Change log for libvirt package in Ubuntu
| 1 → 75 of 750 results | First • Previous • Next • Last |
libvirt (10.0.0-2ubuntu8.2) noble-security; urgency=medium
* SECURITY UPDATE: stack use-after-free in virNetClientIOEventLoop()
- debian/patches/CVE-2024-4418.patch: ensure temporary GSource is
removed from client event loop in src/rpc/virnetclient.c.
- CVE-2024-4418
-- Marc Deslauriers <email address hidden> Mon, 06 May 2024 09:12:37 -0400
Available diffs
| Superseded in oracular-proposed |
| Superseded in oracular-proposed |
| Superseded in noble-updates |
| Superseded in noble-security |
libvirt (10.0.0-2ubuntu8.1) noble-security; urgency=medium
* SECURITY UPDATE: off-by-one in udevListInterfacesByStatus()
- debian/patches/CVE-2024-1441.patch: properly check count in
src/interface/interface_backend_udev.c.
- CVE-2024-1441
* SECURITY UPDATE: crash in RPC library
- debian/patches/CVE-2024-2494.patch: check values in
src/remote/remote_daemon_dispatch.c, src/rpc/gendispatch.pl.
- CVE-2024-2494
-- Marc Deslauriers <email address hidden> Thu, 18 Apr 2024 11:42:32 -0400
Available diffs
libvirt (6.0.0-0ubuntu8.20) focal; urgency=medium
* d/p/u/lp2059272-2-qemu-Wait-qemuProcessReconnect-threads-in-cleanup.patch:
Remove patch. It is not possible to wait for qemuProcessReconnect()
in cleanup: it talks to QEMU monitor, which blocks on replies from
event loop, but it's already stopped at cleanup, delaying shutdown.
* d/p/u/lp2059272-2-qemu-Do-not-save-XML-in-shutdown-on-init.patch:
Instead of waiting at cleanup for threads which might be blocked
thus would _not even reach_ the function that causes the problem,
just skip that function if it is _actually reached_ while daemon
shutdown is in progress. That is in the init path and would just
run again anyway the next time libvirtd is started (LP: #2059272)
* NOTE: This package contains the changes from 6.0.0-0ubuntu8.18 and
6.0.0-0ubuntu8.17 in focal-proposed (with symbolic changelog entry)
superseded by 6.0.0-0ubuntu8.19 in focal-security.
Available diffs
| Published in oracular-release |
| Published in noble-release |
| Deleted in noble-proposed (Reason: Moved to noble) |
libvirt (10.0.0-2ubuntu8) noble; urgency=medium * Rebuild against new libpcap0.8t64. -- Gianfranco Costamagna <email address hidden> Mon, 15 Apr 2024 10:17:16 +0200
Available diffs
- diff from 10.0.0-2ubuntu7 to 10.0.0-2ubuntu8 (332 bytes)
libvirt (6.0.0-0ubuntu8.19) focal-security; urgency=medium
* SECURITY UPDATE: off-by-one in udevListInterfacesByStatus()
- debian/patches/CVE-2024-1441.patch: properly check count in
src/interface/interface_backend_udev.c.
- CVE-2024-1441
* SECURITY UPDATE: crash in RPC library
- debian/patches/CVE-2024-2494.patch: check values in
src/remote/remote_daemon_dispatch.c, src/rpc/gendispatch.pl.
- CVE-2024-2494
* SECURITY UPDATE: null pointer deref in udevConnectListAllInterfaces()
- debian/patches/CVE-2024-2496.patch: fix udev_device_get_sysattr_value
return value check in src/interface/interface_backend_udev.c.
- CVE-2024-2496
* NOTE: This package does _not_ contain the changes from
6.0.0-0ubuntu8.18 in focal-proposed.
-- Marc Deslauriers <email address hidden> Fri, 12 Apr 2024 13:50:27 -0400
Available diffs
libvirt (8.0.0-1ubuntu7.10) jammy-security; urgency=medium
* SECURITY UPDATE: off-by-one in udevListInterfacesByStatus()
- debian/patches/CVE-2024-1441.patch: properly check count in
src/interface/interface_backend_udev.c.
- CVE-2024-1441
* SECURITY UPDATE: crash in RPC library
- debian/patches/CVE-2024-2494.patch: check values in
src/remote/remote_daemon_dispatch.c, src/rpc/gendispatch.pl.
- CVE-2024-2494
* SECURITY UPDATE: null pointer deref in udevConnectListAllInterfaces()
- debian/patches/CVE-2024-2496.patch: fix udev_device_get_sysattr_value
return value check in src/interface/interface_backend_udev.c.
- CVE-2024-2496
-- Marc Deslauriers <email address hidden> Fri, 12 Apr 2024 13:48:21 -0400
Available diffs
libvirt (9.6.0-1ubuntu1.1) mantic-security; urgency=medium
* SECURITY UPDATE: off-by-one in udevListInterfacesByStatus()
- debian/patches/CVE-2024-1441.patch: properly check count in
src/interface/interface_backend_udev.c.
- CVE-2024-1441
* SECURITY UPDATE: crash in RPC library
- debian/patches/CVE-2024-2494.patch: check values in
src/remote/remote_daemon_dispatch.c, src/rpc/gendispatch.pl.
- CVE-2024-2494
* SECURITY UPDATE: null pointer deref in udevConnectListAllInterfaces()
- debian/patches/CVE-2024-2496.patch: fix udev_device_get_sysattr_value
return value check in src/interface/interface_backend_udev.c.
- CVE-2024-2496
-- Marc Deslauriers <email address hidden> Fri, 12 Apr 2024 13:40:18 -0400
Available diffs
| Deleted in focal-proposed (Reason: moved to -updates) |
libvirt (6.0.0-0ubuntu8.18) focal; urgency=medium
* d/p/u/lp2059272-1-qemu-Fix-potential-crash-during-driver-cleanup.patch:
On QEMU driver cleanup, release (stop) the worker thread pool _first_,
before other data used by possibly running worker threads (LP: #2059272)
* d/p/u/lp2059272-2-qemu-Wait-qemuProcessReconnect-threads-in-cleanup.patch:
On QEMU driver cleanup, also wait for qemuProcessReconnect() threads,
as they are independent of the worker thread pool. (LP: #2059272)
Focal needs this as it has no .stateShutdownWait() callback yet.
(The wait timeout is set in LIBVIRT_QEMU_STATE_CLEANUP_WAIT_TIMEOUT:
-1 = wait indefinitely; 0 = do not wait; N = wait up to N seconds.)
Available diffs
libvirt (10.0.0-2ubuntu7) noble; urgency=medium * No-change rebuild for CVE-2024-3094 -- Steve Langasek <email address hidden> Sun, 31 Mar 2024 02:19:57 +0000
Available diffs
- diff from 10.0.0-2ubuntu5 to 10.0.0-2ubuntu7 (13.8 KiB)
- diff from 10.0.0-2ubuntu6 to 10.0.0-2ubuntu7 (340 bytes)
| Superseded in noble-proposed |
libvirt (10.0.0-2ubuntu6) noble; urgency=medium * d/p/u/lp-2051754-*.patch: Backport upstream fix for LP: #2051754. -- Sergio Durigan Junior <email address hidden> Tue, 19 Mar 2024 22:22:12 -0400
Available diffs
- diff from 10.0.0-2ubuntu5 to 10.0.0-2ubuntu6 (13.8 KiB)
libvirt (8.0.0-1ubuntu7.9) jammy; urgency=medium
* d/p/u/lp2059272-qemu-Fix-potential-crash-during-driver-cleanup.patch:
On QEMU driver cleanup, release (stop) the worker thread pool _first_,
before other data used by possibly running worker threads (LP: #2059272)
-- Mauricio Faria de Oliveira <email address hidden> Wed, 27 Mar 2024 12:47:46 -0300
Available diffs
libvirt (10.0.0-2ubuntu5) noble; urgency=medium * No-change rebuild against libcurl3t64-gnutls -- Steve Langasek <email address hidden> Sat, 16 Mar 2024 07:06:57 +0000
Available diffs
- diff from 10.0.0-2ubuntu1 to 10.0.0-2ubuntu5 (423 bytes)
- diff from 10.0.0-2ubuntu4 to 10.0.0-2ubuntu5 (307 bytes)
| Superseded in noble-proposed |
libvirt (10.0.0-2ubuntu4) noble; urgency=medium * No-change rebuild against libglib2.0-0t64 -- Steve Langasek <email address hidden> Mon, 11 Mar 2024 23:06:29 +0000
Available diffs
- diff from 10.0.0-2ubuntu3 to 10.0.0-2ubuntu4 (300 bytes)
| Superseded in noble-proposed |
libvirt (10.0.0-2ubuntu3) noble; urgency=medium * No-change rebuild against libgnutls30t64 -- Steve Langasek <email address hidden> Sun, 10 Mar 2024 02:08:29 +0000
Available diffs
- diff from 10.0.0-2ubuntu2 to 10.0.0-2ubuntu3 (306 bytes)
| Superseded in noble-proposed |
libvirt (10.0.0-2ubuntu2) noble; urgency=medium * No-change rebuild against libtirpc3t64 -- Steve Langasek <email address hidden> Thu, 29 Feb 2024 09:26:53 +0000
Available diffs
- diff from 10.0.0-2ubuntu1 to 10.0.0-2ubuntu2 (339 bytes)
libvirt (10.0.0-2ubuntu1) noble; urgency=medium * Merge with Debian unstable (LP: #2054479). Remaining changes: - Disable libssh2 support (universe dependency) - d/control: add libzfslinux-dev to build-deps - d/control: drop libvirt-lxc, vbox and xen drivers to suggest - debian/patches/ubuntu/ovmf_paths.patch: adjust paths to secboot.fd UEFI Secure Boot enabled variants of the OVMF firmware and variable store for the paths where we ship these files in Ubuntu. - Set qemu-group to kvm (for compat with older ubuntu) - Additional apport package-hook - Autostart default bridged network (As upstream does, but not Debian). In addition to just enabling it our solution provides: + do not autostart if subnet is already taken (e.g. in guests). + iterate some alternative subnets before giving up - d/p/ubuntu/Allow-libvirt-group-to-access-the-socket.patch: This is the group based access to libvirt functions as it was used in Ubuntu for quite a long time. + d/p/ubuntu/daemon-augeas-fix-expected.patch fix some related tests due to the group access change. + d/libvirt-daemon-system.postinst: add users in sudo to the libvirt group. - Update README.Debian with Ubuntu changes - d/p/ubuntu/ubuntu_machine_type.patch: accept ubuntu types as pci440fx - fix autopkgtests (LP 1899180) + d/t/control, d/t/smoke-qemu-session: fixup smoke-qemu-session by making vmlinuz available and accessible (Debian bug 848314) + d/t/control: fix smoke-qemu-session by ensuring the service will run installing libvirt-daemon-system + d/t/smoke-lxc: fix smoke-lxc by ignoring potential issues on destroy as long as the following undefine succeeds + d/t/smoke-lxc: use systemd instead of sysV to restart the service + d/t/control, d/t/smoke-lxc: retry service restart and skip test if failing; This was flaky on some release/architectures + d/t/smoke-lxc: retry check_domain being flaky on arm64 - dnsmasq related enhancements + run dnsmasq as libvirt-dnsmasq (LP 1743718) + d/libvirt-daemon-system.postinst: add libvirt-dnsmasq user and group + d/libvirt-daemon-system.postrm: remove libvirt-dnsmasq user and group on purge + d/p/ubuntu/dnsmasq-as-priv-user: write dnsmasq config with user libvirt-dnsmasq and adapt the self tests to expect that config + d/libvirt-daemon-system.postinst: fix old libvirt-dnsmasq users group + Add dnsmasq configuration to work with system wide dnsmasq-base - d/p/ubuntu/set-default-machine-to-ubuntu.patch: to select default machine type correctly with newer qemu/libvirt - d/p/ubuntu/lp-1861125-ubuntu-models: recognize Ubuntu models for (LP 1861125) fixups - d/p/ubuntu/wait-for-qemu-kvm.patch - avoid hangs on startup (LP 1887592) - d/libvirt-daemon-system.libvirt-guests.default: shut guests down in parallel - Apparmor Delta that is Ubuntu specific or yet to be upstreamed split into logical pieces. File names in debian/patches/ubuntu-aa/: + 0020-virt-aa-helper-ubuntu-storage-paths.patch: apparmor, virt-aa-helper: Allow various storage pools and image locations + 0029-appmor-libvirt-qemu-Add-9p-support.patch: appmor, libvirt-qemu: Add 9p support + 0031-virt-aa-helper-Ask-for-no-deny-rule-for-readonly-dis.patch: virt-aa-helper: Ask for no deny rule for readonly disk + 0032-apparmor-libvirt-qemu-Allow-reading-charm-specific-c.patch: apparmor, libvirt-qemu: Allow reading charm-specific ceph config + 0033-UBUNTU-only-apparmor-for-kvm.powerpc-LP-1680384.patch: allow commands executed by ubuntu only kvm wrapper on ppc64el (LP 1686621 LP 1680384 LP 1784023) + 0034-apparmor-virt-aa-helper-access-for-snapped-nova.patch: apparmor, virt-aa-helper: access for snapped nova + lp-1815910-allow-vhost-hotplug.patch: avoid apparmor issues with vhost-net/vhost-vsock/vhost-scsi hotplug (LP 1815910) - libvirt should not use user/group tss for swtpm (LP 1948880) + d/libvirt-daemon-system.postinst: own swtpm logdir by user swtpm + d/p/u/swtpm-by-swtpm-user.patch: change default spawned swtpm processes to user swtpm and adapt expected self test result changes triggered by this + d/libvirt-daemon-system.postinst: create user/group swtpm if not present due to swtpm-tools (LP 1951975) - d/control: Use libc6-dev instead of libc-dev as a build dependency - d/libvirt-clients.lintian-overrides: Add script-not-executable lintian override - libvirt-uri.sh, d/rules: Automatically switch default libvirt URI for users via user profile (xen URI on dom0, qemu:///system otherwise) + Update: Set LIBVIRT_DEFAULT_URI to "qemu:///system" in all cases, do not set to "xen:///" (LP #2027838) - d/control: Demote passt to Suggests (from Recommends) for libvirt-daemon-driver-qemu, because passt is in universe. -- Sergio Durigan Junior <email address hidden> Tue, 20 Feb 2024 17:42:01 -0500
Available diffs
| Deleted in noble-updates (Reason: superseded by release) |
| Superseded in noble-release |
| Deleted in noble-proposed (Reason: Moved to noble) |
libvirt (10.0.0-1ubuntu1) noble; urgency=medium * Merge with Debian unstable (LP: #2040393, #2037606). Remaining changes: - Disable libssh2 support (universe dependency) - d/control: add libzfslinux-dev to build-deps - d/control: drop libvirt-lxc, vbox and xen drivers to suggest - debian/patches/ubuntu/ovmf_paths.patch: adjust paths to secboot.fd UEFI Secure Boot enabled variants of the OVMF firmware and variable store for the paths where we ship these files in Ubuntu. - Set qemu-group to kvm (for compat with older ubuntu) - Additional apport package-hook - Autostart default bridged network (As upstream does, but not Debian). In addition to just enabling it our solution provides: + do not autostart if subnet is already taken (e.g. in guests). + iterate some alternative subnets before giving up - d/p/ubuntu/Allow-libvirt-group-to-access-the-socket.patch: This is the group based access to libvirt functions as it was used in Ubuntu for quite a long time. + d/p/ubuntu/daemon-augeas-fix-expected.patch fix some related tests due to the group access change. + d/libvirt-daemon-system.postinst: add users in sudo to the libvirt group. - Update README.Debian with Ubuntu changes - d/p/ubuntu/ubuntu_machine_type.patch: accept ubuntu types as pci440fx - fix autopkgtests (LP 1899180) + d/t/control, d/t/smoke-qemu-session: fixup smoke-qemu-session by making vmlinuz available and accessible (Debian bug 848314) + d/t/control: fix smoke-qemu-session by ensuring the service will run installing libvirt-daemon-system + d/t/smoke-lxc: fix smoke-lxc by ignoring potential issues on destroy as long as the following undefine succeeds + d/t/smoke-lxc: use systemd instead of sysV to restart the service + d/t/control, d/t/smoke-lxc: retry service restart and skip test if failing; This was flaky on some release/architectures + d/t/smoke-lxc: retry check_domain being flaky on arm64 - dnsmasq related enhancements + run dnsmasq as libvirt-dnsmasq (LP 1743718) + d/libvirt-daemon-system.postinst: add libvirt-dnsmasq user and group + d/libvirt-daemon-system.postrm: remove libvirt-dnsmasq user and group on purge + d/p/ubuntu/dnsmasq-as-priv-user: write dnsmasq config with user libvirt-dnsmasq and adapt the self tests to expect that config + d/libvirt-daemon-system.postinst: fix old libvirt-dnsmasq users group + Add dnsmasq configuration to work with system wide dnsmasq-base - d/p/ubuntu/set-default-machine-to-ubuntu.patch: to select default machine type correctly with newer qemu/libvirt - d/p/ubuntu/lp-1861125-ubuntu-models: recognize Ubuntu models for (LP 1861125) fixups - d/p/ubuntu/wait-for-qemu-kvm.patch - avoid hangs on startup (LP 1887592) - d/libvirt-daemon-system.libvirt-guests.default: shut guests down in parallel - Apparmor Delta that is Ubuntu specific or yet to be upstreamed split into logical pieces. File names in debian/patches/ubuntu-aa/: + 0020-virt-aa-helper-ubuntu-storage-paths.patch: apparmor, virt-aa-helper: Allow various storage pools and image locations + 0029-appmor-libvirt-qemu-Add-9p-support.patch: appmor, libvirt-qemu: Add 9p support + 0031-virt-aa-helper-Ask-for-no-deny-rule-for-readonly-dis.patch: virt-aa-helper: Ask for no deny rule for readonly disk + 0032-apparmor-libvirt-qemu-Allow-reading-charm-specific-c.patch: apparmor, libvirt-qemu: Allow reading charm-specific ceph config + 0033-UBUNTU-only-apparmor-for-kvm.powerpc-LP-1680384.patch: allow commands executed by ubuntu only kvm wrapper on ppc64el (LP 1686621 LP 1680384 LP 1784023) + 0034-apparmor-virt-aa-helper-access-for-snapped-nova.patch: apparmor, virt-aa-helper: access for snapped nova + lp-1815910-allow-vhost-hotplug.patch: avoid apparmor issues with vhost-net/vhost-vsock/vhost-scsi hotplug (LP 1815910) - libvirt should not use user/group tss for swtpm (LP 1948880) + d/libvirt-daemon-system.postinst: own swtpm logdir by user swtpm + d/p/u/swtpm-by-swtpm-user.patch: change default spawned swtpm processes to user swtpm and adapt expected self test result changes triggered by this + d/libvirt-daemon-system.postinst: create user/group swtpm if not present due to swtpm-tools (LP 1951975) - d/control: Use libc6-dev instead of libc-dev as a build dependency - d/libvirt-clients.lintian-overrides: Add script-not-executable lintian override - libvirt-uri.sh, d/rules: Automatically switch default libvirt URI for users via user profile (xen URI on dom0, qemu:///system otherwise) + Update: Set LIBVIRT_DEFAULT_URI to "qemu:///system" in all cases, do not set to "xen:///" (LP #2027838) * Drop changes: - revert "libvirt-daemon-system: Drop polkit rules in legacy pkla format" because policykit-1 > 121 isn't yet ready to go to main in lunar. (LP #2008830) [ policykit-1 > 121 is in noble-main ] * Add changes: - d/control: Demote passt to Suggests (from Recommends) for libvirt-daemon-driver-qemu, because passt is in universe. -- Sergio Durigan Junior <email address hidden> Sun, 21 Jan 2024 00:19:08 -0500
Available diffs
libvirt (8.0.0-1ubuntu7.8) jammy; urgency=medium
* d/p/u/lp-2028057-*, d/libvirt0.install: Add named types and definitions,
along with QEMU alias syncing for Intel SapphireRapids (LP: #2028057)
-- Lena Voytek <email address hidden> Wed, 29 Nov 2023 14:52:52 -0700
Available diffs
| Deleted in lunar-proposed (Reason: The package was removed because its target series is goin...) |
libvirt (9.0.0-2ubuntu1.3) lunar; urgency=medium
* d/p/u/lp-2028057-*, d/libvirt0.install: Add named types and definitions for
Intel SapphireRapids (LP: #2028057)
-- Lena Voytek <email address hidden> Wed, 06 Sep 2023 12:58:15 -0700
Available diffs
libvirt (9.6.0-1ubuntu2) noble; urgency=medium * Rebuild against 'new libwireshark17'. -- Gianfranco Costamagna <email address hidden> Fri, 24 Nov 2023 15:27:16 +0100
Available diffs
- diff from 9.6.0-1ubuntu1 to 9.6.0-1ubuntu2 (358 bytes)
| Superseded in noble-release |
| Published in mantic-release |
| Deleted in mantic-proposed (Reason: Moved to mantic) |
libvirt (9.6.0-1ubuntu1) mantic; urgency=medium * Merge with Debian unstable (LP: #2018082). Remaining changes: - Disable libssh2 support (universe dependency) - d/control: add libzfslinux-dev to build-deps - d/control: drop libvirt-lxc, vbox and xen drivers to suggest - debian/patches/ubuntu/ovmf_paths.patch: adjust paths to secboot.fd UEFI Secure Boot enabled variants of the OVMF firmware and variable store for the paths where we ship these files in Ubuntu. - Set qemu-group to kvm (for compat with older ubuntu) - Additional apport package-hook - Autostart default bridged network (As upstream does, but not Debian). In addition to just enabling it our solution provides: + do not autostart if subnet is already taken (e.g. in guests). + iterate some alternative subnets before giving up - d/p/ubuntu/Allow-libvirt-group-to-access-the-socket.patch: This is the group based access to libvirt functions as it was used in Ubuntu for quite a long time. + d/p/ubuntu/daemon-augeas-fix-expected.patch fix some related tests due to the group access change. + d/libvirt-daemon-system.postinst: add users in sudo to the libvirt group. - Update README.Debian with Ubuntu changes - d/p/ubuntu/ubuntu_machine_type.patch: accept ubuntu types as pci440fx - fix autopkgtests (LP 1899180) + d/t/control, d/t/smoke-qemu-session: fixup smoke-qemu-session by making vmlinuz available and accessible (Debian bug 848314) + d/t/control: fix smoke-qemu-session by ensuring the service will run installing libvirt-daemon-system + d/t/smoke-lxc: fix smoke-lxc by ignoring potential issues on destroy as long as the following undefine succeeds + d/t/smoke-lxc: use systemd instead of sysV to restart the service + d/t/control, d/t/smoke-lxc: retry service restart and skip test if failing; This was flaky on some release/architectures + d/t/smoke-lxc: retry check_domain being flaky on arm64 - dnsmasq related enhancements + run dnsmasq as libvirt-dnsmasq (LP 1743718) + d/libvirt-daemon-system.postinst: add libvirt-dnsmasq user and group + d/libvirt-daemon-system.postrm: remove libvirt-dnsmasq user and group on purge + d/p/ubuntu/dnsmasq-as-priv-user: write dnsmasq config with user libvirt-dnsmasq and adapt the self tests to expect that config + d/libvirt-daemon-system.postinst: fix old libvirt-dnsmasq users group + Add dnsmasq configuration to work with system wide dnsmasq-base - d/p/ubuntu/set-default-machine-to-ubuntu.patch: to select default machine type correctly with newer qemu/libvirt - d/p/ubuntu/lp-1861125-ubuntu-models: recognize Ubuntu models for (LP 1861125) fixups - d/p/ubuntu/wait-for-qemu-kvm.patch - avoid hangs on startup (LP 1887592) - d/libvirt-daemon-system.libvirt-guests.default: shut guests down in parallel - Apparmor Delta that is Ubuntu specific or yet to be upstreamed split into logical pieces. File names in debian/patches/ubuntu-aa/: + 0020-virt-aa-helper-ubuntu-storage-paths.patch: apparmor, virt-aa-helper: Allow various storage pools and image locations + 0029-appmor-libvirt-qemu-Add-9p-support.patch: appmor, libvirt-qemu: Add 9p support + 0031-virt-aa-helper-Ask-for-no-deny-rule-for-readonly-dis.patch: virt-aa-helper: Ask for no deny rule for readonly disk + 0032-apparmor-libvirt-qemu-Allow-reading-charm-specific-c.patch: apparmor, libvirt-qemu: Allow reading charm-specific ceph config + 0033-UBUNTU-only-apparmor-for-kvm.powerpc-LP-1680384.patch: allow commands executed by ubuntu only kvm wrapper on ppc64el (LP 1686621 LP 1680384 LP 1784023) + 0034-apparmor-virt-aa-helper-access-for-snapped-nova.patch: apparmor, virt-aa-helper: access for snapped nova + lp-1815910-allow-vhost-hotplug.patch: avoid apparmor issues with vhost-net/vhost-vsock/vhost-scsi hotplug (LP 1815910) - libvirt should not use user/group tss for swtpm (LP 1948880) + d/libvirt-daemon-system.postinst: own swtpm logdir by user swtpm + d/p/u/swtpm-by-swtpm-user.patch: change default spawned swtpm processes to user swtpm and adapt expected self test result changes triggered by this + d/libvirt-daemon-system.postinst: create user/group swtpm if not present due to swtpm-tools (LP 1951975) - revert "libvirt-daemon-system: Drop polkit rules in legacy pkla format" because policykit-1 > 121 isn't yet ready to go to main in lunar. (LP #2008830) - d/control: Use libc6-dev instead of libc-dev as a build dependency - d/libvirt-clients.lintian-overrides: Add script-not-executable lintian override * Dropped changes: - d/p/CVE-2023-3750.patch: Remove - fixed upstream - revert "libvirt-daemon-system: Drop polkit rules in legacy pkla format" This has been restored to match Debian because policykit-1 is now at a version greater than 121 in mantic * Modified changes: - libvirt-uri.sh, d/rules: Automatically switch default libvirt URI for users via user profile (xen URI on dom0, qemu:///system otherwise) + Update: Set LIBVIRT_DEFAULT_URI to "qemu:///system" in all cases, do not set to "xen:///" (LP #2027838) -- Lena Voytek <email address hidden> Mon, 14 Aug 2023 14:16:30 -0700
Available diffs
- diff from 9.5.0-2ubuntu2 to 9.6.0-1ubuntu1 (286.0 KiB)
libvirt (8.0.0-1ubuntu7.7) jammy; urgency=medium
* When attempting to launch a VM with SGX enabled, there is an
error reported that prevents VMs from being launched. Backport fix
that fixes the main cause of that issue, which is the
QOM_CPU_PATH macro and qom-get behavior (LP: #1982896).
- d/p/b/qemu-monitor-json-get-cpux86-data-unexport.patch
- d/p/b/qemu-process-update-and-verify-cpu-refactor-cleanup.patch
- d/p/b/qemu-monitor-do-not-hardcode-qom-path-of-first-cpu.patch
- d/p/b/qemu-domain-store-qompath-in-qemudomainvcpuprivate.patch
- d/p/b/qemu-process-move-cpu-flag-querying-after-code-probing-cpus.patch
- d/p/b/qemu-process-move-call-to-qemuprocessrefreshcpu-after-cpu-probe.patch
- d/p/b/qemu-process-do-not-use-hardcoded-qom-path-for-cpu-for-probing-flags.patch
-- Michal Maloszewski <email address hidden> Fri, 04 Aug 2023 10:42:25 +0200
Available diffs
libvirt (9.5.0-2ubuntu2) mantic; urgency=medium
* Merge from Debian Unstable. Remaining changes:
- libvirt-uri.sh, d/rules: Automatically switch default libvirt URI
for users via user profile (xen URI on dom0, qemu:///system otherwise)
- Disable libssh2 support (universe dependency)
- d/control: add libzfslinux-dev to build-deps
- d/control: drop libvirt-lxc, vbox and xen drivers to suggest
- debian/patches/ubuntu/ovmf_paths.patch: adjust paths to secboot.fd UEFI
Secure Boot enabled variants of the OVMF firmware and variable store for
the paths where we ship these files in Ubuntu.
- Set qemu-group to kvm (for compat with older ubuntu)
- Additional apport package-hook
- Autostart default bridged network (As upstream does, but not Debian).
In addition to just enabling it our solution provides:
+ do not autostart if subnet is already taken (e.g. in guests).
+ iterate some alternative subnets before giving up
- d/p/ubuntu/Allow-libvirt-group-to-access-the-socket.patch: This is
the group based access to libvirt functions as it was used in Ubuntu
for quite a long time.
+ d/p/ubuntu/daemon-augeas-fix-expected.patch fix some related tests
due to the group access change.
+ d/libvirt-daemon-system.postinst: add users in sudo to the libvirt
group.
- Update README.Debian with Ubuntu changes
- d/p/ubuntu/ubuntu_machine_type.patch: accept ubuntu types as pci440fx
- fix autopkgtests (LP 1899180)
+ d/t/control, d/t/smoke-qemu-session: fixup smoke-qemu-session by making
vmlinuz available and accessible (Debian bug 848314)
+ d/t/control: fix smoke-qemu-session by ensuring the service will run
installing libvirt-daemon-system
+ d/t/smoke-lxc: fix smoke-lxc by ignoring potential issues on destroy as
long as the following undefine succeeds
+ d/t/smoke-lxc: use systemd instead of sysV to restart the service
+ d/t/control, d/t/smoke-lxc: retry service restart and skip test if
failing; This was flaky on some release/architectures
+ d/t/smoke-lxc: retry check_domain being flaky on arm64
- dnsmasq related enhancements
+ run dnsmasq as libvirt-dnsmasq (LP: 1743718)
+ d/libvirt-daemon-system.postinst: add libvirt-dnsmasq user and group
+ d/libvirt-daemon-system.postrm: remove libvirt-dnsmasq user and group
on purge
+ d/p/ubuntu/dnsmasq-as-priv-user: write dnsmasq config with user
libvirt-dnsmasq and adapt the self tests to expect that config
+ d/libvirt-daemon-system.postinst: fix old libvirt-dnsmasq users group
+ Add dnsmasq configuration to work with system wide dnsmasq-base
- d/p/ubuntu/set-default-machine-to-ubuntu.patch: to select default
machine type correctly with newer qemu/libvirt
- d/p/ubuntu/lp-1861125-ubuntu-models: recognize Ubuntu models for
(LP 1861125) fixups
- d/p/ubuntu/wait-for-qemu-kvm.patch - avoid hangs on startup (LP 1887592)
- d/libvirt-daemon-system.libvirt-guests.default: shut guests down
in parallel
- Apparmor Delta that is Ubuntu specific or yet to be upstreamed
split into logical pieces. File names in debian/patches/ubuntu-aa/:
+ 0020-virt-aa-helper-ubuntu-storage-paths.patch:
apparmor, virt-aa-helper: Allow various storage pools and image
locations
+ 0029-appmor-libvirt-qemu-Add-9p-support.patch: appmor,
libvirt-qemu: Add 9p support
+ 0031-virt-aa-helper-Ask-for-no-deny-rule-for-readonly-dis.patch:
virt-aa-helper: Ask for no deny rule for readonly disk
+ 0032-apparmor-libvirt-qemu-Allow-reading-charm-specific-c.patch:
apparmor, libvirt-qemu: Allow reading charm-specific ceph config
+ 0033-UBUNTU-only-apparmor-for-kvm.powerpc-LP-1680384.patch: allow
commands executed by ubuntu only kvm wrapper on ppc64el
(LP 1686621 LP 1680384 LP 1784023)
+ 0034-apparmor-virt-aa-helper-access-for-snapped-nova.patch:
apparmor, virt-aa-helper: access for snapped nova
+ lp-1815910-allow-vhost-net.patch: avoid apparmor issues
with vhost-net/vhost-vsock/vhost-scsi hotplug (LP: 1815910)
- libvirt should not use user/group tss for swtpm (LP 1948880)
+ d/libvirt-daemon-system.postinst: own swtpm logdir by user swtpm
+ d/p/u/swtpm-by-swtpm-user.patch: change default spawned swtpm processes
to user swtpm and adapt expected self test result changes triggered by
this
+ d/libvirt-daemon-system.postinst: create user/group swtpm if not present
due to swtpm-tools (LP 1951975)
- revert "libvirt-daemon-system: Drop polkit rules in legacy pkla format"
because policykit-1 > 121 isn't yet ready to go to main in lunar.
(LP: #2008830)
- SECURITY UPDATE: denial of service via improper locking
+ debian/patches/CVE-2023-3750.patch: fix returning of locked objects
from virStoragePoolObjListSearch in src/conf/virstorageobj.c.
+ CVE-2023-3750
* Dropped changes [upstream now]:
- SECURITY UPDATE: DoS via memleak in SR-IOV PCI device capabilities
+ debian/patches/CVE-2023-2700.patch: resolve leak in
virPCIVirtualFunctionList cleanup in src/util/virpci.c.
+ CVE-2023-2700
Available diffs
- diff from 9.0.0-2ubuntu3 to 9.5.0-2ubuntu2 (13.5 MiB)
- diff from 9.5.0-2ubuntu1 to 9.5.0-2ubuntu2 (1.6 KiB)
| Superseded in mantic-proposed |
libvirt (9.5.0-2ubuntu1) mantic; urgency=medium
* Merge from Debian Unstable. Remaining changes:
- libvirt-uri.sh, d/rules: Automatically switch default libvirt URI
for users via user profile (xen URI on dom0, qemu:///system otherwise)
- Disable libssh2 support (universe dependency)
- d/control: add libzfslinux-dev to build-deps
- d/control: drop libvirt-lxc, vbox and xen drivers to suggest
- debian/patches/ubuntu/ovmf_paths.patch: adjust paths to secboot.fd UEFI
Secure Boot enabled variants of the OVMF firmware and variable store for
the paths where we ship these files in Ubuntu.
- Set qemu-group to kvm (for compat with older ubuntu)
- Additional apport package-hook
- Autostart default bridged network (As upstream does, but not Debian).
In addition to just enabling it our solution provides:
+ do not autostart if subnet is already taken (e.g. in guests).
+ iterate some alternative subnets before giving up
- d/p/ubuntu/Allow-libvirt-group-to-access-the-socket.patch: This is
the group based access to libvirt functions as it was used in Ubuntu
for quite a long time.
+ d/p/ubuntu/daemon-augeas-fix-expected.patch fix some related tests
due to the group access change.
+ d/libvirt-daemon-system.postinst: add users in sudo to the libvirt
group.
- Update README.Debian with Ubuntu changes
- d/p/ubuntu/ubuntu_machine_type.patch: accept ubuntu types as pci440fx
- fix autopkgtests (LP 1899180)
+ d/t/control, d/t/smoke-qemu-session: fixup smoke-qemu-session by making
vmlinuz available and accessible (Debian bug 848314)
+ d/t/control: fix smoke-qemu-session by ensuring the service will run
installing libvirt-daemon-system
+ d/t/smoke-lxc: fix smoke-lxc by ignoring potential issues on destroy as
long as the following undefine succeeds
+ d/t/smoke-lxc: use systemd instead of sysV to restart the service
+ d/t/control, d/t/smoke-lxc: retry service restart and skip test if
failing; This was flaky on some release/architectures
+ d/t/smoke-lxc: retry check_domain being flaky on arm64
- dnsmasq related enhancements
+ run dnsmasq as libvirt-dnsmasq (LP: 1743718)
+ d/libvirt-daemon-system.postinst: add libvirt-dnsmasq user and group
+ d/libvirt-daemon-system.postrm: remove libvirt-dnsmasq user and group
on purge
+ d/p/ubuntu/dnsmasq-as-priv-user: write dnsmasq config with user
libvirt-dnsmasq and adapt the self tests to expect that config
+ d/libvirt-daemon-system.postinst: fix old libvirt-dnsmasq users group
+ Add dnsmasq configuration to work with system wide dnsmasq-base
- d/p/ubuntu/set-default-machine-to-ubuntu.patch: to select default
machine type correctly with newer qemu/libvirt
- d/p/ubuntu/lp-1861125-ubuntu-models: recognize Ubuntu models for
(LP 1861125) fixups
- d/p/ubuntu/wait-for-qemu-kvm.patch - avoid hangs on startup (LP 1887592)
- d/libvirt-daemon-system.libvirt-guests.default: shut guests down
in parallel
- Apparmor Delta that is Ubuntu specific or yet to be upstreamed
split into logical pieces. File names in debian/patches/ubuntu-aa/:
+ 0020-virt-aa-helper-ubuntu-storage-paths.patch:
apparmor, virt-aa-helper: Allow various storage pools and image
locations
+ 0029-appmor-libvirt-qemu-Add-9p-support.patch: appmor,
libvirt-qemu: Add 9p support
+ 0031-virt-aa-helper-Ask-for-no-deny-rule-for-readonly-dis.patch:
virt-aa-helper: Ask for no deny rule for readonly disk
+ 0032-apparmor-libvirt-qemu-Allow-reading-charm-specific-c.patch:
apparmor, libvirt-qemu: Allow reading charm-specific ceph config
+ 0033-UBUNTU-only-apparmor-for-kvm.powerpc-LP-1680384.patch: allow
commands executed by ubuntu only kvm wrapper on ppc64el
(LP 1686621 LP 1680384 LP 1784023)
+ 0034-apparmor-virt-aa-helper-access-for-snapped-nova.patch:
apparmor, virt-aa-helper: access for snapped nova
+ lp-1815910-allow-vhost-net.patch: avoid apparmor issues
with vhost-net/vhost-vsock/vhost-scsi hotplug (LP: 1815910)
- libvirt should not use user/group tss for swtpm (LP 1948880)
+ d/libvirt-daemon-system.postinst: own swtpm logdir by user swtpm
+ d/p/u/swtpm-by-swtpm-user.patch: change default spawned swtpm processes
to user swtpm and adapt expected self test result changes triggered by
this
+ d/libvirt-daemon-system.postinst: create user/group swtpm if not present
due to swtpm-tools (LP 1951975)
- revert "libvirt-daemon-system: Drop polkit rules in legacy pkla format"
because policykit-1 > 121 isn't yet ready to go to main in lunar.
(LP: #2008830)
- SECURITY UPDATE: denial of service via improper locking
+ debian/patches/CVE-2023-3750.patch: fix returning of locked objects
from virStoragePoolObjListSearch in src/conf/virstorageobj.c.
+ CVE-2023-3750
* Dropped changes [upstream now]:
- SECURITY UPDATE: DoS via memleak in SR-IOV PCI device capabilities
+ debian/patches/CVE-2023-2700.patch: resolve leak in
virPCIVirtualFunctionList cleanup in src/util/virpci.c.
+ CVE-2023-2700
Available diffs
- diff from 9.0.0-2ubuntu3 to 9.5.0-2ubuntu1 (13.5 MiB)
libvirt (9.0.0-2ubuntu3) mantic; urgency=medium
* SECURITY UPDATE: denial of service via improper locking
- debian/patches/CVE-2023-3750.patch: fix returning of locked objects
from virStoragePoolObjListSearch in src/conf/virstorageobj.c.
- CVE-2023-3750
-- Marc Deslauriers <email address hidden> Tue, 25 Jul 2023 09:09:55 -0400
Available diffs
libvirt (9.0.0-2ubuntu1.2) lunar-security; urgency=medium
* SECURITY UPDATE: denial of service via improper locking
- debian/patches/CVE-2023-3750.patch: fix returning of locked objects
from virStoragePoolObjListSearch in src/conf/virstorageobj.c.
- CVE-2023-3750
-- Marc Deslauriers <email address hidden> Tue, 25 Jul 2023 09:11:54 -0400
Available diffs
libvirt (8.0.0-1ubuntu7.6) jammy; urgency=medium
* d/p/u/lp-2024114-Avoid-memleak-in-virNodeDeviceGetPCIVPDDynamicCap.patch:
fix memory leak PCI devices with VPD data (LP: #2024114)
-- Rafael Lopez <email address hidden> Tue, 20 Jun 2023 11:54:15 +1000
Available diffs
libvirt (9.0.0-2ubuntu1.1) lunar-security; urgency=medium
* SECURITY UPDATE: DoS via memleak in SR-IOV PCI device capabilities
- debian/patches/CVE-2023-2700.patch: resolve leak in
virPCIVirtualFunctionList cleanup in src/util/virpci.c.
- CVE-2023-2700
-- Marc Deslauriers <email address hidden> Fri, 26 May 2023 10:05:18 -0400
Available diffs
libvirt (8.0.0-1ubuntu7.5) jammy-security; urgency=medium
* SECURITY UPDATE: DoS via nwfilter driver
- debian/patches/CVE-2022-0897.patch: fix crash when counting number of
network filters in src/nwfilter/nwfilter_driver.c.
- CVE-2022-0897
* SECURITY UPDATE: DoS via memleak in SR-IOV PCI device capabilities
- debian/patches/CVE-2023-2700.patch: resolve leak in
virPCIVirtualFunctionList cleanup in src/util/virpci.c.
- CVE-2023-2700
-- Marc Deslauriers <email address hidden> Fri, 26 May 2023 10:08:33 -0400
Available diffs
libvirt (9.0.0-2ubuntu2) mantic; urgency=medium
* SECURITY UPDATE: DoS via memleak in SR-IOV PCI device capabilities
- debian/patches/CVE-2023-2700.patch: resolve leak in
virPCIVirtualFunctionList cleanup in src/util/virpci.c.
- CVE-2023-2700
-- Marc Deslauriers <email address hidden> Fri, 26 May 2023 10:05:18 -0400
Available diffs
libvirt (8.6.0-0ubuntu3.2) kinetic-security; urgency=medium
* SECURITY UPDATE: DoS via memleak in SR-IOV PCI device capabilities
- debian/patches/CVE-2023-2700.patch: resolve leak in
virPCIVirtualFunctionList cleanup in src/util/virpci.c.
- CVE-2023-2700
-- Marc Deslauriers <email address hidden> Fri, 26 May 2023 10:07:47 -0400
Available diffs
| Superseded in mantic-release |
| Published in lunar-release |
| Deleted in lunar-proposed (Reason: Moved to lunar) |
libvirt (9.0.0-2ubuntu1) lunar; urgency=medium * Merge 9.0.0-2 from Debian unstable (LP: #1993412) Also resolved the ask for a rebuild against recent libxen (LP: #2004163) Remaining changes: - libvirt-uri.sh, d/rules: Automatically switch default libvirt URI for users via user profile (xen URI on dom0, qemu:///system otherwise) - Disable libssh2 support (universe dependency) - d/control: add libzfslinux-dev to build-deps - d/control: drop libvirt-lxc, vbox and xen drivers to suggest - debian/patches/ubuntu/ovmf_paths.patch: adjust paths to secboot.fd UEFI Secure Boot enabled variants of the OVMF firmware and variable store for the paths where we ship these files in Ubuntu. - Set qemu-group to kvm (for compat with older ubuntu) - Additional apport package-hook - Autostart default bridged network (As upstream does, but not Debian). In addition to just enabling it our solution provides: + do not autostart if subnet is already taken (e.g. in guests). + iterate some alternative subnets before giving up - d/p/ubuntu/Allow-libvirt-group-to-access-the-socket.patch: This is the group based access to libvirt functions as it was used in Ubuntu for quite a long time. + d/p/ubuntu/daemon-augeas-fix-expected.patch fix some related tests due to the group access change. + d/libvirt-daemon-system.postinst: add users in sudo to the libvirt group. - Update README.Debian with Ubuntu changes - d/p/ubuntu/ubuntu_machine_type.patch: accept ubuntu types as pci440fx - fix autopkgtests (LP 1899180) + d/t/control, d/t/smoke-qemu-session: fixup smoke-qemu-session by making vmlinuz available and accessible (Debian bug 848314) + d/t/control: fix smoke-qemu-session by ensuring the service will run installing libvirt-daemon-system + d/t/smoke-lxc: fix smoke-lxc by ignoring potential issues on destroy as long as the following undefine succeeds + d/t/smoke-lxc: use systemd instead of sysV to restart the service + d/t/control, d/t/smoke-lxc: retry service restart and skip test if failing; This was flaky on some release/architectures + d/t/smoke-lxc: retry check_domain being flaky on arm64 - dnsmasq related enhancements + run dnsmasq as libvirt-dnsmasq (LP: 1743718) + d/libvirt-daemon-system.postinst: add libvirt-dnsmasq user and group + d/libvirt-daemon-system.postrm: remove libvirt-dnsmasq user and group on purge + d/p/ubuntu/dnsmasq-as-priv-user: write dnsmasq config with user libvirt-dnsmasq and adapt the self tests to expect that config + d/libvirt-daemon-system.postinst: fix old libvirt-dnsmasq users group + Add dnsmasq configuration to work with system wide dnsmasq-base - d/p/ubuntu/set-default-machine-to-ubuntu.patch: to select default machine type correctly with newer qemu/libvirt - d/p/ubuntu/lp-1861125-ubuntu-models: recognize Ubuntu models for (LP 1861125) fixups - d/p/ubuntu/wait-for-qemu-kvm.patch - avoid hangs on startup (LP 1887592) - d/libvirt-daemon-system.libvirt-guests.default: shut guests down in parallel - Apparmor Delta that is Ubuntu specific or yet to be upstreamed split into logical pieces. File names in debian/patches/ubuntu-aa/: + 0020-virt-aa-helper-ubuntu-storage-paths.patch: apparmor, virt-aa-helper: Allow various storage pools and image locations + 0029-appmor-libvirt-qemu-Add-9p-support.patch: appmor, libvirt-qemu: Add 9p support + 0031-virt-aa-helper-Ask-for-no-deny-rule-for-readonly-dis.patch: virt-aa-helper: Ask for no deny rule for readonly disk + 0032-apparmor-libvirt-qemu-Allow-reading-charm-specific-c.patch: apparmor, libvirt-qemu: Allow reading charm-specific ceph config + 0033-UBUNTU-only-apparmor-for-kvm.powerpc-LP-1680384.patch: allow commands executed by ubuntu only kvm wrapper on ppc64el (LP 1686621 LP 1680384 LP 1784023) + 0034-apparmor-virt-aa-helper-access-for-snapped-nova.patch: apparmor, virt-aa-helper: access for snapped nova + lp-1815910-allow-vhost-net.patch: avoid apparmor issues with vhost-net/vhost-vsock/vhost-scsi hotplug (LP: 1815910) - libvirt should not use user/group tss for swtpm (LP 1948880) + d/libvirt-daemon-system.postinst: own swtpm logdir by user swtpm + d/p/u/swtpm-by-swtpm-user.patch: change default spawned swtpm processes to user swtpm and adapt expected self test result changes triggered by this + d/libvirt-daemon-system.postinst: create user/group swtpm if not present due to swtpm-tools (LP 1951975) * Dropped changes [upstream now]: - d/p/u/tests-Fix-libxlxml2domconfigtest-with-latest-xen.patch: fix FTBFS with latest libxl [v8.10.0] - d/p/u/fix-swtpm-pid-duplication.patch: Clean up swtpm pids after a vm shuts down (LP 1997269) [v8.7.0] - d/p/u/lp-1993304-apparmor-allow-getattr-on-usb-devices.patch: prevent apparmor denials on USB forwarding (LP 1993304) [v8.10.0] - d/p/u/lp-1996176-nodedev-ignore-EINVAL-from-libudev-in-udevEventHandl: tolerate the impact of too large udev data avoiding a busy loop (LP 1996176) [v8.10.0] - d/p/u/lp-1990499-virt-aa-helper-allow-common-riscv64-loader-paths.patch: easen the use of riscv64 through libvirt (LP 1990499) [v8.9.0] - d/p/u/lp-1990949-virpcivpd-reduce-errors-in-log-due-to-invalid-VPD.patch: reduce log noise by invalid VPD data (LP 1990949) [v8.7.0] * Dropped changes [in Debian now]: - [f35cf09] d/rules: update path of ci-dashboard removal [8.9.0-1] - [a54d904] New upstream version 8.6.0 [8.9.0-1] - patch refreshes and .symbols updated from 8.5.0 -> 8.6.0 [8.9.0-1] - d/control: suggest swtpm-tools [8.10.0-1] * Added changes: - revert "libvirt-daemon-system: Drop polkit rules in legacy pkla format" because policykit-1 > 121 isn't yet ready to go to main in lunar. (LP: #2008830)
Available diffs
- diff from 8.6.0-0ubuntu5 to 9.0.0-2ubuntu1 (3.0 MiB)
- diff from 9.0.0-1ubuntu1 to 9.0.0-2ubuntu1 (8.8 KiB)
| Superseded in lunar-proposed |
libvirt (9.0.0-1ubuntu1) lunar; urgency=medium * Merge 9.0.0-1 from Debian testing (LP: #1993412) Also resolved the ask for a rebuild against recent libxen (LP: #2004163) Remaining changes: - libvirt-uri.sh, d/rules: Automatically switch default libvirt URI for users via user profile (xen URI on dom0, qemu:///system otherwise) - Disable libssh2 support (universe dependency) - d/control: add libzfslinux-dev to build-deps - d/control: drop libvirt-lxc, vbox and xen drivers to suggest - debian/patches/ubuntu/ovmf_paths.patch: adjust paths to secboot.fd UEFI Secure Boot enabled variants of the OVMF firmware and variable store for the paths where we ship these files in Ubuntu. - Set qemu-group to kvm (for compat with older ubuntu) - Additional apport package-hook - Autostart default bridged network (As upstream does, but not Debian). In addition to just enabling it our solution provides: + do not autostart if subnet is already taken (e.g. in guests). + iterate some alternative subnets before giving up - d/p/ubuntu/Allow-libvirt-group-to-access-the-socket.patch: This is the group based access to libvirt functions as it was used in Ubuntu for quite a long time. + d/p/ubuntu/daemon-augeas-fix-expected.patch fix some related tests due to the group access change. + d/libvirt-daemon-system.postinst: add users in sudo to the libvirt group. - Update README.Debian with Ubuntu changes - d/p/ubuntu/ubuntu_machine_type.patch: accept ubuntu types as pci440fx - fix autopkgtests (LP 1899180) + d/t/control, d/t/smoke-qemu-session: fixup smoke-qemu-session by making vmlinuz available and accessible (Debian bug 848314) + d/t/control: fix smoke-qemu-session by ensuring the service will run installing libvirt-daemon-system + d/t/smoke-lxc: fix smoke-lxc by ignoring potential issues on destroy as long as the following undefine succeeds + d/t/smoke-lxc: use systemd instead of sysV to restart the service + d/t/control, d/t/smoke-lxc: retry service restart and skip test if failing; This was flaky on some release/architectures + d/t/smoke-lxc: retry check_domain being flaky on arm64 - dnsmasq related enhancements + run dnsmasq as libvirt-dnsmasq (LP: 1743718) + d/libvirt-daemon-system.postinst: add libvirt-dnsmasq user and group + d/libvirt-daemon-system.postrm: remove libvirt-dnsmasq user and group on purge + d/p/ubuntu/dnsmasq-as-priv-user: write dnsmasq config with user libvirt-dnsmasq and adapt the self tests to expect that config + d/libvirt-daemon-system.postinst: fix old libvirt-dnsmasq users group + Add dnsmasq configuration to work with system wide dnsmasq-base - d/p/ubuntu/set-default-machine-to-ubuntu.patch: to select default machine type correctly with newer qemu/libvirt - d/p/ubuntu/lp-1861125-ubuntu-models: recognize Ubuntu models for (LP 1861125) fixups - d/p/ubuntu/wait-for-qemu-kvm.patch - avoid hangs on startup (LP 1887592) - d/libvirt-daemon-system.libvirt-guests.default: shut guests down in parallel - Apparmor Delta that is Ubuntu specific or yet to be upstreamed split into logical pieces. File names in debian/patches/ubuntu-aa/: + 0020-virt-aa-helper-ubuntu-storage-paths.patch: apparmor, virt-aa-helper: Allow various storage pools and image locations + 0029-appmor-libvirt-qemu-Add-9p-support.patch: appmor, libvirt-qemu: Add 9p support + 0031-virt-aa-helper-Ask-for-no-deny-rule-for-readonly-dis.patch: virt-aa-helper: Ask for no deny rule for readonly disk + 0032-apparmor-libvirt-qemu-Allow-reading-charm-specific-c.patch: apparmor, libvirt-qemu: Allow reading charm-specific ceph config + 0033-UBUNTU-only-apparmor-for-kvm.powerpc-LP-1680384.patch: allow commands executed by ubuntu only kvm wrapper on ppc64el (LP 1686621 LP 1680384 LP 1784023) + 0034-apparmor-virt-aa-helper-access-for-snapped-nova.patch: apparmor, virt-aa-helper: access for snapped nova + lp-1815910-allow-vhost-net.patch: avoid apparmor issues with vhost-net/vhost-vsock/vhost-scsi hotplug (LP: 1815910) - libvirt should not use user/group tss for swtpm (LP 1948880) + d/libvirt-daemon-system.postinst: own swtpm logdir by user swtpm + d/p/u/swtpm-by-swtpm-user.patch: change default spawned swtpm processes to user swtpm and adapt expected self test result changes triggered by this + d/libvirt-daemon-system.postinst: create user/group swtpm if not present due to swtpm-tools (LP 1951975) * Dropped changes [upstream now]: - d/p/u/tests-Fix-libxlxml2domconfigtest-with-latest-xen.patch: fix FTBFS with latest libxl [v8.10.0] - d/p/u/fix-swtpm-pid-duplication.patch: Clean up swtpm pids after a vm shuts down (LP 1997269) [v8.7.0] - d/p/u/lp-1993304-apparmor-allow-getattr-on-usb-devices.patch: prevent apparmor denials on USB forwarding (LP 1993304) [v8.10.0] - d/p/u/lp-1996176-nodedev-ignore-EINVAL-from-libudev-in-udevEventHandl: tolerate the impact of too large udev data avoiding a busy loop (LP 1996176) [v8.10.0] - d/p/u/lp-1990499-virt-aa-helper-allow-common-riscv64-loader-paths.patch: easen the use of riscv64 through libvirt (LP 1990499) [v8.9.0] - d/p/u/lp-1990949-virpcivpd-reduce-errors-in-log-due-to-invalid-VPD.patch: reduce log noise by invalid VPD data (LP 1990949) [v8.7.0] * Dropped changes [in Debian now]: - [f35cf09] d/rules: update path of ci-dashboard removal [8.9.0-1] - [a54d904] New upstream version 8.6.0 [8.9.0-1] - patch refreshes and .symbols updated from 8.5.0 -> 8.6.0 [8.9.0-1] - d/control: suggest swtpm-tools [8.10.0-1] -- Christian Ehrhardt <email address hidden> Wed, 08 Feb 2023 14:54:15 +0100
Available diffs
| Superseded in lunar-proposed |
libvirt (8.6.0-0ubuntu6) lunar; urgency=medium * Rebuild against latest xen -- Jeremy Bicha <email address hidden> Sat, 04 Feb 2023 08:10:38 -0500
Available diffs
- diff from 8.6.0-0ubuntu5 to 8.6.0-0ubuntu6 (338 bytes)
| Superseded in focal-proposed |
libvirt (6.0.0-0ubuntu8.17) focal; urgency=medium
* d/p/u/lp-1989078-*.patch: allow arm64 to lock its OVMF/AAVMF resources
(LP: #1989078)
-- Christian Ehrhardt <email address hidden> Mon, 09 Jan 2023 08:48:16 +0100
Available diffs
libvirt (8.0.0-1ubuntu7.4) jammy; urgency=medium
* d/p/u/lp-1993304-apparmor-allow-getattr-on-usb-devices.patch: prevent
apparmor denials on USB forwarding (LP: #1993304)
* d/p/u/lp-1996176-nodedev-ignore-EINVAL-from-libudev-in-udevEventHandl.patch:
tolerate the impact of too large udev data avoiding a busy loop
(LP: #1996176)
-- Christian Ehrhardt <email address hidden> Tue, 22 Nov 2022 15:59:28 +0100
Available diffs
libvirt (8.6.0-0ubuntu3.1) kinetic; urgency=medium
[ Lena Voytek ]
* d/p/u/fix-swtpm-pid-duplication.patch: Clean up swtpm pids after a vm
shuts down (LP: #1997269)
[Christian Ehrhardt ]
* d/p/u/lp-1993304-apparmor-allow-getattr-on-usb-devices.patch: prevent
apparmor denials on USB forwarding (LP: #1993304)
* d/p/u/lp-1996176-nodedev-ignore-EINVAL-from-libudev-in-udevEventHandl.patch:
tolerate the impact of too large udev data avoiding a busy loop
(LP: #1996176)
-- Christian Ehrhardt <email address hidden> Tue, 22 Nov 2022 11:21:30 +0100
Available diffs
libvirt (8.6.0-0ubuntu5) lunar; urgency=medium
* d/p/u/tests-Fix-libxlxml2domconfigtest-with-latest-xen.patch: fix FTBFS
with latest libxl
Available diffs
- diff from 8.6.0-0ubuntu3 to 8.6.0-0ubuntu5 (4.9 KiB)
- diff from 8.6.0-0ubuntu4 to 8.6.0-0ubuntu5 (2.2 KiB)
| Superseded in lunar-proposed |
libvirt (8.6.0-0ubuntu4) lunar; urgency=medium
[ Lena Voytek ]
* d/p/u/fix-swtpm-pid-duplication.patch: Clean up swtpm pids after a vm
shuts down (LP: #1997269)
[Christian Ehrhardt ]
* d/p/u/lp-1993304-apparmor-allow-getattr-on-usb-devices.patch: prevent
apparmor denials on USB forwarding (LP: #1993304)
* d/p/u/lp-1996176-nodedev-ignore-EINVAL-from-libudev-in-udevEventHandl.patch:
tolerate the impact of too large udev data avoiding a busy loop
(LP: #1996176)
-- Christian Ehrhardt <email address hidden> Tue, 22 Nov 2022 11:21:30 +0100
Available diffs
libvirt (8.0.0-1ubuntu7.3) jammy; urgency=medium
* d/p/u/lp-1990499-virt-aa-helper-allow-common-riscv64-loader-paths.patch:
easen the use of riscv64 through libvirt (LP: #1990499)
-- Christian Ehrhardt <email address hidden> Tue, 04 Oct 2022 08:33:14 +0200
Available diffs
| Superseded in lunar-release |
| Obsolete in kinetic-release |
| Deleted in kinetic-proposed (Reason: Moved to kinetic) |
libvirt (8.6.0-0ubuntu3) kinetic; urgency=medium
* d/p/u/lp-1990499-virt-aa-helper-allow-common-riscv64-loader-paths.patch:
easen the use of riscv64 through libvirt (LP: #1990499)
* d/p/u/lp-1990949-virpcivpd-reduce-errors-in-log-due-to-invalid-VPD.patch:
reduce log noise by invalid VPD data (LP: #1990949)
-- Christian Ehrhardt <email address hidden> Tue, 04 Oct 2022 08:29:46 +0200
Available diffs
libvirt (8.6.0-0ubuntu2) kinetic; urgency=medium
* d/p/libvirt-daemon-system.postinst: default network autostart
handling needs to happen before services start (LP: #1990853)
-- Christian Ehrhardt <email address hidden> Wed, 28 Sep 2022 08:36:15 +0200
Available diffs
- diff from 8.6.0-0ubuntu1 to 8.6.0-0ubuntu2 (723 bytes)
libvirt (8.0.0-1ubuntu7.2) jammy; urgency=medium
* d/p/u/lp-1989078-apparmor-Allow-locking-AAVMF-firmware.patch: allow arm64
to lock its OVMF resources (LP: #1989078)
-- Christian Ehrhardt <email address hidden> Thu, 08 Sep 2022 12:00:39 +0200
Available diffs
libvirt (8.6.0-0ubuntu1) kinetic; urgency=medium * Merge 8.0.0 from Debian unstable (LP: #1971289) Among many other fixes and improvements this fixes: - support for minor NFS versions (LP: #1980134) - launching VMs with SGX enabled (LP: #1982896) Remaining changes: - libvirt-uri.sh, d/rules: Automatically switch default libvirt URI for users via user profile (xen URI on dom0, qemu:///system otherwise) - Disable libssh2 support (universe dependency) - d/control: add libzfslinux-dev to build-deps - d/control: drop libvirt-lxc, vbox and xen drivers to suggest - debian/patches/ubuntu/ovmf_paths.patch: adjust paths to secboot.fd UEFI Secure Boot enabled variants of the OVMF firmware and variable store for the paths where we ship these files in Ubuntu. - Set qemu-group to kvm (for compat with older ubuntu) - Additional apport package-hook - Autostart default bridged network (As upstream does, but not Debian). In addition to just enabling it our solution provides: + do not autostart if subnet is already taken (e.g. in guests). + iterate some alternative subnets before giving up - d/p/ubuntu/Allow-libvirt-group-to-access-the-socket.patch: This is the group based access to libvirt functions as it was used in Ubuntu for quite a long time. + d/p/ubuntu/daemon-augeas-fix-expected.patch fix some related tests due to the group access change. + d/libvirt-daemon-system.postinst: add users in sudo to the libvirt group. - Update README.Debian with Ubuntu changes - d/p/ubuntu/ubuntu_machine_type.patch: accept ubuntu types as pci440fx - fix autopkgtests (LP 1899180) + d/t/control, d/t/smoke-qemu-session: fixup smoke-qemu-session by making vmlinuz available and accessible (Debian bug 848314) + d/t/control: fix smoke-qemu-session by ensuring the service will run installing libvirt-daemon-system + d/t/smoke-lxc: fix smoke-lxc by ignoring potential issues on destroy as long as the following undefine succeeds + d/t/smoke-lxc: use systemd instead of sysV to restart the service + d/t/control, d/t/smoke-lxc: retry service restart and skip test if failing; This was flaky on some release/architectures + d/t/smoke-lxc: retry check_domain being flaky on arm64 - dnsmasq related enhancements + run dnsmasq as libvirt-dnsmasq (LP: 1743718) + d/libvirt-daemon-system.postinst: add libvirt-dnsmasq user and group + d/libvirt-daemon-system.postrm: remove libvirt-dnsmasq user and group on purge + d/p/ubuntu/dnsmasq-as-priv-user: write dnsmasq config with user libvirt-dnsmasq and adapt the self tests to expect that config + d/libvirt-daemon-system.postinst: fix old libvirt-dnsmasq users group + Add dnsmasq configuration to work with system wide dnsmasq-base - d/p/ubuntu/set-default-machine-to-ubuntu.patch: to select default machine type correctly with newer qemu/libvirt - d/p/ubuntu/lp-1861125-ubuntu-models: recognize Ubuntu models for (LP 1861125) fixups - d/p/ubuntu/wait-for-qemu-kvm.patch - avoid hangs on startup (LP 1887592) - Apparmor Delta that is Ubuntu specific or yet to be upstreamed split into logical pieces. File names in debian/patches/ubuntu-aa/: + 0020-virt-aa-helper-ubuntu-storage-paths.patch: apparmor, virt-aa-helper: Allow various storage pools and image locations + 0029-appmor-libvirt-qemu-Add-9p-support.patch: appmor, libvirt-qemu: Add 9p support + 0031-virt-aa-helper-Ask-for-no-deny-rule-for-readonly-dis.patch: virt-aa-helper: Ask for no deny rule for readonly disk + 0032-apparmor-libvirt-qemu-Allow-reading-charm-specific-c.patch: apparmor, libvirt-qemu: Allow reading charm-specific ceph config + 0033-UBUNTU-only-apparmor-for-kvm.powerpc-LP-1680384.patch: allow commands executed by ubuntu only kvm wrapper on ppc64el (LP 1686621 LP 1680384 LP 1784023) + 0034-apparmor-virt-aa-helper-access-for-snapped-nova.patch: apparmor, virt-aa-helper: access for snapped nova + lp-1815910-allow-vhost-net.patch: avoid apparmor issues with vhost-net/vhost-vsock/vhost-scsi hotplug (LP: 1815910) - libvirt should not use user/group tss for swtpm (LP 1948880) + d/libvirt-daemon-system.postinst: own swtpm logdir by user swtpm + d/p/u/swtpm-by-swtpm-user.patch: change default spawned swtpm processes to user swtpm and adapt expected self test result changes triggered by this + d/control: suggest swtpm-tools + d/libvirt-daemon-system.postinst: create user/group swtpm if not present due to swtpm-tools (LP 1951975) * Dropped changes [upstream now]: - d/p/backport/qemuDomainSetupDisk-Initialize-targetPaths.patch to work in containers like LXD (without guest start would hang). [8.1.0] - d/p/backport/util-fix-syslog-facility-value.patch to ensure logs get passed to syslog/journal correctly. [8.1.0] - apparmor: Fix QEMU access for UEFI variable files. Backported from upstream master commit 7aec69b7fb9d0c. (Closes 1006324, LP 1962035) Refresh apparmor_profiles_local_include.patch to resolve the conflict. [8.2.0] - d/p/ubuntu-aa/0035-apparmor-separate-swtpm-rules.patch: Patch the libvirtd and libvirt-qemu apparmor profiles to allow swtpm to use its own profile (LP 1968187) [8.3.0] - d/p/u/lp-1972075-Allow-VM-to-read-sysfs-PCI-config-revision-files.patch: apparmor allow new paths used for GL accelerated video (LP 1972075) [8.4.0] * Dropped changes [no more needed]: - d/control: breaks replaces for augeas lenses move in 6.0.0-1 * Added changes: - parallel-shutdown: upstream no more ships libvirt-guests defaults, so the Ubuntu customization of it moved to the file replacing it added in 8.1.0-1 now in d/libvirt-daemon-system.libvirt-guests.default replacing the former "d/p/u/parallel-shutdown.patch: set parallel shutdown by default." - update patches to match 8.6.0 + d/p/u-aa/0032-apparmor-libvirt-qemu-Allow-reading-charm-specific-c.patch + d/p/u/Allow-libvirt-group-to-access-the-socket.patch + d/p/u-aa/lp-1815910-allow-vhost-hotplug.patch + d/p/u/ovmf_paths.patch + d/p/u/swtpm-by-swtpm-user.patch + d/p/u/dnsmasq-as-priv-user
Available diffs
libvirt (8.0.0-1ubuntu7.1) jammy; urgency=medium
* d/p/u/lp-1972075-Allow-VM-to-read-sysfs-PCI-config-revision-files.patch:
apparmor allow new paths used for GL accelerated video (LP: #1972075)
-- Christian Ehrhardt <email address hidden> Thu, 19 May 2022 08:14:48 +0200
Available diffs
libvirt (8.0.0-1ubuntu8) kinetic; urgency=medium
* d/p/u/lp-1972075-Allow-VM-to-read-sysfs-PCI-config-revision-files.patch:
apparmor allow new paths used for GL accelerated video (LP: #1972075)
-- Christian Ehrhardt <email address hidden> Thu, 19 May 2022 08:14:48 +0200
Available diffs
libvirt (7.6.0-0ubuntu1.2) impish-security; urgency=medium
* SECURITY UPDATE: DoS via libxl driver
- debian/patches/CVE-2021-4147-1.patch: disable death events after
receiving a shutdown event in src/libxl/libxl_domain.c,
src/libxl/libxl_domain.h.
- debian/patches/CVE-2021-4147-2.patch: rename libxlShutdownThreadInfo
struct in src/libxl/libxl_domain.c.
- debian/patches/CVE-2021-4147-3.patch: modify name of shutdown thread
in src/libxl/libxl_domain.c.
- debian/patches/CVE-2021-4147-4.patch: handle domain death events in a
thread in src/libxl/libxl_domain.c.
- debian/patches/CVE-2021-4147-5.patch: search for virDomainObj in
event handler threads in src/libxl/libxl_domain.c.
- debian/patches/CVE-2021-4147-6pre1.patch: avoid virHashFree by
rearranging code in src/libxl/libxl_logger.c.
- debian/patches/CVE-2021-4147-6.patch: protect access to libxlLogger
files hash table in src/libxl/libxl_logger.c.
- CVE-2021-4147
* SECURITY UPDATE: DoS via nwfilter driver
- debian/patches/CVE-2022-0897.patch: fix crash when counting number of
network filters in src/nwfilter/nwfilter_driver.c.
- CVE-2022-0897
-- Marc Deslauriers <email address hidden> Wed, 20 Apr 2022 09:34:13 -0400
Available diffs
libvirt (4.0.0-1ubuntu8.21) bionic-security; urgency=medium
* SECURITY UPDATE: crash via double-free memory issue
- debian/patches/CVE-2020-25637-1.patch: gendispatch: handle empty
flags in src/rpc/gendispatch.pl.
- debian/patches/CVE-2020-25637-2.patch: add support for filtering
@acls by uint params in src/remote/remote_protocol.x,
src/rpc/gendispatch.pl.
- debian/patches/CVE-2020-25637-3.patch: require write acl for guest
agent in src/libxl/libxl_driver.c, src/qemu/qemu_driver.c,
src/remote/remote_protocol.x.
- debian/patches/CVE-2020-25637-4.patch: set ifname to NULL after
freeing in src/qemu/qemu_agent.c.
- CVE-2020-25637
* SECURITY UPDATE: sVirt SELinux confinement flaw
- debian/patches/CVE-2021-3631.patch: fix SELinux label generation
logic in src/security/security_selinux.c.
- CVE-2021-3631
* SECURITY UPDATE: segmentation fault during VM shutdown
- debian/patches/CVE-2021-3975.patch: add missing lock in
qemuProcessHandleMonitorEOF in src/qemu/qemu_process.c.
- CVE-2021-3975
* SECURITY UPDATE: DoS via libxl driver
- debian/patches/CVE-2021-4147-pre0.patch: handle external domain
destroy in src/libxl/libxl_domain.c, src/libxl/libxl_domain.h.
- debian/patches/CVE-2021-4147-pre1.patch: fix domain shutdown in
src/libxl/libxl_domain.c.
- debian/patches/CVE-2021-4147-1.patch: disable death events after
receiving a shutdown event in src/libxl/libxl_domain.c,
src/libxl/libxl_domain.h.
- debian/patches/CVE-2021-4147-2.patch: rename libxlShutdownThreadInfo
struct in src/libxl/libxl_domain.c.
- debian/patches/CVE-2021-4147-3.patch: modify name of shutdown thread
in src/libxl/libxl_domain.c.
- debian/patches/CVE-2021-4147-4.patch: handle domain death events in a
thread in src/libxl/libxl_domain.c.
- debian/patches/CVE-2021-4147-5.patch: search for virDomainObj in
event handler threads in src/libxl/libxl_domain.c.
- debian/patches/CVE-2021-4147-6pre1.patch: avoid virHashFree by
rearranging code in src/libxl/libxl_logger.c.
- debian/patches/CVE-2021-4147-6.patch: protect access to libxlLogger
files hash table in src/libxl/libxl_logger.c.
- CVE-2021-4147
* SECURITY UPDATE: DoS via nwfilter driver
- debian/patches/CVE-2022-0897.patch: fix crash when counting number of
network filters in src/nwfilter/nwfilter_driver.c.
- CVE-2022-0897
-- Marc Deslauriers <email address hidden> Wed, 20 Apr 2022 13:18:06 -0400
Available diffs
libvirt (6.0.0-0ubuntu8.16) focal-security; urgency=medium
* SECURITY UPDATE: crash via double-free memory issue
- debian/patches/CVE-2020-25637-1.patch: gendispatch: handle empty
flags in src/rpc/gendispatch.pl.
- debian/patches/CVE-2020-25637-2.patch: add support for filtering
@acls by uint params in src/remote/remote_protocol.x,
src/rpc/gendispatch.pl.
- debian/patches/CVE-2020-25637-3.patch: require write acl for guest
agent in src/libxl/libxl_driver.c, src/qemu/qemu_driver.c,
src/remote/remote_protocol.x.
- debian/patches/CVE-2020-25637-4.patch: set ifname to NULL after
freeing in src/qemu/qemu_agent.c.
- CVE-2020-25637
* SECURITY UPDATE: sVirt SELinux confinement flaw
- debian/patches/CVE-2021-3631.patch: fix SELinux label generation
logic in src/security/security_selinux.c.
- CVE-2021-3631
* SECURITY UPDATE: improper locking issue
- debian/patches/CVE-2021-3667.patch: unlock object on ACL fail in
src/storage/storage_driver.c.
- CVE-2021-3667
* SECURITY UPDATE: segmentation fault during VM shutdown
- debian/patches/CVE-2021-3975.patch: add missing lock in
qemuProcessHandleMonitorEOF in src/qemu/qemu_process.c.
- CVE-2021-3975
* SECURITY UPDATE: DoS via libxl driver
- debian/patches/CVE-2021-4147-pre1.patch: fix domain shutdown in
src/libxl/libxl_domain.c.
- debian/patches/CVE-2021-4147-1.patch: disable death events after
receiving a shutdown event in src/libxl/libxl_domain.c,
src/libxl/libxl_domain.h.
- debian/patches/CVE-2021-4147-2.patch: rename libxlShutdownThreadInfo
struct in src/libxl/libxl_domain.c.
- debian/patches/CVE-2021-4147-3.patch: modify name of shutdown thread
in src/libxl/libxl_domain.c.
- debian/patches/CVE-2021-4147-4.patch: handle domain death events in a
thread in src/libxl/libxl_domain.c.
- debian/patches/CVE-2021-4147-5.patch: search for virDomainObj in
event handler threads in src/libxl/libxl_domain.c.
- debian/patches/CVE-2021-4147-6pre1.patch: avoid virHashFree by
rearranging code in src/libxl/libxl_logger.c.
- debian/patches/CVE-2021-4147-6.patch: protect access to libxlLogger
files hash table in src/libxl/libxl_logger.c.
- CVE-2021-4147
* SECURITY UPDATE: DoS via nwfilter driver
- debian/patches/CVE-2022-0897.patch: fix crash when counting number of
network filters in src/nwfilter/nwfilter_driver.c.
- CVE-2022-0897
-- Marc Deslauriers <email address hidden> Wed, 20 Apr 2022 11:31:12 -0400
Available diffs
| Superseded in kinetic-release |
| Published in jammy-release |
| Deleted in jammy-proposed (Reason: Moved to jammy) |
libvirt (8.0.0-1ubuntu7) jammy; urgency=medium
* d/p/ubuntu-aa/0035-apparmor-separate-swtpm-rules.patch: Patch the libvirtd
and libvirt-qemu apparmor profiles to allow swtpm to use its own profile
(LP: #1968187)
-- Lena Voytek <email address hidden> Tue, 12 Apr 2022 10:04:05 -0700
Available diffs
libvirt (8.0.0-1ubuntu6) jammy; urgency=medium * d/control: recommend swtpm-tools (LP: #1948748) -- Christian Ehrhardt <email address hidden> Mon, 04 Apr 2022 07:30:15 +0200
Available diffs
- diff from 8.0.0-1ubuntu5 to 8.0.0-1ubuntu6 (616 bytes)
libvirt (8.0.0-1ubuntu5) jammy; urgency=medium
* apparmor: Fix QEMU access for UEFI variable files. Backported from
upstream master commit 7aec69b7fb9d0c. (Closes: #1006324, LP: #1962035)
Refresh apparmor_profiles_local_include.patch to resolve the conflict.
-- Martin Pitt <email address hidden> Wed, 09 Mar 2022 13:43:40 +0100
Available diffs
libvirt (8.0.0-1ubuntu4) jammy; urgency=medium * No-change rebuild against libwireshark15. -- Steve Langasek <email address hidden> Mon, 07 Mar 2022 18:34:34 +0000
Available diffs
- diff from 8.0.0-1ubuntu3 to 8.0.0-1ubuntu4 (342 bytes)
libvirt (8.0.0-1ubuntu3) jammy; urgency=medium
* Revert "d/rules, d/libvirt-daemon-system.{postinst,prerm}: never stop
system services and sockets."
Due to the fix being in debhelper we no more need this mitigation now.
(LP: #1959054)
Available diffs
- diff from 7.6.0-0ubuntu3 to 8.0.0-1ubuntu3 (2.7 MiB)
- diff from 8.0.0-1ubuntu2 to 8.0.0-1ubuntu3 (1.8 KiB)
| Superseded in jammy-proposed |
libvirt (8.0.0-1ubuntu2) jammy; urgency=medium * No-change rebuild to update maintainer scripts, see LP: 1959054 -- Dave Jones <email address hidden> Wed, 16 Feb 2022 17:04:47 +0000
Available diffs
- diff from 8.0.0-1ubuntu1 to 8.0.0-1ubuntu2 (348 bytes)
| Superseded in jammy-proposed |
libvirt (8.0.0-1ubuntu1) jammy; urgency=medium * Merge 8.0.0 from Debian unstable (LP: #1946869) Among many other fixes and improvements this fixes ceph usage in regard to apparmor (LP: #1588576) Remaining changes: - libvirt-uri.sh: Automatically switch default libvirt URI for users via user profile (xen URI on dom0, qemu:///system otherwise) [contains lintian fixups of 6.6.0-1ubuntu1] - Disable libssh2 support (universe dependency) - d/control: add libzfslinux-dev to build-deps - d/control: drop libvirt-lxc, vbox and xen drivers to suggest - d/control: breaks replaces for augeas lenses move in 6.0.0-1 (follows Debian, droppable >22.04) - debian/patches/ubuntu/ovmf_paths.patch: adjust paths to secboot.fd UEFI Secure Boot enabled variants of the OVMF firmware and variable store for the paths where we ship these files in Ubuntu. - Set qemu-group to kvm (for compat with older ubuntu) - Additional apport package-hook - Autostart default bridged network (As upstream does, but not Debian). In addition to just enabling it our solution provides: + do not autostart if subnet is already taken (e.g. in guests). + iterate some alternative subnets before giving up - d/p/ubuntu/Allow-libvirt-group-to-access-the-socket.patch: This is the group based access to libvirt functions as it was used in Ubuntu for quite a long time. + d/p/ubuntu/daemon-augeas-fix-expected.patch fix some related tests due to the group access change. + d/libvirt-daemon-system.postinst: add users in sudo to the libvirt group. - d/p/u/parallel-shutdown.patch: set parallel shutdown by default. - Update README.Debian with Ubuntu changes - d/p/ubuntu/ubuntu_machine_type.patch: accept ubuntu types as pci440fx - fix autopkgtests (LP 1899180) + d/t/control, d/t/smoke-qemu-session: fixup smoke-qemu-session by making vmlinuz available and accessible (Debian bug 848314) + d/t/control: fix smoke-qemu-session by ensuring the service will run installing libvirt-daemon-system + d/t/smoke-lxc: fix smoke-lxc by ignoring potential issues on destroy as long as the following undefine succeeds + d/t/smoke-lxc: use systemd instead of sysV to restart the service + d/t/control, d/t/smoke-lxc: retry service restart and skip test if failing; This was flaky on some release/architectures + d/t/smoke-lxc: retry check_domain being flaky on arm64 - dnsmasq related enhancements [now contains dnsmasq-as-priv-user of 6.6.0-1ubuntu1] + run dnsmasq as libvirt-dnsmasq (LP: 1743718) + d/libvirt-daemon-system.postinst: add libvirt-dnsmasq user and group + d/libvirt-daemon-system.postrm: remove libvirt-dnsmasq user and group on purge + d/p/ubuntu/dnsmasq-as-priv-user: write dnsmasq config with user libvirt-dnsmasq and adapt the self tests to expect that config + d/libvirt-daemon-system.postinst: fix old libvirt-dnsmasq users group + Add dnsmasq configuration to work with system wide dnsmasq-base - d/p/ubuntu/set-default-machine-to-ubuntu.patch: to select default machine type correctly with newer qemu/libvirt - d/p/ubuntu/lp-1861125-ubuntu-models: recognize Ubuntu models for (LP 1861125) fixups - d/p/ubuntu/wait-for-qemu-kvm.patch - avoid hangs on startup (LP 1887592) - Apparmor Delta that is Ubuntu specific or yet to be upstreamed split into logical pieces. File names in debian/patches/ubuntu-aa/: + 0020-virt-aa-helper-ubuntu-storage-paths.patch: apparmor, virt-aa-helper: Allow various storage pools and image locations + 0029-appmor-libvirt-qemu-Add-9p-support.patch: appmor, libvirt-qemu: Add 9p support + 0031-virt-aa-helper-Ask-for-no-deny-rule-for-readonly-dis.patch: virt-aa-helper: Ask for no deny rule for readonly disk (renamed and reworded, was virt-aa-helper-no-explicity-deny-for-basefiles.patch) + 0032-apparmor-libvirt-qemu-Allow-reading-charm-specific-c.patch: apparmor, libvirt-qemu: Allow reading charm-specific ceph config + 0033-UBUNTU-only-apparmor-for-kvm.powerpc-LP-1680384.patch: allow commands executed by ubuntu only kvm wrapper on ppc64el (LP 1686621 LP 1680384 LP 1784023) + 0034-apparmor-virt-aa-helper-access-for-snapped-nova.patch: apparmor, virt-aa-helper: access for snapped nova + lp-1815910-allow-vhost-net.patch: avoid apparmor issues with vhost-net/vhost-vsock/vhost-scsi hotplug (LP: 1815910) - libvirt should not use user/group tss for swtpm (LP 1948880) + d/libvirt-daemon-system.postinst: own swtpm logdir by user swtpm + d/p/u/swtpm-by-swtpm-user.patch: change default spawned swtpm processes to user swtpm + d/p/u/swtpm-by-swtpm-user.patch: adapt expected self test results + d/control: suggest swtpm-tools + d/libvirt-daemon-system.postinst: create user/group swtpm if not present due to swtpm-tools (LP 1951975) * Dropped changes [in Debian now]: - d/control: add libtirpc for rpc.h with glibc >=2.32 - various patch refreshes and .symbols updated from 7.0.0 - 7.6.0 - debian/rules: disable the netcf backend. (LP: 1764314) - d/libvirt-clients.install: completions no more are symlinked to vsh - d/rules: disable the now auto-built vstorage backend - not-installed: split daemon man pages are no yet installed - d/rules: disable the new Cloud Hypervisor driver - d/rules: enable more features explicitly - d/rules: use apparmor_profiles=enabled instead of the now rejected value true - rules: Explicitly set remote_default_mode - rules: Rework installation of AppArmor-related files - d/control, d/rules: enable libssh (LP 1939416) * Dropped changes [upstream now]: - d/p/u/lp-1913266-*: add vsock options to be usable with s390x secure execution (LP 1913266) - d/p/u/lp-1927519-virt-aa-helper-Purge-profile-if-corrupted.patch: avoid issues due to corrupted apparmor profiles (LP 1927519) - Toleration for qemu >=6.0 handling of props (LP 1932264) - Persistent vfio-ccw device assignments (LP 1887929) * Dropped changes [no more needed]: - remove Debian debian/Revert-m4-virt-xdr-rewrite-XDR-check.patch as with recent ubuntu glibx 2.32 it is breaking the build - update d/p/debian/Revert-m4-virt-xdr-rewrite-XDR-check.patch: to detect XDR functions from glibc - d/t/smoke-lxc: skip before systemd 248 due to a known bug (LP 1934966) - d/t/smoke-lxc: skip if cgroup v1&v2 are present (systemd 248 was not enough) * Added changes: - d/p/u/dnsmasq-as-priv-user: update for 8.0.0 - Add recent upstream fixes to 8.0 + d/p/backport/qemuDomainSetupDisk-Initialize-targetPaths.patch to work in containers like LXD (without guest start would hang). + d/p/backport/util-fix-syslog-facility-value.patch to ensure logs get passed to syslog/journal correctly. - d/rules, d/libvirt-daemon-system.{postinst,postrm}: never stop libvirt system services and sockets (LP: #1959054). This allows to unblock some transitions that wait on libvirt now; The intention is that it is fixed in debhelper and libvirt reverts this change before jammy release.
Available diffs
libvirt (7.6.0-0ubuntu3) jammy; urgency=medium
* d/libvirt-daemon-system.postinst: create user/group swtpm if not present
due to swtpm-tools (LP: #1951975)
-- Christian Ehrhardt <email address hidden> Wed, 24 Nov 2021 07:50:53 +0100
Available diffs
- diff from 7.6.0-0ubuntu1 to 7.6.0-0ubuntu3 (3.3 KiB)
- diff from 7.6.0-0ubuntu2 to 7.6.0-0ubuntu3 (750 bytes)
libvirt (4.0.0-1ubuntu8.20) bionic; urgency=medium
* d/p/u/lp-1927519-virt-aa-helper-Purge-profile-if-corrupted.patch:
avoid issues due to corrupted apparmor profiles (LP: #1927519)
* d/p/u/skip-new-pdwtags.patch: avoid issues with backported
dwarves 1.21 (LP: #1951438)
-- Christian Ehrhardt <email address hidden> Thu, 18 Nov 2021 10:24:01 +0100
Available diffs
libvirt (6.0.0-0ubuntu8.15) focal; urgency=medium
* d/p/u/lp-1927519-virt-aa-helper-Purge-profile-if-corrupted.patch:
avoid issues due to corrupted apparmor profiles (LP: #1927519)
-- Christian Ehrhardt <email address hidden> Thu, 18 Nov 2021 10:23:11 +0100
Available diffs
libvirt (7.0.0-2ubuntu2.2) hirsute; urgency=medium
* d/p/u/lp-1927519-virt-aa-helper-Purge-profile-if-corrupted.patch:
avoid issues due to corrupted apparmor profiles (LP: #1927519)
-- Christian Ehrhardt <email address hidden> Thu, 18 Nov 2021 10:22:28 +0100
Available diffs
libvirt (7.6.0-0ubuntu1.1) impish; urgency=medium
* d/p/u/lp-1927519-virt-aa-helper-Purge-profile-if-corrupted.patch:
avoid issues due to corrupted apparmor profiles (LP: #1927519)
-- Christian Ehrhardt <email address hidden> Thu, 18 Nov 2021 10:19:58 +0100
Available diffs
| Superseded in jammy-proposed |
libvirt (7.6.0-0ubuntu2) jammy; urgency=medium
* d/p/u/lp-1927519-virt-aa-helper-Purge-profile-if-corrupted.patch: avoid
issues due to corrupted apparmor profiles (LP: #1927519)
* libvirt should not use user/group tss for swtpm (LP: #1948880)
- d/libvirt-daemon-system.postinst: own swtpm logdir by user swtpm
- d/p/u/swtpm-by-swtpm-user.patch: change default spawned swtpm processes
to user swtpm
- d/p/u/swtpm-by-swtpm-user.patch: adapt expected self test results
- d/control: suggest swtpm-tools
-- Christian Ehrhardt <email address hidden> Thu, 11 Nov 2021 12:11:38 +0100
Available diffs
libvirt (6.0.0-0ubuntu8.14) focal; urgency=medium
* Fixup backport of "util: Add phys_port_name support on virPCIGetNetName"
to include the incorrectly removed "firstEntryName = NULL;" line, which
caused a regression bringing up network pools. (LP: #1943481)
- d/p/u/lp-1892132-Add-phys_port_name-support-on-virPCIGetNetName.patch
-- Matthew Ruffell <email address hidden> Tue, 14 Sep 2021 14:00:49 +1200
Available diffs
- diff from 6.0.0-0ubuntu8.13 to 6.0.0-0ubuntu8.14 (762 bytes)
| Superseded in jammy-release |
| Obsolete in impish-release |
| Deleted in impish-proposed (Reason: Moved to impish) |
libvirt (7.6.0-0ubuntu1) impish; urgency=medium
* Merge v7.6.0 from upstream and unreleased changes from Debian git.
Among other bugs this fixes copy-storage-inc based migrations (LP: #1936778)
- New upstream version 7.5.0
- New upstream version 7.6.0
- symbols: Bump symbol versions
- refresh d/p/debian/Set-defaults-for-zfs-tools.patch for v7.5.0
- patches: Refresh patches
- d/rules: disable the new Cloud Hypervisor driver
- d/rules: enable more features explicitly
- d/rules: use apparmor_profiles=enabled instead of the now rejected
value true
- update d/p/debian/Revert-m4-virt-xdr-rewrite-XDR-check.patch: to detect
XDR functions from glibc
* d/control, d/rules: enable libssh (LP: #1939416)
* refresh ubuntu patches for v7.6.0
* Further fixups for v7.6.0 (thanks to Andrea Bolognani)
- rules: Explicitly set remote_default_mode
- rules: Rework installation of AppArmor-related files
-- Christian Ehrhardt <email address hidden> Wed, 11 Aug 2021 08:11:16 +0200
Available diffs
- diff from 7.4.0-0ubuntu3 to 7.6.0-0ubuntu1 (792.8 KiB)
libvirt (7.0.0-2ubuntu2.1) hirsute; urgency=medium
* Add support for switchdev NICs that link representor ports to parent PCI
device. (LP: #1892132)
- d/p/u/lp-1892132-Add-phys_port_name-support-on-virPCIGetNetName.patch
- d/p/u/lp-1892132-add-virNetDevGetPhysPortName.patch
-- Frode Nordahl <email address hidden> Fri, 16 Jul 2021 05:16:36 +0000
Available diffs
libvirt (6.0.0-0ubuntu8.13) focal; urgency=medium
* Add support for switchdev NICs that link representor ports to parent PCI
device. (LP: #1892132)
- d/p/u/lp-1892132-Add-phys_port_name-support-on-virPCIGetNetName.patch
- d/p/u/lp-1892132-add-virNetDevGetPhysPortName.patch
-- Frode Nordahl <email address hidden> Fri, 16 Jul 2021 05:16:36 +0000
Available diffs
libvirt (6.0.0-0ubuntu8.12) focal; urgency=medium
* d/p/u/lp-1929202-*: fix pre-creation of images during migration
(LP: #1929202)
-- Christian Ehrhardt <email address hidden> Tue, 20 Jul 2021 14:13:56 +0200
Available diffs
libvirt (7.4.0-0ubuntu3) impish; urgency=medium
* d/t/smoke-lxc: skip if cgroup v1&v2 are present (systemd 248
was not enough)
Available diffs
- diff from 7.0.0-2ubuntu2 to 7.4.0-0ubuntu3 (6.8 MiB)
- diff from 7.4.0-0ubuntu2 to 7.4.0-0ubuntu3 (940 bytes)
| Superseded in impish-proposed |
libvirt (7.4.0-0ubuntu2) impish; urgency=medium * d/t/smoke-lxc: skip before systemd 248 due to a known bug (LP: #1934966)
Available diffs
- diff from 7.4.0-0ubuntu1 to 7.4.0-0ubuntu2 (803 bytes)
| Superseded in impish-proposed |
libvirt (7.4.0-0ubuntu1) impish; urgency=medium
* Merge v7.4.0 from upstream,
among a lot of new features and fixes this closes a few of issues
reported against Ubuntu
- Toleration for qemu >=6.0 handling of props (LP: #1932264)
- Persistent vfio-ccw device assignments (LP: #1887929)
- Drop patches that are upstream in v7.4.0
- d/p/b/meson-Fix-cross-building-of-dtrace-probes.patch
- d/p/b/apparmor-let-image-label-setting-loop-over-backing-files.patch
- d/p/r/systemd-Revert-remote-Add-libvirtd-dependency-to-virt-gue.patch
- d/p/u/lp-1913266-*: add vsock options to be usable with s390x
- d/p/u/lp-1921754-*: EPYC-Rome-v2
- d/p/u/lp-1921880-*: EPYC-Milan
- d/libvirt-clients.install: completions no more are symlinked to vsh
- Revert "disable firewalld support (universe dependency)"
This does not add a runtime dependency and while firewalld isn't in
main that way users can install and use it from universe.
(LP: #1928113)
- d/libvirt0.symbols: bump symbol versions for 7.4.0
- d/rules: disable the now auto-built vstorage backend
- not-installed: split daemon man pages are no yet installed
-- Christian Ehrhardt <email address hidden> Thu, 17 Jun 2021 10:33:27 +0200
Available diffs
libvirt (6.0.0-0ubuntu8.11) focal; urgency=medium
* d/p/ubuntu/lp-1906266-virStorageFileGetMetadataRecurse-Allow-format-probin:
relax restrictions on format probing for compat with older images
(LP: #1906266)
-- Christian Ehrhardt <email address hidden> Tue, 05 Jan 2021 13:48:48 +0100
Available diffs
libvirt (6.0.0-0ubuntu8.10) focal; urgency=medium
* d/p/ubuntu-aa/lp-1890858-unix-socket.patch: avoid issues of some users
to connect to libvirtd (LP: #1890858)
-- Christian Ehrhardt <email address hidden> Mon, 14 Jun 2021 14:36:04 +0200
Available diffs
libvirt (6.0.0-0ubuntu8.9) focal; urgency=medium
* d/p/u/lp-1921754*: add EPYC-Rome-v2 as v1 missed IBRS and thereby fails
on some HW/Guest combinations e.g. Windows 10 on Threadripper
(LP: #1921754)
* d/p/u/lp-1921880*: add EPYC-Milan features and named cpu type support
(LP: #1921880)
* d/p/u/lp-1922907: add ability to parse cpu stepping and thereby correctly
differentiate skylake and cascadelake chips (LP: #1922907)
-- Christian Ehrhardt <email address hidden> Wed, 07 Apr 2021 13:33:46 +0200
Available diffs
libvirt (6.6.0-1ubuntu3.5) groovy; urgency=medium
* d/p/u/lp-1921754*: add EPYC-Rome-v2 as v1 missed IBRS and thereby fails
on some HW/Guest combinations e.g. Windows 10 on Threadripper
(LP: #1921754)
* d/p/u/lp-1921880*: add EPYC-Milan features and named cpu type support
(LP: #1921880)
-- Christian Ehrhardt <email address hidden> Wed, 07 Apr 2021 13:33:46 +0200
Available diffs
| Superseded in impish-release |
| Deleted in impish-release (Reason: Moved to impish-proposed) |
| Deleted in impish-proposed (Reason: Moved to impish) |
| Superseded in impish-proposed |
| Superseded in hirsute-updates |
| Deleted in hirsute-proposed (Reason: moved to -updates) |
libvirt (7.0.0-2ubuntu2) hirsute; urgency=medium
* d/p/u/lp-1921754*: add EPYC-Rome-v2 as v1 missed IBRS and thereby fails
on some HW/Guest combinations e.g. Windows 10 on Threadripper
(LP: #1921754)
* d/p/u/lp-1921880*: add EPYC-Milan features and named cpu type support
(LP: #1921880)
-- Christian Ehrhardt <email address hidden> Wed, 07 Apr 2021 13:33:46 +0200
Available diffs
| 1 → 75 of 750 results | First • Previous • Next • Last |
