SRU of LXC 3.0.3 (upstream bugfix release)
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
lxc (Ubuntu) |
Fix Released
|
High
|
Stéphane Graber | ||
Xenial |
Fix Released
|
Medium
|
Stéphane Graber | ||
Bionic |
Fix Released
|
High
|
Stéphane Graber | ||
Cosmic |
Fix Released
|
High
|
Stéphane Graber | ||
Disco |
Fix Released
|
High
|
Stéphane Graber |
Bug Description
LXC upstream released LXC 3.0.3 as a bugfix release with following changelog:
- CONTRIBUTING: Update reference to kernel coding style
- CONTRIBUTING: Link to latest online kernel docs
- CONTRIBUTING: Direct readers to CODING_STYLE.md
- CODING_STYLE: Mention kernel style in introduction
- CONTRIBUTING: Add 'be' to fix grammar
- CODING_STLYE: Simplify explanation for use of 'extern'
- CODING_STLYE: Remove sections implied by 'kernel style'
- CODING_STYLE: Fix non-uniform heading level
- CODING_STYLE: Update section header format
- cmd: Use parenthesis around complex macro
- cmd: Use 'void' instead of empty parameter list
- cmd: Do not use braces for single statement block
- cmd: Fix whitespace issues
- cmd: Use 'const' for static string constant.
- cmd: Remove unnecessary whitespace in string
- cmd: Put trailing */ on a separate line
- cmd: Remove typo'd semicolon
- cmd: Do not use comparison to NULL
- lxc_init: s/SYSDEBUG(
- tools: lxc-attach: add default log priority & cleanups
- tools: lxc-cgroup: add default log priority & cleanups
- tools: lxc-checkpoint: add default log priority & cleanups
- tools: lxc-console: add default log priority & cleanups
- tools: lxc-create: add default log priority & cleanups
- tools: lxc-destroy: add default log priority & cleanups
- tools: lxc-device: add default log priority & cleanups
- tools: lxc-execute: add default log priority & cleanups
- tools: lxc-start: add default log priority & cleanups
- tools: lxc-stop: add default log priority & cleanups
- tools: lxc-freeze: add default log priority & cleanups
- tools: lxc-unfreeze: add default log priority & cleanups
- storage_utils: move duplicated function from tools
- tools: fix lxc-execute command parsing
- lseek - integer overflow
- cmd: lxc-user-nic: change log macro & cleanups
- cmd: lxc-usernsexec reorder includes
- cmd: move declarations to macro.h
- cmd: use utils.{c,h} helpers in lxc-usernsexec
- cmd: simplify lxc-usernsexec
- cmd: use safe number parsers in lxc-usernsexec
- macro: add missing headers
- macro: add macvlan properties
- tools: Indicate container startup failure
- storage: exit() => _exit(). when exec is failed, child process needs to use _exit()
- tools: lxc-wait: add default log priority & cleanups
- conf: fix path/lxcpath mixups in tty setup
- cmd: use goto for cleanup in lxc-usernsexec
- cmd: Do not reassign variable before it is used
- cmd: Reduce scope of 'count' variable
- cmd: Fix format issues found by clang-format
- list: fix indent
- utils: split into {file,string}
- pam_cgfs: build from the same sources as liblxc
- conf: fix devpts mounting when fully unprivileged
- macro: s/rexit()/_exit()/g
- attach: move struct declaration to top
- macro: move macros from attach.c
- Makefile: don't allow undefined symbols
- autotools: check if compiler is new enough
- log: handle strerror_r() versions
- autotools: add --{disable,
- log: fail build on ENFORCE_
- {file,string}
- initutils: remove useless comment
- string_utils: remove unnecessary include
- string_utils: remove unused headers
- string_utils: add remove_
- Makefile: remove last pam_cgfs special-casing
- conf: add missing headers
- Fix typo
- ifaddrs: add safe implementation of getifaddrs()
- Makefile: conditionalize ifaddrs.h inclusion
- execute: skip lxc-init logging when unprivileged
- execute: pass /proc/self/fd/<nr>
- tests: cleanup get_item.c
