-
libvirt (5.0.0-4+deb10u1) buster; urgency=medium
[ Tobias Wolter ]
* [711f612] apparmor: Allow one to run pygrub
[ Guido Günther ]
* [3bcbf56] Don't render osxsave, ospke into QEMU comman line.
This helps newer QEMU with some configs generated by virt-install.
Thanks to Michal Arbet for digging out the patches (Closes: #944248)
-- Guido Günther <email address hidden> Thu, 05 Dec 2019 00:22:14 +0100
-
libvirt (5.0.0-4) unstable; urgency=medium
* [0fdc2af] Fix multiple CVEs related to privilege escalations on R/O
connections.
- CVE-2019-10161:
CVE-2019-10161-api-disallow-virDomainSaveImageGetXMLDesc-.patch
- CVE-2019-10166:
api-disallow-virDomainManagedSaveDefineXML-on-read-only-c.patch
- CVE-2019-10167:
api-disallow-virConnectGetDomainCapabilities-on-read-only.patch
- CVE-2019-10168:
api-disallow-virConnect-HypervisorCPU-on-read-only-connec.patch
* Include /etc/pki/qemu in apparmor (Closes: #930100)
-- Guido Günther <email address hidden> Mon, 17 Jun 2019 19:05:40 +0200
-
libvirt (5.0.0-3) unstable; urgency=medium
[ Guido Günther ]
* [6bc6e60] CVE-2019-10132: Fix vir{lock,log}d socket access.
All patches were cherry-picked from upstream's v5.0-maint branch.
(Closes: #929334)
* [09016dd] d/patches: Move security fixes into security/
[ Joachim Falk ]
* [5d96699] lxc: Fix killing of lxc containers if cgroup backend v2 is
unavailable.
(Closes: #926999)
* [ea7a491] lxc: Fix container shutdown and host reboot
(Closes: #927310, #897394)
-- Guido Günther <email address hidden> Wed, 22 May 2019 12:31:08 +0200
-
libvirt (5.0.0-2) unstable; urgency=medium
[ Laurent Bigonville ]
* [76e2cb7] Don't recommend ebtables. It's part of the iptables package now.
(Closes: #918472)
[ intrigeri ]
* [d7a7218] Fix virtio-gpu + virgl support by cherry-picking upstream
commits virt-manager in current sid still creates new VMs with QXL
graphics by default, so this bug only affects users who opt in for
virtio-gpu 3D acceleration. Still, the option for virtio-gpu + 3D
acceleration is offered in the virt-manager GUI, so having it broken by
default is an important problem.
(Closes: #916587)
[ Christian Ehrhardt ]
* [3997186] d/libvirt-daemon-system.maintscript: remove obsolete conffile
/etc/logrotate.d/libvirtd.uml became obsolete since UML was dropped in
libvirt 5.0 (Closes: #920574)
* [c64d020] d/libvirt-daemon-system.libvirtd.default: clarify libvirtd_opts
example (Closes: #921713)
[ Guido Günther ]
* [790365e] CVE-2019-3886: Don't allow unprivileged users to use the guest
agent. Apply upstream patches
remote-enforce-ACL-write-permission-for-getting-guest-tim.patch
api-disallow-virDomainGetHostname-for-read-only-connectio.patch
(Closes: #926418)
-- Guido Günther <email address hidden> Sun, 07 Apr 2019 12:36:21 +0200
-
libvirt (5.0.0-1) unstable; urgency=medium
* [7346f30] New upstream version 5.0.0
* [1c46a4c] Drop sheepdog support (Closes: #908071)
* [b88175f] Bump symbol versions
* [c13a8da] Rediff patches
-- Guido Günther <email address hidden> Wed, 16 Jan 2019 10:31:33 +0100
-
libvirt (4.10.0-2) unstable; urgency=medium
[ Marcin Juszkiewicz ]
* [d143d3c] update Vcs-git tags to point to salsa.debian.org
* [96995c1] Fix versions in *.NEWS files
* [8e8286d] Don't mark bash completion as executable
* [72f8ed3] Use multiarch layout.
Based on the on what Ubuntu does (Closes: #813062)
* [9b52c21] Use dpkg-buildflags on configure
to e.g. get the proper hardening flags.
[ Andrea Bolognani ]
* [684bb89] Move data files from libvirt-daemon to libvirt0.
These files are used internally by the library, so they
should be shipped along with it rather than with the daemon.
This is consistent with the upstream libvirt.spec file.
The pattern is partially expanded in the libvirt0.install
file to avoid having to remove a specific subset of data
files later on as part of debian/rules.
[ Guido Günther ]
* [a6cbf92] cpu_map is now a directory.
It used to be a single XML file
-- Guido Günther <email address hidden> Tue, 18 Dec 2018 12:55:10 +0100
-
libvirt (4.10.0-1) unstable; urgency=medium
* [0cde44d] Remove bridge-utils from recommends. We don't use brctl since
ages. Thanks to Andreas Henriksson
* [3c22e06] Drop debian/remove-RHism.diff.patch.
Debian has /usr/bin/service since quiet some time now.
Thanks to Andrea Bolognani
* [54a5cdb] New upstream version 4.10.0
* [87f075c] Rediff patches
* [f798585] Bump symbol versions
* [3bfd881] Depend on sensible-utils
-- Guido Günther <email address hidden> Thu, 13 Dec 2018 11:58:14 +0100
-
libvirt (4.7.0-1) unstable; urgency=medium
* [8ff38ac] New upstream version 4.7.0
(Closes: #908341)
* [afdd147] Bump symbol versions
* [41fa8f5] Rediff patches.
Drop all jansson related patches. Fixed ustream.
-- Guido Günther <email address hidden> Sun, 09 Sep 2018 21:42:33 +0200
-
libvirt (4.6.0-2) unstable; urgency=medium
* [c33faee] Drop dwarves dependency.
Unmaintained and only used in the test suite. (Closes: #905700)
* [43da5ad] Don't use jansson for JSON encoding.
It has borken integer parsing. This adds new patches:
Revert-m4-Introduce-STABLE_ORDERING_JANSSON.patch
Revert-Remove-virJSONValueNewStringLen.patch
Revert-build-undef-WITH_JANSSON-for-SETUID_RPC_CLIENT.patch
Revert-tests-qemucapsprobe-Fix-output-after-switching-to-.patch
Revert-build-require-Jansson-if-QEMU-driver-is-enabled.patch
Revert-util-jsoncompat-Stub-out-virJSONInitialize-when-co.patch
Revert-Switch-from-yajl-to-Jansson.patch
Revert-remote-daemon-Make-sure-that-JSON-symbols-are-prop.patch
Revert-build-remove-references-to-WITH_YAJL-for-SETUID_RP.patch
Revert-build-add-with-jansson.patch
Revert-Remove-functions-using-yajl.patch
Revert-build-switch-with-qemu-default-from-yes-to-check.patch
Revert-tests-also-skip-qemuagenttest-with-old-jansson.patch
Revert-util-avoid-symbol-clash-between-json-libraries.patch
(Closes: #906116)
-- Guido Günther <email address hidden> Tue, 14 Aug 2018 15:09:14 +0200
-
libvirt (4.6.0-1) unstable; urgency=medium
* [afd5e39] d/control: Fix typo in libnss-libvirt's short description.
Thanks to Salvatore Bonaccorso (Closes: #904738)
* [f2f7871] New upstream version 4.6.0
* [a81e098] Drop apparmor-Fix-forgotten-comma-at-EOL.patch applied upstream
* [d53b4b1] Use jansson instead of yajl. The later is no longer supported
upstream
* [bf99d36] Bump symbol versions
-- Guido Günther <email address hidden> Mon, 06 Aug 2018 21:54:45 +0200
-
libvirt (4.5.0-1) unstable; urgency=medium
* [c2b3afc] New upstream version 4.5.0
* [50aa257] Drop patch-qemuMonitorTextGetMigrationStatus-to-intercept.patch
not needed with QEMU since at least stretch.
* [7698a4e] Build-dep on libwiretap-dev for the wireshark dissector
* [2390909] examples: adjust to libvirtd code move
* [64e5530] Bump symbol versions
* [a89e652] l-d-s: suggest open-iscsi (Closes: #903262)
* [882c646] Install bash completion (Closes: #902450)
* [8d79673] apparmor: Fix forgotten comma at EOL
* [0a9cb25] Install storage-file drivers
* [84269a2] Warn about uninstalled files
-- Guido Günther <email address hidden> Tue, 17 Jul 2018 09:36:26 +0200
-
libvirt (4.3.0-1) unstable; urgency=medium
* [8730a15] New upstream version 4.3.0
* [1272efc] Drop patches due to upstream code removal.
Allow-xen-toolstack-to-find-it-s-binaries.patch
debian/fix-Debian-specific-path-to-hvm-loader.patch
* [20eb594] Bump symbol versions
-- Guido Günther <email address hidden> Wed, 16 May 2018 12:09:53 +0200
-
libvirt (4.2.0-2) unstable; urgency=medium
* [c859ce5] Prefer /sbin over /usr/sbin.
If libvirt is built in a chroot with merged /usr it will otherwise break
on non /usr merged systems. (Closes: #895145)
-- Guido Günther <email address hidden> Sun, 08 Apr 2018 11:05:14 +0200
-
libvirt (4.1.0-2) unstable; urgency=medium
* [0b6cf2f] lockd: fix typo in virtlockd-admin.socket
(Closes: #893330)
-- Guido Günther <email address hidden> Sun, 18 Mar 2018 10:51:37 +0100
-
libvirt (4.0.0-2) unstable; urgency=medium
* [4339f02] CVE-2018-6764: virlog: determine the hostname on startup
Closes: #889839
-- Guido Günther <email address hidden> Thu, 08 Feb 2018 19:29:59 +0100
-
libvirt (4.0.0-1) unstable; urgency=medium
* [5936904] New upstream version 4.0.0
* [bcb7ca3] Drop patches applied upstream.
Allow-libvirt-to-kill-unconfined-domains.patch
Drop qemu-avoid-denial-of-service-reading-from-QEMU-monitor-CV.patch
-- Guido Günther <email address hidden> Sat, 20 Jan 2018 16:31:11 +0100
-
libvirt (3.10.0-1) unstable; urgency=medium
* [0d103b6] Bump standards version
* [3eca017] Add russian debconf translation.
Thanks to Lev Lamberov (Closes: #883109)
* [04da2ca] New upstream version 3.10.0
* [f311e52] Drop
AppArmor-add-rules-needed-with-additional-mediation-featu.patch - fixed
upstream
* [0c7f363] Bump symbol versions
* [cbe1699] Use recent debhelper instead of dh-systemd
* [c757791] apparmor: Allow virt-aa-helper to access the name service switch.
Thanks to Martin Pitt (Closes: #882979)
-- Guido Günther <email address hidden> Tue, 05 Dec 2017 14:55:51 +0100
-
libvirt (3.9.0-1) unstable; urgency=medium
* [eef697c] New upstream version 3.9.0
-- Guido Günther <email address hidden> Sun, 05 Nov 2017 14:49:43 +0100
-
libvirt (3.8.0-3) unstable; urgency=medium
* [e0e0a42] virt-host-validate: require fuse for LXC if compiled in.
This should make us skip the lxc test properly on debci.
* [d16ae50] Drop libvirt-bin upgrade handling
libvirt-bin was dropped before Jessie
* [3f18a26] CVE-2017-1000256: qemu: ensure TLS clients always verify the
server certificate (Closes: #878799)
-- Guido Günther <email address hidden> Mon, 16 Oct 2017 19:36:25 +0200
-
libvirt (3.8.0-2) unstable; urgency=medium
* Upload to unstable
Closes: #878153
* [646a20f] apparmor: add dnsmasq ptrace rule to libvirtd profile
-- Guido Günther <email address hidden> Thu, 12 Oct 2017 10:27:25 +0200
-
libvirt (3.7.0-4) unstable; urgency=medium
* Pass-GPG_TTY-env-var-to-the-ssh-binary.patch: sanitize commit message
* apparmor: add attach_disconnected (Closes: #876071)
* apparmor: cater for new AAVMF image location
* apparmor: delete profile on VM shutdown
-- Guido Günther <email address hidden> Mon, 18 Sep 2017 20:24:07 +0200
-
libvirt (3.6.0-1) unstable; urgency=medium
* [ece8d56] New upstream version 3.6.0 (Closes: #870626)
* [f807f7e] Move debianization patches to front of pq since these are
unlikely to go away
* [a06e5a6] Don't build nss on non-linux since it depends on network support
which is not available on non-linux.
Thanks to Pino Toscano (Closes: #867393)
* [6982266] Enable esx support (Closes: #602807)
* [2c29499] Bump symbol versions
* [f974bd9] d/control: fix typo.
Thanks to lintian
* [d4f1521] Bump standards version to 4.0.0
-- Guido Günther <email address hidden> Fri, 04 Aug 2017 00:05:47 -0300
-
libvirt (3.5.0-1) unstable; urgency=medium
[ Guido Günther ]
* [116cb98] New upstream version 3.5.0
* [22f685c] Explicitly enable directory based storage backend. We do so for
the other storage backends as well.
* [1619c0f] Ship storage backends
* [b0f6946] New upstream version 3.5.0-rc2
* [e0507a8] New upstream version 3.1.0
* [603e376] New upstream version 3.1.0-rc2
* [172bcdf,21aa1f3,0d45d3b] Bump symbol versions
* [9c4dfe3] Dropped Disable-use-of-namespaces-by-default.patch: not needed,
namespaces are now enabled
* [7cb82a1] Add pt debconf translation.
Thanks to Rui Branco (Closes: #858742)
* [fcd509f] Remove defaults file on clean
* [6b9ffbb] Build depend on libparted-dev to ease cross building
Thanks to Helmut Grohne (Closes: #864671)
* [849c8e2] Rediff patches.
Dropped patches for things fixed upstream:
CVE-2017-2635-qemu-Don-t-update-physical-storage-size-of-.patch
apparmor-allow-usr-lib-qemu-qemu-bridge-helper.patchupstream
virt-aa-helper-apparmor-allow-usr-share-OVMF-too.patch
Allow-access-to-libnl-3-config-files.patch
Dropped qemu-skip-QMP-probing-of-CPU-definitions-when-missing.patch
* [a0cd0f0] Update key for upstream tarball verification
[ Christian Ehrhardt ]
* [8fa2c4f] Ship libvirt-admin.conf
* [dd2991f] Ship default file for virtlockd
* [aef2f3c] Ship libvirt-admin.conf (Closes: #863649)
* [c3b6ff2] Ship default file for virtlockd (Closes: #863648)
-- Guido Günther <email address hidden> Thu, 06 Jul 2017 11:04:21 +0200
