Merge ~sergiodj/ubuntu/+source/libvirt:merge-9.10-0-noble into ubuntu/+source/libvirt:debian/sid
- Git
- lp:~sergiodj/ubuntu/+source/libvirt
- merge-9.10-0-noble
- Merge into debian/sid
Status: | Superseded | ||||||||
---|---|---|---|---|---|---|---|---|---|
Proposed branch: | ~sergiodj/ubuntu/+source/libvirt:merge-9.10-0-noble | ||||||||
Merge into: | ubuntu/+source/libvirt:debian/sid | ||||||||
Diff against target: |
10528 lines (+9555/-83) 36 files modified
debian/changelog (+8334/-40) debian/control (+9/-7) debian/libvirt-clients.install (+1/-0) debian/libvirt-clients.lintian-overrides (+1/-0) debian/libvirt-daemon-system.dirs (+2/-0) debian/libvirt-daemon-system.install (+1/-0) debian/libvirt-daemon-system.libvirt-guests.default (+2/-2) debian/libvirt-daemon-system.postinst (+136/-0) debian/libvirt-daemon-system.postrm (+24/-1) debian/libvirt-daemon.README.Debian (+82/-22) debian/libvirt-daemon.apport (+22/-0) debian/libvirt-daemon.dnsmasq (+2/-0) debian/libvirt-daemon.install (+1/-0) debian/libvirt-uri.sh (+21/-0) debian/patches/series (+19/-0) debian/patches/ubuntu-aa/0020-virt-aa-helper-ubuntu-storage-paths.patch (+37/-0) debian/patches/ubuntu-aa/0029-appmor-libvirt-qemu-Add-9p-support.patch (+34/-0) debian/patches/ubuntu-aa/0031-virt-aa-helper-Ask-for-no-deny-rule-for-readonly-dis.patch (+43/-0) debian/patches/ubuntu-aa/0032-apparmor-libvirt-qemu-Allow-reading-charm-specific-c.patch (+34/-0) debian/patches/ubuntu-aa/0033-UBUNTU-only-apparmor-for-kvm.powerpc-LP-1680384.patch (+41/-0) debian/patches/ubuntu-aa/0034-apparmor-virt-aa-helper-access-for-snapped-nova.patch (+28/-0) debian/patches/ubuntu-aa/lp-1815910-allow-vhost-hotplug.patch (+57/-0) debian/patches/ubuntu/Allow-libvirt-group-to-access-the-socket.patch (+50/-0) debian/patches/ubuntu/daemon-augeas-fix-expected.patch (+21/-0) debian/patches/ubuntu/dnsmasq-as-priv-user (+300/-0) debian/patches/ubuntu/lp-1861125-ubuntu-models.patch (+21/-0) debian/patches/ubuntu/ovmf_paths.patch (+54/-0) debian/patches/ubuntu/set-default-machine-to-ubuntu.patch (+45/-0) debian/patches/ubuntu/swtpm-by-swtpm-user.patch (+40/-0) debian/patches/ubuntu/ubuntu_machine_type.patch (+14/-0) debian/patches/ubuntu/wait-for-qemu-kvm.patch (+23/-0) debian/rules (+16/-3) debian/tests/control (+3/-2) debian/tests/smoke-lxc (+30/-4) debian/tests/smoke-qemu-session (+5/-0) debian/tests/smoke-qemu-session.xml (+2/-2) |
||||||||
Related bugs: |
|
Reviewer | Review Type | Date Requested | Status |
---|---|---|---|
git-ubuntu bot | Approve | ||
Andreas Hasenack | Approve | ||
Canonical Server Reporter | Pending | ||
Review via email: mp+458564@code.launchpad.net |
This proposal has been superseded by a proposal from 2024-01-21.
Commit message
Description of the change
This is the merge of libvirt 9.10-1 from Debian unstable.
As usual with libvirt merges, this one carries a lot of delta. I wasn't able to get rid of much, unfortunately. The merge itself wasn't complex and I don't foresee problems with this new version.
There's one addition to the delta which is the fix for bug #2037606, but it's a temporary one and should be removed in the next merge.
PPA: https:/
dep8 and migration test results will be posted soon.
Sergio Durigan Junior (sergiodj) wrote : | # |
Andreas Hasenack (ahasenack) wrote : | # |
I'll look at this
Andreas Hasenack (ahasenack) wrote : | # |
- delta ok, added/removed changes ok
- upstream changes ok
- debian changes:
a) I noted debian disabled the ceph/rbd storage driver in 32bit platforms, and indeed, the bin:libvirt-
b) libvirt-
passt | 0.0~git20231230
libvirt-
Maybe make that a suggests? I'm not sure how useful it is, as I have never heard of passt before.
Sergio Durigan Junior (sergiodj) wrote : | # |
On Monday, January 15 2024, Andreas Hasenack wrote:
> Review: Needs Fixing
>
> - delta ok, added/removed changes ok
> - upstream changes ok
> - debian changes:
>
> a) I noted debian disabled the ceph/rbd storage driver in 32bit
> platforms, and indeed, the bin:libvirt-
> package is gone from the armhf builds (it's still there in noble
> currently in the archive). Maybe this should be noted in the libvirt
> release notes for noble.
That's a good idea.
> b) libvirt-
>
> passt | 0.0~git20231230
> libvirt-
>
> Maybe make that a suggests? I'm not sure how useful it is, as I have never heard of passt before.
Ah, good catch. Debian's change came from this commit:
https:/
It seems that the intention here is to advertise the feature to more
users, so I don't believe demoting passt to Suggests would be a problem.
Branch updated.
--
Sergio
GPG key ID: E92F D0B3 6B14 F1F4 D8E0 EB2F 106D A1C8 C3CB BF14
git-ubuntu bot (git-ubuntu-bot) wrote : | # |
Approvers: sergiodj, ahasenack
Uploaders: sergiodj, ahasenack
MP auto-approved
Sergio Durigan Junior (sergiodj) wrote : | # |
Hello Andreas,
I've been investigating the libvirt regression, but meanwhile libvirt 10.0 has been released and Debian picked it up. I updated the branch to reflect this new version, but it will need a new review. It shouldn't be complicated, though. The changes to the debian/ directory are minimal.
I'm building the new package in the same PPA, and will run the dep8 tests soon. Hopefully it will also address the problem I was seeing, although I find it unlikely.
Thanks.
git-ubuntu bot (git-ubuntu-bot) wrote : | # |
Approvers: sergiodj, ahasenack
Uploaders: sergiodj, ahasenack
MP auto-approved
Unmerged commits
- 6c5741a... by Sergio Durigan Junior
-
update-maintainer
- 0f8a998... by Sergio Durigan Junior
-
reconstruct-
changelog - a1fbf72... by Sergio Durigan Junior
-
merge-changelogs
- 6e3af5c... by Sergio Durigan Junior
-
* Add changes:
- d/control: Demote passt to Suggests (from Recommends) for
libvirt-daemon- driver- qemu, because passt is in universe. - e90d5d0... by Lena Voytek
-
* Drop changes:
- revert "libvirt-daemon- system: Drop polkit rules in legacy pkla format"
because policykit-1 > 121 isn't yet ready to go to main in lunar.
(LP #2008830)
[ policykit-1 > 121 is in noble-main ] - 539a8ce... by Lena Voytek
-
- libvirt-uri.sh, d/rules: Automatically switch default libvirt URI
for users via user profile (xen URI on dom0, qemu:///system otherwise)
+ Update: Set LIBVIRT_DEFAULT_URI to "qemu:///system" in all
cases, do not set to "xen:///" (LP: #2027838) - 0ff3dee... by Lena Voytek
-
- d/libvirt-
clients. lintian- overrides: Add script- not-executable lintian
override - b1f2e0a... by Lena Voytek
-
- d/control: Use libc6-dev instead of libc-dev as a build dependency
- da02095... by Lena Voytek
-
+ d/libvirt-
daemon- system. postinst: create user/group swtpm if not present
due to swtpm-tools (LP 1951975) - 969d97d... by Lena Voytek
-
+ d/p/u/swtpm-
by-swtpm- user.patch: change default spawned swtpm processes
to user swtpm and adapt expected self test result changes triggered by
this
Preview Diff
1 | diff --git a/debian/changelog b/debian/changelog |
2 | index 5f22b78..fe2e150 100644 |
3 | --- a/debian/changelog |
4 | +++ b/debian/changelog |
5 | @@ -1,3 +1,97 @@ |
6 | +libvirt (10.0.0-1ubuntu1) noble; urgency=medium |
7 | + |
8 | + * Merge with Debian unstable (LP: #2040393, #2037606). Remaining changes: |
9 | + - Disable libssh2 support (universe dependency) |
10 | + - d/control: add libzfslinux-dev to build-deps |
11 | + - d/control: drop libvirt-lxc, vbox and xen drivers to suggest |
12 | + - debian/patches/ubuntu/ovmf_paths.patch: adjust paths to secboot.fd UEFI |
13 | + Secure Boot enabled variants of the OVMF firmware and variable store for |
14 | + the paths where we ship these files in Ubuntu. |
15 | + - Set qemu-group to kvm (for compat with older ubuntu) |
16 | + - Additional apport package-hook |
17 | + - Autostart default bridged network (As upstream does, but not Debian). |
18 | + In addition to just enabling it our solution provides: |
19 | + + do not autostart if subnet is already taken (e.g. in guests). |
20 | + + iterate some alternative subnets before giving up |
21 | + - d/p/ubuntu/Allow-libvirt-group-to-access-the-socket.patch: This is |
22 | + the group based access to libvirt functions as it was used in Ubuntu |
23 | + for quite a long time. |
24 | + + d/p/ubuntu/daemon-augeas-fix-expected.patch fix some related tests |
25 | + due to the group access change. |
26 | + + d/libvirt-daemon-system.postinst: add users in sudo to the libvirt |
27 | + group. |
28 | + - Update README.Debian with Ubuntu changes |
29 | + - d/p/ubuntu/ubuntu_machine_type.patch: accept ubuntu types as pci440fx |
30 | + - fix autopkgtests (LP 1899180) |
31 | + + d/t/control, d/t/smoke-qemu-session: fixup smoke-qemu-session by making |
32 | + vmlinuz available and accessible (Debian bug 848314) |
33 | + + d/t/control: fix smoke-qemu-session by ensuring the service will run |
34 | + installing libvirt-daemon-system |
35 | + + d/t/smoke-lxc: fix smoke-lxc by ignoring potential issues on destroy as |
36 | + long as the following undefine succeeds |
37 | + + d/t/smoke-lxc: use systemd instead of sysV to restart the service |
38 | + + d/t/control, d/t/smoke-lxc: retry service restart and skip test if |
39 | + failing; This was flaky on some release/architectures |
40 | + + d/t/smoke-lxc: retry check_domain being flaky on arm64 |
41 | + - dnsmasq related enhancements |
42 | + + run dnsmasq as libvirt-dnsmasq (LP 1743718) |
43 | + + d/libvirt-daemon-system.postinst: add libvirt-dnsmasq user and group |
44 | + + d/libvirt-daemon-system.postrm: remove libvirt-dnsmasq user and group |
45 | + on purge |
46 | + + d/p/ubuntu/dnsmasq-as-priv-user: write dnsmasq config with user |
47 | + libvirt-dnsmasq and adapt the self tests to expect that config |
48 | + + d/libvirt-daemon-system.postinst: fix old libvirt-dnsmasq users group |
49 | + + Add dnsmasq configuration to work with system wide dnsmasq-base |
50 | + - d/p/ubuntu/set-default-machine-to-ubuntu.patch: to select default |
51 | + machine type correctly with newer qemu/libvirt |
52 | + - d/p/ubuntu/lp-1861125-ubuntu-models: recognize Ubuntu models for |
53 | + (LP 1861125) fixups |
54 | + - d/p/ubuntu/wait-for-qemu-kvm.patch - avoid hangs on startup (LP 1887592) |
55 | + - d/libvirt-daemon-system.libvirt-guests.default: shut guests down |
56 | + in parallel |
57 | + - Apparmor Delta that is Ubuntu specific or yet to be upstreamed |
58 | + split into logical pieces. File names in debian/patches/ubuntu-aa/: |
59 | + + 0020-virt-aa-helper-ubuntu-storage-paths.patch: |
60 | + apparmor, virt-aa-helper: Allow various storage pools and image |
61 | + locations |
62 | + + 0029-appmor-libvirt-qemu-Add-9p-support.patch: appmor, |
63 | + libvirt-qemu: Add 9p support |
64 | + + 0031-virt-aa-helper-Ask-for-no-deny-rule-for-readonly-dis.patch: |
65 | + virt-aa-helper: Ask for no deny rule for readonly disk |
66 | + + 0032-apparmor-libvirt-qemu-Allow-reading-charm-specific-c.patch: |
67 | + apparmor, libvirt-qemu: Allow reading charm-specific ceph config |
68 | + + 0033-UBUNTU-only-apparmor-for-kvm.powerpc-LP-1680384.patch: allow |
69 | + commands executed by ubuntu only kvm wrapper on ppc64el |
70 | + (LP 1686621 LP 1680384 LP 1784023) |
71 | + + 0034-apparmor-virt-aa-helper-access-for-snapped-nova.patch: |
72 | + apparmor, virt-aa-helper: access for snapped nova |
73 | + + lp-1815910-allow-vhost-hotplug.patch: avoid apparmor issues |
74 | + with vhost-net/vhost-vsock/vhost-scsi hotplug (LP 1815910) |
75 | + - libvirt should not use user/group tss for swtpm (LP 1948880) |
76 | + + d/libvirt-daemon-system.postinst: own swtpm logdir by user swtpm |
77 | + + d/p/u/swtpm-by-swtpm-user.patch: change default spawned swtpm processes |
78 | + to user swtpm and adapt expected self test result changes triggered by |
79 | + this |
80 | + + d/libvirt-daemon-system.postinst: create user/group swtpm if not present |
81 | + due to swtpm-tools (LP 1951975) |
82 | + - d/control: Use libc6-dev instead of libc-dev as a build dependency |
83 | + - d/libvirt-clients.lintian-overrides: Add script-not-executable lintian |
84 | + override |
85 | + - libvirt-uri.sh, d/rules: Automatically switch default libvirt URI |
86 | + for users via user profile (xen URI on dom0, qemu:///system otherwise) |
87 | + + Update: Set LIBVIRT_DEFAULT_URI to "qemu:///system" in all |
88 | + cases, do not set to "xen:///" (LP #2027838) |
89 | + * Drop changes: |
90 | + - revert "libvirt-daemon-system: Drop polkit rules in legacy pkla format" |
91 | + because policykit-1 > 121 isn't yet ready to go to main in lunar. |
92 | + (LP #2008830) |
93 | + [ policykit-1 > 121 is in noble-main ] |
94 | + * Add changes: |
95 | + - d/control: Demote passt to Suggests (from Recommends) for |
96 | + libvirt-daemon-driver-qemu, because passt is in universe. |
97 | + |
98 | + -- Sergio Durigan Junior <sergio.durigan@canonical.com> Sun, 21 Jan 2024 00:19:08 -0500 |
99 | + |
100 | libvirt (10.0.0-1) unstable; urgency=medium |
101 | |
102 | * [c80339d] New upstream version 10.0.0 |
103 | @@ -82,6 +176,107 @@ libvirt (9.6.0-2) experimental; urgency=medium |
104 | |
105 | -- Andrea Bolognani <eof@kiyuko.org> Sun, 20 Aug 2023 21:00:40 +0200 |
106 | |
107 | +libvirt (9.6.0-1ubuntu2) noble; urgency=medium |
108 | + |
109 | + * Rebuild against 'new libwireshark17'. |
110 | + |
111 | + -- Gianfranco Costamagna <locutusofborg@debian.org> Fri, 24 Nov 2023 15:27:16 +0100 |
112 | + |
113 | +libvirt (9.6.0-1ubuntu1) mantic; urgency=medium |
114 | + |
115 | + * Merge with Debian unstable (LP: #2018082). Remaining changes: |
116 | + - Disable libssh2 support (universe dependency) |
117 | + - d/control: add libzfslinux-dev to build-deps |
118 | + - d/control: drop libvirt-lxc, vbox and xen drivers to suggest |
119 | + - debian/patches/ubuntu/ovmf_paths.patch: adjust paths to secboot.fd UEFI |
120 | + Secure Boot enabled variants of the OVMF firmware and variable store for |
121 | + the paths where we ship these files in Ubuntu. |
122 | + - Set qemu-group to kvm (for compat with older ubuntu) |
123 | + - Additional apport package-hook |
124 | + - Autostart default bridged network (As upstream does, but not Debian). |
125 | + In addition to just enabling it our solution provides: |
126 | + + do not autostart if subnet is already taken (e.g. in guests). |
127 | + + iterate some alternative subnets before giving up |
128 | + - d/p/ubuntu/Allow-libvirt-group-to-access-the-socket.patch: This is |
129 | + the group based access to libvirt functions as it was used in Ubuntu |
130 | + for quite a long time. |
131 | + + d/p/ubuntu/daemon-augeas-fix-expected.patch fix some related tests |
132 | + due to the group access change. |
133 | + + d/libvirt-daemon-system.postinst: add users in sudo to the libvirt |
134 | + group. |
135 | + - Update README.Debian with Ubuntu changes |
136 | + - d/p/ubuntu/ubuntu_machine_type.patch: accept ubuntu types as pci440fx |
137 | + - fix autopkgtests (LP 1899180) |
138 | + + d/t/control, d/t/smoke-qemu-session: fixup smoke-qemu-session by making |
139 | + vmlinuz available and accessible (Debian bug 848314) |
140 | + + d/t/control: fix smoke-qemu-session by ensuring the service will run |
141 | + installing libvirt-daemon-system |
142 | + + d/t/smoke-lxc: fix smoke-lxc by ignoring potential issues on destroy as |
143 | + long as the following undefine succeeds |
144 | + + d/t/smoke-lxc: use systemd instead of sysV to restart the service |
145 | + + d/t/control, d/t/smoke-lxc: retry service restart and skip test if |
146 | + failing; This was flaky on some release/architectures |
147 | + + d/t/smoke-lxc: retry check_domain being flaky on arm64 |
148 | + - dnsmasq related enhancements |
149 | + + run dnsmasq as libvirt-dnsmasq (LP 1743718) |
150 | + + d/libvirt-daemon-system.postinst: add libvirt-dnsmasq user and group |
151 | + + d/libvirt-daemon-system.postrm: remove libvirt-dnsmasq user and group |
152 | + on purge |
153 | + + d/p/ubuntu/dnsmasq-as-priv-user: write dnsmasq config with user |
154 | + libvirt-dnsmasq and adapt the self tests to expect that config |
155 | + + d/libvirt-daemon-system.postinst: fix old libvirt-dnsmasq users group |
156 | + + Add dnsmasq configuration to work with system wide dnsmasq-base |
157 | + - d/p/ubuntu/set-default-machine-to-ubuntu.patch: to select default |
158 | + machine type correctly with newer qemu/libvirt |
159 | + - d/p/ubuntu/lp-1861125-ubuntu-models: recognize Ubuntu models for |
160 | + (LP 1861125) fixups |
161 | + - d/p/ubuntu/wait-for-qemu-kvm.patch - avoid hangs on startup (LP 1887592) |
162 | + - d/libvirt-daemon-system.libvirt-guests.default: shut guests down |
163 | + in parallel |
164 | + - Apparmor Delta that is Ubuntu specific or yet to be upstreamed |
165 | + split into logical pieces. File names in debian/patches/ubuntu-aa/: |
166 | + + 0020-virt-aa-helper-ubuntu-storage-paths.patch: |
167 | + apparmor, virt-aa-helper: Allow various storage pools and image |
168 | + locations |
169 | + + 0029-appmor-libvirt-qemu-Add-9p-support.patch: appmor, |
170 | + libvirt-qemu: Add 9p support |
171 | + + 0031-virt-aa-helper-Ask-for-no-deny-rule-for-readonly-dis.patch: |
172 | + virt-aa-helper: Ask for no deny rule for readonly disk |
173 | + + 0032-apparmor-libvirt-qemu-Allow-reading-charm-specific-c.patch: |
174 | + apparmor, libvirt-qemu: Allow reading charm-specific ceph config |
175 | + + 0033-UBUNTU-only-apparmor-for-kvm.powerpc-LP-1680384.patch: allow |
176 | + commands executed by ubuntu only kvm wrapper on ppc64el |
177 | + (LP 1686621 LP 1680384 LP 1784023) |
178 | + + 0034-apparmor-virt-aa-helper-access-for-snapped-nova.patch: |
179 | + apparmor, virt-aa-helper: access for snapped nova |
180 | + + lp-1815910-allow-vhost-hotplug.patch: avoid apparmor issues |
181 | + with vhost-net/vhost-vsock/vhost-scsi hotplug (LP 1815910) |
182 | + - libvirt should not use user/group tss for swtpm (LP 1948880) |
183 | + + d/libvirt-daemon-system.postinst: own swtpm logdir by user swtpm |
184 | + + d/p/u/swtpm-by-swtpm-user.patch: change default spawned swtpm processes |
185 | + to user swtpm and adapt expected self test result changes triggered by |
186 | + this |
187 | + + d/libvirt-daemon-system.postinst: create user/group swtpm if not present |
188 | + due to swtpm-tools (LP 1951975) |
189 | + - revert "libvirt-daemon-system: Drop polkit rules in legacy pkla format" |
190 | + because policykit-1 > 121 isn't yet ready to go to main in lunar. |
191 | + (LP #2008830) |
192 | + - d/control: Use libc6-dev instead of libc-dev as a build dependency |
193 | + - d/libvirt-clients.lintian-overrides: Add script-not-executable lintian |
194 | + override |
195 | + * Dropped changes: |
196 | + - d/p/CVE-2023-3750.patch: Remove - fixed upstream |
197 | + - revert "libvirt-daemon-system: Drop polkit rules in legacy pkla format" |
198 | + This has been restored to match Debian because policykit-1 is now at |
199 | + a version greater than 121 in mantic |
200 | + * Modified changes: |
201 | + - libvirt-uri.sh, d/rules: Automatically switch default libvirt URI |
202 | + for users via user profile (xen URI on dom0, qemu:///system otherwise) |
203 | + + Update: Set LIBVIRT_DEFAULT_URI to "qemu:///system" in all |
204 | + cases, do not set to "xen:///" (LP #2027838) |
205 | + |
206 | + -- Lena Voytek <lena.voytek@canonical.com> Mon, 14 Aug 2023 14:16:30 -0700 |
207 | + |
208 | libvirt (9.6.0-1) unstable; urgency=medium |
209 | |
210 | * [74213a2] New upstream version 9.6.0 |
211 | @@ -92,6 +287,99 @@ libvirt (9.6.0-1) unstable; urgency=medium |
212 | |
213 | -- Andrea Bolognani <eof@kiyuko.org> Sat, 05 Aug 2023 19:01:56 +0200 |
214 | |
215 | +libvirt (9.5.0-2ubuntu2) mantic; urgency=medium |
216 | + |
217 | + * Merge from Debian Unstable. Remaining changes: |
218 | + - libvirt-uri.sh, d/rules: Automatically switch default libvirt URI |
219 | + for users via user profile (xen URI on dom0, qemu:///system otherwise) |
220 | + - Disable libssh2 support (universe dependency) |
221 | + - d/control: add libzfslinux-dev to build-deps |
222 | + - d/control: drop libvirt-lxc, vbox and xen drivers to suggest |
223 | + - debian/patches/ubuntu/ovmf_paths.patch: adjust paths to secboot.fd UEFI |
224 | + Secure Boot enabled variants of the OVMF firmware and variable store for |
225 | + the paths where we ship these files in Ubuntu. |
226 | + - Set qemu-group to kvm (for compat with older ubuntu) |
227 | + - Additional apport package-hook |
228 | + - Autostart default bridged network (As upstream does, but not Debian). |
229 | + In addition to just enabling it our solution provides: |
230 | + + do not autostart if subnet is already taken (e.g. in guests). |
231 | + + iterate some alternative subnets before giving up |
232 | + - d/p/ubuntu/Allow-libvirt-group-to-access-the-socket.patch: This is |
233 | + the group based access to libvirt functions as it was used in Ubuntu |
234 | + for quite a long time. |
235 | + + d/p/ubuntu/daemon-augeas-fix-expected.patch fix some related tests |
236 | + due to the group access change. |
237 | + + d/libvirt-daemon-system.postinst: add users in sudo to the libvirt |
238 | + group. |
239 | + - Update README.Debian with Ubuntu changes |
240 | + - d/p/ubuntu/ubuntu_machine_type.patch: accept ubuntu types as pci440fx |
241 | + - fix autopkgtests (LP 1899180) |
242 | + + d/t/control, d/t/smoke-qemu-session: fixup smoke-qemu-session by making |
243 | + vmlinuz available and accessible (Debian bug 848314) |
244 | + + d/t/control: fix smoke-qemu-session by ensuring the service will run |
245 | + installing libvirt-daemon-system |
246 | + + d/t/smoke-lxc: fix smoke-lxc by ignoring potential issues on destroy as |
247 | + long as the following undefine succeeds |
248 | + + d/t/smoke-lxc: use systemd instead of sysV to restart the service |
249 | + + d/t/control, d/t/smoke-lxc: retry service restart and skip test if |
250 | + failing; This was flaky on some release/architectures |
251 | + + d/t/smoke-lxc: retry check_domain being flaky on arm64 |
252 | + - dnsmasq related enhancements |
253 | + + run dnsmasq as libvirt-dnsmasq (LP: 1743718) |
254 | + + d/libvirt-daemon-system.postinst: add libvirt-dnsmasq user and group |
255 | + + d/libvirt-daemon-system.postrm: remove libvirt-dnsmasq user and group |
256 | + on purge |
257 | + + d/p/ubuntu/dnsmasq-as-priv-user: write dnsmasq config with user |
258 | + libvirt-dnsmasq and adapt the self tests to expect that config |
259 | + + d/libvirt-daemon-system.postinst: fix old libvirt-dnsmasq users group |
260 | + + Add dnsmasq configuration to work with system wide dnsmasq-base |
261 | + - d/p/ubuntu/set-default-machine-to-ubuntu.patch: to select default |
262 | + machine type correctly with newer qemu/libvirt |
263 | + - d/p/ubuntu/lp-1861125-ubuntu-models: recognize Ubuntu models for |
264 | + (LP 1861125) fixups |
265 | + - d/p/ubuntu/wait-for-qemu-kvm.patch - avoid hangs on startup (LP 1887592) |
266 | + - d/libvirt-daemon-system.libvirt-guests.default: shut guests down |
267 | + in parallel |
268 | + - Apparmor Delta that is Ubuntu specific or yet to be upstreamed |
269 | + split into logical pieces. File names in debian/patches/ubuntu-aa/: |
270 | + + 0020-virt-aa-helper-ubuntu-storage-paths.patch: |
271 | + apparmor, virt-aa-helper: Allow various storage pools and image |
272 | + locations |
273 | + + 0029-appmor-libvirt-qemu-Add-9p-support.patch: appmor, |
274 | + libvirt-qemu: Add 9p support |
275 | + + 0031-virt-aa-helper-Ask-for-no-deny-rule-for-readonly-dis.patch: |
276 | + virt-aa-helper: Ask for no deny rule for readonly disk |
277 | + + 0032-apparmor-libvirt-qemu-Allow-reading-charm-specific-c.patch: |
278 | + apparmor, libvirt-qemu: Allow reading charm-specific ceph config |
279 | + + 0033-UBUNTU-only-apparmor-for-kvm.powerpc-LP-1680384.patch: allow |
280 | + commands executed by ubuntu only kvm wrapper on ppc64el |
281 | + (LP 1686621 LP 1680384 LP 1784023) |
282 | + + 0034-apparmor-virt-aa-helper-access-for-snapped-nova.patch: |
283 | + apparmor, virt-aa-helper: access for snapped nova |
284 | + + lp-1815910-allow-vhost-net.patch: avoid apparmor issues |
285 | + with vhost-net/vhost-vsock/vhost-scsi hotplug (LP: 1815910) |
286 | + - libvirt should not use user/group tss for swtpm (LP 1948880) |
287 | + + d/libvirt-daemon-system.postinst: own swtpm logdir by user swtpm |
288 | + + d/p/u/swtpm-by-swtpm-user.patch: change default spawned swtpm processes |
289 | + to user swtpm and adapt expected self test result changes triggered by |
290 | + this |
291 | + + d/libvirt-daemon-system.postinst: create user/group swtpm if not present |
292 | + due to swtpm-tools (LP 1951975) |
293 | + - revert "libvirt-daemon-system: Drop polkit rules in legacy pkla format" |
294 | + because policykit-1 > 121 isn't yet ready to go to main in lunar. |
295 | + (LP: #2008830) |
296 | + - SECURITY UPDATE: denial of service via improper locking |
297 | + + debian/patches/CVE-2023-3750.patch: fix returning of locked objects |
298 | + from virStoragePoolObjListSearch in src/conf/virstorageobj.c. |
299 | + + CVE-2023-3750 |
300 | + * Dropped changes [upstream now]: |
301 | + - SECURITY UPDATE: DoS via memleak in SR-IOV PCI device capabilities |
302 | + + debian/patches/CVE-2023-2700.patch: resolve leak in |
303 | + virPCIVirtualFunctionList cleanup in src/util/virpci.c. |
304 | + + CVE-2023-2700 |
305 | + |
306 | + -- Simon Quigley <tsimonq2@ubuntu.com> Wed, 26 Jul 2023 12:52:15 -0500 |
307 | + |
308 | libvirt (9.5.0-2) unstable; urgency=medium |
309 | |
310 | [ Pino Toscano ] |
311 | @@ -167,6 +455,130 @@ libvirt (9.1.0-1) experimental; urgency=medium |
312 | |
313 | -- Andrea Bolognani <eof@kiyuko.org> Sat, 04 Mar 2023 11:10:04 +0100 |
314 | |
315 | +libvirt (9.0.0-2ubuntu3) mantic; urgency=medium |
316 | + |
317 | + * SECURITY UPDATE: denial of service via improper locking |
318 | + - debian/patches/CVE-2023-3750.patch: fix returning of locked objects |
319 | + from virStoragePoolObjListSearch in src/conf/virstorageobj.c. |
320 | + - CVE-2023-3750 |
321 | + |
322 | + -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Tue, 25 Jul 2023 09:09:55 -0400 |
323 | + |
324 | +libvirt (9.0.0-2ubuntu2) mantic; urgency=medium |
325 | + |
326 | + * SECURITY UPDATE: DoS via memleak in SR-IOV PCI device capabilities |
327 | + - debian/patches/CVE-2023-2700.patch: resolve leak in |
328 | + virPCIVirtualFunctionList cleanup in src/util/virpci.c. |
329 | + - CVE-2023-2700 |
330 | + |
331 | + -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Fri, 26 May 2023 10:05:18 -0400 |
332 | + |
333 | +libvirt (9.0.0-2ubuntu1) lunar; urgency=medium |
334 | + |
335 | + * Merge 9.0.0-2 from Debian unstable (LP: #1993412) |
336 | + Also resolved the ask for a rebuild against recent libxen (LP: #2004163) |
337 | + Remaining changes: |
338 | + - libvirt-uri.sh, d/rules: Automatically switch default libvirt URI |
339 | + for users via user profile (xen URI on dom0, qemu:///system otherwise) |
340 | + - Disable libssh2 support (universe dependency) |
341 | + - d/control: add libzfslinux-dev to build-deps |
342 | + - d/control: drop libvirt-lxc, vbox and xen drivers to suggest |
343 | + - debian/patches/ubuntu/ovmf_paths.patch: adjust paths to secboot.fd UEFI |
344 | + Secure Boot enabled variants of the OVMF firmware and variable store for |
345 | + the paths where we ship these files in Ubuntu. |
346 | + - Set qemu-group to kvm (for compat with older ubuntu) |
347 | + - Additional apport package-hook |
348 | + - Autostart default bridged network (As upstream does, but not Debian). |
349 | + In addition to just enabling it our solution provides: |
350 | + + do not autostart if subnet is already taken (e.g. in guests). |
351 | + + iterate some alternative subnets before giving up |
352 | + - d/p/ubuntu/Allow-libvirt-group-to-access-the-socket.patch: This is |
353 | + the group based access to libvirt functions as it was used in Ubuntu |
354 | + for quite a long time. |
355 | + + d/p/ubuntu/daemon-augeas-fix-expected.patch fix some related tests |
356 | + due to the group access change. |
357 | + + d/libvirt-daemon-system.postinst: add users in sudo to the libvirt |
358 | + group. |
359 | + - Update README.Debian with Ubuntu changes |
360 | + - d/p/ubuntu/ubuntu_machine_type.patch: accept ubuntu types as pci440fx |
361 | + - fix autopkgtests (LP 1899180) |
362 | + + d/t/control, d/t/smoke-qemu-session: fixup smoke-qemu-session by making |
363 | + vmlinuz available and accessible (Debian bug 848314) |
364 | + + d/t/control: fix smoke-qemu-session by ensuring the service will run |
365 | + installing libvirt-daemon-system |
366 | + + d/t/smoke-lxc: fix smoke-lxc by ignoring potential issues on destroy as |
367 | + long as the following undefine succeeds |
368 | + + d/t/smoke-lxc: use systemd instead of sysV to restart the service |
369 | + + d/t/control, d/t/smoke-lxc: retry service restart and skip test if |
370 | + failing; This was flaky on some release/architectures |
371 | + + d/t/smoke-lxc: retry check_domain being flaky on arm64 |
372 | + - dnsmasq related enhancements |
373 | + + run dnsmasq as libvirt-dnsmasq (LP: 1743718) |
374 | + + d/libvirt-daemon-system.postinst: add libvirt-dnsmasq user and group |
375 | + + d/libvirt-daemon-system.postrm: remove libvirt-dnsmasq user and group |
376 | + on purge |
377 | + + d/p/ubuntu/dnsmasq-as-priv-user: write dnsmasq config with user |
378 | + libvirt-dnsmasq and adapt the self tests to expect that config |
379 | + + d/libvirt-daemon-system.postinst: fix old libvirt-dnsmasq users group |
380 | + + Add dnsmasq configuration to work with system wide dnsmasq-base |
381 | + - d/p/ubuntu/set-default-machine-to-ubuntu.patch: to select default |
382 | + machine type correctly with newer qemu/libvirt |
383 | + - d/p/ubuntu/lp-1861125-ubuntu-models: recognize Ubuntu models for |
384 | + (LP 1861125) fixups |
385 | + - d/p/ubuntu/wait-for-qemu-kvm.patch - avoid hangs on startup (LP 1887592) |
386 | + - d/libvirt-daemon-system.libvirt-guests.default: shut guests down |
387 | + in parallel |
388 | + - Apparmor Delta that is Ubuntu specific or yet to be upstreamed |
389 | + split into logical pieces. File names in debian/patches/ubuntu-aa/: |
390 | + + 0020-virt-aa-helper-ubuntu-storage-paths.patch: |
391 | + apparmor, virt-aa-helper: Allow various storage pools and image |
392 | + locations |
393 | + + 0029-appmor-libvirt-qemu-Add-9p-support.patch: appmor, |
394 | + libvirt-qemu: Add 9p support |
395 | + + 0031-virt-aa-helper-Ask-for-no-deny-rule-for-readonly-dis.patch: |
396 | + virt-aa-helper: Ask for no deny rule for readonly disk |
397 | + + 0032-apparmor-libvirt-qemu-Allow-reading-charm-specific-c.patch: |
398 | + apparmor, libvirt-qemu: Allow reading charm-specific ceph config |
399 | + + 0033-UBUNTU-only-apparmor-for-kvm.powerpc-LP-1680384.patch: allow |
400 | + commands executed by ubuntu only kvm wrapper on ppc64el |
401 | + (LP 1686621 LP 1680384 LP 1784023) |
402 | + + 0034-apparmor-virt-aa-helper-access-for-snapped-nova.patch: |
403 | + apparmor, virt-aa-helper: access for snapped nova |
404 | + + lp-1815910-allow-vhost-net.patch: avoid apparmor issues |
405 | + with vhost-net/vhost-vsock/vhost-scsi hotplug (LP: 1815910) |
406 | + - libvirt should not use user/group tss for swtpm (LP 1948880) |
407 | + + d/libvirt-daemon-system.postinst: own swtpm logdir by user swtpm |
408 | + + d/p/u/swtpm-by-swtpm-user.patch: change default spawned swtpm processes |
409 | + to user swtpm and adapt expected self test result changes triggered by |
410 | + this |
411 | + + d/libvirt-daemon-system.postinst: create user/group swtpm if not present |
412 | + due to swtpm-tools (LP 1951975) |
413 | + * Dropped changes [upstream now]: |
414 | + - d/p/u/tests-Fix-libxlxml2domconfigtest-with-latest-xen.patch: fix FTBFS |
415 | + with latest libxl [v8.10.0] |
416 | + - d/p/u/fix-swtpm-pid-duplication.patch: Clean up swtpm pids after a vm |
417 | + shuts down (LP 1997269) [v8.7.0] |
418 | + - d/p/u/lp-1993304-apparmor-allow-getattr-on-usb-devices.patch: prevent |
419 | + apparmor denials on USB forwarding (LP 1993304) [v8.10.0] |
420 | + - d/p/u/lp-1996176-nodedev-ignore-EINVAL-from-libudev-in-udevEventHandl: |
421 | + tolerate the impact of too large udev data avoiding a busy loop |
422 | + (LP 1996176) [v8.10.0] |
423 | + - d/p/u/lp-1990499-virt-aa-helper-allow-common-riscv64-loader-paths.patch: |
424 | + easen the use of riscv64 through libvirt (LP 1990499) [v8.9.0] |
425 | + - d/p/u/lp-1990949-virpcivpd-reduce-errors-in-log-due-to-invalid-VPD.patch: |
426 | + reduce log noise by invalid VPD data (LP 1990949) [v8.7.0] |
427 | + * Dropped changes [in Debian now]: |
428 | + - [f35cf09] d/rules: update path of ci-dashboard removal [8.9.0-1] |
429 | + - [a54d904] New upstream version 8.6.0 [8.9.0-1] |
430 | + - patch refreshes and .symbols updated from 8.5.0 -> 8.6.0 [8.9.0-1] |
431 | + - d/control: suggest swtpm-tools [8.10.0-1] |
432 | + * Added changes: |
433 | + - revert "libvirt-daemon-system: Drop polkit rules in legacy pkla format" |
434 | + because policykit-1 > 121 isn't yet ready to go to main in lunar. |
435 | + (LP: #2008830) |
436 | + |
437 | + -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Wed, 01 Mar 2023 07:56:39 +0100 |
438 | + |
439 | libvirt (9.0.0-2) unstable; urgency=medium |
440 | |
441 | * [de81410] patches: Add backports |
442 | @@ -264,6 +676,171 @@ libvirt (8.9.0-1) unstable; urgency=medium |
443 | |
444 | -- Andrea Bolognani <eof@kiyuko.org> Sat, 19 Nov 2022 23:00:34 +0100 |
445 | |
446 | +libvirt (8.6.0-0ubuntu5) lunar; urgency=medium |
447 | + |
448 | + * d/p/u/tests-Fix-libxlxml2domconfigtest-with-latest-xen.patch: fix FTBFS |
449 | + with latest libxl |
450 | + |
451 | + -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Tue, 22 Nov 2022 16:13:36 +0100 |
452 | + |
453 | +libvirt (8.6.0-0ubuntu4) lunar; urgency=medium |
454 | + |
455 | + [ Lena Voytek ] |
456 | + * d/p/u/fix-swtpm-pid-duplication.patch: Clean up swtpm pids after a vm |
457 | + shuts down (LP: #1997269) |
458 | + |
459 | + [Christian Ehrhardt ] |
460 | + * d/p/u/lp-1993304-apparmor-allow-getattr-on-usb-devices.patch: prevent |
461 | + apparmor denials on USB forwarding (LP: #1993304) |
462 | + * d/p/u/lp-1996176-nodedev-ignore-EINVAL-from-libudev-in-udevEventHandl.patch: |
463 | + tolerate the impact of too large udev data avoiding a busy loop |
464 | + (LP: #1996176) |
465 | + |
466 | + -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Tue, 22 Nov 2022 11:21:30 +0100 |
467 | + |
468 | +libvirt (8.6.0-0ubuntu3) kinetic; urgency=medium |
469 | + |
470 | + * d/p/u/lp-1990499-virt-aa-helper-allow-common-riscv64-loader-paths.patch: |
471 | + easen the use of riscv64 through libvirt (LP: #1990499) |
472 | + * d/p/u/lp-1990949-virpcivpd-reduce-errors-in-log-due-to-invalid-VPD.patch: |
473 | + reduce log noise by invalid VPD data (LP: #1990949) |
474 | + |
475 | + -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Tue, 04 Oct 2022 08:29:46 +0200 |
476 | + |
477 | +libvirt (8.6.0-0ubuntu2) kinetic; urgency=medium |
478 | + |
479 | + * d/p/libvirt-daemon-system.postinst: default network autostart |
480 | + handling needs to happen before services start (LP: #1990853) |
481 | + |
482 | + -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Wed, 28 Sep 2022 08:36:15 +0200 |
483 | + |
484 | +libvirt (8.6.0-0ubuntu1) kinetic; urgency=medium |
485 | + |
486 | + * Merge 8.0.0 from Debian unstable (LP: #1971289) |
487 | + Among many other fixes and improvements this fixes: |
488 | + - support for minor NFS versions (LP: #1980134) |
489 | + - launching VMs with SGX enabled (LP: #1982896) |
490 | + Remaining changes: |
491 | + - libvirt-uri.sh, d/rules: Automatically switch default libvirt URI |
492 | + for users via user profile (xen URI on dom0, qemu:///system otherwise) |
493 | + - Disable libssh2 support (universe dependency) |
494 | + - d/control: add libzfslinux-dev to build-deps |
495 | + - d/control: drop libvirt-lxc, vbox and xen drivers to suggest |
496 | + - debian/patches/ubuntu/ovmf_paths.patch: adjust paths to secboot.fd UEFI |
497 | + Secure Boot enabled variants of the OVMF firmware and variable store for |
498 | + the paths where we ship these files in Ubuntu. |
499 | + - Set qemu-group to kvm (for compat with older ubuntu) |
500 | + - Additional apport package-hook |
501 | + - Autostart default bridged network (As upstream does, but not Debian). |
502 | + In addition to just enabling it our solution provides: |
503 | + + do not autostart if subnet is already taken (e.g. in guests). |
504 | + + iterate some alternative subnets before giving up |
505 | + - d/p/ubuntu/Allow-libvirt-group-to-access-the-socket.patch: This is |
506 | + the group based access to libvirt functions as it was used in Ubuntu |
507 | + for quite a long time. |
508 | + + d/p/ubuntu/daemon-augeas-fix-expected.patch fix some related tests |
