-
libvirt (1.1.1-0ubuntu8.11) saucy-security; urgency=medium
* SECURITY UPDATE: LXC driver unsafe path use under /proc/$PID/root
- debian/patches/CVE-2013-6456.patch: refactor code in
src/lxc/lxc_driver.c, src/util/virinitctl.c, src/util/virinitctl.h,
added some new helpers to src/util/{virprocess.*,virfile.*,
virstoragefile.c}, src/libvirt_private.syms, src/conf/domain_conf.c.
- CVE-2013-6456
* SECURITY UPDATE: denial of service via SPICE migration
- debian/patches/CVE-2013-7336.patch: enter monitor asynchronously in
src/qemu/qemu_migration.c.
- CVE-2013-7336
-- Marc Deslauriers <email address hidden> Mon, 05 May 2014 14:16:58 -0400
-
libvirt (1.1.1-0ubuntu8.10) saucy-proposed; urgency=medium
* remove lp1264465/* as it did not pass verification
libvirt (1.1.1-0ubuntu8.9) saucy-proposed; urgency=medium
* fix badly applied patch
0001-qemu-hotplug-only-label-hostdev-after-checking-device-conflicts
libvirt (1.1.1-0ubuntu8.8) saucy-proposed; urgency=medium
[ Stefan Bader ]
* debian/patches/ubuntu-xend-probe.patch: Fix search path for xen-toolstack
command (LP: #1248025)
* debian/patches/libxl-fix-dom0-detection.patch: Check contents of
/proc/xen/capabilities to decide whether running in dom0. (LP: #1248025)
[ Serge Hallyn ]
* debian/libvirt-dev.install: add libvirt-lxc.so (LP: #1287232)
-- Serge Hallyn <email address hidden> Thu, 17 Apr 2014 09:57:23 -0500
-
libvirt (1.1.1-0ubuntu8.9) saucy-proposed; urgency=medium
* fix badly applied patch
0001-qemu-hotplug-only-label-hostdev-after-checking-device-conflicts
libvirt (1.1.1-0ubuntu8.8) saucy-proposed; urgency=medium
[ Stefan Bader ]
* debian/patches/ubuntu-xend-probe.patch: Fix search path for xen-toolstack
command (LP: #1248025)
* debian/patches/libxl-fix-dom0-detection.patch: Check contents of
/proc/xen/capabilities to decide whether running in dom0. (LP: #1248025)
[ Serge Hallyn ]
* debian/libvirt-dev.install: add libvirt-lxc.so (LP: #1287232)
* d/p/lp1264465: cherrypick upstream patches to fix usb hotplug by
vendor/product (LP: #1264465)
-- Serge Hallyn <email address hidden> Thu, 27 Mar 2014 16:52:55 -0500
-
libvirt (1.1.1-0ubuntu8.8) saucy-proposed; urgency=medium
[ Stefan Bader ]
* debian/patches/ubuntu-xend-probe.patch: Fix search path for xen-toolstack
command (LP: #1248025)
* debian/patches/libxl-fix-dom0-detection.patch: Check contents of
/proc/xen/capabilities to decide whether running in dom0. (LP: #1248025)
[ Serge Hallyn ]
* debian/libvirt-dev.install: add libvirt-lxc.so (LP: #1287232)
* d/p/lp1264465: cherrypick upstream patches to fix usb hotplug by
vendor/product (LP: #1264465)
-- Serge Hallyn <email address hidden> Tue, 25 Mar 2014 14:01:04 -0500
-
libvirt (1.1.1-0ubuntu8.7) saucy-proposed; urgency=medium
* cherrypick d/p/add-a-mutex-to-serialize-updates-to-firewall from
upstream to complete the concurrency issue fix (LP: #1228977)
libvirt (1.1.1-0ubuntu8.6) saucy-proposed; urgency=medium
* Cherrypick upstream patches to fix concurrency race (LP: #1228977)
-- Serge Hallyn <email address hidden> Mon, 10 Mar 2014 11:22:20 -0500
-
libvirt (1.1.1-0ubuntu8.6) saucy-proposed; urgency=medium
* Cherrypick upstream patches to fix concurrency race (LP: #1228977)
-- Serge Hallyn <email address hidden> Tue, 04 Mar 2014 18:41:17 -0600
-
libvirt (1.1.1-0ubuntu8.5) saucy-security; urgency=medium
* SECURITY UPDATE: denial of service via lxc guest and virsh memtune
- debian/patches/CVE-2013-6436.patch: make sure domain is active in
src/lxc/lxc_driver.c.
- CVE-2013-6436
* SECURITY UPDATE: denial of service via job usage issues in several APIs
- debian/patches/CVE-2013-6458.patch: fix races in
src/qemu/qemu_driver.c.
