Change log for libvirt package in Ubuntu
| 151 → 225 of 750 results | First • Previous • Next • Last |
libvirt (4.6.0-2ubuntu3.4) cosmic-security; urgency=medium
* SECURITY UPDATE: NULL pointer dereference in qemuAgentGetInterfaces
- debian/patches/CVE-2019-3840.patch: require a reply in
src/qemu/qemu_agent.c.
- CVE-2019-3840
-- Marc Deslauriers <email address hidden> Wed, 13 Mar 2019 08:07:59 -0400
Available diffs
| Superseded in eoan-release |
| Obsolete in disco-release |
| Deleted in disco-proposed (Reason: moved to release) |
libvirt (5.0.0-1ubuntu2) disco; urgency=medium
* Implement further apparmor rules for usage of gl enabled
graphics (LP: #1815452)
- d/p/ubuntu-aa/lp-1815452-more-gl-rules.patch
- d/p/ubuntu-aa/lp-1815452-virt-aa-helper-rule.patch
* Implement further apparmor rules for usage of gl enabled
graphics with nvidia cards (LP: #1817943)
- d/p/ubuntu-aa/lp-1817943-nvidia-gl-rules.patch
- d/p/ubuntu-aa/lp-1817943-devices-in-sysfs.patch
* d/p/ubuntu-aa/lp-1804766-*: updated to the upstream accepted
version (no functional change, LP: 1804766)
-- Christian Ehrhardt <email address hidden> Tue, 12 Feb 2019 11:27:14 +0100
Available diffs
libvirt (4.6.0-2ubuntu3.3) cosmic; urgency=medium
* d/p/ubuntu/lp-1811198-utils-Remove-arbitrary-limit-on-socket_id-core_id
.patch: fix arm servers with high core_id (LP: #1811198)
* d/p/ubuntu/lp-1771662-*: fix assumption that all VFs have PFs assigned
(LP: #1771662)
-- Christian Ehrhardt <email address hidden> Thu, 31 Jan 2019 12:29:37 +0100
Available diffs
libvirt (4.0.0-1ubuntu8.7) bionic; urgency=medium
* d/p/ubuntu/lp-1811198-utils-Remove-arbitrary-limit-on-socket_id-core_id
.patch: fix arm servers with high core_id (LP: #1811198)
* d/p/ubuntu/lp-1771662-*: fix assumption that all VFs have PFs assigned
(LP: #1771662)
-- Christian Ehrhardt <email address hidden> Thu, 31 Jan 2019 12:45:18 +0100
Available diffs
libvirt (5.0.0-1ubuntu1) disco; urgency=medium
* Merged with Debian unstable
Among many other new features and fixes this includes fixes for:
LP: #1754871 - 1799446 zPCI passthrough support for KVM
LP: #1811198 - remove arbitrary limit on socket_id/core_id
Remaining changes:
- Disable libssh2 support (universe dependency)
- Disable firewalld support (universe dependency)
- Set qemu-group to kvm (for compat with older ubuntu)
- Additional apport package-hook
- Autostart default bridged network (As upstream does, but not Debian).
In addition to just enabling it our solution provides:
+ do not autostart if subnet is already taken (e.g. in guests).
+ iterate some alternative subnets before giving up
- d/p/ubuntu/Allow-libvirt-group-to-access-the-socket.patch: This is
the group based access to libvirt functions as it was used in Ubuntu
for quite long.
+ d/p/ubuntu/daemon-augeas-fix-expected.patch fix some related tests
due to the group access change.
+ d/libvirt-daemon-system.postinst: add users in sudo to the libvirt
group.
- ubuntu/parallel-shutdown.patch: set parallel shutdown by default.
- Update Vcs-Git and Vcs-Browser fields to point to launchpad
- Xen related
- d/p/ubuntu/ubuntu-libxl-qemu-path.patch: this change was split. The
section that adapts the path of the emulator to the Debian/Ubuntu
packaging is kept.
- d/p/ubuntu/ubuntu-libxl-Fix-up-VRAM-to-minimum-requirements.patch: auto
set VRAM to minimum requirements
- d/p/ubuntu/xen-default-uri.patch: set default URI on xen hosts
- Add libxl log directory
- libvirt-uri.sh: Automatically switch default libvirt URI for users on
Xen dom0 via user profile (was missing on changelogs before)
- d/p/ubuntu/apibuild-skip-libvirt-common.h: drop libvirt-common.h from
included_files to avoid build failures due to duplicate definitions.
- Update README.Debian with Ubuntu changes
- Enable some additional features on ppc64el and s390x (for arch parity)
+ systemtap, zfs, numa and numad on s390x.
+ systemtap on ppc64el.
- d/t/control, d/t/smoke-qemu-session: fixup smoke-qemu-session by making
vmlinuz available and accessible (Debian bug 848314)
- d/t/control, d/t/smoke-lxc: fix up lxc smoke test isolation
- d/p/ubuntu/ubuntu_machine_type.patch: accept ubuntu types as pci440fx
- Further upstreamed apparmor Delta, especially any new one
Our former delta is split into logical pieces and is either Ubuntu only
or is part of a continuous upstreaming effort.
Listing related remaining changes in debian/patches/ubuntu-aa/:
+ 0001-apparmor-Allow-pygrub-to-run-on-Debian-Ubuntu.patch: apparmor:
Allow pygrub to run on Debian/Ubuntu
+ 0003-apparmor-libvirt-qemu-Allow-read-access-to-overcommi.patch:
apparmor, libvirt-qemu: Allow read access to overcommit_memory
+ 0007-apparmor-libvirt-qemu-Allow-owner-read-access-to-PRO.patch:
apparmor, libvirt-qemu: Allow owner read access to @{PROC}/*/auxv
+ 0017-apparmor-virt-aa-helper-Allow-access-to-tmp-director.patch:
apparmor, virt-aa-helper: Allow access to tmp directories
+ ubuntu-aa/0020-virt-aa-helper-ubuntu-storage-paths.patch:
apparmor, virt-aa-helper: Allow various storage pools and image
locations
+ 0021-apparmor-virt-aa-helper-Add-openvswitch-support.patch:
apparmor, virt-aa-helper: Add openvswitch support
+ 0029-appmor-libvirt-qemu-Add-9p-support.patch: appmor,
libvirt-qemu: Add 9p support
+ 0030-virt-aa-helper-Complete-9p-support.patch: virt-aa-helper:
add l to 9p file options.
+ 0031-virt-aa-helper-Ask-for-no-deny-rule-for-readonly-dis.patch:
virt-aa-helper: Ask for no deny rule for readonly disk (renamed and
reworded, was virt-aa-helper-no-explicity-deny-for-basefiles.patch)
+ 0032-apparmor-libvirt-qemu-Allow-reading-charm-specific-c.patch:
apparmor, libvirt-qemu: Allow reading charm-specific ceph config
+ 0033-UBUNTU-only-apparmor-for-kvm.powerpc-LP-1680384.patch: allow
commands executed by ubuntu only kvm wrapper on ppc64el
(LP 1686621 LP 1680384 LP 1784023)
+ 0034-apparmor-virt-aa-helper-access-for-snapped-nova.patch:
apparmor, virt-aa-helper: access for snapped nova
+ d/p/ubuntu-aa/0050-local-include-for-libvirt-qemu.patch,
d/libvirt-daemon-system.postinst: provide a local apparmor include
for abstraction/libvirt-qemu (LP: 1786019)
- d/rules: enable build time self tests on all architectures
- dnsmasq related enhancements
+ run dnsmasq as libvirt-dnsmasq (LP: 1743718)
+ d/libvirt-daemon-system.postinst: add libvirt-dnsmasq user and group
+ d/libvirt-daemon-system.postrm: remove libvirt-dnsmasq user and group on
purge
+ d/p/ubuntu/dnsmasq-as-priv-user: write dnsmasq config with user
libvirt-dnsmasq and adapt the self tests to expect that config
+ d/libvirt-daemon-system.postinst: fix old libvirt-dnsmasq users group
+ Add dnsmasq configuration to work with system wide dnsmasq-base
- debian/rules: disable the netcf backend. (LP: 1764314)
- debian/control: drop libnetcf from Build-Depends.
- debian/patches/ubuntu/ovmf_paths.patch: adjust paths to secboot.fd UEFI
Secure Boot enabled variants of the OVMF firmware and variable store for
the paths where we ship these files in Ubuntu.
- d/rules: install virtlockd correctly with defaults file (LP: 1729516)
- avoid service dependency issues on upgrade (LP: 1786179)
This will in the long term be resolved in dh_* tools, but to let an
upgrade work for now we need to drop the sysV scripts (which we don't
use anyway) and slightly modify the systemd service to work with todays
dh_systemd_start properly. Can be dropped once Debian bug 905772 is
resolved in dh_* tools and libvirt uses those new code.
- d/libvirt-daemon-system.virtlogd.init: removed sysV init file
- d/libvirt-daemon-system.libvirtd.init: removed sysV init file
- debian/libvirt-daemon-system.maintscript: rm_conffile for virtlogd
and lbivirtd sysV init file
- d/p/ubuntu/avoid-restarting-virtlog-socket.patch: drop Also references
to virtlogd/virtlockd sockets as they would imply a restart of
virtlogd breaking it.
- d/t/smoke-lxc: use systemd instead of sysV to restart the service
* Added Changes:
- Refresh d/p/ubuntu/ubuntu-libxl-qemu-path.patch for new context
- d/rules: also check build time self test results on all architectures
- d/rules: strip -Bsymbolic-functions from linker flags as it breaks
libvirt tests
- d/p/ubuntu/set-default-machine-to-ubuntu.patch: to select default
machine type correctly with newer qemu/libvirt
- d/p/ubuntu-aa/lp-1804766-*: Allow rendering node access as needed
for the ease use of mdev and gl devices (LP: #1804766)
- refreshed d/p/ubuntu-aa for updated paths in libvirt 5.0
- d/t/control: fix smoke-qemu-session by ensuring the service will run
installing libvirt-daemon-system
- d/t/smoke-lxc: fix smoke-lxc by ignoring potential issues on destroy as
long as the following undefine succeeds
- d/p/ubuntu/lp-1771662-*: fix handling of VFs without associated PF
(LP: #1771662)
* Dropped Changes (upstream)
- debian/patches/ubuntu/lp1787405-*: Support guest dedicated Crypto
Adapters on s390x (LP: 1787405)
- d/p/ubuntu/lp-1802727-netdevbridge-fall-back-to-ioctl-from-sysfs.patch:
fix libvirt bridge handling in unprivileged containers (LP: 1802906)
- d/p/ubuntu-aa/lp-1788603-fix-ptrace-rules-with-kernel-4.18.patch:
avoid issues with newer kernels >=4.18 (LP: 1788603)
- Fix an issue where guests with plenty of hostdevs attached where detected
as not shut down due to the kernel needing more time to free up
resources (LP: 1788226)
- d/p/ubuntu/lp-1788226-wait-longer-5-30s-on-hard-shutdown.patch
- d/p/ubuntu/lp-1788226-wait-longer-on-kill-per-assigned-Hostdev.patch
- 0025-apparmor-fix-newer-virt-manager-1.4.0.patch: Add Apparmor
permissions so virt-manager 1.4.0 viewing works (LP 1668681 1747442).
- 0040-apparmor-add-mediation-rules-for-unconfined.patch:
apparmor: add mediation rules for unconfined guests
- d/p/ubuntu-aa/0051-allow-user-tmp.patch: some features need tmp, but we
don't want blanket access. We only allow enumerating the base dir and
reading owned files. Further features needing /tmp have to add local
overrides, examples are qemu-smb and some modes of local snapshots.
(LP: 1365261) Can be dropped >=libvirt 4.7
- d/p/ubuntu-aa/0052-allow-to-preserve-dev-mountpoints.patch: Allow to
preserve /dev mountpoints in qemu namespaces (LP: 1786168)
Can be dropped >=libvirt 4.7
- d/p/ubuntu/enable-kvm-spice.patch: compat with older Ubuntu qemu/kvm
which provided a separate kvm-spice. Upstream completely dropped
alternative types and kvm-spice is a symlink for quite some time.
Builtin expected binaries work, so drop this delta.
* Dropped Changes (in Debian)
- Convert libvirt0, libnss_libvirt and libvirt-dev to multi-arch.
