Ubuntu
libvirt package

debian/changelog (+8334/-40)
debian/control (+9/-7)
debian/libvirt-clients.install (+1/-0)
debian/libvirt-clients.lintian-overrides (+1/-0)
debian/libvirt-daemon-system.dirs (+2/-0)
debian/libvirt-daemon-system.install (+1/-0)
debian/libvirt-daemon-system.libvirt-guests.default (+2/-2)
debian/libvirt-daemon-system.postinst (+136/-0)
debian/libvirt-daemon-system.postrm (+24/-1)
debian/libvirt-daemon.README.Debian (+82/-22)
debian/libvirt-daemon.apport (+22/-0)
debian/libvirt-daemon.dnsmasq (+2/-0)
debian/libvirt-daemon.install (+1/-0)
debian/libvirt-uri.sh (+21/-0)
debian/patches/series (+19/-0)
debian/patches/ubuntu-aa/0020-virt-aa-helper-ubuntu-storage-paths.patch (+37/-0)
debian/patches/ubuntu-aa/0029-appmor-libvirt-qemu-Add-9p-support.patch (+34/-0)
debian/patches/ubuntu-aa/0031-virt-aa-helper-Ask-for-no-deny-rule-for-readonly-dis.patch (+43/-0)
debian/patches/ubuntu-aa/0032-apparmor-libvirt-qemu-Allow-reading-charm-specific-c.patch (+34/-0)
debian/patches/ubuntu-aa/0033-UBUNTU-only-apparmor-for-kvm.powerpc-LP-1680384.patch (+41/-0)
debian/patches/ubuntu-aa/0034-apparmor-virt-aa-helper-access-for-snapped-nova.patch (+28/-0)
debian/patches/ubuntu-aa/lp-1815910-allow-vhost-hotplug.patch (+57/-0)
debian/patches/ubuntu/Allow-libvirt-group-to-access-the-socket.patch (+50/-0)
debian/patches/ubuntu/daemon-augeas-fix-expected.patch (+21/-0)
debian/patches/ubuntu/dnsmasq-as-priv-user (+300/-0)
debian/patches/ubuntu/lp-1861125-ubuntu-models.patch (+21/-0)
debian/patches/ubuntu/ovmf_paths.patch (+54/-0)
debian/patches/ubuntu/set-default-machine-to-ubuntu.patch (+45/-0)
debian/patches/ubuntu/swtpm-by-swtpm-user.patch (+40/-0)
debian/patches/ubuntu/ubuntu_machine_type.patch (+14/-0)
debian/patches/ubuntu/wait-for-qemu-kvm.patch (+23/-0)
debian/rules (+16/-3)
debian/tests/control (+3/-2)
debian/tests/smoke-lxc (+30/-4)
debian/tests/smoke-qemu-session (+5/-0)
debian/tests/smoke-qemu-session.xml (+2/-2)

Related bugs:

Bug #2027838: /etc/profile.d/libvirt-uri.sh (LIBVIRT_DEFAULT_URI setting) overrides configured default	Wishlist	In Progress
Bug #2037606: allow /sys/devices/system/node/*/cpumap for newer libnuma	Undecided	Fix Released
Bug #2040393: Merge libvirt from Debian unstable for noble	Undecided	Fix Released

Link a bug report

Reviewer	Date Requested	Status
git-ubuntu bot	2024-01-21	Approve on 2024-01-22
Andreas Hasenack	2024-01-21	Approve on 2024-01-22
Canonical Server Reporter	2024-01-21	Pending
Review via email: mp+459098@code.launchpad.net

This proposal supersedes a proposal from 2024-01-13.

Description of the change

This is the merge of libvirt 10.0-1 from Debian unstable.

As usual with libvirt merges, this one carries a lot of delta. I wasn't able to get rid of much, unfortunately. The merge itself wasn't complex and I don't foresee problems with this new version.

PPA: https://launchpad.net/~sergiodj/+archive/ubuntu/libvirt/+packages

dep8 and migration test results will be posted soon.

Revision history for this message

Sergio Durigan Junior (sergiodj) wrote on 2024-01-13: Posted in a previous version of this proposal

Results: (from http://autopkgtest.ubuntu.com/results/autopkgtest-noble-sergiodj-libvirt/?format=plain)
  libvirt @ amd64:
    13.01.24 02:48:53 Log 🗒 ✅ Triggers: libvirt/9.10.0-1ubuntu1~ppa1
  libvirt @ arm64:
    13.01.24 02:36:57 Log 🗒 ✅ Triggers: libvirt/9.10.0-1ubuntu1~ppa1
  libvirt @ armhf:
    13.01.24 02:29:19 Log 🗒 ✅ Triggers: libvirt/9.10.0-1ubuntu1~ppa1
  libvirt @ ppc64el:
    13.01.24 02:32:14 Log 🗒 ✅ Triggers: libvirt/9.10.0-1ubuntu1~ppa1
  libvirt @ s390x:
    13.01.24 02:25:49 Log 🗒 ✅ Triggers: libvirt/9.10.0-1ubuntu1~ppa1

Revision history for this message

Andreas Hasenack (ahasenack) wrote on 2024-01-15: Posted in a previous version of this proposal

I'll look at this

Revision history for this message

Andreas Hasenack (ahasenack) wrote on 2024-01-15: Posted in a previous version of this proposal

- delta ok, added/removed changes ok
- upstream changes ok
- debian changes:

a) I noted debian disabled the ceph/rbd storage driver in 32bit platforms, and indeed, the bin:libvirt-daemon-driver-storage-rbd package is gone from the armhf builds (it's still there in noble currently in the archive). Maybe this should be noted in the libvirt release notes for noble.

b) libvirt-daemon-driver-qemu now (since 9.10.0-1) recommends passt, and that's a problem because passt is in universe:

passt | 0.0~git20231230.f091893-1 | noble/universe
libvirt-daemon-driver-qemu | 9.6.0-1ubuntu2 | noble

Maybe make that a suggests? I'm not sure how useful it is, as I have never heard of passt before.

review: Needs Fixing

Revision history for this message

Sergio Durigan Junior (sergiodj) wrote on 2024-01-15: Posted in a previous version of this proposal

On Monday, January 15 2024, Andreas Hasenack wrote:

> Review: Needs Fixing
>
> - delta ok, added/removed changes ok
> - upstream changes ok
> - debian changes:
>
> a) I noted debian disabled the ceph/rbd storage driver in 32bit
> platforms, and indeed, the bin:libvirt-daemon-driver-storage-rbd
> package is gone from the armhf builds (it's still there in noble
> currently in the archive). Maybe this should be noted in the libvirt
> release notes for noble.

That's a good idea.

> b) libvirt-daemon-driver-qemu now (since 9.10.0-1) recommends passt, and that's a problem because passt is in universe:
>
> passt | 0.0~git20231230.f091893-1 | noble/universe
> libvirt-daemon-driver-qemu | 9.6.0-1ubuntu2 | noble
>
> Maybe make that a suggests? I'm not sure how useful it is, as I have never heard of passt before.

Ah, good catch. Debian's change came from this commit:

https://salsa.debian.org/libvirt-team/libvirt/-/commit/1aa8420a0a5bbfbd8094eee1c3f712977d19e61c

It seems that the intention here is to advertise the feature to more
users, so I don't believe demoting passt to Suggests would be a problem.

Branch updated.

--
Sergio
GPG key ID: E92F D0B3 6B14 F1F4 D8E0 EB2F 106D A1C8 C3CB BF14

Revision history for this message

Andreas Hasenack (ahasenack) wrote on 2024-01-15: Posted in a previous version of this proposal

review: Approve

Revision history for this message

git-ubuntu bot (git-ubuntu-bot) wrote on 2024-01-15: Posted in a previous version of this proposal

Approvers: sergiodj, ahasenack
Uploaders: sergiodj, ahasenack
MP auto-approved

review: Approve

Revision history for this message

Sergio Durigan Junior (sergiodj) wrote on 2024-01-21: Posted in a previous version of this proposal

Hello Andreas,

I've been investigating the libvirt regression, but meanwhile libvirt 10.0 has been released and Debian picked it up. I updated the branch to reflect this new version, but it will need a new review. It shouldn't be complicated, though. The changes to the debian/ directory are minimal.

I'm building the new package in the same PPA, and will run the dep8 tests soon. Hopefully it will also address the problem I was seeing, although I find it unlikely.

Thanks.

Revision history for this message

git-ubuntu bot (git-ubuntu-bot) wrote on 2024-01-21: Posted in a previous version of this proposal

Approvers: sergiodj, ahasenack
Uploaders: sergiodj, ahasenack
MP auto-approved

review: Approve

Revision history for this message

Andreas Hasenack (ahasenack) wrote on 2024-01-22:

I'll look at this.

Revision history for this message

Andreas Hasenack (ahasenack) wrote on 2024-01-22:

Noticed this change in d/rules in 10.0.0-1 which is not mentioned in the changelog:
--- a/debian/rules
+++ b/debian/rules
@@ -135,9 +135,9 @@ else
WITH_VBOX = -Ddriver_vbox=disabled
endif
ifneq (,$(filter $(DEB_HOST_ARCH), $(ARCHES_NBDKIT)))
- WITH_NBDKIT = -Dnbdkit=enabled
+ WITH_NBDKIT = -Dnbdkit=enabled -Dnbdkit_config_default=enabled
else
- WITH_NBDKIT = -Dnbdkit=disabled
+ WITH_NBDKIT = -Dnbdkit=disabled -Dnbdkit_config_default=disabled
endif

DEB_CONFIGURE_EXTRA_ARGS := \

From the release notes:
* qemu: add runtime configuration option for nbdkit

    Since the new nbdkit support requires a recent selinux policy that is not
    widely available yet, it is now possible to build libvirt with nbdkit
    support for remote disks but disabled at runtime. This behavior is
    controlled via the storage_use_nbdkit option of the qemu driver
    configuration file. The option will default to being disabled, but this may
    change in a future release and can be customized with the
    nbdkit_config_default build option.

So it looks like it's just using a matching nbdkit_config_default value to match nbdkit being enabled or disabled. I'm not familiar with this, and just wanted to highlight this undocumented (by debian) change in d/rules.

- range-diff ok, other upstream notes ok

review: Approve

Revision history for this message

git-ubuntu bot (git-ubuntu-bot) wrote on 2024-01-22:

Approvers: sergiodj, ahasenack
Uploaders: sergiodj, ahasenack
MP auto-approved

review: Approve

Revision history for this message

Sergio Durigan Junior (sergiodj) wrote on 2024-01-31:

FWIW, I went ahead and uploaded the package to noble-proposed even with the migration. Unfortunately reverting the patch causing the problem is not an option because it's part of a large patchset and I don't feel comfortable unapplying it.

I filed bug #2051754 which will track the regression and be fixed before Noble is released. Thanks again for the review.

Revision history for this message

Sergio Durigan Junior (sergiodj) wrote on 2024-02-29:

As promised, added the note about dropping the rbd/ceph storage driver on non-64-bit arches to the release notes.

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk

The diff has been truncated for viewing.

Subscribers

People subscribed via source and target branches

to all changes:

