes
    - conf: make close_all_fds a boolean
    - conf: reshuffle mount members
    - conf: simplify tty handling
    - conf: pts -> pty_max
    - conf: non-

1775283 SRU of LXC 3.0.1 (upstream bugfix release)



About   -   Send Feedback to @ubuntu_updates