From b72a84746617db854f1abf6ef18f62ac20bf90b4 Mon Sep 17 00:00:00 2001
From: Ernest Lotter <ernest.lotter@canonical.com>
Date: Mon, 2 Dec 2024 23:14:51 +0200
Subject: [PATCH] release: 2.67
---
NEWS.md | 52 ++++++++++++++++++++
packaging/arch/PKGBUILD | 2 +-
packaging/debian-sid/changelog | 81 ++++++++++++++++++++++++++++++++
packaging/fedora/snapd.spec | 80 ++++++++++++++++++++++++++++++-
packaging/opensuse/snapd.changes | 5 ++
packaging/opensuse/snapd.spec | 2 +-
packaging/ubuntu-14.04/changelog | 81 ++++++++++++++++++++++++++++++++
packaging/ubuntu-16.04/changelog | 81 ++++++++++++++++++++++++++++++++
8 files changed, 381 insertions(+), 3 deletions(-)
diff --git a/NEWS.md b/NEWS.md
index 4b737b3d5ce..7417d45439d 100644
--- a/NEWS.md
+++ b/NEWS.md
@@ -1,3 +1,55 @@
+# New in snapd 2.67
+* AppArmor prompting (experimental): allow overlapping rules
+* Registry view (experimental): Changes to registry data (from both users and snaps) can be validated and saved by custodian snaps
+* Registry view (experimental): Support 'snapctl get --pristine' to read the registry data excluding staged transaction changes
+* Registry view (experimental): Put registry commands behind experimental feature flag
+* Components: Make modules shipped/created by kernel-modules components available right after reboot
+* Components: Add tab completion for local component files
+* Components: Allow installing snaps and components from local files jointly on the CLI
+* Components: Allow 'snapctl model' command for gadget and kernel snaps
+* Components: Add 'snap components' command
+* Components: Bug fixes
+* eMMC gadget updates (WIP): add syntax support in gadget.yaml for eMMC schema
+* Support for ephemeral recovery mode on hybrid systems
+* Support for dm-verity options in snap-bootstrap
+* Support for overlayfs options and allow empty what argument for tmpfs
+* Enable ubuntu-image to determine the size of the disk image to create
+* Expose 'snap debug' commands 'validate-seed' and 'seeding'
+* Add debug API option to use dedicated snap socket /run/snapd-snap.socket
+* Hide experimental features that are no longer required (accepted/rejected)
+* Mount ubuntu-save partition with no{exec,dev,suid} at install, run and factory-reset
+* Improve memory controller support with cgroup v2
+* Support ssh socket activation configurations (used by ubuntu 22.10+)
+* Fix generation of AppArmor profile with incorrect revision during multi snap refresh
+* Fix refresh app awareness related deadlock edge case
+* Fix not caching delta updated snap download
+* Fix passing non root uid, guid to initial tmpfs mount
+* Fix ignoring snaps in try mode when amending
+* Fix reloading of service activation units to avoid systemd errors
+* Fix snapd snap FIPS build on Launchpad to use Advantage Pro FIPS updates PPA
+* Make killing of snap apps best effort to avoid possibility of malicious failure loop
+* Alleviate impact of auto-refresh failure loop with progressive delay
+* Dropped timedatex in selinux-policy to avoid runtime issue
+* Fix missing syscalls in seccomp profile
+* Modify AppArmor template to allow using SNAP_REEXEC on arch systems
+* Modify AppArmor template to allow using vim.tiny (available in base snaps)
+* Modify AppArmor template to add read-access to debian_version
+* Modify AppArmor template to allow owner to read @{PROC}/@{pid}/sessionid
+* {common,personal,system}-files interface: prohibit trailing @ in filepaths
+* {desktop,shutdown,system-observe,upower-observe} interface: improve for Ubuntu Core Desktop
+* custom-device interface: allow @ in custom-device filepaths
+* desktop interface: improve launch entry and systray integration with session
+* desktop-legacy interface: allow DBus access to com.canonical.dbusmenu
+* fwupd interface: allow access to nvmem for thunderbolt plugin
+* mpris interface: add plasmashell as label
+* mount-control interface: add support for nfs mounts
+* network-{control,manager} interface: add missing dbus link rules
+* network-manager-observe interface: add getDevices methods
+* opengl interface: add Kernel Fusion Driver access to opengl
+* screen-inhibit-control interface: improve screen inhibit control for use on core
+* udisks2 interface: allow ping of the UDisks2 service
+* u2f-devices interface: add Nitrokey Passkey
+
# New in snapd 2.66.1:
* AppArmor prompting (experimental): Fix kernel prompting support check
* Allow kernel snaps to have content slots
diff --git a/packaging/arch/PKGBUILD b/packaging/arch/PKGBUILD
index 02b98356738..2f97d9c3d74 100644
--- a/packaging/arch/PKGBUILD
+++ b/packaging/arch/PKGBUILD
@@ -11,7 +11,7 @@ pkgdesc="Service and tools for management of snap packages."
