Change log for libvirt package in Ubuntu
151 → 225 of 750 results | First • Previous • Next • Last |
libvirt (4.6.0-2ubuntu3.4) cosmic-security; urgency=medium * SECURITY UPDATE: NULL pointer dereference in qemuAgentGetInterfaces - debian/patches/CVE-2019-3840.patch: require a reply in src/qemu/qemu_agent.c. - CVE-2019-3840 -- Marc Deslauriers <email address hidden> Wed, 13 Mar 2019 08:07:59 -0400
Available diffs
Superseded in eoan-release |
Obsolete in disco-release |
Deleted in disco-proposed (Reason: moved to release) |
libvirt (5.0.0-1ubuntu2) disco; urgency=medium * Implement further apparmor rules for usage of gl enabled graphics (LP: #1815452) - d/p/ubuntu-aa/lp-1815452-more-gl-rules.patch - d/p/ubuntu-aa/lp-1815452-virt-aa-helper-rule.patch * Implement further apparmor rules for usage of gl enabled graphics with nvidia cards (LP: #1817943) - d/p/ubuntu-aa/lp-1817943-nvidia-gl-rules.patch - d/p/ubuntu-aa/lp-1817943-devices-in-sysfs.patch * d/p/ubuntu-aa/lp-1804766-*: updated to the upstream accepted version (no functional change, LP: 1804766) -- Christian Ehrhardt <email address hidden> Tue, 12 Feb 2019 11:27:14 +0100
Available diffs
libvirt (4.6.0-2ubuntu3.3) cosmic; urgency=medium * d/p/ubuntu/lp-1811198-utils-Remove-arbitrary-limit-on-socket_id-core_id .patch: fix arm servers with high core_id (LP: #1811198) * d/p/ubuntu/lp-1771662-*: fix assumption that all VFs have PFs assigned (LP: #1771662) -- Christian Ehrhardt <email address hidden> Thu, 31 Jan 2019 12:29:37 +0100
Available diffs
libvirt (4.0.0-1ubuntu8.7) bionic; urgency=medium * d/p/ubuntu/lp-1811198-utils-Remove-arbitrary-limit-on-socket_id-core_id .patch: fix arm servers with high core_id (LP: #1811198) * d/p/ubuntu/lp-1771662-*: fix assumption that all VFs have PFs assigned (LP: #1771662) -- Christian Ehrhardt <email address hidden> Thu, 31 Jan 2019 12:45:18 +0100
Available diffs
libvirt (5.0.0-1ubuntu1) disco; urgency=medium * Merged with Debian unstable Among many other new features and fixes this includes fixes for: LP: #1754871 - 1799446 zPCI passthrough support for KVM LP: #1811198 - remove arbitrary limit on socket_id/core_id Remaining changes: - Disable libssh2 support (universe dependency) - Disable firewalld support (universe dependency) - Set qemu-group to kvm (for compat with older ubuntu) - Additional apport package-hook - Autostart default bridged network (As upstream does, but not Debian). In addition to just enabling it our solution provides: + do not autostart if subnet is already taken (e.g. in guests). + iterate some alternative subnets before giving up - d/p/ubuntu/Allow-libvirt-group-to-access-the-socket.patch: This is the group based access to libvirt functions as it was used in Ubuntu for quite long. + d/p/ubuntu/daemon-augeas-fix-expected.patch fix some related tests due to the group access change. + d/libvirt-daemon-system.postinst: add users in sudo to the libvirt group. - ubuntu/parallel-shutdown.patch: set parallel shutdown by default. - Update Vcs-Git and Vcs-Browser fields to point to launchpad - Xen related - d/p/ubuntu/ubuntu-libxl-qemu-path.patch: this change was split. The section that adapts the path of the emulator to the Debian/Ubuntu packaging is kept. - d/p/ubuntu/ubuntu-libxl-Fix-up-VRAM-to-minimum-requirements.patch: auto set VRAM to minimum requirements - d/p/ubuntu/xen-default-uri.patch: set default URI on xen hosts - Add libxl log directory - libvirt-uri.sh: Automatically switch default libvirt URI for users on Xen dom0 via user profile (was missing on changelogs before) - d/p/ubuntu/apibuild-skip-libvirt-common.h: drop libvirt-common.h from included_files to avoid build failures due to duplicate definitions. - Update README.Debian with Ubuntu changes - Enable some additional features on ppc64el and s390x (for arch parity) + systemtap, zfs, numa and numad on s390x. + systemtap on ppc64el. - d/t/control, d/t/smoke-qemu-session: fixup smoke-qemu-session by making vmlinuz available and accessible (Debian bug 848314) - d/t/control, d/t/smoke-lxc: fix up lxc smoke test isolation - d/p/ubuntu/ubuntu_machine_type.patch: accept ubuntu types as pci440fx - Further upstreamed apparmor Delta, especially any new one Our former delta is split into logical pieces and is either Ubuntu only or is part of a continuous upstreaming effort. Listing related remaining changes in debian/patches/ubuntu-aa/: + 0001-apparmor-Allow-pygrub-to-run-on-Debian-Ubuntu.patch: apparmor: Allow pygrub to run on Debian/Ubuntu + 0003-apparmor-libvirt-qemu-Allow-read-access-to-overcommi.patch: apparmor, libvirt-qemu: Allow read access to overcommit_memory + 0007-apparmor-libvirt-qemu-Allow-owner-read-access-to-PRO.patch: apparmor, libvirt-qemu: Allow owner read access to @{PROC}/*/auxv + 0017-apparmor-virt-aa-helper-Allow-access-to-tmp-director.patch: apparmor, virt-aa-helper: Allow access to tmp directories + ubuntu-aa/0020-virt-aa-helper-ubuntu-storage-paths.patch: apparmor, virt-aa-helper: Allow various storage pools and image locations + 0021-apparmor-virt-aa-helper-Add-openvswitch-support.patch: apparmor, virt-aa-helper: Add openvswitch support + 0029-appmor-libvirt-qemu-Add-9p-support.patch: appmor, libvirt-qemu: Add 9p support + 0030-virt-aa-helper-Complete-9p-support.patch: virt-aa-helper: add l to 9p file options. + 0031-virt-aa-helper-Ask-for-no-deny-rule-for-readonly-dis.patch: virt-aa-helper: Ask for no deny rule for readonly disk (renamed and reworded, was virt-aa-helper-no-explicity-deny-for-basefiles.patch) + 0032-apparmor-libvirt-qemu-Allow-reading-charm-specific-c.patch: apparmor, libvirt-qemu: Allow reading charm-specific ceph config + 0033-UBUNTU-only-apparmor-for-kvm.powerpc-LP-1680384.patch: allow commands executed by ubuntu only kvm wrapper on ppc64el (LP 1686621 LP 1680384 LP 1784023) + 0034-apparmor-virt-aa-helper-access-for-snapped-nova.patch: apparmor, virt-aa-helper: access for snapped nova + d/p/ubuntu-aa/0050-local-include-for-libvirt-qemu.patch, d/libvirt-daemon-system.postinst: provide a local apparmor include for abstraction/libvirt-qemu (LP: 1786019) - d/rules: enable build time self tests on all architectures - dnsmasq related enhancements + run dnsmasq as libvirt-dnsmasq (LP: 1743718) + d/libvirt-daemon-system.postinst: add libvirt-dnsmasq user and group + d/libvirt-daemon-system.postrm: remove libvirt-dnsmasq user and group on purge + d/p/ubuntu/dnsmasq-as-priv-user: write dnsmasq config with user libvirt-dnsmasq and adapt the self tests to expect that config + d/libvirt-daemon-system.postinst: fix old libvirt-dnsmasq users group + Add dnsmasq configuration to work with system wide dnsmasq-base - debian/rules: disable the netcf backend. (LP: 1764314) - debian/control: drop libnetcf from Build-Depends. - debian/patches/ubuntu/ovmf_paths.patch: adjust paths to secboot.fd UEFI Secure Boot enabled variants of the OVMF firmware and variable store for the paths where we ship these files in Ubuntu. - d/rules: install virtlockd correctly with defaults file (LP: 1729516) - avoid service dependency issues on upgrade (LP: 1786179) This will in the long term be resolved in dh_* tools, but to let an upgrade work for now we need to drop the sysV scripts (which we don't use anyway) and slightly modify the systemd service to work with todays dh_systemd_start properly. Can be dropped once Debian bug 905772 is resolved in dh_* tools and libvirt uses those new code. - d/libvirt-daemon-system.virtlogd.init: removed sysV init file - d/libvirt-daemon-system.libvirtd.init: removed sysV init file - debian/libvirt-daemon-system.maintscript: rm_conffile for virtlogd and lbivirtd sysV init file - d/p/ubuntu/avoid-restarting-virtlog-socket.patch: drop Also references to virtlogd/virtlockd sockets as they would imply a restart of virtlogd breaking it. - d/t/smoke-lxc: use systemd instead of sysV to restart the service * Added Changes: - Refresh d/p/ubuntu/ubuntu-libxl-qemu-path.patch for new context - d/rules: also check build time self test results on all architectures - d/rules: strip -Bsymbolic-functions from linker flags as it breaks libvirt tests - d/p/ubuntu/set-default-machine-to-ubuntu.patch: to select default machine type correctly with newer qemu/libvirt - d/p/ubuntu-aa/lp-1804766-*: Allow rendering node access as needed for the ease use of mdev and gl devices (LP: #1804766) - refreshed d/p/ubuntu-aa for updated paths in libvirt 5.0 - d/t/control: fix smoke-qemu-session by ensuring the service will run installing libvirt-daemon-system - d/t/smoke-lxc: fix smoke-lxc by ignoring potential issues on destroy as long as the following undefine succeeds - d/p/ubuntu/lp-1771662-*: fix handling of VFs without associated PF (LP: #1771662) * Dropped Changes (upstream) - debian/patches/ubuntu/lp1787405-*: Support guest dedicated Crypto Adapters on s390x (LP: 1787405) - d/p/ubuntu/lp-1802727-netdevbridge-fall-back-to-ioctl-from-sysfs.patch: fix libvirt bridge handling in unprivileged containers (LP: 1802906) - d/p/ubuntu-aa/lp-1788603-fix-ptrace-rules-with-kernel-4.18.patch: avoid issues with newer kernels >=4.18 (LP: 1788603) - Fix an issue where guests with plenty of hostdevs attached where detected as not shut down due to the kernel needing more time to free up resources (LP: 1788226) - d/p/ubuntu/lp-1788226-wait-longer-5-30s-on-hard-shutdown.patch - d/p/ubuntu/lp-1788226-wait-longer-on-kill-per-assigned-Hostdev.patch - 0025-apparmor-fix-newer-virt-manager-1.4.0.patch: Add Apparmor permissions so virt-manager 1.4.0 viewing works (LP 1668681 1747442). - 0040-apparmor-add-mediation-rules-for-unconfined.patch: apparmor: add mediation rules for unconfined guests - d/p/ubuntu-aa/0051-allow-user-tmp.patch: some features need tmp, but we don't want blanket access. We only allow enumerating the base dir and reading owned files. Further features needing /tmp have to add local overrides, examples are qemu-smb and some modes of local snapshots. (LP: 1365261) Can be dropped >=libvirt 4.7 - d/p/ubuntu-aa/0052-allow-to-preserve-dev-mountpoints.patch: Allow to preserve /dev mountpoints in qemu namespaces (LP: 1786168) Can be dropped >=libvirt 4.7 - d/p/ubuntu/enable-kvm-spice.patch: compat with older Ubuntu qemu/kvm which provided a separate kvm-spice. Upstream completely dropped alternative types and kvm-spice is a symlink for quite some time. Builtin expected binaries work, so drop this delta. * Dropped Changes (in Debian) - Convert libvirt0, libnss_libvirt and libvirt-dev to multi-arch.
Available diffs
- diff from 4.6.0-2ubuntu5 to 5.0.0-1ubuntu1 (23.3 MiB)
- diff from 4.6.0-2ubuntu6 to 5.0.0-1ubuntu1 (23.3 MiB)
Superseded in disco-proposed |
libvirt (4.6.0-2ubuntu6) disco; urgency=medium * No-change rebuild for readline soname change. -- Matthias Klose <email address hidden> Tue, 15 Jan 2019 10:26:04 +0000
Available diffs
- diff from 4.6.0-2ubuntu5 to 4.6.0-2ubuntu6 (347 bytes)
libvirt (4.6.0-2ubuntu3.2) cosmic; urgency=medium * d/p/ubuntu/lp1787405-0008-qemu-mdev-Use-vfio-pci-display-property-only -with-vf.patch: fix handling of non PCI vfio display propery (part of LP: #1787405)
Available diffs
libvirt (4.6.0-2ubuntu5) disco; urgency=medium * d/p/ubuntu/lp1787405-0008-qemu-mdev-Use-vfio-pci-display-property-only -with-vf.patch: fix handling of non PCI vfio display propery (part of LP: #1787405) -- Christian Ehrhardt <email address hidden> Thu, 06 Dec 2018 09:20:39 +0100
Available diffs
Superseded in cosmic-proposed |
libvirt (4.6.0-2ubuntu3.1) cosmic; urgency=medium * debian/patches/ubuntu/lp1787405-*: Support guest dedicated Crypto Adapters on s390x (LP: #1787405) -- Christian Ehrhardt <email address hidden> Fri, 09 Nov 2018 07:42:01 +0100
Available diffs
libvirt (4.0.0-1ubuntu8.6) bionic; urgency=medium * d/control: explicitly Build-dep on libwiretap-dev to fix FTBFS since libwireshark 2.6.x SRU upload (LP: #1801666) * debian/patches/ubuntu/lp1787405-*: Support guest dedicated Crypto Adapters on s390x (LP: #1787405) -- Christian Ehrhardt <email address hidden> Fri, 09 Nov 2018 07:42:01 +0100
Available diffs
libvirt (4.6.0-2ubuntu4) disco; urgency=medium * debian/patches/ubuntu/lp1787405-*: Support guest dedicated Crypto Adapters on s390x (LP: #1787405) * d/p/ubuntu/lp-1802727-netdevbridge-fall-back-to-ioctl-from-sysfs.patch: fix libvirt bridge handling in unprivileged containers (LP: #1802906) -- Christian Ehrhardt <email address hidden> Fri, 09 Nov 2018 07:42:01 +0100
Available diffs
libvirt (4.0.0-1ubuntu8.5) bionic; urgency=medium * d/p/ubuntu-aa/lp-1788603-fix-ptrace-rules-with-kernel-4.18.patch: avoid issues with newer kernels >=4.18 (LP: #1788603) * d/p/ubuntu/lp-1789659-don-t-check-for-parallel-iteration-in-hash.patch: remove broken and redundant check for parallel iteration in hash functions (LP: #1789659) -- Christian Ehrhardt <email address hidden> Tue, 28 Aug 2018 07:26:19 +0200
Available diffs
Superseded in disco-release |
Obsolete in cosmic-release |
Deleted in cosmic-proposed (Reason: moved to release) |
libvirt (4.6.0-2ubuntu3) cosmic; urgency=medium * d/p/ubuntu-aa/lp-1788603-fix-ptrace-rules-with-kernel-4.18.patch: avoid issues with newer kernels >=4.18 (LP: #1788603) -- Christian Ehrhardt <email address hidden> Mon, 27 Aug 2018 10:57:57 +0200
Available diffs
libvirt (4.0.0-1ubuntu8.4) bionic; urgency=medium * Fix an issue where guests with plenty of hostdevs attached where detected as not shut down due to the kernel needing more time to free up resources (LP: #1788226) - d/p/ubuntu/lp-1788226-wait-longer-5-30s-on-hard-shutdown.patch - d/p/ubuntu/lp-1788226-wait-longer-on-kill-per-assigned-Hostdev.patch -- Christian Ehrhardt <email address hidden> Thu, 23 Aug 2018 07:36:04 +0200
Available diffs
libvirt (4.6.0-2ubuntu2) cosmic; urgency=medium * Fix an issue where guests with plenty of hostdevs attached where detected as not shut down due to the kernel needing more time to free up resources (LP: #1788226) - d/p/ubuntu/lp-1788226-wait-longer-5-30s-on-hard-shutdown.patch - d/p/ubuntu/lp-1788226-wait-longer-on-kill-per-assigned-Hostdev.patch -- Christian Ehrhardt <email address hidden> Tue, 21 Aug 2018 17:51:43 +0200
Available diffs
libvirt (4.6.0-2ubuntu1) cosmic; urgency=medium * Merged with Debian unstable (LP: #1786957). Among many other new features and fixes this includes fixes for (LP: #1754871), Remaining changes: - Disable libssh2 support (universe dependency) - Disable firewalld support (universe dependency) - Set qemu-group to kvm (for compat with older ubuntu) - Additional apport package-hook - Autostart default bridged network (As upstream does, but not Debian). In addition to just enabling it our solution provides: + do not autostart if subnet is already taken (e.g. in guests). + iterate some alternative subnets before giving up - d/p/ubuntu/Allow-libvirt-group-to-access-the-socket.patch: This is the group based access to libvirt functions as it was used in Ubuntu for quite long. + d/p/ubuntu/daemon-augeas-fix-expected.patch fix some related tests due to the group access change. + d/libvirt-daemon-system.postinst: add users in sudo to the libvirt group. - ubuntu/parallel-shutdown.patch: set parallel shutdown by default. - d/p/ubuntu/enable-kvm-spice.patch: compat with older Ubuntu qemu/kvm which provided a separate kvm-spice. - Xen related - d/p/ubuntu/ubuntu-libxl-qemu-path.patch: this change was split. The section that adapts the path of the emulator to the Debian/Ubuntu packaging is kept. - d/p/ubuntu/ubuntu-libxl-Fix-up-VRAM-to-minimum-requirements.patch: auto set VRAM to minimum requirements - d/p/ubuntu/xen-default-uri.patch: set default URI on xen hosts - Add libxl log directory - libvirt-uri.sh: Automatically switch default libvirt URI for users on Xen dom0 via user profile (was missing on changelogs before) - d/p/ubuntu/apibuild-skip-libvirt-common.h: drop libvirt-common.h from included_files to avoid build failures due to duplicate definitions. - Update README.Debian with Ubuntu changes - Convert libvirt0, libnss_libvirt and libvirt-dev to multi-arch. - Enable some additional features on ppc64el and s390x (for arch parity) + systemtap, zfs, numa and numad on s390x. + systemtap on ppc64el. - d/t/control, d/t/smoke-qemu-session: fixup smoke-qemu-session by making vmlinuz available and accessible (Debian bug 848314) - d/t/control, d/t/smoke-lxc: fix up lxc smoke test isolation - Add dnsmasq configuration to work with system wide dnsmasq (drop >18.04, no more UCA onto Xenial then which has global dnsmasq by default). - d/p/ubuntu/ubuntu_machine_type.patch: accept ubuntu types as pci440fx - Further upstreamed apparmor Delta, especially any new one Our former delta is split into logical pieces and is either Ubuntu only or is part of a continuous upstreaming effort. Listing related remaining changes in debian/patches/ubuntu-aa/: + 0001-apparmor-Allow-pygrub-to-run-on-Debian-Ubuntu.patch: apparmor: Allow pygrub to run on Debian/Ubuntu + 0003-apparmor-libvirt-qemu-Allow-read-access-to-overcommi.patch: apparmor, libvirt-qemu: Allow read access to overcommit_memory + 0007-apparmor-libvirt-qemu-Allow-owner-read-access-to-PRO.patch: apparmor, libvirt-qemu: Allow owner read access to @{PROC}/*/auxv + 0017-apparmor-virt-aa-helper-Allow-access-to-tmp-director.patch: apparmor, virt-aa-helper: Allow access to tmp directories + ubuntu-aa/0020-virt-aa-helper-ubuntu-storage-paths.patch: apparmor, virt-aa-helper: Allow various storage pools and image locations + 0021-apparmor-virt-aa-helper-Add-openvswitch-support.patch: apparmor, virt-aa-helper: Add openvswitch support + 0025-apparmor-fix-newer-virt-manager-1.4.0.patch: Add Apparmor permissions so virt-manager 1.4.0 viewing works (LP 1668681 1747442). Can be dropped >=libvirt 4.7 + 0029-appmor-libvirt-qemu-Add-9p-support.patch: appmor, libvirt-qemu: Add 9p support + 0030-virt-aa-helper-Complete-9p-support.patch: virt-aa-helper: add l to 9p file options. + 0031-virt-aa-helper-Ask-for-no-deny-rule-for-readonly-dis.patch: virt-aa-helper: Ask for no deny rule for readonly disk (renamed and reworded, was virt-aa-helper-no-explicity-deny-for-basefiles.patch) + 0032-apparmor-libvirt-qemu-Allow-reading-charm-specific-c.patch: apparmor, libvirt-qemu: Allow reading charm-specific ceph config + 0033-UBUNTU-only-apparmor-for-kvm.powerpc-LP-1680384.patch: allow commands executed by ubuntu only kvm wrapper on ppc64el (LP 1686621 & LP 1680384). + 0034-apparmor-virt-aa-helper-access-for-snapped-nova.patch: apparmor, virt-aa-helper: access for snapped nova + 0040-apparmor-add-mediation-rules-for-unconfined.patch: apparmor: add mediation rules for unconfined guests Can be dropped >=libvirt 4.7 - d/rules: enable build time self tests on all architectures - run dnsmasq as libvirt-dnsmasq (LP: 1743718) + d/libvirt-daemon-system.postinst: add libvirt-dnsmasq user and group + d/libvirt-daemon-system.postrm: remove libvirt-dnsmasq user and group on purge + d/p/ubuntu/dnsmasq-as-priv-user: write dnsmas config with user libvirt-dnsmasq and adapt the self tests to expect that config + d/libvirt-daemon-system.postinst: fix old libvirt-dnsmasq users - debian/rules: disable the netcf backend. (LP: 1764314) - debian/control: drop libnetcf from Build-Depends. - ddebian/patches/ubuntu/ovmf_paths.patch: adjust paths to secboot.fd UEFI Secure Boot enabled variants of the OVMF firmware and variable store for the paths where we ship these files in Ubuntu. - d/rules: install virtlockd correctly with defaults file (LP: 1729516) * Added Changes - 0032-apparmor-libvirt-qemu-Allow-reading-charm-specific-c.patch: updated to take care of no more silencing and thereby hiding denials (LP 1719579 is an example) - 0032-apparmor-libvirt-qemu-Allow-reading-charm-specific-c.patch: updated to also allow the optionally placed ceph asok file (LP: #1779674) - 0033-UBUNTU-only-apparmor-for-kvm.powerpc-LP-1680384.patch: prepare profile for usrmerge (LP: #1784023) - Finalize the libvirt-bin -> libvirt-* transition in the apport package-hook. - d/p/ubuntu-aa/0050-local-include-for-libvirt-qemu.patch, d/libvirt-daemon-system.postinst: provide a local apparmor include for abstraction/libvirt-qemu (LP: #1786019) - d/p/ubuntu-aa/0051-allow-user-tmp.patch: some features need tmp, but we don't want blanket access. We only allow enumerating the base dir and reading owned files. Further features needing /tmp have to add local overrides, examples are qemu-smb and some modes of local snapshots. (LP: #1365261) Can be dropped >=libvirt 4.7 - d/p/ubuntu-aa/0052-allow-to-preserve-dev-mountpoints.patch: Allow to preserve /dev mountpoints in qemu namespaces (LP: #1786168) Can be dropped >=libvirt 4.7 - avoid service dependency issues on upgrade (LP: #1786179) This will in the long term be resolved in dh_* tools, but to let an upgrade work for now we need to drop the sysV scripts (which we don't use anyway) and slightly modify the systemd service to work with todays dh_systemd_start properly. Can be dropped once Debian bug 905772 is resolved in dh_* tools and libvirt uses those new code. - d/libvirt-daemon-system.virtlogd.init: removed sysV init file - d/libvirt-daemon-system.libvirtd.init: removed sysV init file - debian/libvirt-daemon-system.maintscript: rm_conffile for virtlogd and lbivirtd sysV init file - d/p/ubuntu/avoid-restarting-virtlog-socket.patch: drop Also references to virtlogd/virtlockd sockets as they would imply a restart of virtlogd breaking it. - d/t/smoke-lxc: use systemd instead of sysV to restart the service * Dropped Changes (upstream) - d/p/ubuntu/virt-aa-helper-Set-the-supported-features.patch: allow parsing of memory slots and other extended features without breaking virt-aa-helper (LP: 1746431). - d/p/stable/0001-Revert-qemu-monitor-do-not-report-error-on-shutdown.patch - d/p/stable/0002-nodedev-Fix-failing-to-parse-PCI-address-for-non-PCI.patch - d/p/stable/0003-qemu-assign-correct-type-of-PCI-address-for-vhost-sc.patch - d/p/stable/0004-qemu-Refresh-caps-cache-after-booting-a-different-ke.patch - d/p/stable/0005-qemu-auto-add-generic-xhci-rather-than-NEC-xhci-to-Q.patch - d/p/stable/0006-libvirtd-Explicit-dependency-on-systemd-machined.patch - d/p/stable/0007-rpc-fix-race-sending-and-encoding-sasl-data.patch - d/p/stable/0008-vhost-user-add-support-reconnect-for-vhost-user-port.patch - d/p/stable/0009-qemu-Fix-memory-leak-in-processGuestPanicEvent.patch - d/p/stable/0010-storage-util-Properly-ignore-errors-when-backing-vol.patch - d/p/stable/0011-conf-Use-correct-attribute-name-in-error-message.patch - d/p/stable/0012-util-json-Add-helper-to-return-string-or-number-prop.patch - d/p/stable/0013-util-storage-Parse-lun-for-iSCSI-protocol-from-JSON-.patch - d/p/stable/0014-virsh-Offer-only-persistent-domains-for-autostart.patch - d/p/stable/0015-blockjob-Fix-a-error-checking-of-blockjob-status-in-.patch - d/p/stable/0016-qemu-Expose-rx-tx_queue_size-in-qemu.conf-too.patch - d/p/stable/0017-qemu-migration-Refresh-device-information-after-tran.patch - d/p/stable/0018-qemuDomainRemoveMemoryDevice-unlink-memory-backing-f.patch - d/p/stable/0019-vbox-fix-SEGV-during-dumpxml-of-a-serial-port.patch - d/p/stable/0020-qemu-Initialize-priv-in-qemuDomainCoreDumpWithFormat.patch - d/p/stable/0021-fix-regex-to-check-CN-from-server-certificate.patch - d/p/stable/0022-storage-Fix-formatting-and-parsing-of-qemu-type-Unix.patch - d/p/stable/0023-util-storage-Remove-detected-authentication-data-for.patch - d/p/stable/0024-qemu-blockcopy-Add-check-for-bandwidth.patch - d/p/stable/0025-conf-move-generated-member-from-virMacAddr-to-virDom.patch - d/p/stable/0026-lxc-Drop-useless-check-in-live-device-update.patch - d/p/stable/0027-Pass-oldDev-to-virDomainDefCompatibleDevice-on-devic.patch - d/p/stable/0028-qemu-Fix-updating-device-with-boot-order.patch - d/p/stable/0030-daemon-fix-rpc-event-leak-on-error-path-in-remoteDis.patch - d/p/stable/0029-lxc-fix-rpc-event-leak-on-error-path-in-virLXCContro.patch - d/p/stable/0031-qemu-fix-memory-leak-of-vporttype-during-migration.patch - d/p/stable/0032-virsh-fixing-segfault-by-pool-autocompleter-function.patch - d/p/stable/0033-qemu-Fix-comparison-assignment-in-qemuDomainUpdateDe.patch - d/p/stable/0034-qemu-Fix-memory-leak-in-qemuConnectGetAllDomainStats.patch - d/p/stable/0035-libvirtd-fix-potential-deadlock-when-reloading.patch - d/p/stable/0036-qemu-Use-correct-bus-type-for-input-devices.patch - d/p/stable/0037-qemu-hostdev-Fix-the-error-on-VM-start-with-an-mdev-.patch - d/p/stable/0038-conf-Fix-crash-in-virDomainDefCompatibleDevice.patch - d/p/ubuntu/lp1688508-tools-avoid-text-spilling-into-variables.patch: avoid hanging on shutdown (LP: 1688508) - d/p/ubuntu-aa/0041-apparmor-add-ro-rule-for-sasl-GSSAPI- plugin-on-etc-g.patch fix issues if sasl is configured (LP: 1696471) - d/p/ubuntu-aa/0042-virt-aa-helper-resolve-yet-to-be-created-paths.patch ensure symlinks are resolved to get valid rules if interim parts of a path are a symlink (LP: 1752361) - d/p/ubuntu/lp1688508-tools-fix-variable-scope-in-in-check_guests_shutdown: avoid issues shutting down more guests than configured for parallel shutdown (LP: 1688508) - d/p/ubuntu-aa/lp1756394-virt-aa-helper-resolve-file-symlinks.patch: fix using devices that are symlinks (LP: 1756394) - Fix nvdimm memory and passthrough input devices for hotplug via domain security callbacks backporting upstream commits (LP: 1755153). + d/p/ubuntu-aa/lp1755153-apparmor-add-Set-Restore-InputLabel.patch + d/p/ubuntu-aa/lp1755153-apparmor-add-Set-Restore-MemoryLabel.patch - Fix nvdimm memory and passthrough input devices in initial guest description via virt-aa-helper (LP: 1757085). + d/p/ubuntu-aa/lp1757085-virt-aa-helper-nvdimm-memory.patch + d/p/ubuntu-aa/lp1757085-virt-aa-helper-passthrough-input.patch - Fix clean shut down of guests on system shutdown (LP: 1764668) + d/p/ubuntu/lp-1764668-do-not-report-unknown-guests.patch + d/p/ubuntu/lp-1764668-fix-check_guests_shutdown-loop.patch - SECURITY UPDATE: QEMU monitor DoS + debian/patches/CVE-2018-1064.patch: add size limit to src/qemu/qemu_agent.c. + CVE-2018-1064 - SECURITY UPDATE: Speculative Store Bypass + debian/patches/CVE-2018-3639-1.patch: define the 'ssbd' CPUID feature bit in src/cpu/cpu_map.xml. + debian/patches/CVE-2018-3639-2.patch: define the 'virt-ssbd' CPUID feature bit in src/cpu/cpu_map.xml. + CVE-2018-3639 - d/p/ubuntu-aa/lp1775777-vfio-usage-without-initial-hostdev.patch: fix hotplug use cases where the initial guest had no hostdev at all and therefore vrit-aa-helper did not allow /dev/vfio/vfio (LP: 1775777) - debian/patches/ubuntu/lp-1758037-nwfilter-increase-pcap-buffer-size.patch: Fix nwfilters that set CTRL_IP_LEARNING set to dhcp failing with "An error occurred, but the cause is unknown" due to a buffer being too small for pcap with TPACKET_V3 enabled (LP: 1758037) - SECURITY UPDATE: code injection via libnss_dns.so + debian/patches/CVE-2018-6764-1.patch: determine the hostname on startup in src/util/virlog.c. + debian/patches/CVE-2018-6764-2.patch: fix syntax-check in src/util/virlog.c. + debian/patches/CVE-2018-6764-3.patch: fix deadlock obtaining hostname in cfg.mk, src/util/virlog.c. + CVE-2018-6764 * Dropped Changes (no upgrade path left that needs those) - Backwards compatible handling of group rename (can be dropped >18.04). - Modifications to adapt for our delayed switch away from libvirt-bin (can be dropped >18.04). + d/p/ubuntu/libvirtd-service-add-bin-alias.patch: systemd: define alias to old service name so that old references work + d/p/ubuntu/libvirtd-init-add-bin-alias.patch: sysv init: define alias to old service name so that old references work + d/control: transitional package with the old name and maintainer scripts to handle the transition - fix conffile upgrade handling to avoid obsolete files and inactive duplicates (LP 1694159) - conffile handling of files dropped in 3.5 (can be dropped >18.04) + /etc/init.d/virtlockd was sysv init only + /etc/apparmor.d/local/usr.sbin.libvirtd and /etc/apparmor.d/local/usr.lib.libvirt.virt-aa-helper are now generated by dh_apparmor as needed - d/libvirt-daemon-system.maintscript: remove the now dropped conffile /etc/cron.daily/libvirt-daemon-system * Dropped Changes (cleanups) - d/test/smoke-lxc workaround for debbug 848317/867379 (systemd has fixed one issue and the other is solved in libvirt by ensuring to move to the right cgroups.) - remove no more used libvirt-dnsmasq user (this was redundant since 4.0.0-1ubuntu5 reintroduced a libvirt-dnsmasq user) - Disable selinux (now in main) -- Christian Ehrhardt <email address hidden> Sat, 18 Aug 2018 14:40:58 +0200
Available diffs
- diff from 4.0.0-1ubuntu13 to 4.6.0-2ubuntu1 (24.8 MiB)
libvirt (4.0.0-1ubuntu13) cosmic; urgency=medium * ddebian/patches/ubuntu/ovmf_paths.patch: adjust paths to secboot.fd UEFI Secure Boot enabled variants of the OVMF firmware and variable store for the paths where we ship these files in Ubuntu. -- Mathieu Trudel-Lapierre <email address hidden> Wed, 27 Jun 2018 11:16:23 -0400
Available diffs
libvirt (4.0.0-1ubuntu8.3) bionic; urgency=medium * d/p/ubuntu-aa/lp1775777-vfio-usage-without-initial-hostdev.patch: fix hotplug use cases where the initial guest had no hostdev at all and therefore vrit-aa-helper did not allow /dev/vfio/vfio (LP: #1775777) -- Christian Ehrhardt <email address hidden> Wed, 13 Jun 2018 10:48:18 +0200
Available diffs
libvirt (4.0.0-1ubuntu12) cosmic; urgency=medium * d/p/ubuntu-aa/lp1775777-vfio-usage-without-initial-hostdev.patch: fix hotplug use cases where the initial guest had no hostdev at all and therefore vrit-aa-helper did not allow /dev/vfio/vfio (LP: #1775777) -- Christian Ehrhardt <email address hidden> Tue, 12 Jun 2018 16:24:01 +0200
Available diffs
libvirt (1.2.2-0ubuntu13.1.27) trusty-security; urgency=medium * SECURITY UPDATE: QEMU monitor DoS - debian/patches/CVE-2018-1064.patch: add size limit to src/qemu/qemu_agent.c. - CVE-2018-1064 * SECURITY UPDATE: Speculative Store Bypass - debian/patches/CVE-2018-3639-1.patch: define the 'ssbd' CPUID feature bit in src/cpu/cpu_map.xml. - debian/patches/CVE-2018-3639-2.patch: define the 'virt-ssbd' CPUID feature bit in src/cpu/cpu_map.xml. - CVE-2018-3639 -- Marc Deslauriers <email address hidden> Wed, 23 May 2018 14:23:45 -0400
Available diffs
libvirt (3.6.0-1ubuntu6.8) artful-security; urgency=medium * SECURITY UPDATE: QEMU monitor DoS - debian/patches/CVE-2018-1064.patch: add size limit to src/qemu/qemu_agent.c. - CVE-2018-1064 * SECURITY UPDATE: Speculative Store Bypass - debian/patches/CVE-2018-3639-1.patch: define the 'ssbd' CPUID feature bit in src/cpu/cpu_map.xml. - debian/patches/CVE-2018-3639-2.patch: define the 'virt-ssbd' CPUID feature bit in src/cpu/cpu_map.xml. - CVE-2018-3639 -- Marc Deslauriers <email address hidden> Wed, 23 May 2018 13:23:59 -0400
Available diffs
libvirt (1.3.1-1ubuntu10.24) xenial-security; urgency=medium * SECURITY UPDATE: QEMU monitor DoS - debian/patches/CVE-2018-1064.patch: add size limit to src/qemu/qemu_agent.c. - CVE-2018-1064 * SECURITY UPDATE: Speculative Store Bypass - debian/patches/CVE-2018-3639-1.patch: define the 'ssbd' CPUID feature bit in src/cpu/cpu_map.xml. - debian/patches/CVE-2018-3639-2.patch: define the 'virt-ssbd' CPUID feature bit in src/cpu/cpu_map.xml. - CVE-2018-3639 -- Marc Deslauriers <email address hidden> Wed, 23 May 2018 13:29:29 -0400
Available diffs
libvirt (4.0.0-1ubuntu8.2) bionic-security; urgency=medium * SECURITY UPDATE: QEMU monitor DoS - debian/patches/CVE-2018-1064.patch: add size limit to src/qemu/qemu_agent.c. - CVE-2018-1064 * SECURITY UPDATE: Speculative Store Bypass - debian/patches/CVE-2018-3639-1.patch: define the 'ssbd' CPUID feature bit in src/cpu/cpu_map.xml. - debian/patches/CVE-2018-3639-2.patch: define the 'virt-ssbd' CPUID feature bit in src/cpu/cpu_map.xml. - CVE-2018-3639 -- Marc Deslauriers <email address hidden> Wed, 23 May 2018 13:23:01 -0400
Available diffs
libvirt (4.0.0-1ubuntu11) cosmic; urgency=medium * SECURITY UPDATE: QEMU monitor DoS - debian/patches/CVE-2018-1064.patch: add size limit to src/qemu/qemu_agent.c. - CVE-2018-1064 * SECURITY UPDATE: Speculative Store Bypass - debian/patches/CVE-2018-3639-1.patch: define the 'ssbd' CPUID feature bit in src/cpu/cpu_map.xml. - debian/patches/CVE-2018-3639-2.patch: define the 'virt-ssbd' CPUID feature bit in src/cpu/cpu_map.xml. - CVE-2018-3639 -- Marc Deslauriers <email address hidden> Tue, 22 May 2018 10:55:56 -0400
Available diffs
libvirt (1.3.1-1ubuntu10.23) xenial; urgency=medium * Fix nwfilters that set CTRL_IP_LEARNING set to dhcp failing with "An error occurred, but the cause is unknown" due to a buffer being too small for pcap with TPACKET_V3 enabled (LP: #1758037) - debian/patches/ubuntu/lp-1758037-nwfilter-increase-pcap-buffer-size.patch -- Christian Ehrhardt <email address hidden> Fri, 11 May 2018 07:37:36 +0200
Available diffs
libvirt (3.6.0-1ubuntu6.7) artful; urgency=medium * Fix nwfilters that set CTRL_IP_LEARNING set to dhcp failing with "An error occurred, but the cause is unknown" due to a buffer being too small for pcap with TPACKET_V3 enabled (LP: #1758037) - debian/patches/ubuntu/lp-1758037-nwfilter-increase-pcap-buffer-size.patch -- Christian Ehrhardt <email address hidden> Fri, 11 May 2018 07:35:09 +0200
Available diffs
libvirt (4.0.0-1ubuntu8.1) bionic; urgency=medium * Fix nwfilters that set CTRL_IP_LEARNING set to dhcp failing with "An error occurred, but the cause is unknown" due to a buffer being too small for pcap with TPACKET_V3 enabled (LP: #1758037) - debian/patches/ubuntu/lp-1758037-nwfilter-increase-pcap-buffer-size.patch -- Christian Ehrhardt <email address hidden> Fri, 11 May 2018 07:32:28 +0200
Available diffs
libvirt (4.0.0-1ubuntu10) cosmic; urgency=medium * Fix nwfilters that set CTRL_IP_LEARNING set to dhcp failing with "An error occurred, but the cause is unknown" due to a buffer being too small for pcap with TPACKET_V3 enabled (LP: #1758037) - debian/patches/ubuntu/lp-1758037-nwfilter-increase-pcap-buffer-size.patch -- Christian Ehrhardt <email address hidden> Wed, 09 May 2018 17:07:59 +0200
Available diffs
Superseded in cosmic-proposed |
libvirt (4.0.0-1ubuntu9) cosmic; urgency=medium * debian/rules: disable the netcf backend. (LP: #1764314) * debian/control: drop libnetcf from Build-Depends. -- Mathieu Trudel-Lapierre <email address hidden> Wed, 09 May 2018 10:06:15 -0400
Available diffs
- diff from 4.0.0-1ubuntu8 to 4.0.0-1ubuntu9 (741 bytes)
libvirt (1.3.1-1ubuntu10.22) xenial; urgency=medium * Fix clean shut down of guests on system shutdown (LP: #1764668) - d/p/ubuntu/lp-1764668-do-not-report-unknown-guests.patch - d/p/ubuntu/lp-1764668-fix-check_guests_shutdown-loop.patch -- Christian Ehrhardt <email address hidden> Wed, 25 Apr 2018 09:26:12 +0200
Available diffs
libvirt (3.6.0-1ubuntu6.6) artful; urgency=medium * Fix clean shut down of guests on system shutdown (LP: #1764668) - d/p/ubuntu/lp-1764668-do-not-report-unknown-guests.patch - d/p/ubuntu/lp-1764668-fix-check_guests_shutdown-loop.patch -- Christian Ehrhardt <email address hidden> Wed, 25 Apr 2018 09:24:08 +0200
Available diffs
Superseded in cosmic-release |
Published in bionic-release |
Deleted in bionic-proposed (Reason: moved to release) |
libvirt (4.0.0-1ubuntu8) bionic; urgency=medium * Fix clean shut down of guests on system shutdown (LP: #1764668) - d/p/ubuntu/lp-1764668-do-not-report-unknown-guests.patch - d/p/ubuntu/lp-1764668-fix-check_guests_shutdown-loop.patch -- Christian Ehrhardt <email address hidden> Tue, 24 Apr 2018 11:09:48 +0200
Available diffs
libvirt (3.6.0-1ubuntu6.5) artful; urgency=medium * d/p/ubuntu/lp1688508-fix-variable-scope-in-in-check_guests_shutdown.patch: backport further upstream fixes that were identified on verification. Together with the former change this fixes (LP: #1688508)
Available diffs
libvirt (1.3.1-1ubuntu10.21) xenial; urgency=medium * d/p/ubuntu/lp1688508-fix-variable-scope-in-in-check_guests_shutdown.patch: backport further upstream fixes that were identified on verification. Together with the former change this fixes (LP: #1688508) * d/p/ubuntu/lp1753604-nwfilter-fix-lock-order-deadlock.patch: fix intermittent deadlock in NWFilter handling (LP: #1753604)
Available diffs
libvirt (4.0.0-1ubuntu7) bionic; urgency=medium * Fix nvdimm memory and passthrough input devices for hotplug via domain security callbacks backporting upstream commits (LP: #1755153). - d/p/ubuntu-aa/lp1755153-apparmor-add-Set-Restore-InputLabel.patch - d/p/ubuntu-aa/lp1755153-apparmor-add-Set-Restore-MemoryLabel.patch * Fix nvdimm memory and passthrough input devices in initial guest description via virt-aa-helper (LP: #1757085). - d/p/ubuntu-aa/lp1757085-virt-aa-helper-nvdimm-memory.patch - d/p/ubuntu-aa/lp1757085-virt-aa-helper-passthrough-input.patch -- Christian Ehrhardt <email address hidden> Wed, 21 Mar 2018 08:30:47 +0100
Available diffs
libvirt (4.0.0-1ubuntu6) bionic; urgency=medium * Backport from recent upstream to stabilize libvirt (LP: #1756915) - d/p/stable/0033-qemu-Fix-comparison-assignment-in-qemuDomainUpdateDe.patch - d/p/stable/0034-qemu-Fix-memory-leak-in-qemuConnectGetAllDomainStats.patch - d/p/stable/0035-libvirtd-fix-potential-deadlock-when-reloading.patch - d/p/stable/0036-qemu-Use-correct-bus-type-for-input-devices.patch - d/p/stable/0037-qemu-hostdev-Fix-the-error-on-VM-start-with-an-mdev-.patch - d/p/stable/0038-conf-Fix-crash-in-virDomainDefCompatibleDevice.patch * d/p/ubuntu/lp1688508-tools-fix-variable-scope-in-in-check_guests_shutdown: avoid issues shutting down more guests than configured for parallel shutdown (LP: #1688508) * d/p/ubuntu-aa/lp1756394-virt-aa-helper-resolve-file-symlinks.patch: fix using devices that are symlinks (LP: #1756394) -- Christian Ehrhardt <email address hidden> Mon, 19 Mar 2018 14:57:08 +0100
Available diffs
libvirt (4.0.0-1ubuntu5) bionic; urgency=medium * run dnsmasq as libvirt-dnsmasq (LP: #1743718) - d/libvirt-daemon-system.postinst: add libvirt-dnsmasq user and group - d/libvirt-daemon-system.postrm: remove libvirt-dnsmasq user and group on purge - d/p/ubuntu/dnsmasq-as-priv-user: write dnsmas config with user libvirt-dnsmasq and adapt the self tests to expect that config - d/libvirt-daemon-system.postinst: fix old libvirt-dnsmasq users * Backport from recent upstream to stabilize libvirt (LP: #1754352) - d/p/stable/0024-qemu-blockcopy-Add-check-for-bandwidth.patch - d/p/stable/0025-conf-move-generated-member-from-virMacAddr-to-virDom.patch - d/p/stable/0026-lxc-Drop-useless-check-in-live-device-update.patch - d/p/stable/0027-Pass-oldDev-to-virDomainDefCompatibleDevice-on-devic.patch - d/p/stable/0028-qemu-Fix-updating-device-with-boot-order.patch - d/p/stable/0030-daemon-fix-rpc-event-leak-on-error-path-in-remoteDis.patch - d/p/stable/0029-lxc-fix-rpc-event-leak-on-error-path-in-virLXCContro.patch - d/p/stable/0031-qemu-fix-memory-leak-of-vporttype-during-migration.patch - d/p/stable/0032-virsh-fixing-segfault-by-pool-autocompleter-function.patch * d/p/ubuntu-aa/0041-apparmor-add-ro-rule-for-sasl-GSSAPI- plugin-on-etc-g.patch fix issues if sasl is configured (LP: #1696471) * d/p/ubuntu-aa/0042-virt-aa-helper-resolve-yet-to-be-created-paths.patch ensure symlinks are resolved to get valid rules if interim parts of a path are a symlink (LP: #1752361) -- Christian Ehrhardt <email address hidden> Tue, 27 Feb 2018 12:04:02 +0100
Available diffs
- diff from 4.0.0-1ubuntu4 to 4.0.0-1ubuntu5 (12.6 KiB)
Deleted in artful-proposed (Reason: SRU abandoned (verification-failed)) |
libvirt (3.6.0-1ubuntu6.4) artful; urgency=medium * d/p/ubuntu/lp1688508-tools-avoid-text-spilling-into-variables.patch: avoid hanging on shutdown (LP: #1688508) -- Dariusz Gadomski <email address hidden> Mon, 26 Feb 2018 14:30:44 +0100
Available diffs
- diff from 3.6.0-1ubuntu6 to 3.6.0-1ubuntu6.4 (17.1 KiB)
Deleted in xenial-proposed (Reason: SRU abandoned (verification-failed)) |
libvirt (1.3.1-1ubuntu10.20) xenial; urgency=medium * d/p/ubuntu/lp1688508-tools-avoid-text-spilling-into-variables.patch: avoid hanging on shutdown (LP: #1688508) -- Dariusz Gadomski <email address hidden> Mon, 26 Feb 2018 14:37:40 +0100
Available diffs
libvirt (4.0.0-1ubuntu4) bionic; urgency=medium * d/p/ubuntu/lp1688508-tools-avoid-text-spilling-into-variables.patch: avoid hanging on shutdown (LP: #1688508) -- Christian Ehrhardt <email address hidden> Fri, 23 Feb 2018 16:43:19 +0100
Available diffs
libvirt (4.0.0-1ubuntu3) bionic; urgency=medium [ Christian Ehrhardt ] * Backport of 23 bug fixes from recent upstream to stabilize libvirt on 18.04 - d/p/stable/0001-Revert-qemu-monitor-do-not-report-error-on-shutdown.patch - d/p/stable/0002-nodedev-Fix-failing-to-parse-PCI-address-for-non-PCI.patch - d/p/stable/0003-qemu-assign-correct-type-of-PCI-address-for-vhost-sc.patch - d/p/stable/0004-qemu-Refresh-caps-cache-after-booting-a-different-ke.patch - d/p/stable/0005-qemu-auto-add-generic-xhci-rather-than-NEC-xhci-to-Q.patch - d/p/stable/0006-libvirtd-Explicit-dependency-on-systemd-machined.patch - d/p/stable/0007-rpc-fix-race-sending-and-encoding-sasl-data.patch - d/p/stable/0008-vhost-user-add-support-reconnect-for-vhost-user-port.patch - d/p/stable/0009-qemu-Fix-memory-leak-in-processGuestPanicEvent.patch - d/p/stable/0010-storage-util-Properly-ignore-errors-when-backing-vol.patch - d/p/stable/0011-conf-Use-correct-attribute-name-in-error-message.patch - d/p/stable/0012-util-json-Add-helper-to-return-string-or-number-prop.patch - d/p/stable/0013-util-storage-Parse-lun-for-iSCSI-protocol-from-JSON-.patch - d/p/stable/0014-virsh-Offer-only-persistent-domains-for-autostart.patch - d/p/stable/0015-blockjob-Fix-a-error-checking-of-blockjob-status-in-.patch - d/p/stable/0016-qemu-Expose-rx-tx_queue_size-in-qemu.conf-too.patch - d/p/stable/0017-qemu-migration-Refresh-device-information-after-tran.patch - d/p/stable/0018-qemuDomainRemoveMemoryDevice-unlink-memory-backing-f.patch - d/p/stable/0019-vbox-fix-SEGV-during-dumpxml-of-a-serial-port.patch - d/p/stable/0020-qemu-Initialize-priv-in-qemuDomainCoreDumpWithFormat.patch - d/p/stable/0021-fix-regex-to-check-CN-from-server-certificate.patch - d/p/stable/0022-storage-Fix-formatting-and-parsing-of-qemu-type-Unix.patch - d/p/stable/0023-util-storage-Remove-detected-authentication-data-for.patch * d/rules: enable build time self tests on all architectures [ Marc Deslauriers ] * SECURITY UPDATE: code injection via libnss_dns.so - debian/patches/CVE-2018-6764-1.patch: determine the hostname on startup in src/util/virlog.c. - debian/patches/CVE-2018-6764-2.patch: fix syntax-check in src/util/virlog.c. - debian/patches/CVE-2018-6764-3.patch: fix deadlock obtaining hostname in cfg.mk, src/util/virlog.c. - CVE-2018-6764 -- Christian Ehrhardt <email address hidden> Mon, 19 Feb 2018 14:18:44 +0100
Available diffs
- diff from 4.0.0-1ubuntu2 to 4.0.0-1ubuntu3 (29.5 KiB)
libvirt (1.3.1-1ubuntu10.19) xenial-security; urgency=medium [ Leonidas S. Barbosa ] * SECURITY UPDATE: resource exhaustion resulting in DoS - debian/patches/CVE-2018-5748.patch: avoid DoS reading from QEMU monitor in src/qemu/qemu_monitor.c. - CVE-2018-5748 * SECURITY UPDATE: Bypass authentication - debian/patches/CVE-2016-5008.patch: let empty default VNC password work as documented in src/qemu/qemu_hotplug.c. - CVE-2016-5008 [ Marc Deslauriers ] * SECURITY UPDATE: code injection via libnss_dns.so - debian/patches/CVE-2018-6764-1.patch: determine the hostname on startup in src/util/virlog.c. - debian/patches/CVE-2018-6764-2.patch: fix syntax-check in src/util/virlog.c. - debian/patches/CVE-2018-6764-3.patch: fix deadlock obtaining hostname in cfg.mk, src/util/virlog.c. - CVE-2018-6764 -- Marc Deslauriers <email address hidden> Fri, 16 Feb 2018 07:51:15 -0500
Available diffs
libvirt (3.6.0-1ubuntu6.3) artful-security; urgency=medium [ Leonidas S. Barbosa ] * SECURITY UPDATE: resource exhaustion resulting in DoS - debian/patches/CVE-2018-5748.patch: avoid DoS reading from QEMU monitor in src/qemu/qemu_monitor.c. - CVE-2018-5748 * SECURITY UPDATE: Failure to validate SSL/TLS certificates - debian/patches/CVE-2017-1000256.patch: ensure TLS clients always verify the server certificate in src/qemu/qemu_command.c. - CVE-2017-1000256 [ Marc Deslauriers ] * SECURITY UPDATE: code injection via libnss_dns.so - debian/patches/CVE-2018-6764-1.patch: determine the hostname on startup in src/util/virlog.c. - debian/patches/CVE-2018-6764-2.patch: fix syntax-check in src/util/virlog.c. - debian/patches/CVE-2018-6764-3.patch: fix deadlock obtaining hostname in cfg.mk, src/util/virlog.c. - CVE-2018-6764 -- Marc Deslauriers <email address hidden> Fri, 16 Feb 2018 07:51:15 -0500
Available diffs
libvirt (1.2.2-0ubuntu13.1.26) trusty-security; urgency=medium * SECURITY UPDATE: resource exhaustion resulting in DoS - debian/patches/CVE-2018-5748.patch: avoid DoS reading from QEMU monitor in src/qemu/qemu_monitor.c. - CVE-2018-5748 * SECURITY UPDATE: Bypass authentication - debian/patches/CVE-2016-5008.patch: let empty default VNC password work as documented in src/qemu/qemu_hotplug.c. - CVE-2016-5008 -- <email address hidden> (Leonidas S. Barbosa) Fri, 16 Feb 2018 07:51:15 -0500
Available diffs
libvirt (1.3.1-1ubuntu10.18) xenial; urgency=medium * virsh api is stuck when vm is down with NFS borken (LP: #1746630) - d/p/0001-qemu-driver-Remove-unnecessary-flag-in-qemuDomainGet.patch qemu: driver: Remove unnecessary flag in qemuDomainGetStatsBlock - d/p/0002-qemu-driver-Separate-bulk-stats-worker-for-block-dev.patch qemu: driver: Separate bulk stats worker for block devices - d/p/0003-qemu-bulk-stats-Don-t-access-possibly-blocked-storag.patch qemu: bulk stats: Don't access possibly blocked storage -- Seyeong Kim <email address hidden> Thu, 01 Feb 2018 09:43:45 +0900
Available diffs
libvirt (4.0.0-1ubuntu2) bionic; urgency=medium * d/p/ubuntu-aa/0025-apparmor-fix-newer-virt-manager-1.4.0.patch: refreshed as libvirt 4.0 needs a reversed rule for openGraphicsFD (LP: #1747442) - refreshed 0032 and 0040 to match the new context. * d/p/ubuntu/virt-aa-helper-Set-the-supported-features.patch: allow parsing of memory slots and other extended features without breaking virt-aa-helper (LP: #1746431). -- Christian Ehrhardt <email address hidden> Fri, 02 Feb 2018 07:31:17 +0100
Available diffs
libvirt (1.3.1-1ubuntu10.17) xenial-security; urgency=medium * SECURITY UPDATE: Add support for Spectre mitigations - debian/patches/CVE-2017-5715-ibrs*.patch: add CPU features for indirect branch prediction protection and add new *-IBRS CPU models. - debian/control: add Breaks to get updated qemu with new CPU models. - CVE-2017-5715 -- Marc Deslauriers <email address hidden> Thu, 01 Feb 2018 15:01:16 -0500
Available diffs
libvirt (3.6.0-1ubuntu6.2) artful-security; urgency=medium * SECURITY UPDATE: Add support for Spectre mitigations - debian/patches/CVE-2017-5715-microcode*.patch: include x86 microcode version in virsh capabilities and force update if the microcode does not match. - debian/patches/CVE-2017-5715-ibrs*.patch: add CPU features for indirect branch prediction protection and add new *-IBRS CPU models. - debian/control: add Breaks to get updated qemu with new CPU models. - CVE-2017-5715 -- Marc Deslauriers <email address hidden> Thu, 01 Feb 2018 15:00:14 -0500
Available diffs
libvirt (1.2.2-0ubuntu13.1.25) trusty-security; urgency=medium * SECURITY UPDATE: Add support for Spectre mitigations - debian/patches/CVE-2017-5715-ibrs*.patch: add CPU features for indirect branch prediction protection and add new *-IBRS CPU models. - debian/control: add Breaks to get updated qemu with new CPU models. - CVE-2017-5715 -- Marc Deslauriers <email address hidden> Thu, 01 Feb 2018 15:00:47 -0500
libvirt (4.0.0-1ubuntu1) bionic; urgency=medium * Merged with Debian unstable (4.0) This closes several bugs: - Error generating apparmor profile when hostname contains spaces (LP: #799997) - qemu 2.10 locks files, libvirt shared now sets share-rw=on (LP: #1716028) - libvirt usb passthrough throws apparmor denials related to /run/udev/data/+usb (LP: #1727311) - AppArmor denies access to /sys/block/*/queue/max_segments (LP: #1729626) - iohelper improvements to let bypass-cache work without opening up the apparmor isolation (LP: #1719579) - nodeinfo on s390x to contain more CPU info (LP: #1733688) - Upgrade libvirt >= 4.0 (LP: #1745934) * Remaining changes: - Disable libssh2 support (universe dependency) - Disable firewalld support (universe dependency) - Disable selinux - Set qemu-group to kvm (for compat with older ubuntu) - Additional apport package-hook - Modifications to adapt for our delayed switch away from libvirt-bin (can be dropped >18.04). + d/p/ubuntu/libvirtd-service-add-bin-alias.patch: systemd: define alias to old service name so that old references work + d/p/ubuntu/libvirtd-init-add-bin-alias.patch: sysv init: define alias to old service name so that old references work + d/control: transitional package with the old name and maintainer scripts to handle the transition - Backwards compatible handling of group rename (can be dropped >18.04). - config details and autostart of default bridged network. Creating that is now the default in general, yet our solution provides the following on top as of today: + autostart the default network by default + do not autostart if subnet is already taken (e.g. in guests). - d/p/ubuntu/Allow-libvirt-group-to-access-the-socket.patch: This is the group based access to libvirt functions as it was used in Ubuntu for quite long. + d/p/ubuntu/daemon-augeas-fix-expected.patch fix some related tests due to the group access change. - ubuntu/parallel-shutdown.patch: set parallel shutdown by default. - d/p/ubuntu/enable-kvm-spice.patch: compat with older Ubuntu qemu/kvm which provided a separate kvm-spice. - d/p/ubuntu/ubuntu-libxl-qemu-path.patch: this change was split. The section that adapts the path of the emulator to the Debian/Ubuntu packaging is kept. - d/p/ubuntu/ubuntu-libxl-Fix-up-VRAM-to-minimum-requirements.patch: auto set VRAM to minimum requirements - d/p/ubuntu/xen-default-uri.patch: set default URI on xen hosts - Add libxl log directory - libvirt-uri.sh: Automatically switch default libvirt URI for users on Xen dom0 via user profile (was missing on changelogs before) - d/p/ubuntu/apibuild-skip-libvirt-common.h: drop libvirt-common.h from included_files to avoid build failures due to duplicate definitions. - Update README.Debian with Ubuntu changes - Convert libvirt0, libnss_libvirt and libvirt-dev to multi-arch. - Enable some additional features on ppc64el and s390x (for arch parity) + systemtap, zfs, numa and numad on s390x. + systemtap on ppc64el. - fix conffile upgrade handling to avoid obsolete files and inactive duplicates (LP 1694159) - d/t/control, d/t/smoke-qemu-session: fixup smoke-qemu-session by making vmlinuz available and accessible (Debian bug 848314) - d/test/smoke-lxc workaround for debbug 848317/867379 - d/t/control, d/t/smoke-lxc: fix up lxc smoke test (Debian bug 848317) - Add dnsmasq configuration to work with system wide dnsmasq (drop >18.04, no more UCA onto Xenial then which has global dnsmasq by default). - d/p/ubuntu/ubuntu_machine_type.patch: accept ubuntu types as pci440fx - conffile handling of files dropped in 3.5 (can be dropped >18.04) + /etc/init.d/virtlockd was sysv init only + /etc/apparmor.d/local/usr.sbin.libvirtd and /etc/apparmor.d/local/usr.lib.libvirt.virt-aa-helper are now generated by dh_apparmor as needed - Reworked apparmor Delta, especially the more complex delta is dropped now, also our former delta is now split into logical pieces, has improved comments and is part of a continuous upstreaming effort. Listing related remaining changes: + d/p/0001-apparmor-Allow-pygrub-to-run-on-Debian-Ubuntu.patch: apparmor: Allow pygrub to run on Debian/Ubuntu + d/p/0003-apparmor-libvirt-qemu-Allow-read-access-to-overcommi.patch: apparmor, libvirt-qemu: Allow read access to overcommit_memory + d/p/0007-apparmor-libvirt-qemu-Allow-owner-read-access-to-PRO.patch: apparmor, libvirt-qemu: Allow owner read access to @{PROC}/*/auxv + d/p/0017-apparmor-virt-aa-helper-Allow-access-to-tmp-director.patch: apparmor, virt-aa-helper: Allow access to tmp directories + d/p/ubuntu-aa/0020-virt-aa-helper-ubuntu-storage-paths.patch: apparmor, virt-aa-helper: Allow various storage pools and image locations + d/p/0021-apparmor-virt-aa-helper-Add-openvswitch-support.patch: apparmor, virt-aa-helper: Add openvswitch support + d/p/0025-apparmor-fix-newer-virt-manager-1.4.0.patch: Add Apparmor permissions so virt-manager 1.4.0 viewing works (LP 1668681). + d/p/0029-appmor-libvirt-qemu-Add-9p-support.patch: appmor, libvirt-qemu: Add 9p support + d/p/0030-virt-aa-helper-Complete-9p-support.patch: virt-aa-helper: add l to 9p file options. + d/p/0031-virt-aa-helper-Ask-for-no-deny-rule-for-readonly-dis.patch: virt-aa-helper: Ask for no deny rule for readonly disk (renamed and reworded, was virt-aa-helper-no-explicity-deny-for-basefiles.patch) + d/p/0032-apparmor-libvirt-qemu-Allow-reading-charm-specific-c.patch: apparmor, libvirt-qemu: Allow reading charm-specific ceph config + d/p/0033-UBUNTU-only-apparmor-for-kvm.powerpc-LP-1680384.patch: allow commands executed by ubuntu only kvm wrapper on ppc64el (LP 1686621). + d/p/0034-apparmor-virt-aa-helper-access-for-snapped-nova.patch: apparmor, virt-aa-helper: access for snapped nova * Dropped Changes (Upstream): - d/p/0005-apparmor-libvirt-qemu-Allow-use-of-sgabios.patch: apparmor, libvirt-qemu: Allow use of sgabios - d/p/0006-apparmor-libvirt-qemu-Silence-lttng-related-deny-mes.patch: apparmor, libvirt-qemu: Silence lttng related deny messages - d/p/0008-apparmor-libvirt-qemu-Allow-read-access-to-sysfs-sys.patch: apparmor, libvirt-qemu: Allow read access to sysfs system info - d/p/0009-apparmor-libvirt-qemu-Allow-read-access-to-max_mem_r.patch: apparmor, libvirt-qemu: Allow read access to max_mem_regions - d/p/0010-apparmor-libvirt-qemu-Allow-qemu-block-extra-librari.patch: apparmor, libvirt-qemu: Allow qemu-block-extra libraries - d/p/0012-apparmor-libvirtd-Allow-access-to-netlink-sockets.patch: apparmor, libvirtd: Allow access to netlink sockets - d/p/0013-apparmor-Add-rules-for-mediation-support.patch: apparmor: Add rules for mediation support - d/p/0015-apparmor-virt-aa-helper-Allow-access-to-ecryptfs-fil.patch: apparmor, virt-aa-helper: Allow access to ecryptfs files - d/p/0016-apparmor-libvirtd-Allow-ixr-to-var-lib-libvirt-virtd.patch: apparmor, libvirtd: Allow ixr to /var/lib/libvirt/virtd* - d/p/0018-apparmor-virt-aa-helper-Add-ipv6-network-policy.patch: apparmor, virt-aa-helper: Add ipv6 network policy - d/p/0019-apparmor-virt-aa-helper-Allow-access-to-sys-bus-usb-.patch: apparmor, virt-aa-helper: Allow access to /sys/bus/usb/devices - d/p/0023-apparmor-qemu-won-t-call-qemu-nbd.patch: apparmor: qemu won't call qemu-nbd - d/p/0027-apparmor-allow-reading-cmdline-of-shutdown-signal.patch: apparmor: allow to parse cmdline of the pid that send the shutdown signal (LP 1680384). - d/p/0028-apparmor-add-default-pki-path-of-lbvirt-spice.patch: apparmor: add default pki path of lbvirt-spice (LP 1690140) - d/p/ubuntu-aa/0035-virt-aa-helper-locking-disk-files-for-qemu-2.10.patch: for compatibility with the behavior of qemu 2.10 this adds locking permission to rules generated for disk files (LP 1709818) - d/p/ubuntu-aa/0036-virt-aa-helper-locking-loader-nvram-for-qemu-2.10.patch: for compatibility with the behavior of qemu 2.10 this adds locking permission to rules generated for loader/nvram (LP 1710960) - d/p/ubuntu-aa/0037-virt-aa-helper...: grant locking permission on append files (LP 1726804) - d/p/ubuntu-aa/0038-virt-aa-helper-fix-paths-for-usb-hostdevs.patch: fix path generation for USB host devices (LP 1552241) - d/p/ubuntu-aa/0039-virt-aa-helper-fix-libusb-access-to-udev-usb-data.patch: generate valid rules on usb passthrough (LP 1686324) - d/p/avoid-double-locking.patch: fix a deadlock that could occur when libvirtd interactions raced with dbus causing a deadlock (LP 1714254). - d/p/u/gnulib-getopt-posix-Fix-build-failure-when-using-ac_cv_head.patch: fix FTBFS with glibc 2.26 (LP 1718668) - Extended handling of apparmor profiles - clear lost profiles via cron (now cleared by virt-aa-helper on domain stop) - nat only on some ports <port start='1024' end='65535'/> (upstream default now if nothing is specified, actually dropped last cycle) * Dropped Changes (In Debian or no more important): - d/p/0002-apparmor-libvirt-qemu-Allow-macvtap-access.patch: apparmor, libvirt-qemu: Allow macvtap access - d/p/0004-apparmor-Explicit-deny-for-setpcap.patch: apparmor: Explicit deny for setpcap (LP 522845). - d/p/0014-apparmor-virt-aa-helper-Improve-comment-about-backin.patch: apparmor, virt-aa-helper: Improve comment about backing store - d/p/0022-apparmor-drop-references-to-qemu-kvm.patch: apparmor: drop references to qemu-kvm - d/p/0024-apparmor-virt-aa-helper-Allow-access-to-name-service.patch: apparmor, virt-aa-helper: Allow access to name services - d/p/0026-apparmor-add-generic-base-vfio-device.patch: apparmor: add /dev/vfio for vf (hot) attach (LP 1680384) (added by virt-aa-helper per guest if needed). - d/p/0011-apparmor-libvirt-qemu-Allow-access-to-hugepage-mount.patch: apparmor, libvirt-qemu: Allow access to hugepage mounts - Disable sheepdog (was for universe dependency, but is now only a suggest) - d/p/ubuntu/storage-disable-gluster-test: gluster not enabled, skip test * Dropped Changes (In Debian/Upstream now based on interim 3.10 work) some of these were never released, but important to mention for the bug references: - libnss-libvirt once enabled causes apt to call getdents avoid this being an issue by dropping a apt conf that allows this in seccomp (LP: #1732030). - d/libvirt-daemon-system.postrm: clean up more libvirt directories on purge - d/p/ubuntu-aa/0041-apparmor-allow-unix-stream-for-p2p-migrations.patch: apparmor: allow unix stream for p2p migrations - d/p/ubuntu-aa/0043-security-apparmor-implement-domainSetPathLabel.patch: this replaces the hugepage rules and fixes many more formerly missing - d/p/ubuntu-aa/0044-security-full-path-option-for-DomainSetPathLabel.patch: allowing to have path wildcards on labels set by domain callbacks - d/p/ubuntu-aa/0045-security-apparmor-add-Set-Restore-ChardevLabel.patch: apparmor implementation of security callback - d/p/ubuntu-aa/0046-apparmor-virt-aa-helper-drop-static-channel-rule.patch: this is now covered by chardev label callbacks * Added Changes: - Revert Debian change "Drop libvirt-bin upgrade handling" This is needed in Ubuntu one last time (drop >18.04) - Revert Debian change "Drop maintscript helpers for versions predating jessie and wheezy-backports". This is needed in Ubuntu one last time (drop >18.04) - Refreshed d/p/* to match new version (only fuzz, no semantic change) - d/libvirt-daemon-system.postrm: change order of libvirt-qemu removal to avoid error messages on purge - remove no more used libvirt-dnsmasq user (drop >18.04) - d/p/ubuntu-aa/0040-apparmor-add-mediation-rules-for-unconfined.patch: apparmor: add mediation rules for unconfined guests - d/p/ubuntu-aa/0042-security-introduce-virSecurityManager-Set-Restore-Ch .patch: backport upstream cahnge to expose already used chardev calls. - d/libvirt-daemon-system.postrm: Remove the default.xml network link set up by postinst. - d/libvirt-daemon-system.maintscript: remove the now dropped conffile /etc/cron.daily/libvirt-daemon-system - d/libvirt-daemon-system.postinst: fixups for autostart default network - use modern shell syntax - try more default networks before giving up to enable by default - d/p/ubuntu-aa/0020-virt-aa-helper-ubuntu-storage-paths.patch: add multipass image path and mark as ubuntu only change. - d/rules: install virtlockd correctly with defaults file (LP: #1729516) - extended d/p/0025-apparmor-fix-newer-virt-manager-1.4.0.patch to cover the slightly changed behavior of libvirt 4.0 (LP: #1741617) - d/control: make libvirt-daemon-driver-storage-rbd a recommend instead of just a suggest to have 3rd party relying on rbd out of the box working. This is deprecated and users of rbd backend should start depending on this package for it will be dropped to a suggest in future releases. -- Christian Ehrhardt <email address hidden> Thu, 14 Dec 2017 14:15:55 +0100
Available diffs
- diff from 3.6.0-1ubuntu6 to 4.0.0-1ubuntu1 (19.7 MiB)
libvirt (1.3.1-1ubuntu10.15) xenial; urgency=medium * d/p/storage-Don-t-pass-iso-format-to-qemu-img.patch: fix issues in virt clone and other users of storage_utils functions by not passing iso to qemu-img (LP: #1729858). -- Christian Ehrhardt <email address hidden> Mon, 06 Nov 2017 16:36:11 +0100
Available diffs
libvirt (2.5.0-3ubuntu5.6) zesty; urgency=medium * d/p/storage-Don-t-pass-iso-format-to-qemu-img.patch: fix issues in virt clone and other users of storage_utils functions by not passing iso to qemu-img (LP: #1729858). -- Christian Ehrhardt <email address hidden> Mon, 06 Nov 2017 16:31:48 +0100
Available diffs
Superseded in bionic-release |
Superseded in artful-updates |
Deleted in bionic-proposed (Reason: moved to release) |
Deleted in artful-proposed (Reason: moved to -updates) |
libvirt (3.6.0-1ubuntu6) artful; urgency=medium * d/p/ubuntu-aa/0037-virt-aa-helper...: grant locking permission on append files (LP: #1726804) * d/p/ubuntu-aa/0038-virt-aa-helper-fix-paths-for-usb-hostdevs.patch: fix path generation for USB host devices (LP: #1552241) * d/p/ubuntu-aa/0039-virt-aa-helper-fix-libusb-access-to-udev-usb-data.patch: generate valid rules on usb passthrough (LP: #1686324) -- Christian Ehrhardt <email address hidden> Tue, 24 Oct 2017 14:30:34 +0200
Available diffs
Superseded in bionic-release |
Obsolete in artful-release |
Deleted in artful-proposed (Reason: moved to release) |
libvirt (3.6.0-1ubuntu5) artful; urgency=medium * d/p/u/gnulib-getopt-posix-Fix-build-failure-when-using-ac_cv_head.patch: fix FTBFS with glibc 2.26 (LP: #1718668) -- Christian Ehrhardt <email address hidden> Thu, 28 Sep 2017 08:18:10 -0400
Available diffs
libvirt (1.2.2-0ubuntu13.1.23) trusty; urgency=medium * d/libvirt-bin.init, d/libvirt-bin.upstart: fix waiting for the libvirt socket (LP: #1571209) - avoid timing out on slow systems (only stop when service is stopped) - fix whitespace damage formerly added to d/libvirt-bin.init - no more long sleep without announcing to log - check socket and service status more often for lower latency on changes - fix check if unix_sock_dir path is set in /etc/libvirt/libvirtd.conf - fix the upstart service name that is checked -- Christian Ehrhardt <email address hidden> Thu, 07 Sep 2017 14:22:45 +0200
Available diffs
libvirt (1.2.2-0ubuntu13.1.22) trusty; urgency=medium * fix guest channel support (LP: #1393842). - d/p/virt-aa-helper-add-trusty-guest-agent-rule.patch: add apparmor rule for channels within guest namespace. - d/libvirt-bin.postinst: create channel directories if needed. -- Christian Ehrhardt <email address hidden> Mon, 28 Aug 2017 12:14:08 +0200
Available diffs
libvirt (3.6.0-1ubuntu4) artful; urgency=medium * d/p/avoid-double-locking.patch: fix a deadlock that could occur when libvirtd interactions raced with dbus causing a deadlock (LP: #1714254). -- Christian Ehrhardt <email address hidden> Fri, 01 Sep 2017 10:29:35 +0200
Available diffs
libvirt (3.6.0-1ubuntu3) artful; urgency=medium * No change rebuild for Qemu 2.10 and Xen 4.9 -- Christian Ehrhardt <email address hidden> Mon, 21 Aug 2017 10:34:13 +0200
Available diffs
- diff from 3.6.0-1ubuntu2 to 3.6.0-1ubuntu3 (356 bytes)
libvirt (3.6.0-1ubuntu2) artful; urgency=medium * d/p/ubuntu-aa/0036-virt-aa-helper-locking-loader-nvram-for-qemu-2.10.patch: for compatibility with the behavior of qemu 2.10 this adds locking permission to rules generated for loader/nvram (LP: #1710960) -- Christian Ehrhardt <email address hidden> Thu, 17 Aug 2017 10:00:19 +0200
Available diffs
libvirt (3.6.0-1ubuntu1) artful; urgency=medium * Merged with Debian unstable (3.6) This closes several bugs: - aarch64: improved chardev handling (LP: #1697610) - Forbid locking memory without memtune (LP: #1708305) * Remaining changes: - Disable sheepdog (universe dependency) - Disable libssh2 support (universe dependency) - Disable firewalld support (universe dependency) - Disable selinux - Set qemu-group to kvm (for compat with older ubuntu) - Regularly clear AppArmor profiles for vms that no longer exist - Additional apport package-hook - Modifications to adapt for our delayed switch away from libvirt-bin (can be dropped >18.04). + d/p/ubuntu/libvirtd-service-add-bin-alias.patch: systemd: define alias to old service name so that old references work + d/p/ubuntu/libvirtd-init-add-bin-alias.patch: sysv init: define alias to old service name so that old references work + d/control: transitional package with the old name and maintainer scripts to handle the transition - Backwards compatible handling of group rename (can be dropped >18.04). - config details and autostart of default bridged network. Creating that is now the default in general, yet our solution provides the following on top as of today: + nat only on some ports <port start='1024' end='65535'/> + autostart the default network by default + do not autostart if 192.168.122.0 is already taken (e.g. in containers) - d/p/ubuntu/Allow-libvirt-group-to-access-the-socket.patch: This is the group based access to libvirt functions as it was used in Ubuntu for quite long. + d/p/ubuntu/daemon-augeas-fix-expected.patch fix some related tests due to the group access change. - ubuntu/parallel-shutdown.patch: set parallel shutdown by default. - d/p/ubuntu/enable-kvm-spice.patch: compat with older Ubuntu qemu/kvm which provided a separate kvm-spice. - d/p/ubuntu/storage-disable-gluster-test: gluster not enabled, skip test - d/p/ubuntu/ubuntu-libxl-qemu-path.patch: this change was split. The section that adapts the path of the emulator to the Debian/Ubuntu packaging is kept. - d/p/ubuntu/ubuntu-libxl-Fix-up-VRAM-to-minimum-requirements.patch: auto set VRAM to minimum requirements - d/p/ubuntu/xen-default-uri.patch: set default URI on xen hosts - Add libxl log directory - libvirt-uri.sh: Automatically switch default libvirt URI for users on Xen dom0 via user profile (was missing on changelogs before) - d/p/ubuntu/apibuild-skip-libvirt-common.h: drop libvirt-common.h from included_files to avoid build failures due to duplicate definitions. - Update README.Debian with Ubuntu changes - Convert libvirt0, libnss_libvirt and libvirt-dev to multi-arch. - Enable some additional features on ppc64el and s390x (for arch parity) + systemtap, zfs, numa and numad on s390x. + systemtap on ppc64el. - fix conffile upgrade handling to avoid obsolete files and inactive duplicates (LP 1694159) - d/t/control, d/t/smoke-qemu-session: fixup smoke-qemu-session by making vmlinuz available and accessible (Debian bug 848314) - d/test/smoke-lxc workaround for debbug 848317/867379 - d/t/control, d/t/smoke-lxc: fix up lxc smoke test (Debian bug 848317) - Extended handling of apparmor profiles - clear lost profiles via cron - Add dnsmasq configuration to work with system wide dnsmasq (drop >18.04, no more UCA onto Xenial then which has global dnsmasq by default). - d/p/ubuntu/ubuntu_machine_type.patch: accept ubuntu types as pci440fx - conffile handling of files dropped in 3.5 (can be dropped >18.04) + /etc/init.d/virtlockd was sysv init only + /etc/apparmor.d/local/usr.sbin.libvirtd and /etc/apparmor.d/local/usr.lib.libvirt.virt-aa-helper are now generated by dh_apparmor as needed - Reworked apparmor Delta, especially the more complex delta is dropped now, also our former delta is now split into logical pieces, has improved comments and is part of a continuous upstreaming effort. Listing related remaining changes: + d/p/0001-apparmor-Allow-pygrub-to-run-on-Debian-Ubuntu.patch: apparmor: Allow pygrub to run on Debian/Ubuntu + d/p/0002-apparmor-libvirt-qemu-Allow-macvtap-access.patch: apparmor, libvirt-qemu: Allow macvtap access + d/p/0003-apparmor-libvirt-qemu-Allow-read-access-to-overcommi.patch: apparmor, libvirt-qemu: Allow read access to overcommit_memory + d/p/0004-apparmor-Explicit-deny-for-setpcap.patch: apparmor: Explicit deny for setpcap + d/p/0005-apparmor-libvirt-qemu-Allow-use-of-sgabios.patch: apparmor, libvirt-qemu: Allow use of sgabios + d/p/0006-apparmor-libvirt-qemu-Silence-lttng-related-deny-mes.patch: apparmor, libvirt-qemu: Silence lttng related deny messages + d/p/0007-apparmor-libvirt-qemu-Allow-owner-read-access-to-PRO.patch: apparmor, libvirt-qemu: Allow owner read access to @{PROC}/*/auxv + d/p/0008-apparmor-libvirt-qemu-Allow-read-access-to-sysfs-sys.patch: apparmor, libvirt-qemu: Allow read access to sysfs system info + d/p/0009-apparmor-libvirt-qemu-Allow-read-access-to-max_mem_r.patch: apparmor, libvirt-qemu: Allow read access to max_mem_regions + d/p/0010-apparmor-libvirt-qemu-Allow-qemu-block-extra-librari.patch: apparmor, libvirt-qemu: Allow qemu-block-extra libraries + d/p/0011-apparmor-libvirt-qemu-Allow-access-to-hugepage-mount.patch: apparmor, libvirt-qemu: Allow access to hugepage mounts + d/p/0012-apparmor-libvirtd-Allow-access-to-netlink-sockets.patch: apparmor, libvirtd: Allow access to netlink sockets + d/p/0013-apparmor-Add-rules-for-mediation-support.patch: apparmor: Add rules for mediation support + d/p/0014-apparmor-virt-aa-helper-Improve-comment-about-backin.patch: apparmor, virt-aa-helper: Improve comment about backing store + d/p/0015-apparmor-virt-aa-helper-Allow-access-to-ecryptfs-fil.patch: apparmor, virt-aa-helper: Allow access to ecryptfs files + d/p/0016-apparmor-libvirtd-Allow-ixr-to-var-lib-libvirt-virtd.patch: apparmor, libvirtd: Allow ixr to /var/lib/libvirt/virtd* + d/p/0017-apparmor-virt-aa-helper-Allow-access-to-tmp-director.patch: apparmor, virt-aa-helper: Allow access to tmp directories + d/p/0018-apparmor-virt-aa-helper-Add-ipv6-network-policy.patch: apparmor, virt-aa-helper: Add ipv6 network policy + d/p/0019-apparmor-virt-aa-helper-Allow-access-to-sys-bus-usb-.patch: apparmor, virt-aa-helper: Allow access to /sys/bus/usb/devices + d/p/0020-apparmor-virt-aa-helper-Allow-various-storage-pools-.patch: apparmor, virt-aa-helper: Allow various storage pools and image locations + d/p/0021-apparmor-virt-aa-helper-Add-openvswitch-support.patch: apparmor, virt-aa-helper: Add openvswitch support + d/p/0022-apparmor-drop-references-to-qemu-kvm.patch: apparmor: drop references to qemu-kvm + d/p/0023-apparmor-qemu-won-t-call-qemu-nbd.patch: apparmor: qemu won't call qemu-nbd + d/p/0024-apparmor-virt-aa-helper-Allow-access-to-name-service.patch: apparmor, virt-aa-helper: Allow access to name services + d/p/0025-apparmor-fix-newer-virt-manager-1.4.0.patch: Add Apparmor permissions so virt-manager 1.4.0 viewing works (LP 1668681). + d/p/0026-apparmor-add-generic-base-vfio-device.patch: apparmor: add /dev/vfio for vf (hot) attach (LP 1680384). + d/p/0027-apparmor-allow-reading-cmdline-of-shutdown-signal.patch: apparmor: allow to parse cmdline of the pid that send the shutdown signal (LP 1680384). + d/p/0028-apparmor-add-default-pki-path-of-lbvirt-spice.patch: apparmor: add default pki path of lbvirt-spice (LP 1690140) + d/p/0029-appmor-libvirt-qemu-Add-9p-support.patch: appmor, libvirt-qemu: Add 9p support + d/p/0030-virt-aa-helper-Complete-9p-support.patch: virt-aa-helper: add l to 9p file options. + d/p/0031-virt-aa-helper-Ask-for-no-deny-rule-for-readonly-dis.patch: virt-aa-helper: Ask for no deny rule for readonly disk (renamed and reworded, was virt-aa-helper-no-explicity-deny-for-basefiles.patch) + d/p/0032-apparmor-libvirt-qemu-Allow-reading-charm-specific-c.patch: apparmor, libvirt-qemu: Allow reading charm-specific ceph config + d/p/0033-UBUNTU-only-apparmor-for-kvm.powerpc-LP-1680384.patch: allow commands executed by ubuntu only kvm wrapper on ppc64el (LP 1686621). + d/p/0034-apparmor-virt-aa-helper-access-for-snapped-nova.patch: apparmor, virt-aa-helper: access for snapped nova * Dropped Changes (Upstream): - d/p/ubuntu/fix-libxl-default-driver-name.patch: avoid an issue with default driver entries missing name='qemu'. - d/p/u/aa-helper-Properly-link-with-storage-driver.patch (LP 1704782) Fix to be able to follow BackinStorage chains when creating per guest apparmor rules. * Dropped Changes (In Debian): - Enable esx support + Add build-dep to libcurl4-gnutls-dev (required for esx) * Added Changes: - d/p/ubuntu-aa/0035-virt-aa-helper-locking-disk-files-for-qemu-2.10.patch: for compatibility with the behavior of qemu 2.10 this adds locking permission to rules generated for disk files (LP: #1709818) -- Christian Ehrhardt <email address hidden> Thu, 10 Aug 2017 12:44:47 +0200
Available diffs
libvirt (2.5.0-3ubuntu5.5) zesty; urgency=medium * d/p/bug-1708305-qemu-Fix-memory-locking-limit-calculation.patch: Remove memlock limit when using <memoryBacking><locked/>. (LP: #1708305). -- Jorge Niedbalski <email address hidden> Fri, 11 Aug 2017 00:34:01 -0400
Available diffs
libvirt (1.3.1-1ubuntu10.14) xenial; urgency=medium * d/p/bug-1708305-qemu-Fix-memory-locking-limit-calculation.patch: Remove memlock limit when using <memoryBacking><locked/>. (LP: #1708305). -- Jorge Niedbalski <email address hidden> Thu, 10 Aug 2017 22:50:46 -0400
Available diffs
libvirt (1.3.1-1ubuntu10.13) xenial; urgency=medium * d/libvirt-bin.postinst: call apparmor_parser with options to ignore the apparmor cache and rebuild it, otherwise old apparmor rules are used and this might break upgrades (LP: #1707400) -- Andreas Hasenack <email address hidden> Tue, 01 Aug 2017 10:50:20 -0300
Available diffs
libvirt (1.2.2-0ubuntu13.1.21) trusty; urgency=medium * d/libvirt-bin.postinst: call apparmor_parser with options to ignore the apparmor cache and rebuild it, otherwise old apparmor rules are used and this might break upgrades (LP: #1707400) -- Andreas Hasenack <email address hidden> Tue, 01 Aug 2017 11:58:38 -0300
Available diffs
libvirt (2.5.0-3ubuntu5.4) zesty; urgency=medium * d/p/ubuntu/bug-1705132-* qemu: Adaptive timeout for connecting to monitor (LP: #1705132) - includes backports that make backing off on timeouts exponentially but cap the exponential increase on 1s. -- Christian Ehrhardt <email address hidden> Thu, 20 Jul 2017 13:06:02 +0200
Available diffs
libvirt (1.3.1-1ubuntu10.12) xenial; urgency=medium * d/p/ubuntu/bug-1705132-* qemu: Adaptive timeout for connecting to monitor (LP: #1705132) - includes backports that make backing off on timeouts exponentially but cap the exponential increase on 1s. -- Christian Ehrhardt <email address hidden> Wed, 19 Jul 2017 08:28:14 +0200
Available diffs
libvirt (3.5.0-1ubuntu3) artful; urgency=medium * Refresh changes to match they way they were accepted upstream - d/p/u/aa-helper-Properly-link-with-storage-driver.patch add commit reference now that it is in git. - d/p/u/fix-libxl-default-driver-name.patch: instead of addin the name this is now fixed by relaxing the schema. -- Christian Ehrhardt <email address hidden> Wed, 19 Jul 2017 12:48:39 +0200
Available diffs
libvirt (3.5.0-1ubuntu2) artful; urgency=medium * d/p/u/aa-helper-Properly-link-with-storage-driver.patch (LP: #1704782) Fix to be able to follow BackinStorage chains when creating per guest apparmor rules. -- Christian Ehrhardt <email address hidden> Tue, 18 Jul 2017 16:34:57 +0200
Available diffs
libvirt (3.5.0-1ubuntu1) artful; urgency=medium * Merged with Debian unstable (3.5) This closes several bugs: - improved handling of host-model since libvirt 3.2 (LP: #1673467) - Adding POWER9 cpu model to cpu_map.xml (LP: #1690209) * Remaining changes: - Disable sheepdog (universe dependency) - Disable libssh2 support (universe dependency) - Disable firewalld support (universe dependency) - Disable selinux - Enable esx support + Add build-dep to libcurl4-gnutls-dev (required for esx) - Set qemu-group to kvm (for compat with older ubuntu) - Regularly clear AppArmor profiles for vms that no longer exist - Additional apport package-hook - Modifications to adapt for our delayed switch away from libvirt-bin (can be dropped >18.04). + d/p/ubuntu/libvirtd-service-add-bin-alias.patch: systemd: define alias to old service name so that old references work + d/p/ubuntu/libvirtd-init-add-bin-alias.patch: sysv init: define alias to old service name so that old references work + d/control: transitional package with the old name and maintainer scripts to handle the transition - Backwards compatible handling of group rename (can be dropped >18.04). - config details and autostart of default bridged network. Creating that is now the default in general, yet our solution provides the following on top as of today: + nat only on some ports <port start='1024' end='65535'/> + autostart the default network by default + do not autostart if 192.168.122.0 is already taken (e.g. in containers) - d/p/ubuntu/Allow-libvirt-group-to-access-the-socket.patch: This is the group based access to libvirt functions as it was used in Ubuntu for quite long. + d/p/ubuntu/daemon-augeas-fix-expected.patch fix some related tests due to the group access change. - ubuntu/parallel-shutdown.patch: set parallel shutdown by default. - d/p/ubuntu/enable-kvm-spice.patch: compat with older Ubuntu qemu/kvm which provided a separate kvm-spice. - d/p/ubuntu/storage-disable-gluster-test: gluster not enabled, skip test - d/p/ubuntu/ubuntu-libxl-qemu-path.patch: this change was split. The section that adapts the path of the emulator to the Debian/Ubuntu packaging is kept. - d/p/ubuntu/ubuntu-libxl-Fix-up-VRAM-to-minimum-requirements.patch: auto set VRAM to minimum requirements - d/p/ubuntu/xen-default-uri.patch: set default URI on xen hosts - Add libxl log directory - libvirt-uri.sh: Automatically switch default libvirt URI for users on Xen dom0 via user profile (was missing on changelogs before) - d/p/ubuntu/apibuild-skip-libvirt-common.h: drop libvirt-common.h from included_files to avoid build failures due to duplicate definitions. - Update README.Debian with Ubuntu changes - Convert libvirt0, libnss_libvirt and libvirt-dev to multi-arch. - Enable some additional features on ppc64el and s390x (for arch parity) + systemtap, zfs, numa and numad on s390x. + systemtap on ppc64el. - fix conffile upgrade handling to avoid obsolete files and inactive duplicates (LP 1694159) - d/t/control, d/t/smoke-qemu-session: fixup smoke-qemu-session by making vmlinuz available and accessible (Debian bug 848314) - d/t/control, d/t/smoke-lxc: fix up lxc smoke test (Debian bug 848317) - Extended handling of apparmor profiles - clear lost profiles via cron - Add dnsmasq configuration to work with system wide dnsmasq (drop >18.04, no more UCA onto Xenial then which has global dnsmasq by default). - Reworked apparmor Delta, especially the more complex delta is dropped now, also our former delta is now split into logical pieces, has improved comments and is part of a continuous upstreaming effort. Listing related remaining changes: + d/p/0001-apparmor-Allow-pygrub-to-run-on-Debian-Ubuntu.patch: apparmor: Allow pygrub to run on Debian/Ubuntu + d/p/0002-apparmor-libvirt-qemu-Allow-macvtap-access.patch: apparmor, libvirt-qemu: Allow macvtap access + d/p/0003-apparmor-libvirt-qemu-Allow-read-access-to-overcommi.patch: apparmor, libvirt-qemu: Allow read access to overcommit_memory + d/p/0004-apparmor-Explicit-deny-for-setpcap.patch: apparmor: Explicit deny for setpcap + d/p/0005-apparmor-libvirt-qemu-Allow-use-of-sgabios.patch: apparmor, libvirt-qemu: Allow use of sgabios + d/p/0006-apparmor-libvirt-qemu-Silence-lttng-related-deny-mes.patch: apparmor, libvirt-qemu: Silence lttng related deny messages + d/p/0007-apparmor-libvirt-qemu-Allow-owner-read-access-to-PRO.patch: apparmor, libvirt-qemu: Allow owner read access to @{PROC}/*/auxv + d/p/0008-apparmor-libvirt-qemu-Allow-read-access-to-sysfs-sys.patch: apparmor, libvirt-qemu: Allow read access to sysfs system info + d/p/0009-apparmor-libvirt-qemu-Allow-read-access-to-max_mem_r.patch: apparmor, libvirt-qemu: Allow read access to max_mem_regions + d/p/0010-apparmor-libvirt-qemu-Allow-qemu-block-extra-librari.patch: apparmor, libvirt-qemu: Allow qemu-block-extra libraries + d/p/0011-apparmor-libvirt-qemu-Allow-access-to-hugepage-mount.patch: apparmor, libvirt-qemu: Allow access to hugepage mounts + d/p/0012-apparmor-libvirtd-Allow-access-to-netlink-sockets.patch: apparmor, libvirtd: Allow access to netlink sockets + d/p/0013-apparmor-Add-rules-for-mediation-support.patch: apparmor: Add rules for mediation support + d/p/0014-apparmor-virt-aa-helper-Improve-comment-about-backin.patch: apparmor, virt-aa-helper: Improve comment about backing store + d/p/0015-apparmor-virt-aa-helper-Allow-access-to-ecryptfs-fil.patch: apparmor, virt-aa-helper: Allow access to ecryptfs files + d/p/0016-apparmor-libvirtd-Allow-ixr-to-var-lib-libvirt-virtd.patch: apparmor, libvirtd: Allow ixr to /var/lib/libvirt/virtd* + d/p/0017-apparmor-virt-aa-helper-Allow-access-to-tmp-director.patch: apparmor, virt-aa-helper: Allow access to tmp directories + d/p/0018-apparmor-virt-aa-helper-Add-ipv6-network-policy.patch: apparmor, virt-aa-helper: Add ipv6 network policy + d/p/0019-apparmor-virt-aa-helper-Allow-access-to-sys-bus-usb-.patch: apparmor, virt-aa-helper: Allow access to /sys/bus/usb/devices + d/p/0020-apparmor-virt-aa-helper-Allow-various-storage-pools-.patch: apparmor, virt-aa-helper: Allow various storage pools and image locations + d/p/0021-apparmor-virt-aa-helper-Add-openvswitch-support.patch: apparmor, virt-aa-helper: Add openvswitch support + d/p/0022-apparmor-drop-references-to-qemu-kvm.patch: apparmor: drop references to qemu-kvm + d/p/0023-apparmor-qemu-won-t-call-qemu-nbd.patch: apparmor: qemu won't call qemu-nbd + d/p/0024-apparmor-virt-aa-helper-Allow-access-to-name-service.patch: apparmor, virt-aa-helper: Allow access to name services + d/p/0025-apparmor-fix-newer-virt-manager-1.4.0.patch: Add Apparmor permissions so virt-manager 1.4.0 viewing works (LP 1668681). + d/p/0026-apparmor-add-generic-base-vfio-device.patch: apparmor: add /dev/vfio for vf (hot) attach (LP 1680384). + d/p/0027-apparmor-allow-reading-cmdline-of-shutdown-signal.patch: apparmor: allow to parse cmdline of the pid that send the shutdown signal (LP 1680384). + (28 is a new patch, listed in added changes) + d/p/0029-appmor-libvirt-qemu-Add-9p-support.patch: appmor, libvirt-qemu: Add 9p support + d/p/0030-virt-aa-helper-Complete-9p-support.patch: virt-aa-helper: add l to 9p file options. + d/p/0031-virt-aa-helper-Ask-for-no-deny-rule-for-readonly-dis.patch: virt-aa-helper: Ask for no deny rule for readonly disk (renamed and reworded, was virt-aa-helper-no-explicity-deny-for-basefiles.patch) + d/p/0032-apparmor-libvirt-qemu-Allow-reading-charm-specific-c.patch: apparmor, libvirt-qemu: Allow reading charm-specific ceph config + d/p/0033-UBUNTU-only-apparmor-for-kvm.powerpc-LP-1680384.patch: allow commands executed by ubuntu only kvm wrapper on ppc64el (LP 1686621). + d/p/0034-apparmor-virt-aa-helper-access-for-snapped-nova.patch: apparmor, virt-aa-helper: access for snapped nova - remaining but updated to match the latest release + d/p/Disable-use-of-namespaces-by-default.patch (Debian change) + d/p/Reduce-udevadm-settle-timeout-to-10-seconds.patch (Debian change) + d/p/debian/apparmor_profiles_local_include.patch Include local apparmor profile (Debian change) + d/p/ubuntu/ubuntu_machine_type.patch: accept ubuntu types as pci440fx + d/test/smoke-lxc workaround for debbug 848317/867379 * Dropped Changes (Upstream): - Add missing apparmor rule for debug-threads feature (LP 1615550). - Add new block device types to virt-aa-helpers profile (LP 1641618) - d/p/ubuntu/storage-default-permission-mode-to-0711: safer default perms for storage dirs like /var/lib/libvirt/images. - d/p/ubuntu/libvirtd-service-nolimit.patch: remove proc/file/task limits to support huge systems. - d/p/ubuntu/libvirtd-service-set-notifyaccess.patch: set NotifyAccess=all in libvirtd.service (-d not allowed to be specified, everything else upstream so drop delta; LP 1574566). - d/p/ubuntu/qemu_process-spice-don-t-release-used-port.patch: qemu_process spice: don't release used port (LP 1697729). - d/p/ubuntu/virsh-maxvcpu-fall-back-to-old-command.patch: virsh: maxvcpus: Always fall back to the old command if domain caps fail (LP 1674298) - d/p/ubuntu/qemu-Allow-empty-script-path-to-interface.patch: in the past it was possible to have <script path=''/> which now fails - fix to match the old behavior (LP 1665698) - Reworked apparmor Delta and started upstreaming, listing related changes dropped: + Apparmor feature parsing to depend on new apparmor features which appear in different versions across distributions (no more needed >=Xenial, allows to now separate changes and upstream more easily). + d/p/ubuntu/Ensure-disk-names-follow-the-disk-name-regex.patch: guarantee disk spec is following the defined regex (LP 1665410). + d/p/ubuntu/virt-aa-helper-add-guest-agent-rule.patch: add virt-aa-helper rule allowing all private channel access. + d/p/ubuntu/virt-aa-helper-apparmor-allow-usr-share-AAVMF-too.patch: virt-aa-helper to allow access to aarch64 UEFI images. + d/rules, apparmor: include and install local apparmor profiles (This is now done by dh_apparmor automatically) + add local apparmor override templates (provided by dh_apparmor now) + Fix name resolution calls from virt-aa-helper profile (LP 1546674). + virt-aa-helper, apparmor: allow /usr/share/OVMF/ too + virt-aa-helper: Generalize test for firmware paths + apparmor, virt-aa-helper: Allow aarch64 UEFI. + apparmor, libvirt-qemu: Add ppc64el related changes + apparmor, libvirtd: Allow libxl-save-helper to run on Debian/Ubuntu + apparmor, libvirt-qemu: Allow access to ceph config + apparmor, libvirt-qemu: Allow access to certificates used by libvirt-vnc + apparmor, virt-aa-helper: Explicit denies for host devices + apparmor, virt-aa-helper: Allow access to libnl-3 config files + apparmor, libvirt-qemu: allow access to pt_chown for pty consoles * Dropped Changes (In Debian): - d/rules: debhelper start virtlogd.socket - d/p/ubuntu/Debianize-virtlogd-service.patch: Adapt config file location for Debian based systems. - Additional debian/bug-presubj - Extended handling of apparmor profiles - reload and remove in maintainer scripts (dh_apparmor* now generate these snippets) * Dropped Changes (no SysV anymore): - Add sysvinit script for virtlockd - Wait on socket in sysvinit script - d/rules: dh_installinit virtlockd (was part of "Cleanup systemd debhelper" - d/p/ubuntu/Debianize-virtlockd-init.patch: Fix default config path in virtlockd.init for Debian based systems. * Dropped Changes (other reasons): - d/p/ubuntu/dnsmasq-as-priv-user: configuration to run as extra user This used group libvirt instead of nobody which makes it worse; Needs to be fixed upstream (LP: #1690729). + d/p/ubuntu/disable-network-test.patch: disable test failing due to dnsmasq changes. - Add .gitignore for .pc - we keep lxc support as Debian does, but stop adding delta. It feels somewhat less maintained than e.g. libvirt for qemu. Also for secure and comfortable container management lxd is clearly preferred. The delta caused more issues than it solved so deliver libvirt-lxc as-is and drop the related delta. + d/p/ubuntu/9031-enable-lxc-apparmor: enable apparmor confinement of containers by default. + d/p/ubuntu/9032-lxc-allow-no-security-driver: allow empty sec driver for libvirt-lxc. - The following xen changes are no more required with current versions + d/p/ubuntu/ubuntu-libxl-hvmloader-path.patch: Fallback for libxl xen paths (LP 1459603) + d/p/ubuntu/ubuntu-libxl-qemu-path.patch: this change was split. The section about compat to the very old qemu-dm name is no more needed. + d/p/ubuntu/libxl-fix-test-data.patch and d/p/ubuntu/fix-xen-xml-in-tests.patch: updated and unified into the former one + also updated the maintainer notes to ease updating. + d/p/ubuntu/libxl-no-dm-check.patch: Stop calling emulator to identify device-model * Added Changes: - d/p/0028-apparmor-add-default-pki-path-of-lbvirt-spice.patch: apparmor: add default pki path of lbvirt-spice (LP: #1690140) - conffile handling of files dropped in 3.5 (can be dropped >18.04) + /etc/init.d/virtlockd was sysv init only + /etc/apparmor.d/local/usr.sbin.libvirtd and /etc/apparmor.d/local/usr.lib.libvirt.virt-aa-helper are now generated by dh_apparmor as needed - d/p/ubuntu/fix-libxl-default-driver-name.patch: avoid an issue with default driver entries missing name='qemu'. -- Christian Ehrhardt <email address hidden> Thu, 06 Jul 2017 15:43:17 +0200
Available diffs
- diff from 2.5.0-3ubuntu11 to 3.5.0-1ubuntu1 (21.2 MiB)
libvirt (1.3.1-1ubuntu10.11) xenial; urgency=medium * d/apparmor/usr.lib.libvirt.virt-aa-helper: Allow access to base images and snapshots stored in nova-hypervisor snap's $SNAP_COMMON directory, enabling use of the libvirt deb from the nova-hypervisor snap (LP: #1644507). -- Corey Bryant <email address hidden> Thu, 22 Jun 2017 14:43:11 -0400
Available diffs
libvirt (2.5.0-3ubuntu11) artful; urgency=medium * d/p/ubuntu/0004-apparmor-apply-ubuntu-delta.patch: Adjust to also allow access to snapshots in nova-hypervisor snap's $SNAP_COMMON directory (LP: #1644507). -- Corey Bryant <email address hidden> Wed, 05 Jul 2017 13:55:19 -0400
Available diffs
- diff from 2.5.0-3ubuntu10 to 2.5.0-3ubuntu11 (675 bytes)
libvirt (2.5.0-3ubuntu5.3) zesty; urgency=medium * d/p/ubuntu/0004-apparmor-apply-ubuntu-delta.patch: Allow access to base images and snapshots stored in nova-hypervisor snap's $SNAP_COMMON directory, enabling use of the libvirt deb from the nova-hypervisor snap (LP: #1644507). -- Corey Bryant <email address hidden> Thu, 22 Jun 2017 14:39:39 -0400
Available diffs
libvirt (2.5.0-3ubuntu10) artful; urgency=medium * d/p/ubuntu/0004-apparmor-apply-ubuntu-delta.patch: Allow access to base images stored in nova-hypervisor snap's $SNAP_COMMON directory, enabling use of the libvirt deb from the nova-hypervisor snap (LP: #1644507). -- Corey Bryant <email address hidden> Thu, 22 Jun 2017 14:29:39 -0400
Available diffs
libvirt (2.5.0-3ubuntu5.2) zesty; urgency=medium * d/p/ubuntu/qemu_process-spice-don-t-release-used-port.patch: qemu_process spice: don't release used port (LP: #1697729) - upstream in libvirt 3.1. -- Christian Ehrhardt <email address hidden> Mon, 19 Jun 2017 07:52:32 +0200
libvirt (2.5.0-3ubuntu9) artful; urgency=medium * d/p/ubuntu/qemu_process-spice-don-t-release-used-port.patch: qemu_process spice: don't release used port (LP: #1697729) - upstream in libvirt 3.1. -- Christian Ehrhardt <email address hidden> Wed, 14 Jun 2017 14:49:16 +0200
Available diffs
151 → 225 of 750 results | First • Previous • Next • Last |