Package "lxc1"

  lxc (2.0.6-0ubuntu1~ubuntu16.04.1) xenial; urgency=medium

  * New upstream bugfix release (2.0.6) (LP: #1647010):
    - Security fix for CVE-2016-8649
    - utils: make detect_ramfs_rootfs() return bool
    - tests: add test for detect_ramfs_rootfs()
    - add Documentation entries to lxc and lxc@ units
    - mark the python examples as having utf-8 encoding
    - log: sanity check the returned value from snprintf()
    - lxc-alpine: mount /dev/shm as tmpfs
    - archlinux: Do DHCP on eth0
    - archlinux: Fix resolving
    - Drop leftover references to lxc_strerror()
    - tests: fix image download for s390x
    - tools: fix coding style in lxc_attach
    - tools: make overlay valid backend
    - tools: better error reporting for lxc-start
    - alpine: Fix installing extra packages
    - lxc-alpine: do not drop setfcap
    - s390x: Fix seccomp handling of personalities
    - tools: correct the argument typo in lxc_copy
    - Use libtool for liblxc.so
    - c/r: use --external instead of --veth-pair
    - c/r: remember to increment netnr
    - c/r: add checkpoint/restore support for macvlan interfaces
    - ubuntu: Fix package upgrades requiring proc
    - c/r: drop duplicate hunk from macvlan case
    - c/r: use snprintf to compute device name
    - Tweak libtool handling to work with Android
    - tests: add lxc_error() and lxc_debug()
    - container start: clone newcgroup immediately
    - use python3_sitearch for including the python code
    - fix rpm build, include all built files, but only once
    - cgfs: fix invalid free()
    - find OpenSUSE's build also as obs-build
    - improve help text for --fancy and --fancy-format
    - improve wording of the help page for lxc-ls
    - cgfs: add print_cgfs_init_debuginfo()
    - cgfs: skip empty entries under /proc/self/cgroup
    - cgfs: explicitly check for NULL
    - tools: use correct exit code for lxc-stop
    - c/r: explicitly emit bind mounts as criu arguments
    - log: bump LXC_LOG_BUFFER_SIZE to 4096
    - conf: merge network namespace move & rename on shutdown
    - c/r: save criu's stdout during dump too
    - c/r: remove extra \ns from logs
    - c/r: fix off-by-one error
    - c/r: check state before doing a checkpoint/restore
    - start: CLONE_NEWCGROUP after we have setup cgroups
    - create symlink for /var/run
    - utils: add lxc_append_string()
    - cgroups: remove isolated cpus from cpuset.cpus
    - Update Ubuntu release name: add zesty and remove wily
    - templates: add squashfs support to lxc-ubuntu-cloud.in
    - cgroups: skip v2 hierarchy entry
    - also stop lxc-net in runlevels 0 and 6
    - add lxc.egg-info to gitignore
    - install bash completion where pkg-config tells us to
    - conf: do not use %m format specifier
    - debian: Don't depend on libui-dialog-perl
    - cgroups: use %zu format specifier to print size_t
    - lxc-checkpoint: automatically detect if --external or --veth-pair
    - cgroups: prevent segfault in cgfsng
    - utils: add lxc_preserve_ns()
    - start: add netnsfd to lxc_handler
    - conf: use lxc_preserve_ns()
    - attach: use lxc_preserve_ns()
    - lxc_user_nic: use lxc_preserve_ns()
    - conf, start: improve log output
    - conf: explicitly remove veth device from host
    - conf, start: be smarter when deleting networks
    - start, utils: improve preserve_ns()
    - start, error: improve log + non-functional changes
    - start, namespace: move ns_info to namespace.{c,h}
    - attach, utils: bugfixes
    - attach: use ns_info[LXC_NS_MAX] struct
    - namespace: always attach to user namespace first
    - cgroup: improve isolcpus handling
    - cgroups: handle non-existent isolcpus file
    - utils: add lxc_safe_uint()
    - tests: add unit tests for lxc_safe_uint()
    - utils: add lxc_safe_int()
    - tests: add unit tests for lxc_safe_int()
    - conf/ile: get ip prefix via lxc_safe_uint()
    - confile: use lxc_safe_u/int in config_init_{u,g}id
    - conf/ile: use lxc_safe_uint() in config_pts()
    - conf/ile: use lxc_safe_u/int() in config_start()
    - conf/ile: use lxc_safe_uint() in config_monitor()
    - conf/ile: use lxc_safe_uint() in config_tty()
    - conf/ile: use lxc_safe_uint() in config_kmsg()
    - conf/ile: avoid atoi in config_lsm_aa_incomplete()
    - conf/ile: use lxc_safe_uint() in config_autodev()
    - conf/ile: avoid atoi() in config_ephemeral()
    - utils: use lxc_safe_int()
    - lxc_monitord: use lxc_safe_int() && use exit()
    - start: use lxc_safe_int()
    - conf: use lxc_safe_{u}int()
    - tools/lxc_execute: use lxc_safe_uint()
    - tools/lxc_stop: use lxc_safe_uint()
    - utils: add lxc_safe_long()
    - tests: add unit tests for lxc_safe_long()
    - tools/lxc_stop: use lxc_safe_long()
    - tools/lxc_top: use lxc_safe_int()
    - tools/lxc_ls: use lxc_safe_uint()
    - tools/lxc_autostart: use lxc_safe_{int,long}()
    - tools/lxc_console: use lxc_safe_uint()
    - tools: replace non-standard namespace identifiers
    - Configure a static MAC address on the LXC bridge
    - tests: remove overflow tests
    - attach: do not send procfd to attached process
  * Remaining patches:
    - 0001-Allocate-new-lxcbr0-subnet-at-startup-time.patch
  * Cherry-pick bugfix from upstream:
    - tests: Don't cause test failures on-cleanup errors
  * Autopkgtest:
    - Re-enable lxc-test-ubuntu on yakkety/zesty (template was fixed).
    - Workaround autopkgtest failures when using gpg2 with dirmngr.
    - Restrict tests to run on standalone systems.

