Ubuntu
libvirt package

debian/changelog (+8800/-14)
debian/control (+9/-7)
debian/control.in (+9/-7)
debian/libvirt-clients.install (+1/-0)
debian/libvirt-clients.install.in (+1/-0)
debian/libvirt-clients.lintian-overrides (+1/-0)
debian/libvirt-daemon-common.apport (+22/-0)
debian/libvirt-daemon-common.dirs (+2/-0)
debian/libvirt-daemon-common.install (+1/-0)
debian/libvirt-daemon-common.install.in (+1/-0)
debian/libvirt-daemon-common.libvirt-guests.default (+2/-2)
debian/libvirt-daemon-driver-qemu.dirs (+1/-0)
debian/libvirt-daemon-driver-qemu.dnsmasq (+2/-0)
debian/libvirt-daemon-driver-qemu.install (+1/-0)
debian/libvirt-daemon-driver-qemu.install.in (+1/-0)
debian/libvirt-daemon-driver-qemu.postinst (+136/-0)
debian/libvirt-daemon-driver-qemu.postinst.in (+136/-0)
debian/libvirt-daemon-driver-qemu.postrm (+24/-1)
debian/libvirt-daemon-driver-qemu.postrm.in (+24/-1)
debian/libvirt-daemon.README.Debian (+82/-22)
debian/libvirt-uri.sh (+21/-0)
debian/patches/series (+20/-0)
debian/patches/ubuntu-aa/0020-virt-aa-helper-ubuntu-storage-paths.patch (+37/-0)
debian/patches/ubuntu-aa/0029-appmor-libvirt-qemu-Add-9p-support.patch (+34/-0)
debian/patches/ubuntu-aa/0031-virt-aa-helper-Ask-for-no-deny-rule-for-readonly-dis.patch (+43/-0)
debian/patches/ubuntu-aa/0032-apparmor-libvirt-qemu-Allow-reading-charm-specific-c.patch (+34/-0)
debian/patches/ubuntu-aa/0033-UBUNTU-only-apparmor-for-kvm.powerpc-LP-1680384.patch (+41/-0)
debian/patches/ubuntu-aa/0034-apparmor-virt-aa-helper-access-for-snapped-nova.patch (+28/-0)
debian/patches/ubuntu-aa/lp-1815910-allow-vhost-hotplug.patch (+57/-0)
debian/patches/ubuntu-aa/virt-aa-helper-allow-riscv64-EDK-II.patch (+31/-0)
debian/patches/ubuntu/Allow-libvirt-group-to-access-the-socket.patch (+50/-0)
debian/patches/ubuntu/daemon-augeas-fix-expected.patch (+21/-0)
debian/patches/ubuntu/dnsmasq-as-priv-user (+300/-0)
debian/patches/ubuntu/lp-1861125-ubuntu-models.patch (+21/-0)
debian/patches/ubuntu/ovmf_paths.patch (+54/-0)
debian/patches/ubuntu/set-default-machine-to-ubuntu.patch (+45/-0)
debian/patches/ubuntu/swtpm-by-swtpm-user.patch (+40/-0)
debian/patches/ubuntu/ubuntu_machine_type.patch (+14/-0)
debian/patches/ubuntu/wait-for-qemu-kvm.patch (+23/-0)
debian/rules (+16/-2)
debian/tests/control (+3/-1)
debian/tests/smoke-lxc (+30/-4)
debian/tests/smoke-qemu-session (+5/-0)
debian/tests/smoke-qemu-session.xml (+2/-2)

Conflict in debian/changelog

Related bugs:

Bug #2085246: Merge libvirt from Debian unstable for plucky	Undecided	Fix Released
Bug #2091357: [SRU] virt-aa-helper: allow riscv64 EDK II	Undecided	Fix Released

Link a bug report

Reviewer	Date Requested	Status
git-ubuntu bot		Approve on 2024-12-12
Christian Ehrhardt (community)	2024-12-10	Approve on 2024-12-12
Canonical Server Reporter	2024-12-10	Pending
Review via email: mp+478105@code.launchpad.net

Description of the change

This is the merge of libvirt 10.10.0-1 from Debian unstable.

It's a somewhat complex merge, because Debian decided to split the package into multiple daemons (see https://salsa.debian.org/libvirt-team/libvirt/-/merge_requests/229 for rationale), which means that there are now several binary packages being generated, each for a separate functionality of libvirt.

In theory, this is ready to be uploaded to plucky. The migration tests are passing on amd64 and s390x (there's a strange error happening on ppc64el, but it's unrelated to the merge), and I have also manually tested installing/upgrading/removing the package inside a VM, which also worked OK.

I'm getting in touch with the OpenStack + MAAS teams in order to ask them to take this merge for a spin, because they're "heavy" users of libvirt and I'd like to make sure their use cases are unaffected. I'll report back their findings when I have them. Meanwhile, it'd be great to have a review here.

PPA: https://launchpad.net/~sergiodj/+archive/ubuntu/libvirt

dep8 results pending.

Revision history for this message

Christian Ehrhardt (paelzer) wrote on 2024-12-12:

Download full text (7.7 KiB)

First pass on the mechanical things ...

Review Symbols:
x = OK
- = not OK - reasons outlined in the lines below
? = question - asked in the lines below
N = not applicable to this case

* Changelog:
  - [x] Changelog entry has correct version and targeted codename
  - [x] Correct formatting of changelog items
  - [-] Bug references correct
      The dropped ref to /usr/libexec/qemu/qemu-bridge-helper in apparmor profile (LP: #2079806)
      is an active one and would ping the bug again, please make that an inactive one by dropping
      the : or the # or such.
  - [x] Old content and logical tag match as expected (Package Merge)

* Release notes and Documentation
  - [N] Added, updated or enqueued relevant documentation.
  - [-] Added, updated or enqueued relevant release notes.
     I guess you will do that when going for 11.0 in 2025 right?
     Or is it worth to already add some in particular the split into
     multiple daemons would be nice to be added there early on (for
     the same reason we do this merge early)

* Package Merge - indirect changes:
- [-] No upstream changes that need adapting due to Ubuntu's design
No critical ones, but a few to think about

     checked, https://libvirt.org/news.html no red flags
     Interesting is "qemu: Add support for versioned CPU models" as people always have
     issues with those. Maybe (optional) as part of the manual tests just run
     a v1/v2/v3 of a cpu if it works?

    swtpm: Add support for profiles
    If we know from the examples where the path is I wondered if that needs changes
    to apparmor for the guest. But from what I see in:
https://libvirt.org/formatdomain.html
https://github.com/stefanberger/swtpm/releases/tag/v0.10.0
https://launchpad.net/ubuntu/+source/libtpms
    we need to update these dependencies to v10.0 or later
    and then the apparmor profile there will need to include that if not already happened.
    Worth to FYI lena and to test towards feature freeze if it works as expected.
    Not gating for now.

no action, but I love "qemu: Automatically add IOMMU when needed"
worth in the release notes though

qemu: zero block detection for non-shared-storage migration
same

First pass on the mechanical things ...

Review Symbols:
x = OK
- = not OK - reasons outlined in the lines below
? = question - asked in the lines below
N = not applicable to this case

* Package Merge - indirect changes:
  - [-] No upstream changes that need adapting due to Ubuntu's design
    No critical ones, but a few to think about

no action, but I love "qemu: Automatically add IOMMU when needed"
    worth in the release notes though
    
    qemu: zero block detection for non-shared-storage migration
    same

Some speedup for windows paravirt (enlightments), nice to have

=> no hard action, but some worth to know about

- [x] No further upstream version/changes to consider
     Not yet, 11.0 is next year then
  - [x] Debian changes are compatible with the Ubuntu implementation
     Well they were not, but you made them compatible
  - [x] update-maintainer has been run

* Package Merge - old delta:
  - [x] Dropped changes are ok to be dropped
  - [-] Nothing else to drop
     I think we can change the comment at retaining LIBVIRT_DEFAULT_URI
     It has nothing to do with xen anymore - only about more system virt centric as default for us.

I thought about passt, but it is still at 0.0~git20241211.09478d5-1
     main maybe some day, but probably not at 0.0...
     let me know if you think otherwise

We have one super old delta, probably not needed anymore
    we picke dup
      966     - d/control: Use libc6-dev instead of libc-dev as a build dependency         
    as response to
     1139   * [689bbe6] control: switch libc6-dev B-D to libc-dev                          
     1140     - Should make libvirt buildable on architectures that don't                  
     1141       have libc6-dev (e.g. ia64)    
    But we failed to note a bug why we need it and when we can let go or if we could upstream to debian.
    Maybe Lena remembers, but worth test dropping?

- [x] Old delta was forwarded to upstream/Debian or marked as Ubuntu-only

* New delta in debian/*:
  - [x] new changes in debian/* are OK
     There is surprisingly few, all our delta is nicely contained
  - [N] New delta was forwarded to Debian or marked as Ubuntu-only

* New patches:
  - [N] No new patches added
  - [x] Patches match those proposed/committed upstream
  - [x] Patches correctly included in Debian/patches/series
  - [x] Patches have correct DEP-3 metadata
  - [N] New code not from upstream was forwarded or marked as Ubuntu-only

* Git/maintenance:
  - [x] Commits are properly split (more important on -dev than on SRUs)

* Build/Test:
  - [x] Build is OK
  - [N] This is an SRU, the validation instructions are ok
  - [N] Testcases added or adapted (N/A if not strictly required or already present)
  - [pending by sergio] autopkgtest against the PPA package passes (if possible, evidence was provided already)
  - [N] Verified PPA package installs/uninstalls
  - [N] Verified function manually
    Testing is done by the regression checks and you run and ran those - better than manual sanity check by me.

On that level a few comment, hints questions and suggestions above.
But no show stopper.

I'll go deep in range-diff comparison before I call it fully final, but so much for now.

Revision history for this message

Christian Ehrhardt (paelzer) wrote on 2024-12-12 (last edit on 2024-12-12):

3: e017e6260e < -: ---------- - d/control: drop libvirt-lxc, vbox and xen drivers to suggest
-: ---------- > 3: 0e4265315f - d/control: drop libvirt-lxc, vbox and xen drivers to suggest

The trio is fine
- libvirt-daemon-driver-lxc (= ${binary:Version}) [${ARCHES_LXC}],
- libvirt-daemon-driver-vbox (= ${binary:Version}) [${ARCHES_VBOX}],
- libvirt-daemon-driver-xen (= ${binary:Version}) [${ARCHES_XEN}],
...
moving recommended -> suggested as intended

But in there is a hidden change.

Recommends:
+ libvirt-daemon-lock (= ${binary:Version}),
+Suggests:
libvirt-daemon-driver-lxc (= ${binary:Version}) [${ARCHES_LXC}],
libvirt-daemon-driver-xen (= ${binary:Version}) [${ARCHES_XEN}],
- libvirt-daemon-lock (= ${binary:Version}),
Description: Virtualization daemon typical deployment

Is that an accident - remove it
Is it intentional then separate the commits and explain why we do it and mention in changelog?
Am I looking at it the wrong way, explain so I do not die dumb.

Arrr!
Ignore the above - I've had a look if diff tricks me.
And it does, it is in recommends in both sergiodj/merge-10.10.0-1-plucky:debian/control and pkg/debian/sid:debian/control and did not exist before.

Revision history for this message

Christian Ehrhardt (paelzer) wrote on 2024-12-12:

OK, took me a few seconds but I understand libvirt-daemon -> libvirt-daemon-common to change a few things.

Same for others like libvirt-daemon-system -> libvirt-daemon-driver-qemu.

Elements become split packages, and so the associated delta we have moves as well, but otherwise stays the same. And we see is that qmeu is 99% that matters, that is where all of it goes.
Which also means all others are more obviously isolated from changes - nice.

Some elements now wrap-and-sort'ed changing context

Revision history for this message

Christian Ehrhardt (paelzer) wrote on 2024-12-12:

23: 917245aea2 ! 23: 2adea22289 + Add dnsmasq configuration to work with system wide dnsmasq-base
Not too important, if -rf goes worng we might want to know.
But any particular reason you changed
-+ rm -f /etc/dnsmasq.d/libvirt-daemon 2>/dev/null || true
++ rm -f /etc/dnsmasq.d/libvirt-daemon || true

I'm fine, that isn't even needed to mention in addition to the delta.
But I wanted to ask to avoid it was an accident.

Revision history for this message

Christian Ehrhardt (paelzer) wrote on 2024-12-12:

OK, I found nothing stopping you.
Once you've worked through my feedback you should be good to go so we can see it migrate before EOY.
Nothing is truly bad or gating hard, so I'll approve and trust you to go through the things I raised.

review: Approve

Revision history for this message

git-ubuntu bot (git-ubuntu-bot) wrote on 2024-12-12:

Approvers: sergiodj, paelzer
Uploaders: sergiodj, paelzer
MP auto-approved

review: Approve

Revision history for this message

Sergio Durigan Junior (sergiodj) wrote on 2024-12-16:

Download full text (7.7 KiB)

On Thursday, December 12 2024, Christian Ehrhardt  wrote:

> * Changelog:
> - [x] Changelog entry has correct version and targeted codename
> - [x] Correct formatting of changelog items
> - [-] Bug references correct
> The dropped ref to /usr/libexec/qemu/qemu-bridge-helper in apparmor profile (LP: #2079806)
> is an active one and would ping the bug again, please make that an inactive one by dropping
> the : or the # or such.

Done.

I believe this should have been done automatically by git-ubuntu, but
for some reason it fails to do it sometimes.

> * Release notes and Documentation
> - [N] Added, updated or enqueued relevant documentation.
> - [-] Added, updated or enqueued relevant release notes.
> I guess you will do that when going for 11.0 in 2025 right?
> Or is it worth to already add some in particular the split into
> multiple daemons would be nice to be added there early on (for
> the same reason we do this merge early)

I believe it's worth to do it already. I will edit write the release
notes after I upload the package.

On Thursday, December 12 2024, Christian Ehrhardt  wrote:

> * Changelog:
>   - [x] Changelog entry has correct version and targeted codename
>   - [x] Correct formatting of changelog items
>   - [-] Bug references correct
>       The dropped ref to /usr/libexec/qemu/qemu-bridge-helper in apparmor profile (LP: #2079806)
>       is an active one and would ping the bug again, please make that an inactive one by dropping
>       the : or the # or such.

Done.

I believe this should have been done automatically by git-ubuntu, but
for some reason it fails to do it sometimes.

> * Release notes and Documentation
>   - [N] Added, updated or enqueued relevant documentation.
>   - [-] Added, updated or enqueued relevant release notes.
>      I guess you will do that when going for 11.0 in 2025 right?
>      Or is it worth to already add some in particular the split into
>      multiple daemons would be nice to be added there early on (for
>      the same reason we do this merge early)

I believe it's worth to do it already.  I will edit write the release
notes after I upload the package.

> * Package Merge - indirect changes:
>   - [-] No upstream changes that need adapting due to Ubuntu's design
>     No critical ones, but a few to think about
>
>      checked, https://libvirt.org/news.html no red flags
>      Interesting is "qemu: Add support for versioned CPU models" as people always have
>      issues with those. Maybe (optional) as part of the manual tests just run
>      a v1/v2/v3 of a cpu if it works?
>
>     swtpm: Add support for profiles
>     If we know from the examples where the path is I wondered if that needs changes
>     to apparmor for the guest. But from what I see in:
> https://libvirt.org/formatdomain.html
> https://github.com/stefanberger/swtpm/releases/tag/v0.10.0
> https://launchpad.net/ubuntu/+source/libtpms
>     we need to update these dependencies to v10.0 or later
>     and then the apparmor profile there will need to include that if not already happened.
>     Worth to FYI lena and to test towards feature freeze if it works as expected.
>     Not gating for now.
>
>     no action, but I love "qemu: Automatically add IOMMU when needed"
>     worth in the release notes though
>     
>     qemu: zero block detection for non-shared-storage migration
>     same
>
>     Switch from YAJL to json-c for JSON parsing and formatting
>     uh, new dependency then I guess.
>     That is nice, it is already in main and indeed more modern.
>     We are the only important to still depend on it.
>     The only other thing holding yajl in main then is raptor2 (foundations)
> rmadison -u ubuntu -s plucky collectd crun i3-wm i3status kcat libapache2-mod-security2 libmodsecurity3t64 libraptor2-0 libraptor2-dev libtulip-core-5.4 libwgdb0 libxenmisc4.17t64 mpd python3-ijson ruby-ffi-yajl siridb-server tcl-yajltcl uwsgi-core
>  collectd                 | 5.12.0-22                        | plucky/universe | source, amd64, arm64, armhf, ppc64el, riscv64, s390x
>  crun                     | 1.18.2-1                         | plucky/universe | source, amd64, arm64, armhf, ppc64el, riscv64, s390x
>  i3-wm                    | 4.24-1                           | plucky/universe | source, amd64, arm64, armhf, ppc64el, riscv64, s390x
>  i3status                 | 2.15-1                           | plucky/universe | source, amd64, arm64, armhf, ppc64el, riscv64, s390x
>  kcat                     | 1.7.1-3                          | plucky/universe | amd64, arm64, armhf, ppc64el, riscv64, s390x
>  libapache2-mod-security2 | 2.9.8-1                          | plucky/universe | amd64, arm64, armhf, ppc64el, riscv64, s390x
>  libmodsecurity3t64       | 3.0.13-1                         | plucky/universe | amd64, arm64, armhf, ppc64el, riscv64, s390x
>  libraptor2-0             | 2.0.16-4                         | plucky          | amd64, arm64, armhf, ppc64el, riscv64, s390x
>  libraptor2-dev           | 2.0.16-4                         | plucky          | amd64, arm64, armhf, ppc64el, riscv64, s390x
>  libtulip-core-5.4        | 5.4.0+dfsg-3.1                   | plucky/universe | amd64, arm64, ppc64el, riscv64, s390x
>  libwgdb0                 | 0.7.3+git211004+dfsg-1           | plucky/universe | amd64, arm64, armhf, ppc64el, riscv64, s390x
>  libxenmisc4.17t64        | 4.17.3+10-g091466ba55-1.1ubuntu3 | plucky/universe | amd64, arm64, armhf
>  mpd                      | 0.23.15-1build2                  | plucky/universe | source, amd64, arm64, armhf, ppc64el, riscv64, s390x
>  python3-ijson            | 3.3.0-1                          | plucky/universe | amd64, arm64, armhf, ppc64el, riscv64, s390x
>  ruby-ffi-yajl            | 2.3.1-3build7                    | plucky/universe | source, amd64, arm64, armhf, ppc64el, riscv64, s390x
>  siridb-server            | 2.0.52-1                         | plucky/universe | source, amd64, arm64, armhf, ppc64el, riscv64, s390x
>  tcl-yajltcl              | 1.8.1-1                          | plucky/universe | amd64, arm64, armhf, ppc64el, riscv64, s390x
>  uwsgi-core               | 2.0.26-2ubuntu3                  | plucky/universe | amd64, arm64, armhf, ppc64el, riscv64, s390x
>    might be worth a friendly FYI ping to them to consider shifting that last thing to get rid if yajl is really discontinued upstream (before 26.04)
>
>
>    Some speedup for windows paravirt (enlightments), nice to have
>
>    => no hard action, but some worth to know about

Thanks for outlining the important bits from upstream's release notes.
I'll make sure to cover those when I write our notes.

> * Package Merge - old delta:
>   - [x] Dropped changes are ok to be dropped
>   - [-] Nothing else to drop
>      I think we can change the comment at retaining LIBVIRT_DEFAULT_URI
>      It has nothing to do with xen anymore - only about more system virt centric as default for us.

Good point.  Done.

>      I thought about passt, but it is still at 0.0~git20241211.09478d5-1
>      main maybe some day, but probably not at 0.0...
>      let me know if you think otherwise

Good question.  Upstream seems very active, and the Debian maintainer
is also upstream.  I honestly don't think passt follows a regular
release process, and as such I don't expect it to ever have a
"0.something" release.

The package is 2 years old, maybe it is indeed time to MIR it.

>     We have one super old delta, probably not needed anymore
>     we picke dup
>       966     - d/control: Use libc6-dev instead of libc-dev as a build dependency         
>     as response to
>      1139   * [689bbe6] control: switch libc6-dev B-D to libc-dev                          
>      1140     - Should make libvirt buildable on architectures that don't                  
>      1141       have libc6-dev (e.g. ia64)    
>     But we failed to note a bug why we need it and when we can let go or if we could upstream to debian.
>     Maybe Lena remembers, but worth test dropping?

I kept wondering about this delta, thanks for the context.

I'll building without it, it's probably not needed anymore.

> * Build/Test:
>   - [x] Build is OK
>   - [N] This is an SRU, the validation instructions are ok
>   - [N] Testcases added or adapted (N/A if not strictly required or already present)
>   - [pending by sergio] autopkgtest against the PPA package passes (if possible, evidence was provided already)
>   - [N] Verified PPA package installs/uninstalls
>   - [N] Verified function manually
>     Testing is done by the regression checks and you run and ran those - better than manual sanity check by me.
>
> On that level a few comment, hints questions and suggestions above.
> But no show stopper.
>
> I'll go deep in range-diff comparison before I call it fully final, but so much for now.

Thanks.

-- 
Sergio
GPG key ID: E92F D0B3 6B14 F1F4 D8E0  EB2F 106D A1C8 C3CB BF14

~sergiodj/ubuntu/+source/libvirt:merge-10.10.0-1-plucky updated on 2024-12-16

411ce71... by Sergio Durigan Junior on 2024-12-16: merge-changelogs
8f5a08a... by Sergio Durigan Junior on 2024-12-16: reconstruct-changelog
1d7c38c... by Sergio Durigan Junior on 2024-12-16: update-maintainer

Revision history for this message

Sergio Durigan Junior (sergiodj) wrote on 2024-12-16:

On Thursday, December 12 2024, Christian Ehrhardt  wrote:

> 3: e017e6260e < -: ---------- - d/control: drop libvirt-lxc, vbox and xen drivers to suggest
> -: ---------- > 3: 0e4265315f - d/control: drop libvirt-lxc, vbox and xen drivers to suggest
>
> The trio is fine
> - libvirt-daemon-driver-lxc (= ${binary:Version}) [${ARCHES_LXC}],
> - libvirt-daemon-driver-vbox (= ${binary:Version}) [${ARCHES_VBOX}],
> - libvirt-daemon-driver-xen (= ${binary:Version}) [${ARCHES_XEN}],
> ...
> moving recommended -> suggested as intended
>
> But in there is a hidden change.
>
> Recommends:
> + libvirt-daemon-lock (= ${binary:Version}),
> +Suggests:
> libvirt-daemon-driver-lxc (= ${binary:Version}) [${ARCHES_LXC}],
> libvirt-daemon-driver-xen (= ${binary:Version}) [${ARCHES_XEN}],
> - libvirt-daemon-lock (= ${binary:Version}),
> Description: Virtualization daemon typical deployment
>
> Is that an accident - remove it
> Is it intentional then separate the commits and explain why we do it and mention in changelog?
> Am I looking at it the wrong way, explain so I do not die dumb.

This is done because, previously, we had:

Recommends:
libvirt-daemon-driver-lxc (= ${binary:Version}) [${ARCHES_LXC}],
libvirt-daemon-driver-xen (= ${binary:Version}) [${ARCHES_XEN}],
libvirt-daemon-lock (= ${binary:Version}),

and now we have:

Recommends:
libvirt-daemon-lock (= ${binary:Version}),
Suggests:
libvirt-daemon-driver-lxc (= ${binary:Version}) [${ARCHES_LXC}],
libvirt-daemon-driver-xen (= ${binary:Version}) [${ARCHES_XEN}],

IOW, libvirt-daemon-lock is being kept as a Recommends, while the other
two modules are downgraded to Suggests.

IMHO this is not a matter of splitting the commit in two, even though it
*looks* like the commit is doing two things at once.

Does it make more sense now?

--
Sergio
GPG key ID: E92F D0B3 6B14 F1F4 D8E0 EB2F 106D A1C8 C3CB BF14

Revision history for this message

Sergio Durigan Junior (sergiodj) wrote on 2024-12-16:

On Thursday, December 12 2024, Christian Ehrhardt  wrote:

> 23: 917245aea2 ! 23: 2adea22289 + Add dnsmasq configuration to work with system wide dnsmasq-base
> Not too important, if -rf goes worng we might want to know.
> But any particular reason you changed
> -+ rm -f /etc/dnsmasq.d/libvirt-daemon 2>/dev/null || true
> ++ rm -f /etc/dnsmasq.d/libvirt-daemon || true
>
> I'm fine, that isn't even needed to mention in addition to the delta.
> But I wanted to ask to avoid it was an accident.

Good catch, and it wasn't an accident. The reason I did that is because
we should not silence errors during the {post,pre}{inst,rm} scripts. I
considered this change too small/unimportant to be mentioned in the
changelog.

--
Sergio
GPG key ID: E92F D0B3 6B14 F1F4 D8E0 EB2F 106D A1C8 C3CB BF14

Revision history for this message

Sergio Durigan Junior (sergiodj) wrote on 2024-12-16:

On Thursday, December 12 2024, git-ubuntu bot wrote:

> Review: Approve

Thank you again, Christian.

dep8 results:

Results: (from http://autopkgtest.ubuntu.com/results/autopkgtest-plucky-sergiodj-libvirt/?format=plain)
  libvirt @ amd64:
    http://autopkgtest.ubuntu.com/results/autopkgtest-plucky-sergiodj-libvirt/plucky/amd64/libv/libvirt/20241216_215054_906c7@/log.gz
    16.12.24 21:50:54 ✅ Triggers: libvirt/10.10.0-1ubuntu1~ppa2
  libvirt @ arm64:
    http://autopkgtest.ubuntu.com/results/autopkgtest-plucky-sergiodj-libvirt/plucky/arm64/libv/libvirt/20241216_215155_09ba0@/log.gz
    16.12.24 21:51:55 ✅ Triggers: libvirt/10.10.0-1ubuntu1~ppa2
  libvirt @ armhf:
    http://autopkgtest.ubuntu.com/results/autopkgtest-plucky-sergiodj-libvirt/plucky/armhf/libv/libvirt/20241216_215526_eb709@/log.gz
    16.12.24 21:55:26 ✅ Triggers: libvirt/10.10.0-1ubuntu1~ppa2
  libvirt @ ppc64el:
    http://autopkgtest.ubuntu.com/results/autopkgtest-plucky-sergiodj-libvirt/plucky/ppc64el/libv/libvirt/20241216_215450_2dc98@/log.gz
    16.12.24 21:54:50 ✅ Triggers: libvirt/10.10.0-1ubuntu1~ppa2
  libvirt @ s390x:
    http://autopkgtest.ubuntu.com/results/autopkgtest-plucky-sergiodj-libvirt/plucky/s390x/libv/libvirt/20241216_215031_84543@/log.gz
    16.12.24 21:50:31 ✅ Triggers: libvirt/10.10.0-1ubuntu1~ppa2

I've now addressed all of your comments.

Uploaded:

$ dput libvirt_10.10.0-1ubuntu1_source.changes
Trying to upload package to ubuntu
Checking signature on .changes
gpg: /home/sergio/work/libvirt/libvirt_10.10.0-1ubuntu1_source.changes: Valid signature from 106DA1C8C3CBBF14
Checking signature on .dsc
gpg: /home/sergio/work/libvirt/libvirt_10.10.0-1ubuntu1.dsc: Valid signature from 106DA1C8C3CBBF14
Uploading to ubuntu (via ftp to upload.ubuntu.com):
  Uploading libvirt_10.10.0-1ubuntu1.dsc: done.
  Uploading libvirt_10.10.0.orig.tar.xz: done.
  Uploading libvirt_10.10.0.orig.tar.xz.asc: done.
  Uploading libvirt_10.10.0-1ubuntu1.debian.tar.xz: done.
  Uploading libvirt_10.10.0-1ubuntu1_source.buildinfo: done.
  Uploading libvirt_10.10.0-1ubuntu1_source.changes: done.
Successfully uploaded packages.

--
Sergio
GPG key ID: E92F D0B3 6B14 F1F4 D8E0 EB2F 106D A1C8 C3CB BF14

On Thursday, December 12 2024, git-ubuntu bot wrote:

> Review: Approve

Thank you again, Christian.

dep8 results:

Results: (from http://autopkgtest.ubuntu.com/results/autopkgtest-plucky-sergiodj-libvirt/?format=plain)
  libvirt @ amd64:
    http://autopkgtest.ubuntu.com/results/autopkgtest-plucky-sergiodj-libvirt/plucky/amd64/libv/libvirt/20241216_215054_906c7@/log.gz
    16.12.24 21:50:54   ✅     Triggers: libvirt/10.10.0-1ubuntu1~ppa2
  libvirt @ arm64:
    http://autopkgtest.ubuntu.com/results/autopkgtest-plucky-sergiodj-libvirt/plucky/arm64/libv/libvirt/20241216_215155_09ba0@/log.gz
    16.12.24 21:51:55   ✅     Triggers: libvirt/10.10.0-1ubuntu1~ppa2
  libvirt @ armhf:
    http://autopkgtest.ubuntu.com/results/autopkgtest-plucky-sergiodj-libvirt/plucky/armhf/libv/libvirt/20241216_215526_eb709@/log.gz
    16.12.24 21:55:26   ✅     Triggers: libvirt/10.10.0-1ubuntu1~ppa2
  libvirt @ ppc64el:
    http://autopkgtest.ubuntu.com/results/autopkgtest-plucky-sergiodj-libvirt/plucky/ppc64el/libv/libvirt/20241216_215450_2dc98@/log.gz
    16.12.24 21:54:50   ✅     Triggers: libvirt/10.10.0-1ubuntu1~ppa2
  libvirt @ s390x:
    http://autopkgtest.ubuntu.com/results/autopkgtest-plucky-sergiodj-libvirt/plucky/s390x/libv/libvirt/20241216_215031_84543@/log.gz
    16.12.24 21:50:31   ✅     Triggers: libvirt/10.10.0-1ubuntu1~ppa2

I've now addressed all of your comments.

Uploaded:

$ dput libvirt_10.10.0-1ubuntu1_source.changes
Trying to upload package to ubuntu
Checking signature on .changes
gpg: /home/sergio/work/libvirt/libvirt_10.10.0-1ubuntu1_source.changes: Valid signature from 106DA1C8C3CBBF14
Checking signature on .dsc
gpg: /home/sergio/work/libvirt/libvirt_10.10.0-1ubuntu1.dsc: Valid signature from 106DA1C8C3CBBF14
Uploading to ubuntu (via ftp to upload.ubuntu.com):
  Uploading libvirt_10.10.0-1ubuntu1.dsc: done.
  Uploading libvirt_10.10.0.orig.tar.xz: done.      
  Uploading libvirt_10.10.0.orig.tar.xz.asc: done.
  Uploading libvirt_10.10.0-1ubuntu1.debian.tar.xz: done.    
  Uploading libvirt_10.10.0-1ubuntu1_source.buildinfo: done.
  Uploading libvirt_10.10.0-1ubuntu1_source.changes: done.
Successfully uploaded packages.

-- 
Sergio
GPG key ID: E92F D0B3 6B14 F1F4 D8E0  EB2F 106D A1C8 C3CB BF14

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk

The diff has been truncated for viewing.

Subscribers

People subscribed via source and target branches

to all changes:

Sergio Durigan Junior

Wesley Hershberger

git-ubuntu developers

 diff --git a/debian/changelog b/debian/changelog
 index b0c799c..557f055 100644
 --- a/debian/changelog
 +++ b/debian/changelog
@@ -1,3 +1,4 @@
++<<<<<<< debian/changelog
  libvirt (10.10.0-3) unstable; urgency=medium
    [ Heinrich Schuchardt ]
@@ -21,6 +22,114 @@ libvirt (10.10.0-2) experimental; urgency=medium
    * [065cbe9] control: Introduce ssh-proxy package
   -- Andrea Bolognani <eof@kiyuko.org>  Thu, 05 Dec 2024 23:39:07 +0100
++=======
++libvirt (10.10.0-1ubuntu1) plucky; urgency=medium
++
++  * Merge with Debian unstable (LP: #2085246). Remaining changes:
++    - Disable libssh2 support (universe dependency)
++    - d/control: add libzfslinux-dev to build-deps
++    - d/control: drop libvirt-lxc, vbox and xen drivers to suggest
++    - debian/patches/ubuntu/ovmf_paths.patch: adjust paths to secboot.fd UEFI
++      Secure Boot enabled variants of the OVMF firmware and variable store for
++      the paths where we ship these files in Ubuntu.
++    - Set qemu-group to kvm (for compat with older ubuntu)
++    - Additional apport package-hook
++    - Autostart default bridged network (As upstream does, but not Debian).
++      In addition to just enabling it our solution provides:
++      + do not autostart if subnet is already taken (e.g. in guests).
++      + iterate some alternative subnets before giving up
++    - d/p/ubuntu/Allow-libvirt-group-to-access-the-socket.patch: This is
++      the group based access to libvirt functions as it was used in Ubuntu
++      for quite a long time.
++      + d/p/ubuntu/daemon-augeas-fix-expected.patch fix some related tests
++        due to the group access change.
++      + d/libvirt-daemon-driver-qemu.postinst*: add users in sudo to the libvirt
++        group.
++    - Update README.Debian with Ubuntu changes
++    - d/p/ubuntu/ubuntu_machine_type.patch: accept ubuntu types as pci440fx
++    - fix autopkgtests (LP 1899180)
++      + d/t/control, d/t/smoke-qemu-session: fixup smoke-qemu-session by making
++        vmlinuz available and accessible (Debian bug 848314)
++      + d/t/control: fix smoke-qemu-session by ensuring the service will run
++        installing libvirt-daemon-system
++      + d/t/smoke-lxc: fix smoke-lxc by ignoring potential issues on destroy as
++        long as the following undefine succeeds
++      + d/t/smoke-lxc: use systemd instead of sysV to restart the service
++      + d/t/control, d/t/smoke-lxc: retry service restart and skip test if
++        failing; This was flaky on some release/architectures
++      + d/t/smoke-lxc: retry check_domain being flaky on arm64
++    - dnsmasq related enhancements
++      + run dnsmasq as libvirt-dnsmasq (LP 1743718)
++      + d/libvirt-daemon-driver-qemu.postinst*: add libvirt-dnsmasq user and group
++      + d/libvirt-daemon-driver-qemu.postrm*: remove libvirt-dnsmasq user and group
++        on purge
++      + d/p/ubuntu/dnsmasq-as-priv-user: write dnsmasq config with user
++        libvirt-dnsmasq and adapt the self tests to expect that config
++      + d/libvirt-daemon-system.postinst: fix old libvirt-dnsmasq users group
++      + Add dnsmasq configuration to work with system wide dnsmasq-base
++    - d/p/ubuntu/set-default-machine-to-ubuntu.patch: to select default
++      machine type correctly with newer qemu/libvirt
++    - d/p/ubuntu/lp-1861125-ubuntu-models: recognize Ubuntu models for
++      (LP 1861125) fixups
++    - d/p/ubuntu/wait-for-qemu-kvm.patch - avoid hangs on startup (LP 1887592)
++    - d/libvirt-daemon-common.libvirt-guests.default: shut guests down
++      in parallel
++    - Apparmor Delta that is Ubuntu specific or yet to be upstreamed
++      split into logical pieces. File names in debian/patches/ubuntu-aa/:
++      + 0020-virt-aa-helper-ubuntu-storage-paths.patch:
++        apparmor, virt-aa-helper: Allow various storage pools and image
++        locations
++      + 0029-appmor-libvirt-qemu-Add-9p-support.patch: appmor,
++        libvirt-qemu: Add 9p support
++      + 0031-virt-aa-helper-Ask-for-no-deny-rule-for-readonly-dis.patch:
++        virt-aa-helper: Ask for no deny rule for readonly disk
++      + 0032-apparmor-libvirt-qemu-Allow-reading-charm-specific-c.patch:
++        apparmor, libvirt-qemu: Allow reading charm-specific ceph config
++      + 0033-UBUNTU-only-apparmor-for-kvm.powerpc-LP-1680384.patch: allow
++        commands executed by ubuntu only kvm wrapper on ppc64el
++        (LP 1686621 LP 1680384 LP 1784023)
++      + 0034-apparmor-virt-aa-helper-access-for-snapped-nova.patch:
++        apparmor, virt-aa-helper: access for snapped nova
++      + lp-1815910-allow-vhost-hotplug.patch: avoid apparmor issues
++        with vhost-net/vhost-vsock/vhost-scsi hotplug (LP 1815910)
++    - libvirt should not use user/group tss for swtpm (LP 1948880)
++      + d/libvirt-daemon-system.postinst: own swtpm logdir by user swtpm
++      + d/p/u/swtpm-by-swtpm-user.patch: change default spawned swtpm processes
++        to user swtpm and adapt expected self test result changes triggered by
++        this
++      + d/libvirt-daemon-system.postinst: create user/group swtpm if not present
++        due to swtpm-tools (LP 1951975)
++    - d/libvirt-clients.lintian-overrides: Add script-not-executable lintian
++      override
++    - libvirt-uri.sh, d/rules: Automatically switch default libvirt URI
++      for users via user profile (qemu:///system)
++      + Update: Set LIBVIRT_DEFAULT_URI to "qemu:///system" in all
++        cases. (LP #2027838)
++    - d/control: Demote passt to Suggests (from Recommends) for
++      libvirt-daemon-driver-qemu, because passt is in universe.
++  * Drop changes:
++    - Apply upstream patch to allow access to
++      /usr/libexec/qemu/qemu-bridge-helper in apparmor profile (LP #2079806)
++      [ Applied upstream. ]
++    - SECURITY UPDATE: virtinterfaced null pointer DoS
++      + debian/patches/CVE-2024-8235.patch: honour array length for
++        zero-length NULL arrays in src/interface/interface_backend_udev.c.
++      + CVE-2024-8235
++      [ Applied upstream. ]
++    - d/p/u/lp-2083986-drop-vmx-from-migratable-cpu-when-origCPU-set.patch:
++      Backport upstream patch to fix issues with domain migrations
++      between two nested VMs due to mismatched check of CPU
++      features. (LP #2083986)
++      [ Applied upstream. ]
++    - d/control: Use libc6-dev instead of libc-dev as a build dependency
++      [ Not needed anymore. ]
++  * Add changes:
++    [ Heinrich Schuchardt ]
++    - d/p/ubuntu-aa/virt-aa-helper-allow-riscv64-EDK-II.patch:
++      virt-aa-helper: allow riscv64 EDK II (LP: #2091357)
++
++ -- Sergio Durigan Junior <sergio.durigan@canonical.com>  Mon, 16 Dec 2024 14:46:34 -0500
++>>>>>>> debian/changelog
  libvirt (10.10.0-1) unstable; urgency=medium
@@ -143,6 +252,126 @@ libvirt (10.6.0-2) experimental; urgency=medium
   -- Andrea Bolognani <eof@kiyuko.org>  Sat, 24 Aug 2024 13:37:16 +0200
++libvirt (10.6.0-1ubuntu5) plucky; urgency=medium
++
++   - d/p/u/lp-2083986-drop-vmx-from-migratable-cpu-when-origCPU-set.patch:
++     Backport upstream patch to fix issues with domain migrations
++     between two nested VMs due to mismatched check of CPU
++     features. (LP: #2083986)
++
++ -- Sergio Durigan Junior <sergio.durigan@canonical.com>  Mon, 25 Nov 2024 21:14:16 -0500
++
++libvirt (10.6.0-1ubuntu4) plucky; urgency=medium
++
++  * No-change rebuild for libwireshark18
++
++ -- Sudip Mukherjee <sudipm.mukherjee@gmail.com>  Sat, 02 Nov 2024 18:53:35 +0000
++
++libvirt (10.6.0-1ubuntu3) oracular; urgency=medium
++
++  * SECURITY UPDATE: virtinterfaced null pointer DoS
++    - debian/patches/CVE-2024-8235.patch: honour array length for
++      zero-length NULL arrays in src/interface/interface_backend_udev.c.
++    - CVE-2024-8235
++
++ -- Marc Deslauriers <marc.deslauriers@ubuntu.com>  Mon, 09 Sep 2024 14:30:28 -0400
++
++libvirt (10.6.0-1ubuntu2) oracular; urgency=medium
++
++  * Apply upstream patch to allow access to
++    /usr/libexec/qemu/qemu-bridge-helper in apparmor profile (LP: #2079806)
++    - d/p/ubuntu-aa/allow-more-paths-for-qemu-bridge-helper.patch
++
++ -- Olivier Gayot <olivier.gayot@canonical.com>  Fri, 06 Sep 2024 12:04:29 +0200
++
++libvirt (10.6.0-1ubuntu1) oracular; urgency=medium
++
++  * Merge with Debian unstable (LP: #2076676). Remaining changes:
++    - Disable libssh2 support (universe dependency)
++    - d/control: add libzfslinux-dev to build-deps
++    - d/control: drop libvirt-lxc, vbox and xen drivers to suggest
++    - debian/patches/ubuntu/ovmf_paths.patch: adjust paths to secboot.fd UEFI
++      Secure Boot enabled variants of the OVMF firmware and variable store for
++      the paths where we ship these files in Ubuntu.
++    - Set qemu-group to kvm (for compat with older ubuntu)
++    - Additional apport package-hook
++    - Autostart default bridged network (As upstream does, but not Debian).
++      In addition to just enabling it our solution provides:
++      + do not autostart if subnet is already taken (e.g. in guests).
++      + iterate some alternative subnets before giving up
++    - d/p/ubuntu/Allow-libvirt-group-to-access-the-socket.patch: This is
++      the group based access to libvirt functions as it was used in Ubuntu
++      for quite a long time.
++      + d/p/ubuntu/daemon-augeas-fix-expected.patch fix some related tests
++        due to the group access change.
++      + d/libvirt-daemon-system.postinst: add users in sudo to the libvirt
++        group.
++    - Update README.Debian with Ubuntu changes
++    - d/p/ubuntu/ubuntu_machine_type.patch: accept ubuntu types as pci440fx
++    - fix autopkgtests (LP 1899180)
++      + d/t/control, d/t/smoke-qemu-session: fixup smoke-qemu-session by making
++        vmlinuz available and accessible (Debian bug 848314)
++      + d/t/control: fix smoke-qemu-session by ensuring the service will run
++        installing libvirt-daemon-system
++      + d/t/smoke-lxc: fix smoke-lxc by ignoring potential issues on destroy as
++        long as the following undefine succeeds
++      + d/t/smoke-lxc: use systemd instead of sysV to restart the service
++      + d/t/control, d/t/smoke-lxc: retry service restart and skip test if
++        failing; This was flaky on some release/architectures
++      + d/t/smoke-lxc: retry check_domain being flaky on arm64
++    - dnsmasq related enhancements
++      + run dnsmasq as libvirt-dnsmasq (LP 1743718)
++      + d/libvirt-daemon-system.postinst: add libvirt-dnsmasq user and group
++      + d/libvirt-daemon-system.postrm: remove libvirt-dnsmasq user and group
++        on purge
++      + d/p/ubuntu/dnsmasq-as-priv-user: write dnsmasq config with user
++        libvirt-dnsmasq and adapt the self tests to expect that config
++      + d/libvirt-daemon-system.postinst: fix old libvirt-dnsmasq users group
++      + Add dnsmasq configuration to work with system wide dnsmasq-base
++    - d/p/ubuntu/set-default-machine-to-ubuntu.patch: to select default
++      machine type correctly with newer qemu/libvirt
++    - d/p/ubuntu/lp-1861125-ubuntu-models: recognize Ubuntu models for
++      (LP 1861125) fixups
++    - d/p/ubuntu/wait-for-qemu-kvm.patch - avoid hangs on startup (LP 1887592)
++    - d/libvirt-daemon-system.libvirt-guests.default: shut guests down
++      in parallel
++    - Apparmor Delta that is Ubuntu specific or yet to be upstreamed
++      split into logical pieces. File names in debian/patches/ubuntu-aa/:
++      + 0020-virt-aa-helper-ubuntu-storage-paths.patch:
++        apparmor, virt-aa-helper: Allow various storage pools and image
++        locations
++      + 0029-appmor-libvirt-qemu-Add-9p-support.patch: appmor,
++        libvirt-qemu: Add 9p support
++      + 0031-virt-aa-helper-Ask-for-no-deny-rule-for-readonly-dis.patch:
++        virt-aa-helper: Ask for no deny rule for readonly disk
++      + 0032-apparmor-libvirt-qemu-Allow-reading-charm-specific-c.patch:
++        apparmor, libvirt-qemu: Allow reading charm-specific ceph config
++      + 0033-UBUNTU-only-apparmor-for-kvm.powerpc-LP-1680384.patch: allow
++        commands executed by ubuntu only kvm wrapper on ppc64el
++        (LP 1686621 LP 1680384 LP 1784023)
++      + 0034-apparmor-virt-aa-helper-access-for-snapped-nova.patch:
++        apparmor, virt-aa-helper: access for snapped nova
++      + lp-1815910-allow-vhost-hotplug.patch: avoid apparmor issues
++        with vhost-net/vhost-vsock/vhost-scsi hotplug (LP 1815910)
++    - libvirt should not use user/group tss for swtpm (LP 1948880)
++      + d/libvirt-daemon-system.postinst: own swtpm logdir by user swtpm
++      + d/p/u/swtpm-by-swtpm-user.patch: change default spawned swtpm processes
++        to user swtpm and adapt expected self test result changes triggered by
++        this
++      + d/libvirt-daemon-system.postinst: create user/group swtpm if not present
++        due to swtpm-tools (LP 1951975)
++    - d/control: Use libc6-dev instead of libc-dev as a build dependency
++    - d/libvirt-clients.lintian-overrides: Add script-not-executable lintian
++      override
++    - libvirt-uri.sh, d/rules: Automatically switch default libvirt URI
++      for users via user profile (xen URI on dom0, qemu:///system otherwise)
++      + Update: Set LIBVIRT_DEFAULT_URI to "qemu:///system" in all
++        cases, do not set to "xen:///" (LP #2027838)
++    - d/control: Demote passt to Suggests (from Recommends) for
++      libvirt-daemon-driver-qemu, because passt is in universe.
++
++ -- Sergio Durigan Junior <sergio.durigan@canonical.com>  Mon, 12 Aug 2024 15:14:48 -0400
++
  libvirt (10.6.0-1) unstable; urgency=medium
    * [65e5d2b] New upstream version 10.6.0
@@ -159,6 +388,110 @@ libvirt (10.6.0-1) unstable; urgency=medium
   -- Andrea Bolognani <eof@kiyuko.org>  Wed, 07 Aug 2024 02:50:03 +0200
++libvirt (10.5.0-1ubuntu1) oracular; urgency=medium
++
++  * Merge with Debian unstable (LP: #2064422). Remaining changes:
++    - Disable libssh2 support (universe dependency)
++    - d/control: add libzfslinux-dev to build-deps
++    - d/control: drop libvirt-lxc, vbox and xen drivers to suggest
++    - debian/patches/ubuntu/ovmf_paths.patch: adjust paths to secboot.fd UEFI
++      Secure Boot enabled variants of the OVMF firmware and variable store for
++      the paths where we ship these files in Ubuntu.
++    - Set qemu-group to kvm (for compat with older ubuntu)
++    - Additional apport package-hook
++    - Autostart default bridged network (As upstream does, but not Debian).
++      In addition to just enabling it our solution provides:
++      + do not autostart if subnet is already taken (e.g. in guests).
++      + iterate some alternative subnets before giving up
++    - d/p/ubuntu/Allow-libvirt-group-to-access-the-socket.patch: This is
++      the group based access to libvirt functions as it was used in Ubuntu
++      for quite a long time.
++      + d/p/ubuntu/daemon-augeas-fix-expected.patch fix some related tests
++        due to the group access change.
++      + d/libvirt-daemon-system.postinst: add users in sudo to the libvirt
++        group.
++    - Update README.Debian with Ubuntu changes
++    - d/p/ubuntu/ubuntu_machine_type.patch: accept ubuntu types as pci440fx
++    - fix autopkgtests (LP 1899180)
++      + d/t/control, d/t/smoke-qemu-session: fixup smoke-qemu-session by making
++        vmlinuz available and accessible (Debian bug 848314)
++      + d/t/control: fix smoke-qemu-session by ensuring the service will run
++        installing libvirt-daemon-system
++      + d/t/smoke-lxc: fix smoke-lxc by ignoring potential issues on destroy as
++        long as the following undefine succeeds
++      + d/t/smoke-lxc: use systemd instead of sysV to restart the service
++      + d/t/control, d/t/smoke-lxc: retry service restart and skip test if
++        failing; This was flaky on some release/architectures
++      + d/t/smoke-lxc: retry check_domain being flaky on arm64
++    - dnsmasq related enhancements
++      + run dnsmasq as libvirt-dnsmasq (LP 1743718)
++      + d/libvirt-daemon-system.postinst: add libvirt-dnsmasq user and group
++      + d/libvirt-daemon-system.postrm: remove libvirt-dnsmasq user and group
++        on purge
++      + d/p/ubuntu/dnsmasq-as-priv-user: write dnsmasq config with user
++        libvirt-dnsmasq and adapt the self tests to expect that config
++      + d/libvirt-daemon-system.postinst: fix old libvirt-dnsmasq users group
++      + Add dnsmasq configuration to work with system wide dnsmasq-base
++    - d/p/ubuntu/set-default-machine-to-ubuntu.patch: to select default
++      machine type correctly with newer qemu/libvirt
++    - d/p/ubuntu/lp-1861125-ubuntu-models: recognize Ubuntu models for
++      (LP 1861125) fixups
++    - d/p/ubuntu/wait-for-qemu-kvm.patch - avoid hangs on startup (LP 1887592)
++    - d/libvirt-daemon-system.libvirt-guests.default: shut guests down
++      in parallel
++    - Apparmor Delta that is Ubuntu specific or yet to be upstreamed
++      split into logical pieces. File names in debian/patches/ubuntu-aa/:
++      + 0020-virt-aa-helper-ubuntu-storage-paths.patch:
++        apparmor, virt-aa-helper: Allow various storage pools and image
++        locations
++      + 0029-appmor-libvirt-qemu-Add-9p-support.patch: appmor,
++        libvirt-qemu: Add 9p support
++      + 0031-virt-aa-helper-Ask-for-no-deny-rule-for-readonly-dis.patch:
++        virt-aa-helper: Ask for no deny rule for readonly disk
++      + 0032-apparmor-libvirt-qemu-Allow-reading-charm-specific-c.patch:
++        apparmor, libvirt-qemu: Allow reading charm-specific ceph config
++      + 0033-UBUNTU-only-apparmor-for-kvm.powerpc-LP-1680384.patch: allow
++        commands executed by ubuntu only kvm wrapper on ppc64el
++        (LP 1686621 LP 1680384 LP 1784023)
++      + 0034-apparmor-virt-aa-helper-access-for-snapped-nova.patch:
++        apparmor, virt-aa-helper: access for snapped nova
++      + lp-1815910-allow-vhost-hotplug.patch: avoid apparmor issues
++        with vhost-net/vhost-vsock/vhost-scsi hotplug (LP 1815910)
++    - libvirt should not use user/group tss for swtpm (LP 1948880)
++      + d/libvirt-daemon-system.postinst: own swtpm logdir by user swtpm
++      + d/p/u/swtpm-by-swtpm-user.patch: change default spawned swtpm processes
++        to user swtpm and adapt expected self test result changes triggered by
++        this
++      + d/libvirt-daemon-system.postinst: create user/group swtpm if not present
++        due to swtpm-tools (LP 1951975)
++    - d/control: Use libc6-dev instead of libc-dev as a build dependency
++    - d/libvirt-clients.lintian-overrides: Add script-not-executable lintian
++      override
++    - libvirt-uri.sh, d/rules: Automatically switch default libvirt URI
++      for users via user profile (xen URI on dom0, qemu:///system otherwise)
++      + Update: Set LIBVIRT_DEFAULT_URI to "qemu:///system" in all
++        cases, do not set to "xen:///" (LP #2027838)
++    - d/control: Demote passt to Suggests (from Recommends) for
++      libvirt-daemon-driver-qemu, because passt is in universe.
++  * Drop changes (present in the new upstream version):
++    - d/p/u/lp-2051754-*.patch: Backport upstream fix for LP: #2051754.
++    - SECURITY UPDATE: off-by-one in udevListInterfacesByStatus()
++      + debian/patches/CVE-2024-1441.patch: properly check count in
++        src/interface/interface_backend_udev.c.
++      + CVE-2024-1441
++    - SECURITY UPDATE: crash in RPC library
++      + debian/patches/CVE-2024-2494.patch: check values in
++        src/remote/remote_daemon_dispatch.c, src/rpc/gendispatch.pl.
++      + CVE-2024-2494
++    - SECURITY UPDATE: stack use-after-free in virNetClientIOEventLoop()
++      + debian/patches/CVE-2024-4418.patch: ensure temporary GSource is
++        removed from client event loop in src/rpc/virnetclient.c.
++      + CVE-2024-4418
++    - d/p/u/lp-2071848-fix-migration-with-disabled-vmx-features.patch:
++      Fix migration issues with disabled vmx-* CPU features. (LP #2071848)
++
++ -- Sergio Durigan Junior <sergio.durigan@canonical.com>  Tue, 23 Jul 2024 18:42:08 -0400
++
  libvirt (10.5.0-1) unstable; urgency=medium
    * [a8c62f5] New upstream version 10.5.0
@@ -223,6 +556,165 @@ libvirt (10.0.0-3) experimental; urgency=medium
   -- Andrea Bolognani <eof@kiyuko.org>  Wed, 21 Feb 2024 23:04:34 +0100
++libvirt (10.0.0-2ubuntu9) oracular; urgency=medium
++
++  * d/p/u/lp-2071848-fix-migration-with-disabled-vmx-features.patch:
++    Fix migration issues with disabled vmx-* CPU features. (LP: #2071848)
++
++ -- Sergio Durigan Junior <sergio.durigan@canonical.com>  Thu, 04 Jul 2024 16:06:28 -0400
++
++libvirt (10.0.0-2ubuntu8.2) noble-security; urgency=medium
++
++  * SECURITY UPDATE: stack use-after-free in virNetClientIOEventLoop()
++    - debian/patches/CVE-2024-4418.patch: ensure temporary GSource is
++      removed from client event loop in src/rpc/virnetclient.c.
++    - CVE-2024-4418
++
++ -- Marc Deslauriers <marc.deslauriers@ubuntu.com>  Mon, 06 May 2024 09:12:37 -0400
++
++libvirt (10.0.0-2ubuntu8.1) noble-security; urgency=medium
++
++  * SECURITY UPDATE: off-by-one in udevListInterfacesByStatus()
++    - debian/patches/CVE-2024-1441.patch: properly check count in
++      src/interface/interface_backend_udev.c.
++    - CVE-2024-1441
++  * SECURITY UPDATE: crash in RPC library
++    - debian/patches/CVE-2024-2494.patch: check values in
++      src/remote/remote_daemon_dispatch.c, src/rpc/gendispatch.pl.
++    - CVE-2024-2494
++
++ -- Marc Deslauriers <marc.deslauriers@ubuntu.com>  Thu, 18 Apr 2024 11:42:32 -0400
++
++libvirt (10.0.0-2ubuntu8) noble; urgency=medium
++
++  * Rebuild against new libpcap0.8t64.
++
++ -- Gianfranco Costamagna <locutusofborg@debian.org>  Mon, 15 Apr 2024 10:17:16 +0200
++
++libvirt (10.0.0-2ubuntu7) noble; urgency=medium
++
++  * No-change rebuild for CVE-2024-3094
++
++ -- Steve Langasek <steve.langasek@ubuntu.com>  Sun, 31 Mar 2024 02:19:57 +0000
++
++libvirt (10.0.0-2ubuntu6) noble; urgency=medium
++
++  * d/p/u/lp-2051754-*.patch: Backport upstream fix for LP: #2051754.
++
++ -- Sergio Durigan Junior <sergio.durigan@canonical.com>  Tue, 19 Mar 2024 22:22:12 -0400
++
++libvirt (10.0.0-2ubuntu5) noble; urgency=medium
++
++  * No-change rebuild against libcurl3t64-gnutls
++
++ -- Steve Langasek <steve.langasek@ubuntu.com>  Sat, 16 Mar 2024 07:06:57 +0000
++
++libvirt (10.0.0-2ubuntu4) noble; urgency=medium
++
++  * No-change rebuild against libglib2.0-0t64
++
++ -- Steve Langasek <steve.langasek@ubuntu.com>  Mon, 11 Mar 2024 23:06:29 +0000
++
++libvirt (10.0.0-2ubuntu3) noble; urgency=medium
++
++  * No-change rebuild against libgnutls30t64
++
++ -- Steve Langasek <steve.langasek@ubuntu.com>  Sun, 10 Mar 2024 02:08:29 +0000
++
++libvirt (10.0.0-2ubuntu2) noble; urgency=medium
++
++  * No-change rebuild against libtirpc3t64
++
++ -- Steve Langasek <steve.langasek@ubuntu.com>  Thu, 29 Feb 2024 09:26:53 +0000
++
++libvirt (10.0.0-2ubuntu1) noble; urgency=medium
++
++  * Merge with Debian unstable (LP: #2054479). Remaining changes:
++    - Disable libssh2 support (universe dependency)
++    - d/control: add libzfslinux-dev to build-deps
++    - d/control: drop libvirt-lxc, vbox and xen drivers to suggest
++    - debian/patches/ubuntu/ovmf_paths.patch: adjust paths to secboot.fd UEFI
++      Secure Boot enabled variants of the OVMF firmware and variable store for
++      the paths where we ship these files in Ubuntu.
++    - Set qemu-group to kvm (for compat with older ubuntu)
++    - Additional apport package-hook
++    - Autostart default bridged network (As upstream does, but not Debian).
++      In addition to just enabling it our solution provides:
++      + do not autostart if subnet is already taken (e.g. in guests).
++      + iterate some alternative subnets before giving up
++    - d/p/ubuntu/Allow-libvirt-group-to-access-the-socket.patch: This is
++      the group based access to libvirt functions as it was used in Ubuntu
++      for quite a long time.
++      + d/p/ubuntu/daemon-augeas-fix-expected.patch fix some related tests
++        due to the group access change.
++      + d/libvirt-daemon-system.postinst: add users in sudo to the libvirt
++        group.
++    - Update README.Debian with Ubuntu changes
++    - d/p/ubuntu/ubuntu_machine_type.patch: accept ubuntu types as pci440fx
++    - fix autopkgtests (LP 1899180)
++      + d/t/control, d/t/smoke-qemu-session: fixup smoke-qemu-session by making
++        vmlinuz available and accessible (Debian bug 848314)
++      + d/t/control: fix smoke-qemu-session by ensuring the service will run
++        installing libvirt-daemon-system
++      + d/t/smoke-lxc: fix smoke-lxc by ignoring potential issues on destroy as
++        long as the following undefine succeeds
++      + d/t/smoke-lxc: use systemd instead of sysV to restart the service
++      + d/t/control, d/t/smoke-lxc: retry service restart and skip test if
++        failing; This was flaky on some release/architectures
++      + d/t/smoke-lxc: retry check_domain being flaky on arm64
++    - dnsmasq related enhancements
++      + run dnsmasq as libvirt-dnsmasq (LP 1743718)
++      + d/libvirt-daemon-system.postinst: add libvirt-dnsmasq user and group
++      + d/libvirt-daemon-system.postrm: remove libvirt-dnsmasq user and group
++        on purge
++      + d/p/ubuntu/dnsmasq-as-priv-user: write dnsmasq config with user
++        libvirt-dnsmasq and adapt the self tests to expect that config
++      + d/libvirt-daemon-system.postinst: fix old libvirt-dnsmasq users group
++      + Add dnsmasq configuration to work with system wide dnsmasq-base
++    - d/p/ubuntu/set-default-machine-to-ubuntu.patch: to select default
++      machine type correctly with newer qemu/libvirt
++    - d/p/ubuntu/lp-1861125-ubuntu-models: recognize Ubuntu models for
++      (LP 1861125) fixups
++    - d/p/ubuntu/wait-for-qemu-kvm.patch - avoid hangs on startup (LP 1887592)
++    - d/libvirt-daemon-system.libvirt-guests.default: shut guests down
++      in parallel
++    - Apparmor Delta that is Ubuntu specific or yet to be upstreamed
++      split into logical pieces. File names in debian/patches/ubuntu-aa/:
++      + 0020-virt-aa-helper-ubuntu-storage-paths.patch:
++        apparmor, virt-aa-helper: Allow various storage pools and image
++        locations
++      + 0029-appmor-libvirt-qemu-Add-9p-support.patch: appmor,
++        libvirt-qemu: Add 9p support
++      + 0031-virt-aa-helper-Ask-for-no-deny-rule-for-readonly-dis.patch:
++        virt-aa-helper: Ask for no deny rule for readonly disk
++      + 0032-apparmor-libvirt-qemu-Allow-reading-charm-specific-c.patch:
++        apparmor, libvirt-qemu: Allow reading charm-specific ceph config
++      + 0033-UBUNTU-only-apparmor-for-kvm.powerpc-LP-1680384.patch: allow
++        commands executed by ubuntu only kvm wrapper on ppc64el
++        (LP 1686621 LP 1680384 LP 1784023)
++      + 0034-apparmor-virt-aa-helper-access-for-snapped-nova.patch:
++        apparmor, virt-aa-helper: access for snapped nova
++      + lp-1815910-allow-vhost-hotplug.patch: avoid apparmor issues
++        with vhost-net/vhost-vsock/vhost-scsi hotplug (LP 1815910)
++    - libvirt should not use user/group tss for swtpm (LP 1948880)
++      + d/libvirt-daemon-system.postinst: own swtpm logdir by user swtpm
++      + d/p/u/swtpm-by-swtpm-user.patch: change default spawned swtpm processes
++        to user swtpm and adapt expected self test result changes triggered by
++        this
++      + d/libvirt-daemon-system.postinst: create user/group swtpm if not present
++        due to swtpm-tools (LP 1951975)
++    - d/control: Use libc6-dev instead of libc-dev as a build dependency
++    - d/libvirt-clients.lintian-overrides: Add script-not-executable lintian
++      override
++    - libvirt-uri.sh, d/rules: Automatically switch default libvirt URI
++      for users via user profile (xen URI on dom0, qemu:///system otherwise)
++      + Update: Set LIBVIRT_DEFAULT_URI to "qemu:///system" in all
++        cases, do not set to "xen:///" (LP #2027838)
++    - d/control: Demote passt to Suggests (from Recommends) for
++      libvirt-daemon-driver-qemu, because passt is in universe.
++
++ -- Sergio Durigan Junior <sergio.durigan@canonical.com>  Tue, 20 Feb 2024 17:42:01 -0500
++
  libvirt (10.0.0-2) unstable; urgency=medium
    * [9a4ad47] patches: Add backport/scripts-Make-check-symfile[...]
@@ -235,6 +727,100 @@ libvirt (10.0.0-2) unstable; urgency=medium
   -- Andrea Bolognani <eof@kiyuko.org>  Sun, 04 Feb 2024 10:54:58 +0100
++libvirt (10.0.0-1ubuntu1) noble; urgency=medium
++
++  * Merge with Debian unstable (LP: #2040393, #2037606). Remaining changes:
++    - Disable libssh2 support (universe dependency)
++    - d/control: add libzfslinux-dev to build-deps
++    - d/control: drop libvirt-lxc, vbox and xen drivers to suggest
++    - debian/patches/ubuntu/ovmf_paths.patch: adjust paths to secboot.fd UEFI
++      Secure Boot enabled variants of the OVMF firmware and variable store for
++      the paths where we ship these files in Ubuntu.
++    - Set qemu-group to kvm (for compat with older ubuntu)
++    - Additional apport package-hook
++    - Autostart default bridged network (As upstream does, but not Debian).
++      In addition to just enabling it our solution provides:
++      + do not autostart if subnet is already taken (e.g. in guests).
++      + iterate some alternative subnets before giving up
++    - d/p/ubuntu/Allow-libvirt-group-to-access-the-socket.patch: This is
++      the group based access to libvirt functions as it was used in Ubuntu
++      for quite a long time.
++      + d/p/ubuntu/daemon-augeas-fix-expected.patch fix some related tests
++        due to the group access change.
++      + d/libvirt-daemon-system.postinst: add users in sudo to the libvirt
++        group.
++    - Update README.Debian with Ubuntu changes
++    - d/p/ubuntu/ubuntu_machine_type.patch: accept ubuntu types as pci440fx
++    - fix autopkgtests (LP 1899180)
++      + d/t/control, d/t/smoke-qemu-session: fixup smoke-qemu-session by making
++        vmlinuz available and accessible (Debian bug 848314)
++      + d/t/control: fix smoke-qemu-session by ensuring the service will run
++        installing libvirt-daemon-system
++      + d/t/smoke-lxc: fix smoke-lxc by ignoring potential issues on destroy as
++        long as the following undefine succeeds
++      + d/t/smoke-lxc: use systemd instead of sysV to restart the service
++      + d/t/control, d/t/smoke-lxc: retry service restart and skip test if
++        failing; This was flaky on some release/architectures
++      + d/t/smoke-lxc: retry check_domain being flaky on arm64
++    - dnsmasq related enhancements
++      + run dnsmasq as libvirt-dnsmasq (LP 1743718)
++      + d/libvirt-daemon-system.postinst: add libvirt-dnsmasq user and group
++      + d/libvirt-daemon-system.postrm: remove libvirt-dnsmasq user and group
++        on purge
++      + d/p/ubuntu/dnsmasq-as-priv-user: write dnsmasq config with user
++        libvirt-dnsmasq and adapt the self tests to expect that config
++      + d/libvirt-daemon-system.postinst: fix old libvirt-dnsmasq users group
++      + Add dnsmasq configuration to work with system wide dnsmasq-base
++    - d/p/ubuntu/set-default-machine-to-ubuntu.patch: to select default
++      machine type correctly with newer qemu/libvirt
++    - d/p/ubuntu/lp-1861125-ubuntu-models: recognize Ubuntu models for
++      (LP 1861125) fixups
++    - d/p/ubuntu/wait-for-qemu-kvm.patch - avoid hangs on startup (LP 1887592)
++    - d/libvirt-daemon-system.libvirt-guests.default: shut guests down
++      in parallel
++    - Apparmor Delta that is Ubuntu specific or yet to be upstreamed
++      split into logical pieces. File names in debian/patches/ubuntu-aa/:
++      + 0020-virt-aa-helper-ubuntu-storage-paths.patch:
++        apparmor, virt-aa-helper: Allow various storage pools and image
++        locations
++      + 0029-appmor-libvirt-qemu-Add-9p-support.patch: appmor,
++        libvirt-qemu: Add 9p support
++      + 0031-virt-aa-helper-Ask-for-no-deny-rule-for-readonly-dis.patch:
++        virt-aa-helper: Ask for no deny rule for readonly disk
++      + 0032-apparmor-libvirt-qemu-Allow-reading-charm-specific-c.patch:
++        apparmor, libvirt-qemu: Allow reading charm-specific ceph config
++      + 0033-UBUNTU-only-apparmor-for-kvm.powerpc-LP-1680384.patch: allow
++        commands executed by ubuntu only kvm wrapper on ppc64el
++        (LP 1686621 LP 1680384 LP 1784023)
++      + 0034-apparmor-virt-aa-helper-access-for-snapped-nova.patch:
++        apparmor, virt-aa-helper: access for snapped nova
++      + lp-1815910-allow-vhost-hotplug.patch: avoid apparmor issues
++        with vhost-net/vhost-vsock/vhost-scsi hotplug (LP 1815910)
++    - libvirt should not use user/group tss for swtpm (LP 1948880)
++      + d/libvirt-daemon-system.postinst: own swtpm logdir by user swtpm
++      + d/p/u/swtpm-by-swtpm-user.patch: change default spawned swtpm processes
++        to user swtpm and adapt expected self test result changes triggered by
++        this
++      + d/libvirt-daemon-system.postinst: create user/group swtpm if not present
++        due to swtpm-tools (LP 1951975)
++    - d/control: Use libc6-dev instead of libc-dev as a build dependency
++    - d/libvirt-clients.lintian-overrides: Add script-not-executable lintian
++      override
++    - libvirt-uri.sh, d/rules: Automatically switch default libvirt URI
++      for users via user profile (xen URI on dom0, qemu:///system otherwise)
++      + Update: Set LIBVIRT_DEFAULT_URI to "qemu:///system" in all
++        cases, do not set to "xen:///" (LP #2027838)
++  * Drop changes:
++    - revert "libvirt-daemon-system: Drop polkit rules in legacy pkla format"
++      because policykit-1 > 121 isn't yet ready to go to main in lunar.
++      (LP #2008830)
++      [ policykit-1 > 121 is in noble-main ]
++  * Add changes:
++    - d/control: Demote passt to Suggests (from Recommends) for
++      libvirt-daemon-driver-qemu, because passt is in universe.
++
++ -- Sergio Durigan Junior <sergio.durigan@canonical.com>  Sun, 21 Jan 2024 00:19:08 -0500
++
  libvirt (10.0.0-1) unstable; urgency=medium
    * [c80339d] New upstream version 10.0.0
@@ -319,6 +905,107 @@ libvirt (9.6.0-2) experimental; urgency=medium
   -- Andrea Bolognani <eof@kiyuko.org>  Sun, 20 Aug 2023 21:00:40 +0200
++libvirt (9.6.0-1ubuntu2) noble; urgency=medium
++
++  * Rebuild against 'new libwireshark17'.
++
++ -- Gianfranco Costamagna <locutusofborg@debian.org>  Fri, 24 Nov 2023 15:27:16 +0100
++
++libvirt (9.6.0-1ubuntu1) mantic; urgency=medium
++
++  * Merge with Debian unstable (LP: #2018082). Remaining changes:
++    - Disable libssh2 support (universe dependency)
++    - d/control: add libzfslinux-dev to build-deps
++    - d/control: drop libvirt-lxc, vbox and xen drivers to suggest
++    - debian/patches/ubuntu/ovmf_paths.patch: adjust paths to secboot.fd UEFI
++      Secure Boot enabled variants of the OVMF firmware and variable store for
++      the paths where we ship these files in Ubuntu.
++    - Set qemu-group to kvm (for compat with older ubuntu)
++    - Additional apport package-hook
++    - Autostart default bridged network (As upstream does, but not Debian).
++      In addition to just enabling it our solution provides:
++      + do not autostart if subnet is already taken (e.g. in guests).
++      + iterate some alternative subnets before giving up
++    - d/p/ubuntu/Allow-libvirt-group-to-access-the-socket.patch: This is
++      the group based access to libvirt functions as it was used in Ubuntu
++      for quite a long time.
++      + d/p/ubuntu/daemon-augeas-fix-expected.patch fix some related tests
++        due to the group access change.
++      + d/libvirt-daemon-system.postinst: add users in sudo to the libvirt
++        group.
++    - Update README.Debian with Ubuntu changes
++    - d/p/ubuntu/ubuntu_machine_type.patch: accept ubuntu types as pci440fx
++    - fix autopkgtests (LP 1899180)
++      + d/t/control, d/t/smoke-qemu-session: fixup smoke-qemu-session by making
++        vmlinuz available and accessible (Debian bug 848314)
++      + d/t/control: fix smoke-qemu-session by ensuring the service will run
++        installing libvirt-daemon-system
++      + d/t/smoke-lxc: fix smoke-lxc by ignoring potential issues on destroy as
++        long as the following undefine succeeds
++      + d/t/smoke-lxc: use systemd instead of sysV to restart the service
++      + d/t/control, d/t/smoke-lxc: retry service restart and skip test if
++        failing; This was flaky on some release/architectures
++      + d/t/smoke-lxc: retry check_domain being flaky on arm64
++    - dnsmasq related enhancements
++      + run dnsmasq as libvirt-dnsmasq (LP 1743718)
++      + d/libvirt-daemon-system.postinst: add libvirt-dnsmasq user and group
++      + d/libvirt-daemon-system.postrm: remove libvirt-dnsmasq user and group
++        on purge
++      + d/p/ubuntu/dnsmasq-as-priv-user: write dnsmasq config with user
++        libvirt-dnsmasq and adapt the self tests to expect that config
++      + d/libvirt-daemon-system.postinst: fix old libvirt-dnsmasq users group
++      + Add dnsmasq configuration to work with system wide dnsmasq-base
++    - d/p/ubuntu/set-default-machine-to-ubuntu.patch: to select default
++      machine type correctly with newer qemu/libvirt
++    - d/p/ubuntu/lp-1861125-ubuntu-models: recognize Ubuntu models for
++      (LP 1861125) fixups
++    - d/p/ubuntu/wait-for-qemu-kvm.patch - avoid hangs on startup (LP 1887592)
++    - d/libvirt-daemon-system.libvirt-guests.default: shut guests down
++      in parallel
++    - Apparmor Delta that is Ubuntu specific or yet to be upstreamed
++      split into logical pieces. File names in debian/patches/ubuntu-aa/:
++      + 0020-virt-aa-helper-ubuntu-storage-paths.patch:
++        apparmor, virt-aa-helper: Allow various storage pools and image
++        locations
++      + 0029-appmor-libvirt-qemu-Add-9p-support.patch: appmor,
++        libvirt-qemu: Add 9p support
++      + 0031-virt-aa-helper-Ask-for-no-deny-rule-for-readonly-dis.patch:
++        virt-aa-helper: Ask for no deny rule for readonly disk
++      + 0032-apparmor-libvirt-qemu-Allow-reading-charm-specific-c.patch:
++        apparmor, libvirt-qemu: Allow reading charm-specific ceph config
++      + 0033-UBUNTU-only-apparmor-for-kvm.powerpc-LP-1680384.patch: allow
++        commands executed by ubuntu only kvm wrapper on ppc64el
++        (LP 1686621 LP 1680384 LP 1784023)
