Ubuntu
libvirt package

Merge ~lvoytek/ubuntu/+source/libvirt:merge-lp2018082-mantic into ubuntu/+source/libvirt:debian/sid

  1. Git
  2. lp:~lvoytek/ubuntu/+source/libvirt
  3. merge-lp2018082-mantic
  4. Merge into debian/sid
Proposed by Lena Voytek
Status: Merged
Approved by: git-ubuntu bot
Approved revision: not available
Merge reported by: git-ubuntu bot
Merged at revision: 420ce175e3ed69ea741c432a97dd1ac90fbd80a6
Proposed branch: ~lvoytek/ubuntu/+source/libvirt:merge-lp2018082-mantic
Merge into: ubuntu/+source/libvirt:debian/sid
Diff against target: 10453 lines (+9470/-85)
37 files modified
debian/changelog (+8235/-41)
debian/control (+9/-7)
debian/libvirt-clients.install (+1/-0)
debian/libvirt-clients.lintian-overrides (+1/-0)
debian/libvirt-daemon-system.dirs (+2/-0)
debian/libvirt-daemon-system.install (+2/-0)
debian/libvirt-daemon-system.libvirt-guests.default (+2/-2)
debian/libvirt-daemon-system.postinst (+136/-0)
debian/libvirt-daemon-system.postrm (+24/-1)
debian/libvirt-daemon.README.Debian (+82/-22)
debian/libvirt-daemon.apport (+22/-0)
debian/libvirt-daemon.dnsmasq (+2/-0)
debian/libvirt-daemon.install (+1/-0)
debian/libvirt-uri.sh (+21/-0)
debian/patches/series (+19/-0)
debian/patches/ubuntu-aa/0020-virt-aa-helper-ubuntu-storage-paths.patch (+37/-0)
debian/patches/ubuntu-aa/0029-appmor-libvirt-qemu-Add-9p-support.patch (+34/-0)
debian/patches/ubuntu-aa/0031-virt-aa-helper-Ask-for-no-deny-rule-for-readonly-dis.patch (+43/-0)
debian/patches/ubuntu-aa/0032-apparmor-libvirt-qemu-Allow-reading-charm-specific-c.patch (+34/-0)
debian/patches/ubuntu-aa/0033-UBUNTU-only-apparmor-for-kvm.powerpc-LP-1680384.patch (+41/-0)
debian/patches/ubuntu-aa/0034-apparmor-virt-aa-helper-access-for-snapped-nova.patch (+28/-0)
debian/patches/ubuntu-aa/lp-1815910-allow-vhost-hotplug.patch (+57/-0)
debian/patches/ubuntu/Allow-libvirt-group-to-access-the-socket.patch (+50/-0)
debian/patches/ubuntu/daemon-augeas-fix-expected.patch (+21/-0)
debian/patches/ubuntu/dnsmasq-as-priv-user (+300/-0)
debian/patches/ubuntu/lp-1861125-ubuntu-models.patch (+21/-0)
debian/patches/ubuntu/ovmf_paths.patch (+54/-0)
debian/patches/ubuntu/set-default-machine-to-ubuntu.patch (+45/-0)
debian/patches/ubuntu/swtpm-by-swtpm-user.patch (+40/-0)
debian/patches/ubuntu/ubuntu_machine_type.patch (+14/-0)
debian/patches/ubuntu/wait-for-qemu-kvm.patch (+23/-0)
debian/polkit/60-libvirt.pkla (+6/-0)
debian/rules (+23/-4)
debian/tests/control (+3/-2)
debian/tests/smoke-lxc (+30/-4)
debian/tests/smoke-qemu-session (+5/-0)
debian/tests/smoke-qemu-session.xml (+2/-2)
Reviewer Review Type Date Requested Status
git-ubuntu bot Approve
Sergio Durigan Junior (community) Approve
Canonical Server Pending
Canonical Server Reporter Pending
Review via email: mp+448941@code.launchpad.net

Description of the change

Update to 9.6.0

PPA: https://launchpad.net/~lvoytek/+archive/ubuntu/libvirt-merge-mantic

autopkgtest results:

  libvirt @ amd64:
    10.08.23 16:42:45 Log πŸ—’οΈ βœ… Triggers: libvirt/9.6.0-1ubuntu1~ppa3
  libvirt @ arm64:
    10.08.23 17:26:26 Log πŸ—’οΈ βœ… Triggers: libvirt/9.6.0-1ubuntu1~ppa3
  libvirt @ armhf:
    10.08.23 16:32:47 Log πŸ—’οΈ βœ… Triggers: libvirt/9.6.0-1ubuntu1~ppa3
  libvirt @ ppc64el:
    10.08.23 16:36:16 Log πŸ—’οΈ βœ… Triggers: libvirt/9.6.0-1ubuntu1~ppa3
  libvirt @ s390x:
    10.08.23 16:42:03 Log πŸ—’οΈ βœ… Triggers: libvirt/9.6.0-1ubuntu1~ppa3

General testing results with horsea, etc TBA

To post a comment you must log in.
Revision history for this message
Sergio Durigan Junior (sergiodj) wrote :

Thanks, Lena.

A few comments about the overall state of the git repo:

- I noticed you create empty commits for the "Added changes"/"Dropped changes" headers in the changelog. That's alright, albeit unusual in my experience. But since those headers should be dropped in a subsequent merge anyway, having them as empty, separate commits should achieve the goal.

- I also noticed that you create empty commits before multi-item entries in the changelog. For example, commits 96bf86b85b ("- dnsmasq related enhancements") and 07a0c3919e ("- fix autopkgtests (LP 1899180)"). Unlike the case above, I think this can be problematic. When I perform the logical step during my merges I instruct git to get rid of empty commits for me, because the dropped commits from the previous merge will be empty (some people prefer to outright delete them during the merge where they're being dropped!). Having empty commits serve another purpose here would cause the subsequent changelog entry to be incomplete.

- I see that you're adding another commit to fix bug #2027838. While this does the job, I'd prefer if we don't add patch-over-patch in this case, given that d/libvirt-uri.sh has been added by our delta as well. In this cases, what I do is to modify the existing commit, extend its description to explain what was changed and then move it to "Added changes" (or create a new "Modified changes").

Other than that, it seems that the merge is OK. Builds are passing on the PPA and the dep8 results are happy. Unfortunately I don't think we can rely on horsea for extended testing this time because of the current problem with libvirt itself in the archive, but I'm hoping that this merge fixes the issues.

Thanks.

review: Needs Fixing
~lvoytek/ubuntu/+source/libvirt:merge-lp2018082-mantic updated
e14ed33... by Lena Voytek

    - dnsmasq related enhancements
      + run dnsmasq as libvirt-dnsmasq (LP: 1743718)

fd02042... by Lena Voytek

merge-changelogs

420ce17... by Lena Voytek

update-maintainer

36267a7... by Lena Voytek

reconstruct-changelog

Revision history for this message
Lena Voytek (lvoytek) wrote :

Thanks for the review! I cleaned up the commits such that the only empty ones are the dropped changes and the labels for dropped and modified changes. I also combined the libvirt-uri.sh commits and noted the update in modified changes

Revision history for this message
Sergio Durigan Junior (sergiodj) wrote :

Thanks, LGTM now. +1

review: Approve
Revision history for this message
git-ubuntu bot (git-ubuntu-bot) wrote :

Approvers: lvoytek, sergiodj
Uploaders: lvoytek, sergiodj
MP auto-approved

review: Approve
Revision history for this message
Lena Voytek (lvoytek) wrote :

Thanks! uploaded with rich history:

dput ubuntu ../libvirt_9.6.0-1ubuntu1_source.changes
D: Setting host argument.
Checking signature on .changes
gpg: ../libvirt_9.6.0-1ubuntu1_source.changes: Valid signature from 34B8AD7D9529E793
Checking signature on .dsc
gpg: ../libvirt_9.6.0-1ubuntu1.dsc: Valid signature from 34B8AD7D9529E793
Uploading to ubuntu (via ftp to upload.ubuntu.com):
  Uploading libvirt_9.6.0-1ubuntu1.dsc: done.
  Uploading libvirt_9.6.0.orig.tar.xz: done.
  Uploading libvirt_9.6.0.orig.tar.xz.asc: done.
  Uploading libvirt_9.6.0-1ubuntu1.debian.tar.xz: done.
  Uploading libvirt_9.6.0-1ubuntu1_source.buildinfo: done.
  Uploading libvirt_9.6.0-1ubuntu1_source.changes: done.
Successfully uploaded packages.