Sergio Durigan Junior

git-ubuntu developers

 diff --git a/debian/changelog b/debian/changelog
 index 5f22b78..fe2e150 100644
 --- a/debian/changelog
 +++ b/debian/changelog
@@ -1,3 +1,97 @@
++libvirt (10.0.0-1ubuntu1) noble; urgency=medium
++
++  * Merge with Debian unstable (LP: #2040393, #2037606). Remaining changes:
++    - Disable libssh2 support (universe dependency)
++    - d/control: add libzfslinux-dev to build-deps
++    - d/control: drop libvirt-lxc, vbox and xen drivers to suggest
++    - debian/patches/ubuntu/ovmf_paths.patch: adjust paths to secboot.fd UEFI
++      Secure Boot enabled variants of the OVMF firmware and variable store for
++      the paths where we ship these files in Ubuntu.
++    - Set qemu-group to kvm (for compat with older ubuntu)
++    - Additional apport package-hook
++    - Autostart default bridged network (As upstream does, but not Debian).
++      In addition to just enabling it our solution provides:
++      + do not autostart if subnet is already taken (e.g. in guests).
++      + iterate some alternative subnets before giving up
++    - d/p/ubuntu/Allow-libvirt-group-to-access-the-socket.patch: This is
++      the group based access to libvirt functions as it was used in Ubuntu
++      for quite a long time.
++      + d/p/ubuntu/daemon-augeas-fix-expected.patch fix some related tests
++        due to the group access change.
++      + d/libvirt-daemon-system.postinst: add users in sudo to the libvirt
++        group.
++    - Update README.Debian with Ubuntu changes
++    - d/p/ubuntu/ubuntu_machine_type.patch: accept ubuntu types as pci440fx
++    - fix autopkgtests (LP 1899180)
++      + d/t/control, d/t/smoke-qemu-session: fixup smoke-qemu-session by making
++        vmlinuz available and accessible (Debian bug 848314)
++      + d/t/control: fix smoke-qemu-session by ensuring the service will run
++        installing libvirt-daemon-system
++      + d/t/smoke-lxc: fix smoke-lxc by ignoring potential issues on destroy as
++        long as the following undefine succeeds
++      + d/t/smoke-lxc: use systemd instead of sysV to restart the service
++      + d/t/control, d/t/smoke-lxc: retry service restart and skip test if
++        failing; This was flaky on some release/architectures
++      + d/t/smoke-lxc: retry check_domain being flaky on arm64
++    - dnsmasq related enhancements
++      + run dnsmasq as libvirt-dnsmasq (LP 1743718)
++      + d/libvirt-daemon-system.postinst: add libvirt-dnsmasq user and group
++      + d/libvirt-daemon-system.postrm: remove libvirt-dnsmasq user and group
++        on purge
++      + d/p/ubuntu/dnsmasq-as-priv-user: write dnsmasq config with user
++        libvirt-dnsmasq and adapt the self tests to expect that config
++      + d/libvirt-daemon-system.postinst: fix old libvirt-dnsmasq users group
++      + Add dnsmasq configuration to work with system wide dnsmasq-base
++    - d/p/ubuntu/set-default-machine-to-ubuntu.patch: to select default
++      machine type correctly with newer qemu/libvirt
++    - d/p/ubuntu/lp-1861125-ubuntu-models: recognize Ubuntu models for
++      (LP 1861125) fixups
++    - d/p/ubuntu/wait-for-qemu-kvm.patch - avoid hangs on startup (LP 1887592)
++    - d/libvirt-daemon-system.libvirt-guests.default: shut guests down
++      in parallel
++    - Apparmor Delta that is Ubuntu specific or yet to be upstreamed
++      split into logical pieces. File names in debian/patches/ubuntu-aa/:
++      + 0020-virt-aa-helper-ubuntu-storage-paths.patch:
++        apparmor, virt-aa-helper: Allow various storage pools and image
++        locations
++      + 0029-appmor-libvirt-qemu-Add-9p-support.patch: appmor,
++        libvirt-qemu: Add 9p support
++      + 0031-virt-aa-helper-Ask-for-no-deny-rule-for-readonly-dis.patch:
++        virt-aa-helper: Ask for no deny rule for readonly disk
++      + 0032-apparmor-libvirt-qemu-Allow-reading-charm-specific-c.patch:
++        apparmor, libvirt-qemu: Allow reading charm-specific ceph config
++      + 0033-UBUNTU-only-apparmor-for-kvm.powerpc-LP-1680384.patch: allow
++        commands executed by ubuntu only kvm wrapper on ppc64el
++        (LP 1686621 LP 1680384 LP 1784023)
++      + 0034-apparmor-virt-aa-helper-access-for-snapped-nova.patch:
++        apparmor, virt-aa-helper: access for snapped nova
++      + lp-1815910-allow-vhost-hotplug.patch: avoid apparmor issues
++        with vhost-net/vhost-vsock/vhost-scsi hotplug (LP 1815910)
++    - libvirt should not use user/group tss for swtpm (LP 1948880)
++      + d/libvirt-daemon-system.postinst: own swtpm logdir by user swtpm
++      + d/p/u/swtpm-by-swtpm-user.patch: change default spawned swtpm processes
++        to user swtpm and adapt expected self test result changes triggered by
++        this
++      + d/libvirt-daemon-system.postinst: create user/group swtpm if not present
++        due to swtpm-tools (LP 1951975)
++    - d/control: Use libc6-dev instead of libc-dev as a build dependency
++    - d/libvirt-clients.lintian-overrides: Add script-not-executable lintian
++      override
++    - libvirt-uri.sh, d/rules: Automatically switch default libvirt URI
++      for users via user profile (xen URI on dom0, qemu:///system otherwise)
++      + Update: Set LIBVIRT_DEFAULT_URI to "qemu:///system" in all
++        cases, do not set to "xen:///" (LP #2027838)
++  * Drop changes:
++    - revert "libvirt-daemon-system: Drop polkit rules in legacy pkla format"
++      because policykit-1 > 121 isn't yet ready to go to main in lunar.
++      (LP #2008830)
++      [ policykit-1 > 121 is in noble-main ]
++  * Add changes:
++    - d/control: Demote passt to Suggests (from Recommends) for
++      libvirt-daemon-driver-qemu, because passt is in universe.
++
++ -- Sergio Durigan Junior <sergio.durigan@canonical.com>  Sun, 21 Jan 2024 00:19:08 -0500
++
  libvirt (10.0.0-1) unstable; urgency=medium
    * [c80339d] New upstream version 10.0.0
@@ -82,6 +176,107 @@ libvirt (9.6.0-2) experimental; urgency=medium
   -- Andrea Bolognani <eof@kiyuko.org>  Sun, 20 Aug 2023 21:00:40 +0200
++libvirt (9.6.0-1ubuntu2) noble; urgency=medium
++
++  * Rebuild against 'new libwireshark17'.
++
++ -- Gianfranco Costamagna <locutusofborg@debian.org>  Fri, 24 Nov 2023 15:27:16 +0100
++
++libvirt (9.6.0-1ubuntu1) mantic; urgency=medium
++
++  * Merge with Debian unstable (LP: #2018082). Remaining changes:
++    - Disable libssh2 support (universe dependency)
++    - d/control: add libzfslinux-dev to build-deps
++    - d/control: drop libvirt-lxc, vbox and xen drivers to suggest
++    - debian/patches/ubuntu/ovmf_paths.patch: adjust paths to secboot.fd UEFI
++      Secure Boot enabled variants of the OVMF firmware and variable store for
++      the paths where we ship these files in Ubuntu.
++    - Set qemu-group to kvm (for compat with older ubuntu)
++    - Additional apport package-hook
++    - Autostart default bridged network (As upstream does, but not Debian).
++      In addition to just enabling it our solution provides:
++      + do not autostart if subnet is already taken (e.g. in guests).
++      + iterate some alternative subnets before giving up
++    - d/p/ubuntu/Allow-libvirt-group-to-access-the-socket.patch: This is
++      the group based access to libvirt functions as it was used in Ubuntu
++      for quite a long time.
++      + d/p/ubuntu/daemon-augeas-fix-expected.patch fix some related tests
++        due to the group access change.
++      + d/libvirt-daemon-system.postinst: add users in sudo to the libvirt
++        group.
++    - Update README.Debian with Ubuntu changes
++    - d/p/ubuntu/ubuntu_machine_type.patch: accept ubuntu types as pci440fx
++    - fix autopkgtests (LP 1899180)
++      + d/t/control, d/t/smoke-qemu-session: fixup smoke-qemu-session by making
++        vmlinuz available and accessible (Debian bug 848314)
++      + d/t/control: fix smoke-qemu-session by ensuring the service will run
++        installing libvirt-daemon-system
++      + d/t/smoke-lxc: fix smoke-lxc by ignoring potential issues on destroy as
++        long as the following undefine succeeds
++      + d/t/smoke-lxc: use systemd instead of sysV to restart the service
++      + d/t/control, d/t/smoke-lxc: retry service restart and skip test if
++        failing; This was flaky on some release/architectures
++      + d/t/smoke-lxc: retry check_domain being flaky on arm64
++    - dnsmasq related enhancements
++      + run dnsmasq as libvirt-dnsmasq (LP 1743718)
++      + d/libvirt-daemon-system.postinst: add libvirt-dnsmasq user and group
++      + d/libvirt-daemon-system.postrm: remove libvirt-dnsmasq user and group
++        on purge
++      + d/p/ubuntu/dnsmasq-as-priv-user: write dnsmasq config with user
++        libvirt-dnsmasq and adapt the self tests to expect that config
++      + d/libvirt-daemon-system.postinst: fix old libvirt-dnsmasq users group
++      + Add dnsmasq configuration to work with system wide dnsmasq-base
++    - d/p/ubuntu/set-default-machine-to-ubuntu.patch: to select default
++      machine type correctly with newer qemu/libvirt
++    - d/p/ubuntu/lp-1861125-ubuntu-models: recognize Ubuntu models for
++      (LP 1861125) fixups
++    - d/p/ubuntu/wait-for-qemu-kvm.patch - avoid hangs on startup (LP 1887592)
++    - d/libvirt-daemon-system.libvirt-guests.default: shut guests down
++      in parallel
++    - Apparmor Delta that is Ubuntu specific or yet to be upstreamed
++      split into logical pieces. File names in debian/patches/ubuntu-aa/:
++      + 0020-virt-aa-helper-ubuntu-storage-paths.patch:
++        apparmor, virt-aa-helper: Allow various storage pools and image
++        locations
++      + 0029-appmor-libvirt-qemu-Add-9p-support.patch: appmor,
++        libvirt-qemu: Add 9p support
++      + 0031-virt-aa-helper-Ask-for-no-deny-rule-for-readonly-dis.patch:
++        virt-aa-helper: Ask for no deny rule for readonly disk
++      + 0032-apparmor-libvirt-qemu-Allow-reading-charm-specific-c.patch:
++        apparmor, libvirt-qemu: Allow reading charm-specific ceph config
++      + 0033-UBUNTU-only-apparmor-for-kvm.powerpc-LP-1680384.patch: allow
++        commands executed by ubuntu only kvm wrapper on ppc64el
++        (LP 1686621 LP 1680384 LP 1784023)
++      + 0034-apparmor-virt-aa-helper-access-for-snapped-nova.patch:
++        apparmor, virt-aa-helper: access for snapped nova
++      + lp-1815910-allow-vhost-hotplug.patch: avoid apparmor issues
++        with vhost-net/vhost-vsock/vhost-scsi hotplug (LP 1815910)
++    - libvirt should not use user/group tss for swtpm (LP 1948880)
++      + d/libvirt-daemon-system.postinst: own swtpm logdir by user swtpm
++      + d/p/u/swtpm-by-swtpm-user.patch: change default spawned swtpm processes
++        to user swtpm and adapt expected self test result changes triggered by
++        this
++      + d/libvirt-daemon-system.postinst: create user/group swtpm if not present
++        due to swtpm-tools (LP 1951975)
++    - revert "libvirt-daemon-system: Drop polkit rules in legacy pkla format"
++      because policykit-1 > 121 isn't yet ready to go to main in lunar.
++      (LP #2008830)
++    - d/control: Use libc6-dev instead of libc-dev as a build dependency
++    - d/libvirt-clients.lintian-overrides: Add script-not-executable lintian
++      override
++  * Dropped changes:
++    - d/p/CVE-2023-3750.patch: Remove - fixed upstream
++    - revert "libvirt-daemon-system: Drop polkit rules in legacy pkla format"
++      This has been restored to match Debian because policykit-1 is now at
++      a version greater than 121 in mantic
++  * Modified changes:
++    - libvirt-uri.sh, d/rules: Automatically switch default libvirt URI
++      for users via user profile (xen URI on dom0, qemu:///system otherwise)
++      + Update: Set LIBVIRT_DEFAULT_URI to "qemu:///system" in all
++        cases, do not set to "xen:///" (LP #2027838)
++
++ -- Lena Voytek <lena.voytek@canonical.com>  Mon, 14 Aug 2023 14:16:30 -0700
++
  libvirt (9.6.0-1) unstable; urgency=medium
    * [74213a2] New upstream version 9.6.0
@@ -92,6 +287,99 @@ libvirt (9.6.0-1) unstable; urgency=medium
   -- Andrea Bolognani <eof@kiyuko.org>  Sat, 05 Aug 2023 19:01:56 +0200
++libvirt (9.5.0-2ubuntu2) mantic; urgency=medium
++
++  * Merge from Debian Unstable. Remaining changes:
++    - libvirt-uri.sh, d/rules: Automatically switch default libvirt URI
++      for users via user profile (xen URI on dom0, qemu:///system otherwise)
++    - Disable libssh2 support (universe dependency)
++    - d/control: add libzfslinux-dev to build-deps
++    - d/control: drop libvirt-lxc, vbox and xen drivers to suggest
++    - debian/patches/ubuntu/ovmf_paths.patch: adjust paths to secboot.fd UEFI
++      Secure Boot enabled variants of the OVMF firmware and variable store for
++      the paths where we ship these files in Ubuntu.
++    - Set qemu-group to kvm (for compat with older ubuntu)
++    - Additional apport package-hook
++    - Autostart default bridged network (As upstream does, but not Debian).
++      In addition to just enabling it our solution provides:
++      + do not autostart if subnet is already taken (e.g. in guests).
++      + iterate some alternative subnets before giving up
++    - d/p/ubuntu/Allow-libvirt-group-to-access-the-socket.patch: This is
++      the group based access to libvirt functions as it was used in Ubuntu
++      for quite a long time.
++      + d/p/ubuntu/daemon-augeas-fix-expected.patch fix some related tests
++        due to the group access change.
++      + d/libvirt-daemon-system.postinst: add users in sudo to the libvirt
++        group.
++    - Update README.Debian with Ubuntu changes
++    - d/p/ubuntu/ubuntu_machine_type.patch: accept ubuntu types as pci440fx
++    - fix autopkgtests (LP 1899180)
++      + d/t/control, d/t/smoke-qemu-session: fixup smoke-qemu-session by making
++        vmlinuz available and accessible (Debian bug 848314)
++      + d/t/control: fix smoke-qemu-session by ensuring the service will run
++        installing libvirt-daemon-system
++      + d/t/smoke-lxc: fix smoke-lxc by ignoring potential issues on destroy as
++        long as the following undefine succeeds
++      + d/t/smoke-lxc: use systemd instead of sysV to restart the service
++      + d/t/control, d/t/smoke-lxc: retry service restart and skip test if
++        failing; This was flaky on some release/architectures
++      + d/t/smoke-lxc: retry check_domain being flaky on arm64
++    - dnsmasq related enhancements
++      + run dnsmasq as libvirt-dnsmasq (LP: 1743718)
++      + d/libvirt-daemon-system.postinst: add libvirt-dnsmasq user and group
++      + d/libvirt-daemon-system.postrm: remove libvirt-dnsmasq user and group
++        on purge
++      + d/p/ubuntu/dnsmasq-as-priv-user: write dnsmasq config with user
++        libvirt-dnsmasq and adapt the self tests to expect that config
++      + d/libvirt-daemon-system.postinst: fix old libvirt-dnsmasq users group
++      + Add dnsmasq configuration to work with system wide dnsmasq-base
++    - d/p/ubuntu/set-default-machine-to-ubuntu.patch: to select default
++      machine type correctly with newer qemu/libvirt
++    - d/p/ubuntu/lp-1861125-ubuntu-models: recognize Ubuntu models for
++      (LP 1861125) fixups
++    - d/p/ubuntu/wait-for-qemu-kvm.patch - avoid hangs on startup (LP 1887592)
++    - d/libvirt-daemon-system.libvirt-guests.default: shut guests down
++      in parallel
++    - Apparmor Delta that is Ubuntu specific or yet to be upstreamed
++      split into logical pieces. File names in debian/patches/ubuntu-aa/:
++      + 0020-virt-aa-helper-ubuntu-storage-paths.patch:
++        apparmor, virt-aa-helper: Allow various storage pools and image
++        locations
++      + 0029-appmor-libvirt-qemu-Add-9p-support.patch: appmor,
++        libvirt-qemu: Add 9p support
++      + 0031-virt-aa-helper-Ask-for-no-deny-rule-for-readonly-dis.patch:
++        virt-aa-helper: Ask for no deny rule for readonly disk
++      + 0032-apparmor-libvirt-qemu-Allow-reading-charm-specific-c.patch:
++        apparmor, libvirt-qemu: Allow reading charm-specific ceph config
++      + 0033-UBUNTU-only-apparmor-for-kvm.powerpc-LP-1680384.patch: allow
++        commands executed by ubuntu only kvm wrapper on ppc64el
++        (LP 1686621 LP 1680384 LP 1784023)
++      + 0034-apparmor-virt-aa-helper-access-for-snapped-nova.patch:
++        apparmor, virt-aa-helper: access for snapped nova
++      + lp-1815910-allow-vhost-net.patch: avoid apparmor issues
++        with vhost-net/vhost-vsock/vhost-scsi hotplug (LP: 1815910)
++    - libvirt should not use user/group tss for swtpm (LP 1948880)
++      + d/libvirt-daemon-system.postinst: own swtpm logdir by user swtpm
++      + d/p/u/swtpm-by-swtpm-user.patch: change default spawned swtpm processes
++        to user swtpm and adapt expected self test result changes triggered by
++        this
++      + d/libvirt-daemon-system.postinst: create user/group swtpm if not present
++        due to swtpm-tools (LP 1951975)
++    - revert "libvirt-daemon-system: Drop polkit rules in legacy pkla format"
++      because policykit-1 > 121 isn't yet ready to go to main in lunar.
++      (LP: #2008830)
++    - SECURITY UPDATE: denial of service via improper locking
++      + debian/patches/CVE-2023-3750.patch: fix returning of locked objects
++        from virStoragePoolObjListSearch in src/conf/virstorageobj.c.
++      + CVE-2023-3750
++  * Dropped changes [upstream now]:
++    - SECURITY UPDATE: DoS via memleak in SR-IOV PCI device capabilities
++      + debian/patches/CVE-2023-2700.patch: resolve leak in
++        virPCIVirtualFunctionList cleanup in src/util/virpci.c.
++      + CVE-2023-2700
++
++ -- Simon Quigley <tsimonq2@ubuntu.com>  Wed, 26 Jul 2023 12:52:15 -0500
++
  libvirt (9.5.0-2) unstable; urgency=medium
    [ Pino Toscano ]
@@ -167,6 +455,130 @@ libvirt (9.1.0-1) experimental; urgency=medium
   -- Andrea Bolognani <eof@kiyuko.org>  Sat, 04 Mar 2023 11:10:04 +0100
++libvirt (9.0.0-2ubuntu3) mantic; urgency=medium
++
++  * SECURITY UPDATE: denial of service via improper locking
++    - debian/patches/CVE-2023-3750.patch: fix returning of locked objects
++      from virStoragePoolObjListSearch in src/conf/virstorageobj.c.
++    - CVE-2023-3750
++
++ -- Marc Deslauriers <marc.deslauriers@ubuntu.com>  Tue, 25 Jul 2023 09:09:55 -0400
++
++libvirt (9.0.0-2ubuntu2) mantic; urgency=medium
++
++  * SECURITY UPDATE: DoS via memleak in SR-IOV PCI device capabilities
++    - debian/patches/CVE-2023-2700.patch: resolve leak in
++      virPCIVirtualFunctionList cleanup in src/util/virpci.c.
++    - CVE-2023-2700
++
++ -- Marc Deslauriers <marc.deslauriers@ubuntu.com>  Fri, 26 May 2023 10:05:18 -0400
++
++libvirt (9.0.0-2ubuntu1) lunar; urgency=medium
++
++  * Merge 9.0.0-2 from Debian unstable (LP: #1993412)
++    Also resolved the ask for a rebuild against recent libxen (LP: #2004163)
++    Remaining changes:
++    - libvirt-uri.sh, d/rules: Automatically switch default libvirt URI
++      for users via user profile (xen URI on dom0, qemu:///system otherwise)
++    - Disable libssh2 support (universe dependency)
++    - d/control: add libzfslinux-dev to build-deps
++    - d/control: drop libvirt-lxc, vbox and xen drivers to suggest
++    - debian/patches/ubuntu/ovmf_paths.patch: adjust paths to secboot.fd UEFI
++      Secure Boot enabled variants of the OVMF firmware and variable store for
++      the paths where we ship these files in Ubuntu.
++    - Set qemu-group to kvm (for compat with older ubuntu)
++    - Additional apport package-hook
++    - Autostart default bridged network (As upstream does, but not Debian).
++      In addition to just enabling it our solution provides:
++      + do not autostart if subnet is already taken (e.g. in guests).
++      + iterate some alternative subnets before giving up
++    - d/p/ubuntu/Allow-libvirt-group-to-access-the-socket.patch: This is
++      the group based access to libvirt functions as it was used in Ubuntu
++      for quite a long time.
++      + d/p/ubuntu/daemon-augeas-fix-expected.patch fix some related tests
++        due to the group access change.
++      + d/libvirt-daemon-system.postinst: add users in sudo to the libvirt
++        group.
++    - Update README.Debian with Ubuntu changes
++    - d/p/ubuntu/ubuntu_machine_type.patch: accept ubuntu types as pci440fx
++    - fix autopkgtests (LP 1899180)
++      + d/t/control, d/t/smoke-qemu-session: fixup smoke-qemu-session by making
++        vmlinuz available and accessible (Debian bug 848314)
++      + d/t/control: fix smoke-qemu-session by ensuring the service will run
++        installing libvirt-daemon-system
++      + d/t/smoke-lxc: fix smoke-lxc by ignoring potential issues on destroy as
++        long as the following undefine succeeds
++      + d/t/smoke-lxc: use systemd instead of sysV to restart the service
++      + d/t/control, d/t/smoke-lxc: retry service restart and skip test if
++        failing; This was flaky on some release/architectures
++      + d/t/smoke-lxc: retry check_domain being flaky on arm64
++    - dnsmasq related enhancements
++      + run dnsmasq as libvirt-dnsmasq (LP: 1743718)
++      + d/libvirt-daemon-system.postinst: add libvirt-dnsmasq user and group
++      + d/libvirt-daemon-system.postrm: remove libvirt-dnsmasq user and group
++        on purge
++      + d/p/ubuntu/dnsmasq-as-priv-user: write dnsmasq config with user
++        libvirt-dnsmasq and adapt the self tests to expect that config
++      + d/libvirt-daemon-system.postinst: fix old libvirt-dnsmasq users group
++      + Add dnsmasq configuration to work with system wide dnsmasq-base
++    - d/p/ubuntu/set-default-machine-to-ubuntu.patch: to select default
++      machine type correctly with newer qemu/libvirt
++    - d/p/ubuntu/lp-1861125-ubuntu-models: recognize Ubuntu models for
++      (LP 1861125) fixups
++    - d/p/ubuntu/wait-for-qemu-kvm.patch - avoid hangs on startup (LP 1887592)
++    - d/libvirt-daemon-system.libvirt-guests.default: shut guests down
++      in parallel
++    - Apparmor Delta that is Ubuntu specific or yet to be upstreamed
++      split into logical pieces. File names in debian/patches/ubuntu-aa/:
++      + 0020-virt-aa-helper-ubuntu-storage-paths.patch:
++        apparmor, virt-aa-helper: Allow various storage pools and image
++        locations
++      + 0029-appmor-libvirt-qemu-Add-9p-support.patch: appmor,
++        libvirt-qemu: Add 9p support
++      + 0031-virt-aa-helper-Ask-for-no-deny-rule-for-readonly-dis.patch:
++        virt-aa-helper: Ask for no deny rule for readonly disk
++      + 0032-apparmor-libvirt-qemu-Allow-reading-charm-specific-c.patch:
++        apparmor, libvirt-qemu: Allow reading charm-specific ceph config
++      + 0033-UBUNTU-only-apparmor-for-kvm.powerpc-LP-1680384.patch: allow
++        commands executed by ubuntu only kvm wrapper on ppc64el
++        (LP 1686621 LP 1680384 LP 1784023)
++      + 0034-apparmor-virt-aa-helper-access-for-snapped-nova.patch:
++        apparmor, virt-aa-helper: access for snapped nova
++      + lp-1815910-allow-vhost-net.patch: avoid apparmor issues
++        with vhost-net/vhost-vsock/vhost-scsi hotplug (LP: 1815910)
++    - libvirt should not use user/group tss for swtpm (LP 1948880)
++      + d/libvirt-daemon-system.postinst: own swtpm logdir by user swtpm
++      + d/p/u/swtpm-by-swtpm-user.patch: change default spawned swtpm processes
++        to user swtpm and adapt expected self test result changes triggered by
++        this
++      + d/libvirt-daemon-system.postinst: create user/group swtpm if not present
++        due to swtpm-tools (LP 1951975)
++  * Dropped changes [upstream now]:
++    - d/p/u/tests-Fix-libxlxml2domconfigtest-with-latest-xen.patch: fix FTBFS
++      with latest libxl [v8.10.0]
++    - d/p/u/fix-swtpm-pid-duplication.patch: Clean up swtpm pids after a vm
++      shuts down (LP 1997269) [v8.7.0]
++    - d/p/u/lp-1993304-apparmor-allow-getattr-on-usb-devices.patch: prevent
++      apparmor denials on USB forwarding (LP 1993304) [v8.10.0]
++    - d/p/u/lp-1996176-nodedev-ignore-EINVAL-from-libudev-in-udevEventHandl:
++      tolerate the impact of too large udev data avoiding a busy loop
++      (LP 1996176) [v8.10.0]
++    - d/p/u/lp-1990499-virt-aa-helper-allow-common-riscv64-loader-paths.patch:
++      easen the use of riscv64 through libvirt (LP 1990499) [v8.9.0]
++    - d/p/u/lp-1990949-virpcivpd-reduce-errors-in-log-due-to-invalid-VPD.patch:
++      reduce log noise by invalid VPD data (LP 1990949) [v8.7.0]
++  * Dropped changes [in Debian now]:
++    - [f35cf09] d/rules: update path of ci-dashboard removal [8.9.0-1]
++    - [a54d904] New upstream version 8.6.0 [8.9.0-1]
++    - patch refreshes and .symbols updated from 8.5.0 -> 8.6.0 [8.9.0-1]
++    - d/control: suggest swtpm-tools [8.10.0-1]
++  * Added changes:
++    - revert "libvirt-daemon-system: Drop polkit rules in legacy pkla format"
++      because policykit-1 > 121 isn't yet ready to go to main in lunar.
++      (LP: #2008830)
++
++ -- Christian Ehrhardt <christian.ehrhardt@canonical.com>  Wed, 01 Mar 2023 07:56:39 +0100
++
  libvirt (9.0.0-2) unstable; urgency=medium
    * [de81410] patches: Add backports
@@ -264,6 +676,171 @@ libvirt (8.9.0-1) unstable; urgency=medium
   -- Andrea Bolognani <eof@kiyuko.org>  Sat, 19 Nov 2022 23:00:34 +0100
++libvirt (8.6.0-0ubuntu5) lunar; urgency=medium
++
++  * d/p/u/tests-Fix-libxlxml2domconfigtest-with-latest-xen.patch: fix FTBFS
++    with latest libxl
++
++ -- Christian Ehrhardt <christian.ehrhardt@canonical.com>  Tue, 22 Nov 2022 16:13:36 +0100
++
++libvirt (8.6.0-0ubuntu4) lunar; urgency=medium
++
++  [ Lena Voytek ]
++  * d/p/u/fix-swtpm-pid-duplication.patch: Clean up swtpm pids after a vm
++    shuts down (LP: #1997269)
++
++  [Christian Ehrhardt ]
++  * d/p/u/lp-1993304-apparmor-allow-getattr-on-usb-devices.patch: prevent
++    apparmor denials on USB forwarding (LP: #1993304)
++  * d/p/u/lp-1996176-nodedev-ignore-EINVAL-from-libudev-in-udevEventHandl.patch:
++    tolerate the impact of too large udev data avoiding a busy loop
++    (LP: #1996176)
++
++ -- Christian Ehrhardt <christian.ehrhardt@canonical.com>  Tue, 22 Nov 2022 11:21:30 +0100
++
++libvirt (8.6.0-0ubuntu3) kinetic; urgency=medium
++
++  * d/p/u/lp-1990499-virt-aa-helper-allow-common-riscv64-loader-paths.patch:
++    easen the use of riscv64 through libvirt (LP: #1990499)
++  * d/p/u/lp-1990949-virpcivpd-reduce-errors-in-log-due-to-invalid-VPD.patch:
++    reduce log noise by invalid VPD data (LP: #1990949)
++
++ -- Christian Ehrhardt <christian.ehrhardt@canonical.com>  Tue, 04 Oct 2022 08:29:46 +0200
++
++libvirt (8.6.0-0ubuntu2) kinetic; urgency=medium
++
++  * d/p/libvirt-daemon-system.postinst: default network autostart
++    handling needs to happen before services start (LP: #1990853)
++
++ -- Christian Ehrhardt <christian.ehrhardt@canonical.com>  Wed, 28 Sep 2022 08:36:15 +0200
++
++libvirt (8.6.0-0ubuntu1) kinetic; urgency=medium
++
++  * Merge 8.0.0 from Debian unstable (LP: #1971289)
++    Among many other fixes and improvements this fixes:
++    - support for minor NFS versions (LP: #1980134)
++    - launching VMs with SGX enabled (LP: #1982896)
++    Remaining changes:
++    - libvirt-uri.sh, d/rules: Automatically switch default libvirt URI
++      for users via user profile (xen URI on dom0, qemu:///system otherwise)
++    - Disable libssh2 support (universe dependency)
++    - d/control: add libzfslinux-dev to build-deps
++    - d/control: drop libvirt-lxc, vbox and xen drivers to suggest
++    - debian/patches/ubuntu/ovmf_paths.patch: adjust paths to secboot.fd UEFI
++      Secure Boot enabled variants of the OVMF firmware and variable store for
++      the paths where we ship these files in Ubuntu.
++    - Set qemu-group to kvm (for compat with older ubuntu)
++    - Additional apport package-hook
++    - Autostart default bridged network (As upstream does, but not Debian).
++      In addition to just enabling it our solution provides:
++      + do not autostart if subnet is already taken (e.g. in guests).
++      + iterate some alternative subnets before giving up
++    - d/p/ubuntu/Allow-libvirt-group-to-access-the-socket.patch: This is
++      the group based access to libvirt functions as it was used in Ubuntu
++      for quite a long time.
++      + d/p/ubuntu/daemon-augeas-fix-expected.patch fix some related tests
++        due to the group access change.
++      + d/libvirt-daemon-system.postinst: add users in sudo to the libvirt
++        group.
++    - Update README.Debian with Ubuntu changes
++    - d/p/ubuntu/ubuntu_machine_type.patch: accept ubuntu types as pci440fx
++    - fix autopkgtests (LP 1899180)
++      + d/t/control, d/t/smoke-qemu-session: fixup smoke-qemu-session by making
++        vmlinuz available and accessible (Debian bug 848314)
++      + d/t/control: fix smoke-qemu-session by ensuring the service will run
++        installing libvirt-daemon-system
++      + d/t/smoke-lxc: fix smoke-lxc by ignoring potential issues on destroy as
++        long as the following undefine succeeds
++      + d/t/smoke-lxc: use systemd instead of sysV to restart the service
++      + d/t/control, d/t/smoke-lxc: retry service restart and skip test if
++        failing; This was flaky on some release/architectures
++      + d/t/smoke-lxc: retry check_domain being flaky on arm64
++    - dnsmasq related enhancements
++      + run dnsmasq as libvirt-dnsmasq (LP: 1743718)
++      + d/libvirt-daemon-system.postinst: add libvirt-dnsmasq user and group
++      + d/libvirt-daemon-system.postrm: remove libvirt-dnsmasq user and group
++        on purge
++      + d/p/ubuntu/dnsmasq-as-priv-user: write dnsmasq config with user
++        libvirt-dnsmasq and adapt the self tests to expect that config
++      + d/libvirt-daemon-system.postinst: fix old libvirt-dnsmasq users group
++      + Add dnsmasq configuration to work with system wide dnsmasq-base
++    - d/p/ubuntu/set-default-machine-to-ubuntu.patch: to select default
++      machine type correctly with newer qemu/libvirt
++    - d/p/ubuntu/lp-1861125-ubuntu-models: recognize Ubuntu models for
++      (LP 1861125) fixups
++    - d/p/ubuntu/wait-for-qemu-kvm.patch - avoid hangs on startup (LP 1887592)
++    - Apparmor Delta that is Ubuntu specific or yet to be upstreamed
++      split into logical pieces. File names in debian/patches/ubuntu-aa/:
++      + 0020-virt-aa-helper-ubuntu-storage-paths.patch:
++        apparmor, virt-aa-helper: Allow various storage pools and image
++        locations
++      + 0029-appmor-libvirt-qemu-Add-9p-support.patch: appmor,
++        libvirt-qemu: Add 9p support
++      + 0031-virt-aa-helper-Ask-for-no-deny-rule-for-readonly-dis.patch:
++        virt-aa-helper: Ask for no deny rule for readonly disk
++      + 0032-apparmor-libvirt-qemu-Allow-reading-charm-specific-c.patch:
++        apparmor, libvirt-qemu: Allow reading charm-specific ceph config
++      + 0033-UBUNTU-only-apparmor-for-kvm.powerpc-LP-1680384.patch: allow
++        commands executed by ubuntu only kvm wrapper on ppc64el
++        (LP 1686621 LP 1680384 LP 1784023)
++      + 0034-apparmor-virt-aa-helper-access-for-snapped-nova.patch:
++        apparmor, virt-aa-helper: access for snapped nova
++      + lp-1815910-allow-vhost-net.patch: avoid apparmor issues
++        with vhost-net/vhost-vsock/vhost-scsi hotplug (LP: 1815910)
++    - libvirt should not use user/group tss for swtpm (LP 1948880)
++      + d/libvirt-daemon-system.postinst: own swtpm logdir by user swtpm
++      + d/p/u/swtpm-by-swtpm-user.patch: change default spawned swtpm processes
++        to user swtpm and adapt expected self test result changes triggered by
++        this
++      + d/control: suggest swtpm-tools
++      + d/libvirt-daemon-system.postinst: create user/group swtpm if not present
++        due to swtpm-tools (LP 1951975)
++  * Dropped changes [upstream now]:
++    - d/p/backport/qemuDomainSetupDisk-Initialize-targetPaths.patch to work
++      in containers like LXD (without guest start would hang).
++      [8.1.0]
++    - d/p/backport/util-fix-syslog-facility-value.patch to ensure logs
++      get passed to syslog/journal correctly.
++      [8.1.0]
++    - apparmor: Fix QEMU access for UEFI variable files. Backported from
++      upstream master commit 7aec69b7fb9d0c. (Closes 1006324, LP 1962035)
++      Refresh apparmor_profiles_local_include.patch to resolve the conflict.
++      [8.2.0]
++    - d/p/ubuntu-aa/0035-apparmor-separate-swtpm-rules.patch: Patch the libvirtd
++      and libvirt-qemu apparmor profiles to allow swtpm to use its own profile
++      (LP 1968187)
++      [8.3.0]
++    - d/p/u/lp-1972075-Allow-VM-to-read-sysfs-PCI-config-revision-files.patch:
++      apparmor allow new paths used for GL accelerated video (LP 1972075)
++      [8.4.0]
++  * Dropped changes [no more needed]:
++    - d/control: breaks replaces for augeas lenses move in 6.0.0-1
++  * Added changes:
++    - parallel-shutdown: upstream no more ships libvirt-guests defaults, so
++      the Ubuntu customization of it  moved to the file replacing it added
++      in 8.1.0-1 now in d/libvirt-daemon-system.libvirt-guests.default
++      replacing the former "d/p/u/parallel-shutdown.patch: set parallel
++      shutdown by default."
++    - update patches to match 8.6.0
++      + d/p/u-aa/0032-apparmor-libvirt-qemu-Allow-reading-charm-specific-c.patch
++      + d/p/u/Allow-libvirt-group-to-access-the-socket.patch
++      + d/p/u-aa/lp-1815910-allow-vhost-hotplug.patch
++      + d/p/u/ovmf_paths.patch
++      + d/p/u/swtpm-by-swtpm-user.patch
++      + d/p/u/dnsmasq-as-priv-user
++
++ -- Christian Ehrhardt <christian.ehrhardt@canonical.com>  Fri, 12 Aug 2022 10:34:29 +0200
++
++libvirt (8.6.0-0) UNRELEASED; urgency=medium
++
++  [ Christian Ehrhardt ]
++  * [f35cf09] d/rules: update path of ci-dashboard removal
++
++  [ Andrea Bolognani ]
++  * [a54d904] New upstream version 8.6.0
++
++ -- Christian Ehrhardt <christian.ehrhardt@canonical.com>  Thu, 11 Aug 2022 10:28:25 +0200
++
  libvirt (8.5.0-2) experimental; urgency=medium
    * [6c9bffb] Implement custom handling for systemd units
@@ -343,6 +920,188 @@ libvirt (8.1.0-1) experimental; urgency=medium
   -- Andrea Bolognani <eof@kiyuko.org>  Tue, 15 Mar 2022 23:53:49 +0100
++libvirt (8.0.0-1ubuntu8) kinetic; urgency=medium
++
++  * d/p/u/lp-1972075-Allow-VM-to-read-sysfs-PCI-config-revision-files.patch:
++    apparmor allow new paths used for GL accelerated video (LP: #1972075)
++
++ -- Christian Ehrhardt <christian.ehrhardt@canonical.com>  Thu, 19 May 2022 08:14:48 +0200
++
++libvirt (8.0.0-1ubuntu7) jammy; urgency=medium
++
++  * d/p/ubuntu-aa/0035-apparmor-separate-swtpm-rules.patch: Patch the libvirtd
++    and libvirt-qemu apparmor profiles to allow swtpm to use its own profile
++    (LP: #1968187)
++
++ -- Lena Voytek <lena.voytek@canonical.com>  Tue, 12 Apr 2022 10:04:05 -0700
++
++libvirt (8.0.0-1ubuntu6) jammy; urgency=medium
++
++  * d/control: recommend swtpm-tools (LP: #1948748)
++
++ -- Christian Ehrhardt <christian.ehrhardt@canonical.com>  Mon, 04 Apr 2022 07:30:15 +0200
++
++libvirt (8.0.0-1ubuntu5) jammy; urgency=medium
++
++  * apparmor: Fix QEMU access for UEFI variable files. Backported from
++    upstream master commit 7aec69b7fb9d0c. (Closes: #1006324, LP: #1962035)
++    Refresh apparmor_profiles_local_include.patch to resolve the conflict.
++
++ -- Martin Pitt <martin.pitt@ubuntu.com>  Wed, 09 Mar 2022 13:43:40 +0100
++
++libvirt (8.0.0-1ubuntu4) jammy; urgency=medium
++
++  * No-change rebuild against libwireshark15.
++
++ -- Steve Langasek <steve.langasek@ubuntu.com>  Mon, 07 Mar 2022 18:34:34 +0000
++
++libvirt (8.0.0-1ubuntu3) jammy; urgency=medium
++
++  * Revert "d/rules, d/libvirt-daemon-system.{postinst,prerm}: never stop
++    system services and sockets."
++    Due to the fix being in debhelper we no more need this mitigation now.
++    (LP: #1959054)
++
++ -- Christian Ehrhardt <christian.ehrhardt@canonical.com>  Thu, 17 Feb 2022 10:08:01 +0100
++
++libvirt (8.0.0-1ubuntu2) jammy; urgency=medium
++
++  * No-change rebuild to update maintainer scripts, see LP: 1959054
++
++ -- Dave Jones <dave.jones@canonical.com>  Wed, 16 Feb 2022 17:04:47 +0000
++
++libvirt (8.0.0-1ubuntu1) jammy; urgency=medium
++
++  * Merge 8.0.0 from Debian unstable (LP: #1946869)
++    Among many other fixes and improvements this fixes ceph usage
++    in regard to apparmor (LP: #1588576)
++    Remaining changes:
++    - libvirt-uri.sh: Automatically switch default libvirt URI for users
++      via user profile (xen URI on dom0, qemu:///system otherwise)
++      [contains lintian fixups of 6.6.0-1ubuntu1]
++    - Disable libssh2 support (universe dependency)
++    - d/control: add libzfslinux-dev to build-deps
++    - d/control: drop libvirt-lxc, vbox and xen drivers to suggest
++    - d/control: breaks replaces for augeas lenses move in 6.0.0-1
++      (follows Debian, droppable >22.04)
++    - debian/patches/ubuntu/ovmf_paths.patch: adjust paths to secboot.fd UEFI
++      Secure Boot enabled variants of the OVMF firmware and variable store for
++      the paths where we ship these files in Ubuntu.
++    - Set qemu-group to kvm (for compat with older ubuntu)
++    - Additional apport package-hook
++    - Autostart default bridged network (As upstream does, but not Debian).
++      In addition to just enabling it our solution provides:
++      + do not autostart if subnet is already taken (e.g. in guests).
++      + iterate some alternative subnets before giving up
++    - d/p/ubuntu/Allow-libvirt-group-to-access-the-socket.patch: This is