++      + 0034-apparmor-virt-aa-helper-access-for-snapped-nova.patch:
++        apparmor, virt-aa-helper: access for snapped nova
++      + lp-1815910-allow-vhost-hotplug.patch: avoid apparmor issues
++        with vhost-net/vhost-vsock/vhost-scsi hotplug (LP 1815910)
++    - libvirt should not use user/group tss for swtpm (LP 1948880)
++      + d/libvirt-daemon-system.postinst: own swtpm logdir by user swtpm
++      + d/p/u/swtpm-by-swtpm-user.patch: change default spawned swtpm processes
++        to user swtpm and adapt expected self test result changes triggered by
++        this
++      + d/libvirt-daemon-system.postinst: create user/group swtpm if not present
++        due to swtpm-tools (LP 1951975)
++    - revert "libvirt-daemon-system: Drop polkit rules in legacy pkla format"
++      because policykit-1 > 121 isn't yet ready to go to main in lunar.
++      (LP #2008830)
++    - d/control: Use libc6-dev instead of libc-dev as a build dependency
++    - d/libvirt-clients.lintian-overrides: Add script-not-executable lintian
++      override
++  * Dropped changes:
++    - d/p/CVE-2023-3750.patch: Remove - fixed upstream
++    - revert "libvirt-daemon-system: Drop polkit rules in legacy pkla format"
++      This has been restored to match Debian because policykit-1 is now at
++      a version greater than 121 in mantic
++  * Modified changes:
++    - libvirt-uri.sh, d/rules: Automatically switch default libvirt URI
++      for users via user profile (xen URI on dom0, qemu:///system otherwise)
++      + Update: Set LIBVIRT_DEFAULT_URI to "qemu:///system" in all
++        cases, do not set to "xen:///" (LP #2027838)
++
++ -- Lena Voytek <lena.voytek@canonical.com>  Mon, 14 Aug 2023 14:16:30 -0700
++
  libvirt (9.6.0-1) unstable; urgency=medium
    * [74213a2] New upstream version 9.6.0
@@ -329,6 +1016,99 @@ libvirt (9.6.0-1) unstable; urgency=medium
   -- Andrea Bolognani <eof@kiyuko.org>  Sat, 05 Aug 2023 19:01:56 +0200
++libvirt (9.5.0-2ubuntu2) mantic; urgency=medium
++
++  * Merge from Debian Unstable. Remaining changes:
++    - libvirt-uri.sh, d/rules: Automatically switch default libvirt URI
++      for users via user profile (xen URI on dom0, qemu:///system otherwise)
++    - Disable libssh2 support (universe dependency)
++    - d/control: add libzfslinux-dev to build-deps
++    - d/control: drop libvirt-lxc, vbox and xen drivers to suggest
++    - debian/patches/ubuntu/ovmf_paths.patch: adjust paths to secboot.fd UEFI
++      Secure Boot enabled variants of the OVMF firmware and variable store for
++      the paths where we ship these files in Ubuntu.
++    - Set qemu-group to kvm (for compat with older ubuntu)
++    - Additional apport package-hook
++    - Autostart default bridged network (As upstream does, but not Debian).
++      In addition to just enabling it our solution provides:
++      + do not autostart if subnet is already taken (e.g. in guests).
++      + iterate some alternative subnets before giving up
++    - d/p/ubuntu/Allow-libvirt-group-to-access-the-socket.patch: This is
++      the group based access to libvirt functions as it was used in Ubuntu
++      for quite a long time.
++      + d/p/ubuntu/daemon-augeas-fix-expected.patch fix some related tests
++        due to the group access change.
++      + d/libvirt-daemon-system.postinst: add users in sudo to the libvirt
++        group.
++    - Update README.Debian with Ubuntu changes
++    - d/p/ubuntu/ubuntu_machine_type.patch: accept ubuntu types as pci440fx
++    - fix autopkgtests (LP 1899180)
++      + d/t/control, d/t/smoke-qemu-session: fixup smoke-qemu-session by making
++        vmlinuz available and accessible (Debian bug 848314)
++      + d/t/control: fix smoke-qemu-session by ensuring the service will run
++        installing libvirt-daemon-system
++      + d/t/smoke-lxc: fix smoke-lxc by ignoring potential issues on destroy as
++        long as the following undefine succeeds
++      + d/t/smoke-lxc: use systemd instead of sysV to restart the service
++      + d/t/control, d/t/smoke-lxc: retry service restart and skip test if
++        failing; This was flaky on some release/architectures
++      + d/t/smoke-lxc: retry check_domain being flaky on arm64
++    - dnsmasq related enhancements
++      + run dnsmasq as libvirt-dnsmasq (LP: 1743718)
++      + d/libvirt-daemon-system.postinst: add libvirt-dnsmasq user and group
++      + d/libvirt-daemon-system.postrm: remove libvirt-dnsmasq user and group
++        on purge
++      + d/p/ubuntu/dnsmasq-as-priv-user: write dnsmasq config with user
++        libvirt-dnsmasq and adapt the self tests to expect that config
++      + d/libvirt-daemon-system.postinst: fix old libvirt-dnsmasq users group
++      + Add dnsmasq configuration to work with system wide dnsmasq-base
++    - d/p/ubuntu/set-default-machine-to-ubuntu.patch: to select default
++      machine type correctly with newer qemu/libvirt
++    - d/p/ubuntu/lp-1861125-ubuntu-models: recognize Ubuntu models for
++      (LP 1861125) fixups
++    - d/p/ubuntu/wait-for-qemu-kvm.patch - avoid hangs on startup (LP 1887592)
++    - d/libvirt-daemon-system.libvirt-guests.default: shut guests down
++      in parallel
++    - Apparmor Delta that is Ubuntu specific or yet to be upstreamed
++      split into logical pieces. File names in debian/patches/ubuntu-aa/:
++      + 0020-virt-aa-helper-ubuntu-storage-paths.patch:
++        apparmor, virt-aa-helper: Allow various storage pools and image
++        locations
++      + 0029-appmor-libvirt-qemu-Add-9p-support.patch: appmor,
++        libvirt-qemu: Add 9p support
++      + 0031-virt-aa-helper-Ask-for-no-deny-rule-for-readonly-dis.patch:
++        virt-aa-helper: Ask for no deny rule for readonly disk
++      + 0032-apparmor-libvirt-qemu-Allow-reading-charm-specific-c.patch:
++        apparmor, libvirt-qemu: Allow reading charm-specific ceph config
++      + 0033-UBUNTU-only-apparmor-for-kvm.powerpc-LP-1680384.patch: allow
++        commands executed by ubuntu only kvm wrapper on ppc64el
++        (LP 1686621 LP 1680384 LP 1784023)
++      + 0034-apparmor-virt-aa-helper-access-for-snapped-nova.patch:
++        apparmor, virt-aa-helper: access for snapped nova
++      + lp-1815910-allow-vhost-net.patch: avoid apparmor issues
++        with vhost-net/vhost-vsock/vhost-scsi hotplug (LP: 1815910)
++    - libvirt should not use user/group tss for swtpm (LP 1948880)
++      + d/libvirt-daemon-system.postinst: own swtpm logdir by user swtpm
++      + d/p/u/swtpm-by-swtpm-user.patch: change default spawned swtpm processes
++        to user swtpm and adapt expected self test result changes triggered by
++        this
++      + d/libvirt-daemon-system.postinst: create user/group swtpm if not present
++        due to swtpm-tools (LP 1951975)
++    - revert "libvirt-daemon-system: Drop polkit rules in legacy pkla format"
++      because policykit-1 > 121 isn't yet ready to go to main in lunar.
++      (LP: #2008830)
++    - SECURITY UPDATE: denial of service via improper locking
++      + debian/patches/CVE-2023-3750.patch: fix returning of locked objects
++        from virStoragePoolObjListSearch in src/conf/virstorageobj.c.
++      + CVE-2023-3750
++  * Dropped changes [upstream now]:
++    - SECURITY UPDATE: DoS via memleak in SR-IOV PCI device capabilities
++      + debian/patches/CVE-2023-2700.patch: resolve leak in
++        virPCIVirtualFunctionList cleanup in src/util/virpci.c.
++      + CVE-2023-2700
++
++ -- Simon Quigley <tsimonq2@ubuntu.com>  Wed, 26 Jul 2023 12:52:15 -0500
++
  libvirt (9.5.0-2) unstable; urgency=medium
    [ Pino Toscano ]
@@ -404,6 +1184,130 @@ libvirt (9.1.0-1) experimental; urgency=medium
   -- Andrea Bolognani <eof@kiyuko.org>  Sat, 04 Mar 2023 11:10:04 +0100
++libvirt (9.0.0-2ubuntu3) mantic; urgency=medium
++
++  * SECURITY UPDATE: denial of service via improper locking
++    - debian/patches/CVE-2023-3750.patch: fix returning of locked objects
++      from virStoragePoolObjListSearch in src/conf/virstorageobj.c.
++    - CVE-2023-3750
++
++ -- Marc Deslauriers <marc.deslauriers@ubuntu.com>  Tue, 25 Jul 2023 09:09:55 -0400
++
++libvirt (9.0.0-2ubuntu2) mantic; urgency=medium
++
++  * SECURITY UPDATE: DoS via memleak in SR-IOV PCI device capabilities
++    - debian/patches/CVE-2023-2700.patch: resolve leak in
++      virPCIVirtualFunctionList cleanup in src/util/virpci.c.
++    - CVE-2023-2700
++
++ -- Marc Deslauriers <marc.deslauriers@ubuntu.com>  Fri, 26 May 2023 10:05:18 -0400
++
++libvirt (9.0.0-2ubuntu1) lunar; urgency=medium
++
++  * Merge 9.0.0-2 from Debian unstable (LP: #1993412)
++    Also resolved the ask for a rebuild against recent libxen (LP: #2004163)
++    Remaining changes:
++    - libvirt-uri.sh, d/rules: Automatically switch default libvirt URI
++      for users via user profile (xen URI on dom0, qemu:///system otherwise)
++    - Disable libssh2 support (universe dependency)
++    - d/control: add libzfslinux-dev to build-deps
++    - d/control: drop libvirt-lxc, vbox and xen drivers to suggest
++    - debian/patches/ubuntu/ovmf_paths.patch: adjust paths to secboot.fd UEFI
++      Secure Boot enabled variants of the OVMF firmware and variable store for
++      the paths where we ship these files in Ubuntu.
++    - Set qemu-group to kvm (for compat with older ubuntu)
++    - Additional apport package-hook
++    - Autostart default bridged network (As upstream does, but not Debian).
++      In addition to just enabling it our solution provides:
++      + do not autostart if subnet is already taken (e.g. in guests).
++      + iterate some alternative subnets before giving up
++    - d/p/ubuntu/Allow-libvirt-group-to-access-the-socket.patch: This is
++      the group based access to libvirt functions as it was used in Ubuntu
++      for quite a long time.
++      + d/p/ubuntu/daemon-augeas-fix-expected.patch fix some related tests
++        due to the group access change.
++      + d/libvirt-daemon-system.postinst: add users in sudo to the libvirt
++        group.
++    - Update README.Debian with Ubuntu changes
++    - d/p/ubuntu/ubuntu_machine_type.patch: accept ubuntu types as pci440fx
++    - fix autopkgtests (LP 1899180)
++      + d/t/control, d/t/smoke-qemu-session: fixup smoke-qemu-session by making
++        vmlinuz available and accessible (Debian bug 848314)
++      + d/t/control: fix smoke-qemu-session by ensuring the service will run
++        installing libvirt-daemon-system
++      + d/t/smoke-lxc: fix smoke-lxc by ignoring potential issues on destroy as
++        long as the following undefine succeeds
++      + d/t/smoke-lxc: use systemd instead of sysV to restart the service
++      + d/t/control, d/t/smoke-lxc: retry service restart and skip test if
++        failing; This was flaky on some release/architectures
++      + d/t/smoke-lxc: retry check_domain being flaky on arm64
++    - dnsmasq related enhancements
++      + run dnsmasq as libvirt-dnsmasq (LP: 1743718)
++      + d/libvirt-daemon-system.postinst: add libvirt-dnsmasq user and group
++      + d/libvirt-daemon-system.postrm: remove libvirt-dnsmasq user and group
++        on purge
++      + d/p/ubuntu/dnsmasq-as-priv-user: write dnsmasq config with user
++        libvirt-dnsmasq and adapt the self tests to expect that config
++      + d/libvirt-daemon-system.postinst: fix old libvirt-dnsmasq users group
++      + Add dnsmasq configuration to work with system wide dnsmasq-base
++    - d/p/ubuntu/set-default-machine-to-ubuntu.patch: to select default
++      machine type correctly with newer qemu/libvirt
++    - d/p/ubuntu/lp-1861125-ubuntu-models: recognize Ubuntu models for
++      (LP 1861125) fixups
++    - d/p/ubuntu/wait-for-qemu-kvm.patch - avoid hangs on startup (LP 1887592)
++    - d/libvirt-daemon-system.libvirt-guests.default: shut guests down
++      in parallel
++    - Apparmor Delta that is Ubuntu specific or yet to be upstreamed
++      split into logical pieces. File names in debian/patches/ubuntu-aa/:
++      + 0020-virt-aa-helper-ubuntu-storage-paths.patch:
++        apparmor, virt-aa-helper: Allow various storage pools and image
++        locations
++      + 0029-appmor-libvirt-qemu-Add-9p-support.patch: appmor,
++        libvirt-qemu: Add 9p support
++      + 0031-virt-aa-helper-Ask-for-no-deny-rule-for-readonly-dis.patch:
++        virt-aa-helper: Ask for no deny rule for readonly disk
++      + 0032-apparmor-libvirt-qemu-Allow-reading-charm-specific-c.patch:
++        apparmor, libvirt-qemu: Allow reading charm-specific ceph config
++      + 0033-UBUNTU-only-apparmor-for-kvm.powerpc-LP-1680384.patch: allow
++        commands executed by ubuntu only kvm wrapper on ppc64el
++        (LP 1686621 LP 1680384 LP 1784023)
++      + 0034-apparmor-virt-aa-helper-access-for-snapped-nova.patch:
++        apparmor, virt-aa-helper: access for snapped nova
++      + lp-1815910-allow-vhost-net.patch: avoid apparmor issues
++        with vhost-net/vhost-vsock/vhost-scsi hotplug (LP: 1815910)
++    - libvirt should not use user/group tss for swtpm (LP 1948880)
++      + d/libvirt-daemon-system.postinst: own swtpm logdir by user swtpm
++      + d/p/u/swtpm-by-swtpm-user.patch: change default spawned swtpm processes
++        to user swtpm and adapt expected self test result changes triggered by
++        this
++      + d/libvirt-daemon-system.postinst: create user/group swtpm if not present
++        due to swtpm-tools (LP 1951975)
++  * Dropped changes [upstream now]:
++    - d/p/u/tests-Fix-libxlxml2domconfigtest-with-latest-xen.patch: fix FTBFS
++      with latest libxl [v8.10.0]
++    - d/p/u/fix-swtpm-pid-duplication.patch: Clean up swtpm pids after a vm
++      shuts down (LP 1997269) [v8.7.0]
++    - d/p/u/lp-1993304-apparmor-allow-getattr-on-usb-devices.patch: prevent
++      apparmor denials on USB forwarding (LP 1993304) [v8.10.0]
++    - d/p/u/lp-1996176-nodedev-ignore-EINVAL-from-libudev-in-udevEventHandl:
++      tolerate the impact of too large udev data avoiding a busy loop
++      (LP 1996176) [v8.10.0]
++    - d/p/u/lp-1990499-virt-aa-helper-allow-common-riscv64-loader-paths.patch:
++      easen the use of riscv64 through libvirt (LP 1990499) [v8.9.0]
++    - d/p/u/lp-1990949-virpcivpd-reduce-errors-in-log-due-to-invalid-VPD.patch:
++      reduce log noise by invalid VPD data (LP 1990949) [v8.7.0]
++  * Dropped changes [in Debian now]:
++    - [f35cf09] d/rules: update path of ci-dashboard removal [8.9.0-1]
++    - [a54d904] New upstream version 8.6.0 [8.9.0-1]
++    - patch refreshes and .symbols updated from 8.5.0 -> 8.6.0 [8.9.0-1]
++    - d/control: suggest swtpm-tools [8.10.0-1]
++  * Added changes:
++    - revert "libvirt-daemon-system: Drop polkit rules in legacy pkla format"
++      because policykit-1 > 121 isn't yet ready to go to main in lunar.
++      (LP: #2008830)
++
++ -- Christian Ehrhardt <christian.ehrhardt@canonical.com>  Wed, 01 Mar 2023 07:56:39 +0100
++
  libvirt (9.0.0-2) unstable; urgency=medium
    * [de81410] patches: Add backports
@@ -501,6 +1405,171 @@ libvirt (8.9.0-1) unstable; urgency=medium
   -- Andrea Bolognani <eof@kiyuko.org>  Sat, 19 Nov 2022 23:00:34 +0100
++libvirt (8.6.0-0ubuntu5) lunar; urgency=medium
++
++  * d/p/u/tests-Fix-libxlxml2domconfigtest-with-latest-xen.patch: fix FTBFS
++    with latest libxl
++
++ -- Christian Ehrhardt <christian.ehrhardt@canonical.com>  Tue, 22 Nov 2022 16:13:36 +0100
++
++libvirt (8.6.0-0ubuntu4) lunar; urgency=medium
++
++  [ Lena Voytek ]
++  * d/p/u/fix-swtpm-pid-duplication.patch: Clean up swtpm pids after a vm
++    shuts down (LP: #1997269)
++
++  [Christian Ehrhardt ]
++  * d/p/u/lp-1993304-apparmor-allow-getattr-on-usb-devices.patch: prevent
++    apparmor denials on USB forwarding (LP: #1993304)
++  * d/p/u/lp-1996176-nodedev-ignore-EINVAL-from-libudev-in-udevEventHandl.patch:
++    tolerate the impact of too large udev data avoiding a busy loop
++    (LP: #1996176)
++
++ -- Christian Ehrhardt <christian.ehrhardt@canonical.com>  Tue, 22 Nov 2022 11:21:30 +0100
++
++libvirt (8.6.0-0ubuntu3) kinetic; urgency=medium
++
++  * d/p/u/lp-1990499-virt-aa-helper-allow-common-riscv64-loader-paths.patch:
++    easen the use of riscv64 through libvirt (LP: #1990499)
++  * d/p/u/lp-1990949-virpcivpd-reduce-errors-in-log-due-to-invalid-VPD.patch:
++    reduce log noise by invalid VPD data (LP: #1990949)
++
++ -- Christian Ehrhardt <christian.ehrhardt@canonical.com>  Tue, 04 Oct 2022 08:29:46 +0200
++
++libvirt (8.6.0-0ubuntu2) kinetic; urgency=medium
++
++  * d/p/libvirt-daemon-system.postinst: default network autostart
++    handling needs to happen before services start (LP: #1990853)
++
++ -- Christian Ehrhardt <christian.ehrhardt@canonical.com>  Wed, 28 Sep 2022 08:36:15 +0200
++
++libvirt (8.6.0-0ubuntu1) kinetic; urgency=medium
++
++  * Merge 8.0.0 from Debian unstable (LP: #1971289)
++    Among many other fixes and improvements this fixes:
++    - support for minor NFS versions (LP: #1980134)
++    - launching VMs with SGX enabled (LP: #1982896)
++    Remaining changes:
++    - libvirt-uri.sh, d/rules: Automatically switch default libvirt URI
++      for users via user profile (xen URI on dom0, qemu:///system otherwise)
++    - Disable libssh2 support (universe dependency)
++    - d/control: add libzfslinux-dev to build-deps
++    - d/control: drop libvirt-lxc, vbox and xen drivers to suggest
++    - debian/patches/ubuntu/ovmf_paths.patch: adjust paths to secboot.fd UEFI
++      Secure Boot enabled variants of the OVMF firmware and variable store for
++      the paths where we ship these files in Ubuntu.
++    - Set qemu-group to kvm (for compat with older ubuntu)
++    - Additional apport package-hook
++    - Autostart default bridged network (As upstream does, but not Debian).
++      In addition to just enabling it our solution provides:
++      + do not autostart if subnet is already taken (e.g. in guests).
++      + iterate some alternative subnets before giving up
++    - d/p/ubuntu/Allow-libvirt-group-to-access-the-socket.patch: This is
++      the group based access to libvirt functions as it was used in Ubuntu
++      for quite a long time.
++      + d/p/ubuntu/daemon-augeas-fix-expected.patch fix some related tests
++        due to the group access change.
++      + d/libvirt-daemon-system.postinst: add users in sudo to the libvirt
++        group.
++    - Update README.Debian with Ubuntu changes
++    - d/p/ubuntu/ubuntu_machine_type.patch: accept ubuntu types as pci440fx
++    - fix autopkgtests (LP 1899180)
++      + d/t/control, d/t/smoke-qemu-session: fixup smoke-qemu-session by making
++        vmlinuz available and accessible (Debian bug 848314)
++      + d/t/control: fix smoke-qemu-session by ensuring the service will run
++        installing libvirt-daemon-system
++      + d/t/smoke-lxc: fix smoke-lxc by ignoring potential issues on destroy as
++        long as the following undefine succeeds
++      + d/t/smoke-lxc: use systemd instead of sysV to restart the service
++      + d/t/control, d/t/smoke-lxc: retry service restart and skip test if
++        failing; This was flaky on some release/architectures
++      + d/t/smoke-lxc: retry check_domain being flaky on arm64
++    - dnsmasq related enhancements
++      + run dnsmasq as libvirt-dnsmasq (LP: 1743718)
++      + d/libvirt-daemon-system.postinst: add libvirt-dnsmasq user and group
++      + d/libvirt-daemon-system.postrm: remove libvirt-dnsmasq user and group
++        on purge
++      + d/p/ubuntu/dnsmasq-as-priv-user: write dnsmasq config with user
++        libvirt-dnsmasq and adapt the self tests to expect that config
++      + d/libvirt-daemon-system.postinst: fix old libvirt-dnsmasq users group
++      + Add dnsmasq configuration to work with system wide dnsmasq-base
++    - d/p/ubuntu/set-default-machine-to-ubuntu.patch: to select default
++      machine type correctly with newer qemu/libvirt
++    - d/p/ubuntu/lp-1861125-ubuntu-models: recognize Ubuntu models for
++      (LP 1861125) fixups
++    - d/p/ubuntu/wait-for-qemu-kvm.patch - avoid hangs on startup (LP 1887592)
++    - Apparmor Delta that is Ubuntu specific or yet to be upstreamed
++      split into logical pieces. File names in debian/patches/ubuntu-aa/:
++      + 0020-virt-aa-helper-ubuntu-storage-paths.patch:
++        apparmor, virt-aa-helper: Allow various storage pools and image
++        locations
++      + 0029-appmor-libvirt-qemu-Add-9p-support.patch: appmor,
++        libvirt-qemu: Add 9p support
++      + 0031-virt-aa-helper-Ask-for-no-deny-rule-for-readonly-dis.patch:
++        virt-aa-helper: Ask for no deny rule for readonly disk
++      + 0032-apparmor-libvirt-qemu-Allow-reading-charm-specific-c.patch:
++        apparmor, libvirt-qemu: Allow reading charm-specific ceph config
++      + 0033-UBUNTU-only-apparmor-for-kvm.powerpc-LP-1680384.patch: allow
++        commands executed by ubuntu only kvm wrapper on ppc64el
++        (LP 1686621 LP 1680384 LP 1784023)
++      + 0034-apparmor-virt-aa-helper-access-for-snapped-nova.patch:
++        apparmor, virt-aa-helper: access for snapped nova
++      + lp-1815910-allow-vhost-net.patch: avoid apparmor issues
++        with vhost-net/vhost-vsock/vhost-scsi hotplug (LP: 1815910)
++    - libvirt should not use user/group tss for swtpm (LP 1948880)
++      + d/libvirt-daemon-system.postinst: own swtpm logdir by user swtpm
++      + d/p/u/swtpm-by-swtpm-user.patch: change default spawned swtpm processes
++        to user swtpm and adapt expected self test result changes triggered by
++        this
++      + d/control: suggest swtpm-tools
++      + d/libvirt-daemon-system.postinst: create user/group swtpm if not present
++        due to swtpm-tools (LP 1951975)
++  * Dropped changes [upstream now]:
++    - d/p/backport/qemuDomainSetupDisk-Initialize-targetPaths.patch to work
++      in containers like LXD (without guest start would hang).
++      [8.1.0]
++    - d/p/backport/util-fix-syslog-facility-value.patch to ensure logs
++      get passed to syslog/journal correctly.
++      [8.1.0]
++    - apparmor: Fix QEMU access for UEFI variable files. Backported from
++      upstream master commit 7aec69b7fb9d0c. (Closes 1006324, LP 1962035)
++      Refresh apparmor_profiles_local_include.patch to resolve the conflict.
++      [8.2.0]
++    - d/p/ubuntu-aa/0035-apparmor-separate-swtpm-rules.patch: Patch the libvirtd
++      and libvirt-qemu apparmor profiles to allow swtpm to use its own profile
++      (LP 1968187)
++      [8.3.0]
++    - d/p/u/lp-1972075-Allow-VM-to-read-sysfs-PCI-config-revision-files.patch:
++      apparmor allow new paths used for GL accelerated video (LP 1972075)
++      [8.4.0]
++  * Dropped changes [no more needed]:
++    - d/control: breaks replaces for augeas lenses move in 6.0.0-1
++  * Added changes:
++    - parallel-shutdown: upstream no more ships libvirt-guests defaults, so
++      the Ubuntu customization of it  moved to the file replacing it added
++      in 8.1.0-1 now in d/libvirt-daemon-system.libvirt-guests.default
++      replacing the former "d/p/u/parallel-shutdown.patch: set parallel
++      shutdown by default."
++    - update patches to match 8.6.0
++      + d/p/u-aa/0032-apparmor-libvirt-qemu-Allow-reading-charm-specific-c.patch
++      + d/p/u/Allow-libvirt-group-to-access-the-socket.patch
++      + d/p/u-aa/lp-1815910-allow-vhost-hotplug.patch
++      + d/p/u/ovmf_paths.patch
++      + d/p/u/swtpm-by-swtpm-user.patch
++      + d/p/u/dnsmasq-as-priv-user
++
++ -- Christian Ehrhardt <christian.ehrhardt@canonical.com>  Fri, 12 Aug 2022 10:34:29 +0200
++
++libvirt (8.6.0-0) UNRELEASED; urgency=medium
++
++  [ Christian Ehrhardt ]
++  * [f35cf09] d/rules: update path of ci-dashboard removal
++
++  [ Andrea Bolognani ]
++  * [a54d904] New upstream version 8.6.0
++
++ -- Christian Ehrhardt <christian.ehrhardt@canonical.com>  Thu, 11 Aug 2022 10:28:25 +0200
++
  libvirt (8.5.0-2) experimental; urgency=medium
    * [6c9bffb] Implement custom handling for systemd units
@@ -580,6 +1649,188 @@ libvirt (8.1.0-1) experimental; urgency=medium
   -- Andrea Bolognani <eof@kiyuko.org>  Tue, 15 Mar 2022 23:53:49 +0100
++libvirt (8.0.0-1ubuntu8) kinetic; urgency=medium
++
++  * d/p/u/lp-1972075-Allow-VM-to-read-sysfs-PCI-config-revision-files.patch:
++    apparmor allow new paths used for GL accelerated video (LP: #1972075)
++
++ -- Christian Ehrhardt <christian.ehrhardt@canonical.com>  Thu, 19 May 2022 08:14:48 +0200
++
++libvirt (8.0.0-1ubuntu7) jammy; urgency=medium
++
++  * d/p/ubuntu-aa/0035-apparmor-separate-swtpm-rules.patch: Patch the libvirtd
++    and libvirt-qemu apparmor profiles to allow swtpm to use its own profile
++    (LP: #1968187)
++
++ -- Lena Voytek <lena.voytek@canonical.com>  Tue, 12 Apr 2022 10:04:05 -0700
++
++libvirt (8.0.0-1ubuntu6) jammy; urgency=medium
++
++  * d/control: recommend swtpm-tools (LP: #1948748)
++
++ -- Christian Ehrhardt <christian.ehrhardt@canonical.com>  Mon, 04 Apr 2022 07:30:15 +0200
++
++libvirt (8.0.0-1ubuntu5) jammy; urgency=medium
++
++  * apparmor: Fix QEMU access for UEFI variable files. Backported from
++    upstream master commit 7aec69b7fb9d0c. (Closes: #1006324, LP: #1962035)
++    Refresh apparmor_profiles_local_include.patch to resolve the conflict.
++
++ -- Martin Pitt <martin.pitt@ubuntu.com>  Wed, 09 Mar 2022 13:43:40 +0100
++
++libvirt (8.0.0-1ubuntu4) jammy; urgency=medium
++
++  * No-change rebuild against libwireshark15.
++
++ -- Steve Langasek <steve.langasek@ubuntu.com>  Mon, 07 Mar 2022 18:34:34 +0000
++
++libvirt (8.0.0-1ubuntu3) jammy; urgency=medium
++
++  * Revert "d/rules, d/libvirt-daemon-system.{postinst,prerm}: never stop
++    system services and sockets."
++    Due to the fix being in debhelper we no more need this mitigation now.
++    (LP: #1959054)
++
++ -- Christian Ehrhardt <christian.ehrhardt@canonical.com>  Thu, 17 Feb 2022 10:08:01 +0100
++
++libvirt (8.0.0-1ubuntu2) jammy; urgency=medium
++
++  * No-change rebuild to update maintainer scripts, see LP: 1959054
++
++ -- Dave Jones <dave.jones@canonical.com>  Wed, 16 Feb 2022 17:04:47 +0000
++
++libvirt (8.0.0-1ubuntu1) jammy; urgency=medium
++
++  * Merge 8.0.0 from Debian unstable (LP: #1946869)
++    Among many other fixes and improvements this fixes ceph usage
++    in regard to apparmor (LP: #1588576)
++    Remaining changes:
++    - libvirt-uri.sh: Automatically switch default libvirt URI for users
++      via user profile (xen URI on dom0, qemu:///system otherwise)
++      [contains lintian fixups of 6.6.0-1ubuntu1]
++    - Disable libssh2 support (universe dependency)
++    - d/control: add libzfslinux-dev to build-deps
++    - d/control: drop libvirt-lxc, vbox and xen drivers to suggest
++    - d/control: breaks replaces for augeas lenses move in 6.0.0-1
++      (follows Debian, droppable >22.04)
++    - debian/patches/ubuntu/ovmf_paths.patch: adjust paths to secboot.fd UEFI
++      Secure Boot enabled variants of the OVMF firmware and variable store for
++      the paths where we ship these files in Ubuntu.
++    - Set qemu-group to kvm (for compat with older ubuntu)
++    - Additional apport package-hook
++    - Autostart default bridged network (As upstream does, but not Debian).
++      In addition to just enabling it our solution provides:
++      + do not autostart if subnet is already taken (e.g. in guests).
++      + iterate some alternative subnets before giving up
++    - d/p/ubuntu/Allow-libvirt-group-to-access-the-socket.patch: This is
++      the group based access to libvirt functions as it was used in Ubuntu
++      for quite a long time.
++      + d/p/ubuntu/daemon-augeas-fix-expected.patch fix some related tests
++        due to the group access change.
++      + d/libvirt-daemon-system.postinst: add users in sudo to the libvirt
++        group.
++    - d/p/u/parallel-shutdown.patch: set parallel shutdown by default.
++    - Update README.Debian with Ubuntu changes
++    - d/p/ubuntu/ubuntu_machine_type.patch: accept ubuntu types as pci440fx
++    - fix autopkgtests (LP 1899180)
++      + d/t/control, d/t/smoke-qemu-session: fixup smoke-qemu-session by making
++        vmlinuz available and accessible (Debian bug 848314)
++      + d/t/control: fix smoke-qemu-session by ensuring the service will run
++        installing libvirt-daemon-system
++      + d/t/smoke-qemu-session.xml: fixup smoke-qemu-session do not use kvm
++        when not needed
++      + d/t/smoke-lxc: fix smoke-lxc by ignoring potential issues on destroy as
++        long as the following undefine succeeds
++      + d/t/smoke-lxc: use systemd instead of sysV to restart the service
++      + d/t/control, d/t/smoke-lxc: retry service restart and skip test if
++        failing; This was flaky on some release/architectures
++      + d/t/smoke-lxc: retry check_domain being flaky on arm64
++    - dnsmasq related enhancements
++      [now contains dnsmasq-as-priv-user of 6.6.0-1ubuntu1]
++      + run dnsmasq as libvirt-dnsmasq (LP: 1743718)
++      + d/libvirt-daemon-system.postinst: add libvirt-dnsmasq user and group
++      + d/libvirt-daemon-system.postrm: remove libvirt-dnsmasq user and group
++        on purge
++      + d/p/ubuntu/dnsmasq-as-priv-user: write dnsmasq config with user
++        libvirt-dnsmasq and adapt the self tests to expect that config
++      + d/libvirt-daemon-system.postinst: fix old libvirt-dnsmasq users group
++      + Add dnsmasq configuration to work with system wide dnsmasq-base
++    - d/p/ubuntu/set-default-machine-to-ubuntu.patch: to select default
++      machine type correctly with newer qemu/libvirt
++    - d/p/ubuntu/lp-1861125-ubuntu-models: recognize Ubuntu models for
++      (LP 1861125) fixups
++    - d/p/ubuntu/wait-for-qemu-kvm.patch - avoid hangs on startup (LP 1887592)
++    - Apparmor Delta that is Ubuntu specific or yet to be upstreamed
++      split into logical pieces. File names in debian/patches/ubuntu-aa/:
++      + 0020-virt-aa-helper-ubuntu-storage-paths.patch:
++        apparmor, virt-aa-helper: Allow various storage pools and image
++        locations
++      + 0029-appmor-libvirt-qemu-Add-9p-support.patch: appmor,
++        libvirt-qemu: Add 9p support
++      + 0031-virt-aa-helper-Ask-for-no-deny-rule-for-readonly-dis.patch:
++        virt-aa-helper: Ask for no deny rule for readonly disk (renamed and
++        reworded, was virt-aa-helper-no-explicity-deny-for-basefiles.patch)
++      + 0032-apparmor-libvirt-qemu-Allow-reading-charm-specific-c.patch:
++        apparmor, libvirt-qemu: Allow reading charm-specific ceph config
++      + 0033-UBUNTU-only-apparmor-for-kvm.powerpc-LP-1680384.patch: allow
++        commands executed by ubuntu only kvm wrapper on ppc64el
++        (LP 1686621 LP 1680384 LP 1784023)
++      + 0034-apparmor-virt-aa-helper-access-for-snapped-nova.patch:
++        apparmor, virt-aa-helper: access for snapped nova
++      + lp-1815910-allow-vhost-net.patch: avoid apparmor issues
++        with vhost-net/vhost-vsock/vhost-scsi hotplug (LP: 1815910)
++    - libvirt should not use user/group tss for swtpm (LP 1948880)
++      + d/libvirt-daemon-system.postinst: own swtpm logdir by user swtpm
++      + d/p/u/swtpm-by-swtpm-user.patch: change default spawned swtpm processes
++        to user swtpm
++      + d/p/u/swtpm-by-swtpm-user.patch: adapt expected self test results
++      + d/control: suggest swtpm-tools
++      + d/libvirt-daemon-system.postinst: create user/group swtpm if not present
++        due to swtpm-tools (LP 1951975)
++  * Dropped changes [in Debian now]:
++    - d/control: add libtirpc for rpc.h with glibc >=2.32
++    - various patch refreshes and .symbols updated from 7.0.0 - 7.6.0
++    - debian/rules: disable the netcf backend. (LP: 1764314)
++    - d/libvirt-clients.install: completions no more are symlinked to vsh
++    - d/rules: disable the now auto-built vstorage backend
++    - not-installed: split daemon man pages are no yet installed
++    - d/rules: disable the new Cloud Hypervisor driver
++    - d/rules: enable more features explicitly
++    - d/rules: use apparmor_profiles=enabled instead of the now rejected
++      value true
++    - rules: Explicitly set remote_default_mode
++    - rules: Rework installation of AppArmor-related files
++    - d/control, d/rules: enable libssh (LP 1939416)
++  * Dropped changes [upstream now]:
++    - d/p/u/lp-1913266-*: add vsock options to be usable with s390x secure
++      execution (LP 1913266)
++    - d/p/u/lp-1927519-virt-aa-helper-Purge-profile-if-corrupted.patch: avoid
++      issues due to corrupted apparmor profiles (LP 1927519)
++    - Toleration for qemu >=6.0 handling of props (LP 1932264)
++    - Persistent vfio-ccw device assignments (LP 1887929)
++  * Dropped changes [no more needed]:
++    - remove Debian debian/Revert-m4-virt-xdr-rewrite-XDR-check.patch as with
++      recent ubuntu glibx 2.32 it is breaking the build
++    - update d/p/debian/Revert-m4-virt-xdr-rewrite-XDR-check.patch: to detect
++      XDR functions from glibc
++    - d/t/smoke-lxc: skip before systemd 248 due to a known bug (LP 1934966)
++    - d/t/smoke-lxc: skip if cgroup v1&v2 are present (systemd 248
++      was not enough)
++  * Added changes:
++    - d/p/u/dnsmasq-as-priv-user: update for 8.0.0
++    - Add recent upstream fixes to 8.0
++      + d/p/backport/qemuDomainSetupDisk-Initialize-targetPaths.patch to work
++        in containers like LXD (without guest start would hang).
++      + d/p/backport/util-fix-syslog-facility-value.patch to ensure logs
++        get passed to syslog/journal correctly.
++   - d/rules, d/libvirt-daemon-system.{postinst,postrm}: never stop
++     libvirt system services and sockets (LP: #1959054). This allows
++     to unblock some transitions that wait on libvirt now; The intention is
++     that it is fixed in debhelper and libvirt reverts this change before
++     jammy release.
++
++ -- Christian Ehrhardt <christian.ehrhardt@canonical.com>  Mon, 24 Jan 2022 08:49:08 +0100
++
  libvirt (8.0.0-1) unstable; urgency=medium
    * [a26cc81] New upstream version 8.0.0
@@ -682,6 +1933,112 @@ libvirt (7.6.0-1) unstable; urgency=medium
   -- Andrea Bolognani <eof@kiyuko.org>  Thu, 19 Aug 2021 21:16:21 +0200
++libvirt (7.6.0-0ubuntu3) jammy; urgency=medium
++
++  * d/libvirt-daemon-system.postinst: create user/group swtpm if not present
++    due to swtpm-tools (LP: #1951975)
++
++ -- Christian Ehrhardt <christian.ehrhardt@canonical.com>  Wed, 24 Nov 2021 07:50:53 +0100
++
++libvirt (7.6.0-0ubuntu2) jammy; urgency=medium
++
++  * d/p/u/lp-1927519-virt-aa-helper-Purge-profile-if-corrupted.patch: avoid
++    issues due to corrupted apparmor profiles (LP: #1927519)
++  * libvirt should not use user/group tss for swtpm (LP: #1948880)
++    - d/libvirt-daemon-system.postinst: own swtpm logdir by user swtpm
++    - d/p/u/swtpm-by-swtpm-user.patch: change default spawned swtpm processes
++      to user swtpm
++    - d/p/u/swtpm-by-swtpm-user.patch: adapt expected self test results
++    - d/control: suggest swtpm-tools
++
++ -- Christian Ehrhardt <christian.ehrhardt@canonical.com>  Thu, 11 Nov 2021 12:11:38 +0100
++
++libvirt (7.6.0-0ubuntu1) impish; urgency=medium
++
++  * Merge v7.6.0 from upstream and unreleased changes from Debian git.
++    Among other bugs this fixes copy-storage-inc based migrations (LP: #1936778)
++    - New upstream version 7.5.0
++    - New upstream version 7.6.0
++    - symbols: Bump symbol versions
++    - refresh d/p/debian/Set-defaults-for-zfs-tools.patch for v7.5.0
++    - patches: Refresh patches
++    - d/rules: disable the new Cloud Hypervisor driver
++    - d/rules: enable more features explicitly
++    - d/rules: use apparmor_profiles=enabled instead of the now rejected
++      value true
++    - update d/p/debian/Revert-m4-virt-xdr-rewrite-XDR-check.patch: to detect
++      XDR functions from glibc
++  * d/control, d/rules: enable libssh (LP: #1939416)
++  * refresh ubuntu patches for v7.6.0
++  * Further fixups for v7.6.0 (thanks to Andrea Bolognani)
++    - rules: Explicitly set remote_default_mode
++    - rules: Rework installation of AppArmor-related files
++
++ -- Christian Ehrhardt <christian.ehrhardt@canonical.com>  Wed, 11 Aug 2021 08:11:16 +0200
++
++libvirt (7.6.0-1) unstable; urgency=medium
++
++  * Team upload
++
++  [ Andrea Bolognani ]
++  * [a256a80] New upstream version 7.6.0
++    - Fixes CVE-2021-3667 (Closes: #991594)
++  * [4a96793] rules: Disable netcf support
++    - netcf support is considered deprecated upstream
++
++  [ Christian Ehrhardt ]
++  * [ac145fd] d/rules: disable the new Cloud Hypervisor driver
++    - Cloud Hypervisor is not available in Debian
++  * [4bafac5] d/control, d/rules: enable libssh
++    - Closes: #985969
++    - LP: #1939416
++  * [fbc728f] d/t/smoke-lxc: skip if cgroup v1&v2 are present
++    - This works around an upstream bug which causes the LXC driver
++      to break when both v1 and v2 cgroups are in use
++  * [8d2e0fe] d/control: add libtirpc for rpc.h with glibc >=2.31-14
++    - Switch from glibc's legacy RPC implementation, which is now
++      disabled in the Debian package, to libtirpc's one
++
++ -- Andrea Bolognani <eof@kiyuko.org>  Thu, 19 Aug 2021 21:16:21 +0200
++
++libvirt (7.4.0-0ubuntu3) impish; urgency=medium
++
++  * d/t/smoke-lxc: skip if cgroup v1&v2 are present (systemd 248
++    was not enough)
++
++ -- Christian Ehrhardt <christian.ehrhardt@canonical.com>  Thu, 08 Jul 2021 14:20:53 +0200
++
++libvirt (7.4.0-0ubuntu2) impish; urgency=medium
++
++  * d/t/smoke-lxc: skip before systemd 248 due to a known bug (LP: #1934966)
++
++ -- Christian Ehrhardt <christian.ehrhardt@canonical.com>  Thu, 08 Jul 2021 09:33:49 +0200
++
++libvirt (7.4.0-0ubuntu1) impish; urgency=medium
++
++  * Merge v7.4.0 from upstream,
++    among a lot of new features and fixes this closes a few of issues
++    reported against Ubuntu
++    - Toleration for qemu >=6.0 handling of props (LP: #1932264)
++    - Persistent vfio-ccw device assignments (LP: #1887929)
++    - Drop patches that are upstream in v7.4.0
++      - d/p/b/meson-Fix-cross-building-of-dtrace-probes.patch
++      - d/p/b/apparmor-let-image-label-setting-loop-over-backing-files.patch
++      - d/p/r/systemd-Revert-remote-Add-libvirtd-dependency-to-virt-gue.patch
++      - d/p/u/lp-1913266-*: add vsock options to be usable with s390x
++      - d/p/u/lp-1921754-*: EPYC-Rome-v2
++      - d/p/u/lp-1921880-*: EPYC-Milan
++    - d/libvirt-clients.install: completions no more are symlinked to vsh
++    - Revert "disable firewalld support (universe dependency)"
++      This does not add a runtime dependency and while firewalld isn't in
++      main that way users can install and use it from universe.
++      (LP: #1928113)