Available diffs
- diff from 4.6.0-2ubuntu5 to 5.0.0-1ubuntu1 (23.3 MiB)
- diff from 4.6.0-2ubuntu6 to 5.0.0-1ubuntu1 (23.3 MiB)
| Superseded in disco-proposed |
libvirt (4.6.0-2ubuntu6) disco; urgency=medium * No-change rebuild for readline soname change. -- Matthias Klose <email address hidden> Tue, 15 Jan 2019 10:26:04 +0000
Available diffs
- diff from 4.6.0-2ubuntu5 to 4.6.0-2ubuntu6 (347 bytes)
libvirt (4.6.0-2ubuntu3.2) cosmic; urgency=medium
* d/p/ubuntu/lp1787405-0008-qemu-mdev-Use-vfio-pci-display-property-only
-with-vf.patch: fix handling of non PCI vfio display propery (part
of LP: #1787405)
Available diffs
libvirt (4.6.0-2ubuntu5) disco; urgency=medium
* d/p/ubuntu/lp1787405-0008-qemu-mdev-Use-vfio-pci-display-property-only
-with-vf.patch: fix handling of non PCI vfio display propery (part
of LP: #1787405)
-- Christian Ehrhardt <email address hidden> Thu, 06 Dec 2018 09:20:39 +0100
Available diffs
| Superseded in cosmic-proposed |
libvirt (4.6.0-2ubuntu3.1) cosmic; urgency=medium
* debian/patches/ubuntu/lp1787405-*: Support guest dedicated Crypto
Adapters on s390x (LP: #1787405)
-- Christian Ehrhardt <email address hidden> Fri, 09 Nov 2018 07:42:01 +0100
Available diffs
libvirt (4.0.0-1ubuntu8.6) bionic; urgency=medium
* d/control: explicitly Build-dep on libwiretap-dev to fix FTBFS since
libwireshark 2.6.x SRU upload (LP: #1801666)
* debian/patches/ubuntu/lp1787405-*: Support guest dedicated Crypto
Adapters on s390x (LP: #1787405)
-- Christian Ehrhardt <email address hidden> Fri, 09 Nov 2018 07:42:01 +0100
Available diffs
libvirt (4.6.0-2ubuntu4) disco; urgency=medium
* debian/patches/ubuntu/lp1787405-*: Support guest dedicated Crypto
Adapters on s390x (LP: #1787405)
* d/p/ubuntu/lp-1802727-netdevbridge-fall-back-to-ioctl-from-sysfs.patch:
fix libvirt bridge handling in unprivileged containers (LP: #1802906)
-- Christian Ehrhardt <email address hidden> Fri, 09 Nov 2018 07:42:01 +0100
Available diffs
libvirt (4.0.0-1ubuntu8.5) bionic; urgency=medium
* d/p/ubuntu-aa/lp-1788603-fix-ptrace-rules-with-kernel-4.18.patch:
avoid issues with newer kernels >=4.18 (LP: #1788603)
* d/p/ubuntu/lp-1789659-don-t-check-for-parallel-iteration-in-hash.patch:
remove broken and redundant check for parallel iteration in hash functions
(LP: #1789659)
-- Christian Ehrhardt <email address hidden> Tue, 28 Aug 2018 07:26:19 +0200
Available diffs
| Superseded in disco-release |
| Obsolete in cosmic-release |
| Deleted in cosmic-proposed (Reason: moved to release) |
libvirt (4.6.0-2ubuntu3) cosmic; urgency=medium
* d/p/ubuntu-aa/lp-1788603-fix-ptrace-rules-with-kernel-4.18.patch:
avoid issues with newer kernels >=4.18 (LP: #1788603)
-- Christian Ehrhardt <email address hidden> Mon, 27 Aug 2018 10:57:57 +0200
Available diffs
libvirt (4.0.0-1ubuntu8.4) bionic; urgency=medium
* Fix an issue where guests with plenty of hostdevs attached where detected
as not shut down due to the kernel needing more time to free up
resources (LP: #1788226)
- d/p/ubuntu/lp-1788226-wait-longer-5-30s-on-hard-shutdown.patch
- d/p/ubuntu/lp-1788226-wait-longer-on-kill-per-assigned-Hostdev.patch
-- Christian Ehrhardt <email address hidden> Thu, 23 Aug 2018 07:36:04 +0200
Available diffs
libvirt (4.6.0-2ubuntu2) cosmic; urgency=medium
* Fix an issue where guests with plenty of hostdevs attached where detected
as not shut down due to the kernel needing more time to free up
resources (LP: #1788226)
- d/p/ubuntu/lp-1788226-wait-longer-5-30s-on-hard-shutdown.patch
- d/p/ubuntu/lp-1788226-wait-longer-on-kill-per-assigned-Hostdev.patch
-- Christian Ehrhardt <email address hidden> Tue, 21 Aug 2018 17:51:43 +0200
Available diffs
libvirt (4.6.0-2ubuntu1) cosmic; urgency=medium * Merged with Debian unstable (LP: #1786957). Among many other new features and fixes this includes fixes for (LP: #1754871), Remaining changes: - Disable libssh2 support (universe dependency) - Disable firewalld support (universe dependency) - Set qemu-group to kvm (for compat with older ubuntu) - Additional apport package-hook - Autostart default bridged network (As upstream does, but not Debian). In addition to just enabling it our solution provides: + do not autostart if subnet is already taken (e.g. in guests). + iterate some alternative subnets before giving up - d/p/ubuntu/Allow-libvirt-group-to-access-the-socket.patch: This is the group based access to libvirt functions as it was used in Ubuntu for quite long. + d/p/ubuntu/daemon-augeas-fix-expected.patch fix some related tests due to the group access change. + d/libvirt-daemon-system.postinst: add users in sudo to the libvirt group. - ubuntu/parallel-shutdown.patch: set parallel shutdown by default. - d/p/ubuntu/enable-kvm-spice.patch: compat with older Ubuntu qemu/kvm which provided a separate kvm-spice. - Xen related - d/p/ubuntu/ubuntu-libxl-qemu-path.patch: this change was split. The section that adapts the path of the emulator to the Debian/Ubuntu packaging is kept. - d/p/ubuntu/ubuntu-libxl-Fix-up-VRAM-to-minimum-requirements.patch: auto set VRAM to minimum requirements - d/p/ubuntu/xen-default-uri.patch: set default URI on xen hosts - Add libxl log directory - libvirt-uri.sh: Automatically switch default libvirt URI for users on Xen dom0 via user profile (was missing on changelogs before) - d/p/ubuntu/apibuild-skip-libvirt-common.h: drop libvirt-common.h from included_files to avoid build failures due to duplicate definitions. - Update README.Debian with Ubuntu changes - Convert libvirt0, libnss_libvirt and libvirt-dev to multi-arch. - Enable some additional features on ppc64el and s390x (for arch parity) + systemtap, zfs, numa and numad on s390x. + systemtap on ppc64el. - d/t/control, d/t/smoke-qemu-session: fixup smoke-qemu-session by making vmlinuz available and accessible (Debian bug 848314) - d/t/control, d/t/smoke-lxc: fix up lxc smoke test isolation - Add dnsmasq configuration to work with system wide dnsmasq (drop >18.04, no more UCA onto Xenial then which has global dnsmasq by default). - d/p/ubuntu/ubuntu_machine_type.patch: accept ubuntu types as pci440fx - Further upstreamed apparmor Delta, especially any new one Our former delta is split into logical pieces and is either Ubuntu only or is part of a continuous upstreaming effort. Listing related remaining changes in debian/patches/ubuntu-aa/: + 0001-apparmor-Allow-pygrub-to-run-on-Debian-Ubuntu.patch: apparmor: Allow pygrub to run on Debian/Ubuntu + 0003-apparmor-libvirt-qemu-Allow-read-access-to-overcommi.patch: apparmor, libvirt-qemu: Allow read access to overcommit_memory + 0007-apparmor-libvirt-qemu-Allow-owner-read-access-to-PRO.patch: apparmor, libvirt-qemu: Allow owner read access to @{PROC}/*/auxv + 0017-apparmor-virt-aa-helper-Allow-access-to-tmp-director.patch: apparmor, virt-aa-helper: Allow access to tmp directories + ubuntu-aa/0020-virt-aa-helper-ubuntu-storage-paths.patch: apparmor, virt-aa-helper: Allow various storage pools and image locations + 0021-apparmor-virt-aa-helper-Add-openvswitch-support.patch: apparmor, virt-aa-helper: Add openvswitch support + 0025-apparmor-fix-newer-virt-manager-1.4.0.patch: Add Apparmor permissions so virt-manager 1.4.0 viewing works (LP 1668681 1747442). Can be dropped >=libvirt 4.7 + 0029-appmor-libvirt-qemu-Add-9p-support.patch: appmor, libvirt-qemu: Add 9p support + 0030-virt-aa-helper-Complete-9p-support.patch: virt-aa-helper: add l to 9p file options. + 0031-virt-aa-helper-Ask-for-no-deny-rule-for-readonly-dis.patch: virt-aa-helper: Ask for no deny rule for readonly disk (renamed and reworded, was virt-aa-helper-no-explicity-deny-for-basefiles.patch) + 0032-apparmor-libvirt-qemu-Allow-reading-charm-specific-c.patch: apparmor, libvirt-qemu: Allow reading charm-specific ceph config + 0033-UBUNTU-only-apparmor-for-kvm.powerpc-LP-1680384.patch: allow commands executed by ubuntu only kvm wrapper on ppc64el (LP 1686621 & LP 1680384). + 0034-apparmor-virt-aa-helper-access-for-snapped-nova.patch: apparmor, virt-aa-helper: access for snapped nova + 0040-apparmor-add-mediation-rules-for-unconfined.patch: apparmor: add mediation rules for unconfined guests Can be dropped >=libvirt 4.7 - d/rules: enable build time self tests on all architectures - run dnsmasq as libvirt-dnsmasq (LP: 1743718) + d/libvirt-daemon-system.postinst: add libvirt-dnsmasq user and group + d/libvirt-daemon-system.postrm: remove libvirt-dnsmasq user and group on purge + d/p/ubuntu/dnsmasq-as-priv-user: write dnsmas config with user libvirt-dnsmasq and adapt the self tests to expect that config + d/libvirt-daemon-system.postinst: fix old libvirt-dnsmasq users - debian/rules: disable the netcf backend. (LP: 1764314) - debian/control: drop libnetcf from Build-Depends. - ddebian/patches/ubuntu/ovmf_paths.patch: adjust paths to secboot.fd UEFI Secure Boot enabled variants of the OVMF firmware and variable store for the paths where we ship these files in Ubuntu. - d/rules: install virtlockd correctly with defaults file (LP: 1729516) * Added Changes - 0032-apparmor-libvirt-qemu-Allow-reading-charm-specific-c.patch: updated to take care of no more silencing and thereby hiding denials (LP 1719579 is an example) - 0032-apparmor-libvirt-qemu-Allow-reading-charm-specific-c.patch: updated to also allow the optionally placed ceph asok file (LP: #1779674) - 0033-UBUNTU-only-apparmor-for-kvm.powerpc-LP-1680384.patch: prepare profile for usrmerge (LP: #1784023) - Finalize the libvirt-bin -> libvirt-* transition in the apport package-hook. - d/p/ubuntu-aa/0050-local-include-for-libvirt-qemu.patch, d/libvirt-daemon-system.postinst: provide a local apparmor include for abstraction/libvirt-qemu (LP: #1786019) - d/p/ubuntu-aa/0051-allow-user-tmp.patch: some features need tmp, but we don't want blanket access. We only allow enumerating the base dir and reading owned files. Further features needing /tmp have to add local overrides, examples are qemu-smb and some modes of local snapshots. (LP: #1365261) Can be dropped >=libvirt 4.7 - d/p/ubuntu-aa/0052-allow-to-preserve-dev-mountpoints.patch: Allow to preserve /dev mountpoints in qemu namespaces (LP: #1786168) Can be dropped >=libvirt 4.7 - avoid service dependency issues on upgrade (LP: #1786179) This will in the long term be resolved in dh_* tools, but to let an upgrade work for now we need to drop the sysV scripts (which we don't use anyway) and slightly modify the systemd service to work with todays dh_systemd_start properly. Can be dropped once Debian bug 905772 is resolved in dh_* tools and libvirt uses those new code. - d/libvirt-daemon-system.virtlogd.init: removed sysV init file - d/libvirt-daemon-system.libvirtd.init: removed sysV init file - debian/libvirt-daemon-system.maintscript: rm_conffile for virtlogd and lbivirtd sysV init file - d/p/ubuntu/avoid-restarting-virtlog-socket.patch: drop Also references to virtlogd/virtlockd sockets as they would imply a restart of virtlogd breaking