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
1diff --git a/debian/changelog b/debian/changelog
2index 82c619d..e0141ce 100644
3--- a/debian/changelog
4+++ b/debian/changelog
5@@ -1,3 +1,98 @@
6+libvirt (9.6.0-1ubuntu1) mantic; urgency=medium
7+
8+ * Merge with Debian unstable (LP: #2018082). Remaining changes:
9+ - Disable libssh2 support (universe dependency)
10+ - d/control: add libzfslinux-dev to build-deps
11+ - d/control: drop libvirt-lxc, vbox and xen drivers to suggest
12+ - debian/patches/ubuntu/ovmf_paths.patch: adjust paths to secboot.fd UEFI
13+ Secure Boot enabled variants of the OVMF firmware and variable store for
14+ the paths where we ship these files in Ubuntu.
15+ - Set qemu-group to kvm (for compat with older ubuntu)
16+ - Additional apport package-hook
17+ - Autostart default bridged network (As upstream does, but not Debian).
18+ In addition to just enabling it our solution provides:
19+ + do not autostart if subnet is already taken (e.g. in guests).
20+ + iterate some alternative subnets before giving up
21+ - d/p/ubuntu/Allow-libvirt-group-to-access-the-socket.patch: This is
22+ the group based access to libvirt functions as it was used in Ubuntu
23+ for quite a long time.
24+ + d/p/ubuntu/daemon-augeas-fix-expected.patch fix some related tests
25+ due to the group access change.
26+ + d/libvirt-daemon-system.postinst: add users in sudo to the libvirt
27+ group.
28+ - Update README.Debian with Ubuntu changes
29+ - d/p/ubuntu/ubuntu_machine_type.patch: accept ubuntu types as pci440fx
30+ - fix autopkgtests (LP 1899180)
31+ + d/t/control, d/t/smoke-qemu-session: fixup smoke-qemu-session by making
32+ vmlinuz available and accessible (Debian bug 848314)
33+ + d/t/control: fix smoke-qemu-session by ensuring the service will run
34+ installing libvirt-daemon-system
35+ + d/t/smoke-lxc: fix smoke-lxc by ignoring potential issues on destroy as
36+ long as the following undefine succeeds
37+ + d/t/smoke-lxc: use systemd instead of sysV to restart the service
38+ + d/t/control, d/t/smoke-lxc: retry service restart and skip test if
39+ failing; This was flaky on some release/architectures
40+ + d/t/smoke-lxc: retry check_domain being flaky on arm64
41+ - dnsmasq related enhancements
42+ + run dnsmasq as libvirt-dnsmasq (LP 1743718)
43+ + d/libvirt-daemon-system.postinst: add libvirt-dnsmasq user and group
44+ + d/libvirt-daemon-system.postrm: remove libvirt-dnsmasq user and group
45+ on purge
46+ + d/p/ubuntu/dnsmasq-as-priv-user: write dnsmasq config with user
47+ libvirt-dnsmasq and adapt the self tests to expect that config
48+ + d/libvirt-daemon-system.postinst: fix old libvirt-dnsmasq users group
49+ + Add dnsmasq configuration to work with system wide dnsmasq-base
50+ - d/p/ubuntu/set-default-machine-to-ubuntu.patch: to select default
51+ machine type correctly with newer qemu/libvirt
52+ - d/p/ubuntu/lp-1861125-ubuntu-models: recognize Ubuntu models for
53+ (LP 1861125) fixups
54+ - d/p/ubuntu/wait-for-qemu-kvm.patch - avoid hangs on startup (LP 1887592)
55+ - d/libvirt-daemon-system.libvirt-guests.default: shut guests down
56+ in parallel
57+ - Apparmor Delta that is Ubuntu specific or yet to be upstreamed
58+ split into logical pieces. File names in debian/patches/ubuntu-aa/:
59+ + 0020-virt-aa-helper-ubuntu-storage-paths.patch:
60+ apparmor, virt-aa-helper: Allow various storage pools and image
61+ locations
62+ + 0029-appmor-libvirt-qemu-Add-9p-support.patch: appmor,
63+ libvirt-qemu: Add 9p support
64+ + 0031-virt-aa-helper-Ask-for-no-deny-rule-for-readonly-dis.patch:
65+ virt-aa-helper: Ask for no deny rule for readonly disk
66+ + 0032-apparmor-libvirt-qemu-Allow-reading-charm-specific-c.patch:
67+ apparmor, libvirt-qemu: Allow reading charm-specific ceph config
68+ + 0033-UBUNTU-only-apparmor-for-kvm.powerpc-LP-1680384.patch: allow
69+ commands executed by ubuntu only kvm wrapper on ppc64el
70+ (LP 1686621 LP 1680384 LP 1784023)
71+ + 0034-apparmor-virt-aa-helper-access-for-snapped-nova.patch:
72+ apparmor, virt-aa-helper: access for snapped nova
73+ + lp-1815910-allow-vhost-hotplug.patch: avoid apparmor issues
74+ with vhost-net/vhost-vsock/vhost-scsi hotplug (LP 1815910)
75+ - libvirt should not use user/group tss for swtpm (LP 1948880)
76+ + d/libvirt-daemon-system.postinst: own swtpm logdir by user swtpm
77+ + d/p/u/swtpm-by-swtpm-user.patch: change default spawned swtpm processes
78+ to user swtpm and adapt expected self test result changes triggered by
79+ this
80+ + d/libvirt-daemon-system.postinst: create user/group swtpm if not present
81+ due to swtpm-tools (LP 1951975)
82+ - revert "libvirt-daemon-system: Drop polkit rules in legacy pkla format"
83+ because policykit-1 > 121 isn't yet ready to go to main in lunar.
84+ (LP #2008830)
85+ - d/control: Use libc6-dev instead of libc-dev as a build dependency
86+ - d/libvirt-clients.lintian-overrides: Add script-not-executable lintian
87+ override
88+ * Dropped changes:
89+ - d/p/CVE-2023-3750.patch: Remove - fixed upstream
90+ - revert "libvirt-daemon-system: Drop polkit rules in legacy pkla format"
91+ This has been restored to match Debian because policykit-1 is now at
92+ a version greater than 121 in mantic
93+ * Modified changes:
94+ - libvirt-uri.sh, d/rules: Automatically switch default libvirt URI
95+ for users via user profile (xen URI on dom0, qemu:///system otherwise)
96+ + Update: Set LIBVIRT_DEFAULT_URI to "qemu:///system" in all
97+ cases, do not set to "xen:///" (LP #2027838)
98+
99+ -- Lena Voytek <lena.voytek@canonical.com> Mon, 14 Aug 2023 14:16:30 -0700
100+
101 libvirt (9.6.0-1) unstable; urgency=medium
102
103 * [74213a2] New upstream version 9.6.0
104@@ -8,6 +103,99 @@ libvirt (9.6.0-1) unstable; urgency=medium
105
106 -- Andrea Bolognani <eof@kiyuko.org> Sat, 05 Aug 2023 19:01:56 +0200
107
108+libvirt (9.5.0-2ubuntu2) mantic; urgency=medium
109+
110+ * Merge from Debian Unstable. Remaining changes:
111+ - libvirt-uri.sh, d/rules: Automatically switch default libvirt URI
112+ for users via user profile (xen URI on dom0, qemu:///system otherwise)
113+ - Disable libssh2 support (universe dependency)
114+ - d/control: add libzfslinux-dev to build-deps
115+ - d/control: drop libvirt-lxc, vbox and xen drivers to suggest
116+ - debian/patches/ubuntu/ovmf_paths.patch: adjust paths to secboot.fd UEFI
117+ Secure Boot enabled variants of the OVMF firmware and variable store for
118+ the paths where we ship these files in Ubuntu.
119+ - Set qemu-group to kvm (for compat with older ubuntu)
120+ - Additional apport package-hook
121+ - Autostart default bridged network (As upstream does, but not Debian).
122+ In addition to just enabling it our solution provides:
123+ + do not autostart if subnet is already taken (e.g. in guests).
124+ + iterate some alternative subnets before giving up
125+ - d/p/ubuntu/Allow-libvirt-group-to-access-the-socket.patch: This is
126+ the group based access to libvirt functions as it was used in Ubuntu
127+ for quite a long time.
128+ + d/p/ubuntu/daemon-augeas-fix-expected.patch fix some related tests
129+ due to the group access change.
130+ + d/libvirt-daemon-system.postinst: add users in sudo to the libvirt
131+ group.
132+ - Update README.Debian with Ubuntu changes
133+ - d/p/ubuntu/ubuntu_machine_type.patch: accept ubuntu types as pci440fx
134+ - fix autopkgtests (LP 1899180)
135+ + d/t/control, d/t/smoke-qemu-session: fixup smoke-qemu-session by making
136+ vmlinuz available and accessible (Debian bug 848314)
137+ + d/t/control: fix smoke-qemu-session by ensuring the service will run
138+ installing libvirt-daemon-system
139+ + d/t/smoke-lxc: fix smoke-lxc by ignoring potential issues on destroy as
140+ long as the following undefine succeeds
141+ + d/t/smoke-lxc: use systemd instead of sysV to restart the service
142+ + d/t/control, d/t/smoke-lxc: retry service restart and skip test if
143+ failing; This was flaky on some release/architectures
144+ + d/t/smoke-lxc: retry check_domain being flaky on arm64
145+ - dnsmasq related enhancements
146+ + run dnsmasq as libvirt-dnsmasq (LP: 1743718)
147+ + d/libvirt-daemon-system.postinst: add libvirt-dnsmasq user and group
148+ + d/libvirt-daemon-system.postrm: remove libvirt-dnsmasq user and group
149+ on purge
150+ + d/p/ubuntu/dnsmasq-as-priv-user: write dnsmasq config with user
151+ libvirt-dnsmasq and adapt the self tests to expect that config
152+ + d/libvirt-daemon-system.postinst: fix old libvirt-dnsmasq users group
153+ + Add dnsmasq configuration to work with system wide dnsmasq-base
154+ - d/p/ubuntu/set-default-machine-to-ubuntu.patch: to select default
155+ machine type correctly with newer qemu/libvirt
156+ - d/p/ubuntu/lp-1861125-ubuntu-models: recognize Ubuntu models for
157+ (LP 1861125) fixups
158+ - d/p/ubuntu/wait-for-qemu-kvm.patch - avoid hangs on startup (LP 1887592)
159+ - d/libvirt-daemon-system.libvirt-guests.default: shut guests down
160+ in parallel
161+ - Apparmor Delta that is Ubuntu specific or yet to be upstreamed
162+ split into logical pieces. File names in debian/patches/ubuntu-aa/:
163+ + 0020-virt-aa-helper-ubuntu-storage-paths.patch:
164+ apparmor, virt-aa-helper: Allow various storage pools and image
165+ locations
166+ + 0029-appmor-libvirt-qemu-Add-9p-support.patch: appmor,
167+ libvirt-qemu: Add 9p support
168+ + 0031-virt-aa-helper-Ask-for-no-deny-rule-for-readonly-dis.patch:
169+ virt-aa-helper: Ask for no deny rule for readonly disk
170+ + 0032-apparmor-libvirt-qemu-Allow-reading-charm-specific-c.patch:
171+ apparmor, libvirt-qemu: Allow reading charm-specific ceph config
172+ + 0033-UBUNTU-only-apparmor-for-kvm.powerpc-LP-1680384.patch: allow
173+ commands executed by ubuntu only kvm wrapper on ppc64el
174+ (LP 1686621 LP 1680384 LP 1784023)
175+ + 0034-apparmor-virt-aa-helper-access-for-snapped-nova.patch:
176+ apparmor, virt-aa-helper: access for snapped nova
177+ + lp-1815910-allow-vhost-net.patch: avoid apparmor issues
178+ with vhost-net/vhost-vsock/vhost-scsi hotplug (LP: 1815910)
179+ - libvirt should not use user/group tss for swtpm (LP 1948880)
180+ + d/libvirt-daemon-system.postinst: own swtpm logdir by user swtpm
181+ + d/p/u/swtpm-by-swtpm-user.patch: change default spawned swtpm processes
182+ to user swtpm and adapt expected self test result changes triggered by
183+ this
184+ + d/libvirt-daemon-system.postinst: create user/group swtpm if not present
185+ due to swtpm-tools (LP 1951975)
186+ - revert "libvirt-daemon-system: Drop polkit rules in legacy pkla format"
187+ because policykit-1 > 121 isn't yet ready to go to main in lunar.
188+ (LP: #2008830)
189+ - SECURITY UPDATE: denial of service via improper locking
190+ + debian/patches/CVE-2023-3750.patch: fix returning of locked objects
191+ from virStoragePoolObjListSearch in src/conf/virstorageobj.c.
192+ + CVE-2023-3750
193+ * Dropped changes [upstream now]:
194+ - SECURITY UPDATE: DoS via memleak in SR-IOV PCI device capabilities
195+ + debian/patches/CVE-2023-2700.patch: resolve leak in
196+ virPCIVirtualFunctionList cleanup in src/util/virpci.c.
197+ + CVE-2023-2700
198+
199+ -- Simon Quigley <tsimonq2@ubuntu.com> Wed, 26 Jul 2023 12:52:15 -0500
200+
201 libvirt (9.5.0-2) unstable; urgency=medium
202
203 [ Pino Toscano ]
204@@ -83,6 +271,130 @@ libvirt (9.1.0-1) experimental; urgency=medium
205
206 -- Andrea Bolognani <eof@kiyuko.org> Sat, 04 Mar 2023 11:10:04 +0100
207
208+libvirt (9.0.0-2ubuntu3) mantic; urgency=medium
209+
210+ * SECURITY UPDATE: denial of service via improper locking
211+ - debian/patches/CVE-2023-3750.patch: fix returning of locked objects
212+ from virStoragePoolObjListSearch in src/conf/virstorageobj.c.
213+ - CVE-2023-3750
214+
215+ -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Tue, 25 Jul 2023 09:09:55 -0400
216+
217+libvirt (9.0.0-2ubuntu2) mantic; urgency=medium
218+
219+ * SECURITY UPDATE: DoS via memleak in SR-IOV PCI device capabilities
220+ - debian/patches/CVE-2023-2700.patch: resolve leak in
221+ virPCIVirtualFunctionList cleanup in src/util/virpci.c.
222+ - CVE-2023-2700
223+
224+ -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Fri, 26 May 2023 10:05:18 -0400
225+
226+libvirt (9.0.0-2ubuntu1) lunar; urgency=medium
227+
228+ * Merge 9.0.0-2 from Debian unstable (LP: #1993412)
229+ Also resolved the ask for a rebuild against recent libxen (LP: #2004163)
230+ Remaining changes:
231+ - libvirt-uri.sh, d/rules: Automatically switch default libvirt URI
232+ for users via user profile (xen URI on dom0, qemu:///system otherwise)
233+ - Disable libssh2 support (universe dependency)
234+ - d/control: add libzfslinux-dev to build-deps
235+ - d/control: drop libvirt-lxc, vbox and xen drivers to suggest
236+ - debian/patches/ubuntu/ovmf_paths.patch: adjust paths to secboot.fd UEFI
237+ Secure Boot enabled variants of the OVMF firmware and variable store for
238+ the paths where we ship these files in Ubuntu.
239+ - Set qemu-group to kvm (for compat with older ubuntu)
240+ - Additional apport package-hook
241+ - Autostart default bridged network (As upstream does, but not Debian).
242+ In addition to just enabling it our solution provides:
243+ + do not autostart if subnet is already taken (e.g. in guests).
244+ + iterate some alternative subnets before giving up
245+ - d/p/ubuntu/Allow-libvirt-group-to-access-the-socket.patch: This is
246+ the group based access to libvirt functions as it was used in Ubuntu
247+ for quite a long time.
248+ + d/p/ubuntu/daemon-augeas-fix-expected.patch fix some related tests
249+ due to the group access change.
250+ + d/libvirt-daemon-system.postinst: add users in sudo to the libvirt
251+ group.
252+ - Update README.Debian with Ubuntu changes
253+ - d/p/ubuntu/ubuntu_machine_type.patch: accept ubuntu types as pci440fx
254+ - fix autopkgtests (LP 1899180)
255+ + d/t/control, d/t/smoke-qemu-session: fixup smoke-qemu-session by making
256+ vmlinuz available and accessible (Debian bug 848314)
257+ + d/t/control: fix smoke-qemu-session by ensuring the service will run
258+ installing libvirt-daemon-system
259+ + d/t/smoke-lxc: fix smoke-lxc by ignoring potential issues on destroy as
260+ long as the following undefine succeeds
261+ + d/t/smoke-lxc: use systemd instead of sysV to restart the service
262+ + d/t/control, d/t/smoke-lxc: retry service restart and skip test if
263+ failing; This was flaky on some release/architectures
264+ + d/t/smoke-lxc: retry check_domain being flaky on arm64
265+ - dnsmasq related enhancements
266+ + run dnsmasq as libvirt-dnsmasq (LP: 1743718)
267+ + d/libvirt-daemon-system.postinst: add libvirt-dnsmasq user and group
268+ + d/libvirt-daemon-system.postrm: remove libvirt-dnsmasq user and group
269+ on purge
270+ + d/p/ubuntu/dnsmasq-as-priv-user: write dnsmasq config with user
271+ libvirt-dnsmasq and adapt the self tests to expect that config
272+ + d/libvirt-daemon-system.postinst: fix old libvirt-dnsmasq users group
273+ + Add dnsmasq configuration to work with system wide dnsmasq-base
274+ - d/p/ubuntu/set-default-machine-to-ubuntu.patch: to select default
275+ machine type correctly with newer qemu/libvirt
276+ - d/p/ubuntu/lp-1861125-ubuntu-models: recognize Ubuntu models for
277+ (LP 1861125) fixups
278+ - d/p/ubuntu/wait-for-qemu-kvm.patch - avoid hangs on startup (LP 1887592)
279+ - d/libvirt-daemon-system.libvirt-guests.default: shut guests down
280+ in parallel
281+ - Apparmor Delta that is Ubuntu specific or yet to be upstreamed
282+ split into logical pieces. File names in debian/patches/ubuntu-aa/:
283+ + 0020-virt-aa-helper-ubuntu-storage-paths.patch:
284+ apparmor, virt-aa-helper: Allow various storage pools and image
285+ locations
286+ + 0029-appmor-libvirt-qemu-Add-9p-support.patch: appmor,
287+ libvirt-qemu: Add 9p support
288+ + 0031-virt-aa-helper-Ask-for-no-deny-rule-for-readonly-dis.patch:
289+ virt-aa-helper: Ask for no deny rule for readonly disk
290+ + 0032-apparmor-libvirt-qemu-Allow-reading-charm-specific-c.patch:
291+ apparmor, libvirt-qemu: Allow reading charm-specific ceph config
292+ + 0033-UBUNTU-only-apparmor-for-kvm.powerpc-LP-1680384.patch: allow
293+ commands executed by ubuntu only kvm wrapper on ppc64el
294+ (LP 1686621 LP 1680384 LP 1784023)
295+ + 0034-apparmor-virt-aa-helper-access-for-snapped-nova.patch:
296+ apparmor, virt-aa-helper: access for snapped nova
297+ + lp-1815910-allow-vhost-net.patch: avoid apparmor issues
298+ with vhost-net/vhost-vsock/vhost-scsi hotplug (LP: 1815910)
299+ - libvirt should not use user/group tss for swtpm (LP 1948880)
300+ + d/libvirt-daemon-system.postinst: own swtpm logdir by user swtpm
301+ + d/p/u/swtpm-by-swtpm-user.patch: change default spawned swtpm processes
302+ to user swtpm and adapt expected self test result changes triggered by
303+ this
304+ + d/libvirt-daemon-system.postinst: create user/group swtpm if not present
305+ due to swtpm-tools (LP 1951975)
306+ * Dropped changes [upstream now]:
307+ - d/p/u/tests-Fix-libxlxml2domconfigtest-with-latest-xen.patch: fix FTBFS
308+ with latest libxl [v8.10.0]
309+ - d/p/u/fix-swtpm-pid-duplication.patch: Clean up swtpm pids after a vm
310+ shuts down (LP 1997269) [v8.7.0]
311+ - d/p/u/lp-1993304-apparmor-allow-getattr-on-usb-devices.patch: prevent
312+ apparmor denials on USB forwarding (LP 1993304) [v8.10.0]
313+ - d/p/u/lp-1996176-nodedev-ignore-EINVAL-from-libudev-in-udevEventHandl:
314+ tolerate the impact of too large udev data avoiding a busy loop
315+ (LP 1996176) [v8.10.0]
316+ - d/p/u/lp-1990499-virt-aa-helper-allow-common-riscv64-loader-paths.patch:
317+ easen the use of riscv64 through libvirt (LP 1990499) [v8.9.0]
318+ - d/p/u/lp-1990949-virpcivpd-reduce-errors-in-log-due-to-invalid-VPD.patch:
319+ reduce log noise by invalid VPD data (LP 1990949) [v8.7.0]
320+ * Dropped changes [in Debian now]:
321+ - [f35cf09] d/rules: update path of ci-dashboard removal [8.9.0-1]
322+ - [a54d904] New upstream version 8.6.0 [8.9.0-1]
323+ - patch refreshes and .symbols updated from 8.5.0 -> 8.6.0 [8.9.0-1]
324+ - d/control: suggest swtpm-tools [8.10.0-1]
325+ * Added changes:
326+ - revert "libvirt-daemon-system: Drop polkit rules in legacy pkla format"
327+ because policykit-1 > 121 isn't yet ready to go to main in lunar.
328+ (LP: #2008830)
329+
330+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Wed, 01 Mar 2023 07:56:39 +0100
331+
332 libvirt (9.0.0-2) unstable; urgency=medium
333
334 * [de81410] patches: Add backports
335@@ -180,6 +492,171 @@ libvirt (8.9.0-1) unstable; urgency=medium
336
337 -- Andrea Bolognani <eof@kiyuko.org> Sat, 19 Nov 2022 23:00:34 +0100
338
339+libvirt (8.6.0-0ubuntu5) lunar; urgency=medium
340+
341+ * d/p/u/tests-Fix-libxlxml2domconfigtest-with-latest-xen.patch: fix FTBFS
342+ with latest libxl
343+
344+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Tue, 22 Nov 2022 16:13:36 +0100
345+
346+libvirt (8.6.0-0ubuntu4) lunar; urgency=medium
347+
348+ [ Lena Voytek ]
349+ * d/p/u/fix-swtpm-pid-duplication.patch: Clean up swtpm pids after a vm
350+ shuts down (LP: #1997269)
351+
352+ [Christian Ehrhardt ]
353+ * d/p/u/lp-1993304-apparmor-allow-getattr-on-usb-devices.patch: prevent
354+ apparmor denials on USB forwarding (LP: #1993304)
355+ * d/p/u/lp-1996176-nodedev-ignore-EINVAL-from-libudev-in-udevEventHandl.patch:
356+ tolerate the impact of too large udev data avoiding a busy loop
357+ (LP: #1996176)
358+
359+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Tue, 22 Nov 2022 11:21:30 +0100
360+
361+libvirt (8.6.0-0ubuntu3) kinetic; urgency=medium
362+
363+ * d/p/u/lp-1990499-virt-aa-helper-allow-common-riscv64-loader-paths.patch:
364+ easen the use of riscv64 through libvirt (LP: #1990499)
365+ * d/p/u/lp-1990949-virpcivpd-reduce-errors-in-log-due-to-invalid-VPD.patch:
366+ reduce log noise by invalid VPD data (LP: #1990949)
367+
368+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Tue, 04 Oct 2022 08:29:46 +0200
369+
370+libvirt (8.6.0-0ubuntu2) kinetic; urgency=medium
371+
372+ * d/p/libvirt-daemon-system.postinst: default network autostart
373+ handling needs to happen before services start (LP: #1990853)
374+
375+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Wed, 28 Sep 2022 08:36:15 +0200
376+
377+libvirt (8.6.0-0ubuntu1) kinetic; urgency=medium
378+
379+ * Merge 8.0.0 from Debian unstable (LP: #1971289)
380+ Among many other fixes and improvements this fixes:
381+ - support for minor NFS versions (LP: #1980134)
382+ - launching VMs with SGX enabled (LP: #1982896)
383+ Remaining changes:
384+ - libvirt-uri.sh, d/rules: Automatically switch default libvirt URI
385+ for users via user profile (xen URI on dom0, qemu:///system otherwise)
386+ - Disable libssh2 support (universe dependency)
387+ - d/control: add libzfslinux-dev to build-deps
388+ - d/control: drop libvirt-lxc, vbox and xen drivers to suggest
389+ - debian/patches/ubuntu/ovmf_paths.patch: adjust paths to secboot.fd UEFI
390+ Secure Boot enabled variants of the OVMF firmware and variable store for
391+ the paths where we ship these files in Ubuntu.
392+ - Set qemu-group to kvm (for compat with older ubuntu)
393+ - Additional apport package-hook
394+ - Autostart default bridged network (As upstream does, but not Debian).
395+ In addition to just enabling it our solution provides:
396+ + do not autostart if subnet is already taken (e.g. in guests).
397+ + iterate some alternative subnets before giving up
398+ - d/p/ubuntu/Allow-libvirt-group-to-access-the-socket.patch: This is
399+ the group based access to libvirt functions as it was used in Ubuntu
400+ for quite a long time.
401+ + d/p/ubuntu/daemon-augeas-fix-expected.patch fix some related tests
402+ due to the group access change.
403+ + d/libvirt-daemon-system.postinst: add users in sudo to the libvirt
404+ group.
405+ - Update README.Debian with Ubuntu changes
406+ - d/p/ubuntu/ubuntu_machine_type.patch: accept ubuntu types as pci440fx
407+ - fix autopkgtests (LP 1899180)
408+ + d/t/control, d/t/smoke-qemu-session: fixup smoke-qemu-session by making
409+ vmlinuz available and accessible (Debian bug 848314)
410+ + d/t/control: fix smoke-qemu-session by ensuring the service will run
411+ installing libvirt-daemon-system
412+ + d/t/smoke-lxc: fix smoke-lxc by ignoring potential issues on destroy as
413+ long as the following undefine succeeds
414+ + d/t/smoke-lxc: use systemd instead of sysV to restart the service
415+ + d/t/control, d/t/smoke-lxc: retry service restart and skip test if
416+ failing; This was flaky on some release/architectures
417+ + d/t/smoke-lxc: retry check_domain being flaky on arm64
418+ - dnsmasq related enhancements
419+ + run dnsmasq as libvirt-dnsmasq (LP: 1743718)
420+ + d/libvirt-daemon-system.postinst: add libvirt-dnsmasq user and group
421+ + d/libvirt-daemon-system.postrm: remove libvirt-dnsmasq user and group
422+ on purge
423+ + d/p/ubuntu/dnsmasq-as-priv-user: write dnsmasq config with user
424+ libvirt-dnsmasq and adapt the self tests to expect that config
425+ + d/libvirt-daemon-system.postinst: fix old libvirt-dnsmasq users group
426+ + Add dnsmasq configuration to work with system wide dnsmasq-base
427+ - d/p/ubuntu/set-default-machine-to-ubuntu.patch: to select default
428+ machine type correctly with newer qemu/libvirt
429+ - d/p/ubuntu/lp-1861125-ubuntu-models: recognize Ubuntu models for
430+ (LP 1861125) fixups
431+ - d/p/ubuntu/wait-for-qemu-kvm.patch - avoid hangs on startup (LP 1887592)
432+ - Apparmor Delta that is Ubuntu specific or yet to be upstreamed
433+ split into logical pieces. File names in debian/patches/ubuntu-aa/:
434+ + 0020-virt-aa-helper-ubuntu-storage-paths.patch:
435+ apparmor, virt-aa-helper: Allow various storage pools and image
436+ locations
437+ + 0029-appmor-libvirt-qemu-Add-9p-support.patch: appmor,
438+ libvirt-qemu: Add 9p support
439+ + 0031-virt-aa-helper-Ask-for-no-deny-rule-for-readonly-dis.patch:
440+ virt-aa-helper: Ask for no deny rule for readonly disk
441+ + 0032-apparmor-libvirt-qemu-Allow-reading-charm-specific-c.patch:
442+ apparmor, libvirt-qemu: Allow reading charm-specific ceph config
443+ + 0033-UBUNTU-only-apparmor-for-kvm.powerpc-LP-1680384.patch: allow
444+ commands executed by ubuntu only kvm wrapper on ppc64el
445+ (LP 1686621 LP 1680384 LP 1784023)
446+ + 0034-apparmor-virt-aa-helper-access-for-snapped-nova.patch:
447+ apparmor, virt-aa-helper: access for snapped nova
448+ + lp-1815910-allow-vhost-net.patch: avoid apparmor issues
449+ with vhost-net/vhost-vsock/vhost-scsi hotplug (LP: 1815910)
450+ - libvirt should not use user/group tss for swtpm (LP 1948880)
451+ + d/libvirt-daemon-system.postinst: own swtpm logdir by user swtpm
452+ + d/p/u/swtpm-by-swtpm-user.patch: change default spawned swtpm processes
453+ to user swtpm and adapt expected self test result changes triggered by
454+ this
455+ + d/control: suggest swtpm-tools
456+ + d/libvirt-daemon-system.postinst: create user/group swtpm if not present
457+ due to swtpm-tools (LP 1951975)
458+ * Dropped changes [upstream now]:
459+ - d/p/backport/qemuDomainSetupDisk-Initialize-targetPaths.patch to work
460+ in containers like LXD (without guest start would hang).
461+ [8.1.0]
462+ - d/p/backport/util-fix-syslog-facility-value.patch to ensure logs
463+ get passed to syslog/journal correctly.
464+ [8.1.0]
465+ - apparmor: Fix QEMU access for UEFI variable files. Backported from
466+ upstream master commit 7aec69b7fb9d0c. (Closes 1006324, LP 1962035)
467+ Refresh apparmor_profiles_local_include.patch to resolve the conflict.
468+ [8.2.0]
469+ - d/p/ubuntu-aa/0035-apparmor-separate-swtpm-rules.patch: Patch the libvirtd
470+ and libvirt-qemu apparmor profiles to allow swtpm to use its own profile
471+ (LP 1968187)
472+ [8.3.0]
473+ - d/p/u/lp-1972075-Allow-VM-to-read-sysfs-PCI-config-revision-files.patch:
474+ apparmor allow new paths used for GL accelerated video (LP 1972075)
475+ [8.4.0]
476+ * Dropped changes [no more needed]:
477+ - d/control: breaks replaces for augeas lenses move in 6.0.0-1
478+ * Added changes:
479+ - parallel-shutdown: upstream no more ships libvirt-guests defaults, so
480+ the Ubuntu customization of it moved to the file replacing it added
481+ in 8.1.0-1 now in d/libvirt-daemon-system.libvirt-guests.default
482+ replacing the former "d/p/u/parallel-shutdown.patch: set parallel
483+ shutdown by default."
484+ - update patches to match 8.6.0
485+ + d/p/u-aa/0032-apparmor-libvirt-qemu-Allow-reading-charm-specific-c.patch
486+ + d/p/u/Allow-libvirt-group-to-access-the-socket.patch
487+ + d/p/u-aa/lp-1815910-allow-vhost-hotplug.patch
488+ + d/p/u/ovmf_paths.patch
489+ + d/p/u/swtpm-by-swtpm-user.patch
490+ + d/p/u/dnsmasq-as-priv-user
491+
492+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Fri, 12 Aug 2022 10:34:29 +0200
493+
494+libvirt (8.6.0-0) UNRELEASED; urgency=medium
495+
496+ [ Christian Ehrhardt ]
497+ * [f35cf09] d/rules: update path of ci-dashboard removal
498+
499+ [ Andrea Bolognani ]
500+ * [a54d904] New upstream version 8.6.0
501+
502+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Thu, 11 Aug 2022 10:28:25 +0200
503+
504 libvirt (8.5.0-2) experimental; urgency=medium
505
506 * [6c9bffb] Implement custom handling for systemd units
507@@ -259,6 +736,188 @@ libvirt (8.1.0-1) experimental; urgency=medium
508
509 -- Andrea Bolognani <eof@kiyuko.org> Tue, 15 Mar 2022 23:53:49 +0100
510
511+libvirt (8.0.0-1ubuntu8) kinetic; urgency=medium
512+
513+ * d/p/u/lp-1972075-Allow-VM-to-read-sysfs-PCI-config-revision-files.patch:
514+ apparmor allow new paths used for GL accelerated video (LP: #1972075)
515+
516+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Thu, 19 May 2022 08:14:48 +0200
517+
518+libvirt (8.0.0-1ubuntu7) jammy; urgency=medium
519+
520+ * d/p/ubuntu-aa/0035-apparmor-separate-swtpm-rules.patch: Patch the libvirtd
521+ and libvirt-qemu apparmor profiles to allow swtpm to use its own profile
522+ (LP: #1968187)
523+
524+ -- Lena Voytek <lena.voytek@canonical.com> Tue, 12 Apr 2022 10:04:05 -0700
525+
526+libvirt (8.0.0-1ubuntu6) jammy; urgency=medium
527+
528+ * d/control: recommend swtpm-tools (LP: #1948748)
529+
530+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Mon, 04 Apr 2022 07:30:15 +0200
531+
532+libvirt (8.0.0-1ubuntu5) jammy; urgency=medium
533+
534+ * apparmor: Fix QEMU access for UEFI variable files. Backported from
535+ upstream master commit 7aec69b7fb9d0c. (Closes: #1006324, LP: #1962035)
536+ Refresh apparmor_profiles_local_include.patch to resolve the conflict.
537+
538+ -- Martin Pitt <martin.pitt@ubuntu.com> Wed, 09 Mar 2022 13:43:40 +0100
539+
540+libvirt (8.0.0-1ubuntu4) jammy; urgency=medium
541+
542+ * No-change rebuild against libwireshark15.
543+
544+ -- Steve Langasek <steve.langasek@ubuntu.com> Mon, 07 Mar 2022 18:34:34 +0000
545+
546+libvirt (8.0.0-1ubuntu3) jammy; urgency=medium
547+
548+ * Revert "d/rules, d/libvirt-daemon-system.{postinst,prerm}: never stop
549+ system services and sockets."
550+ Due to the fix being in debhelper we no more need this mitigation now.
551+ (LP: #1959054)
552+
553+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Thu, 17 Feb 2022 10:08:01 +0100
554+
555+libvirt (8.0.0-1ubuntu2) jammy; urgency=medium
556+
557+ * No-change rebuild to update maintainer scripts, see LP: 1959054
558+
559+ -- Dave Jones <dave.jones@canonical.com> Wed, 16 Feb 2022 17:04:47 +0000
560+
561+libvirt (8.0.0-1ubuntu1) jammy; urgency=medium
562+
563+ * Merge 8.0.0 from Debian unstable (LP: #1946869)
564+ Among many other fixes and improvements this fixes ceph usage
565+ in regard to apparmor (LP: #1588576)
566+ Remaining changes:
567+ - libvirt-uri.sh: Automatically switch default libvirt URI for users
568+ via user profile (xen URI on dom0, qemu:///system otherwise)
569+ [contains lintian fixups of 6.6.0-1ubuntu1]
570+ - Disable libssh2 support (universe dependency)
571+ - d/control: add libzfslinux-dev to build-deps
572+ - d/control: drop libvirt-lxc, vbox and xen drivers to suggest
573+ - d/control: breaks replaces for augeas lenses move in 6.0.0-1
574+ (follows Debian, droppable >22.04)
575+ - debian/patches/ubuntu/ovmf_paths.patch: adjust paths to secboot.fd UEFI
576+ Secure Boot enabled variants of the OVMF firmware and variable store for
577+ the paths where we ship these files in Ubuntu.
578+ - Set qemu-group to kvm (for compat with older ubuntu)
579+ - Additional apport package-hook
580+ - Autostart default bridged network (As upstream does, but not Debian).
581+ In addition to just enabling it our solution provides:
582+ + do not autostart if subnet is already taken (e.g. in guests).
583+ + iterate some alternative subnets before giving up
584+ - d/p/ubuntu/Allow-libvirt-group-to-access-the-socket.patch: This is
585+ the group based access to libvirt functions as it was used in Ubuntu
586+ for quite a long time.
587+ + d/p/ubuntu/daemon-augeas-fix-expected.patch fix some related tests
588+ due to the group access change.
589+ + d/libvirt-daemon-system.postinst: add users in sudo to the libvirt
590+ group.
591+ - d/p/u/parallel-shutdown.patch: set parallel shutdown by default.
592+ - Update README.Debian with Ubuntu changes
593+ - d/p/ubuntu/ubuntu_machine_type.patch: accept ubuntu types as pci440fx
594+ - fix autopkgtests (LP 1899180)
595+ + d/t/control, d/t/smoke-qemu-session: fixup smoke-qemu-session by making
596+ vmlinuz available and accessible (Debian bug 848314)
597+ + d/t/control: fix smoke-qemu-session by ensuring the service will run
598+ installing libvirt-daemon-system
599+ + d/t/smoke-qemu-session.xml: fixup smoke-qemu-session do not use kvm
600+ when not needed
601+ + d/t/smoke-lxc: fix smoke-lxc by ignoring potential issues on destroy as
602+ long as the following undefine succeeds
603+ + d/t/smoke-lxc: use systemd instead of sysV to restart the service
604+ + d/t/control, d/t/smoke-lxc: retry service restart and skip test if
605+ failing; This was flaky on some release/architectures
606+ + d/t/smoke-lxc: retry check_domain being flaky on arm64
607+ - dnsmasq related enhancements
608+ [now contains dnsmasq-as-priv-user of 6.6.0-1ubuntu1]
609+ + run dnsmasq as libvirt-dnsmasq (LP: 1743718)
610+ + d/libvirt-daemon-system.postinst: add libvirt-dnsmasq user and group
611+ + d/libvirt-daemon-system.postrm: remove libvirt-dnsmasq user and group
612+ on purge
613+ + d/p/ubuntu/dnsmasq-as-priv-user: write dnsmasq config with user
614+ libvirt-dnsmasq and adapt the self tests to expect that config
615+ + d/libvirt-daemon-system.postinst: fix old libvirt-dnsmasq users group
616+ + Add dnsmasq configuration to work with system wide dnsmasq-base
617+ - d/p/ubuntu/set-default-machine-to-ubuntu.patch: to select default
618+ machine type correctly with newer qemu/libvirt
619+ - d/p/ubuntu/lp-1861125-ubuntu-models: recognize Ubuntu models for
620+ (LP 1861125) fixups
621+ - d/p/ubuntu/wait-for-qemu-kvm.patch - avoid hangs on startup (LP 1887592)
622+ - Apparmor Delta that is Ubuntu specific or yet to be upstreamed
623+ split into logical pieces. File names in debian/patches/ubuntu-aa/:
624+ + 0020-virt-aa-helper-ubuntu-storage-paths.patch:
625+ apparmor, virt-aa-helper: Allow various storage pools and image
626+ locations
627+ + 0029-appmor-libvirt-qemu-Add-9p-support.patch: appmor,
628+ libvirt-qemu: Add 9p support
629+ + 0031-virt-aa-helper-Ask-for-no-deny-rule-for-readonly-dis.patch:
630+ virt-aa-helper: Ask for no deny rule for readonly disk (renamed and
631+ reworded, was virt-aa-helper-no-explicity-deny-for-basefiles.patch)
632+ + 0032-apparmor-libvirt-qemu-Allow-reading-charm-specific-c.patch:
633+ apparmor, libvirt-qemu: Allow reading charm-specific ceph config
634+ + 0033-UBUNTU-only-apparmor-for-kvm.powerpc-LP-1680384.patch: allow
635+ commands executed by ubuntu only kvm wrapper on ppc64el
636+ (LP 1686621 LP 1680384 LP 1784023)
637+ + 0034-apparmor-virt-aa-helper-access-for-snapped-nova.patch:
638+ apparmor, virt-aa-helper: access for snapped nova
639+ + lp-1815910-allow-vhost-net.patch: avoid apparmor issues
640+ with vhost-net/vhost-vsock/vhost-scsi hotplug (LP: 1815910)
641+ - libvirt should not use user/group tss for swtpm (LP 1948880)
642+ + d/libvirt-daemon-system.postinst: own swtpm logdir by user swtpm
643+ + d/p/u/swtpm-by-swtpm-user.patch: change default spawned swtpm processes
644+ to user swtpm
645+ + d/p/u/swtpm-by-swtpm-user.patch: adapt expected self test results
646+ + d/control: suggest swtpm-tools
647+ + d/libvirt-daemon-system.postinst: create user/group swtpm if not present
648+ due to swtpm-tools (LP 1951975)
649+ * Dropped changes [in Debian now]:
650+ - d/control: add libtirpc for rpc.h with glibc >=2.32
651+ - various patch refreshes and .symbols updated from 7.0.0 - 7.6.0
652+ - debian/rules: disable the netcf backend. (LP: 1764314)
653+ - d/libvirt-clients.install: completions no more are symlinked to vsh
654+ - d/rules: disable the now auto-built vstorage backend
655+ - not-installed: split daemon man pages are no yet installed
656+ - d/rules: disable the new Cloud Hypervisor driver
657+ - d/rules: enable more features explicitly
658+ - d/rules: use apparmor_profiles=enabled instead of the now rejected
659+ value true
660+ - rules: Explicitly set remote_default_mode
661+ - rules: Rework installation of AppArmor-related files
662+ - d/control, d/rules: enable libssh (LP 1939416)
663+ * Dropped changes [upstream now]:
664+ - d/p/u/lp-1913266-*: add vsock options to be usable with s390x secure
665+ execution (LP 1913266)
666+ - d/p/u/lp-1927519-virt-aa-helper-Purge-profile-if-corrupted.patch: avoid
667+ issues due to corrupted apparmor profiles (LP 1927519)
668+ - Toleration for qemu >=6.0 handling of props (LP 1932264)
669+ - Persistent vfio-ccw device assignments (LP 1887929)
670+ * Dropped changes [no more needed]:
671+ - remove Debian debian/Revert-m4-virt-xdr-rewrite-XDR-check.patch as with
672+ recent ubuntu glibx 2.32 it is breaking the build
673+ - update d/p/debian/Revert-m4-virt-xdr-rewrite-XDR-check.patch: to detect
674+ XDR functions from glibc
675+ - d/t/smoke-lxc: skip before systemd 248 due to a known bug (LP 1934966)
676+ - d/t/smoke-lxc: skip if cgroup v1&v2 are present (systemd 248
677+ was not enough)
678+ * Added changes:
679+ - d/p/u/dnsmasq-as-priv-user: update for 8.0.0
680+ - Add recent upstream fixes to 8.0
681+ + d/p/backport/qemuDomainSetupDisk-Initialize-targetPaths.patch to work
682+ in containers like LXD (without guest start would hang).
683+ + d/p/backport/util-fix-syslog-facility-value.patch to ensure logs
684+ get passed to syslog/journal correctly.
685+ - d/rules, d/libvirt-daemon-system.{postinst,postrm}: never stop
686+ libvirt system services and sockets (LP: #1959054). This allows
687+ to unblock some transitions that wait on libvirt now; The intention is
688+ that it is fixed in debhelper and libvirt reverts this change before
689+ jammy release.
690+
691+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Mon, 24 Jan 2022 08:49:08 +0100
692+
693 libvirt (8.0.0-1) unstable; urgency=medium
694
695 * [a26cc81] New upstream version 8.0.0
696@@ -361,6 +1020,112 @@ libvirt (7.6.0-1) unstable; urgency=medium
697
698 -- Andrea Bolognani <eof@kiyuko.org> Thu, 19 Aug 2021 21:16:21 +0200
699
700+libvirt (7.6.0-0ubuntu3) jammy; urgency=medium
701+
702+ * d/libvirt-daemon-system.postinst: create user/group swtpm if not present
