ubuntu/+source/libvirt:ubuntu/eoan-devel

Last commit made on 2019-09-05
Get this branch:
git clone -b ubuntu/eoan-devel https://git.launchpad.net/ubuntu/+source/libvirt
Members of Ubuntu Server Dev import team can upload to this branch. Log in for directions.

Branch merges

Branch information

Name:
ubuntu/eoan-devel
Repository:
lp:ubuntu/+source/libvirt

Recent commits

88688c8... by Matthias Klose on 2019-09-05

Import patches-unapplied version 5.4.0-0ubuntu5 to ubuntu/eoan-proposed

Imported using git-ubuntu import.

Changelog parent: 7ec96dbcdb4a2aa965e0b9ba730e3506cd5f9581

New changelog entries:
  * No-change upload with strops.h and sys/strops.h removed in glibc.

7ec96db... by Christian Ehrhardt  on 2019-08-20

Import patches-unapplied version 5.4.0-0ubuntu4 to ubuntu/eoan-proposed

Imported using git-ubuntu import.

Upload parent: e70cfc7d309458fb0e4291f5cdea18bcda50fa21

e70cfc7... by Christian Ehrhardt  on 2019-08-20

changelog: make libvirt able to handle arch_capabilities cpu features (LP: #1828495)

Signed-off-by: Christian Ehrhardt <email address hidden>

5a20ec4... by Christian Ehrhardt  on 2019-08-20

d/p/ubuntu/lp-1828495-*: make libvirt able to handle arch_capabilities cpu features (LP: #1828495)

841c9a1... by Marc Deslauriers on 2019-07-02

Import patches-unapplied version 5.4.0-0ubuntu3 to ubuntu/eoan-proposed

Imported using git-ubuntu import.

Changelog parent: 0e90bc58da2d78b3176a3c9eaad8b023de4693de

New changelog entries:
  * SECURITY UPDATE: virDomainSaveImageGetXMLDesc does not check for
    read-only connection
    - debian/patches/CVE-2019-10161.patch: add check to
      src/libvirt-domain.c, src/qemu/qemu_driver.c,
      src/remote/remote_protocol.x.
    - CVE-2019-10161
  * SECURITY UPDATE: virDomainManagedSaveDefineXML does not check for
    read-only connection
    - debian/patches/CVE-2019-10166.patch: add check to
      src/libvirt-domain.c.
    - CVE-2019-10166
  * SECURITY UPDATE: virConnectGetDomainCapabilities does not check for
    read-only connection
    - debian/patches/CVE-2019-10167.patch: add check to
      src/libvirt-domain.c.
    - CVE-2019-10167
  * SECURITY UPDATE: virConnect*HypervisorCPU do not check for read-only
    connection
    - debian/patches/CVE-2019-10168.patch: add checks to
      src/libvirt-host.c.
    - CVE-2019-10168

0e90bc5... by Christian Ehrhardt  on 2019-06-19

Import patches-unapplied version 5.4.0-0ubuntu2 to ubuntu/eoan-proposed

Imported using git-ubuntu import.

Changelog parent: 49216aebadbd2d40b20d08c9b8bc4b3a10e03193

New changelog entries:
  * d/p/ubuntu-aa/lp-1833040-Add-openGraphicsFD-rule-for-named-profile.patch:
    avoid issues with remote screen connections like virt-manager due to
    apparmor changes in libvirt 5.1 (LP: #1833040)

49216ae... by Christian Ehrhardt  on 2019-06-07

Import patches-unapplied version 5.4.0-0ubuntu1 to ubuntu/eoan-proposed

Imported using git-ubuntu import.