it. - d/t/smoke-lxc: use systemd instead of sysV to restart the service * Dropped Changes (upstream) - d/p/ubuntu/virt-aa-helper-Set-the-supported-features.patch: allow parsing of memory slots and other extended features without breaking virt-aa-helper (LP: 1746431). - d/p/stable/0001-Revert-qemu-monitor-do-not-report-error-on-shutdown.patch - d/p/stable/0002-nodedev-Fix-failing-to-parse-PCI-address-for-non-PCI.patch - d/p/stable/0003-qemu-assign-correct-type-of-PCI-address-for-vhost-sc.patch - d/p/stable/0004-qemu-Refresh-caps-cache-after-booting-a-different-ke.patch - d/p/stable/0005-qemu-auto-add-generic-xhci-rather-than-NEC-xhci-to-Q.patch - d/p/stable/0006-libvirtd-Explicit-dependency-on-systemd-machined.patch - d/p/stable/0007-rpc-fix-race-sending-and-encoding-sasl-data.patch - d/p/stable/0008-vhost-user-add-support-reconnect-for-vhost-user-port.patch - d/p/stable/0009-qemu-Fix-memory-leak-in-processGuestPanicEvent.patch - d/p/stable/0010-storage-util-Properly-ignore-errors-when-backing-vol.patch - d/p/stable/0011-conf-Use-correct-attribute-name-in-error-message.patch - d/p/stable/0012-util-json-Add-helper-to-return-string-or-number-prop.patch - d/p/stable/0013-util-storage-Parse-lun-for-iSCSI-protocol-from-JSON-.patch - d/p/stable/0014-virsh-Offer-only-persistent-domains-for-autostart.patch - d/p/stable/0015-blockjob-Fix-a-error-checking-of-blockjob-status-in-.patch - d/p/stable/0016-qemu-Expose-rx-tx_queue_size-in-qemu.conf-too.patch - d/p/stable/0017-qemu-migration-Refresh-device-information-after-tran.patch - d/p/stable/0018-qemuDomainRemoveMemoryDevice-unlink-memory-backing-f.patch - d/p/stable/0019-vbox-fix-SEGV-during-dumpxml-of-a-serial-port.patch - d/p/stable/0020-qemu-Initialize-priv-in-qemuDomainCoreDumpWithFormat.patch - d/p/stable/0021-fix-regex-to-check-CN-from-server-certificate.patch - d/p/stable/0022-storage-Fix-formatting-and-parsing-of-qemu-type-Unix.patch - d/p/stable/0023-util-storage-Remove-detected-authentication-data-for.patch - d/p/stable/0024-qemu-blockcopy-Add-check-for-bandwidth.patch - d/p/stable/0025-conf-move-generated-member-from-virMacAddr-to-virDom.patch - d/p/stable/0026-lxc-Drop-useless-check-in-live-device-update.patch - d/p/stable/0027-Pass-oldDev-to-virDomainDefCompatibleDevice-on-devic.patch - d/p/stable/0028-qemu-Fix-updating-device-with-boot-order.patch - d/p/stable/0030-daemon-fix-rpc-event-leak-on-error-path-in-remoteDis.patch - d/p/stable/0029-lxc-fix-rpc-event-leak-on-error-path-in-virLXCContro.patch - d/p/stable/0031-qemu-fix-memory-leak-of-vporttype-during-migration.patch - d/p/stable/0032-virsh-fixing-segfault-by-pool-autocompleter-function.patch - d/p/stable/0033-qemu-Fix-comparison-assignment-in-qemuDomainUpdateDe.patch - d/p/stable/0034-qemu-Fix-memory-leak-in-qemuConnectGetAllDomainStats.patch - d/p/stable/0035-libvirtd-fix-potential-deadlock-when-reloading.patch - d/p/stable/0036-qemu-Use-correct-bus-type-for-input-devices.patch - d/p/stable/0037-qemu-hostdev-Fix-the-error-on-VM-start-with-an-mdev-.patch - d/p/stable/0038-conf-Fix-crash-in-virDomainDefCompatibleDevice.patch - d/p/ubuntu/lp1688508-tools-avoid-text-spilling-into-variables.patch: avoid hanging on shutdown (LP: 1688508) - d/p/ubuntu-aa/0041-apparmor-add-ro-rule-for-sasl-GSSAPI- plugin-on-etc-g.patch fix issues if sasl is configured (LP: 1696471) - d/p/ubuntu-aa/0042-virt-aa-helper-resolve-yet-to-be-created-paths.patch ensure symlinks are resolved to get valid rules if interim parts of a path are a symlink (LP: 1752361) - d/p/ubuntu/lp1688508-tools-fix-variable-scope-in-in-check_guests_shutdown: avoid issues shutting down more guests than configured for parallel shutdown (LP: 1688508) - d/p/ubuntu-aa/lp1756394-virt-aa-helper-resolve-file-symlinks.patch: fix using devices that are symlinks (LP: 1756394) - Fix nvdimm memory and passthrough input devices for hotplug via domain security callbacks backporting upstream commits (LP: 1755153). + d/p/ubuntu-aa/lp1755153-apparmor-add-Set-Restore-InputLabel.patch + d/p/ubuntu-aa/lp1755153-apparmor-add-Set-Restore-MemoryLabel.patch - Fix nvdimm memory and passthrough input devices in initial guest description via virt-aa-helper (LP: 1757085). + d/p/ubuntu-aa/lp1757085-virt-aa-helper-nvdimm-memory.patch + d/p/ubuntu-aa/lp1757085-virt-aa-helper-passthrough-input.patch - Fix clean shut down of guests on system shutdown (LP: 1764668) + d/p/ubuntu/lp-1764668-do-not-report-unknown-guests.patch + d/p/ubuntu/lp-1764668-fix-check_guests_shutdown-loop.patch - SECURITY UPDATE: QEMU monitor DoS + debian/patches/CVE-2018-1064.patch: add size limit to src/qemu/qemu_agent.c. + CVE-2018-1064 - SECURITY UPDATE: Speculative Store Bypass + debian/patches/CVE-2018-3639-1.patch: define the 'ssbd' CPUID feature bit in src/cpu/cpu_map.xml. + debian/patches/CVE-2018-3639-2.patch: define the 'virt-ssbd' CPUID feature bit in src/cpu/cpu_map.xml. + CVE-2018-3639 - d/p/ubuntu-aa/lp1775777-vfio-usage-without-initial-hostdev.patch: fix hotplug use cases where the initial guest had no hostdev at all and therefore vrit-aa-helper did not allow /dev/vfio/vfio (LP: 1775777) - debian/patches/ubuntu/lp-1758037-nwfilter-increase-pcap-buffer-size.patch: Fix nwfilters that set CTRL_IP_LEARNING set to dhcp failing with "An error occurred, but the cause is unknown" due to a buffer being too small for pcap with TPACKET_V3 enabled (LP: 1758037) - SECURITY UPDATE: code injection via libnss_dns.so + debian/patches/CVE-2018-6764-1.patch: determine the hostname on startup in src/util/virlog.c. + debian/patches/CVE-2018-6764-2.patch: fix syntax-check in src/util/virlog.c. + debian/patches/CVE-2018-6764-3.patch: fix deadlock obtaining hostname in cfg.mk, src/util/virlog.c. + CVE-2018-6764 * Dropped Changes (no upgrade path left that needs those) - Backwards compatible handling of group rename (can be dropped >18.04). - Modifications to adapt for our delayed switch away from libvirt-bin (can be dropped >18.04). + d/p/ubuntu/libvirtd-service-add-bin-alias.patch: systemd: define alias to old service name so that old references work + d/p/ubuntu/libvirtd-init-add-bin-alias.patch: sysv init: define alias to old service name so that old references work + d/control: transitional package with the old name and maintainer scripts to handle the transition - fix conffile upgrade handling to avoid obsolete files and inactive duplicates (LP 1694159) - conffile handling of files dropped in 3.5 (can be dropped >18.04) + /etc/init.d/virtlockd was sysv init only + /etc/apparmor.d/local/usr.sbin.libvirtd and /etc/apparmor.d/local/usr.lib.libvirt.virt-aa-helper are now generated by dh_apparmor as needed - d/libvirt-daemon-system.maintscript: remove the now dropped conffile /etc/cron.daily/libvirt-daemon-system * Dropped Changes (cleanups) - d/test/smoke-lxc workaround for debbug 848317/867379 (systemd has fixed one issue and the other is solved in libvirt by ensuring to move to the right cgroups.) - remove no more used libvirt-dnsmasq user (this was redundant since 4.0.0-1ubuntu5 reintroduced a libvirt-dnsmasq user) - Disable selinux (now in main) -- Christian Ehrhardt <email address hidden> Sat, 18 Aug 2018 14:40:58 +0200
Available diffs
- diff from 4.0.0-1ubuntu13 to 4.6.0-2ubuntu1 (24.8 MiB)
libvirt (4.0.0-1ubuntu13) cosmic; urgency=medium
* ddebian/patches/ubuntu/ovmf_paths.patch: adjust paths to secboot.fd UEFI
Secure Boot enabled variants of the OVMF firmware and variable store for
the paths where we ship these files in Ubuntu.
-- Mathieu Trudel-Lapierre <email address hidden> Wed, 27 Jun 2018 11:16:23 -0400
Available diffs
libvirt (4.0.0-1ubuntu8.3) bionic; urgency=medium
* d/p/ubuntu-aa/lp1775777-vfio-usage-without-initial-hostdev.patch: fix
hotplug use cases where the initial guest had no hostdev at all and
therefore vrit-aa-helper did not allow /dev/vfio/vfio (LP: #1775777)
-- Christian Ehrhardt <email address hidden> Wed, 13 Jun 2018 10:48:18 +0200
Available diffs
libvirt (4.0.0-1ubuntu12) cosmic; urgency=medium
* d/p/ubuntu-aa/lp1775777-vfio-usage-without-initial-hostdev.patch: fix
hotplug use cases where the initial guest had no hostdev at all and
therefore vrit-aa-helper did not allow /dev/vfio/vfio (LP: #1775777)
-- Christian Ehrhardt <email address hidden> Tue, 12 Jun 2018 16:24:01 +0200
Available diffs
libvirt (1.2.2-0ubuntu13.1.27) trusty-security; urgency=medium
* SECURITY UPDATE: QEMU monitor DoS
- debian/patches/CVE-2018-1064.patch: add size limit to
src/qemu/qemu_agent.c.
- CVE-2018-1064
* SECURITY UPDATE: Speculative Store Bypass
- debian/patches/CVE-2018-3639-1.patch: define the 'ssbd' CPUID feature
bit in src/cpu/cpu_map.xml.
- debian/patches/CVE-2018-3639-2.patch: define the 'virt-ssbd' CPUID
feature bit in src/cpu/cpu_map.xml.
- CVE-2018-3639
-- Marc Deslauriers <email address hidden> Wed, 23 May 2018 14:23:45 -0400
Available diffs
libvirt (3.6.0-1ubuntu6.8) artful-security; urgency=medium
* SECURITY UPDATE: QEMU monitor DoS
- debian/patches/CVE-2018-1064.patch: add size limit to
src/qemu/qemu_agent.c.
- CVE-2018-1064
* SECURITY UPDATE: Speculative Store Bypass
- debian/patches/CVE-2018-3639-1.patch: define the 'ssbd' CPUID feature
bit in src/cpu/cpu_map.xml.
- debian/patches/CVE-2018-3639-2.patch: define the 'virt-ssbd' CPUID
feature bit in src/cpu/cpu_map.xml.
- CVE-2018-3639
-- Marc Deslauriers <email address hidden> Wed, 23 May 2018 13:23:59 -0400
Available diffs
libvirt (1.3.1-1ubuntu10.24) xenial-security; urgency=medium
* SECURITY UPDATE: QEMU monitor DoS
- debian/patches/CVE-2018-1064.patch: add size limit to
src/qemu/qemu_agent.c.
- CVE-2018-1064
* SECURITY UPDATE: Speculative Store Bypass
- debian/patches/CVE-2018-3639-1.patch: define the 'ssbd' CPUID feature
bit in src/cpu/cpu_map.xml.
- debian/patches/CVE-2018-3639-2.patch: define the 'virt-ssbd' CPUID
feature bit in src/cpu/cpu_map.xml.
- CVE-2018-3639
-- Marc Deslauriers <email address hidden> Wed, 23 May 2018 13:29:29 -0400
Available diffs
libvirt (4.0.0-1ubuntu8.2) bionic-security; urgency=medium
* SECURITY UPDATE: QEMU monitor DoS
- debian/patches/CVE-2018-1064.patch: add size limit to
src/qemu/qemu_agent.c.
- CVE-2018-1064
* SECURITY UPDATE: Speculative Store Bypass
- debian/patches/CVE-2018-3639-1.patch: define the 'ssbd' CPUID feature
bit in src/cpu/cpu_map.xml.
- debian/patches/CVE-2018-3639-2.patch: define the 'virt-ssbd' CPUID
feature bit in src/cpu/cpu_map.xml.
- CVE-2018-3639
-- Marc Deslauriers <email address hidden> Wed, 23 May 2018 13:23:01 -0400
Available diffs
libvirt (4.0.0-1ubuntu11) cosmic; urgency=medium
* SECURITY UPDATE: QEMU monitor DoS
- debian/patches/CVE-2018-1064.patch: add size limit to
src/qemu/qemu_agent.c.
- CVE-2018-1064
* SECURITY UPDATE: Speculative Store Bypass
- debian/patches/CVE-2018-3639-1.patch: define the 'ssbd' CPUID feature
bit in src/cpu/cpu_map.xml.
- debian/patches/CVE-2018-3639-2.patch: define the 'virt-ssbd' CPUID
feature bit in src/cpu/cpu_map.xml.
