-
libvirt (9.6.0-1ubuntu1.1) mantic-security; urgency=medium
* SECURITY UPDATE: off-by-one in udevListInterfacesByStatus()
- debian/patches/CVE-2024-1441.patch: properly check count in
src/interface/interface_backend_udev.c.
- CVE-2024-1441
* SECURITY UPDATE: crash in RPC library
- debian/patches/CVE-2024-2494.patch: check values in
src/remote/remote_daemon_dispatch.c, src/rpc/gendispatch.pl.
- CVE-2024-2494
* SECURITY UPDATE: null pointer deref in udevConnectListAllInterfaces()
- debian/patches/CVE-2024-2496.patch: fix udev_device_get_sysattr_value
return value check in src/interface/interface_backend_udev.c.
- CVE-2024-2496
-- Marc Deslauriers <email address hidden> Fri, 12 Apr 2024 13:40:18 -0400
-
libvirt (9.6.0-1ubuntu1) mantic; urgency=medium
* Merge with Debian unstable (LP: #2018082). Remaining changes:
- Disable libssh2 support (universe dependency)
- d/control: add libzfslinux-dev to build-deps
- d/control: drop libvirt-lxc, vbox and xen drivers to suggest
- debian/patches/ubuntu/ovmf_paths.patch: adjust paths to secboot.fd UEFI
Secure Boot enabled variants of the OVMF firmware and variable store for
the paths where we ship these files in Ubuntu.
- Set qemu-group to kvm (for compat with older ubuntu)
- Additional apport package-hook
- Autostart default bridged network (As upstream does, but not Debian).
In addition to just enabling it our solution provides:
+ do not autostart if subnet is already taken (e.g. in guests).
+ iterate some alternative subnets before giving up
- d/p/ubuntu/Allow-libvirt-group-to-access-the-socket.patch: This is
the group based access to libvirt functions as it was used in Ubuntu
for quite a long time.
+ d/p/ubuntu/daemon-augeas-fix-expected.patch fix some related tests
due to the group access change.
+ d/libvirt-daemon-system.postinst: add users in sudo to the libvirt
group.
- Update README.Debian with Ubuntu changes
- d/p/ubuntu/ubuntu_machine_type.patch: accept ubuntu types as pci440fx
- fix autopkgtests (LP 1899180)
+ d/t/control, d/t/smoke-qemu-session: fixup smoke-qemu-session by making
vmlinuz available and accessible (Debian bug 848314)
+ d/t/control: fix smoke-qemu-session by ensuring the service will run
installing libvirt-daemon-system
+ d/t/smoke-lxc: fix smoke-lxc by ignoring potential issues on destroy as
long as the following undefine succeeds
+ d/t/smoke-lxc: use systemd instead of sysV to restart the service
+ d/t/control, d/t/smoke-lxc: retry service restart and skip test if
failing; This was flaky on some release/architectures
+ d/t/smoke-lxc: retry check_domain being flaky on arm64
- dnsmasq related enhancements
+ run dnsmasq as libvirt-dnsmasq (LP 1743718)
+ d/libvirt-daemon-system.postinst: add libvirt-dnsmasq user and group
+ d/libvirt-daemon-system.postrm: remove libvirt-dnsmasq user and group
on purge
+ d/p/ubuntu/dnsmasq-as-priv-user: write dnsmasq config with user
libvirt-dnsmasq and adapt the self tests to expect that config
+ d/libvirt-daemon-system.postinst: fix old libvirt-dnsmasq users group
+ Add dnsmasq configuration to work with system wide dnsmasq-base
- d/p/ubuntu/set-default-machine-to-ubuntu.patch: to select default
machine type correctly with newer qemu/libvirt
- d/p/ubuntu/lp-1861125-ubuntu-models: recognize Ubuntu models for
(LP 1861125) fixups
- d/p/ubuntu/wait-for-qemu-kvm.patch - avoid hangs on startup (LP 1887592)
- d/libvirt-daemon-system.libvirt-guests.default: shut guests down
in parallel
- Apparmor Delta that is Ubuntu specific or yet to be upstreamed