703+ due to swtpm-tools (LP: #1951975)
704+
705+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Wed, 24 Nov 2021 07:50:53 +0100
706+
707+libvirt (7.6.0-0ubuntu2) jammy; urgency=medium
708+
709+ * d/p/u/lp-1927519-virt-aa-helper-Purge-profile-if-corrupted.patch: avoid
710+ issues due to corrupted apparmor profiles (LP: #1927519)
711+ * libvirt should not use user/group tss for swtpm (LP: #1948880)
712+ - d/libvirt-daemon-system.postinst: own swtpm logdir by user swtpm
713+ - d/p/u/swtpm-by-swtpm-user.patch: change default spawned swtpm processes
714+ to user swtpm
715+ - d/p/u/swtpm-by-swtpm-user.patch: adapt expected self test results
716+ - d/control: suggest swtpm-tools
717+
718+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Thu, 11 Nov 2021 12:11:38 +0100
719+
720+libvirt (7.6.0-0ubuntu1) impish; urgency=medium
721+
722+ * Merge v7.6.0 from upstream and unreleased changes from Debian git.
723+ Among other bugs this fixes copy-storage-inc based migrations (LP: #1936778)
724+ - New upstream version 7.5.0
725+ - New upstream version 7.6.0
726+ - symbols: Bump symbol versions
727+ - refresh d/p/debian/Set-defaults-for-zfs-tools.patch for v7.5.0
728+ - patches: Refresh patches
729+ - d/rules: disable the new Cloud Hypervisor driver
730+ - d/rules: enable more features explicitly
731+ - d/rules: use apparmor_profiles=enabled instead of the now rejected
732+ value true
733+ - update d/p/debian/Revert-m4-virt-xdr-rewrite-XDR-check.patch: to detect
734+ XDR functions from glibc
735+ * d/control, d/rules: enable libssh (LP: #1939416)
736+ * refresh ubuntu patches for v7.6.0
737+ * Further fixups for v7.6.0 (thanks to Andrea Bolognani)
738+ - rules: Explicitly set remote_default_mode
739+ - rules: Rework installation of AppArmor-related files
740+
741+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Wed, 11 Aug 2021 08:11:16 +0200
742+
743+libvirt (7.6.0-1) unstable; urgency=medium
744+
745+ * Team upload
746+
747+ [ Andrea Bolognani ]
748+ * [a256a80] New upstream version 7.6.0
749+ - Fixes CVE-2021-3667 (Closes: #991594)
750+ * [4a96793] rules: Disable netcf support
751+ - netcf support is considered deprecated upstream
752+
753+ [ Christian Ehrhardt ]
754+ * [ac145fd] d/rules: disable the new Cloud Hypervisor driver
755+ - Cloud Hypervisor is not available in Debian
756+ * [4bafac5] d/control, d/rules: enable libssh
757+ - Closes: #985969
758+ - LP: #1939416
759+ * [fbc728f] d/t/smoke-lxc: skip if cgroup v1&v2 are present
760+ - This works around an upstream bug which causes the LXC driver
761+ to break when both v1 and v2 cgroups are in use
762+ * [8d2e0fe] d/control: add libtirpc for rpc.h with glibc >=2.31-14
763+ - Switch from glibc's legacy RPC implementation, which is now
764+ disabled in the Debian package, to libtirpc's one
765+
766+ -- Andrea Bolognani <eof@kiyuko.org> Thu, 19 Aug 2021 21:16:21 +0200
767+
768+libvirt (7.4.0-0ubuntu3) impish; urgency=medium
769+
770+ * d/t/smoke-lxc: skip if cgroup v1&v2 are present (systemd 248
771+ was not enough)
772+
773+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Thu, 08 Jul 2021 14:20:53 +0200
774+
775+libvirt (7.4.0-0ubuntu2) impish; urgency=medium
776+
777+ * d/t/smoke-lxc: skip before systemd 248 due to a known bug (LP: #1934966)
778+
779+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Thu, 08 Jul 2021 09:33:49 +0200
780+
781+libvirt (7.4.0-0ubuntu1) impish; urgency=medium
782+
783+ * Merge v7.4.0 from upstream,
784+ among a lot of new features and fixes this closes a few of issues
785+ reported against Ubuntu
786+ - Toleration for qemu >=6.0 handling of props (LP: #1932264)
787+ - Persistent vfio-ccw device assignments (LP: #1887929)
788+ - Drop patches that are upstream in v7.4.0
789+ - d/p/b/meson-Fix-cross-building-of-dtrace-probes.patch
790+ - d/p/b/apparmor-let-image-label-setting-loop-over-backing-files.patch
791+ - d/p/r/systemd-Revert-remote-Add-libvirtd-dependency-to-virt-gue.patch
792+ - d/p/u/lp-1913266-*: add vsock options to be usable with s390x
793+ - d/p/u/lp-1921754-*: EPYC-Rome-v2
794+ - d/p/u/lp-1921880-*: EPYC-Milan
795+ - d/libvirt-clients.install: completions no more are symlinked to vsh
796+ - Revert "disable firewalld support (universe dependency)"
797+ This does not add a runtime dependency and while firewalld isn't in
798+ main that way users can install and use it from universe.
799+ (LP: #1928113)
800+ - d/libvirt0.symbols: bump symbol versions for 7.4.0
801+ - d/rules: disable the now auto-built vstorage backend
802+ - not-installed: split daemon man pages are no yet installed
803+
804+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Thu, 17 Jun 2021 10:33:27 +0200
805+
806 libvirt (7.0.0-3) unstable; urgency=medium
807
808 * Team upload
809@@ -370,6 +1135,115 @@ libvirt (7.0.0-3) unstable; urgency=medium
810
811 -- Andrea Bolognani <eof@kiyuko.org> Fri, 26 Feb 2021 16:46:34 +0100
812
813+libvirt (7.0.0-2ubuntu2) hirsute; urgency=medium
814+
815+ * d/p/u/lp-1921754*: add EPYC-Rome-v2 as v1 missed IBRS and thereby fails
816+ on some HW/Guest combinations e.g. Windows 10 on Threadripper
817+ (LP: #1921754)
818+ * d/p/u/lp-1921880*: add EPYC-Milan features and named cpu type support
819+ (LP: #1921880)
820+
821+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Wed, 07 Apr 2021 13:33:46 +0200
822+
823+libvirt (7.0.0-2ubuntu1) hirsute; urgency=medium
824+
825+ * Merge with Debian 7.0.0-1 from Debian unstable
826+ Remaining changes:
827+ - libvirt-uri.sh: Automatically switch default libvirt URI for users
828+ via user profile (xen URI on dom0, qemu:///system otherwise)
829+ [contains lintian fixups of 6.6.0-1ubuntu1]
830+ - Disable libssh2 support (universe dependency)
831+ - Disable firewalld support (universe dependency)
832+ - d/control: add libzfslinux-dev to build-deps
833+ - d/control: drop libvirt-lxc, vbox and xen drivers to suggest
834+ - d/control: breaks replaces for augeas lenses move in 6.0.0-1
835+ (follows Debian, droppable >22.04)
836+ - debian/rules: disable the netcf backend. (LP: 1764314)
837+ - debian/patches/ubuntu/ovmf_paths.patch: adjust paths to secboot.fd UEFI
838+ Secure Boot enabled variants of the OVMF firmware and variable store for
839+ the paths where we ship these files in Ubuntu.
840+ - Set qemu-group to kvm (for compat with older ubuntu)
841+ - Additional apport package-hook
842+ - Autostart default bridged network (As upstream does, but not Debian).
843+ In addition to just enabling it our solution provides:
844+ + do not autostart if subnet is already taken (e.g. in guests).
845+ + iterate some alternative subnets before giving up
846+ - d/p/ubuntu/Allow-libvirt-group-to-access-the-socket.patch: This is
847+ the group based access to libvirt functions as it was used in Ubuntu
848+ for quite a long time.
849+ + d/p/ubuntu/daemon-augeas-fix-expected.patch fix some related tests
850+ due to the group access change.
851+ + d/libvirt-daemon-system.postinst: add users in sudo to the libvirt
852+ group.
853+ - ubuntu/parallel-shutdown.patch: set parallel shutdown by default.
854+ - Update README.Debian with Ubuntu changes
855+ - d/p/ubuntu/ubuntu_machine_type.patch: accept ubuntu types as pci440fx
856+ - fix autopkgtests (LP 1899180)
857+ + d/t/control, d/t/smoke-qemu-session: fixup smoke-qemu-session by making
858+ vmlinuz available and accessible (Debian bug 848314)
859+ + d/t/control: fix smoke-qemu-session by ensuring the service will run
860+ installing libvirt-daemon-system
861+ + d/t/smoke-lxc: fix smoke-lxc by ignoring potential issues on destroy as
862+ long as the following undefine succeeds
863+ + d/t/smoke-lxc: use systemd instead of sysV to restart the service
864+ + d/t/control, d/t/smoke-lxc: retry service restart and skip test if
865+ failing; This was flaky on some release/architectures
866+ + d/t/smoke-lxc: retry check_domain being flaky on arm64
867+ - dnsmasq related enhancements
868+ [now contains dnsmasq-as-priv-user of 6.6.0-1ubuntu1]
869+ + run dnsmasq as libvirt-dnsmasq (LP: 1743718)
870+ + d/libvirt-daemon-system.postinst: add libvirt-dnsmasq user and group
871+ + d/libvirt-daemon-system.postrm: remove libvirt-dnsmasq user and group
872+ on purge
873+ + d/p/ubuntu/dnsmasq-as-priv-user: write dnsmasq config with user
874+ libvirt-dnsmasq and adapt the self tests to expect that config
875+ + d/libvirt-daemon-system.postinst: fix old libvirt-dnsmasq users group
876+ + Add dnsmasq configuration to work with system wide dnsmasq-base
877+ - d/p/ubuntu/set-default-machine-to-ubuntu.patch: to select default
878+ machine type correctly with newer qemu/libvirt
879+ - d/p/ubuntu/lp-1861125-ubuntu-models: recognize Ubuntu models for
880+ (LP 1861125) fixups
881+ - d/p/ubuntu/wait-for-qemu-kvm.patch - avoid hangs on startup (LP 1887592)
882+ - remove Debian debian/Revert-m4-virt-xdr-rewrite-XDR-check.patch as with
883+ recent ubuntu glibx 2.32 it is breaking the build
884+ - d/control: add libtirpc for rpc.h with glibc >=2.32
885+ - Apparmor Delta that is Ubuntu specific or yet to be upstreamed
886+ split into logical pieces. File names in debian/patches/ubuntu-aa/:
887+ + 0020-virt-aa-helper-ubuntu-storage-paths.patch:
888+ apparmor, virt-aa-helper: Allow various storage pools and image
889+ locations
890+ + 0029-appmor-libvirt-qemu-Add-9p-support.patch: appmor,
891+ libvirt-qemu: Add 9p support
892+ + 0031-virt-aa-helper-Ask-for-no-deny-rule-for-readonly-dis.patch:
893+ virt-aa-helper: Ask for no deny rule for readonly disk (renamed and
894+ reworded, was virt-aa-helper-no-explicity-deny-for-basefiles.patch)
895+ + 0032-apparmor-libvirt-qemu-Allow-reading-charm-specific-c.patch:
896+ apparmor, libvirt-qemu: Allow reading charm-specific ceph config
897+ + 0033-UBUNTU-only-apparmor-for-kvm.powerpc-LP-1680384.patch: allow
898+ commands executed by ubuntu only kvm wrapper on ppc64el
899+ (LP 1686621 LP 1680384 LP 1784023)
900+ + 0034-apparmor-virt-aa-helper-access-for-snapped-nova.patch:
901+ apparmor, virt-aa-helper: access for snapped nova
902+ + lp-1815910-allow-vhost-net.patch: avoid apparmor issues
903+ with vhost-net/vhost-vsock/vhost-scsi hotplug (LP: 1815910)
904+ - d/p/u/lp-1913266-*: add vsock options to be usable with s390x secure
905+ execution (LP 1913266)
906+ * Dropped Changes [in Debian now]
907+ - Avoid various issues around service/socket status after install/reinstall
908+ and on upgrades (LP 1914054).
909+ - d/rules: let sockets use --no-stop-on-upgrade to avoid false positives
910+ - d/rules: --no-restart-after-upgrade does not prevent restarts
911+ - d/rules: avoid --no-start which breaks .sockets on re-install
912+ - d/rules: start, but do not restart libvirt-guests.service
913+ - Dependency improvements yet unreleased from salsa/debian/master thanks
914+ to Andrea Bolognani (Debian #981435).
915+ - control: Always explicitly depend on libvirt0
916+ - control: Always use versioned deps for libvirt components
917+ - d/control: extend demotion of libvirt-lxc related dependencies to
918+ libvirt-login-shell
919+
920+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Tue, 23 Feb 2021 12:16:08 +0100
921+
922 libvirt (7.0.0-2) unstable; urgency=medium
923
924 * Team upload
925@@ -391,6 +1265,123 @@ libvirt (7.0.0-2) unstable; urgency=medium
926
927 -- Andrea Bolognani <eof@kiyuko.org> Wed, 10 Feb 2021 23:23:32 +0100
928
929+libvirt (7.0.0-1ubuntu2) hirsute; urgency=medium
930+
931+ * d/control: extend demotion of libvirt-lxc related dependencies to
932+ libvirt-login-shell
933+
934+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Thu, 04 Feb 2021 13:44:49 +0100
935+
936+libvirt (7.0.0-1ubuntu1) hirsute; urgency=medium
937+
938+ * Merge with Debian 7.0.0-1 from Debian unstable
939+ This fixes unwanted conffile prompts (LP: #1906248)
940+ Remaining changes:
941+ - libvirt-uri.sh: Automatically switch default libvirt URI for users
942+ via user profile (xen URI on dom0, qemu:///system otherwise)
943+ [contains lintian fixups of 6.6.0-1ubuntu1]
944+ - Disable libssh2 support (universe dependency)
945+ - Disable firewalld support (universe dependency)
946+ - d/control: add libzfslinux-dev to build-deps
947+ - d/control: drop libvirt-lxc, vbox and xen drivers to suggest
948+ - d/control: breaks replaces for augeas lenses move in 6.0.0-1
949+ (follows Debian, droppable >22.04)
950+ - debian/rules: disable the netcf backend. (LP: 1764314)
951+ - debian/patches/ubuntu/ovmf_paths.patch: adjust paths to secboot.fd UEFI
952+ Secure Boot enabled variants of the OVMF firmware and variable store for
953+ the paths where we ship these files in Ubuntu.
954+ - Set qemu-group to kvm (for compat with older ubuntu)
955+ - Additional apport package-hook
956+ - Autostart default bridged network (As upstream does, but not Debian).
957+ In addition to just enabling it our solution provides:
958+ + do not autostart if subnet is already taken (e.g. in guests).
959+ + iterate some alternative subnets before giving up
960+ - d/p/ubuntu/Allow-libvirt-group-to-access-the-socket.patch: This is
961+ the group based access to libvirt functions as it was used in Ubuntu
962+ for quite a long time.
963+ + d/p/ubuntu/daemon-augeas-fix-expected.patch fix some related tests
964+ due to the group access change.
965+ + d/libvirt-daemon-system.postinst: add users in sudo to the libvirt
966+ group.
967+ - ubuntu/parallel-shutdown.patch: set parallel shutdown by default.
968+ - Update README.Debian with Ubuntu changes
969+ - d/p/ubuntu/ubuntu_machine_type.patch: accept ubuntu types as pci440fx
970+ - fix autopkgtests (LP 1899180)
971+ + d/t/control, d/t/smoke-qemu-session: fixup smoke-qemu-session by making
972+ vmlinuz available and accessible (Debian bug 848314)
973+ + d/t/control: fix smoke-qemu-session by ensuring the service will run
974+ installing libvirt-daemon-system
975+ + d/t/smoke-lxc: fix smoke-lxc by ignoring potential issues on destroy as
976+ long as the following undefine succeeds
977+ + d/t/smoke-lxc: use systemd instead of sysV to restart the service
978+ + d/t/control, d/t/smoke-lxc: retry service restart and skip test if
979+ failing; This was flaky on some release/architectures
980+ + d/t/smoke-lxc: retry check_domain being flaky on arm64
981+ - dnsmasq related enhancements
982+ [now contains dnsmasq-as-priv-user of 6.6.0-1ubuntu1]
983+ + run dnsmasq as libvirt-dnsmasq (LP: 1743718)
984+ + d/libvirt-daemon-system.postinst: add libvirt-dnsmasq user and group
985+ + d/libvirt-daemon-system.postrm: remove libvirt-dnsmasq user and group
986+ on purge
987+ + d/p/ubuntu/dnsmasq-as-priv-user: write dnsmasq config with user
988+ libvirt-dnsmasq and adapt the self tests to expect that config
989+ + d/libvirt-daemon-system.postinst: fix old libvirt-dnsmasq users group
990+ + Add dnsmasq configuration to work with system wide dnsmasq-base
991+ - d/p/ubuntu/set-default-machine-to-ubuntu.patch: to select default
992+ machine type correctly with newer qemu/libvirt
993+ - d/p/ubuntu/lp-1861125-ubuntu-models: recognize Ubuntu models for
994+ (LP 1861125) fixups
995+ - d/p/ubuntu/wait-for-qemu-kvm.patch - avoid hangs on startup (LP 1887592)
996+ - remove Debian debian/Revert-m4-virt-xdr-rewrite-XDR-check.patch as with
997+ recent ubuntu glibx 2.32 it is breaking the build
998+ - d/control: add libtirpc for rpc.h with glibc >=2.32
999+ - Apparmor Delta that is Ubuntu specific or yet to be upstreamed
1000+ split into logical pieces. File names in debian/patches/ubuntu-aa/:
1001+ + 0020-virt-aa-helper-ubuntu-storage-paths.patch:
1002+ apparmor, virt-aa-helper: Allow various storage pools and image
1003+ locations
1004+ + 0029-appmor-libvirt-qemu-Add-9p-support.patch: appmor,
1005+ libvirt-qemu: Add 9p support
1006+ + 0031-virt-aa-helper-Ask-for-no-deny-rule-for-readonly-dis.patch:
1007+ virt-aa-helper: Ask for no deny rule for readonly disk (renamed and
1008+ reworded, was virt-aa-helper-no-explicity-deny-for-basefiles.patch)
1009+ + 0032-apparmor-libvirt-qemu-Allow-reading-charm-specific-c.patch:
1010+ apparmor, libvirt-qemu: Allow reading charm-specific ceph config
1011+ + 0033-UBUNTU-only-apparmor-for-kvm.powerpc-LP-1680384.patch: allow
1012+ commands executed by ubuntu only kvm wrapper on ppc64el
1013+ (LP 1686621 LP 1680384 LP 1784023)
1014+ + 0034-apparmor-virt-aa-helper-access-for-snapped-nova.patch:
1015+ apparmor, virt-aa-helper: access for snapped nova
1016+ + lp-1815910-allow-vhost-net.patch: avoid apparmor issues
1017+ with vhost-net/vhost-vsock/vhost-scsi hotplug (LP: 1815910)
1018+ * Dropped Changes [in Debian now]
1019+ - 0050-local-include-for-libvirt-qemu.patch,
1020+ d/libvirt-daemon-system.postinst: provide a local apparmor include
1021+ for abstraction/libvirt-qemu (LP: 1786019)
1022+ * Dropped Changes [in upstream now]
1023+ - d/p/ubuntu-aa/apparmor-allow-kvm-spice-compat-wrapper.patch: fix migrating
1024+ pre-Focal guests by allowing kvm-spice
1025+ - virt-ssh-helper: fix slow migrations and volume transfers (LP 1904584)
1026+ - d/p/ubuntu/lp-1904584-remote-make-ssh-helper-massively-faster.patch
1027+ - d/p/ubuntu/lp-1904584-util-avoid-glib-event-loop-workaround.patch
1028+ * Dropped Changes [ready for main]
1029+ - d/control: drop mdevctl to a suggest until (LP: #1889248) is ready
1030+ * Added Changes:
1031+ - Avoid various issues around service/socket status after install/reinstall
1032+ and on upgrades (LP: #1914054).
1033+ - d/rules: let sockets use --no-stop-on-upgrade to avoid false positives
1034+ - d/rules: --no-restart-after-upgrade does not prevent restarts
1035+ - d/rules: avoid --no-start which breaks .sockets on re-install
1036+ - d/rules: start, but do not restart libvirt-guests.service
1037+ - d/p/u/lp-1913266-*: add vsock options to be usable with s390x secure
1038+ execution (LP: #1913266)
1039+ - Dependency improvements yet unreleased from salsa/debian/master thanks
1040+ to Andrea Bolognani (Debian #981435).
1041+ - control: Always explicitly depend on libvirt0
1042+ - control: Always use versioned deps for libvirt components
1043+
1044+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Mon, 25 Jan 2021 14:32:05 +0100
1045+
1046 libvirt (7.0.0-1) unstable; urgency=medium
1047
1048 * Team upload
1049@@ -454,6 +1445,142 @@ libvirt (6.9.0-2) experimental; urgency=medium
1050
1051 -- Andrea Bolognani <eof@kiyuko.org> Thu, 14 Jan 2021 23:51:32 +0100
1052
1053+libvirt (6.9.0-1ubuntu4) hirsute; urgency=medium
1054+
1055+ * Improve flaky smoke-lxc test (LP: #1899180)
1056+ - d/t/control, d/t/smoke-lxc: retry service restart and skip test if
1057+ failing; This was flaky on some release/architectures
1058+ - d/t/smoke-lxc: retry check_domain being flaky on arm64
1059+
1060+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Fri, 04 Dec 2020 08:12:02 +0100
1061+
1062+libvirt (6.9.0-1ubuntu3) hirsute; urgency=high
1063+
1064+ * No change rebuild against wireshark 3.4.0
1065+
1066+ -- Balint Reczey <rbalint@ubuntu.com> Mon, 07 Dec 2020 08:06:59 +0100
1067+
1068+libvirt (6.9.0-1ubuntu2) hirsute; urgency=medium
1069+
1070+ * virt-ssh-helper: fix slow migrations and volume transfers (LP: #1904584)
1071+ - d/p/ubuntu/lp-1904584-remote-make-ssh-helper-massively-faster.patch
1072+ - d/p/ubuntu/lp-1904584-util-avoid-glib-event-loop-workaround.patch
1073+
1074+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Thu, 26 Nov 2020 16:52:23 +0100
1075+
1076+libvirt (6.9.0-1ubuntu1) hirsute; urgency=medium
1077+
1078+ * Merge with Debian 6.8.0-1 from unstable
1079+ Remaining changes:
1080+ - libvirt-uri.sh: Automatically switch default libvirt URI for users
1081+ via user profile (xen URI on dom0, qemu:///system otherwise)
1082+ [contains lintian fixups of 6.6.0-1ubuntu1]
1083+ - Disable libssh2 support (universe dependency)
1084+ - Disable firewalld support (universe dependency)
1085+ - d/control: add libzfslinux-dev to build-deps
1086+ - d/control: drop libvirt-lxc, vbox and xen drivers to suggest
1087+ - d/control: breaks replaces for augeas lenses move in 6.0.0-1
1088+ (follows Debian, droppable >22.04)
1089+ - d/control: drop mdevctl to a suggest until (LP 1889248) is ready
1090+ - debian/rules: disable the netcf backend. (LP: 1764314)
1091+ - debian/patches/ubuntu/ovmf_paths.patch: adjust paths to secboot.fd UEFI
1092+ Secure Boot enabled variants of the OVMF firmware and variable store for
1093+ the paths where we ship these files in Ubuntu.
1094+ - Set qemu-group to kvm (for compat with older ubuntu)
1095+ - Additional apport package-hook
1096+ - Autostart default bridged network (As upstream does, but not Debian).
1097+ In addition to just enabling it our solution provides:
1098+ + do not autostart if subnet is already taken (e.g. in guests).
1099+ + iterate some alternative subnets before giving up
1100+ - d/p/ubuntu/Allow-libvirt-group-to-access-the-socket.patch: This is
1101+ the group based access to libvirt functions as it was used in Ubuntu
1102+ for quite a long time.
1103+ + d/p/ubuntu/daemon-augeas-fix-expected.patch fix some related tests
1104+ due to the group access change.
1105+ + d/libvirt-daemon-system.postinst: add users in sudo to the libvirt
1106+ group.
1107+ - ubuntu/parallel-shutdown.patch: set parallel shutdown by default.
1108+ - Update README.Debian with Ubuntu changes
1109+ - d/p/ubuntu/ubuntu_machine_type.patch: accept ubuntu types as pci440fx
1110+ - fix autopkgtests
1111+ + d/t/control, d/t/smoke-qemu-session: fixup smoke-qemu-session by making
1112+ vmlinuz available and accessible (Debian bug 848314)
1113+ + d/t/control: fix smoke-qemu-session by ensuring the service will run
1114+ installing libvirt-daemon-system
1115+ + d/t/smoke-lxc: fix smoke-lxc by ignoring potential issues on destroy as
1116+ long as the following undefine succeeds
1117+ + d/t/smoke-lxc: use systemd instead of sysV to restart the service
1118+ - dnsmasq related enhancements
1119+ [now contains dnsmasq-as-priv-user of 6.6.0-1ubuntu1]
1120+ + run dnsmasq as libvirt-dnsmasq (LP: 1743718)
1121+ + d/libvirt-daemon-system.postinst: add libvirt-dnsmasq user and group
1122+ + d/libvirt-daemon-system.postrm: remove libvirt-dnsmasq user and group
1123+ on purge
1124+ + d/p/ubuntu/dnsmasq-as-priv-user: write dnsmasq config with user
1125+ libvirt-dnsmasq and adapt the self tests to expect that config
1126+ + d/libvirt-daemon-system.postinst: fix old libvirt-dnsmasq users group
1127+ + Add dnsmasq configuration to work with system wide dnsmasq-base
1128+ - d/p/ubuntu/set-default-machine-to-ubuntu.patch: to select default
1129+ machine type correctly with newer qemu/libvirt
1130+ - d/p/ubuntu/lp-1861125-ubuntu-models: recognize Ubuntu models for
1131+ (LP 1861125) fixups
1132+ - d/p/ubuntu/wait-for-qemu-kvm.patch - avoid hangs on startup (LP 1887592)
1133+ - Apparmor Delta that is Ubuntu specific or yet to be upstreamed
1134+ split into logical pieces. File names in debian/patches/ubuntu-aa/:
1135+ + 0020-virt-aa-helper-ubuntu-storage-paths.patch:
1136+ apparmor, virt-aa-helper: Allow various storage pools and image
1137+ locations
1138+ + 0029-appmor-libvirt-qemu-Add-9p-support.patch: appmor,
1139+ libvirt-qemu: Add 9p support
1140+ + 0031-virt-aa-helper-Ask-for-no-deny-rule-for-readonly-dis.patch:
1141+ virt-aa-helper: Ask for no deny rule for readonly disk (renamed and
1142+ reworded, was virt-aa-helper-no-explicity-deny-for-basefiles.patch)
1143+ + 0032-apparmor-libvirt-qemu-Allow-reading-charm-specific-c.patch:
1144+ apparmor, libvirt-qemu: Allow reading charm-specific ceph config
1145+ + 0033-UBUNTU-only-apparmor-for-kvm.powerpc-LP-1680384.patch: allow
1146+ commands executed by ubuntu only kvm wrapper on ppc64el
1147+ (LP 1686621 LP 1680384 LP 1784023)
1148+ + 0034-apparmor-virt-aa-helper-access-for-snapped-nova.patch:
1149+ apparmor, virt-aa-helper: access for snapped nova
1150+ + 0050-local-include-for-libvirt-qemu.patch,
1151+ d/libvirt-daemon-system.postinst: provide a local apparmor include
1152+ for abstraction/libvirt-qemu (LP: 1786019)
1153+ + lp-1815910-allow-vhost-net.patch: avoid apparmor issues
1154+ with vhost-net/vhost-vsock/vhost-scsi hotplug (LP: 1815910)
1155+ * Dropped Changes [in Debian now]
1156+ - d/p/u/lp-1892826-Revert-m4-virt-xdr-rewrite-XDR-check.patch: avoid clashes
1157+ between libtripc and glibc that break libvirt-lxc (LP 1892826)
1158+ * Dropped Changes [in upstream now]
1159+ - d/p/ubuntu/lp-1901242-util-Fix-logic-in-virFileSetCOW.patch: fix dir pool
1160+ handling on non BTRFS affecting virt-manager, api and commandline pool
1161+ handling (LP 1901242)
1162+ - d/p/ubuntu-aa/lp-1892736-apparmor-allow-libvirtd-to-call-virtiofsd.patch:
1163+ allow libvirt to control virtiofsd (LP 1892736)
1164+ - d/p/ubuntu-aa/apparmor-allow-unmounting-.dev-entries.patch: avoid
1165+ triggering denials in devmapper error path
1166+ - d/p/ubuntu-aa/apparmor-profiles-are-meant-to-allow-adding-permanen.patch:
1167+ (again) allow permanent per guest overrides (LP 1745114)
1168+ - d/p/ubuntu-aa/lp-1847361-load-versioned-module.patch: allow loading
1169+ versioned modules after qemu package upgrades (LP 1847361)
1170+ - d/p/ubuntu-aa/0003-apparmor-libvirt-qemu-Allow-read-access-to-overcommi.
1171+ patch: apparmor, libvirt-qemu: Allow read access to overcommit_memory
1172+ - d/p/ubuntu-aa/0007-apparmor-libvirt-qemu-Allow-owner-read-access-to-PRO.
1173+ patch: apparmor, libvirt-qemu: Allow owner read access to @{PROC}/*/auxv
1174+ - d/p/ubuntu/lp-1887490-*: add named types and definitions for EPYC-Rome
1175+ chips (LP 1887490)
1176+ - 0030-virt-aa-helper-Complete-9p-support.patch: virt-aa-helper:
1177+ add l to 9p file options.
1178+ * Added Changes
1179+ - d/p/ubuntu/daemon-augeas-fix-expected.patch: update for 6.9
1180+ - d/p/ubuntu/Allow-libvirt-group-to-access-the-socket.patch: update for 6.9
1181+ - remove Debian debian/Revert-m4-virt-xdr-rewrite-XDR-check.patch as with
1182+ recent ubuntu glibx 2.32 it is breaking the build
1183+ - d/control: add libtirpc for rpc.h with glibc >=2.32
1184+ - d/p/ubuntu-aa/apparmor-allow-kvm-spice-compat-wrapper.patch: fix migrating
1185+ pre-Focal guests by allowing kvm-spice
1186+
1187+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Mon, 02 Nov 2020 12:02:26 +0100
1188+
1189 libvirt (6.9.0-1) unstable; urgency=medium
1190
1191 * Team upload
1192@@ -531,6 +1658,208 @@ libvirt (6.6.0-2) unstable; urgency=medium
1193
1194 -- Andrea Bolognani <eof@kiyuko.org> Fri, 28 Aug 2020 17:18:51 +0200
1195
1196+libvirt (6.6.0-1ubuntu4) hirsute; urgency=medium
1197+
1198+ * d/p/ubuntu/lp-1901242-util-Fix-logic-in-virFileSetCOW.patch: fix dir pool
1199+ handling on non BTRFS affecting virt-manager, api and commandline pool
1200+ handling (LP: #1901242)
1201+
1202+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Wed, 28 Oct 2020 07:47:53 +0100
1203+
1204+libvirt (6.6.0-1ubuntu3) groovy; urgency=medium
1205+
1206+ * d/p/ubuntu/lp-1887490-*: add named types and definitions for EPYC-Rome
1207+ chips (LP: #1887490)
1208+
1209+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Thu, 08 Oct 2020 07:36:06 +0200
1210+
1211+libvirt (6.6.0-1ubuntu2) groovy; urgency=medium
1212+
1213+ * d/p/u/lp-1892826-Revert-m4-virt-xdr-rewrite-XDR-check.patch: avoid clashes
1214+ between libtripc and glibc that break libvirt-lxc (LP: #1892826)
1215+ * d/p/ubuntu-aa/lp-1892736-apparmor-allow-libvirtd-to-call-virtiofsd.patch:
1216+ allow libvirt to control virtiofsd (LP: #1892736)
1217+
1218+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Tue, 25 Aug 2020 14:53:26 +0200
1219+
1220+libvirt (6.6.0-1ubuntu1) groovy; urgency=medium
1221+
1222+ * Merge with Debian 6.6.0-1 from experimental
1223+ Among many other new features and fixes this includes fixes for:
1224+ (LP: #1874647) - Stale libvirt cache leads to VM startup failures
1225+ (LP: #1869796) - bad ordering and dependent restarts of services/sockets
1226+ Remaining changes:
1227+ - d/p/ubuntu-aa/lp-1847361-load-versioned-module.patch: allow loading
1228+ versioned modules after qemu package upgrades (LP 1847361)
1229+ - libvirt-uri.sh: Automatically switch default libvirt URI for users
1230+ via user profile (xen URI on dom0, qemu:///system otherwise)
1231+ - Disable libssh2 support (universe dependency)
1232+ - Disable firewalld support (universe dependency)
1233+ - Set qemu-group to kvm (for compat with older ubuntu)
1234+ - Additional apport package-hook
1235+ - Autostart default bridged network (As upstream does, but not Debian).
1236+ In addition to just enabling it our solution provides:
1237+ + do not autostart if subnet is already taken (e.g. in guests).
1238+ + iterate some alternative subnets before giving up
1239+ - d/p/ubuntu/Allow-libvirt-group-to-access-the-socket.patch: This is
1240+ the group based access to libvirt functions as it was used in Ubuntu
1241+ for quite long.
1242+ + d/p/ubuntu/daemon-augeas-fix-expected.patch fix some related tests
1243+ due to the group access change.
1244+ + d/libvirt-daemon-system.postinst: add users in sudo to the libvirt
1245+ group.
1246+ - ubuntu/parallel-shutdown.patch: set parallel shutdown by default.
1247+ - Update README.Debian with Ubuntu changes
1248+ - d/p/ubuntu/ubuntu_machine_type.patch: accept ubuntu types as pci440fx
1249+ - fix autopkgtests
1250+ + d/t/control, d/t/smoke-qemu-session: fixup smoke-qemu-session by making
1251+ vmlinuz available and accessible (Debian bug 848314)
1252+ + d/t/control: fix smoke-qemu-session by ensuring the service will run
1253+ installing libvirt-daemon-system
1254+ + d/t/smoke-lxc: fix smoke-lxc by ignoring potential issues on destroy as
1255+ long as the following undefine succeeds
1256+ + d/t/smoke-lxc: use systemd instead of sysV to restart the service
1257+ - dnsmasq related enhancements
1258+ + run dnsmasq as libvirt-dnsmasq (LP: 1743718)
1259+ + d/libvirt-daemon-system.postinst: add libvirt-dnsmasq user and group
1260+ + d/libvirt-daemon-system.postrm: remove libvirt-dnsmasq user and group
1261+ on purge
1262+ + d/p/ubuntu/dnsmasq-as-priv-user: write dnsmasq config with user
1263+ libvirt-dnsmasq and adapt the self tests to expect that config
1264+ + d/libvirt-daemon-system.postinst: fix old libvirt-dnsmasq users group
1265+ + Add dnsmasq configuration to work with system wide dnsmasq-base
1266+ - debian/rules: disable the netcf backend. (LP: 1764314)
1267+ - debian/patches/ubuntu/ovmf_paths.patch: adjust paths to secboot.fd UEFI
1268+ Secure Boot enabled variants of the OVMF firmware and variable store for
1269+ the paths where we ship these files in Ubuntu.
1270+ - d/p/ubuntu/set-default-machine-to-ubuntu.patch: to select default
1271+ machine type correctly with newer qemu/libvirt
1272+ - d/control: add libzfslinux-dev to build-deps
1273+ - d/control: drop libvirt-lxc, vbox and xen drivers to suggest
1274+ - d/p/ubuntu/lp-1861125-ubuntu-models: recognize Ubuntu models for
1275+ (LP 1861125) fixups
1276+ - Apparmor Delta that is Ubuntu specific or yet to be upstreamed
1277+ split into logical pieces. File names in debian/patches/ubuntu-aa/:
1278+ + 0003-apparmor-libvirt-qemu-Allow-read-access-to-overcommi.patch:
1279+ apparmor, libvirt-qemu: Allow read access to overcommit_memory
1280+ + 0007-apparmor-libvirt-qemu-Allow-owner-read-access-to-PRO.patch:
1281+ apparmor, libvirt-qemu: Allow owner read access to @{PROC}/*/auxv
1282+ + 0020-virt-aa-helper-ubuntu-storage-paths.patch:
1283+ apparmor, virt-aa-helper: Allow various storage pools and image
1284+ locations
1285+ + 0029-appmor-libvirt-qemu-Add-9p-support.patch: appmor,
1286+ libvirt-qemu: Add 9p support
1287+ + 0030-virt-aa-helper-Complete-9p-support.patch: virt-aa-helper:
1288+ add l to 9p file options.
1289+ + 0031-virt-aa-helper-Ask-for-no-deny-rule-for-readonly-dis.patch:
1290+ virt-aa-helper: Ask for no deny rule for readonly disk (renamed and
1291+ reworded, was virt-aa-helper-no-explicity-deny-for-basefiles.patch)
1292+ + 0032-apparmor-libvirt-qemu-Allow-reading-charm-specific-c.patch:
1293+ apparmor, libvirt-qemu: Allow reading charm-specific ceph config
1294+ + 0033-UBUNTU-only-apparmor-for-kvm.powerpc-LP-1680384.patch: allow
1295+ commands executed by ubuntu only kvm wrapper on ppc64el
1296+ (LP 1686621 LP 1680384 LP 1784023)
1297+ + 0034-apparmor-virt-aa-helper-access-for-snapped-nova.patch:
1298+ apparmor, virt-aa-helper: access for snapped nova
1299+ + 0050-local-include-for-libvirt-qemu.patch,
1300+ d/libvirt-daemon-system.postinst: provide a local apparmor include
1301+ for abstraction/libvirt-qemu (LP: 1786019)
1302+ + lp-1815910-allow-vhost-net.patch: avoid apparmor issues
1303+ with vhost-net/vhost-vsock/vhost-scsi hotplug (LP: 1815910)
1304+ * Dropped changes (in Debian now):
1305+ - Enable some additional features on ppc64el and s390x (for arch parity)
1306+ + systemtap, zfs, numa and numad on s390x.
1307+ + systemtap on ppc64el.
1308+ - enable attr support to store XATTR labels. Among other things
1309+ this allows to properly restore file ownership (LP 691590)
1310+ - d/control: build depend to libattr1-dev
1311+ - d/rules: configure --with-attr
1312+ - Install virt-login-shell-helper
1313+ - Install augeas lenses for all drivers
1314+ - Remove all mentions of Devhelp
1315+ - not-installed: Remove obsolete entries
1316+ - not-installed: List all split daemons files
1317+ - d/control: bump build dep to python3
1318+ - d/control: add python3-docutils as build dependency
1319+ - d/rules: set enable-dependency-tracking to avoid FTBFS
1320+ - d/rules: drop the no more existing phyp option
1321+ - d/rules: drop the no more existing xen configure option
1322+ - minimize patches generated by autoreconf
1323+ - fix build on Debian/Ubuntu in qemuhotplugtest
1324+ - d/libvirt-doc.doc: install rendered docs
1325+ - d/libvirt-daemon-system.examples: drop old examples that are now active
1326+ - d/libvirt-doc.doc-base.libvirt-doc: adapt doc base to new file placement
1327+ - d/libvirt-daemon-system-sysv.lintian-overrides: not shipiing systemd files
1328+ - d/libnss-libvirt.lintian-overrides: accept having two nss so files
1329+ - d/rules: don't ship split daemons just yet
1330+ - d/rules: install /etc/default/* files that are shared between sysv and
1331+ systemd packages
1332+ - d/rules: add libvirt-guests.default to libvirt-daemon-system instead of
1333+ libvirt-daemon-system-sysv
1334+ - d/rules: install virtlockd correctly with defaults file (LP: 1729516)
1335+ - d/rules: also check build time self test results on all architectures
1336+ - d/rules: add --no-restart-after-upgrade to services that are supposed to
1337+ stay up through upgrades - this also applies to related sockets.
1338+ * Dropped changes (part of upstream now):
1339+ - d/p/ubuntu/lp-1879325-*: avoid issues with apparmor metadata labeling
1340+ (LP 1879325)
1341+ - d/p/ubuntu-aa/lp-1871354*: fix apparmor denials on libpmem init
1342+ (LP 1871354)
1343+ - d/p/ubuntu/CVE-CVE-2020-10701-api-disallow-virDomainAgentSetResponseTimeout
1344+ -on-rea.patch: avoid DOS through read only connections
1345+ CVE-2020-10701
1346+ - d/p/ubuntu/lp-1867460-*: fix domcapabilities before capabilities
1347+ and binary autodetection in general (LP 1867460)
1348+ - d/p/stable/lp-1868539-*: stabilize libvirt by backporting upstream
1349+ fixes (LP 1868539)
1350+ - d/p/ubuntu/lp-1853200*: add cpu models without hle/rtm features to have
1351+ modern types on kernels with recent security fixes (LP 1853200)
1352+ - d/p/ubuntu/lp-1868528-*: Fail when fetching CPU Status for invalid CPU
1353+ (LP 1868528)
1354+ - d/p/ubuntu/lp-1865425-*: avoid killing the monitor job in
1355+ qemuDomainSetTimeAgent (LP 1865425)
1356+ - d/p/ubuntu-aa/virt-aa-helper-Add-support-for-smartcard-host-certif.patch:
1357+ allow emulation of smartcard via host certificates
1358+ - d/p/ubuntu/lp-1861125-*: fix non host-model migrations from old machine
1359+ types (LP 1861125)
1360+ - d/p/ubuntu-aa/apparmor-allow-to-call-vhost-user-gpu.patch: do not apparmor
1361+ block vhost-user-gpu usage
1362+ - d/p/ubuntu/lp-1655111*: fix qemu_bridge_helper to work with named
1363+ profiles (LP 1655111)
1364+ * Dropped changes (no more needed):
1365+ - d/control: make libvirt-daemon-driver-storage-rbd a recommend instead of
1366+ just a suggest. This was deprecated since bionic and now will be dropped.
1367+ - Update Vcs-Git and Vcs-Browser fields to point to launchpad
1368+ - d/control: VCS links to use generic Ubuntu launchpad git URLs
1369+ - refreshed patches for libvirt v6.0.0
1370+ - d/libvirt-daemon-system.postrm: change order of libvirt-qemu removal to
1371+ avoid error messages on purge [deluser/delgroup no more report warnings]
1372+ - "Additional apport package-hook": due to context auto updates
1373+ d/libvirt-daemon.install had bad entries which are no more required.
1374+ - d/control, d/rules: Disable rbd and zfs on riscv64 where they are
1375+ unavailable (LP 1872952)
1376+ * Added Changes:
1377+ - d/control: breaks replaces for augeas lenses move in 6.0.0-1
1378+ (follows Debian, droppable >22.04)
1379+ - refresh ubuntu patches for 6.6
1380+ - d/p/ubuntu-aa/0050-local-include-for-libvirt-qemu.patch
1381+ - d/p/ubuntu-aa/0034-apparmor-virt-aa-helper-access-for-snapped-nova.patch
1382+ - d/p/ubuntu-aa/0020-virt-aa-helper-ubuntu-storage-paths.patch
1383+ - d/p/ubuntu/dnsmasq-as-priv-user
1384+ - d/p/ubuntu/Allow-libvirt-group-to-access-the-socket.patch
1385+ - d/p/ubuntu/daemon-augeas-fix-expected.patch
