Ubuntu
libvirt package

Merge ~paelzer/ubuntu/+source/libvirt:merge-8.0-jammy into ubuntu/+source/libvirt:debian/sid

Proposed by Christian Ehrhardt  on 2022-01-27

Status:

Merged

Merge reported by:

Christian Ehrhardt 

Merged at revision:

37bc4e751fca94e4fb868b7fa45b98b026e96459

Proposed branch:

~paelzer/ubuntu/+source/libvirt:merge-8.0-jammy

Merge into:

ubuntu/+source/libvirt:debian/sid

Diff against target:

10026 lines (+9063/-67)

38 files modified

debian/changelog (+7651/-11)
debian/control (+13/-11)
debian/libvirt-clients.install (+1/-0)
debian/libvirt-clients.lintian-overrides (+1/-0)
debian/libvirt-daemon-system.dirs (+2/-0)
debian/libvirt-daemon-system.install (+1/-0)
debian/libvirt-daemon-system.postinst (+170/-0)
debian/libvirt-daemon-system.postrm (+42/-1)
debian/libvirt-daemon.README.Debian (+82/-22)
debian/libvirt-daemon.apport (+22/-0)
debian/libvirt-daemon.dnsmasq (+2/-0)
debian/libvirt-daemon.install (+1/-0)
debian/libvirt-uri.sh (+27/-0)
debian/patches/backport/qemuDomainSetupDisk-Initialize-targetPaths.patch (+42/-0)
debian/patches/backport/util-fix-syslog-facility-value.patch (+58/-0)
debian/patches/series (+22/-0)
debian/patches/ubuntu-aa/0020-virt-aa-helper-ubuntu-storage-paths.patch (+37/-0)
debian/patches/ubuntu-aa/0029-appmor-libvirt-qemu-Add-9p-support.patch (+34/-0)
debian/patches/ubuntu-aa/0031-virt-aa-helper-Ask-for-no-deny-rule-for-readonly-dis.patch (+43/-0)
debian/patches/ubuntu-aa/0032-apparmor-libvirt-qemu-Allow-reading-charm-specific-c.patch (+34/-0)
debian/patches/ubuntu-aa/0033-UBUNTU-only-apparmor-for-kvm.powerpc-LP-1680384.patch (+41/-0)
debian/patches/ubuntu-aa/0034-apparmor-virt-aa-helper-access-for-snapped-nova.patch (+33/-0)
debian/patches/ubuntu-aa/lp-1815910-allow-vhost-hotplug.patch (+57/-0)
debian/patches/ubuntu/Allow-libvirt-group-to-access-the-socket.patch (+50/-0)
debian/patches/ubuntu/daemon-augeas-fix-expected.patch (+21/-0)
debian/patches/ubuntu/dnsmasq-as-priv-user (+290/-0)
debian/patches/ubuntu/lp-1861125-ubuntu-models.patch (+21/-0)
debian/patches/ubuntu/ovmf_paths.patch (+60/-0)
debian/patches/ubuntu/parallel-shutdown.patch (+25/-0)
debian/patches/ubuntu/set-default-machine-to-ubuntu.patch (+45/-0)
debian/patches/ubuntu/swtpm-by-swtpm-user.patch (+40/-0)
debian/patches/ubuntu/ubuntu_machine_type.patch (+14/-0)
debian/patches/ubuntu/wait-for-qemu-kvm.patch (+23/-0)
debian/rules (+18/-14)
debian/tests/control (+3/-2)
debian/tests/smoke-lxc (+30/-4)
debian/tests/smoke-qemu-session (+5/-0)
debian/tests/smoke-qemu-session.xml (+2/-2)

Related bugs:

Bug #1948748: [MIR] swtpm	High	Fix Released
Bug #1959054: debhelper restarts services marked --no-restart-on-upgrade	Undecided	Fix Released

Link a bug report

Reviewer	Date Requested	Status
Sergio Durigan Junior (community)	2022-01-27	Approve on 2022-02-01
Canonical Server	2022-01-27	Pending
git-ubuntu import	2022-01-27	Pending
Review via email: mp+414648@code.launchpad.net

Revision history for this message

Christian Ehrhardt  (paelzer) wrote on 2022-01-27:

PPA: https://launchpad.net/~ci-train-ppa-service/+archive/ubuntu/4753/+packages

Regression tests are ongoing, but looking good enough by now to get the reviews started.

~paelzer/ubuntu/+source/libvirt:merge-8.0-jammy updated on 2022-01-28

e58f2cc... by Christian Ehrhardt  on 2022-01-28

d/rules, d/libvirt-daemon-system.{postinst,prerm}: never stop system services and sockets (LP: #1959054)

TL;DR:
- it is a mess, a lot of discussions and bugs to read for full awareness
- since transitions need libvirt soon we upload it with a mitigation now
- it is expected that debhelper in jammy is fixed and we can drop this
before release
- long term discussion how to deal with it in the salsa PR

Due to debhelper bug 994204 on upgrades guests are shut down
(libvirt-guests.service) or even crash (virtlogd.service) because those
services are restarted.

Until that bug is resolved in debhelper we need to take over the
handling of those services ourselves.

References:
- https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=994204
- https://bugs.launchpad.net/ubuntu/+source/debhelper/+bug/1959054
- https://salsa.debian.org/utopia-team/dbus/-/commit/4c5195a13c69364dce50063afac368930ec75c91

Submitted to Debian via:
https://salsa.debian.org/libvirt-team/libvirt/-/merge_requests/132

The initial version of this was based on the dbus handling of it, but
it turns out that --no-stop-on-upgrade --no-start leaves a stop command
in prerm and thereby we'd have them stopped twice.

Auto added section is identical:
if [ -z "${DPKG_ROOT:-}" ] && [ "$1" = remove ] && [ -d /run/systemd/system ] ; then
deb-systemd-invoke stop 'libvirt-guests.service' 'virtlockd.service' 'virtlogd.service' >/dev/null || true
fi

Remove that duplicate that we added before following dbus.

It turns out also nowadays restarting the sockets is dangerous.
$ deb-systemd-invoke restart 'virtlogd.socket'
or
$ systemctl restart virtlogd.socket
no more complain about being unable to restart for the service being running.
Instead they do restart the service, which makes our restarting of sockets
again kill virtlogd for example.

Therefore we also can not leave the system-services sockets to debhelper
as they would be restarted despite --no-stop-on-upgrade and thereby
restart the related services breaking guests.

As suggested on the Debian PR this removes the remaining debhelper calls
for our system services and sockets.

The remaining little bit it did for us in postinst/postrm is
added directly to these maintainer script now in the non-restart
way that we need.

Signed-off-by: Christian Ehrhardt <email address hidden>

1e60cc9... by Christian Ehrhardt  on 2022-01-28

changelog: d/rules, d/libvirt-daemon-system.postinst: never stop LIBVIRT_SYSTEM_SERVICES

Signed-off-by: Christian Ehrhardt <email address hidden>

Revision history for this message

Christian Ehrhardt  (paelzer) wrote on 2022-01-28:

Tests identified https://bugs.launchpad.net/ubuntu/+source/libvirt/+bug/1959054 which is ongoing (fixes/tests). Other than that regression tests already look mostly good (only some yet to debug network issue on x86 only).

Autopkg are good as well:
  libvirt @ amd64:
    27.01.22 14:40:50 Log 🗒️ ✅ Triggers: ['libvirt/8.0.0-1ubuntu1~jammyppa2']
      smoke PASS ✅
      smoke-lxc PASS ✅
      build-test PASS ✅
  libvirt @ arm64:
    27.01.22 14:54:42 Log 🗒️ ✅ Triggers: ['libvirt/8.0.0-1ubuntu1~jammyppa2']
      smoke PASS ✅
      smoke-lxc PASS ✅
      build-test PASS ✅
  libvirt @ armhf:
    27.01.22 14:42:55 Log 🗒️ ✅ Triggers: ['libvirt/8.0.0-1ubuntu1~jammyppa2']
      smoke PASS ✅
      build-test PASS ✅
  libvirt @ ppc64el:
    27.01.22 14:47:29 Log 🗒️ ✅ Triggers: ['libvirt/8.0.0-1ubuntu1~jammyppa2']
      smoke PASS ✅
      smoke-lxc PASS ✅
      build-test PASS ✅
  libvirt @ s390x:
    27.01.22 14:41:04 Log 🗒️ ✅ Triggers: ['libvirt/8.0.0-1ubuntu1~jammyppa2']
      smoke PASS ✅
      smoke-lxc PASS ✅
      build-test PASS ✅

Revision history for this message

Christian Ehrhardt  (paelzer) wrote on 2022-01-31:

FYI the strangest new Delta is about the service handling due to recent debhelper/systemd fun.
I submitted that to Debian to not be odd delta forever:
=> https://salsa.debian.org/libvirt-team/libvirt/-/merge_requests/132

Revision history for this message

Sergio Durigan Junior (sergiodj) wrote on 2022-02-01 (last edit on 2022-02-01):

Thanks for the MP, Christian.

As usual, a big diff to review! I could not find the regular merge tags (reconstruct, split and logical), so it's "a bit" more work to check that the delta is OK. Here's the command I've used (which is not perfect, so I needed to tweak things a bit):

I'm also happy with the PPA build (I won't build the package locally; takes too long), and I'm happy with the autopkgtest that have been run on the infra (again, I won't run them locally, and TBH running directly on the infra is better anyway).

I double-checked all commits and made sure that they are being properly listed in the d/changelog entry. I'm leaving a few minor comments in the changelog; they're cosmetic, though.

As for the debhelper/systemd change, my only comment is that you're still using the option "--no-stop-on-upgrade" when invoking dh_installsystemd on d/rules. I think it is best to remove that option, because otherwise debhelper will generate the bogus snippet anyway and it may get executed on postinst/prerm. WDYT?

I'm overall satisfied with the MP. If you have the time and can wait, feel free to push the merge tags and I will take a closer look into the delta. Otherwise, I am OK if you'd like to proceed; there's nothing strange that caught my eyes.

review: Approve

Revision history for this message

Christian Ehrhardt  (paelzer) wrote on 2022-02-01:

Yeah sorry, co-developing so much on Salsa makes me forget to provide the usual set of tags. Also we went ahead of Debian multiple times but fetching commits from salsa in those, which makes our past look noisy.
Due to always maintaining with git-ubuntu the TL;DR is pkg/ubuntu/jammy-devel == deconstruct, so it isn't too hard despite looking ugly.
Here they are:
To ssh://git.launchpad.net/~paelzer/ubuntu/+source/libvirt
* [new tag] merge-8.0-jammy-former-deconstruct -> merge-8.0-jammy-former-deconstruct
* [new tag] merge-8.0-jammy-former-logical -> merge-8.0-jammy-former-logical
Next time just remind me instead of feeling the pain, I'll then do my duty to create and provide them right away.

The debhelper/systemd situation is still up for debate and discussion in the Debian PR and debian bug.
I'm gonna upload libvirt once we have settled there.
Your suggestion of dropping --no-stop-on-upgrade is interesting, I rechecked and dbus uses an even more confusing "--no-restart-after-upgrade --no-start". I'll have a look and also try only using "--no-start".
The currently proposed code does work through all tests that I found, which is why I'd like to keep it until I had time to find a better one :-)
If the Debian discussions take too long I might upload libvirt as proposed here "for now" and later once (as discussed in standup) we know how bug 1959054 resolves for Ubuntu rewrite it depending on that.
TL;DR - something working for now, resolve it before jammy-release

Thanks for the inline comments, I'll have a look at each of them ...

Revision history for this message

Christian Ehrhardt  (paelzer) wrote on 2022-02-01:

Changlog updates added - thanks

I've started a build with just "--no-start" to evaluate the effective generated maintainer script contents with that ...

Revision history for this message

Christian Ehrhardt  (paelzer) wrote on 2022-02-01:

FYI @Sergio:
Only using "--no-start" compared to what I proposed "--no-stop-on-upgrade --no-start" only drops a snippet in prerm that will stop the services on removal.
That isn't helping, if they were started it is indeed helpful to stop them before rmeoval.
For install/upgrade this snippet has no effect.
Therefore I'd - for now - leave it as "--no-stop-on-upgrade --no-start" which is the most explicit expression of "do not do anything please".

I'll rebuild with the former again ...

Revision history for this message

Sergio Durigan Junior (sergiodj) wrote on 2022-02-01:

On Tuesday, February 01 2022, Christian Ehrhardt  wrote:

> FYI @Sergio:
> Only using "--no-start" compared to what I proposed "--no-stop-on-upgrade --no-start" only drops a snippet in prerm that will stop the services on removal.
> That isn't helping, if they were started it is indeed helpful to stop them before rmeoval.
> For install/upgrade this snippet has no effect.
> Therefore I'd - for now - leave it as "--no-stop-on-upgrade --no-start" which is the most explicit expression of "do not do anything please".
>
> I'll rebuild with the former again ...

Thanks for the follow up, Christian. BTW, not having the git-ubuntu
tags was no pain; I just had to improvise with git, but that's fine.

FWIW, thank you for double-checking what removing "--no-stop-on-upgrade"
causes. Based on your findings I agree that it's OK to leave the option
as is. I'm also hoping that this bug will be fixed before the release,
and that you will be able to drop this particular delta soon.

Anyway, with all of this out of the way, the MP now LGTM. +1.

Cheers,

--
Sergio
GPG key ID: E92F D0B3 6B14 F1F4 D8E0 EB2F 106D A1C8 C3CB BF14

Revision history for this message

Christian Ehrhardt  (paelzer) wrote on 2022-02-11:

Uploading with the mitigation for the debhelper issue to unblock others.
But the plan is to drop this mitigation before jammy release once debhelper is fixed.

Uploading to ubuntu (via ftp to upload.ubuntu.com):
  Uploading libvirt_8.0.0-1ubuntu1.dsc: done.
  Uploading libvirt_8.0.0.orig.tar.xz: done.
  Uploading libvirt_8.0.0-1ubuntu1.debian.tar.xz: done.
  Uploading libvirt_8.0.0-1ubuntu1_source.buildinfo: done.
  Uploading libvirt_8.0.0-1ubuntu1_source.changes: done.
Successfully uploaded packages.

Revision history for this message

Christian Ehrhardt  (paelzer) wrote on 2022-02-11:

https://launchpad.net/ubuntu/+source/libvirt/8.0.0-1ubuntu1
=> Merged

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk

The diff has been truncated for viewing.

Subscribers

People subscribed via source and target branches

to all changes:

Christian Ehrhardt 

git-ubuntu developers

Ubuntu
libvirt package

Merge ~paelzer/ubuntu/+source/libvirt:merge-8.0-jammy into ubuntu/+source/libvirt:debian/sid