- build: fix musl
- configure: reorder header checks
- compiler: add compiler.h header
- commands: return -1 on lxc_cmd_
- tests: add basic.c
- tests: cleanup Makefile
- commands: ensure -1 is sent on EPIPE for init pid
- macro: add LXC_AUDS_ADDR_LEN
- macro: move LXC_CMD_DATA_MAX from commands.h
- macro: add PTR_TO_INT() and INT_TO_PTR()
- macro: add INTTYPE_TO_STRLEN()
- caps: s/LXC_NUMSTRLEN
- cgfsng: s/LXC_NUMSTRLEN
- confile: s/LXC_NUMSTRLEN
- log: s/LXC_NUMSTRLEN
- lsm: s/LXC_NUMSTRLEN
- macro: s/LXC_NUMSTRLEN
- lxccontainer: s/LXC_NUMSTRLEN
- monitor: s/LXC_NUMSTRLEN
- network: s/LXC_NUMSTRLEN
- string_utils: s/LXC_NUMSTRLEN
- utils: s/LXC_NUMSTRLEN
- tools: s/LXC_NUMSTRLEN
- conf: s/LXC_NUMSTRLEN
- tests: s/LXC_NUMSTRLEN
- macro: final INTTYPE_TO_STRLEN() related cleanups
- macro: coding style fixes
- Makefile: correctly add ifaddrs to noinst_HEADERS
- start: remove duplicate macros
- caps: move macros to macro header
- string_utils: use UINT64_MAX macro
- tree-wide: use sizeof on static arrays
- Revert "tree-wide: use sizeof on static arrays"
- commands: pass around intmax_t
- commands: assign before converting to pointer
- macro: calculate buffer lengths correctly
- Revert "Revert "tree-wide: use sizeof on static arrays""
- macro: move MS_* macros
- caps: fix illegal access to array bound
- utils: defensive programming
- nl: remove duplicated define
- syntax error: mismatch brace
- commands: better error message
- file_utils: add lxc_recv_nointr()
- commands: switch to setting errno and returning -1
- log: do not clobber errno
- log: save errno on strerror_r()
- tree-wide: s/recv(
- file_utils: add lxc_send_nointr()
- tree-wide: s/send(
- nl: save errno on lxc_netns_
- log: log_append_
- lxccontainer: fix dereferenced pointer
- lxc: fix build with --disable-werror
- utils: improve get_ns_uid() and add get_ns_gid()
- utils: improve lxc_switch_
- log: support dlog
- attach: handle id switching smarter
- start: avoid unnecessary syscalls
- utils: make lxc_setgroups() return bool
- utils: make lxc_switch_
- lxccontainer: use correct pid_t type
- conf: remove extra MS_BIND with sysfs:mixed
- network: use correct type in lxc_netns_
- network: add lxc_netns_
- remove unused variables
- file_utils: remove unused function
- network: minor tweaks
- add compile flags for dlog
- log: add common functions
- log: add additional info of dlog
- attach: don't shutdown ipc socket in child
- security: fix too wide or inconsistent non-owner permissions
- attach: report standard shell exit codes
- af_unix: add function to remove duplicated codes for set sockaddr
- lxccontainer: remove locks from set_cgroup_item()
- lxccontainer: remove locks from get_cgroup_item()
- apparmor: account for specified rootfs path (closes #2617)
- conf: realpath() uses null as second parameter to prevent buffer overflow
- start: s/backgrounded/
- cgfsng: mark ops with \_\_cgfsng_ops\_\_ attribute
- autotools: add -Wimplicit-
- cgroup: rename container specific cgroup functions
- cgroups: s/fullcgpath/
- cgroups: add missing string.h include
- cgroups: s/base_
- autotools: fix wrong AX_CHECK_
- compiler: s/\_\_fallthrou
- compiler: s/\_\_noreturn\
- cgfsng: s/\_\_cgfsng_
- macro: add STRLITERALLEN() and STRARRAYLEN()
- tree-wide: replace sizeof() with SIZEOF2STRLEN()
- compiler: \_\_attribute\
- autotools: support -Wcast-align
- autotools: support -Wstrict-prototypes
- network: add netns_getifaddrs() implementation
- tree_wide: switch to netns_getifaddrs()
- netns_ifaddrs: mark casts as safe
- autotools: fix lxc_user_nic build
- stop: Only freeze if freezer is available
- doc: tweak documentation a little
- cgfsng: set errno to ENOENT on get_hierarchy()
- cgfsng: s/cgfsng_
- cgfsng: s/25/INTTYPE_
- compiler: fix \_\_noreturn on bionic
