Ubuntu
libvirt package

Merge ~paelzer/ubuntu/+source/libvirt:merge-6.6.0-groovy into ~paelzer/ubuntu/+source/libvirt:merge-6.6.0-mergebase

  1. Git
  2. lp:~paelzer/ubuntu/+source/libvirt
  3. merge-6.6.0-groovy
  4. Merge into merge-6.6.0-mergebase
Proposed by Christian Ehrhardt 
Status: Merged
Approved by: Christian Ehrhardt 
Approved revision: 139d00982a7117772220aea95675dfa522fd29da
Merge reported by: Christian Ehrhardt 
Merged at revision: 139d00982a7117772220aea95675dfa522fd29da
Proposed branch: ~paelzer/ubuntu/+source/libvirt:merge-6.6.0-groovy
Merge into: ~paelzer/ubuntu/+source/libvirt:merge-6.6.0-mergebase
Diff against target: 10108 lines (+9168/-74)
46 files modified
debian/changelog (+7070/-25)
debian/control (+16/-16)
debian/libvirt-clients.install (+1/-0)
debian/libvirt-clients.lintian-overrides (+1/-0)
debian/libvirt-daemon-system.dirs (+2/-0)
debian/libvirt-daemon-system.install (+1/-1)
debian/libvirt-daemon-system.postinst (+128/-0)
debian/libvirt-daemon-system.postrm (+26/-1)
debian/libvirt-daemon.README.Debian (+82/-22)
debian/libvirt-daemon.apport (+22/-0)
debian/libvirt-daemon.dnsmasq (+2/-0)
debian/libvirt-daemon.install (+1/-0)
debian/libvirt-uri.sh (+27/-0)
debian/patches/series (+30/-0)
debian/patches/ubuntu-aa/0003-apparmor-libvirt-qemu-Allow-read-access-to-overcommi.patch (+30/-0)
debian/patches/ubuntu-aa/0007-apparmor-libvirt-qemu-Allow-owner-read-access-to-PRO.patch (+28/-0)
debian/patches/ubuntu-aa/0020-virt-aa-helper-ubuntu-storage-paths.patch (+37/-0)
debian/patches/ubuntu-aa/0029-appmor-libvirt-qemu-Add-9p-support.patch (+34/-0)
debian/patches/ubuntu-aa/0030-virt-aa-helper-Complete-9p-support.patch (+36/-0)
debian/patches/ubuntu-aa/0031-virt-aa-helper-Ask-for-no-deny-rule-for-readonly-dis.patch (+43/-0)
debian/patches/ubuntu-aa/0032-apparmor-libvirt-qemu-Allow-reading-charm-specific-c.patch (+34/-0)
debian/patches/ubuntu-aa/0033-UBUNTU-only-apparmor-for-kvm.powerpc-LP-1680384.patch (+41/-0)
debian/patches/ubuntu-aa/0034-apparmor-virt-aa-helper-access-for-snapped-nova.patch (+33/-0)
debian/patches/ubuntu-aa/0050-local-include-for-libvirt-qemu.patch (+19/-0)
debian/patches/ubuntu-aa/apparmor-allow-unmounting-.dev-entries.patch (+41/-0)
debian/patches/ubuntu-aa/apparmor-profiles-are-meant-to-allow-adding-permanen.patch (+65/-0)
debian/patches/ubuntu-aa/lp-1815910-allow-vhost-hotplug.patch (+57/-0)
debian/patches/ubuntu-aa/lp-1847361-load-versioned-module.patch (+44/-0)
debian/patches/ubuntu/Allow-libvirt-group-to-access-the-socket.patch (+49/-0)
debian/patches/ubuntu/daemon-augeas-fix-expected.patch (+20/-0)
debian/patches/ubuntu/dnsmasq-as-priv-user (+290/-0)
debian/patches/ubuntu/lp-1861125-ubuntu-models.patch (+21/-0)
debian/patches/ubuntu/ovmf_paths.patch (+60/-0)
debian/patches/ubuntu/parallel-shutdown.patch (+25/-0)
debian/patches/ubuntu/set-default-machine-to-ubuntu.patch (+45/-0)
debian/patches/ubuntu/tools-fix-libvirt-guests.sh-text-assignments.patch (+405/-0)
debian/patches/ubuntu/ubuntu_machine_type.patch (+14/-0)
debian/patches/ubuntu/wait-for-qemu-kvm.patch (+23/-0)
debian/patches/virdevmapper-Don-t-cache-device-mapper-major.patch (+88/-0)
debian/patches/virdevmapper-Handle-kernel-without-device-mapper-support.patch (+76/-0)
debian/patches/virdevmapper-Ignore-all-errors-when-opening-dev-mapper-co.patch (+76/-0)
debian/rules (+14/-4)
debian/tests/control (+2/-1)
debian/tests/smoke-lxc (+2/-2)
debian/tests/smoke-qemu-session (+5/-0)
debian/tests/smoke-qemu-session.xml (+2/-2)
Reviewer Review Type Date Requested Status
Rafael David Tinoco (community) Approve
Canonical Server Pending
Christian Ehrhardt  Pending
Review via email: mp+389531@code.launchpad.net
To post a comment you must log in.
Revision history for this message
Christian Ehrhardt  (paelzer) wrote :

Tags to help review the merge:
- merge-6.6.0-groovy/split/6.0.0-0ubuntu10
- merge-6.6.0-groovy/logical/6.0.0-0ubuntu10
Branch:
- merge-6.6.0-mergebase
  use this as the base for the review (ignore LP please)
  We work in Debian to get more things in there, so it will slightly
  change. But for the review use this as the base to review.
- merge-6.6.0-groovy
  The proposed branch

range-diff will be very noisy as there was a lot of wrap-and-sort going on.
That makes everything appear changed, but mostly are no-ops.

I've had regression tests running and found further issues.
All fixed or soon-to-be-fixed by now.

Overall 7 apparmor changes upstreamed and 4 new upstream fixes IIRC.

The Debian unstable upload for 6.6 is planned soon which will give further
test exposure.

One Debian uploaded I'll do a final re-base and edit this MP to match things.
But given how many changes this has it might be worth to start review now.

Revision history for this message
Rafael David Tinoco (rafaeldtinoco) wrote :

I'll try to finish the review tomorrow morning (my morning).

~paelzer/ubuntu/+source/libvirt:merge-6.6.0-groovy updated
9b99315... by Christian Ehrhardt 

fix device mapper issues

As reported on:
https://www.redhat.com/archives/libvir-list/2020-August/msg00236.html
https://www.redhat.com/archives/libvir-list/2020-August/msg00592.html
- virdevmapper-Don-t-cache-device-mapper-major.patch
- virdevmapper-Ignore-all-errors-when-opening-dev-mapper-co.patch
- virdevmapper-Handle-kernel-without-device-mapper-support.patch

39a09a6... by Christian Ehrhardt 

M CL - if Disable rbd and zfs is no more needed

Signed-off-by: Christian Ehrhardt <email address hidden>

0e20e39... by Christian Ehrhardt 

d/control: drop mdevctl to a suggest until (LP 1889248) is ready

Signed-off-by: Christian Ehrhardt <email address hidden>

139d009... by Christian Ehrhardt 

changelog: drop mdevctl to a suggest until (LP 1889248) is ready

Signed-off-by: Christian Ehrhardt <email address hidden>

Revision history for this message
Christian Ehrhardt  (paelzer) wrote :

Updated a few patches to the latest state as of upstream/debian acceptance

Also rebased on the latest Debian experimental that this will eventually be.
That allowed me to drop a few more of the changes already.
The old merge state is in tag "merge-6.6.0-groovy/merge-v1"
The new merge is the branch "merge-6.6.0-groovy" itself which I force pushed.
I moved "merge-6.6.0-mergebase" to match that new "salsa/debian/experimental" that I used.

Further experiments with ZFS/RBD on Risc also showed that we can now build them allowing to drop one more change.

Also I started another round of tests (except ppc which has no machine free atm) on the latest build.

Revision history for this message
Rafael David Tinoco (rafaeldtinoco) wrote :
Download full text (13.9 KiB)

Overall changelog looks good and no major changes should be made. I have taken
note of some typos and/or missing entries that could, or could not, make sense
for you to change.

Note: - search for TODO keyword to find actionable items

--------

TODO: missing changelog entries:

ad8c54a76d - d/control: make libvirt-daemon-driver-storage-rbd a recommend inste
03604151e5 * SECURITY UPDATE: privilege escalation via incorrect socket permissi
875cb82db4 d/p/ubuntu/lp-1861125-*: Add extension for Ubuntu specific machine ty
0e20e39ae3 d/control: drop mdevctl to a suggest until (LP 1889248) is ready

libvirt (6.6.0-2ubuntu1) groovy; urgency=medium

  * Merge with Debian 6.6.0-1 from experimental

    Among many other new features and fixes this includes fixes for:
    (LP: #1874647) - Stale libvirt cache leads to VM startup failures
    (LP: #1869796) - bad ordering and dependent restarts of services/sockets

    Remaining changes:

    - d/control, d/rules: Disable rbd and zfs on riscv64 where they are unavailable (LP 1872952)
67901169b6 d/p/ubuntu-aa/lp-1847361-load-versioned-module.patch: allow loading versioned modules aft>
    - d/p/ubuntu-aa/lp-1847361-load-versioned-module.patch: allow loading versioned modules after qemu package upgrades (LP 1847361)
0ceb2041a2 libvirt-uri.sh: default libvirt URI on Xen dom0
    - libvirt-uri.sh: Automatically switch default libvirt URI for users via user profile (xen URI on dom0, qemu:///system otherwise)

04b0e75a32 disable libssh2 support (universe dependency)

    - Disable libssh2 support (universe dependency)

7298283fce disable firewalld support (universe dependency)

    - Disable firewalld support (universe dependency)

2f287795eb set qemu-group to kvm (for compat with older ubuntu)

    - Set qemu-group to kvm (for compat with older ubuntu)

a1fdd55e08 Add apport package-hook

    - Additional apport package-hook

acd80701a8 Create autostart default network.

    - Autostart default bridged network (As upstream does, but not Debian).
      In addition to just enabling it our solution provides:
      + do not autostart if subnet is already taken (e.g. in guests).
      + iterate some alternative subnets before giving up

01482fc398 Allow-libvirt-group-to-access-the-socket
c8bff4a40c - d/libvirt-daemon-system.postinst: add users in sudo to the libvirt group

    - d/p/ubuntu/Allow-libvirt-group-to-access-the-socket.patch: This is the group based access to libvirt functions as it was used in Ubuntu for quite long.
      + d/p/ubuntu/daemon-augeas-fix-expected.patch fix some related tests due to the group access change.
      + d/libvirt-daemon-system.postinst: add users in sudo to the libvirt group.

3bc9fc096d - d/p/ubuntu/parallel-shutdown.patch: shut guests down in parallel

    - ubuntu/parallel-shutdown.patch: set parallel shutdown by default.

302eb29c1f Update README.Debian with Ubuntu changes

    - Update README.Debian with Ubuntu changes

    - Enable some additional features on ppc64el and s390x (for arch parity)
      + systemtap, zfs, numa and numad on s390x.
      + systemtap on ppc64el.

0d6a03a7b0 - d/p/ubuntu/ubuntu_machine_type.patch: accept ubuntu types as pci440fx

    - d/p/ubuntu...

Revision history for this message
Rafael David Tinoco (rafaeldtinoco) wrote :

Related to some patches highlighted as actionable items in previous comment.. here are some comments:

# OBS 01:

The commit:

commit fd2c9ec380
Author: Christian Ehrhardt <email address hidden>
Date: Thu Aug 10 06:56:04 2017

    apparmor, libvirt-qemu: Allow read access to

    Note: accepted upstream will be in 6.7

    Signed-off-by: Christian Ehrhardt <email address hidden>

has an incomplete git log and a note saying that it is accepted upstream.

it includes:

+ubuntu-aa/0003-apparmor-libvirt-qemu-Allow-read-access-to-overcommi.patch

saying:

+Forwarded: no (part of continuous upstreaming effort)

Could be replaced by upstream patch:

commit e16967fd6e
Author: Jamie Strandboge <email address hidden>
Date: Mon Aug 3 08:41:33 2020

    apparmor: read only access to overcommit_memory

    Allow qemu to read @{PROC}/sys/vm/overcommit_memory.
    This is read on guest start-up and (as read-only) not a
    critical secret that has to stay hidden.

    Signed-off-by: Christian Ehrhardt <email address hidden>
    Signed-off-by: Stefan Bader <email address hidden>
    Signed-off-by: Jamie Strandboge <email address hidden>
    Reviewed-by: Andrea Bolognani <email address hidden>

With no DEP3/changes needed.

Revision history for this message
Rafael David Tinoco (rafaeldtinoco) wrote :

# OBS 02:

The same thing applies to commit:

commit 91c39e7fba
Author: Christian Ehrhardt <email address hidden>
Date: Thu Aug 10 06:57:59 2017

    apparmor, libvirt-qemu: Allow owner read access to

    Note: accepted upstream will be in 6.7

    Signed-off-by: Christian Ehrhardt <email address hidden>

also with an incomplete git log and a note.

it includes:

+ubuntu-aa/0007-apparmor-libvirt-qemu-Allow-owner-read-access-to-PRO.patch

saying:

+Forwarded: no (part of continuous upstreaming effort)

Could be replace by upstream patch:

commit 7c5ef98c00
Author: Stefan Bader <email address hidden>
Date: Mon Aug 3 08:44:27 2020

    apparmor: qemu access to @{PROC}/*/auxv for hw_cap

    On some architectures (ppc, s390x, sparc, arm) qemu will read auxv
    to detect hardware capabilities via qemu_getauxval.

    Allow that access read-only for the entry owned by the current
    qemu process.

    Signed-off-by: Christian Ehrhardt <email address hidden>
    Signed-off-by: Stefan Bader <email address hidden>
    Reviewed-by: Andrea Bolognani <email address hidden>
    Acked-by: Jamie Strandboge <email address hidden>

With no DEP3/changes needed.

Revision history for this message
Rafael David Tinoco (rafaeldtinoco) wrote :

# OBS 03:

In the same line... the commit:

commit 67901169b6
Author: Christian Ehrhardt <email address hidden>
Date: Tue Mar 10 04:58:01 2020

    d/p/ubuntu-aa/lp-1847361-load-versioned-module.patch: allow loading versioned modules after qemu

    Note: accepted upstream will be in 6.7

    Signed-off-by: Christian Ehrhardt <email address hidden>

including:

+ubuntu-aa/lp-1847361-load-versioned-module.patch

Could be replaced by:

commit 3ef2af8ed3
Author: Christian Ehrhardt <email address hidden>
Date: Mon Aug 3 09:03:19 2020

    apparmor: let qemu load old shared objects after upgrades

    Since [1] qemu can after upgrade fall back to pre-upgrade modules
    to still be able to dynamically load qemu-module based features.

    The paths for these modules are pre-defined by the code and should
    be allowed to be mapped and loaded from which will allow packagers
    avoiding the inability of late feature load [2] after package upgrades.

    [1]: https://github.com/qemu/qemu/commit/bd83c861
    [2]: https://bugs.launchpad.net/ubuntu/+source/qemu/+bug/1847361

    Signed-off-by: Christian Ehrhardt <email address hidden>
    Acked-by: Jamie Strandboge <email address hidden>
    Reviewed-by: Andrea Bolognani <email address hidden>
    Reviewed-by: Daniel P. Berrangé <berrange redhat com>

Revision history for this message
Rafael David Tinoco (rafaeldtinoco) wrote :

# OBS 04:

In changelog, we have:

libvirt (6.6.0-1) UNRELEASED; urgency=medium

Is this okay ? I used:

open-iscsi (2.1.1-1) experimental; urgency=medium

for unreleased (but merged) version, in my case.

Revision history for this message
Rafael David Tinoco (rafaeldtinoco) wrote :

Lintian is good for source and binaries. I'll let you handle the functional tests. All looks good and feel free to merge after deciding to address, or not, the items I have brought to your attention (definitely not blockers for anything).

review: Approve
Revision history for this message
Christian Ehrhardt  (paelzer) wrote :

Regression tests completed with the latest build, this time all works without errors.
Thanks for the review, I need to go through this review feedback to complete - thanks!

Revision history for this message
Christian Ehrhardt  (paelzer) wrote :

In 03604151e5 I mentioned why this doesn't get an extra CL entry.
It is essentially just a fixup an a logical change that is in the changelog (commit will also be squashed on next merge).

For 875cb82db4:
This was formerly part of
  137 - d/p/ubuntu/lp-1861125-*: fix non host-model migrations from old machine
  138 types (LP 1861125)
We only retained the minor bit that is for Ubuntu downstream only.
I added a line for it.

0e20e39ae3 has a CL entry in the "Added section already"

ad8c54a76d is a great catch, I've forgotten about it. This actually will be dropped now.
Added to CL and reverted the change.

Patches fd2c9ec380 and 91c39e7fba will be gone on the next merge anyway and the commit message holds the details. You are right I could add the "origin" statement here, but that would actually be wrong - the "origin" is this patch in ubuntu, just now it got applied and that I forward it is in "Forwarded: no (part of continuous upstreaming effort)".
Well I guess an Applied-Upstream tag would match best.
There were actually three more of that kind which I marked as well - and two more of Debian which I didn't touch.
The 9p typo OTOH isn't important IMHO.

The typo in d8e3efc690 isn't important either as it will be gone next merge (I upstreamed this).

And finally - I'm waiting for Debian to upload 6.6 - then I'll rebase to that and due to that I'll get the UNRELEASED out of the changelog.

Ok- thanks a lot - now tests and review are good.
Just waiting on the Debian upload to happen.

Revision history for this message
Christian Ehrhardt  (paelzer) wrote :

In Debian we now have put everything together, I'll do a last rebase, rebuild retest.
If nothing interesting comes up I'll upload otherwise I'll speak up here for a re-review of the changes I needed.

Revision history for this message
Christian Ehrhardt  (paelzer) wrote :

FYI - rebase and build without any unexpected u-turns.
Tests are running atm

Revision history for this message
Christian Ehrhardt  (paelzer) wrote :

Ok, all tests look good, uploading.

To ssh://git.launchpad.net/~usd-import-team/ubuntu/+source/libvirt
 * [new tag] upload/6.6.0-1ubuntu1 -> upload/6.6.0-1ubuntu1

Uploading to ubuntu (via ftp to upload.ubuntu.com):
  Uploading libvirt_6.6.0-1ubuntu1.dsc: done.
  Uploading libvirt_6.6.0.orig.tar.xz: done.
  Uploading libvirt_6.6.0.orig.tar.xz.asc: done.
  Uploading libvirt_6.6.0-1ubuntu1.debian.tar.xz: done.
  Uploading libvirt_6.6.0-1ubuntu1_source.buildinfo: done.
  Uploading libvirt_6.6.0-1ubuntu1_source.changes: done.
Successfully uploaded packages.

Revision history for this message
Christian Ehrhardt  (paelzer) wrote :

Lovely - I built this 13 times in Launchpad the last two weeks.
Now on the actual upload I see FTBFS :-/

But it seems to be build-infra and not libvirt that breaks.

