This bug was fixed in the package libvirt - 8.0.0-1ubuntu6~cloud0 --------------- libvirt (8.0.0-1ubuntu6~cloud0) focal-yoga; urgency=medium . * New update for the Ubuntu Cloud Archive. . libvirt (8.0.0-1ubuntu6) jammy; urgency=medium . * d/control: recommend swtpm-tools (LP: #1948748) . libvirt (8.0.0-1ubuntu5) jammy; urgency=medium . * apparmor: Fix QEMU access for UEFI variable files. Backported from upstream master commit 7aec69b7fb9d0c. (Closes: #1006324, LP: #1962035) Refresh apparmor_profiles_local_include.patch to resolve the conflict. . libvirt (8.0.0-1ubuntu4) jammy; urgency=medium . * No-change rebuild against libwireshark15. . libvirt (8.0.0-1ubuntu3) jammy; urgency=medium . * Revert "d/rules, d/libvirt-daemon-system.{postinst,prerm}: never stop system services and sockets." Due to the fix being in debhelper we no more need this mitigation now. (LP: #1959054) . libvirt (8.0.0-1ubuntu2) jammy; urgency=medium . * No-change rebuild to update maintainer scripts, see LP: 1959054 . libvirt (8.0.0-1ubuntu1) jammy; urgency=medium . * Merge 8.0.0 from Debian unstable (LP: #1946869) Among many other fixes and improvements this fixes ceph usage in regard to apparmor (LP: #1588576) Remaining changes: - libvirt-uri.sh: Automatically switch default libvirt URI for users via user profile (xen URI on dom0, qemu:///system otherwise) [contains lintian fixups of 6.6.0-1ubuntu1] - Disable libssh2 support (universe dependency) - d/control: add libzfslinux-dev to build-deps - d/control: drop libvirt-lxc, vbox and xen drivers to suggest - d/control: breaks replaces for augeas lenses move in 6.0.0-1 (follows Debian, droppable >22.04) - debian/patches/ubuntu/ovmf_paths.patch: adjust paths to secboot.fd UEFI Secure Boot enabled variants of the OVMF firmware and variable store for the paths where we ship these files in Ubuntu. - Set qemu-group to kvm (for compat with older ubuntu) - Additional apport package-hook - Autostart default bridged network (As upstream does, but not Debian). In addition to just enabling it our solution provides: + do not autostart if subnet is already taken (e.g. in guests). + iterate some alternative subnets before giving up - d/p/ubuntu/Allow-libvirt-group-to-access-the-socket.patch: This is the group based access to libvirt functions as it was used in Ubuntu for quite a long time. + d/p/ubuntu/daemon-augeas-fix-expected.patch fix some related tests due to the group access change. + d/libvirt-daemon-system.postinst: add users in sudo to the libvirt group. - d/p/u/parallel-shutdown.patch: set parallel shutdown by default. - Update README.Debian with Ubuntu changes - d/p/ubuntu/ubuntu_machine_type.patch: accept ubuntu types as pci440fx - fix autopkgtests (LP 1899180) + d/t/control, d/t/smoke-qemu-session: fixup smoke-qemu-session by making vmlinuz available and accessible (Debian bug 848314) + d/t/control: fix smoke-qemu-session by ensuring the service will run installing libvirt-daemon-system + d/t/smoke-lxc: fix smoke-lxc by ignoring potential issues on destroy as long as the following undefine succeeds + d/t/smoke-lxc: use systemd instead of sysV to restart the service + d/t/control, d/t/smoke-lxc: retry service restart and skip test if failing; This was flaky on some release/architectures + d/t/smoke-lxc: retry check_domain being flaky on arm64 - dnsmasq related enhancements [now contains dnsmasq-as-priv-user of 6.6.0-1ubuntu1] + run dnsmasq as libvirt-dnsmasq (LP: 1743718) + d/libvirt-daemon-system.postinst: add libvirt-dnsmasq user and group + d/libvirt-daemon-system.postrm: remove libvirt-dnsmasq user and group on purge + d/p/ubuntu/dnsmasq-as-priv-user: write dnsmasq config with user libvirt-dnsmasq and adapt the self tests to expect that config + d/libvirt-daemon-system.postinst: fix old libvirt-dnsmasq users group + Add dnsmasq configuration to work with system wide dnsmasq-base - d/p/ubuntu/set-default-machine-to-ubuntu.patch: to select default machine type correctly with newer qemu/libvirt - d/p/ubuntu/lp-1861125-ubuntu-models: recognize Ubuntu models for (LP 1861125) fixups - d/p/ubuntu/wait-for-qemu-kvm.patch - avoid hangs on startup (LP 1887592) - Apparmor Delta that is Ubuntu specific or yet to be upstreamed split into logical pieces. File names in debian/patches/ubuntu-aa/: + 0020-virt-aa-helper-ubuntu-storage-paths.patch: apparmor, virt-aa-helper: Allow various storage pools and image locations + 0029-appmor-libvirt-qemu-Add-9p-support.patch: appmor, libvirt-qemu: Add 9p support + 0031-virt-aa-helper-Ask-for-no-deny-rule-for-readonly-dis.patch: virt-aa-helper: Ask for no deny rule for readonly disk (renamed and reworded, was virt-aa-helper-no-explicity-deny-for-basefiles.patch) + 0032-apparmor-libvirt-qemu-Allow-reading-charm-specific-c.patch: apparmor, libvirt-qemu: Allow reading charm-specific ceph config + 0033-UBUNTU-only-apparmor-for-kvm.powerpc-LP-1680384.patch: allow commands executed by ubuntu only kvm wrapper on ppc64el (LP 1686621 LP 1680384 LP 1784023) + 0034-apparmor-virt-aa-helper-access-for-snapped-nova.patch: apparmor, virt-aa-helper: access for snapped nova + lp-1815910-allow-vhost-net.patch: avoid apparmor issues with vhost-net/vhost-vsock/vhost-scsi hotplug (LP: 1815910) - libvirt should not use user/group tss for swtpm (LP 1948880) + d/libvirt-daemon-system.postinst: own swtpm logdir by user swtpm + d/p/u/swtpm-by-swtpm-user.patch: change default spawned swtpm processes to user swtpm + d/p/u/swtpm-by-swtpm-user.patch: adapt expected self test results + d/control: suggest swtpm-tools + d/libvirt-daemon-system.postinst: create user/group swtpm if not present due to swtpm-tools (LP 1951975) * Dropped changes [in Debian now]: - d/control: add libtirpc for rpc.h with glibc >=2.32 - various patch refreshes and .symbols updated from 7.0.0 - 7.6.0 - debian/rules: disable the netcf backend. (LP: 1764314) - d/libvirt-clients.install: completions no more are symlinked to vsh - d/rules: disable the now auto-built vstorage backend - not-installed: split daemon man pages are no yet installed - d/rules: disable the new Cloud Hypervisor driver - d/rules: enable more features explicitly - d/rules: use apparmor_profiles=enabled instead of the now rejected value true - rules: Explicitly set remote_default_mode - rules: Rework installation of AppArmor-related files - d/control, d/rules: enable libssh (LP 1939416) * Dropped changes [upstream now]: - d/p/u/lp-1913266-*: add vsock options to be usable with s390x secure execution (LP 1913266) - d/p/u/lp-1927519-virt-aa-helper-Purge-profile-if-corrupted.patch: avoid issues due to corrupted apparmor profiles (LP 1927519) - Toleration for qemu >=6.0 handling of props (LP 1932264) - Persistent vfio-ccw device assignments (LP 1887929) * Dropped changes [no more needed]: - remove Debian debian/Revert-m4-virt-xdr-rewrite-XDR-check.patch as with recent ubuntu glibx 2.32 it is breaking the build - update d/p/debian/Revert-m4-virt-xdr-rewrite-XDR-check.patch: to detect XDR functions from glibc - d/t/smoke-lxc: skip before systemd 248 due to a known bug (LP 1934966) - d/t/smoke-lxc: skip if cgroup v1&v2 are present (systemd 248 was not enough) * Added changes: - d/p/u/dnsmasq-as-priv-user: update for 8.0.0 - Add recent upstream fixes to 8.0 + d/p/backport/qemuDomainSetupDisk-Initialize-targetPaths.patch to work in containers like LXD (without guest start would hang). + d/p/backport/util-fix-syslog-facility-value.patch to ensure logs get passed to syslog/journal correctly. - d/rules, d/libvirt-daemon-system.