- compiler: add \_\_hot attribute
- netns_ifaddrs: fix missing include
- autools: prevent dlog build on stable branch
- tree-wide: fix includes to fix bionic builds
- template: oci template supports for char user info
- btrfs: fix btrfs containers
- oci-template: Add logic for no /etc/passwd, group
- configure: fix -Wimplicit-
- utils: add lxc_setup_keyring()
- autotools: support -z relro and -z now
- netns_ifaddrs: handle IFLA_STATS{64} correctly
- syscall_wrappers: add pivot_root()
- raw_syscalls: add lxc_raw_execveat()
- raw_syscalls: add lxc_raw_
- raw_syscalls: add lxc_raw_getpid()
- autotools: fix lxc init build
- autotools: fix lxc-monitord build
- autotools: fix lxc-user-nic build
- autotools: fix lxc-usernsexec build
- tests: add missing build dependencies
- netns_ifaddrs: only use struct rtnl_link_stats64
- cgroups: remove unnecessary line
- netns_iaddrs: remove unused functions
- parse: prefault config file with MAP_POPULATE
- cgfsng: avoid tiny race window
- utils: fix lxc_set_
- cgfsng: handle v1 cpuset hierarchy first
- syscall_wrappers: move memfd_create()
- syscall_wrappers: move setns()
- syscall_wrappers: move sethostname()
- syscall_wrappers: move unshare()
- syscall_wrappers: move signalfd()
- raw_syscalls: move lxc_raw_gettid()
- tools: lxc-start: remove unused argument
- tools: lxc-unshare: remove unnecessary initialization
- parse: remove access() check
- parse: report errors when failing config parsing
- macro: add PATH_MAX
- cmd: s/MAXPATHLEN/
- conf: s/MAXPATHLEN/
- confile: s/MAXPATHLEN/
- log: s/MAXPATHLEN/
- lxccontainer: s/MAXPATHLEN/
- macro: s/MAXPATHLEN/
- network: s/MAXPATHLEN/
- pam: s/MAXPATHLEN/
- start: s/MAXPATHLEN/
- terminal: s/MAXPATHLEN/
- utils: s/MAXPATHLEN/
- storage: s/MAXPATHLEN/
- tools: s/MAXPATHLEN/
- attach: reset signal mask
- start: change log level
- file_utils: fix too wide or inconsistent non-owner permissions
- attach: fix missing pthread.h include
- macro: add NETLINK_
- macro: add SOL_NETLINK
- netns_ifaddrs: check for NETLINK_
- parse: do not mask failed parse
- test: test invalid config keys
- confile: remove unused variable
- parse: fix uninitialized pointer access
- fix rpm packaging error for static library
- fix post section script error for rpm install
- conf: log prlimit setup
- conf: verify_
- checkpoint: fix running do_dump()
- monitor: log cleanups
- monitor: checking name too long to make monitor sock name
- commands_utils: improve code redundancy to make abstract unix socket name
- monitor: fix coding standard
- autools: use -fno-strict-
- checkconfig: Handle missing kernel version
- lxc-init: log to /dev/console
- autotools: fix --disable-commands builds
- string_utils: fix global buffer overflow issue
- include: simplify strlcpy()
- raw_syscalls: ensure function always returns value
- confile: fix append_
- parse: protect against config updates during parse
- parse: fix uninitialized value
- tree-wide: coding style fixes
- start: simplify
- autotools: compiler based hardening
- coverity: update .travis.yml
- coverity: update .travis.yml
- coverity: update .travis.yml
- coverity: update .travis.yml
- coverity: update .travis.yml
- confile: do not overwrite global variable
- commands: simplify
- cgfsng: move increment out of branch
- monitord: do not hide global variable
- tools/lxc_copy: do not hide global variable
- tools/lxc_top: do not hide global variable
- tools/lxc_info: do not hide global variable
- state: remove tautological check
- conf: remove tautological check
- conf: use O_CLOEXEC in lxc_pivot_root()
- conf: remove tautological check
- lxccontainer: remove check from goto target
- start: prevent values smaller 0
- tools/lxc_stop: use correct check
- cmd/lxc_init: do not hide global variable