1386+ - d/libvirt-daemon-system.postinst: fix bashism in dnsmasq related
1387+ enhancements
1388+ - d/p/ubuntu/wait-for-qemu-kvm.patch - avoid hangs on startup (LP: #1887592)
1389+ - d/libvirt-clients.lintian-overrides: profile scripts are non executable
1390+ - d/p/ubuntu-aa/apparmor-allow-unmounting-.dev-entries.patch: avoid
1391+ triggering denials in devmapper error path
1392+ - d/p/ubuntu-aa/pparmor-profiles-are-meant-to-allow-adding-permanen.patch:
1393+ (again) allow permanent per guest overrides (LP: #1745114)
1394+ - d/control: drop mdevctl to a suggest until (LP 1889248) is ready
1395+
1396+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Thu, 06 Aug 2020 08:04:09 +0200
1397+
1398 libvirt (6.6.0-1) unstable; urgency=medium
1399
1400 * Team upload
1401@@ -769,6 +2098,287 @@ libvirt (6.0.0~rc1-1) experimental; urgency=medium
1402
1403 -- Guido GΓΌnther <agx@sigxcpu.org> Sat, 18 Jan 2020 18:16:20 +0100
1404
1405+libvirt (6.0.0-0ubuntu11) groovy; urgency=medium
1406+
1407+ * SECURITY UPDATE: privilege escalation via incorrect socket permissions
1408+ - debian/patches/ubuntu/Allow-libvirt-group-to-access-the-socket.patch:
1409+ updated patch to also set appropriate permissions on socket created
1410+ by systemd.
1411+ - CVE-2020-15708
1412+
1413+ -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Wed, 05 Aug 2020 09:08:34 -0400
1414+
1415+libvirt (6.0.0-0ubuntu10) groovy; urgency=medium
1416+
1417+ * enable attr support to store XATTR labels. Among other things
1418+ this allows to properly restore file ownership (LP: #691590)
1419+ - d/control: build depend to libattr1-dev
1420+ - d/rules: configure --with-attr
1421+
1422+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Mon, 22 Jun 2020 21:30:50 +0200
1423+
1424+libvirt (6.0.0-0ubuntu9) groovy; urgency=medium
1425+
1426+ * d/p/ubuntu/lp-1879325-*: avoid issues with apparmor metadata labeling
1427+ (LP: #1879325)
1428+
1429+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Wed, 20 May 2020 06:59:57 +0200
1430+
1431+libvirt (6.0.0-0ubuntu8) focal; urgency=medium
1432+
1433+ * d/control, d/rules: Disable rbd and zfs on riscv64 where they are
1434+ unavailable (LP: #1872952)
1435+
1436+ -- William Grant <wgrant@ubuntu.com> Sat, 18 Apr 2020 13:59:21 +1000
1437+
1438+libvirt (6.0.0-0ubuntu7) focal; urgency=medium
1439+
1440+ * d/p/ubuntu-aa/lp-1871354*: fix apparmor denials on libpmem init
1441+ (LP: #1871354)
1442+ * d/p/ubuntu/CVE-CVE-2020-10701-api-disallow-virDomainAgentSetResponseTimeout
1443+ -on-rea.patch: avoid DOS through read only connections
1444+ CVE-2020-10701
1445+
1446+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Wed, 15 Apr 2020 12:29:12 +0200
1447+
1448+libvirt (6.0.0-0ubuntu6) focal; urgency=medium
1449+
1450+ * d/p/ubuntu/lp-1867460-*: fix domcapabilities before capabilities
1451+ and binary autodetection in general (LP: #1867460)
1452+ * d/p/stable/lp-1868539-*: stabilize libvirt by backporting upstream
1453+ fixes (LP: #1868539)
1454+ * d/p/ubuntu/lp-1853200*: add cpu models without hle/rtm features to have
1455+ modern types on kernels with recent security fixes (LP: #1853200)
1456+ * d/p/ubuntu/lp-1868528-*: Fail when fetching CPU Status for invalid CPU
1457+ (LP: #1868528)
1458+
1459+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Fri, 20 Mar 2020 10:34:19 +0100
1460+
1461+libvirt (6.0.0-0ubuntu5) focal; urgency=medium
1462+
1463+ * d/p/ubuntu-aa/lp-1847361-load-versioned-module.patch: allow loading
1464+ versioned modules after qemu package upgrades (LP: #1847361)
1465+
1466+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Tue, 10 Mar 2020 08:58:04 +0100
1467+
1468+libvirt (6.0.0-0ubuntu4) focal; urgency=medium
1469+
1470+ * d/p/ubuntu/lp-1865425-*: avoid killing the monitor job in
1471+ qemuDomainSetTimeAgent (LP: #1865425)
1472+
1473+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Mon, 02 Mar 2020 10:44:22 +0100
1474+
1475+libvirt (6.0.0-0ubuntu3) focal; urgency=medium
1476+
1477+ * rebuild against libxen-dev 4.11.3 (no change needed)
1478+ * d/p/ubuntu-aa/virt-aa-helper-Add-support-for-smartcard-host-certif.patch:
1479+ allow emulation of smartcard via host certificates
1480+ * d/p/ubuntu/lp-1861125-*: fix non host-model migrations from old machine
1481+ types (LP: #1861125)
1482+ * d/p/ubuntu-aa/apparmor-allow-to-call-vhost-user-gpu.patch: do not apparmor
1483+ block vhost-user-gpu usage
1484+
1485+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Wed, 12 Feb 2020 14:20:08 +0100
1486+
1487+libvirt (6.0.0-0ubuntu2) focal; urgency=medium
1488+
1489+ [ Christian Ehrhardt ]
1490+ * Bring back the ubuntu default URI handling. While no more needed for xen
1491+ its removal made libvirt fallback further to the upstream default
1492+ qemu:///session while Ubuntu forever had and for now wants to keep
1493+ qemu:///system (LP: #1861693)
1494+ - revert 'd/libvirt-clients.maintscript: rm_conffile libvirt-uri.sh that
1495+ was optional for use on xen hosts'
1496+ - libvirt-uri.sh: Automatically switch default libvirt URI for users on
1497+ Xen dom0 via user profile
1498+ [added back former delta]
1499+
1500+ [ Andrea Bolognani ]
1501+ * Merge further fixes from debian/experimental
1502+ - Install virt-login-shell-helper
1503+ - Install augeas lenses for all drivers
1504+ - Remove all mentions of Devhelp
1505+ - not-installed: Remove obsolete entries
1506+ - not-installed: List all split daemons files
1507+
1508+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Tue, 04 Feb 2020 13:08:49 +0100
1509+
1510+libvirt (6.0.0-0ubuntu1) focal; urgency=medium
1511+
1512+ * Merged with Debian 5.6.0-4 from experimental and v6.0.0 from upstream
1513+ Among many other new features and fixes this includes fixes for:
1514+ - LP: #1859253 - rbd driver fails to create a new volume
1515+ - LP: #1858341 - rbd driver does not list all volumes in pool
1516+ - LP: #1845506 - Libvirt snapshot doesn't update apparmor profile
1517+ - LP: #1854653 - slow libvirt-guests.sh during shutdown if service is off
1518+ - LP: #1848229 - enable ppc64el to use ccf-assist feature
1519+ - LP: #1853315 - Enable CPU Model Comparison and Baselining on s390x
1520+ - LP: #1853317 - CCW IPL support to boot from ECKD DASDs
1521+ - LP: #1859506 - security: AppArmor profile fixes for swtpm
1522+ Remaining changes:
1523+ - Disable libssh2 support (universe dependency)
1524+ - Disable firewalld support (universe dependency)
1525+ - Set qemu-group to kvm (for compat with older ubuntu)
1526+ - Additional apport package-hook
1527+ - Autostart default bridged network (As upstream does, but not Debian).
1528+ In addition to just enabling it our solution provides:
1529+ + do not autostart if subnet is already taken (e.g. in guests).
1530+ + iterate some alternative subnets before giving up
1531+ - d/p/ubuntu/Allow-libvirt-group-to-access-the-socket.patch: This is
1532+ the group based access to libvirt functions as it was used in Ubuntu
1533+ for quite long.
1534+ + d/p/ubuntu/daemon-augeas-fix-expected.patch fix some related tests
1535+ due to the group access change.
1536+ + d/libvirt-daemon-system.postinst: add users in sudo to the libvirt
1537+ group.
1538+ - ubuntu/parallel-shutdown.patch: set parallel shutdown by default.
1539+ - Update Vcs-Git and Vcs-Browser fields to point to launchpad
1540+ - Update README.Debian with Ubuntu changes
1541+ - Enable some additional features on ppc64el and s390x (for arch parity)
1542+ + systemtap, zfs, numa and numad on s390x.
1543+ + systemtap on ppc64el.
1544+ - d/p/ubuntu/ubuntu_machine_type.patch: accept ubuntu types as pci440fx
1545+ - Further upstreamed apparmor Delta, especially any new one
1546+ Our former delta is split into logical pieces and is either Ubuntu only
1547+ or is part of a continuous upstreaming effort.
1548+ Listing related remaining changes in debian/patches/ubuntu-aa/:
1549+ - fix autopkgtests
1550+ + d/t/control, d/t/smoke-qemu-session: fixup smoke-qemu-session by making
1551+ vmlinuz available and accessible (Debian bug 848314)
1552+ + d/t/control: fix smoke-qemu-session by ensuring the service will run
1553+ installing libvirt-daemon-system
1554+ + d/t/smoke-lxc: fix smoke-lxc by ignoring potential issues on destroy as
1555+ long as the following undefine succeeds
1556+ + d/t/smoke-lxc: use systemd instead of sysV to restart the service
1557+ - dnsmasq related enhancements
1558+ + run dnsmasq as libvirt-dnsmasq (LP: 1743718)
1559+ + d/libvirt-daemon-system.postinst: add libvirt-dnsmasq user and group
1560+ + d/libvirt-daemon-system.postrm: remove libvirt-dnsmasq user and group
1561+ on purge
1562+ + d/p/ubuntu/dnsmasq-as-priv-user: write dnsmasq config with user
1563+ libvirt-dnsmasq and adapt the self tests to expect that config
1564+ + d/libvirt-daemon-system.postinst: fix old libvirt-dnsmasq users group
1565+ + Add dnsmasq configuration to work with system wide dnsmasq-base
1566+ - debian/rules: disable the netcf backend. (LP: 1764314)
1567+ - debian/patches/ubuntu/ovmf_paths.patch: adjust paths to secboot.fd UEFI
1568+ Secure Boot enabled variants of the OVMF firmware and variable store for
1569+ the paths where we ship these files in Ubuntu.
1570+ - d/rules: install virtlockd correctly with defaults file (LP: 1729516)
1571+ - d/rules: also check build time self test results on all architectures
1572+ - d/p/ubuntu/set-default-machine-to-ubuntu.patch: to select default
1573+ machine type correctly with newer qemu/libvirt
1574+ - d/rules: add --no-restart-after-upgrade to services that are supposed to
1575+ stay up through upgrades - this also applies to related sockets.
1576+ - Apparmor Delta that is Ubuntu specific or yet to be upstreamed
1577+ split into logical pieces. File names in debian/patches/ubuntu-aa/:
1578+ + 0003-apparmor-libvirt-qemu-Allow-read-access-to-overcommi.patch:
1579+ apparmor, libvirt-qemu: Allow read access to overcommit_memory
1580+ + 0007-apparmor-libvirt-qemu-Allow-owner-read-access-to-PRO.patch:
1581+ apparmor, libvirt-qemu: Allow owner read access to @{PROC}/*/auxv
1582+ + 0017-apparmor-virt-aa-helper-Allow-access-to-tmp-director.patch:
1583+ apparmor, virt-aa-helper: Allow access to tmp directories
1584+ + 0020-virt-aa-helper-ubuntu-storage-paths.patch:
1585+ apparmor, virt-aa-helper: Allow various storage pools and image
1586+ locations
1587+ + 0021-apparmor-virt-aa-helper-Add-openvswitch-support.patch:
1588+ apparmor, virt-aa-helper: Add openvswitch support
1589+ + 0029-appmor-libvirt-qemu-Add-9p-support.patch: appmor,
1590+ libvirt-qemu: Add 9p support
1591+ + 0030-virt-aa-helper-Complete-9p-support.patch: virt-aa-helper:
1592+ add l to 9p file options.
1593+ + 0031-virt-aa-helper-Ask-for-no-deny-rule-for-readonly-dis.patch:
1594+ virt-aa-helper: Ask for no deny rule for readonly disk (renamed and
1595+ reworded, was virt-aa-helper-no-explicity-deny-for-basefiles.patch)
1596+ + 0032-apparmor-libvirt-qemu-Allow-reading-charm-specific-c.patch:
1597+ apparmor, libvirt-qemu: Allow reading charm-specific ceph config
1598+ + 0033-UBUNTU-only-apparmor-for-kvm.powerpc-LP-1680384.patch: allow
1599+ commands executed by ubuntu only kvm wrapper on ppc64el
1600+ (LP 1686621 LP 1680384 LP 1784023)
1601+ + 0034-apparmor-virt-aa-helper-access-for-snapped-nova.patch:
1602+ apparmor, virt-aa-helper: access for snapped nova
1603+ + 0050-local-include-for-libvirt-qemu.patch,
1604+ d/libvirt-daemon-system.postinst: provide a local apparmor include
1605+ for abstraction/libvirt-qemu (LP: 1786019)
1606+ + lp-1815910-allow-vhost-net.patch: avoid apparmor issues
1607+ with vhost-net/vhost-vsock/vhost-scsi hotplug (LP: 1815910)
1608+ * Dropped changes (in Debian)
1609+ - d/libvirt0.symbols: bump symbol versions for 5.4.0
1610+ - avoid service dependency issues on upgrade (LP: 1786179)
1611+ This will in the long term be resolved in dh_* tools, but to let an
1612+ upgrade work for now we need to drop the sysV scripts (which we don't
1613+ use anyway) and slightly modify the systemd service to work with todays
1614+ dh_systemd_start properly. Can be dropped once Debian bug 905772 is
1615+ resolved in dh_* tools and libvirt uses those new code.
1616+ + d/libvirt-daemon-system.virtlogd.init: removed sysV init file
1617+ + d/libvirt-daemon-system.libvirtd.init: removed sysV init file
1618+ + debian/libvirt-daemon-system.maintscript: rm_conffile for virtlogd
1619+ and lbivirtd sysV init file
1620+ + d/p/ubuntu/avoid-restarting-virtlog-socket.patch: drop Also references
1621+ to virtlogd/virtlockd sockets as they would imply a restart of
1622+ virtlogd breaking it.
1623+ [ we now have split packages for sysv and systemd support ]
1624+ - d/t/control, d/t/smoke-lxc: fix up lxc smoke test isolation
1625+ - Refreshed to match new upstream
1626+ + d/p/Reduce-udevadm-settle-timeout-to-10-seconds.patch
1627+ * Dropped changes (now upstream)
1628+ - d/p/ubuntu/lp-1828495-*: make libvirt able to handle arch_capabilities
1629+ cpu features for the Host. (LP: 1828495 - not closing yet as guest caps
1630+ are still need fixups to work well LP: 1841066)
1631+ - SECURITY UPDATEs: CVE-2019-10161, CVE-2019-10166,
1632+ CVE-2019-10167 and CVE-2019-10168
1633+ - d/p/ubuntu-aa/lp-1833040-Add-openGraphicsFD-rule-for-named-profile.patch:
1634+ avoid issues with remote screen connections like virt-manager due to
1635+ apparmor changes in libvirt 5.1 (LP 1833040)
1636+ - 0001-apparmor-Allow-pygrub-to-run-on-Debian-Ubuntu.patch: apparmor:
1637+ Allow pygrub to run on Debian/Ubuntu
1638+ - update to v5.4.0
1639+ * Dropped changes (Xen demoted to universe)
1640+ - d/p/ubuntu/ubuntu-libxl-qemu-path.patch: this change was split. The
1641+ section that adapts the path of the emulator to the Debian/Ubuntu
1642+ packaging is kept.
1643+ - d/p/ubuntu/ubuntu-libxl-Fix-up-VRAM-to-minimum-requirements.patch: auto
1644+ set VRAM to minimum requirements
1645+ - d/p/ubuntu/xen-default-uri.patch: set default URI on xen hosts
1646+ - Add libxl log directory
1647+ - libvirt-uri.sh: Automatically switch default libvirt URI for users on
1648+ Xen dom0 via user profile (was missing on changelogs before)
1649+ * Dropped changes (no more needed)
1650+ - d/p/ubuntu/apibuild-skip-libvirt-common.h: drop libvirt-common.h from
1651+ included_files to avoid build failures due to duplicate definitions.
1652+ [ finally works in v6.0.0 ]
1653+ - d/control: Revert iptables/ebtables dependency as Eoan still is on 1.6.x
1654+ [ focal has iptables 1.8.3 ]
1655+ - d/rules: adapt iptables binary paths present in Eoan (LP 1832297)
1656+ [ focal has iptables 1.8.3 ]
1657+ * Added Changes:
1658+ - refreshed patches for libvirt v6.0.0
1659+ - d/control: bump build dep to python3
1660+ - d/control: VCS links to use generic Ubuntu launchpad git URLs
1661+ - d/control: add python3-docutils as build dependency
1662+ - d/control: add libzfslinux-dev to build-deps
1663+ - d/rules: set enable-dependency-tracking to avoid FTBFS
1664+ - d/rules: drop the no more existing phyp option
1665+ - d/rules: drop the no more existing xen configure option
1666+ - d/libvirt-clients.maintscript: rm_conffile libvirt-uri.sh that was
1667+ optional for use on xen hosts
1668+ - d/control: drop libvirt-lxc, vbox and xen drivers to suggest
1669+ - minimize patches generated by autoreconf
1670+ - fix build on Debian/Ubuntu in qemuhotplugtest
1671+ - d/libvirt-doc.doc: install rendered docs
1672+ - d/libvirt-daemon-system.examples: drop old examples that are now active
1673+ - d/libvirt-doc.doc-base.libvirt-doc: adapt doc base to new file placement
1674+ - d/libvirt-daemon-system-sysv.lintian-overrides: not shipiing systemd files
1675+ - d/libnss-libvirt.lintian-overrides: accept having two nss so files
1676+ - d/rules: don't ship split daemons just yet
1677+ - d/rules: install /etc/default/* files that are shared between sysv and
1678+ systemd packages
1679+ - d/rules: add libvirt-guests.default to libvirt-daemon-system instead of
1680+ libvirt-daemon-system-sysv
1681+ - d/p/ubuntu/lp-1655111*: fix qemu_bridge_helper to work with named
1682+ profiles (LP: #1655111)
1683+
1684+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Mon, 13 Jan 2020 13:14:14 +0100
1685+
1686 libvirt (5.6.0-4) experimental; urgency=medium
1687
1688 * [d88536d] Introduce libvirt-daemon-system-{systemd,sysv} Move init scripts
1689@@ -854,6 +2464,237 @@ libvirt (5.6.0-1) unstable; urgency=medium
1690
1691 -- Andrea Bolognani <eof@kiyuko.org> Sun, 25 Aug 2019 16:32:31 +0200
1692
1693+libvirt (5.4.0-0ubuntu5) eoan; urgency=medium
1694+
1695+ * No-change upload with strops.h and sys/strops.h removed in glibc.
1696+
1697+ -- Matthias Klose <doko@ubuntu.com> Thu, 05 Sep 2019 11:00:53 +0000
1698+
1699+libvirt (5.4.0-0ubuntu4) eoan; urgency=medium
1700+
1701+ * d/p/ubuntu/lp-1828495-*: make libvirt able to handle arch_capabilities
1702+ cpu features for the Host. (LP: 1828495 - not closing yet as guest caps
1703+ are still need fixups to work well LP: 1841066)
1704+
1705+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Tue, 20 Aug 2019 10:50:08 +0200
1706+
1707+libvirt (5.4.0-0ubuntu3) eoan; urgency=medium
1708+
1709+ * SECURITY UPDATE: virDomainSaveImageGetXMLDesc does not check for
1710+ read-only connection
1711+ - debian/patches/CVE-2019-10161.patch: add check to
1712+ src/libvirt-domain.c, src/qemu/qemu_driver.c,
1713+ src/remote/remote_protocol.x.
1714+ - CVE-2019-10161
1715+ * SECURITY UPDATE: virDomainManagedSaveDefineXML does not check for
1716+ read-only connection
1717+ - debian/patches/CVE-2019-10166.patch: add check to
1718+ src/libvirt-domain.c.
1719+ - CVE-2019-10166
1720+ * SECURITY UPDATE: virConnectGetDomainCapabilities does not check for
1721+ read-only connection
1722+ - debian/patches/CVE-2019-10167.patch: add check to
1723+ src/libvirt-domain.c.
1724+ - CVE-2019-10167
1725+ * SECURITY UPDATE: virConnect*HypervisorCPU do not check for read-only
1726+ connection
1727+ - debian/patches/CVE-2019-10168.patch: add checks to
1728+ src/libvirt-host.c.
1729+ - CVE-2019-10168
1730+
1731+ -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Tue, 02 Jul 2019 08:08:33 -0400
1732+
1733+libvirt (5.4.0-0ubuntu2) eoan; urgency=medium
1734+
1735+ * d/p/ubuntu-aa/lp-1833040-Add-openGraphicsFD-rule-for-named-profile.patch:
1736+ avoid issues with remote screen connections like virt-manager due to
1737+ apparmor changes in libvirt 5.1 (LP: #1833040)
1738+
1739+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Wed, 19 Jun 2019 14:34:54 +0200
1740+
1741+libvirt (5.4.0-0ubuntu1) eoan; urgency=medium
1742+
1743+ * Merged with Debian git 5.3.0-1~1.gbp7b1637 and upstreams 5.4 release
1744+ Among many other new features and fixes this includes fixes for:
1745+ LP: #1759509 - virsh dompmwakeup fails to wake VM from dompmsuspend state
1746+ Remaining changes:
1747+ - Disable libssh2 support (universe dependency)
1748+ - Disable firewalld support (universe dependency)
1749+ - Set qemu-group to kvm (for compat with older ubuntu)
1750+ - Additional apport package-hook
1751+ - Autostart default bridged network (As upstream does, but not Debian).
1752+ In addition to just enabling it our solution provides:
1753+ + do not autostart if subnet is already taken (e.g. in guests).
1754+ + iterate some alternative subnets before giving up
1755+ - d/p/ubuntu/Allow-libvirt-group-to-access-the-socket.patch: This is
1756+ the group based access to libvirt functions as it was used in Ubuntu
1757+ for quite long.
1758+ + d/p/ubuntu/daemon-augeas-fix-expected.patch fix some related tests
1759+ due to the group access change.
1760+ + d/libvirt-daemon-system.postinst: add users in sudo to the libvirt
1761+ group.
1762+ - ubuntu/parallel-shutdown.patch: set parallel shutdown by default.
1763+ - Update Vcs-Git and Vcs-Browser fields to point to launchpad
1764+ - Xen related
1765+ - d/p/ubuntu/ubuntu-libxl-qemu-path.patch: this change was split. The
1766+ section that adapts the path of the emulator to the Debian/Ubuntu
1767+ packaging is kept.
1768+ - d/p/ubuntu/ubuntu-libxl-Fix-up-VRAM-to-minimum-requirements.patch: auto
1769+ set VRAM to minimum requirements
1770+ - d/p/ubuntu/xen-default-uri.patch: set default URI on xen hosts
1771+ - Add libxl log directory
1772+ - libvirt-uri.sh: Automatically switch default libvirt URI for users on
1773+ Xen dom0 via user profile (was missing on changelogs before)
1774+ - d/p/ubuntu/apibuild-skip-libvirt-common.h: drop libvirt-common.h from
1775+ included_files to avoid build failures due to duplicate definitions.
1776+ - Update README.Debian with Ubuntu changes
1777+ - Enable some additional features on ppc64el and s390x (for arch parity)
1778+ + systemtap, zfs, numa and numad on s390x.
1779+ + systemtap on ppc64el.
1780+ - d/t/control, d/t/smoke-qemu-session: fixup smoke-qemu-session by making
1781+ vmlinuz available and accessible (Debian bug 848314)
1782+ - d/t/control, d/t/smoke-lxc: fix up lxc smoke test isolation
1783+ - d/p/ubuntu/ubuntu_machine_type.patch: accept ubuntu types as pci440fx
1784+ - Further upstreamed apparmor Delta, especially any new one
1785+ Our former delta is split into logical pieces and is either Ubuntu only
1786+ or is part of a continuous upstreaming effort.
1787+ Listing related remaining changes in debian/patches/ubuntu-aa/:
1788+ + 0001-apparmor-Allow-pygrub-to-run-on-Debian-Ubuntu.patch: apparmor:
1789+ Allow pygrub to run on Debian/Ubuntu
1790+ + 0003-apparmor-libvirt-qemu-Allow-read-access-to-overcommi.patch:
1791+ apparmor, libvirt-qemu: Allow read access to overcommit_memory
1792+ + 0007-apparmor-libvirt-qemu-Allow-owner-read-access-to-PRO.patch:
1793+ apparmor, libvirt-qemu: Allow owner read access to @{PROC}/*/auxv
1794+ + 0017-apparmor-virt-aa-helper-Allow-access-to-tmp-director.patch:
1795+ apparmor, virt-aa-helper: Allow access to tmp directories
1796+ + ubuntu-aa/0020-virt-aa-helper-ubuntu-storage-paths.patch:
1797+ apparmor, virt-aa-helper: Allow various storage pools and image
1798+ locations
1799+ + 0021-apparmor-virt-aa-helper-Add-openvswitch-support.patch:
1800+ apparmor, virt-aa-helper: Add openvswitch support
1801+ + 0029-appmor-libvirt-qemu-Add-9p-support.patch: appmor,
1802+ libvirt-qemu: Add 9p support
1803+ + 0030-virt-aa-helper-Complete-9p-support.patch: virt-aa-helper:
1804+ add l to 9p file options.
1805+ + 0031-virt-aa-helper-Ask-for-no-deny-rule-for-readonly-dis.patch:
1806+ virt-aa-helper: Ask for no deny rule for readonly disk (renamed and
1807+ reworded, was virt-aa-helper-no-explicity-deny-for-basefiles.patch)
1808+ + 0032-apparmor-libvirt-qemu-Allow-reading-charm-specific-c.patch:
1809+ apparmor, libvirt-qemu: Allow reading charm-specific ceph config
1810+ + 0033-UBUNTU-only-apparmor-for-kvm.powerpc-LP-1680384.patch: allow
1811+ commands executed by ubuntu only kvm wrapper on ppc64el
1812+ (LP 1686621 LP 1680384 LP 1784023)
1813+ + 0034-apparmor-virt-aa-helper-access-for-snapped-nova.patch:
1814+ apparmor, virt-aa-helper: access for snapped nova
1815+ + d/p/ubuntu-aa/0050-local-include-for-libvirt-qemu.patch,
1816+ d/libvirt-daemon-system.postinst: provide a local apparmor include
1817+ for abstraction/libvirt-qemu (LP: 1786019)
1818+ + d/p/ubuntu-aa/lp-1815910-allow-vhost-net.patch: avoid apparmor issues
1819+ with vhost-net/vhost-vsock/vhost-scsi hotplug (LP: 1815910)
1820+ - d/rules: enable build time self tests on all architectures
1821+ - dnsmasq related enhancements
1822+ + run dnsmasq as libvirt-dnsmasq (LP: 1743718)
1823+ + d/libvirt-daemon-system.postinst: add libvirt-dnsmasq user and group
1824+ + d/libvirt-daemon-system.postrm: remove libvirt-dnsmasq user and group
1825+ on purge
1826+ + d/p/ubuntu/dnsmasq-as-priv-user: write dnsmasq config with user
1827+ libvirt-dnsmasq and adapt the self tests to expect that config
1828+ + d/libvirt-daemon-system.postinst: fix old libvirt-dnsmasq users group
1829+ + Add dnsmasq configuration to work with system wide dnsmasq-base
1830+ - debian/rules: disable the netcf backend. (LP: 1764314)
1831+ - debian/control: drop libnetcf from Build-Depends.
1832+ - debian/patches/ubuntu/ovmf_paths.patch: adjust paths to secboot.fd UEFI
1833+ Secure Boot enabled variants of the OVMF firmware and variable store for
1834+ the paths where we ship these files in Ubuntu.
1835+ - d/rules: install virtlockd correctly with defaults file (LP: 1729516)
1836+ - d/rules: also check build time self test results on all architectures
1837+ - d/p/ubuntu/set-default-machine-to-ubuntu.patch: to select default
1838+ machine type correctly with newer qemu/libvirt
1839+ - d/t/control: fix smoke-qemu-session by ensuring the service will run
1840+ installing libvirt-daemon-system
1841+ - d/t/smoke-lxc: fix smoke-lxc by ignoring potential issues on destroy as
1842+ long as the following undefine succeeds
1843+ - avoid service dependency issues on upgrade (LP: 1786179)
1844+ This will in the long term be resolved in dh_* tools, but to let an
1845+ upgrade work for now we need to drop the sysV scripts (which we don't
1846+ use anyway) and slightly modify the systemd service to work with todays
1847+ dh_systemd_start properly. Can be dropped once Debian bug 905772 is
1848+ resolved in dh_* tools and libvirt uses those new code.
1849+ - d/libvirt-daemon-system.virtlogd.init: removed sysV init file
1850+ - d/libvirt-daemon-system.libvirtd.init: removed sysV init file
1851+ - debian/libvirt-daemon-system.maintscript: rm_conffile for virtlogd
1852+ and lbivirtd sysV init file
1853+ - d/p/ubuntu/avoid-restarting-virtlog-socket.patch: drop Also references
1854+ to virtlogd/virtlockd sockets as they would imply a restart of
1855+ virtlogd breaking it.
1856+ - d/t/smoke-lxc: use systemd instead of sysV to restart the service
1857+ * Added Changes:
1858+ - Refreshed patches to match new upstream
1859+ - d/p/Reduce-udevadm-settle-timeout-to-10-seconds.patch
1860+ - d/p/ubuntu/ubuntu_machine_type.patch
1861+ - d/control: Revert iptables/ebtables dependency as Eoan still is on 1.6.x
1862+ This can be dropped once >=1.8.1
1863+ - d/rules: adapt iptables binary paths present in Eoan (LP: #1832297)
1864+ This can be dropped once >=1.8.1
1865+ - d/p/ubuntu/dnsmasq-as-priv-user: update to include the new test
1866+ nat-network-mtu
1867+ - revert [c3c4cd4] drop in helper for firewalld as it is disabled on
1868+ Ubuntu [can be squashed with the disabling of firewalld on next merge]
1869+ - d/libvirt0.symbols: bump symbol versions for 5.4.0
1870+ - d/rules: add --no-restart-after-upgrade to services that are supposed to
1871+ stay up through upgrades - this also applies to related sockets.
1872+ * Dropped Changes (upstream)
1873+ - d/p/ubuntu-aa/lp-1804766-*: Allow rendering node access as needed
1874+ for the ease use of mdev and gl devices (LP: 1804766)
1875+ - d/p/ubuntu/lp-1771662-*: fix handling of VFs without associated PF
1876+ (LP: 1771662)
1877+ - d/p/ubuntu/lp-1825195-*.patch: fix issues with old guests that defined
1878+ the never functional osxsave and ospke features (LP: 1825195).
1879+ - d/p/ubuntu-aa/lp-1829223-virt-aa-helper-allow-vhost-scsi.patch fix
1880+ vhost-scsi hotplug in virt-aa-helper (LP: 1829223)
1881+ - SECURITY UPDATE: Add support for md-clear functionality
1882+ + debian/patches/ubuntu/md-clear.patch: Define md-clear CPUID bit in
1883+ src/cpu_map/x86_features.xml.
1884+ + CVE-2018-12126, CVE-2018-12127, CVE-2018-12130, CVE-2019-11091
1885+ - Implement further apparmor rules for usage of gl enabled
1886+ graphics (LP: 1815452)
1887+ + d/p/ubuntu-aa/lp-1815452-more-gl-rules.patch
1888+ + d/p/ubuntu-aa/lp-1815452-virt-aa-helper-rule.patch
1889+ - Implement further apparmor rules for usage of gl enabled
1890+ graphics with nvidia cards (LP: 1817943)
1891+ + d/p/ubuntu-aa/lp-1817943-nvidia-gl-rules.patch
1892+ + d/p/ubuntu-aa/lp-1817943-devices-in-sysfs.patch
1893+ * Dropped Changes (in Debian)
1894+ - d/rules: strip -Bsymbolic-functions from linker flags as it breaks
1895+ libvirt tests
1896+
1897+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Fri, 07 Jun 2019 11:55:52 +0200
1898+
1899+libvirt (5.3.0-1~1.gbp7b1637) UNRELEASED; urgency=medium
1900+
1901+ ** SNAPSHOT build @7b1637605da9224c46ebf3a243fa725d643e7556 **
1902+
1903+ [ Guido GΓΌnther ]
1904+ * [fb43676] d/control: Drop dh-autoreconf build-dep.
1905+ Not needed for dh compat > 10.
1906+ * [81d21d5] d/not-installed: Use multi-arch dirs.
1907+ Files moved during the dh12 switch.
1908+ * [428ad14] New upstream version 5.3.0~rc2
1909+ * [641e532] New upstream version 5.3.0
1910+
1911+ [ Christian Ehrhardt ]
1912+ * [c28c3b3] d/libvirt0.install: install translations
1913+ * [c3c4cd4] d/libvirt-daemon-system.install: drop in helper for firewalld
1914+ * [3e8b43c] d/not-installed: ignore default files /etc/sysconfig
1915+ * [c223d7f] d/libvirt-daemon-system.examples: ship sysctl config as example
1916+ * [f19acf6] d/libvirt-daemon-system.install: ship libxl-sanlock.conf
1917+ (Closes: #919484)
1918+
1919+ [ Andrea Bolognani ]
1920+ * [6a2eae3] Simplify and improve watch file.
1921+
1922+ -- Guido GΓΌnther <agx@sigxcpu.org> Mon, 06 May 2019 13:06:27 +0200
1923+
1924 libvirt (5.2.0-2) experimental; urgency=medium
1925
1926 [ Guido GΓΌnther ]
1927@@ -1021,6 +2862,199 @@ libvirt (5.0.0-2) unstable; urgency=medium
1928
1929 -- Guido GΓΌnther <agx@sigxcpu.org> Sun, 07 Apr 2019 12:36:21 +0200
1930
1931+libvirt (5.0.0-1ubuntu4) eoan; urgency=medium
1932+
1933+ * d/p/ubuntu/lp-1825195-*.patch: fix issues with old guests that defined
1934+ the never functional osxsave and ospke features (LP: #1825195).
1935+ * d/p/series: reorder ubuntu Delta
1936+ * d/p/ubuntu-aa/lp-1815910-allow-vhost-net.patch: avoid apparmor issues
1937+ with vhost-net/vhost-vsock/vhost-scsi hotplug (LP: #1815910)
1938+ * d/p/ubuntu-aa/lp-1829223-virt-aa-helper-allow-vhost-scsi.patch fix
1939+ vhost-scsi hotplug in virt-aa-helper (LP: #1829223)
1940+
1941+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Thu, 16 May 2019 10:42:09 +0200
1942+
1943+libvirt (5.0.0-1ubuntu3) eoan; urgency=medium
1944+
1945+ * SECURITY UPDATE: Add support for md-clear functionality
1946+ - debian/patches/ubuntu/md-clear.patch: Define md-clear CPUID bit in
1947+ src/cpu_map/x86_features.xml.
1948+ - CVE-2018-12126, CVE-2018-12127, CVE-2018-12130, CVE-2019-11091
1949+
1950+ -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Tue, 14 May 2019 14:48:05 -0400
1951+
1952+libvirt (5.0.0-1ubuntu2) disco; urgency=medium
1953+
1954+ * Implement further apparmor rules for usage of gl enabled
1955+ graphics (LP: #1815452)
1956+ - d/p/ubuntu-aa/lp-1815452-more-gl-rules.patch
1957+ - d/p/ubuntu-aa/lp-1815452-virt-aa-helper-rule.patch
1958+ * Implement further apparmor rules for usage of gl enabled
1959+ graphics with nvidia cards (LP: #1817943)
1960+ - d/p/ubuntu-aa/lp-1817943-nvidia-gl-rules.patch
1961+ - d/p/ubuntu-aa/lp-1817943-devices-in-sysfs.patch
1962+ * d/p/ubuntu-aa/lp-1804766-*: updated to the upstream accepted
1963+ version (no functional change, LP: 1804766)
1964+
1965+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Tue, 12 Feb 2019 11:27:14 +0100
1966+
1967+libvirt (5.0.0-1ubuntu1) disco; urgency=medium
1968+
1969+ * Merged with Debian unstable
1970+ Among many other new features and fixes this includes fixes for:
1971+ LP: #1754871 - 1799446 zPCI passthrough support for KVM
1972+ LP: #1811198 - remove arbitrary limit on socket_id/core_id
1973+ Remaining changes:
1974+ - Disable libssh2 support (universe dependency)
1975+ - Disable firewalld support (universe dependency)
1976+ - Set qemu-group to kvm (for compat with older ubuntu)
1977+ - Additional apport package-hook
1978+ - Autostart default bridged network (As upstream does, but not Debian).
1979+ In addition to just enabling it our solution provides:
1980+ + do not autostart if subnet is already taken (e.g. in guests).
1981+ + iterate some alternative subnets before giving up
1982+ - d/p/ubuntu/Allow-libvirt-group-to-access-the-socket.patch: This is
1983+ the group based access to libvirt functions as it was used in Ubuntu
1984+ for quite long.
1985+ + d/p/ubuntu/daemon-augeas-fix-expected.patch fix some related tests
1986+ due to the group access change.
1987+ + d/libvirt-daemon-system.postinst: add users in sudo to the libvirt
1988+ group.
1989+ - ubuntu/parallel-shutdown.patch: set parallel shutdown by default.
1990+ - Update Vcs-Git and Vcs-Browser fields to point to launchpad
1991+ - Xen related
1992+ - d/p/ubuntu/ubuntu-libxl-qemu-path.patch: this change was split. The
1993+ section that adapts the path of the emulator to the Debian/Ubuntu
1994+ packaging is kept.
1995+ - d/p/ubuntu/ubuntu-libxl-Fix-up-VRAM-to-minimum-requirements.patch: auto
1996+ set VRAM to minimum requirements
1997+ - d/p/ubuntu/xen-default-uri.patch: set default URI on xen hosts
1998+ - Add libxl log directory
1999+ - libvirt-uri.sh: Automatically switch default libvirt URI for users on
2000+ Xen dom0 via user profile (was missing on changelogs before)
2001+ - d/p/ubuntu/apibuild-skip-libvirt-common.h: drop libvirt-common.h from
2002+ included_files to avoid build failures due to duplicate definitions.
2003+ - Update README.Debian with Ubuntu changes
2004+ - Enable some additional features on ppc64el and s390x (for arch parity)
2005+ + systemtap, zfs, numa and numad on s390x.
2006+ + systemtap on ppc64el.
2007+ - d/t/control, d/t/smoke-qemu-session: fixup smoke-qemu-session by making
2008+ vmlinuz available and accessible (Debian bug 848314)
2009+ - d/t/control, d/t/smoke-lxc: fix up lxc smoke test isolation
2010+ - d/p/ubuntu/ubuntu_machine_type.patch: accept ubuntu types as pci440fx
2011+ - Further upstreamed apparmor Delta, especially any new one
2012+ Our former delta is split into logical pieces and is either Ubuntu only
2013+ or is part of a continuous upstreaming effort.
2014+ Listing related remaining changes in debian/patches/ubuntu-aa/:
2015+ + 0001-apparmor-Allow-pygrub-to-run-on-Debian-Ubuntu.patch: apparmor:
2016+ Allow pygrub to run on Debian/Ubuntu
2017+ + 0003-apparmor-libvirt-qemu-Allow-read-access-to-overcommi.patch:
2018+ apparmor, libvirt-qemu: Allow read access to overcommit_memory
2019+ + 0007-apparmor-libvirt-qemu-Allow-owner-read-access-to-PRO.patch:
2020+ apparmor, libvirt-qemu: Allow owner read access to @{PROC}/*/auxv
2021+ + 0017-apparmor-virt-aa-helper-Allow-access-to-tmp-director.patch:
2022+ apparmor, virt-aa-helper: Allow access to tmp directories
2023+ + ubuntu-aa/0020-virt-aa-helper-ubuntu-storage-paths.patch:
2024+ apparmor, virt-aa-helper: Allow various storage pools and image
2025+ locations
2026+ + 0021-apparmor-virt-aa-helper-Add-openvswitch-support.patch:
2027+ apparmor, virt-aa-helper: Add openvswitch support
2028+ + 0029-appmor-libvirt-qemu-Add-9p-support.patch: appmor,
2029+ libvirt-qemu: Add 9p support
2030+ + 0030-virt-aa-helper-Complete-9p-support.patch: virt-aa-helper:
2031+ add l to 9p file options.
2032+ + 0031-virt-aa-helper-Ask-for-no-deny-rule-for-readonly-dis.patch:
2033+ virt-aa-helper: Ask for no deny rule for readonly disk (renamed and
2034+ reworded, was virt-aa-helper-no-explicity-deny-for-basefiles.patch)
2035+ + 0032-apparmor-libvirt-qemu-Allow-reading-charm-specific-c.patch:
2036+ apparmor, libvirt-qemu: Allow reading charm-specific ceph config
2037+ + 0033-UBUNTU-only-apparmor-for-kvm.powerpc-LP-1680384.patch: allow
2038+ commands executed by ubuntu only kvm wrapper on ppc64el
2039+ (LP 1686621 LP 1680384 LP 1784023)
2040+ + 0034-apparmor-virt-aa-helper-access-for-snapped-nova.patch:
2041+ apparmor, virt-aa-helper: access for snapped nova
2042+ + d/p/ubuntu-aa/0050-local-include-for-libvirt-qemu.patch,
2043+ d/libvirt-daemon-system.postinst: provide a local apparmor include
2044+ for abstraction/libvirt-qemu (LP: 1786019)
2045+ - d/rules: enable build time self tests on all architectures
2046+ - dnsmasq related enhancements
2047+ + run dnsmasq as libvirt-dnsmasq (LP: 1743718)
2048+ + d/libvirt-daemon-system.postinst: add libvirt-dnsmasq user and group
2049+ + d/libvirt-daemon-system.postrm: remove libvirt-dnsmasq user and group on
2050+ purge
2051+ + d/p/ubuntu/dnsmasq-as-priv-user: write dnsmasq config with user
2052+ libvirt-dnsmasq and adapt the self tests to expect that config
2053+ + d/libvirt-daemon-system.postinst: fix old libvirt-dnsmasq users group
2054+ + Add dnsmasq configuration to work with system wide dnsmasq-base
2055+ - debian/rules: disable the netcf backend. (LP: 1764314)
2056+ - debian/control: drop libnetcf from Build-Depends.
2057+ - debian/patches/ubuntu/ovmf_paths.patch: adjust paths to secboot.fd UEFI
2058+ Secure Boot enabled variants of the OVMF firmware and variable store for
2059+ the paths where we ship these files in Ubuntu.
2060+ - d/rules: install virtlockd correctly with defaults file (LP: 1729516)
2061+ - avoid service dependency issues on upgrade (LP: 1786179)
2062+ This will in the long term be resolved in dh_* tools, but to let an
2063+ upgrade work for now we need to drop the sysV scripts (which we don't
2064+ use anyway) and slightly modify the systemd service to work with todays
2065+ dh_systemd_start properly. Can be dropped once Debian bug 905772 is
2066+ resolved in dh_* tools and libvirt uses those new code.
2067+ - d/libvirt-daemon-system.virtlogd.init: removed sysV init file
2068+ - d/libvirt-daemon-system.libvirtd.init: removed sysV init file