509 | + due to the group access change. |
510 | + + d/libvirt-daemon-system.postinst: add users in sudo to the libvirt |
511 | + group. |
512 | + - Update README.Debian with Ubuntu changes |
513 | + - d/p/ubuntu/ubuntu_machine_type.patch: accept ubuntu types as pci440fx |
514 | + - fix autopkgtests (LP 1899180) |
515 | + + d/t/control, d/t/smoke-qemu-session: fixup smoke-qemu-session by making |
516 | + vmlinuz available and accessible (Debian bug 848314) |
517 | + + d/t/control: fix smoke-qemu-session by ensuring the service will run |
518 | + installing libvirt-daemon-system |
519 | + + d/t/smoke-lxc: fix smoke-lxc by ignoring potential issues on destroy as |
520 | + long as the following undefine succeeds |
521 | + + d/t/smoke-lxc: use systemd instead of sysV to restart the service |
522 | + + d/t/control, d/t/smoke-lxc: retry service restart and skip test if |
523 | + failing; This was flaky on some release/architectures |
524 | + + d/t/smoke-lxc: retry check_domain being flaky on arm64 |
525 | + - dnsmasq related enhancements |
526 | + + run dnsmasq as libvirt-dnsmasq (LP: 1743718) |
527 | + + d/libvirt-daemon-system.postinst: add libvirt-dnsmasq user and group |
528 | + + d/libvirt-daemon-system.postrm: remove libvirt-dnsmasq user and group |
529 | + on purge |
530 | + + d/p/ubuntu/dnsmasq-as-priv-user: write dnsmasq config with user |
531 | + libvirt-dnsmasq and adapt the self tests to expect that config |
532 | + + d/libvirt-daemon-system.postinst: fix old libvirt-dnsmasq users group |
533 | + + Add dnsmasq configuration to work with system wide dnsmasq-base |
534 | + - d/p/ubuntu/set-default-machine-to-ubuntu.patch: to select default |
535 | + machine type correctly with newer qemu/libvirt |
536 | + - d/p/ubuntu/lp-1861125-ubuntu-models: recognize Ubuntu models for |
537 | + (LP 1861125) fixups |
538 | + - d/p/ubuntu/wait-for-qemu-kvm.patch - avoid hangs on startup (LP 1887592) |
539 | + - Apparmor Delta that is Ubuntu specific or yet to be upstreamed |
540 | + split into logical pieces. File names in debian/patches/ubuntu-aa/: |
541 | + + 0020-virt-aa-helper-ubuntu-storage-paths.patch: |
542 | + apparmor, virt-aa-helper: Allow various storage pools and image |
543 | + locations |
544 | + + 0029-appmor-libvirt-qemu-Add-9p-support.patch: appmor, |
545 | + libvirt-qemu: Add 9p support |
546 | + + 0031-virt-aa-helper-Ask-for-no-deny-rule-for-readonly-dis.patch: |
547 | + virt-aa-helper: Ask for no deny rule for readonly disk |
548 | + + 0032-apparmor-libvirt-qemu-Allow-reading-charm-specific-c.patch: |
549 | + apparmor, libvirt-qemu: Allow reading charm-specific ceph config |
550 | + + 0033-UBUNTU-only-apparmor-for-kvm.powerpc-LP-1680384.patch: allow |
551 | + commands executed by ubuntu only kvm wrapper on ppc64el |
552 | + (LP 1686621 LP 1680384 LP 1784023) |
553 | + + 0034-apparmor-virt-aa-helper-access-for-snapped-nova.patch: |
554 | + apparmor, virt-aa-helper: access for snapped nova |
555 | + + lp-1815910-allow-vhost-net.patch: avoid apparmor issues |
556 | + with vhost-net/vhost-vsock/vhost-scsi hotplug (LP: 1815910) |
557 | + - libvirt should not use user/group tss for swtpm (LP 1948880) |
558 | + + d/libvirt-daemon-system.postinst: own swtpm logdir by user swtpm |
559 | + + d/p/u/swtpm-by-swtpm-user.patch: change default spawned swtpm processes |
560 | + to user swtpm and adapt expected self test result changes triggered by |
561 | + this |
562 | + + d/control: suggest swtpm-tools |
563 | + + d/libvirt-daemon-system.postinst: create user/group swtpm if not present |
564 | + due to swtpm-tools (LP 1951975) |
565 | + * Dropped changes [upstream now]: |
566 | + - d/p/backport/qemuDomainSetupDisk-Initialize-targetPaths.patch to work |
567 | + in containers like LXD (without guest start would hang). |
568 | + [8.1.0] |
569 | + - d/p/backport/util-fix-syslog-facility-value.patch to ensure logs |
570 | + get passed to syslog/journal correctly. |
571 | + [8.1.0] |
572 | + - apparmor: Fix QEMU access for UEFI variable files. Backported from |
573 | + upstream master commit 7aec69b7fb9d0c. (Closes 1006324, LP 1962035) |
574 | + Refresh apparmor_profiles_local_include.patch to resolve the conflict. |
575 | + [8.2.0] |
576 | + - d/p/ubuntu-aa/0035-apparmor-separate-swtpm-rules.patch: Patch the libvirtd |
577 | + and libvirt-qemu apparmor profiles to allow swtpm to use its own profile |
578 | + (LP 1968187) |
579 | + [8.3.0] |
580 | + - d/p/u/lp-1972075-Allow-VM-to-read-sysfs-PCI-config-revision-files.patch: |
581 | + apparmor allow new paths used for GL accelerated video (LP 1972075) |
582 | + [8.4.0] |
583 | + * Dropped changes [no more needed]: |
584 | + - d/control: breaks replaces for augeas lenses move in 6.0.0-1 |
585 | + * Added changes: |
586 | + - parallel-shutdown: upstream no more ships libvirt-guests defaults, so |
587 | + the Ubuntu customization of it moved to the file replacing it added |
588 | + in 8.1.0-1 now in d/libvirt-daemon-system.libvirt-guests.default |
589 | + replacing the former "d/p/u/parallel-shutdown.patch: set parallel |
590 | + shutdown by default." |
591 | + - update patches to match 8.6.0 |
592 | + + d/p/u-aa/0032-apparmor-libvirt-qemu-Allow-reading-charm-specific-c.patch |
593 | + + d/p/u/Allow-libvirt-group-to-access-the-socket.patch |
594 | + + d/p/u-aa/lp-1815910-allow-vhost-hotplug.patch |
595 | + + d/p/u/ovmf_paths.patch |
596 | + + d/p/u/swtpm-by-swtpm-user.patch |
597 | + + d/p/u/dnsmasq-as-priv-user |
598 | + |
599 | + -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Fri, 12 Aug 2022 10:34:29 +0200 |
600 | + |
601 | +libvirt (8.6.0-0) UNRELEASED; urgency=medium |
602 | + |
603 | + [ Christian Ehrhardt ] |
604 | + * [f35cf09] d/rules: update path of ci-dashboard removal |
605 | + |
606 | + [ Andrea Bolognani ] |
607 | + * [a54d904] New upstream version 8.6.0 |
608 | + |
609 | + -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Thu, 11 Aug 2022 10:28:25 +0200 |
610 | + |
611 | libvirt (8.5.0-2) experimental; urgency=medium |
612 | |
613 | * [6c9bffb] Implement custom handling for systemd units |
614 | @@ -343,6 +920,188 @@ libvirt (8.1.0-1) experimental; urgency=medium |
615 | |
616 | -- Andrea Bolognani <eof@kiyuko.org> Tue, 15 Mar 2022 23:53:49 +0100 |
617 | |
618 | +libvirt (8.0.0-1ubuntu8) kinetic; urgency=medium |
619 | + |
620 | + * d/p/u/lp-1972075-Allow-VM-to-read-sysfs-PCI-config-revision-files.patch: |
621 | + apparmor allow new paths used for GL accelerated video (LP: #1972075) |
622 | + |
623 | + -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Thu, 19 May 2022 08:14:48 +0200 |
624 | + |
625 | +libvirt (8.0.0-1ubuntu7) jammy; urgency=medium |
626 | + |
627 | + * d/p/ubuntu-aa/0035-apparmor-separate-swtpm-rules.patch: Patch the libvirtd |
628 | + and libvirt-qemu apparmor profiles to allow swtpm to use its own profile |
629 | + (LP: #1968187) |
630 | + |
631 | + -- Lena Voytek <lena.voytek@canonical.com> Tue, 12 Apr 2022 10:04:05 -0700 |
632 | + |
633 | +libvirt (8.0.0-1ubuntu6) jammy; urgency=medium |
634 | + |
635 | + * d/control: recommend swtpm-tools (LP: #1948748) |
636 | + |
637 | + -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Mon, 04 Apr 2022 07:30:15 +0200 |
638 | + |
639 | +libvirt (8.0.0-1ubuntu5) jammy; urgency=medium |
640 | + |
641 | + * apparmor: Fix QEMU access for UEFI variable files. Backported from |
642 | + upstream master commit 7aec69b7fb9d0c. (Closes: #1006324, LP: #1962035) |
643 | + Refresh apparmor_profiles_local_include.patch to resolve the conflict. |
644 | + |
645 | + -- Martin Pitt <martin.pitt@ubuntu.com> Wed, 09 Mar 2022 13:43:40 +0100 |
646 | + |
647 | +libvirt (8.0.0-1ubuntu4) jammy; urgency=medium |
648 | + |
649 | + * No-change rebuild against libwireshark15. |
650 | + |
651 | + -- Steve Langasek <steve.langasek@ubuntu.com> Mon, 07 Mar 2022 18:34:34 +0000 |
652 | + |
653 | +libvirt (8.0.0-1ubuntu3) jammy; urgency=medium |
654 | + |
655 | + * Revert "d/rules, d/libvirt-daemon-system.{postinst,prerm}: never stop |
656 | + system services and sockets." |
657 | + Due to the fix being in debhelper we no more need this mitigation now. |
658 | + (LP: #1959054) |
659 | + |
660 | + -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Thu, 17 Feb 2022 10:08:01 +0100 |
661 | + |
662 | +libvirt (8.0.0-1ubuntu2) jammy; urgency=medium |
663 | + |
664 | + * No-change rebuild to update maintainer scripts, see LP: 1959054 |
665 | + |
666 | + -- Dave Jones <dave.jones@canonical.com> Wed, 16 Feb 2022 17:04:47 +0000 |
667 | + |
668 | +libvirt (8.0.0-1ubuntu1) jammy; urgency=medium |
669 | + |
670 | + * Merge 8.0.0 from Debian unstable (LP: #1946869) |
671 | + Among many other fixes and improvements this fixes ceph usage |
672 | + in regard to apparmor (LP: #1588576) |
673 | + Remaining changes: |
674 | + - libvirt-uri.sh: Automatically switch default libvirt URI for users |
675 | + via user profile (xen URI on dom0, qemu:///system otherwise) |
676 | + [contains lintian fixups of 6.6.0-1ubuntu1] |
677 | + - Disable libssh2 support (universe dependency) |
678 | + - d/control: add libzfslinux-dev to build-deps |
679 | + - d/control: drop libvirt-lxc, vbox and xen drivers to suggest |
680 | + - d/control: breaks replaces for augeas lenses move in 6.0.0-1 |
681 | + (follows Debian, droppable >22.04) |
682 | + - debian/patches/ubuntu/ovmf_paths.patch: adjust paths to secboot.fd UEFI |
683 | + Secure Boot enabled variants of the OVMF firmware and variable store for |
684 | + the paths where we ship these files in Ubuntu. |
685 | + - Set qemu-group to kvm (for compat with older ubuntu) |
686 | + - Additional apport package-hook |
687 | + - Autostart default bridged network (As upstream does, but not Debian). |
688 | + In addition to just enabling it our solution provides: |
689 | + + do not autostart if subnet is already taken (e.g. in guests). |
690 | + + iterate some alternative subnets before giving up |
691 | + - d/p/ubuntu/Allow-libvirt-group-to-access-the-socket.patch: This is |
692 | + the group based access to libvirt functions as it was used in Ubuntu |
693 | + for quite a long time. |
694 | + + d/p/ubuntu/daemon-augeas-fix-expected.patch fix some related tests |
695 | + due to the group access change. |
696 | + + d/libvirt-daemon-system.postinst: add users in sudo to the libvirt |
697 | + group. |
698 | + - d/p/u/parallel-shutdown.patch: set parallel shutdown by default. |
699 | + - Update README.Debian with Ubuntu changes |
700 | + - d/p/ubuntu/ubuntu_machine_type.patch: accept ubuntu types as pci440fx |
701 | + - fix autopkgtests (LP 1899180) |
702 | + + d/t/control, d/t/smoke-qemu-session: fixup smoke-qemu-session by making |
703 | + vmlinuz available and accessible (Debian bug 848314) |
704 | + + d/t/control: fix smoke-qemu-session by ensuring the service will run |
705 | + installing libvirt-daemon-system |
706 | + + d/t/smoke-qemu-session.xml: fixup smoke-qemu-session do not use kvm |
707 | + when not needed |
708 | + + d/t/smoke-lxc: fix smoke-lxc by ignoring potential issues on destroy as |
709 | + long as the following undefine succeeds |
710 | + + d/t/smoke-lxc: use systemd instead of sysV to restart the service |
711 | + + d/t/control, d/t/smoke-lxc: retry service restart and skip test if |
712 | + failing; This was flaky on some release/architectures |
713 | + + d/t/smoke-lxc: retry check_domain being flaky on arm64 |
714 | + - dnsmasq related enhancements |
715 | + [now contains dnsmasq-as-priv-user of 6.6.0-1ubuntu1] |
716 | + + run dnsmasq as libvirt-dnsmasq (LP: 1743718) |
717 | + + d/libvirt-daemon-system.postinst: add libvirt-dnsmasq user and group |
718 | + + d/libvirt-daemon-system.postrm: remove libvirt-dnsmasq user and group |
719 | + on purge |
720 | + + d/p/ubuntu/dnsmasq-as-priv-user: write dnsmasq config with user |
721 | + libvirt-dnsmasq and adapt the self tests to expect that config |
722 | + + d/libvirt-daemon-system.postinst: fix old libvirt-dnsmasq users group |
723 | + + Add dnsmasq configuration to work with system wide dnsmasq-base |
724 | + - d/p/ubuntu/set-default-machine-to-ubuntu.patch: to select default |
725 | + machine type correctly with newer qemu/libvirt |
726 | + - d/p/ubuntu/lp-1861125-ubuntu-models: recognize Ubuntu models for |
727 | + (LP 1861125) fixups |
728 | + - d/p/ubuntu/wait-for-qemu-kvm.patch - avoid hangs on startup (LP 1887592) |
729 | + - Apparmor Delta that is Ubuntu specific or yet to be upstreamed |
730 | + split into logical pieces. File names in debian/patches/ubuntu-aa/: |
731 | + + 0020-virt-aa-helper-ubuntu-storage-paths.patch: |
732 | + apparmor, virt-aa-helper: Allow various storage pools and image |
733 | + locations |
734 | + + 0029-appmor-libvirt-qemu-Add-9p-support.patch: appmor, |
735 | + libvirt-qemu: Add 9p support |
736 | + + 0031-virt-aa-helper-Ask-for-no-deny-rule-for-readonly-dis.patch: |
737 | + virt-aa-helper: Ask for no deny rule for readonly disk (renamed and |
738 | + reworded, was virt-aa-helper-no-explicity-deny-for-basefiles.patch) |
739 | + + 0032-apparmor-libvirt-qemu-Allow-reading-charm-specific-c.patch: |
740 | + apparmor, libvirt-qemu: Allow reading charm-specific ceph config |
741 | + + 0033-UBUNTU-only-apparmor-for-kvm.powerpc-LP-1680384.patch: allow |
742 | + commands executed by ubuntu only kvm wrapper on ppc64el |
743 | + (LP 1686621 LP 1680384 LP 1784023) |
744 | + + 0034-apparmor-virt-aa-helper-access-for-snapped-nova.patch: |
745 | + apparmor, virt-aa-helper: access for snapped nova |
746 | + + lp-1815910-allow-vhost-net.patch: avoid apparmor issues |
747 | + with vhost-net/vhost-vsock/vhost-scsi hotplug (LP: 1815910) |
748 | + - libvirt should not use user/group tss for swtpm (LP 1948880) |
749 | + + d/libvirt-daemon-system.postinst: own swtpm logdir by user swtpm |
750 | + + d/p/u/swtpm-by-swtpm-user.patch: change default spawned swtpm processes |
751 | + to user swtpm |
752 | + + d/p/u/swtpm-by-swtpm-user.patch: adapt expected self test results |
753 | + + d/control: suggest swtpm-tools |
754 | + + d/libvirt-daemon-system.postinst: create user/group swtpm if not present |
755 | + due to swtpm-tools (LP 1951975) |
756 | + * Dropped changes [in Debian now]: |
757 | + - d/control: add libtirpc for rpc.h with glibc >=2.32 |
758 | + - various patch refreshes and .symbols updated from 7.0.0 - 7.6.0 |
759 | + - debian/rules: disable the netcf backend. (LP: 1764314) |
760 | + - d/libvirt-clients.install: completions no more are symlinked to vsh |
761 | + - d/rules: disable the now auto-built vstorage backend |
762 | + - not-installed: split daemon man pages are no yet installed |
763 | + - d/rules: disable the new Cloud Hypervisor driver |
764 | + - d/rules: enable more features explicitly |
765 | + - d/rules: use apparmor_profiles=enabled instead of the now rejected |
766 | + value true |
767 | + - rules: Explicitly set remote_default_mode |
768 | + - rules: Rework installation of AppArmor-related files |
769 | + - d/control, d/rules: enable libssh (LP 1939416) |
770 | + * Dropped changes [upstream now]: |
771 | + - d/p/u/lp-1913266-*: add vsock options to be usable with s390x secure |
772 | + execution (LP 1913266) |
773 | + - d/p/u/lp-1927519-virt-aa-helper-Purge-profile-if-corrupted.patch: avoid |
774 | + issues due to corrupted apparmor profiles (LP 1927519) |
775 | + - Toleration for qemu >=6.0 handling of props (LP 1932264) |
776 | + - Persistent vfio-ccw device assignments (LP 1887929) |
777 | + * Dropped changes [no more needed]: |
778 | + - remove Debian debian/Revert-m4-virt-xdr-rewrite-XDR-check.patch as with |
779 | + recent ubuntu glibx 2.32 it is breaking the build |
780 | + - update d/p/debian/Revert-m4-virt-xdr-rewrite-XDR-check.patch: to detect |
781 | + XDR functions from glibc |
782 | + - d/t/smoke-lxc: skip before systemd 248 due to a known bug (LP 1934966) |
783 | + - d/t/smoke-lxc: skip if cgroup v1&v2 are present (systemd 248 |
784 | + was not enough) |
785 | + * Added changes: |
786 | + - d/p/u/dnsmasq-as-priv-user: update for 8.0.0 |
787 | + - Add recent upstream fixes to 8.0 |
788 | + + d/p/backport/qemuDomainSetupDisk-Initialize-targetPaths.patch to work |
789 | + in containers like LXD (without guest start would hang). |
790 | + + d/p/backport/util-fix-syslog-facility-value.patch to ensure logs |
791 | + get passed to syslog/journal correctly. |
792 | + - d/rules, d/libvirt-daemon-system.{postinst,postrm}: never stop |
793 | + libvirt system services and sockets (LP: #1959054). This allows |
794 | + to unblock some transitions that wait on libvirt now; The intention is |
795 | + that it is fixed in debhelper and libvirt reverts this change before |
796 | + jammy release. |
797 | + |
798 | + -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Mon, 24 Jan 2022 08:49:08 +0100 |
799 | + |
800 | libvirt (8.0.0-1) unstable; urgency=medium |
801 | |
802 | * [a26cc81] New upstream version 8.0.0 |
803 | @@ -445,6 +1204,112 @@ libvirt (7.6.0-1) unstable; urgency=medium |
804 | |
805 | -- Andrea Bolognani <eof@kiyuko.org> Thu, 19 Aug 2021 21:16:21 +0200 |
806 | |
807 | +libvirt (7.6.0-0ubuntu3) jammy; urgency=medium |
808 | + |
809 | + * d/libvirt-daemon-system.postinst: create user/group swtpm if not present |
810 | + due to swtpm-tools (LP: #1951975) |
811 | + |
812 | + -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Wed, 24 Nov 2021 07:50:53 +0100 |
813 | + |
814 | +libvirt (7.6.0-0ubuntu2) jammy; urgency=medium |
815 | + |
816 | + * d/p/u/lp-1927519-virt-aa-helper-Purge-profile-if-corrupted.patch: avoid |
817 | + issues due to corrupted apparmor profiles (LP: #1927519) |
818 | + * libvirt should not use user/group tss for swtpm (LP: #1948880) |
819 | + - d/libvirt-daemon-system.postinst: own swtpm logdir by user swtpm |
820 | + - d/p/u/swtpm-by-swtpm-user.patch: change default spawned swtpm processes |
821 | + to user swtpm |
822 | + - d/p/u/swtpm-by-swtpm-user.patch: adapt expected self test results |
823 | + - d/control: suggest swtpm-tools |
824 | + |
825 | + -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Thu, 11 Nov 2021 12:11:38 +0100 |
826 | + |
827 | +libvirt (7.6.0-0ubuntu1) impish; urgency=medium |
828 | + |
829 | + * Merge v7.6.0 from upstream and unreleased changes from Debian git. |
830 | + Among other bugs this fixes copy-storage-inc based migrations (LP: #1936778) |
831 | + - New upstream version 7.5.0 |
832 | + - New upstream version 7.6.0 |
833 | + - symbols: Bump symbol versions |
834 | + - refresh d/p/debian/Set-defaults-for-zfs-tools.patch for v7.5.0 |
835 | + - patches: Refresh patches |
836 | + - d/rules: disable the new Cloud Hypervisor driver |
837 | + - d/rules: enable more features explicitly |
838 | + - d/rules: use apparmor_profiles=enabled instead of the now rejected |
839 | + value true |
840 | + - update d/p/debian/Revert-m4-virt-xdr-rewrite-XDR-check.patch: to detect |
841 | + XDR functions from glibc |
842 | + * d/control, d/rules: enable libssh (LP: #1939416) |
843 | + * refresh ubuntu patches for v7.6.0 |
844 | + * Further fixups for v7.6.0 (thanks to Andrea Bolognani) |
845 | + - rules: Explicitly set remote_default_mode |
846 | + - rules: Rework installation of AppArmor-related files |
847 | + |
848 | + -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Wed, 11 Aug 2021 08:11:16 +0200 |
849 | + |
850 | +libvirt (7.6.0-1) unstable; urgency=medium |
851 | + |
852 | + * Team upload |
853 | + |
854 | + [ Andrea Bolognani ] |
855 | + * [a256a80] New upstream version 7.6.0 |
856 | + - Fixes CVE-2021-3667 (Closes: #991594) |
857 | + * [4a96793] rules: Disable netcf support |
858 | + - netcf support is considered deprecated upstream |
859 | + |
860 | + [ Christian Ehrhardt ] |
861 | + * [ac145fd] d/rules: disable the new Cloud Hypervisor driver |
862 | + - Cloud Hypervisor is not available in Debian |
863 | + * [4bafac5] d/control, d/rules: enable libssh |
864 | + - Closes: #985969 |
865 | + - LP: #1939416 |
866 | + * [fbc728f] d/t/smoke-lxc: skip if cgroup v1&v2 are present |
867 | + - This works around an upstream bug which causes the LXC driver |
868 | + to break when both v1 and v2 cgroups are in use |
869 | + * [8d2e0fe] d/control: add libtirpc for rpc.h with glibc >=2.31-14 |
870 | + - Switch from glibc's legacy RPC implementation, which is now |
871 | + disabled in the Debian package, to libtirpc's one |
872 | + |
873 | + -- Andrea Bolognani <eof@kiyuko.org> Thu, 19 Aug 2021 21:16:21 +0200 |
874 | + |
875 | +libvirt (7.4.0-0ubuntu3) impish; urgency=medium |
876 | + |
877 | + * d/t/smoke-lxc: skip if cgroup v1&v2 are present (systemd 248 |
878 | + was not enough) |
879 | + |
880 | + -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Thu, 08 Jul 2021 14:20:53 +0200 |
881 | + |
882 | +libvirt (7.4.0-0ubuntu2) impish; urgency=medium |
883 | + |
884 | + * d/t/smoke-lxc: skip before systemd 248 due to a known bug (LP: #1934966) |
885 | + |
886 | + -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Thu, 08 Jul 2021 09:33:49 +0200 |
887 | + |
888 | +libvirt (7.4.0-0ubuntu1) impish; urgency=medium |
889 | + |
890 | + * Merge v7.4.0 from upstream, |
891 | + among a lot of new features and fixes this closes a few of issues |
892 | + reported against Ubuntu |
893 | + - Toleration for qemu >=6.0 handling of props (LP: #1932264) |
894 | + - Persistent vfio-ccw device assignments (LP: #1887929) |
895 | + - Drop patches that are upstream in v7.4.0 |
896 | + - d/p/b/meson-Fix-cross-building-of-dtrace-probes.patch |
897 | + - d/p/b/apparmor-let-image-label-setting-loop-over-backing-files.patch |
898 | + - d/p/r/systemd-Revert-remote-Add-libvirtd-dependency-to-virt-gue.patch |
899 | + - d/p/u/lp-1913266-*: add vsock options to be usable with s390x |
900 | + - d/p/u/lp-1921754-*: EPYC-Rome-v2 |
901 | + - d/p/u/lp-1921880-*: EPYC-Milan |
902 | + - d/libvirt-clients.install: completions no more are symlinked to vsh |
903 | + - Revert "disable firewalld support (universe dependency)" |
904 | + This does not add a runtime dependency and while firewalld isn't in |
905 | + main that way users can install and use it from universe. |
906 | + (LP: #1928113) |
907 | + - d/libvirt0.symbols: bump symbol versions for 7.4.0 |
908 | + - d/rules: disable the now auto-built vstorage backend |
909 | + - not-installed: split daemon man pages are no yet installed |
910 | + |
911 | + -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Thu, 17 Jun 2021 10:33:27 +0200 |
912 | + |
913 | libvirt (7.0.0-3) unstable; urgency=medium |
914 | |
915 | * Team upload |
916 | @@ -454,6 +1319,115 @@ libvirt (7.0.0-3) unstable; urgency=medium |
917 | |
918 | -- Andrea Bolognani <eof@kiyuko.org> Fri, 26 Feb 2021 16:46:34 +0100 |
919 | |
920 | +libvirt (7.0.0-2ubuntu2) hirsute; urgency=medium |
921 | + |
922 | + * d/p/u/lp-1921754*: add EPYC-Rome-v2 as v1 missed IBRS and thereby fails |
923 | + on some HW/Guest combinations e.g. Windows 10 on Threadripper |
924 | + (LP: #1921754) |
925 | + * d/p/u/lp-1921880*: add EPYC-Milan features and named cpu type support |
926 | + (LP: #1921880) |
927 | + |
928 | + -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Wed, 07 Apr 2021 13:33:46 +0200 |
929 | + |
930 | +libvirt (7.0.0-2ubuntu1) hirsute; urgency=medium |
931 | + |
932 | + * Merge with Debian 7.0.0-1 from Debian unstable |
933 | + Remaining changes: |
934 | + - libvirt-uri.sh: Automatically switch default libvirt URI for users |
935 | + via user profile (xen URI on dom0, qemu:///system otherwise) |
936 | + [contains lintian fixups of 6.6.0-1ubuntu1] |
937 | + - Disable libssh2 support (universe dependency) |
938 | + - Disable firewalld support (universe dependency) |
939 | + - d/control: add libzfslinux-dev to build-deps |
940 | + - d/control: drop libvirt-lxc, vbox and xen drivers to suggest |
941 | + - d/control: breaks replaces for augeas lenses move in 6.0.0-1 |
942 | + (follows Debian, droppable >22.04) |
943 | + - debian/rules: disable the netcf backend. (LP: 1764314) |
944 | + - debian/patches/ubuntu/ovmf_paths.patch: adjust paths to secboot.fd UEFI |
945 | + Secure Boot enabled variants of the OVMF firmware and variable store for |
946 | + the paths where we ship these files in Ubuntu. |
947 | + - Set qemu-group to kvm (for compat with older ubuntu) |
948 | + - Additional apport package-hook |
949 | + - Autostart default bridged network (As upstream does, but not Debian). |
950 | + In addition to just enabling it our solution provides: |
951 | + + do not autostart if subnet is already taken (e.g. in guests). |
952 | + + iterate some alternative subnets before giving up |
953 | + - d/p/ubuntu/Allow-libvirt-group-to-access-the-socket.patch: This is |
954 | + the group based access to libvirt functions as it was used in Ubuntu |
955 | + for quite a long time. |
956 | + + d/p/ubuntu/daemon-augeas-fix-expected.patch fix some related tests |
957 | + due to the group access change. |
958 | + + d/libvirt-daemon-system.postinst: add users in sudo to the libvirt |
959 | + group. |
960 | + - ubuntu/parallel-shutdown.patch: set parallel shutdown by default. |
961 | + - Update README.Debian with Ubuntu changes |
962 | + - d/p/ubuntu/ubuntu_machine_type.patch: accept ubuntu types as pci440fx |
963 | + - fix autopkgtests (LP 1899180) |
964 | + + d/t/control, d/t/smoke-qemu-session: fixup smoke-qemu-session by making |
965 | + vmlinuz available and accessible (Debian bug 848314) |
966 | + + d/t/control: fix smoke-qemu-session by ensuring the service will run |
967 | + installing libvirt-daemon-system |
968 | + + d/t/smoke-lxc: fix smoke-lxc by ignoring potential issues on destroy as |
969 | + long as the following undefine succeeds |
970 | + + d/t/smoke-lxc: use systemd instead of sysV to restart the service |
971 | + + d/t/control, d/t/smoke-lxc: retry service restart and skip test if |
972 | + failing; This was flaky on some release/architectures |
973 | + + d/t/smoke-lxc: retry check_domain being flaky on arm64 |
974 | + - dnsmasq related enhancements |
975 | + [now contains dnsmasq-as-priv-user of 6.6.0-1ubuntu1] |
976 | + + run dnsmasq as libvirt-dnsmasq (LP: 1743718) |
977 | + + d/libvirt-daemon-system.postinst: add libvirt-dnsmasq user and group |
978 | + + d/libvirt-daemon-system.postrm: remove libvirt-dnsmasq user and group |
979 | + on purge |
980 | + + d/p/ubuntu/dnsmasq-as-priv-user: write dnsmasq config with user |
981 | + libvirt-dnsmasq and adapt the self tests to expect that config |
982 | + + d/libvirt-daemon-system.postinst: fix old libvirt-dnsmasq users group |
983 | + + Add dnsmasq configuration to work with system wide dnsmasq-base |
984 | + - d/p/ubuntu/set-default-machine-to-ubuntu.patch: to select default |
985 | + machine type correctly with newer qemu/libvirt |
986 | + - d/p/ubuntu/lp-1861125-ubuntu-models: recognize Ubuntu models for |
987 | + (LP 1861125) fixups |
988 | + - d/p/ubuntu/wait-for-qemu-kvm.patch - avoid hangs on startup (LP 1887592) |
989 | + - remove Debian debian/Revert-m4-virt-xdr-rewrite-XDR-check.patch as with |
990 | + recent ubuntu glibx 2.32 it is breaking the build |
991 | + - d/control: add libtirpc for rpc.h with glibc >=2.32 |
992 | + - Apparmor Delta that is Ubuntu specific or yet to be upstreamed |
993 | + split into logical pieces. File names in debian/patches/ubuntu-aa/: |
994 | + + 0020-virt-aa-helper-ubuntu-storage-paths.patch: |
995 | + apparmor, virt-aa-helper: Allow various storage pools and image |
996 | + locations |
997 | + + 0029-appmor-libvirt-qemu-Add-9p-support.patch: appmor, |
998 | + libvirt-qemu: Add 9p support |
999 | + + 0031-virt-aa-helper-Ask-for-no-deny-rule-for-readonly-dis.patch: |
1000 | + virt-aa-helper: Ask for no deny rule for readonly disk (renamed and |
1001 | + reworded, was virt-aa-helper-no-explicity-deny-for-basefiles.patch) |
1002 | + + 0032-apparmor-libvirt-qemu-Allow-reading-charm-specific-c.patch: |
1003 | + apparmor, libvirt-qemu: Allow reading charm-specific ceph config |
1004 | + + 0033-UBUNTU-only-apparmor-for-kvm.powerpc-LP-1680384.patch: allow |
1005 | + commands executed by ubuntu only kvm wrapper on ppc64el |
1006 | + (LP 1686621 LP 1680384 LP 1784023) |
1007 | + + 0034-apparmor-virt-aa-helper-access-for-snapped-nova.patch: |
1008 | + apparmor, virt-aa-helper: access for snapped nova |
1009 | + + lp-1815910-allow-vhost-net.patch: avoid apparmor issues |
1010 | + with vhost-net/vhost-vsock/vhost-scsi hotplug (LP: 1815910) |
1011 | + - d/p/u/lp-1913266-*: add vsock options to be usable with s390x secure |
1012 | + execution (LP 1913266) |
1013 | + * Dropped Changes [in Debian now] |
1014 | + - Avoid various issues around service/socket status after install/reinstall |
1015 | + and on upgrades (LP 1914054). |
1016 | + - d/rules: let sockets use --no-stop-on-upgrade to avoid false positives |
1017 | + - d/rules: --no-restart-after-upgrade does not prevent restarts |
1018 | + - d/rules: avoid --no-start which breaks .sockets on re-install |
1019 | + - d/rules: start, but do not restart libvirt-guests.service |
1020 | + - Dependency improvements yet unreleased from salsa/debian/master thanks |
1021 | + to Andrea Bolognani (Debian #981435). |
1022 | + - control: Always explicitly depend on libvirt0 |
1023 | + - control: Always use versioned deps for libvirt components |
1024 | + - d/control: extend demotion of libvirt-lxc related dependencies to |
1025 | + libvirt-login-shell |
1026 | + |
1027 | + -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Tue, 23 Feb 2021 12:16:08 +0100 |
1028 | + |
1029 | libvirt (7.0.0-2) unstable; urgency=medium |
1030 | |
1031 | * Team upload |
1032 | @@ -475,6 +1449,123 @@ libvirt (7.0.0-2) unstable; urgency=medium |
1033 | |
1034 | -- Andrea Bolognani <eof@kiyuko.org> Wed, 10 Feb 2021 23:23:32 +0100 |
1035 | |
1036 | +libvirt (7.0.0-1ubuntu2) hirsute; urgency=medium |
1037 | + |
1038 | + * d/control: extend demotion of libvirt-lxc related dependencies to |
1039 | + libvirt-login-shell |
1040 | + |
1041 | + -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Thu, 04 Feb 2021 13:44:49 +0100 |
1042 | + |
1043 | +libvirt (7.0.0-1ubuntu1) hirsute; urgency=medium |
1044 | + |
1045 | + * Merge with Debian 7.0.0-1 from Debian unstable |
1046 | + This fixes unwanted conffile prompts (LP: #1906248) |
1047 | + Remaining changes: |
1048 | + - libvirt-uri.sh: Automatically switch default libvirt URI for users |
1049 | + via user profile (xen URI on dom0, qemu:///system otherwise) |
1050 | + [contains lintian fixups of 6.6.0-1ubuntu1] |
1051 | + - Disable libssh2 support (universe dependency) |
1052 | + - Disable firewalld support (universe dependency) |
1053 | + - d/control: add libzfslinux-dev to build-deps |
1054 | + - d/control: drop libvirt-lxc, vbox and xen drivers to suggest |
1055 | + - d/control: breaks replaces for augeas lenses move in 6.0.0-1 |
1056 | + (follows Debian, droppable >22.04) |
1057 | + - debian/rules: disable the netcf backend. (LP: 1764314) |
1058 | + - debian/patches/ubuntu/ovmf_paths.patch: adjust paths to secboot.fd UEFI |
1059 | + Secure Boot enabled variants of the OVMF firmware and variable store for |
1060 | + the paths where we ship these files in Ubuntu. |
1061 | + - Set qemu-group to kvm (for compat with older ubuntu) |
1062 | + - Additional apport package-hook |
1063 | + - Autostart default bridged network (As upstream does, but not Debian). |
1064 | + In addition to just enabling it our solution provides: |
1065 | + + do not autostart if subnet is already taken (e.g. in guests). |
1066 | + + iterate some alternative subnets before giving up |
1067 | + - d/p/ubuntu/Allow-libvirt-group-to-access-the-socket.patch: This is |
1068 | + the group based access to libvirt functions as it was used in Ubuntu |
1069 | + for quite a long time. |
1070 | + + d/p/ubuntu/daemon-augeas-fix-expected.patch fix some related tests |
1071 | + due to the group access change. |
1072 | + + d/libvirt-daemon-system.postinst: add users in sudo to the libvirt |
1073 | + group. |
1074 | + - ubuntu/parallel-shutdown.patch: set parallel shutdown by default. |
1075 | + - Update README.Debian with Ubuntu changes |
1076 | + - d/p/ubuntu/ubuntu_machine_type.patch: accept ubuntu types as pci440fx |
1077 | + - fix autopkgtests (LP 1899180) |
1078 | + + d/t/control, d/t/smoke-qemu-session: fixup smoke-qemu-session by making |
1079 | + vmlinuz available and accessible (Debian bug 848314) |
1080 | + + d/t/control: fix smoke-qemu-session by ensuring the service will run |
1081 | + installing libvirt-daemon-system |
1082 | + + d/t/smoke-lxc: fix smoke-lxc by ignoring potential issues on destroy as |
1083 | + long as the following undefine succeeds |
1084 | + + d/t/smoke-lxc: use systemd instead of sysV to restart the service |
1085 | + + d/t/control, d/t/smoke-lxc: retry service restart and skip test if |
1086 | + failing; This was flaky on some release/architectures |
1087 | + + d/t/smoke-lxc: retry check_domain being flaky on arm64 |
1088 | + - dnsmasq related enhancements |
1089 | + [now contains dnsmasq-as-priv-user of 6.6.0-1ubuntu1] |
1090 | + + run dnsmasq as libvirt-dnsmasq (LP: 1743718) |
1091 | + + d/libvirt-daemon-system.postinst: add libvirt-dnsmasq user and group |
1092 | + + d/libvirt-daemon-system.postrm: remove libvirt-dnsmasq user and group |
1093 | + on purge |
1094 | + + d/p/ubuntu/dnsmasq-as-priv-user: write dnsmasq config with user |
1095 | + libvirt-dnsmasq and adapt the self tests to expect that config |
1096 | + + d/libvirt-daemon-system.postinst: fix old libvirt-dnsmasq users group |
1097 | + + Add dnsmasq configuration to work with system wide dnsmasq-base |
1098 | + - d/p/ubuntu/set-default-machine-to-ubuntu.patch: to select default |
1099 | + machine type correctly with newer qemu/libvirt |
1100 | + - d/p/ubuntu/lp-1861125-ubuntu-models: recognize Ubuntu models for |
1101 | + (LP 1861125) fixups |
1102 | + - d/p/ubuntu/wait-for-qemu-kvm.patch - avoid hangs on startup (LP 1887592) |
1103 | + - remove Debian debian/Revert-m4-virt-xdr-rewrite-XDR-check.patch as with |
1104 | + recent ubuntu glibx 2.32 it is breaking the build |
1105 | + - d/control: add libtirpc for rpc.h with glibc >=2.32 |
1106 | + - Apparmor Delta that is Ubuntu specific or yet to be upstreamed |
1107 | + split into logical pieces. File names in debian/patches/ubuntu-aa/: |
1108 | + + 0020-virt-aa-helper-ubuntu-storage-paths.patch: |
1109 | + apparmor, virt-aa-helper: Allow various storage pools and image |
1110 | + locations |
1111 | + + 0029-appmor-libvirt-qemu-Add-9p-support.patch: appmor, |
1112 | + libvirt-qemu: Add 9p support |
1113 | + + 0031-virt-aa-helper-Ask-for-no-deny-rule-for-readonly-dis.patch: |
1114 | + virt-aa-helper: Ask for no deny rule for readonly disk (renamed and |
1115 | + reworded, was virt-aa-helper-no-explicity-deny-for-basefiles.patch) |
1116 | + + 0032-apparmor-libvirt-qemu-Allow-reading-charm-specific-c.patch: |
1117 | + apparmor, libvirt-qemu: Allow reading charm-specific ceph config |
1118 | + + 0033-UBUNTU-only-apparmor-for-kvm.powerpc-LP-1680384.patch: allow |
1119 | + commands executed by ubuntu only kvm wrapper on ppc64el |
1120 | + (LP 1686621 LP 1680384 LP 1784023) |
1121 | + + 0034-apparmor-virt-aa-helper-access-for-snapped-nova.patch: |
1122 | + apparmor, virt-aa-helper: access for snapped nova |
1123 | + + lp-1815910-allow-vhost-net.patch: avoid apparmor issues |
1124 | + with vhost-net/vhost-vsock/vhost-scsi hotplug (LP: 1815910) |
1125 | + * Dropped Changes [in Debian now] |
1126 | + - 0050-local-include-for-libvirt-qemu.patch, |
1127 | + d/libvirt-daemon-system.postinst: provide a local apparmor include |
1128 | + for abstraction/libvirt-qemu (LP: 1786019) |
1129 | + * Dropped Changes [in upstream now] |
1130 | + - d/p/ubuntu-aa/apparmor-allow-kvm-spice-compat-wrapper.patch: fix migrating |
1131 | + pre-Focal guests by allowing kvm-spice |
1132 | + - virt-ssh-helper: fix slow migrations and volume transfers (LP 1904584) |
1133 | + - d/p/ubuntu/lp-1904584-remote-make-ssh-helper-massively-faster.patch |
1134 | + - d/p/ubuntu/lp-1904584-util-avoid-glib-event-loop-workaround.patch |
1135 | + * Dropped Changes [ready for main] |
1136 | + - d/control: drop mdevctl to a suggest until (LP: #1889248) is ready |
1137 | + * Added Changes: |
1138 | + - Avoid various issues around service/socket status after install/reinstall |
1139 | + and on upgrades (LP: #1914054). |
1140 | + - d/rules: let sockets use --no-stop-on-upgrade to avoid false positives |
1141 | + - d/rules: --no-restart-after-upgrade does not prevent restarts |
1142 | + - d/rules: avoid --no-start which breaks .sockets on re-install |
1143 | + - d/rules: start, but do not restart libvirt-guests.service |
1144 | + - d/p/u/lp-1913266-*: add vsock options to be usable with s390x secure |
1145 | + execution (LP: #1913266) |
1146 | + - Dependency improvements yet unreleased from salsa/debian/master thanks |
1147 | + to Andrea Bolognani (Debian #981435). |