{postinst,postrm}: never stop libvirt system services and sockets (LP: #1959054). This allows to unblock some transitions that wait on libvirt now; The intention is that it is fixed in debhelper and libvirt reverts this change before jammy release. . libvirt (8.0.0-1) unstable; urgency=medium . * [a26cc81] New upstream version 8.0.0 * [9f18b0d] patches: Drop backports * [7ea1214] patches: Add backport/qemu-fix-inactive-snapshot-revert.patch * [9454a95] patches: Add backport/Revert-report-error-when-[...].patch * [ec3b590] control: Drop dependency on radvd - libvirt no longer uses it * [19eb356] control: Drop build dependency on parted - The parted binary is only needed at runtime . libvirt (7.10.0-3) unstable; urgency=medium . * [16b245a] control: Improve multiarch support - Mark libvirt-{daemon-system-systemd,doc} as Multi-Arch: foreign - Mark libvirt-wireshark as Multi-Arch: same - Mark libvirt-daemon-driver-* as Multi-Arch: no * [ef19843] control: Move Recommends on LVM to -daemon package - It's used by the storage driver, not the client library * [a10f605] control: Update Uploaders field - Add Andrea Bolognani, remove Laurent Léonard * [c74efcb] control: Drop obsolete version constraints - They're satisfied on our expected backport targets (Debian 11 and Ubuntu 20.04) * [1ad0b3a] control: Drop all Pre-Depends - They're not necessary on our expected backport targets . libvirt (7.10.0-2) unstable; urgency=medium . * Team upload . [ Andrea Bolognani ] * [26f63eb] control: Build-Depend on python3:any to fix cross-building * [b14268f] patches: Backport fix for CVE-2021-4147 . [ Joachim Falk ] * [9ae5f14] Fix reboot command for LXC containers (Closes: #991773) . libvirt (7.10.0-1) unstable; urgency=medium . * Team upload . * [0817e92] New upstream version 7.10.0 * [2d2fb25] patches: Drop backported patches . libvirt (7.9.0-1) unstable; urgency=medium . * Team upload . * [2c54c68] New upstream version 7.9.0 - Closes: #994061 - Fixes FTBFS (Closes: #997108) * [6ca05a9] patches: Update ZFS enablement patches - Replace the Debian-specific patch debian/Set-defaults-for-zfs-tools.patch with backported upstream patches backport/meson-Enable-ZFS-storage-backend-even-more-often.patch backport/meson-Stop-looking-up-ZFS-programs-at-build-time.patch * [32a1e7b] patches: Add backport/wireshark-Switch-to-tvb_bytes_to_str.patch - Needed to build against Wireshark 3.6.0 * [30fdaae] libvirt-daemon-system: Make QEMU cache directory root-owned - Recent changes in libvirt make it possible to be more strict * [8c2f99b] tests: No longer skip smoke-lxc with both cgroups v1&v2 present - The bug that made this workaround necessary has been resolved * [803bd5a] control: Bump Standards-Version to 4.6.0 - No changes needed . libvirt (7.6.0-0ubuntu3) jammy; urgency=medium . * d/libvirt-daemon-system.postinst: create user/group swtpm if not present due to swtpm-tools (LP: #1951975) . libvirt (7.6.0-0ubuntu2) jammy; urgency=medium . * d/p/u/lp-1927519-virt-aa-helper-Purge-profile-if-corrupted.patch: avoid issues due to corrupted apparmor profiles (LP: #1927519) * libvirt should not use user/group tss for swtpm (LP: #1948880) - d/libvirt-daemon-system.postinst: own swtpm logdir by user swtpm - d/p/u/swtpm-by-swtpm-user.patch: change default spawned swtpm processes to user swtpm - d/p/u/swtpm-by-swtpm-user.patch: adapt expected self test results - d/control: suggest swtpm-tools . libvirt (7.6.0-0ubuntu1) impish; urgency=medium . * Merge v7.6.0 from upstream and unreleased changes from Debian git. Among other bugs this fixes copy-storage-inc based migrations (LP: #1936778) - New upstream version 7.5.0 - New upstream version 7.6.0 - symbols: Bump symbol versions - refresh d/p/debian/Set-defaults-for-zfs-tools.patch for v7.5.0 - patches: Refresh patches - d/rules: disable the new Cloud Hypervisor driver - d/rules: enable more features explicitly - d/rules: use apparmor_profiles=enabled instead of the now rejected value true - update d/p/debian/Revert-m4-virt-xdr-rewrite-XDR-check.patch: to detect XDR functions from glibc * d/control, d/rules: enable libssh (LP: #1939416) * refresh ubuntu patches for v7.6.0 * Further fixups for v7.6.0 (thanks to Andrea Bolognani) - rules: Explicitly set remote_default_mode - rules: Rework installation of AppArmor-related files . libvirt (7.6.0-1) unstable; urgency=medium . * Team upload . [ Andrea Bolognani ] * [a256a80] New upstream version 7.6.0 - Fixes CVE-2021-3667 (Closes: #991594) * [4a96793] rules: Disable netcf support - netcf support is considered deprecated upstream . [ Christian Ehrhardt ] * [ac145fd] d/rules: disable the new Cloud Hypervisor driver - Cloud Hypervisor is not available in Debian * [4bafac5] d/control, d/rules: enable libssh - Closes: #985969 - LP: #1939416 * [fbc728f] d/t/smoke-lxc: skip if cgroup v1&v2 are present - This works around an upstream bug which causes the LXC driver to break when both v1 and v2 cgroups are in use * [8d2e0fe] d/control: add libtirpc for rpc.h with glibc >=2.31-14 - Switch from glibc's legacy RPC implementation, which is now disabled in the Debian package, to libtirpc's one . libvirt (7.4.0-0ubuntu3) impish; urgency=medium . * d/t/smoke-lxc: skip if cgroup v1&v2 are present (systemd 248 was not enough) . libvirt (7.4.0-0ubuntu2) impish; urgency=medium . * d/t/smoke-lxc: skip before systemd 248 due to a known bug (LP: #1934966) . libvirt (7.4.0-0ubuntu1) impish; urgency=medium . * Merge v7.4.0 from upstream, among a lot of new features and fixes this closes a few of issues reported against Ubuntu - Toleration for qemu >=6.0 handling of props (LP: #1932264) - Persistent vfio-ccw device assignments (LP: #1887929) - Drop patches that are upstream in v7.4.0 - d/p/b/meson-Fix-cross-building-of-dtrace-probes.patch - d/p/b/apparmor-let-image-label-setting-loop-over-backing-files.patch - d/p/r/systemd-Revert-remote-Add-libvirtd-dependency-to-virt-gue.patch - d/p/u/lp-1913266-*: add vsock options to be usable