++      the group based access to libvirt functions as it was used in Ubuntu
++      for quite a long time.
++      + d/p/ubuntu/daemon-augeas-fix-expected.patch fix some related tests
++        due to the group access change.
++      + d/libvirt-daemon-system.postinst: add users in sudo to the libvirt
++        group.
++    - d/p/u/parallel-shutdown.patch: set parallel shutdown by default.
++    - Update README.Debian with Ubuntu changes
++    - d/p/ubuntu/ubuntu_machine_type.patch: accept ubuntu types as pci440fx
++    - fix autopkgtests (LP 1899180)
++      + d/t/control, d/t/smoke-qemu-session: fixup smoke-qemu-session by making
++        vmlinuz available and accessible (Debian bug 848314)
++      + d/t/control: fix smoke-qemu-session by ensuring the service will run
++        installing libvirt-daemon-system
++      + d/t/smoke-qemu-session.xml: fixup smoke-qemu-session do not use kvm
++        when not needed
++      + d/t/smoke-lxc: fix smoke-lxc by ignoring potential issues on destroy as
++        long as the following undefine succeeds
++      + d/t/smoke-lxc: use systemd instead of sysV to restart the service
++      + d/t/control, d/t/smoke-lxc: retry service restart and skip test if
++        failing; This was flaky on some release/architectures
++      + d/t/smoke-lxc: retry check_domain being flaky on arm64
++    - dnsmasq related enhancements
++      [now contains dnsmasq-as-priv-user of 6.6.0-1ubuntu1]
++      + run dnsmasq as libvirt-dnsmasq (LP: 1743718)
++      + d/libvirt-daemon-system.postinst: add libvirt-dnsmasq user and group
++      + d/libvirt-daemon-system.postrm: remove libvirt-dnsmasq user and group
++        on purge
++      + d/p/ubuntu/dnsmasq-as-priv-user: write dnsmasq config with user
++        libvirt-dnsmasq and adapt the self tests to expect that config
++      + d/libvirt-daemon-system.postinst: fix old libvirt-dnsmasq users group
++      + Add dnsmasq configuration to work with system wide dnsmasq-base
++    - d/p/ubuntu/set-default-machine-to-ubuntu.patch: to select default
++      machine type correctly with newer qemu/libvirt
++    - d/p/ubuntu/lp-1861125-ubuntu-models: recognize Ubuntu models for
++      (LP 1861125) fixups
++    - d/p/ubuntu/wait-for-qemu-kvm.patch - avoid hangs on startup (LP 1887592)
++    - Apparmor Delta that is Ubuntu specific or yet to be upstreamed
++      split into logical pieces. File names in debian/patches/ubuntu-aa/:
++      + 0020-virt-aa-helper-ubuntu-storage-paths.patch:
++        apparmor, virt-aa-helper: Allow various storage pools and image
++        locations
++      + 0029-appmor-libvirt-qemu-Add-9p-support.patch: appmor,
++        libvirt-qemu: Add 9p support
++      + 0031-virt-aa-helper-Ask-for-no-deny-rule-for-readonly-dis.patch:
++        virt-aa-helper: Ask for no deny rule for readonly disk (renamed and
++        reworded, was virt-aa-helper-no-explicity-deny-for-basefiles.patch)
++      + 0032-apparmor-libvirt-qemu-Allow-reading-charm-specific-c.patch:
++        apparmor, libvirt-qemu: Allow reading charm-specific ceph config
++      + 0033-UBUNTU-only-apparmor-for-kvm.powerpc-LP-1680384.patch: allow
++        commands executed by ubuntu only kvm wrapper on ppc64el
++        (LP 1686621 LP 1680384 LP 1784023)
++      + 0034-apparmor-virt-aa-helper-access-for-snapped-nova.patch:
++        apparmor, virt-aa-helper: access for snapped nova
++      + lp-1815910-allow-vhost-net.patch: avoid apparmor issues
++        with vhost-net/vhost-vsock/vhost-scsi hotplug (LP: 1815910)
++    - libvirt should not use user/group tss for swtpm (LP 1948880)
++      + d/libvirt-daemon-system.postinst: own swtpm logdir by user swtpm
++      + d/p/u/swtpm-by-swtpm-user.patch: change default spawned swtpm processes
++        to user swtpm
++      + d/p/u/swtpm-by-swtpm-user.patch: adapt expected self test results
++      + d/control: suggest swtpm-tools
++      + d/libvirt-daemon-system.postinst: create user/group swtpm if not present
++        due to swtpm-tools (LP 1951975)
++  * Dropped changes [in Debian now]:
++    - d/control: add libtirpc for rpc.h with glibc >=2.32
++    - various patch refreshes and .symbols updated from 7.0.0 - 7.6.0
++    - debian/rules: disable the netcf backend. (LP: 1764314)
++    - d/libvirt-clients.install: completions no more are symlinked to vsh
++    - d/rules: disable the now auto-built vstorage backend
++    - not-installed: split daemon man pages are no yet installed
++    - d/rules: disable the new Cloud Hypervisor driver
++    - d/rules: enable more features explicitly
++    - d/rules: use apparmor_profiles=enabled instead of the now rejected
++      value true
++    - rules: Explicitly set remote_default_mode
++    - rules: Rework installation of AppArmor-related files
++    - d/control, d/rules: enable libssh (LP 1939416)
++  * Dropped changes [upstream now]:
++    - d/p/u/lp-1913266-*: add vsock options to be usable with s390x secure
++      execution (LP 1913266)
++    - d/p/u/lp-1927519-virt-aa-helper-Purge-profile-if-corrupted.patch: avoid
++      issues due to corrupted apparmor profiles (LP 1927519)
++    - Toleration for qemu >=6.0 handling of props (LP 1932264)
++    - Persistent vfio-ccw device assignments (LP 1887929)
++  * Dropped changes [no more needed]:
++    - remove Debian debian/Revert-m4-virt-xdr-rewrite-XDR-check.patch as with
++      recent ubuntu glibx 2.32 it is breaking the build
++    - update d/p/debian/Revert-m4-virt-xdr-rewrite-XDR-check.patch: to detect
++      XDR functions from glibc
++    - d/t/smoke-lxc: skip before systemd 248 due to a known bug (LP 1934966)
++    - d/t/smoke-lxc: skip if cgroup v1&v2 are present (systemd 248
++      was not enough)
++  * Added changes:
++    - d/p/u/dnsmasq-as-priv-user: update for 8.0.0
++    - Add recent upstream fixes to 8.0
++      + d/p/backport/qemuDomainSetupDisk-Initialize-targetPaths.patch to work
++        in containers like LXD (without guest start would hang).
++      + d/p/backport/util-fix-syslog-facility-value.patch to ensure logs
++        get passed to syslog/journal correctly.
++   - d/rules, d/libvirt-daemon-system.{postinst,postrm}: never stop
++     libvirt system services and sockets (LP: #1959054). This allows
++     to unblock some transitions that wait on libvirt now; The intention is
++     that it is fixed in debhelper and libvirt reverts this change before
++     jammy release.
++
++ -- Christian Ehrhardt <christian.ehrhardt@canonical.com>  Mon, 24 Jan 2022 08:49:08 +0100
++
  libvirt (8.0.0-1) unstable; urgency=medium
    * [a26cc81] New upstream version 8.0.0
@@ -445,6 +1204,112 @@ libvirt (7.6.0-1) unstable; urgency=medium
   -- Andrea Bolognani <eof@kiyuko.org>  Thu, 19 Aug 2021 21:16:21 +0200
++libvirt (7.6.0-0ubuntu3) jammy; urgency=medium
++
++  * d/libvirt-daemon-system.postinst: create user/group swtpm if not present
++    due to swtpm-tools (LP: #1951975)
++
++ -- Christian Ehrhardt <christian.ehrhardt@canonical.com>  Wed, 24 Nov 2021 07:50:53 +0100
++
++libvirt (7.6.0-0ubuntu2) jammy; urgency=medium
++
++  * d/p/u/lp-1927519-virt-aa-helper-Purge-profile-if-corrupted.patch: avoid
++    issues due to corrupted apparmor profiles (LP: #1927519)
++  * libvirt should not use user/group tss for swtpm (LP: #1948880)
++    - d/libvirt-daemon-system.postinst: own swtpm logdir by user swtpm
++    - d/p/u/swtpm-by-swtpm-user.patch: change default spawned swtpm processes
++      to user swtpm
++    - d/p/u/swtpm-by-swtpm-user.patch: adapt expected self test results
++    - d/control: suggest swtpm-tools
++
++ -- Christian Ehrhardt <christian.ehrhardt@canonical.com>  Thu, 11 Nov 2021 12:11:38 +0100
++
++libvirt (7.6.0-0ubuntu1) impish; urgency=medium
++
++  * Merge v7.6.0 from upstream and unreleased changes from Debian git.
++    Among other bugs this fixes copy-storage-inc based migrations (LP: #1936778)
++    - New upstream version 7.5.0
++    - New upstream version 7.6.0
++    - symbols: Bump symbol versions
++    - refresh d/p/debian/Set-defaults-for-zfs-tools.patch for v7.5.0
++    - patches: Refresh patches
++    - d/rules: disable the new Cloud Hypervisor driver
++    - d/rules: enable more features explicitly
++    - d/rules: use apparmor_profiles=enabled instead of the now rejected
++      value true
++    - update d/p/debian/Revert-m4-virt-xdr-rewrite-XDR-check.patch: to detect
++      XDR functions from glibc
++  * d/control, d/rules: enable libssh (LP: #1939416)
++  * refresh ubuntu patches for v7.6.0
++  * Further fixups for v7.6.0 (thanks to Andrea Bolognani)
++    - rules: Explicitly set remote_default_mode
++    - rules: Rework installation of AppArmor-related files
++
++ -- Christian Ehrhardt <christian.ehrhardt@canonical.com>  Wed, 11 Aug 2021 08:11:16 +0200
++
++libvirt (7.6.0-1) unstable; urgency=medium
++
++  * Team upload
++
++  [ Andrea Bolognani ]
++  * [a256a80] New upstream version 7.6.0
++    - Fixes CVE-2021-3667 (Closes: #991594)
++  * [4a96793] rules: Disable netcf support
++    - netcf support is considered deprecated upstream
++
++  [ Christian Ehrhardt ]
++  * [ac145fd] d/rules: disable the new Cloud Hypervisor driver
++    - Cloud Hypervisor is not available in Debian
++  * [4bafac5] d/control, d/rules: enable libssh
++    - Closes: #985969
++    - LP: #1939416
++  * [fbc728f] d/t/smoke-lxc: skip if cgroup v1&v2 are present
++    - This works around an upstream bug which causes the LXC driver
++      to break when both v1 and v2 cgroups are in use
++  * [8d2e0fe] d/control: add libtirpc for rpc.h with glibc >=2.31-14
++    - Switch from glibc's legacy RPC implementation, which is now
++      disabled in the Debian package, to libtirpc's one
++
++ -- Andrea Bolognani <eof@kiyuko.org>  Thu, 19 Aug 2021 21:16:21 +0200
++
++libvirt (7.4.0-0ubuntu3) impish; urgency=medium
++
++  * d/t/smoke-lxc: skip if cgroup v1&v2 are present (systemd 248
++    was not enough)
++
++ -- Christian Ehrhardt <christian.ehrhardt@canonical.com>  Thu, 08 Jul 2021 14:20:53 +0200
++
++libvirt (7.4.0-0ubuntu2) impish; urgency=medium
++
++  * d/t/smoke-lxc: skip before systemd 248 due to a known bug (LP: #1934966)
++
++ -- Christian Ehrhardt <christian.ehrhardt@canonical.com>  Thu, 08 Jul 2021 09:33:49 +0200
++
++libvirt (7.4.0-0ubuntu1) impish; urgency=medium
++
++  * Merge v7.4.0 from upstream,
++    among a lot of new features and fixes this closes a few of issues
++    reported against Ubuntu
++    - Toleration for qemu >=6.0 handling of props (LP: #1932264)
++    - Persistent vfio-ccw device assignments (LP: #1887929)
++    - Drop patches that are upstream in v7.4.0
++      - d/p/b/meson-Fix-cross-building-of-dtrace-probes.patch
++      - d/p/b/apparmor-let-image-label-setting-loop-over-backing-files.patch
++      - d/p/r/systemd-Revert-remote-Add-libvirtd-dependency-to-virt-gue.patch
++      - d/p/u/lp-1913266-*: add vsock options to be usable with s390x
++      - d/p/u/lp-1921754-*: EPYC-Rome-v2
++      - d/p/u/lp-1921880-*: EPYC-Milan
++    - d/libvirt-clients.install: completions no more are symlinked to vsh
++    - Revert "disable firewalld support (universe dependency)"
++      This does not add a runtime dependency and while firewalld isn't in
++      main that way users can install and use it from universe.
++      (LP: #1928113)
++    - d/libvirt0.symbols: bump symbol versions for 7.4.0
++    - d/rules: disable the now auto-built vstorage backend
++    - not-installed: split daemon man pages are no yet installed
++
++ -- Christian Ehrhardt <christian.ehrhardt@canonical.com>  Thu, 17 Jun 2021 10:33:27 +0200
++
  libvirt (7.0.0-3) unstable; urgency=medium
    * Team upload
@@ -454,6 +1319,115 @@ libvirt (7.0.0-3) unstable; urgency=medium
   -- Andrea Bolognani <eof@kiyuko.org>  Fri, 26 Feb 2021 16:46:34 +0100
++libvirt (7.0.0-2ubuntu2) hirsute; urgency=medium
++
++  * d/p/u/lp-1921754*: add EPYC-Rome-v2 as v1 missed IBRS and thereby fails
++    on some HW/Guest combinations e.g. Windows 10 on Threadripper
++    (LP: #1921754)
++  * d/p/u/lp-1921880*: add EPYC-Milan features and named cpu type support
++    (LP: #1921880)
++
++ -- Christian Ehrhardt <christian.ehrhardt@canonical.com>  Wed, 07 Apr 2021 13:33:46 +0200
++
++libvirt (7.0.0-2ubuntu1) hirsute; urgency=medium
++
++  * Merge with Debian 7.0.0-1 from Debian unstable
++    Remaining changes:
++    - libvirt-uri.sh: Automatically switch default libvirt URI for users
++      via user profile (xen URI on dom0, qemu:///system otherwise)
++      [contains lintian fixups of 6.6.0-1ubuntu1]
++    - Disable libssh2 support (universe dependency)
++    - Disable firewalld support (universe dependency)
++    - d/control: add libzfslinux-dev to build-deps
++    - d/control: drop libvirt-lxc, vbox and xen drivers to suggest
++    - d/control: breaks replaces for augeas lenses move in 6.0.0-1
++      (follows Debian, droppable >22.04)
++    - debian/rules: disable the netcf backend. (LP: 1764314)
++    - debian/patches/ubuntu/ovmf_paths.patch: adjust paths to secboot.fd UEFI
++      Secure Boot enabled variants of the OVMF firmware and variable store for
++      the paths where we ship these files in Ubuntu.
++    - Set qemu-group to kvm (for compat with older ubuntu)
++    - Additional apport package-hook
++    - Autostart default bridged network (As upstream does, but not Debian).
++      In addition to just enabling it our solution provides:
++      + do not autostart if subnet is already taken (e.g. in guests).
++      + iterate some alternative subnets before giving up
++    - d/p/ubuntu/Allow-libvirt-group-to-access-the-socket.patch: This is
++      the group based access to libvirt functions as it was used in Ubuntu
++      for quite a long time.
++      + d/p/ubuntu/daemon-augeas-fix-expected.patch fix some related tests
++        due to the group access change.
++      + d/libvirt-daemon-system.postinst: add users in sudo to the libvirt
++        group.
++    - ubuntu/parallel-shutdown.patch: set parallel shutdown by default.
++    - Update README.Debian with Ubuntu changes
++    - d/p/ubuntu/ubuntu_machine_type.patch: accept ubuntu types as pci440fx
++    - fix autopkgtests (LP 1899180)
++      + d/t/control, d/t/smoke-qemu-session: fixup smoke-qemu-session by making
++        vmlinuz available and accessible (Debian bug 848314)
++      + d/t/control: fix smoke-qemu-session by ensuring the service will run
++        installing libvirt-daemon-system
++      + d/t/smoke-lxc: fix smoke-lxc by ignoring potential issues on destroy as
++        long as the following undefine succeeds
++      + d/t/smoke-lxc: use systemd instead of sysV to restart the service
++      + d/t/control, d/t/smoke-lxc: retry service restart and skip test if
++        failing; This was flaky on some release/architectures
++      + d/t/smoke-lxc: retry check_domain being flaky on arm64
++    - dnsmasq related enhancements
++      [now contains dnsmasq-as-priv-user of 6.6.0-1ubuntu1]
++      + run dnsmasq as libvirt-dnsmasq (LP: 1743718)
++      + d/libvirt-daemon-system.postinst: add libvirt-dnsmasq user and group
++      + d/libvirt-daemon-system.postrm: remove libvirt-dnsmasq user and group
++        on purge
++      + d/p/ubuntu/dnsmasq-as-priv-user: write dnsmasq config with user
++        libvirt-dnsmasq and adapt the self tests to expect that config
++      + d/libvirt-daemon-system.postinst: fix old libvirt-dnsmasq users group
++      + Add dnsmasq configuration to work with system wide dnsmasq-base
++    - d/p/ubuntu/set-default-machine-to-ubuntu.patch: to select default
++      machine type correctly with newer qemu/libvirt
++    - d/p/ubuntu/lp-1861125-ubuntu-models: recognize Ubuntu models for
++      (LP 1861125) fixups
++    - d/p/ubuntu/wait-for-qemu-kvm.patch - avoid hangs on startup (LP 1887592)
++    - remove Debian debian/Revert-m4-virt-xdr-rewrite-XDR-check.patch as with
++      recent ubuntu glibx 2.32 it is breaking the build
++    - d/control: add libtirpc for rpc.h with glibc >=2.32
++    - Apparmor Delta that is Ubuntu specific or yet to be upstreamed
++      split into logical pieces. File names in debian/patches/ubuntu-aa/:
++      + 0020-virt-aa-helper-ubuntu-storage-paths.patch:
++        apparmor, virt-aa-helper: Allow various storage pools and image
++        locations
++      + 0029-appmor-libvirt-qemu-Add-9p-support.patch: appmor,
++        libvirt-qemu: Add 9p support
++      + 0031-virt-aa-helper-Ask-for-no-deny-rule-for-readonly-dis.patch:
++        virt-aa-helper: Ask for no deny rule for readonly disk (renamed and
++        reworded, was virt-aa-helper-no-explicity-deny-for-basefiles.patch)
++      + 0032-apparmor-libvirt-qemu-Allow-reading-charm-specific-c.patch:
++        apparmor, libvirt-qemu: Allow reading charm-specific ceph config
++      + 0033-UBUNTU-only-apparmor-for-kvm.powerpc-LP-1680384.patch: allow
++        commands executed by ubuntu only kvm wrapper on ppc64el
++        (LP 1686621 LP 1680384 LP 1784023)
++      + 0034-apparmor-virt-aa-helper-access-for-snapped-nova.patch:
++        apparmor, virt-aa-helper: access for snapped nova
++      + lp-1815910-allow-vhost-net.patch: avoid apparmor issues
++        with vhost-net/vhost-vsock/vhost-scsi hotplug (LP: 1815910)
++    - d/p/u/lp-1913266-*: add vsock options to be usable with s390x secure
++      execution (LP 1913266)
++  * Dropped Changes [in Debian now]
++    - Avoid various issues around service/socket status after install/reinstall
++      and on upgrades (LP 1914054).
++      - d/rules: let sockets use --no-stop-on-upgrade to avoid false positives
++      - d/rules: --no-restart-after-upgrade does not prevent restarts
++      - d/rules: avoid --no-start which breaks .sockets on re-install
++      - d/rules: start, but do not restart libvirt-guests.service
++    - Dependency improvements yet unreleased from salsa/debian/master thanks
++      to Andrea Bolognani (Debian #981435).
++      - control: Always explicitly depend on libvirt0
++      - control: Always use versioned deps for libvirt components
++    - d/control: extend demotion of libvirt-lxc related dependencies to
++      libvirt-login-shell
++
++ -- Christian Ehrhardt <christian.ehrhardt@canonical.com>  Tue, 23 Feb 2021 12:16:08 +0100
++
  libvirt (7.0.0-2) unstable; urgency=medium
    * Team upload
@@ -475,6 +1449,123 @@ libvirt (7.0.0-2) unstable; urgency=medium
   -- Andrea Bolognani <eof@kiyuko.org>  Wed, 10 Feb 2021 23:23:32 +0100
++libvirt (7.0.0-1ubuntu2) hirsute; urgency=medium
++
++  * d/control: extend demotion of libvirt-lxc related dependencies to
++    libvirt-login-shell
++
++ -- Christian Ehrhardt <christian.ehrhardt@canonical.com>  Thu, 04 Feb 2021 13:44:49 +0100
++
++libvirt (7.0.0-1ubuntu1) hirsute; urgency=medium
++
++  * Merge with Debian 7.0.0-1 from Debian unstable
++    This fixes unwanted conffile prompts (LP: #1906248)
++    Remaining changes:
++    - libvirt-uri.sh: Automatically switch default libvirt URI for users
++      via user profile (xen URI on dom0, qemu:///system otherwise)
++      [contains lintian fixups of 6.6.0-1ubuntu1]
++    - Disable libssh2 support (universe dependency)
++    - Disable firewalld support (universe dependency)
++    - d/control: add libzfslinux-dev to build-deps
++    - d/control: drop libvirt-lxc, vbox and xen drivers to suggest
++    - d/control: breaks replaces for augeas lenses move in 6.0.0-1
++      (follows Debian, droppable >22.04)
++    - debian/rules: disable the netcf backend. (LP: 1764314)
++    - debian/patches/ubuntu/ovmf_paths.patch: adjust paths to secboot.fd UEFI
++      Secure Boot enabled variants of the OVMF firmware and variable store for
++      the paths where we ship these files in Ubuntu.
++    - Set qemu-group to kvm (for compat with older ubuntu)
++    - Additional apport package-hook
++    - Autostart default bridged network (As upstream does, but not Debian).
++      In addition to just enabling it our solution provides:
++      + do not autostart if subnet is already taken (e.g. in guests).
++      + iterate some alternative subnets before giving up
++    - d/p/ubuntu/Allow-libvirt-group-to-access-the-socket.patch: This is
++      the group based access to libvirt functions as it was used in Ubuntu
++      for quite a long time.
++      + d/p/ubuntu/daemon-augeas-fix-expected.patch fix some related tests
++        due to the group access change.
++      + d/libvirt-daemon-system.postinst: add users in sudo to the libvirt
++        group.
++    - ubuntu/parallel-shutdown.patch: set parallel shutdown by default.
++    - Update README.Debian with Ubuntu changes
++    - d/p/ubuntu/ubuntu_machine_type.patch: accept ubuntu types as pci440fx
++    - fix autopkgtests (LP 1899180)
++      + d/t/control, d/t/smoke-qemu-session: fixup smoke-qemu-session by making
++        vmlinuz available and accessible (Debian bug 848314)
++      + d/t/control: fix smoke-qemu-session by ensuring the service will run
++        installing libvirt-daemon-system
++      + d/t/smoke-lxc: fix smoke-lxc by ignoring potential issues on destroy as
++        long as the following undefine succeeds
++      + d/t/smoke-lxc: use systemd instead of sysV to restart the service
++      + d/t/control, d/t/smoke-lxc: retry service restart and skip test if
++        failing; This was flaky on some release/architectures
++      + d/t/smoke-lxc: retry check_domain being flaky on arm64
++    - dnsmasq related enhancements
++      [now contains dnsmasq-as-priv-user of 6.6.0-1ubuntu1]
++      + run dnsmasq as libvirt-dnsmasq (LP: 1743718)
++      + d/libvirt-daemon-system.postinst: add libvirt-dnsmasq user and group
++      + d/libvirt-daemon-system.postrm: remove libvirt-dnsmasq user and group
++        on purge
++      + d/p/ubuntu/dnsmasq-as-priv-user: write dnsmasq config with user
++        libvirt-dnsmasq and adapt the self tests to expect that config
++      + d/libvirt-daemon-system.postinst: fix old libvirt-dnsmasq users group
++      + Add dnsmasq configuration to work with system wide dnsmasq-base
++    - d/p/ubuntu/set-default-machine-to-ubuntu.patch: to select default
++      machine type correctly with newer qemu/libvirt
++    - d/p/ubuntu/lp-1861125-ubuntu-models: recognize Ubuntu models for
++      (LP 1861125) fixups
++    - d/p/ubuntu/wait-for-qemu-kvm.patch - avoid hangs on startup (LP 1887592)
++    - remove Debian debian/Revert-m4-virt-xdr-rewrite-XDR-check.patch as with
++      recent ubuntu glibx 2.32 it is breaking the build
++    - d/control: add libtirpc for rpc.h with glibc >=2.32
++    - Apparmor Delta that is Ubuntu specific or yet to be upstreamed
++      split into logical pieces. File names in debian/patches/ubuntu-aa/:
++      + 0020-virt-aa-helper-ubuntu-storage-paths.patch:
++        apparmor, virt-aa-helper: Allow various storage pools and image
++        locations
++      + 0029-appmor-libvirt-qemu-Add-9p-support.patch: appmor,
++        libvirt-qemu: Add 9p support
++      + 0031-virt-aa-helper-Ask-for-no-deny-rule-for-readonly-dis.patch:
++        virt-aa-helper: Ask for no deny rule for readonly disk (renamed and
++        reworded, was virt-aa-helper-no-explicity-deny-for-basefiles.patch)
++      + 0032-apparmor-libvirt-qemu-Allow-reading-charm-specific-c.patch:
++        apparmor, libvirt-qemu: Allow reading charm-specific ceph config
++      + 0033-UBUNTU-only-apparmor-for-kvm.powerpc-LP-1680384.patch: allow
++        commands executed by ubuntu only kvm wrapper on ppc64el
++        (LP 1686621 LP 1680384 LP 1784023)
++      + 0034-apparmor-virt-aa-helper-access-for-snapped-nova.patch:
++        apparmor, virt-aa-helper: access for snapped nova
++      + lp-1815910-allow-vhost-net.patch: avoid apparmor issues
++        with vhost-net/vhost-vsock/vhost-scsi hotplug (LP: 1815910)
++  * Dropped Changes [in Debian now]
++    - 0050-local-include-for-libvirt-qemu.patch,
++      d/libvirt-daemon-system.postinst: provide a local apparmor include
++      for abstraction/libvirt-qemu (LP: 1786019)
++  * Dropped Changes [in upstream now]
++    - d/p/ubuntu-aa/apparmor-allow-kvm-spice-compat-wrapper.patch: fix migrating
++      pre-Focal guests by allowing kvm-spice
++    - virt-ssh-helper: fix slow migrations and volume transfers (LP 1904584)
++      - d/p/ubuntu/lp-1904584-remote-make-ssh-helper-massively-faster.patch
++      - d/p/ubuntu/lp-1904584-util-avoid-glib-event-loop-workaround.patch
++  * Dropped Changes [ready for main]
++    - d/control: drop mdevctl to a suggest until (LP: #1889248) is ready
++  * Added Changes:
++    - Avoid various issues around service/socket status after install/reinstall
++      and on upgrades (LP: #1914054).
++      - d/rules: let sockets use --no-stop-on-upgrade to avoid false positives
++      - d/rules: --no-restart-after-upgrade does not prevent restarts
++      - d/rules: avoid --no-start which breaks .sockets on re-install
++      - d/rules: start, but do not restart libvirt-guests.service
++    - d/p/u/lp-1913266-*: add vsock options to be usable with s390x secure
++      execution (LP: #1913266)
++    - Dependency improvements yet unreleased from salsa/debian/master thanks
++      to Andrea Bolognani (Debian #981435).
++      - control: Always explicitly depend on libvirt0
++      - control: Always use versioned deps for libvirt components
++
++ -- Christian Ehrhardt <christian.ehrhardt@canonical.com>  Mon, 25 Jan 2021 14:32:05 +0100
++
  libvirt (7.0.0-1) unstable; urgency=medium
    * Team upload
@@ -538,6 +1629,142 @@ libvirt (6.9.0-2) experimental; urgency=medium
   -- Andrea Bolognani <eof@kiyuko.org>  Thu, 14 Jan 2021 23:51:32 +0100
++libvirt (6.9.0-1ubuntu4) hirsute; urgency=medium
++
++  * Improve flaky smoke-lxc test (LP: #1899180)
++    - d/t/control, d/t/smoke-lxc: retry service restart and skip test if
++      failing; This was flaky on some release/architectures
++    - d/t/smoke-lxc: retry check_domain being flaky on arm64
++
++ -- Christian Ehrhardt <christian.ehrhardt@canonical.com>  Fri, 04 Dec 2020 08:12:02 +0100
++
++libvirt (6.9.0-1ubuntu3) hirsute; urgency=high
++
++  * No change rebuild against wireshark 3.4.0
++
++ -- Balint Reczey <rbalint@ubuntu.com>  Mon, 07 Dec 2020 08:06:59 +0100
++
++libvirt (6.9.0-1ubuntu2) hirsute; urgency=medium
++
++  * virt-ssh-helper: fix slow migrations and volume transfers (LP: #1904584)
++    - d/p/ubuntu/lp-1904584-remote-make-ssh-helper-massively-faster.patch
++    - d/p/ubuntu/lp-1904584-util-avoid-glib-event-loop-workaround.patch
++
++ -- Christian Ehrhardt <christian.ehrhardt@canonical.com>  Thu, 26 Nov 2020 16:52:23 +0100
++
++libvirt (6.9.0-1ubuntu1) hirsute; urgency=medium
++
++  * Merge with Debian 6.8.0-1 from unstable
++    Remaining changes:
++    - libvirt-uri.sh: Automatically switch default libvirt URI for users
++      via user profile (xen URI on dom0, qemu:///system otherwise)
++      [contains lintian fixups of 6.6.0-1ubuntu1]
++    - Disable libssh2 support (universe dependency)
++    - Disable firewalld support (universe dependency)
++    - d/control: add libzfslinux-dev to build-deps
++    - d/control: drop libvirt-lxc, vbox and xen drivers to suggest
++    - d/control: breaks replaces for augeas lenses move in 6.0.0-1
++      (follows Debian, droppable >22.04)
++    - d/control: drop mdevctl to a suggest until (LP 1889248) is ready
++    - debian/rules: disable the netcf backend. (LP: 1764314)
++    - debian/patches/ubuntu/ovmf_paths.patch: adjust paths to secboot.fd UEFI
++      Secure Boot enabled variants of the OVMF firmware and variable store for
++      the paths where we ship these files in Ubuntu.
++    - Set qemu-group to kvm (for compat with older ubuntu)
++    - Additional apport package-hook
++    - Autostart default bridged network (As upstream does, but not Debian).
++      In addition to just enabling it our solution provides:
++      + do not autostart if subnet is already taken (e.g. in guests).
++      + iterate some alternative subnets before giving up
++    - d/p/ubuntu/Allow-libvirt-group-to-access-the-socket.patch: This is
++      the group based access to libvirt functions as it was used in Ubuntu
++      for quite a long time.
++      + d/p/ubuntu/daemon-augeas-fix-expected.patch fix some related tests
++        due to the group access change.
++      + d/libvirt-daemon-system.postinst: add users in sudo to the libvirt
++        group.
++    - ubuntu/parallel-shutdown.patch: set parallel shutdown by default.
++    - Update README.Debian with Ubuntu changes
++    - d/p/ubuntu/ubuntu_machine_type.patch: accept ubuntu types as pci440fx
++    - fix autopkgtests
++      + d/t/control, d/t/smoke-qemu-session: fixup smoke-qemu-session by making
++        vmlinuz available and accessible (Debian bug 848314)
++      + d/t/control: fix smoke-qemu-session by ensuring the service will run
++        installing libvirt-daemon-system
++      + d/t/smoke-lxc: fix smoke-lxc by ignoring potential issues on destroy as
++        long as the following undefine succeeds
++      + d/t/smoke-lxc: use systemd instead of sysV to restart the service
++    - dnsmasq related enhancements
++      [now contains dnsmasq-as-priv-user of 6.6.0-1ubuntu1]
++      + run dnsmasq as libvirt-dnsmasq (LP: 1743718)
++      + d/libvirt-daemon-system.postinst: add libvirt-dnsmasq user and group
++      + d/libvirt-daemon-system.postrm: remove libvirt-dnsmasq user and group
++        on purge
++      + d/p/ubuntu/dnsmasq-as-priv-user: write dnsmasq config with user
++        libvirt-dnsmasq and adapt the self tests to expect that config
++      + d/libvirt-daemon-system.postinst: fix old libvirt-dnsmasq users group
++      + Add dnsmasq configuration to work with system wide dnsmasq-base
++    - d/p/ubuntu/set-default-machine-to-ubuntu.patch: to select default
++      machine type correctly with newer qemu/libvirt
++    - d/p/ubuntu/lp-1861125-ubuntu-models: recognize Ubuntu models for
++      (LP 1861125) fixups
++    - d/p/ubuntu/wait-for-qemu-kvm.patch - avoid hangs on startup (LP 1887592)
++    - Apparmor Delta that is Ubuntu specific or yet to be upstreamed
++      split into logical pieces. File names in debian/patches/ubuntu-aa/:
++      + 0020-virt-aa-helper-ubuntu-storage-paths.patch:
++        apparmor, virt-aa-helper: Allow various storage pools and image
++        locations
++      + 0029-appmor-libvirt-qemu-Add-9p-support.patch: appmor,
++        libvirt-qemu: Add 9p support
++      + 0031-virt-aa-helper-Ask-for-no-deny-rule-for-readonly-dis.patch:
++        virt-aa-helper: Ask for no deny rule for readonly disk (renamed and
++        reworded, was virt-aa-helper-no-explicity-deny-for-basefiles.patch)
++      + 0032-apparmor-libvirt-qemu-Allow-reading-charm-specific-c.patch:
++        apparmor, libvirt-qemu: Allow reading charm-specific ceph config
++      + 0033-UBUNTU-only-apparmor-for-kvm.powerpc-LP-1680384.patch: allow
++        commands executed by ubuntu only kvm wrapper on ppc64el
++        (LP 1686621 LP 1680384 LP 1784023)
++      + 0034-apparmor-virt-aa-helper-access-for-snapped-nova.patch:
++        apparmor, virt-aa-helper: access for snapped nova
++      + 0050-local-include-for-libvirt-qemu.patch,
++        d/libvirt-daemon-system.postinst: provide a local apparmor include
++        for abstraction/libvirt-qemu (LP: 1786019)
++      + lp-1815910-allow-vhost-net.patch: avoid apparmor issues
++        with vhost-net/vhost-vsock/vhost-scsi hotplug (LP: 1815910)
++  * Dropped Changes [in Debian now]
++    - d/p/u/lp-1892826-Revert-m4-virt-xdr-rewrite-XDR-check.patch: avoid clashes
++      between libtripc and glibc that break libvirt-lxc (LP 1892826)
++  * Dropped Changes [in upstream now]
++    - d/p/ubuntu/lp-1901242-util-Fix-logic-in-virFileSetCOW.patch: fix dir pool
++      handling on non BTRFS affecting virt-manager, api and commandline pool
++      handling (LP 1901242)
++    - d/p/ubuntu-aa/lp-1892736-apparmor-allow-libvirtd-to-call-virtiofsd.patch:
++      allow libvirt to control virtiofsd (LP 1892736)
++    - d/p/ubuntu-aa/apparmor-allow-unmounting-.dev-entries.patch: avoid
++      triggering denials in devmapper error path
++    - d/p/ubuntu-aa/apparmor-profiles-are-meant-to-allow-adding-permanen.patch:
++      (again) allow permanent per guest overrides (LP 1745114)
++    - d/p/ubuntu-aa/lp-1847361-load-versioned-module.patch: allow loading
++      versioned modules after qemu package upgrades (LP 1847361)
++    - d/p/ubuntu-aa/0003-apparmor-libvirt-qemu-Allow-read-access-to-overcommi.
++      patch: apparmor, libvirt-qemu: Allow read access to overcommit_memory
++    - d/p/ubuntu-aa/0007-apparmor-libvirt-qemu-Allow-owner-read-access-to-PRO.
++      patch: apparmor, libvirt-qemu: Allow owner read access to @{PROC}/*/auxv
++    - d/p/ubuntu/lp-1887490-*: add named types and definitions for EPYC-Rome
++      chips (LP 1887490)
++    - 0030-virt-aa-helper-Complete-9p-support.patch: virt-aa-helper:
++      add l to 9p file options.
++  * Added Changes
++    - d/p/ubuntu/daemon-augeas-fix-expected.patch: update for 6.9
++    - d/p/ubuntu/Allow-libvirt-group-to-access-the-socket.patch: update for 6.9
++    - remove Debian debian/Revert-m4-virt-xdr-rewrite-XDR-check.patch as with
++      recent ubuntu glibx 2.32 it is breaking the build
++    - d/control: add libtirpc for rpc.h with glibc >=2.32
++    - d/p/ubuntu-aa/apparmor-allow-kvm-spice-compat-wrapper.patch: fix migrating
++      pre-Focal guests by allowing kvm-spice
++
++ -- Christian Ehrhardt <christian.ehrhardt@canonical.com>  Mon, 02 Nov 2020 12:02:26 +0100
++
  libvirt (6.9.0-1) unstable; urgency=medium
    * Team upload
@@ -615,6 +1842,208 @@ libvirt (6.6.0-2) unstable; urgency=medium
   -- Andrea Bolognani <eof@kiyuko.org>  Fri, 28 Aug 2020 17:18:51 +0200
++libvirt (6.6.0-1ubuntu4) hirsute; urgency=medium
++
++  * d/p/ubuntu/lp-1901242-util-Fix-logic-in-virFileSetCOW.patch: fix dir pool
++    handling on non BTRFS affecting virt-manager, api and commandline pool
++    handling (LP: #1901242)
++
++ -- Christian Ehrhardt <christian.ehrhardt@canonical.com>  Wed, 28 Oct 2020 07:47:53 +0100
++
++libvirt (6.6.0-1ubuntu3) groovy; urgency=medium
++
++  * d/p/ubuntu/lp-1887490-*: add named types and definitions for EPYC-Rome
++    chips (LP: #1887490)
++
++ -- Christian Ehrhardt <christian.ehrhardt@canonical.com>  Thu, 08 Oct 2020 07:36:06 +0200
++
++libvirt (6.6.0-1ubuntu2) groovy; urgency=medium
++
++  * d/p/u/lp-1892826-Revert-m4-virt-xdr-rewrite-XDR-check.patch: avoid clashes
++    between libtripc and glibc that break libvirt-lxc (LP: #1892826)
++  * d/p/ubuntu-aa/lp-1892736-apparmor-allow-libvirtd-to-call-virtiofsd.patch:
++    allow libvirt to control virtiofsd (LP: #1892736)
++
++ -- Christian Ehrhardt <christian.ehrhardt@canonical.com>  Tue, 25 Aug 2020 14:53:26 +0200
++
++libvirt (6.6.0-1ubuntu1) groovy; urgency=medium
++
++  * Merge with Debian 6.6.0-1 from experimental
++    Among many other new features and fixes this includes fixes for:
++    (LP: #1874647) - Stale libvirt cache leads to VM startup failures
++    (LP: #1869796) - bad ordering and dependent restarts of services/sockets
++    Remaining changes:
++    - d/p/ubuntu-aa/lp-1847361-load-versioned-module.patch: allow loading
++      versioned modules after qemu package upgrades (LP 1847361)
++    - libvirt-uri.sh: Automatically switch default libvirt URI for users
++      via user profile (xen URI on dom0, qemu:///system otherwise)
++    - Disable libssh2 support (universe dependency)
++    - Disable firewalld support (universe dependency)
++    - Set qemu-group to kvm (for compat with older ubuntu)
++    - Additional apport package-hook
++    - Autostart default bridged network (As upstream does, but not Debian).
++      In addition to just enabling it our solution provides:
++      + do not autostart if subnet is already taken (e.g. in guests).
++      + iterate some alternative subnets before giving up
++    - d/p/ubuntu/Allow-libvirt-group-to-access-the-socket.patch: This is
++      the group based access to libvirt functions as it was used in Ubuntu
++      for quite long.
++      + d/p/ubuntu/daemon-augeas-fix-expected.patch fix some related tests
++        due to the group access change.
++      + d/libvirt-daemon-system.postinst: add users in sudo to the libvirt
++        group.
++    - ubuntu/parallel-shutdown.patch: set parallel shutdown by default.
++    - Update README.Debian with Ubuntu changes
++    - d/p/ubuntu/ubuntu_machine_type.patch: accept ubuntu types as pci440fx
++    - fix autopkgtests
++      + d/t/control, d/t/smoke-qemu-session: fixup smoke-qemu-session by making
++        vmlinuz available and accessible (Debian bug 848314)
++      + d/t/control: fix smoke-qemu-session by ensuring the service will run
++        installing libvirt-daemon-system
++      + d/t/smoke-lxc: fix smoke-lxc by ignoring potential issues on destroy as
++        long as the following undefine succeeds
++      + d/t/smoke-lxc: use systemd instead of sysV to restart the service
++    - dnsmasq related enhancements
++      + run dnsmasq as libvirt-dnsmasq (LP: 1743718)
++      + d/libvirt-daemon-system.postinst: add libvirt-dnsmasq user and group
++      + d/libvirt-daemon-system.postrm: remove libvirt-dnsmasq user and group
++        on purge
++      + d/p/ubuntu/dnsmasq-as-priv-user: write dnsmasq config with user
++        libvirt-dnsmasq and adapt the self tests to expect that config
++      + d/libvirt-daemon-system.postinst: fix old libvirt-dnsmasq users group
++      + Add dnsmasq configuration to work with system wide dnsmasq-base
++    - debian/rules: disable the netcf backend. (LP: 1764314)
++    - debian/patches/ubuntu/ovmf_paths.patch: adjust paths to secboot.fd UEFI
