Change log for libvirt package in Ubuntu
| 76 → 150 of 750 results | First • Previous • Next • Last |
libvirt (4.0.0-1ubuntu8.19) bionic; urgency=medium
* d/p/lp1915811-fix-numa-topology.patch: Fix NUMA topology population for
machines with a high number of CPUs (LP: #1915811)
Available diffs
libvirt (1.3.1-1ubuntu10.31) xenial; urgency=medium
* d/p/lp1915811-fix-numa-topology.patch: Fix NUMA topology population for
machines with a high number of CPUs (LP: #1915811)
-- Victor Manuel Tapia King <email address hidden> Mon, 22 Feb 2021 13:44:48 +0100
Available diffs
libvirt (6.6.0-1ubuntu3.4) groovy; urgency=medium * d/p/lp1915811-*: Fix NUMA topology population for machines with high number of CPUs (LP: #1915811) -- Victor Manuel Tapia King <email address hidden> Mon, 22 Feb 2021 12:23:53 +0100
Available diffs
libvirt (6.0.0-0ubuntu8.8) focal; urgency=medium * d/p/lp1915811-*: Fix NUMA topology population for machines with high number of CPUs (LP: #1915811) -- Victor Manuel Tapia King <email address hidden> Fri, 19 Feb 2021 17:15:56 +0100
Available diffs
| Superseded in impish-release |
| Superseded in impish-release |
| Obsolete in hirsute-release |
| Deleted in hirsute-proposed (Reason: moved to Release) |
libvirt (7.0.0-2ubuntu1) hirsute; urgency=medium
* Merge with Debian 7.0.0-1 from Debian unstable
Remaining changes:
- libvirt-uri.sh: Automatically switch default libvirt URI for users
via user profile (xen URI on dom0, qemu:///system otherwise)
[contains lintian fixups of 6.6.0-1ubuntu1]
- Disable libssh2 support (universe dependency)
- Disable firewalld support (universe dependency)
- d/control: add libzfslinux-dev to build-deps
- d/control: drop libvirt-lxc, vbox and xen drivers to suggest
- d/control: breaks replaces for augeas lenses move in 6.0.0-1
(follows Debian, droppable >22.04)
- debian/rules: disable the netcf backend. (LP: 1764314)
- debian/patches/ubuntu/ovmf_paths.patch: adjust paths to secboot.fd UEFI
Secure Boot enabled variants of the OVMF firmware and variable store for
the paths where we ship these files in Ubuntu.
- Set qemu-group to kvm (for compat with older ubuntu)
- Additional apport package-hook
- Autostart default bridged network (As upstream does, but not Debian).
In addition to just enabling it our solution provides:
+ do not autostart if subnet is already taken (e.g. in guests).
+ iterate some alternative subnets before giving up
- d/p/ubuntu/Allow-libvirt-group-to-access-the-socket.patch: This is
the group based access to libvirt functions as it was used in Ubuntu
for quite a long time.
+ d/p/ubuntu/daemon-augeas-fix-expected.patch fix some related tests
due to the group access change.
+ d/libvirt-daemon-system.postinst: add users in sudo to the libvirt
group.
- ubuntu/parallel-shutdown.patch: set parallel shutdown by default.
- Update README.Debian with Ubuntu changes
- d/p/ubuntu/ubuntu_machine_type.patch: accept ubuntu types as pci440fx
- fix autopkgtests (LP 1899180)
+ d/t/control, d/t/smoke-qemu-session: fixup smoke-qemu-session by making
vmlinuz available and accessible (Debian bug 848314)
+ d/t/control: fix smoke-qemu-session by ensuring the service will run
installing libvirt-daemon-system
+ d/t/smoke-lxc: fix smoke-lxc by ignoring potential issues on destroy as
long as the following undefine succeeds
+ d/t/smoke-lxc: use systemd instead of sysV to restart the service
+ d/t/control, d/t/smoke-lxc: retry service restart and skip test if
failing; This was flaky on some release/architectures
+ d/t/smoke-lxc: retry check_domain being flaky on arm64
- dnsmasq related enhancements
[now contains dnsmasq-as-priv-user of 6.6.0-1ubuntu1]
+ run dnsmasq as libvirt-dnsmasq (LP: 1743718)
+ d/libvirt-daemon-system.postinst: add libvirt-dnsmasq user and group
+ d/libvirt-daemon-system.postrm: remove libvirt-dnsmasq user and group
on purge
+ d/p/ubuntu/dnsmasq-as-priv-user: write dnsmasq config with user
libvirt-dnsmasq and adapt the self tests to expect that config
+ d/libvirt-daemon-system.postinst: fix old libvirt-dnsmasq users group
+ Add dnsmasq configuration to work with system wide dnsmasq-base
- d/p/ubuntu/set-default-machine-to-ubuntu.patch: to select default
machine type correctly with newer qemu/libvirt
- d/p/ubuntu/lp-1861125-ubuntu-models: recognize Ubuntu models for
(LP 1861125) fixups
- d/p/ubuntu/wait-for-qemu-kvm.patch - avoid hangs on startup (LP 1887592)
- remove Debian debian/Revert-m4-virt-xdr-rewrite-XDR-check.patch as with
recent ubuntu glibx 2.32 it is breaking the build
- d/control: add libtirpc for rpc.h with glibc >=2.32
- Apparmor Delta that is Ubuntu specific or yet to be upstreamed
split into logical pieces. File names in debian/patches/ubuntu-aa/:
+ 0020-virt-aa-helper-ubuntu-storage-paths.patch:
apparmor, virt-aa-helper: Allow various storage pools and image
locations
+ 0029-appmor-libvirt-qemu-Add-9p-support.patch: appmor,
libvirt-qemu: Add 9p support
+ 0031-virt-aa-helper-Ask-for-no-deny-rule-for-readonly-dis.patch:
virt-aa-helper: Ask for no deny rule for readonly disk (renamed and
reworded, was virt-aa-helper-no-explicity-deny-for-basefiles.patch)
+ 0032-apparmor-libvirt-qemu-Allow-reading-charm-specific-c.patch:
apparmor, libvirt-qemu: Allow reading charm-specific ceph config
+ 0033-UBUNTU-only-apparmor-for-kvm.powerpc-LP-1680384.patch: allow
commands executed by ubuntu only kvm wrapper on ppc64el
(LP 1686621 LP 1680384 LP 1784023)
+ 0034-apparmor-virt-aa-helper-access-for-snapped-nova.patch:
apparmor, virt-aa-helper: access for snapped nova
+ lp-1815910-allow-vhost-net.patch: avoid apparmor issues
with vhost-net/vhost-vsock/vhost-scsi hotplug (LP: 1815910)
- d/p/u/lp-1913266-*: add vsock options to be usable with s390x secure
execution (LP 1913266)
* Dropped Changes [in Debian now]
- Avoid various issues around service/socket status after install/reinstall
and on upgrades (LP 1914054).
- d/rules: let sockets use --no-stop-on-upgrade to avoid false positives
- d/rules: --no-restart-after-upgrade does not prevent restarts
- d/rules: avoid --no-start which breaks .sockets on re-install
- d/rules: start, but do not restart libvirt-guests.service
- Dependency improvements yet unreleased from salsa/debian/master thanks
to Andrea Bolognani (Debian #981435).
- control: Always explicitly depend on libvirt0
- control: Always use versioned deps for libvirt components
- d/control: extend demotion of libvirt-lxc related dependencies to
libvirt-login-shell
Available diffs
- diff from 7.0.0-2ubuntu2 to 7.0.0-2ubuntu1 (3.4 KiB)
- diff from 7.0.0-1ubuntu2 to 7.0.0-2ubuntu1 (3.2 KiB)
libvirt (6.0.0-0ubuntu8.7) focal; urgency=medium
* d/p/u/lp-1913266-qemu-Add-virtio-related-options-to-vsock.patch: allow
vsock to work in secure execution environments. (LP: #1913266)
Available diffs
libvirt (6.6.0-1ubuntu3.3) groovy; urgency=medium
* d/p/u/lp-1913266-qemu-Add-virtio-related-options-to-vsock.patch: allow
vsock to work in secure execution environments. (LP: #1913266)
Available diffs
libvirt (7.0.0-1ubuntu2) hirsute; urgency=medium
* d/control: extend demotion of libvirt-lxc related dependencies to
libvirt-login-shell
-- Christian Ehrhardt <email address hidden> Thu, 04 Feb 2021 13:44:49 +0100
Available diffs
- diff from 6.9.0-1ubuntu4 to 7.0.0-1ubuntu2 (1.7 MiB)
- diff from 7.0.0-1ubuntu1 to 7.0.0-1ubuntu2 (512 bytes)
| Superseded in hirsute-proposed |
libvirt (7.0.0-1ubuntu1) hirsute; urgency=medium
* Merge with Debian 7.0.0-1 from Debian unstable
This fixes unwanted conffile prompts (LP: #1906248)
Remaining changes:
- libvirt-uri.sh: Automatically switch default libvirt URI for users
via user profile (xen URI on dom0, qemu:///system otherwise)
[contains lintian fixups of 6.6.0-1ubuntu1]
- Disable libssh2 support (universe dependency)
- Disable firewalld support (universe dependency)
- d/control: add libzfslinux-dev to build-deps
- d/control: drop libvirt-lxc, vbox and xen drivers to suggest
- d/control: breaks replaces for augeas lenses move in 6.0.0-1
(follows Debian, droppable >22.04)
- debian/rules: disable the netcf backend. (LP: 1764314)
- debian/patches/ubuntu/ovmf_paths.patch: adjust paths to secboot.fd UEFI
Secure Boot enabled variants of the OVMF firmware and variable store for
the paths where we ship these files in Ubuntu.
- Set qemu-group to kvm (for compat with older ubuntu)
- Additional apport package-hook
- Autostart default bridged network (As upstream does, but not Debian).
In addition to just enabling it our solution provides:
+ do not autostart if subnet is already taken (e.g. in guests).
+ iterate some alternative subnets before giving up
- d/p/ubuntu/Allow-libvirt-group-to-access-the-socket.patch: This is
the group based access to libvirt functions as it was used in Ubuntu
for quite a long time.
+ d/p/ubuntu/daemon-augeas-fix-expected.patch fix some related tests
due to the group access change.
+ d/libvirt-daemon-system.postinst: add users in sudo to the libvirt
group.
- ubuntu/parallel-shutdown.patch: set parallel shutdown by default.