with s390x - d/p/u/lp-1921754-*: EPYC-Rome-v2 - d/p/u/lp-1921880-*: EPYC-Milan - d/libvirt-clients.install: completions no more are symlinked to vsh - Revert "disable firewalld support (universe dependency)" This does not add a runtime dependency and while firewalld isn't in main that way users can install and use it from universe. (LP: #1928113) - d/libvirt0.symbols: bump symbol versions for 7.4.0 - d/rules: disable the now auto-built vstorage backend - not-installed: split daemon man pages are no yet installed . libvirt (7.0.0-3) unstable; urgency=medium . * Team upload . * [5ae74e0] libvirtd: Improve default file * [b11d3c3] virtlogd: Fix some bugs in the sysv init script . libvirt (7.0.0-2ubuntu2) hirsute; urgency=medium . * d/p/u/lp-1921754*: add EPYC-Rome-v2 as v1 missed IBRS and thereby fails on some HW/Guest combinations e.g. Windows 10 on Threadripper (LP: #1921754) * d/p/u/lp-1921880*: add EPYC-Milan features and named cpu type support (LP: #1921880) . libvirt (7.0.0-2ubuntu1) hirsute; urgency=medium . * Merge with Debian 7.0.0-1 from Debian unstable Remaining changes: - libvirt-uri.sh: Automatically switch default libvirt URI for users via user profile (xen URI on dom0, qemu:///system otherwise) [contains lintian fixups of 6.6.0-1ubuntu1] - Disable libssh2 support (universe dependency) - Disable firewalld support (universe dependency) - d/control: add libzfslinux-dev to build-deps - d/control: drop libvirt-lxc, vbox and xen drivers to suggest - d/control: breaks replaces for augeas lenses move in 6.0.0-1 (follows Debian, droppable >22.04) - debian/rules: disable the netcf backend. (LP: 1764314) - debian/patches/ubuntu/ovmf_paths.patch: adjust paths to secboot.fd UEFI Secure Boot enabled variants of the OVMF firmware and variable store for the paths where we ship these files in Ubuntu. - Set qemu-group to kvm (for compat with older ubuntu) - Additional apport package-hook - Autostart default bridged network (As upstream does, but not Debian). In addition to just enabling it our solution provides: + do not autostart if subnet is already taken (e.g. in guests). + iterate some alternative subnets before giving up - d/p/ubuntu/Allow-libvirt-group-to-access-the-socket.patch: This is the group based access to libvirt functions as it was used in Ubuntu for quite a long time. + d/p/ubuntu/daemon-augeas-fix-expected.patch fix some related tests due to the group access change. + d/libvirt-daemon-system.postinst: add users in sudo to the libvirt group. - ubuntu/parallel-shutdown.patch: set parallel shutdown by default. - Update README.Debian with Ubuntu changes - d/p/ubuntu/ubuntu_machine_type.patch: accept ubuntu types as pci440fx - fix autopkgtests (LP 1899180) + d/t/control, d/t/smoke-qemu-session: fixup smoke-qemu-session by making vmlinuz available and accessible (Debian bug 848314) + d/t/control: fix smoke-qemu-session by ensuring the service will run installing libvirt-daemon-system + d/t/smoke-lxc: fix smoke-lxc by ignoring potential issues on destroy as long as the following undefine succeeds + d/t/smoke-lxc: use systemd instead of sysV to restart the service + d/t/control, d/t/smoke-lxc: retry service restart and skip test if failing; This was flaky on some release/architectures + d/t/smoke-lxc: retry check_domain being flaky on arm64 - dnsmasq related enhancements [now contains dnsmasq-as-priv-user of 6.6.0-1ubuntu1] + run dnsmasq as libvirt-dnsmasq (LP: 1743718) + d/libvirt-daemon-system.postinst: add libvirt-dnsmasq user and group + d/libvirt-daemon-system.postrm: remove libvirt-dnsmasq user and group on purge + d/p/ubuntu/dnsmasq-as-priv-user: write dnsmasq config with user libvirt-dnsmasq and adapt the self tests to expect that config + d/libvirt-daemon-system.postinst: fix old libvirt-dnsmasq users group + Add dnsmasq configuration to work with system wide dnsmasq-base - d/p/ubuntu/set-default-machine-to-ubuntu.patch: to select default machine type correctly with newer qemu/libvirt - d/p/ubuntu/lp-1861125-ubuntu-models: recognize Ubuntu models for (LP 1861125) fixups - d/p/ubuntu/wait-for-qemu-kvm.patch - avoid hangs on startup (LP 1887592) - remove Debian debian/Revert-m4-virt-xdr-rewrite-XDR-check.patch as with recent ubuntu glibx 2.32 it is breaking the build - d/control: add libtirpc for rpc.h with glibc >=2.32 - Apparmor Delta that is Ubuntu specific or yet to be upstreamed split into logical pieces. File names in debian/patches/ubuntu-aa/: + 0020-virt-aa-helper-ubuntu-storage-paths.patch: apparmor, virt-aa-helper: Allow various storage pools and image locations + 0029-appmor-libvirt-qemu-Add-9p-support.patch: appmor, libvirt-qemu: Add 9p support + 0031-virt-aa-helper-Ask-for-no-deny-rule-for-readonly-dis.patch: virt-aa-helper: Ask for no deny rule for readonly disk (renamed and reworded, was virt-aa-helper-no-explicity-deny-for-basefiles.patch) + 0032-apparmor-libvirt-qemu-Allow-reading-charm-specific-c.patch: apparmor, libvirt-qemu: Allow reading charm-specific ceph config + 0033-UBUNTU-only-apparmor-for-kvm.powerpc-LP-1680384.patch: allow commands executed by ubuntu only kvm wrapper on ppc64el (LP 1686621 LP 1680384 LP 1784023) + 0034-apparmor-virt-aa-helper-access-for-snapped-nova.patch: apparmor, virt-aa-helper: access for snapped nova + lp-1815910-allow-vhost-net.patch: avoid apparmor issues with vhost-net/vhost-vsock/vhost-scsi hotplug (LP: 1815910) - d/p/u/lp-1913266-*: add vsock options to be usable with s390x secure execution (LP 1913266) * Dropped Changes [in Debian now] - Avoid various issues around service/socket status after install/reinstall and on upgrades (LP 1914054). - d/rules: let sockets use --no-stop-on-upgrade to avoid false positives - d/rules: --no-restart-after-upgrade does not prevent restarts - d/rules: avoid --no-start which breaks .sockets on re-install - d/rules: start, but do not restart libvirt-guests.service - Dependency improvements yet unreleased from salsa/debian/master thanks to Andrea Bolognani (Debian #981435). - control: Always explicitly depend on libvirt0 - control: Always use versioned deps for libvirt components - d/control: extend demotion of libvirt-lxc related dependencies to libvirt-login-shell . libvirt (7.0.0-2) unstable; urgency=medium . * Team upload . [ Matthew Gabeler-Lee ] * [7391555] control: recommend qemu support for iscsi-direct - Closes: #981284 . [ Andrea Bolognani ] * [8048eef] control: Always use versioned deps for libvirt components - Closes: #981435 * [effe0cd] control: Always explicitly depend on libvirt0 * [d3c8ec2] control: Bump Standards-Version to 4.5.1 . [ Christian Ehrhardt ] * [3cbe8f9] d/control: avoid libvirt-clients to pull in libvirt-daemon * [295944d] systemd: start, but do not restart libvirt-guests.service * [ddbad4b] systemd: do not restart sockets . libvirt (7.0.0-1ubuntu2) hirsute; urgency=medium . * d/control: extend demotion of libvirt-lxc related dependencies to libvirt-login-shell . libvirt (7.0.0-1ubuntu1) hirsute; urgency=medium . * Merge with Debian 7.0.0-1 from Debian unstable This fixes unwanted conffile prompts (LP: #1906248) Remaining changes: - libvirt-uri.sh: Automatically switch default libvirt URI for users via user profile (xen URI on dom0, qemu:///system otherwise) [contains lintian fixups of 6.6.0-1ubuntu1] - Disable libssh2 support (universe dependency) - Disable firewalld support (universe dependency) - d/control: add libzfslinux-dev to build-deps - d/control: drop libvirt-lxc, vbox and xen drivers to suggest - d/control: breaks replaces for augeas lenses move in 6.0.0-1 (follows Debian, droppable >22.04) - debian/rules: disable the netcf backend. (LP: 1764314) - debian/patches/ubuntu/ovmf_paths.patch: adjust paths to secboot.fd UEFI Secure Boot enabled variants of the OVMF firmware and variable store for the paths where we ship these files in Ubuntu. - Set qemu-group to kvm (for compat with older ubuntu) - Additional apport package-hook - Autostart default bridged network (As upstream does, but not Debian). In addition to just enabling it our solution provides: + do not autostart if subnet is already taken (e.g. in guests). + iterate some alternative subnets before giving up - d/p/ubuntu/Allow-libvirt-group-to-access-the-socket.patch: This is the group based access to libvirt functions as it was used in Ubuntu for quite a long time. + d/p/ubuntu/daemon-augeas-fix-expected.patch fix some related tests due to the group access change. + d/libvirt-daemon-system.postinst: add users in sudo to the libvirt group. - ubuntu/parallel-shutdown.patch: set parallel shutdown by default. - Update README.Debian with Ubuntu changes - d/p/ubuntu/ubuntu_machine_type.patch: accept ubuntu types as pci440fx - fix autopkgtests (LP 1899180) + d/t/control, d/t/smoke-qemu-session: fixup smoke-qemu-session by making vmlinuz available and accessible (Debian bug 848314) + d/t/control: fix smoke-qemu-session by ensuring the service will run installing libvirt-daemon-system + d/t/smoke-lxc: fix smoke-lxc by ignoring potential issues on destroy as long as the following undefine succeeds + d/t/smoke-lxc: use systemd instead of sysV to restart the service + d/t/control, d/t/smoke-lxc: retry service restart and skip test if failing; This was flaky on some release/architectures + d/t/smoke-lxc: retry check_domain being flaky on arm64 - dnsmasq related enhancements [now contains dnsmasq-as-priv-user of 6.6.0-1ubuntu1] + run dnsmasq as libvirt-dnsmasq (LP: 1743718) + d/libvirt-daemon-system.postinst: add libvirt-dnsmasq user and group + d/libvirt-daemon-system.postrm: remove libvirt-dnsmasq user and group on purge + d/p/ubuntu/dnsmasq-as-priv-user: write dnsmasq config with user libvirt-dnsmasq and adapt the self tests to expect that config + d/libvirt-daemon-system.postinst: fix old libvirt-dnsmasq users group + Add dnsmasq configuration to work with system wide dnsmasq-base - d/p/ubuntu/set-default-machine-to-ubuntu.patch: to select default machine type correctly with newer qemu/libvirt - d/p/ubuntu/lp-1861125-ubuntu-models: recognize Ubuntu models for (LP 1861125) fixups - d/p/ubuntu/wait-for-qemu-kvm.patch - avoid hangs on startup (LP 1887592) - remove Debian debian/Revert-m4-virt-xdr-rewrite-XDR-check.patch as with recent ubuntu glibx 2.32 it is breaking the build - d/control: add libtirpc for rpc.h with glibc >=2.32 - Apparmor Delta that is Ubuntu specific or yet to be upstreamed split into logical pieces. File names in debian/patches/ubuntu-aa/: + 0020-virt-aa-helper-ubuntu-storage-paths.patch: apparmor, virt-aa-helper: Allow various storage pools and image locations + 0029-appmor-libvirt-qemu-Add-9p-support.patch: appmor, libvirt-qemu: Add 9p support + 0031-virt-aa-helper-Ask-for-no-deny-rule-for-readonly-dis.patch: virt-aa-helper: Ask for no deny rule for readonly disk (renamed and reworded, was virt-aa-helper-no-explicity-deny-for-basefiles.patch) + 0032-apparmor-libvirt-qemu-Allow-reading-charm-specific-c.patch: apparmor, libvirt-qemu: Allow reading charm-specific ceph config + 0033-UBUNTU-only-apparmor-for-kvm.powerpc-LP-1680384.patch: allow commands executed by ubuntu only kvm wrapper on ppc64el (LP 1686621 LP 1680384 LP 1784023) + 0034-apparmor-virt-aa-helper-access-for-snapped-nova.patch: apparmor, virt-aa-helper: access for snapped nova + lp-1815910-allow-vhost-net.patch: avoid apparmor issues with vhost-net/vhost-vsock/vhost-scsi hotplug (LP: 1815910) * Dropped Changes [in Debian now] - 0050-local-include-for-libvirt-qemu.patch, d/libvirt-daemon-system.postinst: provide a local apparmor include for abstraction/libvirt-qemu (LP: 1786019) * Dropped Changes [in upstream now] - d/p/ubuntu-aa/apparmor-allow-kvm-spice-compat-wrapper.patch: fix migrating pre-Focal guests by allowing kvm-spice - virt-ssh-helper: fix slow migrations and volume transfers (LP 1904584) - d/p/ubuntu/lp-1904584-remote-make-ssh-helper-massively-faster.patch - d/p/ubuntu/lp-1904584-util-avoid-glib-event-loop-workaround.patch * Dropped Changes [ready for main] - d/control: drop mdevctl to a suggest until (LP: #1889248) is ready * Added Changes: - Avoid various issues around service/socket status after install/reinstall and on upgrades (LP: #1914054). - d/rules: let sockets use --no-stop-on-upgrade to avoid false positives - d/rules: --no-restart-after-upgrade does not prevent restarts - d/rules: avoid --no-start which breaks .sockets on re-install - d/rules: start, but do not restart libvirt-guests.service - d/p/u/lp-1913266-*: add vsock options to be usable with s390x secure execution (LP: #1913266) - Dependency improvements yet unreleased from salsa/debian/master thanks to Andrea Bolognani (Debian #981435). - control: Always explicitly depend on libvirt0 - control: Always use versioned deps for libvirt components . libvirt (7.0.0-1) unstable; urgency=medium . * Team upload . [ Andrea Bolognani ] * [561e347] libvirt-daemon-config-nwfilter: Install new nwfilters * [56231e3] patches: Add backport/meson-Fix-cross-building-[...].patch - Closes: #980334 . [ Christian Ehrhardt ] * [6568c68] apparmor: allow hot-plug for qcow backing chains - Closes: #981001 * [8173ce4] libvirt-daemon-config-*: reload libvirtd before restart * [dc21d88] systemd: Drop libvirtd dep from virt-guest-shutdown.target - Avoids reintroducing: #955216 . libvirt (6.9.0-4) unstable; urgency=medium . * Team upload . * [f5c0ebf] control: Strengthen dependencies between packages . libvirt (6.9.0-3) unstable; urgency=medium . * Team upload . * [81999fb] rules: Move virt-aa-helper