++    - d/libvirt0.symbols: bump symbol versions for 7.4.0
++    - d/rules: disable the now auto-built vstorage backend
++    - not-installed: split daemon man pages are no yet installed
++
++ -- Christian Ehrhardt <christian.ehrhardt@canonical.com>  Thu, 17 Jun 2021 10:33:27 +0200
++
  libvirt (7.0.0-3) unstable; urgency=medium
    * Team upload
@@ -691,6 +2048,115 @@ libvirt (7.0.0-3) unstable; urgency=medium
   -- Andrea Bolognani <eof@kiyuko.org>  Fri, 26 Feb 2021 16:46:34 +0100
++libvirt (7.0.0-2ubuntu2) hirsute; urgency=medium
++
++  * d/p/u/lp-1921754*: add EPYC-Rome-v2 as v1 missed IBRS and thereby fails
++    on some HW/Guest combinations e.g. Windows 10 on Threadripper
++    (LP: #1921754)
++  * d/p/u/lp-1921880*: add EPYC-Milan features and named cpu type support
++    (LP: #1921880)
++
++ -- Christian Ehrhardt <christian.ehrhardt@canonical.com>  Wed, 07 Apr 2021 13:33:46 +0200
++
++libvirt (7.0.0-2ubuntu1) hirsute; urgency=medium
++
++  * Merge with Debian 7.0.0-1 from Debian unstable
++    Remaining changes:
++    - libvirt-uri.sh: Automatically switch default libvirt URI for users
++      via user profile (xen URI on dom0, qemu:///system otherwise)
++      [contains lintian fixups of 6.6.0-1ubuntu1]
++    - Disable libssh2 support (universe dependency)
++    - Disable firewalld support (universe dependency)
++    - d/control: add libzfslinux-dev to build-deps
++    - d/control: drop libvirt-lxc, vbox and xen drivers to suggest
++    - d/control: breaks replaces for augeas lenses move in 6.0.0-1
++      (follows Debian, droppable >22.04)
++    - debian/rules: disable the netcf backend. (LP: 1764314)
++    - debian/patches/ubuntu/ovmf_paths.patch: adjust paths to secboot.fd UEFI
++      Secure Boot enabled variants of the OVMF firmware and variable store for
++      the paths where we ship these files in Ubuntu.
++    - Set qemu-group to kvm (for compat with older ubuntu)
++    - Additional apport package-hook
++    - Autostart default bridged network (As upstream does, but not Debian).
++      In addition to just enabling it our solution provides:
++      + do not autostart if subnet is already taken (e.g. in guests).
++      + iterate some alternative subnets before giving up
++    - d/p/ubuntu/Allow-libvirt-group-to-access-the-socket.patch: This is
++      the group based access to libvirt functions as it was used in Ubuntu
++      for quite a long time.
++      + d/p/ubuntu/daemon-augeas-fix-expected.patch fix some related tests
++        due to the group access change.
++      + d/libvirt-daemon-system.postinst: add users in sudo to the libvirt
++        group.
++    - ubuntu/parallel-shutdown.patch: set parallel shutdown by default.
++    - Update README.Debian with Ubuntu changes
++    - d/p/ubuntu/ubuntu_machine_type.patch: accept ubuntu types as pci440fx
++    - fix autopkgtests (LP 1899180)
++      + d/t/control, d/t/smoke-qemu-session: fixup smoke-qemu-session by making
++        vmlinuz available and accessible (Debian bug 848314)
++      + d/t/control: fix smoke-qemu-session by ensuring the service will run
++        installing libvirt-daemon-system
++      + d/t/smoke-lxc: fix smoke-lxc by ignoring potential issues on destroy as
++        long as the following undefine succeeds
++      + d/t/smoke-lxc: use systemd instead of sysV to restart the service
++      + d/t/control, d/t/smoke-lxc: retry service restart and skip test if
++        failing; This was flaky on some release/architectures
++      + d/t/smoke-lxc: retry check_domain being flaky on arm64
++    - dnsmasq related enhancements
++      [now contains dnsmasq-as-priv-user of 6.6.0-1ubuntu1]
++      + run dnsmasq as libvirt-dnsmasq (LP: 1743718)
++      + d/libvirt-daemon-system.postinst: add libvirt-dnsmasq user and group
++      + d/libvirt-daemon-system.postrm: remove libvirt-dnsmasq user and group
++        on purge
++      + d/p/ubuntu/dnsmasq-as-priv-user: write dnsmasq config with user
++        libvirt-dnsmasq and adapt the self tests to expect that config
++      + d/libvirt-daemon-system.postinst: fix old libvirt-dnsmasq users group
++      + Add dnsmasq configuration to work with system wide dnsmasq-base
++    - d/p/ubuntu/set-default-machine-to-ubuntu.patch: to select default
++      machine type correctly with newer qemu/libvirt
++    - d/p/ubuntu/lp-1861125-ubuntu-models: recognize Ubuntu models for
++      (LP 1861125) fixups
++    - d/p/ubuntu/wait-for-qemu-kvm.patch - avoid hangs on startup (LP 1887592)
++    - remove Debian debian/Revert-m4-virt-xdr-rewrite-XDR-check.patch as with
++      recent ubuntu glibx 2.32 it is breaking the build
++    - d/control: add libtirpc for rpc.h with glibc >=2.32
++    - Apparmor Delta that is Ubuntu specific or yet to be upstreamed
++      split into logical pieces. File names in debian/patches/ubuntu-aa/:
++      + 0020-virt-aa-helper-ubuntu-storage-paths.patch:
++        apparmor, virt-aa-helper: Allow various storage pools and image
++        locations
++      + 0029-appmor-libvirt-qemu-Add-9p-support.patch: appmor,
++        libvirt-qemu: Add 9p support
++      + 0031-virt-aa-helper-Ask-for-no-deny-rule-for-readonly-dis.patch:
++        virt-aa-helper: Ask for no deny rule for readonly disk (renamed and
++        reworded, was virt-aa-helper-no-explicity-deny-for-basefiles.patch)
++      + 0032-apparmor-libvirt-qemu-Allow-reading-charm-specific-c.patch:
++        apparmor, libvirt-qemu: Allow reading charm-specific ceph config
++      + 0033-UBUNTU-only-apparmor-for-kvm.powerpc-LP-1680384.patch: allow
++        commands executed by ubuntu only kvm wrapper on ppc64el
++        (LP 1686621 LP 1680384 LP 1784023)
++      + 0034-apparmor-virt-aa-helper-access-for-snapped-nova.patch:
++        apparmor, virt-aa-helper: access for snapped nova
++      + lp-1815910-allow-vhost-net.patch: avoid apparmor issues
++        with vhost-net/vhost-vsock/vhost-scsi hotplug (LP: 1815910)
++    - d/p/u/lp-1913266-*: add vsock options to be usable with s390x secure
++      execution (LP 1913266)
++  * Dropped Changes [in Debian now]
++    - Avoid various issues around service/socket status after install/reinstall
++      and on upgrades (LP 1914054).
++      - d/rules: let sockets use --no-stop-on-upgrade to avoid false positives
++      - d/rules: --no-restart-after-upgrade does not prevent restarts
++      - d/rules: avoid --no-start which breaks .sockets on re-install
++      - d/rules: start, but do not restart libvirt-guests.service
++    - Dependency improvements yet unreleased from salsa/debian/master thanks
++      to Andrea Bolognani (Debian #981435).
++      - control: Always explicitly depend on libvirt0
++      - control: Always use versioned deps for libvirt components
++    - d/control: extend demotion of libvirt-lxc related dependencies to
++      libvirt-login-shell
++
++ -- Christian Ehrhardt <christian.ehrhardt@canonical.com>  Tue, 23 Feb 2021 12:16:08 +0100
++
  libvirt (7.0.0-2) unstable; urgency=medium
    * Team upload
@@ -712,6 +2178,123 @@ libvirt (7.0.0-2) unstable; urgency=medium
   -- Andrea Bolognani <eof@kiyuko.org>  Wed, 10 Feb 2021 23:23:32 +0100
++libvirt (7.0.0-1ubuntu2) hirsute; urgency=medium
++
++  * d/control: extend demotion of libvirt-lxc related dependencies to
++    libvirt-login-shell
++
++ -- Christian Ehrhardt <christian.ehrhardt@canonical.com>  Thu, 04 Feb 2021 13:44:49 +0100
++
++libvirt (7.0.0-1ubuntu1) hirsute; urgency=medium
++
++  * Merge with Debian 7.0.0-1 from Debian unstable
++    This fixes unwanted conffile prompts (LP: #1906248)
++    Remaining changes:
++    - libvirt-uri.sh: Automatically switch default libvirt URI for users
++      via user profile (xen URI on dom0, qemu:///system otherwise)
++      [contains lintian fixups of 6.6.0-1ubuntu1]
++    - Disable libssh2 support (universe dependency)
++    - Disable firewalld support (universe dependency)
++    - d/control: add libzfslinux-dev to build-deps
++    - d/control: drop libvirt-lxc, vbox and xen drivers to suggest
++    - d/control: breaks replaces for augeas lenses move in 6.0.0-1
++      (follows Debian, droppable >22.04)
++    - debian/rules: disable the netcf backend. (LP: 1764314)
++    - debian/patches/ubuntu/ovmf_paths.patch: adjust paths to secboot.fd UEFI
++      Secure Boot enabled variants of the OVMF firmware and variable store for
++      the paths where we ship these files in Ubuntu.
++    - Set qemu-group to kvm (for compat with older ubuntu)
++    - Additional apport package-hook
++    - Autostart default bridged network (As upstream does, but not Debian).
++      In addition to just enabling it our solution provides:
++      + do not autostart if subnet is already taken (e.g. in guests).
++      + iterate some alternative subnets before giving up
++    - d/p/ubuntu/Allow-libvirt-group-to-access-the-socket.patch: This is
++      the group based access to libvirt functions as it was used in Ubuntu
++      for quite a long time.
++      + d/p/ubuntu/daemon-augeas-fix-expected.patch fix some related tests
++        due to the group access change.
++      + d/libvirt-daemon-system.postinst: add users in sudo to the libvirt
++        group.
++    - ubuntu/parallel-shutdown.patch: set parallel shutdown by default.
++    - Update README.Debian with Ubuntu changes
++    - d/p/ubuntu/ubuntu_machine_type.patch: accept ubuntu types as pci440fx
++    - fix autopkgtests (LP 1899180)
++      + d/t/control, d/t/smoke-qemu-session: fixup smoke-qemu-session by making
++        vmlinuz available and accessible (Debian bug 848314)
++      + d/t/control: fix smoke-qemu-session by ensuring the service will run
++        installing libvirt-daemon-system
++      + d/t/smoke-lxc: fix smoke-lxc by ignoring potential issues on destroy as
++        long as the following undefine succeeds
++      + d/t/smoke-lxc: use systemd instead of sysV to restart the service
++      + d/t/control, d/t/smoke-lxc: retry service restart and skip test if
++        failing; This was flaky on some release/architectures
++      + d/t/smoke-lxc: retry check_domain being flaky on arm64
++    - dnsmasq related enhancements
++      [now contains dnsmasq-as-priv-user of 6.6.0-1ubuntu1]
++      + run dnsmasq as libvirt-dnsmasq (LP: 1743718)
++      + d/libvirt-daemon-system.postinst: add libvirt-dnsmasq user and group
++      + d/libvirt-daemon-system.postrm: remove libvirt-dnsmasq user and group
++        on purge
++      + d/p/ubuntu/dnsmasq-as-priv-user: write dnsmasq config with user
++        libvirt-dnsmasq and adapt the self tests to expect that config
++      + d/libvirt-daemon-system.postinst: fix old libvirt-dnsmasq users group
++      + Add dnsmasq configuration to work with system wide dnsmasq-base
++    - d/p/ubuntu/set-default-machine-to-ubuntu.patch: to select default
++      machine type correctly with newer qemu/libvirt
++    - d/p/ubuntu/lp-1861125-ubuntu-models: recognize Ubuntu models for
++      (LP 1861125) fixups
++    - d/p/ubuntu/wait-for-qemu-kvm.patch - avoid hangs on startup (LP 1887592)
++    - remove Debian debian/Revert-m4-virt-xdr-rewrite-XDR-check.patch as with
++      recent ubuntu glibx 2.32 it is breaking the build
++    - d/control: add libtirpc for rpc.h with glibc >=2.32
++    - Apparmor Delta that is Ubuntu specific or yet to be upstreamed
++      split into logical pieces. File names in debian/patches/ubuntu-aa/:
++      + 0020-virt-aa-helper-ubuntu-storage-paths.patch:
++        apparmor, virt-aa-helper: Allow various storage pools and image
++        locations
++      + 0029-appmor-libvirt-qemu-Add-9p-support.patch: appmor,
++        libvirt-qemu: Add 9p support
++      + 0031-virt-aa-helper-Ask-for-no-deny-rule-for-readonly-dis.patch:
++        virt-aa-helper: Ask for no deny rule for readonly disk (renamed and
++        reworded, was virt-aa-helper-no-explicity-deny-for-basefiles.patch)
++      + 0032-apparmor-libvirt-qemu-Allow-reading-charm-specific-c.patch:
++        apparmor, libvirt-qemu: Allow reading charm-specific ceph config
++      + 0033-UBUNTU-only-apparmor-for-kvm.powerpc-LP-1680384.patch: allow
++        commands executed by ubuntu only kvm wrapper on ppc64el
++        (LP 1686621 LP 1680384 LP 1784023)
++      + 0034-apparmor-virt-aa-helper-access-for-snapped-nova.patch:
++        apparmor, virt-aa-helper: access for snapped nova
++      + lp-1815910-allow-vhost-net.patch: avoid apparmor issues
++        with vhost-net/vhost-vsock/vhost-scsi hotplug (LP: 1815910)
++  * Dropped Changes [in Debian now]
++    - 0050-local-include-for-libvirt-qemu.patch,
++      d/libvirt-daemon-system.postinst: provide a local apparmor include
++      for abstraction/libvirt-qemu (LP: 1786019)
++  * Dropped Changes [in upstream now]
++    - d/p/ubuntu-aa/apparmor-allow-kvm-spice-compat-wrapper.patch: fix migrating
++      pre-Focal guests by allowing kvm-spice
++    - virt-ssh-helper: fix slow migrations and volume transfers (LP 1904584)
++      - d/p/ubuntu/lp-1904584-remote-make-ssh-helper-massively-faster.patch
++      - d/p/ubuntu/lp-1904584-util-avoid-glib-event-loop-workaround.patch
++  * Dropped Changes [ready for main]
++    - d/control: drop mdevctl to a suggest until (LP: #1889248) is ready
++  * Added Changes:
++    - Avoid various issues around service/socket status after install/reinstall
++      and on upgrades (LP: #1914054).
++      - d/rules: let sockets use --no-stop-on-upgrade to avoid false positives
++      - d/rules: --no-restart-after-upgrade does not prevent restarts
++      - d/rules: avoid --no-start which breaks .sockets on re-install
++      - d/rules: start, but do not restart libvirt-guests.service
++    - d/p/u/lp-1913266-*: add vsock options to be usable with s390x secure
++      execution (LP: #1913266)
++    - Dependency improvements yet unreleased from salsa/debian/master thanks
++      to Andrea Bolognani (Debian #981435).
++      - control: Always explicitly depend on libvirt0
++      - control: Always use versioned deps for libvirt components
++
++ -- Christian Ehrhardt <christian.ehrhardt@canonical.com>  Mon, 25 Jan 2021 14:32:05 +0100
++
  libvirt (7.0.0-1) unstable; urgency=medium
    * Team upload
@@ -775,6 +2358,142 @@ libvirt (6.9.0-2) experimental; urgency=medium
   -- Andrea Bolognani <eof@kiyuko.org>  Thu, 14 Jan 2021 23:51:32 +0100
++libvirt (6.9.0-1ubuntu4) hirsute; urgency=medium
++
++  * Improve flaky smoke-lxc test (LP: #1899180)
++    - d/t/control, d/t/smoke-lxc: retry service restart and skip test if
++      failing; This was flaky on some release/architectures
++    - d/t/smoke-lxc: retry check_domain being flaky on arm64
++
++ -- Christian Ehrhardt <christian.ehrhardt@canonical.com>  Fri, 04 Dec 2020 08:12:02 +0100
++
++libvirt (6.9.0-1ubuntu3) hirsute; urgency=high
++
++  * No change rebuild against wireshark 3.4.0
++
++ -- Balint Reczey <rbalint@ubuntu.com>  Mon, 07 Dec 2020 08:06:59 +0100
++
++libvirt (6.9.0-1ubuntu2) hirsute; urgency=medium
++
++  * virt-ssh-helper: fix slow migrations and volume transfers (LP: #1904584)
++    - d/p/ubuntu/lp-1904584-remote-make-ssh-helper-massively-faster.patch
++    - d/p/ubuntu/lp-1904584-util-avoid-glib-event-loop-workaround.patch
++
++ -- Christian Ehrhardt <christian.ehrhardt@canonical.com>  Thu, 26 Nov 2020 16:52:23 +0100
++
++libvirt (6.9.0-1ubuntu1) hirsute; urgency=medium
++
++  * Merge with Debian 6.8.0-1 from unstable
++    Remaining changes:
++    - libvirt-uri.sh: Automatically switch default libvirt URI for users
++      via user profile (xen URI on dom0, qemu:///system otherwise)
++      [contains lintian fixups of 6.6.0-1ubuntu1]
++    - Disable libssh2 support (universe dependency)
++    - Disable firewalld support (universe dependency)
++    - d/control: add libzfslinux-dev to build-deps
++    - d/control: drop libvirt-lxc, vbox and xen drivers to suggest
++    - d/control: breaks replaces for augeas lenses move in 6.0.0-1
++      (follows Debian, droppable >22.04)
++    - d/control: drop mdevctl to a suggest until (LP 1889248) is ready
++    - debian/rules: disable the netcf backend. (LP: 1764314)
++    - debian/patches/ubuntu/ovmf_paths.patch: adjust paths to secboot.fd UEFI
++      Secure Boot enabled variants of the OVMF firmware and variable store for
++      the paths where we ship these files in Ubuntu.
++    - Set qemu-group to kvm (for compat with older ubuntu)
++    - Additional apport package-hook
++    - Autostart default bridged network (As upstream does, but not Debian).
++      In addition to just enabling it our solution provides:
++      + do not autostart if subnet is already taken (e.g. in guests).
++      + iterate some alternative subnets before giving up
++    - d/p/ubuntu/Allow-libvirt-group-to-access-the-socket.patch: This is
++      the group based access to libvirt functions as it was used in Ubuntu
++      for quite a long time.
++      + d/p/ubuntu/daemon-augeas-fix-expected.patch fix some related tests
++        due to the group access change.
++      + d/libvirt-daemon-system.postinst: add users in sudo to the libvirt
++        group.
++    - ubuntu/parallel-shutdown.patch: set parallel shutdown by default.
++    - Update README.Debian with Ubuntu changes
++    - d/p/ubuntu/ubuntu_machine_type.patch: accept ubuntu types as pci440fx
++    - fix autopkgtests
++      + d/t/control, d/t/smoke-qemu-session: fixup smoke-qemu-session by making
++        vmlinuz available and accessible (Debian bug 848314)
++      + d/t/control: fix smoke-qemu-session by ensuring the service will run
++        installing libvirt-daemon-system
++      + d/t/smoke-lxc: fix smoke-lxc by ignoring potential issues on destroy as
++        long as the following undefine succeeds
++      + d/t/smoke-lxc: use systemd instead of sysV to restart the service
++    - dnsmasq related enhancements
++      [now contains dnsmasq-as-priv-user of 6.6.0-1ubuntu1]
++      + run dnsmasq as libvirt-dnsmasq (LP: 1743718)
++      + d/libvirt-daemon-system.postinst: add libvirt-dnsmasq user and group
++      + d/libvirt-daemon-system.postrm: remove libvirt-dnsmasq user and group
++        on purge
++      + d/p/ubuntu/dnsmasq-as-priv-user: write dnsmasq config with user
++        libvirt-dnsmasq and adapt the self tests to expect that config
++      + d/libvirt-daemon-system.postinst: fix old libvirt-dnsmasq users group
++      + Add dnsmasq configuration to work with system wide dnsmasq-base
++    - d/p/ubuntu/set-default-machine-to-ubuntu.patch: to select default
++      machine type correctly with newer qemu/libvirt
++    - d/p/ubuntu/lp-1861125-ubuntu-models: recognize Ubuntu models for
++      (LP 1861125) fixups
++    - d/p/ubuntu/wait-for-qemu-kvm.patch - avoid hangs on startup (LP 1887592)
++    - Apparmor Delta that is Ubuntu specific or yet to be upstreamed
++      split into logical pieces. File names in debian/patches/ubuntu-aa/:
++      + 0020-virt-aa-helper-ubuntu-storage-paths.patch:
++        apparmor, virt-aa-helper: Allow various storage pools and image
++        locations
++      + 0029-appmor-libvirt-qemu-Add-9p-support.patch: appmor,
++        libvirt-qemu: Add 9p support
++      + 0031-virt-aa-helper-Ask-for-no-deny-rule-for-readonly-dis.patch:
++        virt-aa-helper: Ask for no deny rule for readonly disk (renamed and
++        reworded, was virt-aa-helper-no-explicity-deny-for-basefiles.patch)
++      + 0032-apparmor-libvirt-qemu-Allow-reading-charm-specific-c.patch:
++        apparmor, libvirt-qemu: Allow reading charm-specific ceph config
++      + 0033-UBUNTU-only-apparmor-for-kvm.powerpc-LP-1680384.patch: allow
++        commands executed by ubuntu only kvm wrapper on ppc64el
++        (LP 1686621 LP 1680384 LP 1784023)
++      + 0034-apparmor-virt-aa-helper-access-for-snapped-nova.patch:
++        apparmor, virt-aa-helper: access for snapped nova
++      + 0050-local-include-for-libvirt-qemu.patch,
++        d/libvirt-daemon-system.postinst: provide a local apparmor include
++        for abstraction/libvirt-qemu (LP: 1786019)
++      + lp-1815910-allow-vhost-net.patch: avoid apparmor issues
++        with vhost-net/vhost-vsock/vhost-scsi hotplug (LP: 1815910)
++  * Dropped Changes [in Debian now]
++    - d/p/u/lp-1892826-Revert-m4-virt-xdr-rewrite-XDR-check.patch: avoid clashes
++      between libtripc and glibc that break libvirt-lxc (LP 1892826)
++  * Dropped Changes [in upstream now]
++    - d/p/ubuntu/lp-1901242-util-Fix-logic-in-virFileSetCOW.patch: fix dir pool
++      handling on non BTRFS affecting virt-manager, api and commandline pool
++      handling (LP 1901242)
++    - d/p/ubuntu-aa/lp-1892736-apparmor-allow-libvirtd-to-call-virtiofsd.patch:
++      allow libvirt to control virtiofsd (LP 1892736)
++    - d/p/ubuntu-aa/apparmor-allow-unmounting-.dev-entries.patch: avoid
++      triggering denials in devmapper error path
++    - d/p/ubuntu-aa/apparmor-profiles-are-meant-to-allow-adding-permanen.patch:
++      (again) allow permanent per guest overrides (LP 1745114)
++    - d/p/ubuntu-aa/lp-1847361-load-versioned-module.patch: allow loading
++      versioned modules after qemu package upgrades (LP 1847361)
++    - d/p/ubuntu-aa/0003-apparmor-libvirt-qemu-Allow-read-access-to-overcommi.
++      patch: apparmor, libvirt-qemu: Allow read access to overcommit_memory
++    - d/p/ubuntu-aa/0007-apparmor-libvirt-qemu-Allow-owner-read-access-to-PRO.
++      patch: apparmor, libvirt-qemu: Allow owner read access to @{PROC}/*/auxv
++    - d/p/ubuntu/lp-1887490-*: add named types and definitions for EPYC-Rome
++      chips (LP 1887490)
++    - 0030-virt-aa-helper-Complete-9p-support.patch: virt-aa-helper:
++      add l to 9p file options.
++  * Added Changes
++    - d/p/ubuntu/daemon-augeas-fix-expected.patch: update for 6.9
++    - d/p/ubuntu/Allow-libvirt-group-to-access-the-socket.patch: update for 6.9
++    - remove Debian debian/Revert-m4-virt-xdr-rewrite-XDR-check.patch as with
++      recent ubuntu glibx 2.32 it is breaking the build
++    - d/control: add libtirpc for rpc.h with glibc >=2.32
++    - d/p/ubuntu-aa/apparmor-allow-kvm-spice-compat-wrapper.patch: fix migrating
++      pre-Focal guests by allowing kvm-spice
++
++ -- Christian Ehrhardt <christian.ehrhardt@canonical.com>  Mon, 02 Nov 2020 12:02:26 +0100
++
  libvirt (6.9.0-1) unstable; urgency=medium
    * Team upload
@@ -852,6 +2571,208 @@ libvirt (6.6.0-2) unstable; urgency=medium
   -- Andrea Bolognani <eof@kiyuko.org>  Fri, 28 Aug 2020 17:18:51 +0200
++libvirt (6.6.0-1ubuntu4) hirsute; urgency=medium
++
++  * d/p/ubuntu/lp-1901242-util-Fix-logic-in-virFileSetCOW.patch: fix dir pool
++    handling on non BTRFS affecting virt-manager, api and commandline pool
++    handling (LP: #1901242)
++
++ -- Christian Ehrhardt <christian.ehrhardt@canonical.com>  Wed, 28 Oct 2020 07:47:53 +0100
++
++libvirt (6.6.0-1ubuntu3) groovy; urgency=medium
++
++  * d/p/ubuntu/lp-1887490-*: add named types and definitions for EPYC-Rome
++    chips (LP: #1887490)
++
++ -- Christian Ehrhardt <christian.ehrhardt@canonical.com>  Thu, 08 Oct 2020 07:36:06 +0200
++
++libvirt (6.6.0-1ubuntu2) groovy; urgency=medium
++
++  * d/p/u/lp-1892826-Revert-m4-virt-xdr-rewrite-XDR-check.patch: avoid clashes
++    between libtripc and glibc that break libvirt-lxc (LP: #1892826)
++  * d/p/ubuntu-aa/lp-1892736-apparmor-allow-libvirtd-to-call-virtiofsd.patch:
++    allow libvirt to control virtiofsd (LP: #1892736)
++
++ -- Christian Ehrhardt <christian.ehrhardt@canonical.com>  Tue, 25 Aug 2020 14:53:26 +0200
++
++libvirt (6.6.0-1ubuntu1) groovy; urgency=medium
++
++  * Merge with Debian 6.6.0-1 from experimental
++    Among many other new features and fixes this includes fixes for:
++    (LP: #1874647) - Stale libvirt cache leads to VM startup failures
++    (LP: #1869796) - bad ordering and dependent restarts of services/sockets
++    Remaining changes:
++    - d/p/ubuntu-aa/lp-1847361-load-versioned-module.patch: allow loading
++      versioned modules after qemu package upgrades (LP 1847361)
++    - libvirt-uri.sh: Automatically switch default libvirt URI for users
++      via user profile (xen URI on dom0, qemu:///system otherwise)
++    - Disable libssh2 support (universe dependency)
++    - Disable firewalld support (universe dependency)
++    - Set qemu-group to kvm (for compat with older ubuntu)
++    - Additional apport package-hook
++    - Autostart default bridged network (As upstream does, but not Debian).
++      In addition to just enabling it our solution provides:
++      + do not autostart if subnet is already taken (e.g. in guests).
++      + iterate some alternative subnets before giving up
++    - d/p/ubuntu/Allow-libvirt-group-to-access-the-socket.patch: This is
++      the group based access to libvirt functions as it was used in Ubuntu
++      for quite long.
++      + d/p/ubuntu/daemon-augeas-fix-expected.patch fix some related tests
++        due to the group access change.
++      + d/libvirt-daemon-system.postinst: add users in sudo to the libvirt
++        group.
++    - ubuntu/parallel-shutdown.patch: set parallel shutdown by default.
++    - Update README.Debian with Ubuntu changes
++    - d/p/ubuntu/ubuntu_machine_type.patch: accept ubuntu types as pci440fx
++    - fix autopkgtests
++      + d/t/control, d/t/smoke-qemu-session: fixup smoke-qemu-session by making
++        vmlinuz available and accessible (Debian bug 848314)
++      + d/t/control: fix smoke-qemu-session by ensuring the service will run
++        installing libvirt-daemon-system
++      + d/t/smoke-lxc: fix smoke-lxc by ignoring potential issues on destroy as
++        long as the following undefine succeeds
++      + d/t/smoke-lxc: use systemd instead of sysV to restart the service
++    - dnsmasq related enhancements
++      + run dnsmasq as libvirt-dnsmasq (LP: 1743718)
++      + d/libvirt-daemon-system.postinst: add libvirt-dnsmasq user and group
++      + d/libvirt-daemon-system.postrm: remove libvirt-dnsmasq user and group
++        on purge
++      + d/p/ubuntu/dnsmasq-as-priv-user: write dnsmasq config with user
++        libvirt-dnsmasq and adapt the self tests to expect that config
++      + d/libvirt-daemon-system.postinst: fix old libvirt-dnsmasq users group
++      + Add dnsmasq configuration to work with system wide dnsmasq-base
++    - debian/rules: disable the netcf backend. (LP: 1764314)
++    - debian/patches/ubuntu/ovmf_paths.patch: adjust paths to secboot.fd UEFI
++      Secure Boot enabled variants of the OVMF firmware and variable store for
++      the paths where we ship these files in Ubuntu.
++    - d/p/ubuntu/set-default-machine-to-ubuntu.patch: to select default
++      machine type correctly with newer qemu/libvirt
++    - d/control: add libzfslinux-dev to build-deps
++    - d/control: drop libvirt-lxc, vbox and xen drivers to suggest
++    - d/p/ubuntu/lp-1861125-ubuntu-models: recognize Ubuntu models for
++      (LP 1861125) fixups
++    - Apparmor Delta that is Ubuntu specific or yet to be upstreamed
++      split into logical pieces. File names in debian/patches/ubuntu-aa/:
++      + 0003-apparmor-libvirt-qemu-Allow-read-access-to-overcommi.patch:
++        apparmor, libvirt-qemu: Allow read access to overcommit_memory
++      + 0007-apparmor-libvirt-qemu-Allow-owner-read-access-to-PRO.patch:
++        apparmor, libvirt-qemu: Allow owner read access to @{PROC}/*/auxv
++      + 0020-virt-aa-helper-ubuntu-storage-paths.patch:
++        apparmor, virt-aa-helper: Allow various storage pools and image
++        locations
++      + 0029-appmor-libvirt-qemu-Add-9p-support.patch: appmor,
++        libvirt-qemu: Add 9p support
++      + 0030-virt-aa-helper-Complete-9p-support.patch: virt-aa-helper:
++        add l to 9p file options.
++      + 0031-virt-aa-helper-Ask-for-no-deny-rule-for-readonly-dis.patch:
++        virt-aa-helper: Ask for no deny rule for readonly disk (renamed and
++        reworded, was virt-aa-helper-no-explicity-deny-for-basefiles.patch)
++      + 0032-apparmor-libvirt-qemu-Allow-reading-charm-specific-c.patch:
++        apparmor, libvirt-qemu: Allow reading charm-specific ceph config
++      + 0033-UBUNTU-only-apparmor-for-kvm.powerpc-LP-1680384.patch: allow
++        commands executed by ubuntu only kvm wrapper on ppc64el
++        (LP 1686621 LP 1680384 LP 1784023)
++      + 0034-apparmor-virt-aa-helper-access-for-snapped-nova.patch:
++        apparmor, virt-aa-helper: access for snapped nova
++      + 0050-local-include-for-libvirt-qemu.patch,
++        d/libvirt-daemon-system.postinst: provide a local apparmor include
++        for abstraction/libvirt-qemu (LP: 1786019)
++      + lp-1815910-allow-vhost-net.patch: avoid apparmor issues
++        with vhost-net/vhost-vsock/vhost-scsi hotplug (LP: 1815910)
++  * Dropped changes (in Debian now):
++    - Enable some additional features on ppc64el and s390x (for arch parity)
++      + systemtap, zfs, numa and numad on s390x.
++      + systemtap on ppc64el.
++    - enable attr support to store XATTR labels. Among other things
++      this allows to properly restore file ownership (LP 691590)
++        - d/control: build depend to libattr1-dev
++        - d/rules: configure --with-attr
++    - Install virt-login-shell-helper
++    - Install augeas lenses for all drivers
++    - Remove all mentions of Devhelp
++    - not-installed: Remove obsolete entries
++    - not-installed: List all split daemons files
++    - d/control: bump build dep to python3
++    - d/control: add python3-docutils as build dependency
++    - d/rules: set enable-dependency-tracking to avoid FTBFS
++    - d/rules: drop the no more existing phyp option
++    - d/rules: drop the no more existing xen configure option
++    - minimize patches generated by autoreconf
++    - fix build on Debian/Ubuntu in qemuhotplugtest
++    - d/libvirt-doc.doc: install rendered docs
++    - d/libvirt-daemon-system.examples: drop old examples that are now active
++    - d/libvirt-doc.doc-base.libvirt-doc: adapt doc base to new file placement
++    - d/libvirt-daemon-system-sysv.lintian-overrides: not shipiing systemd files
++    - d/libnss-libvirt.lintian-overrides: accept having two nss so files
++    - d/rules: don't ship split daemons just yet
++    - d/rules: install /etc/default/* files that are shared between sysv and
++      systemd packages
++    - d/rules: add libvirt-guests.default to libvirt-daemon-system instead of
++      libvirt-daemon-system-sysv
++    - d/rules: install virtlockd correctly with defaults file (LP: 1729516)
++    - d/rules: also check build time self test results on all architectures
++    - d/rules: add --no-restart-after-upgrade to services that are supposed to
++      stay up through upgrades - this also applies to related sockets.
++  * Dropped changes (part of upstream now):
++    - d/p/ubuntu/lp-1879325-*: avoid issues with apparmor metadata labeling
++      (LP 1879325)
++    - d/p/ubuntu-aa/lp-1871354*: fix apparmor denials on libpmem init
++      (LP 1871354)
++    - d/p/ubuntu/CVE-CVE-2020-10701-api-disallow-virDomainAgentSetResponseTimeout
++      -on-rea.patch: avoid DOS through read only connections
++      CVE-2020-10701
++    - d/p/ubuntu/lp-1867460-*: fix domcapabilities before capabilities
++      and binary autodetection in general (LP 1867460)
++    - d/p/stable/lp-1868539-*: stabilize libvirt by backporting upstream
++      fixes (LP 1868539)
++    - d/p/ubuntu/lp-1853200*: add cpu models without hle/rtm features to have
++      modern types on kernels with recent security fixes (LP 1853200)
++    - d/p/ubuntu/lp-1868528-*: Fail when fetching CPU Status for invalid CPU
++      (LP 1868528)
++    - d/p/ubuntu/lp-1865425-*: avoid killing the monitor job in
++      qemuDomainSetTimeAgent (LP 1865425)
++    - d/p/ubuntu-aa/virt-aa-helper-Add-support-for-smartcard-host-certif.patch:
++      allow emulation of smartcard via host certificates
++    - d/p/ubuntu/lp-1861125-*: fix non host-model migrations from old machine
++      types (LP 1861125)
++    - d/p/ubuntu-aa/apparmor-allow-to-call-vhost-user-gpu.patch: do not apparmor
++      block vhost-user-gpu usage
++    - d/p/ubuntu/lp-1655111*: fix qemu_bridge_helper to work with named
++      profiles (LP 1655111)
++  * Dropped changes (no more needed):
++    - d/control: make libvirt-daemon-driver-storage-rbd a recommend instead of
++      just a suggest. This was deprecated since bionic and now will be dropped.
++    - Update Vcs-Git and Vcs-Browser fields to point to launchpad
++    - d/control: VCS links to use generic Ubuntu launchpad git URLs
++    - refreshed patches for libvirt v6.0.0
++    - d/libvirt-daemon-system.postrm: change order of libvirt-qemu removal to
++      avoid error messages on purge [deluser/delgroup no more report warnings]
++    - "Additional apport package-hook": due to context auto updates
++      d/libvirt-daemon.install had bad entries which are no more required.
++    - d/control, d/rules: Disable rbd and zfs on riscv64 where they are
++      unavailable (LP 1872952)
++  * Added Changes:
++    - d/control: breaks replaces for augeas lenses move in 6.0.0-1
++      (follows Debian, droppable >22.04)
++    - refresh ubuntu patches for 6.6
++      - d/p/ubuntu-aa/0050-local-include-for-libvirt-qemu.patch
++      - d/p/ubuntu-aa/0034-apparmor-virt-aa-helper-access-for-snapped-nova.patch
++      - d/p/ubuntu-aa/0020-virt-aa-helper-ubuntu-storage-paths.patch
++      - d/p/ubuntu/dnsmasq-as-priv-user
++      - d/p/ubuntu/Allow-libvirt-group-to-access-the-socket.patch
++      - d/p/ubuntu/daemon-augeas-fix-expected.patch
++    - d/libvirt-daemon-system.postinst: fix bashism in dnsmasq related
++      enhancements
++    - d/p/ubuntu/wait-for-qemu-kvm.patch - avoid hangs on startup (LP: #1887592)
++    - d/libvirt-clients.lintian-overrides: profile scripts are non executable
++    - d/p/ubuntu-aa/apparmor-allow-unmounting-.dev-entries.patch: avoid
++      triggering denials in devmapper error path
++    - d/p/ubuntu-aa/pparmor-profiles-are-meant-to-allow-adding-permanen.patch:
++      (again) allow permanent per guest overrides (LP: #1745114)
++    - d/control: drop mdevctl to a suggest until (LP 1889248) is ready
++
++ -- Christian Ehrhardt <christian.ehrhardt@canonical.com>  Thu, 06 Aug 2020 08:04:09 +0200
++
  libvirt (6.6.0-1) unstable; urgency=medium
    * Team upload
@@ -1090,6 +3011,287 @@ libvirt (6.0.0~rc1-1) experimental; urgency=medium
   -- Guido Günther <agx@sigxcpu.org>  Sat, 18 Jan 2020 18:16:20 +0100
++libvirt (6.0.0-0ubuntu11) groovy; urgency=medium
++
++  * SECURITY UPDATE: privilege escalation via incorrect socket permissions
++    - debian/patches/ubuntu/Allow-libvirt-group-to-access-the-socket.patch:
++      updated patch to also set appropriate permissions on socket created
++      by systemd.
++    - CVE-2020-15708
++
++ -- Marc Deslauriers <marc.deslauriers@ubuntu.com>  Wed, 05 Aug 2020 09:08:34 -0400
++
++libvirt (6.0.0-0ubuntu10) groovy; urgency=medium
++
++  * enable attr support to store XATTR labels. Among other things
++    this allows to properly restore file ownership (LP: #691590)
++      - d/control: build depend to libattr1-dev
++      - d/rules: configure --with-attr
++
++ -- Christian Ehrhardt <christian.ehrhardt@canonical.com>  Mon, 22 Jun 2020 21:30:50 +0200
++
++libvirt (6.0.0-0ubuntu9) groovy; urgency=medium
++
++  * d/p/ubuntu/lp-1879325-*: avoid issues with apparmor metadata labeling
++    (LP: #1879325)
++
++ -- Christian Ehrhardt <christian.ehrhardt@canonical.com>  Wed, 20 May 2020 06:59:57 +0200
++
++libvirt (6.0.0-0ubuntu8) focal; urgency=medium
++
++  * d/control, d/rules: Disable rbd and zfs on riscv64 where they are
++    unavailable (LP: #1872952)
++
++ -- William Grant <wgrant@ubuntu.com>  Sat, 18 Apr 2020 13:59:21 +1000
++
++libvirt (6.0.0-0ubuntu7) focal; urgency=medium
++
++  * d/p/ubuntu-aa/lp-1871354*: fix apparmor denials on libpmem init
++    (LP: #1871354)
++  * d/p/ubuntu/CVE-CVE-2020-10701-api-disallow-virDomainAgentSetResponseTimeout
++    -on-rea.patch: avoid DOS through read only connections
++    CVE-2020-10701
++
++ -- Christian Ehrhardt <christian.ehrhardt@canonical.com>  Wed, 15 Apr 2020 12:29:12 +0200
++
++libvirt (6.0.0-0ubuntu6) focal; urgency=medium
++
++  * d/p/ubuntu/lp-1867460-*: fix domcapabilities before capabilities
++    and binary autodetection in general (LP: #1867460)
++  * d/p/stable/lp-1868539-*: stabilize libvirt by backporting upstream
++    fixes (LP: #1868539)
++  * d/p/ubuntu/lp-1853200*: add cpu models without hle/rtm features to have
++    modern types on kernels with recent security fixes (LP: #1853200)
++  * d/p/ubuntu/lp-1868528-*: Fail when fetching CPU Status for invalid CPU
++    (LP: #1868528)
++
++ -- Christian Ehrhardt <christian.ehrhardt@canonical.com>  Fri, 20 Mar 2020 10:34:19 +0100
++
++libvirt (6.0.0-0ubuntu5) focal; urgency=medium
++
++  * d/p/ubuntu-aa/lp-1847361-load-versioned-module.patch: allow loading
++    versioned modules after qemu package upgrades (LP: #1847361)
++
++ -- Christian Ehrhardt <christian.ehrhardt@canonical.com>  Tue, 10 Mar 2020 08:58:04 +0100
++
++libvirt (6.0.0-0ubuntu4) focal; urgency=medium
++
++  * d/p/ubuntu/lp-1865425-*: avoid killing the monitor job in
++    qemuDomainSetTimeAgent (LP: #1865425)
++
++ -- Christian Ehrhardt <christian.ehrhardt@canonical.com>  Mon, 02 Mar 2020 10:44:22 +0100
++
++libvirt (6.0.0-0ubuntu3) focal; urgency=medium
++
++  * rebuild against libxen-dev 4.11.3 (no change needed)
++  * d/p/ubuntu-aa/virt-aa-helper-Add-support-for-smartcard-host-certif.patch:
++    allow emulation of smartcard via host certificates
++  * d/p/ubuntu/lp-1861125-*: fix non host-model migrations from old machine
++    types (LP: #1861125)
++  * d/p/ubuntu-aa/apparmor-allow-to-call-vhost-user-gpu.patch: do not apparmor
++    block vhost-user-gpu usage
++
++ -- Christian Ehrhardt <christian.ehrhardt@canonical.com>  Wed, 12 Feb 2020 14:20:08 +0100
++
++libvirt (6.0.0-0ubuntu2) focal; urgency=medium
++
++  [ Christian Ehrhardt ]
++  * Bring back the ubuntu default URI handling. While no more needed for xen
++    its removal made libvirt fallback further to the upstream default
++    qemu:///session while Ubuntu forever had and for now wants to keep
++    qemu:///system (LP: #1861693)
++    - revert 'd/libvirt-clients.maintscript: rm_conffile libvirt-uri.sh that
++      was optional for use on xen hosts'
++    - libvirt-uri.sh: Automatically switch default libvirt URI for users on
++      Xen dom0 via user profile
++      [added back former delta]
++
++  [ Andrea Bolognani ]
++  * Merge further fixes from debian/experimental
++    - Install virt-login-shell-helper
++    - Install augeas lenses for all drivers
++    - Remove all mentions of Devhelp
++    - not-installed: Remove obsolete entries
++    - not-installed: List all split daemons files