Commit message

Description of the change

Preview Diff

Subscribers

 diff --git a/debian/changelog b/debian/changelog
 index b1a64c4..11dc373 100644
 --- a/debian/changelog
 +++ b/debian/changelog
@@ -1,3 +1,133 @@
++libvirt (8.0.0-1ubuntu1) jammy; urgency=medium
++
++  * Merge 8.0.0 from Debian unstable (LP: #1946869)
++    Among many other fixes and improvements this fixes ceph usage
++    in regard to apparmor (LP: #1588576)
++    Remaining changes:
++    - libvirt-uri.sh: Automatically switch default libvirt URI for users
++      via user profile (xen URI on dom0, qemu:///system otherwise)
++      [contains lintian fixups of 6.6.0-1ubuntu1]
++    - Disable libssh2 support (universe dependency)
++    - d/control: add libzfslinux-dev to build-deps
++    - d/control: drop libvirt-lxc, vbox and xen drivers to suggest
++    - d/control: breaks replaces for augeas lenses move in 6.0.0-1
++      (follows Debian, droppable >22.04)
++    - debian/patches/ubuntu/ovmf_paths.patch: adjust paths to secboot.fd UEFI
++      Secure Boot enabled variants of the OVMF firmware and variable store for
++      the paths where we ship these files in Ubuntu.
++    - Set qemu-group to kvm (for compat with older ubuntu)
++    - Additional apport package-hook
++    - Autostart default bridged network (As upstream does, but not Debian).
++      In addition to just enabling it our solution provides:
++      + do not autostart if subnet is already taken (e.g. in guests).
++      + iterate some alternative subnets before giving up
++    - d/p/ubuntu/Allow-libvirt-group-to-access-the-socket.patch: This is
++      the group based access to libvirt functions as it was used in Ubuntu
++      for quite a long time.
++      + d/p/ubuntu/daemon-augeas-fix-expected.patch fix some related tests
++        due to the group access change.
++      + d/libvirt-daemon-system.postinst: add users in sudo to the libvirt
++        group.
++    - d/p/u/parallel-shutdown.patch: set parallel shutdown by default.
++    - Update README.Debian with Ubuntu changes
++    - d/p/ubuntu/ubuntu_machine_type.patch: accept ubuntu types as pci440fx
++    - fix autopkgtests (LP 1899180)
++      + d/t/control, d/t/smoke-qemu-session: fixup smoke-qemu-session by making
++        vmlinuz available and accessible (Debian bug 848314)
++      + d/t/control: fix smoke-qemu-session by ensuring the service will run
++        installing libvirt-daemon-system
++      + d/t/smoke-lxc: fix smoke-lxc by ignoring potential issues on destroy as
++        long as the following undefine succeeds
++      + d/t/smoke-lxc: use systemd instead of sysV to restart the service
++      + d/t/control, d/t/smoke-lxc: retry service restart and skip test if
++        failing; This was flaky on some release/architectures
++      + d/t/smoke-lxc: retry check_domain being flaky on arm64
++    - dnsmasq related enhancements
++      [now contains dnsmasq-as-priv-user of 6.6.0-1ubuntu1]
++      + run dnsmasq as libvirt-dnsmasq (LP: 1743718)
++      + d/libvirt-daemon-system.postinst: add libvirt-dnsmasq user and group
++      + d/libvirt-daemon-system.postrm: remove libvirt-dnsmasq user and group
++        on purge
++      + d/p/ubuntu/dnsmasq-as-priv-user: write dnsmasq config with user
++        libvirt-dnsmasq and adapt the self tests to expect that config
++      + d/libvirt-daemon-system.postinst: fix old libvirt-dnsmasq users group
++      + Add dnsmasq configuration to work with system wide dnsmasq-base
++    - d/p/ubuntu/set-default-machine-to-ubuntu.patch: to select default
++      machine type correctly with newer qemu/libvirt
++    - d/p/ubuntu/lp-1861125-ubuntu-models: recognize Ubuntu models for
++      (LP 1861125) fixups
++    - d/p/ubuntu/wait-for-qemu-kvm.patch - avoid hangs on startup (LP 1887592)
++    - Apparmor Delta that is Ubuntu specific or yet to be upstreamed
++      split into logical pieces. File names in debian/patches/ubuntu-aa/:
++      + 0020-virt-aa-helper-ubuntu-storage-paths.patch:
++        apparmor, virt-aa-helper: Allow various storage pools and image
++        locations
++      + 0029-appmor-libvirt-qemu-Add-9p-support.patch: appmor,
++        libvirt-qemu: Add 9p support
++      + 0031-virt-aa-helper-Ask-for-no-deny-rule-for-readonly-dis.patch:
++        virt-aa-helper: Ask for no deny rule for readonly disk (renamed and
++        reworded, was virt-aa-helper-no-explicity-deny-for-basefiles.patch)
++      + 0032-apparmor-libvirt-qemu-Allow-reading-charm-specific-c.patch:
++        apparmor, libvirt-qemu: Allow reading charm-specific ceph config
++      + 0033-UBUNTU-only-apparmor-for-kvm.powerpc-LP-1680384.patch: allow
++        commands executed by ubuntu only kvm wrapper on ppc64el
++        (LP 1686621 LP 1680384 LP 1784023)
++      + 0034-apparmor-virt-aa-helper-access-for-snapped-nova.patch:
++        apparmor, virt-aa-helper: access for snapped nova
++      + lp-1815910-allow-vhost-net.patch: avoid apparmor issues
++        with vhost-net/vhost-vsock/vhost-scsi hotplug (LP: 1815910)
++    - libvirt should not use user/group tss for swtpm (LP 1948880)
++      + d/libvirt-daemon-system.postinst: own swtpm logdir by user swtpm
++      + d/p/u/swtpm-by-swtpm-user.patch: change default spawned swtpm processes
++        to user swtpm
++      + d/p/u/swtpm-by-swtpm-user.patch: adapt expected self test results
++      + d/control: suggest swtpm-tools
++      + d/libvirt-daemon-system.postinst: create user/group swtpm if not present
++        due to swtpm-tools (LP 1951975)
++  * Dropped changes [in Debian now]:
++    - d/control: add libtirpc for rpc.h with glibc >=2.32
++    - various patch refreshes and .symbols updated from 7.0.0 - 7.6.0
++    - debian/rules: disable the netcf backend. (LP: 1764314)
++    - d/libvirt-clients.install: completions no more are symlinked to vsh
++    - d/rules: disable the now auto-built vstorage backend
++    - not-installed: split daemon man pages are no yet installed
++    - d/rules: disable the new Cloud Hypervisor driver
++    - d/rules: enable more features explicitly
++    - d/rules: use apparmor_profiles=enabled instead of the now rejected
++      value true
++    - rules: Explicitly set remote_default_mode
++    - rules: Rework installation of AppArmor-related files
++    - d/control, d/rules: enable libssh (LP 1939416)
++  * Dropped changes [upstream now]:
++    - d/p/u/lp-1913266-*: add vsock options to be usable with s390x secure
++      execution (LP 1913266)
++    - d/p/u/lp-1927519-virt-aa-helper-Purge-profile-if-corrupted.patch: avoid
++      issues due to corrupted apparmor profiles (LP 1927519)
++    - Toleration for qemu >=6.0 handling of props (LP 1932264)
++    - Persistent vfio-ccw device assignments (LP 1887929)
++  * Dropped changes [no more needed]:
++    - remove Debian debian/Revert-m4-virt-xdr-rewrite-XDR-check.patch as with
++      recent ubuntu glibx 2.32 it is breaking the build
++    - update d/p/debian/Revert-m4-virt-xdr-rewrite-XDR-check.patch: to detect
++      XDR functions from glibc
++    - d/t/smoke-lxc: skip before systemd 248 due to a known bug (LP 1934966)
++    - d/t/smoke-lxc: skip if cgroup v1&v2 are present (systemd 248
++      was not enough)
++  * Added changes:
++    - d/p/u/dnsmasq-as-priv-user: update for 8.0.0
++    - Add recent upstream fixes to 8.0
++      + d/p/backport/qemuDomainSetupDisk-Initialize-targetPaths.patch to work
++        in containers like LXD (without guest start would hang).
++      + d/p/backport/util-fix-syslog-facility-value.patch to ensure logs
++        get passed to syslog/journal correctly.
++   - d/rules, d/libvirt-daemon-system.{postinst,postrm}: never stop
++     libvirt system services and sockets (LP: #1959054). This allows
++     to unblock some transitions that wait on libvirt now; The intention is
++     that it is fixed in debhelper and libvirt reverts this change before
++     jammy release.
++
++ -- Christian Ehrhardt <christian.ehrhardt@canonical.com>  Mon, 24 Jan 2022 08:49:08 +0100
++
  libvirt (8.0.0-1) unstable; urgency=medium
    * [a26cc81] New upstream version 8.0.0
@@ -75,6 +205,49 @@ libvirt (7.9.0-1) unstable; urgency=medium
   -- Andrea Bolognani <eof@kiyuko.org>  Mon, 06 Dec 2021 21:56:00 +0100
++libvirt (7.6.0-0ubuntu3) jammy; urgency=medium
++
++  * d/libvirt-daemon-system.postinst: create user/group swtpm if not present
++    due to swtpm-tools (LP: #1951975)
++
++ -- Christian Ehrhardt <christian.ehrhardt@canonical.com>  Wed, 24 Nov 2021 07:50:53 +0100
++
++libvirt (7.6.0-0ubuntu2) jammy; urgency=medium
++
++  * d/p/u/lp-1927519-virt-aa-helper-Purge-profile-if-corrupted.patch: avoid
++    issues due to corrupted apparmor profiles (LP: #1927519)
++  * libvirt should not use user/group tss for swtpm (LP: #1948880)
++    - d/libvirt-daemon-system.postinst: own swtpm logdir by user swtpm
++    - d/p/u/swtpm-by-swtpm-user.patch: change default spawned swtpm processes
++      to user swtpm
++    - d/p/u/swtpm-by-swtpm-user.patch: adapt expected self test results
++    - d/control: suggest swtpm-tools
++
++ -- Christian Ehrhardt <christian.ehrhardt@canonical.com>  Thu, 11 Nov 2021 12:11:38 +0100
++
++libvirt (7.6.0-0ubuntu1) impish; urgency=medium
++
++  * Merge v7.6.0 from upstream and unreleased changes from Debian git.
++    Among other bugs this fixes copy-storage-inc based migrations (LP: #1936778)
++    - New upstream version 7.5.0
++    - New upstream version 7.6.0
++    - symbols: Bump symbol versions
++    - refresh d/p/debian/Set-defaults-for-zfs-tools.patch for v7.5.0
++    - patches: Refresh patches
++    - d/rules: disable the new Cloud Hypervisor driver
++    - d/rules: enable more features explicitly
++    - d/rules: use apparmor_profiles=enabled instead of the now rejected
++      value true
++    - update d/p/debian/Revert-m4-virt-xdr-rewrite-XDR-check.patch: to detect
++      XDR functions from glibc
++  * d/control, d/rules: enable libssh (LP: #1939416)
++  * refresh ubuntu patches for v7.6.0
++  * Further fixups for v7.6.0 (thanks to Andrea Bolognani)
++    - rules: Explicitly set remote_default_mode
++    - rules: Rework installation of AppArmor-related files
++
++ -- Christian Ehrhardt <christian.ehrhardt@canonical.com>  Wed, 11 Aug 2021 08:11:16 +0200
++
  libvirt (7.6.0-1) unstable; urgency=medium
    * Team upload
@@ -100,6 +273,44 @@ libvirt (7.6.0-1) unstable; urgency=medium
   -- Andrea Bolognani <eof@kiyuko.org>  Thu, 19 Aug 2021 21:16:21 +0200
++libvirt (7.4.0-0ubuntu3) impish; urgency=medium
++
++  * d/t/smoke-lxc: skip if cgroup v1&v2 are present (systemd 248
++    was not enough)
++
++ -- Christian Ehrhardt <christian.ehrhardt@canonical.com>  Thu, 08 Jul 2021 14:20:53 +0200
++
++libvirt (7.4.0-0ubuntu2) impish; urgency=medium
++
++  * d/t/smoke-lxc: skip before systemd 248 due to a known bug (LP: #1934966)
++
++ -- Christian Ehrhardt <christian.ehrhardt@canonical.com>  Thu, 08 Jul 2021 09:33:49 +0200
++
++libvirt (7.4.0-0ubuntu1) impish; urgency=medium
++
++  * Merge v7.4.0 from upstream,
++    among a lot of new features and fixes this closes a few of issues
++    reported against Ubuntu
++    - Toleration for qemu >=6.0 handling of props (LP: #1932264)
++    - Persistent vfio-ccw device assignments (LP: #1887929)
++    - Drop patches that are upstream in v7.4.0
++      - d/p/b/meson-Fix-cross-building-of-dtrace-probes.patch
++      - d/p/b/apparmor-let-image-label-setting-loop-over-backing-files.patch
++      - d/p/r/systemd-Revert-remote-Add-libvirtd-dependency-to-virt-gue.patch
++      - d/p/u/lp-1913266-*: add vsock options to be usable with s390x
++      - d/p/u/lp-1921754-*: EPYC-Rome-v2
++      - d/p/u/lp-1921880-*: EPYC-Milan
++    - d/libvirt-clients.install: completions no more are symlinked to vsh
++    - Revert "disable firewalld support (universe dependency)"
++      This does not add a runtime dependency and while firewalld isn't in
++      main that way users can install and use it from universe.
++      (LP: #1928113)
++    - d/libvirt0.symbols: bump symbol versions for 7.4.0
++    - d/rules: disable the now auto-built vstorage backend
++    - not-installed: split daemon man pages are no yet installed
++
++ -- Christian Ehrhardt <christian.ehrhardt@canonical.com>  Thu, 17 Jun 2021 10:33:27 +0200
++
  libvirt (7.0.0-3) unstable; urgency=medium
    * Team upload
@@ -109,6 +320,115 @@ libvirt (7.0.0-3) unstable; urgency=medium
   -- Andrea Bolognani <eof@kiyuko.org>  Fri, 26 Feb 2021 16:46:34 +0100
++libvirt (7.0.0-2ubuntu2) hirsute; urgency=medium
++
++  * d/p/u/lp-1921754*: add EPYC-Rome-v2 as v1 missed IBRS and thereby fails
++    on some HW/Guest combinations e.g. Windows 10 on Threadripper
++    (LP: #1921754)
++  * d/p/u/lp-1921880*: add EPYC-Milan features and named cpu type support
++    (LP: #1921880)
++
++ -- Christian Ehrhardt <christian.ehrhardt@canonical.com>  Wed, 07 Apr 2021 13:33:46 +0200
++
++libvirt (7.0.0-2ubuntu1) hirsute; urgency=medium
++
++  * Merge with Debian 7.0.0-1 from Debian unstable
++    Remaining changes:
++    - libvirt-uri.sh: Automatically switch default libvirt URI for users
++      via user profile (xen URI on dom0, qemu:///system otherwise)
++      [contains lintian fixups of 6.6.0-1ubuntu1]
++    - Disable libssh2 support (universe dependency)
++    - Disable firewalld support (universe dependency)
++    - d/control: add libzfslinux-dev to build-deps
++    - d/control: drop libvirt-lxc, vbox and xen drivers to suggest
++    - d/control: breaks replaces for augeas lenses move in 6.0.0-1
++      (follows Debian, droppable >22.04)
++    - debian/rules: disable the netcf backend. (LP: 1764314)
++    - debian/patches/ubuntu/ovmf_paths.patch: adjust paths to secboot.fd UEFI
++      Secure Boot enabled variants of the OVMF firmware and variable store for
++      the paths where we ship these files in Ubuntu.
++    - Set qemu-group to kvm (for compat with older ubuntu)
++    - Additional apport package-hook
++    - Autostart default bridged network (As upstream does, but not Debian).
++      In addition to just enabling it our solution provides:
++      + do not autostart if subnet is already taken (e.g. in guests).
++      + iterate some alternative subnets before giving up
++    - d/p/ubuntu/Allow-libvirt-group-to-access-the-socket.patch: This is
++      the group based access to libvirt functions as it was used in Ubuntu
++      for quite a long time.
++      + d/p/ubuntu/daemon-augeas-fix-expected.patch fix some related tests
++        due to the group access change.
++      + d/libvirt-daemon-system.postinst: add users in sudo to the libvirt
++        group.
++    - ubuntu/parallel-shutdown.patch: set parallel shutdown by default.
++    - Update README.Debian with Ubuntu changes
++    - d/p/ubuntu/ubuntu_machine_type.patch: accept ubuntu types as pci440fx
++    - fix autopkgtests (LP 1899180)
++      + d/t/control, d/t/smoke-qemu-session: fixup smoke-qemu-session by making
++        vmlinuz available and accessible (Debian bug 848314)
++      + d/t/control: fix smoke-qemu-session by ensuring the service will run
++        installing libvirt-daemon-system
++      + d/t/smoke-lxc: fix smoke-lxc by ignoring potential issues on destroy as
++        long as the following undefine succeeds
++      + d/t/smoke-lxc: use systemd instead of sysV to restart the service
++      + d/t/control, d/t/smoke-lxc: retry service restart and skip test if
++        failing; This was flaky on some release/architectures
++      + d/t/smoke-lxc: retry check_domain being flaky on arm64
++    - dnsmasq related enhancements
++      [now contains dnsmasq-as-priv-user of 6.6.0-1ubuntu1]
++      + run dnsmasq as libvirt-dnsmasq (LP: 1743718)
++      + d/libvirt-daemon-system.postinst: add libvirt-dnsmasq user and group
++      + d/libvirt-daemon-system.postrm: remove libvirt-dnsmasq user and group
++        on purge
++      + d/p/ubuntu/dnsmasq-as-priv-user: write dnsmasq config with user
++        libvirt-dnsmasq and adapt the self tests to expect that config
++      + d/libvirt-daemon-system.postinst: fix old libvirt-dnsmasq users group
++      + Add dnsmasq configuration to work with system wide dnsmasq-base
++    - d/p/ubuntu/set-default-machine-to-ubuntu.patch: to select default
++      machine type correctly with newer qemu/libvirt
++    - d/p/ubuntu/lp-1861125-ubuntu-models: recognize Ubuntu models for
++      (LP 1861125) fixups
++    - d/p/ubuntu/wait-for-qemu-kvm.patch - avoid hangs on startup (LP 1887592)
++    - remove Debian debian/Revert-m4-virt-xdr-rewrite-XDR-check.patch as with
++      recent ubuntu glibx 2.32 it is breaking the build
++    - d/control: add libtirpc for rpc.h with glibc >=2.32
++    - Apparmor Delta that is Ubuntu specific or yet to be upstreamed
++      split into logical pieces. File names in debian/patches/ubuntu-aa/:
++      + 0020-virt-aa-helper-ubuntu-storage-paths.patch:
++        apparmor, virt-aa-helper: Allow various storage pools and image
++        locations
++      + 0029-appmor-libvirt-qemu-Add-9p-support.patch: appmor,
++        libvirt-qemu: Add 9p support
++      + 0031-virt-aa-helper-Ask-for-no-deny-rule-for-readonly-dis.patch:
++        virt-aa-helper: Ask for no deny rule for readonly disk (renamed and
++        reworded, was virt-aa-helper-no-explicity-deny-for-basefiles.patch)
++      + 0032-apparmor-libvirt-qemu-Allow-reading-charm-specific-c.patch:
++        apparmor, libvirt-qemu: Allow reading charm-specific ceph config
++      + 0033-UBUNTU-only-apparmor-for-kvm.powerpc-LP-1680384.patch: allow
++        commands executed by ubuntu only kvm wrapper on ppc64el
++        (LP 1686621 LP 1680384 LP 1784023)
++      + 0034-apparmor-virt-aa-helper-access-for-snapped-nova.patch:
++        apparmor, virt-aa-helper: access for snapped nova
++      + lp-1815910-allow-vhost-net.patch: avoid apparmor issues
++        with vhost-net/vhost-vsock/vhost-scsi hotplug (LP: 1815910)
++    - d/p/u/lp-1913266-*: add vsock options to be usable with s390x secure
++      execution (LP 1913266)
++  * Dropped Changes [in Debian now]
++    - Avoid various issues around service/socket status after install/reinstall
++      and on upgrades (LP 1914054).
++      - d/rules: let sockets use --no-stop-on-upgrade to avoid false positives
++      - d/rules: --no-restart-after-upgrade does not prevent restarts
++      - d/rules: avoid --no-start which breaks .sockets on re-install
++      - d/rules: start, but do not restart libvirt-guests.service
++    - Dependency improvements yet unreleased from salsa/debian/master thanks
++      to Andrea Bolognani (Debian #981435).
++      - control: Always explicitly depend on libvirt0
++      - control: Always use versioned deps for libvirt components
++    - d/control: extend demotion of libvirt-lxc related dependencies to
++      libvirt-login-shell
++
++ -- Christian Ehrhardt <christian.ehrhardt@canonical.com>  Tue, 23 Feb 2021 12:16:08 +0100
++
  libvirt (7.0.0-2) unstable; urgency=medium
    * Team upload
@@ -130,6 +450,123 @@ libvirt (7.0.0-2) unstable; urgency=medium
   -- Andrea Bolognani <eof@kiyuko.org>  Wed, 10 Feb 2021 23:23:32 +0100
++libvirt (7.0.0-1ubuntu2) hirsute; urgency=medium
++
++  * d/control: extend demotion of libvirt-lxc related dependencies to
++    libvirt-login-shell
++
++ -- Christian Ehrhardt <christian.ehrhardt@canonical.com>  Thu, 04 Feb 2021 13:44:49 +0100
++
++libvirt (7.0.0-1ubuntu1) hirsute; urgency=medium
++
++  * Merge with Debian 7.0.0-1 from Debian unstable
++    This fixes unwanted conffile prompts (LP: #1906248)
++    Remaining changes:
++    - libvirt-uri.sh: Automatically switch default libvirt URI for users
++      via user profile (xen URI on dom0, qemu:///system otherwise)
++      [contains lintian fixups of 6.6.0-1ubuntu1]
++    - Disable libssh2 support (universe dependency)
++    - Disable firewalld support (universe dependency)
++    - d/control: add libzfslinux-dev to build-deps
++    - d/control: drop libvirt-lxc, vbox and xen drivers to suggest
++    - d/control: breaks replaces for augeas lenses move in 6.0.0-1
++      (follows Debian, droppable >22.04)
++    - debian/rules: disable the netcf backend. (LP: 1764314)
++    - debian/patches/ubuntu/ovmf_paths.patch: adjust paths to secboot.fd UEFI
++      Secure Boot enabled variants of the OVMF firmware and variable store for
++      the paths where we ship these files in Ubuntu.
++    - Set qemu-group to kvm (for compat with older ubuntu)
++    - Additional apport package-hook
++    - Autostart default bridged network (As upstream does, but not Debian).
++      In addition to just enabling it our solution provides:
++      + do not autostart if subnet is already taken (e.g. in guests).
++      + iterate some alternative subnets before giving up
++    - d/p/ubuntu/Allow-libvirt-group-to-access-the-socket.patch: This is
++      the group based access to libvirt functions as it was used in Ubuntu
++      for quite a long time.
++      + d/p/ubuntu/daemon-augeas-fix-expected.patch fix some related tests
++        due to the group access change.
++      + d/libvirt-daemon-system.postinst: add users in sudo to the libvirt
++        group.
++    - ubuntu/parallel-shutdown.patch: set parallel shutdown by default.
++    - Update README.Debian with Ubuntu changes
++    - d/p/ubuntu/ubuntu_machine_type.patch: accept ubuntu types as pci440fx
++    - fix autopkgtests (LP 1899180)
++      + d/t/control, d/t/smoke-qemu-session: fixup smoke-qemu-session by making
++        vmlinuz available and accessible (Debian bug 848314)
++      + d/t/control: fix smoke-qemu-session by ensuring the service will run
++        installing libvirt-daemon-system
++      + d/t/smoke-lxc: fix smoke-lxc by ignoring potential issues on destroy as
++        long as the following undefine succeeds
++      + d/t/smoke-lxc: use systemd instead of sysV to restart the service
++      + d/t/control, d/t/smoke-lxc: retry service restart and skip test if
++        failing; This was flaky on some release/architectures
++      + d/t/smoke-lxc: retry check_domain being flaky on arm64
++    - dnsmasq related enhancements
++      [now contains dnsmasq-as-priv-user of 6.6.0-1ubuntu1]
++      + run dnsmasq as libvirt-dnsmasq (LP: 1743718)
++      + d/libvirt-daemon-system.postinst: add libvirt-dnsmasq user and group
++      + d/libvirt-daemon-system.postrm: remove libvirt-dnsmasq user and group
++        on purge
++      + d/p/ubuntu/dnsmasq-as-priv-user: write dnsmasq config with user
++        libvirt-dnsmasq and adapt the self tests to expect that config
++      + d/libvirt-daemon-system.postinst: fix old libvirt-dnsmasq users group
++      + Add dnsmasq configuration to work with system wide dnsmasq-base
++    - d/p/ubuntu/set-default-machine-to-ubuntu.patch: to select default
++      machine type correctly with newer qemu/libvirt
++    - d/p/ubuntu/lp-1861125-ubuntu-models: recognize Ubuntu models for
++      (LP 1861125) fixups
++    - d/p/ubuntu/wait-for-qemu-kvm.patch - avoid hangs on startup (LP 1887592)
++    - remove Debian debian/Revert-m4-virt-xdr-rewrite-XDR-check.patch as with
++      recent ubuntu glibx 2.32 it is breaking the build
++    - d/control: add libtirpc for rpc.h with glibc >=2.32
++    - Apparmor Delta that is Ubuntu specific or yet to be upstreamed
++      split into logical pieces. File names in debian/patches/ubuntu-aa/:
++      + 0020-virt-aa-helper-ubuntu-storage-paths.patch:
++        apparmor, virt-aa-helper: Allow various storage pools and image
++        locations
++      + 0029-appmor-libvirt-qemu-Add-9p-support.patch: appmor,
++        libvirt-qemu: Add 9p support
++      + 0031-virt-aa-helper-Ask-for-no-deny-rule-for-readonly-dis.patch:
++        virt-aa-helper: Ask for no deny rule for readonly disk (renamed and
++        reworded, was virt-aa-helper-no-explicity-deny-for-basefiles.patch)
++      + 0032-apparmor-libvirt-qemu-Allow-reading-charm-specific-c.patch:
++        apparmor, libvirt-qemu: Allow reading charm-specific ceph config
++      + 0033-UBUNTU-only-apparmor-for-kvm.powerpc-LP-1680384.patch: allow
++        commands executed by ubuntu only kvm wrapper on ppc64el
++        (LP 1686621 LP 1680384 LP 1784023)
++      + 0034-apparmor-virt-aa-helper-access-for-snapped-nova.patch:
++        apparmor, virt-aa-helper: access for snapped nova
++      + lp-1815910-allow-vhost-net.patch: avoid apparmor issues
++        with vhost-net/vhost-vsock/vhost-scsi hotplug (LP: 1815910)
++  * Dropped Changes [in Debian now]
++    - 0050-local-include-for-libvirt-qemu.patch,
++      d/libvirt-daemon-system.postinst: provide a local apparmor include
++      for abstraction/libvirt-qemu (LP: 1786019)
++  * Dropped Changes [in upstream now]
++    - d/p/ubuntu-aa/apparmor-allow-kvm-spice-compat-wrapper.patch: fix migrating
++      pre-Focal guests by allowing kvm-spice
++    - virt-ssh-helper: fix slow migrations and volume transfers (LP 1904584)
++      - d/p/ubuntu/lp-1904584-remote-make-ssh-helper-massively-faster.patch
++      - d/p/ubuntu/lp-1904584-util-avoid-glib-event-loop-workaround.patch
++  * Dropped Changes [ready for main]
++    - d/control: drop mdevctl to a suggest until (LP: #1889248) is ready
++  * Added Changes:
++    - Avoid various issues around service/socket status after install/reinstall
++      and on upgrades (LP: #1914054).
++      - d/rules: let sockets use --no-stop-on-upgrade to avoid false positives
++      - d/rules: --no-restart-after-upgrade does not prevent restarts
++      - d/rules: avoid --no-start which breaks .sockets on re-install
++      - d/rules: start, but do not restart libvirt-guests.service
++    - d/p/u/lp-1913266-*: add vsock options to be usable with s390x secure
++      execution (LP: #1913266)
++    - Dependency improvements yet unreleased from salsa/debian/master thanks
++      to Andrea Bolognani (Debian #981435).
++      - control: Always explicitly depend on libvirt0
++      - control: Always use versioned deps for libvirt components
++
++ -- Christian Ehrhardt <christian.ehrhardt@canonical.com>  Mon, 25 Jan 2021 14:32:05 +0100
++
  libvirt (7.0.0-1) unstable; urgency=medium
    * Team upload
@@ -193,6 +630,142 @@ libvirt (6.9.0-2) experimental; urgency=medium
   -- Andrea Bolognani <eof@kiyuko.org>  Thu, 14 Jan 2021 23:51:32 +0100
++libvirt (6.9.0-1ubuntu4) hirsute; urgency=medium
++
++  * Improve flaky smoke-lxc test (LP: #1899180)
++    - d/t/control, d/t/smoke-lxc: retry service restart and skip test if
++      failing; This was flaky on some release/architectures
++    - d/t/smoke-lxc: retry check_domain being flaky on arm64
++
++ -- Christian Ehrhardt <christian.ehrhardt@canonical.com>  Fri, 04 Dec 2020 08:12:02 +0100
++
++libvirt (6.9.0-1ubuntu3) hirsute; urgency=high
++
++  * No change rebuild against wireshark 3.4.0
++
++ -- Balint Reczey <rbalint@ubuntu.com>  Mon, 07 Dec 2020 08:06:59 +0100
++
++libvirt (6.9.0-1ubuntu2) hirsute; urgency=medium
++
++  * virt-ssh-helper: fix slow migrations and volume transfers (LP: #1904584)
++    - d/p/ubuntu/lp-1904584-remote-make-ssh-helper-massively-faster.patch
++    - d/p/ubuntu/lp-1904584-util-avoid-glib-event-loop-workaround.patch
++
++ -- Christian Ehrhardt <christian.ehrhardt@canonical.com>  Thu, 26 Nov 2020 16:52:23 +0100
++
++libvirt (6.9.0-1ubuntu1) hirsute; urgency=medium
++
++  * Merge with Debian 6.8.0-1 from unstable
++    Remaining changes:
++    - libvirt-uri.sh: Automatically switch default libvirt URI for users
++      via user profile (xen URI on dom0, qemu:///system otherwise)
++      [contains lintian fixups of 6.6.0-1ubuntu1]
++    - Disable libssh2 support (universe dependency)
++    - Disable firewalld support (universe dependency)
++    - d/control: add libzfslinux-dev to build-deps
++    - d/control: drop libvirt-lxc, vbox and xen drivers to suggest
++    - d/control: breaks replaces for augeas lenses move in 6.0.0-1
++      (follows Debian, droppable >22.04)
++    - d/control: drop mdevctl to a suggest until (LP 1889248) is ready
++    - debian/rules: disable the netcf backend. (LP: 1764314)
++    - debian/patches/ubuntu/ovmf_paths.patch: adjust paths to secboot.fd UEFI
++      Secure Boot enabled variants of the OVMF firmware and variable store for
++      the paths where we ship these files in Ubuntu.
++    - Set qemu-group to kvm (for compat with older ubuntu)
++    - Additional apport package-hook
++    - Autostart default bridged network (As upstream does, but not Debian).
++      In addition to just enabling it our solution provides:
++      + do not autostart if subnet is already taken (e.g. in guests).
++      + iterate some alternative subnets before giving up
++    - d/p/ubuntu/Allow-libvirt-group-to-access-the-socket.patch: This is
++      the group based access to libvirt functions as it was used in Ubuntu
++      for quite a long time.
++      + d/p/ubuntu/daemon-augeas-fix-expected.patch fix some related tests
++        due to the group access change.
++      + d/libvirt-daemon-system.postinst: add users in sudo to the libvirt
++        group.
++    - ubuntu/parallel-shutdown.patch: set parallel shutdown by default.
++    - Update README.Debian with Ubuntu changes
++    - d/p/ubuntu/ubuntu_machine_type.patch: accept ubuntu types as pci440fx
++    - fix autopkgtests
++      + d/t/control, d/t/smoke-qemu-session: fixup smoke-qemu-session by making
++        vmlinuz available and accessible (Debian bug 848314)
++      + d/t/control: fix smoke-qemu-session by ensuring the service will run
++        installing libvirt-daemon-system
++      + d/t/smoke-lxc: fix smoke-lxc by ignoring potential issues on destroy as
++        long as the following undefine succeeds
++      + d/t/smoke-lxc: use systemd instead of sysV to restart the service
++    - dnsmasq related enhancements
++      [now contains dnsmasq-as-priv-user of 6.6.0-1ubuntu1]
++      + run dnsmasq as libvirt-dnsmasq (LP: 1743718)
++      + d/libvirt-daemon-system.postinst: add libvirt-dnsmasq user and group
++      + d/libvirt-daemon-system.postrm: remove libvirt-dnsmasq user and group
++        on purge
++      + d/p/ubuntu/dnsmasq-as-priv-user: write dnsmasq config with user
++        libvirt-dnsmasq and adapt the self tests to expect that config
++      + d/libvirt-daemon-system.postinst: fix old libvirt-dnsmasq users group
++      + Add dnsmasq configuration to work with system wide dnsmasq-base
++    - d/p/ubuntu/set-default-machine-to-ubuntu.patch: to select default
++      machine type correctly with newer qemu/libvirt
++    - d/p/ubuntu/lp-1861125-ubuntu-models: recognize Ubuntu models for
++      (LP 1861125) fixups
++    - d/p/ubuntu/wait-for-qemu-kvm.patch - avoid hangs on startup (LP 1887592)
++    - Apparmor Delta that is Ubuntu specific or yet to be upstreamed
++      split into logical pieces. File names in debian/patches/ubuntu-aa/:
++      + 0020-virt-aa-helper-ubuntu-storage-paths.patch:
++        apparmor, virt-aa-helper: Allow various storage pools and image
++        locations
++      + 0029-appmor-libvirt-qemu-Add-9p-support.patch: appmor,
++        libvirt-qemu: Add 9p support
++      + 0031-virt-aa-helper-Ask-for-no-deny-rule-for-readonly-dis.patch:
++        virt-aa-helper: Ask for no deny rule for readonly disk (renamed and
++        reworded, was virt-aa-helper-no-explicity-deny-for-basefiles.patch)
++      + 0032-apparmor-libvirt-qemu-Allow-reading-charm-specific-c.patch:
++        apparmor, libvirt-qemu: Allow reading charm-specific ceph config
++      + 0033-UBUNTU-only-apparmor-for-kvm.powerpc-LP-1680384.patch: allow
++        commands executed by ubuntu only kvm wrapper on ppc64el
++        (LP 1686621 LP 1680384 LP 1784023)
++      + 0034-apparmor-virt-aa-helper-access-for-snapped-nova.patch:
++        apparmor, virt-aa-helper: access for snapped nova
++      + 0050-local-include-for-libvirt-qemu.patch,
++        d/libvirt-daemon-system.postinst: provide a local apparmor include
++        for abstraction/libvirt-qemu (LP: 1786019)
++      + lp-1815910-allow-vhost-net.patch: avoid apparmor issues
++        with vhost-net/vhost-vsock/vhost-scsi hotplug (LP: 1815910)
++  * Dropped Changes [in Debian now]
++    - d/p/u/lp-1892826-Revert-m4-virt-xdr-rewrite-XDR-check.patch: avoid clashes
++      between libtripc and glibc that break libvirt-lxc (LP 1892826)
++  * Dropped Changes [in upstream now]
++    - d/p/ubuntu/lp-1901242-util-Fix-logic-in-virFileSetCOW.patch: fix dir pool
++      handling on non BTRFS affecting virt-manager, api and commandline pool
++      handling (LP 1901242)
++    - d/p/ubuntu-aa/lp-1892736-apparmor-allow-libvirtd-to-call-virtiofsd.patch:
++      allow libvirt to control virtiofsd (LP 1892736)
++    - d/p/ubuntu-aa/apparmor-allow-unmounting-.dev-entries.patch: avoid
++      triggering denials in devmapper error path
++    - d/p/ubuntu-aa/apparmor-profiles-are-meant-to-allow-adding-permanen.patch:
++      (again) allow permanent per guest overrides (LP 1745114)
++    - d/p/ubuntu-aa/lp-1847361-load-versioned-module.patch: allow loading
++      versioned modules after qemu package upgrades (LP 1847361)
++    - d/p/ubuntu-aa/0003-apparmor-libvirt-qemu-Allow-read-access-to-overcommi.
++      patch: apparmor, libvirt-qemu: Allow read access to overcommit_memory
++    - d/p/ubuntu-aa/0007-apparmor-libvirt-qemu-Allow-owner-read-access-to-PRO.
++      patch: apparmor, libvirt-qemu: Allow owner read access to @{PROC}/*/auxv
++    - d/p/ubuntu/lp-1887490-*: add named types and definitions for EPYC-Rome
++      chips (LP 1887490)
++    - 0030-virt-aa-helper-Complete-9p-support.patch: virt-aa-helper:
++      add l to 9p file options.
++  * Added Changes
++    - d/p/ubuntu/daemon-augeas-fix-expected.patch: update for 6.9
++    - d/p/ubuntu/Allow-libvirt-group-to-access-the-socket.patch: update for 6.9
++    - remove Debian debian/Revert-m4-virt-xdr-rewrite-XDR-check.patch as with
++      recent ubuntu glibx 2.32 it is breaking the build
++    - d/control: add libtirpc for rpc.h with glibc >=2.32
++    - d/p/ubuntu-aa/apparmor-allow-kvm-spice-compat-wrapper.patch: fix migrating
++      pre-Focal guests by allowing kvm-spice
++
++ -- Christian Ehrhardt <christian.ehrhardt@canonical.com>  Mon, 02 Nov 2020 12:02:26 +0100
++
  libvirt (6.9.0-1) unstable; urgency=medium
    * Team upload
@@ -270,6 +843,208 @@ libvirt (6.6.0-2) unstable; urgency=medium
   -- Andrea Bolognani <eof@kiyuko.org>  Fri, 28 Aug 2020 17:18:51 +0200
++libvirt (6.6.0-1ubuntu4) hirsute; urgency=medium
++
++  * d/p/ubuntu/lp-1901242-util-Fix-logic-in-virFileSetCOW.patch: fix dir pool
++    handling on non BTRFS affecting virt-manager, api and commandline pool
++    handling (LP: #1901242)
++
++ -- Christian Ehrhardt <christian.ehrhardt@canonical.com>  Wed, 28 Oct 2020 07:47:53 +0100
++
++libvirt (6.6.0-1ubuntu3) groovy; urgency=medium
++
++  * d/p/ubuntu/lp-1887490-*: add named types and definitions for EPYC-Rome
++    chips (LP: #1887490)
++
++ -- Christian Ehrhardt <christian.ehrhardt@canonical.com>  Thu, 08 Oct 2020 07:36:06 +0200
++
++libvirt (6.6.0-1ubuntu2) groovy; urgency=medium
++
++  * d/p/u/lp-1892826-Revert-m4-virt-xdr-rewrite-XDR-check.patch: avoid clashes
++    between libtripc and glibc that break libvirt-lxc (LP: #1892826)
++  * d/p/ubuntu-aa/lp-1892736-apparmor-allow-libvirtd-to-call-virtiofsd.patch:
++    allow libvirt to control virtiofsd (LP: #1892736)
++
++ -- Christian Ehrhardt <christian.ehrhardt@canonical.com>  Tue, 25 Aug 2020 14:53:26 +0200
++
++libvirt (6.6.0-1ubuntu1) groovy; urgency=medium
++
++  * Merge with Debian 6.6.0-1 from experimental
++    Among many other new features and fixes this includes fixes for:
++    (LP: #1874647) - Stale libvirt cache leads to VM startup failures
++    (LP: #1869796) - bad ordering and dependent restarts of services/sockets
++    Remaining changes:
++    - d/p/ubuntu-aa/lp-1847361-load-versioned-module.patch: allow loading
++      versioned modules after qemu package upgrades (LP 1847361)
++    - libvirt-uri.sh: Automatically switch default libvirt URI for users
++      via user profile (xen URI on dom0, qemu:///system otherwise)
++    - Disable libssh2 support (universe dependency)
++    - Disable firewalld support (universe dependency)
++    - Set qemu-group to kvm (for compat with older ubuntu)
++    - Additional apport package-hook