Never the less - merged from the MP POV

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
1diff --git a/debian/changelog b/debian/changelog
2index 7d60533..acb36b9 100644
3--- a/debian/changelog
4+++ b/debian/changelog
5@@ -1,3 +1,183 @@
6+libvirt (6.6.0-2ubuntu1) groovy; urgency=medium
7+
8+ * Merge with Debian 6.6.0-1 from experimental
9+ Among many other new features and fixes this includes fixes for:
10+ (LP: #1874647) - Stale libvirt cache leads to VM startup failures
11+ (LP: #1869796) - bad ordering and dependent restarts of services/sockets
12+ Remaining changes:
13+ - d/p/ubuntu-aa/lp-1847361-load-versioned-module.patch: allow loading
14+ versioned modules after qemu package upgrades (LP 1847361)
15+ - libvirt-uri.sh: Automatically switch default libvirt URI for users
16+ via user profile (xen URI on dom0, qemu:///system otherwise)
17+ - Disable libssh2 support (universe dependency)
18+ - Disable firewalld support (universe dependency)
19+ - Set qemu-group to kvm (for compat with older ubuntu)
20+ - Additional apport package-hook
21+ - Autostart default bridged network (As upstream does, but not Debian).
22+ In addition to just enabling it our solution provides:
23+ + do not autostart if subnet is already taken (e.g. in guests).
24+ + iterate some alternative subnets before giving up
25+ - d/p/ubuntu/Allow-libvirt-group-to-access-the-socket.patch: This is
26+ the group based access to libvirt functions as it was used in Ubuntu
27+ for quite long.
28+ + d/p/ubuntu/daemon-augeas-fix-expected.patch fix some related tests
29+ due to the group access change.
30+ + d/libvirt-daemon-system.postinst: add users in sudo to the libvirt
31+ group.
32+ - ubuntu/parallel-shutdown.patch: set parallel shutdown by default.
33+ - Update README.Debian with Ubuntu changes
34+ - d/p/ubuntu/ubuntu_machine_type.patch: accept ubuntu types as pci440fx
35+ - fix autopkgtests
36+ + d/t/control, d/t/smoke-qemu-session: fixup smoke-qemu-session by making
37+ vmlinuz available and accessible (Debian bug 848314)
38+ + d/t/control: fix smoke-qemu-session by ensuring the service will run
39+ installing libvirt-daemon-system
40+ + d/t/smoke-lxc: fix smoke-lxc by ignoring potential issues on destroy as
41+ long as the following undefine succeeds
42+ + d/t/smoke-lxc: use systemd instead of sysV to restart the service
43+ - dnsmasq related enhancements
44+ + run dnsmasq as libvirt-dnsmasq (LP: 1743718)
45+ + d/libvirt-daemon-system.postinst: add libvirt-dnsmasq user and group
46+ + d/libvirt-daemon-system.postrm: remove libvirt-dnsmasq user and group
47+ on purge
48+ + d/p/ubuntu/dnsmasq-as-priv-user: write dnsmasq config with user
49+ libvirt-dnsmasq and adapt the self tests to expect that config
50+ + d/libvirt-daemon-system.postinst: fix old libvirt-dnsmasq users group
51+ + Add dnsmasq configuration to work with system wide dnsmasq-base
52+ - debian/rules: disable the netcf backend. (LP: 1764314)
53+ - debian/patches/ubuntu/ovmf_paths.patch: adjust paths to secboot.fd UEFI
54+ Secure Boot enabled variants of the OVMF firmware and variable store for
55+ the paths where we ship these files in Ubuntu.
56+ - d/p/ubuntu/set-default-machine-to-ubuntu.patch: to select default
57+ machine type correctly with newer qemu/libvirt
58+ - d/control: add libzfslinux-dev to build-deps
59+ - d/control: drop libvirt-lxc, vbox and xen drivers to suggest
60+ - Apparmor Delta that is Ubuntu specific or yet to be upstreamed
61+ split into logical pieces. File names in debian/patches/ubuntu-aa/:
62+ + 0003-apparmor-libvirt-qemu-Allow-read-access-to-overcommi.patch:
63+ apparmor, libvirt-qemu: Allow read access to overcommit_memory
64+ + 0007-apparmor-libvirt-qemu-Allow-owner-read-access-to-PRO.patch:
65+ apparmor, libvirt-qemu: Allow owner read access to @{PROC}/*/auxv
66+ + 0020-virt-aa-helper-ubuntu-storage-paths.patch:
67+ apparmor, virt-aa-helper: Allow various storage pools and image
68+ locations
69+ + 0029-appmor-libvirt-qemu-Add-9p-support.patch: appmor,
70+ libvirt-qemu: Add 9p support
71+ + 0030-virt-aa-helper-Complete-9p-support.patch: virt-aa-helper:
72+ add l to 9p file options.
73+ + 0031-virt-aa-helper-Ask-for-no-deny-rule-for-readonly-dis.patch:
74+ virt-aa-helper: Ask for no deny rule for readonly disk (renamed and
75+ reworded, was virt-aa-helper-no-explicity-deny-for-basefiles.patch)
76+ + 0032-apparmor-libvirt-qemu-Allow-reading-charm-specific-c.patch:
77+ apparmor, libvirt-qemu: Allow reading charm-specific ceph config
78+ + 0033-UBUNTU-only-apparmor-for-kvm.powerpc-LP-1680384.patch: allow
79+ commands executed by ubuntu only kvm wrapper on ppc64el
80+ (LP 1686621 LP 1680384 LP 1784023)
81+ + 0034-apparmor-virt-aa-helper-access-for-snapped-nova.patch:
82+ apparmor, virt-aa-helper: access for snapped nova
83+ + 0050-local-include-for-libvirt-qemu.patch,
84+ d/libvirt-daemon-system.postinst: provide a local apparmor include
85+ for abstraction/libvirt-qemu (LP: 1786019)
86+ + lp-1815910-allow-vhost-net.patch: avoid apparmor issues
87+ with vhost-net/vhost-vsock/vhost-scsi hotplug (LP: 1815910)
88+ * Dropped changes (in Debian now):
89+ - Enable some additional features on ppc64el and s390x (for arch parity)
90+ + systemtap, zfs, numa and numad on s390x.
91+ + systemtap on ppc64el.
92+ - enable attr support to store XATTR labels. Among other things
93+ this allows to properly restore file ownership (LP 691590)
94+ - d/control: build depend to libattr1-dev
95+ - d/rules: configure --with-attr
96+ - Install virt-login-shell-helper
97+ - Install augeas lenses for all drivers
98+ - Remove all mentions of Devhelp
99+ - not-installed: Remove obsolete entries
100+ - not-installed: List all split daemons files
101+ - d/control: bump build dep to python3
102+ - d/control: add python3-docutils as build dependency
103+ - d/rules: set enable-dependency-tracking to avoid FTBFS
104+ - d/rules: drop the no more existing phyp option
105+ - d/rules: drop the no more existing xen configure option
106+ - minimize patches generated by autoreconf
107+ - fix build on Debian/Ubuntu in qemuhotplugtest
108+ - d/libvirt-doc.doc: install rendered docs
109+ - d/libvirt-daemon-system.examples: drop old examples that are now active
110+ - d/libvirt-doc.doc-base.libvirt-doc: adapt doc base to new file placement
111+ - d/libvirt-daemon-system-sysv.lintian-overrides: not shipiing systemd files
112+ - d/libnss-libvirt.lintian-overrides: accept having two nss so files
113+ - d/rules: don't ship split daemons just yet
114+ - d/rules: install /etc/default/* files that are shared between sysv and
115+ systemd packages
116+ - d/rules: add libvirt-guests.default to libvirt-daemon-system instead of
117+ libvirt-daemon-system-sysv
118+ - d/rules: install virtlockd correctly with defaults file (LP: 1729516)
119+ - d/rules: also check build time self test results on all architectures
120+ - d/rules: add --no-restart-after-upgrade to services that are supposed to
121+ stay up through upgrades - this also applies to related sockets.
122+ * Dropped changes (part of upstream now):
123+ - d/p/ubuntu/lp-1879325-*: avoid issues with apparmor metadata labeling
124+ (LP 1879325)
125+ - d/p/ubuntu-aa/lp-1871354*: fix apparmor denials on libpmem init
126+ (LP 1871354)
127+ - d/p/ubuntu/CVE-CVE-2020-10701-api-disallow-virDomainAgentSetResponseTimeout
128+ -on-rea.patch: avoid DOS through read only connections
129+ CVE-2020-10701
130+ - d/p/ubuntu/lp-1867460-*: fix domcapabilities before capabilities
131+ and binary autodetection in general (LP 1867460)
132+ - d/p/stable/lp-1868539-*: stabilize libvirt by backporting upstream
133+ fixes (LP 1868539)
134+ - d/p/ubuntu/lp-1853200*: add cpu models without hle/rtm features to have
135+ modern types on kernels with recent security fixes (LP 1853200)
136+ - d/p/ubuntu/lp-1868528-*: Fail when fetching CPU Status for invalid CPU
137+ (LP 1868528)
138+ - d/p/ubuntu/lp-1865425-*: avoid killing the monitor job in
139+ qemuDomainSetTimeAgent (LP 1865425)
140+ - d/p/ubuntu-aa/virt-aa-helper-Add-support-for-smartcard-host-certif.patch:
141+ allow emulation of smartcard via host certificates
142+ - d/p/ubuntu/lp-1861125-*: fix non host-model migrations from old machine
143+ types (LP 1861125)
144+ - d/p/ubuntu-aa/apparmor-allow-to-call-vhost-user-gpu.patch: do not apparmor
145+ block vhost-user-gpu usage
146+ - d/p/ubuntu/lp-1655111*: fix qemu_bridge_helper to work with named
147+ profiles (LP 1655111)
148+ * Dropped changes (no more needed):
149+ - Update Vcs-Git and Vcs-Browser fields to point to launchpad
150+ - d/control: VCS links to use generic Ubuntu launchpad git URLs
151+ - refreshed patches for libvirt v6.0.0
152+ - d/libvirt-daemon-system.postrm: change order of libvirt-qemu removal to
153+ avoid error messages on purge [deluser/delgroup no more report warnings]
154+ - "Additional apport package-hook": due to context auto updates
155+ d/libvirt-daemon.install had bad entries which are no more required.
156+ - d/control, d/rules: Disable rbd and zfs on riscv64 where they are
157+ unavailable (LP 1872952)
158+ * Added Changes:
159+ - d/control: breaks replaces for augeas lenses move in 6.0.0-1
160+ (follows Debian, droppable >22.04)
161+ - refresh ubuntu patches for 6.6
162+ - d/p/ubuntu-aa/0050-local-include-for-libvirt-qemu.patch
163+ - d/p/ubuntu-aa/0034-apparmor-virt-aa-helper-access-for-snapped-nova.patch
164+ - d/p/ubuntu-aa/0020-virt-aa-helper-ubuntu-storage-paths.patch
165+ - d/p/ubuntu/dnsmasq-as-priv-user
166+ - d/p/ubuntu/Allow-libvirt-group-to-access-the-socket.patch
167+ - d/p/ubuntu/daemon-augeas-fix-expected.patch
168+ - d/libvirt-daemon-system.postinst: fix bashism in dnsmasq related
169+ enhancements
170+ - d/p/ubuntu/wait-for-qemu-kvm.patch - avoid hangs on startup (LP: #1887592)
171+ - d/libvirt-clients.lintian-overrides: profile scripts are non executable
172+ - d/p/ubuntu-aa/apparmor-allow-unmounting-.dev-entries.patch: avoid
173+ triggering denials in devmapper error path
174+ - d/p/ubuntu-aa/pparmor-profiles-are-meant-to-allow-adding-permanen.patch:
175+ (again) allow permanent per guest overrides (LP: #1745114)
176+ - fix device mapper issues
177+ - d/p/virdevmapper-Don-t-cache-device-mapper-major.patch
178+ - d/p/virdevmapper-Handle-kernel-without-device-mapper-sup.patch
179+ - d/p/ubuntu/virdevmapper-Ignore-all-errors-when-opening-dev-mapp.patch
180+ - fix libvirt-guests.sh that was breaking when multiple guests were active
181+ - d/p/ubuntu/tools-fix-libvirt-guests.sh-text-assignments.patch
182+ - d/control: drop mdevctl to a suggest until (LP 1889248) is ready
183+
184+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Thu, 06 Aug 2020 08:04:09 +0200
185+
186 libvirt (6.6.0-1) UNRELEASED; urgency=medium
187
188 * [ecdcc72] New upstream version 6.6.0
189@@ -215,6 +395,287 @@ libvirt (6.0.0~rc1-1) experimental; urgency=medium
190
191 -- Guido Günther <agx@sigxcpu.org> Sat, 18 Jan 2020 18:16:20 +0100
192
193+libvirt (6.0.0-0ubuntu11) groovy; urgency=medium
194+
195+ * SECURITY UPDATE: privilege escalation via incorrect socket permissions
196+ - debian/patches/ubuntu/Allow-libvirt-group-to-access-the-socket.patch:
197+ updated patch to also set appropriate permissions on socket created
198+ by systemd.
199+ - CVE-2020-15708
200+
201+ -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Wed, 05 Aug 2020 09:08:34 -0400
202+
203+libvirt (6.0.0-0ubuntu10) groovy; urgency=medium
204+
205+ * enable attr support to store XATTR labels. Among other things
206+ this allows to properly restore file ownership (LP: #691590)
207+ - d/control: build depend to libattr1-dev
208+ - d/rules: configure --with-attr
209+
210+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Mon, 22 Jun 2020 21:30:50 +0200
211+
212+libvirt (6.0.0-0ubuntu9) groovy; urgency=medium
213+
214+ * d/p/ubuntu/lp-1879325-*: avoid issues with apparmor metadata labeling
215+ (LP: #1879325)
216+
217+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Wed, 20 May 2020 06:59:57 +0200
218+
219+libvirt (6.0.0-0ubuntu8) focal; urgency=medium
220+
221+ * d/control, d/rules: Disable rbd and zfs on riscv64 where they are
222+ unavailable (LP: #1872952)
223+
224+ -- William Grant <wgrant@ubuntu.com> Sat, 18 Apr 2020 13:59:21 +1000
225+
226+libvirt (6.0.0-0ubuntu7) focal; urgency=medium
227+
228+ * d/p/ubuntu-aa/lp-1871354*: fix apparmor denials on libpmem init
229+ (LP: #1871354)
230+ * d/p/ubuntu/CVE-CVE-2020-10701-api-disallow-virDomainAgentSetResponseTimeout
231+ -on-rea.patch: avoid DOS through read only connections
232+ CVE-2020-10701
233+
234+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Wed, 15 Apr 2020 12:29:12 +0200
235+
236+libvirt (6.0.0-0ubuntu6) focal; urgency=medium
237+
238+ * d/p/ubuntu/lp-1867460-*: fix domcapabilities before capabilities
239+ and binary autodetection in general (LP: #1867460)
240+ * d/p/stable/lp-1868539-*: stabilize libvirt by backporting upstream
241+ fixes (LP: #1868539)
242+ * d/p/ubuntu/lp-1853200*: add cpu models without hle/rtm features to have
243+ modern types on kernels with recent security fixes (LP: #1853200)
244+ * d/p/ubuntu/lp-1868528-*: Fail when fetching CPU Status for invalid CPU
245+ (LP: #1868528)
246+
247+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Fri, 20 Mar 2020 10:34:19 +0100
248+
249+libvirt (6.0.0-0ubuntu5) focal; urgency=medium
250+
251+ * d/p/ubuntu-aa/lp-1847361-load-versioned-module.patch: allow loading
252+ versioned modules after qemu package upgrades (LP: #1847361)
253+
254+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Tue, 10 Mar 2020 08:58:04 +0100
255+
256+libvirt (6.0.0-0ubuntu4) focal; urgency=medium
257+
258+ * d/p/ubuntu/lp-1865425-*: avoid killing the monitor job in
259+ qemuDomainSetTimeAgent (LP: #1865425)
260+
261+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Mon, 02 Mar 2020 10:44:22 +0100
262+
263+libvirt (6.0.0-0ubuntu3) focal; urgency=medium
264+
265+ * rebuild against libxen-dev 4.11.3 (no change needed)
266+ * d/p/ubuntu-aa/virt-aa-helper-Add-support-for-smartcard-host-certif.patch:
267+ allow emulation of smartcard via host certificates
268+ * d/p/ubuntu/lp-1861125-*: fix non host-model migrations from old machine
269+ types (LP: #1861125)
270+ * d/p/ubuntu-aa/apparmor-allow-to-call-vhost-user-gpu.patch: do not apparmor
271+ block vhost-user-gpu usage
272+
273+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Wed, 12 Feb 2020 14:20:08 +0100
274+
275+libvirt (6.0.0-0ubuntu2) focal; urgency=medium
276+
277+ [ Christian Ehrhardt ]
278+ * Bring back the ubuntu default URI handling. While no more needed for xen
279+ its removal made libvirt fallback further to the upstream default
280+ qemu:///session while Ubuntu forever had and for now wants to keep
281+ qemu:///system (LP: #1861693)
282+ - revert 'd/libvirt-clients.maintscript: rm_conffile libvirt-uri.sh that
283+ was optional for use on xen hosts'
284+ - libvirt-uri.sh: Automatically switch default libvirt URI for users on
285+ Xen dom0 via user profile
286+ [added back former delta]
287+
288+ [ Andrea Bolognani ]
289+ * Merge further fixes from debian/experimental
290+ - Install virt-login-shell-helper
291+ - Install augeas lenses for all drivers
292+ - Remove all mentions of Devhelp
293+ - not-installed: Remove obsolete entries
294+ - not-installed: List all split daemons files
295+
296+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Tue, 04 Feb 2020 13:08:49 +0100
297+
298+libvirt (6.0.0-0ubuntu1) focal; urgency=medium
299+
300+ * Merged with Debian 5.6.0-4 from experimental and v6.0.0 from upstream
301+ Among many other new features and fixes this includes fixes for:
302+ - LP: #1859253 - rbd driver fails to create a new volume
303+ - LP: #1858341 - rbd driver does not list all volumes in pool
304+ - LP: #1845506 - Libvirt snapshot doesn't update apparmor profile
305+ - LP: #1854653 - slow libvirt-guests.sh during shutdown if service is off
306+ - LP: #1848229 - enable ppc64el to use ccf-assist feature
307+ - LP: #1853315 - Enable CPU Model Comparison and Baselining on s390x
308+ - LP: #1853317 - CCW IPL support to boot from ECKD DASDs
309+ - LP: #1859506 - security: AppArmor profile fixes for swtpm
310+ Remaining changes:
311+ - Disable libssh2 support (universe dependency)
312+ - Disable firewalld support (universe dependency)
313+ - Set qemu-group to kvm (for compat with older ubuntu)
314+ - Additional apport package-hook
315+ - Autostart default bridged network (As upstream does, but not Debian).
316+ In addition to just enabling it our solution provides:
317+ + do not autostart if subnet is already taken (e.g. in guests).
318+ + iterate some alternative subnets before giving up
319+ - d/p/ubuntu/Allow-libvirt-group-to-access-the-socket.patch: This is
320+ the group based access to libvirt functions as it was used in Ubuntu
321+ for quite long.
322+ + d/p/ubuntu/daemon-augeas-fix-expected.patch fix some related tests
323+ due to the group access change.
324+ + d/libvirt-daemon-system.postinst: add users in sudo to the libvirt
325+ group.
326+ - ubuntu/parallel-shutdown.patch: set parallel shutdown by default.
327+ - Update Vcs-Git and Vcs-Browser fields to point to launchpad
328+ - Update README.Debian with Ubuntu changes
329+ - Enable some additional features on ppc64el and s390x (for arch parity)
330+ + systemtap, zfs, numa and numad on s390x.
331+ + systemtap on ppc64el.
332+ - d/p/ubuntu/ubuntu_machine_type.patch: accept ubuntu types as pci440fx
333+ - Further upstreamed apparmor Delta, especially any new one
334+ Our former delta is split into logical pieces and is either Ubuntu only
335+ or is part of a continuous upstreaming effort.
336+ Listing related remaining changes in debian/patches/ubuntu-aa/:
337+ - fix autopkgtests
338+ + d/t/control, d/t/smoke-qemu-session: fixup smoke-qemu-session by making
339+ vmlinuz available and accessible (Debian bug 848314)
340+ + d/t/control: fix smoke-qemu-session by ensuring the service will run
341+ installing libvirt-daemon-system
342+ + d/t/smoke-lxc: fix smoke-lxc by ignoring potential issues on destroy as
343+ long as the following undefine succeeds
344+ + d/t/smoke-lxc: use systemd instead of sysV to restart the service
345+ - dnsmasq related enhancements
346+ + run dnsmasq as libvirt-dnsmasq (LP: 1743718)
347+ + d/libvirt-daemon-system.postinst: add libvirt-dnsmasq user and group
348+ + d/libvirt-daemon-system.postrm: remove libvirt-dnsmasq user and group
349+ on purge
350+ + d/p/ubuntu/dnsmasq-as-priv-user: write dnsmasq config with user
351+ libvirt-dnsmasq and adapt the self tests to expect that config
352+ + d/libvirt-daemon-system.postinst: fix old libvirt-dnsmasq users group
353+ + Add dnsmasq configuration to work with system wide dnsmasq-base
354+ - debian/rules: disable the netcf backend. (LP: 1764314)
355+ - debian/patches/ubuntu/ovmf_paths.patch: adjust paths to secboot.fd UEFI
356+ Secure Boot enabled variants of the OVMF firmware and variable store for
357+ the paths where we ship these files in Ubuntu.
358+ - d/rules: install virtlockd correctly with defaults file (LP: 1729516)
359+ - d/rules: also check build time self test results on all architectures
360+ - d/p/ubuntu/set-default-machine-to-ubuntu.patch: to select default
361+ machine type correctly with newer qemu/libvirt
362+ - d/rules: add --no-restart-after-upgrade to services that are supposed to
363+ stay up through upgrades - this also applies to related sockets.
364+ - Apparmor Delta that is Ubuntu specific or yet to be upstreamed
365+ split into logical pieces. File names in debian/patches/ubuntu-aa/:
366+ + 0003-apparmor-libvirt-qemu-Allow-read-access-to-overcommi.patch:
367+ apparmor, libvirt-qemu: Allow read access to overcommit_memory
368+ + 0007-apparmor-libvirt-qemu-Allow-owner-read-access-to-PRO.patch:
369+ apparmor, libvirt-qemu: Allow owner read access to @{PROC}/*/auxv
370+ + 0017-apparmor-virt-aa-helper-Allow-access-to-tmp-director.patch:
371+ apparmor, virt-aa-helper: Allow access to tmp directories
372+ + 0020-virt-aa-helper-ubuntu-storage-paths.patch:
373+ apparmor, virt-aa-helper: Allow various storage pools and image
374+ locations
375+ + 0021-apparmor-virt-aa-helper-Add-openvswitch-support.patch:
376+ apparmor, virt-aa-helper: Add openvswitch support
377+ + 0029-appmor-libvirt-qemu-Add-9p-support.patch: appmor,
378+ libvirt-qemu: Add 9p support
379+ + 0030-virt-aa-helper-Complete-9p-support.patch: virt-aa-helper:
380+ add l to 9p file options.
381+ + 0031-virt-aa-helper-Ask-for-no-deny-rule-for-readonly-dis.patch:
382+ virt-aa-helper: Ask for no deny rule for readonly disk (renamed and
383+ reworded, was virt-aa-helper-no-explicity-deny-for-basefiles.patch)
384+ + 0032-apparmor-libvirt-qemu-Allow-reading-charm-specific-c.patch:
385+ apparmor, libvirt-qemu: Allow reading charm-specific ceph config
386+ + 0033-UBUNTU-only-apparmor-for-kvm.powerpc-LP-1680384.patch: allow
387+ commands executed by ubuntu only kvm wrapper on ppc64el
388+ (LP 1686621 LP 1680384 LP 1784023)
389+ + 0034-apparmor-virt-aa-helper-access-for-snapped-nova.patch:
390+ apparmor, virt-aa-helper: access for snapped nova
391+ + 0050-local-include-for-libvirt-qemu.patch,
392+ d/libvirt-daemon-system.postinst: provide a local apparmor include
393+ for abstraction/libvirt-qemu (LP: 1786019)
394+ + lp-1815910-allow-vhost-net.patch: avoid apparmor issues
395+ with vhost-net/vhost-vsock/vhost-scsi hotplug (LP: 1815910)
396+ * Dropped changes (in Debian)
397+ - d/libvirt0.symbols: bump symbol versions for 5.4.0
398+ - avoid service dependency issues on upgrade (LP: 1786179)
399+ This will in the long term be resolved in dh_* tools, but to let an
400+ upgrade work for now we need to drop the sysV scripts (which we don't
401+ use anyway) and slightly modify the systemd service to work with todays
402+ dh_systemd_start properly. Can be dropped once Debian bug 905772 is
403+ resolved in dh_* tools and libvirt uses those new code.
404+ + d/libvirt-daemon-system.virtlogd.init: removed sysV init file
405+ + d/libvirt-daemon-system.libvirtd.init: removed sysV init file
406+ + debian/libvirt-daemon-system.maintscript: rm_conffile for virtlogd
407+ and lbivirtd sysV init file
408+ + d/p/ubuntu/avoid-restarting-virtlog-socket.patch: drop Also references
409+ to virtlogd/virtlockd sockets as they would imply a restart of
410+ virtlogd breaking it.
411+ [ we now have split packages for sysv and systemd support ]
412+ - d/t/control, d/t/smoke-lxc: fix up lxc smoke test isolation
413+ - Refreshed to match new upstream
414+ + d/p/Reduce-udevadm-settle-timeout-to-10-seconds.patch
415+ * Dropped changes (now upstream)
416+ - d/p/ubuntu/lp-1828495-*: make libvirt able to handle arch_capabilities
417+ cpu features for the Host. (LP: 1828495 - not closing yet as guest caps
418+ are still need fixups to work well LP: 1841066)
419+ - SECURITY UPDATEs: CVE-2019-10161, CVE-2019-10166,
420+ CVE-2019-10167 and CVE-2019-10168
421+ - d/p/ubuntu-aa/lp-1833040-Add-openGraphicsFD-rule-for-named-profile.patch:
422+ avoid issues with remote screen connections like virt-manager due to
423+ apparmor changes in libvirt 5.1 (LP 1833040)
424+ - 0001-apparmor-Allow-pygrub-to-run-on-Debian-Ubuntu.patch: apparmor:
425+ Allow pygrub to run on Debian/Ubuntu
426+ - update to v5.4.0
427+ * Dropped changes (Xen demoted to universe)
428+ - d/p/ubuntu/ubuntu-libxl-qemu-path.patch: this change was split. The
429+ section that adapts the path of the emulator to the Debian/Ubuntu
430+ packaging is kept.
431+ - d/p/ubuntu/ubuntu-libxl-Fix-up-VRAM-to-minimum-requirements.patch: auto
432+ set VRAM to minimum requirements
433+ - d/p/ubuntu/xen-default-uri.patch: set default URI on xen hosts
434+ - Add libxl log directory
435+ - libvirt-uri.sh: Automatically switch default libvirt URI for users on
436+ Xen dom0 via user profile (was missing on changelogs before)
437+ * Dropped changes (no more needed)
438+ - d/p/ubuntu/apibuild-skip-libvirt-common.h: drop libvirt-common.h from
439+ included_files to avoid build failures due to duplicate definitions.
440+ [ finally works in v6.0.0 ]
441+ - d/control: Revert iptables/ebtables dependency as Eoan still is on 1.6.x
442+ [ focal has iptables 1.8.3 ]
443+ - d/rules: adapt iptables binary paths present in Eoan (LP 1832297)
444+ [ focal has iptables 1.8.3 ]
445+ * Added Changes:
446+ - refreshed patches for libvirt v6.0.0
447+ - d/control: bump build dep to python3
448+ - d/control: VCS links to use generic Ubuntu launchpad git URLs
449+ - d/control: add python3-docutils as build dependency
450+ - d/control: add libzfslinux-dev to build-deps
451+ - d/rules: set enable-dependency-tracking to avoid FTBFS
452+ - d/rules: drop the no more existing phyp option
453+ - d/rules: drop the no more existing xen configure option
454+ - d/libvirt-clients.maintscript: rm_conffile libvirt-uri.sh that was
455+ optional for use on xen hosts
456+ - d/control: drop libvirt-lxc, vbox and xen drivers to suggest
457+ - minimize patches generated by autoreconf
458+ - fix build on Debian/Ubuntu in qemuhotplugtest
459+ - d/libvirt-doc.doc: install rendered docs
460+ - d/libvirt-daemon-system.examples: drop old examples that are now active
461+ - d/libvirt-doc.doc-base.libvirt-doc: adapt doc base to new file placement
462+ - d/libvirt-daemon-system-sysv.lintian-overrides: not shipiing systemd files
463+ - d/libnss-libvirt.lintian-overrides: accept having two nss so files
464+ - d/rules: don't ship split daemons just yet
465+ - d/rules: install /etc/default/* files that are shared between sysv and
466+ systemd packages
467+ - d/rules: add libvirt-guests.default to libvirt-daemon-system instead of
468+ libvirt-daemon-system-sysv
469+ - d/p/ubuntu/lp-1655111*: fix qemu_bridge_helper to work with named
470+ profiles (LP: #1655111)
471+
472+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Mon, 13 Jan 2020 13:14:14 +0100
473+
474 libvirt (5.6.0-4) experimental; urgency=medium
475
476 * [d88536d] Introduce libvirt-daemon-system-{systemd,sysv} Move init scripts
477@@ -300,6 +761,237 @@ libvirt (5.6.0-1) unstable; urgency=medium
478
479 -- Andrea Bolognani <eof@kiyuko.org> Sun, 25 Aug 2019 16:32:31 +0200
480
481+libvirt (5.4.0-0ubuntu5) eoan; urgency=medium
482+
483+ * No-change upload with strops.h and sys/strops.h removed in glibc.
484+
485+ -- Matthias Klose <doko@ubuntu.com> Thu, 05 Sep 2019 11:00:53 +0000
486+
487+libvirt (5.4.0-0ubuntu4) eoan; urgency=medium
488+
489+ * d/p/ubuntu/lp-1828495-*: make libvirt able to handle arch_capabilities
490+ cpu features for the Host. (LP: 1828495 - not closing yet as guest caps
491+ are still need fixups to work well LP: 1841066)
492+
493+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Tue, 20 Aug 2019 10:50:08 +0200
494+
495+libvirt (5.4.0-0ubuntu3) eoan; urgency=medium
496+
497+ * SECURITY UPDATE: virDomainSaveImageGetXMLDesc does not check for
498+ read-only connection
499+ - debian/patches/CVE-2019-10161.patch: add check to
500+ src/libvirt-domain.c, src/qemu/qemu_driver.c,
501+ src/remote/remote_protocol.x.
502+ - CVE-2019-10161
503+ * SECURITY UPDATE: virDomainManagedSaveDefineXML does not check for
504+ read-only connection
505+ - debian/patches/CVE-2019-10166.patch: add check to
506+ src/libvirt-domain.c.
507+ - CVE-2019-10166
508+ * SECURITY UPDATE: virConnectGetDomainCapabilities does not check for
509+ read-only connection
510+ - debian/patches/CVE-2019-10167.patch: add check to
511+ src/libvirt-domain.c.
512+ - CVE-2019-10167
513+ * SECURITY UPDATE: virConnect*HypervisorCPU do not check for read-only
514+ connection
515+ - debian/patches/CVE-2019-10168.patch: add checks to
516+ src/libvirt-host.c.
517+ - CVE-2019-10168
518+
519+ -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Tue, 02 Jul 2019 08:08:33 -0400
520+
521+libvirt (5.4.0-0ubuntu2) eoan; urgency=medium
522+
523+ * d/p/ubuntu-aa/lp-1833040-Add-openGraphicsFD-rule-for-named-profile.patch:
524+ avoid issues with remote screen connections like virt-manager due to
525+ apparmor changes in libvirt 5.1 (LP: #1833040)
526+
527+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Wed, 19 Jun 2019 14:34:54 +0200
528+
529+libvirt (5.4.0-0ubuntu1) eoan; urgency=medium
530+
531+ * Merged with Debian git 5.3.0-1~1.gbp7b1637 and upstreams 5.4 release
532+ Among many other new features and fixes this includes fixes for:
533+ LP: #1759509 - virsh dompmwakeup fails to wake VM from dompmsuspend state
534+ Remaining changes:
535+ - Disable libssh2 support (universe dependency)
536+ - Disable firewalld support (universe dependency)
537+ - Set qemu-group to kvm (for compat with older ubuntu)
538+ - Additional apport package-hook
539+ - Autostart default bridged network (As upstream does, but not Debian).
540+ In addition to just enabling it our solution provides:
541+ + do not autostart if subnet is already taken (e.g. in guests).
542+ + iterate some alternative subnets before giving up
543+ - d/p/ubuntu/Allow-libvirt-group-to-access-the-socket.patch: This is
544+ the group based access to libvirt functions as it was used in Ubuntu
545+ for quite long.
546+ + d/p/ubuntu/daemon-augeas-fix-expected.patch fix some related tests
547+ due to the group access change.
548+ + d/libvirt-daemon-system.postinst: add users in sudo to the libvirt
549+ group.
550+ - ubuntu/parallel-shutdown.patch: set parallel shutdown by default.
551+ - Update Vcs-Git and Vcs-Browser fields to point to launchpad
552+ - Xen related
553+ - d/p/ubuntu/ubuntu-libxl-qemu-path.patch: this change was split. The
554+ section that adapts the path of the emulator to the Debian/Ubuntu
555+ packaging is kept.
556+ - d/p/ubuntu/ubuntu-libxl-Fix-up-VRAM-to-minimum-requirements.patch: auto
557+ set VRAM to minimum requirements
558+ - d/p/ubuntu/xen-default-uri.patch: set default URI on xen hosts
559+ - Add libxl log directory
560+ - libvirt-uri.sh: Automatically switch default libvirt URI for users on
561+ Xen dom0 via user profile (was missing on changelogs before)
562+ - d/p/ubuntu/apibuild-skip-libvirt-common.h: drop libvirt-common.h from
563+ included_files to avoid build failures due to duplicate definitions.
564+ - Update README.Debian with Ubuntu changes
565+ - Enable some additional features on ppc64el and s390x (for arch parity)
566+ + systemtap, zfs, numa and numad on s390x.
567+ + systemtap on ppc64el.
568+ - d/t/control, d/t/smoke-qemu-session: fixup smoke-qemu-session by making
569+ vmlinuz available and accessible (Debian bug 848314)
570+ - d/t/control, d/t/smoke-lxc: fix up lxc smoke test isolation
571+ - d/p/ubuntu/ubuntu_machine_type.patch: accept ubuntu types as pci440fx
572+ - Further upstreamed apparmor Delta, especially any new one
573+ Our former delta is split into logical pieces and is either Ubuntu only
574+ or is part of a continuous upstreaming effort.
575+ Listing related remaining changes in debian/patches/ubuntu-aa/:
576+ + 0001-apparmor-Allow-pygrub-to-run-on-Debian-Ubuntu.patch: apparmor:
577+ Allow pygrub to run on Debian/Ubuntu
578+ + 0003-apparmor-libvirt-qemu-Allow-read-access-to-overcommi.patch:
579+ apparmor, libvirt-qemu: Allow read access to overcommit_memory
580+ + 0007-apparmor-libvirt-qemu-Allow-owner-read-access-to-PRO.patch:
581+ apparmor, libvirt-qemu: Allow owner read access to @{PROC}/*/auxv
582+ + 0017-apparmor-virt-aa-helper-Allow-access-to-tmp-director.patch:
583+ apparmor, virt-aa-helper: Allow access to tmp directories
584+ + ubuntu-aa/0020-virt-aa-helper-ubuntu-storage-paths.patch:
585+ apparmor, virt-aa-helper: Allow various storage pools and image
586+ locations
587+ + 0021-apparmor-virt-aa-helper-Add-openvswitch-support.patch:
588+ apparmor, virt-aa-helper: Add openvswitch support
589+ + 0029-appmor-libvirt-qemu-Add-9p-support.patch: appmor,
590+ libvirt-qemu: Add 9p support
591+ + 0030-virt-aa-helper-Complete-9p-support.patch: virt-aa-helper:
592+ add l to 9p file options.
593+ + 0031-virt-aa-helper-Ask-for-no-deny-rule-for-readonly-dis.patch:
594+ virt-aa-helper: Ask for no deny rule for readonly disk (renamed and
595+ reworded, was virt-aa-helper-no-explicity-deny-for-basefiles.patch)
596+ + 0032-apparmor-libvirt-qemu-Allow-reading-charm-specific-c.patch:
597+ apparmor, libvirt-qemu: Allow reading charm-specific ceph config
598+ + 0033-UBUNTU-only-apparmor-for-kvm.powerpc-LP-1680384.patch: allow
599+ commands executed by ubuntu only kvm wrapper on ppc64el
600+ (LP 1686621 LP 1680384 LP 1784023)
601+ + 0034-apparmor-virt-aa-helper-access-for-snapped-nova.patch:
602+ apparmor, virt-aa-helper: access for snapped nova
603+ + d/p/ubuntu-aa/0050-local-include-for-libvirt-qemu.patch,
604+ d/libvirt-daemon-system.postinst: provide a local apparmor include
605+ for abstraction/libvirt-qemu (LP: 1786019)
606+ + d/p/ubuntu-aa/lp-1815910-allow-vhost-net.patch: avoid apparmor issues
607+ with vhost-net/vhost-vsock/vhost-scsi hotplug (LP: 1815910)
608+ - d/rules: enable build time self tests on all architectures
609+ - dnsmasq related enhancements
610+ + run dnsmasq as libvirt-dnsmasq (LP: 1743718)
611+ + d/libvirt-daemon-system.postinst: add libvirt-dnsmasq user and group
612+ + d/libvirt-daemon-system.postrm: remove libvirt-dnsmasq user and group
613+ on purge
614+ + d/p/ubuntu/dnsmasq-as-priv-user: write dnsmasq config with user
615+ libvirt-dnsmasq and adapt the self tests to expect that config
616+ + d/libvirt-daemon-system.postinst: fix old libvirt-dnsmasq users group
617+ + Add dnsmasq configuration to work with system wide dnsmasq-base
618+ - debian/rules: disable the netcf backend. (LP: 1764314)
619+ - debian/control: drop libnetcf from Build-Depends.
620+ - debian/patches/ubuntu/ovmf_paths.patch: adjust paths to secboot.fd UEFI
621+ Secure Boot enabled variants of the OVMF firmware and variable store for
622+ the paths where we ship these files in Ubuntu.
623+ - d/rules: install virtlockd correctly with defaults file (LP: 1729516)
624+ - d/rules: also check build time self test results on all architectures
625+ - d/p/ubuntu/set-default-machine-to-ubuntu.patch: to select default
626+ machine type correctly with newer qemu/libvirt
627+ - d/t/control: fix smoke-qemu-session by ensuring the service will run
628+ installing libvirt-daemon-system
629+ - d/t/smoke-lxc: fix smoke-lxc by ignoring potential issues on destroy as
630+ long as the following undefine succeeds
631+ - avoid service dependency issues on upgrade (LP: 1786179)
632+ This will in the long term be resolved in dh_* tools, but to let an
633+ upgrade work for now we need to drop the sysV scripts (which we don't
634+ use anyway) and slightly modify the systemd service to work with todays
635+ dh_systemd_start properly. Can be dropped once Debian bug 905772 is
636+ resolved in dh_* tools and libvirt uses those new code.
637+ - d/libvirt-daemon-system.virtlogd.init: removed sysV init file
638+ - d/libvirt-daemon-system.libvirtd.init: removed sysV init file
639+ - debian/libvirt-daemon-system.maintscript: rm_conffile for virtlogd
640+ and lbivirtd sysV init file
641+ - d/p/ubuntu/avoid-restarting-virtlog-socket.patch: drop Also references
642+ to virtlogd/virtlockd sockets as they would imply a restart of
643+ virtlogd breaking it.
644+ - d/t/smoke-lxc: use systemd instead of sysV to restart the service
645+ * Added Changes:
646+ - Refreshed patches to match new upstream
647+ - d/p/Reduce-udevadm-settle-timeout-to-10-seconds.patch