depends=('squashfs-tools' 'libseccomp' 'libsystemd' 'apparmor')
optdepends=('bash-completion: bash completion support'
'xdg-desktop-portal: desktop integration')
-pkgver=2.66.1
+pkgver=2.67
pkgrel=1
arch=('x86_64' 'i686' 'armv7h' 'aarch64')
url="https://github.com/snapcore/snapd"
diff --git a/packaging/debian-sid/changelog b/packaging/debian-sid/changelog
index 7149129aee8..66064ac9386 100644
--- a/packaging/debian-sid/changelog
+++ b/packaging/debian-sid/changelog
@@ -1,3 +1,84 @@
+snapd (2.67-1) unstable; urgency=medium
+
+ * New upstream release, LP: #2089691
+ - AppArmor prompting (experimental): allow overlapping rules
+ - Registry view (experimental): Changes to registry data (from both
+ users and snaps) can be validated and saved by custodian snaps
+ - Registry view (experimental): Support 'snapctl get --pristine' to
+ read the registry data excluding staged transaction changes
+ - Registry view (experimental): Put registry commands behind
+ experimental feature flag
+ - Components: Make modules shipped/created by kernel-modules
+ components available right after reboot
+ - Components: Add tab completion for local component files
+ - Components: Allow installing snaps and components from local files
+ jointly on the CLI
+ - Components: Allow 'snapctl model' command for gadget and kernel
+ snaps
+ - Components: Add 'snap components' command
+ - Components: Bug fixes
+ - eMMC gadget updates (WIP): add syntax support in gadget.yaml for
+ eMMC schema
+ - Support for ephemeral recovery mode on hybrid systems
+ - Support for dm-verity options in snap-bootstrap
+ - Support for overlayfs options and allow empty what argument for
+ tmpfs
+ - Enable ubuntu-image to determine the size of the disk image to
+ create
+ - Expose 'snap debug' commands 'validate-seed' and 'seeding'
+ - Add debug API option to use dedicated snap socket /run/snapd-
+ snap.socket
+ - Hide experimental features that are no longer required
+ (accepted/rejected)
+ - Mount ubuntu-save partition with no{exec,dev,suid} at install, run
+ and factory-reset
+ - Improve memory controller support with cgroup v2
+ - Support ssh socket activation configurations (used by ubuntu
+ 22.10+)
+ - Fix generation of AppArmor profile with incorrect revision during
+ multi snap refresh
+ - Fix refresh app awareness related deadlock edge case
+ - Fix not caching delta updated snap download
+ - Fix passing non root uid, guid to initial tmpfs mount
+ - Fix ignoring snaps in try mode when amending
+ - Fix reloading of service activation units to avoid systemd errors
+ - Fix snapd snap FIPS build on Launchpad to use Advantage Pro FIPS
+ updates PPA
+ - Make killing of snap apps best effort to avoid possibility of
+ malicious failure loop
+ - Alleviate impact of auto-refresh failure loop with progressive
+ delay
+ - Dropped timedatex in selinux-policy to avoid runtime issue
+ - Fix missing syscalls in seccomp profile
+ - Modify AppArmor template to allow using SNAP_REEXEC on arch
+ systems
+ - Modify AppArmor template to allow using vim.tiny (available in
+ base snaps)
+ - Modify AppArmor template to add read-access to debian_version
+ - Modify AppArmor template to allow owner to read
+ @{PROC}/@{pid}/sessionid
+ - {common,personal,system}-files interface: prohibit trailing @ in
+ filepaths
+ - {desktop,shutdown,system-observe,upower-observe} interface:
+ improve for Ubuntu Core Desktop
+ - custom-device interface: allow @ in custom-device filepaths
+ - desktop interface: improve launch entry and systray integration