Changelog parent: a4b3d4aca4c2da65d1949b4fd31eb31434b88dc7

New changelog entries:
  * Merged with Debian git 5.3.0-1~1.gbp7b1637 and upstreams 5.4 release
    Among many other new features and fixes this includes fixes for:
    LP: #1759509 - virsh dompmwakeup fails to wake VM from dompmsuspend state
    Remaining changes:
    - Disable libssh2 support (universe dependency)
    - Disable firewalld support (universe dependency)
    - Set qemu-group to kvm (for compat with older ubuntu)
    - Additional apport package-hook
    - Autostart default bridged network (As upstream does, but not Debian).
      In addition to just enabling it our solution provides:
      + do not autostart if subnet is already taken (e.g. in guests).
      + iterate some alternative subnets before giving up
    - d/p/ubuntu/Allow-libvirt-group-to-access-the-socket.patch: This is
      the group based access to libvirt functions as it was used in Ubuntu
      for quite long.
      + d/p/ubuntu/daemon-augeas-fix-expected.patch fix some related tests
        due to the group access change.
      + d/libvirt-daemon-system.postinst: add users in sudo to the libvirt
        group.
    - ubuntu/parallel-shutdown.patch: set parallel shutdown by default.
    - Update Vcs-Git and Vcs-Browser fields to point to launchpad
    - Xen related
      - d/p/ubuntu/ubuntu-libxl-qemu-path.patch: this change was split. The
        section that adapts the path of the emulator to the Debian/Ubuntu
        packaging is kept.
      - d/p/ubuntu/ubuntu-libxl-Fix-up-VRAM-to-minimum-requirements.patch: auto
        set VRAM to minimum requirements
      - d/p/ubuntu/xen-default-uri.patch: set default URI on xen hosts
      - Add libxl log directory
      - libvirt-uri.sh: Automatically switch default libvirt URI for users on
        Xen dom0 via user profile (was missing on changelogs before)
    - d/p/ubuntu/apibuild-skip-libvirt-common.h: drop libvirt-common.h from
      included_files to avoid build failures due to duplicate definitions.
    - Update README.Debian with Ubuntu changes
    - Enable some additional features on ppc64el and s390x (for arch parity)
      + systemtap, zfs, numa and numad on s390x.
      + systemtap on ppc64el.
    - d/t/control, d/t/smoke-qemu-session: fixup smoke-qemu-session by making
      vmlinuz available and accessible (Debian bug 848314)
    - d/t/control, d/t/smoke-lxc: fix up lxc smoke test isolation
    - d/p/ubuntu/ubuntu_machine_type.patch: accept ubuntu types as pci440fx
    - Further upstreamed apparmor Delta, especially any new one
      Our former delta is split into logical pieces and is either Ubuntu only
      or is part of a continuous upstreaming effort.
      Listing related remaining changes in debian/patches/ubuntu-aa/:
      + 0001-apparmor-Allow-pygrub-to-run-on-Debian-Ubuntu.patch: apparmor:
        Allow pygrub to run on Debian/Ubuntu
      + 0003-apparmor-libvirt-qemu-Allow-read-access-to-overcommi.patch:
        apparmor, libvirt-qemu: Allow read access to overcommit_memory
      + 0007-apparmor-libvirt-qemu-Allow-owner-read-access-to-PRO.patch:
        apparmor, libvirt-qemu: Allow owner read access to @{PROC}/*/auxv
      + 0017-apparmor-virt-aa-helper-Allow-access-to-tmp-director.patch:
        apparmor, virt-aa-helper: Allow access to tmp directories
      + ubuntu-aa/0020-virt-aa-helper-ubuntu-storage-paths.patch:
        apparmor, virt-aa-helper: Allow various storage pools and image
        locations
      + 0021-apparmor-virt-aa-helper-Add-openvswitch-support.patch:
        apparmor, virt-aa-helper: Add openvswitch support
      + 0029-appmor-libvirt-qemu-Add-9p-support.patch: appmor,
        libvirt-qemu: Add 9p support
      + 0030-virt-aa-helper-Complete-9p-support.patch: virt-aa-helper:
        add l to 9p file options.
      + 0031-virt-aa-helper-Ask-for-no-deny-rule-for-readonly-dis.patch:
        virt-aa-helper: Ask for no deny rule for readonly disk (renamed and
        reworded, was virt-aa-helper-no-explicity-deny-for-basefiles.patch)
      + 0032-apparmor-libvirt-qemu-Allow-reading-charm-specific-c.patch:
        apparmor, libvirt-qemu: Allow reading charm-specific ceph config
      + 0033-UBUNTU-only-apparmor-for-kvm.powerpc-LP-1680384.patch: allow
        commands executed by ubuntu only kvm wrapper on ppc64el
        (LP 1686621 LP 1680384 LP 1784023)
      + 0034-apparmor-virt-aa-helper-access-for-snapped-nova.patch:
        apparmor, virt-aa-helper: access for snapped nova
      + d/p/ubuntu-aa/0050-local-include-for-libvirt-qemu.patch,
        d/libvirt-daemon-system.postinst: provide a local apparmor include
        for abstraction/libvirt-qemu (LP: 1786019)
      + d/p/ubuntu-aa/lp-1815910-allow-vhost-net.patch: avoid apparmor issues
        with vhost-net/vhost-vsock/vhost-scsi hotplug (LP: 1815910)
    - d/rules: enable build time self tests on all architectures
    - dnsmasq related enhancements
      + run dnsmasq as libvirt-dnsmasq (LP: 1743718)
      + d/libvirt-daemon-system.postinst: add libvirt-dnsmasq user and group
      + d/libvirt-daemon-system.postrm: remove libvirt-dnsmasq user and group
        on purge
      + d/p/ubuntu/dnsmasq-as-priv-user: write dnsmasq config with user
        libvirt-dnsmasq and adapt the self tests to expect that config
      + d/libvirt-daemon-system.postinst: fix old libvirt-dnsmasq users group
      + Add dnsmasq configuration to work with system wide dnsmasq-base
    - debian/rules: disable the netcf backend. (LP: 1764314)
    - debian/control: drop libnetcf from Build-Depends.
    - debian/patches/ubuntu/ovmf_paths.patch: adjust paths to secboot.fd UEFI
      Secure Boot enabled variants of the OVMF firmware and variable store for
      the paths where we ship these files in Ubuntu.
    - d/rules: install virtlockd correctly with defaults file (LP: 1729516)
    - d/rules: also check build time self test results on all architectures
    - d/p/ubuntu/set-default-machine-to-ubuntu.patch: to select default
      machine type correctly with newer qemu/libvirt
    - d/t/control: fix smoke-qemu-session by ensuring the service will run
      installing libvirt-daemon-system
    - d/t/smoke-lxc: fix smoke-lxc by ignoring potential issues on destroy as
      long as the following undefine succeeds
    - avoid service dependency issues on upgrade (LP: 1786179)
      This will in the long term be resolved in dh_* tools, but to let an
      upgrade work for now we need to drop the sysV scripts (which we don't
      use anyway) and slightly modify the systemd service to work with todays
      dh_systemd_start properly. Can be dropped once Debian bug 905772 is
      resolved in dh_* tools and libvirt uses those new code.
      - d/libvirt-daemon-system.virtlogd.init: removed sysV init file
      - d/libvirt-daemon-system.libvirtd.init: removed sysV init file
      - debian/libvirt-daemon-system.maintscript: rm_conffile for virtlogd
        and lbivirtd sysV init file
      - d/p/ubuntu/avoid-restarting-virtlog-socket.patch: drop Also references
        to virtlogd/virtlockd sockets as they would imply a restart of
        virtlogd breaking it.
      - d/t/smoke-lxc: use systemd instead of sysV to restart the service
  * Added Changes:
    - Refreshed patches to match new upstream
      - d/p/Reduce-udevadm-settle-timeout-to-10-seconds.patch
      - d/p/ubuntu/ubuntu_machine_type.patch
    - d/control: Revert iptables/ebtables dependency as Eoan still is on 1.6.x
      This can be dropped once >=1.8.1
    - d/rules: adapt iptables binary paths present in Eoan (LP: #1832297)
      This can be dropped once >=1.8.1
    - d/p/ubuntu/dnsmasq-as-priv-user: update to include the new test
      nat-network-mtu
    - revert [c3c4cd4] drop in helper for firewalld as it is disabled on
      Ubuntu [can be squashed with the disabling of firewalld on next merge]
    - d/libvirt0.symbols: bump symbol versions for 5.4.0
    - d/rules: add --no-restart-after-upgrade to services that are supposed to
      stay up through upgrades - this also applies to related sockets.
  * Dropped Changes (upstream)
    - d/p/ubuntu-aa/lp-1804766-*: Allow rendering node access as needed
      for the ease use of mdev and gl devices (LP: 1804766)
    - d/p/ubuntu/lp-1771662-*: fix handling of VFs without associated PF
      (LP: 1771662)
    - d/p/ubuntu/lp-1825195-*.patch: fix issues with old guests that defined
      the never functional osxsave and ospke features (LP: 1825195).
    - d/p/ubuntu-aa/lp-1829223-virt-aa-helper-allow-vhost-scsi.patch fix
      vhost-scsi hotplug in virt-aa-helper (LP: 1829223)
    - SECURITY UPDATE: Add support for md-clear functionality
      + debian/patches/ubuntu/md-clear.patch: Define md-clear CPUID bit in
        src/cpu_map/x86_features.xml.
      + CVE-2018-12126, CVE-2018-12127, CVE-2018-12130, CVE-2019-11091
    - Implement further apparmor rules for usage of gl enabled
      graphics (LP: 1815452)
      + d/p/ubuntu-aa/lp-1815452-more-gl-rules.patch
      + d/p/ubuntu-aa/lp-1815452-virt-aa-helper-rule.patch
    - Implement further apparmor rules for usage of gl enabled
      graphics with nvidia cards (LP: 1817943)
      + d/p/ubuntu-aa/lp-1817943-nvidia-gl-rules.patch
      + d/p/ubuntu-aa/lp-1817943-devices-in-sysfs.patch
  * Dropped Changes (in Debian)
    - d/rules: strip -Bsymbolic-functions from linker flags as it breaks
      libvirt tests
  ** SNAPSHOT build @7b1637605da9224c46ebf3a243fa725d643e7556 **
  [ Guido Günther ]
  * [fb43676] d/control: Drop dh-autoreconf build-dep.
    Not needed for dh compat > 10.
  * [81d21d5] d/not-installed: Use multi-arch dirs.
    Files moved during the dh12 switch.
  * [428ad14] New upstream version 5.3.0~rc2
  * [641e532] New upstream version 5.3.0
  [ Christian Ehrhardt ]
  * [c28c3b3] d/libvirt0.install: install translations
  * [c3c4cd4] d/libvirt-daemon-system.install: drop in helper for firewalld
  * [3e8b43c] d/not-installed: ignore default files /etc/sysconfig
  * [c223d7f] d/libvirt-daemon-system.examples: ship sysctl config as example
  * [f19acf6] d/libvirt-daemon-system.install: ship libxl-sanlock.conf
    (Closes: #919484)
  [ Andrea Bolognani ]
  * [6a2eae3] Simplify and improve watch file.

a4b3d4a... by Guido Günther on 2019-04-22

Import patches-unapplied version 5.2.0-2 to debian/experimental

Imported using git-ubuntu import.

Changelog parent: 2d7ea0099eed3bc9a012bab7c788fabd31e92b1c

New changelog entries:
  [ Guido Günther ]
  * [1ec90c0] d/compat: Switch to debhelper level 12
      * [fb6dd18] d/rules: s/no-restart-on-upgrade/no-stop-on-upgrade/
      * [3764b71] d/rules: --prallel not needed anymore
      * [1d92095] d/control: Add ${misc:Pre-Depends} for
        libvirt-daemon-system. This makes sure we pull in recent enough
        init-system-helpers
  * [02a155b] d/rules: Switch to dh_installsystemd
    dh_systemd_start is no longer used.
  * [bcad111] d/control: Fix typo
  * [8609192] d/control: Drop Debian revision on iptables build-dep. Any
    version greater than 1.8.1 will do.
  * [447dd58] libnss-libvirt: Install libnss_libvirt-guest as well
    (Closes: #910288)
  * [4fb7d11] d/control: Build-depend on libglusterfs-dev.
    Since this is a recent addition we can drop the versioned dependency.
    (Closes: #919663)
  * [7b4ffeb] d/rules: Newer debhelper puts the libs into multi arch dirs.
    There's no need to move them manually anymore.
  [ Andrea Bolognani ]
  * [dd9cdaa] Use HTTPS for all URLs.
    This gets rid of the debian-watch-uses-insecure-uri informational Lintian
    tag, and then some.
  * [faaec12] Minimize upstream's signing key.
    This gets rid of the public-upstream-key-not-minimal informational Lintian
    tag.
  * [8a0e6f1] Remove Priority field from binary packages.
    This gets rid of the binary-control-field-duplicates-source informational
    Lintian tag.
  [ Christian Ehrhardt ]
  * [08f3a23] d/libvirt-clients.manpages: add virkeycode and virkeyname man
    pages.
  * [0f359de] d/rules: mv logrotate files to silence dh_missing
  * [f36ca33] dh_missing: ignore warning on libtool .la file

2d7ea00... by Andrea Bolognani on 2019-04-07

Import patches-unapplied version 5.2.0-1 to debian/experimental

Imported using git-ubuntu import.

Changelog parent: 250ab23e9cc1058cc643138d8baa0c11280d6d84

New changelog entries:
  * Team upload.
  [ Christian Ehrhardt ]
  * [3997186] d/libvirt-daemon-system.maintscript: remove obsolete conffile
    /etc/logrotate.d/libvirtd.uml became obsolete since UML was dropped in
    libvirt 5.0 (Closes: #920574)
  * [c64d020] d/libvirt-daemon-system.libvirtd.default: clarify libvirtd_opts
    example (Closes: #921713)
  [ Guido Günther ]
  * [dd9d74f] New upstream version 5.2.0
  * [790365e] CVE-2019-3886: Don't allow unprivileged users to use the guest
    agent. Apply upstream patches
    remote-enforce-ACL-write-permission-for-getting-guest-tim.patch
    api-disallow-virDomainGetHostname-for-read-only-connectio.patch
    (Closes: #926418)
  [ Andrea Bolognani ]
  * [453f85d] Rediff patches. The patches
    security-aa-helper-allow-virt-aa-helper-to-read-dev-dri.patch
    security-aa-helper-generate-more-rules-for-gl-devices.patch
    security-aa-helper-gl-devices-in-sysfs-at-arbitrary-depth.patch
    security-aa-helper-nvidia-rules-for-gl-devices.patch
    virt-aa-helper-generate-rules-for-gl-enabled-graphics-dev.patch
    are included in libvirt 5.2.0 and have thus been dropped.
  * [a4294ef] Bump symbol versions.
  * [68394f6] Add tests-Avoid-writing-into-HOME-during-virsh-snapshot.patch

250ab23... by Guido Günther on 2019-03-28

Import patches-unapplied version 5.1.0-1 to debian/experimental

Imported using git-ubuntu import.

Changelog parent: c5844716a3e6ee945a71994e8cda76461a9c38d5

New changelog entries:
  [ Laurent Bigonville ]
  * [76e2cb7] Don't recommend ebtables.
    It's part of the iptables package now. (Closes: #918472)
  [ Guido Günther ]
  * [5814c89] New upstream version 5.1.0
  * [55d063d] Rediff patches
  * [1102dae] d/gbp.conf: Switch to experimental
  * [cdf3787] d/rules: Adjust to now versioned wireshark module path