1148 | + - control: Always explicitly depend on libvirt0 |
1149 | + - control: Always use versioned deps for libvirt components |
1150 | + |
1151 | + -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Mon, 25 Jan 2021 14:32:05 +0100 |
1152 | + |
1153 | libvirt (7.0.0-1) unstable; urgency=medium |
1154 | |
1155 | * Team upload |
1156 | @@ -538,6 +1629,142 @@ libvirt (6.9.0-2) experimental; urgency=medium |
1157 | |
1158 | -- Andrea Bolognani <eof@kiyuko.org> Thu, 14 Jan 2021 23:51:32 +0100 |
1159 | |
1160 | +libvirt (6.9.0-1ubuntu4) hirsute; urgency=medium |
1161 | + |
1162 | + * Improve flaky smoke-lxc test (LP: #1899180) |
1163 | + - d/t/control, d/t/smoke-lxc: retry service restart and skip test if |
1164 | + failing; This was flaky on some release/architectures |
1165 | + - d/t/smoke-lxc: retry check_domain being flaky on arm64 |
1166 | + |
1167 | + -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Fri, 04 Dec 2020 08:12:02 +0100 |
1168 | + |
1169 | +libvirt (6.9.0-1ubuntu3) hirsute; urgency=high |
1170 | + |
1171 | + * No change rebuild against wireshark 3.4.0 |
1172 | + |
1173 | + -- Balint Reczey <rbalint@ubuntu.com> Mon, 07 Dec 2020 08:06:59 +0100 |
1174 | + |
1175 | +libvirt (6.9.0-1ubuntu2) hirsute; urgency=medium |
1176 | + |
1177 | + * virt-ssh-helper: fix slow migrations and volume transfers (LP: #1904584) |
1178 | + - d/p/ubuntu/lp-1904584-remote-make-ssh-helper-massively-faster.patch |
1179 | + - d/p/ubuntu/lp-1904584-util-avoid-glib-event-loop-workaround.patch |
1180 | + |
1181 | + -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Thu, 26 Nov 2020 16:52:23 +0100 |
1182 | + |
1183 | +libvirt (6.9.0-1ubuntu1) hirsute; urgency=medium |
1184 | + |
1185 | + * Merge with Debian 6.8.0-1 from unstable |
1186 | + Remaining changes: |
1187 | + - libvirt-uri.sh: Automatically switch default libvirt URI for users |
1188 | + via user profile (xen URI on dom0, qemu:///system otherwise) |
1189 | + [contains lintian fixups of 6.6.0-1ubuntu1] |
1190 | + - Disable libssh2 support (universe dependency) |
1191 | + - Disable firewalld support (universe dependency) |
1192 | + - d/control: add libzfslinux-dev to build-deps |
1193 | + - d/control: drop libvirt-lxc, vbox and xen drivers to suggest |
1194 | + - d/control: breaks replaces for augeas lenses move in 6.0.0-1 |
1195 | + (follows Debian, droppable >22.04) |
1196 | + - d/control: drop mdevctl to a suggest until (LP 1889248) is ready |
1197 | + - debian/rules: disable the netcf backend. (LP: 1764314) |
1198 | + - debian/patches/ubuntu/ovmf_paths.patch: adjust paths to secboot.fd UEFI |
1199 | + Secure Boot enabled variants of the OVMF firmware and variable store for |
1200 | + the paths where we ship these files in Ubuntu. |
1201 | + - Set qemu-group to kvm (for compat with older ubuntu) |
1202 | + - Additional apport package-hook |
1203 | + - Autostart default bridged network (As upstream does, but not Debian). |
1204 | + In addition to just enabling it our solution provides: |
1205 | + + do not autostart if subnet is already taken (e.g. in guests). |
1206 | + + iterate some alternative subnets before giving up |
1207 | + - d/p/ubuntu/Allow-libvirt-group-to-access-the-socket.patch: This is |
1208 | + the group based access to libvirt functions as it was used in Ubuntu |
1209 | + for quite a long time. |
1210 | + + d/p/ubuntu/daemon-augeas-fix-expected.patch fix some related tests |
1211 | + due to the group access change. |
1212 | + + d/libvirt-daemon-system.postinst: add users in sudo to the libvirt |
1213 | + group. |
1214 | + - ubuntu/parallel-shutdown.patch: set parallel shutdown by default. |
1215 | + - Update README.Debian with Ubuntu changes |
1216 | + - d/p/ubuntu/ubuntu_machine_type.patch: accept ubuntu types as pci440fx |
1217 | + - fix autopkgtests |
1218 | + + d/t/control, d/t/smoke-qemu-session: fixup smoke-qemu-session by making |
1219 | + vmlinuz available and accessible (Debian bug 848314) |
1220 | + + d/t/control: fix smoke-qemu-session by ensuring the service will run |
1221 | + installing libvirt-daemon-system |
1222 | + + d/t/smoke-lxc: fix smoke-lxc by ignoring potential issues on destroy as |
1223 | + long as the following undefine succeeds |
1224 | + + d/t/smoke-lxc: use systemd instead of sysV to restart the service |
1225 | + - dnsmasq related enhancements |
1226 | + [now contains dnsmasq-as-priv-user of 6.6.0-1ubuntu1] |
1227 | + + run dnsmasq as libvirt-dnsmasq (LP: 1743718) |
1228 | + + d/libvirt-daemon-system.postinst: add libvirt-dnsmasq user and group |
1229 | + + d/libvirt-daemon-system.postrm: remove libvirt-dnsmasq user and group |
1230 | + on purge |
1231 | + + d/p/ubuntu/dnsmasq-as-priv-user: write dnsmasq config with user |
1232 | + libvirt-dnsmasq and adapt the self tests to expect that config |
1233 | + + d/libvirt-daemon-system.postinst: fix old libvirt-dnsmasq users group |
1234 | + + Add dnsmasq configuration to work with system wide dnsmasq-base |
1235 | + - d/p/ubuntu/set-default-machine-to-ubuntu.patch: to select default |
1236 | + machine type correctly with newer qemu/libvirt |
1237 | + - d/p/ubuntu/lp-1861125-ubuntu-models: recognize Ubuntu models for |
1238 | + (LP 1861125) fixups |
1239 | + - d/p/ubuntu/wait-for-qemu-kvm.patch - avoid hangs on startup (LP 1887592) |
1240 | + - Apparmor Delta that is Ubuntu specific or yet to be upstreamed |
1241 | + split into logical pieces. File names in debian/patches/ubuntu-aa/: |
1242 | + + 0020-virt-aa-helper-ubuntu-storage-paths.patch: |
1243 | + apparmor, virt-aa-helper: Allow various storage pools and image |
1244 | + locations |
1245 | + + 0029-appmor-libvirt-qemu-Add-9p-support.patch: appmor, |
1246 | + libvirt-qemu: Add 9p support |
1247 | + + 0031-virt-aa-helper-Ask-for-no-deny-rule-for-readonly-dis.patch: |
1248 | + virt-aa-helper: Ask for no deny rule for readonly disk (renamed and |
1249 | + reworded, was virt-aa-helper-no-explicity-deny-for-basefiles.patch) |
1250 | + + 0032-apparmor-libvirt-qemu-Allow-reading-charm-specific-c.patch: |
1251 | + apparmor, libvirt-qemu: Allow reading charm-specific ceph config |
1252 | + + 0033-UBUNTU-only-apparmor-for-kvm.powerpc-LP-1680384.patch: allow |
1253 | + commands executed by ubuntu only kvm wrapper on ppc64el |
1254 | + (LP 1686621 LP 1680384 LP 1784023) |
1255 | + + 0034-apparmor-virt-aa-helper-access-for-snapped-nova.patch: |
1256 | + apparmor, virt-aa-helper: access for snapped nova |
1257 | + + 0050-local-include-for-libvirt-qemu.patch, |
1258 | + d/libvirt-daemon-system.postinst: provide a local apparmor include |
1259 | + for abstraction/libvirt-qemu (LP: 1786019) |
1260 | + + lp-1815910-allow-vhost-net.patch: avoid apparmor issues |
1261 | + with vhost-net/vhost-vsock/vhost-scsi hotplug (LP: 1815910) |
1262 | + * Dropped Changes [in Debian now] |
1263 | + - d/p/u/lp-1892826-Revert-m4-virt-xdr-rewrite-XDR-check.patch: avoid clashes |
1264 | + between libtripc and glibc that break libvirt-lxc (LP 1892826) |
1265 | + * Dropped Changes [in upstream now] |
1266 | + - d/p/ubuntu/lp-1901242-util-Fix-logic-in-virFileSetCOW.patch: fix dir pool |
1267 | + handling on non BTRFS affecting virt-manager, api and commandline pool |
1268 | + handling (LP 1901242) |
1269 | + - d/p/ubuntu-aa/lp-1892736-apparmor-allow-libvirtd-to-call-virtiofsd.patch: |
1270 | + allow libvirt to control virtiofsd (LP 1892736) |
1271 | + - d/p/ubuntu-aa/apparmor-allow-unmounting-.dev-entries.patch: avoid |
1272 | + triggering denials in devmapper error path |
1273 | + - d/p/ubuntu-aa/apparmor-profiles-are-meant-to-allow-adding-permanen.patch: |
1274 | + (again) allow permanent per guest overrides (LP 1745114) |
1275 | + - d/p/ubuntu-aa/lp-1847361-load-versioned-module.patch: allow loading |
1276 | + versioned modules after qemu package upgrades (LP 1847361) |
1277 | + - d/p/ubuntu-aa/0003-apparmor-libvirt-qemu-Allow-read-access-to-overcommi. |
1278 | + patch: apparmor, libvirt-qemu: Allow read access to overcommit_memory |
1279 | + - d/p/ubuntu-aa/0007-apparmor-libvirt-qemu-Allow-owner-read-access-to-PRO. |
1280 | + patch: apparmor, libvirt-qemu: Allow owner read access to @{PROC}/*/auxv |
1281 | + - d/p/ubuntu/lp-1887490-*: add named types and definitions for EPYC-Rome |
1282 | + chips (LP 1887490) |
1283 | + - 0030-virt-aa-helper-Complete-9p-support.patch: virt-aa-helper: |
1284 | + add l to 9p file options. |
1285 | + * Added Changes |
1286 | + - d/p/ubuntu/daemon-augeas-fix-expected.patch: update for 6.9 |
1287 | + - d/p/ubuntu/Allow-libvirt-group-to-access-the-socket.patch: update for 6.9 |
1288 | + - remove Debian debian/Revert-m4-virt-xdr-rewrite-XDR-check.patch as with |
1289 | + recent ubuntu glibx 2.32 it is breaking the build |
1290 | + - d/control: add libtirpc for rpc.h with glibc >=2.32 |
1291 | + - d/p/ubuntu-aa/apparmor-allow-kvm-spice-compat-wrapper.patch: fix migrating |
1292 | + pre-Focal guests by allowing kvm-spice |
1293 | + |
1294 | + -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Mon, 02 Nov 2020 12:02:26 +0100 |
1295 | + |
1296 | libvirt (6.9.0-1) unstable; urgency=medium |
1297 | |
1298 | * Team upload |
1299 | @@ -615,6 +1842,208 @@ libvirt (6.6.0-2) unstable; urgency=medium |
1300 | |
1301 | -- Andrea Bolognani <eof@kiyuko.org> Fri, 28 Aug 2020 17:18:51 +0200 |
1302 | |
1303 | +libvirt (6.6.0-1ubuntu4) hirsute; urgency=medium |
1304 | + |
1305 | + * d/p/ubuntu/lp-1901242-util-Fix-logic-in-virFileSetCOW.patch: fix dir pool |
1306 | + handling on non BTRFS affecting virt-manager, api and commandline pool |
1307 | + handling (LP: #1901242) |
1308 | + |
1309 | + -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Wed, 28 Oct 2020 07:47:53 +0100 |
1310 | + |
1311 | +libvirt (6.6.0-1ubuntu3) groovy; urgency=medium |
1312 | + |
1313 | + * d/p/ubuntu/lp-1887490-*: add named types and definitions for EPYC-Rome |
1314 | + chips (LP: #1887490) |
1315 | + |
1316 | + -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Thu, 08 Oct 2020 07:36:06 +0200 |
1317 | + |
1318 | +libvirt (6.6.0-1ubuntu2) groovy; urgency=medium |
1319 | + |
1320 | + * d/p/u/lp-1892826-Revert-m4-virt-xdr-rewrite-XDR-check.patch: avoid clashes |
1321 | + between libtripc and glibc that break libvirt-lxc (LP: #1892826) |
1322 | + * d/p/ubuntu-aa/lp-1892736-apparmor-allow-libvirtd-to-call-virtiofsd.patch: |
1323 | + allow libvirt to control virtiofsd (LP: #1892736) |
1324 | + |
1325 | + -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Tue, 25 Aug 2020 14:53:26 +0200 |
1326 | + |
1327 | +libvirt (6.6.0-1ubuntu1) groovy; urgency=medium |
1328 | + |
1329 | + * Merge with Debian 6.6.0-1 from experimental |
1330 | + Among many other new features and fixes this includes fixes for: |
1331 | + (LP: #1874647) - Stale libvirt cache leads to VM startup failures |
1332 | + (LP: #1869796) - bad ordering and dependent restarts of services/sockets |
1333 | + Remaining changes: |
1334 | + - d/p/ubuntu-aa/lp-1847361-load-versioned-module.patch: allow loading |
1335 | + versioned modules after qemu package upgrades (LP 1847361) |
1336 | + - libvirt-uri.sh: Automatically switch default libvirt URI for users |
1337 | + via user profile (xen URI on dom0, qemu:///system otherwise) |
1338 | + - Disable libssh2 support (universe dependency) |
1339 | + - Disable firewalld support (universe dependency) |
1340 | + - Set qemu-group to kvm (for compat with older ubuntu) |
1341 | + - Additional apport package-hook |
1342 | + - Autostart default bridged network (As upstream does, but not Debian). |
1343 | + In addition to just enabling it our solution provides: |
1344 | + + do not autostart if subnet is already taken (e.g. in guests). |
1345 | + + iterate some alternative subnets before giving up |
1346 | + - d/p/ubuntu/Allow-libvirt-group-to-access-the-socket.patch: This is |
1347 | + the group based access to libvirt functions as it was used in Ubuntu |
1348 | + for quite long. |
1349 | + + d/p/ubuntu/daemon-augeas-fix-expected.patch fix some related tests |
1350 | + due to the group access change. |
1351 | + + d/libvirt-daemon-system.postinst: add users in sudo to the libvirt |
1352 | + group. |
1353 | + - ubuntu/parallel-shutdown.patch: set parallel shutdown by default. |
1354 | + - Update README.Debian with Ubuntu changes |
1355 | + - d/p/ubuntu/ubuntu_machine_type.patch: accept ubuntu types as pci440fx |
1356 | + - fix autopkgtests |
1357 | + + d/t/control, d/t/smoke-qemu-session: fixup smoke-qemu-session by making |
1358 | + vmlinuz available and accessible (Debian bug 848314) |
1359 | + + d/t/control: fix smoke-qemu-session by ensuring the service will run |
1360 | + installing libvirt-daemon-system |
1361 | + + d/t/smoke-lxc: fix smoke-lxc by ignoring potential issues on destroy as |
1362 | + long as the following undefine succeeds |
1363 | + + d/t/smoke-lxc: use systemd instead of sysV to restart the service |
1364 | + - dnsmasq related enhancements |
1365 | + + run dnsmasq as libvirt-dnsmasq (LP: 1743718) |
1366 | + + d/libvirt-daemon-system.postinst: add libvirt-dnsmasq user and group |
1367 | + + d/libvirt-daemon-system.postrm: remove libvirt-dnsmasq user and group |
1368 | + on purge |
1369 | + + d/p/ubuntu/dnsmasq-as-priv-user: write dnsmasq config with user |
1370 | + libvirt-dnsmasq and adapt the self tests to expect that config |
1371 | + + d/libvirt-daemon-system.postinst: fix old libvirt-dnsmasq users group |
1372 | + + Add dnsmasq configuration to work with system wide dnsmasq-base |
1373 | + - debian/rules: disable the netcf backend. (LP: 1764314) |
1374 | + - debian/patches/ubuntu/ovmf_paths.patch: adjust paths to secboot.fd UEFI |
1375 | + Secure Boot enabled variants of the OVMF firmware and variable store for |
1376 | + the paths where we ship these files in Ubuntu. |
1377 | + - d/p/ubuntu/set-default-machine-to-ubuntu.patch: to select default |
1378 | + machine type correctly with newer qemu/libvirt |
1379 | + - d/control: add libzfslinux-dev to build-deps |
1380 | + - d/control: drop libvirt-lxc, vbox and xen drivers to suggest |
1381 | + - d/p/ubuntu/lp-1861125-ubuntu-models: recognize Ubuntu models for |
1382 | + (LP 1861125) fixups |
1383 | + - Apparmor Delta that is Ubuntu specific or yet to be upstreamed |
1384 | + split into logical pieces. File names in debian/patches/ubuntu-aa/: |
1385 | + + 0003-apparmor-libvirt-qemu-Allow-read-access-to-overcommi.patch: |
1386 | + apparmor, libvirt-qemu: Allow read access to overcommit_memory |
1387 | + + 0007-apparmor-libvirt-qemu-Allow-owner-read-access-to-PRO.patch: |
1388 | + apparmor, libvirt-qemu: Allow owner read access to @{PROC}/*/auxv |
1389 | + + 0020-virt-aa-helper-ubuntu-storage-paths.patch: |
1390 | + apparmor, virt-aa-helper: Allow various storage pools and image |
1391 | + locations |
1392 | + + 0029-appmor-libvirt-qemu-Add-9p-support.patch: appmor, |
1393 | + libvirt-qemu: Add 9p support |
1394 | + + 0030-virt-aa-helper-Complete-9p-support.patch: virt-aa-helper: |
1395 | + add l to 9p file options. |
1396 | + + 0031-virt-aa-helper-Ask-for-no-deny-rule-for-readonly-dis.patch: |
1397 | + virt-aa-helper: Ask for no deny rule for readonly disk (renamed and |
1398 | + reworded, was virt-aa-helper-no-explicity-deny-for-basefiles.patch) |
1399 | + + 0032-apparmor-libvirt-qemu-Allow-reading-charm-specific-c.patch: |
1400 | + apparmor, libvirt-qemu: Allow reading charm-specific ceph config |
1401 | + + 0033-UBUNTU-only-apparmor-for-kvm.powerpc-LP-1680384.patch: allow |
1402 | + commands executed by ubuntu only kvm wrapper on ppc64el |
1403 | + (LP 1686621 LP 1680384 LP 1784023) |
1404 | + + 0034-apparmor-virt-aa-helper-access-for-snapped-nova.patch: |
1405 | + apparmor, virt-aa-helper: access for snapped nova |
1406 | + + 0050-local-include-for-libvirt-qemu.patch, |
1407 | + d/libvirt-daemon-system.postinst: provide a local apparmor include |
1408 | + for abstraction/libvirt-qemu (LP: 1786019) |
1409 | + + lp-1815910-allow-vhost-net.patch: avoid apparmor issues |
1410 | + with vhost-net/vhost-vsock/vhost-scsi hotplug (LP: 1815910) |
1411 | + * Dropped changes (in Debian now): |
1412 | + - Enable some additional features on ppc64el and s390x (for arch parity) |
1413 | + + systemtap, zfs, numa and numad on s390x. |
1414 | + + systemtap on ppc64el. |
1415 | + - enable attr support to store XATTR labels. Among other things |
1416 | + this allows to properly restore file ownership (LP 691590) |
1417 | + - d/control: build depend to libattr1-dev |
1418 | + - d/rules: configure --with-attr |
1419 | + - Install virt-login-shell-helper |
1420 | + - Install augeas lenses for all drivers |
1421 | + - Remove all mentions of Devhelp |
1422 | + - not-installed: Remove obsolete entries |
1423 | + - not-installed: List all split daemons files |
1424 | + - d/control: bump build dep to python3 |
1425 | + - d/control: add python3-docutils as build dependency |
1426 | + - d/rules: set enable-dependency-tracking to avoid FTBFS |
1427 | + - d/rules: drop the no more existing phyp option |
1428 | + - d/rules: drop the no more existing xen configure option |
1429 | + - minimize patches generated by autoreconf |
1430 | + - fix build on Debian/Ubuntu in qemuhotplugtest |
1431 | + - d/libvirt-doc.doc: install rendered docs |
1432 | + - d/libvirt-daemon-system.examples: drop old examples that are now active |
1433 | + - d/libvirt-doc.doc-base.libvirt-doc: adapt doc base to new file placement |
1434 | + - d/libvirt-daemon-system-sysv.lintian-overrides: not shipiing systemd files |
1435 | + - d/libnss-libvirt.lintian-overrides: accept having two nss so files |
1436 | + - d/rules: don't ship split daemons just yet |
1437 | + - d/rules: install /etc/default/* files that are shared between sysv and |
1438 | + systemd packages |
1439 | + - d/rules: add libvirt-guests.default to libvirt-daemon-system instead of |
1440 | + libvirt-daemon-system-sysv |
1441 | + - d/rules: install virtlockd correctly with defaults file (LP: 1729516) |
1442 | + - d/rules: also check build time self test results on all architectures |
1443 | + - d/rules: add --no-restart-after-upgrade to services that are supposed to |
1444 | + stay up through upgrades - this also applies to related sockets. |
1445 | + * Dropped changes (part of upstream now): |
1446 | + - d/p/ubuntu/lp-1879325-*: avoid issues with apparmor metadata labeling |
1447 | + (LP 1879325) |
1448 | + - d/p/ubuntu-aa/lp-1871354*: fix apparmor denials on libpmem init |
1449 | + (LP 1871354) |
1450 | + - d/p/ubuntu/CVE-CVE-2020-10701-api-disallow-virDomainAgentSetResponseTimeout |
1451 | + -on-rea.patch: avoid DOS through read only connections |
1452 | + CVE-2020-10701 |
1453 | + - d/p/ubuntu/lp-1867460-*: fix domcapabilities before capabilities |
1454 | + and binary autodetection in general (LP 1867460) |
1455 | + - d/p/stable/lp-1868539-*: stabilize libvirt by backporting upstream |
1456 | + fixes (LP 1868539) |
1457 | + - d/p/ubuntu/lp-1853200*: add cpu models without hle/rtm features to have |
1458 | + modern types on kernels with recent security fixes (LP 1853200) |
1459 | + - d/p/ubuntu/lp-1868528-*: Fail when fetching CPU Status for invalid CPU |
1460 | + (LP 1868528) |
1461 | + - d/p/ubuntu/lp-1865425-*: avoid killing the monitor job in |
1462 | + qemuDomainSetTimeAgent (LP 1865425) |
1463 | + - d/p/ubuntu-aa/virt-aa-helper-Add-support-for-smartcard-host-certif.patch: |
1464 | + allow emulation of smartcard via host certificates |
1465 | + - d/p/ubuntu/lp-1861125-*: fix non host-model migrations from old machine |
1466 | + types (LP 1861125) |
1467 | + - d/p/ubuntu-aa/apparmor-allow-to-call-vhost-user-gpu.patch: do not apparmor |
1468 | + block vhost-user-gpu usage |
1469 | + - d/p/ubuntu/lp-1655111*: fix qemu_bridge_helper to work with named |
1470 | + profiles (LP 1655111) |
1471 | + * Dropped changes (no more needed): |
1472 | + - d/control: make libvirt-daemon-driver-storage-rbd a recommend instead of |
1473 | + just a suggest. This was deprecated since bionic and now will be dropped. |
1474 | + - Update Vcs-Git and Vcs-Browser fields to point to launchpad |
1475 | + - d/control: VCS links to use generic Ubuntu launchpad git URLs |
1476 | + - refreshed patches for libvirt v6.0.0 |
1477 | + - d/libvirt-daemon-system.postrm: change order of libvirt-qemu removal to |
1478 | + avoid error messages on purge [deluser/delgroup no more report warnings] |
1479 | + - "Additional apport package-hook": due to context auto updates |
1480 | + d/libvirt-daemon.install had bad entries which are no more required. |
1481 | + - d/control, d/rules: Disable rbd and zfs on riscv64 where they are |
1482 | + unavailable (LP 1872952) |
1483 | + * Added Changes: |
1484 | + - d/control: breaks replaces for augeas lenses move in 6.0.0-1 |
1485 | + (follows Debian, droppable >22.04) |
1486 | + - refresh ubuntu patches for 6.6 |
1487 | + - d/p/ubuntu-aa/0050-local-include-for-libvirt-qemu.patch |
1488 | + - d/p/ubuntu-aa/0034-apparmor-virt-aa-helper-access-for-snapped-nova.patch |
1489 | + - d/p/ubuntu-aa/0020-virt-aa-helper-ubuntu-storage-paths.patch |
1490 | + - d/p/ubuntu/dnsmasq-as-priv-user |
1491 | + - d/p/ubuntu/Allow-libvirt-group-to-access-the-socket.patch |
1492 | + - d/p/ubuntu/daemon-augeas-fix-expected.patch |
1493 | + - d/libvirt-daemon-system.postinst: fix bashism in dnsmasq related |
1494 | + enhancements |
1495 | + - d/p/ubuntu/wait-for-qemu-kvm.patch - avoid hangs on startup (LP: #1887592) |
1496 | + - d/libvirt-clients.lintian-overrides: profile scripts are non executable |
1497 | + - d/p/ubuntu-aa/apparmor-allow-unmounting-.dev-entries.patch: avoid |
1498 | + triggering denials in devmapper error path |
1499 | + - d/p/ubuntu-aa/pparmor-profiles-are-meant-to-allow-adding-permanen.patch: |
1500 | + (again) allow permanent per guest overrides (LP: #1745114) |
1501 | + - d/control: drop mdevctl to a suggest until (LP 1889248) is ready |
1502 | + |
1503 | + -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Thu, 06 Aug 2020 08:04:09 +0200 |
1504 | + |
1505 | libvirt (6.6.0-1) unstable; urgency=medium |
1506 | |
1507 | * Team upload |
1508 | @@ -853,6 +2282,287 @@ libvirt (6.0.0~rc1-1) experimental; urgency=medium |
1509 | |
1510 | -- Guido Günther <agx@sigxcpu.org> Sat, 18 Jan 2020 18:16:20 +0100 |
1511 | |
1512 | +libvirt (6.0.0-0ubuntu11) groovy; urgency=medium |
1513 | + |
1514 | + * SECURITY UPDATE: privilege escalation via incorrect socket permissions |
1515 | + - debian/patches/ubuntu/Allow-libvirt-group-to-access-the-socket.patch: |
1516 | + updated patch to also set appropriate permissions on socket created |
1517 | + by systemd. |
1518 | + - CVE-2020-15708 |
1519 | + |
1520 | + -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Wed, 05 Aug 2020 09:08:34 -0400 |
1521 | + |
1522 | +libvirt (6.0.0-0ubuntu10) groovy; urgency=medium |
1523 | + |
1524 | + * enable attr support to store XATTR labels. Among other things |
1525 | + this allows to properly restore file ownership (LP: #691590) |
1526 | + - d/control: build depend to libattr1-dev |
1527 | + - d/rules: configure --with-attr |
1528 | + |
1529 | + -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Mon, 22 Jun 2020 21:30:50 +0200 |
1530 | + |
1531 | +libvirt (6.0.0-0ubuntu9) groovy; urgency=medium |
1532 | + |
1533 | + * d/p/ubuntu/lp-1879325-*: avoid issues with apparmor metadata labeling |
1534 | + (LP: #1879325) |
1535 | + |
1536 | + -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Wed, 20 May 2020 06:59:57 +0200 |
1537 | + |
1538 | +libvirt (6.0.0-0ubuntu8) focal; urgency=medium |
1539 | + |
1540 | + * d/control, d/rules: Disable rbd and zfs on riscv64 where they are |
1541 | + unavailable (LP: #1872952) |
1542 | + |
1543 | + -- William Grant <wgrant@ubuntu.com> Sat, 18 Apr 2020 13:59:21 +1000 |
1544 | + |
1545 | +libvirt (6.0.0-0ubuntu7) focal; urgency=medium |
1546 | + |
1547 | + * d/p/ubuntu-aa/lp-1871354*: fix apparmor denials on libpmem init |
1548 | + (LP: #1871354) |
1549 | + * d/p/ubuntu/CVE-CVE-2020-10701-api-disallow-virDomainAgentSetResponseTimeout |
1550 | + -on-rea.patch: avoid DOS through read only connections |
1551 | + CVE-2020-10701 |
1552 | + |
1553 | + -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Wed, 15 Apr 2020 12:29:12 +0200 |
1554 | + |
1555 | +libvirt (6.0.0-0ubuntu6) focal; urgency=medium |
1556 | + |
1557 | + * d/p/ubuntu/lp-1867460-*: fix domcapabilities before capabilities |
1558 | + and binary autodetection in general (LP: #1867460) |
1559 | + * d/p/stable/lp-1868539-*: stabilize libvirt by backporting upstream |
1560 | + fixes (LP: #1868539) |
1561 | + * d/p/ubuntu/lp-1853200*: add cpu models without hle/rtm features to have |
1562 | + modern types on kernels with recent security fixes (LP: #1853200) |
1563 | + * d/p/ubuntu/lp-1868528-*: Fail when fetching CPU Status for invalid CPU |
1564 | + (LP: #1868528) |
1565 | + |
1566 | + -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Fri, 20 Mar 2020 10:34:19 +0100 |
1567 | + |
1568 | +libvirt (6.0.0-0ubuntu5) focal; urgency=medium |
1569 | + |
1570 | + * d/p/ubuntu-aa/lp-1847361-load-versioned-module.patch: allow loading |
1571 | + versioned modules after qemu package upgrades (LP: #1847361) |
1572 | + |
1573 | + -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Tue, 10 Mar 2020 08:58:04 +0100 |
1574 | + |
1575 | +libvirt (6.0.0-0ubuntu4) focal; urgency=medium |
1576 | + |
1577 | + * d/p/ubuntu/lp-1865425-*: avoid killing the monitor job in |
1578 | + qemuDomainSetTimeAgent (LP: #1865425) |
1579 | + |
1580 | + -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Mon, 02 Mar 2020 10:44:22 +0100 |
1581 | + |
1582 | +libvirt (6.0.0-0ubuntu3) focal; urgency=medium |
1583 | + |
1584 | + * rebuild against libxen-dev 4.11.3 (no change needed) |
1585 | + * d/p/ubuntu-aa/virt-aa-helper-Add-support-for-smartcard-host-certif.patch: |
1586 | + allow emulation of smartcard via host certificates |
1587 | + * d/p/ubuntu/lp-1861125-*: fix non host-model migrations from old machine |
1588 | + types (LP: #1861125) |
1589 | + * d/p/ubuntu-aa/apparmor-allow-to-call-vhost-user-gpu.patch: do not apparmor |
1590 | + block vhost-user-gpu usage |
1591 | + |
1592 | + -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Wed, 12 Feb 2020 14:20:08 +0100 |
1593 | + |
1594 | +libvirt (6.0.0-0ubuntu2) focal; urgency=medium |
1595 | + |
1596 | + [ Christian Ehrhardt ] |
1597 | + * Bring back the ubuntu default URI handling. While no more needed for xen |
1598 | + its removal made libvirt fallback further to the upstream default |
1599 | + qemu:///session while Ubuntu forever had and for now wants to keep |
1600 | + qemu:///system (LP: #1861693) |
1601 | + - revert 'd/libvirt-clients.maintscript: rm_conffile libvirt-uri.sh that |
1602 | + was optional for use on xen hosts' |
1603 | + - libvirt-uri.sh: Automatically switch default libvirt URI for users on |
1604 | + Xen dom0 via user profile |
1605 | + [added back former delta] |
1606 | + |
1607 | + [ Andrea Bolognani ] |
1608 | + * Merge further fixes from debian/experimental |
1609 | + - Install virt-login-shell-helper |
1610 | + - Install augeas lenses for all drivers |
1611 | + - Remove all mentions of Devhelp |
1612 | + - not-installed: Remove obsolete entries |
1613 | + - not-installed: List all split daemons files |
1614 | + |
1615 | + -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Tue, 04 Feb 2020 13:08:49 +0100 |
1616 | + |
1617 | +libvirt (6.0.0-0ubuntu1) focal; urgency=medium |
1618 | + |
1619 | + * Merged with Debian 5.6.0-4 from experimental and v6.0.0 from upstream |
1620 | + Among many other new features and fixes this includes fixes for: |
1621 | + - LP: #1859253 - rbd driver fails to create a new volume |
1622 | + - LP: #1858341 - rbd driver does not list all volumes in pool |
1623 | + - LP: #1845506 - Libvirt snapshot doesn't update apparmor profile |
1624 | + - LP: #1854653 - slow libvirt-guests.sh during shutdown if service is off |
1625 | + - LP: #1848229 - enable ppc64el to use ccf-assist feature |
1626 | + - LP: #1853315 - Enable CPU Model Comparison and Baselining on s390x |
1627 | + - LP: #1853317 - CCW IPL support to boot from ECKD DASDs |
1628 | + - LP: #1859506 - security: AppArmor profile fixes for swtpm |
1629 | + Remaining changes: |
1630 | + - Disable libssh2 support (universe dependency) |
1631 | + - Disable firewalld support (universe dependency) |
1632 | + - Set qemu-group to kvm (for compat with older ubuntu) |
1633 | + - Additional apport package-hook |
1634 | + - Autostart default bridged network (As upstream does, but not Debian). |
1635 | + In addition to just enabling it our solution provides: |
1636 | + + do not autostart if subnet is already taken (e.g. in guests). |
1637 | + + iterate some alternative subnets before giving up |
1638 | + - d/p/ubuntu/Allow-libvirt-group-to-access-the-socket.patch: This is |
1639 | + the group based access to libvirt functions as it was used in Ubuntu |
1640 | + for quite long. |
1641 | + + d/p/ubuntu/daemon-augeas-fix-expected.patch fix some related tests |
1642 | + due to the group access change. |
1643 | + + d/libvirt-daemon-system.postinst: add users in sudo to the libvirt |
1644 | + group. |
1645 | + - ubuntu/parallel-shutdown.patch: set parallel shutdown by default. |
1646 | + - Update Vcs-Git and Vcs-Browser fields to point to launchpad |
1647 | + - Update README.Debian with Ubuntu changes |
1648 | + - Enable some additional features on ppc64el and s390x (for arch parity) |
1649 | + + systemtap, zfs, numa and numad on s390x. |
1650 | + + systemtap on ppc64el. |
1651 | + - d/p/ubuntu/ubuntu_machine_type.patch: accept ubuntu types as pci440fx |
1652 | + - Further upstreamed apparmor Delta, especially any new one |
1653 | + Our former delta is split into logical pieces and is either Ubuntu only |
1654 | + or is part of a continuous upstreaming effort. |
1655 | + Listing related remaining changes in debian/patches/ubuntu-aa/: |
1656 | + - fix autopkgtests |
1657 | + + d/t/control, d/t/smoke-qemu-session: fixup smoke-qemu-session by making |
1658 | + vmlinuz available and accessible (Debian bug 848314) |
1659 | + + d/t/control: fix smoke-qemu-session by ensuring the service will run |
1660 | + installing libvirt-daemon-system |
1661 | + + d/t/smoke-lxc: fix smoke-lxc by ignoring potential issues on destroy as |
1662 | + long as the following undefine succeeds |
1663 | + + d/t/smoke-lxc: use systemd instead of sysV to restart the service |
1664 | + - dnsmasq related enhancements |
1665 | + + run dnsmasq as libvirt-dnsmasq (LP: 1743718) |
1666 | + + d/libvirt-daemon-system.postinst: add libvirt-dnsmasq user and group |
1667 | + + d/libvirt-daemon-system.postrm: remove libvirt-dnsmasq user and group |
1668 | + on purge |
1669 | + + d/p/ubuntu/dnsmasq-as-priv-user: write dnsmasq config with user |
1670 | + libvirt-dnsmasq and adapt the self tests to expect that config |
1671 | + + d/libvirt-daemon-system.postinst: fix old libvirt-dnsmasq users group |
1672 | + + Add dnsmasq configuration to work with system wide dnsmasq-base |
1673 | + - debian/rules: disable the netcf backend. (LP: 1764314) |
1674 | + - debian/patches/ubuntu/ovmf_paths.patch: adjust paths to secboot.fd UEFI |
1675 | + Secure Boot enabled variants of the OVMF firmware and variable store for |
1676 | + the paths where we ship these files in Ubuntu. |
1677 | + - d/rules: install virtlockd correctly with defaults file (LP: 1729516) |
1678 | + - d/rules: also check build time self test results on all architectures |
1679 | + - d/p/ubuntu/set-default-machine-to-ubuntu.patch: to select default |
1680 | + machine type correctly with newer qemu/libvirt |
1681 | + - d/rules: add --no-restart-after-upgrade to services that are supposed to |
1682 | + stay up through upgrades - this also applies to related sockets. |
1683 | + - Apparmor Delta that is Ubuntu specific or yet to be upstreamed |
1684 | + split into logical pieces. File names in debian/patches/ubuntu-aa/: |
1685 | + + 0003-apparmor-libvirt-qemu-Allow-read-access-to-overcommi.patch: |
1686 | + apparmor, libvirt-qemu: Allow read access to overcommit_memory |
1687 | + + 0007-apparmor-libvirt-qemu-Allow-owner-read-access-to-PRO.patch: |
1688 | + apparmor, libvirt-qemu: Allow owner read access to @{PROC}/*/auxv |
1689 | + + 0017-apparmor-virt-aa-helper-Allow-access-to-tmp-director.patch: |
1690 | + apparmor, virt-aa-helper: Allow access to tmp directories |
1691 | + + 0020-virt-aa-helper-ubuntu-storage-paths.patch: |
1692 | + apparmor, virt-aa-helper: Allow various storage pools and image |
1693 | + locations |
1694 | + + 0021-apparmor-virt-aa-helper-Add-openvswitch-support.patch: |
1695 | + apparmor, virt-aa-helper: Add openvswitch support |
1696 | + + 0029-appmor-libvirt-qemu-Add-9p-support.patch: appmor, |
1697 | + libvirt-qemu: Add 9p support |
1698 | + + 0030-virt-aa-helper-Complete-9p-support.patch: virt-aa-helper: |
1699 | + add l to 9p file options. |
1700 | + + 0031-virt-aa-helper-Ask-for-no-deny-rule-for-readonly-dis.patch: |
1701 | + virt-aa-helper: Ask for no deny rule for readonly disk (renamed and |
1702 | + reworded, was virt-aa-helper-no-explicity-deny-for-basefiles.patch) |
1703 | + + 0032-apparmor-libvirt-qemu-Allow-reading-charm-specific-c.patch: |
1704 | + apparmor, libvirt-qemu: Allow reading charm-specific ceph config |
1705 | + + 0033-UBUNTU-only-apparmor-for-kvm.powerpc-LP-1680384.patch: allow |
1706 | + commands executed by ubuntu only kvm wrapper on ppc64el |
1707 | + (LP 1686621 LP 1680384 LP 1784023) |
1708 | + + 0034-apparmor-virt-aa-helper-access-for-snapped-nova.patch: |
1709 | + apparmor, virt-aa-helper: access for snapped nova |
1710 | + + 0050-local-include-for-libvirt-qemu.patch, |
1711 | + d/libvirt-daemon-system.postinst: provide a local apparmor include |
1712 | + for abstraction/libvirt-qemu (LP: 1786019) |
1713 | + + lp-1815910-allow-vhost-net.patch: avoid apparmor issues |
1714 | + with vhost-net/vhost-vsock/vhost-scsi hotplug (LP: 1815910) |
1715 | + * Dropped changes (in Debian) |
1716 | + - d/libvirt0.symbols: bump symbol versions for 5.4.0 |
1717 | + - avoid service dependency issues on upgrade (LP: 1786179) |
1718 | + This will in the long term be resolved in dh_* tools, but to let an |
1719 | + upgrade work for now we need to drop the sysV scripts (which we don't |
1720 | + use anyway) and slightly modify the systemd service to work with todays |
1721 | + dh_systemd_start properly. Can be dropped once Debian bug 905772 is |
1722 | + resolved in dh_* tools and libvirt uses those new code. |
1723 | + + d/libvirt-daemon-system.virtlogd.init: removed sysV init file |
1724 | + + d/libvirt-daemon-system.libvirtd.init: removed sysV init file |
1725 | + + debian/libvirt-daemon-system.maintscript: rm_conffile for virtlogd |
1726 | + and lbivirtd sysV init file |
1727 | + + d/p/ubuntu/avoid-restarting-virtlog-socket.patch: drop Also references |
1728 | + to virtlogd/virtlockd sockets as they would imply a restart of |
1729 | + virtlogd breaking it. |
1730 | + [ we now have split packages for sysv and systemd support ] |
1731 | + - d/t/control, d/t/smoke-lxc: fix up lxc smoke test isolation |
1732 | + - Refreshed to match new upstream |
1733 | + + d/p/Reduce-udevadm-settle-timeout-to-10-seconds.patch |
1734 | + * Dropped changes (now upstream) |
1735 | + - d/p/ubuntu/lp-1828495-*: make libvirt able to handle arch_capabilities |
1736 | + cpu features for the Host. (LP: 1828495 - not closing yet as guest caps |
1737 | + are still need fixups to work well LP: 1841066) |
1738 | + - SECURITY UPDATEs: CVE-2019-10161, CVE-2019-10166, |
1739 | + CVE-2019-10167 and CVE-2019-10168 |
1740 | + - d/p/ubuntu-aa/lp-1833040-Add-openGraphicsFD-rule-for-named-profile.patch: |
1741 | + avoid issues with remote screen connections like virt-manager due to |
1742 | + apparmor changes in libvirt 5.1 (LP 1833040) |
1743 | + - 0001-apparmor-Allow-pygrub-to-run-on-Debian-Ubuntu.patch: apparmor: |
1744 | + Allow pygrub to run on Debian/Ubuntu |
1745 | + - update to v5.4.0 |
1746 | + * Dropped changes (Xen demoted to universe) |
1747 | + - d/p/ubuntu/ubuntu-libxl-qemu-path.patch: this change was split. The |
1748 | + section that adapts the path of the emulator to the Debian/Ubuntu |
1749 | + packaging is kept. |
1750 | + - d/p/ubuntu/ubuntu-libxl-Fix-up-VRAM-to-minimum-requirements.patch: auto |
1751 | + set VRAM to minimum requirements |
1752 | + - d/p/ubuntu/xen-default-uri.patch: set default URI on xen hosts |
1753 | + - Add libxl log directory |
1754 | + - libvirt-uri.sh: Automatically switch default libvirt URI for users on |
1755 | + Xen dom0 via user profile (was missing on changelogs before) |
1756 | + * Dropped changes (no more needed) |
1757 | + - d/p/ubuntu/apibuild-skip-libvirt-common.h: drop libvirt-common.h from |
1758 | + included_files to avoid build failures due to duplicate definitions. |