- CVE-2013-6458
* SECURITY UPDATE: information disclosure via incorrect permission checks
- debian/patches/CVE-2014-0028.patch: properly apply acls to events in
src/access/viraccessperm.h, src/conf/domain_event.*,
src/libxl/libxl_driver.c, src/lxc/lxc_driver.c,
src/qemu/qemu_driver.c, src/remote/remote_driver.c,
src/remote/remote_protocol.x, src/test/test_driver.c,
src/uml/uml_driver.c, src/vbox/vbox_tmpl.c, src/xen/xen_driver.c.
- CVE-2014-0028
* SECURITY UPDATE: denial of service via keepalive feature
- debian/patches/CVE-2014-1447.patch: make sure connection isn't closed
in src/rpc/virnetserverclient.c.
- CVE-2014-1447
* SECURITY UPDATE: denial of service via reading libxl guest numa tables
- debian/patches/CVE-2013-6457.patch: avoid invalid free in
src/libxl/libxl_driver.c.
- CVE-2013-6457
* This package does _not_ contain the changes from 1.1.1-0ubuntu8.3
in saucy-proposed.
-- Marc Deslauriers <email address hidden> Wed, 22 Jan 2014 16:28:51 -0500
-
libvirt (1.1.1-0ubuntu8.3) saucy-proposed; urgency=medium
* d/a/usr.lib.libvirt.virt-aa-helper: add
/var/lib/nova/instances/snapshots/** r to allow virt-aa-helper to read
the snapshot directory to find images which VMs should be granted access
to. (LP: #1244694)
-- Serge Hallyn <email address hidden> Thu, 09 Jan 2014 16:42:18 -0600
-
libvirt (1.1.1-0ubuntu8.2) saucy-proposed; urgency=low
* add d/p/util_use_w_flag_when_calling_iptables.patch (LP: #1245322)
* debian/apparmor/libvirt-qemu: allow access to usb info (LP: #1245251)
* debian/apparmor/libvirt-qemu: allow access to hugepages mounts
(LP: #1250216)
-- Serge Hallyn <email address hidden> Thu, 14 Nov 2013 10:09:24 -0600
-
libvirt (1.1.1-0ubuntu8.1) saucy-security; urgency=low
* SECURITY UPDATE: incorrect permission checks in the
virConnectDomainXMLToNative API
- debian/patches/CVE-2013-4401.patch: ensure proper permissions in
src/libvirt.c, src/remote/remote_protocol.x.
- CVE-2013-4401
-- Marc Deslauriers <email address hidden> Wed, 06 Nov 2013 12:47:03 -0500
-
libvirt (1.1.1-0ubuntu8) saucy; urgency=low
* SECURITY UPDATE: denial of service via invalid free in
virFileNBDDeviceAssociate.
- debian/patches/CVE-2013-4297.patch: properly initialize qemunbd in
src/util/virfile.c.
- CVE-2013-4297
-- Marc Deslauriers <email address hidden> Wed, 02 Oct 2013 13:35:14 -0400
-
libvirt (1.1.1-0ubuntu7) saucy; urgency=low
* fix-crash-in-libvirtd-when-events: make sure to remove all event
callbacks when a client disconnects from libvirtd.
-- Serge Hallyn <email address hidden> Wed, 02 Oct 2013 08:14:53 -0500
-
libvirt (1.1.1-0ubuntu6) saucy; urgency=low
* SECURITY UPDATE: possible privilege escalation via pkcheck race.
- debian/patches/CVE-2013-4311.patch: add uid to pkcheck call in
configure.ac, daemon/remote.c, src/access/viraccessdriverpolkit.c,
src/rpc/virnetserverclient.c, src/util/viridentity.*.
- debian/rules: use DEB_AUTO_UPDATE_AUTOCONF and
DEB_AUTO_UPDATE_AUTOHEADER.
- debian/control: specify version of policykit-1 security update, add
libpolkit-gobject-1-dev to Build-Depends.
- CVE-2013-4311
* SECURITY UPDATE: denial of service in remoteDispatchDomainMemoryStats
- debian/patches/CVE-2013-4296.patch: properly initialize stats in
daemon/remote.c.
- CVE-2013-4296
-- Marc Deslauriers <email address hidden> Tue, 24 Sep 2013 19:25:55 -0400
-
libvirt (1.1.1-0ubuntu5) saucy; urgency=low
* add-bounds-checking-on-virdomainmigrate: upstream patch for CVE-2013-4292
* security-provide-supplemental-groups: upstream patch for CVE-2013-4291
-- Serge Hallyn <email address hidden> Mon, 09 Sep 2013 13:16:43 -0500
-
libvirt (1.1.1-0ubuntu4) saucy; urgency=low
* apply all patches from v1.1.1-maint
* cherrypick xen-use-internal-interfaces-in-xendomainusedcpus from upstream
git.