2069+ - debian/libvirt-daemon-system.maintscript: rm_conffile for virtlogd
2070+ and lbivirtd sysV init file
2071+ - d/p/ubuntu/avoid-restarting-virtlog-socket.patch: drop Also references
2072+ to virtlogd/virtlockd sockets as they would imply a restart of
2073+ virtlogd breaking it.
2074+ - d/t/smoke-lxc: use systemd instead of sysV to restart the service
2075+ * Added Changes:
2076+ - Refresh d/p/ubuntu/ubuntu-libxl-qemu-path.patch for new context
2077+ - d/rules: also check build time self test results on all architectures
2078+ - d/rules: strip -Bsymbolic-functions from linker flags as it breaks
2079+ libvirt tests
2080+ - d/p/ubuntu/set-default-machine-to-ubuntu.patch: to select default
2081+ machine type correctly with newer qemu/libvirt
2082+ - d/p/ubuntu-aa/lp-1804766-*: Allow rendering node access as needed
2083+ for the ease use of mdev and gl devices (LP: #1804766)
2084+ - refreshed d/p/ubuntu-aa for updated paths in libvirt 5.0
2085+ - d/t/control: fix smoke-qemu-session by ensuring the service will run
2086+ installing libvirt-daemon-system
2087+ - d/t/smoke-lxc: fix smoke-lxc by ignoring potential issues on destroy as
2088+ long as the following undefine succeeds
2089+ - d/p/ubuntu/lp-1771662-*: fix handling of VFs without associated PF
2090+ (LP: #1771662)
2091+ * Dropped Changes (upstream)
2092+ - debian/patches/ubuntu/lp1787405-*: Support guest dedicated Crypto
2093+ Adapters on s390x (LP: 1787405)
2094+ - d/p/ubuntu/lp-1802727-netdevbridge-fall-back-to-ioctl-from-sysfs.patch:
2095+ fix libvirt bridge handling in unprivileged containers (LP: 1802906)
2096+ - d/p/ubuntu-aa/lp-1788603-fix-ptrace-rules-with-kernel-4.18.patch:
2097+ avoid issues with newer kernels >=4.18 (LP: 1788603)
2098+ - Fix an issue where guests with plenty of hostdevs attached where detected
2099+ as not shut down due to the kernel needing more time to free up
2100+ resources (LP: 1788226)
2101+ - d/p/ubuntu/lp-1788226-wait-longer-5-30s-on-hard-shutdown.patch
2102+ - d/p/ubuntu/lp-1788226-wait-longer-on-kill-per-assigned-Hostdev.patch
2103+ - 0025-apparmor-fix-newer-virt-manager-1.4.0.patch: Add Apparmor
2104+ permissions so virt-manager 1.4.0 viewing works (LP 1668681 1747442).
2105+ - 0040-apparmor-add-mediation-rules-for-unconfined.patch:
2106+ apparmor: add mediation rules for unconfined guests
2107+ - d/p/ubuntu-aa/0051-allow-user-tmp.patch: some features need tmp, but we
2108+ don't want blanket access. We only allow enumerating the base dir and
2109+ reading owned files. Further features needing /tmp have to add local
2110+ overrides, examples are qemu-smb and some modes of local snapshots.
2111+ (LP: 1365261) Can be dropped >=libvirt 4.7
2112+ - d/p/ubuntu-aa/0052-allow-to-preserve-dev-mountpoints.patch: Allow to
2113+ preserve /dev mountpoints in qemu namespaces (LP: 1786168)
2114+ Can be dropped >=libvirt 4.7
2115+ - d/p/ubuntu/enable-kvm-spice.patch: compat with older Ubuntu qemu/kvm
2116+ which provided a separate kvm-spice. Upstream completely dropped
2117+ alternative types and kvm-spice is a symlink for quite some time.
2118+ Builtin expected binaries work, so drop this delta.
2119+ * Dropped Changes (in Debian)
2120+ - Convert libvirt0, libnss_libvirt and libvirt-dev to multi-arch.
2121+
2122+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Tue, 08 Jan 2019 13:09:31 +0100
2123+
2124 libvirt (5.0.0-1) unstable; urgency=medium
2125
2126 * [7346f30] New upstream version 5.0.0
2127@@ -1080,6 +3114,297 @@ libvirt (4.7.0-1) unstable; urgency=medium
2128
2129 -- Guido GΓΌnther <agx@sigxcpu.org> Sun, 09 Sep 2018 21:42:33 +0200
2130
2131+libvirt (4.6.0-2ubuntu6) disco; urgency=medium
2132+
2133+ * No-change rebuild for readline soname change.
2134+
2135+ -- Matthias Klose <doko@ubuntu.com> Tue, 15 Jan 2019 10:26:04 +0000
2136+
2137+libvirt (4.6.0-2ubuntu5) disco; urgency=medium
2138+
2139+ * d/p/ubuntu/lp1787405-0008-qemu-mdev-Use-vfio-pci-display-property-only
2140+ -with-vf.patch: fix handling of non PCI vfio display propery (part
2141+ of LP: #1787405)
2142+
2143+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Thu, 06 Dec 2018 09:20:39 +0100
2144+
2145+libvirt (4.6.0-2ubuntu4) disco; urgency=medium
2146+
2147+ * debian/patches/ubuntu/lp1787405-*: Support guest dedicated Crypto
2148+ Adapters on s390x (LP: #1787405)
2149+ * d/p/ubuntu/lp-1802727-netdevbridge-fall-back-to-ioctl-from-sysfs.patch:
2150+ fix libvirt bridge handling in unprivileged containers (LP: #1802906)
2151+
2152+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Fri, 09 Nov 2018 07:42:01 +0100
2153+
2154+libvirt (4.6.0-2ubuntu3) cosmic; urgency=medium
2155+
2156+ * d/p/ubuntu-aa/lp-1788603-fix-ptrace-rules-with-kernel-4.18.patch:
2157+ avoid issues with newer kernels >=4.18 (LP: #1788603)
2158+
2159+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Mon, 27 Aug 2018 10:57:57 +0200
2160+
2161+libvirt (4.6.0-2ubuntu2) cosmic; urgency=medium
2162+
2163+ * Fix an issue where guests with plenty of hostdevs attached where detected
2164+ as not shut down due to the kernel needing more time to free up
2165+ resources (LP: #1788226)
2166+ - d/p/ubuntu/lp-1788226-wait-longer-5-30s-on-hard-shutdown.patch
2167+ - d/p/ubuntu/lp-1788226-wait-longer-on-kill-per-assigned-Hostdev.patch
2168+
2169+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Tue, 21 Aug 2018 17:51:43 +0200
2170+
2171+libvirt (4.6.0-2ubuntu1) cosmic; urgency=medium
2172+
2173+ * Merged with Debian unstable (LP: #1786957).
2174+ Among many other new features and fixes this includes fixes
2175+ for (LP: #1754871), Remaining changes:
2176+ - Disable libssh2 support (universe dependency)
2177+ - Disable firewalld support (universe dependency)
2178+ - Set qemu-group to kvm (for compat with older ubuntu)
2179+ - Additional apport package-hook
2180+ - Autostart default bridged network (As upstream does, but not Debian).
2181+ In addition to just enabling it our solution provides:
2182+ + do not autostart if subnet is already taken (e.g. in guests).
2183+ + iterate some alternative subnets before giving up
2184+ - d/p/ubuntu/Allow-libvirt-group-to-access-the-socket.patch: This is
2185+ the group based access to libvirt functions as it was used in Ubuntu
2186+ for quite long.
2187+ + d/p/ubuntu/daemon-augeas-fix-expected.patch fix some related tests
2188+ due to the group access change.
2189+ + d/libvirt-daemon-system.postinst: add users in sudo to the libvirt
2190+ group.
2191+ - ubuntu/parallel-shutdown.patch: set parallel shutdown by default.
2192+ - d/p/ubuntu/enable-kvm-spice.patch: compat with older Ubuntu qemu/kvm
2193+ which provided a separate kvm-spice.
2194+ - Xen related
2195+ - d/p/ubuntu/ubuntu-libxl-qemu-path.patch: this change was split. The
2196+ section that adapts the path of the emulator to the Debian/Ubuntu
2197+ packaging is kept.
2198+ - d/p/ubuntu/ubuntu-libxl-Fix-up-VRAM-to-minimum-requirements.patch: auto
2199+ set VRAM to minimum requirements
2200+ - d/p/ubuntu/xen-default-uri.patch: set default URI on xen hosts
2201+ - Add libxl log directory
2202+ - libvirt-uri.sh: Automatically switch default libvirt URI for users on
2203+ Xen dom0 via user profile (was missing on changelogs before)
2204+ - d/p/ubuntu/apibuild-skip-libvirt-common.h: drop libvirt-common.h from
2205+ included_files to avoid build failures due to duplicate definitions.
2206+ - Update README.Debian with Ubuntu changes
2207+ - Convert libvirt0, libnss_libvirt and libvirt-dev to multi-arch.
2208+ - Enable some additional features on ppc64el and s390x (for arch parity)
2209+ + systemtap, zfs, numa and numad on s390x.
2210+ + systemtap on ppc64el.
2211+ - d/t/control, d/t/smoke-qemu-session: fixup smoke-qemu-session by making
2212+ vmlinuz available and accessible (Debian bug 848314)
2213+ - d/t/control, d/t/smoke-lxc: fix up lxc smoke test isolation
2214+ - Add dnsmasq configuration to work with system wide dnsmasq (drop >18.04,
2215+ no more UCA onto Xenial then which has global dnsmasq by default).
2216+ - d/p/ubuntu/ubuntu_machine_type.patch: accept ubuntu types as pci440fx
2217+ - Further upstreamed apparmor Delta, especially any new one
2218+ Our former delta is split into logical pieces and is either Ubuntu only
2219+ or is part of a continuous upstreaming effort.
2220+ Listing related remaining changes in debian/patches/ubuntu-aa/:
2221+ + 0001-apparmor-Allow-pygrub-to-run-on-Debian-Ubuntu.patch: apparmor:
2222+ Allow pygrub to run on Debian/Ubuntu
2223+ + 0003-apparmor-libvirt-qemu-Allow-read-access-to-overcommi.patch:
2224+ apparmor, libvirt-qemu: Allow read access to overcommit_memory
2225+ + 0007-apparmor-libvirt-qemu-Allow-owner-read-access-to-PRO.patch:
2226+ apparmor, libvirt-qemu: Allow owner read access to @{PROC}/*/auxv
2227+ + 0017-apparmor-virt-aa-helper-Allow-access-to-tmp-director.patch:
2228+ apparmor, virt-aa-helper: Allow access to tmp directories
2229+ + ubuntu-aa/0020-virt-aa-helper-ubuntu-storage-paths.patch:
2230+ apparmor, virt-aa-helper: Allow various storage pools and image
2231+ locations
2232+ + 0021-apparmor-virt-aa-helper-Add-openvswitch-support.patch:
2233+ apparmor, virt-aa-helper: Add openvswitch support
2234+ + 0025-apparmor-fix-newer-virt-manager-1.4.0.patch: Add Apparmor
2235+ permissions so virt-manager 1.4.0 viewing works (LP 1668681 1747442).
2236+ Can be dropped >=libvirt 4.7
2237+ + 0029-appmor-libvirt-qemu-Add-9p-support.patch: appmor,
2238+ libvirt-qemu: Add 9p support
2239+ + 0030-virt-aa-helper-Complete-9p-support.patch: virt-aa-helper:
2240+ add l to 9p file options.
2241+ + 0031-virt-aa-helper-Ask-for-no-deny-rule-for-readonly-dis.patch:
2242+ virt-aa-helper: Ask for no deny rule for readonly disk (renamed and
2243+ reworded, was virt-aa-helper-no-explicity-deny-for-basefiles.patch)
2244+ + 0032-apparmor-libvirt-qemu-Allow-reading-charm-specific-c.patch:
2245+ apparmor, libvirt-qemu: Allow reading charm-specific ceph config
2246+ + 0033-UBUNTU-only-apparmor-for-kvm.powerpc-LP-1680384.patch: allow
2247+ commands executed by ubuntu only kvm wrapper on ppc64el
2248+ (LP 1686621 & LP 1680384).
2249+ + 0034-apparmor-virt-aa-helper-access-for-snapped-nova.patch:
2250+ apparmor, virt-aa-helper: access for snapped nova
2251+ + 0040-apparmor-add-mediation-rules-for-unconfined.patch:
2252+ apparmor: add mediation rules for unconfined guests
2253+ Can be dropped >=libvirt 4.7
2254+ - d/rules: enable build time self tests on all architectures
2255+ - run dnsmasq as libvirt-dnsmasq (LP: 1743718)
2256+ + d/libvirt-daemon-system.postinst: add libvirt-dnsmasq user and group
2257+ + d/libvirt-daemon-system.postrm: remove libvirt-dnsmasq user and group on
2258+ purge
2259+ + d/p/ubuntu/dnsmasq-as-priv-user: write dnsmas config with user
2260+ libvirt-dnsmasq and adapt the self tests to expect that config
2261+ + d/libvirt-daemon-system.postinst: fix old libvirt-dnsmasq users
2262+ - debian/rules: disable the netcf backend. (LP: 1764314)
2263+ - debian/control: drop libnetcf from Build-Depends.
2264+ - ddebian/patches/ubuntu/ovmf_paths.patch: adjust paths to secboot.fd UEFI
2265+ Secure Boot enabled variants of the OVMF firmware and variable store for
2266+ the paths where we ship these files in Ubuntu.
2267+ - d/rules: install virtlockd correctly with defaults file (LP: 1729516)
2268+ * Added Changes
2269+ - 0032-apparmor-libvirt-qemu-Allow-reading-charm-specific-c.patch:
2270+ updated to take care of no more silencing and thereby hiding denials
2271+ (LP 1719579 is an example)
2272+ - 0032-apparmor-libvirt-qemu-Allow-reading-charm-specific-c.patch:
2273+ updated to also allow the optionally placed ceph asok file (LP: #1779674)
2274+ - 0033-UBUNTU-only-apparmor-for-kvm.powerpc-LP-1680384.patch: prepare
2275+ profile for usrmerge (LP: #1784023)
2276+ - Finalize the libvirt-bin -> libvirt-* transition in the apport
2277+ package-hook.
2278+ - d/p/ubuntu-aa/0050-local-include-for-libvirt-qemu.patch,
2279+ d/libvirt-daemon-system.postinst: provide a local apparmor include
2280+ for abstraction/libvirt-qemu (LP: #1786019)
2281+ - d/p/ubuntu-aa/0051-allow-user-tmp.patch: some features need tmp, but we
2282+ don't want blanket access. We only allow enumerating the base dir and
2283+ reading owned files. Further features needing /tmp have to add local
2284+ overrides, examples are qemu-smb and some modes of local snapshots.
2285+ (LP: #1365261) Can be dropped >=libvirt 4.7
2286+ - d/p/ubuntu-aa/0052-allow-to-preserve-dev-mountpoints.patch: Allow to
2287+ preserve /dev mountpoints in qemu namespaces (LP: #1786168)
2288+ Can be dropped >=libvirt 4.7
2289+ - avoid service dependency issues on upgrade (LP: #1786179)
2290+ This will in the long term be resolved in dh_* tools, but to let an
2291+ upgrade work for now we need to drop the sysV scripts (which we don't
2292+ use anyway) and slightly modify the systemd service to work with todays
2293+ dh_systemd_start properly. Can be dropped once Debian bug 905772 is
2294+ resolved in dh_* tools and libvirt uses those new code.
2295+ - d/libvirt-daemon-system.virtlogd.init: removed sysV init file
2296+ - d/libvirt-daemon-system.libvirtd.init: removed sysV init file
2297+ - debian/libvirt-daemon-system.maintscript: rm_conffile for virtlogd
2298+ and lbivirtd sysV init file
2299+ - d/p/ubuntu/avoid-restarting-virtlog-socket.patch: drop Also references
2300+ to virtlogd/virtlockd sockets as they would imply a restart of
2301+ virtlogd breaking it.
2302+ - d/t/smoke-lxc: use systemd instead of sysV to restart the service
2303+ * Dropped Changes (upstream)
2304+ - d/p/ubuntu/virt-aa-helper-Set-the-supported-features.patch: allow parsing
2305+ of memory slots and other extended features without breaking
2306+ virt-aa-helper (LP: 1746431).
2307+ - d/p/stable/0001-Revert-qemu-monitor-do-not-report-error-on-shutdown.patch
2308+ - d/p/stable/0002-nodedev-Fix-failing-to-parse-PCI-address-for-non-PCI.patch
2309+ - d/p/stable/0003-qemu-assign-correct-type-of-PCI-address-for-vhost-sc.patch
2310+ - d/p/stable/0004-qemu-Refresh-caps-cache-after-booting-a-different-ke.patch
2311+ - d/p/stable/0005-qemu-auto-add-generic-xhci-rather-than-NEC-xhci-to-Q.patch
2312+ - d/p/stable/0006-libvirtd-Explicit-dependency-on-systemd-machined.patch
2313+ - d/p/stable/0007-rpc-fix-race-sending-and-encoding-sasl-data.patch
2314+ - d/p/stable/0008-vhost-user-add-support-reconnect-for-vhost-user-port.patch
2315+ - d/p/stable/0009-qemu-Fix-memory-leak-in-processGuestPanicEvent.patch
2316+ - d/p/stable/0010-storage-util-Properly-ignore-errors-when-backing-vol.patch
2317+ - d/p/stable/0011-conf-Use-correct-attribute-name-in-error-message.patch
2318+ - d/p/stable/0012-util-json-Add-helper-to-return-string-or-number-prop.patch
2319+ - d/p/stable/0013-util-storage-Parse-lun-for-iSCSI-protocol-from-JSON-.patch
2320+ - d/p/stable/0014-virsh-Offer-only-persistent-domains-for-autostart.patch
2321+ - d/p/stable/0015-blockjob-Fix-a-error-checking-of-blockjob-status-in-.patch
2322+ - d/p/stable/0016-qemu-Expose-rx-tx_queue_size-in-qemu.conf-too.patch
2323+ - d/p/stable/0017-qemu-migration-Refresh-device-information-after-tran.patch
2324+ - d/p/stable/0018-qemuDomainRemoveMemoryDevice-unlink-memory-backing-f.patch
2325+ - d/p/stable/0019-vbox-fix-SEGV-during-dumpxml-of-a-serial-port.patch
2326+ - d/p/stable/0020-qemu-Initialize-priv-in-qemuDomainCoreDumpWithFormat.patch
2327+ - d/p/stable/0021-fix-regex-to-check-CN-from-server-certificate.patch
2328+ - d/p/stable/0022-storage-Fix-formatting-and-parsing-of-qemu-type-Unix.patch
2329+ - d/p/stable/0023-util-storage-Remove-detected-authentication-data-for.patch
2330+ - d/p/stable/0024-qemu-blockcopy-Add-check-for-bandwidth.patch
2331+ - d/p/stable/0025-conf-move-generated-member-from-virMacAddr-to-virDom.patch
2332+ - d/p/stable/0026-lxc-Drop-useless-check-in-live-device-update.patch
2333+ - d/p/stable/0027-Pass-oldDev-to-virDomainDefCompatibleDevice-on-devic.patch
2334+ - d/p/stable/0028-qemu-Fix-updating-device-with-boot-order.patch
2335+ - d/p/stable/0030-daemon-fix-rpc-event-leak-on-error-path-in-remoteDis.patch
2336+ - d/p/stable/0029-lxc-fix-rpc-event-leak-on-error-path-in-virLXCContro.patch
2337+ - d/p/stable/0031-qemu-fix-memory-leak-of-vporttype-during-migration.patch
2338+ - d/p/stable/0032-virsh-fixing-segfault-by-pool-autocompleter-function.patch
2339+ - d/p/stable/0033-qemu-Fix-comparison-assignment-in-qemuDomainUpdateDe.patch
2340+ - d/p/stable/0034-qemu-Fix-memory-leak-in-qemuConnectGetAllDomainStats.patch
2341+ - d/p/stable/0035-libvirtd-fix-potential-deadlock-when-reloading.patch
2342+ - d/p/stable/0036-qemu-Use-correct-bus-type-for-input-devices.patch
2343+ - d/p/stable/0037-qemu-hostdev-Fix-the-error-on-VM-start-with-an-mdev-.patch
2344+ - d/p/stable/0038-conf-Fix-crash-in-virDomainDefCompatibleDevice.patch
2345+ - d/p/ubuntu/lp1688508-tools-avoid-text-spilling-into-variables.patch:
2346+ avoid hanging on shutdown (LP: 1688508)
2347+ - d/p/ubuntu-aa/0041-apparmor-add-ro-rule-for-sasl-GSSAPI-
2348+ plugin-on-etc-g.patch fix issues if sasl is configured (LP: 1696471)
2349+ - d/p/ubuntu-aa/0042-virt-aa-helper-resolve-yet-to-be-created-paths.patch
2350+ ensure symlinks are resolved to get valid rules if interim parts of a path
2351+ are a symlink (LP: 1752361)
2352+ - d/p/ubuntu/lp1688508-tools-fix-variable-scope-in-in-check_guests_shutdown:
2353+ avoid issues shutting down more guests than configured for parallel
2354+ shutdown (LP: 1688508)
2355+ - d/p/ubuntu-aa/lp1756394-virt-aa-helper-resolve-file-symlinks.patch: fix
2356+ using devices that are symlinks (LP: 1756394)
2357+ - Fix nvdimm memory and passthrough input devices for hotplug via
2358+ domain security callbacks backporting upstream commits (LP: 1755153).
2359+ + d/p/ubuntu-aa/lp1755153-apparmor-add-Set-Restore-InputLabel.patch
2360+ + d/p/ubuntu-aa/lp1755153-apparmor-add-Set-Restore-MemoryLabel.patch
2361+ - Fix nvdimm memory and passthrough input devices in initial guest
2362+ description via virt-aa-helper (LP: 1757085).
2363+ + d/p/ubuntu-aa/lp1757085-virt-aa-helper-nvdimm-memory.patch
2364+ + d/p/ubuntu-aa/lp1757085-virt-aa-helper-passthrough-input.patch
2365+ - Fix clean shut down of guests on system shutdown (LP: 1764668)
2366+ + d/p/ubuntu/lp-1764668-do-not-report-unknown-guests.patch
2367+ + d/p/ubuntu/lp-1764668-fix-check_guests_shutdown-loop.patch
2368+ - SECURITY UPDATE: QEMU monitor DoS
2369+ + debian/patches/CVE-2018-1064.patch: add size limit to
2370+ src/qemu/qemu_agent.c.
2371+ + CVE-2018-1064
2372+ - SECURITY UPDATE: Speculative Store Bypass
2373+ + debian/patches/CVE-2018-3639-1.patch: define the 'ssbd' CPUID feature
2374+ bit in src/cpu/cpu_map.xml.
2375+ + debian/patches/CVE-2018-3639-2.patch: define the 'virt-ssbd' CPUID
2376+ feature bit in src/cpu/cpu_map.xml.
2377+ + CVE-2018-3639
2378+ - d/p/ubuntu-aa/lp1775777-vfio-usage-without-initial-hostdev.patch: fix
2379+ hotplug use cases where the initial guest had no hostdev at all and
2380+ therefore vrit-aa-helper did not allow /dev/vfio/vfio (LP: 1775777)
2381+ - debian/patches/ubuntu/lp-1758037-nwfilter-increase-pcap-buffer-size.patch:
2382+ Fix nwfilters that set CTRL_IP_LEARNING set to dhcp failing with "An error
2383+ occurred, but the cause is unknown" due to a buffer being too small
2384+ for pcap with TPACKET_V3 enabled (LP: 1758037)
2385+ - SECURITY UPDATE: code injection via libnss_dns.so
2386+ + debian/patches/CVE-2018-6764-1.patch: determine the hostname on
2387+ startup in src/util/virlog.c.
2388+ + debian/patches/CVE-2018-6764-2.patch: fix syntax-check in
2389+ src/util/virlog.c.
2390+ + debian/patches/CVE-2018-6764-3.patch: fix deadlock obtaining hostname
2391+ in cfg.mk, src/util/virlog.c.
2392+ + CVE-2018-6764
2393+ * Dropped Changes (no upgrade path left that needs those)
2394+ - Backwards compatible handling of group rename (can be dropped >18.04).
2395+ - Modifications to adapt for our delayed switch away from libvirt-bin (can
2396+ be dropped >18.04).
2397+ + d/p/ubuntu/libvirtd-service-add-bin-alias.patch: systemd: define alias
2398+ to old service name so that old references work
2399+ + d/p/ubuntu/libvirtd-init-add-bin-alias.patch: sysv init: define alias
2400+ to old service name so that old references work
2401+ + d/control: transitional package with the old name and maintainer
2402+ scripts to handle the transition
2403+ - fix conffile upgrade handling to avoid obsolete files
2404+ and inactive duplicates (LP 1694159)
2405+ - conffile handling of files dropped in 3.5 (can be dropped >18.04)
2406+ + /etc/init.d/virtlockd was sysv init only
2407+ + /etc/apparmor.d/local/usr.sbin.libvirtd and
2408+ /etc/apparmor.d/local/usr.lib.libvirt.virt-aa-helper are now generated
2409+ by dh_apparmor as needed
2410+ - d/libvirt-daemon-system.maintscript: remove the now dropped conffile
2411+ /etc/cron.daily/libvirt-daemon-system
2412+ * Dropped Changes (cleanups)
2413+ - d/test/smoke-lxc workaround for debbug 848317/867379 (systemd has fixed
2414+ one issue and the other is solved in libvirt by ensuring to move to the
2415+ right cgroups.)
2416+ - remove no more used libvirt-dnsmasq user (this was redundant since
2417+ 4.0.0-1ubuntu5 reintroduced a libvirt-dnsmasq user)
2418+ - Disable selinux (now in main)
2419+
2420+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Sat, 18 Aug 2018 14:40:58 +0200
2421+
2422 libvirt (4.6.0-2) unstable; urgency=medium
2423
2424 * [c33faee] Drop dwarves dependency.
2425@@ -1197,6 +3522,399 @@ libvirt (4.0.0-2) unstable; urgency=medium
2426
2427 -- Guido GΓΌnther <agx@sigxcpu.org> Thu, 08 Feb 2018 19:29:59 +0100
2428
2429+libvirt (4.0.0-1ubuntu13) cosmic; urgency=medium
2430+
2431+ * ddebian/patches/ubuntu/ovmf_paths.patch: adjust paths to secboot.fd UEFI
2432+ Secure Boot enabled variants of the OVMF firmware and variable store for
2433+ the paths where we ship these files in Ubuntu.
2434+
2435+ -- Mathieu Trudel-Lapierre <cyphermox@ubuntu.com> Wed, 27 Jun 2018 11:16:23 -0400
2436+
2437+libvirt (4.0.0-1ubuntu12) cosmic; urgency=medium
2438+
2439+ * d/p/ubuntu-aa/lp1775777-vfio-usage-without-initial-hostdev.patch: fix
2440+ hotplug use cases where the initial guest had no hostdev at all and
2441+ therefore vrit-aa-helper did not allow /dev/vfio/vfio (LP: #1775777)
2442+
2443+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Tue, 12 Jun 2018 16:24:01 +0200
2444+
2445+libvirt (4.0.0-1ubuntu11) cosmic; urgency=medium
2446+
2447+ * SECURITY UPDATE: QEMU monitor DoS
2448+ - debian/patches/CVE-2018-1064.patch: add size limit to
2449+ src/qemu/qemu_agent.c.
2450+ - CVE-2018-1064
2451+ * SECURITY UPDATE: Speculative Store Bypass
2452+ - debian/patches/CVE-2018-3639-1.patch: define the 'ssbd' CPUID feature
2453+ bit in src/cpu/cpu_map.xml.
2454+ - debian/patches/CVE-2018-3639-2.patch: define the 'virt-ssbd' CPUID
2455+ feature bit in src/cpu/cpu_map.xml.
2456+ - CVE-2018-3639
2457+
2458+ -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Tue, 22 May 2018 10:55:56 -0400
2459+
2460+libvirt (4.0.0-1ubuntu10) cosmic; urgency=medium
2461+
2462+ * Fix nwfilters that set CTRL_IP_LEARNING set to dhcp failing with "An error
2463+ occurred, but the cause is unknown" due to a buffer being too small
2464+ for pcap with TPACKET_V3 enabled (LP: #1758037)
2465+ - debian/patches/ubuntu/lp-1758037-nwfilter-increase-pcap-buffer-size.patch
2466+
2467+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Wed, 09 May 2018 17:07:59 +0200
2468+
2469+libvirt (4.0.0-1ubuntu9) cosmic; urgency=medium
2470+
2471+ * debian/rules: disable the netcf backend. (LP: #1764314)
2472+ * debian/control: drop libnetcf from Build-Depends.
2473+
2474+ -- Mathieu Trudel-Lapierre <cyphermox@ubuntu.com> Wed, 09 May 2018 10:06:15 -0400
2475+
2476+libvirt (4.0.0-1ubuntu8) bionic; urgency=medium
2477+
2478+ * Fix clean shut down of guests on system shutdown (LP: #1764668)
2479+ - d/p/ubuntu/lp-1764668-do-not-report-unknown-guests.patch
2480+ - d/p/ubuntu/lp-1764668-fix-check_guests_shutdown-loop.patch
2481+
2482+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Tue, 24 Apr 2018 11:09:48 +0200
2483+
2484+libvirt (4.0.0-1ubuntu7) bionic; urgency=medium
2485+
2486+ * Fix nvdimm memory and passthrough input devices for hotplug via
2487+ domain security callbacks backporting upstream commits (LP: #1755153).
2488+ - d/p/ubuntu-aa/lp1755153-apparmor-add-Set-Restore-InputLabel.patch
2489+ - d/p/ubuntu-aa/lp1755153-apparmor-add-Set-Restore-MemoryLabel.patch
2490+ * Fix nvdimm memory and passthrough input devices in initial guest
2491+ description via virt-aa-helper (LP: #1757085).
2492+ - d/p/ubuntu-aa/lp1757085-virt-aa-helper-nvdimm-memory.patch
2493+ - d/p/ubuntu-aa/lp1757085-virt-aa-helper-passthrough-input.patch
2494+
2495+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Wed, 21 Mar 2018 08:30:47 +0100
2496+
2497+libvirt (4.0.0-1ubuntu6) bionic; urgency=medium
2498+
2499+ * Backport from recent upstream to stabilize libvirt (LP: #1756915)
2500+ - d/p/stable/0033-qemu-Fix-comparison-assignment-in-qemuDomainUpdateDe.patch
2501+ - d/p/stable/0034-qemu-Fix-memory-leak-in-qemuConnectGetAllDomainStats.patch
2502+ - d/p/stable/0035-libvirtd-fix-potential-deadlock-when-reloading.patch
2503+ - d/p/stable/0036-qemu-Use-correct-bus-type-for-input-devices.patch
2504+ - d/p/stable/0037-qemu-hostdev-Fix-the-error-on-VM-start-with-an-mdev-.patch
2505+ - d/p/stable/0038-conf-Fix-crash-in-virDomainDefCompatibleDevice.patch
2506+ * d/p/ubuntu/lp1688508-tools-fix-variable-scope-in-in-check_guests_shutdown:
2507+ avoid issues shutting down more guests than configured for parallel
2508+ shutdown (LP: #1688508)
2509+ * d/p/ubuntu-aa/lp1756394-virt-aa-helper-resolve-file-symlinks.patch: fix
2510+ using devices that are symlinks (LP: #1756394)
2511+
2512+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Mon, 19 Mar 2018 14:57:08 +0100
2513+
2514+libvirt (4.0.0-1ubuntu5) bionic; urgency=medium
2515+
2516+ * run dnsmasq as libvirt-dnsmasq (LP: #1743718)
2517+ - d/libvirt-daemon-system.postinst: add libvirt-dnsmasq user and group
2518+ - d/libvirt-daemon-system.postrm: remove libvirt-dnsmasq user and group on
2519+ purge
2520+ - d/p/ubuntu/dnsmasq-as-priv-user: write dnsmas config with user
2521+ libvirt-dnsmasq and adapt the self tests to expect that config
2522+ - d/libvirt-daemon-system.postinst: fix old libvirt-dnsmasq users
2523+ * Backport from recent upstream to stabilize libvirt (LP: #1754352)
2524+ - d/p/stable/0024-qemu-blockcopy-Add-check-for-bandwidth.patch
2525+ - d/p/stable/0025-conf-move-generated-member-from-virMacAddr-to-virDom.patch
2526+ - d/p/stable/0026-lxc-Drop-useless-check-in-live-device-update.patch
2527+ - d/p/stable/0027-Pass-oldDev-to-virDomainDefCompatibleDevice-on-devic.patch
2528+ - d/p/stable/0028-qemu-Fix-updating-device-with-boot-order.patch
2529+ - d/p/stable/0030-daemon-fix-rpc-event-leak-on-error-path-in-remoteDis.patch
2530+ - d/p/stable/0029-lxc-fix-rpc-event-leak-on-error-path-in-virLXCContro.patch
2531+ - d/p/stable/0031-qemu-fix-memory-leak-of-vporttype-during-migration.patch
2532+ - d/p/stable/0032-virsh-fixing-segfault-by-pool-autocompleter-function.patch
2533+ * d/p/ubuntu-aa/0041-apparmor-add-ro-rule-for-sasl-GSSAPI-
2534+ plugin-on-etc-g.patch fix issues if sasl is configured (LP: #1696471)
2535+ * d/p/ubuntu-aa/0042-virt-aa-helper-resolve-yet-to-be-created-paths.patch
2536+ ensure symlinks are resolved to get valid rules if interim parts of a path
2537+ are a symlink (LP: #1752361)
2538+
2539+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Tue, 27 Feb 2018 12:04:02 +0100
2540+
2541+libvirt (4.0.0-1ubuntu4) bionic; urgency=medium
2542+
2543+ * d/p/ubuntu/lp1688508-tools-avoid-text-spilling-into-variables.patch:
2544+ avoid hanging on shutdown (LP: #1688508)
2545+
2546+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Fri, 23 Feb 2018 16:43:19 +0100
2547+
2548+libvirt (4.0.0-1ubuntu3) bionic; urgency=medium
2549+
2550+ [ Christian Ehrhardt ]
2551+ * Backport of 23 bug fixes from recent upstream to stabilize libvirt on 18.04
2552+ - d/p/stable/0001-Revert-qemu-monitor-do-not-report-error-on-shutdown.patch
2553+ - d/p/stable/0002-nodedev-Fix-failing-to-parse-PCI-address-for-non-PCI.patch
2554+ - d/p/stable/0003-qemu-assign-correct-type-of-PCI-address-for-vhost-sc.patch
2555+ - d/p/stable/0004-qemu-Refresh-caps-cache-after-booting-a-different-ke.patch
2556+ - d/p/stable/0005-qemu-auto-add-generic-xhci-rather-than-NEC-xhci-to-Q.patch
2557+ - d/p/stable/0006-libvirtd-Explicit-dependency-on-systemd-machined.patch
2558+ - d/p/stable/0007-rpc-fix-race-sending-and-encoding-sasl-data.patch
2559+ - d/p/stable/0008-vhost-user-add-support-reconnect-for-vhost-user-port.patch
2560+ - d/p/stable/0009-qemu-Fix-memory-leak-in-processGuestPanicEvent.patch
2561+ - d/p/stable/0010-storage-util-Properly-ignore-errors-when-backing-vol.patch
2562+ - d/p/stable/0011-conf-Use-correct-attribute-name-in-error-message.patch
2563+ - d/p/stable/0012-util-json-Add-helper-to-return-string-or-number-prop.patch
2564+ - d/p/stable/0013-util-storage-Parse-lun-for-iSCSI-protocol-from-JSON-.patch
2565+ - d/p/stable/0014-virsh-Offer-only-persistent-domains-for-autostart.patch
2566+ - d/p/stable/0015-blockjob-Fix-a-error-checking-of-blockjob-status-in-.patch
2567+ - d/p/stable/0016-qemu-Expose-rx-tx_queue_size-in-qemu.conf-too.patch
2568+ - d/p/stable/0017-qemu-migration-Refresh-device-information-after-tran.patch
2569+ - d/p/stable/0018-qemuDomainRemoveMemoryDevice-unlink-memory-backing-f.patch
2570+ - d/p/stable/0019-vbox-fix-SEGV-during-dumpxml-of-a-serial-port.patch
2571+ - d/p/stable/0020-qemu-Initialize-priv-in-qemuDomainCoreDumpWithFormat.patch
2572+ - d/p/stable/0021-fix-regex-to-check-CN-from-server-certificate.patch
2573+ - d/p/stable/0022-storage-Fix-formatting-and-parsing-of-qemu-type-Unix.patch
2574+ - d/p/stable/0023-util-storage-Remove-detected-authentication-data-for.patch
2575+ * d/rules: enable build time self tests on all architectures
2576+
2577+ [ Marc Deslauriers ]
2578+ * SECURITY UPDATE: code injection via libnss_dns.so
2579+ - debian/patches/CVE-2018-6764-1.patch: determine the hostname on
2580+ startup in src/util/virlog.c.
2581+ - debian/patches/CVE-2018-6764-2.patch: fix syntax-check in
2582+ src/util/virlog.c.
2583+ - debian/patches/CVE-2018-6764-3.patch: fix deadlock obtaining hostname
2584+ in cfg.mk, src/util/virlog.c.
2585+ - CVE-2018-6764
2586+
2587+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Mon, 19 Feb 2018 14:18:44 +0100
2588+
2589+libvirt (4.0.0-1ubuntu2) bionic; urgency=medium
2590+
2591+ * d/p/ubuntu-aa/0025-apparmor-fix-newer-virt-manager-1.4.0.patch: refreshed
2592+ as libvirt 4.0 needs a reversed rule for openGraphicsFD (LP: #1747442)
2593+ - refreshed 0032 and 0040 to match the new context.
2594+ * d/p/ubuntu/virt-aa-helper-Set-the-supported-features.patch: allow parsing
2595+ of memory slots and other extended features without breaking
2596+ virt-aa-helper (LP: #1746431).
2597+
2598+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Fri, 02 Feb 2018 07:31:17 +0100
2599+
2600+libvirt (4.0.0-1ubuntu1) bionic; urgency=medium
2601+
2602+ * Merged with Debian unstable (4.0)
2603+ This closes several bugs:
2604+ - Error generating apparmor profile when hostname contains spaces
2605+ (LP: #799997)
2606+ - qemu 2.10 locks files, libvirt shared now sets share-rw=on (LP: #1716028)
2607+ - libvirt usb passthrough throws apparmor denials related to
2608+ /run/udev/data/+usb (LP: #1727311)
2609+ - AppArmor denies access to /sys/block/*/queue/max_segments (LP: #1729626)
2610+ - iohelper improvements to let bypass-cache work without opening up the
2611+ apparmor isolation (LP: #1719579)
2612+ - nodeinfo on s390x to contain more CPU info (LP: #1733688)
2613+ - Upgrade libvirt >= 4.0 (LP: #1745934)
2614+ * Remaining changes:
2615+ - Disable libssh2 support (universe dependency)
2616+ - Disable firewalld support (universe dependency)
2617+ - Disable selinux
2618+ - Set qemu-group to kvm (for compat with older ubuntu)
2619+ - Additional apport package-hook
2620+ - Modifications to adapt for our delayed switch away from libvirt-bin (can
2621+ be dropped >18.04).
2622+ + d/p/ubuntu/libvirtd-service-add-bin-alias.patch: systemd: define alias
2623+ to old service name so that old references work
2624+ + d/p/ubuntu/libvirtd-init-add-bin-alias.patch: sysv init: define alias
2625+ to old service name so that old references work
2626+ + d/control: transitional package with the old name and maintainer
2627+ scripts to handle the transition
2628+ - Backwards compatible handling of group rename (can be dropped >18.04).
2629+ - config details and autostart of default bridged network. Creating that is
2630+ now the default in general, yet our solution provides the following on
2631+ top as of today:
2632+ + autostart the default network by default
2633+ + do not autostart if subnet is already taken (e.g. in guests).
2634+ - d/p/ubuntu/Allow-libvirt-group-to-access-the-socket.patch: This is
2635+ the group based access to libvirt functions as it was used in Ubuntu
2636+ for quite long.
2637+ + d/p/ubuntu/daemon-augeas-fix-expected.patch fix some related tests
2638+ due to the group access change.
2639+ - ubuntu/parallel-shutdown.patch: set parallel shutdown by default.
2640+ - d/p/ubuntu/enable-kvm-spice.patch: compat with older Ubuntu qemu/kvm
2641+ which provided a separate kvm-spice.
2642+ - d/p/ubuntu/ubuntu-libxl-qemu-path.patch: this change was split. The
2643+ section that adapts the path of the emulator to the Debian/Ubuntu
2644+ packaging is kept.
2645+ - d/p/ubuntu/ubuntu-libxl-Fix-up-VRAM-to-minimum-requirements.patch: auto
2646+ set VRAM to minimum requirements
2647+ - d/p/ubuntu/xen-default-uri.patch: set default URI on xen hosts
2648+ - Add libxl log directory
2649+ - libvirt-uri.sh: Automatically switch default libvirt URI for users on
2650+ Xen dom0 via user profile (was missing on changelogs before)
2651+ - d/p/ubuntu/apibuild-skip-libvirt-common.h: drop libvirt-common.h from
2652+ included_files to avoid build failures due to duplicate definitions.
2653+ - Update README.Debian with Ubuntu changes
2654+ - Convert libvirt0, libnss_libvirt and libvirt-dev to multi-arch.
2655+ - Enable some additional features on ppc64el and s390x (for arch parity)
2656+ + systemtap, zfs, numa and numad on s390x.
2657+ + systemtap on ppc64el.
2658+ - fix conffile upgrade handling to avoid obsolete files
2659+ and inactive duplicates (LP 1694159)
2660+ - d/t/control, d/t/smoke-qemu-session: fixup smoke-qemu-session by making
2661+ vmlinuz available and accessible (Debian bug 848314)
2662+ - d/test/smoke-lxc workaround for debbug 848317/867379
2663+ - d/t/control, d/t/smoke-lxc: fix up lxc smoke test (Debian bug 848317)
2664+ - Add dnsmasq configuration to work with system wide dnsmasq (drop >18.04,
2665+ no more UCA onto Xenial then which has global dnsmasq by default).
2666+ - d/p/ubuntu/ubuntu_machine_type.patch: accept ubuntu types as pci440fx
2667+ - conffile handling of files dropped in 3.5 (can be dropped >18.04)
2668+ + /etc/init.d/virtlockd was sysv init only
2669+ + /etc/apparmor.d/local/usr.sbin.libvirtd and
2670+ /etc/apparmor.d/local/usr.lib.libvirt.virt-aa-helper are now generated
2671+ by dh_apparmor as needed
2672+ - Reworked apparmor Delta, especially the more complex delta is dropped
2673+ now, also our former delta is now split into logical pieces, has
2674+ improved comments and is part of a continuous upstreaming effort.
2675+ Listing related remaining changes:
2676+ + d/p/0001-apparmor-Allow-pygrub-to-run-on-Debian-Ubuntu.patch: apparmor:
2677+ Allow pygrub to run on Debian/Ubuntu
2678+ + d/p/0003-apparmor-libvirt-qemu-Allow-read-access-to-overcommi.patch:
2679+ apparmor, libvirt-qemu: Allow read access to overcommit_memory
2680+ + d/p/0007-apparmor-libvirt-qemu-Allow-owner-read-access-to-PRO.patch:
2681+ apparmor, libvirt-qemu: Allow owner read access to @{PROC}/*/auxv
2682+ + d/p/0017-apparmor-virt-aa-helper-Allow-access-to-tmp-director.patch:
2683+ apparmor, virt-aa-helper: Allow access to tmp directories
2684+ + d/p/ubuntu-aa/0020-virt-aa-helper-ubuntu-storage-paths.patch:
2685+ apparmor, virt-aa-helper: Allow various storage pools and image
2686+ locations
2687+ + d/p/0021-apparmor-virt-aa-helper-Add-openvswitch-support.patch:
2688+ apparmor, virt-aa-helper: Add openvswitch support
2689+ + d/p/0025-apparmor-fix-newer-virt-manager-1.4.0.patch: Add Apparmor
2690+ permissions so virt-manager 1.4.0 viewing works (LP 1668681).
2691+ + d/p/0029-appmor-libvirt-qemu-Add-9p-support.patch: appmor,
2692+ libvirt-qemu: Add 9p support
2693+ + d/p/0030-virt-aa-helper-Complete-9p-support.patch: virt-aa-helper:
2694+ add l to 9p file options.
2695+ + d/p/0031-virt-aa-helper-Ask-for-no-deny-rule-for-readonly-dis.patch:
2696+ virt-aa-helper: Ask for no deny rule for readonly disk (renamed and
2697+ reworded, was virt-aa-helper-no-explicity-deny-for-basefiles.patch)
2698+ + d/p/0032-apparmor-libvirt-qemu-Allow-reading-charm-specific-c.patch:
2699+ apparmor, libvirt-qemu: Allow reading charm-specific ceph config
2700+ + d/p/0033-UBUNTU-only-apparmor-for-kvm.powerpc-LP-1680384.patch: allow
2701+ commands executed by ubuntu only kvm wrapper on ppc64el (LP 1686621).
2702+ + d/p/0034-apparmor-virt-aa-helper-access-for-snapped-nova.patch:
2703+ apparmor, virt-aa-helper: access for snapped nova
2704+ * Dropped Changes (Upstream):
2705+ - d/p/0005-apparmor-libvirt-qemu-Allow-use-of-sgabios.patch: apparmor,
2706+ libvirt-qemu: Allow use of sgabios
2707+ - d/p/0006-apparmor-libvirt-qemu-Silence-lttng-related-deny-mes.patch:
2708+ apparmor, libvirt-qemu: Silence lttng related deny messages
2709+ - d/p/0008-apparmor-libvirt-qemu-Allow-read-access-to-sysfs-sys.patch:
2710+ apparmor, libvirt-qemu: Allow read access to sysfs system info
2711+ - d/p/0009-apparmor-libvirt-qemu-Allow-read-access-to-max_mem_r.patch:
2712+ apparmor, libvirt-qemu: Allow read access to max_mem_regions
2713+ - d/p/0010-apparmor-libvirt-qemu-Allow-qemu-block-extra-librari.patch:
2714+ apparmor, libvirt-qemu: Allow qemu-block-extra libraries
2715+ - d/p/0012-apparmor-libvirtd-Allow-access-to-netlink-sockets.patch:
2716+ apparmor, libvirtd: Allow access to netlink sockets
2717+ - d/p/0013-apparmor-Add-rules-for-mediation-support.patch:
2718+ apparmor: Add rules for mediation support
2719+ - d/p/0015-apparmor-virt-aa-helper-Allow-access-to-ecryptfs-fil.patch:
2720+ apparmor, virt-aa-helper: Allow access to ecryptfs files
2721+ - d/p/0016-apparmor-libvirtd-Allow-ixr-to-var-lib-libvirt-virtd.patch:
2722+ apparmor, libvirtd: Allow ixr to /var/lib/libvirt/virtd*
2723+ - d/p/0018-apparmor-virt-aa-helper-Add-ipv6-network-policy.patch:
2724+ apparmor, virt-aa-helper: Add ipv6 network policy
2725+ - d/p/0019-apparmor-virt-aa-helper-Allow-access-to-sys-bus-usb-.patch:
2726+ apparmor, virt-aa-helper: Allow access to /sys/bus/usb/devices
2727+ - d/p/0023-apparmor-qemu-won-t-call-qemu-nbd.patch: apparmor: qemu
2728+ won't call qemu-nbd
2729+ - d/p/0027-apparmor-allow-reading-cmdline-of-shutdown-signal.patch:
2730+ apparmor: allow to parse cmdline of the pid that send the shutdown
2731+ signal (LP 1680384).
2732+ - d/p/0028-apparmor-add-default-pki-path-of-lbvirt-spice.patch:
2733+ apparmor: add default pki path of lbvirt-spice (LP 1690140)
2734+ - d/p/ubuntu-aa/0035-virt-aa-helper-locking-disk-files-for-qemu-2.10.patch:
2735+ for compatibility with the behavior of qemu 2.10 this adds locking
2736+ permission to rules generated for disk files (LP 1709818)
2737+ - d/p/ubuntu-aa/0036-virt-aa-helper-locking-loader-nvram-for-qemu-2.10.patch:
2738+ for compatibility with the behavior of qemu 2.10 this adds locking
2739+ permission to rules generated for loader/nvram (LP 1710960)
2740+ - d/p/ubuntu-aa/0037-virt-aa-helper...: grant locking permission on append
2741+ files (LP 1726804)
2742+ - d/p/ubuntu-aa/0038-virt-aa-helper-fix-paths-for-usb-hostdevs.patch:
2743+ fix path generation for USB host devices (LP 1552241)
2744+ - d/p/ubuntu-aa/0039-virt-aa-helper-fix-libusb-access-to-udev-usb-data.patch:
2745+ generate valid rules on usb passthrough (LP 1686324)
2746+ - d/p/avoid-double-locking.patch: fix a deadlock that could occur when
2747+ libvirtd interactions raced with dbus causing a deadlock (LP 1714254).
2748+ - d/p/u/gnulib-getopt-posix-Fix-build-failure-when-using-ac_cv_head.patch:
2749+ fix FTBFS with glibc 2.26 (LP 1718668)
2750+ - Extended handling of apparmor profiles - clear lost profiles via cron
2751+ (now cleared by virt-aa-helper on domain stop)
2752+ - nat only on some ports <port start='1024' end='65535'/> (upstream
2753+ default now if nothing is specified, actually dropped last cycle)
2754+ * Dropped Changes (In Debian or no more important):
2755+ - d/p/0002-apparmor-libvirt-qemu-Allow-macvtap-access.patch: apparmor,
2756+ libvirt-qemu: Allow macvtap access
2757+ - d/p/0004-apparmor-Explicit-deny-for-setpcap.patch: apparmor: Explicit
2758+ deny for setpcap (LP 522845).
2759+ - d/p/0014-apparmor-virt-aa-helper-Improve-comment-about-backin.patch:
2760+ apparmor, virt-aa-helper: Improve comment about backing store
2761+ - d/p/0022-apparmor-drop-references-to-qemu-kvm.patch: apparmor: drop
2762+ references to qemu-kvm
2763+ - d/p/0024-apparmor-virt-aa-helper-Allow-access-to-name-service.patch:
2764+ apparmor, virt-aa-helper: Allow access to name services
2765+ - d/p/0026-apparmor-add-generic-base-vfio-device.patch: apparmor: add
2766+ /dev/vfio for vf (hot) attach (LP 1680384) (added by virt-aa-helper per
2767+ guest if needed).
2768+ - d/p/0011-apparmor-libvirt-qemu-Allow-access-to-hugepage-mount.patch:
2769+ apparmor, libvirt-qemu: Allow access to hugepage mounts
2770+ - Disable sheepdog (was for universe dependency, but is now only a suggest)
2771+ - d/p/ubuntu/storage-disable-gluster-test: gluster not enabled, skip test
2772+ * Dropped Changes (In Debian/Upstream now based on interim 3.10 work) some of
2773+ these were never released, but important to mention for the bug references:
2774+ - libnss-libvirt once enabled causes apt to call getdents
2775+ avoid this being an issue by dropping a apt conf that allows
2776+ this in seccomp (LP: #1732030).
2777+ - d/libvirt-daemon-system.postrm: clean up more libvirt directories on
2778+ purge
2779+ - d/p/ubuntu-aa/0041-apparmor-allow-unix-stream-for-p2p-migrations.patch:
2780+ apparmor: allow unix stream for p2p migrations
2781+ - d/p/ubuntu-aa/0043-security-apparmor-implement-domainSetPathLabel.patch:
2782+ this replaces the hugepage rules and fixes many more formerly missing
2783+ - d/p/ubuntu-aa/0044-security-full-path-option-for-DomainSetPathLabel.patch:
2784+ allowing to have path wildcards on labels set by domain callbacks
2785+ - d/p/ubuntu-aa/0045-security-apparmor-add-Set-Restore-ChardevLabel.patch:
2786+ apparmor implementation of security callback
2787+ - d/p/ubuntu-aa/0046-apparmor-virt-aa-helper-drop-static-channel-rule.patch:
2788+ this is now covered by chardev label callbacks
2789+ * Added Changes:
2790+ - Revert Debian change "Drop libvirt-bin upgrade handling"
2791+ This is needed in Ubuntu one last time (drop >18.04)
2792+ - Revert Debian change "Drop maintscript helpers for versions predating
2793+ jessie and wheezy-backports". This is needed in Ubuntu one last
2794+ time (drop >18.04)
2795+ - Refreshed d/p/* to match new version (only fuzz, no semantic change)
2796+ - d/libvirt-daemon-system.postrm: change order of libvirt-qemu removal
2797+ to avoid error messages on purge
2798+ - remove no more used libvirt-dnsmasq user (drop >18.04)
2799+ - d/p/ubuntu-aa/0040-apparmor-add-mediation-rules-for-unconfined.patch:
2800+ apparmor: add mediation rules for unconfined guests
2801+ - d/p/ubuntu-aa/0042-security-introduce-virSecurityManager-Set-Restore-Ch
2802+ .patch: backport upstream cahnge to expose already used chardev calls.
2803+ - d/libvirt-daemon-system.postrm: Remove the default.xml network link
2804+ set up by postinst.
2805+ - d/libvirt-daemon-system.maintscript: remove the now dropped conffile
2806+ /etc/cron.daily/libvirt-daemon-system
2807+ - d/libvirt-daemon-system.postinst: fixups for autostart default network
2808+ - use modern shell syntax
2809+ - try more default networks before giving up to enable by default
2810+ - d/p/ubuntu-aa/0020-virt-aa-helper-ubuntu-storage-paths.patch:
2811+ add multipass image path and mark as ubuntu only change.
2812+ - d/rules: install virtlockd correctly with defaults file (LP: #1729516)
2813+ - extended d/p/0025-apparmor-fix-newer-virt-manager-1.4.0.patch to cover
2814+ the slightly changed behavior of libvirt 4.0 (LP: #1741617)
2815+ - d/control: make libvirt-daemon-driver-storage-rbd a recommend instead of
2816+ just a suggest to have 3rd party relying on rbd out of the box working.
2817+ This is deprecated and users of rbd backend should start depending on
2818+ this package for it will be dropped to a suggest in future releases.
2819+
2820+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Thu, 14 Dec 2017 14:15:55 +0100
2821+
2822 libvirt (4.0.0-1) unstable; urgency=medium
2823
2824 * [5936904] New upstream version 4.0.0
2825@@ -1354,6 +4072,206 @@ libvirt (3.7.0-1) unstable; urgency=medium
2826
2827 -- Guido GΓΌnther <agx@sigxcpu.org> Fri, 08 Sep 2017 14:52:38 +0200
2828
2829+libvirt (3.6.0-1ubuntu6) artful; urgency=medium
2830+
2831+ * d/p/ubuntu-aa/0037-virt-aa-helper...: grant locking permission on append
2832+ files (LP: #1726804)
2833+ * d/p/ubuntu-aa/0038-virt-aa-helper-fix-paths-for-usb-hostdevs.patch:
2834+ fix path generation for USB host devices (LP: #1552241)
2835+ * d/p/ubuntu-aa/0039-virt-aa-helper-fix-libusb-access-to-udev-usb-data.patch:
2836+ generate valid rules on usb passthrough (LP: #1686324)
2837+
2838+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Tue, 24 Oct 2017 14:30:34 +0200
2839+
2840+libvirt (3.6.0-1ubuntu5) artful; urgency=medium
2841+
2842+ * d/p/u/gnulib-getopt-posix-Fix-build-failure-when-using-ac_cv_head.patch:
2843+ fix FTBFS with glibc 2.26 (LP: #1718668)
2844+
2845+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Thu, 28 Sep 2017 08:18:10 -0400
2846+
2847+libvirt (3.6.0-1ubuntu4) artful; urgency=medium
2848+
2849+ * d/p/avoid-double-locking.patch: fix a deadlock that could occur when
2850+ libvirtd interactions raced with dbus causing a deadlock (LP: #1714254).
2851+
2852+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Fri, 01 Sep 2017 10:29:35 +0200
2853+
2854+libvirt (3.6.0-1ubuntu3) artful; urgency=medium
2855+
2856+ * No change rebuild for Qemu 2.10 and Xen 4.9
2857+
2858+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Mon, 21 Aug 2017 10:34:13 +0200
2859+
2860+libvirt (3.6.0-1ubuntu2) artful; urgency=medium
2861+
2862+ * d/p/ubuntu-aa/0036-virt-aa-helper-locking-loader-nvram-for-qemu-2.10.patch:
2863+ for compatibility with the behavior of qemu 2.10 this adds locking
2864+ permission to rules generated for loader/nvram (LP: #1710960)
2865+
2866+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Thu, 17 Aug 2017 10:00:19 +0200
2867+
2868+libvirt (3.6.0-1ubuntu1) artful; urgency=medium
2869+
2870+ * Merged with Debian unstable (3.6)
2871+ This closes several bugs:
2872+ - aarch64: improved chardev handling (LP: #1697610)
2873+ - Forbid locking memory without memtune (LP: #1708305)
2874+ * Remaining changes:
2875+ - Disable sheepdog (universe dependency)
2876+ - Disable libssh2 support (universe dependency)
2877+ - Disable firewalld support (universe dependency)
2878+ - Disable selinux
2879+ - Set qemu-group to kvm (for compat with older ubuntu)
2880+ - Regularly clear AppArmor profiles for vms that no longer exist
2881+ - Additional apport package-hook
2882+ - Modifications to adapt for our delayed switch away from libvirt-bin (can
2883+ be dropped >18.04).
2884+ + d/p/ubuntu/libvirtd-service-add-bin-alias.patch: systemd: define alias
2885+ to old service name so that old references work
2886+ + d/p/ubuntu/libvirtd-init-add-bin-alias.patch: sysv init: define alias
2887+ to old service name so that old references work
2888+ + d/control: transitional package with the old name and maintainer
2889+ scripts to handle the transition
2890+ - Backwards compatible handling of group rename (can be dropped >18.04).
2891+ - config details and autostart of default bridged network. Creating that is
2892+ now the default in general, yet our solution provides the following on
2893+ top as of today:
2894+ + nat only on some ports <port start='1024' end='65535'/>
2895+ + autostart the default network by default
2896+ + do not autostart if 192.168.122.0 is already taken (e.g. in containers)
2897+ - d/p/ubuntu/Allow-libvirt-group-to-access-the-socket.patch: This is
2898+ the group based access to libvirt functions as it was used in Ubuntu
2899+ for quite long.
2900+ + d/p/ubuntu/daemon-augeas-fix-expected.patch fix some related tests
2901+ due to the group access change.
2902+ - ubuntu/parallel-shutdown.patch: set parallel shutdown by default.
2903+ - d/p/ubuntu/enable-kvm-spice.patch: compat with older Ubuntu qemu/kvm
2904+ which provided a separate kvm-spice.
2905+ - d/p/ubuntu/storage-disable-gluster-test: gluster not enabled, skip test
2906+ - d/p/ubuntu/ubuntu-libxl-qemu-path.patch: this change was split. The
2907+ section that adapts the path of the emulator to the Debian/Ubuntu
2908+ packaging is kept.
2909+ - d/p/ubuntu/ubuntu-libxl-Fix-up-VRAM-to-minimum-requirements.patch: auto
2910+ set VRAM to minimum requirements
2911+ - d/p/ubuntu/xen-default-uri.patch: set default URI on xen hosts
2912+ - Add libxl log directory
2913+ - libvirt-uri.sh: Automatically switch default libvirt URI for users on
2914+ Xen dom0 via user profile (was missing on changelogs before)
2915+ - d/p/ubuntu/apibuild-skip-libvirt-common.h: drop libvirt-common.h from
2916+ included_files to avoid build failures due to duplicate definitions.
2917+ - Update README.Debian with Ubuntu changes
2918+ - Convert libvirt0, libnss_libvirt and libvirt-dev to multi-arch.
2919+ - Enable some additional features on ppc64el and s390x (for arch parity)
2920+ + systemtap, zfs, numa and numad on s390x.
2921+ + systemtap on ppc64el.
2922+ - fix conffile upgrade handling to avoid obsolete files
2923+ and inactive duplicates (LP 1694159)
2924+ - d/t/control, d/t/smoke-qemu-session: fixup smoke-qemu-session by making
2925+ vmlinuz available and accessible (Debian bug 848314)
2926+ - d/test/smoke-lxc workaround for debbug 848317/867379
2927+ - d/t/control, d/t/smoke-lxc: fix up lxc smoke test (Debian bug 848317)
2928+ - Extended handling of apparmor profiles - clear lost profiles via cron
2929+ - Add dnsmasq configuration to work with system wide dnsmasq (drop >18.04,
2930+ no more UCA onto Xenial then which has global dnsmasq by default).
2931+ - d/p/ubuntu/ubuntu_machine_type.patch: accept ubuntu types as pci440fx
2932+ - conffile handling of files dropped in 3.5 (can be dropped >18.04)
2933+ + /etc/init.d/virtlockd was sysv init only
2934+ + /etc/apparmor.d/local/usr.sbin.libvirtd and
2935+ /etc/apparmor.d/local/usr.lib.libvirt.virt-aa-helper are now generated
2936+ by dh_apparmor as needed
2937+ - Reworked apparmor Delta, especially the more complex delta is dropped
2938+ now, also our former delta is now split into logical pieces, has
2939+ improved comments and is part of a continuous upstreaming effort.
2940+ Listing related remaining changes:
2941+ + d/p/0001-apparmor-Allow-pygrub-to-run-on-Debian-Ubuntu.patch: apparmor:
2942+ Allow pygrub to run on Debian/Ubuntu
2943+ + d/p/0002-apparmor-libvirt-qemu-Allow-macvtap-access.patch: apparmor,
2944+ libvirt-qemu: Allow macvtap access
2945+ + d/p/0003-apparmor-libvirt-qemu-Allow-read-access-to-overcommi.patch:
2946+ apparmor, libvirt-qemu: Allow read access to overcommit_memory
2947+ + d/p/0004-apparmor-Explicit-deny-for-setpcap.patch: apparmor: Explicit
2948+ deny for setpcap
2949+ + d/p/0005-apparmor-libvirt-qemu-Allow-use-of-sgabios.patch: apparmor,
2950+ libvirt-qemu: Allow use of sgabios
2951+ + d/p/0006-apparmor-libvirt-qemu-Silence-lttng-related-deny-mes.patch:
2952+ apparmor, libvirt-qemu: Silence lttng related deny messages
2953+ + d/p/0007-apparmor-libvirt-qemu-Allow-owner-read-access-to-PRO.patch:
2954+ apparmor, libvirt-qemu: Allow owner read access to @{PROC}/*/auxv
2955+ + d/p/0008-apparmor-libvirt-qemu-Allow-read-access-to-sysfs-sys.patch:
2956+ apparmor, libvirt-qemu: Allow read access to sysfs system info
2957+ + d/p/0009-apparmor-libvirt-qemu-Allow-read-access-to-max_mem_r.patch:
2958+ apparmor, libvirt-qemu: Allow read access to max_mem_regions
2959+ + d/p/0010-apparmor-libvirt-qemu-Allow-qemu-block-extra-librari.patch:
2960+ apparmor, libvirt-qemu: Allow qemu-block-extra libraries
2961+ + d/p/0011-apparmor-libvirt-qemu-Allow-access-to-hugepage-mount.patch:
2962+ apparmor, libvirt-qemu: Allow access to hugepage mounts
2963+ + d/p/0012-apparmor-libvirtd-Allow-access-to-netlink-sockets.patch:
2964+ apparmor, libvirtd: Allow access to netlink sockets
2965+ + d/p/0013-apparmor-Add-rules-for-mediation-support.patch:
2966+ apparmor: Add rules for mediation support
2967+ + d/p/0014-apparmor-virt-aa-helper-Improve-comment-about-backin.patch:
2968+ apparmor, virt-aa-helper: Improve comment about backing store
2969+ + d/p/0015-apparmor-virt-aa-helper-Allow-access-to-ecryptfs-fil.patch:
2970+ apparmor, virt-aa-helper: Allow access to ecryptfs files
2971+ + d/p/0016-apparmor-libvirtd-Allow-ixr-to-var-lib-libvirt-virtd.patch:
2972+ apparmor, libvirtd: Allow ixr to /var/lib/libvirt/virtd*
2973+ + d/p/0017-apparmor-virt-aa-helper-Allow-access-to-tmp-director.patch:
2974+ apparmor, virt-aa-helper: Allow access to tmp directories
2975+ + d/p/0018-apparmor-virt-aa-helper-Add-ipv6-network-policy.patch:
2976+ apparmor, virt-aa-helper: Add ipv6 network policy
2977+ + d/p/0019-apparmor-virt-aa-helper-Allow-access-to-sys-bus-usb-.patch:
2978+ apparmor, virt-aa-helper: Allow access to /sys/bus/usb/devices
2979+ + d/p/0020-apparmor-virt-aa-helper-Allow-various-storage-pools-.patch:
2980+ apparmor, virt-aa-helper: Allow various storage pools and image
2981+ locations
2982+ + d/p/0021-apparmor-virt-aa-helper-Add-openvswitch-support.patch:
2983+ apparmor, virt-aa-helper: Add openvswitch support
2984+ + d/p/0022-apparmor-drop-references-to-qemu-kvm.patch: apparmor: drop
2985+ references to qemu-kvm
2986+ + d/p/0023-apparmor-qemu-won-t-call-qemu-nbd.patch: apparmor: qemu
2987+ won't call qemu-nbd
2988+ + d/p/0024-apparmor-virt-aa-helper-Allow-access-to-name-service.patch:
2989+ apparmor, virt-aa-helper: Allow access to name services
2990+ + d/p/0025-apparmor-fix-newer-virt-manager-1.4.0.patch: Add Apparmor
2991+ permissions so virt-manager 1.4.0 viewing works (LP 1668681).
2992+ + d/p/0026-apparmor-add-generic-base-vfio-device.patch: apparmor: add
2993+ /dev/vfio for vf (hot) attach (LP 1680384).
2994+ + d/p/0027-apparmor-allow-reading-cmdline-of-shutdown-signal.patch:
2995+ apparmor: allow to parse cmdline of the pid that send the shutdown
2996+ signal (LP 1680384).
2997+ + d/p/0028-apparmor-add-default-pki-path-of-lbvirt-spice.patch:
2998+ apparmor: add default pki path of lbvirt-spice (LP 1690140)
2999+ + d/p/0029-appmor-libvirt-qemu-Add-9p-support.patch: appmor,
3000+ libvirt-qemu: Add 9p support
3001+ + d/p/0030-virt-aa-helper-Complete-9p-support.patch: virt-aa-helper:
3002+ add l to 9p file options.
3003+ + d/p/0031-virt-aa-helper-Ask-for-no-deny-rule-for-readonly-dis.patch:
3004+ virt-aa-helper: Ask for no deny rule for readonly disk (renamed and
3005+ reworded, was virt-aa-helper-no-explicity-deny-for-basefiles.patch)
3006+ + d/p/0032-apparmor-libvirt-qemu-Allow-reading-charm-specific-c.patch:
3007+ apparmor, libvirt-qemu: Allow reading charm-specific ceph config
3008+ + d/p/0033-UBUNTU-only-apparmor-for-kvm.powerpc-LP-1680384.patch: allow
3009+ commands executed by ubuntu only kvm wrapper on ppc64el (LP 1686621).
3010+ + d/p/0034-apparmor-virt-aa-helper-access-for-snapped-nova.patch:
3011+ apparmor, virt-aa-helper: access for snapped nova
3012+ * Dropped Changes (Upstream):
3013+ - d/p/ubuntu/fix-libxl-default-driver-name.patch: avoid an issue with
3014+ default driver entries missing name='qemu'.
3015+ - d/p/u/aa-helper-Properly-link-with-storage-driver.patch (LP 1704782)
3016+ Fix to be able to follow BackinStorage chains when creating per
3017+ guest apparmor rules.
3018+ * Dropped Changes (In Debian):
3019+ - Enable esx support
3020+ + Add build-dep to libcurl4-gnutls-dev (required for esx)
3021+ * Added Changes:
3022+ - d/p/ubuntu-aa/0035-virt-aa-helper-locking-disk-files-for-qemu-2.10.patch:
3023+ for compatibility with the behavior of qemu 2.10 this adds locking
3024+ permission to rules generated for disk files (LP: #1709818)
3025+
3026+
3027+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Thu, 10 Aug 2017 12:44:47 +0200
3028+
3029 libvirt (3.6.0-1) unstable; urgency=medium
3030
3031 * [ece8d56] New upstream version 3.6.0 (Closes: #870626)
3032@@ -1370,6 +4288,264 @@ libvirt (3.6.0-1) unstable; urgency=medium
3033
3034 -- Guido GΓΌnther <agx@sigxcpu.org> Fri, 04 Aug 2017 00:05:47 -0300
3035
3036+libvirt (3.5.0-1ubuntu3) artful; urgency=medium
3037+
3038+ * Refresh changes to match they way they were accepted upstream
3039+ - d/p/u/aa-helper-Properly-link-with-storage-driver.patch add commit
3040+ reference now that it is in git.
3041+ - d/p/u/fix-libxl-default-driver-name.patch: instead of addin the
3042+ name this is now fixed by relaxing the schema.
3043+
3044+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Wed, 19 Jul 2017 12:48:39 +0200
3045+
3046+libvirt (3.5.0-1ubuntu2) artful; urgency=medium
3047+
3048+ * d/p/u/aa-helper-Properly-link-with-storage-driver.patch (LP: #1704782)
3049+ Fix to be able to follow BackinStorage chains when creating per
3050+ guest apparmor rules.
3051+
3052+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Tue, 18 Jul 2017 16:34:57 +0200
3053+
3054+libvirt (3.5.0-1ubuntu1) artful; urgency=medium
3055+
3056+ * Merged with Debian unstable (3.5)
3057+ This closes several bugs:
3058+ - improved handling of host-model since libvirt 3.2 (LP: #1673467)
3059+ - Adding POWER9 cpu model to cpu_map.xml (LP: #1690209)
3060+ * Remaining changes:
3061+ - Disable sheepdog (universe dependency)
3062+ - Disable libssh2 support (universe dependency)
3063+ - Disable firewalld support (universe dependency)
3064+ - Disable selinux
3065+ - Enable esx support
3066+ + Add build-dep to libcurl4-gnutls-dev (required for esx)
3067+ - Set qemu-group to kvm (for compat with older ubuntu)
3068+ - Regularly clear AppArmor profiles for vms that no longer exist
3069+ - Additional apport package-hook
3070+ - Modifications to adapt for our delayed switch away from libvirt-bin (can
3071+ be dropped >18.04).
3072+ + d/p/ubuntu/libvirtd-service-add-bin-alias.patch: systemd: define alias
3073+ to old service name so that old references work
3074+ + d/p/ubuntu/libvirtd-init-add-bin-alias.patch: sysv init: define alias
3075+ to old service name so that old references work
3076+ + d/control: transitional package with the old name and maintainer
3077+ scripts to handle the transition
3078+ - Backwards compatible handling of group rename (can be dropped >18.04).
3079+ - config details and autostart of default bridged network. Creating that is
3080+ now the default in general, yet our solution provides the following on
3081+ top as of today:
3082+ + nat only on some ports <port start='1024' end='65535'/>
3083+ + autostart the default network by default
3084+ + do not autostart if 192.168.122.0 is already taken (e.g. in containers)
3085+ - d/p/ubuntu/Allow-libvirt-group-to-access-the-socket.patch: This is
3086+ the group based access to libvirt functions as it was used in Ubuntu
3087+ for quite long.
3088+ + d/p/ubuntu/daemon-augeas-fix-expected.patch fix some related tests
3089+ due to the group access change.
3090+ - ubuntu/parallel-shutdown.patch: set parallel shutdown by default.
3091+ - d/p/ubuntu/enable-kvm-spice.patch: compat with older Ubuntu qemu/kvm
3092+ which provided a separate kvm-spice.
3093+ - d/p/ubuntu/storage-disable-gluster-test: gluster not enabled, skip test
3094+ - d/p/ubuntu/ubuntu-libxl-qemu-path.patch: this change was split. The
3095+ section that adapts the path of the emulator to the Debian/Ubuntu
3096+ packaging is kept.
3097+ - d/p/ubuntu/ubuntu-libxl-Fix-up-VRAM-to-minimum-requirements.patch: auto
3098+ set VRAM to minimum requirements
3099+ - d/p/ubuntu/xen-default-uri.patch: set default URI on xen hosts
3100+ - Add libxl log directory
3101+ - libvirt-uri.sh: Automatically switch default libvirt URI for users on
3102+ Xen dom0 via user profile (was missing on changelogs before)
3103+ - d/p/ubuntu/apibuild-skip-libvirt-common.h: drop libvirt-common.h from
3104+ included_files to avoid build failures due to duplicate definitions.
3105+ - Update README.Debian with Ubuntu changes
3106+ - Convert libvirt0, libnss_libvirt and libvirt-dev to multi-arch.
3107+ - Enable some additional features on ppc64el and s390x (for arch parity)
3108+ + systemtap, zfs, numa and numad on s390x.
3109+ + systemtap on ppc64el.
3110+ - fix conffile upgrade handling to avoid obsolete files
3111+ and inactive duplicates (LP 1694159)
3112+ - d/t/control, d/t/smoke-qemu-session: fixup smoke-qemu-session by making
3113+ vmlinuz available and accessible (Debian bug 848314)
3114+ - d/t/control, d/t/smoke-lxc: fix up lxc smoke test (Debian bug 848317)
3115+ - Extended handling of apparmor profiles - clear lost profiles via cron
3116+ - Add dnsmasq configuration to work with system wide dnsmasq (drop >18.04,
3117+ no more UCA onto Xenial then which has global dnsmasq by default).
3118+ - Reworked apparmor Delta, especially the more complex delta is dropped
3119+ now, also our former delta is now split into logical pieces, has
3120+ improved comments and is part of a continuous upstreaming effort.
3121+ Listing related remaining changes:
3122+ + d/p/0001-apparmor-Allow-pygrub-to-run-on-Debian-Ubuntu.patch: apparmor:
3123+ Allow pygrub to run on Debian/Ubuntu
3124+ + d/p/0002-apparmor-libvirt-qemu-Allow-macvtap-access.patch: apparmor,
3125+ libvirt-qemu: Allow macvtap access
3126+ + d/p/0003-apparmor-libvirt-qemu-Allow-read-access-to-overcommi.patch:
3127+ apparmor, libvirt-qemu: Allow read access to overcommit_memory
3128+ + d/p/0004-apparmor-Explicit-deny-for-setpcap.patch: apparmor: Explicit
3129+ deny for setpcap
3130+ + d/p/0005-apparmor-libvirt-qemu-Allow-use-of-sgabios.patch: apparmor,
3131+ libvirt-qemu: Allow use of sgabios
3132+ + d/p/0006-apparmor-libvirt-qemu-Silence-lttng-related-deny-mes.patch:
3133+ apparmor, libvirt-qemu: Silence lttng related deny messages
3134+ + d/p/0007-apparmor-libvirt-qemu-Allow-owner-read-access-to-PRO.patch:
3135+ apparmor, libvirt-qemu: Allow owner read access to @{PROC}/*/auxv
3136+ + d/p/0008-apparmor-libvirt-qemu-Allow-read-access-to-sysfs-sys.patch:
3137+ apparmor, libvirt-qemu: Allow read access to sysfs system info
3138+ + d/p/0009-apparmor-libvirt-qemu-Allow-read-access-to-max_mem_r.patch:
3139+ apparmor, libvirt-qemu: Allow read access to max_mem_regions
3140+ + d/p/0010-apparmor-libvirt-qemu-Allow-qemu-block-extra-librari.patch:
3141+ apparmor, libvirt-qemu: Allow qemu-block-extra libraries
3142+ + d/p/0011-apparmor-libvirt-qemu-Allow-access-to-hugepage-mount.patch:
3143+ apparmor, libvirt-qemu: Allow access to hugepage mounts
3144+ + d/p/0012-apparmor-libvirtd-Allow-access-to-netlink-sockets.patch:
3145+ apparmor, libvirtd: Allow access to netlink sockets
3146+ + d/p/0013-apparmor-Add-rules-for-mediation-support.patch:
3147+ apparmor: Add rules for mediation support
3148+ + d/p/0014-apparmor-virt-aa-helper-Improve-comment-about-backin.patch:
3149+ apparmor, virt-aa-helper: Improve comment about backing store
3150+ + d/p/0015-apparmor-virt-aa-helper-Allow-access-to-ecryptfs-fil.patch:
3151+ apparmor, virt-aa-helper: Allow access to ecryptfs files
3152+ + d/p/0016-apparmor-libvirtd-Allow-ixr-to-var-lib-libvirt-virtd.patch:
3153+ apparmor, libvirtd: Allow ixr to /var/lib/libvirt/virtd*
3154+ + d/p/0017-apparmor-virt-aa-helper-Allow-access-to-tmp-director.patch:
3155+ apparmor, virt-aa-helper: Allow access to tmp directories
3156+ + d/p/0018-apparmor-virt-aa-helper-Add-ipv6-network-policy.patch:
3157+ apparmor, virt-aa-helper: Add ipv6 network policy
3158+ + d/p/0019-apparmor-virt-aa-helper-Allow-access-to-sys-bus-usb-.patch:
3159+ apparmor, virt-aa-helper: Allow access to /sys/bus/usb/devices
3160+ + d/p/0020-apparmor-virt-aa-helper-Allow-various-storage-pools-.patch:
3161+ apparmor, virt-aa-helper: Allow various storage pools and image
3162+ locations
3163+ + d/p/0021-apparmor-virt-aa-helper-Add-openvswitch-support.patch:
3164+ apparmor, virt-aa-helper: Add openvswitch support
3165+ + d/p/0022-apparmor-drop-references-to-qemu-kvm.patch: apparmor: drop
3166+ references to qemu-kvm
3167+ + d/p/0023-apparmor-qemu-won-t-call-qemu-nbd.patch: apparmor: qemu
3168+ won't call qemu-nbd
3169+ + d/p/0024-apparmor-virt-aa-helper-Allow-access-to-name-service.patch:
3170+ apparmor, virt-aa-helper: Allow access to name services
3171+ + d/p/0025-apparmor-fix-newer-virt-manager-1.4.0.patch: Add Apparmor
3172+ permissions so virt-manager 1.4.0 viewing works (LP 1668681).
3173+ + d/p/0026-apparmor-add-generic-base-vfio-device.patch: apparmor: add
3174+ /dev/vfio for vf (hot) attach (LP 1680384).
3175+ + d/p/0027-apparmor-allow-reading-cmdline-of-shutdown-signal.patch:
3176+ apparmor: allow to parse cmdline of the pid that send the shutdown
3177+ signal (LP 1680384).
3178+ + (28 is a new patch, listed in added changes)
3179+ + d/p/0029-appmor-libvirt-qemu-Add-9p-support.patch: appmor,
3180+ libvirt-qemu: Add 9p support
3181+ + d/p/0030-virt-aa-helper-Complete-9p-support.patch: virt-aa-helper:
3182+ add l to 9p file options.
3183+ + d/p/0031-virt-aa-helper-Ask-for-no-deny-rule-for-readonly-dis.patch:
3184+ virt-aa-helper: Ask for no deny rule for readonly disk (renamed and
3185+ reworded, was virt-aa-helper-no-explicity-deny-for-basefiles.patch)
3186+ + d/p/0032-apparmor-libvirt-qemu-Allow-reading-charm-specific-c.patch:
3187+ apparmor, libvirt-qemu: Allow reading charm-specific ceph config
3188+ + d/p/0033-UBUNTU-only-apparmor-for-kvm.powerpc-LP-1680384.patch: allow
3189+ commands executed by ubuntu only kvm wrapper on ppc64el (LP 1686621).
3190+ + d/p/0034-apparmor-virt-aa-helper-access-for-snapped-nova.patch:
3191+ apparmor, virt-aa-helper: access for snapped nova
3192+ - remaining but updated to match the latest release
3193+ + d/p/Disable-use-of-namespaces-by-default.patch (Debian change)
3194+ + d/p/Reduce-udevadm-settle-timeout-to-10-seconds.patch (Debian change)
3195+ + d/p/debian/apparmor_profiles_local_include.patch Include local
3196+ apparmor profile (Debian change)
3197+ + d/p/ubuntu/ubuntu_machine_type.patch: accept ubuntu types as pci440fx
3198+ + d/test/smoke-lxc workaround for debbug 848317/867379
3199+ * Dropped Changes (Upstream):
3200+ - Add missing apparmor rule for debug-threads feature (LP 1615550).
3201+ - Add new block device types to virt-aa-helpers profile (LP 1641618)
3202+ - d/p/ubuntu/storage-default-permission-mode-to-0711: safer default perms
3203+ for storage dirs like /var/lib/libvirt/images.
3204+ - d/p/ubuntu/libvirtd-service-nolimit.patch: remove proc/file/task limits
3205+ to support huge systems.
3206+ - d/p/ubuntu/libvirtd-service-set-notifyaccess.patch: set NotifyAccess=all
3207+ in libvirtd.service (-d not allowed to be specified, everything else
3208+ upstream so drop delta; LP 1574566).
3209+ - d/p/ubuntu/qemu_process-spice-don-t-release-used-port.patch: qemu_process
3210+ spice: don't release used port (LP 1697729).
3211+ - d/p/ubuntu/virsh-maxvcpu-fall-back-to-old-command.patch: virsh: maxvcpus:
3212+ Always fall back to the old command if domain caps fail (LP 1674298)
3213+ - d/p/ubuntu/qemu-Allow-empty-script-path-to-interface.patch: in the past
3214+ it was possible to have <script path=''/> which now fails - fix to match
3215+ the old behavior (LP 1665698)
3216+ - Reworked apparmor Delta and started upstreaming, listing related
3217+ changes dropped:
3218+ + Apparmor feature parsing to depend on new apparmor features which
3219+ appear in different versions across distributions (no more needed
3220+ >=Xenial, allows to now separate changes and upstream more easily).
3221+ + d/p/ubuntu/Ensure-disk-names-follow-the-disk-name-regex.patch:
3222+ guarantee disk spec is following the defined regex (LP 1665410).
3223+ + d/p/ubuntu/virt-aa-helper-add-guest-agent-rule.patch: add
3224+ virt-aa-helper rule allowing all private channel access.
3225+ + d/p/ubuntu/virt-aa-helper-apparmor-allow-usr-share-AAVMF-too.patch:
3226+ virt-aa-helper to allow access to aarch64 UEFI images.
3227+ + d/rules, apparmor: include and install local apparmor profiles (This
3228+ is now done by dh_apparmor automatically)
3229+ + add local apparmor override templates (provided by dh_apparmor now)
3230+ + Fix name resolution calls from virt-aa-helper profile (LP 1546674).
3231+ + virt-aa-helper, apparmor: allow /usr/share/OVMF/ too
3232+ + virt-aa-helper: Generalize test for firmware paths
3233+ + apparmor, virt-aa-helper: Allow aarch64 UEFI.
3234+ + apparmor, libvirt-qemu: Add ppc64el related changes
3235+ + apparmor, libvirtd: Allow libxl-save-helper to run on Debian/Ubuntu
3236+ + apparmor, libvirt-qemu: Allow access to ceph config
3237+ + apparmor, libvirt-qemu: Allow access to certificates used by libvirt-vnc
3238+ + apparmor, virt-aa-helper: Explicit denies for host devices
3239+ + apparmor, virt-aa-helper: Allow access to libnl-3 config files
3240+ + apparmor, libvirt-qemu: allow access to pt_chown for pty consoles
3241+ * Dropped Changes (In Debian):
3242+ - d/rules: debhelper start virtlogd.socket
3243+ - d/p/ubuntu/Debianize-virtlogd-service.patch: Adapt config file location
3244+ for Debian based systems.
3245+ - Additional debian/bug-presubj
3246+ - Extended handling of apparmor profiles - reload and remove in maintainer
3247+ scripts (dh_apparmor* now generate these snippets)
3248+ * Dropped Changes (no SysV anymore):
3249+ - Add sysvinit script for virtlockd
3250+ - Wait on socket in sysvinit script
3251+ - d/rules: dh_installinit virtlockd (was part of "Cleanup systemd
3252+ debhelper"
3253+ - d/p/ubuntu/Debianize-virtlockd-init.patch: Fix default config path in
3254+ virtlockd.init for Debian based systems.
3255+ * Dropped Changes (other reasons):
3256+ - d/p/ubuntu/dnsmasq-as-priv-user: configuration to run as extra user
3257+ This used group libvirt instead of nobody which makes it worse; Needs
3258+ to be fixed upstream (LP: #1690729).
3259+ + d/p/ubuntu/disable-network-test.patch: disable test failing due to
3260+ dnsmasq changes.
3261+ - Add .gitignore for .pc
3262+ - we keep lxc support as Debian does, but stop adding delta. It feels
3263+ somewhat less maintained than e.g. libvirt for qemu. Also for secure
3264+ and comfortable container management lxd is clearly preferred. The
3265+ delta caused more issues than it solved so deliver libvirt-lxc as-is
3266+ and drop the related delta.
3267+ + d/p/ubuntu/9031-enable-lxc-apparmor: enable apparmor confinement of
3268+ containers by default.
3269+ + d/p/ubuntu/9032-lxc-allow-no-security-driver: allow empty sec driver
3270+ for libvirt-lxc.
3271+ - The following xen changes are no more required with current versions
3272+ + d/p/ubuntu/ubuntu-libxl-hvmloader-path.patch: Fallback for libxl
3273+ xen paths (LP 1459603)
3274+ + d/p/ubuntu/ubuntu-libxl-qemu-path.patch: this change was split. The
3275+ section about compat to the very old qemu-dm name is no more needed.
3276+ + d/p/ubuntu/libxl-fix-test-data.patch and
3277+ d/p/ubuntu/fix-xen-xml-in-tests.patch: updated and unified into the
3278+ former one + also updated the maintainer notes to ease updating.
3279+ + d/p/ubuntu/libxl-no-dm-check.patch: Stop calling emulator to identify
3280+ device-model
3281+ * Added Changes:
3282+ - d/p/0028-apparmor-add-default-pki-path-of-lbvirt-spice.patch:
3283+ apparmor: add default pki path of lbvirt-spice (LP: #1690140)
3284+ - conffile handling of files dropped in 3.5 (can be dropped >18.04)
3285+ + /etc/init.d/virtlockd was sysv init only
3286+ + /etc/apparmor.d/local/usr.sbin.libvirtd and
3287+ /etc/apparmor.d/local/usr.lib.libvirt.virt-aa-helper are now generated
3288+ by dh_apparmor as needed
3289+ - d/p/ubuntu/fix-libxl-default-driver-name.patch: avoid an issue with
3290+ default driver entries missing name='qemu'.
3291+
3292+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Thu, 06 Jul 2017 15:43:17 +0200
3293+
3294 libvirt (3.5.0-1) unstable; urgency=medium
3295
3296 [ Guido GΓΌnther ]
3297@@ -1463,6 +4639,233 @@ libvirt (3.0.0-1) experimental; urgency=medium
3298
3299 -- Guido GΓΌnther <agx@sigxcpu.org> Thu, 19 Jan 2017 18:51:18 +0100
3300
3301+libvirt (2.5.0-3ubuntu10) artful; urgency=medium
3302+
3303+ * d/p/ubuntu/0004-apparmor-apply-ubuntu-delta.patch: Allow access to base
3304+ images and snapshots stored in nova-hypervisor snap's $SNAP_COMMON
3305+ directory, enabling use of the libvirt deb from the nova-hypervisor
3306+ snap (LP: #1644507).
3307+
3308+ -- Corey Bryant <corey.bryant@canonical.com> Thu, 22 Jun 2017 14:29:39 -0400
3309+
3310+libvirt (2.5.0-3ubuntu9) artful; urgency=medium
3311+
3312+ * d/p/ubuntu/qemu_process-spice-don-t-release-used-port.patch: qemu_process
3313+ spice: don't release used port (LP: #1697729) - upstream in libvirt 3.1.
3314+
3315+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Wed, 14 Jun 2017 14:49:16 +0200
3316+
3317+libvirt (2.5.0-3ubuntu8) artful; urgency=medium
3318+
3319+ * fix conffile upgrade handling to avoid obsolete files
3320+ and inactive duplicates (LP: #1694159)
3321+ - d/libvirt-daemon-system.maintscript: revert to Debian content
3322+ - d/libvirt-bin.maintscript: add missing rm_conffile related to
3323+ dropping upstart.
3324+ - d/libvirt-bin.maintscript: add missing rm of conffiles due
3325+ to re-aligning with debian package names since yakkety.
3326+ - d/libvirt-bin.maintscript: for LTS->LTS upgraders try to move and retain
3327+ custom changes.
3328+ - d/libvirt-bin.maintscript: for upgraders from yakkety or later remove
3329+ the (now duplicate) conffiles, but retain custom changes in backups if
3330+ they exist
3331+ - d/libvirt-bin.preinst: drop manual mv of conffiles which lacked
3332+ retaining changes and upgrade-abort handling.
3333+ - d/libvirt-bin.preinst: handle upgrades up to the latest predecessor
3334+ possible before yakkety.