- Update README.Debian with Ubuntu changes
- d/p/ubuntu/ubuntu_machine_type.patch: accept ubuntu types as pci440fx
- fix autopkgtests (LP 1899180)
+ d/t/control, d/t/smoke-qemu-session: fixup smoke-qemu-session by making
vmlinuz available and accessible (Debian bug 848314)
+ d/t/control: fix smoke-qemu-session by ensuring the service will run
installing libvirt-daemon-system
+ d/t/smoke-lxc: fix smoke-lxc by ignoring potential issues on destroy as
long as the following undefine succeeds
+ d/t/smoke-lxc: use systemd instead of sysV to restart the service
+ d/t/control, d/t/smoke-lxc: retry service restart and skip test if
failing; This was flaky on some release/architectures
+ d/t/smoke-lxc: retry check_domain being flaky on arm64
- dnsmasq related enhancements
[now contains dnsmasq-as-priv-user of 6.6.0-1ubuntu1]
+ run dnsmasq as libvirt-dnsmasq (LP: 1743718)
+ d/libvirt-daemon-system.postinst: add libvirt-dnsmasq user and group
+ d/libvirt-daemon-system.postrm: remove libvirt-dnsmasq user and group
on purge
+ d/p/ubuntu/dnsmasq-as-priv-user: write dnsmasq config with user
libvirt-dnsmasq and adapt the self tests to expect that config
+ d/libvirt-daemon-system.postinst: fix old libvirt-dnsmasq users group
+ Add dnsmasq configuration to work with system wide dnsmasq-base
- d/p/ubuntu/set-default-machine-to-ubuntu.patch: to select default
machine type correctly with newer qemu/libvirt
- d/p/ubuntu/lp-1861125-ubuntu-models: recognize Ubuntu models for
(LP 1861125) fixups
- d/p/ubuntu/wait-for-qemu-kvm.patch - avoid hangs on startup (LP 1887592)
- remove Debian debian/Revert-m4-virt-xdr-rewrite-XDR-check.patch as with
recent ubuntu glibx 2.32 it is breaking the build
- d/control: add libtirpc for rpc.h with glibc >=2.32
- Apparmor Delta that is Ubuntu specific or yet to be upstreamed
split into logical pieces. File names in debian/patches/ubuntu-aa/:
+ 0020-virt-aa-helper-ubuntu-storage-paths.patch:
apparmor, virt-aa-helper: Allow various storage pools and image
locations
+ 0029-appmor-libvirt-qemu-Add-9p-support.patch: appmor,
libvirt-qemu: Add 9p support
+ 0031-virt-aa-helper-Ask-for-no-deny-rule-for-readonly-dis.patch:
virt-aa-helper: Ask for no deny rule for readonly disk (renamed and
reworded, was virt-aa-helper-no-explicity-deny-for-basefiles.patch)
+ 0032-apparmor-libvirt-qemu-Allow-reading-charm-specific-c.patch:
apparmor, libvirt-qemu: Allow reading charm-specific ceph config
+ 0033-UBUNTU-only-apparmor-for-kvm.powerpc-LP-1680384.patch: allow
commands executed by ubuntu only kvm wrapper on ppc64el
(LP 1686621 LP 1680384 LP 1784023)
+ 0034-apparmor-virt-aa-helper-access-for-snapped-nova.patch:
apparmor, virt-aa-helper: access for snapped nova
+ lp-1815910-allow-vhost-net.patch: avoid apparmor issues
with vhost-net/vhost-vsock/vhost-scsi hotplug (LP: 1815910)
* Dropped Changes [in Debian now]
- 0050-local-include-for-libvirt-qemu.patch,
d/libvirt-daemon-system.postinst: provide a local apparmor include
for abstraction/libvirt-qemu (LP: 1786019)
* Dropped Changes [in upstream now]
- d/p/ubuntu-aa/apparmor-allow-kvm-spice-compat-wrapper.patch: fix migrating
pre-Focal guests by allowing kvm-spice
- virt-ssh-helper: fix slow migrations and volume transfers (LP 1904584)
- d/p/ubuntu/lp-1904584-remote-make-ssh-helper-massively-faster.patch
- d/p/ubuntu/lp-1904584-util-avoid-glib-event-loop-workaround.patch
* Dropped Changes [ready for main]
- d/control: drop mdevctl to a suggest until (LP: #1889248) is ready
* Added Changes:
- Avoid various issues around service/socket status after install/reinstall
and on upgrades (LP: #1914054).
- d/rules: let sockets use --no-stop-on-upgrade to avoid false positives
- d/rules: --no-restart-after-upgrade does not prevent restarts
- d/rules: avoid --no-start which breaks .sockets on re-install
- d/rules: start, but do not restart libvirt-guests.service
- d/p/u/lp-1913266-*: add vsock options to be usable with s390x secure
execution (LP: #1913266)
- Dependency improvements yet unreleased from salsa/debian/master thanks
to Andrea Bolognani (Debian #981435).
- control: Always explicitly depend on libvirt0
- control: Always use versioned deps for libvirt components
Available diffs
| Superseded in bionic-proposed |
libvirt (4.0.0-1ubuntu8.18) bionic; urgency=medium * Improve flaky smoke-lxc test (LP: #1899180) - d/t/control, d/t/smoke-lxc: retry service restart and skip test if failing; This was flaky on some release/architectures - d/t/smoke-lxc: retry check_domain being flaky on arm64 -- Christian Ehrhardt <email address hidden> Mon, 07 Dec 2020 08:25:47 +0100
Available diffs
| Superseded in focal-proposed |
libvirt (6.0.0-0ubuntu8.6) focal; urgency=medium * Improve flaky smoke-lxc test (LP: #1899180) - d/t/control, d/t/smoke-lxc: retry service restart and skip test if failing; This was flaky on some release/architectures - d/t/smoke-lxc: retry check_domain being flaky on arm64 -- Christian Ehrhardt <email address hidden> Tue, 08 Dec 2020 15:09:17 +0100
Available diffs
| Superseded in groovy-proposed |
libvirt (6.6.0-1ubuntu3.2) groovy; urgency=medium * Improve flaky smoke-lxc test (LP: #1899180) - d/t/control, d/t/smoke-lxc: retry service restart and skip test if failing; This was flaky on some release/architectures - d/t/smoke-lxc: retry check_domain being flaky on arm64 -- Christian Ehrhardt <email address hidden> Fri, 04 Dec 2020 08:12:02 +0100
Available diffs
libvirt (6.9.0-1ubuntu4) hirsute; urgency=medium * Improve flaky smoke-lxc test (LP: #1899180) - d/t/control, d/t/smoke-lxc: retry service restart and skip test if failing; This was flaky on some release/architectures - d/t/smoke-lxc: retry check_domain being flaky on arm64 -- Christian Ehrhardt <email address hidden> Fri, 04 Dec 2020 08:12:02 +0100
Available diffs
libvirt (6.9.0-1ubuntu3) hirsute; urgency=high * No change rebuild against wireshark 3.4.0 -- Balint Reczey <email address hidden> Mon, 07 Dec 2020 08:06:59 +0100
Available diffs
- diff from 6.9.0-1ubuntu2 to 6.9.0-1ubuntu3 (359 bytes)
libvirt (6.9.0-1ubuntu2) hirsute; urgency=medium * virt-ssh-helper: fix slow migrations and volume transfers (LP: #1904584) - d/p/ubuntu/lp-1904584-remote-make-ssh-helper-massively-faster.patch - d/p/ubuntu/lp-1904584-util-avoid-glib-event-loop-workaround.patch -- Christian Ehrhardt <email address hidden> Thu, 26 Nov 2020 16:52:23 +0100
Available diffs
libvirt (6.9.0-1ubuntu1) hirsute; urgency=medium
* Merge with Debian 6.8.0-1 from unstable
Remaining changes:
- libvirt-uri.sh: Automatically switch default libvirt URI for users
via user profile (xen URI on dom0, qemu:///system otherwise)
[contains lintian fixups of 6.6.0-1ubuntu1]
- Disable libssh2 support (universe dependency)
- Disable firewalld support (universe dependency)
- d/control: add libzfslinux-dev to build-deps
- d/control: drop libvirt-lxc, vbox and xen drivers to suggest
- d/control: breaks replaces for augeas lenses move in 6.0.0-1
(follows Debian, droppable >22.04)
- d/control: drop mdevctl to a suggest until (LP 1889248) is ready
- debian/rules: disable the netcf backend. (LP: 1764314)
- debian/patches/ubuntu/ovmf_paths.patch: adjust paths to secboot.fd UEFI
Secure Boot enabled variants of the OVMF firmware and variable store for
the paths where we ship these files in Ubuntu.
- Set qemu-group to kvm (for compat with older ubuntu)
- Additional apport package-hook
- Autostart default bridged network (As upstream does, but not Debian).
In addition to just enabling it our solution provides:
+ do not autostart if subnet is already taken (e.g. in guests).
+ iterate some alternative subnets before giving up
- d/p/ubuntu/Allow-libvirt-group-to-access-the-socket.patch: This is
the group based access to libvirt functions as it was used in Ubuntu
for quite a long time.
+ d/p/ubuntu/daemon-augeas-fix-expected.patch fix some related tests
due to the group access change.
+ d/libvirt-daemon-system.postinst: add users in sudo to the libvirt
group.
- ubuntu/parallel-shutdown.patch: set parallel shutdown by default.
- Update README.Debian with Ubuntu changes
- d/p/ubuntu/ubuntu_machine_type.patch: accept ubuntu types as pci440fx
- fix autopkgtests
+ d/t/control, d/t/smoke-qemu-session: fixup smoke-qemu-session by making
vmlinuz available and accessible (Debian bug 848314)
+ d/t/control: fix smoke-qemu-session by ensuring the service will run
installing libvirt-daemon-system
+ d/t/smoke-lxc: fix smoke-lxc by ignoring potential issues on destroy as
long as the following undefine succeeds
+ d/t/smoke-lxc: use systemd instead of sysV to restart the service
- dnsmasq related enhancements
[now contains dnsmasq-as-priv-user of 6.6.0-1ubuntu1]
+ run dnsmasq as libvirt-dnsmasq (LP: 1743718)
+ d/libvirt-daemon-system.postinst: add libvirt-dnsmasq user and group
+ d/libvirt-daemon-system.postrm: remove libvirt-dnsmasq user and group
on purge
+ d/p/ubuntu/dnsmasq-as-priv-user: write dnsmasq config with user
libvirt-dnsmasq and adapt the self tests to expect that config
+ d/libvirt-daemon-system.postinst: fix old libvirt-dnsmasq users group
+ Add dnsmasq configuration to work with system wide dnsmasq-base
- d/p/ubuntu/set-default-machine-to-ubuntu.patch: to select default
machine type correctly with newer qemu/libvirt
- d/p/ubuntu/lp-1861125-ubuntu-models: recognize Ubuntu models for
(LP 1861125) fixups
- d/p/ubuntu/wait-for-qemu-kvm.patch - avoid hangs on startup (LP 1887592)
- Apparmor Delta that is Ubuntu specific or yet to be upstreamed
split into logical pieces. File names in debian/patches/ubuntu-aa/:
+ 0020-virt-aa-helper-ubuntu-storage-paths.patch:
apparmor, virt-aa-helper: Allow various storage pools and image
locations
+ 0029-appmor-libvirt-qemu-Add-9p-support.patch: appmor,
libvirt-qemu: Add 9p support
+ 0031-virt-aa-helper-Ask-for-no-deny-rule-for-readonly-dis.patch:
virt-aa-helper: Ask for no deny rule for readonly disk (renamed and
reworded, was virt-aa-helper-no-explicity-deny-for-basefiles.patch)
+ 0032-apparmor-libvirt-qemu-Allow-reading-charm-specific-c.patch:
apparmor, libvirt-qemu: Allow reading charm-specific ceph config
+ 0033-UBUNTU-only-apparmor-for-kvm.powerpc-LP-1680384.patch: allow
commands executed by ubuntu only kvm wrapper on ppc64el
(LP 1686621 LP 1680384 LP 1784023)
+ 0034-apparmor-virt-aa-helper-access-for-snapped-nova.patch:
apparmor, virt-aa-helper: access for snapped nova
+ 0050-local-include-for-libvirt-qemu.patch,
d/libvirt-daemon-system.postinst: provide a local apparmor include
for abstraction/libvirt-qemu (LP: 1786019)
+ lp-1815910-allow-vhost-net.patch: avoid apparmor issues
with vhost-net/vhost-vsock/vhost-scsi hotplug (LP: 1815910)
* Dropped Changes [in Debian now]
- d/p/u/lp-1892826-Revert-m4-virt-xdr-rewrite-XDR-check.patch: avoid clashes
between libtripc and glibc that break libvirt-lxc (LP 1892826)
* Dropped Changes [in upstream now]
- d/p/ubuntu/lp-1901242-util-Fix-logic-in-virFileSetCOW.patch: fix dir pool
handling on non BTRFS affecting virt-manager, api and commandline pool
handling (LP 1901242)
- d/p/ubuntu-aa/lp-1892736-apparmor-allow-libvirtd-to-call-virtiofsd.patch:
allow libvirt to control virtiofsd (LP 1892736)
- d/p/ubuntu-aa/apparmor-allow-unmounting-.dev-entries.patch: avoid
triggering denials in devmapper error path
- d/p/ubuntu-aa/apparmor-profiles-are-meant-to-allow-adding-permanen.patch:
(again) allow permanent per guest overrides (LP 1745114)
- d/p/ubuntu-aa/lp-1847361-load-versioned-module.patch: allow loading
versioned modules after qemu package upgrades (LP 1847361)
- d/p/ubuntu-aa/0003-apparmor-libvirt-qemu-Allow-read-access-to-overcommi.
patch: apparmor, libvirt-qemu: Allow read access to overcommit_memory
- d/p/ubuntu-aa/0007-apparmor-libvirt-qemu-Allow-owner-read-access-to-PRO.
patch: apparmor, libvirt-qemu: Allow owner read access to @{PROC}/*/auxv
- d/p/ubuntu/lp-1887490-*: add named types and definitions for EPYC-Rome
chips (LP 1887490)
- 0030-virt-aa-helper-Complete-9p-support.patch: virt-aa-helper:
add l to 9p file options.
* Added Changes
- d/p/ubuntu/daemon-augeas-fix-expected.patch: update for 6.9
- d/p/ubuntu/Allow-libvirt-group-to-access-the-socket.patch: update for 6.9
- remove Debian debian/Revert-m4-virt-xdr-rewrite-XDR-check.patch as with
recent ubuntu glibx 2.32 it is breaking the build
- d/control: add libtirpc for rpc.h with glibc >=2.32
- d/p/ubuntu-aa/apparmor-allow-kvm-spice-compat-wrapper.patch: fix migrating
pre-Focal guests by allowing kvm-spice
Available diffs
libvirt (6.6.0-1ubuntu3.1) groovy; urgency=medium
* d/p/ubuntu/lp-1901242-util-Fix-logic-in-virFileSetCOW.patch: fix dir pool
handling on non BTRFS affecting virt-manager, api and commandline pool
handling (LP: #1901242)
-- Christian Ehrhardt <email address hidden> Wed, 28 Oct 2020 07:47:53 +0100
Available diffs
libvirt (6.6.0-1ubuntu4) hirsute; urgency=medium
* d/p/ubuntu/lp-1901242-util-Fix-logic-in-virFileSetCOW.patch: fix dir pool
handling on non BTRFS affecting virt-manager, api and commandline pool
handling (LP: #1901242)
-- Christian Ehrhardt <email address hidden> Wed, 28 Oct 2020 07:47:53 +0100
Available diffs
libvirt (6.0.0-0ubuntu8.5) focal; urgency=medium
* d/p/ubuntu/lp-1887490-*: add named types and definitions for EPYC-Rome
chips (LP: #1887490)
-- Christian Ehrhardt <email address hidden> Thu, 08 Oct 2020 07:36:06 +0200
Available diffs
| Superseded in hirsute-release |
| Obsolete in groovy-release |
| Deleted in groovy-proposed (Reason: moved to Release) |
libvirt (6.6.0-1ubuntu3) groovy; urgency=medium
* d/p/ubuntu/lp-1887490-*: add named types and definitions for EPYC-Rome
chips (LP: #1887490)
-- Christian Ehrhardt <email address hidden> Thu, 08 Oct 2020 07:36:06 +0200
Available diffs
- diff from 6.6.0-1ubuntu2 to 6.6.0-1ubuntu3 (11.4 KiB)
libvirt (6.0.0-0ubuntu8.4) focal; urgency=medium * avoid stale libvirt capability cache (LP: #1874647) - when host cpu changes (e.g. nested with different configuration) - when s390x protvirt or AMD SEV changes - d/p/ubuntu/lp-1874647-* -- Christian Ehrhardt <email address hidden> Mon, 31 Aug 2020 08:41:25 +0200
Available diffs
libvirt (6.6.0-1ubuntu2) groovy; urgency=medium
* d/p/u/lp-1892826-Revert-m4-virt-xdr-rewrite-XDR-check.patch: avoid clashes
between libtripc and glibc that break libvirt-lxc (LP: #1892826)
* d/p/ubuntu-aa/lp-1892736-apparmor-allow-libvirtd-to-call-virtiofsd.patch:
allow libvirt to control virtiofsd (LP: #1892736)
Available diffs
- diff from 6.0.0-0ubuntu11 to 6.6.0-1ubuntu2 (14.5 MiB)
- diff from 6.6.0-1ubuntu1 to 6.6.0-1ubuntu2 (3.7 KiB)
| Superseded in groovy-proposed |
libvirt (6.6.0-1ubuntu1) groovy; urgency=medium
* Merge with Debian 6.6.0-1 from experimental
Among many other new features and fixes this includes fixes for:
(LP: #1874647) - Stale libvirt cache leads to VM startup failures
(LP: #1869796) - bad ordering and dependent restarts of services/sockets
Remaining changes:
- d/p/ubuntu-aa/lp-1847361-load-versioned-module.patch: allow loading
versioned modules after qemu package upgrades (LP 1847361)
- libvirt-uri.sh: Automatically switch default libvirt URI for users
via user profile (xen URI on dom0, qemu:///system otherwise)
- Disable libssh2 support (universe dependency)
- Disable firewalld support (universe dependency)
- Set qemu-group to kvm (for compat with older ubuntu)
- Additional apport package-hook
- Autostart default bridged network (As upstream does, but not Debian).
In addition to just enabling it our solution provides:
+ do not autostart if subnet is already taken (e.g. in guests).
+ iterate some alternative subnets before giving up
- d/p/ubuntu/Allow-libvirt-group-to-access-the-socket.patch: This is
the group based access to libvirt functions as it was used in Ubuntu
for quite long.
+ d/p/ubuntu/daemon-augeas-fix-expected.patch fix some related tests
due to the group access change.
+ d/libvirt-daemon-system.postinst: add users in sudo to the libvirt
group.
- ubuntu/parallel-shutdown.patch: set parallel shutdown by default.
- Update README.Debian with Ubuntu changes
- d/p/ubuntu/ubuntu_machine_type.patch: accept ubuntu types as pci440fx
- fix autopkgtests
+ d/t/control, d/t/smoke-qemu-session: fixup smoke-qemu-session by making
vmlinuz available and accessible (Debian bug 848314)
+ d/t/control: fix smoke-qemu-session by ensuring the service will run
installing libvirt-daemon-system
+ d/t/smoke-lxc: fix smoke-lxc by ignoring potential issues on destroy as
long as the following undefine succeeds
+ d/t/smoke-lxc: use systemd instead of sysV to restart the service
- dnsmasq related enhancements
+ run dnsmasq as libvirt-dnsmasq (LP: 1743718)
+ d/libvirt-daemon-system.postinst: add libvirt-dnsmasq user and group
+ d/libvirt-daemon-system.postrm: remove libvirt-dnsmasq user and group
on purge
+ d/p/ubuntu/dnsmasq-as-priv-user: write dnsmasq config with user
libvirt-dnsmasq and adapt the self tests to expect that config
+ d/libvirt-daemon-system.postinst: fix old libvirt-dnsmasq users group
+ Add dnsmasq configuration to work with system wide dnsmasq-base
- debian/rules: disable the netcf backend. (LP: 1764314)
- debian/patches/ubuntu/ovmf_paths.patch: adjust paths to secboot.fd UEFI
Secure Boot enabled variants of the OVMF firmware and variable store for
the paths where we ship these files in Ubuntu.
- d/p/ubuntu/set-default-machine-to-ubuntu.patch: to select default
machine type correctly with newer qemu/libvirt
- d/control: add libzfslinux-dev to build-deps
- d/control: drop libvirt-lxc, vbox and xen drivers to suggest
- d/p/ubuntu/lp-1861125-ubuntu-models: recognize Ubuntu models for
(LP 1861125) fixups
- Apparmor Delta that is Ubuntu specific or yet to be upstreamed
split into logical pieces. File names in debian/patches/ubuntu-aa/:
+ 0003-apparmor-libvirt-qemu-Allow-read-access-to-overcommi.patch:
apparmor, libvirt-qemu: Allow read access to overcommit_memory
+ 0007-apparmor-libvirt-qemu-Allow-owner-read-access-to-PRO.patch:
apparmor, libvirt-qemu: Allow owner read access to @{PROC}/*/auxv
+ 0020-virt-aa-helper-ubuntu-storage-paths.patch:
apparmor, virt-aa-helper: Allow various storage pools and image
locations
+ 0029-appmor-libvirt-qemu-Add-9p-support.patch: appmor,
libvirt-qemu: Add 9p support
+ 0030-virt-aa-helper-Complete-9p-support.patch: virt-aa-helper:
add l to 9p file options.