split into logical pieces. File names in debian/patches/ubuntu-aa/:
+ 0020-virt-aa-helper-ubuntu-storage-paths.patch:
apparmor, virt-aa-helper: Allow various storage pools and image
locations
+ 0029-appmor-libvirt-qemu-Add-9p-support.patch: appmor,
libvirt-qemu: Add 9p support
+ 0031-virt-aa-helper-Ask-for-no-deny-rule-for-readonly-dis.patch:
virt-aa-helper: Ask for no deny rule for readonly disk
+ 0032-apparmor-libvirt-qemu-Allow-reading-charm-specific-c.patch:
apparmor, libvirt-qemu: Allow reading charm-specific ceph config
+ 0033-UBUNTU-only-apparmor-for-kvm.powerpc-LP-1680384.patch: allow
commands executed by ubuntu only kvm wrapper on ppc64el
(LP 1686621 LP 1680384 LP 1784023)
+ 0034-apparmor-virt-aa-helper-access-for-snapped-nova.patch:
apparmor, virt-aa-helper: access for snapped nova
+ lp-1815910-allow-vhost-hotplug.patch: avoid apparmor issues
with vhost-net/vhost-vsock/vhost-scsi hotplug (LP 1815910)
- libvirt should not use user/group tss for swtpm (LP 1948880)
+ d/libvirt-daemon-system.postinst: own swtpm logdir by user swtpm
+ d/p/u/swtpm-by-swtpm-user.patch: change default spawned swtpm processes
to user swtpm and adapt expected self test result changes triggered by
this
+ d/libvirt-daemon-system.postinst: create user/group swtpm if not present
due to swtpm-tools (LP 1951975)
- revert "libvirt-daemon-system: Drop polkit rules in legacy pkla format"
because policykit-1 > 121 isn't yet ready to go to main in lunar.
(LP #2008830)
- d/control: Use libc6-dev instead of libc-dev as a build dependency
- d/libvirt-clients.lintian-overrides: Add script-not-executable lintian
override
* Dropped changes:
- d/p/CVE-2023-3750.patch: Remove - fixed upstream
- revert "libvirt-daemon-system: Drop polkit rules in legacy pkla format"
This has been restored to match Debian because policykit-1 is now at
a version greater than 121 in mantic
* Modified changes:
- libvirt-uri.sh, d/rules: Automatically switch default libvirt URI
for users via user profile (xen URI on dom0, qemu:///system otherwise)
+ Update: Set LIBVIRT_DEFAULT_URI to "qemu:///system" in all
cases, do not set to "xen:///" (LP #2027838)
-- Lena Voytek <email address hidden> Mon, 14 Aug 2023 14:16:30 -0700
-
libvirt (9.5.0-2ubuntu2) mantic; urgency=medium
* Merge from Debian Unstable. Remaining changes:
- libvirt-uri.sh, d/rules: Automatically switch default libvirt URI
for users via user profile (xen URI on dom0, qemu:///system otherwise)
- Disable libssh2 support (universe dependency)
- d/control: add libzfslinux-dev to build-deps
- d/control: drop libvirt-lxc, vbox and xen drivers to suggest
- debian/patches/ubuntu/ovmf_paths.patch: adjust paths to secboot.fd UEFI
Secure Boot enabled variants of the OVMF firmware and variable store for
the paths where we ship these files in Ubuntu.
- Set qemu-group to kvm (for compat with older ubuntu)
- Additional apport package-hook
- Autostart default bridged network (As upstream does, but not Debian).
In addition to just enabling it our solution provides:
+ do not autostart if subnet is already taken (e.g. in guests).
+ iterate some alternative subnets before giving up
- d/p/ubuntu/Allow-libvirt-group-to-access-the-socket.patch: This is
the group based access to libvirt functions as it was used in Ubuntu
for quite a long time.
+ d/p/ubuntu/daemon-augeas-fix-expected.patch fix some related tests
due to the group access change.
+ d/libvirt-daemon-system.postinst: add users in sudo to the libvirt
group.
