File lxc.changes of Package lxc.openSUSE_13.2_Update

-------------------------------------------------------------------
Tue Dec  6 22:04:34 UTC 2016 - asarai@suse.com

- CVE-2016-8649: lxc: guest escape via ptrace of lxc-attach (bsc#1010933).
  CVE-2016-8649-attach-do-not-send-procfd-to-attached-process.patch

-------------------------------------------------------------------
Fri Oct  2 11:49:33 UTC 2015 - cbosdonnat@suse.com

- Added CVE-2015-1335-Protect-container-mounts-against-symlinks.patch
  (bsc#946744)

-------------------------------------------------------------------
Mon Aug  3 13:39:01 UTC 2015 - jslaby@suse.com

- fix a bug in backported patch (bnc#940174)

-------------------------------------------------------------------
Thu Jul 23 09:23:19 UTC 2015 - jslaby@suse.com

- Added CVE-2015-1331-lxclock-use-run-lxc-lock-rather-than-r.patch
  (bnc#938522)
- Added CVE-2015-1334-Don-t-use-the-container-s-proc-during-.patch
  (bnc#938523)

-------------------------------------------------------------------
Sat Sep 27 05:12:44 UTC 2014 - opensuse_buildservice@ojkastl.de

- update to 1.0.6, which includes the following changes/fixes:
    rootfs_is_blockdev: don't run if no rootfs is specified
    confile: sanity-check netdev->type before setting netdev->priv elements
    Fix typo in previous patch
    Remove mention of mountcgroups in ubuntu.common config
    remove mountcgroup hook entirely
    Add SIGPWR support to lxc_init
    Sysvinit script fixes
    unprivileged containers: use next available nic name if unspecified
    fix typo in btrfs error msg
    apparmor: Allow slave bind mounts
    provide an example SELinux policy for older releases
    print a helpful message if creating unpriv container with no idmap
    use non-thread-safe getpwuid and getpwgid for android
    btrfs: support recursive subvolume deletion (v2)
    fix '--log-priority' --> '--logpriority' in main
    Fix a file descriptor leak in the daemonization
    Fix a file descriptor leak in the monitord spawn
    Ensure /dev/pts directory exists on pts setup
    Do not allow snapshots of LVM backed containers
    add lxc.console.logpath
    coverity: don't use newname after null check
    coverity: malloc the right size for btrs_node tree
    introduce --with-distro=raspbian
    cgmanager get/set: clean up child (v2)
    Add extra debugging
    Fix typo in the previous commit...
    do_mount_entry: add nexec, nosuid, nodev, rdonly flags if needed at remount
    command socket: use hash if needed
    monitor: fix sockname calculation for long lxcpaths
    show additional info if btrfs subvolume deletion fails (issue #315)
    ignore SIGKILL (CTRL-C) and SIGQUIT (CTRL-\) - issue #313
    chmod container dir to 0770 (v2)
    build: Fix support for split build and source dirs
    mount_entry: use statvfs
    lxc_mount_auto_mounts: honor existing nodev etc at remounts
    statvfs: do nothing if statvfs does not exist (android/bionic)
    Prevent compiler warning by initializing ifindex
    build: don't remove configuration template on clean
    build: Make setup.py run from srcdir to avoid distutils errors
    handle hashed command socket names (v2)
    lxc-cgm: fix issue with nested chowning
    Report container exit status to monitord
    support use of 'all' containers when cgmanager supports it
    log: fix quiet mode
    Fix build error(ISO C90 specs violation) in lxc.c
    lxc_map_ids: don't do bogus chekc for newgidmap
    lxc_map_ids: add a comment
    clean autodev dir on container exit
    As discussed on ML, do not clean autodev dir on reboot
    Fix build failure due to slightly different rmdir
    Fix presentation of IPv6 addresses and gateway