 -- Stéphane Graber <email address hidden> Fri, 02 Dec 2016 23:15:21 -0500

  lxc (2.0.5-0ubuntu1~ubuntu16.04.3) xenial-security; urgency=medium

  * SECURITY UPDATE: Escape through ptrace and inherited fd (LP: #1639345)
    - attach: Do not send procfd to attached process
    - CVE-2016-8649

 -- Stéphane Graber <email address hidden> Tue, 22 Nov 2016 00:49:00 -0500

  lxc (2.0.5-0ubuntu1~ubuntu16.04.2) xenial; urgency=medium

  * Cherry-pick bugfix from upstream:
    - s390x: Fix seccomp handling of personalities (LP: #1635639)

 -- Stéphane Graber <email address hidden> Fri, 21 Oct 2016 12:39:18 -0400

  lxc (2.0.5-0ubuntu1~ubuntu16.04.1) xenial; urgency=medium

  * New upstream bugfix release (2.0.5) (LP: #1632144)
    - Fix .gitignore after /tools/ split
    - Add lxc-test-utils to .gitignore
    - bdev: use correct overlay module name
    - cleanup: tools: remove --name from lxc-top usage message
    - cleanup: whitespaces in option alignment for lxc-execute
    - Use full GPG fingerprint instead of long IDs.
    - tools: move --rcfile to the common options list
    - tools: set configfile after load_config
    - doc: add --rcfile to common opts
    - doc: Update Korean lxc-attach(1)
    - doc: Add --rcfile to Korean common opts
    - doc: Add --rcfile to Japanese common opts
    - tools: use exit(EXIT_*) everywhere
    - tools: unify exit() calls outside of main()
    - utils: Add mips signalfd syscall numbers
    - seccomp: Implement MIPS seccomp handling
    - seccomp: Add mips and mips64 entries to lxc_config_parse_arch
    - seccomp: fix strerror()
    - confile: add more archs to lxc_config_parse_arch()
    - seccomp: add support for s390x
    - seccomp: remove double include and order includes
    - seccomp: non functional changes
    - templates: use fd 9 instead of 200
    - templates: fedora requires openssl binary
    - tools: use boolean for ret in lxc_device.c
    - c/r: use /proc/self/tid/children instead of pidfile
    - c/r: Fix pid_t on some arches
    - templates: Add mips hostarch detection to debian
    - cleanup: replace tabs wth spaces in usage strings
    - remove extra 'ret'
    - c/r: write status only after trying to parse the pid
    - set FULL_PATH_NAMES=NO in doc/api/Doxyfile
    - templates: rm halt.target -> sigpwr.target symlink
    - templates: remove creation of bogus directory
    - console: use correct log name
    - configure: add --disable-werror
    - tests: fix get_item tests
    - templates: use correct cron version in alpine template
    - c/r: zero a smaller than known migrate_opts struct
    - lxczfs: small fixes
    - c/r: free valid_opts if necessary
    - make rsync deal with sparse files efficiently
    - lxc-create -t debian fails on ppc64el arch
    - c/r: fix typo in comment
    - cgroup: add new functions for interacting with hierachies
    - utils: add lxc_deslashify
    - c/r: pass --cgroup-roots on checkpoint
    - cgroup: get rid of weird hack in cgfsng_escape
    - cgroup: drop cgroup_canonical_path
    - c/r: check that cgroup_num_hierarchies > 0
    - tools: do not add trailing spaces on lxc-ls -1
    - conf: retrieve mtu from netdev->link
    - conf: try to retrieve mtu from veth
    - c/r: detatch from controlling tty on restore
    - Fix null derefence if attach is called without access to any tty
    - utils: fix lxc_string_split()
    - tools: lxc_deslashify() handle special cases
    - tests: add unit tests for lxc_deslashify()
    - Fix for ALTLinux container creation in all branches
    - utils: lxc_deslashify() free memory
    - Fix spelling of CentOS in the templates
    - Define LXC_DEVEL to detect development releases
    - tools: lxc-checkconfig conditionalize devpts check
  * Drop all cherry-pick patches, now upstream.
  * Update to newer standards. Drop un-needed debian/control field.
  * Address all lintian messages.
  * Sync packaging with Yakkety's.

 -- Stéphane Graber <email address hidden> Mon, 10 Oct 2016 19:11:02 -0400

  lxc (2.0.4-0ubuntu1~ubuntu16.04.2) xenial; urgency=medium

  * Cherry-pick from upstream (fixes checkpoint/restore regression):
    - 0003-c-r-use-proc-self-tid-children-instead-of-pidfile.patch
    - 0004-c-r-Fix-pid_t-on-some-arches.patch