- Update README.Debian with Ubuntu changes
- d/p/ubuntu/ubuntu_machine_type.patch: accept ubuntu types as pci440fx
- fix autopkgtests (LP 1899180)
+ d/t/control, d/t/smoke-qemu-session: fixup smoke-qemu-session by making
vmlinuz available and accessible (Debian bug 848314)
+ d/t/control: fix smoke-qemu-session by ensuring the service will run
installing libvirt-daemon-system
+ d/t/smoke-lxc: fix smoke-lxc by ignoring potential issues on destroy as
long as the following undefine succeeds
+ d/t/smoke-lxc: use systemd instead of sysV to restart the service
+ d/t/control, d/t/smoke-lxc: retry service restart and skip test if
failing; This was flaky on some release/architectures
+ d/t/smoke-lxc: retry check_domain being flaky on arm64
- dnsmasq related enhancements
+ run dnsmasq as libvirt-dnsmasq (LP: 1743718)
+ d/libvirt-daemon-system.postinst: add libvirt-dnsmasq user and group
+ d/libvirt-daemon-system.postrm: remove libvirt-dnsmasq user and group
on purge
+ d/p/ubuntu/dnsmasq-as-priv-user: write dnsmasq config with user
libvirt-dnsmasq and adapt the self tests to expect that config
+ d/libvirt-daemon-system.postinst: fix old libvirt-dnsmasq users group
+ Add dnsmasq configuration to work with system wide dnsmasq-base
- d/p/ubuntu/set-default-machine-to-ubuntu.patch: to select default
machine type correctly with newer qemu/libvirt
- d/p/ubuntu/lp-1861125-ubuntu-models: recognize Ubuntu models for
(LP 1861125) fixups
- d/p/ubuntu/wait-for-qemu-kvm.patch - avoid hangs on startup (LP 1887592)
- d/libvirt-daemon-system.libvirt-guests.default: shut guests down
in parallel
- Apparmor Delta that is Ubuntu specific or yet to be upstreamed
split into logical pieces. File names in debian/patches/ubuntu-aa/:
+ 0020-virt-aa-helper-ubuntu-storage-paths.patch:
apparmor, virt-aa-helper: Allow various storage pools and image
locations
+ 0029-appmor-libvirt-qemu-Add-9p-support.patch: appmor,
libvirt-qemu: Add 9p support
+ 0031-virt-aa-helper-Ask-for-no-deny-rule-for-readonly-dis.patch:
virt-aa-helper: Ask for no deny rule for readonly disk
+ 0032-apparmor-libvirt-qemu-Allow-reading-charm-specific-c.patch:
apparmor, libvirt-qemu: Allow reading charm-specific ceph config
+ 0033-UBUNTU-only-apparmor-for-kvm.powerpc-LP-1680384.patch: allow
commands executed by ubuntu only kvm wrapper on ppc64el
(LP 1686621 LP 1680384 LP 1784023)
+ 0034-apparmor-virt-aa-helper-access-for-snapped-nova.patch:
apparmor, virt-aa-helper: access for snapped nova
+ lp-1815910-allow-vhost-net.patch: avoid apparmor issues
with vhost-net/vhost-vsock/vhost-scsi hotplug (LP: 1815910)
- libvirt should not use user/group tss for swtpm (LP 1948880)
+ d/libvirt-daemon-system.postinst: own swtpm logdir by user swtpm
+ d/p/u/swtpm-by-swtpm-user.patch: change default spawned swtpm processes
to user swtpm and adapt expected self test result changes triggered by
this
+ d/libvirt-daemon-system.postinst: create user/group swtpm if not present
due to swtpm-tools (LP 1951975)
- revert "libvirt-daemon-system: Drop polkit rules in legacy pkla format"
because policykit-1 > 121 isn't yet ready to go to main in lunar.
(LP: #2008830)
- SECURITY UPDATE: denial of service via improper locking
+ debian/patches/CVE-2023-3750.patch: fix returning of locked objects
from virStoragePoolObjListSearch in src/conf/virstorageobj.c.
+ CVE-2023-3750
* Dropped changes [upstream now]:
- SECURITY UPDATE: DoS via memleak in SR-IOV PCI device capabilities
+ debian/patches/CVE-2023-2700.patch: resolve leak in
virPCIVirtualFunctionList cleanup in src/util/virpci.c.