648+ - d/p/ubuntu/ubuntu_machine_type.patch
649+ - d/control: Revert iptables/ebtables dependency as Eoan still is on 1.6.x
650+ This can be dropped once >=1.8.1
651+ - d/rules: adapt iptables binary paths present in Eoan (LP: #1832297)
652+ This can be dropped once >=1.8.1
653+ - d/p/ubuntu/dnsmasq-as-priv-user: update to include the new test
654+ nat-network-mtu
655+ - revert [c3c4cd4] drop in helper for firewalld as it is disabled on
656+ Ubuntu [can be squashed with the disabling of firewalld on next merge]
657+ - d/libvirt0.symbols: bump symbol versions for 5.4.0
658+ - d/rules: add --no-restart-after-upgrade to services that are supposed to
659+ stay up through upgrades - this also applies to related sockets.
660+ * Dropped Changes (upstream)
661+ - d/p/ubuntu-aa/lp-1804766-*: Allow rendering node access as needed
662+ for the ease use of mdev and gl devices (LP: 1804766)
663+ - d/p/ubuntu/lp-1771662-*: fix handling of VFs without associated PF
664+ (LP: 1771662)
665+ - d/p/ubuntu/lp-1825195-*.patch: fix issues with old guests that defined
666+ the never functional osxsave and ospke features (LP: 1825195).
667+ - d/p/ubuntu-aa/lp-1829223-virt-aa-helper-allow-vhost-scsi.patch fix
668+ vhost-scsi hotplug in virt-aa-helper (LP: 1829223)
669+ - SECURITY UPDATE: Add support for md-clear functionality
670+ + debian/patches/ubuntu/md-clear.patch: Define md-clear CPUID bit in
671+ src/cpu_map/x86_features.xml.
672+ + CVE-2018-12126, CVE-2018-12127, CVE-2018-12130, CVE-2019-11091
673+ - Implement further apparmor rules for usage of gl enabled
674+ graphics (LP: 1815452)
675+ + d/p/ubuntu-aa/lp-1815452-more-gl-rules.patch
676+ + d/p/ubuntu-aa/lp-1815452-virt-aa-helper-rule.patch
677+ - Implement further apparmor rules for usage of gl enabled
678+ graphics with nvidia cards (LP: 1817943)
679+ + d/p/ubuntu-aa/lp-1817943-nvidia-gl-rules.patch
680+ + d/p/ubuntu-aa/lp-1817943-devices-in-sysfs.patch
681+ * Dropped Changes (in Debian)
682+ - d/rules: strip -Bsymbolic-functions from linker flags as it breaks
683+ libvirt tests
684+
685+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Fri, 07 Jun 2019 11:55:52 +0200
686+
687+libvirt (5.3.0-1~1.gbp7b1637) UNRELEASED; urgency=medium
688+
689+ ** SNAPSHOT build @7b1637605da9224c46ebf3a243fa725d643e7556 **
690+
691+ [ Guido Günther ]
692+ * [fb43676] d/control: Drop dh-autoreconf build-dep.
693+ Not needed for dh compat > 10.
694+ * [81d21d5] d/not-installed: Use multi-arch dirs.
695+ Files moved during the dh12 switch.
696+ * [428ad14] New upstream version 5.3.0~rc2
697+ * [641e532] New upstream version 5.3.0
698+
699+ [ Christian Ehrhardt ]
700+ * [c28c3b3] d/libvirt0.install: install translations
701+ * [c3c4cd4] d/libvirt-daemon-system.install: drop in helper for firewalld
702+ * [3e8b43c] d/not-installed: ignore default files /etc/sysconfig
703+ * [c223d7f] d/libvirt-daemon-system.examples: ship sysctl config as example
704+ * [f19acf6] d/libvirt-daemon-system.install: ship libxl-sanlock.conf
705+ (Closes: #919484)
706+
707+ [ Andrea Bolognani ]
708+ * [6a2eae3] Simplify and improve watch file.
709+
710+ -- Guido Günther <agx@sigxcpu.org> Mon, 06 May 2019 13:06:27 +0200
711+
712 libvirt (5.2.0-2) experimental; urgency=medium
713
714 [ Guido Günther ]
715@@ -467,6 +1159,199 @@ libvirt (5.0.0-2) unstable; urgency=medium
716
717 -- Guido Günther <agx@sigxcpu.org> Sun, 07 Apr 2019 12:36:21 +0200
718
719+libvirt (5.0.0-1ubuntu4) eoan; urgency=medium
720+
721+ * d/p/ubuntu/lp-1825195-*.patch: fix issues with old guests that defined
722+ the never functional osxsave and ospke features (LP: #1825195).
723+ * d/p/series: reorder ubuntu Delta
724+ * d/p/ubuntu-aa/lp-1815910-allow-vhost-net.patch: avoid apparmor issues
725+ with vhost-net/vhost-vsock/vhost-scsi hotplug (LP: #1815910)
726+ * d/p/ubuntu-aa/lp-1829223-virt-aa-helper-allow-vhost-scsi.patch fix
727+ vhost-scsi hotplug in virt-aa-helper (LP: #1829223)
728+
729+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Thu, 16 May 2019 10:42:09 +0200
730+
731+libvirt (5.0.0-1ubuntu3) eoan; urgency=medium
732+
733+ * SECURITY UPDATE: Add support for md-clear functionality
734+ - debian/patches/ubuntu/md-clear.patch: Define md-clear CPUID bit in
735+ src/cpu_map/x86_features.xml.
736+ - CVE-2018-12126, CVE-2018-12127, CVE-2018-12130, CVE-2019-11091
737+
738+ -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Tue, 14 May 2019 14:48:05 -0400
739+
740+libvirt (5.0.0-1ubuntu2) disco; urgency=medium
741+
742+ * Implement further apparmor rules for usage of gl enabled
743+ graphics (LP: #1815452)
744+ - d/p/ubuntu-aa/lp-1815452-more-gl-rules.patch
745+ - d/p/ubuntu-aa/lp-1815452-virt-aa-helper-rule.patch
746+ * Implement further apparmor rules for usage of gl enabled
747+ graphics with nvidia cards (LP: #1817943)
748+ - d/p/ubuntu-aa/lp-1817943-nvidia-gl-rules.patch
749+ - d/p/ubuntu-aa/lp-1817943-devices-in-sysfs.patch
750+ * d/p/ubuntu-aa/lp-1804766-*: updated to the upstream accepted
751+ version (no functional change, LP: 1804766)
752+
753+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Tue, 12 Feb 2019 11:27:14 +0100
754+
755+libvirt (5.0.0-1ubuntu1) disco; urgency=medium
756+
757+ * Merged with Debian unstable
758+ Among many other new features and fixes this includes fixes for:
759+ LP: #1754871 - 1799446 zPCI passthrough support for KVM
760+ LP: #1811198 - remove arbitrary limit on socket_id/core_id
761+ Remaining changes:
762+ - Disable libssh2 support (universe dependency)
763+ - Disable firewalld support (universe dependency)
764+ - Set qemu-group to kvm (for compat with older ubuntu)
765+ - Additional apport package-hook
766+ - Autostart default bridged network (As upstream does, but not Debian).
767+ In addition to just enabling it our solution provides:
768+ + do not autostart if subnet is already taken (e.g. in guests).
769+ + iterate some alternative subnets before giving up
770+ - d/p/ubuntu/Allow-libvirt-group-to-access-the-socket.patch: This is
771+ the group based access to libvirt functions as it was used in Ubuntu
772+ for quite long.
773+ + d/p/ubuntu/daemon-augeas-fix-expected.patch fix some related tests
774+ due to the group access change.
775+ + d/libvirt-daemon-system.postinst: add users in sudo to the libvirt
776+ group.
777+ - ubuntu/parallel-shutdown.patch: set parallel shutdown by default.
778+ - Update Vcs-Git and Vcs-Browser fields to point to launchpad
779+ - Xen related
780+ - d/p/ubuntu/ubuntu-libxl-qemu-path.patch: this change was split. The
781+ section that adapts the path of the emulator to the Debian/Ubuntu
782+ packaging is kept.
783+ - d/p/ubuntu/ubuntu-libxl-Fix-up-VRAM-to-minimum-requirements.patch: auto
784+ set VRAM to minimum requirements
785+ - d/p/ubuntu/xen-default-uri.patch: set default URI on xen hosts
786+ - Add libxl log directory
787+ - libvirt-uri.sh: Automatically switch default libvirt URI for users on
788+ Xen dom0 via user profile (was missing on changelogs before)
789+ - d/p/ubuntu/apibuild-skip-libvirt-common.h: drop libvirt-common.h from
790+ included_files to avoid build failures due to duplicate definitions.
791+ - Update README.Debian with Ubuntu changes
792+ - Enable some additional features on ppc64el and s390x (for arch parity)
793+ + systemtap, zfs, numa and numad on s390x.
794+ + systemtap on ppc64el.
795+ - d/t/control, d/t/smoke-qemu-session: fixup smoke-qemu-session by making
796+ vmlinuz available and accessible (Debian bug 848314)
797+ - d/t/control, d/t/smoke-lxc: fix up lxc smoke test isolation
798+ - d/p/ubuntu/ubuntu_machine_type.patch: accept ubuntu types as pci440fx
799+ - Further upstreamed apparmor Delta, especially any new one
800+ Our former delta is split into logical pieces and is either Ubuntu only
801+ or is part of a continuous upstreaming effort.
802+ Listing related remaining changes in debian/patches/ubuntu-aa/:
803+ + 0001-apparmor-Allow-pygrub-to-run-on-Debian-Ubuntu.patch: apparmor:
804+ Allow pygrub to run on Debian/Ubuntu
805+ + 0003-apparmor-libvirt-qemu-Allow-read-access-to-overcommi.patch:
806+ apparmor, libvirt-qemu: Allow read access to overcommit_memory
807+ + 0007-apparmor-libvirt-qemu-Allow-owner-read-access-to-PRO.patch:
808+ apparmor, libvirt-qemu: Allow owner read access to @{PROC}/*/auxv
809+ + 0017-apparmor-virt-aa-helper-Allow-access-to-tmp-director.patch:
810+ apparmor, virt-aa-helper: Allow access to tmp directories
811+ + ubuntu-aa/0020-virt-aa-helper-ubuntu-storage-paths.patch:
812+ apparmor, virt-aa-helper: Allow various storage pools and image
813+ locations
814+ + 0021-apparmor-virt-aa-helper-Add-openvswitch-support.patch:
815+ apparmor, virt-aa-helper: Add openvswitch support
816+ + 0029-appmor-libvirt-qemu-Add-9p-support.patch: appmor,
817+ libvirt-qemu: Add 9p support
818+ + 0030-virt-aa-helper-Complete-9p-support.patch: virt-aa-helper:
819+ add l to 9p file options.
820+ + 0031-virt-aa-helper-Ask-for-no-deny-rule-for-readonly-dis.patch:
821+ virt-aa-helper: Ask for no deny rule for readonly disk (renamed and
822+ reworded, was virt-aa-helper-no-explicity-deny-for-basefiles.patch)
823+ + 0032-apparmor-libvirt-qemu-Allow-reading-charm-specific-c.patch:
824+ apparmor, libvirt-qemu: Allow reading charm-specific ceph config
825+ + 0033-UBUNTU-only-apparmor-for-kvm.powerpc-LP-1680384.patch: allow
826+ commands executed by ubuntu only kvm wrapper on ppc64el
827+ (LP 1686621 LP 1680384 LP 1784023)
828+ + 0034-apparmor-virt-aa-helper-access-for-snapped-nova.patch:
829+ apparmor, virt-aa-helper: access for snapped nova
830+ + d/p/ubuntu-aa/0050-local-include-for-libvirt-qemu.patch,
831+ d/libvirt-daemon-system.postinst: provide a local apparmor include
832+ for abstraction/libvirt-qemu (LP: 1786019)
833+ - d/rules: enable build time self tests on all architectures
834+ - dnsmasq related enhancements
835+ + run dnsmasq as libvirt-dnsmasq (LP: 1743718)
836+ + d/libvirt-daemon-system.postinst: add libvirt-dnsmasq user and group
837+ + d/libvirt-daemon-system.postrm: remove libvirt-dnsmasq user and group on
838+ purge
839+ + d/p/ubuntu/dnsmasq-as-priv-user: write dnsmasq config with user
840+ libvirt-dnsmasq and adapt the self tests to expect that config
841+ + d/libvirt-daemon-system.postinst: fix old libvirt-dnsmasq users group
842+ + Add dnsmasq configuration to work with system wide dnsmasq-base
843+ - debian/rules: disable the netcf backend. (LP: 1764314)
844+ - debian/control: drop libnetcf from Build-Depends.
845+ - debian/patches/ubuntu/ovmf_paths.patch: adjust paths to secboot.fd UEFI
846+ Secure Boot enabled variants of the OVMF firmware and variable store for
847+ the paths where we ship these files in Ubuntu.
848+ - d/rules: install virtlockd correctly with defaults file (LP: 1729516)
849+ - avoid service dependency issues on upgrade (LP: 1786179)
850+ This will in the long term be resolved in dh_* tools, but to let an
851+ upgrade work for now we need to drop the sysV scripts (which we don't
852+ use anyway) and slightly modify the systemd service to work with todays
853+ dh_systemd_start properly. Can be dropped once Debian bug 905772 is
854+ resolved in dh_* tools and libvirt uses those new code.
855+ - d/libvirt-daemon-system.virtlogd.init: removed sysV init file
856+ - d/libvirt-daemon-system.libvirtd.init: removed sysV init file
857+ - debian/libvirt-daemon-system.maintscript: rm_conffile for virtlogd
858+ and lbivirtd sysV init file
859+ - d/p/ubuntu/avoid-restarting-virtlog-socket.patch: drop Also references
860+ to virtlogd/virtlockd sockets as they would imply a restart of
861+ virtlogd breaking it.
862+ - d/t/smoke-lxc: use systemd instead of sysV to restart the service
863+ * Added Changes:
864+ - Refresh d/p/ubuntu/ubuntu-libxl-qemu-path.patch for new context
865+ - d/rules: also check build time self test results on all architectures
866+ - d/rules: strip -Bsymbolic-functions from linker flags as it breaks
867+ libvirt tests
868+ - d/p/ubuntu/set-default-machine-to-ubuntu.patch: to select default
869+ machine type correctly with newer qemu/libvirt
870+ - d/p/ubuntu-aa/lp-1804766-*: Allow rendering node access as needed
871+ for the ease use of mdev and gl devices (LP: #1804766)
872+ - refreshed d/p/ubuntu-aa for updated paths in libvirt 5.0
873+ - d/t/control: fix smoke-qemu-session by ensuring the service will run
874+ installing libvirt-daemon-system
875+ - d/t/smoke-lxc: fix smoke-lxc by ignoring potential issues on destroy as
876+ long as the following undefine succeeds
877+ - d/p/ubuntu/lp-1771662-*: fix handling of VFs without associated PF
878+ (LP: #1771662)
879+ * Dropped Changes (upstream)
880+ - debian/patches/ubuntu/lp1787405-*: Support guest dedicated Crypto
881+ Adapters on s390x (LP: 1787405)
882+ - d/p/ubuntu/lp-1802727-netdevbridge-fall-back-to-ioctl-from-sysfs.patch:
883+ fix libvirt bridge handling in unprivileged containers (LP: 1802906)
884+ - d/p/ubuntu-aa/lp-1788603-fix-ptrace-rules-with-kernel-4.18.patch:
885+ avoid issues with newer kernels >=4.18 (LP: 1788603)
886+ - Fix an issue where guests with plenty of hostdevs attached where detected
887+ as not shut down due to the kernel needing more time to free up
888+ resources (LP: 1788226)
889+ - d/p/ubuntu/lp-1788226-wait-longer-5-30s-on-hard-shutdown.patch
890+ - d/p/ubuntu/lp-1788226-wait-longer-on-kill-per-assigned-Hostdev.patch
891+ - 0025-apparmor-fix-newer-virt-manager-1.4.0.patch: Add Apparmor
892+ permissions so virt-manager 1.4.0 viewing works (LP 1668681 1747442).
893+ - 0040-apparmor-add-mediation-rules-for-unconfined.patch:
894+ apparmor: add mediation rules for unconfined guests
895+ - d/p/ubuntu-aa/0051-allow-user-tmp.patch: some features need tmp, but we
896+ don't want blanket access. We only allow enumerating the base dir and
897+ reading owned files. Further features needing /tmp have to add local
898+ overrides, examples are qemu-smb and some modes of local snapshots.
899+ (LP: 1365261) Can be dropped >=libvirt 4.7
900+ - d/p/ubuntu-aa/0052-allow-to-preserve-dev-mountpoints.patch: Allow to
901+ preserve /dev mountpoints in qemu namespaces (LP: 1786168)
902+ Can be dropped >=libvirt 4.7
903+ - d/p/ubuntu/enable-kvm-spice.patch: compat with older Ubuntu qemu/kvm
904+ which provided a separate kvm-spice. Upstream completely dropped
905+ alternative types and kvm-spice is a symlink for quite some time.
906+ Builtin expected binaries work, so drop this delta.
907+ * Dropped Changes (in Debian)
908+ - Convert libvirt0, libnss_libvirt and libvirt-dev to multi-arch.
909+
910+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Tue, 08 Jan 2019 13:09:31 +0100
911+
912 libvirt (5.0.0-1) unstable; urgency=medium
913
914 * [7346f30] New upstream version 5.0.0
915@@ -526,6 +1411,297 @@ libvirt (4.7.0-1) unstable; urgency=medium
916
917 -- Guido Günther <agx@sigxcpu.org> Sun, 09 Sep 2018 21:42:33 +0200
918
919+libvirt (4.6.0-2ubuntu6) disco; urgency=medium
920+
921+ * No-change rebuild for readline soname change.
922+
923+ -- Matthias Klose <doko@ubuntu.com> Tue, 15 Jan 2019 10:26:04 +0000
924+
925+libvirt (4.6.0-2ubuntu5) disco; urgency=medium
926+
927+ * d/p/ubuntu/lp1787405-0008-qemu-mdev-Use-vfio-pci-display-property-only
928+ -with-vf.patch: fix handling of non PCI vfio display propery (part
929+ of LP: #1787405)
930+
931+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Thu, 06 Dec 2018 09:20:39 +0100
932+
933+libvirt (4.6.0-2ubuntu4) disco; urgency=medium
934+
935+ * debian/patches/ubuntu/lp1787405-*: Support guest dedicated Crypto
936+ Adapters on s390x (LP: #1787405)
937+ * d/p/ubuntu/lp-1802727-netdevbridge-fall-back-to-ioctl-from-sysfs.patch:
938+ fix libvirt bridge handling in unprivileged containers (LP: #1802906)
939+
940+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Fri, 09 Nov 2018 07:42:01 +0100
941+
942+libvirt (4.6.0-2ubuntu3) cosmic; urgency=medium
943+
944+ * d/p/ubuntu-aa/lp-1788603-fix-ptrace-rules-with-kernel-4.18.patch:
945+ avoid issues with newer kernels >=4.18 (LP: #1788603)
946+
947+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Mon, 27 Aug 2018 10:57:57 +0200
948+
949+libvirt (4.6.0-2ubuntu2) cosmic; urgency=medium
950+
951+ * Fix an issue where guests with plenty of hostdevs attached where detected
952+ as not shut down due to the kernel needing more time to free up
953+ resources (LP: #1788226)
954+ - d/p/ubuntu/lp-1788226-wait-longer-5-30s-on-hard-shutdown.patch
955+ - d/p/ubuntu/lp-1788226-wait-longer-on-kill-per-assigned-Hostdev.patch
956+
957+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Tue, 21 Aug 2018 17:51:43 +0200
958+
959+libvirt (4.6.0-2ubuntu1) cosmic; urgency=medium
960+
961+ * Merged with Debian unstable (LP: #1786957).
962+ Among many other new features and fixes this includes fixes
963+ for (LP: #1754871), Remaining changes:
964+ - Disable libssh2 support (universe dependency)
965+ - Disable firewalld support (universe dependency)
966+ - Set qemu-group to kvm (for compat with older ubuntu)
967+ - Additional apport package-hook
968+ - Autostart default bridged network (As upstream does, but not Debian).
969+ In addition to just enabling it our solution provides:
970+ + do not autostart if subnet is already taken (e.g. in guests).
971+ + iterate some alternative subnets before giving up
972+ - d/p/ubuntu/Allow-libvirt-group-to-access-the-socket.patch: This is
973+ the group based access to libvirt functions as it was used in Ubuntu
974+ for quite long.
975+ + d/p/ubuntu/daemon-augeas-fix-expected.patch fix some related tests
976+ due to the group access change.
977+ + d/libvirt-daemon-system.postinst: add users in sudo to the libvirt
978+ group.
979+ - ubuntu/parallel-shutdown.patch: set parallel shutdown by default.
980+ - d/p/ubuntu/enable-kvm-spice.patch: compat with older Ubuntu qemu/kvm
981+ which provided a separate kvm-spice.
982+ - Xen related
983+ - d/p/ubuntu/ubuntu-libxl-qemu-path.patch: this change was split. The
984+ section that adapts the path of the emulator to the Debian/Ubuntu
985+ packaging is kept.
986+ - d/p/ubuntu/ubuntu-libxl-Fix-up-VRAM-to-minimum-requirements.patch: auto
987+ set VRAM to minimum requirements
988+ - d/p/ubuntu/xen-default-uri.patch: set default URI on xen hosts
989+ - Add libxl log directory
990+ - libvirt-uri.sh: Automatically switch default libvirt URI for users on
991+ Xen dom0 via user profile (was missing on changelogs before)
992+ - d/p/ubuntu/apibuild-skip-libvirt-common.h: drop libvirt-common.h from
993+ included_files to avoid build failures due to duplicate definitions.
994+ - Update README.Debian with Ubuntu changes
995+ - Convert libvirt0, libnss_libvirt and libvirt-dev to multi-arch.
996+ - Enable some additional features on ppc64el and s390x (for arch parity)
997+ + systemtap, zfs, numa and numad on s390x.
998+ + systemtap on ppc64el.
999+ - d/t/control, d/t/smoke-qemu-session: fixup smoke-qemu-session by making
1000+ vmlinuz available and accessible (Debian bug 848314)
1001+ - d/t/control, d/t/smoke-lxc: fix up lxc smoke test isolation
1002+ - Add dnsmasq configuration to work with system wide dnsmasq (drop >18.04,
1003+ no more UCA onto Xenial then which has global dnsmasq by default).
1004+ - d/p/ubuntu/ubuntu_machine_type.patch: accept ubuntu types as pci440fx
1005+ - Further upstreamed apparmor Delta, especially any new one
1006+ Our former delta is split into logical pieces and is either Ubuntu only
1007+ or is part of a continuous upstreaming effort.
1008+ Listing related remaining changes in debian/patches/ubuntu-aa/:
1009+ + 0001-apparmor-Allow-pygrub-to-run-on-Debian-Ubuntu.patch: apparmor:
1010+ Allow pygrub to run on Debian/Ubuntu
1011+ + 0003-apparmor-libvirt-qemu-Allow-read-access-to-overcommi.patch:
1012+ apparmor, libvirt-qemu: Allow read access to overcommit_memory
1013+ + 0007-apparmor-libvirt-qemu-Allow-owner-read-access-to-PRO.patch:
1014+ apparmor, libvirt-qemu: Allow owner read access to @{PROC}/*/auxv
1015+ + 0017-apparmor-virt-aa-helper-Allow-access-to-tmp-director.patch:
1016+ apparmor, virt-aa-helper: Allow access to tmp directories
1017+ + ubuntu-aa/0020-virt-aa-helper-ubuntu-storage-paths.patch:
1018+ apparmor, virt-aa-helper: Allow various storage pools and image
1019+ locations
1020+ + 0021-apparmor-virt-aa-helper-Add-openvswitch-support.patch:
1021+ apparmor, virt-aa-helper: Add openvswitch support
1022+ + 0025-apparmor-fix-newer-virt-manager-1.4.0.patch: Add Apparmor
1023+ permissions so virt-manager 1.4.0 viewing works (LP 1668681 1747442).
1024+ Can be dropped >=libvirt 4.7
1025+ + 0029-appmor-libvirt-qemu-Add-9p-support.patch: appmor,
1026+ libvirt-qemu: Add 9p support
1027+ + 0030-virt-aa-helper-Complete-9p-support.patch: virt-aa-helper:
1028+ add l to 9p file options.
1029+ + 0031-virt-aa-helper-Ask-for-no-deny-rule-for-readonly-dis.patch:
1030+ virt-aa-helper: Ask for no deny rule for readonly disk (renamed and
1031+ reworded, was virt-aa-helper-no-explicity-deny-for-basefiles.patch)
1032+ + 0032-apparmor-libvirt-qemu-Allow-reading-charm-specific-c.patch:
1033+ apparmor, libvirt-qemu: Allow reading charm-specific ceph config
1034+ + 0033-UBUNTU-only-apparmor-for-kvm.powerpc-LP-1680384.patch: allow
1035+ commands executed by ubuntu only kvm wrapper on ppc64el
1036+ (LP 1686621 & LP 1680384).
1037+ + 0034-apparmor-virt-aa-helper-access-for-snapped-nova.patch:
1038+ apparmor, virt-aa-helper: access for snapped nova
1039+ + 0040-apparmor-add-mediation-rules-for-unconfined.patch:
1040+ apparmor: add mediation rules for unconfined guests
1041+ Can be dropped >=libvirt 4.7
1042+ - d/rules: enable build time self tests on all architectures
1043+ - run dnsmasq as libvirt-dnsmasq (LP: 1743718)
1044+ + d/libvirt-daemon-system.postinst: add libvirt-dnsmasq user and group
1045+ + d/libvirt-daemon-system.postrm: remove libvirt-dnsmasq user and group on
1046+ purge
1047+ + d/p/ubuntu/dnsmasq-as-priv-user: write dnsmas config with user
1048+ libvirt-dnsmasq and adapt the self tests to expect that config
1049+ + d/libvirt-daemon-system.postinst: fix old libvirt-dnsmasq users
1050+ - debian/rules: disable the netcf backend. (LP: 1764314)
1051+ - debian/control: drop libnetcf from Build-Depends.
1052+ - ddebian/patches/ubuntu/ovmf_paths.patch: adjust paths to secboot.fd UEFI
1053+ Secure Boot enabled variants of the OVMF firmware and variable store for
1054+ the paths where we ship these files in Ubuntu.
1055+ - d/rules: install virtlockd correctly with defaults file (LP: 1729516)
1056+ * Added Changes
1057+ - 0032-apparmor-libvirt-qemu-Allow-reading-charm-specific-c.patch:
1058+ updated to take care of no more silencing and thereby hiding denials
1059+ (LP 1719579 is an example)
1060+ - 0032-apparmor-libvirt-qemu-Allow-reading-charm-specific-c.patch:
1061+ updated to also allow the optionally placed ceph asok file (LP: #1779674)
1062+ - 0033-UBUNTU-only-apparmor-for-kvm.powerpc-LP-1680384.patch: prepare
1063+ profile for usrmerge (LP: #1784023)
1064+ - Finalize the libvirt-bin -> libvirt-* transition in the apport
1065+ package-hook.
1066+ - d/p/ubuntu-aa/0050-local-include-for-libvirt-qemu.patch,
1067+ d/libvirt-daemon-system.postinst: provide a local apparmor include
1068+ for abstraction/libvirt-qemu (LP: #1786019)
1069+ - d/p/ubuntu-aa/0051-allow-user-tmp.patch: some features need tmp, but we
1070+ don't want blanket access. We only allow enumerating the base dir and
1071+ reading owned files. Further features needing /tmp have to add local
1072+ overrides, examples are qemu-smb and some modes of local snapshots.
1073+ (LP: #1365261) Can be dropped >=libvirt 4.7
1074+ - d/p/ubuntu-aa/0052-allow-to-preserve-dev-mountpoints.patch: Allow to
1075+ preserve /dev mountpoints in qemu namespaces (LP: #1786168)
1076+ Can be dropped >=libvirt 4.7
1077+ - avoid service dependency issues on upgrade (LP: #1786179)
1078+ This will in the long term be resolved in dh_* tools, but to let an
1079+ upgrade work for now we need to drop the sysV scripts (which we don't
1080+ use anyway) and slightly modify the systemd service to work with todays
1081+ dh_systemd_start properly. Can be dropped once Debian bug 905772 is
1082+ resolved in dh_* tools and libvirt uses those new code.
1083+ - d/libvirt-daemon-system.virtlogd.init: removed sysV init file
1084+ - d/libvirt-daemon-system.libvirtd.init: removed sysV init file
1085+ - debian/libvirt-daemon-system.maintscript: rm_conffile for virtlogd
1086+ and lbivirtd sysV init file
1087+ - d/p/ubuntu/avoid-restarting-virtlog-socket.patch: drop Also references
1088+ to virtlogd/virtlockd sockets as they would imply a restart of
1089+ virtlogd breaking it.
1090+ - d/t/smoke-lxc: use systemd instead of sysV to restart the service
1091+ * Dropped Changes (upstream)
1092+ - d/p/ubuntu/virt-aa-helper-Set-the-supported-features.patch: allow parsing
1093+ of memory slots and other extended features without breaking
1094+ virt-aa-helper (LP: 1746431).
1095+ - d/p/stable/0001-Revert-qemu-monitor-do-not-report-error-on-shutdown.patch
1096+ - d/p/stable/0002-nodedev-Fix-failing-to-parse-PCI-address-for-non-PCI.patch
1097+ - d/p/stable/0003-qemu-assign-correct-type-of-PCI-address-for-vhost-sc.patch
1098+ - d/p/stable/0004-qemu-Refresh-caps-cache-after-booting-a-different-ke.patch
1099+ - d/p/stable/0005-qemu-auto-add-generic-xhci-rather-than-NEC-xhci-to-Q.patch
1100+ - d/p/stable/0006-libvirtd-Explicit-dependency-on-systemd-machined.patch
1101+ - d/p/stable/0007-rpc-fix-race-sending-and-encoding-sasl-data.patch
1102+ - d/p/stable/0008-vhost-user-add-support-reconnect-for-vhost-user-port.patch
1103+ - d/p/stable/0009-qemu-Fix-memory-leak-in-processGuestPanicEvent.patch
1104+ - d/p/stable/0010-storage-util-Properly-ignore-errors-when-backing-vol.patch
1105+ - d/p/stable/0011-conf-Use-correct-attribute-name-in-error-message.patch
1106+ - d/p/stable/0012-util-json-Add-helper-to-return-string-or-number-prop.patch
1107+ - d/p/stable/0013-util-storage-Parse-lun-for-iSCSI-protocol-from-JSON-.patch
1108+ - d/p/stable/0014-virsh-Offer-only-persistent-domains-for-autostart.patch
1109+ - d/p/stable/0015-blockjob-Fix-a-error-checking-of-blockjob-status-in-.patch
1110+ - d/p/stable/0016-qemu-Expose-rx-tx_queue_size-in-qemu.conf-too.patch
1111+ - d/p/stable/0017-qemu-migration-Refresh-device-information-after-tran.patch
1112+ - d/p/stable/0018-qemuDomainRemoveMemoryDevice-unlink-memory-backing-f.patch
1113+ - d/p/stable/0019-vbox-fix-SEGV-during-dumpxml-of-a-serial-port.patch
1114+ - d/p/stable/0020-qemu-Initialize-priv-in-qemuDomainCoreDumpWithFormat.patch
1115+ - d/p/stable/0021-fix-regex-to-check-CN-from-server-certificate.patch
1116+ - d/p/stable/0022-storage-Fix-formatting-and-parsing-of-qemu-type-Unix.patch
1117+ - d/p/stable/0023-util-storage-Remove-detected-authentication-data-for.patch
1118+ - d/p/stable/0024-qemu-blockcopy-Add-check-for-bandwidth.patch
1119+ - d/p/stable/0025-conf-move-generated-member-from-virMacAddr-to-virDom.patch
1120+ - d/p/stable/0026-lxc-Drop-useless-check-in-live-device-update.patch
1121+ - d/p/stable/0027-Pass-oldDev-to-virDomainDefCompatibleDevice-on-devic.patch
1122+ - d/p/stable/0028-qemu-Fix-updating-device-with-boot-order.patch
1123+ - d/p/stable/0030-daemon-fix-rpc-event-leak-on-error-path-in-remoteDis.patch
1124+ - d/p/stable/0029-lxc-fix-rpc-event-leak-on-error-path-in-virLXCContro.patch
1125+ - d/p/stable/0031-qemu-fix-memory-leak-of-vporttype-during-migration.patch
1126+ - d/p/stable/0032-virsh-fixing-segfault-by-pool-autocompleter-function.patch
1127+ - d/p/stable/0033-qemu-Fix-comparison-assignment-in-qemuDomainUpdateDe.patch
1128+ - d/p/stable/0034-qemu-Fix-memory-leak-in-qemuConnectGetAllDomainStats.patch
1129+ - d/p/stable/0035-libvirtd-fix-potential-deadlock-when-reloading.patch
1130+ - d/p/stable/0036-qemu-Use-correct-bus-type-for-input-devices.patch
1131+ - d/p/stable/0037-qemu-hostdev-Fix-the-error-on-VM-start-with-an-mdev-.patch
1132+ - d/p/stable/0038-conf-Fix-crash-in-virDomainDefCompatibleDevice.patch
1133+ - d/p/ubuntu/lp1688508-tools-avoid-text-spilling-into-variables.patch:
1134+ avoid hanging on shutdown (LP: 1688508)
1135+ - d/p/ubuntu-aa/0041-apparmor-add-ro-rule-for-sasl-GSSAPI-
1136+ plugin-on-etc-g.patch fix issues if sasl is configured (LP: 1696471)
1137+ - d/p/ubuntu-aa/0042-virt-aa-helper-resolve-yet-to-be-created-paths.patch
1138+ ensure symlinks are resolved to get valid rules if interim parts of a path
1139+ are a symlink (LP: 1752361)
1140+ - d/p/ubuntu/lp1688508-tools-fix-variable-scope-in-in-check_guests_shutdown:
1141+ avoid issues shutting down more guests than configured for parallel
1142+ shutdown (LP: 1688508)
1143+ - d/p/ubuntu-aa/lp1756394-virt-aa-helper-resolve-file-symlinks.patch: fix
1144+ using devices that are symlinks (LP: 1756394)
1145+ - Fix nvdimm memory and passthrough input devices for hotplug via
1146+ domain security callbacks backporting upstream commits (LP: 1755153).
1147+ + d/p/ubuntu-aa/lp1755153-apparmor-add-Set-Restore-InputLabel.patch
1148+ + d/p/ubuntu-aa/lp1755153-apparmor-add-Set-Restore-MemoryLabel.patch
1149+ - Fix nvdimm memory and passthrough input devices in initial guest
1150+ description via virt-aa-helper (LP: 1757085).
1151+ + d/p/ubuntu-aa/lp1757085-virt-aa-helper-nvdimm-memory.patch
1152+ + d/p/ubuntu-aa/lp1757085-virt-aa-helper-passthrough-input.patch
1153+ - Fix clean shut down of guests on system shutdown (LP: 1764668)
1154+ + d/p/ubuntu/lp-1764668-do-not-report-unknown-guests.patch
1155+ + d/p/ubuntu/lp-1764668-fix-check_guests_shutdown-loop.patch
1156+ - SECURITY UPDATE: QEMU monitor DoS
1157+ + debian/patches/CVE-2018-1064.patch: add size limit to
1158+ src/qemu/qemu_agent.c.
1159+ + CVE-2018-1064
1160+ - SECURITY UPDATE: Speculative Store Bypass
1161+ + debian/patches/CVE-2018-3639-1.patch: define the 'ssbd' CPUID feature
1162+ bit in src/cpu/cpu_map.xml.
1163+ + debian/patches/CVE-2018-3639-2.patch: define the 'virt-ssbd' CPUID
1164+ feature bit in src/cpu/cpu_map.xml.
1165+ + CVE-2018-3639
1166+ - d/p/ubuntu-aa/lp1775777-vfio-usage-without-initial-hostdev.patch: fix
1167+ hotplug use cases where the initial guest had no hostdev at all and
1168+ therefore vrit-aa-helper did not allow /dev/vfio/vfio (LP: 1775777)
1169+ - debian/patches/ubuntu/lp-1758037-nwfilter-increase-pcap-buffer-size.patch:
1170+ Fix nwfilters that set CTRL_IP_LEARNING set to dhcp failing with "An error
1171+ occurred, but the cause is unknown" due to a buffer being too small
1172+ for pcap with TPACKET_V3 enabled (LP: 1758037)
1173+ - SECURITY UPDATE: code injection via libnss_dns.so
1174+ + debian/patches/CVE-2018-6764-1.patch: determine the hostname on
1175+ startup in src/util/virlog.c.
1176+ + debian/patches/CVE-2018-6764-2.patch: fix syntax-check in
1177+ src/util/virlog.c.
1178+ + debian/patches/CVE-2018-6764-3.patch: fix deadlock obtaining hostname
1179+ in cfg.mk, src/util/virlog.c.
1180+ + CVE-2018-6764
1181+ * Dropped Changes (no upgrade path left that needs those)
1182+ - Backwards compatible handling of group rename (can be dropped >18.04).
1183+ - Modifications to adapt for our delayed switch away from libvirt-bin (can
1184+ be dropped >18.04).
1185+ + d/p/ubuntu/libvirtd-service-add-bin-alias.patch: systemd: define alias
1186+ to old service name so that old references work
1187+ + d/p/ubuntu/libvirtd-init-add-bin-alias.patch: sysv init: define alias
1188+ to old service name so that old references work
1189+ + d/control: transitional package with the old name and maintainer
1190+ scripts to handle the transition
1191+ - fix conffile upgrade handling to avoid obsolete files
1192+ and inactive duplicates (LP 1694159)
1193+ - conffile handling of files dropped in 3.5 (can be dropped >18.04)
1194+ + /etc/init.d/virtlockd was sysv init only
1195+ + /etc/apparmor.d/local/usr.sbin.libvirtd and
1196+ /etc/apparmor.d/local/usr.lib.libvirt.virt-aa-helper are now generated
1197+ by dh_apparmor as needed
1198+ - d/libvirt-daemon-system.maintscript: remove the now dropped conffile
1199+ /etc/cron.daily/libvirt-daemon-system
1200+ * Dropped Changes (cleanups)
1201+ - d/test/smoke-lxc workaround for debbug 848317/867379 (systemd has fixed
1202+ one issue and the other is solved in libvirt by ensuring to move to the
1203+ right cgroups.)
1204+ - remove no more used libvirt-dnsmasq user (this was redundant since
1205+ 4.0.0-1ubuntu5 reintroduced a libvirt-dnsmasq user)
1206+ - Disable selinux (now in main)
1207+
1208+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Sat, 18 Aug 2018 14:40:58 +0200
1209+
1210 libvirt (4.6.0-2) unstable; urgency=medium
1211
1212 * [c33faee] Drop dwarves dependency.
1213@@ -643,6 +1819,399 @@ libvirt (4.0.0-2) unstable; urgency=medium
1214
1215 -- Guido Günther <agx@sigxcpu.org> Thu, 08 Feb 2018 19:29:59 +0100
1216
1217+libvirt (4.0.0-1ubuntu13) cosmic; urgency=medium
1218+
1219+ * ddebian/patches/ubuntu/ovmf_paths.patch: adjust paths to secboot.fd UEFI
1220+ Secure Boot enabled variants of the OVMF firmware and variable store for
1221+ the paths where we ship these files in Ubuntu.
1222+
1223+ -- Mathieu Trudel-Lapierre <cyphermox@ubuntu.com> Wed, 27 Jun 2018 11:16:23 -0400
1224+
1225+libvirt (4.0.0-1ubuntu12) cosmic; urgency=medium
1226+
1227+ * d/p/ubuntu-aa/lp1775777-vfio-usage-without-initial-hostdev.patch: fix
1228+ hotplug use cases where the initial guest had no hostdev at all and
1229+ therefore vrit-aa-helper did not allow /dev/vfio/vfio (LP: #1775777)
1230+
1231+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Tue, 12 Jun 2018 16:24:01 +0200
1232+
1233+libvirt (4.0.0-1ubuntu11) cosmic; urgency=medium
1234+
1235+ * SECURITY UPDATE: QEMU monitor DoS
1236+ - debian/patches/CVE-2018-1064.patch: add size limit to
1237+ src/qemu/qemu_agent.c.
1238+ - CVE-2018-1064
1239+ * SECURITY UPDATE: Speculative Store Bypass
1240+ - debian/patches/CVE-2018-3639-1.patch: define the 'ssbd' CPUID feature
1241+ bit in src/cpu/cpu_map.xml.
1242+ - debian/patches/CVE-2018-3639-2.patch: define the 'virt-ssbd' CPUID
1243+ feature bit in src/cpu/cpu_map.xml.
1244+ - CVE-2018-3639
1245+
1246+ -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Tue, 22 May 2018 10:55:56 -0400
1247+
1248+libvirt (4.0.0-1ubuntu10) cosmic; urgency=medium
1249+
1250+ * Fix nwfilters that set CTRL_IP_LEARNING set to dhcp failing with "An error
1251+ occurred, but the cause is unknown" due to a buffer being too small
1252+ for pcap with TPACKET_V3 enabled (LP: #1758037)
1253+ - debian/patches/ubuntu/lp-1758037-nwfilter-increase-pcap-buffer-size.patch
1254+
1255+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Wed, 09 May 2018 17:07:59 +0200
1256+
1257+libvirt (4.0.0-1ubuntu9) cosmic; urgency=medium
1258+
1259+ * debian/rules: disable the netcf backend. (LP: #1764314)
1260+ * debian/control: drop libnetcf from Build-Depends.
1261+
1262+ -- Mathieu Trudel-Lapierre <cyphermox@ubuntu.com> Wed, 09 May 2018 10:06:15 -0400
1263+
1264+libvirt (4.0.0-1ubuntu8) bionic; urgency=medium
1265+
1266+ * Fix clean shut down of guests on system shutdown (LP: #1764668)
1267+ - d/p/ubuntu/lp-1764668-do-not-report-unknown-guests.patch
1268+ - d/p/ubuntu/lp-1764668-fix-check_guests_shutdown-loop.patch
1269+
1270+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Tue, 24 Apr 2018 11:09:48 +0200
1271+
1272+libvirt (4.0.0-1ubuntu7) bionic; urgency=medium
1273+
1274+ * Fix nvdimm memory and passthrough input devices for hotplug via
