-
libvirt (0.7.0-1ubuntu13.3) karmic-security; urgency=low
* SECURITY UPDATE: debian/patches/9902-CVE-2011-1146.patch: Add missing
checks for read only connections.
- CVE-2011-1146
-- Jamie Strandboge <email address hidden> Tue, 15 Mar 2011 16:23:44 -0500
-
libvirt (0.7.0-1ubuntu13.2) karmic-security; urgency=low
* SECURITY UPDATE: force qemu-img backing stores creation to have a defined
disk format.
- debian/patches/CVE-2010-2239: explicitly set the user defined backing
store format when creating a new image
- CVE-2010-2239
* SECURITY UPDATE: fix to disallow privileged users in guests from accessing
privileged resources, such as NFS
- debian/patches/9901-CVE-2010-2242.patch: set iptables masqerading rules
to use ports 1024-65535
- CVE-2010-2242
-- Jamie Strandboge <email address hidden> Wed, 01 Sep 2010 14:55:47 -0500
-
libvirt (0.7.0-1ubuntu13.1) karmic-proposed; urgency=low
* debian/patches/9093-lp460271.patch: require absolute path for dynamic
added files (LP: #460271)
* debian/patches/9094-lp453335.patch: suppress confusing and misleading
apparmor denied message when kvm/qemu tries to open a libvirt specified
readonly file (such as a cdrom) with write permissions. libvirt uses the
readonly attribute for the security driver only, and has no way of telling
kvm/qemu that the device should be opened readonly. (LP: #453335)
* debian/apparmor/usr.sbin.libvirtd: allow 'inet dgram' for migration to
work (LP: #461528)
* debian/apparmor/usr.sbin.libvirtd: properly support qemu+tcp:// by
allowing 'inet6 stream' and 'inet6 dgram' (LP: #462000)
-- Jamie Strandboge <email address hidden> Mon, 09 Nov 2009 17:12:32 -0600
-
libvirt (0.7.0-1ubuntu13) karmic; urgency=low
* allow save/restore to work in $HOME. This is a workaround until upstream
https://bugzilla.redhat.com/show_bug.cgi?id=529363 is fixed. (LP: #457716)
* debian/libvirt-bin.cron.daily: don't comlain if no domain XML definitions
or domain AppArmor profiles. Based on work by Loïc Minier. (LP: #457607)
-- Jamie Strandboge <email address hidden> Fri, 23 Oct 2009 03:52:33 -0500
-
libvirt (0.7.0-1ubuntu12) karmic; urgency=low
* debian/apparmor/libvirt-qemu: a couple more fixes for pulseaudio
LP: #453329
-- Jamie Strandboge <email address hidden> Fri, 16 Oct 2009 17:06:15 -0500
-
libvirt (0.7.0-1ubuntu11) karmic; urgency=low
* debian/patches/9091-apparmor.patch:
- src/virt-aa-helper.c: update to parse XML for guest's architecture and
os.type rather than just trying to make something up.
- tests/virt-aa-helper-test: add some tests for the above and fix another
test
- LP: #448671
-- Jamie Strandboge <email address hidden> Wed, 14 Oct 2009 14:55:20 -0500
-
libvirt (0.7.0-1ubuntu10) karmic; urgency=low
* debian/patches/0005-Close-logfile-fd-after-spawning-qemu.patch: fix
egregious file descriptor leak with cherry-pick from upstream git,
LP: #438815
-- Dustin Kirkland <email address hidden> Tue, 06 Oct 2009 18:57:22 -0500
-
libvirt (0.7.0-1ubuntu9) karmic; urgency=low
* allow access for sound (LP: #437854)
- abstractions/libvirt-qemu: add very specific rules for allowing ALSA. We
do not use the audio abstraction because the virtual machine runs as root
and therefore DAC cannot be used as a fallback.