++
++ -- Christian Ehrhardt <christian.ehrhardt@canonical.com>  Tue, 04 Feb 2020 13:08:49 +0100
++
++libvirt (6.0.0-0ubuntu1) focal; urgency=medium
++
++  * Merged with Debian 5.6.0-4 from experimental and v6.0.0 from upstream
++    Among many other new features and fixes this includes fixes for:
++    - LP: #1859253 - rbd driver fails to create a new volume
++    - LP: #1858341 - rbd driver does not list all volumes in pool
++    - LP: #1845506 - Libvirt snapshot doesn't update apparmor profile
++    - LP: #1854653 - slow libvirt-guests.sh during shutdown if service is off
++    - LP: #1848229 - enable ppc64el to use ccf-assist feature
++    - LP: #1853315 - Enable CPU Model Comparison and Baselining on s390x
++    - LP: #1853317 - CCW IPL support to boot from ECKD DASDs
++    - LP: #1859506 - security: AppArmor profile fixes for swtpm
++    Remaining changes:
++    - Disable libssh2 support (universe dependency)
++    - Disable firewalld support (universe dependency)
++    - Set qemu-group to kvm (for compat with older ubuntu)
++    - Additional apport package-hook
++    - Autostart default bridged network (As upstream does, but not Debian).
++      In addition to just enabling it our solution provides:
++      + do not autostart if subnet is already taken (e.g. in guests).
++      + iterate some alternative subnets before giving up
++    - d/p/ubuntu/Allow-libvirt-group-to-access-the-socket.patch: This is
++      the group based access to libvirt functions as it was used in Ubuntu
++      for quite long.
++      + d/p/ubuntu/daemon-augeas-fix-expected.patch fix some related tests
++        due to the group access change.
++      + d/libvirt-daemon-system.postinst: add users in sudo to the libvirt
++        group.
++    - ubuntu/parallel-shutdown.patch: set parallel shutdown by default.
++    - Update Vcs-Git and Vcs-Browser fields to point to launchpad
++    - Update README.Debian with Ubuntu changes
++    - Enable some additional features on ppc64el and s390x (for arch parity)
++      + systemtap, zfs, numa and numad on s390x.
++      + systemtap on ppc64el.
++    - d/p/ubuntu/ubuntu_machine_type.patch: accept ubuntu types as pci440fx
++    - Further upstreamed apparmor Delta, especially any new one
++      Our former delta is split into logical pieces and is either Ubuntu only
++      or is part of a continuous upstreaming effort.
++      Listing related remaining changes in debian/patches/ubuntu-aa/:
++    - fix autopkgtests
++      + d/t/control, d/t/smoke-qemu-session: fixup smoke-qemu-session by making
++        vmlinuz available and accessible (Debian bug 848314)
++      + d/t/control: fix smoke-qemu-session by ensuring the service will run
++        installing libvirt-daemon-system
++      + d/t/smoke-lxc: fix smoke-lxc by ignoring potential issues on destroy as
++        long as the following undefine succeeds
++      + d/t/smoke-lxc: use systemd instead of sysV to restart the service
++    - dnsmasq related enhancements
++      + run dnsmasq as libvirt-dnsmasq (LP: 1743718)
++      + d/libvirt-daemon-system.postinst: add libvirt-dnsmasq user and group
++      + d/libvirt-daemon-system.postrm: remove libvirt-dnsmasq user and group
++        on purge
++      + d/p/ubuntu/dnsmasq-as-priv-user: write dnsmasq config with user
++        libvirt-dnsmasq and adapt the self tests to expect that config
++      + d/libvirt-daemon-system.postinst: fix old libvirt-dnsmasq users group
++      + Add dnsmasq configuration to work with system wide dnsmasq-base
++    - debian/rules: disable the netcf backend. (LP: 1764314)
++    - debian/patches/ubuntu/ovmf_paths.patch: adjust paths to secboot.fd UEFI
++      Secure Boot enabled variants of the OVMF firmware and variable store for
++      the paths where we ship these files in Ubuntu.
++    - d/rules: install virtlockd correctly with defaults file (LP: 1729516)
++    - d/rules: also check build time self test results on all architectures
++    - d/p/ubuntu/set-default-machine-to-ubuntu.patch: to select default
++      machine type correctly with newer qemu/libvirt
++    - d/rules: add --no-restart-after-upgrade to services that are supposed to
++      stay up through upgrades - this also applies to related sockets.
++    - Apparmor Delta that is Ubuntu specific or yet to be upstreamed
++      split into logical pieces. File names in debian/patches/ubuntu-aa/:
++      + 0003-apparmor-libvirt-qemu-Allow-read-access-to-overcommi.patch:
++        apparmor, libvirt-qemu: Allow read access to overcommit_memory
++      + 0007-apparmor-libvirt-qemu-Allow-owner-read-access-to-PRO.patch:
++        apparmor, libvirt-qemu: Allow owner read access to @{PROC}/*/auxv
++      + 0017-apparmor-virt-aa-helper-Allow-access-to-tmp-director.patch:
++        apparmor, virt-aa-helper: Allow access to tmp directories
++      + 0020-virt-aa-helper-ubuntu-storage-paths.patch:
++        apparmor, virt-aa-helper: Allow various storage pools and image
++        locations
++      + 0021-apparmor-virt-aa-helper-Add-openvswitch-support.patch:
++        apparmor, virt-aa-helper: Add openvswitch support
++      + 0029-appmor-libvirt-qemu-Add-9p-support.patch: appmor,
++        libvirt-qemu: Add 9p support
++      + 0030-virt-aa-helper-Complete-9p-support.patch: virt-aa-helper:
++        add l to 9p file options.
++      + 0031-virt-aa-helper-Ask-for-no-deny-rule-for-readonly-dis.patch:
++        virt-aa-helper: Ask for no deny rule for readonly disk (renamed and
++        reworded, was virt-aa-helper-no-explicity-deny-for-basefiles.patch)
++      + 0032-apparmor-libvirt-qemu-Allow-reading-charm-specific-c.patch:
++        apparmor, libvirt-qemu: Allow reading charm-specific ceph config
++      + 0033-UBUNTU-only-apparmor-for-kvm.powerpc-LP-1680384.patch: allow
++        commands executed by ubuntu only kvm wrapper on ppc64el
++        (LP 1686621 LP 1680384 LP 1784023)
++      + 0034-apparmor-virt-aa-helper-access-for-snapped-nova.patch:
++        apparmor, virt-aa-helper: access for snapped nova
++      + 0050-local-include-for-libvirt-qemu.patch,
++        d/libvirt-daemon-system.postinst: provide a local apparmor include
++        for abstraction/libvirt-qemu (LP: 1786019)
++      + lp-1815910-allow-vhost-net.patch: avoid apparmor issues
++        with vhost-net/vhost-vsock/vhost-scsi hotplug (LP: 1815910)
++  * Dropped changes (in Debian)
++    - d/libvirt0.symbols: bump symbol versions for 5.4.0
++    - avoid service dependency issues on upgrade (LP: 1786179)
++      This will in the long term be resolved in dh_* tools, but to let an
++      upgrade work for now we need to drop the sysV scripts (which we don't
++      use anyway) and slightly modify the systemd service to work with todays
++      dh_systemd_start properly. Can be dropped once Debian bug 905772 is
++      resolved in dh_* tools and libvirt uses those new code.
++      + d/libvirt-daemon-system.virtlogd.init: removed sysV init file
++      + d/libvirt-daemon-system.libvirtd.init: removed sysV init file
++      + debian/libvirt-daemon-system.maintscript: rm_conffile for virtlogd
++        and lbivirtd sysV init file
++      + d/p/ubuntu/avoid-restarting-virtlog-socket.patch: drop Also references
++        to virtlogd/virtlockd sockets as they would imply a restart of
++        virtlogd breaking it.
++      [ we now have split packages for sysv and systemd support ]
++    - d/t/control, d/t/smoke-lxc: fix up lxc smoke test isolation
++    - Refreshed to match new upstream
++      + d/p/Reduce-udevadm-settle-timeout-to-10-seconds.patch
++  * Dropped changes (now upstream)
++    - d/p/ubuntu/lp-1828495-*: make libvirt able to handle arch_capabilities
++      cpu features for the Host. (LP: 1828495 - not closing yet as guest caps
++      are still need fixups to work well LP: 1841066)
++    - SECURITY UPDATEs: CVE-2019-10161, CVE-2019-10166,
++      CVE-2019-10167 and CVE-2019-10168
++    - d/p/ubuntu-aa/lp-1833040-Add-openGraphicsFD-rule-for-named-profile.patch:
++      avoid issues with remote screen connections like virt-manager due to
++      apparmor changes in libvirt 5.1 (LP 1833040)
++    - 0001-apparmor-Allow-pygrub-to-run-on-Debian-Ubuntu.patch: apparmor:
++      Allow pygrub to run on Debian/Ubuntu
++    - update to v5.4.0
++  * Dropped changes (Xen demoted to universe)
++    - d/p/ubuntu/ubuntu-libxl-qemu-path.patch: this change was split. The
++      section that adapts the path of the emulator to the Debian/Ubuntu
++      packaging is kept.
++    - d/p/ubuntu/ubuntu-libxl-Fix-up-VRAM-to-minimum-requirements.patch: auto
++      set VRAM to minimum requirements
++    - d/p/ubuntu/xen-default-uri.patch: set default URI on xen hosts
++    - Add libxl log directory
++    - libvirt-uri.sh: Automatically switch default libvirt URI for users on
++      Xen dom0 via user profile (was missing on changelogs before)
++  * Dropped changes (no more needed)
++    - d/p/ubuntu/apibuild-skip-libvirt-common.h: drop libvirt-common.h from
++      included_files to avoid build failures due to duplicate definitions.
++      [ finally works in v6.0.0 ]
++    - d/control: Revert iptables/ebtables dependency as Eoan still is on 1.6.x
++      [ focal has iptables 1.8.3 ]
++    - d/rules: adapt iptables binary paths present in Eoan (LP 1832297)
++      [ focal has iptables 1.8.3 ]
++  * Added Changes:
++    - refreshed patches for libvirt v6.0.0
++    - d/control: bump build dep to python3
++    - d/control: VCS links to use generic Ubuntu launchpad git URLs
++    - d/control: add python3-docutils as build dependency
++    - d/control: add libzfslinux-dev to build-deps
++    - d/rules: set enable-dependency-tracking to avoid FTBFS
++    - d/rules: drop the no more existing phyp option
++    - d/rules: drop the no more existing xen configure option
++    - d/libvirt-clients.maintscript: rm_conffile libvirt-uri.sh that was
++      optional for use on xen hosts
++    - d/control: drop libvirt-lxc, vbox and xen drivers to suggest
++    - minimize patches generated by autoreconf
++    - fix build on Debian/Ubuntu in qemuhotplugtest
++    - d/libvirt-doc.doc: install rendered docs
++    - d/libvirt-daemon-system.examples: drop old examples that are now active
++    - d/libvirt-doc.doc-base.libvirt-doc: adapt doc base to new file placement
++    - d/libvirt-daemon-system-sysv.lintian-overrides: not shipiing systemd files
++    - d/libnss-libvirt.lintian-overrides: accept having two nss so files
++    - d/rules: don't ship split daemons just yet
++    - d/rules: install /etc/default/* files that are shared between sysv and
++      systemd packages
++    - d/rules: add libvirt-guests.default to libvirt-daemon-system instead of
++      libvirt-daemon-system-sysv
++    - d/p/ubuntu/lp-1655111*: fix qemu_bridge_helper to work with  named
++      profiles (LP: #1655111)
++
++ -- Christian Ehrhardt <christian.ehrhardt@canonical.com>  Mon, 13 Jan 2020 13:14:14 +0100
++
  libvirt (5.6.0-4) experimental; urgency=medium
    * [d88536d] Introduce libvirt-daemon-system-{systemd,sysv} Move init scripts
@@ -1175,6 +3377,237 @@ libvirt (5.6.0-1) unstable; urgency=medium
   -- Andrea Bolognani <eof@kiyuko.org>  Sun, 25 Aug 2019 16:32:31 +0200
++libvirt (5.4.0-0ubuntu5) eoan; urgency=medium
++
++  * No-change upload with strops.h and sys/strops.h removed in glibc.
++
++ -- Matthias Klose <doko@ubuntu.com>  Thu, 05 Sep 2019 11:00:53 +0000
++
++libvirt (5.4.0-0ubuntu4) eoan; urgency=medium
++
++  * d/p/ubuntu/lp-1828495-*: make libvirt able to handle arch_capabilities
++    cpu features for the Host. (LP: 1828495 - not closing yet as guest caps
++    are still need fixups to work well LP: 1841066)
++
++ -- Christian Ehrhardt <christian.ehrhardt@canonical.com>  Tue, 20 Aug 2019 10:50:08 +0200
++
++libvirt (5.4.0-0ubuntu3) eoan; urgency=medium
++
++  * SECURITY UPDATE: virDomainSaveImageGetXMLDesc does not check for
++    read-only connection
++    - debian/patches/CVE-2019-10161.patch: add check to
++      src/libvirt-domain.c, src/qemu/qemu_driver.c,
++      src/remote/remote_protocol.x.
++    - CVE-2019-10161
++  * SECURITY UPDATE: virDomainManagedSaveDefineXML does not check for
++    read-only connection
++    - debian/patches/CVE-2019-10166.patch: add check to
++      src/libvirt-domain.c.
++    - CVE-2019-10166
++  * SECURITY UPDATE: virConnectGetDomainCapabilities does not check for
++    read-only connection
++    - debian/patches/CVE-2019-10167.patch: add check to
++      src/libvirt-domain.c.
++    - CVE-2019-10167
++  * SECURITY UPDATE: virConnect*HypervisorCPU do not check for read-only
++    connection
++    - debian/patches/CVE-2019-10168.patch: add checks to
++      src/libvirt-host.c.
++    - CVE-2019-10168
++
++ -- Marc Deslauriers <marc.deslauriers@ubuntu.com>  Tue, 02 Jul 2019 08:08:33 -0400
++
++libvirt (5.4.0-0ubuntu2) eoan; urgency=medium
++
++  * d/p/ubuntu-aa/lp-1833040-Add-openGraphicsFD-rule-for-named-profile.patch:
++    avoid issues with remote screen connections like virt-manager due to
++    apparmor changes in libvirt 5.1 (LP: #1833040)
++
++ -- Christian Ehrhardt <christian.ehrhardt@canonical.com>  Wed, 19 Jun 2019 14:34:54 +0200
++
++libvirt (5.4.0-0ubuntu1) eoan; urgency=medium
++
++  * Merged with Debian git 5.3.0-1~1.gbp7b1637 and upstreams 5.4 release
++    Among many other new features and fixes this includes fixes for:
++    LP: #1759509 - virsh dompmwakeup fails to wake VM from dompmsuspend state
++    Remaining changes:
++    - Disable libssh2 support (universe dependency)
++    - Disable firewalld support (universe dependency)
++    - Set qemu-group to kvm (for compat with older ubuntu)
++    - Additional apport package-hook
++    - Autostart default bridged network (As upstream does, but not Debian).
++      In addition to just enabling it our solution provides:
++      + do not autostart if subnet is already taken (e.g. in guests).
++      + iterate some alternative subnets before giving up
++    - d/p/ubuntu/Allow-libvirt-group-to-access-the-socket.patch: This is
++      the group based access to libvirt functions as it was used in Ubuntu
++      for quite long.
++      + d/p/ubuntu/daemon-augeas-fix-expected.patch fix some related tests
++        due to the group access change.
++      + d/libvirt-daemon-system.postinst: add users in sudo to the libvirt
++        group.
++    - ubuntu/parallel-shutdown.patch: set parallel shutdown by default.
++    - Update Vcs-Git and Vcs-Browser fields to point to launchpad
++    - Xen related
++      - d/p/ubuntu/ubuntu-libxl-qemu-path.patch: this change was split. The
++        section that adapts the path of the emulator to the Debian/Ubuntu
++        packaging is kept.
++      - d/p/ubuntu/ubuntu-libxl-Fix-up-VRAM-to-minimum-requirements.patch: auto
++        set VRAM to minimum requirements
++      - d/p/ubuntu/xen-default-uri.patch: set default URI on xen hosts
++      - Add libxl log directory
++      - libvirt-uri.sh: Automatically switch default libvirt URI for users on
++        Xen dom0 via user profile (was missing on changelogs before)
++    - d/p/ubuntu/apibuild-skip-libvirt-common.h: drop libvirt-common.h from
++      included_files to avoid build failures due to duplicate definitions.
++    - Update README.Debian with Ubuntu changes
++    - Enable some additional features on ppc64el and s390x (for arch parity)
++      + systemtap, zfs, numa and numad on s390x.
++      + systemtap on ppc64el.
++    - d/t/control, d/t/smoke-qemu-session: fixup smoke-qemu-session by making
++      vmlinuz available and accessible (Debian bug 848314)
++    - d/t/control, d/t/smoke-lxc: fix up lxc smoke test isolation
++    - d/p/ubuntu/ubuntu_machine_type.patch: accept ubuntu types as pci440fx
++    - Further upstreamed apparmor Delta, especially any new one
++      Our former delta is split into logical pieces and is either Ubuntu only
++      or is part of a continuous upstreaming effort.
++      Listing related remaining changes in debian/patches/ubuntu-aa/:
++      + 0001-apparmor-Allow-pygrub-to-run-on-Debian-Ubuntu.patch: apparmor:
++        Allow pygrub to run on Debian/Ubuntu
++      + 0003-apparmor-libvirt-qemu-Allow-read-access-to-overcommi.patch:
++        apparmor, libvirt-qemu: Allow read access to overcommit_memory
++      + 0007-apparmor-libvirt-qemu-Allow-owner-read-access-to-PRO.patch:
++        apparmor, libvirt-qemu: Allow owner read access to @{PROC}/*/auxv
++      + 0017-apparmor-virt-aa-helper-Allow-access-to-tmp-director.patch:
++        apparmor, virt-aa-helper: Allow access to tmp directories
++      + ubuntu-aa/0020-virt-aa-helper-ubuntu-storage-paths.patch:
++        apparmor, virt-aa-helper: Allow various storage pools and image
++        locations
++      + 0021-apparmor-virt-aa-helper-Add-openvswitch-support.patch:
++        apparmor, virt-aa-helper: Add openvswitch support
++      + 0029-appmor-libvirt-qemu-Add-9p-support.patch: appmor,
++        libvirt-qemu: Add 9p support
++      + 0030-virt-aa-helper-Complete-9p-support.patch: virt-aa-helper:
++        add l to 9p file options.
++      + 0031-virt-aa-helper-Ask-for-no-deny-rule-for-readonly-dis.patch:
++        virt-aa-helper: Ask for no deny rule for readonly disk (renamed and
++        reworded, was virt-aa-helper-no-explicity-deny-for-basefiles.patch)
++      + 0032-apparmor-libvirt-qemu-Allow-reading-charm-specific-c.patch:
++        apparmor, libvirt-qemu: Allow reading charm-specific ceph config
++      + 0033-UBUNTU-only-apparmor-for-kvm.powerpc-LP-1680384.patch: allow
++        commands executed by ubuntu only kvm wrapper on ppc64el
++        (LP 1686621 LP 1680384 LP 1784023)
++      + 0034-apparmor-virt-aa-helper-access-for-snapped-nova.patch:
++        apparmor, virt-aa-helper: access for snapped nova
++      + d/p/ubuntu-aa/0050-local-include-for-libvirt-qemu.patch,
++        d/libvirt-daemon-system.postinst: provide a local apparmor include
++        for abstraction/libvirt-qemu (LP: 1786019)
++      + d/p/ubuntu-aa/lp-1815910-allow-vhost-net.patch: avoid apparmor issues
++        with vhost-net/vhost-vsock/vhost-scsi hotplug (LP: 1815910)
++    - d/rules: enable build time self tests on all architectures
++    - dnsmasq related enhancements
++      + run dnsmasq as libvirt-dnsmasq (LP: 1743718)
++      + d/libvirt-daemon-system.postinst: add libvirt-dnsmasq user and group
++      + d/libvirt-daemon-system.postrm: remove libvirt-dnsmasq user and group
++        on purge
++      + d/p/ubuntu/dnsmasq-as-priv-user: write dnsmasq config with user
++        libvirt-dnsmasq and adapt the self tests to expect that config
++      + d/libvirt-daemon-system.postinst: fix old libvirt-dnsmasq users group
++      + Add dnsmasq configuration to work with system wide dnsmasq-base
++    - debian/rules: disable the netcf backend. (LP: 1764314)
++    - debian/control: drop libnetcf from Build-Depends.
++    - debian/patches/ubuntu/ovmf_paths.patch: adjust paths to secboot.fd UEFI
++      Secure Boot enabled variants of the OVMF firmware and variable store for
++      the paths where we ship these files in Ubuntu.
++    - d/rules: install virtlockd correctly with defaults file (LP: 1729516)
++    - d/rules: also check build time self test results on all architectures
++    - d/p/ubuntu/set-default-machine-to-ubuntu.patch: to select default
++      machine type correctly with newer qemu/libvirt
++    - d/t/control: fix smoke-qemu-session by ensuring the service will run
++      installing libvirt-daemon-system
++    - d/t/smoke-lxc: fix smoke-lxc by ignoring potential issues on destroy as
++      long as the following undefine succeeds
++    - avoid service dependency issues on upgrade (LP: 1786179)
++      This will in the long term be resolved in dh_* tools, but to let an
++      upgrade work for now we need to drop the sysV scripts (which we don't
++      use anyway) and slightly modify the systemd service to work with todays
++      dh_systemd_start properly. Can be dropped once Debian bug 905772 is
++      resolved in dh_* tools and libvirt uses those new code.
++      - d/libvirt-daemon-system.virtlogd.init: removed sysV init file
++      - d/libvirt-daemon-system.libvirtd.init: removed sysV init file
++      - debian/libvirt-daemon-system.maintscript: rm_conffile for virtlogd
++        and lbivirtd sysV init file
++      - d/p/ubuntu/avoid-restarting-virtlog-socket.patch: drop Also references
++        to virtlogd/virtlockd sockets as they would imply a restart of
++        virtlogd breaking it.
++      - d/t/smoke-lxc: use systemd instead of sysV to restart the service
++  * Added Changes:
++    - Refreshed patches to match new upstream
++      - d/p/Reduce-udevadm-settle-timeout-to-10-seconds.patch
++      - d/p/ubuntu/ubuntu_machine_type.patch
++    - d/control: Revert iptables/ebtables dependency as Eoan still is on 1.6.x
++      This can be dropped once >=1.8.1
++    - d/rules: adapt iptables binary paths present in Eoan (LP: #1832297)
++      This can be dropped once >=1.8.1
++    - d/p/ubuntu/dnsmasq-as-priv-user: update to include the new test
++      nat-network-mtu
++    - revert [c3c4cd4] drop in helper for firewalld as it is disabled on
++      Ubuntu [can be squashed with the disabling of firewalld on next merge]
++    - d/libvirt0.symbols: bump symbol versions for 5.4.0
++    - d/rules: add --no-restart-after-upgrade to services that are supposed to
++      stay up through upgrades - this also applies to related sockets.
++  * Dropped Changes (upstream)
++    - d/p/ubuntu-aa/lp-1804766-*: Allow rendering node access as needed
++      for the ease use of mdev and gl devices (LP: 1804766)
++    - d/p/ubuntu/lp-1771662-*: fix handling of VFs without associated PF
++      (LP: 1771662)
++    - d/p/ubuntu/lp-1825195-*.patch: fix issues with old guests that defined
++      the never functional osxsave and ospke features (LP: 1825195).
++    - d/p/ubuntu-aa/lp-1829223-virt-aa-helper-allow-vhost-scsi.patch fix
++      vhost-scsi hotplug in virt-aa-helper (LP: 1829223)
++    - SECURITY UPDATE: Add support for md-clear functionality
++      + debian/patches/ubuntu/md-clear.patch: Define md-clear CPUID bit in
++        src/cpu_map/x86_features.xml.
++      + CVE-2018-12126, CVE-2018-12127, CVE-2018-12130, CVE-2019-11091
++    - Implement further apparmor rules for usage of gl enabled
++      graphics (LP: 1815452)
++      + d/p/ubuntu-aa/lp-1815452-more-gl-rules.patch
++      + d/p/ubuntu-aa/lp-1815452-virt-aa-helper-rule.patch
++    - Implement further apparmor rules for usage of gl enabled
++      graphics with nvidia cards (LP: 1817943)
++      + d/p/ubuntu-aa/lp-1817943-nvidia-gl-rules.patch
++      + d/p/ubuntu-aa/lp-1817943-devices-in-sysfs.patch
++  * Dropped Changes (in Debian)
++    - d/rules: strip -Bsymbolic-functions from linker flags as it breaks
++      libvirt tests
++
++ -- Christian Ehrhardt <christian.ehrhardt@canonical.com>  Fri, 07 Jun 2019 11:55:52 +0200
++
++libvirt (5.3.0-1~1.gbp7b1637) UNRELEASED; urgency=medium
++
++  ** SNAPSHOT build @7b1637605da9224c46ebf3a243fa725d643e7556 **
++
++  [ Guido Günther ]
++  * [fb43676] d/control: Drop dh-autoreconf build-dep.
++    Not needed for dh compat > 10.
++  * [81d21d5] d/not-installed: Use multi-arch dirs.
++    Files moved during the dh12 switch.
++  * [428ad14] New upstream version 5.3.0~rc2
++  * [641e532] New upstream version 5.3.0
++
++  [ Christian Ehrhardt ]
++  * [c28c3b3] d/libvirt0.install: install translations
++  * [c3c4cd4] d/libvirt-daemon-system.install: drop in helper for firewalld
++  * [3e8b43c] d/not-installed: ignore default files /etc/sysconfig
++  * [c223d7f] d/libvirt-daemon-system.examples: ship sysctl config as example
++  * [f19acf6] d/libvirt-daemon-system.install: ship libxl-sanlock.conf
++    (Closes: #919484)
++
++  [ Andrea Bolognani ]
++  * [6a2eae3] Simplify and improve watch file.
++
++ -- Guido Günther <agx@sigxcpu.org>  Mon, 06 May 2019 13:06:27 +0200
++
  libvirt (5.2.0-2) experimental; urgency=medium
    [ Guido Günther ]
@@ -1342,6 +3775,199 @@ libvirt (5.0.0-2) unstable; urgency=medium
   -- Guido Günther <agx@sigxcpu.org>  Sun, 07 Apr 2019 12:36:21 +0200
++libvirt (5.0.0-1ubuntu4) eoan; urgency=medium
++
++  * d/p/ubuntu/lp-1825195-*.patch: fix issues with old guests that defined
++    the never functional osxsave and ospke features (LP: #1825195).
++  * d/p/series: reorder ubuntu Delta
++  * d/p/ubuntu-aa/lp-1815910-allow-vhost-net.patch: avoid apparmor issues
++    with vhost-net/vhost-vsock/vhost-scsi hotplug (LP: #1815910)
++  * d/p/ubuntu-aa/lp-1829223-virt-aa-helper-allow-vhost-scsi.patch fix
++    vhost-scsi hotplug in virt-aa-helper (LP: #1829223)
++
++ -- Christian Ehrhardt <christian.ehrhardt@canonical.com>  Thu, 16 May 2019 10:42:09 +0200
++
++libvirt (5.0.0-1ubuntu3) eoan; urgency=medium
++
++  * SECURITY UPDATE: Add support for md-clear functionality
++    - debian/patches/ubuntu/md-clear.patch: Define md-clear CPUID bit in
++      src/cpu_map/x86_features.xml.
++    - CVE-2018-12126, CVE-2018-12127, CVE-2018-12130, CVE-2019-11091
++
++ -- Marc Deslauriers <marc.deslauriers@ubuntu.com>  Tue, 14 May 2019 14:48:05 -0400
++
++libvirt (5.0.0-1ubuntu2) disco; urgency=medium
++
++  * Implement further apparmor rules for usage of gl enabled
++    graphics (LP: #1815452)
++    - d/p/ubuntu-aa/lp-1815452-more-gl-rules.patch
++    - d/p/ubuntu-aa/lp-1815452-virt-aa-helper-rule.patch
++  * Implement further apparmor rules for usage of gl enabled
++    graphics with nvidia cards (LP: #1817943)
++    - d/p/ubuntu-aa/lp-1817943-nvidia-gl-rules.patch
++    - d/p/ubuntu-aa/lp-1817943-devices-in-sysfs.patch
++  * d/p/ubuntu-aa/lp-1804766-*: updated to the upstream accepted
++    version (no functional change, LP: 1804766)
++
++ -- Christian Ehrhardt <christian.ehrhardt@canonical.com>  Tue, 12 Feb 2019 11:27:14 +0100
++
++libvirt (5.0.0-1ubuntu1) disco; urgency=medium
++
++  * Merged with Debian unstable
++    Among many other new features and fixes this includes fixes for:
++    LP: #1754871 - 1799446 zPCI passthrough support for KVM
++    LP: #1811198 - remove arbitrary limit on socket_id/core_id
++    Remaining changes:
++    - Disable libssh2 support (universe dependency)
++    - Disable firewalld support (universe dependency)
++    - Set qemu-group to kvm (for compat with older ubuntu)
++    - Additional apport package-hook
++    - Autostart default bridged network (As upstream does, but not Debian).
++      In addition to just enabling it our solution provides:
++      + do not autostart if subnet is already taken (e.g. in guests).
++      + iterate some alternative subnets before giving up
++    - d/p/ubuntu/Allow-libvirt-group-to-access-the-socket.patch: This is
++      the group based access to libvirt functions as it was used in Ubuntu
++      for quite long.
++      + d/p/ubuntu/daemon-augeas-fix-expected.patch fix some related tests
++        due to the group access change.
++      + d/libvirt-daemon-system.postinst: add users in sudo to the libvirt
++        group.
++    - ubuntu/parallel-shutdown.patch: set parallel shutdown by default.
++    - Update Vcs-Git and Vcs-Browser fields to point to launchpad
++    - Xen related
++      - d/p/ubuntu/ubuntu-libxl-qemu-path.patch: this change was split. The
++        section that adapts the path of the emulator to the Debian/Ubuntu
++        packaging is kept.
++      - d/p/ubuntu/ubuntu-libxl-Fix-up-VRAM-to-minimum-requirements.patch: auto
++        set VRAM to minimum requirements
++      - d/p/ubuntu/xen-default-uri.patch: set default URI on xen hosts
++      - Add libxl log directory
++      - libvirt-uri.sh: Automatically switch default libvirt URI for users on
++        Xen dom0 via user profile (was missing on changelogs before)
++    - d/p/ubuntu/apibuild-skip-libvirt-common.h: drop libvirt-common.h from
++      included_files to avoid build failures due to duplicate definitions.
++    - Update README.Debian with Ubuntu changes
++    - Enable some additional features on ppc64el and s390x (for arch parity)
++      + systemtap, zfs, numa and numad on s390x.
++      + systemtap on ppc64el.
++    - d/t/control, d/t/smoke-qemu-session: fixup smoke-qemu-session by making
++      vmlinuz available and accessible (Debian bug 848314)
++    - d/t/control, d/t/smoke-lxc: fix up lxc smoke test isolation
++    - d/p/ubuntu/ubuntu_machine_type.patch: accept ubuntu types as pci440fx
++    - Further upstreamed apparmor Delta, especially any new one
++      Our former delta is split into logical pieces and is either Ubuntu only
++      or is part of a continuous upstreaming effort.
++      Listing related remaining changes in debian/patches/ubuntu-aa/:
++      + 0001-apparmor-Allow-pygrub-to-run-on-Debian-Ubuntu.patch: apparmor:
++        Allow pygrub to run on Debian/Ubuntu
++      + 0003-apparmor-libvirt-qemu-Allow-read-access-to-overcommi.patch:
++        apparmor, libvirt-qemu: Allow read access to overcommit_memory
++      + 0007-apparmor-libvirt-qemu-Allow-owner-read-access-to-PRO.patch:
++        apparmor, libvirt-qemu: Allow owner read access to @{PROC}/*/auxv
++      + 0017-apparmor-virt-aa-helper-Allow-access-to-tmp-director.patch:
++        apparmor, virt-aa-helper: Allow access to tmp directories
++      + ubuntu-aa/0020-virt-aa-helper-ubuntu-storage-paths.patch:
++        apparmor, virt-aa-helper: Allow various storage pools and image
++        locations
++      + 0021-apparmor-virt-aa-helper-Add-openvswitch-support.patch:
++        apparmor, virt-aa-helper: Add openvswitch support
++      + 0029-appmor-libvirt-qemu-Add-9p-support.patch: appmor,
++        libvirt-qemu: Add 9p support
++      + 0030-virt-aa-helper-Complete-9p-support.patch: virt-aa-helper:
++        add l to 9p file options.
++      + 0031-virt-aa-helper-Ask-for-no-deny-rule-for-readonly-dis.patch:
++        virt-aa-helper: Ask for no deny rule for readonly disk (renamed and
++        reworded, was virt-aa-helper-no-explicity-deny-for-basefiles.patch)
++      + 0032-apparmor-libvirt-qemu-Allow-reading-charm-specific-c.patch:
++        apparmor, libvirt-qemu: Allow reading charm-specific ceph config
++      + 0033-UBUNTU-only-apparmor-for-kvm.powerpc-LP-1680384.patch: allow
++        commands executed by ubuntu only kvm wrapper on ppc64el
++        (LP 1686621 LP 1680384 LP 1784023)
++      + 0034-apparmor-virt-aa-helper-access-for-snapped-nova.patch:
++        apparmor, virt-aa-helper: access for snapped nova
++      + d/p/ubuntu-aa/0050-local-include-for-libvirt-qemu.patch,
++        d/libvirt-daemon-system.postinst: provide a local apparmor include
++        for abstraction/libvirt-qemu (LP: 1786019)
++    - d/rules: enable build time self tests on all architectures
++    - dnsmasq related enhancements
++      + run dnsmasq as libvirt-dnsmasq (LP: 1743718)
++      + d/libvirt-daemon-system.postinst: add libvirt-dnsmasq user and group
++      + d/libvirt-daemon-system.postrm: remove libvirt-dnsmasq user and group on
++        purge
++      + d/p/ubuntu/dnsmasq-as-priv-user: write dnsmasq config with user
++        libvirt-dnsmasq and adapt the self tests to expect that config
++      + d/libvirt-daemon-system.postinst: fix old libvirt-dnsmasq users group
++      + Add dnsmasq configuration to work with system wide dnsmasq-base
++    - debian/rules: disable the netcf backend. (LP: 1764314)
++    - debian/control: drop libnetcf from Build-Depends.
++    - debian/patches/ubuntu/ovmf_paths.patch: adjust paths to secboot.fd UEFI
++      Secure Boot enabled variants of the OVMF firmware and variable store for
++      the paths where we ship these files in Ubuntu.
++    - d/rules: install virtlockd correctly with defaults file (LP: 1729516)
++    - avoid service dependency issues on upgrade (LP: 1786179)
++      This will in the long term be resolved in dh_* tools, but to let an
++      upgrade work for now we need to drop the sysV scripts (which we don't
++      use anyway) and slightly modify the systemd service to work with todays
++      dh_systemd_start properly. Can be dropped once Debian bug 905772 is
++      resolved in dh_* tools and libvirt uses those new code.
++      - d/libvirt-daemon-system.virtlogd.init: removed sysV init file
++      - d/libvirt-daemon-system.libvirtd.init: removed sysV init file
++      - debian/libvirt-daemon-system.maintscript: rm_conffile for virtlogd
++        and lbivirtd sysV init file
++      - d/p/ubuntu/avoid-restarting-virtlog-socket.patch: drop Also references
++        to virtlogd/virtlockd sockets as they would imply a restart of
++        virtlogd breaking it.
++      - d/t/smoke-lxc: use systemd instead of sysV to restart the service
++  * Added Changes:
++    - Refresh d/p/ubuntu/ubuntu-libxl-qemu-path.patch for new context
++    - d/rules: also check build time self test results on all architectures
++    - d/rules: strip -Bsymbolic-functions from linker flags as it breaks
++      libvirt tests
++    - d/p/ubuntu/set-default-machine-to-ubuntu.patch: to select default
++      machine type correctly with newer qemu/libvirt
++    - d/p/ubuntu-aa/lp-1804766-*: Allow rendering node access as needed
++      for the ease use of mdev and gl devices (LP: #1804766)
++    - refreshed d/p/ubuntu-aa for updated paths in libvirt 5.0
++    - d/t/control: fix smoke-qemu-session by ensuring the service will run
++      installing libvirt-daemon-system
++    - d/t/smoke-lxc: fix smoke-lxc by ignoring potential issues on destroy as
++      long as the following undefine succeeds
++    - d/p/ubuntu/lp-1771662-*: fix handling of VFs without associated PF
++      (LP: #1771662)
++  * Dropped Changes (upstream)
++    - debian/patches/ubuntu/lp1787405-*: Support guest dedicated Crypto
++      Adapters on s390x (LP: 1787405)
++    - d/p/ubuntu/lp-1802727-netdevbridge-fall-back-to-ioctl-from-sysfs.patch:
++      fix libvirt bridge handling in unprivileged containers (LP: 1802906)
++    - d/p/ubuntu-aa/lp-1788603-fix-ptrace-rules-with-kernel-4.18.patch:
++      avoid issues with newer kernels >=4.18 (LP: 1788603)
++    - Fix an issue where guests with plenty of hostdevs attached where detected
++      as not shut down due to the kernel needing more time to free up
++      resources (LP: 1788226)
++      - d/p/ubuntu/lp-1788226-wait-longer-5-30s-on-hard-shutdown.patch
++      - d/p/ubuntu/lp-1788226-wait-longer-on-kill-per-assigned-Hostdev.patch
++    - 0025-apparmor-fix-newer-virt-manager-1.4.0.patch: Add Apparmor
++      permissions so virt-manager 1.4.0 viewing works (LP 1668681 1747442).
++    - 0040-apparmor-add-mediation-rules-for-unconfined.patch:
++      apparmor: add mediation rules for unconfined guests
++    - d/p/ubuntu-aa/0051-allow-user-tmp.patch: some features need tmp, but we
++      don't want blanket access. We only allow enumerating the base dir and
++      reading owned files. Further features needing /tmp have to add local
++      overrides, examples are qemu-smb and some modes of local snapshots.
++      (LP: 1365261) Can be dropped >=libvirt 4.7
++    - d/p/ubuntu-aa/0052-allow-to-preserve-dev-mountpoints.patch: Allow to
++      preserve /dev mountpoints in qemu namespaces (LP: 1786168)
++      Can be dropped >=libvirt 4.7
++    - d/p/ubuntu/enable-kvm-spice.patch: compat with older Ubuntu qemu/kvm
++      which provided a separate kvm-spice. Upstream completely dropped
++      alternative types and kvm-spice is a symlink for quite some time.
++      Builtin expected binaries work, so drop this delta.
++  * Dropped Changes (in Debian)
++    - Convert libvirt0, libnss_libvirt and libvirt-dev to multi-arch.
++
++ -- Christian Ehrhardt <christian.ehrhardt@canonical.com>  Tue, 08 Jan 2019 13:09:31 +0100
++
  libvirt (5.0.0-1) unstable; urgency=medium
    * [7346f30] New upstream version 5.0.0
@@ -1401,6 +4027,297 @@ libvirt (4.7.0-1) unstable; urgency=medium
   -- Guido Günther <agx@sigxcpu.org>  Sun, 09 Sep 2018 21:42:33 +0200
++libvirt (4.6.0-2ubuntu6) disco; urgency=medium
++
++  * No-change rebuild for readline soname change.
++
++ -- Matthias Klose <doko@ubuntu.com>  Tue, 15 Jan 2019 10:26:04 +0000
++
++libvirt (4.6.0-2ubuntu5) disco; urgency=medium
++
++  * d/p/ubuntu/lp1787405-0008-qemu-mdev-Use-vfio-pci-display-property-only
++    -with-vf.patch: fix handling of non PCI vfio display propery (part
++    of LP: #1787405)
++
++ -- Christian Ehrhardt <christian.ehrhardt@canonical.com>  Thu, 06 Dec 2018 09:20:39 +0100
++
++libvirt (4.6.0-2ubuntu4) disco; urgency=medium
++
++  * debian/patches/ubuntu/lp1787405-*: Support guest dedicated Crypto
++    Adapters on s390x (LP: #1787405)
++  * d/p/ubuntu/lp-1802727-netdevbridge-fall-back-to-ioctl-from-sysfs.patch:
++    fix libvirt bridge handling in unprivileged containers (LP: #1802906)
++
++ -- Christian Ehrhardt <christian.ehrhardt@canonical.com>  Fri, 09 Nov 2018 07:42:01 +0100
++
++libvirt (4.6.0-2ubuntu3) cosmic; urgency=medium
++
++  * d/p/ubuntu-aa/lp-1788603-fix-ptrace-rules-with-kernel-4.18.patch:
++    avoid issues with newer kernels >=4.18 (LP: #1788603)
++
++ -- Christian Ehrhardt <christian.ehrhardt@canonical.com>  Mon, 27 Aug 2018 10:57:57 +0200
++
++libvirt (4.6.0-2ubuntu2) cosmic; urgency=medium
++
++  * Fix an issue where guests with plenty of hostdevs attached where detected
++    as not shut down due to the kernel needing more time to free up
++    resources (LP: #1788226)
++    - d/p/ubuntu/lp-1788226-wait-longer-5-30s-on-hard-shutdown.patch
++    - d/p/ubuntu/lp-1788226-wait-longer-on-kill-per-assigned-Hostdev.patch
++
++ -- Christian Ehrhardt <christian.ehrhardt@canonical.com>  Tue, 21 Aug 2018 17:51:43 +0200
++
++libvirt (4.6.0-2ubuntu1) cosmic; urgency=medium
++
++  * Merged with Debian unstable (LP: #1786957).
++    Among many other new features and fixes this includes fixes
++    for (LP: #1754871), Remaining changes:
++    - Disable libssh2 support (universe dependency)
++    - Disable firewalld support (universe dependency)
++    - Set qemu-group to kvm (for compat with older ubuntu)
++    - Additional apport package-hook
++    - Autostart default bridged network (As upstream does, but not Debian).
++      In addition to just enabling it our solution provides:
++      + do not autostart if subnet is already taken (e.g. in guests).
++      + iterate some alternative subnets before giving up
++    - d/p/ubuntu/Allow-libvirt-group-to-access-the-socket.patch: This is
++      the group based access to libvirt functions as it was used in Ubuntu
++      for quite long.
++      + d/p/ubuntu/daemon-augeas-fix-expected.patch fix some related tests
++        due to the group access change.
++      + d/libvirt-daemon-system.postinst: add users in sudo to the libvirt
++        group.
++    - ubuntu/parallel-shutdown.patch: set parallel shutdown by default.