+ with session
+ - desktop-legacy interface: allow DBus access to
+ com.canonical.dbusmenu
+ - fwupd interface: allow access to nvmem for thunderbolt plugin
+ - mpris interface: add plasmashell as label
+ - mount-control interface: add support for nfs mounts
+ - network-{control,manager} interface: add missing dbus link rules
+ - network-manager-observe interface: add getDevices methods
+ - opengl interface: add Kernel Fusion Driver access to opengl
+ - screen-inhibit-control interface: improve screen inhibit control
+ for use on core
+ - udisks2 interface: allow ping of the UDisks2 service
+ - u2f-devices interface: add Nitrokey Passkey
+
+ -- Ernest Lotter <ernest.lotter@canonical.com> Mon, 02 Dec 2024 23:14:24 +0200
+
snapd (2.66.1-1) unstable; urgency=medium
* New upstream release, LP: #2083490
diff --git a/packaging/fedora/snapd.spec b/packaging/fedora/snapd.spec
index 2a1eae465d0..acfbcdf690c 100644
--- a/packaging/fedora/snapd.spec
+++ b/packaging/fedora/snapd.spec
@@ -104,7 +104,7 @@
%endif
Name: snapd
-Version: 2.66.1
+Version: 2.67
Release: 0%{?dist}
Summary: A transactional software package manager
License: GPL-3.0-only
@@ -1003,6 +1003,84 @@ fi
%changelog
+* Mon Dec 02 2024 Ernest Lotter <ernest.lotter@canonical.com>
+- New upstream release 2.67
+ - AppArmor prompting (experimental): allow overlapping rules
+ - Registry view (experimental): Changes to registry data (from both
+ users and snaps) can be validated and saved by custodian snaps
+ - Registry view (experimental): Support 'snapctl get --pristine' to
+ read the registry data excluding staged transaction changes
+ - Registry view (experimental): Put registry commands behind
+ experimental feature flag
+ - Components: Make modules shipped/created by kernel-modules
+ components available right after reboot
+ - Components: Add tab completion for local component files
+ - Components: Allow installing snaps and components from local files
+ jointly on the CLI
+ - Components: Allow 'snapctl model' command for gadget and kernel
+ snaps
+ - Components: Add 'snap components' command
+ - Components: Bug fixes
+ - eMMC gadget updates (WIP): add syntax support in gadget.yaml for
+ eMMC schema
+ - Support for ephemeral recovery mode on hybrid systems
+ - Support for dm-verity options in snap-bootstrap
+ - Support for overlayfs options and allow empty what argument for
+ tmpfs
+ - Enable ubuntu-image to determine the size of the disk image to
+ create
+ - Expose 'snap debug' commands 'validate-seed' and 'seeding'
+ - Add debug API option to use dedicated snap socket /run/snapd-
+ snap.socket
+ - Hide experimental features that are no longer required
+ (accepted/rejected)
+ - Mount ubuntu-save partition with no{exec,dev,suid} at install, run
+ and factory-reset
+ - Improve memory controller support with cgroup v2
+ - Support ssh socket activation configurations (used by ubuntu
+ 22.10+)
+ - Fix generation of AppArmor profile with incorrect revision during
+ multi snap refresh
+ - Fix refresh app awareness related deadlock edge case
+ - Fix not caching delta updated snap download
+ - Fix passing non root uid, guid to initial tmpfs mount
+ - Fix ignoring snaps in try mode when amending
+ - Fix reloading of service activation units to avoid systemd errors
+ - Fix snapd snap FIPS build on Launchpad to use Advantage Pro FIPS
+ updates PPA
+ - Make killing of snap apps best effort to avoid possibility of
+ malicious failure loop
+ - Alleviate impact of auto-refresh failure loop with progressive