1275+ domain security callbacks backporting upstream commits (LP: #1755153).
1276+ - d/p/ubuntu-aa/lp1755153-apparmor-add-Set-Restore-InputLabel.patch
1277+ - d/p/ubuntu-aa/lp1755153-apparmor-add-Set-Restore-MemoryLabel.patch
1278+ * Fix nvdimm memory and passthrough input devices in initial guest
1279+ description via virt-aa-helper (LP: #1757085).
1280+ - d/p/ubuntu-aa/lp1757085-virt-aa-helper-nvdimm-memory.patch
1281+ - d/p/ubuntu-aa/lp1757085-virt-aa-helper-passthrough-input.patch
1282+
1283+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Wed, 21 Mar 2018 08:30:47 +0100
1284+
1285+libvirt (4.0.0-1ubuntu6) bionic; urgency=medium
1286+
1287+ * Backport from recent upstream to stabilize libvirt (LP: #1756915)
1288+ - d/p/stable/0033-qemu-Fix-comparison-assignment-in-qemuDomainUpdateDe.patch
1289+ - d/p/stable/0034-qemu-Fix-memory-leak-in-qemuConnectGetAllDomainStats.patch
1290+ - d/p/stable/0035-libvirtd-fix-potential-deadlock-when-reloading.patch
1291+ - d/p/stable/0036-qemu-Use-correct-bus-type-for-input-devices.patch
1292+ - d/p/stable/0037-qemu-hostdev-Fix-the-error-on-VM-start-with-an-mdev-.patch
1293+ - d/p/stable/0038-conf-Fix-crash-in-virDomainDefCompatibleDevice.patch
1294+ * d/p/ubuntu/lp1688508-tools-fix-variable-scope-in-in-check_guests_shutdown:
1295+ avoid issues shutting down more guests than configured for parallel
1296+ shutdown (LP: #1688508)
1297+ * d/p/ubuntu-aa/lp1756394-virt-aa-helper-resolve-file-symlinks.patch: fix
1298+ using devices that are symlinks (LP: #1756394)
1299+
1300+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Mon, 19 Mar 2018 14:57:08 +0100
1301+
1302+libvirt (4.0.0-1ubuntu5) bionic; urgency=medium
1303+
1304+ * run dnsmasq as libvirt-dnsmasq (LP: #1743718)
1305+ - d/libvirt-daemon-system.postinst: add libvirt-dnsmasq user and group
1306+ - d/libvirt-daemon-system.postrm: remove libvirt-dnsmasq user and group on
1307+ purge
1308+ - d/p/ubuntu/dnsmasq-as-priv-user: write dnsmas config with user
1309+ libvirt-dnsmasq and adapt the self tests to expect that config
1310+ - d/libvirt-daemon-system.postinst: fix old libvirt-dnsmasq users
1311+ * Backport from recent upstream to stabilize libvirt (LP: #1754352)
1312+ - d/p/stable/0024-qemu-blockcopy-Add-check-for-bandwidth.patch
1313+ - d/p/stable/0025-conf-move-generated-member-from-virMacAddr-to-virDom.patch
1314+ - d/p/stable/0026-lxc-Drop-useless-check-in-live-device-update.patch
1315+ - d/p/stable/0027-Pass-oldDev-to-virDomainDefCompatibleDevice-on-devic.patch
1316+ - d/p/stable/0028-qemu-Fix-updating-device-with-boot-order.patch
1317+ - d/p/stable/0030-daemon-fix-rpc-event-leak-on-error-path-in-remoteDis.patch
1318+ - d/p/stable/0029-lxc-fix-rpc-event-leak-on-error-path-in-virLXCContro.patch
1319+ - d/p/stable/0031-qemu-fix-memory-leak-of-vporttype-during-migration.patch
1320+ - d/p/stable/0032-virsh-fixing-segfault-by-pool-autocompleter-function.patch
1321+ * d/p/ubuntu-aa/0041-apparmor-add-ro-rule-for-sasl-GSSAPI-
1322+ plugin-on-etc-g.patch fix issues if sasl is configured (LP: #1696471)
1323+ * d/p/ubuntu-aa/0042-virt-aa-helper-resolve-yet-to-be-created-paths.patch
1324+ ensure symlinks are resolved to get valid rules if interim parts of a path
1325+ are a symlink (LP: #1752361)
1326+
1327+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Tue, 27 Feb 2018 12:04:02 +0100
1328+
1329+libvirt (4.0.0-1ubuntu4) bionic; urgency=medium
1330+
1331+ * d/p/ubuntu/lp1688508-tools-avoid-text-spilling-into-variables.patch:
1332+ avoid hanging on shutdown (LP: #1688508)
1333+
1334+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Fri, 23 Feb 2018 16:43:19 +0100
1335+
1336+libvirt (4.0.0-1ubuntu3) bionic; urgency=medium
1337+
1338+ [ Christian Ehrhardt ]
1339+ * Backport of 23 bug fixes from recent upstream to stabilize libvirt on 18.04
1340+ - d/p/stable/0001-Revert-qemu-monitor-do-not-report-error-on-shutdown.patch
1341+ - d/p/stable/0002-nodedev-Fix-failing-to-parse-PCI-address-for-non-PCI.patch
1342+ - d/p/stable/0003-qemu-assign-correct-type-of-PCI-address-for-vhost-sc.patch
1343+ - d/p/stable/0004-qemu-Refresh-caps-cache-after-booting-a-different-ke.patch
1344+ - d/p/stable/0005-qemu-auto-add-generic-xhci-rather-than-NEC-xhci-to-Q.patch
1345+ - d/p/stable/0006-libvirtd-Explicit-dependency-on-systemd-machined.patch
1346+ - d/p/stable/0007-rpc-fix-race-sending-and-encoding-sasl-data.patch
1347+ - d/p/stable/0008-vhost-user-add-support-reconnect-for-vhost-user-port.patch
1348+ - d/p/stable/0009-qemu-Fix-memory-leak-in-processGuestPanicEvent.patch
1349+ - d/p/stable/0010-storage-util-Properly-ignore-errors-when-backing-vol.patch
1350+ - d/p/stable/0011-conf-Use-correct-attribute-name-in-error-message.patch
1351+ - d/p/stable/0012-util-json-Add-helper-to-return-string-or-number-prop.patch
1352+ - d/p/stable/0013-util-storage-Parse-lun-for-iSCSI-protocol-from-JSON-.patch
1353+ - d/p/stable/0014-virsh-Offer-only-persistent-domains-for-autostart.patch
1354+ - d/p/stable/0015-blockjob-Fix-a-error-checking-of-blockjob-status-in-.patch
1355+ - d/p/stable/0016-qemu-Expose-rx-tx_queue_size-in-qemu.conf-too.patch
1356+ - d/p/stable/0017-qemu-migration-Refresh-device-information-after-tran.patch
1357+ - d/p/stable/0018-qemuDomainRemoveMemoryDevice-unlink-memory-backing-f.patch
1358+ - d/p/stable/0019-vbox-fix-SEGV-during-dumpxml-of-a-serial-port.patch
1359+ - d/p/stable/0020-qemu-Initialize-priv-in-qemuDomainCoreDumpWithFormat.patch
1360+ - d/p/stable/0021-fix-regex-to-check-CN-from-server-certificate.patch
1361+ - d/p/stable/0022-storage-Fix-formatting-and-parsing-of-qemu-type-Unix.patch
1362+ - d/p/stable/0023-util-storage-Remove-detected-authentication-data-for.patch
1363+ * d/rules: enable build time self tests on all architectures
1364+
1365+ [ Marc Deslauriers ]
1366+ * SECURITY UPDATE: code injection via libnss_dns.so
1367+ - debian/patches/CVE-2018-6764-1.patch: determine the hostname on
1368+ startup in src/util/virlog.c.
1369+ - debian/patches/CVE-2018-6764-2.patch: fix syntax-check in
1370+ src/util/virlog.c.
1371+ - debian/patches/CVE-2018-6764-3.patch: fix deadlock obtaining hostname
1372+ in cfg.mk, src/util/virlog.c.
1373+ - CVE-2018-6764
1374+
1375+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Mon, 19 Feb 2018 14:18:44 +0100
1376+
1377+libvirt (4.0.0-1ubuntu2) bionic; urgency=medium
1378+
1379+ * d/p/ubuntu-aa/0025-apparmor-fix-newer-virt-manager-1.4.0.patch: refreshed
1380+ as libvirt 4.0 needs a reversed rule for openGraphicsFD (LP: #1747442)
1381+ - refreshed 0032 and 0040 to match the new context.
1382+ * d/p/ubuntu/virt-aa-helper-Set-the-supported-features.patch: allow parsing
1383+ of memory slots and other extended features without breaking
1384+ virt-aa-helper (LP: #1746431).
1385+
1386+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Fri, 02 Feb 2018 07:31:17 +0100
1387+
1388+libvirt (4.0.0-1ubuntu1) bionic; urgency=medium
1389+
1390+ * Merged with Debian unstable (4.0)
1391+ This closes several bugs:
1392+ - Error generating apparmor profile when hostname contains spaces
1393+ (LP: #799997)
1394+ - qemu 2.10 locks files, libvirt shared now sets share-rw=on (LP: #1716028)
1395+ - libvirt usb passthrough throws apparmor denials related to
1396+ /run/udev/data/+usb (LP: #1727311)
1397+ - AppArmor denies access to /sys/block/*/queue/max_segments (LP: #1729626)
1398+ - iohelper improvements to let bypass-cache work without opening up the
1399+ apparmor isolation (LP: #1719579)
1400+ - nodeinfo on s390x to contain more CPU info (LP: #1733688)
1401+ - Upgrade libvirt >= 4.0 (LP: #1745934)
1402+ * Remaining changes:
1403+ - Disable libssh2 support (universe dependency)
1404+ - Disable firewalld support (universe dependency)
1405+ - Disable selinux
1406+ - Set qemu-group to kvm (for compat with older ubuntu)
1407+ - Additional apport package-hook
1408+ - Modifications to adapt for our delayed switch away from libvirt-bin (can
1409+ be dropped >18.04).
1410+ + d/p/ubuntu/libvirtd-service-add-bin-alias.patch: systemd: define alias
1411+ to old service name so that old references work
1412+ + d/p/ubuntu/libvirtd-init-add-bin-alias.patch: sysv init: define alias
1413+ to old service name so that old references work
1414+ + d/control: transitional package with the old name and maintainer
1415+ scripts to handle the transition
1416+ - Backwards compatible handling of group rename (can be dropped >18.04).
1417+ - config details and autostart of default bridged network. Creating that is
1418+ now the default in general, yet our solution provides the following on
1419+ top as of today:
1420+ + autostart the default network by default
1421+ + do not autostart if subnet is already taken (e.g. in guests).
1422+ - d/p/ubuntu/Allow-libvirt-group-to-access-the-socket.patch: This is
1423+ the group based access to libvirt functions as it was used in Ubuntu
1424+ for quite long.
1425+ + d/p/ubuntu/daemon-augeas-fix-expected.patch fix some related tests
1426+ due to the group access change.
1427+ - ubuntu/parallel-shutdown.patch: set parallel shutdown by default.
1428+ - d/p/ubuntu/enable-kvm-spice.patch: compat with older Ubuntu qemu/kvm
1429+ which provided a separate kvm-spice.
1430+ - d/p/ubuntu/ubuntu-libxl-qemu-path.patch: this change was split. The
1431+ section that adapts the path of the emulator to the Debian/Ubuntu
1432+ packaging is kept.
1433+ - d/p/ubuntu/ubuntu-libxl-Fix-up-VRAM-to-minimum-requirements.patch: auto
1434+ set VRAM to minimum requirements
1435+ - d/p/ubuntu/xen-default-uri.patch: set default URI on xen hosts
1436+ - Add libxl log directory
1437+ - libvirt-uri.sh: Automatically switch default libvirt URI for users on
1438+ Xen dom0 via user profile (was missing on changelogs before)
1439+ - d/p/ubuntu/apibuild-skip-libvirt-common.h: drop libvirt-common.h from
1440+ included_files to avoid build failures due to duplicate definitions.
1441+ - Update README.Debian with Ubuntu changes
1442+ - Convert libvirt0, libnss_libvirt and libvirt-dev to multi-arch.
1443+ - Enable some additional features on ppc64el and s390x (for arch parity)
1444+ + systemtap, zfs, numa and numad on s390x.
1445+ + systemtap on ppc64el.
1446+ - fix conffile upgrade handling to avoid obsolete files
1447+ and inactive duplicates (LP 1694159)
1448+ - d/t/control, d/t/smoke-qemu-session: fixup smoke-qemu-session by making
1449+ vmlinuz available and accessible (Debian bug 848314)
1450+ - d/test/smoke-lxc workaround for debbug 848317/867379
1451+ - d/t/control, d/t/smoke-lxc: fix up lxc smoke test (Debian bug 848317)
1452+ - Add dnsmasq configuration to work with system wide dnsmasq (drop >18.04,
1453+ no more UCA onto Xenial then which has global dnsmasq by default).
1454+ - d/p/ubuntu/ubuntu_machine_type.patch: accept ubuntu types as pci440fx
1455+ - conffile handling of files dropped in 3.5 (can be dropped >18.04)
1456+ + /etc/init.d/virtlockd was sysv init only
1457+ + /etc/apparmor.d/local/usr.sbin.libvirtd and
1458+ /etc/apparmor.d/local/usr.lib.libvirt.virt-aa-helper are now generated
1459+ by dh_apparmor as needed
1460+ - Reworked apparmor Delta, especially the more complex delta is dropped
1461+ now, also our former delta is now split into logical pieces, has
1462+ improved comments and is part of a continuous upstreaming effort.
1463+ Listing related remaining changes:
1464+ + d/p/0001-apparmor-Allow-pygrub-to-run-on-Debian-Ubuntu.patch: apparmor:
1465+ Allow pygrub to run on Debian/Ubuntu
1466+ + d/p/0003-apparmor-libvirt-qemu-Allow-read-access-to-overcommi.patch:
1467+ apparmor, libvirt-qemu: Allow read access to overcommit_memory
1468+ + d/p/0007-apparmor-libvirt-qemu-Allow-owner-read-access-to-PRO.patch:
1469+ apparmor, libvirt-qemu: Allow owner read access to @{PROC}/*/auxv
1470+ + d/p/0017-apparmor-virt-aa-helper-Allow-access-to-tmp-director.patch:
1471+ apparmor, virt-aa-helper: Allow access to tmp directories
1472+ + d/p/ubuntu-aa/0020-virt-aa-helper-ubuntu-storage-paths.patch:
1473+ apparmor, virt-aa-helper: Allow various storage pools and image
1474+ locations
1475+ + d/p/0021-apparmor-virt-aa-helper-Add-openvswitch-support.patch:
1476+ apparmor, virt-aa-helper: Add openvswitch support
1477+ + d/p/0025-apparmor-fix-newer-virt-manager-1.4.0.patch: Add Apparmor
1478+ permissions so virt-manager 1.4.0 viewing works (LP 1668681).
1479+ + d/p/0029-appmor-libvirt-qemu-Add-9p-support.patch: appmor,
1480+ libvirt-qemu: Add 9p support
1481+ + d/p/0030-virt-aa-helper-Complete-9p-support.patch: virt-aa-helper:
1482+ add l to 9p file options.
1483+ + d/p/0031-virt-aa-helper-Ask-for-no-deny-rule-for-readonly-dis.patch:
1484+ virt-aa-helper: Ask for no deny rule for readonly disk (renamed and
1485+ reworded, was virt-aa-helper-no-explicity-deny-for-basefiles.patch)
1486+ + d/p/0032-apparmor-libvirt-qemu-Allow-reading-charm-specific-c.patch:
1487+ apparmor, libvirt-qemu: Allow reading charm-specific ceph config
1488+ + d/p/0033-UBUNTU-only-apparmor-for-kvm.powerpc-LP-1680384.patch: allow
1489+ commands executed by ubuntu only kvm wrapper on ppc64el (LP 1686621).
1490+ + d/p/0034-apparmor-virt-aa-helper-access-for-snapped-nova.patch:
1491+ apparmor, virt-aa-helper: access for snapped nova
1492+ * Dropped Changes (Upstream):
1493+ - d/p/0005-apparmor-libvirt-qemu-Allow-use-of-sgabios.patch: apparmor,
1494+ libvirt-qemu: Allow use of sgabios
1495+ - d/p/0006-apparmor-libvirt-qemu-Silence-lttng-related-deny-mes.patch:
1496+ apparmor, libvirt-qemu: Silence lttng related deny messages
1497+ - d/p/0008-apparmor-libvirt-qemu-Allow-read-access-to-sysfs-sys.patch:
1498+ apparmor, libvirt-qemu: Allow read access to sysfs system info
1499+ - d/p/0009-apparmor-libvirt-qemu-Allow-read-access-to-max_mem_r.patch:
1500+ apparmor, libvirt-qemu: Allow read access to max_mem_regions
1501+ - d/p/0010-apparmor-libvirt-qemu-Allow-qemu-block-extra-librari.patch:
1502+ apparmor, libvirt-qemu: Allow qemu-block-extra libraries
1503+ - d/p/0012-apparmor-libvirtd-Allow-access-to-netlink-sockets.patch:
1504+ apparmor, libvirtd: Allow access to netlink sockets
1505+ - d/p/0013-apparmor-Add-rules-for-mediation-support.patch:
1506+ apparmor: Add rules for mediation support
1507+ - d/p/0015-apparmor-virt-aa-helper-Allow-access-to-ecryptfs-fil.patch:
1508+ apparmor, virt-aa-helper: Allow access to ecryptfs files
1509+ - d/p/0016-apparmor-libvirtd-Allow-ixr-to-var-lib-libvirt-virtd.patch:
1510+ apparmor, libvirtd: Allow ixr to /var/lib/libvirt/virtd*
1511+ - d/p/0018-apparmor-virt-aa-helper-Add-ipv6-network-policy.patch:
1512+ apparmor, virt-aa-helper: Add ipv6 network policy
1513+ - d/p/0019-apparmor-virt-aa-helper-Allow-access-to-sys-bus-usb-.patch:
1514+ apparmor, virt-aa-helper: Allow access to /sys/bus/usb/devices
1515+ - d/p/0023-apparmor-qemu-won-t-call-qemu-nbd.patch: apparmor: qemu
1516+ won't call qemu-nbd
1517+ - d/p/0027-apparmor-allow-reading-cmdline-of-shutdown-signal.patch:
1518+ apparmor: allow to parse cmdline of the pid that send the shutdown
1519+ signal (LP 1680384).
1520+ - d/p/0028-apparmor-add-default-pki-path-of-lbvirt-spice.patch:
1521+ apparmor: add default pki path of lbvirt-spice (LP 1690140)
1522+ - d/p/ubuntu-aa/0035-virt-aa-helper-locking-disk-files-for-qemu-2.10.patch:
1523+ for compatibility with the behavior of qemu 2.10 this adds locking
1524+ permission to rules generated for disk files (LP 1709818)
1525+ - d/p/ubuntu-aa/0036-virt-aa-helper-locking-loader-nvram-for-qemu-2.10.patch:
1526+ for compatibility with the behavior of qemu 2.10 this adds locking
1527+ permission to rules generated for loader/nvram (LP 1710960)
1528+ - d/p/ubuntu-aa/0037-virt-aa-helper...: grant locking permission on append
1529+ files (LP 1726804)
1530+ - d/p/ubuntu-aa/0038-virt-aa-helper-fix-paths-for-usb-hostdevs.patch:
1531+ fix path generation for USB host devices (LP 1552241)
1532+ - d/p/ubuntu-aa/0039-virt-aa-helper-fix-libusb-access-to-udev-usb-data.patch:
1533+ generate valid rules on usb passthrough (LP 1686324)
1534+ - d/p/avoid-double-locking.patch: fix a deadlock that could occur when
1535+ libvirtd interactions raced with dbus causing a deadlock (LP 1714254).
1536+ - d/p/u/gnulib-getopt-posix-Fix-build-failure-when-using-ac_cv_head.patch:
1537+ fix FTBFS with glibc 2.26 (LP 1718668)
1538+ - Extended handling of apparmor profiles - clear lost profiles via cron
1539+ (now cleared by virt-aa-helper on domain stop)
1540+ - nat only on some ports <port start='1024' end='65535'/> (upstream
1541+ default now if nothing is specified, actually dropped last cycle)
1542+ * Dropped Changes (In Debian or no more important):
1543+ - d/p/0002-apparmor-libvirt-qemu-Allow-macvtap-access.patch: apparmor,
1544+ libvirt-qemu: Allow macvtap access
1545+ - d/p/0004-apparmor-Explicit-deny-for-setpcap.patch: apparmor: Explicit
1546+ deny for setpcap (LP 522845).
1547+ - d/p/0014-apparmor-virt-aa-helper-Improve-comment-about-backin.patch:
1548+ apparmor, virt-aa-helper: Improve comment about backing store
1549+ - d/p/0022-apparmor-drop-references-to-qemu-kvm.patch: apparmor: drop
1550+ references to qemu-kvm
1551+ - d/p/0024-apparmor-virt-aa-helper-Allow-access-to-name-service.patch:
1552+ apparmor, virt-aa-helper: Allow access to name services
1553+ - d/p/0026-apparmor-add-generic-base-vfio-device.patch: apparmor: add
1554+ /dev/vfio for vf (hot) attach (LP 1680384) (added by virt-aa-helper per
1555+ guest if needed).
1556+ - d/p/0011-apparmor-libvirt-qemu-Allow-access-to-hugepage-mount.patch:
1557+ apparmor, libvirt-qemu: Allow access to hugepage mounts
1558+ - Disable sheepdog (was for universe dependency, but is now only a suggest)
1559+ - d/p/ubuntu/storage-disable-gluster-test: gluster not enabled, skip test
1560+ * Dropped Changes (In Debian/Upstream now based on interim 3.10 work) some of
1561+ these were never released, but important to mention for the bug references:
1562+ - libnss-libvirt once enabled causes apt to call getdents
1563+ avoid this being an issue by dropping a apt conf that allows
1564+ this in seccomp (LP: #1732030).
1565+ - d/libvirt-daemon-system.postrm: clean up more libvirt directories on
1566+ purge
1567+ - d/p/ubuntu-aa/0041-apparmor-allow-unix-stream-for-p2p-migrations.patch:
1568+ apparmor: allow unix stream for p2p migrations
1569+ - d/p/ubuntu-aa/0043-security-apparmor-implement-domainSetPathLabel.patch:
1570+ this replaces the hugepage rules and fixes many more formerly missing
1571+ - d/p/ubuntu-aa/0044-security-full-path-option-for-DomainSetPathLabel.patch:
1572+ allowing to have path wildcards on labels set by domain callbacks
1573+ - d/p/ubuntu-aa/0045-security-apparmor-add-Set-Restore-ChardevLabel.patch:
1574+ apparmor implementation of security callback
1575+ - d/p/ubuntu-aa/0046-apparmor-virt-aa-helper-drop-static-channel-rule.patch:
1576+ this is now covered by chardev label callbacks
1577+ * Added Changes:
1578+ - Revert Debian change "Drop libvirt-bin upgrade handling"
1579+ This is needed in Ubuntu one last time (drop >18.04)
1580+ - Revert Debian change "Drop maintscript helpers for versions predating
1581+ jessie and wheezy-backports". This is needed in Ubuntu one last
1582+ time (drop >18.04)
1583+ - Refreshed d/p/* to match new version (only fuzz, no semantic change)
1584+ - d/libvirt-daemon-system.postrm: change order of libvirt-qemu removal
1585+ to avoid error messages on purge
1586+ - remove no more used libvirt-dnsmasq user (drop >18.04)
1587+ - d/p/ubuntu-aa/0040-apparmor-add-mediation-rules-for-unconfined.patch:
1588+ apparmor: add mediation rules for unconfined guests
1589+ - d/p/ubuntu-aa/0042-security-introduce-virSecurityManager-Set-Restore-Ch
1590+ .patch: backport upstream cahnge to expose already used chardev calls.
1591+ - d/libvirt-daemon-system.postrm: Remove the default.xml network link
1592+ set up by postinst.
1593+ - d/libvirt-daemon-system.maintscript: remove the now dropped conffile
1594+ /etc/cron.daily/libvirt-daemon-system
1595+ - d/libvirt-daemon-system.postinst: fixups for autostart default network
1596+ - use modern shell syntax
1597+ - try more default networks before giving up to enable by default
1598+ - d/p/ubuntu-aa/0020-virt-aa-helper-ubuntu-storage-paths.patch:
1599+ add multipass image path and mark as ubuntu only change.
1600+ - d/rules: install virtlockd correctly with defaults file (LP: #1729516)
1601+ - extended d/p/0025-apparmor-fix-newer-virt-manager-1.4.0.patch to cover
1602+ the slightly changed behavior of libvirt 4.0 (LP: #1741617)
1603+ - d/control: make libvirt-daemon-driver-storage-rbd a recommend instead of
1604+ just a suggest to have 3rd party relying on rbd out of the box working.
1605+ This is deprecated and users of rbd backend should start depending on
1606+ this package for it will be dropped to a suggest in future releases.
1607+
1608+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Thu, 14 Dec 2017 14:15:55 +0100
1609+
1610 libvirt (4.0.0-1) unstable; urgency=medium
1611
1612 * [5936904] New upstream version 4.0.0
1613@@ -800,6 +2369,206 @@ libvirt (3.7.0-1) unstable; urgency=medium
1614
1615 -- Guido Günther <agx@sigxcpu.org> Fri, 08 Sep 2017 14:52:38 +0200
1616
1617+libvirt (3.6.0-1ubuntu6) artful; urgency=medium
1618+
1619+ * d/p/ubuntu-aa/0037-virt-aa-helper...: grant locking permission on append
1620+ files (LP: #1726804)
1621+ * d/p/ubuntu-aa/0038-virt-aa-helper-fix-paths-for-usb-hostdevs.patch:
1622+ fix path generation for USB host devices (LP: #1552241)
1623+ * d/p/ubuntu-aa/0039-virt-aa-helper-fix-libusb-access-to-udev-usb-data.patch:
1624+ generate valid rules on usb passthrough (LP: #1686324)
1625+
1626+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Tue, 24 Oct 2017 14:30:34 +0200
1627+
1628+libvirt (3.6.0-1ubuntu5) artful; urgency=medium
1629+
1630+ * d/p/u/gnulib-getopt-posix-Fix-build-failure-when-using-ac_cv_head.patch:
1631+ fix FTBFS with glibc 2.26 (LP: #1718668)
1632+
1633+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Thu, 28 Sep 2017 08:18:10 -0400
1634+
1635+libvirt (3.6.0-1ubuntu4) artful; urgency=medium
1636+
1637+ * d/p/avoid-double-locking.patch: fix a deadlock that could occur when
1638+ libvirtd interactions raced with dbus causing a deadlock (LP: #1714254).
1639+
1640+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Fri, 01 Sep 2017 10:29:35 +0200
1641+
1642+libvirt (3.6.0-1ubuntu3) artful; urgency=medium
1643+
1644+ * No change rebuild for Qemu 2.10 and Xen 4.9
1645+
1646+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Mon, 21 Aug 2017 10:34:13 +0200
1647+
1648+libvirt (3.6.0-1ubuntu2) artful; urgency=medium
1649+
1650+ * d/p/ubuntu-aa/0036-virt-aa-helper-locking-loader-nvram-for-qemu-2.10.patch:
1651+ for compatibility with the behavior of qemu 2.10 this adds locking
1652+ permission to rules generated for loader/nvram (LP: #1710960)
1653+
1654+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Thu, 17 Aug 2017 10:00:19 +0200
1655+
1656+libvirt (3.6.0-1ubuntu1) artful; urgency=medium
1657+
1658+ * Merged with Debian unstable (3.6)
1659+ This closes several bugs:
1660+ - aarch64: improved chardev handling (LP: #1697610)
1661+ - Forbid locking memory without memtune (LP: #1708305)
1662+ * Remaining changes:
1663+ - Disable sheepdog (universe dependency)
1664+ - Disable libssh2 support (universe dependency)
1665+ - Disable firewalld support (universe dependency)
1666+ - Disable selinux
1667+ - Set qemu-group to kvm (for compat with older ubuntu)
1668+ - Regularly clear AppArmor profiles for vms that no longer exist
1669+ - Additional apport package-hook
1670+ - Modifications to adapt for our delayed switch away from libvirt-bin (can
1671+ be dropped >18.04).
1672+ + d/p/ubuntu/libvirtd-service-add-bin-alias.patch: systemd: define alias
1673+ to old service name so that old references work
1674+ + d/p/ubuntu/libvirtd-init-add-bin-alias.patch: sysv init: define alias
1675+ to old service name so that old references work
1676+ + d/control: transitional package with the old name and maintainer
1677+ scripts to handle the transition
1678+ - Backwards compatible handling of group rename (can be dropped >18.04).
1679+ - config details and autostart of default bridged network. Creating that is
1680+ now the default in general, yet our solution provides the following on
1681+ top as of today:
1682+ + nat only on some ports <port start='1024' end='65535'/>
1683+ + autostart the default network by default
1684+ + do not autostart if 192.168.122.0 is already taken (e.g. in containers)
1685+ - d/p/ubuntu/Allow-libvirt-group-to-access-the-socket.patch: This is
1686+ the group based access to libvirt functions as it was used in Ubuntu
1687+ for quite long.
1688+ + d/p/ubuntu/daemon-augeas-fix-expected.patch fix some related tests
1689+ due to the group access change.
1690+ - ubuntu/parallel-shutdown.patch: set parallel shutdown by default.
1691+ - d/p/ubuntu/enable-kvm-spice.patch: compat with older Ubuntu qemu/kvm
1692+ which provided a separate kvm-spice.
1693+ - d/p/ubuntu/storage-disable-gluster-test: gluster not enabled, skip test
1694+ - d/p/ubuntu/ubuntu-libxl-qemu-path.patch: this change was split. The
1695+ section that adapts the path of the emulator to the Debian/Ubuntu
1696+ packaging is kept.
1697+ - d/p/ubuntu/ubuntu-libxl-Fix-up-VRAM-to-minimum-requirements.patch: auto
1698+ set VRAM to minimum requirements
1699+ - d/p/ubuntu/xen-default-uri.patch: set default URI on xen hosts
1700+ - Add libxl log directory
1701+ - libvirt-uri.sh: Automatically switch default libvirt URI for users on
1702+ Xen dom0 via user profile (was missing on changelogs before)
1703+ - d/p/ubuntu/apibuild-skip-libvirt-common.h: drop libvirt-common.h from
1704+ included_files to avoid build failures due to duplicate definitions.
1705+ - Update README.Debian with Ubuntu changes
1706+ - Convert libvirt0, libnss_libvirt and libvirt-dev to multi-arch.
1707+ - Enable some additional features on ppc64el and s390x (for arch parity)
1708+ + systemtap, zfs, numa and numad on s390x.
1709+ + systemtap on ppc64el.
1710+ - fix conffile upgrade handling to avoid obsolete files
1711+ and inactive duplicates (LP 1694159)
1712+ - d/t/control, d/t/smoke-qemu-session: fixup smoke-qemu-session by making
1713+ vmlinuz available and accessible (Debian bug 848314)
1714+ - d/test/smoke-lxc workaround for debbug 848317/867379
1715+ - d/t/control, d/t/smoke-lxc: fix up lxc smoke test (Debian bug 848317)
1716+ - Extended handling of apparmor profiles - clear lost profiles via cron
1717+ - Add dnsmasq configuration to work with system wide dnsmasq (drop >18.04,
1718+ no more UCA onto Xenial then which has global dnsmasq by default).
1719+ - d/p/ubuntu/ubuntu_machine_type.patch: accept ubuntu types as pci440fx
1720+ - conffile handling of files dropped in 3.5 (can be dropped >18.04)
1721+ + /etc/init.d/virtlockd was sysv init only
1722+ + /etc/apparmor.d/local/usr.sbin.libvirtd and
1723+ /etc/apparmor.d/local/usr.lib.libvirt.virt-aa-helper are now generated
1724+ by dh_apparmor as needed
1725+ - Reworked apparmor Delta, especially the more complex delta is dropped
1726+ now, also our former delta is now split into logical pieces, has
1727+ improved comments and is part of a continuous upstreaming effort.
1728+ Listing related remaining changes:
1729+ + d/p/0001-apparmor-Allow-pygrub-to-run-on-Debian-Ubuntu.patch: apparmor:
1730+ Allow pygrub to run on Debian/Ubuntu
1731+ + d/p/0002-apparmor-libvirt-qemu-Allow-macvtap-access.patch: apparmor,
1732+ libvirt-qemu: Allow macvtap access
1733+ + d/p/0003-apparmor-libvirt-qemu-Allow-read-access-to-overcommi.patch:
1734+ apparmor, libvirt-qemu: Allow read access to overcommit_memory
1735+ + d/p/0004-apparmor-Explicit-deny-for-setpcap.patch: apparmor: Explicit
1736+ deny for setpcap
1737+ + d/p/0005-apparmor-libvirt-qemu-Allow-use-of-sgabios.patch: apparmor,
1738+ libvirt-qemu: Allow use of sgabios
1739+ + d/p/0006-apparmor-libvirt-qemu-Silence-lttng-related-deny-mes.patch:
1740+ apparmor, libvirt-qemu: Silence lttng related deny messages
1741+ + d/p/0007-apparmor-libvirt-qemu-Allow-owner-read-access-to-PRO.patch:
1742+ apparmor, libvirt-qemu: Allow owner read access to @{PROC}/*/auxv
1743+ + d/p/0008-apparmor-libvirt-qemu-Allow-read-access-to-sysfs-sys.patch:
1744+ apparmor, libvirt-qemu: Allow read access to sysfs system info
1745+ + d/p/0009-apparmor-libvirt-qemu-Allow-read-access-to-max_mem_r.patch:
1746+ apparmor, libvirt-qemu: Allow read access to max_mem_regions
1747+ + d/p/0010-apparmor-libvirt-qemu-Allow-qemu-block-extra-librari.patch:
1748+ apparmor, libvirt-qemu: Allow qemu-block-extra libraries
1749+ + d/p/0011-apparmor-libvirt-qemu-Allow-access-to-hugepage-mount.patch:
1750+ apparmor, libvirt-qemu: Allow access to hugepage mounts
1751+ + d/p/0012-apparmor-libvirtd-Allow-access-to-netlink-sockets.patch:
1752+ apparmor, libvirtd: Allow access to netlink sockets
1753+ + d/p/0013-apparmor-Add-rules-for-mediation-support.patch:
1754+ apparmor: Add rules for mediation support
1755+ + d/p/0014-apparmor-virt-aa-helper-Improve-comment-about-backin.patch:
1756+ apparmor, virt-aa-helper: Improve comment about backing store
1757+ + d/p/0015-apparmor-virt-aa-helper-Allow-access-to-ecryptfs-fil.patch:
1758+ apparmor, virt-aa-helper: Allow access to ecryptfs files
1759+ + d/p/0016-apparmor-libvirtd-Allow-ixr-to-var-lib-libvirt-virtd.patch:
1760+ apparmor, libvirtd: Allow ixr to /var/lib/libvirt/virtd*
1761+ + d/p/0017-apparmor-virt-aa-helper-Allow-access-to-tmp-director.patch:
1762+ apparmor, virt-aa-helper: Allow access to tmp directories
1763+ + d/p/0018-apparmor-virt-aa-helper-Add-ipv6-network-policy.patch:
1764+ apparmor, virt-aa-helper: Add ipv6 network policy
1765+ + d/p/0019-apparmor-virt-aa-helper-Allow-access-to-sys-bus-usb-.patch:
1766+ apparmor, virt-aa-helper: Allow access to /sys/bus/usb/devices
1767+ + d/p/0020-apparmor-virt-aa-helper-Allow-various-storage-pools-.patch:
1768+ apparmor, virt-aa-helper: Allow various storage pools and image
1769+ locations
1770+ + d/p/0021-apparmor-virt-aa-helper-Add-openvswitch-support.patch:
1771+ apparmor, virt-aa-helper: Add openvswitch support
1772+ + d/p/0022-apparmor-drop-references-to-qemu-kvm.patch: apparmor: drop
1773+ references to qemu-kvm
1774+ + d/p/0023-apparmor-qemu-won-t-call-qemu-nbd.patch: apparmor: qemu
1775+ won't call qemu-nbd
1776+ + d/p/0024-apparmor-virt-aa-helper-Allow-access-to-name-service.patch:
1777+ apparmor, virt-aa-helper: Allow access to name services
1778+ + d/p/0025-apparmor-fix-newer-virt-manager-1.4.0.patch: Add Apparmor
1779+ permissions so virt-manager 1.4.0 viewing works (LP 1668681).
1780+ + d/p/0026-apparmor-add-generic-base-vfio-device.patch: apparmor: add
1781+ /dev/vfio for vf (hot) attach (LP 1680384).
1782+ + d/p/0027-apparmor-allow-reading-cmdline-of-shutdown-signal.patch:
1783+ apparmor: allow to parse cmdline of the pid that send the shutdown
1784+ signal (LP 1680384).
1785+ + d/p/0028-apparmor-add-default-pki-path-of-lbvirt-spice.patch:
1786+ apparmor: add default pki path of lbvirt-spice (LP 1690140)
1787+ + d/p/0029-appmor-libvirt-qemu-Add-9p-support.patch: appmor,
1788+ libvirt-qemu: Add 9p support
1789+ + d/p/0030-virt-aa-helper-Complete-9p-support.patch: virt-aa-helper:
1790+ add l to 9p file options.
1791+ + d/p/0031-virt-aa-helper-Ask-for-no-deny-rule-for-readonly-dis.patch:
1792+ virt-aa-helper: Ask for no deny rule for readonly disk (renamed and
1793+ reworded, was virt-aa-helper-no-explicity-deny-for-basefiles.patch)
1794+ + d/p/0032-apparmor-libvirt-qemu-Allow-reading-charm-specific-c.patch:
1795+ apparmor, libvirt-qemu: Allow reading charm-specific ceph config
1796+ + d/p/0033-UBUNTU-only-apparmor-for-kvm.powerpc-LP-1680384.patch: allow
1797+ commands executed by ubuntu only kvm wrapper on ppc64el (LP 1686621).
1798+ + d/p/0034-apparmor-virt-aa-helper-access-for-snapped-nova.patch:
1799+ apparmor, virt-aa-helper: access for snapped nova
1800+ * Dropped Changes (Upstream):
1801+ - d/p/ubuntu/fix-libxl-default-driver-name.patch: avoid an issue with
1802+ default driver entries missing name='qemu'.
1803+ - d/p/u/aa-helper-Properly-link-with-storage-driver.patch (LP 1704782)
1804+ Fix to be able to follow BackinStorage chains when creating per
1805+ guest apparmor rules.
1806+ * Dropped Changes (In Debian):
1807+ - Enable esx support
1808+ + Add build-dep to libcurl4-gnutls-dev (required for esx)
1809+ * Added Changes:
1810+ - d/p/ubuntu-aa/0035-virt-aa-helper-locking-disk-files-for-qemu-2.10.patch:
1811+ for compatibility with the behavior of qemu 2.10 this adds locking
1812+ permission to rules generated for disk files (LP: #1709818)
1813+
1814+
1815+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Thu, 10 Aug 2017 12:44:47 +0200
1816+
1817 libvirt (3.6.0-1) unstable; urgency=medium
1818
1819 * [ece8d56] New upstream version 3.6.0 (Closes: #870626)
1820@@ -816,6 +2585,264 @@ libvirt (3.6.0-1) unstable; urgency=medium
1821
1822 -- Guido Günther <agx@sigxcpu.org> Fri, 04 Aug 2017 00:05:47 -0300
1823
1824+libvirt (3.5.0-1ubuntu3) artful; urgency=medium
1825+
1826+ * Refresh changes to match they way they were accepted upstream
1827+ - d/p/u/aa-helper-Properly-link-with-storage-driver.patch add commit
1828+ reference now that it is in git.
1829+ - d/p/u/fix-libxl-default-driver-name.patch: instead of addin the
1830+ name this is now fixed by relaxing the schema.
1831+
1832+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Wed, 19 Jul 2017 12:48:39 +0200
1833+
1834+libvirt (3.5.0-1ubuntu2) artful; urgency=medium
1835+
1836+ * d/p/u/aa-helper-Properly-link-with-storage-driver.patch (LP: #1704782)
1837+ Fix to be able to follow BackinStorage chains when creating per
1838+ guest apparmor rules.
1839+
1840+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Tue, 18 Jul 2017 16:34:57 +0200
1841+
1842+libvirt (3.5.0-1ubuntu1) artful; urgency=medium
1843+
1844+ * Merged with Debian unstable (3.5)
1845+ This closes several bugs:
1846+ - improved handling of host-model since libvirt 3.2 (LP: #1673467)
1847+ - Adding POWER9 cpu model to cpu_map.xml (LP: #1690209)
1848+ * Remaining changes:
1849+ - Disable sheepdog (universe dependency)
1850+ - Disable libssh2 support (universe dependency)
1851+ - Disable firewalld support (universe dependency)
1852+ - Disable selinux
1853+ - Enable esx support
1854+ + Add build-dep to libcurl4-gnutls-dev (required for esx)
1855+ - Set qemu-group to kvm (for compat with older ubuntu)
1856+ - Regularly clear AppArmor profiles for vms that no longer exist
1857+ - Additional apport package-hook
1858+ - Modifications to adapt for our delayed switch away from libvirt-bin (can
1859+ be dropped >18.04).
1860+ + d/p/ubuntu/libvirtd-service-add-bin-alias.patch: systemd: define alias
1861+ to old service name so that old references work
1862+ + d/p/ubuntu/libvirtd-init-add-bin-alias.patch: sysv init: define alias
1863+ to old service name so that old references work
1864+ + d/control: transitional package with the old name and maintainer
1865+ scripts to handle the transition
1866+ - Backwards compatible handling of group rename (can be dropped >18.04).
1867+ - config details and autostart of default bridged network. Creating that is
1868+ now the default in general, yet our solution provides the following on
1869+ top as of today:
1870+ + nat only on some ports <port start='1024' end='65535'/>
1871+ + autostart the default network by default