++    - d/p/ubuntu/enable-kvm-spice.patch: compat with older Ubuntu qemu/kvm
++      which provided a separate kvm-spice.
++    - Xen related
++      - d/p/ubuntu/ubuntu-libxl-qemu-path.patch: this change was split. The
++        section that adapts the path of the emulator to the Debian/Ubuntu
++        packaging is kept.
++      - d/p/ubuntu/ubuntu-libxl-Fix-up-VRAM-to-minimum-requirements.patch: auto
++        set VRAM to minimum requirements
++      - d/p/ubuntu/xen-default-uri.patch: set default URI on xen hosts
++      - Add libxl log directory
++      - libvirt-uri.sh: Automatically switch default libvirt URI for users on
++        Xen dom0 via user profile (was missing on changelogs before)
++    - d/p/ubuntu/apibuild-skip-libvirt-common.h: drop libvirt-common.h from
++      included_files to avoid build failures due to duplicate definitions.
++    - Update README.Debian with Ubuntu changes
++    - Convert libvirt0, libnss_libvirt and libvirt-dev to multi-arch.
++    - Enable some additional features on ppc64el and s390x (for arch parity)
++      + systemtap, zfs, numa and numad on s390x.
++      + systemtap on ppc64el.
++    - d/t/control, d/t/smoke-qemu-session: fixup smoke-qemu-session by making
++      vmlinuz available and accessible (Debian bug 848314)
++    - d/t/control, d/t/smoke-lxc: fix up lxc smoke test isolation
++    - Add dnsmasq configuration to work with system wide dnsmasq (drop >18.04,
++      no more UCA onto Xenial then which has global dnsmasq by default).
++    - d/p/ubuntu/ubuntu_machine_type.patch: accept ubuntu types as pci440fx
++    - Further upstreamed apparmor Delta, especially any new one
++      Our former delta is split into logical pieces and is either Ubuntu only
++      or is part of a continuous upstreaming effort.
++      Listing related remaining changes in debian/patches/ubuntu-aa/:
++      + 0001-apparmor-Allow-pygrub-to-run-on-Debian-Ubuntu.patch: apparmor:
++        Allow pygrub to run on Debian/Ubuntu
++      + 0003-apparmor-libvirt-qemu-Allow-read-access-to-overcommi.patch:
++        apparmor, libvirt-qemu: Allow read access to overcommit_memory
++      + 0007-apparmor-libvirt-qemu-Allow-owner-read-access-to-PRO.patch:
++        apparmor, libvirt-qemu: Allow owner read access to @{PROC}/*/auxv
++      + 0017-apparmor-virt-aa-helper-Allow-access-to-tmp-director.patch:
++        apparmor, virt-aa-helper: Allow access to tmp directories
++      + ubuntu-aa/0020-virt-aa-helper-ubuntu-storage-paths.patch:
++        apparmor, virt-aa-helper: Allow various storage pools and image
++        locations
++      + 0021-apparmor-virt-aa-helper-Add-openvswitch-support.patch:
++        apparmor, virt-aa-helper: Add openvswitch support
++      + 0025-apparmor-fix-newer-virt-manager-1.4.0.patch: Add Apparmor
++        permissions so virt-manager 1.4.0 viewing works (LP 1668681 1747442).
++        Can be dropped >=libvirt 4.7
++      + 0029-appmor-libvirt-qemu-Add-9p-support.patch: appmor,
++        libvirt-qemu: Add 9p support
++      + 0030-virt-aa-helper-Complete-9p-support.patch: virt-aa-helper:
++        add l to 9p file options.
++      + 0031-virt-aa-helper-Ask-for-no-deny-rule-for-readonly-dis.patch:
++        virt-aa-helper: Ask for no deny rule for readonly disk (renamed and
++        reworded, was virt-aa-helper-no-explicity-deny-for-basefiles.patch)
++      + 0032-apparmor-libvirt-qemu-Allow-reading-charm-specific-c.patch:
++        apparmor, libvirt-qemu: Allow reading charm-specific ceph config
++      + 0033-UBUNTU-only-apparmor-for-kvm.powerpc-LP-1680384.patch: allow
++        commands executed by ubuntu only kvm wrapper on ppc64el
++        (LP 1686621 & LP 1680384).
++      + 0034-apparmor-virt-aa-helper-access-for-snapped-nova.patch:
++        apparmor, virt-aa-helper: access for snapped nova
++      + 0040-apparmor-add-mediation-rules-for-unconfined.patch:
++        apparmor: add mediation rules for unconfined guests
++        Can be dropped >=libvirt 4.7
++    - d/rules: enable build time self tests on all architectures
++    - run dnsmasq as libvirt-dnsmasq (LP: 1743718)
++      + d/libvirt-daemon-system.postinst: add libvirt-dnsmasq user and group
++      + d/libvirt-daemon-system.postrm: remove libvirt-dnsmasq user and group on
++        purge
++      + d/p/ubuntu/dnsmasq-as-priv-user: write dnsmas config with user
++        libvirt-dnsmasq and adapt the self tests to expect that config
++      + d/libvirt-daemon-system.postinst: fix old libvirt-dnsmasq users
++    - debian/rules: disable the netcf backend. (LP: 1764314)
++    - debian/control: drop libnetcf from Build-Depends.
++    - ddebian/patches/ubuntu/ovmf_paths.patch: adjust paths to secboot.fd UEFI
++      Secure Boot enabled variants of the OVMF firmware and variable store for
++      the paths where we ship these files in Ubuntu.
++    - d/rules: install virtlockd correctly with defaults file (LP: 1729516)
++  * Added Changes
++    - 0032-apparmor-libvirt-qemu-Allow-reading-charm-specific-c.patch:
++      updated to take care of no more silencing and thereby hiding denials
++      (LP 1719579 is an example)
++    - 0032-apparmor-libvirt-qemu-Allow-reading-charm-specific-c.patch:
++      updated to also allow the optionally placed ceph asok file (LP: #1779674)
++    - 0033-UBUNTU-only-apparmor-for-kvm.powerpc-LP-1680384.patch: prepare
++      profile for usrmerge (LP: #1784023)
++    - Finalize the libvirt-bin -> libvirt-* transition in the apport
++      package-hook.
++    - d/p/ubuntu-aa/0050-local-include-for-libvirt-qemu.patch,
++      d/libvirt-daemon-system.postinst: provide a local apparmor include
++      for abstraction/libvirt-qemu (LP: #1786019)
++    - d/p/ubuntu-aa/0051-allow-user-tmp.patch: some features need tmp, but we
++      don't want blanket access. We only allow enumerating the base dir and
++      reading owned files. Further features needing /tmp have to add local
++      overrides, examples are qemu-smb and some modes of local snapshots.
++      (LP: #1365261) Can be dropped >=libvirt 4.7
++    - d/p/ubuntu-aa/0052-allow-to-preserve-dev-mountpoints.patch: Allow to
++      preserve /dev mountpoints in qemu namespaces (LP: #1786168)
++      Can be dropped >=libvirt 4.7
++    - avoid service dependency issues on upgrade (LP: #1786179)
++      This will in the long term be resolved in dh_* tools, but to let an
++      upgrade work for now we need to drop the sysV scripts (which we don't
++      use anyway) and slightly modify the systemd service to work with todays
++      dh_systemd_start properly. Can be dropped once Debian bug 905772 is
++      resolved in dh_* tools and libvirt uses those new code.
++      - d/libvirt-daemon-system.virtlogd.init: removed sysV init file
++      - d/libvirt-daemon-system.libvirtd.init: removed sysV init file
++      - debian/libvirt-daemon-system.maintscript: rm_conffile for virtlogd
++        and lbivirtd sysV init file
++      - d/p/ubuntu/avoid-restarting-virtlog-socket.patch: drop Also references
++        to virtlogd/virtlockd sockets as they would imply a restart of
++        virtlogd breaking it.
++      - d/t/smoke-lxc: use systemd instead of sysV to restart the service
++  * Dropped Changes (upstream)
++    - d/p/ubuntu/virt-aa-helper-Set-the-supported-features.patch: allow parsing
++      of memory slots and other extended features without breaking
++      virt-aa-helper (LP: 1746431).
++    - d/p/stable/0001-Revert-qemu-monitor-do-not-report-error-on-shutdown.patch
++    - d/p/stable/0002-nodedev-Fix-failing-to-parse-PCI-address-for-non-PCI.patch
++    - d/p/stable/0003-qemu-assign-correct-type-of-PCI-address-for-vhost-sc.patch
++    - d/p/stable/0004-qemu-Refresh-caps-cache-after-booting-a-different-ke.patch
++    - d/p/stable/0005-qemu-auto-add-generic-xhci-rather-than-NEC-xhci-to-Q.patch
++    - d/p/stable/0006-libvirtd-Explicit-dependency-on-systemd-machined.patch
++    - d/p/stable/0007-rpc-fix-race-sending-and-encoding-sasl-data.patch
++    - d/p/stable/0008-vhost-user-add-support-reconnect-for-vhost-user-port.patch
++    - d/p/stable/0009-qemu-Fix-memory-leak-in-processGuestPanicEvent.patch
++    - d/p/stable/0010-storage-util-Properly-ignore-errors-when-backing-vol.patch
++    - d/p/stable/0011-conf-Use-correct-attribute-name-in-error-message.patch
++    - d/p/stable/0012-util-json-Add-helper-to-return-string-or-number-prop.patch
++    - d/p/stable/0013-util-storage-Parse-lun-for-iSCSI-protocol-from-JSON-.patch
++    - d/p/stable/0014-virsh-Offer-only-persistent-domains-for-autostart.patch
++    - d/p/stable/0015-blockjob-Fix-a-error-checking-of-blockjob-status-in-.patch
++    - d/p/stable/0016-qemu-Expose-rx-tx_queue_size-in-qemu.conf-too.patch
++    - d/p/stable/0017-qemu-migration-Refresh-device-information-after-tran.patch
++    - d/p/stable/0018-qemuDomainRemoveMemoryDevice-unlink-memory-backing-f.patch
++    - d/p/stable/0019-vbox-fix-SEGV-during-dumpxml-of-a-serial-port.patch
++    - d/p/stable/0020-qemu-Initialize-priv-in-qemuDomainCoreDumpWithFormat.patch
++    - d/p/stable/0021-fix-regex-to-check-CN-from-server-certificate.patch
++    - d/p/stable/0022-storage-Fix-formatting-and-parsing-of-qemu-type-Unix.patch
++    - d/p/stable/0023-util-storage-Remove-detected-authentication-data-for.patch
++    - d/p/stable/0024-qemu-blockcopy-Add-check-for-bandwidth.patch
++    - d/p/stable/0025-conf-move-generated-member-from-virMacAddr-to-virDom.patch
++    - d/p/stable/0026-lxc-Drop-useless-check-in-live-device-update.patch
++    - d/p/stable/0027-Pass-oldDev-to-virDomainDefCompatibleDevice-on-devic.patch
++    - d/p/stable/0028-qemu-Fix-updating-device-with-boot-order.patch
++    - d/p/stable/0030-daemon-fix-rpc-event-leak-on-error-path-in-remoteDis.patch
++    - d/p/stable/0029-lxc-fix-rpc-event-leak-on-error-path-in-virLXCContro.patch
++    - d/p/stable/0031-qemu-fix-memory-leak-of-vporttype-during-migration.patch
++    - d/p/stable/0032-virsh-fixing-segfault-by-pool-autocompleter-function.patch
++    - d/p/stable/0033-qemu-Fix-comparison-assignment-in-qemuDomainUpdateDe.patch
++    - d/p/stable/0034-qemu-Fix-memory-leak-in-qemuConnectGetAllDomainStats.patch
++    - d/p/stable/0035-libvirtd-fix-potential-deadlock-when-reloading.patch
++    - d/p/stable/0036-qemu-Use-correct-bus-type-for-input-devices.patch
++    - d/p/stable/0037-qemu-hostdev-Fix-the-error-on-VM-start-with-an-mdev-.patch
++    - d/p/stable/0038-conf-Fix-crash-in-virDomainDefCompatibleDevice.patch
++    - d/p/ubuntu/lp1688508-tools-avoid-text-spilling-into-variables.patch:
++      avoid hanging on shutdown (LP: 1688508)
++    - d/p/ubuntu-aa/0041-apparmor-add-ro-rule-for-sasl-GSSAPI-
++      plugin-on-etc-g.patch fix issues if sasl is configured (LP: 1696471)
++    - d/p/ubuntu-aa/0042-virt-aa-helper-resolve-yet-to-be-created-paths.patch
++      ensure symlinks are resolved to get valid rules if interim parts of a path
++      are a symlink (LP: 1752361)
++    - d/p/ubuntu/lp1688508-tools-fix-variable-scope-in-in-check_guests_shutdown:
++      avoid issues shutting down more guests than configured for parallel
++      shutdown (LP: 1688508)
++    - d/p/ubuntu-aa/lp1756394-virt-aa-helper-resolve-file-symlinks.patch: fix
++      using devices that are symlinks (LP: 1756394)
++    - Fix nvdimm memory and passthrough input devices for hotplug via
++      domain security callbacks backporting upstream commits (LP: 1755153).
++      + d/p/ubuntu-aa/lp1755153-apparmor-add-Set-Restore-InputLabel.patch
++      + d/p/ubuntu-aa/lp1755153-apparmor-add-Set-Restore-MemoryLabel.patch
++    - Fix nvdimm memory and passthrough input devices in initial guest
++      description via virt-aa-helper (LP: 1757085).
++      + d/p/ubuntu-aa/lp1757085-virt-aa-helper-nvdimm-memory.patch
++      + d/p/ubuntu-aa/lp1757085-virt-aa-helper-passthrough-input.patch
++    - Fix clean shut down of guests on system shutdown (LP: 1764668)
++      + d/p/ubuntu/lp-1764668-do-not-report-unknown-guests.patch
++      + d/p/ubuntu/lp-1764668-fix-check_guests_shutdown-loop.patch
++    - SECURITY UPDATE: QEMU monitor DoS
++      + debian/patches/CVE-2018-1064.patch: add size limit to
++        src/qemu/qemu_agent.c.
++      + CVE-2018-1064
++    - SECURITY UPDATE: Speculative Store Bypass
++      + debian/patches/CVE-2018-3639-1.patch: define the 'ssbd' CPUID feature
++        bit in src/cpu/cpu_map.xml.
++      + debian/patches/CVE-2018-3639-2.patch: define the 'virt-ssbd' CPUID
++        feature bit in src/cpu/cpu_map.xml.
++      + CVE-2018-3639
++    - d/p/ubuntu-aa/lp1775777-vfio-usage-without-initial-hostdev.patch: fix
++      hotplug use cases where the initial guest had no hostdev at all and
++      therefore vrit-aa-helper did not allow /dev/vfio/vfio (LP: 1775777)
++    - debian/patches/ubuntu/lp-1758037-nwfilter-increase-pcap-buffer-size.patch:
++      Fix nwfilters that set CTRL_IP_LEARNING set to dhcp failing with "An error
++      occurred, but the cause is unknown" due to a buffer being too small
++      for pcap with TPACKET_V3 enabled (LP: 1758037)
++    - SECURITY UPDATE: code injection via libnss_dns.so
++      + debian/patches/CVE-2018-6764-1.patch: determine the hostname on
++        startup in src/util/virlog.c.
++      + debian/patches/CVE-2018-6764-2.patch: fix syntax-check in
++        src/util/virlog.c.
++      + debian/patches/CVE-2018-6764-3.patch: fix deadlock obtaining hostname
++        in cfg.mk, src/util/virlog.c.
++      + CVE-2018-6764
++  * Dropped Changes (no upgrade path left that needs those)
++    - Backwards compatible handling of group rename (can be dropped >18.04).
++    - Modifications to adapt for our delayed switch away from libvirt-bin (can
++      be dropped >18.04).
++      + d/p/ubuntu/libvirtd-service-add-bin-alias.patch: systemd: define alias
++        to old service name so that old references work
++      + d/p/ubuntu/libvirtd-init-add-bin-alias.patch: sysv init: define alias
++        to old service name so that old references work
++      + d/control: transitional package with the old name and maintainer
++        scripts to handle the transition
++    - fix conffile upgrade handling to avoid obsolete files
++      and inactive duplicates (LP 1694159)
++    - conffile handling of files dropped in 3.5 (can be dropped >18.04)
++      + /etc/init.d/virtlockd was sysv init only
++      + /etc/apparmor.d/local/usr.sbin.libvirtd and
++        /etc/apparmor.d/local/usr.lib.libvirt.virt-aa-helper are now generated
++        by dh_apparmor as needed
++    - d/libvirt-daemon-system.maintscript: remove the now dropped conffile
++      /etc/cron.daily/libvirt-daemon-system
++  * Dropped Changes (cleanups)
++    - d/test/smoke-lxc workaround for debbug 848317/867379 (systemd has fixed
++      one issue and the other is solved in libvirt by ensuring to move to the
++      right cgroups.)
++    - remove no more used libvirt-dnsmasq user (this was redundant since
++      4.0.0-1ubuntu5 reintroduced a libvirt-dnsmasq user)
++    - Disable selinux (now in main)
++
++ -- Christian Ehrhardt <christian.ehrhardt@canonical.com>  Sat, 18 Aug 2018 14:40:58 +0200
++
  libvirt (4.6.0-2) unstable; urgency=medium
    * [c33faee] Drop dwarves dependency.
@@ -1518,6 +4435,399 @@ libvirt (4.0.0-2) unstable; urgency=medium
   -- Guido Günther <agx@sigxcpu.org>  Thu, 08 Feb 2018 19:29:59 +0100
++libvirt (4.0.0-1ubuntu13) cosmic; urgency=medium
++
++  * ddebian/patches/ubuntu/ovmf_paths.patch: adjust paths to secboot.fd UEFI
++    Secure Boot enabled variants of the OVMF firmware and variable store for
++    the paths where we ship these files in Ubuntu.
++
++ -- Mathieu Trudel-Lapierre <cyphermox@ubuntu.com>  Wed, 27 Jun 2018 11:16:23 -0400
++
++libvirt (4.0.0-1ubuntu12) cosmic; urgency=medium
++
++  * d/p/ubuntu-aa/lp1775777-vfio-usage-without-initial-hostdev.patch: fix
++    hotplug use cases where the initial guest had no hostdev at all and
++    therefore vrit-aa-helper did not allow /dev/vfio/vfio (LP: #1775777)
++
++ -- Christian Ehrhardt <christian.ehrhardt@canonical.com>  Tue, 12 Jun 2018 16:24:01 +0200
++
++libvirt (4.0.0-1ubuntu11) cosmic; urgency=medium
++
++  * SECURITY UPDATE: QEMU monitor DoS
++    - debian/patches/CVE-2018-1064.patch: add size limit to
++      src/qemu/qemu_agent.c.
++    - CVE-2018-1064
++  * SECURITY UPDATE: Speculative Store Bypass
++    - debian/patches/CVE-2018-3639-1.patch: define the 'ssbd' CPUID feature
++      bit in src/cpu/cpu_map.xml.
++    - debian/patches/CVE-2018-3639-2.patch: define the 'virt-ssbd' CPUID
++      feature bit in src/cpu/cpu_map.xml.
++    - CVE-2018-3639
++
++ -- Marc Deslauriers <marc.deslauriers@ubuntu.com>  Tue, 22 May 2018 10:55:56 -0400
++
++libvirt (4.0.0-1ubuntu10) cosmic; urgency=medium
++
++  * Fix nwfilters that set CTRL_IP_LEARNING set to dhcp failing with "An error
++    occurred, but the cause is unknown" due to a buffer being too small
++    for pcap with TPACKET_V3 enabled (LP: #1758037)
++    - debian/patches/ubuntu/lp-1758037-nwfilter-increase-pcap-buffer-size.patch
++
++ -- Christian Ehrhardt <christian.ehrhardt@canonical.com>  Wed, 09 May 2018 17:07:59 +0200
++
++libvirt (4.0.0-1ubuntu9) cosmic; urgency=medium
++
++  * debian/rules: disable the netcf backend. (LP: #1764314)
++  * debian/control: drop libnetcf from Build-Depends.
++
++ -- Mathieu Trudel-Lapierre <cyphermox@ubuntu.com>  Wed, 09 May 2018 10:06:15 -0400
++
++libvirt (4.0.0-1ubuntu8) bionic; urgency=medium
++
++  * Fix clean shut down of guests on system shutdown (LP: #1764668)
++    - d/p/ubuntu/lp-1764668-do-not-report-unknown-guests.patch
++    - d/p/ubuntu/lp-1764668-fix-check_guests_shutdown-loop.patch
++
++ -- Christian Ehrhardt <christian.ehrhardt@canonical.com>  Tue, 24 Apr 2018 11:09:48 +0200
++
++libvirt (4.0.0-1ubuntu7) bionic; urgency=medium
++
++  * Fix nvdimm memory and passthrough input devices for hotplug via
++    domain security callbacks backporting upstream commits (LP: #1755153).
++    - d/p/ubuntu-aa/lp1755153-apparmor-add-Set-Restore-InputLabel.patch
++    - d/p/ubuntu-aa/lp1755153-apparmor-add-Set-Restore-MemoryLabel.patch
++  * Fix nvdimm memory and passthrough input devices in initial guest
++    description via virt-aa-helper (LP: #1757085).
++    - d/p/ubuntu-aa/lp1757085-virt-aa-helper-nvdimm-memory.patch
++    - d/p/ubuntu-aa/lp1757085-virt-aa-helper-passthrough-input.patch
++
++ -- Christian Ehrhardt <christian.ehrhardt@canonical.com>  Wed, 21 Mar 2018 08:30:47 +0100
++
++libvirt (4.0.0-1ubuntu6) bionic; urgency=medium
++
++  * Backport from recent upstream to stabilize libvirt (LP: #1756915)
++    - d/p/stable/0033-qemu-Fix-comparison-assignment-in-qemuDomainUpdateDe.patch
++    - d/p/stable/0034-qemu-Fix-memory-leak-in-qemuConnectGetAllDomainStats.patch
++    - d/p/stable/0035-libvirtd-fix-potential-deadlock-when-reloading.patch
++    - d/p/stable/0036-qemu-Use-correct-bus-type-for-input-devices.patch
++    - d/p/stable/0037-qemu-hostdev-Fix-the-error-on-VM-start-with-an-mdev-.patch
++    - d/p/stable/0038-conf-Fix-crash-in-virDomainDefCompatibleDevice.patch
++  * d/p/ubuntu/lp1688508-tools-fix-variable-scope-in-in-check_guests_shutdown:
++    avoid issues shutting down more guests than configured for parallel
++    shutdown (LP: #1688508)
++  * d/p/ubuntu-aa/lp1756394-virt-aa-helper-resolve-file-symlinks.patch: fix
++    using devices that are symlinks (LP: #1756394)
++
++ -- Christian Ehrhardt <christian.ehrhardt@canonical.com>  Mon, 19 Mar 2018 14:57:08 +0100
++
++libvirt (4.0.0-1ubuntu5) bionic; urgency=medium
++
++  * run dnsmasq as libvirt-dnsmasq (LP: #1743718)
++    - d/libvirt-daemon-system.postinst: add libvirt-dnsmasq user and group
++    - d/libvirt-daemon-system.postrm: remove libvirt-dnsmasq user and group on
++      purge
++    - d/p/ubuntu/dnsmasq-as-priv-user: write dnsmas config with user
++      libvirt-dnsmasq and adapt the self tests to expect that config
++    - d/libvirt-daemon-system.postinst: fix old libvirt-dnsmasq users
++  * Backport from recent upstream to stabilize libvirt (LP: #1754352)
++    - d/p/stable/0024-qemu-blockcopy-Add-check-for-bandwidth.patch
++    - d/p/stable/0025-conf-move-generated-member-from-virMacAddr-to-virDom.patch
++    - d/p/stable/0026-lxc-Drop-useless-check-in-live-device-update.patch
++    - d/p/stable/0027-Pass-oldDev-to-virDomainDefCompatibleDevice-on-devic.patch
++    - d/p/stable/0028-qemu-Fix-updating-device-with-boot-order.patch
++    - d/p/stable/0030-daemon-fix-rpc-event-leak-on-error-path-in-remoteDis.patch
++    - d/p/stable/0029-lxc-fix-rpc-event-leak-on-error-path-in-virLXCContro.patch
++    - d/p/stable/0031-qemu-fix-memory-leak-of-vporttype-during-migration.patch
++    - d/p/stable/0032-virsh-fixing-segfault-by-pool-autocompleter-function.patch
++  * d/p/ubuntu-aa/0041-apparmor-add-ro-rule-for-sasl-GSSAPI-
++    plugin-on-etc-g.patch fix issues if sasl is configured (LP: #1696471)
++  * d/p/ubuntu-aa/0042-virt-aa-helper-resolve-yet-to-be-created-paths.patch
++    ensure symlinks are resolved to get valid rules if interim parts of a path
++    are a symlink (LP: #1752361)
++
++ -- Christian Ehrhardt <christian.ehrhardt@canonical.com>  Tue, 27 Feb 2018 12:04:02 +0100
++
++libvirt (4.0.0-1ubuntu4) bionic; urgency=medium
++
++  * d/p/ubuntu/lp1688508-tools-avoid-text-spilling-into-variables.patch:
++    avoid hanging on shutdown (LP: #1688508)
++
++ -- Christian Ehrhardt <christian.ehrhardt@canonical.com>  Fri, 23 Feb 2018 16:43:19 +0100
++
++libvirt (4.0.0-1ubuntu3) bionic; urgency=medium
++
++  [ Christian Ehrhardt ]
++  * Backport of 23 bug fixes from recent upstream to stabilize libvirt on 18.04
++    - d/p/stable/0001-Revert-qemu-monitor-do-not-report-error-on-shutdown.patch
++    - d/p/stable/0002-nodedev-Fix-failing-to-parse-PCI-address-for-non-PCI.patch
++    - d/p/stable/0003-qemu-assign-correct-type-of-PCI-address-for-vhost-sc.patch
++    - d/p/stable/0004-qemu-Refresh-caps-cache-after-booting-a-different-ke.patch
++    - d/p/stable/0005-qemu-auto-add-generic-xhci-rather-than-NEC-xhci-to-Q.patch
++    - d/p/stable/0006-libvirtd-Explicit-dependency-on-systemd-machined.patch
++    - d/p/stable/0007-rpc-fix-race-sending-and-encoding-sasl-data.patch
++    - d/p/stable/0008-vhost-user-add-support-reconnect-for-vhost-user-port.patch
++    - d/p/stable/0009-qemu-Fix-memory-leak-in-processGuestPanicEvent.patch
++    - d/p/stable/0010-storage-util-Properly-ignore-errors-when-backing-vol.patch
++    - d/p/stable/0011-conf-Use-correct-attribute-name-in-error-message.patch
++    - d/p/stable/0012-util-json-Add-helper-to-return-string-or-number-prop.patch
++    - d/p/stable/0013-util-storage-Parse-lun-for-iSCSI-protocol-from-JSON-.patch
++    - d/p/stable/0014-virsh-Offer-only-persistent-domains-for-autostart.patch
++    - d/p/stable/0015-blockjob-Fix-a-error-checking-of-blockjob-status-in-.patch
++    - d/p/stable/0016-qemu-Expose-rx-tx_queue_size-in-qemu.conf-too.patch
++    - d/p/stable/0017-qemu-migration-Refresh-device-information-after-tran.patch
++    - d/p/stable/0018-qemuDomainRemoveMemoryDevice-unlink-memory-backing-f.patch
++    - d/p/stable/0019-vbox-fix-SEGV-during-dumpxml-of-a-serial-port.patch
++    - d/p/stable/0020-qemu-Initialize-priv-in-qemuDomainCoreDumpWithFormat.patch
++    - d/p/stable/0021-fix-regex-to-check-CN-from-server-certificate.patch
++    - d/p/stable/0022-storage-Fix-formatting-and-parsing-of-qemu-type-Unix.patch
++    - d/p/stable/0023-util-storage-Remove-detected-authentication-data-for.patch
++  * d/rules: enable build time self tests on all architectures
++
++  [ Marc Deslauriers ]
++  * SECURITY UPDATE: code injection via libnss_dns.so
++    - debian/patches/CVE-2018-6764-1.patch: determine the hostname on
++      startup in src/util/virlog.c.
++    - debian/patches/CVE-2018-6764-2.patch: fix syntax-check in
++      src/util/virlog.c.
++    - debian/patches/CVE-2018-6764-3.patch: fix deadlock obtaining hostname
++      in cfg.mk, src/util/virlog.c.
++    - CVE-2018-6764
++
++ -- Christian Ehrhardt <christian.ehrhardt@canonical.com>  Mon, 19 Feb 2018 14:18:44 +0100
++
++libvirt (4.0.0-1ubuntu2) bionic; urgency=medium
++
++  * d/p/ubuntu-aa/0025-apparmor-fix-newer-virt-manager-1.4.0.patch: refreshed
++    as libvirt 4.0 needs a reversed rule for openGraphicsFD (LP: #1747442)
++    - refreshed 0032 and 0040 to match the new context.
++  * d/p/ubuntu/virt-aa-helper-Set-the-supported-features.patch: allow parsing
++    of memory slots and other extended features without breaking
++    virt-aa-helper (LP: #1746431).
++
++ -- Christian Ehrhardt <christian.ehrhardt@canonical.com>  Fri, 02 Feb 2018 07:31:17 +0100
++
++libvirt (4.0.0-1ubuntu1) bionic; urgency=medium
++
++  * Merged with Debian unstable (4.0)
++    This closes several bugs:
++    - Error generating apparmor profile when hostname contains spaces
++      (LP: #799997)
++    - qemu 2.10 locks files, libvirt shared now sets share-rw=on (LP: #1716028)
++    - libvirt usb passthrough throws apparmor denials related to
++      /run/udev/data/+usb (LP: #1727311)
++    - AppArmor denies access to /sys/block/*/queue/max_segments (LP: #1729626)
++    - iohelper improvements to let bypass-cache work without opening up the
++      apparmor isolation (LP: #1719579)
++    - nodeinfo on s390x to contain more CPU info (LP: #1733688)
++    - Upgrade libvirt >= 4.0 (LP: #1745934)
++  * Remaining changes:
++    - Disable libssh2 support (universe dependency)
++    - Disable firewalld support (universe dependency)
++    - Disable selinux
++    - Set qemu-group to kvm (for compat with older ubuntu)
++    - Additional apport package-hook
++    - Modifications to adapt for our delayed switch away from libvirt-bin (can
++      be dropped >18.04).
++      + d/p/ubuntu/libvirtd-service-add-bin-alias.patch: systemd: define alias
++        to old service name so that old references work
++      + d/p/ubuntu/libvirtd-init-add-bin-alias.patch: sysv init: define alias
++        to old service name so that old references work
++      + d/control: transitional package with the old name and maintainer
++        scripts to handle the transition
++    - Backwards compatible handling of group rename (can be dropped >18.04).
++    - config details and autostart of default bridged network. Creating that is
++      now the default in general, yet our solution provides the following on
++      top as of today:
++      + autostart the default network by default
++      + do not autostart if subnet is already taken (e.g. in guests).
++    - d/p/ubuntu/Allow-libvirt-group-to-access-the-socket.patch: This is
++      the group based access to libvirt functions as it was used in Ubuntu
++      for quite long.
++      + d/p/ubuntu/daemon-augeas-fix-expected.patch fix some related tests
++        due to the group access change.
++    - ubuntu/parallel-shutdown.patch: set parallel shutdown by default.
++    - d/p/ubuntu/enable-kvm-spice.patch: compat with older Ubuntu qemu/kvm
++      which provided a separate kvm-spice.
++    - d/p/ubuntu/ubuntu-libxl-qemu-path.patch: this change was split. The
++      section that adapts the path of the emulator to the Debian/Ubuntu
++      packaging is kept.
++    - d/p/ubuntu/ubuntu-libxl-Fix-up-VRAM-to-minimum-requirements.patch: auto
++      set VRAM to minimum requirements
++    - d/p/ubuntu/xen-default-uri.patch: set default URI on xen hosts
++    - Add libxl log directory
++    - libvirt-uri.sh: Automatically switch default libvirt URI for users on
++      Xen dom0 via user profile (was missing on changelogs before)
++    - d/p/ubuntu/apibuild-skip-libvirt-common.h: drop libvirt-common.h from
++      included_files to avoid build failures due to duplicate definitions.
++    - Update README.Debian with Ubuntu changes
++    - Convert libvirt0, libnss_libvirt and libvirt-dev to multi-arch.
++    - Enable some additional features on ppc64el and s390x (for arch parity)
++      + systemtap, zfs, numa and numad on s390x.
++      + systemtap on ppc64el.
++    - fix conffile upgrade handling to avoid obsolete files
++      and inactive duplicates (LP 1694159)
++    - d/t/control, d/t/smoke-qemu-session: fixup smoke-qemu-session by making
++      vmlinuz available and accessible (Debian bug 848314)
++    - d/test/smoke-lxc workaround for debbug 848317/867379
++    - d/t/control, d/t/smoke-lxc: fix up lxc smoke test (Debian bug 848317)
++    - Add dnsmasq configuration to work with system wide dnsmasq (drop >18.04,
++      no more UCA onto Xenial then which has global dnsmasq by default).
++    - d/p/ubuntu/ubuntu_machine_type.patch: accept ubuntu types as pci440fx
++    - conffile handling of files dropped in 3.5 (can be dropped >18.04)
++      + /etc/init.d/virtlockd was sysv init only
++      + /etc/apparmor.d/local/usr.sbin.libvirtd and
++        /etc/apparmor.d/local/usr.lib.libvirt.virt-aa-helper are now generated
++        by dh_apparmor as needed
++    - Reworked apparmor Delta, especially the more complex delta is dropped
++      now, also our former delta is now split into logical pieces, has
++      improved comments and is part of a continuous upstreaming effort.
++      Listing related remaining changes:
++      + d/p/0001-apparmor-Allow-pygrub-to-run-on-Debian-Ubuntu.patch: apparmor:
++        Allow pygrub to run on Debian/Ubuntu
++      + d/p/0003-apparmor-libvirt-qemu-Allow-read-access-to-overcommi.patch:
++        apparmor, libvirt-qemu: Allow read access to overcommit_memory
++      + d/p/0007-apparmor-libvirt-qemu-Allow-owner-read-access-to-PRO.patch:
++        apparmor, libvirt-qemu: Allow owner read access to @{PROC}/*/auxv
++      + d/p/0017-apparmor-virt-aa-helper-Allow-access-to-tmp-director.patch:
++        apparmor, virt-aa-helper: Allow access to tmp directories
++      + d/p/ubuntu-aa/0020-virt-aa-helper-ubuntu-storage-paths.patch:
++        apparmor, virt-aa-helper: Allow various storage pools and image
++        locations
++      + d/p/0021-apparmor-virt-aa-helper-Add-openvswitch-support.patch:
++        apparmor, virt-aa-helper: Add openvswitch support
++      + d/p/0025-apparmor-fix-newer-virt-manager-1.4.0.patch: Add Apparmor
++        permissions so virt-manager 1.4.0 viewing works (LP 1668681).
++      + d/p/0029-appmor-libvirt-qemu-Add-9p-support.patch: appmor,
++        libvirt-qemu: Add 9p support
++      + d/p/0030-virt-aa-helper-Complete-9p-support.patch: virt-aa-helper:
++        add l to 9p file options.
++      + d/p/0031-virt-aa-helper-Ask-for-no-deny-rule-for-readonly-dis.patch:
++        virt-aa-helper: Ask for no deny rule for readonly disk (renamed and
++        reworded, was virt-aa-helper-no-explicity-deny-for-basefiles.patch)
++      + d/p/0032-apparmor-libvirt-qemu-Allow-reading-charm-specific-c.patch:
++        apparmor, libvirt-qemu: Allow reading charm-specific ceph config
++      + d/p/0033-UBUNTU-only-apparmor-for-kvm.powerpc-LP-1680384.patch: allow
++        commands executed by ubuntu only kvm wrapper on ppc64el (LP 1686621).
++      + d/p/0034-apparmor-virt-aa-helper-access-for-snapped-nova.patch:
++        apparmor, virt-aa-helper: access for snapped nova
++  * Dropped Changes (Upstream):
++    - d/p/0005-apparmor-libvirt-qemu-Allow-use-of-sgabios.patch: apparmor,
++      libvirt-qemu: Allow use of sgabios
++    - d/p/0006-apparmor-libvirt-qemu-Silence-lttng-related-deny-mes.patch:
++      apparmor, libvirt-qemu: Silence lttng related deny messages
++    - d/p/0008-apparmor-libvirt-qemu-Allow-read-access-to-sysfs-sys.patch:
++      apparmor, libvirt-qemu: Allow read access to sysfs system info
++    - d/p/0009-apparmor-libvirt-qemu-Allow-read-access-to-max_mem_r.patch:
++      apparmor, libvirt-qemu: Allow read access to max_mem_regions
++    - d/p/0010-apparmor-libvirt-qemu-Allow-qemu-block-extra-librari.patch:
++      apparmor, libvirt-qemu: Allow qemu-block-extra libraries
++    - d/p/0012-apparmor-libvirtd-Allow-access-to-netlink-sockets.patch:
++      apparmor, libvirtd: Allow access to netlink sockets
++    - d/p/0013-apparmor-Add-rules-for-mediation-support.patch:
++      apparmor: Add rules for mediation support
++    - d/p/0015-apparmor-virt-aa-helper-Allow-access-to-ecryptfs-fil.patch:
++      apparmor, virt-aa-helper: Allow access to ecryptfs files
++    - d/p/0016-apparmor-libvirtd-Allow-ixr-to-var-lib-libvirt-virtd.patch:
++      apparmor, libvirtd: Allow ixr to /var/lib/libvirt/virtd*
++    - d/p/0018-apparmor-virt-aa-helper-Add-ipv6-network-policy.patch:
++      apparmor, virt-aa-helper: Add ipv6 network policy
++    - d/p/0019-apparmor-virt-aa-helper-Allow-access-to-sys-bus-usb-.patch:
++      apparmor, virt-aa-helper: Allow access to /sys/bus/usb/devices
++    - d/p/0023-apparmor-qemu-won-t-call-qemu-nbd.patch: apparmor: qemu
++      won't call qemu-nbd
++    - d/p/0027-apparmor-allow-reading-cmdline-of-shutdown-signal.patch:
++      apparmor: allow to parse cmdline of the pid that send the shutdown
++      signal (LP 1680384).
++    - d/p/0028-apparmor-add-default-pki-path-of-lbvirt-spice.patch:
++      apparmor: add default pki path of lbvirt-spice (LP 1690140)
++    - d/p/ubuntu-aa/0035-virt-aa-helper-locking-disk-files-for-qemu-2.10.patch:
++      for compatibility with the behavior of qemu 2.10 this adds locking
++      permission to rules generated for disk files (LP 1709818)
++    - d/p/ubuntu-aa/0036-virt-aa-helper-locking-loader-nvram-for-qemu-2.10.patch:
++      for compatibility with the behavior of qemu 2.10 this adds locking
++      permission to rules generated for loader/nvram (LP 1710960)
++    - d/p/ubuntu-aa/0037-virt-aa-helper...: grant locking permission on append
++      files (LP 1726804)
++    - d/p/ubuntu-aa/0038-virt-aa-helper-fix-paths-for-usb-hostdevs.patch:
++      fix path generation for USB host devices (LP 1552241)
++    - d/p/ubuntu-aa/0039-virt-aa-helper-fix-libusb-access-to-udev-usb-data.patch:
++      generate valid rules on usb passthrough (LP 1686324)
++    - d/p/avoid-double-locking.patch: fix a deadlock that could occur when
++      libvirtd interactions raced with dbus causing a deadlock (LP 1714254).
++    - d/p/u/gnulib-getopt-posix-Fix-build-failure-when-using-ac_cv_head.patch:
++      fix FTBFS with glibc 2.26 (LP 1718668)
++    - Extended handling of apparmor profiles - clear lost profiles via cron
++      (now cleared by virt-aa-helper on domain stop)
++    - nat only on some ports <port start='1024' end='65535'/> (upstream
++      default now if nothing is specified, actually dropped last cycle)
++  * Dropped Changes (In Debian or no more important):
++    - d/p/0002-apparmor-libvirt-qemu-Allow-macvtap-access.patch: apparmor,
++      libvirt-qemu: Allow macvtap access
++    - d/p/0004-apparmor-Explicit-deny-for-setpcap.patch: apparmor: Explicit
++      deny for setpcap (LP 522845).
++    - d/p/0014-apparmor-virt-aa-helper-Improve-comment-about-backin.patch:
++      apparmor, virt-aa-helper: Improve comment about backing store
++    - d/p/0022-apparmor-drop-references-to-qemu-kvm.patch: apparmor: drop
++      references to qemu-kvm
++    - d/p/0024-apparmor-virt-aa-helper-Allow-access-to-name-service.patch:
++      apparmor, virt-aa-helper: Allow access to name services
++    - d/p/0026-apparmor-add-generic-base-vfio-device.patch: apparmor: add
++      /dev/vfio for vf (hot) attach (LP 1680384) (added by virt-aa-helper per
++      guest if needed).
++    - d/p/0011-apparmor-libvirt-qemu-Allow-access-to-hugepage-mount.patch:
++      apparmor, libvirt-qemu: Allow access to hugepage mounts
++    - Disable sheepdog (was for universe dependency, but is now only a suggest)
++    - d/p/ubuntu/storage-disable-gluster-test: gluster not enabled, skip test
++  * Dropped Changes (In Debian/Upstream now based on interim 3.10 work) some of
++    these were never released, but important to mention for the bug references:
++    - libnss-libvirt once enabled causes apt to call getdents
++      avoid this being an issue by dropping a apt conf that allows
++      this in seccomp (LP: #1732030).
++    - d/libvirt-daemon-system.postrm: clean up more libvirt directories on
++      purge
++    - d/p/ubuntu-aa/0041-apparmor-allow-unix-stream-for-p2p-migrations.patch:
++      apparmor: allow unix stream for p2p migrations
++    - d/p/ubuntu-aa/0043-security-apparmor-implement-domainSetPathLabel.patch:
++      this replaces the hugepage rules and fixes many more formerly missing
++    - d/p/ubuntu-aa/0044-security-full-path-option-for-DomainSetPathLabel.patch:
++      allowing to have path wildcards on labels set by domain callbacks
++    - d/p/ubuntu-aa/0045-security-apparmor-add-Set-Restore-ChardevLabel.patch:
++      apparmor implementation of security callback
++    - d/p/ubuntu-aa/0046-apparmor-virt-aa-helper-drop-static-channel-rule.patch:
++      this is now covered by chardev label callbacks
++  * Added Changes:
++    - Revert Debian change "Drop libvirt-bin upgrade handling"
++      This is needed in Ubuntu one last time (drop >18.04)
++    - Revert Debian change "Drop maintscript helpers for versions predating
++      jessie and wheezy-backports". This is needed in Ubuntu one last
++      time (drop >18.04)
++    - Refreshed d/p/* to match new version (only fuzz, no semantic change)
++    - d/libvirt-daemon-system.postrm: change order of libvirt-qemu removal
++      to avoid error messages on purge
++    - remove no more used libvirt-dnsmasq user (drop >18.04)
++    - d/p/ubuntu-aa/0040-apparmor-add-mediation-rules-for-unconfined.patch:
++      apparmor: add mediation rules for unconfined guests
++    - d/p/ubuntu-aa/0042-security-introduce-virSecurityManager-Set-Restore-Ch
++      .patch: backport upstream cahnge to expose already used chardev calls.
++    - d/libvirt-daemon-system.postrm: Remove the default.xml network link
++      set up by postinst.
++    - d/libvirt-daemon-system.maintscript: remove the now dropped conffile
++      /etc/cron.daily/libvirt-daemon-system
++    - d/libvirt-daemon-system.postinst: fixups for autostart default network
++      - use modern shell syntax
++      - try more default networks before giving up to enable by default
++    - d/p/ubuntu-aa/0020-virt-aa-helper-ubuntu-storage-paths.patch:
++      add multipass image path and mark as ubuntu only change.
++    - d/rules: install virtlockd correctly with defaults file (LP: #1729516)
++    - extended d/p/0025-apparmor-fix-newer-virt-manager-1.4.0.patch to cover
++      the slightly changed behavior of libvirt 4.0 (LP: #1741617)
++    - d/control: make libvirt-daemon-driver-storage-rbd a recommend instead of
++      just a suggest to have 3rd party relying on rbd out of the box working.
++      This is deprecated and users of rbd backend should start depending on
++      this package for it will be dropped to a suggest in future releases.