    lxc-start: Add -F (foreground) option

    all: Discontinue the use of in-line comments (stable)
    all: Include hostname in DHCP requests
    all: Switch from arch command to uname -m
    altlinux: bugfixes
    archlinux: Properly set default locale in /etc/locale.conf
    centos template: prevent mingetty from calling vhangup(2)
    download: Have wget retry 3 times
    download: Make --keyserver actually work
    gentoo: keep original uid/gid of files/dirs when installing
    gentoo: Use portageq to determine portage distdir
    plamo: keep original uid/gid of files/dirs when installing
    plamo: bugfix template
    ssh: send hostname to dhcp server
    ubuntu: don't check for $rootfs/run/shm
    ubuntu: add help string

    lxc-test-{unpriv,usernic.in}: make sure to chgrp as well
    lxc-test-unpriv: test lxc-clone -s
    tests: Call sync before testing a shutdown
    tests: Copy the download cache when available [v2]
    Fix the unprivileged tests cgroup management

    doc: Mention that veth.pair is ignored for unpriv
    doc: Add mention that veth.pair is ignored for unpriv in Japanese man
    doc: Add -F option to Japanese lxc-start(1)
    doc: Update the description of SELinux in Japanese lxc.container.conf(5)
    doc: Add 'zfs' to the parameter of -B option in lxc-create(1)
    doc: add lxc.console.logpath to Japanese lxc.container.conf(5)
    doc: language correction
    doc: Fix Japanese translation of lxc.container.conf(5)
    doc: Add destroy option to lxc-snapshot(1)
    doc: Add description about ignoring lxc.cgroup.use when using cgmanager
- delete: 0002-lxc-autostart-helper-working-even-if-action-is-not-a.patch
- delete: 0003-lxc-autostart-helper-working-even-if-var-lock-subsys.patch

-------------------------------------------------------------------
Fri Aug 15 14:43:35 UTC 2014 - opensuse_buildservice@ojkastl.de

- third patch to get lxc-autostart-helper to work on openSUSE
  * 0003-lxc-autostart-helper-working-even-if-var-lock-subsys.patch

-------------------------------------------------------------------
Fri Aug 15 13:04:48 UTC 2014 - opensuse_buildservice@ojkastl.de

- added another patch to ensure correct operation of lxc.service systemd-unit
  * 0002-lxc-autostart-helper-working-even-if-action-is-not-a.patch

-------------------------------------------------------------------
Thu Aug 14 19:26:33 UTC 2014 - opensuse_buildservice@ojkastl.de

- added patch to ensure correct operation of lxc.service systemd-unit
  * 0001-systemd-Ensure-action-is-defined.patch

-------------------------------------------------------------------
Wed Aug  6 19:38:55 UTC 2014 - opensuse_buildservice@ojkastl.de

- update to 1.0.5
  * seccomp profile
  * core: Fix unprivileged containers to work with recent kernels.
  * core: Fix building with -Werror=maybe-uninitialized.
  * core: seccomp: Don't fail on unresolvable syscalls.
  * core: lxc-init: Don't force dropping capabilities.
  * core: configure: Split -lcap and -lselinux out of LIBS.
  * core: configure: Fix expansion of libexecdir.
  * core: seccomp: Support 'all' arch sections.
  * core: seccomp: Fix 32-bit rules.
  * core: seccomp: Enable a default filter for all templates.
  * core: Fix corruption in write_config.
  * core: attach: Fix querying for the current personality.
  * core: cgmanager: Have cgm_set and cgm_get use absolute paths when possible.
  * core: cgmanager: Make sure @value is null-terminated in cgm_get.
  * core: optimization of signal filtering/parsing code.
  * core: apparmor: Allow hugetlbfs by default (similar to tmpfs and restricted by the hugetlb cgroup controller).
  * core: Fix find_fstype_cb to ignore blank lines and comments.
  * lxc-autostart: Actually respect -P when passed.
  * lxc-attach: Fix typo in usage.
  * lxc-start: propagate the container exit code.
  * lxc-stop: Fix incorrect timeout handling.
  * lxc-device: Support --version.
  * lxc-ls: Support --version.
  * lxc-start-ephemeral: Support --version.
  * tests: Avoid the download template when possible.
  * tests: Don't fail when HOME isn't defined.
  * tests: apparmor: Always end messages with a newline.
  * tests: Clarify error message and fix return codes.
  * tests: lxc-test-ubuntu doesn't actually need bind9-host.
  * lxc-debian: standardize formatting.
  * lxc-debian: fix formatting.
  * python3: Fix attach_wait and threads.