to libvirt-daemon * [b9b6a95] control: Make libvirt-daemon-system-{systemd,sysv} Arch: all . libvirt (6.9.0-2) experimental; urgency=medium . * Team upload . [ Andrea Bolognani ] * [55504dd] libvirt-daemon-config-network: New binary package - Closes: #973489 * [0168a25] libvirt-daemon-config-nwfilter: New binary package * [7ad0fe3] libvirt-daemon-driver-storage-iscsi-direct: New binary package - Closes: #918728 * [aadb56a] libvirt-login-shell: New binary package * [807a8de] libvirt-clients: Move out virt-qemu-run * [3af477f] libvirt-daemon: Move out libvirt_lxc * [03f8bbb] libvirt-daemon: Move out sanlock-related files * [b94f649] libvirt-daemon: Move out bash-completion support - Closes: #904036 . [ Guido Günther ] * [acb5c16] d/control: Use qemu-system instead of qemu - Closes: #966239 . [ Christian Ehrhardt ] * [8c1bf5d] d/control: fix circular dependency on libvirt-daemon-driver-qemu - Closes: #963898 * [3d8fdd2] apparmor: add local include for libvirt-qemu & libvirt-lxc . libvirt (6.9.0-1ubuntu4) hirsute; urgency=medium . * Improve flaky smoke-lxc test (LP: #1899180) - d/t/control, d/t/smoke-lxc: retry service restart and skip test if failing; This was flaky on some release/architectures - d/t/smoke-lxc: retry check_domain being flaky on arm64 . libvirt (6.9.0-1ubuntu3) hirsute; urgency=high . * No change rebuild against wireshark 3.4.0 . libvirt (6.9.0-1ubuntu2) hirsute; urgency=medium . * virt-ssh-helper: fix slow migrations and volume transfers (LP: #1904584) - d/p/ubuntu/lp-1904584-remote-make-ssh-helper-massively-faster.patch - d/p/ubuntu/lp-1904584-util-avoid-glib-event-loop-workaround.patch . libvirt (6.9.0-1ubuntu1) hirsute; urgency=medium . * Merge with Debian 6.8.0-1 from unstable Remaining changes: - libvirt-uri.sh: Automatically switch default libvirt URI for users via user profile (xen URI on dom0, qemu:///system otherwise) [contains lintian fixups of 6.6.0-1ubuntu1] - Disable libssh2 support (universe dependency) - Disable firewalld support (universe dependency) - d/control: add libzfslinux-dev to build-deps - d/control: drop libvirt-lxc, vbox and xen drivers to suggest - d/control: breaks replaces for augeas lenses move in 6.0.0-1 (follows Debian, droppable >22.04) - d/control: drop mdevctl to a suggest until (LP 1889248) is ready - debian/rules: disable the netcf backend. (LP: 1764314) - debian/patches/ubuntu/ovmf_paths.patch: adjust paths to secboot.fd UEFI Secure Boot enabled variants of the OVMF firmware and variable store for the paths where we ship these files in Ubuntu. - Set qemu-group to kvm (for compat with older ubuntu) - Additional apport package-hook - Autostart default bridged network (As upstream does, but not Debian). In addition to just enabling it our solution provides: + do not autostart if subnet is already taken (e.g. in guests). + iterate some alternative subnets before giving up - d/p/ubuntu/Allow-libvirt-group-to-access-the-socket.patch: This is the group based access to libvirt functions as it was used in Ubuntu for quite a long time. + d/p/ubuntu/daemon-augeas-fix-expected.patch fix some related tests due to the group access change. + d/libvirt-daemon-system.postinst: add users in sudo to the libvirt group. - ubuntu/parallel-shutdown.patch: set parallel shutdown by default. - Update README.Debian with Ubuntu changes - d/p/ubuntu/ubuntu_machine_type.patch: accept ubuntu types as pci440fx - fix autopkgtests + d/t/control, d/t/smoke-qemu-session: fixup smoke-qemu-session by making vmlinuz available and accessible (Debian bug 848314) + d/t/control: fix smoke-qemu-session by ensuring the service will run installing libvirt-daemon-system + d/t/smoke-lxc: fix smoke-lxc by ignoring potential issues on destroy as long as the following undefine succeeds + d/t/smoke-lxc: use systemd instead of sysV to restart the service - dnsmasq related enhancements [now contains dnsmasq-as-priv-user of 6.6.0-1ubuntu1] + run dnsmasq as libvirt-dnsmasq (LP: 1743718) + d/libvirt-daemon-system.postinst: add libvirt-dnsmasq user and group + d/libvirt-daemon-system.postrm: remove libvirt-dnsmasq user and group on purge + d/p/ubuntu/dnsmasq-as-priv-user: write dnsmasq config with user libvirt-dnsmasq and adapt the self tests to expect that config + d/libvirt-daemon-system.postinst: fix old libvirt-dnsmasq users group + Add dnsmasq configuration to work with system wide dnsmasq-base - d/p/ubuntu/set-default-machine-to-ubuntu.patch: to select default machine type correctly with newer qemu/libvirt - d/p/ubuntu/lp-1861125-ubuntu-models: recognize Ubuntu models for (LP 1861125) fixups - d/p/ubuntu/wait-for-qemu-kvm.patch - avoid hangs on startup (LP 1887592) - Apparmor Delta that is Ubuntu specific or yet to be upstreamed split into logical pieces. File names in debian/patches/ubuntu-aa/: + 0020-virt-aa-helper-ubuntu-storage-paths.patch: apparmor, virt-aa-helper: Allow various storage pools and image locations + 0029-appmor-libvirt-qemu-Add-9p-support.patch: appmor, libvirt-qemu: Add 9p support + 0031-virt-aa-helper-Ask-for-no-deny-rule-for-readonly-dis.patch: virt-aa-helper: Ask for no deny rule for readonly disk (renamed and reworded, was virt-aa-helper-no-explicity-deny-for-basefiles.patch) + 0032-apparmor-libvirt-qemu-Allow-reading-charm-specific-c.patch: apparmor, libvirt-qemu: Allow reading charm-specific ceph config + 0033-UBUNTU-only-apparmor-for-kvm.powerpc-LP-1680384.patch: allow commands executed by ubuntu only kvm wrapper on ppc64el (LP 1686621 LP 1680384 LP 1784023) + 0034-apparmor-virt-aa-helper-access-for-snapped-nova.patch: apparmor, virt-aa-helper: access for snapped nova + 0050-local-include-for-libvirt-qemu.patch, d/libvirt-daemon-system.postinst: provide a local apparmor include for abstraction/libvirt-qemu (LP: 1786019) + lp-1815910-allow-vhost-net.patch: avoid apparmor issues with vhost-net/vhost-vsock/vhost-scsi hotplug (LP: 1815910) * Dropped Changes [in Debian now] - d/p/u/lp-1892826-Revert-m4-virt-xdr-rewrite-XDR-check.patch: avoid clashes between libtripc and glibc that break libvirt-lxc (LP 1892826) * Dropped Changes [in upstream now] - d/p/ubuntu/lp-1901242-util-Fix-logic-in-virFileSetCOW.patch: fix dir pool handling on non BTRFS affecting virt-manager, api and commandline pool handling (LP 1901242) - d/p/ubuntu-aa/lp-1892736-apparmor-allow-libvirtd-to-call-virtiofsd.patch: allow libvirt to control virtiofsd (LP 1892736) - d/p/ubuntu-aa/apparmor-allow-unmounting-.dev-entries.patch: avoid triggering denials in devmapper error path - d/p/ubuntu-aa/apparmor-profiles-are-meant-to-allow-adding-permanen.patch: (again) allow permanent per guest overrides (LP 1745114) - d/p/ubuntu-aa/lp-1847361-load-versioned-module.patch: allow loading versioned modules after qemu package upgrades (LP 1847361) - d/p/ubuntu-aa/0003-apparmor-libvirt-qemu-Allow-read-access-to-overcommi. patch: apparmor, libvirt-qemu: Allow read access to overcommit_memory - d/p/ubuntu-aa/0007-apparmor-libvirt-qemu-Allow-owner-read-access-to-PRO. patch: apparmor, libvirt-qemu: Allow owner read access to @{PROC}/*/auxv - d/p/ubuntu/lp-1887490-*: add named types and definitions for EPYC-Rome chips (LP 1887490) - 0030-virt-aa-helper-Complete-9p-support.patch: virt-aa-helper: add l to 9p file options. * Added Changes - d/p/ubuntu/daemon-augeas-fix-expected.patch: update for 6.9 - d/p/ubuntu/Allow-libvirt-group-to-access-the-socket.patch: update for 6.9 - remove Debian debian/Revert-m4-virt-xdr-rewrite-XDR-check.patch as with recent ubuntu glibx 2.32 it is breaking the build - d/control: add libtirpc for rpc.h with glibc >=2.32 - d/p/ubuntu-aa/apparmor-allow-kvm-spice-compat-wrapper.patch: fix migrating pre-Focal guests by allowing kvm-spice . libvirt (6.9.0-1) unstable; urgency=medium . * Team upload . * [9328bc8] New upstream version 6.9.0 * [88c8a9e] patches: Drop backport/rpc-Fix-virt-ssh-helper-detection.patch . libvirt (6.8.0-1) unstable; urgency=medium . * Team upload . * [a09e8f2] New upstream version 6.8.0 * [11671ad] patches: Drop backport/[...]gluster-module-dep.patch * [d4522ee] patches: Add backport/rpc-Fix-virt-ssh-helper-detection.patch * [1012105] libvirt-daemon: Install virt-ssh-helper * [1070367] control: Drop Build-Depends on netcat-openbsd * [509eb72] control: Drop Build-Depends on libdbus-1-dev . libvirt (6.7.0-3) experimental; urgency=medium . * Team upload . * [2a7b4f4] rules: Decrease timeout for tests to 5m * [6337ea2] rules: Make dh_missing errors non-fatal for -indep builds . libvirt (6.7.0-2) experimental; urgency=medium . * [7b7ff73] patches: Add backport/[...]gluster-module-dep.patch * [a9cc391] debhelper: Use compat level 13 * [b327f9a] rules: Increase timeout for tests to 15m . libvirt (6.7.0-1) experimental; urgency=medium . * Team upload . * [0d7a347] New upstream version 6.7.0 * [c6306e9] patches: Drop obsolete patches The following patches are no longer necessary: - backport/apparmor-allow-default-pki-path.patch - backport/apparmor-allow-libvirtd-to-call-pygrub.patch - backport/apparmor-allow-libvirtd-to-call-virtiofsd.patch - backport/tools-fix-libvirt-guests.sh-text-assignments.patch - backport/virdevmapper-Don-t-cache-device-mapper-major.patch - backport/virdevmapper-Handle-kernel-without-device-mapper-support.patch - backport/virdevmapper-Ignore-all-errors-when-opening-dev-mapper-co.patch - debian/Prefer-sbin-over-usr-sbin.patch * [72f7997] patches: Rewrite build system patches The following patches have been rewritten: - debian/Revert-m4-virt-xdr-rewrite-XDR-check.patch - debian/Set-defaults-for-zfs-tools.patch * [37e7b80] patches: Add debian/Use-sensible-editor-by-default.patch Replaces use of the removed --with-default-editor configure option * [c326ac4] control: Add Build-Depends on meson . libvirt (6.6.0-2) unstable; urgency=medium . * Team upload . [ Christian Ehrhardt ] * fix libvirt-lxc that was broken by libtirpc linking issues (LP: #1892826) - [92acaf6] add d/p/debian/Revert-m4-virt-xdr-rewrite-XDR-check.patch - [90093c0] Revert "control: Add Build-Depends on libtirpc-dev" * [c12faf1] replace patches for pki and pygrub with clean upstream backports * [6377d90] apparmor: allow libvirtd to call virtiofsd (LP: #1892736) . libvirt (6.6.0-1ubuntu4) hirsute; urgency=medium . * d/p/ubuntu/lp-1901242-util-Fix-logic-in-virFileSetCOW.patch: fix dir pool handling on non BTRFS affecting virt-manager, api and commandline pool handling (LP: #1901242) . libvirt (6.6.0-1ubuntu3) groovy; urgency=medium . * d/p/ubuntu/lp-1887490-*: add named types and definitions for EPYC-Rome chips (LP: #1887490) . libvirt (6.6.0-1ubuntu2) groovy; urgency=medium . * d/p/u/lp-1892826-Revert-m4-virt-xdr-rewrite-XDR-check.patch: avoid clashes between libtripc and glibc that break libvirt-lxc (LP: #1892826) * d/p/ubuntu-aa/lp-1892736-apparmor-allow-libvirtd-to-call-virtiofsd.patch: allow libvirt to control virtiofsd (LP: #1892736) . libvirt (6.6.0-1ubuntu1) groovy; urgency=medium . * Merge with Debian 6.6.0-1 from experimental Among many other new features and fixes this includes fixes for: (LP: #1874647) - Stale libvirt cache leads to VM startup failures (LP: #1869796) - bad ordering and dependent restarts of services/sockets Remaining changes: - d/p/ubuntu-aa/lp-1847361-load-versioned-module.patch: allow loading versioned modules after qemu package upgrades (LP 1847361) - libvirt-uri.sh: Automatically switch default libvirt URI for users via user profile (xen URI on dom0, qemu:///system otherwise) - Disable libssh2 support (universe dependency) - Disable firewalld support (universe dependency) - Set qemu-group to kvm (for compat with older ubuntu) - Additional apport package-hook - Autostart default bridged network (As upstream does, but not Debian). In addition to just enabling it our solution provides: + do not autostart if subnet is already taken (e.g. in guests). + iterate some alternative subnets before giving up - d/p/ubuntu/Allow-libvirt-group-to-access-the-socket.patch: This is the group based access to libvirt functions as it was used in Ubuntu for quite long. + d/p/ubuntu/daemon-augeas-fix-expected.patch fix some related tests due to the group access change. + d/libvirt-daemon-system.postinst: add users in sudo to the libvirt group. - ubuntu/parallel-shutdown.patch: set parallel shutdown by default. - Update README.Debian with Ubuntu changes - d/p/ubuntu/ubuntu_machine_type.patch: accept ubuntu types as pci440fx - fix autopkgtests + d/t/control, d/t/smoke-qemu-session: fixup smoke-qemu-session by making vmlinuz available and accessible (Debian bug 848314) + d/t/control: fix smoke-qemu-session by ensuring the service will run installing libvirt-daemon-system + d/t/smoke-lxc: fix smoke-lxc by ignoring potential issues on destroy as long as the following undefine succeeds + d/t/smoke-lxc: use systemd instead of sysV to restart the service - dnsmasq related enhancements + run dnsmasq as libvirt-dnsmasq (LP: 1743718) + d/libvirt-daemon-system.postinst: add libvirt-dnsmasq user and group + d/libvirt-daemon-system.postrm: remove libvirt-dnsmasq user and group on purge + d/p/ubuntu/dnsmasq-as-priv-user: write dnsmasq config with user libvirt-dnsmasq and adapt the self tests to expect that config + d/libvirt-daemon-system.postinst: fix old libvirt-dnsmasq users group + Add dnsmasq configuration to work with system wide dnsmasq-base - debian/rules: disable the netcf backend. (LP: 1764314) - debian/patches/ubuntu/ovmf_paths.patch: adjust paths to secboot.fd UEFI Secure Boot enabled variants of the OVMF firmware