+ delay
+ - Dropped timedatex in selinux-policy to avoid runtime issue
+ - Fix missing syscalls in seccomp profile
+ - Modify AppArmor template to allow using SNAP_REEXEC on arch
+ systems
+ - Modify AppArmor template to allow using vim.tiny (available in
+ base snaps)
+ - Modify AppArmor template to add read-access to debian_version
+ - Modify AppArmor template to allow owner to read
+ @{PROC}/@{pid}/sessionid
+ - {common,personal,system}-files interface: prohibit trailing @ in
+ filepaths
+ - {desktop,shutdown,system-observe,upower-observe} interface:
+ improve for Ubuntu Core Desktop
+ - custom-device interface: allow @ in custom-device filepaths
+ - desktop interface: improve launch entry and systray integration
+ with session
+ - desktop-legacy interface: allow DBus access to
+ com.canonical.dbusmenu
+ - fwupd interface: allow access to nvmem for thunderbolt plugin
+ - mpris interface: add plasmashell as label
+ - mount-control interface: add support for nfs mounts
+ - network-{control,manager} interface: add missing dbus link rules
+ - network-manager-observe interface: add getDevices methods
+ - opengl interface: add Kernel Fusion Driver access to opengl
+ - screen-inhibit-control interface: improve screen inhibit control
+ for use on core
+ - udisks2 interface: allow ping of the UDisks2 service
+ - u2f-devices interface: add Nitrokey Passkey
+
* Fri Oct 11 2024 Ernest Lotter <ernest.lotter@canonical.com>
- New upstream release 2.66.1
- AppArmor prompting (experimental): Fix kernel prompting support
diff --git a/packaging/opensuse/snapd.changes b/packaging/opensuse/snapd.changes
index 9086d85b64b..68612cd92b5 100644
--- a/packaging/opensuse/snapd.changes
+++ b/packaging/opensuse/snapd.changes
@@ -1,3 +1,8 @@
+-------------------------------------------------------------------
+Mon Dec 02 21:14:24 UTC 2024 - ernest.lotter@canonical.com
+
+- Update to upstream release 2.67
+
-------------------------------------------------------------------
Fri Oct 11 08:05:46 UTC 2024 - ernest.lotter@canonical.com
diff --git a/packaging/opensuse/snapd.spec b/packaging/opensuse/snapd.spec
index c373c1b71cb..5ed51ae32ed 100644
--- a/packaging/opensuse/snapd.spec
+++ b/packaging/opensuse/snapd.spec
@@ -82,7 +82,7 @@
Name: snapd
-Version: 2.66.1
+Version: 2.67
Release: 0
Summary: Tools enabling systems to work with .snap files
License: GPL-3.0
diff --git a/packaging/ubuntu-14.04/changelog b/packaging/ubuntu-14.04/changelog
index 0387fba496a..e06ea1f8c5a 100644
--- a/packaging/ubuntu-14.04/changelog
+++ b/packaging/ubuntu-14.04/changelog
@@ -1,3 +1,84 @@
+snapd (2.67~14.04) trusty; urgency=medium
+
+ * New upstream release, LP: #2089691
+ - AppArmor prompting (experimental): allow overlapping rules
+ - Registry view (experimental): Changes to registry data (from both
+ users and snaps) can be validated and saved by custodian snaps
+ - Registry view (experimental): Support 'snapctl get --pristine' to
+ read the registry data excluding staged transaction changes
+ - Registry view (experimental): Put registry commands behind
+ experimental feature flag
+ - Components: Make modules shipped/created by kernel-modules
+ components available right after reboot
+ - Components: Add tab completion for local component files
+ - Components: Allow installing snaps and components from local files
+ jointly on the CLI
+ - Components: Allow 'snapctl model' command for gadget and kernel
+ snaps
+ - Components: Add 'snap components' command