++      Secure Boot enabled variants of the OVMF firmware and variable store for
++      the paths where we ship these files in Ubuntu.
++    - d/p/ubuntu/set-default-machine-to-ubuntu.patch: to select default
++      machine type correctly with newer qemu/libvirt
++    - d/control: add libzfslinux-dev to build-deps
++    - d/control: drop libvirt-lxc, vbox and xen drivers to suggest
++    - d/p/ubuntu/lp-1861125-ubuntu-models: recognize Ubuntu models for
++      (LP 1861125) fixups
++    - Apparmor Delta that is Ubuntu specific or yet to be upstreamed
++      split into logical pieces. File names in debian/patches/ubuntu-aa/:
++      + 0003-apparmor-libvirt-qemu-Allow-read-access-to-overcommi.patch:
++        apparmor, libvirt-qemu: Allow read access to overcommit_memory
++      + 0007-apparmor-libvirt-qemu-Allow-owner-read-access-to-PRO.patch:
++        apparmor, libvirt-qemu: Allow owner read access to @{PROC}/*/auxv
++      + 0020-virt-aa-helper-ubuntu-storage-paths.patch:
++        apparmor, virt-aa-helper: Allow various storage pools and image
++        locations
++      + 0029-appmor-libvirt-qemu-Add-9p-support.patch: appmor,
++        libvirt-qemu: Add 9p support
++      + 0030-virt-aa-helper-Complete-9p-support.patch: virt-aa-helper:
++        add l to 9p file options.
++      + 0031-virt-aa-helper-Ask-for-no-deny-rule-for-readonly-dis.patch:
++        virt-aa-helper: Ask for no deny rule for readonly disk (renamed and
++        reworded, was virt-aa-helper-no-explicity-deny-for-basefiles.patch)
++      + 0032-apparmor-libvirt-qemu-Allow-reading-charm-specific-c.patch:
++        apparmor, libvirt-qemu: Allow reading charm-specific ceph config
++      + 0033-UBUNTU-only-apparmor-for-kvm.powerpc-LP-1680384.patch: allow
++        commands executed by ubuntu only kvm wrapper on ppc64el
++        (LP 1686621 LP 1680384 LP 1784023)
++      + 0034-apparmor-virt-aa-helper-access-for-snapped-nova.patch:
++        apparmor, virt-aa-helper: access for snapped nova
++      + 0050-local-include-for-libvirt-qemu.patch,
++        d/libvirt-daemon-system.postinst: provide a local apparmor include
++        for abstraction/libvirt-qemu (LP: 1786019)
++      + lp-1815910-allow-vhost-net.patch: avoid apparmor issues
++        with vhost-net/vhost-vsock/vhost-scsi hotplug (LP: 1815910)
++  * Dropped changes (in Debian now):
++    - Enable some additional features on ppc64el and s390x (for arch parity)
++      + systemtap, zfs, numa and numad on s390x.
++      + systemtap on ppc64el.
++    - enable attr support to store XATTR labels. Among other things
++      this allows to properly restore file ownership (LP 691590)
++        - d/control: build depend to libattr1-dev
++        - d/rules: configure --with-attr
++    - Install virt-login-shell-helper
++    - Install augeas lenses for all drivers
++    - Remove all mentions of Devhelp
++    - not-installed: Remove obsolete entries
++    - not-installed: List all split daemons files
++    - d/control: bump build dep to python3
++    - d/control: add python3-docutils as build dependency
++    - d/rules: set enable-dependency-tracking to avoid FTBFS
++    - d/rules: drop the no more existing phyp option
++    - d/rules: drop the no more existing xen configure option
++    - minimize patches generated by autoreconf
++    - fix build on Debian/Ubuntu in qemuhotplugtest
++    - d/libvirt-doc.doc: install rendered docs
++    - d/libvirt-daemon-system.examples: drop old examples that are now active
++    - d/libvirt-doc.doc-base.libvirt-doc: adapt doc base to new file placement
++    - d/libvirt-daemon-system-sysv.lintian-overrides: not shipiing systemd files
++    - d/libnss-libvirt.lintian-overrides: accept having two nss so files
++    - d/rules: don't ship split daemons just yet
++    - d/rules: install /etc/default/* files that are shared between sysv and
++      systemd packages
++    - d/rules: add libvirt-guests.default to libvirt-daemon-system instead of
++      libvirt-daemon-system-sysv
++    - d/rules: install virtlockd correctly with defaults file (LP: 1729516)
++    - d/rules: also check build time self test results on all architectures
++    - d/rules: add --no-restart-after-upgrade to services that are supposed to
++      stay up through upgrades - this also applies to related sockets.
++  * Dropped changes (part of upstream now):
++    - d/p/ubuntu/lp-1879325-*: avoid issues with apparmor metadata labeling
++      (LP 1879325)
++    - d/p/ubuntu-aa/lp-1871354*: fix apparmor denials on libpmem init
++      (LP 1871354)
++    - d/p/ubuntu/CVE-CVE-2020-10701-api-disallow-virDomainAgentSetResponseTimeout
++      -on-rea.patch: avoid DOS through read only connections
++      CVE-2020-10701
++    - d/p/ubuntu/lp-1867460-*: fix domcapabilities before capabilities
++      and binary autodetection in general (LP 1867460)
++    - d/p/stable/lp-1868539-*: stabilize libvirt by backporting upstream
++      fixes (LP 1868539)
++    - d/p/ubuntu/lp-1853200*: add cpu models without hle/rtm features to have
++      modern types on kernels with recent security fixes (LP 1853200)
++    - d/p/ubuntu/lp-1868528-*: Fail when fetching CPU Status for invalid CPU
++      (LP 1868528)
++    - d/p/ubuntu/lp-1865425-*: avoid killing the monitor job in
++      qemuDomainSetTimeAgent (LP 1865425)
++    - d/p/ubuntu-aa/virt-aa-helper-Add-support-for-smartcard-host-certif.patch:
++      allow emulation of smartcard via host certificates
++    - d/p/ubuntu/lp-1861125-*: fix non host-model migrations from old machine
++      types (LP 1861125)
++    - d/p/ubuntu-aa/apparmor-allow-to-call-vhost-user-gpu.patch: do not apparmor
++      block vhost-user-gpu usage
++    - d/p/ubuntu/lp-1655111*: fix qemu_bridge_helper to work with named
++      profiles (LP 1655111)
++  * Dropped changes (no more needed):
++    - d/control: make libvirt-daemon-driver-storage-rbd a recommend instead of
++      just a suggest. This was deprecated since bionic and now will be dropped.
++    - Update Vcs-Git and Vcs-Browser fields to point to launchpad
++    - d/control: VCS links to use generic Ubuntu launchpad git URLs
++    - refreshed patches for libvirt v6.0.0
++    - d/libvirt-daemon-system.postrm: change order of libvirt-qemu removal to
++      avoid error messages on purge [deluser/delgroup no more report warnings]
++    - "Additional apport package-hook": due to context auto updates
++      d/libvirt-daemon.install had bad entries which are no more required.
++    - d/control, d/rules: Disable rbd and zfs on riscv64 where they are
++      unavailable (LP 1872952)
++  * Added Changes:
++    - d/control: breaks replaces for augeas lenses move in 6.0.0-1
++      (follows Debian, droppable >22.04)
++    - refresh ubuntu patches for 6.6
++      - d/p/ubuntu-aa/0050-local-include-for-libvirt-qemu.patch
++      - d/p/ubuntu-aa/0034-apparmor-virt-aa-helper-access-for-snapped-nova.patch
++      - d/p/ubuntu-aa/0020-virt-aa-helper-ubuntu-storage-paths.patch
++      - d/p/ubuntu/dnsmasq-as-priv-user
++      - d/p/ubuntu/Allow-libvirt-group-to-access-the-socket.patch
++      - d/p/ubuntu/daemon-augeas-fix-expected.patch
++    - d/libvirt-daemon-system.postinst: fix bashism in dnsmasq related
++      enhancements
++    - d/p/ubuntu/wait-for-qemu-kvm.patch - avoid hangs on startup (LP: #1887592)
++    - d/libvirt-clients.lintian-overrides: profile scripts are non executable
++    - d/p/ubuntu-aa/apparmor-allow-unmounting-.dev-entries.patch: avoid
++      triggering denials in devmapper error path
++    - d/p/ubuntu-aa/pparmor-profiles-are-meant-to-allow-adding-permanen.patch:
++      (again) allow permanent per guest overrides (LP: #1745114)
++    - d/control: drop mdevctl to a suggest until (LP 1889248) is ready
++
++ -- Christian Ehrhardt <christian.ehrhardt@canonical.com>  Thu, 06 Aug 2020 08:04:09 +0200
++
  libvirt (6.6.0-1) unstable; urgency=medium
    * Team upload
@@ -853,6 +2282,287 @@ libvirt (6.0.0~rc1-1) experimental; urgency=medium
   -- Guido Günther <agx@sigxcpu.org>  Sat, 18 Jan 2020 18:16:20 +0100
++libvirt (6.0.0-0ubuntu11) groovy; urgency=medium
++
++  * SECURITY UPDATE: privilege escalation via incorrect socket permissions
++    - debian/patches/ubuntu/Allow-libvirt-group-to-access-the-socket.patch:
++      updated patch to also set appropriate permissions on socket created
++      by systemd.
++    - CVE-2020-15708
++
++ -- Marc Deslauriers <marc.deslauriers@ubuntu.com>  Wed, 05 Aug 2020 09:08:34 -0400
++
++libvirt (6.0.0-0ubuntu10) groovy; urgency=medium
++
++  * enable attr support to store XATTR labels. Among other things
++    this allows to properly restore file ownership (LP: #691590)
++      - d/control: build depend to libattr1-dev
++      - d/rules: configure --with-attr
++
++ -- Christian Ehrhardt <christian.ehrhardt@canonical.com>  Mon, 22 Jun 2020 21:30:50 +0200
++
++libvirt (6.0.0-0ubuntu9) groovy; urgency=medium
++
++  * d/p/ubuntu/lp-1879325-*: avoid issues with apparmor metadata labeling
++    (LP: #1879325)
++
++ -- Christian Ehrhardt <christian.ehrhardt@canonical.com>  Wed, 20 May 2020 06:59:57 +0200
++
++libvirt (6.0.0-0ubuntu8) focal; urgency=medium
++
++  * d/control, d/rules: Disable rbd and zfs on riscv64 where they are
++    unavailable (LP: #1872952)
++
++ -- William Grant <wgrant@ubuntu.com>  Sat, 18 Apr 2020 13:59:21 +1000
++
++libvirt (6.0.0-0ubuntu7) focal; urgency=medium
++
++  * d/p/ubuntu-aa/lp-1871354*: fix apparmor denials on libpmem init
++    (LP: #1871354)
++  * d/p/ubuntu/CVE-CVE-2020-10701-api-disallow-virDomainAgentSetResponseTimeout
++    -on-rea.patch: avoid DOS through read only connections
++    CVE-2020-10701
++
++ -- Christian Ehrhardt <christian.ehrhardt@canonical.com>  Wed, 15 Apr 2020 12:29:12 +0200
++
++libvirt (6.0.0-0ubuntu6) focal; urgency=medium
++
++  * d/p/ubuntu/lp-1867460-*: fix domcapabilities before capabilities
++    and binary autodetection in general (LP: #1867460)
++  * d/p/stable/lp-1868539-*: stabilize libvirt by backporting upstream
++    fixes (LP: #1868539)
++  * d/p/ubuntu/lp-1853200*: add cpu models without hle/rtm features to have
++    modern types on kernels with recent security fixes (LP: #1853200)
++  * d/p/ubuntu/lp-1868528-*: Fail when fetching CPU Status for invalid CPU
++    (LP: #1868528)
++
++ -- Christian Ehrhardt <christian.ehrhardt@canonical.com>  Fri, 20 Mar 2020 10:34:19 +0100
++
++libvirt (6.0.0-0ubuntu5) focal; urgency=medium
++
++  * d/p/ubuntu-aa/lp-1847361-load-versioned-module.patch: allow loading
++    versioned modules after qemu package upgrades (LP: #1847361)
++
++ -- Christian Ehrhardt <christian.ehrhardt@canonical.com>  Tue, 10 Mar 2020 08:58:04 +0100
++
++libvirt (6.0.0-0ubuntu4) focal; urgency=medium
++
++  * d/p/ubuntu/lp-1865425-*: avoid killing the monitor job in
++    qemuDomainSetTimeAgent (LP: #1865425)
++
++ -- Christian Ehrhardt <christian.ehrhardt@canonical.com>  Mon, 02 Mar 2020 10:44:22 +0100
++
++libvirt (6.0.0-0ubuntu3) focal; urgency=medium
++
++  * rebuild against libxen-dev 4.11.3 (no change needed)
++  * d/p/ubuntu-aa/virt-aa-helper-Add-support-for-smartcard-host-certif.patch:
++    allow emulation of smartcard via host certificates
++  * d/p/ubuntu/lp-1861125-*: fix non host-model migrations from old machine
++    types (LP: #1861125)
++  * d/p/ubuntu-aa/apparmor-allow-to-call-vhost-user-gpu.patch: do not apparmor
++    block vhost-user-gpu usage
++
++ -- Christian Ehrhardt <christian.ehrhardt@canonical.com>  Wed, 12 Feb 2020 14:20:08 +0100
++
++libvirt (6.0.0-0ubuntu2) focal; urgency=medium
++
++  [ Christian Ehrhardt ]
++  * Bring back the ubuntu default URI handling. While no more needed for xen
++    its removal made libvirt fallback further to the upstream default
++    qemu:///session while Ubuntu forever had and for now wants to keep
++    qemu:///system (LP: #1861693)
++    - revert 'd/libvirt-clients.maintscript: rm_conffile libvirt-uri.sh that
++      was optional for use on xen hosts'
++    - libvirt-uri.sh: Automatically switch default libvirt URI for users on
++      Xen dom0 via user profile
++      [added back former delta]
++
++  [ Andrea Bolognani ]
++  * Merge further fixes from debian/experimental
++    - Install virt-login-shell-helper
++    - Install augeas lenses for all drivers
++    - Remove all mentions of Devhelp
++    - not-installed: Remove obsolete entries
++    - not-installed: List all split daemons files
++
++ -- Christian Ehrhardt <christian.ehrhardt@canonical.com>  Tue, 04 Feb 2020 13:08:49 +0100
++
++libvirt (6.0.0-0ubuntu1) focal; urgency=medium
++
++  * Merged with Debian 5.6.0-4 from experimental and v6.0.0 from upstream
++    Among many other new features and fixes this includes fixes for:
++    - LP: #1859253 - rbd driver fails to create a new volume
++    - LP: #1858341 - rbd driver does not list all volumes in pool
++    - LP: #1845506 - Libvirt snapshot doesn't update apparmor profile
++    - LP: #1854653 - slow libvirt-guests.sh during shutdown if service is off
++    - LP: #1848229 - enable ppc64el to use ccf-assist feature
++    - LP: #1853315 - Enable CPU Model Comparison and Baselining on s390x
++    - LP: #1853317 - CCW IPL support to boot from ECKD DASDs
++    - LP: #1859506 - security: AppArmor profile fixes for swtpm
++    Remaining changes:
++    - Disable libssh2 support (universe dependency)
++    - Disable firewalld support (universe dependency)
++    - Set qemu-group to kvm (for compat with older ubuntu)
++    - Additional apport package-hook
++    - Autostart default bridged network (As upstream does, but not Debian).
++      In addition to just enabling it our solution provides:
++      + do not autostart if subnet is already taken (e.g. in guests).
++      + iterate some alternative subnets before giving up
++    - d/p/ubuntu/Allow-libvirt-group-to-access-the-socket.patch: This is
++      the group based access to libvirt functions as it was used in Ubuntu
++      for quite long.
++      + d/p/ubuntu/daemon-augeas-fix-expected.patch fix some related tests
++        due to the group access change.
++      + d/libvirt-daemon-system.postinst: add users in sudo to the libvirt
++        group.
++    - ubuntu/parallel-shutdown.patch: set parallel shutdown by default.
++    - Update Vcs-Git and Vcs-Browser fields to point to launchpad
++    - Update README.Debian with Ubuntu changes
++    - Enable some additional features on ppc64el and s390x (for arch parity)
++      + systemtap, zfs, numa and numad on s390x.
++      + systemtap on ppc64el.
++    - d/p/ubuntu/ubuntu_machine_type.patch: accept ubuntu types as pci440fx
++    - Further upstreamed apparmor Delta, especially any new one
++      Our former delta is split into logical pieces and is either Ubuntu only
++      or is part of a continuous upstreaming effort.
++      Listing related remaining changes in debian/patches/ubuntu-aa/:
++    - fix autopkgtests
++      + d/t/control, d/t/smoke-qemu-session: fixup smoke-qemu-session by making
++        vmlinuz available and accessible (Debian bug 848314)
++      + d/t/control: fix smoke-qemu-session by ensuring the service will run
++        installing libvirt-daemon-system
++      + d/t/smoke-lxc: fix smoke-lxc by ignoring potential issues on destroy as
++        long as the following undefine succeeds
++      + d/t/smoke-lxc: use systemd instead of sysV to restart the service
++    - dnsmasq related enhancements
++      + run dnsmasq as libvirt-dnsmasq (LP: 1743718)
++      + d/libvirt-daemon-system.postinst: add libvirt-dnsmasq user and group
++      + d/libvirt-daemon-system.postrm: remove libvirt-dnsmasq user and group
++        on purge
++      + d/p/ubuntu/dnsmasq-as-priv-user: write dnsmasq config with user
++        libvirt-dnsmasq and adapt the self tests to expect that config
++      + d/libvirt-daemon-system.postinst: fix old libvirt-dnsmasq users group
++      + Add dnsmasq configuration to work with system wide dnsmasq-base
++    - debian/rules: disable the netcf backend. (LP: 1764314)
++    - debian/patches/ubuntu/ovmf_paths.patch: adjust paths to secboot.fd UEFI
++      Secure Boot enabled variants of the OVMF firmware and variable store for
++      the paths where we ship these files in Ubuntu.
++    - d/rules: install virtlockd correctly with defaults file (LP: 1729516)
++    - d/rules: also check build time self test results on all architectures
++    - d/p/ubuntu/set-default-machine-to-ubuntu.patch: to select default
++      machine type correctly with newer qemu/libvirt
++    - d/rules: add --no-restart-after-upgrade to services that are supposed to
++      stay up through upgrades - this also applies to related sockets.
++    - Apparmor Delta that is Ubuntu specific or yet to be upstreamed
++      split into logical pieces. File names in debian/patches/ubuntu-aa/:
++      + 0003-apparmor-libvirt-qemu-Allow-read-access-to-overcommi.patch:
++        apparmor, libvirt-qemu: Allow read access to overcommit_memory
++      + 0007-apparmor-libvirt-qemu-Allow-owner-read-access-to-PRO.patch:
++        apparmor, libvirt-qemu: Allow owner read access to @{PROC}/*/auxv
++      + 0017-apparmor-virt-aa-helper-Allow-access-to-tmp-director.patch:
++        apparmor, virt-aa-helper: Allow access to tmp directories
++      + 0020-virt-aa-helper-ubuntu-storage-paths.patch:
++        apparmor, virt-aa-helper: Allow various storage pools and image
++        locations
++      + 0021-apparmor-virt-aa-helper-Add-openvswitch-support.patch:
++        apparmor, virt-aa-helper: Add openvswitch support
++      + 0029-appmor-libvirt-qemu-Add-9p-support.patch: appmor,
++        libvirt-qemu: Add 9p support
++      + 0030-virt-aa-helper-Complete-9p-support.patch: virt-aa-helper:
++        add l to 9p file options.
++      + 0031-virt-aa-helper-Ask-for-no-deny-rule-for-readonly-dis.patch:
++        virt-aa-helper: Ask for no deny rule for readonly disk (renamed and
++        reworded, was virt-aa-helper-no-explicity-deny-for-basefiles.patch)
++      + 0032-apparmor-libvirt-qemu-Allow-reading-charm-specific-c.patch:
++        apparmor, libvirt-qemu: Allow reading charm-specific ceph config
++      + 0033-UBUNTU-only-apparmor-for-kvm.powerpc-LP-1680384.patch: allow
++        commands executed by ubuntu only kvm wrapper on ppc64el
++        (LP 1686621 LP 1680384 LP 1784023)
++      + 0034-apparmor-virt-aa-helper-access-for-snapped-nova.patch:
++        apparmor, virt-aa-helper: access for snapped nova
++      + 0050-local-include-for-libvirt-qemu.patch,
++        d/libvirt-daemon-system.postinst: provide a local apparmor include
++        for abstraction/libvirt-qemu (LP: 1786019)
++      + lp-1815910-allow-vhost-net.patch: avoid apparmor issues
++        with vhost-net/vhost-vsock/vhost-scsi hotplug (LP: 1815910)
++  * Dropped changes (in Debian)
++    - d/libvirt0.symbols: bump symbol versions for 5.4.0
++    - avoid service dependency issues on upgrade (LP: 1786179)
++      This will in the long term be resolved in dh_* tools, but to let an
++      upgrade work for now we need to drop the sysV scripts (which we don't
++      use anyway) and slightly modify the systemd service to work with todays
++      dh_systemd_start properly. Can be dropped once Debian bug 905772 is
++      resolved in dh_* tools and libvirt uses those new code.
++      + d/libvirt-daemon-system.virtlogd.init: removed sysV init file
++      + d/libvirt-daemon-system.libvirtd.init: removed sysV init file
++      + debian/libvirt-daemon-system.maintscript: rm_conffile for virtlogd
++        and lbivirtd sysV init file
++      + d/p/ubuntu/avoid-restarting-virtlog-socket.patch: drop Also references
++        to virtlogd/virtlockd sockets as they would imply a restart of
++        virtlogd breaking it.
++      [ we now have split packages for sysv and systemd support ]
++    - d/t/control, d/t/smoke-lxc: fix up lxc smoke test isolation
++    - Refreshed to match new upstream
++      + d/p/Reduce-udevadm-settle-timeout-to-10-seconds.patch
++  * Dropped changes (now upstream)
++    - d/p/ubuntu/lp-1828495-*: make libvirt able to handle arch_capabilities
++      cpu features for the Host. (LP: 1828495 - not closing yet as guest caps
++      are still need fixups to work well LP: 1841066)
++    - SECURITY UPDATEs: CVE-2019-10161, CVE-2019-10166,
++      CVE-2019-10167 and CVE-2019-10168
++    - d/p/ubuntu-aa/lp-1833040-Add-openGraphicsFD-rule-for-named-profile.patch:
++      avoid issues with remote screen connections like virt-manager due to
++      apparmor changes in libvirt 5.1 (LP 1833040)
++    - 0001-apparmor-Allow-pygrub-to-run-on-Debian-Ubuntu.patch: apparmor:
++      Allow pygrub to run on Debian/Ubuntu
++    - update to v5.4.0
++  * Dropped changes (Xen demoted to universe)
++    - d/p/ubuntu/ubuntu-libxl-qemu-path.patch: this change was split. The
++      section that adapts the path of the emulator to the Debian/Ubuntu
++      packaging is kept.
++    - d/p/ubuntu/ubuntu-libxl-Fix-up-VRAM-to-minimum-requirements.patch: auto
++      set VRAM to minimum requirements
++    - d/p/ubuntu/xen-default-uri.patch: set default URI on xen hosts
++    - Add libxl log directory
++    - libvirt-uri.sh: Automatically switch default libvirt URI for users on
++      Xen dom0 via user profile (was missing on changelogs before)
++  * Dropped changes (no more needed)
++    - d/p/ubuntu/apibuild-skip-libvirt-common.h: drop libvirt-common.h from
++      included_files to avoid build failures due to duplicate definitions.
++      [ finally works in v6.0.0 ]
++    - d/control: Revert iptables/ebtables dependency as Eoan still is on 1.6.x
++      [ focal has iptables 1.8.3 ]
++    - d/rules: adapt iptables binary paths present in Eoan (LP 1832297)
++      [ focal has iptables 1.8.3 ]
++  * Added Changes:
++    - refreshed patches for libvirt v6.0.0
++    - d/control: bump build dep to python3
++    - d/control: VCS links to use generic Ubuntu launchpad git URLs
++    - d/control: add python3-docutils as build dependency
++    - d/control: add libzfslinux-dev to build-deps
++    - d/rules: set enable-dependency-tracking to avoid FTBFS
++    - d/rules: drop the no more existing phyp option
++    - d/rules: drop the no more existing xen configure option
++    - d/libvirt-clients.maintscript: rm_conffile libvirt-uri.sh that was
++      optional for use on xen hosts
++    - d/control: drop libvirt-lxc, vbox and xen drivers to suggest
++    - minimize patches generated by autoreconf
++    - fix build on Debian/Ubuntu in qemuhotplugtest
++    - d/libvirt-doc.doc: install rendered docs
++    - d/libvirt-daemon-system.examples: drop old examples that are now active
++    - d/libvirt-doc.doc-base.libvirt-doc: adapt doc base to new file placement
++    - d/libvirt-daemon-system-sysv.lintian-overrides: not shipiing systemd files
++    - d/libnss-libvirt.lintian-overrides: accept having two nss so files
++    - d/rules: don't ship split daemons just yet
++    - d/rules: install /etc/default/* files that are shared between sysv and
++      systemd packages
++    - d/rules: add libvirt-guests.default to libvirt-daemon-system instead of
++      libvirt-daemon-system-sysv
++    - d/p/ubuntu/lp-1655111*: fix qemu_bridge_helper to work with  named
++      profiles (LP: #1655111)
++
++ -- Christian Ehrhardt <christian.ehrhardt@canonical.com>  Mon, 13 Jan 2020 13:14:14 +0100
++
  libvirt (5.6.0-4) experimental; urgency=medium
    * [d88536d] Introduce libvirt-daemon-system-{systemd,sysv} Move init scripts
@@ -938,6 +2648,237 @@ libvirt (5.6.0-1) unstable; urgency=medium
   -- Andrea Bolognani <eof@kiyuko.org>  Sun, 25 Aug 2019 16:32:31 +0200
++libvirt (5.4.0-0ubuntu5) eoan; urgency=medium
++
++  * No-change upload with strops.h and sys/strops.h removed in glibc.
++
++ -- Matthias Klose <doko@ubuntu.com>  Thu, 05 Sep 2019 11:00:53 +0000
++
++libvirt (5.4.0-0ubuntu4) eoan; urgency=medium
++
++  * d/p/ubuntu/lp-1828495-*: make libvirt able to handle arch_capabilities
++    cpu features for the Host. (LP: 1828495 - not closing yet as guest caps
++    are still need fixups to work well LP: 1841066)
++
++ -- Christian Ehrhardt <christian.ehrhardt@canonical.com>  Tue, 20 Aug 2019 10:50:08 +0200
++
++libvirt (5.4.0-0ubuntu3) eoan; urgency=medium
++
++  * SECURITY UPDATE: virDomainSaveImageGetXMLDesc does not check for
++    read-only connection
++    - debian/patches/CVE-2019-10161.patch: add check to
++      src/libvirt-domain.c, src/qemu/qemu_driver.c,
++      src/remote/remote_protocol.x.
++    - CVE-2019-10161
++  * SECURITY UPDATE: virDomainManagedSaveDefineXML does not check for
++    read-only connection
++    - debian/patches/CVE-2019-10166.patch: add check to
++      src/libvirt-domain.c.
++    - CVE-2019-10166
++  * SECURITY UPDATE: virConnectGetDomainCapabilities does not check for
++    read-only connection
++    - debian/patches/CVE-2019-10167.patch: add check to
++      src/libvirt-domain.c.
++    - CVE-2019-10167
++  * SECURITY UPDATE: virConnect*HypervisorCPU do not check for read-only
++    connection
++    - debian/patches/CVE-2019-10168.patch: add checks to
++      src/libvirt-host.c.
++    - CVE-2019-10168
++
++ -- Marc Deslauriers <marc.deslauriers@ubuntu.com>  Tue, 02 Jul 2019 08:08:33 -0400
++
++libvirt (5.4.0-0ubuntu2) eoan; urgency=medium
++
++  * d/p/ubuntu-aa/lp-1833040-Add-openGraphicsFD-rule-for-named-profile.patch:
++    avoid issues with remote screen connections like virt-manager due to
++    apparmor changes in libvirt 5.1 (LP: #1833040)
++
++ -- Christian Ehrhardt <christian.ehrhardt@canonical.com>  Wed, 19 Jun 2019 14:34:54 +0200
++
++libvirt (5.4.0-0ubuntu1) eoan; urgency=medium
++
++  * Merged with Debian git 5.3.0-1~1.gbp7b1637 and upstreams 5.4 release
++    Among many other new features and fixes this includes fixes for:
++    LP: #1759509 - virsh dompmwakeup fails to wake VM from dompmsuspend state
++    Remaining changes:
++    - Disable libssh2 support (universe dependency)
++    - Disable firewalld support (universe dependency)
++    - Set qemu-group to kvm (for compat with older ubuntu)
++    - Additional apport package-hook
++    - Autostart default bridged network (As upstream does, but not Debian).
++      In addition to just enabling it our solution provides:
++      + do not autostart if subnet is already taken (e.g. in guests).
++      + iterate some alternative subnets before giving up
++    - d/p/ubuntu/Allow-libvirt-group-to-access-the-socket.patch: This is
++      the group based access to libvirt functions as it was used in Ubuntu
++      for quite long.
++      + d/p/ubuntu/daemon-augeas-fix-expected.patch fix some related tests
++        due to the group access change.
++      + d/libvirt-daemon-system.postinst: add users in sudo to the libvirt
++        group.
++    - ubuntu/parallel-shutdown.patch: set parallel shutdown by default.
++    - Update Vcs-Git and Vcs-Browser fields to point to launchpad
++    - Xen related
++      - d/p/ubuntu/ubuntu-libxl-qemu-path.patch: this change was split. The
++        section that adapts the path of the emulator to the Debian/Ubuntu
++        packaging is kept.
++      - d/p/ubuntu/ubuntu-libxl-Fix-up-VRAM-to-minimum-requirements.patch: auto
++        set VRAM to minimum requirements
++      - d/p/ubuntu/xen-default-uri.patch: set default URI on xen hosts
++      - Add libxl log directory
++      - libvirt-uri.sh: Automatically switch default libvirt URI for users on
++        Xen dom0 via user profile (was missing on changelogs before)
++    - d/p/ubuntu/apibuild-skip-libvirt-common.h: drop libvirt-common.h from
++      included_files to avoid build failures due to duplicate definitions.
++    - Update README.Debian with Ubuntu changes
++    - Enable some additional features on ppc64el and s390x (for arch parity)
++      + systemtap, zfs, numa and numad on s390x.
++      + systemtap on ppc64el.
++    - d/t/control, d/t/smoke-qemu-session: fixup smoke-qemu-session by making
++      vmlinuz available and accessible (Debian bug 848314)
++    - d/t/control, d/t/smoke-lxc: fix up lxc smoke test isolation
++    - d/p/ubuntu/ubuntu_machine_type.patch: accept ubuntu types as pci440fx
++    - Further upstreamed apparmor Delta, especially any new one
++      Our former delta is split into logical pieces and is either Ubuntu only
++      or is part of a continuous upstreaming effort.
++      Listing related remaining changes in debian/patches/ubuntu-aa/:
++      + 0001-apparmor-Allow-pygrub-to-run-on-Debian-Ubuntu.patch: apparmor:
++        Allow pygrub to run on Debian/Ubuntu
++      + 0003-apparmor-libvirt-qemu-Allow-read-access-to-overcommi.patch:
++        apparmor, libvirt-qemu: Allow read access to overcommit_memory
++      + 0007-apparmor-libvirt-qemu-Allow-owner-read-access-to-PRO.patch:
++        apparmor, libvirt-qemu: Allow owner read access to @{PROC}/*/auxv
++      + 0017-apparmor-virt-aa-helper-Allow-access-to-tmp-director.patch:
++        apparmor, virt-aa-helper: Allow access to tmp directories
++      + ubuntu-aa/0020-virt-aa-helper-ubuntu-storage-paths.patch:
++        apparmor, virt-aa-helper: Allow various storage pools and image
++        locations
++      + 0021-apparmor-virt-aa-helper-Add-openvswitch-support.patch:
++        apparmor, virt-aa-helper: Add openvswitch support
++      + 0029-appmor-libvirt-qemu-Add-9p-support.patch: appmor,
++        libvirt-qemu: Add 9p support
++      + 0030-virt-aa-helper-Complete-9p-support.patch: virt-aa-helper:
++        add l to 9p file options.
++      + 0031-virt-aa-helper-Ask-for-no-deny-rule-for-readonly-dis.patch:
++        virt-aa-helper: Ask for no deny rule for readonly disk (renamed and
++        reworded, was virt-aa-helper-no-explicity-deny-for-basefiles.patch)
++      + 0032-apparmor-libvirt-qemu-Allow-reading-charm-specific-c.patch:
++        apparmor, libvirt-qemu: Allow reading charm-specific ceph config
++      + 0033-UBUNTU-only-apparmor-for-kvm.powerpc-LP-1680384.patch: allow
++        commands executed by ubuntu only kvm wrapper on ppc64el
++        (LP 1686621 LP 1680384 LP 1784023)
++      + 0034-apparmor-virt-aa-helper-access-for-snapped-nova.patch:
++        apparmor, virt-aa-helper: access for snapped nova
++      + d/p/ubuntu-aa/0050-local-include-for-libvirt-qemu.patch,
++        d/libvirt-daemon-system.postinst: provide a local apparmor include
++        for abstraction/libvirt-qemu (LP: 1786019)
++      + d/p/ubuntu-aa/lp-1815910-allow-vhost-net.patch: avoid apparmor issues
++        with vhost-net/vhost-vsock/vhost-scsi hotplug (LP: 1815910)
++    - d/rules: enable build time self tests on all architectures
++    - dnsmasq related enhancements
++      + run dnsmasq as libvirt-dnsmasq (LP: 1743718)
++      + d/libvirt-daemon-system.postinst: add libvirt-dnsmasq user and group
++      + d/libvirt-daemon-system.postrm: remove libvirt-dnsmasq user and group
++        on purge
++      + d/p/ubuntu/dnsmasq-as-priv-user: write dnsmasq config with user
++        libvirt-dnsmasq and adapt the self tests to expect that config
++      + d/libvirt-daemon-system.postinst: fix old libvirt-dnsmasq users group
++      + Add dnsmasq configuration to work with system wide dnsmasq-base
++    - debian/rules: disable the netcf backend. (LP: 1764314)
++    - debian/control: drop libnetcf from Build-Depends.
++    - debian/patches/ubuntu/ovmf_paths.patch: adjust paths to secboot.fd UEFI
++      Secure Boot enabled variants of the OVMF firmware and variable store for
++      the paths where we ship these files in Ubuntu.
++    - d/rules: install virtlockd correctly with defaults file (LP: 1729516)
++    - d/rules: also check build time self test results on all architectures
++    - d/p/ubuntu/set-default-machine-to-ubuntu.patch: to select default
++      machine type correctly with newer qemu/libvirt
++    - d/t/control: fix smoke-qemu-session by ensuring the service will run
++      installing libvirt-daemon-system
++    - d/t/smoke-lxc: fix smoke-lxc by ignoring potential issues on destroy as
++      long as the following undefine succeeds
++    - avoid service dependency issues on upgrade (LP: 1786179)
++      This will in the long term be resolved in dh_* tools, but to let an
++      upgrade work for now we need to drop the sysV scripts (which we don't
++      use anyway) and slightly modify the systemd service to work with todays
++      dh_systemd_start properly. Can be dropped once Debian bug 905772 is
++      resolved in dh_* tools and libvirt uses those new code.
++      - d/libvirt-daemon-system.virtlogd.init: removed sysV init file
++      - d/libvirt-daemon-system.libvirtd.init: removed sysV init file
++      - debian/libvirt-daemon-system.maintscript: rm_conffile for virtlogd
++        and lbivirtd sysV init file
++      - d/p/ubuntu/avoid-restarting-virtlog-socket.patch: drop Also references
++        to virtlogd/virtlockd sockets as they would imply a restart of
++        virtlogd breaking it.
++      - d/t/smoke-lxc: use systemd instead of sysV to restart the service
++  * Added Changes:
++    - Refreshed patches to match new upstream
++      - d/p/Reduce-udevadm-settle-timeout-to-10-seconds.patch
++      - d/p/ubuntu/ubuntu_machine_type.patch
++    - d/control: Revert iptables/ebtables dependency as Eoan still is on 1.6.x
++      This can be dropped once >=1.8.1
++    - d/rules: adapt iptables binary paths present in Eoan (LP: #1832297)
++      This can be dropped once >=1.8.1
++    - d/p/ubuntu/dnsmasq-as-priv-user: update to include the new test
++      nat-network-mtu
++    - revert [c3c4cd4] drop in helper for firewalld as it is disabled on
++      Ubuntu [can be squashed with the disabling of firewalld on next merge]
++    - d/libvirt0.symbols: bump symbol versions for 5.4.0
++    - d/rules: add --no-restart-after-upgrade to services that are supposed to
++      stay up through upgrades - this also applies to related sockets.
++  * Dropped Changes (upstream)
++    - d/p/ubuntu-aa/lp-1804766-*: Allow rendering node access as needed
++      for the ease use of mdev and gl devices (LP: 1804766)
++    - d/p/ubuntu/lp-1771662-*: fix handling of VFs without associated PF
++      (LP: 1771662)
++    - d/p/ubuntu/lp-1825195-*.patch: fix issues with old guests that defined
++      the never functional osxsave and ospke features (LP: 1825195).
++    - d/p/ubuntu-aa/lp-1829223-virt-aa-helper-allow-vhost-scsi.patch fix
++      vhost-scsi hotplug in virt-aa-helper (LP: 1829223)
++    - SECURITY UPDATE: Add support for md-clear functionality
++      + debian/patches/ubuntu/md-clear.patch: Define md-clear CPUID bit in
++        src/cpu_map/x86_features.xml.
++      + CVE-2018-12126, CVE-2018-12127, CVE-2018-12130, CVE-2019-11091
++    - Implement further apparmor rules for usage of gl enabled
++      graphics (LP: 1815452)
++      + d/p/ubuntu-aa/lp-1815452-more-gl-rules.patch
++      + d/p/ubuntu-aa/lp-1815452-virt-aa-helper-rule.patch
++    - Implement further apparmor rules for usage of gl enabled
++      graphics with nvidia cards (LP: 1817943)
++      + d/p/ubuntu-aa/lp-1817943-nvidia-gl-rules.patch
++      + d/p/ubuntu-aa/lp-1817943-devices-in-sysfs.patch
++  * Dropped Changes (in Debian)
++    - d/rules: strip -Bsymbolic-functions from linker flags as it breaks
++      libvirt tests
++
++ -- Christian Ehrhardt <christian.ehrhardt@canonical.com>  Fri, 07 Jun 2019 11:55:52 +0200
++
++libvirt (5.3.0-1~1.gbp7b1637) UNRELEASED; urgency=medium
++
++  ** SNAPSHOT build @7b1637605da9224c46ebf3a243fa725d643e7556 **
++
++  [ Guido Günther ]
++  * [fb43676] d/control: Drop dh-autoreconf build-dep.
++    Not needed for dh compat > 10.
++  * [81d21d5] d/not-installed: Use multi-arch dirs.
++    Files moved during the dh12 switch.
++  * [428ad14] New upstream version 5.3.0~rc2
++  * [641e532] New upstream version 5.3.0
++
++  [ Christian Ehrhardt ]
++  * [c28c3b3] d/libvirt0.install: install translations
++  * [c3c4cd4] d/libvirt-daemon-system.install: drop in helper for firewalld
++  * [3e8b43c] d/not-installed: ignore default files /etc/sysconfig
++  * [c223d7f] d/libvirt-daemon-system.examples: ship sysctl config as example
++  * [f19acf6] d/libvirt-daemon-system.install: ship libxl-sanlock.conf
++    (Closes: #919484)
++
++  [ Andrea Bolognani ]
++  * [6a2eae3] Simplify and improve watch file.
++
++ -- Guido Günther <agx@sigxcpu.org>  Mon, 06 May 2019 13:06:27 +0200
++
  libvirt (5.2.0-2) experimental; urgency=medium
    [ Guido Günther ]
@@ -1105,6 +3046,199 @@ libvirt (5.0.0-2) unstable; urgency=medium
   -- Guido Günther <agx@sigxcpu.org>  Sun, 07 Apr 2019 12:36:21 +0200
++libvirt (5.0.0-1ubuntu4) eoan; urgency=medium
++
++  * d/p/ubuntu/lp-1825195-*.patch: fix issues with old guests that defined
++    the never functional osxsave and ospke features (LP: #1825195).
++  * d/p/series: reorder ubuntu Delta
++  * d/p/ubuntu-aa/lp-1815910-allow-vhost-net.patch: avoid apparmor issues
++    with vhost-net/vhost-vsock/vhost-scsi hotplug (LP: #1815910)
++  * d/p/ubuntu-aa/lp-1829223-virt-aa-helper-allow-vhost-scsi.patch fix
++    vhost-scsi hotplug in virt-aa-helper (LP: #1829223)
++
++ -- Christian Ehrhardt <christian.ehrhardt@canonical.com>  Thu, 16 May 2019 10:42:09 +0200
++
++libvirt (5.0.0-1ubuntu3) eoan; urgency=medium
++
++  * SECURITY UPDATE: Add support for md-clear functionality
++    - debian/patches/ubuntu/md-clear.patch: Define md-clear CPUID bit in
++      src/cpu_map/x86_features.xml.
++    - CVE-2018-12126, CVE-2018-12127, CVE-2018-12130, CVE-2019-11091
++
++ -- Marc Deslauriers <marc.deslauriers@ubuntu.com>  Tue, 14 May 2019 14:48:05 -0400
++
++libvirt (5.0.0-1ubuntu2) disco; urgency=medium
++
++  * Implement further apparmor rules for usage of gl enabled
++    graphics (LP: #1815452)
++    - d/p/ubuntu-aa/lp-1815452-more-gl-rules.patch
