UbuntuUpdates.org

Package "snapd"

Name: snapd

Description:

Daemon and tooling that enable snap packages

Latest version: 2.48.3
Release: xenial (16.04)
Level: updates
Repository: main
Homepage: https://github.com/snapcore/snapd

Links


Download "snapd"


Other versions of "snapd" in Xenial

Repository Area Version
base universe 2.0.2
base main 2.0.2
security main 2.48.3
security universe 2.48.3
updates universe 2.48.3

Packages in group

Deleted packages are displayed in grey.


Changelog

Version: 2.48.3 2021-02-10 17:06:20 UTC

  snapd (2.48.3) xenial-security; urgency=medium

  * SECURITY UPDATE: sandbox escape vulnerability for containers
    (LP: #1910456)
    - many: add Delegate=true to generated systemd units for special
      interfaces
    - interfaces/greengrass-support: back-port interface changes to
      2.48
    - CVE-2020-27352
  * interfaces/builtin/docker-support: allow /run/containerd/s/...
    - This is a new path that docker 19.03.14 (with a new version of
      containerd) uses to avoid containerd CVE issues around the unix
      socket. See also CVE-2020-15257.

Source diff to previous version
CVE-2020-27352 RESERVED
CVE-2020-15257 containerd is an industry-standard container runtime and is available as a daemon for Linux and Windows. In containerd before versions 1.3.9 and 1.4.

Version: 2.48 2020-11-30 17:06:19 UTC

  snapd (2.48) xenial; urgency=medium

  * New upstream release, LP: #1904098
    - osutil: add KernelCommandLineKeyValue
    - devicestate: implement boot.HasFDESetupHook
    - boot/makebootable.go: set snapd_recovery_mode=install at image-
      build time
    - bootloader: use ForGadget when installing boot config
    - interfaces/raw_usb: allow read access to /proc/tty/drivers
    - boot: add scaffolding for "fde-setup" hook support for sealing
    - tests: fix basic20 test on arm devices
    - seed: make a shared seed system label validation helper
    - snap: add new "fde-setup" hooktype
    - cmd/snap-bootstrap, secboot, tests: misc cleanups, add spread test
    - secboot,cmd/snap-bootstrap: fix degraded mode cases with better
      device handling
    - boot,dirs,c/snap-bootstrap: avoid InstallHost* at the cost of some
      messiness
    - tests/nested/manual/refresh-revert-fundamentals: temporarily
      disable secure boot
    - snap-bootstrap,secboot: call BlockPCRProtectionPolicies in all
      boot modes
    - many: address degraded recover mode feedback, cleanups
    - tests: Use systemd-run on tests part2
    - tests: set the opensuse tumbleweed system as manual in spread.yaml
    - secboot: call BlockPCRProtectionPolicies even if the TPM is
      disabled
    - vendor: update to current secboot
    - cmd/snap-bootstrap,o/devicestate: use a secret to pair data and
      save
    - spread.yaml: increase number of workers on 20.10
    - snap: add new `snap recovery --show-keys` option
    - tests: minor test tweaks suggested in the review of 9607
    - snapd-generator: set standard snapfuse options when generating
      units for containers
    - tests: enable lxd test on ubuntu-core-20 and 16.04-32
    - interfaces: share /tmp/.X11-unix/ from host or provider
    - tests: enable main lxd test on 20.10
    - cmd/s-b/initramfs-mounts: refactor recover mode to implement
      degraded mode
    - gadget/install: add progress logging
    - packaging: keep secboot/encrypt_dummy.go in debian
    - interfaces/udev: use distro specific path to snap-device-helper
    - o/devistate: fix chaining of tasks related to regular snaps when
      preseeding
    - gadget, overlord/devicestate: validate that system supports
      encrypted data before install
    - interfaces/fwupd: enforce the confined fwupd to align Ubuntu Core
      ESP layout
    - many: add /v2/system-recovery-keys API and client
    - secboot, many: return UnlockMethod from Unlock* methods for future
      usage
    - many: mv keys to ubuntu-boot, move model file, rename keyring
      prefix for secboot
    - tests: using systemd-run instead of manually create a systemd unit
      - part 1
    - secboot, cmd/snap-bootstrap: enable or disable activation with
      recovery key
    - secboot: refactor Unlock...IfEncrypted to take keyfile + check
      disks first
    - secboot: add LockTPMSealedKeys() to lock access to keys
      independently
    - gadget: correct sfdisk arguments
    - bootloader/assets/grub: adjust fwsetup menuentry label
    - tests: new boot state tool
    - spread: use the official image for Ubuntu 20.10, no longer an
      unstable system
    - tests/lib/nested: enable snapd logging to console for core18
    - osutil/disks: re-implement partition searching for disk w/ non-
      adjacent parts
    - tests: using the nested-state tool in nested tests
    - many: seal a fallback object to the recovery boot chain
    - gadget, gadget/install: move helpers to install package, refactor
      unit tests
    - dirs: add "gentoo" to altDirDistros
    - update-pot: include file locations in translation template, and
      extract strings from desktop files
    - gadget/many: drop usage of gpt attr 59 for indicating creation of
      partitions
    - gadget/quantity: tweak test name
    - snap: fix failing unittest for quantity.FormatDuration()
    - gadget/quantity: introduce a new package that captures quantities
    - o/devicestate,a/sysdb: make a backup of the device serial to save
    - tests: fix rare interaction of tests.session and specific tests
    - features: enable classic-preserves-xdg-runtime-dir
    - tests/nested/core20/save: check the bind mount and size bump
    - o/devicetate,dirs: keep device keys in ubuntu-save/save for UC20
    - tests: rename hasHooks to hasInterfaceHooks in the ifacestate
      tests
    - o/devicestate: unit test tweaks
    - boot: store the TPM{PolicyAuthKey,LockoutAuth}File in ubuntu-save
    - testutil, cmd/snap/version: fix misc little errors
    - overlord/devicestate: bind mount ubuntu-save under
      /var/lib/snapd/save on startup
    - gadget/internal: tune ext4 setting for smaller filesystems
    - tests/nested/core20/save: a test that verifies ubuntu-save is
      present and set up
    - tests: update google sru backend to support groovy
    - o/ifacestate: handle interface hooks when preseeding
    - tests: re-enable the apt hooks test
    - interfaces,snap: use correct type: {os,snapd} for test data
    - secboot: set metadata and keyslots sizes when formatting LUKS2
      volumes
    - tests: improve uc20-create-partitions-reinstall test
    - client, daemon, cmd/snap: cleanups from #9489 + more unit tests
    - cmd/snap-bootstrap: mount ubuntu-save during boot if present
    - secboot: fix doc comment on helper for unlocking volume with key
    - tests: add spread test for refreshing from an old snapd and core18
    - o/snapstate: generate snapd snap wrappers again after restart on
      refresh
    - secboot: version bump, unlock volume with key
    - tests/snap-advise-command: re-enable test
    - cmd/snap, snapmgr, tests: cleanups after #9418
    - interfaces: deny connected x11 plugs access to ICE
    - daemon,client: write and read a maintenance.json file for when
      snapd is shut down
    - many: update to secboot v1 (part 1)
    - osutil/disks/mockdisk: panic if same mountpoint shows up again
      with diff opts
    - tests/nested/core20/ga