- debian/README.Debian: add some text to encourage review of the AppArmor
profiles and abstraction when using in production environments
* debian/libvirt-bin.cron.daily: added to clean out old profiles that are no
longer associated with a virtual machine definition (LP: #438165)
* debian/patches/9091-apparmor.patch:
- quote the pid, monitor and logfile in case any of them have weird
characters (complete fix for LP: #432810)
- support <readonly/> for disks
-- Jamie Strandboge <email address hidden> Mon, 05 Oct 2009 16:31:12 -0500
-
libvirt (0.7.0-1ubuntu8) karmic; urgency=low
* debian/patches/9091-apparmor.patch: sync with upstream for maintenance,
licensing compliance with upstream and bug fixes:
- handle files with spaces in the name (LP: #432810)
- add serial, console, kernel and initrd support (LP: #432581)
- allow read only access to /boot, /vmlinuz and /initrd.img
- allow access to character devices (eg USB devices)
- have virt-aa-helper accept XML on stdin, which allows for adding
other devices in the future and helps ensure we always have the most
up to date definition
- update profile on attach and detach of devices (LP: #435527)
- add --dryrun option to virt-aa-helper, and greatly improve the
virt-aa-helper-test script
* revert workaround for LP: #431090 now that kernel, initrd, et al is
properly supported
* debian/apparmor/usr.sbin.libvirtd: add various capabilities
recommended by upstream to prevent potential regressions
-- Jamie Strandboge <email address hidden> Tue, 22 Sep 2009 20:04:58 -0500
-
libvirt (0.7.0-1ubuntu7) karmic; urgency=low
* debian/apparmor/libvirt-qemu: add chown capability (LP: #434417)
-- Jamie Strandboge <email address hidden> Tue, 22 Sep 2009 08:03:21 -0500
-
libvirt (0.7.0-1ubuntu6) karmic; urgency=low
* debian/apparmor/libvirt-qemu: workaround eucalyptus serial console,
kernel and initrd location. This should be removed after virt-aa-helper is
able to get these from XML. (LP: #431090)
-- Jamie Strandboge <email address hidden> Thu, 17 Sep 2009 11:35:42 -0500
-
libvirt (0.7.0-1ubuntu5) karmic; urgency=low
* debian/apparmor/usr.sbin.libvirtd: switch to enforcing by default. Please
note that this was only in complain mode temporarily to work around kernel
bugs in the 2.6.31-9 kernel. Confinement of virtual machines (controlled
by /etc/apparmor.d/libvirt/TEMPLATE) was already in enforcing mode.
(LP: #427338)
* debian/README.Debian: update AppArmor section based on the upstream
documentation
-- Jamie Strandboge <email address hidden> Thu, 10 Sep 2009 08:05:45 -0500
-
libvirt (0.7.0-1ubuntu4) karmic; urgency=low
* debian/libvirt-bin.postinst: add each admin user to libvirtd,
LP: #410226; note that this is only a partial fix, as admin users
added after libvirt's install will need to be individually added
to libvirtd; however, this should fix a huge number of
single-admin-user-in-default-Ubuntu-system annoyances
* debian/control: bump standards version
-- Dustin Kirkland <email address hidden> Tue, 08 Sep 2009 17:56:52 -0500
-
libvirt (0.7.0-1ubuntu3) karmic; urgency=low
* debian/apparmor/libvirt-qemu: allow access to /dev/kqemu
* debian/apparmor/usr.bin.virt-aa-helper: use @{PROC} instead of /proc
-- Jamie Strandboge <email address hidden> Wed, 26 Aug 2009 12:19:24 -0500
-
libvirt (0.7.0-1ubuntu2) karmic; urgency=low
* Add AppArmor support (LP: #388422):
- debian/patches/9090-reenable-nonfile-labels.patch: add back in
virDomainObjPtr argument to RestoreSecurityImageLabel since AppArmor
labels are not stored on disk
- debian/patches/9091-apparmor.patch: add AppArmor security driver
- debian/patches/9092-apparmor-autoreconf.patch: after installing libtool
and the build dependencies, run autoreconf to pull in changes to
Makefile.am and configure.in in 9091-apparmor.patch
- debian/rules: use --with-apparmor and copy debian/apparmor/* to
debian/tmp
- debian/control: Build-Depends on libapparmor-dev and Suggests apparmor
>= 2.3+1289-0ubuntu14
- add profiles and abstractions to debian/apparmor. usr.sbin.libvirtd will
default to complain mode until LP: #401931 is sorted out
- debian/libvirt-bin.dirs: add /etc/apparmor.d/libvirt,
/etc/apparmor.d/abstractions, and /etc/apparmor.d/force-complain
- debian/libvirt-bin.install: install profiles and abstractions
- debian/libvirt-bin.preinst: newly added to force complain on certian
upgrades
- debian/libvirt-bin.postinst: (re)load profile
- debian/libvirt-bin.postrm: remove force-complain profile on purge
* 9006-increase-unix-socket-timeout.patch:
increase timeout waiting for unix socket in src/qemu_driver.c, set to 30
seconds, which 10x longer than before, and matches the logoutput timeout
adjustment in 9003-increase-logoutput-timeout.patch. This is needed with
the new qemudOpenMonitorUnix() function introduced in 0.7.0.
* add apport hook:
- add debian/libvirt-bin.apport
- debian/libvirt-bin.dirs: add /usr/share/apport/package-hooks
- debian/libvirt-bin.install: add source_libvirt-bin.py
- debian/rules: install libvirt-bin.apport
libvirt (0.7.0-1ubuntu1) karmic; urgency=low
* Merge from debian experimental, remaining changes:
- debian/control:
+ Don't build-depend on QEmu.
+ Bump bridge-utils, dnsmasq-base, netcat-openbsd, and iptables
to Depends of libvirt-bin.
+ Add versioned Conflicts/Replaces to libvirt0 for libvirt0-dbg,
since we used to ship them as such.
+ We call libxen-dev libxen3-dev, so change all references.
+ Build-Depends on open-iscsi-utils instead of open-iscsi due to
LP: #414986
- 9000-delayed_iff_up_bridge.patch:
Don't try to bring up the bridge before at least one interface has been
added to it.
- 9001-dont_clobber_existing_bridges.patch:
Assign the name of the virtual bridge dynamically to avoid interfering
with existing bridges.
- 9002-better_default_uri_virsh.patch:
Default to qemu:///system if the user has write access to the libvirt
socket, otherwise qemu:///session.
- 9003-increase-logoutput-timeout.patch:
increase timeout waiting for log output in src/qemu_driver.c, set to 30
seconds, which 10x longer than before, and matches the disk-wait in
mdadm. (LP #344400)
- 9004-better-default-arch.patch:
If a domain does not specify its architecture, attempt to match the host.
(LP #344913)
- 9005-libvirtd-group-name.patch:
Rename libvirt group to libvirtd.
- rename the libvirt group to libvirtd in postinst/postrm
* Dropped the following patches from debian/patches (they don't apply any
more were not applied in 0.6.4-1ubuntu2):
- dynamic_bridge_names.patch
- event-loop-hang.diff
- more-flexible-emulator-on-x86.patch
- xen-events-handling-fix.diff
libvirt (0.7.0-1) experimental; urgency=low
[ Laurent Léonard ]
* [4fb1a38] Imported Upstream version 0.7.0
* [5578fd3] Drop 0005-Fix-PCI-device-hotplug-unplug-with-newer-
QEMU.patch. Fixed upstream.
* [9a8afd0] Redo patches.
* [937ab63] Update symbols.
* [b4bd1ea] Update section in doc-base control file.
libvirt (0.6.5-3) unstable; urgency=low
* [72a8eb6] Add a versioned dependency on dpkg-dev (Closes: #537316)
* [ae20998] fix Debian Xen path patch to also cover the testsuite
* [b2a1c47] New patch 0001-Fix-PCI-device-hotplug-unplug-with-newer-
QEMU.patch pulled from upstream 326ecb7. Fixes PCI hotplug with
newer kvm.
libvirt (0.6.5-2) unstable; urgency=low
* [45b9fdf] build-conflict on dpkg-dev (= 1.15.3) (Closes: #536673)
libvirt (0.6.5-1) unstable; urgency=low
[ Guido Günther ]
* [05e9a39] build-depend on policykit so polkit auth works with virsh
as well
[ C.J. Adams-Collier ]
* [a161c5f] allow to qemu to emulate arm
[ Guido Günther ]
* [b1e4c4b] Imported Upstream version 0.6.5
* [e764583] change private symbols to 0.6.5
* [f94fb48] drop 0005-allow-to-qemu-to-emulate-arm.patch fixed upstream.
* [7ad7896] bump standards version
* [e2c5867] tighten libvirt-bin's dependency on libvirt0 since libvirtd uses
private symbols
-- Jamie Strandboge <email address hidden> Tue, 25 Aug 2009 11:51:42 -0500
-
libvirt (0.6.4-1ubuntu2) karmic; urgency=low
* Also rename the libvirt group to libvirtd in postinst/postrm.
(LP: #392696)
-- Soren Hansen <email address hidden> Fri, 26 Jun 2009 22:49:45 +0200
-
libvirt (0.6.4-1ubuntu1) karmic; urgency=low
* Merge from debian unstable, remaining changes:
- debian/control:
+ Don't build-depend on QEmu.
+ Add "XS-Debian-" prefix to Debian's Vcs headers.
+ Bump bridge-utils, dnsmasq-base, netcat-openbsd, and iptables
to Depends of libvirt-bin.
+ s/interract/interact/g
+ Add versioned Conflicts/Replaces to libvirt0 for libvirt0-dbg,
since we used to ship them as such.
