ELBA-2024-17572
- ULN >
- Oracle Linux Errata repository >
- ELBA-2024-17572
ELBA-2024-17572 - snapd Bug Fix update
| Type: | BUG |
| Impact: | NA |
| Release Date: | 2024-02-01 |
Description
[2.61.1-1]
- Changelog resynchronization
[2.58.3-3]
- Require xdelta on Fedora or EPEL >= 9 (for delta updates)
* Fri Nov 24 2023 Ernest Lotter
- New upstream release 2.61.1
- Stop requiring default provider snaps on image building and first
boot if alternative providers are included and available
- Fix auth.json access for login as non-root group ID
- Fix incorrect remodelling conflict when changing track to older
snapd version
- Improved check-rerefresh message
- Fix UC16/18 kernel/gadget update failure due volume mismatch with
installed disk
- Stop auto-import of assertions during install modes
- Desktop interface exposes GetIdletime
- Polkit interface support for new polkit versions
- Fix not applying snapd snap changes in tracked channel when remodelling
* Fri Oct 13 2023 Philip Meulengracht
- New upstream release 2.61
- Fix control of activated services in 'snap start' and 'snap stop'
- Correctly reflect activated services in 'snap services'
- Disabled services are no longer enabled again when snap is
refreshed
- interfaces/builtin: added support for Token2 U2F keys
- interfaces/u2f-devices: add Swissbit iShield Key
- interfaces/builtin: update gpio apparmor to match pattern that
contains multiple subdirectories under /sys/devices/platform
- interfaces: add a polkit-agent interface
- interfaces: add pcscd interface
- Kernel command-line can now be edited in the gadget.yaml
- Only track validation-sets in run-mode, fixes validation-set
issues on first boot.
- Added support for using store.access to disable access to snap
store
- Support for fat16 partition in gadget
- Pre-seed authority delegation is now possible
- Support new system-user name daemon
- Several bug fixes and improvements around remodelling
- Offline remodelling support
* Fri Sep 15 2023 Michael Vogt
- New upstream release 2.60.4
- i/b/qualcomm_ipc_router.go: switch to plug/slot and add socket
permission
- interfaces/builtin: fix custom-device udev KERNEL values
- overlord: allow the firmware-updater snap to install user daemons
- interfaces: allow loopback as a block-device
* Fri Aug 25 2023 Michael Vogt
- New upstream release 2.60.3
- i/b/shared-memory: handle 'private' plug attribute in shared-
memory interface correctly
- i/apparmor: support for home.d tunables from /etc/
* Fri Aug 04 2023 Michael Vogt
- New upstream release 2.60.2
- i/builtin: allow directories in private /dev/shm
- i/builtin: add read access to /proc/task/schedstat in system-
observe
- snap-bootstrap: print version information at startup
- go.mod: update gopkg.in/yaml.v3 to v3.0.1 to fix CVE-2022-28948
- snap, store: filter out invalid snap edited links from store info
and persisted state
- o/configcore: write netplan defaults to 00-snapd-config on seeding
- snapcraft.yaml: pull in apparmor_parser optimization patches from
https://gitlab.com/apparmor/apparmor/-/merge_requests/711
- snap-confine: fix missing \0 after readlink
- cmd/snap: hide append-integrity-data
- interfaces/opengl: add support for ARM Mali
[2.58.3-2]
- Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild
* Tue Jul 04 2023 Michael Vogt
- New upstream release 2.60.1
- install: fallback to lazy unmount() in writeFilesystemContent
- data: include 'modprobe.d' and 'modules-load.d' in preseeded blob
- gadget: fix install test on armhf
- interfaces: fix typo in network_manager_observe
- sandbox/apparmor: don't let vendored apparmor conflict with system
- gadget/update: set parts in laid out data from the ones matched
- many: move SnapConfineAppArmorDir from dirs to sandbox/apparmor
- many: stop using -O no-expr-simplify in apparmor_parser
- go.mod: update secboot to latest uc22 branch
* Thu Jun 15 2023 Michael Vogt
- New upstream release 2.60
- Support for dynamic snapshot data exclusions
- Apparmor userspace is vendored inside the snapd snap
- Added a default-configure hook that exposes gadget default
configuration options to snaps during first install before
services are started
- Allow install from initrd to speed up the initial installation
for systems that do not have a install-device hook
- New snap sign --chain flag that appends the account and
account-key assertions
- Support validation-sets in the model assertion
- Support new 'min-size' field in gadget.yaml
- New interface: 'userns'
* Sat May 27 2023 Michael Vogt
- New upstream release 2.59.5
- Explicitly disallow the use of ioctl + TIOCLINUX
This fixes CVE-2023-1523.