+ - Components: Bug fixes
+ - eMMC gadget updates (WIP): add syntax support in gadget.yaml for
+ eMMC schema
+ - Support for ephemeral recovery mode on hybrid systems
+ - Support for dm-verity options in snap-bootstrap
+ - Support for overlayfs options and allow empty what argument for
+ tmpfs
+ - Enable ubuntu-image to determine the size of the disk image to
+ create
+ - Expose 'snap debug' commands 'validate-seed' and 'seeding'
+ - Add debug API option to use dedicated snap socket /run/snapd-
+ snap.socket
+ - Hide experimental features that are no longer required
+ (accepted/rejected)
+ - Mount ubuntu-save partition with no{exec,dev,suid} at install, run
+ and factory-reset
+ - Improve memory controller support with cgroup v2
+ - Support ssh socket activation configurations (used by ubuntu
+ 22.10+)
+ - Fix generation of AppArmor profile with incorrect revision during
+ multi snap refresh
+ - Fix refresh app awareness related deadlock edge case
+ - Fix not caching delta updated snap download
+ - Fix passing non root uid, guid to initial tmpfs mount
+ - Fix ignoring snaps in try mode when amending
+ - Fix reloading of service activation units to avoid systemd errors
+ - Fix snapd snap FIPS build on Launchpad to use Advantage Pro FIPS
+ updates PPA
+ - Make killing of snap apps best effort to avoid possibility of
+ malicious failure loop
+ - Alleviate impact of auto-refresh failure loop with progressive
+ delay
+ - Dropped timedatex in selinux-policy to avoid runtime issue
+ - Fix missing syscalls in seccomp profile
+ - Modify AppArmor template to allow using SNAP_REEXEC on arch
+ systems
+ - Modify AppArmor template to allow using vim.tiny (available in
+ base snaps)
+ - Modify AppArmor template to add read-access to debian_version
+ - Modify AppArmor template to allow owner to read
+ @{PROC}/@{pid}/sessionid
+ - {common,personal,system}-files interface: prohibit trailing @ in
+ filepaths
+ - {desktop,shutdown,system-observe,upower-observe} interface:
+ improve for Ubuntu Core Desktop
+ - custom-device interface: allow @ in custom-device filepaths
+ - desktop interface: improve launch entry and systray integration
+ with session
+ - desktop-legacy interface: allow DBus access to
+ com.canonical.dbusmenu
+ - fwupd interface: allow access to nvmem for thunderbolt plugin
+ - mpris interface: add plasmashell as label
+ - mount-control interface: add support for nfs mounts
+ - network-{control,manager} interface: add missing dbus link rules
+ - network-manager-observe interface: add getDevices methods
+ - opengl interface: add Kernel Fusion Driver access to opengl
+ - screen-inhibit-control interface: improve screen inhibit control
+ for use on core
+ - udisks2 interface: allow ping of the UDisks2 service
+ - u2f-devices interface: add Nitrokey Passkey
+
+ -- Ernest Lotter <ernest.lotter@canonical.com> Mon, 02 Dec 2024 23:14:24 +0200
+
snapd (2.66.1~14.04) trusty; urgency=medium
* New upstream release, LP: #2083490
diff --git a/packaging/ubuntu-16.04/changelog b/packaging/ubuntu-16.04/changelog
index 2d6afa8b319..881ad9cb687 100644
--- a/packaging/ubuntu-16.04/changelog
+++ b/packaging/ubuntu-16.04/changelog
@@ -1,3 +1,84 @@
+snapd (2.67) xenial; urgency=medium
+
+ * New upstream release, LP: #2089691
+ - AppArmor prompting (experimental): allow overlapping rules
+ - Registry view (experimental): Changes to registry data (from both
+ users and snaps) can be validated and saved by custodian snaps
+ - Registry view (experimental): Support 'snapctl get --pristine' to
