- update patches:
  * lxc-2.0.9-opensuse.patch

• Files Changed
• Browse Source

- update patches:
  * lxc-2.0.9-opensuse.patch

• Files Changed
• Browse Source

- update patches:
  * lxc-2.0.9-opensuse.patch

• Files Changed
• Browse Source

- update patches:
  * lxc-2.0.9-opensuse.patch

• Files Changed
• Browse Source

- add patches:
  * lxc-2.0.9-opensuse.patch

• Files Changed
• Browse Source

• Files Changed
• Browse Source

- git 3feb871

- update to version 2.0.9

• Files Changed
• Browse Source

• Files Changed
• Browse Source

- git 44a43f5

• Files Changed
• Browse Source

- git d3e7b8a

- Fix libcap-progs dependency. The 'setcap' binary is located in /sbin
  instead of /usr/sbin but it's best to depend on the actual package
  instead since the location might change in the future.

- removed apparmor-rpm-macros again, as it is not needed for the current %post solution

- added Requires for apparmor-abstractions and BuildRequires for apparmor-rpm-macros to apply the fix for boo#1036360

- added correct reload of apparmor to %post

• Files Changed
• Browse Source

- git fabc141

• Files Changed
• Browse Source

- added workaround for #bsc1041291 to allow builds on Tumbleweed with gcc7, until this bug in gcc7 is fixed...

• Files Changed
• Browse Source

- git e13ca52

- Update to version 2.0.8
  * Security fix for CVE-2017-5985
  * All templates have been updated to not set default passwords anymore, instead requiring lxc-attach be used to configure users.
  * This may affect some automated environments that were relying on our default (very much insecure) users.
 Bugfixes:
    Make lxc-start-ephemeral Python 3.2-compatible
    Fix typo
    Allow build without sys/capability.h
    lxc-opensuse: fix default value for release code
    util: always malloc for setproctitle
    util: update setproctitle comments
    confile: clear lxc.network..ipv{4,6} when empty
    lxc_setup_tios(): Ignore SIGTTOU and SIGTTIN signals
    Make lxc-net return non-zero on failure
    seccomp: allow x32 guests on amd64 hosts.
    Add HAVE_LIBCAP
    c/r: only supply --ext-mount-map for bind mounts
    Added 'mkdir -p' functionality in create_or_remove_cgroup
    Use LXC_ROOTFS_MOUNT in clonehostname hook
    squeeze is not a supported release anymore, drop the key
    start: dumb down SIGCHLD from WARN() to NOTICE()
    log: fix lxc_unix_epoch_to_utc()
    cgfsng: make trim() safer
    seccomp: set SCMP_FLTATR_ATL_TSKIP if available
    lxc-user-nic: re-order #includes
    lxc-user-nic: improve + bugfix
    lxc-user-nic: delete link on failure
    conf: only try to delete veth when privileged
    Fix lxc-containers to support multiple bridges
    Fix mixed tab/spaces in previous patch
    lxc-alpine: use dl-cdn.a.o as default mirror instead of random one
    lxc-checkconfig: verify new[ug]idmap are setuid-root
    [templates] archlinux: resolve conflicting files
    [templates] archlinux: noneed default_timezone variable
    python3: Deal with potential NULL char*
    lxc-download.in / allow setting keyserver from env
    lxc-download.in / Document keyserver change in help
    Change variable check to match existing style
    tree-wide: include directly
    conf/ile: make sure buffer is large enough
    tree-wide: include directly
    tests: Support running on IPv6 networks
    tests: Kill containers (don't wait for shutdown)
    Fix opening wrong file in suggest_default_idmap
    do not set the root password in the debian template
    do not set insecure passwords
    don't set a default password for altlinux, gentoo, openmandriva and pld
    tools: exit with return code of lxc_execute()
    Keep veth.pair.name on network shutdown
    Makefile: fix static clang init.lxc build
    Avoid waiting for bridge interface if disabled in sysconfig/lxc | lxc-net via USE_LXC_BRIDGE
    Increased buffer length in print_stats()
    avoid assigning to a variable which is not POSIX shell proof (bug #1498)
    remove obsolete note about api stability
    conf: less error prone pointer access
    conf: lxc_map_ids() non-functional changes
    caps: add lxc_{proc,file}_cap_is_set()
    conf: check for {filecaps,setuid} on new{g,u}idmap
    conf: improve log when mounting rootfs
    ls: simplify the judgment condition when list active containers
    fix typo introduced in #1509
    attach|unshare: fix the wrong comment
    caps: skip file capability checks on android
    autotools: check for cap_get_file
    caps: return false if caps are not supported
    conf: non-functional changes to setup_pts()
    conf: use bind-mount for /dev/ptmx
    conf: non-functional changes
    utils: use loop device helpers from LXD
    create ISSUE_TEMPLATE.md
    cgroups: improve cgfsng debugging
    issue template: fix typo
    conf: close fd in lxc_setup_devpts()
    conf: non-functional changes
    utils: tweak lxc_mount_proc_if_needed()
    Change sshd template to work with Ubuntu 17.04
    conf: order mount options
    conf: add MS_LAZYTIME to mount options
    monitor: report errno on exec() error
    af unix: allow for maximum socket name
    commands: avoid NULL pointer dereference
    commands: non-functional changes
    lxccontainer: avoid NULL pointer dereference
    monitor: simplify abstract socket logic
    precise is not the latest LTS, let's use xenial instead
    fix the wrong exit status
    conf: non-functional changes lxc_fill_autodev()
    conf: remove /dev/console from lxc_fill_autodev()
    conf: non-functional changes lxc_setup()
    conf: non-functional changes to console functions
    conf: improve lxc_setup_dev_console()
    conf: lxc_setup_ttydir_console()
    config: remove /dev/console bind mount
    doc: document console behavior
    utils: add lxc_unstack_mountpoint()
    conf: unstack all mounts atop /dev/console
    console: fail when we cannot allocate peer tty
    start: remove umount2()
    conf: non-functional changes
    utils: handle > 2^31 in lxc_unstack_mountpoint()
    Install systemd units for CentOS
    Merge ubuntu and debiancase
    start: add crucial details about lxc_spawn()
- Deleted patches that have been backported before:
  - 0003-CVE-2017-5985-Ensure-target-netns-is-caller-owned.patch
  - 0001-tree-wide-include-sys-sysmacros.h-directly.patch
  - 0002-tree-wide-include-sys-sysmacros.h-directly.patch
- added signature verification