* Fri May 12 2023 Michael Vogt
- New upstream release 2.59.4
- Retry when looking for disk label on non-UEFI systems
(LP: #2018977)
- Fix remodel from UC20 to UC22
* Wed May 03 2023 Michael Vogt
- New upstream release 2.59.3
- Fix quiet boot
- i/b/physical_memory_observe: allow reading virt-phys page mappings
- gadget: warn instead of returning error if overlapping with GPT
header
- overlord,wrappers: restart always enabled units
- go.mod: update github.com/snapcore/secboot to latest uc22
- boot: make sure we update assets for the system-seed-null role
- many: ignore case for vfat partitions when validating
* Tue Apr 18 2023 Michael Vogt
- New upstream release 2.59.2
- Notify users when a user triggered auto refresh finished
* Tue Mar 28 2023 Michael Vogt
- New upstream release 2.59.1
- Add udev rules from steam-devices to steam-support interface
- Bugfixes for layout path checking, dm_crypt permissions,
mount-control interface parameter checking, kernel commandline
parsing, docker-support, refresh-app-awareness
* Fri Mar 10 2023 Michael Vogt
- New upstream release 2.59
- Support setting extra kernel command line parameters via snap
configuration and under a gadget allow-list
- Support for Full-Disk-Encryption using ICE
- Support for arbitrary home dir locations via snap configuration
- New nvidia-drivers-support interface
- Support for udisks2 snap
- Pre-download of snaps ready for refresh and automatic refresh of
the snap when all apps are closed
- New microovn interface
- Support uboot with CONFIG_SYS_REDUNDAND_ENV=n
- Make 'snap-preseed --reset' re-exec when needed
- Update the fwupd interface to support fully confined fwupd
- The memory,cpu,thread quota options are no longer experimental
- Support debugging snap client requests via the
SNAPD_CLIENT_DEBUG_HTTP environment variable
- Support ssh listen-address via snap configuration
- Support for quotas on single services
- prepare-image now takes into account snapd versions going into
the image, including in the kernel initrd, to fetch supported
assertion formats
Updated Packages
| Release/Architecture | Filename | sha256 | Superseded By Advisory | Channel Label |
| Oracle Linux 7 (x86_64) | snapd-2.61.1-0.el7.src.rpm | 83c19db9c2d341bfde495b59c8446e61c3e9b97564e54f9ee101659357ce21d6 | ELBA-2024-23201 | ol7_x86_64_developer_EPEL |
| snap-confine-2.61.1-0.el7.x86_64.rpm | 85b513c6a87051b6694d075de6fd074d84e64138bdb58bcaae830baa0ab6406a | ELBA-2024-23201 | ol7_x86_64_developer_EPEL | |
| snapd-2.61.1-0.el7.x86_64.rpm | 2ca2c357ae7dbb0ded15758cef7db2b391f0e7c4bdd50cebe262b32c7d133c00 | ELBA-2024-23201 | ol7_x86_64_developer_EPEL | |
| snapd-devel-2.61.1-0.el7.noarch.rpm | 019fdf32398a7437b0818825163c54e233fb42481ce214a30ba5d9e29df4304b | ELBA-2024-23201 | ol7_x86_64_developer_EPEL | |
| snapd-selinux-2.61.1-0.el7.noarch.rpm | 30ec97337feba90d9f1e03e50b6641f585988b9aea82971d1e4e41f1bc9b3e43 | ELBA-2024-23201 | ol7_x86_64_developer_EPEL | |
This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team