++    - Autostart default bridged network (As upstream does, but not Debian).
++      In addition to just enabling it our solution provides:
++      + do not autostart if subnet is already taken (e.g. in guests).
++      + iterate some alternative subnets before giving up
++    - d/p/ubuntu/Allow-libvirt-group-to-access-the-socket.patch: This is
++      the group based access to libvirt functions as it was used in Ubuntu
++      for quite long.
++      + d/p/ubuntu/daemon-augeas-fix-expected.patch fix some related tests
++        due to the group access change.
++      + d/libvirt-daemon-system.postinst: add users in sudo to the libvirt
++        group.
++    - ubuntu/parallel-shutdown.patch: set parallel shutdown by default.
++    - Update README.Debian with Ubuntu changes
++    - d/p/ubuntu/ubuntu_machine_type.patch: accept ubuntu types as pci440fx
++    - fix autopkgtests
++      + d/t/control, d/t/smoke-qemu-session: fixup smoke-qemu-session by making
++        vmlinuz available and accessible (Debian bug 848314)
++      + d/t/control: fix smoke-qemu-session by ensuring the service will run
++        installing libvirt-daemon-system
++      + d/t/smoke-lxc: fix smoke-lxc by ignoring potential issues on destroy as
++        long as the following undefine succeeds
++      + d/t/smoke-lxc: use systemd instead of sysV to restart the service
++    - dnsmasq related enhancements
++      + run dnsmasq as libvirt-dnsmasq (LP: 1743718)
++      + d/libvirt-daemon-system.postinst: add libvirt-dnsmasq user and group
++      + d/libvirt-daemon-system.postrm: remove libvirt-dnsmasq user and group
++        on purge
++      + d/p/ubuntu/dnsmasq-as-priv-user: write dnsmasq config with user
++        libvirt-dnsmasq and adapt the self tests to expect that config
++      + d/libvirt-daemon-system.postinst: fix old libvirt-dnsmasq users group
++      + Add dnsmasq configuration to work with system wide dnsmasq-base
++    - debian/rules: disable the netcf backend. (LP: 1764314)
++    - debian/patches/ubuntu/ovmf_paths.patch: adjust paths to secboot.fd UEFI
++      Secure Boot enabled variants of the OVMF firmware and variable store for
++      the paths where we ship these files in Ubuntu.
++    - d/p/ubuntu/set-default-machine-to-ubuntu.patch: to select default
++      machine type correctly with newer qemu/libvirt
++    - d/control: add libzfslinux-dev to build-deps
++    - d/control: drop libvirt-lxc, vbox and xen drivers to suggest
++    - d/p/ubuntu/lp-1861125-ubuntu-models: recognize Ubuntu models for
++      (LP 1861125) fixups
++    - Apparmor Delta that is Ubuntu specific or yet to be upstreamed
++      split into logical pieces. File names in debian/patches/ubuntu-aa/:
++      + 0003-apparmor-libvirt-qemu-Allow-read-access-to-overcommi.patch:
++        apparmor, libvirt-qemu: Allow read access to overcommit_memory
++      + 0007-apparmor-libvirt-qemu-Allow-owner-read-access-to-PRO.patch:
++        apparmor, libvirt-qemu: Allow owner read access to @{PROC}/*/auxv
++      + 0020-virt-aa-helper-ubuntu-storage-paths.patch:
++        apparmor, virt-aa-helper: Allow various storage pools and image
++        locations
++      + 0029-appmor-libvirt-qemu-Add-9p-support.patch: appmor,
++        libvirt-qemu: Add 9p support
++      + 0030-virt-aa-helper-Complete-9p-support.patch: virt-aa-helper:
++        add l to 9p file options.
++      + 0031-virt-aa-helper-Ask-for-no-deny-rule-for-readonly-dis.patch:
++        virt-aa-helper: Ask for no deny rule for readonly disk (renamed and
++        reworded, was virt-aa-helper-no-explicity-deny-for-basefiles.patch)
++      + 0032-apparmor-libvirt-qemu-Allow-reading-charm-specific-c.patch:
++        apparmor, libvirt-qemu: Allow reading charm-specific ceph config
++      + 0033-UBUNTU-only-apparmor-for-kvm.powerpc-LP-1680384.patch: allow
++        commands executed by ubuntu only kvm wrapper on ppc64el
++        (LP 1686621 LP 1680384 LP 1784023)
++      + 0034-apparmor-virt-aa-helper-access-for-snapped-nova.patch:
++        apparmor, virt-aa-helper: access for snapped nova
++      + 0050-local-include-for-libvirt-qemu.patch,
++        d/libvirt-daemon-system.postinst: provide a local apparmor include
++        for abstraction/libvirt-qemu (LP: 1786019)
++      + lp-1815910-allow-vhost-net.patch: avoid apparmor issues
++        with vhost-net/vhost-vsock/vhost-scsi hotplug (LP: 1815910)
++  * Dropped changes (in Debian now):
++    - Enable some additional features on ppc64el and s390x (for arch parity)
++      + systemtap, zfs, numa and numad on s390x.
++      + systemtap on ppc64el.
++    - enable attr support to store XATTR labels. Among other things
++      this allows to properly restore file ownership (LP 691590)
++        - d/control: build depend to libattr1-dev
++        - d/rules: configure --with-attr
++    - Install virt-login-shell-helper
++    - Install augeas lenses for all drivers
++    - Remove all mentions of Devhelp
++    - not-installed: Remove obsolete entries
++    - not-installed: List all split daemons files
++    - d/control: bump build dep to python3
++    - d/control: add python3-docutils as build dependency
++    - d/rules: set enable-dependency-tracking to avoid FTBFS
++    - d/rules: drop the no more existing phyp option
++    - d/rules: drop the no more existing xen configure option
++    - minimize patches generated by autoreconf
++    - fix build on Debian/Ubuntu in qemuhotplugtest
++    - d/libvirt-doc.doc: install rendered docs
++    - d/libvirt-daemon-system.examples: drop old examples that are now active
++    - d/libvirt-doc.doc-base.libvirt-doc: adapt doc base to new file placement
++    - d/libvirt-daemon-system-sysv.lintian-overrides: not shipiing systemd files
++    - d/libnss-libvirt.lintian-overrides: accept having two nss so files
++    - d/rules: don't ship split daemons just yet
++    - d/rules: install /etc/default/* files that are shared between sysv and
++      systemd packages
++    - d/rules: add libvirt-guests.default to libvirt-daemon-system instead of
++      libvirt-daemon-system-sysv
++    - d/rules: install virtlockd correctly with defaults file (LP: 1729516)
++    - d/rules: also check build time self test results on all architectures
++    - d/rules: add --no-restart-after-upgrade to services that are supposed to
++      stay up through upgrades - this also applies to related sockets.
++  * Dropped changes (part of upstream now):
++    - d/p/ubuntu/lp-1879325-*: avoid issues with apparmor metadata labeling
++      (LP 1879325)
++    - d/p/ubuntu-aa/lp-1871354*: fix apparmor denials on libpmem init
++      (LP 1871354)
++    - d/p/ubuntu/CVE-CVE-2020-10701-api-disallow-virDomainAgentSetResponseTimeout
++      -on-rea.patch: avoid DOS through read only connections
++      CVE-2020-10701
++    - d/p/ubuntu/lp-1867460-*: fix domcapabilities before capabilities
++      and binary autodetection in general (LP 1867460)
++    - d/p/stable/lp-1868539-*: stabilize libvirt by backporting upstream
++      fixes (LP 1868539)
++    - d/p/ubuntu/lp-1853200*: add cpu models without hle/rtm features to have
++      modern types on kernels with recent security fixes (LP 1853200)
++    - d/p/ubuntu/lp-1868528-*: Fail when fetching CPU Status for invalid CPU
++      (LP 1868528)
++    - d/p/ubuntu/lp-1865425-*: avoid killing the monitor job in
++      qemuDomainSetTimeAgent (LP 1865425)
++    - d/p/ubuntu-aa/virt-aa-helper-Add-support-for-smartcard-host-certif.patch:
++      allow emulation of smartcard via host certificates
++    - d/p/ubuntu/lp-1861125-*: fix non host-model migrations from old machine
++      types (LP 1861125)
++    - d/p/ubuntu-aa/apparmor-allow-to-call-vhost-user-gpu.patch: do not apparmor
++      block vhost-user-gpu usage
++    - d/p/ubuntu/lp-1655111*: fix qemu_bridge_helper to work with named
++      profiles (LP 1655111)
++  * Dropped changes (no more needed):
++    - d/control: make libvirt-daemon-driver-storage-rbd a recommend instead of
++      just a suggest. This was deprecated since bionic and now will be dropped.
++    - Update Vcs-Git and Vcs-Browser fields to point to launchpad
++    - d/control: VCS links to use generic Ubuntu launchpad git URLs
++    - refreshed patches for libvirt v6.0.0
++    - d/libvirt-daemon-system.postrm: change order of libvirt-qemu removal to
++      avoid error messages on purge [deluser/delgroup no more report warnings]
++    - "Additional apport package-hook": due to context auto updates
++      d/libvirt-daemon.install had bad entries which are no more required.
++    - d/control, d/rules: Disable rbd and zfs on riscv64 where they are
++      unavailable (LP 1872952)
++  * Added Changes:
++    - d/control: breaks replaces for augeas lenses move in 6.0.0-1
++      (follows Debian, droppable >22.04)
++    - refresh ubuntu patches for 6.6
++      - d/p/ubuntu-aa/0050-local-include-for-libvirt-qemu.patch
++      - d/p/ubuntu-aa/0034-apparmor-virt-aa-helper-access-for-snapped-nova.patch
++      - d/p/ubuntu-aa/0020-virt-aa-helper-ubuntu-storage-paths.patch
++      - d/p/ubuntu/dnsmasq-as-priv-user
++      - d/p/ubuntu/Allow-libvirt-group-to-access-the-socket.patch
++      - d/p/ubuntu/daemon-augeas-fix-expected.patch
++    - d/libvirt-daemon-system.postinst: fix bashism in dnsmasq related
++      enhancements
++    - d/p/ubuntu/wait-for-qemu-kvm.patch - avoid hangs on startup (LP: #1887592)
++    - d/libvirt-clients.lintian-overrides: profile scripts are non executable
++    - d/p/ubuntu-aa/apparmor-allow-unmounting-.dev-entries.patch: avoid
++      triggering denials in devmapper error path
++    - d/p/ubuntu-aa/pparmor-profiles-are-meant-to-allow-adding-permanen.patch:
++      (again) allow permanent per guest overrides (LP: #1745114)
++    - d/control: drop mdevctl to a suggest until (LP 1889248) is ready
++
++ -- Christian Ehrhardt <christian.ehrhardt@canonical.com>  Thu, 06 Aug 2020 08:04:09 +0200
++
  libvirt (6.6.0-1) unstable; urgency=medium
    * Team upload
@@ -508,6 +1283,287 @@ libvirt (6.0.0~rc1-1) experimental; urgency=medium
   -- Guido Günther <agx@sigxcpu.org>  Sat, 18 Jan 2020 18:16:20 +0100
++libvirt (6.0.0-0ubuntu11) groovy; urgency=medium
++
++  * SECURITY UPDATE: privilege escalation via incorrect socket permissions
++    - debian/patches/ubuntu/Allow-libvirt-group-to-access-the-socket.patch:
++      updated patch to also set appropriate permissions on socket created
++      by systemd.
++    - CVE-2020-15708
++
++ -- Marc Deslauriers <marc.deslauriers@ubuntu.com>  Wed, 05 Aug 2020 09:08:34 -0400
++
++libvirt (6.0.0-0ubuntu10) groovy; urgency=medium
++
++  * enable attr support to store XATTR labels. Among other things
++    this allows to properly restore file ownership (LP: #691590)
++      - d/control: build depend to libattr1-dev
++      - d/rules: configure --with-attr
++
++ -- Christian Ehrhardt <christian.ehrhardt@canonical.com>  Mon, 22 Jun 2020 21:30:50 +0200
++
++libvirt (6.0.0-0ubuntu9) groovy; urgency=medium
++
++  * d/p/ubuntu/lp-1879325-*: avoid issues with apparmor metadata labeling
++    (LP: #1879325)
++
++ -- Christian Ehrhardt <christian.ehrhardt@canonical.com>  Wed, 20 May 2020 06:59:57 +0200
++
++libvirt (6.0.0-0ubuntu8) focal; urgency=medium
++
++  * d/control, d/rules: Disable rbd and zfs on riscv64 where they are
++    unavailable (LP: #1872952)
++
++ -- William Grant <wgrant@ubuntu.com>  Sat, 18 Apr 2020 13:59:21 +1000
++
++libvirt (6.0.0-0ubuntu7) focal; urgency=medium
++
++  * d/p/ubuntu-aa/lp-1871354*: fix apparmor denials on libpmem init
++    (LP: #1871354)
++  * d/p/ubuntu/CVE-CVE-2020-10701-api-disallow-virDomainAgentSetResponseTimeout
++    -on-rea.patch: avoid DOS through read only connections
++    CVE-2020-10701
++
++ -- Christian Ehrhardt <christian.ehrhardt@canonical.com>  Wed, 15 Apr 2020 12:29:12 +0200
++
++libvirt (6.0.0-0ubuntu6) focal; urgency=medium
++
++  * d/p/ubuntu/lp-1867460-*: fix domcapabilities before capabilities
++    and binary autodetection in general (LP: #1867460)
++  * d/p/stable/lp-1868539-*: stabilize libvirt by backporting upstream
++    fixes (LP: #1868539)
++  * d/p/ubuntu/lp-1853200*: add cpu models without hle/rtm features to have
++    modern types on kernels with recent security fixes (LP: #1853200)
++  * d/p/ubuntu/lp-1868528-*: Fail when fetching CPU Status for invalid CPU
++    (LP: #1868528)
++
++ -- Christian Ehrhardt <christian.ehrhardt@canonical.com>  Fri, 20 Mar 2020 10:34:19 +0100
++
++libvirt (6.0.0-0ubuntu5) focal; urgency=medium
++
++  * d/p/ubuntu-aa/lp-1847361-load-versioned-module.patch: allow loading
++    versioned modules after qemu package upgrades (LP: #1847361)
++
++ -- Christian Ehrhardt <christian.ehrhardt@canonical.com>  Tue, 10 Mar 2020 08:58:04 +0100
++
++libvirt (6.0.0-0ubuntu4) focal; urgency=medium
++
++  * d/p/ubuntu/lp-1865425-*: avoid killing the monitor job in
++    qemuDomainSetTimeAgent (LP: #1865425)
++
++ -- Christian Ehrhardt <christian.ehrhardt@canonical.com>  Mon, 02 Mar 2020 10:44:22 +0100
++
++libvirt (6.0.0-0ubuntu3) focal; urgency=medium
++
++  * rebuild against libxen-dev 4.11.3 (no change needed)
++  * d/p/ubuntu-aa/virt-aa-helper-Add-support-for-smartcard-host-certif.patch:
++    allow emulation of smartcard via host certificates
++  * d/p/ubuntu/lp-1861125-*: fix non host-model migrations from old machine
++    types (LP: #1861125)
++  * d/p/ubuntu-aa/apparmor-allow-to-call-vhost-user-gpu.patch: do not apparmor
++    block vhost-user-gpu usage
++
++ -- Christian Ehrhardt <christian.ehrhardt@canonical.com>  Wed, 12 Feb 2020 14:20:08 +0100
++
++libvirt (6.0.0-0ubuntu2) focal; urgency=medium
++
++  [ Christian Ehrhardt ]
++  * Bring back the ubuntu default URI handling. While no more needed for xen
++    its removal made libvirt fallback further to the upstream default
++    qemu:///session while Ubuntu forever had and for now wants to keep
++    qemu:///system (LP: #1861693)
++    - revert 'd/libvirt-clients.maintscript: rm_conffile libvirt-uri.sh that
++      was optional for use on xen hosts'
++    - libvirt-uri.sh: Automatically switch default libvirt URI for users on
++      Xen dom0 via user profile
++      [added back former delta]
++
++  [ Andrea Bolognani ]
++  * Merge further fixes from debian/experimental
++    - Install virt-login-shell-helper
++    - Install augeas lenses for all drivers
++    - Remove all mentions of Devhelp
++    - not-installed: Remove obsolete entries
++    - not-installed: List all split daemons files
++
++ -- Christian Ehrhardt <christian.ehrhardt@canonical.com>  Tue, 04 Feb 2020 13:08:49 +0100
++
++libvirt (6.0.0-0ubuntu1) focal; urgency=medium
++
++  * Merged with Debian 5.6.0-4 from experimental and v6.0.0 from upstream
++    Among many other new features and fixes this includes fixes for:
++    - LP: #1859253 - rbd driver fails to create a new volume
++    - LP: #1858341 - rbd driver does not list all volumes in pool
++    - LP: #1845506 - Libvirt snapshot doesn't update apparmor profile
++    - LP: #1854653 - slow libvirt-guests.sh during shutdown if service is off
++    - LP: #1848229 - enable ppc64el to use ccf-assist feature
++    - LP: #1853315 - Enable CPU Model Comparison and Baselining on s390x
++    - LP: #1853317 - CCW IPL support to boot from ECKD DASDs
++    - LP: #1859506 - security: AppArmor profile fixes for swtpm
++    Remaining changes:
++    - Disable libssh2 support (universe dependency)
++    - Disable firewalld support (universe dependency)
++    - Set qemu-group to kvm (for compat with older ubuntu)
++    - Additional apport package-hook
++    - Autostart default bridged network (As upstream does, but not Debian).
++      In addition to just enabling it our solution provides:
++      + do not autostart if subnet is already taken (e.g. in guests).
++      + iterate some alternative subnets before giving up
++    - d/p/ubuntu/Allow-libvirt-group-to-access-the-socket.patch: This is
++      the group based access to libvirt functions as it was used in Ubuntu
++      for quite long.
++      + d/p/ubuntu/daemon-augeas-fix-expected.patch fix some related tests
++        due to the group access change.
++      + d/libvirt-daemon-system.postinst: add users in sudo to the libvirt
++        group.
++    - ubuntu/parallel-shutdown.patch: set parallel shutdown by default.
++    - Update Vcs-Git and Vcs-Browser fields to point to launchpad
++    - Update README.Debian with Ubuntu changes
++    - Enable some additional features on ppc64el and s390x (for arch parity)
++      + systemtap, zfs, numa and numad on s390x.
++      + systemtap on ppc64el.
++    - d/p/ubuntu/ubuntu_machine_type.patch: accept ubuntu types as pci440fx
++    - Further upstreamed apparmor Delta, especially any new one
++      Our former delta is split into logical pieces and is either Ubuntu only
++      or is part of a continuous upstreaming effort.
++      Listing related remaining changes in debian/patches/ubuntu-aa/:
++    - fix autopkgtests
++      + d/t/control, d/t/smoke-qemu-session: fixup smoke-qemu-session by making
++        vmlinuz available and accessible (Debian bug 848314)
++      + d/t/control: fix smoke-qemu-session by ensuring the service will run
++        installing libvirt-daemon-system
++      + d/t/smoke-lxc: fix smoke-lxc by ignoring potential issues on destroy as
++        long as the following undefine succeeds
++      + d/t/smoke-lxc: use systemd instead of sysV to restart the service
++    - dnsmasq related enhancements
++      + run dnsmasq as libvirt-dnsmasq (LP: 1743718)
++      + d/libvirt-daemon-system.postinst: add libvirt-dnsmasq user and group
++      + d/libvirt-daemon-system.postrm: remove libvirt-dnsmasq user and group
++        on purge
++      + d/p/ubuntu/dnsmasq-as-priv-user: write dnsmasq config with user
++        libvirt-dnsmasq and adapt the self tests to expect that config
++      + d/libvirt-daemon-system.postinst: fix old libvirt-dnsmasq users group
++      + Add dnsmasq configuration to work with system wide dnsmasq-base
++    - debian/rules: disable the netcf backend. (LP: 1764314)
++    - debian/patches/ubuntu/ovmf_paths.patch: adjust paths to secboot.fd UEFI
++      Secure Boot enabled variants of the OVMF firmware and variable store for
++      the paths where we ship these files in Ubuntu.
++    - d/rules: install virtlockd correctly with defaults file (LP: 1729516)
++    - d/rules: also check build time self test results on all architectures
++    - d/p/ubuntu/set-default-machine-to-ubuntu.patch: to select default
++      machine type correctly with newer qemu/libvirt
++    - d/rules: add --no-restart-after-upgrade to services that are supposed to
++      stay up through upgrades - this also applies to related sockets.
++    - Apparmor Delta that is Ubuntu specific or yet to be upstreamed
++      split into logical pieces. File names in debian/patches/ubuntu-aa/:
++      + 0003-apparmor-libvirt-qemu-Allow-read-access-to-overcommi.patch:
++        apparmor, libvirt-qemu: Allow read access to overcommit_memory
++      + 0007-apparmor-libvirt-qemu-Allow-owner-read-access-to-PRO.patch:
++        apparmor, libvirt-qemu: Allow owner read access to @{PROC}/*/auxv
++      + 0017-apparmor-virt-aa-helper-Allow-access-to-tmp-director.patch:
++        apparmor, virt-aa-helper: Allow access to tmp directories
++      + 0020-virt-aa-helper-ubuntu-storage-paths.patch:
++        apparmor, virt-aa-helper: Allow various storage pools and image
++        locations
++      + 0021-apparmor-virt-aa-helper-Add-openvswitch-support.patch:
++        apparmor, virt-aa-helper: Add openvswitch support
++      + 0029-appmor-libvirt-qemu-Add-9p-support.patch: appmor,
++        libvirt-qemu: Add 9p support
++      + 0030-virt-aa-helper-Complete-9p-support.patch: virt-aa-helper:
++        add l to 9p file options.
++      + 0031-virt-aa-helper-Ask-for-no-deny-rule-for-readonly-dis.patch:
++        virt-aa-helper: Ask for no deny rule for readonly disk (renamed and
++        reworded, was virt-aa-helper-no-explicity-deny-for-basefiles.patch)
++      + 0032-apparmor-libvirt-qemu-Allow-reading-charm-specific-c.patch:
++        apparmor, libvirt-qemu: Allow reading charm-specific ceph config
++      + 0033-UBUNTU-only-apparmor-for-kvm.powerpc-LP-1680384.patch: allow
++        commands executed by ubuntu only kvm wrapper on ppc64el
++        (LP 1686621 LP 1680384 LP 1784023)
++      + 0034-apparmor-virt-aa-helper-access-for-snapped-nova.patch:
++        apparmor, virt-aa-helper: access for snapped nova
++      + 0050-local-include-for-libvirt-qemu.patch,
++        d/libvirt-daemon-system.postinst: provide a local apparmor include
++        for abstraction/libvirt-qemu (LP: 1786019)
++      + lp-1815910-allow-vhost-net.patch: avoid apparmor issues
++        with vhost-net/vhost-vsock/vhost-scsi hotplug (LP: 1815910)
++  * Dropped changes (in Debian)
++    - d/libvirt0.symbols: bump symbol versions for 5.4.0
++    - avoid service dependency issues on upgrade (LP: 1786179)
++      This will in the long term be resolved in dh_* tools, but to let an
++      upgrade work for now we need to drop the sysV scripts (which we don't
++      use anyway) and slightly modify the systemd service to work with todays
++      dh_systemd_start properly. Can be dropped once Debian bug 905772 is
++      resolved in dh_* tools and libvirt uses those new code.
++      + d/libvirt-daemon-system.virtlogd.init: removed sysV init file
++      + d/libvirt-daemon-system.libvirtd.init: removed sysV init file
++      + debian/libvirt-daemon-system.maintscript: rm_conffile for virtlogd
++        and lbivirtd sysV init file
++      + d/p/ubuntu/avoid-restarting-virtlog-socket.patch: drop Also references
++        to virtlogd/virtlockd sockets as they would imply a restart of
++        virtlogd breaking it.
++      [ we now have split packages for sysv and systemd support ]
++    - d/t/control, d/t/smoke-lxc: fix up lxc smoke test isolation
++    - Refreshed to match new upstream
++      + d/p/Reduce-udevadm-settle-timeout-to-10-seconds.patch
++  * Dropped changes (now upstream)
++    - d/p/ubuntu/lp-1828495-*: make libvirt able to handle arch_capabilities
++      cpu features for the Host. (LP: 1828495 - not closing yet as guest caps
++      are still need fixups to work well LP: 1841066)
++    - SECURITY UPDATEs: CVE-2019-10161, CVE-2019-10166,
++      CVE-2019-10167 and CVE-2019-10168
++    - d/p/ubuntu-aa/lp-1833040-Add-openGraphicsFD-rule-for-named-profile.patch:
++      avoid issues with remote screen connections like virt-manager due to
++      apparmor changes in libvirt 5.1 (LP 1833040)
++    - 0001-apparmor-Allow-pygrub-to-run-on-Debian-Ubuntu.patch: apparmor:
++      Allow pygrub to run on Debian/Ubuntu
++    - update to v5.4.0
++  * Dropped changes (Xen demoted to universe)
++    - d/p/ubuntu/ubuntu-libxl-qemu-path.patch: this change was split. The
++      section that adapts the path of the emulator to the Debian/Ubuntu
++      packaging is kept.
++    - d/p/ubuntu/ubuntu-libxl-Fix-up-VRAM-to-minimum-requirements.patch: auto
++      set VRAM to minimum requirements
++    - d/p/ubuntu/xen-default-uri.patch: set default URI on xen hosts
++    - Add libxl log directory
++    - libvirt-uri.sh: Automatically switch default libvirt URI for users on
++      Xen dom0 via user profile (was missing on changelogs before)
++  * Dropped changes (no more needed)
++    - d/p/ubuntu/apibuild-skip-libvirt-common.h: drop libvirt-common.h from
++      included_files to avoid build failures due to duplicate definitions.
++      [ finally works in v6.0.0 ]
++    - d/control: Revert iptables/ebtables dependency as Eoan still is on 1.6.x
++      [ focal has iptables 1.8.3 ]
++    - d/rules: adapt iptables binary paths present in Eoan (LP 1832297)
++      [ focal has iptables 1.8.3 ]
++  * Added Changes:
++    - refreshed patches for libvirt v6.0.0
++    - d/control: bump build dep to python3
++    - d/control: VCS links to use generic Ubuntu launchpad git URLs
++    - d/control: add python3-docutils as build dependency
++    - d/control: add libzfslinux-dev to build-deps
++    - d/rules: set enable-dependency-tracking to avoid FTBFS
++    - d/rules: drop the no more existing phyp option
++    - d/rules: drop the no more existing xen configure option
++    - d/libvirt-clients.maintscript: rm_conffile libvirt-uri.sh that was
++      optional for use on xen hosts
++    - d/control: drop libvirt-lxc, vbox and xen drivers to suggest
++    - minimize patches generated by autoreconf
++    - fix build on Debian/Ubuntu in qemuhotplugtest
++    - d/libvirt-doc.doc: install rendered docs
++    - d/libvirt-daemon-system.examples: drop old examples that are now active
++    - d/libvirt-doc.doc-base.libvirt-doc: adapt doc base to new file placement
++    - d/libvirt-daemon-system-sysv.lintian-overrides: not shipiing systemd files
++    - d/libnss-libvirt.lintian-overrides: accept having two nss so files
++    - d/rules: don't ship split daemons just yet
++    - d/rules: install /etc/default/* files that are shared between sysv and
++      systemd packages
++    - d/rules: add libvirt-guests.default to libvirt-daemon-system instead of
++      libvirt-daemon-system-sysv
++    - d/p/ubuntu/lp-1655111*: fix qemu_bridge_helper to work with  named
++      profiles (LP: #1655111)
++
++ -- Christian Ehrhardt <christian.ehrhardt@canonical.com>  Mon, 13 Jan 2020 13:14:14 +0100
++
  libvirt (5.6.0-4) experimental; urgency=medium
    * [d88536d] Introduce libvirt-daemon-system-{systemd,sysv} Move init scripts
@@ -593,6 +1649,237 @@ libvirt (5.6.0-1) unstable; urgency=medium
   -- Andrea Bolognani <eof@kiyuko.org>  Sun, 25 Aug 2019 16:32:31 +0200
++libvirt (5.4.0-0ubuntu5) eoan; urgency=medium
++
++  * No-change upload with strops.h and sys/strops.h removed in glibc.
++
++ -- Matthias Klose <doko@ubuntu.com>  Thu, 05 Sep 2019 11:00:53 +0000
++
++libvirt (5.4.0-0ubuntu4) eoan; urgency=medium
++
++  * d/p/ubuntu/lp-1828495-*: make libvirt able to handle arch_capabilities
++    cpu features for the Host. (LP: 1828495 - not closing yet as guest caps
++    are still need fixups to work well LP: 1841066)
++
++ -- Christian Ehrhardt <christian.ehrhardt@canonical.com>  Tue, 20 Aug 2019 10:50:08 +0200
++
++libvirt (5.4.0-0ubuntu3) eoan; urgency=medium
++
++  * SECURITY UPDATE: virDomainSaveImageGetXMLDesc does not check for
++    read-only connection
++    - debian/patches/CVE-2019-10161.patch: add check to
++      src/libvirt-domain.c, src/qemu/qemu_driver.c,
++      src/remote/remote_protocol.x.
++    - CVE-2019-10161
++  * SECURITY UPDATE: virDomainManagedSaveDefineXML does not check for
++    read-only connection
++    - debian/patches/CVE-2019-10166.patch: add check to
++      src/libvirt-domain.c.
++    - CVE-2019-10166
++  * SECURITY UPDATE: virConnectGetDomainCapabilities does not check for
++    read-only connection
++    - debian/patches/CVE-2019-10167.patch: add check to
++      src/libvirt-domain.c.
++    - CVE-2019-10167
++  * SECURITY UPDATE: virConnect*HypervisorCPU do not check for read-only
++    connection
++    - debian/patches/CVE-2019-10168.patch: add checks to
++      src/libvirt-host.c.
++    - CVE-2019-10168
++
++ -- Marc Deslauriers <marc.deslauriers@ubuntu.com>  Tue, 02 Jul 2019 08:08:33 -0400
++
++libvirt (5.4.0-0ubuntu2) eoan; urgency=medium
++
++  * d/p/ubuntu-aa/lp-1833040-Add-openGraphicsFD-rule-for-named-profile.patch:
++    avoid issues with remote screen connections like virt-manager due to
++    apparmor changes in libvirt 5.1 (LP: #1833040)
++
++ -- Christian Ehrhardt <christian.ehrhardt@canonical.com>  Wed, 19 Jun 2019 14:34:54 +0200
++
++libvirt (5.4.0-0ubuntu1) eoan; urgency=medium
++
++  * Merged with Debian git 5.3.0-1~1.gbp7b1637 and upstreams 5.4 release
++    Among many other new features and fixes this includes fixes for:
++    LP: #1759509 - virsh dompmwakeup fails to wake VM from dompmsuspend state
++    Remaining changes:
++    - Disable libssh2 support (universe dependency)
++    - Disable firewalld support (universe dependency)
++    - Set qemu-group to kvm (for compat with older ubuntu)
++    - Additional apport package-hook
++    - Autostart default bridged network (As upstream does, but not Debian).
++      In addition to just enabling it our solution provides:
++      + do not autostart if subnet is already taken (e.g. in guests).
++      + iterate some alternative subnets before giving up
++    - d/p/ubuntu/Allow-libvirt-group-to-access-the-socket.patch: This is
++      the group based access to libvirt functions as it was used in Ubuntu
++      for quite long.
++      + d/p/ubuntu/daemon-augeas-fix-expected.patch fix some related tests
++        due to the group access change.
++      + d/libvirt-daemon-system.postinst: add users in sudo to the libvirt
++        group.
++    - ubuntu/parallel-shutdown.patch: set parallel shutdown by default.
++    - Update Vcs-Git and Vcs-Browser fields to point to launchpad
++    - Xen related
++      - d/p/ubuntu/ubuntu-libxl-qemu-path.patch: this change was split. The
++        section that adapts the path of the emulator to the Debian/Ubuntu
++        packaging is kept.
++      - d/p/ubuntu/ubuntu-libxl-Fix-up-VRAM-to-minimum-requirements.patch: auto
++        set VRAM to minimum requirements
++      - d/p/ubuntu/xen-default-uri.patch: set default URI on xen hosts
++      - Add libxl log directory
++      - libvirt-uri.sh: Automatically switch default libvirt URI for users on
++        Xen dom0 via user profile (was missing on changelogs before)
++    - d/p/ubuntu/apibuild-skip-libvirt-common.h: drop libvirt-common.h from
++      included_files to avoid build failures due to duplicate definitions.
++    - Update README.Debian with Ubuntu changes
++    - Enable some additional features on ppc64el and s390x (for arch parity)
++      + systemtap, zfs, numa and numad on s390x.
++      + systemtap on ppc64el.
++    - d/t/control, d/t/smoke-qemu-session: fixup smoke-qemu-session by making
++      vmlinuz available and accessible (Debian bug 848314)
++    - d/t/control, d/t/smoke-lxc: fix up lxc smoke test isolation
++    - d/p/ubuntu/ubuntu_machine_type.patch: accept ubuntu types as pci440fx
++    - Further upstreamed apparmor Delta, especially any new one
++      Our former delta is split into logical pieces and is either Ubuntu only
++      or is part of a continuous upstreaming effort.
++      Listing related remaining changes in debian/patches/ubuntu-aa/:
++      + 0001-apparmor-Allow-pygrub-to-run-on-Debian-Ubuntu.patch: apparmor:
++        Allow pygrub to run on Debian/Ubuntu
++      + 0003-apparmor-libvirt-qemu-Allow-read-access-to-overcommi.patch:
++        apparmor, libvirt-qemu: Allow read access to overcommit_memory
++      + 0007-apparmor-libvirt-qemu-Allow-owner-read-access-to-PRO.patch:
++        apparmor, libvirt-qemu: Allow owner read access to @{PROC}/*/auxv
++      + 0017-apparmor-virt-aa-helper-Allow-access-to-tmp-director.patch:
++        apparmor, virt-aa-helper: Allow access to tmp directories
++      + ubuntu-aa/0020-virt-aa-helper-ubuntu-storage-paths.patch:
++        apparmor, virt-aa-helper: Allow various storage pools and image
++        locations
++      + 0021-apparmor-virt-aa-helper-Add-openvswitch-support.patch:
++        apparmor, virt-aa-helper: Add openvswitch support
++      + 0029-appmor-libvirt-qemu-Add-9p-support.patch: appmor,
++        libvirt-qemu: Add 9p support
++      + 0030-virt-aa-helper-Complete-9p-support.patch: virt-aa-helper:
++        add l to 9p file options.
++      + 0031-virt-aa-helper-Ask-for-no-deny-rule-for-readonly-dis.patch:
++        virt-aa-helper: Ask for no deny rule for readonly disk (renamed and
++        reworded, was virt-aa-helper-no-explicity-deny-for-basefiles.patch)
++      + 0032-apparmor-libvirt-qemu-Allow-reading-charm-specific-c.patch:
++        apparmor, libvirt-qemu: Allow reading charm-specific ceph config
++      + 0033-UBUNTU-only-apparmor-for-kvm.powerpc-LP-1680384.patch: allow
++        commands executed by ubuntu only kvm wrapper on ppc64el
++        (LP 1686621 LP 1680384 LP 1784023)
++      + 0034-apparmor-virt-aa-helper-access-for-snapped-nova.patch:
++        apparmor, virt-aa-helper: access for snapped nova
++      + d/p/ubuntu-aa/0050-local-include-for-libvirt-qemu.patch,
++        d/libvirt-daemon-system.postinst: provide a local apparmor include
++        for abstraction/libvirt-qemu (LP: 1786019)
++      + d/p/ubuntu-aa/lp-1815910-allow-vhost-net.patch: avoid apparmor issues
++        with vhost-net/vhost-vsock/vhost-scsi hotplug (LP: 1815910)
++    - d/rules: enable build time self tests on all architectures
++    - dnsmasq related enhancements
++      + run dnsmasq as libvirt-dnsmasq (LP: 1743718)
++      + d/libvirt-daemon-system.postinst: add libvirt-dnsmasq user and group
++      + d/libvirt-daemon-system.postrm: remove libvirt-dnsmasq user and group
++        on purge
++      + d/p/ubuntu/dnsmasq-as-priv-user: write dnsmasq config with user
++        libvirt-dnsmasq and adapt the self tests to expect that config
++      + d/libvirt-daemon-system.postinst: fix old libvirt-dnsmasq users group
++      + Add dnsmasq configuration to work with system wide dnsmasq-base
++    - debian/rules: disable the netcf backend. (LP: 1764314)
++    - debian/control: drop libnetcf from Build-Depends.
++    - debian/patches/ubuntu/ovmf_paths.patch: adjust paths to secboot.fd UEFI
++      Secure Boot enabled variants of the OVMF firmware and variable store for
++      the paths where we ship these files in Ubuntu.
++    - d/rules: install virtlockd correctly with defaults file (LP: 1729516)
++    - d/rules: also check build time self test results on all architectures
++    - d/p/ubuntu/set-default-machine-to-ubuntu.patch: to select default
++      machine type correctly with newer qemu/libvirt
++    - d/t/control: fix smoke-qemu-session by ensuring the service will run
++      installing libvirt-daemon-system
++    - d/t/smoke-lxc: fix smoke-lxc by ignoring potential issues on destroy as
++      long as the following undefine succeeds
++    - avoid service dependency issues on upgrade (LP: 1786179)
++      This will in the long term be resolved in dh_* tools, but to let an
++      upgrade work for now we need to drop the sysV scripts (which we don't
++      use anyway) and slightly modify the systemd service to work with todays
++      dh_systemd_start properly. Can be dropped once Debian bug 905772 is
++      resolved in dh_* tools and libvirt uses those new code.
++      - d/libvirt-daemon-system.virtlogd.init: removed sysV init file
++      - d/libvirt-daemon-system.libvirtd.init: removed sysV init file
++      - debian/libvirt-daemon-system.maintscript: rm_conffile for virtlogd
++        and lbivirtd sysV init file
++      - d/p/ubuntu/avoid-restarting-virtlog-socket.patch: drop Also references
++        to virtlogd/virtlockd sockets as they would imply a restart of
++        virtlogd breaking it.
++      - d/t/smoke-lxc: use systemd instead of sysV to restart the service
++  * Added Changes:
++    - Refreshed patches to match new upstream
++      - d/p/Reduce-udevadm-settle-timeout-to-10-seconds.patch
++      - d/p/ubuntu/ubuntu_machine_type.patch
++    - d/control: Revert iptables/ebtables dependency as Eoan still is on 1.6.x
++      This can be dropped once >=1.8.1
++    - d/rules: adapt iptables binary paths present in Eoan (LP: #1832297)
++      This can be dropped once >=1.8.1
++    - d/p/ubuntu/dnsmasq-as-priv-user: update to include the new test
++      nat-network-mtu
++    - revert [c3c4cd4] drop in helper for firewalld as it is disabled on
++      Ubuntu [can be squashed with the disabling of firewalld on next merge]
++    - d/libvirt0.symbols: bump symbol versions for 5.4.0
++    - d/rules: add --no-restart-after-upgrade to services that are supposed to
++      stay up through upgrades - this also applies to related sockets.
++  * Dropped Changes (upstream)
++    - d/p/ubuntu-aa/lp-1804766-*: Allow rendering node access as needed
++      for the ease use of mdev and gl devices (LP: 1804766)
++    - d/p/ubuntu/lp-1771662-*: fix handling of VFs without associated PF
++      (LP: 1771662)
++    - d/p/ubuntu/lp-1825195-*.patch: fix issues with old guests that defined