and variable store for the paths where we ship these files in Ubuntu. - d/p/ubuntu/set-default-machine-to-ubuntu.patch: to select default machine type correctly with newer qemu/libvirt - d/control: add libzfslinux-dev to build-deps - d/control: drop libvirt-lxc, vbox and xen drivers to suggest - d/p/ubuntu/lp-1861125-ubuntu-models: recognize Ubuntu models for (LP 1861125) fixups - Apparmor Delta that is Ubuntu specific or yet to be upstreamed split into logical pieces. File names in debian/patches/ubuntu-aa/: + 0003-apparmor-libvirt-qemu-Allow-read-access-to-overcommi.patch: apparmor, libvirt-qemu: Allow read access to overcommit_memory + 0007-apparmor-libvirt-qemu-Allow-owner-read-access-to-PRO.patch: apparmor, libvirt-qemu: Allow owner read access to @{PROC}/*/auxv + 0020-virt-aa-helper-ubuntu-storage-paths.patch: apparmor, virt-aa-helper: Allow various storage pools and image locations + 0029-appmor-libvirt-qemu-Add-9p-support.patch: appmor, libvirt-qemu: Add 9p support + 0030-virt-aa-helper-Complete-9p-support.patch: virt-aa-helper: add l to 9p file options. + 0031-virt-aa-helper-Ask-for-no-deny-rule-for-readonly-dis.patch: virt-aa-helper: Ask for no deny rule for readonly disk (renamed and reworded, was virt-aa-helper-no-explicity-deny-for-basefiles.patch) + 0032-apparmor-libvirt-qemu-Allow-reading-charm-specific-c.patch: apparmor, libvirt-qemu: Allow reading charm-specific ceph config + 0033-UBUNTU-only-apparmor-for-kvm.powerpc-LP-1680384.patch: allow commands executed by ubuntu only kvm wrapper on ppc64el (LP 1686621 LP 1680384 LP 1784023) + 0034-apparmor-virt-aa-helper-access-for-snapped-nova.patch: apparmor, virt-aa-helper: access for snapped nova + 0050-local-include-for-libvirt-qemu.patch, d/libvirt-daemon-system.postinst: provide a local apparmor include for abstraction/libvirt-qemu (LP: 1786019) + lp-1815910-allow-vhost-net.patch: avoid apparmor issues with vhost-net/vhost-vsock/vhost-scsi hotplug (LP: 1815910) * Dropped changes (in Debian now): - Enable some additional features on ppc64el and s390x (for arch parity) + systemtap, zfs, numa and numad on s390x. + systemtap on ppc64el. - enable attr support to store XATTR labels. Among other things this allows to properly restore file ownership (LP 691590) - d/control: build depend to libattr1-dev - d/rules: configure --with-attr - Install virt-login-shell-helper - Install augeas lenses for all drivers - Remove all mentions of Devhelp - not-installed: Remove obsolete entries - not-installed: List all split daemons files - d/control: bump build dep to python3 - d/control: add python3-docutils as build dependency - d/rules: set enable-dependency-tracking to avoid FTBFS - d/rules: drop the no more existing phyp option - d/rules: drop the no more existing xen configure option - minimize patches generated by autoreconf - fix build on Debian/Ubuntu in qemuhotplugtest - d/libvirt-doc.doc: install rendered docs - d/libvirt-daemon-system.examples: drop old examples that are now active - d/libvirt-doc.doc-base.libvirt-doc: adapt doc base to new file placement - d/libvirt-daemon-system-sysv.lintian-overrides: not shipiing systemd files - d/libnss-libvirt.lintian-overrides: accept having two nss so files - d/rules: don't ship split daemons just yet - d/rules: install /etc/default/* files that are shared between sysv and systemd packages - d/rules: add libvirt-guests.default to libvirt-daemon-system instead of libvirt-daemon-system-sysv - d/rules: install virtlockd correctly with defaults file (LP: 1729516) - d/rules: also check build time self test results on all architectures - d/rules: add --no-restart-after-upgrade to services that are supposed to stay up through upgrades - this also applies to related sockets. * Dropped changes (part of upstream now): - d/p/ubuntu/lp-1879325-*: avoid issues with apparmor metadata labeling (LP 1879325) - d/p/ubuntu-aa/lp-1871354*: fix apparmor denials on libpmem init (LP 1871354) - d/p/ubuntu/CVE-CVE-2020-10701-api-disallow-virDomainAgentSetResponseTimeout -on-rea.patch: avoid DOS through read only connections CVE-2020-10701 - d/p/ubuntu/lp-1867460-*: fix domcapabilities before capabilities and binary autodetection in general (LP 1867460) - d/p/stable/lp-1868539-*: stabilize libvirt by backporting upstream fixes (LP 1868539) - d/p/ubuntu/lp-1853200*: add cpu models without hle/rtm features to have modern types on kernels with recent security fixes (LP 1853200) - d/p/ubuntu/lp-1868528-*: Fail when fetching CPU Status for invalid CPU (LP 1868528) - d/p/ubuntu/lp-1865425-*: avoid killing the monitor job in qemuDomainSetTimeAgent (LP 1865425) - d/p/ubuntu-aa/virt-aa-helper-Add-support-for-smartcard-host-certif.patch: allow emulation of smartcard via host certificates - d/p/ubuntu/lp-1861125-*: fix non host-model migrations from old machine types (LP 1861125) - d/p/ubuntu-aa/apparmor-allow-to-call-vhost-user-gpu.patch: do not apparmor block vhost-user-gpu usage - d/p/ubuntu/lp-1655111*: fix qemu_bridge_helper to work with named profiles (LP 1655111) * Dropped changes (no more needed): - d/control: make libvirt-daemon-driver-storage-rbd a recommend instead of just a suggest. This was deprecated since bionic and now will be dropped. - Update Vcs-Git and Vcs-Browser fields to point to launchpad - d/control: VCS links to use generic Ubuntu launchpad git URLs - refreshed patches for libvirt v6.0.0 - d/libvirt-daemon-system.postrm: change order of libvirt-qemu removal to avoid error messages on purge [deluser/delgroup no more report warnings] - "Additional apport package-hook": due to context auto updates d/libvirt-daemon.install had bad entries which are no more required. - d/control, d/rules: Disable rbd and zfs on riscv64 where they are unavailable (LP 1872952) * Added Changes: - d/control: breaks replaces for augeas lenses move in 6.0.0-1 (follows Debian, droppable >22.04) - refresh ubuntu patches for 6.6 - d/p/ubuntu-aa/0050-local-include-for-libvirt-qemu.patch - d/p/ubuntu-aa/0034-apparmor-virt-aa-helper-access-for-snapped-nova.patch - d/p/ubuntu-aa/0020-virt-aa-helper-ubuntu-storage-paths.patch - d/p/ubuntu/dnsmasq-as-priv-user - d/p/ubuntu/Allow-libvirt-group-to-access-the-socket.patch - d/p/ubuntu/daemon-augeas-fix-expected.patch - d/libvirt-daemon-system.postinst: fix bashism in dnsmasq related enhancements - d/p/ubuntu/wait-for-qemu-kvm.patch - avoid hangs on startup (LP: #1887592) - d/libvirt-clients.lintian-overrides: profile scripts are non executable - d/p/ubuntu-aa/apparmor-allow-unmounting-.dev-entries.patch: avoid triggering denials in devmapper error path - d/p/ubuntu-aa/pparmor-profiles-are-meant-to-allow-adding-permanen.patch: (again) allow permanent per guest overrides (LP: #1745114) - d/control: drop mdevctl to a suggest until (LP 1889248) is ready . libvirt (6.6.0-1) unstable; urgency=medium . * Team upload . [ Andrea Bolognani ] * [ecdcc72] New upstream version 6.6.0 Includes fix for CVE-2020-14339 (Closes: #966563) * [751e146] upstream: Add key for Jiří Denemark * [ab2a1b4] control: Add Build-Depends on libtirpc-dev * [8714f7d] control: Drop Build-Depends on libncurses5-dev. * [1137e33] patches: Assign topic to all patches. * [51e52ab] patches: Reorder patches. . [ Christian Ehrhardt ] * [ceab403] d/control, d/rules: feature architecture parity. Enable systemtap, numa and numad on more architectures. * [dd2d1a9] Drop d/p/apparmor-Allow-[....]