Source diff to previous version
1904098 [SRU] 2.48

Version: 2.47.1 2020-10-26 13:07:04 UTC

  snapd (2.47.1) xenial; urgency=medium

  * New upstream release, LP: #1895929
    - o/configstate: create /etc/sysctl.d when applying early config
      defaults
    - cmd/snap-bootstrap/initramfs-mounts: also copy /etc/machine-id for
      same IP addr
    - packaging/{ubuntu,debian}: add liblzo2-dev as a dependency for
      building snapd
    - cmd/snap: allow snap help vs --all to diverge purposefully
    - snap: snap help output refresh

 -- Michael Vogt <email address hidden> Thu, 08 Oct 2020 09:30:44 +0200

Source diff to previous version
1895929 [SRU] 2.47

Version: 2.46.1 2020-09-22 17:06:16 UTC

  snapd (2.46.1) xenial; urgency=medium

  * New upstream release, LP: #1891134
    - interfaces: allow snap-update-ns to read
      /proc/cmdline
    - github: run macOS job with Go 1.14
    - o/snapstate, features: add feature flag for disk space check on
      remove
    - tests: account for apt-get on core18
    - mkversion.sh: include dirty in version if the tree
      is dirty
    - interfaces/systemd: compare dereferenced Service
    - vendor.json: update mysterious secboot SHA again

 -- Michael Vogt <email address hidden> Fri, 04 Sep 2020 17:42:54 +0200

Source diff to previous version
1891134 [SRU] 2.46

Version: 2.45.1ubuntu0.2 2020-07-15 15:06:21 UTC

  snapd (2.45.1ubuntu0.2) xenial-security; urgency=medium

  * SECURITY UPDATE: sandbox escape vulnerability via snapctl user-open
    (xdg-open)
    - usersession/userd/launcher.go: remove XDG_DATA_DIRS environment
      variable modification when calling the system xdg-open. Patch
      thanks to James Henstridge
    - packaging/ubuntu-16.04/snapd.postinst: kill userd on upgrade so it
      may autostart on next use. Patch thanks to Michael Vogt
    - CVE-2020-11934
    - LP: #1880085

 -- Emilia Torino <email address hidden> Fri, 10 Jul 2020 10:40:52 -0300




About   -   Send Feedback to @ubuntu_updates