++      the never functional osxsave and ospke features (LP: 1825195).
++    - d/p/ubuntu-aa/lp-1829223-virt-aa-helper-allow-vhost-scsi.patch fix
++      vhost-scsi hotplug in virt-aa-helper (LP: 1829223)
++    - SECURITY UPDATE: Add support for md-clear functionality
++      + debian/patches/ubuntu/md-clear.patch: Define md-clear CPUID bit in
++        src/cpu_map/x86_features.xml.
++      + CVE-2018-12126, CVE-2018-12127, CVE-2018-12130, CVE-2019-11091
++    - Implement further apparmor rules for usage of gl enabled
++      graphics (LP: 1815452)
++      + d/p/ubuntu-aa/lp-1815452-more-gl-rules.patch
++      + d/p/ubuntu-aa/lp-1815452-virt-aa-helper-rule.patch
++    - Implement further apparmor rules for usage of gl enabled
++      graphics with nvidia cards (LP: 1817943)
++      + d/p/ubuntu-aa/lp-1817943-nvidia-gl-rules.patch
++      + d/p/ubuntu-aa/lp-1817943-devices-in-sysfs.patch
++  * Dropped Changes (in Debian)
++    - d/rules: strip -Bsymbolic-functions from linker flags as it breaks
++      libvirt tests
++
++ -- Christian Ehrhardt <christian.ehrhardt@canonical.com>  Fri, 07 Jun 2019 11:55:52 +0200
++
++libvirt (5.3.0-1~1.gbp7b1637) UNRELEASED; urgency=medium
++
++  ** SNAPSHOT build @7b1637605da9224c46ebf3a243fa725d643e7556 **
++
++  [ Guido Günther ]
++  * [fb43676] d/control: Drop dh-autoreconf build-dep.
++    Not needed for dh compat > 10.
++  * [81d21d5] d/not-installed: Use multi-arch dirs.
++    Files moved during the dh12 switch.
++  * [428ad14] New upstream version 5.3.0~rc2
++  * [641e532] New upstream version 5.3.0
++
++  [ Christian Ehrhardt ]
++  * [c28c3b3] d/libvirt0.install: install translations
++  * [c3c4cd4] d/libvirt-daemon-system.install: drop in helper for firewalld
++  * [3e8b43c] d/not-installed: ignore default files /etc/sysconfig
++  * [c223d7f] d/libvirt-daemon-system.examples: ship sysctl config as example
++  * [f19acf6] d/libvirt-daemon-system.install: ship libxl-sanlock.conf
++    (Closes: #919484)
++
++  [ Andrea Bolognani ]
++  * [6a2eae3] Simplify and improve watch file.
++
++ -- Guido Günther <agx@sigxcpu.org>  Mon, 06 May 2019 13:06:27 +0200
++
  libvirt (5.2.0-2) experimental; urgency=medium
    [ Guido Günther ]
@@ -760,6 +2047,199 @@ libvirt (5.0.0-2) unstable; urgency=medium
   -- Guido Günther <agx@sigxcpu.org>  Sun, 07 Apr 2019 12:36:21 +0200
++libvirt (5.0.0-1ubuntu4) eoan; urgency=medium
++
++  * d/p/ubuntu/lp-1825195-*.patch: fix issues with old guests that defined
++    the never functional osxsave and ospke features (LP: #1825195).
++  * d/p/series: reorder ubuntu Delta
++  * d/p/ubuntu-aa/lp-1815910-allow-vhost-net.patch: avoid apparmor issues
++    with vhost-net/vhost-vsock/vhost-scsi hotplug (LP: #1815910)
++  * d/p/ubuntu-aa/lp-1829223-virt-aa-helper-allow-vhost-scsi.patch fix
++    vhost-scsi hotplug in virt-aa-helper (LP: #1829223)
++
++ -- Christian Ehrhardt <christian.ehrhardt@canonical.com>  Thu, 16 May 2019 10:42:09 +0200
++
++libvirt (5.0.0-1ubuntu3) eoan; urgency=medium
++
++  * SECURITY UPDATE: Add support for md-clear functionality
++    - debian/patches/ubuntu/md-clear.patch: Define md-clear CPUID bit in
++      src/cpu_map/x86_features.xml.
++    - CVE-2018-12126, CVE-2018-12127, CVE-2018-12130, CVE-2019-11091
++
++ -- Marc Deslauriers <marc.deslauriers@ubuntu.com>  Tue, 14 May 2019 14:48:05 -0400
++
++libvirt (5.0.0-1ubuntu2) disco; urgency=medium
++
++  * Implement further apparmor rules for usage of gl enabled
++    graphics (LP: #1815452)
++    - d/p/ubuntu-aa/lp-1815452-more-gl-rules.patch
++    - d/p/ubuntu-aa/lp-1815452-virt-aa-helper-rule.patch
++  * Implement further apparmor rules for usage of gl enabled
++    graphics with nvidia cards (LP: #1817943)
++    - d/p/ubuntu-aa/lp-1817943-nvidia-gl-rules.patch
++    - d/p/ubuntu-aa/lp-1817943-devices-in-sysfs.patch
++  * d/p/ubuntu-aa/lp-1804766-*: updated to the upstream accepted
++    version (no functional change, LP: 1804766)
++
++ -- Christian Ehrhardt <christian.ehrhardt@canonical.com>  Tue, 12 Feb 2019 11:27:14 +0100
++
++libvirt (5.0.0-1ubuntu1) disco; urgency=medium
++
++  * Merged with Debian unstable
++    Among many other new features and fixes this includes fixes for:
++    LP: #1754871 - 1799446 zPCI passthrough support for KVM
++    LP: #1811198 - remove arbitrary limit on socket_id/core_id
++    Remaining changes:
++    - Disable libssh2 support (universe dependency)
++    - Disable firewalld support (universe dependency)
++    - Set qemu-group to kvm (for compat with older ubuntu)
++    - Additional apport package-hook
++    - Autostart default bridged network (As upstream does, but not Debian).
++      In addition to just enabling it our solution provides:
++      + do not autostart if subnet is already taken (e.g. in guests).
++      + iterate some alternative subnets before giving up
++    - d/p/ubuntu/Allow-libvirt-group-to-access-the-socket.patch: This is
++      the group based access to libvirt functions as it was used in Ubuntu
++      for quite long.
++      + d/p/ubuntu/daemon-augeas-fix-expected.patch fix some related tests
++        due to the group access change.
++      + d/libvirt-daemon-system.postinst: add users in sudo to the libvirt
++        group.
++    - ubuntu/parallel-shutdown.patch: set parallel shutdown by default.
++    - Update Vcs-Git and Vcs-Browser fields to point to launchpad
++    - Xen related
++      - d/p/ubuntu/ubuntu-libxl-qemu-path.patch: this change was split. The
++        section that adapts the path of the emulator to the Debian/Ubuntu
++        packaging is kept.
++      - d/p/ubuntu/ubuntu-libxl-Fix-up-VRAM-to-minimum-requirements.patch: auto
++        set VRAM to minimum requirements
++      - d/p/ubuntu/xen-default-uri.patch: set default URI on xen hosts
++      - Add libxl log directory
++      - libvirt-uri.sh: Automatically switch default libvirt URI for users on
++        Xen dom0 via user profile (was missing on changelogs before)
++    - d/p/ubuntu/apibuild-skip-libvirt-common.h: drop libvirt-common.h from
++      included_files to avoid build failures due to duplicate definitions.
++    - Update README.Debian with Ubuntu changes
++    - Enable some additional features on ppc64el and s390x (for arch parity)
++      + systemtap, zfs, numa and numad on s390x.
++      + systemtap on ppc64el.
++    - d/t/control, d/t/smoke-qemu-session: fixup smoke-qemu-session by making
++      vmlinuz available and accessible (Debian bug 848314)
++    - d/t/control, d/t/smoke-lxc: fix up lxc smoke test isolation
++    - d/p/ubuntu/ubuntu_machine_type.patch: accept ubuntu types as pci440fx
++    - Further upstreamed apparmor Delta, especially any new one
++      Our former delta is split into logical pieces and is either Ubuntu only
++      or is part of a continuous upstreaming effort.
++      Listing related remaining changes in debian/patches/ubuntu-aa/:
++      + 0001-apparmor-Allow-pygrub-to-run-on-Debian-Ubuntu.patch: apparmor:
++        Allow pygrub to run on Debian/Ubuntu
++      + 0003-apparmor-libvirt-qemu-Allow-read-access-to-overcommi.patch:
++        apparmor, libvirt-qemu: Allow read access to overcommit_memory
++      + 0007-apparmor-libvirt-qemu-Allow-owner-read-access-to-PRO.patch:
++        apparmor, libvirt-qemu: Allow owner read access to @{PROC}/*/auxv
++      + 0017-apparmor-virt-aa-helper-Allow-access-to-tmp-director.patch:
++        apparmor, virt-aa-helper: Allow access to tmp directories
++      + ubuntu-aa/0020-virt-aa-helper-ubuntu-storage-paths.patch:
++        apparmor, virt-aa-helper: Allow various storage pools and image
++        locations
++      + 0021-apparmor-virt-aa-helper-Add-openvswitch-support.patch:
++        apparmor, virt-aa-helper: Add openvswitch support
++      + 0029-appmor-libvirt-qemu-Add-9p-support.patch: appmor,
++        libvirt-qemu: Add 9p support
++      + 0030-virt-aa-helper-Complete-9p-support.patch: virt-aa-helper:
++        add l to 9p file options.
++      + 0031-virt-aa-helper-Ask-for-no-deny-rule-for-readonly-dis.patch:
++        virt-aa-helper: Ask for no deny rule for readonly disk (renamed and
++        reworded, was virt-aa-helper-no-explicity-deny-for-basefiles.patch)
++      + 0032-apparmor-libvirt-qemu-Allow-reading-charm-specific-c.patch:
++        apparmor, libvirt-qemu: Allow reading charm-specific ceph config
++      + 0033-UBUNTU-only-apparmor-for-kvm.powerpc-LP-1680384.patch: allow
++        commands executed by ubuntu only kvm wrapper on ppc64el
++        (LP 1686621 LP 1680384 LP 1784023)
++      + 0034-apparmor-virt-aa-helper-access-for-snapped-nova.patch:
++        apparmor, virt-aa-helper: access for snapped nova
++      + d/p/ubuntu-aa/0050-local-include-for-libvirt-qemu.patch,
++        d/libvirt-daemon-system.postinst: provide a local apparmor include
++        for abstraction/libvirt-qemu (LP: 1786019)
++    - d/rules: enable build time self tests on all architectures
++    - dnsmasq related enhancements
++      + run dnsmasq as libvirt-dnsmasq (LP: 1743718)
++      + d/libvirt-daemon-system.postinst: add libvirt-dnsmasq user and group
++      + d/libvirt-daemon-system.postrm: remove libvirt-dnsmasq user and group on
++        purge
++      + d/p/ubuntu/dnsmasq-as-priv-user: write dnsmasq config with user
++        libvirt-dnsmasq and adapt the self tests to expect that config
++      + d/libvirt-daemon-system.postinst: fix old libvirt-dnsmasq users group
++      + Add dnsmasq configuration to work with system wide dnsmasq-base
++    - debian/rules: disable the netcf backend. (LP: 1764314)
++    - debian/control: drop libnetcf from Build-Depends.
++    - debian/patches/ubuntu/ovmf_paths.patch: adjust paths to secboot.fd UEFI
++      Secure Boot enabled variants of the OVMF firmware and variable store for
++      the paths where we ship these files in Ubuntu.
++    - d/rules: install virtlockd correctly with defaults file (LP: 1729516)
++    - avoid service dependency issues on upgrade (LP: 1786179)
++      This will in the long term be resolved in dh_* tools, but to let an
++      upgrade work for now we need to drop the sysV scripts (which we don't
++      use anyway) and slightly modify the systemd service to work with todays
++      dh_systemd_start properly. Can be dropped once Debian bug 905772 is
++      resolved in dh_* tools and libvirt uses those new code.
++      - d/libvirt-daemon-system.virtlogd.init: removed sysV init file
++      - d/libvirt-daemon-system.libvirtd.init: removed sysV init file
++      - debian/libvirt-daemon-system.maintscript: rm_conffile for virtlogd
++        and lbivirtd sysV init file
++      - d/p/ubuntu/avoid-restarting-virtlog-socket.patch: drop Also references
++        to virtlogd/virtlockd sockets as they would imply a restart of
++        virtlogd breaking it.
++      - d/t/smoke-lxc: use systemd instead of sysV to restart the service
++  * Added Changes:
++    - Refresh d/p/ubuntu/ubuntu-libxl-qemu-path.patch for new context
++    - d/rules: also check build time self test results on all architectures
++    - d/rules: strip -Bsymbolic-functions from linker flags as it breaks
++      libvirt tests
++    - d/p/ubuntu/set-default-machine-to-ubuntu.patch: to select default
++      machine type correctly with newer qemu/libvirt
++    - d/p/ubuntu-aa/lp-1804766-*: Allow rendering node access as needed
++      for the ease use of mdev and gl devices (LP: #1804766)
++    - refreshed d/p/ubuntu-aa for updated paths in libvirt 5.0
++    - d/t/control: fix smoke-qemu-session by ensuring the service will run
++      installing libvirt-daemon-system
++    - d/t/smoke-lxc: fix smoke-lxc by ignoring potential issues on destroy as
++      long as the following undefine succeeds
++    - d/p/ubuntu/lp-1771662-*: fix handling of VFs without associated PF
++      (LP: #1771662)
++  * Dropped Changes (upstream)
++    - debian/patches/ubuntu/lp1787405-*: Support guest dedicated Crypto
++      Adapters on s390x (LP: 1787405)
++    - d/p/ubuntu/lp-1802727-netdevbridge-fall-back-to-ioctl-from-sysfs.patch:
++      fix libvirt bridge handling in unprivileged containers (LP: 1802906)
++    - d/p/ubuntu-aa/lp-1788603-fix-ptrace-rules-with-kernel-4.18.patch:
++      avoid issues with newer kernels >=4.18 (LP: 1788603)
++    - Fix an issue where guests with plenty of hostdevs attached where detected
++      as not shut down due to the kernel needing more time to free up
++      resources (LP: 1788226)
++      - d/p/ubuntu/lp-1788226-wait-longer-5-30s-on-hard-shutdown.patch
++      - d/p/ubuntu/lp-1788226-wait-longer-on-kill-per-assigned-Hostdev.patch
++    - 0025-apparmor-fix-newer-virt-manager-1.4.0.patch: Add Apparmor
++      permissions so virt-manager 1.4.0 viewing works (LP 1668681 1747442).
++    - 0040-apparmor-add-mediation-rules-for-unconfined.patch:
++      apparmor: add mediation rules for unconfined guests
++    - d/p/ubuntu-aa/0051-allow-user-tmp.patch: some features need tmp, but we
++      don't want blanket access. We only allow enumerating the base dir and
++      reading owned files. Further features needing /tmp have to add local
++      overrides, examples are qemu-smb and some modes of local snapshots.
++      (LP: 1365261) Can be dropped >=libvirt 4.7
++    - d/p/ubuntu-aa/0052-allow-to-preserve-dev-mountpoints.patch: Allow to
++      preserve /dev mountpoints in qemu namespaces (LP: 1786168)
++      Can be dropped >=libvirt 4.7
++    - d/p/ubuntu/enable-kvm-spice.patch: compat with older Ubuntu qemu/kvm
++      which provided a separate kvm-spice. Upstream completely dropped
++      alternative types and kvm-spice is a symlink for quite some time.
++      Builtin expected binaries work, so drop this delta.
++  * Dropped Changes (in Debian)
++    - Convert libvirt0, libnss_libvirt and libvirt-dev to multi-arch.
++
++ -- Christian Ehrhardt <christian.ehrhardt@canonical.com>  Tue, 08 Jan 2019 13:09:31 +0100
++
  libvirt (5.0.0-1) unstable; urgency=medium
    * [7346f30] New upstream version 5.0.0
@@ -819,6 +2299,297 @@ libvirt (4.7.0-1) unstable; urgency=medium
   -- Guido Günther <agx@sigxcpu.org>  Sun, 09 Sep 2018 21:42:33 +0200
++libvirt (4.6.0-2ubuntu6) disco; urgency=medium
++
++  * No-change rebuild for readline soname change.
++
++ -- Matthias Klose <doko@ubuntu.com>  Tue, 15 Jan 2019 10:26:04 +0000
++
++libvirt (4.6.0-2ubuntu5) disco; urgency=medium
++
++  * d/p/ubuntu/lp1787405-0008-qemu-mdev-Use-vfio-pci-display-property-only
++    -with-vf.patch: fix handling of non PCI vfio display propery (part
++    of LP: #1787405)
++
++ -- Christian Ehrhardt <christian.ehrhardt@canonical.com>  Thu, 06 Dec 2018 09:20:39 +0100
++
++libvirt (4.6.0-2ubuntu4) disco; urgency=medium
++
++  * debian/patches/ubuntu/lp1787405-*: Support guest dedicated Crypto
++    Adapters on s390x (LP: #1787405)
++  * d/p/ubuntu/lp-1802727-netdevbridge-fall-back-to-ioctl-from-sysfs.patch:
++    fix libvirt bridge handling in unprivileged containers (LP: #1802906)
++
++ -- Christian Ehrhardt <christian.ehrhardt@canonical.com>  Fri, 09 Nov 2018 07:42:01 +0100
++
++libvirt (4.6.0-2ubuntu3) cosmic; urgency=medium
++
++  * d/p/ubuntu-aa/lp-1788603-fix-ptrace-rules-with-kernel-4.18.patch:
++    avoid issues with newer kernels >=4.18 (LP: #1788603)
++
++ -- Christian Ehrhardt <christian.ehrhardt@canonical.com>  Mon, 27 Aug 2018 10:57:57 +0200
++
++libvirt (4.6.0-2ubuntu2) cosmic; urgency=medium
++
++  * Fix an issue where guests with plenty of hostdevs attached where detected
++    as not shut down due to the kernel needing more time to free up
++    resources (LP: #1788226)
++    - d/p/ubuntu/lp-1788226-wait-longer-5-30s-on-hard-shutdown.patch
++    - d/p/ubuntu/lp-1788226-wait-longer-on-kill-per-assigned-Hostdev.patch
++
++ -- Christian Ehrhardt <christian.ehrhardt@canonical.com>  Tue, 21 Aug 2018 17:51:43 +0200
++
++libvirt (4.6.0-2ubuntu1) cosmic; urgency=medium
++
++  * Merged with Debian unstable (LP: #1786957).
++    Among many other new features and fixes this includes fixes
++    for (LP: #1754871), Remaining changes:
++    - Disable libssh2 support (universe dependency)
++    - Disable firewalld support (universe dependency)
++    - Set qemu-group to kvm (for compat with older ubuntu)
++    - Additional apport package-hook
++    - Autostart default bridged network (As upstream does, but not Debian).
++      In addition to just enabling it our solution provides:
++      + do not autostart if subnet is already taken (e.g. in guests).
++      + iterate some alternative subnets before giving up
++    - d/p/ubuntu/Allow-libvirt-group-to-access-the-socket.patch: This is
++      the group based access to libvirt functions as it was used in Ubuntu
++      for quite long.
++      + d/p/ubuntu/daemon-augeas-fix-expected.patch fix some related tests
++        due to the group access change.
++      + d/libvirt-daemon-system.postinst: add users in sudo to the libvirt
++        group.
++    - ubuntu/parallel-shutdown.patch: set parallel shutdown by default.
++    - d/p/ubuntu/enable-kvm-spice.patch: compat with older Ubuntu qemu/kvm
++      which provided a separate kvm-spice.
++    - Xen related
++      - d/p/ubuntu/ubuntu-libxl-qemu-path.patch: this change was split. The
++        section that adapts the path of the emulator to the Debian/Ubuntu
++        packaging is kept.
++      - d/p/ubuntu/ubuntu-libxl-Fix-up-VRAM-to-minimum-requirements.patch: auto
++        set VRAM to minimum requirements
++      - d/p/ubuntu/xen-default-uri.patch: set default URI on xen hosts
++      - Add libxl log directory
++      - libvirt-uri.sh: Automatically switch default libvirt URI for users on
++        Xen dom0 via user profile (was missing on changelogs before)
++    - d/p/ubuntu/apibuild-skip-libvirt-common.h: drop libvirt-common.h from
++      included_files to avoid build failures due to duplicate definitions.
++    - Update README.Debian with Ubuntu changes
++    - Convert libvirt0, libnss_libvirt and libvirt-dev to multi-arch.
++    - Enable some additional features on ppc64el and s390x (for arch parity)
++      + systemtap, zfs, numa and numad on s390x.
++      + systemtap on ppc64el.
++    - d/t/control, d/t/smoke-qemu-session: fixup smoke-qemu-session by making
++      vmlinuz available and accessible (Debian bug 848314)
++    - d/t/control, d/t/smoke-lxc: fix up lxc smoke test isolation
++    - Add dnsmasq configuration to work with system wide dnsmasq (drop >18.04,
++      no more UCA onto Xenial then which has global dnsmasq by default).
++    - d/p/ubuntu/ubuntu_machine_type.patch: accept ubuntu types as pci440fx
++    - Further upstreamed apparmor Delta, especially any new one
++      Our former delta is split into logical pieces and is either Ubuntu only
++      or is part of a continuous upstreaming effort.
++      Listing related remaining changes in debian/patches/ubuntu-aa/:
++      + 0001-apparmor-Allow-pygrub-to-run-on-Debian-Ubuntu.patch: apparmor:
++        Allow pygrub to run on Debian/Ubuntu
++      + 0003-apparmor-libvirt-qemu-Allow-read-access-to-overcommi.patch:
++        apparmor, libvirt-qemu: Allow read access to overcommit_memory
++      + 0007-apparmor-libvirt-qemu-Allow-owner-read-access-to-PRO.patch:
++        apparmor, libvirt-qemu: Allow owner read access to @{PROC}/*/auxv
++      + 0017-apparmor-virt-aa-helper-Allow-access-to-tmp-director.patch:
++        apparmor, virt-aa-helper: Allow access to tmp directories
++      + ubuntu-aa/0020-virt-aa-helper-ubuntu-storage-paths.patch:
++        apparmor, virt-aa-helper: Allow various storage pools and image
++        locations
++      + 0021-apparmor-virt-aa-helper-Add-openvswitch-support.patch:
++        apparmor, virt-aa-helper: Add openvswitch support
++      + 0025-apparmor-fix-newer-virt-manager-1.4.0.patch: Add Apparmor
++        permissions so virt-manager 1.4.0 viewing works (LP 1668681 1747442).
++        Can be dropped >=libvirt 4.7
++      + 0029-appmor-libvirt-qemu-Add-9p-support.patch: appmor,
++        libvirt-qemu: Add 9p support
++      + 0030-virt-aa-helper-Complete-9p-support.patch: virt-aa-helper:
++        add l to 9p file options.
++      + 0031-virt-aa-helper-Ask-for-no-deny-rule-for-readonly-dis.patch:
++        virt-aa-helper: Ask for no deny rule for readonly disk (renamed and
++        reworded, was virt-aa-helper-no-explicity-deny-for-basefiles.patch)
++      + 0032-apparmor-libvirt-qemu-Allow-reading-charm-specific-c.patch:
++        apparmor, libvirt-qemu: Allow reading charm-specific ceph config
++      + 0033-UBUNTU-only-apparmor-for-kvm.powerpc-LP-1680384.patch: allow
++        commands executed by ubuntu only kvm wrapper on ppc64el
++        (LP 1686621 & LP 1680384).
++      + 0034-apparmor-virt-aa-helper-access-for-snapped-nova.patch:
++        apparmor, virt-aa-helper: access for snapped nova
++      + 0040-apparmor-add-mediation-rules-for-unconfined.patch:
++        apparmor: add mediation rules for unconfined guests
++        Can be dropped >=libvirt 4.7
++    - d/rules: enable build time self tests on all architectures
++    - run dnsmasq as libvirt-dnsmasq (LP: 1743718)
++      + d/libvirt-daemon-system.postinst: add libvirt-dnsmasq user and group
++      + d/libvirt-daemon-system.postrm: remove libvirt-dnsmasq user and group on
++        purge
++      + d/p/ubuntu/dnsmasq-as-priv-user: write dnsmas config with user
++        libvirt-dnsmasq and adapt the self tests to expect that config
++      + d/libvirt-daemon-system.postinst: fix old libvirt-dnsmasq users
++    - debian/rules: disable the netcf backend. (LP: 1764314)
++    - debian/control: drop libnetcf from Build-Depends.
++    - ddebian/patches/ubuntu/ovmf_paths.patch: adjust paths to secboot.fd UEFI
++      Secure Boot enabled variants of the OVMF firmware and variable store for
++      the paths where we ship these files in Ubuntu.
++    - d/rules: install virtlockd correctly with defaults file (LP: 1729516)
++  * Added Changes
++    - 0032-apparmor-libvirt-qemu-Allow-reading-charm-specific-c.patch:
++      updated to take care of no more silencing and thereby hiding denials
++      (LP 1719579 is an example)
++    - 0032-apparmor-libvirt-qemu-Allow-reading-charm-specific-c.patch:
++      updated to also allow the optionally placed ceph asok file (LP: #1779674)
++    - 0033-UBUNTU-only-apparmor-for-kvm.powerpc-LP-1680384.patch: prepare
++      profile for usrmerge (LP: #1784023)
++    - Finalize the libvirt-bin -> libvirt-* transition in the apport
++      package-hook.
++    - d/p/ubuntu-aa/0050-local-include-for-libvirt-qemu.patch,
++      d/libvirt-daemon-system.postinst: provide a local apparmor include
++      for abstraction/libvirt-qemu (LP: #1786019)
++    - d/p/ubuntu-aa/0051-allow-user-tmp.patch: some features need tmp, but we
++      don't want blanket access. We only allow enumerating the base dir and
++      reading owned files. Further features needing /tmp have to add local
++      overrides, examples are qemu-smb and some modes of local snapshots.
++      (LP: #1365261) Can be dropped >=libvirt 4.7
++    - d/p/ubuntu-aa/0052-allow-to-preserve-dev-mountpoints.patch: Allow to
++      preserve /dev mountpoints in qemu namespaces (LP: #1786168)
++      Can be dropped >=libvirt 4.7
++    - avoid service dependency issues on upgrade (LP: #1786179)
++      This will in the long term be resolved in dh_* tools, but to let an
++      upgrade work for now we need to drop the sysV scripts (which we don't
++      use anyway) and slightly modify the systemd service to work with todays
++      dh_systemd_start properly. Can be dropped once Debian bug 905772 is
++      resolved in dh_* tools and libvirt uses those new code.
++      - d/libvirt-daemon-system.virtlogd.init: removed sysV init file
++      - d/libvirt-daemon-system.libvirtd.init: removed sysV init file
++      - debian/libvirt-daemon-system.maintscript: rm_conffile for virtlogd
++        and lbivirtd sysV init file
++      - d/p/ubuntu/avoid-restarting-virtlog-socket.patch: drop Also references
++        to virtlogd/virtlockd sockets as they would imply a restart of
++        virtlogd breaking it.
++      - d/t/smoke-lxc: use systemd instead of sysV to restart the service
++  * Dropped Changes (upstream)
++    - d/p/ubuntu/virt-aa-helper-Set-the-supported-features.patch: allow parsing
++      of memory slots and other extended features without breaking
++      virt-aa-helper (LP: 1746431).
++    - d/p/stable/0001-Revert-qemu-monitor-do-not-report-error-on-shutdown.patch
++    - d/p/stable/0002-nodedev-Fix-failing-to-parse-PCI-address-for-non-PCI.patch
++    - d/p/stable/0003-qemu-assign-correct-type-of-PCI-address-for-vhost-sc.patch
++    - d/p/stable/0004-qemu-Refresh-caps-cache-after-booting-a-different-ke.patch
++    - d/p/stable/0005-qemu-auto-add-generic-xhci-rather-than-NEC-xhci-to-Q.patch
++    - d/p/stable/0006-libvirtd-Explicit-dependency-on-systemd-machined.patch
++    - d/p/stable/0007-rpc-fix-race-sending-and-encoding-sasl-data.patch
++    - d/p/stable/0008-vhost-user-add-support-reconnect-for-vhost-user-port.patch
++    - d/p/stable/0009-qemu-Fix-memory-leak-in-processGuestPanicEvent.patch
++    - d/p/stable/0010-storage-util-Properly-ignore-errors-when-backing-vol.patch
++    - d/p/stable/0011-conf-Use-correct-attribute-name-in-error-message.patch
++    - d/p/stable/0012-util-json-Add-helper-to-return-string-or-number-prop.patch
++    - d/p/stable/0013-util-storage-Parse-lun-for-iSCSI-protocol-from-JSON-.patch
++    - d/p/stable/0014-virsh-Offer-only-persistent-domains-for-autostart.patch
++    - d/p/stable/0015-blockjob-Fix-a-error-checking-of-blockjob-status-in-.patch
++    - d/p/stable/0016-qemu-Expose-rx-tx_queue_size-in-qemu.conf-too.patch
++    - d/p/stable/0017-qemu-migration-Refresh-device-information-after-tran.patch
++    - d/p/stable/0018-qemuDomainRemoveMemoryDevice-unlink-memory-backing-f.patch
++    - d/p/stable/0019-vbox-fix-SEGV-during-dumpxml-of-a-serial-port.patch
++    - d/p/stable/0020-qemu-Initialize-priv-in-qemuDomainCoreDumpWithFormat.patch
++    - d/p/stable/0021-fix-regex-to-check-CN-from-server-certificate.patch
++    - d/p/stable/0022-storage-Fix-formatting-and-parsing-of-qemu-type-Unix.patch
++    - d/p/stable/0023-util-storage-Remove-detected-authentication-data-for.patch
++    - d/p/stable/0024-qemu-blockcopy-Add-check-for-bandwidth.patch
++    - d/p/stable/0025-conf-move-generated-member-from-virMacAddr-to-virDom.patch
++    - d/p/stable/0026-lxc-Drop-useless-check-in-live-device-update.patch
++    - d/p/stable/0027-Pass-oldDev-to-virDomainDefCompatibleDevice-on-devic.patch
++    - d/p/stable/0028-qemu-Fix-updating-device-with-boot-order.patch
++    - d/p/stable/0030-daemon-fix-rpc-event-leak-on-error-path-in-remoteDis.patch
++    - d/p/stable/0029-lxc-fix-rpc-event-leak-on-error-path-in-virLXCContro.patch
++    - d/p/stable/0031-qemu-fix-memory-leak-of-vporttype-during-migration.patch
++    - d/p/stable/0032-virsh-fixing-segfault-by-pool-autocompleter-function.patch
++    - d/p/stable/0033-qemu-Fix-comparison-assignment-in-qemuDomainUpdateDe.patch
++    - d/p/stable/0034-qemu-Fix-memory-leak-in-qemuConnectGetAllDomainStats.patch
++    - d/p/stable/0035-libvirtd-fix-potential-deadlock-when-reloading.patch
++    - d/p/stable/0036-qemu-Use-correct-bus-type-for-input-devices.patch
++    - d/p/stable/0037-qemu-hostdev-Fix-the-error-on-VM-start-with-an-mdev-.patch
++    - d/p/stable/0038-conf-Fix-crash-in-virDomainDefCompatibleDevice.patch
++    - d/p/ubuntu/lp1688508-tools-avoid-text-spilling-into-variables.patch:
++      avoid hanging on shutdown (LP: 1688508)
++    - d/p/ubuntu-aa/0041-apparmor-add-ro-rule-for-sasl-GSSAPI-
++      plugin-on-etc-g.patch fix issues if sasl is configured (LP: 1696471)
++    - d/p/ubuntu-aa/0042-virt-aa-helper-resolve-yet-to-be-created-paths.patch
++      ensure symlinks are resolved to get valid rules if interim parts of a path
++      are a symlink (LP: 1752361)
++    - d/p/ubuntu/lp1688508-tools-fix-variable-scope-in-in-check_guests_shutdown:
++      avoid issues shutting down more guests than configured for parallel
++      shutdown (LP: 1688508)
++    - d/p/ubuntu-aa/lp1756394-virt-aa-helper-resolve-file-symlinks.patch: fix
++      using devices that are symlinks (LP: 1756394)
++    - Fix nvdimm memory and passthrough input devices for hotplug via
++      domain security callbacks backporting upstream commits (LP: 1755153).
++      + d/p/ubuntu-aa/lp1755153-apparmor-add-Set-Restore-InputLabel.patch
++      + d/p/ubuntu-aa/lp1755153-apparmor-add-Set-Restore-MemoryLabel.patch
++    - Fix nvdimm memory and passthrough input devices in initial guest
++      description via virt-aa-helper (LP: 1757085).
++      + d/p/ubuntu-aa/lp1757085-virt-aa-helper-nvdimm-memory.patch
++      + d/p/ubuntu-aa/lp1757085-virt-aa-helper-passthrough-input.patch
++    - Fix clean shut down of guests on system shutdown (LP: 1764668)
++      + d/p/ubuntu/lp-1764668-do-not-report-unknown-guests.patch
++      + d/p/ubuntu/lp-1764668-fix-check_guests_shutdown-loop.patch
++    - SECURITY UPDATE: QEMU monitor DoS
++      + debian/patches/CVE-2018-1064.patch: add size limit to
++        src/qemu/qemu_agent.c.
++      + CVE-2018-1064
++    - SECURITY UPDATE: Speculative Store Bypass
++      + debian/patches/CVE-2018-3639-1.patch: define the 'ssbd' CPUID feature
++        bit in src/cpu/cpu_map.xml.
++      + debian/patches/CVE-2018-3639-2.patch: define the 'virt-ssbd' CPUID
++        feature bit in src/cpu/cpu_map.xml.
++      + CVE-2018-3639
++    - d/p/ubuntu-aa/lp1775777-vfio-usage-without-initial-hostdev.patch: fix
++      hotplug use cases where the initial guest had no hostdev at all and
++      therefore vrit-aa-helper did not allow /dev/vfio/vfio (LP: 1775777)
++    - debian/patches/ubuntu/lp-1758037-nwfilter-increase-pcap-buffer-size.patch:
++      Fix nwfilters that set CTRL_IP_LEARNING set to dhcp failing with "An error
++      occurred, but the cause is unknown" due to a buffer being too small
++      for pcap with TPACKET_V3 enabled (LP: 1758037)
++    - SECURITY UPDATE: code injection via libnss_dns.so
++      + debian/patches/CVE-2018-6764-1.patch: determine the hostname on
++        startup in src/util/virlog.c.
++      + debian/patches/CVE-2018-6764-2.patch: fix syntax-check in
++        src/util/virlog.c.
++      + debian/patches/CVE-2018-6764-3.patch: fix deadlock obtaining hostname
++        in cfg.mk, src/util/virlog.c.
++      + CVE-2018-6764
++  * Dropped Changes (no upgrade path left that needs those)
++    - Backwards compatible handling of group rename (can be dropped >18.04).
++    - Modifications to adapt for our delayed switch away from libvirt-bin (can
++      be dropped >18.04).
++      + d/p/ubuntu/libvirtd-service-add-bin-alias.patch: systemd: define alias
++        to old service name so that old references work
++      + d/p/ubuntu/libvirtd-init-add-bin-alias.patch: sysv init: define alias
++        to old service name so that old references work
++      + d/control: transitional package with the old name and maintainer
++        scripts to handle the transition
++    - fix conffile upgrade handling to avoid obsolete files
++      and inactive duplicates (LP 1694159)
++    - conffile handling of files dropped in 3.5 (can be dropped >18.04)
++      + /etc/init.d/virtlockd was sysv init only
++      + /etc/apparmor.d/local/usr.sbin.libvirtd and
++        /etc/apparmor.d/local/usr.lib.libvirt.virt-aa-helper are now generated
++        by dh_apparmor as needed
++    - d/libvirt-daemon-system.maintscript: remove the now dropped conffile
++      /etc/cron.daily/libvirt-daemon-system
++  * Dropped Changes (cleanups)
++    - d/test/smoke-lxc workaround for debbug 848317/867379 (systemd has fixed
++      one issue and the other is solved in libvirt by ensuring to move to the
++      right cgroups.)
++    - remove no more used libvirt-dnsmasq user (this was redundant since
++      4.0.0-1ubuntu5 reintroduced a libvirt-dnsmasq user)
++    - Disable selinux (now in main)
++
++ -- Christian Ehrhardt <christian.ehrhardt@canonical.com>  Sat, 18 Aug 2018 14:40:58 +0200
++
  libvirt (4.6.0-2) unstable; urgency=medium
    * [c33faee] Drop dwarves dependency.
@@ -936,6 +2707,399 @@ libvirt (4.0.0-2) unstable; urgency=medium
   -- Guido Günther <agx@sigxcpu.org>  Thu, 08 Feb 2018 19:29:59 +0100
++libvirt (4.0.0-1ubuntu13) cosmic; urgency=medium
++
++  * ddebian/patches/ubuntu/ovmf_paths.patch: adjust paths to secboot.fd UEFI
++    Secure Boot enabled variants of the OVMF firmware and variable store for
++    the paths where we ship these files in Ubuntu.
++
++ -- Mathieu Trudel-Lapierre <cyphermox@ubuntu.com>  Wed, 27 Jun 2018 11:16:23 -0400
++
++libvirt (4.0.0-1ubuntu12) cosmic; urgency=medium
++
++  * d/p/ubuntu-aa/lp1775777-vfio-usage-without-initial-hostdev.patch: fix
++    hotplug use cases where the initial guest had no hostdev at all and
++    therefore vrit-aa-helper did not allow /dev/vfio/vfio (LP: #1775777)
++
++ -- Christian Ehrhardt <christian.ehrhardt@canonical.com>  Tue, 12 Jun 2018 16:24:01 +0200
++
++libvirt (4.0.0-1ubuntu11) cosmic; urgency=medium
++
++  * SECURITY UPDATE: QEMU monitor DoS
++    - debian/patches/CVE-2018-1064.patch: add size limit to
++      src/qemu/qemu_agent.c.
++    - CVE-2018-1064
++  * SECURITY UPDATE: Speculative Store Bypass
++    - debian/patches/CVE-2018-3639-1.patch: define the 'ssbd' CPUID feature
++      bit in src/cpu/cpu_map.xml.
++    - debian/patches/CVE-2018-3639-2.patch: define the 'virt-ssbd' CPUID
++      feature bit in src/cpu/cpu_map.xml.
++    - CVE-2018-3639
++
++ -- Marc Deslauriers <marc.deslauriers@ubuntu.com>  Tue, 22 May 2018 10:55:56 -0400
++
++libvirt (4.0.0-1ubuntu10) cosmic; urgency=medium
++
++  * Fix nwfilters that set CTRL_IP_LEARNING set to dhcp failing with "An error
++    occurred, but the cause is unknown" due to a buffer being too small
++    for pcap with TPACKET_V3 enabled (LP: #1758037)
++    - debian/patches/ubuntu/lp-1758037-nwfilter-increase-pcap-buffer-size.patch
++
++ -- Christian Ehrhardt <christian.ehrhardt@canonical.com>  Wed, 09 May 2018 17:07:59 +0200
++
++libvirt (4.0.0-1ubuntu9) cosmic; urgency=medium
++
++  * debian/rules: disable the netcf backend. (LP: #1764314)
++  * debian/control: drop libnetcf from Build-Depends.
++
++ -- Mathieu Trudel-Lapierre <cyphermox@ubuntu.com>  Wed, 09 May 2018 10:06:15 -0400
++
++libvirt (4.0.0-1ubuntu8) bionic; urgency=medium
++
++  * Fix clean shut down of guests on system shutdown (LP: #1764668)
++    - d/p/ubuntu/lp-1764668-do-not-report-unknown-guests.patch
++    - d/p/ubuntu/lp-1764668-fix-check_guests_shutdown-loop.patch
++
++ -- Christian Ehrhardt <christian.ehrhardt@canonical.com>  Tue, 24 Apr 2018 11:09:48 +0200
++
++libvirt (4.0.0-1ubuntu7) bionic; urgency=medium
++
++  * Fix nvdimm memory and passthrough input devices for hotplug via
++    domain security callbacks backporting upstream commits (LP: #1755153).
++    - d/p/ubuntu-aa/lp1755153-apparmor-add-Set-Restore-InputLabel.patch
++    - d/p/ubuntu-aa/lp1755153-apparmor-add-Set-Restore-MemoryLabel.patch
++  * Fix nvdimm memory and passthrough input devices in initial guest
++    description via virt-aa-helper (LP: #1757085).
++    - d/p/ubuntu-aa/lp1757085-virt-aa-helper-nvdimm-memory.patch
++    - d/p/ubuntu-aa/lp1757085-virt-aa-helper-passthrough-input.patch
++
++ -- Christian Ehrhardt <christian.ehrhardt@canonical.com>  Wed, 21 Mar 2018 08:30:47 +0100
++
++libvirt (4.0.0-1ubuntu6) bionic; urgency=medium
++
++  * Backport from recent upstream to stabilize libvirt (LP: #1756915)
++    - d/p/stable/0033-qemu-Fix-comparison-assignment-in-qemuDomainUpdateDe.patch
++    - d/p/stable/0034-qemu-Fix-memory-leak-in-qemuConnectGetAllDomainStats.patch
++    - d/p/stable/0035-libvirtd-fix-potential-deadlock-when-reloading.patch
++    - d/p/stable/0036-qemu-Use-correct-bus-type-for-input-devices.patch
++    - d/p/stable/0037-qemu-hostdev-Fix-the-error-on-VM-start-with-an-mdev-.patch
++    - d/p/stable/0038-conf-Fix-crash-in-virDomainDefCompatibleDevice.patch
++  * d/p/ubuntu/lp1688508-tools-fix-variable-scope-in-in-check_guests_shutdown:
++    avoid issues shutting down more guests than configured for parallel
++    shutdown (LP: #1688508)
++  * d/p/ubuntu-aa/lp1756394-virt-aa-helper-resolve-file-symlinks.patch: fix