1872+ + do not autostart if 192.168.122.0 is already taken (e.g. in containers)
1873+ - d/p/ubuntu/Allow-libvirt-group-to-access-the-socket.patch: This is
1874+ the group based access to libvirt functions as it was used in Ubuntu
1875+ for quite long.
1876+ + d/p/ubuntu/daemon-augeas-fix-expected.patch fix some related tests
1877+ due to the group access change.
1878+ - ubuntu/parallel-shutdown.patch: set parallel shutdown by default.
1879+ - d/p/ubuntu/enable-kvm-spice.patch: compat with older Ubuntu qemu/kvm
1880+ which provided a separate kvm-spice.
1881+ - d/p/ubuntu/storage-disable-gluster-test: gluster not enabled, skip test
1882+ - d/p/ubuntu/ubuntu-libxl-qemu-path.patch: this change was split. The
1883+ section that adapts the path of the emulator to the Debian/Ubuntu
1884+ packaging is kept.
1885+ - d/p/ubuntu/ubuntu-libxl-Fix-up-VRAM-to-minimum-requirements.patch: auto
1886+ set VRAM to minimum requirements
1887+ - d/p/ubuntu/xen-default-uri.patch: set default URI on xen hosts
1888+ - Add libxl log directory
1889+ - libvirt-uri.sh: Automatically switch default libvirt URI for users on
1890+ Xen dom0 via user profile (was missing on changelogs before)
1891+ - d/p/ubuntu/apibuild-skip-libvirt-common.h: drop libvirt-common.h from
1892+ included_files to avoid build failures due to duplicate definitions.
1893+ - Update README.Debian with Ubuntu changes
1894+ - Convert libvirt0, libnss_libvirt and libvirt-dev to multi-arch.
1895+ - Enable some additional features on ppc64el and s390x (for arch parity)
1896+ + systemtap, zfs, numa and numad on s390x.
1897+ + systemtap on ppc64el.
1898+ - fix conffile upgrade handling to avoid obsolete files
1899+ and inactive duplicates (LP 1694159)
1900+ - d/t/control, d/t/smoke-qemu-session: fixup smoke-qemu-session by making
1901+ vmlinuz available and accessible (Debian bug 848314)
1902+ - d/t/control, d/t/smoke-lxc: fix up lxc smoke test (Debian bug 848317)
1903+ - Extended handling of apparmor profiles - clear lost profiles via cron
1904+ - Add dnsmasq configuration to work with system wide dnsmasq (drop >18.04,
1905+ no more UCA onto Xenial then which has global dnsmasq by default).
1906+ - Reworked apparmor Delta, especially the more complex delta is dropped
1907+ now, also our former delta is now split into logical pieces, has
1908+ improved comments and is part of a continuous upstreaming effort.
1909+ Listing related remaining changes:
1910+ + d/p/0001-apparmor-Allow-pygrub-to-run-on-Debian-Ubuntu.patch: apparmor:
1911+ Allow pygrub to run on Debian/Ubuntu
1912+ + d/p/0002-apparmor-libvirt-qemu-Allow-macvtap-access.patch: apparmor,
1913+ libvirt-qemu: Allow macvtap access
1914+ + d/p/0003-apparmor-libvirt-qemu-Allow-read-access-to-overcommi.patch:
1915+ apparmor, libvirt-qemu: Allow read access to overcommit_memory
1916+ + d/p/0004-apparmor-Explicit-deny-for-setpcap.patch: apparmor: Explicit
1917+ deny for setpcap
1918+ + d/p/0005-apparmor-libvirt-qemu-Allow-use-of-sgabios.patch: apparmor,
1919+ libvirt-qemu: Allow use of sgabios
1920+ + d/p/0006-apparmor-libvirt-qemu-Silence-lttng-related-deny-mes.patch:
1921+ apparmor, libvirt-qemu: Silence lttng related deny messages
1922+ + d/p/0007-apparmor-libvirt-qemu-Allow-owner-read-access-to-PRO.patch:
1923+ apparmor, libvirt-qemu: Allow owner read access to @{PROC}/*/auxv
1924+ + d/p/0008-apparmor-libvirt-qemu-Allow-read-access-to-sysfs-sys.patch:
1925+ apparmor, libvirt-qemu: Allow read access to sysfs system info
1926+ + d/p/0009-apparmor-libvirt-qemu-Allow-read-access-to-max_mem_r.patch:
1927+ apparmor, libvirt-qemu: Allow read access to max_mem_regions
1928+ + d/p/0010-apparmor-libvirt-qemu-Allow-qemu-block-extra-librari.patch:
1929+ apparmor, libvirt-qemu: Allow qemu-block-extra libraries
1930+ + d/p/0011-apparmor-libvirt-qemu-Allow-access-to-hugepage-mount.patch:
1931+ apparmor, libvirt-qemu: Allow access to hugepage mounts
1932+ + d/p/0012-apparmor-libvirtd-Allow-access-to-netlink-sockets.patch:
1933+ apparmor, libvirtd: Allow access to netlink sockets
1934+ + d/p/0013-apparmor-Add-rules-for-mediation-support.patch:
1935+ apparmor: Add rules for mediation support
1936+ + d/p/0014-apparmor-virt-aa-helper-Improve-comment-about-backin.patch:
1937+ apparmor, virt-aa-helper: Improve comment about backing store
1938+ + d/p/0015-apparmor-virt-aa-helper-Allow-access-to-ecryptfs-fil.patch:
1939+ apparmor, virt-aa-helper: Allow access to ecryptfs files
1940+ + d/p/0016-apparmor-libvirtd-Allow-ixr-to-var-lib-libvirt-virtd.patch:
1941+ apparmor, libvirtd: Allow ixr to /var/lib/libvirt/virtd*
1942+ + d/p/0017-apparmor-virt-aa-helper-Allow-access-to-tmp-director.patch:
1943+ apparmor, virt-aa-helper: Allow access to tmp directories
1944+ + d/p/0018-apparmor-virt-aa-helper-Add-ipv6-network-policy.patch:
1945+ apparmor, virt-aa-helper: Add ipv6 network policy
1946+ + d/p/0019-apparmor-virt-aa-helper-Allow-access-to-sys-bus-usb-.patch:
1947+ apparmor, virt-aa-helper: Allow access to /sys/bus/usb/devices
1948+ + d/p/0020-apparmor-virt-aa-helper-Allow-various-storage-pools-.patch:
1949+ apparmor, virt-aa-helper: Allow various storage pools and image
1950+ locations
1951+ + d/p/0021-apparmor-virt-aa-helper-Add-openvswitch-support.patch:
1952+ apparmor, virt-aa-helper: Add openvswitch support
1953+ + d/p/0022-apparmor-drop-references-to-qemu-kvm.patch: apparmor: drop
1954+ references to qemu-kvm
1955+ + d/p/0023-apparmor-qemu-won-t-call-qemu-nbd.patch: apparmor: qemu
1956+ won't call qemu-nbd
1957+ + d/p/0024-apparmor-virt-aa-helper-Allow-access-to-name-service.patch:
1958+ apparmor, virt-aa-helper: Allow access to name services
1959+ + d/p/0025-apparmor-fix-newer-virt-manager-1.4.0.patch: Add Apparmor
1960+ permissions so virt-manager 1.4.0 viewing works (LP 1668681).
1961+ + d/p/0026-apparmor-add-generic-base-vfio-device.patch: apparmor: add
1962+ /dev/vfio for vf (hot) attach (LP 1680384).
1963+ + d/p/0027-apparmor-allow-reading-cmdline-of-shutdown-signal.patch:
1964+ apparmor: allow to parse cmdline of the pid that send the shutdown
1965+ signal (LP 1680384).
1966+ + (28 is a new patch, listed in added changes)
1967+ + d/p/0029-appmor-libvirt-qemu-Add-9p-support.patch: appmor,
1968+ libvirt-qemu: Add 9p support
1969+ + d/p/0030-virt-aa-helper-Complete-9p-support.patch: virt-aa-helper:
1970+ add l to 9p file options.
1971+ + d/p/0031-virt-aa-helper-Ask-for-no-deny-rule-for-readonly-dis.patch:
1972+ virt-aa-helper: Ask for no deny rule for readonly disk (renamed and
1973+ reworded, was virt-aa-helper-no-explicity-deny-for-basefiles.patch)
1974+ + d/p/0032-apparmor-libvirt-qemu-Allow-reading-charm-specific-c.patch:
1975+ apparmor, libvirt-qemu: Allow reading charm-specific ceph config
1976+ + d/p/0033-UBUNTU-only-apparmor-for-kvm.powerpc-LP-1680384.patch: allow
1977+ commands executed by ubuntu only kvm wrapper on ppc64el (LP 1686621).
1978+ + d/p/0034-apparmor-virt-aa-helper-access-for-snapped-nova.patch:
1979+ apparmor, virt-aa-helper: access for snapped nova
1980+ - remaining but updated to match the latest release
1981+ + d/p/Disable-use-of-namespaces-by-default.patch (Debian change)
1982+ + d/p/Reduce-udevadm-settle-timeout-to-10-seconds.patch (Debian change)
1983+ + d/p/debian/apparmor_profiles_local_include.patch Include local
1984+ apparmor profile (Debian change)
1985+ + d/p/ubuntu/ubuntu_machine_type.patch: accept ubuntu types as pci440fx
1986+ + d/test/smoke-lxc workaround for debbug 848317/867379
1987+ * Dropped Changes (Upstream):
1988+ - Add missing apparmor rule for debug-threads feature (LP 1615550).
1989+ - Add new block device types to virt-aa-helpers profile (LP 1641618)
1990+ - d/p/ubuntu/storage-default-permission-mode-to-0711: safer default perms
1991+ for storage dirs like /var/lib/libvirt/images.
1992+ - d/p/ubuntu/libvirtd-service-nolimit.patch: remove proc/file/task limits
1993+ to support huge systems.
1994+ - d/p/ubuntu/libvirtd-service-set-notifyaccess.patch: set NotifyAccess=all
1995+ in libvirtd.service (-d not allowed to be specified, everything else
1996+ upstream so drop delta; LP 1574566).
1997+ - d/p/ubuntu/qemu_process-spice-don-t-release-used-port.patch: qemu_process
1998+ spice: don't release used port (LP 1697729).
1999+ - d/p/ubuntu/virsh-maxvcpu-fall-back-to-old-command.patch: virsh: maxvcpus:
2000+ Always fall back to the old command if domain caps fail (LP 1674298)
2001+ - d/p/ubuntu/qemu-Allow-empty-script-path-to-interface.patch: in the past
2002+ it was possible to have <script path=''/> which now fails - fix to match
2003+ the old behavior (LP 1665698)
2004+ - Reworked apparmor Delta and started upstreaming, listing related
2005+ changes dropped:
2006+ + Apparmor feature parsing to depend on new apparmor features which
2007+ appear in different versions across distributions (no more needed
2008+ >=Xenial, allows to now separate changes and upstream more easily).
2009+ + d/p/ubuntu/Ensure-disk-names-follow-the-disk-name-regex.patch:
2010+ guarantee disk spec is following the defined regex (LP 1665410).
2011+ + d/p/ubuntu/virt-aa-helper-add-guest-agent-rule.patch: add
2012+ virt-aa-helper rule allowing all private channel access.
2013+ + d/p/ubuntu/virt-aa-helper-apparmor-allow-usr-share-AAVMF-too.patch:
2014+ virt-aa-helper to allow access to aarch64 UEFI images.
2015+ + d/rules, apparmor: include and install local apparmor profiles (This
2016+ is now done by dh_apparmor automatically)
2017+ + add local apparmor override templates (provided by dh_apparmor now)
2018+ + Fix name resolution calls from virt-aa-helper profile (LP 1546674).
2019+ + virt-aa-helper, apparmor: allow /usr/share/OVMF/ too
2020+ + virt-aa-helper: Generalize test for firmware paths
2021+ + apparmor, virt-aa-helper: Allow aarch64 UEFI.
2022+ + apparmor, libvirt-qemu: Add ppc64el related changes
2023+ + apparmor, libvirtd: Allow libxl-save-helper to run on Debian/Ubuntu
2024+ + apparmor, libvirt-qemu: Allow access to ceph config
2025+ + apparmor, libvirt-qemu: Allow access to certificates used by libvirt-vnc
2026+ + apparmor, virt-aa-helper: Explicit denies for host devices
2027+ + apparmor, virt-aa-helper: Allow access to libnl-3 config files
2028+ + apparmor, libvirt-qemu: allow access to pt_chown for pty consoles
2029+ * Dropped Changes (In Debian):
2030+ - d/rules: debhelper start virtlogd.socket
2031+ - d/p/ubuntu/Debianize-virtlogd-service.patch: Adapt config file location
2032+ for Debian based systems.
2033+ - Additional debian/bug-presubj
2034+ - Extended handling of apparmor profiles - reload and remove in maintainer
2035+ scripts (dh_apparmor* now generate these snippets)
2036+ * Dropped Changes (no SysV anymore):
2037+ - Add sysvinit script for virtlockd
2038+ - Wait on socket in sysvinit script
2039+ - d/rules: dh_installinit virtlockd (was part of "Cleanup systemd
2040+ debhelper"
2041+ - d/p/ubuntu/Debianize-virtlockd-init.patch: Fix default config path in
2042+ virtlockd.init for Debian based systems.
2043+ * Dropped Changes (other reasons):
2044+ - d/p/ubuntu/dnsmasq-as-priv-user: configuration to run as extra user
2045+ This used group libvirt instead of nobody which makes it worse; Needs
2046+ to be fixed upstream (LP: #1690729).
2047+ + d/p/ubuntu/disable-network-test.patch: disable test failing due to
2048+ dnsmasq changes.
2049+ - Add .gitignore for .pc
2050+ - we keep lxc support as Debian does, but stop adding delta. It feels
2051+ somewhat less maintained than e.g. libvirt for qemu. Also for secure
2052+ and comfortable container management lxd is clearly preferred. The
2053+ delta caused more issues than it solved so deliver libvirt-lxc as-is
2054+ and drop the related delta.
2055+ + d/p/ubuntu/9031-enable-lxc-apparmor: enable apparmor confinement of
2056+ containers by default.
2057+ + d/p/ubuntu/9032-lxc-allow-no-security-driver: allow empty sec driver
2058+ for libvirt-lxc.
2059+ - The following xen changes are no more required with current versions
2060+ + d/p/ubuntu/ubuntu-libxl-hvmloader-path.patch: Fallback for libxl
2061+ xen paths (LP 1459603)
2062+ + d/p/ubuntu/ubuntu-libxl-qemu-path.patch: this change was split. The
2063+ section about compat to the very old qemu-dm name is no more needed.
2064+ + d/p/ubuntu/libxl-fix-test-data.patch and
2065+ d/p/ubuntu/fix-xen-xml-in-tests.patch: updated and unified into the
2066+ former one + also updated the maintainer notes to ease updating.
2067+ + d/p/ubuntu/libxl-no-dm-check.patch: Stop calling emulator to identify
2068+ device-model
2069+ * Added Changes:
2070+ - d/p/0028-apparmor-add-default-pki-path-of-lbvirt-spice.patch:
2071+ apparmor: add default pki path of lbvirt-spice (LP: #1690140)
2072+ - conffile handling of files dropped in 3.5 (can be dropped >18.04)
2073+ + /etc/init.d/virtlockd was sysv init only
2074+ + /etc/apparmor.d/local/usr.sbin.libvirtd and
2075+ /etc/apparmor.d/local/usr.lib.libvirt.virt-aa-helper are now generated
2076+ by dh_apparmor as needed
2077+ - d/p/ubuntu/fix-libxl-default-driver-name.patch: avoid an issue with
2078+ default driver entries missing name='qemu'.
2079+
2080+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Thu, 06 Jul 2017 15:43:17 +0200
2081+
2082 libvirt (3.5.0-1) unstable; urgency=medium
2083
2084 [ Guido Günther ]
2085@@ -909,6 +2936,233 @@ libvirt (3.0.0-1) experimental; urgency=medium
2086
2087 -- Guido Günther <agx@sigxcpu.org> Thu, 19 Jan 2017 18:51:18 +0100
2088
2089+libvirt (2.5.0-3ubuntu10) artful; urgency=medium
2090+
2091+ * d/p/ubuntu/0004-apparmor-apply-ubuntu-delta.patch: Allow access to base
2092+ images and snapshots stored in nova-hypervisor snap's $SNAP_COMMON
2093+ directory, enabling use of the libvirt deb from the nova-hypervisor
2094+ snap (LP: #1644507).
2095+
2096+ -- Corey Bryant <corey.bryant@canonical.com> Thu, 22 Jun 2017 14:29:39 -0400
2097+
2098+libvirt (2.5.0-3ubuntu9) artful; urgency=medium
2099+
2100+ * d/p/ubuntu/qemu_process-spice-don-t-release-used-port.patch: qemu_process
2101+ spice: don't release used port (LP: #1697729) - upstream in libvirt 3.1.
2102+
2103+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Wed, 14 Jun 2017 14:49:16 +0200
2104+
2105+libvirt (2.5.0-3ubuntu8) artful; urgency=medium
2106+
2107+ * fix conffile upgrade handling to avoid obsolete files
2108+ and inactive duplicates (LP: #1694159)
2109+ - d/libvirt-daemon-system.maintscript: revert to Debian content
2110+ - d/libvirt-bin.maintscript: add missing rm_conffile related to
2111+ dropping upstart.
2112+ - d/libvirt-bin.maintscript: add missing rm of conffiles due
2113+ to re-aligning with debian package names since yakkety.
2114+ - d/libvirt-bin.maintscript: for LTS->LTS upgraders try to move and retain
2115+ custom changes.
2116+ - d/libvirt-bin.maintscript: for upgraders from yakkety or later remove
2117+ the (now duplicate) conffiles, but retain custom changes in backups if
2118+ they exist
2119+ - d/libvirt-bin.preinst: drop manual mv of conffiles which lacked
2120+ retaining changes and upgrade-abort handling.
2121+ - d/libvirt-bin.preinst: handle upgrades up to the latest predecessor
2122+ possible before yakkety.
2123+ - d/libvirt-bin.preinst: fixup the combination of rm+mv conffile in case
2124+ the package is upgrading from pre yakkety.
2125+ - d/libvirt-daemon-system.postinst: clean up old dnsmasq enablement symlink
2126+ if unmodified.
2127+
2128+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Wed, 31 May 2017 14:29:51 +0200
2129+
2130+libvirt (2.5.0-3ubuntu7) artful; urgency=medium
2131+
2132+ * debian/patches/ubuntu/apparmor-ppcwrapper.patch: update to add missing
2133+ colon (LP: #1686621).
2134+
2135+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Thu, 27 Apr 2017 13:16:05 +0200
2136+
2137+libvirt (2.5.0-3ubuntu6) artful; urgency=medium
2138+
2139+ * Add missing apparmor profile entries (LP: #1680384)
2140+ - debian/patches/ubuntu/apparmor-vfio.patch: apparmor: add /dev/vfio
2141+ for vf (hot) attach
2142+ - debian/patches/ubuntu/apparmor-ppcwrapper.patch: apparmor: allow
2143+ extra tools executed by kvm.powerpc
2144+ - debian/patches/ubuntu/apparmor-shutdown.patch: apparmor: allow to
2145+ parse cmdline of the pid that send the shutdown signal
2146+
2147+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Tue, 25 Apr 2017 14:10:06 +0200
2148+
2149+libvirt (2.5.0-3ubuntu5) zesty; urgency=medium
2150+
2151+ * d/p/ubuntu/virsh-maxvcpu-fall-back-to-old-command.patch: virsh: maxvcpus:
2152+ Always fall back to the old command if domain caps fail (LP: #1674298)
2153+
2154+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Tue, 21 Mar 2017 08:02:37 +0100
2155+
2156+libvirt (2.5.0-3ubuntu4) zesty; urgency=medium
2157+
2158+ * d/p/ubuntu/qemu-Allow-empty-script-path-to-interface.patch: in the past
2159+ it was possible to have <script path=''/> which now fails - fix to match
2160+ the old behavior (LP: #1665698)
2161+
2162+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Fri, 10 Mar 2017 08:57:18 +0100
2163+
2164+libvirt (2.5.0-3ubuntu3) zesty; urgency=medium
2165+
2166+ [ Christian Ehrhardt ]
2167+ * d/p/ubuntu/Ensure-disk-names-follow-the-disk-name-regex.patch:
2168+ guarantee disk spec is following the defined regex (LP: #1665410).
2169+
2170+ [ Bryan Quigley ]
2171+ * d/p/ubuntu/0007-apparmor-fix-for-new-virt-manager.patch: Add Apparmor
2172+ permissions so virt-manager 1.4.0 viewing works (LP: #1668681).
2173+
2174+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Mon, 06 Mar 2017 08:24:06 +0100
2175+
2176+libvirt (2.5.0-3ubuntu2) zesty; urgency=medium
2177+
2178+ * No-change rebuild to build against Xen-4.8 libs.
2179+
2180+ -- Stefan Bader <stefan.bader@canonical.com> Thu, 26 Jan 2017 14:19:03 +0100
2181+
2182+libvirt (2.5.0-3ubuntu1) zesty; urgency=medium
2183+
2184+ * Merged with Debian unstable
2185+ - this picks up a fix for migrations using NFS mounts (LP: #1637601).
2186+ * Remaining changes:
2187+ - Disable sheepdog (universe dependency)
2188+ - Disable libssh2 support (universe dependency)
2189+ - Disable firewalld support (universe dependency)
2190+ - Disable selinux
2191+ - Enable esx support
2192+ - Add build-dep to libcurl4-gnutls-dev (required for esx)
2193+ - Set qemu-group to kvm (for compat with older ubuntu)
2194+ - Added changes to use the upstream apparmor profiles with added
2195+ delta (configurable via apparmor profiles version).
2196+ * d/p/u/000[1-6]-apparmor-*
2197+ - Regularly clear AppArmor profiles for vms that no longer exist
2198+ - Fix name resolution calls from virt-aa-helper profile (LP 1546674).
2199+ - Add missing apparmor rule for debug-threads feature (LP 1615550).
2200+ - Add new block device types to virt-aa-helpers profile (LP 1641618)
2201+ - Additional apport package-hook
2202+ - d/rules: debhelper start virtlogd.socket
2203+ - Add sysvinit script for virtlockd
2204+ - Additional debian/bug-presubj
2205+ - Modifications to adapt for our delayed switch away from libvirt-bin (can
2206+ be dropped after 18.04).
2207+ - d/p/ubuntu/libvirtd-service-add-bin-alias.patch: alias to old
2208+ libvirt-bin name.
2209+ - d/p/ubuntu/libvirtd-init-add-bin-alias.patch: provides for the old
2210+ libvirt-bin name.
2211+ - Wait on socket in sysvinit script
2212+ - Backwards compatible handling of groups (can be dropped after 18.04).
2213+ - config details and autostart of default bridged network. Creating that is
2214+ now the default in general, yet our solution provides the following on
2215+ top as of today:
2216+ - nat only on some ports <port start='1024' end='65535'/>
2217+ - autostart the default network by default
2218+ - do not autostart if 192.168.122.0 is already taken (e.g. in containers)
2219+ - d/p/ubuntu/Allow-libvirt-group-to-access-the-socket.patch: This is
2220+ the group based access to libvirt functions as it was used in Ubuntu
2221+ for quite long.
2222+ - d/p/ubuntu/daemon-augeas-fix-expected.patch fix some related tests
2223+ due to the group access change.
2224+ - d/p/ubuntu/dnsmasq-as-priv-user: configuration to run as extra user
2225+ - d/p/ubuntu/disable-network-test.patch: disable test failing due to
2226+ dnsmasq changes.
2227+ - ubuntu/parallel-shutdown.patch: set parallel shutdown by default.
2228+ - d/p/ubuntu/enable-kvm-spice.patch: compat with older Ubuntu qemu/kvm
2229+ which provided a separate kvm-spice.
2230+ - d/p/ubuntu/storage-default-permission-mode-to-0711: safer default perms
2231+ for storage dirs like /var/lib/libvirt/images.
2232+ - d/p/ubuntu/storage-disable-gluster-test: gluster not enabled, skip test
2233+ - d/p/ubuntu/9031-enable-lxc-apparmor: enable apparmor confinement of
2234+ containers by default.
2235+ - d/p/ubuntu/9032-lxc-allow-no-security-driver: allow empty sec driver for
2236+ libvirt-lxc.
2237+ - d/p/ubuntu/ubuntu_machine_type.patch: accept ubuntu types as pci440fx
2238+ - d/p/ubuntu/ubuntu-libxl-qemu-path.patch: Set common qemu path to match
2239+ Debian/Ubuntu Xen packaging.
2240+ - d/p/ubuntu/ubuntu-libxl-hvmloader-path.patch: Fallback for libxl
2241+ xen paths (LP 1459603)
2242+ - d/p/ubuntu/ubuntu-libxl-Fix-up-VRAM-to-minimum-requirements.patch: auto
2243+ set VRAM to minimum requirements
2244+ - d/p/ubuntu/libxl-no-dm-check.patch: Stop calling emulator to identify
2245+ device-model
2246+ - d/p/ubuntu/xen-default-uri.patch: set default URI on xen hosts
2247+ - fixup tests to match packaging of Xen (mostly different paths)
2248+ - d/p/ubuntu/libxl-fix-test-data.patch
2249+ - d/p/ubuntu/fix-xen-xml-in-tests.patch
2250+ - d/p/ubuntu/Debianize-virtlogd-service.patch: Adapt config file location
2251+ for Debian based systems.
2252+ - d/p/ubuntu/Debianize-virtlockd-init.patch: Fix default config path in
2253+ virtlockd.init for Debian based systems.
2254+ - d/p/ubuntu/9034-complete-9p-support: virt-aa-helper: add l to 9p file
2255+ options.
2256+ - d/p/ubuntu/parallel-shutdown.patch: shut guests down in parallel
2257+ - d/p/ubuntu/virt-aa-helper-no-explicity-deny-for-basefiles.patch: ask for
2258+ no deny rule for readonly disk elements.
2259+ - d/p/ubuntu/virt-aa-helper-add-guest-agent-rule.patch: add virt-aa-helper
2260+ rule allowing all private channel access
2261+ - d/p/ubuntu/libvirtd-service-nolimit.patch: remove proc/file/task limits
2262+ to support huge systems.
2263+ - d/p/ubuntu/virt-aa-helper-apparmor-allow-usr-share-AAVMF-too.patch:
2264+ virt-aa-helper to allow access to aarch64 UEFI images.
2265+ - d/p/ubuntu/libvirtd-service-set-notifyaccess.patch: set NotifyAccess=all
2266+ in libvirtd.service (LP 1574566).
2267+ - d/p/ubuntu/apibuild-skip-libvirt-common.h: drop libvirt-common.h from
2268+ included_files to avoid build failures due to duplicate definitions.
2269+ - Update README.Debian with Ubuntu changes
2270+ - Convert libvirt0, libnss_libvirt and libvirt-dev to multi-arch.
2271+ - Add libxl log directory
2272+ - Enable some additional features on ppc64el and s390x (for arch parity)
2273+ - systemtap, zfs, numa and numad on s390x.
2274+ - systemtap on ppc64el.
2275+ * Dropped Changes:
2276+ - Build depend on gnutls >= 3.5.6-4ubuntu2 (no > 3.5.6 && < 3.5.6-4ubuntu2
2277+ in any release left)
2278+ - Fix parsing non apparmor labels LP:#1633207 (upstream in libvirt 2.5)
2279+ - Ignore newlines in guest list (upstream in libvirt 2.4)
2280+ - Avoid migration postcopy issues by ensuring valid commands (upstream in
2281+ libvirt 2.5)
2282+ - Enable numa for arm64 (in Debian)
2283+ - Fix libvirt start failure when security_driver set (upstream in libvirt
2284+ 2.2)
2285+ - virt-aa-helper: Fix upstream implementation of no explicit deny rule
2286+ (upstream in libvirt 2.3)
2287+ - Some useless whitespace damage and no more applicable comments
2288+ - The following patches were part of the Delta but not the series file.
2289+ So they had no effect and can be dropped now:
2290+ - ubuntu/9036-util-prepare-uri-for-libxml2-2.9.2.patch
2291+ - ubuntu/Disable-failing-virnetsockettest.patch
2292+ - ubuntu/dont-include-non-migrateable-features-in-host-model
2293+ - ubuntu/upstream-libxl-Allow-libxl-to-find-pygrub-binary.patch
2294+ - See the 2.1.0-1ubuntu15 and 2.1.0-1ubuntu16 changelogs for related
2295+ pre-merge drops
2296+ - Add build-dep to libxml-libxml-perl (no more needed)
2297+ - apparmor double add /usr/bin/qemu-sparc64 rmix (no function anymore)
2298+ - apparmor /usr/{lib,lib64}/qemu/block-*.so (in Debian)
2299+ - apparmor moving /bin/bash rmix in profile (drop non functional delta)
2300+ - follow Debians style of block-*.so rules for block-extra (drop our
2301+ functionally equivalent adding/moving of rules)
2302+ - follow Debians style of lib/lib64 rules (drop a lot of our functional
2303+ functionally equivalent adding/moving of rules)
2304+ - accept Upstream style to handle libvirt_iohelper and libvirt_parthelper
2305+ (stop removing the two rules without an associated bug to reduce delta)
2306+ - Disabling dep8 smoke tests
2307+ * Added Changes:
2308+ - d/t/control, d/t/smoke-qemu-session: fixup smoke-qemu-session by making
2309+ vmlinuz available and accessible (in discussed with Debian in debbug
2310+ 848314)
2311+ - d/t/control, d/t/smoke-lxc: fix up lxc smoke test (in discussed with
2312+ Debian in debbug 848317)
2313+
2314+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Tue, 03 Jan 2017 13:58:30 +0100
2315+
2316 libvirt (2.5.0-3) unstable; urgency=medium
2317
2318 * [ba9fcb8] Invoke db_stop.
2319@@ -1057,6 +3311,192 @@ libvirt (2.1.0-2) unstable; urgency=medium
2320
2321 -- Guido Günther <agx@sigxcpu.org> Fri, 19 Aug 2016 10:22:22 +0200
2322
2323+libvirt (2.1.0-1ubuntu16) zesty; urgency=medium
2324+
2325+ * Ensure d/p/ubuntu/9002-default_uri_virsh_to_system.patch is
2326+ dropped as intended.
2327+ * Re-Add d/p/ubuntu/apibuild-skip-libvirt-common.h for an issue that
2328+ transiently occurs on LP builds (real trigger not yet identified, so it
2329+ can't be upstreamed).
2330+
2331+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Wed, 14 Dec 2016 09:30:58 +0100
2332+
2333+libvirt (2.1.0-1ubuntu15) zesty; urgency=medium
2334+
2335+ * Cleanup Ubuntu Delta prior to next libvirt merge
2336+ - drop obsolte patches:
2337+ d/p/ubuntu/cgroups-ignore-systemd-failure,
2338+ d/p/ubuntu/ubuntu-skip-virstoragetest,
2339+ d/p/ubuntu/9021-fix-uint64_t.patch,
2340+ ubuntu/Disable-failing-virnetsockettest.patch (was only comment),
2341+ d/p/ubuntu/9002-default_uri_virsh_to_system.patch,
2342+ d/p/ubuntu/ubuntu-xend-probe.patch
2343+ - clarify dep3 headers to be more useful:
2344+ d/p/ubuntu/Allow-libvirt-group-to-access-the-socket.patch,
2345+ d/p/ubuntu/daemon-augeas-fix-expected.patch,
2346+ d/p/ubuntu/enable-kvm-spice.patch,
2347+ d/p/ubuntu/dnsmasq-as-priv-user,
2348+ d/p/ubuntu/disable-network-test.patch
2349+ - split patch containing unrelated changes into two patches, so parts of
2350+ d/p/ubuntu/storage-default-permission-mode-to-0711 moved into
2351+ d/p/ubuntu/storage-disable-gluster-test
2352+
2353+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Mon, 12 Dec 2016 11:59:59 +0100
2354+
2355+libvirt (2.1.0-1ubuntu14) zesty; urgency=medium
2356+
2357+ * d/p/u/apparmor-fix-name-resolution.patch rework the fix to base
2358+ on the apparmor nameservice abstraction to be future proof (LP: #1546674).
2359+ * d/p/ubuntu/apparmor-fix-new-devicetypes.patch add new block device types to
2360+ virt-aa-helpers profile (LP: #1641618)
2361+ * d/p/u/apparmor-fix-other-seclabels.patch refresh to the now upstream
2362+ accepted solution (LP: #1633207).
2363+
2364+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Thu, 24 Nov 2016 08:06:38 +0100
2365+
2366+libvirt (2.1.0-1ubuntu13) zesty; urgency=medium
2367+
2368+ * drop d/p/ubuntu/fix-ftbfs-for-gnutls-3-5-6.patch as the offending change
2369+ in gnutls has been reverted (LP: #1641615)
2370+ * Build depend on gnutls >= 3.5.6-4ubuntu2 to build after the gnutls fix
2371+ migrated
2372+
2373+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Thu, 17 Nov 2016 08:43:10 +0100
2374+
2375+libvirt (2.1.0-1ubuntu12) zesty; urgency=medium
2376+
2377+ * d/p/ubuntu/fix-ftbfs-for-gnutls-3-5-6.patch fix FTBFS due to changes in
2378+ gnutls that affected the ordering on certificate DN entries (LP: #1641615)
2379+ * Revert "Fix FTBFS on zesty due to issues with concurrent make check" as it
2380+ was not the right solution.
2381+
2382+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Wed, 16 Nov 2016 14:52:17 +0100
2383+
2384+libvirt (2.1.0-1ubuntu11) zesty; urgency=medium
2385+
2386+ * Fix FTBFS on zesty due to issues with concurrent make check (LP: #1641615)
2387+
2388+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Tue, 15 Nov 2016 14:45:52 +0100
2389+
2390+libvirt (2.1.0-1ubuntu10) zesty; urgency=medium
2391+
2392+ [Simon Déziel]
2393+ * d/p/u/apparmor-fix-name-resolution.patch adds missing rules for name
2394+ resolution to virt-aa-helper Apparmor profile (LP: #1546674).
2395+ * d/p/u/apparmor-fix-debug-threads.patch adds missing rule for debug-threads
2396+ feature that is now default enabled to Apparmor profile (LP: #1615550).
2397+
2398+ [Christian Ehrhardt]
2399+ * d/p/u/apparmor-fix-other-seclabels.patch fixes an issue parsing non
2400+ apparmor security labels (LP: #1633207).
2401+
2402+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Mon, 24 Oct 2016 14:21:36 +0200
2403+
2404+libvirt (2.1.0-1ubuntu9) yakkety; urgency=medium
2405+
2406+ * Fix libvirt-guest.sh to handle multiple guests (LP: #1591695).
2407+
2408+ -- Stefan Bader <stefan.bader@canonical.com> Thu, 06 Oct 2016 12:14:05 +0200
2409+
2410+libvirt (2.1.0-1ubuntu8) yakkety; urgency=medium
2411+
2412+ [ Christian Ehrhardt ]
2413+
2414+ * avoid migration postcopy issues by ensuring valid commands (LP: #1620906)
2415+ - d/p/ubuntu/check-live-for-postcopy.patch Check for --live flag for
2416+ postcopy-after-precopy migration.
2417+ - d/p/ubuntu/make-postcopy-mandatory-for-postcopy-after-precopy.patch to
2418+
2419+ [ Stefan Bader ]
2420+
2421+ * Fix Xenial to Yakkety migration from libvirt-bin.service to
2422+ libvirtd.service (LP: #1627969).
2423+ * Update Vcs-Git and Vcs-Browser fields to point to launchpad
2424+ (LP: #1629210)
2425+
2426+ [ Dann Frazier ]
2427+
2428+ * Fix FTBS in Yakkety due to missing python dependency (LP: #1629041)
2429+
2430+ -- Stefan Bader <stefan.bader@canonical.com> Fri, 30 Sep 2016 10:11:30 +0200
2431+
2432+libvirt (2.1.0-1ubuntu7) yakkety; urgency=medium
2433+
2434+ * Enable NUMA support in arm64 builds (LP: #1627926).
2435+
2436+ -- dann frazier <dannf@ubuntu.com> Mon, 26 Sep 2016 23:36:24 -0600
2437+
2438+libvirt (2.1.0-1ubuntu6) yakkety; urgency=medium
2439+
2440+ * No-change rebuild for readline soname change.
2441+
2442+ -- Matthias Klose <doko@ubuntu.com> Sat, 17 Sep 2016 12:05:33 +0000
2443+
2444+libvirt (2.1.0-1ubuntu5) yakkety; urgency=medium
2445+
2446+ [ Jon Grimm ]
2447+
2448+ * Fix libvirt start failure when security_driver set (LP: #1618592)
2449+ - qemu: fix qemu.conf security_driver
2450+
2451+ -- Stefan Bader <stefan.bader@canonical.com> Thu, 08 Sep 2016 14:11:47 +0200
2452+
2453+libvirt (2.1.0-1ubuntu4) yakkety; urgency=medium
2454+
2455+ * Enable systemtap, zfs, numa on s390x.
2456+ * Enable systemtap on ppc64el.
2457+
2458+ -- Dimitri John Ledkov <xnox@ubuntu.com> Wed, 24 Aug 2016 13:21:29 +0100
2459+
2460+libvirt (2.1.0-1ubuntu3) yakkety; urgency=low
2461+
2462+ * Really fix the ADT regression and not only the changelog due
2463+ to somehow ending up on the wrong git branch.
2464+
2465+ -- Stefan Bader <stefan.bader@canonical.com> Wed, 17 Aug 2016 18:31:01 +0200
2466+
2467+libvirt (2.1.0-1ubuntu2) yakkety; urgency=low
2468+
2469+ * Fix ADT build-test regression(s)
2470+
2471+ -- Stefan Bader <stefan.bader@canonical.com> Wed, 17 Aug 2016 15:18:38 +0200
2472+
2473+libvirt (2.1.0-1ubuntu1) yakkety; urgency=low
2474+
2475+ * Merged with Debian testing. Remaining changes:
2476+ - Added changes to use the upstream apparmor profiles with added
2477+ delta (configurable via apparmor profiles version).
2478+ * d/p/u/0001-apparmor-add-feature-parsing.patch
2479+ * d/p/u/0002-apparmor-apply-ubuntu-delta.patch
2480+ * d/p/u/0003-apparmor-debian-ubuntu-delta.patch
2481+ * d/p/u/0004-apparmor-ubuntu-delta.patch
2482+ - Avoiding dependency on sheepdog
2483+ - Additional apport package-hook
2484+ - Additional dnsmasq configuration
2485+ - Additional profile.d script to set default URI
2486+ - Additional debian/bug-presubj
2487+ - d/rules: debhelper start virtlogd.socket not virtlockd.service
2488+ - Modifications to adapt for our delayed switch away from libvirt-bin.
2489+ - Wait on socket in sysvinit script
2490+ - Backwards compatible handling of groups and default bridged network
2491+ creation.
2492+ - Extended handling of apparmor profiles
2493+ - Convert libvirt0 and libvirt-dev to multi-arch.
2494+ - Added a fix for the upstream version of adding better write denials
2495+ handling to virt-aa-helper.
2496+ - Convert libnss_libvirt to multi-arch and fix up source location that
2497+ changed when making libvirt0 multi-arch.
2498+ - Dropped
2499+ * upstart script for libvirtd
2500+ * d/p/lp1588841-000[123]-* (upstream)
2501+ * d/p/u/qemu-Add-virQEMUCapsSupportsGICVersion.patch (upstream)
2502+ * d/p/u/qemu-Automatically-choose-usable-GIC-version.patch (upstream)
2503+ * d/p/u/docs-remove-xpath.patch (xpath removed upstream)
2504+ * d/p/u/preup-virt-aa-helper-better-write-denials-handling.patch (upstr.)
2505+ * d/p/u/ubuntu/virt-aa-helper-helpfix.patch (upstream)
2506+
2507+ -- Stefan Bader <stefan.bader@canonical.com> Wed, 13 Jul 2016 13:12:36 +0200
2508+
2509 libvirt (2.1.0-1) unstable; urgency=medium
2510
2511 * Upload to unstable
2512@@ -1126,6 +3566,103 @@ libvirt (1.3.5~rc1-1) experimental; urgency=medium
2513
2514 -- Guido Günther <agx@sigxcpu.org> Mon, 30 May 2016 22:00:33 +0200
2515
2516+libvirt (1.3.4-1ubuntu6) yakkety; urgency=low
2517+
2518+ * Fix libvirtd crashing on libxl domain restore (LP: #1588841).
2519+ Patches cherry-picked from upsream libvirt git tree.
2520+ - libxl: switch to using libxl_domain_create_restore from v4.4 API
2521+ - libxl: support Xen migration stream V2 in save/restore
2522+ - libxl: support migration stream V2 in migration
2523+
2524+ -- Stefan Bader <stefan.bader@canonical.com> Wed, 08 Jun 2016 14:17:23 +0200
2525+
2526+libvirt (1.3.4-1ubuntu5) yakkety; urgency=low
2527+
2528+ * Update the correct apparmor profiles to allow AAVMF and qemu-efi
2529+ firmware for aarch64 (1538882)
2530+ * Clean up / refresh various patches to finalize switch from libvirt-bin
2531+ to libvirtd as service name.
2532+ Drop: d/p/ubuntu/libvirt-bin-service-libvirtd-alias.patch
2533+ Refresh+Rename: d/p/ubuntu/libvirt-bin-service-set-notifyaccess.patch ->
2534+ d/p/ubuntu/libvirtd-service-nolimit.patch
2535+ Rename: d/p/ubuntu/libvirt-bin-service-set-notifyaccess.patch ->
2536+ d/p/ubuntu/libvirtd-service-set-notifyaccess.patch
2537+ Refresh: d/p/ubuntu/libvirtd-service-add-bin-alias.patch
2538+ Add: d/p/ubuntu/libvirtd-init-add-bin-alias.patch
2539+ * Change default profile used by libvirtd.service to /etc/default/libvirtd.
2540+ Drop: d/p/ubuntu/switch-service-files-to-libvirt-bin.patch
2541+ * Drop virtlockd.service from dh_systemd_start in debian/rules as
2542+ the service is socket activated (LP: #1588006).
2543+ * Fix failure to enable libvirtd.service due to lingering libvirt-bin
2544+ alias. This could happen when the upgrade from a version prior 1.3.3-2
