lxcfs (0.10-0ubuntu2.1) wily-security; urgency=medium

  * SECURITY UPDATE: does not properly enforce directory escapes
    (LP: #1508481)
    - debian/patches/0002-fix-checking-of-parent-dirs.patch: Ensure that a
      task under cgroup /a/b cannot mkdir, rmdir, or modify files under,
      directories not under /a/b. Add a testcase for this.
    - CVE-2015-1342
  * SECURITY UPDATE: lack of privilege checking in do_write_pids
    (LP: #1512854)
    - debian/patches/0002-Fix-movepid-cve.patch: Fix missing privilege
      check when moving pids to a new cgroup.
    - CVE-2015-1344

 -- Marc Deslauriers <marc.deslauriers@ubuntu.com>  Wed, 11 Nov 2015 07:19:02 -0500

lxcfs (0.10-0ubuntu2) wily; urgency=medium

  * Allow systemd to escape its custom cgroup.  (LP: #1497420)

 -- Serge Hallyn <serge.hallyn@ubuntu.com>  Thu, 15 Oct 2015 08:56:13 -0500

lxcfs (0.10-0ubuntu1) wily; urgency=medium

  * New upstream bugfix release:
    - Detect libnih threading support and use when available.
    - Fix threading issues related to DBus.
    - Handle missing memory cgroup.
    - Turn off threading globally because of problems with libdbus.
    - Tweak lxcfs mounts to better accomodate systemd.

 -- Stéphane Graber <stgraber@ubuntu.com>  Thu, 03 Sep 2015 19:37:01 -0400

lxcfs (0.9-0ubuntu3) wily; urgency=medium

  * Update the lxc mount hook to offer a mount per co-mounted controller.
    (LP: #1491557)

 -- Serge Hallyn <serge.hallyn@ubuntu.com>  Wed, 02 Sep 2015 11:40:53 -0500

lxcfs (0.9-0ubuntu1) wily; urgency=medium

  * New upstream release avoiding fuse 'too many bytes' read errors
  * Drop now-unneeded fuse arguments from the init scripts.

 -- Serge Hallyn <serge.hallyn@ubuntu.com>  Fri, 08 May 2015 19:56:14 -0500

lxcfs (0.8-0ubuntu1) wily; urgency=medium

  * New upstream release.
    - drop upstream patches
    - fixes lxcfs.1 (LP: #1452578)

 -- Serge Hallyn <serge.hallyn@ubuntu.com>  Thu, 07 May 2015 14:47:12 -0500

lxcfs (0.7-0ubuntu4) vivid; urgency=medium

  * Add some more sanity checks (LP: #1413405)

 -- Serge Hallyn <serge.hallyn@ubuntu.com>  Mon, 20 Apr 2015 08:42:18 -0500

lxcfs (0.7-0ubuntu3) vivid; urgency=medium

  * 0002-Make-sure-that-that-cgroup-and-the-controller-are-se.patch: when
    looking a controller under /cgroup, make sure that '/' separates them,
    so that '/cgroup@freezer' is not a valid path.  (LP: #1413405)
  * 0003-free-d-at-program-end.patch: free the lxcfs_state before exiting.

 -- Serge Hallyn <serge.hallyn@ubuntu.com>  Sun, 19 Apr 2015 08:44:06 -0500

lxcfs (0.7-0ubuntu2) vivid; urgency=medium

  * Cherry-pick a fix to the LXC hook.
    - Fixes problems with checkpoint/restore due to double-mounting
      /sys/fs/cgroup
    - Respect the container's configuration by skipping lxcfs if
      /sys/fs/cgroup isn't writable.
    - Skip the cgmanager handling code as that was only applicable if we
      were starting from a clean tmpfs.