++
++ -- Christian Ehrhardt <christian.ehrhardt@canonical.com>  Thu, 14 Dec 2017 14:15:55 +0100
++
  libvirt (4.0.0-1) unstable; urgency=medium
    * [5936904] New upstream version 4.0.0
@@ -1675,6 +4985,206 @@ libvirt (3.7.0-1) unstable; urgency=medium
   -- Guido Günther <agx@sigxcpu.org>  Fri, 08 Sep 2017 14:52:38 +0200
++libvirt (3.6.0-1ubuntu6) artful; urgency=medium
++
++  * d/p/ubuntu-aa/0037-virt-aa-helper...: grant locking permission on append
++    files (LP: #1726804)
++  * d/p/ubuntu-aa/0038-virt-aa-helper-fix-paths-for-usb-hostdevs.patch:
++    fix path generation for USB host devices (LP: #1552241)
++  * d/p/ubuntu-aa/0039-virt-aa-helper-fix-libusb-access-to-udev-usb-data.patch:
++    generate valid rules on usb passthrough (LP: #1686324)
++
++ -- Christian Ehrhardt <christian.ehrhardt@canonical.com>  Tue, 24 Oct 2017 14:30:34 +0200
++
++libvirt (3.6.0-1ubuntu5) artful; urgency=medium
++
++  * d/p/u/gnulib-getopt-posix-Fix-build-failure-when-using-ac_cv_head.patch:
++    fix FTBFS with glibc 2.26 (LP: #1718668)
++
++ -- Christian Ehrhardt <christian.ehrhardt@canonical.com>  Thu, 28 Sep 2017 08:18:10 -0400
++
++libvirt (3.6.0-1ubuntu4) artful; urgency=medium
++
++  * d/p/avoid-double-locking.patch: fix a deadlock that could occur when
++    libvirtd interactions raced with dbus causing a deadlock (LP: #1714254).
++
++ -- Christian Ehrhardt <christian.ehrhardt@canonical.com>  Fri, 01 Sep 2017 10:29:35 +0200
++
++libvirt (3.6.0-1ubuntu3) artful; urgency=medium
++
++  * No change rebuild for Qemu 2.10 and Xen 4.9
++
++ -- Christian Ehrhardt <christian.ehrhardt@canonical.com>  Mon, 21 Aug 2017 10:34:13 +0200
++
++libvirt (3.6.0-1ubuntu2) artful; urgency=medium
++
++  * d/p/ubuntu-aa/0036-virt-aa-helper-locking-loader-nvram-for-qemu-2.10.patch:
++    for compatibility with the behavior of qemu 2.10 this adds locking
++    permission to rules generated for loader/nvram (LP: #1710960)
++
++ -- Christian Ehrhardt <christian.ehrhardt@canonical.com>  Thu, 17 Aug 2017 10:00:19 +0200
++
++libvirt (3.6.0-1ubuntu1) artful; urgency=medium
++
++  * Merged with Debian unstable (3.6)
++    This closes several bugs:
++    - aarch64: improved chardev handling (LP: #1697610)
++    - Forbid locking memory without memtune (LP: #1708305)
++  * Remaining changes:
++    - Disable sheepdog (universe dependency)
++    - Disable libssh2 support (universe dependency)
++    - Disable firewalld support (universe dependency)
++    - Disable selinux
++    - Set qemu-group to kvm (for compat with older ubuntu)
++    - Regularly clear AppArmor profiles for vms that no longer exist
++    - Additional apport package-hook
++    - Modifications to adapt for our delayed switch away from libvirt-bin (can
++      be dropped >18.04).
++      + d/p/ubuntu/libvirtd-service-add-bin-alias.patch: systemd: define alias
++        to old service name so that old references work
++      + d/p/ubuntu/libvirtd-init-add-bin-alias.patch: sysv init: define alias
++        to old service name so that old references work
++      + d/control: transitional package with the old name and maintainer
++        scripts to handle the transition
++    - Backwards compatible handling of group rename (can be dropped >18.04).
++    - config details and autostart of default bridged network. Creating that is
++      now the default in general, yet our solution provides the following on
++      top as of today:
++      + nat only on some ports <port start='1024' end='65535'/>
++      + autostart the default network by default
++      + do not autostart if 192.168.122.0 is already taken (e.g. in containers)
++    - d/p/ubuntu/Allow-libvirt-group-to-access-the-socket.patch: This is
++      the group based access to libvirt functions as it was used in Ubuntu
++      for quite long.
++      + d/p/ubuntu/daemon-augeas-fix-expected.patch fix some related tests
++        due to the group access change.
++    - ubuntu/parallel-shutdown.patch: set parallel shutdown by default.
++    - d/p/ubuntu/enable-kvm-spice.patch: compat with older Ubuntu qemu/kvm
++      which provided a separate kvm-spice.
++    - d/p/ubuntu/storage-disable-gluster-test: gluster not enabled, skip test
++    - d/p/ubuntu/ubuntu-libxl-qemu-path.patch: this change was split. The
++      section that adapts the path of the emulator to the Debian/Ubuntu
++      packaging is kept.
++    - d/p/ubuntu/ubuntu-libxl-Fix-up-VRAM-to-minimum-requirements.patch: auto
++      set VRAM to minimum requirements
++    - d/p/ubuntu/xen-default-uri.patch: set default URI on xen hosts
++    - Add libxl log directory
++    - libvirt-uri.sh: Automatically switch default libvirt URI for users on
++      Xen dom0 via user profile (was missing on changelogs before)
++    - d/p/ubuntu/apibuild-skip-libvirt-common.h: drop libvirt-common.h from
++      included_files to avoid build failures due to duplicate definitions.
++    - Update README.Debian with Ubuntu changes
++    - Convert libvirt0, libnss_libvirt and libvirt-dev to multi-arch.
++    - Enable some additional features on ppc64el and s390x (for arch parity)
++      + systemtap, zfs, numa and numad on s390x.
++      + systemtap on ppc64el.
++    - fix conffile upgrade handling to avoid obsolete files
++      and inactive duplicates (LP 1694159)
++    - d/t/control, d/t/smoke-qemu-session: fixup smoke-qemu-session by making
++      vmlinuz available and accessible (Debian bug 848314)
++    - d/test/smoke-lxc workaround for debbug 848317/867379
++    - d/t/control, d/t/smoke-lxc: fix up lxc smoke test (Debian bug 848317)
++    - Extended handling of apparmor profiles - clear lost profiles via cron
++    - Add dnsmasq configuration to work with system wide dnsmasq (drop >18.04,
++      no more UCA onto Xenial then which has global dnsmasq by default).
++    - d/p/ubuntu/ubuntu_machine_type.patch: accept ubuntu types as pci440fx
++    - conffile handling of files dropped in 3.5 (can be dropped >18.04)
++      + /etc/init.d/virtlockd was sysv init only
++      + /etc/apparmor.d/local/usr.sbin.libvirtd and
++        /etc/apparmor.d/local/usr.lib.libvirt.virt-aa-helper are now generated
++        by dh_apparmor as needed
++    - Reworked apparmor Delta, especially the more complex delta is dropped
++      now, also our former delta is now split into logical pieces, has
++      improved comments and is part of a continuous upstreaming effort.
++      Listing related remaining changes:
++      + d/p/0001-apparmor-Allow-pygrub-to-run-on-Debian-Ubuntu.patch: apparmor:
++        Allow pygrub to run on Debian/Ubuntu
++      + d/p/0002-apparmor-libvirt-qemu-Allow-macvtap-access.patch: apparmor,
++        libvirt-qemu: Allow macvtap access
++      + d/p/0003-apparmor-libvirt-qemu-Allow-read-access-to-overcommi.patch:
++        apparmor, libvirt-qemu: Allow read access to overcommit_memory
++      + d/p/0004-apparmor-Explicit-deny-for-setpcap.patch: apparmor: Explicit
++        deny for setpcap
++      + d/p/0005-apparmor-libvirt-qemu-Allow-use-of-sgabios.patch: apparmor,
++        libvirt-qemu: Allow use of sgabios
++      + d/p/0006-apparmor-libvirt-qemu-Silence-lttng-related-deny-mes.patch:
++        apparmor, libvirt-qemu: Silence lttng related deny messages
++      + d/p/0007-apparmor-libvirt-qemu-Allow-owner-read-access-to-PRO.patch:
++        apparmor, libvirt-qemu: Allow owner read access to @{PROC}/*/auxv
++      + d/p/0008-apparmor-libvirt-qemu-Allow-read-access-to-sysfs-sys.patch:
++        apparmor, libvirt-qemu: Allow read access to sysfs system info
++      + d/p/0009-apparmor-libvirt-qemu-Allow-read-access-to-max_mem_r.patch:
++        apparmor, libvirt-qemu: Allow read access to max_mem_regions
++      + d/p/0010-apparmor-libvirt-qemu-Allow-qemu-block-extra-librari.patch:
++        apparmor, libvirt-qemu: Allow qemu-block-extra libraries
++      + d/p/0011-apparmor-libvirt-qemu-Allow-access-to-hugepage-mount.patch:
++        apparmor, libvirt-qemu: Allow access to hugepage mounts
++      + d/p/0012-apparmor-libvirtd-Allow-access-to-netlink-sockets.patch:
++        apparmor, libvirtd: Allow access to netlink sockets
++      + d/p/0013-apparmor-Add-rules-for-mediation-support.patch:
++        apparmor: Add rules for mediation support
++      + d/p/0014-apparmor-virt-aa-helper-Improve-comment-about-backin.patch:
++        apparmor, virt-aa-helper: Improve comment about backing store
++      + d/p/0015-apparmor-virt-aa-helper-Allow-access-to-ecryptfs-fil.patch:
++        apparmor, virt-aa-helper: Allow access to ecryptfs files
++      + d/p/0016-apparmor-libvirtd-Allow-ixr-to-var-lib-libvirt-virtd.patch:
++        apparmor, libvirtd: Allow ixr to /var/lib/libvirt/virtd*
++      + d/p/0017-apparmor-virt-aa-helper-Allow-access-to-tmp-director.patch:
++        apparmor, virt-aa-helper: Allow access to tmp directories
++      + d/p/0018-apparmor-virt-aa-helper-Add-ipv6-network-policy.patch:
++        apparmor, virt-aa-helper: Add ipv6 network policy
++      + d/p/0019-apparmor-virt-aa-helper-Allow-access-to-sys-bus-usb-.patch:
++        apparmor, virt-aa-helper: Allow access to /sys/bus/usb/devices
++      + d/p/0020-apparmor-virt-aa-helper-Allow-various-storage-pools-.patch:
++        apparmor, virt-aa-helper: Allow various storage pools and image
++        locations
++      + d/p/0021-apparmor-virt-aa-helper-Add-openvswitch-support.patch:
++        apparmor, virt-aa-helper: Add openvswitch support
++      + d/p/0022-apparmor-drop-references-to-qemu-kvm.patch: apparmor: drop
++        references to qemu-kvm
++      + d/p/0023-apparmor-qemu-won-t-call-qemu-nbd.patch: apparmor: qemu
++        won't call qemu-nbd
++      + d/p/0024-apparmor-virt-aa-helper-Allow-access-to-name-service.patch:
++        apparmor, virt-aa-helper: Allow access to name services
++      + d/p/0025-apparmor-fix-newer-virt-manager-1.4.0.patch: Add Apparmor
++        permissions so virt-manager 1.4.0 viewing works (LP 1668681).
++      + d/p/0026-apparmor-add-generic-base-vfio-device.patch: apparmor: add
++        /dev/vfio for vf (hot) attach (LP 1680384).
++      + d/p/0027-apparmor-allow-reading-cmdline-of-shutdown-signal.patch:
++        apparmor: allow to parse cmdline of the pid that send the shutdown
++        signal (LP 1680384).
++      + d/p/0028-apparmor-add-default-pki-path-of-lbvirt-spice.patch:
++        apparmor: add default pki path of lbvirt-spice (LP 1690140)
++      + d/p/0029-appmor-libvirt-qemu-Add-9p-support.patch: appmor,
++        libvirt-qemu: Add 9p support
++      + d/p/0030-virt-aa-helper-Complete-9p-support.patch: virt-aa-helper:
++        add l to 9p file options.
++      + d/p/0031-virt-aa-helper-Ask-for-no-deny-rule-for-readonly-dis.patch:
++        virt-aa-helper: Ask for no deny rule for readonly disk (renamed and
++        reworded, was virt-aa-helper-no-explicity-deny-for-basefiles.patch)
++      + d/p/0032-apparmor-libvirt-qemu-Allow-reading-charm-specific-c.patch:
++        apparmor, libvirt-qemu: Allow reading charm-specific ceph config
++      + d/p/0033-UBUNTU-only-apparmor-for-kvm.powerpc-LP-1680384.patch: allow
++        commands executed by ubuntu only kvm wrapper on ppc64el (LP 1686621).
++      + d/p/0034-apparmor-virt-aa-helper-access-for-snapped-nova.patch:
++        apparmor, virt-aa-helper: access for snapped nova
++  * Dropped Changes (Upstream):
++    - d/p/ubuntu/fix-libxl-default-driver-name.patch: avoid an issue with
++      default driver entries missing name='qemu'.
++    - d/p/u/aa-helper-Properly-link-with-storage-driver.patch (LP 1704782)
++      Fix to be able to follow BackinStorage chains when creating per
++      guest apparmor rules.
++  * Dropped Changes (In Debian):
++    - Enable esx support
++      + Add build-dep to libcurl4-gnutls-dev (required for esx)
++  * Added Changes:
++    - d/p/ubuntu-aa/0035-virt-aa-helper-locking-disk-files-for-qemu-2.10.patch:
++      for compatibility with the behavior of qemu 2.10 this adds locking
++      permission to rules generated for disk files (LP: #1709818)
++
++
++ -- Christian Ehrhardt <christian.ehrhardt@canonical.com>  Thu, 10 Aug 2017 12:44:47 +0200
++
  libvirt (3.6.0-1) unstable; urgency=medium
    * [ece8d56] New upstream version 3.6.0 (Closes: #870626)
@@ -1691,6 +5201,264 @@ libvirt (3.6.0-1) unstable; urgency=medium
   -- Guido Günther <agx@sigxcpu.org>  Fri, 04 Aug 2017 00:05:47 -0300
++libvirt (3.5.0-1ubuntu3) artful; urgency=medium
++
++  * Refresh changes to match they way they were accepted upstream
++    - d/p/u/aa-helper-Properly-link-with-storage-driver.patch add commit
++      reference now that it is in git.
++    - d/p/u/fix-libxl-default-driver-name.patch: instead of addin the
++      name this is now fixed by relaxing the schema.
++
++ -- Christian Ehrhardt <christian.ehrhardt@canonical.com>  Wed, 19 Jul 2017 12:48:39 +0200
++
++libvirt (3.5.0-1ubuntu2) artful; urgency=medium
++
++  * d/p/u/aa-helper-Properly-link-with-storage-driver.patch (LP: #1704782)
++    Fix to be able to follow BackinStorage chains when creating per
++    guest apparmor rules.
++
++ -- Christian Ehrhardt <christian.ehrhardt@canonical.com>  Tue, 18 Jul 2017 16:34:57 +0200
++
++libvirt (3.5.0-1ubuntu1) artful; urgency=medium
++
++  * Merged with Debian unstable (3.5)
++    This closes several bugs:
++    - improved handling of host-model since libvirt 3.2 (LP: #1673467)
++    - Adding POWER9 cpu model to cpu_map.xml (LP: #1690209)
++  * Remaining changes:
++    - Disable sheepdog (universe dependency)
++    - Disable libssh2 support (universe dependency)
++    - Disable firewalld support (universe dependency)
++    - Disable selinux
++    - Enable esx support
++      + Add build-dep to libcurl4-gnutls-dev (required for esx)
++    - Set qemu-group to kvm (for compat with older ubuntu)
++    - Regularly clear AppArmor profiles for vms that no longer exist
++    - Additional apport package-hook
++    - Modifications to adapt for our delayed switch away from libvirt-bin (can
++      be dropped >18.04).
++      + d/p/ubuntu/libvirtd-service-add-bin-alias.patch: systemd: define alias
++        to old service name so that old references work
++      + d/p/ubuntu/libvirtd-init-add-bin-alias.patch: sysv init: define alias
++        to old service name so that old references work
++      + d/control: transitional package with the old name and maintainer
++        scripts to handle the transition
++    - Backwards compatible handling of group rename (can be dropped >18.04).
++    - config details and autostart of default bridged network. Creating that is
++      now the default in general, yet our solution provides the following on
++      top as of today:
++      + nat only on some ports <port start='1024' end='65535'/>
++      + autostart the default network by default
++      + do not autostart if 192.168.122.0 is already taken (e.g. in containers)
++    - d/p/ubuntu/Allow-libvirt-group-to-access-the-socket.patch: This is
++      the group based access to libvirt functions as it was used in Ubuntu
++      for quite long.
++      + d/p/ubuntu/daemon-augeas-fix-expected.patch fix some related tests
++        due to the group access change.
++    - ubuntu/parallel-shutdown.patch: set parallel shutdown by default.
++    - d/p/ubuntu/enable-kvm-spice.patch: compat with older Ubuntu qemu/kvm
++      which provided a separate kvm-spice.
++    - d/p/ubuntu/storage-disable-gluster-test: gluster not enabled, skip test
++    - d/p/ubuntu/ubuntu-libxl-qemu-path.patch: this change was split. The
++      section that adapts the path of the emulator to the Debian/Ubuntu
++      packaging is kept.
++    - d/p/ubuntu/ubuntu-libxl-Fix-up-VRAM-to-minimum-requirements.patch: auto
++      set VRAM to minimum requirements
++    - d/p/ubuntu/xen-default-uri.patch: set default URI on xen hosts
++    - Add libxl log directory
++    - libvirt-uri.sh: Automatically switch default libvirt URI for users on
++      Xen dom0 via user profile (was missing on changelogs before)
++    - d/p/ubuntu/apibuild-skip-libvirt-common.h: drop libvirt-common.h from
++      included_files to avoid build failures due to duplicate definitions.
++    - Update README.Debian with Ubuntu changes
++    - Convert libvirt0, libnss_libvirt and libvirt-dev to multi-arch.
++    - Enable some additional features on ppc64el and s390x (for arch parity)
++      + systemtap, zfs, numa and numad on s390x.
++      + systemtap on ppc64el.
++    - fix conffile upgrade handling to avoid obsolete files
++      and inactive duplicates (LP 1694159)
++    - d/t/control, d/t/smoke-qemu-session: fixup smoke-qemu-session by making
++      vmlinuz available and accessible (Debian bug 848314)
++    - d/t/control, d/t/smoke-lxc: fix up lxc smoke test (Debian bug 848317)
++    - Extended handling of apparmor profiles - clear lost profiles via cron
++    - Add dnsmasq configuration to work with system wide dnsmasq (drop >18.04,
++      no more UCA onto Xenial then which has global dnsmasq by default).
++    - Reworked apparmor Delta, especially the more complex delta is dropped
++      now, also our former delta is now split into logical pieces, has
++      improved comments and is part of a continuous upstreaming effort.
++      Listing related remaining changes:
++      + d/p/0001-apparmor-Allow-pygrub-to-run-on-Debian-Ubuntu.patch: apparmor:
++        Allow pygrub to run on Debian/Ubuntu
++      + d/p/0002-apparmor-libvirt-qemu-Allow-macvtap-access.patch: apparmor,
++        libvirt-qemu: Allow macvtap access
++      + d/p/0003-apparmor-libvirt-qemu-Allow-read-access-to-overcommi.patch:
++        apparmor, libvirt-qemu: Allow read access to overcommit_memory
++      + d/p/0004-apparmor-Explicit-deny-for-setpcap.patch: apparmor: Explicit
++        deny for setpcap
++      + d/p/0005-apparmor-libvirt-qemu-Allow-use-of-sgabios.patch: apparmor,
++        libvirt-qemu: Allow use of sgabios
++      + d/p/0006-apparmor-libvirt-qemu-Silence-lttng-related-deny-mes.patch:
++        apparmor, libvirt-qemu: Silence lttng related deny messages
++      + d/p/0007-apparmor-libvirt-qemu-Allow-owner-read-access-to-PRO.patch:
++        apparmor, libvirt-qemu: Allow owner read access to @{PROC}/*/auxv
++      + d/p/0008-apparmor-libvirt-qemu-Allow-read-access-to-sysfs-sys.patch:
++        apparmor, libvirt-qemu: Allow read access to sysfs system info
++      + d/p/0009-apparmor-libvirt-qemu-Allow-read-access-to-max_mem_r.patch:
++        apparmor, libvirt-qemu: Allow read access to max_mem_regions
++      + d/p/0010-apparmor-libvirt-qemu-Allow-qemu-block-extra-librari.patch:
++        apparmor, libvirt-qemu: Allow qemu-block-extra libraries
++      + d/p/0011-apparmor-libvirt-qemu-Allow-access-to-hugepage-mount.patch:
++        apparmor, libvirt-qemu: Allow access to hugepage mounts
++      + d/p/0012-apparmor-libvirtd-Allow-access-to-netlink-sockets.patch:
++        apparmor, libvirtd: Allow access to netlink sockets
++      + d/p/0013-apparmor-Add-rules-for-mediation-support.patch:
++        apparmor: Add rules for mediation support
++      + d/p/0014-apparmor-virt-aa-helper-Improve-comment-about-backin.patch:
++        apparmor, virt-aa-helper: Improve comment about backing store
++      + d/p/0015-apparmor-virt-aa-helper-Allow-access-to-ecryptfs-fil.patch:
++        apparmor, virt-aa-helper: Allow access to ecryptfs files
++      + d/p/0016-apparmor-libvirtd-Allow-ixr-to-var-lib-libvirt-virtd.patch:
++        apparmor, libvirtd: Allow ixr to /var/lib/libvirt/virtd*
++      + d/p/0017-apparmor-virt-aa-helper-Allow-access-to-tmp-director.patch:
++        apparmor, virt-aa-helper: Allow access to tmp directories
++      + d/p/0018-apparmor-virt-aa-helper-Add-ipv6-network-policy.patch:
++        apparmor, virt-aa-helper: Add ipv6 network policy
++      + d/p/0019-apparmor-virt-aa-helper-Allow-access-to-sys-bus-usb-.patch:
++        apparmor, virt-aa-helper: Allow access to /sys/bus/usb/devices
++      + d/p/0020-apparmor-virt-aa-helper-Allow-various-storage-pools-.patch:
++        apparmor, virt-aa-helper: Allow various storage pools and image
++        locations
++      + d/p/0021-apparmor-virt-aa-helper-Add-openvswitch-support.patch:
++        apparmor, virt-aa-helper: Add openvswitch support
++      + d/p/0022-apparmor-drop-references-to-qemu-kvm.patch: apparmor: drop
++        references to qemu-kvm
++      + d/p/0023-apparmor-qemu-won-t-call-qemu-nbd.patch: apparmor: qemu
++        won't call qemu-nbd
++      + d/p/0024-apparmor-virt-aa-helper-Allow-access-to-name-service.patch:
++        apparmor, virt-aa-helper: Allow access to name services
++      + d/p/0025-apparmor-fix-newer-virt-manager-1.4.0.patch: Add Apparmor
++        permissions so virt-manager 1.4.0 viewing works (LP 1668681).
++      + d/p/0026-apparmor-add-generic-base-vfio-device.patch: apparmor: add
++        /dev/vfio for vf (hot) attach (LP 1680384).
++      + d/p/0027-apparmor-allow-reading-cmdline-of-shutdown-signal.patch:
++        apparmor: allow to parse cmdline of the pid that send the shutdown
++        signal (LP 1680384).
++      + (28 is a new patch, listed in added changes)
++      + d/p/0029-appmor-libvirt-qemu-Add-9p-support.patch: appmor,
++        libvirt-qemu: Add 9p support
++      + d/p/0030-virt-aa-helper-Complete-9p-support.patch: virt-aa-helper:
++        add l to 9p file options.
++      + d/p/0031-virt-aa-helper-Ask-for-no-deny-rule-for-readonly-dis.patch:
++        virt-aa-helper: Ask for no deny rule for readonly disk (renamed and
++        reworded, was virt-aa-helper-no-explicity-deny-for-basefiles.patch)
++      + d/p/0032-apparmor-libvirt-qemu-Allow-reading-charm-specific-c.patch:
++        apparmor, libvirt-qemu: Allow reading charm-specific ceph config
++      + d/p/0033-UBUNTU-only-apparmor-for-kvm.powerpc-LP-1680384.patch: allow
++        commands executed by ubuntu only kvm wrapper on ppc64el (LP 1686621).
++      + d/p/0034-apparmor-virt-aa-helper-access-for-snapped-nova.patch:
++        apparmor, virt-aa-helper: access for snapped nova
++    - remaining but updated to match the latest release
++      + d/p/Disable-use-of-namespaces-by-default.patch (Debian change)
++      + d/p/Reduce-udevadm-settle-timeout-to-10-seconds.patch (Debian change)
++      + d/p/debian/apparmor_profiles_local_include.patch Include local
++        apparmor profile (Debian change)
++      + d/p/ubuntu/ubuntu_machine_type.patch: accept ubuntu types as pci440fx
++      + d/test/smoke-lxc workaround for debbug 848317/867379
++  * Dropped Changes (Upstream):
++    - Add missing apparmor rule for debug-threads feature (LP 1615550).
++    - Add new block device types to virt-aa-helpers profile (LP 1641618)
++    - d/p/ubuntu/storage-default-permission-mode-to-0711: safer default perms
++      for storage dirs like /var/lib/libvirt/images.
++    - d/p/ubuntu/libvirtd-service-nolimit.patch: remove proc/file/task limits
++      to support huge systems.
++    - d/p/ubuntu/libvirtd-service-set-notifyaccess.patch: set NotifyAccess=all
++      in libvirtd.service (-d not allowed to be specified, everything else
++      upstream so drop delta; LP 1574566).
++    - d/p/ubuntu/qemu_process-spice-don-t-release-used-port.patch: qemu_process
++      spice: don't release used port (LP 1697729).
++    - d/p/ubuntu/virsh-maxvcpu-fall-back-to-old-command.patch: virsh: maxvcpus:
++      Always fall back to the old command if domain caps fail (LP 1674298)
++    - d/p/ubuntu/qemu-Allow-empty-script-path-to-interface.patch: in the past
++      it was possible to have <script path=''/> which now fails - fix to match
++      the old behavior (LP 1665698)
++    - Reworked apparmor Delta and started upstreaming, listing related
++      changes dropped:
++      + Apparmor feature parsing to depend on new apparmor features which
++        appear in different versions across distributions (no more needed
++        >=Xenial, allows to now separate changes and upstream more easily).
++      + d/p/ubuntu/Ensure-disk-names-follow-the-disk-name-regex.patch:
++        guarantee disk spec is following the defined regex (LP 1665410).
++      + d/p/ubuntu/virt-aa-helper-add-guest-agent-rule.patch: add
++        virt-aa-helper rule allowing all private channel access.
++      + d/p/ubuntu/virt-aa-helper-apparmor-allow-usr-share-AAVMF-too.patch:
++        virt-aa-helper to allow access to aarch64 UEFI images.
++      + d/rules, apparmor: include and install local apparmor profiles (This
++        is now done by dh_apparmor automatically)
++      + add local apparmor override templates (provided by dh_apparmor now)
++      + Fix name resolution calls from virt-aa-helper profile (LP 1546674).
++      + virt-aa-helper, apparmor: allow /usr/share/OVMF/ too
++      + virt-aa-helper: Generalize test for firmware paths
++      + apparmor, virt-aa-helper: Allow aarch64 UEFI.
++      + apparmor, libvirt-qemu: Add ppc64el related changes
++      + apparmor, libvirtd: Allow libxl-save-helper to run on Debian/Ubuntu
++      + apparmor, libvirt-qemu: Allow access to ceph config
++      + apparmor, libvirt-qemu: Allow access to certificates used by libvirt-vnc
++      + apparmor, virt-aa-helper: Explicit denies for host devices
++      + apparmor, virt-aa-helper: Allow access to libnl-3 config files
++      + apparmor, libvirt-qemu: allow access to pt_chown for pty consoles
++  * Dropped Changes (In Debian):
++    - d/rules: debhelper start virtlogd.socket
++    - d/p/ubuntu/Debianize-virtlogd-service.patch: Adapt config file location
++      for Debian based systems.
++    - Additional debian/bug-presubj
++    - Extended handling of apparmor profiles - reload and remove in maintainer
++      scripts (dh_apparmor* now generate these snippets)
++  * Dropped Changes (no SysV anymore):
++    - Add sysvinit script for virtlockd
++    - Wait on socket in sysvinit script
++    - d/rules: dh_installinit virtlockd (was part of "Cleanup systemd
++      debhelper"
++    - d/p/ubuntu/Debianize-virtlockd-init.patch: Fix default config path in
++      virtlockd.init for Debian based systems.
++  * Dropped Changes (other reasons):
++    - d/p/ubuntu/dnsmasq-as-priv-user: configuration to run as extra user
++      This used group libvirt instead of nobody which makes it worse; Needs
++      to be fixed upstream (LP: #1690729).
++      + d/p/ubuntu/disable-network-test.patch: disable test failing due to
++        dnsmasq changes.
++    - Add .gitignore for .pc
++    - we keep lxc support as Debian does, but stop adding delta. It feels
++      somewhat less maintained than e.g. libvirt for qemu. Also for secure
++      and comfortable container management lxd is clearly preferred. The
++      delta caused more issues than it solved so deliver libvirt-lxc as-is
++      and drop the related delta.
++      + d/p/ubuntu/9031-enable-lxc-apparmor: enable apparmor confinement of
++        containers by default.
++      + d/p/ubuntu/9032-lxc-allow-no-security-driver: allow empty sec driver
++        for libvirt-lxc.
++    - The following xen changes are no more required with current versions
++      + d/p/ubuntu/ubuntu-libxl-hvmloader-path.patch: Fallback for libxl
++        xen paths (LP 1459603)
++      + d/p/ubuntu/ubuntu-libxl-qemu-path.patch: this change was split. The
++        section about compat to the very old qemu-dm name is no more needed.
++      + d/p/ubuntu/libxl-fix-test-data.patch and
++        d/p/ubuntu/fix-xen-xml-in-tests.patch: updated and unified into the
++        former one + also updated the maintainer notes to ease updating.
++      + d/p/ubuntu/libxl-no-dm-check.patch: Stop calling emulator to identify
++        device-model
++  * Added Changes:
++    - d/p/0028-apparmor-add-default-pki-path-of-lbvirt-spice.patch:
++      apparmor: add default pki path of lbvirt-spice (LP: #1690140)
++    - conffile handling of files dropped in 3.5 (can be dropped >18.04)
++      + /etc/init.d/virtlockd was sysv init only
++      + /etc/apparmor.d/local/usr.sbin.libvirtd and
++        /etc/apparmor.d/local/usr.lib.libvirt.virt-aa-helper are now generated
++        by dh_apparmor as needed
++    - d/p/ubuntu/fix-libxl-default-driver-name.patch: avoid an issue with
++      default driver entries missing name='qemu'.
++
++ -- Christian Ehrhardt <christian.ehrhardt@canonical.com>  Thu, 06 Jul 2017 15:43:17 +0200
++
  libvirt (3.5.0-1) unstable; urgency=medium
    [ Guido Günther ]
@@ -1784,6 +5552,233 @@ libvirt (3.0.0-1) experimental; urgency=medium
   -- Guido Günther <agx@sigxcpu.org>  Thu, 19 Jan 2017 18:51:18 +0100
++libvirt (2.5.0-3ubuntu10) artful; urgency=medium
++
++  * d/p/ubuntu/0004-apparmor-apply-ubuntu-delta.patch: Allow access to base
++    images and snapshots stored in nova-hypervisor snap's $SNAP_COMMON
++    directory, enabling use of the libvirt deb from the nova-hypervisor
++    snap (LP: #1644507).
++
++ -- Corey Bryant <corey.bryant@canonical.com>  Thu, 22 Jun 2017 14:29:39 -0400
++
++libvirt (2.5.0-3ubuntu9) artful; urgency=medium
++
++  * d/p/ubuntu/qemu_process-spice-don-t-release-used-port.patch: qemu_process
++    spice: don't release used port (LP: #1697729) - upstream in libvirt 3.1.
++
++ -- Christian Ehrhardt <christian.ehrhardt@canonical.com>  Wed, 14 Jun 2017 14:49:16 +0200
++
++libvirt (2.5.0-3ubuntu8) artful; urgency=medium
++
++  * fix conffile upgrade handling to avoid obsolete files
++    and inactive duplicates (LP: #1694159)
++    - d/libvirt-daemon-system.maintscript: revert to Debian content
++    - d/libvirt-bin.maintscript: add missing rm_conffile related to
++      dropping upstart.
++    - d/libvirt-bin.maintscript: add missing rm of conffiles due
++      to re-aligning with debian package names since yakkety.
++    - d/libvirt-bin.maintscript: for LTS->LTS upgraders try to move and retain
++      custom changes.
++    - d/libvirt-bin.maintscript: for upgraders from yakkety or later remove
++      the (now duplicate) conffiles, but retain custom changes in backups if
++      they exist
++    - d/libvirt-bin.preinst: drop manual mv of conffiles which lacked
++      retaining changes and upgrade-abort handling.
++    - d/libvirt-bin.preinst: handle upgrades up to the latest predecessor
++      possible before yakkety.
++    - d/libvirt-bin.preinst: fixup the combination of rm+mv conffile in case
++      the package is upgrading from pre yakkety.
++    - d/libvirt-daemon-system.postinst: clean up old dnsmasq enablement symlink
++      if unmodified.
++
++ -- Christian Ehrhardt <christian.ehrhardt@canonical.com>  Wed, 31 May 2017 14:29:51 +0200
++
++libvirt (2.5.0-3ubuntu7) artful; urgency=medium
++
++  * debian/patches/ubuntu/apparmor-ppcwrapper.patch: update to add missing
++    colon (LP: #1686621).
++
++ -- Christian Ehrhardt <christian.ehrhardt@canonical.com>  Thu, 27 Apr 2017 13:16:05 +0200
++
++libvirt (2.5.0-3ubuntu6) artful; urgency=medium
++
++  * Add missing apparmor profile entries (LP: #1680384)
++    - debian/patches/ubuntu/apparmor-vfio.patch: apparmor: add /dev/vfio
++      for vf (hot) attach
++    - debian/patches/ubuntu/apparmor-ppcwrapper.patch: apparmor: allow
++      extra tools executed by kvm.powerpc
++    - debian/patches/ubuntu/apparmor-shutdown.patch: apparmor: allow to
++      parse cmdline of the pid that send the shutdown signal
++
++ -- Christian Ehrhardt <christian.ehrhardt@canonical.com>  Tue, 25 Apr 2017 14:10:06 +0200
++
++libvirt (2.5.0-3ubuntu5) zesty; urgency=medium
++
++  * d/p/ubuntu/virsh-maxvcpu-fall-back-to-old-command.patch: virsh: maxvcpus:
++    Always fall back to the old command if domain caps fail (LP: #1674298)
++
++ -- Christian Ehrhardt <christian.ehrhardt@canonical.com>  Tue, 21 Mar 2017 08:02:37 +0100
++
++libvirt (2.5.0-3ubuntu4) zesty; urgency=medium
++
++  * d/p/ubuntu/qemu-Allow-empty-script-path-to-interface.patch: in the past
++    it was possible to have <script path=''/> which now fails - fix to match
++    the old behavior (LP: #1665698)
++
++ -- Christian Ehrhardt <christian.ehrhardt@canonical.com>  Fri, 10 Mar 2017 08:57:18 +0100
++
++libvirt (2.5.0-3ubuntu3) zesty; urgency=medium
++
++  [ Christian Ehrhardt ]
++  * d/p/ubuntu/Ensure-disk-names-follow-the-disk-name-regex.patch:
++    guarantee disk spec is following the defined regex (LP: #1665410).
++
++  [ Bryan Quigley ]
++  * d/p/ubuntu/0007-apparmor-fix-for-new-virt-manager.patch: Add Apparmor
++    permissions so virt-manager 1.4.0 viewing works (LP: #1668681).
++
++ -- Christian Ehrhardt <christian.ehrhardt@canonical.com>  Mon, 06 Mar 2017 08:24:06 +0100
++
++libvirt (2.5.0-3ubuntu2) zesty; urgency=medium
++
++  * No-change rebuild to build against Xen-4.8 libs.
++
++ -- Stefan Bader <stefan.bader@canonical.com>  Thu, 26 Jan 2017 14:19:03 +0100
++
++libvirt (2.5.0-3ubuntu1) zesty; urgency=medium
++
++  * Merged with Debian unstable
++    - this picks up a fix for migrations using NFS mounts (LP: #1637601).
++  * Remaining changes:
++    - Disable sheepdog (universe dependency)
++    - Disable libssh2 support (universe dependency)
++    - Disable firewalld support (universe dependency)
++    - Disable selinux
++    - Enable esx support
++      - Add build-dep to libcurl4-gnutls-dev (required for esx)
++    - Set qemu-group to kvm (for compat with older ubuntu)
++    - Added changes to use the upstream apparmor profiles with added
++      delta (configurable via apparmor profiles version).
++      * d/p/u/000[1-6]-apparmor-*
++    - Regularly clear AppArmor profiles for vms that no longer exist
++    - Fix name resolution calls from virt-aa-helper profile (LP 1546674).
++    - Add missing apparmor rule for debug-threads feature (LP 1615550).
++    - Add new block device types to virt-aa-helpers profile (LP 1641618)
++    - Additional apport package-hook
++    - d/rules: debhelper start virtlogd.socket
++    - Add sysvinit script for virtlockd
++    - Additional debian/bug-presubj
++    - Modifications to adapt for our delayed switch away from libvirt-bin (can
++      be dropped after 18.04).
++      - d/p/ubuntu/libvirtd-service-add-bin-alias.patch: alias to old
++        libvirt-bin name.
++      - d/p/ubuntu/libvirtd-init-add-bin-alias.patch: provides for the old
++        libvirt-bin name.
++    - Wait on socket in sysvinit script
++    - Backwards compatible handling of groups (can be dropped after 18.04).
++    - config details and autostart of default bridged network. Creating that is
++      now the default in general, yet our solution provides the following on
++      top as of today:
++      - nat only on some ports <port start='1024' end='65535'/>
++      - autostart the default network by default
++      - do not autostart if 192.168.122.0 is already taken (e.g. in containers)
++    - d/p/ubuntu/Allow-libvirt-group-to-access-the-socket.patch: This is
++      the group based access to libvirt functions as it was used in Ubuntu
++      for quite long.
++      - d/p/ubuntu/daemon-augeas-fix-expected.patch fix some related tests
++        due to the group access change.
++    - d/p/ubuntu/dnsmasq-as-priv-user: configuration to run as extra user
++      - d/p/ubuntu/disable-network-test.patch: disable test failing due to
++        dnsmasq changes.
++    - ubuntu/parallel-shutdown.patch: set parallel shutdown by default.
++    - d/p/ubuntu/enable-kvm-spice.patch: compat with older Ubuntu qemu/kvm
++      which provided a separate kvm-spice.
++    - d/p/ubuntu/storage-default-permission-mode-to-0711: safer default perms
++      for storage dirs like /var/lib/libvirt/images.
++    - d/p/ubuntu/storage-disable-gluster-test: gluster not enabled, skip test
++    - d/p/ubuntu/9031-enable-lxc-apparmor: enable apparmor confinement of
++      containers by default.
++    - d/p/ubuntu/9032-lxc-allow-no-security-driver: allow empty sec driver for
++      libvirt-lxc.
++    - d/p/ubuntu/ubuntu_machine_type.patch: accept ubuntu types as pci440fx
++    - d/p/ubuntu/ubuntu-libxl-qemu-path.patch: Set common qemu path to match
++      Debian/Ubuntu Xen packaging.
++    - d/p/ubuntu/ubuntu-libxl-hvmloader-path.patch: Fallback for libxl
++      xen paths (LP 1459603)
++    - d/p/ubuntu/ubuntu-libxl-Fix-up-VRAM-to-minimum-requirements.patch: auto
++      set VRAM to minimum requirements
++    - d/p/ubuntu/libxl-no-dm-check.patch: Stop calling emulator to identify
++      device-model
++    - d/p/ubuntu/xen-default-uri.patch: set default URI on xen hosts
++    - fixup tests to match packaging of Xen (mostly different paths)
++      - d/p/ubuntu/libxl-fix-test-data.patch
++      - d/p/ubuntu/fix-xen-xml-in-tests.patch
++    - d/p/ubuntu/Debianize-virtlogd-service.patch: Adapt config file location
++      for Debian based systems.
++    - d/p/ubuntu/Debianize-virtlockd-init.patch: Fix default config path in
++      virtlockd.init for Debian based systems.
++    - d/p/ubuntu/9034-complete-9p-support: virt-aa-helper: add l to 9p file
++      options.
++    - d/p/ubuntu/parallel-shutdown.patch: shut guests down in parallel
++    - d/p/ubuntu/virt-aa-helper-no-explicity-deny-for-basefiles.patch: ask for
++      no deny rule for readonly disk elements.
++    - d/p/ubuntu/virt-aa-helper-add-guest-agent-rule.patch: add virt-aa-helper
++      rule allowing all private channel access
++    - d/p/ubuntu/libvirtd-service-nolimit.patch: remove proc/file/task limits
++      to support huge systems.
++    - d/p/ubuntu/virt-aa-helper-apparmor-allow-usr-share-AAVMF-too.patch:
++      virt-aa-helper to allow access to aarch64 UEFI images.
++    - d/p/ubuntu/libvirtd-service-set-notifyaccess.patch: set NotifyAccess=all
++      in libvirtd.service (LP 1574566).
++    - d/p/ubuntu/apibuild-skip-libvirt-common.h: drop libvirt-common.h from
++      included_files to avoid build failures due to duplicate definitions.
++    - Update README.Debian with Ubuntu changes
++    - Convert libvirt0, libnss_libvirt and libvirt-dev to multi-arch.
++    - Add libxl log directory
++    - Enable some additional features on ppc64el and s390x (for arch parity)
++      - systemtap, zfs, numa and numad on s390x.
++      - systemtap on ppc64el.
++  * Dropped Changes:
++    - Build depend on gnutls >= 3.5.6-4ubuntu2 (no > 3.5.6 && < 3.5.6-4ubuntu2
++      in any release left)
++    - Fix parsing non apparmor labels LP:#1633207 (upstream in libvirt 2.5)
++    - Ignore newlines in guest list (upstream in libvirt 2.4)
++    - Avoid migration postcopy issues by ensuring valid commands (upstream in
++      libvirt 2.5)
++    - Enable numa for arm64 (in Debian)
++    - Fix libvirt start failure when security_driver set (upstream in libvirt
++      2.2)
++    - virt-aa-helper: Fix upstream implementation of no explicit deny rule
++      (upstream in libvirt 2.3)
++    - Some useless whitespace damage and no more applicable comments
++    - The following patches were part of the Delta but not the series file.