-------------------------------------------------------------------
Fri Jun 13 19:33:04 UTC 2014 - opensuse_buildservice@ojkastl.de

- fixed the build errors

-------------------------------------------------------------------
Fri Jun 13 18:24:48 UTC 2014 - opensuse_buildservice@ojkastl.de

- update to 1.0.4; disable lua and excluded lxc-top, as lua-dependencies are not available

-------------------------------------------------------------------
Sat May 17 18:57:22 UTC 2014 - opensuse_buildservice@ojkastl.de

- added --enable-lua to compile lxc with lua support (for lxc-top)

-------------------------------------------------------------------
Sat May 17 13:14:01 UTC 2014 - opensuse_buildservice@ojkastl.de

- added "Requires: lua", as lxc-top needs it

-------------------------------------------------------------------
Mon May  5 13:08:04 UTC 2014 - opensuse_buildservice@ojkastl.de

- added file /usr/sbin/rxlcx that links to /usr/sbin/service

-------------------------------------------------------------------
Mon May  5 10:14:06 UTC 2014 - opensuse_buildservice@ojkastl.de

- upgrade to version 1.0.3
- deleted patch patch_bash_completion.d_lxc.patch, as it is included upstream already
- added file /usr/sbin/init.lxc

-------------------------------------------------------------------
Sun Mar  2 09:06:57 UTC 2014 - opensuse_buildservice@ojkastl.de

- patch now including headers and signoff

-------------------------------------------------------------------
Sun Mar  2 08:57:35 UTC 2014 - opensuse_buildservice@ojkastl.de

- updated sources to 1.0.0
- added dirs and files in /etc/apparmor.d/ and /etc/bash_completion.d/ to spec file
- autogenned.patch: removed
- added patch patch_bash_completion.d_lxc.patch, to remove shebang from bash_completion-file
- The patch patch_bash_completion.d_lxc.patch has been sent upstream additionally

-------------------------------------------------------------------
Tue Jan 14 14:27:10 UTC 2014 - jslaby@suse.com

- update to lxc-1.0 beta
  * we use a later snapshot than beta1
- drop support for older distros than 12.3 (it does not build there)
- config_ipv6-run-inet_pton-on-the-addr-value-without-.patch: Removed
- configure-find-seccomp-using-pkg-config.patch: Removed
- configure-support-suse-s-docbook-to-man.patch: Removed
- lxc-opensuse-add-perl-base-to-prerequisities.patch: Removed
- opensuse-systemd-shutdown.patch: Removed

-------------------------------------------------------------------
Thu Jan  9 20:17:25 UTC 2014 - jslaby@suse.com

- config_ipv6-run-inet_pton-on-the-addr-value-without-.patch:
  config_ipv6: run inet_pton on the addr value without mask
  (bnc#851760)

-------------------------------------------------------------------
Fri Sep 20 14:46:37 UTC 2013 - jslaby@suse.com

- lxc-opensuse-add-perl-base-to-prerequisities.patch: lxc-opensuse:
  add perl-base to prerequisities (bnc#839873)

-------------------------------------------------------------------
Tue Sep 10 15:32:28 UTC 2013 - cbosdonnat@suse.com

- opensuse-systemd-shutdown.patch: Fixed opensuse template to
  workaround lxc-shutdown problem with systemd (bnc#839388)