- 9000-delayed_iff_up_bridge.patch:
Don't try to bring up the bridge before at least one interface has been
added to it.
- 9001-dont_clobber_existing_bridges.patch
Assign the name of the virtual bridge dynamically to avoid interfering
with existing bridges.
- 9002-better_default_uri_virsh.patch:
Default to qemu:///system if the user has write access to the libvirt
socket, otherwise qemu:///session.
- 9003-increase-logoutput-timeout.patch:
increase timeout waiting for log output in src/qemu_driver.c, set to 30
seconds, which 10x longer than before, and matches the disk-wait in
mdadm. (LP #344400)
- 9004-better-default-arch.patch:
If a domain does not specify its architecture, attempt to match the host.
(LP #344913)
- 9005-libvirtd-group-name.patch:
Rename libvirt group to libvirtd.
- We call libxen-dev libxen3-dev, so change all references.
libvirt (0.6.4-1) unstable; urgency=low
* [dd3adb2] Imported Upstream version 0.6.4
* [2320162] update symbols file
* [89c9720] remove bashism (Closes: #530122)
* [30d86c1] drop patches fixed upstream:
0005-don-t-crash-with-def-NULL.patch
0006-Fix-QEMU-ARGV-detection-with-kvm-85.patch
0007-Declare-support-for-QEMU-migration-in-capabilities.patch
libvirt (0.6.3-4) unstable; urgency=low
* [3607f2f] Install libvirt_lxc that got list somewhere between our
testbuilds. (Closes: #529578)
* [070ddd5] install augeas lense
* [c9b034d] install schema files
libvirt (0.6.3-3) unstable; urgency=low
* [4087b7d] disable lxc on ia64 to work around FTBFS until we have
access to a test machine
* [df5f5a0] pull some kvm/qemu related patches from upstream
(Closes: #529324)
libvirt (0.6.3-2) unstable; urgency=low
* [35898d3] fix crash when libvirt_lxc is called without arguments
* [449ca60] enable lxc support (Closes: #526718) - thanks to Daniel
Pittman for testing this
* [335a4e6] update description with supported virtualization solutions
* [92eba47] delay libvirt-bin start until after avahi
* [8ebd17d] update startup priorities due to changed libvirt-bin
startup priority. Also add an LSB header. (Closes: #526944)
libvirt (0.6.3-1) unstable; urgency=low
* [0cb2f83] Imported Upstream version 0.6.3
* virtual box support
* [06fe518] 0001-remove-RHism.diff.patch: use invoke-rc.d
* [ec2fd52] drop patches merged upstream:
* 0003-allow-libvirt-group-to-access-the-socket.patch series
* 0004-fix-Debian-specific-path-to-hvm-loader.patch
* [6977bde] enable vbox support
* [93c4423] add symbols file
libvirt (0.6.2-2) unstable; urgency=low
* [031b9c1] Don't hardcode buffer size for getgrnam_r. Works around
#520744 and fixes possible problems with implementations having
_SC_GETGR_R_SIZE_MAX != 1024.
* [bbe7743] respect log priority for qemu domain logs (Closes: #524145)
* [a2e4cb0] don't rely on log_end_msg returning 0 this isn't the case
with splashy. (Closes: #523712)
* [ddfafda] move debug package into section debug
libvirt (0.6.2-1) unstable; urgency=low
* [99fd06c] Imported Upstream version 0.6.2 (Closes: #521785)
* [78cd5c8] drop /var/run/libvirt created by init script
* [2a7cb3b] move startup of libvirtd after hal (Closes: #522310)
* [b8707ed] bump standards version 0.8.1 (no changes necessary)
libvirt (0.6.1-1) unstable; urgency=low
* [3be7341] Imported Upstream version 0.6.1
* [38fde15] rediff Debian specific patches
* [9b59a19] drop patches applied upstream:
* 0004-Don-t-hardcode-ssh-port.patch
* 0005-minimal-workaround-for-qemu-startup-race.patch
* [95d4b7f] drop patches backported from upstream
* 0009-libvirt_proxy-Fix-use-of-uninitalized-memory.patch
* [8171d83] build-dep on module-init-tools so configure can figure out
the path to modprobe
-- Soren Hansen <email address hidden> Mon, 22 Jun 2009 11:14:57 +0200
-
libvirt (0.6.1-0ubuntu5) jaunty; urgency=low
* Fix logic error when applying %d bridge name rewriting. (LP: #350780)
-- Soren Hansen <email address hidden> Thu, 16 Apr 2009 20:48:49 +0200