+ 0031-virt-aa-helper-Ask-for-no-deny-rule-for-readonly-dis.patch:
virt-aa-helper: Ask for no deny rule for readonly disk (renamed and
reworded, was virt-aa-helper-no-explicity-deny-for-basefiles.patch)
+ 0032-apparmor-libvirt-qemu-Allow-reading-charm-specific-c.patch:
apparmor, libvirt-qemu: Allow reading charm-specific ceph config
+ 0033-UBUNTU-only-apparmor-for-kvm.powerpc-LP-1680384.patch: allow
commands executed by ubuntu only kvm wrapper on ppc64el
(LP 1686621 LP 1680384 LP 1784023)
+ 0034-apparmor-virt-aa-helper-access-for-snapped-nova.patch:
apparmor, virt-aa-helper: access for snapped nova
+ 0050-local-include-for-libvirt-qemu.patch,
d/libvirt-daemon-system.postinst: provide a local apparmor include
for abstraction/libvirt-qemu (LP: 1786019)
+ lp-1815910-allow-vhost-net.patch: avoid apparmor issues
with vhost-net/vhost-vsock/vhost-scsi hotplug (LP: 1815910)
* Dropped changes (in Debian now):
- Enable some additional features on ppc64el and s390x (for arch parity)
+ systemtap, zfs, numa and numad on s390x.
+ systemtap on ppc64el.
- enable attr support to store XATTR labels. Among other things
this allows to properly restore file ownership (LP 691590)
- d/control: build depend to libattr1-dev
- d/rules: configure --with-attr
- Install virt-login-shell-helper
- Install augeas lenses for all drivers
- Remove all mentions of Devhelp
- not-installed: Remove obsolete entries
- not-installed: List all split daemons files
- d/control: bump build dep to python3
- d/control: add python3-docutils as build dependency
- d/rules: set enable-dependency-tracking to avoid FTBFS
- d/rules: drop the no more existing phyp option
- d/rules: drop the no more existing xen configure option
- minimize patches generated by autoreconf
- fix build on Debian/Ubuntu in qemuhotplugtest
- d/libvirt-doc.doc: install rendered docs
- d/libvirt-daemon-system.examples: drop old examples that are now active
- d/libvirt-doc.doc-base.libvirt-doc: adapt doc base to new file placement
- d/libvirt-daemon-system-sysv.lintian-overrides: not shipiing systemd files
- d/libnss-libvirt.lintian-overrides: accept having two nss so files
- d/rules: don't ship split daemons just yet
- d/rules: install /etc/default/* files that are shared between sysv and
systemd packages
- d/rules: add libvirt-guests.default to libvirt-daemon-system instead of
libvirt-daemon-system-sysv
- d/rules: install virtlockd correctly with defaults file (LP: 1729516)
- d/rules: also check build time self test results on all architectures
- d/rules: add --no-restart-after-upgrade to services that are supposed to
stay up through upgrades - this also applies to related sockets.
* Dropped changes (part of upstream now):
- d/p/ubuntu/lp-1879325-*: avoid issues with apparmor metadata labeling
(LP 1879325)
- d/p/ubuntu-aa/lp-1871354*: fix apparmor denials on libpmem init
(LP 1871354)
- d/p/ubuntu/CVE-CVE-2020-10701-api-disallow-virDomainAgentSetResponseTimeout
-on-rea.patch: avoid DOS through read only connections
CVE-2020-10701
- d/p/ubuntu/lp-1867460-*: fix domcapabilities before capabilities
and binary autodetection in general (LP 1867460)
- d/p/stable/lp-1868539-*: stabilize libvirt by backporting upstream
fixes (LP 1868539)
- d/p/ubuntu/lp-1853200*: add cpu models without hle/rtm features to have
modern types on kernels with recent security fixes (LP 1853200)
- d/p/ubuntu/lp-1868528-*: Fail when fetching CPU Status for invalid CPU
(LP 1868528)
- d/p/ubuntu/lp-1865425-*: avoid killing the monitor job in
qemuDomainSetTimeAgent (LP 1865425)
- d/p/ubuntu-aa/virt-aa-helper-Add-support-for-smartcard-host-certif.patch:
allow emulation of smartcard via host certificates
- d/p/ubuntu/lp-1861125-*: fix non host-model migrations from old machine
types (LP 1861125)
- d/p/ubuntu-aa/apparmor-allow-to-call-vhost-user-gpu.patch: do not apparmor
block vhost-user-gpu usage
- d/p/ubuntu/lp-1655111*: fix qemu_bridge_helper to work with named
profiles (LP 1655111)
* Dropped changes (no more needed):
- d/control: make libvirt-daemon-driver-storage-rbd a recommend instead of
just a suggest. This was deprecated since bionic and now will be dropped.
- Update Vcs-Git and Vcs-Browser fields to point to launchpad
- d/control: VCS links to use generic Ubuntu launchpad git URLs
- refreshed patches for libvirt v6.0.0
- d/libvirt-daemon-system.postrm: change order of libvirt-qemu removal to
avoid error messages on purge [deluser/delgroup no more report warnings]
- "Additional apport package-hook": due to context auto updates
d/libvirt-daemon.install had bad entries which are no more required.
- d/control, d/rules: Disable rbd and zfs on riscv64 where they are
unavailable (LP 1872952)
* Added Changes:
- d/control: breaks replaces for augeas lenses move in 6.0.0-1
(follows Debian, droppable >22.04)
- refresh ubuntu patches for 6.6
- d/p/ubuntu-aa/0050-local-include-for-libvirt-qemu.patch
- d/p/ubuntu-aa/0034-apparmor-virt-aa-helper-access-for-snapped-nova.patch
- d/p/ubuntu-aa/0020-virt-aa-helper-ubuntu-storage-paths.patch
- d/p/ubuntu/dnsmasq-as-priv-user
- d/p/ubuntu/Allow-libvirt-group-to-access-the-socket.patch
- d/p/ubuntu/daemon-augeas-fix-expected.patch
- d/libvirt-daemon-system.postinst: fix bashism in dnsmasq related
enhancements
- d/p/ubuntu/wait-for-qemu-kvm.patch - avoid hangs on startup (LP: #1887592)
- d/libvirt-clients.lintian-overrides: profile scripts are non executable
- d/p/ubuntu-aa/apparmor-allow-unmounting-.dev-entries.patch: avoid
triggering denials in devmapper error path
- d/p/ubuntu-aa/pparmor-profiles-are-meant-to-allow-adding-permanen.patch:
(again) allow permanent per guest overrides (LP: #1745114)
- d/control: drop mdevctl to a suggest until (LP 1889248) is ready
Available diffs
- diff from 6.0.0-0ubuntu11 to 6.6.0-1ubuntu1 (14.5 MiB)
libvirt (6.0.0-0ubuntu11) groovy; urgency=medium
* SECURITY UPDATE: privilege escalation via incorrect socket permissions
- debian/patches/ubuntu/Allow-libvirt-group-to-access-the-socket.patch:
updated patch to also set appropriate permissions on socket created
by systemd.
- CVE-2020-15708
-- Marc Deslauriers <email address hidden> Wed, 05 Aug 2020 09:08:34 -0400
Available diffs
- diff from 6.0.0-0ubuntu10 to 6.0.0-0ubuntu11 (867 bytes)
libvirt (6.0.0-0ubuntu8.3) focal-security; urgency=medium
* SECURITY UPDATE: privilege escalation via incorrect socket permissions
- debian/patches/ubuntu/set-proper-socket-permissions.patch: set
appropriate permissions on socket created by systemd.
- CVE-2020-15708
-- Marc Deslauriers <email address hidden> Thu, 30 Jul 2020 06:40:28 -0400
Available diffs
libvirt (6.0.0-0ubuntu8.2) focal; urgency=medium
* enable attr support to store XATTR labels. Among other things
this allows to properly restore file ownership (LP: #691590)
- d/control: build depend to libattr1-dev
- d/rules: configure --with-attr
-- Christian Ehrhardt <email address hidden> Mon, 22 Jun 2020 21:30:50 +0200
Available diffs
- diff from 6.0.0-0ubuntu8.1 to 6.0.0-0ubuntu8.2 (910 bytes)
libvirt (6.0.0-0ubuntu10) groovy; urgency=medium
* enable attr support to store XATTR labels. Among other things
this allows to properly restore file ownership (LP: #691590)
- d/control: build depend to libattr1-dev
- d/rules: configure --with-attr
-- Christian Ehrhardt <email address hidden> Mon, 22 Jun 2020 21:30:50 +0200
Available diffs
- diff from 6.0.0-0ubuntu9 to 6.0.0-0ubuntu10 (908 bytes)
libvirt (6.0.0-0ubuntu8.1) focal; urgency=medium
* d/p/ubuntu/lp-1879325-*: avoid issues with apparmor metadata labeling
(LP: #1879325)
-- Christian Ehrhardt <email address hidden> Wed, 20 May 2020 06:59:57 +0200
Available diffs
libvirt (6.0.0-0ubuntu9) groovy; urgency=medium
* d/p/ubuntu/lp-1879325-*: avoid issues with apparmor metadata labeling
(LP: #1879325)
-- Christian Ehrhardt <email address hidden> Wed, 20 May 2020 06:59:57 +0200
Available diffs
libvirt (4.0.0-1ubuntu8.17) bionic-security; urgency=medium
* SECURITY UPDATE: denial of service via active pool without target path
- debian/patches/ubuntu/CVE-2020-10703.patch: fix daemon crash on
lookup storagepool by targetpath in src/storage/storage_driver.c.
- CVE-2020-10703
-- Marc Deslauriers <email address hidden> Wed, 06 May 2020 14:18:23 -0400
Available diffs
libvirt (5.4.0-0ubuntu5.4) eoan-security; urgency=medium
* SECURITY UPDATE: denial of service via active pool without target path
- debian/patches/ubuntu/CVE-2020-10703.patch: fix daemon crash on
lookup storagepool by targetpath in src/storage/storage_driver.c.
- CVE-2020-10703
* SECURITY UPDATE: memory leak in virDomainListGetStats
- debian/patches/ubuntu/CVE-2020-12430.patch: don't leak array with 0
iothreads in src/qemu/qemu_driver.c.