-------------------------------------------------------------------
Wed Apr 24 08:58:04 UTC 2013 - jslaby@suse.com

- update to 0.9.0
  * configure-support-suse-s-docbook-to-man.patch: added to support
    our docbook-to-man
  * configure-find-seccomp-using-pkg-config.patch: add support for
    our libsseccomp being under /usr/include/libseccomp...
  * autogenned.patch: the two above applied by autogen.sh to the sources
  * remove a ton of patches which are upstream now:
     0001-Ensure-btrfs-subvolume-is-destroyed-on-error.patch
     lxc-autodev.patch
     lxc-cgroup-already-running.patch
     lxc-opensuse-12.2.patch
     lxc-opensuse-12.3.patch
     lxc-opensuse-clonefixes.patch
     lxc-opensuse-extend-base.patch
     lxc-opensuse-proper-failure.patch
     lxc-opensuse-tmpfs.patch
     pivot-root_shared.patch
- Remove obsolete info from README.SUSE

-------------------------------------------------------------------
Thu Mar  7 15:34:34 UTC 2013 - fcrozat@suse.com

- Ensure update repository directory is correctly created
  (bnc#804435).

-------------------------------------------------------------------
Tue Feb 26 14:33:41 UTC 2013 - mvyskocil@suse.com

- clean cache if a distro version in template does not match
  with files in a cache (bnc#804435#c19)

-------------------------------------------------------------------
Tue Feb 26 09:58:10 UTC 2013 - mvyskocil@suse.com

- run zypper ar only if .repo file does not exists
  fixes a partial created repos (bnc#804435#c16)

-------------------------------------------------------------------
Wed Feb 20 16:21:03 UTC 2013 - fcrozat@suse.com

- Add lxc-opensuse-12.3.patch: update template to openSUSE 12.3

-------------------------------------------------------------------
Tue Feb 19 10:59:39 UTC 2013 - jslaby@suse.com

- lxc-opensuse-extend-base.patch: lxc-opensuse: extend base
  (bnc#804232)
- lxc-opensuse-proper-failure.patch: lxc-opensuse: proper failure
- remove change-hwaddr-on-clone.patch as it was fixed upstream
  already

-------------------------------------------------------------------
Mon Jan 21 09:26:57 UTC 2013 - fcrozat@suse.com

- Update pivot-root_shared.patch with upstream patch to build with
  old version of kernel headers.
- Check for /etc/init.d/boot.cgroup presence before starting it in
  %post.

-------------------------------------------------------------------
Fri Jan 11 15:56:54 UTC 2013 - fcrozat@suse.com

- Release 0.8.0:
  + add support for autodetection of gateway address
  + add support for LVM2 and btrfs snapshot in lxc-clone
  + add support for apparmor
  + support nested cgroups
  + lxc no longer depends on perl
  + add support for container hooks (pre-start, mount, start, stop,
    umount, post-stop)
  + templates are moved to /usr/share/lxc/templates
- Remove
  Accurately-detect-whether-a-system-supports-clone_children.patch:
  merged upstream.
- Add lxc-opensuse-clonefixes.patch: fix openSUSE template
  regarding cloning.
- Add 0001-Ensure-btrfs-subvolume-is-destroyed-on-error.patch: fix
  btrfs subvolume when removing a container.
- Add lxc-autodev.patch: fill /dev when starting container (needed
  for systemd).
- Update lxc-opensuse-12.2.patch: switch to systemd in container.