++    - d/p/ubuntu-aa/lp-1815452-virt-aa-helper-rule.patch
++  * Implement further apparmor rules for usage of gl enabled
++    graphics with nvidia cards (LP: #1817943)
++    - d/p/ubuntu-aa/lp-1817943-nvidia-gl-rules.patch
++    - d/p/ubuntu-aa/lp-1817943-devices-in-sysfs.patch
++  * d/p/ubuntu-aa/lp-1804766-*: updated to the upstream accepted
++    version (no functional change, LP: 1804766)
++
++ -- Christian Ehrhardt <christian.ehrhardt@canonical.com>  Tue, 12 Feb 2019 11:27:14 +0100
++
++libvirt (5.0.0-1ubuntu1) disco; urgency=medium
++
++  * Merged with Debian unstable
++    Among many other new features and fixes this includes fixes for:
++    LP: #1754871 - 1799446 zPCI passthrough support for KVM
++    LP: #1811198 - remove arbitrary limit on socket_id/core_id
++    Remaining changes:
++    - Disable libssh2 support (universe dependency)
++    - Disable firewalld support (universe dependency)
++    - Set qemu-group to kvm (for compat with older ubuntu)
++    - Additional apport package-hook
++    - Autostart default bridged network (As upstream does, but not Debian).
++      In addition to just enabling it our solution provides:
++      + do not autostart if subnet is already taken (e.g. in guests).
++      + iterate some alternative subnets before giving up
++    - d/p/ubuntu/Allow-libvirt-group-to-access-the-socket.patch: This is
++      the group based access to libvirt functions as it was used in Ubuntu
++      for quite long.
++      + d/p/ubuntu/daemon-augeas-fix-expected.patch fix some related tests
++        due to the group access change.
++      + d/libvirt-daemon-system.postinst: add users in sudo to the libvirt
++        group.
++    - ubuntu/parallel-shutdown.patch: set parallel shutdown by default.
++    - Update Vcs-Git and Vcs-Browser fields to point to launchpad
++    - Xen related
++      - d/p/ubuntu/ubuntu-libxl-qemu-path.patch: this change was split. The
++        section that adapts the path of the emulator to the Debian/Ubuntu
++        packaging is kept.
++      - d/p/ubuntu/ubuntu-libxl-Fix-up-VRAM-to-minimum-requirements.patch: auto
++        set VRAM to minimum requirements
++      - d/p/ubuntu/xen-default-uri.patch: set default URI on xen hosts
++      - Add libxl log directory
++      - libvirt-uri.sh: Automatically switch default libvirt URI for users on
++        Xen dom0 via user profile (was missing on changelogs before)
++    - d/p/ubuntu/apibuild-skip-libvirt-common.h: drop libvirt-common.h from
++      included_files to avoid build failures due to duplicate definitions.
++    - Update README.Debian with Ubuntu changes
++    - Enable some additional features on ppc64el and s390x (for arch parity)
++      + systemtap, zfs, numa and numad on s390x.
++      + systemtap on ppc64el.
++    - d/t/control, d/t/smoke-qemu-session: fixup smoke-qemu-session by making
++      vmlinuz available and accessible (Debian bug 848314)
++    - d/t/control, d/t/smoke-lxc: fix up lxc smoke test isolation
++    - d/p/ubuntu/ubuntu_machine_type.patch: accept ubuntu types as pci440fx
++    - Further upstreamed apparmor Delta, especially any new one
++      Our former delta is split into logical pieces and is either Ubuntu only
++      or is part of a continuous upstreaming effort.
++      Listing related remaining changes in debian/patches/ubuntu-aa/:
++      + 0001-apparmor-Allow-pygrub-to-run-on-Debian-Ubuntu.patch: apparmor:
++        Allow pygrub to run on Debian/Ubuntu
++      + 0003-apparmor-libvirt-qemu-Allow-read-access-to-overcommi.patch:
++        apparmor, libvirt-qemu: Allow read access to overcommit_memory
++      + 0007-apparmor-libvirt-qemu-Allow-owner-read-access-to-PRO.patch:
++        apparmor, libvirt-qemu: Allow owner read access to @{PROC}/*/auxv
++      + 0017-apparmor-virt-aa-helper-Allow-access-to-tmp-director.patch:
++        apparmor, virt-aa-helper: Allow access to tmp directories
++      + ubuntu-aa/0020-virt-aa-helper-ubuntu-storage-paths.patch:
++        apparmor, virt-aa-helper: Allow various storage pools and image
++        locations
++      + 0021-apparmor-virt-aa-helper-Add-openvswitch-support.patch:
++        apparmor, virt-aa-helper: Add openvswitch support
++      + 0029-appmor-libvirt-qemu-Add-9p-support.patch: appmor,
++        libvirt-qemu: Add 9p support
++      + 0030-virt-aa-helper-Complete-9p-support.patch: virt-aa-helper:
++        add l to 9p file options.
++      + 0031-virt-aa-helper-Ask-for-no-deny-rule-for-readonly-dis.patch:
++        virt-aa-helper: Ask for no deny rule for readonly disk (renamed and
++        reworded, was virt-aa-helper-no-explicity-deny-for-basefiles.patch)
++      + 0032-apparmor-libvirt-qemu-Allow-reading-charm-specific-c.patch:
++        apparmor, libvirt-qemu: Allow reading charm-specific ceph config
++      + 0033-UBUNTU-only-apparmor-for-kvm.powerpc-LP-1680384.patch: allow
++        commands executed by ubuntu only kvm wrapper on ppc64el
++        (LP 1686621 LP 1680384 LP 1784023)
++      + 0034-apparmor-virt-aa-helper-access-for-snapped-nova.patch:
++        apparmor, virt-aa-helper: access for snapped nova
++      + d/p/ubuntu-aa/0050-local-include-for-libvirt-qemu.patch,
++        d/libvirt-daemon-system.postinst: provide a local apparmor include
++        for abstraction/libvirt-qemu (LP: 1786019)
++    - d/rules: enable build time self tests on all architectures
++    - dnsmasq related enhancements
++      + run dnsmasq as libvirt-dnsmasq (LP: 1743718)
++      + d/libvirt-daemon-system.postinst: add libvirt-dnsmasq user and group
++      + d/libvirt-daemon-system.postrm: remove libvirt-dnsmasq user and group on
++        purge
++      + d/p/ubuntu/dnsmasq-as-priv-user: write dnsmasq config with user
++        libvirt-dnsmasq and adapt the self tests to expect that config
++      + d/libvirt-daemon-system.postinst: fix old libvirt-dnsmasq users group
++      + Add dnsmasq configuration to work with system wide dnsmasq-base
++    - debian/rules: disable the netcf backend. (LP: 1764314)
++    - debian/control: drop libnetcf from Build-Depends.
++    - debian/patches/ubuntu/ovmf_paths.patch: adjust paths to secboot.fd UEFI
++      Secure Boot enabled variants of the OVMF firmware and variable store for
++      the paths where we ship these files in Ubuntu.
++    - d/rules: install virtlockd correctly with defaults file (LP: 1729516)
++    - avoid service dependency issues on upgrade (LP: 1786179)
++      This will in the long term be resolved in dh_* tools, but to let an
++      upgrade work for now we need to drop the sysV scripts (which we don't
++      use anyway) and slightly modify the systemd service to work with todays
++      dh_systemd_start properly. Can be dropped once Debian bug 905772 is
++      resolved in dh_* tools and libvirt uses those new code.
++      - d/libvirt-daemon-system.virtlogd.init: removed sysV init file
++      - d/libvirt-daemon-system.libvirtd.init: removed sysV init file
++      - debian/libvirt-daemon-system.maintscript: rm_conffile for virtlogd
++        and lbivirtd sysV init file
++      - d/p/ubuntu/avoid-restarting-virtlog-socket.patch: drop Also references
++        to virtlogd/virtlockd sockets as they would imply a restart of
++        virtlogd breaking it.
++      - d/t/smoke-lxc: use systemd instead of sysV to restart the service
++  * Added Changes:
++    - Refresh d/p/ubuntu/ubuntu-libxl-qemu-path.patch for new context
++    - d/rules: also check build time self test results on all architectures
++    - d/rules: strip -Bsymbolic-functions from linker flags as it breaks
++      libvirt tests
++    - d/p/ubuntu/set-default-machine-to-ubuntu.patch: to select default
++      machine type correctly with newer qemu/libvirt
++    - d/p/ubuntu-aa/lp-1804766-*: Allow rendering node access as needed
++      for the ease use of mdev and gl devices (LP: #1804766)
++    - refreshed d/p/ubuntu-aa for updated paths in libvirt 5.0
++    - d/t/control: fix smoke-qemu-session by ensuring the service will run
++      installing libvirt-daemon-system
++    - d/t/smoke-lxc: fix smoke-lxc by ignoring potential issues on destroy as
++      long as the following undefine succeeds
++    - d/p/ubuntu/lp-1771662-*: fix handling of VFs without associated PF
++      (LP: #1771662)
++  * Dropped Changes (upstream)
++    - debian/patches/ubuntu/lp1787405-*: Support guest dedicated Crypto
++      Adapters on s390x (LP: 1787405)
++    - d/p/ubuntu/lp-1802727-netdevbridge-fall-back-to-ioctl-from-sysfs.patch:
++      fix libvirt bridge handling in unprivileged containers (LP: 1802906)
++    - d/p/ubuntu-aa/lp-1788603-fix-ptrace-rules-with-kernel-4.18.patch:
++      avoid issues with newer kernels >=4.18 (LP: 1788603)
++    - Fix an issue where guests with plenty of hostdevs attached where detected
++      as not shut down due to the kernel needing more time to free up
++      resources (LP: 1788226)
++      - d/p/ubuntu/lp-1788226-wait-longer-5-30s-on-hard-shutdown.patch
++      - d/p/ubuntu/lp-1788226-wait-longer-on-kill-per-assigned-Hostdev.patch
++    - 0025-apparmor-fix-newer-virt-manager-1.4.0.patch: Add Apparmor
++      permissions so virt-manager 1.4.0 viewing works (LP 1668681 1747442).
++    - 0040-apparmor-add-mediation-rules-for-unconfined.patch:
++      apparmor: add mediation rules for unconfined guests
++    - d/p/ubuntu-aa/0051-allow-user-tmp.patch: some features need tmp, but we
++      don't want blanket access. We only allow enumerating the base dir and
++      reading owned files. Further features needing /tmp have to add local
++      overrides, examples are qemu-smb and some modes of local snapshots.
++      (LP: 1365261) Can be dropped >=libvirt 4.7
++    - d/p/ubuntu-aa/0052-allow-to-preserve-dev-mountpoints.patch: Allow to
++      preserve /dev mountpoints in qemu namespaces (LP: 1786168)
++      Can be dropped >=libvirt 4.7
++    - d/p/ubuntu/enable-kvm-spice.patch: compat with older Ubuntu qemu/kvm
++      which provided a separate kvm-spice. Upstream completely dropped
++      alternative types and kvm-spice is a symlink for quite some time.
++      Builtin expected binaries work, so drop this delta.
++  * Dropped Changes (in Debian)
++    - Convert libvirt0, libnss_libvirt and libvirt-dev to multi-arch.
++
++ -- Christian Ehrhardt <christian.ehrhardt@canonical.com>  Tue, 08 Jan 2019 13:09:31 +0100
++
  libvirt (5.0.0-1) unstable; urgency=medium
    * [7346f30] New upstream version 5.0.0
@@ -1164,6 +3298,297 @@ libvirt (4.7.0-1) unstable; urgency=medium
   -- Guido Günther <agx@sigxcpu.org>  Sun, 09 Sep 2018 21:42:33 +0200
++libvirt (4.6.0-2ubuntu6) disco; urgency=medium
++
++  * No-change rebuild for readline soname change.
++
++ -- Matthias Klose <doko@ubuntu.com>  Tue, 15 Jan 2019 10:26:04 +0000
++
++libvirt (4.6.0-2ubuntu5) disco; urgency=medium
++
++  * d/p/ubuntu/lp1787405-0008-qemu-mdev-Use-vfio-pci-display-property-only
++    -with-vf.patch: fix handling of non PCI vfio display propery (part
++    of LP: #1787405)
++
++ -- Christian Ehrhardt <christian.ehrhardt@canonical.com>  Thu, 06 Dec 2018 09:20:39 +0100
++
++libvirt (4.6.0-2ubuntu4) disco; urgency=medium
++
++  * debian/patches/ubuntu/lp1787405-*: Support guest dedicated Crypto
++    Adapters on s390x (LP: #1787405)
++  * d/p/ubuntu/lp-1802727-netdevbridge-fall-back-to-ioctl-from-sysfs.patch:
++    fix libvirt bridge handling in unprivileged containers (LP: #1802906)
++
++ -- Christian Ehrhardt <christian.ehrhardt@canonical.com>  Fri, 09 Nov 2018 07:42:01 +0100
++
++libvirt (4.6.0-2ubuntu3) cosmic; urgency=medium
++
++  * d/p/ubuntu-aa/lp-1788603-fix-ptrace-rules-with-kernel-4.18.patch:
++    avoid issues with newer kernels >=4.18 (LP: #1788603)
++
++ -- Christian Ehrhardt <christian.ehrhardt@canonical.com>  Mon, 27 Aug 2018 10:57:57 +0200
++
++libvirt (4.6.0-2ubuntu2) cosmic; urgency=medium
++
++  * Fix an issue where guests with plenty of hostdevs attached where detected
++    as not shut down due to the kernel needing more time to free up
++    resources (LP: #1788226)
++    - d/p/ubuntu/lp-1788226-wait-longer-5-30s-on-hard-shutdown.patch
++    - d/p/ubuntu/lp-1788226-wait-longer-on-kill-per-assigned-Hostdev.patch
++
++ -- Christian Ehrhardt <christian.ehrhardt@canonical.com>  Tue, 21 Aug 2018 17:51:43 +0200
++
++libvirt (4.6.0-2ubuntu1) cosmic; urgency=medium
++
++  * Merged with Debian unstable (LP: #1786957).
++    Among many other new features and fixes this includes fixes
++    for (LP: #1754871), Remaining changes:
++    - Disable libssh2 support (universe dependency)
++    - Disable firewalld support (universe dependency)
++    - Set qemu-group to kvm (for compat with older ubuntu)
++    - Additional apport package-hook
++    - Autostart default bridged network (As upstream does, but not Debian).
++      In addition to just enabling it our solution provides:
++      + do not autostart if subnet is already taken (e.g. in guests).
++      + iterate some alternative subnets before giving up
++    - d/p/ubuntu/Allow-libvirt-group-to-access-the-socket.patch: This is
++      the group based access to libvirt functions as it was used in Ubuntu
++      for quite long.
++      + d/p/ubuntu/daemon-augeas-fix-expected.patch fix some related tests
++        due to the group access change.
++      + d/libvirt-daemon-system.postinst: add users in sudo to the libvirt
++        group.
++    - ubuntu/parallel-shutdown.patch: set parallel shutdown by default.
++    - d/p/ubuntu/enable-kvm-spice.patch: compat with older Ubuntu qemu/kvm
++      which provided a separate kvm-spice.
++    - Xen related
++      - d/p/ubuntu/ubuntu-libxl-qemu-path.patch: this change was split. The
++        section that adapts the path of the emulator to the Debian/Ubuntu
++        packaging is kept.
++      - d/p/ubuntu/ubuntu-libxl-Fix-up-VRAM-to-minimum-requirements.patch: auto
++        set VRAM to minimum requirements
++      - d/p/ubuntu/xen-default-uri.patch: set default URI on xen hosts
++      - Add libxl log directory
++      - libvirt-uri.sh: Automatically switch default libvirt URI for users on
++        Xen dom0 via user profile (was missing on changelogs before)
++    - d/p/ubuntu/apibuild-skip-libvirt-common.h: drop libvirt-common.h from
++      included_files to avoid build failures due to duplicate definitions.
++    - Update README.Debian with Ubuntu changes
++    - Convert libvirt0, libnss_libvirt and libvirt-dev to multi-arch.
++    - Enable some additional features on ppc64el and s390x (for arch parity)
++      + systemtap, zfs, numa and numad on s390x.
++      + systemtap on ppc64el.
++    - d/t/control, d/t/smoke-qemu-session: fixup smoke-qemu-session by making
++      vmlinuz available and accessible (Debian bug 848314)
++    - d/t/control, d/t/smoke-lxc: fix up lxc smoke test isolation
++    - Add dnsmasq configuration to work with system wide dnsmasq (drop >18.04,
++      no more UCA onto Xenial then which has global dnsmasq by default).
++    - d/p/ubuntu/ubuntu_machine_type.patch: accept ubuntu types as pci440fx
++    - Further upstreamed apparmor Delta, especially any new one
++      Our former delta is split into logical pieces and is either Ubuntu only
++      or is part of a continuous upstreaming effort.
++      Listing related remaining changes in debian/patches/ubuntu-aa/:
++      + 0001-apparmor-Allow-pygrub-to-run-on-Debian-Ubuntu.patch: apparmor:
++        Allow pygrub to run on Debian/Ubuntu
++      + 0003-apparmor-libvirt-qemu-Allow-read-access-to-overcommi.patch:
++        apparmor, libvirt-qemu: Allow read access to overcommit_memory
++      + 0007-apparmor-libvirt-qemu-Allow-owner-read-access-to-PRO.patch:
++        apparmor, libvirt-qemu: Allow owner read access to @{PROC}/*/auxv
++      + 0017-apparmor-virt-aa-helper-Allow-access-to-tmp-director.patch:
++        apparmor, virt-aa-helper: Allow access to tmp directories
++      + ubuntu-aa/0020-virt-aa-helper-ubuntu-storage-paths.patch:
++        apparmor, virt-aa-helper: Allow various storage pools and image
++        locations
++      + 0021-apparmor-virt-aa-helper-Add-openvswitch-support.patch:
++        apparmor, virt-aa-helper: Add openvswitch support
++      + 0025-apparmor-fix-newer-virt-manager-1.4.0.patch: Add Apparmor
++        permissions so virt-manager 1.4.0 viewing works (LP 1668681 1747442).
++        Can be dropped >=libvirt 4.7
++      + 0029-appmor-libvirt-qemu-Add-9p-support.patch: appmor,
++        libvirt-qemu: Add 9p support
++      + 0030-virt-aa-helper-Complete-9p-support.patch: virt-aa-helper:
++        add l to 9p file options.
++      + 0031-virt-aa-helper-Ask-for-no-deny-rule-for-readonly-dis.patch:
++        virt-aa-helper: Ask for no deny rule for readonly disk (renamed and
++        reworded, was virt-aa-helper-no-explicity-deny-for-basefiles.patch)
++      + 0032-apparmor-libvirt-qemu-Allow-reading-charm-specific-c.patch:
++        apparmor, libvirt-qemu: Allow reading charm-specific ceph config
++      + 0033-UBUNTU-only-apparmor-for-kvm.powerpc-LP-1680384.patch: allow
++        commands executed by ubuntu only kvm wrapper on ppc64el
++        (LP 1686621 & LP 1680384).
++      + 0034-apparmor-virt-aa-helper-access-for-snapped-nova.patch:
++        apparmor, virt-aa-helper: access for snapped nova
++      + 0040-apparmor-add-mediation-rules-for-unconfined.patch:
++        apparmor: add mediation rules for unconfined guests
++        Can be dropped >=libvirt 4.7
++    - d/rules: enable build time self tests on all architectures
++    - run dnsmasq as libvirt-dnsmasq (LP: 1743718)
++      + d/libvirt-daemon-system.postinst: add libvirt-dnsmasq user and group
++      + d/libvirt-daemon-system.postrm: remove libvirt-dnsmasq user and group on
++        purge
++      + d/p/ubuntu/dnsmasq-as-priv-user: write dnsmas config with user
++        libvirt-dnsmasq and adapt the self tests to expect that config
++      + d/libvirt-daemon-system.postinst: fix old libvirt-dnsmasq users
++    - debian/rules: disable the netcf backend. (LP: 1764314)
++    - debian/control: drop libnetcf from Build-Depends.
++    - ddebian/patches/ubuntu/ovmf_paths.patch: adjust paths to secboot.fd UEFI
++      Secure Boot enabled variants of the OVMF firmware and variable store for
++      the paths where we ship these files in Ubuntu.
++    - d/rules: install virtlockd correctly with defaults file (LP: 1729516)
++  * Added Changes
++    - 0032-apparmor-libvirt-qemu-Allow-reading-charm-specific-c.patch:
++      updated to take care of no more silencing and thereby hiding denials
++      (LP 1719579 is an example)
++    - 0032-apparmor-libvirt-qemu-Allow-reading-charm-specific-c.patch:
++      updated to also allow the optionally placed ceph asok file (LP: #1779674)
++    - 0033-UBUNTU-only-apparmor-for-kvm.powerpc-LP-1680384.patch: prepare
++      profile for usrmerge (LP: #1784023)
++    - Finalize the libvirt-bin -> libvirt-* transition in the apport
++      package-hook.
++    - d/p/ubuntu-aa/0050-local-include-for-libvirt-qemu.patch,
++      d/libvirt-daemon-system.postinst: provide a local apparmor include
++      for abstraction/libvirt-qemu (LP: #1786019)
++    - d/p/ubuntu-aa/0051-allow-user-tmp.patch: some features need tmp, but we
++      don't want blanket access. We only allow enumerating the base dir and
++      reading owned files. Further features needing /tmp have to add local
++      overrides, examples are qemu-smb and some modes of local snapshots.
++      (LP: #1365261) Can be dropped >=libvirt 4.7
++    - d/p/ubuntu-aa/0052-allow-to-preserve-dev-mountpoints.patch: Allow to
++      preserve /dev mountpoints in qemu namespaces (LP: #1786168)
++      Can be dropped >=libvirt 4.7
++    - avoid service dependency issues on upgrade (LP: #1786179)
++      This will in the long term be resolved in dh_* tools, but to let an
++      upgrade work for now we need to drop the sysV scripts (which we don't
++      use anyway) and slightly modify the systemd service to work with todays
++      dh_systemd_start properly. Can be dropped once Debian bug 905772 is
++      resolved in dh_* tools and libvirt uses those new code.
++      - d/libvirt-daemon-system.virtlogd.init: removed sysV init file
++      - d/libvirt-daemon-system.libvirtd.init: removed sysV init file
++      - debian/libvirt-daemon-system.maintscript: rm_conffile for virtlogd
++        and lbivirtd sysV init file
++      - d/p/ubuntu/avoid-restarting-virtlog-socket.patch: drop Also references
++        to virtlogd/virtlockd sockets as they would imply a restart of
++        virtlogd breaking it.
++      - d/t/smoke-lxc: use systemd instead of sysV to restart the service
++  * Dropped Changes (upstream)
++    - d/p/ubuntu/virt-aa-helper-Set-the-supported-features.patch: allow parsing
++      of memory slots and other extended features without breaking
++      virt-aa-helper (LP: 1746431).
++    - d/p/stable/0001-Revert-qemu-monitor-do-not-report-error-on-shutdown.patch
++    - d/p/stable/0002-nodedev-Fix-failing-to-parse-PCI-address-for-non-PCI.patch
++    - d/p/stable/0003-qemu-assign-correct-type-of-PCI-address-for-vhost-sc.patch
++    - d/p/stable/0004-qemu-Refresh-caps-cache-after-booting-a-different-ke.patch
++    - d/p/stable/0005-qemu-auto-add-generic-xhci-rather-than-NEC-xhci-to-Q.patch
++    - d/p/stable/0006-libvirtd-Explicit-dependency-on-systemd-machined.patch
++    - d/p/stable/0007-rpc-fix-race-sending-and-encoding-sasl-data.patch
++    - d/p/stable/0008-vhost-user-add-support-reconnect-for-vhost-user-port.patch
++    - d/p/stable/0009-qemu-Fix-memory-leak-in-processGuestPanicEvent.patch
++    - d/p/stable/0010-storage-util-Properly-ignore-errors-when-backing-vol.patch
++    - d/p/stable/0011-conf-Use-correct-attribute-name-in-error-message.patch
++    - d/p/stable/0012-util-json-Add-helper-to-return-string-or-number-prop.patch
++    - d/p/stable/0013-util-storage-Parse-lun-for-iSCSI-protocol-from-JSON-.patch
++    - d/p/stable/0014-virsh-Offer-only-persistent-domains-for-autostart.patch
++    - d/p/stable/0015-blockjob-Fix-a-error-checking-of-blockjob-status-in-.patch
++    - d/p/stable/0016-qemu-Expose-rx-tx_queue_size-in-qemu.conf-too.patch
++    - d/p/stable/0017-qemu-migration-Refresh-device-information-after-tran.patch
++    - d/p/stable/0018-qemuDomainRemoveMemoryDevice-unlink-memory-backing-f.patch
++    - d/p/stable/0019-vbox-fix-SEGV-during-dumpxml-of-a-serial-port.patch
++    - d/p/stable/0020-qemu-Initialize-priv-in-qemuDomainCoreDumpWithFormat.patch
++    - d/p/stable/0021-fix-regex-to-check-CN-from-server-certificate.patch
++    - d/p/stable/0022-storage-Fix-formatting-and-parsing-of-qemu-type-Unix.patch
++    - d/p/stable/0023-util-storage-Remove-detected-authentication-data-for.patch
++    - d/p/stable/0024-qemu-blockcopy-Add-check-for-bandwidth.patch
++    - d/p/stable/0025-conf-move-generated-member-from-virMacAddr-to-virDom.patch
++    - d/p/stable/0026-lxc-Drop-useless-check-in-live-device-update.patch
++    - d/p/stable/0027-Pass-oldDev-to-virDomainDefCompatibleDevice-on-devic.patch
++    - d/p/stable/0028-qemu-Fix-updating-device-with-boot-order.patch
++    - d/p/stable/0030-daemon-fix-rpc-event-leak-on-error-path-in-remoteDis.patch
++    - d/p/stable/0029-lxc-fix-rpc-event-leak-on-error-path-in-virLXCContro.patch
++    - d/p/stable/0031-qemu-fix-memory-leak-of-vporttype-during-migration.patch
++    - d/p/stable/0032-virsh-fixing-segfault-by-pool-autocompleter-function.patch
++    - d/p/stable/0033-qemu-Fix-comparison-assignment-in-qemuDomainUpdateDe.patch
++    - d/p/stable/0034-qemu-Fix-memory-leak-in-qemuConnectGetAllDomainStats.patch
++    - d/p/stable/0035-libvirtd-fix-potential-deadlock-when-reloading.patch
++    - d/p/stable/0036-qemu-Use-correct-bus-type-for-input-devices.patch
++    - d/p/stable/0037-qemu-hostdev-Fix-the-error-on-VM-start-with-an-mdev-.patch
++    - d/p/stable/0038-conf-Fix-crash-in-virDomainDefCompatibleDevice.patch
++    - d/p/ubuntu/lp1688508-tools-avoid-text-spilling-into-variables.patch:
++      avoid hanging on shutdown (LP: 1688508)
++    - d/p/ubuntu-aa/0041-apparmor-add-ro-rule-for-sasl-GSSAPI-
++      plugin-on-etc-g.patch fix issues if sasl is configured (LP: 1696471)
++    - d/p/ubuntu-aa/0042-virt-aa-helper-resolve-yet-to-be-created-paths.patch
++      ensure symlinks are resolved to get valid rules if interim parts of a path
++      are a symlink (LP: 1752361)
++    - d/p/ubuntu/lp1688508-tools-fix-variable-scope-in-in-check_guests_shutdown:
++      avoid issues shutting down more guests than configured for parallel
++      shutdown (LP: 1688508)
++    - d/p/ubuntu-aa/lp1756394-virt-aa-helper-resolve-file-symlinks.patch: fix
++      using devices that are symlinks (LP: 1756394)
++    - Fix nvdimm memory and passthrough input devices for hotplug via
++      domain security callbacks backporting upstream commits (LP: 1755153).
++      + d/p/ubuntu-aa/lp1755153-apparmor-add-Set-Restore-InputLabel.patch
++      + d/p/ubuntu-aa/lp1755153-apparmor-add-Set-Restore-MemoryLabel.patch
++    - Fix nvdimm memory and passthrough input devices in initial guest
++      description via virt-aa-helper (LP: 1757085).
++      + d/p/ubuntu-aa/lp1757085-virt-aa-helper-nvdimm-memory.patch
++      + d/p/ubuntu-aa/lp1757085-virt-aa-helper-passthrough-input.patch
++    - Fix clean shut down of guests on system shutdown (LP: 1764668)
++      + d/p/ubuntu/lp-1764668-do-not-report-unknown-guests.patch
++      + d/p/ubuntu/lp-1764668-fix-check_guests_shutdown-loop.patch
++    - SECURITY UPDATE: QEMU monitor DoS
++      + debian/patches/CVE-2018-1064.patch: add size limit to
++        src/qemu/qemu_agent.c.
++      + CVE-2018-1064
++    - SECURITY UPDATE: Speculative Store Bypass
++      + debian/patches/CVE-2018-3639-1.patch: define the 'ssbd' CPUID feature
++        bit in src/cpu/cpu_map.xml.
++      + debian/patches/CVE-2018-3639-2.patch: define the 'virt-ssbd' CPUID
++        feature bit in src/cpu/cpu_map.xml.
++      + CVE-2018-3639
++    - d/p/ubuntu-aa/lp1775777-vfio-usage-without-initial-hostdev.patch: fix
++      hotplug use cases where the initial guest had no hostdev at all and
++      therefore vrit-aa-helper did not allow /dev/vfio/vfio (LP: 1775777)
++    - debian/patches/ubuntu/lp-1758037-nwfilter-increase-pcap-buffer-size.patch:
++      Fix nwfilters that set CTRL_IP_LEARNING set to dhcp failing with "An error
++      occurred, but the cause is unknown" due to a buffer being too small
++      for pcap with TPACKET_V3 enabled (LP: 1758037)
++    - SECURITY UPDATE: code injection via libnss_dns.so
++      + debian/patches/CVE-2018-6764-1.patch: determine the hostname on
++        startup in src/util/virlog.c.
++      + debian/patches/CVE-2018-6764-2.patch: fix syntax-check in
++        src/util/virlog.c.
++      + debian/patches/CVE-2018-6764-3.patch: fix deadlock obtaining hostname
++        in cfg.mk, src/util/virlog.c.
++      + CVE-2018-6764
++  * Dropped Changes (no upgrade path left that needs those)
++    - Backwards compatible handling of group rename (can be dropped >18.04).
++    - Modifications to adapt for our delayed switch away from libvirt-bin (can
++      be dropped >18.04).
++      + d/p/ubuntu/libvirtd-service-add-bin-alias.patch: systemd: define alias
++        to old service name so that old references work
++      + d/p/ubuntu/libvirtd-init-add-bin-alias.patch: sysv init: define alias
++        to old service name so that old references work
++      + d/control: transitional package with the old name and maintainer
++        scripts to handle the transition
++    - fix conffile upgrade handling to avoid obsolete files
++      and inactive duplicates (LP 1694159)
++    - conffile handling of files dropped in 3.5 (can be dropped >18.04)
++      + /etc/init.d/virtlockd was sysv init only
++      + /etc/apparmor.d/local/usr.sbin.libvirtd and
++        /etc/apparmor.d/local/usr.lib.libvirt.virt-aa-helper are now generated
++        by dh_apparmor as needed
++    - d/libvirt-daemon-system.maintscript: remove the now dropped conffile
++      /etc/cron.daily/libvirt-daemon-system
++  * Dropped Changes (cleanups)
++    - d/test/smoke-lxc workaround for debbug 848317/867379 (systemd has fixed
++      one issue and the other is solved in libvirt by ensuring to move to the
++      right cgroups.)
++    - remove no more used libvirt-dnsmasq user (this was redundant since
++      4.0.0-1ubuntu5 reintroduced a libvirt-dnsmasq user)
++    - Disable selinux (now in main)
++
++ -- Christian Ehrhardt <christian.ehrhardt@canonical.com>  Sat, 18 Aug 2018 14:40:58 +0200
++
  libvirt (4.6.0-2) unstable; urgency=medium
    * [c33faee] Drop dwarves dependency.
@@ -1281,6 +3706,399 @@ libvirt (4.0.0-2) unstable; urgency=medium
   -- Guido Günther <agx@sigxcpu.org>  Thu, 08 Feb 2018 19:29:59 +0100
++libvirt (4.0.0-1ubuntu13) cosmic; urgency=medium
++
++  * ddebian/patches/ubuntu/ovmf_paths.patch: adjust paths to secboot.fd UEFI
++    Secure Boot enabled variants of the OVMF firmware and variable store for
++    the paths where we ship these files in Ubuntu.
++
++ -- Mathieu Trudel-Lapierre <cyphermox@ubuntu.com>  Wed, 27 Jun 2018 11:16:23 -0400
++
++libvirt (4.0.0-1ubuntu12) cosmic; urgency=medium
++
++  * d/p/ubuntu-aa/lp1775777-vfio-usage-without-initial-hostdev.patch: fix
++    hotplug use cases where the initial guest had no hostdev at all and
++    therefore vrit-aa-helper did not allow /dev/vfio/vfio (LP: #1775777)
++
++ -- Christian Ehrhardt <christian.ehrhardt@canonical.com>  Tue, 12 Jun 2018 16:24:01 +0200
++
++libvirt (4.0.0-1ubuntu11) cosmic; urgency=medium
++
++  * SECURITY UPDATE: QEMU monitor DoS
++    - debian/patches/CVE-2018-1064.patch: add size limit to
++      src/qemu/qemu_agent.c.
++    - CVE-2018-1064
++  * SECURITY UPDATE: Speculative Store Bypass
++    - debian/patches/CVE-2018-3639-1.patch: define the 'ssbd' CPUID feature
++      bit in src/cpu/cpu_map.xml.
++    - debian/patches/CVE-2018-3639-2.patch: define the 'virt-ssbd' CPUID
++      feature bit in src/cpu/cpu_map.xml.
++    - CVE-2018-3639
++
++ -- Marc Deslauriers <marc.deslauriers@ubuntu.com>  Tue, 22 May 2018 10:55:56 -0400
++
++libvirt (4.0.0-1ubuntu10) cosmic; urgency=medium
++
++  * Fix nwfilters that set CTRL_IP_LEARNING set to dhcp failing with "An error
++    occurred, but the cause is unknown" due to a buffer being too small
++    for pcap with TPACKET_V3 enabled (LP: #1758037)
++    - debian/patches/ubuntu/lp-1758037-nwfilter-increase-pcap-buffer-size.patch
++
++ -- Christian Ehrhardt <christian.ehrhardt@canonical.com>  Wed, 09 May 2018 17:07:59 +0200
++
++libvirt (4.0.0-1ubuntu9) cosmic; urgency=medium
++
++  * debian/rules: disable the netcf backend. (LP: #1764314)
++  * debian/control: drop libnetcf from Build-Depends.
++
++ -- Mathieu Trudel-Lapierre <cyphermox@ubuntu.com>  Wed, 09 May 2018 10:06:15 -0400
++
++libvirt (4.0.0-1ubuntu8) bionic; urgency=medium
++
++  * Fix clean shut down of guests on system shutdown (LP: #1764668)
++    - d/p/ubuntu/lp-1764668-do-not-report-unknown-guests.patch
++    - d/p/ubuntu/lp-1764668-fix-check_guests_shutdown-loop.patch
++
++ -- Christian Ehrhardt <christian.ehrhardt@canonical.com>  Tue, 24 Apr 2018 11:09:48 +0200
++
++libvirt (4.0.0-1ubuntu7) bionic; urgency=medium
++
++  * Fix nvdimm memory and passthrough input devices for hotplug via
++    domain security callbacks backporting upstream commits (LP: #1755153).
++    - d/p/ubuntu-aa/lp1755153-apparmor-add-Set-Restore-InputLabel.patch
++    - d/p/ubuntu-aa/lp1755153-apparmor-add-Set-Restore-MemoryLabel.patch
++  * Fix nvdimm memory and passthrough input devices in initial guest
++    description via virt-aa-helper (LP: #1757085).
++    - d/p/ubuntu-aa/lp1757085-virt-aa-helper-nvdimm-memory.patch
++    - d/p/ubuntu-aa/lp1757085-virt-aa-helper-passthrough-input.patch
++
++ -- Christian Ehrhardt <christian.ehrhardt@canonical.com>  Wed, 21 Mar 2018 08:30:47 +0100
++
++libvirt (4.0.0-1ubuntu6) bionic; urgency=medium
++
++  * Backport from recent upstream to stabilize libvirt (LP: #1756915)
++    - d/p/stable/0033-qemu-Fix-comparison-assignment-in-qemuDomainUpdateDe.patch
++    - d/p/stable/0034-qemu-Fix-memory-leak-in-qemuConnectGetAllDomainStats.patch
++    - d/p/stable/0035-libvirtd-fix-potential-deadlock-when-reloading.patch
++    - d/p/stable/0036-qemu-Use-correct-bus-type-for-input-devices.patch
++    - d/p/stable/0037-qemu-hostdev-Fix-the-error-on-VM-start-with-an-mdev-.patch
++    - d/p/stable/0038-conf-Fix-crash-in-virDomainDefCompatibleDevice.patch
++  * d/p/ubuntu/lp1688508-tools-fix-variable-scope-in-in-check_guests_shutdown:
++    avoid issues shutting down more guests than configured for parallel
++    shutdown (LP: #1688508)
++  * d/p/ubuntu-aa/lp1756394-virt-aa-helper-resolve-file-symlinks.patch: fix
++    using devices that are symlinks (LP: #1756394)
++
++ -- Christian Ehrhardt <christian.ehrhardt@canonical.com>  Mon, 19 Mar 2018 14:57:08 +0100
++
++libvirt (4.0.0-1ubuntu5) bionic; urgency=medium
++
++  * run dnsmasq as libvirt-dnsmasq (LP: #1743718)
++    - d/libvirt-daemon-system.postinst: add libvirt-dnsmasq user and group
++    - d/libvirt-daemon-system.postrm: remove libvirt-dnsmasq user and group on
++      purge
++    - d/p/ubuntu/dnsmasq-as-priv-user: write dnsmas config with user
++      libvirt-dnsmasq and adapt the self tests to expect that config
++    - d/libvirt-daemon-system.postinst: fix old libvirt-dnsmasq users
++  * Backport from recent upstream to stabilize libvirt (LP: #1754352)
++    - d/p/stable/0024-qemu-blockcopy-Add-check-for-bandwidth.patch
++    - d/p/stable/0025-conf-move-generated-member-from-virMacAddr-to-virDom.patch
++    - d/p/stable/0026-lxc-Drop-useless-check-in-live-device-update.patch
++    - d/p/stable/0027-Pass-oldDev-to-virDomainDefCompatibleDevice-on-devic.patch
++    - d/p/stable/0028-qemu-Fix-updating-device-with-boot-order.patch
++    - d/p/stable/0030-daemon-fix-rpc-event-leak-on-error-path-in-remoteDis.patch
++    - d/p/stable/0029-lxc-fix-rpc-event-leak-on-error-path-in-virLXCContro.patch
++    - d/p/stable/0031-qemu-fix-memory-leak-of-vporttype-during-migration.patch
++    - d/p/stable/0032-virsh-fixing-segfault-by-pool-autocompleter-function.patch
++  * d/p/ubuntu-aa/0041-apparmor-add-ro-rule-for-sasl-GSSAPI-
++    plugin-on-etc-g.patch fix issues if sasl is configured (LP: #1696471)
++  * d/p/ubuntu-aa/0042-virt-aa-helper-resolve-yet-to-be-created-paths.patch
++    ensure symlinks are resolved to get valid rules if interim parts of a path
++    are a symlink (LP: #1752361)
++
++ -- Christian Ehrhardt <christian.ehrhardt@canonical.com>  Tue, 27 Feb 2018 12:04:02 +0100
++
++libvirt (4.0.0-1ubuntu4) bionic; urgency=medium
++
++  * d/p/ubuntu/lp1688508-tools-avoid-text-spilling-into-variables.patch:
++    avoid hanging on shutdown (LP: #1688508)
++
++ -- Christian Ehrhardt <christian.ehrhardt@canonical.com>  Fri, 23 Feb 2018 16:43:19 +0100
++
++libvirt (4.0.0-1ubuntu3) bionic; urgency=medium
++
++  [ Christian Ehrhardt ]
++  * Backport of 23 bug fixes from recent upstream to stabilize libvirt on 18.04
++    - d/p/stable/0001-Revert-qemu-monitor-do-not-report-error-on-shutdown.patch
++    - d/p/stable/0002-nodedev-Fix-failing-to-parse-PCI-address-for-non-PCI.patch
++    - d/p/stable/0003-qemu-assign-correct-type-of-PCI-address-for-vhost-sc.patch
++    - d/p/stable/0004-qemu-Refresh-caps-cache-after-booting-a-different-ke.patch
++    - d/p/stable/0005-qemu-auto-add-generic-xhci-rather-than-NEC-xhci-to-Q.patch
++    - d/p/stable/0006-libvirtd-Explicit-dependency-on-systemd-machined.patch
++    - d/p/stable/0007-rpc-fix-race-sending-and-encoding-sasl-data.patch
++    - d/p/stable/0008-vhost-user-add-support-reconnect-for-vhost-user-port.patch
++    - d/p/stable/0009-qemu-Fix-memory-leak-in-processGuestPanicEvent.patch
++    - d/p/stable/0010-storage-util-Properly-ignore-errors-when-backing-vol.patch
++    - d/p/stable/0011-conf-Use-correct-attribute-name-in-error-message.patch
++    - d/p/stable/0012-util-json-Add-helper-to-return-string-or-number-prop.patch
++    - d/p/stable/0013-util-storage-Parse-lun-for-iSCSI-protocol-from-JSON-.patch
++    - d/p/stable/0014-virsh-Offer-only-persistent-domains-for-autostart.patch
++    - d/p/stable/0015-blockjob-Fix-a-error-checking-of-blockjob-status-in-.patch
++    - d/p/stable/0016-qemu-Expose-rx-tx_queue_size-in-qemu.conf-too.patch
++    - d/p/stable/0017-qemu-migration-Refresh-device-information-after-tran.patch
++    - d/p/stable/0018-qemuDomainRemoveMemoryDevice-unlink-memory-backing-f.patch
++    - d/p/stable/0019-vbox-fix-SEGV-during-dumpxml-of-a-serial-port.patch
++    - d/p/stable/0020-qemu-Initialize-priv-in-qemuDomainCoreDumpWithFormat.patch
++    - d/p/stable/0021-fix-regex-to-check-CN-from-server-certificate.patch
++    - d/p/stable/0022-storage-Fix-formatting-and-parsing-of-qemu-type-Unix.patch
++    - d/p/stable/0023-util-storage-Remove-detected-authentication-data-for.patch
++  * d/rules: enable build time self tests on all architectures
++
++  [ Marc Deslauriers ]
++  * SECURITY UPDATE: code injection via libnss_dns.so
++    - debian/patches/CVE-2018-6764-1.patch: determine the hostname on
++      startup in src/util/virlog.c.
++    - debian/patches/CVE-2018-6764-2.patch: fix syntax-check in
++      src/util/virlog.c.
++    - debian/patches/CVE-2018-6764-3.patch: fix deadlock obtaining hostname
++      in cfg.mk, src/util/virlog.c.
++    - CVE-2018-6764
++
++ -- Christian Ehrhardt <christian.ehrhardt@canonical.com>  Mon, 19 Feb 2018 14:18:44 +0100
++
++libvirt (4.0.0-1ubuntu2) bionic; urgency=medium
++
++  * d/p/ubuntu-aa/0025-apparmor-fix-newer-virt-manager-1.4.0.patch: refreshed
++    as libvirt 4.0 needs a reversed rule for openGraphicsFD (LP: #1747442)