- CVE-2020-12430
-- Marc Deslauriers <email address hidden> Wed, 06 May 2020 13:26:20 -0400
Available diffs
libvirt (5.4.0-0ubuntu5.3) eoan; urgency=medium
* d/p/ubuntu-aa/lp-1847361-load-versioned-module.patch: allow loading
versioned modules after qemu package upgrades (LP: #1847361)
-- Christian Ehrhardt <email address hidden> Thu, 09 Apr 2020 08:28:33 +0200
Available diffs
libvirt (4.0.0-1ubuntu8.16) bionic; urgency=medium
* d/p/ubuntu-aa/lp-1847361-load-versioned-module.patch: allow loading
versioned modules after qemu package upgrades (LP: #1847361)
-- Christian Ehrhardt <email address hidden> Thu, 09 Apr 2020 08:28:33 +0200
Available diffs
| Superseded in groovy-release |
| Published in focal-release |
| Deleted in focal-proposed (Reason: moved to Release) |
libvirt (6.0.0-0ubuntu8) focal; urgency=medium
* d/control, d/rules: Disable rbd and zfs on riscv64 where they are
unavailable (LP: #1872952)
-- William Grant <email address hidden> Sat, 18 Apr 2020 13:59:21 +1000
Available diffs
- diff from 6.0.0-0ubuntu7 to 6.0.0-0ubuntu8 (952 bytes)
libvirt (6.0.0-0ubuntu7) focal; urgency=medium
* d/p/ubuntu-aa/lp-1871354*: fix apparmor denials on libpmem init
(LP: #1871354)
* d/p/ubuntu/CVE-CVE-2020-10701-api-disallow-virDomainAgentSetResponseTimeout
-on-rea.patch: avoid DOS through read only connections
CVE-2020-10701
-- Christian Ehrhardt <email address hidden> Wed, 15 Apr 2020 12:29:12 +0200
Available diffs
libvirt (6.0.0-0ubuntu6) focal; urgency=medium
* d/p/ubuntu/lp-1867460-*: fix domcapabilities before capabilities
and binary autodetection in general (LP: #1867460)
* d/p/stable/lp-1868539-*: stabilize libvirt by backporting upstream
fixes (LP: #1868539)
* d/p/ubuntu/lp-1853200*: add cpu models without hle/rtm features to have
modern types on kernels with recent security fixes (LP: #1853200)
* d/p/ubuntu/lp-1868528-*: Fail when fetching CPU Status for invalid CPU
(LP: #1868528)
-- Christian Ehrhardt <email address hidden> Fri, 20 Mar 2020 10:34:19 +0100
Available diffs
- diff from 6.0.0-0ubuntu5 to 6.0.0-0ubuntu6 (33.0 KiB)
libvirt (5.4.0-0ubuntu5.2) eoan; urgency=medium
* d/p/u/lp-1655111-apparmor-fix-qemu_bridge_helper-for-named-profile.patch:
fix qemu_bridge_helper to work with named profiles (LP: #1655111)
-- Christian Ehrhardt <email address hidden> Tue, 17 Mar 2020 09:09:01 +0100
Available diffs
libvirt (6.0.0-0ubuntu5) focal; urgency=medium
* d/p/ubuntu-aa/lp-1847361-load-versioned-module.patch: allow loading
versioned modules after qemu package upgrades (LP: #1847361)
-- Christian Ehrhardt <email address hidden> Tue, 10 Mar 2020 08:58:04 +0100
Available diffs
libvirt (1.3.1-1ubuntu10.30) xenial; urgency=medium
* d/p/lp-1844455-node_device_conf-Don-t-leak-physical_function.patch:
fix memory-leak from PCI-related structure. (LP: #1844455)
* d/p/lp-1864918-Fix-TLS-test-suites-with-gnutls-3.6.0.patch: fix failing TLS
tests due to recent-introduced SHA1 restriction in gnutls. (LP: #1864918)
-- <email address hidden> (Guilherme G. Piccoli) Wed, 26 Feb 2020 13:23:18 -0300
Available diffs
libvirt (4.0.0-1ubuntu8.15) bionic; urgency=medium
* d/p/lp-1844455-node_device_conf-Don-t-leak-physical_function.patch:
fix memory-leak from PCI-related structure. (LP: #1844455)
-- <email address hidden> (Guilherme G. Piccoli) Thu, 20 Feb 2020 13:07:33 -0300
Available diffs
libvirt (5.4.0-0ubuntu5.1) eoan; urgency=medium
* d/p/lp-1844455-node_device_conf-Don-t-leak-physical_function.patch:
fix memory-leak from PCI-related structure. (LP: #1844455)
-- <email address hidden> (Guilherme G. Piccoli) Thu, 20 Feb 2020 12:35:23 -0300
Available diffs
libvirt (6.0.0-0ubuntu4) focal; urgency=medium
* d/p/ubuntu/lp-1865425-*: avoid killing the monitor job in
qemuDomainSetTimeAgent (LP: #1865425)
-- Christian Ehrhardt <email address hidden> Mon, 02 Mar 2020 10:44:22 +0100
Available diffs
libvirt (6.0.0-0ubuntu3) focal; urgency=medium
* rebuild against libxen-dev 4.11.3 (no change needed)
* d/p/ubuntu-aa/virt-aa-helper-Add-support-for-smartcard-host-certif.patch:
allow emulation of smartcard via host certificates
* d/p/ubuntu/lp-1861125-*: fix non host-model migrations from old machine
types (LP: #1861125)
* d/p/ubuntu-aa/apparmor-allow-to-call-vhost-user-gpu.patch: do not apparmor
block vhost-user-gpu usage
-- Christian Ehrhardt <email address hidden> Wed, 12 Feb 2020 14:20:08 +0100
Available diffs
libvirt (6.0.0-0ubuntu2) focal; urgency=medium
[ Christian Ehrhardt ]
* Bring back the ubuntu default URI handling. While no more needed for xen
its removal made libvirt fallback further to the upstream default
qemu:///session while Ubuntu forever had and for now wants to keep
qemu:///system (LP: #1861693)
- revert 'd/libvirt-clients.maintscript: rm_conffile libvirt-uri.sh that
was optional for use on xen hosts'
- libvirt-uri.sh: Automatically switch default libvirt URI for users on
Xen dom0 via user profile
[added back former delta]
[ Andrea Bolognani ]
* Merge further fixes from debian/experimental
- Install virt-login-shell-helper
- Install augeas lenses for all drivers
- Remove all mentions of Devhelp
- not-installed: Remove obsolete entries
- not-installed: List all split daemons files
-- Christian Ehrhardt <email address hidden> Tue, 04 Feb 2020 13:08:49 +0100
Available diffs
libvirt (6.0.0-0ubuntu1) focal; urgency=medium
* Merged with Debian 5.6.0-4 from experimental and v6.0.0 from upstream
Among many other new features and fixes this includes fixes for:
- LP: #1859253 - rbd driver fails to create a new volume
- LP: #1858341 - rbd driver does not list all volumes in pool
- LP: #1845506 - Libvirt snapshot doesn't update apparmor profile
- LP: #1854653 - slow libvirt-guests.sh during shutdown if service is off
- LP: #1848229 - enable ppc64el to use ccf-assist feature
- LP: #1853315 - Enable CPU Model Comparison and Baselining on s390x
- LP: #1853317 - CCW IPL support to boot from ECKD DASDs
- LP: #1859506 - security: AppArmor profile fixes for swtpm
Remaining changes:
- Disable libssh2 support (universe dependency)
- Disable firewalld support (universe dependency)
- Set qemu-group to kvm (for compat with older ubuntu)
- Additional apport package-hook
- Autostart default bridged network (As upstream does, but not Debian).
In addition to just enabling it our solution provides:
+ do not autostart if subnet is already taken (e.g. in guests).
+ iterate some alternative subnets before giving up
- d/p/ubuntu/Allow-libvirt-group-to-access-the-socket.patch: This is
the group based access to libvirt functions as it was used in Ubuntu
for quite long.
+ d/p/ubuntu/daemon-augeas-fix-expected.patch fix some related tests
due to the group access change.
+ d/libvirt-daemon-system.postinst: add users in sudo to the libvirt
group.
- ubuntu/parallel-shutdown.patch: set parallel shutdown by default.
- Update Vcs-Git and Vcs-Browser fields to point to launchpad
- Update README.Debian with Ubuntu changes
- Enable some additional features on ppc64el and s390x (for arch parity)
+ systemtap, zfs, numa and numad on s390x.
+ systemtap on ppc64el.
- d/p/ubuntu/ubuntu_machine_type.patch: accept ubuntu types as pci440fx
- Further upstreamed apparmor Delta, especially any new one
Our former delta is split into logical pieces and is either Ubuntu only
or is part of a continuous upstreaming effort.
Listing related remaining changes in debian/patches/ubuntu-aa/:
- fix autopkgtests
+ d/t/control, d/t/smoke-qemu-session: fixup smoke-qemu-session by making
vmlinuz available and accessible (Debian bug 848314)
+ d/t/control: fix smoke-qemu-session by ensuring the service will run
installing libvirt-daemon-system
+ d/t/smoke-lxc: fix smoke-lxc by ignoring potential issues on destroy as
long as the following undefine succeeds
+ d/t/smoke-lxc: use systemd instead of sysV to restart the service
- dnsmasq related enhancements
+ run dnsmasq as libvirt-dnsmasq (LP: 1743718)
+ d/libvirt-daemon-system.postinst: add libvirt-dnsmasq user and group
+ d/libvirt-daemon-system.postrm: remove libvirt-dnsmasq user and group
on purge
+ d/p/ubuntu/dnsmasq-as-priv-user: write dnsmasq config with user
libvirt-dnsmasq and adapt the self tests to expect that config
+ d/libvirt-daemon-system.postinst: fix old libvirt-dnsmasq users group
+ Add dnsmasq configuration to work with system wide dnsmasq-base
- debian/rules: disable the netcf backend. (LP: 1764314)
- debian/patches/ubuntu/ovmf_paths.patch: adjust paths to secboot.fd UEFI
Secure Boot enabled variants of the OVMF firmware and variable store for
the paths where we ship these files in Ubuntu.
- d/rules: install virtlockd correctly with defaults file (LP: 1729516)
- d/rules: also check build time self test results on all architectures
- d/p/ubuntu/set-default-machine-to-ubuntu.patch: to select default
machine type correctly with newer qemu/libvirt
- d/rules: add --no-restart-after-upgrade to services that are supposed to
stay up through upgrades - this also applies to related sockets.
- Apparmor Delta that is Ubuntu specific or yet to be upstreamed
split into logical pieces. File names in debian/patches/ubuntu-aa/:
+ 0003-apparmor-libvirt-qemu-Allow-read-access-to-overcommi.patch:
apparmor, libvirt-qemu: Allow read access to overcommit_memory
+ 0007-apparmor-libvirt-qemu-Allow-owner-read-access-to-PRO.patch:
apparmor, libvirt-qemu: Allow owner read access to @{PROC}/*/auxv
+ 0017-apparmor-virt-aa-helper-Allow-access-to-tmp-director.patch:
apparmor, virt-aa-helper: Allow access to tmp directories
+ 0020-virt-aa-helper-ubuntu-storage-paths.patch:
apparmor, virt-aa-helper: Allow various storage pools and image
locations
+ 0021-apparmor-virt-aa-helper-Add-openvswitch-support.patch:
apparmor, virt-aa-helper: Add openvswitch support
+ 0029-appmor-libvirt-qemu-Add-9p-support.patch: appmor,
libvirt-qemu: Add 9p support
+ 0030-virt-aa-helper-Complete-9p-support.patch: virt-aa-helper:
add l to 9p file options.