-------------------------------------------------------------------
Fri Jan 11 15:30:21 UTC 2013 - fcrozat@suse.com

- Add lxc-opensuse-12.1-fixbuild.patch: fix openSUSE 12.1 container
  build.
- Add lxc-opensuse-12.2.patch:
  + switch openSUSE template to 12.2
  + install iputils in the default configuration
  + autoconfigure gateway if possible
  + detect if network is set to 0.0.0.0 and configure DHCP
  + bind mount /etc/resolv.conf in container
- Add use-relative-paths-for-container.patch,
  fix-lxc-clone-mount-entries.patch and update sles
  template: use relative paths for container mount points, fixes
  lxc-clone dropping some lxc.mount entries (bnc#789387).
- Add Requires(post) dependency on aaa_base (bnc#786970) for
  openSUSE < 12.3.
- Add dhcpcd in default installation in openSUSE template (bnc#776169).
- Add change-hwaddr-on-clone.patch: modify MAC address when cloning
  a container (git)
- Add wait-until-container-is-stopped.patch: if destroying a
  running container, wait until it is stopped before destroying it.
- Ensure lxc-createconfig uses opensuse template by default.
- Ensure lxc-createconfig correctly detect cidr (bnc#773234).
- Add pivot-root_shared.patch: fix pivot root when / is mounted as
  shared (default on 12.3 and later).

-------------------------------------------------------------------
Fri Apr 20 13:53:41 UTC 2012 - fcrozat@suse.com

- Add various fixes to opensuse template :
  + create /etc/hostname as symlink to /etc/HOSTNAME
    (lxc-clone fix)
  + fix inadequate space in lxc.mount config (lxc-clone fix)
  + disable network in container if not configured
  + configure network scripts properly
- Add lxc-snapshot-btrfs-lvm.patch: backport snapshot support,
  using btrfs or lvm2.
- Add lxc-opensuse-tmpfs.patch: ensure container shutting down is
  correctly detected by LXC.

-------------------------------------------------------------------
Fri Apr 13 11:36:16 UTC 2012 - fcrozat@suse.com

- Add lxc-createconfig script to easy LXC configuration
  (bnc#723950).

-------------------------------------------------------------------
Tue Mar  6 21:11:54 CET 2012 - jslaby@suse.de

- Accurately detect whether a system supports clone_children
  (bnc#750470)

-------------------------------------------------------------------
Tue Jan 10 15:41:45 UTC 2012 - fcrozat@suse.com

- Drop lxc-file_caps.patch, it is SLES specific, since openSUSE is
  now shipping with file capabilities enabled.

-------------------------------------------------------------------
Fri Jan  6 15:51:32 UTC 2012 - fcrozat@suse.com

- Update lxc-opensuse-12.1.patch to correctly generate containers
  on x86 (bnc#739315).
- Backport some fixes from SLES 11 SP2:
  - Add lxc-checkconfig-kernel-3.patch and lxc-file_caps.patch:
    fix detection of kernel 3.x and file capabilities (bnc#720845).
  - Fix example path in manpages (bnc#723946).

-------------------------------------------------------------------
Tue Oct 25 11:35:10 UTC 2011 - fcrozat@suse.com

- Add console to opensuse securetty, since we are in a container.

-------------------------------------------------------------------
Tue Oct 25 09:32:01 UTC 2011 - fcrozat@suse.com

- Add lxc-opensuse-12.1.patch: create openSUSE 12.1 containers now
- Add Recommends on build package, which is used by opensuse
  template.
- Update README.SUSE to current status for cgroups mountpoint

-------------------------------------------------------------------
Fri Sep  2 08:26:28 UTC 2011 - fcrozat@suse.com

- Fix license tag, it is LGPLv2.1+ (using LGPLv2+ tag to be
  consistent).

-------------------------------------------------------------------
Wed Aug 31 11:16:28 UTC 2011 - fcrozat@suse.com

- Update to 0.7.5:
  - add initial lxc-clone feature
  - add arm as supported srcarch
  - opensuse template is merged
  - improve other distribution templates
  - support cgroups mounted in multiple places

-------------------------------------------------------------------
Fri Jun 24 21:33:24 CEST 2011 - jslaby@suse.de

- kill _service

-------------------------------------------------------------------
Fri Jun 24 14:09:02 UTC 2011 - fcrozat@suse.com

- Add lxc-opensuse template.
- package /var/lib/lxc.