-- Serge Hallyn <email address hidden> Thu, 22 Aug 2013 10:57:20 -0500
-
libvirt (1.1.1-0ubuntu3) saucy; urgency=low
* debian/apparmor/usr.sbin.libvirtd: Include the system bus abstraction in
the libvirtd AppArmor profile as libvirtd connects to the D-Bus system bus
-- Tyler Hicks <email address hidden> Tue, 20 Aug 2013 09:07:17 -0700
-
libvirt (1.1.1-0ubuntu2) saucy; urgency=low
* debian/patches/fix-remote-client-segfault.patch: Fix segfault when
using a remote client.
-- Chuck Short <email address hidden> Mon, 19 Aug 2013 10:33:08 -0400
-
libvirt (1.1.1-0ubuntu1) saucy; urgency=low
[ Chuck Short ]
* New usptream version:
- Dropped:
+ debian/patches/CVE-2013-2218-fix-crash-listing-network-interfaces-with-filters:
no longer needed.
+ debian/patches/ubuntu-xen-hypervisor-4.3.patch: no longer needed.
+ debian/patches/ubuntu-xen-fix-api-deadlocks.patch: no longer needed.
- Rediffed:
+ debian/patches/Don-t-enable-default-network-on-boot.patch
+ debian/patches/9005-increase-unix-socket-timeout.patch
[ Stefan Bader ]
* Add apparmor rights to call into /usr/lib/xen-common/bin/xen-toolstack
to figure out which one is active.
* debian/patches/ubuntu-xend-probe.patch: Fix failure to detect
whether Xen uses xm/xend toolstack or xl/libxl. Avoid running
"xend status" as we do not package that in a pbublic path.
-- Chuck Short <email address hidden> Thu, 15 Aug 2013 17:23:21 +0000
-
libvirt (1.0.6-0ubuntu4) saucy; urgency=low
* ubuntu-xen-fix-api-deadlocks.patch (LP: #1191782)
Fix the deadlocks in the xen driver when doing a dumpxml for active
domains.
* ubuntu-libxl-qemu-nopath.patch
Create libxl configurations without paths for qemu-dm and hvmloader.
The Xen toolstack can figure this out.
* ubuntu-xen-hypervisor-4.3.patch
Update the xen driver to handle the new sysctl and domctl versions
in Xen-4.3.
* Add apparmor definitions to execute scripts in /etc/xen/scrips as
the libxl driver calls out to them (with the xen/xm driver this was
done by the xen toolstack and communication with that was through
a socket).
-- Stefan Bader <email address hidden> Tue, 16 Jul 2013 10:59:11 +0200
-
libvirt (1.0.6-0ubuntu3) saucy; urgency=low
* debian/apparmor/usr.lib.libvirt.virt-aa-helper: allow owner read of
@{PROC}/[0-9]*/status
-- Jamie Strandboge <email address hidden> Mon, 15 Jul 2013 10:28:42 -0500
-
libvirt (1.0.6-0ubuntu2) saucy; urgency=low
* Apply CVE-2013-2218-fix-crash-listing-network-interfaces-with-filters.
-- Serge Hallyn <email address hidden> Fri, 28 Jun 2013 13:13:20 -0500
-
libvirt (1.0.6-0ubuntu1) saucy; urgency=low
* New upstream relase.
+ Dropped patches:
- debian/patches/vnc-socket.patch: Dropped no longer needed.
- debian/patches/Add-sanitytest.py.patch: Dropped no longer needed.
* debian/libvirt-bin.postinst: Make sure qemu.conf isn't world readable
by default.
-- Chuck Short <email address hidden> Mon, 03 Jun 2013 11:27:02 -0500
-
libvirt (1.0.5-0ubuntu1) saucy; urgency=low
* New upstream release:
+ Dropped patches:
- debian/patches/fix-virterror-namechange
- debian/patches/apparmor-use-apparmor-setfdlabel
- debian/patches/prevent-lxc-shutdown-host.patch
- debian/patches/apparmor-no-need-to-check-security-model
- debian/patches/nonblock-fix.patch
+ Refreshed patches:
- debian/patches/9002-better_default_uri_virsh.patch
- debian/patches/enable-kvm-spice.patch
- debian/patches/patch-qemuMonitorTextGetMigrationStatus-to-intercept.patch
* debian/patches/Add-sanitytest.py.patch: Add patch to fix missing sanitytest.py
when building the testsuite.
* debian/libvirt-dev.install: dont't ship files for static linking.
-- Chuck Short <email address hidden> Thu, 02 May 2013 10:21:49 -0500
-
libvirt (1.0.2-0ubuntu12) saucy; urgency=low
* debian/libvirt-bin.{dirs,install}: install dnsmasq.d-available/libvirt-bin
(LP: #1113821)
-- Serge Hallyn <email address hidden> Mon, 29 Apr 2013 07:38:07 -0500
-
libvirt (1.0.2-0ubuntu11) raring; urgency=low
* debian/patches/nonblock-fix.patch: cherrypicked upstream patch to
not mark qemu migration fd non-blocking. This fixes tcp live
migration. (LP: #1157626)
-- Serge Hallyn <email address hidden> Thu, 18 Apr 2013 10:43:26 -0500