3335+ - d/libvirt-bin.preinst: fixup the combination of rm+mv conffile in case
3336+ the package is upgrading from pre yakkety.
3337+ - d/libvirt-daemon-system.postinst: clean up old dnsmasq enablement symlink
3338+ if unmodified.
3339+
3340+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Wed, 31 May 2017 14:29:51 +0200
3341+
3342+libvirt (2.5.0-3ubuntu7) artful; urgency=medium
3343+
3344+ * debian/patches/ubuntu/apparmor-ppcwrapper.patch: update to add missing
3345+ colon (LP: #1686621).
3346+
3347+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Thu, 27 Apr 2017 13:16:05 +0200
3348+
3349+libvirt (2.5.0-3ubuntu6) artful; urgency=medium
3350+
3351+ * Add missing apparmor profile entries (LP: #1680384)
3352+ - debian/patches/ubuntu/apparmor-vfio.patch: apparmor: add /dev/vfio
3353+ for vf (hot) attach
3354+ - debian/patches/ubuntu/apparmor-ppcwrapper.patch: apparmor: allow
3355+ extra tools executed by kvm.powerpc
3356+ - debian/patches/ubuntu/apparmor-shutdown.patch: apparmor: allow to
3357+ parse cmdline of the pid that send the shutdown signal
3358+
3359+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Tue, 25 Apr 2017 14:10:06 +0200
3360+
3361+libvirt (2.5.0-3ubuntu5) zesty; urgency=medium
3362+
3363+ * d/p/ubuntu/virsh-maxvcpu-fall-back-to-old-command.patch: virsh: maxvcpus:
3364+ Always fall back to the old command if domain caps fail (LP: #1674298)
3365+
3366+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Tue, 21 Mar 2017 08:02:37 +0100
3367+
3368+libvirt (2.5.0-3ubuntu4) zesty; urgency=medium
3369+
3370+ * d/p/ubuntu/qemu-Allow-empty-script-path-to-interface.patch: in the past
3371+ it was possible to have <script path=''/> which now fails - fix to match
3372+ the old behavior (LP: #1665698)
3373+
3374+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Fri, 10 Mar 2017 08:57:18 +0100
3375+
3376+libvirt (2.5.0-3ubuntu3) zesty; urgency=medium
3377+
3378+ [ Christian Ehrhardt ]
3379+ * d/p/ubuntu/Ensure-disk-names-follow-the-disk-name-regex.patch:
3380+ guarantee disk spec is following the defined regex (LP: #1665410).
3381+
3382+ [ Bryan Quigley ]
3383+ * d/p/ubuntu/0007-apparmor-fix-for-new-virt-manager.patch: Add Apparmor
3384+ permissions so virt-manager 1.4.0 viewing works (LP: #1668681).
3385+
3386+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Mon, 06 Mar 2017 08:24:06 +0100
3387+
3388+libvirt (2.5.0-3ubuntu2) zesty; urgency=medium
3389+
3390+ * No-change rebuild to build against Xen-4.8 libs.
3391+
3392+ -- Stefan Bader <stefan.bader@canonical.com> Thu, 26 Jan 2017 14:19:03 +0100
3393+
3394+libvirt (2.5.0-3ubuntu1) zesty; urgency=medium
3395+
3396+ * Merged with Debian unstable
3397+ - this picks up a fix for migrations using NFS mounts (LP: #1637601).
3398+ * Remaining changes:
3399+ - Disable sheepdog (universe dependency)
3400+ - Disable libssh2 support (universe dependency)
3401+ - Disable firewalld support (universe dependency)
3402+ - Disable selinux
3403+ - Enable esx support
3404+ - Add build-dep to libcurl4-gnutls-dev (required for esx)
3405+ - Set qemu-group to kvm (for compat with older ubuntu)
3406+ - Added changes to use the upstream apparmor profiles with added
3407+ delta (configurable via apparmor profiles version).
3408+ * d/p/u/000[1-6]-apparmor-*
3409+ - Regularly clear AppArmor profiles for vms that no longer exist
3410+ - Fix name resolution calls from virt-aa-helper profile (LP 1546674).
3411+ - Add missing apparmor rule for debug-threads feature (LP 1615550).
3412+ - Add new block device types to virt-aa-helpers profile (LP 1641618)
3413+ - Additional apport package-hook
3414+ - d/rules: debhelper start virtlogd.socket
3415+ - Add sysvinit script for virtlockd
3416+ - Additional debian/bug-presubj
3417+ - Modifications to adapt for our delayed switch away from libvirt-bin (can
3418+ be dropped after 18.04).
3419+ - d/p/ubuntu/libvirtd-service-add-bin-alias.patch: alias to old
3420+ libvirt-bin name.
3421+ - d/p/ubuntu/libvirtd-init-add-bin-alias.patch: provides for the old
3422+ libvirt-bin name.
3423+ - Wait on socket in sysvinit script
3424+ - Backwards compatible handling of groups (can be dropped after 18.04).
3425+ - config details and autostart of default bridged network. Creating that is
3426+ now the default in general, yet our solution provides the following on
3427+ top as of today:
3428+ - nat only on some ports <port start='1024' end='65535'/>
3429+ - autostart the default network by default
3430+ - do not autostart if 192.168.122.0 is already taken (e.g. in containers)
3431+ - d/p/ubuntu/Allow-libvirt-group-to-access-the-socket.patch: This is
3432+ the group based access to libvirt functions as it was used in Ubuntu
3433+ for quite long.
3434+ - d/p/ubuntu/daemon-augeas-fix-expected.patch fix some related tests
3435+ due to the group access change.
3436+ - d/p/ubuntu/dnsmasq-as-priv-user: configuration to run as extra user
3437+ - d/p/ubuntu/disable-network-test.patch: disable test failing due to
3438+ dnsmasq changes.
3439+ - ubuntu/parallel-shutdown.patch: set parallel shutdown by default.
3440+ - d/p/ubuntu/enable-kvm-spice.patch: compat with older Ubuntu qemu/kvm
3441+ which provided a separate kvm-spice.
3442+ - d/p/ubuntu/storage-default-permission-mode-to-0711: safer default perms
3443+ for storage dirs like /var/lib/libvirt/images.
3444+ - d/p/ubuntu/storage-disable-gluster-test: gluster not enabled, skip test
3445+ - d/p/ubuntu/9031-enable-lxc-apparmor: enable apparmor confinement of
3446+ containers by default.
3447+ - d/p/ubuntu/9032-lxc-allow-no-security-driver: allow empty sec driver for
3448+ libvirt-lxc.
3449+ - d/p/ubuntu/ubuntu_machine_type.patch: accept ubuntu types as pci440fx
3450+ - d/p/ubuntu/ubuntu-libxl-qemu-path.patch: Set common qemu path to match
3451+ Debian/Ubuntu Xen packaging.
3452+ - d/p/ubuntu/ubuntu-libxl-hvmloader-path.patch: Fallback for libxl
3453+ xen paths (LP 1459603)
3454+ - d/p/ubuntu/ubuntu-libxl-Fix-up-VRAM-to-minimum-requirements.patch: auto
3455+ set VRAM to minimum requirements
3456+ - d/p/ubuntu/libxl-no-dm-check.patch: Stop calling emulator to identify
3457+ device-model
3458+ - d/p/ubuntu/xen-default-uri.patch: set default URI on xen hosts
3459+ - fixup tests to match packaging of Xen (mostly different paths)
3460+ - d/p/ubuntu/libxl-fix-test-data.patch
3461+ - d/p/ubuntu/fix-xen-xml-in-tests.patch
3462+ - d/p/ubuntu/Debianize-virtlogd-service.patch: Adapt config file location
3463+ for Debian based systems.
3464+ - d/p/ubuntu/Debianize-virtlockd-init.patch: Fix default config path in
3465+ virtlockd.init for Debian based systems.
3466+ - d/p/ubuntu/9034-complete-9p-support: virt-aa-helper: add l to 9p file
3467+ options.
3468+ - d/p/ubuntu/parallel-shutdown.patch: shut guests down in parallel
3469+ - d/p/ubuntu/virt-aa-helper-no-explicity-deny-for-basefiles.patch: ask for
3470+ no deny rule for readonly disk elements.
3471+ - d/p/ubuntu/virt-aa-helper-add-guest-agent-rule.patch: add virt-aa-helper
3472+ rule allowing all private channel access
3473+ - d/p/ubuntu/libvirtd-service-nolimit.patch: remove proc/file/task limits
3474+ to support huge systems.
3475+ - d/p/ubuntu/virt-aa-helper-apparmor-allow-usr-share-AAVMF-too.patch:
3476+ virt-aa-helper to allow access to aarch64 UEFI images.
3477+ - d/p/ubuntu/libvirtd-service-set-notifyaccess.patch: set NotifyAccess=all
3478+ in libvirtd.service (LP 1574566).
3479+ - d/p/ubuntu/apibuild-skip-libvirt-common.h: drop libvirt-common.h from
3480+ included_files to avoid build failures due to duplicate definitions.
3481+ - Update README.Debian with Ubuntu changes
3482+ - Convert libvirt0, libnss_libvirt and libvirt-dev to multi-arch.
3483+ - Add libxl log directory
3484+ - Enable some additional features on ppc64el and s390x (for arch parity)
3485+ - systemtap, zfs, numa and numad on s390x.
3486+ - systemtap on ppc64el.
3487+ * Dropped Changes:
3488+ - Build depend on gnutls >= 3.5.6-4ubuntu2 (no > 3.5.6 && < 3.5.6-4ubuntu2
3489+ in any release left)
3490+ - Fix parsing non apparmor labels LP:#1633207 (upstream in libvirt 2.5)
3491+ - Ignore newlines in guest list (upstream in libvirt 2.4)
3492+ - Avoid migration postcopy issues by ensuring valid commands (upstream in
3493+ libvirt 2.5)
3494+ - Enable numa for arm64 (in Debian)
3495+ - Fix libvirt start failure when security_driver set (upstream in libvirt
3496+ 2.2)
3497+ - virt-aa-helper: Fix upstream implementation of no explicit deny rule
3498+ (upstream in libvirt 2.3)
3499+ - Some useless whitespace damage and no more applicable comments
3500+ - The following patches were part of the Delta but not the series file.
3501+ So they had no effect and can be dropped now:
3502+ - ubuntu/9036-util-prepare-uri-for-libxml2-2.9.2.patch
3503+ - ubuntu/Disable-failing-virnetsockettest.patch
3504+ - ubuntu/dont-include-non-migrateable-features-in-host-model
3505+ - ubuntu/upstream-libxl-Allow-libxl-to-find-pygrub-binary.patch
3506+ - See the 2.1.0-1ubuntu15 and 2.1.0-1ubuntu16 changelogs for related
3507+ pre-merge drops
3508+ - Add build-dep to libxml-libxml-perl (no more needed)
3509+ - apparmor double add /usr/bin/qemu-sparc64 rmix (no function anymore)
3510+ - apparmor /usr/{lib,lib64}/qemu/block-*.so (in Debian)
3511+ - apparmor moving /bin/bash rmix in profile (drop non functional delta)
3512+ - follow Debians style of block-*.so rules for block-extra (drop our
3513+ functionally equivalent adding/moving of rules)
3514+ - follow Debians style of lib/lib64 rules (drop a lot of our functional
3515+ functionally equivalent adding/moving of rules)
3516+ - accept Upstream style to handle libvirt_iohelper and libvirt_parthelper
3517+ (stop removing the two rules without an associated bug to reduce delta)
3518+ - Disabling dep8 smoke tests
3519+ * Added Changes:
3520+ - d/t/control, d/t/smoke-qemu-session: fixup smoke-qemu-session by making
3521+ vmlinuz available and accessible (in discussed with Debian in debbug
3522+ 848314)
3523+ - d/t/control, d/t/smoke-lxc: fix up lxc smoke test (in discussed with
3524+ Debian in debbug 848317)
3525+
3526+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Tue, 03 Jan 2017 13:58:30 +0100
3527+
3528 libvirt (2.5.0-3) unstable; urgency=medium
3529
3530 * [ba9fcb8] Invoke db_stop.
3531@@ -1611,6 +5014,192 @@ libvirt (2.1.0-2) unstable; urgency=medium
3532
3533 -- Guido GΓΌnther <agx@sigxcpu.org> Fri, 19 Aug 2016 10:22:22 +0200
3534
3535+libvirt (2.1.0-1ubuntu16) zesty; urgency=medium
3536+
3537+ * Ensure d/p/ubuntu/9002-default_uri_virsh_to_system.patch is
3538+ dropped as intended.
3539+ * Re-Add d/p/ubuntu/apibuild-skip-libvirt-common.h for an issue that
3540+ transiently occurs on LP builds (real trigger not yet identified, so it
3541+ can't be upstreamed).
3542+
3543+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Wed, 14 Dec 2016 09:30:58 +0100
3544+
3545+libvirt (2.1.0-1ubuntu15) zesty; urgency=medium
3546+
3547+ * Cleanup Ubuntu Delta prior to next libvirt merge
3548+ - drop obsolte patches:
3549+ d/p/ubuntu/cgroups-ignore-systemd-failure,
3550+ d/p/ubuntu/ubuntu-skip-virstoragetest,
3551+ d/p/ubuntu/9021-fix-uint64_t.patch,
3552+ ubuntu/Disable-failing-virnetsockettest.patch (was only comment),
3553+ d/p/ubuntu/9002-default_uri_virsh_to_system.patch,
3554+ d/p/ubuntu/ubuntu-xend-probe.patch
3555+ - clarify dep3 headers to be more useful:
3556+ d/p/ubuntu/Allow-libvirt-group-to-access-the-socket.patch,
3557+ d/p/ubuntu/daemon-augeas-fix-expected.patch,
3558+ d/p/ubuntu/enable-kvm-spice.patch,
3559+ d/p/ubuntu/dnsmasq-as-priv-user,
3560+ d/p/ubuntu/disable-network-test.patch
3561+ - split patch containing unrelated changes into two patches, so parts of
3562+ d/p/ubuntu/storage-default-permission-mode-to-0711 moved into
3563+ d/p/ubuntu/storage-disable-gluster-test
3564+
3565+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Mon, 12 Dec 2016 11:59:59 +0100
3566+
3567+libvirt (2.1.0-1ubuntu14) zesty; urgency=medium
3568+
3569+ * d/p/u/apparmor-fix-name-resolution.patch rework the fix to base
3570+ on the apparmor nameservice abstraction to be future proof (LP: #1546674).
3571+ * d/p/ubuntu/apparmor-fix-new-devicetypes.patch add new block device types to
3572+ virt-aa-helpers profile (LP: #1641618)
3573+ * d/p/u/apparmor-fix-other-seclabels.patch refresh to the now upstream
3574+ accepted solution (LP: #1633207).
3575+
3576+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Thu, 24 Nov 2016 08:06:38 +0100
3577+
3578+libvirt (2.1.0-1ubuntu13) zesty; urgency=medium
3579+
3580+ * drop d/p/ubuntu/fix-ftbfs-for-gnutls-3-5-6.patch as the offending change
3581+ in gnutls has been reverted (LP: #1641615)
3582+ * Build depend on gnutls >= 3.5.6-4ubuntu2 to build after the gnutls fix
3583+ migrated
3584+
3585+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Thu, 17 Nov 2016 08:43:10 +0100
3586+
3587+libvirt (2.1.0-1ubuntu12) zesty; urgency=medium
3588+
3589+ * d/p/ubuntu/fix-ftbfs-for-gnutls-3-5-6.patch fix FTBFS due to changes in
3590+ gnutls that affected the ordering on certificate DN entries (LP: #1641615)
3591+ * Revert "Fix FTBFS on zesty due to issues with concurrent make check" as it
3592+ was not the right solution.
3593+
3594+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Wed, 16 Nov 2016 14:52:17 +0100
3595+
3596+libvirt (2.1.0-1ubuntu11) zesty; urgency=medium
3597+
3598+ * Fix FTBFS on zesty due to issues with concurrent make check (LP: #1641615)
3599+
3600+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Tue, 15 Nov 2016 14:45:52 +0100
3601+
3602+libvirt (2.1.0-1ubuntu10) zesty; urgency=medium
3603+
3604+ [Simon DΓ©ziel]
3605+ * d/p/u/apparmor-fix-name-resolution.patch adds missing rules for name
3606+ resolution to virt-aa-helper Apparmor profile (LP: #1546674).
3607+ * d/p/u/apparmor-fix-debug-threads.patch adds missing rule for debug-threads
3608+ feature that is now default enabled to Apparmor profile (LP: #1615550).
3609+
3610+ [Christian Ehrhardt]
3611+ * d/p/u/apparmor-fix-other-seclabels.patch fixes an issue parsing non
3612+ apparmor security labels (LP: #1633207).
3613+
3614+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Mon, 24 Oct 2016 14:21:36 +0200
3615+
3616+libvirt (2.1.0-1ubuntu9) yakkety; urgency=medium
3617+
3618+ * Fix libvirt-guest.sh to handle multiple guests (LP: #1591695).
3619+
3620+ -- Stefan Bader <stefan.bader@canonical.com> Thu, 06 Oct 2016 12:14:05 +0200
3621+
3622+libvirt (2.1.0-1ubuntu8) yakkety; urgency=medium
3623+
3624+ [ Christian Ehrhardt ]
3625+
3626+ * avoid migration postcopy issues by ensuring valid commands (LP: #1620906)
3627+ - d/p/ubuntu/check-live-for-postcopy.patch Check for --live flag for
3628+ postcopy-after-precopy migration.
3629+ - d/p/ubuntu/make-postcopy-mandatory-for-postcopy-after-precopy.patch to
3630+
3631+ [ Stefan Bader ]
3632+
3633+ * Fix Xenial to Yakkety migration from libvirt-bin.service to
3634+ libvirtd.service (LP: #1627969).
3635+ * Update Vcs-Git and Vcs-Browser fields to point to launchpad
3636+ (LP: #1629210)
3637+
3638+ [ Dann Frazier ]
3639+
3640+ * Fix FTBS in Yakkety due to missing python dependency (LP: #1629041)
3641+
3642+ -- Stefan Bader <stefan.bader@canonical.com> Fri, 30 Sep 2016 10:11:30 +0200
3643+
3644+libvirt (2.1.0-1ubuntu7) yakkety; urgency=medium
3645+
3646+ * Enable NUMA support in arm64 builds (LP: #1627926).
3647+
3648+ -- dann frazier <dannf@ubuntu.com> Mon, 26 Sep 2016 23:36:24 -0600
3649+
3650+libvirt (2.1.0-1ubuntu6) yakkety; urgency=medium
3651+
3652+ * No-change rebuild for readline soname change.
3653+
3654+ -- Matthias Klose <doko@ubuntu.com> Sat, 17 Sep 2016 12:05:33 +0000
3655+
3656+libvirt (2.1.0-1ubuntu5) yakkety; urgency=medium
3657+
3658+ [ Jon Grimm ]
3659+
3660+ * Fix libvirt start failure when security_driver set (LP: #1618592)
3661+ - qemu: fix qemu.conf security_driver
3662+
3663+ -- Stefan Bader <stefan.bader@canonical.com> Thu, 08 Sep 2016 14:11:47 +0200
3664+
3665+libvirt (2.1.0-1ubuntu4) yakkety; urgency=medium
3666+
3667+ * Enable systemtap, zfs, numa on s390x.
3668+ * Enable systemtap on ppc64el.
3669+
3670+ -- Dimitri John Ledkov <xnox@ubuntu.com> Wed, 24 Aug 2016 13:21:29 +0100
3671+
3672+libvirt (2.1.0-1ubuntu3) yakkety; urgency=low
3673+
3674+ * Really fix the ADT regression and not only the changelog due
3675+ to somehow ending up on the wrong git branch.
3676+
3677+ -- Stefan Bader <stefan.bader@canonical.com> Wed, 17 Aug 2016 18:31:01 +0200
3678+
3679+libvirt (2.1.0-1ubuntu2) yakkety; urgency=low
3680+
3681+ * Fix ADT build-test regression(s)
3682+
3683+ -- Stefan Bader <stefan.bader@canonical.com> Wed, 17 Aug 2016 15:18:38 +0200
3684+
3685+libvirt (2.1.0-1ubuntu1) yakkety; urgency=low
3686+
3687+ * Merged with Debian testing. Remaining changes:
3688+ - Added changes to use the upstream apparmor profiles with added
3689+ delta (configurable via apparmor profiles version).
3690+ * d/p/u/0001-apparmor-add-feature-parsing.patch
3691+ * d/p/u/0002-apparmor-apply-ubuntu-delta.patch
3692+ * d/p/u/0003-apparmor-debian-ubuntu-delta.patch
3693+ * d/p/u/0004-apparmor-ubuntu-delta.patch
3694+ - Avoiding dependency on sheepdog
3695+ - Additional apport package-hook
3696+ - Additional dnsmasq configuration
3697+ - Additional profile.d script to set default URI
3698+ - Additional debian/bug-presubj
3699+ - d/rules: debhelper start virtlogd.socket not virtlockd.service
3700+ - Modifications to adapt for our delayed switch away from libvirt-bin.
3701+ - Wait on socket in sysvinit script
3702+ - Backwards compatible handling of groups and default bridged network
3703+ creation.
3704+ - Extended handling of apparmor profiles
3705+ - Convert libvirt0 and libvirt-dev to multi-arch.
3706+ - Added a fix for the upstream version of adding better write denials
3707+ handling to virt-aa-helper.
3708+ - Convert libnss_libvirt to multi-arch and fix up source location that
3709+ changed when making libvirt0 multi-arch.
3710+ - Dropped
3711+ * upstart script for libvirtd
3712+ * d/p/lp1588841-000[123]-* (upstream)
3713+ * d/p/u/qemu-Add-virQEMUCapsSupportsGICVersion.patch (upstream)
3714+ * d/p/u/qemu-Automatically-choose-usable-GIC-version.patch (upstream)
3715+ * d/p/u/docs-remove-xpath.patch (xpath removed upstream)
3716+ * d/p/u/preup-virt-aa-helper-better-write-denials-handling.patch (upstr.)
3717+ * d/p/u/ubuntu/virt-aa-helper-helpfix.patch (upstream)
3718+
3719+ -- Stefan Bader <stefan.bader@canonical.com> Wed, 13 Jul 2016 13:12:36 +0200
3720+
3721 libvirt (2.1.0-1) unstable; urgency=medium
3722
3723 * Upload to unstable
3724@@ -1680,6 +5269,103 @@ libvirt (1.3.5~rc1-1) experimental; urgency=medium
3725
3726 -- Guido GΓΌnther <agx@sigxcpu.org> Mon, 30 May 2016 22:00:33 +0200
3727
3728+libvirt (1.3.4-1ubuntu6) yakkety; urgency=low
3729+
3730+ * Fix libvirtd crashing on libxl domain restore (LP: #1588841).
3731+ Patches cherry-picked from upsream libvirt git tree.
3732+ - libxl: switch to using libxl_domain_create_restore from v4.4 API
3733+ - libxl: support Xen migration stream V2 in save/restore
3734+ - libxl: support migration stream V2 in migration
3735+
3736+ -- Stefan Bader <stefan.bader@canonical.com> Wed, 08 Jun 2016 14:17:23 +0200
3737+
3738+libvirt (1.3.4-1ubuntu5) yakkety; urgency=low
3739+
3740+ * Update the correct apparmor profiles to allow AAVMF and qemu-efi
3741+ firmware for aarch64 (1538882)
3742+ * Clean up / refresh various patches to finalize switch from libvirt-bin
3743+ to libvirtd as service name.
3744+ Drop: d/p/ubuntu/libvirt-bin-service-libvirtd-alias.patch
3745+ Refresh+Rename: d/p/ubuntu/libvirt-bin-service-set-notifyaccess.patch ->
3746+ d/p/ubuntu/libvirtd-service-nolimit.patch
3747+ Rename: d/p/ubuntu/libvirt-bin-service-set-notifyaccess.patch ->
3748+ d/p/ubuntu/libvirtd-service-set-notifyaccess.patch
3749+ Refresh: d/p/ubuntu/libvirtd-service-add-bin-alias.patch
3750+ Add: d/p/ubuntu/libvirtd-init-add-bin-alias.patch
3751+ * Change default profile used by libvirtd.service to /etc/default/libvirtd.
3752+ Drop: d/p/ubuntu/switch-service-files-to-libvirt-bin.patch
3753+ * Drop virtlockd.service from dh_systemd_start in debian/rules as
3754+ the service is socket activated (LP: #1588006).
3755+ * Fix failure to enable libvirtd.service due to lingering libvirt-bin
3756+ alias. This could happen when the upgrade from a version prior 1.3.3-2
3757+ happened before 1.3.4-1ubuntu3 (LP: #1588004).
3758+
3759+ -- Stefan Bader <stefan.bader@canonical.com> Thu, 02 Jun 2016 14:50:27 +0200
3760+
3761+libvirt (1.3.4-1ubuntu4) yakkety; urgency=medium
3762+
3763+ * Re-enable the upstart job by renaming the file.
3764+ * Include patchby @guessi to continally wait for libvirtd to start when
3765+ using sysvinit or upstart. (LP: #1571209)
3766+
3767+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Mon, 23 May 2016 13:50:22 -0500
3768+
3769+libvirt (1.3.4-1ubuntu3) yakkety; urgency=medium
3770+
3771+ [ dann frazier ]
3772+ * d/p/u/qemu-Add-virQEMUCapsSupportsGICVersion.patch,
3773+ d/p/u/qemu-Automatically-choose-usable-GIC-version.patch: If no GIC
3774+ was specified for an ARM virt guest, choose a GIC version supported
3775+ by the host. (LP: #1566564)
3776+
3777+ [ Serge Hallyn ]
3778+ * libvirt-bin.preinst: on upgrades from prior to 1.3.3-2, also remove the
3779+ service file for the Alias - /etc/systemd/system/libvirtd.service.
3780+ (LP: #1579922)
3781+
3782+ -- dann frazier <dannf@ubuntu.com> Thu, 19 May 2016 08:57:33 -0600
3783+
3784+libvirt (1.3.4-1ubuntu2) yakkety; urgency=medium
3785+
3786+ * Include installing virtlogd.socket. (LP: #1583009)
3787+
3788+ -- Chris J Arges <chris.j.arges@canonical.com> Wed, 18 May 2016 13:56:08 -0500
3789+
3790+libvirt (1.3.4-1ubuntu1) yakkety; urgency=medium
3791+
3792+ * Merge 1.3.4-1 from Debian unstable
3793+ * Drop upstream-applied patches:
3794+ - conf-also-mark-implicit-video-as-primary.patch
3795+ - libvirt-socket-fix-group
3796+ * Remaining changes
3797+ - keep libvirt-bin transitional package - until 18.10 (for lts-to-lts
3798+ upgrades)
3799+ - keep (redundant) libvirtd group if it existed on upgrade - until 18.10
3800+ (for lts-to-lts upgrades)
3801+ - keep ubuntu-specific patches
3802+ - ship apport and dnsmasq files
3803+ - enable virbr0
3804+ - ship apparmor from debian/*. We should push changes upstrema, but
3805+ cannot sync with debian as apparmor profiles must be processed in
3806+ debian/rules for cloud archive.
3807+ - debian/control
3808+ - enable zfs
3809+ - disable libssh2 and sheepdog
3810+ - add libxml-libxml-perl and libcurl4-gnutls-dev
3811+ - enable libnuma-dev on ppc64el (pushed to Debian)
3812+ - update release for conflicts/replaces on libvirt-bin to << 1.3.3-2
3813+ - debian/libvirt-daemon-system.preinst: stop libvirt-bin on certain
3814+ upgrades.
3815+ - Multi-arch-ify.
3816+ - debian/rules: disable selinux and firewalld; use 'kvm' group; disable
3817+ ssh2, enable zfs and esx; process apparmor files for older releases;
3818+ copy dnsmasq configuration.
3819+ - debian/tests/control: add extra depends
3820+ * d/p/ubuntu/apibuild-skip-libvirt-common.h: libvirt-common.h is being
3821+ included twice leading to build failures - drop it temporarily.
3822+
3823+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Thu, 12 May 2016 12:50:02 -0500
3824+
3825 libvirt (1.3.4-1) unstable; urgency=medium
3826
3827 * Upload to unstable
3828@@ -1709,6 +5395,65 @@ libvirt (1.3.4~rc1-1) experimental; urgency=medium
3829
3830 -- Guido GΓΌnther <agx@sigxcpu.org> Wed, 27 Apr 2016 16:51:55 +0200
3831
3832+libvirt (1.3.3-2ubuntu2) yakkety; urgency=medium
3833+
3834+ * debian/rules: fix paths when removing files which should not end up
3835+ in libvirt-daemon package.
3836+
3837+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Thu, 12 May 2016 13:14:17 -0500
3838+
3839+libvirt (1.3.3-2ubuntu1) yakkety; urgency=medium
3840+
3841+ * Merge 1.3.3-2 from Debian unstable
3842+ * Merge new packaging layout
3843+ - debian/control
3844+ * add libsanlock-dev, dtrace, systemtap-sdt-dev, librados-dev,
3845+ libfuse-dev, augeas-tools to Build-Depends.
3846+ * Drop libcgmanager-dev from Build-Depends.
3847+ * Add libvirt-clients, libvirt-daemon, and libvirt-daemon-system
3848+ packages which replace the now-virtual libvirt-bin package.
3849+ * Drop libvirt0-dbg (is this intential in Debian?)
3850+ * Add libvirt-sanlock package (this should be in universe)
3851+ * Switch to 'libvirt' group, keeping the same gid as 'libvirtd'
3852+ on upgrade. Keep libvirtd group name on upgrade in case any
3853+ site scripts use it.
3854+ * Enable dtrace
3855+ * Add Debian policy-kit configuration
3856+ * drop ubuntu/9004-libvirtd-group-name.patch as we are switching to group
3857+ 'libvirt'
3858+ * Drop obsolete migration scripts:
3859+ - libvirt-migrate-xend-managed-domains
3860+ - libvirt-migrate-qemu-disks
3861+ - libvirt-migrate-qemu-machinetype
3862+ * Remaining changes:
3863+ - keep libvirt-bin transitional package - until 18.10 (for lts-to-lts
3864+ upgrades)
3865+ - keep (redundant) libvirtd group if it existed on upgrade - until 18.10
3866+ (for lts-to-lts upgrades)
3867+ - keep ubuntu-specific patches
3868+ - ship apport and dnsmasq files
3869+ - enable virbr0
3870+ - ship apparmor from debian/*. We should push changes upstrema, but
3871+ cannot sync with debian as apparmor profiles must be processed in
3872+ debian/rules for cloud archive.
3873+ - debian/control
3874+ - enable zfs
3875+ - disable libssh2 and sheepdog
3876+ - add libxml-libxml-perl and libcurl4-gnutls-dev
3877+ - enable libnuma-dev on ppc64el (pushed to Debian)
3878+ - update release for conflicts/replaces on libvirt-bin to << 1.3.3-2
3879+ - debian/libvirt-daemon-system.preinst: stop libvirt-bin on certain
3880+ upgrades.
3881+ - Multi-arch-ify.
3882+ - debian/rules: disable selinux and firewalld; use 'kvm' group; disable
3883+ ssh2, enable zfs and esx; process apparmor files for older releases;
3884+ copy dnsmasq configuration.
3885+ - debian/tests/control: add depends
3886+ * d/p/ubuntu/conf-also-mark-implicit-video-as-primary.patch: upstream patch
3887+ to fix failure to start vms with video not explicitly marked as 'primary'
3888+
3889+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Fri, 29 Apr 2016 20:51:48 -0500
3890+
3891 libvirt (1.3.3-2) unstable; urgency=medium
3892
3893 * Upload to unstable
3894@@ -1760,6 +5505,239 @@ libvirt (1.3.1-2) unstable; urgency=medium
3895
3896 -- Guido GΓΌnther <agx@sigxcpu.org> Fri, 19 Feb 2016 17:29:27 +0100
3897
3898+libvirt (1.3.1-1ubuntu11) yakkety; urgency=medium
3899+
3900+ [ Stefan Bader ]
3901+ * Add alias for libvirtd.service into libvirt-bin.service
3902+
3903+ [ Serge Hallyn ]
3904+ * d/p/u/libvirt-bin-service-set-notifyaccess.patch: Set NotifyAccess=all in
3905+ libvirt-bin systemd service file. (LP: #1574566)
3906+
3907+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Mon, 18 Apr 2016 13:44:15 -0500
3908+
3909+libvirt (1.3.1-1ubuntu10) xenial; urgency=medium
3910+
3911+ * d/p/u/virt-aa-helper-apparmor-allow-usr-share-AAVMF-too.patch: Allow
3912+ access to /usr/share/AAVMF/** and /usr/share/qemu-efi/** for aarch64 UEFI.
3913+ (LP: #1538882)
3914+
3915+ -- William Grant <wgrant@ubuntu.com> Fri, 15 Apr 2016 12:08:21 +1000
3916+
3917+libvirt (1.3.1-1ubuntu9) xenial; urgency=medium
3918+
3919+ * Remove the tasks limit on libvirt-bin service (LP: #1567381)
3920+ This should be un-done when it is properly fixed in the code so
3921+ that virtual machines are started in their own pids cgroup.
3922+
3923+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Thu, 07 Apr 2016 10:05:01 -0500
3924+
3925+libvirt (1.3.1-1ubuntu8) xenial; urgency=medium
3926+
3927+ * d/p/u/virt-aa-helper-add-guest-agent-rule.patch: this actually solves
3928+ the qemu guest agent problem for rhel7 vms for me. (LP: #1393842)
3929+ Also drop the mknod rule which isn't needed.
3930+ * d/apparmor/usr.lib.libvirt.virt-aa-helper: add permission to read under
3931+ /var/run. This is needed for some openvswitch info. (LP: #1513367)
3932+
3933+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Fri, 11 Mar 2016 15:01:25 -0800
3934+
3935+libvirt (1.3.1-1ubuntu7) xenial; urgency=medium
3936+
3937+ * zfs support (LP: #1553023)
3938+ - Cherrypick upstream patches to support zfs
3939+ - debian/rules: build with zfs support
3940+ - debian/control: add zfs as build-dep
3941+ * d/p/u/virt-aa-helper-no-explicity-deny-for-basefiles.patch: don't mark
3942+ readonly files with an explicity deny only because the xml marks it
3943+ as reasonly. (LP: #1554031)
3944+ * fix typo in virt-aa-helper helptext
3945+ * fix d/p/u/preup-virt-aa-helper-better-write-denials-handling.patch to
3946+ not overwrite const memory.
3947+
3948+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Thu, 10 Mar 2016 19:25:54 -0800
3949+
3950+libvirt (1.3.1-1ubuntu6) xenial; urgency=medium
3951+
3952+ * d/apparmor/libvirt-qemu: generalize the qemu-block-extra libs line.
3953+ (LP: #1554761)
3954+ * d/p/ubuntu/virt-aa-helper-add-mknod-for-guest-agent.patch: add mknod
3955+ capability if there is a qemu guest agent. (LP: #1393842)
3956+
3957+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Wed, 09 Mar 2016 18:45:08 -0800
3958+
3959+libvirt (1.3.1-1ubuntu5) xenial; urgency=low
3960+
3961+ * Added d/p/ubuntu/preup-virt-aa-helper-better-write-denials-handling.patch
3962+ and refreshed d/p/ubuntu/9034-complete-9p-support accordingly.
3963+ * Added d/p/ubuntu/additional-libvirt-guest-tweaks.patch to fix default
3964+ URI detection when running in a Xen control domain. Also change the
3965+ default config to do parallel shutdown requests (max. 10) and reduce the
3966+ timeout to 2 minutes.
3967+
3968+ -- Stefan Bader <stefan.bader@canonical.com> Wed, 09 Mar 2016 09:13:09 +0100
3969+
3970+libvirt (1.3.1-1ubuntu4) xenial; urgency=low
3971+
3972+ * d/libvirt-bin.virtlockd.init: Replace by the version I had already
3973+ prepared and was tested (LP: #1547208).
3974+ * d/libvirt-bin.virtlogd.init: Fix up some left-over references to
3975+ libvirtd.
3976+ * d/control: Add provides libvirt-daemon for libvirt-bin (LP: #1551643)
3977+
3978+ -- Stefan Bader <stefan.bader@canonical.com> Tue, 01 Mar 2016 10:58:23 +0100
3979+
3980+libvirt (1.3.1-1ubuntu3) xenial; urgency=medium
3981+
3982+ * d/libvirt-bin.virtlockd.init: Re-write based on virtlogd init script
3983+ as upstream provided version is not compatible with Ubuntu/Debian.
3984+
3985+ -- James Page <james.page@ubuntu.com> Mon, 29 Feb 2016 22:24:49 +0000
3986+
3987+libvirt (1.3.1-1ubuntu2) xenial; urgency=medium
3988+
3989+ * No-change rebuild for gnutls transition.
3990+
3991+ -- Matthias Klose <doko@ubuntu.com> Wed, 17 Feb 2016 22:41:20 +0000
3992+
3993+libvirt (1.3.1-1ubuntu1) xenial; urgency=low
3994+
3995+ * Merge from Debian unstable. Remaining changes:
3996+ - debian/apparmor/{libvirt-lxc,libvirt-qemu,local-usr.sbin.libvirtd,
3997+ TEMPLATE.lxc,TEMPLATE.qemu,usr.lib.libvirt.virt-aa-helper,
3998+ usr.sbin.libvirtd} Add apparmor profiles.
3999+ - Add debian/libvirt-bin.virtlockd.init based on the upstream version
4000+ src/locking/virtlockd.init.in. This does not seem to get processed
4001+ by the build.
4002+ - debian/control:
4003+ * Add libcurl4-gnutls-dev, libxml-libxml-perl, libcgmanager-dev
4004+ * Add ppc64el to libnuma-dev arches
4005+ * Remove libsanlock-dev, libselinux1-dev, systemtap-sdt-dev
4006+ * Remove python, sheepdog, librados-dev, libfuse-dev
4007+ * Remove libssh2-1-dev, qemu-system-common, augeas-tools
4008+ * Don't build libvirt-clients, libvirt-daemon, libvirt-sanlock packages
4009+ * Keep multiarch changes.
4010+ - Keep debian/{libvirt-bin.apport,libvirt-bin.cron.daily}
4011+ - Keep change d/libvirt0.install and d/libvirt-dev.install that
4012+ adds multi-arch wildcard.
4013+ - d/libvirt-daemon-system.libvirtd.default ->
4014+ d/libvirt-bin.libvirt-bin.default
4015+ - d/libvirt-daemon-system.dirs -> d/libvirt-bin.dirs
4016+ * Add /etc/apparmor.d/{abstractions,disable,force-complain,local}
4017+ * Add /etc/cron.daily
4018+ * Add /usr/share/apport/package-hooks
4019+ * Add /var/log/libvirt/libxl
4020+ * Add /etc/dnsmasq.d-available
4021+ * Remove /usr/share/polkit-1/rules.d/
4022+ * Remove /var/lib/polkit-1/localauthority/10-vendor.d/
4023+ - Keep debian/libvirt-bin.dnsmasq
4024+ - d/libvirt-daemon-system.examples -> d/libvirt-bin.examples
4025+ * Remove debian/build/daemon/libvirtd.policy
4026+ * Drop debian/libvirt-suspendonreboot
4027+ - d/libvirt-daemon-system.libvirtd.init -> d/libvirt-bin.libvirt-bin.init
4028+ * Add provides libvirt-bin
4029+ * Change /etc/default/libvirtd into /etc/default/libvirt-bin
4030+ * Add wait_on_sockfile() and call it during start
4031+ - d/libvirt-daemon-system.install -> d/libvirt-bin.install
4032+ * Add usr/bin/*
4033+ * Add usr/sbin/*
4034+ * Add etc/apparmor.d/*
4035+ * Replace etc/libvirt/{libvirtd,virtlockd,virtlogd}.conf -> etc/libvirt/*
4036+ (since with the clients included there are many more config files)
4037+ * Add usr/share/polkit-1
4038+ * Add usr/lib/libvirt/*
4039+ * Add usr/share/augeas/*
4040+ * Add usr/share/libvirt/*
4041+ * Add usr/share/man/man8/*
4042+ * Add usr/share/apport/package-hooks/source_libvirt.py
4043+ * Add etc/dnsmasq.d-available/libvirt-bin
4044+ * Add etc/profile.d/libvirt-uri.sh
4045+ * Add usr/lib/libvirt
4046+ - d/libvirt-daemon-system.links -> d/libvirt-bin.links
4047+ * Replace libvirt-daemon-system with libvirt-bin for libvirt0
4048+ * Remove libvirt-daemon line
4049+ - Remove d/libvirt-bin.maintscript
4050+ - d/libvirt-clients.manpages -> d/libvirt-bin.manpages
4051+ * Add debian/libvirt-migrate-qemu-disks.1
4052+ * Add debian/libvirt-migrate-qemu-machinetype.1
4053+ * Add debian/libvirt-migrate-xend-managed-domains.1
4054+ - Combined d/libvirt-daemon-system.NEWS and d/libvirt-daemon.NEWS into
4055+ d/libvirt-bin.NEWS
4056+ - Keep d/libvirt-bin.{postinst,postrm,preinst} though they probably could
4057+ be freshly derived from libvirt-daemon counterparts.
4058+ * Added removal of qemu capability cache (found in Debian) to postinst
4059+ * Added reload of virtlogd in postinst (following example of virtlockd)
4060+ - Replace d/libvirt-bin.preinst
4061+ - Add d/libvirt-bin.upstart
4062+ - d/libvirt-daemon-system.virtlogd.init -> d/libvirt-bin.virtlogd.init
4063+ - Remove d/libvirt-clients.install
4064+ - Remove d/libvirt-clients.links
4065+ - Remove d/libvirt-daemon.install
4066+ - Remove d/libvirt-daemon.links
4067+ - d/libvirt-daemon.README.Debian -> d/libvirt-bin.README.Debian
4068+ * Replaced access control section
4069+ * Appended apparmor profile section
4070+ * Appended disk migration section
4071+ * Appended qemu/kvm machine type migration section
4072+ - Remove d/libvirt-daemon-system.{maintscript,postinst,postrm,preinst}
4073+ - Keep libvirt-migrate-qemu-disks (and manpage)
4074+ - Keep libvirt-migrate-qemu-machinetype (and manpage)
4075+ - Keep libvirt-migrate-xend-managed-domains (and manpage)
4076+ - Remove d/libvirt-sanlock.{cron.weekly,links,install}
4077+ - Drop d/libvirt-stop-guests
4078+ - Drop d/libvirt-suspendonreboot (replaced by upstream libvirt-guests)
4079+ - Keep d/libvirt-uri.sh
4080+ - Remove d/polkit/60-libvirt.pkla (and polkit directory)
4081+ - d/tests/control
4082+ - Add build-essential and pkg-config dependencies to build-test
4083+ - debian/rules:
4084+ * Add autoconf stuff (not sure what still really gets used).
4085+ * Use qemu-group kvm instead of libvirt-qemu
4086+ * Add SHEEPDOGCLI environment variable to dh_auto_configure
4087+ override (instead of an DEB_DH_... make variable which no
4088+ longer takes effect).
4089+ * Drop --with-secdriver-apparmor --with-apparmor-profiles from
4090+ WITH_APPARMOR config.
4091+ * Change WITH_FIREWALLD and WITH_SELINUX settings to disabled.
4092+ * Change WITH_DTRACE setting to disabled.
4093+ * Drop DEB_DH_SYSTEMD_START_ARGS_libvirt-bin as it is no longer
4094+ needed after dropping cdbs.
4095+ * Add to override_dh_install section
4096+ - Install apparmor files (and post-processing)
4097+ - Install apport hooks.
4098+ - Install migration tools.
4099+ - Install profile script to autoset URI.
4100+ - Replace package name libvirt-daemon-system with libvirt-bin.
4101+ - Debian now copies libvirt-guests.{init,default} and
4102+ virtlogd.default from upstream source. Copy virtlockd.default
4103+ as well.
4104+ - Rename libvirtd.{socket,service} to libvirt-bin.{socket,service}
4105+ - Change dh_systemd_start to use virtlo{g,ck}d.socket only (the
4106+ services are supposed to be started by using the sockets.
4107+ - Move libs and pkgconfig under multiarch directory.
4108+ * Modify override_dh_auto_clean
4109+ - Replace package name libvirt-daemon-system with libvirt-bin
4110+ - Delete upstream files which were copied into debian/.
4111+ * Add override_dh_gencontrol section which conditionally adds
4112+ conflicts on apparmor.
4113+ * Add override_dh_makeshlibs section to pass version info for
4114+ libvirt0.
4115+ * Dropped patches:
4116+ - ubuntu/virt-aa-helper-handle-ovmf (upstream added ovmf paths to
4117+ restricted_rw)
4118+ * Refreshed patches:
4119+ - refreshed d/p/ubuntu/9034-complete-9p-support
4120+ * New patches
4121+ - d/ubuntu/libvirt-guests-exclude-dom0.patch
4122+ - d/ubuntu/libxl-no-dm-check.patch
4123+ - d/ubuntu/libxl-fix-test-data.patch
4124+ - d/ubuntu/Debianize-virtlogd-service.patch
4125+ - d/ubuntu/Debianize-virtlockd-init.patch