+ 0031-virt-aa-helper-Ask-for-no-deny-rule-for-readonly-dis.patch:
virt-aa-helper: Ask for no deny rule for readonly disk (renamed and
reworded, was virt-aa-helper-no-explicity-deny-for-basefiles.patch)
+ 0032-apparmor-libvirt-qemu-Allow-reading-charm-specific-c.patch:
apparmor, libvirt-qemu: Allow reading charm-specific ceph config
+ 0033-UBUNTU-only-apparmor-for-kvm.powerpc-LP-1680384.patch: allow
commands executed by ubuntu only kvm wrapper on ppc64el
(LP 1686621 LP 1680384 LP 1784023)
+ 0034-apparmor-virt-aa-helper-access-for-snapped-nova.patch:
apparmor, virt-aa-helper: access for snapped nova
+ 0050-local-include-for-libvirt-qemu.patch,
d/libvirt-daemon-system.postinst: provide a local apparmor include
for abstraction/libvirt-qemu (LP: 1786019)
+ lp-1815910-allow-vhost-net.patch: avoid apparmor issues
with vhost-net/vhost-vsock/vhost-scsi hotplug (LP: 1815910)
* Dropped changes (in Debian)
- d/libvirt0.symbols: bump symbol versions for 5.4.0
- avoid service dependency issues on upgrade (LP: 1786179)
This will in the long term be resolved in dh_* tools, but to let an
upgrade work for now we need to drop the sysV scripts (which we don't
use anyway) and slightly modify the systemd service to work with todays
dh_systemd_start properly. Can be dropped once Debian bug 905772 is
resolved in dh_* tools and libvirt uses those new code.
+ d/libvirt-daemon-system.virtlogd.init: removed sysV init file
+ d/libvirt-daemon-system.libvirtd.init: removed sysV init file
+ debian/libvirt-daemon-system.maintscript: rm_conffile for virtlogd
and lbivirtd sysV init file
+ d/p/ubuntu/avoid-restarting-virtlog-socket.patch: drop Also references
to virtlogd/virtlockd sockets as they would imply a restart of
virtlogd breaking it.
[ we now have split packages for sysv and systemd support ]
- d/t/control, d/t/smoke-lxc: fix up lxc smoke test isolation
- Refreshed to match new upstream
+ d/p/Reduce-udevadm-settle-timeout-to-10-seconds.patch
* Dropped changes (now upstream)
- d/p/ubuntu/lp-1828495-*: make libvirt able to handle arch_capabilities
cpu features for the Host. (LP: 1828495 - not closing yet as guest caps
are still need fixups to work well LP: 1841066)
- SECURITY UPDATEs: CVE-2019-10161, CVE-2019-10166,
CVE-2019-10167 and CVE-2019-10168
- d/p/ubuntu-aa/lp-1833040-Add-openGraphicsFD-rule-for-named-profile.patch:
avoid issues with remote screen connections like virt-manager due to
apparmor changes in libvirt 5.1 (LP 1833040)
- 0001-apparmor-Allow-pygrub-to-run-on-Debian-Ubuntu.patch: apparmor:
Allow pygrub to run on Debian/Ubuntu
- update to v5.4.0
* Dropped changes (Xen demoted to universe)
- d/p/ubuntu/ubuntu-libxl-qemu-path.patch: this change was split. The
section that adapts the path of the emulator to the Debian/Ubuntu
packaging is kept.
- d/p/ubuntu/ubuntu-libxl-Fix-up-VRAM-to-minimum-requirements.patch: auto
set VRAM to minimum requirements
- d/p/ubuntu/xen-default-uri.patch: set default URI on xen hosts
- Add libxl log directory
- libvirt-uri.sh: Automatically switch default libvirt URI for users on
Xen dom0 via user profile (was missing on changelogs before)
* Dropped changes (no more needed)
- d/p/ubuntu/apibuild-skip-libvirt-common.h: drop libvirt-common.h from
included_files to avoid build failures due to duplicate definitions.
[ finally works in v6.0.0 ]
- d/control: Revert iptables/ebtables dependency as Eoan still is on 1.6.x
[ focal has iptables 1.8.3 ]
- d/rules: adapt iptables binary paths present in Eoan (LP 1832297)
[ focal has iptables 1.8.3 ]
* Added Changes:
- refreshed patches for libvirt v6.0.0
- d/control: bump build dep to python3
- d/control: VCS links to use generic Ubuntu launchpad git URLs
- d/control: add python3-docutils as build dependency
- d/control: add libzfslinux-dev to build-deps
- d/rules: set enable-dependency-tracking to avoid FTBFS
- d/rules: drop the no more existing phyp option
- d/rules: drop the no more existing xen configure option
- d/libvirt-clients.maintscript: rm_conffile libvirt-uri.sh that was
optional for use on xen hosts
- d/control: drop libvirt-lxc, vbox and xen drivers to suggest
- minimize patches generated by autoreconf
- fix build on Debian/Ubuntu in qemuhotplugtest
- d/libvirt-doc.doc: install rendered docs
- d/libvirt-daemon-system.examples: drop old examples that are now active
- d/libvirt-doc.doc-base.libvirt-doc: adapt doc base to new file placement
- d/libvirt-daemon-system-sysv.lintian-overrides: not shipiing systemd files
- d/libnss-libvirt.lintian-overrides: accept having two nss so files
- d/rules: don't ship split daemons just yet
- d/rules: install /etc/default/* files that are shared between sysv and
systemd packages
- d/rules: add libvirt-guests.default to libvirt-daemon-system instead of
libvirt-daemon-system-sysv
- d/p/ubuntu/lp-1655111*: fix qemu_bridge_helper to work with named
profiles (LP: #1655111)
Available diffs
- diff from 5.4.0-0ubuntu5 to 6.0.0-0ubuntu1 (27.6 MiB)
libvirt (5.0.0-1ubuntu2.6) disco; urgency=medium * debian/rules: libnss-libvirt: Install libnss_libvirt_guest (LP: #1853074) -- Rafael David Tinoco <email address hidden> Tue, 19 Nov 2019 00:56:29 +0000
Available diffs
- diff from 5.0.0-1ubuntu2.5 to 5.0.0-1ubuntu2.6 (546 bytes)
libvirt (4.0.0-1ubuntu8.14) bionic; urgency=medium * debian/rules: libnss-libvirt: Install libnss_libvirt_guest (LP: #1853074) -- Rafael David Tinoco <email address hidden> Wed, 20 Nov 2019 11:52:51 +0000
Available diffs
- diff from 4.0.0-1ubuntu8.13 to 4.0.0-1ubuntu8.14 (549 bytes)
libvirt (1.3.1-1ubuntu10.29) xenial; urgency=medium
* debian/patches/lp1681839-*.patch: Fix block commit timeout
races, and ensure that once commit has reached 100%, timeouts
no longer apply. (LP: #1681839)
-- Matthew Ruffell <email address hidden> Thu, 31 Oct 2019 10:52:41 +1300
Available diffs
| Superseded in focal-release |
| Obsolete in eoan-release |
| Deleted in eoan-proposed (Reason: moved to release) |
libvirt (5.4.0-0ubuntu5) eoan; urgency=medium * No-change upload with strops.h and sys/strops.h removed in glibc. -- Matthias Klose <email address hidden> Thu, 05 Sep 2019 11:00:53 +0000
Available diffs
- diff from 5.4.0-0ubuntu4 to 5.4.0-0ubuntu5 (350 bytes)
libvirt (5.4.0-0ubuntu4) eoan; urgency=medium
* d/p/ubuntu/lp-1828495-*: make libvirt able to handle arch_capabilities
cpu features for the Host. (LP: 1828495 - not closing yet as guest caps
are still need fixups to work well LP: 1841066)
-- Christian Ehrhardt <email address hidden> Tue, 20 Aug 2019 10:50:08 +0200
Available diffs
- diff from 5.4.0-0ubuntu3 to 5.4.0-0ubuntu4 (14.5 KiB)
libvirt (5.0.0-1ubuntu2.5) disco; urgency=medium
* d/p/ubuntu/lp-1840872-*: avoid hotplug issues with duplicate device
addresses (LP: #1840872)
-- Christian Ehrhardt <email address hidden> Wed, 21 Aug 2019 11:15:43 +0200
Available diffs
libvirt (4.0.0-1ubuntu8.13) bionic; urgency=medium
* d/p/ubuntu/lp-1840872-*: avoid hotplug issues with duplicate device
addresses (LP: #1840872)
* d/p/ubuntu/lp-1840745-*: add amd ssbd / no-ssbd features (LP: #1840745)
-- Christian Ehrhardt <email address hidden> Wed, 21 Aug 2019 11:08:29 +0200
Available diffs
| Superseded in xenial-proposed |
libvirt (1.3.1-1ubuntu10.28) xenial; urgency=medium
[ Matthew Ruffell ]
* debian/libvirt-bin.upstart: update pre-stop section in upstart
script to stop the libvirt-guests service instead of the now
removed libvirt-stop-guests script. (LP: #1829823)
-- Christian Ehrhardt <email address hidden> Tue, 28 May 2019 08:23:25 +0200
Available diffs
libvirt (4.0.0-1ubuntu8.12) bionic-security; urgency=medium
* SECURITY UPDATE: virDomainSaveImageGetXMLDesc does not check for
read-only connection
- debian/patches/CVE-2019-10161.patch: add check to
src/libvirt-domain.c, src/qemu/qemu_driver.c,
src/remote/remote_protocol.x.
- CVE-2019-10161
* SECURITY UPDATE: virDomainManagedSaveDefineXML does not check for
read-only connection
- debian/patches/CVE-2019-10166.patch: add check to
src/libvirt-domain.c.
- CVE-2019-10166
* SECURITY UPDATE: virConnectGetDomainCapabilities does not check for
read-only connection
- debian/patches/CVE-2019-10167.patch: add check to
src/libvirt-domain.c.
- CVE-2019-10167
-- Marc Deslauriers <email address hidden> Tue, 02 Jul 2019 09:19:33 -0400
Available diffs
libvirt (1.3.1-1ubuntu10.27) xenial-security; urgency=medium
* SECURITY UPDATE: virDomainSaveImageGetXMLDesc does not check for
read-only connection
- debian/patches/CVE-2019-10161.patch: add check to
src/libvirt-domain.c, src/qemu/qemu_driver.c,
src/remote/remote_protocol.x.
- CVE-2019-10161
* SECURITY UPDATE: virConnectGetDomainCapabilities does not check for
read-only connection
- debian/patches/CVE-2019-10167.patch: add check to
src/libvirt-domain.c.
- CVE-2019-10167
-- Marc Deslauriers <email address hidden> Tue, 02 Jul 2019 09:22:37 -0400
Available diffs
libvirt (5.0.0-1ubuntu2.4) disco-security; urgency=medium
* SECURITY UPDATE: virDomainSaveImageGetXMLDesc does not check for
read-only connection
- debian/patches/CVE-2019-10161.patch: add check to
src/libvirt-domain.c, src/qemu/qemu_driver.c,
src/remote/remote_protocol.x.
- CVE-2019-10161
* SECURITY UPDATE: virDomainManagedSaveDefineXML does not check for
read-only connection
- debian/patches/CVE-2019-10166.patch: add check to
src/libvirt-domain.c.