++    - refreshed 0032 and 0040 to match the new context.
++  * d/p/ubuntu/virt-aa-helper-Set-the-supported-features.patch: allow parsing
++    of memory slots and other extended features without breaking
++    virt-aa-helper (LP: #1746431).
++
++ -- Christian Ehrhardt <christian.ehrhardt@canonical.com>  Fri, 02 Feb 2018 07:31:17 +0100
++
++libvirt (4.0.0-1ubuntu1) bionic; urgency=medium
++
++  * Merged with Debian unstable (4.0)
++    This closes several bugs:
++    - Error generating apparmor profile when hostname contains spaces
++      (LP: #799997)
++    - qemu 2.10 locks files, libvirt shared now sets share-rw=on (LP: #1716028)
++    - libvirt usb passthrough throws apparmor denials related to
++      /run/udev/data/+usb (LP: #1727311)
++    - AppArmor denies access to /sys/block/*/queue/max_segments (LP: #1729626)
++    - iohelper improvements to let bypass-cache work without opening up the
++      apparmor isolation (LP: #1719579)
++    - nodeinfo on s390x to contain more CPU info (LP: #1733688)
++    - Upgrade libvirt >= 4.0 (LP: #1745934)
++  * Remaining changes:
++    - Disable libssh2 support (universe dependency)
++    - Disable firewalld support (universe dependency)
++    - Disable selinux
++    - Set qemu-group to kvm (for compat with older ubuntu)
++    - Additional apport package-hook
++    - Modifications to adapt for our delayed switch away from libvirt-bin (can
++      be dropped >18.04).
++      + d/p/ubuntu/libvirtd-service-add-bin-alias.patch: systemd: define alias
++        to old service name so that old references work
++      + d/p/ubuntu/libvirtd-init-add-bin-alias.patch: sysv init: define alias
++        to old service name so that old references work
++      + d/control: transitional package with the old name and maintainer
++        scripts to handle the transition
++    - Backwards compatible handling of group rename (can be dropped >18.04).
++    - config details and autostart of default bridged network. Creating that is
++      now the default in general, yet our solution provides the following on
++      top as of today:
++      + autostart the default network by default
++      + do not autostart if subnet is already taken (e.g. in guests).
++    - d/p/ubuntu/Allow-libvirt-group-to-access-the-socket.patch: This is
++      the group based access to libvirt functions as it was used in Ubuntu
++      for quite long.
++      + d/p/ubuntu/daemon-augeas-fix-expected.patch fix some related tests
++        due to the group access change.
++    - ubuntu/parallel-shutdown.patch: set parallel shutdown by default.
++    - d/p/ubuntu/enable-kvm-spice.patch: compat with older Ubuntu qemu/kvm
++      which provided a separate kvm-spice.
++    - d/p/ubuntu/ubuntu-libxl-qemu-path.patch: this change was split. The
++      section that adapts the path of the emulator to the Debian/Ubuntu
++      packaging is kept.
++    - d/p/ubuntu/ubuntu-libxl-Fix-up-VRAM-to-minimum-requirements.patch: auto
++      set VRAM to minimum requirements
++    - d/p/ubuntu/xen-default-uri.patch: set default URI on xen hosts
++    - Add libxl log directory
++    - libvirt-uri.sh: Automatically switch default libvirt URI for users on
++      Xen dom0 via user profile (was missing on changelogs before)
++    - d/p/ubuntu/apibuild-skip-libvirt-common.h: drop libvirt-common.h from
++      included_files to avoid build failures due to duplicate definitions.
++    - Update README.Debian with Ubuntu changes
++    - Convert libvirt0, libnss_libvirt and libvirt-dev to multi-arch.
++    - Enable some additional features on ppc64el and s390x (for arch parity)
++      + systemtap, zfs, numa and numad on s390x.
++      + systemtap on ppc64el.
++    - fix conffile upgrade handling to avoid obsolete files
++      and inactive duplicates (LP 1694159)
++    - d/t/control, d/t/smoke-qemu-session: fixup smoke-qemu-session by making
++      vmlinuz available and accessible (Debian bug 848314)
++    - d/test/smoke-lxc workaround for debbug 848317/867379
++    - d/t/control, d/t/smoke-lxc: fix up lxc smoke test (Debian bug 848317)
++    - Add dnsmasq configuration to work with system wide dnsmasq (drop >18.04,
++      no more UCA onto Xenial then which has global dnsmasq by default).
++    - d/p/ubuntu/ubuntu_machine_type.patch: accept ubuntu types as pci440fx
++    - conffile handling of files dropped in 3.5 (can be dropped >18.04)
++      + /etc/init.d/virtlockd was sysv init only
++      + /etc/apparmor.d/local/usr.sbin.libvirtd and
++        /etc/apparmor.d/local/usr.lib.libvirt.virt-aa-helper are now generated
++        by dh_apparmor as needed
++    - Reworked apparmor Delta, especially the more complex delta is dropped
++      now, also our former delta is now split into logical pieces, has
++      improved comments and is part of a continuous upstreaming effort.
++      Listing related remaining changes:
++      + d/p/0001-apparmor-Allow-pygrub-to-run-on-Debian-Ubuntu.patch: apparmor:
++        Allow pygrub to run on Debian/Ubuntu
++      + d/p/0003-apparmor-libvirt-qemu-Allow-read-access-to-overcommi.patch:
++        apparmor, libvirt-qemu: Allow read access to overcommit_memory
++      + d/p/0007-apparmor-libvirt-qemu-Allow-owner-read-access-to-PRO.patch:
++        apparmor, libvirt-qemu: Allow owner read access to @{PROC}/*/auxv
++      + d/p/0017-apparmor-virt-aa-helper-Allow-access-to-tmp-director.patch:
++        apparmor, virt-aa-helper: Allow access to tmp directories
++      + d/p/ubuntu-aa/0020-virt-aa-helper-ubuntu-storage-paths.patch:
++        apparmor, virt-aa-helper: Allow various storage pools and image
++        locations
++      + d/p/0021-apparmor-virt-aa-helper-Add-openvswitch-support.patch:
++        apparmor, virt-aa-helper: Add openvswitch support
++      + d/p/0025-apparmor-fix-newer-virt-manager-1.4.0.patch: Add Apparmor
++        permissions so virt-manager 1.4.0 viewing works (LP 1668681).
++      + d/p/0029-appmor-libvirt-qemu-Add-9p-support.patch: appmor,
++        libvirt-qemu: Add 9p support
++      + d/p/0030-virt-aa-helper-Complete-9p-support.patch: virt-aa-helper:
++        add l to 9p file options.
++      + d/p/0031-virt-aa-helper-Ask-for-no-deny-rule-for-readonly-dis.patch:
++        virt-aa-helper: Ask for no deny rule for readonly disk (renamed and
++        reworded, was virt-aa-helper-no-explicity-deny-for-basefiles.patch)
++      + d/p/0032-apparmor-libvirt-qemu-Allow-reading-charm-specific-c.patch:
++        apparmor, libvirt-qemu: Allow reading charm-specific ceph config
++      + d/p/0033-UBUNTU-only-apparmor-for-kvm.powerpc-LP-1680384.patch: allow
++        commands executed by ubuntu only kvm wrapper on ppc64el (LP 1686621).
++      + d/p/0034-apparmor-virt-aa-helper-access-for-snapped-nova.patch:
++        apparmor, virt-aa-helper: access for snapped nova
++  * Dropped Changes (Upstream):
++    - d/p/0005-apparmor-libvirt-qemu-Allow-use-of-sgabios.patch: apparmor,
++      libvirt-qemu: Allow use of sgabios
++    - d/p/0006-apparmor-libvirt-qemu-Silence-lttng-related-deny-mes.patch:
++      apparmor, libvirt-qemu: Silence lttng related deny messages
++    - d/p/0008-apparmor-libvirt-qemu-Allow-read-access-to-sysfs-sys.patch:
++      apparmor, libvirt-qemu: Allow read access to sysfs system info
++    - d/p/0009-apparmor-libvirt-qemu-Allow-read-access-to-max_mem_r.patch:
++      apparmor, libvirt-qemu: Allow read access to max_mem_regions
++    - d/p/0010-apparmor-libvirt-qemu-Allow-qemu-block-extra-librari.patch:
++      apparmor, libvirt-qemu: Allow qemu-block-extra libraries
++    - d/p/0012-apparmor-libvirtd-Allow-access-to-netlink-sockets.patch:
++      apparmor, libvirtd: Allow access to netlink sockets
++    - d/p/0013-apparmor-Add-rules-for-mediation-support.patch:
++      apparmor: Add rules for mediation support
++    - d/p/0015-apparmor-virt-aa-helper-Allow-access-to-ecryptfs-fil.patch:
++      apparmor, virt-aa-helper: Allow access to ecryptfs files
++    - d/p/0016-apparmor-libvirtd-Allow-ixr-to-var-lib-libvirt-virtd.patch:
++      apparmor, libvirtd: Allow ixr to /var/lib/libvirt/virtd*
++    - d/p/0018-apparmor-virt-aa-helper-Add-ipv6-network-policy.patch:
++      apparmor, virt-aa-helper: Add ipv6 network policy
++    - d/p/0019-apparmor-virt-aa-helper-Allow-access-to-sys-bus-usb-.patch:
++      apparmor, virt-aa-helper: Allow access to /sys/bus/usb/devices
++    - d/p/0023-apparmor-qemu-won-t-call-qemu-nbd.patch: apparmor: qemu
++      won't call qemu-nbd
++    - d/p/0027-apparmor-allow-reading-cmdline-of-shutdown-signal.patch:
++      apparmor: allow to parse cmdline of the pid that send the shutdown
++      signal (LP 1680384).
++    - d/p/0028-apparmor-add-default-pki-path-of-lbvirt-spice.patch:
++      apparmor: add default pki path of lbvirt-spice (LP 1690140)
++    - d/p/ubuntu-aa/0035-virt-aa-helper-locking-disk-files-for-qemu-2.10.patch:
++      for compatibility with the behavior of qemu 2.10 this adds locking
++      permission to rules generated for disk files (LP 1709818)
++    - d/p/ubuntu-aa/0036-virt-aa-helper-locking-loader-nvram-for-qemu-2.10.patch:
++      for compatibility with the behavior of qemu 2.10 this adds locking
++      permission to rules generated for loader/nvram (LP 1710960)
++    - d/p/ubuntu-aa/0037-virt-aa-helper...: grant locking permission on append
++      files (LP 1726804)
++    - d/p/ubuntu-aa/0038-virt-aa-helper-fix-paths-for-usb-hostdevs.patch:
++      fix path generation for USB host devices (LP 1552241)
++    - d/p/ubuntu-aa/0039-virt-aa-helper-fix-libusb-access-to-udev-usb-data.patch:
++      generate valid rules on usb passthrough (LP 1686324)
++    - d/p/avoid-double-locking.patch: fix a deadlock that could occur when
++      libvirtd interactions raced with dbus causing a deadlock (LP 1714254).
++    - d/p/u/gnulib-getopt-posix-Fix-build-failure-when-using-ac_cv_head.patch:
++      fix FTBFS with glibc 2.26 (LP 1718668)
++    - Extended handling of apparmor profiles - clear lost profiles via cron
++      (now cleared by virt-aa-helper on domain stop)
++    - nat only on some ports <port start='1024' end='65535'/> (upstream
++      default now if nothing is specified, actually dropped last cycle)
++  * Dropped Changes (In Debian or no more important):
++    - d/p/0002-apparmor-libvirt-qemu-Allow-macvtap-access.patch: apparmor,
++      libvirt-qemu: Allow macvtap access
++    - d/p/0004-apparmor-Explicit-deny-for-setpcap.patch: apparmor: Explicit
++      deny for setpcap (LP 522845).
++    - d/p/0014-apparmor-virt-aa-helper-Improve-comment-about-backin.patch:
++      apparmor, virt-aa-helper: Improve comment about backing store
++    - d/p/0022-apparmor-drop-references-to-qemu-kvm.patch: apparmor: drop
++      references to qemu-kvm
++    - d/p/0024-apparmor-virt-aa-helper-Allow-access-to-name-service.patch:
++      apparmor, virt-aa-helper: Allow access to name services
++    - d/p/0026-apparmor-add-generic-base-vfio-device.patch: apparmor: add
++      /dev/vfio for vf (hot) attach (LP 1680384) (added by virt-aa-helper per
++      guest if needed).
++    - d/p/0011-apparmor-libvirt-qemu-Allow-access-to-hugepage-mount.patch:
++      apparmor, libvirt-qemu: Allow access to hugepage mounts
++    - Disable sheepdog (was for universe dependency, but is now only a suggest)
++    - d/p/ubuntu/storage-disable-gluster-test: gluster not enabled, skip test
++  * Dropped Changes (In Debian/Upstream now based on interim 3.10 work) some of
++    these were never released, but important to mention for the bug references:
++    - libnss-libvirt once enabled causes apt to call getdents
++      avoid this being an issue by dropping a apt conf that allows
++      this in seccomp (LP: #1732030).
++    - d/libvirt-daemon-system.postrm: clean up more libvirt directories on
++      purge
++    - d/p/ubuntu-aa/0041-apparmor-allow-unix-stream-for-p2p-migrations.patch:
++      apparmor: allow unix stream for p2p migrations
++    - d/p/ubuntu-aa/0043-security-apparmor-implement-domainSetPathLabel.patch:
++      this replaces the hugepage rules and fixes many more formerly missing
++    - d/p/ubuntu-aa/0044-security-full-path-option-for-DomainSetPathLabel.patch:
++      allowing to have path wildcards on labels set by domain callbacks
++    - d/p/ubuntu-aa/0045-security-apparmor-add-Set-Restore-ChardevLabel.patch:
++      apparmor implementation of security callback
++    - d/p/ubuntu-aa/0046-apparmor-virt-aa-helper-drop-static-channel-rule.patch:
++      this is now covered by chardev label callbacks
++  * Added Changes:
++    - Revert Debian change "Drop libvirt-bin upgrade handling"
++      This is needed in Ubuntu one last time (drop >18.04)
++    - Revert Debian change "Drop maintscript helpers for versions predating
++      jessie and wheezy-backports". This is needed in Ubuntu one last
++      time (drop >18.04)
++    - Refreshed d/p/* to match new version (only fuzz, no semantic change)
++    - d/libvirt-daemon-system.postrm: change order of libvirt-qemu removal
++      to avoid error messages on purge
++    - remove no more used libvirt-dnsmasq user (drop >18.04)
++    - d/p/ubuntu-aa/0040-apparmor-add-mediation-rules-for-unconfined.patch:
++      apparmor: add mediation rules for unconfined guests
++    - d/p/ubuntu-aa/0042-security-introduce-virSecurityManager-Set-Restore-Ch
++      .patch: backport upstream cahnge to expose already used chardev calls.
++    - d/libvirt-daemon-system.postrm: Remove the default.xml network link
++      set up by postinst.
++    - d/libvirt-daemon-system.maintscript: remove the now dropped conffile
++      /etc/cron.daily/libvirt-daemon-system
++    - d/libvirt-daemon-system.postinst: fixups for autostart default network
++      - use modern shell syntax
++      - try more default networks before giving up to enable by default
++    - d/p/ubuntu-aa/0020-virt-aa-helper-ubuntu-storage-paths.patch:
++      add multipass image path and mark as ubuntu only change.
++    - d/rules: install virtlockd correctly with defaults file (LP: #1729516)
++    - extended d/p/0025-apparmor-fix-newer-virt-manager-1.4.0.patch to cover
++      the slightly changed behavior of libvirt 4.0 (LP: #1741617)
++    - d/control: make libvirt-daemon-driver-storage-rbd a recommend instead of
++      just a suggest to have 3rd party relying on rbd out of the box working.
++      This is deprecated and users of rbd backend should start depending on
++      this package for it will be dropped to a suggest in future releases.
++
++ -- Christian Ehrhardt <christian.ehrhardt@canonical.com>  Thu, 14 Dec 2017 14:15:55 +0100
++
  libvirt (4.0.0-1) unstable; urgency=medium
    * [5936904] New upstream version 4.0.0
@@ -1438,6 +4256,206 @@ libvirt (3.7.0-1) unstable; urgency=medium
   -- Guido Günther <agx@sigxcpu.org>  Fri, 08 Sep 2017 14:52:38 +0200
++libvirt (3.6.0-1ubuntu6) artful; urgency=medium
++
++  * d/p/ubuntu-aa/0037-virt-aa-helper...: grant locking permission on append
++    files (LP: #1726804)
++  * d/p/ubuntu-aa/0038-virt-aa-helper-fix-paths-for-usb-hostdevs.patch:
++    fix path generation for USB host devices (LP: #1552241)
++  * d/p/ubuntu-aa/0039-virt-aa-helper-fix-libusb-access-to-udev-usb-data.patch:
++    generate valid rules on usb passthrough (LP: #1686324)
++
++ -- Christian Ehrhardt <christian.ehrhardt@canonical.com>  Tue, 24 Oct 2017 14:30:34 +0200
++
++libvirt (3.6.0-1ubuntu5) artful; urgency=medium
++
++  * d/p/u/gnulib-getopt-posix-Fix-build-failure-when-using-ac_cv_head.patch:
++    fix FTBFS with glibc 2.26 (LP: #1718668)
++
++ -- Christian Ehrhardt <christian.ehrhardt@canonical.com>  Thu, 28 Sep 2017 08:18:10 -0400
++
++libvirt (3.6.0-1ubuntu4) artful; urgency=medium
++
++  * d/p/avoid-double-locking.patch: fix a deadlock that could occur when
++    libvirtd interactions raced with dbus causing a deadlock (LP: #1714254).
++
++ -- Christian Ehrhardt <christian.ehrhardt@canonical.com>  Fri, 01 Sep 2017 10:29:35 +0200
++
++libvirt (3.6.0-1ubuntu3) artful; urgency=medium
++
++  * No change rebuild for Qemu 2.10 and Xen 4.9
++
++ -- Christian Ehrhardt <christian.ehrhardt@canonical.com>  Mon, 21 Aug 2017 10:34:13 +0200
++
++libvirt (3.6.0-1ubuntu2) artful; urgency=medium
++
++  * d/p/ubuntu-aa/0036-virt-aa-helper-locking-loader-nvram-for-qemu-2.10.patch:
++    for compatibility with the behavior of qemu 2.10 this adds locking
++    permission to rules generated for loader/nvram (LP: #1710960)
++
++ -- Christian Ehrhardt <christian.ehrhardt@canonical.com>  Thu, 17 Aug 2017 10:00:19 +0200
++
++libvirt (3.6.0-1ubuntu1) artful; urgency=medium
++
++  * Merged with Debian unstable (3.6)
++    This closes several bugs:
++    - aarch64: improved chardev handling (LP: #1697610)
++    - Forbid locking memory without memtune (LP: #1708305)
++  * Remaining changes:
++    - Disable sheepdog (universe dependency)
++    - Disable libssh2 support (universe dependency)
++    - Disable firewalld support (universe dependency)
++    - Disable selinux
++    - Set qemu-group to kvm (for compat with older ubuntu)
++    - Regularly clear AppArmor profiles for vms that no longer exist
++    - Additional apport package-hook
++    - Modifications to adapt for our delayed switch away from libvirt-bin (can
++      be dropped >18.04).
++      + d/p/ubuntu/libvirtd-service-add-bin-alias.patch: systemd: define alias
++        to old service name so that old references work
++      + d/p/ubuntu/libvirtd-init-add-bin-alias.patch: sysv init: define alias
++        to old service name so that old references work
++      + d/control: transitional package with the old name and maintainer
++        scripts to handle the transition
++    - Backwards compatible handling of group rename (can be dropped >18.04).
++    - config details and autostart of default bridged network. Creating that is
++      now the default in general, yet our solution provides the following on
++      top as of today:
++      + nat only on some ports <port start='1024' end='65535'/>
++      + autostart the default network by default
++      + do not autostart if 192.168.122.0 is already taken (e.g. in containers)
++    - d/p/ubuntu/Allow-libvirt-group-to-access-the-socket.patch: This is
++      the group based access to libvirt functions as it was used in Ubuntu
++      for quite long.
++      + d/p/ubuntu/daemon-augeas-fix-expected.patch fix some related tests
++        due to the group access change.
++    - ubuntu/parallel-shutdown.patch: set parallel shutdown by default.
++    - d/p/ubuntu/enable-kvm-spice.patch: compat with older Ubuntu qemu/kvm
++      which provided a separate kvm-spice.
++    - d/p/ubuntu/storage-disable-gluster-test: gluster not enabled, skip test
++    - d/p/ubuntu/ubuntu-libxl-qemu-path.patch: this change was split. The
++      section that adapts the path of the emulator to the Debian/Ubuntu
++      packaging is kept.
++    - d/p/ubuntu/ubuntu-libxl-Fix-up-VRAM-to-minimum-requirements.patch: auto
++      set VRAM to minimum requirements
++    - d/p/ubuntu/xen-default-uri.patch: set default URI on xen hosts
++    - Add libxl log directory
++    - libvirt-uri.sh: Automatically switch default libvirt URI for users on
++      Xen dom0 via user profile (was missing on changelogs before)
++    - d/p/ubuntu/apibuild-skip-libvirt-common.h: drop libvirt-common.h from
++      included_files to avoid build failures due to duplicate definitions.
++    - Update README.Debian with Ubuntu changes
++    - Convert libvirt0, libnss_libvirt and libvirt-dev to multi-arch.
++    - Enable some additional features on ppc64el and s390x (for arch parity)
++      + systemtap, zfs, numa and numad on s390x.
++      + systemtap on ppc64el.
++    - fix conffile upgrade handling to avoid obsolete files
++      and inactive duplicates (LP 1694159)
++    - d/t/control, d/t/smoke-qemu-session: fixup smoke-qemu-session by making
++      vmlinuz available and accessible (Debian bug 848314)
++    - d/test/smoke-lxc workaround for debbug 848317/867379
++    - d/t/control, d/t/smoke-lxc: fix up lxc smoke test (Debian bug 848317)
++    - Extended handling of apparmor profiles - clear lost profiles via cron
++    - Add dnsmasq configuration to work with system wide dnsmasq (drop >18.04,
++      no more UCA onto Xenial then which has global dnsmasq by default).
++    - d/p/ubuntu/ubuntu_machine_type.patch: accept ubuntu types as pci440fx
++    - conffile handling of files dropped in 3.5 (can be dropped >18.04)
++      + /etc/init.d/virtlockd was sysv init only
++      + /etc/apparmor.d/local/usr.sbin.libvirtd and
++        /etc/apparmor.d/local/usr.lib.libvirt.virt-aa-helper are now generated
++        by dh_apparmor as needed
++    - Reworked apparmor Delta, especially the more complex delta is dropped
++      now, also our former delta is now split into logical pieces, has
++      improved comments and is part of a continuous upstreaming effort.
++      Listing related remaining changes:
++      + d/p/0001-apparmor-Allow-pygrub-to-run-on-Debian-Ubuntu.patch: apparmor:
++        Allow pygrub to run on Debian/Ubuntu
++      + d/p/0002-apparmor-libvirt-qemu-Allow-macvtap-access.patch: apparmor,
++        libvirt-qemu: Allow macvtap access
++      + d/p/0003-apparmor-libvirt-qemu-Allow-read-access-to-overcommi.patch:
++        apparmor, libvirt-qemu: Allow read access to overcommit_memory
++      + d/p/0004-apparmor-Explicit-deny-for-setpcap.patch: apparmor: Explicit
++        deny for setpcap
++      + d/p/0005-apparmor-libvirt-qemu-Allow-use-of-sgabios.patch: apparmor,
++        libvirt-qemu: Allow use of sgabios
++      + d/p/0006-apparmor-libvirt-qemu-Silence-lttng-related-deny-mes.patch:
++        apparmor, libvirt-qemu: Silence lttng related deny messages
++      + d/p/0007-apparmor-libvirt-qemu-Allow-owner-read-access-to-PRO.patch:
++        apparmor, libvirt-qemu: Allow owner read access to @{PROC}/*/auxv
++      + d/p/0008-apparmor-libvirt-qemu-Allow-read-access-to-sysfs-sys.patch:
++        apparmor, libvirt-qemu: Allow read access to sysfs system info
++      + d/p/0009-apparmor-libvirt-qemu-Allow-read-access-to-max_mem_r.patch:
++        apparmor, libvirt-qemu: Allow read access to max_mem_regions
++      + d/p/0010-apparmor-libvirt-qemu-Allow-qemu-block-extra-librari.patch:
++        apparmor, libvirt-qemu: Allow qemu-block-extra libraries
++      + d/p/0011-apparmor-libvirt-qemu-Allow-access-to-hugepage-mount.patch:
++        apparmor, libvirt-qemu: Allow access to hugepage mounts
++      + d/p/0012-apparmor-libvirtd-Allow-access-to-netlink-sockets.patch:
++        apparmor, libvirtd: Allow access to netlink sockets
++      + d/p/0013-apparmor-Add-rules-for-mediation-support.patch:
++        apparmor: Add rules for mediation support
++      + d/p/0014-apparmor-virt-aa-helper-Improve-comment-about-backin.patch:
++        apparmor, virt-aa-helper: Improve comment about backing store
++      + d/p/0015-apparmor-virt-aa-helper-Allow-access-to-ecryptfs-fil.patch:
++        apparmor, virt-aa-helper: Allow access to ecryptfs files
++      + d/p/0016-apparmor-libvirtd-Allow-ixr-to-var-lib-libvirt-virtd.patch:
++        apparmor, libvirtd: Allow ixr to /var/lib/libvirt/virtd*
++      + d/p/0017-apparmor-virt-aa-helper-Allow-access-to-tmp-director.patch:
++        apparmor, virt-aa-helper: Allow access to tmp directories
++      + d/p/0018-apparmor-virt-aa-helper-Add-ipv6-network-policy.patch:
++        apparmor, virt-aa-helper: Add ipv6 network policy
++      + d/p/0019-apparmor-virt-aa-helper-Allow-access-to-sys-bus-usb-.patch:
++        apparmor, virt-aa-helper: Allow access to /sys/bus/usb/devices
++      + d/p/0020-apparmor-virt-aa-helper-Allow-various-storage-pools-.patch:
++        apparmor, virt-aa-helper: Allow various storage pools and image
++        locations
++      + d/p/0021-apparmor-virt-aa-helper-Add-openvswitch-support.patch:
++        apparmor, virt-aa-helper: Add openvswitch support
++      + d/p/0022-apparmor-drop-references-to-qemu-kvm.patch: apparmor: drop
++        references to qemu-kvm
++      + d/p/0023-apparmor-qemu-won-t-call-qemu-nbd.patch: apparmor: qemu
++        won't call qemu-nbd
++      + d/p/0024-apparmor-virt-aa-helper-Allow-access-to-name-service.patch:
++        apparmor, virt-aa-helper: Allow access to name services
++      + d/p/0025-apparmor-fix-newer-virt-manager-1.4.0.patch: Add Apparmor
++        permissions so virt-manager 1.4.0 viewing works (LP 1668681).
++      + d/p/0026-apparmor-add-generic-base-vfio-device.patch: apparmor: add
++        /dev/vfio for vf (hot) attach (LP 1680384).
++      + d/p/0027-apparmor-allow-reading-cmdline-of-shutdown-signal.patch:
++        apparmor: allow to parse cmdline of the pid that send the shutdown
++        signal (LP 1680384).
++      + d/p/0028-apparmor-add-default-pki-path-of-lbvirt-spice.patch:
++        apparmor: add default pki path of lbvirt-spice (LP 1690140)
++      + d/p/0029-appmor-libvirt-qemu-Add-9p-support.patch: appmor,
++        libvirt-qemu: Add 9p support
++      + d/p/0030-virt-aa-helper-Complete-9p-support.patch: virt-aa-helper:
++        add l to 9p file options.
++      + d/p/0031-virt-aa-helper-Ask-for-no-deny-rule-for-readonly-dis.patch:
++        virt-aa-helper: Ask for no deny rule for readonly disk (renamed and
++        reworded, was virt-aa-helper-no-explicity-deny-for-basefiles.patch)
++      + d/p/0032-apparmor-libvirt-qemu-Allow-reading-charm-specific-c.patch:
++        apparmor, libvirt-qemu: Allow reading charm-specific ceph config
++      + d/p/0033-UBUNTU-only-apparmor-for-kvm.powerpc-LP-1680384.patch: allow
++        commands executed by ubuntu only kvm wrapper on ppc64el (LP 1686621).
++      + d/p/0034-apparmor-virt-aa-helper-access-for-snapped-nova.patch:
++        apparmor, virt-aa-helper: access for snapped nova
++  * Dropped Changes (Upstream):
++    - d/p/ubuntu/fix-libxl-default-driver-name.patch: avoid an issue with
++      default driver entries missing name='qemu'.
++    - d/p/u/aa-helper-Properly-link-with-storage-driver.patch (LP 1704782)
++      Fix to be able to follow BackinStorage chains when creating per
++      guest apparmor rules.
++  * Dropped Changes (In Debian):
++    - Enable esx support
++      + Add build-dep to libcurl4-gnutls-dev (required for esx)
++  * Added Changes:
++    - d/p/ubuntu-aa/0035-virt-aa-helper-locking-disk-files-for-qemu-2.10.patch:
++      for compatibility with the behavior of qemu 2.10 this adds locking
++      permission to rules generated for disk files (LP: #1709818)
++
++
++ -- Christian Ehrhardt <christian.ehrhardt@canonical.com>  Thu, 10 Aug 2017 12:44:47 +0200
++
  libvirt (3.6.0-1) unstable; urgency=medium
    * [ece8d56] New upstream version 3.6.0 (Closes: #870626)
@@ -1454,6 +4472,264 @@ libvirt (3.6.0-1) unstable; urgency=medium
   -- Guido Günther <agx@sigxcpu.org>  Fri, 04 Aug 2017 00:05:47 -0300
++libvirt (3.5.0-1ubuntu3) artful; urgency=medium
++
++  * Refresh changes to match they way they were accepted upstream
++    - d/p/u/aa-helper-Properly-link-with-storage-driver.patch add commit
++      reference now that it is in git.
++    - d/p/u/fix-libxl-default-driver-name.patch: instead of addin the
++      name this is now fixed by relaxing the schema.
++
++ -- Christian Ehrhardt <christian.ehrhardt@canonical.com>  Wed, 19 Jul 2017 12:48:39 +0200
++
++libvirt (3.5.0-1ubuntu2) artful; urgency=medium
++
++  * d/p/u/aa-helper-Properly-link-with-storage-driver.patch (LP: #1704782)
++    Fix to be able to follow BackinStorage chains when creating per
++    guest apparmor rules.
++
++ -- Christian Ehrhardt <christian.ehrhardt@canonical.com>  Tue, 18 Jul 2017 16:34:57 +0200
++
++libvirt (3.5.0-1ubuntu1) artful; urgency=medium
++
++  * Merged with Debian unstable (3.5)
++    This closes several bugs:
++    - improved handling of host-model since libvirt 3.2 (LP: #1673467)
++    - Adding POWER9 cpu model to cpu_map.xml (LP: #1690209)
++  * Remaining changes:
++    - Disable sheepdog (universe dependency)
++    - Disable libssh2 support (universe dependency)
++    - Disable firewalld support (universe dependency)
++    - Disable selinux
++    - Enable esx support
++      + Add build-dep to libcurl4-gnutls-dev (required for esx)
++    - Set qemu-group to kvm (for compat with older ubuntu)
++    - Regularly clear AppArmor profiles for vms that no longer exist
++    - Additional apport package-hook
++    - Modifications to adapt for our delayed switch away from libvirt-bin (can
++      be dropped >18.04).
++      + d/p/ubuntu/libvirtd-service-add-bin-alias.patch: systemd: define alias
++        to old service name so that old references work
++      + d/p/ubuntu/libvirtd-init-add-bin-alias.patch: sysv init: define alias
++        to old service name so that old references work
++      + d/control: transitional package with the old name and maintainer
++        scripts to handle the transition
++    - Backwards compatible handling of group rename (can be dropped >18.04).
++    - config details and autostart of default bridged network. Creating that is
++      now the default in general, yet our solution provides the following on
++      top as of today:
++      + nat only on some ports <port start='1024' end='65535'/>
++      + autostart the default network by default
++      + do not autostart if 192.168.122.0 is already taken (e.g. in containers)
++    - d/p/ubuntu/Allow-libvirt-group-to-access-the-socket.patch: This is
++      the group based access to libvirt functions as it was used in Ubuntu
++      for quite long.
++      + d/p/ubuntu/daemon-augeas-fix-expected.patch fix some related tests
++        due to the group access change.
++    - ubuntu/parallel-shutdown.patch: set parallel shutdown by default.
++    - d/p/ubuntu/enable-kvm-spice.patch: compat with older Ubuntu qemu/kvm
++      which provided a separate kvm-spice.
++    - d/p/ubuntu/storage-disable-gluster-test: gluster not enabled, skip test
++    - d/p/ubuntu/ubuntu-libxl-qemu-path.patch: this change was split. The
++      section that adapts the path of the emulator to the Debian/Ubuntu
++      packaging is kept.
++    - d/p/ubuntu/ubuntu-libxl-Fix-up-VRAM-to-minimum-requirements.patch: auto
++      set VRAM to minimum requirements
++    - d/p/ubuntu/xen-default-uri.patch: set default URI on xen hosts
++    - Add libxl log directory
++    - libvirt-uri.sh: Automatically switch default libvirt URI for users on
++      Xen dom0 via user profile (was missing on changelogs before)
++    - d/p/ubuntu/apibuild-skip-libvirt-common.h: drop libvirt-common.h from
++      included_files to avoid build failures due to duplicate definitions.
++    - Update README.Debian with Ubuntu changes
++    - Convert libvirt0, libnss_libvirt and libvirt-dev to multi-arch.
++    - Enable some additional features on ppc64el and s390x (for arch parity)
++      + systemtap, zfs, numa and numad on s390x.
++      + systemtap on ppc64el.
++    - fix conffile upgrade handling to avoid obsolete files
++      and inactive duplicates (LP 1694159)
++    - d/t/control, d/t/smoke-qemu-session: fixup smoke-qemu-session by making
++      vmlinuz available and accessible (Debian bug 848314)
++    - d/t/control, d/t/smoke-lxc: fix up lxc smoke test (Debian bug 848317)
++    - Extended handling of apparmor profiles - clear lost profiles via cron
++    - Add dnsmasq configuration to work with system wide dnsmasq (drop >18.04,
++      no more UCA onto Xenial then which has global dnsmasq by default).
++    - Reworked apparmor Delta, especially the more complex delta is dropped
++      now, also our former delta is now split into logical pieces, has
++      improved comments and is part of a continuous upstreaming effort.
++      Listing related remaining changes:
++      + d/p/0001-apparmor-Allow-pygrub-to-run-on-Debian-Ubuntu.patch: apparmor:
++        Allow pygrub to run on Debian/Ubuntu
++      + d/p/0002-apparmor-libvirt-qemu-Allow-macvtap-access.patch: apparmor,
++        libvirt-qemu: Allow macvtap access
++      + d/p/0003-apparmor-libvirt-qemu-Allow-read-access-to-overcommi.patch:
++        apparmor, libvirt-qemu: Allow read access to overcommit_memory
++      + d/p/0004-apparmor-Explicit-deny-for-setpcap.patch: apparmor: Explicit
++        deny for setpcap
++      + d/p/0005-apparmor-libvirt-qemu-Allow-use-of-sgabios.patch: apparmor,
++        libvirt-qemu: Allow use of sgabios
++      + d/p/0006-apparmor-libvirt-qemu-Silence-lttng-related-deny-mes.patch:
++        apparmor, libvirt-qemu: Silence lttng related deny messages
++      + d/p/0007-apparmor-libvirt-qemu-Allow-owner-read-access-to-PRO.patch:
++        apparmor, libvirt-qemu: Allow owner read access to @{PROC}/*/auxv
++      + d/p/0008-apparmor-libvirt-qemu-Allow-read-access-to-sysfs-sys.patch:
++        apparmor, libvirt-qemu: Allow read access to sysfs system info
++      + d/p/0009-apparmor-libvirt-qemu-Allow-read-access-to-max_mem_r.patch:
++        apparmor, libvirt-qemu: Allow read access to max_mem_regions
++      + d/p/0010-apparmor-libvirt-qemu-Allow-qemu-block-extra-librari.patch:
++        apparmor, libvirt-qemu: Allow qemu-block-extra libraries
++      + d/p/0011-apparmor-libvirt-qemu-Allow-access-to-hugepage-mount.patch:
++        apparmor, libvirt-qemu: Allow access to hugepage mounts
++      + d/p/0012-apparmor-libvirtd-Allow-access-to-netlink-sockets.patch:
++        apparmor, libvirtd: Allow access to netlink sockets
++      + d/p/0013-apparmor-Add-rules-for-mediation-support.patch:
++        apparmor: Add rules for mediation support
++      + d/p/0014-apparmor-virt-aa-helper-Improve-comment-about-backin.patch:
++        apparmor, virt-aa-helper: Improve comment about backing store
++      + d/p/0015-apparmor-virt-aa-helper-Allow-access-to-ecryptfs-fil.patch:
++        apparmor, virt-aa-helper: Allow access to ecryptfs files
++      + d/p/0016-apparmor-libvirtd-Allow-ixr-to-var-lib-libvirt-virtd.patch:
++        apparmor, libvirtd: Allow ixr to /var/lib/libvirt/virtd*
++      + d/p/0017-apparmor-virt-aa-helper-Allow-access-to-tmp-director.patch:
++        apparmor, virt-aa-helper: Allow access to tmp directories
++      + d/p/0018-apparmor-virt-aa-helper-Add-ipv6-network-policy.patch:
++        apparmor, virt-aa-helper: Add ipv6 network policy
++      + d/p/0019-apparmor-virt-aa-helper-Allow-access-to-sys-bus-usb-.patch:
++        apparmor, virt-aa-helper: Allow access to /sys/bus/usb/devices
++      + d/p/0020-apparmor-virt-aa-helper-Allow-various-storage-pools-.patch:
++        apparmor, virt-aa-helper: Allow various storage pools and image
++        locations
++      + d/p/0021-apparmor-virt-aa-helper-Add-openvswitch-support.patch:
++        apparmor, virt-aa-helper: Add openvswitch support
++      + d/p/0022-apparmor-drop-references-to-qemu-kvm.patch: apparmor: drop
++        references to qemu-kvm
++      + d/p/0023-apparmor-qemu-won-t-call-qemu-nbd.patch: apparmor: qemu
++        won't call qemu-nbd
++      + d/p/0024-apparmor-virt-aa-helper-Allow-access-to-name-service.patch:
++        apparmor, virt-aa-helper: Allow access to name services
++      + d/p/0025-apparmor-fix-newer-virt-manager-1.4.0.patch: Add Apparmor
++        permissions so virt-manager 1.4.0 viewing works (LP 1668681).
++      + d/p/0026-apparmor-add-generic-base-vfio-device.patch: apparmor: add
++        /dev/vfio for vf (hot) attach (LP 1680384).
++      + d/p/0027-apparmor-allow-reading-cmdline-of-shutdown-signal.patch:
++        apparmor: allow to parse cmdline of the pid that send the shutdown
++        signal (LP 1680384).
++      + (28 is a new patch, listed in added changes)
++      + d/p/0029-appmor-libvirt-qemu-Add-9p-support.patch: appmor,
++        libvirt-qemu: Add 9p support
++      + d/p/0030-virt-aa-helper-Complete-9p-support.patch: virt-aa-helper:
++        add l to 9p file options.
++      + d/p/0031-virt-aa-helper-Ask-for-no-deny-rule-for-readonly-dis.patch:
++        virt-aa-helper: Ask for no deny rule for readonly disk (renamed and
++        reworded, was virt-aa-helper-no-explicity-deny-for-basefiles.patch)
++      + d/p/0032-apparmor-libvirt-qemu-Allow-reading-charm-specific-c.patch:
++        apparmor, libvirt-qemu: Allow reading charm-specific ceph config
++      + d/p/0033-UBUNTU-only-apparmor-for-kvm.powerpc-LP-1680384.patch: allow
++        commands executed by ubuntu only kvm wrapper on ppc64el (LP 1686621).
++      + d/p/0034-apparmor-virt-aa-helper-access-for-snapped-nova.patch:
++        apparmor, virt-aa-helper: access for snapped nova
++    - remaining but updated to match the latest release
++      + d/p/Disable-use-of-namespaces-by-default.patch (Debian change)
++      + d/p/Reduce-udevadm-settle-timeout-to-10-seconds.patch (Debian change)
++      + d/p/debian/apparmor_profiles_local_include.patch Include local
++        apparmor profile (Debian change)
++      + d/p/ubuntu/ubuntu_machine_type.patch: accept ubuntu types as pci440fx
++      + d/test/smoke-lxc workaround for debbug 848317/867379
++  * Dropped Changes (Upstream):
++    - Add missing apparmor rule for debug-threads feature (LP 1615550).
++    - Add new block device types to virt-aa-helpers profile (LP 1641618)
++    - d/p/ubuntu/storage-default-permission-mode-to-0711: safer default perms
++      for storage dirs like /var/lib/libvirt/images.
++    - d/p/ubuntu/libvirtd-service-nolimit.patch: remove proc/file/task limits
++      to support huge systems.
++    - d/p/ubuntu/libvirtd-service-set-notifyaccess.patch: set NotifyAccess=all
++      in libvirtd.service (-d not allowed to be specified, everything else
++      upstream so drop delta; LP 1574566).
++    - d/p/ubuntu/qemu_process-spice-don-t-release-used-port.patch: qemu_process
++      spice: don't release used port (LP 1697729).