2545+ happened before 1.3.4-1ubuntu3 (LP: #1588004).
2546+
2547+ -- Stefan Bader <stefan.bader@canonical.com> Thu, 02 Jun 2016 14:50:27 +0200
2548+
2549+libvirt (1.3.4-1ubuntu4) yakkety; urgency=medium
2550+
2551+ * Re-enable the upstart job by renaming the file.
2552+ * Include patchby @guessi to continally wait for libvirtd to start when
2553+ using sysvinit or upstart. (LP: #1571209)
2554+
2555+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Mon, 23 May 2016 13:50:22 -0500
2556+
2557+libvirt (1.3.4-1ubuntu3) yakkety; urgency=medium
2558+
2559+ [ dann frazier ]
2560+ * d/p/u/qemu-Add-virQEMUCapsSupportsGICVersion.patch,
2561+ d/p/u/qemu-Automatically-choose-usable-GIC-version.patch: If no GIC
2562+ was specified for an ARM virt guest, choose a GIC version supported
2563+ by the host. (LP: #1566564)
2564+
2565+ [ Serge Hallyn ]
2566+ * libvirt-bin.preinst: on upgrades from prior to 1.3.3-2, also remove the
2567+ service file for the Alias - /etc/systemd/system/libvirtd.service.
2568+ (LP: #1579922)
2569+
2570+ -- dann frazier <dannf@ubuntu.com> Thu, 19 May 2016 08:57:33 -0600
2571+
2572+libvirt (1.3.4-1ubuntu2) yakkety; urgency=medium
2573+
2574+ * Include installing virtlogd.socket. (LP: #1583009)
2575+
2576+ -- Chris J Arges <chris.j.arges@canonical.com> Wed, 18 May 2016 13:56:08 -0500
2577+
2578+libvirt (1.3.4-1ubuntu1) yakkety; urgency=medium
2579+
2580+ * Merge 1.3.4-1 from Debian unstable
2581+ * Drop upstream-applied patches:
2582+ - conf-also-mark-implicit-video-as-primary.patch
2583+ - libvirt-socket-fix-group
2584+ * Remaining changes
2585+ - keep libvirt-bin transitional package - until 18.10 (for lts-to-lts
2586+ upgrades)
2587+ - keep (redundant) libvirtd group if it existed on upgrade - until 18.10
2588+ (for lts-to-lts upgrades)
2589+ - keep ubuntu-specific patches
2590+ - ship apport and dnsmasq files
2591+ - enable virbr0
2592+ - ship apparmor from debian/*. We should push changes upstrema, but
2593+ cannot sync with debian as apparmor profiles must be processed in
2594+ debian/rules for cloud archive.
2595+ - debian/control
2596+ - enable zfs
2597+ - disable libssh2 and sheepdog
2598+ - add libxml-libxml-perl and libcurl4-gnutls-dev
2599+ - enable libnuma-dev on ppc64el (pushed to Debian)
2600+ - update release for conflicts/replaces on libvirt-bin to << 1.3.3-2
2601+ - debian/libvirt-daemon-system.preinst: stop libvirt-bin on certain
2602+ upgrades.
2603+ - Multi-arch-ify.
2604+ - debian/rules: disable selinux and firewalld; use 'kvm' group; disable
2605+ ssh2, enable zfs and esx; process apparmor files for older releases;
2606+ copy dnsmasq configuration.
2607+ - debian/tests/control: add extra depends
2608+ * d/p/ubuntu/apibuild-skip-libvirt-common.h: libvirt-common.h is being
2609+ included twice leading to build failures - drop it temporarily.
2610+
2611+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Thu, 12 May 2016 12:50:02 -0500
2612+
2613 libvirt (1.3.4-1) unstable; urgency=medium
2614
2615 * Upload to unstable
2616@@ -1155,6 +3692,65 @@ libvirt (1.3.4~rc1-1) experimental; urgency=medium
2617
2618 -- Guido Günther <agx@sigxcpu.org> Wed, 27 Apr 2016 16:51:55 +0200
2619
2620+libvirt (1.3.3-2ubuntu2) yakkety; urgency=medium
2621+
2622+ * debian/rules: fix paths when removing files which should not end up
2623+ in libvirt-daemon package.
2624+
2625+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Thu, 12 May 2016 13:14:17 -0500
2626+
2627+libvirt (1.3.3-2ubuntu1) yakkety; urgency=medium
2628+
2629+ * Merge 1.3.3-2 from Debian unstable
2630+ * Merge new packaging layout
2631+ - debian/control
2632+ * add libsanlock-dev, dtrace, systemtap-sdt-dev, librados-dev,
2633+ libfuse-dev, augeas-tools to Build-Depends.
2634+ * Drop libcgmanager-dev from Build-Depends.
2635+ * Add libvirt-clients, libvirt-daemon, and libvirt-daemon-system
2636+ packages which replace the now-virtual libvirt-bin package.
2637+ * Drop libvirt0-dbg (is this intential in Debian?)
2638+ * Add libvirt-sanlock package (this should be in universe)
2639+ * Switch to 'libvirt' group, keeping the same gid as 'libvirtd'
2640+ on upgrade. Keep libvirtd group name on upgrade in case any
2641+ site scripts use it.
2642+ * Enable dtrace
2643+ * Add Debian policy-kit configuration
2644+ * drop ubuntu/9004-libvirtd-group-name.patch as we are switching to group
2645+ 'libvirt'
2646+ * Drop obsolete migration scripts:
2647+ - libvirt-migrate-xend-managed-domains
2648+ - libvirt-migrate-qemu-disks
2649+ - libvirt-migrate-qemu-machinetype
2650+ * Remaining changes:
2651+ - keep libvirt-bin transitional package - until 18.10 (for lts-to-lts
2652+ upgrades)
2653+ - keep (redundant) libvirtd group if it existed on upgrade - until 18.10
2654+ (for lts-to-lts upgrades)
2655+ - keep ubuntu-specific patches
2656+ - ship apport and dnsmasq files
2657+ - enable virbr0
2658+ - ship apparmor from debian/*. We should push changes upstrema, but
2659+ cannot sync with debian as apparmor profiles must be processed in
2660+ debian/rules for cloud archive.
2661+ - debian/control
2662+ - enable zfs
2663+ - disable libssh2 and sheepdog
2664+ - add libxml-libxml-perl and libcurl4-gnutls-dev
2665+ - enable libnuma-dev on ppc64el (pushed to Debian)
2666+ - update release for conflicts/replaces on libvirt-bin to << 1.3.3-2
2667+ - debian/libvirt-daemon-system.preinst: stop libvirt-bin on certain
2668+ upgrades.
2669+ - Multi-arch-ify.
2670+ - debian/rules: disable selinux and firewalld; use 'kvm' group; disable
2671+ ssh2, enable zfs and esx; process apparmor files for older releases;
2672+ copy dnsmasq configuration.
2673+ - debian/tests/control: add depends
2674+ * d/p/ubuntu/conf-also-mark-implicit-video-as-primary.patch: upstream patch
2675+ to fix failure to start vms with video not explicitly marked as 'primary'
2676+
2677+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Fri, 29 Apr 2016 20:51:48 -0500
2678+
2679 libvirt (1.3.3-2) unstable; urgency=medium
2680
2681 * Upload to unstable
2682@@ -1206,6 +3802,239 @@ libvirt (1.3.1-2) unstable; urgency=medium
2683
2684 -- Guido Günther <agx@sigxcpu.org> Fri, 19 Feb 2016 17:29:27 +0100
2685
2686+libvirt (1.3.1-1ubuntu11) yakkety; urgency=medium
2687+
2688+ [ Stefan Bader ]
2689+ * Add alias for libvirtd.service into libvirt-bin.service
2690+
2691+ [ Serge Hallyn ]
2692+ * d/p/u/libvirt-bin-service-set-notifyaccess.patch: Set NotifyAccess=all in
2693+ libvirt-bin systemd service file. (LP: #1574566)
2694+
2695+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Mon, 18 Apr 2016 13:44:15 -0500
2696+
2697+libvirt (1.3.1-1ubuntu10) xenial; urgency=medium
2698+
2699+ * d/p/u/virt-aa-helper-apparmor-allow-usr-share-AAVMF-too.patch: Allow
2700+ access to /usr/share/AAVMF/** and /usr/share/qemu-efi/** for aarch64 UEFI.
2701+ (LP: #1538882)
2702+
2703+ -- William Grant <wgrant@ubuntu.com> Fri, 15 Apr 2016 12:08:21 +1000
2704+
2705+libvirt (1.3.1-1ubuntu9) xenial; urgency=medium
2706+
2707+ * Remove the tasks limit on libvirt-bin service (LP: #1567381)
2708+ This should be un-done when it is properly fixed in the code so
2709+ that virtual machines are started in their own pids cgroup.
2710+
2711+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Thu, 07 Apr 2016 10:05:01 -0500
2712+
2713+libvirt (1.3.1-1ubuntu8) xenial; urgency=medium
2714+
2715+ * d/p/u/virt-aa-helper-add-guest-agent-rule.patch: this actually solves
2716+ the qemu guest agent problem for rhel7 vms for me. (LP: #1393842)
2717+ Also drop the mknod rule which isn't needed.
2718+ * d/apparmor/usr.lib.libvirt.virt-aa-helper: add permission to read under
2719+ /var/run. This is needed for some openvswitch info. (LP: #1513367)
2720+
2721+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Fri, 11 Mar 2016 15:01:25 -0800
2722+
2723+libvirt (1.3.1-1ubuntu7) xenial; urgency=medium
2724+
2725+ * zfs support (LP: #1553023)
2726+ - Cherrypick upstream patches to support zfs
2727+ - debian/rules: build with zfs support
2728+ - debian/control: add zfs as build-dep
2729+ * d/p/u/virt-aa-helper-no-explicity-deny-for-basefiles.patch: don't mark
2730+ readonly files with an explicity deny only because the xml marks it
2731+ as reasonly. (LP: #1554031)
2732+ * fix typo in virt-aa-helper helptext
2733+ * fix d/p/u/preup-virt-aa-helper-better-write-denials-handling.patch to
2734+ not overwrite const memory.
2735+
2736+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Thu, 10 Mar 2016 19:25:54 -0800
2737+
2738+libvirt (1.3.1-1ubuntu6) xenial; urgency=medium
2739+
2740+ * d/apparmor/libvirt-qemu: generalize the qemu-block-extra libs line.
2741+ (LP: #1554761)
2742+ * d/p/ubuntu/virt-aa-helper-add-mknod-for-guest-agent.patch: add mknod
2743+ capability if there is a qemu guest agent. (LP: #1393842)
2744+
2745+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Wed, 09 Mar 2016 18:45:08 -0800
2746+
2747+libvirt (1.3.1-1ubuntu5) xenial; urgency=low
2748+
2749+ * Added d/p/ubuntu/preup-virt-aa-helper-better-write-denials-handling.patch
2750+ and refreshed d/p/ubuntu/9034-complete-9p-support accordingly.
2751+ * Added d/p/ubuntu/additional-libvirt-guest-tweaks.patch to fix default
2752+ URI detection when running in a Xen control domain. Also change the
2753+ default config to do parallel shutdown requests (max. 10) and reduce the
2754+ timeout to 2 minutes.
2755+
2756+ -- Stefan Bader <stefan.bader@canonical.com> Wed, 09 Mar 2016 09:13:09 +0100
2757+
2758+libvirt (1.3.1-1ubuntu4) xenial; urgency=low
2759+
2760+ * d/libvirt-bin.virtlockd.init: Replace by the version I had already
2761+ prepared and was tested (LP: #1547208).
2762+ * d/libvirt-bin.virtlogd.init: Fix up some left-over references to
2763+ libvirtd.
2764+ * d/control: Add provides libvirt-daemon for libvirt-bin (LP: #1551643)
2765+
2766+ -- Stefan Bader <stefan.bader@canonical.com> Tue, 01 Mar 2016 10:58:23 +0100
2767+
2768+libvirt (1.3.1-1ubuntu3) xenial; urgency=medium
2769+
2770+ * d/libvirt-bin.virtlockd.init: Re-write based on virtlogd init script
2771+ as upstream provided version is not compatible with Ubuntu/Debian.
2772+
2773+ -- James Page <james.page@ubuntu.com> Mon, 29 Feb 2016 22:24:49 +0000
2774+
2775+libvirt (1.3.1-1ubuntu2) xenial; urgency=medium
2776+
2777+ * No-change rebuild for gnutls transition.
2778+
2779+ -- Matthias Klose <doko@ubuntu.com> Wed, 17 Feb 2016 22:41:20 +0000
2780+
2781+libvirt (1.3.1-1ubuntu1) xenial; urgency=low
2782+
2783+ * Merge from Debian unstable. Remaining changes:
2784+ - debian/apparmor/{libvirt-lxc,libvirt-qemu,local-usr.sbin.libvirtd,
2785+ TEMPLATE.lxc,TEMPLATE.qemu,usr.lib.libvirt.virt-aa-helper,
2786+ usr.sbin.libvirtd} Add apparmor profiles.
2787+ - Add debian/libvirt-bin.virtlockd.init based on the upstream version
2788+ src/locking/virtlockd.init.in. This does not seem to get processed
2789+ by the build.
2790+ - debian/control:
2791+ * Add libcurl4-gnutls-dev, libxml-libxml-perl, libcgmanager-dev
2792+ * Add ppc64el to libnuma-dev arches
2793+ * Remove libsanlock-dev, libselinux1-dev, systemtap-sdt-dev
2794+ * Remove python, sheepdog, librados-dev, libfuse-dev
2795+ * Remove libssh2-1-dev, qemu-system-common, augeas-tools
2796+ * Don't build libvirt-clients, libvirt-daemon, libvirt-sanlock packages
2797+ * Keep multiarch changes.
2798+ - Keep debian/{libvirt-bin.apport,libvirt-bin.cron.daily}
2799+ - Keep change d/libvirt0.install and d/libvirt-dev.install that
2800+ adds multi-arch wildcard.
2801+ - d/libvirt-daemon-system.libvirtd.default ->
2802+ d/libvirt-bin.libvirt-bin.default
2803+ - d/libvirt-daemon-system.dirs -> d/libvirt-bin.dirs
2804+ * Add /etc/apparmor.d/{abstractions,disable,force-complain,local}
2805+ * Add /etc/cron.daily
2806+ * Add /usr/share/apport/package-hooks
2807+ * Add /var/log/libvirt/libxl
2808+ * Add /etc/dnsmasq.d-available
2809+ * Remove /usr/share/polkit-1/rules.d/
2810+ * Remove /var/lib/polkit-1/localauthority/10-vendor.d/
2811+ - Keep debian/libvirt-bin.dnsmasq
2812+ - d/libvirt-daemon-system.examples -> d/libvirt-bin.examples
2813+ * Remove debian/build/daemon/libvirtd.policy
2814+ * Drop debian/libvirt-suspendonreboot
2815+ - d/libvirt-daemon-system.libvirtd.init -> d/libvirt-bin.libvirt-bin.init
2816+ * Add provides libvirt-bin
2817+ * Change /etc/default/libvirtd into /etc/default/libvirt-bin
2818+ * Add wait_on_sockfile() and call it during start
2819+ - d/libvirt-daemon-system.install -> d/libvirt-bin.install
2820+ * Add usr/bin/*
2821+ * Add usr/sbin/*
2822+ * Add etc/apparmor.d/*
2823+ * Replace etc/libvirt/{libvirtd,virtlockd,virtlogd}.conf -> etc/libvirt/*
2824+ (since with the clients included there are many more config files)
2825+ * Add usr/share/polkit-1
2826+ * Add usr/lib/libvirt/*
2827+ * Add usr/share/augeas/*
2828+ * Add usr/share/libvirt/*
2829+ * Add usr/share/man/man8/*
2830+ * Add usr/share/apport/package-hooks/source_libvirt.py
2831+ * Add etc/dnsmasq.d-available/libvirt-bin
2832+ * Add etc/profile.d/libvirt-uri.sh
2833+ * Add usr/lib/libvirt
2834+ - d/libvirt-daemon-system.links -> d/libvirt-bin.links
2835+ * Replace libvirt-daemon-system with libvirt-bin for libvirt0
2836+ * Remove libvirt-daemon line
2837+ - Remove d/libvirt-bin.maintscript
2838+ - d/libvirt-clients.manpages -> d/libvirt-bin.manpages
2839+ * Add debian/libvirt-migrate-qemu-disks.1
2840+ * Add debian/libvirt-migrate-qemu-machinetype.1
2841+ * Add debian/libvirt-migrate-xend-managed-domains.1
2842+ - Combined d/libvirt-daemon-system.NEWS and d/libvirt-daemon.NEWS into
2843+ d/libvirt-bin.NEWS
2844+ - Keep d/libvirt-bin.{postinst,postrm,preinst} though they probably could
2845+ be freshly derived from libvirt-daemon counterparts.
2846+ * Added removal of qemu capability cache (found in Debian) to postinst
2847+ * Added reload of virtlogd in postinst (following example of virtlockd)
2848+ - Replace d/libvirt-bin.preinst
2849+ - Add d/libvirt-bin.upstart
2850+ - d/libvirt-daemon-system.virtlogd.init -> d/libvirt-bin.virtlogd.init
2851+ - Remove d/libvirt-clients.install
2852+ - Remove d/libvirt-clients.links
2853+ - Remove d/libvirt-daemon.install
2854+ - Remove d/libvirt-daemon.links
2855+ - d/libvirt-daemon.README.Debian -> d/libvirt-bin.README.Debian
2856+ * Replaced access control section
2857+ * Appended apparmor profile section
2858+ * Appended disk migration section
2859+ * Appended qemu/kvm machine type migration section
2860+ - Remove d/libvirt-daemon-system.{maintscript,postinst,postrm,preinst}
2861+ - Keep libvirt-migrate-qemu-disks (and manpage)
2862+ - Keep libvirt-migrate-qemu-machinetype (and manpage)
2863+ - Keep libvirt-migrate-xend-managed-domains (and manpage)
2864+ - Remove d/libvirt-sanlock.{cron.weekly,links,install}
2865+ - Drop d/libvirt-stop-guests
2866+ - Drop d/libvirt-suspendonreboot (replaced by upstream libvirt-guests)
2867+ - Keep d/libvirt-uri.sh
2868+ - Remove d/polkit/60-libvirt.pkla (and polkit directory)
2869+ - d/tests/control
2870+ - Add build-essential and pkg-config dependencies to build-test
2871+ - debian/rules:
2872+ * Add autoconf stuff (not sure what still really gets used).
2873+ * Use qemu-group kvm instead of libvirt-qemu
2874+ * Add SHEEPDOGCLI environment variable to dh_auto_configure
2875+ override (instead of an DEB_DH_... make variable which no
2876+ longer takes effect).
2877+ * Drop --with-secdriver-apparmor --with-apparmor-profiles from
2878+ WITH_APPARMOR config.
2879+ * Change WITH_FIREWALLD and WITH_SELINUX settings to disabled.
2880+ * Change WITH_DTRACE setting to disabled.
2881+ * Drop DEB_DH_SYSTEMD_START_ARGS_libvirt-bin as it is no longer
2882+ needed after dropping cdbs.
2883+ * Add to override_dh_install section
2884+ - Install apparmor files (and post-processing)
2885+ - Install apport hooks.
2886+ - Install migration tools.
2887+ - Install profile script to autoset URI.
2888+ - Replace package name libvirt-daemon-system with libvirt-bin.
2889+ - Debian now copies libvirt-guests.{init,default} and
2890+ virtlogd.default from upstream source. Copy virtlockd.default
2891+ as well.
2892+ - Rename libvirtd.{socket,service} to libvirt-bin.{socket,service}
2893+ - Change dh_systemd_start to use virtlo{g,ck}d.socket only (the
2894+ services are supposed to be started by using the sockets.
2895+ - Move libs and pkgconfig under multiarch directory.
2896+ * Modify override_dh_auto_clean
2897+ - Replace package name libvirt-daemon-system with libvirt-bin
2898+ - Delete upstream files which were copied into debian/.
2899+ * Add override_dh_gencontrol section which conditionally adds
2900+ conflicts on apparmor.
2901+ * Add override_dh_makeshlibs section to pass version info for
2902+ libvirt0.
2903+ * Dropped patches:
2904+ - ubuntu/virt-aa-helper-handle-ovmf (upstream added ovmf paths to
2905+ restricted_rw)
2906+ * Refreshed patches:
2907+ - refreshed d/p/ubuntu/9034-complete-9p-support
2908+ * New patches
2909+ - d/ubuntu/libvirt-guests-exclude-dom0.patch
2910+ - d/ubuntu/libxl-no-dm-check.patch
2911+ - d/ubuntu/libxl-fix-test-data.patch
2912+ - d/ubuntu/Debianize-virtlogd-service.patch
2913+ - d/ubuntu/Debianize-virtlockd-init.patch
2914+ - d/ubuntu/switch-service-files-to-libvirt-bin.patch
2915+ - d/ubuntu/libvirt-socket-fix-group.patch
2916+
2917+ -- Stefan Bader <stefan.bader@canonical.com> Fri, 12 Feb 2016 14:46:21 +0100
2918+
2919 libvirt (1.3.1-1) unstable; urgency=medium
2920
2921 [ Guido Günther ]
2922@@ -1275,6 +4104,151 @@ libvirt (1.3.0~rc1-1) experimental; urgency=medium
2923
2924 -- Guido Günther <agx@sigxcpu.org> Fri, 04 Dec 2015 17:12:53 +0100
2925
2926+libvirt (1.2.21-2ubuntu10) xenial; urgency=medium
2927+
2928+ * Multiarchify the library packages.
2929+
2930+ -- Matthias Klose <doko@ubuntu.com> Thu, 28 Jan 2016 16:33:15 +0100
2931+
2932+libvirt (1.2.21-2ubuntu9) xenial; urgency=medium
2933+
2934+ * debian/rules: Disable cdbs' implicitly generated dh_systemd_start calls.
2935+ We already call it explicitly with the right options, calling it again
2936+ with the default options stops libvirt-guests during upgrades.
2937+ (LP: #1533839)
2938+
2939+ -- Martin Pitt <martin.pitt@ubuntu.com> Mon, 18 Jan 2016 09:10:21 +0100
2940+
2941+libvirt (1.2.21-2ubuntu8) xenial; urgency=low
2942+
2943+ * d/libvirt-stop-guests: Skip Domain-0 on guest shutdown. Newer
2944+ versions of libvirt will include dom0 in the list of running domains
2945+ (with libxl). This special domain must be ignored.
2946+
2947+ -- Stefan Bader <stefan.bader@canonical.com> Thu, 14 Jan 2016 11:35:39 +0100
2948+
2949+libvirt (1.2.21-2ubuntu7) xenial; urgency=medium
2950+
2951+ * d/apparmor/libvirt-qemu: silence denial to shm/lttng file since shm
2952+ mountpoint has moved (LP: #1529319)
2953+
2954+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Mon, 11 Jan 2016 11:55:28 -0800
2955+
2956+libvirt (1.2.21-2ubuntu6) xenial; urgency=medium
2957+
2958+ * d/apparmor/libvirt-qemu: add r access to max_mem_regions vhost module
2959+ paramater (LP: #1531564)
2960+
2961+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Mon, 11 Jan 2016 11:33:02 -0800
2962+
2963+libvirt (1.2.21-2ubuntu5) xenial; urgency=medium
2964+
2965+ * SECURITY UPDATE: ACL bypass using storage pool directory traversal
2966+ - debian/patches/CVE-2015-5313.patch: filter filesystem volume names in
2967+ src/storage/storage_backend_fs.c.
2968+ - CVE-2015-5313
2969+
2970+ -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Fri, 08 Jan 2016 10:32:17 -0500
2971+
2972+libvirt (1.2.21-2ubuntu4) xenial; urgency=medium
2973+
2974+ * Revert Ubuntu-specific patch to build-depend on libsystemd-daemon-dev
2975+ instead of libsystemd-dev; libsystemd-daemon-dev is no longer built from
2976+ systemd source so we want libsystemd-dev.
2977+
2978+ -- Colin Watson <cjwatson@ubuntu.com> Tue, 29 Dec 2015 00:31:16 +0000
2979+
2980+libvirt (1.2.21-2ubuntu3) xenial; urgency=medium
2981+
2982+ * Fix build-test autopkgtest: it now expects to run with the current
2983+ directory set to the root of the unpacked source package, writes to
2984+ $ADTTMP rather than to the source package, and declares dependencies on
2985+ build-essential and pkg-config.
2986+
2987+ -- Colin Watson <cjwatson@ubuntu.com> Mon, 28 Dec 2015 05:25:54 +0000
2988+
2989+libvirt (1.2.21-2ubuntu2) xenial; urgency=medium
2990+
2991+ * d/apparmor/libvirt-qemu: add permission to the systemd-mounted hugepages
2992+ path. (LP: #1524737)
2993+
2994+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Thu, 17 Dec 2015 10:49:18 -0800
2995+
2996+libvirt (1.2.21-2ubuntu1) xenial; urgency=medium
2997+
2998+ * Merge from Debian unstable. Remaining changes:
2999+ - debian/apparmor/{libvirt-lxc,libvirt-qemu,local-usr.sbin.libvirtd,
3000+ TEMPLATE.lxc,TEMPLATE.qemu,usr.lib.libvirt.virt-aa-helper,
3001+ usr.sbin.libvirtd} Add apparmor profiles.
3002+ - debian/bug-presubj: removed
3003+ - debian/control:
3004+ - add cdbs, dh-autoreconf, libcurl4-gnutls-dev
3005+ - add libxml-libxml-perl, libhal-dev
3006+ - swap open-iscsi to open-iscsi-utils
3007+ - Enable numa support on ppc64el.
3008+ - remove libsanlock-dev, libselinux1-dev
3009+ - use libsystemd-daemon-dev instead of libsystemd-dev
3010+ - remove systemtap-sdt-dev, python, sheepdog, librados-dev, libfuse-dev
3011+ - remove libssh2-1, augeas-tools
3012+ - add libcgmanager-dev, xsltproc
3013+ - remove Vcs-Git
3014+ - adjust X-Python-Version > 2.7
3015+ - don't build libvirt-clients, libvirt-daemon, libvirt-sanlock packages
3016+ - keep debian/{libvirt-bin.apport,libvirt-bin.cron.daily}
3017+ - debian/libvirt-daemon.* has been mostly renamed to debian/libvirt-bin.*
3018+ - add upstart script for libvirt-bin
3019+ - debian/*.{links,maintscript} files not added
3020+ - keep ubuntu maintscript modifications
3021+ - debian/libvirt-sanlock* not merged
3022+ - debian/libvirt-clients* not merged
3023+ - keep debian/{libvirt-migrate-qemu-disks.*,
3024+ libvirt-migrate-qemu-machinetype.*,
3025+ libvirt-migrate-xend-managed-domains.*}
3026+ - keep debian/libvirt-suspendonreboot
3027+ - keep debian/libvirt-uri.sh
3028+ - debian/polkit/* not added
3029+ - debian/README.Debian:
3030+ - add 'Apparmor Profile' section
3031+ - add 'Disk migration' section
3032+ - debian/rules:
3033+ - add cdbs and autoconf stuff
3034+ - don't build WITH_SANLOCK, WITH_INIT_SCRIPT, WITH_SYSTEMD, WITH_FIREWALLD
3035+ WITH_SELINUX
3036+ - use qemu-group kvm instead of libvirt-qemu
3037+ - set DEB_DH_INSTALLINIT_ARGS to '--upstart-only'
3038+ - remove auto_test section
3039+ - add build/libvirt-bin:: section to install
3040+ - apparmor files
3041+ - apport hooks
3042+ - libvirt-migrate-qemu-disks
3043+ - use clean:: instead of dh_*clean
3044+ - Move ubuntu specific patches to 'debian/patches/ubuntu'
3045+ * Dropped patches:
3046+ - drop 9033-apparmor-use-TEMPLATE.qemu-for-kvm.patch (upstream 16d2bc8b)
3047+ - drop 9036-util-prepare-uri-for-libxml2-2.9.2.patch (upstream 8f17d0ea)
3048+ - drop 9040-virt-aa-helper-add-unix-channels (upstream 03d7462d)
3049+ - drop CVE-2014-3633.patch (upstream 3e745e8f)
3050+ - drop CVE-2014-3657.patch (upstream fc22b2e7)
3051+ - drop CVE-2014-7823.patch (upstream b1674ad5)
3052+ - drop Don-t-fail-if-we-can-t-setup-avahi.patch (dropped in debian)
3053+ - drop add-ppc64le-support.patch (upstream 9265fd19, addce06c, 1e911742,
3054+ bdbe723f, 5e4f49ab)
3055+ - drop blockdev-migration patches (upstream 1049a8d8, 9c5efd1a, cb7297c1,
3056+ a5250449, e9ef8565, 952907f5, 5eb03b6e, 93a19e28, a4e92f9e, de0aeafe)
3057+ - storage-allow-zero-capacity-with-non-backing-file-to.patch,
3058+ tests-add-vol-qcow2-zerocapacity-test-to-storagevolx.patch
3059+ (upstream 0bcda653, b8cc0cc5)
3060+ - ubuntu/fix-ubuntu-xen-qemu-dm-path.patch dropped in favor of
3061+ Allow-xen-toolstack-to-find-it-s-binaries.patch
3062+ - drop ubuntu-libxl-Implement-basic-video-device-selection.patch
3063+ (upstream 1298daca)
3064+ - remove dont-include-non-migrateable-features-in-host-model
3065+ (upstream and not included in series)
3066+ - remove upstream-libxl-Allow-libxl-to-find-pygrub-binary.patch
3067+ (upstream and not included in series)
3068+
3069+ -- Chris J Arges <chris.j.arges@canonical.com> Wed, 02 Dec 2015 12:06:09 -0600
3070+
3071 libvirt (1.2.21-2) unstable; urgency=medium
3072
3073 * [014a0c7] Add a build test to verify that the we can link against libvirt
3074@@ -1387,6 +4361,163 @@ libvirt (1.2.18-1) experimental; urgency=medium
3075
3076 -- Guido Günther <agx@sigxcpu.org> Tue, 11 Aug 2015 21:19:43 +0200
3077
3078+libvirt (1.2.16-2ubuntu14) xenial; urgency=medium
3079+
3080+ * debian/apparmor/libvirt-qemu: add a bunch of newly available qemu-*
3081+ architecture binaries. (LP: #1519030)
3082+
3083+ -- Dimitri John Ledkov <xnox@ubuntu.com> Mon, 23 Nov 2015 17:42:52 +0000
3084+
3085+libvirt (1.2.16-2ubuntu13) xenial; urgency=medium
3086+
3087+ * debian/control: switch ebtables from Recommends to Depends or default
3088+ configuration network doesn't get created. (LP: #1505576)
3089+
3090+ -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Thu, 05 Nov 2015 15:14:04 -0600
3091+
3092+libvirt (1.2.16-2ubuntu12) xenial; urgency=medium
3093+
3094+ * virt-aa-helper apparmor policy: add 'network inet6' (LP: #1511830)
3095+
3096+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Mon, 02 Nov 2015 11:49:56 -0600
3097+
3098+libvirt (1.2.16-2ubuntu11) wily; urgency=medium
3099+
3100+ * Fix the preinst and postinst: the check for whether libvirt-bin was
3101+ running was wrong for upstart systems, but we don't need to do that
3102+ anyway - just stop libvirt-bin unconditionally. (LP: #1499199)
3103+ * libvirt-guests.service: fix libvirtd.service -> libvirt-bin.service
3104+
3105+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Sun, 27 Sep 2015 15:47:08 +0000
3106+
3107+libvirt (1.2.16-2ubuntu10) wily; urgency=medium
3108+
3109+ * Add qemu-block-extra libraries to libvirt apparmor profile (LP: #1495895)
3110+
3111+ -- Ryan Harper <ryan.harper@canonical.com> Wed, 16 Sep 2015 13:20:48 -0500
3112+
3113+libvirt (1.2.16-2ubuntu9) wily; urgency=medium
3114+
3115+ * Add upstream patches implementing a '--migrate-disks' option to virsh
3116+ migrate to specify block devices to migrate. (LP: #1398999)
3117+
3118+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Fri, 04 Sep 2015 09:29:52 -0500
3119+
3120+libvirt (1.2.16-2ubuntu8) wily; urgency=medium
3121+
3122+ * Support OVMF images in virt-aa-helper. (LP: #1483071)
3123+ * Fix the libvirt-bin.preinst to not stop libvirt-bin on upgrade
3124+ from 1.2.16-2ubuntu7.
3125+
3126+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Fri, 14 Aug 2015 07:34:30 -0500
3127+
3128+libvirt (1.2.16-2ubuntu7) wily; urgency=medium
3129+
3130+ * Stop libvirt-bin at pre-inst if upgrading from a non-systemd version,
3131+ restart at postinst. (This can be removed after 16.04 release)
3132+ * Commonize stopping of vms in upstart/systemd.
3133+
3134+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Tue, 11 Aug 2015 17:40:36 -0500
3135+
3136+libvirt (1.2.16-2ubuntu6) wily; urgency=medium
3137+
3138+ * Add systemd units and libvirt-stop-guests script to stop VMs before
3139+ a host completes shutdown (LP: #1480440)
3140+
3141+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Tue, 11 Aug 2015 15:42:29 -0500
3142+
3143+libvirt (1.2.16-2ubuntu5) wily; urgency=medium
3144+
3145+ * debian/control changes:
3146+ - Replace module-init-tools with kmod
3147+ * debian/tests:
3148+ - add autopkgtests from Debian
3149+
3150+ -- Chris J Arges <chris.j.arges@canonical.com> Fri, 10 Jul 2015 14:15:48 -0500
3151+
3152+libvirt (1.2.16-2ubuntu4) wily; urgency=medium
3153+
3154+ * d/p/{storage-allow-zero-capacity-with-non-backing-file-to.patch,
3155+ tests-add-vol-qcow2-zerocapacity-test-to-storagevolx.patch} added to address
3156+ (LP: #1459748). Allow zero capacity storage creation with non-backing file.
3157+
3158+ -- Chris J Arges <chris.j.arges@canonical.com> Fri, 10 Jul 2015 12:50:50 -0500
3159+
3160+libvirt (1.2.16-2ubuntu3) wily; urgency=medium
3161+
3162+ * debian/apparmor/libvirt-qemu:
3163+ allow serial console backed by pts chardev (LP: #1342083)
3164+
3165+ -- Chris J Arges <chris.j.arges@canonical.com> Tue, 07 Jul 2015 16:38:17 -0500
3166+
3167+libvirt (1.2.16-2ubuntu2) wily; urgency=low
3168+
3169+ [ Chris J Arges ]
3170+ * Merge from Debian unstable. Remaining changes:
3171+ - debian/apparmor/{libvirt-lxc,libvirt-qemu,local-usr.sbin.libvirtd,
3172+ TEMPLATE.lxc,TEMPLATE.qemu,usr.lib.libvirt.virt-aa-helper,
3173+ usr.sbin.libvirtd} Add apparmor profiles.
3174+ - debian/bug-presubj: removed
3175+ - debian/control:
3176+ - add cdbs, dh-autoreconf, libcurl4-gnutls-dev
3177+ - add libxml-libxml-perl, libhal-dev
3178+ - swap open-iscsi to open-iscsi-utils
3179+ - Enable numa support on ppc64 and ppc64el.
3180+ - remove libsanlock-dev, libselinux1-dev, libsystemd-daemon-dev
3181+ - remove systemtap-sdt-dev, python, sheepdog, librados-dev, libfuse-dev
3182+ - remove libssh2-1, augeas-tools
3183+ - add libcgmanager-dev, xsltproc
3184+ - remove Vcs-Git
3185+ - adjust X-Python-Version > 2.7
3186+ - don't build libvirt-clients, libvirt-daemon, libvirt-sanlock packages
3187+ * keep debian/{libvirt-bin.apport,libvirt-bin.cron.daily}
3188+ * debian/libvirt-daemon.* has been mostly renamed to debian/libvirt-bin.*
3189+ * add upstart script for libvirt-bin
3190+ * debian/*.links files not added
3191+ * debian/libvirt-sanlock* not merged
3192+ * debian/libvirt-clients* not merged
3193+ * debian smoke tests not merged
3194+ * keep debian/{libvirt-migrate-qemu-disks.*,
3195+ libvirt-migrate-qemu-machinetype.*,
3196+ libvirt-migrate-xend-managed-domains.*}
3197+ * keep debian/libvirt-suspendonreboot
3198+ * keep debian/libvirt-uri.sh
3199+ * Don't apply the following patches:
3200+ - d/p/Debianize-libvirt-guests.patch
3201+ - d/p/Debianize-systemd-service-files.patch
3202+ - d/p/debian/Debianize-virtlockd.patch
3203+ - d/p/fix-Debian-specific-path-to-hvm-loader.patch
3204+ - d/p/Disable-gnulib-s-test-nonplocking-pipe.sh.patch
3205+ - d/p/patch-qemuMonitorTextGetMigrationStatus-to-intercept.patch
3206+ * debian/polkit/* not added
3207+ * debian/README.Debian:
3208+ - add 'Apparmor Profile' section
3209+ - add 'Disk migration' section
3210+ * debian/rules:
3211+ - add cdbs and autoconf stuff
3212+ - don't build WITH_SANLOCK, WITH_INIT_SCRIPT, WITH_SYSTEMD, WITH_FIREWALLD
3213+ WITH_SELINUX
3214+ - use qemu-group kvm instead of libvirt-qemu
3215+ - set DEB_DH_INSTALLINIT_ARGS to '--upstart-only'
3216+ - remove auto_test section
3217+ - add build/libvirt-bin:: section to install
3218+ - apparmor files
3219+ - apport hooks
3220+ - libvirt-migrate-qemu-disks
3221+ - use clean:: instead of dh_*clean
3222+
3223+ [ Chuck Short ]
3224+ + Rediffed:
3225+ - debian/patches/storage-default-permission-mode-to-0711
3226+ - debian/patches/ubuntu_machine_type.patch
3227+ * debian/libvirt-bin.init: Adjust avahi to avahi-daemon (LP: #1453572)
3228+
3229+ [ Serge Hallyn ]
3230+ * 9040-virt-aa-helper-add-unix-channels.patch: add support for unix
3231+ sockets for serials. (LP: #1015154)
3232+
3233+ -- Chris J Arges <chris.j.arges@canonical.com> Wed, 01 Jul 2015 13:33:40 -0500
3234+
3235 libvirt (1.2.16-2) unstable; urgency=medium
3236
3237 * [0266267] Build-Depend and suggest nfs-common
3238@@ -1452,6 +4583,49 @@ libvirt (1.2.15-1) experimental; urgency=medium
3239
3240 -- Guido Günther <agx@sigxcpu.org> Tue, 05 May 2015 19:26:21 +0200
3241
3242+libvirt (1.2.15-0ubuntu4) wily; urgency=medium
3243+
3244+ * Add post-start to upstart (/etc/init/libvirt-bin.conf) and
3245+ sysv (/etc/init.d/libvirt-bin) jobs to ensure libvirt-sock
3246+ created before up (LP: #1455608)
3247+
3248+ -- Edward Hope-Morley <edward.hope-morley@canonical.com> Thu, 28 May 2015 16:06:44 +0100
3249+
3250+libvirt (1.2.15-0ubuntu3) wily; urgency=low
3251+
3252+ * d/p/ubuntu-libxl-qemu-path.patch: Set correct path for qemu binary
3253+ for new configs and convert old configs using qemu-dm.
3254+ (LP: #1459600)
3255+ * d/p/ubuntu-libxl-hvmloader-path.patch: Get Xen version from dpkg-query
3256+ at compile time and set LIBXL_FIRMWARE_DIR as long as libxen-dev does
3257+ not provide a xenlight.pc file. Use that directory to update existing
3258+ configs.
3259+ (LP: #1459603)
3260+
3261+ -- Stefan Bader <stefan.bader@canonical.com> Thu, 28 May 2015 12:21:23 +0200
3262+
3263+libvirt (1.2.15-0ubuntu2) wily; urgency=medium
3264+
3265+ * debian/apparmor/libvirt-qemu: add /sys read accesses needed by newer
3266+ qemu: /sys/devices/system/node/, /sys/devices/system/cpu/ and
3267+ /sys/devices/system/node/node[0-9]*/meminfo
3268+
3269+ -- Jamie Strandboge <jamie@ubuntu.com> Wed, 13 May 2015 16:41:54 -0500
3270+
3271+libvirt (1.2.15-0ubuntu1) wily; urgency=medium
3272+
3273+ * New upstream release:
3274+ + Dropped patches:
3275+ - d/p/add-cgmanager-support.patch
3276+ - d/p/cgmanager-mutex
3277+ - d/p/cgm-ignore-machined-failure
3278+ - d/p/9020-lp545795.patch
3279+ - d/pa/ubuntu-libxl-qemu-nopath.patch
3280+ - d/p/ubuntu-libxl-migrate-dm.patch
3281+ - d/p9037-virt-aa-helper-add-unix-channels-esp-for-qemu-guest-.patch
3282+
3283+ -- Chuck Short <zulcss@ubuntu.com> Thu, 07 May 2015 10:27:49 -0400
3284+
3285 libvirt (1.2.15~rc2-1) experimental; urgency=medium
3286
3287 * [852e3c3] New upstream version 1.2.15~rc2
3288@@ -1510,37 +4684,141 @@ libvirt (1.2.12-1) experimental; urgency=medium
3289
3290 -- Guido Günther <agx@sigxcpu.org> Thu, 29 Jan 2015 11:02:21 +0100
3291
3292-libvirt (1.2.12~rc2-1) experimental; urgency=medium
3293+libvirt (1.2.12-0ubuntu12) vivid; urgency=low
3294
3295- * [67f2b22] New upstream version 1.2.12~rc2
3296- (Closes: #776065)
3297+ * Add profile script to automatically set the default URI based on
3298+ the currently running hyperisor (Xen or KVM/Qemu).
3299+ (LP: #1334749)
3300
3301- -- Guido Günther <agx@sigxcpu.org> Sun, 25 Jan 2015 13:02:59 +0100
3302+ -- Stefan Bader <stefan.bader@canonical.com> Tue, 14 Apr 2015 09:02:52 -0500
3303
3304-libvirt (1.2.12~rc1-1) experimental; urgency=medium
3305+libvirt (1.2.12-0ubuntu11) vivid; urgency=medium
3306
3307- * [994d31d] Bump standards version to 3.9.6
3308- no changes required
3309- * [7b59a26] New upstream version 1.2.12~rc1
3310- * [0a755e3] Dropped patches applied upstram.
3311- lxc-Don-t-crash-on-NULL-ifname_guest_actual.patch
3312- lxc-Move-setting-ifname_guest_actual-to-virLXCSetupI.patch
3313- Rediff remaining patches.
3314- * [9511acf] Document surprises on CPU microcode updates (Closes: #773706)
3315- * [3e325df] Install lock drivers (Closes: #773706)
3316- * [970de51] Bump symbol versions
3317+ * create /var/lib/libvirt/qemu/channel/target (LP: #1393842)
3318+ - libvirt-bin.dirs: add /var/lib/libvirt/qemu/channel/target
3319+ - libvirt-bin.postinst: chown target directory to libvirt-qemu:kvm so
3320+ qemu can create the unix sockets.
3321
3322- -- Guido Günther <agx@sigxcpu.org> Thu, 22 Jan 2015 12:26:54 +0100
3323+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Thu, 09 Apr 2015 10:40:05 -0500
3324
3325-libvirt (1.2.11-1) experimental; urgency=medium
3326+libvirt (1.2.12-0ubuntu10) vivid; urgency=medium
3327
3328- * [1377d56] lxc: Fix crash when using interface type 'direct'
3329- (Closes: #769600) Thanks to Bastian Blank for the patch
3330- * [88f9426] Adjust gbp.conf for experimental
3331- * [0b196d9] New upstream version 1.2.11
3332- * [113b58b] Rediff patches