+ CVE-2023-2700
libvirt (9.5.0-2) unstable; urgency=medium
[ Pino Toscano ]
* [2adb625] Enable the glusterfs storage driver only on 64bit architectures
libvirt (9.5.0-1) unstable; urgency=medium
* [cd75481] New upstream version 9.5.0
libvirt (9.4.0-1) experimental; urgency=medium
* [98c5c4c] New upstream version 9.4.0
* [d0f1ab7] patches: Drop debian/Debianize-systemd-service-files.patch
- Changes to the upstream build system make these
Debian-specific modifications no longer necessary
libvirt (9.3.0-2) experimental; urgency=medium
* [4e3ec2a] links: Link /usr/share/doc/* to /usr/share/doc/libvirt0
- The documentation directory for all binary packages (except
for libvirt-doc) is now a symlink to that of libvirt0, which
means that we no longer install 20+ copies of the same files
libvirt (9.3.0-1) experimental; urgency=medium
* [45efa38] New upstream version 9.3.0
- Closes: #1024504
libvirt (9.2.0-2) experimental; urgency=medium
[ Andrea Bolognani ]
* [4d3b6ff] debconf: Add Spanish translation
- Thanks to Jonathan Bustillos (Closes: #986773)
* [5dbd337] debconf: Add Italian translation
- Thanks to Ceppo (Closes: #1019161)
* [23c7d71] debconf: Add Romanian translation
- Thanks to Remus-Gabriel Chelu (Closes: #1032335)
* [faef0ca] patches: Drop forward/Skip-vircgrouptest.patch
- Should no longer be needed
[ Pino Toscano ]
* [351123e] Limit architectures with RBD support
- No longer attempt to build the RBD storage driver on Linux
architectures where Ceph itself is not built (e.g. ppc64)
* [689bbe6] control: switch libc6-dev B-D to libc-dev
- Should make libvirt buildable on architectures that don't
have libc6-dev (e.g. ia64)
libvirt (9.2.0-1) experimental; urgency=medium
* [62fdd34] New upstream version 9.2.0
libvirt (9.1.0-1) experimental; urgency=medium
* [92a1704] New upstream version 9.1.0
* [7c31663] patches: Re-enable passt support
* [85c31f2] patches: Drop backports
* [1268425] rules: Add missing dependencies for libvirt-clients-qemu
-- Simon Quigley <email address hidden> Wed, 26 Jul 2023 12:52:15 -0500
-
libvirt (9.5.0-2ubuntu1) mantic; urgency=medium
* Merge from Debian Unstable. Remaining changes:
- libvirt-uri.sh, d/rules: Automatically switch default libvirt URI
for users via user profile (xen URI on dom0, qemu:///system otherwise)
- Disable libssh2 support (universe dependency)
- d/control: add libzfslinux-dev to build-deps
- d/control: drop libvirt-lxc, vbox and xen drivers to suggest
- debian/patches/ubuntu/ovmf_paths.patch: adjust paths to secboot.fd UEFI
Secure Boot enabled variants of the OVMF firmware and variable store for
the paths where we ship these files in Ubuntu.
- Set qemu-group to kvm (for compat with older ubuntu)
- Additional apport package-hook
- Autostart default bridged network (As upstream does, but not Debian).
In addition to just enabling it our solution provides:
+ do not autostart if subnet is already taken (e.g. in guests).
+ iterate some alternative subnets before giving up
- d/p/ubuntu/Allow-libvirt-group-to-access-the-socket.patch: This is
the group based access to libvirt functions as it was used in Ubuntu
for quite a long time.
+ d/p/ubuntu/daemon-augeas-fix-expected.patch fix some related tests
due to the group access change.
+ d/libvirt-daemon-system.postinst: add users in sudo to the libvirt
group.