++    - d/p/ubuntu/virsh-maxvcpu-fall-back-to-old-command.patch: virsh: maxvcpus:
++      Always fall back to the old command if domain caps fail (LP 1674298)
++    - d/p/ubuntu/qemu-Allow-empty-script-path-to-interface.patch: in the past
++      it was possible to have <script path=''/> which now fails - fix to match
++      the old behavior (LP 1665698)
++    - Reworked apparmor Delta and started upstreaming, listing related
++      changes dropped:
++      + Apparmor feature parsing to depend on new apparmor features which
++        appear in different versions across distributions (no more needed
++        >=Xenial, allows to now separate changes and upstream more easily).
++      + d/p/ubuntu/Ensure-disk-names-follow-the-disk-name-regex.patch:
++        guarantee disk spec is following the defined regex (LP 1665410).
++      + d/p/ubuntu/virt-aa-helper-add-guest-agent-rule.patch: add
++        virt-aa-helper rule allowing all private channel access.
++      + d/p/ubuntu/virt-aa-helper-apparmor-allow-usr-share-AAVMF-too.patch:
++        virt-aa-helper to allow access to aarch64 UEFI images.
++      + d/rules, apparmor: include and install local apparmor profiles (This
++        is now done by dh_apparmor automatically)
++      + add local apparmor override templates (provided by dh_apparmor now)
++      + Fix name resolution calls from virt-aa-helper profile (LP 1546674).
++      + virt-aa-helper, apparmor: allow /usr/share/OVMF/ too
++      + virt-aa-helper: Generalize test for firmware paths
++      + apparmor, virt-aa-helper: Allow aarch64 UEFI.
++      + apparmor, libvirt-qemu: Add ppc64el related changes
++      + apparmor, libvirtd: Allow libxl-save-helper to run on Debian/Ubuntu
++      + apparmor, libvirt-qemu: Allow access to ceph config
++      + apparmor, libvirt-qemu: Allow access to certificates used by libvirt-vnc
++      + apparmor, virt-aa-helper: Explicit denies for host devices
++      + apparmor, virt-aa-helper: Allow access to libnl-3 config files
++      + apparmor, libvirt-qemu: allow access to pt_chown for pty consoles
++  * Dropped Changes (In Debian):
++    - d/rules: debhelper start virtlogd.socket
++    - d/p/ubuntu/Debianize-virtlogd-service.patch: Adapt config file location
++      for Debian based systems.
++    - Additional debian/bug-presubj
++    - Extended handling of apparmor profiles - reload and remove in maintainer
++      scripts (dh_apparmor* now generate these snippets)
++  * Dropped Changes (no SysV anymore):
++    - Add sysvinit script for virtlockd
++    - Wait on socket in sysvinit script
++    - d/rules: dh_installinit virtlockd (was part of "Cleanup systemd
++      debhelper"
++    - d/p/ubuntu/Debianize-virtlockd-init.patch: Fix default config path in
++      virtlockd.init for Debian based systems.
++  * Dropped Changes (other reasons):
++    - d/p/ubuntu/dnsmasq-as-priv-user: configuration to run as extra user
++      This used group libvirt instead of nobody which makes it worse; Needs
++      to be fixed upstream (LP: #1690729).
++      + d/p/ubuntu/disable-network-test.patch: disable test failing due to
++        dnsmasq changes.
++    - Add .gitignore for .pc
++    - we keep lxc support as Debian does, but stop adding delta. It feels
++      somewhat less maintained than e.g. libvirt for qemu. Also for secure
++      and comfortable container management lxd is clearly preferred. The
++      delta caused more issues than it solved so deliver libvirt-lxc as-is
++      and drop the related delta.
++      + d/p/ubuntu/9031-enable-lxc-apparmor: enable apparmor confinement of
++        containers by default.
++      + d/p/ubuntu/9032-lxc-allow-no-security-driver: allow empty sec driver
++        for libvirt-lxc.
++    - The following xen changes are no more required with current versions
++      + d/p/ubuntu/ubuntu-libxl-hvmloader-path.patch: Fallback for libxl
++        xen paths (LP 1459603)
++      + d/p/ubuntu/ubuntu-libxl-qemu-path.patch: this change was split. The
++        section about compat to the very old qemu-dm name is no more needed.
++      + d/p/ubuntu/libxl-fix-test-data.patch and
++        d/p/ubuntu/fix-xen-xml-in-tests.patch: updated and unified into the
++        former one + also updated the maintainer notes to ease updating.
++      + d/p/ubuntu/libxl-no-dm-check.patch: Stop calling emulator to identify
++        device-model
++  * Added Changes:
++    - d/p/0028-apparmor-add-default-pki-path-of-lbvirt-spice.patch:
++      apparmor: add default pki path of lbvirt-spice (LP: #1690140)
++    - conffile handling of files dropped in 3.5 (can be dropped >18.04)
++      + /etc/init.d/virtlockd was sysv init only
++      + /etc/apparmor.d/local/usr.sbin.libvirtd and
++        /etc/apparmor.d/local/usr.lib.libvirt.virt-aa-helper are now generated
++        by dh_apparmor as needed
++    - d/p/ubuntu/fix-libxl-default-driver-name.patch: avoid an issue with
++      default driver entries missing name='qemu'.
++
++ -- Christian Ehrhardt <christian.ehrhardt@canonical.com>  Thu, 06 Jul 2017 15:43:17 +0200
++
  libvirt (3.5.0-1) unstable; urgency=medium
    [ Guido Günther ]
@@ -1547,6 +4823,233 @@ libvirt (3.0.0-1) experimental; urgency=medium
   -- Guido Günther <agx@sigxcpu.org>  Thu, 19 Jan 2017 18:51:18 +0100
++libvirt (2.5.0-3ubuntu10) artful; urgency=medium
++
++  * d/p/ubuntu/0004-apparmor-apply-ubuntu-delta.patch: Allow access to base
++    images and snapshots stored in nova-hypervisor snap's $SNAP_COMMON
++    directory, enabling use of the libvirt deb from the nova-hypervisor
++    snap (LP: #1644507).
++
++ -- Corey Bryant <corey.bryant@canonical.com>  Thu, 22 Jun 2017 14:29:39 -0400
++
++libvirt (2.5.0-3ubuntu9) artful; urgency=medium
++
++  * d/p/ubuntu/qemu_process-spice-don-t-release-used-port.patch: qemu_process
++    spice: don't release used port (LP: #1697729) - upstream in libvirt 3.1.
++
++ -- Christian Ehrhardt <christian.ehrhardt@canonical.com>  Wed, 14 Jun 2017 14:49:16 +0200
++
++libvirt (2.5.0-3ubuntu8) artful; urgency=medium
++
++  * fix conffile upgrade handling to avoid obsolete files
++    and inactive duplicates (LP: #1694159)
++    - d/libvirt-daemon-system.maintscript: revert to Debian content
++    - d/libvirt-bin.maintscript: add missing rm_conffile related to
++      dropping upstart.
++    - d/libvirt-bin.maintscript: add missing rm of conffiles due
++      to re-aligning with debian package names since yakkety.
++    - d/libvirt-bin.maintscript: for LTS->LTS upgraders try to move and retain
++      custom changes.
++    - d/libvirt-bin.maintscript: for upgraders from yakkety or later remove
++      the (now duplicate) conffiles, but retain custom changes in backups if
++      they exist
++    - d/libvirt-bin.preinst: drop manual mv of conffiles which lacked
++      retaining changes and upgrade-abort handling.
++    - d/libvirt-bin.preinst: handle upgrades up to the latest predecessor
++      possible before yakkety.
++    - d/libvirt-bin.preinst: fixup the combination of rm+mv conffile in case
++      the package is upgrading from pre yakkety.
++    - d/libvirt-daemon-system.postinst: clean up old dnsmasq enablement symlink
++      if unmodified.
++
++ -- Christian Ehrhardt <christian.ehrhardt@canonical.com>  Wed, 31 May 2017 14:29:51 +0200
++
++libvirt (2.5.0-3ubuntu7) artful; urgency=medium
++
++  * debian/patches/ubuntu/apparmor-ppcwrapper.patch: update to add missing
++    colon (LP: #1686621).
++
++ -- Christian Ehrhardt <christian.ehrhardt@canonical.com>  Thu, 27 Apr 2017 13:16:05 +0200
++
++libvirt (2.5.0-3ubuntu6) artful; urgency=medium
++
++  * Add missing apparmor profile entries (LP: #1680384)
++    - debian/patches/ubuntu/apparmor-vfio.patch: apparmor: add /dev/vfio
++      for vf (hot) attach
++    - debian/patches/ubuntu/apparmor-ppcwrapper.patch: apparmor: allow
++      extra tools executed by kvm.powerpc
++    - debian/patches/ubuntu/apparmor-shutdown.patch: apparmor: allow to
++      parse cmdline of the pid that send the shutdown signal
++
++ -- Christian Ehrhardt <christian.ehrhardt@canonical.com>  Tue, 25 Apr 2017 14:10:06 +0200
++
++libvirt (2.5.0-3ubuntu5) zesty; urgency=medium
++
++  * d/p/ubuntu/virsh-maxvcpu-fall-back-to-old-command.patch: virsh: maxvcpus:
++    Always fall back to the old command if domain caps fail (LP: #1674298)
++
++ -- Christian Ehrhardt <christian.ehrhardt@canonical.com>  Tue, 21 Mar 2017 08:02:37 +0100
++
++libvirt (2.5.0-3ubuntu4) zesty; urgency=medium
++
++  * d/p/ubuntu/qemu-Allow-empty-script-path-to-interface.patch: in the past
++    it was possible to have <script path=''/> which now fails - fix to match
++    the old behavior (LP: #1665698)
++
++ -- Christian Ehrhardt <christian.ehrhardt@canonical.com>  Fri, 10 Mar 2017 08:57:18 +0100
++
++libvirt (2.5.0-3ubuntu3) zesty; urgency=medium
++
++  [ Christian Ehrhardt ]
++  * d/p/ubuntu/Ensure-disk-names-follow-the-disk-name-regex.patch:
++    guarantee disk spec is following the defined regex (LP: #1665410).
++
++  [ Bryan Quigley ]
++  * d/p/ubuntu/0007-apparmor-fix-for-new-virt-manager.patch: Add Apparmor
++    permissions so virt-manager 1.4.0 viewing works (LP: #1668681).
++
++ -- Christian Ehrhardt <christian.ehrhardt@canonical.com>  Mon, 06 Mar 2017 08:24:06 +0100
++
++libvirt (2.5.0-3ubuntu2) zesty; urgency=medium
++
++  * No-change rebuild to build against Xen-4.8 libs.
++
++ -- Stefan Bader <stefan.bader@canonical.com>  Thu, 26 Jan 2017 14:19:03 +0100
++
++libvirt (2.5.0-3ubuntu1) zesty; urgency=medium
++
++  * Merged with Debian unstable
++    - this picks up a fix for migrations using NFS mounts (LP: #1637601).
++  * Remaining changes:
++    - Disable sheepdog (universe dependency)
++    - Disable libssh2 support (universe dependency)
++    - Disable firewalld support (universe dependency)
++    - Disable selinux
++    - Enable esx support
++      - Add build-dep to libcurl4-gnutls-dev (required for esx)
++    - Set qemu-group to kvm (for compat with older ubuntu)
++    - Added changes to use the upstream apparmor profiles with added
++      delta (configurable via apparmor profiles version).
++      * d/p/u/000[1-6]-apparmor-*
++    - Regularly clear AppArmor profiles for vms that no longer exist
++    - Fix name resolution calls from virt-aa-helper profile (LP 1546674).
++    - Add missing apparmor rule for debug-threads feature (LP 1615550).
++    - Add new block device types to virt-aa-helpers profile (LP 1641618)
++    - Additional apport package-hook
++    - d/rules: debhelper start virtlogd.socket
++    - Add sysvinit script for virtlockd
++    - Additional debian/bug-presubj
++    - Modifications to adapt for our delayed switch away from libvirt-bin (can
++      be dropped after 18.04).
++      - d/p/ubuntu/libvirtd-service-add-bin-alias.patch: alias to old
++        libvirt-bin name.
++      - d/p/ubuntu/libvirtd-init-add-bin-alias.patch: provides for the old
++        libvirt-bin name.
++    - Wait on socket in sysvinit script
++    - Backwards compatible handling of groups (can be dropped after 18.04).
++    - config details and autostart of default bridged network. Creating that is
++      now the default in general, yet our solution provides the following on
++      top as of today:
++      - nat only on some ports <port start='1024' end='65535'/>
++      - autostart the default network by default
++      - do not autostart if 192.168.122.0 is already taken (e.g. in containers)
++    - d/p/ubuntu/Allow-libvirt-group-to-access-the-socket.patch: This is
++      the group based access to libvirt functions as it was used in Ubuntu
++      for quite long.
++      - d/p/ubuntu/daemon-augeas-fix-expected.patch fix some related tests
++        due to the group access change.
++    - d/p/ubuntu/dnsmasq-as-priv-user: configuration to run as extra user
++      - d/p/ubuntu/disable-network-test.patch: disable test failing due to
++        dnsmasq changes.
++    - ubuntu/parallel-shutdown.patch: set parallel shutdown by default.
++    - d/p/ubuntu/enable-kvm-spice.patch: compat with older Ubuntu qemu/kvm
++      which provided a separate kvm-spice.
++    - d/p/ubuntu/storage-default-permission-mode-to-0711: safer default perms
++      for storage dirs like /var/lib/libvirt/images.
++    - d/p/ubuntu/storage-disable-gluster-test: gluster not enabled, skip test
++    - d/p/ubuntu/9031-enable-lxc-apparmor: enable apparmor confinement of
++      containers by default.
++    - d/p/ubuntu/9032-lxc-allow-no-security-driver: allow empty sec driver for
++      libvirt-lxc.
++    - d/p/ubuntu/ubuntu_machine_type.patch: accept ubuntu types as pci440fx
++    - d/p/ubuntu/ubuntu-libxl-qemu-path.patch: Set common qemu path to match
++      Debian/Ubuntu Xen packaging.
++    - d/p/ubuntu/ubuntu-libxl-hvmloader-path.patch: Fallback for libxl
++      xen paths (LP 1459603)
++    - d/p/ubuntu/ubuntu-libxl-Fix-up-VRAM-to-minimum-requirements.patch: auto
++      set VRAM to minimum requirements
++    - d/p/ubuntu/libxl-no-dm-check.patch: Stop calling emulator to identify
++      device-model
++    - d/p/ubuntu/xen-default-uri.patch: set default URI on xen hosts
++    - fixup tests to match packaging of Xen (mostly different paths)
++      - d/p/ubuntu/libxl-fix-test-data.patch
++      - d/p/ubuntu/fix-xen-xml-in-tests.patch
++    - d/p/ubuntu/Debianize-virtlogd-service.patch: Adapt config file location
++      for Debian based systems.
++    - d/p/ubuntu/Debianize-virtlockd-init.patch: Fix default config path in
++      virtlockd.init for Debian based systems.
++    - d/p/ubuntu/9034-complete-9p-support: virt-aa-helper: add l to 9p file
++      options.
++    - d/p/ubuntu/parallel-shutdown.patch: shut guests down in parallel
++    - d/p/ubuntu/virt-aa-helper-no-explicity-deny-for-basefiles.patch: ask for
++      no deny rule for readonly disk elements.
++    - d/p/ubuntu/virt-aa-helper-add-guest-agent-rule.patch: add virt-aa-helper
++      rule allowing all private channel access
++    - d/p/ubuntu/libvirtd-service-nolimit.patch: remove proc/file/task limits
++      to support huge systems.
++    - d/p/ubuntu/virt-aa-helper-apparmor-allow-usr-share-AAVMF-too.patch:
++      virt-aa-helper to allow access to aarch64 UEFI images.
++    - d/p/ubuntu/libvirtd-service-set-notifyaccess.patch: set NotifyAccess=all
++      in libvirtd.service (LP 1574566).
++    - d/p/ubuntu/apibuild-skip-libvirt-common.h: drop libvirt-common.h from
++      included_files to avoid build failures due to duplicate definitions.
++    - Update README.Debian with Ubuntu changes
++    - Convert libvirt0, libnss_libvirt and libvirt-dev to multi-arch.
++    - Add libxl log directory
++    - Enable some additional features on ppc64el and s390x (for arch parity)
++      - systemtap, zfs, numa and numad on s390x.
++      - systemtap on ppc64el.
++  * Dropped Changes:
++    - Build depend on gnutls >= 3.5.6-4ubuntu2 (no > 3.5.6 && < 3.5.6-4ubuntu2
++      in any release left)
++    - Fix parsing non apparmor labels LP:#1633207 (upstream in libvirt 2.5)
++    - Ignore newlines in guest list (upstream in libvirt 2.4)
++    - Avoid migration postcopy issues by ensuring valid commands (upstream in
++      libvirt 2.5)
++    - Enable numa for arm64 (in Debian)
++    - Fix libvirt start failure when security_driver set (upstream in libvirt
++      2.2)
++    - virt-aa-helper: Fix upstream implementation of no explicit deny rule
++      (upstream in libvirt 2.3)
++    - Some useless whitespace damage and no more applicable comments
++    - The following patches were part of the Delta but not the series file.
++      So they had no effect and can be dropped now:
++      - ubuntu/9036-util-prepare-uri-for-libxml2-2.9.2.patch
++      - ubuntu/Disable-failing-virnetsockettest.patch
++      - ubuntu/dont-include-non-migrateable-features-in-host-model
++      - ubuntu/upstream-libxl-Allow-libxl-to-find-pygrub-binary.patch
++    - See the 2.1.0-1ubuntu15 and 2.1.0-1ubuntu16 changelogs for related
++      pre-merge drops
++    - Add build-dep to libxml-libxml-perl (no more needed)
++    - apparmor double add /usr/bin/qemu-sparc64 rmix (no function anymore)
++    - apparmor /usr/{lib,lib64}/qemu/block-*.so (in Debian)
++    - apparmor moving /bin/bash rmix in profile (drop non functional delta)
++    - follow Debians style of block-*.so rules for block-extra (drop our
++      functionally equivalent adding/moving of rules)
++    - follow Debians style of lib/lib64 rules (drop a lot of our functional
++      functionally equivalent adding/moving of rules)
++    - accept Upstream style to handle libvirt_iohelper and libvirt_parthelper
++      (stop removing the two rules without an associated bug to reduce delta)
++    - Disabling dep8 smoke tests
++  * Added Changes:
++    - d/t/control, d/t/smoke-qemu-session: fixup smoke-qemu-session by making
++      vmlinuz available and accessible (in discussed with Debian in debbug
++      848314)
++    - d/t/control, d/t/smoke-lxc: fix up lxc smoke test (in discussed with
++      Debian in debbug 848317)
++
++ -- Christian Ehrhardt <christian.ehrhardt@canonical.com>  Tue, 03 Jan 2017 13:58:30 +0100
++
  libvirt (2.5.0-3) unstable; urgency=medium
    * [ba9fcb8] Invoke db_stop.
@@ -1695,6 +5198,192 @@ libvirt (2.1.0-2) unstable; urgency=medium
   -- Guido Günther <agx@sigxcpu.org>  Fri, 19 Aug 2016 10:22:22 +0200
++libvirt (2.1.0-1ubuntu16) zesty; urgency=medium
++
++  * Ensure d/p/ubuntu/9002-default_uri_virsh_to_system.patch is
++    dropped as intended.
++  * Re-Add d/p/ubuntu/apibuild-skip-libvirt-common.h for an issue that
++    transiently occurs on LP builds (real trigger not yet identified, so it
++    can't be upstreamed).
++
++ -- Christian Ehrhardt <christian.ehrhardt@canonical.com>  Wed, 14 Dec 2016 09:30:58 +0100
++
++libvirt (2.1.0-1ubuntu15) zesty; urgency=medium
++
++  * Cleanup Ubuntu Delta prior to next libvirt merge
++    - drop obsolte patches:
++      d/p/ubuntu/cgroups-ignore-systemd-failure,
++      d/p/ubuntu/ubuntu-skip-virstoragetest,
++      d/p/ubuntu/9021-fix-uint64_t.patch,
++      ubuntu/Disable-failing-virnetsockettest.patch (was only comment),
++      d/p/ubuntu/9002-default_uri_virsh_to_system.patch,
++      d/p/ubuntu/ubuntu-xend-probe.patch
++    - clarify dep3 headers to be more useful:
++      d/p/ubuntu/Allow-libvirt-group-to-access-the-socket.patch,
++      d/p/ubuntu/daemon-augeas-fix-expected.patch,
++      d/p/ubuntu/enable-kvm-spice.patch,
++      d/p/ubuntu/dnsmasq-as-priv-user,
++      d/p/ubuntu/disable-network-test.patch
++    - split patch containing unrelated changes into two patches, so parts of
++      d/p/ubuntu/storage-default-permission-mode-to-0711 moved into
++      d/p/ubuntu/storage-disable-gluster-test
++
++ -- Christian Ehrhardt <christian.ehrhardt@canonical.com>  Mon, 12 Dec 2016 11:59:59 +0100
++
++libvirt (2.1.0-1ubuntu14) zesty; urgency=medium
++
++  * d/p/u/apparmor-fix-name-resolution.patch rework the fix to base
++    on the apparmor nameservice abstraction to be future proof (LP: #1546674).
++  * d/p/ubuntu/apparmor-fix-new-devicetypes.patch add new block device types to
++    virt-aa-helpers profile (LP: #1641618)
++  * d/p/u/apparmor-fix-other-seclabels.patch refresh to the now upstream
++    accepted solution (LP: #1633207).
++
++ -- Christian Ehrhardt <christian.ehrhardt@canonical.com>  Thu, 24 Nov 2016 08:06:38 +0100
++
++libvirt (2.1.0-1ubuntu13) zesty; urgency=medium
++
++  * drop d/p/ubuntu/fix-ftbfs-for-gnutls-3-5-6.patch as the offending change
++    in gnutls has been reverted (LP: #1641615)
++  * Build depend on gnutls >= 3.5.6-4ubuntu2 to build after the gnutls fix
++    migrated
++
++ -- Christian Ehrhardt <christian.ehrhardt@canonical.com>  Thu, 17 Nov 2016 08:43:10 +0100
++
++libvirt (2.1.0-1ubuntu12) zesty; urgency=medium
++
++  * d/p/ubuntu/fix-ftbfs-for-gnutls-3-5-6.patch fix FTBFS due to changes in
++    gnutls that affected the ordering on certificate DN entries (LP: #1641615)
++  * Revert "Fix FTBFS on zesty due to issues with concurrent make check" as it
++    was not the right solution.
++
++ -- Christian Ehrhardt <christian.ehrhardt@canonical.com>  Wed, 16 Nov 2016 14:52:17 +0100
++
++libvirt (2.1.0-1ubuntu11) zesty; urgency=medium
++
++  * Fix FTBFS on zesty due to issues with concurrent make check (LP: #1641615)
++
++ -- Christian Ehrhardt <christian.ehrhardt@canonical.com>  Tue, 15 Nov 2016 14:45:52 +0100
++
++libvirt (2.1.0-1ubuntu10) zesty; urgency=medium
++
++  [Simon Déziel]
++  * d/p/u/apparmor-fix-name-resolution.patch adds missing rules for name
++    resolution to virt-aa-helper Apparmor profile (LP: #1546674).
++  * d/p/u/apparmor-fix-debug-threads.patch adds missing rule for debug-threads
++    feature that is now default enabled to Apparmor profile (LP: #1615550).
++
++  [Christian Ehrhardt]
++  * d/p/u/apparmor-fix-other-seclabels.patch fixes an issue parsing non
++    apparmor security labels (LP: #1633207).
++
++ -- Christian Ehrhardt <christian.ehrhardt@canonical.com>  Mon, 24 Oct 2016 14:21:36 +0200
++
++libvirt (2.1.0-1ubuntu9) yakkety; urgency=medium
++
++  * Fix libvirt-guest.sh to handle multiple guests (LP: #1591695).
++
++ -- Stefan Bader <stefan.bader@canonical.com>  Thu, 06 Oct 2016 12:14:05 +0200
++
++libvirt (2.1.0-1ubuntu8) yakkety; urgency=medium
++
++  [ Christian Ehrhardt ]
++
++  * avoid migration postcopy issues by ensuring valid commands (LP: #1620906)
++    - d/p/ubuntu/check-live-for-postcopy.patch Check for --live flag for
++      postcopy-after-precopy migration.
++    - d/p/ubuntu/make-postcopy-mandatory-for-postcopy-after-precopy.patch to
++
++  [ Stefan Bader ]
++
++  * Fix Xenial to Yakkety migration from libvirt-bin.service to
++    libvirtd.service (LP: #1627969).
++  * Update Vcs-Git and Vcs-Browser fields to point to launchpad
++    (LP: #1629210)
++
++  [ Dann Frazier ]
++
++  * Fix FTBS in Yakkety due to missing python dependency (LP: #1629041)
++
++ -- Stefan Bader <stefan.bader@canonical.com>  Fri, 30 Sep 2016 10:11:30 +0200
++
++libvirt (2.1.0-1ubuntu7) yakkety; urgency=medium
++
++  * Enable NUMA support in arm64 builds (LP: #1627926).
++
++ -- dann frazier <dannf@ubuntu.com>  Mon, 26 Sep 2016 23:36:24 -0600
++
++libvirt (2.1.0-1ubuntu6) yakkety; urgency=medium
++
++  * No-change rebuild for readline soname change.
++
++ -- Matthias Klose <doko@ubuntu.com>  Sat, 17 Sep 2016 12:05:33 +0000
++
++libvirt (2.1.0-1ubuntu5) yakkety; urgency=medium
++
++  [ Jon Grimm ]
++
++  * Fix libvirt start failure when security_driver set (LP: #1618592)
++    - qemu: fix qemu.conf security_driver
++
++ -- Stefan Bader <stefan.bader@canonical.com>  Thu, 08 Sep 2016 14:11:47 +0200
++
++libvirt (2.1.0-1ubuntu4) yakkety; urgency=medium
++
++  * Enable systemtap, zfs, numa on s390x.
++  * Enable systemtap on ppc64el.
++
++ -- Dimitri John Ledkov <xnox@ubuntu.com>  Wed, 24 Aug 2016 13:21:29 +0100
++
++libvirt (2.1.0-1ubuntu3) yakkety; urgency=low
++
++  * Really fix the ADT regression and not only the changelog due
++    to somehow ending up on the wrong git branch.
++
++ -- Stefan Bader <stefan.bader@canonical.com>  Wed, 17 Aug 2016 18:31:01 +0200
++
++libvirt (2.1.0-1ubuntu2) yakkety; urgency=low
++
++  * Fix ADT build-test regression(s)
++
++ -- Stefan Bader <stefan.bader@canonical.com>  Wed, 17 Aug 2016 15:18:38 +0200
++
++libvirt (2.1.0-1ubuntu1) yakkety; urgency=low
++
++  * Merged with Debian testing. Remaining changes:
++    - Added changes to use the upstream apparmor profiles with added
++      delta (configurable via apparmor profiles version).
++      * d/p/u/0001-apparmor-add-feature-parsing.patch
++      * d/p/u/0002-apparmor-apply-ubuntu-delta.patch
++      * d/p/u/0003-apparmor-debian-ubuntu-delta.patch
++      * d/p/u/0004-apparmor-ubuntu-delta.patch
++    - Avoiding dependency on sheepdog
++    - Additional apport package-hook
++    - Additional dnsmasq configuration
++    - Additional profile.d script to set default URI
++    - Additional debian/bug-presubj
++    - d/rules: debhelper start virtlogd.socket not virtlockd.service
++    - Modifications to adapt for our delayed switch away from libvirt-bin.
++    - Wait on socket in sysvinit script
++    - Backwards compatible handling of groups and default bridged network
++      creation.
++    - Extended handling of apparmor profiles
++    - Convert libvirt0 and libvirt-dev to multi-arch.
++    - Added a fix for the upstream version of adding better write denials
++      handling to virt-aa-helper.
++    - Convert libnss_libvirt to multi-arch and fix up source location that
++      changed when making libvirt0 multi-arch.
++    - Dropped
++      * upstart script for libvirtd
++      * d/p/lp1588841-000[123]-* (upstream)
++      * d/p/u/qemu-Add-virQEMUCapsSupportsGICVersion.patch (upstream)
++      * d/p/u/qemu-Automatically-choose-usable-GIC-version.patch (upstream)
++      * d/p/u/docs-remove-xpath.patch (xpath removed upstream)
++      * d/p/u/preup-virt-aa-helper-better-write-denials-handling.patch (upstr.)
++      * d/p/u/ubuntu/virt-aa-helper-helpfix.patch (upstream)
++
++ -- Stefan Bader <stefan.bader@canonical.com>  Wed, 13 Jul 2016 13:12:36 +0200
++
  libvirt (2.1.0-1) unstable; urgency=medium
    * Upload to unstable
@@ -1764,6 +5453,103 @@ libvirt (1.3.5~rc1-1) experimental; urgency=medium
   -- Guido Günther <agx@sigxcpu.org>  Mon, 30 May 2016 22:00:33 +0200
++libvirt (1.3.4-1ubuntu6) yakkety; urgency=low
++
++  * Fix libvirtd crashing on libxl domain restore (LP: #1588841).
++    Patches cherry-picked from upsream libvirt git tree.
++    - libxl: switch to using libxl_domain_create_restore from v4.4 API
++    - libxl: support Xen migration stream V2 in save/restore
++    - libxl: support migration stream V2 in migration
++
++ -- Stefan Bader <stefan.bader@canonical.com>  Wed, 08 Jun 2016 14:17:23 +0200
++
++libvirt (1.3.4-1ubuntu5) yakkety; urgency=low
++
++  * Update the correct apparmor profiles to allow AAVMF and qemu-efi
++    firmware for aarch64 (1538882)
++  * Clean up / refresh various patches to finalize switch from libvirt-bin
++    to libvirtd as service name.
++    Drop: d/p/ubuntu/libvirt-bin-service-libvirtd-alias.patch
++    Refresh+Rename: d/p/ubuntu/libvirt-bin-service-set-notifyaccess.patch ->
++                    d/p/ubuntu/libvirtd-service-nolimit.patch
++    Rename: d/p/ubuntu/libvirt-bin-service-set-notifyaccess.patch ->
++            d/p/ubuntu/libvirtd-service-set-notifyaccess.patch
++    Refresh: d/p/ubuntu/libvirtd-service-add-bin-alias.patch
++    Add: d/p/ubuntu/libvirtd-init-add-bin-alias.patch
++  * Change default profile used by libvirtd.service to /etc/default/libvirtd.
++    Drop: d/p/ubuntu/switch-service-files-to-libvirt-bin.patch
++  * Drop virtlockd.service from dh_systemd_start in debian/rules as
++    the service is socket activated (LP: #1588006).
++  * Fix failure to enable libvirtd.service due to lingering libvirt-bin
++    alias. This could happen when the upgrade from a version prior 1.3.3-2
++    happened before 1.3.4-1ubuntu3 (LP: #1588004).
++
++ -- Stefan Bader <stefan.bader@canonical.com>  Thu, 02 Jun 2016 14:50:27 +0200
++
++libvirt (1.3.4-1ubuntu4) yakkety; urgency=medium
++
++  * Re-enable the upstart job by renaming the file.
++  * Include patchby @guessi to continally wait for libvirtd to start when
++    using sysvinit or upstart.  (LP: #1571209)
++
++ -- Serge Hallyn <serge.hallyn@ubuntu.com>  Mon, 23 May 2016 13:50:22 -0500
++
++libvirt (1.3.4-1ubuntu3) yakkety; urgency=medium
++
++  [ dann frazier ]
++  * d/p/u/qemu-Add-virQEMUCapsSupportsGICVersion.patch,
++    d/p/u/qemu-Automatically-choose-usable-GIC-version.patch: If no GIC
++    was specified for an ARM virt guest, choose a GIC version supported
++    by the host. (LP: #1566564)
++
++  [ Serge Hallyn ]
++  * libvirt-bin.preinst: on upgrades from prior to 1.3.3-2, also remove the
++    service file for the Alias - /etc/systemd/system/libvirtd.service.
++    (LP: #1579922)
++
++ -- dann frazier <dannf@ubuntu.com>  Thu, 19 May 2016 08:57:33 -0600
++
++libvirt (1.3.4-1ubuntu2) yakkety; urgency=medium
++
++  * Include installing virtlogd.socket. (LP: #1583009)
++
++ -- Chris J Arges <chris.j.arges@canonical.com>  Wed, 18 May 2016 13:56:08 -0500
++
++libvirt (1.3.4-1ubuntu1) yakkety; urgency=medium
++
++  * Merge 1.3.4-1 from Debian unstable
++  * Drop upstream-applied patches:
++    - conf-also-mark-implicit-video-as-primary.patch
++    - libvirt-socket-fix-group
++  * Remaining changes
++    - keep libvirt-bin transitional package - until 18.10 (for lts-to-lts
++      upgrades)
++    - keep (redundant) libvirtd group if it existed on upgrade - until 18.10
++      (for lts-to-lts upgrades)
++    - keep ubuntu-specific patches
++    - ship apport and dnsmasq files
++    - enable virbr0
++    - ship apparmor from debian/*.  We should push changes upstrema, but
++      cannot sync with debian as apparmor profiles must be processed in
++      debian/rules for cloud archive.
++    - debian/control
++      - enable zfs
++      - disable libssh2 and sheepdog
++      - add libxml-libxml-perl and libcurl4-gnutls-dev
++      - enable libnuma-dev on ppc64el (pushed to Debian)
++      - update release for conflicts/replaces on libvirt-bin to << 1.3.3-2
++    - debian/libvirt-daemon-system.preinst: stop libvirt-bin on certain
++      upgrades.
++      - Multi-arch-ify.
++    - debian/rules: disable selinux and firewalld;  use 'kvm' group; disable
++      ssh2, enable zfs and esx;  process apparmor files for older releases;
++      copy dnsmasq configuration.
++    - debian/tests/control: add extra depends
++  * d/p/ubuntu/apibuild-skip-libvirt-common.h: libvirt-common.h is being
++    included twice leading to build failures - drop it temporarily.
++
++ -- Serge Hallyn <serge.hallyn@ubuntu.com>  Thu, 12 May 2016 12:50:02 -0500
++
  libvirt (1.3.4-1) unstable; urgency=medium
    * Upload to unstable
@@ -1793,6 +5579,65 @@ libvirt (1.3.4~rc1-1) experimental; urgency=medium
   -- Guido Günther <agx@sigxcpu.org>  Wed, 27 Apr 2016 16:51:55 +0200
++libvirt (1.3.3-2ubuntu2) yakkety; urgency=medium
++
++  * debian/rules: fix paths when removing files which should not end up
++    in libvirt-daemon package.
++
++ -- Serge Hallyn <serge.hallyn@ubuntu.com>  Thu, 12 May 2016 13:14:17 -0500
++
++libvirt (1.3.3-2ubuntu1) yakkety; urgency=medium
++
++  * Merge 1.3.3-2 from Debian unstable
++  * Merge new packaging layout
++    - debian/control
++      * add libsanlock-dev, dtrace, systemtap-sdt-dev, librados-dev,
++        libfuse-dev, augeas-tools to Build-Depends.
++      * Drop libcgmanager-dev from Build-Depends.
++      * Add libvirt-clients, libvirt-daemon, and libvirt-daemon-system
++        packages which replace the now-virtual libvirt-bin package.
++      * Drop libvirt0-dbg (is this intential in Debian?)
++      * Add libvirt-sanlock package (this should be in universe)
++  * Switch to 'libvirt' group, keeping the same gid as 'libvirtd'
++    on upgrade.  Keep libvirtd group name on upgrade in case any
++    site scripts use it.
++  * Enable dtrace
++  * Add Debian policy-kit configuration
++  * drop ubuntu/9004-libvirtd-group-name.patch as we are switching to group
++    'libvirt'
++  * Drop obsolete migration scripts:
++    - libvirt-migrate-xend-managed-domains
++    - libvirt-migrate-qemu-disks
++    - libvirt-migrate-qemu-machinetype
++  * Remaining changes:
++    - keep libvirt-bin transitional package - until 18.10 (for lts-to-lts
++      upgrades)
++    - keep (redundant) libvirtd group if it existed on upgrade - until 18.10
++      (for lts-to-lts upgrades)
++    - keep ubuntu-specific patches
++    - ship apport and dnsmasq files
++    - enable virbr0
++    - ship apparmor from debian/*.  We should push changes upstrema, but
++      cannot sync with debian as apparmor profiles must be processed in
++      debian/rules for cloud archive.
++    - debian/control
++      - enable zfs
++      - disable libssh2 and sheepdog
++      - add libxml-libxml-perl and libcurl4-gnutls-dev
++      - enable libnuma-dev on ppc64el (pushed to Debian)
++      - update release for conflicts/replaces on libvirt-bin to << 1.3.3-2
++    - debian/libvirt-daemon-system.preinst: stop libvirt-bin on certain
++      upgrades.
++      - Multi-arch-ify.
++    - debian/rules: disable selinux and firewalld;  use 'kvm' group; disable
++      ssh2, enable zfs and esx;  process apparmor files for older releases;
++      copy dnsmasq configuration.
++    - debian/tests/control: add depends
++  * d/p/ubuntu/conf-also-mark-implicit-video-as-primary.patch: upstream patch
++    to fix failure to start vms with video not explicitly marked as 'primary'
++
++ -- Serge Hallyn <serge.hallyn@ubuntu.com>  Fri, 29 Apr 2016 20:51:48 -0500
++
  libvirt (1.3.3-2) unstable; urgency=medium
    * Upload to unstable
@@ -1844,6 +5689,239 @@ libvirt (1.3.1-2) unstable; urgency=medium
   -- Guido Günther <agx@sigxcpu.org>  Fri, 19 Feb 2016 17:29:27 +0100
++libvirt (1.3.1-1ubuntu11) yakkety; urgency=medium
++
++  [ Stefan Bader ]
++  * Add alias for libvirtd.service into  libvirt-bin.service
++
++  [ Serge Hallyn ]
++  * d/p/u/libvirt-bin-service-set-notifyaccess.patch: Set NotifyAccess=all in
++    libvirt-bin systemd service file. (LP: #1574566)
++
++ -- Serge Hallyn <serge.hallyn@ubuntu.com>  Mon, 18 Apr 2016 13:44:15 -0500
++
++libvirt (1.3.1-1ubuntu10) xenial; urgency=medium
++
++  * d/p/u/virt-aa-helper-apparmor-allow-usr-share-AAVMF-too.patch: Allow
++    access to /usr/share/AAVMF/** and /usr/share/qemu-efi/** for aarch64 UEFI.
++    (LP: #1538882)
++
++ -- William Grant <wgrant@ubuntu.com>  Fri, 15 Apr 2016 12:08:21 +1000
++
++libvirt (1.3.1-1ubuntu9) xenial; urgency=medium
++
++  * Remove the tasks limit on libvirt-bin service (LP: #1567381)
++    This should be un-done when it is properly fixed in the code so
++    that virtual machines are started in their own pids cgroup.
++
++ -- Serge Hallyn <serge.hallyn@ubuntu.com>  Thu, 07 Apr 2016 10:05:01 -0500
++
++libvirt (1.3.1-1ubuntu8) xenial; urgency=medium
++
++  * d/p/u/virt-aa-helper-add-guest-agent-rule.patch: this actually solves
++    the qemu guest agent problem for rhel7 vms for me.  (LP: #1393842)
++    Also drop the mknod rule which isn't needed.
++  * d/apparmor/usr.lib.libvirt.virt-aa-helper: add permission to read under
++    /var/run.  This is needed for some openvswitch info. (LP: #1513367)
++
++ -- Serge Hallyn <serge.hallyn@ubuntu.com>  Fri, 11 Mar 2016 15:01:25 -0800
++
++libvirt (1.3.1-1ubuntu7) xenial; urgency=medium
++
++  * zfs support (LP: #1553023)
++    - Cherrypick upstream patches to support zfs
++    - debian/rules: build with zfs support
++    - debian/control: add zfs as build-dep
++  * d/p/u/virt-aa-helper-no-explicity-deny-for-basefiles.patch: don't mark
++    readonly files with an explicity deny only because the xml marks it
++    as reasonly. (LP: #1554031)
++  * fix typo in virt-aa-helper helptext
++  * fix d/p/u/preup-virt-aa-helper-better-write-denials-handling.patch to
++    not overwrite const memory.
++
++ -- Serge Hallyn <serge.hallyn@ubuntu.com>  Thu, 10 Mar 2016 19:25:54 -0800
++
++libvirt (1.3.1-1ubuntu6) xenial; urgency=medium
++
++  * d/apparmor/libvirt-qemu: generalize the qemu-block-extra libs line.
++    (LP: #1554761)
++  * d/p/ubuntu/virt-aa-helper-add-mknod-for-guest-agent.patch: add mknod
++    capability if there is a qemu guest agent. (LP: #1393842)
++
++ -- Serge Hallyn <serge.hallyn@ubuntu.com>  Wed, 09 Mar 2016 18:45:08 -0800
++
++libvirt (1.3.1-1ubuntu5) xenial; urgency=low
++
++  * Added d/p/ubuntu/preup-virt-aa-helper-better-write-denials-handling.patch
++    and refreshed d/p/ubuntu/9034-complete-9p-support accordingly.
++  * Added d/p/ubuntu/additional-libvirt-guest-tweaks.patch to fix default
++    URI detection when running in a Xen control domain. Also change the
++    default config to do parallel shutdown requests (max. 10) and reduce the
++    timeout to 2 minutes.
++
++ -- Stefan Bader <stefan.bader@canonical.com>  Wed, 09 Mar 2016 09:13:09 +0100
++
++libvirt (1.3.1-1ubuntu4) xenial; urgency=low
++
++  * d/libvirt-bin.virtlockd.init: Replace by the version I had already
++    prepared and was tested (LP: #1547208).
++  * d/libvirt-bin.virtlogd.init: Fix up some left-over references to
++    libvirtd.
++  * d/control: Add provides libvirt-daemon for libvirt-bin (LP: #1551643)
++
++ -- Stefan Bader <stefan.bader@canonical.com>  Tue, 01 Mar 2016 10:58:23 +0100
++
++libvirt (1.3.1-1ubuntu3) xenial; urgency=medium
++
++  * d/libvirt-bin.virtlockd.init: Re-write based on virtlogd init script
++    as upstream provided version is not compatible with Ubuntu/Debian.
++
++ -- James Page <james.page@ubuntu.com>  Mon, 29 Feb 2016 22:24:49 +0000
++
++libvirt (1.3.1-1ubuntu2) xenial; urgency=medium
++
++  * No-change rebuild for gnutls transition.
++
++ -- Matthias Klose <doko@ubuntu.com>  Wed, 17 Feb 2016 22:41:20 +0000
++
++libvirt (1.3.1-1ubuntu1) xenial; urgency=low
++
++  * Merge from Debian unstable.  Remaining changes:
++    - debian/apparmor/{libvirt-lxc,libvirt-qemu,local-usr.sbin.libvirtd,
++      TEMPLATE.lxc,TEMPLATE.qemu,usr.lib.libvirt.virt-aa-helper,
++      usr.sbin.libvirtd} Add apparmor profiles.
++    - Add debian/libvirt-bin.virtlockd.init based on the upstream version
++      src/locking/virtlockd.init.in. This does not seem to get processed
++      by the build.
++    - debian/control:
++      * Add libcurl4-gnutls-dev, libxml-libxml-perl, libcgmanager-dev
++      * Add ppc64el to libnuma-dev arches
++      * Remove libsanlock-dev, libselinux1-dev, systemtap-sdt-dev
++      * Remove python, sheepdog, librados-dev, libfuse-dev
++      * Remove libssh2-1-dev, qemu-system-common, augeas-tools