- CVE-2018-3639
-- Marc Deslauriers <email address hidden> Tue, 22 May 2018 10:55:56 -0400
Available diffs
libvirt (1.3.1-1ubuntu10.23) xenial; urgency=medium
* Fix nwfilters that set CTRL_IP_LEARNING set to dhcp failing with "An error
occurred, but the cause is unknown" due to a buffer being too small
for pcap with TPACKET_V3 enabled (LP: #1758037)
- debian/patches/ubuntu/lp-1758037-nwfilter-increase-pcap-buffer-size.patch
-- Christian Ehrhardt <email address hidden> Fri, 11 May 2018 07:37:36 +0200
Available diffs
libvirt (3.6.0-1ubuntu6.7) artful; urgency=medium
* Fix nwfilters that set CTRL_IP_LEARNING set to dhcp failing with "An error
occurred, but the cause is unknown" due to a buffer being too small
for pcap with TPACKET_V3 enabled (LP: #1758037)
- debian/patches/ubuntu/lp-1758037-nwfilter-increase-pcap-buffer-size.patch
-- Christian Ehrhardt <email address hidden> Fri, 11 May 2018 07:35:09 +0200
Available diffs
libvirt (4.0.0-1ubuntu8.1) bionic; urgency=medium
* Fix nwfilters that set CTRL_IP_LEARNING set to dhcp failing with "An error
occurred, but the cause is unknown" due to a buffer being too small
for pcap with TPACKET_V3 enabled (LP: #1758037)
- debian/patches/ubuntu/lp-1758037-nwfilter-increase-pcap-buffer-size.patch
-- Christian Ehrhardt <email address hidden> Fri, 11 May 2018 07:32:28 +0200
Available diffs
libvirt (4.0.0-1ubuntu10) cosmic; urgency=medium
* Fix nwfilters that set CTRL_IP_LEARNING set to dhcp failing with "An error
occurred, but the cause is unknown" due to a buffer being too small
for pcap with TPACKET_V3 enabled (LP: #1758037)
- debian/patches/ubuntu/lp-1758037-nwfilter-increase-pcap-buffer-size.patch
-- Christian Ehrhardt <email address hidden> Wed, 09 May 2018 17:07:59 +0200
Available diffs
| Superseded in cosmic-proposed |
libvirt (4.0.0-1ubuntu9) cosmic; urgency=medium * debian/rules: disable the netcf backend. (LP: #1764314) * debian/control: drop libnetcf from Build-Depends. -- Mathieu Trudel-Lapierre <email address hidden> Wed, 09 May 2018 10:06:15 -0400
Available diffs
- diff from 4.0.0-1ubuntu8 to 4.0.0-1ubuntu9 (741 bytes)
libvirt (1.3.1-1ubuntu10.22) xenial; urgency=medium * Fix clean shut down of guests on system shutdown (LP: #1764668) - d/p/ubuntu/lp-1764668-do-not-report-unknown-guests.patch - d/p/ubuntu/lp-1764668-fix-check_guests_shutdown-loop.patch -- Christian Ehrhardt <email address hidden> Wed, 25 Apr 2018 09:26:12 +0200
Available diffs
libvirt (3.6.0-1ubuntu6.6) artful; urgency=medium * Fix clean shut down of guests on system shutdown (LP: #1764668) - d/p/ubuntu/lp-1764668-do-not-report-unknown-guests.patch - d/p/ubuntu/lp-1764668-fix-check_guests_shutdown-loop.patch -- Christian Ehrhardt <email address hidden> Wed, 25 Apr 2018 09:24:08 +0200
Available diffs
| Superseded in cosmic-release |
| Published in bionic-release |
| Deleted in bionic-proposed (Reason: moved to release) |
libvirt (4.0.0-1ubuntu8) bionic; urgency=medium * Fix clean shut down of guests on system shutdown (LP: #1764668) - d/p/ubuntu/lp-1764668-do-not-report-unknown-guests.patch - d/p/ubuntu/lp-1764668-fix-check_guests_shutdown-loop.patch -- Christian Ehrhardt <email address hidden> Tue, 24 Apr 2018 11:09:48 +0200
Available diffs
libvirt (3.6.0-1ubuntu6.5) artful; urgency=medium
* d/p/ubuntu/lp1688508-fix-variable-scope-in-in-check_guests_shutdown.patch:
backport further upstream fixes that were identified on verification.
Together with the former change this fixes (LP: #1688508)
Available diffs
libvirt (1.3.1-1ubuntu10.21) xenial; urgency=medium
* d/p/ubuntu/lp1688508-fix-variable-scope-in-in-check_guests_shutdown.patch:
backport further upstream fixes that were identified on verification.
Together with the former change this fixes (LP: #1688508)
* d/p/ubuntu/lp1753604-nwfilter-fix-lock-order-deadlock.patch:
fix intermittent deadlock in NWFilter handling (LP: #1753604)
Available diffs
libvirt (4.0.0-1ubuntu7) bionic; urgency=medium
* Fix nvdimm memory and passthrough input devices for hotplug via
domain security callbacks backporting upstream commits (LP: #1755153).
- d/p/ubuntu-aa/lp1755153-apparmor-add-Set-Restore-InputLabel.patch
- d/p/ubuntu-aa/lp1755153-apparmor-add-Set-Restore-MemoryLabel.patch
* Fix nvdimm memory and passthrough input devices in initial guest
description via virt-aa-helper (LP: #1757085).
- d/p/ubuntu-aa/lp1757085-virt-aa-helper-nvdimm-memory.patch
- d/p/ubuntu-aa/lp1757085-virt-aa-helper-passthrough-input.patch
-- Christian Ehrhardt <email address hidden> Wed, 21 Mar 2018 08:30:47 +0100
Available diffs
libvirt (4.0.0-1ubuntu6) bionic; urgency=medium * Backport from recent upstream to stabilize libvirt (LP: #1756915) - d/p/stable/0033-qemu-Fix-comparison-assignment-in-qemuDomainUpdateDe.patch - d/p/stable/0034-qemu-Fix-memory-leak-in-qemuConnectGetAllDomainStats.patch - d/p/stable/0035-libvirtd-fix-potential-deadlock-when-reloading.patch - d/p/stable/0036-qemu-Use-correct-bus-type-for-input-devices.patch - d/p/stable/0037-qemu-hostdev-Fix-the-error-on-VM-start-with-an-mdev-.patch - d/p/stable/0038-conf-Fix-crash-in-virDomainDefCompatibleDevice.patch * d/p/ubuntu/lp1688508-tools-fix-variable-scope-in-in-check_guests_shutdown: avoid issues shutting down more guests than configured for parallel shutdown (LP: #1688508) * d/p/ubuntu-aa/lp1756394-virt-aa-helper-resolve-file-symlinks.patch: fix using devices that are symlinks (LP: #1756394) -- Christian Ehrhardt <email address hidden> Mon, 19 Mar 2018 14:57:08 +0100
Available diffs
libvirt (4.0.0-1ubuntu5) bionic; urgency=medium * run dnsmasq as libvirt-dnsmasq (LP: #1743718) - d/libvirt-daemon-system.postinst: add libvirt-dnsmasq user and group - d/libvirt-daemon-system.postrm: remove libvirt-dnsmasq user and group on purge - d/p/ubuntu/dnsmasq-as-priv-user: write dnsmas config with user libvirt-dnsmasq and adapt the self tests to expect that config - d/libvirt-daemon-system.postinst: fix old libvirt-dnsmasq users * Backport from recent upstream to stabilize libvirt (LP: #1754352) - d/p/stable/0024-qemu-blockcopy-Add-check-for-bandwidth.patch - d/p/stable/0025-conf-move-generated-member-from-virMacAddr-to-virDom.patch - d/p/stable/0026-lxc-Drop-useless-check-in-live-device-update.patch - d/p/stable/0027-Pass-oldDev-to-virDomainDefCompatibleDevice-on-devic.patch - d/p/stable/0028-qemu-Fix-updating-device-with-boot-order.patch - d/p/stable/0030-daemon-fix-rpc-event-leak-on-error-path-in-remoteDis.patch - d/p/stable/0029-lxc-fix-rpc-event-leak-on-error-path-in-virLXCContro.patch - d/p/stable/0031-qemu-fix-memory-leak-of-vporttype-during-migration.patch - d/p/stable/0032-virsh-fixing-segfault-by-pool-autocompleter-function.patch * d/p/ubuntu-aa/0041-apparmor-add-ro-rule-for-sasl-GSSAPI- plugin-on-etc-g.patch fix issues if sasl is configured (LP: #1696471) * d/p/ubuntu-aa/0042-virt-aa-helper-resolve-yet-to-be-created-paths.patch ensure symlinks are resolved to get valid rules if interim parts of a path are a symlink (LP: #1752361) -- Christian Ehrhardt <email address hidden> Tue, 27 Feb 2018 12:04:02 +0100
Available diffs
- diff from 4.0.0-1ubuntu4 to 4.0.0-1ubuntu5 (12.6 KiB)
| Deleted in artful-proposed (Reason: SRU abandoned (verification-failed)) |
libvirt (3.6.0-1ubuntu6.4) artful; urgency=medium
* d/p/ubuntu/lp1688508-tools-avoid-text-spilling-into-variables.patch:
avoid hanging on shutdown (LP: #1688508)
-- Dariusz Gadomski <email address hidden> Mon, 26 Feb 2018 14:30:44 +0100
Available diffs
- diff from 3.6.0-1ubuntu6 to 3.6.0-1ubuntu6.4 (17.1 KiB)
| Deleted in xenial-proposed (Reason: SRU abandoned (verification-failed)) |
libvirt (1.3.1-1ubuntu10.20) xenial; urgency=medium
* d/p/ubuntu/lp1688508-tools-avoid-text-spilling-into-variables.patch:
avoid hanging on shutdown (LP: #1688508)
-- Dariusz Gadomski <email address hidden> Mon, 26 Feb 2018 14:37:40 +0100
Available diffs
libvirt (4.0.0-1ubuntu4) bionic; urgency=medium
* d/p/ubuntu/lp1688508-tools-avoid-text-spilling-into-variables.patch:
avoid hanging on shutdown (LP: #1688508)
-- Christian Ehrhardt <email address hidden> Fri, 23 Feb 2018 16:43:19 +0100
Available diffs
libvirt (4.0.0-1ubuntu3) bionic; urgency=medium
[ Christian Ehrhardt ]
* Backport of 23 bug fixes from recent upstream to stabilize libvirt on 18.04
- d/p/stable/0001-Revert-qemu-monitor-do-not-report-error-on-shutdown.patch
- d/p/stable/0002-nodedev-Fix-failing-to-parse-PCI-address-for-non-PCI.patch
- d/p/stable/0003-qemu-assign-correct-type-of-PCI-address-for-vhost-sc.patch
- d/p/stable/0004-qemu-Refresh-caps-cache-after-booting-a-different-ke.patch
- d/p/stable/0005-qemu-auto-add-generic-xhci-rather-than-NEC-xhci-to-Q.patch
- d/p/stable/0006-libvirtd-Explicit-dependency-on-systemd-machined.patch
- d/p/stable/0007-rpc-fix-race-sending-and-encoding-sasl-data.patch
- d/p/stable/0008-vhost-user-add-support-reconnect-for-vhost-user-port.patch
- d/p/stable/0009-qemu-Fix-memory-leak-in-processGuestPanicEvent.patch
- d/p/stable/0010-storage-util-Properly-ignore-errors-when-backing-vol.patch
- d/p/stable/0011-conf-Use-correct-attribute-name-in-error-message.patch
- d/p/stable/0012-util-json-Add-helper-to-return-string-or-number-prop.patch
- d/p/stable/0013-util-storage-Parse-lun-for-iSCSI-protocol-from-JSON-.patch
- d/p/stable/0014-virsh-Offer-only-persistent-domains-for-autostart.patch
- d/p/stable/0015-blockjob-Fix-a-error-checking-of-blockjob-status-in-.patch
- d/p/stable/0016-qemu-Expose-rx-tx_queue_size-in-qemu.conf-too.patch
- d/p/stable/0017-qemu-migration-Refresh-device-information-after-tran.patch
- d/p/stable/0018-qemuDomainRemoveMemoryDevice-unlink-memory-backing-f.patch
- d/p/stable/0019-vbox-fix-SEGV-during-dumpxml-of-a-serial-port.patch
- d/p/stable/0020-qemu-Initialize-priv-in-qemuDomainCoreDumpWithFormat.patch
- d/p/stable/0021-fix-regex-to-check-CN-from-server-certificate.patch
- d/p/stable/0022-storage-Fix-formatting-and-parsing-of-qemu-type-Unix.patch
- d/p/stable/0023-util-storage-Remove-detected-authentication-data-for.patch
* d/rules: enable build time self tests on all architectures
[ Marc Deslauriers ]
* SECURITY UPDATE: code injection via libnss_dns.so
- debian/patches/CVE-2018-6764-1.patch: determine the hostname on
startup in src/util/virlog.c.
- debian/patches/CVE-2018-6764-2.patch: fix syntax-check in
src/util/virlog.c.
- debian/patches/CVE-2018-6764-3.patch: fix deadlock obtaining hostname
in cfg.mk, src/util/virlog.c.
- CVE-2018-6764
-- Christian Ehrhardt <email address hidden> Mon, 19 Feb 2018 14:18:44 +0100
Available diffs
- diff from 4.0.0-1ubuntu2 to 4.0.0-1ubuntu3 (29.5 KiB)
libvirt (1.3.1-1ubuntu10.19) xenial-security; urgency=medium
[ Leonidas S. Barbosa ]
* SECURITY UPDATE: resource exhaustion resulting in DoS
- debian/patches/CVE-2018-5748.patch: avoid DoS reading from
QEMU monitor in src/qemu/qemu_monitor.c.
- CVE-2018-5748
* SECURITY UPDATE: Bypass authentication
- debian/patches/CVE-2016-5008.patch: let empty default VNC
password work as documented in src/qemu/qemu_hotplug.c.
- CVE-2016-5008
[ Marc Deslauriers ]
* SECURITY UPDATE: code injection via libnss_dns.so
- debian/patches/CVE-2018-6764-1.patch: determine the hostname on
startup in src/util/virlog.c.
- debian/patches/CVE-2018-6764-2.patch: fix syntax-check in
src/util/virlog.c.
- debian/patches/CVE-2018-6764-3.patch: fix deadlock obtaining hostname
in cfg.mk, src/util/virlog.c.
- CVE-2018-6764
-- Marc Deslauriers <email address hidden> Fri, 16 Feb 2018 07:51:15 -0500
Available diffs
libvirt (3.6.0-1ubuntu6.3) artful-security; urgency=medium
[ Leonidas S. Barbosa ]
* SECURITY UPDATE: resource exhaustion resulting in DoS
- debian/patches/CVE-2018-5748.patch: avoid DoS reading from
QEMU monitor in src/qemu/qemu_monitor.c.
- CVE-2018-5748
* SECURITY UPDATE: Failure to validate SSL/TLS certificates
- debian/patches/CVE-2017-1000256.patch: ensure TLS clients always verify
the server certificate in src/qemu/qemu_command.c.
- CVE-2017-1000256
[ Marc Deslauriers ]
* SECURITY UPDATE: code injection via libnss_dns.so
- debian/patches/CVE-2018-6764-1.patch: determine the hostname on
startup in src/util/virlog.c.
- debian/patches/CVE-2018-6764-2.patch: fix syntax-check in
src/util/virlog.c.
- debian/patches/CVE-2018-6764-3.patch: fix deadlock obtaining hostname
in cfg.mk, src/util/virlog.c.
- CVE-2018-6764
-- Marc Deslauriers <email address hidden> Fri, 16 Feb 2018 07:51:15 -0500
Available diffs
libvirt (1.2.2-0ubuntu13.1.26) trusty-security; urgency=medium
* SECURITY UPDATE: resource exhaustion resulting in DoS
- debian/patches/CVE-2018-5748.patch: avoid DoS reading from
QEMU monitor in src/qemu/qemu_monitor.c.
- CVE-2018-5748
* SECURITY UPDATE: Bypass authentication
- debian/patches/CVE-2016-5008.patch: let empty default VNC
password work as documented in src/qemu/qemu_hotplug.c.
- CVE-2016-5008
-- <email address hidden> (Leonidas S. Barbosa) Fri, 16 Feb 2018 07:51:15 -0500
Available diffs
libvirt (1.3.1-1ubuntu10.18) xenial; urgency=medium * virsh api is stuck when vm is down with NFS borken (LP: #1746630) - d/p/0001-qemu-driver-Remove-unnecessary-flag-in-qemuDomainGet.patch qemu: driver: Remove unnecessary flag in qemuDomainGetStatsBlock - d/p/0002-qemu-driver-Separate-bulk-stats-worker-for-block-dev.patch qemu: driver: Separate bulk stats worker for block devices - d/p/0003-qemu-bulk-stats-Don-t-access-possibly-blocked-storag.patch qemu: bulk stats: Don't access possibly blocked storage -- Seyeong Kim <email address hidden> Thu, 01 Feb 2018 09:43:45 +0900
Available diffs
libvirt (4.0.0-1ubuntu2) bionic; urgency=medium
* d/p/ubuntu-aa/0025-apparmor-fix-newer-virt-manager-1.4.0.patch: refreshed
as libvirt 4.0 needs a reversed rule for openGraphicsFD (LP: #1747442)
- refreshed 0032 and 0040 to match the new context.
* d/p/ubuntu/virt-aa-helper-Set-the-supported-features.patch: allow parsing
of memory slots and other extended features without breaking
virt-aa-helper (LP: #1746431).
-- Christian Ehrhardt <email address hidden> Fri, 02 Feb 2018 07:31:17 +0100
Available diffs
libvirt (1.3.1-1ubuntu10.17) xenial-security; urgency=medium
* SECURITY UPDATE: Add support for Spectre mitigations
- debian/patches/CVE-2017-5715-ibrs*.patch: add CPU features for
indirect branch prediction protection and add new *-IBRS CPU models.
- debian/control: add Breaks to get updated qemu with new CPU models.
- CVE-2017-5715
-- Marc Deslauriers <email address hidden> Thu, 01 Feb 2018 15:01:16 -0500
Available diffs
libvirt (3.6.0-1ubuntu6.2) artful-security; urgency=medium
* SECURITY UPDATE: Add support for Spectre mitigations
- debian/patches/CVE-2017-5715-microcode*.patch: include x86 microcode
version in virsh capabilities and force update if the microcode
does not match.
- debian/patches/CVE-2017-5715-ibrs*.patch: add CPU features for
indirect branch prediction protection and add new *-IBRS CPU models.
- debian/control: add Breaks to get updated qemu with new CPU models.
- CVE-2017-5715
-- Marc Deslauriers <email address hidden> Thu, 01 Feb 2018 15:00:14 -0500
Available diffs
libvirt (1.2.2-0ubuntu13.1.25) trusty-security; urgency=medium
* SECURITY UPDATE: Add support for Spectre mitigations
- debian/patches/CVE-2017-5715-ibrs*.patch: add CPU features for
indirect branch prediction protection and add new *-IBRS CPU models.
- debian/control: add Breaks to get updated qemu with new CPU models.
- CVE-2017-5715
-- Marc Deslauriers <email address hidden> Thu, 01 Feb 2018 15:00:47 -0500
libvirt (4.0.0-1ubuntu1) bionic; urgency=medium
* Merged with Debian unstable (4.0)
This closes several bugs:
- Error generating apparmor profile when hostname contains spaces
(LP: #799997)
- qemu 2.10 locks files, libvirt shared now sets share-rw=on (LP: #1716028)
- libvirt usb passthrough throws apparmor denials related to
/run/udev/data/+usb (LP: #1727311)
- AppArmor denies access to /sys/block/*/queue/max_segments (LP: #1729626)
- iohelper improvements to let bypass-cache work without opening up the
apparmor isolation (LP: #1719579)
- nodeinfo on s390x to contain more CPU info (LP: #1733688)
- Upgrade libvirt >= 4.0 (LP: #1745934)
* Remaining changes:
- Disable libssh2 support (universe dependency)
- Disable firewalld support (universe dependency)
- Disable selinux
- Set qemu-group to kvm (for compat with older ubuntu)
- Additional apport package-hook
- Modifications to adapt for our delayed switch away from libvirt-bin (can
be dropped >18.04).
+ d/p/ubuntu/libvirtd-service-add-bin-alias.patch: systemd: define alias
to old service name so that old references work
+ d/p/ubuntu/libvirtd-init-add-bin-alias.patch: sysv init: define alias
to old service name so that old references work
+ d/control: transitional package with the old name and maintainer
scripts to handle the transition
- Backwards compatible handling of group rename (can be dropped >18.04).
- config details and autostart of default bridged network. Creating that is
now the default in general, yet our solution provides the following on
top as of today:
+ autostart the default network by default
+ do not autostart if subnet is already taken (e.g. in guests).
- d/p/ubuntu/Allow-libvirt-group-to-access-the-socket.patch: This is
the group based access to libvirt functions as it was used in Ubuntu
for quite long.
+ d/p/ubuntu/daemon-augeas-fix-expected.patch fix some related tests
due to the group access change.
- ubuntu/parallel-shutdown.patch: set parallel shutdown by default.
- d/p/ubuntu/enable-kvm-spice.patch: compat with older Ubuntu qemu/kvm
which provided a separate kvm-spice.
- d/p/ubuntu/ubuntu-libxl-qemu-path.patch: this change was split. The
section that adapts the path of the emulator to the Debian/Ubuntu
packaging is kept.
- d/p/ubuntu/ubuntu-libxl-Fix-up-VRAM-to-minimum-requirements.patch: auto
set VRAM to minimum requirements
- d/p/ubuntu/xen-default-uri.patch: set default URI on xen hosts
- Add libxl log directory
- libvirt-uri.sh: Automatically switch default libvirt URI for users on
Xen dom0 via user profile (was missing on changelogs before)
- d/p/ubuntu/apibuild-skip-libvirt-common.h: drop libvirt-common.h from
included_files to avoid build failures due to duplicate definitions.
- Update README.Debian with Ubuntu changes
- Convert libvirt0, libnss_libvirt and libvirt-dev to multi-arch.
- Enable some additional features on ppc64el and s390x (for arch parity)
+ systemtap, zfs, numa and numad on s390x.
+ systemtap on ppc64el.
- fix conffile upgrade handling to avoid obsolete files
and inactive duplicates (LP 1694159)
- d/t/control, d/t/smoke-qemu-session: fixup smoke-qemu-session by making
vmlinuz available and accessible (Debian bug 848314)
- d/test/smoke-lxc workaround for debbug 848317/867379
- d/t/control, d/t/smoke-lxc: fix up lxc smoke test (Debian bug 848317)
- Add dnsmasq configuration to work with system wide dnsmasq (drop >18.04,
no more UCA onto Xenial then which has global dnsmasq by default).
- d/p/ubuntu/ubuntu_machine_type.patch: accept ubuntu types as pci440fx
- conffile handling of files dropped in 3.5 (can be dropped >18.04)
+ /etc/init.d/virtlockd was sysv init only
+ /etc/apparmor.d/local/usr.sbin.libvirtd and
/etc/apparmor.d/local/usr.lib.libvirt.virt-aa-helper are now generated
by dh_apparmor as needed
- Reworked apparmor Delta, especially the more complex delta is dropped
now, also our former delta is now split into logical pieces, has
improved comments and is part of a continuous upstreaming effort.
Listing related remaining changes:
+ d/p/0001-apparmor-Allow-pygrub-to-run-on-Debian-Ubuntu.patch: apparmor:
Allow pygrub to run on Debian/Ubuntu
+ d/p/0003-apparmor-libvirt-qemu-Allow-read-access-to-overcommi.patch:
apparmor, libvirt-qemu: Allow read access to overcommit_memory
+ d/p/0007-apparmor-libvirt-qemu-Allow-owner-read-access-to-PRO.patch:
apparmor, libvirt-qemu: Allow owner read access to @{PROC}/*/auxv
+ d/p/0017-apparmor-virt-aa-helper-Allow-access-to-tmp-director.patch:
apparmor, virt-aa-helper: Allow access to tmp directories
+ d/p/ubuntu-aa/0020-virt-aa-helper-ubuntu-storage-paths.patch:
apparmor, virt-aa-helper: Allow various storage pools and image
locations
+ d/p/0021-apparmor-virt-aa-helper-Add-openvswitch-support.patch:
apparmor, virt-aa-helper: Add openvswitch support
+ d/p/0025-apparmor-fix-newer-virt-manager-1.4.0.patch: Add Apparmor
permissions so virt-manager 1.4.0 viewing works (LP 1668681).
+ d/p/0029-appmor-libvirt-qemu-Add-9p-support.patch: appmor,
libvirt-qemu: Add 9p support
+ d/p/0030-virt-aa-helper-Complete-9p-support.patch: virt-aa-helper:
add l to 9p file options.
+ d/p/0031-virt-aa-helper-Ask-for-no-deny-rule-for-readonly-dis.patch:
virt-aa-helper: Ask for no deny rule for readonly disk (renamed and
reworded, was virt-aa-helper-no-explicity-deny-for-basefiles.patch)
+ d/p/0032-apparmor-libvirt-qemu-Allow-reading-charm-specific-c.patch:
apparmor, libvirt-qemu: Allow reading charm-specific ceph config
+ d/p/0033-UBUNTU-only-apparmor-for-kvm.powerpc-LP-1680384.patch: allow
commands executed by ubuntu only kvm wrapper on ppc64el (LP 1686621).
+ d/p/0034-apparmor-virt-aa-helper-access-for-snapped-nova.patch:
apparmor, virt-aa-helper: access for snapped nova
* Dropped Changes (Upstream):
- d/p/0005-apparmor-libvirt-qemu-Allow-use-of-sgabios.patch: apparmor,
libvirt-qemu: Allow use of sgabios
- d/p/0006-apparmor-libvirt-qemu-Silence-lttng-related-deny-mes.patch:
apparmor, libvirt-qemu: Silence lttng related deny messages
- d/p/0008-apparmor-libvirt-qemu-Allow-read-access-to-sysfs-sys.patch:
apparmor, libvirt-qemu: Allow read access to sysfs system info
- d/p/0009-apparmor-libvirt-qemu-Allow-read-access-to-max_mem_r.patch:
apparmor, libvirt-qemu: Allow read access to max_mem_regions
- d/p/0010-apparmor-libvirt-qemu-Allow-qemu-block-extra-librari.patch:
apparmor, libvirt-qemu: Allow qemu-block-extra libraries
- d/p/0012-apparmor-libvirtd-Allow-access-to-netlink-sockets.patch:
apparmor, libvirtd: Allow access to netlink sockets
- d/p/0013-apparmor-Add-rules-for-mediation-support.patch:
apparmor: Add rules for mediation support
- d/p/0015-apparmor-virt-aa-helper-Allow-access-to-ecryptfs-fil.patch:
apparmor, virt-aa-helper: Allow access to ecryptfs files
- d/p/0016-apparmor-libvirtd-Allow-ixr-to-var-lib-libvirt-virtd.patch:
apparmor, libvirtd: Allow ixr to /var/lib/libvirt/virtd*
- d/p/0018-apparmor-virt-aa-helper-Add-ipv6-network-policy.patch:
apparmor, virt-aa-helper: Add ipv6 network policy
- d/p/0019-apparmor-virt-aa-helper-Allow-access-to-sys-bus-usb-.patch:
apparmor, virt-aa-helper: Allow access to /sys/bus/usb/devices
- d/p/0023-apparmor-qemu-won-t-call-qemu-nbd.patch: apparmor: qemu
won't call qemu-nbd
- d/p/0027-apparmor-allow-reading-cmdline-of-shutdown-signal.patch:
apparmor: allow to parse cmdline of the pid that send the shutdown
signal (LP 1680384).
- d/p/0028-apparmor-add-default-pki-path-of-lbvirt-spice.patch:
apparmor: add default pki path of lbvirt-spice (LP 1690140)
- d/p/ubuntu-aa/0035-virt-aa-helper-locking-disk-files-for-qemu-2.10.patch:
for compatibility with the behavior of qemu 2.10 this adds locking
permission to rules generated for disk files (LP 1709818)
- d/p/ubuntu-aa/0036-virt-aa-helper-locking-loader-nvram-for-qemu-2.10.patch:
for compatibility with the behavior of qemu 2.10 this adds locking
permission to rules generated for loader/nvram (LP 1710960)
- d/p/ubuntu-aa/0037-virt-aa-helper...: grant locking permission on append
files (LP 1726804)
- d/p/ubuntu-aa/0038-virt-aa-helper-fix-paths-for-usb-hostdevs.patch:
fix path generation for USB host devices (LP 1552241)
- d/p/ubuntu-aa/0039-virt-aa-helper-fix-libusb-access-to-udev-usb-data.patch:
generate valid rules on usb passthrough (LP 1686324)
- d/p/avoid-double-locking.patch: fix a deadlock that could occur when
libvirtd interactions raced with dbus causing a deadlock (LP 1714254).
- d/p/u/gnulib-getopt-posix-Fix-build-failure-when-using-ac_cv_head.patch:
fix FTBFS with glibc 2.26 (LP 1718668)
- Extended handling of apparmor profiles - clear lost profiles via cron
(now cleared by virt-aa-helper on domain stop)
- nat only on some ports <port start='1024' end='65535'/> (upstream
default now if nothing is specified, actually dropped last cycle)
* Dropped Changes (In Debian or no more important):
- d/p/0002-apparmor-libvirt-qemu-Allow-macvtap-access.patch: apparmor,
libvirt-qemu: Allow macvtap access
- d/p/0004-apparmor-Explicit-deny-for-setpcap.patch: apparmor: Explicit
deny for setpcap (LP 522845).
- d/p/0014-apparmor-virt-aa-helper-Improve-comment-about-backin.patch:
apparmor, virt-aa-helper: Improve comment about backing store
- d/p/0022-apparmor-drop-references-to-qemu-kvm.patch: apparmor: drop
references to qemu-kvm
- d/p/0024-apparmor-virt-aa-helper-Allow-access-to-name-service.patch:
apparmor, virt-aa-helper: Allow access to name services
- d/p/0026-apparmor-add-generic-base-vfio-device.patch: apparmor: add
/dev/vfio for vf (hot) attach (LP 1680384) (added by virt-aa-helper per
guest if needed).
- d/p/0011-apparmor-libvirt-qemu-Allow-access-to-hugepage-mount.patch:
apparmor, libvirt-qemu: Allow access to hugepage mounts
- Disable sheepdog (was for universe dependency, but is now only a suggest)
- d/p/ubuntu/storage-disable-gluster-test: gluster not enabled, skip test
* Dropped Changes (In Debian/Upstream now based on interim 3.10 work) some of
these were never released, but important to mention for the bug references:
- libnss-libvirt once enabled causes apt to call getdents
avoid this being an issue by dropping a apt conf that allows
this in seccomp (LP: #1732030).
- d/libvirt-daemon-system.postrm: clean up more libvirt directories on
purge
- d/p/ubuntu-aa/0041-apparmor-allow-unix-stream-for-p2p-migrations.patch:
apparmor: allow unix stream for p2p migrations
- d/p/ubuntu-aa/0043-security-apparmor-implement-domainSetPathLabel.patch:
this replaces the hugepage rules and fixes many more formerly missing
- d/p/ubuntu-aa/0044-security-full-path-option-for-DomainSetPathLabel.patch:
allowing to have path wildcards on labels set by domain callbacks
- d/p/ubuntu-aa/0045-security-apparmor-add-Set-Restore-ChardevLabel.patch:
apparmor implementation of security callback
- d/p/ubuntu-aa/0046-apparmor-virt-aa-helper-drop-static-channel-rule.patch:
this is now covered by chardev label callbacks
* Added Changes:
- Revert Debian change "Drop libvirt-bin upgrade handling"
This is needed in Ubuntu one last time (drop >18.04)
- Revert Debian change "Drop maintscript helpers for versions predating
jessie and wheezy-backports". This is needed in Ubuntu one last
time (drop >18.04)
- Refreshed d/p/* to match new version (only fuzz, no semantic change)
- d/libvirt-daemon-system.postrm: change order of libvirt-qemu removal
to avoid error messages on purge
- remove no more used libvirt-dnsmasq user (drop >18.04)
- d/p/ubuntu-aa/0040-apparmor-add-mediation-rules-for-unconfined.patch:
apparmor: add mediation rules for unconfined guests
- d/p/ubuntu-aa/0042-security-introduce-virSecurityManager-Set-Restore-Ch
.patch: backport upstream cahnge to expose already used chardev calls.
- d/libvirt-daemon-system.postrm: Remove the default.xml network link
set up by postinst.
- d/libvirt-daemon-system.maintscript: remove the now dropped conffile
/etc/cron.daily/libvirt-daemon-system
- d/libvirt-daemon-system.postinst: fixups for autostart default network
- use modern shell syntax
- try more default networks before giving up to enable by default
- d/p/ubuntu-aa/0020-virt-aa-helper-ubuntu-storage-paths.patch:
add multipass image path and mark as ubuntu only change.
- d/rules: install virtlockd correctly with defaults file (LP: #1729516)
- extended d/p/0025-apparmor-fix-newer-virt-manager-1.4.0.patch to cover
the slightly changed behavior of libvirt 4.0 (LP: #1741617)
- d/control: make libvirt-daemon-driver-storage-rbd a recommend instead of
just a suggest to have 3rd party relying on rbd out of the box working.
This is deprecated and users of rbd backend should start depending on
this package for it will be dropped to a suggest in future releases.
-- Christian Ehrhardt <email address hidden> Thu, 14 Dec 2017 14:15:55 +0100
Available diffs
- diff from 3.6.0-1ubuntu6 to 4.0.0-1ubuntu1 (19.7 MiB)
libvirt (1.3.1-1ubuntu10.15) xenial; urgency=medium
* d/p/storage-Don-t-pass-iso-format-to-qemu-img.patch: fix issues in virt
clone and other users of storage_utils functions by not passing
iso to qemu-img (LP: #1729858).
-- Christian Ehrhardt <email address hidden> Mon, 06 Nov 2017 16:36:11 +0100
Available diffs
libvirt (2.5.0-3ubuntu5.6) zesty; urgency=medium
* d/p/storage-Don-t-pass-iso-format-to-qemu-img.patch: fix issues in virt
clone and other users of storage_utils functions by not passing
iso to qemu-img (LP: #1729858).
-- Christian Ehrhardt <email address hidden> Mon, 06 Nov 2017 16:31:48 +0100
Available diffs
| Superseded in bionic-release |
| Superseded in artful-updates |
| Deleted in bionic-proposed (Reason: moved to release) |
| Deleted in artful-proposed (Reason: moved to -updates) |
libvirt (3.6.0-1ubuntu6) artful; urgency=medium
* d/p/ubuntu-aa/0037-virt-aa-helper...: grant locking permission on append
files (LP: #1726804)
* d/p/ubuntu-aa/0038-virt-aa-helper-fix-paths-for-usb-hostdevs.patch:
fix path generation for USB host devices (LP: #1552241)
* d/p/ubuntu-aa/0039-virt-aa-helper-fix-libusb-access-to-udev-usb-data.patch:
generate valid rules on usb passthrough (LP: #1686324)
-- Christian Ehrhardt <email address hidden> Tue, 24 Oct 2017 14:30:34 +0200
Available diffs
| Superseded in bionic-release |
| Obsolete in artful-release |
| Deleted in artful-proposed (Reason: moved to release) |
libvirt (3.6.0-1ubuntu5) artful; urgency=medium
* d/p/u/gnulib-getopt-posix-Fix-build-failure-when-using-ac_cv_head.patch:
fix FTBFS with glibc 2.26 (LP: #1718668)
-- Christian Ehrhardt <email address hidden> Thu, 28 Sep 2017 08:18:10 -0400
Available diffs
libvirt (1.2.2-0ubuntu13.1.23) trusty; urgency=medium
* d/libvirt-bin.init, d/libvirt-bin.upstart: fix waiting for the libvirt
socket (LP: #1571209)
- avoid timing out on slow systems (only stop when service is stopped)
- fix whitespace damage formerly added to d/libvirt-bin.init
- no more long sleep without announcing to log
- check socket and service status more often for lower latency on changes
- fix check if unix_sock_dir path is set in /etc/libvirt/libvirtd.conf
- fix the upstart service name that is checked
-- Christian Ehrhardt <email address hidden> Thu, 07 Sep 2017 14:22:45 +0200
Available diffs
libvirt (1.2.2-0ubuntu13.1.22) trusty; urgency=medium * fix guest channel support (LP: #1393842). - d/p/virt-aa-helper-add-trusty-guest-agent-rule.patch: add apparmor rule for channels within guest namespace. - d/libvirt-bin.postinst: create channel directories if needed. -- Christian Ehrhardt <email address hidden> Mon, 28 Aug 2017 12:14:08 +0200
Available diffs
libvirt (3.6.0-1ubuntu4) artful; urgency=medium
* d/p/avoid-double-locking.patch: fix a deadlock that could occur when
libvirtd interactions raced with dbus causing a deadlock (LP: #1714254).
-- Christian Ehrhardt <email address hidden> Fri, 01 Sep 2017 10:29:35 +0200
Available diffs
libvirt (3.6.0-1ubuntu3) artful; urgency=medium * No change rebuild for Qemu 2.10 and Xen 4.9 -- Christian Ehrhardt <email address hidden> Mon, 21 Aug 2017 10:34:13 +0200
Available diffs
- diff from 3.6.0-1ubuntu2 to 3.6.0-1ubuntu3 (356 bytes)
libvirt (3.6.0-1ubuntu2) artful; urgency=medium
* d/p/ubuntu-aa/0036-virt-aa-helper-locking-loader-nvram-for-qemu-2.10.patch:
for compatibility with the behavior of qemu 2.10 this adds locking
permission to rules generated for loader/nvram (LP: #1710960)
-- Christian Ehrhardt <email address hidden> Thu, 17 Aug 2017 10:00:19 +0200
Available diffs
libvirt (3.6.0-1ubuntu1) artful; urgency=medium
* Merged with Debian unstable (3.6)
This closes several bugs:
- aarch64: improved chardev handling (LP: #1697610)
- Forbid locking memory without memtune (LP: #1708305)
* Remaining changes:
- Disable sheepdog (universe dependency)
- Disable libssh2 support (universe dependency)
- Disable firewalld support (universe dependency)
- Disable selinux
- Set qemu-group to kvm (for compat with older ubuntu)
- Regularly clear AppArmor profiles for vms that no longer exist
- Additional apport package-hook
- Modifications to adapt for our delayed switch away from libvirt-bin (can
be dropped >18.04).
+ d/p/ubuntu/libvirtd-service-add-bin-alias.patch: systemd: define alias
to old service name so that old references work
+ d/p/ubuntu/libvirtd-init-add-bin-alias.patch: sysv init: define alias
to old service name so that old references work
+ d/control: transitional package with the old name and maintainer
scripts to handle the transition
- Backwards compatible handling of group rename (can be dropped >18.04).
- config details and autostart of default bridged network. Creating that is
now the default in general, yet our solution provides the following on
top as of today:
+ nat only on some ports <port start='1024' end='65535'/>
+ autostart the default network by default
+ do not autostart if 192.168.122.0 is already taken (e.g. in containers)
- d/p/ubuntu/Allow-libvirt-group-to-access-the-socket.patch: This is
the group based access to libvirt functions as it was used in Ubuntu
for quite long.
+ d/p/ubuntu/daemon-augeas-fix-expected.patch fix some related tests
due to the group access change.
- ubuntu/parallel-shutdown.patch: set parallel shutdown by default.
- d/p/ubuntu/enable-kvm-spice.patch: compat with older Ubuntu qemu/kvm
which provided a separate kvm-spice.
- d/p/ubuntu/storage-disable-gluster-test: gluster not enabled, skip test
- d/p/ubuntu/ubuntu-libxl-qemu-path.patch: this change was split. The
section that adapts the path of the emulator to the Debian/Ubuntu
packaging is kept.
- d/p/ubuntu/ubuntu-libxl-Fix-up-VRAM-to-minimum-requirements.patch: auto
set VRAM to minimum requirements
- d/p/ubuntu/xen-default-uri.patch: set default URI on xen hosts
- Add libxl log directory
- libvirt-uri.sh: Automatically switch default libvirt URI for users on
Xen dom0 via user profile (was missing on changelogs before)
- d/p/ubuntu/apibuild-skip-libvirt-common.h: drop libvirt-common.h from
included_files to avoid build failures due to duplicate definitions.
- Update README.Debian with Ubuntu changes
- Convert libvirt0, libnss_libvirt and libvirt-dev to multi-arch.
- Enable some additional features on ppc64el and s390x (for arch parity)
+ systemtap, zfs, numa and numad on s390x.
+ systemtap on ppc64el.
- fix conffile upgrade handling to avoid obsolete files
and inactive duplicates (LP 1694159)
- d/t/control, d/t/smoke-qemu-session: fixup smoke-qemu-session by making
vmlinuz available and accessible (Debian bug 848314)
- d/test/smoke-lxc workaround for debbug 848317/867379
- d/t/control, d/t/smoke-lxc: fix up lxc smoke test (Debian bug 848317)
- Extended handling of apparmor profiles - clear lost profiles via cron
- Add dnsmasq configuration to work with system wide dnsmasq (drop >18.04,
no more UCA onto Xenial then which has global dnsmasq by default).
- d/p/ubuntu/ubuntu_machine_type.patch: accept ubuntu types as pci440fx
- conffile handling of files dropped in 3.5 (can be dropped >18.04)
+ /etc/init.d/virtlockd was sysv init only
+ /etc/apparmor.d/local/usr.sbin.libvirtd and
/etc/apparmor.d/local/usr.lib.libvirt.virt-aa-helper are now generated
by dh_apparmor as needed
- Reworked apparmor Delta, especially the more complex delta is dropped
now, also our former delta is now split into logical pieces, has
improved comments and is part of a continuous upstreaming effort.