- Update README.Debian with Ubuntu changes
- d/p/ubuntu/ubuntu_machine_type.patch: accept ubuntu types as pci440fx
- fix autopkgtests (LP 1899180)
+ d/t/control, d/t/smoke-qemu-session: fixup smoke-qemu-session by making
vmlinuz available and accessible (Debian bug 848314)
+ d/t/control: fix smoke-qemu-session by ensuring the service will run
installing libvirt-daemon-system
+ d/t/smoke-lxc: fix smoke-lxc by ignoring potential issues on destroy as
long as the following undefine succeeds
+ d/t/smoke-lxc: use systemd instead of sysV to restart the service
+ d/t/control, d/t/smoke-lxc: retry service restart and skip test if
failing; This was flaky on some release/architectures
+ d/t/smoke-lxc: retry check_domain being flaky on arm64
- dnsmasq related enhancements
+ run dnsmasq as libvirt-dnsmasq (LP: 1743718)
+ d/libvirt-daemon-system.postinst: add libvirt-dnsmasq user and group
+ d/libvirt-daemon-system.postrm: remove libvirt-dnsmasq user and group
on purge
+ d/p/ubuntu/dnsmasq-as-priv-user: write dnsmasq config with user
libvirt-dnsmasq and adapt the self tests to expect that config
+ d/libvirt-daemon-system.postinst: fix old libvirt-dnsmasq users group
+ Add dnsmasq configuration to work with system wide dnsmasq-base
- d/p/ubuntu/set-default-machine-to-ubuntu.patch: to select default
machine type correctly with newer qemu/libvirt
- d/p/ubuntu/lp-1861125-ubuntu-models: recognize Ubuntu models for
(LP 1861125) fixups
- d/p/ubuntu/wait-for-qemu-kvm.patch - avoid hangs on startup (LP 1887592)
- d/libvirt-daemon-system.libvirt-guests.default: shut guests down
in parallel
- Apparmor Delta that is Ubuntu specific or yet to be upstreamed
split into logical pieces. File names in debian/patches/ubuntu-aa/:
+ 0020-virt-aa-helper-ubuntu-storage-paths.patch:
apparmor, virt-aa-helper: Allow various storage pools and image
locations
+ 0029-appmor-libvirt-qemu-Add-9p-support.patch: appmor,
libvirt-qemu: Add 9p support
+ 0031-virt-aa-helper-Ask-for-no-deny-rule-for-readonly-dis.patch:
virt-aa-helper: Ask for no deny rule for readonly disk
+ 0032-apparmor-libvirt-qemu-Allow-reading-charm-specific-c.patch:
apparmor, libvirt-qemu: Allow reading charm-specific ceph config
+ 0033-UBUNTU-only-apparmor-for-kvm.powerpc-LP-1680384.patch: allow
commands executed by ubuntu only kvm wrapper on ppc64el
(LP 1686621 LP 1680384 LP 1784023)
+ 0034-apparmor-virt-aa-helper-access-for-snapped-nova.patch:
apparmor, virt-aa-helper: access for snapped nova
+ lp-1815910-allow-vhost-net.patch: avoid apparmor issues
with vhost-net/vhost-vsock/vhost-scsi hotplug (LP: 1815910)
- libvirt should not use user/group tss for swtpm (LP 1948880)
+ d/libvirt-daemon-system.postinst: own swtpm logdir by user swtpm
+ d/p/u/swtpm-by-swtpm-user.patch: change default spawned swtpm processes
to user swtpm and adapt expected self test result changes triggered by
this
+ d/libvirt-daemon-system.postinst: create user/group swtpm if not present
due to swtpm-tools (LP 1951975)
- revert "libvirt-daemon-system: Drop polkit rules in legacy pkla format"
because policykit-1 > 121 isn't yet ready to go to main in lunar.
(LP: #2008830)
- SECURITY UPDATE: denial of service via improper locking
+ debian/patches/CVE-2023-3750.patch: fix returning of locked objects
from virStoragePoolObjListSearch in src/conf/virstorageobj.c.
+ CVE-2023-3750
* Dropped changes [upstream now]:
- SECURITY UPDATE: DoS via memleak in SR-IOV PCI device capabilities
+ debian/patches/CVE-2023-2700.patch: resolve leak in
virPCIVirtualFunctionList cleanup in src/util/virpci.c.