• Files Changed
• Browse Source

- git 2e6347d
- remove patches:
  + lxc-2.0.0-ubuntu.patch

• Files Changed
• Browse Source

- git 20f3261
- remove patches:
  * 0001-tree-wide-include-sys-sysmacros.h-directly.patch
  * 0002-tree-wide-include-sys-sysmacros.h-directly.patch
  * 0003-CVE-2017-5985-Ensure-target-netns-is-caller-owned.patch

• Files Changed
• Browse Source

- git d512bd5

• Files Changed
• Browse Source

- remove patches:
  * lxc-1.1.2-opensuse.patch

- all patches (00*.patch) are upstream already, thus deleted; patch lxc-aa_allow_incomplete-default.patch is now reworked and added as a drop-in file in /usr/share/lxc/config/common.conf.d/

- update to version 2.0.7
  This is the seventh bugfix release for LXC 2.0. The main bugfixes in this release are:
  - attach: Close lsm label file descriptor
  - attach: Non-functional changes
  - attach: Simplify lsm_openat()
  - caps: Add lxc_cap_is_set()
  - conf: attach: Save errno across call to close
  - conf: Clearly report to either use drop or keep
  - conf: criu: Add make_anonymous_mount_file()
  - conf: Fix suggest_default_idmap()
  - configure: Add --enable-gnutls option
  - configure: Check for memfd_create()
  - configure: Check whether gettid() is declared
  - configure: Do not allow variable length arrays
  - configure: Remove -Werror=vla
  - configure: Use AC_HEADER_MAJOR to detect major()/minor()/makedev()
  - conf: Non-functional changes
  - conf: Remove thread-unsafe strsignal + improve log
  - init: Add cgroupfs-mount to Should-Start/Stop sysvinit LSB headers
  - log: Add lxc_unix_epoch_to_utc()
  - log: Annotate lxc_unix_epoch_to_utc()
  - log: Drop all timezone conversion functions
  - log: Make sure that date is correctly formatted
  - log: Use lxc_unix_epoch_to_utc()
  - log: Use N/A if getpid() != gettid() when threaded
  - log: Use thread-safe localtime_r()
  - lvm: Supress warnings about leaked files
  - lxccontainer: Log failure to send sig to init pid
  - monitor: Add more logging
  - monitor: Close mainloop on exit if we opened it
  - monitor: Improve log + set log level to DEBUG
  - monitor: Log which pipe fd is currently used
  - monitor: Make lxc-monitord async signal safe
  - monitor: Non-functional changes
  - python3-lxc: Fix api_test.py on s390x
  - start: Check for CAP_SETGID before setgroups()
  - start: Fix execute and improve setgroups() calls
  - state: Use async signal safe fun in lxc_wait()
  - templates: lxc-debian: Don't try to get stuff from /usr/lib/systemd on the host
  - templates: lxc-debian: Fix getty service startup
  - templates: lxc-debian: Fix typo in calling dpkg with --print-foreign-architectures option
  - templates: lxc-debian: Handle ppc hostarch -> powerpc
  - templates: lxc-opensuse: Change openSUSE default release to Leap 42.2
  - templates: lxc-opensuse: Remove libgcc_s1
  - templates: lxc-opensuse: Remove poweroff.target -> sigpwr.target copy
  - templates: lxc-opensuse: Set to be unconfined by AppArmor
  - templates: lxc-opensuse: Update for Leap 42.2
  - tests; Don't cause test failures on cleanup errors
  - tests: Skip unpriv tests on broken overlay module
  - tools: Improve logging
  - tools: lxc-start: Remove c->is_defined(c) check
  - tools: lxc-start: Set configfile after load_config
  - tools: Only check for O_RDONLY
  - tree-wide: Random macro cleanups
  - tree-wide: Remove any variable length arrays
  - tree-wide: Sic semper assertis!
  - utils: Add macro __LXC_NUMSTRLEN
  - utils: Add uid, gid, group convenience wrappers
- commented out the patches, as they no longer apply cleanly

• Files Changed
• Browse Source

• Files Changed
• Browse Source

- git 9045b0d

• Files Changed
• Browse Source

- git d686e93

• Files Changed
• Browse Source