Listing related remaining changes:
+ d/p/0001-apparmor-Allow-pygrub-to-run-on-Debian-Ubuntu.patch: apparmor:
Allow pygrub to run on Debian/Ubuntu
+ d/p/0002-apparmor-libvirt-qemu-Allow-macvtap-access.patch: apparmor,
libvirt-qemu: Allow macvtap access
+ d/p/0003-apparmor-libvirt-qemu-Allow-read-access-to-overcommi.patch:
apparmor, libvirt-qemu: Allow read access to overcommit_memory
+ d/p/0004-apparmor-Explicit-deny-for-setpcap.patch: apparmor: Explicit
deny for setpcap
+ d/p/0005-apparmor-libvirt-qemu-Allow-use-of-sgabios.patch: apparmor,
libvirt-qemu: Allow use of sgabios
+ d/p/0006-apparmor-libvirt-qemu-Silence-lttng-related-deny-mes.patch:
apparmor, libvirt-qemu: Silence lttng related deny messages
+ d/p/0007-apparmor-libvirt-qemu-Allow-owner-read-access-to-PRO.patch:
apparmor, libvirt-qemu: Allow owner read access to @{PROC}/*/auxv
+ d/p/0008-apparmor-libvirt-qemu-Allow-read-access-to-sysfs-sys.patch:
apparmor, libvirt-qemu: Allow read access to sysfs system info
+ d/p/0009-apparmor-libvirt-qemu-Allow-read-access-to-max_mem_r.patch:
apparmor, libvirt-qemu: Allow read access to max_mem_regions
+ d/p/0010-apparmor-libvirt-qemu-Allow-qemu-block-extra-librari.patch:
apparmor, libvirt-qemu: Allow qemu-block-extra libraries
+ d/p/0011-apparmor-libvirt-qemu-Allow-access-to-hugepage-mount.patch:
apparmor, libvirt-qemu: Allow access to hugepage mounts
+ d/p/0012-apparmor-libvirtd-Allow-access-to-netlink-sockets.patch:
apparmor, libvirtd: Allow access to netlink sockets
+ d/p/0013-apparmor-Add-rules-for-mediation-support.patch:
apparmor: Add rules for mediation support
+ d/p/0014-apparmor-virt-aa-helper-Improve-comment-about-backin.patch:
apparmor, virt-aa-helper: Improve comment about backing store
+ d/p/0015-apparmor-virt-aa-helper-Allow-access-to-ecryptfs-fil.patch:
apparmor, virt-aa-helper: Allow access to ecryptfs files
+ d/p/0016-apparmor-libvirtd-Allow-ixr-to-var-lib-libvirt-virtd.patch:
apparmor, libvirtd: Allow ixr to /var/lib/libvirt/virtd*
+ d/p/0017-apparmor-virt-aa-helper-Allow-access-to-tmp-director.patch:
apparmor, virt-aa-helper: Allow access to tmp directories
+ d/p/0018-apparmor-virt-aa-helper-Add-ipv6-network-policy.patch:
apparmor, virt-aa-helper: Add ipv6 network policy
+ d/p/0019-apparmor-virt-aa-helper-Allow-access-to-sys-bus-usb-.patch:
apparmor, virt-aa-helper: Allow access to /sys/bus/usb/devices
+ d/p/0020-apparmor-virt-aa-helper-Allow-various-storage-pools-.patch:
apparmor, virt-aa-helper: Allow various storage pools and image
locations
+ d/p/0021-apparmor-virt-aa-helper-Add-openvswitch-support.patch:
apparmor, virt-aa-helper: Add openvswitch support
+ d/p/0022-apparmor-drop-references-to-qemu-kvm.patch: apparmor: drop
references to qemu-kvm
+ d/p/0023-apparmor-qemu-won-t-call-qemu-nbd.patch: apparmor: qemu
won't call qemu-nbd
+ d/p/0024-apparmor-virt-aa-helper-Allow-access-to-name-service.patch:
apparmor, virt-aa-helper: Allow access to name services
+ d/p/0025-apparmor-fix-newer-virt-manager-1.4.0.patch: Add Apparmor
permissions so virt-manager 1.4.0 viewing works (LP 1668681).
+ d/p/0026-apparmor-add-generic-base-vfio-device.patch: apparmor: add
/dev/vfio for vf (hot) attach (LP 1680384).
+ d/p/0027-apparmor-allow-reading-cmdline-of-shutdown-signal.patch:
apparmor: allow to parse cmdline of the pid that send the shutdown
signal (LP 1680384).
+ d/p/0028-apparmor-add-default-pki-path-of-lbvirt-spice.patch:
apparmor: add default pki path of lbvirt-spice (LP 1690140)
+ d/p/0029-appmor-libvirt-qemu-Add-9p-support.patch: appmor,
libvirt-qemu: Add 9p support
+ d/p/0030-virt-aa-helper-Complete-9p-support.patch: virt-aa-helper:
add l to 9p file options.
+ d/p/0031-virt-aa-helper-Ask-for-no-deny-rule-for-readonly-dis.patch:
virt-aa-helper: Ask for no deny rule for readonly disk (renamed and
reworded, was virt-aa-helper-no-explicity-deny-for-basefiles.patch)
+ d/p/0032-apparmor-libvirt-qemu-Allow-reading-charm-specific-c.patch:
apparmor, libvirt-qemu: Allow reading charm-specific ceph config
+ d/p/0033-UBUNTU-only-apparmor-for-kvm.powerpc-LP-1680384.patch: allow
commands executed by ubuntu only kvm wrapper on ppc64el (LP 1686621).
+ d/p/0034-apparmor-virt-aa-helper-access-for-snapped-nova.patch:
apparmor, virt-aa-helper: access for snapped nova
* Dropped Changes (Upstream):
- d/p/ubuntu/fix-libxl-default-driver-name.patch: avoid an issue with
default driver entries missing name='qemu'.
- d/p/u/aa-helper-Properly-link-with-storage-driver.patch (LP 1704782)
Fix to be able to follow BackinStorage chains when creating per
guest apparmor rules.
* Dropped Changes (In Debian):
- Enable esx support
+ Add build-dep to libcurl4-gnutls-dev (required for esx)
* Added Changes:
- d/p/ubuntu-aa/0035-virt-aa-helper-locking-disk-files-for-qemu-2.10.patch:
for compatibility with the behavior of qemu 2.10 this adds locking
permission to rules generated for disk files (LP: #1709818)
-- Christian Ehrhardt <email address hidden> Thu, 10 Aug 2017 12:44:47 +0200
Available diffs
libvirt (2.5.0-3ubuntu5.5) zesty; urgency=medium
* d/p/bug-1708305-qemu-Fix-memory-locking-limit-calculation.patch:
Remove memlock limit when using <memoryBacking><locked/>.
(LP: #1708305).
-- Jorge Niedbalski <email address hidden> Fri, 11 Aug 2017 00:34:01 -0400
Available diffs
libvirt (1.3.1-1ubuntu10.14) xenial; urgency=medium
* d/p/bug-1708305-qemu-Fix-memory-locking-limit-calculation.patch:
Remove memlock limit when using <memoryBacking><locked/>.
(LP: #1708305).
-- Jorge Niedbalski <email address hidden> Thu, 10 Aug 2017 22:50:46 -0400
Available diffs
libvirt (1.3.1-1ubuntu10.13) xenial; urgency=medium
* d/libvirt-bin.postinst: call apparmor_parser with options to
ignore the apparmor cache and rebuild it, otherwise old apparmor
rules are used and this might break upgrades (LP: #1707400)
-- Andreas Hasenack <email address hidden> Tue, 01 Aug 2017 10:50:20 -0300
Available diffs
libvirt (1.2.2-0ubuntu13.1.21) trusty; urgency=medium
* d/libvirt-bin.postinst: call apparmor_parser with options to
ignore the apparmor cache and rebuild it, otherwise old apparmor
rules are used and this might break upgrades (LP: #1707400)
-- Andreas Hasenack <email address hidden> Tue, 01 Aug 2017 11:58:38 -0300
Available diffs
libvirt (2.5.0-3ubuntu5.4) zesty; urgency=medium
* d/p/ubuntu/bug-1705132-* qemu: Adaptive timeout for connecting to
monitor (LP: #1705132)
- includes backports that make backing off on timeouts exponentially
but cap the exponential increase on 1s.
-- Christian Ehrhardt <email address hidden> Thu, 20 Jul 2017 13:06:02 +0200
Available diffs
libvirt (1.3.1-1ubuntu10.12) xenial; urgency=medium
* d/p/ubuntu/bug-1705132-* qemu: Adaptive timeout for connecting to
monitor (LP: #1705132)
- includes backports that make backing off on timeouts exponentially
but cap the exponential increase on 1s.
-- Christian Ehrhardt <email address hidden> Wed, 19 Jul 2017 08:28:14 +0200
Available diffs
libvirt (3.5.0-1ubuntu3) artful; urgency=medium
* Refresh changes to match they way they were accepted upstream
- d/p/u/aa-helper-Properly-link-with-storage-driver.patch add commit
reference now that it is in git.
- d/p/u/fix-libxl-default-driver-name.patch: instead of addin the
name this is now fixed by relaxing the schema.
-- Christian Ehrhardt <email address hidden> Wed, 19 Jul 2017 12:48:39 +0200
Available diffs
libvirt (3.5.0-1ubuntu2) artful; urgency=medium * d/p/u/aa-helper-Properly-link-with-storage-driver.patch (LP: #1704782) Fix to be able to follow BackinStorage chains when creating per guest apparmor rules. -- Christian Ehrhardt <email address hidden> Tue, 18 Jul 2017 16:34:57 +0200
Available diffs
libvirt (3.5.0-1ubuntu1) artful; urgency=medium
* Merged with Debian unstable (3.5)
This closes several bugs:
- improved handling of host-model since libvirt 3.2 (LP: #1673467)
- Adding POWER9 cpu model to cpu_map.xml (LP: #1690209)
* Remaining changes:
- Disable sheepdog (universe dependency)
- Disable libssh2 support (universe dependency)
- Disable firewalld support (universe dependency)
- Disable selinux
- Enable esx support
+ Add build-dep to libcurl4-gnutls-dev (required for esx)
- Set qemu-group to kvm (for compat with older ubuntu)
- Regularly clear AppArmor profiles for vms that no longer exist
- Additional apport package-hook
- Modifications to adapt for our delayed switch away from libvirt-bin (can
be dropped >18.04).
+ d/p/ubuntu/libvirtd-service-add-bin-alias.patch: systemd: define alias
to old service name so that old references work
+ d/p/ubuntu/libvirtd-init-add-bin-alias.patch: sysv init: define alias
to old service name so that old references work
+ d/control: transitional package with the old name and maintainer
scripts to handle the transition
- Backwards compatible handling of group rename (can be dropped >18.04).
- config details and autostart of default bridged network. Creating that is
now the default in general, yet our solution provides the following on
top as of today:
+ nat only on some ports <port start='1024' end='65535'/>
+ autostart the default network by default
+ do not autostart if 192.168.122.0 is already taken (e.g. in containers)
- d/p/ubuntu/Allow-libvirt-group-to-access-the-socket.patch: This is
the group based access to libvirt functions as it was used in Ubuntu
for quite long.
+ d/p/ubuntu/daemon-augeas-fix-expected.patch fix some related tests
due to the group access change.
- ubuntu/parallel-shutdown.patch: set parallel shutdown by default.
- d/p/ubuntu/enable-kvm-spice.patch: compat with older Ubuntu qemu/kvm
which provided a separate kvm-spice.
- d/p/ubuntu/storage-disable-gluster-test: gluster not enabled, skip test
- d/p/ubuntu/ubuntu-libxl-qemu-path.patch: this change was split. The
section that adapts the path of the emulator to the Debian/Ubuntu
packaging is kept.
- d/p/ubuntu/ubuntu-libxl-Fix-up-VRAM-to-minimum-requirements.patch: auto
set VRAM to minimum requirements
- d/p/ubuntu/xen-default-uri.patch: set default URI on xen hosts
- Add libxl log directory
- libvirt-uri.sh: Automatically switch default libvirt URI for users on
Xen dom0 via user profile (was missing on changelogs before)
- d/p/ubuntu/apibuild-skip-libvirt-common.h: drop libvirt-common.h from
included_files to avoid build failures due to duplicate definitions.
- Update README.Debian with Ubuntu changes
- Convert libvirt0, libnss_libvirt and libvirt-dev to multi-arch.
- Enable some additional features on ppc64el and s390x (for arch parity)
+ systemtap, zfs, numa and numad on s390x.
+ systemtap on ppc64el.
- fix conffile upgrade handling to avoid obsolete files
and inactive duplicates (LP 1694159)
- d/t/control, d/t/smoke-qemu-session: fixup smoke-qemu-session by making
vmlinuz available and accessible (Debian bug 848314)
- d/t/control, d/t/smoke-lxc: fix up lxc smoke test (Debian bug 848317)
- Extended handling of apparmor profiles - clear lost profiles via cron
- Add dnsmasq configuration to work with system wide dnsmasq (drop >18.04,
no more UCA onto Xenial then which has global dnsmasq by default).
- Reworked apparmor Delta, especially the more complex delta is dropped
now, also our former delta is now split into logical pieces, has
improved comments and is part of a continuous upstreaming effort.