 -- Stéphane Graber <stgraber@ubuntu.com>  Tue, 07 Apr 2015 16:21:01 -0400

lxcfs (0.7-0ubuntu1) vivid; urgency=medium

  * Upstream release 0.7, which has fixes for handling crashed children
    and in particular for working around a glibc fork bug
    (https://sourceware.org/bugzilla/show_bug.cgi?id=15392)

 -- Serge Hallyn <serge.hallyn@ubuntu.com>  Fri, 03 Apr 2015 15:20:15 -0500

lxcfs (0.6-0ubuntu3) vivid; urgency=medium

  * Catch a nih_local which was not initialized to NULL (causing occasional
    SEGVs)

 -- Serge Hallyn <serge.hallyn@ubuntu.com>  Thu, 02 Apr 2015 20:31:29 -0500

lxcfs (0.6-0ubuntu2) vivid; urgency=medium

  * Cherry-pick testcase fix from upstream.

 -- Stéphane Graber <stgraber@ubuntu.com>  Mon, 16 Feb 2015 23:44:24 -0500

lxcfs (0.6-0ubuntu1) vivid; urgency=medium

  * New upstream release (0.6):
    - Fix cleanup for several function (missing close/free)
    - Fix cpu-average in /proc/stat

 -- Stéphane Graber <stgraber@ubuntu.com>  Mon, 16 Feb 2015 23:14:16 -0500

lxcfs (0.5-0ubuntu3) vivid; urgency=medium

  * Add the symlink check to the sysvinit script.
  * Don't start lxcfs if /var/lib/lxcfs/proc exists as that typically
    means we've had it bind-mounted from the host.

 -- Stéphane Graber <stgraber@ubuntu.com>  Thu, 12 Feb 2015 13:42:51 -0500

lxcfs (0.5-0ubuntu2) vivid; urgency=medium

  * debian/lxcfs.service: Drop seddery of /etc/mtab, which turns /etc/mtab
    into a file. Under systemd, /etc/mtab is always a symlink to /proc/mounts.
    (LP: #1419623)
  * debian/lxcfs.upstart: Don't sed /etc/mtab if it is a symlink, to avoid
    reverting it back to a file if it was changed to be a symlink.

 -- Martin Pitt <martin.pitt@ubuntu.com>  Thu, 12 Feb 2015 10:41:57 +0100

lxcfs (0.5-0ubuntu1) vivid; urgency=medium

  * New upstream release (0.5):
    - Fix LXC hook to stop messing with /etc/mtab
    - Fix LXC hook to succeed even if /proc and /sys aren't mounted
    - Update configure.ac to properly detect the cgmanager version
  * Update init scripts to properly cleanup on crashes.

 -- Stéphane Graber <stgraber@ubuntu.com>  Wed, 28 Jan 2015 17:09:11 +0100

lxcfs (0.4-0ubuntu1) vivid; urgency=medium

  * New upstream release (0.4):
    - Fix a critical bug where the host's /proc could be replaced by the
      container's on systems where / is mounted rshared (default with systemd).

 -- Stéphane Graber <stgraber@ubuntu.com>  Fri, 23 Jan 2015 13:54:25 -0500

lxcfs (0.3-0ubuntu1) vivid; urgency=medium

  * New upstream release (0.3):
    - Fix LXC configuration file location

 -- Stéphane Graber <stgraber@ubuntu.com>  Wed, 21 Jan 2015 11:21:01 -0500

lxcfs (0.2-0ubuntu1) vivid; urgency=medium

  * New upstream release (0.2):
    - Add a LXC hook and config snippet
    - Fix the testsuite

 -- Stéphane Graber <stgraber@ubuntu.com>  Tue, 20 Jan 2015 15:17:21 -0500

lxcfs (0.1-0ubuntu3) vivid; urgency=medium

  * Fix the upstart and systemd init scripts. (LP: #1410666)

 -- Stéphane Graber <stgraber@ubuntu.com>  Wed, 14 Jan 2015 10:29:28 -0500

lxcfs (0.1-0ubuntu2) vivid; urgency=medium

  * Add test dependency on lxc.

 -- Stéphane Graber <stgraber@ubuntu.com>  Tue, 13 Jan 2015 10:28:12 -0500

lxcfs (0.1-0ubuntu1) vivid; urgency=low

  * Initial release.
  * Cherry-pick testsuite bugfix from upstream.

 -- Stéphane Graber <stgraber@ubuntu.com>  Mon, 12 Jan 2015 15:07:20 -0500