+ read the registry data excluding staged transaction changes
+ - Registry view (experimental): Put registry commands behind
+ experimental feature flag
+ - Components: Make modules shipped/created by kernel-modules
+ components available right after reboot
+ - Components: Add tab completion for local component files
+ - Components: Allow installing snaps and components from local files
+ jointly on the CLI
+ - Components: Allow 'snapctl model' command for gadget and kernel
+ snaps
+ - Components: Add 'snap components' command
+ - Components: Bug fixes
+ - eMMC gadget updates (WIP): add syntax support in gadget.yaml for
+ eMMC schema
+ - Support for ephemeral recovery mode on hybrid systems
+ - Support for dm-verity options in snap-bootstrap
+ - Support for overlayfs options and allow empty what argument for
+ tmpfs
+ - Enable ubuntu-image to determine the size of the disk image to
+ create
+ - Expose 'snap debug' commands 'validate-seed' and 'seeding'
+ - Add debug API option to use dedicated snap socket /run/snapd-
+ snap.socket
+ - Hide experimental features that are no longer required
+ (accepted/rejected)
+ - Mount ubuntu-save partition with no{exec,dev,suid} at install, run
+ and factory-reset
+ - Improve memory controller support with cgroup v2
+ - Support ssh socket activation configurations (used by ubuntu
+ 22.10+)
+ - Fix generation of AppArmor profile with incorrect revision during
+ multi snap refresh
+ - Fix refresh app awareness related deadlock edge case
+ - Fix not caching delta updated snap download
+ - Fix passing non root uid, guid to initial tmpfs mount
+ - Fix ignoring snaps in try mode when amending
+ - Fix reloading of service activation units to avoid systemd errors
+ - Fix snapd snap FIPS build on Launchpad to use Advantage Pro FIPS
+ updates PPA
+ - Make killing of snap apps best effort to avoid possibility of
+ malicious failure loop
+ - Alleviate impact of auto-refresh failure loop with progressive
+ delay
+ - Dropped timedatex in selinux-policy to avoid runtime issue
+ - Fix missing syscalls in seccomp profile
+ - Modify AppArmor template to allow using SNAP_REEXEC on arch
+ systems
+ - Modify AppArmor template to allow using vim.tiny (available in
+ base snaps)
+ - Modify AppArmor template to add read-access to debian_version
+ - Modify AppArmor template to allow owner to read
+ @{PROC}/@{pid}/sessionid
+ - {common,personal,system}-files interface: prohibit trailing @ in
+ filepaths
+ - {desktop,shutdown,system-observe,upower-observe} interface:
+ improve for Ubuntu Core Desktop
+ - custom-device interface: allow @ in custom-device filepaths
+ - desktop interface: improve launch entry and systray integration
+ with session
+ - desktop-legacy interface: allow DBus access to
+ com.canonical.dbusmenu
+ - fwupd interface: allow access to nvmem for thunderbolt plugin
+ - mpris interface: add plasmashell as label
+ - mount-control interface: add support for nfs mounts
+ - network-{control,manager} interface: add missing dbus link rules
+ - network-manager-observe interface: add getDevices methods
+ - opengl interface: add Kernel Fusion Driver access to opengl
+ - screen-inhibit-control interface: improve screen inhibit control
+ for use on core
+ - udisks2 interface: allow ping of the UDisks2 service
+ - u2f-devices interface: add Nitrokey Passkey
+
+ -- Ernest Lotter <ernest.lotter@canonical.com> Mon, 02 Dec 2024 23:14:24 +0200
+
snapd (2.66.1) xenial; urgency=medium
* New upstream release, LP: #2083490