+ CVE-2023-2700
libvirt (9.5.0-2) unstable; urgency=medium
[ Pino Toscano ]
* [2adb625] Enable the glusterfs storage driver only on 64bit architectures
libvirt (9.5.0-1) unstable; urgency=medium
* [cd75481] New upstream version 9.5.0
libvirt (9.4.0-1) experimental; urgency=medium
* [98c5c4c] New upstream version 9.4.0
* [d0f1ab7] patches: Drop debian/Debianize-systemd-service-files.patch
- Changes to the upstream build system make these
Debian-specific modifications no longer necessary
libvirt (9.3.0-2) experimental; urgency=medium
* [4e3ec2a] links: Link /usr/share/doc/* to /usr/share/doc/libvirt0
- The documentation directory for all binary packages (except
for libvirt-doc) is now a symlink to that of libvirt0, which
means that we no longer install 20+ copies of the same files
libvirt (9.3.0-1) experimental; urgency=medium
* [45efa38] New upstream version 9.3.0
- Closes: #1024504
libvirt (9.2.0-2) experimental; urgency=medium
[ Andrea Bolognani ]
* [4d3b6ff] debconf: Add Spanish translation
- Thanks to Jonathan Bustillos (Closes: #986773)
* [5dbd337] debconf: Add Italian translation
- Thanks to Ceppo (Closes: #1019161)
* [23c7d71] debconf: Add Romanian translation
- Thanks to Remus-Gabriel Chelu (Closes: #1032335)
* [faef0ca] patches: Drop forward/Skip-vircgrouptest.patch
- Should no longer be needed
[ Pino Toscano ]
* [351123e] Limit architectures with RBD support
- No longer attempt to build the RBD storage driver on Linux
architectures where Ceph itself is not built (e.g. ppc64)
* [689bbe6] control: switch libc6-dev B-D to libc-dev
- Should make libvirt buildable on architectures that don't
have libc6-dev (e.g. ia64)
libvirt (9.2.0-1) experimental; urgency=medium
* [62fdd34] New upstream version 9.2.0
libvirt (9.1.0-1) experimental; urgency=medium
* [92a1704] New upstream version 9.1.0
* [7c31663] patches: Re-enable passt support
* [85c31f2] patches: Drop backports
* [1268425] rules: Add missing dependencies for libvirt-clients-qemu
-- Simon Quigley <email address hidden> Wed, 26 Jul 2023 12:52:15 -0500
-
libvirt (9.0.0-2ubuntu3) mantic; urgency=medium
* SECURITY UPDATE: denial of service via improper locking
- debian/patches/CVE-2023-3750.patch: fix returning of locked objects
from virStoragePoolObjListSearch in src/conf/virstorageobj.c.
- CVE-2023-3750
-- Marc Deslauriers <email address hidden> Tue, 25 Jul 2023 09:09:55 -0400
-
libvirt (9.0.0-2ubuntu2) mantic; urgency=medium
* SECURITY UPDATE: DoS via memleak in SR-IOV PCI device capabilities
- debian/patches/CVE-2023-2700.patch: resolve leak in
virPCIVirtualFunctionList cleanup in src/util/virpci.c.
- CVE-2023-2700
-- Marc Deslauriers <email address hidden> Fri, 26 May 2023 10:05:18 -0400
-
libvirt (9.0.0-2ubuntu1) lunar; urgency=medium
* Merge 9.0.0-2 from Debian unstable (LP: #1993412)
Also resolved the ask for a rebuild against recent libxen (LP: #2004163)
Remaining changes:
- libvirt-uri.sh, d/rules: Automatically switch default libvirt URI
for users via user profile (xen URI on dom0, qemu:///system otherwise)
- Disable libssh2 support (universe dependency)
- d/control: add libzfslinux-dev to build-deps
- d/control: drop libvirt-lxc, vbox and xen drivers to suggest
- debian/patches/ubuntu/ovmf_paths.patch: adjust paths to secboot.fd UEFI
Secure Boot enabled variants of the OVMF firmware and variable store for
the paths where we ship these files in Ubuntu.
- Set qemu-group to kvm (for compat with older ubuntu)
- Additional apport package-hook
- Autostart default bridged network (As upstream does, but not Debian).
In addition to just enabling it our solution provides:
+ do not autostart if subnet is already taken (e.g. in guests).
+ iterate some alternative subnets before giving up
- d/p/ubuntu/Allow-libvirt-group-to-access-the-socket.patch: This is
the group based access to libvirt functions as it was used in Ubuntu
for quite a long time.
+ d/p/ubuntu/daemon-augeas-fix-expected.patch fix some related tests
due to the group access change.
+ d/libvirt-daemon-system.postinst: add users in sudo to the libvirt
group.