-------------------------------------------------------------------
Fri May 27 21:16:56 CEST 2011 - jslaby@suse.de

- update to 0.7.4.2
  - exit if allocation fails
  - ensure monitored container name is null terminated
  - do not put devpts in fstab

-------------------------------------------------------------------
Thu Mar 24 14:22:15 UTC 2011 - brian@aljex.com

- update to 0.7.4.1
  - fix mount path
  - rename physical device to the original name

-------------------------------------------------------------------
Mon Feb 28 18:03:32 CET 2011 - jslaby@suse.de

- update to 0.7.4 final
  - fix support for >= 2.6.37 kernels
- update README.SUSE file -- it contained obsolete information

-------------------------------------------------------------------
Mon Feb 21 17:48:07 CET 2011 - jslaby@suse.de

- update to 0.7.4-rc1+
  - fix cgroups collision with systemd (bnc#673821)
  - lxc-start output-to-file support
  - better error reporting
  - suppress udev log output
  - many fixes

-------------------------------------------------------------------
Wed Dec 20 10:12:28 CEST 2010 - jslaby@suse.de

- update to 0.7.3
  - mount the rootfs to the mount directory first
  - update the lxc.conf man page
  - fix compilation and link errors
  - don't play with the capabilities when we are root

-------------------------------------------------------------------
Wed Oct  6 09:02:28 CEST 2010 - jslaby@suse.de

- update to 0.7.2

-------------------------------------------------------------------
Mon Jul  5 22:24:34 CEST 2010 - jslaby@suse.de

- update to 0.7.1
  * full list of changes since 0.6.5 at http://lxc.git.sourceforge.net

-------------------------------------------------------------------
Fri Mar  5 10:22:44 UTC 2010 - lnussel@suse.de

- add README.SUSE
- add %dir /var/lib/lxc

-------------------------------------------------------------------
Thu Mar  4 16:33:46 CET 2010 - jslaby@suse.de

- update to 0.6.5

-------------------------------------------------------------------
Wed Aug 19 09:06:17 CEST 2009 - jslaby@suse.de

- remove stddef.h workaround, linux-kernel-headers are fixed now

-------------------------------------------------------------------
Tue Aug 18 15:29:26 CEST 2009 - jslaby@suse.de

- remove mkdir /var/lxc from %post rpm script

-------------------------------------------------------------------
Mon Aug 17 13:03:00 CEST 2009 - jslaby@suse.de

- Remove old lxc hack from specfile
- Fix factory build due to broken linux-kernel-headers
  (add stddef.h to includes in configure.ac) and lxc automake file

-------------------------------------------------------------------
Thu Aug 13 08:51:03 UTC 2009 - adrian@suse.de

- Add Requires to ensure that lxc-setcap is working

-------------------------------------------------------------------
Mon Aug 10 15:14:40 CEST 2009 - jslaby@suse.de

- update to 0.6.3
- add pkgconfig file to devel package

-------------------------------------------------------------------
Tue Jun 23 20:54:31 CEST 2009 - jslaby@suse.de

- add linux-kernel-headers to build prereqs

-------------------------------------------------------------------
Mon May  4 11:52:14 CEST 2009 - jslaby@suse.de

- update to 0.6.2: fixes creation scripts for several distros,
  adds logging, adds lxc-setcap

-------------------------------------------------------------------
Fri Apr 17 20:09:04 CEST 2009 - crrodriguez@suse.de

- remove static libraries

-------------------------------------------------------------------
Mon Feb 23 12:44:59 CET 2009 - jslaby@suse.de

- update to 0.6.0

-------------------------------------------------------------------
Mon Feb  2 12:48:33 CET 2009 - jslaby@suse.de

- Fix build on several archs without cap support

-------------------------------------------------------------------
Fri Jan 23 11:32:42 CET 2009 - jslaby@suse.de

- Initial release (0.5.2)

openSUSE Build Service is sponsored by