- coverity: #1440391
- coverity: #1440389
- coverity: #1426130
- storage_utils: add error handling
- storage_utils: cleanups
- storage_utils: use _exit() instead of exit() in child process
- parse: cleanups
- dlog: inherit dlog fds
- spelling: allocate
- spelling: ambiguous
- spelling: answer
- spelling: architecture
- spelling: array
- spelling: asynchronous
- spelling: backingstorage
- spelling: capabilities
- spelling: character
- spelling: checkpoint
- spelling: comma
- spelling: command
- spelling: committer
- spelling: configuration
- spelling: constant
- spelling: container
- spelling: control
- spelling: convenience
- spelling: could
- spelling: describing
- spelling: device
- spelling: exiting
- spelling: explicitly
- spelling: feature
- spelling: github
- spelling: hierarchy
- spelling: hoops
- spelling: ifindices
- spelling: implementations
- spelling: inherited
- spelling: initialize
- spelling: javascript
- spelling: keepdata
- spelling: libraries
- spelling: loglevel
- spelling: namespace
- spelling: otherwise
- spelling: output
- spelling: overlayfs
- spelling: overridden
- spelling: override
- spelling: passphrase
- spelling: perhaps
- spelling: pertains
- spelling: portion
- spelling: potentially
- spelling: returns
- spelling: root
- spelling: securityfs
- spelling: snapshotting
- spelling: specified
- spelling: specify
- spelling: subtracting
- spelling: successfully
- spelling: syscall
- spelling: timeout
- spelling: unsigned
- spelling: userns
- spelling: without
- lxcmntent: coding rules
- string_utils: coding rules
- log: fix too wide or inconsistent non-owner permissions
- coverity: move to separate branch
- include: correctly include macro.h
- Fix spacing error in namespace.c
- caps: replace read with lxc_read_nointr
- log: replace write with lxc_write_nointr
- dlog: move match_dlog_fds()
- conf: s/ty/tty/g
- pam_cgfs: remove redundancy file utils
- cgfs: remove redundancy utils
- pam_cgfs: remove dependency from cap & log
- utils: fix coding styles
- utils: add errno logs for exception case
- Adds -qq flags to lvcreate commands to avoid answer 'no' to ant questions the LVM subsystem asks to avoid hanging lxc-create command
- utils: make keyring allocation failure non-fatal
- autotools: fix lxc-{create,copy} build
- cgfsng: remove freezer requirement
- start: don't call cgroup_exit() twice
Just like Ubuntu itself, upstream releases long term support releases, as is 3.0 and then periodic point releases including all the accumulated bugfixes.
Only the latest upstream release gets full support from the upstream developers, everyone else is expected to first update to it before receiving any kind of support.
This should qualify under the minor upstream bugfix release allowance of the SRU policy, letting us SRU this without paperwork for every single change included in this upstream release.
Once the SRU hits -updates, we will be backporting this to xenial-backports as well, making sure we have the same version everywhere.
[Test case]
lxc has autopkgtests which will assert that the binaries built in -proposed are functional.
Changed in lxc (Ubuntu Disco): | |
status: | New → In Progress |
Changed in lxc (Ubuntu Xenial): | |
status: | New → Triaged |
Changed in lxc (Ubuntu Bionic): | |
status: | New → Triaged |
Changed in lxc (Ubuntu Cosmic): | |
status: | New → Triaged |
importance: | Undecided → High |
Changed in lxc (Ubuntu Bionic): | |
importance: | Undecided → High |
Changed in lxc (Ubuntu Xenial): | |
importance: | Undecided → Medium |
Changed in lxc (Ubuntu Disco): | |
importance: | Undecided → High |
Changed in lxc (Ubuntu Xenial): | |
status: | Triaged → Fix Released |
Uploaded to disco, will wait for autopkgtest to be happy before I start pushing the SRUs.