4126+ - d/ubuntu/switch-service-files-to-libvirt-bin.patch
4127+ - d/ubuntu/libvirt-socket-fix-group.patch
4128+
4129+ -- Stefan Bader <stefan.bader@canonical.com> Fri, 12 Feb 2016 14:46:21 +0100
4130+
4131 libvirt (1.3.1-1) unstable; urgency=medium
4132
4133 [ Guido GΓΌnther ]
4134@@ -1829,6 +5807,151 @@ libvirt (1.3.0~rc1-1) experimental; urgency=medium
4135
4136 -- Guido GΓΌnther <agx@sigxcpu.org> Fri, 04 Dec 2015 17:12:53 +0100
4137
4138+libvirt (1.2.21-2ubuntu10) xenial; urgency=medium
4139+
4140+ * Multiarchify the library packages.
4141+
4142+ -- Matthias Klose <doko@ubuntu.com> Thu, 28 Jan 2016 16:33:15 +0100
4143+
4144+libvirt (1.2.21-2ubuntu9) xenial; urgency=medium
4145+
4146+ * debian/rules: Disable cdbs' implicitly generated dh_systemd_start calls.
4147+ We already call it explicitly with the right options, calling it again
4148+ with the default options stops libvirt-guests during upgrades.
4149+ (LP: #1533839)
4150+
4151+ -- Martin Pitt <martin.pitt@ubuntu.com> Mon, 18 Jan 2016 09:10:21 +0100
4152+
4153+libvirt (1.2.21-2ubuntu8) xenial; urgency=low
4154+
4155+ * d/libvirt-stop-guests: Skip Domain-0 on guest shutdown. Newer
4156+ versions of libvirt will include dom0 in the list of running domains
4157+ (with libxl). This special domain must be ignored.
4158+
4159+ -- Stefan Bader <stefan.bader@canonical.com> Thu, 14 Jan 2016 11:35:39 +0100
4160+
4161+libvirt (1.2.21-2ubuntu7) xenial; urgency=medium
4162+
4163+ * d/apparmor/libvirt-qemu: silence denial to shm/lttng file since shm
4164+ mountpoint has moved (LP: #1529319)
4165+
4166+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Mon, 11 Jan 2016 11:55:28 -0800
4167+
4168+libvirt (1.2.21-2ubuntu6) xenial; urgency=medium
4169+
4170+ * d/apparmor/libvirt-qemu: add r access to max_mem_regions vhost module
4171+ paramater (LP: #1531564)
4172+
4173+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Mon, 11 Jan 2016 11:33:02 -0800
4174+
4175+libvirt (1.2.21-2ubuntu5) xenial; urgency=medium
4176+
4177+ * SECURITY UPDATE: ACL bypass using storage pool directory traversal
4178+ - debian/patches/CVE-2015-5313.patch: filter filesystem volume names in
4179+ src/storage/storage_backend_fs.c.
4180+ - CVE-2015-5313
4181+
4182+ -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Fri, 08 Jan 2016 10:32:17 -0500
4183+
4184+libvirt (1.2.21-2ubuntu4) xenial; urgency=medium
4185+
4186+ * Revert Ubuntu-specific patch to build-depend on libsystemd-daemon-dev
4187+ instead of libsystemd-dev; libsystemd-daemon-dev is no longer built from
4188+ systemd source so we want libsystemd-dev.
4189+
4190+ -- Colin Watson <cjwatson@ubuntu.com> Tue, 29 Dec 2015 00:31:16 +0000
4191+
4192+libvirt (1.2.21-2ubuntu3) xenial; urgency=medium
4193+
4194+ * Fix build-test autopkgtest: it now expects to run with the current
4195+ directory set to the root of the unpacked source package, writes to
4196+ $ADTTMP rather than to the source package, and declares dependencies on
4197+ build-essential and pkg-config.
4198+
4199+ -- Colin Watson <cjwatson@ubuntu.com> Mon, 28 Dec 2015 05:25:54 +0000
4200+
4201+libvirt (1.2.21-2ubuntu2) xenial; urgency=medium
4202+
4203+ * d/apparmor/libvirt-qemu: add permission to the systemd-mounted hugepages
4204+ path. (LP: #1524737)
4205+
4206+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Thu, 17 Dec 2015 10:49:18 -0800
4207+
4208+libvirt (1.2.21-2ubuntu1) xenial; urgency=medium
4209+
4210+ * Merge from Debian unstable. Remaining changes:
4211+ - debian/apparmor/{libvirt-lxc,libvirt-qemu,local-usr.sbin.libvirtd,
4212+ TEMPLATE.lxc,TEMPLATE.qemu,usr.lib.libvirt.virt-aa-helper,
4213+ usr.sbin.libvirtd} Add apparmor profiles.
4214+ - debian/bug-presubj: removed
4215+ - debian/control:
4216+ - add cdbs, dh-autoreconf, libcurl4-gnutls-dev
4217+ - add libxml-libxml-perl, libhal-dev
4218+ - swap open-iscsi to open-iscsi-utils
4219+ - Enable numa support on ppc64el.
4220+ - remove libsanlock-dev, libselinux1-dev
4221+ - use libsystemd-daemon-dev instead of libsystemd-dev
4222+ - remove systemtap-sdt-dev, python, sheepdog, librados-dev, libfuse-dev
4223+ - remove libssh2-1, augeas-tools
4224+ - add libcgmanager-dev, xsltproc
4225+ - remove Vcs-Git
4226+ - adjust X-Python-Version > 2.7
4227+ - don't build libvirt-clients, libvirt-daemon, libvirt-sanlock packages
4228+ - keep debian/{libvirt-bin.apport,libvirt-bin.cron.daily}
4229+ - debian/libvirt-daemon.* has been mostly renamed to debian/libvirt-bin.*
4230+ - add upstart script for libvirt-bin
4231+ - debian/*.{links,maintscript} files not added
4232+ - keep ubuntu maintscript modifications
4233+ - debian/libvirt-sanlock* not merged
4234+ - debian/libvirt-clients* not merged
4235+ - keep debian/{libvirt-migrate-qemu-disks.*,
4236+ libvirt-migrate-qemu-machinetype.*,
4237+ libvirt-migrate-xend-managed-domains.*}
4238+ - keep debian/libvirt-suspendonreboot
4239+ - keep debian/libvirt-uri.sh
4240+ - debian/polkit/* not added
4241+ - debian/README.Debian:
4242+ - add 'Apparmor Profile' section
4243+ - add 'Disk migration' section
4244+ - debian/rules:
4245+ - add cdbs and autoconf stuff
4246+ - don't build WITH_SANLOCK, WITH_INIT_SCRIPT, WITH_SYSTEMD, WITH_FIREWALLD
4247+ WITH_SELINUX
4248+ - use qemu-group kvm instead of libvirt-qemu
4249+ - set DEB_DH_INSTALLINIT_ARGS to '--upstart-only'
4250+ - remove auto_test section
4251+ - add build/libvirt-bin:: section to install
4252+ - apparmor files
4253+ - apport hooks
4254+ - libvirt-migrate-qemu-disks
4255+ - use clean:: instead of dh_*clean
4256+ - Move ubuntu specific patches to 'debian/patches/ubuntu'
4257+ * Dropped patches:
4258+ - drop 9033-apparmor-use-TEMPLATE.qemu-for-kvm.patch (upstream 16d2bc8b)
4259+ - drop 9036-util-prepare-uri-for-libxml2-2.9.2.patch (upstream 8f17d0ea)
4260+ - drop 9040-virt-aa-helper-add-unix-channels (upstream 03d7462d)
4261+ - drop CVE-2014-3633.patch (upstream 3e745e8f)
4262+ - drop CVE-2014-3657.patch (upstream fc22b2e7)
4263+ - drop CVE-2014-7823.patch (upstream b1674ad5)
4264+ - drop Don-t-fail-if-we-can-t-setup-avahi.patch (dropped in debian)
4265+ - drop add-ppc64le-support.patch (upstream 9265fd19, addce06c, 1e911742,
4266+ bdbe723f, 5e4f49ab)
4267+ - drop blockdev-migration patches (upstream 1049a8d8, 9c5efd1a, cb7297c1,
4268+ a5250449, e9ef8565, 952907f5, 5eb03b6e, 93a19e28, a4e92f9e, de0aeafe)
4269+ - storage-allow-zero-capacity-with-non-backing-file-to.patch,
4270+ tests-add-vol-qcow2-zerocapacity-test-to-storagevolx.patch
4271+ (upstream 0bcda653, b8cc0cc5)
4272+ - ubuntu/fix-ubuntu-xen-qemu-dm-path.patch dropped in favor of
4273+ Allow-xen-toolstack-to-find-it-s-binaries.patch
4274+ - drop ubuntu-libxl-Implement-basic-video-device-selection.patch
4275+ (upstream 1298daca)
4276+ - remove dont-include-non-migrateable-features-in-host-model
4277+ (upstream and not included in series)
4278+ - remove upstream-libxl-Allow-libxl-to-find-pygrub-binary.patch
4279+ (upstream and not included in series)
4280+
4281+ -- Chris J Arges <chris.j.arges@canonical.com> Wed, 02 Dec 2015 12:06:09 -0600
4282+
4283 libvirt (1.2.21-2) unstable; urgency=medium
4284
4285 * [014a0c7] Add a build test to verify that the we can link against libvirt
4286@@ -1941,47 +6064,204 @@ libvirt (1.2.18-1) experimental; urgency=medium
4287
4288 -- Guido GΓΌnther <agx@sigxcpu.org> Tue, 11 Aug 2015 21:19:43 +0200
4289
4290-libvirt (1.2.16-2) unstable; urgency=medium
4291+libvirt (1.2.16-2ubuntu14) xenial; urgency=medium
4292
4293- * [0266267] Build-Depend and suggest nfs-common
4294- for showmount
4295- Thanks to Laurent Bigonville (Closes: #787783)
4296- * [a48c783] Build depend on libpolkit-gobject-1-dev
4297- to properly detect uid support in pkcheck.
4298- Thanks to Laurent Bigonville (Closes: #787782)
4299- * [3d0fe35] Enable firewalld support.
4300- Thanks to Laurent Bigonville (Closes: #714372)
4301+ * debian/apparmor/libvirt-qemu: add a bunch of newly available qemu-*
4302+ architecture binaries. (LP: #1519030)
4303
4304- -- Guido GΓΌnther <agx@sigxcpu.org> Fri, 05 Jun 2015 10:12:28 +0200
4305+ -- Dimitri John Ledkov <xnox@ubuntu.com> Mon, 23 Nov 2015 17:42:52 +0000
4306
4307-libvirt (1.2.16-1) unstable; urgency=medium
4308+libvirt (1.2.16-2ubuntu13) xenial; urgency=medium
4309
4310- * Upload to unstabl
4311- * [50e9055] New upstream version 1.2.16
4312+ * debian/control: switch ebtables from Recommends to Depends or default
4313+ configuration network doesn't get created. (LP: #1505576)
4314
4315- -- Guido GΓΌnther <agx@sigxcpu.org> Wed, 03 Jun 2015 08:44:53 +0200
4316+ -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Thu, 05 Nov 2015 15:14:04 -0600
4317
4318-libvirt (1.2.16~rc2-3) experimental; urgency=medium
4319+libvirt (1.2.16-2ubuntu12) xenial; urgency=medium
4320
4321- * [6d22215] Fix one more libxl leftover
4322+ * virt-aa-helper apparmor policy: add 'network inet6' (LP: #1511830)
4323
4324- -- Guido GΓΌnther <agx@sigxcpu.org> Mon, 01 Jun 2015 08:49:50 +0200
4325+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Mon, 02 Nov 2015 11:49:56 -0600
4326
4327-libvirt (1.2.16~rc2-2) experimental; urgency=medium
4328+libvirt (1.2.16-2ubuntu11) wily; urgency=medium
4329
4330- * [132348d] Only install libxl configuratin on hosts that support XEN
4331+ * Fix the preinst and postinst: the check for whether libvirt-bin was
4332+ running was wrong for upstart systems, but we don't need to do that
4333+ anyway - just stop libvirt-bin unconditionally. (LP: #1499199)
4334+ * libvirt-guests.service: fix libvirtd.service -> libvirt-bin.service
4335
4336- -- Guido GΓΌnther <agx@sigxcpu.org> Sat, 30 May 2015 13:39:22 +0200
4337+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Sun, 27 Sep 2015 15:47:08 +0000
4338
4339-libvirt (1.2.16~rc2-1) experimental; urgency=medium
4340+libvirt (1.2.16-2ubuntu10) wily; urgency=medium
4341
4342- * [540f826] New upstream version 1.2.16~rc2
4343+ * Add qemu-block-extra libraries to libvirt apparmor profile (LP: #1495895)
4344
4345- -- Guido GΓΌnther <agx@sigxcpu.org> Fri, 29 May 2015 17:26:00 +0200
4346+ -- Ryan Harper <ryan.harper@canonical.com> Wed, 16 Sep 2015 13:20:48 -0500
4347
4348-libvirt (1.2.16~rc1-1) experimental; urgency=medium
4349+libvirt (1.2.16-2ubuntu9) wily; urgency=medium
4350
4351- * [d17b3cb] Add libxl configuration files
4352+ * Add upstream patches implementing a '--migrate-disks' option to virsh
4353+ migrate to specify block devices to migrate. (LP: #1398999)
4354+
4355+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Fri, 04 Sep 2015 09:29:52 -0500
4356+
4357+libvirt (1.2.16-2ubuntu8) wily; urgency=medium
4358+
4359+ * Support OVMF images in virt-aa-helper. (LP: #1483071)
4360+ * Fix the libvirt-bin.preinst to not stop libvirt-bin on upgrade
4361+ from 1.2.16-2ubuntu7.
4362+
4363+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Fri, 14 Aug 2015 07:34:30 -0500
4364+
4365+libvirt (1.2.16-2ubuntu7) wily; urgency=medium
4366+
4367+ * Stop libvirt-bin at pre-inst if upgrading from a non-systemd version,
4368+ restart at postinst. (This can be removed after 16.04 release)
4369+ * Commonize stopping of vms in upstart/systemd.
4370+
4371+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Tue, 11 Aug 2015 17:40:36 -0500
4372+
4373+libvirt (1.2.16-2ubuntu6) wily; urgency=medium
4374+
4375+ * Add systemd units and libvirt-stop-guests script to stop VMs before
4376+ a host completes shutdown (LP: #1480440)
4377+
4378+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Tue, 11 Aug 2015 15:42:29 -0500
4379+
4380+libvirt (1.2.16-2ubuntu5) wily; urgency=medium
4381+
4382+ * debian/control changes:
4383+ - Replace module-init-tools with kmod
4384+ * debian/tests:
4385+ - add autopkgtests from Debian
4386+
4387+ -- Chris J Arges <chris.j.arges@canonical.com> Fri, 10 Jul 2015 14:15:48 -0500
4388+
4389+libvirt (1.2.16-2ubuntu4) wily; urgency=medium
4390+
4391+ * d/p/{storage-allow-zero-capacity-with-non-backing-file-to.patch,
4392+ tests-add-vol-qcow2-zerocapacity-test-to-storagevolx.patch} added to address
4393+ (LP: #1459748). Allow zero capacity storage creation with non-backing file.
4394+
4395+ -- Chris J Arges <chris.j.arges@canonical.com> Fri, 10 Jul 2015 12:50:50 -0500
4396+
4397+libvirt (1.2.16-2ubuntu3) wily; urgency=medium
4398+
4399+ * debian/apparmor/libvirt-qemu:
4400+ allow serial console backed by pts chardev (LP: #1342083)
4401+
4402+ -- Chris J Arges <chris.j.arges@canonical.com> Tue, 07 Jul 2015 16:38:17 -0500
4403+
4404+libvirt (1.2.16-2ubuntu2) wily; urgency=low
4405+
4406+ [ Chris J Arges ]
4407+ * Merge from Debian unstable. Remaining changes:
4408+ - debian/apparmor/{libvirt-lxc,libvirt-qemu,local-usr.sbin.libvirtd,
4409+ TEMPLATE.lxc,TEMPLATE.qemu,usr.lib.libvirt.virt-aa-helper,
4410+ usr.sbin.libvirtd} Add apparmor profiles.
4411+ - debian/bug-presubj: removed
4412+ - debian/control:
4413+ - add cdbs, dh-autoreconf, libcurl4-gnutls-dev
4414+ - add libxml-libxml-perl, libhal-dev
4415+ - swap open-iscsi to open-iscsi-utils
4416+ - Enable numa support on ppc64 and ppc64el.
4417+ - remove libsanlock-dev, libselinux1-dev, libsystemd-daemon-dev
4418+ - remove systemtap-sdt-dev, python, sheepdog, librados-dev, libfuse-dev
4419+ - remove libssh2-1, augeas-tools
4420+ - add libcgmanager-dev, xsltproc
4421+ - remove Vcs-Git
4422+ - adjust X-Python-Version > 2.7
4423+ - don't build libvirt-clients, libvirt-daemon, libvirt-sanlock packages
4424+ * keep debian/{libvirt-bin.apport,libvirt-bin.cron.daily}
4425+ * debian/libvirt-daemon.* has been mostly renamed to debian/libvirt-bin.*
4426+ * add upstart script for libvirt-bin
4427+ * debian/*.links files not added
4428+ * debian/libvirt-sanlock* not merged
4429+ * debian/libvirt-clients* not merged
4430+ * debian smoke tests not merged
4431+ * keep debian/{libvirt-migrate-qemu-disks.*,
4432+ libvirt-migrate-qemu-machinetype.*,
4433+ libvirt-migrate-xend-managed-domains.*}
4434+ * keep debian/libvirt-suspendonreboot
4435+ * keep debian/libvirt-uri.sh
4436+ * Don't apply the following patches:
4437+ - d/p/Debianize-libvirt-guests.patch
4438+ - d/p/Debianize-systemd-service-files.patch
4439+ - d/p/debian/Debianize-virtlockd.patch
4440+ - d/p/fix-Debian-specific-path-to-hvm-loader.patch
4441+ - d/p/Disable-gnulib-s-test-nonplocking-pipe.sh.patch
4442+ - d/p/patch-qemuMonitorTextGetMigrationStatus-to-intercept.patch
4443+ * debian/polkit/* not added
4444+ * debian/README.Debian:
4445+ - add 'Apparmor Profile' section
4446+ - add 'Disk migration' section
4447+ * debian/rules:
4448+ - add cdbs and autoconf stuff
4449+ - don't build WITH_SANLOCK, WITH_INIT_SCRIPT, WITH_SYSTEMD, WITH_FIREWALLD
4450+ WITH_SELINUX
4451+ - use qemu-group kvm instead of libvirt-qemu
4452+ - set DEB_DH_INSTALLINIT_ARGS to '--upstart-only'
4453+ - remove auto_test section
4454+ - add build/libvirt-bin:: section to install
4455+ - apparmor files
4456+ - apport hooks
4457+ - libvirt-migrate-qemu-disks
4458+ - use clean:: instead of dh_*clean
4459+
4460+ [ Chuck Short ]
4461+ + Rediffed:
4462+ - debian/patches/storage-default-permission-mode-to-0711
4463+ - debian/patches/ubuntu_machine_type.patch
4464+ * debian/libvirt-bin.init: Adjust avahi to avahi-daemon (LP: #1453572)
4465+
4466+ [ Serge Hallyn ]
4467+ * 9040-virt-aa-helper-add-unix-channels.patch: add support for unix
4468+ sockets for serials. (LP: #1015154)
4469+
4470+ -- Chris J Arges <chris.j.arges@canonical.com> Wed, 01 Jul 2015 13:33:40 -0500
4471+
4472+libvirt (1.2.16-2) unstable; urgency=medium
4473+
4474+ * [0266267] Build-Depend and suggest nfs-common
4475+ for showmount
4476+ Thanks to Laurent Bigonville (Closes: #787783)
4477+ * [a48c783] Build depend on libpolkit-gobject-1-dev
4478+ to properly detect uid support in pkcheck.
4479+ Thanks to Laurent Bigonville (Closes: #787782)
4480+ * [3d0fe35] Enable firewalld support.
4481+ Thanks to Laurent Bigonville (Closes: #714372)
4482+
4483+ -- Guido GΓΌnther <agx@sigxcpu.org> Fri, 05 Jun 2015 10:12:28 +0200
4484+
4485+libvirt (1.2.16-1) unstable; urgency=medium
4486+
4487+ * Upload to unstabl
4488+ * [50e9055] New upstream version 1.2.16
4489+
4490+ -- Guido GΓΌnther <agx@sigxcpu.org> Wed, 03 Jun 2015 08:44:53 +0200
4491+
4492+libvirt (1.2.16~rc2-3) experimental; urgency=medium
4493+
4494+ * [6d22215] Fix one more libxl leftover
4495+
4496+ -- Guido GΓΌnther <agx@sigxcpu.org> Mon, 01 Jun 2015 08:49:50 +0200
4497+
4498+libvirt (1.2.16~rc2-2) experimental; urgency=medium
4499+
4500+ * [132348d] Only install libxl configuratin on hosts that support XEN
4501+
4502+ -- Guido GΓΌnther <agx@sigxcpu.org> Sat, 30 May 2015 13:39:22 +0200
4503+
4504+libvirt (1.2.16~rc2-1) experimental; urgency=medium
4505+
4506+ * [540f826] New upstream version 1.2.16~rc2
4507+
4508+ -- Guido GΓΌnther <agx@sigxcpu.org> Fri, 29 May 2015 17:26:00 +0200
4509+
4510+libvirt (1.2.16~rc1-1) experimental; urgency=medium
4511+
4512+ * [d17b3cb] Add libxl configuration files
4513 * [24520fd] Update gbp.conf for experimental
4514 * [29c488b] New upstream version 1.2.16~rc1
4515 * [281585c] Rediff patches.
4516@@ -2006,6 +6286,49 @@ libvirt (1.2.15-1) experimental; urgency=medium
4517
4518 -- Guido GΓΌnther <agx@sigxcpu.org> Tue, 05 May 2015 19:26:21 +0200
4519
4520+libvirt (1.2.15-0ubuntu4) wily; urgency=medium
4521+
4522+ * Add post-start to upstart (/etc/init/libvirt-bin.conf) and
4523+ sysv (/etc/init.d/libvirt-bin) jobs to ensure libvirt-sock
4524+ created before up (LP: #1455608)
4525+
4526+ -- Edward Hope-Morley <edward.hope-morley@canonical.com> Thu, 28 May 2015 16:06:44 +0100
4527+
4528+libvirt (1.2.15-0ubuntu3) wily; urgency=low
4529+
4530+ * d/p/ubuntu-libxl-qemu-path.patch: Set correct path for qemu binary
4531+ for new configs and convert old configs using qemu-dm.
4532+ (LP: #1459600)
4533+ * d/p/ubuntu-libxl-hvmloader-path.patch: Get Xen version from dpkg-query
4534+ at compile time and set LIBXL_FIRMWARE_DIR as long as libxen-dev does
4535+ not provide a xenlight.pc file. Use that directory to update existing
4536+ configs.
4537+ (LP: #1459603)
4538+
4539+ -- Stefan Bader <stefan.bader@canonical.com> Thu, 28 May 2015 12:21:23 +0200
4540+
4541+libvirt (1.2.15-0ubuntu2) wily; urgency=medium
4542+
4543+ * debian/apparmor/libvirt-qemu: add /sys read accesses needed by newer
4544+ qemu: /sys/devices/system/node/, /sys/devices/system/cpu/ and
4545+ /sys/devices/system/node/node[0-9]*/meminfo
4546+
4547+ -- Jamie Strandboge <jamie@ubuntu.com> Wed, 13 May 2015 16:41:54 -0500
4548+
4549+libvirt (1.2.15-0ubuntu1) wily; urgency=medium
4550+
4551+ * New upstream release:
4552+ + Dropped patches:
4553+ - d/p/add-cgmanager-support.patch
4554+ - d/p/cgmanager-mutex
4555+ - d/p/cgm-ignore-machined-failure
4556+ - d/p/9020-lp545795.patch
4557+ - d/pa/ubuntu-libxl-qemu-nopath.patch
4558+ - d/p/ubuntu-libxl-migrate-dm.patch
4559+ - d/p9037-virt-aa-helper-add-unix-channels-esp-for-qemu-guest-.patch
4560+
4561+ -- Chuck Short <zulcss@ubuntu.com> Thu, 07 May 2015 10:27:49 -0400
4562+
4563 libvirt (1.2.15~rc2-1) experimental; urgency=medium
4564
4565 * [852e3c3] New upstream version 1.2.15~rc2
4566@@ -2064,6 +6387,110 @@ libvirt (1.2.12-1) experimental; urgency=medium
4567
4568 -- Guido GΓΌnther <agx@sigxcpu.org> Thu, 29 Jan 2015 11:02:21 +0100
4569
4570+libvirt (1.2.12-0ubuntu12) vivid; urgency=low
4571+
4572+ * Add profile script to automatically set the default URI based on
4573+ the currently running hyperisor (Xen or KVM/Qemu).
4574+ (LP: #1334749)
4575+
4576+ -- Stefan Bader <stefan.bader@canonical.com> Tue, 14 Apr 2015 09:02:52 -0500
4577+
4578+libvirt (1.2.12-0ubuntu11) vivid; urgency=medium
4579+
4580+ * create /var/lib/libvirt/qemu/channel/target (LP: #1393842)
4581+ - libvirt-bin.dirs: add /var/lib/libvirt/qemu/channel/target
4582+ - libvirt-bin.postinst: chown target directory to libvirt-qemu:kvm so
4583+ qemu can create the unix sockets.
4584+
4585+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Thu, 09 Apr 2015 10:40:05 -0500
4586+
4587+libvirt (1.2.12-0ubuntu10) vivid; urgency=medium
4588+
4589+ * Fix previous patch to ignore any abstract unix domain sockets
4590+ * Update the cgmanager patch so that container start and stop work under
4591+ systemd. (LP: #1438730) In 15.10 we will drop the cgmanager patch(es).
4592+
4593+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Wed, 08 Apr 2015 10:58:04 -0500
4594+
4595+libvirt (1.2.12-0ubuntu9) vivid; urgency=medium
4596+
4597+ * 9037-virt-aa-helper-add-unix-channels-esp-for-qemu-guest-.patch: Allow
4598+ libvirt domains to start when using qemu guest agent. (LP: #1393842)
4599+
4600+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Mon, 06 Apr 2015 11:14:03 -0500
4601+
4602+libvirt (1.2.12-0ubuntu8) vivid; urgency=medium
4603+
4604+ * silence denial of attempted reads of lttng files (LP: #1432644)
4605+
4606+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Fri, 27 Mar 2015 21:36:27 -0500
4607+
4608+libvirt (1.2.12-0ubuntu7) vivid; urgency=low
4609+
4610+ * No-change rebuild to pull in libxen-dev 4.5
4611+
4612+ -- Stefan Bader <stefan.bader@canonical.com> Wed, 25 Feb 2015 18:31:16 +0100
4613+
4614+libvirt (1.2.12-0ubuntu6) vivid; urgency=low
4615+
4616+ * Fix xml validation for Xen by allowing non-absolute path values
4617+ in loader and bootloader elements (LP: #1425497).
4618+ * Fix up Xen emulator in old configurations and for new definitions to
4619+ point to /usr/bin/qemu-system-i386 (LP: #1425497).
4620+
4621+ -- Stefan Bader <stefan.bader@canonical.com> Fri, 13 Feb 2015 17:57:27 +0100
4622+
4623+libvirt (1.2.12-0ubuntu5) vivid; urgency=medium
4624+
4625+ * Remove smoser-ppc64le-is-ppc64.patch - the problem will be solved by the
4626+ qemu-system-ppcle symlink in qemu-system-ppc package.
4627+
4628+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Thu, 12 Feb 2015 15:38:39 -0600
4629+
4630+libvirt (1.2.12-0ubuntu4) vivid; urgency=medium
4631+
4632+ * libvirt-qemu: allow kvm script on ppc to execute uname
4633+
4634+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Thu, 12 Feb 2015 14:05:14 -0600
4635+
4636+libvirt (1.2.12-0ubuntu3) vivid; urgency=medium
4637+
4638+ * Apply patch from smoser to make libvirt on ppc64le functional.
4639+ (LP: #1418221)
4640+
4641+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Mon, 09 Feb 2015 12:09:49 -0600
4642+
4643+libvirt (1.2.12-0ubuntu2) vivid; urgency=medium
4644+
4645+ * debian/control: Use libxml-libxml-perl instead of libxml-xpath-perl.
4646+ * debian/patches/docs-remove-xpath.patch: Use libxml instead of XPath.
4647+
4648+ -- Chuck Short <zulcss@ubuntu.com> Fri, 06 Feb 2015 11:28:15 -0500
4649+
4650+libvirt (1.2.12-0ubuntu1) vivid; urgency=medium
4651+
4652+ * New upstream release
4653+ * Rediffed patches:
4654+ - debian/patches/9030-create-socket-dir
4655+ - debian/patches/add-cgmanager-support.patch
4656+ - debian/patches/cgroups-ignore-systemd-failure
4657+ * Dropped patches:
4658+ - debian/patches/ubuntu-libxl-Implement-basic-video-device-selection.patch
4659+ - debian/patches/ubuntu-libxl-Fix-up-VRAM-to-minimum-requirements.patch
4660+ - debian/patches/9033-apparmor-use-TEMPLATE.qemu-for-kvm.patch
4661+ - debian/patches/-CVE-2014-3633.patch
4662+ - debian/patches/dont-include-non-migrateable-features-in-host-model
4663+ - debian/patches/9036-util-prepare-uri-for-libxml2-2.9.2.patch
4664+ - debian/patches/CVE-2014-3657.patch
4665+ - debian/patches/CVE-2014-7823.patch
4666+ - debian/patches/add-ppc64le-support.patch
4667+ - debian/patches/upstream-libxl-Allow-libxl-to-find-pygrub-binary.patch
4668+ * debian/control: Add libxml-xpath-perl and xsltproc to dependencies
4669+ * debian/patches/skip-vircgrouptest.patch: Skip cgroup tests.
4670+ * debian/patches/disable-network-test.patch: Skip network tests
4671+
4672+ -- Chuck Short <zulcss@ubuntu.com> Tue, 03 Feb 2015 13:12:36 -0500
4673+
4674 libvirt (1.2.12~rc2-1) experimental; urgency=medium
4675
4676 * [67f2b22] New upstream version 1.2.12~rc2
4677@@ -2305,6 +6732,212 @@ libvirt (1.2.8-1) experimental; urgency=medium
4678
4679 -- Guido GΓΌnther <agx@sigxcpu.org> Fri, 05 Sep 2014 19:56:50 +0200
4680
4681+libvirt (1.2.8-0ubuntu21) vivid; urgency=medium
4682+
4683+ * d/apparmor/libvirt-qemu: Update the ceph.conf allow rule (LP: #1403648)
4684+
4685+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Fri, 30 Jan 2015 10:02:20 +0100
4686+
4687+libvirt (1.2.8-0ubuntu20) vivid; urgency=medium
4688+
4689+ * debian/rules:
4690+ - use --with-esx (LP: #565771)
4691+ - specify restart-after-upgrade (LP: #1215617)
4692+ * debian/control: add libcurl4-gnutls-dev for esx support
4693+
4694+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Wed, 21 Jan 2015 13:01:59 -0600
4695+
4696+libvirt (1.2.8-0ubuntu19) vivid; urgency=medium
4697+
4698+ * apparmor libvirt-qemu template: allow reading charm-specific ceph config
4699+ and silence denials for /tmp/**. (LP: #1403648)
4700+
4701+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Tue, 06 Jan 2015 10:27:33 -0600
4702+
4703+libvirt (1.2.8-0ubuntu18) vivid; urgency=medium
4704+
4705+ * mutex cgmanager actions (Thanks to Don Bowman for finding the cause)
4706+ (LP: #1397130) (LP: #1367702)
4707+
4708+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Thu, 18 Dec 2014 13:28:03 -0600
4709+
4710+libvirt (1.2.8-0ubuntu17) vivid; urgency=low
4711+
4712+ * d/p/upstream-libxl-Allow-libxl-to-find-pygrub-binary.patch:
4713+ Allow libxl to figure out the path to pygrub. (LP: #1396942)
4714+
4715+ -- Stefan Bader <stefan.bader@canonical.com> Thu, 11 Dec 2014 09:51:20 +0100
4716+
4717+libvirt (1.2.8-0ubuntu16) vivid; urgency=medium
4718+
4719+ * debian/patches/add-ppc64le-support.patch: Added patches needed
4720+ for ppc64le support. (LP: #1396070)
4721+
4722+ -- Chuck Short <zulcss@ubuntu.com> Thu, 27 Nov 2014 08:57:35 -0500
4723+
4724+libvirt (1.2.8-0ubuntu15) vivid; urgency=medium
4725+
4726+ * libvirt-qemu: add r to sgabios.bin (LP: #1393548)
4727+
4728+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Mon, 17 Nov 2014 15:05:22 -0600
4729+
4730+libvirt (1.2.8-0ubuntu14) vivid; urgency=medium
4731+
4732+ [ Serge Hallyn ]
4733+ * 9036-util-prepare-uri-for-libxml2-2.9.2.patch: fix FTBFS against new
4734+ libxml 2.9.2 (LP: #1390637)
4735+
4736+ [ Marc Deslauriers ]
4737+ * SECURITY UPDATE: denial of service via virConnectListAllDomains
4738+ - debian/patches/CVE-2014-3657.patch: fix domain deadlock in
4739+ src/conf/domain_conf.c.
4740+ - CVE-2014-3657
4741+ * SECURITY UPDATE: xml information leak with read-only connections
4742+ - debian/patches/CVE-2014-7823.patch: check for migratable flag in
4743+ src/libvirt.c, src/remote/remote_protocol.x.
4744+ - CVE-2014-7823
4745+
4746+ -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Tue, 11 Nov 2014 13:14:00 -0500
4747+
4748+libvirt (1.2.8-0ubuntu13) vivid; urgency=medium
4749+
4750+ * cull too-new apparmor rules depending on target host (LP: #1387251)
4751+ * add mising apparmor permissions for slof (LP: #1374554)
4752+
4753+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Fri, 07 Nov 2014 20:32:23 +0000
4754+
4755+libvirt (1.2.8-0ubuntu12) vivid; urgency=medium
4756+
4757+ * complete the 9p support: (LP: #1378434)
4758+ - libvirt-qemu: add fowner and fsetid
4759+ - virt-aa-helper: add 'l' to 9p file options
4760+ * dont-include-non-migrateable-features-in-host-model (LP: #1386503)
4761+
4762+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Wed, 29 Oct 2014 15:07:21 -0500
4763+
4764+libvirt (1.2.8-0ubuntu11) utopic; urgency=medium
4765+
4766+ [ Felix Geyer ]
4767+ * d/p/ubuntu_machine_type.patch: Fix No PCI buses available. (LP: #1379346).
4768+
4769+ -- Chris J Arges <chris.j.arges@canonical.com> Thu, 09 Oct 2014 08:57:27 -0500
4770+
4771+libvirt (1.2.8-0ubuntu10) utopic; urgency=medium
4772+
4773+ * libvirt-bin.upstart: delay start until rc finished
4774+ This give hypervisors more time to finish their setup (LP: #1377900).
4775+ * libvirt-bin.upstart: add xen:/// uri to the list (LP: #1377960)
4776+
4777+ -- Stefan Bader <stefan.bader@canonical.com> Mon, 06 Oct 2014 16:23:06 +0200
4778+
4779+libvirt (1.2.8-0ubuntu9) utopic; urgency=medium
4780+
4781+ * libvirt-qemu apparmor template: add /sys/firmware/devicetree/** r
4782+ (LP: #1374554)
4783+
4784+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Wed, 01 Oct 2014 17:09:05 -0500
4785+
4786+libvirt (1.2.8-0ubuntu8) utopic; urgency=medium
4787+
4788+ * libvirt-bin.postinst: fix syntax error (s/if/fi/)
4789+
4790+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Tue, 30 Sep 2014 13:07:19 -0500
4791+
4792+libvirt (1.2.8-0ubuntu7) utopic; urgency=medium
4793+
4794+ * libvirt-bin.postinst: check for confiles whichhave been removed rather
4795+ than fail package install (LP: #1375910)
4796+
4797+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Tue, 30 Sep 2014 12:37:16 -0500
4798+
4799+libvirt (1.2.8-0ubuntu6) utopic; urgency=medium
4800+
4801+ * SECURITY UPDATE: denial of service or information disclosure via
4802+ virDomainGetBlockIoTune
4803+ - debian/patches/CVE-2014-3633.patch: use correct definition when
4804+ looking up disk in src/qemu/qemu_driver.c.
4805+ - CVE-2014-3633
4806+
4807+ -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Mon, 29 Sep 2014 15:23:37 -0400
4808+
4809+libvirt (1.2.8-0ubuntu5) utopic; urgency=medium
4810+
4811+ * debian/apparmor/libvirt-lxc (sync with container-base with lxc):
4812+ - remove bare 'signal' and 'ptrace' rules (base abstraction covers most
4813+ of what we need)
4814+ - allow signal (receive) peer=/usr/sbin/libvirtd
4815+ - allow ptrace peer=@{profile_name}
4816+ - deny mount options=(ro, remount, silent) -> /
4817+ - allow mount fstype=hugetlbfs
4818+ - shuffle a couple of rules around to make it easier to diff with lxc
4819+ policy
4820+ * debian/apparmor/TEMPLATE.lxc (sync with lxc-default):
4821+ - use attach_disconnected and mediate_deleted
4822+ - deny mount fstype=devpts,
4823+
4824+ -- Jamie Strandboge <jamie@ubuntu.com> Thu, 25 Sep 2014 16:24:21 -0500
4825+
4826+libvirt (1.2.8-0ubuntu4) utopic; urgency=medium
4827+
4828+ * debian/apparmor/usr.sbin.libvirtd: allow 'network netlink'
4829+
4830+ -- Jamie Strandboge <jamie@ubuntu.com> Thu, 18 Sep 2014 15:15:13 -0500
4831+
4832+libvirt (1.2.8-0ubuntu3) utopic; urgency=medium
4833+
4834+ * 9033-apparmor-use-TEMPLATE.qemu-for-kvm.patch - fix failure to start
4835+ KVM vms.
4836+
4837+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Thu, 18 Sep 2014 14:08:04 -0500
4838+
4839+libvirt (1.2.8-0ubuntu2) utopic; urgency=low
4840+
4841+ * d/p/ubuntu-xend-probe.patch:
4842+ Update patch correctly and re-enable it. It seems like it only was
4843+ half updated and then disabled without reasons.
4844+ * d/p/ubuntu-libxl-Implement-basic-video-device-selection.patch:
4845+ Re-activate adapted patch. Some pieces made it into upstream as a
4846+ bug fix. The rest is still needed to allow selecing an alternate
4847+ graphics device for Xen HVM guests.
4848+ * d/p/ubuntu-libxl-Fix-up-VRAM-to-minimum-requirements.patch:
4849+ Re-activate unchanged patch (for some reason dropped when moving
4850+ to 1.2.6).
4851+ This one is a bit of a work-around mainly for virt-manager which sets
4852+ gfx memory to values below the minimum requirement for Xen. And the
4853+ UI does not allow to change that. This patch just goes for the minimum
4854+ in that case.
4855+
4856+ -- Stefan Bader <stefan.bader@canonical.com> Thu, 18 Sep 2014 10:00:36 +0200
4857+
4858+libvirt (1.2.8-0ubuntu1) utopic; urgency=medium
4859+
4860+ [ Chuck Short ]
4861+ * New upstream release: (LP: #1367422)
4862+ + Dropped:
4863+ - debian/patches/ovs-delete-port-if-exists-while-adding-new-one
4864+ + Refreshed:
4865+ - debian/patches/add-cgmanager-support.patch
4866+ - debian/patches/storage-default-permission-mode-to-0711
4867+
4868+ [ Serge Hallyn ]
4869+ * d/apparmor
4870+ - install TEMPLATE.qemu and TEMPLATE.lxc
4871+ - add libvirt-lxc abstraction, add permissions to it needed for
4872+ a ubuntu container to start.
4873+ - libvirt-qemu - add qemu-bridge-helper policy from upstream
4874+ - libvirt-qemu - add qemu-microblaze allows from upstream
4875+ - edit lxc.conf to enable apparmor by default (LP: #914716)
4876+ (LP: #1008393) (LP: #1088295)
4877+ * d/apparmor/libvirt-qemu: add /dev/shm as path to spice.* nodes
4878+ for systemd case. (LP: #1365163)
4879+ * d/p/9030-create-socket-dir - create session socket dir if
4880+ needed (Should be replaced eventually by the upstream fix)
4881+ * d/p/9032-lxc-allow-no-security-driver: don't fail if apparmor
4882+ driver is not available (else the qa-regression-tests fail with
4883+ skip_apparmor)
4884+
4885+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Mon, 15 Sep 2014 18:30:06 -0500
4886+
4887 libvirt (1.2.7-11) unstable; urgency=medium
4888
4889 * [6534478] Check status in a systemd 208 compatible way
4890@@ -2464,6 +7097,119 @@ libvirt (1.2.6-1) experimental; urgency=medium
4891
4892 -- Guido GΓΌnther <agx@sigxcpu.org> Tue, 22 Jul 2014 22:33:51 +0200
4893
4894+libvirt (1.2.6-0ubuntu6) utopic; urgency=medium
4895+
4896+ * debian/apparmor/usr.sbin.libvirtd: update for abstract socket mediation
4897+ (LP: #1362199)
4898+ * debian/apparmor/libvirt-qemu: allow 'r' on @{PROC}/sys/kernel/cap_last_cap
4899+ * debian/control: Suggests apparmor >= 2.8.96~2541-0ubuntu4~
4900+
4901+ -- Jamie Strandboge <jamie@ubuntu.com> Fri, 05 Sep 2014 17:32:16 -0500
4902+
4903+libvirt (1.2.6-0ubuntu5) utopic; urgency=medium
4904+
4905+ * cgroups-ignore-systemd-failure - fix incoming migration failures when
4906+ systemd-shim is installed.
4907+ * ovs-delete-port-if-exists-while-adding-new-one - cherrypick commit 33445ce
4908+ from upstream (LP: #1343262)
4909+
4910+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Fri, 08 Aug 2014 09:56:43 -0500
4911+
4912+libvirt (1.2.6-0ubuntu4) utopic; urgency=high
4913+
4914+ * No change rebuild against gnutls28.
4915+
4916+ -- Dimitri John Ledkov <xnox@ubuntu.com> Fri, 08 Aug 2014 13:28:03 +0100
4917+
4918+libvirt (1.2.6-0ubuntu3) utopic; urgency=medium
4919+
4920+ * debian/apparmor/usr.sbin.libvirtd - add cap-sys-resource to fully
4921+ fix (LP: #1276719)
4922+
4923+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Thu, 07 Aug 2014 12:43:20 -0500
4924+
4925+libvirt (1.2.6-0ubuntu2) utopic; urgency=medium
4926+
4927+ * Rebuild against libparted2.
4928+
4929+ -- Colin Watson <cjwatson@ubuntu.com> Mon, 21 Jul 2014 21:27:18 +0100
4930+
4931+libvirt (1.2.6-0ubuntu1) utopic; urgency=medium
4932+
4933+ * New upstream release:
4934+ + Dropped:
4935+ - debian/patches/virt-aa-helper-vhost.patch
4936+ - debian/patches/libxl-Implement-basic-video-device-selection.patch
4937+ - debian/patches/libxl-Fix-up-VRAM-to-minimum-requirements.patch
4938+ + debian/rules: Include packaging version in the log file. (LP: #1335221)
4939+
4940+ -- Chuck Short <zulcss@ubuntu.com> Fri, 04 Jul 2014 08:40:24 -0400
4941+
4942+libvirt (1.2.5-0ubuntu6) utopic; urgency=low
4943+
4944+ * libxl: Refresh patch(es) to allow the choice between Cirrus and
4945+ VGA for Xen HVM guests.
4946+ - d/p/libxl-Implement-basic-video-device-selection.patch [v4]
4947+ - d/p/libxl-Fix-up-VRAM-to-minimum-requirements.patch
4948+
4949+ -- Stefan Bader <stefan.bader@canonical.com> Mon, 30 Jun 2014 16:08:56 +0200
4950+
4951+libvirt (1.2.5-0ubuntu5) utopic; urgency=low
4952+
4953+ * debian/apparmor/usr.sbin.libvirtd: allow libvirtd to run
4954+ libxl-save-helper (required for save restore through libxl).
4955+ (LP: #1334195)
4956+
4957+ -- Stefan Bader <stefan.bader@canonical.com> Thu, 26 Jun 2014 15:53:05 +0200
4958+
4959+libvirt (1.2.5-0ubuntu4) utopic; urgency=low
4960+
4961+ * debian/apparmor/usr.sbin.libvirtd: allow pygrub to be run
4962+ (LP: #1326003)
4963+
4964+ -- Stefan Bader <stefan.bader@canonical.com> Wed, 18 Jun 2014 11:04:15 +0200
4965+
4966+libvirt (1.2.5-0ubuntu3) utopic; urgency=medium
4967+
4968+ * d/p/virt-aa-helper-vhost.patch: allow access to /dev/vhost-net if domain
4969+ needs it (LP: #1322568)
4970+
4971+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Tue, 17 Jun 2014 22:01:49 -0500
4972+
4973+libvirt (1.2.5-0ubuntu2) utopic; urgency=medium
4974+
4975+ * implement cgmanager support (LP: #1322677)
4976+ - debian/control: build-dep on libcgmanager-dev, depend on cgmanager
4977+ - d/p/add-cgmanager-support.patch
4978+
4979+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Tue, 17 Jun 2014 16:40:20 -0500
4980+
4981+libvirt (1.2.5-0ubuntu1) utopic; urgency=medium
4982+
4983+ [ Chuck Short ]
4984+ * New upstream version:
4985+ + Rediffed:
4986+ - d/p/ubuntu-xend-probe.patch
4987+ + Dropped:
4988+ - d/p/libxl-Check-for-control_d-string-to-decide-about-dom.patch
4989+ - d/p/libxl-do-not-use-virdomain-id.patch
4990+ - d/p/libxl-set-disk-format-for-cdrom.patch
4991+ - d/p/libxl-set-vfb0-data-in-build-config.patch
4992+ - d/p/libxl-support-sexpr-in-native-to-XML-conversion.patch
4993+ - d/p/patch-qemuMonitorTextGetMigrationStatus-to-intercept.patch
4994+ - d/p/accomodate-new-qemu-migration-status-setup.patch
4995+ - d/p/9025-apparmor-allow-access-to-filesystem-mounts
4996+ - d/p/add-a-mutex-to-serialize-updates-to-fw.patch
4997+ - d/p/arm-cpu-baseline.patch
4998+ + debian/control: Add ebtables, iptables, and qemu-utils as a build dependency.
4999+
5000+ [ Serge Hallyn ]
The diff has been truncated for viewing.

Subscribers

People subscribed via source and target branches