++    using devices that are symlinks (LP: #1756394)
++
++ -- Christian Ehrhardt <christian.ehrhardt@canonical.com>  Mon, 19 Mar 2018 14:57:08 +0100
++
++libvirt (4.0.0-1ubuntu5) bionic; urgency=medium
++
++  * run dnsmasq as libvirt-dnsmasq (LP: #1743718)
++    - d/libvirt-daemon-system.postinst: add libvirt-dnsmasq user and group
++    - d/libvirt-daemon-system.postrm: remove libvirt-dnsmasq user and group on
++      purge
++    - d/p/ubuntu/dnsmasq-as-priv-user: write dnsmas config with user
++      libvirt-dnsmasq and adapt the self tests to expect that config
++    - d/libvirt-daemon-system.postinst: fix old libvirt-dnsmasq users
++  * Backport from recent upstream to stabilize libvirt (LP: #1754352)
++    - d/p/stable/0024-qemu-blockcopy-Add-check-for-bandwidth.patch
++    - d/p/stable/0025-conf-move-generated-member-from-virMacAddr-to-virDom.patch
++    - d/p/stable/0026-lxc-Drop-useless-check-in-live-device-update.patch
++    - d/p/stable/0027-Pass-oldDev-to-virDomainDefCompatibleDevice-on-devic.patch
++    - d/p/stable/0028-qemu-Fix-updating-device-with-boot-order.patch
++    - d/p/stable/0030-daemon-fix-rpc-event-leak-on-error-path-in-remoteDis.patch
++    - d/p/stable/0029-lxc-fix-rpc-event-leak-on-error-path-in-virLXCContro.patch
++    - d/p/stable/0031-qemu-fix-memory-leak-of-vporttype-during-migration.patch
++    - d/p/stable/0032-virsh-fixing-segfault-by-pool-autocompleter-function.patch
++  * d/p/ubuntu-aa/0041-apparmor-add-ro-rule-for-sasl-GSSAPI-
++    plugin-on-etc-g.patch fix issues if sasl is configured (LP: #1696471)
++  * d/p/ubuntu-aa/0042-virt-aa-helper-resolve-yet-to-be-created-paths.patch
++    ensure symlinks are resolved to get valid rules if interim parts of a path
++    are a symlink (LP: #1752361)
++
++ -- Christian Ehrhardt <christian.ehrhardt@canonical.com>  Tue, 27 Feb 2018 12:04:02 +0100
++
++libvirt (4.0.0-1ubuntu4) bionic; urgency=medium
++
++  * d/p/ubuntu/lp1688508-tools-avoid-text-spilling-into-variables.patch:
++    avoid hanging on shutdown (LP: #1688508)
++
++ -- Christian Ehrhardt <christian.ehrhardt@canonical.com>  Fri, 23 Feb 2018 16:43:19 +0100
++
++libvirt (4.0.0-1ubuntu3) bionic; urgency=medium
++
++  [ Christian Ehrhardt ]
++  * Backport of 23 bug fixes from recent upstream to stabilize libvirt on 18.04
++    - d/p/stable/0001-Revert-qemu-monitor-do-not-report-error-on-shutdown.patch
++    - d/p/stable/0002-nodedev-Fix-failing-to-parse-PCI-address-for-non-PCI.patch
++    - d/p/stable/0003-qemu-assign-correct-type-of-PCI-address-for-vhost-sc.patch
++    - d/p/stable/0004-qemu-Refresh-caps-cache-after-booting-a-different-ke.patch
++    - d/p/stable/0005-qemu-auto-add-generic-xhci-rather-than-NEC-xhci-to-Q.patch
++    - d/p/stable/0006-libvirtd-Explicit-dependency-on-systemd-machined.patch
++    - d/p/stable/0007-rpc-fix-race-sending-and-encoding-sasl-data.patch
++    - d/p/stable/0008-vhost-user-add-support-reconnect-for-vhost-user-port.patch
++    - d/p/stable/0009-qemu-Fix-memory-leak-in-processGuestPanicEvent.patch
++    - d/p/stable/0010-storage-util-Properly-ignore-errors-when-backing-vol.patch
++    - d/p/stable/0011-conf-Use-correct-attribute-name-in-error-message.patch
++    - d/p/stable/0012-util-json-Add-helper-to-return-string-or-number-prop.patch
++    - d/p/stable/0013-util-storage-Parse-lun-for-iSCSI-protocol-from-JSON-.patch
++    - d/p/stable/0014-virsh-Offer-only-persistent-domains-for-autostart.patch
++    - d/p/stable/0015-blockjob-Fix-a-error-checking-of-blockjob-status-in-.patch
++    - d/p/stable/0016-qemu-Expose-rx-tx_queue_size-in-qemu.conf-too.patch
++    - d/p/stable/0017-qemu-migration-Refresh-device-information-after-tran.patch
++    - d/p/stable/0018-qemuDomainRemoveMemoryDevice-unlink-memory-backing-f.patch
++    - d/p/stable/0019-vbox-fix-SEGV-during-dumpxml-of-a-serial-port.patch
++    - d/p/stable/0020-qemu-Initialize-priv-in-qemuDomainCoreDumpWithFormat.patch
++    - d/p/stable/0021-fix-regex-to-check-CN-from-server-certificate.patch
++    - d/p/stable/0022-storage-Fix-formatting-and-parsing-of-qemu-type-Unix.patch
++    - d/p/stable/0023-util-storage-Remove-detected-authentication-data-for.patch
++  * d/rules: enable build time self tests on all architectures
++
++  [ Marc Deslauriers ]
++  * SECURITY UPDATE: code injection via libnss_dns.so
++    - debian/patches/CVE-2018-6764-1.patch: determine the hostname on
++      startup in src/util/virlog.c.
++    - debian/patches/CVE-2018-6764-2.patch: fix syntax-check in
++      src/util/virlog.c.
++    - debian/patches/CVE-2018-6764-3.patch: fix deadlock obtaining hostname
++      in cfg.mk, src/util/virlog.c.
++    - CVE-2018-6764
++
++ -- Christian Ehrhardt <christian.ehrhardt@canonical.com>  Mon, 19 Feb 2018 14:18:44 +0100
++
++libvirt (4.0.0-1ubuntu2) bionic; urgency=medium
++
++  * d/p/ubuntu-aa/0025-apparmor-fix-newer-virt-manager-1.4.0.patch: refreshed
++    as libvirt 4.0 needs a reversed rule for openGraphicsFD (LP: #1747442)
++    - refreshed 0032 and 0040 to match the new context.
++  * d/p/ubuntu/virt-aa-helper-Set-the-supported-features.patch: allow parsing
++    of memory slots and other extended features without breaking
++    virt-aa-helper (LP: #1746431).
++
++ -- Christian Ehrhardt <christian.ehrhardt@canonical.com>  Fri, 02 Feb 2018 07:31:17 +0100
++
++libvirt (4.0.0-1ubuntu1) bionic; urgency=medium
++
++  * Merged with Debian unstable (4.0)
++    This closes several bugs:
++    - Error generating apparmor profile when hostname contains spaces
++      (LP: #799997)
++    - qemu 2.10 locks files, libvirt shared now sets share-rw=on (LP: #1716028)
++    - libvirt usb passthrough throws apparmor denials related to
++      /run/udev/data/+usb (LP: #1727311)
++    - AppArmor denies access to /sys/block/*/queue/max_segments (LP: #1729626)
++    - iohelper improvements to let bypass-cache work without opening up the
++      apparmor isolation (LP: #1719579)
++    - nodeinfo on s390x to contain more CPU info (LP: #1733688)
++    - Upgrade libvirt >= 4.0 (LP: #1745934)
++  * Remaining changes:
++    - Disable libssh2 support (universe dependency)
++    - Disable firewalld support (universe dependency)
++    - Disable selinux
++    - Set qemu-group to kvm (for compat with older ubuntu)
++    - Additional apport package-hook
++    - Modifications to adapt for our delayed switch away from libvirt-bin (can
++      be dropped >18.04).
++      + d/p/ubuntu/libvirtd-service-add-bin-alias.patch: systemd: define alias
++        to old service name so that old references work
++      + d/p/ubuntu/libvirtd-init-add-bin-alias.patch: sysv init: define alias
++        to old service name so that old references work
++      + d/control: transitional package with the old name and maintainer
++        scripts to handle the transition
++    - Backwards compatible handling of group rename (can be dropped >18.04).
++    - config details and autostart of default bridged network. Creating that is
++      now the default in general, yet our solution provides the following on
++      top as of today:
++      + autostart the default network by default
++      + do not autostart if subnet is already taken (e.g. in guests).
++    - d/p/ubuntu/Allow-libvirt-group-to-access-the-socket.patch: This is
++      the group based access to libvirt functions as it was used in Ubuntu
++      for quite long.
++      + d/p/ubuntu/daemon-augeas-fix-expected.patch fix some related tests
++        due to the group access change.
++    - ubuntu/parallel-shutdown.patch: set parallel shutdown by default.
++    - d/p/ubuntu/enable-kvm-spice.patch: compat with older Ubuntu qemu/kvm
++      which provided a separate kvm-spice.
++    - d/p/ubuntu/ubuntu-libxl-qemu-path.patch: this change was split. The
++      section that adapts the path of the emulator to the Debian/Ubuntu
++      packaging is kept.
++    - d/p/ubuntu/ubuntu-libxl-Fix-up-VRAM-to-minimum-requirements.patch: auto
++      set VRAM to minimum requirements
++    - d/p/ubuntu/xen-default-uri.patch: set default URI on xen hosts
++    - Add libxl log directory
++    - libvirt-uri.sh: Automatically switch default libvirt URI for users on
++      Xen dom0 via user profile (was missing on changelogs before)
++    - d/p/ubuntu/apibuild-skip-libvirt-common.h: drop libvirt-common.h from
++      included_files to avoid build failures due to duplicate definitions.
++    - Update README.Debian with Ubuntu changes
++    - Convert libvirt0, libnss_libvirt and libvirt-dev to multi-arch.
++    - Enable some additional features on ppc64el and s390x (for arch parity)
++      + systemtap, zfs, numa and numad on s390x.
++      + systemtap on ppc64el.
++    - fix conffile upgrade handling to avoid obsolete files
++      and inactive duplicates (LP 1694159)
++    - d/t/control, d/t/smoke-qemu-session: fixup smoke-qemu-session by making
++      vmlinuz available and accessible (Debian bug 848314)
++    - d/test/smoke-lxc workaround for debbug 848317/867379
++    - d/t/control, d/t/smoke-lxc: fix up lxc smoke test (Debian bug 848317)
++    - Add dnsmasq configuration to work with system wide dnsmasq (drop >18.04,
++      no more UCA onto Xenial then which has global dnsmasq by default).
++    - d/p/ubuntu/ubuntu_machine_type.patch: accept ubuntu types as pci440fx
++    - conffile handling of files dropped in 3.5 (can be dropped >18.04)
++      + /etc/init.d/virtlockd was sysv init only
++      + /etc/apparmor.d/local/usr.sbin.libvirtd and
++        /etc/apparmor.d/local/usr.lib.libvirt.virt-aa-helper are now generated
++        by dh_apparmor as needed
++    - Reworked apparmor Delta, especially the more complex delta is dropped
++      now, also our former delta is now split into logical pieces, has
++      improved comments and is part of a continuous upstreaming effort.
++      Listing related remaining changes:
++      + d/p/0001-apparmor-Allow-pygrub-to-run-on-Debian-Ubuntu.patch: apparmor:
++        Allow pygrub to run on Debian/Ubuntu
++      + d/p/0003-apparmor-libvirt-qemu-Allow-read-access-to-overcommi.patch:
++        apparmor, libvirt-qemu: Allow read access to overcommit_memory
++      + d/p/0007-apparmor-libvirt-qemu-Allow-owner-read-access-to-PRO.patch:
++        apparmor, libvirt-qemu: Allow owner read access to @{PROC}/*/auxv
++      + d/p/0017-apparmor-virt-aa-helper-Allow-access-to-tmp-director.patch:
++        apparmor, virt-aa-helper: Allow access to tmp directories
++      + d/p/ubuntu-aa/0020-virt-aa-helper-ubuntu-storage-paths.patch:
++        apparmor, virt-aa-helper: Allow various storage pools and image
++        locations
++      + d/p/0021-apparmor-virt-aa-helper-Add-openvswitch-support.patch:
++        apparmor, virt-aa-helper: Add openvswitch support
++      + d/p/0025-apparmor-fix-newer-virt-manager-1.4.0.patch: Add Apparmor
++        permissions so virt-manager 1.4.0 viewing works (LP 1668681).
++      + d/p/0029-appmor-libvirt-qemu-Add-9p-support.patch: appmor,
++        libvirt-qemu: Add 9p support
++      + d/p/0030-virt-aa-helper-Complete-9p-support.patch: virt-aa-helper:
++        add l to 9p file options.
++      + d/p/0031-virt-aa-helper-Ask-for-no-deny-rule-for-readonly-dis.patch:
++        virt-aa-helper: Ask for no deny rule for readonly disk (renamed and
++        reworded, was virt-aa-helper-no-explicity-deny-for-basefiles.patch)
++      + d/p/0032-apparmor-libvirt-qemu-Allow-reading-charm-specific-c.patch:
++        apparmor, libvirt-qemu: Allow reading charm-specific ceph config
++      + d/p/0033-UBUNTU-only-apparmor-for-kvm.powerpc-LP-1680384.patch: allow
++        commands executed by ubuntu only kvm wrapper on ppc64el (LP 1686621).
++      + d/p/0034-apparmor-virt-aa-helper-access-for-snapped-nova.patch:
++        apparmor, virt-aa-helper: access for snapped nova
++  * Dropped Changes (Upstream):
++    - d/p/0005-apparmor-libvirt-qemu-Allow-use-of-sgabios.patch: apparmor,
++      libvirt-qemu: Allow use of sgabios
++    - d/p/0006-apparmor-libvirt-qemu-Silence-lttng-related-deny-mes.patch:
++      apparmor, libvirt-qemu: Silence lttng related deny messages
++    - d/p/0008-apparmor-libvirt-qemu-Allow-read-access-to-sysfs-sys.patch:
++      apparmor, libvirt-qemu: Allow read access to sysfs system info
++    - d/p/0009-apparmor-libvirt-qemu-Allow-read-access-to-max_mem_r.patch:
++      apparmor, libvirt-qemu: Allow read access to max_mem_regions
++    - d/p/0010-apparmor-libvirt-qemu-Allow-qemu-block-extra-librari.patch:
++      apparmor, libvirt-qemu: Allow qemu-block-extra libraries
++    - d/p/0012-apparmor-libvirtd-Allow-access-to-netlink-sockets.patch:
++      apparmor, libvirtd: Allow access to netlink sockets
++    - d/p/0013-apparmor-Add-rules-for-mediation-support.patch:
++      apparmor: Add rules for mediation support
++    - d/p/0015-apparmor-virt-aa-helper-Allow-access-to-ecryptfs-fil.patch:
++      apparmor, virt-aa-helper: Allow access to ecryptfs files
++    - d/p/0016-apparmor-libvirtd-Allow-ixr-to-var-lib-libvirt-virtd.patch:
++      apparmor, libvirtd: Allow ixr to /var/lib/libvirt/virtd*
++    - d/p/0018-apparmor-virt-aa-helper-Add-ipv6-network-policy.patch:
++      apparmor, virt-aa-helper: Add ipv6 network policy
++    - d/p/0019-apparmor-virt-aa-helper-Allow-access-to-sys-bus-usb-.patch:
++      apparmor, virt-aa-helper: Allow access to /sys/bus/usb/devices
++    - d/p/0023-apparmor-qemu-won-t-call-qemu-nbd.patch: apparmor: qemu
++      won't call qemu-nbd
++    - d/p/0027-apparmor-allow-reading-cmdline-of-shutdown-signal.patch:
++      apparmor: allow to parse cmdline of the pid that send the shutdown
++      signal (LP 1680384).
++    - d/p/0028-apparmor-add-default-pki-path-of-lbvirt-spice.patch:
++      apparmor: add default pki path of lbvirt-spice (LP 1690140)
++    - d/p/ubuntu-aa/0035-virt-aa-helper-locking-disk-files-for-qemu-2.10.patch:
++      for compatibility with the behavior of qemu 2.10 this adds locking
++      permission to rules generated for disk files (LP 1709818)
++    - d/p/ubuntu-aa/0036-virt-aa-helper-locking-loader-nvram-for-qemu-2.10.patch:
++      for compatibility with the behavior of qemu 2.10 this adds locking
++      permission to rules generated for loader/nvram (LP 1710960)
++    - d/p/ubuntu-aa/0037-virt-aa-helper...: grant locking permission on append
++      files (LP 1726804)
++    - d/p/ubuntu-aa/0038-virt-aa-helper-fix-paths-for-usb-hostdevs.patch:
++      fix path generation for USB host devices (LP 1552241)
++    - d/p/ubuntu-aa/0039-virt-aa-helper-fix-libusb-access-to-udev-usb-data.patch:
++      generate valid rules on usb passthrough (LP 1686324)
++    - d/p/avoid-double-locking.patch: fix a deadlock that could occur when
++      libvirtd interactions raced with dbus causing a deadlock (LP 1714254).
++    - d/p/u/gnulib-getopt-posix-Fix-build-failure-when-using-ac_cv_head.patch:
++      fix FTBFS with glibc 2.26 (LP 1718668)
++    - Extended handling of apparmor profiles - clear lost profiles via cron
++      (now cleared by virt-aa-helper on domain stop)
++    - nat only on some ports <port start='1024' end='65535'/> (upstream
++      default now if nothing is specified, actually dropped last cycle)
++  * Dropped Changes (In Debian or no more important):
++    - d/p/0002-apparmor-libvirt-qemu-Allow-macvtap-access.patch: apparmor,
++      libvirt-qemu: Allow macvtap access
++    - d/p/0004-apparmor-Explicit-deny-for-setpcap.patch: apparmor: Explicit
++      deny for setpcap (LP 522845).
++    - d/p/0014-apparmor-virt-aa-helper-Improve-comment-about-backin.patch:
++      apparmor, virt-aa-helper: Improve comment about backing store
++    - d/p/0022-apparmor-drop-references-to-qemu-kvm.patch: apparmor: drop
++      references to qemu-kvm
++    - d/p/0024-apparmor-virt-aa-helper-Allow-access-to-name-service.patch:
++      apparmor, virt-aa-helper: Allow access to name services
++    - d/p/0026-apparmor-add-generic-base-vfio-device.patch: apparmor: add
++      /dev/vfio for vf (hot) attach (LP 1680384) (added by virt-aa-helper per
++      guest if needed).
++    - d/p/0011-apparmor-libvirt-qemu-Allow-access-to-hugepage-mount.patch:
++      apparmor, libvirt-qemu: Allow access to hugepage mounts
++    - Disable sheepdog (was for universe dependency, but is now only a suggest)
++    - d/p/ubuntu/storage-disable-gluster-test: gluster not enabled, skip test
++  * Dropped Changes (In Debian/Upstream now based on interim 3.10 work) some of
++    these were never released, but important to mention for the bug references:
++    - libnss-libvirt once enabled causes apt to call getdents
++      avoid this being an issue by dropping a apt conf that allows
++      this in seccomp (LP: #1732030).
++    - d/libvirt-daemon-system.postrm: clean up more libvirt directories on
++      purge
++    - d/p/ubuntu-aa/0041-apparmor-allow-unix-stream-for-p2p-migrations.patch:
++      apparmor: allow unix stream for p2p migrations
++    - d/p/ubuntu-aa/0043-security-apparmor-implement-domainSetPathLabel.patch:
++      this replaces the hugepage rules and fixes many more formerly missing
++    - d/p/ubuntu-aa/0044-security-full-path-option-for-DomainSetPathLabel.patch:
++      allowing to have path wildcards on labels set by domain callbacks
++    - d/p/ubuntu-aa/0045-security-apparmor-add-Set-Restore-ChardevLabel.patch:
++      apparmor implementation of security callback
++    - d/p/ubuntu-aa/0046-apparmor-virt-aa-helper-drop-static-channel-rule.patch:
++      this is now covered by chardev label callbacks
++  * Added Changes:
++    - Revert Debian change "Drop libvirt-bin upgrade handling"
++      This is needed in Ubuntu one last time (drop >18.04)
++    - Revert Debian change "Drop maintscript helpers for versions predating
++      jessie and wheezy-backports". This is needed in Ubuntu one last
++      time (drop >18.04)
++    - Refreshed d/p/* to match new version (only fuzz, no semantic change)
++    - d/libvirt-daemon-system.postrm: change order of libvirt-qemu removal
++      to avoid error messages on purge
++    - remove no more used libvirt-dnsmasq user (drop >18.04)
++    - d/p/ubuntu-aa/0040-apparmor-add-mediation-rules-for-unconfined.patch:
++      apparmor: add mediation rules for unconfined guests
++    - d/p/ubuntu-aa/0042-security-introduce-virSecurityManager-Set-Restore-Ch
++      .patch: backport upstream cahnge to expose already used chardev calls.
++    - d/libvirt-daemon-system.postrm: Remove the default.xml network link
++      set up by postinst.
++    - d/libvirt-daemon-system.maintscript: remove the now dropped conffile
++      /etc/cron.daily/libvirt-daemon-system
++    - d/libvirt-daemon-system.postinst: fixups for autostart default network
++      - use modern shell syntax
++      - try more default networks before giving up to enable by default
++    - d/p/ubuntu-aa/0020-virt-aa-helper-ubuntu-storage-paths.patch:
++      add multipass image path and mark as ubuntu only change.
++    - d/rules: install virtlockd correctly with defaults file (LP: #1729516)
++    - extended d/p/0025-apparmor-fix-newer-virt-manager-1.4.0.patch to cover
++      the slightly changed behavior of libvirt 4.0 (LP: #1741617)
++    - d/control: make libvirt-daemon-driver-storage-rbd a recommend instead of
++      just a suggest to have 3rd party relying on rbd out of the box working.
++      This is deprecated and users of rbd backend should start depending on
++      this package for it will be dropped to a suggest in future releases.
++
++ -- Christian Ehrhardt <christian.ehrhardt@canonical.com>  Thu, 14 Dec 2017 14:15:55 +0100
++
  libvirt (4.0.0-1) unstable; urgency=medium
    * [5936904] New upstream version 4.0.0
@@ -1093,6 +3257,206 @@ libvirt (3.7.0-1) unstable; urgency=medium
   -- Guido Günther <agx@sigxcpu.org>  Fri, 08 Sep 2017 14:52:38 +0200
++libvirt (3.6.0-1ubuntu6) artful; urgency=medium
++
++  * d/p/ubuntu-aa/0037-virt-aa-helper...: grant locking permission on append
++    files (LP: #1726804)
++  * d/p/ubuntu-aa/0038-virt-aa-helper-fix-paths-for-usb-hostdevs.patch:
++    fix path generation for USB host devices (LP: #1552241)
++  * d/p/ubuntu-aa/0039-virt-aa-helper-fix-libusb-access-to-udev-usb-data.patch:
++    generate valid rules on usb passthrough (LP: #1686324)
++
++ -- Christian Ehrhardt <christian.ehrhardt@canonical.com>  Tue, 24 Oct 2017 14:30:34 +0200
++
++libvirt (3.6.0-1ubuntu5) artful; urgency=medium
++
++  * d/p/u/gnulib-getopt-posix-Fix-build-failure-when-using-ac_cv_head.patch:
++    fix FTBFS with glibc 2.26 (LP: #1718668)
++
++ -- Christian Ehrhardt <christian.ehrhardt@canonical.com>  Thu, 28 Sep 2017 08:18:10 -0400
++
++libvirt (3.6.0-1ubuntu4) artful; urgency=medium
++
++  * d/p/avoid-double-locking.patch: fix a deadlock that could occur when
++    libvirtd interactions raced with dbus causing a deadlock (LP: #1714254).
++
++ -- Christian Ehrhardt <christian.ehrhardt@canonical.com>  Fri, 01 Sep 2017 10:29:35 +0200
++
++libvirt (3.6.0-1ubuntu3) artful; urgency=medium
++
++  * No change rebuild for Qemu 2.10 and Xen 4.9
++
++ -- Christian Ehrhardt <christian.ehrhardt@canonical.com>  Mon, 21 Aug 2017 10:34:13 +0200
++
++libvirt (3.6.0-1ubuntu2) artful; urgency=medium
++
++  * d/p/ubuntu-aa/0036-virt-aa-helper-locking-loader-nvram-for-qemu-2.10.patch:
++    for compatibility with the behavior of qemu 2.10 this adds locking
++    permission to rules generated for loader/nvram (LP: #1710960)
++
++ -- Christian Ehrhardt <christian.ehrhardt@canonical.com>  Thu, 17 Aug 2017 10:00:19 +0200
++
++libvirt (3.6.0-1ubuntu1) artful; urgency=medium
++
++  * Merged with Debian unstable (3.6)
++    This closes several bugs:
++    - aarch64: improved chardev handling (LP: #1697610)
++    - Forbid locking memory without memtune (LP: #1708305)
++  * Remaining changes:
++    - Disable sheepdog (universe dependency)
++    - Disable libssh2 support (universe dependency)
++    - Disable firewalld support (universe dependency)
++    - Disable selinux
++    - Set qemu-group to kvm (for compat with older ubuntu)
++    - Regularly clear AppArmor profiles for vms that no longer exist
++    - Additional apport package-hook
++    - Modifications to adapt for our delayed switch away from libvirt-bin (can
++      be dropped >18.04).
++      + d/p/ubuntu/libvirtd-service-add-bin-alias.patch: systemd: define alias
++        to old service name so that old references work
++      + d/p/ubuntu/libvirtd-init-add-bin-alias.patch: sysv init: define alias
++        to old service name so that old references work
++      + d/control: transitional package with the old name and maintainer
++        scripts to handle the transition
++    - Backwards compatible handling of group rename (can be dropped >18.04).
++    - config details and autostart of default bridged network. Creating that is
++      now the default in general, yet our solution provides the following on
++      top as of today:
++      + nat only on some ports <port start='1024' end='65535'/>
++      + autostart the default network by default
++      + do not autostart if 192.168.122.0 is already taken (e.g. in containers)
++    - d/p/ubuntu/Allow-libvirt-group-to-access-the-socket.patch: This is
++      the group based access to libvirt functions as it was used in Ubuntu
++      for quite long.
++      + d/p/ubuntu/daemon-augeas-fix-expected.patch fix some related tests
++        due to the group access change.
++    - ubuntu/parallel-shutdown.patch: set parallel shutdown by default.
++    - d/p/ubuntu/enable-kvm-spice.patch: compat with older Ubuntu qemu/kvm
++      which provided a separate kvm-spice.
++    - d/p/ubuntu/storage-disable-gluster-test: gluster not enabled, skip test
++    - d/p/ubuntu/ubuntu-libxl-qemu-path.patch: this change was split. The
++      section that adapts the path of the emulator to the Debian/Ubuntu
++      packaging is kept.
++    - d/p/ubuntu/ubuntu-libxl-Fix-up-VRAM-to-minimum-requirements.patch: auto
++      set VRAM to minimum requirements
++    - d/p/ubuntu/xen-default-uri.patch: set default URI on xen hosts
++    - Add libxl log directory
++    - libvirt-uri.sh: Automatically switch default libvirt URI for users on
++      Xen dom0 via user profile (was missing on changelogs before)
++    - d/p/ubuntu/apibuild-skip-libvirt-common.h: drop libvirt-common.h from
++      included_files to avoid build failures due to duplicate definitions.
++    - Update README.Debian with Ubuntu changes
++    - Convert libvirt0, libnss_libvirt and libvirt-dev to multi-arch.
++    - Enable some additional features on ppc64el and s390x (for arch parity)
++      + systemtap, zfs, numa and numad on s390x.
++      + systemtap on ppc64el.
++    - fix conffile upgrade handling to avoid obsolete files
++      and inactive duplicates (LP 1694159)
++    - d/t/control, d/t/smoke-qemu-session: fixup smoke-qemu-session by making
++      vmlinuz available and accessible (Debian bug 848314)
++    - d/test/smoke-lxc workaround for debbug 848317/867379
++    - d/t/control, d/t/smoke-lxc: fix up lxc smoke test (Debian bug 848317)
++    - Extended handling of apparmor profiles - clear lost profiles via cron
++    - Add dnsmasq configuration to work with system wide dnsmasq (drop >18.04,
++      no more UCA onto Xenial then which has global dnsmasq by default).
++    - d/p/ubuntu/ubuntu_machine_type.patch: accept ubuntu types as pci440fx
++    - conffile handling of files dropped in 3.5 (can be dropped >18.04)
++      + /etc/init.d/virtlockd was sysv init only
++      + /etc/apparmor.d/local/usr.sbin.libvirtd and
++        /etc/apparmor.d/local/usr.lib.libvirt.virt-aa-helper are now generated
++        by dh_apparmor as needed
++    - Reworked apparmor Delta, especially the more complex delta is dropped
++      now, also our former delta is now split into logical pieces, has
++      improved comments and is part of a continuous upstreaming effort.
++      Listing related remaining changes:
++      + d/p/0001-apparmor-Allow-pygrub-to-run-on-Debian-Ubuntu.patch: apparmor:
++        Allow pygrub to run on Debian/Ubuntu
++      + d/p/0002-apparmor-libvirt-qemu-Allow-macvtap-access.patch: apparmor,
++        libvirt-qemu: Allow macvtap access
++      + d/p/0003-apparmor-libvirt-qemu-Allow-read-access-to-overcommi.patch:
++        apparmor, libvirt-qemu: Allow read access to overcommit_memory
++      + d/p/0004-apparmor-Explicit-deny-for-setpcap.patch: apparmor: Explicit
++        deny for setpcap
++      + d/p/0005-apparmor-libvirt-qemu-Allow-use-of-sgabios.patch: apparmor,
++        libvirt-qemu: Allow use of sgabios
++      + d/p/0006-apparmor-libvirt-qemu-Silence-lttng-related-deny-mes.patch:
++        apparmor, libvirt-qemu: Silence lttng related deny messages
++      + d/p/0007-apparmor-libvirt-qemu-Allow-owner-read-access-to-PRO.patch:
++        apparmor, libvirt-qemu: Allow owner read access to @{PROC}/*/auxv
++      + d/p/0008-apparmor-libvirt-qemu-Allow-read-access-to-sysfs-sys.patch:
++        apparmor, libvirt-qemu: Allow read access to sysfs system info
++      + d/p/0009-apparmor-libvirt-qemu-Allow-read-access-to-max_mem_r.patch:
++        apparmor, libvirt-qemu: Allow read access to max_mem_regions
++      + d/p/0010-apparmor-libvirt-qemu-Allow-qemu-block-extra-librari.patch:
++        apparmor, libvirt-qemu: Allow qemu-block-extra libraries
++      + d/p/0011-apparmor-libvirt-qemu-Allow-access-to-hugepage-mount.patch:
++        apparmor, libvirt-qemu: Allow access to hugepage mounts
++      + d/p/0012-apparmor-libvirtd-Allow-access-to-netlink-sockets.patch:
++        apparmor, libvirtd: Allow access to netlink sockets
++      + d/p/0013-apparmor-Add-rules-for-mediation-support.patch:
++        apparmor: Add rules for mediation support
++      + d/p/0014-apparmor-virt-aa-helper-Improve-comment-about-backin.patch:
++        apparmor, virt-aa-helper: Improve comment about backing store
++      + d/p/0015-apparmor-virt-aa-helper-Allow-access-to-ecryptfs-fil.patch:
++        apparmor, virt-aa-helper: Allow access to ecryptfs files
++      + d/p/0016-apparmor-libvirtd-Allow-ixr-to-var-lib-libvirt-virtd.patch:
++        apparmor, libvirtd: Allow ixr to /var/lib/libvirt/virtd*
++      + d/p/0017-apparmor-virt-aa-helper-Allow-access-to-tmp-director.patch:
++        apparmor, virt-aa-helper: Allow access to tmp directories
++      + d/p/0018-apparmor-virt-aa-helper-Add-ipv6-network-policy.patch:
++        apparmor, virt-aa-helper: Add ipv6 network policy
++      + d/p/0019-apparmor-virt-aa-helper-Allow-access-to-sys-bus-usb-.patch:
++        apparmor, virt-aa-helper: Allow access to /sys/bus/usb/devices
++      + d/p/0020-apparmor-virt-aa-helper-Allow-various-storage-pools-.patch:
++        apparmor, virt-aa-helper: Allow various storage pools and image
++        locations
++      + d/p/0021-apparmor-virt-aa-helper-Add-openvswitch-support.patch:
++        apparmor, virt-aa-helper: Add openvswitch support
++      + d/p/0022-apparmor-drop-references-to-qemu-kvm.patch: apparmor: drop
++        references to qemu-kvm
++      + d/p/0023-apparmor-qemu-won-t-call-qemu-nbd.patch: apparmor: qemu
++        won't call qemu-nbd
++      + d/p/0024-apparmor-virt-aa-helper-Allow-access-to-name-service.patch:
++        apparmor, virt-aa-helper: Allow access to name services
++      + d/p/0025-apparmor-fix-newer-virt-manager-1.4.0.patch: Add Apparmor
++        permissions so virt-manager 1.4.0 viewing works (LP 1668681).
++      + d/p/0026-apparmor-add-generic-base-vfio-device.patch: apparmor: add
++        /dev/vfio for vf (hot) attach (LP 1680384).
++      + d/p/0027-apparmor-allow-reading-cmdline-of-shutdown-signal.patch:
++        apparmor: allow to parse cmdline of the pid that send the shutdown
++        signal (LP 1680384).
++      + d/p/0028-apparmor-add-default-pki-path-of-lbvirt-spice.patch:
++        apparmor: add default pki path of lbvirt-spice (LP 1690140)
++      + d/p/0029-appmor-libvirt-qemu-Add-9p-support.patch: appmor,
++        libvirt-qemu: Add 9p support
++      + d/p/0030-virt-aa-helper-Complete-9p-support.patch: virt-aa-helper:
++        add l to 9p file options.
++      + d/p/0031-virt-aa-helper-Ask-for-no-deny-rule-for-readonly-dis.patch:
++        virt-aa-helper: Ask for no deny rule for readonly disk (renamed and
++        reworded, was virt-aa-helper-no-explicity-deny-for-basefiles.patch)
++      + d/p/0032-apparmor-libvirt-qemu-Allow-reading-charm-specific-c.patch:
++        apparmor, libvirt-qemu: Allow reading charm-specific ceph config
++      + d/p/0033-UBUNTU-only-apparmor-for-kvm.powerpc-LP-1680384.patch: allow
++        commands executed by ubuntu only kvm wrapper on ppc64el (LP 1686621).
++      + d/p/0034-apparmor-virt-aa-helper-access-for-snapped-nova.patch:
++        apparmor, virt-aa-helper: access for snapped nova
++  * Dropped Changes (Upstream):
++    - d/p/ubuntu/fix-libxl-default-driver-name.patch: avoid an issue with
++      default driver entries missing name='qemu'.
++    - d/p/u/aa-helper-Properly-link-with-storage-driver.patch (LP 1704782)
++      Fix to be able to follow BackinStorage chains when creating per
++      guest apparmor rules.
++  * Dropped Changes (In Debian):
++    - Enable esx support
++      + Add build-dep to libcurl4-gnutls-dev (required for esx)
++  * Added Changes:
++    - d/p/ubuntu-aa/0035-virt-aa-helper-locking-disk-files-for-qemu-2.10.patch:
++      for compatibility with the behavior of qemu 2.10 this adds locking
++      permission to rules generated for disk files (LP: #1709818)
++
++
++ -- Christian Ehrhardt <christian.ehrhardt@canonical.com>  Thu, 10 Aug 2017 12:44:47 +0200
++
  libvirt (3.6.0-1) unstable; urgency=medium
    * [ece8d56] New upstream version 3.6.0 (Closes: #870626)
@@ -1109,6 +3473,264 @@ libvirt (3.6.0-1) unstable; urgency=medium
   -- Guido Günther <agx@sigxcpu.org>  Fri, 04 Aug 2017 00:05:47 -0300
++libvirt (3.5.0-1ubuntu3) artful; urgency=medium
++
++  * Refresh changes to match they way they were accepted upstream
++    - d/p/u/aa-helper-Properly-link-with-storage-driver.patch add commit
++      reference now that it is in git.
++    - d/p/u/fix-libxl-default-driver-name.patch: instead of addin the
++      name this is now fixed by relaxing the schema.
++
++ -- Christian Ehrhardt <christian.ehrhardt@canonical.com>  Wed, 19 Jul 2017 12:48:39 +0200
++
++libvirt (3.5.0-1ubuntu2) artful; urgency=medium
++
++  * d/p/u/aa-helper-Properly-link-with-storage-driver.patch (LP: #1704782)
++    Fix to be able to follow BackinStorage chains when creating per
++    guest apparmor rules.
++
++ -- Christian Ehrhardt <christian.ehrhardt@canonical.com>  Tue, 18 Jul 2017 16:34:57 +0200
++
++libvirt (3.5.0-1ubuntu1) artful; urgency=medium
++
++  * Merged with Debian unstable (3.5)
++    This closes several bugs:
++    - improved handling of host-model since libvirt 3.2 (LP: #1673467)
++    - Adding POWER9 cpu model to cpu_map.xml (LP: #1690209)
++  * Remaining changes:
++    - Disable sheepdog (universe dependency)
++    - Disable libssh2 support (universe dependency)
++    - Disable firewalld support (universe dependency)
++    - Disable selinux
++    - Enable esx support
++      + Add build-dep to libcurl4-gnutls-dev (required for esx)
++    - Set qemu-group to kvm (for compat with older ubuntu)
++    - Regularly clear AppArmor profiles for vms that no longer exist
++    - Additional apport package-hook
++    - Modifications to adapt for our delayed switch away from libvirt-bin (can
++      be dropped >18.04).
++      + d/p/ubuntu/libvirtd-service-add-bin-alias.patch: systemd: define alias
++        to old service name so that old references work
++      + d/p/ubuntu/libvirtd-init-add-bin-alias.patch: sysv init: define alias
++        to old service name so that old references work
++      + d/control: transitional package with the old name and maintainer
++        scripts to handle the transition
++    - Backwards compatible handling of group rename (can be dropped >18.04).
++    - config details and autostart of default bridged network. Creating that is
++      now the default in general, yet our solution provides the following on
++      top as of today:
++      + nat only on some ports <port start='1024' end='65535'/>
++      + autostart the default network by default
++      + do not autostart if 192.168.122.0 is already taken (e.g. in containers)
++    - d/p/ubuntu/Allow-libvirt-group-to-access-the-socket.patch: This is
++      the group based access to libvirt functions as it was used in Ubuntu
++      for quite long.
++      + d/p/ubuntu/daemon-augeas-fix-expected.patch fix some related tests
++        due to the group access change.
++    - ubuntu/parallel-shutdown.patch: set parallel shutdown by default.
++    - d/p/ubuntu/enable-kvm-spice.patch: compat with older Ubuntu qemu/kvm
++      which provided a separate kvm-spice.
++    - d/p/ubuntu/storage-disable-gluster-test: gluster not enabled, skip test
++    - d/p/ubuntu/ubuntu-libxl-qemu-path.patch: this change was split. The
++      section that adapts the path of the emulator to the Debian/Ubuntu
++      packaging is kept.
++    - d/p/ubuntu/ubuntu-libxl-Fix-up-VRAM-to-minimum-requirements.patch: auto
++      set VRAM to minimum requirements
++    - d/p/ubuntu/xen-default-uri.patch: set default URI on xen hosts
++    - Add libxl log directory
++    - libvirt-uri.sh: Automatically switch default libvirt URI for users on
++      Xen dom0 via user profile (was missing on changelogs before)
++    - d/p/ubuntu/apibuild-skip-libvirt-common.h: drop libvirt-common.h from
++      included_files to avoid build failures due to duplicate definitions.
++    - Update README.Debian with Ubuntu changes
++    - Convert libvirt0, libnss_libvirt and libvirt-dev to multi-arch.
++    - Enable some additional features on ppc64el and s390x (for arch parity)
++      + systemtap, zfs, numa and numad on s390x.
++      + systemtap on ppc64el.
++    - fix conffile upgrade handling to avoid obsolete files
++      and inactive duplicates (LP 1694159)
++    - d/t/control, d/t/smoke-qemu-session: fixup smoke-qemu-session by making
++      vmlinuz available and accessible (Debian bug 848314)
++    - d/t/control, d/t/smoke-lxc: fix up lxc smoke test (Debian bug 848317)
++    - Extended handling of apparmor profiles - clear lost profiles via cron
++    - Add dnsmasq configuration to work with system wide dnsmasq (drop >18.04,