-name-service-.patch. Doesn't seem to be necessary anymore. * [d31eba5] fix device mapper issues. Add the following backports: - virdevmapper-Don-t-cache-device-mapper-major.patch - virdevmapper-Ignore-all-errors-when-opening-dev-mapper-co.patch - virdevmapper-Handle-kernel-without-device-mapper-support.patch * [3145e31] tools: fix libvirt-guests.sh text assignments Add the following backports: - tools-fix-libvirt-guests.sh-text-assignments.patch . libvirt (6.5.0-1) unstable; urgency=medium . * Team upload . * [38c0fa7] New upstream version 6.5.0 * [b8a07b4] control: Add Recommends for mdevctl . libvirt (6.4.0-2) unstable; urgency=medium . [ Christian Ehrhardt ] * [d0f7eb5] enable attr support to be able to store XATTR labels. Among other things this allows to properly restore file ownership - d/control: build depend on libattr1-dev - d/rules: configure --with-attr Fixes: https://bugs.launchpad.net/ubuntu/+source/libvirt/+bug/691590 . [ Andrea Bolognani ] * Use consistent layout in packaging files . libvirt (6.4.0-1) experimental; urgency=medium . * Team upload . * [1662a90] New upstream version 6.4.0 Includes a fix for CVE-2020-14301 (Closes: #963474) * [ad19936] patches: Drop tests-Mock-[...]-for-qemuhotplug.patch * [bfc4f8b] rules: Install upstream release notes * [995991b] control: Set Rules-Requires-Root: no * [dd75022] control: Bump Standards-Version to 4.5.0 * [fa6aefb] rules: Enable 'bindnow' hardening option . libvirt (6.2.0-1) experimental; urgency=medium . * Team upload . [ Guido Günther ] * Upload to experimental * [1b6982f] New upstream version 6.2.0 Contains fix for CVE-2020-10701. (Closes: #955841) Thanks to Carnil for the triage Contains fix for CVE-2020-12430. (Closes: #959447) . [ Andrea Bolognani ] * [ba77756] patches: Drop all gnulib-related patches Specifically: openpty-Skip-test-if-no-pty-is-available.patch Disable-gnulib-s-test-nonplocking-pipe.sh.patch test-posix_openpt-don-t-fail-on-EACCESS.patch * [2e0b5f1] patches: Add tests-Mock-[...]-for-qemuhotplug.patch Replaces: skip-qemuhotplugtest.patch * [7c1e182] debhelper: Use debhelper-compat package . libvirt (6.0.0-7) unstable; urgency=medium . [ Laurent Bigonville ] * [4e6f909] Disable polkit support on !linux, see: #927896 * [3ee1c87] Do not build-depends against libglusterfs-dev on non-linux architectures . [ Guido Günther ] * [41c33eb] Rediff patches * [da804f9] Backport fix for CVE-2020-10701. Thanks to Carnil for the triage (Closes: #955841) * [a5dd08c] d/rules: systemd: Also pass --no-restart-on-upgrade when using --no-start. . [ Andrea Bolognani ] * [0c6a3a0] salsa-ci: Create local pristine-tar branch. . libvirt (6.0.0-6) unstable; urgency=medium . [ Laurent Bigonville ] * [ea7b8b7] autopkgtest exits with 2 when there are skipped tests do not consider that as fatal . [ Guido Günther ] * [100e8aa] Don't start or restart socket units on package upgrades. Changes get picked up when the corresponding system unit is being restarted. This avoids problems when socket and service units of the same service get restarted together. See #955483 for details. * [ff981d5] Pass --no-auto to dh_instalsystemd. This avoids generation of restart snippets for services listed in `Also=` sections of the service units. Otherwise these get restarted but we want to avoid that and let systemd figure it out all by itself. See: #955483, #841095 . libvirt (6.0.0-5) unstable; urgency=medium . [ Guido Günther ] * [421e865] systemd: Don't restart libvirt-guests on upgrade (Closes: #955216) . [ Laurent Bigonville ] * [5f72035] Only run qemu test on amd64 (Closes: #955278) . libvirt (6.0.0-4) unstable; urgency=medium . * [d7df842] sysv: Don't restart libvirt-guests on upgrade (Closes: #954921) . libvirt (6.0.0-3) unstable; urgency=medium . * [de68a4b] Bump Breaks/conflicts. While there were conflicts/breaks for the driver split we moved the augeas lenses in 6.0.0-1. (Closes: #954032, #953894) . libvirt (6.0.0-2) unstable; urgency=medium . * Upload to unstable . libvirt (6.0.0-1) experimental; urgency=medium . [ Guido Günther ] * [33890b9] New upstream version 6.0.0 (Closes: #939552) * [c9f82be] gitlab-ci: Run autopkgtests . [ Christian Ehrhardt ] * [fa167bc] d/libnss-libvirt.lintian-overrides: accept having two nss so files * [bf48357] d/libvirt-daemon-system-sysv.lintian-overrides: not shipping systemd files. Packages are split intentionally, ignore this lintian warning. * [2278598] d/rules: also check build time self test results on all architectures * [c1be36a] d/rules: drop doc binary cleanup. * [6d60c3c] d/rules: don't ship split daemons just yet * [33f8dc4] d/p/skip-qemuhotplugtest.patch: fix qemuhotplugtest. Skip some elements of qemuhotplugtest that for now break in Debian/Ubuntu build environments. * [a1734f7] d/rules: add libvirt-guests.default to libvirt-daemon-system instead of libvirt-daemon-system-sysv * [69f6cfe] d/rules: install /etc/default/* files that are shared between sysv and systemd packages * [31be682] d/rules: install virtlockd for sysv (Closes: #880970) . [ Andrea Bolognani ] * [070d158] Install virt-login-shell-helper. This new binary was introduced in libvirt 5.7.0 and is necessary for virt-login-shell to work. * [143dafb] Install augeas lenses for all drivers. These slipped through the cracks when we moved from picking up the corresponding directories as a whole to listing the specific files we're interested in. * [efa4cfe] Remove all mentions of Devhelp. As of libvirt 5.8.0, the corresponding files are no longer generated. * [8ebd427] not-installed: Remove obsolete entries. Now that upstream's build system has been fixed and we're picking up the documentation from the install location rather than the source directory, the corresponding files will no longer be flagged by dh_missing. * [ce54aef] not-installed: List all split daemons files. Since we're not shipping split daemons yet, the corresponding binaries as well as systemd units and augeas lenses will be flagged by dh_missing if we don't list them here. * [391e39d] symbols: Drop LIBVIRT_5.9.0 libvirt 5.9.0 didn't introduce any new public symbols.