Listing related remaining changes:
+ d/p/0001-apparmor-Allow-pygrub-to-run-on-Debian-Ubuntu.patch: apparmor:
Allow pygrub to run on Debian/Ubuntu
+ d/p/0002-apparmor-libvirt-qemu-Allow-macvtap-access.patch: apparmor,
libvirt-qemu: Allow macvtap access
+ d/p/0003-apparmor-libvirt-qemu-Allow-read-access-to-overcommi.patch:
apparmor, libvirt-qemu: Allow read access to overcommit_memory
+ d/p/0004-apparmor-Explicit-deny-for-setpcap.patch: apparmor: Explicit
deny for setpcap
+ d/p/0005-apparmor-libvirt-qemu-Allow-use-of-sgabios.patch: apparmor,
libvirt-qemu: Allow use of sgabios
+ d/p/0006-apparmor-libvirt-qemu-Silence-lttng-related-deny-mes.patch:
apparmor, libvirt-qemu: Silence lttng related deny messages
+ d/p/0007-apparmor-libvirt-qemu-Allow-owner-read-access-to-PRO.patch:
apparmor, libvirt-qemu: Allow owner read access to @{PROC}/*/auxv
+ d/p/0008-apparmor-libvirt-qemu-Allow-read-access-to-sysfs-sys.patch:
apparmor, libvirt-qemu: Allow read access to sysfs system info
+ d/p/0009-apparmor-libvirt-qemu-Allow-read-access-to-max_mem_r.patch:
apparmor, libvirt-qemu: Allow read access to max_mem_regions
+ d/p/0010-apparmor-libvirt-qemu-Allow-qemu-block-extra-librari.patch:
apparmor, libvirt-qemu: Allow qemu-block-extra libraries
+ d/p/0011-apparmor-libvirt-qemu-Allow-access-to-hugepage-mount.patch:
apparmor, libvirt-qemu: Allow access to hugepage mounts
+ d/p/0012-apparmor-libvirtd-Allow-access-to-netlink-sockets.patch:
apparmor, libvirtd: Allow access to netlink sockets
+ d/p/0013-apparmor-Add-rules-for-mediation-support.patch:
apparmor: Add rules for mediation support
+ d/p/0014-apparmor-virt-aa-helper-Improve-comment-about-backin.patch:
apparmor, virt-aa-helper: Improve comment about backing store
+ d/p/0015-apparmor-virt-aa-helper-Allow-access-to-ecryptfs-fil.patch:
apparmor, virt-aa-helper: Allow access to ecryptfs files
+ d/p/0016-apparmor-libvirtd-Allow-ixr-to-var-lib-libvirt-virtd.patch:
apparmor, libvirtd: Allow ixr to /var/lib/libvirt/virtd*
+ d/p/0017-apparmor-virt-aa-helper-Allow-access-to-tmp-director.patch:
apparmor, virt-aa-helper: Allow access to tmp directories
+ d/p/0018-apparmor-virt-aa-helper-Add-ipv6-network-policy.patch:
apparmor, virt-aa-helper: Add ipv6 network policy
+ d/p/0019-apparmor-virt-aa-helper-Allow-access-to-sys-bus-usb-.patch:
apparmor, virt-aa-helper: Allow access to /sys/bus/usb/devices
+ d/p/0020-apparmor-virt-aa-helper-Allow-various-storage-pools-.patch:
apparmor, virt-aa-helper: Allow various storage pools and image
locations
+ d/p/0021-apparmor-virt-aa-helper-Add-openvswitch-support.patch:
apparmor, virt-aa-helper: Add openvswitch support
+ d/p/0022-apparmor-drop-references-to-qemu-kvm.patch: apparmor: drop
references to qemu-kvm
+ d/p/0023-apparmor-qemu-won-t-call-qemu-nbd.patch: apparmor: qemu
won't call qemu-nbd
+ d/p/0024-apparmor-virt-aa-helper-Allow-access-to-name-service.patch:
apparmor, virt-aa-helper: Allow access to name services
+ d/p/0025-apparmor-fix-newer-virt-manager-1.4.0.patch: Add Apparmor
permissions so virt-manager 1.4.0 viewing works (LP 1668681).
+ d/p/0026-apparmor-add-generic-base-vfio-device.patch: apparmor: add
/dev/vfio for vf (hot) attach (LP 1680384).
+ d/p/0027-apparmor-allow-reading-cmdline-of-shutdown-signal.patch:
apparmor: allow to parse cmdline of the pid that send the shutdown
signal (LP 1680384).
+ (28 is a new patch, listed in added changes)
+ d/p/0029-appmor-libvirt-qemu-Add-9p-support.patch: appmor,
libvirt-qemu: Add 9p support
+ d/p/0030-virt-aa-helper-Complete-9p-support.patch: virt-aa-helper:
add l to 9p file options.
+ d/p/0031-virt-aa-helper-Ask-for-no-deny-rule-for-readonly-dis.patch:
virt-aa-helper: Ask for no deny rule for readonly disk (renamed and
reworded, was virt-aa-helper-no-explicity-deny-for-basefiles.patch)
+ d/p/0032-apparmor-libvirt-qemu-Allow-reading-charm-specific-c.patch:
apparmor, libvirt-qemu: Allow reading charm-specific ceph config
+ d/p/0033-UBUNTU-only-apparmor-for-kvm.powerpc-LP-1680384.patch: allow
commands executed by ubuntu only kvm wrapper on ppc64el (LP 1686621).
+ d/p/0034-apparmor-virt-aa-helper-access-for-snapped-nova.patch:
apparmor, virt-aa-helper: access for snapped nova
- remaining but updated to match the latest release
+ d/p/Disable-use-of-namespaces-by-default.patch (Debian change)
+ d/p/Reduce-udevadm-settle-timeout-to-10-seconds.patch (Debian change)
+ d/p/debian/apparmor_profiles_local_include.patch Include local
apparmor profile (Debian change)
+ d/p/ubuntu/ubuntu_machine_type.patch: accept ubuntu types as pci440fx
+ d/test/smoke-lxc workaround for debbug 848317/867379
* Dropped Changes (Upstream):
- Add missing apparmor rule for debug-threads feature (LP 1615550).
- Add new block device types to virt-aa-helpers profile (LP 1641618)
- d/p/ubuntu/storage-default-permission-mode-to-0711: safer default perms
for storage dirs like /var/lib/libvirt/images.
- d/p/ubuntu/libvirtd-service-nolimit.patch: remove proc/file/task limits
to support huge systems.
- d/p/ubuntu/libvirtd-service-set-notifyaccess.patch: set NotifyAccess=all
in libvirtd.service (-d not allowed to be specified, everything else
upstream so drop delta; LP 1574566).
- d/p/ubuntu/qemu_process-spice-don-t-release-used-port.patch: qemu_process
spice: don't release used port (LP 1697729).
- d/p/ubuntu/virsh-maxvcpu-fall-back-to-old-command.patch: virsh: maxvcpus:
Always fall back to the old command if domain caps fail (LP 1674298)
- d/p/ubuntu/qemu-Allow-empty-script-path-to-interface.patch: in the past
it was possible to have <script path=''/> which now fails - fix to match
the old behavior (LP 1665698)
- Reworked apparmor Delta and started upstreaming, listing related
changes dropped:
+ Apparmor feature parsing to depend on new apparmor features which
appear in different versions across distributions (no more needed
>=Xenial, allows to now separate changes and upstream more easily).
+ d/p/ubuntu/Ensure-disk-names-follow-the-disk-name-regex.patch:
guarantee disk spec is following the defined regex (LP 1665410).
+ d/p/ubuntu/virt-aa-helper-add-guest-agent-rule.patch: add
virt-aa-helper rule allowing all private channel access.
+ d/p/ubuntu/virt-aa-helper-apparmor-allow-usr-share-AAVMF-too.patch:
virt-aa-helper to allow access to aarch64 UEFI images.
+ d/rules, apparmor: include and install local apparmor profiles (This
is now done by dh_apparmor automatically)
+ add local apparmor override templates (provided by dh_apparmor now)
+ Fix name resolution calls from virt-aa-helper profile (LP 1546674).
+ virt-aa-helper, apparmor: allow /usr/share/OVMF/ too
+ virt-aa-helper: Generalize test for firmware paths
+ apparmor, virt-aa-helper: Allow aarch64 UEFI.
+ apparmor, libvirt-qemu: Add ppc64el related changes
+ apparmor, libvirtd: Allow libxl-save-helper to run on Debian/Ubuntu
+ apparmor, libvirt-qemu: Allow access to ceph config
+ apparmor, libvirt-qemu: Allow access to certificates used by libvirt-vnc
+ apparmor, virt-aa-helper: Explicit denies for host devices
+ apparmor, virt-aa-helper: Allow access to libnl-3 config files
+ apparmor, libvirt-qemu: allow access to pt_chown for pty consoles
* Dropped Changes (In Debian):
- d/rules: debhelper start virtlogd.socket
- d/p/ubuntu/Debianize-virtlogd-service.patch: Adapt config file location
for Debian based systems.
- Additional debian/bug-presubj
- Extended handling of apparmor profiles - reload and remove in maintainer
scripts (dh_apparmor* now generate these snippets)
* Dropped Changes (no SysV anymore):
- Add sysvinit script for virtlockd
- Wait on socket in sysvinit script
- d/rules: dh_installinit virtlockd (was part of "Cleanup systemd
debhelper"
- d/p/ubuntu/Debianize-virtlockd-init.patch: Fix default config path in
virtlockd.init for Debian based systems.
* Dropped Changes (other reasons):
- d/p/ubuntu/dnsmasq-as-priv-user: configuration to run as extra user
This used group libvirt instead of nobody which makes it worse; Needs
to be fixed upstream (LP: #1690729).
+ d/p/ubuntu/disable-network-test.patch: disable test failing due to
dnsmasq changes.
- Add .gitignore for .pc
- we keep lxc support as Debian does, but stop adding delta. It feels
somewhat less maintained than e.g. libvirt for qemu. Also for secure
and comfortable container management lxd is clearly preferred. The
delta caused more issues than it solved so deliver libvirt-lxc as-is
and drop the related delta.
+ d/p/ubuntu/9031-enable-lxc-apparmor: enable apparmor confinement of
containers by default.
+ d/p/ubuntu/9032-lxc-allow-no-security-driver: allow empty sec driver
for libvirt-lxc.
- The following xen changes are no more required with current versions
+ d/p/ubuntu/ubuntu-libxl-hvmloader-path.patch: Fallback for libxl
xen paths (LP 1459603)
+ d/p/ubuntu/ubuntu-libxl-qemu-path.patch: this change was split. The
section about compat to the very old qemu-dm name is no more needed.
+ d/p/ubuntu/libxl-fix-test-data.patch and
d/p/ubuntu/fix-xen-xml-in-tests.patch: updated and unified into the
former one + also updated the maintainer notes to ease updating.
+ d/p/ubuntu/libxl-no-dm-check.patch: Stop calling emulator to identify
device-model
* Added Changes:
- d/p/0028-apparmor-add-default-pki-path-of-lbvirt-spice.patch:
apparmor: add default pki path of lbvirt-spice (LP: #1690140)
- conffile handling of files dropped in 3.5 (can be dropped >18.04)
+ /etc/init.d/virtlockd was sysv init only
+ /etc/apparmor.d/local/usr.sbin.libvirtd and
/etc/apparmor.d/local/usr.lib.libvirt.virt-aa-helper are now generated
by dh_apparmor as needed
- d/p/ubuntu/fix-libxl-default-driver-name.patch: avoid an issue with
default driver entries missing name='qemu'.
-- Christian Ehrhardt <email address hidden> Thu, 06 Jul 2017 15:43:17 +0200
Available diffs
- diff from 2.5.0-3ubuntu11 to 3.5.0-1ubuntu1 (21.2 MiB)
libvirt (1.3.1-1ubuntu10.11) xenial; urgency=medium
* d/apparmor/usr.lib.libvirt.virt-aa-helper: Allow access to base
images and snapshots stored in nova-hypervisor snap's $SNAP_COMMON
directory, enabling use of the libvirt deb from the nova-hypervisor
snap (LP: #1644507).
-- Corey Bryant <email address hidden> Thu, 22 Jun 2017 14:43:11 -0400
Available diffs
libvirt (2.5.0-3ubuntu11) artful; urgency=medium
* d/p/ubuntu/0004-apparmor-apply-ubuntu-delta.patch: Adjust to also allow
access to snapshots in nova-hypervisor snap's $SNAP_COMMON directory
(LP: #1644507).
-- Corey Bryant <email address hidden> Wed, 05 Jul 2017 13:55:19 -0400
Available diffs
- diff from 2.5.0-3ubuntu10 to 2.5.0-3ubuntu11 (675 bytes)
libvirt (2.5.0-3ubuntu5.3) zesty; urgency=medium
* d/p/ubuntu/0004-apparmor-apply-ubuntu-delta.patch: Allow access to base
images and snapshots stored in nova-hypervisor snap's $SNAP_COMMON
directory, enabling use of the libvirt deb from the nova-hypervisor
snap (LP: #1644507).
-- Corey Bryant <email address hidden> Thu, 22 Jun 2017 14:39:39 -0400
Available diffs
libvirt (2.5.0-3ubuntu10) artful; urgency=medium
* d/p/ubuntu/0004-apparmor-apply-ubuntu-delta.patch: Allow access to base
images stored in nova-hypervisor snap's $SNAP_COMMON directory, enabling
use of the libvirt deb from the nova-hypervisor snap (LP: #1644507).
-- Corey Bryant <email address hidden> Thu, 22 Jun 2017 14:29:39 -0400
Available diffs
libvirt (2.5.0-3ubuntu5.2) zesty; urgency=medium
* d/p/ubuntu/qemu_process-spice-don-t-release-used-port.patch: qemu_process
spice: don't release used port (LP: #1697729) - upstream in libvirt 3.1.
-- Christian Ehrhardt <email address hidden> Mon, 19 Jun 2017 07:52:32 +0200
libvirt (2.5.0-3ubuntu9) artful; urgency=medium
* d/p/ubuntu/qemu_process-spice-don-t-release-used-port.patch: qemu_process
spice: don't release used port (LP: #1697729) - upstream in libvirt 3.1.
-- Christian Ehrhardt <email address hidden> Wed, 14 Jun 2017 14:49:16 +0200
Available diffs
| 151 → 225 of 750 results | First • Previous • Next • Last |