++      no more UCA onto Xenial then which has global dnsmasq by default).
++    - Reworked apparmor Delta, especially the more complex delta is dropped
++      now, also our former delta is now split into logical pieces, has
++      improved comments and is part of a continuous upstreaming effort.
++      Listing related remaining changes:
++      + d/p/0001-apparmor-Allow-pygrub-to-run-on-Debian-Ubuntu.patch: apparmor:
++        Allow pygrub to run on Debian/Ubuntu
++      + d/p/0002-apparmor-libvirt-qemu-Allow-macvtap-access.patch: apparmor,
++        libvirt-qemu: Allow macvtap access
++      + d/p/0003-apparmor-libvirt-qemu-Allow-read-access-to-overcommi.patch:
++        apparmor, libvirt-qemu: Allow read access to overcommit_memory
++      + d/p/0004-apparmor-Explicit-deny-for-setpcap.patch: apparmor: Explicit
++        deny for setpcap
++      + d/p/0005-apparmor-libvirt-qemu-Allow-use-of-sgabios.patch: apparmor,
++        libvirt-qemu: Allow use of sgabios
++      + d/p/0006-apparmor-libvirt-qemu-Silence-lttng-related-deny-mes.patch:
++        apparmor, libvirt-qemu: Silence lttng related deny messages
++      + d/p/0007-apparmor-libvirt-qemu-Allow-owner-read-access-to-PRO.patch:
++        apparmor, libvirt-qemu: Allow owner read access to @{PROC}/*/auxv
++      + d/p/0008-apparmor-libvirt-qemu-Allow-read-access-to-sysfs-sys.patch:
++        apparmor, libvirt-qemu: Allow read access to sysfs system info
++      + d/p/0009-apparmor-libvirt-qemu-Allow-read-access-to-max_mem_r.patch:
++        apparmor, libvirt-qemu: Allow read access to max_mem_regions
++      + d/p/0010-apparmor-libvirt-qemu-Allow-qemu-block-extra-librari.patch:
++        apparmor, libvirt-qemu: Allow qemu-block-extra libraries
++      + d/p/0011-apparmor-libvirt-qemu-Allow-access-to-hugepage-mount.patch:
++        apparmor, libvirt-qemu: Allow access to hugepage mounts
++      + d/p/0012-apparmor-libvirtd-Allow-access-to-netlink-sockets.patch:
++        apparmor, libvirtd: Allow access to netlink sockets
++      + d/p/0013-apparmor-Add-rules-for-mediation-support.patch:
++        apparmor: Add rules for mediation support
++      + d/p/0014-apparmor-virt-aa-helper-Improve-comment-about-backin.patch:
++        apparmor, virt-aa-helper: Improve comment about backing store
++      + d/p/0015-apparmor-virt-aa-helper-Allow-access-to-ecryptfs-fil.patch:
++        apparmor, virt-aa-helper: Allow access to ecryptfs files
++      + d/p/0016-apparmor-libvirtd-Allow-ixr-to-var-lib-libvirt-virtd.patch:
++        apparmor, libvirtd: Allow ixr to /var/lib/libvirt/virtd*
++      + d/p/0017-apparmor-virt-aa-helper-Allow-access-to-tmp-director.patch:
++        apparmor, virt-aa-helper: Allow access to tmp directories
++      + d/p/0018-apparmor-virt-aa-helper-Add-ipv6-network-policy.patch:
++        apparmor, virt-aa-helper: Add ipv6 network policy
++      + d/p/0019-apparmor-virt-aa-helper-Allow-access-to-sys-bus-usb-.patch:
++        apparmor, virt-aa-helper: Allow access to /sys/bus/usb/devices
++      + d/p/0020-apparmor-virt-aa-helper-Allow-various-storage-pools-.patch:
++        apparmor, virt-aa-helper: Allow various storage pools and image
++        locations
++      + d/p/0021-apparmor-virt-aa-helper-Add-openvswitch-support.patch:
++        apparmor, virt-aa-helper: Add openvswitch support
++      + d/p/0022-apparmor-drop-references-to-qemu-kvm.patch: apparmor: drop
++        references to qemu-kvm
++      + d/p/0023-apparmor-qemu-won-t-call-qemu-nbd.patch: apparmor: qemu
++        won't call qemu-nbd
++      + d/p/0024-apparmor-virt-aa-helper-Allow-access-to-name-service.patch:
++        apparmor, virt-aa-helper: Allow access to name services
++      + d/p/0025-apparmor-fix-newer-virt-manager-1.4.0.patch: Add Apparmor
++        permissions so virt-manager 1.4.0 viewing works (LP 1668681).
++      + d/p/0026-apparmor-add-generic-base-vfio-device.patch: apparmor: add
++        /dev/vfio for vf (hot) attach (LP 1680384).
++      + d/p/0027-apparmor-allow-reading-cmdline-of-shutdown-signal.patch:
++        apparmor: allow to parse cmdline of the pid that send the shutdown
++        signal (LP 1680384).
++      + (28 is a new patch, listed in added changes)
++      + d/p/0029-appmor-libvirt-qemu-Add-9p-support.patch: appmor,
++        libvirt-qemu: Add 9p support
++      + d/p/0030-virt-aa-helper-Complete-9p-support.patch: virt-aa-helper:
++        add l to 9p file options.
++      + d/p/0031-virt-aa-helper-Ask-for-no-deny-rule-for-readonly-dis.patch:
++        virt-aa-helper: Ask for no deny rule for readonly disk (renamed and
++        reworded, was virt-aa-helper-no-explicity-deny-for-basefiles.patch)
++      + d/p/0032-apparmor-libvirt-qemu-Allow-reading-charm-specific-c.patch:
++        apparmor, libvirt-qemu: Allow reading charm-specific ceph config
++      + d/p/0033-UBUNTU-only-apparmor-for-kvm.powerpc-LP-1680384.patch: allow
++        commands executed by ubuntu only kvm wrapper on ppc64el (LP 1686621).
++      + d/p/0034-apparmor-virt-aa-helper-access-for-snapped-nova.patch:
++        apparmor, virt-aa-helper: access for snapped nova
++    - remaining but updated to match the latest release
++      + d/p/Disable-use-of-namespaces-by-default.patch (Debian change)
++      + d/p/Reduce-udevadm-settle-timeout-to-10-seconds.patch (Debian change)
++      + d/p/debian/apparmor_profiles_local_include.patch Include local
++        apparmor profile (Debian change)
++      + d/p/ubuntu/ubuntu_machine_type.patch: accept ubuntu types as pci440fx
++      + d/test/smoke-lxc workaround for debbug 848317/867379
++  * Dropped Changes (Upstream):
++    - Add missing apparmor rule for debug-threads feature (LP 1615550).
++    - Add new block device types to virt-aa-helpers profile (LP 1641618)
++    - d/p/ubuntu/storage-default-permission-mode-to-0711: safer default perms
++      for storage dirs like /var/lib/libvirt/images.
++    - d/p/ubuntu/libvirtd-service-nolimit.patch: remove proc/file/task limits
++      to support huge systems.
++    - d/p/ubuntu/libvirtd-service-set-notifyaccess.patch: set NotifyAccess=all
++      in libvirtd.service (-d not allowed to be specified, everything else
++      upstream so drop delta; LP 1574566).
++    - d/p/ubuntu/qemu_process-spice-don-t-release-used-port.patch: qemu_process
++      spice: don't release used port (LP 1697729).
++    - d/p/ubuntu/virsh-maxvcpu-fall-back-to-old-command.patch: virsh: maxvcpus:
++      Always fall back to the old command if domain caps fail (LP 1674298)
++    - d/p/ubuntu/qemu-Allow-empty-script-path-to-interface.patch: in the past
++      it was possible to have <script path=''/> which now fails - fix to match
++      the old behavior (LP 1665698)
++    - Reworked apparmor Delta and started upstreaming, listing related
++      changes dropped:
++      + Apparmor feature parsing to depend on new apparmor features which
++        appear in different versions across distributions (no more needed
++        >=Xenial, allows to now separate changes and upstream more easily).
++      + d/p/ubuntu/Ensure-disk-names-follow-the-disk-name-regex.patch:
++        guarantee disk spec is following the defined regex (LP 1665410).
++      + d/p/ubuntu/virt-aa-helper-add-guest-agent-rule.patch: add
++        virt-aa-helper rule allowing all private channel access.
++      + d/p/ubuntu/virt-aa-helper-apparmor-allow-usr-share-AAVMF-too.patch:
++        virt-aa-helper to allow access to aarch64 UEFI images.
++      + d/rules, apparmor: include and install local apparmor profiles (This
++        is now done by dh_apparmor automatically)
++      + add local apparmor override templates (provided by dh_apparmor now)
++      + Fix name resolution calls from virt-aa-helper profile (LP 1546674).
++      + virt-aa-helper, apparmor: allow /usr/share/OVMF/ too
++      + virt-aa-helper: Generalize test for firmware paths
++      + apparmor, virt-aa-helper: Allow aarch64 UEFI.
++      + apparmor, libvirt-qemu: Add ppc64el related changes
++      + apparmor, libvirtd: Allow libxl-save-helper to run on Debian/Ubuntu
++      + apparmor, libvirt-qemu: Allow access to ceph config
++      + apparmor, libvirt-qemu: Allow access to certificates used by libvirt-vnc
++      + apparmor, virt-aa-helper: Explicit denies for host devices
++      + apparmor, virt-aa-helper: Allow access to libnl-3 config files
++      + apparmor, libvirt-qemu: allow access to pt_chown for pty consoles
++  * Dropped Changes (In Debian):
++    - d/rules: debhelper start virtlogd.socket
++    - d/p/ubuntu/Debianize-virtlogd-service.patch: Adapt config file location
++      for Debian based systems.
++    - Additional debian/bug-presubj
++    - Extended handling of apparmor profiles - reload and remove in maintainer
++      scripts (dh_apparmor* now generate these snippets)
++  * Dropped Changes (no SysV anymore):
++    - Add sysvinit script for virtlockd
++    - Wait on socket in sysvinit script
++    - d/rules: dh_installinit virtlockd (was part of "Cleanup systemd
++      debhelper"
++    - d/p/ubuntu/Debianize-virtlockd-init.patch: Fix default config path in
++      virtlockd.init for Debian based systems.
++  * Dropped Changes (other reasons):
++    - d/p/ubuntu/dnsmasq-as-priv-user: configuration to run as extra user
++      This used group libvirt instead of nobody which makes it worse; Needs
++      to be fixed upstream (LP: #1690729).
++      + d/p/ubuntu/disable-network-test.patch: disable test failing due to
++        dnsmasq changes.
++    - Add .gitignore for .pc
++    - we keep lxc support as Debian does, but stop adding delta. It feels
++      somewhat less maintained than e.g. libvirt for qemu. Also for secure
++      and comfortable container management lxd is clearly preferred. The
++      delta caused more issues than it solved so deliver libvirt-lxc as-is
++      and drop the related delta.
++      + d/p/ubuntu/9031-enable-lxc-apparmor: enable apparmor confinement of
++        containers by default.
++      + d/p/ubuntu/9032-lxc-allow-no-security-driver: allow empty sec driver
++        for libvirt-lxc.
++    - The following xen changes are no more required with current versions
++      + d/p/ubuntu/ubuntu-libxl-hvmloader-path.patch: Fallback for libxl
++        xen paths (LP 1459603)
++      + d/p/ubuntu/ubuntu-libxl-qemu-path.patch: this change was split. The
++        section about compat to the very old qemu-dm name is no more needed.
++      + d/p/ubuntu/libxl-fix-test-data.patch and
++        d/p/ubuntu/fix-xen-xml-in-tests.patch: updated and unified into the
++        former one + also updated the maintainer notes to ease updating.
++      + d/p/ubuntu/libxl-no-dm-check.patch: Stop calling emulator to identify
++        device-model
++  * Added Changes:
++    - d/p/0028-apparmor-add-default-pki-path-of-lbvirt-spice.patch:
++      apparmor: add default pki path of lbvirt-spice (LP: #1690140)
++    - conffile handling of files dropped in 3.5 (can be dropped >18.04)
++      + /etc/init.d/virtlockd was sysv init only
++      + /etc/apparmor.d/local/usr.sbin.libvirtd and
++        /etc/apparmor.d/local/usr.lib.libvirt.virt-aa-helper are now generated
++        by dh_apparmor as needed
++    - d/p/ubuntu/fix-libxl-default-driver-name.patch: avoid an issue with
++      default driver entries missing name='qemu'.
++
++ -- Christian Ehrhardt <christian.ehrhardt@canonical.com>  Thu, 06 Jul 2017 15:43:17 +0200
++
  libvirt (3.5.0-1) unstable; urgency=medium
    [ Guido Günther ]
@@ -1202,6 +3824,233 @@ libvirt (3.0.0-1) experimental; urgency=medium
   -- Guido Günther <agx@sigxcpu.org>  Thu, 19 Jan 2017 18:51:18 +0100
++libvirt (2.5.0-3ubuntu10) artful; urgency=medium
++
++  * d/p/ubuntu/0004-apparmor-apply-ubuntu-delta.patch: Allow access to base
++    images and snapshots stored in nova-hypervisor snap's $SNAP_COMMON
++    directory, enabling use of the libvirt deb from the nova-hypervisor
++    snap (LP: #1644507).
++
++ -- Corey Bryant <corey.bryant@canonical.com>  Thu, 22 Jun 2017 14:29:39 -0400
++
++libvirt (2.5.0-3ubuntu9) artful; urgency=medium
++
++  * d/p/ubuntu/qemu_process-spice-don-t-release-used-port.patch: qemu_process
++    spice: don't release used port (LP: #1697729) - upstream in libvirt 3.1.
++
++ -- Christian Ehrhardt <christian.ehrhardt@canonical.com>  Wed, 14 Jun 2017 14:49:16 +0200
++
++libvirt (2.5.0-3ubuntu8) artful; urgency=medium
++
++  * fix conffile upgrade handling to avoid obsolete files
++    and inactive duplicates (LP: #1694159)
++    - d/libvirt-daemon-system.maintscript: revert to Debian content
++    - d/libvirt-bin.maintscript: add missing rm_conffile related to
++      dropping upstart.
++    - d/libvirt-bin.maintscript: add missing rm of conffiles due
++      to re-aligning with debian package names since yakkety.
++    - d/libvirt-bin.maintscript: for LTS->LTS upgraders try to move and retain
++      custom changes.
++    - d/libvirt-bin.maintscript: for upgraders from yakkety or later remove
++      the (now duplicate) conffiles, but retain custom changes in backups if
++      they exist
++    - d/libvirt-bin.preinst: drop manual mv of conffiles which lacked
++      retaining changes and upgrade-abort handling.
++    - d/libvirt-bin.preinst: handle upgrades up to the latest predecessor
++      possible before yakkety.
++    - d/libvirt-bin.preinst: fixup the combination of rm+mv conffile in case
++      the package is upgrading from pre yakkety.
++    - d/libvirt-daemon-system.postinst: clean up old dnsmasq enablement symlink
++      if unmodified.
++
++ -- Christian Ehrhardt <christian.ehrhardt@canonical.com>  Wed, 31 May 2017 14:29:51 +0200
++
++libvirt (2.5.0-3ubuntu7) artful; urgency=medium
++
++  * debian/patches/ubuntu/apparmor-ppcwrapper.patch: update to add missing
++    colon (LP: #1686621).
++
++ -- Christian Ehrhardt <christian.ehrhardt@canonical.com>  Thu, 27 Apr 2017 13:16:05 +0200
++
++libvirt (2.5.0-3ubuntu6) artful; urgency=medium
++
++  * Add missing apparmor profile entries (LP: #1680384)
++    - debian/patches/ubuntu/apparmor-vfio.patch: apparmor: add /dev/vfio
++      for vf (hot) attach
++    - debian/patches/ubuntu/apparmor-ppcwrapper.patch: apparmor: allow
++      extra tools executed by kvm.powerpc
++    - debian/patches/ubuntu/apparmor-shutdown.patch: apparmor: allow to
++      parse cmdline of the pid that send the shutdown signal
++
++ -- Christian Ehrhardt <christian.ehrhardt@canonical.com>  Tue, 25 Apr 2017 14:10:06 +0200
++
++libvirt (2.5.0-3ubuntu5) zesty; urgency=medium
++
++  * d/p/ubuntu/virsh-maxvcpu-fall-back-to-old-command.patch: virsh: maxvcpus:
++    Always fall back to the old command if domain caps fail (LP: #1674298)
++
++ -- Christian Ehrhardt <christian.ehrhardt@canonical.com>  Tue, 21 Mar 2017 08:02:37 +0100
++
++libvirt (2.5.0-3ubuntu4) zesty; urgency=medium
++
++  * d/p/ubuntu/qemu-Allow-empty-script-path-to-interface.patch: in the past
++    it was possible to have <script path=''/> which now fails - fix to match
++    the old behavior (LP: #1665698)
++
++ -- Christian Ehrhardt <christian.ehrhardt@canonical.com>  Fri, 10 Mar 2017 08:57:18 +0100
++
++libvirt (2.5.0-3ubuntu3) zesty; urgency=medium
++
++  [ Christian Ehrhardt ]
++  * d/p/ubuntu/Ensure-disk-names-follow-the-disk-name-regex.patch:
++    guarantee disk spec is following the defined regex (LP: #1665410).
++
++  [ Bryan Quigley ]
++  * d/p/ubuntu/0007-apparmor-fix-for-new-virt-manager.patch: Add Apparmor
++    permissions so virt-manager 1.4.0 viewing works (LP: #1668681).
++
++ -- Christian Ehrhardt <christian.ehrhardt@canonical.com>  Mon, 06 Mar 2017 08:24:06 +0100
++
++libvirt (2.5.0-3ubuntu2) zesty; urgency=medium
++
++  * No-change rebuild to build against Xen-4.8 libs.
++
++ -- Stefan Bader <stefan.bader@canonical.com>  Thu, 26 Jan 2017 14:19:03 +0100
++
++libvirt (2.5.0-3ubuntu1) zesty; urgency=medium
++
++  * Merged with Debian unstable
++    - this picks up a fix for migrations using NFS mounts (LP: #1637601).
++  * Remaining changes:
++    - Disable sheepdog (universe dependency)
++    - Disable libssh2 support (universe dependency)
++    - Disable firewalld support (universe dependency)
++    - Disable selinux
++    - Enable esx support
++      - Add build-dep to libcurl4-gnutls-dev (required for esx)
++    - Set qemu-group to kvm (for compat with older ubuntu)
++    - Added changes to use the upstream apparmor profiles with added
++      delta (configurable via apparmor profiles version).
++      * d/p/u/000[1-6]-apparmor-*
++    - Regularly clear AppArmor profiles for vms that no longer exist
++    - Fix name resolution calls from virt-aa-helper profile (LP 1546674).
++    - Add missing apparmor rule for debug-threads feature (LP 1615550).
++    - Add new block device types to virt-aa-helpers profile (LP 1641618)
++    - Additional apport package-hook
++    - d/rules: debhelper start virtlogd.socket
++    - Add sysvinit script for virtlockd
++    - Additional debian/bug-presubj
++    - Modifications to adapt for our delayed switch away from libvirt-bin (can
++      be dropped after 18.04).
++      - d/p/ubuntu/libvirtd-service-add-bin-alias.patch: alias to old
++        libvirt-bin name.
++      - d/p/ubuntu/libvirtd-init-add-bin-alias.patch: provides for the old
++        libvirt-bin name.
++    - Wait on socket in sysvinit script
++    - Backwards compatible handling of groups (can be dropped after 18.04).
++    - config details and autostart of default bridged network. Creating that is
++      now the default in general, yet our solution provides the following on
++      top as of today:
++      - nat only on some ports <port start='1024' end='65535'/>
++      - autostart the default network by default
++      - do not autostart if 192.168.122.0 is already taken (e.g. in containers)
++    - d/p/ubuntu/Allow-libvirt-group-to-access-the-socket.patch: This is
++      the group based access to libvirt functions as it was used in Ubuntu
++      for quite long.
++      - d/p/ubuntu/daemon-augeas-fix-expected.patch fix some related tests
++        due to the group access change.
++    - d/p/ubuntu/dnsmasq-as-priv-user: configuration to run as extra user
++      - d/p/ubuntu/disable-network-test.patch: disable test failing due to
++        dnsmasq changes.
++    - ubuntu/parallel-shutdown.patch: set parallel shutdown by default.
++    - d/p/ubuntu/enable-kvm-spice.patch: compat with older Ubuntu qemu/kvm
++      which provided a separate kvm-spice.
++    - d/p/ubuntu/storage-default-permission-mode-to-0711: safer default perms
++      for storage dirs like /var/lib/libvirt/images.
++    - d/p/ubuntu/storage-disable-gluster-test: gluster not enabled, skip test
++    - d/p/ubuntu/9031-enable-lxc-apparmor: enable apparmor confinement of
++      containers by default.
++    - d/p/ubuntu/9032-lxc-allow-no-security-driver: allow empty sec driver for
++      libvirt-lxc.
++    - d/p/ubuntu/ubuntu_machine_type.patch: accept ubuntu types as pci440fx
++    - d/p/ubuntu/ubuntu-libxl-qemu-path.patch: Set common qemu path to match
++      Debian/Ubuntu Xen packaging.
++    - d/p/ubuntu/ubuntu-libxl-hvmloader-path.patch: Fallback for libxl
++      xen paths (LP 1459603)
++    - d/p/ubuntu/ubuntu-libxl-Fix-up-VRAM-to-minimum-requirements.patch: auto
++      set VRAM to minimum requirements
++    - d/p/ubuntu/libxl-no-dm-check.patch: Stop calling emulator to identify
++      device-model
++    - d/p/ubuntu/xen-default-uri.patch: set default URI on xen hosts
++    - fixup tests to match packaging of Xen (mostly different paths)
++      - d/p/ubuntu/libxl-fix-test-data.patch
++      - d/p/ubuntu/fix-xen-xml-in-tests.patch
++    - d/p/ubuntu/Debianize-virtlogd-service.patch: Adapt config file location
++      for Debian based systems.
++    - d/p/ubuntu/Debianize-virtlockd-init.patch: Fix default config path in
++      virtlockd.init for Debian based systems.
++    - d/p/ubuntu/9034-complete-9p-support: virt-aa-helper: add l to 9p file
++      options.
++    - d/p/ubuntu/parallel-shutdown.patch: shut guests down in parallel
++    - d/p/ubuntu/virt-aa-helper-no-explicity-deny-for-basefiles.patch: ask for
++      no deny rule for readonly disk elements.
++    - d/p/ubuntu/virt-aa-helper-add-guest-agent-rule.patch: add virt-aa-helper
++      rule allowing all private channel access
++    - d/p/ubuntu/libvirtd-service-nolimit.patch: remove proc/file/task limits
++      to support huge systems.
++    - d/p/ubuntu/virt-aa-helper-apparmor-allow-usr-share-AAVMF-too.patch:
++      virt-aa-helper to allow access to aarch64 UEFI images.
++    - d/p/ubuntu/libvirtd-service-set-notifyaccess.patch: set NotifyAccess=all
++      in libvirtd.service (LP 1574566).
++    - d/p/ubuntu/apibuild-skip-libvirt-common.h: drop libvirt-common.h from
++      included_files to avoid build failures due to duplicate definitions.
++    - Update README.Debian with Ubuntu changes
++    - Convert libvirt0, libnss_libvirt and libvirt-dev to multi-arch.
++    - Add libxl log directory
++    - Enable some additional features on ppc64el and s390x (for arch parity)
++      - systemtap, zfs, numa and numad on s390x.
++      - systemtap on ppc64el.
++  * Dropped Changes:
++    - Build depend on gnutls >= 3.5.6-4ubuntu2 (no > 3.5.6 && < 3.5.6-4ubuntu2
++      in any release left)
++    - Fix parsing non apparmor labels LP:#1633207 (upstream in libvirt 2.5)
++    - Ignore newlines in guest list (upstream in libvirt 2.4)
++    - Avoid migration postcopy issues by ensuring valid commands (upstream in
++      libvirt 2.5)
++    - Enable numa for arm64 (in Debian)
++    - Fix libvirt start failure when security_driver set (upstream in libvirt
++      2.2)
++    - virt-aa-helper: Fix upstream implementation of no explicit deny rule
++      (upstream in libvirt 2.3)
++    - Some useless whitespace damage and no more applicable comments
++    - The following patches were part of the Delta but not the series file.
++      So they had no effect and can be dropped now:
++      - ubuntu/9036-util-prepare-uri-for-libxml2-2.9.2.patch
++      - ubuntu/Disable-failing-virnetsockettest.patch
++      - ubuntu/dont-include-non-migrateable-features-in-host-model
++      - ubuntu/upstream-libxl-Allow-libxl-to-find-pygrub-binary.patch
++    - See the 2.1.0-1ubuntu15 and 2.1.0-1ubuntu16 changelogs for related
++      pre-merge drops
++    - Add build-dep to libxml-libxml-perl (no more needed)
++    - apparmor double add /usr/bin/qemu-sparc64 rmix (no function anymore)
++    - apparmor /usr/{lib,lib64}/qemu/block-*.so (in Debian)
++    - apparmor moving /bin/bash rmix in profile (drop non functional delta)
++    - follow Debians style of block-*.so rules for block-extra (drop our
++      functionally equivalent adding/moving of rules)
++    - follow Debians style of lib/lib64 rules (drop a lot of our functional
++      functionally equivalent adding/moving of rules)
++    - accept Upstream style to handle libvirt_iohelper and libvirt_parthelper
++      (stop removing the two rules without an associated bug to reduce delta)
++    - Disabling dep8 smoke tests
++  * Added Changes:
++    - d/t/control, d/t/smoke-qemu-session: fixup smoke-qemu-session by making
++      vmlinuz available and accessible (in discussed with Debian in debbug
++      848314)
++    - d/t/control, d/t/smoke-lxc: fix up lxc smoke test (in discussed with
++      Debian in debbug 848317)
++
++ -- Christian Ehrhardt <christian.ehrhardt@canonical.com>  Tue, 03 Jan 2017 13:58:30 +0100
++
  libvirt (2.5.0-3) unstable; urgency=medium
    * [ba9fcb8] Invoke db_stop.
@@ -1350,6 +4199,192 @@ libvirt (2.1.0-2) unstable; urgency=medium
   -- Guido Günther <agx@sigxcpu.org>  Fri, 19 Aug 2016 10:22:22 +0200
++libvirt (2.1.0-1ubuntu16) zesty; urgency=medium
++
++  * Ensure d/p/ubuntu/9002-default_uri_virsh_to_system.patch is
++    dropped as intended.
++  * Re-Add d/p/ubuntu/apibuild-skip-libvirt-common.h for an issue that
++    transiently occurs on LP builds (real trigger not yet identified, so it
++    can't be upstreamed).
++
++ -- Christian Ehrhardt <christian.ehrhardt@canonical.com>  Wed, 14 Dec 2016 09:30:58 +0100
++
++libvirt (2.1.0-1ubuntu15) zesty; urgency=medium
++
++  * Cleanup Ubuntu Delta prior to next libvirt merge
++    - drop obsolte patches:
++      d/p/ubuntu/cgroups-ignore-systemd-failure,
++      d/p/ubuntu/ubuntu-skip-virstoragetest,
++      d/p/ubuntu/9021-fix-uint64_t.patch,
++      ubuntu/Disable-failing-virnetsockettest.patch (was only comment),
++      d/p/ubuntu/9002-default_uri_virsh_to_system.patch,
++      d/p/ubuntu/ubuntu-xend-probe.patch
++    - clarify dep3 headers to be more useful:
++      d/p/ubuntu/Allow-libvirt-group-to-access-the-socket.patch,
++      d/p/ubuntu/daemon-augeas-fix-expected.patch,
++      d/p/ubuntu/enable-kvm-spice.patch,
++      d/p/ubuntu/dnsmasq-as-priv-user,
++      d/p/ubuntu/disable-network-test.patch
++    - split patch containing unrelated changes into two patches, so parts of
++      d/p/ubuntu/storage-default-permission-mode-to-0711 moved into
++      d/p/ubuntu/storage-disable-gluster-test
++
++ -- Christian Ehrhardt <christian.ehrhardt@canonical.com>  Mon, 12 Dec 2016 11:59:59 +0100
++
++libvirt (2.1.0-1ubuntu14) zesty; urgency=medium
++
++  * d/p/u/apparmor-fix-name-resolution.patch rework the fix to base
++    on the apparmor nameservice abstraction to be future proof (LP: #1546674).
++  * d/p/ubuntu/apparmor-fix-new-devicetypes.patch add new block device types to
++    virt-aa-helpers profile (LP: #1641618)
++  * d/p/u/apparmor-fix-other-seclabels.patch refresh to the now upstream
++    accepted solution (LP: #1633207).
++
++ -- Christian Ehrhardt <christian.ehrhardt@canonical.com>  Thu, 24 Nov 2016 08:06:38 +0100
++
++libvirt (2.1.0-1ubuntu13) zesty; urgency=medium
++
++  * drop d/p/ubuntu/fix-ftbfs-for-gnutls-3-5-6.patch as the offending change
++    in gnutls has been reverted (LP: #1641615)
++  * Build depend on gnutls >= 3.5.6-4ubuntu2 to build after the gnutls fix
++    migrated
++
++ -- Christian Ehrhardt <christian.ehrhardt@canonical.com>  Thu, 17 Nov 2016 08:43:10 +0100
++
++libvirt (2.1.0-1ubuntu12) zesty; urgency=medium
++
++  * d/p/ubuntu/fix-ftbfs-for-gnutls-3-5-6.patch fix FTBFS due to changes in
++    gnutls that affected the ordering on certificate DN entries (LP: #1641615)
++  * Revert "Fix FTBFS on zesty due to issues with concurrent make check" as it
++    was not the right solution.
++
++ -- Christian Ehrhardt <christian.ehrhardt@canonical.com>  Wed, 16 Nov 2016 14:52:17 +0100
++
++libvirt (2.1.0-1ubuntu11) zesty; urgency=medium
++
++  * Fix FTBFS on zesty due to issues with concurrent make check (LP: #1641615)
++
++ -- Christian Ehrhardt <christian.ehrhardt@canonical.com>  Tue, 15 Nov 2016 14:45:52 +0100
++
++libvirt (2.1.0-1ubuntu10) zesty; urgency=medium
++
++  [Simon Déziel]
++  * d/p/u/apparmor-fix-name-resolution.patch adds missing rules for name
++    resolution to virt-aa-helper Apparmor profile (LP: #1546674).
++  * d/p/u/apparmor-fix-debug-threads.patch adds missing rule for debug-threads
++    feature that is now default enabled to Apparmor profile (LP: #1615550).
++
++  [Christian Ehrhardt]
++  * d/p/u/apparmor-fix-other-seclabels.patch fixes an issue parsing non
++    apparmor security labels (LP: #1633207).
++
++ -- Christian Ehrhardt <christian.ehrhardt@canonical.com>  Mon, 24 Oct 2016 14:21:36 +0200
++
++libvirt (2.1.0-1ubuntu9) yakkety; urgency=medium
++
++  * Fix libvirt-guest.sh to handle multiple guests (LP: #1591695).
++
++ -- Stefan Bader <stefan.bader@canonical.com>  Thu, 06 Oct 2016 12:14:05 +0200
++
++libvirt (2.1.0-1ubuntu8) yakkety; urgency=medium
++
++  [ Christian Ehrhardt ]
++
++  * avoid migration postcopy issues by ensuring valid commands (LP: #1620906)
++    - d/p/ubuntu/check-live-for-postcopy.patch Check for --live flag for
++      postcopy-after-precopy migration.
++    - d/p/ubuntu/make-postcopy-mandatory-for-postcopy-after-precopy.patch to
++
++  [ Stefan Bader ]
++
++  * Fix Xenial to Yakkety migration from libvirt-bin.service to
++    libvirtd.service (LP: #1627969).
++  * Update Vcs-Git and Vcs-Browser fields to point to launchpad
++    (LP: #1629210)
++
++  [ Dann Frazier ]
++
++  * Fix FTBS in Yakkety due to missing python dependency (LP: #1629041)
++
++ -- Stefan Bader <stefan.bader@canonical.com>  Fri, 30 Sep 2016 10:11:30 +0200
++
++libvirt (2.1.0-1ubuntu7) yakkety; urgency=medium
++
++  * Enable NUMA support in arm64 builds (LP: #1627926).
++
++ -- dann frazier <dannf@ubuntu.com>  Mon, 26 Sep 2016 23:36:24 -0600
++
++libvirt (2.1.0-1ubuntu6) yakkety; urgency=medium
++
++  * No-change rebuild for readline soname change.
++
++ -- Matthias Klose <doko@ubuntu.com>  Sat, 17 Sep 2016 12:05:33 +0000
++
++libvirt (2.1.0-1ubuntu5) yakkety; urgency=medium
++
++  [ Jon Grimm ]
++
++  * Fix libvirt start failure when security_driver set (LP: #1618592)
++    - qemu: fix qemu.conf security_driver
++
++ -- Stefan Bader <stefan.bader@canonical.com>  Thu, 08 Sep 2016 14:11:47 +0200
++
++libvirt (2.1.0-1ubuntu4) yakkety; urgency=medium
++
++  * Enable systemtap, zfs, numa on s390x.
++  * Enable systemtap on ppc64el.
++
++ -- Dimitri John Ledkov <xnox@ubuntu.com>  Wed, 24 Aug 2016 13:21:29 +0100
++
++libvirt (2.1.0-1ubuntu3) yakkety; urgency=low
++
++  * Really fix the ADT regression and not only the changelog due
++    to somehow ending up on the wrong git branch.
++
++ -- Stefan Bader <stefan.bader@canonical.com>  Wed, 17 Aug 2016 18:31:01 +0200
++
++libvirt (2.1.0-1ubuntu2) yakkety; urgency=low
++
++  * Fix ADT build-test regression(s)
++
++ -- Stefan Bader <stefan.bader@canonical.com>  Wed, 17 Aug 2016 15:18:38 +0200
++
++libvirt (2.1.0-1ubuntu1) yakkety; urgency=low
++
++  * Merged with Debian testing. Remaining changes:
++    - Added changes to use the upstream apparmor profiles with added
++      delta (configurable via apparmor profiles version).
++      * d/p/u/0001-apparmor-add-feature-parsing.patch
++      * d/p/u/0002-apparmor-apply-ubuntu-delta.patch
++      * d/p/u/0003-apparmor-debian-ubuntu-delta.patch
++      * d/p/u/0004-apparmor-ubuntu-delta.patch
++    - Avoiding dependency on sheepdog
++    - Additional apport package-hook
++    - Additional dnsmasq configuration
++    - Additional profile.d script to set default URI
++    - Additional debian/bug-presubj
++    - d/rules: debhelper start virtlogd.socket not virtlockd.service
++    - Modifications to adapt for our delayed switch away from libvirt-bin.
++    - Wait on socket in sysvinit script
++    - Backwards compatible handling of groups and default bridged network
++      creation.
++    - Extended handling of apparmor profiles
++    - Convert libvirt0 and libvirt-dev to multi-arch.
++    - Added a fix for the upstream version of adding better write denials
++      handling to virt-aa-helper.
++    - Convert libnss_libvirt to multi-arch and fix up source location that
++      changed when making libvirt0 multi-arch.
++    - Dropped
++      * upstart script for libvirtd
++      * d/p/lp1588841-000[123]-* (upstream)
++      * d/p/u/qemu-Add-virQEMUCapsSupportsGICVersion.patch (upstream)
++      * d/p/u/qemu-Automatically-choose-usable-GIC-version.patch (upstream)
++      * d/p/u/docs-remove-xpath.patch (xpath removed upstream)
++      * d/p/u/preup-virt-aa-helper-better-write-denials-handling.patch (upstr.)
++      * d/p/u/ubuntu/virt-aa-helper-helpfix.patch (upstream)
++
++ -- Stefan Bader <stefan.bader@canonical.com>  Wed, 13 Jul 2016 13:12:36 +0200
++
  libvirt (2.1.0-1) unstable; urgency=medium
    * Upload to unstable
@@ -1419,6 +4454,103 @@ libvirt (1.3.5~rc1-1) experimental; urgency=medium
   -- Guido Günther <agx@sigxcpu.org>  Mon, 30 May 2016 22:00:33 +0200
++libvirt (1.3.4-1ubuntu6) yakkety; urgency=low
++
++  * Fix libvirtd crashing on libxl domain restore (LP: #1588841).
++    Patches cherry-picked from upsream libvirt git tree.
++    - libxl: switch to using libxl_domain_create_restore from v4.4 API
++    - libxl: support Xen migration stream V2 in save/restore
++    - libxl: support migration stream V2 in migration
++
++ -- Stefan Bader <stefan.bader@canonical.com>  Wed, 08 Jun 2016 14:17:23 +0200
++
++libvirt (1.3.4-1ubuntu5) yakkety; urgency=low
++
++  * Update the correct apparmor profiles to allow AAVMF and qemu-efi
++    firmware for aarch64 (1538882)
++  * Clean up / refresh various patches to finalize switch from libvirt-bin
++    to libvirtd as service name.
++    Drop: d/p/ubuntu/libvirt-bin-service-libvirtd-alias.patch
++    Refresh+Rename: d/p/ubuntu/libvirt-bin-service-set-notifyaccess.patch ->
++                    d/p/ubuntu/libvirtd-service-nolimit.patch
++    Rename: d/p/ubuntu/libvirt-bin-service-set-notifyaccess.patch ->
++            d/p/ubuntu/libvirtd-service-set-notifyaccess.patch
++    Refresh: d/p/ubuntu/libvirtd-service-add-bin-alias.patch
++    Add: d/p/ubuntu/libvirtd-init-add-bin-alias.patch
++  * Change default profile used by libvirtd.service to /etc/default/libvirtd.
++    Drop: d/p/ubuntu/switch-service-files-to-libvirt-bin.patch
++  * Drop virtlockd.service from dh_systemd_start in debian/rules as
++    the service is socket activated (LP: #1588006).
++  * Fix failure to enable libvirtd.service due to lingering libvirt-bin
++    alias. This could happen when the upgrade from a version prior 1.3.3-2
++    happened before 1.3.4-1ubuntu3 (LP: #1588004).
++
++ -- Stefan Bader <stefan.bader@canonical.com>  Thu, 02 Jun 2016 14:50:27 +0200
++
++libvirt (1.3.4-1ubuntu4) yakkety; urgency=medium
++
++  * Re-enable the upstart job by renaming the file.
++  * Include patchby @guessi to continally wait for libvirtd to start when
++    using sysvinit or upstart.  (LP: #1571209)
++
++ -- Serge Hallyn <serge.hallyn@ubuntu.com>  Mon, 23 May 2016 13:50:22 -0500
++
++libvirt (1.3.4-1ubuntu3) yakkety; urgency=medium
++
++  [ dann frazier ]
++  * d/p/u/qemu-Add-virQEMUCapsSupportsGICVersion.patch,
++    d/p/u/qemu-Automatically-choose-usable-GIC-version.patch: If no GIC
++    was specified for an ARM virt guest, choose a GIC version supported
++    by the host. (LP: #1566564)
++
++  [ Serge Hallyn ]
++  * libvirt-bin.preinst: on upgrades from prior to 1.3.3-2, also remove the
++    service file for the Alias - /etc/systemd/system/libvirtd.service.
++    (LP: #1579922)
++
++ -- dann frazier <dannf@ubuntu.com>  Thu, 19 May 2016 08:57:33 -0600
++
++libvirt (1.3.4-1ubuntu2) yakkety; urgency=medium
++
++  * Include installing virtlogd.socket. (LP: #1583009)
++
++ -- Chris J Arges <chris.j.arges@canonical.com>  Wed, 18 May 2016 13:56:08 -0500
++
++libvirt (1.3.4-1ubuntu1) yakkety; urgency=medium
++
++  * Merge 1.3.4-1 from Debian unstable
++  * Drop upstream-applied patches:
++    - conf-also-mark-implicit-video-as-primary.patch
++    - libvirt-socket-fix-group
++  * Remaining changes
++    - keep libvirt-bin transitional package - until 18.10 (for lts-to-lts
++      upgrades)
++    - keep (redundant) libvirtd group if it existed on upgrade - until 18.10
++      (for lts-to-lts upgrades)
++    - keep ubuntu-specific patches
++    - ship apport and dnsmasq files
++    - enable virbr0
++    - ship apparmor from debian/*.  We should push changes upstrema, but
++      cannot sync with debian as apparmor profiles must be processed in
++      debian/rules for cloud archive.
++    - debian/control
++      - enable zfs
++      - disable libssh2 and sheepdog
++      - add libxml-libxml-perl and libcurl4-gnutls-dev
++      - enable libnuma-dev on ppc64el (pushed to Debian)
++      - update release for conflicts/replaces on libvirt-bin to << 1.3.3-2
++    - debian/libvirt-daemon-system.preinst: stop libvirt-bin on certain
++      upgrades.
++      - Multi-arch-ify.
++    - debian/rules: disable selinux and firewalld;  use 'kvm' group; disable
++      ssh2, enable zfs and esx;  process apparmor files for older releases;
++      copy dnsmasq configuration.
++    - debian/tests/control: add extra depends
++  * d/p/ubuntu/apibuild-skip-libvirt-common.h: libvirt-common.h is being
++    included twice leading to build failures - drop it temporarily.
++
++ -- Serge Hallyn <serge.hallyn@ubuntu.com>  Thu, 12 May 2016 12:50:02 -0500
++
  libvirt (1.3.4-1) unstable; urgency=medium
    * Upload to unstable
@@ -1448,6 +4580,65 @@ libvirt (1.3.4~rc1-1) experimental; urgency=medium