- Update README.Debian with Ubuntu changes
- d/p/ubuntu/ubuntu_machine_type.patch: accept ubuntu types as pci440fx
- fix autopkgtests (LP 1899180)
+ d/t/control, d/t/smoke-qemu-session: fixup smoke-qemu-session by making
vmlinuz available and accessible (Debian bug 848314)
+ d/t/control: fix smoke-qemu-session by ensuring the service will run
installing libvirt-daemon-system
+ d/t/smoke-lxc: fix smoke-lxc by ignoring potential issues on destroy as
long as the following undefine succeeds
+ d/t/smoke-lxc: use systemd instead of sysV to restart the service
+ d/t/control, d/t/smoke-lxc: retry service restart and skip test if
failing; This was flaky on some release/architectures
+ d/t/smoke-lxc: retry check_domain being flaky on arm64
- dnsmasq related enhancements
+ run dnsmasq as libvirt-dnsmasq (LP: 1743718)
+ d/libvirt-daemon-system.postinst: add libvirt-dnsmasq user and group
+ d/libvirt-daemon-system.postrm: remove libvirt-dnsmasq user and group
on purge
+ d/p/ubuntu/dnsmasq-as-priv-user: write dnsmasq config with user
libvirt-dnsmasq and adapt the self tests to expect that config
+ d/libvirt-daemon-system.postinst: fix old libvirt-dnsmasq users group
+ Add dnsmasq configuration to work with system wide dnsmasq-base
- d/p/ubuntu/set-default-machine-to-ubuntu.patch: to select default
machine type correctly with newer qemu/libvirt
- d/p/ubuntu/lp-1861125-ubuntu-models: recognize Ubuntu models for
(LP 1861125) fixups
- d/p/ubuntu/wait-for-qemu-kvm.patch - avoid hangs on startup (LP 1887592)
- d/libvirt-daemon-system.libvirt-guests.default: shut guests down
in parallel
- Apparmor Delta that is Ubuntu specific or yet to be upstreamed
split into logical pieces. File names in debian/patches/ubuntu-aa/:
+ 0020-virt-aa-helper-ubuntu-storage-paths.patch:
apparmor, virt-aa-helper: Allow various storage pools and image
locations
+ 0029-appmor-libvirt-qemu-Add-9p-support.patch: appmor,
libvirt-qemu: Add 9p support
+ 0031-virt-aa-helper-Ask-for-no-deny-rule-for-readonly-dis.patch:
virt-aa-helper: Ask for no deny rule for readonly disk
+ 0032-apparmor-libvirt-qemu-Allow-reading-charm-specific-c.patch:
apparmor, libvirt-qemu: Allow reading charm-specific ceph config
+ 0033-UBUNTU-only-apparmor-for-kvm.powerpc-LP-1680384.patch: allow
commands executed by ubuntu only kvm wrapper on ppc64el
(LP 1686621 LP 1680384 LP 1784023)
+ 0034-apparmor-virt-aa-helper-access-for-snapped-nova.patch:
apparmor, virt-aa-helper: access for snapped nova
+ lp-1815910-allow-vhost-net.patch: avoid apparmor issues
with vhost-net/vhost-vsock/vhost-scsi hotplug (LP: 1815910)
- libvirt should not use user/group tss for swtpm (LP 1948880)
+ d/libvirt-daemon-system.postinst: own swtpm logdir by user swtpm
+ d/p/u/swtpm-by-swtpm-user.patch: change default spawned swtpm processes
to user swtpm and adapt expected self test result changes triggered by
this
+ d/libvirt-daemon-system.postinst: create user/group swtpm if not present
due to swtpm-tools (LP 1951975)
* Dropped changes [upstream now]:
- d/p/u/tests-Fix-libxlxml2domconfigtest-with-latest-xen.patch: fix FTBFS
with latest libxl [v8.10.0]
- d/p/u/fix-swtpm-pid-duplication.patch: Clean up swtpm pids after a vm
shuts down (LP 1997269) [v8.7.0]
- d/p/u/lp-1993304-apparmor-allow-getattr-on-usb-devices.patch: prevent
apparmor denials on USB forwarding (LP 1993304) [v8.10.0]
- d/p/u/lp-1996176-nodedev-ignore-EINVAL-from-libudev-in-udevEventHandl:
tolerate the impact of too large udev data avoiding a busy loop
(LP 1996176) [v8.10.0]
- d/p/u/lp-1990499-virt-aa-helper-allow-common-riscv64-loader-paths.patch:
easen the use of riscv64 through libvirt (LP 1990499) [v8.9.0]
- d/p/u/lp-1990949-virpcivpd-reduce-errors-in-log-due-to-invalid-VPD.patch:
reduce log noise by invalid VPD data (LP 1990949) [v8.7.0]
* Dropped changes [in Debian now]:
- [f35cf09] d/rules: update path of ci-dashboard removal [8.9.0-1]
- [a54d904] New upstream version 8.6.0 [8.9.0-1]
- patch refreshes and .symbols updated from 8.5.0 -> 8.6.0 [8.9.0-1]
- d/control: suggest swtpm-tools [8.10.0-1]
* Added changes:
- revert "libvirt-daemon-system: Drop polkit rules in legacy pkla format"
because policykit-1 > 121 isn't yet ready to go to main in lunar.