++      So they had no effect and can be dropped now:
++      - ubuntu/9036-util-prepare-uri-for-libxml2-2.9.2.patch
++      - ubuntu/Disable-failing-virnetsockettest.patch
++      - ubuntu/dont-include-non-migrateable-features-in-host-model
++      - ubuntu/upstream-libxl-Allow-libxl-to-find-pygrub-binary.patch
++    - See the 2.1.0-1ubuntu15 and 2.1.0-1ubuntu16 changelogs for related
++      pre-merge drops
++    - Add build-dep to libxml-libxml-perl (no more needed)
++    - apparmor double add /usr/bin/qemu-sparc64 rmix (no function anymore)
++    - apparmor /usr/{lib,lib64}/qemu/block-*.so (in Debian)
++    - apparmor moving /bin/bash rmix in profile (drop non functional delta)
++    - follow Debians style of block-*.so rules for block-extra (drop our
++      functionally equivalent adding/moving of rules)
++    - follow Debians style of lib/lib64 rules (drop a lot of our functional
++      functionally equivalent adding/moving of rules)
++    - accept Upstream style to handle libvirt_iohelper and libvirt_parthelper
++      (stop removing the two rules without an associated bug to reduce delta)
++    - Disabling dep8 smoke tests
++  * Added Changes:
++    - d/t/control, d/t/smoke-qemu-session: fixup smoke-qemu-session by making
++      vmlinuz available and accessible (in discussed with Debian in debbug
++      848314)
++    - d/t/control, d/t/smoke-lxc: fix up lxc smoke test (in discussed with
++      Debian in debbug 848317)
++
++ -- Christian Ehrhardt <christian.ehrhardt@canonical.com>  Tue, 03 Jan 2017 13:58:30 +0100
++
  libvirt (2.5.0-3) unstable; urgency=medium
    * [ba9fcb8] Invoke db_stop.
@@ -1932,6 +5927,192 @@ libvirt (2.1.0-2) unstable; urgency=medium
   -- Guido Günther <agx@sigxcpu.org>  Fri, 19 Aug 2016 10:22:22 +0200
++libvirt (2.1.0-1ubuntu16) zesty; urgency=medium
++
++  * Ensure d/p/ubuntu/9002-default_uri_virsh_to_system.patch is
++    dropped as intended.
++  * Re-Add d/p/ubuntu/apibuild-skip-libvirt-common.h for an issue that
++    transiently occurs on LP builds (real trigger not yet identified, so it
++    can't be upstreamed).
++
++ -- Christian Ehrhardt <christian.ehrhardt@canonical.com>  Wed, 14 Dec 2016 09:30:58 +0100
++
++libvirt (2.1.0-1ubuntu15) zesty; urgency=medium
++
++  * Cleanup Ubuntu Delta prior to next libvirt merge
++    - drop obsolte patches:
++      d/p/ubuntu/cgroups-ignore-systemd-failure,
++      d/p/ubuntu/ubuntu-skip-virstoragetest,
++      d/p/ubuntu/9021-fix-uint64_t.patch,
++      ubuntu/Disable-failing-virnetsockettest.patch (was only comment),
++      d/p/ubuntu/9002-default_uri_virsh_to_system.patch,
++      d/p/ubuntu/ubuntu-xend-probe.patch
++    - clarify dep3 headers to be more useful:
++      d/p/ubuntu/Allow-libvirt-group-to-access-the-socket.patch,
++      d/p/ubuntu/daemon-augeas-fix-expected.patch,
++      d/p/ubuntu/enable-kvm-spice.patch,
++      d/p/ubuntu/dnsmasq-as-priv-user,
++      d/p/ubuntu/disable-network-test.patch
++    - split patch containing unrelated changes into two patches, so parts of
++      d/p/ubuntu/storage-default-permission-mode-to-0711 moved into
++      d/p/ubuntu/storage-disable-gluster-test
++
++ -- Christian Ehrhardt <christian.ehrhardt@canonical.com>  Mon, 12 Dec 2016 11:59:59 +0100
++
++libvirt (2.1.0-1ubuntu14) zesty; urgency=medium
++
++  * d/p/u/apparmor-fix-name-resolution.patch rework the fix to base
++    on the apparmor nameservice abstraction to be future proof (LP: #1546674).
++  * d/p/ubuntu/apparmor-fix-new-devicetypes.patch add new block device types to
++    virt-aa-helpers profile (LP: #1641618)
++  * d/p/u/apparmor-fix-other-seclabels.patch refresh to the now upstream
++    accepted solution (LP: #1633207).
++
++ -- Christian Ehrhardt <christian.ehrhardt@canonical.com>  Thu, 24 Nov 2016 08:06:38 +0100
++
++libvirt (2.1.0-1ubuntu13) zesty; urgency=medium
++
++  * drop d/p/ubuntu/fix-ftbfs-for-gnutls-3-5-6.patch as the offending change
++    in gnutls has been reverted (LP: #1641615)
++  * Build depend on gnutls >= 3.5.6-4ubuntu2 to build after the gnutls fix
++    migrated
++
++ -- Christian Ehrhardt <christian.ehrhardt@canonical.com>  Thu, 17 Nov 2016 08:43:10 +0100
++
++libvirt (2.1.0-1ubuntu12) zesty; urgency=medium
++
++  * d/p/ubuntu/fix-ftbfs-for-gnutls-3-5-6.patch fix FTBFS due to changes in
++    gnutls that affected the ordering on certificate DN entries (LP: #1641615)
++  * Revert "Fix FTBFS on zesty due to issues with concurrent make check" as it
++    was not the right solution.
++
++ -- Christian Ehrhardt <christian.ehrhardt@canonical.com>  Wed, 16 Nov 2016 14:52:17 +0100
++
++libvirt (2.1.0-1ubuntu11) zesty; urgency=medium
++
++  * Fix FTBFS on zesty due to issues with concurrent make check (LP: #1641615)
++
++ -- Christian Ehrhardt <christian.ehrhardt@canonical.com>  Tue, 15 Nov 2016 14:45:52 +0100
++
++libvirt (2.1.0-1ubuntu10) zesty; urgency=medium
++
++  [Simon Déziel]
++  * d/p/u/apparmor-fix-name-resolution.patch adds missing rules for name
++    resolution to virt-aa-helper Apparmor profile (LP: #1546674).
++  * d/p/u/apparmor-fix-debug-threads.patch adds missing rule for debug-threads
++    feature that is now default enabled to Apparmor profile (LP: #1615550).
++
++  [Christian Ehrhardt]
++  * d/p/u/apparmor-fix-other-seclabels.patch fixes an issue parsing non
++    apparmor security labels (LP: #1633207).
++
++ -- Christian Ehrhardt <christian.ehrhardt@canonical.com>  Mon, 24 Oct 2016 14:21:36 +0200
++
++libvirt (2.1.0-1ubuntu9) yakkety; urgency=medium
++
++  * Fix libvirt-guest.sh to handle multiple guests (LP: #1591695).
++
++ -- Stefan Bader <stefan.bader@canonical.com>  Thu, 06 Oct 2016 12:14:05 +0200
++
++libvirt (2.1.0-1ubuntu8) yakkety; urgency=medium
++
++  [ Christian Ehrhardt ]
++
++  * avoid migration postcopy issues by ensuring valid commands (LP: #1620906)
++    - d/p/ubuntu/check-live-for-postcopy.patch Check for --live flag for
++      postcopy-after-precopy migration.
++    - d/p/ubuntu/make-postcopy-mandatory-for-postcopy-after-precopy.patch to
++
++  [ Stefan Bader ]
++
++  * Fix Xenial to Yakkety migration from libvirt-bin.service to
++    libvirtd.service (LP: #1627969).
++  * Update Vcs-Git and Vcs-Browser fields to point to launchpad
++    (LP: #1629210)
++
++  [ Dann Frazier ]
++
++  * Fix FTBS in Yakkety due to missing python dependency (LP: #1629041)
++
++ -- Stefan Bader <stefan.bader@canonical.com>  Fri, 30 Sep 2016 10:11:30 +0200
++
++libvirt (2.1.0-1ubuntu7) yakkety; urgency=medium
++
++  * Enable NUMA support in arm64 builds (LP: #1627926).
++
++ -- dann frazier <dannf@ubuntu.com>  Mon, 26 Sep 2016 23:36:24 -0600
++
++libvirt (2.1.0-1ubuntu6) yakkety; urgency=medium
++
++  * No-change rebuild for readline soname change.
++
++ -- Matthias Klose <doko@ubuntu.com>  Sat, 17 Sep 2016 12:05:33 +0000
++
++libvirt (2.1.0-1ubuntu5) yakkety; urgency=medium
++
++  [ Jon Grimm ]
++
++  * Fix libvirt start failure when security_driver set (LP: #1618592)
++    - qemu: fix qemu.conf security_driver
++
++ -- Stefan Bader <stefan.bader@canonical.com>  Thu, 08 Sep 2016 14:11:47 +0200
++
++libvirt (2.1.0-1ubuntu4) yakkety; urgency=medium
++
++  * Enable systemtap, zfs, numa on s390x.
++  * Enable systemtap on ppc64el.
++
++ -- Dimitri John Ledkov <xnox@ubuntu.com>  Wed, 24 Aug 2016 13:21:29 +0100
++
++libvirt (2.1.0-1ubuntu3) yakkety; urgency=low
++
++  * Really fix the ADT regression and not only the changelog due
++    to somehow ending up on the wrong git branch.
++
++ -- Stefan Bader <stefan.bader@canonical.com>  Wed, 17 Aug 2016 18:31:01 +0200
++
++libvirt (2.1.0-1ubuntu2) yakkety; urgency=low
++
++  * Fix ADT build-test regression(s)
++
++ -- Stefan Bader <stefan.bader@canonical.com>  Wed, 17 Aug 2016 15:18:38 +0200
++
++libvirt (2.1.0-1ubuntu1) yakkety; urgency=low
++
++  * Merged with Debian testing. Remaining changes:
++    - Added changes to use the upstream apparmor profiles with added
++      delta (configurable via apparmor profiles version).
++      * d/p/u/0001-apparmor-add-feature-parsing.patch
++      * d/p/u/0002-apparmor-apply-ubuntu-delta.patch
++      * d/p/u/0003-apparmor-debian-ubuntu-delta.patch
++      * d/p/u/0004-apparmor-ubuntu-delta.patch
++    - Avoiding dependency on sheepdog
++    - Additional apport package-hook
++    - Additional dnsmasq configuration
++    - Additional profile.d script to set default URI
++    - Additional debian/bug-presubj
++    - d/rules: debhelper start virtlogd.socket not virtlockd.service
++    - Modifications to adapt for our delayed switch away from libvirt-bin.
++    - Wait on socket in sysvinit script
++    - Backwards compatible handling of groups and default bridged network
++      creation.
++    - Extended handling of apparmor profiles
++    - Convert libvirt0 and libvirt-dev to multi-arch.
++    - Added a fix for the upstream version of adding better write denials
++      handling to virt-aa-helper.
++    - Convert libnss_libvirt to multi-arch and fix up source location that
++      changed when making libvirt0 multi-arch.
++    - Dropped
++      * upstart script for libvirtd
++      * d/p/lp1588841-000[123]-* (upstream)
++      * d/p/u/qemu-Add-virQEMUCapsSupportsGICVersion.patch (upstream)
++      * d/p/u/qemu-Automatically-choose-usable-GIC-version.patch (upstream)
++      * d/p/u/docs-remove-xpath.patch (xpath removed upstream)
++      * d/p/u/preup-virt-aa-helper-better-write-denials-handling.patch (upstr.)
++      * d/p/u/ubuntu/virt-aa-helper-helpfix.patch (upstream)
++
++ -- Stefan Bader <stefan.bader@canonical.com>  Wed, 13 Jul 2016 13:12:36 +0200
++
  libvirt (2.1.0-1) unstable; urgency=medium
    * Upload to unstable
@@ -2001,6 +6182,103 @@ libvirt (1.3.5~rc1-1) experimental; urgency=medium
   -- Guido Günther <agx@sigxcpu.org>  Mon, 30 May 2016 22:00:33 +0200
++libvirt (1.3.4-1ubuntu6) yakkety; urgency=low
++
++  * Fix libvirtd crashing on libxl domain restore (LP: #1588841).
++    Patches cherry-picked from upsream libvirt git tree.
++    - libxl: switch to using libxl_domain_create_restore from v4.4 API
++    - libxl: support Xen migration stream V2 in save/restore
++    - libxl: support migration stream V2 in migration
++
++ -- Stefan Bader <stefan.bader@canonical.com>  Wed, 08 Jun 2016 14:17:23 +0200
++
++libvirt (1.3.4-1ubuntu5) yakkety; urgency=low
++
++  * Update the correct apparmor profiles to allow AAVMF and qemu-efi
++    firmware for aarch64 (1538882)
++  * Clean up / refresh various patches to finalize switch from libvirt-bin
++    to libvirtd as service name.
++    Drop: d/p/ubuntu/libvirt-bin-service-libvirtd-alias.patch
++    Refresh+Rename: d/p/ubuntu/libvirt-bin-service-set-notifyaccess.patch ->
++                    d/p/ubuntu/libvirtd-service-nolimit.patch
++    Rename: d/p/ubuntu/libvirt-bin-service-set-notifyaccess.patch ->
++            d/p/ubuntu/libvirtd-service-set-notifyaccess.patch
++    Refresh: d/p/ubuntu/libvirtd-service-add-bin-alias.patch
++    Add: d/p/ubuntu/libvirtd-init-add-bin-alias.patch
++  * Change default profile used by libvirtd.service to /etc/default/libvirtd.
++    Drop: d/p/ubuntu/switch-service-files-to-libvirt-bin.patch
++  * Drop virtlockd.service from dh_systemd_start in debian/rules as
++    the service is socket activated (LP: #1588006).
++  * Fix failure to enable libvirtd.service due to lingering libvirt-bin
++    alias. This could happen when the upgrade from a version prior 1.3.3-2
++    happened before 1.3.4-1ubuntu3 (LP: #1588004).
++
++ -- Stefan Bader <stefan.bader@canonical.com>  Thu, 02 Jun 2016 14:50:27 +0200
++
++libvirt (1.3.4-1ubuntu4) yakkety; urgency=medium
++
++  * Re-enable the upstart job by renaming the file.
++  * Include patchby @guessi to continally wait for libvirtd to start when
++    using sysvinit or upstart.  (LP: #1571209)
++
++ -- Serge Hallyn <serge.hallyn@ubuntu.com>  Mon, 23 May 2016 13:50:22 -0500
++
++libvirt (1.3.4-1ubuntu3) yakkety; urgency=medium
++
++  [ dann frazier ]
++  * d/p/u/qemu-Add-virQEMUCapsSupportsGICVersion.patch,
++    d/p/u/qemu-Automatically-choose-usable-GIC-version.patch: If no GIC
++    was specified for an ARM virt guest, choose a GIC version supported
++    by the host. (LP: #1566564)
++
++  [ Serge Hallyn ]
++  * libvirt-bin.preinst: on upgrades from prior to 1.3.3-2, also remove the
++    service file for the Alias - /etc/systemd/system/libvirtd.service.
++    (LP: #1579922)
++
++ -- dann frazier <dannf@ubuntu.com>  Thu, 19 May 2016 08:57:33 -0600
++
++libvirt (1.3.4-1ubuntu2) yakkety; urgency=medium
++
++  * Include installing virtlogd.socket. (LP: #1583009)
++
++ -- Chris J Arges <chris.j.arges@canonical.com>  Wed, 18 May 2016 13:56:08 -0500
++
++libvirt (1.3.4-1ubuntu1) yakkety; urgency=medium
++
++  * Merge 1.3.4-1 from Debian unstable
++  * Drop upstream-applied patches:
++    - conf-also-mark-implicit-video-as-primary.patch
++    - libvirt-socket-fix-group
++  * Remaining changes
++    - keep libvirt-bin transitional package - until 18.10 (for lts-to-lts
++      upgrades)
++    - keep (redundant) libvirtd group if it existed on upgrade - until 18.10
++      (for lts-to-lts upgrades)
++    - keep ubuntu-specific patches
++    - ship apport and dnsmasq files
++    - enable virbr0
++    - ship apparmor from debian/*.  We should push changes upstrema, but
++      cannot sync with debian as apparmor profiles must be processed in
++      debian/rules for cloud archive.
++    - debian/control
++      - enable zfs
++      - disable libssh2 and sheepdog
++      - add libxml-libxml-perl and libcurl4-gnutls-dev
++      - enable libnuma-dev on ppc64el (pushed to Debian)
++      - update release for conflicts/replaces on libvirt-bin to << 1.3.3-2
++    - debian/libvirt-daemon-system.preinst: stop libvirt-bin on certain
++      upgrades.
++      - Multi-arch-ify.
++    - debian/rules: disable selinux and firewalld;  use 'kvm' group; disable
++      ssh2, enable zfs and esx;  process apparmor files for older releases;
++      copy dnsmasq configuration.
++    - debian/tests/control: add extra depends
++  * d/p/ubuntu/apibuild-skip-libvirt-common.h: libvirt-common.h is being
++    included twice leading to build failures - drop it temporarily.
++
++ -- Serge Hallyn <serge.hallyn@ubuntu.com>  Thu, 12 May 2016 12:50:02 -0500
++
  libvirt (1.3.4-1) unstable; urgency=medium
    * Upload to unstable
@@ -2030,6 +6308,65 @@ libvirt (1.3.4~rc1-1) experimental; urgency=medium
   -- Guido Günther <agx@sigxcpu.org>  Wed, 27 Apr 2016 16:51:55 +0200
++libvirt (1.3.3-2ubuntu2) yakkety; urgency=medium
++
++  * debian/rules: fix paths when removing files which should not end up
++    in libvirt-daemon package.
++
++ -- Serge Hallyn <serge.hallyn@ubuntu.com>  Thu, 12 May 2016 13:14:17 -0500
++
++libvirt (1.3.3-2ubuntu1) yakkety; urgency=medium
++
++  * Merge 1.3.3-2 from Debian unstable
++  * Merge new packaging layout
++    - debian/control
++      * add libsanlock-dev, dtrace, systemtap-sdt-dev, librados-dev,
++        libfuse-dev, augeas-tools to Build-Depends.
++      * Drop libcgmanager-dev from Build-Depends.
++      * Add libvirt-clients, libvirt-daemon, and libvirt-daemon-system
++        packages which replace the now-virtual libvirt-bin package.
++      * Drop libvirt0-dbg (is this intential in Debian?)
++      * Add libvirt-sanlock package (this should be in universe)
++  * Switch to 'libvirt' group, keeping the same gid as 'libvirtd'
++    on upgrade.  Keep libvirtd group name on upgrade in case any
++    site scripts use it.
++  * Enable dtrace
++  * Add Debian policy-kit configuration
++  * drop ubuntu/9004-libvirtd-group-name.patch as we are switching to group
++    'libvirt'
++  * Drop obsolete migration scripts:
++    - libvirt-migrate-xend-managed-domains
++    - libvirt-migrate-qemu-disks
++    - libvirt-migrate-qemu-machinetype
++  * Remaining changes:
++    - keep libvirt-bin transitional package - until 18.10 (for lts-to-lts
++      upgrades)
++    - keep (redundant) libvirtd group if it existed on upgrade - until 18.10
++      (for lts-to-lts upgrades)
++    - keep ubuntu-specific patches
++    - ship apport and dnsmasq files
++    - enable virbr0
++    - ship apparmor from debian/*.  We should push changes upstrema, but
++      cannot sync with debian as apparmor profiles must be processed in
++      debian/rules for cloud archive.
++    - debian/control
++      - enable zfs
++      - disable libssh2 and sheepdog
++      - add libxml-libxml-perl and libcurl4-gnutls-dev
++      - enable libnuma-dev on ppc64el (pushed to Debian)
++      - update release for conflicts/replaces on libvirt-bin to << 1.3.3-2
++    - debian/libvirt-daemon-system.preinst: stop libvirt-bin on certain
++      upgrades.
++      - Multi-arch-ify.
++    - debian/rules: disable selinux and firewalld;  use 'kvm' group; disable
++      ssh2, enable zfs and esx;  process apparmor files for older releases;
++      copy dnsmasq configuration.
++    - debian/tests/control: add depends
++  * d/p/ubuntu/conf-also-mark-implicit-video-as-primary.patch: upstream patch
++    to fix failure to start vms with video not explicitly marked as 'primary'
++
++ -- Serge Hallyn <serge.hallyn@ubuntu.com>  Fri, 29 Apr 2016 20:51:48 -0500
++
  libvirt (1.3.3-2) unstable; urgency=medium
    * Upload to unstable
@@ -2081,6 +6418,239 @@ libvirt (1.3.1-2) unstable; urgency=medium
   -- Guido Günther <agx@sigxcpu.org>  Fri, 19 Feb 2016 17:29:27 +0100
++libvirt (1.3.1-1ubuntu11) yakkety; urgency=medium
++
++  [ Stefan Bader ]
++  * Add alias for libvirtd.service into  libvirt-bin.service
++
++  [ Serge Hallyn ]
++  * d/p/u/libvirt-bin-service-set-notifyaccess.patch: Set NotifyAccess=all in
++    libvirt-bin systemd service file. (LP: #1574566)
++
++ -- Serge Hallyn <serge.hallyn@ubuntu.com>  Mon, 18 Apr 2016 13:44:15 -0500
++
++libvirt (1.3.1-1ubuntu10) xenial; urgency=medium
++
++  * d/p/u/virt-aa-helper-apparmor-allow-usr-share-AAVMF-too.patch: Allow
++    access to /usr/share/AAVMF/** and /usr/share/qemu-efi/** for aarch64 UEFI.
++    (LP: #1538882)
++
++ -- William Grant <wgrant@ubuntu.com>  Fri, 15 Apr 2016 12:08:21 +1000
++
++libvirt (1.3.1-1ubuntu9) xenial; urgency=medium
++
++  * Remove the tasks limit on libvirt-bin service (LP: #1567381)
++    This should be un-done when it is properly fixed in the code so
++    that virtual machines are started in their own pids cgroup.
++
++ -- Serge Hallyn <serge.hallyn@ubuntu.com>  Thu, 07 Apr 2016 10:05:01 -0500
++
++libvirt (1.3.1-1ubuntu8) xenial; urgency=medium
++
++  * d/p/u/virt-aa-helper-add-guest-agent-rule.patch: this actually solves
++    the qemu guest agent problem for rhel7 vms for me.  (LP: #1393842)
++    Also drop the mknod rule which isn't needed.
++  * d/apparmor/usr.lib.libvirt.virt-aa-helper: add permission to read under
++    /var/run.  This is needed for some openvswitch info. (LP: #1513367)
++
++ -- Serge Hallyn <serge.hallyn@ubuntu.com>  Fri, 11 Mar 2016 15:01:25 -0800
++
++libvirt (1.3.1-1ubuntu7) xenial; urgency=medium
++
++  * zfs support (LP: #1553023)
++    - Cherrypick upstream patches to support zfs
++    - debian/rules: build with zfs support
++    - debian/control: add zfs as build-dep
++  * d/p/u/virt-aa-helper-no-explicity-deny-for-basefiles.patch: don't mark
++    readonly files with an explicity deny only because the xml marks it
++    as reasonly. (LP: #1554031)
++  * fix typo in virt-aa-helper helptext
++  * fix d/p/u/preup-virt-aa-helper-better-write-denials-handling.patch to
++    not overwrite const memory.
++
++ -- Serge Hallyn <serge.hallyn@ubuntu.com>  Thu, 10 Mar 2016 19:25:54 -0800
++
++libvirt (1.3.1-1ubuntu6) xenial; urgency=medium
++
++  * d/apparmor/libvirt-qemu: generalize the qemu-block-extra libs line.
++    (LP: #1554761)
++  * d/p/ubuntu/virt-aa-helper-add-mknod-for-guest-agent.patch: add mknod
++    capability if there is a qemu guest agent. (LP: #1393842)
++
++ -- Serge Hallyn <serge.hallyn@ubuntu.com>  Wed, 09 Mar 2016 18:45:08 -0800
++
++libvirt (1.3.1-1ubuntu5) xenial; urgency=low
++
++  * Added d/p/ubuntu/preup-virt-aa-helper-better-write-denials-handling.patch
++    and refreshed d/p/ubuntu/9034-complete-9p-support accordingly.
++  * Added d/p/ubuntu/additional-libvirt-guest-tweaks.patch to fix default
++    URI detection when running in a Xen control domain. Also change the
++    default config to do parallel shutdown requests (max. 10) and reduce the
++    timeout to 2 minutes.
++
++ -- Stefan Bader <stefan.bader@canonical.com>  Wed, 09 Mar 2016 09:13:09 +0100
++
++libvirt (1.3.1-1ubuntu4) xenial; urgency=low
++
++  * d/libvirt-bin.virtlockd.init: Replace by the version I had already
++    prepared and was tested (LP: #1547208).
++  * d/libvirt-bin.virtlogd.init: Fix up some left-over references to
++    libvirtd.
++  * d/control: Add provides libvirt-daemon for libvirt-bin (LP: #1551643)
++
++ -- Stefan Bader <stefan.bader@canonical.com>  Tue, 01 Mar 2016 10:58:23 +0100
++
++libvirt (1.3.1-1ubuntu3) xenial; urgency=medium
++
++  * d/libvirt-bin.virtlockd.init: Re-write based on virtlogd init script
++    as upstream provided version is not compatible with Ubuntu/Debian.
++
++ -- James Page <james.page@ubuntu.com>  Mon, 29 Feb 2016 22:24:49 +0000
++
++libvirt (1.3.1-1ubuntu2) xenial; urgency=medium
++
++  * No-change rebuild for gnutls transition.
++
++ -- Matthias Klose <doko@ubuntu.com>  Wed, 17 Feb 2016 22:41:20 +0000
++
++libvirt (1.3.1-1ubuntu1) xenial; urgency=low
++
++  * Merge from Debian unstable.  Remaining changes:
++    - debian/apparmor/{libvirt-lxc,libvirt-qemu,local-usr.sbin.libvirtd,
++      TEMPLATE.lxc,TEMPLATE.qemu,usr.lib.libvirt.virt-aa-helper,
++      usr.sbin.libvirtd} Add apparmor profiles.
++    - Add debian/libvirt-bin.virtlockd.init based on the upstream version
++      src/locking/virtlockd.init.in. This does not seem to get processed
++      by the build.
++    - debian/control:
++      * Add libcurl4-gnutls-dev, libxml-libxml-perl, libcgmanager-dev
++      * Add ppc64el to libnuma-dev arches
++      * Remove libsanlock-dev, libselinux1-dev, systemtap-sdt-dev
++      * Remove python, sheepdog, librados-dev, libfuse-dev
++      * Remove libssh2-1-dev, qemu-system-common, augeas-tools
++      * Don't build libvirt-clients, libvirt-daemon, libvirt-sanlock packages
++      * Keep multiarch changes.
++    - Keep debian/{libvirt-bin.apport,libvirt-bin.cron.daily}
++    - Keep change d/libvirt0.install and d/libvirt-dev.install that
++      adds multi-arch wildcard.
++    - d/libvirt-daemon-system.libvirtd.default ->
++      d/libvirt-bin.libvirt-bin.default
++    - d/libvirt-daemon-system.dirs -> d/libvirt-bin.dirs
++      * Add /etc/apparmor.d/{abstractions,disable,force-complain,local}
++      * Add /etc/cron.daily
++      * Add /usr/share/apport/package-hooks
++      * Add /var/log/libvirt/libxl
++      * Add /etc/dnsmasq.d-available
++      * Remove /usr/share/polkit-1/rules.d/
++      * Remove /var/lib/polkit-1/localauthority/10-vendor.d/
++    - Keep debian/libvirt-bin.dnsmasq
++    - d/libvirt-daemon-system.examples -> d/libvirt-bin.examples
++      * Remove debian/build/daemon/libvirtd.policy
++      * Drop debian/libvirt-suspendonreboot
++    - d/libvirt-daemon-system.libvirtd.init -> d/libvirt-bin.libvirt-bin.init
++      * Add provides libvirt-bin
++      * Change /etc/default/libvirtd into /etc/default/libvirt-bin
++      * Add wait_on_sockfile() and call it during start
++    - d/libvirt-daemon-system.install -> d/libvirt-bin.install
++      * Add usr/bin/*
++      * Add usr/sbin/*
++      * Add etc/apparmor.d/*
++      * Replace etc/libvirt/{libvirtd,virtlockd,virtlogd}.conf -> etc/libvirt/*
++        (since with the clients included there are many more config files)
++      * Add usr/share/polkit-1
++      * Add usr/lib/libvirt/*
++      * Add usr/share/augeas/*
++      * Add usr/share/libvirt/*
++      * Add usr/share/man/man8/*
++      * Add usr/share/apport/package-hooks/source_libvirt.py
++      * Add etc/dnsmasq.d-available/libvirt-bin
++      * Add etc/profile.d/libvirt-uri.sh
++      * Add usr/lib/libvirt
++    - d/libvirt-daemon-system.links -> d/libvirt-bin.links
++      * Replace libvirt-daemon-system with libvirt-bin for libvirt0
++      * Remove libvirt-daemon line
++    - Remove d/libvirt-bin.maintscript
++    - d/libvirt-clients.manpages -> d/libvirt-bin.manpages
++      * Add debian/libvirt-migrate-qemu-disks.1
++      * Add debian/libvirt-migrate-qemu-machinetype.1
++      * Add debian/libvirt-migrate-xend-managed-domains.1
++    - Combined d/libvirt-daemon-system.NEWS and d/libvirt-daemon.NEWS into
++      d/libvirt-bin.NEWS
++    - Keep d/libvirt-bin.{postinst,postrm,preinst} though they probably could
++      be freshly derived from libvirt-daemon counterparts.
++      * Added removal of qemu capability cache (found in Debian) to postinst
++      * Added reload of virtlogd in postinst (following example of virtlockd)
++    - Replace d/libvirt-bin.preinst
++    - Add d/libvirt-bin.upstart
++    - d/libvirt-daemon-system.virtlogd.init -> d/libvirt-bin.virtlogd.init
++    - Remove d/libvirt-clients.install
++    - Remove d/libvirt-clients.links
++    - Remove d/libvirt-daemon.install
++    - Remove d/libvirt-daemon.links
++    - d/libvirt-daemon.README.Debian -> d/libvirt-bin.README.Debian
++      * Replaced access control section
++      * Appended apparmor profile section
++      * Appended disk migration section
++      * Appended qemu/kvm machine type migration section
++    - Remove d/libvirt-daemon-system.{maintscript,postinst,postrm,preinst}
++    - Keep libvirt-migrate-qemu-disks (and manpage)
++    - Keep libvirt-migrate-qemu-machinetype (and manpage)
++    - Keep libvirt-migrate-xend-managed-domains (and manpage)
++    - Remove d/libvirt-sanlock.{cron.weekly,links,install}
++    - Drop d/libvirt-stop-guests
++    - Drop d/libvirt-suspendonreboot (replaced by upstream libvirt-guests)
++    - Keep d/libvirt-uri.sh
++    - Remove d/polkit/60-libvirt.pkla (and polkit directory)
++    - d/tests/control
++      - Add build-essential and pkg-config dependencies to build-test
++    - debian/rules:
++      * Add autoconf stuff (not sure what still really gets used).
++      * Use qemu-group kvm instead of libvirt-qemu
++      * Add SHEEPDOGCLI environment variable to dh_auto_configure
++        override (instead of an DEB_DH_... make variable which no
++        longer takes effect).
++      * Drop --with-secdriver-apparmor --with-apparmor-profiles from
++        WITH_APPARMOR config.
++      * Change WITH_FIREWALLD and WITH_SELINUX settings to disabled.
++      * Change WITH_DTRACE setting to disabled.
++      * Drop DEB_DH_SYSTEMD_START_ARGS_libvirt-bin as it is no longer
++        needed after dropping cdbs.
++      * Add to override_dh_install section
++        - Install apparmor files (and post-processing)
++        - Install apport hooks.
++        - Install migration tools.
++        - Install profile script to autoset URI.
++        - Replace package name libvirt-daemon-system with libvirt-bin.
++        - Debian now copies libvirt-guests.{init,default} and
++          virtlogd.default from upstream source. Copy virtlockd.default
++          as well.
++        - Rename libvirtd.{socket,service} to libvirt-bin.{socket,service}
++        - Change dh_systemd_start to use virtlo{g,ck}d.socket only (the
++          services are supposed to be started by using the sockets.
++        - Move libs and pkgconfig under multiarch directory.
++      * Modify override_dh_auto_clean
++        - Replace package name libvirt-daemon-system with libvirt-bin
++        - Delete upstream files which were copied into debian/.
++      * Add override_dh_gencontrol section which conditionally adds
++        conflicts on apparmor.
++      * Add override_dh_makeshlibs section to pass version info for
++        libvirt0.
++  * Dropped patches:
++    - ubuntu/virt-aa-helper-handle-ovmf (upstream added ovmf paths to
++      restricted_rw)
++  * Refreshed patches:
++    - refreshed d/p/ubuntu/9034-complete-9p-support
++  * New patches
++    - d/ubuntu/libvirt-guests-exclude-dom0.patch
++    - d/ubuntu/libxl-no-dm-check.patch
++    - d/ubuntu/libxl-fix-test-data.patch
++    - d/ubuntu/Debianize-virtlogd-service.patch
++    - d/ubuntu/Debianize-virtlockd-init.patch
++    - d/ubuntu/switch-service-files-to-libvirt-bin.patch
++    - d/ubuntu/libvirt-socket-fix-group.patch
++
++ -- Stefan Bader <stefan.bader@canonical.com>  Fri, 12 Feb 2016 14:46:21 +0100
++
  libvirt (1.3.1-1) unstable; urgency=medium
    [ Guido Günther ]
@@ -2150,6 +6720,151 @@ libvirt (1.3.0~rc1-1) experimental; urgency=medium
   -- Guido Günther <agx@sigxcpu.org>  Fri, 04 Dec 2015 17:12:53 +0100
++libvirt (1.2.21-2ubuntu10) xenial; urgency=medium
++
++  * Multiarchify the library packages.
++
++ -- Matthias Klose <doko@ubuntu.com>  Thu, 28 Jan 2016 16:33:15 +0100
++
++libvirt (1.2.21-2ubuntu9) xenial; urgency=medium
++
++  * debian/rules: Disable cdbs' implicitly generated dh_systemd_start calls.
++    We already call it explicitly with the right options, calling it again
++    with the default options stops libvirt-guests during upgrades.
++    (LP: #1533839)
++
++ -- Martin Pitt <martin.pitt@ubuntu.com>  Mon, 18 Jan 2016 09:10:21 +0100
++
++libvirt (1.2.21-2ubuntu8) xenial; urgency=low
++
++  * d/libvirt-stop-guests: Skip Domain-0 on guest shutdown. Newer
++    versions of libvirt will include dom0 in the list of running domains
++    (with libxl). This special domain must be ignored.
++
++ -- Stefan Bader <stefan.bader@canonical.com>  Thu, 14 Jan 2016 11:35:39 +0100
++
++libvirt (1.2.21-2ubuntu7) xenial; urgency=medium
++
++  * d/apparmor/libvirt-qemu: silence denial to shm/lttng file since shm
++    mountpoint has moved (LP: #1529319)
++
++ -- Serge Hallyn <serge.hallyn@ubuntu.com>  Mon, 11 Jan 2016 11:55:28 -0800
++
++libvirt (1.2.21-2ubuntu6) xenial; urgency=medium
++
++  * d/apparmor/libvirt-qemu: add r access to max_mem_regions vhost module
++    paramater (LP: #1531564)
++
++ -- Serge Hallyn <serge.hallyn@ubuntu.com>  Mon, 11 Jan 2016 11:33:02 -0800
++
++libvirt (1.2.21-2ubuntu5) xenial; urgency=medium
++
++  * SECURITY UPDATE: ACL bypass using storage pool directory traversal
++    - debian/patches/CVE-2015-5313.patch: filter filesystem volume names in
++      src/storage/storage_backend_fs.c.
++    - CVE-2015-5313
++
++ -- Marc Deslauriers <marc.deslauriers@ubuntu.com>  Fri, 08 Jan 2016 10:32:17 -0500
++
++libvirt (1.2.21-2ubuntu4) xenial; urgency=medium
++
++  * Revert Ubuntu-specific patch to build-depend on libsystemd-daemon-dev
++    instead of libsystemd-dev; libsystemd-daemon-dev is no longer built from
++    systemd source so we want libsystemd-dev.
++
++ -- Colin Watson <cjwatson@ubuntu.com>  Tue, 29 Dec 2015 00:31:16 +0000
++
++libvirt (1.2.21-2ubuntu3) xenial; urgency=medium
++
++  * Fix build-test autopkgtest: it now expects to run with the current
++    directory set to the root of the unpacked source package, writes to
++    $ADTTMP rather than to the source package, and declares dependencies on
++    build-essential and pkg-config.
++
++ -- Colin Watson <cjwatson@ubuntu.com>  Mon, 28 Dec 2015 05:25:54 +0000
++
++libvirt (1.2.21-2ubuntu2) xenial; urgency=medium
++
++  * d/apparmor/libvirt-qemu: add permission to the systemd-mounted hugepages
++    path.  (LP: #1524737)
++
++ -- Serge Hallyn <serge.hallyn@ubuntu.com>  Thu, 17 Dec 2015 10:49:18 -0800
++
++libvirt (1.2.21-2ubuntu1) xenial; urgency=medium
++
++  * Merge from Debian unstable.  Remaining changes:
++    - debian/apparmor/{libvirt-lxc,libvirt-qemu,local-usr.sbin.libvirtd,
++      TEMPLATE.lxc,TEMPLATE.qemu,usr.lib.libvirt.virt-aa-helper,
++      usr.sbin.libvirtd} Add apparmor profiles.
++    - debian/bug-presubj: removed
++    - debian/control:
++      - add cdbs, dh-autoreconf, libcurl4-gnutls-dev
++      - add libxml-libxml-perl, libhal-dev
++      - swap open-iscsi to open-iscsi-utils
++      - Enable numa support on ppc64el.
++      - remove libsanlock-dev, libselinux1-dev
++      - use libsystemd-daemon-dev instead of libsystemd-dev
++      - remove systemtap-sdt-dev, python, sheepdog, librados-dev, libfuse-dev
++      - remove libssh2-1, augeas-tools
++      - add libcgmanager-dev, xsltproc
++      - remove Vcs-Git
++      - adjust X-Python-Version > 2.7
++      - don't build libvirt-clients, libvirt-daemon, libvirt-sanlock packages
++    - keep debian/{libvirt-bin.apport,libvirt-bin.cron.daily}
++    - debian/libvirt-daemon.* has been mostly renamed to debian/libvirt-bin.*
++    - add upstart script for libvirt-bin
++    - debian/*.{links,maintscript} files not added
++    - keep ubuntu maintscript modifications
++    - debian/libvirt-sanlock* not merged
++    - debian/libvirt-clients* not merged
++    - keep debian/{libvirt-migrate-qemu-disks.*,
++      libvirt-migrate-qemu-machinetype.*,
++      libvirt-migrate-xend-managed-domains.*}
++    - keep debian/libvirt-suspendonreboot
++    - keep debian/libvirt-uri.sh
++    - debian/polkit/* not added
++    - debian/README.Debian:
++      - add 'Apparmor Profile' section
++      - add 'Disk migration' section
++    - debian/rules:
++      - add cdbs and autoconf stuff
++      - don't build WITH_SANLOCK, WITH_INIT_SCRIPT, WITH_SYSTEMD, WITH_FIREWALLD
++        WITH_SELINUX
++      - use qemu-group kvm instead of libvirt-qemu
++      - set DEB_DH_INSTALLINIT_ARGS to '--upstart-only'
++      - remove auto_test section
++      - add build/libvirt-bin:: section to install
++        - apparmor files
++        - apport hooks
++        - libvirt-migrate-qemu-disks
++      - use clean:: instead of dh_*clean
++    - Move ubuntu specific patches to 'debian/patches/ubuntu'
++  * Dropped patches:
++    - drop 9033-apparmor-use-TEMPLATE.qemu-for-kvm.patch (upstream 16d2bc8b)
++    - drop 9036-util-prepare-uri-for-libxml2-2.9.2.patch (upstream 8f17d0ea)
++    - drop 9040-virt-aa-helper-add-unix-channels (upstream 03d7462d)
++    - drop CVE-2014-3633.patch (upstream 3e745e8f)
++    - drop CVE-2014-3657.patch (upstream fc22b2e7)
++    - drop CVE-2014-7823.patch (upstream b1674ad5)
++    - drop Don-t-fail-if-we-can-t-setup-avahi.patch (dropped in debian)
++    - drop add-ppc64le-support.patch (upstream 9265fd19, addce06c, 1e911742,
++      bdbe723f, 5e4f49ab)
++    - drop blockdev-migration patches (upstream 1049a8d8, 9c5efd1a, cb7297c1,
++      a5250449, e9ef8565, 952907f5, 5eb03b6e, 93a19e28, a4e92f9e, de0aeafe)
++    - storage-allow-zero-capacity-with-non-backing-file-to.patch,
++      tests-add-vol-qcow2-zerocapacity-test-to-storagevolx.patch
++      (upstream 0bcda653, b8cc0cc5)
++    - ubuntu/fix-ubuntu-xen-qemu-dm-path.patch dropped in favor of
++      Allow-xen-toolstack-to-find-it-s-binaries.patch
++    - drop ubuntu-libxl-Implement-basic-video-device-selection.patch
++      (upstream 1298daca)
++    - remove dont-include-non-migrateable-features-in-host-model
++      (upstream and not included in series)
++    - remove upstream-libxl-Allow-libxl-to-find-pygrub-binary.patch
++      (upstream and not included in series)
++
++ -- Chris J Arges <chris.j.arges@canonical.com>  Wed, 02 Dec 2015 12:06:09 -0600
++
  libvirt (1.2.21-2) unstable; urgency=medium
    * [014a0c7] Add a build test to verify that the we can link against libvirt
@@ -2262,22 +6977,179 @@ libvirt (1.2.18-1) experimental; urgency=medium
   -- Guido Günther <agx@sigxcpu.org>  Tue, 11 Aug 2015 21:19:43 +0200
--libvirt (1.2.16-2) unstable; urgency=medium
++libvirt (1.2.16-2ubuntu14) xenial; urgency=medium
--  * [0266267] Build-Depend and suggest nfs-common
--    for showmount
--    Thanks to Laurent Bigonville (Closes: #787783)
--  * [a48c783] Build depend on libpolkit-gobject-1-dev
--    to properly detect uid support in pkcheck.
--    Thanks to Laurent Bigonville (Closes: #787782)
--  * [3d0fe35] Enable firewalld support.
--    Thanks to Laurent Bigonville (Closes: #714372)
++  * debian/apparmor/libvirt-qemu: add a bunch of newly available qemu-*
++    architecture binaries. (LP: #1519030)
-- -- Guido Günther <agx@sigxcpu.org>  Fri, 05 Jun 2015 10:12:28 +0200
++ -- Dimitri John Ledkov <xnox@ubuntu.com>  Mon, 23 Nov 2015 17:42:52 +0000
--libvirt (1.2.16-1) unstable; urgency=medium
++libvirt (1.2.16-2ubuntu13) xenial; urgency=medium
--  * Upload to unstabl
++  * debian/control: switch ebtables from Recommends to Depends or default
++    configuration network doesn't get created. (LP: #1505576)
++
++ -- Marc Deslauriers <marc.deslauriers@ubuntu.com>  Thu, 05 Nov 2015 15:14:04 -0600
++
++libvirt (1.2.16-2ubuntu12) xenial; urgency=medium
++
++  * virt-aa-helper apparmor policy:  add 'network inet6' (LP: #1511830)
++
++ -- Serge Hallyn <serge.hallyn@ubuntu.com>  Mon, 02 Nov 2015 11:49:56 -0600
++
++libvirt (1.2.16-2ubuntu11) wily; urgency=medium
++
++  * Fix the preinst and postinst: the check for whether libvirt-bin was
++    running was wrong for upstart systems, but we don't need to do that
++    anyway - just stop libvirt-bin unconditionally.  (LP: #1499199)
++  * libvirt-guests.service: fix libvirtd.service -> libvirt-bin.service
++
++ -- Serge Hallyn <serge.hallyn@ubuntu.com>  Sun, 27 Sep 2015 15:47:08 +0000
++
++libvirt (1.2.16-2ubuntu10) wily; urgency=medium
++
++  * Add qemu-block-extra libraries to libvirt apparmor profile (LP: #1495895)
++
++ -- Ryan Harper <ryan.harper@canonical.com>  Wed, 16 Sep 2015 13:20:48 -0500
++
++libvirt (1.2.16-2ubuntu9) wily; urgency=medium
++
++  * Add upstream patches implementing a '--migrate-disks' option to virsh
++    migrate to specify block devices to migrate.  (LP: #1398999)
++
++ -- Serge Hallyn <serge.hallyn@ubuntu.com>  Fri, 04 Sep 2015 09:29:52 -0500
++
++libvirt (1.2.16-2ubuntu8) wily; urgency=medium
++
++  * Support OVMF images in virt-aa-helper.  (LP: #1483071)
++  * Fix the libvirt-bin.preinst to not stop libvirt-bin on upgrade
++    from 1.2.16-2ubuntu7.
++
++ -- Serge Hallyn <serge.hallyn@ubuntu.com>  Fri, 14 Aug 2015 07:34:30 -0500
++
++libvirt (1.2.16-2ubuntu7) wily; urgency=medium
++
++  * Stop libvirt-bin at pre-inst if upgrading from a non-systemd version,
++    restart at postinst.  (This can be removed after 16.04 release)
++  * Commonize stopping of vms in upstart/systemd.
++
++ -- Serge Hallyn <serge.hallyn@ubuntu.com>  Tue, 11 Aug 2015 17:40:36 -0500
++
++libvirt (1.2.16-2ubuntu6) wily; urgency=medium
++
++  * Add systemd units and libvirt-stop-guests script to stop VMs before
++    a host completes shutdown  (LP: #1480440)
++
++ -- Serge Hallyn <serge.hallyn@ubuntu.com>  Tue, 11 Aug 2015 15:42:29 -0500
++

Ubuntulibvirt package

Merge ~sergiodj/ubuntu/+source/libvirt:merge-10.10.0-1-plucky into ubuntu/+source/libvirt:debian/sid

Commit message

Description of the change

Preview Diff

Subscribers

Ubuntu
libvirt package