   -- Guido Günther <agx@sigxcpu.org>  Wed, 27 Apr 2016 16:51:55 +0200
++libvirt (1.3.3-2ubuntu2) yakkety; urgency=medium
++
++  * debian/rules: fix paths when removing files which should not end up
++    in libvirt-daemon package.
++
++ -- Serge Hallyn <serge.hallyn@ubuntu.com>  Thu, 12 May 2016 13:14:17 -0500
++
++libvirt (1.3.3-2ubuntu1) yakkety; urgency=medium
++
++  * Merge 1.3.3-2 from Debian unstable
++  * Merge new packaging layout
++    - debian/control
++      * add libsanlock-dev, dtrace, systemtap-sdt-dev, librados-dev,
++        libfuse-dev, augeas-tools to Build-Depends.
++      * Drop libcgmanager-dev from Build-Depends.
++      * Add libvirt-clients, libvirt-daemon, and libvirt-daemon-system
++        packages which replace the now-virtual libvirt-bin package.
++      * Drop libvirt0-dbg (is this intential in Debian?)
++      * Add libvirt-sanlock package (this should be in universe)
++  * Switch to 'libvirt' group, keeping the same gid as 'libvirtd'
++    on upgrade.  Keep libvirtd group name on upgrade in case any
++    site scripts use it.
++  * Enable dtrace
++  * Add Debian policy-kit configuration
++  * drop ubuntu/9004-libvirtd-group-name.patch as we are switching to group
++    'libvirt'
++  * Drop obsolete migration scripts:
++    - libvirt-migrate-xend-managed-domains
++    - libvirt-migrate-qemu-disks
++    - libvirt-migrate-qemu-machinetype
++  * Remaining changes:
++    - keep libvirt-bin transitional package - until 18.10 (for lts-to-lts
++      upgrades)
++    - keep (redundant) libvirtd group if it existed on upgrade - until 18.10
++      (for lts-to-lts upgrades)
++    - keep ubuntu-specific patches
++    - ship apport and dnsmasq files
++    - enable virbr0
++    - ship apparmor from debian/*.  We should push changes upstrema, but
++      cannot sync with debian as apparmor profiles must be processed in
++      debian/rules for cloud archive.
++    - debian/control
++      - enable zfs
++      - disable libssh2 and sheepdog
++      - add libxml-libxml-perl and libcurl4-gnutls-dev
++      - enable libnuma-dev on ppc64el (pushed to Debian)
++      - update release for conflicts/replaces on libvirt-bin to << 1.3.3-2
++    - debian/libvirt-daemon-system.preinst: stop libvirt-bin on certain
++      upgrades.
++      - Multi-arch-ify.
++    - debian/rules: disable selinux and firewalld;  use 'kvm' group; disable
++      ssh2, enable zfs and esx;  process apparmor files for older releases;
++      copy dnsmasq configuration.
++    - debian/tests/control: add depends
++  * d/p/ubuntu/conf-also-mark-implicit-video-as-primary.patch: upstream patch
++    to fix failure to start vms with video not explicitly marked as 'primary'
++
++ -- Serge Hallyn <serge.hallyn@ubuntu.com>  Fri, 29 Apr 2016 20:51:48 -0500
++
  libvirt (1.3.3-2) unstable; urgency=medium
    * Upload to unstable
@@ -1499,6 +4690,239 @@ libvirt (1.3.1-2) unstable; urgency=medium
   -- Guido Günther <agx@sigxcpu.org>  Fri, 19 Feb 2016 17:29:27 +0100
++libvirt (1.3.1-1ubuntu11) yakkety; urgency=medium
++
++  [ Stefan Bader ]
++  * Add alias for libvirtd.service into  libvirt-bin.service
++
++  [ Serge Hallyn ]
++  * d/p/u/libvirt-bin-service-set-notifyaccess.patch: Set NotifyAccess=all in
++    libvirt-bin systemd service file. (LP: #1574566)
++
++ -- Serge Hallyn <serge.hallyn@ubuntu.com>  Mon, 18 Apr 2016 13:44:15 -0500
++
++libvirt (1.3.1-1ubuntu10) xenial; urgency=medium
++
++  * d/p/u/virt-aa-helper-apparmor-allow-usr-share-AAVMF-too.patch: Allow
++    access to /usr/share/AAVMF/** and /usr/share/qemu-efi/** for aarch64 UEFI.
++    (LP: #1538882)
++
++ -- William Grant <wgrant@ubuntu.com>  Fri, 15 Apr 2016 12:08:21 +1000
++
++libvirt (1.3.1-1ubuntu9) xenial; urgency=medium
++
++  * Remove the tasks limit on libvirt-bin service (LP: #1567381)
++    This should be un-done when it is properly fixed in the code so
++    that virtual machines are started in their own pids cgroup.
++
++ -- Serge Hallyn <serge.hallyn@ubuntu.com>  Thu, 07 Apr 2016 10:05:01 -0500
++
++libvirt (1.3.1-1ubuntu8) xenial; urgency=medium
++
++  * d/p/u/virt-aa-helper-add-guest-agent-rule.patch: this actually solves
++    the qemu guest agent problem for rhel7 vms for me.  (LP: #1393842)
++    Also drop the mknod rule which isn't needed.
++  * d/apparmor/usr.lib.libvirt.virt-aa-helper: add permission to read under
++    /var/run.  This is needed for some openvswitch info. (LP: #1513367)
++
++ -- Serge Hallyn <serge.hallyn@ubuntu.com>  Fri, 11 Mar 2016 15:01:25 -0800
++
++libvirt (1.3.1-1ubuntu7) xenial; urgency=medium
++
++  * zfs support (LP: #1553023)
++    - Cherrypick upstream patches to support zfs
++    - debian/rules: build with zfs support
++    - debian/control: add zfs as build-dep
++  * d/p/u/virt-aa-helper-no-explicity-deny-for-basefiles.patch: don't mark
++    readonly files with an explicity deny only because the xml marks it
++    as reasonly. (LP: #1554031)
++  * fix typo in virt-aa-helper helptext
++  * fix d/p/u/preup-virt-aa-helper-better-write-denials-handling.patch to
++    not overwrite const memory.
++
++ -- Serge Hallyn <serge.hallyn@ubuntu.com>  Thu, 10 Mar 2016 19:25:54 -0800
++
++libvirt (1.3.1-1ubuntu6) xenial; urgency=medium
++
++  * d/apparmor/libvirt-qemu: generalize the qemu-block-extra libs line.
++    (LP: #1554761)
++  * d/p/ubuntu/virt-aa-helper-add-mknod-for-guest-agent.patch: add mknod
++    capability if there is a qemu guest agent. (LP: #1393842)
++
++ -- Serge Hallyn <serge.hallyn@ubuntu.com>  Wed, 09 Mar 2016 18:45:08 -0800
++
++libvirt (1.3.1-1ubuntu5) xenial; urgency=low
++
++  * Added d/p/ubuntu/preup-virt-aa-helper-better-write-denials-handling.patch
++    and refreshed d/p/ubuntu/9034-complete-9p-support accordingly.
++  * Added d/p/ubuntu/additional-libvirt-guest-tweaks.patch to fix default
++    URI detection when running in a Xen control domain. Also change the
++    default config to do parallel shutdown requests (max. 10) and reduce the
++    timeout to 2 minutes.
++
++ -- Stefan Bader <stefan.bader@canonical.com>  Wed, 09 Mar 2016 09:13:09 +0100
++
++libvirt (1.3.1-1ubuntu4) xenial; urgency=low
++
++  * d/libvirt-bin.virtlockd.init: Replace by the version I had already
++    prepared and was tested (LP: #1547208).
++  * d/libvirt-bin.virtlogd.init: Fix up some left-over references to
++    libvirtd.
++  * d/control: Add provides libvirt-daemon for libvirt-bin (LP: #1551643)
++
++ -- Stefan Bader <stefan.bader@canonical.com>  Tue, 01 Mar 2016 10:58:23 +0100
++
++libvirt (1.3.1-1ubuntu3) xenial; urgency=medium
++
++  * d/libvirt-bin.virtlockd.init: Re-write based on virtlogd init script
++    as upstream provided version is not compatible with Ubuntu/Debian.
++
++ -- James Page <james.page@ubuntu.com>  Mon, 29 Feb 2016 22:24:49 +0000
++
++libvirt (1.3.1-1ubuntu2) xenial; urgency=medium
++
++  * No-change rebuild for gnutls transition.
++
++ -- Matthias Klose <doko@ubuntu.com>  Wed, 17 Feb 2016 22:41:20 +0000
++
++libvirt (1.3.1-1ubuntu1) xenial; urgency=low
++
++  * Merge from Debian unstable.  Remaining changes:
++    - debian/apparmor/{libvirt-lxc,libvirt-qemu,local-usr.sbin.libvirtd,
++      TEMPLATE.lxc,TEMPLATE.qemu,usr.lib.libvirt.virt-aa-helper,
++      usr.sbin.libvirtd} Add apparmor profiles.
++    - Add debian/libvirt-bin.virtlockd.init based on the upstream version
++      src/locking/virtlockd.init.in. This does not seem to get processed
++      by the build.
++    - debian/control:
++      * Add libcurl4-gnutls-dev, libxml-libxml-perl, libcgmanager-dev
++      * Add ppc64el to libnuma-dev arches
++      * Remove libsanlock-dev, libselinux1-dev, systemtap-sdt-dev
++      * Remove python, sheepdog, librados-dev, libfuse-dev
++      * Remove libssh2-1-dev, qemu-system-common, augeas-tools
++      * Don't build libvirt-clients, libvirt-daemon, libvirt-sanlock packages
++      * Keep multiarch changes.
++    - Keep debian/{libvirt-bin.apport,libvirt-bin.cron.daily}
++    - Keep change d/libvirt0.install and d/libvirt-dev.install that
++      adds multi-arch wildcard.
++    - d/libvirt-daemon-system.libvirtd.default ->
++      d/libvirt-bin.libvirt-bin.default
++    - d/libvirt-daemon-system.dirs -> d/libvirt-bin.dirs
++      * Add /etc/apparmor.d/{abstractions,disable,force-complain,local}
++      * Add /etc/cron.daily
++      * Add /usr/share/apport/package-hooks
++      * Add /var/log/libvirt/libxl
++      * Add /etc/dnsmasq.d-available
++      * Remove /usr/share/polkit-1/rules.d/
++      * Remove /var/lib/polkit-1/localauthority/10-vendor.d/
++    - Keep debian/libvirt-bin.dnsmasq
++    - d/libvirt-daemon-system.examples -> d/libvirt-bin.examples
++      * Remove debian/build/daemon/libvirtd.policy
++      * Drop debian/libvirt-suspendonreboot
++    - d/libvirt-daemon-system.libvirtd.init -> d/libvirt-bin.libvirt-bin.init
++      * Add provides libvirt-bin
++      * Change /etc/default/libvirtd into /etc/default/libvirt-bin
++      * Add wait_on_sockfile() and call it during start
++    - d/libvirt-daemon-system.install -> d/libvirt-bin.install
++      * Add usr/bin/*
++      * Add usr/sbin/*
++      * Add etc/apparmor.d/*
++      * Replace etc/libvirt/{libvirtd,virtlockd,virtlogd}.conf -> etc/libvirt/*
++        (since with the clients included there are many more config files)
++      * Add usr/share/polkit-1
++      * Add usr/lib/libvirt/*
++      * Add usr/share/augeas/*
++      * Add usr/share/libvirt/*
++      * Add usr/share/man/man8/*
++      * Add usr/share/apport/package-hooks/source_libvirt.py
++      * Add etc/dnsmasq.d-available/libvirt-bin
++      * Add etc/profile.d/libvirt-uri.sh
++      * Add usr/lib/libvirt
++    - d/libvirt-daemon-system.links -> d/libvirt-bin.links
++      * Replace libvirt-daemon-system with libvirt-bin for libvirt0
++      * Remove libvirt-daemon line
++    - Remove d/libvirt-bin.maintscript
++    - d/libvirt-clients.manpages -> d/libvirt-bin.manpages
++      * Add debian/libvirt-migrate-qemu-disks.1
++      * Add debian/libvirt-migrate-qemu-machinetype.1
++      * Add debian/libvirt-migrate-xend-managed-domains.1
++    - Combined d/libvirt-daemon-system.NEWS and d/libvirt-daemon.NEWS into
++      d/libvirt-bin.NEWS
++    - Keep d/libvirt-bin.{postinst,postrm,preinst} though they probably could
++      be freshly derived from libvirt-daemon counterparts.
++      * Added removal of qemu capability cache (found in Debian) to postinst
++      * Added reload of virtlogd in postinst (following example of virtlockd)
++    - Replace d/libvirt-bin.preinst
++    - Add d/libvirt-bin.upstart
++    - d/libvirt-daemon-system.virtlogd.init -> d/libvirt-bin.virtlogd.init
++    - Remove d/libvirt-clients.install
++    - Remove d/libvirt-clients.links
++    - Remove d/libvirt-daemon.install
++    - Remove d/libvirt-daemon.links
++    - d/libvirt-daemon.README.Debian -> d/libvirt-bin.README.Debian
++      * Replaced access control section
++      * Appended apparmor profile section
++      * Appended disk migration section
++      * Appended qemu/kvm machine type migration section
++    - Remove d/libvirt-daemon-system.{maintscript,postinst,postrm,preinst}
++    - Keep libvirt-migrate-qemu-disks (and manpage)
++    - Keep libvirt-migrate-qemu-machinetype (and manpage)
++    - Keep libvirt-migrate-xend-managed-domains (and manpage)
++    - Remove d/libvirt-sanlock.{cron.weekly,links,install}
++    - Drop d/libvirt-stop-guests
++    - Drop d/libvirt-suspendonreboot (replaced by upstream libvirt-guests)
++    - Keep d/libvirt-uri.sh
++    - Remove d/polkit/60-libvirt.pkla (and polkit directory)
++    - d/tests/control
++      - Add build-essential and pkg-config dependencies to build-test
++    - debian/rules:
++      * Add autoconf stuff (not sure what still really gets used).
++      * Use qemu-group kvm instead of libvirt-qemu
++      * Add SHEEPDOGCLI environment variable to dh_auto_configure
++        override (instead of an DEB_DH_... make variable which no
++        longer takes effect).
++      * Drop --with-secdriver-apparmor --with-apparmor-profiles from
++        WITH_APPARMOR config.
++      * Change WITH_FIREWALLD and WITH_SELINUX settings to disabled.
++      * Change WITH_DTRACE setting to disabled.
++      * Drop DEB_DH_SYSTEMD_START_ARGS_libvirt-bin as it is no longer
++        needed after dropping cdbs.
++      * Add to override_dh_install section
++        - Install apparmor files (and post-processing)
++        - Install apport hooks.
++        - Install migration tools.
++        - Install profile script to autoset URI.
++        - Replace package name libvirt-daemon-system with libvirt-bin.
++        - Debian now copies libvirt-guests.{init,default} and
++          virtlogd.default from upstream source. Copy virtlockd.default
++          as well.
++        - Rename libvirtd.{socket,service} to libvirt-bin.{socket,service}
++        - Change dh_systemd_start to use virtlo{g,ck}d.socket only (the
++          services are supposed to be started by using the sockets.
++        - Move libs and pkgconfig under multiarch directory.
++      * Modify override_dh_auto_clean
++        - Replace package name libvirt-daemon-system with libvirt-bin
++        - Delete upstream files which were copied into debian/.
++      * Add override_dh_gencontrol section which conditionally adds
++        conflicts on apparmor.
++      * Add override_dh_makeshlibs section to pass version info for
++        libvirt0.
++  * Dropped patches:
++    - ubuntu/virt-aa-helper-handle-ovmf (upstream added ovmf paths to
++      restricted_rw)
++  * Refreshed patches:
++    - refreshed d/p/ubuntu/9034-complete-9p-support
++  * New patches
++    - d/ubuntu/libvirt-guests-exclude-dom0.patch
++    - d/ubuntu/libxl-no-dm-check.patch
++    - d/ubuntu/libxl-fix-test-data.patch
++    - d/ubuntu/Debianize-virtlogd-service.patch
++    - d/ubuntu/Debianize-virtlockd-init.patch
++    - d/ubuntu/switch-service-files-to-libvirt-bin.patch
++    - d/ubuntu/libvirt-socket-fix-group.patch
++
++ -- Stefan Bader <stefan.bader@canonical.com>  Fri, 12 Feb 2016 14:46:21 +0100
++
  libvirt (1.3.1-1) unstable; urgency=medium
    [ Guido Günther ]
@@ -1568,6 +4992,151 @@ libvirt (1.3.0~rc1-1) experimental; urgency=medium
   -- Guido Günther <agx@sigxcpu.org>  Fri, 04 Dec 2015 17:12:53 +0100
++libvirt (1.2.21-2ubuntu10) xenial; urgency=medium
++
++  * Multiarchify the library packages.
++
++ -- Matthias Klose <doko@ubuntu.com>  Thu, 28 Jan 2016 16:33:15 +0100
++
++libvirt (1.2.21-2ubuntu9) xenial; urgency=medium
++
++  * debian/rules: Disable cdbs' implicitly generated dh_systemd_start calls.
++    We already call it explicitly with the right options, calling it again
++    with the default options stops libvirt-guests during upgrades.
++    (LP: #1533839)
++
++ -- Martin Pitt <martin.pitt@ubuntu.com>  Mon, 18 Jan 2016 09:10:21 +0100
++
++libvirt (1.2.21-2ubuntu8) xenial; urgency=low
++
++  * d/libvirt-stop-guests: Skip Domain-0 on guest shutdown. Newer
++    versions of libvirt will include dom0 in the list of running domains
++    (with libxl). This special domain must be ignored.
++
++ -- Stefan Bader <stefan.bader@canonical.com>  Thu, 14 Jan 2016 11:35:39 +0100
++
++libvirt (1.2.21-2ubuntu7) xenial; urgency=medium
++
++  * d/apparmor/libvirt-qemu: silence denial to shm/lttng file since shm
++    mountpoint has moved (LP: #1529319)
++
++ -- Serge Hallyn <serge.hallyn@ubuntu.com>  Mon, 11 Jan 2016 11:55:28 -0800
++
++libvirt (1.2.21-2ubuntu6) xenial; urgency=medium
++
++  * d/apparmor/libvirt-qemu: add r access to max_mem_regions vhost module
++    paramater (LP: #1531564)
++
++ -- Serge Hallyn <serge.hallyn@ubuntu.com>  Mon, 11 Jan 2016 11:33:02 -0800
++
++libvirt (1.2.21-2ubuntu5) xenial; urgency=medium
++
++  * SECURITY UPDATE: ACL bypass using storage pool directory traversal
++    - debian/patches/CVE-2015-5313.patch: filter filesystem volume names in
++      src/storage/storage_backend_fs.c.
++    - CVE-2015-5313
++
++ -- Marc Deslauriers <marc.deslauriers@ubuntu.com>  Fri, 08 Jan 2016 10:32:17 -0500
++
++libvirt (1.2.21-2ubuntu4) xenial; urgency=medium
++
++  * Revert Ubuntu-specific patch to build-depend on libsystemd-daemon-dev
++    instead of libsystemd-dev; libsystemd-daemon-dev is no longer built from
++    systemd source so we want libsystemd-dev.
++
++ -- Colin Watson <cjwatson@ubuntu.com>  Tue, 29 Dec 2015 00:31:16 +0000
++
++libvirt (1.2.21-2ubuntu3) xenial; urgency=medium
++
++  * Fix build-test autopkgtest: it now expects to run with the current
++    directory set to the root of the unpacked source package, writes to
++    $ADTTMP rather than to the source package, and declares dependencies on
++    build-essential and pkg-config.
++
++ -- Colin Watson <cjwatson@ubuntu.com>  Mon, 28 Dec 2015 05:25:54 +0000
++
++libvirt (1.2.21-2ubuntu2) xenial; urgency=medium
++
++  * d/apparmor/libvirt-qemu: add permission to the systemd-mounted hugepages
++    path.  (LP: #1524737)
++
++ -- Serge Hallyn <serge.hallyn@ubuntu.com>  Thu, 17 Dec 2015 10:49:18 -0800
++
++libvirt (1.2.21-2ubuntu1) xenial; urgency=medium
++
++  * Merge from Debian unstable.  Remaining changes:
++    - debian/apparmor/{libvirt-lxc,libvirt-qemu,local-usr.sbin.libvirtd,
++      TEMPLATE.lxc,TEMPLATE.qemu,usr.lib.libvirt.virt-aa-helper,
++      usr.sbin.libvirtd} Add apparmor profiles.
++    - debian/bug-presubj: removed
++    - debian/control:
++      - add cdbs, dh-autoreconf, libcurl4-gnutls-dev
++      - add libxml-libxml-perl, libhal-dev
++      - swap open-iscsi to open-iscsi-utils
++      - Enable numa support on ppc64el.
++      - remove libsanlock-dev, libselinux1-dev
++      - use libsystemd-daemon-dev instead of libsystemd-dev
++      - remove systemtap-sdt-dev, python, sheepdog, librados-dev, libfuse-dev
++      - remove libssh2-1, augeas-tools
++      - add libcgmanager-dev, xsltproc
++      - remove Vcs-Git
++      - adjust X-Python-Version > 2.7
++      - don't build libvirt-clients, libvirt-daemon, libvirt-sanlock packages
++    - keep debian/{libvirt-bin.apport,libvirt-bin.cron.daily}
++    - debian/libvirt-daemon.* has been mostly renamed to debian/libvirt-bin.*
++    - add upstart script for libvirt-bin
++    - debian/*.{links,maintscript} files not added
++    - keep ubuntu maintscript modifications
++    - debian/libvirt-sanlock* not merged
++    - debian/libvirt-clients* not merged
++    - keep debian/{libvirt-migrate-qemu-disks.*,
++      libvirt-migrate-qemu-machinetype.*,
++      libvirt-migrate-xend-managed-domains.*}
++    - keep debian/libvirt-suspendonreboot
++    - keep debian/libvirt-uri.sh
++    - debian/polkit/* not added
++    - debian/README.Debian:
++      - add 'Apparmor Profile' section
++      - add 'Disk migration' section
++    - debian/rules:
++      - add cdbs and autoconf stuff
++      - don't build WITH_SANLOCK, WITH_INIT_SCRIPT, WITH_SYSTEMD, WITH_FIREWALLD
++        WITH_SELINUX
++      - use qemu-group kvm instead of libvirt-qemu
++      - set DEB_DH_INSTALLINIT_ARGS to '--upstart-only'
++      - remove auto_test section
++      - add build/libvirt-bin:: section to install
++        - apparmor files
++        - apport hooks
++        - libvirt-migrate-qemu-disks
++      - use clean:: instead of dh_*clean
++    - Move ubuntu specific patches to 'debian/patches/ubuntu'
++  * Dropped patches:
++    - drop 9033-apparmor-use-TEMPLATE.qemu-for-kvm.patch (upstream 16d2bc8b)
++    - drop 9036-util-prepare-uri-for-libxml2-2.9.2.patch (upstream 8f17d0ea)
++    - drop 9040-virt-aa-helper-add-unix-channels (upstream 03d7462d)
++    - drop CVE-2014-3633.patch (upstream 3e745e8f)
++    - drop CVE-2014-3657.patch (upstream fc22b2e7)
++    - drop CVE-2014-7823.patch (upstream b1674ad5)
++    - drop Don-t-fail-if-we-can-t-setup-avahi.patch (dropped in debian)
++    - drop add-ppc64le-support.patch (upstream 9265fd19, addce06c, 1e911742,
++      bdbe723f, 5e4f49ab)
++    - drop blockdev-migration patches (upstream 1049a8d8, 9c5efd1a, cb7297c1,
++      a5250449, e9ef8565, 952907f5, 5eb03b6e, 93a19e28, a4e92f9e, de0aeafe)
++    - storage-allow-zero-capacity-with-non-backing-file-to.patch,
++      tests-add-vol-qcow2-zerocapacity-test-to-storagevolx.patch
++      (upstream 0bcda653, b8cc0cc5)
++    - ubuntu/fix-ubuntu-xen-qemu-dm-path.patch dropped in favor of
++      Allow-xen-toolstack-to-find-it-s-binaries.patch
++    - drop ubuntu-libxl-Implement-basic-video-device-selection.patch
++      (upstream 1298daca)
++    - remove dont-include-non-migrateable-features-in-host-model
++      (upstream and not included in series)
++    - remove upstream-libxl-Allow-libxl-to-find-pygrub-binary.patch
++      (upstream and not included in series)
++
++ -- Chris J Arges <chris.j.arges@canonical.com>  Wed, 02 Dec 2015 12:06:09 -0600
++
  libvirt (1.2.21-2) unstable; urgency=medium
    * [014a0c7] Add a build test to verify that the we can link against libvirt
@@ -1680,6 +5249,163 @@ libvirt (1.2.18-1) experimental; urgency=medium
   -- Guido Günther <agx@sigxcpu.org>  Tue, 11 Aug 2015 21:19:43 +0200
++libvirt (1.2.16-2ubuntu14) xenial; urgency=medium
++
++  * debian/apparmor/libvirt-qemu: add a bunch of newly available qemu-*
++    architecture binaries. (LP: #1519030)
++
++ -- Dimitri John Ledkov <xnox@ubuntu.com>  Mon, 23 Nov 2015 17:42:52 +0000
++
++libvirt (1.2.16-2ubuntu13) xenial; urgency=medium
++
++  * debian/control: switch ebtables from Recommends to Depends or default
++    configuration network doesn't get created. (LP: #1505576)
++
++ -- Marc Deslauriers <marc.deslauriers@ubuntu.com>  Thu, 05 Nov 2015 15:14:04 -0600
++
++libvirt (1.2.16-2ubuntu12) xenial; urgency=medium
++
++  * virt-aa-helper apparmor policy:  add 'network inet6' (LP: #1511830)
++
++ -- Serge Hallyn <serge.hallyn@ubuntu.com>  Mon, 02 Nov 2015 11:49:56 -0600
++
++libvirt (1.2.16-2ubuntu11) wily; urgency=medium
++
++  * Fix the preinst and postinst: the check for whether libvirt-bin was
++    running was wrong for upstart systems, but we don't need to do that
++    anyway - just stop libvirt-bin unconditionally.  (LP: #1499199)
++  * libvirt-guests.service: fix libvirtd.service -> libvirt-bin.service
++
++ -- Serge Hallyn <serge.hallyn@ubuntu.com>  Sun, 27 Sep 2015 15:47:08 +0000
++
++libvirt (1.2.16-2ubuntu10) wily; urgency=medium
++
++  * Add qemu-block-extra libraries to libvirt apparmor profile (LP: #1495895)
++
++ -- Ryan Harper <ryan.harper@canonical.com>  Wed, 16 Sep 2015 13:20:48 -0500
++
++libvirt (1.2.16-2ubuntu9) wily; urgency=medium
++
++  * Add upstream patches implementing a '--migrate-disks' option to virsh
++    migrate to specify block devices to migrate.  (LP: #1398999)
++
++ -- Serge Hallyn <serge.hallyn@ubuntu.com>  Fri, 04 Sep 2015 09:29:52 -0500
++
++libvirt (1.2.16-2ubuntu8) wily; urgency=medium
++
++  * Support OVMF images in virt-aa-helper.  (LP: #1483071)
++  * Fix the libvirt-bin.preinst to not stop libvirt-bin on upgrade
++    from 1.2.16-2ubuntu7.
++
++ -- Serge Hallyn <serge.hallyn@ubuntu.com>  Fri, 14 Aug 2015 07:34:30 -0500
++
++libvirt (1.2.16-2ubuntu7) wily; urgency=medium
++
++  * Stop libvirt-bin at pre-inst if upgrading from a non-systemd version,
++    restart at postinst.  (This can be removed after 16.04 release)
++  * Commonize stopping of vms in upstart/systemd.
++
++ -- Serge Hallyn <serge.hallyn@ubuntu.com>  Tue, 11 Aug 2015 17:40:36 -0500
++
++libvirt (1.2.16-2ubuntu6) wily; urgency=medium
++
++  * Add systemd units and libvirt-stop-guests script to stop VMs before
++    a host completes shutdown  (LP: #1480440)
++
++ -- Serge Hallyn <serge.hallyn@ubuntu.com>  Tue, 11 Aug 2015 15:42:29 -0500
++
++libvirt (1.2.16-2ubuntu5) wily; urgency=medium
++
++  * debian/control changes:
++    - Replace module-init-tools with kmod
++  * debian/tests:
++    - add autopkgtests from Debian
++
++ -- Chris J Arges <chris.j.arges@canonical.com>  Fri, 10 Jul 2015 14:15:48 -0500
++
++libvirt (1.2.16-2ubuntu4) wily; urgency=medium
++
++  * d/p/{storage-allow-zero-capacity-with-non-backing-file-to.patch,
++    tests-add-vol-qcow2-zerocapacity-test-to-storagevolx.patch} added to address
++    (LP: #1459748). Allow zero capacity storage creation with non-backing file.
++
++ -- Chris J Arges <chris.j.arges@canonical.com>  Fri, 10 Jul 2015 12:50:50 -0500
++
++libvirt (1.2.16-2ubuntu3) wily; urgency=medium
++
++  * debian/apparmor/libvirt-qemu:
++    allow serial console backed by pts chardev (LP: #1342083)
++
++ -- Chris J Arges <chris.j.arges@canonical.com>  Tue, 07 Jul 2015 16:38:17 -0500
++
++libvirt (1.2.16-2ubuntu2) wily; urgency=low
++
++  [ Chris J Arges ]
++  * Merge from Debian unstable.  Remaining changes:
++    - debian/apparmor/{libvirt-lxc,libvirt-qemu,local-usr.sbin.libvirtd,
++      TEMPLATE.lxc,TEMPLATE.qemu,usr.lib.libvirt.virt-aa-helper,
++      usr.sbin.libvirtd} Add apparmor profiles.
++    - debian/bug-presubj: removed
++    - debian/control:
++      - add cdbs, dh-autoreconf, libcurl4-gnutls-dev
++      - add libxml-libxml-perl, libhal-dev
++      - swap open-iscsi to open-iscsi-utils
++      - Enable numa support on ppc64 and ppc64el.
++      - remove libsanlock-dev, libselinux1-dev, libsystemd-daemon-dev
++      - remove systemtap-sdt-dev, python, sheepdog, librados-dev, libfuse-dev
++      - remove libssh2-1, augeas-tools
++      - add libcgmanager-dev, xsltproc
++      - remove Vcs-Git
++      - adjust X-Python-Version > 2.7
++      - don't build libvirt-clients, libvirt-daemon, libvirt-sanlock packages
++    * keep debian/{libvirt-bin.apport,libvirt-bin.cron.daily}
++    * debian/libvirt-daemon.* has been mostly renamed to debian/libvirt-bin.*
++    * add upstart script for libvirt-bin
++    * debian/*.links files not added
++    * debian/libvirt-sanlock* not merged
++    * debian/libvirt-clients* not merged
++    * debian smoke tests not merged
++    * keep debian/{libvirt-migrate-qemu-disks.*,
++      libvirt-migrate-qemu-machinetype.*,
++      libvirt-migrate-xend-managed-domains.*}
++    * keep debian/libvirt-suspendonreboot
++    * keep debian/libvirt-uri.sh
++    * Don't apply the following patches:
++      - d/p/Debianize-libvirt-guests.patch
++      - d/p/Debianize-systemd-service-files.patch
++      - d/p/debian/Debianize-virtlockd.patch
++      - d/p/fix-Debian-specific-path-to-hvm-loader.patch
++      - d/p/Disable-gnulib-s-test-nonplocking-pipe.sh.patch
++      - d/p/patch-qemuMonitorTextGetMigrationStatus-to-intercept.patch
++    * debian/polkit/* not added
++    * debian/README.Debian:
++      - add 'Apparmor Profile' section
++      - add 'Disk migration' section
++    * debian/rules:
++      - add cdbs and autoconf stuff
++      - don't build WITH_SANLOCK, WITH_INIT_SCRIPT, WITH_SYSTEMD, WITH_FIREWALLD
++        WITH_SELINUX
++      - use qemu-group kvm instead of libvirt-qemu
++      - set DEB_DH_INSTALLINIT_ARGS to '--upstart-only'
++      - remove auto_test section
++      - add build/libvirt-bin:: section to install
++        - apparmor files
++        - apport hooks
++        - libvirt-migrate-qemu-disks
++      - use clean:: instead of dh_*clean
++
++  [ Chuck Short ]
++    + Rediffed:
++     - debian/patches/storage-default-permission-mode-to-0711
++     - debian/patches/ubuntu_machine_type.patch
++  * debian/libvirt-bin.init: Adjust avahi to avahi-daemon (LP: #1453572)
++
++  [ Serge Hallyn ]
++  * 9040-virt-aa-helper-add-unix-channels.patch: add support for unix
++    sockets for serials.  (LP: #1015154)
++
++ -- Chris J Arges <chris.j.arges@canonical.com>  Wed, 01 Jul 2015 13:33:40 -0500
++
  libvirt (1.2.16-2) unstable; urgency=medium
    * [0266267] Build-Depend and suggest nfs-common
@@ -1745,6 +5471,49 @@ libvirt (1.2.15-1) experimental; urgency=medium
   -- Guido Günther <agx@sigxcpu.org>  Tue, 05 May 2015 19:26:21 +0200
++libvirt (1.2.15-0ubuntu4) wily; urgency=medium
++
++  * Add post-start to upstart (/etc/init/libvirt-bin.conf) and
++    sysv (/etc/init.d/libvirt-bin) jobs to ensure libvirt-sock
++    created before up (LP: #1455608)
++
++ -- Edward Hope-Morley <edward.hope-morley@canonical.com>  Thu, 28 May 2015 16:06:44 +0100
++
++libvirt (1.2.15-0ubuntu3) wily; urgency=low
++
++  * d/p/ubuntu-libxl-qemu-path.patch: Set correct path for qemu binary
++    for new configs and convert old configs using qemu-dm.
++    (LP: #1459600)
++  * d/p/ubuntu-libxl-hvmloader-path.patch: Get Xen version from dpkg-query
++    at compile time and set LIBXL_FIRMWARE_DIR as long as libxen-dev does
++    not provide a xenlight.pc file. Use that directory to update existing
++    configs.
++    (LP: #1459603)
++
++ -- Stefan Bader <stefan.bader@canonical.com>  Thu, 28 May 2015 12:21:23 +0200
++
++libvirt (1.2.15-0ubuntu2) wily; urgency=medium
++
++  * debian/apparmor/libvirt-qemu: add /sys read accesses needed by newer
++    qemu: /sys/devices/system/node/, /sys/devices/system/cpu/ and
++    /sys/devices/system/node/node[0-9]*/meminfo
++
++ -- Jamie Strandboge <jamie@ubuntu.com>  Wed, 13 May 2015 16:41:54 -0500
++
++libvirt (1.2.15-0ubuntu1) wily; urgency=medium
++
++  * New upstream release:
++    + Dropped patches:
++      - d/p/add-cgmanager-support.patch
++      - d/p/cgmanager-mutex
++      - d/p/cgm-ignore-machined-failure
++      - d/p/9020-lp545795.patch
++      - d/pa/ubuntu-libxl-qemu-nopath.patch
++      - d/p/ubuntu-libxl-migrate-dm.patch
++      - d/p9037-virt-aa-helper-add-unix-channels-esp-for-qemu-guest-.patch
++
++ -- Chuck Short <zulcss@ubuntu.com>  Thu, 07 May 2015 10:27:49 -0400
++
  libvirt (1.2.15~rc2-1) experimental; urgency=medium
    * [852e3c3] New upstream version 1.2.15~rc2
@@ -1803,19 +5572,123 @@ libvirt (1.2.12-1) experimental; urgency=medium
   -- Guido Günther <agx@sigxcpu.org>  Thu, 29 Jan 2015 11:02:21 +0100
--libvirt (1.2.12~rc2-1) experimental; urgency=medium
++libvirt (1.2.12-0ubuntu12) vivid; urgency=low
--  * [67f2b22] New upstream version 1.2.12~rc2
--    (Closes: #776065)
++  * Add profile script to automatically set the default URI based on
++    the currently running hyperisor (Xen or KVM/Qemu).
++    (LP: #1334749)
-- -- Guido Günther <agx@sigxcpu.org>  Sun, 25 Jan 2015 13:02:59 +0100
++ -- Stefan Bader <stefan.bader@canonical.com>  Tue, 14 Apr 2015 09:02:52 -0500
--libvirt (1.2.12~rc1-1) experimental; urgency=medium
++libvirt (1.2.12-0ubuntu11) vivid; urgency=medium
--  * [994d31d] Bump standards version to 3.9.6
--    no changes required
--  * [7b59a26] New upstream version 1.2.12~rc1
--  * [0a755e3] Dropped patches applied upstram.
++  * create /var/lib/libvirt/qemu/channel/target (LP: #1393842)
++    - libvirt-bin.dirs: add /var/lib/libvirt/qemu/channel/target
++    - libvirt-bin.postinst: chown target directory to libvirt-qemu:kvm so
++      qemu can create the unix sockets.
++
++ -- Serge Hallyn <serge.hallyn@ubuntu.com>  Thu, 09 Apr 2015 10:40:05 -0500
++
++libvirt (1.2.12-0ubuntu10) vivid; urgency=medium
++
++  * Fix previous patch to ignore any abstract unix domain sockets
++  * Update the cgmanager patch so that container start and stop work under
++    systemd.  (LP: #1438730)  In 15.10 we will drop the cgmanager patch(es).
++
++ -- Serge Hallyn <serge.hallyn@ubuntu.com>  Wed, 08 Apr 2015 10:58:04 -0500
++
++libvirt (1.2.12-0ubuntu9) vivid; urgency=medium
++
++  * 9037-virt-aa-helper-add-unix-channels-esp-for-qemu-guest-.patch: Allow
++    libvirt domains to start when using qemu guest agent.  (LP: #1393842)
++
++ -- Serge Hallyn <serge.hallyn@ubuntu.com>  Mon, 06 Apr 2015 11:14:03 -0500
++
++libvirt (1.2.12-0ubuntu8) vivid; urgency=medium
++
++  * silence denial of attempted reads of lttng files (LP: #1432644)
++
++ -- Serge Hallyn <serge.hallyn@ubuntu.com>  Fri, 27 Mar 2015 21:36:27 -0500
++
++libvirt (1.2.12-0ubuntu7) vivid; urgency=low
++
++  * No-change rebuild to pull in libxen-dev 4.5
++
++ -- Stefan Bader <stefan.bader@canonical.com>  Wed, 25 Feb 2015 18:31:16 +0100
++
++libvirt (1.2.12-0ubuntu6) vivid; urgency=low
++
++  * Fix xml validation for Xen by allowing non-absolute path values
++    in loader and bootloader elements (LP: #1425497).
++  * Fix up Xen emulator in old configurations and for new definitions to
++    point to /usr/bin/qemu-system-i386 (LP: #1425497).
++
++ -- Stefan Bader <stefan.bader@canonical.com>  Fri, 13 Feb 2015 17:57:27 +0100
++
++libvirt (1.2.12-0ubuntu5) vivid; urgency=medium
++
++  * Remove smoser-ppc64le-is-ppc64.patch - the problem will be solved by the
++    qemu-system-ppcle symlink in qemu-system-ppc package.
++
++ -- Serge Hallyn <serge.hallyn@ubuntu.com>  Thu, 12 Feb 2015 15:38:39 -0600
++
++libvirt (1.2.12-0ubuntu4) vivid; urgency=medium
++
++  * libvirt-qemu: allow kvm script on ppc to execute uname
++
++ -- Serge Hallyn <serge.hallyn@ubuntu.com>  Thu, 12 Feb 2015 14:05:14 -0600
++
++libvirt (1.2.12-0ubuntu3) vivid; urgency=medium
++
++  * Apply patch from smoser to make libvirt on ppc64le functional.
++    (LP: #1418221)
++
++ -- Serge Hallyn <serge.hallyn@ubuntu.com>  Mon, 09 Feb 2015 12:09:49 -0600
++
++libvirt (1.2.12-0ubuntu2) vivid; urgency=medium
++
++  * debian/control: Use libxml-libxml-perl instead of libxml-xpath-perl.
++  * debian/patches/docs-remove-xpath.patch: Use libxml instead of XPath.
++
++ -- Chuck Short <zulcss@ubuntu.com>  Fri, 06 Feb 2015 11:28:15 -0500
++
++libvirt (1.2.12-0ubuntu1) vivid; urgency=medium
++
++  * New upstream release
++  * Rediffed patches:
++    - debian/patches/9030-create-socket-dir
++    - debian/patches/add-cgmanager-support.patch
++    - debian/patches/cgroups-ignore-systemd-failure
++  * Dropped patches:
++    - debian/patches/ubuntu-libxl-Implement-basic-video-device-selection.patch
++    - debian/patches/ubuntu-libxl-Fix-up-VRAM-to-minimum-requirements.patch
++    - debian/patches/9033-apparmor-use-TEMPLATE.qemu-for-kvm.patch
++    - debian/patches/-CVE-2014-3633.patch
++    - debian/patches/dont-include-non-migrateable-features-in-host-model
++    - debian/patches/9036-util-prepare-uri-for-libxml2-2.9.2.patch
++    - debian/patches/CVE-2014-3657.patch
++    - debian/patches/CVE-2014-7823.patch
++    - debian/patches/add-ppc64le-support.patch
++    - debian/patches/upstream-libxl-Allow-libxl-to-find-pygrub-binary.patch
++  * debian/control: Add libxml-xpath-perl and xsltproc to dependencies
++  * debian/patches/skip-vircgrouptest.patch: Skip cgroup tests.
++  * debian/patches/disable-network-test.patch: Skip network tests
++
++ -- Chuck Short <zulcss@ubuntu.com>  Tue, 03 Feb 2015 13:12:36 -0500
++
++libvirt (1.2.12~rc2-1) experimental; urgency=medium
++
++  * [67f2b22] New upstream version 1.2.12~rc2
++    (Closes: #776065)
++
++ -- Guido Günther <agx@sigxcpu.org>  Sun, 25 Jan 2015 13:02:59 +0100
++
++libvirt (1.2.12~rc1-1) experimental; urgency=medium
++
++  * [994d31d] Bump standards version to 3.9.6
++    no changes required
++  * [7b59a26] New upstream version 1.2.12~rc1
++  * [0a755e3] Dropped patches applied upstram.
          lxc-Don-t-crash-on-NULL-ifname_guest_actual.patch
          lxc-Move-setting-ifname_guest_actual-to-virLXCSetupI.patch
      Rediff remaining patches.
@@ -2044,6 +5917,212 @@ libvirt (1.2.8-1) experimental; urgency=medium
   -- Guido Günther <agx@sigxcpu.org>  Fri, 05 Sep 2014 19:56:50 +0200
++libvirt (1.2.8-0ubuntu21) vivid; urgency=medium
++
++  * d/apparmor/libvirt-qemu: Update the ceph.conf allow rule (LP: #1403648)
++
++ -- Serge Hallyn <serge.hallyn@ubuntu.com>  Fri, 30 Jan 2015 10:02:20 +0100
++
++libvirt (1.2.8-0ubuntu20) vivid; urgency=medium
++
++  * debian/rules:
++    - use --with-esx (LP: #565771)
++    - specify restart-after-upgrade (LP: #1215617)
++  * debian/control: add libcurl4-gnutls-dev for esx support
++
++ -- Serge Hallyn <serge.hallyn@ubuntu.com>  Wed, 21 Jan 2015 13:01:59 -0600
++
++libvirt (1.2.8-0ubuntu19) vivid; urgency=medium
++
++  * apparmor libvirt-qemu template: allow reading charm-specific ceph config
++    and silence denials for /tmp/**.  (LP: #1403648)
++
++ -- Serge Hallyn <serge.hallyn@ubuntu.com>  Tue, 06 Jan 2015 10:27:33 -0600
++
++libvirt (1.2.8-0ubuntu18) vivid; urgency=medium
++
++  * mutex cgmanager actions (Thanks to Don Bowman for finding the cause)
++    (LP: #1397130) (LP: #1367702)
++
++ -- Serge Hallyn <serge.hallyn@ubuntu.com>  Thu, 18 Dec 2014 13:28:03 -0600
++
++libvirt (1.2.8-0ubuntu17) vivid; urgency=low
++
++  * d/p/upstream-libxl-Allow-libxl-to-find-pygrub-binary.patch:
++    Allow libxl to figure out the path to pygrub. (LP: #1396942)
++
++ -- Stefan Bader <stefan.bader@canonical.com>  Thu, 11 Dec 2014 09:51:20 +0100
++
++libvirt (1.2.8-0ubuntu16) vivid; urgency=medium
++
++  * debian/patches/add-ppc64le-support.patch: Added patches needed
++    for ppc64le support. (LP: #1396070)
++
++ -- Chuck Short <zulcss@ubuntu.com>  Thu, 27 Nov 2014 08:57:35 -0500
++
++libvirt (1.2.8-0ubuntu15) vivid; urgency=medium
++
++  * libvirt-qemu: add r to sgabios.bin (LP: #1393548)
++
++ -- Serge Hallyn <serge.hallyn@ubuntu.com>  Mon, 17 Nov 2014 15:05:22 -0600
++
++libvirt (1.2.8-0ubuntu14) vivid; urgency=medium
++
++  [ Serge Hallyn ]
++  * 9036-util-prepare-uri-for-libxml2-2.9.2.patch: fix FTBFS against new
++    libxml 2.9.2 (LP: #1390637)
++
++  [ Marc Deslauriers ]
++  * SECURITY UPDATE: denial of service via virConnectListAllDomains
++    - debian/patches/CVE-2014-3657.patch: fix domain deadlock in
++      src/conf/domain_conf.c.
++    - CVE-2014-3657
++  * SECURITY UPDATE: xml information leak with read-only connections
++    - debian/patches/CVE-2014-7823.patch: check for migratable flag in
++      src/libvirt.c, src/remote/remote_protocol.x.
++    - CVE-2014-7823
++
++ -- Marc Deslauriers <marc.deslauriers@ubuntu.com>  Tue, 11 Nov 2014 13:14:00 -0500
++
++libvirt (1.2.8-0ubuntu13) vivid; urgency=medium
++
++  * cull too-new apparmor rules depending on target host (LP: #1387251)
++  * add mising apparmor permissions for slof (LP: #1374554)
++
++ -- Serge Hallyn <serge.hallyn@ubuntu.com>  Fri, 07 Nov 2014 20:32:23 +0000
++
++libvirt (1.2.8-0ubuntu12) vivid; urgency=medium
++
++  * complete the 9p support: (LP: #1378434)
++    - libvirt-qemu: add fowner and fsetid
++    - virt-aa-helper: add 'l' to 9p file options
++  * dont-include-non-migrateable-features-in-host-model (LP: #1386503)
++
++ -- Serge Hallyn <serge.hallyn@ubuntu.com>  Wed, 29 Oct 2014 15:07:21 -0500
++
++libvirt (1.2.8-0ubuntu11) utopic; urgency=medium
++
++  [ Felix Geyer ]
++  * d/p/ubuntu_machine_type.patch: Fix No PCI buses available. (LP: #1379346).
++
++ -- Chris J Arges <chris.j.arges@canonical.com>  Thu, 09 Oct 2014 08:57:27 -0500
++
++libvirt (1.2.8-0ubuntu10) utopic; urgency=medium
++
++  * libvirt-bin.upstart: delay start until rc finished
++    This give hypervisors more time to finish their setup (LP: #1377900).
++  * libvirt-bin.upstart: add xen:/// uri to the list (LP: #1377960)
++
++ -- Stefan Bader <stefan.bader@canonical.com>  Mon, 06 Oct 2014 16:23:06 +0200
++
++libvirt (1.2.8-0ubuntu9) utopic; urgency=medium
++
++  * libvirt-qemu apparmor template: add /sys/firmware/devicetree/** r
++    (LP: #1374554)
++
++ -- Serge Hallyn <serge.hallyn@ubuntu.com>  Wed, 01 Oct 2014 17:09:05 -0500
++
++libvirt (1.2.8-0ubuntu8) utopic; urgency=medium
++
++  * libvirt-bin.postinst: fix syntax error (s/if/fi/)
++
++ -- Serge Hallyn <serge.hallyn@ubuntu.com>  Tue, 30 Sep 2014 13:07:19 -0500
++
++libvirt (1.2.8-0ubuntu7) utopic; urgency=medium
++
++  * libvirt-bin.postinst: check for confiles whichhave been removed rather
++    than fail package install (LP: #1375910)
++
++ -- Serge Hallyn <serge.hallyn@ubuntu.com>  Tue, 30 Sep 2014 12:37:16 -0500
++
++libvirt (1.2.8-0ubuntu6) utopic; urgency=medium
++
++  * SECURITY UPDATE: denial of service or information disclosure via
++    virDomainGetBlockIoTune
++    - debian/patches/CVE-2014-3633.patch: use correct definition when
++      looking up disk in src/qemu/qemu_driver.c.
++    - CVE-2014-3633
++
++ -- Marc Deslauriers <marc.deslauriers@ubuntu.com>  Mon, 29 Sep 2014 15:23:37 -0400
++
++libvirt (1.2.8-0ubuntu5) utopic; urgency=medium
++
++  * debian/apparmor/libvirt-lxc (sync with container-base with lxc):
++    - remove bare 'signal' and 'ptrace' rules (base abstraction covers most
++      of what we need)
++    - allow signal (receive) peer=/usr/sbin/libvirtd
++    - allow ptrace peer=@{profile_name}
++    - deny mount options=(ro, remount, silent) -> /
++    - allow mount fstype=hugetlbfs
++    - shuffle a couple of rules around to make it easier to diff with lxc
++      policy
++  * debian/apparmor/TEMPLATE.lxc (sync with lxc-default):
++    - use attach_disconnected and mediate_deleted
++    - deny mount fstype=devpts,
++
++ -- Jamie Strandboge <jamie@ubuntu.com>  Thu, 25 Sep 2014 16:24:21 -0500
++
++libvirt (1.2.8-0ubuntu4) utopic; urgency=medium
++
++  * debian/apparmor/usr.sbin.libvirtd: allow 'network netlink'
++
++ -- Jamie Strandboge <jamie@ubuntu.com>  Thu, 18 Sep 2014 15:15:13 -0500
++
++libvirt (1.2.8-0ubuntu3) utopic; urgency=medium
++
++  * 9033-apparmor-use-TEMPLATE.qemu-for-kvm.patch - fix failure to start
++    KVM vms.
++
++ -- Serge Hallyn <serge.hallyn@ubuntu.com>  Thu, 18 Sep 2014 14:08:04 -0500
++
++libvirt (1.2.8-0ubuntu2) utopic; urgency=low
++
++  * d/p/ubuntu-xend-probe.patch:
++    Update patch correctly and re-enable it. It seems like it only was
++    half updated and then disabled without reasons.
++  * d/p/ubuntu-libxl-Implement-basic-video-device-selection.patch:
++    Re-activate adapted patch. Some pieces made it into upstream as a
++    bug fix. The rest is still needed to allow selecing an alternate
++    graphics device for Xen HVM guests.
++  * d/p/ubuntu-libxl-Fix-up-VRAM-to-minimum-requirements.patch:
++    Re-activate unchanged patch (for some reason dropped when moving
++    to 1.2.6).
++    This one is a bit of a work-around mainly for virt-manager which sets
++    gfx memory to values below the minimum requirement for Xen. And the
++    UI does not allow to change that. This patch just goes for the minimum
++    in that case.
++
++ -- Stefan Bader <stefan.bader@canonical.com>  Thu, 18 Sep 2014 10:00:36 +0200
++
++libvirt (1.2.8-0ubuntu1) utopic; urgency=medium
++
++  [ Chuck Short ]
++  * New upstream release:  (LP: #1367422)
++    + Dropped:
++      - debian/patches/ovs-delete-port-if-exists-while-adding-new-one
++    + Refreshed:
++      - debian/patches/add-cgmanager-support.patch
++      - debian/patches/storage-default-permission-mode-to-0711
++
++  [ Serge Hallyn ]
++  * d/apparmor
++    - install TEMPLATE.qemu and TEMPLATE.lxc
++    - add libvirt-lxc abstraction, add permissions to it needed for
++      a ubuntu container to start.
++    - libvirt-qemu - add qemu-bridge-helper policy from upstream
++    - libvirt-qemu - add qemu-microblaze allows from upstream
++    - edit lxc.conf to enable apparmor by default  (LP: #914716)
++      (LP: #1008393) (LP: #1088295)
++  * d/apparmor/libvirt-qemu: add /dev/shm as path to spice.* nodes
++    for systemd case.  (LP: #1365163)
++  * d/p/9030-create-socket-dir - create session socket dir if
++    needed  (Should be replaced eventually by the upstream fix)
++  * d/p/9032-lxc-allow-no-security-driver: don't fail if apparmor
++    driver is not available (else the qa-regression-tests fail with
++    skip_apparmor)
++
++ -- Serge Hallyn <serge.hallyn@ubuntu.com>  Mon, 15 Sep 2014 18:30:06 -0500
++
  libvirt (1.2.7-11) unstable; urgency=medium
    * [6534478] Check status in a systemd 208 compatible way
@@ -2203,6 +6282,119 @@ libvirt (1.2.6-1) experimental; urgency=medium
   -- Guido Günther <agx@sigxcpu.org>  Tue, 22 Jul 2014 22:33:51 +0200
++libvirt (1.2.6-0ubuntu6) utopic; urgency=medium
++
++  * debian/apparmor/usr.sbin.libvirtd: update for abstract socket mediation
++    (LP: #1362199)
++  * debian/apparmor/libvirt-qemu: allow 'r' on @{PROC}/sys/kernel/cap_last_cap
++  * debian/control: Suggests apparmor >= 2.8.96~2541-0ubuntu4~
++
++ -- Jamie Strandboge <jamie@ubuntu.com>  Fri, 05 Sep 2014 17:32:16 -0500
++
++libvirt (1.2.6-0ubuntu5) utopic; urgency=medium
++
++  * cgroups-ignore-systemd-failure - fix incoming migration failures when
++    systemd-shim is installed.
++  * ovs-delete-port-if-exists-while-adding-new-one - cherrypick commit 33445ce
++    from upstream (LP: #1343262)
++
++ -- Serge Hallyn <serge.hallyn@ubuntu.com>  Fri, 08 Aug 2014 09:56:43 -0500
++
++libvirt (1.2.6-0ubuntu4) utopic; urgency=high
++
++  * No change rebuild against gnutls28.
++
++ -- Dimitri John Ledkov <xnox@ubuntu.com>  Fri, 08 Aug 2014 13:28:03 +0100
++
++libvirt (1.2.6-0ubuntu3) utopic; urgency=medium
++
++  * debian/apparmor/usr.sbin.libvirtd - add cap-sys-resource to fully
++    fix (LP: #1276719)
++
++ -- Serge Hallyn <serge.hallyn@ubuntu.com>  Thu, 07 Aug 2014 12:43:20 -0500
++
++libvirt (1.2.6-0ubuntu2) utopic; urgency=medium
++
++  * Rebuild against libparted2.
++
++ -- Colin Watson <cjwatson@ubuntu.com>  Mon, 21 Jul 2014 21:27:18 +0100
++
++libvirt (1.2.6-0ubuntu1) utopic; urgency=medium
++
++  * New upstream release:
++    + Dropped:
++     - debian/patches/virt-aa-helper-vhost.patch
++     - debian/patches/libxl-Implement-basic-video-device-selection.patch
++     - debian/patches/libxl-Fix-up-VRAM-to-minimum-requirements.patch
++    + debian/rules: Include packaging version in the log file. (LP: #1335221)
++
++ -- Chuck Short <zulcss@ubuntu.com>  Fri, 04 Jul 2014 08:40:24 -0400
++
++libvirt (1.2.5-0ubuntu6) utopic; urgency=low
++
++  * libxl: Refresh patch(es) to allow the choice between Cirrus and
++    VGA for Xen HVM guests.
++    - d/p/libxl-Implement-basic-video-device-selection.patch [v4]
++    - d/p/libxl-Fix-up-VRAM-to-minimum-requirements.patch
++
++ -- Stefan Bader <stefan.bader@canonical.com>  Mon, 30 Jun 2014 16:08:56 +0200
++
++libvirt (1.2.5-0ubuntu5) utopic; urgency=low
++
++  * debian/apparmor/usr.sbin.libvirtd: allow libvirtd to run
++    libxl-save-helper (required for save restore through libxl).
++    (LP: #1334195)
++
++ -- Stefan Bader <stefan.bader@canonical.com>  Thu, 26 Jun 2014 15:53:05 +0200
++
++libvirt (1.2.5-0ubuntu4) utopic; urgency=low
++
++  * debian/apparmor/usr.sbin.libvirtd: allow pygrub to be run
++    (LP: #1326003)
++
++ -- Stefan Bader <stefan.bader@canonical.com>  Wed, 18 Jun 2014 11:04:15 +0200
++
++libvirt (1.2.5-0ubuntu3) utopic; urgency=medium
++
++  * d/p/virt-aa-helper-vhost.patch: allow access to /dev/vhost-net if domain
++    needs it (LP: #1322568)
++
++ -- Serge Hallyn <serge.hallyn@ubuntu.com>  Tue, 17 Jun 2014 22:01:49 -0500
++
++libvirt (1.2.5-0ubuntu2) utopic; urgency=medium
++
++  * implement cgmanager support (LP: #1322677)
++    - debian/control: build-dep on libcgmanager-dev, depend on cgmanager
++    - d/p/add-cgmanager-support.patch
++
++ -- Serge Hallyn <serge.hallyn@ubuntu.com>  Tue, 17 Jun 2014 16:40:20 -0500
++
++libvirt (1.2.5-0ubuntu1) utopic; urgency=medium
++
++  [ Chuck Short ]
++  * New upstream version:
++    + Rediffed:
++      - d/p/ubuntu-xend-probe.patch
++    + Dropped:
++      - d/p/libxl-Check-for-control_d-string-to-decide-about-dom.patch
++      - d/p/libxl-do-not-use-virdomain-id.patch
++      - d/p/libxl-set-disk-format-for-cdrom.patch
++      - d/p/libxl-set-vfb0-data-in-build-config.patch
++      - d/p/libxl-support-sexpr-in-native-to-XML-conversion.patch
++      - d/p/patch-qemuMonitorTextGetMigrationStatus-to-intercept.patch
++      - d/p/accomodate-new-qemu-migration-status-setup.patch
++      - d/p/9025-apparmor-allow-access-to-filesystem-mounts
++      - d/p/add-a-mutex-to-serialize-updates-to-fw.patch
++      - d/p/arm-cpu-baseline.patch
++    + debian/control: Add ebtables, iptables, and qemu-utils as a build dependency.
++
++  [ Serge Hallyn ]
++  * d/p/ubuntu-skip-virstoragetest: skip a test that hangs in buildds.
++  * d/apparmor/TEMPLATE: replace libvirt-qemu with libvirt-driver to match
++    upstream commit 43c030f.
++
++ -- Chuck Short <zulcss@ubuntu.com>  Mon, 02 Jun 2014 09:35:18 -0400
++
  libvirt (1.2.4-3) unstable; urgency=medium
    * [b0b7359] Don't pretend kFreeBSD supports linux only features.  So far we
@@ -2281,6 +6473,147 @@ libvirt (1.2.3-1) experimental; urgency=medium
   -- Guido Günther <agx@sigxcpu.org>  Mon, 07 Apr 2014 12:15:02 +0200
++libvirt (1.2.2-0ubuntu13.2) utopic; urgency=medium
++
++  * debian/apparmor/libvirt-qemu: add device-tree access for ppc
++    (LP: #1321365)
++
++ -- Serge Hallyn <serge.hallyn@ubuntu.com>  Thu, 05 Jun 2014 12:06:17 -0500
++
++libvirt (1.2.2-0ubuntu13.1) trusty-proposed; urgency=medium
++
++  * debian/control: change apparmor dependency into an inverse conflicts,
++    so that libvirt can continue to be used without apparmor.  (LP: #1304167)
++
++ -- Serge Hallyn <serge.hallyn@ubuntu.com>  Thu, 17 Apr 2014 10:42:08 -0500
++
++libvirt (1.2.2-0ubuntu13) trusty; urgency=medium
++
++  * Add a dependency on the new apparmor to make sure we have the new
++    parser around before we attempt to load a profile requiring the new
++    stanza support. (LP: #1304167)
++
++ -- Serge Hallyn <serge.hallyn@ubuntu.com>  Mon, 14 Apr 2014 11:03:37 -0500
++
++libvirt (1.2.2-0ubuntu12) trusty; urgency=low
++
++  * d/p/libxl-support-sexpr-in-native-to-XML-conversion.patch:
++    Allow to use libvirt to convert xend guest configurations into
++    xml format.
++  * Add libvirt-migrate-xend-managed-domains migration script.
++    (LP: #1303886)
++  * Added breaks for xen-utils-4.(1|3) to ensure postinst order.
++
++ -- Stefan Bader <stefan.bader@canonical.com>  Tue, 08 Apr 2014 19:55:29 +0200
++
++libvirt (1.2.2-0ubuntu11) trusty; urgency=medium
++
++  * debian/patches/recognize-trusty-machine-type.patch: Revert patch
++    since it was causing issues with virtio deivces. (LP: #1304107)
++
++ -- Chuck Short <zulcss@ubuntu.com>  Tue, 08 Apr 2014 12:51:55 -0400
++
++libvirt (1.2.2-0ubuntu10) trusty; urgency=medium
++
++  * d/p/recognize-trusty-machine-type.patch: handle "trusty" qemu machine type
++    (LP: #1294823)
++
++ -- Serge Hallyn <serge.hallyn@ubuntu.com>  Fri, 04 Apr 2014 09:29:22 -0500
++
++libvirt (1.2.2-0ubuntu9) trusty; urgency=medium
++
++  [ Jamie Strandboge ]
++  * updates for AppArmor signals and ptrace mediation (LP: #1298611)
++    - debian/apparmor/libvirt-qemu: allow guests to receive signals from and
++      be tracedby libvirtd (additional signal and ptrace rules come from the
++      AppArmor base abstraction)
++    - debian/apparmor/usr.sbin.libvirtd:
++      + grant bare signal and ptrace rule
++      + grant dbus on the system bus (should have been added in 13.10)
++
++ -- Tyler Hicks <tyhicks@canonical.com>  Thu, 03 Apr 2014 02:09:53 -0500
++
++libvirt (1.2.2-0ubuntu8) trusty; urgency=medium
++
++  * debian/apparmor/libvirt-qemu: Allow qemu-system-aarch64 to be used.
++    (LP: #1301516)
++
++ -- Chuck Short <zulcss@ubuntu.com>  Wed, 02 Apr 2014 14:20:39 -0400
++
++libvirt (1.2.2-0ubuntu7) trusty; urgency=low
++
++  * d/p/libxl-Create-log-directory-earlier.patch:
++    Move creation of log directory inside function that tries to create
++    a log file inside of it. Fixes startup when the libxl log directory
++    has not been created, yet.
++  * d/p/libxl-do-not-use-virdomain-id.patch:
++    Replace usage of dom->id with vm->def-id inside the driver (as that
++    is not getting stale). Fixes guest creation and reboot through
++    virt-manager (apart from possibly other things).
++  * d/p/libxl-set-disk-format-for-cdrom.patch:
++    Set disk format, otherwise an empty virtual CDROM makes the guest
++    unstartable.
++  * d/p/libxl-set-vfb0-data-in-build-config.patch:
++    Actually set video and display data in the domain build info. Beside
++    of preventing disagreement about VNC ports, this allows to select
++    standard VGA graphics and more VRAM trhough libvirt.
++
++ -- Stefan Bader <stefan.bader@canonical.com>  Thu, 27 Mar 2014 16:46:31 +0100
++
++libvirt (1.2.2-0ubuntu6) trusty; urgency=medium
++
++  * debian/libvirt-bin.dirs: Add /var/log/libvirt/libxl.
++
++ -- Chuck Short <zulcss@ubuntu.com>  Mon, 24 Mar 2014 14:32:54 -0400
++
++libvirt (1.2.2-0ubuntu5) trusty; urgency=low
++
++  * Refreshed d/p/libxl-Check-for-control_d-string-to-decide-about-dom.patch
++    to avoid logging an error when file is not present.
++
++ -- Stefan Bader <stefan.bader@canonical.com>  Fri, 21 Mar 2014 09:49:36 +0100
++
++libvirt (1.2.2-0ubuntu4) trusty; urgency=medium
++
++  * debian/patches/arm-cpu-baseline.patch: Implement a stub cpuArchDriver.baseline()
++    handler for arm.
++
++ -- Chuck Short <zulcss@ubuntu.com>  Mon, 17 Mar 2014 10:59:49 -0400
++
++libvirt (1.2.2-0ubuntu3) trusty; urgency=low
++
++  * d/p/libxl-Check-for-control_d-string-to-decide-about-dom.patch: Prevent
++    using the libxl driver when not running in dom0 but having xenfs mounted.
++    (LP: #1248025)
++
++ -- Stefan Bader <stefan.bader@canonical.com>  Wed, 12 Mar 2014 14:16:14 +0100
++
++libvirt (1.2.2-0ubuntu2) trusty; urgency=medium
++
++  * d/p/add-a-mutex-to-serialize-updates-to-fw.patch: fix another deadlock
++    when starting a large number of VMs.  (LP: #1228977)
++
++ -- Serge Hallyn <serge.hallyn@ubuntu.com>  Tue, 11 Mar 2014 14:08:02 -0500
++
++libvirt (1.2.2-0ubuntu1) trusty; urgency=medium
++
++  * New upstream release:
++    - Rediffed patches:
++      - debian/patches/Allow-libvirt-group-to-access-the-socket.patch
++      - debian/patches/9004-libvirtd-group-name.patch
++      - debian/patches/dnsmasq-as-priv-user
++    - Dropped patches:
++      - debian/patches/9005-increase-unix-socket-timeout.patch: No longer
++        needed.
++      - debian/patches/rbd-storage-format.patch: No longer needed.
++      - debian/patches/9022-qemu-enable-host-passthrough-mode-for-aarch64:
++        No longer needed.
++      - debian/patches/9023-xen-fix-parsing-xend-http-response.patch:
++        No longer needed.
++      - debian/patches/
++
++ -- Chuck Short <zulcss@ubuntu.com>  Mon, 03 Mar 2014 13:30:36 -0500
++
  libvirt (1.2.1-2) unstable; urgency=medium
    * [e936a7e] Document libvirt user capabilities
@@ -2300,6 +6633,79 @@ libvirt (1.2.1-1) unstable; urgency=medium
   -- Guido Günther <agx@sigxcpu.org>  Fri, 17 Jan 2014 06:16:29 +0100
++libvirt (1.2.1-0ubuntu10) trusty; urgency=medium
++
++  * Pull patch from mailing list (merged with separate patch posted to the
++    bug) to fix 9p mounts. (LP: #1285995)
++
++ -- Serge Hallyn <serge.hallyn@ubuntu.com>  Fri, 28 Feb 2014 09:34:54 -0600
++
++libvirt (1.2.1-0ubuntu9) trusty; urgency=medium
++
++  * Cherrypick 9024-qemu-implement-a-stub-baseline-handler-for-aarch64 from
++    upstream git.
++
++ -- Serge Hallyn <serge.hallyn@ubuntu.com>  Fri, 14 Feb 2014 18:20:03 -0600
++
++libvirt (1.2.1-0ubuntu8) trusty; urgency=medium
++
++  * Add uvtool image path to virt-aa-helper AppArmor profile.
++
++ -- Robie Basak <robie.basak@ubuntu.com>  Fri, 14 Feb 2014 17:54:58 +0000
++
++libvirt (1.2.1-0ubuntu7) trusty; urgency=low
++
++  * debian/patches/nwfilter-locking.patch: Dropped causes ftbfs.
++
++ -- Chuck Short <zulcss@ubuntu.com>  Thu, 13 Feb 2014 10:07:56 -0700
++
++libvirt (1.2.1-0ubuntu6) trusty; urgency=medium
++
++  * debian/control: Move pm-utils from suggests to Recommends.
++    (LP: #1274772)
++  * debian/patches/patches/nwfilter-locking.patch: Fix nwfilter locking
++    causing libvirt to crash. (LP: #1228977)
++
++ -- Chuck Short <zulcss@ubuntu.com>  Thu, 06 Feb 2014 14:27:40 -0500
++
++libvirt (1.2.1-0ubuntu5) trusty; urgency=low
++
++  * cherry-pick "xen: fix parsing xend http response" from upstream
++    git to fix connecting to xex in xm/xend mode (LP: #915954)
++
++ -- Stefan Bader <stefan.bader@canonical.com>  Thu, 30 Jan 2014 10:05:31 +0000
++
++libvirt (1.2.1-0ubuntu4) trusty; urgency=medium
++
++  * cherrypick d/p/9022-qemu-enable-host-passthrough-mode-for-aarch64 from
++    upstream git.
++
++ -- Serge Hallyn <serge.hallyn@ubuntu.com>  Tue, 28 Jan 2014 10:28:09 +0000
++
++libvirt (1.2.1-0ubuntu3) trusty; urgency=medium
++
++  * d/control: add nfs-common to build-deps (LP: #1264955)
++
++ -- Serge Hallyn <serge.hallyn@ubuntu.com>  Wed, 22 Jan 2014 08:56:01 -0600
++
++libvirt (1.2.1-0ubuntu2) trusty; urgency=medium
++
++  * debian/patches/rbd-storage-format.patch: Make image format 2 the default
++    for RBD.
++
++ -- Chuck Short <zulcss@ubuntu.com>  Fri, 17 Jan 2014 10:31:37 -0500
++
++libvirt (1.2.1-0ubuntu1) trusty; urgency=medium
++
++  * New upstream release:
++    - Dropped patches:
++     + debian/patches/0001-libxl-Fix-devid-init-in-libxlMakeNicList.patch:
++       No longer needed
++     + debian/patches/0001-libxl-Fix-initialization-of-nictype-in-libxl_device_.patch:
++       No longer needed.
++
++ -- Chuck Short <zulcss@ubuntu.com>  Thu, 16 Jan 2014 09:17:20 -0500
++
  libvirt (1.2.1~rc2-1) experimental; urgency=medium
    * [e559e92] libvirt-bin.init: Fix typo in path when checking for systemd
@@ -2362,6 +6768,41 @@ libvirt (1.2.0-1) unstable; urgency=medium
   -- Guido Günther <agx@sigxcpu.org>  Wed, 18 Dec 2013 08:18:48 +0100
++libvirt (1.2.0-0ubuntu3) trusty; urgency=medium
++
++  * debian/apparmor/usr.lib.libvirt.virt-aa-helper: add
++    /var/lib/nova/instances/snapshots/** r to allow virt-aa-helper to read
++    the snapshot directory to find images which VMs should be granted access
++    to.  (LP: #1244694)
++
++ -- Serge Hallyn <serge.hallyn@ubuntu.com>  Thu, 09 Jan 2014 16:39:13 -0600
++
++libvirt (1.2.0-0ubuntu2) trusty; urgency=low
++
++  * Refresh/fix detection of xm/xl toolstack in use. The previous port
++    had two glitches, one of them causing the daemon to segfault.
++  * Cherry-pick "libxl: Fix initialization of nictype in libxl_device_nic"
++    from upstream to have the same default NIC choice with the libxl driver
++    as we had with the xen(d) driver (HVM guest uses a emulated rtl8139).
++  * Cherry-pick "libxl: Fix devid init in libxlMakeNicList" from upstream
++    to allow HVM guests to be brought up from the libxl driver.
++
++ -- Stefan Bader <stefan.bader@canonical.com>  Thu, 09 Jan 2014 11:19:07 +0100
++
++libvirt (1.2.0-0ubuntu1) trusty; urgency=low
++
++  * New upstream release:
++    - Refreshed patches:
++      + debian/patches/storage-default-permission-mode-to-0711
++    - Dropped patches:
++      + debian/patches/util_use_w_flag_when_calling_iptables.patch
++   * debian/control, debian/rules, debian/python.mk,
++     debian/python-libvirt.install: python libvirt bindings have been
++     split out into its own source called libvirt-python.
++   * debian/libvirt-dev.install: Install API files into dev package
++
++ -- Chuck Short <zulcss@ubuntu.com>  Mon, 02 Dec 2013 09:56:17 -0500
++
  libvirt (1.2.0~rc2-1) experimental; urgency=low
    * [8bfdc7f] New upstream version 1.2.0~rc2
@@ -2402,6 +6843,78 @@ libvirt (1.1.4-1) unstable; urgency=low
   -- Guido Günther <agx@sigxcpu.org>  Mon, 04 Nov 2013 07:05:45 +0100
++libvirt (1.1.4-0ubuntu5) trusty; urgency=medium
++
++  * Build using dh-autoreconf.
++  * Enable numa support on ppc64 and ppc64el.
++
++ -- Matthias Klose <doko@ubuntu.com>  Sun, 22 Dec 2013 15:55:04 +0100
++
++libvirt (1.1.4-0ubuntu4) trusty; urgency=low
++
++  * debian/libvirt-dev.install: Add missing libvirt-lxc.so.
++
++ -- Chuck Short <zulcss@ubuntu.com>  Thu, 21 Nov 2013 13:10:58 -0500
++
++libvirt (1.1.4-0ubuntu3) trusty; urgency=low
++
++  * d/p/accomodate-new-qemu-migration-status-setup.patch: work around
++    libvirt's not yet knowing of qemu's new migration state, 'setup'.
++    This can be removed when upstream libvirt has a proper patch.  QRT
++    fails without this.
++
++ -- Serge Hallyn <serge.hallyn@ubuntu.com>  Thu, 14 Nov 2013 08:41:07 -0600
++
++libvirt (1.1.4-0ubuntu2) trusty; urgency=low
++
++  * debian/patches/9002-better_default_uri_virsh.patch: Update to fix the
++    FTBFS.
++
++ -- Chuck Short <zulcss@ubuntu.com>  Wed, 13 Nov 2013 11:04:29 -0500
++
++libvirt (1.1.4-0ubuntu1) trusty; urgency=low
++
++  [ Chuck Short ]
++  * New upstream version:
++    - Rediffed patches:
++      + d/p/Don-t-enable-default-network-on-boot.patch
++      + d/p/ubuntu-xend-probe.patch
++      + d/p/Don-t-fail-if-we-can-t-setup-avahi.patch
++      + d/p/Disable-failing-virnetsockettest.patch
++      + d/p/Don-t-enable-default-network-on-boot.patch
++    - Dropped patches:
++      + d/p/v1.1.1-maint/0001-xen-fix-memory-corruption-in-legacy-driver.patch
++      + d/p/v1.1.1-maint/0002-qemu_migration-Don-t-error-on-tunelled-migration-wit.patch
++      + d/p/v1.1.1-maint/0003-build-fix-configure-detection-of-if_bridge.h-on-RHEL.patch
++      + d/p/v1.1.1-maint/0004-remote-Fix-a-segfault-in-remoteDomainCreateWithFlags.patch
++      + d/p/v1.1.1-maint/0005-Revert-build-fix-configure-detection-of-if_bridge.h-.patch
++      + d/p/v1.1.1-maint/0006-build-more-workarounds-for-if_bridge.h.patch
++      + d/p/v1.1.1-maint/0007-Fix-qemuProcessReadLog-with-non-zero-offset.patch
++      + d/p/v1.1.1-maint/0008-Reverse-logic-allowing-partial-DHCP-host-XML.patch
++      + d/p/v1.1.1-maint/0009-virsh-domain-Fix-memleak-in-cmdUndefine-with-storage.patch
++      + d/p/v1.1.1-maint/0010-virsh-domain-Fix-memleak-in-cmdCPUBaseline.patch
++      + d/p/v1.1.1-maint/0011-virbitmap-Refactor-virBitmapParse-to-avoid-access-be.patch
++      + d/p/CVE-2013-4296.patch
++      + d/p/CVE-2013-4311.patch
++      + d/p/CVE-2013-4297.patch
++      + d/p/fix-crash-in-libvirtd-when-events
++      + d/p/security-provide-supplemental-groups
++      + d/p/add-bounds-checking-on-virdomainmigrate
++      + d/p/xen-use-internal-interfaces-in-xendomainusedcpus
++      + d/p/fix-remote-client-segfault.patch
++      + d/p/ubuntu-xend-xmlcreate-double-free.patch
++      + d/p/9002-better_default_uri_virsh.patch
++
++  [ Serge Hallyn ]
++  * update and re-add d/p/9002-better_default_uri_virsh.patch.  Also patch
++    new uri-precedence test, as we break it with this patch.
++  * add d/p/util_use_w_flag_when_calling_iptables.patch (LP: #1245322)
++  * debian/apparmor/libvirt-qemu: allow access to hugepages mounts
++    (LP: #1250216)
++  * debian/apparmor/libvirt-qemu: allow access to usb info (LP: #1245251)
++
++ -- Chuck Short <zulcss@ubuntu.com>  Mon, 11 Nov 2013 11:03:06 -0500
++
  libvirt (1.1.4~rc2-1) experimental; urgency=low
    * [b56f727] Add option to mount cgroups during daemon start.  The init
@@ -2529,6 +7042,99 @@ libvirt (1.1.1-1) unstable; urgency=low
   -- Guido Günther <agx@sigxcpu.org>  Mon, 05 Aug 2013 11:31:05 +0200
++libvirt (1.1.1-0ubuntu9) trusty; urgency=low
++
++  * debian/apparmor/usr.sbin.libvirtd: add audit_write capability
++    (LP: #1204616)
++
++ -- Serge Hallyn <serge.hallyn@ubuntu.com>  Wed, 23 Oct 2013 14:09:04 -0500
++
++libvirt (1.1.1-0ubuntu8) saucy; urgency=low
++
++  * SECURITY UPDATE: denial of service via invalid free in
++    virFileNBDDeviceAssociate.
++    - debian/patches/CVE-2013-4297.patch: properly initialize qemunbd in
++      src/util/virfile.c.
++    - CVE-2013-4297
++
++ -- Marc Deslauriers <marc.deslauriers@ubuntu.com>  Wed, 02 Oct 2013 13:35:14 -0400
++
++libvirt (1.1.1-0ubuntu7) saucy; urgency=low
++
++  * fix-crash-in-libvirtd-when-events: make sure to remove all event
++    callbacks when a client disconnects from libvirtd.
++
++ -- Serge Hallyn <serge.hallyn@ubuntu.com>  Wed, 02 Oct 2013 08:14:53 -0500
++
++libvirt (1.1.1-0ubuntu6) saucy; urgency=low
++
++  * SECURITY UPDATE: possible privilege escalation via pkcheck race.
++    - debian/patches/CVE-2013-4311.patch: add uid to pkcheck call in
++      configure.ac, daemon/remote.c, src/access/viraccessdriverpolkit.c,
++      src/rpc/virnetserverclient.c, src/util/viridentity.*.
++    - debian/rules: use DEB_AUTO_UPDATE_AUTOCONF and
++      DEB_AUTO_UPDATE_AUTOHEADER.
++    - debian/control: specify version of policykit-1 security update, add
++      libpolkit-gobject-1-dev to Build-Depends.
++    - CVE-2013-4311
++  * SECURITY UPDATE: denial of service in remoteDispatchDomainMemoryStats
++    - debian/patches/CVE-2013-4296.patch: properly initialize stats in
++      daemon/remote.c.
++    - CVE-2013-4296
++
++ -- Marc Deslauriers <marc.deslauriers@ubuntu.com>  Tue, 24 Sep 2013 19:25:55 -0400
++
++libvirt (1.1.1-0ubuntu5) saucy; urgency=low
++
++  * add-bounds-checking-on-virdomainmigrate: upstream patch for CVE-2013-4292
++  * security-provide-supplemental-groups: upstream patch for CVE-2013-4291
++
++ -- Serge Hallyn <serge.hallyn@ubuntu.com>  Mon, 09 Sep 2013 13:16:43 -0500
++
++libvirt (1.1.1-0ubuntu4) saucy; urgency=low
++
++  * apply all patches from v1.1.1-maint
++  * cherrypick xen-use-internal-interfaces-in-xendomainusedcpus from upstream
++    git.
++
++ -- Serge Hallyn <serge.hallyn@ubuntu.com>  Thu, 22 Aug 2013 10:57:20 -0500
++
++libvirt (1.1.1-0ubuntu3) saucy; urgency=low
++
++  * debian/apparmor/usr.sbin.libvirtd: Include the system bus abstraction in
++    the libvirtd AppArmor profile as libvirtd connects to the D-Bus system bus
++
++ -- Tyler Hicks <tyhicks@canonical.com>  Tue, 20 Aug 2013 09:07:17 -0700
++
++libvirt (1.1.1-0ubuntu2) saucy; urgency=low
++
++  * debian/patches/fix-remote-client-segfault.patch: Fix segfault when
++    using a remote client.
++
++ -- Chuck Short <zulcss@ubuntu.com>  Mon, 19 Aug 2013 10:33:08 -0400
++
++libvirt (1.1.1-0ubuntu1) saucy; urgency=low
++
++  [ Chuck Short ]
++  * New usptream version:
++    - Dropped:
++      + debian/patches/CVE-2013-2218-fix-crash-listing-network-interfaces-with-filters:
++        no longer needed.
++      + debian/patches/ubuntu-xen-hypervisor-4.3.patch: no longer needed.
++      + debian/patches/ubuntu-xen-fix-api-deadlocks.patch: no longer needed.
++    - Rediffed:
++      + debian/patches/Don-t-enable-default-network-on-boot.patch
++      + debian/patches/9005-increase-unix-socket-timeout.patch
++
++   [ Stefan Bader ]
++   * Add apparmor rights to call into /usr/lib/xen-common/bin/xen-toolstack
++     to figure out which one is active.
++   * debian/patches/ubuntu-xend-probe.patch: Fix failure to detect
++     whether Xen uses xm/xend toolstack or xl/libxl. Avoid running
++     "xend status" as we do not package that in a pbublic path.
++
++ -- Chuck Short <zulcss@ubuntu.com>  Thu, 15 Aug 2013 17:23:21 +0000
++
  libvirt (1.1.0-4) unstable; urgency=low
    * [22913a0] Skip tests on all architectures except for i386 and amd64 as we
@@ -2598,6 +7204,48 @@ libvirt (1.0.6-1) unstable; urgency=low
   -- Guido Günther <agx@sigxcpu.org>  Thu, 06 Jun 2013 15:27:52 +0200
++libvirt (1.0.6-0ubuntu4) saucy; urgency=low
++
++  * ubuntu-xen-fix-api-deadlocks.patch (LP: #1191782)
++    Fix the deadlocks in the xen driver when doing a dumpxml for active
++    domains.
++  * ubuntu-libxl-qemu-nopath.patch
++    Create libxl configurations without paths for qemu-dm and hvmloader.
++    The Xen toolstack can figure this out.
++  * ubuntu-xen-hypervisor-4.3.patch
++    Update the xen driver to handle the new sysctl and domctl versions
++    in Xen-4.3.
++  * Add apparmor definitions to execute scripts in /etc/xen/scrips as
++    the libxl driver calls out to them (with the xen/xm driver this was
++    done by the xen toolstack and communication with that was through
++    a socket).
++
++ -- Stefan Bader <stefan.bader@canonical.com>  Tue, 16 Jul 2013 10:59:11 +0200
++
++libvirt (1.0.6-0ubuntu3) saucy; urgency=low
++
++  * debian/apparmor/usr.lib.libvirt.virt-aa-helper: allow owner read of
++    @{PROC}/[0-9]*/status
++
++ -- Jamie Strandboge <jamie@ubuntu.com>  Mon, 15 Jul 2013 10:28:42 -0500
++
++libvirt (1.0.6-0ubuntu2) saucy; urgency=low
++
++  * Apply CVE-2013-2218-fix-crash-listing-network-interfaces-with-filters.
++
++ -- Serge Hallyn <serge.hallyn@ubuntu.com>  Fri, 28 Jun 2013 13:13:20 -0500
++
++libvirt (1.0.6-0ubuntu1) saucy; urgency=low
++
++  * New upstream relase.
++    + Dropped patches:
++      - debian/patches/vnc-socket.patch: Dropped no longer needed.
++      - debian/patches/Add-sanitytest.py.patch: Dropped no longer needed.
++   * debian/libvirt-bin.postinst: Make sure qemu.conf isn't world readable
++     by default.
++
++ -- Chuck Short <zulcss@ubuntu.com>  Mon, 03 Jun 2013 11:27:02 -0500
++
  libvirt (1.0.5-3) unstable; urgency=low
    * Upload to unstable (Closes: #709216, #705205)
@@ -2627,6 +7275,25 @@ libvirt (1.0.5-1) experimental; urgency=low
   -- Guido Günther <agx@sigxcpu.org>  Thu, 02 May 2013 21:34:32 +0200
++libvirt (1.0.5-0ubuntu1) saucy; urgency=low
++
++  * New upstream release:
++    + Dropped patches:
++      - debian/patches/fix-virterror-namechange
++      - debian/patches/apparmor-use-apparmor-setfdlabel
++      - debian/patches/prevent-lxc-shutdown-host.patch
++      - debian/patches/apparmor-no-need-to-check-security-model
++      - debian/patches/nonblock-fix.patch
++     + Refreshed patches:
++      - debian/patches/9002-better_default_uri_virsh.patch
++      - debian/patches/enable-kvm-spice.patch
++      - debian/patches/patch-qemuMonitorTextGetMigrationStatus-to-intercept.patch
++   * debian/patches/Add-sanitytest.py.patch: Add patch to fix missing sanitytest.py
++     when building the testsuite.
++   * debian/libvirt-dev.install: dont't ship files for static linking.
++
++ -- Chuck Short <zulcss@ubuntu.com>  Thu, 02 May 2013 10:21:49 -0500
++
  libvirt (1.0.5~rc1-1) experimental; urgency=low
    * [c2302f5] Dont' fail with aug-tools installed.
@@ -2702,6 +7369,122 @@ libvirt (1.0.2-1) experimental; urgency=low
   -- Guido Günther <agx@sigxcpu.org>  Wed, 30 Jan 2013 21:06:02 +0100
++libvirt (1.0.2-0ubuntu12) saucy; urgency=low
++
++  * debian/libvirt-bin.{dirs,install}: install dnsmasq.d-available/libvirt-bin
++    (LP: #1113821)
++
++ -- Serge Hallyn <serge.hallyn@ubuntu.com>  Mon, 29 Apr 2013 07:38:07 -0500
++
++libvirt (1.0.2-0ubuntu11) raring; urgency=low
++
++  * debian/patches/nonblock-fix.patch: cherrypicked upstream patch to
++    not mark qemu migration fd non-blocking.  This fixes tcp live
++    migration. (LP: #1157626)
++
++ -- Serge Hallyn <serge.hallyn@ubuntu.com>  Thu, 18 Apr 2013 10:43:26 -0500
++
++libvirt (1.0.2-0ubuntu10) raring; urgency=low
++
++  * Add code to postinst to fix any double-migration of /etc/dnsmasq.
++    (LP: #1157332)
++
++ -- Serge Hallyn <serge.hallyn@ubuntu.com>  Thu, 28 Mar 2013 09:11:04 -0500
++
++libvirt (1.0.2-0ubuntu9) raring; urgency=low
++
++  * debian/patches/prevent-lxc-shutdown-host.patch: Backport fix
++    from upstream to prevent lxc-containets shutting down the host.
++
++ -- Chuck Short <zulcss@ubuntu.com>  Mon, 25 Mar 2013 09:28:47 -0500
++
++libvirt (1.0.2-0ubuntu8b1) raring; urgency=low
++
++  * No-change rebuild against libudev1
++
++ -- Martin Pitt <martin.pitt@ubuntu.com>  Wed, 13 Mar 2013 07:02:03 +0000
++
++libvirt (1.0.2-0ubuntu8) raring; urgency=low
++
++  * put libvirt-bin dnsmasq file into /etc/dnsmasq.d-available, and
++    create a symlink in /etc/dnsmasq.d, to avoid problems when removing
++    and re-installing libvirt-bin.  (LP: #1113821)
++
++ -- Serge Hallyn <serge.hallyn@ubuntu.com>  Tue, 26 Feb 2013 12:09:37 -0600
++
++libvirt (1.0.2-0ubuntu7) raring; urgency=low
++
++  * libvirt-bin.postinst: also put admin group members into the libvirtd
++    group, to support systems installed before precise.  (LP: #1124127)
++  * libvirt-bin.postinst: use getent group instead of grep /etc/group
++  * rules: pass path to collie to enable sheepdog backend (LP: #1129107)
++  * control, rules: enable building against libaudit, which is in main.
++
++ -- Adam Conrad <adconrad@ubuntu.com>  Wed, 20 Feb 2013 15:50:47 -0700
++
++libvirt (1.0.2-0ubuntu6) raring; urgency=low
++
++  * Really refresh debian/patches/fix-ubuntu-xen-qemu-dm-path.patch and
++    not only claim to and disable it.
++
++ -- Stefan Bader <stefan.bader@canonical.com>  Tue, 19 Feb 2013 15:00:27 +0100
++
++libvirt (1.0.2-0ubuntu5) raring; urgency=low
++
++  * debian/apparmor/libvirt-qemu: allow qemu read access to
++    @{PROC}/sys/vm/overcommit_memory
++
++ -- Jamie Strandboge <jamie@ubuntu.com>  Thu, 14 Feb 2013 10:12:40 -0600
++
++libvirt (1.0.2-0ubuntu4) raring; urgency=low
++
++  * Update Readme.Debian
++    - we use libvirtd, not libvirt group (LP: #1095140)
++    - we add users from sudo, not admin group, to libvirtd.
++  * libvirt-bin.postinst: put users from sudo, not admin group, into group
++    libvirtd. (LP: #1124127)
++
++ -- Serge Hallyn <serge.hallyn@ubuntu.com>  Wed, 13 Feb 2013 09:47:58 -0600
++
++libvirt (1.0.2-0ubuntu3) raring; urgency=low
++
++  * libvirt-bin.postrm: only remove /etc/dnsmasq.d/libvirt-bin during
++    remove.  (LP: #1113821)
++

Ubuntulibvirt package

Merge ~paelzer/ubuntu/+source/libvirt:merge-8.0-jammy into ubuntu/+source/libvirt:debian/sid

Commit message

Description of the change

Preview Diff

Subscribers

Ubuntu
libvirt package