(LP: #2008830)
libvirt (9.0.0-2) unstable; urgency=medium
* [de81410] patches: Add backports
- backport/qemu_domain-Don-t-unref-NULL-hash-table-in-qemuDomainRefr.patch
- Closes: #1030671
- backport/qemu-Jump-to-cleanup-label-on-umount-failure.patch
- backport/qemu_namespace-Deal-with-nested-mounts-when-umount-ing-de.patch
- backport/qemuProcessRefreshDisks-Don-t-skip-filling-of-disk-inform.patch
- backport/qemu_extdevice-Do-cleanup-host-only-for-VIR_DOMAIN_TPM_TY.patch
- backport/qemu-blockjob-Handle-pending-blockjob-state-only-when-we-.patch
- backport/rpc-client-Don-t-check-return-value-of-virNetMessageNew.patch
- backport/rpc-Don-t-warn-about-max_client_requests-in-single-thread.patch
* [699a828] patches: Disable passt support
- debian/patches/debian/Disable-passt-support.patch
- The feature is not quite ready for prime time yet, so it will remain
disabled in bookworm
libvirt (9.0.0-1) unstable; urgency=medium
* [45d077a] libvirt-daemon-system: Make default files functionally empty
- On systems running systemd, libvirtd will now follow the upstream
behavior of starting on demand via socket activation and shutting down
automatically after having been idle for 120 seconds
* [40fe229] Drop obsolete package transition logic
- The oldest version that we expect to be upgrading from is 6.0.0-1
* [5bb56e9] Drop obsolete UML-related files
- The UML driver was dropped in version 5.0.0-1
* [f9f3a4d] New upstream version 9.0.0
* [30dad26] patches: Drop obsolete backports
* [157a5ec] patches: Add backports
- backport/apparmor-Allow-umount-dev.patch
- backport/qemu_interface-Fix-managed-no-case-when-creating-an-ether.patch
* [94f11a4] libvirt-daemon-sysv: Remove dependency on lsb-base
- The package is obsolete
libvirt (8.10.0-3) unstable; urgency=medium
[ Michael Biebl ]
* [4d6db56] Replace manual maintscript code with dh_installsystemd
- No longer needed now that #994204 has been addressed
- Closes: #1021956
* [91d9ac0] Drop no longer supported static priorities from dh_installinit
[ Smits Katze ]
* [60b2ca1] libnss-libvirt: Update apt seccomp filter
- Allow getdents64() in addition to getdents()
- Thanks to Thomas Luzat
- Closes: #934474
[ Andrea Bolognani ]
* [b9b2923] libvirt-daemon-system: Depend on polkitd instead of policykit-1
- Makes it possible to not install / uninstall pkexec
- Closes: #1025578
* [c62b8b2] libvirt-daemon-system: Drop polkit rules in legacy pkla format
- Makes it possible to not install / uninstall polkitd-pkla
* [8c5870d] control: Bump Standards-Version to 4.6.2
- No changes needed
libvirt (8.10.0-2) experimental; urgency=medium
* [145e4fe] patches: Add backports
- backport/docs-Fix-typo-in-virt-qemu-sev-validate-1.patch
- backport/tools-Fix-interpreter-for-virt-qemu-sev-validate.patch
- backport/tools-Fix-style-issues-in-virt-qemu-sev-validate.patch
* [409e40a] libvirt-clients-qemu: New binary package
- Contains QEMU-specific tools
- Depends on Python
* [bf99e82] libvirt-l10n: New binary package
- Contains translations
- Can be safely uninstalled to reduce disk footprint
libvirt (8.10.0-1) unstable; urgency=medium
[ Guido Günther ]
* [efe753f] qemu: Recommend swtpm for TPM emulation (Closes: #1009972)
[ Andrea Bolognani ]
* [7dc1e3c] New upstream version 8.10.0
libvirt (8.9.0-1) unstable; urgency=medium
* [981c332] New upstream version 8.9.0
* [3f29856] control: Add (build) dependency on mount
- Closes: #1023420
-- Christian Ehrhardt <email address hidden> Wed, 01 Mar 2023 07:56:39 +0100