3333+ * Fix previous patch to ignore any abstract unix domain sockets
3334+ * Update the cgmanager patch so that container start and stop work under
3335+ systemd. (LP: #1438730) In 15.10 we will drop the cgmanager patch(es).
3336
3337- -- Guido Günther <agx@sigxcpu.org> Thu, 22 Jan 2015 10:29:41 +0100
3338+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Wed, 08 Apr 2015 10:58:04 -0500
3339+
3340+libvirt (1.2.12-0ubuntu9) vivid; urgency=medium
3341+
3342+ * 9037-virt-aa-helper-add-unix-channels-esp-for-qemu-guest-.patch: Allow
3343+ libvirt domains to start when using qemu guest agent. (LP: #1393842)
3344+
3345+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Mon, 06 Apr 2015 11:14:03 -0500
3346+
3347+libvirt (1.2.12-0ubuntu8) vivid; urgency=medium
3348+
3349+ * silence denial of attempted reads of lttng files (LP: #1432644)
3350+
3351+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Fri, 27 Mar 2015 21:36:27 -0500
3352+
3353+libvirt (1.2.12-0ubuntu7) vivid; urgency=low
3354+
3355+ * No-change rebuild to pull in libxen-dev 4.5
3356+
3357+ -- Stefan Bader <stefan.bader@canonical.com> Wed, 25 Feb 2015 18:31:16 +0100
3358+
3359+libvirt (1.2.12-0ubuntu6) vivid; urgency=low
3360+
3361+ * Fix xml validation for Xen by allowing non-absolute path values
3362+ in loader and bootloader elements (LP: #1425497).
3363+ * Fix up Xen emulator in old configurations and for new definitions to
3364+ point to /usr/bin/qemu-system-i386 (LP: #1425497).
3365+
3366+ -- Stefan Bader <stefan.bader@canonical.com> Fri, 13 Feb 2015 17:57:27 +0100
3367+
3368+libvirt (1.2.12-0ubuntu5) vivid; urgency=medium
3369+
3370+ * Remove smoser-ppc64le-is-ppc64.patch - the problem will be solved by the
3371+ qemu-system-ppcle symlink in qemu-system-ppc package.
3372+
3373+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Thu, 12 Feb 2015 15:38:39 -0600
3374+
3375+libvirt (1.2.12-0ubuntu4) vivid; urgency=medium
3376+
3377+ * libvirt-qemu: allow kvm script on ppc to execute uname
3378+
3379+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Thu, 12 Feb 2015 14:05:14 -0600
3380+
3381+libvirt (1.2.12-0ubuntu3) vivid; urgency=medium
3382+
3383+ * Apply patch from smoser to make libvirt on ppc64le functional.
3384+ (LP: #1418221)
3385+
3386+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Mon, 09 Feb 2015 12:09:49 -0600
3387+
3388+libvirt (1.2.12-0ubuntu2) vivid; urgency=medium
3389+
3390+ * debian/control: Use libxml-libxml-perl instead of libxml-xpath-perl.
3391+ * debian/patches/docs-remove-xpath.patch: Use libxml instead of XPath.
3392+
3393+ -- Chuck Short <zulcss@ubuntu.com> Fri, 06 Feb 2015 11:28:15 -0500
3394+
3395+libvirt (1.2.12-0ubuntu1) vivid; urgency=medium
3396+
3397+ * New upstream release
3398+ * Rediffed patches:
3399+ - debian/patches/9030-create-socket-dir
3400+ - debian/patches/add-cgmanager-support.patch
3401+ - debian/patches/cgroups-ignore-systemd-failure
3402+ * Dropped patches:
3403+ - debian/patches/ubuntu-libxl-Implement-basic-video-device-selection.patch
3404+ - debian/patches/ubuntu-libxl-Fix-up-VRAM-to-minimum-requirements.patch
3405+ - debian/patches/9033-apparmor-use-TEMPLATE.qemu-for-kvm.patch
3406+ - debian/patches/-CVE-2014-3633.patch
3407+ - debian/patches/dont-include-non-migrateable-features-in-host-model
3408+ - debian/patches/9036-util-prepare-uri-for-libxml2-2.9.2.patch
3409+ - debian/patches/CVE-2014-3657.patch
3410+ - debian/patches/CVE-2014-7823.patch
3411+ - debian/patches/add-ppc64le-support.patch
3412+ - debian/patches/upstream-libxl-Allow-libxl-to-find-pygrub-binary.patch
3413+ * debian/control: Add libxml-xpath-perl and xsltproc to dependencies
3414+ * debian/patches/skip-vircgrouptest.patch: Skip cgroup tests.
3415+ * debian/patches/disable-network-test.patch: Skip network tests
3416+
3417+ -- Chuck Short <zulcss@ubuntu.com> Tue, 03 Feb 2015 13:12:36 -0500
3418+
3419+libvirt (1.2.12~rc2-1) experimental; urgency=medium
3420+
3421+ * [67f2b22] New upstream version 1.2.12~rc2
3422+ (Closes: #776065)
3423+
3424+ -- Guido Günther <agx@sigxcpu.org> Sun, 25 Jan 2015 13:02:59 +0100
3425+
3426+libvirt (1.2.12~rc1-1) experimental; urgency=medium
3427+
3428+ * [994d31d] Bump standards version to 3.9.6
3429+ no changes required
3430+ * [7b59a26] New upstream version 1.2.12~rc1
3431+ * [0a755e3] Dropped patches applied upstram.
3432+ lxc-Don-t-crash-on-NULL-ifname_guest_actual.patch
3433+ lxc-Move-setting-ifname_guest_actual-to-virLXCSetupI.patch
3434+ Rediff remaining patches.
3435+ * [9511acf] Document surprises on CPU microcode updates (Closes: #773706)
3436+ * [3e325df] Install lock drivers (Closes: #773706)
3437+ * [970de51] Bump symbol versions
3438+
3439+ -- Guido Günther <agx@sigxcpu.org> Thu, 22 Jan 2015 12:26:54 +0100
3440+
3441+libvirt (1.2.11-1) experimental; urgency=medium
3442+
3443+ * [1377d56] lxc: Fix crash when using interface type 'direct'
3444+ (Closes: #769600) Thanks to Bastian Blank for the patch
3445+ * [88f9426] Adjust gbp.conf for experimental
3446+ * [0b196d9] New upstream version 1.2.11
3447+ * [113b58b] Rediff patches
3448+
3449+ -- Guido Günther <agx@sigxcpu.org> Thu, 22 Jan 2015 10:29:41 +0100
3450
3451 libvirt (1.2.11~rc1-1) experimental; urgency=medium
3452
3453@@ -1751,6 +5029,212 @@ libvirt (1.2.8-1) experimental; urgency=medium
3454
3455 -- Guido Günther <agx@sigxcpu.org> Fri, 05 Sep 2014 19:56:50 +0200
3456
3457+libvirt (1.2.8-0ubuntu21) vivid; urgency=medium
3458+
3459+ * d/apparmor/libvirt-qemu: Update the ceph.conf allow rule (LP: #1403648)
3460+
3461+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Fri, 30 Jan 2015 10:02:20 +0100
3462+
3463+libvirt (1.2.8-0ubuntu20) vivid; urgency=medium
3464+
3465+ * debian/rules:
3466+ - use --with-esx (LP: #565771)
3467+ - specify restart-after-upgrade (LP: #1215617)
3468+ * debian/control: add libcurl4-gnutls-dev for esx support
3469+
3470+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Wed, 21 Jan 2015 13:01:59 -0600
3471+
3472+libvirt (1.2.8-0ubuntu19) vivid; urgency=medium
3473+
3474+ * apparmor libvirt-qemu template: allow reading charm-specific ceph config
3475+ and silence denials for /tmp/**. (LP: #1403648)
3476+
3477+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Tue, 06 Jan 2015 10:27:33 -0600
3478+
3479+libvirt (1.2.8-0ubuntu18) vivid; urgency=medium
3480+
3481+ * mutex cgmanager actions (Thanks to Don Bowman for finding the cause)
3482+ (LP: #1397130) (LP: #1367702)
3483+
3484+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Thu, 18 Dec 2014 13:28:03 -0600
3485+
3486+libvirt (1.2.8-0ubuntu17) vivid; urgency=low
3487+
3488+ * d/p/upstream-libxl-Allow-libxl-to-find-pygrub-binary.patch:
3489+ Allow libxl to figure out the path to pygrub. (LP: #1396942)
3490+
3491+ -- Stefan Bader <stefan.bader@canonical.com> Thu, 11 Dec 2014 09:51:20 +0100
3492+
3493+libvirt (1.2.8-0ubuntu16) vivid; urgency=medium
3494+
3495+ * debian/patches/add-ppc64le-support.patch: Added patches needed
3496+ for ppc64le support. (LP: #1396070)
3497+
3498+ -- Chuck Short <zulcss@ubuntu.com> Thu, 27 Nov 2014 08:57:35 -0500
3499+
3500+libvirt (1.2.8-0ubuntu15) vivid; urgency=medium
3501+
3502+ * libvirt-qemu: add r to sgabios.bin (LP: #1393548)
3503+
3504+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Mon, 17 Nov 2014 15:05:22 -0600
3505+
3506+libvirt (1.2.8-0ubuntu14) vivid; urgency=medium
3507+
3508+ [ Serge Hallyn ]
3509+ * 9036-util-prepare-uri-for-libxml2-2.9.2.patch: fix FTBFS against new
3510+ libxml 2.9.2 (LP: #1390637)
3511+
3512+ [ Marc Deslauriers ]
3513+ * SECURITY UPDATE: denial of service via virConnectListAllDomains
3514+ - debian/patches/CVE-2014-3657.patch: fix domain deadlock in
3515+ src/conf/domain_conf.c.
3516+ - CVE-2014-3657
3517+ * SECURITY UPDATE: xml information leak with read-only connections
3518+ - debian/patches/CVE-2014-7823.patch: check for migratable flag in
3519+ src/libvirt.c, src/remote/remote_protocol.x.
3520+ - CVE-2014-7823
3521+
3522+ -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Tue, 11 Nov 2014 13:14:00 -0500
3523+
3524+libvirt (1.2.8-0ubuntu13) vivid; urgency=medium
3525+
3526+ * cull too-new apparmor rules depending on target host (LP: #1387251)
3527+ * add mising apparmor permissions for slof (LP: #1374554)
3528+
3529+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Fri, 07 Nov 2014 20:32:23 +0000
3530+
3531+libvirt (1.2.8-0ubuntu12) vivid; urgency=medium
3532+
3533+ * complete the 9p support: (LP: #1378434)
3534+ - libvirt-qemu: add fowner and fsetid
3535+ - virt-aa-helper: add 'l' to 9p file options
3536+ * dont-include-non-migrateable-features-in-host-model (LP: #1386503)
3537+
3538+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Wed, 29 Oct 2014 15:07:21 -0500
3539+
3540+libvirt (1.2.8-0ubuntu11) utopic; urgency=medium
3541+
3542+ [ Felix Geyer ]
3543+ * d/p/ubuntu_machine_type.patch: Fix No PCI buses available. (LP: #1379346).
3544+
3545+ -- Chris J Arges <chris.j.arges@canonical.com> Thu, 09 Oct 2014 08:57:27 -0500
3546+
3547+libvirt (1.2.8-0ubuntu10) utopic; urgency=medium
3548+
3549+ * libvirt-bin.upstart: delay start until rc finished
3550+ This give hypervisors more time to finish their setup (LP: #1377900).
3551+ * libvirt-bin.upstart: add xen:/// uri to the list (LP: #1377960)
3552+
3553+ -- Stefan Bader <stefan.bader@canonical.com> Mon, 06 Oct 2014 16:23:06 +0200
3554+
3555+libvirt (1.2.8-0ubuntu9) utopic; urgency=medium
3556+
3557+ * libvirt-qemu apparmor template: add /sys/firmware/devicetree/** r
3558+ (LP: #1374554)
3559+
3560+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Wed, 01 Oct 2014 17:09:05 -0500
3561+
3562+libvirt (1.2.8-0ubuntu8) utopic; urgency=medium
3563+
3564+ * libvirt-bin.postinst: fix syntax error (s/if/fi/)
3565+
3566+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Tue, 30 Sep 2014 13:07:19 -0500
3567+
3568+libvirt (1.2.8-0ubuntu7) utopic; urgency=medium
3569+
3570+ * libvirt-bin.postinst: check for confiles whichhave been removed rather
3571+ than fail package install (LP: #1375910)
3572+
3573+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Tue, 30 Sep 2014 12:37:16 -0500
3574+
3575+libvirt (1.2.8-0ubuntu6) utopic; urgency=medium
3576+
3577+ * SECURITY UPDATE: denial of service or information disclosure via
3578+ virDomainGetBlockIoTune
3579+ - debian/patches/CVE-2014-3633.patch: use correct definition when
3580+ looking up disk in src/qemu/qemu_driver.c.
3581+ - CVE-2014-3633
3582+
3583+ -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Mon, 29 Sep 2014 15:23:37 -0400
3584+
3585+libvirt (1.2.8-0ubuntu5) utopic; urgency=medium
3586+
3587+ * debian/apparmor/libvirt-lxc (sync with container-base with lxc):
3588+ - remove bare 'signal' and 'ptrace' rules (base abstraction covers most
3589+ of what we need)
3590+ - allow signal (receive) peer=/usr/sbin/libvirtd
3591+ - allow ptrace peer=@{profile_name}
3592+ - deny mount options=(ro, remount, silent) -> /
3593+ - allow mount fstype=hugetlbfs
3594+ - shuffle a couple of rules around to make it easier to diff with lxc
3595+ policy
3596+ * debian/apparmor/TEMPLATE.lxc (sync with lxc-default):
3597+ - use attach_disconnected and mediate_deleted
3598+ - deny mount fstype=devpts,
3599+
3600+ -- Jamie Strandboge <jamie@ubuntu.com> Thu, 25 Sep 2014 16:24:21 -0500
3601+
3602+libvirt (1.2.8-0ubuntu4) utopic; urgency=medium
3603+
3604+ * debian/apparmor/usr.sbin.libvirtd: allow 'network netlink'
3605+
3606+ -- Jamie Strandboge <jamie@ubuntu.com> Thu, 18 Sep 2014 15:15:13 -0500
3607+
3608+libvirt (1.2.8-0ubuntu3) utopic; urgency=medium
3609+
3610+ * 9033-apparmor-use-TEMPLATE.qemu-for-kvm.patch - fix failure to start
3611+ KVM vms.
3612+
3613+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Thu, 18 Sep 2014 14:08:04 -0500
3614+
3615+libvirt (1.2.8-0ubuntu2) utopic; urgency=low
3616+
3617+ * d/p/ubuntu-xend-probe.patch:
3618+ Update patch correctly and re-enable it. It seems like it only was
3619+ half updated and then disabled without reasons.
3620+ * d/p/ubuntu-libxl-Implement-basic-video-device-selection.patch:
3621+ Re-activate adapted patch. Some pieces made it into upstream as a
3622+ bug fix. The rest is still needed to allow selecing an alternate
3623+ graphics device for Xen HVM guests.
3624+ * d/p/ubuntu-libxl-Fix-up-VRAM-to-minimum-requirements.patch:
3625+ Re-activate unchanged patch (for some reason dropped when moving
3626+ to 1.2.6).
3627+ This one is a bit of a work-around mainly for virt-manager which sets
3628+ gfx memory to values below the minimum requirement for Xen. And the
3629+ UI does not allow to change that. This patch just goes for the minimum
3630+ in that case.
3631+
3632+ -- Stefan Bader <stefan.bader@canonical.com> Thu, 18 Sep 2014 10:00:36 +0200
3633+
3634+libvirt (1.2.8-0ubuntu1) utopic; urgency=medium
3635+
3636+ [ Chuck Short ]
3637+ * New upstream release: (LP: #1367422)
3638+ + Dropped:
3639+ - debian/patches/ovs-delete-port-if-exists-while-adding-new-one
3640+ + Refreshed:
3641+ - debian/patches/add-cgmanager-support.patch
3642+ - debian/patches/storage-default-permission-mode-to-0711
3643+
3644+ [ Serge Hallyn ]
3645+ * d/apparmor
3646+ - install TEMPLATE.qemu and TEMPLATE.lxc
3647+ - add libvirt-lxc abstraction, add permissions to it needed for
3648+ a ubuntu container to start.
3649+ - libvirt-qemu - add qemu-bridge-helper policy from upstream
3650+ - libvirt-qemu - add qemu-microblaze allows from upstream
3651+ - edit lxc.conf to enable apparmor by default (LP: #914716)
3652+ (LP: #1008393) (LP: #1088295)
3653+ * d/apparmor/libvirt-qemu: add /dev/shm as path to spice.* nodes
3654+ for systemd case. (LP: #1365163)
3655+ * d/p/9030-create-socket-dir - create session socket dir if
3656+ needed (Should be replaced eventually by the upstream fix)
3657+ * d/p/9032-lxc-allow-no-security-driver: don't fail if apparmor
3658+ driver is not available (else the qa-regression-tests fail with
3659+ skip_apparmor)
3660+
3661+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Mon, 15 Sep 2014 18:30:06 -0500
3662+
3663 libvirt (1.2.7-11) unstable; urgency=medium
3664
3665 * [6534478] Check status in a systemd 208 compatible way
3666@@ -1910,6 +5394,119 @@ libvirt (1.2.6-1) experimental; urgency=medium
3667
3668 -- Guido Günther <agx@sigxcpu.org> Tue, 22 Jul 2014 22:33:51 +0200
3669
3670+libvirt (1.2.6-0ubuntu6) utopic; urgency=medium
3671+
3672+ * debian/apparmor/usr.sbin.libvirtd: update for abstract socket mediation
3673+ (LP: #1362199)
3674+ * debian/apparmor/libvirt-qemu: allow 'r' on @{PROC}/sys/kernel/cap_last_cap
3675+ * debian/control: Suggests apparmor >= 2.8.96~2541-0ubuntu4~
3676+
3677+ -- Jamie Strandboge <jamie@ubuntu.com> Fri, 05 Sep 2014 17:32:16 -0500
3678+
3679+libvirt (1.2.6-0ubuntu5) utopic; urgency=medium
3680+
3681+ * cgroups-ignore-systemd-failure - fix incoming migration failures when
3682+ systemd-shim is installed.
3683+ * ovs-delete-port-if-exists-while-adding-new-one - cherrypick commit 33445ce
3684+ from upstream (LP: #1343262)
3685+
3686+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Fri, 08 Aug 2014 09:56:43 -0500
3687+
3688+libvirt (1.2.6-0ubuntu4) utopic; urgency=high
3689+
3690+ * No change rebuild against gnutls28.
3691+
3692+ -- Dimitri John Ledkov <xnox@ubuntu.com> Fri, 08 Aug 2014 13:28:03 +0100
3693+
3694+libvirt (1.2.6-0ubuntu3) utopic; urgency=medium
3695+
3696+ * debian/apparmor/usr.sbin.libvirtd - add cap-sys-resource to fully
3697+ fix (LP: #1276719)
3698+
3699+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Thu, 07 Aug 2014 12:43:20 -0500
3700+
3701+libvirt (1.2.6-0ubuntu2) utopic; urgency=medium
3702+
3703+ * Rebuild against libparted2.
3704+
3705+ -- Colin Watson <cjwatson@ubuntu.com> Mon, 21 Jul 2014 21:27:18 +0100
3706+
3707+libvirt (1.2.6-0ubuntu1) utopic; urgency=medium
3708+
3709+ * New upstream release:
3710+ + Dropped:
3711+ - debian/patches/virt-aa-helper-vhost.patch
3712+ - debian/patches/libxl-Implement-basic-video-device-selection.patch
3713+ - debian/patches/libxl-Fix-up-VRAM-to-minimum-requirements.patch
3714+ + debian/rules: Include packaging version in the log file. (LP: #1335221)
3715+
3716+ -- Chuck Short <zulcss@ubuntu.com> Fri, 04 Jul 2014 08:40:24 -0400
3717+
3718+libvirt (1.2.5-0ubuntu6) utopic; urgency=low
3719+
3720+ * libxl: Refresh patch(es) to allow the choice between Cirrus and
3721+ VGA for Xen HVM guests.
3722+ - d/p/libxl-Implement-basic-video-device-selection.patch [v4]
3723+ - d/p/libxl-Fix-up-VRAM-to-minimum-requirements.patch
3724+
3725+ -- Stefan Bader <stefan.bader@canonical.com> Mon, 30 Jun 2014 16:08:56 +0200
3726+
3727+libvirt (1.2.5-0ubuntu5) utopic; urgency=low
3728+
3729+ * debian/apparmor/usr.sbin.libvirtd: allow libvirtd to run
3730+ libxl-save-helper (required for save restore through libxl).
3731+ (LP: #1334195)
3732+
3733+ -- Stefan Bader <stefan.bader@canonical.com> Thu, 26 Jun 2014 15:53:05 +0200
3734+
3735+libvirt (1.2.5-0ubuntu4) utopic; urgency=low
3736+
3737+ * debian/apparmor/usr.sbin.libvirtd: allow pygrub to be run
3738+ (LP: #1326003)
3739+
3740+ -- Stefan Bader <stefan.bader@canonical.com> Wed, 18 Jun 2014 11:04:15 +0200
3741+
3742+libvirt (1.2.5-0ubuntu3) utopic; urgency=medium
3743+
3744+ * d/p/virt-aa-helper-vhost.patch: allow access to /dev/vhost-net if domain
3745+ needs it (LP: #1322568)
3746+
3747+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Tue, 17 Jun 2014 22:01:49 -0500
3748+
3749+libvirt (1.2.5-0ubuntu2) utopic; urgency=medium
3750+
3751+ * implement cgmanager support (LP: #1322677)
3752+ - debian/control: build-dep on libcgmanager-dev, depend on cgmanager
3753+ - d/p/add-cgmanager-support.patch
3754+
3755+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Tue, 17 Jun 2014 16:40:20 -0500
3756+
3757+libvirt (1.2.5-0ubuntu1) utopic; urgency=medium
3758+
3759+ [ Chuck Short ]
3760+ * New upstream version:
3761+ + Rediffed:
3762+ - d/p/ubuntu-xend-probe.patch
3763+ + Dropped:
3764+ - d/p/libxl-Check-for-control_d-string-to-decide-about-dom.patch
3765+ - d/p/libxl-do-not-use-virdomain-id.patch
3766+ - d/p/libxl-set-disk-format-for-cdrom.patch
3767+ - d/p/libxl-set-vfb0-data-in-build-config.patch
3768+ - d/p/libxl-support-sexpr-in-native-to-XML-conversion.patch
3769+ - d/p/patch-qemuMonitorTextGetMigrationStatus-to-intercept.patch
3770+ - d/p/accomodate-new-qemu-migration-status-setup.patch
3771+ - d/p/9025-apparmor-allow-access-to-filesystem-mounts
3772+ - d/p/add-a-mutex-to-serialize-updates-to-fw.patch
3773+ - d/p/arm-cpu-baseline.patch
3774+ + debian/control: Add ebtables, iptables, and qemu-utils as a build dependency.
3775+
3776+ [ Serge Hallyn ]
3777+ * d/p/ubuntu-skip-virstoragetest: skip a test that hangs in buildds.
3778+ * d/apparmor/TEMPLATE: replace libvirt-qemu with libvirt-driver to match
3779+ upstream commit 43c030f.
3780+
3781+ -- Chuck Short <zulcss@ubuntu.com> Mon, 02 Jun 2014 09:35:18 -0400
3782+
3783 libvirt (1.2.4-3) unstable; urgency=medium
3784
3785 * [b0b7359] Don't pretend kFreeBSD supports linux only features. So far we
3786@@ -1988,6 +5585,147 @@ libvirt (1.2.3-1) experimental; urgency=medium
3787
3788 -- Guido Günther <agx@sigxcpu.org> Mon, 07 Apr 2014 12:15:02 +0200
3789
3790+libvirt (1.2.2-0ubuntu13.2) utopic; urgency=medium
3791+
3792+ * debian/apparmor/libvirt-qemu: add device-tree access for ppc
3793+ (LP: #1321365)
3794+
3795+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Thu, 05 Jun 2014 12:06:17 -0500
3796+
3797+libvirt (1.2.2-0ubuntu13.1) trusty-proposed; urgency=medium
3798+
3799+ * debian/control: change apparmor dependency into an inverse conflicts,
3800+ so that libvirt can continue to be used without apparmor. (LP: #1304167)
3801+
3802+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Thu, 17 Apr 2014 10:42:08 -0500
3803+
3804+libvirt (1.2.2-0ubuntu13) trusty; urgency=medium
3805+
3806+ * Add a dependency on the new apparmor to make sure we have the new
3807+ parser around before we attempt to load a profile requiring the new
3808+ stanza support. (LP: #1304167)
3809+
3810+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Mon, 14 Apr 2014 11:03:37 -0500
3811+
3812+libvirt (1.2.2-0ubuntu12) trusty; urgency=low
3813+
3814+ * d/p/libxl-support-sexpr-in-native-to-XML-conversion.patch:
3815+ Allow to use libvirt to convert xend guest configurations into
3816+ xml format.
3817+ * Add libvirt-migrate-xend-managed-domains migration script.
3818+ (LP: #1303886)
3819+ * Added breaks for xen-utils-4.(1|3) to ensure postinst order.
3820+
3821+ -- Stefan Bader <stefan.bader@canonical.com> Tue, 08 Apr 2014 19:55:29 +0200
3822+
3823+libvirt (1.2.2-0ubuntu11) trusty; urgency=medium
3824+
3825+ * debian/patches/recognize-trusty-machine-type.patch: Revert patch
3826+ since it was causing issues with virtio deivces. (LP: #1304107)
3827+
3828+ -- Chuck Short <zulcss@ubuntu.com> Tue, 08 Apr 2014 12:51:55 -0400
3829+
3830+libvirt (1.2.2-0ubuntu10) trusty; urgency=medium
3831+
3832+ * d/p/recognize-trusty-machine-type.patch: handle "trusty" qemu machine type
3833+ (LP: #1294823)
3834+
3835+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Fri, 04 Apr 2014 09:29:22 -0500
3836+
3837+libvirt (1.2.2-0ubuntu9) trusty; urgency=medium
3838+
3839+ [ Jamie Strandboge ]
3840+ * updates for AppArmor signals and ptrace mediation (LP: #1298611)
3841+ - debian/apparmor/libvirt-qemu: allow guests to receive signals from and
3842+ be tracedby libvirtd (additional signal and ptrace rules come from the
3843+ AppArmor base abstraction)
3844+ - debian/apparmor/usr.sbin.libvirtd:
3845+ + grant bare signal and ptrace rule
3846+ + grant dbus on the system bus (should have been added in 13.10)
3847+
3848+ -- Tyler Hicks <tyhicks@canonical.com> Thu, 03 Apr 2014 02:09:53 -0500
3849+
3850+libvirt (1.2.2-0ubuntu8) trusty; urgency=medium
3851+
3852+ * debian/apparmor/libvirt-qemu: Allow qemu-system-aarch64 to be used.
3853+ (LP: #1301516)
3854+
3855+ -- Chuck Short <zulcss@ubuntu.com> Wed, 02 Apr 2014 14:20:39 -0400
3856+
3857+libvirt (1.2.2-0ubuntu7) trusty; urgency=low
3858+
3859+ * d/p/libxl-Create-log-directory-earlier.patch:
3860+ Move creation of log directory inside function that tries to create
3861+ a log file inside of it. Fixes startup when the libxl log directory
3862+ has not been created, yet.
3863+ * d/p/libxl-do-not-use-virdomain-id.patch:
3864+ Replace usage of dom->id with vm->def-id inside the driver (as that
3865+ is not getting stale). Fixes guest creation and reboot through
3866+ virt-manager (apart from possibly other things).
3867+ * d/p/libxl-set-disk-format-for-cdrom.patch:
3868+ Set disk format, otherwise an empty virtual CDROM makes the guest
3869+ unstartable.
3870+ * d/p/libxl-set-vfb0-data-in-build-config.patch:
3871+ Actually set video and display data in the domain build info. Beside
3872+ of preventing disagreement about VNC ports, this allows to select
3873+ standard VGA graphics and more VRAM trhough libvirt.
3874+
3875+ -- Stefan Bader <stefan.bader@canonical.com> Thu, 27 Mar 2014 16:46:31 +0100
3876+
3877+libvirt (1.2.2-0ubuntu6) trusty; urgency=medium
3878+
3879+ * debian/libvirt-bin.dirs: Add /var/log/libvirt/libxl.
3880+
3881+ -- Chuck Short <zulcss@ubuntu.com> Mon, 24 Mar 2014 14:32:54 -0400
3882+
3883+libvirt (1.2.2-0ubuntu5) trusty; urgency=low
3884+
3885+ * Refreshed d/p/libxl-Check-for-control_d-string-to-decide-about-dom.patch
3886+ to avoid logging an error when file is not present.
3887+
3888+ -- Stefan Bader <stefan.bader@canonical.com> Fri, 21 Mar 2014 09:49:36 +0100
3889+
3890+libvirt (1.2.2-0ubuntu4) trusty; urgency=medium
3891+
3892+ * debian/patches/arm-cpu-baseline.patch: Implement a stub cpuArchDriver.baseline()
3893+ handler for arm.
3894+
3895+ -- Chuck Short <zulcss@ubuntu.com> Mon, 17 Mar 2014 10:59:49 -0400
3896+
3897+libvirt (1.2.2-0ubuntu3) trusty; urgency=low
3898+
3899+ * d/p/libxl-Check-for-control_d-string-to-decide-about-dom.patch: Prevent
3900+ using the libxl driver when not running in dom0 but having xenfs mounted.
3901+ (LP: #1248025)
3902+
3903+ -- Stefan Bader <stefan.bader@canonical.com> Wed, 12 Mar 2014 14:16:14 +0100
3904+
3905+libvirt (1.2.2-0ubuntu2) trusty; urgency=medium
3906+
3907+ * d/p/add-a-mutex-to-serialize-updates-to-fw.patch: fix another deadlock
3908+ when starting a large number of VMs. (LP: #1228977)
3909+
3910+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Tue, 11 Mar 2014 14:08:02 -0500
3911+
3912+libvirt (1.2.2-0ubuntu1) trusty; urgency=medium
3913+
3914+ * New upstream release:
3915+ - Rediffed patches:
3916+ - debian/patches/Allow-libvirt-group-to-access-the-socket.patch
3917+ - debian/patches/9004-libvirtd-group-name.patch
3918+ - debian/patches/dnsmasq-as-priv-user
3919+ - Dropped patches:
3920+ - debian/patches/9005-increase-unix-socket-timeout.patch: No longer
3921+ needed.
3922+ - debian/patches/rbd-storage-format.patch: No longer needed.
3923+ - debian/patches/9022-qemu-enable-host-passthrough-mode-for-aarch64:
3924+ No longer needed.
3925+ - debian/patches/9023-xen-fix-parsing-xend-http-response.patch:
3926+ No longer needed.
3927+ - debian/patches/
3928+
3929+ -- Chuck Short <zulcss@ubuntu.com> Mon, 03 Mar 2014 13:30:36 -0500
3930+
3931 libvirt (1.2.1-2) unstable; urgency=medium
3932
3933 * [e936a7e] Document libvirt user capabilities
3934@@ -2007,6 +5745,79 @@ libvirt (1.2.1-1) unstable; urgency=medium
3935
3936 -- Guido Günther <agx@sigxcpu.org> Fri, 17 Jan 2014 06:16:29 +0100
3937
3938+libvirt (1.2.1-0ubuntu10) trusty; urgency=medium
3939+
3940+ * Pull patch from mailing list (merged with separate patch posted to the
3941+ bug) to fix 9p mounts. (LP: #1285995)
3942+
3943+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Fri, 28 Feb 2014 09:34:54 -0600
3944+
3945+libvirt (1.2.1-0ubuntu9) trusty; urgency=medium
3946+
3947+ * Cherrypick 9024-qemu-implement-a-stub-baseline-handler-for-aarch64 from
3948+ upstream git.
3949+
3950+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Fri, 14 Feb 2014 18:20:03 -0600
3951+
3952+libvirt (1.2.1-0ubuntu8) trusty; urgency=medium
3953+
3954+ * Add uvtool image path to virt-aa-helper AppArmor profile.
3955+
3956+ -- Robie Basak <robie.basak@ubuntu.com> Fri, 14 Feb 2014 17:54:58 +0000
3957+
3958+libvirt (1.2.1-0ubuntu7) trusty; urgency=low
3959+
3960+ * debian/patches/nwfilter-locking.patch: Dropped causes ftbfs.
3961+
3962+ -- Chuck Short <zulcss@ubuntu.com> Thu, 13 Feb 2014 10:07:56 -0700
3963+
3964+libvirt (1.2.1-0ubuntu6) trusty; urgency=medium
3965+
3966+ * debian/control: Move pm-utils from suggests to Recommends.
3967+ (LP: #1274772)
3968+ * debian/patches/patches/nwfilter-locking.patch: Fix nwfilter locking
3969+ causing libvirt to crash. (LP: #1228977)
3970+
3971+ -- Chuck Short <zulcss@ubuntu.com> Thu, 06 Feb 2014 14:27:40 -0500
3972+
3973+libvirt (1.2.1-0ubuntu5) trusty; urgency=low
3974+
3975+ * cherry-pick "xen: fix parsing xend http response" from upstream
3976+ git to fix connecting to xex in xm/xend mode (LP: #915954)
3977+
3978+ -- Stefan Bader <stefan.bader@canonical.com> Thu, 30 Jan 2014 10:05:31 +0000
3979+
3980+libvirt (1.2.1-0ubuntu4) trusty; urgency=medium
3981+
3982+ * cherrypick d/p/9022-qemu-enable-host-passthrough-mode-for-aarch64 from
3983+ upstream git.
3984+
3985+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Tue, 28 Jan 2014 10:28:09 +0000
3986+
3987+libvirt (1.2.1-0ubuntu3) trusty; urgency=medium
3988+
3989+ * d/control: add nfs-common to build-deps (LP: #1264955)
3990+
3991+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Wed, 22 Jan 2014 08:56:01 -0600
3992+
3993+libvirt (1.2.1-0ubuntu2) trusty; urgency=medium
3994+
3995+ * debian/patches/rbd-storage-format.patch: Make image format 2 the default
3996+ for RBD.
3997+
3998+ -- Chuck Short <zulcss@ubuntu.com> Fri, 17 Jan 2014 10:31:37 -0500
3999+
4000+libvirt (1.2.1-0ubuntu1) trusty; urgency=medium
4001+
4002+ * New upstream release:
4003+ - Dropped patches:
4004+ + debian/patches/0001-libxl-Fix-devid-init-in-libxlMakeNicList.patch:
4005+ No longer needed
4006+ + debian/patches/0001-libxl-Fix-initialization-of-nictype-in-libxl_device_.patch:
4007+ No longer needed.
4008+
4009+ -- Chuck Short <zulcss@ubuntu.com> Thu, 16 Jan 2014 09:17:20 -0500
4010+
4011 libvirt (1.2.1~rc2-1) experimental; urgency=medium
4012
4013 * [e559e92] libvirt-bin.init: Fix typo in path when checking for systemd
4014@@ -2069,6 +5880,41 @@ libvirt (1.2.0-1) unstable; urgency=medium
4015
4016 -- Guido Günther <agx@sigxcpu.org> Wed, 18 Dec 2013 08:18:48 +0100
4017
4018+libvirt (1.2.0-0ubuntu3) trusty; urgency=medium
4019+
4020+ * debian/apparmor/usr.lib.libvirt.virt-aa-helper: add
4021+ /var/lib/nova/instances/snapshots/** r to allow virt-aa-helper to read
4022+ the snapshot directory to find images which VMs should be granted access
4023+ to. (LP: #1244694)
4024+
4025+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Thu, 09 Jan 2014 16:39:13 -0600
4026+
4027+libvirt (1.2.0-0ubuntu2) trusty; urgency=low
4028+
4029+ * Refresh/fix detection of xm/xl toolstack in use. The previous port
4030+ had two glitches, one of them causing the daemon to segfault.
4031+ * Cherry-pick "libxl: Fix initialization of nictype in libxl_device_nic"
4032+ from upstream to have the same default NIC choice with the libxl driver
4033+ as we had with the xen(d) driver (HVM guest uses a emulated rtl8139).
4034+ * Cherry-pick "libxl: Fix devid init in libxlMakeNicList" from upstream
4035+ to allow HVM guests to be brought up from the libxl driver.
4036+
4037+ -- Stefan Bader <stefan.bader@canonical.com> Thu, 09 Jan 2014 11:19:07 +0100
4038+
4039+libvirt (1.2.0-0ubuntu1) trusty; urgency=low
4040+
4041+ * New upstream release:
4042+ - Refreshed patches:
4043+ + debian/patches/storage-default-permission-mode-to-0711
4044+ - Dropped patches:
4045+ + debian/patches/util_use_w_flag_when_calling_iptables.patch
4046+ * debian/control, debian/rules, debian/python.mk,
4047+ debian/python-libvirt.install: python libvirt bindings have been
4048+ split out into its own source called libvirt-python.
4049+ * debian/libvirt-dev.install: Install API files into dev package
4050+
4051+ -- Chuck Short <zulcss@ubuntu.com> Mon, 02 Dec 2013 09:56:17 -0500
4052+
4053 libvirt (1.2.0~rc2-1) experimental; urgency=low
4054
4055 * [8bfdc7f] New upstream version 1.2.0~rc2
4056@@ -2109,6 +5955,78 @@ libvirt (1.1.4-1) unstable; urgency=low
4057
4058 -- Guido Günther <agx@sigxcpu.org> Mon, 04 Nov 2013 07:05:45 +0100
4059
4060+libvirt (1.1.4-0ubuntu5) trusty; urgency=medium
4061+
4062+ * Build using dh-autoreconf.
4063+ * Enable numa support on ppc64 and ppc64el.
4064+
4065+ -- Matthias Klose <doko@ubuntu.com> Sun, 22 Dec 2013 15:55:04 +0100
4066+
4067+libvirt (1.1.4-0ubuntu4) trusty; urgency=low
4068+
4069+ * debian/libvirt-dev.install: Add missing libvirt-lxc.so.
4070+
4071+ -- Chuck Short <zulcss@ubuntu.com> Thu, 21 Nov 2013 13:10:58 -0500
4072+
4073+libvirt (1.1.4-0ubuntu3) trusty; urgency=low
4074+
4075+ * d/p/accomodate-new-qemu-migration-status-setup.patch: work around
4076+ libvirt's not yet knowing of qemu's new migration state, 'setup'.
4077+ This can be removed when upstream libvirt has a proper patch. QRT
4078+ fails without this.
4079+
4080+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Thu, 14 Nov 2013 08:41:07 -0600
4081+
4082+libvirt (1.1.4-0ubuntu2) trusty; urgency=low
4083+
4084+ * debian/patches/9002-better_default_uri_virsh.patch: Update to fix the
4085+ FTBFS.
4086+
4087+ -- Chuck Short <zulcss@ubuntu.com> Wed, 13 Nov 2013 11:04:29 -0500
4088+
4089+libvirt (1.1.4-0ubuntu1) trusty; urgency=low
4090+
4091+ [ Chuck Short ]
4092+ * New upstream version:
4093+ - Rediffed patches:
4094+ + d/p/Don-t-enable-default-network-on-boot.patch
4095+ + d/p/ubuntu-xend-probe.patch
4096+ + d/p/Don-t-fail-if-we-can-t-setup-avahi.patch
4097+ + d/p/Disable-failing-virnetsockettest.patch
4098+ + d/p/Don-t-enable-default-network-on-boot.patch
4099+ - Dropped patches:
4100+ + d/p/v1.1.1-maint/0001-xen-fix-memory-corruption-in-legacy-driver.patch
4101+ + d/p/v1.1.1-maint/0002-qemu_migration-Don-t-error-on-tunelled-migration-wit.patch
4102+ + d/p/v1.1.1-maint/0003-build-fix-configure-detection-of-if_bridge.h-on-RHEL.patch
4103+ + d/p/v1.1.1-maint/0004-remote-Fix-a-segfault-in-remoteDomainCreateWithFlags.patch
4104+ + d/p/v1.1.1-maint/0005-Revert-build-fix-configure-detection-of-if_bridge.h-.patch
4105+ + d/p/v1.1.1-maint/0006-build-more-workarounds-for-if_bridge.h.patch
4106+ + d/p/v1.1.1-maint/0007-Fix-qemuProcessReadLog-with-non-zero-offset.patch
4107+ + d/p/v1.1.1-maint/0008-Reverse-logic-allowing-partial-DHCP-host-XML.patch
4108+ + d/p/v1.1.1-maint/0009-virsh-domain-Fix-memleak-in-cmdUndefine-with-storage.patch
4109+ + d/p/v1.1.1-maint/0010-virsh-domain-Fix-memleak-in-cmdCPUBaseline.patch
4110+ + d/p/v1.1.1-maint/0011-virbitmap-Refactor-virBitmapParse-to-avoid-access-be.patch
4111+ + d/p/CVE-2013-4296.patch
4112+ + d/p/CVE-2013-4311.patch
4113+ + d/p/CVE-2013-4297.patch
4114+ + d/p/fix-crash-in-libvirtd-when-events
4115+ + d/p/security-provide-supplemental-groups
4116+ + d/p/add-bounds-checking-on-virdomainmigrate
4117+ + d/p/xen-use-internal-interfaces-in-xendomainusedcpus
4118+ + d/p/fix-remote-client-segfault.patch
4119+ + d/p/ubuntu-xend-xmlcreate-double-free.patch
4120+ + d/p/9002-better_default_uri_virsh.patch
4121+
4122+ [ Serge Hallyn ]
4123+ * update and re-add d/p/9002-better_default_uri_virsh.patch. Also patch
4124+ new uri-precedence test, as we break it with this patch.
4125+ * add d/p/util_use_w_flag_when_calling_iptables.patch (LP: #1245322)
4126+ * debian/apparmor/libvirt-qemu: allow access to hugepages mounts
4127+ (LP: #1250216)
4128+ * debian/apparmor/libvirt-qemu: allow access to usb info (LP: #1245251)
4129+
4130+ -- Chuck Short <zulcss@ubuntu.com> Mon, 11 Nov 2013 11:03:06 -0500
4131+
4132 libvirt (1.1.4~rc2-1) experimental; urgency=low
4133
4134 * [b56f727] Add option to mount cgroups during daemon start. The init
4135@@ -2236,6 +6154,99 @@ libvirt (1.1.1-1) unstable; urgency=low
4136
4137 -- Guido Günther <agx@sigxcpu.org> Mon, 05 Aug 2013 11:31:05 +0200
4138
4139+libvirt (1.1.1-0ubuntu9) trusty; urgency=low
4140+
4141+ * debian/apparmor/usr.sbin.libvirtd: add audit_write capability
4142+ (LP: #1204616)
4143+
4144+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Wed, 23 Oct 2013 14:09:04 -0500
4145+
4146+libvirt (1.1.1-0ubuntu8) saucy; urgency=low
4147+
4148+ * SECURITY UPDATE: denial of service via invalid free in
4149+ virFileNBDDeviceAssociate.
4150+ - debian/patches/CVE-2013-4297.patch: properly initialize qemunbd in
4151+ src/util/virfile.c.
4152+ - CVE-2013-4297
4153+
4154+ -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Wed, 02 Oct 2013 13:35:14 -0400
4155+
4156+libvirt (1.1.1-0ubuntu7) saucy; urgency=low
4157+
4158+ * fix-crash-in-libvirtd-when-events: make sure to remove all event
4159+ callbacks when a client disconnects from libvirtd.
4160+
4161+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Wed, 02 Oct 2013 08:14:53 -0500
4162+
4163+libvirt (1.1.1-0ubuntu6) saucy; urgency=low
4164+
4165+ * SECURITY UPDATE: possible privilege escalation via pkcheck race.
4166+ - debian/patches/CVE-2013-4311.patch: add uid to pkcheck call in
4167+ configure.ac, daemon/remote.c, src/access/viraccessdriverpolkit.c,
4168+ src/rpc/virnetserverclient.c, src/util/viridentity.*.
4169+ - debian/rules: use DEB_AUTO_UPDATE_AUTOCONF and
4170+ DEB_AUTO_UPDATE_AUTOHEADER.