1759 | + [ finally works in v6.0.0 ] |
1760 | + - d/control: Revert iptables/ebtables dependency as Eoan still is on 1.6.x |
1761 | + [ focal has iptables 1.8.3 ] |
1762 | + - d/rules: adapt iptables binary paths present in Eoan (LP 1832297) |
1763 | + [ focal has iptables 1.8.3 ] |
1764 | + * Added Changes: |
1765 | + - refreshed patches for libvirt v6.0.0 |
1766 | + - d/control: bump build dep to python3 |
1767 | + - d/control: VCS links to use generic Ubuntu launchpad git URLs |
1768 | + - d/control: add python3-docutils as build dependency |
1769 | + - d/control: add libzfslinux-dev to build-deps |
1770 | + - d/rules: set enable-dependency-tracking to avoid FTBFS |
1771 | + - d/rules: drop the no more existing phyp option |
1772 | + - d/rules: drop the no more existing xen configure option |
1773 | + - d/libvirt-clients.maintscript: rm_conffile libvirt-uri.sh that was |
1774 | + optional for use on xen hosts |
1775 | + - d/control: drop libvirt-lxc, vbox and xen drivers to suggest |
1776 | + - minimize patches generated by autoreconf |
1777 | + - fix build on Debian/Ubuntu in qemuhotplugtest |
1778 | + - d/libvirt-doc.doc: install rendered docs |
1779 | + - d/libvirt-daemon-system.examples: drop old examples that are now active |
1780 | + - d/libvirt-doc.doc-base.libvirt-doc: adapt doc base to new file placement |
1781 | + - d/libvirt-daemon-system-sysv.lintian-overrides: not shipiing systemd files |
1782 | + - d/libnss-libvirt.lintian-overrides: accept having two nss so files |
1783 | + - d/rules: don't ship split daemons just yet |
1784 | + - d/rules: install /etc/default/* files that are shared between sysv and |
1785 | + systemd packages |
1786 | + - d/rules: add libvirt-guests.default to libvirt-daemon-system instead of |
1787 | + libvirt-daemon-system-sysv |
1788 | + - d/p/ubuntu/lp-1655111*: fix qemu_bridge_helper to work with named |
1789 | + profiles (LP: #1655111) |
1790 | + |
1791 | + -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Mon, 13 Jan 2020 13:14:14 +0100 |
1792 | + |
1793 | libvirt (5.6.0-4) experimental; urgency=medium |
1794 | |
1795 | * [d88536d] Introduce libvirt-daemon-system-{systemd,sysv} Move init scripts |
1796 | @@ -938,6 +2648,237 @@ libvirt (5.6.0-1) unstable; urgency=medium |
1797 | |
1798 | -- Andrea Bolognani <eof@kiyuko.org> Sun, 25 Aug 2019 16:32:31 +0200 |
1799 | |
1800 | +libvirt (5.4.0-0ubuntu5) eoan; urgency=medium |
1801 | + |
1802 | + * No-change upload with strops.h and sys/strops.h removed in glibc. |
1803 | + |
1804 | + -- Matthias Klose <doko@ubuntu.com> Thu, 05 Sep 2019 11:00:53 +0000 |
1805 | + |
1806 | +libvirt (5.4.0-0ubuntu4) eoan; urgency=medium |
1807 | + |
1808 | + * d/p/ubuntu/lp-1828495-*: make libvirt able to handle arch_capabilities |
1809 | + cpu features for the Host. (LP: 1828495 - not closing yet as guest caps |
1810 | + are still need fixups to work well LP: 1841066) |
1811 | + |
1812 | + -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Tue, 20 Aug 2019 10:50:08 +0200 |
1813 | + |
1814 | +libvirt (5.4.0-0ubuntu3) eoan; urgency=medium |
1815 | + |
1816 | + * SECURITY UPDATE: virDomainSaveImageGetXMLDesc does not check for |
1817 | + read-only connection |
1818 | + - debian/patches/CVE-2019-10161.patch: add check to |
1819 | + src/libvirt-domain.c, src/qemu/qemu_driver.c, |
1820 | + src/remote/remote_protocol.x. |
1821 | + - CVE-2019-10161 |
1822 | + * SECURITY UPDATE: virDomainManagedSaveDefineXML does not check for |
1823 | + read-only connection |
1824 | + - debian/patches/CVE-2019-10166.patch: add check to |
1825 | + src/libvirt-domain.c. |
1826 | + - CVE-2019-10166 |
1827 | + * SECURITY UPDATE: virConnectGetDomainCapabilities does not check for |
1828 | + read-only connection |
1829 | + - debian/patches/CVE-2019-10167.patch: add check to |
1830 | + src/libvirt-domain.c. |
1831 | + - CVE-2019-10167 |
1832 | + * SECURITY UPDATE: virConnect*HypervisorCPU do not check for read-only |
1833 | + connection |
1834 | + - debian/patches/CVE-2019-10168.patch: add checks to |
1835 | + src/libvirt-host.c. |
1836 | + - CVE-2019-10168 |
1837 | + |
1838 | + -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Tue, 02 Jul 2019 08:08:33 -0400 |
1839 | + |
1840 | +libvirt (5.4.0-0ubuntu2) eoan; urgency=medium |
1841 | + |
1842 | + * d/p/ubuntu-aa/lp-1833040-Add-openGraphicsFD-rule-for-named-profile.patch: |
1843 | + avoid issues with remote screen connections like virt-manager due to |
1844 | + apparmor changes in libvirt 5.1 (LP: #1833040) |
1845 | + |
1846 | + -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Wed, 19 Jun 2019 14:34:54 +0200 |
1847 | + |
1848 | +libvirt (5.4.0-0ubuntu1) eoan; urgency=medium |
1849 | + |
1850 | + * Merged with Debian git 5.3.0-1~1.gbp7b1637 and upstreams 5.4 release |
1851 | + Among many other new features and fixes this includes fixes for: |
1852 | + LP: #1759509 - virsh dompmwakeup fails to wake VM from dompmsuspend state |
1853 | + Remaining changes: |
1854 | + - Disable libssh2 support (universe dependency) |
1855 | + - Disable firewalld support (universe dependency) |
1856 | + - Set qemu-group to kvm (for compat with older ubuntu) |
1857 | + - Additional apport package-hook |
1858 | + - Autostart default bridged network (As upstream does, but not Debian). |
1859 | + In addition to just enabling it our solution provides: |
1860 | + + do not autostart if subnet is already taken (e.g. in guests). |
1861 | + + iterate some alternative subnets before giving up |
1862 | + - d/p/ubuntu/Allow-libvirt-group-to-access-the-socket.patch: This is |
1863 | + the group based access to libvirt functions as it was used in Ubuntu |
1864 | + for quite long. |
1865 | + + d/p/ubuntu/daemon-augeas-fix-expected.patch fix some related tests |
1866 | + due to the group access change. |
1867 | + + d/libvirt-daemon-system.postinst: add users in sudo to the libvirt |
1868 | + group. |
1869 | + - ubuntu/parallel-shutdown.patch: set parallel shutdown by default. |
1870 | + - Update Vcs-Git and Vcs-Browser fields to point to launchpad |
1871 | + - Xen related |
1872 | + - d/p/ubuntu/ubuntu-libxl-qemu-path.patch: this change was split. The |
1873 | + section that adapts the path of the emulator to the Debian/Ubuntu |
1874 | + packaging is kept. |
1875 | + - d/p/ubuntu/ubuntu-libxl-Fix-up-VRAM-to-minimum-requirements.patch: auto |
1876 | + set VRAM to minimum requirements |
1877 | + - d/p/ubuntu/xen-default-uri.patch: set default URI on xen hosts |
1878 | + - Add libxl log directory |
1879 | + - libvirt-uri.sh: Automatically switch default libvirt URI for users on |
1880 | + Xen dom0 via user profile (was missing on changelogs before) |
1881 | + - d/p/ubuntu/apibuild-skip-libvirt-common.h: drop libvirt-common.h from |
1882 | + included_files to avoid build failures due to duplicate definitions. |
1883 | + - Update README.Debian with Ubuntu changes |
1884 | + - Enable some additional features on ppc64el and s390x (for arch parity) |
1885 | + + systemtap, zfs, numa and numad on s390x. |
1886 | + + systemtap on ppc64el. |
1887 | + - d/t/control, d/t/smoke-qemu-session: fixup smoke-qemu-session by making |
1888 | + vmlinuz available and accessible (Debian bug 848314) |
1889 | + - d/t/control, d/t/smoke-lxc: fix up lxc smoke test isolation |
1890 | + - d/p/ubuntu/ubuntu_machine_type.patch: accept ubuntu types as pci440fx |
1891 | + - Further upstreamed apparmor Delta, especially any new one |
1892 | + Our former delta is split into logical pieces and is either Ubuntu only |
1893 | + or is part of a continuous upstreaming effort. |
1894 | + Listing related remaining changes in debian/patches/ubuntu-aa/: |
1895 | + + 0001-apparmor-Allow-pygrub-to-run-on-Debian-Ubuntu.patch: apparmor: |
1896 | + Allow pygrub to run on Debian/Ubuntu |
1897 | + + 0003-apparmor-libvirt-qemu-Allow-read-access-to-overcommi.patch: |
1898 | + apparmor, libvirt-qemu: Allow read access to overcommit_memory |
1899 | + + 0007-apparmor-libvirt-qemu-Allow-owner-read-access-to-PRO.patch: |
1900 | + apparmor, libvirt-qemu: Allow owner read access to @{PROC}/*/auxv |
1901 | + + 0017-apparmor-virt-aa-helper-Allow-access-to-tmp-director.patch: |
1902 | + apparmor, virt-aa-helper: Allow access to tmp directories |
1903 | + + ubuntu-aa/0020-virt-aa-helper-ubuntu-storage-paths.patch: |
1904 | + apparmor, virt-aa-helper: Allow various storage pools and image |
1905 | + locations |
1906 | + + 0021-apparmor-virt-aa-helper-Add-openvswitch-support.patch: |
1907 | + apparmor, virt-aa-helper: Add openvswitch support |
1908 | + + 0029-appmor-libvirt-qemu-Add-9p-support.patch: appmor, |
1909 | + libvirt-qemu: Add 9p support |
1910 | + + 0030-virt-aa-helper-Complete-9p-support.patch: virt-aa-helper: |
1911 | + add l to 9p file options. |
1912 | + + 0031-virt-aa-helper-Ask-for-no-deny-rule-for-readonly-dis.patch: |
1913 | + virt-aa-helper: Ask for no deny rule for readonly disk (renamed and |
1914 | + reworded, was virt-aa-helper-no-explicity-deny-for-basefiles.patch) |
1915 | + + 0032-apparmor-libvirt-qemu-Allow-reading-charm-specific-c.patch: |
1916 | + apparmor, libvirt-qemu: Allow reading charm-specific ceph config |
1917 | + + 0033-UBUNTU-only-apparmor-for-kvm.powerpc-LP-1680384.patch: allow |
1918 | + commands executed by ubuntu only kvm wrapper on ppc64el |
1919 | + (LP 1686621 LP 1680384 LP 1784023) |
1920 | + + 0034-apparmor-virt-aa-helper-access-for-snapped-nova.patch: |
1921 | + apparmor, virt-aa-helper: access for snapped nova |
1922 | + + d/p/ubuntu-aa/0050-local-include-for-libvirt-qemu.patch, |
1923 | + d/libvirt-daemon-system.postinst: provide a local apparmor include |
1924 | + for abstraction/libvirt-qemu (LP: 1786019) |
1925 | + + d/p/ubuntu-aa/lp-1815910-allow-vhost-net.patch: avoid apparmor issues |
1926 | + with vhost-net/vhost-vsock/vhost-scsi hotplug (LP: 1815910) |
1927 | + - d/rules: enable build time self tests on all architectures |
1928 | + - dnsmasq related enhancements |
1929 | + + run dnsmasq as libvirt-dnsmasq (LP: 1743718) |
1930 | + + d/libvirt-daemon-system.postinst: add libvirt-dnsmasq user and group |
1931 | + + d/libvirt-daemon-system.postrm: remove libvirt-dnsmasq user and group |
1932 | + on purge |
1933 | + + d/p/ubuntu/dnsmasq-as-priv-user: write dnsmasq config with user |
1934 | + libvirt-dnsmasq and adapt the self tests to expect that config |
1935 | + + d/libvirt-daemon-system.postinst: fix old libvirt-dnsmasq users group |
1936 | + + Add dnsmasq configuration to work with system wide dnsmasq-base |
1937 | + - debian/rules: disable the netcf backend. (LP: 1764314) |
1938 | + - debian/control: drop libnetcf from Build-Depends. |
1939 | + - debian/patches/ubuntu/ovmf_paths.patch: adjust paths to secboot.fd UEFI |
1940 | + Secure Boot enabled variants of the OVMF firmware and variable store for |
1941 | + the paths where we ship these files in Ubuntu. |
1942 | + - d/rules: install virtlockd correctly with defaults file (LP: 1729516) |
1943 | + - d/rules: also check build time self test results on all architectures |
1944 | + - d/p/ubuntu/set-default-machine-to-ubuntu.patch: to select default |
1945 | + machine type correctly with newer qemu/libvirt |
1946 | + - d/t/control: fix smoke-qemu-session by ensuring the service will run |
1947 | + installing libvirt-daemon-system |
1948 | + - d/t/smoke-lxc: fix smoke-lxc by ignoring potential issues on destroy as |
1949 | + long as the following undefine succeeds |
1950 | + - avoid service dependency issues on upgrade (LP: 1786179) |
1951 | + This will in the long term be resolved in dh_* tools, but to let an |
1952 | + upgrade work for now we need to drop the sysV scripts (which we don't |
1953 | + use anyway) and slightly modify the systemd service to work with todays |
1954 | + dh_systemd_start properly. Can be dropped once Debian bug 905772 is |
1955 | + resolved in dh_* tools and libvirt uses those new code. |
1956 | + - d/libvirt-daemon-system.virtlogd.init: removed sysV init file |
1957 | + - d/libvirt-daemon-system.libvirtd.init: removed sysV init file |
1958 | + - debian/libvirt-daemon-system.maintscript: rm_conffile for virtlogd |
1959 | + and lbivirtd sysV init file |
1960 | + - d/p/ubuntu/avoid-restarting-virtlog-socket.patch: drop Also references |
1961 | + to virtlogd/virtlockd sockets as they would imply a restart of |
1962 | + virtlogd breaking it. |
1963 | + - d/t/smoke-lxc: use systemd instead of sysV to restart the service |
1964 | + * Added Changes: |
1965 | + - Refreshed patches to match new upstream |
1966 | + - d/p/Reduce-udevadm-settle-timeout-to-10-seconds.patch |
1967 | + - d/p/ubuntu/ubuntu_machine_type.patch |
1968 | + - d/control: Revert iptables/ebtables dependency as Eoan still is on 1.6.x |
1969 | + This can be dropped once >=1.8.1 |
1970 | + - d/rules: adapt iptables binary paths present in Eoan (LP: #1832297) |
1971 | + This can be dropped once >=1.8.1 |
1972 | + - d/p/ubuntu/dnsmasq-as-priv-user: update to include the new test |
1973 | + nat-network-mtu |
1974 | + - revert [c3c4cd4] drop in helper for firewalld as it is disabled on |
1975 | + Ubuntu [can be squashed with the disabling of firewalld on next merge] |
1976 | + - d/libvirt0.symbols: bump symbol versions for 5.4.0 |
1977 | + - d/rules: add --no-restart-after-upgrade to services that are supposed to |
1978 | + stay up through upgrades - this also applies to related sockets. |
1979 | + * Dropped Changes (upstream) |
1980 | + - d/p/ubuntu-aa/lp-1804766-*: Allow rendering node access as needed |
1981 | + for the ease use of mdev and gl devices (LP: 1804766) |
1982 | + - d/p/ubuntu/lp-1771662-*: fix handling of VFs without associated PF |
1983 | + (LP: 1771662) |
1984 | + - d/p/ubuntu/lp-1825195-*.patch: fix issues with old guests that defined |
1985 | + the never functional osxsave and ospke features (LP: 1825195). |
1986 | + - d/p/ubuntu-aa/lp-1829223-virt-aa-helper-allow-vhost-scsi.patch fix |
1987 | + vhost-scsi hotplug in virt-aa-helper (LP: 1829223) |
1988 | + - SECURITY UPDATE: Add support for md-clear functionality |
1989 | + + debian/patches/ubuntu/md-clear.patch: Define md-clear CPUID bit in |
1990 | + src/cpu_map/x86_features.xml. |
1991 | + + CVE-2018-12126, CVE-2018-12127, CVE-2018-12130, CVE-2019-11091 |
1992 | + - Implement further apparmor rules for usage of gl enabled |
1993 | + graphics (LP: 1815452) |
1994 | + + d/p/ubuntu-aa/lp-1815452-more-gl-rules.patch |
1995 | + + d/p/ubuntu-aa/lp-1815452-virt-aa-helper-rule.patch |
1996 | + - Implement further apparmor rules for usage of gl enabled |
1997 | + graphics with nvidia cards (LP: 1817943) |
1998 | + + d/p/ubuntu-aa/lp-1817943-nvidia-gl-rules.patch |
1999 | + + d/p/ubuntu-aa/lp-1817943-devices-in-sysfs.patch |
2000 | + * Dropped Changes (in Debian) |
2001 | + - d/rules: strip -Bsymbolic-functions from linker flags as it breaks |
2002 | + libvirt tests |
2003 | + |
2004 | + -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Fri, 07 Jun 2019 11:55:52 +0200 |
2005 | + |
2006 | +libvirt (5.3.0-1~1.gbp7b1637) UNRELEASED; urgency=medium |
2007 | + |
2008 | + ** SNAPSHOT build @7b1637605da9224c46ebf3a243fa725d643e7556 ** |
2009 | + |
2010 | + [ Guido Günther ] |
2011 | + * [fb43676] d/control: Drop dh-autoreconf build-dep. |
2012 | + Not needed for dh compat > 10. |
2013 | + * [81d21d5] d/not-installed: Use multi-arch dirs. |
2014 | + Files moved during the dh12 switch. |
2015 | + * [428ad14] New upstream version 5.3.0~rc2 |
2016 | + * [641e532] New upstream version 5.3.0 |
2017 | + |
2018 | + [ Christian Ehrhardt ] |
2019 | + * [c28c3b3] d/libvirt0.install: install translations |
2020 | + * [c3c4cd4] d/libvirt-daemon-system.install: drop in helper for firewalld |
2021 | + * [3e8b43c] d/not-installed: ignore default files /etc/sysconfig |
2022 | + * [c223d7f] d/libvirt-daemon-system.examples: ship sysctl config as example |
2023 | + * [f19acf6] d/libvirt-daemon-system.install: ship libxl-sanlock.conf |
2024 | + (Closes: #919484) |
2025 | + |
2026 | + [ Andrea Bolognani ] |
2027 | + * [6a2eae3] Simplify and improve watch file. |
2028 | + |
2029 | + -- Guido Günther <agx@sigxcpu.org> Mon, 06 May 2019 13:06:27 +0200 |
2030 | + |
2031 | libvirt (5.2.0-2) experimental; urgency=medium |
2032 | |
2033 | [ Guido Günther ] |
2034 | @@ -1105,6 +3046,199 @@ libvirt (5.0.0-2) unstable; urgency=medium |
2035 | |
2036 | -- Guido Günther <agx@sigxcpu.org> Sun, 07 Apr 2019 12:36:21 +0200 |
2037 | |
2038 | +libvirt (5.0.0-1ubuntu4) eoan; urgency=medium |
2039 | + |
2040 | + * d/p/ubuntu/lp-1825195-*.patch: fix issues with old guests that defined |
2041 | + the never functional osxsave and ospke features (LP: #1825195). |
2042 | + * d/p/series: reorder ubuntu Delta |
2043 | + * d/p/ubuntu-aa/lp-1815910-allow-vhost-net.patch: avoid apparmor issues |
2044 | + with vhost-net/vhost-vsock/vhost-scsi hotplug (LP: #1815910) |
2045 | + * d/p/ubuntu-aa/lp-1829223-virt-aa-helper-allow-vhost-scsi.patch fix |
2046 | + vhost-scsi hotplug in virt-aa-helper (LP: #1829223) |
2047 | + |
2048 | + -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Thu, 16 May 2019 10:42:09 +0200 |
2049 | + |
2050 | +libvirt (5.0.0-1ubuntu3) eoan; urgency=medium |
2051 | + |
2052 | + * SECURITY UPDATE: Add support for md-clear functionality |
2053 | + - debian/patches/ubuntu/md-clear.patch: Define md-clear CPUID bit in |
2054 | + src/cpu_map/x86_features.xml. |
2055 | + - CVE-2018-12126, CVE-2018-12127, CVE-2018-12130, CVE-2019-11091 |
2056 | + |
2057 | + -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Tue, 14 May 2019 14:48:05 -0400 |
2058 | + |
2059 | +libvirt (5.0.0-1ubuntu2) disco; urgency=medium |
2060 | + |
2061 | + * Implement further apparmor rules for usage of gl enabled |
2062 | + graphics (LP: #1815452) |
2063 | + - d/p/ubuntu-aa/lp-1815452-more-gl-rules.patch |
2064 | + - d/p/ubuntu-aa/lp-1815452-virt-aa-helper-rule.patch |
2065 | + * Implement further apparmor rules for usage of gl enabled |
2066 | + graphics with nvidia cards (LP: #1817943) |
2067 | + - d/p/ubuntu-aa/lp-1817943-nvidia-gl-rules.patch |
2068 | + - d/p/ubuntu-aa/lp-1817943-devices-in-sysfs.patch |
2069 | + * d/p/ubuntu-aa/lp-1804766-*: updated to the upstream accepted |
2070 | + version (no functional change, LP: 1804766) |
2071 | + |
2072 | + -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Tue, 12 Feb 2019 11:27:14 +0100 |
2073 | + |
2074 | +libvirt (5.0.0-1ubuntu1) disco; urgency=medium |
2075 | + |
2076 | + * Merged with Debian unstable |
2077 | + Among many other new features and fixes this includes fixes for: |
2078 | + LP: #1754871 - 1799446 zPCI passthrough support for KVM |
2079 | + LP: #1811198 - remove arbitrary limit on socket_id/core_id |
2080 | + Remaining changes: |
2081 | + - Disable libssh2 support (universe dependency) |
2082 | + - Disable firewalld support (universe dependency) |
2083 | + - Set qemu-group to kvm (for compat with older ubuntu) |
2084 | + - Additional apport package-hook |
2085 | + - Autostart default bridged network (As upstream does, but not Debian). |
2086 | + In addition to just enabling it our solution provides: |
2087 | + + do not autostart if subnet is already taken (e.g. in guests). |
2088 | + + iterate some alternative subnets before giving up |
2089 | + - d/p/ubuntu/Allow-libvirt-group-to-access-the-socket.patch: This is |
2090 | + the group based access to libvirt functions as it was used in Ubuntu |
2091 | + for quite long. |
2092 | + + d/p/ubuntu/daemon-augeas-fix-expected.patch fix some related tests |
2093 | + due to the group access change. |
2094 | + + d/libvirt-daemon-system.postinst: add users in sudo to the libvirt |
2095 | + group. |
2096 | + - ubuntu/parallel-shutdown.patch: set parallel shutdown by default. |
2097 | + - Update Vcs-Git and Vcs-Browser fields to point to launchpad |
2098 | + - Xen related |
2099 | + - d/p/ubuntu/ubuntu-libxl-qemu-path.patch: this change was split. The |
2100 | + section that adapts the path of the emulator to the Debian/Ubuntu |
2101 | + packaging is kept. |
2102 | + - d/p/ubuntu/ubuntu-libxl-Fix-up-VRAM-to-minimum-requirements.patch: auto |
2103 | + set VRAM to minimum requirements |
2104 | + - d/p/ubuntu/xen-default-uri.patch: set default URI on xen hosts |
2105 | + - Add libxl log directory |
2106 | + - libvirt-uri.sh: Automatically switch default libvirt URI for users on |
2107 | + Xen dom0 via user profile (was missing on changelogs before) |
2108 | + - d/p/ubuntu/apibuild-skip-libvirt-common.h: drop libvirt-common.h from |
2109 | + included_files to avoid build failures due to duplicate definitions. |
2110 | + - Update README.Debian with Ubuntu changes |
2111 | + - Enable some additional features on ppc64el and s390x (for arch parity) |
2112 | + + systemtap, zfs, numa and numad on s390x. |
2113 | + + systemtap on ppc64el. |
2114 | + - d/t/control, d/t/smoke-qemu-session: fixup smoke-qemu-session by making |
2115 | + vmlinuz available and accessible (Debian bug 848314) |
2116 | + - d/t/control, d/t/smoke-lxc: fix up lxc smoke test isolation |
2117 | + - d/p/ubuntu/ubuntu_machine_type.patch: accept ubuntu types as pci440fx |
2118 | + - Further upstreamed apparmor Delta, especially any new one |
2119 | + Our former delta is split into logical pieces and is either Ubuntu only |
2120 | + or is part of a continuous upstreaming effort. |
2121 | + Listing related remaining changes in debian/patches/ubuntu-aa/: |
2122 | + + 0001-apparmor-Allow-pygrub-to-run-on-Debian-Ubuntu.patch: apparmor: |
2123 | + Allow pygrub to run on Debian/Ubuntu |
2124 | + + 0003-apparmor-libvirt-qemu-Allow-read-access-to-overcommi.patch: |
2125 | + apparmor, libvirt-qemu: Allow read access to overcommit_memory |
2126 | + + 0007-apparmor-libvirt-qemu-Allow-owner-read-access-to-PRO.patch: |
2127 | + apparmor, libvirt-qemu: Allow owner read access to @{PROC}/*/auxv |
2128 | + + 0017-apparmor-virt-aa-helper-Allow-access-to-tmp-director.patch: |
2129 | + apparmor, virt-aa-helper: Allow access to tmp directories |
2130 | + + ubuntu-aa/0020-virt-aa-helper-ubuntu-storage-paths.patch: |
2131 | + apparmor, virt-aa-helper: Allow various storage pools and image |
2132 | + locations |
2133 | + + 0021-apparmor-virt-aa-helper-Add-openvswitch-support.patch: |
2134 | + apparmor, virt-aa-helper: Add openvswitch support |
2135 | + + 0029-appmor-libvirt-qemu-Add-9p-support.patch: appmor, |
2136 | + libvirt-qemu: Add 9p support |
2137 | + + 0030-virt-aa-helper-Complete-9p-support.patch: virt-aa-helper: |
2138 | + add l to 9p file options. |
2139 | + + 0031-virt-aa-helper-Ask-for-no-deny-rule-for-readonly-dis.patch: |
2140 | + virt-aa-helper: Ask for no deny rule for readonly disk (renamed and |
2141 | + reworded, was virt-aa-helper-no-explicity-deny-for-basefiles.patch) |
2142 | + + 0032-apparmor-libvirt-qemu-Allow-reading-charm-specific-c.patch: |
2143 | + apparmor, libvirt-qemu: Allow reading charm-specific ceph config |
2144 | + + 0033-UBUNTU-only-apparmor-for-kvm.powerpc-LP-1680384.patch: allow |
2145 | + commands executed by ubuntu only kvm wrapper on ppc64el |
2146 | + (LP 1686621 LP 1680384 LP 1784023) |
2147 | + + 0034-apparmor-virt-aa-helper-access-for-snapped-nova.patch: |
2148 | + apparmor, virt-aa-helper: access for snapped nova |
2149 | + + d/p/ubuntu-aa/0050-local-include-for-libvirt-qemu.patch, |
2150 | + d/libvirt-daemon-system.postinst: provide a local apparmor include |
2151 | + for abstraction/libvirt-qemu (LP: 1786019) |
2152 | + - d/rules: enable build time self tests on all architectures |
2153 | + - dnsmasq related enhancements |
2154 | + + run dnsmasq as libvirt-dnsmasq (LP: 1743718) |
2155 | + + d/libvirt-daemon-system.postinst: add libvirt-dnsmasq user and group |
2156 | + + d/libvirt-daemon-system.postrm: remove libvirt-dnsmasq user and group on |
2157 | + purge |
2158 | + + d/p/ubuntu/dnsmasq-as-priv-user: write dnsmasq config with user |
2159 | + libvirt-dnsmasq and adapt the self tests to expect that config |
2160 | + + d/libvirt-daemon-system.postinst: fix old libvirt-dnsmasq users group |
2161 | + + Add dnsmasq configuration to work with system wide dnsmasq-base |
2162 | + - debian/rules: disable the netcf backend. (LP: 1764314) |
2163 | + - debian/control: drop libnetcf from Build-Depends. |
2164 | + - debian/patches/ubuntu/ovmf_paths.patch: adjust paths to secboot.fd UEFI |
2165 | + Secure Boot enabled variants of the OVMF firmware and variable store for |
2166 | + the paths where we ship these files in Ubuntu. |
2167 | + - d/rules: install virtlockd correctly with defaults file (LP: 1729516) |
2168 | + - avoid service dependency issues on upgrade (LP: 1786179) |
2169 | + This will in the long term be resolved in dh_* tools, but to let an |
2170 | + upgrade work for now we need to drop the sysV scripts (which we don't |
2171 | + use anyway) and slightly modify the systemd service to work with todays |
2172 | + dh_systemd_start properly. Can be dropped once Debian bug 905772 is |
2173 | + resolved in dh_* tools and libvirt uses those new code. |
2174 | + - d/libvirt-daemon-system.virtlogd.init: removed sysV init file |
2175 | + - d/libvirt-daemon-system.libvirtd.init: removed sysV init file |
2176 | + - debian/libvirt-daemon-system.maintscript: rm_conffile for virtlogd |
2177 | + and lbivirtd sysV init file |
2178 | + - d/p/ubuntu/avoid-restarting-virtlog-socket.patch: drop Also references |
2179 | + to virtlogd/virtlockd sockets as they would imply a restart of |
2180 | + virtlogd breaking it. |
2181 | + - d/t/smoke-lxc: use systemd instead of sysV to restart the service |
2182 | + * Added Changes: |
2183 | + - Refresh d/p/ubuntu/ubuntu-libxl-qemu-path.patch for new context |
2184 | + - d/rules: also check build time self test results on all architectures |
2185 | + - d/rules: strip -Bsymbolic-functions from linker flags as it breaks |
2186 | + libvirt tests |
2187 | + - d/p/ubuntu/set-default-machine-to-ubuntu.patch: to select default |
2188 | + machine type correctly with newer qemu/libvirt |
2189 | + - d/p/ubuntu-aa/lp-1804766-*: Allow rendering node access as needed |
2190 | + for the ease use of mdev and gl devices (LP: #1804766) |
2191 | + - refreshed d/p/ubuntu-aa for updated paths in libvirt 5.0 |
2192 | + - d/t/control: fix smoke-qemu-session by ensuring the service will run |
2193 | + installing libvirt-daemon-system |
2194 | + - d/t/smoke-lxc: fix smoke-lxc by ignoring potential issues on destroy as |
2195 | + long as the following undefine succeeds |
2196 | + - d/p/ubuntu/lp-1771662-*: fix handling of VFs without associated PF |
2197 | + (LP: #1771662) |
2198 | + * Dropped Changes (upstream) |
2199 | + - debian/patches/ubuntu/lp1787405-*: Support guest dedicated Crypto |
2200 | + Adapters on s390x (LP: 1787405) |
2201 | + - d/p/ubuntu/lp-1802727-netdevbridge-fall-back-to-ioctl-from-sysfs.patch: |
2202 | + fix libvirt bridge handling in unprivileged containers (LP: 1802906) |
2203 | + - d/p/ubuntu-aa/lp-1788603-fix-ptrace-rules-with-kernel-4.18.patch: |
2204 | + avoid issues with newer kernels >=4.18 (LP: 1788603) |
2205 | + - Fix an issue where guests with plenty of hostdevs attached where detected |
2206 | + as not shut down due to the kernel needing more time to free up |
2207 | + resources (LP: 1788226) |
2208 | + - d/p/ubuntu/lp-1788226-wait-longer-5-30s-on-hard-shutdown.patch |
2209 | + - d/p/ubuntu/lp-1788226-wait-longer-on-kill-per-assigned-Hostdev.patch |
2210 | + - 0025-apparmor-fix-newer-virt-manager-1.4.0.patch: Add Apparmor |
2211 | + permissions so virt-manager 1.4.0 viewing works (LP 1668681 1747442). |
2212 | + - 0040-apparmor-add-mediation-rules-for-unconfined.patch: |
2213 | + apparmor: add mediation rules for unconfined guests |
2214 | + - d/p/ubuntu-aa/0051-allow-user-tmp.patch: some features need tmp, but we |
2215 | + don't want blanket access. We only allow enumerating the base dir and |
2216 | + reading owned files. Further features needing /tmp have to add local |
2217 | + overrides, examples are qemu-smb and some modes of local snapshots. |
2218 | + (LP: 1365261) Can be dropped >=libvirt 4.7 |
2219 | + - d/p/ubuntu-aa/0052-allow-to-preserve-dev-mountpoints.patch: Allow to |
2220 | + preserve /dev mountpoints in qemu namespaces (LP: 1786168) |
2221 | + Can be dropped >=libvirt 4.7 |
2222 | + - d/p/ubuntu/enable-kvm-spice.patch: compat with older Ubuntu qemu/kvm |
2223 | + which provided a separate kvm-spice. Upstream completely dropped |
2224 | + alternative types and kvm-spice is a symlink for quite some time. |
2225 | + Builtin expected binaries work, so drop this delta. |
2226 | + * Dropped Changes (in Debian) |
2227 | + - Convert libvirt0, libnss_libvirt and libvirt-dev to multi-arch. |
2228 | + |
2229 | + -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Tue, 08 Jan 2019 13:09:31 +0100 |
2230 | + |
2231 | libvirt (5.0.0-1) unstable; urgency=medium |
2232 | |
2233 | * [7346f30] New upstream version 5.0.0 |
2234 | @@ -1164,6 +3298,297 @@ libvirt (4.7.0-1) unstable; urgency=medium |
2235 | |
2236 | -- Guido Günther <agx@sigxcpu.org> Sun, 09 Sep 2018 21:42:33 +0200 |
2237 | |
2238 | +libvirt (4.6.0-2ubuntu6) disco; urgency=medium |
2239 | + |
2240 | + * No-change rebuild for readline soname change. |
2241 | + |
2242 | + -- Matthias Klose <doko@ubuntu.com> Tue, 15 Jan 2019 10:26:04 +0000 |
2243 | + |
2244 | +libvirt (4.6.0-2ubuntu5) disco; urgency=medium |
2245 | + |
2246 | + * d/p/ubuntu/lp1787405-0008-qemu-mdev-Use-vfio-pci-display-property-only |
2247 | + -with-vf.patch: fix handling of non PCI vfio display propery (part |
2248 | + of LP: #1787405) |
2249 | + |
2250 | + -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Thu, 06 Dec 2018 09:20:39 +0100 |
2251 | + |
2252 | +libvirt (4.6.0-2ubuntu4) disco; urgency=medium |
2253 | + |
2254 | + * debian/patches/ubuntu/lp1787405-*: Support guest dedicated Crypto |
2255 | + Adapters on s390x (LP: #1787405) |
2256 | + * d/p/ubuntu/lp-1802727-netdevbridge-fall-back-to-ioctl-from-sysfs.patch: |
2257 | + fix libvirt bridge handling in unprivileged containers (LP: #1802906) |
2258 | + |
2259 | + -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Fri, 09 Nov 2018 07:42:01 +0100 |
2260 | + |
2261 | +libvirt (4.6.0-2ubuntu3) cosmic; urgency=medium |
2262 | + |
2263 | + * d/p/ubuntu-aa/lp-1788603-fix-ptrace-rules-with-kernel-4.18.patch: |
2264 | + avoid issues with newer kernels >=4.18 (LP: #1788603) |
2265 | + |
2266 | + -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Mon, 27 Aug 2018 10:57:57 +0200 |
2267 | + |
2268 | +libvirt (4.6.0-2ubuntu2) cosmic; urgency=medium |
2269 | + |
2270 | + * Fix an issue where guests with plenty of hostdevs attached where detected |
2271 | + as not shut down due to the kernel needing more time to free up |
2272 | + resources (LP: #1788226) |
2273 | + - d/p/ubuntu/lp-1788226-wait-longer-5-30s-on-hard-shutdown.patch |
2274 | + - d/p/ubuntu/lp-1788226-wait-longer-on-kill-per-assigned-Hostdev.patch |
2275 | + |
2276 | + -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Tue, 21 Aug 2018 17:51:43 +0200 |
2277 | + |
2278 | +libvirt (4.6.0-2ubuntu1) cosmic; urgency=medium |
2279 | + |
2280 | + * Merged with Debian unstable (LP: #1786957). |
2281 | + Among many other new features and fixes this includes fixes |
2282 | + for (LP: #1754871), Remaining changes: |
2283 | + - Disable libssh2 support (universe dependency) |
2284 | + - Disable firewalld support (universe dependency) |
2285 | + - Set qemu-group to kvm (for compat with older ubuntu) |
2286 | + - Additional apport package-hook |
2287 | + - Autostart default bridged network (As upstream does, but not Debian). |
2288 | + In addition to just enabling it our solution provides: |
2289 | + + do not autostart if subnet is already taken (e.g. in guests). |
2290 | + + iterate some alternative subnets before giving up |
2291 | + - d/p/ubuntu/Allow-libvirt-group-to-access-the-socket.patch: This is |
2292 | + the group based access to libvirt functions as it was used in Ubuntu |
2293 | + for quite long. |
2294 | + + d/p/ubuntu/daemon-augeas-fix-expected.patch fix some related tests |
2295 | + due to the group access change. |
2296 | + + d/libvirt-daemon-system.postinst: add users in sudo to the libvirt |
2297 | + group. |
2298 | + - ubuntu/parallel-shutdown.patch: set parallel shutdown by default. |
2299 | + - d/p/ubuntu/enable-kvm-spice.patch: compat with older Ubuntu qemu/kvm |
2300 | + which provided a separate kvm-spice. |
2301 | + - Xen related |
2302 | + - d/p/ubuntu/ubuntu-libxl-qemu-path.patch: this change was split. The |
2303 | + section that adapts the path of the emulator to the Debian/Ubuntu |
2304 | + packaging is kept. |
2305 | + - d/p/ubuntu/ubuntu-libxl-Fix-up-VRAM-to-minimum-requirements.patch: auto |
2306 | + set VRAM to minimum requirements |
2307 | + - d/p/ubuntu/xen-default-uri.patch: set default URI on xen hosts |
2308 | + - Add libxl log directory |
2309 | + - libvirt-uri.sh: Automatically switch default libvirt URI for users on |
2310 | + Xen dom0 via user profile (was missing on changelogs before) |
2311 | + - d/p/ubuntu/apibuild-skip-libvirt-common.h: drop libvirt-common.h from |
2312 | + included_files to avoid build failures due to duplicate definitions. |
2313 | + - Update README.Debian with Ubuntu changes |
2314 | + - Convert libvirt0, libnss_libvirt and libvirt-dev to multi-arch. |
2315 | + - Enable some additional features on ppc64el and s390x (for arch parity) |
2316 | + + systemtap, zfs, numa and numad on s390x. |
2317 | + + systemtap on ppc64el. |
2318 | + - d/t/control, d/t/smoke-qemu-session: fixup smoke-qemu-session by making |
2319 | + vmlinuz available and accessible (Debian bug 848314) |
2320 | + - d/t/control, d/t/smoke-lxc: fix up lxc smoke test isolation |
2321 | + - Add dnsmasq configuration to work with system wide dnsmasq (drop >18.04, |
2322 | + no more UCA onto Xenial then which has global dnsmasq by default). |
2323 | + - d/p/ubuntu/ubuntu_machine_type.patch: accept ubuntu types as pci440fx |
2324 | + - Further upstreamed apparmor Delta, especially any new one |
2325 | + Our former delta is split into logical pieces and is either Ubuntu only |
2326 | + or is part of a continuous upstreaming effort. |
2327 | + Listing related remaining changes in debian/patches/ubuntu-aa/: |
2328 | + + 0001-apparmor-Allow-pygrub-to-run-on-Debian-Ubuntu.patch: apparmor: |
2329 | + Allow pygrub to run on Debian/Ubuntu |
2330 | + + 0003-apparmor-libvirt-qemu-Allow-read-access-to-overcommi.patch: |
2331 | + apparmor, libvirt-qemu: Allow read access to overcommit_memory |
2332 | + + 0007-apparmor-libvirt-qemu-Allow-owner-read-access-to-PRO.patch: |
2333 | + apparmor, libvirt-qemu: Allow owner read access to @{PROC}/*/auxv |
2334 | + + 0017-apparmor-virt-aa-helper-Allow-access-to-tmp-director.patch: |
2335 | + apparmor, virt-aa-helper: Allow access to tmp directories |
2336 | + + ubuntu-aa/0020-virt-aa-helper-ubuntu-storage-paths.patch: |
2337 | + apparmor, virt-aa-helper: Allow various storage pools and image |
2338 | + locations |
2339 | + + 0021-apparmor-virt-aa-helper-Add-openvswitch-support.patch: |
2340 | + apparmor, virt-aa-helper: Add openvswitch support |
2341 | + + 0025-apparmor-fix-newer-virt-manager-1.4.0.patch: Add Apparmor |
2342 | + permissions so virt-manager 1.4.0 viewing works (LP 1668681 1747442). |
2343 | + Can be dropped >=libvirt 4.7 |
2344 | + + 0029-appmor-libvirt-qemu-Add-9p-support.patch: appmor, |
2345 | + libvirt-qemu: Add 9p support |
2346 | + + 0030-virt-aa-helper-Complete-9p-support.patch: virt-aa-helper: |
2347 | + add l to 9p file options. |
2348 | + + 0031-virt-aa-helper-Ask-for-no-deny-rule-for-readonly-dis.patch: |
2349 | + virt-aa-helper: Ask for no deny rule for readonly disk (renamed and |
2350 | + reworded, was virt-aa-helper-no-explicity-deny-for-basefiles.patch) |
2351 | + + 0032-apparmor-libvirt-qemu-Allow-reading-charm-specific-c.patch: |
2352 | + apparmor, libvirt-qemu: Allow reading charm-specific ceph config |
2353 | + + 0033-UBUNTU-only-apparmor-for-kvm.powerpc-LP-1680384.patch: allow |
2354 | + commands executed by ubuntu only kvm wrapper on ppc64el |
2355 | + (LP 1686621 & LP 1680384). |
2356 | + + 0034-apparmor-virt-aa-helper-access-for-snapped-nova.patch: |
2357 | + apparmor, virt-aa-helper: access for snapped nova |
2358 | + + 0040-apparmor-add-mediation-rules-for-unconfined.patch: |
2359 | + apparmor: add mediation rules for unconfined guests |
2360 | + Can be dropped >=libvirt 4.7 |
2361 | + - d/rules: enable build time self tests on all architectures |
2362 | + - run dnsmasq as libvirt-dnsmasq (LP: 1743718) |
2363 | + + d/libvirt-daemon-system.postinst: add libvirt-dnsmasq user and group |
2364 | + + d/libvirt-daemon-system.postrm: remove libvirt-dnsmasq user and group on |
2365 | + purge |
2366 | + + d/p/ubuntu/dnsmasq-as-priv-user: write dnsmas config with user |
2367 | + libvirt-dnsmasq and adapt the self tests to expect that config |
2368 | + + d/libvirt-daemon-system.postinst: fix old libvirt-dnsmasq users |
2369 | + - debian/rules: disable the netcf backend. (LP: 1764314) |
2370 | + - debian/control: drop libnetcf from Build-Depends. |
2371 | + - ddebian/patches/ubuntu/ovmf_paths.patch: adjust paths to secboot.fd UEFI |
2372 | + Secure Boot enabled variants of the OVMF firmware and variable store for |
2373 | + the paths where we ship these files in Ubuntu. |
2374 | + - d/rules: install virtlockd correctly with defaults file (LP: 1729516) |
2375 | + * Added Changes |
2376 | + - 0032-apparmor-libvirt-qemu-Allow-reading-charm-specific-c.patch: |
2377 | + updated to take care of no more silencing and thereby hiding denials |
2378 | + (LP 1719579 is an example) |
2379 | + - 0032-apparmor-libvirt-qemu-Allow-reading-charm-specific-c.patch: |
2380 | + updated to also allow the optionally placed ceph asok file (LP: #1779674) |
2381 | + - 0033-UBUNTU-only-apparmor-for-kvm.powerpc-LP-1680384.patch: prepare |
2382 | + profile for usrmerge (LP: #1784023) |
2383 | + - Finalize the libvirt-bin -> libvirt-* transition in the apport |
2384 | + package-hook. |
2385 | + - d/p/ubuntu-aa/0050-local-include-for-libvirt-qemu.patch, |
2386 | + d/libvirt-daemon-system.postinst: provide a local apparmor include |
2387 | + for abstraction/libvirt-qemu (LP: #1786019) |
2388 | + - d/p/ubuntu-aa/0051-allow-user-tmp.patch: some features need tmp, but we |
2389 | + don't want blanket access. We only allow enumerating the base dir and |
2390 | + reading owned files. Further features needing /tmp have to add local |
2391 | + overrides, examples are qemu-smb and some modes of local snapshots. |
2392 | + (LP: #1365261) Can be dropped >=libvirt 4.7 |
2393 | + - d/p/ubuntu-aa/0052-allow-to-preserve-dev-mountpoints.patch: Allow to |
2394 | + preserve /dev mountpoints in qemu namespaces (LP: #1786168) |
2395 | + Can be dropped >=libvirt 4.7 |
2396 | + - avoid service dependency issues on upgrade (LP: #1786179) |
2397 | + This will in the long term be resolved in dh_* tools, but to let an |
2398 | + upgrade work for now we need to drop the sysV scripts (which we don't |
2399 | + use anyway) and slightly modify the systemd service to work with todays |
2400 | + dh_systemd_start properly. Can be dropped once Debian bug 905772 is |
2401 | + resolved in dh_* tools and libvirt uses those new code. |
2402 | + - d/libvirt-daemon-system.virtlogd.init: removed sysV init file |
2403 | + - d/libvirt-daemon-system.libvirtd.init: removed sysV init file |
2404 | + - debian/libvirt-daemon-system.maintscript: rm_conffile for virtlogd |
2405 | + and lbivirtd sysV init file |
2406 | + - d/p/ubuntu/avoid-restarting-virtlog-socket.patch: drop Also references |
2407 | + to virtlogd/virtlockd sockets as they would imply a restart of |
2408 | + virtlogd breaking it. |
2409 | + - d/t/smoke-lxc: use systemd instead of sysV to restart the service |
2410 | + * Dropped Changes (upstream) |
2411 | + - d/p/ubuntu/virt-aa-helper-Set-the-supported-features.patch: allow parsing |
2412 | + of memory slots and other extended features without breaking |
2413 | + virt-aa-helper (LP: 1746431). |
2414 | + - d/p/stable/0001-Revert-qemu-monitor-do-not-report-error-on-shutdown.patch |
2415 | + - d/p/stable/0002-nodedev-Fix-failing-to-parse-PCI-address-for-non-PCI.patch |
2416 | + - d/p/stable/0003-qemu-assign-correct-type-of-PCI-address-for-vhost-sc.patch |
2417 | + - d/p/stable/0004-qemu-Refresh-caps-cache-after-booting-a-different-ke.patch |
2418 | + - d/p/stable/0005-qemu-auto-add-generic-xhci-rather-than-NEC-xhci-to-Q.patch |
2419 | + - d/p/stable/0006-libvirtd-Explicit-dependency-on-systemd-machined.patch |
2420 | + - d/p/stable/0007-rpc-fix-race-sending-and-encoding-sasl-data.patch |
2421 | + - d/p/stable/0008-vhost-user-add-support-reconnect-for-vhost-user-port.patch |
2422 | + - d/p/stable/0009-qemu-Fix-memory-leak-in-processGuestPanicEvent.patch |
2423 | + - d/p/stable/0010-storage-util-Properly-ignore-errors-when-backing-vol.patch |
2424 | + - d/p/stable/0011-conf-Use-correct-attribute-name-in-error-message.patch |
2425 | + - d/p/stable/0012-util-json-Add-helper-to-return-string-or-number-prop.patch |
2426 | + - d/p/stable/0013-util-storage-Parse-lun-for-iSCSI-protocol-from-JSON-.patch |
2427 | + - d/p/stable/0014-virsh-Offer-only-persistent-domains-for-autostart.patch |
2428 | + - d/p/stable/0015-blockjob-Fix-a-error-checking-of-blockjob-status-in-.patch |
2429 | + - d/p/stable/0016-qemu-Expose-rx-tx_queue_size-in-qemu.conf-too.patch |
2430 | + - d/p/stable/0017-qemu-migration-Refresh-device-information-after-tran.patch |
2431 | + - d/p/stable/0018-qemuDomainRemoveMemoryDevice-unlink-memory-backing-f.patch |
2432 | + - d/p/stable/0019-vbox-fix-SEGV-during-dumpxml-of-a-serial-port.patch |
2433 | + - d/p/stable/0020-qemu-Initialize-priv-in-qemuDomainCoreDumpWithFormat.patch |
2434 | + - d/p/stable/0021-fix-regex-to-check-CN-from-server-certificate.patch |
2435 | + - d/p/stable/0022-storage-Fix-formatting-and-parsing-of-qemu-type-Unix.patch |
2436 | + - d/p/stable/0023-util-storage-Remove-detected-authentication-data-for.patch |
2437 | + - d/p/stable/0024-qemu-blockcopy-Add-check-for-bandwidth.patch |
2438 | + - d/p/stable/0025-conf-move-generated-member-from-virMacAddr-to-virDom.patch |
2439 | + - d/p/stable/0026-lxc-Drop-useless-check-in-live-device-update.patch |
2440 | + - d/p/stable/0027-Pass-oldDev-to-virDomainDefCompatibleDevice-on-devic.patch |
2441 | + - d/p/stable/0028-qemu-Fix-updating-device-with-boot-order.patch |
2442 | + - d/p/stable/0030-daemon-fix-rpc-event-leak-on-error-path-in-remoteDis.patch |
2443 | + - d/p/stable/0029-lxc-fix-rpc-event-leak-on-error-path-in-virLXCContro.patch |
2444 | + - d/p/stable/0031-qemu-fix-memory-leak-of-vporttype-during-migration.patch |
2445 | + - d/p/stable/0032-virsh-fixing-segfault-by-pool-autocompleter-function.patch |
2446 | + - d/p/stable/0033-qemu-Fix-comparison-assignment-in-qemuDomainUpdateDe.patch |
2447 | + - d/p/stable/0034-qemu-Fix-memory-leak-in-qemuConnectGetAllDomainStats.patch |
2448 | + - d/p/stable/0035-libvirtd-fix-potential-deadlock-when-reloading.patch |
2449 | + - d/p/stable/0036-qemu-Use-correct-bus-type-for-input-devices.patch |
2450 | + - d/p/stable/0037-qemu-hostdev-Fix-the-error-on-VM-start-with-an-mdev-.patch |
2451 | + - d/p/stable/0038-conf-Fix-crash-in-virDomainDefCompatibleDevice.patch |
2452 | + - d/p/ubuntu/lp1688508-tools-avoid-text-spilling-into-variables.patch: |
2453 | + avoid hanging on shutdown (LP: 1688508) |
2454 | + - d/p/ubuntu-aa/0041-apparmor-add-ro-rule-for-sasl-GSSAPI- |
2455 | + plugin-on-etc-g.patch fix issues if sasl is configured (LP: 1696471) |
2456 | + - d/p/ubuntu-aa/0042-virt-aa-helper-resolve-yet-to-be-created-paths.patch |
2457 | + ensure symlinks are resolved to get valid rules if interim parts of a path |
2458 | + are a symlink (LP: 1752361) |
2459 | + - d/p/ubuntu/lp1688508-tools-fix-variable-scope-in-in-check_guests_shutdown: |
2460 | + avoid issues shutting down more guests than configured for parallel |
2461 | + shutdown (LP: 1688508) |
2462 | + - d/p/ubuntu-aa/lp1756394-virt-aa-helper-resolve-file-symlinks.patch: fix |
2463 | + using devices that are symlinks (LP: 1756394) |
2464 | + - Fix nvdimm memory and passthrough input devices for hotplug via |
2465 | + domain security callbacks backporting upstream commits (LP: 1755153). |
2466 | + + d/p/ubuntu-aa/lp1755153-apparmor-add-Set-Restore-InputLabel.patch |
2467 | + + d/p/ubuntu-aa/lp1755153-apparmor-add-Set-Restore-MemoryLabel.patch |
2468 | + - Fix nvdimm memory and passthrough input devices in initial guest |
2469 | + description via virt-aa-helper (LP: 1757085). |
2470 | + + d/p/ubuntu-aa/lp1757085-virt-aa-helper-nvdimm-memory.patch |
2471 | + + d/p/ubuntu-aa/lp1757085-virt-aa-helper-passthrough-input.patch |
2472 | + - Fix clean shut down of guests on system shutdown (LP: 1764668) |
2473 | + + d/p/ubuntu/lp-1764668-do-not-report-unknown-guests.patch |
2474 | + + d/p/ubuntu/lp-1764668-fix-check_guests_shutdown-loop.patch |
2475 | + - SECURITY UPDATE: QEMU monitor DoS |
2476 | + + debian/patches/CVE-2018-1064.patch: add size limit to |
2477 | + src/qemu/qemu_agent.c. |
2478 | + + CVE-2018-1064 |
2479 | + - SECURITY UPDATE: Speculative Store Bypass |
2480 | + + debian/patches/CVE-2018-3639-1.patch: define the 'ssbd' CPUID feature |
2481 | + bit in src/cpu/cpu_map.xml. |
2482 | + + debian/patches/CVE-2018-3639-2.patch: define the 'virt-ssbd' CPUID |
2483 | + feature bit in src/cpu/cpu_map.xml. |
2484 | + + CVE-2018-3639 |
2485 | + - d/p/ubuntu-aa/lp1775777-vfio-usage-without-initial-hostdev.patch: fix |
2486 | + hotplug use cases where the initial guest had no hostdev at all and |
2487 | + therefore vrit-aa-helper did not allow /dev/vfio/vfio (LP: 1775777) |
2488 | + - debian/patches/ubuntu/lp-1758037-nwfilter-increase-pcap-buffer-size.patch: |
2489 | + Fix nwfilters that set CTRL_IP_LEARNING set to dhcp failing with "An error |
2490 | + occurred, but the cause is unknown" due to a buffer being too small |
2491 | + for pcap with TPACKET_V3 enabled (LP: 1758037) |
2492 | + - SECURITY UPDATE: code injection via libnss_dns.so |
2493 | + + debian/patches/CVE-2018-6764-1.patch: determine the hostname on |
2494 | + startup in src/util/virlog.c. |
2495 | + + debian/patches/CVE-2018-6764-2.patch: fix syntax-check in |
2496 | + src/util/virlog.c. |
2497 | + + debian/patches/CVE-2018-6764-3.patch: fix deadlock obtaining hostname |
2498 | + in cfg.mk, src/util/virlog.c. |
2499 | + + CVE-2018-6764 |
2500 | + * Dropped Changes (no upgrade path left that needs those) |
2501 | + - Backwards compatible handling of group rename (can be dropped >18.04). |
2502 | + - Modifications to adapt for our delayed switch away from libvirt-bin (can |
2503 | + be dropped >18.04). |
2504 | + + d/p/ubuntu/libvirtd-service-add-bin-alias.patch: systemd: define alias |
2505 | + to old service name so that old references work |
2506 | + + d/p/ubuntu/libvirtd-init-add-bin-alias.patch: sysv init: define alias |
2507 | + to old service name so that old references work |
2508 | + + d/control: transitional package with the old name and maintainer |
2509 | + scripts to handle the transition |
2510 | + - fix conffile upgrade handling to avoid obsolete files |
2511 | + and inactive duplicates (LP 1694159) |
2512 | + - conffile handling of files dropped in 3.5 (can be dropped >18.04) |
2513 | + + /etc/init.d/virtlockd was sysv init only |
2514 | + + /etc/apparmor.d/local/usr.sbin.libvirtd and |
2515 | + /etc/apparmor.d/local/usr.lib.libvirt.virt-aa-helper are now generated |
2516 | + by dh_apparmor as needed |
2517 | + - d/libvirt-daemon-system.maintscript: remove the now dropped conffile |
2518 | + /etc/cron.daily/libvirt-daemon-system |
2519 | + * Dropped Changes (cleanups) |
2520 | + - d/test/smoke-lxc workaround for debbug 848317/867379 (systemd has fixed |
2521 | + one issue and the other is solved in libvirt by ensuring to move to the |
2522 | + right cgroups.) |
2523 | + - remove no more used libvirt-dnsmasq user (this was redundant since |
2524 | + 4.0.0-1ubuntu5 reintroduced a libvirt-dnsmasq user) |
2525 | + - Disable selinux (now in main) |
2526 | + |
2527 | + -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Sat, 18 Aug 2018 14:40:58 +0200 |
2528 | + |
2529 | libvirt (4.6.0-2) unstable; urgency=medium |
2530 | |
2531 | * [c33faee] Drop dwarves dependency. |
2532 | @@ -1281,6 +3706,399 @@ libvirt (4.0.0-2) unstable; urgency=medium |
2533 | |
2534 | -- Guido Günther <agx@sigxcpu.org> Thu, 08 Feb 2018 19:29:59 +0100 |
2535 | |
2536 | +libvirt (4.0.0-1ubuntu13) cosmic; urgency=medium |
2537 | + |
2538 | + * ddebian/patches/ubuntu/ovmf_paths.patch: adjust paths to secboot.fd UEFI |
2539 | + Secure Boot enabled variants of the OVMF firmware and variable store for |
2540 | + the paths where we ship these files in Ubuntu. |
2541 | + |
2542 | + -- Mathieu Trudel-Lapierre <cyphermox@ubuntu.com> Wed, 27 Jun 2018 11:16:23 -0400 |
2543 | + |
2544 | +libvirt (4.0.0-1ubuntu12) cosmic; urgency=medium |
2545 | + |
2546 | + * d/p/ubuntu-aa/lp1775777-vfio-usage-without-initial-hostdev.patch: fix |
2547 | + hotplug use cases where the initial guest had no hostdev at all and |
2548 | + therefore vrit-aa-helper did not allow /dev/vfio/vfio (LP: #1775777) |
2549 | + |
2550 | + -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Tue, 12 Jun 2018 16:24:01 +0200 |
2551 | + |
2552 | +libvirt (4.0.0-1ubuntu11) cosmic; urgency=medium |
2553 | + |
2554 | + * SECURITY UPDATE: QEMU monitor DoS |
2555 | + - debian/patches/CVE-2018-1064.patch: add size limit to |
2556 | + src/qemu/qemu_agent.c. |
2557 | + - CVE-2018-1064 |
2558 | + * SECURITY UPDATE: Speculative Store Bypass |
2559 | + - debian/patches/CVE-2018-3639-1.patch: define the 'ssbd' CPUID feature |
2560 | + bit in src/cpu/cpu_map.xml. |
2561 | + - debian/patches/CVE-2018-3639-2.patch: define the 'virt-ssbd' CPUID |
2562 | + feature bit in src/cpu/cpu_map.xml. |
2563 | + - CVE-2018-3639 |
2564 | + |
2565 | + -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Tue, 22 May 2018 10:55:56 -0400 |
2566 | + |
2567 | +libvirt (4.0.0-1ubuntu10) cosmic; urgency=medium |
2568 | + |
2569 | + * Fix nwfilters that set CTRL_IP_LEARNING set to dhcp failing with "An error |
2570 | + occurred, but the cause is unknown" due to a buffer being too small |
2571 | + for pcap with TPACKET_V3 enabled (LP: #1758037) |
2572 | + - debian/patches/ubuntu/lp-1758037-nwfilter-increase-pcap-buffer-size.patch |
2573 | + |
2574 | + -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Wed, 09 May 2018 17:07:59 +0200 |
2575 | + |
2576 | +libvirt (4.0.0-1ubuntu9) cosmic; urgency=medium |
2577 | + |
2578 | + * debian/rules: disable the netcf backend. (LP: #1764314) |
2579 | + * debian/control: drop libnetcf from Build-Depends. |
2580 | + |
2581 | + -- Mathieu Trudel-Lapierre <cyphermox@ubuntu.com> Wed, 09 May 2018 10:06:15 -0400 |
2582 | + |
2583 | +libvirt (4.0.0-1ubuntu8) bionic; urgency=medium |
2584 | + |
2585 | + * Fix clean shut down of guests on system shutdown (LP: #1764668) |
2586 | + - d/p/ubuntu/lp-1764668-do-not-report-unknown-guests.patch |
2587 | + - d/p/ubuntu/lp-1764668-fix-check_guests_shutdown-loop.patch |
2588 | + |
2589 | + -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Tue, 24 Apr 2018 11:09:48 +0200 |
2590 | + |
2591 | +libvirt (4.0.0-1ubuntu7) bionic; urgency=medium |
2592 | + |
2593 | + * Fix nvdimm memory and passthrough input devices for hotplug via |
2594 | + domain security callbacks backporting upstream commits (LP: #1755153). |
2595 | + - d/p/ubuntu-aa/lp1755153-apparmor-add-Set-Restore-InputLabel.patch |
2596 | + - d/p/ubuntu-aa/lp1755153-apparmor-add-Set-Restore-MemoryLabel.patch |
2597 | + * Fix nvdimm memory and passthrough input devices in initial guest |
2598 | + description via virt-aa-helper (LP: #1757085). |
2599 | + - d/p/ubuntu-aa/lp1757085-virt-aa-helper-nvdimm-memory.patch |
2600 | + - d/p/ubuntu-aa/lp1757085-virt-aa-helper-passthrough-input.patch |
2601 | + |
2602 | + -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Wed, 21 Mar 2018 08:30:47 +0100 |
2603 | + |
2604 | +libvirt (4.0.0-1ubuntu6) bionic; urgency=medium |
2605 | + |
2606 | + * Backport from recent upstream to stabilize libvirt (LP: #1756915) |
2607 | + - d/p/stable/0033-qemu-Fix-comparison-assignment-in-qemuDomainUpdateDe.patch |
2608 | + - d/p/stable/0034-qemu-Fix-memory-leak-in-qemuConnectGetAllDomainStats.patch |
2609 | + - d/p/stable/0035-libvirtd-fix-potential-deadlock-when-reloading.patch |
2610 | + - d/p/stable/0036-qemu-Use-correct-bus-type-for-input-devices.patch |
2611 | + - d/p/stable/0037-qemu-hostdev-Fix-the-error-on-VM-start-with-an-mdev-.patch |
2612 | + - d/p/stable/0038-conf-Fix-crash-in-virDomainDefCompatibleDevice.patch |
2613 | + * d/p/ubuntu/lp1688508-tools-fix-variable-scope-in-in-check_guests_shutdown: |
2614 | + avoid issues shutting down more guests than configured for parallel |
2615 | + shutdown (LP: #1688508) |
2616 | + * d/p/ubuntu-aa/lp1756394-virt-aa-helper-resolve-file-symlinks.patch: fix |
2617 | + using devices that are symlinks (LP: #1756394) |
2618 | + |
2619 | + -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Mon, 19 Mar 2018 14:57:08 +0100 |
2620 | + |
2621 | +libvirt (4.0.0-1ubuntu5) bionic; urgency=medium |
2622 | + |
2623 | + * run dnsmasq as libvirt-dnsmasq (LP: #1743718) |
2624 | + - d/libvirt-daemon-system.postinst: add libvirt-dnsmasq user and group |
2625 | + - d/libvirt-daemon-system.postrm: remove libvirt-dnsmasq user and group on |
2626 | + purge |
2627 | + - d/p/ubuntu/dnsmasq-as-priv-user: write dnsmas config with user |
2628 | + libvirt-dnsmasq and adapt the self tests to expect that config |
2629 | + - d/libvirt-daemon-system.postinst: fix old libvirt-dnsmasq users |
2630 | + * Backport from recent upstream to stabilize libvirt (LP: #1754352) |
2631 | + - d/p/stable/0024-qemu-blockcopy-Add-check-for-bandwidth.patch |
2632 | + - d/p/stable/0025-conf-move-generated-member-from-virMacAddr-to-virDom.patch |
2633 | + - d/p/stable/0026-lxc-Drop-useless-check-in-live-device-update.patch |
2634 | + - d/p/stable/0027-Pass-oldDev-to-virDomainDefCompatibleDevice-on-devic.patch |
2635 | + - d/p/stable/0028-qemu-Fix-updating-device-with-boot-order.patch |
2636 | + - d/p/stable/0030-daemon-fix-rpc-event-leak-on-error-path-in-remoteDis.patch |
2637 | + - d/p/stable/0029-lxc-fix-rpc-event-leak-on-error-path-in-virLXCContro.patch |
2638 | + - d/p/stable/0031-qemu-fix-memory-leak-of-vporttype-during-migration.patch |
2639 | + - d/p/stable/0032-virsh-fixing-segfault-by-pool-autocompleter-function.patch |
2640 | + * d/p/ubuntu-aa/0041-apparmor-add-ro-rule-for-sasl-GSSAPI- |
2641 | + plugin-on-etc-g.patch fix issues if sasl is configured (LP: #1696471) |
2642 | + * d/p/ubuntu-aa/0042-virt-aa-helper-resolve-yet-to-be-created-paths.patch |
2643 | + ensure symlinks are resolved to get valid rules if interim parts of a path |
2644 | + are a symlink (LP: #1752361) |
2645 | + |
2646 | + -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Tue, 27 Feb 2018 12:04:02 +0100 |
2647 | + |
2648 | +libvirt (4.0.0-1ubuntu4) bionic; urgency=medium |
2649 | + |
2650 | + * d/p/ubuntu/lp1688508-tools-avoid-text-spilling-into-variables.patch: |
2651 | + avoid hanging on shutdown (LP: #1688508) |
2652 | + |
2653 | + -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Fri, 23 Feb 2018 16:43:19 +0100 |
2654 | + |
2655 | +libvirt (4.0.0-1ubuntu3) bionic; urgency=medium |
2656 | + |
2657 | + [ Christian Ehrhardt ] |
2658 | + * Backport of 23 bug fixes from recent upstream to stabilize libvirt on 18.04 |
2659 | + - d/p/stable/0001-Revert-qemu-monitor-do-not-report-error-on-shutdown.patch |
2660 | + - d/p/stable/0002-nodedev-Fix-failing-to-parse-PCI-address-for-non-PCI.patch |
2661 | + - d/p/stable/0003-qemu-assign-correct-type-of-PCI-address-for-vhost-sc.patch |
2662 | + - d/p/stable/0004-qemu-Refresh-caps-cache-after-booting-a-different-ke.patch |
2663 | + - d/p/stable/0005-qemu-auto-add-generic-xhci-rather-than-NEC-xhci-to-Q.patch |
2664 | + - d/p/stable/0006-libvirtd-Explicit-dependency-on-systemd-machined.patch |
2665 | + - d/p/stable/0007-rpc-fix-race-sending-and-encoding-sasl-data.patch |
2666 | + - d/p/stable/0008-vhost-user-add-support-reconnect-for-vhost-user-port.patch |
2667 | + - d/p/stable/0009-qemu-Fix-memory-leak-in-processGuestPanicEvent.patch |
2668 | + - d/p/stable/0010-storage-util-Properly-ignore-errors-when-backing-vol.patch |
2669 | + - d/p/stable/0011-conf-Use-correct-attribute-name-in-error-message.patch |
2670 | + - d/p/stable/0012-util-json-Add-helper-to-return-string-or-number-prop.patch |
2671 | + - d/p/stable/0013-util-storage-Parse-lun-for-iSCSI-protocol-from-JSON-.patch |
2672 | + - d/p/stable/0014-virsh-Offer-only-persistent-domains-for-autostart.patch |
2673 | + - d/p/stable/0015-blockjob-Fix-a-error-checking-of-blockjob-status-in-.patch |
2674 | + - d/p/stable/0016-qemu-Expose-rx-tx_queue_size-in-qemu.conf-too.patch |
2675 | + - d/p/stable/0017-qemu-migration-Refresh-device-information-after-tran.patch |
2676 | + - d/p/stable/0018-qemuDomainRemoveMemoryDevice-unlink-memory-backing-f.patch |
2677 | + - d/p/stable/0019-vbox-fix-SEGV-during-dumpxml-of-a-serial-port.patch |
2678 | + - d/p/stable/0020-qemu-Initialize-priv-in-qemuDomainCoreDumpWithFormat.patch |
2679 | + - d/p/stable/0021-fix-regex-to-check-CN-from-server-certificate.patch |
2680 | + - d/p/stable/0022-storage-Fix-formatting-and-parsing-of-qemu-type-Unix.patch |
2681 | + - d/p/stable/0023-util-storage-Remove-detected-authentication-data-for.patch |
2682 | + * d/rules: enable build time self tests on all architectures |
2683 | + |
2684 | + [ Marc Deslauriers ] |
2685 | + * SECURITY UPDATE: code injection via libnss_dns.so |
2686 | + - debian/patches/CVE-2018-6764-1.patch: determine the hostname on |
2687 | + startup in src/util/virlog.c. |
2688 | + - debian/patches/CVE-2018-6764-2.patch: fix syntax-check in |
2689 | + src/util/virlog.c. |
2690 | + - debian/patches/CVE-2018-6764-3.patch: fix deadlock obtaining hostname |
2691 | + in cfg.mk, src/util/virlog.c. |
2692 | + - CVE-2018-6764 |
2693 | + |
2694 | + -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Mon, 19 Feb 2018 14:18:44 +0100 |
2695 | + |
2696 | +libvirt (4.0.0-1ubuntu2) bionic; urgency=medium |
2697 | + |
2698 | + * d/p/ubuntu-aa/0025-apparmor-fix-newer-virt-manager-1.4.0.patch: refreshed |
2699 | + as libvirt 4.0 needs a reversed rule for openGraphicsFD (LP: #1747442) |
2700 | + - refreshed 0032 and 0040 to match the new context. |
2701 | + * d/p/ubuntu/virt-aa-helper-Set-the-supported-features.patch: allow parsing |
2702 | + of memory slots and other extended features without breaking |
2703 | + virt-aa-helper (LP: #1746431). |
2704 | + |
2705 | + -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Fri, 02 Feb 2018 07:31:17 +0100 |
2706 | + |
2707 | +libvirt (4.0.0-1ubuntu1) bionic; urgency=medium |
2708 | + |
2709 | + * Merged with Debian unstable (4.0) |
2710 | + This closes several bugs: |
2711 | + - Error generating apparmor profile when hostname contains spaces |
2712 | + (LP: #799997) |
2713 | + - qemu 2.10 locks files, libvirt shared now sets share-rw=on (LP: #1716028) |
2714 | + - libvirt usb passthrough throws apparmor denials related to |
2715 | + /run/udev/data/+usb (LP: #1727311) |
2716 | + - AppArmor denies access to /sys/block/*/queue/max_segments (LP: #1729626) |
2717 | + - iohelper improvements to let bypass-cache work without opening up the |
2718 | + apparmor isolation (LP: #1719579) |
2719 | + - nodeinfo on s390x to contain more CPU info (LP: #1733688) |
2720 | + - Upgrade libvirt >= 4.0 (LP: #1745934) |
2721 | + * Remaining changes: |
2722 | + - Disable libssh2 support (universe dependency) |
2723 | + - Disable firewalld support (universe dependency) |
2724 | + - Disable selinux |
2725 | + - Set qemu-group to kvm (for compat with older ubuntu) |
2726 | + - Additional apport package-hook |
2727 | + - Modifications to adapt for our delayed switch away from libvirt-bin (can |
2728 | + be dropped >18.04). |
2729 | + + d/p/ubuntu/libvirtd-service-add-bin-alias.patch: systemd: define alias |
2730 | + to old service name so that old references work |
2731 | + + d/p/ubuntu/libvirtd-init-add-bin-alias.patch: sysv init: define alias |
2732 | + to old service name so that old references work |
2733 | + + d/control: transitional package with the old name and maintainer |
2734 | + scripts to handle the transition |
2735 | + - Backwards compatible handling of group rename (can be dropped >18.04). |
2736 | + - config details and autostart of default bridged network. Creating that is |
2737 | + now the default in general, yet our solution provides the following on |
2738 | + top as of today: |
2739 | + + autostart the default network by default |
2740 | + + do not autostart if subnet is already taken (e.g. in guests). |
2741 | + - d/p/ubuntu/Allow-libvirt-group-to-access-the-socket.patch: This is |
2742 | + the group based access to libvirt functions as it was used in Ubuntu |
2743 | + for quite long. |
2744 | + + d/p/ubuntu/daemon-augeas-fix-expected.patch fix some related tests |
2745 | + due to the group access change. |
2746 | + - ubuntu/parallel-shutdown.patch: set parallel shutdown by default. |
2747 | + - d/p/ubuntu/enable-kvm-spice.patch: compat with older Ubuntu qemu/kvm |
2748 | + which provided a separate kvm-spice. |
2749 | + - d/p/ubuntu/ubuntu-libxl-qemu-path.patch: this change was split. The |
2750 | + section that adapts the path of the emulator to the Debian/Ubuntu |
2751 | + packaging is kept. |
2752 | + - d/p/ubuntu/ubuntu-libxl-Fix-up-VRAM-to-minimum-requirements.patch: auto |
2753 | + set VRAM to minimum requirements |
2754 | + - d/p/ubuntu/xen-default-uri.patch: set default URI on xen hosts |
2755 | + - Add libxl log directory |
2756 | + - libvirt-uri.sh: Automatically switch default libvirt URI for users on |
2757 | + Xen dom0 via user profile (was missing on changelogs before) |
2758 | + - d/p/ubuntu/apibuild-skip-libvirt-common.h: drop libvirt-common.h from |
2759 | + included_files to avoid build failures due to duplicate definitions. |
2760 | + - Update README.Debian with Ubuntu changes |
2761 | + - Convert libvirt0, libnss_libvirt and libvirt-dev to multi-arch. |
2762 | + - Enable some additional features on ppc64el and s390x (for arch parity) |
2763 | + + systemtap, zfs, numa and numad on s390x. |
2764 | + + systemtap on ppc64el. |
2765 | + - fix conffile upgrade handling to avoid obsolete files |
2766 | + and inactive duplicates (LP 1694159) |
2767 | + - d/t/control, d/t/smoke-qemu-session: fixup smoke-qemu-session by making |
2768 | + vmlinuz available and accessible (Debian bug 848314) |
2769 | + - d/test/smoke-lxc workaround for debbug 848317/867379 |
2770 | + - d/t/control, d/t/smoke-lxc: fix up lxc smoke test (Debian bug 848317) |
2771 | + - Add dnsmasq configuration to work with system wide dnsmasq (drop >18.04, |
2772 | + no more UCA onto Xenial then which has global dnsmasq by default). |
2773 | + - d/p/ubuntu/ubuntu_machine_type.patch: accept ubuntu types as pci440fx |
2774 | + - conffile handling of files dropped in 3.5 (can be dropped >18.04) |
2775 | + + /etc/init.d/virtlockd was sysv init only |
2776 | + + /etc/apparmor.d/local/usr.sbin.libvirtd and |
2777 | + /etc/apparmor.d/local/usr.lib.libvirt.virt-aa-helper are now generated |
2778 | + by dh_apparmor as needed |
2779 | + - Reworked apparmor Delta, especially the more complex delta is dropped |
2780 | + now, also our former delta is now split into logical pieces, has |
2781 | + improved comments and is part of a continuous upstreaming effort. |
2782 | + Listing related remaining changes: |
2783 | + + d/p/0001-apparmor-Allow-pygrub-to-run-on-Debian-Ubuntu.patch: apparmor: |
2784 | + Allow pygrub to run on Debian/Ubuntu |
2785 | + + d/p/0003-apparmor-libvirt-qemu-Allow-read-access-to-overcommi.patch: |
2786 | + apparmor, libvirt-qemu: Allow read access to overcommit_memory |
2787 | + + d/p/0007-apparmor-libvirt-qemu-Allow-owner-read-access-to-PRO.patch: |
2788 | + apparmor, libvirt-qemu: Allow owner read access to @{PROC}/*/auxv |
2789 | + + d/p/0017-apparmor-virt-aa-helper-Allow-access-to-tmp-director.patch: |
2790 | + apparmor, virt-aa-helper: Allow access to tmp directories |
2791 | + + d/p/ubuntu-aa/0020-virt-aa-helper-ubuntu-storage-paths.patch: |
2792 | + apparmor, virt-aa-helper: Allow various storage pools and image |
2793 | + locations |
2794 | + + d/p/0021-apparmor-virt-aa-helper-Add-openvswitch-support.patch: |
2795 | + apparmor, virt-aa-helper: Add openvswitch support |
2796 | + + d/p/0025-apparmor-fix-newer-virt-manager-1.4.0.patch: Add Apparmor |
2797 | + permissions so virt-manager 1.4.0 viewing works (LP 1668681). |
2798 | + + d/p/0029-appmor-libvirt-qemu-Add-9p-support.patch: appmor, |
2799 | + libvirt-qemu: Add 9p support |
2800 | + + d/p/0030-virt-aa-helper-Complete-9p-support.patch: virt-aa-helper: |
2801 | + add l to 9p file options. |
2802 | + + d/p/0031-virt-aa-helper-Ask-for-no-deny-rule-for-readonly-dis.patch: |
2803 | + virt-aa-helper: Ask for no deny rule for readonly disk (renamed and |
2804 | + reworded, was virt-aa-helper-no-explicity-deny-for-basefiles.patch) |
2805 | + + d/p/0032-apparmor-libvirt-qemu-Allow-reading-charm-specific-c.patch: |
2806 | + apparmor, libvirt-qemu: Allow reading charm-specific ceph config |
2807 | + + d/p/0033-UBUNTU-only-apparmor-for-kvm.powerpc-LP-1680384.patch: allow |
2808 | + commands executed by ubuntu only kvm wrapper on ppc64el (LP 1686621). |
2809 | + + d/p/0034-apparmor-virt-aa-helper-access-for-snapped-nova.patch: |
2810 | + apparmor, virt-aa-helper: access for snapped nova |
2811 | + * Dropped Changes (Upstream): |
2812 | + - d/p/0005-apparmor-libvirt-qemu-Allow-use-of-sgabios.patch: apparmor, |
2813 | + libvirt-qemu: Allow use of sgabios |
2814 | + - d/p/0006-apparmor-libvirt-qemu-Silence-lttng-related-deny-mes.patch: |
2815 | + apparmor, libvirt-qemu: Silence lttng related deny messages |
2816 | + - d/p/0008-apparmor-libvirt-qemu-Allow-read-access-to-sysfs-sys.patch: |
2817 | + apparmor, libvirt-qemu: Allow read access to sysfs system info |
2818 | + - d/p/0009-apparmor-libvirt-qemu-Allow-read-access-to-max_mem_r.patch: |
2819 | + apparmor, libvirt-qemu: Allow read access to max_mem_regions |
2820 | + - d/p/0010-apparmor-libvirt-qemu-Allow-qemu-block-extra-librari.patch: |
2821 | + apparmor, libvirt-qemu: Allow qemu-block-extra libraries |
2822 | + - d/p/0012-apparmor-libvirtd-Allow-access-to-netlink-sockets.patch: |
2823 | + apparmor, libvirtd: Allow access to netlink sockets |
2824 | + - d/p/0013-apparmor-Add-rules-for-mediation-support.patch: |
2825 | + apparmor: Add rules for mediation support |
2826 | + - d/p/0015-apparmor-virt-aa-helper-Allow-access-to-ecryptfs-fil.patch: |
2827 | + apparmor, virt-aa-helper: Allow access to ecryptfs files |
2828 | + - d/p/0016-apparmor-libvirtd-Allow-ixr-to-var-lib-libvirt-virtd.patch: |
2829 | + apparmor, libvirtd: Allow ixr to /var/lib/libvirt/virtd* |
2830 | + - d/p/0018-apparmor-virt-aa-helper-Add-ipv6-network-policy.patch: |
2831 | + apparmor, virt-aa-helper: Add ipv6 network policy |
2832 | + - d/p/0019-apparmor-virt-aa-helper-Allow-access-to-sys-bus-usb-.patch: |
2833 | + apparmor, virt-aa-helper: Allow access to /sys/bus/usb/devices |
2834 | + - d/p/0023-apparmor-qemu-won-t-call-qemu-nbd.patch: apparmor: qemu |
2835 | + won't call qemu-nbd |
2836 | + - d/p/0027-apparmor-allow-reading-cmdline-of-shutdown-signal.patch: |
2837 | + apparmor: allow to parse cmdline of the pid that send the shutdown |
2838 | + signal (LP 1680384). |
2839 | + - d/p/0028-apparmor-add-default-pki-path-of-lbvirt-spice.patch: |
2840 | + apparmor: add default pki path of lbvirt-spice (LP 1690140) |
2841 | + - d/p/ubuntu-aa/0035-virt-aa-helper-locking-disk-files-for-qemu-2.10.patch: |
2842 | + for compatibility with the behavior of qemu 2.10 this adds locking |
2843 | + permission to rules generated for disk files (LP 1709818) |
2844 | + - d/p/ubuntu-aa/0036-virt-aa-helper-locking-loader-nvram-for-qemu-2.10.patch: |
2845 | + for compatibility with the behavior of qemu 2.10 this adds locking |
2846 | + permission to rules generated for loader/nvram (LP 1710960) |
2847 | + - d/p/ubuntu-aa/0037-virt-aa-helper...: grant locking permission on append |
2848 | + files (LP 1726804) |
2849 | + - d/p/ubuntu-aa/0038-virt-aa-helper-fix-paths-for-usb-hostdevs.patch: |
2850 | + fix path generation for USB host devices (LP 1552241) |
2851 | + - d/p/ubuntu-aa/0039-virt-aa-helper-fix-libusb-access-to-udev-usb-data.patch: |
2852 | + generate valid rules on usb passthrough (LP 1686324) |
2853 | + - d/p/avoid-double-locking.patch: fix a deadlock that could occur when |
2854 | + libvirtd interactions raced with dbus causing a deadlock (LP 1714254). |
2855 | + - d/p/u/gnulib-getopt-posix-Fix-build-failure-when-using-ac_cv_head.patch: |
2856 | + fix FTBFS with glibc 2.26 (LP 1718668) |
2857 | + - Extended handling of apparmor profiles - clear lost profiles via cron |
2858 | + (now cleared by virt-aa-helper on domain stop) |
2859 | + - nat only on some ports <port start='1024' end='65535'/> (upstream |
2860 | + default now if nothing is specified, actually dropped last cycle) |
2861 | + * Dropped Changes (In Debian or no more important): |
2862 | + - d/p/0002-apparmor-libvirt-qemu-Allow-macvtap-access.patch: apparmor, |
2863 | + libvirt-qemu: Allow macvtap access |
2864 | + - d/p/0004-apparmor-Explicit-deny-for-setpcap.patch: apparmor: Explicit |
2865 | + deny for setpcap (LP 522845). |
2866 | + - d/p/0014-apparmor-virt-aa-helper-Improve-comment-about-backin.patch: |
2867 | + apparmor, virt-aa-helper: Improve comment about backing store |
2868 | + - d/p/0022-apparmor-drop-references-to-qemu-kvm.patch: apparmor: drop |
2869 | + references to qemu-kvm |
2870 | + - d/p/0024-apparmor-virt-aa-helper-Allow-access-to-name-service.patch: |
2871 | + apparmor, virt-aa-helper: Allow access to name services |
2872 | + - d/p/0026-apparmor-add-generic-base-vfio-device.patch: apparmor: add |
2873 | + /dev/vfio for vf (hot) attach (LP 1680384) (added by virt-aa-helper per |
2874 | + guest if needed). |
2875 | + - d/p/0011-apparmor-libvirt-qemu-Allow-access-to-hugepage-mount.patch: |
2876 | + apparmor, libvirt-qemu: Allow access to hugepage mounts |
2877 | + - Disable sheepdog (was for universe dependency, but is now only a suggest) |
2878 | + - d/p/ubuntu/storage-disable-gluster-test: gluster not enabled, skip test |
2879 | + * Dropped Changes (In Debian/Upstream now based on interim 3.10 work) some of |
2880 | + these were never released, but important to mention for the bug references: |
2881 | + - libnss-libvirt once enabled causes apt to call getdents |
2882 | + avoid this being an issue by dropping a apt conf that allows |
2883 | + this in seccomp (LP: #1732030). |
2884 | + - d/libvirt-daemon-system.postrm: clean up more libvirt directories on |
2885 | + purge |
2886 | + - d/p/ubuntu-aa/0041-apparmor-allow-unix-stream-for-p2p-migrations.patch: |
2887 | + apparmor: allow unix stream for p2p migrations |
2888 | + - d/p/ubuntu-aa/0043-security-apparmor-implement-domainSetPathLabel.patch: |
2889 | + this replaces the hugepage rules and fixes many more formerly missing |
2890 | + - d/p/ubuntu-aa/0044-security-full-path-option-for-DomainSetPathLabel.patch: |
2891 | + allowing to have path wildcards on labels set by domain callbacks |
2892 | + - d/p/ubuntu-aa/0045-security-apparmor-add-Set-Restore-ChardevLabel.patch: |
2893 | + apparmor implementation of security callback |
2894 | + - d/p/ubuntu-aa/0046-apparmor-virt-aa-helper-drop-static-channel-rule.patch: |
2895 | + this is now covered by chardev label callbacks |
2896 | + * Added Changes: |
2897 | + - Revert Debian change "Drop libvirt-bin upgrade handling" |
2898 | + This is needed in Ubuntu one last time (drop >18.04) |
2899 | + - Revert Debian change "Drop maintscript helpers for versions predating |
2900 | + jessie and wheezy-backports". This is needed in Ubuntu one last |
2901 | + time (drop >18.04) |
2902 | + - Refreshed d/p/* to match new version (only fuzz, no semantic change) |
2903 | + - d/libvirt-daemon-system.postrm: change order of libvirt-qemu removal |
2904 | + to avoid error messages on purge |
2905 | + - remove no more used libvirt-dnsmasq user (drop >18.04) |
2906 | + - d/p/ubuntu-aa/0040-apparmor-add-mediation-rules-for-unconfined.patch: |
2907 | + apparmor: add mediation rules for unconfined guests |
2908 | + - d/p/ubuntu-aa/0042-security-introduce-virSecurityManager-Set-Restore-Ch |
2909 | + .patch: backport upstream cahnge to expose already used chardev calls. |
2910 | + - d/libvirt-daemon-system.postrm: Remove the default.xml network link |
2911 | + set up by postinst. |
2912 | + - d/libvirt-daemon-system.maintscript: remove the now dropped conffile |
2913 | + /etc/cron.daily/libvirt-daemon-system |
2914 | + - d/libvirt-daemon-system.postinst: fixups for autostart default network |
2915 | + - use modern shell syntax |
2916 | + - try more default networks before giving up to enable by default |
2917 | + - d/p/ubuntu-aa/0020-virt-aa-helper-ubuntu-storage-paths.patch: |
2918 | + add multipass image path and mark as ubuntu only change. |
2919 | + - d/rules: install virtlockd correctly with defaults file (LP: #1729516) |
2920 | + - extended d/p/0025-apparmor-fix-newer-virt-manager-1.4.0.patch to cover |
2921 | + the slightly changed behavior of libvirt 4.0 (LP: #1741617) |
2922 | + - d/control: make libvirt-daemon-driver-storage-rbd a recommend instead of |
2923 | + just a suggest to have 3rd party relying on rbd out of the box working. |
2924 | + This is deprecated and users of rbd backend should start depending on |
2925 | + this package for it will be dropped to a suggest in future releases. |
2926 | + |
2927 | + -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Thu, 14 Dec 2017 14:15:55 +0100 |
2928 | + |
2929 | libvirt (4.0.0-1) unstable; urgency=medium |
2930 | |
2931 | * [5936904] New upstream version 4.0.0 |
2932 | @@ -1438,6 +4256,206 @@ libvirt (3.7.0-1) unstable; urgency=medium |
2933 | |
2934 | -- Guido Günther <agx@sigxcpu.org> Fri, 08 Sep 2017 14:52:38 +0200 |
2935 | |
2936 | +libvirt (3.6.0-1ubuntu6) artful; urgency=medium |
2937 | + |
2938 | + * d/p/ubuntu-aa/0037-virt-aa-helper...: grant locking permission on append |
2939 | + files (LP: #1726804) |
2940 | + * d/p/ubuntu-aa/0038-virt-aa-helper-fix-paths-for-usb-hostdevs.patch: |
2941 | + fix path generation for USB host devices (LP: #1552241) |
2942 | + * d/p/ubuntu-aa/0039-virt-aa-helper-fix-libusb-access-to-udev-usb-data.patch: |
2943 | + generate valid rules on usb passthrough (LP: #1686324) |
2944 | + |
2945 | + -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Tue, 24 Oct 2017 14:30:34 +0200 |
2946 | + |
2947 | +libvirt (3.6.0-1ubuntu5) artful; urgency=medium |
2948 | + |
2949 | + * d/p/u/gnulib-getopt-posix-Fix-build-failure-when-using-ac_cv_head.patch: |
2950 | + fix FTBFS with glibc 2.26 (LP: #1718668) |
2951 | + |
2952 | + -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Thu, 28 Sep 2017 08:18:10 -0400 |
2953 | + |
2954 | +libvirt (3.6.0-1ubuntu4) artful; urgency=medium |
2955 | + |
2956 | + * d/p/avoid-double-locking.patch: fix a deadlock that could occur when |
2957 | + libvirtd interactions raced with dbus causing a deadlock (LP: #1714254). |
2958 | + |
2959 | + -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Fri, 01 Sep 2017 10:29:35 +0200 |
2960 | + |
2961 | +libvirt (3.6.0-1ubuntu3) artful; urgency=medium |
2962 | + |
2963 | + * No change rebuild for Qemu 2.10 and Xen 4.9 |
2964 | + |
2965 | + -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Mon, 21 Aug 2017 10:34:13 +0200 |
2966 | + |
2967 | +libvirt (3.6.0-1ubuntu2) artful; urgency=medium |
2968 | + |
2969 | + * d/p/ubuntu-aa/0036-virt-aa-helper-locking-loader-nvram-for-qemu-2.10.patch: |
2970 | + for compatibility with the behavior of qemu 2.10 this adds locking |
2971 | + permission to rules generated for loader/nvram (LP: #1710960) |
2972 | + |
2973 | + -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Thu, 17 Aug 2017 10:00:19 +0200 |
2974 | + |
2975 | +libvirt (3.6.0-1ubuntu1) artful; urgency=medium |
2976 | + |
2977 | + * Merged with Debian unstable (3.6) |
2978 | + This closes several bugs: |
2979 | + - aarch64: improved chardev handling (LP: #1697610) |
2980 | + - Forbid locking memory without memtune (LP: #1708305) |
2981 | + * Remaining changes: |
2982 | + - Disable sheepdog (universe dependency) |
2983 | + - Disable libssh2 support (universe dependency) |
2984 | + - Disable firewalld support (universe dependency) |
2985 | + - Disable selinux |
2986 | + - Set qemu-group to kvm (for compat with older ubuntu) |
2987 | + - Regularly clear AppArmor profiles for vms that no longer exist |
2988 | + - Additional apport package-hook |
2989 | + - Modifications to adapt for our delayed switch away from libvirt-bin (can |
2990 | + be dropped >18.04). |
2991 | + + d/p/ubuntu/libvirtd-service-add-bin-alias.patch: systemd: define alias |
2992 | + to old service name so that old references work |
2993 | + + d/p/ubuntu/libvirtd-init-add-bin-alias.patch: sysv init: define alias |
2994 | + to old service name so that old references work |
2995 | + + d/control: transitional package with the old name and maintainer |
2996 | + scripts to handle the transition |
2997 | + - Backwards compatible handling of group rename (can be dropped >18.04). |
2998 | + - config details and autostart of default bridged network. Creating that is |
2999 | + now the default in general, yet our solution provides the following on |
3000 | + top as of today: |
3001 | + + nat only on some ports <port start='1024' end='65535'/> |
3002 | + + autostart the default network by default |
3003 | + + do not autostart if 192.168.122.0 is already taken (e.g. in containers) |
3004 | + - d/p/ubuntu/Allow-libvirt-group-to-access-the-socket.patch: This is |
3005 | + the group based access to libvirt functions as it was used in Ubuntu |
3006 | + for quite long. |
3007 | + + d/p/ubuntu/daemon-augeas-fix-expected.patch fix some related tests |
3008 | + due to the group access change. |
3009 | + - ubuntu/parallel-shutdown.patch: set parallel shutdown by default. |
3010 | + - d/p/ubuntu/enable-kvm-spice.patch: compat with older Ubuntu qemu/kvm |
3011 | + which provided a separate kvm-spice. |
3012 | + - d/p/ubuntu/storage-disable-gluster-test: gluster not enabled, skip test |
3013 | + - d/p/ubuntu/ubuntu-libxl-qemu-path.patch: this change was split. The |
3014 | + section that adapts the path of the emulator to the Debian/Ubuntu |
3015 | + packaging is kept. |
3016 | + - d/p/ubuntu/ubuntu-libxl-Fix-up-VRAM-to-minimum-requirements.patch: auto |
3017 | + set VRAM to minimum requirements |
3018 | + - d/p/ubuntu/xen-default-uri.patch: set default URI on xen hosts |
3019 | + - Add libxl log directory |
3020 | + - libvirt-uri.sh: Automatically switch default libvirt URI for users on |
3021 | + Xen dom0 via user profile (was missing on changelogs before) |
3022 | + - d/p/ubuntu/apibuild-skip-libvirt-common.h: drop libvirt-common.h from |
3023 | + included_files to avoid build failures due to duplicate definitions. |
3024 | + - Update README.Debian with Ubuntu changes |
3025 | + - Convert libvirt0, libnss_libvirt and libvirt-dev to multi-arch. |
3026 | + - Enable some additional features on ppc64el and s390x (for arch parity) |
3027 | + + systemtap, zfs, numa and numad on s390x. |
3028 | + + systemtap on ppc64el. |
3029 | + - fix conffile upgrade handling to avoid obsolete files |
3030 | + and inactive duplicates (LP 1694159) |
3031 | + - d/t/control, d/t/smoke-qemu-session: fixup smoke-qemu-session by making |
3032 | + vmlinuz available and accessible (Debian bug 848314) |
3033 | + - d/test/smoke-lxc workaround for debbug 848317/867379 |
3034 | + - d/t/control, d/t/smoke-lxc: fix up lxc smoke test (Debian bug 848317) |
3035 | + - Extended handling of apparmor profiles - clear lost profiles via cron |
3036 | + - Add dnsmasq configuration to work with system wide dnsmasq (drop >18.04, |
3037 | + no more UCA onto Xenial then which has global dnsmasq by default). |
3038 | + - d/p/ubuntu/ubuntu_machine_type.patch: accept ubuntu types as pci440fx |
3039 | + - conffile handling of files dropped in 3.5 (can be dropped >18.04) |
3040 | + + /etc/init.d/virtlockd was sysv init only |
3041 | + + /etc/apparmor.d/local/usr.sbin.libvirtd and |
3042 | + /etc/apparmor.d/local/usr.lib.libvirt.virt-aa-helper are now generated |
3043 | + by dh_apparmor as needed |
3044 | + - Reworked apparmor Delta, especially the more complex delta is dropped |
3045 | + now, also our former delta is now split into logical pieces, has |
3046 | + improved comments and is part of a continuous upstreaming effort. |
3047 | + Listing related remaining changes: |
3048 | + + d/p/0001-apparmor-Allow-pygrub-to-run-on-Debian-Ubuntu.patch: apparmor: |
3049 | + Allow pygrub to run on Debian/Ubuntu |
3050 | + + d/p/0002-apparmor-libvirt-qemu-Allow-macvtap-access.patch: apparmor, |
3051 | + libvirt-qemu: Allow macvtap access |
3052 | + + d/p/0003-apparmor-libvirt-qemu-Allow-read-access-to-overcommi.patch: |
3053 | + apparmor, libvirt-qemu: Allow read access to overcommit_memory |
3054 | + + d/p/0004-apparmor-Explicit-deny-for-setpcap.patch: apparmor: Explicit |
3055 | + deny for setpcap |
3056 | + + d/p/0005-apparmor-libvirt-qemu-Allow-use-of-sgabios.patch: apparmor, |
3057 | + libvirt-qemu: Allow use of sgabios |
3058 | + + d/p/0006-apparmor-libvirt-qemu-Silence-lttng-related-deny-mes.patch: |
3059 | + apparmor, libvirt-qemu: Silence lttng related deny messages |
3060 | + + d/p/0007-apparmor-libvirt-qemu-Allow-owner-read-access-to-PRO.patch: |
3061 | + apparmor, libvirt-qemu: Allow owner read access to @{PROC}/*/auxv |
3062 | + + d/p/0008-apparmor-libvirt-qemu-Allow-read-access-to-sysfs-sys.patch: |
3063 | + apparmor, libvirt-qemu: Allow read access to sysfs system info |
3064 | + + d/p/0009-apparmor-libvirt-qemu-Allow-read-access-to-max_mem_r.patch: |
3065 | + apparmor, libvirt-qemu: Allow read access to max_mem_regions |
3066 | + + d/p/0010-apparmor-libvirt-qemu-Allow-qemu-block-extra-librari.patch: |
3067 | + apparmor, libvirt-qemu: Allow qemu-block-extra libraries |
3068 | + + d/p/0011-apparmor-libvirt-qemu-Allow-access-to-hugepage-mount.patch: |
3069 | + apparmor, libvirt-qemu: Allow access to hugepage mounts |
3070 | + + d/p/0012-apparmor-libvirtd-Allow-access-to-netlink-sockets.patch: |
3071 | + apparmor, libvirtd: Allow access to netlink sockets |
3072 | + + d/p/0013-apparmor-Add-rules-for-mediation-support.patch: |
3073 | + apparmor: Add rules for mediation support |
3074 | + + d/p/0014-apparmor-virt-aa-helper-Improve-comment-about-backin.patch: |
3075 | + apparmor, virt-aa-helper: Improve comment about backing store |
3076 | + + d/p/0015-apparmor-virt-aa-helper-Allow-access-to-ecryptfs-fil.patch: |
3077 | + apparmor, virt-aa-helper: Allow access to ecryptfs files |
3078 | + + d/p/0016-apparmor-libvirtd-Allow-ixr-to-var-lib-libvirt-virtd.patch: |
3079 | + apparmor, libvirtd: Allow ixr to /var/lib/libvirt/virtd* |
3080 | + + d/p/0017-apparmor-virt-aa-helper-Allow-access-to-tmp-director.patch: |
3081 | + apparmor, virt-aa-helper: Allow access to tmp directories |
3082 | + + d/p/0018-apparmor-virt-aa-helper-Add-ipv6-network-policy.patch: |
3083 | + apparmor, virt-aa-helper: Add ipv6 network policy |
3084 | + + d/p/0019-apparmor-virt-aa-helper-Allow-access-to-sys-bus-usb-.patch: |
3085 | + apparmor, virt-aa-helper: Allow access to /sys/bus/usb/devices |
3086 | + + d/p/0020-apparmor-virt-aa-helper-Allow-various-storage-pools-.patch: |
3087 | + apparmor, virt-aa-helper: Allow various storage pools and image |
3088 | + locations |
3089 | + + d/p/0021-apparmor-virt-aa-helper-Add-openvswitch-support.patch: |
3090 | + apparmor, virt-aa-helper: Add openvswitch support |
3091 | + + d/p/0022-apparmor-drop-references-to-qemu-kvm.patch: apparmor: drop |
3092 | + references to qemu-kvm |
3093 | + + d/p/0023-apparmor-qemu-won-t-call-qemu-nbd.patch: apparmor: qemu |
3094 | + won't call qemu-nbd |
3095 | + + d/p/0024-apparmor-virt-aa-helper-Allow-access-to-name-service.patch: |
3096 | + apparmor, virt-aa-helper: Allow access to name services |
3097 | + + d/p/0025-apparmor-fix-newer-virt-manager-1.4.0.patch: Add Apparmor |
3098 | + permissions so virt-manager 1.4.0 viewing works (LP 1668681). |
3099 | + + d/p/0026-apparmor-add-generic-base-vfio-device.patch: apparmor: add |
3100 | + /dev/vfio for vf (hot) attach (LP 1680384). |
3101 | + + d/p/0027-apparmor-allow-reading-cmdline-of-shutdown-signal.patch: |
3102 | + apparmor: allow to parse cmdline of the pid that send the shutdown |
3103 | + signal (LP 1680384). |
3104 | + + d/p/0028-apparmor-add-default-pki-path-of-lbvirt-spice.patch: |
3105 | + apparmor: add default pki path of lbvirt-spice (LP 1690140) |
3106 | + + d/p/0029-appmor-libvirt-qemu-Add-9p-support.patch: appmor, |
3107 | + libvirt-qemu: Add 9p support |
3108 | + + d/p/0030-virt-aa-helper-Complete-9p-support.patch: virt-aa-helper: |
3109 | + add l to 9p file options. |
3110 | + + d/p/0031-virt-aa-helper-Ask-for-no-deny-rule-for-readonly-dis.patch: |
3111 | + virt-aa-helper: Ask for no deny rule for readonly disk (renamed and |
3112 | + reworded, was virt-aa-helper-no-explicity-deny-for-basefiles.patch) |
3113 | + + d/p/0032-apparmor-libvirt-qemu-Allow-reading-charm-specific-c.patch: |
3114 | + apparmor, libvirt-qemu: Allow reading charm-specific ceph config |
3115 | + + d/p/0033-UBUNTU-only-apparmor-for-kvm.powerpc-LP-1680384.patch: allow |
3116 | + commands executed by ubuntu only kvm wrapper on ppc64el (LP 1686621). |
3117 | + + d/p/0034-apparmor-virt-aa-helper-access-for-snapped-nova.patch: |
3118 | + apparmor, virt-aa-helper: access for snapped nova |
3119 | + * Dropped Changes (Upstream): |
3120 | + - d/p/ubuntu/fix-libxl-default-driver-name.patch: avoid an issue with |
3121 | + default driver entries missing name='qemu'. |
3122 | + - d/p/u/aa-helper-Properly-link-with-storage-driver.patch (LP 1704782) |
3123 | + Fix to be able to follow BackinStorage chains when creating per |
3124 | + guest apparmor rules. |
3125 | + * Dropped Changes (In Debian): |
3126 | + - Enable esx support |
3127 | + + Add build-dep to libcurl4-gnutls-dev (required for esx) |
3128 | + * Added Changes: |
3129 | + - d/p/ubuntu-aa/0035-virt-aa-helper-locking-disk-files-for-qemu-2.10.patch: |
3130 | + for compatibility with the behavior of qemu 2.10 this adds locking |
3131 | + permission to rules generated for disk files (LP: #1709818) |
3132 | + |
3133 | + |
3134 | + -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Thu, 10 Aug 2017 12:44:47 +0200 |
3135 | + |
3136 | libvirt (3.6.0-1) unstable; urgency=medium |
3137 | |
3138 | * [ece8d56] New upstream version 3.6.0 (Closes: #870626) |
3139 | @@ -1454,6 +4472,264 @@ libvirt (3.6.0-1) unstable; urgency=medium |
3140 | |
3141 | -- Guido Günther <agx@sigxcpu.org> Fri, 04 Aug 2017 00:05:47 -0300 |
3142 | |
3143 | +libvirt (3.5.0-1ubuntu3) artful; urgency=medium |
3144 | + |
3145 | + * Refresh changes to match they way they were accepted upstream |
3146 | + - d/p/u/aa-helper-Properly-link-with-storage-driver.patch add commit |
3147 | + reference now that it is in git. |
3148 | + - d/p/u/fix-libxl-default-driver-name.patch: instead of addin the |
3149 | + name this is now fixed by relaxing the schema. |
3150 | + |
3151 | + -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Wed, 19 Jul 2017 12:48:39 +0200 |
3152 | + |
3153 | +libvirt (3.5.0-1ubuntu2) artful; urgency=medium |
3154 | + |
3155 | + * d/p/u/aa-helper-Properly-link-with-storage-driver.patch (LP: #1704782) |
3156 | + Fix to be able to follow BackinStorage chains when creating per |
3157 | + guest apparmor rules. |
3158 | + |
3159 | + -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Tue, 18 Jul 2017 16:34:57 +0200 |
3160 | + |
3161 | +libvirt (3.5.0-1ubuntu1) artful; urgency=medium |
3162 | + |
3163 | + * Merged with Debian unstable (3.5) |
3164 | + This closes several bugs: |
3165 | + - improved handling of host-model since libvirt 3.2 (LP: #1673467) |
3166 | + - Adding POWER9 cpu model to cpu_map.xml (LP: #1690209) |
3167 | + * Remaining changes: |
3168 | + - Disable sheepdog (universe dependency) |
3169 | + - Disable libssh2 support (universe dependency) |
3170 | + - Disable firewalld support (universe dependency) |
3171 | + - Disable selinux |
3172 | + - Enable esx support |
3173 | + + Add build-dep to libcurl4-gnutls-dev (required for esx) |
3174 | + - Set qemu-group to kvm (for compat with older ubuntu) |
3175 | + - Regularly clear AppArmor profiles for vms that no longer exist |
3176 | + - Additional apport package-hook |
3177 | + - Modifications to adapt for our delayed switch away from libvirt-bin (can |
3178 | + be dropped >18.04). |
3179 | + + d/p/ubuntu/libvirtd-service-add-bin-alias.patch: systemd: define alias |
3180 | + to old service name so that old references work |
3181 | + + d/p/ubuntu/libvirtd-init-add-bin-alias.patch: sysv init: define alias |
3182 | + to old service name so that old references work |
3183 | + + d/control: transitional package with the old name and maintainer |
3184 | + scripts to handle the transition |
3185 | + - Backwards compatible handling of group rename (can be dropped >18.04). |
3186 | + - config details and autostart of default bridged network. Creating that is |
3187 | + now the default in general, yet our solution provides the following on |
3188 | + top as of today: |
3189 | + + nat only on some ports <port start='1024' end='65535'/> |
3190 | + + autostart the default network by default |
3191 | + + do not autostart if 192.168.122.0 is already taken (e.g. in containers) |
3192 | + - d/p/ubuntu/Allow-libvirt-group-to-access-the-socket.patch: This is |
3193 | + the group based access to libvirt functions as it was used in Ubuntu |
3194 | + for quite long. |
3195 | + + d/p/ubuntu/daemon-augeas-fix-expected.patch fix some related tests |
3196 | + due to the group access change. |
3197 | + - ubuntu/parallel-shutdown.patch: set parallel shutdown by default. |
3198 | + - d/p/ubuntu/enable-kvm-spice.patch: compat with older Ubuntu qemu/kvm |
3199 | + which provided a separate kvm-spice. |
3200 | + - d/p/ubuntu/storage-disable-gluster-test: gluster not enabled, skip test |
3201 | + - d/p/ubuntu/ubuntu-libxl-qemu-path.patch: this change was split. The |
3202 | + section that adapts the path of the emulator to the Debian/Ubuntu |
3203 | + packaging is kept. |
3204 | + - d/p/ubuntu/ubuntu-libxl-Fix-up-VRAM-to-minimum-requirements.patch: auto |
3205 | + set VRAM to minimum requirements |
3206 | + - d/p/ubuntu/xen-default-uri.patch: set default URI on xen hosts |
3207 | + - Add libxl log directory |
3208 | + - libvirt-uri.sh: Automatically switch default libvirt URI for users on |
3209 | + Xen dom0 via user profile (was missing on changelogs before) |
3210 | + - d/p/ubuntu/apibuild-skip-libvirt-common.h: drop libvirt-common.h from |
3211 | + included_files to avoid build failures due to duplicate definitions. |
3212 | + - Update README.Debian with Ubuntu changes |
3213 | + - Convert libvirt0, libnss_libvirt and libvirt-dev to multi-arch. |
3214 | + - Enable some additional features on ppc64el and s390x (for arch parity) |
3215 | + + systemtap, zfs, numa and numad on s390x. |
3216 | + + systemtap on ppc64el. |
3217 | + - fix conffile upgrade handling to avoid obsolete files |
3218 | + and inactive duplicates (LP 1694159) |
3219 | + - d/t/control, d/t/smoke-qemu-session: fixup smoke-qemu-session by making |
3220 | + vmlinuz available and accessible (Debian bug 848314) |
3221 | + - d/t/control, d/t/smoke-lxc: fix up lxc smoke test (Debian bug 848317) |
3222 | + - Extended handling of apparmor profiles - clear lost profiles via cron |
3223 | + - Add dnsmasq configuration to work with system wide dnsmasq (drop >18.04, |
3224 | + no more UCA onto Xenial then which has global dnsmasq by default). |
3225 | + - Reworked apparmor Delta, especially the more complex delta is dropped |
3226 | + now, also our former delta is now split into logical pieces, has |
3227 | + improved comments and is part of a continuous upstreaming effort. |
3228 | + Listing related remaining changes: |
3229 | + + d/p/0001-apparmor-Allow-pygrub-to-run-on-Debian-Ubuntu.patch: apparmor: |
3230 | + Allow pygrub to run on Debian/Ubuntu |
3231 | + + d/p/0002-apparmor-libvirt-qemu-Allow-macvtap-access.patch: apparmor, |
3232 | + libvirt-qemu: Allow macvtap access |
3233 | + + d/p/0003-apparmor-libvirt-qemu-Allow-read-access-to-overcommi.patch: |
3234 | + apparmor, libvirt-qemu: Allow read access to overcommit_memory |
3235 | + + d/p/0004-apparmor-Explicit-deny-for-setpcap.patch: apparmor: Explicit |
3236 | + deny for setpcap |
3237 | + + d/p/0005-apparmor-libvirt-qemu-Allow-use-of-sgabios.patch: apparmor, |
3238 | + libvirt-qemu: Allow use of sgabios |
3239 | + + d/p/0006-apparmor-libvirt-qemu-Silence-lttng-related-deny-mes.patch: |
3240 | + apparmor, libvirt-qemu: Silence lttng related deny messages |
3241 | + + d/p/0007-apparmor-libvirt-qemu-Allow-owner-read-access-to-PRO.patch: |
3242 | + apparmor, libvirt-qemu: Allow owner read access to @{PROC}/*/auxv |
3243 | + + d/p/0008-apparmor-libvirt-qemu-Allow-read-access-to-sysfs-sys.patch: |
3244 | + apparmor, libvirt-qemu: Allow read access to sysfs system info |
3245 | + + d/p/0009-apparmor-libvirt-qemu-Allow-read-access-to-max_mem_r.patch: |
3246 | + apparmor, libvirt-qemu: Allow read access to max_mem_regions |
3247 | + + d/p/0010-apparmor-libvirt-qemu-Allow-qemu-block-extra-librari.patch: |
3248 | + apparmor, libvirt-qemu: Allow qemu-block-extra libraries |
3249 | + + d/p/0011-apparmor-libvirt-qemu-Allow-access-to-hugepage-mount.patch: |
3250 | + apparmor, libvirt-qemu: Allow access to hugepage mounts |
3251 | + + d/p/0012-apparmor-libvirtd-Allow-access-to-netlink-sockets.patch: |
3252 | + apparmor, libvirtd: Allow access to netlink sockets |
3253 | + + d/p/0013-apparmor-Add-rules-for-mediation-support.patch: |
3254 | + apparmor: Add rules for mediation support |
3255 | + + d/p/0014-apparmor-virt-aa-helper-Improve-comment-about-backin.patch: |
3256 | + apparmor, virt-aa-helper: Improve comment about backing store |
3257 | + + d/p/0015-apparmor-virt-aa-helper-Allow-access-to-ecryptfs-fil.patch: |
3258 | + apparmor, virt-aa-helper: Allow access to ecryptfs files |
3259 | + + d/p/0016-apparmor-libvirtd-Allow-ixr-to-var-lib-libvirt-virtd.patch: |
3260 | + apparmor, libvirtd: Allow ixr to /var/lib/libvirt/virtd* |
3261 | + + d/p/0017-apparmor-virt-aa-helper-Allow-access-to-tmp-director.patch: |
3262 | + apparmor, virt-aa-helper: Allow access to tmp directories |
3263 | + + d/p/0018-apparmor-virt-aa-helper-Add-ipv6-network-policy.patch: |
3264 | + apparmor, virt-aa-helper: Add ipv6 network policy |
3265 | + + d/p/0019-apparmor-virt-aa-helper-Allow-access-to-sys-bus-usb-.patch: |
3266 | + apparmor, virt-aa-helper: Allow access to /sys/bus/usb/devices |
3267 | + + d/p/0020-apparmor-virt-aa-helper-Allow-various-storage-pools-.patch: |
3268 | + apparmor, virt-aa-helper: Allow various storage pools and image |
3269 | + locations |
3270 | + + d/p/0021-apparmor-virt-aa-helper-Add-openvswitch-support.patch: |
3271 | + apparmor, virt-aa-helper: Add openvswitch support |
3272 | + + d/p/0022-apparmor-drop-references-to-qemu-kvm.patch: apparmor: drop |
3273 | + references to qemu-kvm |
3274 | + + d/p/0023-apparmor-qemu-won-t-call-qemu-nbd.patch: apparmor: qemu |
3275 | + won't call qemu-nbd |
3276 | + + d/p/0024-apparmor-virt-aa-helper-Allow-access-to-name-service.patch: |
3277 | + apparmor, virt-aa-helper: Allow access to name services |
3278 | + + d/p/0025-apparmor-fix-newer-virt-manager-1.4.0.patch: Add Apparmor |
3279 | + permissions so virt-manager 1.4.0 viewing works (LP 1668681). |
3280 | + + d/p/0026-apparmor-add-generic-base-vfio-device.patch: apparmor: add |
3281 | + /dev/vfio for vf (hot) attach (LP 1680384). |
3282 | + + d/p/0027-apparmor-allow-reading-cmdline-of-shutdown-signal.patch: |
3283 | + apparmor: allow to parse cmdline of the pid that send the shutdown |
3284 | + signal (LP 1680384). |
3285 | + + (28 is a new patch, listed in added changes) |
3286 | + + d/p/0029-appmor-libvirt-qemu-Add-9p-support.patch: appmor, |
3287 | + libvirt-qemu: Add 9p support |
3288 | + + d/p/0030-virt-aa-helper-Complete-9p-support.patch: virt-aa-helper: |
3289 | + add l to 9p file options. |
3290 | + + d/p/0031-virt-aa-helper-Ask-for-no-deny-rule-for-readonly-dis.patch: |
3291 | + virt-aa-helper: Ask for no deny rule for readonly disk (renamed and |
3292 | + reworded, was virt-aa-helper-no-explicity-deny-for-basefiles.patch) |
3293 | + + d/p/0032-apparmor-libvirt-qemu-Allow-reading-charm-specific-c.patch: |
3294 | + apparmor, libvirt-qemu: Allow reading charm-specific ceph config |
3295 | + + d/p/0033-UBUNTU-only-apparmor-for-kvm.powerpc-LP-1680384.patch: allow |
3296 | + commands executed by ubuntu only kvm wrapper on ppc64el (LP 1686621). |
3297 | + + d/p/0034-apparmor-virt-aa-helper-access-for-snapped-nova.patch: |
3298 | + apparmor, virt-aa-helper: access for snapped nova |
3299 | + - remaining but updated to match the latest release |
3300 | + + d/p/Disable-use-of-namespaces-by-default.patch (Debian change) |
3301 | + + d/p/Reduce-udevadm-settle-timeout-to-10-seconds.patch (Debian change) |
3302 | + + d/p/debian/apparmor_profiles_local_include.patch Include local |
3303 | + apparmor profile (Debian change) |
3304 | + + d/p/ubuntu/ubuntu_machine_type.patch: accept ubuntu types as pci440fx |
3305 | + + d/test/smoke-lxc workaround for debbug 848317/867379 |
3306 | + * Dropped Changes (Upstream): |
3307 | + - Add missing apparmor rule for debug-threads feature (LP 1615550). |
3308 | + - Add new block device types to virt-aa-helpers profile (LP 1641618) |
3309 | + - d/p/ubuntu/storage-default-permission-mode-to-0711: safer default perms |
3310 | + for storage dirs like /var/lib/libvirt/images. |
3311 | + - d/p/ubuntu/libvirtd-service-nolimit.patch: remove proc/file/task limits |
3312 | + to support huge systems. |
3313 | + - d/p/ubuntu/libvirtd-service-set-notifyaccess.patch: set NotifyAccess=all |
3314 | + in libvirtd.service (-d not allowed to be specified, everything else |
3315 | + upstream so drop delta; LP 1574566). |
3316 | + - d/p/ubuntu/qemu_process-spice-don-t-release-used-port.patch: qemu_process |
3317 | + spice: don't release used port (LP 1697729). |
3318 | + - d/p/ubuntu/virsh-maxvcpu-fall-back-to-old-command.patch: virsh: maxvcpus: |
3319 | + Always fall back to the old command if domain caps fail (LP 1674298) |
3320 | + - d/p/ubuntu/qemu-Allow-empty-script-path-to-interface.patch: in the past |
3321 | + it was possible to have <script path=''/> which now fails - fix to match |
3322 | + the old behavior (LP 1665698) |
3323 | + - Reworked apparmor Delta and started upstreaming, listing related |
3324 | + changes dropped: |
3325 | + + Apparmor feature parsing to depend on new apparmor features which |
3326 | + appear in different versions across distributions (no more needed |
3327 | + >=Xenial, allows to now separate changes and upstream more easily). |
3328 | + + d/p/ubuntu/Ensure-disk-names-follow-the-disk-name-regex.patch: |
3329 | + guarantee disk spec is following the defined regex (LP 1665410). |
3330 | + + d/p/ubuntu/virt-aa-helper-add-guest-agent-rule.patch: add |
3331 | + virt-aa-helper rule allowing all private channel access. |
3332 | + + d/p/ubuntu/virt-aa-helper-apparmor-allow-usr-share-AAVMF-too.patch: |
3333 | + virt-aa-helper to allow access to aarch64 UEFI images. |
3334 | + + d/rules, apparmor: include and install local apparmor profiles (This |
3335 | + is now done by dh_apparmor automatically) |
3336 | + + add local apparmor override templates (provided by dh_apparmor now) |
3337 | + + Fix name resolution calls from virt-aa-helper profile (LP 1546674). |
3338 | + + virt-aa-helper, apparmor: allow /usr/share/OVMF/ too |
3339 | + + virt-aa-helper: Generalize test for firmware paths |
3340 | + + apparmor, virt-aa-helper: Allow aarch64 UEFI. |
3341 | + + apparmor, libvirt-qemu: Add ppc64el related changes |
3342 | + + apparmor, libvirtd: Allow libxl-save-helper to run on Debian/Ubuntu |
3343 | + + apparmor, libvirt-qemu: Allow access to ceph config |
3344 | + + apparmor, libvirt-qemu: Allow access to certificates used by libvirt-vnc |
3345 | + + apparmor, virt-aa-helper: Explicit denies for host devices |
3346 | + + apparmor, virt-aa-helper: Allow access to libnl-3 config files |
3347 | + + apparmor, libvirt-qemu: allow access to pt_chown for pty consoles |
3348 | + * Dropped Changes (In Debian): |
3349 | + - d/rules: debhelper start virtlogd.socket |
3350 | + - d/p/ubuntu/Debianize-virtlogd-service.patch: Adapt config file location |
3351 | + for Debian based systems. |
3352 | + - Additional debian/bug-presubj |
3353 | + - Extended handling of apparmor profiles - reload and remove in maintainer |
3354 | + scripts (dh_apparmor* now generate these snippets) |
3355 | + * Dropped Changes (no SysV anymore): |
3356 | + - Add sysvinit script for virtlockd |
3357 | + - Wait on socket in sysvinit script |
3358 | + - d/rules: dh_installinit virtlockd (was part of "Cleanup systemd |
3359 | + debhelper" |
3360 | + - d/p/ubuntu/Debianize-virtlockd-init.patch: Fix default config path in |
3361 | + virtlockd.init for Debian based systems. |
3362 | + * Dropped Changes (other reasons): |
3363 | + - d/p/ubuntu/dnsmasq-as-priv-user: configuration to run as extra user |
3364 | + This used group libvirt instead of nobody which makes it worse; Needs |
3365 | + to be fixed upstream (LP: #1690729). |
3366 | + + d/p/ubuntu/disable-network-test.patch: disable test failing due to |
3367 | + dnsmasq changes. |
3368 | + - Add .gitignore for .pc |
3369 | + - we keep lxc support as Debian does, but stop adding delta. It feels |
3370 | + somewhat less maintained than e.g. libvirt for qemu. Also for secure |
3371 | + and comfortable container management lxd is clearly preferred. The |
3372 | + delta caused more issues than it solved so deliver libvirt-lxc as-is |
3373 | + and drop the related delta. |
3374 | + + d/p/ubuntu/9031-enable-lxc-apparmor: enable apparmor confinement of |
3375 | + containers by default. |
3376 | + + d/p/ubuntu/9032-lxc-allow-no-security-driver: allow empty sec driver |
3377 | + for libvirt-lxc. |
3378 | + - The following xen changes are no more required with current versions |
3379 | + + d/p/ubuntu/ubuntu-libxl-hvmloader-path.patch: Fallback for libxl |
3380 | + xen paths (LP 1459603) |
3381 | + + d/p/ubuntu/ubuntu-libxl-qemu-path.patch: this change was split. The |
3382 | + section about compat to the very old qemu-dm name is no more needed. |
3383 | + + d/p/ubuntu/libxl-fix-test-data.patch and |
3384 | + d/p/ubuntu/fix-xen-xml-in-tests.patch: updated and unified into the |
3385 | + former one + also updated the maintainer notes to ease updating. |
3386 | + + d/p/ubuntu/libxl-no-dm-check.patch: Stop calling emulator to identify |
3387 | + device-model |
3388 | + * Added Changes: |
3389 | + - d/p/0028-apparmor-add-default-pki-path-of-lbvirt-spice.patch: |
3390 | + apparmor: add default pki path of lbvirt-spice (LP: #1690140) |
3391 | + - conffile handling of files dropped in 3.5 (can be dropped >18.04) |
3392 | + + /etc/init.d/virtlockd was sysv init only |
3393 | + + /etc/apparmor.d/local/usr.sbin.libvirtd and |
3394 | + /etc/apparmor.d/local/usr.lib.libvirt.virt-aa-helper are now generated |
3395 | + by dh_apparmor as needed |
3396 | + - d/p/ubuntu/fix-libxl-default-driver-name.patch: avoid an issue with |
3397 | + default driver entries missing name='qemu'. |
3398 | + |
3399 | + -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Thu, 06 Jul 2017 15:43:17 +0200 |
3400 | + |
3401 | libvirt (3.5.0-1) unstable; urgency=medium |
3402 | |
3403 | [ Guido Günther ] |
3404 | @@ -1547,6 +4823,233 @@ libvirt (3.0.0-1) experimental; urgency=medium |
3405 | |
3406 | -- Guido Günther <agx@sigxcpu.org> Thu, 19 Jan 2017 18:51:18 +0100 |
3407 | |
3408 | +libvirt (2.5.0-3ubuntu10) artful; urgency=medium |
3409 | + |
3410 | + * d/p/ubuntu/0004-apparmor-apply-ubuntu-delta.patch: Allow access to base |
3411 | + images and snapshots stored in nova-hypervisor snap's $SNAP_COMMON |
3412 | + directory, enabling use of the libvirt deb from the nova-hypervisor |
3413 | + snap (LP: #1644507). |
3414 | + |
3415 | + -- Corey Bryant <corey.bryant@canonical.com> Thu, 22 Jun 2017 14:29:39 -0400 |
3416 | + |
3417 | +libvirt (2.5.0-3ubuntu9) artful; urgency=medium |
3418 | + |
3419 | + * d/p/ubuntu/qemu_process-spice-don-t-release-used-port.patch: qemu_process |
3420 | + spice: don't release used port (LP: #1697729) - upstream in libvirt 3.1. |
3421 | + |
3422 | + -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Wed, 14 Jun 2017 14:49:16 +0200 |
3423 | + |
3424 | +libvirt (2.5.0-3ubuntu8) artful; urgency=medium |
3425 | + |
3426 | + * fix conffile upgrade handling to avoid obsolete files |
3427 | + and inactive duplicates (LP: #1694159) |
3428 | + - d/libvirt-daemon-system.maintscript: revert to Debian content |
3429 | + - d/libvirt-bin.maintscript: add missing rm_conffile related to |
3430 | + dropping upstart. |
3431 | + - d/libvirt-bin.maintscript: add missing rm of conffiles due |
3432 | + to re-aligning with debian package names since yakkety. |
3433 | + - d/libvirt-bin.maintscript: for LTS->LTS upgraders try to move and retain |
3434 | + custom changes. |
3435 | + - d/libvirt-bin.maintscript: for upgraders from yakkety or later remove |
3436 | + the (now duplicate) conffiles, but retain custom changes in backups if |
3437 | + they exist |
3438 | + - d/libvirt-bin.preinst: drop manual mv of conffiles which lacked |
3439 | + retaining changes and upgrade-abort handling. |
3440 | + - d/libvirt-bin.preinst: handle upgrades up to the latest predecessor |
3441 | + possible before yakkety. |
3442 | + - d/libvirt-bin.preinst: fixup the combination of rm+mv conffile in case |
3443 | + the package is upgrading from pre yakkety. |
3444 | + - d/libvirt-daemon-system.postinst: clean up old dnsmasq enablement symlink |
3445 | + if unmodified. |
3446 | + |
3447 | + -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Wed, 31 May 2017 14:29:51 +0200 |
3448 | + |
3449 | +libvirt (2.5.0-3ubuntu7) artful; urgency=medium |
3450 | + |
3451 | + * debian/patches/ubuntu/apparmor-ppcwrapper.patch: update to add missing |
3452 | + colon (LP: #1686621). |
3453 | + |
3454 | + -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Thu, 27 Apr 2017 13:16:05 +0200 |
3455 | + |
3456 | +libvirt (2.5.0-3ubuntu6) artful; urgency=medium |
3457 | + |
3458 | + * Add missing apparmor profile entries (LP: #1680384) |
3459 | + - debian/patches/ubuntu/apparmor-vfio.patch: apparmor: add /dev/vfio |
3460 | + for vf (hot) attach |
3461 | + - debian/patches/ubuntu/apparmor-ppcwrapper.patch: apparmor: allow |
3462 | + extra tools executed by kvm.powerpc |
3463 | + - debian/patches/ubuntu/apparmor-shutdown.patch: apparmor: allow to |
3464 | + parse cmdline of the pid that send the shutdown signal |
3465 | + |
3466 | + -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Tue, 25 Apr 2017 14:10:06 +0200 |
3467 | + |
3468 | +libvirt (2.5.0-3ubuntu5) zesty; urgency=medium |
3469 | + |
3470 | + * d/p/ubuntu/virsh-maxvcpu-fall-back-to-old-command.patch: virsh: maxvcpus: |
3471 | + Always fall back to the old command if domain caps fail (LP: #1674298) |
3472 | + |
3473 | + -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Tue, 21 Mar 2017 08:02:37 +0100 |
3474 | + |
3475 | +libvirt (2.5.0-3ubuntu4) zesty; urgency=medium |
3476 | + |
3477 | + * d/p/ubuntu/qemu-Allow-empty-script-path-to-interface.patch: in the past |
3478 | + it was possible to have <script path=''/> which now fails - fix to match |
3479 | + the old behavior (LP: #1665698) |
3480 | + |
3481 | + -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Fri, 10 Mar 2017 08:57:18 +0100 |
3482 | + |
3483 | +libvirt (2.5.0-3ubuntu3) zesty; urgency=medium |
3484 | + |
3485 | + [ Christian Ehrhardt ] |
3486 | + * d/p/ubuntu/Ensure-disk-names-follow-the-disk-name-regex.patch: |
3487 | + guarantee disk spec is following the defined regex (LP: #1665410). |
3488 | + |
3489 | + [ Bryan Quigley ] |
3490 | + * d/p/ubuntu/0007-apparmor-fix-for-new-virt-manager.patch: Add Apparmor |
3491 | + permissions so virt-manager 1.4.0 viewing works (LP: #1668681). |
3492 | + |
3493 | + -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Mon, 06 Mar 2017 08:24:06 +0100 |
3494 | + |
3495 | +libvirt (2.5.0-3ubuntu2) zesty; urgency=medium |
3496 | + |
3497 | + * No-change rebuild to build against Xen-4.8 libs. |
3498 | + |
3499 | + -- Stefan Bader <stefan.bader@canonical.com> Thu, 26 Jan 2017 14:19:03 +0100 |
3500 | + |
3501 | +libvirt (2.5.0-3ubuntu1) zesty; urgency=medium |
3502 | + |
3503 | + * Merged with Debian unstable |
3504 | + - this picks up a fix for migrations using NFS mounts (LP: #1637601). |
3505 | + * Remaining changes: |
3506 | + - Disable sheepdog (universe dependency) |
3507 | + - Disable libssh2 support (universe dependency) |
3508 | + - Disable firewalld support (universe dependency) |
3509 | + - Disable selinux |
3510 | + - Enable esx support |
3511 | + - Add build-dep to libcurl4-gnutls-dev (required for esx) |
3512 | + - Set qemu-group to kvm (for compat with older ubuntu) |
3513 | + - Added changes to use the upstream apparmor profiles with added |
3514 | + delta (configurable via apparmor profiles version). |
3515 | + * d/p/u/000[1-6]-apparmor-* |
3516 | + - Regularly clear AppArmor profiles for vms that no longer exist |
3517 | + - Fix name resolution calls from virt-aa-helper profile (LP 1546674). |
3518 | + - Add missing apparmor rule for debug-threads feature (LP 1615550). |
3519 | + - Add new block device types to virt-aa-helpers profile (LP 1641618) |
3520 | + - Additional apport package-hook |
3521 | + - d/rules: debhelper start virtlogd.socket |
3522 | + - Add sysvinit script for virtlockd |
3523 | + - Additional debian/bug-presubj |
3524 | + - Modifications to adapt for our delayed switch away from libvirt-bin (can |
3525 | + be dropped after 18.04). |
3526 | + - d/p/ubuntu/libvirtd-service-add-bin-alias.patch: alias to old |
3527 | + libvirt-bin name. |
3528 | + - d/p/ubuntu/libvirtd-init-add-bin-alias.patch: provides for the old |