- CVE-2019-10166
* SECURITY UPDATE: virConnectGetDomainCapabilities does not check for
read-only connection
- debian/patches/CVE-2019-10167.patch: add check to
src/libvirt-domain.c.
- CVE-2019-10167
* SECURITY UPDATE: virConnect*HypervisorCPU do not check for read-only
connection
- debian/patches/CVE-2019-10168.patch: add checks to
src/libvirt-host.c.
- CVE-2019-10168
-- Marc Deslauriers <email address hidden> Tue, 02 Jul 2019 08:49:48 -0400
Available diffs
libvirt (4.6.0-2ubuntu3.8) cosmic-security; urgency=medium
* SECURITY UPDATE: virDomainSaveImageGetXMLDesc does not check for
read-only connection
- debian/patches/CVE-2019-10161.patch: add check to
src/libvirt-domain.c, src/qemu/qemu_driver.c,
src/remote/remote_protocol.x.
- CVE-2019-10161
* SECURITY UPDATE: virDomainManagedSaveDefineXML does not check for
read-only connection
- debian/patches/CVE-2019-10166.patch: add check to
src/libvirt-domain.c.
- CVE-2019-10166
* SECURITY UPDATE: virConnectGetDomainCapabilities does not check for
read-only connection
- debian/patches/CVE-2019-10167.patch: add check to
src/libvirt-domain.c.
- CVE-2019-10167
* SECURITY UPDATE: virConnect*HypervisorCPU do not check for read-only
connection
- debian/patches/CVE-2019-10168.patch: add checks to
src/libvirt-host.c.
- CVE-2019-10168
-- Marc Deslauriers <email address hidden> Tue, 02 Jul 2019 08:52:01 -0400
Available diffs
libvirt (5.4.0-0ubuntu3) eoan; urgency=medium
* SECURITY UPDATE: virDomainSaveImageGetXMLDesc does not check for
read-only connection
- debian/patches/CVE-2019-10161.patch: add check to
src/libvirt-domain.c, src/qemu/qemu_driver.c,
src/remote/remote_protocol.x.
- CVE-2019-10161
* SECURITY UPDATE: virDomainManagedSaveDefineXML does not check for
read-only connection
- debian/patches/CVE-2019-10166.patch: add check to
src/libvirt-domain.c.
- CVE-2019-10166
* SECURITY UPDATE: virConnectGetDomainCapabilities does not check for
read-only connection
- debian/patches/CVE-2019-10167.patch: add check to
src/libvirt-domain.c.
- CVE-2019-10167
* SECURITY UPDATE: virConnect*HypervisorCPU do not check for read-only
connection
- debian/patches/CVE-2019-10168.patch: add checks to
src/libvirt-host.c.
- CVE-2019-10168
-- Marc Deslauriers <email address hidden> Tue, 02 Jul 2019 08:08:33 -0400
Available diffs
libvirt (5.4.0-0ubuntu2) eoan; urgency=medium
* d/p/ubuntu-aa/lp-1833040-Add-openGraphicsFD-rule-for-named-profile.patch:
avoid issues with remote screen connections like virt-manager due to
apparmor changes in libvirt 5.1 (LP: #1833040)
-- Christian Ehrhardt <email address hidden> Wed, 19 Jun 2019 14:34:54 +0200
Available diffs
libvirt (4.6.0-2ubuntu3.7) cosmic-security; urgency=medium
* SECURITY UPDATE: privilege escalation via incorrect socket permissions
- debian/patches/CVE-2019-10132-1.patch: reject clients unless their
UID matches the current UID in src/admin/admin_server_dispatch.c.
- debian/patches/CVE-2019-10132-2.patch: restrict sockets to mode 0600
in src/locking/virtlockd-admin.socket.in,
src/locking/virtlockd.socket.in.
- debian/patches/CVE-2019-10132-3.patch: restrict sockets to mode 0600
in src/logging/virtlogd-admin.socket.in,
src/logging/virtlogd.socket.in.
- CVE-2019-10132
-- Marc Deslauriers <email address hidden> Mon, 17 Jun 2019 07:22:49 -0400
Available diffs
libvirt (5.0.0-1ubuntu2.3) disco-security; urgency=medium
* SECURITY UPDATE: DoS via incorrect permissions check
- debian/patches/CVE-2019-3886-1.patch: disallow virDomainGetHostname
for read-only connections in src/libvirt-domain.c.
- debian/patches/CVE-2019-3886-2.patch: enforce ACL write permission
for getting guest time & hostname in src/remote/remote_protocol.x.
- CVE-2019-3886
* SECURITY UPDATE: privilege escalation via incorrect socket permissions
- debian/patches/CVE-2019-10132-1.patch: reject clients unless their
UID matches the current UID in src/admin/admin_server_dispatch.c.
- debian/patches/CVE-2019-10132-2.patch: restrict sockets to mode 0600
in src/locking/virtlockd-admin.socket.in,
src/locking/virtlockd.socket.in.
- debian/patches/CVE-2019-10132-3.patch: restrict sockets to mode 0600
in src/logging/virtlogd-admin.socket.in,
src/logging/virtlogd.socket.in.
- CVE-2019-10132
-- Marc Deslauriers <email address hidden> Mon, 17 Jun 2019 07:18:24 -0400
Available diffs
- diff from 5.0.0-1ubuntu2.2 (in Ubuntu) to 5.0.0-1ubuntu2.3 (pending)
- diff from 5.0.0-1ubuntu2.1 to 5.0.0-1ubuntu2.3 (5.7 KiB)
libvirt (5.4.0-0ubuntu1) eoan; urgency=medium
* Merged with Debian git 5.3.0-1~1.gbp7b1637 and upstreams 5.4 release
Among many other new features and fixes this includes fixes for:
LP: #1759509 - virsh dompmwakeup fails to wake VM from dompmsuspend state
Remaining changes:
- Disable libssh2 support (universe dependency)
- Disable firewalld support (universe dependency)
- Set qemu-group to kvm (for compat with older ubuntu)
- Additional apport package-hook
- Autostart default bridged network (As upstream does, but not Debian).
In addition to just enabling it our solution provides:
+ do not autostart if subnet is already taken (e.g. in guests).
+ iterate some alternative subnets before giving up
- d/p/ubuntu/Allow-libvirt-group-to-access-the-socket.patch: This is
the group based access to libvirt functions as it was used in Ubuntu
for quite long.
+ d/p/ubuntu/daemon-augeas-fix-expected.patch fix some related tests
due to the group access change.
+ d/libvirt-daemon-system.postinst: add users in sudo to the libvirt
group.
- ubuntu/parallel-shutdown.patch: set parallel shutdown by default.
- Update Vcs-Git and Vcs-Browser fields to point to launchpad
- Xen related
- d/p/ubuntu/ubuntu-libxl-qemu-path.patch: this change was split. The
section that adapts the path of the emulator to the Debian/Ubuntu
packaging is kept.
- d/p/ubuntu/ubuntu-libxl-Fix-up-VRAM-to-minimum-requirements.patch: auto
set VRAM to minimum requirements
- d/p/ubuntu/xen-default-uri.patch: set default URI on xen hosts
- Add libxl log directory
- libvirt-uri.sh: Automatically switch default libvirt URI for users on
Xen dom0 via user profile (was missing on changelogs before)
- d/p/ubuntu/apibuild-skip-libvirt-common.h: drop libvirt-common.h from
included_files to avoid build failures due to duplicate definitions.
- Update README.Debian with Ubuntu changes
- Enable some additional features on ppc64el and s390x (for arch parity)
+ systemtap, zfs, numa and numad on s390x.
+ systemtap on ppc64el.
- d/t/control, d/t/smoke-qemu-session: fixup smoke-qemu-session by making
vmlinuz available and accessible (Debian bug 848314)
- d/t/control, d/t/smoke-lxc: fix up lxc smoke test isolation
- d/p/ubuntu/ubuntu_machine_type.patch: accept ubuntu types as pci440fx
- Further upstreamed apparmor Delta, especially any new one
Our former delta is split into logical pieces and is either Ubuntu only
or is part of a continuous upstreaming effort.
Listing related remaining changes in debian/patches/ubuntu-aa/:
+ 0001-apparmor-Allow-pygrub-to-run-on-Debian-Ubuntu.patch: apparmor:
Allow pygrub to run on Debian/Ubuntu
+ 0003-apparmor-libvirt-qemu-Allow-read-access-to-overcommi.patch:
apparmor, libvirt-qemu: Allow read access to overcommit_memory
+ 0007-apparmor-libvirt-qemu-Allow-owner-read-access-to-PRO.patch:
apparmor, libvirt-qemu: Allow owner read access to @{PROC}/*/auxv
+ 0017-apparmor-virt-aa-helper-Allow-access-to-tmp-director.patch:
apparmor, virt-aa-helper: Allow access to tmp directories
+ ubuntu-aa/0020-virt-aa-helper-ubuntu-storage-paths.patch:
apparmor, virt-aa-helper: Allow various storage pools and image
locations
+ 0021-apparmor-virt-aa-helper-Add-openvswitch-support.patch:
apparmor, virt-aa-helper: Add openvswitch support
+ 0029-appmor-libvirt-qemu-Add-9p-support.patch: appmor,
libvirt-qemu: Add 9p support
+ 0030-virt-aa-helper-Complete-9p-support.patch: virt-aa-helper:
add l to 9p file options.
+ 0031-virt-aa-helper-Ask-for-no-deny-rule-for-readonly-dis.patch:
virt-aa-helper: Ask for no deny rule for readonly disk (renamed and
reworded, was virt-aa-helper-no-explicity-deny-for-basefiles.patch)
+ 0032-apparmor-libvirt-qemu-Allow-reading-charm-specific-c.patch:
apparmor, libvirt-qemu: Allow reading charm-specific ceph config
+ 0033-UBUNTU-only-apparmor-for-kvm.powerpc-LP-1680384.patch: allow
commands executed by ubuntu only kvm wrapper on ppc64el
(LP 1686621 LP 1680384 LP 1784023)
+ 0034-apparmor-virt-aa-helper-access-for-snapped-nova.patch:
apparmor, virt-aa-helper: access for snapped nova
+ d/p/ubuntu-aa/0050-local-include-for-libvirt-qemu.patch,
d/libvirt-daemon-system.postinst: provide a local apparmor include
for abstraction/libvirt-qemu (LP: 1786019)
+ d/p/ubuntu-aa/lp-1815910-allow-vhost-net.patch: avoid apparmor issues
with vhost-net/vhost-vsock/vhost-scsi hotplug (LP: 1815910)
- d/rules: enable build time self tests on all architectures
- dnsmasq related enhancements
+ run dnsmasq as libvirt-dnsmasq (LP: 1743718)
+ d/libvirt-daemon-system.postinst: add libvirt-dnsmasq user and group
+ d/libvirt-daemon-system.postrm: remove libvirt-dnsmasq user and group
on purge
+ d/p/ubuntu/dnsmasq-as-priv-user: write dnsmasq config with user
libvirt-dnsmasq and adapt the self tests to expect that config
+ d/libvirt-daemon-system.postinst: fix old libvirt-dnsmasq users group
+ Add dnsmasq configuration to work with system wide dnsmasq-base
- debian/rules: disable the netcf backend. (LP: 1764314)
- debian/control: drop libnetcf from Build-Depends.