++      * Don't build libvirt-clients, libvirt-daemon, libvirt-sanlock packages
++      * Keep multiarch changes.
++    - Keep debian/{libvirt-bin.apport,libvirt-bin.cron.daily}
++    - Keep change d/libvirt0.install and d/libvirt-dev.install that
++      adds multi-arch wildcard.
++    - d/libvirt-daemon-system.libvirtd.default ->
++      d/libvirt-bin.libvirt-bin.default
++    - d/libvirt-daemon-system.dirs -> d/libvirt-bin.dirs
++      * Add /etc/apparmor.d/{abstractions,disable,force-complain,local}
++      * Add /etc/cron.daily
++      * Add /usr/share/apport/package-hooks
++      * Add /var/log/libvirt/libxl
++      * Add /etc/dnsmasq.d-available
++      * Remove /usr/share/polkit-1/rules.d/
++      * Remove /var/lib/polkit-1/localauthority/10-vendor.d/
++    - Keep debian/libvirt-bin.dnsmasq
++    - d/libvirt-daemon-system.examples -> d/libvirt-bin.examples
++      * Remove debian/build/daemon/libvirtd.policy
++      * Drop debian/libvirt-suspendonreboot
++    - d/libvirt-daemon-system.libvirtd.init -> d/libvirt-bin.libvirt-bin.init
++      * Add provides libvirt-bin
++      * Change /etc/default/libvirtd into /etc/default/libvirt-bin
++      * Add wait_on_sockfile() and call it during start
++    - d/libvirt-daemon-system.install -> d/libvirt-bin.install
++      * Add usr/bin/*
++      * Add usr/sbin/*
++      * Add etc/apparmor.d/*
++      * Replace etc/libvirt/{libvirtd,virtlockd,virtlogd}.conf -> etc/libvirt/*
++        (since with the clients included there are many more config files)
++      * Add usr/share/polkit-1
++      * Add usr/lib/libvirt/*
++      * Add usr/share/augeas/*
++      * Add usr/share/libvirt/*
++      * Add usr/share/man/man8/*
++      * Add usr/share/apport/package-hooks/source_libvirt.py
++      * Add etc/dnsmasq.d-available/libvirt-bin
++      * Add etc/profile.d/libvirt-uri.sh
++      * Add usr/lib/libvirt
++    - d/libvirt-daemon-system.links -> d/libvirt-bin.links
++      * Replace libvirt-daemon-system with libvirt-bin for libvirt0
++      * Remove libvirt-daemon line
++    - Remove d/libvirt-bin.maintscript
++    - d/libvirt-clients.manpages -> d/libvirt-bin.manpages
++      * Add debian/libvirt-migrate-qemu-disks.1
++      * Add debian/libvirt-migrate-qemu-machinetype.1
++      * Add debian/libvirt-migrate-xend-managed-domains.1
++    - Combined d/libvirt-daemon-system.NEWS and d/libvirt-daemon.NEWS into
++      d/libvirt-bin.NEWS
++    - Keep d/libvirt-bin.{postinst,postrm,preinst} though they probably could
++      be freshly derived from libvirt-daemon counterparts.
++      * Added removal of qemu capability cache (found in Debian) to postinst
++      * Added reload of virtlogd in postinst (following example of virtlockd)
++    - Replace d/libvirt-bin.preinst
++    - Add d/libvirt-bin.upstart
++    - d/libvirt-daemon-system.virtlogd.init -> d/libvirt-bin.virtlogd.init
++    - Remove d/libvirt-clients.install
++    - Remove d/libvirt-clients.links
++    - Remove d/libvirt-daemon.install
++    - Remove d/libvirt-daemon.links
++    - d/libvirt-daemon.README.Debian -> d/libvirt-bin.README.Debian
++      * Replaced access control section
++      * Appended apparmor profile section
++      * Appended disk migration section
++      * Appended qemu/kvm machine type migration section
++    - Remove d/libvirt-daemon-system.{maintscript,postinst,postrm,preinst}
++    - Keep libvirt-migrate-qemu-disks (and manpage)
++    - Keep libvirt-migrate-qemu-machinetype (and manpage)
++    - Keep libvirt-migrate-xend-managed-domains (and manpage)
++    - Remove d/libvirt-sanlock.{cron.weekly,links,install}
++    - Drop d/libvirt-stop-guests
++    - Drop d/libvirt-suspendonreboot (replaced by upstream libvirt-guests)
++    - Keep d/libvirt-uri.sh
++    - Remove d/polkit/60-libvirt.pkla (and polkit directory)
++    - d/tests/control
++      - Add build-essential and pkg-config dependencies to build-test
++    - debian/rules:
++      * Add autoconf stuff (not sure what still really gets used).
++      * Use qemu-group kvm instead of libvirt-qemu
++      * Add SHEEPDOGCLI environment variable to dh_auto_configure
++        override (instead of an DEB_DH_... make variable which no
++        longer takes effect).
++      * Drop --with-secdriver-apparmor --with-apparmor-profiles from
++        WITH_APPARMOR config.
++      * Change WITH_FIREWALLD and WITH_SELINUX settings to disabled.
++      * Change WITH_DTRACE setting to disabled.
++      * Drop DEB_DH_SYSTEMD_START_ARGS_libvirt-bin as it is no longer
++        needed after dropping cdbs.
++      * Add to override_dh_install section
++        - Install apparmor files (and post-processing)
++        - Install apport hooks.
++        - Install migration tools.
++        - Install profile script to autoset URI.
++        - Replace package name libvirt-daemon-system with libvirt-bin.
++        - Debian now copies libvirt-guests.{init,default} and
++          virtlogd.default from upstream source. Copy virtlockd.default
++          as well.
++        - Rename libvirtd.{socket,service} to libvirt-bin.{socket,service}
++        - Change dh_systemd_start to use virtlo{g,ck}d.socket only (the
++          services are supposed to be started by using the sockets.
++        - Move libs and pkgconfig under multiarch directory.
++      * Modify override_dh_auto_clean
++        - Replace package name libvirt-daemon-system with libvirt-bin
++        - Delete upstream files which were copied into debian/.
++      * Add override_dh_gencontrol section which conditionally adds
++        conflicts on apparmor.
++      * Add override_dh_makeshlibs section to pass version info for
++        libvirt0.
++  * Dropped patches:
++    - ubuntu/virt-aa-helper-handle-ovmf (upstream added ovmf paths to
++      restricted_rw)
++  * Refreshed patches:
++    - refreshed d/p/ubuntu/9034-complete-9p-support
++  * New patches
++    - d/ubuntu/libvirt-guests-exclude-dom0.patch
++    - d/ubuntu/libxl-no-dm-check.patch
++    - d/ubuntu/libxl-fix-test-data.patch
++    - d/ubuntu/Debianize-virtlogd-service.patch
++    - d/ubuntu/Debianize-virtlockd-init.patch
++    - d/ubuntu/switch-service-files-to-libvirt-bin.patch
++    - d/ubuntu/libvirt-socket-fix-group.patch
++
++ -- Stefan Bader <stefan.bader@canonical.com>  Fri, 12 Feb 2016 14:46:21 +0100
++
  libvirt (1.3.1-1) unstable; urgency=medium
    [ Guido Günther ]
@@ -1913,6 +5991,151 @@ libvirt (1.3.0~rc1-1) experimental; urgency=medium
   -- Guido Günther <agx@sigxcpu.org>  Fri, 04 Dec 2015 17:12:53 +0100
++libvirt (1.2.21-2ubuntu10) xenial; urgency=medium
++
++  * Multiarchify the library packages.
++
++ -- Matthias Klose <doko@ubuntu.com>  Thu, 28 Jan 2016 16:33:15 +0100
++
++libvirt (1.2.21-2ubuntu9) xenial; urgency=medium
++
++  * debian/rules: Disable cdbs' implicitly generated dh_systemd_start calls.
++    We already call it explicitly with the right options, calling it again
++    with the default options stops libvirt-guests during upgrades.
++    (LP: #1533839)
++
++ -- Martin Pitt <martin.pitt@ubuntu.com>  Mon, 18 Jan 2016 09:10:21 +0100
++
++libvirt (1.2.21-2ubuntu8) xenial; urgency=low
++
++  * d/libvirt-stop-guests: Skip Domain-0 on guest shutdown. Newer
++    versions of libvirt will include dom0 in the list of running domains
++    (with libxl). This special domain must be ignored.
++
++ -- Stefan Bader <stefan.bader@canonical.com>  Thu, 14 Jan 2016 11:35:39 +0100
++
++libvirt (1.2.21-2ubuntu7) xenial; urgency=medium
++
++  * d/apparmor/libvirt-qemu: silence denial to shm/lttng file since shm
++    mountpoint has moved (LP: #1529319)
++
++ -- Serge Hallyn <serge.hallyn@ubuntu.com>  Mon, 11 Jan 2016 11:55:28 -0800
++
++libvirt (1.2.21-2ubuntu6) xenial; urgency=medium
++
++  * d/apparmor/libvirt-qemu: add r access to max_mem_regions vhost module
++    paramater (LP: #1531564)
++
++ -- Serge Hallyn <serge.hallyn@ubuntu.com>  Mon, 11 Jan 2016 11:33:02 -0800
++
++libvirt (1.2.21-2ubuntu5) xenial; urgency=medium
++
++  * SECURITY UPDATE: ACL bypass using storage pool directory traversal
++    - debian/patches/CVE-2015-5313.patch: filter filesystem volume names in
++      src/storage/storage_backend_fs.c.
++    - CVE-2015-5313
++
++ -- Marc Deslauriers <marc.deslauriers@ubuntu.com>  Fri, 08 Jan 2016 10:32:17 -0500
++
++libvirt (1.2.21-2ubuntu4) xenial; urgency=medium
++
++  * Revert Ubuntu-specific patch to build-depend on libsystemd-daemon-dev
++    instead of libsystemd-dev; libsystemd-daemon-dev is no longer built from
++    systemd source so we want libsystemd-dev.
++
++ -- Colin Watson <cjwatson@ubuntu.com>  Tue, 29 Dec 2015 00:31:16 +0000
++
++libvirt (1.2.21-2ubuntu3) xenial; urgency=medium
++
++  * Fix build-test autopkgtest: it now expects to run with the current
++    directory set to the root of the unpacked source package, writes to
++    $ADTTMP rather than to the source package, and declares dependencies on
++    build-essential and pkg-config.
++
++ -- Colin Watson <cjwatson@ubuntu.com>  Mon, 28 Dec 2015 05:25:54 +0000
++
++libvirt (1.2.21-2ubuntu2) xenial; urgency=medium
++
++  * d/apparmor/libvirt-qemu: add permission to the systemd-mounted hugepages
++    path.  (LP: #1524737)
++
++ -- Serge Hallyn <serge.hallyn@ubuntu.com>  Thu, 17 Dec 2015 10:49:18 -0800
++
++libvirt (1.2.21-2ubuntu1) xenial; urgency=medium
++
++  * Merge from Debian unstable.  Remaining changes:
++    - debian/apparmor/{libvirt-lxc,libvirt-qemu,local-usr.sbin.libvirtd,
++      TEMPLATE.lxc,TEMPLATE.qemu,usr.lib.libvirt.virt-aa-helper,
++      usr.sbin.libvirtd} Add apparmor profiles.
++    - debian/bug-presubj: removed
++    - debian/control:
++      - add cdbs, dh-autoreconf, libcurl4-gnutls-dev
++      - add libxml-libxml-perl, libhal-dev
++      - swap open-iscsi to open-iscsi-utils
++      - Enable numa support on ppc64el.
++      - remove libsanlock-dev, libselinux1-dev
++      - use libsystemd-daemon-dev instead of libsystemd-dev
++      - remove systemtap-sdt-dev, python, sheepdog, librados-dev, libfuse-dev
++      - remove libssh2-1, augeas-tools
++      - add libcgmanager-dev, xsltproc
++      - remove Vcs-Git
++      - adjust X-Python-Version > 2.7
++      - don't build libvirt-clients, libvirt-daemon, libvirt-sanlock packages
++    - keep debian/{libvirt-bin.apport,libvirt-bin.cron.daily}
++    - debian/libvirt-daemon.* has been mostly renamed to debian/libvirt-bin.*
++    - add upstart script for libvirt-bin
++    - debian/*.{links,maintscript} files not added
++    - keep ubuntu maintscript modifications
++    - debian/libvirt-sanlock* not merged
++    - debian/libvirt-clients* not merged
++    - keep debian/{libvirt-migrate-qemu-disks.*,
++      libvirt-migrate-qemu-machinetype.*,
++      libvirt-migrate-xend-managed-domains.*}
++    - keep debian/libvirt-suspendonreboot
++    - keep debian/libvirt-uri.sh
++    - debian/polkit/* not added
++    - debian/README.Debian:
++      - add 'Apparmor Profile' section
++      - add 'Disk migration' section
++    - debian/rules:
++      - add cdbs and autoconf stuff
++      - don't build WITH_SANLOCK, WITH_INIT_SCRIPT, WITH_SYSTEMD, WITH_FIREWALLD
++        WITH_SELINUX
++      - use qemu-group kvm instead of libvirt-qemu
++      - set DEB_DH_INSTALLINIT_ARGS to '--upstart-only'
++      - remove auto_test section
++      - add build/libvirt-bin:: section to install
++        - apparmor files
++        - apport hooks
++        - libvirt-migrate-qemu-disks
++      - use clean:: instead of dh_*clean
++    - Move ubuntu specific patches to 'debian/patches/ubuntu'
++  * Dropped patches:
++    - drop 9033-apparmor-use-TEMPLATE.qemu-for-kvm.patch (upstream 16d2bc8b)
++    - drop 9036-util-prepare-uri-for-libxml2-2.9.2.patch (upstream 8f17d0ea)
++    - drop 9040-virt-aa-helper-add-unix-channels (upstream 03d7462d)
++    - drop CVE-2014-3633.patch (upstream 3e745e8f)
++    - drop CVE-2014-3657.patch (upstream fc22b2e7)
++    - drop CVE-2014-7823.patch (upstream b1674ad5)
++    - drop Don-t-fail-if-we-can-t-setup-avahi.patch (dropped in debian)
++    - drop add-ppc64le-support.patch (upstream 9265fd19, addce06c, 1e911742,
++      bdbe723f, 5e4f49ab)
++    - drop blockdev-migration patches (upstream 1049a8d8, 9c5efd1a, cb7297c1,
++      a5250449, e9ef8565, 952907f5, 5eb03b6e, 93a19e28, a4e92f9e, de0aeafe)
++    - storage-allow-zero-capacity-with-non-backing-file-to.patch,
++      tests-add-vol-qcow2-zerocapacity-test-to-storagevolx.patch
++      (upstream 0bcda653, b8cc0cc5)
++    - ubuntu/fix-ubuntu-xen-qemu-dm-path.patch dropped in favor of
++      Allow-xen-toolstack-to-find-it-s-binaries.patch
++    - drop ubuntu-libxl-Implement-basic-video-device-selection.patch
++      (upstream 1298daca)
++    - remove dont-include-non-migrateable-features-in-host-model
++      (upstream and not included in series)
++    - remove upstream-libxl-Allow-libxl-to-find-pygrub-binary.patch
++      (upstream and not included in series)
++
++ -- Chris J Arges <chris.j.arges@canonical.com>  Wed, 02 Dec 2015 12:06:09 -0600
++
  libvirt (1.2.21-2) unstable; urgency=medium
    * [014a0c7] Add a build test to verify that the we can link against libvirt
@@ -2025,45 +6248,202 @@ libvirt (1.2.18-1) experimental; urgency=medium
   -- Guido Günther <agx@sigxcpu.org>  Tue, 11 Aug 2015 21:19:43 +0200
--libvirt (1.2.16-2) unstable; urgency=medium
++libvirt (1.2.16-2ubuntu14) xenial; urgency=medium
--  * [0266267] Build-Depend and suggest nfs-common
--    for showmount
--    Thanks to Laurent Bigonville (Closes: #787783)
--  * [a48c783] Build depend on libpolkit-gobject-1-dev
--    to properly detect uid support in pkcheck.
--    Thanks to Laurent Bigonville (Closes: #787782)
--  * [3d0fe35] Enable firewalld support.
--    Thanks to Laurent Bigonville (Closes: #714372)
++  * debian/apparmor/libvirt-qemu: add a bunch of newly available qemu-*
++    architecture binaries. (LP: #1519030)
-- -- Guido Günther <agx@sigxcpu.org>  Fri, 05 Jun 2015 10:12:28 +0200
++ -- Dimitri John Ledkov <xnox@ubuntu.com>  Mon, 23 Nov 2015 17:42:52 +0000
--libvirt (1.2.16-1) unstable; urgency=medium
++libvirt (1.2.16-2ubuntu13) xenial; urgency=medium
--  * Upload to unstabl
--  * [50e9055] New upstream version 1.2.16
++  * debian/control: switch ebtables from Recommends to Depends or default
++    configuration network doesn't get created. (LP: #1505576)
-- -- Guido Günther <agx@sigxcpu.org>  Wed, 03 Jun 2015 08:44:53 +0200
++ -- Marc Deslauriers <marc.deslauriers@ubuntu.com>  Thu, 05 Nov 2015 15:14:04 -0600
--libvirt (1.2.16~rc2-3) experimental; urgency=medium
++libvirt (1.2.16-2ubuntu12) xenial; urgency=medium
--  * [6d22215] Fix one more libxl leftover
++  * virt-aa-helper apparmor policy:  add 'network inet6' (LP: #1511830)
-- -- Guido Günther <agx@sigxcpu.org>  Mon, 01 Jun 2015 08:49:50 +0200
++ -- Serge Hallyn <serge.hallyn@ubuntu.com>  Mon, 02 Nov 2015 11:49:56 -0600
--libvirt (1.2.16~rc2-2) experimental; urgency=medium
++libvirt (1.2.16-2ubuntu11) wily; urgency=medium
--  * [132348d] Only install libxl configuratin on hosts that support XEN
++  * Fix the preinst and postinst: the check for whether libvirt-bin was
++    running was wrong for upstart systems, but we don't need to do that
++    anyway - just stop libvirt-bin unconditionally.  (LP: #1499199)
++  * libvirt-guests.service: fix libvirtd.service -> libvirt-bin.service
-- -- Guido Günther <agx@sigxcpu.org>  Sat, 30 May 2015 13:39:22 +0200
++ -- Serge Hallyn <serge.hallyn@ubuntu.com>  Sun, 27 Sep 2015 15:47:08 +0000
--libvirt (1.2.16~rc2-1) experimental; urgency=medium
++libvirt (1.2.16-2ubuntu10) wily; urgency=medium
--  * [540f826] New upstream version 1.2.16~rc2
++  * Add qemu-block-extra libraries to libvirt apparmor profile (LP: #1495895)
-- -- Guido Günther <agx@sigxcpu.org>  Fri, 29 May 2015 17:26:00 +0200
++ -- Ryan Harper <ryan.harper@canonical.com>  Wed, 16 Sep 2015 13:20:48 -0500
--libvirt (1.2.16~rc1-1) experimental; urgency=medium
++libvirt (1.2.16-2ubuntu9) wily; urgency=medium
++
++  * Add upstream patches implementing a '--migrate-disks' option to virsh
++    migrate to specify block devices to migrate.  (LP: #1398999)
++
++ -- Serge Hallyn <serge.hallyn@ubuntu.com>  Fri, 04 Sep 2015 09:29:52 -0500
++
++libvirt (1.2.16-2ubuntu8) wily; urgency=medium
++
++  * Support OVMF images in virt-aa-helper.  (LP: #1483071)
++  * Fix the libvirt-bin.preinst to not stop libvirt-bin on upgrade
++    from 1.2.16-2ubuntu7.
++
++ -- Serge Hallyn <serge.hallyn@ubuntu.com>  Fri, 14 Aug 2015 07:34:30 -0500
++
++libvirt (1.2.16-2ubuntu7) wily; urgency=medium
++
++  * Stop libvirt-bin at pre-inst if upgrading from a non-systemd version,
++    restart at postinst.  (This can be removed after 16.04 release)
++  * Commonize stopping of vms in upstart/systemd.
++
++ -- Serge Hallyn <serge.hallyn@ubuntu.com>  Tue, 11 Aug 2015 17:40:36 -0500
++
++libvirt (1.2.16-2ubuntu6) wily; urgency=medium
++
++  * Add systemd units and libvirt-stop-guests script to stop VMs before
++    a host completes shutdown  (LP: #1480440)
++
++ -- Serge Hallyn <serge.hallyn@ubuntu.com>  Tue, 11 Aug 2015 15:42:29 -0500
++
++libvirt (1.2.16-2ubuntu5) wily; urgency=medium
++
++  * debian/control changes:
++    - Replace module-init-tools with kmod
++  * debian/tests:
++    - add autopkgtests from Debian
++
++ -- Chris J Arges <chris.j.arges@canonical.com>  Fri, 10 Jul 2015 14:15:48 -0500
++
++libvirt (1.2.16-2ubuntu4) wily; urgency=medium
++
++  * d/p/{storage-allow-zero-capacity-with-non-backing-file-to.patch,
++    tests-add-vol-qcow2-zerocapacity-test-to-storagevolx.patch} added to address
++    (LP: #1459748). Allow zero capacity storage creation with non-backing file.
++
++ -- Chris J Arges <chris.j.arges@canonical.com>  Fri, 10 Jul 2015 12:50:50 -0500
++
++libvirt (1.2.16-2ubuntu3) wily; urgency=medium
++
++  * debian/apparmor/libvirt-qemu:
++    allow serial console backed by pts chardev (LP: #1342083)
++
++ -- Chris J Arges <chris.j.arges@canonical.com>  Tue, 07 Jul 2015 16:38:17 -0500
++
++libvirt (1.2.16-2ubuntu2) wily; urgency=low
++
++  [ Chris J Arges ]
++  * Merge from Debian unstable.  Remaining changes:
++    - debian/apparmor/{libvirt-lxc,libvirt-qemu,local-usr.sbin.libvirtd,
++      TEMPLATE.lxc,TEMPLATE.qemu,usr.lib.libvirt.virt-aa-helper,
++      usr.sbin.libvirtd} Add apparmor profiles.
++    - debian/bug-presubj: removed
++    - debian/control:
++      - add cdbs, dh-autoreconf, libcurl4-gnutls-dev
++      - add libxml-libxml-perl, libhal-dev
++      - swap open-iscsi to open-iscsi-utils
++      - Enable numa support on ppc64 and ppc64el.
++      - remove libsanlock-dev, libselinux1-dev, libsystemd-daemon-dev
++      - remove systemtap-sdt-dev, python, sheepdog, librados-dev, libfuse-dev
++      - remove libssh2-1, augeas-tools
++      - add libcgmanager-dev, xsltproc
++      - remove Vcs-Git
++      - adjust X-Python-Version > 2.7
++      - don't build libvirt-clients, libvirt-daemon, libvirt-sanlock packages
++    * keep debian/{libvirt-bin.apport,libvirt-bin.cron.daily}
++    * debian/libvirt-daemon.* has been mostly renamed to debian/libvirt-bin.*
++    * add upstart script for libvirt-bin
++    * debian/*.links files not added
++    * debian/libvirt-sanlock* not merged
++    * debian/libvirt-clients* not merged
++    * debian smoke tests not merged
++    * keep debian/{libvirt-migrate-qemu-disks.*,
++      libvirt-migrate-qemu-machinetype.*,
++      libvirt-migrate-xend-managed-domains.*}
++    * keep debian/libvirt-suspendonreboot
++    * keep debian/libvirt-uri.sh
++    * Don't apply the following patches:
++      - d/p/Debianize-libvirt-guests.patch
++      - d/p/Debianize-systemd-service-files.patch
++      - d/p/debian/Debianize-virtlockd.patch
++      - d/p/fix-Debian-specific-path-to-hvm-loader.patch
++      - d/p/Disable-gnulib-s-test-nonplocking-pipe.sh.patch
++      - d/p/patch-qemuMonitorTextGetMigrationStatus-to-intercept.patch
++    * debian/polkit/* not added
++    * debian/README.Debian:
++      - add 'Apparmor Profile' section
++      - add 'Disk migration' section
++    * debian/rules:
++      - add cdbs and autoconf stuff
++      - don't build WITH_SANLOCK, WITH_INIT_SCRIPT, WITH_SYSTEMD, WITH_FIREWALLD
++        WITH_SELINUX
++      - use qemu-group kvm instead of libvirt-qemu
++      - set DEB_DH_INSTALLINIT_ARGS to '--upstart-only'
++      - remove auto_test section
++      - add build/libvirt-bin:: section to install
++        - apparmor files
++        - apport hooks
++        - libvirt-migrate-qemu-disks
++      - use clean:: instead of dh_*clean
++
++  [ Chuck Short ]
++    + Rediffed:
++     - debian/patches/storage-default-permission-mode-to-0711
++     - debian/patches/ubuntu_machine_type.patch
++  * debian/libvirt-bin.init: Adjust avahi to avahi-daemon (LP: #1453572)
++
++  [ Serge Hallyn ]
++  * 9040-virt-aa-helper-add-unix-channels.patch: add support for unix
++    sockets for serials.  (LP: #1015154)
++
++ -- Chris J Arges <chris.j.arges@canonical.com>  Wed, 01 Jul 2015 13:33:40 -0500
++
++libvirt (1.2.16-2) unstable; urgency=medium
++
++  * [0266267] Build-Depend and suggest nfs-common
++    for showmount
++    Thanks to Laurent Bigonville (Closes: #787783)
++  * [a48c783] Build depend on libpolkit-gobject-1-dev
++    to properly detect uid support in pkcheck.
++    Thanks to Laurent Bigonville (Closes: #787782)
++  * [3d0fe35] Enable firewalld support.
++    Thanks to Laurent Bigonville (Closes: #714372)
++
++ -- Guido Günther <agx@sigxcpu.org>  Fri, 05 Jun 2015 10:12:28 +0200
++
++libvirt (1.2.16-1) unstable; urgency=medium
++
++  * Upload to unstabl
++  * [50e9055] New upstream version 1.2.16
++
++ -- Guido Günther <agx@sigxcpu.org>  Wed, 03 Jun 2015 08:44:53 +0200
++
++libvirt (1.2.16~rc2-3) experimental; urgency=medium
++
++  * [6d22215] Fix one more libxl leftover
++
++ -- Guido Günther <agx@sigxcpu.org>  Mon, 01 Jun 2015 08:49:50 +0200
++
++libvirt (1.2.16~rc2-2) experimental; urgency=medium
++
++  * [132348d] Only install libxl configuratin on hosts that support XEN
++
++ -- Guido Günther <agx@sigxcpu.org>  Sat, 30 May 2015 13:39:22 +0200
++
++libvirt (1.2.16~rc2-1) experimental; urgency=medium
++
++  * [540f826] New upstream version 1.2.16~rc2
++
++ -- Guido Günther <agx@sigxcpu.org>  Fri, 29 May 2015 17:26:00 +0200
++
++libvirt (1.2.16~rc1-1) experimental; urgency=medium
    * [d17b3cb] Add libxl configuration files
    * [24520fd] Update gbp.conf for experimental
@@ -2090,6 +6470,49 @@ libvirt (1.2.15-1) experimental; urgency=medium
   -- Guido Günther <agx@sigxcpu.org>  Tue, 05 May 2015 19:26:21 +0200
++libvirt (1.2.15-0ubuntu4) wily; urgency=medium
++
++  * Add post-start to upstart (/etc/init/libvirt-bin.conf) and
++    sysv (/etc/init.d/libvirt-bin) jobs to ensure libvirt-sock
++    created before up (LP: #1455608)
++
++ -- Edward Hope-Morley <edward.hope-morley@canonical.com>  Thu, 28 May 2015 16:06:44 +0100
++
++libvirt (1.2.15-0ubuntu3) wily; urgency=low
++
++  * d/p/ubuntu-libxl-qemu-path.patch: Set correct path for qemu binary
++    for new configs and convert old configs using qemu-dm.
++    (LP: #1459600)
++  * d/p/ubuntu-libxl-hvmloader-path.patch: Get Xen version from dpkg-query
++    at compile time and set LIBXL_FIRMWARE_DIR as long as libxen-dev does
++    not provide a xenlight.pc file. Use that directory to update existing
++    configs.
++    (LP: #1459603)
++
++ -- Stefan Bader <stefan.bader@canonical.com>  Thu, 28 May 2015 12:21:23 +0200
++
++libvirt (1.2.15-0ubuntu2) wily; urgency=medium
++
++  * debian/apparmor/libvirt-qemu: add /sys read accesses needed by newer
++    qemu: /sys/devices/system/node/, /sys/devices/system/cpu/ and
++    /sys/devices/system/node/node[0-9]*/meminfo
++
++ -- Jamie Strandboge <jamie@ubuntu.com>  Wed, 13 May 2015 16:41:54 -0500
++
++libvirt (1.2.15-0ubuntu1) wily; urgency=medium
++
++  * New upstream release:
++    + Dropped patches:
++      - d/p/add-cgmanager-support.patch
++      - d/p/cgmanager-mutex
++      - d/p/cgm-ignore-machined-failure
++      - d/p/9020-lp545795.patch
++      - d/pa/ubuntu-libxl-qemu-nopath.patch
++      - d/p/ubuntu-libxl-migrate-dm.patch
++      - d/p9037-virt-aa-helper-add-unix-channels-esp-for-qemu-guest-.patch
++
++ -- Chuck Short <zulcss@ubuntu.com>  Thu, 07 May 2015 10:27:49 -0400
++
  libvirt (1.2.15~rc2-1) experimental; urgency=medium
    * [852e3c3] New upstream version 1.2.15~rc2
@@ -2148,6 +6571,110 @@ libvirt (1.2.12-1) experimental; urgency=medium
   -- Guido Günther <agx@sigxcpu.org>  Thu, 29 Jan 2015 11:02:21 +0100
++libvirt (1.2.12-0ubuntu12) vivid; urgency=low
++
++  * Add profile script to automatically set the default URI based on
++    the currently running hyperisor (Xen or KVM/Qemu).
++    (LP: #1334749)
++
++ -- Stefan Bader <stefan.bader@canonical.com>  Tue, 14 Apr 2015 09:02:52 -0500
++
++libvirt (1.2.12-0ubuntu11) vivid; urgency=medium
++
++  * create /var/lib/libvirt/qemu/channel/target (LP: #1393842)
++    - libvirt-bin.dirs: add /var/lib/libvirt/qemu/channel/target
++    - libvirt-bin.postinst: chown target directory to libvirt-qemu:kvm so
++      qemu can create the unix sockets.
++
++ -- Serge Hallyn <serge.hallyn@ubuntu.com>  Thu, 09 Apr 2015 10:40:05 -0500
++
++libvirt (1.2.12-0ubuntu10) vivid; urgency=medium
++
++  * Fix previous patch to ignore any abstract unix domain sockets
++  * Update the cgmanager patch so that container start and stop work under
++    systemd.  (LP: #1438730)  In 15.10 we will drop the cgmanager patch(es).
++
++ -- Serge Hallyn <serge.hallyn@ubuntu.com>  Wed, 08 Apr 2015 10:58:04 -0500
++
++libvirt (1.2.12-0ubuntu9) vivid; urgency=medium
++
++  * 9037-virt-aa-helper-add-unix-channels-esp-for-qemu-guest-.patch: Allow
++    libvirt domains to start when using qemu guest agent.  (LP: #1393842)
++
++ -- Serge Hallyn <serge.hallyn@ubuntu.com>  Mon, 06 Apr 2015 11:14:03 -0500
++
++libvirt (1.2.12-0ubuntu8) vivid; urgency=medium
++
++  * silence denial of attempted reads of lttng files (LP: #1432644)
++
++ -- Serge Hallyn <serge.hallyn@ubuntu.com>  Fri, 27 Mar 2015 21:36:27 -0500
++
++libvirt (1.2.12-0ubuntu7) vivid; urgency=low
++
++  * No-change rebuild to pull in libxen-dev 4.5
++
++ -- Stefan Bader <stefan.bader@canonical.com>  Wed, 25 Feb 2015 18:31:16 +0100
++
++libvirt (1.2.12-0ubuntu6) vivid; urgency=low
++
++  * Fix xml validation for Xen by allowing non-absolute path values
++    in loader and bootloader elements (LP: #1425497).
++  * Fix up Xen emulator in old configurations and for new definitions to
++    point to /usr/bin/qemu-system-i386 (LP: #1425497).
++
++ -- Stefan Bader <stefan.bader@canonical.com>  Fri, 13 Feb 2015 17:57:27 +0100
++
++libvirt (1.2.12-0ubuntu5) vivid; urgency=medium
++
++  * Remove smoser-ppc64le-is-ppc64.patch - the problem will be solved by the
++    qemu-system-ppcle symlink in qemu-system-ppc package.
++
++ -- Serge Hallyn <serge.hallyn@ubuntu.com>  Thu, 12 Feb 2015 15:38:39 -0600
++
++libvirt (1.2.12-0ubuntu4) vivid; urgency=medium
++
++  * libvirt-qemu: allow kvm script on ppc to execute uname
++
++ -- Serge Hallyn <serge.hallyn@ubuntu.com>  Thu, 12 Feb 2015 14:05:14 -0600
++
++libvirt (1.2.12-0ubuntu3) vivid; urgency=medium
++
++  * Apply patch from smoser to make libvirt on ppc64le functional.
++    (LP: #1418221)
++
++ -- Serge Hallyn <serge.hallyn@ubuntu.com>  Mon, 09 Feb 2015 12:09:49 -0600
++
++libvirt (1.2.12-0ubuntu2) vivid; urgency=medium
++
++  * debian/control: Use libxml-libxml-perl instead of libxml-xpath-perl.
++  * debian/patches/docs-remove-xpath.patch: Use libxml instead of XPath.
++
++ -- Chuck Short <zulcss@ubuntu.com>  Fri, 06 Feb 2015 11:28:15 -0500
++
++libvirt (1.2.12-0ubuntu1) vivid; urgency=medium
++
++  * New upstream release
++  * Rediffed patches:
++    - debian/patches/9030-create-socket-dir
++    - debian/patches/add-cgmanager-support.patch
++    - debian/patches/cgroups-ignore-systemd-failure
++  * Dropped patches:
++    - debian/patches/ubuntu-libxl-Implement-basic-video-device-selection.patch
++    - debian/patches/ubuntu-libxl-Fix-up-VRAM-to-minimum-requirements.patch
++    - debian/patches/9033-apparmor-use-TEMPLATE.qemu-for-kvm.patch
++    - debian/patches/-CVE-2014-3633.patch
++    - debian/patches/dont-include-non-migrateable-features-in-host-model
++    - debian/patches/9036-util-prepare-uri-for-libxml2-2.9.2.patch
++    - debian/patches/CVE-2014-3657.patch
++    - debian/patches/CVE-2014-7823.patch
++    - debian/patches/add-ppc64le-support.patch
++    - debian/patches/upstream-libxl-Allow-libxl-to-find-pygrub-binary.patch
++  * debian/control: Add libxml-xpath-perl and xsltproc to dependencies
++  * debian/patches/skip-vircgrouptest.patch: Skip cgroup tests.
++  * debian/patches/disable-network-test.patch: Skip network tests
++
++ -- Chuck Short <zulcss@ubuntu.com>  Tue, 03 Feb 2015 13:12:36 -0500
++
  libvirt (1.2.12~rc2-1) experimental; urgency=medium
    * [67f2b22] New upstream version 1.2.12~rc2
@@ -2389,6 +6916,212 @@ libvirt (1.2.8-1) experimental; urgency=medium
   -- Guido Günther <agx@sigxcpu.org>  Fri, 05 Sep 2014 19:56:50 +0200
++libvirt (1.2.8-0ubuntu21) vivid; urgency=medium
++
++  * d/apparmor/libvirt-qemu: Update the ceph.conf allow rule (LP: #1403648)
++
++ -- Serge Hallyn <serge.hallyn@ubuntu.com>  Fri, 30 Jan 2015 10:02:20 +0100
++
++libvirt (1.2.8-0ubuntu20) vivid; urgency=medium
++
++  * debian/rules:
++    - use --with-esx (LP: #565771)
++    - specify restart-after-upgrade (LP: #1215617)
++  * debian/control: add libcurl4-gnutls-dev for esx support
++
++ -- Serge Hallyn <serge.hallyn@ubuntu.com>  Wed, 21 Jan 2015 13:01:59 -0600
++
++libvirt (1.2.8-0ubuntu19) vivid; urgency=medium
++
++  * apparmor libvirt-qemu template: allow reading charm-specific ceph config
++    and silence denials for /tmp/**.  (LP: #1403648)
++
++ -- Serge Hallyn <serge.hallyn@ubuntu.com>  Tue, 06 Jan 2015 10:27:33 -0600
++
++libvirt (1.2.8-0ubuntu18) vivid; urgency=medium
++
++  * mutex cgmanager actions (Thanks to Don Bowman for finding the cause)
++    (LP: #1397130) (LP: #1367702)
++
++ -- Serge Hallyn <serge.hallyn@ubuntu.com>  Thu, 18 Dec 2014 13:28:03 -0600
++
++libvirt (1.2.8-0ubuntu17) vivid; urgency=low
++
++  * d/p/upstream-libxl-Allow-libxl-to-find-pygrub-binary.patch:
++    Allow libxl to figure out the path to pygrub. (LP: #1396942)
++
++ -- Stefan Bader <stefan.bader@canonical.com>  Thu, 11 Dec 2014 09:51:20 +0100
++
++libvirt (1.2.8-0ubuntu16) vivid; urgency=medium
++
++  * debian/patches/add-ppc64le-support.patch: Added patches needed
++    for ppc64le support. (LP: #1396070)
++
++ -- Chuck Short <zulcss@ubuntu.com>  Thu, 27 Nov 2014 08:57:35 -0500
++
++libvirt (1.2.8-0ubuntu15) vivid; urgency=medium
++
++  * libvirt-qemu: add r to sgabios.bin (LP: #1393548)
++
++ -- Serge Hallyn <serge.hallyn@ubuntu.com>  Mon, 17 Nov 2014 15:05:22 -0600
++
++libvirt (1.2.8-0ubuntu14) vivid; urgency=medium
++
++  [ Serge Hallyn ]
++  * 9036-util-prepare-uri-for-libxml2-2.9.2.patch: fix FTBFS against new
++    libxml 2.9.2 (LP: #1390637)
++
++  [ Marc Deslauriers ]
++  * SECURITY UPDATE: denial of service via virConnectListAllDomains
++    - debian/patches/CVE-2014-3657.patch: fix domain deadlock in
++      src/conf/domain_conf.c.
++    - CVE-2014-3657
++  * SECURITY UPDATE: xml information leak with read-only connections
++    - debian/patches/CVE-2014-7823.patch: check for migratable flag in
++      src/libvirt.c, src/remote/remote_protocol.x.
++    - CVE-2014-7823
++
++ -- Marc Deslauriers <marc.deslauriers@ubuntu.com>  Tue, 11 Nov 2014 13:14:00 -0500
++
++libvirt (1.2.8-0ubuntu13) vivid; urgency=medium
++
++  * cull too-new apparmor rules depending on target host (LP: #1387251)
++  * add mising apparmor permissions for slof (LP: #1374554)
++
++ -- Serge Hallyn <serge.hallyn@ubuntu.com>  Fri, 07 Nov 2014 20:32:23 +0000
++
++libvirt (1.2.8-0ubuntu12) vivid; urgency=medium
++
++  * complete the 9p support: (LP: #1378434)
++    - libvirt-qemu: add fowner and fsetid
++    - virt-aa-helper: add 'l' to 9p file options
++  * dont-include-non-migrateable-features-in-host-model (LP: #1386503)
++
++ -- Serge Hallyn <serge.hallyn@ubuntu.com>  Wed, 29 Oct 2014 15:07:21 -0500
++
++libvirt (1.2.8-0ubuntu11) utopic; urgency=medium
++
++  [ Felix Geyer ]
++  * d/p/ubuntu_machine_type.patch: Fix No PCI buses available. (LP: #1379346).
++
++ -- Chris J Arges <chris.j.arges@canonical.com>  Thu, 09 Oct 2014 08:57:27 -0500
++
++libvirt (1.2.8-0ubuntu10) utopic; urgency=medium
++
++  * libvirt-bin.upstart: delay start until rc finished
++    This give hypervisors more time to finish their setup (LP: #1377900).
++  * libvirt-bin.upstart: add xen:/// uri to the list (LP: #1377960)
++
++ -- Stefan Bader <stefan.bader@canonical.com>  Mon, 06 Oct 2014 16:23:06 +0200
++
++libvirt (1.2.8-0ubuntu9) utopic; urgency=medium
++
++  * libvirt-qemu apparmor template: add /sys/firmware/devicetree/** r
++    (LP: #1374554)
++
++ -- Serge Hallyn <serge.hallyn@ubuntu.com>  Wed, 01 Oct 2014 17:09:05 -0500
++
++libvirt (1.2.8-0ubuntu8) utopic; urgency=medium
++
++  * libvirt-bin.postinst: fix syntax error (s/if/fi/)
++
++ -- Serge Hallyn <serge.hallyn@ubuntu.com>  Tue, 30 Sep 2014 13:07:19 -0500
++
++libvirt (1.2.8-0ubuntu7) utopic; urgency=medium
++
++  * libvirt-bin.postinst: check for confiles whichhave been removed rather
++    than fail package install (LP: #1375910)
++
++ -- Serge Hallyn <serge.hallyn@ubuntu.com>  Tue, 30 Sep 2014 12:37:16 -0500
++
++libvirt (1.2.8-0ubuntu6) utopic; urgency=medium
++
++  * SECURITY UPDATE: denial of service or information disclosure via
++    virDomainGetBlockIoTune
++    - debian/patches/CVE-2014-3633.patch: use correct definition when
++      looking up disk in src/qemu/qemu_driver.c.
++    - CVE-2014-3633
++
++ -- Marc Deslauriers <marc.deslauriers@ubuntu.com>  Mon, 29 Sep 2014 15:23:37 -0400
++
++libvirt (1.2.8-0ubuntu5) utopic; urgency=medium
++
++  * debian/apparmor/libvirt-lxc (sync with container-base with lxc):
++    - remove bare 'signal' and 'ptrace' rules (base abstraction covers most
++      of what we need)
++    - allow signal (receive) peer=/usr/sbin/libvirtd
++    - allow ptrace peer=@{profile_name}
++    - deny mount options=(ro, remount, silent) -> /
++    - allow mount fstype=hugetlbfs
++    - shuffle a couple of rules around to make it easier to diff with lxc
++      policy
++  * debian/apparmor/TEMPLATE.lxc (sync with lxc-default):
++    - use attach_disconnected and mediate_deleted
++    - deny mount fstype=devpts,
++
++ -- Jamie Strandboge <jamie@ubuntu.com>  Thu, 25 Sep 2014 16:24:21 -0500
++
++libvirt (1.2.8-0ubuntu4) utopic; urgency=medium
++
++  * debian/apparmor/usr.sbin.libvirtd: allow 'network netlink'
++
++ -- Jamie Strandboge <jamie@ubuntu.com>  Thu, 18 Sep 2014 15:15:13 -0500
++
++libvirt (1.2.8-0ubuntu3) utopic; urgency=medium
++
++  * 9033-apparmor-use-TEMPLATE.qemu-for-kvm.patch - fix failure to start
++    KVM vms.
++
++ -- Serge Hallyn <serge.hallyn@ubuntu.com>  Thu, 18 Sep 2014 14:08:04 -0500
++
++libvirt (1.2.8-0ubuntu2) utopic; urgency=low
++
++  * d/p/ubuntu-xend-probe.patch:
++    Update patch correctly and re-enable it. It seems like it only was
++    half updated and then disabled without reasons.
++  * d/p/ubuntu-libxl-Implement-basic-video-device-selection.patch:
++    Re-activate adapted patch. Some pieces made it into upstream as a
++    bug fix. The rest is still needed to allow selecing an alternate
++    graphics device for Xen HVM guests.
++  * d/p/ubuntu-libxl-Fix-up-VRAM-to-minimum-requirements.patch:
++    Re-activate unchanged patch (for some reason dropped when moving
++    to 1.2.6).
++    This one is a bit of a work-around mainly for virt-manager which sets
++    gfx memory to values below the minimum requirement for Xen. And the
++    UI does not allow to change that. This patch just goes for the minimum
++    in that case.
++
++ -- Stefan Bader <stefan.bader@canonical.com>  Thu, 18 Sep 2014 10:00:36 +0200
++
++libvirt (1.2.8-0ubuntu1) utopic; urgency=medium
++
++  [ Chuck Short ]
++  * New upstream release:  (LP: #1367422)
++    + Dropped:
++      - debian/patches/ovs-delete-port-if-exists-while-adding-new-one
++    + Refreshed:
++      - debian/patches/add-cgmanager-support.patch
++      - debian/patches/storage-default-permission-mode-to-0711
++
++  [ Serge Hallyn ]
++  * d/apparmor
++    - install TEMPLATE.qemu and TEMPLATE.lxc
++    - add libvirt-lxc abstraction, add permissions to it needed for
++      a ubuntu container to start.
++    - libvirt-qemu - add qemu-bridge-helper policy from upstream
++    - libvirt-qemu - add qemu-microblaze allows from upstream
++    - edit lxc.conf to enable apparmor by default  (LP: #914716)
++      (LP: #1008393) (LP: #1088295)
++  * d/apparmor/libvirt-qemu: add /dev/shm as path to spice.* nodes
++    for systemd case.  (LP: #1365163)
++  * d/p/9030-create-socket-dir - create session socket dir if
++    needed  (Should be replaced eventually by the upstream fix)
++  * d/p/9032-lxc-allow-no-security-driver: don't fail if apparmor
++    driver is not available (else the qa-regression-tests fail with
++    skip_apparmor)
++
++ -- Serge Hallyn <serge.hallyn@ubuntu.com>  Mon, 15 Sep 2014 18:30:06 -0500
++
  libvirt (1.2.7-11) unstable; urgency=medium
    * [6534478] Check status in a systemd 208 compatible way
@@ -2548,6 +7281,119 @@ libvirt (1.2.6-1) experimental; urgency=medium
   -- Guido Günther <agx@sigxcpu.org>  Tue, 22 Jul 2014 22:33:51 +0200
++libvirt (1.2.6-0ubuntu6) utopic; urgency=medium
++
++  * debian/apparmor/usr.sbin.libvirtd: update for abstract socket mediation

Ubuntulibvirt package

Merge ~sergiodj/ubuntu/+source/libvirt:merge-10.0-0-noble into ubuntu/+source/libvirt:debian/sid

Commit message

Description of the change

Preview Diff

Subscribers

Ubuntu
libvirt package