3529 | + libvirt-bin name. |
3530 | + - Wait on socket in sysvinit script |
3531 | + - Backwards compatible handling of groups (can be dropped after 18.04). |
3532 | + - config details and autostart of default bridged network. Creating that is |
3533 | + now the default in general, yet our solution provides the following on |
3534 | + top as of today: |
3535 | + - nat only on some ports <port start='1024' end='65535'/> |
3536 | + - autostart the default network by default |
3537 | + - do not autostart if 192.168.122.0 is already taken (e.g. in containers) |
3538 | + - d/p/ubuntu/Allow-libvirt-group-to-access-the-socket.patch: This is |
3539 | + the group based access to libvirt functions as it was used in Ubuntu |
3540 | + for quite long. |
3541 | + - d/p/ubuntu/daemon-augeas-fix-expected.patch fix some related tests |
3542 | + due to the group access change. |
3543 | + - d/p/ubuntu/dnsmasq-as-priv-user: configuration to run as extra user |
3544 | + - d/p/ubuntu/disable-network-test.patch: disable test failing due to |
3545 | + dnsmasq changes. |
3546 | + - ubuntu/parallel-shutdown.patch: set parallel shutdown by default. |
3547 | + - d/p/ubuntu/enable-kvm-spice.patch: compat with older Ubuntu qemu/kvm |
3548 | + which provided a separate kvm-spice. |
3549 | + - d/p/ubuntu/storage-default-permission-mode-to-0711: safer default perms |
3550 | + for storage dirs like /var/lib/libvirt/images. |
3551 | + - d/p/ubuntu/storage-disable-gluster-test: gluster not enabled, skip test |
3552 | + - d/p/ubuntu/9031-enable-lxc-apparmor: enable apparmor confinement of |
3553 | + containers by default. |
3554 | + - d/p/ubuntu/9032-lxc-allow-no-security-driver: allow empty sec driver for |
3555 | + libvirt-lxc. |
3556 | + - d/p/ubuntu/ubuntu_machine_type.patch: accept ubuntu types as pci440fx |
3557 | + - d/p/ubuntu/ubuntu-libxl-qemu-path.patch: Set common qemu path to match |
3558 | + Debian/Ubuntu Xen packaging. |
3559 | + - d/p/ubuntu/ubuntu-libxl-hvmloader-path.patch: Fallback for libxl |
3560 | + xen paths (LP 1459603) |
3561 | + - d/p/ubuntu/ubuntu-libxl-Fix-up-VRAM-to-minimum-requirements.patch: auto |
3562 | + set VRAM to minimum requirements |
3563 | + - d/p/ubuntu/libxl-no-dm-check.patch: Stop calling emulator to identify |
3564 | + device-model |
3565 | + - d/p/ubuntu/xen-default-uri.patch: set default URI on xen hosts |
3566 | + - fixup tests to match packaging of Xen (mostly different paths) |
3567 | + - d/p/ubuntu/libxl-fix-test-data.patch |
3568 | + - d/p/ubuntu/fix-xen-xml-in-tests.patch |
3569 | + - d/p/ubuntu/Debianize-virtlogd-service.patch: Adapt config file location |
3570 | + for Debian based systems. |
3571 | + - d/p/ubuntu/Debianize-virtlockd-init.patch: Fix default config path in |
3572 | + virtlockd.init for Debian based systems. |
3573 | + - d/p/ubuntu/9034-complete-9p-support: virt-aa-helper: add l to 9p file |
3574 | + options. |
3575 | + - d/p/ubuntu/parallel-shutdown.patch: shut guests down in parallel |
3576 | + - d/p/ubuntu/virt-aa-helper-no-explicity-deny-for-basefiles.patch: ask for |
3577 | + no deny rule for readonly disk elements. |
3578 | + - d/p/ubuntu/virt-aa-helper-add-guest-agent-rule.patch: add virt-aa-helper |
3579 | + rule allowing all private channel access |
3580 | + - d/p/ubuntu/libvirtd-service-nolimit.patch: remove proc/file/task limits |
3581 | + to support huge systems. |
3582 | + - d/p/ubuntu/virt-aa-helper-apparmor-allow-usr-share-AAVMF-too.patch: |
3583 | + virt-aa-helper to allow access to aarch64 UEFI images. |
3584 | + - d/p/ubuntu/libvirtd-service-set-notifyaccess.patch: set NotifyAccess=all |
3585 | + in libvirtd.service (LP 1574566). |
3586 | + - d/p/ubuntu/apibuild-skip-libvirt-common.h: drop libvirt-common.h from |
3587 | + included_files to avoid build failures due to duplicate definitions. |
3588 | + - Update README.Debian with Ubuntu changes |
3589 | + - Convert libvirt0, libnss_libvirt and libvirt-dev to multi-arch. |
3590 | + - Add libxl log directory |
3591 | + - Enable some additional features on ppc64el and s390x (for arch parity) |
3592 | + - systemtap, zfs, numa and numad on s390x. |
3593 | + - systemtap on ppc64el. |
3594 | + * Dropped Changes: |
3595 | + - Build depend on gnutls >= 3.5.6-4ubuntu2 (no > 3.5.6 && < 3.5.6-4ubuntu2 |
3596 | + in any release left) |
3597 | + - Fix parsing non apparmor labels LP:#1633207 (upstream in libvirt 2.5) |
3598 | + - Ignore newlines in guest list (upstream in libvirt 2.4) |
3599 | + - Avoid migration postcopy issues by ensuring valid commands (upstream in |
3600 | + libvirt 2.5) |
3601 | + - Enable numa for arm64 (in Debian) |
3602 | + - Fix libvirt start failure when security_driver set (upstream in libvirt |
3603 | + 2.2) |
3604 | + - virt-aa-helper: Fix upstream implementation of no explicit deny rule |
3605 | + (upstream in libvirt 2.3) |
3606 | + - Some useless whitespace damage and no more applicable comments |
3607 | + - The following patches were part of the Delta but not the series file. |
3608 | + So they had no effect and can be dropped now: |
3609 | + - ubuntu/9036-util-prepare-uri-for-libxml2-2.9.2.patch |
3610 | + - ubuntu/Disable-failing-virnetsockettest.patch |
3611 | + - ubuntu/dont-include-non-migrateable-features-in-host-model |
3612 | + - ubuntu/upstream-libxl-Allow-libxl-to-find-pygrub-binary.patch |
3613 | + - See the 2.1.0-1ubuntu15 and 2.1.0-1ubuntu16 changelogs for related |
3614 | + pre-merge drops |
3615 | + - Add build-dep to libxml-libxml-perl (no more needed) |
3616 | + - apparmor double add /usr/bin/qemu-sparc64 rmix (no function anymore) |
3617 | + - apparmor /usr/{lib,lib64}/qemu/block-*.so (in Debian) |
3618 | + - apparmor moving /bin/bash rmix in profile (drop non functional delta) |
3619 | + - follow Debians style of block-*.so rules for block-extra (drop our |
3620 | + functionally equivalent adding/moving of rules) |
3621 | + - follow Debians style of lib/lib64 rules (drop a lot of our functional |
3622 | + functionally equivalent adding/moving of rules) |
3623 | + - accept Upstream style to handle libvirt_iohelper and libvirt_parthelper |
3624 | + (stop removing the two rules without an associated bug to reduce delta) |
3625 | + - Disabling dep8 smoke tests |
3626 | + * Added Changes: |
3627 | + - d/t/control, d/t/smoke-qemu-session: fixup smoke-qemu-session by making |
3628 | + vmlinuz available and accessible (in discussed with Debian in debbug |
3629 | + 848314) |
3630 | + - d/t/control, d/t/smoke-lxc: fix up lxc smoke test (in discussed with |
3631 | + Debian in debbug 848317) |
3632 | + |
3633 | + -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Tue, 03 Jan 2017 13:58:30 +0100 |
3634 | + |
3635 | libvirt (2.5.0-3) unstable; urgency=medium |
3636 | |
3637 | * [ba9fcb8] Invoke db_stop. |
3638 | @@ -1695,6 +5198,192 @@ libvirt (2.1.0-2) unstable; urgency=medium |
3639 | |
3640 | -- Guido Günther <agx@sigxcpu.org> Fri, 19 Aug 2016 10:22:22 +0200 |
3641 | |
3642 | +libvirt (2.1.0-1ubuntu16) zesty; urgency=medium |
3643 | + |
3644 | + * Ensure d/p/ubuntu/9002-default_uri_virsh_to_system.patch is |
3645 | + dropped as intended. |
3646 | + * Re-Add d/p/ubuntu/apibuild-skip-libvirt-common.h for an issue that |
3647 | + transiently occurs on LP builds (real trigger not yet identified, so it |
3648 | + can't be upstreamed). |
3649 | + |
3650 | + -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Wed, 14 Dec 2016 09:30:58 +0100 |
3651 | + |
3652 | +libvirt (2.1.0-1ubuntu15) zesty; urgency=medium |
3653 | + |
3654 | + * Cleanup Ubuntu Delta prior to next libvirt merge |
3655 | + - drop obsolte patches: |
3656 | + d/p/ubuntu/cgroups-ignore-systemd-failure, |
3657 | + d/p/ubuntu/ubuntu-skip-virstoragetest, |
3658 | + d/p/ubuntu/9021-fix-uint64_t.patch, |
3659 | + ubuntu/Disable-failing-virnetsockettest.patch (was only comment), |
3660 | + d/p/ubuntu/9002-default_uri_virsh_to_system.patch, |
3661 | + d/p/ubuntu/ubuntu-xend-probe.patch |
3662 | + - clarify dep3 headers to be more useful: |
3663 | + d/p/ubuntu/Allow-libvirt-group-to-access-the-socket.patch, |
3664 | + d/p/ubuntu/daemon-augeas-fix-expected.patch, |
3665 | + d/p/ubuntu/enable-kvm-spice.patch, |
3666 | + d/p/ubuntu/dnsmasq-as-priv-user, |
3667 | + d/p/ubuntu/disable-network-test.patch |
3668 | + - split patch containing unrelated changes into two patches, so parts of |
3669 | + d/p/ubuntu/storage-default-permission-mode-to-0711 moved into |
3670 | + d/p/ubuntu/storage-disable-gluster-test |
3671 | + |
3672 | + -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Mon, 12 Dec 2016 11:59:59 +0100 |
3673 | + |
3674 | +libvirt (2.1.0-1ubuntu14) zesty; urgency=medium |
3675 | + |
3676 | + * d/p/u/apparmor-fix-name-resolution.patch rework the fix to base |
3677 | + on the apparmor nameservice abstraction to be future proof (LP: #1546674). |
3678 | + * d/p/ubuntu/apparmor-fix-new-devicetypes.patch add new block device types to |
3679 | + virt-aa-helpers profile (LP: #1641618) |
3680 | + * d/p/u/apparmor-fix-other-seclabels.patch refresh to the now upstream |
3681 | + accepted solution (LP: #1633207). |
3682 | + |
3683 | + -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Thu, 24 Nov 2016 08:06:38 +0100 |
3684 | + |
3685 | +libvirt (2.1.0-1ubuntu13) zesty; urgency=medium |
3686 | + |
3687 | + * drop d/p/ubuntu/fix-ftbfs-for-gnutls-3-5-6.patch as the offending change |
3688 | + in gnutls has been reverted (LP: #1641615) |
3689 | + * Build depend on gnutls >= 3.5.6-4ubuntu2 to build after the gnutls fix |
3690 | + migrated |
3691 | + |
3692 | + -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Thu, 17 Nov 2016 08:43:10 +0100 |
3693 | + |
3694 | +libvirt (2.1.0-1ubuntu12) zesty; urgency=medium |
3695 | + |
3696 | + * d/p/ubuntu/fix-ftbfs-for-gnutls-3-5-6.patch fix FTBFS due to changes in |
3697 | + gnutls that affected the ordering on certificate DN entries (LP: #1641615) |
3698 | + * Revert "Fix FTBFS on zesty due to issues with concurrent make check" as it |
3699 | + was not the right solution. |
3700 | + |
3701 | + -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Wed, 16 Nov 2016 14:52:17 +0100 |
3702 | + |
3703 | +libvirt (2.1.0-1ubuntu11) zesty; urgency=medium |
3704 | + |
3705 | + * Fix FTBFS on zesty due to issues with concurrent make check (LP: #1641615) |
3706 | + |
3707 | + -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Tue, 15 Nov 2016 14:45:52 +0100 |
3708 | + |
3709 | +libvirt (2.1.0-1ubuntu10) zesty; urgency=medium |
3710 | + |
3711 | + [Simon Déziel] |
3712 | + * d/p/u/apparmor-fix-name-resolution.patch adds missing rules for name |
3713 | + resolution to virt-aa-helper Apparmor profile (LP: #1546674). |
3714 | + * d/p/u/apparmor-fix-debug-threads.patch adds missing rule for debug-threads |
3715 | + feature that is now default enabled to Apparmor profile (LP: #1615550). |
3716 | + |
3717 | + [Christian Ehrhardt] |
3718 | + * d/p/u/apparmor-fix-other-seclabels.patch fixes an issue parsing non |
3719 | + apparmor security labels (LP: #1633207). |
3720 | + |
3721 | + -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Mon, 24 Oct 2016 14:21:36 +0200 |
3722 | + |
3723 | +libvirt (2.1.0-1ubuntu9) yakkety; urgency=medium |
3724 | + |
3725 | + * Fix libvirt-guest.sh to handle multiple guests (LP: #1591695). |
3726 | + |
3727 | + -- Stefan Bader <stefan.bader@canonical.com> Thu, 06 Oct 2016 12:14:05 +0200 |
3728 | + |
3729 | +libvirt (2.1.0-1ubuntu8) yakkety; urgency=medium |
3730 | + |
3731 | + [ Christian Ehrhardt ] |
3732 | + |
3733 | + * avoid migration postcopy issues by ensuring valid commands (LP: #1620906) |
3734 | + - d/p/ubuntu/check-live-for-postcopy.patch Check for --live flag for |
3735 | + postcopy-after-precopy migration. |
3736 | + - d/p/ubuntu/make-postcopy-mandatory-for-postcopy-after-precopy.patch to |
3737 | + |
3738 | + [ Stefan Bader ] |
3739 | + |
3740 | + * Fix Xenial to Yakkety migration from libvirt-bin.service to |
3741 | + libvirtd.service (LP: #1627969). |
3742 | + * Update Vcs-Git and Vcs-Browser fields to point to launchpad |
3743 | + (LP: #1629210) |
3744 | + |
3745 | + [ Dann Frazier ] |
3746 | + |
3747 | + * Fix FTBS in Yakkety due to missing python dependency (LP: #1629041) |
3748 | + |
3749 | + -- Stefan Bader <stefan.bader@canonical.com> Fri, 30 Sep 2016 10:11:30 +0200 |
3750 | + |
3751 | +libvirt (2.1.0-1ubuntu7) yakkety; urgency=medium |
3752 | + |
3753 | + * Enable NUMA support in arm64 builds (LP: #1627926). |
3754 | + |
3755 | + -- dann frazier <dannf@ubuntu.com> Mon, 26 Sep 2016 23:36:24 -0600 |
3756 | + |
3757 | +libvirt (2.1.0-1ubuntu6) yakkety; urgency=medium |
3758 | + |
3759 | + * No-change rebuild for readline soname change. |
3760 | + |
3761 | + -- Matthias Klose <doko@ubuntu.com> Sat, 17 Sep 2016 12:05:33 +0000 |
3762 | + |
3763 | +libvirt (2.1.0-1ubuntu5) yakkety; urgency=medium |
3764 | + |
3765 | + [ Jon Grimm ] |
3766 | + |
3767 | + * Fix libvirt start failure when security_driver set (LP: #1618592) |
3768 | + - qemu: fix qemu.conf security_driver |
3769 | + |
3770 | + -- Stefan Bader <stefan.bader@canonical.com> Thu, 08 Sep 2016 14:11:47 +0200 |
3771 | + |
3772 | +libvirt (2.1.0-1ubuntu4) yakkety; urgency=medium |
3773 | + |
3774 | + * Enable systemtap, zfs, numa on s390x. |
3775 | + * Enable systemtap on ppc64el. |
3776 | + |
3777 | + -- Dimitri John Ledkov <xnox@ubuntu.com> Wed, 24 Aug 2016 13:21:29 +0100 |
3778 | + |
3779 | +libvirt (2.1.0-1ubuntu3) yakkety; urgency=low |
3780 | + |
3781 | + * Really fix the ADT regression and not only the changelog due |
3782 | + to somehow ending up on the wrong git branch. |
3783 | + |
3784 | + -- Stefan Bader <stefan.bader@canonical.com> Wed, 17 Aug 2016 18:31:01 +0200 |
3785 | + |
3786 | +libvirt (2.1.0-1ubuntu2) yakkety; urgency=low |
3787 | + |
3788 | + * Fix ADT build-test regression(s) |
3789 | + |
3790 | + -- Stefan Bader <stefan.bader@canonical.com> Wed, 17 Aug 2016 15:18:38 +0200 |
3791 | + |
3792 | +libvirt (2.1.0-1ubuntu1) yakkety; urgency=low |
3793 | + |
3794 | + * Merged with Debian testing. Remaining changes: |
3795 | + - Added changes to use the upstream apparmor profiles with added |
3796 | + delta (configurable via apparmor profiles version). |
3797 | + * d/p/u/0001-apparmor-add-feature-parsing.patch |
3798 | + * d/p/u/0002-apparmor-apply-ubuntu-delta.patch |
3799 | + * d/p/u/0003-apparmor-debian-ubuntu-delta.patch |
3800 | + * d/p/u/0004-apparmor-ubuntu-delta.patch |
3801 | + - Avoiding dependency on sheepdog |
3802 | + - Additional apport package-hook |
3803 | + - Additional dnsmasq configuration |
3804 | + - Additional profile.d script to set default URI |
3805 | + - Additional debian/bug-presubj |
3806 | + - d/rules: debhelper start virtlogd.socket not virtlockd.service |
3807 | + - Modifications to adapt for our delayed switch away from libvirt-bin. |
3808 | + - Wait on socket in sysvinit script |
3809 | + - Backwards compatible handling of groups and default bridged network |
3810 | + creation. |
3811 | + - Extended handling of apparmor profiles |
3812 | + - Convert libvirt0 and libvirt-dev to multi-arch. |
3813 | + - Added a fix for the upstream version of adding better write denials |
3814 | + handling to virt-aa-helper. |
3815 | + - Convert libnss_libvirt to multi-arch and fix up source location that |
3816 | + changed when making libvirt0 multi-arch. |
3817 | + - Dropped |
3818 | + * upstart script for libvirtd |
3819 | + * d/p/lp1588841-000[123]-* (upstream) |
3820 | + * d/p/u/qemu-Add-virQEMUCapsSupportsGICVersion.patch (upstream) |
3821 | + * d/p/u/qemu-Automatically-choose-usable-GIC-version.patch (upstream) |
3822 | + * d/p/u/docs-remove-xpath.patch (xpath removed upstream) |
3823 | + * d/p/u/preup-virt-aa-helper-better-write-denials-handling.patch (upstr.) |
3824 | + * d/p/u/ubuntu/virt-aa-helper-helpfix.patch (upstream) |
3825 | + |
3826 | + -- Stefan Bader <stefan.bader@canonical.com> Wed, 13 Jul 2016 13:12:36 +0200 |
3827 | + |
3828 | libvirt (2.1.0-1) unstable; urgency=medium |
3829 | |
3830 | * Upload to unstable |
3831 | @@ -1764,6 +5453,103 @@ libvirt (1.3.5~rc1-1) experimental; urgency=medium |
3832 | |
3833 | -- Guido Günther <agx@sigxcpu.org> Mon, 30 May 2016 22:00:33 +0200 |
3834 | |
3835 | +libvirt (1.3.4-1ubuntu6) yakkety; urgency=low |
3836 | + |
3837 | + * Fix libvirtd crashing on libxl domain restore (LP: #1588841). |
3838 | + Patches cherry-picked from upsream libvirt git tree. |
3839 | + - libxl: switch to using libxl_domain_create_restore from v4.4 API |
3840 | + - libxl: support Xen migration stream V2 in save/restore |
3841 | + - libxl: support migration stream V2 in migration |
3842 | + |
3843 | + -- Stefan Bader <stefan.bader@canonical.com> Wed, 08 Jun 2016 14:17:23 +0200 |
3844 | + |
3845 | +libvirt (1.3.4-1ubuntu5) yakkety; urgency=low |
3846 | + |
3847 | + * Update the correct apparmor profiles to allow AAVMF and qemu-efi |
3848 | + firmware for aarch64 (1538882) |
3849 | + * Clean up / refresh various patches to finalize switch from libvirt-bin |
3850 | + to libvirtd as service name. |
3851 | + Drop: d/p/ubuntu/libvirt-bin-service-libvirtd-alias.patch |
3852 | + Refresh+Rename: d/p/ubuntu/libvirt-bin-service-set-notifyaccess.patch -> |
3853 | + d/p/ubuntu/libvirtd-service-nolimit.patch |
3854 | + Rename: d/p/ubuntu/libvirt-bin-service-set-notifyaccess.patch -> |
3855 | + d/p/ubuntu/libvirtd-service-set-notifyaccess.patch |
3856 | + Refresh: d/p/ubuntu/libvirtd-service-add-bin-alias.patch |
3857 | + Add: d/p/ubuntu/libvirtd-init-add-bin-alias.patch |
3858 | + * Change default profile used by libvirtd.service to /etc/default/libvirtd. |
3859 | + Drop: d/p/ubuntu/switch-service-files-to-libvirt-bin.patch |
3860 | + * Drop virtlockd.service from dh_systemd_start in debian/rules as |
3861 | + the service is socket activated (LP: #1588006). |
3862 | + * Fix failure to enable libvirtd.service due to lingering libvirt-bin |
3863 | + alias. This could happen when the upgrade from a version prior 1.3.3-2 |
3864 | + happened before 1.3.4-1ubuntu3 (LP: #1588004). |
3865 | + |
3866 | + -- Stefan Bader <stefan.bader@canonical.com> Thu, 02 Jun 2016 14:50:27 +0200 |
3867 | + |
3868 | +libvirt (1.3.4-1ubuntu4) yakkety; urgency=medium |
3869 | + |
3870 | + * Re-enable the upstart job by renaming the file. |
3871 | + * Include patchby @guessi to continally wait for libvirtd to start when |
3872 | + using sysvinit or upstart. (LP: #1571209) |
3873 | + |
3874 | + -- Serge Hallyn <serge.hallyn@ubuntu.com> Mon, 23 May 2016 13:50:22 -0500 |
3875 | + |
3876 | +libvirt (1.3.4-1ubuntu3) yakkety; urgency=medium |
3877 | + |
3878 | + [ dann frazier ] |
3879 | + * d/p/u/qemu-Add-virQEMUCapsSupportsGICVersion.patch, |
3880 | + d/p/u/qemu-Automatically-choose-usable-GIC-version.patch: If no GIC |
3881 | + was specified for an ARM virt guest, choose a GIC version supported |
3882 | + by the host. (LP: #1566564) |
3883 | + |
3884 | + [ Serge Hallyn ] |
3885 | + * libvirt-bin.preinst: on upgrades from prior to 1.3.3-2, also remove the |
3886 | + service file for the Alias - /etc/systemd/system/libvirtd.service. |
3887 | + (LP: #1579922) |
3888 | + |
3889 | + -- dann frazier <dannf@ubuntu.com> Thu, 19 May 2016 08:57:33 -0600 |
3890 | + |
3891 | +libvirt (1.3.4-1ubuntu2) yakkety; urgency=medium |
3892 | + |
3893 | + * Include installing virtlogd.socket. (LP: #1583009) |
3894 | + |
3895 | + -- Chris J Arges <chris.j.arges@canonical.com> Wed, 18 May 2016 13:56:08 -0500 |
3896 | + |
3897 | +libvirt (1.3.4-1ubuntu1) yakkety; urgency=medium |
3898 | + |
3899 | + * Merge 1.3.4-1 from Debian unstable |
3900 | + * Drop upstream-applied patches: |
3901 | + - conf-also-mark-implicit-video-as-primary.patch |
3902 | + - libvirt-socket-fix-group |
3903 | + * Remaining changes |
3904 | + - keep libvirt-bin transitional package - until 18.10 (for lts-to-lts |
3905 | + upgrades) |
3906 | + - keep (redundant) libvirtd group if it existed on upgrade - until 18.10 |
3907 | + (for lts-to-lts upgrades) |
3908 | + - keep ubuntu-specific patches |
3909 | + - ship apport and dnsmasq files |
3910 | + - enable virbr0 |
3911 | + - ship apparmor from debian/*. We should push changes upstrema, but |
3912 | + cannot sync with debian as apparmor profiles must be processed in |
3913 | + debian/rules for cloud archive. |
3914 | + - debian/control |
3915 | + - enable zfs |
3916 | + - disable libssh2 and sheepdog |
3917 | + - add libxml-libxml-perl and libcurl4-gnutls-dev |
3918 | + - enable libnuma-dev on ppc64el (pushed to Debian) |
3919 | + - update release for conflicts/replaces on libvirt-bin to << 1.3.3-2 |
3920 | + - debian/libvirt-daemon-system.preinst: stop libvirt-bin on certain |
3921 | + upgrades. |
3922 | + - Multi-arch-ify. |
3923 | + - debian/rules: disable selinux and firewalld; use 'kvm' group; disable |
3924 | + ssh2, enable zfs and esx; process apparmor files for older releases; |
3925 | + copy dnsmasq configuration. |
3926 | + - debian/tests/control: add extra depends |
3927 | + * d/p/ubuntu/apibuild-skip-libvirt-common.h: libvirt-common.h is being |
3928 | + included twice leading to build failures - drop it temporarily. |
3929 | + |
3930 | + -- Serge Hallyn <serge.hallyn@ubuntu.com> Thu, 12 May 2016 12:50:02 -0500 |
3931 | + |
3932 | libvirt (1.3.4-1) unstable; urgency=medium |
3933 | |
3934 | * Upload to unstable |
3935 | @@ -1793,6 +5579,65 @@ libvirt (1.3.4~rc1-1) experimental; urgency=medium |
3936 | |
3937 | -- Guido Günther <agx@sigxcpu.org> Wed, 27 Apr 2016 16:51:55 +0200 |
3938 | |
3939 | +libvirt (1.3.3-2ubuntu2) yakkety; urgency=medium |
3940 | + |
3941 | + * debian/rules: fix paths when removing files which should not end up |
3942 | + in libvirt-daemon package. |
3943 | + |
3944 | + -- Serge Hallyn <serge.hallyn@ubuntu.com> Thu, 12 May 2016 13:14:17 -0500 |
3945 | + |
3946 | +libvirt (1.3.3-2ubuntu1) yakkety; urgency=medium |
3947 | + |
3948 | + * Merge 1.3.3-2 from Debian unstable |
3949 | + * Merge new packaging layout |
3950 | + - debian/control |
3951 | + * add libsanlock-dev, dtrace, systemtap-sdt-dev, librados-dev, |
3952 | + libfuse-dev, augeas-tools to Build-Depends. |
3953 | + * Drop libcgmanager-dev from Build-Depends. |
3954 | + * Add libvirt-clients, libvirt-daemon, and libvirt-daemon-system |
3955 | + packages which replace the now-virtual libvirt-bin package. |
3956 | + * Drop libvirt0-dbg (is this intential in Debian?) |
3957 | + * Add libvirt-sanlock package (this should be in universe) |
3958 | + * Switch to 'libvirt' group, keeping the same gid as 'libvirtd' |
3959 | + on upgrade. Keep libvirtd group name on upgrade in case any |
3960 | + site scripts use it. |
3961 | + * Enable dtrace |
3962 | + * Add Debian policy-kit configuration |
3963 | + * drop ubuntu/9004-libvirtd-group-name.patch as we are switching to group |
3964 | + 'libvirt' |
3965 | + * Drop obsolete migration scripts: |
3966 | + - libvirt-migrate-xend-managed-domains |
3967 | + - libvirt-migrate-qemu-disks |
3968 | + - libvirt-migrate-qemu-machinetype |
3969 | + * Remaining changes: |
3970 | + - keep libvirt-bin transitional package - until 18.10 (for lts-to-lts |
3971 | + upgrades) |
3972 | + - keep (redundant) libvirtd group if it existed on upgrade - until 18.10 |
3973 | + (for lts-to-lts upgrades) |
3974 | + - keep ubuntu-specific patches |
3975 | + - ship apport and dnsmasq files |
3976 | + - enable virbr0 |
3977 | + - ship apparmor from debian/*. We should push changes upstrema, but |
3978 | + cannot sync with debian as apparmor profiles must be processed in |
3979 | + debian/rules for cloud archive. |
3980 | + - debian/control |
3981 | + - enable zfs |
3982 | + - disable libssh2 and sheepdog |
3983 | + - add libxml-libxml-perl and libcurl4-gnutls-dev |
3984 | + - enable libnuma-dev on ppc64el (pushed to Debian) |
3985 | + - update release for conflicts/replaces on libvirt-bin to << 1.3.3-2 |
3986 | + - debian/libvirt-daemon-system.preinst: stop libvirt-bin on certain |
3987 | + upgrades. |
3988 | + - Multi-arch-ify. |
3989 | + - debian/rules: disable selinux and firewalld; use 'kvm' group; disable |
3990 | + ssh2, enable zfs and esx; process apparmor files for older releases; |
3991 | + copy dnsmasq configuration. |
3992 | + - debian/tests/control: add depends |
3993 | + * d/p/ubuntu/conf-also-mark-implicit-video-as-primary.patch: upstream patch |
3994 | + to fix failure to start vms with video not explicitly marked as 'primary' |
3995 | + |
3996 | + -- Serge Hallyn <serge.hallyn@ubuntu.com> Fri, 29 Apr 2016 20:51:48 -0500 |
3997 | + |
3998 | libvirt (1.3.3-2) unstable; urgency=medium |
3999 | |
4000 | * Upload to unstable |
4001 | @@ -1844,6 +5689,239 @@ libvirt (1.3.1-2) unstable; urgency=medium |
4002 | |
4003 | -- Guido Günther <agx@sigxcpu.org> Fri, 19 Feb 2016 17:29:27 +0100 |
4004 | |
4005 | +libvirt (1.3.1-1ubuntu11) yakkety; urgency=medium |
4006 | + |
4007 | + [ Stefan Bader ] |
4008 | + * Add alias for libvirtd.service into libvirt-bin.service |
4009 | + |
4010 | + [ Serge Hallyn ] |
4011 | + * d/p/u/libvirt-bin-service-set-notifyaccess.patch: Set NotifyAccess=all in |
4012 | + libvirt-bin systemd service file. (LP: #1574566) |
4013 | + |
4014 | + -- Serge Hallyn <serge.hallyn@ubuntu.com> Mon, 18 Apr 2016 13:44:15 -0500 |
4015 | + |
4016 | +libvirt (1.3.1-1ubuntu10) xenial; urgency=medium |
4017 | + |
4018 | + * d/p/u/virt-aa-helper-apparmor-allow-usr-share-AAVMF-too.patch: Allow |
4019 | + access to /usr/share/AAVMF/** and /usr/share/qemu-efi/** for aarch64 UEFI. |
4020 | + (LP: #1538882) |
4021 | + |
4022 | + -- William Grant <wgrant@ubuntu.com> Fri, 15 Apr 2016 12:08:21 +1000 |
4023 | + |
4024 | +libvirt (1.3.1-1ubuntu9) xenial; urgency=medium |
4025 | + |
4026 | + * Remove the tasks limit on libvirt-bin service (LP: #1567381) |
4027 | + This should be un-done when it is properly fixed in the code so |
4028 | + that virtual machines are started in their own pids cgroup. |
4029 | + |
4030 | + -- Serge Hallyn <serge.hallyn@ubuntu.com> Thu, 07 Apr 2016 10:05:01 -0500 |
4031 | + |
4032 | +libvirt (1.3.1-1ubuntu8) xenial; urgency=medium |
4033 | + |
4034 | + * d/p/u/virt-aa-helper-add-guest-agent-rule.patch: this actually solves |
4035 | + the qemu guest agent problem for rhel7 vms for me. (LP: #1393842) |
4036 | + Also drop the mknod rule which isn't needed. |
4037 | + * d/apparmor/usr.lib.libvirt.virt-aa-helper: add permission to read under |
4038 | + /var/run. This is needed for some openvswitch info. (LP: #1513367) |
4039 | + |
4040 | + -- Serge Hallyn <serge.hallyn@ubuntu.com> Fri, 11 Mar 2016 15:01:25 -0800 |
4041 | + |
4042 | +libvirt (1.3.1-1ubuntu7) xenial; urgency=medium |
4043 | + |
4044 | + * zfs support (LP: #1553023) |
4045 | + - Cherrypick upstream patches to support zfs |
4046 | + - debian/rules: build with zfs support |
4047 | + - debian/control: add zfs as build-dep |
4048 | + * d/p/u/virt-aa-helper-no-explicity-deny-for-basefiles.patch: don't mark |
4049 | + readonly files with an explicity deny only because the xml marks it |
4050 | + as reasonly. (LP: #1554031) |
4051 | + * fix typo in virt-aa-helper helptext |
4052 | + * fix d/p/u/preup-virt-aa-helper-better-write-denials-handling.patch to |
4053 | + not overwrite const memory. |
4054 | + |
4055 | + -- Serge Hallyn <serge.hallyn@ubuntu.com> Thu, 10 Mar 2016 19:25:54 -0800 |
4056 | + |
4057 | +libvirt (1.3.1-1ubuntu6) xenial; urgency=medium |
4058 | + |
4059 | + * d/apparmor/libvirt-qemu: generalize the qemu-block-extra libs line. |
4060 | + (LP: #1554761) |
4061 | + * d/p/ubuntu/virt-aa-helper-add-mknod-for-guest-agent.patch: add mknod |
4062 | + capability if there is a qemu guest agent. (LP: #1393842) |
4063 | + |
4064 | + -- Serge Hallyn <serge.hallyn@ubuntu.com> Wed, 09 Mar 2016 18:45:08 -0800 |
4065 | + |
4066 | +libvirt (1.3.1-1ubuntu5) xenial; urgency=low |
4067 | + |
4068 | + * Added d/p/ubuntu/preup-virt-aa-helper-better-write-denials-handling.patch |
4069 | + and refreshed d/p/ubuntu/9034-complete-9p-support accordingly. |
4070 | + * Added d/p/ubuntu/additional-libvirt-guest-tweaks.patch to fix default |
4071 | + URI detection when running in a Xen control domain. Also change the |
4072 | + default config to do parallel shutdown requests (max. 10) and reduce the |
4073 | + timeout to 2 minutes. |
4074 | + |
4075 | + -- Stefan Bader <stefan.bader@canonical.com> Wed, 09 Mar 2016 09:13:09 +0100 |
4076 | + |
4077 | +libvirt (1.3.1-1ubuntu4) xenial; urgency=low |
4078 | + |
4079 | + * d/libvirt-bin.virtlockd.init: Replace by the version I had already |
4080 | + prepared and was tested (LP: #1547208). |
4081 | + * d/libvirt-bin.virtlogd.init: Fix up some left-over references to |
4082 | + libvirtd. |
4083 | + * d/control: Add provides libvirt-daemon for libvirt-bin (LP: #1551643) |
4084 | + |
4085 | + -- Stefan Bader <stefan.bader@canonical.com> Tue, 01 Mar 2016 10:58:23 +0100 |
4086 | + |
4087 | +libvirt (1.3.1-1ubuntu3) xenial; urgency=medium |
4088 | + |
4089 | + * d/libvirt-bin.virtlockd.init: Re-write based on virtlogd init script |
4090 | + as upstream provided version is not compatible with Ubuntu/Debian. |
4091 | + |
4092 | + -- James Page <james.page@ubuntu.com> Mon, 29 Feb 2016 22:24:49 +0000 |
4093 | + |
4094 | +libvirt (1.3.1-1ubuntu2) xenial; urgency=medium |
4095 | + |
4096 | + * No-change rebuild for gnutls transition. |
4097 | + |
4098 | + -- Matthias Klose <doko@ubuntu.com> Wed, 17 Feb 2016 22:41:20 +0000 |
4099 | + |
4100 | +libvirt (1.3.1-1ubuntu1) xenial; urgency=low |
4101 | + |
4102 | + * Merge from Debian unstable. Remaining changes: |
4103 | + - debian/apparmor/{libvirt-lxc,libvirt-qemu,local-usr.sbin.libvirtd, |
4104 | + TEMPLATE.lxc,TEMPLATE.qemu,usr.lib.libvirt.virt-aa-helper, |
4105 | + usr.sbin.libvirtd} Add apparmor profiles. |
4106 | + - Add debian/libvirt-bin.virtlockd.init based on the upstream version |
4107 | + src/locking/virtlockd.init.in. This does not seem to get processed |
4108 | + by the build. |
4109 | + - debian/control: |
4110 | + * Add libcurl4-gnutls-dev, libxml-libxml-perl, libcgmanager-dev |
4111 | + * Add ppc64el to libnuma-dev arches |
4112 | + * Remove libsanlock-dev, libselinux1-dev, systemtap-sdt-dev |
4113 | + * Remove python, sheepdog, librados-dev, libfuse-dev |
4114 | + * Remove libssh2-1-dev, qemu-system-common, augeas-tools |
4115 | + * Don't build libvirt-clients, libvirt-daemon, libvirt-sanlock packages |
4116 | + * Keep multiarch changes. |
4117 | + - Keep debian/{libvirt-bin.apport,libvirt-bin.cron.daily} |
4118 | + - Keep change d/libvirt0.install and d/libvirt-dev.install that |
4119 | + adds multi-arch wildcard. |
4120 | + - d/libvirt-daemon-system.libvirtd.default -> |
4121 | + d/libvirt-bin.libvirt-bin.default |
4122 | + - d/libvirt-daemon-system.dirs -> d/libvirt-bin.dirs |
4123 | + * Add /etc/apparmor.d/{abstractions,disable,force-complain,local} |
4124 | + * Add /etc/cron.daily |
4125 | + * Add /usr/share/apport/package-hooks |
4126 | + * Add /var/log/libvirt/libxl |
4127 | + * Add /etc/dnsmasq.d-available |
4128 | + * Remove /usr/share/polkit-1/rules.d/ |
4129 | + * Remove /var/lib/polkit-1/localauthority/10-vendor.d/ |
4130 | + - Keep debian/libvirt-bin.dnsmasq |
4131 | + - d/libvirt-daemon-system.examples -> d/libvirt-bin.examples |
4132 | + * Remove debian/build/daemon/libvirtd.policy |
4133 | + * Drop debian/libvirt-suspendonreboot |
4134 | + - d/libvirt-daemon-system.libvirtd.init -> d/libvirt-bin.libvirt-bin.init |
4135 | + * Add provides libvirt-bin |
4136 | + * Change /etc/default/libvirtd into /etc/default/libvirt-bin |
4137 | + * Add wait_on_sockfile() and call it during start |
4138 | + - d/libvirt-daemon-system.install -> d/libvirt-bin.install |
4139 | + * Add usr/bin/* |
4140 | + * Add usr/sbin/* |
4141 | + * Add etc/apparmor.d/* |
4142 | + * Replace etc/libvirt/{libvirtd,virtlockd,virtlogd}.conf -> etc/libvirt/* |
4143 | + (since with the clients included there are many more config files) |
4144 | + * Add usr/share/polkit-1 |
4145 | + * Add usr/lib/libvirt/* |
4146 | + * Add usr/share/augeas/* |
4147 | + * Add usr/share/libvirt/* |
4148 | + * Add usr/share/man/man8/* |
4149 | + * Add usr/share/apport/package-hooks/source_libvirt.py |
4150 | + * Add etc/dnsmasq.d-available/libvirt-bin |
4151 | + * Add etc/profile.d/libvirt-uri.sh |
4152 | + * Add usr/lib/libvirt |
4153 | + - d/libvirt-daemon-system.links -> d/libvirt-bin.links |
4154 | + * Replace libvirt-daemon-system with libvirt-bin for libvirt0 |
4155 | + * Remove libvirt-daemon line |
4156 | + - Remove d/libvirt-bin.maintscript |
4157 | + - d/libvirt-clients.manpages -> d/libvirt-bin.manpages |
4158 | + * Add debian/libvirt-migrate-qemu-disks.1 |
4159 | + * Add debian/libvirt-migrate-qemu-machinetype.1 |
4160 | + * Add debian/libvirt-migrate-xend-managed-domains.1 |
4161 | + - Combined d/libvirt-daemon-system.NEWS and d/libvirt-daemon.NEWS into |
4162 | + d/libvirt-bin.NEWS |
4163 | + - Keep d/libvirt-bin.{postinst,postrm,preinst} though they probably could |
4164 | + be freshly derived from libvirt-daemon counterparts. |
4165 | + * Added removal of qemu capability cache (found in Debian) to postinst |
4166 | + * Added reload of virtlogd in postinst (following example of virtlockd) |
4167 | + - Replace d/libvirt-bin.preinst |
4168 | + - Add d/libvirt-bin.upstart |
4169 | + - d/libvirt-daemon-system.virtlogd.init -> d/libvirt-bin.virtlogd.init |
4170 | + - Remove d/libvirt-clients.install |
4171 | + - Remove d/libvirt-clients.links |
4172 | + - Remove d/libvirt-daemon.install |
4173 | + - Remove d/libvirt-daemon.links |
4174 | + - d/libvirt-daemon.README.Debian -> d/libvirt-bin.README.Debian |
4175 | + * Replaced access control section |
4176 | + * Appended apparmor profile section |
4177 | + * Appended disk migration section |
4178 | + * Appended qemu/kvm machine type migration section |
4179 | + - Remove d/libvirt-daemon-system.{maintscript,postinst,postrm,preinst} |
4180 | + - Keep libvirt-migrate-qemu-disks (and manpage) |
4181 | + - Keep libvirt-migrate-qemu-machinetype (and manpage) |
4182 | + - Keep libvirt-migrate-xend-managed-domains (and manpage) |
4183 | + - Remove d/libvirt-sanlock.{cron.weekly,links,install} |
4184 | + - Drop d/libvirt-stop-guests |
4185 | + - Drop d/libvirt-suspendonreboot (replaced by upstream libvirt-guests) |
4186 | + - Keep d/libvirt-uri.sh |
4187 | + - Remove d/polkit/60-libvirt.pkla (and polkit directory) |
4188 | + - d/tests/control |
4189 | + - Add build-essential and pkg-config dependencies to build-test |
4190 | + - debian/rules: |
4191 | + * Add autoconf stuff (not sure what still really gets used). |
4192 | + * Use qemu-group kvm instead of libvirt-qemu |
4193 | + * Add SHEEPDOGCLI environment variable to dh_auto_configure |
4194 | + override (instead of an DEB_DH_... make variable which no |
4195 | + longer takes effect). |
4196 | + * Drop --with-secdriver-apparmor --with-apparmor-profiles from |
4197 | + WITH_APPARMOR config. |
4198 | + * Change WITH_FIREWALLD and WITH_SELINUX settings to disabled. |
4199 | + * Change WITH_DTRACE setting to disabled. |
4200 | + * Drop DEB_DH_SYSTEMD_START_ARGS_libvirt-bin as it is no longer |
4201 | + needed after dropping cdbs. |
4202 | + * Add to override_dh_install section |
4203 | + - Install apparmor files (and post-processing) |
4204 | + - Install apport hooks. |
4205 | + - Install migration tools. |
4206 | + - Install profile script to autoset URI. |
4207 | + - Replace package name libvirt-daemon-system with libvirt-bin. |
4208 | + - Debian now copies libvirt-guests.{init,default} and |
4209 | + virtlogd.default from upstream source. Copy virtlockd.default |
4210 | + as well. |
4211 | + - Rename libvirtd.{socket,service} to libvirt-bin.{socket,service} |
4212 | + - Change dh_systemd_start to use virtlo{g,ck}d.socket only (the |
4213 | + services are supposed to be started by using the sockets. |
4214 | + - Move libs and pkgconfig under multiarch directory. |
4215 | + * Modify override_dh_auto_clean |
4216 | + - Replace package name libvirt-daemon-system with libvirt-bin |
4217 | + - Delete upstream files which were copied into debian/. |
4218 | + * Add override_dh_gencontrol section which conditionally adds |
4219 | + conflicts on apparmor. |
4220 | + * Add override_dh_makeshlibs section to pass version info for |
4221 | + libvirt0. |
4222 | + * Dropped patches: |
4223 | + - ubuntu/virt-aa-helper-handle-ovmf (upstream added ovmf paths to |
4224 | + restricted_rw) |
4225 | + * Refreshed patches: |
4226 | + - refreshed d/p/ubuntu/9034-complete-9p-support |
4227 | + * New patches |
4228 | + - d/ubuntu/libvirt-guests-exclude-dom0.patch |
4229 | + - d/ubuntu/libxl-no-dm-check.patch |
4230 | + - d/ubuntu/libxl-fix-test-data.patch |
4231 | + - d/ubuntu/Debianize-virtlogd-service.patch |
4232 | + - d/ubuntu/Debianize-virtlockd-init.patch |
4233 | + - d/ubuntu/switch-service-files-to-libvirt-bin.patch |
4234 | + - d/ubuntu/libvirt-socket-fix-group.patch |
4235 | + |
4236 | + -- Stefan Bader <stefan.bader@canonical.com> Fri, 12 Feb 2016 14:46:21 +0100 |
4237 | + |
4238 | libvirt (1.3.1-1) unstable; urgency=medium |
4239 | |
4240 | [ Guido Günther ] |
4241 | @@ -1913,6 +5991,151 @@ libvirt (1.3.0~rc1-1) experimental; urgency=medium |
4242 | |
4243 | -- Guido Günther <agx@sigxcpu.org> Fri, 04 Dec 2015 17:12:53 +0100 |
4244 | |
4245 | +libvirt (1.2.21-2ubuntu10) xenial; urgency=medium |
4246 | + |
4247 | + * Multiarchify the library packages. |
4248 | + |
4249 | + -- Matthias Klose <doko@ubuntu.com> Thu, 28 Jan 2016 16:33:15 +0100 |
4250 | + |
4251 | +libvirt (1.2.21-2ubuntu9) xenial; urgency=medium |
4252 | + |
4253 | + * debian/rules: Disable cdbs' implicitly generated dh_systemd_start calls. |
4254 | + We already call it explicitly with the right options, calling it again |
4255 | + with the default options stops libvirt-guests during upgrades. |
4256 | + (LP: #1533839) |
4257 | + |
4258 | + -- Martin Pitt <martin.pitt@ubuntu.com> Mon, 18 Jan 2016 09:10:21 +0100 |
4259 | + |
4260 | +libvirt (1.2.21-2ubuntu8) xenial; urgency=low |
4261 | + |
4262 | + * d/libvirt-stop-guests: Skip Domain-0 on guest shutdown. Newer |
4263 | + versions of libvirt will include dom0 in the list of running domains |
4264 | + (with libxl). This special domain must be ignored. |
4265 | + |
4266 | + -- Stefan Bader <stefan.bader@canonical.com> Thu, 14 Jan 2016 11:35:39 +0100 |
4267 | + |
4268 | +libvirt (1.2.21-2ubuntu7) xenial; urgency=medium |
4269 | + |
4270 | + * d/apparmor/libvirt-qemu: silence denial to shm/lttng file since shm |
4271 | + mountpoint has moved (LP: #1529319) |
4272 | + |
4273 | + -- Serge Hallyn <serge.hallyn@ubuntu.com> Mon, 11 Jan 2016 11:55:28 -0800 |
4274 | + |
4275 | +libvirt (1.2.21-2ubuntu6) xenial; urgency=medium |
4276 | + |
4277 | + * d/apparmor/libvirt-qemu: add r access to max_mem_regions vhost module |
4278 | + paramater (LP: #1531564) |
4279 | + |
4280 | + -- Serge Hallyn <serge.hallyn@ubuntu.com> Mon, 11 Jan 2016 11:33:02 -0800 |
4281 | + |
4282 | +libvirt (1.2.21-2ubuntu5) xenial; urgency=medium |
4283 | + |
4284 | + * SECURITY UPDATE: ACL bypass using storage pool directory traversal |
4285 | + - debian/patches/CVE-2015-5313.patch: filter filesystem volume names in |
4286 | + src/storage/storage_backend_fs.c. |
4287 | + - CVE-2015-5313 |
4288 | + |
4289 | + -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Fri, 08 Jan 2016 10:32:17 -0500 |
4290 | + |
4291 | +libvirt (1.2.21-2ubuntu4) xenial; urgency=medium |
4292 | + |
4293 | + * Revert Ubuntu-specific patch to build-depend on libsystemd-daemon-dev |
4294 | + instead of libsystemd-dev; libsystemd-daemon-dev is no longer built from |
4295 | + systemd source so we want libsystemd-dev. |
4296 | + |
4297 | + -- Colin Watson <cjwatson@ubuntu.com> Tue, 29 Dec 2015 00:31:16 +0000 |
4298 | + |
4299 | +libvirt (1.2.21-2ubuntu3) xenial; urgency=medium |
4300 | + |
4301 | + * Fix build-test autopkgtest: it now expects to run with the current |
4302 | + directory set to the root of the unpacked source package, writes to |
4303 | + $ADTTMP rather than to the source package, and declares dependencies on |
4304 | + build-essential and pkg-config. |
4305 | + |
4306 | + -- Colin Watson <cjwatson@ubuntu.com> Mon, 28 Dec 2015 05:25:54 +0000 |
4307 | + |
4308 | +libvirt (1.2.21-2ubuntu2) xenial; urgency=medium |
4309 | + |
4310 | + * d/apparmor/libvirt-qemu: add permission to the systemd-mounted hugepages |
4311 | + path. (LP: #1524737) |
4312 | + |
4313 | + -- Serge Hallyn <serge.hallyn@ubuntu.com> Thu, 17 Dec 2015 10:49:18 -0800 |
4314 | + |
4315 | +libvirt (1.2.21-2ubuntu1) xenial; urgency=medium |
4316 | + |
4317 | + * Merge from Debian unstable. Remaining changes: |
4318 | + - debian/apparmor/{libvirt-lxc,libvirt-qemu,local-usr.sbin.libvirtd, |
4319 | + TEMPLATE.lxc,TEMPLATE.qemu,usr.lib.libvirt.virt-aa-helper, |
4320 | + usr.sbin.libvirtd} Add apparmor profiles. |
4321 | + - debian/bug-presubj: removed |
4322 | + - debian/control: |
4323 | + - add cdbs, dh-autoreconf, libcurl4-gnutls-dev |
4324 | + - add libxml-libxml-perl, libhal-dev |
4325 | + - swap open-iscsi to open-iscsi-utils |
4326 | + - Enable numa support on ppc64el. |
4327 | + - remove libsanlock-dev, libselinux1-dev |
4328 | + - use libsystemd-daemon-dev instead of libsystemd-dev |
4329 | + - remove systemtap-sdt-dev, python, sheepdog, librados-dev, libfuse-dev |
4330 | + - remove libssh2-1, augeas-tools |
4331 | + - add libcgmanager-dev, xsltproc |
4332 | + - remove Vcs-Git |
4333 | + - adjust X-Python-Version > 2.7 |
4334 | + - don't build libvirt-clients, libvirt-daemon, libvirt-sanlock packages |
4335 | + - keep debian/{libvirt-bin.apport,libvirt-bin.cron.daily} |
4336 | + - debian/libvirt-daemon.* has been mostly renamed to debian/libvirt-bin.* |
4337 | + - add upstart script for libvirt-bin |
4338 | + - debian/*.{links,maintscript} files not added |
4339 | + - keep ubuntu maintscript modifications |
4340 | + - debian/libvirt-sanlock* not merged |
4341 | + - debian/libvirt-clients* not merged |
4342 | + - keep debian/{libvirt-migrate-qemu-disks.*, |
4343 | + libvirt-migrate-qemu-machinetype.*, |
4344 | + libvirt-migrate-xend-managed-domains.*} |
4345 | + - keep debian/libvirt-suspendonreboot |
4346 | + - keep debian/libvirt-uri.sh |
4347 | + - debian/polkit/* not added |
4348 | + - debian/README.Debian: |
4349 | + - add 'Apparmor Profile' section |
4350 | + - add 'Disk migration' section |
4351 | + - debian/rules: |
4352 | + - add cdbs and autoconf stuff |
4353 | + - don't build WITH_SANLOCK, WITH_INIT_SCRIPT, WITH_SYSTEMD, WITH_FIREWALLD |
4354 | + WITH_SELINUX |
4355 | + - use qemu-group kvm instead of libvirt-qemu |
4356 | + - set DEB_DH_INSTALLINIT_ARGS to '--upstart-only' |
4357 | + - remove auto_test section |
4358 | + - add build/libvirt-bin:: section to install |
4359 | + - apparmor files |
4360 | + - apport hooks |
4361 | + - libvirt-migrate-qemu-disks |
4362 | + - use clean:: instead of dh_*clean |
4363 | + - Move ubuntu specific patches to 'debian/patches/ubuntu' |
4364 | + * Dropped patches: |
4365 | + - drop 9033-apparmor-use-TEMPLATE.qemu-for-kvm.patch (upstream 16d2bc8b) |
4366 | + - drop 9036-util-prepare-uri-for-libxml2-2.9.2.patch (upstream 8f17d0ea) |
4367 | + - drop 9040-virt-aa-helper-add-unix-channels (upstream 03d7462d) |
4368 | + - drop CVE-2014-3633.patch (upstream 3e745e8f) |
4369 | + - drop CVE-2014-3657.patch (upstream fc22b2e7) |
4370 | + - drop CVE-2014-7823.patch (upstream b1674ad5) |
4371 | + - drop Don-t-fail-if-we-can-t-setup-avahi.patch (dropped in debian) |
4372 | + - drop add-ppc64le-support.patch (upstream 9265fd19, addce06c, 1e911742, |
4373 | + bdbe723f, 5e4f49ab) |
4374 | + - drop blockdev-migration patches (upstream 1049a8d8, 9c5efd1a, cb7297c1, |
4375 | + a5250449, e9ef8565, 952907f5, 5eb03b6e, 93a19e28, a4e92f9e, de0aeafe) |
4376 | + - storage-allow-zero-capacity-with-non-backing-file-to.patch, |
4377 | + tests-add-vol-qcow2-zerocapacity-test-to-storagevolx.patch |
4378 | + (upstream 0bcda653, b8cc0cc5) |
4379 | + - ubuntu/fix-ubuntu-xen-qemu-dm-path.patch dropped in favor of |
4380 | + Allow-xen-toolstack-to-find-it-s-binaries.patch |
4381 | + - drop ubuntu-libxl-Implement-basic-video-device-selection.patch |
4382 | + (upstream 1298daca) |
4383 | + - remove dont-include-non-migrateable-features-in-host-model |
4384 | + (upstream and not included in series) |
4385 | + - remove upstream-libxl-Allow-libxl-to-find-pygrub-binary.patch |
4386 | + (upstream and not included in series) |
4387 | + |
4388 | + -- Chris J Arges <chris.j.arges@canonical.com> Wed, 02 Dec 2015 12:06:09 -0600 |
4389 | + |
4390 | libvirt (1.2.21-2) unstable; urgency=medium |
4391 | |
4392 | * [014a0c7] Add a build test to verify that the we can link against libvirt |
4393 | @@ -2025,45 +6248,202 @@ libvirt (1.2.18-1) experimental; urgency=medium |
4394 | |
4395 | -- Guido Günther <agx@sigxcpu.org> Tue, 11 Aug 2015 21:19:43 +0200 |
4396 | |
4397 | -libvirt (1.2.16-2) unstable; urgency=medium |
4398 | +libvirt (1.2.16-2ubuntu14) xenial; urgency=medium |
4399 | |
4400 | - * [0266267] Build-Depend and suggest nfs-common |
4401 | - for showmount |
4402 | - Thanks to Laurent Bigonville (Closes: #787783) |
4403 | - * [a48c783] Build depend on libpolkit-gobject-1-dev |
4404 | - to properly detect uid support in pkcheck. |
4405 | - Thanks to Laurent Bigonville (Closes: #787782) |
4406 | - * [3d0fe35] Enable firewalld support. |
4407 | - Thanks to Laurent Bigonville (Closes: #714372) |
4408 | + * debian/apparmor/libvirt-qemu: add a bunch of newly available qemu-* |
4409 | + architecture binaries. (LP: #1519030) |
4410 | |
4411 | - -- Guido Günther <agx@sigxcpu.org> Fri, 05 Jun 2015 10:12:28 +0200 |
4412 | + -- Dimitri John Ledkov <xnox@ubuntu.com> Mon, 23 Nov 2015 17:42:52 +0000 |
4413 | |
4414 | -libvirt (1.2.16-1) unstable; urgency=medium |
4415 | +libvirt (1.2.16-2ubuntu13) xenial; urgency=medium |
4416 | |
4417 | - * Upload to unstabl |
4418 | - * [50e9055] New upstream version 1.2.16 |
4419 | + * debian/control: switch ebtables from Recommends to Depends or default |
4420 | + configuration network doesn't get created. (LP: #1505576) |
4421 | |
4422 | - -- Guido Günther <agx@sigxcpu.org> Wed, 03 Jun 2015 08:44:53 +0200 |
4423 | + -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Thu, 05 Nov 2015 15:14:04 -0600 |
4424 | |
4425 | -libvirt (1.2.16~rc2-3) experimental; urgency=medium |
4426 | +libvirt (1.2.16-2ubuntu12) xenial; urgency=medium |
4427 | |
4428 | - * [6d22215] Fix one more libxl leftover |
4429 | + * virt-aa-helper apparmor policy: add 'network inet6' (LP: #1511830) |
4430 | |
4431 | - -- Guido Günther <agx@sigxcpu.org> Mon, 01 Jun 2015 08:49:50 +0200 |
4432 | + -- Serge Hallyn <serge.hallyn@ubuntu.com> Mon, 02 Nov 2015 11:49:56 -0600 |
4433 | |
4434 | -libvirt (1.2.16~rc2-2) experimental; urgency=medium |
4435 | +libvirt (1.2.16-2ubuntu11) wily; urgency=medium |
4436 | |
4437 | - * [132348d] Only install libxl configuratin on hosts that support XEN |
4438 | + * Fix the preinst and postinst: the check for whether libvirt-bin was |
4439 | + running was wrong for upstart systems, but we don't need to do that |
4440 | + anyway - just stop libvirt-bin unconditionally. (LP: #1499199) |
4441 | + * libvirt-guests.service: fix libvirtd.service -> libvirt-bin.service |
4442 | |
4443 | - -- Guido Günther <agx@sigxcpu.org> Sat, 30 May 2015 13:39:22 +0200 |
4444 | + -- Serge Hallyn <serge.hallyn@ubuntu.com> Sun, 27 Sep 2015 15:47:08 +0000 |
4445 | |
4446 | -libvirt (1.2.16~rc2-1) experimental; urgency=medium |
4447 | +libvirt (1.2.16-2ubuntu10) wily; urgency=medium |
4448 | |
4449 | - * [540f826] New upstream version 1.2.16~rc2 |
4450 | + * Add qemu-block-extra libraries to libvirt apparmor profile (LP: #1495895) |
4451 | |
4452 | - -- Guido Günther <agx@sigxcpu.org> Fri, 29 May 2015 17:26:00 +0200 |
4453 | + -- Ryan Harper <ryan.harper@canonical.com> Wed, 16 Sep 2015 13:20:48 -0500 |
4454 | |
4455 | -libvirt (1.2.16~rc1-1) experimental; urgency=medium |
4456 | +libvirt (1.2.16-2ubuntu9) wily; urgency=medium |
4457 | + |
4458 | + * Add upstream patches implementing a '--migrate-disks' option to virsh |
4459 | + migrate to specify block devices to migrate. (LP: #1398999) |
4460 | + |
4461 | + -- Serge Hallyn <serge.hallyn@ubuntu.com> Fri, 04 Sep 2015 09:29:52 -0500 |
4462 | + |
4463 | +libvirt (1.2.16-2ubuntu8) wily; urgency=medium |
4464 | + |
4465 | + * Support OVMF images in virt-aa-helper. (LP: #1483071) |
4466 | + * Fix the libvirt-bin.preinst to not stop libvirt-bin on upgrade |
4467 | + from 1.2.16-2ubuntu7. |
4468 | + |
4469 | + -- Serge Hallyn <serge.hallyn@ubuntu.com> Fri, 14 Aug 2015 07:34:30 -0500 |
4470 | + |
4471 | +libvirt (1.2.16-2ubuntu7) wily; urgency=medium |
4472 | + |
4473 | + * Stop libvirt-bin at pre-inst if upgrading from a non-systemd version, |
4474 | + restart at postinst. (This can be removed after 16.04 release) |
4475 | + * Commonize stopping of vms in upstart/systemd. |
4476 | + |
4477 | + -- Serge Hallyn <serge.hallyn@ubuntu.com> Tue, 11 Aug 2015 17:40:36 -0500 |
4478 | + |
4479 | +libvirt (1.2.16-2ubuntu6) wily; urgency=medium |
4480 | + |
4481 | + * Add systemd units and libvirt-stop-guests script to stop VMs before |
4482 | + a host completes shutdown (LP: #1480440) |
4483 | + |
4484 | + -- Serge Hallyn <serge.hallyn@ubuntu.com> Tue, 11 Aug 2015 15:42:29 -0500 |
4485 | + |
4486 | +libvirt (1.2.16-2ubuntu5) wily; urgency=medium |
4487 | + |
4488 | + * debian/control changes: |
4489 | + - Replace module-init-tools with kmod |
4490 | + * debian/tests: |
4491 | + - add autopkgtests from Debian |
4492 | + |
4493 | + -- Chris J Arges <chris.j.arges@canonical.com> Fri, 10 Jul 2015 14:15:48 -0500 |
4494 | + |
4495 | +libvirt (1.2.16-2ubuntu4) wily; urgency=medium |
4496 | + |
4497 | + * d/p/{storage-allow-zero-capacity-with-non-backing-file-to.patch, |
4498 | + tests-add-vol-qcow2-zerocapacity-test-to-storagevolx.patch} added to address |
4499 | + (LP: #1459748). Allow zero capacity storage creation with non-backing file. |
4500 | + |
4501 | + -- Chris J Arges <chris.j.arges@canonical.com> Fri, 10 Jul 2015 12:50:50 -0500 |
4502 | + |
4503 | +libvirt (1.2.16-2ubuntu3) wily; urgency=medium |
4504 | + |
4505 | + * debian/apparmor/libvirt-qemu: |
4506 | + allow serial console backed by pts chardev (LP: #1342083) |
4507 | + |
4508 | + -- Chris J Arges <chris.j.arges@canonical.com> Tue, 07 Jul 2015 16:38:17 -0500 |
4509 | + |
4510 | +libvirt (1.2.16-2ubuntu2) wily; urgency=low |
4511 | + |
4512 | + [ Chris J Arges ] |
4513 | + * Merge from Debian unstable. Remaining changes: |
4514 | + - debian/apparmor/{libvirt-lxc,libvirt-qemu,local-usr.sbin.libvirtd, |
4515 | + TEMPLATE.lxc,TEMPLATE.qemu,usr.lib.libvirt.virt-aa-helper, |
4516 | + usr.sbin.libvirtd} Add apparmor profiles. |
4517 | + - debian/bug-presubj: removed |
4518 | + - debian/control: |
4519 | + - add cdbs, dh-autoreconf, libcurl4-gnutls-dev |
4520 | + - add libxml-libxml-perl, libhal-dev |
4521 | + - swap open-iscsi to open-iscsi-utils |
4522 | + - Enable numa support on ppc64 and ppc64el. |
4523 | + - remove libsanlock-dev, libselinux1-dev, libsystemd-daemon-dev |
4524 | + - remove systemtap-sdt-dev, python, sheepdog, librados-dev, libfuse-dev |
4525 | + - remove libssh2-1, augeas-tools |
4526 | + - add libcgmanager-dev, xsltproc |
4527 | + - remove Vcs-Git |
4528 | + - adjust X-Python-Version > 2.7 |
4529 | + - don't build libvirt-clients, libvirt-daemon, libvirt-sanlock packages |
4530 | + * keep debian/{libvirt-bin.apport,libvirt-bin.cron.daily} |
4531 | + * debian/libvirt-daemon.* has been mostly renamed to debian/libvirt-bin.* |
4532 | + * add upstart script for libvirt-bin |
4533 | + * debian/*.links files not added |
4534 | + * debian/libvirt-sanlock* not merged |
4535 | + * debian/libvirt-clients* not merged |
4536 | + * debian smoke tests not merged |
4537 | + * keep debian/{libvirt-migrate-qemu-disks.*, |
4538 | + libvirt-migrate-qemu-machinetype.*, |
4539 | + libvirt-migrate-xend-managed-domains.*} |
4540 | + * keep debian/libvirt-suspendonreboot |
4541 | + * keep debian/libvirt-uri.sh |
4542 | + * Don't apply the following patches: |
4543 | + - d/p/Debianize-libvirt-guests.patch |
4544 | + - d/p/Debianize-systemd-service-files.patch |
4545 | + - d/p/debian/Debianize-virtlockd.patch |
4546 | + - d/p/fix-Debian-specific-path-to-hvm-loader.patch |
4547 | + - d/p/Disable-gnulib-s-test-nonplocking-pipe.sh.patch |
4548 | + - d/p/patch-qemuMonitorTextGetMigrationStatus-to-intercept.patch |
4549 | + * debian/polkit/* not added |
4550 | + * debian/README.Debian: |
4551 | + - add 'Apparmor Profile' section |
4552 | + - add 'Disk migration' section |
4553 | + * debian/rules: |
4554 | + - add cdbs and autoconf stuff |
4555 | + - don't build WITH_SANLOCK, WITH_INIT_SCRIPT, WITH_SYSTEMD, WITH_FIREWALLD |
4556 | + WITH_SELINUX |
4557 | + - use qemu-group kvm instead of libvirt-qemu |
4558 | + - set DEB_DH_INSTALLINIT_ARGS to '--upstart-only' |
4559 | + - remove auto_test section |
4560 | + - add build/libvirt-bin:: section to install |
4561 | + - apparmor files |
4562 | + - apport hooks |
4563 | + - libvirt-migrate-qemu-disks |
4564 | + - use clean:: instead of dh_*clean |
4565 | + |
4566 | + [ Chuck Short ] |
4567 | + + Rediffed: |
4568 | + - debian/patches/storage-default-permission-mode-to-0711 |
4569 | + - debian/patches/ubuntu_machine_type.patch |
4570 | + * debian/libvirt-bin.init: Adjust avahi to avahi-daemon (LP: #1453572) |
4571 | + |
4572 | + [ Serge Hallyn ] |
4573 | + * 9040-virt-aa-helper-add-unix-channels.patch: add support for unix |
4574 | + sockets for serials. (LP: #1015154) |
4575 | + |
4576 | + -- Chris J Arges <chris.j.arges@canonical.com> Wed, 01 Jul 2015 13:33:40 -0500 |
4577 | + |
4578 | +libvirt (1.2.16-2) unstable; urgency=medium |
4579 | + |
4580 | + * [0266267] Build-Depend and suggest nfs-common |
4581 | + for showmount |
4582 | + Thanks to Laurent Bigonville (Closes: #787783) |
4583 | + * [a48c783] Build depend on libpolkit-gobject-1-dev |
4584 | + to properly detect uid support in pkcheck. |
4585 | + Thanks to Laurent Bigonville (Closes: #787782) |
4586 | + * [3d0fe35] Enable firewalld support. |
4587 | + Thanks to Laurent Bigonville (Closes: #714372) |
4588 | + |
4589 | + -- Guido Günther <agx@sigxcpu.org> Fri, 05 Jun 2015 10:12:28 +0200 |
4590 | + |
4591 | +libvirt (1.2.16-1) unstable; urgency=medium |
4592 | + |
4593 | + * Upload to unstabl |
4594 | + * [50e9055] New upstream version 1.2.16 |
4595 | + |
4596 | + -- Guido Günther <agx@sigxcpu.org> Wed, 03 Jun 2015 08:44:53 +0200 |
4597 | + |
4598 | +libvirt (1.2.16~rc2-3) experimental; urgency=medium |
4599 | + |
4600 | + * [6d22215] Fix one more libxl leftover |
4601 | + |
4602 | + -- Guido Günther <agx@sigxcpu.org> Mon, 01 Jun 2015 08:49:50 +0200 |
4603 | + |
4604 | +libvirt (1.2.16~rc2-2) experimental; urgency=medium |
4605 | + |
4606 | + * [132348d] Only install libxl configuratin on hosts that support XEN |
4607 | + |
4608 | + -- Guido Günther <agx@sigxcpu.org> Sat, 30 May 2015 13:39:22 +0200 |
4609 | + |
4610 | +libvirt (1.2.16~rc2-1) experimental; urgency=medium |
4611 | + |
4612 | + * [540f826] New upstream version 1.2.16~rc2 |
4613 | + |
4614 | + -- Guido Günther <agx@sigxcpu.org> Fri, 29 May 2015 17:26:00 +0200 |
4615 | + |
4616 | +libvirt (1.2.16~rc1-1) experimental; urgency=medium |
4617 | |
4618 | * [d17b3cb] Add libxl configuration files |
4619 | * [24520fd] Update gbp.conf for experimental |
4620 | @@ -2090,6 +6470,49 @@ libvirt (1.2.15-1) experimental; urgency=medium |
4621 | |
4622 | -- Guido Günther <agx@sigxcpu.org> Tue, 05 May 2015 19:26:21 +0200 |
4623 | |
4624 | +libvirt (1.2.15-0ubuntu4) wily; urgency=medium |
4625 | + |
4626 | + * Add post-start to upstart (/etc/init/libvirt-bin.conf) and |
4627 | + sysv (/etc/init.d/libvirt-bin) jobs to ensure libvirt-sock |
4628 | + created before up (LP: #1455608) |
4629 | + |
4630 | + -- Edward Hope-Morley <edward.hope-morley@canonical.com> Thu, 28 May 2015 16:06:44 +0100 |
4631 | + |
4632 | +libvirt (1.2.15-0ubuntu3) wily; urgency=low |
4633 | + |
4634 | + * d/p/ubuntu-libxl-qemu-path.patch: Set correct path for qemu binary |
4635 | + for new configs and convert old configs using qemu-dm. |
4636 | + (LP: #1459600) |
4637 | + * d/p/ubuntu-libxl-hvmloader-path.patch: Get Xen version from dpkg-query |
4638 | + at compile time and set LIBXL_FIRMWARE_DIR as long as libxen-dev does |
4639 | + not provide a xenlight.pc file. Use that directory to update existing |
4640 | + configs. |
4641 | + (LP: #1459603) |
4642 | + |
4643 | + -- Stefan Bader <stefan.bader@canonical.com> Thu, 28 May 2015 12:21:23 +0200 |
4644 | + |
4645 | +libvirt (1.2.15-0ubuntu2) wily; urgency=medium |
4646 | + |
4647 | + * debian/apparmor/libvirt-qemu: add /sys read accesses needed by newer |
4648 | + qemu: /sys/devices/system/node/, /sys/devices/system/cpu/ and |
4649 | + /sys/devices/system/node/node[0-9]*/meminfo |
4650 | + |
4651 | + -- Jamie Strandboge <jamie@ubuntu.com> Wed, 13 May 2015 16:41:54 -0500 |
4652 | + |
4653 | +libvirt (1.2.15-0ubuntu1) wily; urgency=medium |
4654 | + |
4655 | + * New upstream release: |
4656 | + + Dropped patches: |
4657 | + - d/p/add-cgmanager-support.patch |
4658 | + - d/p/cgmanager-mutex |
4659 | + - d/p/cgm-ignore-machined-failure |
4660 | + - d/p/9020-lp545795.patch |
4661 | + - d/pa/ubuntu-libxl-qemu-nopath.patch |
4662 | + - d/p/ubuntu-libxl-migrate-dm.patch |
4663 | + - d/p9037-virt-aa-helper-add-unix-channels-esp-for-qemu-guest-.patch |
4664 | + |
4665 | + -- Chuck Short <zulcss@ubuntu.com> Thu, 07 May 2015 10:27:49 -0400 |
4666 | + |
4667 | libvirt (1.2.15~rc2-1) experimental; urgency=medium |
4668 | |
4669 | * [852e3c3] New upstream version 1.2.15~rc2 |
4670 | @@ -2148,6 +6571,110 @@ libvirt (1.2.12-1) experimental; urgency=medium |
4671 | |
4672 | -- Guido Günther <agx@sigxcpu.org> Thu, 29 Jan 2015 11:02:21 +0100 |
4673 | |
4674 | +libvirt (1.2.12-0ubuntu12) vivid; urgency=low |
4675 | + |
4676 | + * Add profile script to automatically set the default URI based on |
4677 | + the currently running hyperisor (Xen or KVM/Qemu). |
4678 | + (LP: #1334749) |
4679 | + |
4680 | + -- Stefan Bader <stefan.bader@canonical.com> Tue, 14 Apr 2015 09:02:52 -0500 |
4681 | + |
4682 | +libvirt (1.2.12-0ubuntu11) vivid; urgency=medium |
4683 | + |
4684 | + * create /var/lib/libvirt/qemu/channel/target (LP: #1393842) |
4685 | + - libvirt-bin.dirs: add /var/lib/libvirt/qemu/channel/target |
4686 | + - libvirt-bin.postinst: chown target directory to libvirt-qemu:kvm so |
4687 | + qemu can create the unix sockets. |
4688 | + |
4689 | + -- Serge Hallyn <serge.hallyn@ubuntu.com> Thu, 09 Apr 2015 10:40:05 -0500 |
4690 | + |
4691 | +libvirt (1.2.12-0ubuntu10) vivid; urgency=medium |
4692 | + |
4693 | + * Fix previous patch to ignore any abstract unix domain sockets |
4694 | + * Update the cgmanager patch so that container start and stop work under |
4695 | + systemd. (LP: #1438730) In 15.10 we will drop the cgmanager patch(es). |
4696 | + |
4697 | + -- Serge Hallyn <serge.hallyn@ubuntu.com> Wed, 08 Apr 2015 10:58:04 -0500 |
4698 | + |
4699 | +libvirt (1.2.12-0ubuntu9) vivid; urgency=medium |
4700 | + |
4701 | + * 9037-virt-aa-helper-add-unix-channels-esp-for-qemu-guest-.patch: Allow |
4702 | + libvirt domains to start when using qemu guest agent. (LP: #1393842) |
4703 | + |
4704 | + -- Serge Hallyn <serge.hallyn@ubuntu.com> Mon, 06 Apr 2015 11:14:03 -0500 |
4705 | + |
4706 | +libvirt (1.2.12-0ubuntu8) vivid; urgency=medium |
4707 | + |
4708 | + * silence denial of attempted reads of lttng files (LP: #1432644) |
4709 | + |
4710 | + -- Serge Hallyn <serge.hallyn@ubuntu.com> Fri, 27 Mar 2015 21:36:27 -0500 |
4711 | + |
4712 | +libvirt (1.2.12-0ubuntu7) vivid; urgency=low |
4713 | + |
4714 | + * No-change rebuild to pull in libxen-dev 4.5 |
4715 | + |
4716 | + -- Stefan Bader <stefan.bader@canonical.com> Wed, 25 Feb 2015 18:31:16 +0100 |
4717 | + |
4718 | +libvirt (1.2.12-0ubuntu6) vivid; urgency=low |
4719 | + |
4720 | + * Fix xml validation for Xen by allowing non-absolute path values |
4721 | + in loader and bootloader elements (LP: #1425497). |
4722 | + * Fix up Xen emulator in old configurations and for new definitions to |
4723 | + point to /usr/bin/qemu-system-i386 (LP: #1425497). |
4724 | + |
4725 | + -- Stefan Bader <stefan.bader@canonical.com> Fri, 13 Feb 2015 17:57:27 +0100 |
4726 | + |
4727 | +libvirt (1.2.12-0ubuntu5) vivid; urgency=medium |
4728 | + |
4729 | + * Remove smoser-ppc64le-is-ppc64.patch - the problem will be solved by the |
4730 | + qemu-system-ppcle symlink in qemu-system-ppc package. |
4731 | + |
4732 | + -- Serge Hallyn <serge.hallyn@ubuntu.com> Thu, 12 Feb 2015 15:38:39 -0600 |
4733 | + |
4734 | +libvirt (1.2.12-0ubuntu4) vivid; urgency=medium |
4735 | + |
4736 | + * libvirt-qemu: allow kvm script on ppc to execute uname |
4737 | + |
4738 | + -- Serge Hallyn <serge.hallyn@ubuntu.com> Thu, 12 Feb 2015 14:05:14 -0600 |
4739 | + |
4740 | +libvirt (1.2.12-0ubuntu3) vivid; urgency=medium |
4741 | + |
4742 | + * Apply patch from smoser to make libvirt on ppc64le functional. |
4743 | + (LP: #1418221) |
4744 | + |
4745 | + -- Serge Hallyn <serge.hallyn@ubuntu.com> Mon, 09 Feb 2015 12:09:49 -0600 |
4746 | + |
4747 | +libvirt (1.2.12-0ubuntu2) vivid; urgency=medium |
4748 | + |
4749 | + * debian/control: Use libxml-libxml-perl instead of libxml-xpath-perl. |
4750 | + * debian/patches/docs-remove-xpath.patch: Use libxml instead of XPath. |
4751 | + |
4752 | + -- Chuck Short <zulcss@ubuntu.com> Fri, 06 Feb 2015 11:28:15 -0500 |
4753 | + |
4754 | +libvirt (1.2.12-0ubuntu1) vivid; urgency=medium |
4755 | + |
4756 | + * New upstream release |
4757 | + * Rediffed patches: |
4758 | + - debian/patches/9030-create-socket-dir |
4759 | + - debian/patches/add-cgmanager-support.patch |
4760 | + - debian/patches/cgroups-ignore-systemd-failure |
4761 | + * Dropped patches: |
4762 | + - debian/patches/ubuntu-libxl-Implement-basic-video-device-selection.patch |
4763 | + - debian/patches/ubuntu-libxl-Fix-up-VRAM-to-minimum-requirements.patch |
4764 | + - debian/patches/9033-apparmor-use-TEMPLATE.qemu-for-kvm.patch |
4765 | + - debian/patches/-CVE-2014-3633.patch |
4766 | + - debian/patches/dont-include-non-migrateable-features-in-host-model |
4767 | + - debian/patches/9036-util-prepare-uri-for-libxml2-2.9.2.patch |
4768 | + - debian/patches/CVE-2014-3657.patch |
4769 | + - debian/patches/CVE-2014-7823.patch |
4770 | + - debian/patches/add-ppc64le-support.patch |
4771 | + - debian/patches/upstream-libxl-Allow-libxl-to-find-pygrub-binary.patch |
4772 | + * debian/control: Add libxml-xpath-perl and xsltproc to dependencies |
4773 | + * debian/patches/skip-vircgrouptest.patch: Skip cgroup tests. |
4774 | + * debian/patches/disable-network-test.patch: Skip network tests |
4775 | + |
4776 | + -- Chuck Short <zulcss@ubuntu.com> Tue, 03 Feb 2015 13:12:36 -0500 |
4777 | + |
4778 | libvirt (1.2.12~rc2-1) experimental; urgency=medium |
4779 | |
4780 | * [67f2b22] New upstream version 1.2.12~rc2 |
4781 | @@ -2389,6 +6916,212 @@ libvirt (1.2.8-1) experimental; urgency=medium |
4782 | |
4783 | -- Guido Günther <agx@sigxcpu.org> Fri, 05 Sep 2014 19:56:50 +0200 |
4784 | |
4785 | +libvirt (1.2.8-0ubuntu21) vivid; urgency=medium |
4786 | + |
4787 | + * d/apparmor/libvirt-qemu: Update the ceph.conf allow rule (LP: #1403648) |
4788 | + |
4789 | + -- Serge Hallyn <serge.hallyn@ubuntu.com> Fri, 30 Jan 2015 10:02:20 +0100 |
4790 | + |
4791 | +libvirt (1.2.8-0ubuntu20) vivid; urgency=medium |
4792 | + |
4793 | + * debian/rules: |
4794 | + - use --with-esx (LP: #565771) |
4795 | + - specify restart-after-upgrade (LP: #1215617) |
4796 | + * debian/control: add libcurl4-gnutls-dev for esx support |
4797 | + |
4798 | + -- Serge Hallyn <serge.hallyn@ubuntu.com> Wed, 21 Jan 2015 13:01:59 -0600 |
4799 | + |
4800 | +libvirt (1.2.8-0ubuntu19) vivid; urgency=medium |
4801 | + |
4802 | + * apparmor libvirt-qemu template: allow reading charm-specific ceph config |
4803 | + and silence denials for /tmp/**. (LP: #1403648) |
4804 | + |
4805 | + -- Serge Hallyn <serge.hallyn@ubuntu.com> Tue, 06 Jan 2015 10:27:33 -0600 |
4806 | + |
4807 | +libvirt (1.2.8-0ubuntu18) vivid; urgency=medium |
4808 | + |
4809 | + * mutex cgmanager actions (Thanks to Don Bowman for finding the cause) |
4810 | + (LP: #1397130) (LP: #1367702) |
4811 | + |
4812 | + -- Serge Hallyn <serge.hallyn@ubuntu.com> Thu, 18 Dec 2014 13:28:03 -0600 |
4813 | + |
4814 | +libvirt (1.2.8-0ubuntu17) vivid; urgency=low |
4815 | + |
4816 | + * d/p/upstream-libxl-Allow-libxl-to-find-pygrub-binary.patch: |
4817 | + Allow libxl to figure out the path to pygrub. (LP: #1396942) |
4818 | + |
4819 | + -- Stefan Bader <stefan.bader@canonical.com> Thu, 11 Dec 2014 09:51:20 +0100 |
4820 | + |
4821 | +libvirt (1.2.8-0ubuntu16) vivid; urgency=medium |
4822 | + |
4823 | + * debian/patches/add-ppc64le-support.patch: Added patches needed |
4824 | + for ppc64le support. (LP: #1396070) |
4825 | + |
4826 | + -- Chuck Short <zulcss@ubuntu.com> Thu, 27 Nov 2014 08:57:35 -0500 |
4827 | + |
4828 | +libvirt (1.2.8-0ubuntu15) vivid; urgency=medium |
4829 | + |
4830 | + * libvirt-qemu: add r to sgabios.bin (LP: #1393548) |
4831 | + |
4832 | + -- Serge Hallyn <serge.hallyn@ubuntu.com> Mon, 17 Nov 2014 15:05:22 -0600 |
4833 | + |
4834 | +libvirt (1.2.8-0ubuntu14) vivid; urgency=medium |
4835 | + |
4836 | + [ Serge Hallyn ] |
4837 | + * 9036-util-prepare-uri-for-libxml2-2.9.2.patch: fix FTBFS against new |
4838 | + libxml 2.9.2 (LP: #1390637) |
4839 | + |
4840 | + [ Marc Deslauriers ] |
4841 | + * SECURITY UPDATE: denial of service via virConnectListAllDomains |
4842 | + - debian/patches/CVE-2014-3657.patch: fix domain deadlock in |
4843 | + src/conf/domain_conf.c. |
4844 | + - CVE-2014-3657 |
4845 | + * SECURITY UPDATE: xml information leak with read-only connections |
4846 | + - debian/patches/CVE-2014-7823.patch: check for migratable flag in |
4847 | + src/libvirt.c, src/remote/remote_protocol.x. |
4848 | + - CVE-2014-7823 |
4849 | + |
4850 | + -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Tue, 11 Nov 2014 13:14:00 -0500 |
4851 | + |
4852 | +libvirt (1.2.8-0ubuntu13) vivid; urgency=medium |
4853 | + |
4854 | + * cull too-new apparmor rules depending on target host (LP: #1387251) |
4855 | + * add mising apparmor permissions for slof (LP: #1374554) |
4856 | + |
4857 | + -- Serge Hallyn <serge.hallyn@ubuntu.com> Fri, 07 Nov 2014 20:32:23 +0000 |
4858 | + |
4859 | +libvirt (1.2.8-0ubuntu12) vivid; urgency=medium |
4860 | + |
4861 | + * complete the 9p support: (LP: #1378434) |
4862 | + - libvirt-qemu: add fowner and fsetid |
4863 | + - virt-aa-helper: add 'l' to 9p file options |
4864 | + * dont-include-non-migrateable-features-in-host-model (LP: #1386503) |
4865 | + |
4866 | + -- Serge Hallyn <serge.hallyn@ubuntu.com> Wed, 29 Oct 2014 15:07:21 -0500 |
4867 | + |
4868 | +libvirt (1.2.8-0ubuntu11) utopic; urgency=medium |
4869 | + |
4870 | + [ Felix Geyer ] |
4871 | + * d/p/ubuntu_machine_type.patch: Fix No PCI buses available. (LP: #1379346). |
4872 | + |
4873 | + -- Chris J Arges <chris.j.arges@canonical.com> Thu, 09 Oct 2014 08:57:27 -0500 |
4874 | + |
4875 | +libvirt (1.2.8-0ubuntu10) utopic; urgency=medium |
4876 | + |
4877 | + * libvirt-bin.upstart: delay start until rc finished |
4878 | + This give hypervisors more time to finish their setup (LP: #1377900). |
4879 | + * libvirt-bin.upstart: add xen:/// uri to the list (LP: #1377960) |
4880 | + |
4881 | + -- Stefan Bader <stefan.bader@canonical.com> Mon, 06 Oct 2014 16:23:06 +0200 |
4882 | + |
4883 | +libvirt (1.2.8-0ubuntu9) utopic; urgency=medium |
4884 | + |
4885 | + * libvirt-qemu apparmor template: add /sys/firmware/devicetree/** r |
4886 | + (LP: #1374554) |
4887 | + |
4888 | + -- Serge Hallyn <serge.hallyn@ubuntu.com> Wed, 01 Oct 2014 17:09:05 -0500 |
4889 | + |
4890 | +libvirt (1.2.8-0ubuntu8) utopic; urgency=medium |
4891 | + |
4892 | + * libvirt-bin.postinst: fix syntax error (s/if/fi/) |
4893 | + |
4894 | + -- Serge Hallyn <serge.hallyn@ubuntu.com> Tue, 30 Sep 2014 13:07:19 -0500 |
4895 | + |
4896 | +libvirt (1.2.8-0ubuntu7) utopic; urgency=medium |
4897 | + |
4898 | + * libvirt-bin.postinst: check for confiles whichhave been removed rather |
4899 | + than fail package install (LP: #1375910) |
4900 | + |
4901 | + -- Serge Hallyn <serge.hallyn@ubuntu.com> Tue, 30 Sep 2014 12:37:16 -0500 |
4902 | + |
4903 | +libvirt (1.2.8-0ubuntu6) utopic; urgency=medium |
4904 | + |
4905 | + * SECURITY UPDATE: denial of service or information disclosure via |
4906 | + virDomainGetBlockIoTune |
4907 | + - debian/patches/CVE-2014-3633.patch: use correct definition when |
4908 | + looking up disk in src/qemu/qemu_driver.c. |
4909 | + - CVE-2014-3633 |
4910 | + |
4911 | + -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Mon, 29 Sep 2014 15:23:37 -0400 |
4912 | + |
4913 | +libvirt (1.2.8-0ubuntu5) utopic; urgency=medium |
4914 | + |
4915 | + * debian/apparmor/libvirt-lxc (sync with container-base with lxc): |
4916 | + - remove bare 'signal' and 'ptrace' rules (base abstraction covers most |
4917 | + of what we need) |
4918 | + - allow signal (receive) peer=/usr/sbin/libvirtd |
4919 | + - allow ptrace peer=@{profile_name} |
4920 | + - deny mount options=(ro, remount, silent) -> / |
4921 | + - allow mount fstype=hugetlbfs |
4922 | + - shuffle a couple of rules around to make it easier to diff with lxc |
4923 | + policy |
4924 | + * debian/apparmor/TEMPLATE.lxc (sync with lxc-default): |
4925 | + - use attach_disconnected and mediate_deleted |
4926 | + - deny mount fstype=devpts, |
4927 | + |
4928 | + -- Jamie Strandboge <jamie@ubuntu.com> Thu, 25 Sep 2014 16:24:21 -0500 |
4929 | + |
4930 | +libvirt (1.2.8-0ubuntu4) utopic; urgency=medium |
4931 | + |
4932 | + * debian/apparmor/usr.sbin.libvirtd: allow 'network netlink' |
4933 | + |
4934 | + -- Jamie Strandboge <jamie@ubuntu.com> Thu, 18 Sep 2014 15:15:13 -0500 |
4935 | + |
4936 | +libvirt (1.2.8-0ubuntu3) utopic; urgency=medium |
4937 | + |
4938 | + * 9033-apparmor-use-TEMPLATE.qemu-for-kvm.patch - fix failure to start |
4939 | + KVM vms. |
4940 | + |
4941 | + -- Serge Hallyn <serge.hallyn@ubuntu.com> Thu, 18 Sep 2014 14:08:04 -0500 |
4942 | + |
4943 | +libvirt (1.2.8-0ubuntu2) utopic; urgency=low |
4944 | + |
4945 | + * d/p/ubuntu-xend-probe.patch: |
4946 | + Update patch correctly and re-enable it. It seems like it only was |
4947 | + half updated and then disabled without reasons. |
4948 | + * d/p/ubuntu-libxl-Implement-basic-video-device-selection.patch: |
4949 | + Re-activate adapted patch. Some pieces made it into upstream as a |
4950 | + bug fix. The rest is still needed to allow selecing an alternate |
4951 | + graphics device for Xen HVM guests. |
4952 | + * d/p/ubuntu-libxl-Fix-up-VRAM-to-minimum-requirements.patch: |
4953 | + Re-activate unchanged patch (for some reason dropped when moving |
4954 | + to 1.2.6). |
4955 | + This one is a bit of a work-around mainly for virt-manager which sets |
4956 | + gfx memory to values below the minimum requirement for Xen. And the |
4957 | + UI does not allow to change that. This patch just goes for the minimum |
4958 | + in that case. |
4959 | + |
4960 | + -- Stefan Bader <stefan.bader@canonical.com> Thu, 18 Sep 2014 10:00:36 +0200 |
4961 | + |
4962 | +libvirt (1.2.8-0ubuntu1) utopic; urgency=medium |
4963 | + |
4964 | + [ Chuck Short ] |
4965 | + * New upstream release: (LP: #1367422) |
4966 | + + Dropped: |
4967 | + - debian/patches/ovs-delete-port-if-exists-while-adding-new-one |
4968 | + + Refreshed: |
4969 | + - debian/patches/add-cgmanager-support.patch |
4970 | + - debian/patches/storage-default-permission-mode-to-0711 |
4971 | + |
4972 | + [ Serge Hallyn ] |
4973 | + * d/apparmor |
4974 | + - install TEMPLATE.qemu and TEMPLATE.lxc |
4975 | + - add libvirt-lxc abstraction, add permissions to it needed for |
4976 | + a ubuntu container to start. |
4977 | + - libvirt-qemu - add qemu-bridge-helper policy from upstream |
4978 | + - libvirt-qemu - add qemu-microblaze allows from upstream |
4979 | + - edit lxc.conf to enable apparmor by default (LP: #914716) |
4980 | + (LP: #1008393) (LP: #1088295) |
4981 | + * d/apparmor/libvirt-qemu: add /dev/shm as path to spice.* nodes |
4982 | + for systemd case. (LP: #1365163) |
4983 | + * d/p/9030-create-socket-dir - create session socket dir if |
4984 | + needed (Should be replaced eventually by the upstream fix) |
4985 | + * d/p/9032-lxc-allow-no-security-driver: don't fail if apparmor |
4986 | + driver is not available (else the qa-regression-tests fail with |
4987 | + skip_apparmor) |
4988 | + |
4989 | + -- Serge Hallyn <serge.hallyn@ubuntu.com> Mon, 15 Sep 2014 18:30:06 -0500 |
4990 | + |
4991 | libvirt (1.2.7-11) unstable; urgency=medium |
4992 | |
4993 | * [6534478] Check status in a systemd 208 compatible way |
4994 | @@ -2548,6 +7281,119 @@ libvirt (1.2.6-1) experimental; urgency=medium |
4995 | |
4996 | -- Guido Günther <agx@sigxcpu.org> Tue, 22 Jul 2014 22:33:51 +0200 |
4997 | |
4998 | +libvirt (1.2.6-0ubuntu6) utopic; urgency=medium |
4999 | + |
5000 | + * debian/apparmor/usr.sbin.libvirtd: update for abstract socket mediation |
Results: (from http:// autopkgtest. ubuntu. com/results/ autopkgtest- noble-sergiodj- libvirt/ ?format= plain) 9.10.0- 1ubuntu1~ ppa1 9.10.0- 1ubuntu1~ ppa1 9.10.0- 1ubuntu1~ ppa1 9.10.0- 1ubuntu1~ ppa1 9.10.0- 1ubuntu1~ ppa1
libvirt @ amd64:
13.01.24 02:48:53 Log 🗒 ✅ Triggers: libvirt/
libvirt @ arm64:
13.01.24 02:36:57 Log 🗒 ✅ Triggers: libvirt/
libvirt @ armhf:
13.01.24 02:29:19 Log 🗒 ✅ Triggers: libvirt/
libvirt @ ppc64el:
13.01.24 02:32:14 Log 🗒 ✅ Triggers: libvirt/
libvirt @ s390x:
13.01.24 02:25:49 Log 🗒 ✅ Triggers: libvirt/