- debian/patches/ubuntu/ovmf_paths.patch: adjust paths to secboot.fd UEFI
Secure Boot enabled variants of the OVMF firmware and variable store for
the paths where we ship these files in Ubuntu.
- d/rules: install virtlockd correctly with defaults file (LP: 1729516)
- d/rules: also check build time self test results on all architectures
- d/p/ubuntu/set-default-machine-to-ubuntu.patch: to select default
machine type correctly with newer qemu/libvirt
- d/t/control: fix smoke-qemu-session by ensuring the service will run
installing libvirt-daemon-system
- d/t/smoke-lxc: fix smoke-lxc by ignoring potential issues on destroy as
long as the following undefine succeeds
- avoid service dependency issues on upgrade (LP: 1786179)
This will in the long term be resolved in dh_* tools, but to let an
upgrade work for now we need to drop the sysV scripts (which we don't
use anyway) and slightly modify the systemd service to work with todays
dh_systemd_start properly. Can be dropped once Debian bug 905772 is
resolved in dh_* tools and libvirt uses those new code.
- d/libvirt-daemon-system.virtlogd.init: removed sysV init file
- d/libvirt-daemon-system.libvirtd.init: removed sysV init file
- debian/libvirt-daemon-system.maintscript: rm_conffile for virtlogd
and lbivirtd sysV init file
- d/p/ubuntu/avoid-restarting-virtlog-socket.patch: drop Also references
to virtlogd/virtlockd sockets as they would imply a restart of
virtlogd breaking it.
- d/t/smoke-lxc: use systemd instead of sysV to restart the service
* Added Changes:
- Refreshed patches to match new upstream
- d/p/Reduce-udevadm-settle-timeout-to-10-seconds.patch
- d/p/ubuntu/ubuntu_machine_type.patch
- d/control: Revert iptables/ebtables dependency as Eoan still is on 1.6.x
This can be dropped once >=1.8.1
- d/rules: adapt iptables binary paths present in Eoan (LP: #1832297)
This can be dropped once >=1.8.1
- d/p/ubuntu/dnsmasq-as-priv-user: update to include the new test
nat-network-mtu
- revert [c3c4cd4] drop in helper for firewalld as it is disabled on
Ubuntu [can be squashed with the disabling of firewalld on next merge]
- d/libvirt0.symbols: bump symbol versions for 5.4.0
- d/rules: add --no-restart-after-upgrade to services that are supposed to
stay up through upgrades - this also applies to related sockets.
* Dropped Changes (upstream)
- d/p/ubuntu-aa/lp-1804766-*: Allow rendering node access as needed
for the ease use of mdev and gl devices (LP: 1804766)
- d/p/ubuntu/lp-1771662-*: fix handling of VFs without associated PF
(LP: 1771662)
- d/p/ubuntu/lp-1825195-*.patch: fix issues with old guests that defined
the never functional osxsave and ospke features (LP: 1825195).
- d/p/ubuntu-aa/lp-1829223-virt-aa-helper-allow-vhost-scsi.patch fix
vhost-scsi hotplug in virt-aa-helper (LP: 1829223)
- SECURITY UPDATE: Add support for md-clear functionality
+ debian/patches/ubuntu/md-clear.patch: Define md-clear CPUID bit in
src/cpu_map/x86_features.xml.
+ CVE-2018-12126, CVE-2018-12127, CVE-2018-12130, CVE-2019-11091
- Implement further apparmor rules for usage of gl enabled
graphics (LP: 1815452)
+ d/p/ubuntu-aa/lp-1815452-more-gl-rules.patch
+ d/p/ubuntu-aa/lp-1815452-virt-aa-helper-rule.patch
- Implement further apparmor rules for usage of gl enabled
graphics with nvidia cards (LP: 1817943)
+ d/p/ubuntu-aa/lp-1817943-nvidia-gl-rules.patch
+ d/p/ubuntu-aa/lp-1817943-devices-in-sysfs.patch
* Dropped Changes (in Debian)
- d/rules: strip -Bsymbolic-functions from linker flags as it breaks
libvirt tests
-- Christian Ehrhardt <email address hidden> Fri, 07 Jun 2019 11:55:52 +0200
Available diffs
- diff from 5.0.0-1ubuntu4 to 5.4.0-0ubuntu1 (24.6 MiB)
libvirt (4.6.0-2ubuntu3.6) cosmic; urgency=medium
* d/p/ubuntu/lp-1830268-refresh-capabilities-on-KVM-nesting.patch: fix
consideration of VMX flag (LP: #1830268)
-- Christian Ehrhardt <email address hidden> Tue, 28 May 2019 07:59:48 +0200
Available diffs
libvirt (4.0.0-1ubuntu8.11) bionic; urgency=medium
* d/p/ubuntu/lp-1830268-refresh-capabilities-on-KVM-nesting.patch: fix
consideration of VMX flag (LP: #1830268)
-- Christian Ehrhardt <email address hidden> Mon, 27 May 2019 11:52:07 +0200
Available diffs
| Superseded in disco-updates |
| Superseded in disco-updates |
| Deleted in disco-proposed (Reason: moved to -updates) |
libvirt (5.0.0-1ubuntu2.2) disco; urgency=medium
* d/p/ubuntu/lp-1825195-*.patch: fix issues with old guests that defined
the never functional osxsave and ospke features (LP: #1825195).
-- Christian Ehrhardt <email address hidden> Thu, 16 May 2019 10:42:09 +0200
Available diffs
libvirt (1.2.2-0ubuntu13.1.28) trusty-security; urgency=medium
* SECURITY UPDATE: Add support for md-clear functionality
- debian/patches/md-clear.patch: Define md-clear CPUID bit in
src/cpu/cpu_map.xml.
- CVE-2018-12126, CVE-2018-12127, CVE-2018-12130, CVE-2019-11091
-- Steve Beattie <email address hidden> Thu, 16 May 2019 12:56:28 -0700
libvirt (5.0.0-1ubuntu4) eoan; urgency=medium
* d/p/ubuntu/lp-1825195-*.patch: fix issues with old guests that defined
the never functional osxsave and ospke features (LP: #1825195).
* d/p/series: reorder ubuntu Delta
* d/p/ubuntu-aa/lp-1815910-allow-vhost-net.patch: avoid apparmor issues
with vhost-net/vhost-vsock/vhost-scsi hotplug (LP: #1815910)
* d/p/ubuntu-aa/lp-1829223-virt-aa-helper-allow-vhost-scsi.patch fix
vhost-scsi hotplug in virt-aa-helper (LP: #1829223)
Available diffs
- diff from 5.0.0-1ubuntu2 to 5.0.0-1ubuntu4 (6.2 KiB)
- diff from 5.0.0-1ubuntu3 to 5.0.0-1ubuntu4 (5.5 KiB)
| Superseded in eoan-proposed |
libvirt (5.0.0-1ubuntu3) eoan; urgency=medium
* SECURITY UPDATE: Add support for md-clear functionality
- debian/patches/ubuntu/md-clear.patch: Define md-clear CPUID bit in
src/cpu_map/x86_features.xml.
- CVE-2018-12126, CVE-2018-12127, CVE-2018-12130, CVE-2019-11091
-- Marc Deslauriers <email address hidden> Tue, 14 May 2019 14:48:05 -0400
Available diffs
libvirt (4.0.0-1ubuntu8.10) bionic-security; urgency=medium
* SECURITY UPDATE: Add support for md-clear functionality
- debian/patches/md-clear.patch: Define md-clear CPUID bit in
src/cpu/cpu_map.xml.
- CVE-2018-12126, CVE-2018-12127, CVE-2018-12130, CVE-2019-11091
-- Marc Deslauriers <email address hidden> Tue, 14 May 2019 15:11:45 -0400
Available diffs
libvirt (4.6.0-2ubuntu3.5) cosmic-security; urgency=medium
* SECURITY UPDATE: Add support for md-clear functionality
- debian/patches/md-clear.patch: Define md-clear CPUID bit in
src/cpu/cpu_map.xml.
- CVE-2018-12126, CVE-2018-12127, CVE-2018-12130, CVE-2019-11091
-- Marc Deslauriers <email address hidden> Tue, 14 May 2019 15:10:06 -0400
Available diffs
libvirt (1.3.1-1ubuntu10.26) xenial-security; urgency=medium
* SECURITY UPDATE: Add support for md-clear functionality
- debian/patches/md-clear.patch: Define md-clear CPUID bit in
src/cpu/cpu_map.xml.
- CVE-2018-12126, CVE-2018-12127, CVE-2018-12130, CVE-2019-11091
-- Marc Deslauriers <email address hidden> Tue, 14 May 2019 15:13:18 -0400
Available diffs
libvirt (5.0.0-1ubuntu2.1) disco-security; urgency=medium
* SECURITY UPDATE: Add support for md-clear functionality
- debian/patches/ubuntu/md-clear.patch: Define md-clear CPUID bit in
src/cpu_map/x86_features.xml.
- CVE-2018-12126, CVE-2018-12127, CVE-2018-12130, CVE-2019-11091
-- Marc Deslauriers <email address hidden> Tue, 14 May 2019 14:48:05 -0400
Available diffs
libvirt (4.0.0-1ubuntu8.9) bionic; urgency=medium
* d/p/ubuntu/lp-1823676-Use-the-correct-vm-def-on-cold-attach.patch:
fix issues attaching scsi adapters without explicit index (LP: #1823676)
-- Christian Ehrhardt <email address hidden> Wed, 10 Apr 2019 15:14:09 +0200
Available diffs
libvirt (1.3.1-1ubuntu10.25) xenial-security; urgency=medium
* SECURITY UPDATE: NULL pointer dereference in qemuAgentGetInterfaces
- debian/patches/CVE-2019-3840.patch: require a reply in
src/qemu/qemu_agent.c.
- CVE-2019-3840
-- Marc Deslauriers <email address hidden> Wed, 13 Mar 2019 08:10:12 -0400
Available diffs
libvirt (4.0.0-1ubuntu8.8) bionic-security; urgency=medium
* SECURITY UPDATE: NULL pointer dereference in qemuAgentGetInterfaces
- debian/patches/CVE-2019-3840.patch: require a reply in
src/qemu/qemu_agent.c.
- CVE-2019-3840
-- Marc Deslauriers <email address hidden> Wed, 13 Mar 2019 08:09:33 -0400
Available diffs
| 76 → 150 of 750 results | First • Previous • Next • Last |