4171+ - debian/control: specify version of policykit-1 security update, add
4172+ libpolkit-gobject-1-dev to Build-Depends.
4173+ - CVE-2013-4311
4174+ * SECURITY UPDATE: denial of service in remoteDispatchDomainMemoryStats
4175+ - debian/patches/CVE-2013-4296.patch: properly initialize stats in
4176+ daemon/remote.c.
4177+ - CVE-2013-4296
4178+
4179+ -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Tue, 24 Sep 2013 19:25:55 -0400
4180+
4181+libvirt (1.1.1-0ubuntu5) saucy; urgency=low
4182+
4183+ * add-bounds-checking-on-virdomainmigrate: upstream patch for CVE-2013-4292
4184+ * security-provide-supplemental-groups: upstream patch for CVE-2013-4291
4185+
4186+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Mon, 09 Sep 2013 13:16:43 -0500
4187+
4188+libvirt (1.1.1-0ubuntu4) saucy; urgency=low
4189+
4190+ * apply all patches from v1.1.1-maint
4191+ * cherrypick xen-use-internal-interfaces-in-xendomainusedcpus from upstream
4192+ git.
4193+
4194+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Thu, 22 Aug 2013 10:57:20 -0500
4195+
4196+libvirt (1.1.1-0ubuntu3) saucy; urgency=low
4197+
4198+ * debian/apparmor/usr.sbin.libvirtd: Include the system bus abstraction in
4199+ the libvirtd AppArmor profile as libvirtd connects to the D-Bus system bus
4200+
4201+ -- Tyler Hicks <tyhicks@canonical.com> Tue, 20 Aug 2013 09:07:17 -0700
4202+
4203+libvirt (1.1.1-0ubuntu2) saucy; urgency=low
4204+
4205+ * debian/patches/fix-remote-client-segfault.patch: Fix segfault when
4206+ using a remote client.
4207+
4208+ -- Chuck Short <zulcss@ubuntu.com> Mon, 19 Aug 2013 10:33:08 -0400
4209+
4210+libvirt (1.1.1-0ubuntu1) saucy; urgency=low
4211+
4212+ [ Chuck Short ]
4213+ * New usptream version:
4214+ - Dropped:
4215+ + debian/patches/CVE-2013-2218-fix-crash-listing-network-interfaces-with-filters:
4216+ no longer needed.
4217+ + debian/patches/ubuntu-xen-hypervisor-4.3.patch: no longer needed.
4218+ + debian/patches/ubuntu-xen-fix-api-deadlocks.patch: no longer needed.
4219+ - Rediffed:
4220+ + debian/patches/Don-t-enable-default-network-on-boot.patch
4221+ + debian/patches/9005-increase-unix-socket-timeout.patch
4222+
4223+ [ Stefan Bader ]
4224+ * Add apparmor rights to call into /usr/lib/xen-common/bin/xen-toolstack
4225+ to figure out which one is active.
4226+ * debian/patches/ubuntu-xend-probe.patch: Fix failure to detect
4227+ whether Xen uses xm/xend toolstack or xl/libxl. Avoid running
4228+ "xend status" as we do not package that in a pbublic path.
4229+
4230+ -- Chuck Short <zulcss@ubuntu.com> Thu, 15 Aug 2013 17:23:21 +0000
4231+
4232 libvirt (1.1.0-4) unstable; urgency=low
4233
4234 * [22913a0] Skip tests on all architectures except for i386 and amd64 as we
4235@@ -2305,6 +6316,48 @@ libvirt (1.0.6-1) unstable; urgency=low
4236
4237 -- Guido Günther <agx@sigxcpu.org> Thu, 06 Jun 2013 15:27:52 +0200
4238
4239+libvirt (1.0.6-0ubuntu4) saucy; urgency=low
4240+
4241+ * ubuntu-xen-fix-api-deadlocks.patch (LP: #1191782)
4242+ Fix the deadlocks in the xen driver when doing a dumpxml for active
4243+ domains.
4244+ * ubuntu-libxl-qemu-nopath.patch
4245+ Create libxl configurations without paths for qemu-dm and hvmloader.
4246+ The Xen toolstack can figure this out.
4247+ * ubuntu-xen-hypervisor-4.3.patch
4248+ Update the xen driver to handle the new sysctl and domctl versions
4249+ in Xen-4.3.
4250+ * Add apparmor definitions to execute scripts in /etc/xen/scrips as
4251+ the libxl driver calls out to them (with the xen/xm driver this was
4252+ done by the xen toolstack and communication with that was through
4253+ a socket).
4254+
4255+ -- Stefan Bader <stefan.bader@canonical.com> Tue, 16 Jul 2013 10:59:11 +0200
4256+
4257+libvirt (1.0.6-0ubuntu3) saucy; urgency=low
4258+
4259+ * debian/apparmor/usr.lib.libvirt.virt-aa-helper: allow owner read of
4260+ @{PROC}/[0-9]*/status
4261+
4262+ -- Jamie Strandboge <jamie@ubuntu.com> Mon, 15 Jul 2013 10:28:42 -0500
4263+
4264+libvirt (1.0.6-0ubuntu2) saucy; urgency=low
4265+
4266+ * Apply CVE-2013-2218-fix-crash-listing-network-interfaces-with-filters.
4267+
4268+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Fri, 28 Jun 2013 13:13:20 -0500
4269+
4270+libvirt (1.0.6-0ubuntu1) saucy; urgency=low
4271+
4272+ * New upstream relase.
4273+ + Dropped patches:
4274+ - debian/patches/vnc-socket.patch: Dropped no longer needed.
4275+ - debian/patches/Add-sanitytest.py.patch: Dropped no longer needed.
4276+ * debian/libvirt-bin.postinst: Make sure qemu.conf isn't world readable
4277+ by default.
4278+
4279+ -- Chuck Short <zulcss@ubuntu.com> Mon, 03 Jun 2013 11:27:02 -0500
4280+
4281 libvirt (1.0.5-3) unstable; urgency=low
4282
4283 * Upload to unstable (Closes: #709216, #705205)
4284@@ -2334,6 +6387,25 @@ libvirt (1.0.5-1) experimental; urgency=low
4285
4286 -- Guido Günther <agx@sigxcpu.org> Thu, 02 May 2013 21:34:32 +0200
4287
4288+libvirt (1.0.5-0ubuntu1) saucy; urgency=low
4289+
4290+ * New upstream release:
4291+ + Dropped patches:
4292+ - debian/patches/fix-virterror-namechange
4293+ - debian/patches/apparmor-use-apparmor-setfdlabel
4294+ - debian/patches/prevent-lxc-shutdown-host.patch
4295+ - debian/patches/apparmor-no-need-to-check-security-model
4296+ - debian/patches/nonblock-fix.patch
4297+ + Refreshed patches:
4298+ - debian/patches/9002-better_default_uri_virsh.patch
4299+ - debian/patches/enable-kvm-spice.patch
4300+ - debian/patches/patch-qemuMonitorTextGetMigrationStatus-to-intercept.patch
4301+ * debian/patches/Add-sanitytest.py.patch: Add patch to fix missing sanitytest.py
4302+ when building the testsuite.
4303+ * debian/libvirt-dev.install: dont't ship files for static linking.
4304+
4305+ -- Chuck Short <zulcss@ubuntu.com> Thu, 02 May 2013 10:21:49 -0500
4306+
4307 libvirt (1.0.5~rc1-1) experimental; urgency=low
4308
4309 * [c2302f5] Dont' fail with aug-tools installed.
4310@@ -2409,6 +6481,122 @@ libvirt (1.0.2-1) experimental; urgency=low
4311
4312 -- Guido Günther <agx@sigxcpu.org> Wed, 30 Jan 2013 21:06:02 +0100
4313
4314+libvirt (1.0.2-0ubuntu12) saucy; urgency=low
4315+
4316+ * debian/libvirt-bin.{dirs,install}: install dnsmasq.d-available/libvirt-bin
4317+ (LP: #1113821)
4318+
4319+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Mon, 29 Apr 2013 07:38:07 -0500
4320+
4321+libvirt (1.0.2-0ubuntu11) raring; urgency=low
4322+
4323+ * debian/patches/nonblock-fix.patch: cherrypicked upstream patch to
4324+ not mark qemu migration fd non-blocking. This fixes tcp live
4325+ migration. (LP: #1157626)
4326+
4327+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Thu, 18 Apr 2013 10:43:26 -0500
4328+
4329+libvirt (1.0.2-0ubuntu10) raring; urgency=low
4330+
4331+ * Add code to postinst to fix any double-migration of /etc/dnsmasq.
4332+ (LP: #1157332)
4333+
4334+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Thu, 28 Mar 2013 09:11:04 -0500
4335+
4336+libvirt (1.0.2-0ubuntu9) raring; urgency=low
4337+
4338+ * debian/patches/prevent-lxc-shutdown-host.patch: Backport fix
4339+ from upstream to prevent lxc-containets shutting down the host.
4340+
4341+ -- Chuck Short <zulcss@ubuntu.com> Mon, 25 Mar 2013 09:28:47 -0500
4342+
4343+libvirt (1.0.2-0ubuntu8b1) raring; urgency=low
4344+
4345+ * No-change rebuild against libudev1
4346+
4347+ -- Martin Pitt <martin.pitt@ubuntu.com> Wed, 13 Mar 2013 07:02:03 +0000
4348+
4349+libvirt (1.0.2-0ubuntu8) raring; urgency=low
4350+
4351+ * put libvirt-bin dnsmasq file into /etc/dnsmasq.d-available, and
4352+ create a symlink in /etc/dnsmasq.d, to avoid problems when removing
4353+ and re-installing libvirt-bin. (LP: #1113821)
4354+
4355+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Tue, 26 Feb 2013 12:09:37 -0600
4356+
4357+libvirt (1.0.2-0ubuntu7) raring; urgency=low
4358+
4359+ * libvirt-bin.postinst: also put admin group members into the libvirtd
4360+ group, to support systems installed before precise. (LP: #1124127)
4361+ * libvirt-bin.postinst: use getent group instead of grep /etc/group
4362+ * rules: pass path to collie to enable sheepdog backend (LP: #1129107)
4363+ * control, rules: enable building against libaudit, which is in main.
4364+
4365+ -- Adam Conrad <adconrad@ubuntu.com> Wed, 20 Feb 2013 15:50:47 -0700
4366+
4367+libvirt (1.0.2-0ubuntu6) raring; urgency=low
4368+
4369+ * Really refresh debian/patches/fix-ubuntu-xen-qemu-dm-path.patch and
4370+ not only claim to and disable it.
4371+
4372+ -- Stefan Bader <stefan.bader@canonical.com> Tue, 19 Feb 2013 15:00:27 +0100
4373+
4374+libvirt (1.0.2-0ubuntu5) raring; urgency=low
4375+
4376+ * debian/apparmor/libvirt-qemu: allow qemu read access to
4377+ @{PROC}/sys/vm/overcommit_memory
4378+
4379+ -- Jamie Strandboge <jamie@ubuntu.com> Thu, 14 Feb 2013 10:12:40 -0600
4380+
4381+libvirt (1.0.2-0ubuntu4) raring; urgency=low
4382+
4383+ * Update Readme.Debian
4384+ - we use libvirtd, not libvirt group (LP: #1095140)
4385+ - we add users from sudo, not admin group, to libvirtd.
4386+ * libvirt-bin.postinst: put users from sudo, not admin group, into group
4387+ libvirtd. (LP: #1124127)
4388+
4389+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Wed, 13 Feb 2013 09:47:58 -0600
4390+
4391+libvirt (1.0.2-0ubuntu3) raring; urgency=low
4392+
4393+ * libvirt-bin.postrm: only remove /etc/dnsmasq.d/libvirt-bin during
4394+ remove. (LP: #1113821)
4395+
4396+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Mon, 04 Feb 2013 10:35:47 -0600
4397+
4398+libvirt (1.0.2-0ubuntu2) raring; urgency=low
4399+
4400+ * debian/patches/fix-virterror-namechange: Include virterror otherwise
4401+ python-libvirt wont be able to find any error codes.
4402+
4403+ -- Chuck Short <zulcss@ubuntu.com> Fri, 01 Feb 2013 13:10:58 -0600
4404+
4405+libvirt (1.0.2-0ubuntu1) raring; urgency=low
4406+
4407+ [ Chuck Short ]
4408+ * New upstream release:
4409+ + Dropped patches:
4410+ - debian/patches/Add_RESUME_event_listener_to_qemu_monitor.patch
4411+ - debian/patches/build-work-around-broken-kernel-header.patch
4412+ - debian/patches/bridge-fix-persistent-networks.patch
4413+ - debian/patches/CVE-2013-0170.patch
4414+ - debian/patches/qemu-relax-hard-rss-limit.patch
4415+ - debian/patches/9003-better-default-arch.patch
4416+ + Refreshed patches:
4417+ - debian/patches/fix-ubuntu-xen-qemu-dm-path.patch
4418+ - debian/patches/Reduce-udevadm-settle-timeout-to-10-seconds.patch
4419+ - debian/patches/9021-fix-uint64_t.patch
4420+ - debian/patches/9020-lp545795.patch
4421+ - debian/patches/Don-t-fail-if-we-can-t-setup-avahi.patch
4422+ + debian/libvirt0.install: Add libvirt-lxc.so.*
4423+
4424+ [ Serge Hallyn ]
4425+ * debian/patches/fix-virterror-namechange: fix unfinished name change
4426+ causing errors in generated libvirt.py.
4427+
4428+ -- Chuck Short <zulcss@ubuntu.com> Wed, 30 Jan 2013 09:04:38 -0600
4429+
4430 libvirt (1.0.2~rc1-1) experimental; urgency=low
4431
4432 * [5ce607c] Make python-libvirt depend on the exact same libvirt0 version
4433@@ -2452,6 +6640,42 @@ libvirt (1.0.1-1) experimental; urgency=low
4434
4435 -- Guido Günther <agx@sigxcpu.org> Sun, 23 Dec 2012 12:28:01 +0100
4436
4437+libvirt (1.0.1-0ubuntu4) raring; urgency=low
4438+
4439+ * SECURITY UPDATE: denial of service and possible code execution via
4440+ uninitialized pointer
4441+ - debian/patches/CVE-2013-0170.patch: remove message from queue before
4442+ freeing in src/rpc/virnetserverclient.c.
4443+ - CVE-2013-0170
4444+
4445+ -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Tue, 29 Jan 2013 15:19:54 -0500
4446+
4447+libvirt (1.0.1-0ubuntu3) raring; urgency=low
4448+
4449+ * debian/apparmor/libvirt-qemu: add /usr/share/ovmf/** r (LP: #1074207)
4450+
4451+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Tue, 29 Jan 2013 11:55:19 -0600
4452+
4453+libvirt (1.0.1-0ubuntu2) raring; urgency=low
4454+
4455+ * add qemu-relax-hard-rss-limit.rss to avoid OOM kills (LP: #1102290)
4456+ * debian/rules: replace --without-vbox with --with-vbox (LP: #1103721)
4457+
4458+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Thu, 24 Jan 2013 13:00:48 -0600
4459+
4460+libvirt (1.0.1-0ubuntu1) raring; urgency=low
4461+
4462+ * New upstream version. (LP: #1102487)
4463+ + Dropped apparmor-allow-hugepages
4464+ + update dnsmasq-as-priv-user, upstream now uses a configuration file.
4465+ + swap Add_RESUME_event_listener_to_qemu_monitor.patch from git tree for
4466+ the backported handle_resume_1.0.0-0ubuntu4.patch.
4467+ + rebuild debian/patches/build-work-around-broken-kernel-header
4468+ + add bridge-fix-persistent-networks.patch from upstream to fix bug
4469+ where new networks are not marked persistent.
4470+
4471+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Wed, 23 Jan 2013 13:24:30 -0600
4472+
4473 libvirt (1.0.1~rc1-1) experimental; urgency=low
4474
4475 * [dca42fb] Rely on DBus activation for hal (Closes: #694020)
4476@@ -2471,6 +6695,70 @@ libvirt (1.0.0-1) experimental; urgency=low
4477
4478 -- Guido Günther <agx@sigxcpu.org> Tue, 06 Nov 2012 20:59:48 +0100
4479
4480+libvirt (1.0.0-0ubuntu5) raring; urgency=low
4481+
4482+ * handle_resume_1.0.0-0ubuntu4.patch: Add RESUME event listener to qemu
4483+ monitor (LP: #1097824)
4484+ * build-work-around-broken-kernel-header: work around FTBFS due to a
4485+ broken linux/if_bridge.h.
4486+
4487+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Wed, 16 Jan 2013 09:15:20 -0600
4488+
4489+libvirt (1.0.0-0ubuntu4) raring; urgency=low
4490+
4491+ * debian/patches/apparmor-allow-hugepages: update apparmor policies to
4492+ allow use of hugepages. (LP: #646468)
4493+ * debian/patches/vnc-socket.patch: If a vnc socket is in use, add it's
4494+ path to the apparmor policy. (LP: #1069534)
4495+
4496+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Wed, 05 Dec 2012 16:43:04 -0600
4497+
4498+libvirt (1.0.0-0ubuntu3) raring; urgency=low
4499+
4500+ * libvirt-bin.postinst: on first install, don't autostart virbr0 if
4501+ 192.168.122.0 already is in use. On upgrade, always autostart
4502+ virbr0 if and only if it was autostarted before the upgrade.
4503+
4504+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Tue, 27 Nov 2012 00:25:11 -0600
4505+
4506+libvirt (1.0.0-0ubuntu2) raring; urgency=low
4507+
4508+ * debian/patches/add-armhf-sysinfo-infomration.patch: Disable
4509+ to fix FTBFS on arm.
4510+
4511+ -- Chuck Short <zulcss@ubuntu.com> Mon, 19 Nov 2012 10:41:02 -0600
4512+
4513+libvirt (1.0.0-0ubuntu1) raring; urgency=low
4514+
4515+ [ Chuck Short ]
4516+ * New upstream version:
4517+ + droppped:
4518+ - debian/patches/CVE-2012-3445.patch
4519+ - debian/patches/fix-cve-2012-4423
4520+ - debian/patches/lp1039678.patch
4521+ - debian/patches/add-libvirt-highbank-support.patch
4522+ - debian/patches/add-armhf-cpuinfo-parser.patch
4523+ - debian/patches/fix-lxc-container-unmounting.patch
4524+ - debian/patches/libnl3-build-fix.patch
4525+ - debian/patches/Don-t-require-gawk-for-a-simple-print-expression.patch
4526+ - debian/patches/virsh-Initialize-library-before-calling-virResetLast.patch
4527+ - debian/patches/qemu-warn-on-pc-0.12.patch
4528+ - debian/patches/storage-default-pool-permission-mode-to-0755
4529+ - debian/patches/netcf-daemon-fix-wrong-macro-name
4530+ - debian/patches/xen_hypervisor-treat-missing-privcmd-file-as-temporary.patch
4531+ + Re-diffed:
4532+ - debian/patches/9002-better_default_uri_virsh.patch
4533+ - debian/patches/dnsmasq-as-priv-user
4534+ - debian/patches/enable-kvm-spice.patch
4535+ + debian/control, debian/rules: Turn on rbd pool storage.
4536+
4537+ [ Serge Hallyn ]
4538+ * Add patches to fix apparmor labeling issue at VM start:
4539+ - apparmor-no-need-to-check-security-model
4540+ - apparmor-use-apparmor-setfdlabel
4541+
4542+ -- Chuck Short <zulcss@ubuntu.com> Mon, 12 Nov 2012 07:50:44 -0600
4543+
4544 libvirt (1.0.0~rc3-1) experimental; urgency=low
4545
4546 * [d3d06ad] New upstream version 1.0.0~rc3
4547@@ -2596,6 +6884,119 @@ libvirt (0.9.13-1) experimental; urgency=low
4548
4549 -- Guido Günther <agx@sigxcpu.org> Wed, 01 Aug 2012 13:14:30 +0200
4550
4551+libvirt (0.9.13-0ubuntu12) quantal; urgency=low
4552+
4553+ * Refresh fix-ubuntu-xen-qemu-dm-path.patch to only use executable
4554+ names and let the toolchain find out the right paths (LP: #914788).
4555+ Thanks George Dunlap.
4556+ * Refresh and re-activate xen_hypervisor-treat-missing-privcmd-file-
4557+ as-temporary.patch (LP: #922486)
4558+
4559+ -- Stefan Bader <stefan.bader@canonical.com> Fri, 05 Oct 2012 11:35:43 +0200
4560+
4561+libvirt (0.9.13-0ubuntu11) quantal-proposed; urgency=low
4562+
4563+ * SECURITY UPDATE: denial of service via invalid RPC command
4564+ - debian/patches/CVE-2012-3445.patch: make sure nparams isn't set to
4565+ zero in daemon/remote.c.
4566+ - CVE-2012-3445
4567+
4568+ -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Wed, 26 Sep 2012 11:49:45 -0400
4569+
4570+libvirt (0.9.13-0ubuntu10) quantal; urgency=high
4571+
4572+ * apply fix-cve-2012-4423 from upstream to prevent potential daemon
4573+ segfaults with newer virsh.
4574+ - Fixes: CVE-2012-4423.
4575+
4576+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Fri, 14 Sep 2012 11:05:40 -0500
4577+
4578+libvirt (0.9.13-0ubuntu9) quantal; urgency=low
4579+
4580+ * debian/patches/lp1039678.patch: fix segfault in 'snapshot-list'
4581+ - LP: #1039678
4582+
4583+ -- Jamie Strandboge <jamie@ubuntu.com> Tue, 21 Aug 2012 13:59:34 -0500
4584+
4585+libvirt (0.9.13-0ubuntu8) quantal-proposed; urgency=low
4586+
4587+ * debian/libvirt-bin.apport: add filter on AppArmor profile names to
4588+ prevent false positives from denials originating in other packages.
4589+
4590+ -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Mon, 20 Aug 2012 10:49:17 -0400
4591+
4592+libvirt (0.9.13-0ubuntu7) quantal; urgency=low
4593+
4594+ * debian/apparmor/libvirt-qemu: allow owner read access to @{PROC}/*/auxv
4595+
4596+ -- Jamie Strandboge <jamie@ubuntu.com> Tue, 14 Aug 2012 16:44:30 -0500
4597+
4598+libvirt (0.9.13-0ubuntu6) quantal; urgency=low
4599+
4600+ * enable netcf support (LP: #520386)
4601+ - debian/control: build-dep on libnetcf-dev
4602+ - debian/rules: add --with-netcf to configure args
4603+ * add patch netcf-daemon-fix-wrong-macro-name from upstream so netcf support
4604+ can actually work.
4605+
4606+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Wed, 08 Aug 2012 07:54:16 -0500
4607+
4608+libvirt (0.9.13-0ubuntu5) quantal; urgency=low
4609+
4610+ * add patch Reduce-udevadm-settle-timeout-to-10-seconds.patch (copied from
4611+ Debian tree) to fix 3 minute hang during pool-refresh when using LVM
4612+ backed pools. (LP: #1027987)
4613+ * debian/control: add pm-utils to libvirt-bin Suggests. (LP: #994476)
4614+
4615+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Thu, 26 Jul 2012 11:05:18 -0500
4616+
4617+libvirt (0.9.13-0ubuntu4) quantal; urgency=low
4618+
4619+ * debian/patches/add-armhf-sysinfo-infomration.patch:
4620+ Provides cpuinfo for armhf cpus.
4621+ * debian/patches/add-armhf-cpuinfo-parser.patch:
4622+ Fixes compile time warning about armhf cpus.
4623+
4624+ -- Chuck Short <zulcss@ubuntu.com> Thu, 19 Jul 2012 14:54:47 -0500
4625+
4626+libvirt (0.9.13-0ubuntu3) quantal; urgency=low
4627+
4628+ * debian/apparmor/libvirt-qemu: add ceph.conf (LP: #1026404)
4629+ * debian/patches: re-add 9002-better_default_uri_virsh.patch (LP: #1026515)
4630+
4631+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Thu, 19 Jul 2012 07:58:39 -0500
4632+
4633+libvirt (0.9.13-0ubuntu2) quantal; urgency=low
4634+
4635+ * Apply upstream patch to switch default storage pool dir perms from 0700
4636+ to 0755. Then push our own patch to change that to 0711. We'll get the
4637+ upstream patch on 0.9.14 merge, but we'll want to keep our patch on top
4638+ of that.
4639+
4640+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Mon, 16 Jul 2012 18:06:43 +0000
4641+
4642+libvirt (0.9.13-0ubuntu1) quantal; urgency=low
4643+
4644+ * New upstream version:
4645+ * debian/rules: Remove .la files
4646+ * debian/control: Dropped debian vcs info.
4647+ * Dropped:
4648+ - debian/paches/9022-pass-the-virt-driver-name-into-security-drivers:
4649+ Already applied upstream.
4650+ - debian/patches/9023-dont-enable-apparmor-driver-with-lxc
4651+ Already applied upstream.
4652+ - debian/patches/9024-initialize-random-generator-in-lxc:
4653+ Already applied upstream.
4654+ * Re-diffed:
4655+ - debian/patches/9002-better_default_uri_virsh.patch
4656+ * Added:
4657+ - debian/patches/add-libvirt-highbank-support.patch: Add highbank
4658+ CPU detection support.
4659+ - debian/patches/fix-lxc-container-unmounting.patch: Fix container
4660+ mounting.
4661+
4662+ -- Chuck Short <zulcss@ubuntu.com> Wed, 11 Jul 2012 12:37:49 -0500
4663+
4664 libvirt (0.9.13~rc2-1) experimental; urgency=low
4665
4666 * [505f873] New upstream version 0.9.13~rc2
4667@@ -2643,7 +7044,6 @@ libvirt (0.9.12-4) unstable; urgency=low
4668
4669 -- Guido Günther <agx@sigxcpu.org> Wed, 01 Aug 2012 21:12:13 +0200
4670
4671-
4672 libvirt (0.9.12-3) unstable; urgency=low
4673
4674 * [6b610b6] Include stdint.h for uint32_t to fix the build on kFreeBSD
4675@@ -2667,6 +7067,83 @@ libvirt (0.9.12-1) experimental; urgency=low
4676
4677 -- Guido Günther <agx@sigxcpu.org> Tue, 15 May 2012 14:31:26 +0200
4678
4679+libvirt (0.9.12-0ubuntu5) quantal; urgency=low
4680+
4681+ * 9024-initialize-random-generator-in-lxc: invoke virRandomInitialize()
4682+ to prevent segfaults when lxc uses virRandomBits(). (LP: #1023205)
4683+
4684+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Wed, 11 Jul 2012 07:59:03 -0500
4685+
4686+libvirt (0.9.12-0ubuntu4) quantal; urgency=low
4687+
4688+ * 9022-pass-the-virt-driver-name-into-security-drivers and
4689+ 9023-dont-enable-apparmor-driver-with-lxc: fix libvirt-lxc breakages
4690+ due to incomplete apparmor security driver for lxc.
4691+
4692+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Fri, 29 Jun 2012 18:15:04 -0500
4693+
4694+libvirt (0.9.12-0ubuntu3) quantal; urgency=low
4695+
4696+ * install apport hook as right name - libvirt-bin is the binary package,
4697+ the source package name is libvirt. (LP: #1007405)
4698+ * install /etc/dnsmasq.d/libvirt to configure system wide dnsmasq to not
4699+ listen on the libvirt bridge. (Following Stéphane's lxc example)
4700+ (LP: #928524) (LP: #231060)
4701+ - postinst: restart dnsmasq; postrm: remove dnsmasq.d/libvirt file and
4702+ restart dnsmasq; rules, libvirt-bin.dirs and libvirt-bin.install:
4703+ install new debian/libvirt-bin.dnsmasq file.
4704+
4705+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Fri, 01 Jun 2012 09:36:58 -0500
4706+
4707+libvirt (0.9.12-0ubuntu2) quantal; urgency=low
4708+
4709+ * Warn user about bad pc-0.12 machine type, and help user transition.
4710+ (LP: #1001625)
4711+ - qemu-warn-on-pc-0.12.patch: When defining or starting a VM which uses the
4712+ pc-0.12 machine type, warn in libvirtd.log.
4713+ - debian/libvirt-migrate-qemu-machinetype: automatically migrate QEMU VMs
4714+ to newest machine type. This is not done automatically as there will
4715+ be some users who have good reason to stay with pc-0.12.
4716+
4717+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Mon, 28 May 2012 17:48:50 +0000
4718+
4719+libvirt (0.9.12-0ubuntu1) quantal; urgency=low
4720+
4721+ * New upstream version:
4722+ * Synchronize with debian packaging:
4723+ - debian/control: Update build depends.
4724+ - debian/libvirt-bin.postrm: Cleanup /var/log/libvirt
4725+ on purge.
4726+ - Bump standards verson (no changes).
4727+ - debian/patches/Don-t-fail-if-we-can-t-setup-avahi.patch: Added
4728+ * Dropped patches:
4729+ - debian/patches/Debianize-libvirt-guests.patch
4730+ - debian/patches/rewrite-lxc-controller-eof-handling-yet-again
4731+ - debian/patches/ubuntu/libnl13.patch
4732+ - debian/patches/ubuntu/fix-lxc-startup-error.patch
4733+ - debian/patches/ubuntu/fix-bridge-fd.patch
4734+ - debian/patches/ubuntu/skip-labelling-network-disks.patch
4735+ - debian/patches/ubuntu/xen-xend-shutdown-detection.patch
4736+ - debian/patches/ubuntu/xen-config-no-vfb-for-hvm.patch
4737+ - debian/patches/debian/Disable-daemon-start-test.patch
4738+ - debian/patches/debian/Disable-gnulib-s-test-nonplocking-pipe.sh.patch
4739+ - debian/patches/ubuntu/9006-default-config-test-case.patch
4740+ - debian/patches/fix-block-migration.patch
4741+ - debian/patches/ubuntu/9022-qemu-unescape-HMP-commands-before-converting-them-to.patch
4742+ - debian/patches/ubuntu/9023-qemu-change-rbd-auth_supported-separation-character-.patch
4743+ - debian/patches/ubuntu/9024-qemu-allow-snapshotting-of-sheepdog-and-rbd-disks.patch
4744+ - debian/patches/9025-qemu-change-rbd-auth_supported-separation-character-.patch
4745+ - debian/patches/ubuntu/arm-gcc-workaround.patch
4746+ * Rediffed:
4747+ - debian/patches/Allow-libvirt-group-to-access-the-socket.patch
4748+ - debian/patches/Disable-failing-virnetsockettest.patch
4749+ - debian/patches/dnsmasq-as-priv-user
4750+ - debian/patches/9002-better_default_uri_virsh.patch
4751+ * debian/control: Add libnl-route-3-dev ass a build depends.
4752+ * debian/patches/libnl3-build-fix.patch: Fix build with libnl3.
4753+
4754+ -- Chuck Short <zulcss@ubuntu.com> Sun, 13 May 2012 15:44:12 -0400
4755+
4756 libvirt (0.9.12~rc2-1) experimental; urgency=low
4757
4758 * [721a2d8] New upstream version 0.9.12~rc2
4759@@ -2767,6 +7244,259 @@ libvirt (0.9.9-1) experimental; urgency=low
4760
4761 -- Guido Günther <agx@sigxcpu.org> Tue, 10 Jan 2012 13:40:41 +0100
4762
4763+libvirt (0.9.8-2ubuntu18) quantal; urgency=low
4764+
4765+ * debian/apparmor/usr.sbin.libvirtd: allow execution of /lib/udev/scsi_id
4766+ (LP: #992378)
4767+
4768+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Wed, 02 May 2012 14:02:32 -0500
4769+
4770+libvirt (0.9.8-2ubuntu17) precise; urgency=low
4771+
4772+ * debian/apparmor/usr.lib.libvirt.virt-aa-helper: add /**.qed r so qed
4773+ drives in non-standard locations can be used. (LP: #981571)
4774+
4775+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Mon, 16 Apr 2012 11:30:47 -0500
4776+
4777+libvirt (0.9.8-2ubuntu16) precise; urgency=low
4778+
4779+ [ Serge Hallyn ]
4780+ * Apply patches from Josh Durgin <josh.durgin@dreamhost.com> to make
4781+ attaching rbd volumes and taking snapshots of them work.
4782+ - ubuntu/9022-qemu-unescape-HMP-commands-before-converting-them-to.patch
4783+ - ubuntu/9023-qemu-change-rbd-auth_supported-separation-character-.patch
4784+ - ubuntu/9024-qemu-allow-snapshotting-of-sheepdog-and-rbd-disks.patch
4785+ - ubuntu/9025-qemu-change-rbd-auth_supported-separation-character-.patch
4786+
4787+ [ Stefan Bader ]
4788+ * Do not use vfb sections in HVM graphics definitions (side-
4789+ effect will create a vkbd device as well which causes error
4790+ messages in the HVM guest). (LP: #973529)
4791+
4792+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Thu, 05 Apr 2012 11:43:15 -0500
4793+
4794+libvirt (0.9.8-2ubuntu15) precise; urgency=low
4795+
4796+ [ Stefan Bader ]
4797+ * Use domain/status to check for inactive domains in the xend sub-
4798+ driver. (LP: #929626)
4799+ * Prevent the hypervisor sub-driver from logging an internal error
4800+ just because it cannot find a certain domain when looking for
4801+ the number of vcpus. (LP: #963006)
4802+
4803+ -- Stefan Bader <stefan.bader@canonical.com> Fri, 23 Mar 2012 11:38:24 +0100
4804+
4805+libvirt (0.9.8-2ubuntu14) precise; urgency=low
4806+
4807+ * re-enable numa (undo delta against debian) (LP: #614322):
4808+ - debian/control: remove from dependencies
4809+ - debian/rules: turn it off
4810+
4811+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Tue, 13 Mar 2012 11:25:53 -0500
4812+
4813+libvirt (0.9.8-2ubuntu13) precise; urgency=low
4814+
4815+ * ubuntu/skip-labelling-network-disks.patch: don't try to label network
4816+ drives with apparmor. It fails. (LP: #949428)
4817+
4818+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Mon, 12 Mar 2012 14:20:05 -0500
4819+
4820+libvirt (0.9.8-2ubuntu12) precise; urgency=low
4821+
4822+ [ Stefan Bader ]
4823+ * Never use type=ioemu for NIC definitions. It is not needed
4824+ and actually breaks the paravirt interface which always gets
4825+ created in parallel.
4826+
4827+ -- Stefan Bader <stefan.bader@canonical.com> Wed, 07 Mar 2012 15:08:55 +0100
4828+
4829+libvirt (0.9.8-2ubuntu11) precise; urgency=low
4830+
4831+ [ Serge Hallyn ]
4832+ * run dnsmasq as a new libvirt-dnsmasq user (LP: #938255)
4833+ - ubuntu/dnsmasq-as-priv-user: add '-u libvirt-dnsmasq' to dnsmasq args
4834+ - debian/libvirt-bin.postinst: create libvirt-dnsmasq user
4835+ - tests/networkxml2argvdata/*.argv: update expected dnsmasq command lines
4836+ to include '-u libvirt-dnsmasq'.
4837+
4838+ [ Chuck Short ]
4839+ * cherry-pick rewrite-lxc-controller-eof-handling-yet-again (commit
4840+ 9130396214975ba2251082f943c9717281039050) from upstream.
4841+
4842+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Fri, 02 Mar 2012 08:49:41 -0600
4843+
4844+libvirt (0.9.8-2ubuntu10) precise; urgency=low
4845+
4846+ * debian/control: add libgcrypt11-dev to build-depends (LP: #932889)
4847+
4848+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Wed, 15 Feb 2012 13:13:09 -0600
4849+
4850+libvirt (0.9.8-2ubuntu9) precise; urgency=low
4851+
4852+ [ Stefan Bader ]
4853+ * xen_hypervisor: libvirtd can be started before xenfs has been loaded
4854+ as a module. A missing privcmd file is not necessarily a permanent
4855+ error. (LP: #922486)
4856+
4857+ [ Serge Hallyn ]
4858+ * debian/libvirt-bin.upstart: start on just 'runlevel [2345]'
4859+
4860+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Wed, 08 Feb 2012 11:20:35 -0600
4861+
4862+libvirt (0.9.8-2ubuntu8) precise; urgency=low
4863+
4864+ * ubuntu/fix-bridge-fd.patch: cherrypick commit
4865+ 2d5046d31f4f5c961fc4aa6b415a00bb9eadae2b from upstream to write the
4866+ bridge delay to the right file. (LP: #924446)
4867+
4868+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Wed, 01 Feb 2012 11:13:23 -0600
4869+
4870+libvirt (0.9.8-2ubuntu7) precise; urgency=low
4871+
4872+ [ David weber ]
4873+ * debian/patches/fix-block-migration.patch: Fix block-migration for large images.
4874+
4875+ [ Guilhem Lettron ]
4876+ * debian/apparmor/libvirt-qemu: add apparmor rule for mavtap (LP: #921870)
4877+
4878+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Thu, 26 Jan 2012 11:22:04 -0600
4879+
4880+libvirt (0.9.8-2ubuntu6) precise; urgency=low
4881+
4882+ * debian/patches/fix-lxc-startup-error.patch: Fix lxc start up error.
4883+ (LP: #921004)
4884+
4885+ -- Chuck Short <zulcss@ubuntu.com> Tue, 24 Jan 2012 10:05:29 -0500
4886+
4887+libvirt (0.9.8-2ubuntu5) precise; urgency=low
4888+
4889+ * debian/libvirt-bin.postinst: even if we think it's a new install, don't
4890+ assume that /etc/libvirt/qemu/networks/autostart/default.xml doesn't
4891+ exist.
4892+
4893+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Mon, 23 Jan 2012 12:43:02 -0600
4894+
4895+libvirt (0.9.8-2ubuntu4) precise; urgency=low
4896+
4897+ * debian/patches/fix-ubuntu-xen-qemu-dm-patch.patch:
4898+ Update patch due to failing tests.
4899+
4900+ -- Chuck Short <zulcss@ubuntu.com> Fri, 20 Jan 2012 16:05:45 -0500
4901+
4902+libvirt (0.9.8-2ubuntu3) precise; urgency=low
4903+
4904+ * debian/control: add dbus to libvirt-bin depends. It fails to start
4905+ otherwise. (LP: #918343)
4906+
4907+ -- Serge Hallyn <serge.hallyn@ubuntu.com> Thu, 19 Jan 2012 16:11:44 -0600
4908+
4909+libvirt (0.9.8-2ubuntu2) precise; urgency=low
4910+
4911+ * debian/patches/fix-ubuntu-xen-qemu-dm-path.patch:
4912+ Fix qemu-dm paths so Xen can be used with libvirt.
4913+ (LP: #914788)
4914+
4915+ -- Chuck Short <zulcss@ubuntu.com> Wed, 18 Jan 2012 14:31:27 -0500
4916+
4917+libvirt (0.9.8-2ubuntu1) precise; urgency=low
4918+
4919+ * Merge from Debian Unstable, remaining changes are:
4920+ - debian/control:
4921+ * set X-Python-Version to 2.7, as 2.6 is not in oneiric.
4922+ * set ubuntu maintainer
4923+ * Build-Depends:
4924+ - swap open-iscsi to open-iscsi-utils
4925+ - remove virtualbox-ose
4926+ - add libapparmor-dev
4927+ - swap libnl-dev for libnl3-dev
4928+ * convert Vcs-Git to Xs-Debian-Vcs-Git
4929+ * libvirt-bin Depends: move netcat-openbsd, bridge-utils, dnsmasq-base
4930+ (>= 2.46-1), and iptables from Recommends to Depends
4931+ * libvirt-bin Recommends: move qemu to Suggests
4932+ * libvirt-bin Suggests: add apparmor
4933+ * libvirt0 Recommends: move lvm2 to Suggests
4934+ * Install cgroup-lite
4935+ - keep debian/libvirt-bin.apport
4936+ - keep debian/libvirt-bin.cron.daily
4937+ - debian/libvirt-bin.dirs:
4938+ * add apparmor, cron.daily, and apport dirs
4939+ - debian/libvirt-bin.examples:
4940+ * add debian/libvirt-suspendonreboot
4941+ - debian/libvirt-bin.install:
4942+ * add /etc/apparmor.d files
4943+ * add apport hook
4944+ - debian/libvirt-bin.postinst:
4945+ * replace libvirt groupname with libvirtd
4946+ * add each admin user to libvirtd group
4947+ * call apparmor_parser on usr.sbin.libvirtd and
4948+ usr.lib.libvirt.virt-aa-helper
4949+ * call 'libvirt-migrate-qemu-disks -a' after
4950+ libvirt-bin has started if migrating from
4951+ older than 0.8.3-1ubuntu1
4952+ - debian/libvirt-bin.postrm:
4953+ * replace libvirt groupname with libvirtd
4954+ * remove usr.sbin.libvirtd and
4955+ usr.lib.libvirt.virt-aa-helper
4956+ - keep added files under debian/:
4957+ * libvirt-bin.upstart
4958+ * libvirt-migrate-qemu-disks
4959+ * libvirt-migrate-qemu-disks.1
4960+ * libvirt-suspendonreboot
4961+ * apparmor profiles
4962+ - debian/README.Debian:
4963+ * add 'Apparmor Profile' section
4964+ * add 'Disk migration' section
4965+ - debian/rules:
4966+ * don't build with vbox since virtualbox-ose is in universe
4967+ - remove WITH_VBOX, add explicit --without-vbox
4968+ * add --with-apparmor to DEB_CONFIGURE_EXTRA_FLAGS
4969+ * set DEB_DH_INSTALLINIT_ARGS to '--upstart-only'
4970+ * remove unneeded clean:: section (they only deal with sysvinit stuff)
4971+ * comment out binary-install/libvirt-bin:: part dealing with sysvinit
4972+ * dont ship libvirt-guests init script for now.
4973+ * add build/libvirt-bin:: section to install
4974+ - apparmor files
4975+ - apport hooks
4976+ - libvirt-migrate-qemu-disks
4977+ * debian/patches/series:
4978+ - don't apply Debian-specific Debianize-libvirt-guests.patch (sysvinit only)
4979+ - don't apply Disable qemu-disable-network.diff.patch
4980+ * debian/patches(/ubuntu):
4981+ - Disable-gnulib-s-test-nonplocking-pipe.sh.patch is in sid's debian/patches
4982+ - drop patches:
4983+ * 9000-delayed_iff_up_bridge.patch
4984+ * 9011-move-ebtables-script.patch
4985+ * apparmor-allow-tunnelled-migration.patch
4986+ * apparmor-allow-tunnelled-migration-2.patch
4987+ * fix-qemu-1.0.patch
4988+ * conf-dont-drop-console-def-ondomain-restart.patch
4989+ - keep (and refreshed) patches:
4990+ * 9002-better_default_uri_virsh.patch
4991+ * 9003-better-default-arch.patch
4992+ * 9004-libvirtd-group-name.patch
4993+ * 9005-increase-unix-socket-timeout.patch
4994+ * 9006-default-config-test-case.patch
4995+ * 9020-lp545795.patch
4996+ * 9021-fix-uint64_t.patch
4997+ * libnl3.patch
4998+ * arm-gcc-workaround.patch
4999+ * disable numa - until the MIR for numa is done
5000+ - debian/control: remove from dependencies
The diff has been truncated for viewing.

Subscribers

People subscribed via source and target branches

to all changes: