Change log for libvirt package in Ubuntu
1 → 75 of 750 results | First • Previous • Next • Last |
libvirt (10.0.0-2ubuntu8.2) noble-security; urgency=medium * SECURITY UPDATE: stack use-after-free in virNetClientIOEventLoop() - debian/patches/CVE-2024-4418.patch: ensure temporary GSource is removed from client event loop in src/rpc/virnetclient.c. - CVE-2024-4418 -- Marc Deslauriers <email address hidden> Mon, 06 May 2024 09:12:37 -0400
Available diffs
Superseded in oracular-proposed |
Superseded in oracular-proposed |
Superseded in noble-updates |
Superseded in noble-security |
libvirt (10.0.0-2ubuntu8.1) noble-security; urgency=medium * SECURITY UPDATE: off-by-one in udevListInterfacesByStatus() - debian/patches/CVE-2024-1441.patch: properly check count in src/interface/interface_backend_udev.c. - CVE-2024-1441 * SECURITY UPDATE: crash in RPC library - debian/patches/CVE-2024-2494.patch: check values in src/remote/remote_daemon_dispatch.c, src/rpc/gendispatch.pl. - CVE-2024-2494 -- Marc Deslauriers <email address hidden> Thu, 18 Apr 2024 11:42:32 -0400
Available diffs
libvirt (6.0.0-0ubuntu8.20) focal; urgency=medium * d/p/u/lp2059272-2-qemu-Wait-qemuProcessReconnect-threads-in-cleanup.patch: Remove patch. It is not possible to wait for qemuProcessReconnect() in cleanup: it talks to QEMU monitor, which blocks on replies from event loop, but it's already stopped at cleanup, delaying shutdown. * d/p/u/lp2059272-2-qemu-Do-not-save-XML-in-shutdown-on-init.patch: Instead of waiting at cleanup for threads which might be blocked thus would _not even reach_ the function that causes the problem, just skip that function if it is _actually reached_ while daemon shutdown is in progress. That is in the init path and would just run again anyway the next time libvirtd is started (LP: #2059272) * NOTE: This package contains the changes from 6.0.0-0ubuntu8.18 and 6.0.0-0ubuntu8.17 in focal-proposed (with symbolic changelog entry) superseded by 6.0.0-0ubuntu8.19 in focal-security.
Available diffs
Published in oracular-release |
Published in noble-release |
Deleted in noble-proposed (Reason: Moved to noble) |
libvirt (10.0.0-2ubuntu8) noble; urgency=medium * Rebuild against new libpcap0.8t64. -- Gianfranco Costamagna <email address hidden> Mon, 15 Apr 2024 10:17:16 +0200
Available diffs
- diff from 10.0.0-2ubuntu7 to 10.0.0-2ubuntu8 (332 bytes)
libvirt (6.0.0-0ubuntu8.19) focal-security; urgency=medium * SECURITY UPDATE: off-by-one in udevListInterfacesByStatus() - debian/patches/CVE-2024-1441.patch: properly check count in src/interface/interface_backend_udev.c. - CVE-2024-1441 * SECURITY UPDATE: crash in RPC library - debian/patches/CVE-2024-2494.patch: check values in src/remote/remote_daemon_dispatch.c, src/rpc/gendispatch.pl. - CVE-2024-2494 * SECURITY UPDATE: null pointer deref in udevConnectListAllInterfaces() - debian/patches/CVE-2024-2496.patch: fix udev_device_get_sysattr_value return value check in src/interface/interface_backend_udev.c. - CVE-2024-2496 * NOTE: This package does _not_ contain the changes from 6.0.0-0ubuntu8.18 in focal-proposed. -- Marc Deslauriers <email address hidden> Fri, 12 Apr 2024 13:50:27 -0400
Available diffs
libvirt (8.0.0-1ubuntu7.10) jammy-security; urgency=medium * SECURITY UPDATE: off-by-one in udevListInterfacesByStatus() - debian/patches/CVE-2024-1441.patch: properly check count in src/interface/interface_backend_udev.c. - CVE-2024-1441 * SECURITY UPDATE: crash in RPC library - debian/patches/CVE-2024-2494.patch: check values in src/remote/remote_daemon_dispatch.c, src/rpc/gendispatch.pl. - CVE-2024-2494 * SECURITY UPDATE: null pointer deref in udevConnectListAllInterfaces() - debian/patches/CVE-2024-2496.patch: fix udev_device_get_sysattr_value return value check in src/interface/interface_backend_udev.c. - CVE-2024-2496 -- Marc Deslauriers <email address hidden> Fri, 12 Apr 2024 13:48:21 -0400
Available diffs
libvirt (9.6.0-1ubuntu1.1) mantic-security; urgency=medium * SECURITY UPDATE: off-by-one in udevListInterfacesByStatus() - debian/patches/CVE-2024-1441.patch: properly check count in src/interface/interface_backend_udev.c. - CVE-2024-1441 * SECURITY UPDATE: crash in RPC library - debian/patches/CVE-2024-2494.patch: check values in src/remote/remote_daemon_dispatch.c, src/rpc/gendispatch.pl. - CVE-2024-2494 * SECURITY UPDATE: null pointer deref in udevConnectListAllInterfaces() - debian/patches/CVE-2024-2496.patch: fix udev_device_get_sysattr_value return value check in src/interface/interface_backend_udev.c. - CVE-2024-2496 -- Marc Deslauriers <email address hidden> Fri, 12 Apr 2024 13:40:18 -0400
Available diffs
Deleted in focal-proposed (Reason: moved to -updates) |
libvirt (6.0.0-0ubuntu8.18) focal; urgency=medium * d/p/u/lp2059272-1-qemu-Fix-potential-crash-during-driver-cleanup.patch: On QEMU driver cleanup, release (stop) the worker thread pool _first_, before other data used by possibly running worker threads (LP: #2059272) * d/p/u/lp2059272-2-qemu-Wait-qemuProcessReconnect-threads-in-cleanup.patch: On QEMU driver cleanup, also wait for qemuProcessReconnect() threads, as they are independent of the worker thread pool. (LP: #2059272) Focal needs this as it has no .stateShutdownWait() callback yet. (The wait timeout is set in LIBVIRT_QEMU_STATE_CLEANUP_WAIT_TIMEOUT: -1 = wait indefinitely; 0 = do not wait; N = wait up to N seconds.)
Available diffs
libvirt (10.0.0-2ubuntu7) noble; urgency=medium * No-change rebuild for CVE-2024-3094 -- Steve Langasek <email address hidden> Sun, 31 Mar 2024 02:19:57 +0000
Available diffs
- diff from 10.0.0-2ubuntu5 to 10.0.0-2ubuntu7 (13.8 KiB)
- diff from 10.0.0-2ubuntu6 to 10.0.0-2ubuntu7 (340 bytes)
Superseded in noble-proposed |
libvirt (10.0.0-2ubuntu6) noble; urgency=medium * d/p/u/lp-2051754-*.patch: Backport upstream fix for LP: #2051754. -- Sergio Durigan Junior <email address hidden> Tue, 19 Mar 2024 22:22:12 -0400
Available diffs
- diff from 10.0.0-2ubuntu5 to 10.0.0-2ubuntu6 (13.8 KiB)
libvirt (8.0.0-1ubuntu7.9) jammy; urgency=medium * d/p/u/lp2059272-qemu-Fix-potential-crash-during-driver-cleanup.patch: On QEMU driver cleanup, release (stop) the worker thread pool _first_, before other data used by possibly running worker threads (LP: #2059272) -- Mauricio Faria de Oliveira <email address hidden> Wed, 27 Mar 2024 12:47:46 -0300
Available diffs
libvirt (10.0.0-2ubuntu5) noble; urgency=medium * No-change rebuild against libcurl3t64-gnutls -- Steve Langasek <email address hidden> Sat, 16 Mar 2024 07:06:57 +0000
Available diffs
- diff from 10.0.0-2ubuntu1 to 10.0.0-2ubuntu5 (423 bytes)
- diff from 10.0.0-2ubuntu4 to 10.0.0-2ubuntu5 (307 bytes)
Superseded in noble-proposed |
libvirt (10.0.0-2ubuntu4) noble; urgency=medium * No-change rebuild against libglib2.0-0t64 -- Steve Langasek <email address hidden> Mon, 11 Mar 2024 23:06:29 +0000
Available diffs
- diff from 10.0.0-2ubuntu3 to 10.0.0-2ubuntu4 (300 bytes)
Superseded in noble-proposed |
libvirt (10.0.0-2ubuntu3) noble; urgency=medium * No-change rebuild against libgnutls30t64 -- Steve Langasek <email address hidden> Sun, 10 Mar 2024 02:08:29 +0000
Available diffs
- diff from 10.0.0-2ubuntu2 to 10.0.0-2ubuntu3 (306 bytes)
Superseded in noble-proposed |
libvirt (10.0.0-2ubuntu2) noble; urgency=medium * No-change rebuild against libtirpc3t64 -- Steve Langasek <email address hidden> Thu, 29 Feb 2024 09:26:53 +0000
Available diffs
- diff from 10.0.0-2ubuntu1 to 10.0.0-2ubuntu2 (339 bytes)
libvirt (10.0.0-2ubuntu1) noble; urgency=medium * Merge with Debian unstable (LP: #2054479). Remaining changes: - Disable libssh2 support (universe dependency) - d/control: add libzfslinux-dev to build-deps - d/control: drop libvirt-lxc, vbox and xen drivers to suggest - debian/patches/ubuntu/ovmf_paths.patch: adjust paths to secboot.fd UEFI Secure Boot enabled variants of the OVMF firmware and variable store for the paths where we ship these files in Ubuntu. - Set qemu-group to kvm (for compat with older ubuntu) - Additional apport package-hook - Autostart default bridged network (As upstream does, but not Debian). In addition to just enabling it our solution provides: + do not autostart if subnet is already taken (e.g. in guests). + iterate some alternative subnets before giving up - d/p/ubuntu/Allow-libvirt-group-to-access-the-socket.patch: This is the group based access to libvirt functions as it was used in Ubuntu for quite a long time. + d/p/ubuntu/daemon-augeas-fix-expected.patch fix some related tests due to the group access change. + d/libvirt-daemon-system.postinst: add users in sudo to the libvirt group. - Update README.Debian with Ubuntu changes - d/p/ubuntu/ubuntu_machine_type.patch: accept ubuntu types as pci440fx - fix autopkgtests (LP 1899180) + d/t/control, d/t/smoke-qemu-session: fixup smoke-qemu-session by making vmlinuz available and accessible (Debian bug 848314) + d/t/control: fix smoke-qemu-session by ensuring the service will run installing libvirt-daemon-system + d/t/smoke-lxc: fix smoke-lxc by ignoring potential issues on destroy as long as the following undefine succeeds + d/t/smoke-lxc: use systemd instead of sysV to restart the service + d/t/control, d/t/smoke-lxc: retry service restart and skip test if failing; This was flaky on some release/architectures + d/t/smoke-lxc: retry check_domain being flaky on arm64 - dnsmasq related enhancements + run dnsmasq as libvirt-dnsmasq (LP 1743718) + d/libvirt-daemon-system.postinst: add libvirt-dnsmasq user and group + d/libvirt-daemon-system.postrm: remove libvirt-dnsmasq user and group on purge + d/p/ubuntu/dnsmasq-as-priv-user: write dnsmasq config with user libvirt-dnsmasq and adapt the self tests to expect that config + d/libvirt-daemon-system.postinst: fix old libvirt-dnsmasq users group + Add dnsmasq configuration to work with system wide dnsmasq-base - d/p/ubuntu/set-default-machine-to-ubuntu.patch: to select default machine type correctly with newer qemu/libvirt - d/p/ubuntu/lp-1861125-ubuntu-models: recognize Ubuntu models for (LP 1861125) fixups - d/p/ubuntu/wait-for-qemu-kvm.patch - avoid hangs on startup (LP 1887592) - d/libvirt-daemon-system.libvirt-guests.default: shut guests down in parallel - Apparmor Delta that is Ubuntu specific or yet to be upstreamed split into logical pieces. File names in debian/patches/ubuntu-aa/: + 0020-virt-aa-helper-ubuntu-storage-paths.patch: apparmor, virt-aa-helper: Allow various storage pools and image locations + 0029-appmor-libvirt-qemu-Add-9p-support.patch: appmor, libvirt-qemu: Add 9p support + 0031-virt-aa-helper-Ask-for-no-deny-rule-for-readonly-dis.patch: virt-aa-helper: Ask for no deny rule for readonly disk + 0032-apparmor-libvirt-qemu-Allow-reading-charm-specific-c.patch: apparmor, libvirt-qemu: Allow reading charm-specific ceph config + 0033-UBUNTU-only-apparmor-for-kvm.powerpc-LP-1680384.patch: allow commands executed by ubuntu only kvm wrapper on ppc64el (LP 1686621 LP 1680384 LP 1784023) + 0034-apparmor-virt-aa-helper-access-for-snapped-nova.patch: apparmor, virt-aa-helper: access for snapped nova + lp-1815910-allow-vhost-hotplug.patch: avoid apparmor issues with vhost-net/vhost-vsock/vhost-scsi hotplug (LP 1815910) - libvirt should not use user/group tss for swtpm (LP 1948880) + d/libvirt-daemon-system.postinst: own swtpm logdir by user swtpm + d/p/u/swtpm-by-swtpm-user.patch: change default spawned swtpm processes to user swtpm and adapt expected self test result changes triggered by this + d/libvirt-daemon-system.postinst: create user/group swtpm if not present due to swtpm-tools (LP 1951975) - d/control: Use libc6-dev instead of libc-dev as a build dependency - d/libvirt-clients.lintian-overrides: Add script-not-executable lintian override - libvirt-uri.sh, d/rules: Automatically switch default libvirt URI for users via user profile (xen URI on dom0, qemu:///system otherwise) + Update: Set LIBVIRT_DEFAULT_URI to "qemu:///system" in all cases, do not set to "xen:///" (LP #2027838) - d/control: Demote passt to Suggests (from Recommends) for libvirt-daemon-driver-qemu, because passt is in universe. -- Sergio Durigan Junior <email address hidden> Tue, 20 Feb 2024 17:42:01 -0500
Available diffs
Deleted in noble-updates (Reason: superseded by release) |
Superseded in noble-release |
Deleted in noble-proposed (Reason: Moved to noble) |
libvirt (10.0.0-1ubuntu1) noble; urgency=medium * Merge with Debian unstable (LP: #2040393, #2037606). Remaining changes: - Disable libssh2 support (universe dependency) - d/control: add libzfslinux-dev to build-deps - d/control: drop libvirt-lxc, vbox and xen drivers to suggest - debian/patches/ubuntu/ovmf_paths.patch: adjust paths to secboot.fd UEFI Secure Boot enabled variants of the OVMF firmware and variable store for the paths where we ship these files in Ubuntu. - Set qemu-group to kvm (for compat with older ubuntu) - Additional apport package-hook - Autostart default bridged network (As upstream does, but not Debian). In addition to just enabling it our solution provides: + do not autostart if subnet is already taken (e.g. in guests). + iterate some alternative subnets before giving up - d/p/ubuntu/Allow-libvirt-group-to-access-the-socket.patch: This is the group based access to libvirt functions as it was used in Ubuntu for quite a long time. + d/p/ubuntu/daemon-augeas-fix-expected.patch fix some related tests due to the group access change. + d/libvirt-daemon-system.postinst: add users in sudo to the libvirt group. - Update README.Debian with Ubuntu changes - d/p/ubuntu/ubuntu_machine_type.patch: accept ubuntu types as pci440fx - fix autopkgtests (LP 1899180) + d/t/control, d/t/smoke-qemu-session: fixup smoke-qemu-session by making vmlinuz available and accessible (Debian bug 848314) + d/t/control: fix smoke-qemu-session by ensuring the service will run installing libvirt-daemon-system + d/t/smoke-lxc: fix smoke-lxc by ignoring potential issues on destroy as long as the following undefine succeeds + d/t/smoke-lxc: use systemd instead of sysV to restart the service + d/t/control, d/t/smoke-lxc: retry service restart and skip test if failing; This was flaky on some release/architectures + d/t/smoke-lxc: retry check_domain being flaky on arm64 - dnsmasq related enhancements + run dnsmasq as libvirt-dnsmasq (LP 1743718) + d/libvirt-daemon-system.postinst: add libvirt-dnsmasq user and group + d/libvirt-daemon-system.postrm: remove libvirt-dnsmasq user and group on purge + d/p/ubuntu/dnsmasq-as-priv-user: write dnsmasq config with user libvirt-dnsmasq and adapt the self tests to expect that config + d/libvirt-daemon-system.postinst: fix old libvirt-dnsmasq users group + Add dnsmasq configuration to work with system wide dnsmasq-base - d/p/ubuntu/set-default-machine-to-ubuntu.patch: to select default machine type correctly with newer qemu/libvirt - d/p/ubuntu/lp-1861125-ubuntu-models: recognize Ubuntu models for (LP 1861125) fixups - d/p/ubuntu/wait-for-qemu-kvm.patch - avoid hangs on startup (LP 1887592) - d/libvirt-daemon-system.libvirt-guests.default: shut guests down in parallel - Apparmor Delta that is Ubuntu specific or yet to be upstreamed split into logical pieces. File names in debian/patches/ubuntu-aa/: + 0020-virt-aa-helper-ubuntu-storage-paths.patch: apparmor, virt-aa-helper: Allow various storage pools and image locations + 0029-appmor-libvirt-qemu-Add-9p-support.patch: appmor, libvirt-qemu: Add 9p support + 0031-virt-aa-helper-Ask-for-no-deny-rule-for-readonly-dis.patch: virt-aa-helper: Ask for no deny rule for readonly disk + 0032-apparmor-libvirt-qemu-Allow-reading-charm-specific-c.patch: apparmor, libvirt-qemu: Allow reading charm-specific ceph config + 0033-UBUNTU-only-apparmor-for-kvm.powerpc-LP-1680384.patch: allow commands executed by ubuntu only kvm wrapper on ppc64el (LP 1686621 LP 1680384 LP 1784023) + 0034-apparmor-virt-aa-helper-access-for-snapped-nova.patch: apparmor, virt-aa-helper: access for snapped nova + lp-1815910-allow-vhost-hotplug.patch: avoid apparmor issues with vhost-net/vhost-vsock/vhost-scsi hotplug (LP 1815910) - libvirt should not use user/group tss for swtpm (LP 1948880) + d/libvirt-daemon-system.postinst: own swtpm logdir by user swtpm + d/p/u/swtpm-by-swtpm-user.patch: change default spawned swtpm processes to user swtpm and adapt expected self test result changes triggered by this + d/libvirt-daemon-system.postinst: create user/group swtpm if not present due to swtpm-tools (LP 1951975) - d/control: Use libc6-dev instead of libc-dev as a build dependency - d/libvirt-clients.lintian-overrides: Add script-not-executable lintian override - libvirt-uri.sh, d/rules: Automatically switch default libvirt URI for users via user profile (xen URI on dom0, qemu:///system otherwise) + Update: Set LIBVIRT_DEFAULT_URI to "qemu:///system" in all cases, do not set to "xen:///" (LP #2027838) * Drop changes: - revert "libvirt-daemon-system: Drop polkit rules in legacy pkla format" because policykit-1 > 121 isn't yet ready to go to main in lunar. (LP #2008830) [ policykit-1 > 121 is in noble-main ] * Add changes: - d/control: Demote passt to Suggests (from Recommends) for libvirt-daemon-driver-qemu, because passt is in universe. -- Sergio Durigan Junior <email address hidden> Sun, 21 Jan 2024 00:19:08 -0500
Available diffs
libvirt (8.0.0-1ubuntu7.8) jammy; urgency=medium * d/p/u/lp-2028057-*, d/libvirt0.install: Add named types and definitions, along with QEMU alias syncing for Intel SapphireRapids (LP: #2028057) -- Lena Voytek <email address hidden> Wed, 29 Nov 2023 14:52:52 -0700
Available diffs
Deleted in lunar-proposed (Reason: The package was removed because its target series is goin...) |
libvirt (9.0.0-2ubuntu1.3) lunar; urgency=medium * d/p/u/lp-2028057-*, d/libvirt0.install: Add named types and definitions for Intel SapphireRapids (LP: #2028057) -- Lena Voytek <email address hidden> Wed, 06 Sep 2023 12:58:15 -0700
Available diffs
libvirt (9.6.0-1ubuntu2) noble; urgency=medium * Rebuild against 'new libwireshark17'. -- Gianfranco Costamagna <email address hidden> Fri, 24 Nov 2023 15:27:16 +0100
Available diffs
- diff from 9.6.0-1ubuntu1 to 9.6.0-1ubuntu2 (358 bytes)
Superseded in noble-release |
Published in mantic-release |
Deleted in mantic-proposed (Reason: Moved to mantic) |
libvirt (9.6.0-1ubuntu1) mantic; urgency=medium * Merge with Debian unstable (LP: #2018082). Remaining changes: - Disable libssh2 support (universe dependency) - d/control: add libzfslinux-dev to build-deps - d/control: drop libvirt-lxc, vbox and xen drivers to suggest - debian/patches/ubuntu/ovmf_paths.patch: adjust paths to secboot.fd UEFI Secure Boot enabled variants of the OVMF firmware and variable store for the paths where we ship these files in Ubuntu. - Set qemu-group to kvm (for compat with older ubuntu) - Additional apport package-hook - Autostart default bridged network (As upstream does, but not Debian). In addition to just enabling it our solution provides: + do not autostart if subnet is already taken (e.g. in guests). + iterate some alternative subnets before giving up - d/p/ubuntu/Allow-libvirt-group-to-access-the-socket.patch: This is the group based access to libvirt functions as it was used in Ubuntu for quite a long time. + d/p/ubuntu/daemon-augeas-fix-expected.patch fix some related tests due to the group access change. + d/libvirt-daemon-system.postinst: add users in sudo to the libvirt group. - Update README.Debian with Ubuntu changes - d/p/ubuntu/ubuntu_machine_type.patch: accept ubuntu types as pci440fx - fix autopkgtests (LP 1899180) + d/t/control, d/t/smoke-qemu-session: fixup smoke-qemu-session by making vmlinuz available and accessible (Debian bug 848314) + d/t/control: fix smoke-qemu-session by ensuring the service will run installing libvirt-daemon-system + d/t/smoke-lxc: fix smoke-lxc by ignoring potential issues on destroy as long as the following undefine succeeds + d/t/smoke-lxc: use systemd instead of sysV to restart the service + d/t/control, d/t/smoke-lxc: retry service restart and skip test if failing; This was flaky on some release/architectures + d/t/smoke-lxc: retry check_domain being flaky on arm64 - dnsmasq related enhancements + run dnsmasq as libvirt-dnsmasq (LP 1743718) + d/libvirt-daemon-system.postinst: add libvirt-dnsmasq user and group + d/libvirt-daemon-system.postrm: remove libvirt-dnsmasq user and group on purge + d/p/ubuntu/dnsmasq-as-priv-user: write dnsmasq config with user libvirt-dnsmasq and adapt the self tests to expect that config + d/libvirt-daemon-system.postinst: fix old libvirt-dnsmasq users group + Add dnsmasq configuration to work with system wide dnsmasq-base - d/p/ubuntu/set-default-machine-to-ubuntu.patch: to select default machine type correctly with newer qemu/libvirt - d/p/ubuntu/lp-1861125-ubuntu-models: recognize Ubuntu models for (LP 1861125) fixups - d/p/ubuntu/wait-for-qemu-kvm.patch - avoid hangs on startup (LP 1887592) - d/libvirt-daemon-system.libvirt-guests.default: shut guests down in parallel - Apparmor Delta that is Ubuntu specific or yet to be upstreamed split into logical pieces. File names in debian/patches/ubuntu-aa/: + 0020-virt-aa-helper-ubuntu-storage-paths.patch: apparmor, virt-aa-helper: Allow various storage pools and image locations + 0029-appmor-libvirt-qemu-Add-9p-support.patch: appmor, libvirt-qemu: Add 9p support + 0031-virt-aa-helper-Ask-for-no-deny-rule-for-readonly-dis.patch: virt-aa-helper: Ask for no deny rule for readonly disk + 0032-apparmor-libvirt-qemu-Allow-reading-charm-specific-c.patch: apparmor, libvirt-qemu: Allow reading charm-specific ceph config + 0033-UBUNTU-only-apparmor-for-kvm.powerpc-LP-1680384.patch: allow commands executed by ubuntu only kvm wrapper on ppc64el (LP 1686621 LP 1680384 LP 1784023) + 0034-apparmor-virt-aa-helper-access-for-snapped-nova.patch: apparmor, virt-aa-helper: access for snapped nova + lp-1815910-allow-vhost-hotplug.patch: avoid apparmor issues with vhost-net/vhost-vsock/vhost-scsi hotplug (LP 1815910) - libvirt should not use user/group tss for swtpm (LP 1948880) + d/libvirt-daemon-system.postinst: own swtpm logdir by user swtpm + d/p/u/swtpm-by-swtpm-user.patch: change default spawned swtpm processes to user swtpm and adapt expected self test result changes triggered by this + d/libvirt-daemon-system.postinst: create user/group swtpm if not present due to swtpm-tools (LP 1951975) - revert "libvirt-daemon-system: Drop polkit rules in legacy pkla format" because policykit-1 > 121 isn't yet ready to go to main in lunar. (LP #2008830) - d/control: Use libc6-dev instead of libc-dev as a build dependency - d/libvirt-clients.lintian-overrides: Add script-not-executable lintian override * Dropped changes: - d/p/CVE-2023-3750.patch: Remove - fixed upstream - revert "libvirt-daemon-system: Drop polkit rules in legacy pkla format" This has been restored to match Debian because policykit-1 is now at a version greater than 121 in mantic * Modified changes: - libvirt-uri.sh, d/rules: Automatically switch default libvirt URI for users via user profile (xen URI on dom0, qemu:///system otherwise) + Update: Set LIBVIRT_DEFAULT_URI to "qemu:///system" in all cases, do not set to "xen:///" (LP #2027838) -- Lena Voytek <email address hidden> Mon, 14 Aug 2023 14:16:30 -0700
Available diffs
- diff from 9.5.0-2ubuntu2 to 9.6.0-1ubuntu1 (286.0 KiB)
libvirt (8.0.0-1ubuntu7.7) jammy; urgency=medium * When attempting to launch a VM with SGX enabled, there is an error reported that prevents VMs from being launched. Backport fix that fixes the main cause of that issue, which is the QOM_CPU_PATH macro and qom-get behavior (LP: #1982896). - d/p/b/qemu-monitor-json-get-cpux86-data-unexport.patch - d/p/b/qemu-process-update-and-verify-cpu-refactor-cleanup.patch - d/p/b/qemu-monitor-do-not-hardcode-qom-path-of-first-cpu.patch - d/p/b/qemu-domain-store-qompath-in-qemudomainvcpuprivate.patch - d/p/b/qemu-process-move-cpu-flag-querying-after-code-probing-cpus.patch - d/p/b/qemu-process-move-call-to-qemuprocessrefreshcpu-after-cpu-probe.patch - d/p/b/qemu-process-do-not-use-hardcoded-qom-path-for-cpu-for-probing-flags.patch -- Michal Maloszewski <email address hidden> Fri, 04 Aug 2023 10:42:25 +0200
Available diffs
libvirt (9.5.0-2ubuntu2) mantic; urgency=medium * Merge from Debian Unstable. Remaining changes: - libvirt-uri.sh, d/rules: Automatically switch default libvirt URI for users via user profile (xen URI on dom0, qemu:///system otherwise) - Disable libssh2 support (universe dependency) - d/control: add libzfslinux-dev to build-deps - d/control: drop libvirt-lxc, vbox and xen drivers to suggest - debian/patches/ubuntu/ovmf_paths.patch: adjust paths to secboot.fd UEFI Secure Boot enabled variants of the OVMF firmware and variable store for the paths where we ship these files in Ubuntu. - Set qemu-group to kvm (for compat with older ubuntu) - Additional apport package-hook - Autostart default bridged network (As upstream does, but not Debian). In addition to just enabling it our solution provides: + do not autostart if subnet is already taken (e.g. in guests). + iterate some alternative subnets before giving up - d/p/ubuntu/Allow-libvirt-group-to-access-the-socket.patch: This is the group based access to libvirt functions as it was used in Ubuntu for quite a long time. + d/p/ubuntu/daemon-augeas-fix-expected.patch fix some related tests due to the group access change. + d/libvirt-daemon-system.postinst: add users in sudo to the libvirt group. - Update README.Debian with Ubuntu changes - d/p/ubuntu/ubuntu_machine_type.patch: accept ubuntu types as pci440fx - fix autopkgtests (LP 1899180) + d/t/control, d/t/smoke-qemu-session: fixup smoke-qemu-session by making vmlinuz available and accessible (Debian bug 848314) + d/t/control: fix smoke-qemu-session by ensuring the service will run installing libvirt-daemon-system + d/t/smoke-lxc: fix smoke-lxc by ignoring potential issues on destroy as long as the following undefine succeeds + d/t/smoke-lxc: use systemd instead of sysV to restart the service + d/t/control, d/t/smoke-lxc: retry service restart and skip test if failing; This was flaky on some release/architectures + d/t/smoke-lxc: retry check_domain being flaky on arm64 - dnsmasq related enhancements + run dnsmasq as libvirt-dnsmasq (LP: 1743718) + d/libvirt-daemon-system.postinst: add libvirt-dnsmasq user and group + d/libvirt-daemon-system.postrm: remove libvirt-dnsmasq user and group on purge + d/p/ubuntu/dnsmasq-as-priv-user: write dnsmasq config with user libvirt-dnsmasq and adapt the self tests to expect that config + d/libvirt-daemon-system.postinst: fix old libvirt-dnsmasq users group + Add dnsmasq configuration to work with system wide dnsmasq-base - d/p/ubuntu/set-default-machine-to-ubuntu.patch: to select default machine type correctly with newer qemu/libvirt - d/p/ubuntu/lp-1861125-ubuntu-models: recognize Ubuntu models for (LP 1861125) fixups - d/p/ubuntu/wait-for-qemu-kvm.patch - avoid hangs on startup (LP 1887592) - d/libvirt-daemon-system.libvirt-guests.default: shut guests down in parallel - Apparmor Delta that is Ubuntu specific or yet to be upstreamed split into logical pieces. File names in debian/patches/ubuntu-aa/: + 0020-virt-aa-helper-ubuntu-storage-paths.patch: apparmor, virt-aa-helper: Allow various storage pools and image locations + 0029-appmor-libvirt-qemu-Add-9p-support.patch: appmor, libvirt-qemu: Add 9p support + 0031-virt-aa-helper-Ask-for-no-deny-rule-for-readonly-dis.patch: virt-aa-helper: Ask for no deny rule for readonly disk + 0032-apparmor-libvirt-qemu-Allow-reading-charm-specific-c.patch: apparmor, libvirt-qemu: Allow reading charm-specific ceph config + 0033-UBUNTU-only-apparmor-for-kvm.powerpc-LP-1680384.patch: allow commands executed by ubuntu only kvm wrapper on ppc64el (LP 1686621 LP 1680384 LP 1784023) + 0034-apparmor-virt-aa-helper-access-for-snapped-nova.patch: apparmor, virt-aa-helper: access for snapped nova + lp-1815910-allow-vhost-net.patch: avoid apparmor issues with vhost-net/vhost-vsock/vhost-scsi hotplug (LP: 1815910) - libvirt should not use user/group tss for swtpm (LP 1948880) + d/libvirt-daemon-system.postinst: own swtpm logdir by user swtpm + d/p/u/swtpm-by-swtpm-user.patch: change default spawned swtpm processes to user swtpm and adapt expected self test result changes triggered by this + d/libvirt-daemon-system.postinst: create user/group swtpm if not present due to swtpm-tools (LP 1951975) - revert "libvirt-daemon-system: Drop polkit rules in legacy pkla format" because policykit-1 > 121 isn't yet ready to go to main in lunar. (LP: #2008830) - SECURITY UPDATE: denial of service via improper locking + debian/patches/CVE-2023-3750.patch: fix returning of locked objects from virStoragePoolObjListSearch in src/conf/virstorageobj.c. + CVE-2023-3750 * Dropped changes [upstream now]: - SECURITY UPDATE: DoS via memleak in SR-IOV PCI device capabilities + debian/patches/CVE-2023-2700.patch: resolve leak in virPCIVirtualFunctionList cleanup in src/util/virpci.c. + CVE-2023-2700
Available diffs
- diff from 9.0.0-2ubuntu3 to 9.5.0-2ubuntu2 (13.5 MiB)
- diff from 9.5.0-2ubuntu1 to 9.5.0-2ubuntu2 (1.6 KiB)
Superseded in mantic-proposed |
libvirt (9.5.0-2ubuntu1) mantic; urgency=medium * Merge from Debian Unstable. Remaining changes: - libvirt-uri.sh, d/rules: Automatically switch default libvirt URI for users via user profile (xen URI on dom0, qemu:///system otherwise) - Disable libssh2 support (universe dependency) - d/control: add libzfslinux-dev to build-deps - d/control: drop libvirt-lxc, vbox and xen drivers to suggest - debian/patches/ubuntu/ovmf_paths.patch: adjust paths to secboot.fd UEFI Secure Boot enabled variants of the OVMF firmware and variable store for the paths where we ship these files in Ubuntu. - Set qemu-group to kvm (for compat with older ubuntu) - Additional apport package-hook - Autostart default bridged network (As upstream does, but not Debian). In addition to just enabling it our solution provides: + do not autostart if subnet is already taken (e.g. in guests). + iterate some alternative subnets before giving up - d/p/ubuntu/Allow-libvirt-group-to-access-the-socket.patch: This is the group based access to libvirt functions as it was used in Ubuntu for quite a long time. + d/p/ubuntu/daemon-augeas-fix-expected.patch fix some related tests due to the group access change. + d/libvirt-daemon-system.postinst: add users in sudo to the libvirt group. - Update README.Debian with Ubuntu changes - d/p/ubuntu/ubuntu_machine_type.patch: accept ubuntu types as pci440fx - fix autopkgtests (LP 1899180) + d/t/control, d/t/smoke-qemu-session: fixup smoke-qemu-session by making vmlinuz available and accessible (Debian bug 848314) + d/t/control: fix smoke-qemu-session by ensuring the service will run installing libvirt-daemon-system + d/t/smoke-lxc: fix smoke-lxc by ignoring potential issues on destroy as long as the following undefine succeeds + d/t/smoke-lxc: use systemd instead of sysV to restart the service + d/t/control, d/t/smoke-lxc: retry service restart and skip test if failing; This was flaky on some release/architectures + d/t/smoke-lxc: retry check_domain being flaky on arm64 - dnsmasq related enhancements + run dnsmasq as libvirt-dnsmasq (LP: 1743718) + d/libvirt-daemon-system.postinst: add libvirt-dnsmasq user and group + d/libvirt-daemon-system.postrm: remove libvirt-dnsmasq user and group on purge + d/p/ubuntu/dnsmasq-as-priv-user: write dnsmasq config with user libvirt-dnsmasq and adapt the self tests to expect that config + d/libvirt-daemon-system.postinst: fix old libvirt-dnsmasq users group + Add dnsmasq configuration to work with system wide dnsmasq-base - d/p/ubuntu/set-default-machine-to-ubuntu.patch: to select default machine type correctly with newer qemu/libvirt - d/p/ubuntu/lp-1861125-ubuntu-models: recognize Ubuntu models for (LP 1861125) fixups - d/p/ubuntu/wait-for-qemu-kvm.patch - avoid hangs on startup (LP 1887592) - d/libvirt-daemon-system.libvirt-guests.default: shut guests down in parallel - Apparmor Delta that is Ubuntu specific or yet to be upstreamed split into logical pieces. File names in debian/patches/ubuntu-aa/: + 0020-virt-aa-helper-ubuntu-storage-paths.patch: apparmor, virt-aa-helper: Allow various storage pools and image locations + 0029-appmor-libvirt-qemu-Add-9p-support.patch: appmor, libvirt-qemu: Add 9p support + 0031-virt-aa-helper-Ask-for-no-deny-rule-for-readonly-dis.patch: virt-aa-helper: Ask for no deny rule for readonly disk + 0032-apparmor-libvirt-qemu-Allow-reading-charm-specific-c.patch: apparmor, libvirt-qemu: Allow reading charm-specific ceph config + 0033-UBUNTU-only-apparmor-for-kvm.powerpc-LP-1680384.patch: allow commands executed by ubuntu only kvm wrapper on ppc64el (LP 1686621 LP 1680384 LP 1784023) + 0034-apparmor-virt-aa-helper-access-for-snapped-nova.patch: apparmor, virt-aa-helper: access for snapped nova + lp-1815910-allow-vhost-net.patch: avoid apparmor issues with vhost-net/vhost-vsock/vhost-scsi hotplug (LP: 1815910) - libvirt should not use user/group tss for swtpm (LP 1948880) + d/libvirt-daemon-system.postinst: own swtpm logdir by user swtpm + d/p/u/swtpm-by-swtpm-user.patch: change default spawned swtpm processes to user swtpm and adapt expected self test result changes triggered by this + d/libvirt-daemon-system.postinst: create user/group swtpm if not present due to swtpm-tools (LP 1951975) - revert "libvirt-daemon-system: Drop polkit rules in legacy pkla format" because policykit-1 > 121 isn't yet ready to go to main in lunar. (LP: #2008830) - SECURITY UPDATE: denial of service via improper locking + debian/patches/CVE-2023-3750.patch: fix returning of locked objects from virStoragePoolObjListSearch in src/conf/virstorageobj.c. + CVE-2023-3750 * Dropped changes [upstream now]: - SECURITY UPDATE: DoS via memleak in SR-IOV PCI device capabilities + debian/patches/CVE-2023-2700.patch: resolve leak in virPCIVirtualFunctionList cleanup in src/util/virpci.c. + CVE-2023-2700
Available diffs
- diff from 9.0.0-2ubuntu3 to 9.5.0-2ubuntu1 (13.5 MiB)
libvirt (9.0.0-2ubuntu3) mantic; urgency=medium * SECURITY UPDATE: denial of service via improper locking - debian/patches/CVE-2023-3750.patch: fix returning of locked objects from virStoragePoolObjListSearch in src/conf/virstorageobj.c. - CVE-2023-3750 -- Marc Deslauriers <email address hidden> Tue, 25 Jul 2023 09:09:55 -0400
Available diffs
libvirt (9.0.0-2ubuntu1.2) lunar-security; urgency=medium * SECURITY UPDATE: denial of service via improper locking - debian/patches/CVE-2023-3750.patch: fix returning of locked objects from virStoragePoolObjListSearch in src/conf/virstorageobj.c. - CVE-2023-3750 -- Marc Deslauriers <email address hidden> Tue, 25 Jul 2023 09:11:54 -0400
Available diffs
libvirt (8.0.0-1ubuntu7.6) jammy; urgency=medium * d/p/u/lp-2024114-Avoid-memleak-in-virNodeDeviceGetPCIVPDDynamicCap.patch: fix memory leak PCI devices with VPD data (LP: #2024114) -- Rafael Lopez <email address hidden> Tue, 20 Jun 2023 11:54:15 +1000
Available diffs
libvirt (9.0.0-2ubuntu1.1) lunar-security; urgency=medium * SECURITY UPDATE: DoS via memleak in SR-IOV PCI device capabilities - debian/patches/CVE-2023-2700.patch: resolve leak in virPCIVirtualFunctionList cleanup in src/util/virpci.c. - CVE-2023-2700 -- Marc Deslauriers <email address hidden> Fri, 26 May 2023 10:05:18 -0400
Available diffs
libvirt (8.0.0-1ubuntu7.5) jammy-security; urgency=medium * SECURITY UPDATE: DoS via nwfilter driver - debian/patches/CVE-2022-0897.patch: fix crash when counting number of network filters in src/nwfilter/nwfilter_driver.c. - CVE-2022-0897 * SECURITY UPDATE: DoS via memleak in SR-IOV PCI device capabilities - debian/patches/CVE-2023-2700.patch: resolve leak in virPCIVirtualFunctionList cleanup in src/util/virpci.c. - CVE-2023-2700 -- Marc Deslauriers <email address hidden> Fri, 26 May 2023 10:08:33 -0400
Available diffs
libvirt (9.0.0-2ubuntu2) mantic; urgency=medium * SECURITY UPDATE: DoS via memleak in SR-IOV PCI device capabilities - debian/patches/CVE-2023-2700.patch: resolve leak in virPCIVirtualFunctionList cleanup in src/util/virpci.c. - CVE-2023-2700 -- Marc Deslauriers <email address hidden> Fri, 26 May 2023 10:05:18 -0400
Available diffs
libvirt (8.6.0-0ubuntu3.2) kinetic-security; urgency=medium * SECURITY UPDATE: DoS via memleak in SR-IOV PCI device capabilities - debian/patches/CVE-2023-2700.patch: resolve leak in virPCIVirtualFunctionList cleanup in src/util/virpci.c. - CVE-2023-2700 -- Marc Deslauriers <email address hidden> Fri, 26 May 2023 10:07:47 -0400
Available diffs
Superseded in mantic-release |
Published in lunar-release |
Deleted in lunar-proposed (Reason: Moved to lunar) |
libvirt (9.0.0-2ubuntu1) lunar; urgency=medium * Merge 9.0.0-2 from Debian unstable (LP: #1993412) Also resolved the ask for a rebuild against recent libxen (LP: #2004163) Remaining changes: - libvirt-uri.sh, d/rules: Automatically switch default libvirt URI for users via user profile (xen URI on dom0, qemu:///system otherwise) - Disable libssh2 support (universe dependency) - d/control: add libzfslinux-dev to build-deps - d/control: drop libvirt-lxc, vbox and xen drivers to suggest - debian/patches/ubuntu/ovmf_paths.patch: adjust paths to secboot.fd UEFI Secure Boot enabled variants of the OVMF firmware and variable store for the paths where we ship these files in Ubuntu. - Set qemu-group to kvm (for compat with older ubuntu) - Additional apport package-hook - Autostart default bridged network (As upstream does, but not Debian). In addition to just enabling it our solution provides: + do not autostart if subnet is already taken (e.g. in guests). + iterate some alternative subnets before giving up - d/p/ubuntu/Allow-libvirt-group-to-access-the-socket.patch: This is the group based access to libvirt functions as it was used in Ubuntu for quite a long time. + d/p/ubuntu/daemon-augeas-fix-expected.patch fix some related tests due to the group access change. + d/libvirt-daemon-system.postinst: add users in sudo to the libvirt group. - Update README.Debian with Ubuntu changes - d/p/ubuntu/ubuntu_machine_type.patch: accept ubuntu types as pci440fx - fix autopkgtests (LP 1899180) + d/t/control, d/t/smoke-qemu-session: fixup smoke-qemu-session by making vmlinuz available and accessible (Debian bug 848314) + d/t/control: fix smoke-qemu-session by ensuring the service will run installing libvirt-daemon-system + d/t/smoke-lxc: fix smoke-lxc by ignoring potential issues on destroy as long as the following undefine succeeds + d/t/smoke-lxc: use systemd instead of sysV to restart the service + d/t/control, d/t/smoke-lxc: retry service restart and skip test if failing; This was flaky on some release/architectures + d/t/smoke-lxc: retry check_domain being flaky on arm64 - dnsmasq related enhancements + run dnsmasq as libvirt-dnsmasq (LP: 1743718) + d/libvirt-daemon-system.postinst: add libvirt-dnsmasq user and group + d/libvirt-daemon-system.postrm: remove libvirt-dnsmasq user and group on purge + d/p/ubuntu/dnsmasq-as-priv-user: write dnsmasq config with user libvirt-dnsmasq and adapt the self tests to expect that config + d/libvirt-daemon-system.postinst: fix old libvirt-dnsmasq users group + Add dnsmasq configuration to work with system wide dnsmasq-base - d/p/ubuntu/set-default-machine-to-ubuntu.patch: to select default machine type correctly with newer qemu/libvirt - d/p/ubuntu/lp-1861125-ubuntu-models: recognize Ubuntu models for (LP 1861125) fixups - d/p/ubuntu/wait-for-qemu-kvm.patch - avoid hangs on startup (LP 1887592) - d/libvirt-daemon-system.libvirt-guests.default: shut guests down in parallel - Apparmor Delta that is Ubuntu specific or yet to be upstreamed split into logical pieces. File names in debian/patches/ubuntu-aa/: + 0020-virt-aa-helper-ubuntu-storage-paths.patch: apparmor, virt-aa-helper: Allow various storage pools and image locations + 0029-appmor-libvirt-qemu-Add-9p-support.patch: appmor, libvirt-qemu: Add 9p support + 0031-virt-aa-helper-Ask-for-no-deny-rule-for-readonly-dis.patch: virt-aa-helper: Ask for no deny rule for readonly disk + 0032-apparmor-libvirt-qemu-Allow-reading-charm-specific-c.patch: apparmor, libvirt-qemu: Allow reading charm-specific ceph config + 0033-UBUNTU-only-apparmor-for-kvm.powerpc-LP-1680384.patch: allow commands executed by ubuntu only kvm wrapper on ppc64el (LP 1686621 LP 1680384 LP 1784023) + 0034-apparmor-virt-aa-helper-access-for-snapped-nova.patch: apparmor, virt-aa-helper: access for snapped nova + lp-1815910-allow-vhost-net.patch: avoid apparmor issues with vhost-net/vhost-vsock/vhost-scsi hotplug (LP: 1815910) - libvirt should not use user/group tss for swtpm (LP 1948880) + d/libvirt-daemon-system.postinst: own swtpm logdir by user swtpm + d/p/u/swtpm-by-swtpm-user.patch: change default spawned swtpm processes to user swtpm and adapt expected self test result changes triggered by this + d/libvirt-daemon-system.postinst: create user/group swtpm if not present due to swtpm-tools (LP 1951975) * Dropped changes [upstream now]: - d/p/u/tests-Fix-libxlxml2domconfigtest-with-latest-xen.patch: fix FTBFS with latest libxl [v8.10.0] - d/p/u/fix-swtpm-pid-duplication.patch: Clean up swtpm pids after a vm shuts down (LP 1997269) [v8.7.0] - d/p/u/lp-1993304-apparmor-allow-getattr-on-usb-devices.patch: prevent apparmor denials on USB forwarding (LP 1993304) [v8.10.0] - d/p/u/lp-1996176-nodedev-ignore-EINVAL-from-libudev-in-udevEventHandl: tolerate the impact of too large udev data avoiding a busy loop (LP 1996176) [v8.10.0] - d/p/u/lp-1990499-virt-aa-helper-allow-common-riscv64-loader-paths.patch: easen the use of riscv64 through libvirt (LP 1990499) [v8.9.0] - d/p/u/lp-1990949-virpcivpd-reduce-errors-in-log-due-to-invalid-VPD.patch: reduce log noise by invalid VPD data (LP 1990949) [v8.7.0] * Dropped changes [in Debian now]: - [f35cf09] d/rules: update path of ci-dashboard removal [8.9.0-1] - [a54d904] New upstream version 8.6.0 [8.9.0-1] - patch refreshes and .symbols updated from 8.5.0 -> 8.6.0 [8.9.0-1] - d/control: suggest swtpm-tools [8.10.0-1] * Added changes: - revert "libvirt-daemon-system: Drop polkit rules in legacy pkla format" because policykit-1 > 121 isn't yet ready to go to main in lunar. (LP: #2008830)
Available diffs
- diff from 8.6.0-0ubuntu5 to 9.0.0-2ubuntu1 (3.0 MiB)
- diff from 9.0.0-1ubuntu1 to 9.0.0-2ubuntu1 (8.8 KiB)
Superseded in lunar-proposed |
libvirt (9.0.0-1ubuntu1) lunar; urgency=medium * Merge 9.0.0-1 from Debian testing (LP: #1993412) Also resolved the ask for a rebuild against recent libxen (LP: #2004163) Remaining changes: - libvirt-uri.sh, d/rules: Automatically switch default libvirt URI for users via user profile (xen URI on dom0, qemu:///system otherwise) - Disable libssh2 support (universe dependency) - d/control: add libzfslinux-dev to build-deps - d/control: drop libvirt-lxc, vbox and xen drivers to suggest - debian/patches/ubuntu/ovmf_paths.patch: adjust paths to secboot.fd UEFI Secure Boot enabled variants of the OVMF firmware and variable store for the paths where we ship these files in Ubuntu. - Set qemu-group to kvm (for compat with older ubuntu) - Additional apport package-hook - Autostart default bridged network (As upstream does, but not Debian). In addition to just enabling it our solution provides: + do not autostart if subnet is already taken (e.g. in guests). + iterate some alternative subnets before giving up - d/p/ubuntu/Allow-libvirt-group-to-access-the-socket.patch: This is the group based access to libvirt functions as it was used in Ubuntu for quite a long time. + d/p/ubuntu/daemon-augeas-fix-expected.patch fix some related tests due to the group access change. + d/libvirt-daemon-system.postinst: add users in sudo to the libvirt group. - Update README.Debian with Ubuntu changes - d/p/ubuntu/ubuntu_machine_type.patch: accept ubuntu types as pci440fx - fix autopkgtests (LP 1899180) + d/t/control, d/t/smoke-qemu-session: fixup smoke-qemu-session by making vmlinuz available and accessible (Debian bug 848314) + d/t/control: fix smoke-qemu-session by ensuring the service will run installing libvirt-daemon-system + d/t/smoke-lxc: fix smoke-lxc by ignoring potential issues on destroy as long as the following undefine succeeds + d/t/smoke-lxc: use systemd instead of sysV to restart the service + d/t/control, d/t/smoke-lxc: retry service restart and skip test if failing; This was flaky on some release/architectures + d/t/smoke-lxc: retry check_domain being flaky on arm64 - dnsmasq related enhancements + run dnsmasq as libvirt-dnsmasq (LP: 1743718) + d/libvirt-daemon-system.postinst: add libvirt-dnsmasq user and group + d/libvirt-daemon-system.postrm: remove libvirt-dnsmasq user and group on purge + d/p/ubuntu/dnsmasq-as-priv-user: write dnsmasq config with user libvirt-dnsmasq and adapt the self tests to expect that config + d/libvirt-daemon-system.postinst: fix old libvirt-dnsmasq users group + Add dnsmasq configuration to work with system wide dnsmasq-base - d/p/ubuntu/set-default-machine-to-ubuntu.patch: to select default machine type correctly with newer qemu/libvirt - d/p/ubuntu/lp-1861125-ubuntu-models: recognize Ubuntu models for (LP 1861125) fixups - d/p/ubuntu/wait-for-qemu-kvm.patch - avoid hangs on startup (LP 1887592) - d/libvirt-daemon-system.libvirt-guests.default: shut guests down in parallel - Apparmor Delta that is Ubuntu specific or yet to be upstreamed split into logical pieces. File names in debian/patches/ubuntu-aa/: + 0020-virt-aa-helper-ubuntu-storage-paths.patch: apparmor, virt-aa-helper: Allow various storage pools and image locations + 0029-appmor-libvirt-qemu-Add-9p-support.patch: appmor, libvirt-qemu: Add 9p support + 0031-virt-aa-helper-Ask-for-no-deny-rule-for-readonly-dis.patch: virt-aa-helper: Ask for no deny rule for readonly disk + 0032-apparmor-libvirt-qemu-Allow-reading-charm-specific-c.patch: apparmor, libvirt-qemu: Allow reading charm-specific ceph config + 0033-UBUNTU-only-apparmor-for-kvm.powerpc-LP-1680384.patch: allow commands executed by ubuntu only kvm wrapper on ppc64el (LP 1686621 LP 1680384 LP 1784023) + 0034-apparmor-virt-aa-helper-access-for-snapped-nova.patch: apparmor, virt-aa-helper: access for snapped nova + lp-1815910-allow-vhost-net.patch: avoid apparmor issues with vhost-net/vhost-vsock/vhost-scsi hotplug (LP: 1815910) - libvirt should not use user/group tss for swtpm (LP 1948880) + d/libvirt-daemon-system.postinst: own swtpm logdir by user swtpm + d/p/u/swtpm-by-swtpm-user.patch: change default spawned swtpm processes to user swtpm and adapt expected self test result changes triggered by this + d/libvirt-daemon-system.postinst: create user/group swtpm if not present due to swtpm-tools (LP 1951975) * Dropped changes [upstream now]: - d/p/u/tests-Fix-libxlxml2domconfigtest-with-latest-xen.patch: fix FTBFS with latest libxl [v8.10.0] - d/p/u/fix-swtpm-pid-duplication.patch: Clean up swtpm pids after a vm shuts down (LP 1997269) [v8.7.0] - d/p/u/lp-1993304-apparmor-allow-getattr-on-usb-devices.patch: prevent apparmor denials on USB forwarding (LP 1993304) [v8.10.0] - d/p/u/lp-1996176-nodedev-ignore-EINVAL-from-libudev-in-udevEventHandl: tolerate the impact of too large udev data avoiding a busy loop (LP 1996176) [v8.10.0] - d/p/u/lp-1990499-virt-aa-helper-allow-common-riscv64-loader-paths.patch: easen the use of riscv64 through libvirt (LP 1990499) [v8.9.0] - d/p/u/lp-1990949-virpcivpd-reduce-errors-in-log-due-to-invalid-VPD.patch: reduce log noise by invalid VPD data (LP 1990949) [v8.7.0] * Dropped changes [in Debian now]: - [f35cf09] d/rules: update path of ci-dashboard removal [8.9.0-1] - [a54d904] New upstream version 8.6.0 [8.9.0-1] - patch refreshes and .symbols updated from 8.5.0 -> 8.6.0 [8.9.0-1] - d/control: suggest swtpm-tools [8.10.0-1] -- Christian Ehrhardt <email address hidden> Wed, 08 Feb 2023 14:54:15 +0100
Available diffs
Superseded in lunar-proposed |
libvirt (8.6.0-0ubuntu6) lunar; urgency=medium * Rebuild against latest xen -- Jeremy Bicha <email address hidden> Sat, 04 Feb 2023 08:10:38 -0500
Available diffs
- diff from 8.6.0-0ubuntu5 to 8.6.0-0ubuntu6 (338 bytes)
Superseded in focal-proposed |
libvirt (6.0.0-0ubuntu8.17) focal; urgency=medium * d/p/u/lp-1989078-*.patch: allow arm64 to lock its OVMF/AAVMF resources (LP: #1989078) -- Christian Ehrhardt <email address hidden> Mon, 09 Jan 2023 08:48:16 +0100
Available diffs
libvirt (8.0.0-1ubuntu7.4) jammy; urgency=medium * d/p/u/lp-1993304-apparmor-allow-getattr-on-usb-devices.patch: prevent apparmor denials on USB forwarding (LP: #1993304) * d/p/u/lp-1996176-nodedev-ignore-EINVAL-from-libudev-in-udevEventHandl.patch: tolerate the impact of too large udev data avoiding a busy loop (LP: #1996176) -- Christian Ehrhardt <email address hidden> Tue, 22 Nov 2022 15:59:28 +0100
Available diffs
libvirt (8.6.0-0ubuntu3.1) kinetic; urgency=medium [ Lena Voytek ] * d/p/u/fix-swtpm-pid-duplication.patch: Clean up swtpm pids after a vm shuts down (LP: #1997269) [Christian Ehrhardt ] * d/p/u/lp-1993304-apparmor-allow-getattr-on-usb-devices.patch: prevent apparmor denials on USB forwarding (LP: #1993304) * d/p/u/lp-1996176-nodedev-ignore-EINVAL-from-libudev-in-udevEventHandl.patch: tolerate the impact of too large udev data avoiding a busy loop (LP: #1996176) -- Christian Ehrhardt <email address hidden> Tue, 22 Nov 2022 11:21:30 +0100
Available diffs
libvirt (8.6.0-0ubuntu5) lunar; urgency=medium * d/p/u/tests-Fix-libxlxml2domconfigtest-with-latest-xen.patch: fix FTBFS with latest libxl
Available diffs
- diff from 8.6.0-0ubuntu3 to 8.6.0-0ubuntu5 (4.9 KiB)
- diff from 8.6.0-0ubuntu4 to 8.6.0-0ubuntu5 (2.2 KiB)
Superseded in lunar-proposed |
libvirt (8.6.0-0ubuntu4) lunar; urgency=medium [ Lena Voytek ] * d/p/u/fix-swtpm-pid-duplication.patch: Clean up swtpm pids after a vm shuts down (LP: #1997269) [Christian Ehrhardt ] * d/p/u/lp-1993304-apparmor-allow-getattr-on-usb-devices.patch: prevent apparmor denials on USB forwarding (LP: #1993304) * d/p/u/lp-1996176-nodedev-ignore-EINVAL-from-libudev-in-udevEventHandl.patch: tolerate the impact of too large udev data avoiding a busy loop (LP: #1996176) -- Christian Ehrhardt <email address hidden> Tue, 22 Nov 2022 11:21:30 +0100
Available diffs
libvirt (8.0.0-1ubuntu7.3) jammy; urgency=medium * d/p/u/lp-1990499-virt-aa-helper-allow-common-riscv64-loader-paths.patch: easen the use of riscv64 through libvirt (LP: #1990499) -- Christian Ehrhardt <email address hidden> Tue, 04 Oct 2022 08:33:14 +0200
Available diffs
Superseded in lunar-release |
Obsolete in kinetic-release |
Deleted in kinetic-proposed (Reason: Moved to kinetic) |
libvirt (8.6.0-0ubuntu3) kinetic; urgency=medium * d/p/u/lp-1990499-virt-aa-helper-allow-common-riscv64-loader-paths.patch: easen the use of riscv64 through libvirt (LP: #1990499) * d/p/u/lp-1990949-virpcivpd-reduce-errors-in-log-due-to-invalid-VPD.patch: reduce log noise by invalid VPD data (LP: #1990949) -- Christian Ehrhardt <email address hidden> Tue, 04 Oct 2022 08:29:46 +0200
Available diffs
libvirt (8.6.0-0ubuntu2) kinetic; urgency=medium * d/p/libvirt-daemon-system.postinst: default network autostart handling needs to happen before services start (LP: #1990853) -- Christian Ehrhardt <email address hidden> Wed, 28 Sep 2022 08:36:15 +0200
Available diffs
- diff from 8.6.0-0ubuntu1 to 8.6.0-0ubuntu2 (723 bytes)
libvirt (8.0.0-1ubuntu7.2) jammy; urgency=medium * d/p/u/lp-1989078-apparmor-Allow-locking-AAVMF-firmware.patch: allow arm64 to lock its OVMF resources (LP: #1989078) -- Christian Ehrhardt <email address hidden> Thu, 08 Sep 2022 12:00:39 +0200
Available diffs
libvirt (8.6.0-0ubuntu1) kinetic; urgency=medium * Merge 8.0.0 from Debian unstable (LP: #1971289) Among many other fixes and improvements this fixes: - support for minor NFS versions (LP: #1980134) - launching VMs with SGX enabled (LP: #1982896) Remaining changes: - libvirt-uri.sh, d/rules: Automatically switch default libvirt URI for users via user profile (xen URI on dom0, qemu:///system otherwise) - Disable libssh2 support (universe dependency) - d/control: add libzfslinux-dev to build-deps - d/control: drop libvirt-lxc, vbox and xen drivers to suggest - debian/patches/ubuntu/ovmf_paths.patch: adjust paths to secboot.fd UEFI Secure Boot enabled variants of the OVMF firmware and variable store for the paths where we ship these files in Ubuntu. - Set qemu-group to kvm (for compat with older ubuntu) - Additional apport package-hook - Autostart default bridged network (As upstream does, but not Debian). In addition to just enabling it our solution provides: + do not autostart if subnet is already taken (e.g. in guests). + iterate some alternative subnets before giving up - d/p/ubuntu/Allow-libvirt-group-to-access-the-socket.patch: This is the group based access to libvirt functions as it was used in Ubuntu for quite a long time. + d/p/ubuntu/daemon-augeas-fix-expected.patch fix some related tests due to the group access change. + d/libvirt-daemon-system.postinst: add users in sudo to the libvirt group. - Update README.Debian with Ubuntu changes - d/p/ubuntu/ubuntu_machine_type.patch: accept ubuntu types as pci440fx - fix autopkgtests (LP 1899180) + d/t/control, d/t/smoke-qemu-session: fixup smoke-qemu-session by making vmlinuz available and accessible (Debian bug 848314) + d/t/control: fix smoke-qemu-session by ensuring the service will run installing libvirt-daemon-system + d/t/smoke-lxc: fix smoke-lxc by ignoring potential issues on destroy as long as the following undefine succeeds + d/t/smoke-lxc: use systemd instead of sysV to restart the service + d/t/control, d/t/smoke-lxc: retry service restart and skip test if failing; This was flaky on some release/architectures + d/t/smoke-lxc: retry check_domain being flaky on arm64 - dnsmasq related enhancements + run dnsmasq as libvirt-dnsmasq (LP: 1743718) + d/libvirt-daemon-system.postinst: add libvirt-dnsmasq user and group + d/libvirt-daemon-system.postrm: remove libvirt-dnsmasq user and group on purge + d/p/ubuntu/dnsmasq-as-priv-user: write dnsmasq config with user libvirt-dnsmasq and adapt the self tests to expect that config + d/libvirt-daemon-system.postinst: fix old libvirt-dnsmasq users group + Add dnsmasq configuration to work with system wide dnsmasq-base - d/p/ubuntu/set-default-machine-to-ubuntu.patch: to select default machine type correctly with newer qemu/libvirt - d/p/ubuntu/lp-1861125-ubuntu-models: recognize Ubuntu models for (LP 1861125) fixups - d/p/ubuntu/wait-for-qemu-kvm.patch - avoid hangs on startup (LP 1887592) - Apparmor Delta that is Ubuntu specific or yet to be upstreamed split into logical pieces. File names in debian/patches/ubuntu-aa/: + 0020-virt-aa-helper-ubuntu-storage-paths.patch: apparmor, virt-aa-helper: Allow various storage pools and image locations + 0029-appmor-libvirt-qemu-Add-9p-support.patch: appmor, libvirt-qemu: Add 9p support + 0031-virt-aa-helper-Ask-for-no-deny-rule-for-readonly-dis.patch: virt-aa-helper: Ask for no deny rule for readonly disk + 0032-apparmor-libvirt-qemu-Allow-reading-charm-specific-c.patch: apparmor, libvirt-qemu: Allow reading charm-specific ceph config + 0033-UBUNTU-only-apparmor-for-kvm.powerpc-LP-1680384.patch: allow commands executed by ubuntu only kvm wrapper on ppc64el (LP 1686621 LP 1680384 LP 1784023) + 0034-apparmor-virt-aa-helper-access-for-snapped-nova.patch: apparmor, virt-aa-helper: access for snapped nova + lp-1815910-allow-vhost-net.patch: avoid apparmor issues with vhost-net/vhost-vsock/vhost-scsi hotplug (LP: 1815910) - libvirt should not use user/group tss for swtpm (LP 1948880) + d/libvirt-daemon-system.postinst: own swtpm logdir by user swtpm + d/p/u/swtpm-by-swtpm-user.patch: change default spawned swtpm processes to user swtpm and adapt expected self test result changes triggered by this + d/control: suggest swtpm-tools + d/libvirt-daemon-system.postinst: create user/group swtpm if not present due to swtpm-tools (LP 1951975) * Dropped changes [upstream now]: - d/p/backport/qemuDomainSetupDisk-Initialize-targetPaths.patch to work in containers like LXD (without guest start would hang). [8.1.0] - d/p/backport/util-fix-syslog-facility-value.patch to ensure logs get passed to syslog/journal correctly. [8.1.0] - apparmor: Fix QEMU access for UEFI variable files. Backported from upstream master commit 7aec69b7fb9d0c. (Closes 1006324, LP 1962035) Refresh apparmor_profiles_local_include.patch to resolve the conflict. [8.2.0] - d/p/ubuntu-aa/0035-apparmor-separate-swtpm-rules.patch: Patch the libvirtd and libvirt-qemu apparmor profiles to allow swtpm to use its own profile (LP 1968187) [8.3.0] - d/p/u/lp-1972075-Allow-VM-to-read-sysfs-PCI-config-revision-files.patch: apparmor allow new paths used for GL accelerated video (LP 1972075) [8.4.0] * Dropped changes [no more needed]: - d/control: breaks replaces for augeas lenses move in 6.0.0-1 * Added changes: - parallel-shutdown: upstream no more ships libvirt-guests defaults, so the Ubuntu customization of it moved to the file replacing it added in 8.1.0-1 now in d/libvirt-daemon-system.libvirt-guests.default replacing the former "d/p/u/parallel-shutdown.patch: set parallel shutdown by default." - update patches to match 8.6.0 + d/p/u-aa/0032-apparmor-libvirt-qemu-Allow-reading-charm-specific-c.patch + d/p/u/Allow-libvirt-group-to-access-the-socket.patch + d/p/u-aa/lp-1815910-allow-vhost-hotplug.patch + d/p/u/ovmf_paths.patch + d/p/u/swtpm-by-swtpm-user.patch + d/p/u/dnsmasq-as-priv-user
Available diffs
libvirt (8.0.0-1ubuntu7.1) jammy; urgency=medium * d/p/u/lp-1972075-Allow-VM-to-read-sysfs-PCI-config-revision-files.patch: apparmor allow new paths used for GL accelerated video (LP: #1972075) -- Christian Ehrhardt <email address hidden> Thu, 19 May 2022 08:14:48 +0200
Available diffs
libvirt (8.0.0-1ubuntu8) kinetic; urgency=medium * d/p/u/lp-1972075-Allow-VM-to-read-sysfs-PCI-config-revision-files.patch: apparmor allow new paths used for GL accelerated video (LP: #1972075) -- Christian Ehrhardt <email address hidden> Thu, 19 May 2022 08:14:48 +0200
Available diffs
libvirt (7.6.0-0ubuntu1.2) impish-security; urgency=medium * SECURITY UPDATE: DoS via libxl driver - debian/patches/CVE-2021-4147-1.patch: disable death events after receiving a shutdown event in src/libxl/libxl_domain.c, src/libxl/libxl_domain.h. - debian/patches/CVE-2021-4147-2.patch: rename libxlShutdownThreadInfo struct in src/libxl/libxl_domain.c. - debian/patches/CVE-2021-4147-3.patch: modify name of shutdown thread in src/libxl/libxl_domain.c. - debian/patches/CVE-2021-4147-4.patch: handle domain death events in a thread in src/libxl/libxl_domain.c. - debian/patches/CVE-2021-4147-5.patch: search for virDomainObj in event handler threads in src/libxl/libxl_domain.c. - debian/patches/CVE-2021-4147-6pre1.patch: avoid virHashFree by rearranging code in src/libxl/libxl_logger.c. - debian/patches/CVE-2021-4147-6.patch: protect access to libxlLogger files hash table in src/libxl/libxl_logger.c. - CVE-2021-4147 * SECURITY UPDATE: DoS via nwfilter driver - debian/patches/CVE-2022-0897.patch: fix crash when counting number of network filters in src/nwfilter/nwfilter_driver.c. - CVE-2022-0897 -- Marc Deslauriers <email address hidden> Wed, 20 Apr 2022 09:34:13 -0400
Available diffs
libvirt (4.0.0-1ubuntu8.21) bionic-security; urgency=medium * SECURITY UPDATE: crash via double-free memory issue - debian/patches/CVE-2020-25637-1.patch: gendispatch: handle empty flags in src/rpc/gendispatch.pl. - debian/patches/CVE-2020-25637-2.patch: add support for filtering @acls by uint params in src/remote/remote_protocol.x, src/rpc/gendispatch.pl. - debian/patches/CVE-2020-25637-3.patch: require write acl for guest agent in src/libxl/libxl_driver.c, src/qemu/qemu_driver.c, src/remote/remote_protocol.x. - debian/patches/CVE-2020-25637-4.patch: set ifname to NULL after freeing in src/qemu/qemu_agent.c. - CVE-2020-25637 * SECURITY UPDATE: sVirt SELinux confinement flaw - debian/patches/CVE-2021-3631.patch: fix SELinux label generation logic in src/security/security_selinux.c. - CVE-2021-3631 * SECURITY UPDATE: segmentation fault during VM shutdown - debian/patches/CVE-2021-3975.patch: add missing lock in qemuProcessHandleMonitorEOF in src/qemu/qemu_process.c. - CVE-2021-3975 * SECURITY UPDATE: DoS via libxl driver - debian/patches/CVE-2021-4147-pre0.patch: handle external domain destroy in src/libxl/libxl_domain.c, src/libxl/libxl_domain.h. - debian/patches/CVE-2021-4147-pre1.patch: fix domain shutdown in src/libxl/libxl_domain.c. - debian/patches/CVE-2021-4147-1.patch: disable death events after receiving a shutdown event in src/libxl/libxl_domain.c, src/libxl/libxl_domain.h. - debian/patches/CVE-2021-4147-2.patch: rename libxlShutdownThreadInfo struct in src/libxl/libxl_domain.c. - debian/patches/CVE-2021-4147-3.patch: modify name of shutdown thread in src/libxl/libxl_domain.c. - debian/patches/CVE-2021-4147-4.patch: handle domain death events in a thread in src/libxl/libxl_domain.c. - debian/patches/CVE-2021-4147-5.patch: search for virDomainObj in event handler threads in src/libxl/libxl_domain.c. - debian/patches/CVE-2021-4147-6pre1.patch: avoid virHashFree by rearranging code in src/libxl/libxl_logger.c. - debian/patches/CVE-2021-4147-6.patch: protect access to libxlLogger files hash table in src/libxl/libxl_logger.c. - CVE-2021-4147 * SECURITY UPDATE: DoS via nwfilter driver - debian/patches/CVE-2022-0897.patch: fix crash when counting number of network filters in src/nwfilter/nwfilter_driver.c. - CVE-2022-0897 -- Marc Deslauriers <email address hidden> Wed, 20 Apr 2022 13:18:06 -0400
Available diffs
libvirt (6.0.0-0ubuntu8.16) focal-security; urgency=medium * SECURITY UPDATE: crash via double-free memory issue - debian/patches/CVE-2020-25637-1.patch: gendispatch: handle empty flags in src/rpc/gendispatch.pl. - debian/patches/CVE-2020-25637-2.patch: add support for filtering @acls by uint params in src/remote/remote_protocol.x, src/rpc/gendispatch.pl. - debian/patches/CVE-2020-25637-3.patch: require write acl for guest agent in src/libxl/libxl_driver.c, src/qemu/qemu_driver.c, src/remote/remote_protocol.x. - debian/patches/CVE-2020-25637-4.patch: set ifname to NULL after freeing in src/qemu/qemu_agent.c. - CVE-2020-25637 * SECURITY UPDATE: sVirt SELinux confinement flaw - debian/patches/CVE-2021-3631.patch: fix SELinux label generation logic in src/security/security_selinux.c. - CVE-2021-3631 * SECURITY UPDATE: improper locking issue - debian/patches/CVE-2021-3667.patch: unlock object on ACL fail in src/storage/storage_driver.c. - CVE-2021-3667 * SECURITY UPDATE: segmentation fault during VM shutdown - debian/patches/CVE-2021-3975.patch: add missing lock in qemuProcessHandleMonitorEOF in src/qemu/qemu_process.c. - CVE-2021-3975 * SECURITY UPDATE: DoS via libxl driver - debian/patches/CVE-2021-4147-pre1.patch: fix domain shutdown in src/libxl/libxl_domain.c. - debian/patches/CVE-2021-4147-1.patch: disable death events after receiving a shutdown event in src/libxl/libxl_domain.c, src/libxl/libxl_domain.h. - debian/patches/CVE-2021-4147-2.patch: rename libxlShutdownThreadInfo struct in src/libxl/libxl_domain.c. - debian/patches/CVE-2021-4147-3.patch: modify name of shutdown thread in src/libxl/libxl_domain.c. - debian/patches/CVE-2021-4147-4.patch: handle domain death events in a thread in src/libxl/libxl_domain.c. - debian/patches/CVE-2021-4147-5.patch: search for virDomainObj in event handler threads in src/libxl/libxl_domain.c. - debian/patches/CVE-2021-4147-6pre1.patch: avoid virHashFree by rearranging code in src/libxl/libxl_logger.c. - debian/patches/CVE-2021-4147-6.patch: protect access to libxlLogger files hash table in src/libxl/libxl_logger.c. - CVE-2021-4147 * SECURITY UPDATE: DoS via nwfilter driver - debian/patches/CVE-2022-0897.patch: fix crash when counting number of network filters in src/nwfilter/nwfilter_driver.c. - CVE-2022-0897 -- Marc Deslauriers <email address hidden> Wed, 20 Apr 2022 11:31:12 -0400
Available diffs
Superseded in kinetic-release |
Published in jammy-release |
Deleted in jammy-proposed (Reason: Moved to jammy) |
libvirt (8.0.0-1ubuntu7) jammy; urgency=medium * d/p/ubuntu-aa/0035-apparmor-separate-swtpm-rules.patch: Patch the libvirtd and libvirt-qemu apparmor profiles to allow swtpm to use its own profile (LP: #1968187) -- Lena Voytek <email address hidden> Tue, 12 Apr 2022 10:04:05 -0700
Available diffs
libvirt (8.0.0-1ubuntu6) jammy; urgency=medium * d/control: recommend swtpm-tools (LP: #1948748) -- Christian Ehrhardt <email address hidden> Mon, 04 Apr 2022 07:30:15 +0200
Available diffs
- diff from 8.0.0-1ubuntu5 to 8.0.0-1ubuntu6 (616 bytes)
libvirt (8.0.0-1ubuntu5) jammy; urgency=medium * apparmor: Fix QEMU access for UEFI variable files. Backported from upstream master commit 7aec69b7fb9d0c. (Closes: #1006324, LP: #1962035) Refresh apparmor_profiles_local_include.patch to resolve the conflict. -- Martin Pitt <email address hidden> Wed, 09 Mar 2022 13:43:40 +0100
Available diffs
libvirt (8.0.0-1ubuntu4) jammy; urgency=medium * No-change rebuild against libwireshark15. -- Steve Langasek <email address hidden> Mon, 07 Mar 2022 18:34:34 +0000
Available diffs
- diff from 8.0.0-1ubuntu3 to 8.0.0-1ubuntu4 (342 bytes)
libvirt (8.0.0-1ubuntu3) jammy; urgency=medium * Revert "d/rules, d/libvirt-daemon-system.{postinst,prerm}: never stop system services and sockets." Due to the fix being in debhelper we no more need this mitigation now. (LP: #1959054)
Available diffs
- diff from 7.6.0-0ubuntu3 to 8.0.0-1ubuntu3 (2.7 MiB)
- diff from 8.0.0-1ubuntu2 to 8.0.0-1ubuntu3 (1.8 KiB)
Superseded in jammy-proposed |
libvirt (8.0.0-1ubuntu2) jammy; urgency=medium * No-change rebuild to update maintainer scripts, see LP: 1959054 -- Dave Jones <email address hidden> Wed, 16 Feb 2022 17:04:47 +0000
Available diffs
- diff from 8.0.0-1ubuntu1 to 8.0.0-1ubuntu2 (348 bytes)
Superseded in jammy-proposed |
libvirt (8.0.0-1ubuntu1) jammy; urgency=medium * Merge 8.0.0 from Debian unstable (LP: #1946869) Among many other fixes and improvements this fixes ceph usage in regard to apparmor (LP: #1588576) Remaining changes: - libvirt-uri.sh: Automatically switch default libvirt URI for users via user profile (xen URI on dom0, qemu:///system otherwise) [contains lintian fixups of 6.6.0-1ubuntu1] - Disable libssh2 support (universe dependency) - d/control: add libzfslinux-dev to build-deps - d/control: drop libvirt-lxc, vbox and xen drivers to suggest - d/control: breaks replaces for augeas lenses move in 6.0.0-1 (follows Debian, droppable >22.04) - debian/patches/ubuntu/ovmf_paths.patch: adjust paths to secboot.fd UEFI Secure Boot enabled variants of the OVMF firmware and variable store for the paths where we ship these files in Ubuntu. - Set qemu-group to kvm (for compat with older ubuntu) - Additional apport package-hook - Autostart default bridged network (As upstream does, but not Debian). In addition to just enabling it our solution provides: + do not autostart if subnet is already taken (e.g. in guests). + iterate some alternative subnets before giving up - d/p/ubuntu/Allow-libvirt-group-to-access-the-socket.patch: This is the group based access to libvirt functions as it was used in Ubuntu for quite a long time. + d/p/ubuntu/daemon-augeas-fix-expected.patch fix some related tests due to the group access change. + d/libvirt-daemon-system.postinst: add users in sudo to the libvirt group. - d/p/u/parallel-shutdown.patch: set parallel shutdown by default. - Update README.Debian with Ubuntu changes - d/p/ubuntu/ubuntu_machine_type.patch: accept ubuntu types as pci440fx - fix autopkgtests (LP 1899180) + d/t/control, d/t/smoke-qemu-session: fixup smoke-qemu-session by making vmlinuz available and accessible (Debian bug 848314) + d/t/control: fix smoke-qemu-session by ensuring the service will run installing libvirt-daemon-system + d/t/smoke-lxc: fix smoke-lxc by ignoring potential issues on destroy as long as the following undefine succeeds + d/t/smoke-lxc: use systemd instead of sysV to restart the service + d/t/control, d/t/smoke-lxc: retry service restart and skip test if failing; This was flaky on some release/architectures + d/t/smoke-lxc: retry check_domain being flaky on arm64 - dnsmasq related enhancements [now contains dnsmasq-as-priv-user of 6.6.0-1ubuntu1] + run dnsmasq as libvirt-dnsmasq (LP: 1743718) + d/libvirt-daemon-system.postinst: add libvirt-dnsmasq user and group + d/libvirt-daemon-system.postrm: remove libvirt-dnsmasq user and group on purge + d/p/ubuntu/dnsmasq-as-priv-user: write dnsmasq config with user libvirt-dnsmasq and adapt the self tests to expect that config + d/libvirt-daemon-system.postinst: fix old libvirt-dnsmasq users group + Add dnsmasq configuration to work with system wide dnsmasq-base - d/p/ubuntu/set-default-machine-to-ubuntu.patch: to select default machine type correctly with newer qemu/libvirt - d/p/ubuntu/lp-1861125-ubuntu-models: recognize Ubuntu models for (LP 1861125) fixups - d/p/ubuntu/wait-for-qemu-kvm.patch - avoid hangs on startup (LP 1887592) - Apparmor Delta that is Ubuntu specific or yet to be upstreamed split into logical pieces. File names in debian/patches/ubuntu-aa/: + 0020-virt-aa-helper-ubuntu-storage-paths.patch: apparmor, virt-aa-helper: Allow various storage pools and image locations + 0029-appmor-libvirt-qemu-Add-9p-support.patch: appmor, libvirt-qemu: Add 9p support + 0031-virt-aa-helper-Ask-for-no-deny-rule-for-readonly-dis.patch: virt-aa-helper: Ask for no deny rule for readonly disk (renamed and reworded, was virt-aa-helper-no-explicity-deny-for-basefiles.patch) + 0032-apparmor-libvirt-qemu-Allow-reading-charm-specific-c.patch: apparmor, libvirt-qemu: Allow reading charm-specific ceph config + 0033-UBUNTU-only-apparmor-for-kvm.powerpc-LP-1680384.patch: allow commands executed by ubuntu only kvm wrapper on ppc64el (LP 1686621 LP 1680384 LP 1784023) + 0034-apparmor-virt-aa-helper-access-for-snapped-nova.patch: apparmor, virt-aa-helper: access for snapped nova + lp-1815910-allow-vhost-net.patch: avoid apparmor issues with vhost-net/vhost-vsock/vhost-scsi hotplug (LP: 1815910) - libvirt should not use user/group tss for swtpm (LP 1948880) + d/libvirt-daemon-system.postinst: own swtpm logdir by user swtpm + d/p/u/swtpm-by-swtpm-user.patch: change default spawned swtpm processes to user swtpm + d/p/u/swtpm-by-swtpm-user.patch: adapt expected self test results + d/control: suggest swtpm-tools + d/libvirt-daemon-system.postinst: create user/group swtpm if not present due to swtpm-tools (LP 1951975) * Dropped changes [in Debian now]: - d/control: add libtirpc for rpc.h with glibc >=2.32 - various patch refreshes and .symbols updated from 7.0.0 - 7.6.0 - debian/rules: disable the netcf backend. (LP: 1764314) - d/libvirt-clients.install: completions no more are symlinked to vsh - d/rules: disable the now auto-built vstorage backend - not-installed: split daemon man pages are no yet installed - d/rules: disable the new Cloud Hypervisor driver - d/rules: enable more features explicitly - d/rules: use apparmor_profiles=enabled instead of the now rejected value true - rules: Explicitly set remote_default_mode - rules: Rework installation of AppArmor-related files - d/control, d/rules: enable libssh (LP 1939416) * Dropped changes [upstream now]: - d/p/u/lp-1913266-*: add vsock options to be usable with s390x secure execution (LP 1913266) - d/p/u/lp-1927519-virt-aa-helper-Purge-profile-if-corrupted.patch: avoid issues due to corrupted apparmor profiles (LP 1927519) - Toleration for qemu >=6.0 handling of props (LP 1932264) - Persistent vfio-ccw device assignments (LP 1887929) * Dropped changes [no more needed]: - remove Debian debian/Revert-m4-virt-xdr-rewrite-XDR-check.patch as with recent ubuntu glibx 2.32 it is breaking the build - update d/p/debian/Revert-m4-virt-xdr-rewrite-XDR-check.patch: to detect XDR functions from glibc - d/t/smoke-lxc: skip before systemd 248 due to a known bug (LP 1934966) - d/t/smoke-lxc: skip if cgroup v1&v2 are present (systemd 248 was not enough) * Added changes: - d/p/u/dnsmasq-as-priv-user: update for 8.0.0 - Add recent upstream fixes to 8.0 + d/p/backport/qemuDomainSetupDisk-Initialize-targetPaths.patch to work in containers like LXD (without guest start would hang). + d/p/backport/util-fix-syslog-facility-value.patch to ensure logs get passed to syslog/journal correctly. - d/rules, d/libvirt-daemon-system.{postinst,postrm}: never stop libvirt system services and sockets (LP: #1959054). This allows to unblock some transitions that wait on libvirt now; The intention is that it is fixed in debhelper and libvirt reverts this change before jammy release.
Available diffs
libvirt (7.6.0-0ubuntu3) jammy; urgency=medium * d/libvirt-daemon-system.postinst: create user/group swtpm if not present due to swtpm-tools (LP: #1951975) -- Christian Ehrhardt <email address hidden> Wed, 24 Nov 2021 07:50:53 +0100
Available diffs
- diff from 7.6.0-0ubuntu1 to 7.6.0-0ubuntu3 (3.3 KiB)
- diff from 7.6.0-0ubuntu2 to 7.6.0-0ubuntu3 (750 bytes)
libvirt (4.0.0-1ubuntu8.20) bionic; urgency=medium * d/p/u/lp-1927519-virt-aa-helper-Purge-profile-if-corrupted.patch: avoid issues due to corrupted apparmor profiles (LP: #1927519) * d/p/u/skip-new-pdwtags.patch: avoid issues with backported dwarves 1.21 (LP: #1951438) -- Christian Ehrhardt <email address hidden> Thu, 18 Nov 2021 10:24:01 +0100
Available diffs
libvirt (6.0.0-0ubuntu8.15) focal; urgency=medium * d/p/u/lp-1927519-virt-aa-helper-Purge-profile-if-corrupted.patch: avoid issues due to corrupted apparmor profiles (LP: #1927519) -- Christian Ehrhardt <email address hidden> Thu, 18 Nov 2021 10:23:11 +0100
Available diffs
libvirt (7.0.0-2ubuntu2.2) hirsute; urgency=medium * d/p/u/lp-1927519-virt-aa-helper-Purge-profile-if-corrupted.patch: avoid issues due to corrupted apparmor profiles (LP: #1927519) -- Christian Ehrhardt <email address hidden> Thu, 18 Nov 2021 10:22:28 +0100
Available diffs
libvirt (7.6.0-0ubuntu1.1) impish; urgency=medium * d/p/u/lp-1927519-virt-aa-helper-Purge-profile-if-corrupted.patch: avoid issues due to corrupted apparmor profiles (LP: #1927519) -- Christian Ehrhardt <email address hidden> Thu, 18 Nov 2021 10:19:58 +0100
Available diffs
Superseded in jammy-proposed |
libvirt (7.6.0-0ubuntu2) jammy; urgency=medium * d/p/u/lp-1927519-virt-aa-helper-Purge-profile-if-corrupted.patch: avoid issues due to corrupted apparmor profiles (LP: #1927519) * libvirt should not use user/group tss for swtpm (LP: #1948880) - d/libvirt-daemon-system.postinst: own swtpm logdir by user swtpm - d/p/u/swtpm-by-swtpm-user.patch: change default spawned swtpm processes to user swtpm - d/p/u/swtpm-by-swtpm-user.patch: adapt expected self test results - d/control: suggest swtpm-tools -- Christian Ehrhardt <email address hidden> Thu, 11 Nov 2021 12:11:38 +0100
Available diffs
libvirt (6.0.0-0ubuntu8.14) focal; urgency=medium * Fixup backport of "util: Add phys_port_name support on virPCIGetNetName" to include the incorrectly removed "firstEntryName = NULL;" line, which caused a regression bringing up network pools. (LP: #1943481) - d/p/u/lp-1892132-Add-phys_port_name-support-on-virPCIGetNetName.patch -- Matthew Ruffell <email address hidden> Tue, 14 Sep 2021 14:00:49 +1200
Available diffs
- diff from 6.0.0-0ubuntu8.13 to 6.0.0-0ubuntu8.14 (762 bytes)
Superseded in jammy-release |
Obsolete in impish-release |
Deleted in impish-proposed (Reason: Moved to impish) |
libvirt (7.6.0-0ubuntu1) impish; urgency=medium * Merge v7.6.0 from upstream and unreleased changes from Debian git. Among other bugs this fixes copy-storage-inc based migrations (LP: #1936778) - New upstream version 7.5.0 - New upstream version 7.6.0 - symbols: Bump symbol versions - refresh d/p/debian/Set-defaults-for-zfs-tools.patch for v7.5.0 - patches: Refresh patches - d/rules: disable the new Cloud Hypervisor driver - d/rules: enable more features explicitly - d/rules: use apparmor_profiles=enabled instead of the now rejected value true - update d/p/debian/Revert-m4-virt-xdr-rewrite-XDR-check.patch: to detect XDR functions from glibc * d/control, d/rules: enable libssh (LP: #1939416) * refresh ubuntu patches for v7.6.0 * Further fixups for v7.6.0 (thanks to Andrea Bolognani) - rules: Explicitly set remote_default_mode - rules: Rework installation of AppArmor-related files -- Christian Ehrhardt <email address hidden> Wed, 11 Aug 2021 08:11:16 +0200
Available diffs
- diff from 7.4.0-0ubuntu3 to 7.6.0-0ubuntu1 (792.8 KiB)
libvirt (7.0.0-2ubuntu2.1) hirsute; urgency=medium * Add support for switchdev NICs that link representor ports to parent PCI device. (LP: #1892132) - d/p/u/lp-1892132-Add-phys_port_name-support-on-virPCIGetNetName.patch - d/p/u/lp-1892132-add-virNetDevGetPhysPortName.patch -- Frode Nordahl <email address hidden> Fri, 16 Jul 2021 05:16:36 +0000
Available diffs
libvirt (6.0.0-0ubuntu8.13) focal; urgency=medium * Add support for switchdev NICs that link representor ports to parent PCI device. (LP: #1892132) - d/p/u/lp-1892132-Add-phys_port_name-support-on-virPCIGetNetName.patch - d/p/u/lp-1892132-add-virNetDevGetPhysPortName.patch -- Frode Nordahl <email address hidden> Fri, 16 Jul 2021 05:16:36 +0000
Available diffs
libvirt (6.0.0-0ubuntu8.12) focal; urgency=medium * d/p/u/lp-1929202-*: fix pre-creation of images during migration (LP: #1929202) -- Christian Ehrhardt <email address hidden> Tue, 20 Jul 2021 14:13:56 +0200
Available diffs
libvirt (7.4.0-0ubuntu3) impish; urgency=medium * d/t/smoke-lxc: skip if cgroup v1&v2 are present (systemd 248 was not enough)
Available diffs
- diff from 7.0.0-2ubuntu2 to 7.4.0-0ubuntu3 (6.8 MiB)
- diff from 7.4.0-0ubuntu2 to 7.4.0-0ubuntu3 (940 bytes)
Superseded in impish-proposed |
libvirt (7.4.0-0ubuntu2) impish; urgency=medium * d/t/smoke-lxc: skip before systemd 248 due to a known bug (LP: #1934966)
Available diffs
- diff from 7.4.0-0ubuntu1 to 7.4.0-0ubuntu2 (803 bytes)
Superseded in impish-proposed |
libvirt (7.4.0-0ubuntu1) impish; urgency=medium * Merge v7.4.0 from upstream, among a lot of new features and fixes this closes a few of issues reported against Ubuntu - Toleration for qemu >=6.0 handling of props (LP: #1932264) - Persistent vfio-ccw device assignments (LP: #1887929) - Drop patches that are upstream in v7.4.0 - d/p/b/meson-Fix-cross-building-of-dtrace-probes.patch - d/p/b/apparmor-let-image-label-setting-loop-over-backing-files.patch - d/p/r/systemd-Revert-remote-Add-libvirtd-dependency-to-virt-gue.patch - d/p/u/lp-1913266-*: add vsock options to be usable with s390x - d/p/u/lp-1921754-*: EPYC-Rome-v2 - d/p/u/lp-1921880-*: EPYC-Milan - d/libvirt-clients.install: completions no more are symlinked to vsh - Revert "disable firewalld support (universe dependency)" This does not add a runtime dependency and while firewalld isn't in main that way users can install and use it from universe. (LP: #1928113) - d/libvirt0.symbols: bump symbol versions for 7.4.0 - d/rules: disable the now auto-built vstorage backend - not-installed: split daemon man pages are no yet installed -- Christian Ehrhardt <email address hidden> Thu, 17 Jun 2021 10:33:27 +0200
Available diffs
libvirt (6.0.0-0ubuntu8.11) focal; urgency=medium * d/p/ubuntu/lp-1906266-virStorageFileGetMetadataRecurse-Allow-format-probin: relax restrictions on format probing for compat with older images (LP: #1906266) -- Christian Ehrhardt <email address hidden> Tue, 05 Jan 2021 13:48:48 +0100
Available diffs
libvirt (6.0.0-0ubuntu8.10) focal; urgency=medium * d/p/ubuntu-aa/lp-1890858-unix-socket.patch: avoid issues of some users to connect to libvirtd (LP: #1890858) -- Christian Ehrhardt <email address hidden> Mon, 14 Jun 2021 14:36:04 +0200
Available diffs
libvirt (6.0.0-0ubuntu8.9) focal; urgency=medium * d/p/u/lp-1921754*: add EPYC-Rome-v2 as v1 missed IBRS and thereby fails on some HW/Guest combinations e.g. Windows 10 on Threadripper (LP: #1921754) * d/p/u/lp-1921880*: add EPYC-Milan features and named cpu type support (LP: #1921880) * d/p/u/lp-1922907: add ability to parse cpu stepping and thereby correctly differentiate skylake and cascadelake chips (LP: #1922907) -- Christian Ehrhardt <email address hidden> Wed, 07 Apr 2021 13:33:46 +0200
Available diffs
libvirt (6.6.0-1ubuntu3.5) groovy; urgency=medium * d/p/u/lp-1921754*: add EPYC-Rome-v2 as v1 missed IBRS and thereby fails on some HW/Guest combinations e.g. Windows 10 on Threadripper (LP: #1921754) * d/p/u/lp-1921880*: add EPYC-Milan features and named cpu type support (LP: #1921880) -- Christian Ehrhardt <email address hidden> Wed, 07 Apr 2021 13:33:46 +0200
Available diffs
Superseded in impish-release |
Deleted in impish-release (Reason: Moved to impish-proposed) |
Deleted in impish-proposed (Reason: Moved to impish) |
Superseded in impish-proposed |
Superseded in hirsute-updates |
Deleted in hirsute-proposed (Reason: moved to -updates) |
libvirt (7.0.0-2ubuntu2) hirsute; urgency=medium * d/p/u/lp-1921754*: add EPYC-Rome-v2 as v1 missed IBRS and thereby fails on some HW/Guest combinations e.g. Windows 10 on Threadripper (LP: #1921754) * d/p/u/lp-1921880*: add EPYC-Milan features and named cpu type support (LP: #1921880) -- Christian Ehrhardt <email address hidden> Wed, 07 Apr 2021 13:33:46 +0200
Available diffs
1 → 75 of 750 results | First • Previous • Next • Last |